2017-09-04  Richard W.M. Jones  <rjones@redhat.com>

	vmx: Expose VMware Managed Object Reference (moref) in XML.
	If you use the VDDK library to access virtual machines remotely, you
	really need to know the Managed Object Reference ("moref") of the VM.
	This must be passed each time you connect to the API.

	For example nbdkit's VDDK plugin requires a moref to be passed to
	mount up a VM's disk remotely:

	 nbdkit vddk user=root password=+/tmp/rootpw \
	             server=esxi.example.com thumbprint=xx:xx:xx:... \
	             vm=moref=2 \
	             file="[datastore1] Fedora/Fedora.vmdk"

	Getting the moref is a huge pain.  To get some idea of what it is, why
	it is needed, and how much trouble it is to get it, see:
	https://blogs.vmware.com/vsphere/2012/02/uniquely-identifying-virtual-machines-in-vsphere-and-vcloud-part-1-overview.html
	https://blogs.vmware.com/vsphere/2012/02/uniquely-identifying-virtual-machines-in-vsphere-and-vcloud-part-2-technical.html

	However the moref is available conveniently in the internals of the
	libvirt VMX driver.  This patch exposes it as a custom XML element
	using the same "vmware:" namespace which was previously used for the
	datacenterpath (see libvirt commit 636a99058758a044).

	It appears in the XML like this:

	<domain type='vmware' xmlns:vmware='http://libvirt.org/schemas/domain/vmware/1.0'>
	  <name>Fedora</name>
	...
	  <vmware:datacenterpath>ha-datacenter</vmware:datacenterpath>
	  <vmware:moref>2</vmware:moref>
	</domain>

	Note that the moref can appear as either a simple ID (for esx://
	connections) or as a "vm-<ID>" (for vpx:// connections).  It should be
	treated by users as an opaque string.

2017-09-02  John Ferlan  <jferlan@redhat.com>

	docs: Remove <code> from <summary> entries due to RNG error
	commit '96e55048' caused make check failure for virschematest:

	1929) Checking ../docs/news.xml against ../news.rng                     ... libvirt: XML Util error : XML document failed to validate against schema: Unable to validate doc against /home/jferlan/git/libvirt.work/docs/schemas/../news.rng
	Datatype element summary has child elements
	Element summary failed to validate content
	Datatype element summary has child elements
	Element summary failed to validate content
	^[[31m^[[1mFAILED^[[0m

	That's because <code> elements don't appear to be allowed in the schema.
	Rather than attempt to fix the schema, figured it was simpler to just
	remove them and let the schema fix happen later.

2017-09-02  Andrea Bolognani  <abologna@redhat.com>

	news: Prepare for 3.7.0 release
	Documents some changes that have slipped through the cracks
	during the development cycle.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-09-02  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	docs: Document managedsave-edit commands support
	This patch documents support for managedsave-dumpxml,
	managedsave-define and managedsave-edit commands.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-09-01  Peter Krempa  <pkrempa@redhat.com>

	news: Add stuff for 3.7.0

2017-09-01  Michal Privoznik  <mprivozn@redhat.com>

	virnetdaemon: Don't deadlock when talking to D-Bus
	https://bugzilla.redhat.com/show_bug.cgi?id=1487322

	In ace45e67abbd I tried to fix a problem that we get the reply to
	a D-Bus call while we were sleeping. In that case the callback
	was never set. So I changed the code that the callback is called
	directly in this case. However, I hadn't realized that since the
	callback is called out of order it locks the virNetDaemon.
	Exactly the very same virNetDaemon object that we are dealing
	with right now and that we have locked already (in
	virNetDaemonAddShutdownInhibition())

2017-09-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: handle -1 for pid in qemuDomainGetMachineName
	We call qemuDomainGetMachineName on domain start. On first
	start (after daemon start) pid is 0 and virSystemdGetMachineNameByPID
	don't get called. But after domain shutting down pid became -1 so
	on next start virSystemdGetMachineNameByPID is called and returned an error.
	Error is ignored so it is not critical. But at least on my system
	(systemd-219 with extra patches) systemd-machined is crashed on
	this request.

	This behaviour is triggered by eaf2c9f89.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-09-01  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Forbid rx/tx_queue_size change explicitly
	https://bugzilla.redhat.com/show_bug.cgi?id=1484230

	When updating a virtio enabled vNIC and trying to change either
	of rx_queue_size or tx_queue_size success is reported although no
	operation is actually performed. Moreover, there's no way how to
	change these on the fly. This is due to way we check for changes:
	explicitly for each struct member. Therefore it's easy to miss
	one.

2017-08-31  Shuang He  <shuang.he@zstack.io>

	docs: Add entry for ZStack to apps page

2017-08-31  Pavel Hrdina  <phrdina@redhat.com>

	news: add an entry for chardev reconnect feature

2017-08-30  John Ferlan  <jferlan@redhat.com>

	storage: Use virStorageBackendRefreshVolTargetUpdate after wipeVol
	https://bugzilla.redhat.com/show_bug.cgi?id=1437797

	Rather than using refreshVol which essentially only updates the
	allocation, capacity, and permissions for the volume, but not
	the format which does get updated in a pool refresh - let's use
	the same helper that pool refresh uses in order to update the
	volume target.

2017-08-30  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStorageBackendRefreshVolTargetUpdate
	Create a separate function to handle the volume target update
	via probe processing.

2017-08-30  Pavel Hrdina  <phrdina@redhat.com>

	qemu: set bind mode for chardev while parsing XML
	Currently while parsing domain XML we clear the UNIX path if it matches
	one of the auto-generated paths by libvirt.  After that when the guest
	is started new path is generated but the mode is also changed to "bind".

	In the real-world use-case the mode should not change, it only happens
	if a user provides a mode='connect' and path that matches one of the
	auto-generated path or not provides a path at all.

	Before *reconnect* feature was introduced there was no issue, but with
	the new feature we need to make sure that it's used only with "connect"
	mode, therefore we need to move the mode change into parsing in order
	to have a proper error reported by validation code.

2017-08-30  Pavel Hrdina  <phrdina@redhat.com>

	tests: don't use unix socket path that matches auto-generated path
	The test was introduced by 60135b22db6d.

	The auto-generated path is removed by post-parse callback which
	also changes the mode from "connect" to "bind" since the auto-generated
	path makes sense only for "bind" mode.

2017-08-30  Pavel Hrdina  <phrdina@redhat.com>

	conf: add reconnect to virDomainChrSourceDef(Copy|IsEqual)
	Missed by 9aa72a6dd5b3.

	tests: remove unused file
	Introduced by 95fd63b1700d.

2017-08-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS test suites with gnutls 3.6.0
	With gnutls 3.6.0, SHA1 is no longer accepted for certificate
	signatures. We must usw SHA256 instead.

2017-08-30  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	doc: Fix docs/news.xml structure

2017-08-30  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix virnetsockettest after SSH command line changes
	Commit e4cb8500810a changed the way ssh command line is created by
	adding '--' before the hostname in order to fix a potential security
	flaw.  However it failed to modify the tests, so let's do that.

2017-08-30  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document yet another limitation of tx_queue_size
	https://bugzilla.redhat.com/show_bug.cgi?id=1484234

	Turns out, only vhostuser type of interfaces are supported
	currently.

2017-08-29  Daniel P. Berrange  <berrange@redhat.com>

	rpc: avoid ssh interpreting malicious hostname as arguments
	Inspired by the recent GIT / Mercurial security flaws
	(http://blog.recurity-labs.com/2017-08-10/scm-vulns),
	consider someone/something manages to feed libvirt a bogus
	URI such as:

	  virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system

	In this case, the hosname "-oProxyCommand=gnome-calculator"
	will get interpreted as an argument to ssh, not a hostname.
	Fortunately, due to the set of args we have following the
	hostname, SSH will then interpret our bit of shell script
	that runs 'nc' on the remote host as a cipher name, which is
	clearly invalid. This makes ssh exit during argv parsing and
	so it never tries to run gnome-calculator.

	We are lucky this time, but lets be more paranoid, by using
	'--' to explicitly tell SSH when it has finished seeing
	command line options. This forces it to interpret
	"-oProxyCommand=gnome-calculator" as a hostname, and thus
	see a fail from hostname lookup.

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Also treat directories properly when using namespaces
	When recreating folders with namespaces, the directory type was not
	being handled at all.  It's not special, we probably just didn't know
	that that can be used as a volume path as well.  The code failed
	gracefully, but we want to allow that so that we can use <disk
	type='dir'> in domains again.

	Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't mangle the storage format for type='dir'
	Our backing probing code handles directory file types properly in
	virStorageFileGetMetadataRecurse(), by that I mean it leaves them
	alone.  However its caller, the virStorageFileGetMetadata() resets the
	type to raw before probing, without even checking the type.  We need
	to special-case TYPE_DIR in order to achieve desired results.

	Also, in order to properly test this, we need to stop resetting format
	of volumes in tests for TYPE_DIR (probably the reason why we didn't
	catch that and why the test data didn't need to be modified).

	Partially-resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1443434

2017-08-29  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	virsh: Implement managedsave-edit command
	Add a simple virsh command handler which makes use of the new API.

	virsh: Implement managedsave-dumpxml command
	Add a simple virsh command handler which makes use of the new API.

	virsh: Implement managedsave-define command
	Add a simple virsh command handler which makes use of the new API.

	qemu: Implement qemuDomainManagedSaveDefineXML
	This commit adds qemu driver implementation to edit xml
	configuration of managed save state file of a domain.

	qemu: Implement qemuDomainManagedSaveGetXMLDesc
	This commit adds qemu driver implementation to get xml description
	for managed save state domain.

	lib: Add API to edit domain's managed save state xml configuration
	Similar to domainSaveImageDefineXML this commit adds domainManagedSaveDefineXML
	API which allows to edit domain's managed save state xml configuration.

	lib: Add API to dump xml configuration of managed save state domain
	Similar to domainSaveImageGetXMLDesc this commit adds domainManagedSaveGetXMLDesc
	API which allows to get the xml of managed save state domain.

2017-08-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Honour <on_reboot/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1476866

	For some reason, we completely ignore <on_reboot/> setting for
	domains. The implementation is simply not there. It never was.

2017-08-29  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUndefineFlags: Grab QEMU_JOB_MODIFY
	This API is definitely modifying state of @vm. Therefore it
	should grab a job.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce and use qemuDomainRemoveInactiveJob
	At some places we either already have synchronous job or we just
	released it. Also, some APIs might want to use this code without
	having to release their job. Anyway, the job acquire code is
	moved out to qemuDomainRemoveInactiveJob so that
	qemuDomainRemoveInactive does just what it promises.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	conf: Clean up and report error in virDomainGenerateMachineName

	conf: Clean up and report error in virDomainCapsFormat

	util: Use virBufferCheckError to its full potential.
	We can now check for the error and not care about the return value as
	it will be properly handled in virBufferContentAndReset() anyway.

	util: Umark virBufferCheckErrorInternal as ATTRIBUTE_RETURN_CHECK
	The function is useful even without using the return value.  And if
	needed, the return value can be obtained by other calls as well.  The
	potential for clean-up can be seen in the following patch.

	docs: Update news with domain name bug fixes

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Use short domain name in qemuDomainGetPreservedMountPath
	Otherwise longer domain names might generate paths that are too long
	to be created.  This follows what other parts of the code do as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453194

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	conf: Properly truncate wide character names in virDomainObjGetShortName
	We always truncated the name at 20 bytes instead of characters.  In
	case 20 bytes were in the middle of a multi-byte character, then the
	string became invalid and various parts of the code would error
	out (e.g. XML parsing of that string).  Let's instead properly
	truncate it after 20 characters instead.

	We cannot test this in our test suite because we would need to know
	what locales are installed on the system where the tests are ran and
	if there is supported one (most probably there will be, but we cannot
	be 100% sure), we could initialize gettext in qemuxml2argvtest, but
	there would still be a chance of getting two different (both valid,
	though) results.

	In order to test this it is enough to start a machine with a name for
	which trimming it after 20 bytes would create invalid sequence (e.g.
	1234567890123456789č where č is any multi-byte character).  Then start
	the domain and restart libvirtd.  The domain would disappear because
	such illegal sequence will not go through the XML parser.  And that's
	not a bug of the parser, it should not be in the XML in the first
	place, but since we don't use any sophisticated formatter, just
	mash some strings together, the formatting succeeds.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1448766

2017-08-29  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Honour --readonly with cmdConnect and no name
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436042

	docs: Update news with virtio-vga/gpu's max_outputs= parameter

	qemu: Add support for virtio-vga/gpu's max_outputs= parameter
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449712

	qemu: Add capabilities for virtio-vga/gpu's max_outputs= parameter

2017-08-29  Pavel Hrdina  <phrdina@redhat.com>

	tests: add qemu chardev source reconnect tests

2017-08-29  Pavel Hrdina  <phrdina@redhat.com>

	qemu: implement chardev source reconnect
	The reconnect attribute for chardev devices in QEMU is used to
	configure the reconnect timeout in seconds.  Setting '0' value disables
	the reconnect functionality thus we don't allow to set '0' for QEMU.
	To disable the reconnect user should use <reconnect enabled='no'/>.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1254971

2017-08-29  Pavel Hrdina  <phrdina@redhat.com>

	tests: add generic xml chardev source reconnect tests

	conf: introduce reconnect element for chardev source

	qemu: introduce QEMU_CAPS_CHARDEV_RECONNECT

2017-08-28  John Ferlan  <jferlan@redhat.com>

	network: Fix virNetworkObjBridgeInUse return type
	Rather than an int, it returns a bool - so let's define it that way

2017-08-28  John Ferlan  <jferlan@redhat.com>

	Revert "interface: Consume @def in virInterfaceObjNew"
	This reverts commit 92840eb3a7e47cdf761e52afccc41d2a35327fbd.

	More recent reviews/changes don't have the vir*ObjNew APIs
	consuming the @def, so remove from Interface as well. Changes
	needed to also deal with conflicts from commit id '46f5eca4'.

2017-08-28  Eric Blake  <eblake@redhat.com>

	maint: correct quoting for gl_WARN_ADD
	3 out of 4 uses of gl_WARN_ADD() were incorrectly adding "" around
	the argument, which in turn resulted in the argument being used
	unquoted (configure had gl_positive=""-fstack-protector-all"",
	rather than the intended gl_positive="-fstack-protector-all").

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-08-28  Erik Skultety  <eskultet@redhat.com>

	daemon: logging: Fix --verbose option being ignored by the daemon
	Commit 94c465d0 refactored the logging setup phase but introduced an
	issue, where the daemon ignores verbose mode when there are no outputs
	defined and the default must be used. The problem is that the default
	output was determined too early, thus ignoring the potential '--verbose'
	option taking effect. This patch postpones the creation of the default
	output to the very last moment when nothing else can change. Since the
	default output is only created during the init phase, it's safe to leave
	the pointer as NULL for a while, but it will be set eventually, thus not
	affecting runtime.
	Patch also adjusts both the other daemons.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1442947

2017-08-28  Andrea Bolognani  <abologna@redhat.com>

	qemu: Handle host devices not being available better
	We can't retrieve the isolation group of a device that's not present
	in the system. However, it's very common for VFs to be created late
	in the boot, so they might not be present yet when libvirtd starts,
	which would cause the guests using them to disappear.

	Moreover, for other architectures and even ppc64 before isolation
	groups were introduced, it's considered perfectly fine to configure a
	guest to use a device that's not yet (or no longer) available to the
	host, with the obvious caveat that such a guest won't be able to
	start before the device is available.

	In order to be consistent, when a device's isolation group can't be
	determined fall back to not isolating it rather than erroring out or,
	worse, making the guest disappear.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1484254

2017-08-28  Pavel Hrdina  <phrdina@redhat.com>

	conf: don't close the source element inside different function
	While formatting disk or chardev element they both uses
	virDomainDiskSourceDefFormatSeclabel() function which also closes
	the source element.  This is not extendable.

	Use the new virXMLFormatElement() to properly format the source
	element with possible child elements.

	As a side effect it fixes a bug in disk source formatting.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-28  Pavel Hrdina  <phrdina@redhat.com>

	util: introduce virXMLFormatElement helper
	This helper allows you to better structurize the code if some element
	may or may not contains attributes and/or child elements.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-28  Pavel Hrdina  <phrdina@redhat.com>

	util: introduce virBufferSetChildIndent macro
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-28  Erik Skultety  <eskultet@redhat.com>

	maint: Update to latest gnulib
	This pulls in, among other new things, vc-list-files fix to make
	syntax-check work with git worktrees.

2017-08-27  Cole Robinson  <crobinso@redhat.com>

	conf: add virDomainVideoDefNew
	To handle setting a default heads value. Convert callers that were
	doing it by hand

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-27  Cole Robinson  <crobinso@redhat.com>

	qemu: domain: Move some validation out of DeviceDefPostParse
	And into DeviceDefValidate which is the expected place

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-27  Cole Robinson  <crobinso@redhat.com>

	qemu: parse: drop redundant video config
	The ram/vram = 0 bits aren't needed, and PostParse will fill in the
	needed QXL default

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-27  Cole Robinson  <crobinso@redhat.com>

	qemu: Remove remnants of xenner support
	Both of these are dead code: qemu_command.c explicitly rejects
	VIRT_XEN earlier in the call chain, and qemu_parse_command.c
	will never set VIRT_XEN anymore

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-26  Scott Garfinkle  <scottgar@linux.vnet.ibm.com>

	docs: document migrate-getmaxdowntime support

	virsh: Add support for virDomainMigrateGetMaxDowntime
	Implement a migrate-getmaxdowntime command to complement migrate-setmaxdowntime.

	qemu: Implement virDomainMigrateGetMaxDowntime
	Add code to support querying maximum allowable downtime during live migration.

	Add virDomainMigrateGetMaxDowntime public API
	Add virDomainMigrateGetMaxDowntime to support querying maximum allowable
	downtime during live migration.

2017-08-25  Andrea Bolognani  <abologna@redhat.com>

	qemu: Report error on failure to set isolation group
	This is more user-friendly because the error will be
	displayed directly instead of being buried in the log.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-08-25  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virt-host-validate: Fix warning for IOMMU detection on PPC
	Fix the warning generated on PPC by virt-host-validate for IOMMU.
	In case of PPC, IOMMU in the host kernel either has it or it's not
	compiled in. The /sys/kernel/iommu_groups check is good enough to
	verify if it was compiled with the kernel or not.

	Modify the error message when "if (sb.st_nlink <= 2)" to indicate
	what the problem would be since there would be no @bootarg.

2017-08-24  Erik Skultety  <eskultet@redhat.com>

	Revert "maint: Update to latest gnulib"
	Revert @f8172388c which broke the build on Centos 6, because of old
	autoconf (< 2.63b) not properly quoting arguments for shell.

2017-08-24  George Dunlap  <george.dunlap@citrix.com>

	libxl: Avoid a variable named 'stat'
	Using a variable named 'stat' clashes with the system function
	'stat()' causing compiler warnings on some platforms:

	libxl/libxl_driver.c: In function 'libxlDomainBlockStatsVBD':
	libxl/libxl_driver.c:5387: error: declaration of 'stat' shadows a global declaration [-Wshadow]
	/usr/include/sys/stat.h:455: error: shadowed declaration is here [-Wshadow]

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-08-24  Erik Skultety  <eskultet@redhat.com>

	maint: Update to latest gnulib
	This pulls in, among other new things, vc-list-files fix to make
	syntax-check work with git worktrees.

2017-08-24  Ján Tomko  <jtomko@redhat.com>

	vmx: do not treat controllers as implicit devices
	When parsing the config, we look for the SCSI controllers one by one,
	remembering their models, then let virDomainDefAddImplicitDevices
	add them if any SCSI disk is using them.

	Since these controllers are not really implicit (they are present
	in the source config), add them explicitly.

	This patch maintains the behavior of not adding a controller
	if it was present in the config, but no disk was using it.

	This also resolves the memory leak of virVMXParseConfig overwriting
	the video device added by calling virDomainDefAddImplicitDevices
	before the parsing is finished.

	Reported-by: Michal Privoznik <mprivozn@redhat.com>

2017-08-24  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: build fix
	6e6faf6d changed vzDomObjAlloc signature in source but not in header file.

2017-08-24  Ján Tomko  <jtomko@redhat.com>

	conf: check address type for USB hostdevs
	https://bugzilla.redhat.com/show_bug.cgi?id=1225339

2017-08-24  Ján Tomko  <jtomko@redhat.com>

	conf: move hostdev address validation to virDomainHostdevDefValidate
	For selected hostdev types, we validate that the address type
	matches the subsystem type when parsing the XML.

	Move it to the validation phase, to allow extending the checks
	to other subsystem types without making existing domains disappear.

2017-08-23  John Ferlan  <jferlan@redhat.com>

	tests: Fix leak in securityselinuxtest
	If we jump to the error: label and @secbuf is allocated, then it's not
	free'd at all.

	Found by Coverity

2017-08-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: support disabled items in vz boot order
	At the time the check was written virtuozzo did not use disabled items in boot
	order configuration. Boot items were always enabled. Now they can be disabled
	as well. Supporting such items is easy - they just should be ignored.

2017-08-23  Andrea Bolognani  <abologna@redhat.com>

	docs: Define anchors correctly in pci-hotplug
	HTML5 obsoletes the 'name' attribute in favor of 'id',
	and our TOC generator apparently follows the recommendation
	to the letter, resulting in a broken TOC if you use the
	old-school attribute.

2017-08-22  Ján Tomko  <jtomko@redhat.com>

	conf: do not count per-device boot elements when parsing <os><boot>
	When parsing bootable devices, we maintain a bitmap of used
	<boot order=""> elements. Use it in the post-parse function
	to figure out whether the user tried to mix per-device and
	per-domain boot elements.

	This removes the need to count them twice.

2017-08-22  Ján Tomko  <jtomko@redhat.com>

	conf: create a thin wrapper above virDomainDefPostParse
	Rename the original function to virDomainDefPostParseInternal
	to allow adding arguments that will be only used by the internal
	version.

	conf: rename virDomain*PostParseInternal to virDomain*PostParseCommon
	These functions contain the post-parse steps common for all drivers.
	Rename it to use the 'Common' prefix, instead of the vagueness
	of 'Internal', leaving 'Internal' available for other vague uses.

2017-08-22  Pavel Hrdina  <phrdina@redhat.com>

	conf: move chardev validation into virDomainDeviceDefValidateInternal

	conf: separate PTY chardev source parsing
	There is no reason why to share the same code for PTY and other file
	based chardev source types.

	conf: move FILE chardev source parsing to separate function

	conf: assign parsed strings directly into chardev source definition
	Since the source element is parsed only once for these type of
	character devices we don't have to use temporary variable and
	check whether the variable was already set.

	conf: move UNIX chardev source parsing to separate function

	conf: move UDP chardev source parsing to separate function
	The extra check whether (connect|bind)(Host|Service) was set is
	required because for UDP chardev there can be two source elements.
	Without the check there could be a memory leak.

	conf: move TCP chardev source parsing to separate function

	conf: move mode parsing of chardev source to separate function

	conf: move chardev log parsing to separate function

	conf: move chardev protocol parsing to separate function
	In order to ensure that the default protocol is RAW, explicitly
	assigning VIR_DOMAIN_CHR_TCP_PROTOCOL_RAW = 0.

	conf: error out for multiple protocol elements while parsing chardev
	Remove check whether a variable was already set because the element
	is parsed only once now.

	conf: error out for multiple log elements while parsing chardev
	Remove check whether a variable was already set because the element
	is parsed only once now.

2017-08-22  Pavel Hrdina  <phrdina@redhat.com>

	conf: error out for multiple source elements while parsing chardev
	Currently we accept and correctly parse this chardev XML:

	  ...
	  <channel type='tcp'>
	    <source mode='connect'/>
	    <source mode='bind' host='localhost'/>
	    <source service='4567'/>
	    <target type='virtio' name='test'/>
	  </channel>
	  ...

	The parsed formatted XML is:

	  ...
	  <channel type='tcp'>
	    <source mode='connect' host='localhost' service='4567'/>
	    <target type='virtio' name='test'/>
	  </channel>
	  ...

	That behavior is super wrong and should not be allowed.  If you notice
	the current parse takes the first found attribute and uses that value,
	so for example from the "<source mode='bind' host='localhost'/>" only
	the "host" attribute is used.  It works the same way for all possible
	attributes that we are able to parse for source element.

	This patch enforces providing only one source element for all character
	devices, only for UDP type we allow to provide two source elements
	since you can specify both modes.

2017-08-22  Pavel Hrdina  <phrdina@redhat.com>

	conf: switch from while to for loop for chardev parsing
	This removes one level of indentation.

	tests: introduce genericxml test for UNIX chardev

	tests: introduce genericxml test for UDP chardev

	tests: introduce genericxml test for TCP chardev

2017-08-22  Ján Tomko  <jtomko@redhat.com>

	conf: useserial: drop useless check for serial devices
	Since its introduction in commit 874e65aa, if someone requests:
	<os><bios useserial="yes"/><os/>
	we report an error if we cannot successfully count the number
	of serial devices via an XPath query.

	Instead of fixing the check (and moving it to the validation phase,
	to prevent existing domains from disappearing), drop it completely.
	For QEMU, the number of serials is checked when building the command
	line.

2017-08-21  Jim Fehlig  <jfehlig@suse.com>

	Don't autogenerate seclabels of type 'none'
	When security drivers are active but confinement is not enabled,
	there is no need to autogenerate <seclabel> elements when starting
	a domain def that contains no <seclabel> elements. In fact,
	autogenerating the elements can result in needless save/restore and
	migration failures when the security driver is not active on the
	restore/migration target.

	This patch changes the virSecurityManagerGenLabel function in
	src/security_manager.c to only autogenerate a <seclabel> element
	if none is already defined for the domain *and* default
	confinement is enabled. Otherwise the needless <seclabel>
	autogeneration is skipped.

	Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=1051017

2017-08-21  Jim Fehlig  <jfehlig@suse.com>

	Fix building domain def in securityselinuxtest
	The virDomainDef created by testBuildDomainDef in securityselinuxtest
	adds a seclabel but does not increment nseclabels. Also, it should
	populate seclabel->model with 'selinux'.

	While at it, use the secdef itself to populate values instead of
	the indirection through def->seclabels[0].

2017-08-21  Lily Zhu  <lizhu@redhat.com>

	tools: Fix docs in libvirt-guests configuration file
	It was not entirely clear that PARALLEL_SHUTDOWN setting is applied only
	when the desired action is "shutdown".

2017-08-21  Andrea Bolognani  <abologna@redhat.com>

	docs: Improve PCI topology and hotplug guidelines
	Address some minor flaws in the original document that
	were pointed out during review.

2017-08-21  Andrea Bolognani  <abologna@redhat.com>

	conf: Use the correct limit for the number of PHBs
	I mistakenly thought pSeries guests supported 32 PHBs,
	but it turns out they only support 31. Validate the
	target index accordingly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1479647

2017-08-21  Andrea Bolognani  <abologna@redhat.com>

	conf: Move target index validation
	Validation should happen after parsing, so the proper
	location for it is virDomainControllerDefValidate()
	rather than virDomainControllerDefParseXML().

	tests: Improve target index validation coverage
	Split one of the existing tests to ensure both configuration
	errors it contained cause a failure, and introduce a new
	test case.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement postParse callback skipping on config reload
	Use the new facility which allows to ignore failures in post parse
	callbacks if they are not fatal so that VM configs are not lost if the
	emulator binary is missing.

	If qemuCaps can't be populated on daemon restart skip certain portions
	of the post parse callbacks during config reload and re-run the callback
	during VM startup.

	This fixes VMs vanishing if the emulator binary was broken or
	uninstalled and libvirtd was restarted.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Don't set default USB model if qemuCaps is missing
	qemuDomainControllerDefPostParse assigns the default USB controller
	model when it was not specified by the user. Skip this step if @qemuCaps
	is missing so that we don't fill wrong data. This will then be fixes by
	re-running the post parse callback.

	qemu: domain: Don't return default NIC model if @qemuCaps are missing
	Return NULL in qemuDomainDefaultNetModel if qemuCaps is missing and the
	network card model would be determined by the capabilities.

	qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsSupportsGICVersion
	Report the given GIC version as unsupported if @qemuCapsi is NULL. This
	will be helpful to run post parse callbacks even if qemu is not
	currently installed.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Tolerate missing @qemuCaps in virQEMUCapsGetCanonicalMachine
	If qemuCaps are not present, just return the original machine type name.

	This will help in situations when qemuCaps is not available in the post
	parse callback.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: add infrastructure for tolerating certain post parse callback failures
	Some failures of the post parse callback can be tolerated. This is
	specifically desired when loading the configs of existing VMs. In such
	case the post parse callback should not really be modifying anything
	in the definition.

	This patch adds a parse flag VIR_DOMAIN_DEF_PARSE_ALLOW_POST_PARSE_FAIL
	which will allow the callbacks to report non-fatal failures by returning
	a positive return value. In such case the field 'postParseFailed' in the
	domain definition is set to true, to notify the drivers that the
	callback failed and possibly needs to be re-run.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Return any non-zero value from virDomainDeviceInfoIterateInternal callback
	Post parse callbacks will need to be able to signal that they failed
	non-fatally. This means that we need to return the value returned by the
	callback without modification.

	qemu: domain: Don't re-allocate qemuCaps in post parse callbacks
	The domain post parse callback, domain address callback and the domain
	device callback (for every single device) would each grab qemuCaps for
	the current emulator. This is quite wasteful. Use the new callback to do
	this just once.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Add callbacks that allocate per-def private data
	Some drivers use def-specific private data across callbacks (e.g.
	qemuCaps in the qemu driver). Currently it's mostly allocated in every
	single callback. This is rather wasteful, given that every single call
	to the device callback allocates it.

	The new callback will allocate the data (if not provided externally) and
	then use it for the VM, address and device post parse callbacks.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Move assignment of default emulator to the basic post parse callback

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Add 'basic' post parse callback
	Add yet another post parse callback, which is executed prior the real
	one without @parseOpaque. This is meant to set basics before
	@parseOpaque (in case of the qemu driver qemuCaps) can be allocated.

	This callback will allow to optimize passing of custom parseOpaque
	through the callbacks.

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: domainlist: Explicitly report failure to load domain config
	When dropping a domain report which one was dropped so that it's not
	necessary to rummage through the logs.

2017-08-18  Pavel Hrdina  <phrdina@redhat.com>

	qemu: don't check whether offline migration is safe
	Offline migration transfers only the domain definition.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1449715

2017-08-18  Peter Krempa  <pkrempa@redhat.com>

	util: string: Introduce virStringHasChars
	The helper returns true if a string contains any of the given chars.
	virStringHasControlChars can be reimplemented using that helper.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-08-17  Erik Skultety  <eskultet@redhat.com>

	nodedev: Introduce udevHandleOneDevice
	Let this new method handle the device object we obtained from the
	monitor in order to enhance readability.

	nodedev: udev: Remove the udevEventHandleCallback on fatal error
	So we have a sanity check for the udev monitor fd. Theoretically, it
	could happen that the udev monitor fd changes (due to our own wrongdoing,
	hence the 'sanity' here) and if that happens it means we are handling an
	event from a different entity than we think, thus we should remove the
	handle if someone somewhere somehow hits this hypothetical case.

	nodedev: mdev: Report an error when mdev path resolution fails
	It might happen that virFileResolveLinkHelper fails on the lstat system
	call. virFileResolveLink expects the caller to report an error when it
	fails, however this wasn't the case for udevProcessMediatedDevice.

2017-08-17  Christian Ehrhardt  <christian.ehrhardt@canonical.com>

	virt-aa-helper: locking loader/nvram for qemu 2.10
	Testing qemu-2.10-rc3 shows issues like:
	  qemu-system-aarch64: -drive file=/home/ubuntu/vm-start-stop/vms/
	  7936-0_CODE.fd,if=pflash,format=raw,unit=1: Failed to unlock byte 100

	There is an apparmor deny due to qemu now locking those files:
	 apparmor="DENIED" operation="file_lock" [...]
	 name="/home/ubuntu/vm-start-stop/vms/7936-0_CODE.fd"
	 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
	 [...] comm="qemu-system-aarch64" requested_mask="k" denied_mask="k"

	The profile needs to allow locking for loader and nvram files via
	the locking (k) rule.

2017-08-17  Christian Ehrhardt  <christian.ehrhardt@canonical.com>

	virt-aa-helper: locking disk files for qemu 2.10
	Testing qemu-2.10-rc2 shows issues like:
	  qemu-system-x86_64: -drive file=/var/lib/uvtool/libvirt/images/kvmguest- \
	  artful-normal.qcow,format=qcow2,if=none,id=drive-virtio-disk0:
	  Failed to lock byte 100

	It seems the following qemu commit changed the needs for the backing
	image rules:

	(qemu) commit 244a5668106297378391b768e7288eb157616f64
	Author: Fam Zheng <famz@redhat.com>
	    file-posix: Add image locking to perm operations

	The block appears as:
	 apparmor="DENIED" operation="file_lock" [...]
	 name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow"
	 [...] comm="qemu-system-x86" requested_mask="k" denied_mask="k"

	With that qemu change in place the rules generated for the image
	and backing files need the allowance to also lock (k) the files.

	Disks are added via add_file_path and with this fix rules now get
	that permission, but no other rules are changed, example:
	  -  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rw,
	  +  "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rwk

2017-08-17  Pavel Hrdina  <phrdina@redhat.com>

	conf: use virXMLPropString and virXMLNodeContentString for vcpu parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLNodeContentString for boot options parsing
	Using XPath here doesn't add any benefit.

	conf: use virXMLPropStringLimit where it makes sense
	The XPath call for these cases is more expensive than accessing the
	XML dom node directly.

	conf: use virXMLPropString for actual network parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for boot parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for network parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for IOMMU def parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for virDomainVirtioOptionsParseXML
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	util: introduce virXMLNodeContentString
	It's equivalent of calling virXPathString("string(.)", ctxt) but it
	doesn't have to use the XPath resolving and parsing.

	util: introduce virXMLPropStringLimit
	The virXMLPropStringLimit is an equivalent of virXPathStringLimit
	which should be preferred if you already have a XML dom node or
	if you need to parse more than one property.

2017-08-17  Michal Privoznik  <mprivozn@redhat.com>

	network: Use self inflating bitmap for class IDs
	Back in the day when I was implementing QoS for networks there
	were no self inflating virBitmaps. Only the static ones.
	Therefore, I had to allocate the whole 8KB of memory in order to
	keep track of used/unused class IDs. This is rather wasteful
	because nobody is ever gonna use that much classes (kernel
	overhead would drastically lower the bandwidth). Anyway, now that
	we have self inflating bitmaps we can start small and allocate
	more if there's need for it.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-17  John Ferlan  <jferlan@redhat.com>

	network: Use @nnames instead of @got
	To make it clearer, let's use @nnames instead of @got for counting the
	names in the @names array.  Keeps things consistent and clear.

2017-08-16  Cole Robinson  <crobinso@redhat.com>

	tests: add qemu x86 kvm 32-on-64 test
	There's some specific logic in qemuBuildCpuCommandLine to support
	auto adding -cpu qemu 32 for arch=i686 with an x86_64 qemu binary.
	Add a test case for it

2017-08-16  John Ferlan  <jferlan@redhat.com>

	storage: Alter @aclfilter to just @filter
	Rename the variable, recent review requested just use of @filter,
	so be consistent throughout.

	secret: Alter @aclfilter to just @filter
	Rename the variable, recent review requested just use of @filter,
	so be consistent throughout.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	nwfilter: Alter @aclfilter to just @filter
	Rename the variable, recent review requested just use of @filter,
	so be consistent throughout.

	NB: Also change the virNWFilterPtr to be @nwfilter to not conflict
	with the renamed variable.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	nodedev: Alter @aclfilter to just @filter
	Rename the variable, recent review requested just use of @filter,
	so be consistent throughout.

	network: Privatize virNetworkObj
	Move from virnetworkobj.h into virnetworkobj.c

	network: Modify naming for virNetworkObjList* fetching APIs
	Use the structure names in the @data setup - makes it easier than
	going back to find the struct fields to make sure the order of the
	data is correct.

	network: Use @maxnames instead of @nnames
	To be consistent with the API definition, use the @maxnames instead
	of @nnames when describing/comparing against the maximum names to
	be provided for the *ConnectList[Defined]Networks APIs.

	network: Move virObjectRef during AssignDef processing
	Move the virObjectRef in virNetworkObjAssignDefLocked to after
	the virHashAddEntry to make it "clearer" why the @ref is being
	incremented. Upon return from the ObjNew we will have 1 ref on
	the object already, adding it to the hash table requires the
	increment.

	network: Have virNetworkObjNew lock the returned object
	Forces callers to use the virNetworkObjEndAPI properly.

	network: Consistent use of @obj for virnetworkobj
	Consistently use @obj for a virNetworkObjPtr.

	network: Introduce virNetworkObjIsPersistent
	In preparation to privatize the virNetworkObj - create an accessor function
	to get the current @persistent value.  Also change the value to a bool rather
	than an unsigned int (since that's how it's generated anyway).

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Introduce virNetworkObj{Is|Set}Active
	In order to privatize the virNetworkObj create accessors in virnetworkobj
	in order to handle the get/set of the active value.

	Also rather than an unsigned int, convert it to a boolean to match other
	drivers representation and the reality of what it is.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Introduce virNetworkObj{Is|Set}Autostart
	In preparation for privatizing the virNetworkObj structure, create
	accessors for the obj->autostart.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Add virNetworkObj Get/Set API's for @def and @newDef
	In preparation for making the object private, create a couple of API's
	to get the obj->def & obj->newDef and set the obj->def.

	While altering networkxml2conftest.c to use the virNetworkObjSetDef
	API, fix the name of the variable from @dev to @def

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Add virNetworkObj Get/Set API's for @floor_sum
	In preparation for making the object private, create a couple of API's
	to get/set the obj->floor_sum.

	network: Introduce virNetworkObjGetClassIdMap
	In preparation for privatizing virNetworkObj, create accessor function to
	fetch the @classIdMap.

	network: Alter virNetworkObj @class_id to be @classIdMap
	Change the variable name to be a bit more descriptive and less confusing
	when used with the data.network.actual->class_id.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Add virNetworkObj Get/Set API's for @dnsmasqPid and @radvdPid
	In preparation for making the object private, create/use a couple of API's
	to get/set the obj->dnsmasqPid and obj->radvdPid.

	NB: Since the pid's can sometimes changed based on intervening functions,
	be sure to always fetch the latest value.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Unconditionally initialize macmap when stopping virtual network
	Since we can only ever have one reference to obj->macmap, rather
	than only clearing obj->macmap during virNetworkObjUnrefMacMap
	(e.g. virtual network from networkShutdownNetwork), let's just
	unconditionally clear the obj->macmap to ensure that some future
	change that created it's own reference to obj->macmap wouldn't
	have that reference disappear if virNetworkObjDispose got called.

	network: Move macmap mgmt from bridge_driver to virnetworkobj
	In preparation for having a private virNetworkObj - let's create/move some
	API's that handle the obj->macmap. The API's will be renamed to have a
	virNetworkObj prefix to follow conventions and the arguments slightly
	modified to accept what's necessary to complete their task.

	network: Move and rename networkMacMgrFileName
	Move networkMacMgrFileName into src/util/virmacmap.c and rename to
	virMacMapFileName. We're about to move some more MacMgr processing
	files into virnetworkobj and it doesn't make sense to have this helper
	in the driver or in virnetworkobj.

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Use consistent naming in bridge_driver for virNetwork objects
	Use @obj for a virNetworkObjPtr

	Use @net for a virNetworkPtr

2017-08-16  John Ferlan  <jferlan@redhat.com>

	network: Perform some formatting cleanup in bridge_driver.h
	Alter prototypes to utilize some more recent guidelines.

2017-08-16  Michal Privoznik  <mprivozn@redhat.com>

	libvirtd.conf: Drop max_requests
	Since its introduction in f61341173bdaa2e0 it was never
	implemented nor there are plans to implement it. Drop it.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	qemu: Fix bug assuming usage of default UUID for certificate passphrase
	If an environment specific _tls_x509_cert_dir is provided, then
	do not VIR_STRDUP the defaultTLSx509secretUUID as that would be
	for the "default" environment and not the vnc, spice, chardev, or
	migrate environments. If the environment needs a secret to decode
	it's certificate, then it must provide the secret. If the secrets
	happen to be the same, then configuration would use the same UUID
	as the default (but we cannot assume that nor can we assume that
	the secret would be necessary).

	util: Add object checking for virObject{Ref|Unref}
	Rather than assuming that what's passed to virObject{Ref|Unref}
	would be a virObjectPtr as long as it's not NULL, let's do the
	similar checks virObjectIsClass in order to prevent a possible
	increment or decrement to some field at the obj->u.s.refs offset.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	util: Add magic number check for object validity
	The virObjectIsClass API has only ever checked object validity
	based on if the @obj is not NULL and it was derived from some class.
	While this has worked well in general, there is one additional
	check that could be made prior to calling virClassIsDerivedFrom
	which loops through the classes checking the magic number against
	the klass expected magic number.

	If by chance a non virObject is passed, rather than assuming the
	void * @obj is a _virObject and thus offsetting to obj->klass,
	obj->magic, and obj->parent, let's check that the void * @obj
	has at least the "base part" of the magic number in the right
	place and generate a more specific VIR_WARN message if not.

	There are many consumers to virObjectIsClass, include the locking
	primitives virObject{Lock|Unlock}, virObjectRWLock{Read|Write},
	and virObjectRWUnlock. For those callers, the locking call will
	not fail, but it also will not attempt a virMutex* call which
	will "most likely" fail since the &obj->lock is used.

	In order to avoid some possible future wrap on the 0xCAFExxxx
	value, add a check during initialization that some new class
	won't cause the wrap. Should be good for a few years at least!

	It is still left up to the caller to handle the failed API calls
	just as it would be if it passed a NULL opaque pointer anyobj.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	util: Create common error path for invalid object
	If virObjectIsClass fails "internally" to virobject.c, create a
	macro to generate the VIR_WARN describing what the problem is.
	Also improve the checks and message a bit to indicate which was
	the failure - whether the obj was NULL or just not the right class

	util: Introduce and use virObjectRWUnlock
	Rather than overload virObjectUnlock as commit id '77f4593b' has
	done, create a separate virObjectRWUnlock API that will force the
	consumers to make the proper decision regarding unlocking the
	RWLock's. Similar to the RWLockRead and RWLockWrite, use the
	virObjectGetRWLockableObj helper. This restores the virObjectUnlock
	code to using the virObjectGetLockableObj.

	util: Introduce virObjectGetRWLockableObj
	Introduce a helper to handle the error path more cleanly. The same
	as virObjectGetLockableObj in order to essentially follow the original
	logic of commit 'b545f65d' to ensure that the input argument at least
	has some validity before using.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	util: Only have virObjectLock handle virObjectLockable
	Now that virObjectRWLockWrite exists to handle the virObjectRWLockable
	objects, let's restore virObjectLock to only handle virObjectLockable
	class locks. There still exists the possibility that the input @anyobj
	isn't a valid object and the resource isn't truly locked, but that
	also exists before commit id '77f4593b'.

	This also restores some logic that commit id '77f4593b' removed
	with respect to a common code path that commit id '10c2bb2b' had
	introduced as virObjectGetLockableObj. This code path merely does
	the same checks as the original virObjectLock commit 'b545f65d',
	but in callable/reusable helper to ensure the @obj at least has
	some validity before using.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	util: Introduce and use virObjectRWLockWrite
	Instead of making virObjectLock be the entry point for two
	different types of locks, let's create a virObjectRWLockWrite API
	which will only handle the virObjectRWLockableClass objects.

	Use the new virObjectRWLockWrite for the virdomainobjlist code
	in order to handle the Add, Remove, Rename, and Load operations
	that need to be very synchronous.

2017-08-15  John Ferlan  <jferlan@redhat.com>

	util: Rename virObjectLockRead to virObjectRWLockRead
	Since the class it represents is based on virObjectRWLockableClass
	and in order to make sure we differentiate just in case anyone somehow
	believes they could use virObjectLockRead for a virObjectLockableClass,
	let's rename the API to use the RW in the name. Besides the RW locks
	refer to pthread_rwlock_{init|rdlock|wrlock|unlock|destroy} while the
	other locks refer to pthread_mutex_{init|lock|unlock|destroy}.

2017-08-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix nwfilter deadlock in qemuProcessReconnect
	The correct lock order is:

	  nwfilter driver lock (not used in this code path)
	  nwfilter update lock
	  virt driver lock (not used in this code path)
	  domain object lock

	but the current code have this order:

	  domain object lock
	  nwfilter update lock

2017-08-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix nwfilter deadlock while reverting to snapshot
	Introduced by commit <41127244fb90f08cf5032a5d7553f5f0390d925e>.

	conf: use virXMLPropString for Domain def parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for IOThread pin parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for IOThread parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for disk geometry parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: use virXMLPropString for KeyWrapCipherDef parsing
	XPath is good for random search of elements, not for accessing
	attributes of one node.

	conf: cleanup virDomainChrSourceDef parsing
	The @remaining variable is leftover from old code and it's not
	used anymore.

	use virXMLNodeNameEqual instead of xmlStrEqual

	util: introduce virXMLNodeNameEqual

2017-08-14  Martin Kletzander  <mkletzan@redhat.com>

	util: Rename virResctrl to virResctrlInfo
	This way later patches can add another structures with virResctrl
	prefix without the meaning being even more confusing than it needs to
	be.

	util: Make virResctrlGetCacheControlType() behave like other functions
	That means that returning negative values means error and non-negative
	values differ in meaning, but are all successful.

	Move resctrl-related code from conf/capabilities to util/virresctrl
	It doesn't access anything from conf/ and ti will be needed to use
	from other util/ places.  This split makes the separation clearer.

	tests: Fix indentation in virfilewrapper.c

	virxml: Fix indentation

2017-08-14  Laine Stump  <laine@laine.org>

	util: eliminate superfluous saveVlan check in virNetDevSetNetConfig()
	Commit 81fb440b further qualified an if statement by adding the
	boolean saveVlan to the condition. Coverity pointed out that this
	change in the logic eliminated the need to check saveVlan in an
	argument to virAsprintf().

2017-08-14  Laine Stump  <laine@laine.org>

	util: fix improper assignment of return value in virHostdevReadNetConfig()
	Commit 9a94af6d restructured virHostdevReadNetConfig() so that it
	would manually set ret = 0 after successfully reading the device's
	config, but Coverity pointed out that "ret = 0" was erroneously placed
	outside of an "else" clause, meaning that the the value of ret set in
	the "if" clause was unnecessarily and incorrectly overwritten.

	This patch moves ret = 0 into the else clause, which should silence
	Coverity.

2017-08-14  Guido Günther  <agx@sigxcpu.org>

	vbox: fix typo in warning message
	Acked-by: Laine Stump <laine@laine.org>

2017-08-12  Laine Stump  <laine@laine.org>

	util: check for PF online status earlier in guest startup
	When using a VF from an SRIOV-capable network card in a guest (either
	in macvtap passthrough mode, or via VFIO PCI device assignment), The
	associated PF netdev must be online in order for the VF to be usable
	by the guest. The guest, however, is not able to change the state of
	the PF. And libvirt *could* set the PF online as needed, but that
	could lead to the host receiving unexpected IPv6 traffic (since the
	default for an unconfigured interface is to participate in IPv6
	autoconf). For this reason, before assigning a VF to a guest, libvirt
	verifies that the related PF netdev is online - if it isn't, then we
	log an error and don't allow the guest startup to continue.

	Until now, this check was done during virNetDevSetNetConfig(). This
	works nicely because the same function is called both for macvtap
	passthrough and for VFIO device assignment. But in the case of VFIO,
	the VF has already been unbound from its netdev driver by the time we
	get to virNetDevSetNetConfig(), and in the case of dual port Mellanox
	NICs that have their VFs setup in single port mode, the *only* way to
	determine the proper PF netdev to query for online status is via the
	"phys_port_id" file that is in the VF netdev's sysfs directory. *BUT*
	if we've unbound the VF from the netdev driver, then it doesn't *have*
	a netdev sysfs directory.

	So, in order to check the correct PF netdev for online status, this
	patch moved the check earlier in the setup, into
	virNetDevSaveNetConfig(), which is called *before* unbinding the VF
	from its netdev driver.

	(Note that this implies that if you are using VFIO device assignment
	for the VFs of a Mellanox NIC that has the VFs programmed in single
	port mode, you must let the VFs be bound to their net driver and use
	"managed='yes'" in the device definition. To be more specific, this is
	only true if the VFs in single port mode are using port *2* of the PF
	- if the VFs are using only port 1, then the correct PF netdev will be
	arrived at by default/chance))

	  This resolves: https://bugzilla.redhat.com/267191

2017-08-12  Laine Stump  <laine@laine.org>

	util: restructure virNetDevReadNetConfig() to eliminate false error logs
	virHostdevRestoreNetConfig() calls virNetDevReadNetConfig() to try and
	read the "original config" of a netdev, and if that fails, it tries
	again with a different directory/netdev name. This achieves the
	desired effect (we end up finding the config wherever it may be), but
	for each failure, virNetDevReadNetConfig() places a nice error message
	in the system logs. Experience has shown that false-positive error
	logs like this lead to erroneous bug reports, and can often mislead
	those searching for *real* bugs.

	This patch changes virNetDevReadNetConfig() to explicitly check if the
	file exists before calling virFileReadAll(); if it doesn't exist,
	virNetDevReadNetConfig() returns a success, but leaves all the
	variables holding the results as NULL. (This makes sense if you define
	the purpose of the function as "read a netdev's config from its config
	file *if that file exists*).

	To take advantage of that change, the caller,
	virHostdevRestoreNetConfig() is modified to fail immediately if
	virNetDevReadNetConfig() returns an error, and otherwise to try the
	different directory/netdev name if adminMAC & vlan & MAC are all NULL
	after the preceding attempt.

2017-08-12  Laine Stump  <laine@laine.org>

	util: save the correct VF's info when using a dual port SRIOV NIC in single port mode
	Mellanox ConnectX-3 dual port SRIOV NICs present a bit of a challenge
	when assigning one of their VFs to a guest using VFIO device
	assignment.

	These NICs have only a single PCI PF device, and that single PF has
	two netdevs sharing the single PCI address - one for port 1 and one
	for port 2. When a VF is created it can also have 2 netdevs, or it can
	be setup in "single port" mode, where the VF has only a single netdev,
	and that netdev is connected either to port 1 or to port 2.

	When the VF is created in dual port mode, you get/set the MAC
	address/vlan tag for the port 1 VF by sending a netlink message to the
	PF's port1 netdev, and you get/set the MAC address/vlan tag for the
	port 2 VF by sending a netlink message to the PF's port 2 netdev. (Of
	course libvirt doesn't have any way to describe MAC/vlan info for 2
	ports in a single hostdev interface, so that's a bit of a moot point)

	When the VF is created in single port mode, you can *set* the MAC/vlan
	info by sending a netlink message to *either* PF netdev - the driver
	is smart enough to understand that there's only a single netdev, and
	set the MAC/vlan for that netdev. When you want to *get* it, however,
	the driver is more accurate - it will return 00:00:00:00:00:00 for the
	MAC if you request it from the port 1 PF netdev when the VF was
	configured to be single port on port 2, or if you request if from the
	port 2 PF netdev when the VF was configured to be single port on port
	1.

	Based on this information, when *getting* the MAC/vlan info (to save
	the original setting prior to assignment), we determine the correct PF
	netdev by matching phys_port_id between VF and PF.

	(IMPORTANT NOTE: this implies that to do PCI device assignment of the
	VFs on dual port Mellanox cards using <interface type='hostdev'>
	(i.e. if you want the MAC address/vlan tag to be set), not only must
	the VFs be configured in single port mode, but also the VFs *must* be
	bound to the host VF net driver, and libvirt must use managed='yes')

	By the time libvirt is ready to set the new MAC/vlan tag, the VF has
	already been unbound from the host net driver and bound to
	vfio-pci. This isn't problematic though because, as stated earlier,
	when a VF is created in single port mode, commands to configure it can
	be sent to either the port 1 PF netdev or the port 2 PF netdev.

	When it is time to restore the original MAC/vlan tag, again the VF
	will *not* be bound to a host net driver, so it won't be possible to
	learn from sysfs whether to use the port 1 or port 2 PF netdev for the
	netlink commands. And again, it doesn't matter which netdev you
	use. However, we must keep in mind that we saved the original settings
	to a file called "${PF}_${VFNUM}". To solve this problem, we just
	check for the existence of ${PF1}_${VFNUM} and ${PF2}_${VFNUM}, and
	use whichever one we find (since we know that only one can be there)

2017-08-12  Laine Stump  <laine@laine.org>

	util: match phys_port_id when converting PF-netdev to/from VF-netdev
	This patch updates functions in netdev.c to pay attention to
	phys_port_id. It uses the new function virNetDevGetPhysPortID() to
	learn the phys_port_id of a VF or PF, then sends that info to
	virPCIGetNetName(), which has newly been modified to take an optional
	phys_port_id.

2017-08-12  Laine Stump  <laine@laine.org>

	util: make virPCIGetNetName() more versatile
	A single PCI device may have multiple netdevs associated with it. Each
	of those netdevs will have a different phys_port_id entry in
	sysfs. This patch modifies virPCIGetNetName() to allow selecting one
	of the potential many netdevs in two different ways:

	1) by setting the "idx" argument, the caller can select the 1st (0),
	2nd (1), etc. netdev from the PCI device's net subdirectory.

	2) If the physPortID arg is set (to a null-terminated string) then
	virPCIGetNetName() returns the netdev that has that phys_port_id in
	the sysfs file of the same name in the netdev's directory.

2017-08-12  Laine Stump  <laine@laine.org>

	util: Fix const'ness of 1st arg to virPCIGetNetName()
	The first arg isn't modified in the function, so it should be const.

2017-08-12  Laine Stump  <laine@laine.org>

	util: new function virNetDevGetPhysPortID()
	On Linux each network device *can* (but not necessarily *does*) have
	an attribute called phys_port_id which can be read from the file of
	that name in the netdev's sysfs directory. The examples I've seen have
	been a many-digit hexadecimal number (as an ASCII string).

	This value can be useful when a single PCI device is associated with
	multiple netdevs (e.g a dual port Mellanox SR-IOV NIC - this card has
	a single PCI Physical Function (PF), and that PF has two netdevs
	associated with it (the "net" subdirectory of the PF in sysfs has two
	links rather than the usual single link to a netdev directory). Each
	of the PF netdevs has a different phys_port_id. The Virtual Functions
	(VF) are similar - the PF (a PCI device) has "n" VFs (also each of
	these is a PCI device), each VF has two netdevs, and each of the VF
	netdevs points back to the VF PCI device (with the "device" entry in
	its sysfs directory) as well as having a phys_port_id matching the PF
	netdev it is associated with.

	virNetDevGetPhysPortID() simply attempts to read the phys_port_id for
	the given netdev and return it to the caller. If this particular
	netdev driver doesn't support phys_port_id, it returns NULL (*not* a
	NULL-terminated string, but a NULL pointer) but still counts it as a
	success.

2017-08-11  intrigeri  <intrigeri+libvirt@boum.org>

	apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.

2017-08-11  Daniel P. Berrange  <berrange@redhat.com>

	m4: workaround clang/glibc problem with isnan()
	When building libvirt with clang we get bogus warnings about
	'double' being promoted to 'long double' when calling isnan().

	  https://bugzilla.redhat.com/show_bug.cgi?id=1472437

	Detect this broken isnan() / compiler combination and disable
	the -Wdouble-promotion flag.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-08-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Handle one more corner case
	https://bugzilla.redhat.com/show_bug.cgi?id=1458638

	This code is so complicated because we allow enabling the same
	bits at many places. Just like in this case: huge pages can be
	enabled by global <hugepages/> element under <memoryBacking> or
	on per <memory/> basis. To complicate things a bit more, users
	are allowed to omit the page size which case the default page
	size is used. And this is what is causing this bug. If no page
	size is specified, @pagesize is keeping value of zero throughout
	whole function. Therefore we need yet another boolean to hold
	[use, don't use] information as we can't sue @pagesize for that.

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-08-10  Michal Privoznik  <mprivozn@redhat.com>

	virhostdevtest: Don't leak @mgr->activeSCSIHostdevs
	So the hostdev manager has some lists to keep track which devices
	are active (=assigned to a domain) or inactive. The manager and
	its lists are allocated in myInit and freed in myCleanup but one
	of them (activeSCSIHostdevs) was missing. Also, the order in
	which the cleanup was done doesn't make it easy to spot it,
	therefore reoder it.

	vircgrouptest: Don't leak @cgroup
	In these test cases we create internal representation of cgroup,
	however, never free it.

	securityselinuxtest: Don't leak @mgr
	The security manager is created so that test cases can use it.
	However, it is never released.

	testCompareMemLock: Use correct free function for domain def
	virDomainDef is not an instance of virObject thus
	virObjectUnref() is not the correct function to be called.

	virDomainNetDefClear: Free @coalesce
	In virDomainNetDefParseXML() the def->coalesce is parsed and
	allocated by virDomainNetDefCoalesceParseXML() but in fact it's
	never freed .

2017-08-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUndefineFlags: unlink nvram file regardless of domain state
	https://bugzilla.redhat.com/show_bug.cgi?id=1467245

	Currently, there's a bug when undefining a domain with NVRAM
	store. Basically, the unlink() of the NVRAM store file happens
	during the undefine procedure iff domain is inactive. So, if
	domain is running and undefine is called the file is left behind.
	It won't be removed in the domain cleanup process either
	(qemuProcessStop). One of the solutions is to remove if
	regardless of the domain state and rely on qemu having the file
	opened. This still has a downside that if the domain is defined
	back the NVRAM store file is going to be new, any changes to the
	current one are lost (just like with any other file that is
	deleted while a process has it opened). But is it really a
	downside?

2017-08-08  Andrea Bolognani  <abologna@redhat.com>

	docs: Add "PCI topology and hotplug" guidelines
	For all machine types except i440fx, making a guest hotplug
	capable requires some sort of planning. Add some information
	to help users make educated choices when defining the PCI
	topology of guests.

2017-08-08  Ján Tomko  <jtomko@redhat.com>

	introduce virConfReadString
	Rewrite virConfReadMem to take a null-terminated string.
	All the callers were calling strlen on it anyway.

	conf: check rombar against VIR_DOMAIN_TRISTATE_SWITCH_ABSENT
	Make the comparison explicit.

2017-08-08  Daniel P. Berrange  <berrange@redhat.com>

	docs: force content in <script> element
	If there's no content in <script></script>, the XSTL generator
	will turn it into <script/> which is not permitted in XHTML.
	Adding a single whitespace is enough to guarantee an explicit
	closing tag. Without this, the scripts never get loaded by
	the browser.

2017-08-07  Sri Ramanujam  <sramanujam@datto.com>

	hyperv: Silence clang alignment warnings in serialization code
	Slight refactor of the WMI serialization code to minimize mixing
	openwsman and libxml2 APIs that triggered clang alignment warnings.

	The only usage of libxml2 APIs now is in creating CDATA blocks,
	because the openwsman API does not provide that functionality. The
	clang alignment warning in this case is silenced by casting to a
	void pointer first.

2017-08-07  Sri Ramanujam  <sramanujam@datto.com>

	hyperv: Correct number of milliseconds in five minutes

2017-08-07  Daniel P. Berrange  <berrange@redhat.com>

	tests: add further XML namespace test
	Validate that we can pass QEMU command line options using a default
	namespace, instead of a prefixed namespace

2017-08-07  Daniel P. Berrange  <berrange@redhat.com>

	docs: make website responsive for mobile devices
	The website does not look good in a mobile device as the text is
	far too small and the layout assumes a wide screen.

	Make the style dynamically adapt based on viewport size, so a
	mobile device gets a layout more suited to its dimensions,
	also changing "Learn" to "Docs"

2017-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus warning about vir$OBJECTGetConnect functions
	The API docs for the various vir$OBJECTGetConnect functions
	contain a warning

	  WARNING: When writing libvirt bindings in other languages, do
	  not use this function.  Instead, store the connection and
	  the domain object together.

	There is no reason why language bindings should not use this
	method, and indeed the Perl, Python, and Go bindings all use
	these methods.

	This warning was originally added back in

	  commit 3edb4bc9fb1b451599df58420d61ffd73633cead
	  Author: Daniel Veillard <veillard@redhat.com>
	  Date:   Tue Jul 24 15:32:55 2007 +0000

	    * libvirt.spec.in NEWS docs/* po/*: preparing release 0.3.1
	    * src/libvirt.c python/generator.py: some cleanup and warnings
	      from Richard W.M. Jones

	IIUC, the rational was that these APIs do not need to be
	directly exposed to the non-C language, as the language
	can expose the same concept itself by storing the original
	virConnectPtr object alongside the virDomainPtr.  There's
	no reason to mandate such an approach though - it is valid
	for languages to expose this directly if that suits their
	needs better.

2017-08-07  Michal Privoznik  <mprivozn@redhat.com>

	virdbustest: Don't leak @out_strv1
	In testMessageSingleArrayRef the string is doubly referenced.
	Therefore we have to free also the first pointer to the string.

	qemuhotplugtest: Don't leak @vm
	Some tests take already prepared domain from previous tests. In
	this case, the domain is freed by the first test that doesn't
	keep the domain. However, if there's no such test case domain is
	leaked.

	virTestCompareToFile: Don't access memory we don't own
	After reading the contents of a file some cleanup is performed.
	However, the check for it might access a byte outside of the
	string - if the file is empty in the first place. Then strlen()
	is zero.

	qemuDomainObjPrivateFree: Free @machineName
	We're storing the machine name in @priv but free it just in
	qemuProcessStop, Therefore this may leak.

	virNodeDevCapCCWParseXML: Free temporary variables
	Again, we are using @cssid, @ssid and @devno to store some
	temporary strings, but never free it.

	virDomainDefParseXML: Free @tmp
	When parsing <ioapic> feature we're using @tmp to store some
	temporary string but never free it.

2017-08-07  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDefFree: Don't leak initenv name and value
	When parsing boot options from domain XML in
	virDomainDefParseBootOptions() initenv id stored to:

	    def->os.initenv[i]->name
	    def->os.initenv[i]->value

	But these are never freed.

2017-08-07  Daniel P. Berrange  <berrange@redhat.com>

	tools: make wireshark build quiet
	Use $(AM_V_GEN) when running wireshark related tools

2017-08-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve: document autoport support
	 - Update the driver page with the information about using
	   autport for VNC ports
	 - Add a news entry

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2017-08-06  Alexander Nusov  <alexander.nusov@nfvexpress.com>

	bhyve: Add support for VNC autoport
	This patch adds support for automatic VNC port assignment for bhyve guests.

	Reviewed-by: Ján Tomko <jtomko@redhat.com>

2017-08-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Add a test suite for libxl_domain_config generator
	The libxl library allows a libxl_domain_config object to be serialized
	from/to a JSON string. Use this to allow testing of the XML to
	libxl_domain_config conversion process. Test XML is converted to
	libxl_domain_config, which is then serialized to json. A json template
	corresponding to the test XML is converted to a libxl_domain_config
	object using libxl_domain_config_from_json(), and then serialized
	back to json using libxl_domain_config_to_json(). The two json
	docs are then compared.

	Using libxl to convert the json template to a libxl_domain_config
	object and then back to json provides a simple way to account for
	any changes or additions to the json representation across Xen
	releases.

	[update to v3.5.0-rc1, improve error reporting, use /bin/true emulator]

2017-08-04  Daniel P. Berrange  <berrange@redhat.com>

	remote: increase max storage pools, nwfilters & snapshots to 16384
	Most other top level objects have already had their limits increased
	to 16384. Increase the storage pool, nwfilter & snapshot object
	limits to match. For snapshots at least, we have seen hosts which
	exceeded the current limit

	rpm: conditionalize dep on perl for perl-interpretor split in F27

2017-08-04  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	cpu: define sub-leaf 0 for leaf 7 in cpu_map.xml
	CPUID leaf 7 is sub-leaf aware. Add missing attribute.

2017-08-03  Cole Robinson  <crobinso@redhat.com>

	qemu: command: explicitly error for non-x86 default CPU
	The code only currently handles writing an x86 default -cpu
	argument, and doesn't know anything about other architectures.
	Let's make this explicit rather than leaving ex. qemu ppc64 to
	throw an error about -cpu qemu64

	Reviewed-by: Ján Tomko <jtomko@redhat.com>

2017-08-03  Cole Robinson  <crobinso@redhat.com>

	qemu: command: rework adding of default cpu model
	Certain XML features that aren't in the <cpu> block map to -cpu
	flags on the qemu cli. If one of these is specified but the user
	didn't explicitly pass an XML <cpu> model, we need to format a
	default model on the command line.

	The current code handles this by sprinkling this default cpu handling
	among all the different flag string formatting. Instead, switch it
	to do this just once.

	This alters some test output slightly: the previous code would
	write the default -cpu in some cases when no flags were actually
	added, so the output was redundant.

	Reviewed-by: Ján Tomko <jtomko@redhat.com>

2017-08-03  Ján Tomko  <jtomko@redhat.com>

	conf: fix formatting of smartcard devices
	My commit 0c1d863 broke formatting of passthrough smartcard devices:
	<smartcard mode='passthrough' type='spicevmc'/>

	resulted in invalid XML:
	    <smartcard mode='passthrough'>
	       type='spicevmc'>
	      <address type='ccid' controller='0' slot='0'/>
	    </smartcard>

	Split out chardev source formatting function into two -
	one formatting the attributes and other formatting the subelements.

	Reported-by: Cole Robinson <crobinso@redhat.com>
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-08-03  Peter Krempa  <pkrempa@redhat.com>

	tests: deterministichash: Make hash tables arch-independent
	It turns out that our implementation of the hashing function is
	endian-dependent and thus if used on various architectures the testsuite
	may have different results. Work this around by mocking virHashCodeGen
	to something which does not use bit operations instead of just setting a
	deterministic seed.

	util: hash: Make virHashCodeGen mockable
	Export the function from the util module so that dynamic linking can
	override it.

	util: hash: Include stdbool.h in the header file
	The functions declared in virhash.h return bool, but stdbool.h was not
	included.

2017-08-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: command: align disk serial check to schema
	Disk serial schema has extra '.+' allowed characters in comparison
	with check in code. Looks like there is no reason for that as qemu
	allows any character AFAIK for serial. This discrepancy is originated
	in commit id '85d15b51' where the ability to add serial was added.

	Alter the disk-serial test to add a disk with all the possible
	characters listed as the serial value.

2017-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Check for existence of provided *_tls_x509_cert_dir
	https://bugzilla.redhat.com/show_bug.cgi?id=1458630

	Introduce virQEMUDriverConfigTLSDirResetDefaults in order to check
	if the defaultTLSx509certdir was changed, then change the default
	for any other *TLSx509certdir that was not set to the default default.

	Introduce virQEMUDriverConfigValidate to validate the existence of
	any of the *_tls_x509_cert_dir values that were uncommented/set,
	incuding the default.

	Update the qemu.conf description for default to describe the consequences
	if the default directory path does not exist.

2017-08-02  John Ferlan  <jferlan@redhat.com>

	docs: Fix syntax-check error
	Commit id '94d2d6429' caused a syntax-error check to fail:

	docs/Makefile.am:276:	$(AM_V_GEN)sed -e '/<span id="php_placeholder"><\/span>/r '"$(srcdir)/$@.code.in" \
	maint.mk: Wrap long lines in Makefiles
	cfg.mk:721: recipe for target 'sc_prohibit_long_lines' failed
	make: *** [sc_prohibit_long_lines] Error 1
	make: *** Waiting for unfinished jobs....

	Altered the line to put another line wrap between sed and -e

2017-08-02  John Ferlan  <jferlan@redhat.com>

	docs: Fix syntax-check error
	commit id '40cb5581' caused syntax-check error:

	prohibit_empty_lines_at_EOF
	docs/manifest.json
	maint.mk: empty line(s) or no newline at EOF
	maint.mk:929: recipe for target 'sc_prohibit_empty_lines_at_EOF' failed
	make: *** [sc_prohibit_empty_lines_at_EOF] Error 1

	I just edited the file and replaced the closing } and it made things happy

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: add full set of "favicon" files to support modern clients
	Use of the relation "shortcut" for a favicon was an Internet
	Explorer only feature. Other browsers just require "icon".

	The new icons & metadata are generated using

	  https://realfavicongenerator.net/

	which is user tested to work well across all modern clients

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: explicitly declare pages as being UTF-8 format

	docs: remove bogus 'shape' attribute on links
	The 'shape' attribute on <a> is used together with a 'coords'
	attribute to create hot-zones in image maps. We're not using
	image maps so our inclusion of a 'shape' attribute is bogus.
	Furthermore this is forbidden in HTML5.

	docs: generate pretty indented HTML for API docs

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: switch to using HTML5 doctype declaration
	The HTML5 doctype is simply

	  <!DOCTYPE html>

	no DTD is present because HTML5 is no longer defined as an
	extension of SGML.

	XSL has no way to natively output a doctype without a public
	or system identifier, so we have to use an <xsl:text> hack
	instead.

	See also

	  https://dev.w3.org/html5/html-author/#doctype-declaration

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: use UTF-8 instead of HTML entities for decorated letters
	We have files which use HTML entities for decorating letters
	with unlauts, accents, etc. Other files just use UTF-8
	characters directly for this. Remove the HTML entities since
	they have no benefit and use UTF-8 instead.

	docs: remove use of &mdash; entity
	A handful of places in the docs choose to use &mdash; instead
	of '-' for no clear reason. Remove this inconsistency.

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: remove use of &nbsp; in docs
	Some docs pages were using <p>&nbsp;</p> to add arbitrary whitespace
	in the page. This is something that should be done by CSS if needed,
	but it is not needed here, so delete it.

	There was also use of <td>&nbsp;</td> which adds no value at all
	when we have CSS to prettify tables.

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: fix typo s/&and;/&amp;/

	docs: make xmllint & xsltproc compulsory
	We already require libxml to be installed, so it is not unreasonable
	to require xmllint and xsltproc to be installed too - any platform
	with the former will have the latter too.

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: drop XHTML 1.0 validation of website
	The HTML pages are currently validated against an XHTML 1.0 DTD.
	This makes it impossible to take advantage of features that are
	introduced in HTML 5, because they'll fail validation.

	There is intentionally no DTD defined for HTML 5, so there's no
	alternative to XHTML 1.0 DTD that we could switch to. The only
	options are to stick with XHTML 1.0 forever, or drop the DTD
	validation, and we pick the latter.

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	docs: switch to using 'id' attribute instead of 'name' for links
	The 'name' attribute on <a...> elements is deprecated in favour
	of the 'id' attribute which is allowed on any element. HTML5
	drops 'name' support entirely.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	Turn virDomainDeviceInfoFormat into void
	The rombar attribute was already validated at the time of parsing
	the XML.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	conf: check for buffer errors before virBufferUse
	After an OOM error, virBuffer* APIs set buf->use to zero.
	Adding a buffer to the parent buffer only if use is non-zero
	would quietly drop data on error.

	Check the error beforehand to make sure buf->use is zero
	because we have not attempted to add anything to it.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	Use a separate buffer for <hub> subelements
	Switch virDomainHubDefFormat to use a separate buffer for subelements.

	Use a separate buffer for <watchdog> subelements
	Convert virDomainWatchdogDefFormat to use a separate
	buffer for subelements.

	Use a separate buffer for <sound> subelements
	Convert virDomainSoundDefFormat to use a separate buffer
	for subelements.

	Use a separate buffer for <smartcard> subelements
	Convert virDomainSmartcardDefFormat to use a separate buffer
	for possible subelements, to avoid the need for duplicated
	formatting logic in virDomainDeviceInfoNeedsFormat.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	virDomainDeviceInfoFormat: delete outdated comments
	This function has grown to format more than just the address.
	Delete the comment completely to avoid failing to update it
	in the future.

	Also, the indentation is now handled by the virBuffer APIs,
	so the comment about indentation no longer makes sense.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	Remove superfluous usage of virDomainDeviceInfoNeedsFormat
	This function returns false if virDomainDeviceInfoFormat
	would not format anything.

	Using it as the sole condition to decide whether to call
	virDomainDeviceInfoFormat or not is pointless, since
	the conditions are repeated in virDomainDeviceInfoFormat.

2017-08-02  Ján Tomko  <jtomko@redhat.com>

	virCapabilitiesFormatCaches: free cpus_str right after use
	This will simplify the cleanup when we start checking for
	buffer errors.

2017-08-02  Michal Privoznik  <mprivozn@redhat.com>

	Add support for virtio-net.tx_queue_size
	https://bugzilla.redhat.com/show_bug.cgi?id=1462653

	Just like I've added support for setting rx_queue_size (in
	c56cdf259 and friends), qemu just gained support for setting tx
	ring size.

2017-08-02  Daniel P. Berrange  <berrange@redhat.com>

	driver: conditionalize use of dlopen functions & use mingw-dlfcn
	Not every platform is guaranteed to have dlopen/dlsym, so we should
	conditionalize its use. Suprisingly it is actually present for Win32
	via the mingw-dlfcn add on, but we should still conditionalize it.

	tools: rename 'socket' to 'sockpath'
	A variable named 'socket' clashes with the function of the same
	name, causing build failures due to warnings on some platforms.

2017-08-02  Michal Privoznik  <mprivozn@redhat.com>

	virnetworkobj: Make virNetworkObjFindBy{UUID,Name}Locked() static again
	These functions were made exportable back in 3aa3e072 when I was
	splitting network code into parsing and list management parts.
	Since then the split is finished now and these two functions do
	not need to be exported anymore.

	virConnect: Update comment for @privateData
	This member allows us to store a pointer to some private data.
	However, the comment says it's used in both domain driver and
	network driver. Well, it is not. It's just one pointer and domain
	driver uses it directly. Network driver has a global driver
	variable. Update the comment to not confuse others.

2017-08-02  Julio Faracco  <jcfaracco@gmail.com>

	tools: virsh: Adding unix socket support to 'domdisplay' command.
	This commit adds the unix socket URL support to 'domdisplay' command.
	Before, even if an user was using unix socket to define a spice graphics,
	the command 'domdisplay' showed that the settings were not supported. Now,
	the command shows the proper URL: spice+unix://foo/bar.sock.

	Settings:
	<graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'>
	  <listen type='address' address='127.0.0.1'/>
	</graphics>
	<graphics type='spice'>
	  <listen type='socket' socket='/tmp/spice.sock'/>
	</graphics>

	Before:
	virsh # domdisplay --all Windows7
	vnc://127.0.0.1:0

	After:
	virsh # domdisplay --all Windows7
	vnc://127.0.0.1:0
	spice+unix:///tmp/spice.sock

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1336720

2017-08-02  Michal Privoznik  <mprivozn@redhat.com>

	Update news.xml after the post-release
	In 19581afd778 the configure.ac was updated. However, the
	news.xml was missing adjustment - creating the new section for
	the release.

2017-08-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Split shmem preparation as it's supposed to be
	Since the introduction of shmem, there was a split of preparation code
	from the formatting code from qemuBuildCommandLine() into
	qemuProcessPrepareDomain().  Let's fix shmem in this regard, so that
	we can slowly get to a cleaner codebase.

	Post-release version bump to 3.7.0

2017-08-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.6.0
	* docs/news.xml: updated for the release
	* po/*.po*: regenerated

2017-08-01  Michal Privoznik  <mprivozn@redhat.com>

	virNetDaemonCallInhibit: Call virNetDaemonGotInhibitReply properly
	So there are couple of issues here. Firstly, we never unref the
	@pendingReply and thus it leaks.

	==13279== 144 (72 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 1,095 of 1,259
	==13279==    at 0x4C2E080: calloc (vg_replace_malloc.c:711)
	==13279==    by 0x781FA97: _dbus_pending_call_new_unlocked (in /usr/lib64/libdbus-1.so.3.14.11)
	==13279==    by 0x7812A4C: dbus_connection_send_with_reply (in /usr/lib64/libdbus-1.so.3.14.11)
	==13279==    by 0x56BEDF3: virNetDaemonCallInhibit (virnetdaemon.c:514)
	==13279==    by 0x56BEF18: virNetDaemonAddShutdownInhibition (virnetdaemon.c:536)
	==13279==    by 0x12473B: daemonInhibitCallback (libvirtd.c:742)
	==13279==    by 0x1249BD: daemonRunStateInit (libvirtd.c:823)
	==13279==    by 0x554FBCF: virThreadHelper (virthread.c:206)
	==13279==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
	==13279==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)

	Secondly, while we send the message, we are suspended ('cos we're
	talking to a UNIX socket).  However, until we are resumed back
	again the reply might have came therefore subsequent
	dbus_pending_call_set_notify() has no effect and in fact the
	virNetDaemonGotInhibitReply() callback is never called. Thirdly,
	the dbus_connection_send_with_reply() has really stupid policy
	for return values. To cite the man page:

	  Returns
	      FALSE if no memory, TRUE otherwise.

	Yes, that's right. If anything goes wrong and it's not case of
	OOM then TRUE is returned, i.e. you're trying to pass FDs and
	it's not supported, or you're not connected, or anything else.
	Therefore, checking for return value of
	dbus_connection_send_with_reply() is not enoguh. We also have to
	check if @pendingReply is not NULL before proceeding any further.

2017-08-01  Michal Privoznik  <mprivozn@redhat.com>

	virCgroupValidateMachineGroup: Don't free @machinename
	We are given a string in @machinename, we never allocate it, just
	merely use it for reading. We should not free it otherwise it
	leads to double free:

	==32191== Thread 17:
	==32191== Invalid free() / delete / delete[] / realloc()
	==32191==    at 0x4C2D1A0: free (vg_replace_malloc.c:530)
	==32191==    by 0x54BBB84: virFree (viralloc.c:582)
	==32191==    by 0x2BC04499: qemuProcessStop (qemu_process.c:6313)
	==32191==    by 0x2BC500FF: processMonitorEOFEvent (qemu_driver.c:4724)
	==32191==    by 0x2BC502FC: qemuProcessEventHandler (qemu_driver.c:4769)
	==32191==    by 0x5550640: virThreadPoolWorker (virthreadpool.c:167)
	==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
	==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
	==32191==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)
	==32191==  Address 0x31893d70 is 0 bytes inside a block of size 1,100 free'd
	==32191==    at 0x4C2D1A0: free (vg_replace_malloc.c:530)
	==32191==    by 0x54BBB84: virFree (viralloc.c:582)
	==32191==    by 0x54C1936: virCgroupValidateMachineGroup (vircgroup.c:343)
	==32191==    by 0x54C4B29: virCgroupNewDetectMachine (vircgroup.c:1550)
	==32191==    by 0x2BBDDA29: qemuConnectCgroup (qemu_cgroup.c:972)
	==32191==    by 0x2BC05DA7: qemuProcessReconnect (qemu_process.c:6822)
	==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
	==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
	==32191==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)
	==32191==  Block was alloc'd at
	==32191==    at 0x4C2BE80: malloc (vg_replace_malloc.c:298)
	==32191==    by 0x4C2E35F: realloc (vg_replace_malloc.c:785)
	==32191==    by 0x54BB492: virReallocN (viralloc.c:245)
	==32191==    by 0x54BEDF2: virBufferGrow (virbuffer.c:150)
	==32191==    by 0x54BF3B9: virBufferVasprintf (virbuffer.c:408)
	==32191==    by 0x54BF324: virBufferAsprintf (virbuffer.c:381)
	==32191==    by 0x55BB271: virDomainGenerateMachineName (domain_conf.c:27078)
	==32191==    by 0x2BBD5B8F: qemuDomainGetMachineName (qemu_domain.c:9595)
	==32191==    by 0x2BBDD9B4: qemuConnectCgroup (qemu_cgroup.c:966)
	==32191==    by 0x2BC05DA7: qemuProcessReconnect (qemu_process.c:6822)
	==32191==    by 0x554FBCF: virThreadHelper (virthread.c:206)
	==32191==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)

	Moreover, make the @machinename 'const char *' to mark it
	explicitly that we are not changing the passed string.

2017-08-01  Andrea Bolognani  <abologna@redhat.com>

	news: Fix typo

2017-07-31  Michal Privoznik  <mprivozn@redhat.com>

	news: Update for 3.6.0 release
	I was volunteered to prepare the release notes.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-28  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Old and empty test case for node name detection
	Prior to qemu 2.5 the node names would not be generated, thus would be
	missing from 'query-blockstats' and 'query-named-block-nodes'. Test that
	the code correctly detects nothing.

	Additionally make sure that a VM without disks does not cause problems.

	The test case change is necessary as our test file checker does not play
	well with empty files.

2017-07-28  Peter Krempa  <pkrempa@redhat.com>

	tests: utils: Allow NULL strings to be equal to empty file in virTestCompareToFile
	Treat an NULL string equivalent to an empty string in
	virTestCompareToFile so that callers don't need to add additional logic
	in case when a test produces no output.

	tests: Run virdrivermoduletest only when WITH_LIBVIRTD is defined
	The test makes sense only when building the daemon, thus run it only in
	such case.

	tests: Run virt-aa-helper-test only when the helper was compiled
	'virt-aa-helper' is compiled when both WITH_LIBVIRTD and
	WITH_SECDRIVER_APPARMOR are defined. The test was run only when
	WITH_SECDRIVER_APPARMOR was defined thus causing a build failure when
	building without the daemon.

2017-07-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: Format comment timestamp in UTC
	I just forgot '-u' in a54c9622860a.

2017-07-28  Erik Skultety  <eskultet@redhat.com>

	nodedev: Fix double unlock of the driver on udevEnumerateDevices failure
	Commit @4cb719b2dc moved the driver locks around since these have become
	unnecessary at spots where the code handles now self-lockable object
	list, but missed the possible double unlock if udevEnumerateDevices
	fails, because at that point the driver lock had been already dropped.

2017-07-27  Pavel Hrdina  <phrdina@redhat.com>

	Revert "build: distribute tests/virfilecachedata"
	This reverts commit d3d422e00c995d50c4b78066367bfbc4f872f586.

	Already fixed by commit 5a30b817ec93543c7a6cc93b5a6091a6666e377e.

2017-07-27  Pavel Hrdina  <phrdina@redhat.com>

	build: distribute tests/virfilecachedata
	Missed by 478f0c5b8575.

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	security: apparmor: load the storage driver dynamically
	In commit 5e515b542d I've attempted to fix the inability to access
	storage from the apparmor helper program by linking with the storage
	driver. By linking with the .so the linker complains that it's not
	portable. Fix this by loading the module dynamically as we are supposed
	to do.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	make: Drop building without driver modules
	Driver modules proved to be reliable for a long time. Since support for
	not building modules complicates the code and makefiles drop it.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-27  Daniel P. Berrange  <berrange@redhat.com>

	tests: add virfilecachedata to EXTRA_DIST

2017-07-27  Pavel Hrdina  <phrdina@redhat.com>

	tests: add test case for new syntax of VNC unix path with '='

2017-07-27  Pavel Hrdina  <phrdina@redhat.com>

	qemu: properly handle '=' in the VNC socket path
	If a domain name contains a '=' and the unix socket path is
	auto-generated or socket path provided by user contains '=' QEMU
	is unable to properly parse the command line.  In order to make it
	work we need to use the new command line syntax for VNC if it's
	available, otherwise we can use the old syntax.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1352529

2017-07-27  Pavel Hrdina  <phrdina@redhat.com>

	qemu: capabilities: introduce QEMU_CAPS_VNC_MULTI_SERVERS

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Test extraction of iSCSI device node names
	Test storage was created on a rhel/centos 7 node using targetcli.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Test extraction of LUKS node names
	Test file created by:

	qemu-img create -f luks /var/lib/libvirt/images/luks 10M \
	        -o key-secret=asdf --object secret,id=asdf,format=raw,data=asdf

	Used in libvirt as:
	 <disk type='file' device='disk'>
	   <driver name='qemu' type='raw'/>
	   <source file='/var/lib/libvirt/images/luks'/>
	   <target dev='vda' bus='virtio'/>
	   <encryption format='luks'>
	     <secret type='passphrase' uuid='9b2c831a-fdb9-4c09-873c-1959580589e1'/>
	   </encryption>
	 </disk>

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Add test case for node name detection with blockjob
	qemu 2.9 returns an extra layer in the backing data if a block job is
	active. Add a test case to see whether our code properly detects and
	ignores such layer.

	The test data was prepared by creating a backing chain of qcow2 images
	(with qemu-img and with libvirt's snapshot feature).

	One of the layers was then merged back by doing a block-commit:

	virsh blockcommit VM hda --top /var/lib/libvirt/images/b

	and then a block-copy job was started and kept in synchronized phase:

	virsh blockcopy VM hda /tmp/tgt.img --transient job

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Fix 'gluster' node name detection test case
	Add the blockstats data and fix the expected output.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Fix 'relative' node name detection test case
	Add the blockstats data and fix the expected output.

	Test data was created as:

	qemu-img create -f qcow2 img0 10M
	qemu-img create -f qcow2 -o "backing_fmt=qcow2,backing_file=img0" img1
	qemu-img create -f qcow2 -o "backing_fmt=qcow2,backing_file=img1" img2
	...

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Add data and fix 'same-backing' node detection case
	With the new approach we are actually able to correctly detect node
	names for the two instances of the same backing file.

	Test images were created as:
	qemu-img create -f qcow2 /var/lib/libvirt/images/base.qcow2 10M
	qemu-img create -f qcow2 \
	   -o "backing_fmt=qcow2,backing_file=/var/lib/libvirt/images/base.qcow2 \
	   /var/lib/libvirt/images/a.qcow2
	qemu-img create -f qcow2 \
	   -o "backing_fmt=qcow2,backing_file=/var/lib/libvirt/images/base.qcow2 \
	   /var/lib/libvirt/images/b.qcow2

	and then used for two separate disks.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: store and test driver names for detected storage nodes
	Store the 'drv' field both for the storage node and for the format node
	and format them in the test case.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Simplify node name detection test
	We can now iterate the hash table and print all detected backing chains.
	This simplifies calling of the test cases.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: Extract mock library for making hash table deterministic
	virHashNew calls virRandomBits to initialize seed for the hashing
	function. If a test uses iteration through the hash table to produce
	results they may/will be non-deterministic. Extract the mock library
	which was used for mac address mapping to be universal.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: Refactor node name detection code
	Remove the complex and unreliable code which inferred the node name
	hierarchy only from data returned by 'query-named-block-nodes'. It turns
	out that query-blockstats contain the full hierarchy of nodes as
	perceived by qemu so the inference code is not necessary.

	In query blockstats, the 'parent' object corresponds to the storage
	behind a storage volume and 'backing' corresponds to the lower level of
	backing chain. Since all have node names this data can be really easily
	used to detect node names.

	In addition to the code refactoring the one remaining test case needed
	to be fixed along.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: rename 'nodebacking' to 'nodestorage' in virStorageSource
	Make it less confusing by naming the field which refers to the storage
	object as 'nodestorage'.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: Rename qemuBlockFillNodeData and move it to the top
	The same operation will become useful in other places so rename the
	function to be more generic and move it to the top so that it can be
	reused earlier in the file.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumontitorjson: temporarily disable node name detection tests
	To simplify the refactoring patches disable the tests. This will allow
	adding test data later.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: simplify path handling in testBlockNodeNameDetect
	Extract the test prefix path into a variable and reuse
	virTestLoadFileJSON to load the sample json files rather than doing it
	manually.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: utils: Add virTestLoadFileJSON helper
	This new helper loads, parses and returns a JSON file from 'abs_srcdir'
	By using variable arguments for the function, it's not necessary to
	format the path separately in the test cases.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuhelp: convert to virTestLoadFilePath
	As a sample usage of the new helper convert the calls in qemuhelptest to
	the new helper.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: utils: Add virTestLoadFilePath helper
	This new helper loads and returns a file from 'abs_srcdir'. By using
	variable arguments for the function, it's not necessary to format the
	path separately in the test cases.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: buffer: Add virBufferStrcatVArgs
	Split out the worker loop into a separate function and export it.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: utils: Don't calculate file size in virTestLoadFile
	The callers don't use it so don't waste a strlen(). Also fix the comment
	for the function.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Drop redundant data from testBlockNodeNameDetectFormat
	The node name and backing file name can be inferred from the hierarchy.
	This will also help when converting to detect node names using
	query-blockstats data.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitor: Prepare for more test data in testBlockNodeNameDetect
	Rename 'json' and related variables to 'nodeNameJson'. Also rename the
	test files along. This is a preparation for modifying how we detect node
	names which will also require data from 'query-blockstats'.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Consolidate basic node name detection test cases
	Test cases named '1' and '2' differed only in the length of the backing
	chain, so remove test case '2' and rename test '1' to 'basic'.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract call of 'query-blockstats' and add new API for it
	Allow getting the raw data from query-blockstats, so that we can use it
	to detect the backing chain later on.

	Reviewed-by: Eric Blake <eblake@redhat.com>

2017-07-26  John Ferlan  <jferlan@redhat.com>

	storage: Disallow usage of the HBA for a fc_host backing
	Disallow providing the wwnn/wwpn of the HBA in the adapter XML:

	  <adapter type='fc_host' [parent='scsi_hostN'] wwnn='HBA_wwnn'
	    wwpn='HBA_wwpn'/>

	This should be considered a configuration error since a vHBA
	would not be created. In order to use the HBA as the backing the
	following XML should be used:

	  <adapter type='scsi_host' name='scsi_hostN'/>

	So add a check prior to the checkParent call to validate that
	the provided wwnn/wwpn resolves to a vHBA and not an HBA.

2017-07-26  Martin Kletzander  <mkletzan@redhat.com>

	qemu_cgroup: Remove unnecessary virQEMUDriverPtr arguments
	Since commit 2e6ecba1bcac, the pointer to the qemu driver is saved in
	domain object's private data and hence does not have to be passed as
	yet another parameter if domain object is already one of them.

	This is a first (example) patch of this kind of clean up, others will
	hopefully follow.

2017-07-26  Martin Kletzander  <mkletzan@redhat.com>

	docs: Add build timestamps to generated html/php pages
	In order not to make the build even less reproducible, honour
	SOURCE_DATE_EPOCH environment variable as specified:

	  https://reproducible-builds.org/specs/source-date-epoch/

2017-07-26  Martin Kletzander  <mkletzan@redhat.com>

	build: Distribute tests/{qemucpumock.c,testutilshostcpus.h}
	Missed by 13554a9e7f4e.

2017-07-26  Andrea Bolognani  <abologna@redhat.com>

	tests: Prepare for stricter NIC model validation
	While using "definitely-not-virtio" as a model name is very
	cute, it will also cause the relevant test to fail once we
	introduce stricter validation.

	Use "e1000", which is definitely not virtio but also a valid
	model name, instead.

2017-07-26  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	docs: Fix typo in memory backing section

2017-07-26  John Ferlan  <jferlan@redhat.com>

	test: Use consistent variable names for network test driver APIs
	A virNetworkObjPtr will be an 'obj'.

	A virNetworkPtr will be a 'net'.

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	qemu: privatize _virQEMUCapsCachePriv struct
	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	qemu: switch QEMU capabilities to use virFileCache
	The switch contains considerable amount of changes:

	  virQEMUCapsRememberCached() is removed because this is now handled
	  by virFileCacheSave().

	  virQEMUCapsInitCached() is removed because this is now handled by
	  virFileCacheLoad().

	  virQEMUCapsNewForBinary() is split into two functions,
	  virQEMUCapsNewData() which creates new data if there is nothing
	  cached and virQEMUCapsLoadFile() which loads the cached data.
	  This is now handled by virFileCacheNewData().

	  virQEMUCapsCacheValidate() is removed because this is now handled by
	  virFileCacheValidate().

	  virQEMUCapsCacheFree() is removed because it's no longer required.

	  Add virCapsPtr into virQEMUCapsCachePriv because for each call of
	  virFileCacheLookup*() we need to use current virCapsPtr.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	qemu: pass only host arch instead of the whole virCaps
	This is a preparation for following patches where we switch to
	virFileCache for QEMU capabilities cache

	The host arch will always remain the same but virCaps may change.  Now
	the host arch is stored while creating new qemu capabilities cache.
	It removes the need to pass virCaps into virQEMUCapsCache*() functions.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	tests: rewrite host CPU mocking
	Move all the host CPU data into a separate file and rewrite qemucpumock
	to not use passed @caps.  This is preparation for following patch which
	will replace virCaps argument with virArch.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	qemu: introduce struct _virQEMUCapsCachePriv
	This will store private data that will be used by following patches
	when switching to virFileCache.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	tests: add virfilecachetest
	Implements 3 test cases that covers how the cache is used.

	We have to mock unlink() function because the caching code unlinks
	files that are no longer valid and we don't want to do it in our tests.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-26  Pavel Hrdina  <phrdina@redhat.com>

	util: introduce virFileCache
	The new virFileCache will nicely handle the caching logic for any data
	that we would like to cache.  For each type of data we will just need
	to implement few handlers that will take care of creating, validating,
	loading and saving the cached data.

	The cached data must be an instance of virObject.

	Currently we cache QEMU capabilities which will start using
	virFileCache.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-25  Pavel Hrdina  <phrdina@redhat.com>

	qemu: we prefer C89 comment styles over C99
	Introduced by commit 'a7bc2c8cfd6f'.

2017-07-25  Scott Garfinkle  <seg@us.ibm.com>

	Generate unique socket file
	It's possible to have more than one unnamed virtio-serial unix channel.
	We need to generate a unique name for each channel. Currently, we use
	".../unknown.sock" for all of them. Better practice would be to specify
	an explicit target path name; however, in the absence of that, we need
	uniqueness in the names we generate internally.

	Before the changes we'd get /var/lib/libvirt/qemu/channel/target/unknown.sock
	for each instance of
	    <channel type='unix'>
	        <source mode='bind'/>
	        <target type='virtio'/>
	    </channel>

	Now, we get vioser-00-00-01.sock, vioser-00-00-02.sock, etc.

2017-07-25  Martin Kletzander  <mkletzan@redhat.com>

	Move machineName generation from virsystemd into domain_conf
	It is more related to a domain as we might use it even when there is
	no systemd and it does not use any dbus/systemd functions.  In order
	not to use code from conf/ in util/ pass machineName in cgroups code
	as a parameter.  That also fixes a leak of machineName in the lxc
	driver and cleans up and de-duplicates some code.

	lxc: Make lxcProcessStop callable even without PID being available
	This way the function can work as a central point of clean-up code and
	we don't have to duplicate code.  And it works similarly to the qemu
	driver.

	qemu: Save qemu driver in qemuDomainObjPrivateData
	This way we can finally make it static and not use any externs anywhere.

	conf: Pass config.priv to xmlopt->privateData.alloc
	This will help us to get to some data more easily.

2017-07-25  John Ferlan  <jferlan@redhat.com>

	secret: Handle object list removal and deletion properly
	Rather than rely on virSecretObjEndAPI to make the final virObjectUnref
	after the call to virSecretObjListRemove, be more explicit by calling
	virObjectUnref and setting @obj to NULL for secretUndefine and in
	the error path of secretDefineXML. Calling EndAPI will end up calling
	Unlock on an already unlocked object which has indeteriminate results
	(usually an ignored error).

	The virSecretObjEndAPI will both Unref and Unlock the object; however,
	the virSecretObjListRemove would have already Unlock'd the object so
	calling Unlock again is incorrect. Once the virSecretObjListRemove
	is called all that's left is to Unref our interest since that's the
	corrollary to the virSecretObjListAdd which returned our ref interest
	plus references for each hash table in which the object resides. In math
	terms, after an Add there's 2 refs on the object (1 for the object and
	1 for the list). After calling Remove there's just 1 ref on the object.
	For the Add callers, calling EndAPI removes the ref for the object and
	unlocks it, but since it's in a list the other 1 remains.

2017-07-25  John Ferlan  <jferlan@redhat.com>

	secret: Fix memory leak in virSecretLoad
	If the virSecretLoadValue fails, the code jumped to cleanup without
	setting @ret = obj, thus calling virSecretObjListRemove which only
	accounts for the object reference related to adding the object to
	the list during virSecretObjListAdd, but does not account for the
	reference to the object itself as the return of @ret would be NULL
	so the caller wouldn't call virSecretObjEndAPI on the object recently
	added thus reducing the refcnt to zero.

	This patch will perform the ObjListRemove in the failure path of
	virSecretLoadValue and Unref @obj in order to perform clean up
	and return @obj as NULL. The @def will be freed as part of the
	virObjectUnref.

2017-07-25  John Ferlan  <jferlan@redhat.com>

	secret: Properly handle @def after virSecretObjAdd in driver
	Since the virSecretObjListAdd technically consumes @def on success,
	the secretDefineXML should set @def = NULL immediately and process
	the remaining calls using a new @objDef variable. We can use use
	VIR_STEAL_PTR since we know the Add function just stores @def in
	obj->def.

	Because we steal @def into @objDef, if we jump to restore_backup:
	and @backup is set, then we need to ensure the @def would be
	free'd properly, so we'll steal it back from @objDef. For the other
	condition this fixes a double free of @def if the code had jumped to
	@backup == NULL thus calling virSecretObjListRemove without setting
	@def = NULL. In this case, the subsequent call to DefFree would
	succeed and free @def; however, the call to EndAPI would also
	call DefFree because the Unref done would be the last one for
	the @obj meaning the obj->def would be used to call DefFree,
	but it's already been free'd because @def wasn't managed right
	within this error path.

2017-07-25  John Ferlan  <jferlan@redhat.com>

	secret: Remove need for local configFile and base64File in ObjectAdd
	Rather than assign to a local variable, let's just assign directly to the
	object using the error path for cleanup.

2017-07-25  Michal Privoznik  <mprivozn@redhat.com>

	Revert "virthread: Introduce virRWLockInitPreferWriter"
	This reverts commit 328bd24443d2a345a5832ee48ebba0208f8036ea.

	As it turns out, this is not portable and very Linux & glibc
	specific. Worse, this may lead to not starving writers on Linux
	but everywhere else. Revert this and if the starvation occurs
	resolve it.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-25  Andrea Bolognani  <abologna@redhat.com>

	conf: Rename virDomainControllerIsPCIHostBridge() to IsPSeriesPHB()
	The original name didn't hint at the fact that PHBs are
	a pSeries-specific concept.

	Suggested-by: Peter Krempa <pkrempa@redhat.com>

2017-07-25  Andrea Bolognani  <abologna@redhat.com>

	conf: Fix backwards migration of pSeries guests
	Recent commits made it so that pci-root controllers for
	pSeries guests are automatically assigned the
	spapr-pci-host-bridge model name; however, that prevents
	guests to migrate to older versions of libvirt which don't
	know about that model name at all, which at the moment is
	all of them :)

	To avoid the issue, just strip the model name from PHBs
	when formatting the migratable XML; guests that use more
	than one PHB are not going to be migratable anyway.

2017-07-24  John Ferlan  <jferlan@redhat.com>

	storage: Check if provided parent is vHBA capable
	https://bugzilla.redhat.com/show_bug.cgi?id=1458708

	If the parent provided for the storage pool adapter is not vHBA
	capable, then issue a configuration error even though the provided
	wwnn/wwpn were found.

	It is a configuration error to provide a mismatched parent to
	the wwnn/wwpn. The @parent is optional and is used as a means to
	perform duplicate pool source checks.

2017-07-24  John Ferlan  <jferlan@redhat.com>

	storage: Remove @conn from virNodeDeviceCreateVport
	It's no longer needed since the checkParent code moved back to
	storage_backend_scsi.c

2017-07-24  John Ferlan  <jferlan@redhat.com>

	storage: Fix existing parent check for vHBA creation
	https://bugzilla.redhat.com/show_bug.cgi?id=1472277

	Commit id '106930aaa' altered the order of checking for an existing
	vHBA (e.g something created via nodedev-create functionality outside
	of the storage pool logic) which inadvertantly broke the code to
	decide whether to alter/force the fchost->managed field to be 'yes'
	because the storage pool will be managing the created vHBA in order
	to ensure when the storage pool is destroyed that the vHBA is also
	destroyed.

	This patch moves the check (and checkParent helper) for an existing
	vHBA back into the createVport in storage_backend_scsi. It also
	adjusts the checkParent logic to more closely follow the intentions
	prior to commit id '79ab0935'. The changes made by commit id '08c0ea16f'
	are only necessary to run the virStoragePoolFCRefreshThread when
	a vHBA was really created because there's a timing lag such that
	the refreshPool call made after a startPool from storagePoolCreate*
	wouldn't necessarily find LUNs, but the thread would. For an already
	existing vHBA, using the thread is unnecessary since the vHBA already
	exists and the lag to configure the LUNs wouldn't exist.

2017-07-24  John Ferlan  <jferlan@redhat.com>

	nodedev: Remove driver locks around object list mgmt code
	Since virnodedeviceobj now has a self-lockable hash table, there's no
	need to lock the table from the driver for processing. Thus remove the
	locks from the driver for NodeDeviceObjList mgmt.

	This includes the test driver as well.

2017-07-24  John Ferlan  <jferlan@redhat.com>

	nodedev: Convert virNodeDeviceObjListPtr to use hash tables
	Rather than use a forward linked list of elements, it'll be much more
	efficient to use a hash table to reference the elements by unique name
	and to perform hash searches.

	This patch does all the heavy lifting of converting the list object to
	use a self locking list that contains the hash table. Each of the FindBy
	functions that do not involve finding the object by it's key (name) is
	converted to use virHashSearch in order to find the specific object.
	When searching for the key (name), it's possible to use virHashLookup.
	For any of the list perusal functions that are required to evaluate
	each object, the virHashForEach function is used.

2017-07-24  John Ferlan  <jferlan@redhat.com>

	nodedev: Remove @create from virNodeDeviceObjListGetParentHost
	The only callers to this function are from CreateXML paths now, so
	let's just remove the unnecessary parameter.

	nodedev: Alter node device deletion logic
	Alter the node device deletion logic to make use of the parent field
	from the obj->def rather than call virNodeDeviceObjListGetParentHost.
	As it turns out the saved @def won't have parent_wwnn/wwpn or
	parent_fabric_wwn, so the only logical path would be to call
	virNodeDeviceObjListGetParentHostByParent which we can accomplish
	directly via virNodeDeviceObjListFindByName.

2017-07-24  Michal Privoznik  <mprivozn@redhat.com>

	virdomainobjlist: Use virObjectRWLockable
	There is no reason why two threads trying to look up two domains
	should mutually exclude each other. Utilize new
	virObjectRWLockable that was just introduced.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-24  Michal Privoznik  <mprivozn@redhat.com>

	virobject: Introduce virObjectRWLockable
	Up until now we only had virObjectLockable which uses mutexes for
	mutually excluding each other in critical section. Well, this is
	not enough. Future work will require RW locks so we might as well
	have virObjectRWLockable which is introduced here.

	Moreover, polymorphism is introduced to our code for the first
	time. Yay! More specifically, virObjectLock will grab a write
	lock, virObjectLockRead will grab a read lock then (what a
	surprise right?). This has great advantage that an object can be
	made derived from virObjectRWLockable in a single line and still
	continue functioning properly (mutexes can be viewed as grabbing
	write locks only). Then just those critical sections that can
	grab a read lock need fixing. Therefore the resulting change is
	going to be way smaller.

	In order to avoid writer starvation, the object initializes RW
	lock that prefers writers.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-24  Michal Privoznik  <mprivozn@redhat.com>

	virthread: Introduce virRWLockInitPreferWriter
	We already have virRWLockInit. But this uses pthread defaults
	which prefer reader to initialize the RW lock. This may lead to
	writer starvation. Therefore we need to have the counterpart that
	prefers writers. Now, according to the
	pthread_rwlockattr_setkind_np() man page setting
	PTHREAD_RWLOCK_PREFER_WRITER_NP attribute is no-op. Therefore we
	need to use PTHREAD_RWLOCK_PREFER_WRITER_NONRECURSIVE_NP
	attribute. So much for good enum value names.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-24  Martin Kletzander  <mkletzan@redhat.com>

	testutils: Remove unneeded variable
	virDomainXMLOptionNew() gladly accepts NULL and it is used in some
	drivers.  There is no need for additional variable with no members set

2017-07-24  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu_capabilities: Fix the formatting with a space
	It was observed while adding new property that there should be a space
	before closing a curly brace in intel-iommu object property definition.
	Fixing it as a separate patch.

2017-07-24  Michal Privoznik  <mprivozn@redhat.com>

	docs: Span cells if there's not doc text for enum val
	When generating HTML documentation we put enum values into a
	table so that we can display the value's name, numerical value
	and description (if it has one). Now the last part is problem. If
	the value doesn't have description the table row has just two
	cells and if it has one the row counts three cells. This makes
	HTML engines render the description into very little space - for
	instance see:

	  html/libvirt-libvirt-domain.html#virDomainMemoryStatTags

	We can avoid this problem if we let the cell that corresponds to
	numerical value span over two cells if there's no description.

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-07-24  Michal Privoznik  <mprivozn@redhat.com>

	apibuild.py: Handle enum comments properly
	After f4cb85c6aff7c1d90 we only have two options for placing enum
	values descriptions. It's either:

	    typedef enum {
	        /* Some long description. Therefore it's placed before
	         * the value. */
	        VIR_ENUM_A_VAL = 1,
	    } virEnumA;

	or:

	    typedef enum {
	        VIR_ENUM_B_VAL = 1, /* Some short description */
	    } virEnumB;

	However, our apibuild.py script is not able to deal with the
	former one. It messes up comments. To fix this couple of things
	needs to be done:

	a) DO NOT reset self.comment in parseEnumBlock(). This is a
	result from our tokenizer. Upon calling token() if it finds a
	comment block it stores it in self.comment and returns the next
	token (which is not comment). Therefore, if we reset self.comment
	we might lose the first comment in the enum block.

	b) we need a variable to track if the current enum block uses
	value descriptions before or after values. That is if it's type
	virEnumA or virEnumB. Depending on that, it we're dealing with
	virEnumA type and the current token is a comma ',' we can add the
	value into the list as we already have everything needed:
	comment, name and value.

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-07-24  Peter Krempa  <pkrempa@redhat.com>

	virStorageNetHostDef: Turn @port into integer
	Currently, @port is type of string. Well, that's overkill and
	waste of memory. Port is always an integer. Use it as such.

2017-07-24  Peter Krempa  <pkrempa@redhat.com>

	conf: domain: Split up virDomainStorageHostParse and rename it
	Split out parsing of one host into a separate function and add a new
	function to loop through all the host XML nodes.

	This change removes multiple levels of nesting due to the old XML
	parsing approach used.

2017-07-24  Peter Krempa  <pkrempa@redhat.com>

	util: storage: fill in default ports when parsing backing chain
	Similarly to when parsing XML we need to fill in default ports for the
	backing chain. This was missed in commit 5bda835466a8050625dd8bb10566e

	qemu: command: Remove condition to use default sheepdog port
	Since we now set the default ports when parsing disks, it's not
	necessary to have default port numbers encoded in the command line
	generator.

	util: uri: Convert port number to unsigned integer
	Negative ports don't make sense so use a unsigned integer.

	qemu: command: Rename and move qemuNetworkDriveGetPort
	Move it to virstring.c and improve it to parse and validate ports. New
	name is virStringParsePort.

2017-07-22  John Ferlan  <jferlan@redhat.com>

	storage: Fix editing mistake in storagePoolSetAutostart
	Commit id '905f1024b' had a rogue editing mistake that inadvertently
	dropped a goto cleanup in storagePoolSetAutostart, but Coverity noted it.

2017-07-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu_capabilities: Honour caps values formatting
	So the way we format this huge virQEMUCaps enum is we group the
	values in groups of five. And then at the beginning of each group
	we have a small comment that says what's the number of the first
	item in the group. Well, the last commit of 11b2ebf3e152 does not
	follow this formatting.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	storage: Alter volume num, name, and export API's to just take obj
	Alter the virStoragePoolObjNumOfVolumes, virStoragePoolObjVolumeGetNames,
	and virStoragePoolObjVolumeListExport APIs to take a virStoragePoolObjPtr
	instead of the &obj->volumes and obj->def.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	storage: Use consistent variable names for driver
	A virStoragePoolObjPtr will be an 'obj'.

	A virStoragePoolPtr will be a 'pool'.

	A virStorageVolPtr will be a 'vol'.

	A virStorageVolDefPtr will be a 'voldef'.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	storage: Use consistent variable names in virstorageobj
	A virStoragePoolObjPtr will be an 'obj'.

	Also modify the @matchpool to @matchobj.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	storage: Fix return value checks for virAsprintf
	Use the < 0 rather than == -1 (consistently) for virAsprintf errors.

	test: Add testStorageVolDefFindByName for storage volume tests
	Remove repetitive code, replace with common function.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	test: Add helpers to fetch active/inactive storage pool by name
	Rather than have repetitive code - create/use a couple of helpers:

	    testStoragePoolObjFindActiveByName
	    testStoragePoolObjFindInactiveByName

	This will also allow for the reduction of some cleanup path logic.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	test: Cleanup exit/failure paths of some storage pool APIs
	Rework some of the test driver API's to remove the need to return
	failure when testStoragePoolObjFindByName returns NULL rather than
	going to cleanup. This removes the need for check for "if (obj)" and in
	some instances the need to for a cleanup label and a local ret variable.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	test: Use consistent variable names for storage test driver APIs
	A virStoragePoolObjPtr will be an 'obj'.

	A virStoragePoolPtr will be a 'pool'.

2017-07-21  John Ferlan  <jferlan@redhat.com>

	test: Fix up formatting in storage test API's
	Fix some spacing/formatting in the storage pool/vol test driver code.

2017-07-21  dann frazier  <dann.frazier@canonical.com>

	virt-aa-helper-test: Add test for aarch32 UEFI image path

	qemu: Add AAVMF32 to the list of known UEFIs
	Add a path for UEFI VMs for AArch32 VMs, based on the path Debian is using.
	libvirt is the de facto canonical location for defining where distros
	should place these firmware images, so let's define this path here to try
	and minimize distro fragmentation.

2017-07-21  Andrea Bolognani  <abologna@redhat.com>

	qemu: Remove duplicated code in qemuBuildSerialChrDeviceStr()
	The call to qemuBuildDeviceAddressStr() happens no matter
	what, so we can move it to the outer possible scope inside
	the function.

	We can also move the call to virBufferAsprintf() after all
	the checks have been performed, where it makes more sense.

2017-07-21  Andrea Bolognani  <abologna@redhat.com>

	conf: Move some virDomainDeviceInfo functions
	The virDomainDeviceInfo struct is defined in device_conf,
	so generic functions that operate on it should also be
	defined there rather than in domain_conf.

	conf: Clean up virDomainHostdevDefNew()
	Follow the same style as other similar functions.

	conf: Rename virDomainHostdevDefAlloc() to virDomainHostdevDefNew()
	All other virDomain*Def follow this naming convention for
	their allocation function.

2017-07-21  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: Enable NUMA node tag in pci-root for PPC64
	This patch addresses the same aspects on PPC the bug 1103314 addressed
	on x86.

	PCI expander bus creates multiple primary PCI busses, where each of these
	busses can be assigned a specific NUMA affinity, which, on x86 is
	advertised through ACPI on a per-bus basis.

	For SPAPR, a PHB's NUMA affinities are assigned on a per-PHB basis, and
	there is no mechanism for advertising NUMA affinities to a guest on a
	per-bus basis. So, even if qemu-ppc manages to get some sort of multi-bus
	topology working using PXB, there is no way to expose the affinities
	of these busses to the guest. It can only be exposed on a per-PHB/per-domain
	basis.

	So patch enables NUMA node tag in pci-root controller on PPC.

	The way to set the NUMA node is through the numa_node option of
	spapr-pci-host-bridge device. However for the implicit PHB, the only way
	to set the numa_node is from the -global option. The -global option applies
	to all the PHBs unless explicitly specified with the option on the
	respective PHB of CLI. The default PHB has the emulated devices only, so
	the patch prevents setting the NUMA node for the default PHB.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-21  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: capabilitity: Introduce QEMU_CAPS_SPAPR_PCI_HOST_BRIDGE_NUMA_NODE
	The patch adds a capability for spapr-pci-host-bridge.numa_node.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-21  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	Add capabilities for qemu-2.9.0 ppc64
	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-21  Andrea Bolognani  <abologna@redhat.com>

	qemu: Clean up firmware list initialization
	Instead of going through two completely different code paths,
	one of which repeats the same hardcoded bit of information
	three times in rapid succession, depending on whether or not
	a firmware list has been provided at configure time, just
	provide a reasonable default value and remove the extra code.

2017-07-21  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-domain.h: Fix enum description placement
	There are only two acceptable places for describing enum values.
	It's either:

	    typedef enum {
	        /* Some long description. Therefore it's placed before
	         * the value. */
	        VIR_ENUM_A_VAL = 1,
	    } virEnumA;

	or:

	    typedef enum {
	        VIR_ENUM_B_VAL = 1, /* Some short description */
	    } virEnumB;

	However, during review of a patch sent upstream I realized that
	is not always the case. I went through all the public header
	files and identified all the offenders. Luckily there were just
	two of them.

	Yes, this makes our HTML generated documentation broken, but
	that's bug of the generator. Our header files shouldn't be forced
	to use something we don't want to.

2017-07-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Don't put memoryless NUMA nodes into autoNodeset
	'numad' may return a nodeset which contains NUMA nodes without memory
	for certain configurations. Since cgroups code will not be happy using
	nodes without memory we need to store only numa nodes with memory in
	autoNodeset.

	On the other hand autoCpuset should contain cpus also for nodes which
	do not have any memory.

2017-07-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Extract gathering of 'numad' placement into a function
	Remove the code from qemuProcessPrepareDomain so that it won't get even
	more bloated.

	qemu: domain: Store and restore autoCpuset to status XML
	Decouple them by storing them in the XML separately rather than
	regenerating them. This will simplify upcoming fixes.

	qemu: domain: Extract parsing and formatting of priv->autoNodeset
	Move the code to separate functions to avoid complicating the existing
	ones with changes.

	util: bitmap: Modify virBitmapSubtract to virBitmapIntersect
	Since virBitmapSubtract is unused modify it to perform bitmap
	intersection.

2017-07-20  John Ferlan  <jferlan@redhat.com>

	tests: Free @fakerootdir in error path
	Commit id 'dd9b29dad' added this new variable, but didn't free it in
	one instance where status was returned to the caller.

	Found by Coverity

2017-07-20  John Ferlan  <jferlan@redhat.com>

	daemon: Don't conditionally free @origErr in daemonStreamEvent
	Commit id '0fe4aa149' added @origErr, but since it's assigned outside
	the if condition, the free should be outside as well.

	Found by Coverity

2017-07-20  Antoine Millet  <antoine.millet@tdf.fr>

	Handle hotplug change on VLAN configuration using OVS
	A new function virNetDevOpenvswitchUpdateVlan has been created to instruct
	OVS of the changes. qemuDomainChangeNet has been modified to handle the
	update of the VLAN configuration for a running guest and rely on
	virNetDevOpenvswitchUpdateVlan to do the actual update if needed.

	virnetdevopenvswitch: Move OVS VLAN configuration to a separate function
	This piece of code is going to be reused. So move it out to a
	separate function.

2017-07-20  Cole Robinson  <crobinso@redhat.com>

	security: Don't overwrite error of GetProcessLabel
	Security impls of this function already raise errors, don't
	overwrite them.

2017-07-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu: separate virQEMUCapsInitCached out of virQEMUCapsNewForBinaryInternal
	Preparation for switching to virFileCache where there are two callbacks,
	one to get a new data and second one to load a cached data.

	This also removes virQEMUCapsReset which is no longer required.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu: don't pass qemuctime into virQEMUCapsIsValid
	It's not required and following patches will change the code.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu: move libvirt ctime and version check into virQEMUCapsIsValid
	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

	qemu: move virQEMUCapsIsValid before its usage and make it static
	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu: move libvirt ctime and version into _virQEMUCaps struct
	Cleanups the code a little bit and reduces amount of arguments passed
	throughout the functions.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-20  Pavel Hrdina  <phrdina@redhat.com>

	util/virhash: add name parameter to virHashSearch
	While searching for an element using a function it may be
	desirable to know the element key for future operation.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2017-07-20  Chen Hanxiao  <chenhanxiao@gmail.com>

	include: nodedev: Fix a misleading comment about the used callback
	Actually we use virConnectNodeDeviceEventGenericCallback.

2017-07-20  Hao Peng  <peng.hao2@zte.com.cn>

	qemu: shared disks with cache=directsync should be safe for migration
	At present shared disks can be migrated with either readonly or cache=none. But
	cache=directsync should be safe for migration, because both cache=directsync and cache=none
	don't use the host page cache, and cache=direct write through qemu block layer cache.

	Reviewed-by: Wang Yechao <wang.yechao255@zte.com.cn>

2017-07-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Refactor logic checking the target storage file
	Use virStorageSource accessors to check the file and call
	virStorageFileAccess before even attempting to stat the target. This
	will be helpful once we try to add network destinations for block copy,
	since there will be no need to stat them.

	qemu: blockcopy: Split out checking of the target image file
	Move the code into a separate function so that the flow of creating the
	copy is more obvious and split into logical pieces.

	qemu: blockcopy: reuse storage driver APIs to pre-create copy target
	Rather than using the local-file only implementation 'qemuOpenFile'
	switch to the imagelabel aware storage driver implementation.

2017-07-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Explicitly assert 'reuse' for block devices
	When copying to a block device, the block device will already exist. To
	allow users using a block device without any preparation, they need to
	use the block copy without VIR_DOMAIN_BLOCK_COPY_REUSE_EXT.

	This means that if the target is an existing block device we don't need
	to prepare it, but we can't reject it as being existing.

	To avoid breaking this feature, explicitly assume that existing block
	devices will be reused even without that flag explicitly specified,
	while skipping attempts to create it.

	qemuMonitorDriveMirror still needs to honor the flag as specified by the
	user, since qemu overwrites the metadata otherwise.

2017-07-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Split out access to VIR_DOMAIN_BLOCK_COPY_REUSE_EXT
	Extract the presence of the flag into a boolean to simplify conditions
	and allow further manipulation of the state of the flag.

2017-07-20  Chen Hanxiao  <chenhanxiao@gmail.com>

	LXC: set the right var to NULL
	   For attaching hosdev, we should set dev->data.hostdev
	   rather than dev->data.disk

2017-07-19  Neal Gompa  <ngompa13@gmail.com>

	spec: Add support for building the zfs storage driver
	Where it can be supported in Fedora, the driver is built and made
	available as a subpackage.

2017-07-19  Peter Krempa  <pkrempa@redhat.com>

	tests: virjson: Test nesting of JSON string into a JSON (string) property
	Test that we are able to create a JSON object and nest it into a string
	property of a JSON object and then correctly extract and parse it back.

	tests: virjson: Test parsing and formatting of strings with escaped chars
	Make sure that JSON strings can contain characters which need to be
	escaped (double quotes, backslashes, tabs, etc.).

2017-07-19  ZhiPeng Lu  <lu.zhipeng@zte.com.cn>

	phyp: Fix memory leak in phypUUIDTable_Push
	@remote_file, allocated by virAsprintf, was not freed and leaked.

	mpath: Fix memory leak in virStorageBackendCreateVols
	@map_device, allocated by virAsprintf in virStorageBackendCreateVols,
	was not freed and leaked.

2017-07-19  Peter Krempa  <pkrempa@redhat.com>

	tests: virjson: Test formatting along with parsing of JSON objects
	Format the parsed string back and compare it to the original (or
	modified) string for back and forth comparison.

2017-07-19  Peter Krempa  <pkrempa@redhat.com>

	tests: virjson: Remove spaces from 'very-hard' parsing example
	The example is rather long and upcomming patch will check whether the
	string can be formatted back. As the formatted string lacks spaces and
	adding the 'expect' string with spaces would be rather long, just drop
	spaces from this test case.

	There are other test cases which do contain spaces.

2017-07-19  Peter Krempa  <pkrempa@redhat.com>

	tests: virjson: Modify logic in testJSONFromString
	To allow better testing in case where the string was parsed, modify the
	logic so that the regular code path is not included in a conditional
	block.

2017-07-19  Ján Tomko  <jtomko@redhat.com>

	test/Makefile.am: drop WARN_CFLAGS from LDFLAGS
	Introduced by commit 0832c58, with the intention to link with
	the stack protector library.

	Another instance introduced by commit 4cbc15d which separated
	commandhelper_LDADD from LDADDS.

	Not needed because per commit 71b54636, automake should pass
	all the CFLAGS to the linker.

2017-07-19  Wang King  <king.wang@huawei.com>

	qemu: avoid deadlock on domain object enter monitor fail
	Should be followed with qemuDomainObjExitMonitor only if
	qemuDomainObjEnterMonitorAsync returns 0.

2017-07-19  Peter Krempa  <pkrempa@redhat.com>

	security: apparmor: Properly link with storage driver in helper program
	The refactor to split up storage driver into modules broke the apparmor
	helper program, since that did not initialize the storage driver
	properly and thus detection of the backing chain could not work.

	Register the storage driver backends explicitly. Unfortunately it's now
	necessary to link with the full storage driver to satisfy dependencies
	of the loadable modules.

	Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
	Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
	Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

2017-07-19  Michal Privoznik  <mprivozn@redhat.com>

	virFileInData: Report an error if unable to reposition file
	The purpose of this function is to tell if the current position
	in given FD is in data section or a hole and how much bytes there
	is remaining until the end of the section. This is achieved by
	couple of lseeks(). The most important part is that we reposition
	the FD back, so that the position is unchanged from the caller
	POV. And until now the final lseek() back to the original
	position was done with no check for errors. And I was convinced
	that that's okay since nothing can go wrong. However, review
	feedback from a related series persuaded me, that it's better to
	be safe than sorry. Therefore, lets check if the final lseek()
	succeeded and if it doesn't report an error.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-18  Jim Fehlig  <jfehlig@suse.com>

	docs: schema: make disk driver name attribute optional
	/domain/devices/disk/driver/@name is not a required or mandatory
	attribute according to formatdomain, and indeed it was agreed on
	IRC that the attribute is "optional for input, recommended (but
	not required) for output". Currently the schema requires the
	attribute, causing virt-xml-validate to fail on disk config where
	the driver name is not explicitly specified. E.g.

	# cat test.xml | grep -A 5 cdrom
	    <disk type='file' device='cdrom'>
	      <driver type='raw'/>
	      <target dev='hdb' bus='ide'/>
	      <readonly/>
	      <address type='drive' controller='0' bus='0' target='0' unit='1'/>
	    </disk>

	# virt-xml-validate test.xml
	Relax-NG validity error : Extra element devices in interleave
	test.xml:21: element devices: Relax-NG validity error : Element domain failed to validate content
	test.xml fails to validate

	Relaxing the name attribute to be optional fixes the validation

	# virt-xml-validate test.xml
	test.xml validates

2017-07-18  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Adapt to tvb_new_subset() rename
	In Wireshark commit of 7cd6906056922e4b8 (contained in v2.4.0)
	the tvb_new_subset() function was renamed to
	tvb_new_subset_length_caplen(). However, we can take the extra
	step and rename to tvb_new_subset_remaining() directly (see
	Wireshark commit 0ecfc7280cf3d7). The reasoning is that there is
	no other protocol in the packet than libvirt. Therefore, from the
	point that libvirt dissector takes over till the end of the
	packet it's all libvirt packet.

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-07-18  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	tests: enable qemu 2.9 capabilities test for s390
	Adjust qemu 2.9 s390 capabilites xml and enable qemu capabilities test.

2017-07-18  John Ferlan  <jferlan@redhat.com>

	nodedev: Fix call to virNodeDeviceObjListFree in nodeStateReload
	Commit id '9c5d98fd8' missed changing this call to use driver->devs
	rather than @driver->devs.

2017-07-18  Andrea Bolognani  <abologna@redhat.com>

	news: Update for hostdev isolation
	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-18  Andrea Bolognani  <abologna@redhat.com>

	qemu: Isolate hostdevs on pSeries guests
	All the pieces are now in place, so we can finally start
	using isolation groups to achieve our initial goal, which is
	separating hostdevs from emulated PCI devices while keeping
	hostdevs that belong to the same host IOMMU group together.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1280542

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-18  Andrea Bolognani  <abologna@redhat.com>

	conf: Implement isolation rules
	These rules will make it possible for libvirt to
	automatically assign PCI addresses in a way that
	respects any isolation constraints devices might
	have.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-18  Andrea Bolognani  <abologna@redhat.com>

	conf: Introduce isolation groups
	Isolation groups will eventually allow us to make sure certain
	devices, eg. PCI hostdevs, are assigned to guest PCI buses in
	a way that guarantees improved isolation, error detection and
	recovery for machine types and hypervisors that support it,
	eg. pSeries guest on QEMU.

	This patch merely defines storage for the new information
	we're going to need later on and makes sure it is passed from
	the hypervisor driver (QEMU / bhyve) down to the generic PCI
	address allocation code.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Convert virNodeDeviceObj to use virObjectLockable
	Now that we have a bit more control, let's convert our object into
	a lockable object and let that magic handle the create and lock/unlock.

	This also involves creating a virNodeDeviceEndAPI in order to handle
	the object cleanup for API's that use the Add or Find API's in order
	to get a locked/reffed object. The EndAPI will unlock and unref the
	object returning NULL to indicate to the caller to not use the obj.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Privatize _virNodeDeviceObj and _virNodeDeviceObjList
	Move the structures to withing virnodedeviceobj.c

	Move the typedefs from node_device_conf to virnodedeviceobj.h

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Introduce virNodeDeviceObjListFindSCSIHostByWWNs
	In an overall effort to privatize access to virNodeDeviceObj and
	virNodeDeviceObjList into the virnodedeviceobj module, move the
	object list parsing from node_device_driver and replace with a
	call to a virnodedeviceobj helper. This follows other similar
	APIs/helpers which peruse the object list looking for some specific
	data in order to get/return an @device (virNodeDevice) object to
	the caller.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Introduce virNodeDeviceGetSCSIHostCaps
	We're about to move the call to nodeDeviceSysfsGetSCSIHostCaps from
	node_device_driver into virnodedeviceobj, so move the guts of the code
	from the driver specific node_device_linux_sysfs into its own API
	since virnodedeviceobj cannot callback into the driver.

	Nothing in the code deals with sysfs anyway, as that's hidden by the
	various virSCSIHost* and virVHBA* utility function calls.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Dereference the obj/def in virNodeDeviceObjListFind* APIs
	Create local @obj and @def for the API's rather than referencing the
	devs->objs[i][->def->].  It'll make future patches easier to read.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Alter node device obj list function names
	Ensure that any function that walks the node device object list is prefixed
	by virNodeDeviceObjList.

	Also, modify the @filter param name for virNodeDeviceObjListExport to
	be @aclfilter.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Introduce virNodeDeviceObjListNew
	In preparation to make things private, make the ->devs be pointers to a
	virNodeDeviceObjList and then manage everything inside virnodedeviceobj

	nodedev: Introduce virNodeDeviceObjNew
	Create an allocator for the virNodeDeviceObjPtr - include setting up
	the mutex, saving the virNodeDeviceDefPtr, and locking the return object.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Use consistent names for driver variables
	A virNodeDeviceObjPtr is an @obj

	A virNodeDeviceObjListPtr is a @devs

	A virNodeDevicePtr is a @device

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Use common naming for virnodedeviceobj
	A virNodeDeviceObjPtr is an @obj

	A virNodeDeviceObjListPtr is an @devs

2017-07-17  John Ferlan  <jferlan@redhat.com>

	test: Adjust cleanup/error paths for nodedev test APIs
	 - In testDestroyVport rather than use a cleanup label, just return -1
	   immediately since nothing else is needed.

	 - In testStoragePoolDestroy, if !privpool, then just return -1 since
	   nothing else will happen anyway.

	 - Rather than "goto cleanup;" on failure to virNodeDeviceObjFindByName
	   an @obj, just return directly.  This then allows the cleanup: label code
	   to not have to check "if (obj)" before calling virNodeDeviceObjUnlock.
	   This also simplifies some exit logic...

	 - In testNodeDeviceObjFindByName use an error: label to handle the failure
	   and don't do the ncaps++ within the VIR_STRDUP() source target index.
	   Only increment ncaps after success. Easier on eyes at error label too.

	 - In testNodeDeviceDestroy use "cleanup" rather than "out" for the goto

2017-07-17  John Ferlan  <jferlan@redhat.com>

	nodedev: Alter virNodeDeviceObjRemove
	Rather than passing the object to be removed by reference, pass by value
	and then let the caller decide whether or not the object should be free'd
	and how to handle the logic afterwards. This includes free'ing the object
	and/or setting the local variable to NULL to prevent subsequent unexpected
	usage (via something like virNodeDeviceObjRemove in testNodeDeviceDestroy).

	For now this function will just handle the remove of the object from the
	list for which it was placed during virNodeDeviceObjAssignDef.

	This essentially reverts logic from commit id '61148074' that free'd the
	device entry on list, set *dev = NULL and returned. Thus fixing a bug in
	node_device_hal.c/dev_refresh() which would never call dev_create(udi)
	since @dev would have been set to NULL.

2017-07-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Use the proper string in qemuBlock...JSONSocketAddress()
	Recent refactors made it so that the function may use uninitialized
	pointer, but it actually wanted to use a different variable and value
	at all.

2017-07-17  John Ferlan  <jferlan@redhat.com>

	Revert "nwfilter: Move save of config until after successful assign"
	This reverts commit b3e71a8830b2683ee88fa10cb048eabb99a446c0.

	As it turns out this ends up very badly as the @def could be Free'd
	even though it's owned by @obj as a result of the AssignDef.

2017-07-16  ZhiPeng Lu  <lu.zhipeng@zte.com.cn>

	virpcimock: Fix memory leak in pci_driver_new
	driverpath, allocated by virAsprintfQuiet, was not freed and leaked.

2017-07-16  John Ferlan  <jferlan@redhat.com>

	nwfilter: Introduce virNWFilterObjListFindInstantiateFilter
	Create a common API to handle the instantiation path filter lookup.

	nwfilter: Rename _virNWFilterInstantiateFilter
	New API will be virNWFilterInstantiateFilterInternal as it's called from
	the virNWFilterInstantiateFilter and virNWFilterUpdateInstantiateFilter.

	nwfilter: Rename __virNWFilterInstantiateFilter
	Rename to virNWFilterInstantiateFilterUpdate and alter the callers to not
	have one parameter per line.

2017-07-16  John Ferlan  <jferlan@redhat.com>

	nwfilter: Rename virNWFilterInstantiate
	Rename to virNWFilterDoInstantiate to better describe the action.

	Also fix the @vmuuid parameter to not have the ATTRIBUTE_UNUSED since it
	is used in the call to virNWFilterDHCPSnoopReq.

2017-07-16  John Ferlan  <jferlan@redhat.com>

	nwfilter: Consistently name virNWFilterPtr in driver
	Use @nwfilter always for the name

	nwfilter: Clean up a couple nwfilter_driver error paths
	No need to goto cleanup and check "if (obj)" if we know (obj) isn't there,
	so just return immediately.

2017-07-15  John Ferlan  <jferlan@redhat.com>

	nwfilter: Remove need for virNWFilterSaveXML
	Merge code into virNWFilterSaveConfig

	nwfilter: Fix return value comparison for virNWFilterTriggerVMFilterRebuild
	Should compare < 0 to be correct.

2017-07-15  Cole Robinson  <crobinso@redhat.com>

	docs: formatdomain: Tweak disk discard= docs
	Change from

	  'controls whether to discard ... requests are ignored'

	to

	  'controls whether discard requests ... are ignored'

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	news: Update for multiple PHBs
	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use PHBs when extending the guest PCI topology
	When looking for slots suitable for a PCI device, libvirt
	might need to add an extra PCI controller: for pSeries guests,
	we want that extra controller to be a PHB (pci-root) rather
	than a PCI bridge.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use PHBs to fill holes in PCI bus numbering
	PCI bus has to be numbered sequentially, and no index can be
	missing, so libvirt will fill in the blanks automatically for
	the user.

	Up until now, it has done so using either pci-bridge, for machine
	types based on legacy PCI, or pcie-root-port, for machine types
	based on PCI Express. Neither choice is good for pSeries guests,
	where PHBs (pci-root) should be used instead.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	tests: Add baseline tests for automatic PHB usage
	These tests demonstrate that, while it's now possible for the
	user to create PHB explicitly and manually assign devices to
	them, libvirt still defaults to extending the guest PCI
	topology using PCI bridges and making suboptimal device
	placement choices.

	The next few commits will improve on these behaviors and the
	tests outputs will automatically be updated to reflect this.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	tests: Add tests for pSeries guests with multiple PHBs
	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: Take all PHBs into account while calculating memlock limits
	Now that the multi-phb support series is in, work on the TODO at
	qemuDomainGetMemLockLimitBytes() to arrive at the correct memlock limit
	value.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Format additional PHBs on the command line
	Additional PHBs (pci-root controllers) will be created for
	the guest using the spapr-pci-host-bridge QEMU device, if
	available; the implicit default PHB, while present in the
	guest configuration, will be skipped.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1431193

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Deal with PHB naming conventions
	Usually, a controller with alias 'x' will create a bus with the
	same name; however, the bus created by a PHBs with alias 'x' will
	be named 'x.0' instead, so we need to account for that.

	As an exception to the exception, the implicit PHB that's added
	automatically to every pSeries guest creates the 'pci.0' bus.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Introduce QEMU_CAPS_DEVICE_SPAPR_PCI_HOST_BRIDGE
	This new capability can be used to detect whether a QEMU
	binary supports the spapr-pci-host-bridge controller.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Automatically pick target index and model for pci-root controllers
	pSeries guests will soon need the new information; luckily,
	we can figure it out automatically most of the time, so
	users won't have to worry about it.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Parse and format <target index='...'/>
	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Add 'spapr-pci-host-bridge' controller model
	Adding it to the virDomainControllerPCIModelName enumeration
	is enough for existing code to handle it, so parsing and
	formatting will work without further tweaking.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Relax pci-root index requirement for pSeries guests
	pSeries guests will soon be allowed to have multiple
	PHBs (pci-root controllers), meaning the current check
	on the controller index no longer applies to them.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Move index number checking to drivers
	pSeries guests will soon be allowed to have multiple
	PHBs (pci-root controllers), which of course means that
	all but one of them will have a non-zero index; hence,
	we'll need to relax the current check.

	However, right now the check is performed in the conf
	module, which is generic rather than tied to the QEMU
	driver, and where we don't have information such as the
	guest machine type available.

	To make this change of behavior possible down the line,
	we need to move the check from the XML parser to the
	drivers. Luckily, only QEMU and bhyve are using PCI
	controllers, so this doesn't result in much duplication.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Tweak index number checking
	Moving the check and rewriting it this way doesn't alter
	the current behavior, but will allow us to special-case
	pci-root down the line.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Allow qemuBuildControllerDevStr() to return NULL
	We will soon need to be able to return a NULL pointer
	without the caller considering that an error: to make
	it possible, change the return type to int and use
	an out parameter for the string instead.

	Add some documentation for the function as well.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Simplify slot allocation
	The current algorithm for slot allocation tries to be clever
	and avoid looking at buses / slots more than once unless it's
	necessary. Unfortunately that makes the code more complex,
	and it will cause problem later on in some situations unless
	even more complex code is added.

	Since the performance gains are going to be pretty modest
	anyway, we can just get rid of the extra complexity and use a
	completely  straighforward implementation instead.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	tests: Mock IOMMU groups
	Later on we're going to need access to information about IOMMU
	groups for host devices. Implement the support in virpcimock,
	and start using that mock library in a few QEMU test cases.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	tests: Update qemumemlock data
	Use 0001:01:00.0 instead of 0000:04:02.0 as the source address
	for the host device. This doesn't change anything at the moment,
	but it will make a difference later on.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	qemu: Clean up qemuDomainAttachHostPCIDevice()
	We use hostdev->info frequently enough that having
	a shorter name for it makes the code more readable.
	We will also be adding even more uses later on.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Tweak virDomainPCIAddressGetNextAddr() signature
	Move @function after @flags to match other functions in the
	same module like virDomainPCIAddressReserveNextAddr().

	Also move virDomainPCIAddressReserveNextAddr() closer to
	virDomainPCIAddressReserveAddr() in the header file.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Make virDomainPCIAddressFlagsCompatible() private
	There are no external users.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Make virDomainPCIAddressSetGrow() private
	There are no external users.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Move virDomainPCIAddressBusIsFullyReserved()
	This function was private to the QEMU driver and was,
	accordingly, called qemuDomainPCIBusFullyReserved().

	However the function is really not QEMU-specific at
	all, so it makes sense to move it closer to the
	virDomainPCIAddressBus struct it operates on.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  Andrea Bolognani  <abologna@redhat.com>

	conf: Remove obsolete comment
	The virDomainDeviceInfoIsSet() function no longer exists.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-07-15  John Ferlan  <jferlan@redhat.com>

	network: Perform some formatting cleanup in bridge_driver
	Modify code to have two spaces between functions, follow function more
	recent function formatting w/r/t args per line and function return type
	and name on separate lines.

	test: Fix up formatting in network test API's
	Fix some spacing/formatting in the network test driver code.

2017-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: rename and refactor qemuBuildGlusterDriveJSON
	New name is qemuBlockStorageSourceGetGlusterProps and also hardcode the
	protocol name rather than calling the ToString function, since this
	function can't be made universal.

2017-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: refactor and rename qemuBuildGlusterDriveJSONHosts
	New name is qemuBlockStorageSourceBuildHostsJSONSocketAddress since it
	formats the JSON object in accordance with qemu's SocketAddress type.

	Since the new naming in qemu uses 'inet' instead of 'tcp' add a
	compatibility layer for gluster which uses the old name.

2017-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: Refactor and rename qemuGetDriveSourceProps
	Rename it to qemuBlockStorageSourceGetBackendProps and refactor it to
	return the JSON object instead of filling a pointer since now it's
	always expected to return data.

	qemu: Move qemuGetDriveSourceProps to qemu_block
	Pure code movement except for the tweaks necessary for cross-usage.

	qemu: command: Call qemuGetDriveSourceProps only if necessary
	Add logic which will call qemuGetDriveSourceProps only in cases where we
	need the JSON representation. This will allow qemuGetDriveSourceProps to
	generate the JSON representation for all possible disk sources.

	qemu: command: Remove default port numbers for NBD and GLUSTER
	The command line generators for the protocols above hardcoded a default
	port number. Since we now always assign it when parsing the source
	definition, this ad-hoc code is not required any more.

2017-07-14  Peter Krempa  <pkrempa@redhat.com>

	conf: Pre-fill default ports when parsing network disk sources
	Fill them in right away rather than having to figure out at runtime
	whether they are necessary or not.

	virStorageSourceNetworkDefaultPort does not need to be exported any
	more.

2017-07-14  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fill in default ports for gluster and iscsi
	Our documentation provides them, so the helper should return them.

	util: Extract helper to retrieve default port for network protocol
	Make the stuff hardcoded in qemu a global helper so that other parts of
	the code can determine the default port too.

	qemu: command: Set port number only for TCP transport
	Setting port number for protocols using UNIX transport does not make
	sense. Move the setter code to the appropriate block.

2017-07-14  John Ferlan  <jferlan@redhat.com>

	secret: Rename variable in virSecretObjListAdd
	Rename @def to @objdef - it'll make future patches easier.

	secret: Alter FindByUUID to expect the formatted uuidstr
	Since we're storing a virUUIDFormat'd string in our Hash Table, let's
	modify the Lookup API to receive a formatted string as well.

	secret: Whitespace modification for secret_driver
	Ensure two empty lines between functions.

2017-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Revert "Prevent more compiler optimization of mockable functions"
	This reverts commit e4b980c853d2114b25fa805a84ea288384416221.

	When a binary links against a .a archive (as opposed to a shared library),
	any symbols which are marked as 'weak' get silently dropped. As a result
	when the binary later runs, those 'weak' functions have an address of
	0x0 and thus crash when run.

	This happened with virtlogd and virtlockd because they don't link to
	libvirt.so, but instead just libvirt_util.a and libvirt_rpc.a. The
	virRandomBits symbols was weak and so left out of the virtlogd &
	virtlockd binaries, despite being required by virHashTable functions.

	Various other binaries like libvirt_lxc, libvirt_iohelper, etc also
	link directly to .a files instead of libvirt.so, so are potentially
	at risk of dropping symbols leading to a later runtime crash.

	This is normal linker behaviour because a weak symbol is not treated
	as undefined, so nothing forces it to be pulled in from the .a You
	have to force the linker to pull in weak symbols using -u$SYMNAME
	which is not a practical approach.

	This risk is silent bad linkage that affects runtime behaviour is
	not acceptable for a fix that was merely trying to fix the test
	suite. So stop using __weak__ again.

2017-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Revert "internal: don't use weak symbols for Win32 platform"
	This reverts commit b9473d8b11d79c8990dcbba13bbf7d4051288a1e.

2017-07-13  Martin Kletzander  <mkletzan@redhat.com>

	util: Don't leak linksrc in vircgroup

2017-07-13  Daniel P. Berrange  <berrange@redhat.com>

	tests: add virjsondata to EXTRA_DIST

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update host-model CPUs on reconnect
	When libvirt starts a new QEMU domain, it replaces host-model CPUs with
	the appropriate custom CPU definition. However, when reconnecting to a
	domain started by older libvirt (< 2.3), the domain would still have a
	host-model CPU in its active definition.

	https://bugzilla.redhat.com/show_bug.cgi?id=1463957

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Move qemuProcessReconnect to the end of qemu_process.c
	qemuProcessReconnect will need to call additional functions which were
	originally defined further in qemu_process.c.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Export virQEMUCapsGuestIsNative
	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add qemuProcessUpdateLiveGuestCPU
	Separated from qemuProcessUpdateAndVerifyCPU to handle updating of an
	active guest CPU definition according to live data from QEMU.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rename qemuProcessUpdateLiveGuestCPU
	In addition to updating a guest CPU definition the function verifies
	that all required features are provided to the guest. Let's make it
	obvious by calling it qemuProcessUpdateAndVerifyCPU.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add qemuProcessVerifyCPU
	Separated from qemuProcessUpdateLiveGuestCPU. The function makes sure
	a guest CPU provides all features required by a domain definition.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add qemuProcessFetchGuestCPU
	Separated from qemuProcessUpdateLiveGuestCPU. Its purpose is to fetch
	guest CPU data from a running QEMU process. The data can later be used
	to verify and update the active guest CPU definition.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Properly disable unknown CPU features
	CPU features unknown to a hypervisor will not be present in dataDisabled
	even though the features won't naturally be enabled because.
	Thus any features we asked for which are not in dataEnabled should be
	considered disabled.

2017-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't update CPU when checking ABI stability
	When checking ABI stability between two domain definitions, we first
	make migratable copies of them. However, we also asked for the guest CPU
	to be updated, even though the updated CPU is supposed to be already
	included in the original definitions. Moreover, if we do this on the
	destination host during migration, we're potentially updating the
	definition with according to an incompatible host CPU.

	While updating the CPU when checking ABI stability doesn't make any
	sense, it actually just worked because updating the CPU doesn't do
	anything for custom CPUs (only host-model CPUs are affected) and we
	updated both definitions in the same way.

	Less then a year ago commit v2.3.0-rc1~42 stopped updating the CPU in
	the definition we got internally and only the user supplied definition
	was updated. However, the same commit started updating host-model CPUs
	to custom CPUs which are not affected by the request to update the CPU.
	So it still seemed to work right, unless a user upgraded libvirt 2.2.0
	to a newer version while there were some domains with host-model CPUs
	running on the host. Such domains couldn't be migrated with a user
	supplied XML since libvirt would complain:

	    Target CPU mode custom does not match source host-model

	The fix is pretty straightforward, we just need to stop updating the CPU
	when checking ABI stability.

	https://bugzilla.redhat.com/show_bug.cgi?id=1463957

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-13  Juan Hernandez  <jhernand@redhat.com>

	Avoid hidden cgroup mount points
	Currently the scan of the /proc/mounts file used to find cgroup mount
	points doesn't take into account that mount points may hidden by other
	mount points. For, example in certain Kubernetes environments the
	/proc/mounts contains the following lines:

	  cgroup /sys/fs/cgroup/net_prio,net_cls cgroup ...
	  tmpfs /sys/fs/cgroup tmpfs ...
	  cgroup /sys/fs/cgroup/net_cls,net_prio cgroup ...

	In this particular environment the first mount point is hidden by the
	second one. The correct mount point is the third one, but libvirt will
	never process it because it only checks the first mount point for each
	controller (net_cls in this case). So libvirt will try to use the first
	mount point, which doesn't actually exist, and the complete detection
	process will fail.

	To avoid that issue this patch changes the virCgroupDetectMountsFromFile
	function so that when there are duplicates it takes the information from
	the last line in /proc/mounts. This requires removing the previous
	explicit condition to skip duplicates, and adding code to free the
	memory used by the processing of duplicated lines.

	Related-To: https://bugzilla.redhat.com/1468214
	Related-To: https://github.com/kubevirt/libvirt/issues/4

2017-07-12  Cole Robinson  <crobinso@redhat.com>

	news: qemu platform serial devices now use -chardev
	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-12  Cole Robinson  <crobinso@redhat.com>

	qemu: process: Remove unused qemuCaps
	After 426dc5eb2 qemuCaps and virDomainDefPtr are unused here,
	remove it from the call stack

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetPreservedMountPath: rename @mount
	Obviously, old gcc-s ale sad when a variable shares the name with
	a function. And we do have such variable (added in 4d8a914be0):
	@mount. Rename it to @mountpoint so that compiler's happy again.

2017-07-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Provide non-linux stub for qemuDomainAttachDeviceMknodRecursive
	The way we create devices under /dev is highly linux specific.
	For instance we do mknod(), mount(), umount(), etc. Some
	platforms are even missing some of these functions. Then again,
	as declared in qemuDomainNamespaceAvailable(): namespaces are
	linux only. Therefore, to avoid obfuscating the code by trying to
	make it compile on weird platforms, just provide a non-linux stub
	for qemuDomainAttachDeviceMknodRecursive(). At the same time,
	qemuDomainAttachDeviceMknodHelper() which actually calls the
	non-existent functions is moved under ifdef __linux__ block since
	its only caller is in that block too.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-12  John Ferlan  <jferlan@redhat.com>

	qemu: Fix qemuDomainGetBlockInfo allocation value setting
	https://bugzilla.redhat.com/show_bug.cgi?id=1467826

	Commit id 'b9b1aa639' was supposed to add logic to set the allocation
	for sparse files when wr_highest_offset was zero; however, an unconditional
	setting was done just prior. For block devices, this means allocation is
	always returning 0 since 'actual-size' will be zero.

	Remove the unconditional setting and add the note about it being possible
	to still be zero for block devices. As soon as the guest starts writing to
	the volume, the allocation value will then be obtainable from qemu via
	the wr_highest_offset.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Support only raw volumes in qemuDomainBlockPeek
	The API documents that it peeks into the VM disk. We can't do that
	currently for non raw images so report an error.

	qemu: Use storage driver APIs in qemuDomainBlockPeek
	Refactor the access to storage driver usage along with
	qemuDomainStorageFileInit which ensures that we access the file with
	correct DAC uid/gid.

	storage: Make virStorageFileReadHeader more universal
	Allow specifying offset to read an arbitrary position in the file. This
	warrants a rename to virStorageFileRead.

	storage: Split out virStorageSource accessors to separate file
	The helper methods for actually accessing the storage objects don't
	really belong to the main storage driver implementation file. Split them
	out.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	tests: storage: Fully register storage driver
	Use the full storage driver registration method that also fails if one
	of the storage backends is not present. This makes the test fail if a
	submodule fails registration, which is useful for testing.

	Additionally return EXIT_FAILURE as usual in tests rather than -1.

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	internal: don't use weak symbols for Win32 platform
	The Win32 platform will fail to link if you use weak symbols
	because it is incompatible with exporting symbols in a DLL:

	Cannot export virRandomGenerateWWN: symbol wrong type (2 vs 3)

	We only need weak symbols for our test suite to do LD_PRELOAD
	and this doesn't work on Win32, so we can just drop the hack
	for Win32

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	rpc: improve error message for bounds check
	If we exceed a fixed limit in RPC code we get a horrible message
	like this, if the parameter type is a 'string', because we forgot
	to initialize the error message type field:

	  $ virsh snapshot-list ostack1
	  error: too many remote undefineds: 1329 > 1024

	It would also be useful to know which RPC call and field was
	exceeded. So this patch makes us report:

	  $ virsh snapshot-list ostack1
	  error: too many remote undefineds: 1329 > 1024,
	  in parameter 'names' for 'virDomainSnapshotListNames'

2017-07-11  Ján Tomko  <jtomko@redhat.com>

	qemu: handle missing bind host/service on chardev hotplug
	On domain startup, bind host or bind service can be omitted
	and we will format a working command line.

	Extend this to hotplug as well and specify the service to QEMU
	even if the host is missing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1452441

2017-07-11  Ján Tomko  <jtomko@redhat.com>

	qemuDomainSetInterfaceParameters: use the temporary params variable
	We have a temporary pointer to the currently processed parameter.
	Use it to save three bytes per use.

	qemuDomainSetSchedulerParametersFlags: use the value_ul variable
	We assign the unsigned long value of the currently processed
	parameter to a temporary value_ul variable. Use it consistently
	in all cases.

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Prevent more compiler optimization of mockable functions
	Currently all mockable functions are annotated with the 'noinline'
	attribute. This is insufficient to guarantee that a function can
	be reliably mocked with an LD_PRELOAD. The C language spec allows
	the compiler to assume there is only a single implementation of
	each function. It can thus do things like propagating constant
	return values into the caller at compile time, or creating
	multiple specialized copies of the function body each optimized
	for a different caller. To prevent these optimizations we must
	also set the 'noclone' and 'weak' attributes.

	This fixes the test suite when libvirt.so is built with CLang
	with optimization enabled.

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Remove incorrectly used TODO macro
	The TODO macro expands to an fprintf() call and is used in several
	places in the Xen driver. Anything that wishes to print such debug
	messages should use the logging macros. In this case though, all the
	places in the Xen driver should have been raising a formal libvirt
	error instead. Add proper error handling and delete the TODO macro
	to prevent future misuse.

	Remove network constants out of internal.h
	The HOST_NAME_MAX, INET_ADDRSTRLEN and VIR_LOOPBACK_IPV4_ADDR
	constants are only used by a handful of files, so are better
	kept in virsocketaddr.h or the source file that uses them.

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Require use of GCC 4.4 or CLang compilers
	We only ever test libvirt with GCC or CLang which provides a
	GCC compatible compilation environment. Between them, these
	compilers cover every important operating system platform,
	even Windows.

	Mandate their use to make it explicit that we don't care about
	compilers like Microsoft VCC or other UNIX vendor C compilers.

	GCC 4.4 was picked as the baseline, since RHEL-6 ships 4.4.7
	and that lets us remove a large set of checks. There is a slight
	issue that CLang reports itself as GCC 4.2, so we must also check
	if __clang__ is defined. We could check a particular CLang version
	too, but that would require someone to figure out a suitable min
	version which is fun because OS-X reports totally different CLang
	version numbers from CLang builds on Linux/BSD

2017-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Remove duplicate define of __GNUC_PREREQ
	Back in this commit:

	  commit b436a8ae5ccb04f8cf893d882d52ab5efc713307
	  Author: Fabian Freyer <fabian.freyer@physik.tu-berlin.de>
	  Date:   Thu Jun 9 00:50:35 2016 +0000

	    gnulib: add getopt module

	config-post.h was modified to define __GNUC_PREREQ, but the
	original definition was never removed from internal.h, and
	that is now dead code since config.h is always the first file
	included.

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu ns: Create chardev backends more frequently
	Currently, the only type of chardev that we create the backend
	for in the namespace is type='dev'. This is not enough, other
	backends might have files under /dev too. For instance channels
	might have a unix socket under /dev (well, bind mounted under
	/dev from a different place).

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceMknodRecursive: Support file mount points
	https://bugzilla.redhat.com/show_bug.cgi?id=1462060

	Just like in the previous commit, when attaching a file based
	device which has its source living under /dev (that is not a
	device rather than a regular file), calling mknod() is no help.
	We need to:

	1) bind mount device to some temporary location
	2) enter the namespace
	3) move the mount point to desired place
	4) umount it in the parent namespace from the temporary location

	At the same time, the check in qemuDomainNamespaceSetupDisk makes
	no longer sense. Therefore remove it.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDeviceRecursive: Support file mount points
	https://bugzilla.redhat.com/show_bug.cgi?id=1462060

	When building a qemu namespace we might be dealing with bare
	regular files. Files that live under /dev. For instance
	/dev/my_awesome_disk:

	  <disk type='file' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source file='/dev/my_awesome_disk'/>
	    <target dev='vdc' bus='virtio'/>
	  </disk>

	  # qemu-img create -f qcow2 /dev/my_awesome_disk 10M

	So far we were mknod()-ing them which is
	obviously wrong. We need to touch the file and bind mount it to
	the original:

	1) touch /var/run/libvirt/qemu/fedora.dev/my_awesome_disk
	2) mount --bind /dev/my_awesome_disk /var/run/libvirt/qemu/fedora.dev/my_awesome_disk

	Later, when the new /dev is built and replaces original /dev the
	file is going to live at expected location.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceMknodHelper: Fail on unsupported file type
	Currently, we silently assume that file we are creating in the
	namespace is either a link or a device (character or block one).
	This is not always the case. Therefore instead of doing something
	wrong, claim about unsupported file type.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDeviceRecursive: Fail on unsupported file type
	Currently, we silently assume that file we are creating in the
	namespace is either a link or a device (character or block one).
	This is not always the case. Therefore instead of doing something
	wrong, claim about unsupported file type.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Move preserved mount points path generation into a separate function
	This function is going to be used on other places, so
	instead of copying code we can just call the function.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBuildNamespace: Handle special file mount points
	https://bugzilla.redhat.com/show_bug.cgi?id=1459592

	In 290a00e41d I've tried to fix the process of building a
	qemu namespace when dealing with file mount points. What I
	haven't realized then is that we might be dealing not with just
	regular files but also special files (like sockets). Indeed, try
	the following:

	1) socat unix-listen:/tmp/soket stdio
	2) touch /dev/socket
	3) mount --bind /tmp/socket /dev/socket
	4) virsh start anyDomain

	Problem with my previous approach is that I wasn't creating the
	temporary location (where mount points under /dev are moved) for
	anything but directories and regular files.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	conf: Rename and expose virDomainChrSourceDefPath
	It comes very handy to have source path for chardevs. We already
	have such function: virDomainAuditChardevPath() but it's static
	and has name not suitable for exposing. Moreover, while exposing
	it change its name slightly to virDomainChrSourceDefGetPath.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	tests: virjson: Reuse VIR_TEST_VERBOSE in testJSONCopy
	Use VIR_TEST_VERBOSE instead of calling virTestGetVerbose and
	conditionally fprintf. Additionally remove redundant setting of 'ret' to
	-1.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	tests: Validate that JSON deflattening fixed nested json pseudo-protocol strings
	Sheepdog and possibly others use nested objects for network server and
	thus could be specified in a way that libvirt would not parse.

	Validates that https://bugzilla.redhat.com/show_bug.cgi?id=1464821
	is fixed properly.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Always deflatten JSON pseudo-protocol objects
	Now that the JSON deflattener is working sanely we can always attempt
	the deflattening so that we can then parse the tree as expected.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	util: json: Recursively deflatten objects virJSONValueObjectDeflatten
	If a value of the first level object contains more objects needing
	deflattening which would be wrapped in an actual object the function
	would not recurse into them.

	By this simple addition we can fully deflatten the objects.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	util: json: Properly implement JSON deflattening
	As it turns out sometimes users pass in an arbitrarily nested structure
	e.g. for the qemu backing chains JSON pseudo protocol. This new
	implementation deflattens now a single object fully even with nested
	keys.

	Additionally it's not necessary now to stick with the "file." prefix for
	the properties.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	tests: json: Add test for the deflattening function
	Add a few test cases to verify that the old behaviour does not break and
	that new one behaves sanely.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	util: json: Don't remove the 'file' subobject when deflattening
	Currently the function would deflatten the object by dropping the 'file'
	prefix from the attributes. This does not really scale well or adhere to
	the documentation.

	Until we refactor the worker to properly deflatten everything we at
	least simulate it by adding the "file" wrapper object back.

2017-07-11  Peter Krempa  <pkrempa@redhat.com>

	util: Move JSON object deflattening code to json utility file
	The code will become more universal so it makes more sense for it to
	live with the rest of the JSON functions.

	util: json: Add virJSONValueIsObject
	Allows testing whether a virJSONValue is an object.

	tests: Rename jsontest to virjsontest

2017-07-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: add possibility to define init uid/gid
	Users may want to run the init command of a container as a special
	user / group. This is achieved by adding <inituser> and <initgroup>
	elements. Note that the user can either provide a name or an ID to
	specify the user / group to be used.

	This commit also fixes a side effect of being able to run the command
	as a non-root user: the user needs rights on the tty to allow shell
	job control.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: allow user to specify command working directory
	Some containers may want the application to run in a special directory.
	Add <initdir> element in the domain configuration to handle this case
	and use it in the lxc driver.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	util: share code between virExec and virCommandExec
	virCommand is a version of virExec that doesn't fork, however it is
	just calling execve and doesn't honors setting uid/gid and pwd.

	This commit extrac those pieces from virExec() to a virExecCommon()
	function that is called from both virExec() and virCommandExec().

2017-07-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: allow defining environment variables
	When running an application container, setting environment variables
	could be important.

	The newly introduced <initenv> tag in domain configuration will allow
	setting environment variables to the init program.

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virStream*All: Report error if a callback fails
	All of these four functions (virStreamRecvAll, virStreamSendAll,
	virStreamSparseRecvAll, virStreamSparseSendAll) take one or more
	callback functions that handle various aspects of streams.
	However, if any of them fails no error is reported therefore
	caller does not know what went wrong.

	At the same time, we silently presumed callbacks to set errno on
	failure. With this change we should document it explicitly as the
	error is not properly reported.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virStream*All: Preserve reported error
	If one these four functions fail (virStreamRecvAll,
	virStreamSendAll, virStreamSparseRecvAll, virStreamSparseSendAll)
	the stream is aborted by calling virStreamAbort(). This is  a
	public API; therefore, the first thing it does is error reset. At
	that point any error that caused us to abort stream in the first
	place is gone.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virStream*All: Call virStreamAbort() more frequently
	Our documentation to the virStreamRecvAll, virStreamSendAll,
	virStreamSparseRecvAll, and virStreamSparseSendAll functions
	indicates that if these functions fail, then virStreamAbort is
	called. But that is not necessarily true. For instance all of
	these functions allocate a buffer to work with. If the allocation
	fails, no virStreamAbort() is called despite -1 being returned.
	It's the same story with argument sanity checks and a lot of
	other checks.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	fdstream: Report error from the I/O thread
	Problem with our error reporting is that the error object is a
	thread local variable. That means if there's an error reported
	within the I/O thread it gets logged and everything, but later
	when the event loop aborts the stream it doesn't see the original
	error. So we are left with some generic error. We can do better
	if we copy the error message between the threads.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virfdstream: Check for thread error more frequently
	When the I/O thread quits (e.g. due to an I/O error, lseek()
	error, whatever), any subsequent virFDStream API should return
	error too. Moreover, when invoking stream event callback, we must
	set the VIR_STREAM_EVENT_ERROR flag so that the callback knows
	something bad happened.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Rename SupportsChardev to IsPlatformDevice
	This is only used in qemu_command.c, so move it, and clarify that
	it's really about identifying if the serial config is a platform
	device or not.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: command: support -chardev for platform devices
	Some qemu arch/machine types have built in platform devices that
	are always implicitly available. For platform serial devices, the
	current code assumes that only old style -serial config can be
	used for these devices.

	Apparently though since -chardev was introduced, we can use -chardev
	in these cases, like this:

	  -chardev pty,id=foo
	  -serial chardev:foo

	Since -chardev enables all sorts of modern features, use this method
	for platform devices.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: blacklist QEMU_CAPS_CHARDEV
	Every qemu version we support has QEMU_CAPS_CHARDEV, so stop
	explicitly tracking it and blacklist it like we've done for many
	other feature flags.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2argv: Add some QEMU_CAPS_CHARDEV annotations
	Several tests are intending to test some serial/console related
	bits but aren't setting QEMU_CAPS_CHARDEV. This will soon be enabled
	unconditionally so let's add it ahead of time.

	* q35-virt-manager-basic: Intended to test a virt-manager q35 config,
	    which will include a serial/console device
	* console-compat*: console/serial XML compat handling
	* bios: Needs a serial device for sgabios CLI

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2argv: Drop old style serial testing
	These tests are exercising old style -serial command lines. That
	code will soon be removed, so drop these tests.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2argv: drop redundant serial testing
	Several cases have incidental <serial> or <console> XML which aren't
	the features being tested for. Upcoming changes will cause some
	churn here, so instead drop these bits now.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: command: always use -chardev for monitor config
	AFAIK there aren't any cases where we will/should hit the old code
	path for our supported qemu versions, so drop the old code.

	Massive test suite churn follows

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Drop some QEMU_CAPS_CHARDEV checks
	AFAIK there aren't any cases where we should fail these checks with
	supported qemu versions, so just drop them.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Remove old style -parallel building
	AFAIK there aren't any qemu arch/machine types with platform parallel
	devices that would require old style -parallel config, so we shouldn't
	ever need this nowadays.

	Remove a now redundant test

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2argv: Add an aarch64 pci-serial test
	This demonstrates that the previous qemu caps changes will use
	-chardev for pci-serial on aarch64 machvirt

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: Tweak arm conditional in SupportsChardev
	Rather than try to whitelist all device configs that can't use
	-chardev, blacklist the only one that really can't, which is the
	default serial/console target type=isa case.

	ISA specifically isn't a valid config for arm/aarch64, but we've
	always implicitly treated it to mean 'default platform device'.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-10  Scott Garfinkle  <seg@us.ibm.com>

	Use unsigned timeout in cmdMigrateSetMaxDowntime
	While looking to implement a migrate-getmaxdowntime command (coming),
	I noticed that the setmaxdowntime is incorrectly looking at its
	parameter as a signed longlong. Not sure how that got past gcc, but
	here's a simple patch to make the command line parsing and the parameter to
	the worker functions all have the correct (unsigned) type.

2017-07-10  Francesc Guasch  <frankie@etsetb.upc.edu>

	docs: add entry for Ravada to apps page

2017-07-10  Martin Kletzander  <mkletzan@redhat.com>

	docs: Properly quote self uri in search.php
	This removes the classical XSS vulnerability of using unquoted
	PHP_SELF.

	Reported-by: John Lightsey <john@nixnuts.net>

2017-07-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Use vcpu 'node-id' property and pass it back to qemu
	vcpu properties gathered from query-hotpluggable cpus need to be passed
	back to qemu. As qemu did not use the node-id property until now and
	libvirt forgot to pass it back properly (it was parsed but not passed
	around) we did not honor this.

	This patch adds node-id to the structures where it was missing and
	passes it around as necessary.

	The test data was generated with a VM with following config:
	    <numa>
	      <cell id='0' cpus='0,2,4,6' memory='512000' unit='KiB'/>
	      <cell id='1' cpus='1,3,5,7' memory='512000' unit='KiB'/>
	    </numa>

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452053

2017-07-10  Pino Toscano  <ptoscano@redhat.com>

	configure: fix typo in nss error message
	This error message refers to the lack of network, not to yajl.

2017-07-10  Julio Faracco  <jcfaracco@gmail.com>

	tools: virsh: domdisplay command is not freeing the domain pointer
	The command 'domdisplay' is not freeing the domain pointer properly in
	cleanup section. See the error below:

	virsh # domdisplay WINDOWS7
	vnc://127.0.0.1:0

	virsh # quit

	error: One or more references were leaked after disconnect from the hypervisor

	Valgrind report:

	==29168== 66 (56 direct, 10 indirect) bytes in 1 blocks are definitely lost in loss record 154 of 239
	==29168==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29168==    by 0x5505324: virAllocVar (viralloc.c:560)
	==29168==    by 0x555A61B: virObjectNew (virobject.c:199)
	==29168==    by 0x561F367: virGetDomain (datatypes.c:284)
	==29168==    by 0x5680979: get_nonnull_domain (remote_driver.c:8143)
	==29168==    by 0x5680979: remoteDomainLookupByName (remote_client_bodies.h:3047)
	==29168==    by 0x5623D9A: virDomainLookupByName (libvirt-domain.c:425)
	==29168==    by 0x160480: virshLookupDomainInternal (virsh-util.c:59)
	==29168==    by 0x160547: virshCommandOptDomainBy (virsh-util.c:98)
	==29168==    by 0x13D3A9: cmdDomDisplay (virsh-domain.c:10963)
	==29168==    by 0x165680: vshCommandRun (vsh.c:1327)
	==29168==    by 0x12E320: main (virsh.c:953)

2017-07-10  Julio Faracco  <jcfaracco@gmail.com>

	tests: virstringtest: adding tests to virStrToDouble()
	There are no occurrences of tests related to Strings and Double numbers
	inside virstringtest.c. This commit introduces some tests to validate the
	conversion. The test does not include locale changes yet.

2017-07-08  Sri Ramanujam  <sramanujam@datto.com>

	news: Update news for new Hyper-V APIs

	hyperv: Add support for virDomainSetMemory
	Introduces support for virDomainSetMemory. This also serves an an
	example for how to use the new method invocation API with a more
	complicated method, this time including an EPR and embedded param.

	hyperv: support virDomainSendKey
	This commit adds support for virDomainSendKey. It also serves as an
	example of how to use the new method invocation APIs with a single
	"simple" type parameter.

	hyperv: add hypervInvokeMethod
	This commit adds support for invoking methods on remote objects
	via hypervInvokeMethod.

2017-07-08  Sri Ramanujam  <sramanujam@datto.com>

	hyperv: Generate object property type information
	Update the generator to generate basic property type information for
	each CIM object representation. Right now, it generates arrays of
	hypervCimType structs:

	struct _hypervCimType {
	    const char *name;
	    const char *type;
	    bool isArray;
	};

2017-07-08  Sri Ramanujam  <sramanujam@datto.com>

	hyperv: Functions to work with invocation parameters
	This commit introduces functionality for creating and working with
	invoke parameters. This commit does not include any code for serializing
	and actually performing the method invocations; it merely defines the
	functions and API for using invocation parameters in driver code.

	HYPERV_DEFAULT_PARAM_COUNT was chosen because almost no method
	invocations have more than 4 parameters.

	Functions added:
	* hypervInitInvokeParamsList
	* hypervFreeInvokeParams
	* hypervAddSimpleParam
	* hypervAddEprParam
	* hypervCreateEmbeddedParam
	* hypervSetEmbeddedProperty
	* hypervAddEmbeddedParam
	* hypervFreeEmbeddedParam

2017-07-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Add missing newline to last element in status XML formatter
	Commit f9758109a7 did not put a newline after the element it added.

2017-07-05  Daniel P. Berrange  <berrange@redhat.com>

	docs: add entry to download table listing the Rust language binding
	Reviewed-by: John Ferlan <jferlan@redhat.com>

	Improve logging of shutdown inhibitor
	The log category for virnetdaemon.c was mistakenly set
	to rpc.netserver. Some useful info about the inhibitor
	file descriptor was also never logged.

2017-07-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix conditional check for DBus
	The DBus conditional was renamed way back:

	  commit da77f04ed5fa0731d50b947be8c739bdbf8121ad
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Thu Sep 20 15:05:39 2012 +0100

	    Convert HAVE_DBUS to WITH_DBUS

	but the shutdown inhibit code was not updated. Thus libvirt
	was never inhibiting shutdown by a logged in user when VMs
	are running.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-07-05  John Ferlan  <jferlan@redhat.com>

	Post-release version bump to 3.6.0

2017-07-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.5.0
	* docs/news.xml: update
	* po/*.po* : regenerated

2017-07-04  Peter Krempa  <pkrempa@redhat.com>

	lib: Remove misplaced and redundant comments
	It's obvious that unsigned long long is 64 bit and also our web page
	generator would misplace the comment after the return value due to the
	way it's parsing them.

2017-07-04  Pavel Hrdina  <phrdina@redhat.com>

	news: CPU add migration fix into Bug fixes
	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-07-04  Andrea Bolognani  <abologna@redhat.com>

	news: Update for 3.5.0 release
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-30  Martin Kletzander  <mkletzan@redhat.com>

	news: Add CAT capability information into improvements

	news: Add live coalesce settings to new features

2017-06-29  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: nseclabels member is moved to virDomainChrSourceDef struct

	vz: add argument xmlopt for virDomainDefCheckABIStability call

2017-06-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: Document bhyve's vgaconf support
	 - Add a news entry
	 - Update driver's page with information about the new
	   vgaconf attribute and provide usage example; while here,
	   fix a grammar mistake

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-06-28  Peter Krempa  <pkrempa@redhat.com>

	docs: news: Add entries for my recent changes

	util: netdevbridge: Refactor error handling in virNetDevBridgeCreate
	Replace the switch statement with a simpler if statement. This also
	removes the fallthrough path that coverity was complaining about.

2017-06-28  John Ferlan  <jferlan@redhat.com>

	hotplug: Create helper to remove vport
	Combine and "clean up" a bit two places that are removing the vport

	nodedev: Add check for NULL obj before call Unlock
	Commit id '95ea171b' was a bit too aggressive in removing the if (obj)
	check since cleanup is reachable after Unlock and obj = NULL.

2017-06-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Disallow modification of vcpu 0 in inactive config
	vcpu 0 must be always enabled and non-hotpluggable, thus you can't
	modify it using the vcpu hotplug APIs. Disallow it so that users can't
	create invalid configurations.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1459785

2017-06-28  Lily Zhu  <lizhu@redhat.com>

	man: Fix documentation errors about the paths of the config files
	The default conf files, for example libvirtd.conf, virtlockd.conf, and
	virtlogd.conf, should be located under the directory "/etc/libvirt" when
	root as root, rather than "/etc". When run as non-root, the configuration
	files should be located under "$XDG_CONFIG_HOME/libvirt/", rather than
	"XDG_CONFIG_HOME".

2017-06-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: Add callback-related info to virStream{Abort,Finish}
	When one has a non-blocking stream and aborts or finishes it without
	removing the callback, any event loop invocation will trigger that
	callback, but it cannot be removed any more.  We cannot remove the
	callback automatically from virStream{Abort,Finish} functions due to
	forward-compatibility.  So let's at least document this behaviour,
	because it is not easy to find out the reason for.

2017-06-27  Daniel Liu  <srwx4096@gmail.com>

	virsh: Fix --help problem for domxml-to-native DOMAIN COMMAND
	Resolves a bug in domxml-to-native command option, so that the
	following command displays the help information correctly:
	'virsh domxml-to-native --help'.

2017-06-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add vga configuration for video driver
	Add support for vgaconf driver configuration. In domain xml it looks like
	this:

	  <video>
	    <driver vgaconf='io|on|off'>
	    <model .../>
	  </video>

	It was added with bhyve gop video in mind to allow users control how the
	video device is exposed to the guest, specifically, how VGA I/O is
	handled.

	One can refer to the bhyve manual page to get more detailed description
	of the possible VGA configuration options:

	https://www.freebsd.org/cgi/man.cgi?query=bhyve&manpath=FreeBSD+12-current

	The relevant part could be found using the 'vgaconf' keyword.

	Also, add some tests for this new feature.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-27  Cole Robinson  <crobinso@redhat.com>

	Revert "qemu: Support chardevs with ARM virt machines"
	This reverts commit 70c9b44270f75bfb7a5701d81aa49380d139e8f0.

	This commit breaks existing aarch64 machvirt configs with:

	    <serial type='pty'>
	      <target port='0'/>
	    </serial>
	    <console type='pty'>
	      <target type='serial' port='0'/>
	    </console>

	Which fails with:

	error: Failed to start domain fedora25-aarch64
	error: internal error: process exited while connecting to monitor:
	2017-06-26T13:55:34.726293Z qemu-system-aarch64: -chardev pty,id=charserial0:
	char device redirected to /dev/pts/5 (label charserial0)
	2017-06-26T13:55:34.782121Z qemu-system-aarch64: -device
	isa-serial,chardev=charserial0,id=serial0: No 'ISA' bus found for device
	'isa-serial'

2017-06-27  Andrea Bolognani  <abologna@redhat.com>

	conf: Copy loadparm in virDomainDeviceInfoCopy()
	Commit 54fa1b44afc8 added virDomainDeviceInfo::loadparm
	and updated virDomainDeviceInfoClear() accordingly, but
	omitted the necessary virDomainDeviceInfoCopy() changes.

2017-06-26  Andrea Bolognani  <abologna@redhat.com>

	HACKING: Drop from the git repository
	Despite being a generated file, HACKING has been tracked in
	the git repository along with actual source files. As far as
	I'm aware, it's the only generated file for which that happens.

	Times and times again, people[1] have committed changes to
	the source file without refreshing the generated copy at the
	same time.

	The rationale for tracking the generated file is to help out
	people who just cloned the git repository looking to contribue;
	however, README-hacking already contains enough information to
	get perspective contributors to a place where they can simply
	look at docs/hacking.html instead.

	[1] Mostly me, to be honest

2017-06-26  Andrea Bolognani  <abologna@redhat.com>

	README: Remove 'git send-email' mention
	The use of 'git send-email' is described in detail in the
	contributor guidelines (docs/hacking.html), which are
	mentioned in docs/contribute.html, the non-local version
	of which is in turn mentioned in README.

	README: Various minor style tweaks

	docs: Point to hacking.html from contribute.html
	People looking to help out should really go through the
	contributor guidelines when getting started, so the more
	documents point to them the better.

2017-06-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid fd leak on incoming tunneled migration
	While qemuProcessIncomingDefNew takes an fd argument and stores it in
	qemuProcessIncomingDef structure, the caller is still responsible for
	closing the file descriptor.

	Introduced by commit v1.2.21-140-ge7c6f4575.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-26  Andrea Bolognani  <abologna@redhat.com>

	README: Remove unnecessary empty line

2017-06-26  Martin Kletzander  <mkletzan@redhat.com>

	util: Extract locale-related fixes into separate functions

2017-06-26  Andrea Bolognani  <abologna@redhat.com>

	HACKING: Refresh after changes to source file
	Commit 79c1900fc1eb changed docs/hacking.html.in, but *of
	course* I forgot once again to update the text-only version
	of the file at the same time.

2017-06-26  Andrea Bolognani  <abologna@redhat.com>

	hacking: Improve 'git send-email' documentation
	For the benefit of first time contributors, we point out that 'git
	send-email' might have to be installed separately; however, we omit
	the fact that some configuration will likely be needed before it
	can successfully deliver patches to the mailing list.

	Some minor tweaks to the existing contents are included as well.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorTextAddDrive: Fail on unrecognized disk format
	Since qemu commit 3ef6c40ad0b it can fail if trying to hotplug a
	disk that is not qcow2 despite us saying it is. We need to error
	out in that case.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-25  John Ferlan  <jferlan@redhat.com>

	events: Avoid double free possibility on remote call failure
	If a remote call fails during event registration (more than likely from
	a network failure or remote libvirtd restart timed just right), then when
	calling the virObjectEventStateDeregisterID we don't want to call the
	registered @freecb function because that breaks our contract that we
	would only call it after succesfully returning.  If the @freecb routine
	were called, it could result in a double free from properly coded
	applications that free their opaque data on failure to register, as seen
	in the following details:

	    Program terminated with signal 6, Aborted.
	    #0  0x00007fc45cba15d7 in raise
	    #1  0x00007fc45cba2cc8 in abort
	    #2  0x00007fc45cbe12f7 in __libc_message
	    #3  0x00007fc45cbe86d3 in _int_free
	    #4  0x00007fc45d8d292c in PyDict_Fini
	    #5  0x00007fc45d94f46a in Py_Finalize
	    #6  0x00007fc45d960735 in Py_Main
	    #7  0x00007fc45cb8daf5 in __libc_start_main
	    #8  0x0000000000400721 in _start

	The double dereference of 'pyobj_cbData' is triggered in the following way:

	    (1) libvirt_virConnectDomainEventRegisterAny is invoked.
	    (2) the event is successfully added to the event callback list
	        (virDomainEventStateRegisterClient in
	        remoteConnectDomainEventRegisterAny returns 1 which means ok).
	    (3) when function remoteConnectDomainEventRegisterAny is hit,
	        network connection disconnected coincidently (or libvirtd is
	        restarted) in the context of function 'call' then the connection
	        is lost and the function 'call' failed, the branch
	        virObjectEventStateDeregisterID is therefore taken.
	    (4) 'pyobj_conn' is dereferenced the 1st time in
	        libvirt_virConnectDomainEventFreeFunc.
	    (5) 'pyobj_cbData' (refered to pyobj_conn) is dereferenced the
	         2nd time in libvirt_virConnectDomainEventRegisterAny.
	    (6) the double free error is triggered.

	Resolve this by adding a @doFreeCb boolean in order to avoid calling the
	freeCb in virObjectEventStateDeregisterID for any remote call failure in
	a remoteConnect*EventRegister* API. For remoteConnect*EventDeregister* calls,
	the passed value would be true indicating they should run the freecb if it
	exists; whereas, it's false for the remote call failure path.

	Patch based on the investigation and initial patch posted by
	fangying <fangying1@huawei.com>.

2017-06-25  Christoffer Dall  <cdall@linaro.org>

	qemu: Support chardevs with ARM virt machines
	The function to check if -chardev is supported by QEMU was written a
	long time ago, where adding chardevs did not make sense on the fixed ARM
	platforms.  Since then, we now have a general purpose virt platform,
	which should support plugging in any device over PCIe which is supported
	in a similar fashion on x86.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-06-24  Daniel Liu  <srwx4096@gmail.com>

	virsh: add [--domain DOMAIN] option to domxml-to-native DOMAIN COMMAND
	The option allows someone to run domain-to-native on already existing
	domain without the need of supplying their XML.  It is basically
	wrapper around 'virsh dumpxml  | virsh domxml-to-native /dev/stdin'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=835476
	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-24  John Ferlan  <jferlan@redhat.com>

	util: Force reading of meta data to get encryption capacity value
	https://bugzilla.redhat.com/show_bug.cgi?id=1371892

	As it turns out the volume create, build, and refresh path was not peeking
	at the meta data, so immediately after a create operation the value displayed
	for capacity was still incorrect. However, if a pool refresh was done the
	correct value was fetched as a result of a meta data peek.

	The reason is it seems historically if the file type is RAW then peeking
	at the file just took the physical value for the capacity. However, since
	we know if it's an encrypted file, then peeking at the meta data will be
	required in order to get a true capacity value.

	So check for encryption in the source and if present, use the meta data
	in order to fill in the capacity value and set the payload_offset.

2017-06-23  Peter Krempa  <pkrempa@redhat.com>

	tests: hotplug: Test disks with duplicate WWNs

2017-06-23  Peter Krempa  <pkrempa@redhat.com>

	Revert "qemu: Check duplicate WWNs also for hotplugged disks"
	Similarly to commit 5da28cc3069b573f54f0bcaf8eb75476bcfdc6e9 this check
	actually does not make sense since duplicate WWNs are used e.g. when
	multipathing disks.

	This reverts commit 780fe4e4baf7e2f10f65ba1a34f9274fc547cad2.

2017-06-23  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevOpenvswitchInterfaceStats: Be more forgiving when fetching stats
	https://bugzilla.redhat.com/show_bug.cgi?id=1461270

	When fetching stats for a vhost-user type of interface, we run
	couple of ovs-vsctl commands and parse their output. However, not
	all stats exist at all times, for instance "rx_dropped" or
	"tx_errors" can be missing. Thing is, we ask for a bulk of
	statistics and if one of them is missing an error is reported
	instead of returning the rest. Since we ignore errors, we fail to
	set statistics. Fix this by asking for each piece alone.

2017-06-22  John Ferlan  <jferlan@redhat.com>

	util: Introduce virObjectGetLockableObj
	Split out the object fetch in virObject{Lock|Unlock} into a helper

	util: Formatting cleanups to virobject API
	Alter to use more recent formatting guidelines

2017-06-22  Martin Kletzander  <mkletzan@redhat.com>

	util: Move locale.h include from virutil to virstring
	Commit 5c54d29aaeb7 forgot to do that when moving the only function
	using it and it broke the build on some platforms.

2017-06-22  Michal Privoznik  <mprivozn@redhat.com>

	security: Don't skip relabel for all chardevs
	Our commit e13e8808f9 was way too generic. Currently, virtlogd is
	used only for chardevs type of file and nothing else. True, we
	must not relabel the path in this case, but we have to in all
	other cases. For instance, if you want to have a physical console
	attached to your guest:

	    <console type='dev'>
	      <source path='/dev/ttyS0'/>
	      <target type='virtio' port='1'/>
	    </console>

	Starting such domain fails because qemu doesn't have access to
	/dev/ttyS0 because we haven't relabelled the path.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-22  Julio Faracco  <jcfaracco@gmail.com>

	util: fix locale problem with virStrToDouble().
	This commit fixes a locale problem with locales that use comma as a mantissa
	separator. Example: 12.34 en_US = 12,34 pt_BR. Since strtod() is a non-safe
	function, virStrToDouble() will have problems to parse double numbers from
	kernel settings and other double numbers from static files (XMLs, JSONs, etc).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1457634
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1457481

2017-06-22  Julio Faracco  <jcfaracco@gmail.com>

	util: moving virDoubleToStr() from virutil to virstring.
	The function virDoubleToStr() is defined in virutil.* and virStrToDouble() is
	defined in virstring.*. Joining both functions into the same file makes more
	sense.

2017-06-21  Cole Robinson  <crobinso@redhat.com>

	tests: virstoragetest: fix --without-yajl
	Recently added JSON tests should be skipped if compiled --without-yajl

	https://bugzilla.redhat.com/show_bug.cgi?id=1463435

2017-06-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not skip virCPUUpdateLive if priv->origCPU is set
	Even though we got both the original CPU (used for starting a domain)
	and the updated version (the CPU really provided by QEMU) during
	incoming migration, restore, or snapshot revert, we still need to update
	the CPU according to the data we got from the freshly started QEMU.
	Otherwise we don't know whether the CPU we got from QEMU matches the one
	before migration. We just need to keep the original CPU in
	priv->origCPU.

	Messed up by me in v3.4.0-58-g8e34f4781.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessBuildDestroyHugepagesPath: Don't warn on destroying non-existent path
	This function is called unconditionally from qemuProcessStop to
	make sure we leave no dangling dirs behind. However, whenever the
	directory we want to rmdir() is not there (e.g. because it hasn't
	been created in the first place because domain doesn't use
	hugepages at all), we produce a warning like this:

	2017-06-20 15:58:23.615+0000: 32638: warning :
	qemuProcessBuildDestroyHugepagesPath:3363 : Unable to remove
	hugepage path: /dev/hugepages/libvirt/qemu/1-instance-00000001
	(errno=2)

	Fix this by not producing the warning on ENOENT.

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-06-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Change coalesce settings on hotplug when they are different
	Part of the condition was reverted so no value update was propagated
	through.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414627

2017-06-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Move comments separating groups of capabilities
	Similarly to how we specify the groups of 5 capabilities in the header
	file move the labels to separate line also for the VIR_ENUM_IMPL part.

	This simplifies rebase conflict resolution in the capability file since
	only lines have to be shuffled around, but they don't need to be edited.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Make @backingFormat optional in virStorageFileGetMetadataInternal
	Some callers don't need to know the backing format. Make the argument
	optional by using a dummy int if NULL is passed.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Load data necessary for relative block commit to work
	Commit 7456c4f5f introduced a regression by not reloading the backing
	chain of a disk after snapshot. The regression was caused as
	src->relPath was not set and thus the block commit code could not
	determine the relative path.

	This patch adds code that will load the backing store string if
	VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT and store it in the correct place
	when a snapshot is successfully completed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1461303

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	storage: Add helper to retrieve the backing store string of a storage volume
	It is necessary for some parts of the code to refresh just data
	based on the based on the backing store string. Add a convenience
	function that will retrieve this data.

	util: storage: Export virStorageIsRelative

	qemu: block commit: Don't overwrite error when rolling back disk labels
	Calls to qemuDomainDiskChainElementPrepare resets the original error,
	thus we need to save it in the cleanup path of qemuDomainBlockCommit.

	qemu: block commit: Determine relative path of images before initializing
	Changing labelling of the images does not need to happen after setting
	the labeling and lock manager access. This saves the cleanup of the
	labeling if the relative path can't be determined.

2017-06-20  Farhan Ali  <alifm@linux.vnet.ibm.com>

	news: Update news for loadparm feature

2017-06-20  Farhan Ali  <alifm@linux.vnet.ibm.com>

	qemu: Add loadparm to qemu command line string
	Check for the LOADPARM capabilility and potentially add a loadparm=x to
	the "-machine" string for the QEMU command line.

	Also add xml2argv test cases for loadparm.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>

2017-06-20  Farhan Ali  <alifm@linux.vnet.ibm.com>

	qemu: Introduce a new QEMU capability for -machine loadparm
	Add new capability for the "-machine loadparm" QEMU option.

	Add the capabilities replies/xml for s390x for QEMU 2.9.50.

2017-06-20  Farhan Ali  <alifm@linux.vnet.ibm.com>

	conf: Add loadparm boot option for a boot device
	Update the per device boot schema to add an optional loadparm parameter.

	eg: <boot order='1' loadparm='2'/>

	Extend the virDomainDeviceInfo to support loadparm option.
	Modify the appropriate functions to parse loadparm from boot device xml.
	Add the xml2xml test to validate the field.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>

2017-06-20  Ján Tomko  <jtomko@redhat.com>

	check the return value of qemuBuildVirtioOptionsStr
	Only qemuBuildFSDevStr missed the return check.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: storage: adapt to changes in JSON format for sheepdog
	Since qemu 2.9 the options changed from a monolithic string into fine
	grained options for the json pseudo-protocol object.

	util: storage: adapt to changes in JSON format for ssh
	Since qemu 2.9 the options changed from a monolithic string into fine
	grained options for the json pseudo-protocol object.

	util: storage: adapt to changes in JSON format for ceph/rbd
	Since qemu 2.9 the options changed from a monolithic string into fine
	grained options for the json pseudo-protocol object.

	util: storage: adapt to changes in JSON format for NBD
	Since 2.9 the host and port for NBD are no longer directly under the
	json pseudo-protocol object, but rather belong to a sub-object called
	'server'.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add JSON parser for new options in iSCSI protocol
	Starting from qemu 2.9, more granular options are supported. Add parser
	for the relevant bits.

	With this patch libvirt is able to parse the host and target IQN of from
	the JSON pseudo-protocol specification.

	This corresponds to BlockdevOptionsIscsi in qemu qapi.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Report errors when source host data is missing
	Merge the reporting of the missing source host data into the parser
	functions so that callers don't have to do it separately.

	util: storage: Split out parsing of TCP network host from JSON pseudoprotocol
	Few backing protocols support only TCP. Split out the function which
	will correspond to parsing qemu's InetSocketAddressBase.

2017-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add support for type 'inet' in virStorageSourceParseBackingJSONSocketAddress
	'SocketAddress' structure was changed to contain 'inet' instead of
	'tcp' since qemu commit c5f1ae3ae7b. Existing entries have a backward
	compatibility layer.

	Libvirt will parse 'inet' and 'tcp' as equivalents.

2017-06-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Remove coverity[negative_returns] annotation
	It was added in commit 6c2e4c3856c8ed48c378bf1bf357cab46271a47a
	so that Coverity would not complain about passing -1 to
	qemuDomainDetachThisHostDevice(), but the function in question
	has changed since and so the annotation doesn't apply anymore.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-19  Peter Krempa  <pkrempa@redhat.com>

	util: storage: make virStorageSourceParseBackingJSONGlusterHost universal
	The same json strucutre is used for NBD and sheepdog volumes for
	specifying of the host. Rename the function and fix up error messages to
	be more universal.

	util: storage: Add missing return to virStorageSourceParseBackingJSONGluster
	If the number of servers is not expected the code would report an error
	but would not return failure.

	util: storage: Output parsed network backing store string to debug log

2017-06-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Pass the number of heads even with -vga qxl
	When added in multiple previous commits, it was used only with -device
	qxl(-vga), but for some QEMUs (< 1.6) we need to add this
	functionality when using -vga qxl as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207

2017-06-16  Pavel Hrdina  <phrdina@redhat.com>

	security: don't relabel chardev source if virtlogd is used as stdio handler
	In the case that virtlogd is used as stdio handler we pass to QEMU
	only FD to a PIPE connected to virtlogd instead of the file itself.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1430988

	Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

2017-06-16  Pavel Hrdina  <phrdina@redhat.com>

	qemu: propagate chardevStdioLogd to qemuBuildChrChardevStr
	Improve the code to decide whether to use virtlogd or not by checking
	the same variable that is updated in qemuProcessPrepareDomain().

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Pavel Hrdina  <phrdina@redhat.com>

	qemu: introduce chardevStdioLogd to qemu private data
	In QEMU driver we can use virtlogd as stdio handler for source backend
	of char devices if current QEMU is new enough and it's enabled in
	qemu.conf.  We should store this information while starting a guest
	because the config option may change while the guest is running.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Pavel Hrdina  <phrdina@redhat.com>

	conf: move seclabel for chardev source to the correct sturcture
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetPreservedMounts: Fix suffixes for corner cases
	https://bugzilla.redhat.com/show_bug.cgi?id=1431112

	Imagine a FS mounted on /dev/blah/blah2. Our process of creating
	suffix for temporary location where all the mounted filesystems
	are moved is very simplistic. We want:

	/var/run/libvirt/qemu/$domName.$suffix\

	were $suffix is just the mount point path stripped of the "/dev/"
	prefix. For instance:

	/var/run/libvirt/qemu/fedora.mqueue  for /dev/mqueue
	/var/run/libvirt/qemu/fedora.pts     for /dev/pts

	and so on. Now if we plug /dev/blah/blah2 into the example we see
	some misbehaviour:

	/var/run/libvirt/qemu/fedora.blah/blah2

	Well, misbehaviour if /dev/blah/blah2 is a file, because in that
	case we call virFileTouch() instead of virFileMakePath().
	The solution is to replace all the slashes in the suffix with say
	dots. That way we don't have to care about nested directories.
	IOW, the result we want for given example is:

	/var/run/libvirt/qemu/fedora.blah.blah2

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetPreservedMounts: Prune nested mount points
	https://bugzilla.redhat.com/show_bug.cgi?id=1431112

	There can be nested mount points. For instance /dev/shm/blah can
	be a mount point and /dev/shm too. It doesn't make much sense to
	return the former path because callers preserve the latter (and
	with that the former too). Therefore prune nested mount points.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBuildNamespace: Clean up temp files
	https://bugzilla.redhat.com/show_bug.cgi?id=1431112

	After 290a00e41d we know how to deal with file mount points.
	However, when cleaning up the temporary location for preserved
	mount points we are still calling rmdir(). This won't fly for
	files. We need to call unlink(). Now, since we don't really care
	if the cleanup succeeded or not (it's the best effort anyway), we
	can call both rmdir() and unlink() without need for
	differentiation between files and directories.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Report more correct information for cache control
	On some platforms the number of bits in the cbm_mask might not be
	divisible by 4 (and not even by 2), so we need to properly count the
	bits.  Similar file, min_cbm_bits, is properly parsed and used, but if
	the number is greater than one, we lose the information about
	granularity when reporting the data in capabilities.  For that matter
	always report granularity, but if it is not the same as the minimum,
	add that information in there as well.

2017-06-16  Serge Hallyn  <serge.hallyn@ubuntu.com>

	apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
	When setting up VncTLS according to the official Libvirt documentation,
	only one certificate for libvirt/libvirt-vnc is used. The document
	indicates to use the following directories :

	 /etc/pki/CA
	 /etc/pki/libvirt
	 /etc/pki/libvirt/private

	in order to manage the certificates used by libvirt-vnc.

	Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272

2017-06-16  Serge Hallyn  <serge.hallyn@ubuntu.com>

	apparmor, libvirt-qemu: Allow access to ceph config

2017-06-16  Stefan Bader  <stefan.bader@canonical.com>

	apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
	On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
	a domain through libxl) is located under /usr/lib/xen-<version>/bin.

	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195

2017-06-16  Serge Hallyn  <serge.hallyn@ubuntu.com>

	apparmor, libvirt-qemu: Add ppc64el related changes
	Updates profile to allow running on ppc64el.

	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1374554

2017-06-16  William Grant  <wgrant@ubuntu.com>

	apparmor, virt-aa-helper: Allow aarch64 UEFI.
	Allow access to aarch64 UEFI images.

	Acked-by: Guido Günther <agx@sigxcpu.org>

2017-06-16  Christian Ehrhardt  <christian.ehrhardt@canonical.com>

	virt-aa-helper: Generalize test for firmware paths
	This replaces individual tests for firmware locations by
	a generic function which will simplify having additional
	locations in the future.

2017-06-16  Simon McVittie  <smcv@debian.org>

	virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
	The split firmware and variables files introduced by
	https://bugs.debian.org/764918 are in a different directory for
	some reason. Let the virtual machine read both.

2017-06-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow live-updates of coalesce settings
	Change the settings from qemuDomainUpdateDeviceLive() as otherwise the
	call would succeed even though nothing has changed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414627

2017-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Temporarily disable format truncation warnings
	GCC 7.1 introduces a new -Wformat-truncation warning
	flag that reports if it thinks the maximum possible
	size of the formatted output will exceed the provided
	fixed buffer. This is enabled automatically by the
	-Wformat warning flag. There are quite a few places
	hit by this in libvirt which need rewriting. This is
	non-trivial work in some places, so temporarily
	disable the new warning until those fixes can be
	implemented.

2017-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Disable the -Wduplicated-branches warning
	Depending on the platform/architecture, a number of conditionals
	in libvirt code expand the same on both branches. This is expected
	behaviour and harmless, so disable the warning to avoid creating
	unexpected build failures

	Two examples, mingw32:

	../../src/util/vircommand.c: In function 'virCommandWait':
	../../src/util/vircommand.c:2562:51: error: this condition has identical branches [-Werror=duplicated-branches]
	             *exitstatus = cmd->rawStatus ? status : WEXITSTATUS(status);
	                                                   ^
	and gcc7.1

	In file included from util/virobject.c:28:0:
	util/virobject.c: In function 'virClassNew':
	util/viratomic.h:176:46: error: this condition has identical branches [-Werror=duplicated-branches]
	            (void)(0 ? *(atomic) ^ *(atomic) : 0);                      \
	                                             ^
	util/virobject.c:144:20: note: in expansion of macro 'virAtomicIntInc'
	    klass->magic = virAtomicIntInc(&magicCounter);
	                   ^~~~~~~~~~~~~~~

2017-06-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use qemuDomainCheckABIStability where needed
	Most places which want to check ABI stability for an active domain need
	to call this API rather than the original
	qemuDomainDefCheckABIStability. The only exception is in snapshots where
	we need to decide what to do depending on the saved image data.

	https://bugzilla.redhat.com/show_bug.cgi?id=1460952

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add qemuDomainCheckABIStability
	When making ABI stability checks for an active domain, we need to make
	sure we use the same migratable definition which virDomainGetXMLDesc
	with the MIGRATABLE flag provides, otherwise the ABI check will fail.
	This is implemented in the new qemuDomainCheckABIStability which takes a
	domain object and generates the right migratable definition from it.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add qemuDomainMigratableDefCheckABIStability
	This patch separates the actual ABI checks from getting migratable defs
	in qemuDomainDefCheckABIStability so that we can create another wrapper
	which will use different methods to get the migratable defs.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce qemuDomainDefFromXML helper
	The main goal of this function is to enable reusing the parsing code
	from qemuDomainDefCopy.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't try to use hugepages if not enabled
	https://bugzilla.redhat.com/show_bug.cgi?id=1214369

	My fix 671d18594f4 was incomplete. If domain doesn't have
	hugepages enabled, because of missing condition we would still be
	putting hugepages path onto qemu cmd line. Clean up the
	conditions so that it's more visible next time.

2017-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Use sys/uio.h for writev()
	With glibc >= 2.25.90 writev() is only available if you explicitly
	include sys/uio.h. This matches the documented requirements, but
	older glibc and other *NIX pulled in writev indirectly so the bug
	wasn't noticed previously.

	maint: update to latest gnulib
	This fixes an incompatibility with glibc 2.25.90

2017-06-14  Erik Skultety  <eskultet@redhat.com>

	qemu: monitor: Fix a memory leak in qemuMonitorJSONAttachCharDevCommand
	With the current logic, we only free @tlsalias as part of the error
	label and would have to free it explicitly earlier in the code. Convert
	the error label to cleanup, so that we have only one sink, where we
	handle all frees. Since JSON object append operation consumes pointers,
	make sure @backend is cleared before we hit the cleanup label.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Prefer hugepages over mem source='file'
	https://bugzilla.redhat.com/show_bug.cgi?id=1214369

	Consider the following XML:

	  <memoryBacking>
	    <hugepages>
	      <page size='2048' unit='KiB' nodeset='1'/>
	    </hugepages>
	    <source type='file'/>
	    <access mode='shared'/>
	  </memoryBacking>

	  <numa>
	    <cell id='0' cpus='0-3' memory='512000' unit='KiB'/>
	    <cell id='1' cpus='4-7' memory='512000' unit='KiB'/>
	  </numa>

	The following cmd line is generated:

	  -object
	  memory-backend-file,id=ram-node0,mem-path=/var/lib/libvirt/qemu/ram,
	  share=yes,size=524288000 -numa node,nodeid=0,cpus=0-3,memdev=ram-node0
	  -object
	  memory-backend-file,id=ram-node1,mem-path=/var/lib/libvirt/qemu/ram,
	  share=yes,size=524288000 -numa node,nodeid=1,cpus=4-7,memdev=ram-node1

	This is obviously wrong as for node 1 hugepages should have been
	used. The hugepages configuration is more specific than <source
	type='file'/>.

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow memAccess for hugepages again
	https://bugzilla.redhat.com/show_bug.cgi?id=1214369
	https://bugzilla.redhat.com/show_bug.cgi?id=1458638

	Historically, we've always supported memAccess for domains backed
	by hugepages. However, somewhere along the way we've regressed
	and stopped allowing such configuration. Fix it.

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2xmltest: Test hugepage enabled domains
	We have couple of hugepage enabled domains for qemuxml2argvtest.
	Unfortunately, often when adding a test case there I forget to
	add it to xml2xml test too.

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachMemory: Crate hugepage dir if needed
	https://bugzilla.redhat.com/show_bug.cgi?id=1455819

	It may happen that a domain is started without any huge pages.
	However, user might try to attach a DIMM module later. DIMM
	backed by huge pages (why would somebody want to mix regular and
	huge pages is beyond me). Therefore we have to create the dir if
	we haven't done so far.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessBuildDestroyHugepagesPath: create path more frequently
	https://bugzilla.redhat.com/show_bug.cgi?id=1455819

	Currently, the per-domain path for huge pages mmap() for qemu is
	created iff domain has memoryBacking and hugepages in it
	configured. However, this alone is not enough because there can
	be a DIMM module with hugepages configured too.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-13  Michal Privoznik  <mprivozn@redhat.com>

	daemonUnixSocketPaths: Unify exit paths
	Right now, there is a lot of exit points from the function.
	Depending on their position they need to copy the same free
	calls. This goes against our style where we usually have just one
	exit point from the function which also does the necessary free.

2017-06-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix starting a domain with corrupted managed save file
	Commit v3.4.0-44-gac793bd71 fixed a memory leak, but failed to return
	the special -3 value. Thus an attempt to start a domain with corrupted
	managed save file would removed the corrupted file and report
	"An error occurred, but the cause is unknown" instead of starting the
	domain from scratch.

	https://bugzilla.redhat.com/show_bug.cgi?id=1460962

2017-06-13  Yi Wang  <wang.yi59@zte.com.cn>

	daemon: fix memory leak in daemonUnixSocketPaths
	@rundir, allocated by virGetUserRuntimeDirectory, is leaked in case
	virFileMakePath fails.

2017-06-13  Jiri Denemark  <jdenemar@redhat.com>

	cpu_ppc64: Add support for host-model on POWER9

2017-06-13  Philipp Hahn  <hahn@univention.de>

	qemu/doc: Fix function name for handling events
	Insert missing "IO" into function name.

2017-06-13  Andrea Bolognani  <abologna@redhat.com>

	qemu: Explain why mdevs are assumed to be PCI Express

2017-06-13  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	Use ATTRIBUTE_FALLTHROUGH
	Use ATTRIBUTE_FALLTHROUGH, introduced by commit
	5d84f5961b8e28e802f600bb2d2c6903e219092e, instead of comments to
	indicate that the fall through is an intentional behavior.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-06-13  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: add a comment for mon->watch
	Add a comment for mon->watch to make clear what's the purpose of this
	value.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-06-13  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	rpc: first allocate the memory and then set the count
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-06-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: tests: add vnc test to bhyvexml2xmltest
	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-06-12  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: Release address for redirected device hotplug attach failure
	The virDomainUSBAddressEnsure returns 0 or -1, so commit id 'de325472'
	checking for 1 like qemuDomainAttachChrDeviceAssignAddr was wrong.

2017-06-12  Pavel Hrdina  <phrdina@redhat.com>

	Revert "util: virqemu: introduce virQEMUBuildBufferEscape"
	This reverts commit 22b02f44920388534d3da65cc6f0a70714dcf075.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-06-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu: skip only ',' for VNC and Spice unix socket
	Commit 824272cb28d attempted to fix escaping of characters in unix
	socket path but it was wrong.  We need to escape only ',', there is
	no escape character for '='.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-06-12  Jie Wang  <wangjie88@huawei.com>

	qemu: Fix memory leak in qemuDomainBlockCopyCommon()
	Exiting early through the cleanup path did result in 'mirror'
	being leaked.

2017-06-09  Ján Tomko  <jtomko@redhat.com>

	qemu: report an error if usb keyboards are unsupported
	Be nicer to the user and report a proper error instead of:
	An error occurred, but the cause is unknown

	https://bugzilla.redhat.com/show_bug.cgi?id=1460086

2017-06-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: workaround readline prototypes warnings
	When building with clang 4.0.0, virsh build fails like this:

	gmake[3]: Entering directory '/usr/home/novel/code/libvirt/tools'
	  CC       virsh-virsh.o
	In file included from virsh.c:45:
	In file included from /usr/local/include/readline/readline.h:31:
	/usr/local/include/readline/rltypedefs.h:35:22: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
	typedef int Function () __attribute__ ((deprecated));
	                     ^
	                      void
	/usr/local/include/readline/rltypedefs.h:36:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
	typedef void VFunction () __attribute__ ((deprecated));
	                       ^
	                        void
	/usr/local/include/readline/rltypedefs.h:37:26: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
	typedef char *CPFunction () __attribute__ ((deprecated));
	                         ^
	                          void
	/usr/local/include/readline/rltypedefs.h:38:28: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
	typedef char **CPPFunction () __attribute__ ((deprecated));
	                           ^
	                            void
	In file included from virsh.c:45:
	/usr/local/include/readline/readline.h:385:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes]
	extern int rl_message ();
	                      ^
	                       void
	5 errors generated.
	gmake[3]: *** [Makefile:2823: virsh-virsh.o] Error 1

	Fix that by adding -D_FUNCTION_DEF to READLINE_CFLAGS to fix *Function
	related warnings and add a check for stdarg.h so we have HAVE_STDARG_H
	defined that's needed by the readline headers to use proper rl_message
	declaration.

	Bug report on the readline mailing list:

	 http://lists.gnu.org/archive/html/bug-readline/2017-05/msg00004.html

2017-06-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeNet: Forbid changing MTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1447618

	Currently, any attempt to change MTU on an interface that is
	plugged to a running domain is silently ignored. We should either
	do what's asked or error out. Well, we can update the host side
	of the interface, but we cannot change 'host_mtu' attribute for
	the virtio-net device. Therefore we have to error out.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-06-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set iface MTU on hotplug
	https://bugzilla.redhat.com/show_bug.cgi?id=1408701

	While implementing MTU (572eda12ad and friends), I've forgotten
	to actually set MTU on the host NIC in case of hotplug. We
	correctly tell qemu on the monitor what the MTU should be, but we
	are not actually setting it on the host NIC.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	qemu: format virtio-related options on the command line
	Format iommu_platform= and ats= for virtio devices.

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	qemuxml2argvtest: add virtio-options test case
	Add a test case to demonstrate the addition of new command line options

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to input devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to video
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to rng devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to filesystems
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to controllers
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to disks
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	add virtio-related options to memballoon
	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	Add virtio-related options to interfaces
	<interface type='user'>
	  <mac address='52:54:56:5a:5c:5e'/>
	  <model type='virtio'/>
	  <driver iommu='on' ats='on'/>
	</interface>

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	conf: use a leading space in virDomainVirtioNetDriverFormat
	Instead of formatting a space after every option.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	qemuxml2xmltest: add virtio-options test
	Add a test case with all the virtio devices we know to demonstrate
	the addition of new options.

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	qemu: format device-iotlb on intel-iommu command line
	Format the device-iotlb attribute.

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Ján Tomko  <jtomko@redhat.com>

	conf: add iotlb attribute to iommu
	Add a new iotlb attribute to the iommu device
	to control the device IOTLB support for intel-iommu.

	https://bugzilla.redhat.com/show_bug.cgi?id=1283251

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-08  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevOpenvswitchGetVhostuserIfname: Fix off by one error
	https://bugzilla.redhat.com/show_bug.cgi?id=1459091

	We try to get the last element of the passed path by calling
	strrch(path, '/'). However, the pointer that strrchr() returns
	points at the slash, We want string that starts right after that.

2017-06-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Query for vhostuser iface names at runtime
	https://bugzilla.redhat.com/show_bug.cgi?id=1459091

	Currently, we are querying for vhostuser interface name in post
	parse callback. At that time interface might not yet exist.
	However, it has to exist when starting domain. Therefore it makes
	more sense to query its name at that point. This partially
	reverts 57b5e27.

2017-06-07  Ján Tomko  <jtomko@redhat.com>

	virDomainControllerDefFormat: do not mix attributes and subelements
	Move out the PCI controller's subelements formatting out of the switch
	handling attributes. This removes the need for a few bool variables.

	conf: eliminate monster condition in virDomainControllerDefFormat
	Move most of the subelement formatting out of the giant if.

2017-06-07  Michal Privoznik  <mprivozn@redhat.com>

	virNetClientStreamQueuePacket: Set st->incomingEOF on the end of stream
	While reworking client side of streams, I had to postpone payload
	decoding so that stream holes and stream data can be
	distinguished in virNetClientStreamRecvPacket. That's merely what
	18944b7aea46d does. However, I accidentally removed one important
	bit: when server sends us an empty STREAM packet (with no
	payload) - meaning end of stream - st->incomingEOF flag needs to
	be set. It used to be before I touched the code. After I removed
	it, virNetClientStreamRecvPacket will try to fetch more data from
	the stream, but it will never come.

	Reviewed-by: Jim Fehlig <jfehlig@suse.com>

2017-06-07  Michal Privoznik  <mprivozn@redhat.com>

	virDomainNetDefParseXML: Fix typo
	In 9cb891141c we've introduced some logic to clearing suggested
	macvtap/macvlan ifnames. The logic consists of comparing ifname
	string with strings that libvirt would generate. However, due to
	a typo only VIR_NET_GENERATED_MACVTAP_PREFIX was compared. Twice.

2017-06-07  Laine Stump  <laine@laine.org>

	docs: correct improper information about domain states in virsh manpage
	Commit 24d4a0a1f removed the non-existent "dying" state from the list
	of possible domain states given in the virsh manpage, but didn't
	correct the count of states from 8 down to 7. This patch fixes that
	mismatch by completely removing any reference to the exact number of
	states (thus preventing a potential future mismatch), while wording
	the sentence in a more readable/truthful manner.

2017-06-07  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix serial stub console allocation
	When adding the aliased serial stub console, the structure wasn't
	properly allocated (VIR_ALLOC instead of virDomainChrDefNew) which then
	resulted in SIGSEGV in virDomainChrSourceIsEqual during a serial device
	coldplug.

	https://bugzilla.redhat.com/show_bug.cgi?id=1434278

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use updated CPU when starting QEMU if possible
	If QEMU is new enough and we have the live updated CPU definition in
	either save or migration cookie, we can use it to enforce ABI. The
	original guest CPU from domain XML will be stored in private data.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Store updated CPU in save cookie
	Since the domain XML saved in a snapshot or saved image uses the
	original guest CPU definition but we still want to enforce ABI when
	restoring the domain if libvirt and QEMU are new enough, we save the
	live updated CPU definition in a save cookie.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Send updated CPU in migration cookie
	Since the domain XML send during migration uses the original guest CPU
	definition but we still want the destination to enforce ABI if it is new
	enough, we send the live updated CPU definition in a migration cookie.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always send persistent XML during migration
	When persistent migration of a transient domain is requested but no
	custom XML is passed to the migration API we would just let the
	destination daemon make a persistent definition from the live definition
	itself. This is not a problem now, but once the destination daemon
	starts replacing the original CPU definition with the one from migration
	cookie before starting a domain, it would need to add more ugly hacks to
	reverse the operation. Let's just always send the persistent definition
	in the cookie to make things a bit cleaner.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report the original CPU in migratable xml
	The destination host may not be able to start a domain using the live
	updated CPU definition because either libvirt or QEMU may not be new
	enough. Thus we need to send the original guest CPU definition.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remember CPU def from domain start
	When starting a domain we update the guest CPU definition to match what
	QEMU actually provided (since it is allowed to add or removed some
	features unless check='full' is specified). Let's store the original CPU
	in domain private data so that we can use it to provide a backward
	compatible domain XML.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Store save cookie in save images and snapshots
	The following patches will add an actual content in the cookie and use
	the data when restoring a domain.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement virSaveCookie object and callbacks
	This patch implements a new save cookie object and callbacks for qemu
	driver. The actual useful content will be added in the object later.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	conf: Add save cookie callbacks to xmlopt
	virDomainXMLOption gains driver specific callbacks for parsing and
	formatting save cookies.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	conf: Introduce virSaveCookie
	The code will be used by snapshots and domain save/restore code to store
	additional data for a saved running domain. It is analogous to migration
	cookies, but simple and one way only.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce virQEMUSaveData structure
	The new structure encapsulates save image header and associated data
	(domain XML).

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor qemuDomainSaveHeader
	The function is now called virQEMUSaveDataWrite and it is now doing
	everything it needs to save both the save image header and domain XML to
	a file. Be it a new file or an existing file in which a user wants to
	change the domain XML.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce virQEMUSaveDataFinish
	The function is supposed to update the save image header after a
	successful migration to the save image file.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce virQEMUSaveData{New,Free}
	This is a preparation for creating a new virQEMUSaveData structure which
	will encapsulate all save image header data.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leaks in qemuDomainSaveImageOpen
	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rename xml_len in virQEMUSaveHeader as data_len
	Since virQEMUSaveHeader will be followed by more than just domain XML,
	the old name would be confusing as it was designed to describe the
	length of all data following the save image header.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	conf: Pass xmlopt to virDomainSnapshotDefFormat
	This will be used later when a save cookie will become part of the
	snapshot XML using new driver specific parser/formatter functions.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	conf: Make virDomainSnapshotDefFormat easier to read
	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

	conf: Refactor virCPUDefParseXML
	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	conf: Make error reporting in virCPUDefIsEqual optional
	The function will be used in paths where mismatching CPU defs are not an
	error.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-06-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add support for VIR_DOMAIN_BLOCK_COPY_TRANSIENT_JOB
	Allow using the new flag with virsh.

2017-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Conditionally allow block-copy for persistent domains
	Allow starting the block-copy job for a persistent domain if a user
	declares by using a flag that the job will not be recovered if the VM is
	switched off while the job is active.

	This allows to use the block-copy job with persistent VMs under the same
	conditions as would apply to transient domains.

2017-06-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Set operation on completed migration job
	Without this patch libvirt would just report the operation of a
	completed job as "unknown" instead of "incoming migration".

	https://bugzilla.redhat.com/show_bug.cgi?id=1457052

2017-06-06  John Ferlan  <jferlan@redhat.com>

	interface: Convert virInterfaceObj to use virObjectLockable
	Now that we have a bit more control, let's convert our object into
	a lockable object and let that magic handle the create and lock/unlock.

	This commit also introduces virInterfaceObjEndAPI in order to handle the
	lock unlock and object unref in one call for consumers returning a NULL
	obj upon return. This removes the need for virInterfaceObj{Lock|Unlock}
	external API's.

2017-06-06  John Ferlan  <jferlan@redhat.com>

	interface: Consume @def in virInterfaceObjNew
	Move the consumption of @def in virInterfaceObjNew and then handle that
	in the error path of virInterfaceObjListAssignDef since it's caller expects
	to need to free @def when NULL is returned and so would virInterfaceObjFree.

	interface: Introduce virInterfaceObjNew
	Create/use a helper to perform the object allocation

2017-06-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Save vcpu ordering information on reconnect
	vCPU ordering information would not be updated if a vCPU emerged or
	disappeared during the time libvirtd is not running. This allowed to
	create invalid configuration like:

	    [...]
	    <vcpu id='56' enabled='yes' hotpluggable='yes' order='57'/>
	    <vcpu id='57' enabled='yes' hotpluggable='yes' order='58'/>
	    <vcpu id='58' enabled='yes' hotpluggable='yes'/>

	Call the function that records the information on reconnect.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1451251

2017-06-05  Michal Privoznik  <mprivozn@redhat.com>

	virFDStreamThread: Make sure we won't exceed @length
	There's a problem with current streams after I switched them from
	iohelper to thread implementation. Previously, iohelper made sure
	not to exceed specified @length resulting in the pipe EOF
	appearing at the exact right moment (the pipe was used to tunnel
	the data from the iohelper to the daemon). Anyway, when switching
	to thread I had to write the I/O code from scratch. Whilst doing
	that I took an inspiration from the iohelper code, but since the
	usage of pipe switched to slightly different meaning, there was
	no 1:1 relationship between the codes.

	Moreover, after introducing VIR_FDSTREAM_MSG_TYPE_HOLE, the
	condition that should made sure we won't exceed @length was
	completely wrong.

	The fix is to:

	a) account for holes for @length
	b) cap not just data sections but holes too (if @length would be
	exceeded)

	For this purpose, the condition needs to be brought closer to the
	code that handles holes and data sections.

2017-06-05  Ján Tomko  <jtomko@redhat.com>

	conf: only format <controller> as a pair tag when needed
	Make the decision based on the usage of childBuf buffer.

	This fixes the oddity in the test case introduced by commit c1c4d0d
	where we would format an empty pair tag.

2017-06-05  Ján Tomko  <jtomko@redhat.com>

	conf: use a separate buffer for the subelements of <controller>
	We need to decide whether to format <controller> as a single tag
	or if it has any subelements.

	Rewrite the function to use a separate buffer for subelements,
	to make adding new options easier.

2017-06-05  Ján Tomko  <jtomko@redhat.com>

	conf: introduce virDomainControllerDriverFormat
	Split out formatting the <driver> subelement of <controller>
	to make adding new options easier.

2017-06-05  Martin Kletzander  <mkletzan@redhat.com>

	audit: Fix the output message for shmem
	After some discussion on and off the linux-audit mailing list, we
	should use different fields for the audit messages.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603

2017-06-05  Martin Kletzander  <mkletzan@redhat.com>

	remote: Consolidate remoteStream{Abort,Finish} functions
	They do the same thing with only one difference.  Let's put them
	together (like we already do with virFDStreamCloseInt) so that future
	changes don't miss one of the implementations.  Also to clean up the
	code.

2017-06-05  Michal Privoznik  <mprivozn@redhat.com>

	bhyveargv2xmltest: Fix call of virDomainDefCheckABIStability
	In 4f0aeed I've expanded the list of arguments for
	virDomainDefCheckABIStability() but I forgot to fix
	bhyveargv2xmltest.

2017-06-05  Martin Kletzander  <mkletzan@redhat.com>

	Reset the whole stack in testutils
	The memset() was resetting only 30 bytes in the array (size of the
	array), but it is array of pointers.  Since it is a static array,
	let's just reset it by its size.

	Found by gcc-7.1:

	  testutils.c: In function 'virTestRun':
	  testutils.c:243:13: error: 'memset' used with length equal to number
	  of elements without multiplication by element size [-Werror=memset-elt-size]
	    memset(testAllocStack, 0, ARRAY_CARDINALITY(testAllocStack));
	    ^~~~~~

2017-06-05  Eli Qiao  <liyong.qiao@intel.com>

	Expose resource control capabilities for caches
	Add cache resource control into capabilities for CAT without CDP:

	  <cache>
	    <bank id='0' level='3' type='unified' size='15360' unit='KiB' cpus='0-5'>
	      <control min='768' unit='KiB' scope='both' max_allocation='4'/>
	    </bank>
	  </cache>

	and with CDP:

	  <cache>
	    <bank id='0' level='3' type='unified' size='15360' unit='KiB' cpus='0-5'>
	      <control min='768' unit='KiB' scope='code' max_allocation='4'/>
	      <control min='768' unit='KiB' scope='data' max_allocation='4'/>
	    </bank>
	  </cache>

	Also add new test cases for vircaps2xmltest.

2017-06-05  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUDriverDomainABIStability: Check for memoryBacking
	https://bugzilla.redhat.com/show_bug.cgi?id=1450349

	Problem is, qemu fails to load guest memory image if these
	attribute change on migration/restore from an image.

2017-06-05  Michal Privoznik  <mprivozn@redhat.com>

	virDomainXMLOption: Introduce virDomainABIStabilityDomain
	While checking for ABI stability, drivers might pose additional
	checks that are not valid for general case. For instance, qemu
	driver might check some memory backing attributes because of how
	qemu works. But those attributes may work well in other drivers.

2017-06-03  John Ferlan  <jferlan@redhat.com>

	nodedev: Remove privateData from virNodeDeviceObj
	It was only ever used in node_device_hal.c which really never used it
	anyway since the NODE_DEV_UDI was never referenced.  Remove free_udi()
	and @privData as well as the references to obj->privateData & obj->privateFree.

	nodedev: Introduce virNodeDeviceObjGetDef
	In preparation for privatizing the virNodeDeviceObj - create an accessor
	for the @def field and then use it for various callers.

	nodedev: Create helper for finding by name in driver
	Create nodeDeviceObjFindByName which will perform the corresponding
	virNodeDeviceObjFindByName call for various node_device_driver callers
	rather than having the same repetitive code.

	nodedev: Alter param to nodeDeviceUpdateCaps
	Rather than taking an virNodeDeviceObjPtr and dereffing the obj->def,
	just pass the def.

2017-06-03  John Ferlan  <jferlan@redhat.com>

	nodedev: Alter param to nodeDeviceUpdateDriverName
	Rather than taking an virNodeDeviceObjPtr and dereffing the obj->def,
	just pass the def.

	Also check for an error in the function to have the calling function goto
	cleanup on error.

2017-06-03  John Ferlan  <jferlan@redhat.com>

	nodedev: Cleanup driver code and prototypes
	Alter the node_device_driver source and prototypes to follow more
	recent code style guidelines w/r/t spacing between functions, format
	of the function, and the prototype definitions.

	While the new names for nodeDeviceUpdateCaps, nodeDeviceUpdateDriverName,
	and nodeDeviceGetTime don't follow exactly w/r/t a "vir" prefix, they
	do follow other driver nomenclature style.

2017-06-03  John Ferlan  <jferlan@redhat.com>

	nodedev: Use switch for virNodeDeviceObjHasCap and virNodeDeviceCapMatch
	In order to ensure that whenever something is added to virNodeDevCapType
	that both functions are considered for processing of a new capability,
	change the if-then-else construct into a switch statement.

2017-06-03  John Ferlan  <jferlan@redhat.com>

	nodedev: Need to check for vport capable scsi_host for vHBA searches
	When searching for an NPIV capable fc_host, not only does there need to
	be an "fc_host" capability with the specified wwnn/wwpn or fabric_wwn,
	but that scsi_host must be vport capable; otherwise, one could end up
	picking an exising vHBA/NPIV which wouldn't be good.

	Currently not a problem since scsi_hosts are in an as found forward linked
	list and the vport capable scsi_hosts will always appear before a vHBA by
	definition. However, in the near term future a hash table will be used to
	lookup the devices and that could cause problems for these algorithms.

2017-06-02  John Ferlan  <jferlan@redhat.com>

	interface: Clean up virInterfaceObjListFindByMACString
	Alter the algorithm to return a list of matching names rather than a
	list of match virInterfaceObjPtr which are then just dereferenced
	extracting the def->name and def->mac. Since the def->mac would be
	the same as the passed @mac, just return a list of names and as long
	as there's only one, extract the [0] entry from the passed list.
	Also alter the error message on failure to include the mac that wasn't
	found.

	interface: Rename some virInterfaceObj* API's
	Prefix should have been virInterfaceObjList since the API is operating
	on the list of interfaces.

2017-06-02  John Ferlan  <jferlan@redhat.com>

	interface: Make _virInterfaceObjList struct private
	Move the structs into virinterfaceobj.c, create necessary accessors, and
	initializers.

	This also includes reworking virInterfaceObjListClone to handle receiving
	a source interfaces list pointer, creating the destination interfaces object,
	and copying everything from source into dest.

2017-06-02  John Ferlan  <jferlan@redhat.com>

	interface: Make _virInterfaceObj struct private
	Move the struct into virinterfaceobj.c, create necessary accessors, and
	initializers.

2017-06-02  John Ferlan  <jferlan@redhat.com>

	interface: Use virInterfaceDefPtr rather than deref from virInterfaceObjPtr
	We're about to make the obj much more private, so make it easier to
	see future changes which will require accessors for the obj->def

	This also includes modifying some interfaces->objs[i]->X references to be
	obj = interfaces->objs[i]; and then def = obj->def

2017-06-02  John Ferlan  <jferlan@redhat.com>

	interface: Remove some unnecessary goto's for Interface tests
	Rather than using goto cleanup on object find failure and having cleanup
	need to check if the obj was present before unlocking, just return immediately.

	interface: Consistently use 'obj' for a virInterfaceObjPtr
	Alter variable names to be obj rather than 'iface' and/or 'obj'.

2017-06-02  Peter Krempa  <pkrempa@redhat.com>

	daemon: Don't initialize SASL context if not necessary
	SASL context would be initialized even if the corresponding TCP or TLS
	sockets are not enabled.

	fe772f24a68 attempted to fix the symptom by commenting out the settings,
	but that did not fix the root cause. 3c647ee4bbb later reverted those
	changes so that the more secure algorithm is used.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450095

2017-06-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't error out if allocation info can't be queried
	qemuDomainGetBlockInfo would error out if qemu did not report
	'wr_highest_offset'. This usually does not happen, but can happen
	briefly during active layer block commit. There's no need to report the
	error, we can simply report that the disk is fully alocated at that
	point.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452045

2017-06-02  Julio Faracco  <jcfaracco@gmail.com>

	util: remove dead code inside virstoragefile
	The host address or the socket path have already been checked at the
	begining of the function virStorageSourceParseNBDColonString(). So,
	when the parameter is not a unix socket, there is no reason to check
	the address again because if it does not exists, the logic will fail
	in the first IF conditional.

	util: fix wrong comparison inside virStoragePermsCopy()
	VIR_STRDUP returns -1 if the string copy was not successful. So, the
	current comparison/logic is throwing an error when VIR_STRDUP() returns
	1. Only when source is NULL, it is considering as a success which is
	not right.

2017-06-02  Peter Krempa  <pkrempa@redhat.com>

	Post-release version bump to 3.5.0

2017-06-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.4.0
	* docs/news.xml: updated for the release
	* po/*.po*: regenerated

2017-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix closing XML element in news file

2017-06-01  Martin Kletzander  <mkletzan@redhat.com>

	news: Minor cleanups

	Add some news items for the 3.4.0 release

2017-05-31  Michal Privoznik  <mprivozn@redhat.com>

	qemu: mkdir memory_backing_dir on startup
	In 48d9e6cdcc and friends we've allowed users to back guest
	memory by a file inside the host. And in order to keep things
	manageable the memory_backing_dir variable was introduced to
	qemu.conf to specify the directory where the files are kept.
	However, libvirt's policy is that directories are created on
	domain startup if they don't exist. We've missed this one.

2017-05-31  Erik Skultety  <eskultet@redhat.com>

	udev: Fix build on older platforms
	Caused by commit @d1eea6c1 due to the missing symbol on older platforms.

2017-05-30  Erik Skultety  <eskultet@redhat.com>

	qemu: json: Fix daemon crash on handling domain shutdown event
	commit a8eba5036 added further checking of the guest shutdown cause, but
	this enhancement is available since qemu 2.10, causing a crash because
	of a NULL pointer dereference on older qemus.

	Thread 1 "libvirtd" received signal SIGSEGV, Segmentation fault.
	0x00007ffff72441af in virJSONValueObjectGet (object=0x0,
	                                             key=0x7fffd5ef11bf "guest")
	    at util/virjson.c:769
	769	    if (object->type != VIR_JSON_TYPE_OBJECT)
	(gdb) bt
	0  in virJSONValueObjectGet
	1  in virJSONValueObjectGetBoolean
	2  in qemuMonitorJSONHandleShutdown
	3  in qemuMonitorJSONIOProcessEvent
	4  in qemuMonitorJSONIOProcessLine
	5  in qemuMonitorJSONIOProcess
	6  in qemuMonitorIOProcess

2017-05-30  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	util: hostcpu: Correctly report total number of vcpus in virHostCPUGetMap
	Callers expect the return value to be the total number of vcpus in the
	host (including offline vcpus). The refactor in c67e04e25fa58104e0fae41
	broke this assumption by using virHostCPUGetOnlineBitmap which only
	creates a bitmap long enough to hold the last online vcpu.

	Report the full number of host vcpus by returning value from
	virHostCPUGetCount().

2017-05-29  ning.bo  <ning.bo9@zte.com.cn>

	nodedev: Increase the netlink socket buffer size to the one used by udev
	When a number of SRIOV VFs (up to 128 on Intel XL710) is created:
	for i in `seq 0 1`; do
	  echo 63 > /sys/class/net/<interface>/device/sriov_numvfs
	done

	libvirtd will then report "udev_monitor_receive_device returned NULL"
	error because the netlink socket buffer is not big enough (using GDB on
	libudev confirmed this with ENOBUFFS) and thus some udev events were
	dropped. This results in some devices being missing in the nodedev-list
	output. This patch overrides the system's rmem_max limit but for that,
	we need to make sure we've got root privileges.

	https://bugzilla.redhat.com/show_bug.cgi?id=1450960

2017-05-29  Michal Privoznik  <mprivozn@redhat.com>

	virCapabilitiesInitCaches: Don't leak @cpus
	The @cpus is allocated by virFileReadValueBitmap() but never
	freed:

	==21274== 40 (32 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 808 of 1,004
	==21274==    at 0x4C2E080: calloc (vg_replace_malloc.c:711)
	==21274==    by 0x54BA561: virAlloc (viralloc.c:144)
	==21274==    by 0x54BC604: virBitmapNewEmpty (virbitmap.c:126)
	==21274==    by 0x54BD059: virBitmapParseUnlimited (virbitmap.c:570)
	==21274==    by 0x54EECE9: virFileReadValueBitmap (virfile.c:4113)
	==21274==    by 0x5563132: virCapabilitiesInitCaches (capabilities.c:1548)
	==21274==    by 0x2BB86E59: virQEMUCapsInit (qemu_capabilities.c:1132)
	==21274==    by 0x2BBEC067: virQEMUDriverCreateCapabilities (qemu_conf.c:928)
	==21274==    by 0x2BC3DEAA: qemuStateInitialize (qemu_driver.c:845)
	==21274==    by 0x5625AAC: virStateInitialize (libvirt.c:770)
	==21274==    by 0x124519: daemonRunStateInit (libvirtd.c:881)
	==21274==    by 0x554C927: virThreadHelper (virthread.c:206)

2017-05-26  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix virfcp build on non-Linux
	 - Include virerror.h for virReportSystemError
	 - Rename stub functions to match original function names

2017-05-26  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	docs: update news.xml
	Mention CCW and fc_remote_port capablities in the news.xml file.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-05-26  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	node_device: introduce new capability FC_RPORT
	Similar to scsi_host and fc_host, there is a relation between a
	scsi_target and its transport specific fc_remote_port. Let's expose this
	relation and relevant information behind it.

	An example for a virsh nodedev-dumpxml:

	    virsh # nodedev-dumpxml scsi_target0_0_0
	    <device>
	      <name>scsi_target0_0_0</name>
	      <path>/sys/devices/[...]/host0/rport-0:0-0/target0:0:0</path>
	      <parent>scsi_host0</parent>
	      <capability type='scsi_target'>
	        <target>target0:0:0</target>
	        <capability type='fc_remote_port'>
	          <rport>rport-0:0-0</rport>
	          <wwpn>0x9d73bc45f0e21a86</wwpn>
	        </capability>
	      </capability>
	    </device>

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-05-26  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	util: helper functions for fibre channel devices
	We will need some convenient helper functions for managing sysfs-entries
	for fibre channel-backed devices. Let's implement them and make them
	available in the private API.

2017-05-26  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	virsh: nodedev: ability to filter CCW capabilities
	Now that the node_device driver is aware of CCW devices, let's hook up
	virsh so that we can filter them properly.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>

2017-05-26  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	node_device: detect CCW devices
	Make CCW devices available to the node_device driver. The devices are
	already seen by udev so let's implement necessary code for detecting
	them properly.

	Topologically, CCW devices are similar to PCI devices, e.g.:

	    +- ccw_0_0_1a2b
	        |
	        +- scsi_host0
	            |
	            +- scsi_target0_0_0
	                |
	                +- scsi_0_0_0_0

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-05-26  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	node_device: Unlock obj in case of an error too
	Unlock @obj in case of an error too.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-05-26  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	node_device: Use the @cap iterator variable
	Since the switch statement is already using the deref'd @cap variable
	and the VIR_NODE_DEV_CAP_NET case uses it, the SCSI_HOST and PCI_DEV
	cases may as well use it too.

	Suggested-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-05-26  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Report shutdown event details
	QEMU will likely report the details of it shutting down, particularly
	whether the shutdown was initiated by the guest or host.  We should
	forward that information along, at least for shutdown events.  Reset
	has that as well, however that is not a lifecycle event and would add
	extra constants that might not be used.  It can be added later on.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1384007

2017-05-26  Richard W.M. Jones  <rjones@redhat.com>

	rpc: Allow up to 256K records to be returned per domain from virConnectGetAllDomainStats.
	The number of records that virConnectGetAllDomainStats can return per
	domain is currently limited to 4096.  This is quite low -- for
	example, a single guest with ~320 disks will hit this limit.  This
	increases the limit to make it much larger.  Note that
	VIR_NET_MESSAGE_MAX still protects the total message size in the case
	where there are many domains and many disks per domain.

	I tested this using a guest with 500 disks with no issues.

	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1440683

2017-05-26  Richard W.M. Jones  <rjones@redhat.com>

	rpc: Double buffer size instead of quadrupling buffer size.
	When increasing the buffer size up to VIR_NET_MESSAGE_MAX, we
	currently quadruple it each time.  This unfortunately means that we
	cannot allow certain buffer sizes -- for example the current
	VIR_NET_MESSAGE_MAX == 33554432 can never be "hit" since ‘newlen’
	jumps from 16MB to 64MB.

	Instead of quadrupling, double it each time.

	Thanks: Daniel Berrange.

2017-05-26  Peter Krempa  <pkrempa@redhat.com>

	node: Don't return invalid pointers
	Commit 4337bc57be introduced code that would in certain error paths
	unref the last reference of a pointer, but return it.

	Clear the pointers before returning them.

2017-05-26  Yi Wang  <wang.yi59@zte.com.cn>

	node_device: fix memory leak in nodeDeviceSysfsGetSCSIHostCaps
	@tmp is leaked after the second call to virVHBAGetConfig within
	virVHBAIsVportCapable code block because it wasn't freed after making the
	first call to the function.

	util: fix memory leak in virSocketAddrFormatFull
	The @ipv6_host allocated in virAsprintf may be lost when virAsprintf
	addrstr failed.

2017-05-26  Julio Faracco  <jcfaracco@gmail.com>

	lxc: Fix wrong VIR_FREE after a return statement
	There is a VIR_FREE after a return statement. That code section is never
	executed and for this reason the "tty" variable is not being freed. This
	commit rearranges the logic.

	m4: Fix missing with_acl variable
	This commit fixes an acl missing variable. The virt-acl.m4 inside the
	macro directory does not contain the variable 'with_acl'. So, it is
	being set as an empty string "with_acl=''". This is causing a missing
	option during the configuration, even if you have acl libs installed.

2017-05-26  Ján Tomko  <jtomko@redhat.com>

	qemu: format eim on intel-iommu command line
	This option turns on extended interrupt mode,
	which allows more than 255 vCPUs.

	https://bugzilla.redhat.com/show_bug.cgi?id=1451282

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-05-26  Ján Tomko  <jtomko@redhat.com>

	conf: add eim attribute to <iommu><driver>
	Add an attribute to control extended interrupt mode.

	https://bugzilla.redhat.com/show_bug.cgi?id=1451282

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-05-25  John Ferlan  <jferlan@redhat.com>

	virsh: Track when create pkttyagent
	https://bugzilla.redhat.com/show_bug.cgi?id=1374126

	Due to how the processing for authentication using polkit works, the
	virshConnect code must first "attempt" an virConnectOpenAuth and then
	check for a "special" return error code VIR_ERR_AUTH_UNAVAILABLE in
	order to attempt to "retry" the authentication after performing a creation
	of a pkttyagent to handle the challenge/response for the client.

	However, if pkttyagent creation is not possible for the authentication
	being attempted (such as perhaps a "qemu+ssh://someuser@localhost/system"),
	then the same failure pattern would be returned and another attempt to
	create a pkttyagent would be done. This would continue "forever" until
	someone forced quit (e.g. ctrl-c) from virsh as the 'authfail' was not
	incremented when creating the pkttyagent.

	So add a 'agentCreated' boolean to track if we've attempted to create the
	agent at least once and force a failure if that creation returned the same
	error pattern.

	This resolves a possible never ending loop and will generate an error:

	error: failed to connect to the hypervisor
	error: authentication unavailable: no polkit agent available to authenticate action 'org.libvirt.unix.manage'

	NB: If the authentication was for a sufficiently privileged client, such as
	qemu+ssh://root@localhost/system, then the remoteDispatchAuthList "allows"
	the authentication to use libvirt since @callerUid would be 0.

2017-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use correct variable in qemuDomainSetBlockIoTune
	'param' contains the correct element from 'params'.

	If the group name would not be the first parameter libvirtd would crash.

	Introduced in c53bd25b13.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1455510

2017-05-25  Claudio André  <claudioandre.br@gmail.com>

	CI: show the log in case of failure
	Disclose the content of the 'test-suite.log' file (if available) in
	case of failures inside Travis-CI. This is needed to understand what
	happened and to provide hints about the proper fix (if applicable).

2017-05-25  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDefCheckABIStabilityFlags: move memtune checks into a separate function
	The checks are scattered all over the place. Move them into a
	single function.

2017-05-24  Chen Hanxiao  <chenhanxiao@gmail.com>

	util: display leading zeros of USB vendor/product id's in log messages
	Many vendor id's and product id's have leading zeros.  We should show
	them in the logs.

	Reviewed-by: Laine Stump <laine@laine.org>

2017-05-24  Yi Wang  <wang.yi59@zte.com.cn>

	qemu: Fix memory leak in qemuDomainUpdateMemoryDeviceInfo
	The @meminfo allocated in qemuMonitorGetMemoryDeviceInfo() may be
	lost when qemuDomainObjExitMonitor() failed.

2017-05-24  John Ferlan  <jferlan@redhat.com>

	conf: Resolve corner case on fc_host deletion
	https://bugzilla.redhat.com/show_bug.cgi?id=1420740

	Testing found an inventive way to cause an error at shutdown by providing the
	parent name for the fc host creation using the "same name" as the HBA. Since
	the code thus assumed the parent host name provided was the parent HBA and
	just extracted out the host number and sent that along to the vport_destroy
	this avoided checks made for equality.

	So just add the equality check to that path to resolve.

2017-05-24  Pavel Hrdina  <phrdina@redhat.com>

	conf: fix build issue caused by shadowing global declaration

2017-05-24  Peter Krempa  <pkrempa@redhat.com>

	rpc: Bump maximum message size to 32M
	While most of the APIs are okay with 16M messages, the bulk stats API
	can run into the limit in big configurations. Before we devise a new
	plan for this, bump this limit slightly to accomodate some more configs.

2017-05-24  Pavel Hrdina  <phrdina@redhat.com>

	conf: don't iterate over backcompat console in virDomainChrDefForeach
	If the first console is just a copy of the first serial device we
	don't need to iterate over the same device twice in order to perform
	actions like security labeling, cgroup configuring, etc.

	Currently only security SELinux manager was aware of this fact.

2017-05-24  Konstantin Neumoin  <kneumoin@virtuozzo.com>

	vz: minor cleanup in prlsdkDomainSetUserPassword
	No need begin job for asynchronous operation.

	vz: fix raise in vzDomainBlock
	Put domain access after acquiring job condition, otherwise
	another job can change it meanwhile.

	vz: unlock dom until resize operation
	We have to use waitDomainJob instead of waitJob, because of it
	unlock the domain until job has finished, so domain will be available
	for other clients.

2017-05-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Properly check return value of VIR_STRDUP in qemuDomainGetBlockIoTune
	Setting the 'group_name' for a disk would falsely trigger a error path
	as in commit 4b57f76502 we did not properly check the return value of
	VIR_STRDUP.

2017-05-23  Jim Fehlig  <jfehlig@suse.com>

	libxl: add default controllers for USB devices
	Attempting to start a domain with USB hostdevs but no USB controllers
	fails with the rather cryptic error

	libxl: error: libxl_qmp.c:287:qmp_handle_error_response: received an
	error message from QMP server: Bus 'xenusb-0.0' not found

	This can be fixed by creating default USB controllers. When no USB
	controllers are defined, create the number of 8 port controllers
	necessary to accommodate the number of defined USB devices.

	Note that USB controllers are already created as needed in the
	domainAttachDevice code path. E.g. a USB controller will be created,
	if necessary, when attaching a USB device with
	'virsh attach-device dom usbdev.xml'.

2017-05-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Clear priv->namespaces on VM shutdown
	Otherwise the private data entry would be kept across instances of the
	same VM even if it's not configured to do so.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453142

2017-05-22  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	qemu: Remove unused variables in qemuDomainUpdateDeviceConfig
	priv and qemuCaps variables are not used anymore.

2017-05-22  Laine Stump  <laine@laine.org>

	Revert "qemu: propagate bridge MTU into qemu "host_mtu" option"
	This reverts commit 2841e675.

	It turns out that adding the host_mtu field to the PCI capabilities in
	the guest bumps the length of PCI capabilities beyond the 32 byte
	boundary, so the virtio-net device gets 64 bytes of ioport space
	instead of 32, which offsets the address of all the other following
	devices. Migration doesn't work very well when the location and length
	of PCI capabilities of devices is changed between source and
	destination.

	This means that we need to make sure that the absence/presence of
	host_mtu on the qemu commandline always matches between source and
	destination, which means that we need to make setting of host_mtu an
	opt-in thing (it can't happen automatically when the bridge being used
	has a non-default MTU, which is what commit 2841e675 implemented).

	I do want to re-implement this feature with an <mtu auto='on'/>
	setting, but probably won't backport that to any stable branches, so
	I'm first reverting the original commit, and that revert can be pushed
	to the few releases that have been made since the original (3.1.0 -
	3.3.0)

	Resolves: https://bugzilla.redhat.com/1449346

2017-05-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: add default listen address for VNC and spice
	If a VNC listen address is not specified in domXML, libxl
	will default to 127.0.0.1, but this is never reflected in the domXML.
	In the case of spice, a missing listen address resulted in listening
	on all interfaces, i.e. '0.0.0.0'. If not specified, set the listen
	address in virDomainGraphicsDef struct to the libxl default when
	creating the frame buffer device. Additionally, set default spice
	listen address to 127.0.0.1.

	maint: define a macro for IPv4 loopback address
	Use a macro instead of hardcoding "127.0.0.1" throughout the
	sources.

2017-05-22  Daniel P. Berrange  <berrange@redhat.com>

	Provide a useful README file
	The current README file contents has almost no useful info, and that
	which does exist is very outdated.

	Reviewed-by: Andrea Bolognani <abologna@redhat.com>

2017-05-22  Michal Privoznik  <mprivozn@redhat.com>

	virStreamSparseSendAll: Reset @want in each iteration
	There's a slight problem with the current function. Assume we are
	currently in a data section and we have say 42 bytes until next
	section. Therefore, just before (handler) is called to fill up
	the buffer with data, @want is changed to 42 to match the amount
	of data left in the current section. However, after hole is
	processed, we are back in data section but with incredibly small
	@want size. Nobody will ever reset it back. This results in
	incredible data fragmentation.

2017-05-22  Andrea Bolognani  <abologna@redhat.com>

	docs: Update pointer to networking information
	Commit 6fb5dd4fd804 removed docs/archnetwork.html.in, but
	left behind a pointer to it in docs/formatnetwork.html.in.

	Update it so that it points to the wiki, which contains
	more detailed and recent information anyway.

2017-05-22  Michal Privoznik  <mprivozn@redhat.com>

	virCapabilitiesInitCaches: Don't leak cache dir
	To every virDirOpen we must have VIR_DIR_CLOSE otherwise FD is
	leaked.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-05-22  Ján Tomko  <jtomko@redhat.com>

	Do not release unreserved address in qemuDomainAttachRNGDevice
	Only set releaseaddr to true after the address has been
	reserved successfully.

	https://bugzilla.redhat.com/show_bug.cgi?id=1452581

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-05-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: print correct vcpu when validating hot(un)plug config
	The error message would contain first vcpu id after the list of vcpus
	selected for modification. To print the proper vcpu id remember the
	first vcpu selected to be modified.

2017-05-22  Wang King  <king.wang@huawei.com>

	util: Don't leak @reply in virSystemdGetMachineNameByPID
	@reply is a DBusMessage object returned by virDBusCallMethod in
	get machine object call path, dereference it before calling
	virDBusCallMethod again to get machine name.

2017-05-22  Julio Faracco  <jcfaracco@gmail.com>

	test: fixing variable names for test suite inside configure.ac.
	Both variables for gcov and oom have wrong names inside configure.ac.
	For this reason, the Test Suite configuration is not showing the current
	configuration.

	Before patching:
	configure:    windres: no
	configure:
	configure: Test suite
	configure:
	configure:          Coverage:
	configure:         Alloc OOM:
	configure:
	configure: Miscellaneous

	After patching (using --enable-test-coverage and --enable-test-oom):
	configure:    windres: no
	configure:
	configure: Test suite
	configure:
	configure:          Coverage: yes
	configure:         Alloc OOM: yes
	configure:
	configure: Miscellaneous

2017-05-19  Wim ten Have  <wim.ten.have@oracle.com>

	xenconfig: fix handling of NULL disk source
	It is possible to crash libvirtd when converting xl native config to
	domXML when the xl config contains an empty disk source, e.g. an empty
	CDROM. Fix by checking that the disk source is non-NULL before parsing it.

2017-05-19  Michal Privoznik  <mprivozn@redhat.com>

	virfiletest: include linux/falloc.h
	On systems with older glibc including fcntl.h for getting
	FALLOC_FL_PUNCH_HOLE defined is not enough. We must also include
	linux/falloc.h.

	virfiletest: Test virFileInData iff SEEK_HOLE is defined
	Yet another place where we need to wrap code in
	HAVE_DECL_SEEK_HOLE block.

	virfile: Provide stub for virFileInData
	Some older systems (such as RHEL6) lack SEEK_HOLE and SEEK_DATA
	which virFileInData relies on. Provide a stub for these systems.

2017-05-19  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't assign value from ..TypeFromString directly to enum
	Enums are unsigned, so it's impossible to check whether the helper
	returned -1 for invalid conversions.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452454

2017-05-19  Felix Geyer  <fgeyer@debian.org>

	apparmor, virt-aa-helper: Explicit denies for host devices
	Add explicit denies for disk devices to avoid cluttering dmesg with
	(acceptable) denials.

	Acked-by: Guido Günther <agx@sigxcpu.org>

2017-05-19  Felix Geyer  <fgeyer@debian.org>

	apparmor, virt-aa-helper: Allow access to libnl-3 config files
	Allow access to libnl-3 config files

	Acked-by: Guido Günther <agx@sigxcpu.org>

2017-05-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Don't bother extracting vCPU halted state in text monitor
	The code causes the 'offset' variable to be overwritten (possibly with
	NULL if neither of the vCPUs is halted) which causes a crash since the
	variable is still used after that part.

	Additionally there's a bug, since strstr() would look up the '(halted)'
	string in the whole string rather than just the currently processed line
	the returned data is completely bogus.

	Rather than switching to single line parsing let's remove the code
	altogether since it has a commonly used JSON monitor alternative and
	the data itself is not very useful to report.

	The code was introduced in commit cc5e695bde

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452106

2017-05-19  Julio Faracco  <jcfaracco@gmail.com>

	datatypes: removing unnecessary return statement.
	There is a wrong 'return' statement after a 'goto' statement inside the
	function virConnectCloseCallbackDataRegister(). This commit only removes
	the 'return'.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	virStream: Forbid negative seeks
	Currently, we don't assign any meaning to that. Our current view
	on virStream is that it's merely a pipe. And pipes don't support
	seeking.

	news: Document sparse streams

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	nodedev: mdev: Fix build caused by symbol shadowing
	GCC 4.6 complains about a local declaration shadowing a global symbol.

2017-05-18  Wang King  <king.wang@huawei.com>

	util: Do not leak @handles in stop netlink event service
	Commit e3ba4025 introduced srv->handles and VIR_RESIZE_N to allocate
	@handles as necessary, but did not free the handles during when calling
	virNetlinkEventServiceStop.

	util: Deduplicate code in virNetlinkEventServiceStopAll
	Commit 15a71e60 introduced the virNetlinkEventServiceStopAll function, and
	the code in virNetlinkEventServiceStop is copied to this function, so just
	call virNetlinkEventServiceStop instead.

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	docs: Document the mediated devices within the nodedev driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1452072

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	nodedev: Introduce mdev capability for mediated devices
	Start discovering the mediated devices on the host system and format the
	attributes for the mediated device into the XML. Compared to the parent
	device which reports generic information about the abstract mediated
	devices types, a child device only reports the type name it has been
	instantiated from and the IOMMU group number, since that's device
	specific compared to the rest of the info that can be gathered about
	mediated devices at the moment.
	This patch introduces both the formatting and parsing routines, updates
	nodedev.rng schema, adding a testcase as well.

	The resulting mdev child device XML:
	<device>
	  <name>mdev_4b20d080_1b54_4048_85b3_a6a62d165c01</name>
	  <path>/sys/devices/.../4b20d080-1b54-4048-85b3-a6a62d165c01</path>
	  <parent>pci_0000_06_00_0</parent>
	  <driver>
	    <name>vfio_mdev</name>
	  </driver>
	  <capability type='mdev'>
	    <type id='vendor_supplied_type_id'/>
	    <iommuGroup number='NUM'/>
	  <capability/>
	<device/>

	https://bugzilla.redhat.com/show_bug.cgi?id=1452072

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	nodedev: Introduce the mdev capability to a PCI parent device
	The parent device needs to report the generic stuff about the supported
	mediated devices types, like device API, available instances, type name,
	etc. Therefore this patch introduces a new nested capability element of
	type 'mdev_types' with the resulting XML of the following format:

	<device>
	  ...
	  <capability type='pci'>
	    ...
	    <capability type='mdev_types'>
	      <type id='vendor_supplied_id'>
	        <name>optional_vendor_supplied_codename</name>
	        <deviceAPI>vfio-pci</deviceAPI>
	        <availableInstances>NUM</availableInstances>
	      </type>
	        ...
	      <type>
	        ...
	      </type>
	    </capability>
	  </capability>
	  ...
	</device>

	https://bugzilla.redhat.com/show_bug.cgi?id=1452072

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	nodedev: Introduce new mdev_types and mdev nodedev capabilities
	The reason for introducing two capabilities, one for the device itself
	(cap 'mdev') and one for the parent device listing the available types
	('mdev_types'), is that we should be able to do
	'virsh nodedev-list --cap' not only for existing mdev devices but also
	for devices that support creation of mdev devices, since one day libvirt
	might be actually able to create the mdev devices in an automated way
	(just like we do for NPIV/vHBA).

	https://bugzilla.redhat.com/show_bug.cgi?id=1452072

2017-05-18  Erik Skultety  <eskultet@redhat.com>

	nodedev: conf: Split PCI sub-capability parsing to separate methods
	Since there's at least SRIOV and MDEV sub-capabilities to be parsed,
	let's make the code more readable by splitting it to several logical
	blocks.

	mdev: Pass a uuidstr rather than an mdev object to some util functions
	Namely, this patch is about virMediatedDeviceGetIOMMUGroup{Dev,Num}
	functions. There's no compelling reason why these functions should take
	an object, on the contrary, having to create an object every time one
	needs to query the IOMMU group number, discarding the object afterwards,
	seems odd.

2017-05-18  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	pci: fix link maximum speed detection
	Commit 8e09663 "pci: recognize/report GEN4 (PCIe 4.0) card 16GT/s Link
	speed" introduced another speed into enum, but mistakenly also altered
	field width, so one bit of link width was included there.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Implement sparse stream to vol-upload
	Similarly to previous commit, implement sparse streams feature
	for vol-upload. This is, however, slightly different approach,
	because we must implement a function that will tell us whether
	we are in a data section or in a hole. But there's no magic
	hidden in here.

	virsh: Implement sparse stream to vol-download
	Add a new --sparse switch that does nothing more than
	enables the sparse streams feature for this command. Among with
	the switch new helper function is introduced: virshStreamSkip().
	This is the callback that is called whenever daemon sends us a
	hole. In the callback we reflect the hole in underlying file by
	seeking as many bytes as told.

	Introduce virStorageVol{Download,Upload}Flags
	These flags to APIs will tell if caller wants to use sparse
	stream for storage transfer. At the same time, it's safe to
	enable them in storage driver frontend and rely on our backends
	checking the flags. This way we can enable specific flags only on
	some specific backends, e.g. enable
	VIR_STORAGE_VOL_DOWNLOAD_SPARSE_STREAM for filesystem backend but
	not iSCSI backend.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	gendispatch: Introduce @sparseflag for our calls
	Now, not all APIs are going to support sparse streams. To some it
	makes no sense at all, e.g. virDomainOpenConsole() or
	virDomainOpenChannel(). To others, we will need a special flag to
	indicate that client wants to enable sparse streams. Instead of
	having to write RPC dispatchers by hand we can just annotate in
	our .x files that a certain flag to certain RPC call enables this
	feature. For instance:

	     /**
	      * @generate: both
	      * @readstream: 1
	      * @sparseflag: VIR_SPARSE_STREAM
	      * @acl: storage_vol:data_read
	      */
	     REMOTE_PROC_DOMAIN_SOME_API = XXX,

	Therefore, whenever client calls virDomainSomeAPI(..,
	VIR_SPARSE_STREAM); daemon will mark that down and send stream
	skips when possible.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	fdstream: Implement sparse stream
	Basically, what is needed here is to introduce new message type
	for the messages passed between the event loop callbacks and the
	worker thread that does all the I/O. The idea is that instead of
	a queue of read buffers we will have a queue where "hole of size
	X" messages appear. That way the event loop callbacks can just
	check the head of the queue and see if the worker thread is in
	data or a hole section and how long the section is.

	daemonStreamHandleRead: Wire up seekable stream
	Whenever client is able to receive some data from stream
	daemonStreamHandleRead is called. But now the behaviour of this
	function needs to be changed a bit. Previously it just read data
	from underlying file (of chardev or whatever) and sent those
	through the stream to client. This model will not work any longer
	because it does not differentiate whether underlying file is in
	data or hole section. Therefore, at the beginning of this
	function add code that checks this situation and acts
	accordingly.
	So after the this, when wanting to send some data we always check
	whether we are not in a hole and if so, skip it an inform client
	about its size.

	remote_driver: Implement VIR_STREAM_RECV_STOP_AT_HOLE
	This is fairly trivial now that we have everything in place.

	virNetClientStream: Wire up VIR_NET_STREAM_HOLE
	Whenever server sends a client stream packet (either regular with
	actual data or stream skip one) it is queued on @st->rx. So the
	list is a mixture of both types of stream packets. So now that we
	have all the helpers needed we can wire their processing up. But
	since virNetClientStreamRecvPacket doesn't support
	VIR_STREAM_RECV_STOP_AT_HOLE flag yet, let's turn all received
	skips into zeroes repeating requested times.

	remote: Implement virStreamRecvHole

	Introduce virNetClientStreamRecvHole
	This function will fetch previously processed stream holes and
	return their sum.

	virNetClientStreamRecvPacket: Introduce @flags argument

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	remote_driver: Implement virStreamSendHole
	Now that we have RPC wrappers over VIR_NET_STREAM_HOLE we can
	start wiring them up. This commit wires up situation when a
	client wants to send a hole to daemon.

	To keep stream offsets synchronous, upon successful call on the
	daemon skip the same hole in local part of the stream.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	virnetclientstream: Introduce virNetClientStreamHandleHole
	This is a function that handles an incoming STREAM_HOLE packet.
	Even though it is not wired up yet, it will be soon. At the
	beginning do couple of checks whether server plays nicely and
	sent us a STREAM_HOLE packed only after we've enabled sparse
	streams. Then decodes the message payload to see how big the hole
	is and stores it in passed @length argument.

	daemon: Implement VIR_NET_STREAM_HOLE handling
	Basically, whenever the new type of stream packet arrives to the
	daemon call this function that decodes it and calls
	virStreamSendHole(). Otherwise a regular data stream packet has
	arrived and therefore continue its processing.

	virnetclientstream: Introduce virNetClientStreamSendHole
	While the previous commit implemented a helper for sending a
	STREAM_HOLE packet for daemon, this is a client's counterpart.

	daemon: Introduce virNetServerProgramSendStreamHole
	This is just a helper function that takes in a length value,
	encodes it into XDR and sends to client.

	Teach wireshark plugin about VIR_NET_STREAM_HOLE
	Ideally, this would be generated, but to achieve that
	corresponding XDR definitions needed to go into a different .x
	file. But they belong just to the one that they are right now.

	Introduce VIR_NET_STREAM_HOLE message type
	This is a special type of stream packet, that is bidirectional
	and contains information regarding how many bytes each side will
	be skipping in the stream.

	RPC: Introduce virNetStreamHole
	This is going to be RPC representation for virStreamSendHole.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	Add new flag to daemonCreateClientStream and virNetClientStreamNew
	Add a new argument to daemonCreateClientStream in order to allow for
	future expansion to mark that a specific stream can be used to skip
	data, such as the case with sparsely populated files. The new flag will
	be the eventual decision point between client/server to decide whether
	both ends can support and want to use sparse streams.

	A new bool 'allowSkip' is added to both _virNetClientStream and
	daemonClientStream in order to perform the tracking.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	virNetClientStreamNew: Track origin stream
	Add a virStreamPtr pointer to the _virNetClientStream
	in order to reverse track the parent stream.

	Introduce virStreamInData
	This is just an internal API, that calls corresponding function
	in stream driver. This function will set @data = 1 if the
	underlying file is in data section, or @data = 0 if it is in a
	hole. At any rate, @length is set to number of bytes remaining in
	the section the file currently is.

	Introduce virStreamSparseSendAll
	This is just a wrapper over new function that have been just
	introduced: virStreamSendHole() . It's very similar to
	virStreamSendAll() except it handles sparse streams well.

	Introduce virStreamSparseRecvAll
	This is just a wrapper over new functions that have been just
	introduced: virStreamRecvFlags(), virStreamRecvHole(). It's very
	similar to virStreamRecvAll() except it handles sparse streams
	well.

	Introduce VIR_STREAM_RECV_STOP_AT_HOLE flag
	Add a new flag to virStreamRecvFlags in order to handle being able to
	stop reading from the stream so that the consumer can generate a "hole"
	in stream target. Generation of a hole replaces the need to receive and
	handle a sequence of zero bytes for sparse stream targets.

	Introduce virStreamRecvHole
	This function is basically a counterpart for virStreamSendHole().
	If one side of a stream called virStreamSendHole() the other
	should call virStreamRecvHole() to get the size of the hole.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virStreamSendHole
	This API is used to tell the other side of the stream to skip
	some bytes in the stream. This can be used to create a sparse
	file on the receiving side of a stream.

	It takes @length argument, which says how big the hole is. This
	skipping is done from the current point of stream. Since our
	streams are not rewindable like regular files, we don't need
	@whence argument like seek(2) has.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	Implement virStreamRecvFlags to some drivers
	There are three virStreamDriver's currently supported:

	 * virFDStream
	 * remote driver
	 * ESX driver

	For now, backend virStreamRecvFlags support for only remote driver and
	ESX driver is sufficient. Future patches will update virFDStream.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virStreamRecvFlags
	This patch is adding the virStreamRecvFlags as a variant to the
	virStreamRecv function in order to allow for future expansion of
	functionality for processing sparse streams using a @flags
	argument.

	util: Introduce virFileInData
	This function takes a FD and determines whether the current
	position is in data section or in a hole. In addition to that,
	it also determines how much bytes are there remaining till the
	current section ends.

2017-05-18  Michal Privoznik  <mprivozn@redhat.com>

	virfdstream: Use messages instead of pipe
	One big downside of using the pipe to transfer the data is that
	we can really transfer just bare data. No metadata can be carried
	through unless some formatted messages are introduced. That would
	be quite painful to achieve so let's use a message queue. It's
	fairly easy to exchange info between threads now that iohelper is
	no longer used.

	The reason why we cannot use the FD for plain files directly is
	that despite us setting noblock flag on the FD, any
	read()/write() blocks regardless (which is a show stopper since
	those parts of the code are run from the event loop) and poll()
	reports such FD as always readable/writable - even though the
	subsequent operation might block.

	The pipe is still not gone though. It is used to signal the event
	loop that an event occurred (e.g. data is available for reading
	in the queue, or vice versa).

2017-05-17  Gordon Messmer  <gordon@dragonsdawn.net>

	virsh: add --io when attaching disks to guests
	virt-install and virt-manager both default to explicitly setting
	"io='native'" in the disk "driver" tag. virsh, however, does not and also
	does not provide an option to specify that setting at all.  As a result,
	disks use a different IO mechanism (the default, "threads") when attached
	post-setup using virsh.  Adding this option allows users to keep disk
	performance consistent for disks attached at install, and those attached
	afterward.

2017-05-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Allow passing disk target as top image with block commit
	Since we allow active layer block commit the users are allowed to commit
	the top of the chain (e.g. vda) into the backing image. The API would
	not accept that parameter, as it tried to look up the image in the
	backing chain.

	Add the ability to use the top level image target name explicitly as the
	top image of the block commit operation.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1451394

2017-05-16  Andrea Bolognani  <abologna@redhat.com>

	news: Update for GIC version on TCG changes

	gic: Remove VIR_GIC_VERSION_DEFAULT
	The QEMU default is GICv2, and some of the code in libvirt
	relies on the exact value. Stop pretending that's not the
	case and use GICv2 explicitly where needed.

2017-05-16  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use GICv2 for aarch64/virt TCG guests
	There are currently some limitations in the emulated GICv3
	that make it unsuitable as a default. Use GICv2 instead.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1450433

2017-05-16  Andrea Bolognani  <abologna@redhat.com>

	tests: Check default GIC version for aarch64/virt TCG guests

	qemu: Use qemuDomainMachineIsVirt() more

2017-05-16  Pavel Hrdina  <phrdina@redhat.com>

	qemu: improve detection of UNIX path generated by libvirt
	Currently we consider all UNIX paths with specific prefix as generated
	by libvirt, but that's a wrong assumption.  Let's make the detection
	better by actually checking whether the whole path matches one of the
	paths that we generate or generated in the past.

	The UNIX path isn't stored in config XML since libvirt-1.3.1.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1446980

2017-05-15  Daniel P. Berrange  <berrange@redhat.com>

	remove hack for debian etch limits.h
	The debian etch distro was end-of-life a long time ago so we no
	longer need the ULLONG_MAX hack. In any case gnulib now provides
	an equivalent fix by default, and so our definition now triggers
	syntax-check rule failure

	src/internal.h:#    define ULLONG_MAX   ULONG_LONG_MAX
	maint.mk: define the above via some gnulib .h file
	maint.mk:843: recipe for target 'sc_prohibit_always-defined_macros' failed

2017-05-15  Daniel P. Berrange  <berrange@redhat.com>

	maint: update to latest gnulib
	This pulls in the fixes for poll() on Win32 which finally
	makes the remote driver work again.

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	conf: add ABI stability checks for IOMMU options
	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

	conf: split out virDomainIOMMUDefCheckABIStability

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	qemu: format caching-mode on iommu command line
	Format the caching-mode option for the intel-iommu device,
	based on its <driver caching> attribute value.

	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	conf: add caching_mode attribute to iommu device
	Add a new attribute to control the caching mode.

	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	qemu: format intel-iommu,intremap on the command line
	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	conf: add <driver intremap> to <iommu>
	Add a new attribute to control interrupt remapping.

	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	qemu: format kernel_irqchip on the command line
	Add kernel_irqchip=split/on to the QEMU command line
	and a capability that looks for it in query-command-line-options
	output. For the 'split' option, use a version check
	since it cannot be reasonably probed.

	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Ján Tomko  <jtomko@redhat.com>

	conf: add <ioapic driver> to <features>
	Add a new <ioapic> element with a driver attribute.

	Possible values are qemu and kvm. With 'qemu', the I/O
	APIC can be put in the userspace even for KVM domains.

	https://bugzilla.redhat.com/show_bug.cgi?id=1427005

2017-05-15  Peter Krempa  <pkrempa@redhat.com>

	util: conf: Don't log when adding commented out lines
	virConfAddEntry spams debug logs even for fully commented out lines.
	Skip such messages to avoid:

	2017-05-12 12:35:38.867+0000: 10820: debug : virConfAddEntry:241 : Add entry (null) (nil)
	2017-05-12 12:35:38.867+0000: 10820: debug : virConfAddEntry:241 : Add entry (null) (nil)
	2017-05-12 12:35:38.867+0000: 10820: debug : virConfAddEntry:241 : Add entry (null) (nil)
	2017-05-12 12:35:38.867+0000: 10820: debug : virConfAddEntry:241 : Add entry (null) (nil)
	2017-05-12 12:35:38.867+0000: 10820: debug : virConfAddEntry:241 : Add entry (null) (nil)
	...

	This also fixes NULL passed to printf.

2017-05-15  Serge Hallyn  <serge.hallyn@ubuntu.com>

	storage: use 0711 as the default perms for dirs
	There should be no need to make dir based pools world/group readable.
	So use 0711, not 0755, as the default perms for storage dirs.

	Updates in v2:
	 - adapt commit wording to mention dropping group readable as well

2017-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Detect VMDK version 3 files
	The metadata libvirt cares about is identical for version 3
	as for previous versions, so we merely need list the new
	version number.

2017-05-15  Christian Ehrhardt  <christian.ehrhardt@canonical.com>

	qemu: monitor: do not report error on shutdown
	If a shutdown is expected because it was triggered via libvirt we can
	also expect the monitor to close. In those cases do not report an
	internal error like:
	  "internal error: End of file from qemu monitor"

2017-05-15  Martin Kletzander  <mkletzan@redhat.com>

	test-wrap-argv.pl: Accept short parameter -i for --in-place
	I like to use it that way and every time I try running it I just
	instinctively use '-i' (like with sed, etc.) and it makes sense, IMHO.

2017-05-12  Pavel Hrdina  <phrdina@redhat.com>

	util: introduce virBufferEscapeRegex
	Add a helper to escape all possible meta-characters used for
	POSIX extended regular expressions.

	util: introduce virStringMatch
	Simply tries to match the provided regex on a string and returns
	the result.  Useful if caller don't care about the matched substring
	and want to just test if some pattern patches a string.

2017-05-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	docs: install html fonts and related

2017-05-12  John Ferlan  <jferlan@redhat.com>

	virsh: Add --tls description for the virsh man page
	https://bugzilla.redhat.com/show_bug.cgi?id=1448806

	Commit id '6a8d898d' neglected to update the man page.

2017-05-12  John Ferlan  <jferlan@redhat.com>

	conf: Fix resource leak in virCapabilitiesInitCaches
	The @type from virFileReadValueString needs to be VIR_FREE each time
	through the loop since it's not saved and since cleanup can be reached
	prior to decoding it for @kernel_type amd bank->type, the cleanup code
	needs to also have a VIR_FREE

	Found by Coverity

2017-05-11  Andrea Bolognani  <abologna@redhat.com>

	spec: Use HTTPS instead of HTTP
	libvirt.org supports HTTPS, so might as well use it.

2017-05-11  Andrea Bolognani  <abologna@redhat.com>

	spec: Support maintenance releases on mingw
	The regular spec file contains code to deal with the fact
	that maintenance releases are uploaded to their own
	directory: copy it over to the mingw spec file so that it's
	possible to build maintenance releases there as well.

	This also switches the source URL from FTP to HTTP for
	consistency with the main spec file.

2017-05-11  Erik Skultety  <eskultet@redhat.com>

	qemu: Provide a much clearer message on device hot-plug
	Adjust the current message to make it clear, that it is the hotplug
	operation that is unsupported with the given host device type.

	https://bugzilla.redhat.com/show_bug.cgi?id=1450072

2017-05-11  Daniel P. Berrange  <berrange@redhat.com>

	tests: stub out virfilewrapper.c on Win32
	The Win32 platform can not do link time overrides in the same way
	that we can on POSIX / ELF based platforms, so we cannot build
	the virfilewrapper.c code reliably. Just stub it out on Win32
	so it is a no-op. Tests that use this file are already written
	to skip on Win32.

2017-05-11  Wim ten Have  <wim.ten.have@oracle.com>

	libxl: report numa sibling distances on host capabilities
	When running on a NUMA machine, populate the sibling node
	and distance information using data supplied by Xen.

	With locality distances information, under Xen, new host
	capabilities would like:

	    <topology>
	      <cells num='4'>
	        <cell id='0'>
	          <memory unit='KiB'>263902380</memory>
	          <distances>
	            <sibling id='0' value='10'/>
	            <sibling id='1' value='21'/>
	          </distances>
	          ...
	        </cell>
	        ...
	      </cells>
	      ...
	    </topology>

	Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
	Reviewed-by: Jim Fehlig <jfehlig@suse.com>

2017-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Add missing deps on virfilewrapper.h
	The test programs depend on virfilewrapper.h as well as the
	virfilewrapper.c. Adding the dep ensures that virfilewrapper.h
	gets included in the dist tarball.

2017-05-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Fix usage of qemuOpenFile
	The function returns -errno on failure, not only -1.

	qemu: driver: Document qemuOpenFile
	The function is nontrivial to follow and has non-standard return values.
	Recent usage was buggy.

2017-05-10  Jiri Denemark  <jdenemar@redhat.com>

	conf: Check CPU cache for ABI stability
	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Don't inline virStringTrimOptionalNewline
	GCC complains that inlining virStringTrimOptionalNewline is not
	likely on some platforms:

	  cc1: warnings being treated as errors
	  ../../src/util/virfile.c: In function 'virFileReadValueBitmap':
	  ../../src/util/virstring.h:292: error: inlining failed in call to 'virStringTrimOptionalNewline': call is unlikely and code size would grow [-Winline]
	  ../../src/util/virfile.c:3987: error: called from here [-Winline]

	Inlining this function is not going to be a measurable performance
	benefit either, since the time required to execute it is going to
	be dominated by running of strlen() over the string, not by the
	function call overhead.

2017-05-09  Cole Robinson  <crobinso@redhat.com>

	spec: Update version check for maint Source URL
	New maint release version numbers of just A.B.C format, not the old
	A.B.C.D format. Adjust the check that dynamically changes the Source
	URL for maint releases

	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-05-09  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	Adding POWER9 cpu model to cpu_map.xml
	As POWER9 model is not available in cpu_map.xml virsh capabilities
	donot display the cpu model and vendor details. This patch
	provides those details

2017-05-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: fix virfilewrapper
	If __lxstat() and __xstat() functions are not available, build fails with:

	  CC       virfilewrapper.o
	virfilewrapper.c:180:5: error: no previous prototype for function '__lxstat' [-Werror,-Wmissing-prototypes]
	int __lxstat(int ver, const char *path, struct stat *sb)
	    ^
	virfilewrapper.c:208:5: error: no previous prototype for function '__xstat' [-Werror,-Wmissing-prototypes]
	int __xstat(int ver, const char *path, struct stat *sb)

	Luckily, we already check presence of these functions in configure
	using AC_CHECK_FUNCS, so just don't wrap these if they're not available.

2017-05-09  Martin Kletzander  <mkletzan@redhat.com>

	util: Define SYSFS_SYSTEM_PATH unconditionally in virhostcpu
	The code is already prepared to handle the non-existence of it.

	tests: Add resctrl test for vircaps2xmltest
	Add info from yet another machine, this time with resctrl data so that
	we can extend tests easily in a test-driven way.

	tests: Add support for more complicated hierarchies in vircaps2xmltest
	More directories will need to be mocked, so let's prepare for that.

	Init host cache info in drivers
	Added only in drivers that were already calling
	virCapabilitiesInitNUMA().  Instead of refactoring all the callers to
	behave the same way in case of error, just follow what the callers are
	doing for all the functions.

2017-05-09  Martin Kletzander  <mkletzan@redhat.com>

	Add host cache information in capabilities
	We're only adding only info about L3 caches, we can add more
	later (just by changing one line), but for now that's more than enough
	without overwhelming anyone.

	XML snippet of how this should look like (also seen as part of the commit):

	  <cache>
	    <bank id='0' level='3' type='both' size='8192' unit='KiB' cpus='0-7'/>
	  </cache>

2017-05-09  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add missing cache data for vircaps2xmltest
	Commit a0fdd2f6f9a0cc77ae285c289e2c16d314b6a907 added some data from
	the system but forgot 3 files for each cache.

	tests: Test vircaps2xmldata XMLs in virschematest

2017-05-09  Martin Kletzander  <mkletzan@redhat.com>

	util: Remove virsysfs and instead enhance virFileReadValue* functions
	It is no longer needed thanks to the great virfilewrapper.c.  And this
	way we don't have to add a new set of functions for each prefixed
	path.

	While on that, add two functions that weren't there before, string and
	scaled integer reading ones.  Also increase the length of the string
	being read by one to accompany for the optional newline at the
	end (i.e. change INT_STRLEN_BOUND to INT_BUFSIZE_BOUND).

2017-05-09  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add virfilewrapper -- the new super "mock"
	This mock (which is actually not mock at all, see later) can redirect
	all accesses to a path into another path.  There is no need to
	create mocks for particular directories, you just create a directory
	with all the data a redirect the test there.

	In the future, this should also be able to register callbacks for
	calls/paths, e.g. when the test is going to write into anything under
	"/sys/devices", call function fce();  Then in the open() call we would
	add information about the fd into some structure and in write() we
	would call fce() with parameters like @path to write to, @data to
	be written and pointer to optional return value, so that fce() itself
	could stop the call from happening or change its behaviour.  But
	that's an idea for a latter day.

	This is not a mock because it will not be preloaded, but compiled in
	the test itself.  See future patches for usage.

2017-05-09  Erik Skultety  <eskultet@redhat.com>

	mdev: Cleanup code after commits @daf5081b and @2739a983
	So, because mingw is somehow OK with dereferencing a pointer within a
	VIR_DEBUG macro, compared to outside of it to which it complained with a
	"potential NULL pointer dereference" error (still a false positive), we
	can make the code a tiny bit cleaner.

	Sighed-by: Erik Skultety <eskultet@redhat.com>

2017-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Don't use ceph-devel on Fedora
	A previous commit changed the spec to use librbd1-devel on
	RHEL-7, since this replaces ceph-devel from RHEL-6:

	  commit 6cfc8834c858849cc74c3082078dc91fb1cbae38
	  Author: Peter Krempa <pkrempa@redhat.com>
	  Date:   Thu Mar 5 11:40:54 2015 +0100

	    spec: Enable RBD storage driver in RHEL-7

	    Use correct package names too as they differ.

	RHEL-7 inherited this rename from Fedora though, so it should
	have also made Fedora use the new names.

	This was missed, because Fedora still provides a (deprecated)
	back-compat RPM for ceph-devel that just pulls in librbd1-devel
	(and others).

	Fixing this stops libvirt pulling Java into the build root in
	Fedora.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-05-09  Andrea Bolognani  <abologna@redhat.com>

	HACKING: Document developer tooling
	Advertise some of the useful developer tooling libvirt
	integrates with out of the box.

2017-05-09  Andrea Bolognani  <abologna@redhat.com>

	Add YouCompleteMe support
	YouCompleteMe[1] is a vim plugin that implements semantic
	code completion using libclang.

	For non-trivial projects such as libvirt, the plugin needs
	some help figuring out where to find the various header
	files: generate its configuration file at configure time
	so that the plugin works out of the box.

	[1] http://valloric.github.io/YouCompleteMe/

2017-05-09  Andrea Bolognani  <abologna@redhat.com>

	Add color_coded support
	color_coded[1] is a vim plugin that implements semantic
	syntax highlighting using libclang.

	For non-trivial projects such as libvirt, the plugin needs
	some help figuring out where to find the various header
	files: generate its configuration file at configure time
	so that the plugin works out of the box.

	[1] https://github.com/jeaye/color_coded

2017-05-09  Erik Skultety  <eskultet@redhat.com>

	Post-release version bump to 3.4.0

2017-05-08  Daniel P. Berrange  <berrange@redhat.com>

	configure: enforce presence of python for build
	The API docs extractor, ESX code generator and keycodemapdb tools
	rely on python. Historically every platform that this present, but
	with switch to Python3 by default, we're increasingly seeing
	installs without a /usr/bin/python.

	This tightens up the check during configure, so it exits immediately
	if python is missing, rather than leaving an empty $(PYTHON) make
	variable which leads to more obscure errors later.

	Also add it as a build dep for Mingw, since Fedora build roots no
	longer get python2 by default. This was not previously a major
	problem, since both ESX & API generated files were included in
	EXTRA_DIST, but the keycodemapdb generated files are not, so we
	require python all the time now.

2017-05-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.3.0
	* docs/news.xml: updated for release
	* po/*.po*: regenerated

2017-05-05  Michal Privoznik  <mprivozn@redhat.com>

	virNWFilterObjListFree: Don't leak nwfilters->objs
	When adding a nwfilter onto the list in
	virNWFilterObjListAssignDef() this array is re-allocated to match
	demand for new size. However, it is never freed leading to a
	leak:

	==26535== 136 bytes in 1 blocks are definitely lost in loss record 1,079 of 1,250
	==26535==    at 0x4C2E2BE: realloc (vg_replace_malloc.c:785)
	==26535==    by 0x54BA28E: virReallocN (viralloc.c:245)
	==26535==    by 0x54BA384: virExpandN (viralloc.c:294)
	==26535==    by 0x54BA657: virInsertElementsN (viralloc.c:436)
	==26535==    by 0x55DB011: virNWFilterObjListAssignDef (virnwfilterobj.c:362)
	==26535==    by 0x55DB530: virNWFilterObjListLoadConfig (virnwfilterobj.c:503)
	==26535==    by 0x55DB635: virNWFilterObjListLoadAllConfigs (virnwfilterobj.c:539)
	==26535==    by 0x2AC5A28B: nwfilterStateInitialize (nwfilter_driver.c:250)
	==26535==    by 0x5621C64: virStateInitialize (libvirt.c:770)
	==26535==    by 0x124379: daemonRunStateInit (libvirtd.c:881)
	==26535==    by 0x554AC78: virThreadHelper (virthread.c:206)
	==26535==    by 0x8F5F493: start_thread (in /lib64/libpthread-2.23.so)

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-05-04  Michal Privoznik  <mprivozn@redhat.com>

	virPerfEventIsEnabled: Accept NULL @perf
	After bdcf6e481 there is a crasher in libvirt. The commit assumes
	that priv->perf is always set. That is not true. For inactive
	domains, the priv->perf is not allocated as it is set in
	qemuProcessLaunch(). Now, usually we differentiate between
	accesses to inactive and active definition and it works just
	fine. Except for 'domstats'. There priv->perf is accessed without
	prior check for domain inactivity. While we could check for that,
	more robust solution is to make virPerfEventIsEnabled() accept
	NULL.

	How to reproduce:
	1) ensure you have at least one inactive domain
	2) virsh domstats

	Reviewed-by: Daniel P. Berrange <berrange@redhat.com>

2017-05-04  Erik Skultety  <eskultet@redhat.com>

	mdev: Fix mingw build by adding a check for non-NULL pointer
	This patch fixes the following MinGW error (although actually being a
	false positive):

	../../src/util/virmdev.c: In function 'virMediatedDeviceListMarkDevices':
	../../src/util/virmdev.c:453:21: error: potential null pointer
	dereference [-Werror=null-dereference]
	          const char *mdev_path = mdev->path;
	                      ^~~~~~~~~

2017-05-04  Andrea Bolognani  <abologna@redhat.com>

	news: Fix typo
	Pointed-out-during-review-by: Ján Tomko <jtomko@redhat.com>
	Not-fixed-before-pushing-by: Andrea Bolognani <abologna@redhat.com>

	news: Add even more v3.3.0 entries

2017-05-04  Erik Skultety  <eskultet@redhat.com>

	mdev: Fix daemon crash on domain shutdown after reconnect
	The problem resides in virHostdevUpdateActiveMediatedDevices which gets
	called during qemuProcessReconnect. The issue here is that
	virMediatedDeviceListAdd takes a pointer to the item to be added to the
	list to which VIR_APPEND_ELEMENT is used, which also clears the pointer.
	However, in this case only the local copy of the pointer got cleared,
	leaving the original pointing to valid memory. To sum it up, during
	cleanup phase, the original pointer is freed and the daemon crashes
	basically any time it would access it.

	Backtrace:
	0x00007ffff3ccdeba in __strcmp_sse2_unaligned
	0x00007ffff72a444a in virMediatedDeviceListFindIndex
	0x00007ffff7241446 in virHostdevReAttachMediatedDevices
	0x00007fffc60215d9 in qemuHostdevReAttachMediatedDevices
	0x00007fffc60216dc in qemuHostdevReAttachDomainDevices
	0x00007fffc6046e6f in qemuProcessStop
	0x00007fffc6091596 in processMonitorEOFEvent
	0x00007fffc6091793 in qemuProcessEventHandler
	0x00007ffff7294bf5 in virThreadPoolWorker
	0x00007ffff7294184 in virThreadHelper
	0x00007ffff3fdc3c4 in start_thread () from /lib64/libpthread.so.0
	0x00007ffff3d269cf in clone () from /lib64/libc.so.6

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1446455

	Reviewed-by: Laine Stump <laine@laine.org>

2017-05-04  Erik Skultety  <eskultet@redhat.com>

	util: mdev: Use a local variable instead of a direct pointer access
	Use a local variable to hold data, rather than accessing the pointer
	after calling virMediatedDeviceListAdd (therefore VIR_APPEND_ELEMENT).
	Although not causing an issue at the moment, this change is a necessary
	prerequisite for tweaking virMediatedDeviceListAdd in a separate patch,
	which will take a reference for the source pointer (instead of pointer
	value) and will clear it along the way.

	Reviewed-by: Laine Stump <laine@laine.org>
	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDetachDeviceUnlink: Don't unlink files we haven't created
	Even though there are several checks before calling this function
	and for some scenarios we don't call it at all (e.g. on disk hot
	unplug), it may be possible to sneak in some weird files (e.g. if
	domain would have RNG with /dev/shm/some_file as its backend). No
	matter how improbable, we shouldn't unlink it as we would be
	unlinking a file from the host which we haven't created in the
	first place.

	Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>

2017-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceMknodRecursive: Don't try to create devices under preserved mount points
	Just like in previous commit, this fixes the same issue for
	hotplug.

	Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>

2017-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDeviceRecursive: Don't try to create devices under preserved mount points
	While the code allows devices to already be there (by some
	miracle), we shouldn't try to create devices that don't belong to
	us. For instance, we shouldn't try to create /dev/shm/file
	because /dev/shm is a mount point that is preserved. Therefore if
	a file is created there from an outside (e.g. by mgmt application
	or some other daemon running on the system like vhostmd), it
	exists in the qemu namespace too as the mount point is the same.
	It's only /dev and /dev only that is different. The same
	reasoning applies to all other preserved mount points.

	Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>

2017-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDeviceRecursive: pass a structure instead of bare path
	Currently, all we need to do in qemuDomainCreateDeviceRecursive() is to
	take given @device, get all kinds of info on it (major & minor numbers,
	owner, seclabels) and create its copy at a temporary location @path
	(usually /var/run/libvirt/qemu/$domName.dev), if @device live under
	/dev. This is, however, very loose condition, as it also means
	/dev/shm/* is created too. Therefor, we will need to pass more arguments
	into the function for better decision making (e.g. list of mount points
	under /dev). Instead of adding more arguments to all the functions (not
	easily reachable because some functions are callback with strictly
	defined type), lets just turn this one 'const char *' into a 'struct *'.
	New "arguments" can be then added at no cost.

	Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>

2017-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBuildNamespace: Move /dev/* mountpoints later
	When setting up mount namespace for a qemu domain the following
	steps are executed:

	1) get list of mountpoints under /dev/
	2) move them to /var/run/libvirt/qemu/$domName.ext
	3) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev
	4) move the mountpoint of the new device tree to /dev
	5) restore original mountpoints from step 2)

	Note the problem with this approach is that if some device in step
	3) requires access to a mountpoint from step 2) it will fail as
	the mountpoint is not there anymore. For instance consider the
	following domain disk configuration:

	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/dev/shm/vhostmd0'/>
	      <target dev='vdb' bus='virtio'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
	    </disk>

	In this case operation fails as we are unable to create vhostmd0
	in the new device tree because after step 2) there is no /dev/shm
	anymore. Leave aside fact that we shouldn't try to create devices
	living in other mountpoints. That's a separate bug that will be
	addressed later.

	Currently, the order described above is rearranged to:

	1) get list of mountpoints under /dev/
	2) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev
	3) move them to /var/run/libvirt/qemu/$domName.ext
	4) move the mountpoint of the new device tree to /dev
	5) restore original mountpoints from step 3)

	Reviewed-by: Cedric Bosdonnat <cbosdonnat@suse.com>

2017-05-03  Andrea Bolognani  <abologna@redhat.com>

	news: Add more v3.3.0 entries
	These entries cover a number of features, improvements and
	bug fixes that had not been documented during the development
	cycle.

	news: Tweak existing v3.3.0 entries
	Some of the content was not following the (loosely established)
	style, and some of the XML was not aligned properly.

2017-05-02  Jiri Denemark  <jdenemar@redhat.com>

	client: Report proper close reason
	When we get a POLLHUP or VIR_EVENT_HANDLE_HANGUP event for a client, we
	still want to read from the socket to process any accumulated data. But
	doing so inevitably results in an error and a call to
	virNetClientMarkClose before we get to processing the hangup event (and
	another call to virNetClientMarkClose). However the close reason passed
	to the second virNetClientMarkClose call is ignored because another one
	was already set. We need to pass the correct close reason when marking
	the socket to be closed for the first time.

	https://bugzilla.redhat.com/show_bug.cgi?id=1373859

2017-05-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix persistent migration of transient domains
	While fixing a bug with incorrectly freed memory in commit
	v3.1.0-399-g5498aa29a, I accidentally broke persistent migration of
	transient domains. Before adding qemuDomainDefCopy in the path, the code
	just took NULL from vm->newDef and used it as the persistent def, which
	resulted in no persistent XML being sent in the migration cookie. This
	scenario is perfectly valid and the destination correctly handles it by
	using the incoming live definition and storing it as the persistent one.

	After the mentioned commit libvirtd would just segfault in the described
	scenario.

	https://bugzilla.redhat.com/show_bug.cgi?id=1446205

2017-05-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix padding of encrypted data
	If we are encoding a block of data that is 16 bytes in length,
	we cannot leave it as 16 bytes, we must pad it out to the next
	block boundary, 32 bytes. Without this padding, the decoder will
	incorrectly treat the last byte of plain text as the padding
	length, as it can't distinguish padded from non-padded data.

	The problem exhibited itself when using a 16 byte passphrase
	for a LUKS volume

	  $ virsh secret-set-value 55806c7d-8e93-456f-829b-607d8c198367 \
	       $(echo -n 1234567812345678 | base64)
	  Secret value set

	  $ virsh start demo
	  error: Failed to start domain demo
	  error: internal error: process exited while connecting to monitor: >>>>>>>>>>Len 16
	  2017-05-02T10:35:40.016390Z qemu-system-x86_64: -object \
	    secret,id=virtio-disk1-luks-secret0,data=SEtNi5vDUeyseMKHwc1c1Q==,\
	    keyid=masterKey0,iv=zm7apUB1A6dPcH53VW960Q==,format=base64: \
	    Incorrect number of padding bytes (56) found on decrypted data

	Notice how the padding '56' corresponds to the ordinal value of
	the character '8'.

2017-05-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't reset "events" migration capability
	When creating v3.2.0-77-g8be3ccd04 commit, I completely forgot that one
	migration capability is very special. It's the "events" capability which
	tells QEMU to report "MIGRATION" events. Since libvirt always wants the
	events, it is enabled in qemuConnectMonitor and the rest of the code
	should not touch it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1439841
	https://bugzilla.redhat.com/show_bug.cgi?id=1441165

	Messed-up-by: Jiri Denemark <jdenemar@redhat.com>

2017-05-02  Julio Faracco  <jcfaracco@gmail.com>

	virsh-domain-monitor: add human readable output for 'domblkinfo'.
	https://bugzilla.redhat.com/show_bug.cgi?id=1330940

	The virsh command 'domblkinfo' returns the capacity, allocation and phisycal
	size of the devices attached in a domain. Usually, this sizes are very big
	and hard to understand and calculate. This commits introduce a human readable
	support to check the size of each field easilly.

	For example, the command before:

	virsh # domblkinfo my_domain hda
	Capacity:       21474836480
	Allocation:     14875545600
	Physical:       21474836480

	and after this patch:

	virsh # domblkinfo my_domain hda --human
	Capacity:       20.000G
	Allocation:     13.900G
	Physical:       20.000G

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2017-04-28  Jim Fehlig  <jfehlig@suse.com>

	news: Document libxl nested HVM support
	Nested HVM support in the libxl driver is a news-worthy
	improvement for libvirt 3.3.0.

	Reviewed-by: Pavel Hrdina <phrdina@redhat.com>

2017-04-28  Laine Stump  <laine@laine.org>

	util: rename/move VIR_NET_GENERATED_PREFIX to be consistent
	... with VIR_NET_GENERATED_MACV???_PREFIX, which is defined in
	util/virnetdevmacvlan.h.

	Since VIR_NET_GENERATED_PREFIX is used for plain tap devices, it is
	renamed to VIR_NET_GENERATED_TAP_PREFIX and moved to virnetdev.h

2017-04-28  Laine Stump  <laine@laine.org>

	conf: don't ignore <target dev='blah'/> for macvtap interfaces
	The parser had been clearing out *all* suggested device names for
	type='direct' (aka macvtap) interfaces. All of the code implementing
	macvtap allows for a user-specified device name, so we should allow
	it. In the case that an interface name starts with "macvtap" or
	"macvlan" though, we do still clear it out, just as we do with "vnet"
	(which is the prefix used for automatically generated tap device
	names), since those are the prefixes for the names we autogenerate for
	macvtap and macvlan devices.

	Resolves: https://bugzilla.redhat.com/1335798

2017-04-28  Laine Stump  <laine@laine.org>

	util: make macvtap/macvlan generated name #defines available to other files
	MACVTAP_NAME_PREFIX and MACVLAN_NAME_PREFIX could be useful to other
	files if they were defined in virnetdevmacvlan.h instead of
	virnetdevmacvlan.c, so do that (while slightly renaming them and also
	adding yet another #define that chooses between macvlan/macvtap based
	on flags).

	This is a prerequisite to fix: https://bugzilla.redhat.com/1335798

2017-04-28  Laine Stump  <laine@laine.org>

	network: better log message when network is inactive during reconnect
	If the network isn't active during networkNotifyActualDevice(), we
	would log an error message stating that the bridge device didn't
	exist. This patch adds a check to see if the network is active, making
	the logs more useful in the case that it isn't.

	Partially resolves: https://bugzilla.redhat.com/1442700

2017-04-28  Laine Stump  <laine@laine.org>

	qemu: don't kill qemu process on restart if networkNotify fails
	Nothing that could happen during networkNotifyActualDevice() could
	justify unceremoniously killing the qemu process, but that's what we
	were doing.

	In particular, new code added in commit 85bcc022 (first appearred in
	libvirt-3.2.0) attempts to reattach tap devices to their assigned
	bridge devices when libvirtd restarts (to make it easier to recover
	from a restart of a libvirt network). But if the network has been
	stopped and *not* restarted, the bridge device won't exist and
	networkNotifyActualDevice() will fail.

	This patch changes networkNotifyActualDevice() and
	qemuProcessNotifyNets() to return void, so that qemuProcessReconnect()
	will soldier on regardless of what happens (any errors will still be
	logged though).

	Partially resolves: https://bugzilla.redhat.com/1442700

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	conf: format only relevant attributes for graphics based on listen type
	This patch changes following output:

	    ...
	    <graphics type='vnc' port='-1' autoport='yes'>
	      <listen type='none'/>
	    </graphics>
	    ...

	into this output:

	    ...
	    <graphics type='vnc'>
	      <listen type='none'/>
	    </graphics>
	    ...

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	iohelper: Remove unused mode
	After 1eb6647979f8c nobody calls the iohelper with 6 arguments.
	Everybody uses the other mode. Well, the only user of iohelper
	after the previous commit is virFileWrapperFd really.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	virfdstream: Drop iohelper in favour of a thread
	Currently we use iohelper for virFDStream implementation. This is
	because UNIX I/O can lie sometimes: even though a FD for a
	file/block device is set as unblocking, actual read()/write() can
	block. To avoid this, a pipe is created and one end is kept for
	read/write while the other is handed over to iohelper to
	write/read the data for us. Thus it's iohelper which gets blocked
	and not our event loop.

	This approach has two problems:
	1) we are spawning a new process.
	2) any exchange of information between daemon and iohelper can be
	done only through the pipe.

	Therefore, iohelper is replaced with an implementation in thread
	which is created just for the stream lifetime. The data are still
	transferred through pipe (for now), but both problems described
	above are solved.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	virFDStreamData: Turn into virObjectLockable
	While this is no functional change, it makes the code look a bit
	nicer. Moreover, it prepares ground for future work.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	fdstream: s/struct virFDStreamData */virFDStreamDataPtr/
	There is really no reason why we should have to have 'struct'
	everywhere.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	fdstreamtest: Print more info on read failure
	It helps with debugging if we know what's the return value of
	saferead().

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Michal Privoznik  <mprivozn@redhat.com>

	fdstreamtest: Rename tempdir
	Because of copy-paste the temporary directory used for this test
	is called "fakesysdir". That's probably misleading.

	Reviewed-by: John Ferlan <jferlan@redhat.com>

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	qemu: use qemu-xhci USB controller by default for ppc64 and aarch64
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1438682

	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	qemu: add support for qemu-xhci USB controller
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1438682

	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	qemu: introduce QEMU_CAPS_DEVICE_QEMU_XHCI
	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	qemu: use nec-usb-xhci as a default controller for aarch64 if available
	This is a USB3 controller and it's a better choice than piix3-uhci.

	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-04-28  Pavel Hrdina  <phrdina@redhat.com>

	qemu: change the logic of setting default USB controller
	The new logic will set the piix3-uhci if available regardless of
	any architecture and it will be updated to better model based on
	architecture and device existence.

	Acked-by: Andrea Bolognani <abologna@redhat.com>

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	tests: genericxml2xml: Add test case for HTTP based disk

	conf: Extract formatting of network disk source into separate function

	docs: schemas: Split up definitions for NBD and gluster
	NBD does not mandate a "filename". Gluster can have more servers. Split
	them so that we can tighten the schema.

	docs: schemas: Split out simple network protocols
	ftp/tftp/sheepdog have a mandatory filename and support only one host.
	There are no additional options for them.

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	docs: schemas: Extract HTTP disk source specification
	Make the schema more strict for HTTP disks requiring a name and
	mandating exactly one source host.

	ftp/tftp entries were not moved here, since http transport also will
	support cookies and other options, which will be added later.

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	docs: schemas: Extract RBD-specific data
	RBD driver supports specifying a snapshot image name or config file.
	Create a define for RBD and move the specifics there.

	docs: schemas: Move the interleave definition into network disk source
	Move it to the place where actually interleaving elements can be placed.

	docs: schemas: Extract disk source host specification
	'diskSourceNetwork' schema define was rather big and it would be hard to
	simplify it. Split out the host portion subelement into a separate
	define.

	docs: schemas: Remove <interleave> from file/block/dir/volume disks
	They don't contain any elements to interleave.

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't fail if physical size can't be updated in qemuDomainGetBlockInfo
	Since commit c5f6151390 qemuDomainBlockInfo tries to update the
	"physical" storage size for all network storage and not only block
	devices.

	Since the storage driver APIs to do this are not implemented for certain
	storage types (RBD, iSCSI, ...) the code would fail to retrieve any data
	since the failure of qemuDomainStorageUpdatePhysical is fatal.

	Since it's desired to return data even if the total size can't be
	updated we need to ignore errors from that function and return plausible
	data.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1442344

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Move freeing of PCI address list to qemuProcessStop
	Rather than freeing the list before starting a new VM clear it after
	stopping the old instance when the data becomes invalid.

	qemu: process: Clean up priv->migTLSAlias
	The alias would be leaked, since it's not freed on the vm stop path.

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Don't leak priv->usbaddrs after VM restart
	Since the private data structure is not freed upon stopping a VM, the
	usbaddrs pointer would be leaked:

	==15388== 136 (16 direct, 120 indirect) bytes in 1 blocks are definitely lost in loss record 893 of 1,019
	==15388==    at 0x4C2CF55: calloc (vg_replace_malloc.c:711)
	==15388==    by 0x54BF64A: virAlloc (viralloc.c:144)
	==15388==    by 0x5547588: virDomainUSBAddressSetCreate (domain_addr.c:1608)
	==15388==    by 0x144D38A2: qemuDomainAssignUSBAddresses (qemu_domain_address.c:2458)
	==15388==    by 0x144D38A2: qemuDomainAssignAddresses (qemu_domain_address.c:2515)
	==15388==    by 0x144ED1E3: qemuProcessPrepareDomain (qemu_process.c:5398)
	==15388==    by 0x144F51FF: qemuProcessStart (qemu_process.c:5979)
	[...]

2017-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Clean automatic NUMA/cpu pinning information on shutdown
	Clean the stale data after shutting down the VM. Otherwise the data
	would be leaked on next VM start. This happens due to the fact that the
	private data object is not freed on destroy of the VM.

2017-04-27  Wim ten Have  <wim.ten.have@oracle.com>

	xlconfigtest: add tests for 'nestedhvm' support
	Testing various configuration schemas targeting postive and negative
	nestedhvm under libvirt <cpu mode="host-passthrough"> configuration.

	Mode "host-passthrough" generates nestedhvm=1 in/from xl format where

	Intel virtualization (VT-x):
	<feature policy='disable' name='vmx'/>

	    or

	AMD virtualization (AMD-V):
	<feature policy='disable' name='svm'/>

	disables virtualization mode under guest domains.

2017-04-27  Wim ten Have  <wim.ten.have@oracle.com>

	xenconfig: add conversions for xen-xl
	Per xen-xl conversions from and to native under host-passthrough
	mode we take care for Xen (nestedhvm = mode) applied and inherited
	settings generating or processing correct feature policy:

	[On Intel (VT-x) architectures]
	<feature policy='disable' name='vmx'/>

	or

	[On AMD (AMD-V) architectures]
	<feature policy='disable' name='svm'/>

	It will then generate (or parse) for nestedhvm=1 in/from xl format.

2017-04-27  Wim ten Have  <wim.ten.have@oracle.com>

	libxl: set nestedhvm for mode host-passthrough
	Xen feature nestedhvm is the option on Xen 4.4+ which enables
	nested virtualization when mode host-passthrough is applied.

	nested HVM is enabled by adding below on the target domain;
	<cpu mode='host-passthrough'/>

	Virtualization on target domain can be disabled by specifying
	such under feature policy rule on target name;

	[On Intel (VT-x) architecture]
	<feature policy='disable' name='vmx'/>

	or:

	[On AMD (AMD-V) architecture]
	<feature policy='disable' name='svm'/>

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for guest CPU cache
	This patch maps /domain/cpu/cache element into -cpu parameters:

	- <cache mode='passthrough'/> is translated to host-cache-info=on
	- <cache level='3' mode='emulate'/> is transformed into l3-cache=on
	- <cache mode='disable'/> is turned in host-cache-info=off,l3-cache=off

	Any other <cache> element is forbidden.

	The tricky part is detecting whether QEMU supports the CPU properties.

	The 'host-cache-info' property is introduced in v2.4.0-1389-ge265e3e480,
	earlier QEMU releases enabled host-cache-info by default and had no way
	to disable it. If the property is present, it defaults to 'off' for any
	QEMU until at least 2.9.0.

	The 'l3-cache' property was introduced later by v2.7.0-200-g14c985cffa.
	Earlier versions worked as if l3-cache=off was passed. For any QEMU
	until at least 2.9.0 l3-cache is 'off' by default.

	QEMU 2.9.0 was the first release which supports probing both properties
	by running device-list-properties with typename=host-x86_64-cpu. Older
	QEMU releases did not support device-list-properties command for CPU
	devices. Thus we can't really rely on probing them and we can just use
	query-cpu-model-expansion QMP command as a witness.

	Because the cache property probing is only reliable for QEMU >= 2.9.0
	when both are already supported for quite a few releases, we let QEMU
	report an error if a specific cache mode is explicitly requested. The
	other mode (or both if a user requested CPU cache to be disabled) is
	explicitly turned off for QEMU >= 2.9.0 to avoid any surprises in case
	the QEMU defaults change. Any older QEMU already turns them off so not
	doing so explicitly does not make any harm.

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Add support for CPU cache specification
	This patch introduces

	    <cache level='N' mode='emulate'/>
	    <cache mode='passthrough'/>
	    <cache mode='disable'/>

	sub element of /domain/cpu. Currently only a single <cache> element is
	allowed.

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	conf: Rename mode parameter in virCPUDefParseXML
	The type of this parameter is virCPUType so calling it 'mode' is pretty
	strange, 'type' is a much better name.

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report VIR_DOMAIN_JOB_OPERATION
	Not all async jobs are visible via virDomainGetJobStats (either they are
	too fast or getting the stats is not allowed during the job), but
	forcing all of them to advertise the operation is easier than hunting
	the jobs for which fetching statistics is allowed. And we won't need to
	think about this when we add support for getting stats for more jobs.

	https://bugzilla.redhat.com/show_bug.cgi?id=1441563

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Add VIR_DOMAIN_JOB_OPERATION typed parameter
	The parameter is reported by virDomainGetJobStats API and
	VIR_DOMAIN_EVENT_ID_JOB_COMPLETED event and it can be used to identify
	the operation (migration, snapshot, ...) to which the reported
	statistics belong.

	https://bugzilla.redhat.com/show_bug.cgi?id=1441563

2017-04-27  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Remove extra messages for vhost-scsi hotplug
	As with virtio-scsi, the "internal error" messages after
	preparing a vhost-scsi hostdev overwrites more meaningful
	error messages deeper in the callchain.  Remove it too.

2017-04-27  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Remove extra messages from virtio-scsi hotplug
	I tried to attach a SCSI LUN to two different guests, and forgot
	to specify "shareable" in the hostdev XML.  Attaching the device
	to the second guest failed, but the message was not helpful in
	telling me what I was doing wrong:

	  $ cat scsi_scratch_disk.xml
	    <hostdev mode='subsystem' type='scsi'>
	      <source>
	        <adapter name='scsi_host3'/>
	        <address bus='0' target='15' unit='1074151456'/>
	      </source>
	    </hostdev>

	  $ virsh attach-device dasd_sles_d99c scsi_scratch_disk.xml
	  Device attached successfully

	  $ virsh attach-device dasd_fedora_0e1e scsi_scratch_disk.xml
	  error: Failed to attach device from scsi_scratch_disk.xml
	  error: internal error: Unable to prepare scsi hostdev: scsi_host3:0:15:1074151456

	I eventually discovered my error, but thought it was weird that
	Libvirt doesn't provide something more helpful in this case.
	Looking over the code we had just gone through, I commented out
	the "internal error" message, and got something more useful:

	  $ virsh attach-device dasd_fedora_0e1e scsi_scratch_disk.xml
	  error: Failed to attach device from scsi_scratch_disk.xml
	  error: Requested operation is not valid: SCSI device 3:0:15:1074151456 is already in use by other domain(s) as 'non-shareable'

	Looking over the error paths here, we seem to issue better
	messages deeper in the callchain so these "internal error"
	messages overwrite any of them.  Remove them, so that the
	more detailed errors are seen.

2017-04-27  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Check return code from qemuHostdevPrepareSCSIDevices

2017-04-27  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: migration: fix race on cancelling drive mirror
	0feebab2 adds calling qemuBlockNodeNamesDetect for completed job
	on updating block jobs. This affects cancelling drive mirror logic as
	this function drops vm lock. Now we have to recheck all disks
	before the disk with the completed block job before going
	to wait for block job events.

	qemu: take current async job into account in qemuBlockNodeNamesDetect
	Becase it can be called during migration out (namely on cancelling
	blockjobs).

2017-04-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: numa: Don't return automatic nodeset for inactive domain
	qemuDomainGetNumaParameters would return the automatic nodeset even for
	the persistent config if the domain was running. This is incorrect since
	the automatic nodeset will be re-queried upon starting the vm.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1445325

2017-04-27  Michal Privoznik  <mprivozn@redhat.com>

	lib: Fix c99 style comments
	We prefer c89 style of comments.

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly reset non-p2p migration
	While peer-to-peer migration enters the Confirm phase even if the
	Perform phase fails, the client which initiated a non-p2p migration will
	never call virDomainMigrateConfirm* API if the Perform phase failed.
	Thus we need to explicitly reset migration before reporting a failure
	from the Perform phase API.

	https://bugzilla.redhat.com/show_bug.cgi?id=1425003

2017-04-27  Wang King  <king.wang@huawei.com>

	util: Drop unused var @errbuf from virPCIGetDeviceAddressFromSysfsLink
	Commit @a7035662 forgot to remove it when doing a refactor.

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	locking: Add support for sanlock_strerror
	The recently added sanlock_strerror function can be used to translate
	sanlock's numeric errors into human readable strings.

	https://bugzilla.redhat.com/show_bug.cgi?id=1409511

2017-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore missing query-migrate-parameters
	Migration with old QEMU which does not support query-migrate-parameters
	would fail because the QMP command is called unconditionally since the
	introduction of TLS migration. Previously it was only called if the user
	explicitly requested a feature which uses QEMU migration parameters. And
	even then the situation was not ideal, instead of reporting an
	unsupported feature we'd just complain about missing QMP command.

	Trivially no migration parameters are supported when
	query-migrate-parameters QMP command is missing. There's no need to
	report an error if it is missing, the callers will report better error
	if needed.

	https://bugzilla.redhat.com/show_bug.cgi?id=1441934

2017-04-26  Pavel Hrdina  <phrdina@redhat.com>

	tests: update QEMU 2.9.0 caps data to final version

2017-04-26  John Ferlan  <jferlan@redhat.com>

	secret: Generate configDir during driver initialization
	Rather than waiting for the first save to fail, let's generate the
	directory with the correct privs during initialization.

	secret: Combine virSecretObjListAdd with Locked function
	There's no need to separate, so just have one.

	secret: Split apart NumOfSecrets and GetUUIDs callback function
	Rather than overloading one function - split apart the logic to have
	separate interfaces and local/private structures to manage the data
	for which the helper is collecting.

	secret: Rename 'filter' to 'aclfilter'
	Makes it a bit more clear what it is.

	secret: Change variable names for list traversals
	Rather than 'nuuids' it should be 'maxuuids' and rather than 'got'
	it should be 'nuuids'.  Alter the logic of the list traversal to
	utilize those names.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	secret: Alter cleanup path for virSecretObjListGetUUIDs
	Rather than using "ret = -1" and cleanup processing, alter the return
	path on failure to goto error and then just return the data.got.

	In the error path, we no longer check for ret < 0, we just can free
	anything added to the array and return -1 directly.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	secret: Use virSecretDefPtr rather than deref from virSecretObjPtr
	Rather than dereferencing obj->def->X, create a local 'def' variable
	that will dereference the def and use directly.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	secret: Use consistent naming for variables
	When processing a virSecretPtr use 'secret' as a variable name.

	When processing a virSecretObjPtr use 'obj' as a variable name.

	When processing a virSecretDefPtr use 'def' as a variable name,
	unless a distinction needs to be made with a 'newdef' such as
	virSecretObjListAddLocked (which also used the VIR_STEAL_PTR macro
	for the configFile and base64File).

2017-04-26  John Ferlan  <jferlan@redhat.com>

	secret: Add NULL obj check to virSecretObjListRemove
	Rather than have the caller check if !obj before calling, just check
	in the function for !obj and return.

	secret: Make some virSecretObj* functions static
	Make various virSecretObjList*Locked functions static and make
	virSecretObjNew static since they're only called within virtsecretobj.c.

	nwfilter: Move save of config until after successful assign
	Only save the config when using a generated UUID if we were able to
	create an object for the def. There could have been "other reasons"
	for the assignment to fail, so saving the config could be incorrect.

	nwfilter: Move creation of configDir to driver initialization
	Rather than "wait" for the first config file to be created, force creation
	of the configDir during driver state initialization.

	nwfilter: Replace virNWFilterSaveDef with virNWFilterSaveConfig
	Essentially virNWFilterSaveDef executed in a different order the same
	sequence of calls, so let's just make one point of reference.

	nwfilter: Replace virNWFilterConfigFile with virFileBuildPath
	Remove open coded helper.

	nwfilter: Make a common UUID lookup function from driver
	Rather than separate calls, use a common call and generate a better
	error message which includes the incorrect uuidstr.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Make _virNWFilterObjList private
	Move from virnwfilterobj.h to virnwfilterobj.c.

	Create the virNWFilterObjListNew() API in order to allocate.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Rename some virNWFilterObj* API's
	Prefix should have been virNWFilterObjList since the API is operating on
	the list of filters.

	nwfilter: Introduce virNWFilterObjNew
	Perform the object initialization in a helper rather than inline.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Make _virNWFilterObjPtr private
	Move the structure to virnwfilterobj.c and create necessary accessor API's
	for the various fields.

	Also make virNWFilterObjFree static since there's no external callers.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Convert wantRemoved to bool
	It is what it is anyway, so let's describe it that way too.

	nwfilter: Remove unused 'active' in virNWFilterObj
	It was only ever set to false, which is ironically the default.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Use virNWFilterDefPtr rather than deref virNWFilterObjPtr
	Rather than dereferencing obj->def->XXX or nwfilters->objs[i]->X
	create local virNWFilterObjPtr and virNWFilterDefPtr variables.

	Future adjustments will be privatizing the object more, so this just
	prepares the code for that reality.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	nwfilter: Use consistent naming for variables
	When processing a virNWFilterPtr use 'nwfilter' as a variable name.

	When processing a virNWFilterObjPtr use 'obj' as a variable name.

2017-04-26  Cédric Bosdonnat  <cbosdonnat@suse.com>

	IPv6 route check: list devices only once
	If several RA routes are found for the same device, only list that
	device once in the error message.

2017-04-26  Ján Tomko  <jtomko@redhat.com>

	Use a separate buffer for <filesystem><driver>
	Format the attributes in a separate buffer and only
	print the element if it's not empty.

	Use a separate buffer for <controller><driver>
	Make adding new attributes easier.

	Use a separate buffer for <disk><driver>
	Eliminate the big condition at the start.
	Instead use a buffer and only format the element if the buffer
	is non-empty.

	Use a separate buffer for <input> subelements
	Instead of figuring out upfront whether <input> will be a single
	or a pair element, format the subelements into a separate buffer
	and close <input/> early if this buffer is empty.

2017-04-26  Erik Skultety  <eskultet@redhat.com>

	docs: Provide a nodedev driver stub documentation
	There's lot more to document about the nodedev driver, besides PCI and
	SR-IOV (even this might need to be extended), but let's start small-ish
	and at least have a page for it linked from the drivers.html.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	disk: Use virStorageBackendZeroPartitionTable
	https://bugzilla.redhat.com/show_bug.cgi?id=1439132

	During 'matrix' testing of all possible combinations I found that if
	device is formated with "gpt" first, then an attempt is made to format
	using "mac", a startup will fail.

	Deeper analysis by Peter Krempa indicates that the "mac" table fits
	into the first block on the disk. Since the GPT disklabel is stored
	at LBA address 1 it is not overwritten at all. Thus it's apparent that
	the (blkid) detection tool then prefers GPT over a older disklabel.

	The GPT disklabel has also a secondary copy at the last LBA of the disk.

	So, follow the same logic as the logical pool in clearing a 1MB swath
	at the beginning and end of the device to avoid potential issues with
	larger sector sizes for the device.

	Also fixed a minor formatting nit in virStorageBackendDeviceIsEmpty call.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	logical: Increase the size of the data to wipe
	Since a sector size may be larger than 512 bytes, let's just increase
	the size to wipe to 1MB rather than 2KB

	logical: Use virStorageBackendZeroPartitionTable
	Rather than open code it, use the new function which uses the wipe algorithm
	in order to zero the front and tail of the partition.

	storage: Introduce virStorageBackendZeroPartitionTable
	Create a wrapper/helper that can be used to call the storage backend
	wipe helper - storageBackendVolWipeLocalFile for future use by logical
	and disk backends to clear out the partition table rather than having
	each open code the same algorithm.

2017-04-26  John Ferlan  <jferlan@redhat.com>

	storage: Modify storageBackendWipeLocal to allow zero from end of device
	Add bool 'zero_end' and logic that would allow a caller to wipe specific
	portions of a target device either from the beginning (the default) or
	from the end when zero_end is true.

	This will allow for this code to wipe out partition table information
	from a device.

2017-04-26  Daniel P. Berrange  <berrange@redhat.com>

	Update keycodemapdb submodule for python2 compat fixes
	There were a few bugs in keycodemap tool that broke it
	when run on python circa 2.7.5 or older, which affected
	RHEL builds.

2017-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Add ability to generate man page describing key code names & values

2017-04-25  Daniel P. Berrange  <berrange@redhat.com>

	util: switch over to use keycodemapdb GIT submodule
	A long time ago we imported the keymaps.csv file from GTK-VNC so we
	can do conversions between keycode sets. Meanwhile lots of bug fixes
	have gone into this CSV file and libvirt hasn't kept in sync. The
	keymaps.csv file and associated generator script has been pulled out
	of GTK-VNC into a dedicated GIT repo for use as a submodule. This
	allows GTK-VNC, SPICE-GTK, QEMU and libvirt to share the same master
	database and tools and pushing updates merely requires a submodule
	commit update as with gnulib.

	The test suite is updated to cover some extra boundary conditions.

2017-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Clean up virSecretObjListExport logic
	Shorten the time needed to keep the list lock and alter the cleanup
	path to be more of an error path.

	Utilize the the virObjectListFree function to handle the calls for
	virObjectUnref on each list element and the VIR_FREE of the list
	instead of open coding it.

	Change the name of the virHashForEach callback to match the name
	of the Export function with the Callback added onto it.

2017-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Have virSecretObjNew return locked object
	Rather than have caller need to do it, have the object returned locked.

	secret: Convert virsecretobjs.h to use "newer" formatting style
	Alter the prototypes to use the newer formatting style

	secret: Need to set data->error on VIR_ALLOC_N failure
	Commit id 'bb1fba629' neglected to set when creating the function.

	test: Remove unnecessary unlocks in cleanup paths
	Commit id '865f479da' altered the logic to use a common test*ObjFindByName
	helpers which would lock/unlock the test driver; however, a few cleanup paths
	in that cleanup missed removing the Unlock, so remove it now.

2017-04-25  John Ferlan  <jferlan@redhat.com>

	remote: Fix possible use-after-free when sending event message
	Based upon an idea and some research by Wang King <king.wang@huawei.com>
	and xinhua.Cao <caoxinhua@huawei.com>.

	Since we're assigning the 'client' to our callback event lookaside list,
	it's imperative that we grab a reference to the object; otherwise, when
	the object is unref'd during virNetServerProcessClients when it's determined
	that the virNetServerClientIsClosed and the memory is free'd before perhaps
	the object event state callbacks are run.  When a virObjectLock() is run,
	before sending the message the following trace occurs;

	    #0  0x00007fda223d66d8 in virClassIsDerivedFrom
	        (klass=0xdeadbeef, parent=0x7fda24c81b40)
	         at util/virobject.c:169
	    #1  0x00007fda223d6a1e in virObjectIsClass
	        (anyobj=anyobj@entry=0x7fd9e575b400, klass=<optimized out>)
	         at util/virobject.c:365
	    #2  0x00007fda223d6a44 in virObjectLock
	        (anyobj=0x7fd9e575b400)
	        at util/virobject.c:317
	    #3  0x00007fda22507f71 in virNetServerClientSendMessage
	        (client=client@entry=0x7fd9e575b400, msg=msg@entry=0x7fd9ec30de90)
	        at rpc/virnetserverclient.c:1422
	    #4  0x00007fda230d714d in remoteDispatchObjectEventSend
	        (client=0x7fd9e575b400, program=0x7fda24c844e0, procnr=348,
	         proc=0x7fda2310e5e0 <xdr_remote_domain_event_callback_tunable_msg>,
	         data=0x7ffc3857fdb0)
	        at remote.c:3803
	    #5  0x00007fda230dd71b in remoteRelayDomainEventTunable
	        (conn=<optimized out>, dom=0x7fda27cd7660, params=0x7fda27f3aae0,
	         nparams=1,opaque=0x7fd9e6c99e00)
	        at remote.c:1033
	    #6  0x00007fda224484cb in virDomainEventDispatchDefaultFunc
	        (conn=0x7fda27cd0120, event=0x7fda2736ea00, cb=0x7fda230dd610
	         <remoteRelayDomainEventTunable>, cbopaque=0x7fd9e6c99e00)
	        at conf/domain_event.c:1910
	    #7  0x00007fda22446871 in virObjectEventStateDispatchCallbacks
	        (callbacks=<optimized out>, callbacks=<optimized out>,
	         event=0x7fda2736ea00,state=0x7fda24ca3960)
	        at conf/object_event.c:722
	    #8  virObjectEventStateQueueDispatch
	        (callbacks=0x7fda24c65800, queue=0x7ffc3857fe90, state=0x7fda24ca3960)
	        at conf/object_event.c:736
	    #9  virObjectEventStateFlush (state=0x7fda24ca3960)
	        at conf/object_event.c:814
	    #10 virObjectEventTimer (timer=<optimized out>, opaque=0x7fda24ca3960)
	        at conf/object_event.c:560
	    #11 0x00007fda223ae8b9 in virEventPollDispatchTimeouts ()
	        at util/vireventpoll.c:458
	    #12 virEventPollRunOnce ()
	        at util/vireventpoll.c:654
	    #13 0x00007fda223ad1d2 in virEventRunDefaultImpl ()
	        at util/virevent.c:314
	    #14 0x00007fda225046cd in virNetDaemonRun (dmn=0x7fda24c775c0)
	        at rpc/virnetdaemon.c:818
	    #15 0x00007fda230d6351 in main (argc=<optimized out>, argv=<optimized out>)
	        at libvirtd.c:1623

2017-04-25  John Ferlan  <jferlan@redhat.com>

	daemon: Rework remoteClientFreeFunc cleanup loops into C macro
	Rather than 'n' repetitive code segments, let's create a single macro
	which will make the code easier to read.

2017-04-25  Wang King  <king.wang@huawei.com>

	daemon: Remove unnecessary goto error
	Freeing the dst is unnecessary if the VIR_STRDUP fails, and therefore
	we need to remove the error label as well.

	daemon: Fix domain name leak in error path
	Domain name is duplicated in make_nonnull_domain, but not freed when
	virTypedParamsSerialize returns error.

2017-04-25  ZhiPeng Lu  <lu.zhipeng@zte.com.cn>

	qemu: fix argument of virDomainNetGetActualDirectMode
	it should be a comparison of modes between new and old devices. So
	the argument of the second virDomainNetGetActualDirectMode should be
	newdev.

2017-04-25  Andrea Bolognani  <abologna@redhat.com>

	autogen.sh: Improve and generalize
	The goal is twofold: firstly, we want to extend the script so
	that it can deal with more than a single git submodule, and
	secondly we'd like to reduce the amount of duplicated code.
	Moreover, since we're making heavy changes to the code anyway,
	we might as well make sure it follows a somewhat consistent
	coding style too.

	To reduce code duplication, we introduce a new --dry-run
	option, which can be used by third parties to figure out
	whether calling autogen.sh is necessary or not: this allows
	us to get rid of the reimplementation of part of the logic
	in cfg.mk and guarantee they'll never get out of sync.

	Other changes include: making dirty submodules checking and
	cleaning entirely independent of other operations; removing
	the use of 'set -e' and handling errors explicitly instead;
	better parsing of command line arguments.

2017-04-24  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos

2017-04-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: relax virNetDevSetCoalesce() stub
	Currently, virNetDevSetCoalesce() stub is always returning error. As
	it's used by virNetDevTapCreateInBridgePort(), it essentially breaks
	bridged networking if coalesce is not supported.

	To make it work, relax the stub to trigger error only when its
	coalesce argument is not NULL, otherwise report success.

2017-04-24  Erik Skultety  <eskultet@redhat.com>

	docs: Utilize our XSLT list generating template more
	Since we do have this template at hand, why not using it wherever
	possible (list of supported pool types and remote access section).
	Also, perform some stylistic micro adjustments.

	nodedev: udevProcessPCI: Drop syspath variable
	Since we have that information provided by @def which is not a private
	object, there is really no need for the variable.

	conf: nodedev: Split virNodeDeviceDefFormat into more functions
	Make the code look cleaner by moving the capability specific bits into
	separate functions.

	nodedev: Make use of the compile-time missing enum in switch error
	So udevGetDeviceDetails was one those functions using an enum in a
	switch, but since it had a 'default' case, compiler didn't warn about an
	unhandled enum. Moreover, the error about an unsupported device type
	reported in the default case is unnecessary, since by the time we get
	there, udevGetDeviceType (which was called before) already made sure
	that any unrecognized device types had been handled properly.

2017-04-24  Yi Wang  <wang.yi59@zte.com.cn>

	rpc: fix keep alive timer segfault
	ka maybe have been freeed in virObjectUnref, application using
	virKeepAliveTimer will segfault when unlock ka. We should keep
	ka's refs positive before using it.

	#0  0x00007fd8f79970e8 in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7fd8e8001b80) at util/virobject.c:169
	#1  0x00007fd8f799742e in virObjectIsClass (anyobj=anyobj entry=0x7fd8e800b9c0, klass=＜optimized out＞) at util/virobject.c:365
	#2  0x00007fd8f79974e4 in virObjectUnlock (anyobj=0x7fd8e800b9c0) at util/virobject.c:338
	#3  0x00007fd8f7ac477e in virKeepAliveTimer (timer=＜optimized out＞, opaque=0x7fd8e800b9c0) at rpc/virkeepalive.c:177
	#4  0x00007fd8f7e5c9cf in libvirt_virEventInvokeTimeoutCallback () from /usr/lib64/python2.7/site-packages/libvirtmod.so
	#5  0x00007fd8ff64db94 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
	#6  0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
	#7  0x00007fd8ff64d85f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
	#8  0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
	#9  0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
	#10 0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
	#11 0x00007fd8ff5dc098 in function_call () from /lib64/libpython2.7.so.1.0
	#12 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0
	#13 0x00007fd8ff5c6085 in instancemethod_call () from /lib64/libpython2.7.so.1.0
	#14 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0
	#15 0x00007fd8ff648ff7 in PyEval_CallObjectWithKeywords () from /lib64/libpython2.7.so.1.0
	#16 0x00007fd8ff67d7e2 in t_bootstrap () from /lib64/libpython2.7.so.1.0
	#17 0x00007fd8ff358df3 in start_thread () from /lib64/libpthread.so.0
	#18 0x00007fd8fe97d3ed in clone () from /lib64/libc.so.6

2017-04-22  Martin Kletzander  <mkletzan@redhat.com>

	Remove pointless check for !ret in virDomainNetDefCoalesceParseXML
	It was left there after removing a macro it was part of in first
	version or so.  Now it will always be NULL.

	Don't leak str in virDomainNetDefCoalesceParseXML

2017-04-21  Laine Stump  <laine@redhat.com>

	util: allow ignoring SIOCSIFHWADDR when errno is EPERM
	Commit f4ef3a71 made a variation of virNetDevSetMAC that would return
	without logging an error message if errno was set to
	EADDRNOTAVAIL. This errno is set by some SRIOV VF drivers (in
	particular igbvf) when they fail to set the device's MAC address due
	to the PF driver refusing the request. This is useful if we want to
	try a different method of setting the VF MAC address before giving up
	(Commit 86556e16 actually does this, setting the desired MAC address
	to the "admin MAC in the PF, then detaching and reattaching the VF
	netdev driver to force a reinit of the MAC address).

	During testing of Bug 1442040 t was discovered that the ixgbe driver
	returns EPERM in this situation, so this patch changes the exception
	case for silent+non-terminal failure to account for this difference.

	Completes resolution to: https://bugzilla.redhat.com/1415609 (RHEL 7.4)
	                         https://bugzilla.redhat.com/1442040 (RHEL 7.3.z)

2017-04-21  Daniel P. Berrange  <berrange@redhat.com>

	util: fix virNetDevSetCoalesce fallback on Win32/FreeBSD
	The current fallback stub for virNetDevSetCoalesce is inside an
	earlier conditional block. This deals with the feature being
	missing on older Linux platforms. We need a second fallback stub
	though, outside the top level conditional, to ensure builds work
	on Win32/FreeBSD platforms too.

	docs: fix typo in closing HTML element

2017-04-21  Martin Kletzander  <mkletzan@redhat.com>

	Set coalesce settings for domain interfaces
	This patch makes use of the virNetDevSetCoalesce() function to make
	appropriate settings effective for devices that support them.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414627

2017-04-21  Martin Kletzander  <mkletzan@redhat.com>

	conf, docs: Add support for coalesce setting(s)
	We are currently parsing only rx/frames/max because that's the only
	value that makes sense for us.  The tun device just added support for
	this one and the others are only supported by hardware devices which
	we don't need to worry about as the only way we'd pass those to the
	domain is using <hostdev/> or <interface type='hostdev'/>.  And in
	those cases the guest can modify the settings itself.

	util: Add virNetDevSetCoalesce function
	That function is able to configure coalesce settings for an interface,
	similarly to 'ethtool -C'.  This function also updates back the
	structure so that it contains actual data on the device (if the device
	doesn't support some settings kernel might just return 0 and not set
	whatever is not supported), so this way we'll have up-to-date
	information in the live domain XML.

2017-04-21  Pavel Hrdina  <phrdina@redhat.com>

	util: check ifa_addr pointer before accessing its elements
	Reported by Rafał Wojciechowski <it@rafalwojciechowski.pl>.

	Thread 1 (Thread 0x7f194b99d700 (LWP 5631)):
	0  virNetDevGetifaddrsAddress (addr=0x7f194b99c7c0, ifname=0x7f193400e2b0 "ovirtmgmt") at util/virnetdevip.c:738
	1  virNetDevIPAddrGet (ifname=0x7f193400e2b0 "ovirtmgmt", addr=addr@entry=0x7f194b99c7c0) at util/virnetdevip.c:795
	2  0x00007f19467800d6 in networkGetNetworkAddress (netname=<optimized out>, netaddr=netaddr@entry=0x7f1924013f18) at network/bridge_driver.c:4780
	3  0x00007f193e43a33c in qemuProcessGraphicsSetupNetworkAddress (listenAddr=0x7f19340f7650 "127.0.0.1", glisten=0x7f1924013f10) at qemu/qemu_process.c:4062
	4  qemuProcessGraphicsSetupListen (vm=<optimized out>, graphics=0x7f1924014f10, cfg=0x7f1934119f00) at qemu/qemu_process.c:4133
	5  qemuProcessSetupGraphics (flags=17, vm=0x7f19240155d0, driver=0x7f193411f1d0) at qemu/qemu_process.c:4196
	6  qemuProcessPrepareDomain (conn=conn@entry=0x7f192c00ab50, driver=driver@entry=0x7f193411f1d0, vm=vm@entry=0x7f19240155d0, flags=flags@entry=17) at qemu/qemu_process.c:4969
	7  0x00007f193e4417c0 in qemuProcessStart (conn=conn@entry=0x7f192c00ab50, driver=driver@entry=0x7f193411f1d0, vm=0x7f19240155d0,asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_START, migrateFrom=migrateFrom@entry=0x0, migrateFd=migrateFd@entry=-1, migratePath=migratePath@entry=0x0,snapshot=snapshot@entry=0x0, vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=17, flags@entry=1) at qemu/qemu_process.c:5553

	Man page for getifaddrs also states that the "ifa_addr" may contain
	a null pointer which happens if there is an existing network interface
	on the host without IP address.

2017-04-20  Jim Fehlig  <jfehlig@suse.com>

	Increase default task limit for libvirtd
	libvirtd can spawn threads/tasks when creating new domains for
	some hypervisors such as Xen's libxl driver, quickly reaching
	the cgroups pids controller default TasksMax setting of 512. When
	the limit is reached, attempting to create additional domains
	results in an error from the cgroups pids controller, e.g.

	kernel: [71282.213347] cgroup: fork rejected by pids controller in
	/system.slice/libvirtd.service

	Depending on domain type and configuration, anywhere from 4-7
	threads/tasks may be created by libxl when starting a domain.
	In order to support 4096 domains, similar to commit 27cd763500,
	increase the TasksMax setting in libvirtd.service to
	4096 * 8 = 32768 tasks.

2017-04-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting when poll returns POLLHUP/POLLERR
	In the RPC client event loop code, if poll() returns only a POLLHUP
	or POLLERR status, then we end up reporting a bogus error message:

	  error: failed to connect to the hypervisor
	  error: An error occurred, but the cause is unknown

	We do actually report an error, but we virNetClientMarkClose method
	has already captured the error status before we report it, so the
	real error gets thrown away. The key fix is to report the error
	before calling virNetClientMarkClose(). In changing this, we also
	split out reporting of POLLHUP vs POLLERR to make any future bugs
	easier to diagnose.

2017-04-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Don't save status XML when monitor is closed
	In the vcpu hotplug code if exit from the monitor failed we would still
	attempt to save the status XML. When the daemon is terminated the
	monitor socket is closed. In such case, the written status XML would not
	contain the monitor path and thus be invalid.

	Avoid this issue by only saving status XML on success of the monitor
	command.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1439452

2017-04-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Unexport qemuDomainHotplugDelVcpu
	The function is used only in the hotplug module.

2017-04-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: use correct default USB controller on ppc64
	The history of USB controller for ppc64 guest is complex and goes
	back to libvirt 1.3.1 where the fun started.

	Prior Libvirt 1.3.1 if no model for USB controller was specified
	we've simply passed "-usb" on QEMU command line.

	Since Libvirt 1.3.1 there is a patch (8156493d8db) that fixes this
	issue by using "-device pci-ohci,..." but it breaks migration with
	older Libvirts which was agreed that's acceptable.  However this
	patch didn't reflect this change in the domain XML and the model
	was still missing.

	Since Libvirt 2.2.0 there is a patch (f55eaccb0c5) that fixes the
	issue with not setting the USB model into domain XML which we need
	to know about to not break the migration and since the default
	model was *pci-ohci* it was used as default in this patch as well.

	This patch tries to take all the previous changes into account and
	also change the default for newly defined domains that don't specify
	any model for USB controller.

	The VIR_DOMAIN_DEF_PARSE_ABI_UPDATE is set only if new domain is
	defined or new device is added into a domain which means that in
	all other cases we will use the old *pci-ohci* model instead of the
	better and not broken *nec-usb-xhci* model.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1373184

2017-04-20  Pavel Hrdina  <phrdina@redhat.com>

	conf: add a new parse flag VIR_DOMAIN_DEF_PARSE_ABI_UPDATE_MIGRATION
	So far there is probably no change that is allowed to be done
	by the VIR_DOMAIN_DEF_PARSE_ABI_UPDATE flag that would break
	guest ABI but this may change in the future.

	This introduces new VIR_DOMAIN_DEF_PARSE_ABI_UPDATE_MIGRATION
	which should be used only for ABI updates that are "safe" for
	persistent migration.

2017-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Refresh translations from zanata

2017-04-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use more data for comparing CPUs
	With QEMU older than 2.9.0 libvirt uses CPUID instruction to determine
	what CPU features are supported on the host. This was later used when
	checking compatibility of guest CPUs. Since QEMU 2.9.0 we ask QEMU for
	the host CPU data. But the two methods we use usually provide disjoint
	sets of CPU features because QEMU/KVM does not support all features
	provided by the host CPU and on the other hand it can enable some
	feature even if the host CPU does not support them.

	So if there is a domain which requires a CPU features disabled by
	QEMU/KVM, libvirt will refuse to start it with QEMU > 2.9.0 as its guest
	CPU is incompatible with the host CPU data we got from QEMU. But such
	domain would happily start on older QEMU (of course, the features would
	be missing the guest CPU). To fix this regression, we need to combine
	both CPU feature sets when checking guest CPU compatibility.

	https://bugzilla.redhat.com/show_bug.cgi?id=1439933

2017-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Introduce virCPUGetHostIsSupported
	Sometimes we want to call virCPUGetHost only when it is implemented for
	a given architecture to avoid logging expected and possibly misleading
	errors. The new virCPUGetHostIsSupported API may be used to guard such
	calls to virCPUGetHost.

	cpu: Drop feature filtering from virCPUUpdate
	Because of the changes done in the previous commit, @host is already a
	migratable CPU and there's no need to do any additional filtering.

	qemu: Pass migratable host CPU model to virCPUUpdate
	We already know from QEMU which CPU features will block migration. Let's
	use this information to make a migratable copy of the host CPU model and
	use it for updating guest CPU specification. This will allow us to drop
	feature filtering from virCPUUpdate where it was just a hack.

	qemu: Prepare qemuCaps for multiple host CPU defs
	Soon we will need to store multiple host CPU definitions in
	virQEMUCapsHostCPUData and qemuCaps users will want to request the one
	they need. This patch introduces virQEMUCapsHostCPUType enum which will
	be used for specifying the requested CPU definition.

	qemu: Move qemuCaps host CPU data in a struct
	We need to store several CPU related data structure for both KVM and
	TCG. So instead of keeping two different copies of everything let's
	make a virQEMUCapsHostCPUData struct and use it twice.

	qemu: Introduce virQEMUCapsHostCPUDataClear
	To keep freeing of host CPU data in one place.

	qemu: Move qemuCaps CPU data copying into a separate function
	This introduces virQEMUCapsHostCPUDataCopy which will later be
	refactored a bit and called twice from virQEMUCapsNewCopy.

	qemu: Introduce virQEMUCapsSetHostModel
	A simple helper as a complement to virQEMUCapsGetHostModel.

2017-04-19  Daniel P. Berrange  <berrange@redhat.com>

	virt-storage-rbd: fix typo s/RDB/RBD/ in configure check

	virsh: report errors in virshInit()
	There are several functions in virshInit which can fail, especially
	when running win32 builds under WINE. Currently virsh just exits
	without reporting what error happened.

2017-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Add travis build configuration
	This travis configuration tests libvirt builds on 5 platforms that we don't
	exercise in the CentOS CI system.

	  - Ubuntu Trusty with GCC
	  - Ubuntu Trusty with CLang
	  - Ubuntu Precise with GCC
	  - Ubuntu Precise with CLang
	  - OS-X with CLang

	NB, syntax-check fails on OS-X with errors like:

	   /bin/sh: /usr/bin/grep: Argument list too long

	Presumably their grep impl isn't as good as the GNU one, so this test
	config skips syntax-check on OS-X for now.

2017-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Ignore SASL deprecation warnings on OS-X
	Apple have annotated all SASL functions as deprecated for
	unknown reasons. Since they still work, lets just ignore
	the warnings. If Apple finally delete the SASL functions
	our configure check should already catch that

	Fix detection of required RBD version
	If building libvirt against Ubuntu precise, the librbd.h is lacking
	many functions that libvirt expects. We have no version check, so
	we were enabling RBD even though it cannot compile. This configure
	check uses existance of 'rbd_get_features' as an identifier for the
	min required version.

	Prevent test failures with ebtables/iptables/ip6tables are missing
	When running tests in a restricted container (as opposed to a full
	OS install), we can't assume ebtables/iptbles/ip6tables are going
	to be installed. We must check this and mark the tests as skipped.

2017-04-19  Daniel P. Berrange  <berrange@redhat.com>

	annotate all mocked functions with noinline
	CLang's optimizer is more aggressive at inlining functions than
	gcc and so will often inline functions that our tests want to
	mock-override. This causes the test to fail in bizarre ways.

	We don't want to disable inlining completely, but we must at
	least prevent inlining of mocked functions. Fortunately there
	is a 'noinline' attribute that lets us control this per function.

	A syntax check rule is added that parses tests/*mock.c to extract
	the list of functions that are mocked (restricted to names starting
	with 'vir' prefix). It then checks that src/*.h header file to
	ensure it has a 'ATTRIBUTE_NOINLINE' annotation. This should prevent
	use from bit-rotting in future.

2017-04-19  Jiri Denemark  <jdenemar@redhat.com>

	spec: Avoid RPM verification errors on nwfilter XMLs
	/etc/libvirt/nwfilter/*.xml files are installed with no UUID, which
	means libvirtd will automatically alter all of them once it starts. Thus
	RPM verification will always fail on them. Let's use a trick similar to
	the default network XML and store nwfilter XMLs in /usr/share. They will
	be copied into /etc in %post. Additionally the /etc files are marked as
	%ghost so that they are uninstalled if the RPM package is removed.

	Note that the %post script overwrites existing files with new ones on
	upgrade, which is what has always been happening.

	https://bugzilla.redhat.com/show_bug.cgi?id=1431581
	https://bugzilla.redhat.com/show_bug.cgi?id=1378774

2017-04-19  John Ferlan  <jferlan@redhat.com>

	network: Use consistent function name prefixes for virnetworkobj
	Use "virNetworkObj" as a prefix for any external API in virnetworkobj.

	Also a couple of functions were local to virnetworkobj.c, so remove their
	external defs in virnetworkobj.h.

2017-04-19  John Ferlan  <jferlan@redhat.com>

	network: Rename virNetworkObjAssignDef to virNetworkObjUpdateAssignDef
	Rename the API to be a better description of what it does. Besides, a
	subsequent patch will rename virNetworkAssignDef to virNetworkObjAssignDef
	so rather than make that patch confusing we'll take the intermittent step
	in this patch.

	network: Alter coding style of network conf function prototypes
	In an effort to be consistent with the source module, alter the function
	prototypes to follow the similar style of source with the "type" on one
	line followed by the function name and arguments on subsequent lines with
	with argument getting it's own line.

	network: Adjust coding style for network conf sources
	Alter the format of the code to follow more recent style guidelines of
	two empty lines between functions, function decls with "[static] type"
	on one line followed by function name with arguments to functions each
	on one line.

2017-04-19  John Ferlan  <jferlan@redhat.com>

	network: Introduce virnetworkobj
	Move all the virNetworkObj related API/data structures into their own
	modules virnetworkobj.{c,h} from the network_conf.{c,h}

	Purely code motion at this point plus adjustments to cleanly build

2017-04-18  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: recognize array property as distinct type.
	When hyperv code generator for WMI classes identifies common
	properties, it needs to take into account array type as a distinct
	type, i.e string != string[]. This is the case where v1 of the
	Msvm_VirtualSystemSettingData has Notes property as string whereas v2
	uses Notes[], therefore they have to be treated as different fields and
	cannot be placed in the "common" struct.

2017-04-18  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: avoid double free on OOM testing
	Fix xlconfig channel tests when OOM testing is enabled.

	TEST: xlconfigtest
	32) Xen XL-2-XML Format channel-unix                                  ... OK
	    Test OOM for nalloc=55 ................................................*** Error in `/home/jfehlig/virt/upstream/libvirt/tests/.libs/xlconfigtest': double free or corruption (fasttop): 0x0000000000679550 ***
	...
	(gdb) bt
	#0  0x00007ffff36875af in raise () from /lib64/libc.so.6
	#1  0x00007ffff36889aa in abort () from /lib64/libc.so.6
	#2  0x00007ffff36c5150 in __libc_message () from /lib64/libc.so.6
	#3  0x00007ffff36cb4f6 in malloc_printerr () from /lib64/libc.so.6
	#4  0x00007ffff36cbcee in _int_free () from /lib64/libc.so.6
	#5  0x00007ffff782babf in virFree (ptrptr=0x7fffffffdca8) at util/viralloc.c:582
	#6  0x000000000042f2f3 in xenParseXLChannel (conf=0x677350, def=0x6815b0) at xenconfig/xen_xl.c:788
	#7  0x000000000042f44e in xenParseXL (conf=0x677350, caps=0x6832b0, xmlopt=0x67f6e0) at xenconfig/xen_xl.c:828
	#8  0x00000000004105a3 in testCompareFormatXML (
	    xlcfg=0x6811e0 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.cfg",
	    xml=0x681110 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.xml", replaceVars=false)
	    at xlconfigtest.c:152

	When a channel is successfully parsed and its path and name fields
	assigned from local variables, set the local variables to NULL to
	prevent a double free on error.

2017-04-18  Pavel Hrdina  <phrdina@redhat.com>

	tests: domaincapstest: add test for Q35 machine type

	qemu: report IDE bus in domain capabilities only if it's supported
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1441964

	qemu: use qemuDomainMachineIsPSeries

2017-04-18  Pavel Hrdina  <phrdina@redhat.com>

	qemu: refactor qemuDomainMachine* functions
	Introduce new wrapper functions without *Machine* in the function
	name that take the whole virDomainDef structure as argument and
	call the existing functions with *Machine* in the function name.

	Change the arguments of existing functions to *machine* and *arch*
	because they don't need the whole virDomainDef structure and they
	could be used in places where we don't have virDomainDef.

2017-04-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Skip cache=none check for disks which are storage-migrated
	Since the disks are copied by qemu, there's no need to enforce
	cache=none. Thankfully the code that added qemuMigrateDisk did not break
	existing configs, since if you don't select any disk to migrate
	explicitly the code behaves sanely.

	The logic for determining whether a disk should be migrated is
	open-coded since using qemuMigrateDisk twice would be semantically
	incorrect.

2017-04-17  Konstantin Neumoin  <kneumoin@virtuozzo.com>

	vz: support virDomainBlockResize
	Acked-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>

	vz: support virDomainSetVcpus
	Acked-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>

2017-04-13  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	pci: recognize/report GEN4 (PCIe 4.0) card 16GT/s Link speed
	Without this added enum value, nodedev-dumpxml of a GEN4 (PCIe 4.0)
	card will fail (due to the unrecognized link speed), and since
	nodedev-detach and nodedev-reattach internally do a dumpxml+parse,
	they will also fail. With this patch, all those operations succeed.

2017-04-13  Andrea Bolognani  <abologna@redhat.com>

	Drop autobuild.sh
	The Test-AutoBuild project, that this script is supposed to
	be used with, hasn't seen any activity in ~6 years; libvirt's
	own CI is running on Jenkins with a completely independent
	setup that doesn't use the script at all.

2017-04-13  Wim ten Have  <wim.ten.have@oracle.com>

	xenFormatXLDomainDisks: avoid double free on OOM testing
	Fix xlconfigtest runs build for --enable-test-oom on
	        Xen XL-2-XML Parse  new-disk

	    #0  0x00007ffff3bd791f in raise () from /lib64/libc.so.6
	    #1  0x00007ffff3bd951a in abort () from /lib64/libc.so.6
	    #2  0x00007ffff3c1b200 in __libc_message () from /lib64/libc.so.6
	    #3  0x00007ffff3c2488a in _int_free () from /lib64/libc.so.6
	    #4  0x00007ffff3c282bc in free () from /lib64/libc.so.6
	    #5  0x00007ffff7864fcb in virFree (ptrptr=ptrptr@entry=0x7fffffffd868) at util/viralloc.c:582
	    #6  0x00007ffff78776e5 in virConfFreeValue (val=<optimized out>) at util/virconf.c:178
	==> #7  0x0000000000425759 in xenFormatXLDomainDisks (def=0x7fffffffd8c0, def=0x7fffffffd8c0, conf=0x658220)
	        at xenconfig/xen_xl.c:1159
	    #8  xenFormatXL (def=def@entry=0x66ec20, conn=conn@entry=0x668cf0) at xenconfig/xen_xl.c:1558
	    #9  0x000000000040ea1d in testCompareParseXML (replaceVars=<optimized out>,
	        xml=0x65f5e0 "/home/wtenhave/WORK/libvirt/history/libvirt/tests/xlconfigdata/test-fullvirt-ovmf.xml",
	        xlcfg=0x65f6b0 "/home/wtenhave/WORK/libvirt/history/libvirt/tests/xlconfigdata/test-fullvirt-ovmf.cfg")
	        at xlconfigtest.c:105
	    #10 testCompareHelper (data=<optimized out>) at xlconfigtest.c:205
	    #11 0x000000000041079a in virTestRun (title=title@entry=0x431cf0 "Xen XL-2-XML Parse  fullvirt-ovmf",
	        body=body@entry=0x40e720 <testCompareHelper>, data=data@entry=0x7fffffffda50) at testutils.c:247
	    #12 0x000000000040ebc2 in mymain () at xlconfigtest.c:256
	    #13 0x0000000000411070 in virTestMain (argc=1, argv=0x7fffffffdc08, func=0x40f2c0 <mymain>) at testutils.c:992
	    #14 0x00007ffff3bc2401 in __libc_start_main () from /lib64/libc.so.6
	    #15 0x000000000040e5da in _start ()

	symmetry seems missing its sibbling coded functionality
	demonstrated under functions;
	        xenFormatXLUSBController()
	        xenFormatXLUSB()
	        xenFormatXLDomainChannels()
	        xenFormatXMDisks

2017-04-13  Wim ten Have  <wim.ten.have@oracle.com>

	virConfSaveValue: protect against a NULL pointer reference
	Fix xlconfigtest runs build for --enable-test-oom on
	        Xen XL-2-XML Parse  channel-pty

	Program received signal SIGSEGV, Segmentation fault.

	    #0  0x00007ffff3c2b373 in __strchr_sse2 () from /lib64/libc.so.6
	==> #1  0x00007ffff7875701 in virConfSaveValue (buf=buf@entry=0x7fffffffd8a0, val=val@entry=0x674750) at util/virconf.c:290
	    #2  0x00007ffff7875668 in virConfSaveValue (buf=buf@entry=0x7fffffffd8a0, val=<optimized out>) at util/virconf.c:306
	    #3  0x00007ffff78757ef in virConfSaveEntry (buf=buf@entry=0x7fffffffd8a0, cur=cur@entry=0x674780) at util/virconf.c:338
	    #4  0x00007ffff78783eb in virConfWriteMem (memory=0x665570 "", len=len@entry=0x7fffffffd910, conf=conf@entry=0x65b940)
	        at util/virconf.c:1543
	    #5  0x000000000040eccb in testCompareParseXML (replaceVars=<optimized out>, xml=<optimized out>,
	        xlcfg=0x662c00 "/home/wtenhave/WORK/libvirt/OOMtesting/libvirt-devel/tests/xlconfigdata/test-channel-pty.cfg")
	        at xlconfigtest.c:108
	    #6  testCompareHelper (data=<optimized out>) at xlconfigtest.c:205
	    #7  0x0000000000410b3a in virTestRun (title=title@entry=0x432cc0 "Xen XL-2-XML Parse  channel-pty",
	        body=body@entry=0x40e9b0 <testCompareHelper>, data=data@entry=0x7fffffffd9f0) at testutils.c:247
	    #8  0x000000000040f322 in mymain () at xlconfigtest.c:278
	    #9  0x0000000000411410 in virTestMain (argc=1, argv=0x7fffffffdba8, func=0x40f660 <mymain>) at testutils.c:992
	    #10 0x00007ffff3bc0401 in __libc_start_main () from /lib64/libc.so.6
	    #11 0x000000000040e86a in _start ()

	    (gdb) frame 1
	    #1  0x00007ffff7875701 in virConfSaveValue (buf=buf@entry=0x7fffffffd8a0, val=val@entry=0x674750) at util/virconf.c:290
	    290                 if (strchr(val->str, '\n') != NULL) {
	    (gdb) print *val
	    $1 = {type = VIR_CONF_STRING, next = 0x0, l = 0, str = 0x0, list = 0x0}

2017-04-13  John Ferlan  <jferlan@redhat.com>

	nwfilter: Introduce virNWFilterObjListExport
	Essentially code motion to move the ListExport function from nwfilter_driver
	into virnwfilterobj

2017-04-13  John Ferlan  <jferlan@redhat.com>

	nwfilter: Introduce virNWFilterObjGetNames
	Mostly code motion to move nwfilterConnectListNWFilters into nwfilterobj.c
	and rename to virNWFilterObjGetNames.

	Also includes a couple of variable name adjustments to keep code consistent
	with other drivers.

2017-04-13  John Ferlan  <jferlan@redhat.com>

	nwfilter: Introduce virNWFilterObjNumOfNWFilters
	Mostly code motion from nwfilter_driver to virnwfilterobj with one caveat
	to add the virNWFilterObjListFilter typedef and pass it as an 'aclfilter'
	argument to allow for future possible test driver adjustments to count
	the number of filters (similar to how node device has done this).

2017-04-13  John Ferlan  <jferlan@redhat.com>

	conf: Add check for non scsi_host parent during vport delete
	https://bugzilla.redhat.com/show_bug.cgi?id=1420740

	If the parent is not a scsi_host, then we can just happily return since
	we won't be removing a vport.

	Fixes a bug with the following output:

	$ virsh pool-destroy host4_hba_pool
	error: Failed to destroy pool host4_hba_pool
	error: internal error: Invalid adapter name 'pci_0000_10_00_1' for SCSI pool

	$

2017-04-13  John Ferlan  <jferlan@redhat.com>

	conf: Check for storage conflicts across pool types
	https://bugzilla.redhat.com/show_bug.cgi?id=1233129

	The virStoragePoolObjSourceFindDuplicate logic used by PoolCreateXML
	and PoolDefineXML avoids comparing the new definition against "other"
	pool types. This can cause unexpected corruption if two different pool
	source types used the same source device path. For example, a 'disk'
	pool using source type device=/dev/sdc could be unwittingly overwritten
	by using /dev/sdc for a 'logical' pool which also uses the source
	device path.

	So rather than blindly ignoring those checks when def->type !=
	pool->def->type - have the pool->def->type switch logic handle the
	check for which def->type's should be checked.

2017-04-13  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virStoragePoolObjSourceMatchTypeDEVICE
	Refactor virStoragePoolObjSourceFindDuplicate into smaller units
	separated by the "supported" pool source type. The ISCSI, FS,
	LOGICAL, DISK, and ZFS pools can use "<source>... <device='%s'/>...
	</source>".

	Alter the logic slightly to return the matching pool or NULL rather
	than setting matchpool = pool and break.  Easier to read that way.

2017-04-13  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virStoragePoolObjSourceMatchTypeISCSI
	In the effort to reduce the virStoragePoolObjSourceFindDuplicate logic,
	create a new helper which will handle all the ISCSI type differences.

	Alter things just a little bit to return NULL or pool rather than
	using breaks and matchpool = pool, then break. Also rather than creating
	variables withing the if...else if... conditions, have them all at the
	top of the function to make things a bit easier to read.

2017-04-13  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virStoragePoolObjSourceMatchTypeDIR
	Refactor virStoragePoolObjSourceFindDuplicate into smaller units
	separated by the "supported" pool source type. The DIR, GLUSTER,
	and NETFS pools all can use "<source>... <dir='%s'/>... </source>".

	Alter the logic slightly to return the matching pool or NULL rather
	than setting matchpool = pool and break.  Easier to read that way.

2017-04-13  Ján Tomko  <jtomko@redhat.com>

	qemu: refactor qemuBuildIOMMUCommandLine
	Introduce a separate buffer for options and use a helper
	variable for def->iommu.

	qemu: allow conditional device property probing
	Do not probe for devices that QEMU does not know
	when probing for device options.

	Split out virDomainIOMMUDefFormat
	Make adding subelements easier.

2017-04-13  Wang King  <king.wang@huawei.com>

	util: Fix resource leak
	The virRotatingFileWriterAppend method leaks the file->entry
	on the virRotatingFileWriterEntryNew failing path.

	tools: remove unused assignment statement in virshStorageVolListCollect
	Assigning value true to @success if there is no volumes, that stored value is not used.

	test: Remove unused variate @maxcpu in testDomainGetVcpus
	Since refactoring by commit id '3dd859c0', @maxcpu is no longer used.

	esx: Fix memory leak
	Variable def going out of scope leaks the storage def.source.hosts points to.

	esx: Fix incorrect memory compare size in esxStoragePoolLookupByUUID
	Use MD5_DIGEST_SIZE or VIR_UUID_BUFLEN rather than VIR_UUID_STRING_BUFLEN
	when compare @uuid with @md5.

	conf: remove unused assignment statement in virSysinfoBaseBoardParseXML
	Assigning value 0 to @nboards in success path, that stored value is not used.

2017-04-13  Ján Tomko  <jtomko@redhat.com>

	util: add missing equal sign in initialization
	Fix the build with clang:
	util/virperf.c:86:27: error: use of GNU 'missing =' extension
	    in designator [-Werror,-Wgnu-designator]
	    [VIR_PERF_EVENT_MBML] {
	                          ^
	                          =

2017-04-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Reject migration of an empty disk
	If you specify disks to migrate it would be possible to select an empty
	drive for migration. Reject such config.

	qemu: migration: Use virStorageSourceIsEmpty in qemuMigrateDisk
	Use the proper check whether a disk is empty.

	qemu: snapshot: Skip empty drives with internal snapshots
	The code that validates whether an internal snapshot is possible would
	reject an empty but not-readonly drive. Since floppies can have this
	property, add a check for emptiness.

2017-04-13  Peter Krempa  <pkrempa@redhat.com>

	conf: Keep 'readonly' property when resetting disk source
	The property is necessary also for the disk using the source (e.g. cdrom)
	which needs to be kept readonly.

	Commit '462c4b66' was a bit too aggressive in this aspect, since the
	readonly flag is set only while parsing.

2017-04-13  Ján Tomko  <jtomko@redhat.com>

	qemu: do not crash on USB address with no port and invalid bus
	Properly error out when the user requests a port from a bus
	that does not have a controller present in the domain XML.

	https://bugzilla.redhat.com/show_bug.cgi?id=1441589

2017-04-13  Peter Krempa  <pkrempa@redhat.com>

	test: virsh-optparse: Fix expected test output with new error checking
	Commit 4f4c3b1397c4b5d16af added code to remember errors during freeing
	of domain objects. This changed the output when testing scaled numbers
	parsing in virsh-optparse. Adjust the expected output.

2017-04-12  Daniel P. Berrange  <berrange@redhat.com>

	perf: get rid of pointless virPerfGetEvent() method
	The virPerfGetEvent method pointlessly checks for a NULL
	parameter and the range of an enum value. The whole point
	of using an enum is that we can avoid such checks. Just
	replace calls to virPerfGetEvent, with perf->events[type]
	array access.

	perf: get rid of pointless virPerfGetEventAttr() method
	The virPerfGetEventAttr method contains a totally pointless
	loop. Remove it, verify the array size statically, and then
	just use an array index to access the perf event.

2017-04-12  Martin Kletzander  <mkletzan@redhat.com>

	man: Align vol-resize arguments with the output of help

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: conf: Don't leak 'namespaces' temporary variable while parsing config
	==20406== 8 bytes in 1 blocks are definitely lost in loss record 24 of 1,059
	==20406==    at 0x4C2CF55: calloc (vg_replace_malloc.c:711)
	==20406==    by 0x54BF530: virAllocN (viralloc.c:191)
	==20406==    by 0x54D37C4: virConfGetValueStringList (virconf.c:1001)
	==20406==    by 0x144E4E8E: virQEMUDriverConfigLoadFile (qemu_conf.c:835)
	==20406==    by 0x1452A744: qemuStateInitialize (qemu_driver.c:664)
	==20406==    by 0x55DB585: virStateInitialize (libvirt.c:770)
	==20406==    by 0x124570: daemonRunStateInit (libvirtd.c:881)
	==20406==    by 0x5532990: virThreadHelper (virthread.c:206)
	==20406==    by 0x8C82493: start_thread (in /lib64/libpthread-2.24.so)
	==20406==    by 0x8F7FA1E: clone (in /lib64/libc-2.24.so)

	qemu: conf: Don't leak snapshot image format conf variable
	==20406== 4 bytes in 1 blocks are definitely lost in loss record 6 of 1,059
	==20406==    at 0x4C2AF3F: malloc (vg_replace_malloc.c:299)
	==20406==    by 0x8F17D39: strdup (in /lib64/libc-2.24.so)
	==20406==    by 0x552C0E0: virStrdup (virstring.c:784)
	==20406==    by 0x54D3622: virConfGetValueString (virconf.c:945)
	==20406==    by 0x144E4692: virQEMUDriverConfigLoadFile (qemu_conf.c:687)
	==20406==    by 0x1452A744: qemuStateInitialize (qemu_driver.c:664)
	==20406==    by 0x55DB585: virStateInitialize (libvirt.c:770)
	==20406==    by 0x124570: daemonRunStateInit (libvirtd.c:881)
	==20406==    by 0x5532990: virThreadHelper (virthread.c:206)
	==20406==    by 0x8C82493: start_thread (in /lib64/libpthread-2.24.so)
	==20406==    by 0x8F7FA1E: clone (in /lib64/libc-2.24.so)

	virsh-domain: Refactor cmdTTYConsole
	Use the new XML helpers and use virXPathString rather than hand-rolling
	the code.

	virsh-domain: Use the virsh wrappers for getting XML to simplify code
	Reuse virshDomainGetXML and virshDomainGetXMLFromDom.

	virsh-domain-monitor: Use the virsh wrappers for getting XML to simplify code
	Reuse virshDomainGetXML and virshDomainGetXMLFromDom.

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: add helpers for getting domain XML for XPath purposes
	In virsh we quite often get the domain XML just to initialize the XPath
	parser so that we can extract information.

	Add helpers which will simplify this by wrapping the getting of the XML
	and parsing it along with error reporting.

	Additionally a second helper also gets the domain object from the
	parameters and releases it so that functions which need the XML as only
	source of data can be simplified further.

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	vsh: Add helper for safe remembering of libvirt errors
	Avoid the annoying issue where the public object freeing APIs overwrite
	the error set by helper functions, since they don't invoke the callback.

	The new helper remembers the error only if no previous error was set.

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add wrapper for virDomainSnapshotFree
	Similarly to virshDomainFree add a wrapper for the snapshot object
	freeing function.

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	virsh-util: Add wrapper for virDomainFree
	virDomainFree has it's quirks (does not like NULL pointers, resets
	libvirt errors). Replace it by a virsh helper which will allow us to
	centrally fix issues with it.

	The syntax-check rule will prohibit new uses of virDomainFree.

2017-04-12  Peter Krempa  <pkrempa@redhat.com>

	virsh-util: Move domain lookup helpers into virsh-util
	Move virshLookupDomainBy, virshCommandOptDomainBy and
	virshCommandOptDomainBy to the helper file. Additionally turn the
	virshCommandOptDomainBy macro into a function.

	virsh: Add new file for utility functions and move a few
	Don't accumulate helpers in virsh.c

2017-04-12  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix mdev checking for VFIO support
	Commit a4a39d90 added a check that checks for VFIO support with mediated
	devices. The problem is that the hostdev preparing functions behave like
	a fallthrough if device of that specific type doesn't exist. However,
	the check for VFIO support was independent of the existence of a mdev
	device which caused the guest to fail to start with any device to be
	directly assigned if VFIO was disabled/unavailable in the kernel.
	The proposed change first ensures that it makes sense to check for VFIO
	support in the first place, and only then performs the VFIO support check
	itself.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1441291

2017-04-12  Wang King  <king.wang@huawei.com>

	util: systemd: Don't strlen a possibly NULL string
	Coverity complains about virBufferCurrentContent might be return null
	when calling strlen, so check virBufferError first before calling
	strlen.

	interface: Fix resource leak in netcfConnectListAllInterfaces error path
	On virGetInterface failure, call virInterfaceDefFree for the @def.

	virsh: don't leak @cpumap in virshVcpuPinQuery
	==18591== 16 bytes in 1 blocks are definitely lost in loss record 41 of 183
	==18591==    at 0x4C2B934: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==18591==    by 0x54EBB1C: virAllocN (viralloc.c:191)
	==18591==    by 0x1628CA: _vshMalloc (vsh.c:136)
	==18591==    by 0x1344C4: virshVcpuPinQuery (virsh-domain.c:6603)
	==18591==    by 0x1344C4: cmdVcpuPin (virsh-domain.c:6707)
	==18591==    by 0x1631BF: vshCommandRun (vsh.c:1312)
	==18591==    by 0x12DBB1: main (virsh.c:961)

2017-04-11  John Ferlan  <jferlan@redhat.com>

	storage: Create helpers to perform FindByUUID and FindByName
	Create a couple of helpers that will perform the same call sequence.

	storage: Pass driver arg by ref
	Alter virStoragePoolObjListExport in order to pass the drivers->pools
	by reference

2017-04-11  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjGetNames
	Mostly code motion to move storageConnectList[Defined]StoragePools
	and similar test driver code into virstorageobj.c and rename to
	virStoragePoolObjGetNames.

	Also includes a couple of variable name adjustments to keep code consistent
	with other drivers.

2017-04-11  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjNumOfStoragePools
	Unify the NumOf[Defined]StoragePools API into virstorageobj.c from
	storage_driver and test_driver.  The only real difference between the
	two is the test driver doesn't call using the aclfilter API.

	storage: Introduce virStoragePoolObjVolumeListExport
	Essentially code motion to move the storage/test driver ListAllVolumes
	logic into virstorageobj.c

2017-04-11  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjVolumeGetNames
	Mostly code motion to move storagePoolListVolumes code into virstorageobj.c
	and rename to virStoragePoolObjVolumeGetNames.

	Also includes a couple of variable name adjustments to keep code consistent
	with other drivers.

2017-04-11  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjNumOfVolumes
	Unify the NumOfVolumes API into virstorageobj.c from storage_driver and
	test_driver.  The only real difference between the two is the test driver
	doesn't call using the aclfilter API.

2017-04-11  Pavel Hrdina  <phrdina@redhat.com>

	tests/testutilsqemu: properly initialize qemu caps for tests
	This removes the hacky extern global variable and modifies the
	test code to properly create QEMU capabilities cache for QEMU
	binaries used in our tests.

2017-04-11  Pavel Hrdina  <phrdina@redhat.com>

	tests: unify qemu binary paths for all qemu related tests
	Our test data used a lot of different qemu binary paths and some
	of them were based on downstream systems.

	Note that there is one file where I had to add "accel=kvm" because
	the qemuargv2xml code parses "/usr/bin/kvm" as virt type="kvm".

2017-04-11  Pavel Hrdina  <phrdina@redhat.com>

	tests: don't use different QEMU binary paths for different virt types
	The virt type for QEMU can be modified by -machine attribute "accel"
	so there is no need to have different QEMU binary paths.

	tests/testutilsqemu: introduce QEMUBinList with all qemu binaries for tests
	Let's group all the binaries that we use in our test suite to one array.

	tests/testutilsqemu: extract guest creation into separate functions
	All other architectures have separate functions to prepare guest
	capabilities, do the same for i686 and x86_64 as well.

	tests: use global virQEMUDriver
	Most tests already use global driver variable that is initialized
	before any test case is executed, convert these remaining tests to
	the same concept.

	tests/qemuxml2xmltest: remove NOP call of virQEMUCapsSetList
	Commit 5572cd7f0e9e deprecated QEMU_CAPS_DEVICE capability but forgot
	to remove this call as well.

	tests/qemuxml2argvtest: remove unnecessary machine canonicalization
	This is not required to run our tests.

	tests: fix some resource leaks
	Found by running valgrind for these tests.

	rpc: fix resource leak
	Commit 252610f7dd1 switched to use hash to store servers.
	Function virHashGetItems returns allocated array which needs
	to be freed also for successful path, not only if there is
	an error.

	src: fix multiple resource leaks in loops
	All of the variables are filled inside a loop and therefore
	needs to be also freed in every cycle.

	conf/domain_capabilities: fix resource leak
	Commit 14319c81a0 introduced CPU host model in domain capabilities
	and the *hostmodel* variable is always filled by virCPUDefCopy()
	and needs to be freed.

2017-04-10  John Ferlan  <jferlan@redhat.com>

	nodedev: Fix aclfilter check
	For both virNodeDeviceObjNumOfDevices and virNodeDeviceObjGetNames, the
	check should be if the aclfilter doesn't exist or if it does exist, then
	it must pass

	conf: Fix virNodeDeviceObjGetNames nnames increment
	To be safer, only increment nnames after the VIR_STRDUP is successful.

2017-04-10  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	refactoring: Use the return value of virObjectRef directly
	Use the return value of virObjectRef directly. This way, it's easier
	for another reader to identify the reason why the additional reference
	is required.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-04-10  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: remove ATTRIBUTE_UNUSED in qemuProcessHandleMonitorEOF
	This attribute is not needed here, since @mon is in use.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-04-10  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Implement qemuMonitorRegister()
	Implement qemuMonitorRegister() as there is already a
	qemuMonitorUnregister() function. This way it may be easier to
	understand the code paths.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-04-10  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Turn qemuDomainLogContext into virObject
	This way qemuDomainLogContextRef() and qemuDomainLogContextFree() is
	no longer needed. The naming qemuDomainLogContextFree() was also
	somewhat misleading. Additionally, it's easier to turn
	qemuDomainLogContext in a self-locking object.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-04-10  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Fix two use-after-free situations
	There were multiple race conditions that could lead to segmentation
	faults. The first precondition for this is qemuProcessLaunch must fail
	sometime shortly after starting the new QEMU process. The second
	precondition for the segmentation faults is that the new QEMU process
	dies - or to be more precise the QEMU monitor has to be closed
	irregularly. If both happens during qemuProcessStart (starting a
	domain) there are race windows between the thread with the event
	loop (T1) and the thread that is starting the domain (T2).

	First segmentation fault scenario:
	If qemuProcessLaunch fails during qemuProcessStart the code branches
	to the 'stop' path where 'qemuMonitorSetDomainLog(priv->mon, NULL,
	NULL, NULL)' will set the log function of the monitor to NULL (done in
	T2). In the meantime the event loop of T1 will wake up with an EOF
	event for the QEMU monitor because the QEMU process has died. The
	crash occurs if T1 has checked 'mon->logFunc != NULL' in qemuMonitorIO
	just before the logFunc was set to NULL by T2. If this situation
	occurs T1 will try to call mon->logFunc which leads to the
	segmentation fault.

	Solution:
	Require the monitor lock for setting the log function.

	Backtrace:
	0  0x0000000000000000 in ?? ()
	1  0x000003ffe9e45316 in qemuMonitorIO (watch=<optimized out>,
	fd=<optimized out>, events=<optimized out>, opaque=0x3ffe08aa860) at
	../../src/qemu/qemu_monitor.c:727
	2  0x000003fffda2e1a4 in virEventPollDispatchHandles (nfds=<optimized
	out>, fds=0x2aa000fd980) at ../../src/util/vireventpoll.c:508
	3  0x000003fffda2e398 in virEventPollRunOnce () at
	../../src/util/vireventpoll.c:657
	4  0x000003fffda2ca10 in virEventRunDefaultImpl () at
	../../src/util/virevent.c:314
	5  0x000003fffdba9366 in virNetDaemonRun (dmn=0x2aa000cc550) at
	../../src/rpc/virnetdaemon.c:818
	6  0x000002aa00024668 in main (argc=<optimized out>, argv=<optimized
	out>) at ../../daemon/libvirtd.c:1541

	Second segmentation fault scenario:
	If qemuProcessLaunch fails it will unref the log context and with
	invoking qemuMonitorSetDomainLog(priv->mon, NULL, NULL, NULL)
	qemuDomainLogContextFree() will be invoked. qemuDomainLogContextFree()
	invokes virNetClientClose() to close the client and cleans everything
	up (including unref of _virLogManager.client) when virNetClientClose()
	returns. When T1 is now trying to report 'qemu unexpectedly closed the
	monitor' libvirtd will crash because the client has already been
	freed.

	Solution:
	As the critical section in qemuMonitorIO is protected with the monitor
	lock we can use the same solution as proposed for the first
	segmentation fault.

	Backtrace:
	0  virClassIsDerivedFrom (klass=0x3100979797979797,
	parent=0x2aa000d92f0) at ../../src/util/virobject.c:169
	1  0x000003fffda659e6 in virObjectIsClass (anyobj=<optimized out>,
	klass=<optimized out>) at ../../src/util/virobject.c:365
	2  0x000003fffda65a24 in virObjectLock (anyobj=0x3ffe08c1db0) at
	../../src/util/virobject.c:317
	3  0x000003fffdba4688 in
	virNetClientIOEventLoop (client=client@entry=0x3ffe08c1db0,
	thiscall=thiscall@entry=0x2aa000fbfa0) at
	../../src/rpc/virnetclient.c:1668
	4  0x000003fffdba4b4c in
	virNetClientIO (client=client@entry=0x3ffe08c1db0,
	thiscall=0x2aa000fbfa0) at ../../src/rpc/virnetclient.c:1944
	5  0x000003fffdba4d42 in
	virNetClientSendInternal (client=client@entry=0x3ffe08c1db0,
	msg=msg@entry=0x2aa000cc710, expectReply=expectReply@entry=true,
	nonBlock=nonBlock@entry=false) at ../../src/rpc/virnetclient.c:2116
	6  0x000003fffdba6268 in
	virNetClientSendWithReply (client=0x3ffe08c1db0, msg=0x2aa000cc710) at
	../../src/rpc/virnetclient.c:2144
	7  0x000003fffdba6e8e in virNetClientProgramCall (prog=0x3ffe08c1120,
	client=<optimized out>, serial=<optimized out>, proc=<optimized out>,
	noutfds=<optimized out>, outfds=0x0, ninfds=0x0, infds=0x0,
	args_filter=0x3fffdb64440
	<xdr_virLogManagerProtocolDomainReadLogFileArgs>, args=0x3ffffffe010,
	ret_filter=0x3fffdb644c0
	<xdr_virLogManagerProtocolDomainReadLogFileRet>, ret=0x3ffffffe008) at
	../../src/rpc/virnetclientprogram.c:329
	8  0x000003fffdb64042 in
	virLogManagerDomainReadLogFile (mgr=<optimized out>, path=<optimized
	out>, inode=<optimized out>, offset=<optimized out>, maxlen=<optimized
	out>, flags=0) at ../../src/logging/log_manager.c:272
	9  0x000003ffe9e0315c in qemuDomainLogContextRead (ctxt=0x3ffe08c2980,
	msg=0x3ffffffe1c0) at ../../src/qemu/qemu_domain.c:4422
	10 0x000003ffe9e280a8 in qemuProcessReadLog (logCtxt=<optimized out>,
	msg=msg@entry=0x3ffffffe288) at ../../src/qemu/qemu_process.c:1800
	11 0x000003ffe9e28206 in qemuProcessReportLogError (logCtxt=<optimized
	out>, msgprefix=0x3ffe9ec276a "qemu unexpectedly closed the monitor")
	at ../../src/qemu/qemu_process.c:1836
	12 0x000003ffe9e28306 in
	qemuProcessMonitorReportLogError (mon=mon@entry=0x3ffe085cf10,
	msg=<optimized out>, opaque=<optimized out>) at
	../../src/qemu/qemu_process.c:1856
	13 0x000003ffe9e452b6 in qemuMonitorIO (watch=<optimized out>,
	fd=<optimized out>, events=<optimized out>, opaque=0x3ffe085cf10) at
	../../src/qemu/qemu_monitor.c:726
	14 0x000003fffda2e1a4 in virEventPollDispatchHandles (nfds=<optimized
	out>, fds=0x2aa000fd980) at ../../src/util/vireventpoll.c:508
	15 0x000003fffda2e398 in virEventPollRunOnce () at
	../../src/util/vireventpoll.c:657
	16 0x000003fffda2ca10 in virEventRunDefaultImpl () at
	../../src/util/virevent.c:314
	17 0x000003fffdba9366 in virNetDaemonRun (dmn=0x2aa000cc550) at
	../../src/rpc/virnetdaemon.c:818
	18 0x000002aa00024668 in main (argc=<optimized out>, argv=<optimized
	out>) at ../../daemon/libvirtd.c:1541

	Other code parts where the same problem was possible to occur are
	fixed as well (qemuMigrationFinish, qemuProcessStart, and
	qemuDomainSaveImageStartVM).

	Reported-by: Sascha Silbe <silbe@linux.vnet.ibm.com>

2017-04-10  John Ferlan  <jferlan@redhat.com>

	nodedev: Pass driver arg by ref
	Alter virNodeDeviceObjListExport in order to pass the drivers->devs
	by reference

2017-04-10  John Ferlan  <jferlan@redhat.com>

	nodedev: Introduce virNodeDeviceObjGetNames
	Unify the *ListDevice API into virnodedeviceobj.c from node_device_driver
	and test_driver.  The only real difference between the two is that the test
	driver doesn't call the aclfilter API. The name of the new API follows that
	of other drivers to "GetNames".

	NB: Change some variable names to match what they really are - consistency
	with other drivers. Also added a clear of the input names.

	This also allows virNodeDeviceObjHasCap to be static to virnodedeviceobj

2017-04-10  John Ferlan  <jferlan@redhat.com>

	nodedev: Introduce virNodeDeviceObjNumOfDevices
	Unify the NumOfDevices API into virnodedeviceobj.c from node_device_driver
	and test_driver.  The only real difference between the two is that the test
	driver doesn't call the aclfilter API.

	interface: Clean up Interface section of test_driver
	Clean up the code to adhere to more of the standard two spaces between
	functions, separate lines for type and function name, one argument per line.

	interface: Introduce virInterfaceObjGetNames
	Unlike other drivers, this is a test driver only API. Still combining
	the logic of testConnectListInterfaces and testConnectListDefinedInterfaces
	makes things a bit easier in the long run.

	interface: Introduce virInterfaceObjNumOfInterfaces
	Unlike other drivers, this is a test driver only API. Still combining
	the logic of testConnectNumOfInterfaces and testConnectNumOfDefinedInterfaces
	makes things a bit easier in the long run.

2017-04-08  Dawid Zamirski  <dzamirski@datto.com>

	news: update for Hyper-V 2012+ support.

	hyperv: update driver documentation.

2017-04-08  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: add support for Hyper-V 2012 and newer
	This patch reworks the Hyper-V driver structs and the code generator
	to provide seamless support for both Hyper-V 2008 and 2012 or newer.
	This does not implement any new libvirt APIs, it just adapts existing
	2008-only driver to also handle 2012 and newer by sharing as much
	driver code as possible (currently it's all of it :-)). This is needed
	to set the foundation before we can move forward with implementing the
	rest of the driver APIs.

	With the 2012 release, Microsoft introduced "v2" version of Msvm_* WMI
	classes. Those are largely the same as "v1" (used in 2008) but have some
	new properties as well as need different wsman request URIs. To
	accomodate those differences, most of work went into the code generator
	so that it's "aware" of possibility of multiple versions of the same WMI
	class and produce C code accordingly.

	To accomplish this the following changes were made:

	 * the abstract hypervObject struct's data member was changed to a union
	   that has "common", "v1" and "v2" members. Those are structs that
	   represent WMI classes that we get back from wsman response. The
	   "common" struct has members that are present in both "v1" and "v2"
	   which the driver API callbacks can use to read the data from in
	   version-independent manner (if version-specific member needs to be
	   accessed the driver can check priv->wmiVersion and read from "v1" or
	   "v2" as needed). Those structs are guaranteed to be  memory aligned
	   by the code generator (see the align_property_members implementation
	   that takes care of that)
	 * the generator produces *_WmiInfo for each WMI class "family" that
	   holds an array of hypervWmiClassInfoPtr each providing information
	   as to which request URI to use for each "version" of given WMI class
	   as well as XmlSerializerInfo struct needed to unserilize WS-MAN
	   responsed into the data structs. The driver uses those to make proper
	   WS-MAN request depending on which version it's connected to.
	 * the generator no longer produces "helper" functions such as
	   hypervGetMsvmComputerSystemList as those were originally just simple
	   wrappers around hypervEnumAndPull, instead those were hand-written
	   now (to keep driver changes minimal). The reason is that we'll have
	   more code coming implementing missing libvirt APIs and surely code
	   patterns will emerge that would warrant more useful "utility" functions
	   like that.
	 * a hypervInitConnection was added to the driver which "detects"
	   Hyper-V version by testing simple wsman request using v2 then falling
	   back to v1, obviously if both fail, the we're erroring out.

	To express how the above translates in code:

	void
	hypervImplementSomeLibvirtApi(virConnectPtr conn, ...)
	{
	    hypervPrivate *priv = conn->privateData;
	    virBuffer query = VIR_BUFFER_INITIALIZER;
	    hypervWqlQuery wqlQuery = HYPERV_WQL_QUERY_INITIALIZER;
	    Msvm_ComputerSystem *list = NULL; /* typed hypervObject instance */

	    /* the WmiInfo struct has the data needed for wsman request and
	     * response handling for both v1 and v2 */
	    wqlQuery.info = Msvm_ComputerSystem_WmiInfo;
	    wqlQuery.query = &query;

	    virBufferAddLit(&query, "select * from Msvm_ComputerSystem");

	    if (hypervEnumAndPull(priv, &wqlQuery, (hypervObject **) &list) < 0) {
	        goto cleanup;
	    }

	    if (list == NULL) {
	        /* none found */
	        goto cleanup;
	    }

	    /* works with v1 and v2 */
	    char *vmName = list->data.common->Name;

	    /* access property that is in v2 only */
	    if (priv->wmiVersion == HYPERV_WMI_VERSION_V2)
	        char *foo = list->data.v2->V2Property;
	    else
	        char *foo = list->data.v1->V1Property;

	 cleanup:
	    hypervFreeObject(priv, (hypervObject *)list);
	}

2017-04-08  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: update hypervObject struct.
	Currently named as hypervObjecUnified to keep code
	compilable/functional until all bits are in place.

	This struct is a result of unserializing WMI request response.
	Therefore, it needs to be able to deal with different "versions" of the
	same WMI class. To accomplish this, the "data" member was turned in to
	a union which:

	* has a "common" member that contains only WMI class fields that are
	  safe to access and are present in all "versions". This is ensured by
	  the code generator that takes care of proper struct memory alignment
	  between "common", "v1", "v2" etc members. This memeber is to be used
	  by the driver code wherever the API implementation can be shared for
	  all supported hyper-v versions.
	* the "v1" and "v2" member can be used by the driver code to handle
	  version specific cases.

	Example:

	Msvm_ComputerSystem *vm = NULL;
	...
	hypervGetVirtualMachineList(priv, wqlQuery, *vm);
	...
	/* safe for "v1" and "v2" */
	char *vmName = vm->data.common->Name;

	/* or if one really needs special handling for "v2" */
	if (priv->wmiVersion == HYPERV_WMI_VERSION_V2) {
	    char *foo = vm->data.v2->SomeV2OnlyField;
	}

	In other words, driver should not concern itself with existence of "v1"
	or "v2" of WMI class unless absolutely necessary.

2017-04-08  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: introduce hypervWmiClassInfo struct.
	This struct is to be used to carry all the information necessary to
	issue wsman requests for given WMI class. Those will be defined by the
	generator code (as lists) so that they are handy for the driver code to
	"extract" needed info depending on which hyper-v we're connected to.
	For example:

	hypervWmiClassInfoListPtr Msvm_ComputerSystem_WmiInfo = {
	    .count = 2
	    {
	        {
	            .name = "Msvm_ComputerSystem",
	            .version = "v1",
	            .rootUri = "http://asdf.com",
	            ...
	        },
	        {
	            .name = "Msvm_ComputerSystem",
	            .version = "v2",
	            .rootUri = "http://asdf.com/v2",
	            ...
	        },
	    }
	};

	Then the driver code will grab either "v1" or "v2" to pass info wsman
	API, depending on hypervPrivate->wmiVersion value.

2017-04-08  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: store WMI version in hypervPrivate.
	Hyper-V 2012+ uses a new "v2" version of Msvm_* WMI classes so we will
	store that info in hypervPrivate so that it is easily accessbile in the
	driver API callbacks and handled accordingly.

2017-04-07  John Ferlan  <jferlan@redhat.com>

	disk: Force usage of parted when checking disk format for "bsd"
	https://bugzilla.redhat.com/show_bug.cgi?id=1439132

	Add "bsd" to the list of format types to not checked during blkid
	processing even though it supposedly knows the format - for some
	(now unknown) reason it's returning partition table not found. So
	let's just let PARTED handle "bsd" too.

2017-04-07  John Ferlan  <jferlan@redhat.com>

	disk: Resolve issues with disk partition build/start checks
	https://bugzilla.redhat.com/show_bug.cgi?id=1439132

	Commit id 'a48c674fb' added a check for format types "dvh" and "pc98"
	to use the parted print processing instead of using blkid processing
	in order to validate the label on the disk was what is expected for
	disk pool startup. However, commit id 'a4cb4a74f' really messed things
	up by missing an else condition causing PARTEDFindLabel to always
	return DIFFERENT.

2017-04-07  Pavel Hrdina  <phrdina@redhat.com>

	conf: create new RemovalFailed event using correct class

	qemu: fix memory leak and check mdevPath

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't overwrite existing error in qemuMigrationReset
	https://bugzilla.redhat.com/show_bug.cgi?id=1439130

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly reset all migration capabilities
	So far only QEMU_MONITOR_MIGRATION_CAPS_POSTCOPY was reset, but only in
	a single code path leaving post-copy enabled in quite a few cases.

	https://bugzilla.redhat.com/show_bug.cgi?id=1425003

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Simplify qemuMigrationResetTLS
	It's only called from qemuMigrationReset now so it doesn't need to be
	exported and {tls,sec}Alias are always NULL.

	qemu: Introduce qemuMigrationReset
	This new API is supposed to reset all migration parameters to make sure
	future migrations won't accidentally use them. This patch makes the
	first step and moves qemuMigrationResetTLS call inside
	qemuMigrationReset.

	qemu: Don't reset TLS in qemuMigrationCancel
	Migration parameters are either reset by the main migration code path or
	from qemuProcessRecoverMigration* in case libvirtd is restarted during
	migration.

	qemu: Don't reset TLS in qemuMigrationRun
	Finished qemuMigrationRun does not mean the migration itself finished
	(it might have just switched to post-copy mode). While resetting TLS
	parameters is probably OK at this point even if migration is still
	running, we want to consolidate the code which resets various migration
	parameters. Thus qemuMigrationResetTLS will be called from the Confirm
	phase (or at the end of the Perform phase in case of v2 protocol), when
	migration is either canceled or finished.

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always reset TLS in qemuProcessRecoverMigrationOut
	qemuProcessRecoverMigrationOut doesn't explicitly call
	qemuMigrationResetTLS relying on two things:

	    - qemuMigrationCancel resets TLS parameters
	    - our migration code resets TLS before entering
	      QEMU_MIGRATION_PHASE_PERFORM3_DONE phase

	But this is not obvious and the assumptions will be broken soon. Let's
	explicitly reset TLS parameters on all paths which do not kill the
	domain.

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Drop resume label in qemuProcessRecoverMigrationOut
	Let's use a bool variable to create a single shared path returning 0.

	qemu: Properly reset TLS in qemuProcessRecoverMigrationIn
	There is no async job running when a freshly started libvirtd is trying
	to recover from an interrupted incoming migration. While at it, let's
	call qemuMigrationResetTLS every time we don't kill the domain. This is
	not strictly necessary since TLS is not supported when v2 migration
	protocol is used, but doing so makes more sense.

	Revert "qemu: Move qemuCaps->{kvm,tcg}CPUModel into a struct"
	This reverts commit 68507d77d38c0f7b05f260177091e0ce1452758e which was
	pushed accidentally.

	Revert "qemu: Store migratable host CPU model in qemuCaps"
	This reverts commit dfc711dc8cf08e942b01e6ead3de117e6522e5cd which was
	pushed accidentally.

	Revert "qemu: Pass migratable host model to virCPUUpdate"
	This reverts commit 959e72d323d06d67a5c3a759869af6da49da0e0e which was
	pushed accidentally.

	Revert "cpu: Drop feature filtering from virCPUUpdate"
	This reverts commit 5f96b3feb6b345d3c3bfb68b05b16194ad3fea9d which was
	pushed accidentally.

	qemu: Fix formatting in qemu_migration.h

	cpu: Drop feature filtering from virCPUUpdate
	Because of the changes done in the previous commit, @host is already a
	migratable CPU and there's no need to do any additional filtering.

	qemu: Pass migratable host model to virCPUUpdate
	This will allow us to drop feature filtering from virCPUUpdate where it
	was just a hack.

	qemu: Store migratable host CPU model in qemuCaps

	qemu: Move qemuCaps->{kvm,tcg}CPUModel into a struct
	We will need to store two more host CPU models and nested structs look
	better than separate items with long complicated names.

	qemu: Add migratable parameter to virQEMUCapsInitCPUModel
	The caller can ask for a migratable CPU model by passing true for the
	new parameter.

	qemu: Move common code in virQEMUCapsInitCPUModel one layer up

	cpu: Introduce virCPUCopyMigratable
	This new internal API makes a copy of virCPUDef while removing all
	features which would block migration. It uses cpu_map.xml as a database
	of such features, which should only be used as a fallback when we cannot
	get the data from a hypervisor. The main goal of this API is to decouple
	this filtering from virCPUUpdate so that the hypervisor driver can
	filter the features according to the hypervisor.

2017-04-07  Jiri Denemark  <jdenemar@redhat.com>

	Properly ignore files in build-aux directory
	We want to ignore all files except *.pl in build-aux directory, however
	the unignore pattern "!/build-aux/*.pl" doesn't have any effect because
	a previous "/build-aux/" pattern ignores the directory itself rather
	than individual files in it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1439994

2017-04-07  Martin Kletzander  <mkletzan@redhat.com>

	util: Add virStringTrimOptionalNewline
	And use it in virFileRead*

	util: Fix virDirRead() description

	conf: Fix possible memleak in capabilities
	If formatting NUMA topology fails, the function returns immediatelly,
	but the buffer structure allocated on the stack references lot of
	heap-allocated memory and that would get lost in such case.

2017-04-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix regression when hyperv/vendor_id feature is used
	qemuProcessVerifyHypervFeatures is supposed to check whether all
	requested hyperv features were actually honored by QEMU/KVM. This is
	done by checking the corresponding CPUID bits reported by the virtual
	CPU. In other words, it doesn't work for string properties, such as
	VIR_DOMAIN_HYPERV_VENDOR_ID (there is no CPUID bit we could check). We
	could theoretically check all 96 bits corresponding to the vendor
	string, but luckily we don't have to check the feature at all. If QEMU
	is too old to support hyperv features, the domain won't even start.
	Otherwise, it is always supported.

	Without this patch, libvirt refuses to start a domain which contains

	  <features>
	    <hyperv>
	      <vendor_id state='on' value='...'/>
	    </hyperv>
	  </features>

	reporting internal error: "unknown CPU feature __kvm_hv_vendor_id.

	This regression was introduced by commit v3.1.0-186-ge9dbe7011, which
	(by fixing the virCPUDataCheckFeature condition in
	qemuProcessVerifyHypervFeatures) revealed an old bug in the feature
	verification code. It's been there ever since the verification was
	implemented by commit v1.3.3-rc1-5-g95bbe4bf5, which effectively did not
	check VIR_DOMAIN_HYPERV_VENDOR_ID at all.

	https://bugzilla.redhat.com/show_bug.cgi?id=1439424

2017-04-06  Ján Tomko  <jtomko@redhat.com>

	Split out -Wframe-larger-than warning from WARN_CLFAGS
	Introduce STRICT_FRAME_LIMIT_CFLAGS that will be used for
	production code and RELAXED_FRAME_LIMIT_CFLAGS for tests.

	Raising the limit for tests allows building them with clang
	with optimizations disabled.

2017-04-06  Andrea Bolognani  <abologna@redhat.com>

	qemu: Move some functions to qemu_capspriv.h
	This header file has been created so that we can expose
	internal functions to the test suite without making them
	public: those in qemu_capabilities.h bearing the comment

	  /* Only for use by test suite */

	are obvious candidates for being moved over.

2017-04-06  Andrea Bolognani  <abologna@redhat.com>

	storage: Avoid leak in virStorageUtilGlusterExtractPoolSources()
	The contents of volname would be leaked if the function were
	to be passed an invalid pooltype by the caller.

	Make sure the memory is released instead.

2017-04-05  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Fix VPATH syntax-check for qemuSecurity wrappers enforcment
	Fixing make syntax-check broken by commit 4da534c0b9.

	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-04-05  Michal Privoznik  <mprivozn@redhat.com>

	virISCSIGetSession: Don't leak memory
	This function runs an iscsi command and parses its output.
	However, due to the nature of things, virISCSIExtractSession()
	callback can be called multiple times. In each run it would
	allocate new memory and overwrite the variable where we keep
	pointer to it and thus leaking old allocations.

	virNetworkObjDispose: Don't leak virMacMap object
	Even though the virMacMap object is not necessarily created at
	the same time as the network object, the former makes no sense
	without the latter and thus should be unref'd in the network
	object dispose function.

	virStorageSourceClear: Don't leave dangling pointers behind
	Imagine that this function is called twice over the same disk
	source. While in the first run all allocated memory is freed, not
	all pointers are set to NULL (e.g. def->srcpool). So when called
	again, these poitners are freed again resulting in double free.

2017-04-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Break endless loop if qemuMigrationResetTLS fails
	Jumping to "endjob" label from a code after this label is not a very
	good idea.

2017-04-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: No need to debug-log the 'mon' pointer
	QEMU_CHECK_MONITOR_* already logs the object and vm name

	docs: Add news.rng to EXTRA_DIST

2017-04-05  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Implement 'checkPool' method so that state is restored
	After restart of libvirtd the 'checkPool' method is supposed to validate
	that the pool is online. Since libvirt then refreshes the pool contents
	anyways just return whether the pool was supposed to be online so that
	the code can be reached. This is necessary since if a pool does not
	implement the method it's automatically considered as inactive.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436065

2017-04-05  Peter Krempa  <pkrempa@redhat.com>

	docs: Move news.rng out of docs/schemas
	docs/schemas directory is meant for schemas which are installed on the
	system. The schema for the news file does not need to be installed.
	Store it along with the file it describes for simplicity.

2017-04-05  Peter Krempa  <pkrempa@redhat.com>

	docs: Document limitation of maximum vcpu count used with <topology>
	qemu requires that the topology equals to the maximum vcpu count.
	Document this along with the API to set maximum vcpu count and the XML
	element.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1426220

2017-04-04  John Ferlan  <jferlan@redhat.com>

	qemu: Fix resource leak in qemuDomainAddChardevTLSObjects error path
	On any failure, call virJSONValueFree for the *Props.

	qemu: Initialize 'data' argument
	Initialize stack variable to {0}

	tests: Pass BlockIOThrottle arguments by reference not value
	Pass the data by reference rather than everything on the stack.

2017-04-04  Andrea Bolognani  <abologna@redhat.com>

	tests: Rename VIRT_TEST_* macros to VIR_TEST_*
	We use the "vir" prefix pretty consistently in our
	APIs, both external and internal, which made these
	macros stood out.

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Use volume name as "<name>" field in the XML
	For native gluster pools the <dir> field denotes a directory inside the
	pool. For the actual pool name the <name> field has to be used.

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix XPath for looking up gluster volume name
	Use the relative lookup specifier rather than the global one. Otherwise
	only the first name would be looked up. Add a test case to cover the
	scenario.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436574

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	test: Introduce testing of virStorageUtilGlusterExtractPoolSources
	Add a test program called virstorageutiltest and test the gluster pool
	detection code.

	storage: util: Split out the gluster volume extraction code into new function
	To allow testing of the algorithm, split out the extractor into a
	separate helper.

	storage: util: Pass pool type to virStorageBackendFindGlusterPoolSources
	The native gluster pool source list data differs from the data used for
	attaching gluster volumes as netfs pools. Currently the only difference
	was the format. Since native pools don't use it and later there will be
	more differences add a more deterministic way to switch between the
	types instead.

2017-04-04  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix typo that breaks build

2017-04-04  Ján Tomko  <jtomko@redhat.com>

	util: ignore -Wcast-align in virNetlinkDumpCommand
	Similar to commit b202c39 ignore the warning that breaks the build
	with clang:
	util/virnetlink.c:365:52: error: cast from 'char *' to 'struct nlmsghdr *'
	 increases required alignment from 1 to 4 [-Werror,-Wcast-align]
	        for (msg = resp; NLMSG_OK(msg, len); msg = NLMSG_NEXT(msg, len)) {
	                                                   ^~~~~~~~~~~~~~~~~~~~
	/usr/include/linux/netlink.h:87:7: note: expanded from macro 'NLMSG_NEXT'
	         (struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
	         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Validate that vcpu-hotplug does not break config
	Make sure that non-hotpluggable vcpus stay clustered at the beginning
	after modifying persistent definition.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1437010

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Add validation for coldplug of individual vcpus
	Validate that users don't try to disable vcpu 0.

	qemu: hotplug: Clear vcpu ordering for coldplug of vcpus
	Vcpu order is required to stay sequential. Clear the order on cpu
	coldplug to avoid issues with removing vcpus out of sequence.

	qemu: hotplug: Fix formatting strings in qemuDomainFilterHotplugVcpuEntities
	'next' is declared as 'ssize_t' so use '%zd'

2017-04-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Iterate over vcpu 0 in individual vcpu hotplug code
	Buggy condition meant that vcpu0 would not be iterated in the checks.
	Since it's not hotpluggable anyways we would not be able to break the
	configuration of a live VM.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1437013

2017-04-04  Ján Tomko  <jtomko@redhat.com>

	news.rng: work around a bug in old libxml2
	Similar to commit c3c2cc6, use a literal newsline instead of \n
	inside the brackets.

2017-04-04  Erik Skultety  <eskultet@redhat.com>

	qemu: Add device id for mediated devices on qemu command line
	Like all devices, add the 'id' option for mdevs as well. Patch also
	adjusts the test accordingly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1438431

2017-04-03  John Ferlan  <jferlan@redhat.com>

	storage: Fix capacity value for LUKS encrypted volumes
	https://bugzilla.redhat.com/show_bug.cgi?id=1371892

	The 'capacity' value (e.g. guest logical size) for a LUKS volume is
	smaller than the 'physical' value of the file in the file system, so
	we need to account for that.

	When peeking at the encryption information about the volume add a fetch
	of the payload_offset which is described as the offset to the start of
	the volume data (in 512 byte sectors) in QEMU's QCryptoBlockLUKSHeader.

	Then adjust the ->capacity appropriately when we determine that the
	volume target encryption has a payload_offset value.

2017-04-03  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virNetDevIPCheckIPv6ForwardingCallback fixes
	Add check for more than one RTA_OIF, even though this is rather
	unlikely.

	Get rid of the buggy switch / break as this code won't need to
	handle more attributes.

	Use VIR_WARNINGS_NO_CAST_ALIGN to fix impossible to fix
	util/virnetdevip.c:560:17: error: cast increases required alignment of target type [-Werror=cast-align]

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	tests: Test ACPI, UEFI requirements
	Make sure every combination of ACPI and UEFI works, or fails to
	work, as expected.

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	qemu: Enforce ACPI, UEFI requirements
	Depending on the architecture, requirements for ACPI and UEFI can
	be different; more specifically, while on x86 UEFI requires ACPI,
	on aarch64 it's the other way around.

	Enforce these requirements when validating the domain, and make
	the error message more accurate by mentioning that they're not
	necessarily applicable to all architectures.

	Several aarch64 test cases had to be tweaked because they would
	have failed the validation step otherwise.

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	qemu: Advertise ACPI support for aarch64 guests
	So far, libvirt has assumed that only x86 supports ACPI,
	but that's inaccurate since aarch64 supports it too.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1429509

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	qemu: Remove redundant capabilities
	Now that the NO_ACPI and NO_HPET capabilities are set
	automatically by virQEMUCapsInitQMPBasicArch() if
	appropriate for the architecture, they shouldn't be
	used manually to avoid masking bugs.

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	tests: Initialize basic capabilities properly
	The capabilities used in test cases should match those used
	during normal operation for the tests to make any sense.

	This results in the generated command line for a few test
	cases (most notably non-x86 test cases that were wrongly
	assuming they could use -no-acpi) changing.

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	qemu: Split virQEMUCapsInitArchQMPBasic()
	Instead of having a single function that probes the
	architecture from the monitor and then sets a bunch of
	basic capabilities based on it, have a separate function
	for each part: virQEMUCapsInitQMPArch() only sets the
	architecture, and virQEMUCapsInitQMPBasicArch() only sets
	the capabilities.

	This split will be useful later on, when we will want to
	set basic capabilities from the test suite without having
	to go through the pain of mocking the monitor.

2017-04-03  Andrea Bolognani  <abologna@redhat.com>

	news: Allow empty <section> elements
	Creating dummy <change> elements was a workaround for the
	HTML DTD not allowing empty <ul> elements, but we can do
	better by tweaking the the XSLT stylesheet.

2017-04-01  Andrea Bolognani  <abologna@redhat.com>

	news: Remove handling of random HTML tags
	Now that the source file is validated against a schema that
	only allows the <code> HTML tag to be used, we can rely on
	that assumption to simplify our XSLT stylesheet.

2017-04-03  Peter Krempa  <pkrempa@redhat.com>

	storage: driver: Remove unavailable transient pools after restart
	If a transient storage pool is deemed inactive after libvirtd restart it
	would not be deleted from the list. Reuse virStoragePoolUpdateInactive
	along with a refactor necessary to properly update the state.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242801

2017-04-03  Peter Krempa  <pkrempa@redhat.com>

	storage: driver: Split out code fixing pool state after deactivation
	After a pool is made inactive the definition objects need to be updated
	(if a new definition is prepared) and transient pools need to be
	completely removed. Split out the code doing these steps into a separate
	function for later reuse.

2017-04-03  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Use correct stringifier for pool type
	When registering a storage poll backend, the code would use
	virStorageTypeToString instead of virStoragePoolTypeToString. The
	following message would be logged:

	virDriverLoadModuleFunc:71 : Lookup function 'virStorageBackendSCSIRegister'
	virStorageBackendRegister:174 : Registering storage backend '(null)'

2017-04-03  Peter Krempa  <pkrempa@redhat.com>

	schema: Introduce schema for the news.xml file
	Since this file gets changed (and broken) rather often, introduce a
	schema file so that the test suite can validate it.

	news: Introduce rules for the schema file and fix offending lines
	Add stricter rules for the news file and fix offending entries.

	tests: schema: Add possibility to validate individual files
	Sometimes it may be desired to validate individual files against a
	schema. Refactor the data structures to unify them and introduce a new
	macro DO_TEST_FILE(schema, xmlfile) which will test the XML file against
	the given schema file.

2017-04-03  Michal Privoznik  <mprivozn@redhat.com>

	Introduce and use virDomainDiskEmptySource
	Currently, if we want to zero out disk source (e,g, due to
	startupPolicy when starting up a domain) we use
	virDomainDiskSetSource(disk, NULL). This works well for file
	based storage (storage type file, dir, or block). But it doesn't
	work at all for other types like volume and network.

	So imagine that you have a domain that has a CDROM configured
	which source is a volume from an inactive pool. Because it is
	startupPolicy='optional', the CDROM is empty when the domain
	starts. However, the source element is not cleared out in the
	status XML and thus when the daemon restarts and tries to
	reconnect to the domain it refreshes the disks (which fails - the
	storage pool is still not running) and thus the domain is killed.

2017-04-03  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDiskDefForeachPath: Prefer virStorageSourceIsLocalStorage

2017-04-03  Michal Privoznik  <mprivozn@redhat.com>

	networkUpdateState: Create virMacMap module more frequently
	The virMacMap module is there for dumping [domain, <list of is
	MACs>] pairs into a file so that libvirt_guest NSS module can use
	it. Whenever a interface is allocated from network (e.g. on
	domain<F2> startup or NIC hotplug), network is notified and so is
	virMacMap module subsequently. The module update functions
	networkMacMgrAdd() and networkMacMgrDel() gracefully handle the
	case when there's no module. The problem is, the module is
	created if and only if network is freshly started, or if the
	daemon restarts and network previously had the module.

	This is not very user friendly - if users want to use the NSS
	module they need to destroy their network and bring it up again
	(and subsequently all the domains using it).

	One disadvantage of this approach implemented here is that one
	may get just partial results: any already running network does
	not record mac maps, thus only newly plugged domains will be
	stored in the module. The network restart scenario is not touched
	by this of course. But one can argue that older libvirts had
	never recorded the mac maps anyway.

2017-04-03  Michal Privoznik  <mprivozn@redhat.com>

	virGetDomain: Set domain ID too
	So far our code is full of the following pattern:

	  dom = virGetDomain(conn, name, uuid)
	  if (dom)
	      dom->id = 42;

	There is no reasong why it couldn't be just:

	  dom = virGetDomain(conn, name, uuid, id);

	After all, client domain representation consists of tuple (name,
	uuid, id).

2017-04-03  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump to 3.3.0

2017-04-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.2.0
	* docs/news.xml: update for release
	* po/*.po*: regenerated

2017-04-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve: fix typo
	USB tables -> USB tablet.

2017-03-31  Dawid Zamirski  <dzamirski@datto.com>

	hyperv: fixed typo in function name
	that is: s/hyperyVerifyResponse/hypervVerifyResponse/

2017-03-31  Jiri Denemark  <jdenemar@redhat.com>

	Document virDomainAbortJob behavior for post-copy migration
	https://bugzilla.redhat.com/show_bug.cgi?id=1389313

2017-03-31  Erik Skultety  <eskultet@redhat.com>

	admin: Throw a system error when 'open' fails on user-provided output
	There was an unhandled 'open' call which resulted in:

	"error: Library function returned error but did not set virError"

	Even if this happens during the daemon's start when we still don't have
	any set of outputs defined yet, we can safely report an error, since we
	automatically fallback to stderr which is fine even for both
	running as a daemonized process, since this happens before the daemon
	forks into the background, and running as a systemd service, since
	systemd re-directs std outputs to journald by default.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1436060

2017-03-31  Peter Krempa  <pkrempa@redhat.com>

	news: Add template for a <release> section
	After the release it's necessary to add a new <release> section for the
	upcoming release. Add a template so that it does not have to be
	compiled over and over again.

2017-03-30  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSnapshotPrepare: Don't always assume vm->def->os.loader
	In 9e2465834 a check that denies internal snapshots when pflash
	based loader is configured for the domain. However, if there's
	none and an user tries to do an internal snapshot they will
	witness daemon crash as in that case vm->def->os.loader is NULL
	and we dereference it unconditionally.

2017-03-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Check non-migratable host CPU features
	CPU features which change their value from disabled to enabled between
	two calls to query-cpu-model-expansion (the first with no extra
	properties set and the second with 'migratable' property set to false)
	can be marked as enabled and non-migratable in qemuMonitorCPUModelInfo.

	Since the code consuming qemuMonitorCPUModelInfo currently ignores the
	migratable flag, this change is effectively changing the CPU model
	advertised in domain capabilities to contain all features (even those
	which block migration). And this matches what we do for QEMU older than
	2.9.0, when we detect all CPUID bits ourselves without asking QEMU.

	As a result of this change

	    <cpu mode='host-model'>
	      <feature name='invtsc' policy='require'/>
	    </cpu>

	will work with all QEMU versions. Such CPU definition would be forbidden
	with QEMU >= 2.9.0 without this patch.

2017-03-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Check migratable host CPU features
	If calling query-cpu-model-expansion on the 'host'/'max' CPU model with
	'migratable' property set to false succeeds, we know QEMU is able to
	tell us which features would disable migration. Thus we can mark all
	enabled features as migratable.

	qemuMonitorCPUModelInfo: Add support for non-migratable features
	QEMU is able to tell us whether a CPU feature would block migration or
	not. This patch adds support for storing such features in
	qemuMonitorCPUModelInfo.

2017-03-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: document bhyve UEFI support
	 - Add a news entry
	 - Update the driver page with documentation of the new options
	   and some examples

2017-03-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Properly lookup top of chain in qemuDomainGetStorageSourceByDevstr
	When idx is 0 virStorageFileChainLookup returns the base (bottom) of the
	backing chain rather than the top. This is expected by the callers of
	qemuDomainGetStorageSourceByDevstr.

	Add a special case for idx == 0

2017-03-29  Ján Tomko  <jtomko@redhat.com>

	conf: do not steal pointers from the pool source
	Since commit fcbbb28 we steal the pointer to the storage pool
	source name if there was no pool name specified.

	Properly duplicate the string to avoid freeing it twice.

	https://bugzilla.redhat.com/show_bug.cgi?id=1436400

2017-03-29  Ján Tomko  <jtomko@redhat.com>

	schema: do not require name for certain pool types
	Pool types that have the VIR_STORAGE_POOL_SOURCE_NAME flag set
	allow omitting the <name> element and instead fill out the pool name
	from the <source><name> element.

	Relax the schema to make <name> optional for these pools.
	Expressing that at least one of these is required is out of scope
	of the schema.

2017-03-29  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetStats: Copy domain ID too
	One of the problems with our virGetDomain function is that it
	copies just domain name and domain UUID. Therefore it's very
	easy to forget aboud domain ID. This can cause some bugs, like
	virConnectGetAllDomainStats not reporting proper domain IDs.

2017-03-29  Michal Privoznik  <mprivozn@redhat.com>

	network: Don't crash on domain destroy
	https://bugzilla.redhat.com/show_bug.cgi?id=1434882

	Imagine the following scenario:

	1) virsh net-start default
	2) virsh start myFavouriteDomain
	3) virsh net-destroy default
	4) virsh destroy myFavouriteDomain

	(assuming myFavouriteDomain has an interface from default
	network)

	Regardless of how unlikely this scenario looks like, we should
	not crash. The problem is, on net-destroy in
	networkShutdownNetworkVirtual() the virMacMap module is unrefed,
	but the stale pointer is kept around. Thus when the domain
	destroy procedure comes in, networkReleaseActualDevice() and
	subsequently networkMacMgrDel() is called. This function sees the
	stale pointer and starts calling the virMacMap module APIs which
	work over freed memory.

2017-03-28  Peter Krempa  <pkrempa@redhat.com>

	news: Update after recent commits
	Mention the hyperv notifier and the new API to set block thresholds.

2017-03-28  John Ferlan  <jferlan@redhat.com>

	storage: Better describe logical pool creation/definition parameters
	https://bugzilla.redhat.com/show_bug.cgi?id=1398087

	Clean up the virsh man page description for --pool-create-as in order
	to better describe how the various arguments are used when creating
	(or defining) a logical pool.

2017-03-28  Ján Tomko  <jtomko@redhat.com>

	Revert "storage: Better describe logical pool creation/definition parameters"
	This reverts commit ca4515d2639057020c749470f390fe1f5981e91e
	which also included a functional change that broke logical storage pools
	not named after their volume groups.

2017-03-28  Jiri Denemark  <jdenemar@redhat.com>

	storage: Fix build on i686
	off_t is signed and it's size is the same as long only on 64b archs.
	Thus it cannot be formatted as %lu.

2017-03-28  Andrea Bolognani  <abologna@redhat.com>

	docs: Improve documentation related to memory locking

	tests: Introduce QEMU memory locking limit tests
	These tests cover a number of scenarios where we care about
	the memory locking limit being set correctly for the guest
	to work properly.

	tests: Introduce virTestCompareToULL()
	This will be used later on in the test suite.

2017-03-28  Andrea Bolognani  <abologna@redhat.com>

	process: Translate "unlimited" correctly
	The value we use internally to represent the lack of a memory
	locking limit, VIR_DOMAIN_MEMORY_PARAM_UNLIMITED, doesn't
	match the value setrlimit() and prlimit() use for the same
	purpose, RLIM_INFINITY, so we have to handle the translation
	ourselves.

	Partially-resolves: https://bugzilla.redhat.com/1431793

2017-03-28  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix memory locking limit calculation
	For guests that use <memoryBacking><locked>, our only option
	is to remove the memory locking limit altogether.

	Partially-resolves: https://bugzilla.redhat.com/1431793

2017-03-28  Andrea Bolognani  <abologna@redhat.com>

	qemu: Remove qemuDomainRequiresMemLock()
	Instead of having a separate function, we can simply return
	zero from the existing qemuDomainGetMemLockLimitBytes() to
	signal the caller that the memory locking limit doesn't need
	to be set for the guest.

	Having a single function instead of two makes it less likely
	that we will use the wrong value, which is exactly what
	happened when we started applying the limit that was meant
	for VFIO-using guests to <memoryBacking><locked>-using
	guests.

2017-03-28  Andrea Bolognani  <abologna@redhat.com>

	Revert "qemu: Forbid <memoryBacking><locked> without <memtune><hard_limit>"
	This reverts commit c2e60ad0e5124482942164e5fec088157f5e716a.

	Turns out this check is excessively strict: there are ways
	other than <memtune><hard_limit> to raise the memory locking
	limit for QEMU processes, one prominent example being
	tweaking /etc/security/limits.conf.

	Partially-resolves: https://bugzilla.redhat.com/1431793

2017-03-28  Jiri Denemark  <jdenemar@redhat.com>

	news: Fix typo in element name

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	news: Move recent bug fixes into 3.2.0 release
	Commits 29f7b5ea6a and 5edf9aaf54 pushed them incorrectly at the end of
	the file in the bug fixes section for libvirt 2.5.0.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	news: Make changes understandable for users
	When reading release notes, patch summary is not always the best
	description of what users can expect in new version.  I propose
	changing it slightly so that it describes what exactly happens and
	when.

	However, we do not have to add every single code change to the news
	file, that would be ridiculous and unreadable for users.  If the patch
	subject needs changes like this one, I'm rather tempted to say that
	such changes should not be in the news file at all.  So that would be
	the other way how to fix this.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Build vircaps2xmltest and requirements only on Linux
	The mock, as well as the test, is only available on Linux.  So skip
	building it everywhere else, especially when it fails on mingw.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Use stub for virNetDevGetName on mingw
	If if_indextoname is not defined, the whole function using it should
	not be defined either.  Add stub to fix build on mingw.

	Caused by 5dd607059d8a98e04024305ae4afbd038aadbdcd

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Free persistent def inside qemuMigrationCookieFree
	Creating a copy of the definition we want to add in a migration cookie
	makes the code cleaner and less prone to memory leaks or double free
	errors.

	qemu: Typedef migration cookie enums

	qemu: Fix formatting in qemu_migration_cookie.c

	qemu: Move migration cookies to a separate file

	news: Add support for setting TSC frequency

2017-03-27  John Ferlan  <jferlan@redhat.com>

	docs: Add news article for logical pool-create-as

2017-03-27  John Ferlan  <jferlan@redhat.com>

	storage: Better describe logical pool creation/definition parameters
	https://bugzilla.redhat.com/show_bug.cgi?id=1398087

	Clean up the virsh man page description for --pool-create-as in order
	to better describe how the various arguments are used when creating
	(or defining) a logical pool.

	Also modify the storage pool XML parsing algorithm to check for the
	mismatched "name" and "source-name".

2017-03-27  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Move the positional --print-xml for pool-{define|create}-as
	Move the --print-xml to the end of the qualifiers since it's not
	properly positionally situated for both --pool-create-as and --pool-define-as
	and could be miscontrued as being the 3rd positional argument.

2017-03-27  John Ferlan  <jferlan@redhat.com>

	conf: Set defaultFormat if no storage source XML present
	While parsing if the storage source is not present, then a defaultFormat
	was not set. This could lead to oddities such as seeing "unknown" format
	in output for the "logical" pool even though the only format the pool could
	support would be "lvm2".

	This does "put a label" on other pool defaults as follows:

	   File System: FS_AUTO
	   Network File System: NETFS_AUTO
	   Disk: UNKNOWN

	Each of which is the "0" value for their respective pools and thus
	would be no "real" change.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Allow migration with invtsc if tsc frequency is set
	Migration with invtsc is allowed by QEMU as long as TSC frequency is
	explicitly specified.

	qemu: Use virCPUCheckFeature in qemuMigrationIsAllowed

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for setting TSC frequency
	QEMU allows for TSC frequency to be explicitly set to enable migration
	with invtsc (migration fails if the destination QEMU cannot set the
	exact same frequency used when starting the domain on the source host).

	Libvirt already supports setting the TSC frequency in the XML using

	    <clock>
	      <timer name='tsc' frequency='1234567890'/>
	    </clock>

	which will be transformed into

	    -cpu Model,tsc-frequency=1234567890

	QEMU command line.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix XML parser for timer frequency
	The frequency is documented and formatted as an attribute of the <timer>
	element rather than a nested <frequency> element expected by the parser.
	Luckily enough, timer frequency has not been used by any driver so far.
	And users were not able to set it in the XML either.

2017-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virmdev: fix build on non-Linux
	 - Make virMediatedDeviceNew() stub args match its prototype
	 - Fix typo: virRerportError -> virReportError
	 - Move MDEV_SYSFS_DEVICES definition out of the #ifdef __linux__ block
	   so we don't have to stub virMediatedDeviceGetSysfsPath()

	netdev: fix build on non-Linux
	Fix typo: virNetDevVLanPtr -> virNetDevVlanPtr.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix build on FreeBSD

2017-03-27  John Ferlan  <jferlan@redhat.com>

	news: Add logical overwrite

2017-03-27  John Ferlan  <jferlan@redhat.com>

	logical: Need to overwrite/clear more than just first 512 bytes
	https://bugzilla.redhat.com/show_bug.cgi?id=1430679

	As it turns out some file headers (e.g. ext4) may be larger/longer than
	the 512 bytes of zeros being written prior to a pvcreate, so let's write
	out 2048 bytes similar to how the pvcreate sources would peek at the first
	4 sectors of the device.

	Make sure there is at enough bytes on the device to clear before doing
	doing the clear - just to be sure.

2017-03-27  John Ferlan  <jferlan@redhat.com>

	util: Remove NONNULL from virHostdevReAttachMediatedDevices
	Causes build failure when enabling static analysis

	news: Add <change> lost in merge
	Ensure to insert </change> <change> between items - lost during merge
	resolution.

2017-03-27  Laine Stump  <laine@laine.org>

	network: better validation of devices in hostdev network pool
	This adds a few validations to the devices listed for a hostdev network:

	* devices must be listed by PCI address, not by netdev name

	* listing a device by PCI address is valid only for hostdev networks, not
	  for other types of network (e.g. macvtap passthrough).

	* each device in a hostdev pool must be an SR-IOV VF

	Resolves: https://bugzilla.redhat.com/1004676

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Expose Linux symbols only on Linux

	virhostcpu: Make only defined symbols available
	That way you get the error from the compiler before the linker.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	virhostcpu: Expose virHostCPUGetOnline on non-Linux
	Previously, this function must've been called only on Linux in order
	to fail gracefully.  That lead to #ifdef mess in callers, so the
	function was redesigned so it failed gracefully on non-existing
	files.  However that commit forgot to define the function outside the
	__linux__ ifdef, it broke non-Linux builds.

	Caused by c67e04e25fa58104e0fae41f5b874a8067557073.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: Properly dereference cpus pointer in virnumamock.c

2017-03-27  Ján Tomko  <jtomko@redhat.com>

	virsh: reject more negative numbers
	Be more positive and reject negative numbers where we don't
	allow them by using the virStrToLong variants with 'p'.

	https://bugzilla.redhat.com/show_bug.cgi?id=1436119

2017-03-27  Ján Tomko  <jtomko@redhat.com>

	storage: reject negative capacity
	https://bugzilla.redhat.com/show_bug.cgi?id=1436119

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix syntax check in VPATH
	Matching the beginning of a path in syntax check does not work because
	each path is enriched with a prefix of the source tree.

	build: Fix sc_prohibit_exit_in_tests syntax check
	This check makes sense only in *.c files.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Add tests for virCPUUpdateLive API
	The test takes

	  x86-cpuid-Something-guest.xml CPU (the CPU libvirt would use for
	    host-model on a CPU described by x86_64-cpuid-Something.xml without
	    talking to QEMU about what it supports on the host)

	and updates it according to CPUID data from QEMU:

	  x86_64-cpuid-Something-enabled.xml (reported as "feature-words"
	    property of the CPU device)

	and

	  x86_64-cpuid-Something-disabled.xml (reported as "filtered-features"
	    property of the CPU device).

	The result is compared to

	  x86_64-cpuid-Something-json.xml (the CPU libvirt would use as
	    host-model based on the reply from query-cpu-model-expansion).

	The comparison is a bit tricky because the *-json.xml CPU contains fewer
	disabled features. Only the features which are included in the base CPU
	model, but listed as disabled in *.json will be disabled in *-json.xml.
	The CPU computed by virCPUUpdateLive from the test data will list all
	features present in the host's CPUID data and not enabled in *.json as
	disabled. The cpuTestUpdateLiveCompare function checks that the computed
	and expected sets of enabled features match.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Disable "cmt" feature unknown to QEMU
	All CPU features which QEMU does not know about but libvirt knows them
	(currently "cmt" is the only one) are implicitly disabled by QEMU and
	should be present in x86_64-cpuid-*-disabled.xml.

	cputest: Disable TSX on broken models
	Commit v3.1.0-26-gd60012b4e started filtering hle and rtm features from
	broken Intel Haswell CPUs. QEMU implemented similar functionality and
	thus it doesn't report rtm and hle features as enabled for Core i5-4670T
	CPU anymore.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Generate data for virCPUUpdateLive
	Generated with

	    (cd tests/cputestdata; ./cpu-cpuid.py diff x86_64-cpuid-*.json)

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Add "diff" command to cpu-cpuid.py
	The new command can be used to generate test data for virCPUUpdateLive.

	When "cpu-cpuid.py diff x86-cpuid-Something.json" is run, it reads raw
	CPUID data stored in x86-cpuid-Something.xml and CPUID data from QEMU
	stored in x86-cpuid-Something.json to produce two more CPUID files:
	x86-cpuid-Something-enabled.xml and x86-cpuid-Something-disabled.xml.

	- x86-cpuid-Something-enabled.xml will contain CPUID bits present in
	    x86-cpuid-Something.json (i.e., enabled by QEMU for the "host" CPU)

	- x86-cpuid-Something-disabled.xml will contain all CPUID bits from
	    x86-cpuid-Something.xml which are not present in
	    x86-cpuid-Something.json (i.e., CPUID bits which the host CPU
	    supports, but QEMU does not enable them for the "host" CPU)

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Add cpuidLeaf helper to cpu-cpuid.py

	cputest: Add cpuidIsSet helper to cpu-cpuid.py

	cputest: Rename cpu-convert.py script as cpu-cpuid.py
	The new script is going to be more general and the original
	functionality can be requested by "cpu-cpuid.py convert".

	cputest: Move instantiation of JSONDecoder in cpu-convert.py
	Let's make the object local to the parseFeatureWords function which uses
	it.

	cpu: Do not pass virConnectBaselineCPUFlags to cpuBaseline
	The public API flags are handled by the cpuBaselineXML wrapper. The
	internal cpuBaseline API only needs to know whether it is supposed to
	drop non-migratable features.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Move feature expansion out of cpuBaseline
	cpuBaseline is responsible for computing a baseline CPU while feature
	expansion is done by virCPUExpandFeatures. The cpuBaselineXML wrapper
	(used by hypervisor drivers to implement virConnectBaselineCPU API)
	calls cpuBaseline followed by virCPUExpandFeatures if requested by
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES flag.

	The features in the three changed test files had to be sorted using
	"sort -k 3" because virCPUExpandFeatures returns a sorted list of
	features.

2017-03-27  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Drop unused flags from cpuArchDecode

	cpu: Introduce virCPUExpandFeatures
	Having to use cpuBaseline with VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
	flag to expand CPU features is strange. Not to mention that cpuBaseline
	can only expand host CPU definitions (i.e., it completely ignores
	feature policies). The new virCPUExpandFeatures API is designed to work
	with both host and guest CPU definitions.

	cpu_conf: Introduce virCPUDefFreeFeatures

2017-03-27  Laine Stump  <laine@laine.org>

	docs: make interface start mode element optional
	This brings the libvirt version of this RNG file in line with the same
	file in netcf (as soon as the corresponding patch there is ACKed and
	pushed).

	There's no reason to require it when defining an interface (the config
	option it corresponds to is optional), and it isn't even output in the
	status of an interface.

	Resolves: https://bugzilla.redhat.com/1414404

2017-03-27  Laine Stump  <laine@laine.org>

	conf: validate that PCI controller index is < 256
	This is the maximum for many reasons, for starters because index ==
	bus number, and a controller's bus number is 8 bits.

	This incidentally resolves: https://bugzilla.redhat.com/1329090

2017-03-27  Laine Stump  <laine@laine.org>

	util: rename virHostdevNetConfigRestore() to virHostdevRestoreNetConfig()

2017-03-27  Laine Stump  <laine@laine.org>

	util: log all setting of MAC addresses and vlan tags
	Having this information available will make it easier to determine the
	culprit when MAC or vlan tag appear to not be set, eg.:

	  https://bugzilla.redhat.com/1364073

	(This patch doesn't fix that bug, just makes it easier to diagnose)

2017-03-27  Laine Stump  <laine@laine.org>

	util: try *really* hard to set the MAC address of an SRIOV VF
	If an SRIOV VF has previously been used for VFIO device assignment,
	the "admin MAC" that is stored in the PF driver's table of VF info
	will have been set to the MAC address that the virtual machine wanted
	the device to have. Setting the admin MAC for a VF also sets a flag in
	the PF that is loosely called the "administratively set" flag. Once
	that flag is set, it is no longer possible for the net driver of the
	VF (either on the host or in a virtual machine) to directly set the
	VF's MAC again; this flag isn't reset until the *PF* driver is
	restarted, and that requires taking *all* VFs offline, so it's not
	really feasible to do.

	If the same SRIOV VF is later used for macvtap passthrough mode, the
	VF's MAC address must be set, but normally we don't unbind the VF from
	its host net driver (since we actually need the host net driver in
	this case). Since setting the VF MAC directly will fail, in the past
	"we" ("I") had tried to fix the problem by simply setting the admin MAC
	(via the PF) instead. This *appeared* to work (and might have at one
	time, due to promiscuous mode being turned on somewhere or something),
	but it currently creates a non-working interface because only the
	value for admin MAC is set to the desired value, *not* the actual MAC
	that the VF is using.

	Earlier patches in this series reverted that behavior, so that we once
	again set the MAC of the VF itself for macvtap passthrough operation,
	not the admin MAC. But that brings back the original bug - if the
	interface has been used for VFIO device assignment, you can no longer
	use it for macvtap passthrough.

	This patch solves that problem by noticing when virNetDevSetMAC()
	fails for a VF, and in that case it sets the desired MAC to the admin
	MAC via the PF, then "bounces" the VF driver (by unbinding and the
	immediately rebinding it to the VF). This causes the VF's MAC to be
	reinitialized from the admin MAC, and everybody is happy (until the
	*next* time someone wants to set the VF's MAC address, since the
	"administratively set" bit is still turned on).

2017-03-27  Laine Stump  <laine@laine.org>

	util: if setting admin MAC to 00:00:00:00:00:00 fails, try 02:00:00:00:00:00
	Some PF drivers allow setting the admin MAC (that is the MAC address
	that the VF will be initialized to the next time the VF's driver is
	loaded) to 00:00:00:00:00:00, and some don't. Multiple drivers
	initialize the admin MACs to all 0, but don't allow setting it to that
	very same value. It has been an uphill battle convincing the driver
	people that it's reasonable to expect The argument that's used is
	that an all 0 device MAC address on a device is invalid; however, from
	an outsider's point of view, when the admin MAC is set to 0 at the
	time the VF driver is loaded, the VF's MAC is *not* set to 0, but to a
	random non-0 value. But that's beside the point - even if I could
	convince one or two SRIOV driver maintainers to permit setting the
	admin MAC to 0, there are still several other drivers.

	So rather than fighting that losing battle, this patch checks for a
	failure to set the admin MAC due to an all 0 value, and retries it
	with 02:00:00:00:00:00. That won't result in a random value being set
	in the VF MAC at next VF driver init, but that's okay, because we
	always want to set a specific value anyway. Rather, the "almost 0"
	setting makes it easy to visually detect from the output of "ip link
	show" which VFs are currently in use and which are free.

2017-03-27  Laine Stump  <laine@laine.org>

	util: remove unused functions from virnetdev.c
	The global functions virNetDevReplaceMacAddress(),
	virNetDevReplaceNetConfig(), virNetDevRestoreMacAddress(), and
	virNetDevRestoreNetConfig() are no longer used, as their functionality
	has been replaced by virNetDev(Save|Read|Set)NetConfig().

	The static functions virNetDevReplaceVfConfig() and
	virNetDevRestoreVfConfig() were only used by the above-named global
	functions that were removed.

2017-03-27  Laine Stump  <laine@laine.org>

	util: after hostdev assignment, restore VF MAC address via setting admin MAC
	It takes longer to explain this than to fix it...

	In the past we weren't able to save the VF's own MAC address *at all*
	when using it for hostdev assignment, because we had already unbound
	the VF from the host net driver prior to saving its config. With the
	previous patch, that problem has been solved, so we now have the VF's
	MAC address saved and can move on to the *next* problem, which is twofold:

	1) during teardown we restore the config before we've re-bound, so the
	   VF doesn't have a net driver, and thus we can't set its MAC address
	   directly.

	2) even if we delay restoring the config until the VF is bound to a
	   net driver, the request to set its MAC address would fail, since
	   (during device setup) we had set the "admin MAC" for the VF via an
	   RTM_SETLINK to the PF - once you've set the admin MAC for a VF, the
	   VF driver (either on host or on guest) is not allowed to change the
	   VF's MAC address "forever" (well, until you reload the PF driver,
	   but that requires destroying and recreating every single VF, which
	   isn't something you can require).

	The solution is to keep the restoration of config at the same place,
	but to set the *admin MAC* to the address you want the VF to have -
	when the VF net driver is later initialized (as a part of re-binding
	to the VF net driver) its MAC will be initialized to the current value
	of the admin MAC.

2017-03-27  Laine Stump  <laine@laine.org>

	util: save hostdev network device config before unbinding from host driver
	In order to properly restore the original state of an SRIOV VF when
	we're finished with it, we need to save the MAC address of the VF
	itself (not just the admin MAC address for the VF that is stored in
	the PF). But that can only be done when the VF is still bound to the
	host's netdev driver, and we have always done the saving of device
	config after the VF is already bound to vfio-pci. This patch prepares
	us for adding a save of the VF's MAC by calling the function that
	saves netconfig earlier in the device preparation, before we've
	unbound it from the host netdev driver.

	util: replace virHostdevNetConfigReplace with ...(Save|Set)NetConfig()
	These two operations will need to be separated so that saving of the
	original config is done before detaching the host net driver, and
	setting the new config is done after attaching vfio-pci. This patch
	splits the single function into two, but for now calls them together
	(to make bisecting easier if there is a regression).

2017-03-27  Laine Stump  <laine@laine.org>

	util: use new virNetDev*NetConfig() functions for hostdev setup/teardown
	virHostdevNetConfigReplace() and virHostdevNetConfigRestore() are
	modified to use the new virNetDev*NetConfig() functions.

	Note that due to the VF's original MAC addresses being saved after it
	has already been un-bound from the host net driver, the actual current
	VF MAC address won't be saved (because it no longer exists) - only the
	"admin MAC" will be saved. This reflects existing behavior that will
	be fixed in an upcoming patch.

2017-03-27  Laine Stump  <laine@laine.org>

	util: use new virNetDev*NetConfig() functions for macvtap setup/teardown
	This patch modifies the macvtap passthrough setup to use
	virNetDevSaveNetConfig()+virNetDevSetConfig() instead of
	virNetDevReplaceNetConfig() or virNetDevReplaceMacAddress(), and the
	teardown to use virNetDevReadNetConfig()+virNetDevSetConfig() instead
	of virNetDevRestoreNetConfig() or virNetDevRestoreMacAddress().

	Since the older functions only saved/restored the admin MAC and vlan
	tag (which is incorrect) and the new functions save/restore the VF's
	own MAC address and vlan tag (correct), this actually fixes a bug
	(which was introduced by commit cb3fe38c7, which was itself supposed
	to be a fix for https://bugzilla.redhat.com/1113474 ).

	The downside to this patch is that it causes an *apparent* regression
	in that bug (because there will once again be an error reported if the
	interface had previously been used for VFIO device assignment), but in
	reality, the code hasn't been working for *any* case before this
	current patch (at least not with any recent kernel). Anyway, that
	"regression" will be fixed with an upcoming patch that fixes it the
	*right* way.

2017-03-27  Laine Stump  <laine@laine.org>

	util: new functions virNetDev(Save|Read|Set)NetConfig()
	These three functions are destined to replace
	virNetDev(Replace|Restore)NetConfig() and
	virNetDev(Replace|Restore)MacAddress(), which both do the save and set
	together as a single step. We need to separate the save, read, and set
	steps because there will be situations where we need to do something
	else in between (in particular, we will need to rebind a VF's driver
	after save but before set).

	This patch creates the new functions, but doesn't call them - that
	will come in a subsequent patch. Note that the new functions to
	read/write the file that stores the original network config now uses
	JSON rather than plaintext (it still recognizes the old format as well
	though, so it won't get confused during an upgrade).

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Log additional data from hyperv crash notifier
	The hyperv panic notifier reports additional data in form of 5 registers
	that are reported in the crash event from qemu. Log them into the VM log
	file and report them as a warning so that admins can see the cause of
	crash of their windows VMs.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1426176

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract additional info from GUEST_PANICKED event
	For certain kinds of panic notifiers (notably hyper-v) qemu is able to
	report some data regarding the crash passed from the guest.

	Make the data accessible to the callback in qemu so that it can be
	processed further.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Fix formatting in processGuestPanicEvent

	qemu: driver: Remove useless forward declarations

2017-03-27  Erik Skultety  <eskultet@redhat.com>

	news: Update our NEWS file about addition of the mdevs

	docs: Document the new hostdev type 'mdev'

	test: Add some test cases for our test suite regarding the mdevs
	For now, these only cover the unmanaged, i.e. user pre-created devices.

	qemu: Format mdevs on qemu command line
	Format the mediated devices on the qemu command line as
	-device vfio-pci,sysfsdev='/path/to/device/in/syfs'.

	qemu: Bump the memory locking limit for mdevs as well
	Since mdevs are just another type of VFIO devices, we should increase
	the memory locking limit the same way we do for VFIO PCI devices.

	qemu: cgroup: Adjust cgroups' logic to allow mediated devices
	As goes for all the other hostdev device types, grant the qemu process
	access to /dev/vfio/<mediated_device_iommu_group>.

	hostdev: Maintain a driver list of active mediated devices
	Keep track of the assigned mediated devices the same way we do it for
	the rest of hostdevs. Methods like 'Prepare', 'Update', and 'ReAttach'
	are introduced by this patch.

	qemu: Assign PCI addresses for mediated devices as well
	So far, the official support is for x86_64 arch guests so unless a
	different device API than vfio-pci is available let's only turn on
	support for PCI address assignment. Once a different device API is
	introduced, we can enable another address type easily.

	conf: Enable cold-plug of a mediated device
	This merely introduces virDomainHostdevMatchSubsysMediatedDev method that
	is supposed to check whether device being cold-plugged does not already
	exist in the domain configuration.

	security: Enable labeling of vfio mediated devices
	This patch updates all of our security driver to start labeling the
	VFIO IOMMU devices under /dev/vfio/ as well.

2017-03-27  Erik Skultety  <eskultet@redhat.com>

	conf: Introduce new hostdev device type mdev
	A mediated device will be identified by a UUID (with 'model' now being
	a mandatory <hostdev> attribute to represent the mediated device API) of
	the user pre-created mediated device. We also need to make sure that if
	user explicitly provides a guest address for a mdev device, the address
	type will be matching the device API supported on that specific mediated
	device and error out with an incorrect XML message.

	The resulting device XML:
	<devices>
	  <hostdev mode='subsystem' type='mdev' model='vfio-pci'>
	    <source>
	      <address uuid='c2177883-f1bb-47f0-914d-32a22e3a8804'>
	    </source>
	  </hostdev>
	</devices>

2017-03-27  Erik Skultety  <eskultet@redhat.com>

	util: Introduce new module virmdev
	Beside creation, disposal, getter, and setter methods the module exports
	methods to work with lists of mediated devices.

	conf: Introduce virDomainHostdevDefPostParse
	Just to make the code a bit cleaner, move hostdev specific post parse
	code to its own function just in case it grows in the future.

	conf: hostdev: Introduce virDomainHostdevSubsysSCSIClear
	Just a tiny wrapper over the SCSI def clearing logic to drop some
	if-else branches from a switch, mainly because extending the switch in
	the future would render the current code with branching less readable.

	conf: hostdev: Enforce enum-in-switch compile-time checks
	Enforce virDomainHostdevSubsysType checking during compilation. Again,
	one of a few spots in our code where we should enforce the typecast to
	the enum type, thus not forgetting to update *all* switch occurrences
	dealing with the give enum.

2017-03-27  Eric Blake  <eblake@redhat.com>

	util: fix build on RHEL 6
	We keep forgetting that older setups don't like 'index':

	  CC     util/libvirt_util_la-virsysinfo.lo
	cc1: warnings being treated as errors
	util/virstoragefile.c: In function 'virStorageSourceFindByNodeName':
	util/virstoragefile.c:3804: error: declaration of 'index' shadows a global declaration [-Wshadow]
	/usr/include/string.h:489: error: shadowed declaration is here [-Wshadow]

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: Enhance vircaps2xml test
	Instead of generating all of the capabilities, let's test more of our
	code by probing sysfs data.  This test needs quite some mocking for
	now, but it paves the road for more future enhancements (hugepages
	probing, for example).

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add virnumamock
	All mocked functions are related to numactl/virNuma and rely only on
	virsysfs, so the paths they touch can be nicely controlled.  And
	because it is so nicely self-contained NUMA mock, it is named
	numamock (instead of naming it after the test that will use it first).

	We need top level API mock because some APIs might call libnuma
	directly, e.g. virNumaIsAvailable(), virNumaGetMaxNode().

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add linux-caches sysfs entries for vircaps2xmltest
	Bit more test data, this time with complete info copied, mainly with
	cache information, so we can easily add tests for it.

	tests: Add sysfs node/cpu topology for the only vircaps2xml testcase
	We'll stop generating the data on the fly, but rather test more of our
	APIs.

	Change virQEMUCapsInitPages to virCapabilitiesInitPages
	This way more drivers can utilize the functionality without copying
	the code.  And we can therefore test it in one place for all of them.

	util: Fix naming in util/virnodesuspend
	That file has only two exported files and each one of them has
	different naming.  virNode is what all the other files use, so let's
	use it.  It wasn't used before because the clash with public API
	naming, so let's fix that by shortening the name (there is no other
	private variant of it anyway).

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Remove src/nodeinfo
	There is no "node driver" as there was before, drivers have to do
	their own ACL checking anyway, so they all specify their functions and
	nodeinfo is basically just extending conf/capablities.  Hence moving
	the code to src/conf/ is the right way to go.

	Also that way we can de-duplicate some code that is in virsysfs and/or
	virhostcpu that got duplicated during the virhostcpu.c split.  And
	Some cleanup is done throughout the changes, like adding the vir*
	prefix etc.

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Move src/fdstream to src/util/virfdstream
	There is no reason for it not to be in the utils, all global symbols
	under that file already have prefix vir* and there is no reason for it
	to be part of DRIVER_SOURCES because that is just a leftover from
	older days (pre-driver modules era, I believe).

	util: Adapt virhostcpu to the new virsysfs
	While on that, drop support for kernels from RHEL-5 era (missing
	cpu/present file).  Also add some useful functions and export them.

	util: Add virsysfs for handling sysfs files
	By using this we are able to easily switch the sysfs path being
	used (fake it).  This will not only help tests in the future but can
	be also used from files where the code is duplicated currently.

	tests: Add cpu/{online,present} files for old tests
	The functionality these tests partially relied on (scanning the cpu
	directory for cpu[0-9]+ subdirectories) is going to be removed, so we
	need additional files that are present on all non-medieval systems.
	Removing all these tests would be an option but we would lose the
	ability to test the topologies.  Even though we just extract number of
	sockets/cores/threads from all these directory trees.

	virfile: Add helpers for reading simple values
	These helpers are doing just a read and covert the value, but they
	properly size the read limit, handle additional whitespace characters,
	and unify error reporting.

	tests: Remove some unneeded files
	We are not using them at all and the directories are missing bunch of
	files already.

	openvz: Ditch openvzGetNodeCPUs
	There is particular function for this, there is no need to build whole
	nodeinfo for it.

	Separate syms based on files they are defined in
	Commits eaf18f4c2bf1 and 86dd9fac0f1d separated util/host{cpu,mem}
	stuff from nodeinfo, but did not adjust the syms file.

	vz: Do not use magic constants when building capabilities

	tests: Fix indentation in virhostcputest

	syms: Add one newline to make things consistent
	It is everywhere else.  I even remember one of our scripts failing if
	the newline is missing, but it doesn't happen currently.

	cpu: Don't use prefixes for no reason

	vmware: Fix some initialization problems
	Don't leak guest if adding it to virCapabilities fails.  Also return
	NULL and not pointer to free'd object with zero references in such
	case.

	Expose virCapabilitiesFreeGuest
	Guests are handled in callers, but if something goes wrong (when it
	cannot be added to virCapabilities, for example), there's no way for
	them to free it properly.

	Introduce virCPUProbeHost
	Both QEMU and bhyve are using the same function for setting up the CPU
	in virCapabilities, so de-duplicate it, save code and time, and help
	other drivers adopt it.

	Add virNumaGetNodeCPUs to private syms

2017-03-27  Martin Kletzander  <mkletzan@redhat.com>

	Fix build with GCC's static analysis
	STREQ_NULLABLE returns true if both parameters are NULL.  And that's
	not what we want here.  We just want to skop comparing source nodes
	that don't have that info set.  The function wouldn't make much sense
	with nodeName == NULL, so we don't need to check that.  Moreover, the
	function's declaration uses ATTRIBUDE_NONNULL for nodeName, which not
	only means that function expects the parameter not to be NULL, but
	actually tells the compiler that it can optimize out the NULL checks.
	That way it could end up calling strcmp on NULL (either nodeformat or
	nodebacking).  GCC figures this out if libvirt is compiled with
	lv_cv_static_analysis=yes, unfortunately not everyone uses that.

	Caused by cbc6d53513568c9c9613b3eaae1c8a8230fd6aab.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: stats: Display the block threshold size in bulk stats
	Management tools may want to check whether the threshold is still set if
	they missed an event. Add the data to the bulk stats API where they can
	also query the current backing size at the same time.

	qemu: block: Add code to fetch block node data by node name
	To allow updating stats based on the node name, add a helper function
	that will fetch the required data from 'query-named-block-nodes' and
	return it in hash table for easy lookup.

	util: json: Make function to free JSON values in virHash universal
	Move the helper that frees JSON entries put into hash tables into the
	JSON module so that it does not have to be reimplemented.

	qemu: block: Add code to detect node names when necessary
	Detect the node names when setting block threshold and when reconnecting
	or when they are cleared when a block job finishes. This operation will
	become a no-op once we fully support node names.

	qemu: monitor: Extract the top level format node when querying disks
	To allow matching the node names gathered via 'query-named-block-nodes'
	we need to query and then use the top level nodes from 'query-block'.
	Add the data to the structure returned by qemuMonitorGetBlockInfo.

	tests: qemumonitorjson: Test node name detection on networked storage

	tests: qemumonitorjson: Add relative image names for node name detection
	oVirt uses relative names with directories in them. Test such
	configuration. Also tests a snapshot done with _REUSE_EXTERNAL and a
	relative backing file pre-specified in the qcow2 metadata.

	tests: qemumonitorjson: Add case for two disks sharing a backing image
	Since we have to match the images by filename a common backing image
	will break the detection process. Add a test case to see that the code
	correctly did not continue the detection process.

	tests: qemumonitorjson: Add long backing chain test case for node name detection

	tests: qemumonitorjson: Add test case for node name detection code
	The code is rather magic so a test case will help making sure that
	everything works well. The first case is a simple backing chain.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: Add code to allow detection of auto-allocated node names
	qemu for some time already sets node names automatically for the block
	nodes. This patch adds code that attempts a best-effort detection of the
	node names for the backing chain from the output of
	'query-named-block-nodes'. The only drawback is that the data provided
	by qemu needs to be matched by the filename as seen by qemu and thus
	if two disks share a single backing store file the detection won't work.

	This will allow us to use qemu commands such as
	'block-set-write-threshold' which only accepts node names.

	In this patch only the detection code is added, it will be used later.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add monitor infrastructure for query-named-block-nodes
	Add monitor tooling for calling query-named-block-nodes. The monitor
	returns the data as the raw JSON array that is returned from the
	monitor.

	Unfortunately the logic to extract the node names for a complete backing
	chain will be so complex that I won't be able to extract any meaningful
	subset of the data in the monitor code.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: add capability for query-named-block-nodes qmp cmd

	qemu: implement qemuDomainSetBlockThreshold
	Add code to call the appropriate monitor command and code to lookup the
	given disk backing chain member.

	qemu: domain: Add helper to look up disk soruce by the backing store string

	virsh: Implement 'domblkthreshold' command to call virDomainSetBlockThreshold
	Add a simple wrapper which will allow to set the threshold for
	delivering the event.

	lib: Add API for setting the threshold size for VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD
	The new API can be used to configure the threshold when
	VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD should be fired.

	qemu: process: Wire up firing of the VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD event
	Bind it to qemu's BLOCK_WRITE_THRESHOLD event. Look up the disk by
	nodename and construct the string to return.

	qemu: domain: Add helper to generate indexed backing store names
	The code is currently simple, but if we later add node names, it will be
	necessary to generate the names based on the node name. Add a helper so
	that there's a central point to fix once we add self-generated node
	names.

	qemu: domain: Add helper to lookup disk by node name
	Looks up a disk and its corresponding backing chain element by node
	name.

	qemu: monitor: Add support for BLOCK_WRITE_THRESHOLD event
	The event is fired when a given block backend node (identified by the
	node name) experiences a write beyond the bound set via
	block-set-write-threshold QMP command. This wires up the monitor code to
	extract the data and allow us receiving the events and the capability.

	lib: Introduce event for tracking disk backing file write threshold
	When using thin provisioning, management tools need to resize the disk
	in certain cases. To avoid having them to poll disk usage introduce an
	event which will be fired when a given offset of the storage is written
	by the hypervisor. Together with the API which will be added later, it
	will allow registering thresholds for given storage backing volumes and
	this event will then notify management if the threshold is exceeded.

	util: storage: Add variables for node names into virStorageSource
	'nodeformat' should be used for strings which describe the storage
	format object, and 'nodebacking' for the actual storage object itself.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Split out useful bits of virStorageFileParseChainIndex
	The function has very specific semantics. Split out the part that parses
	the backing store specification string into a separate helper so that it
	can be reused later while keeping the wrapper with existing semantics.

	Note that virStorageFileParseChainIndex is pretty well covered by the
	test suite.

2017-03-27  Peter Krempa  <pkrempa@redhat.com>

	util: buffer: Add API to set indentation level to a given value
	It will be useful to set indentation level to 0 after formatting a
	nested structure rather than having to track the depth.

	qemu: driver: Don't call qemuDomainDetermineDiskChain on block jobs
	Our code calls it when starting or re-starting the domain or when
	hotplugging the disk so there's nothing to be detected.

2017-03-26  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add xhci tablet support
	Along with video and VNC support, bhyve has introduced USB tablet
	support as an input device. This tablet is exposed to a guest
	as a device on an XHCI controller.

	At present, tablet is the only supported device on the XHCI controller
	in bhyve, so to make things simple, it's allowed to only have a
	single XHCI controller with a single tablet device.

	In detail, this commit:

	 - Introduces a new capability bit for XHCI support in bhyve
	 - Adds an XHCI controller and tabled support with 1:1 mapping
	   between them
	 - Adds a couple of unit tests

2017-03-26  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: helper function to probe hypervisor caps
	There are a number of functions in bhyve_capabilities.c that probe
	hypervisor capabilities by executing the bhyve(1) binary with the
	specific device arugment, checking error message (if any) and setting
	proper capability bit. As those are extremely similar, move this logic
	into a helper function and convert existing functions to use that.

	domaincapstest: add bhyve caps test
	 * Extract filling bhyve capabilities from virBhyveDomainCapsBuild()
	   into a new function virBhyveDomainCapsFill() to make testing
	   easier by not having to mock firmware directory listing and
	   hypervisor capabilities probing
	 * Also, just presence of the firmware files is not sufficient
	   to enable os.loader.supported, hypervisor should support UEFI
	   boot too
	 * Add tests to domaincapstest for the main caps possible flows:
	    - when UEFI bootrom is supported
	    - when video (fbus) is supported
	    - neither of above is supported

	schema: domaincaps: make machine element optional
	Commit df769041c made the 'machine' element in domaincaps
	optional. Update the schema to reflect that.

2017-03-26  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: fix build with clang
	qemuMigrationResetTLS() does not initialize 'ret' by default,
	so when it jumps to 'cleanup' on error, the 'ret' variable will be
	uninitialized, which clang complains about.

	Set it to '-1' by default.

2017-03-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virpci: fix build on non-Linux
	virPCIGetDeviceAddressFromSysfsLink() should return
	virPCIDeviceAddressPtr, so return NULL in the stub instead of "-1".

2017-03-25  John Ferlan  <jferlan@redhat.com>

	docs: Add news entry for Migration using TLS

2017-03-25  John Ferlan  <jferlan@redhat.com>

	qemu: Set up the migration TLS objects for source
	https://bugzilla.redhat.com/show_bug.cgi?id=1300769

	If the migration flags indicate this migration will be using TLS,
	then while we have connection in the Begin phase check and setup the
	TLS environment that will be used by virMigrationRun during the Perform
	phase for the source to configure TLS.

	Processing adds an "-object tls-creds-x509,endpoint=client,..." and
	possibly an "-object secret,..." to handle the passphrase response.

	Then it sets the 'tls-creds' and possibly 'tls-hostname' migration
	parameters.

	The qemuMigrateCancel will clean up and reset the environment as it
	was originally found.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	qemu: Set up the migration TLS objects for target
	If the migration flags indicate this migration will be using TLS,
	then set up the destination during the prepare phase once the target
	domain has been started to add the TLS objects to perform the migration.

	This will create at least an "-object tls-creds-x509,endpoint=server,..."
	for TLS credentials and potentially an "-object secret,..." to handle the
	passphrase response to access the TLS credentials. The alias/id used for
	the TLS objects will contain "libvirt_migrate".

	Once the objects are created, the code will set the "tls-creds" and
	"tls-hostname" migration parameters to signify usage of TLS.

	During the Finish phase we'll be sure to attempt to clear the
	migration parameters and delete those objects (whether or not they
	were created). We'll also perform the same reset during recovery
	if we've reached FINISH3.

	If the migration isn't using TLS, then be sure to check if the
	migration parameters exist and clear them if so.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	qemu: Add job for qemuDomain{Add|Del}TLSObjects
	Add an asyncJob argument for add/delete TLS Objects. A future patch will
	add/delete TLS objects from a migration which may have a job to join.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	qemu: Add TLS params to _qemuMonitorMigrationParams
	Add the fields to support setting tls-creds and tls-hostname during
	a migration (either source or target). Modify the query migration
	function to check for the presence and set the field for future
	consumers to determine which of 3 conditions is being met (NULL,
	present and set to "", or present and sent to something). These
	correspond to qemu commit id '4af245dc3' which added support to
	default the value to "" and allow setting (or resetting) to ""
	in order to disable. This reset option allows libvirt to properly
	use the tls-creds and tls-hostname parameters.

	Modify code paths that either allocate or use stack space in order
	to call qemuMigrationParamsClear or qemuMigrationParamsFree for cleanup.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	Add new migration flag VIR_MIGRATE_TLS

	qemu: Update the TLS client verify descriptions for vnc and chardev
	Update the descriptions to match the migrate option.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	conf: Introduce migrate_tls_x509_cert_dir
	Add a new TLS X.509 certificate type - "migrate". This will handle the
	creation of a TLS certificate capability (and possibly repository) to
	be used for migrations. Similar to chardev's, credentials will be handled
	via a libvirt secrets; however, unlike chardev's enablement and usage
	will be via a CLI flag instead of a conf flag and a domain XML attribute.

	The migrations using the *x509_verify flag require the client-cert.pem
	and client-key.pem files to be present in the TLS directory - so let's
	also be sure to note that in the qemu.conf file.

2017-03-25  John Ferlan  <jferlan@redhat.com>

	qemu: Replace macro usage of (false); with just (0)

	qemu: Create #define for TLS configuration setup.
	Create GET_CONFIG_TLS_CERT to set up the TLS for 'chardev' TLS setting.
	Soon to be reused.

2017-03-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build on non-Linux
	Fix typo in virNetDevPFGetVF() stub:

	  ATTRUBUTE_UNUSED -> ATTRIBUTE_UNUSED.

	While here, use common indent style for arguments in
	virNetDevGetVirtualFunctionIndex() stub.

2017-03-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid internal snapshots with pflash firmware
	If the variable store (<nvram>) file is raw qemu can't do a snapshot of
	it and thus the snapshot fails. QEMU rejects such snapshot by a message
	which would not be properly interpreted as an error by libvirt.

	Additionally allowing to use a qcow2 variable store backing file would
	solve this issue but then it would become eligible to become target of
	the memory dump.

	Offline internal snapshot would be incomplete too with either storage
	format since libvirt does not handle the pflash file in this case.

	Forbid such snapshot so that we can avoid problems.

2017-03-24  Laine Stump  <laine@laine.org>

	network: only check for IPv6 RA routes when the network has an IPv6 address
	commit 00d28a78 added a check to see if there were any IPv6 routes
	added by RA (Router Advertisement) via an interface that had accept_ra
	set to something other than "2". The check was being done
	unconditionally, but it's only relevant if IPv6 forwarding is going to
	be turned on, and that will only happen if the network has an IPv6
	address.

2017-03-24  Ján Tomko  <jtomko@redhat.com>

	Revert "qemu: forbid migration with an IOMMU device"
	This reverts commit b7118623ad5a8e6ea75d693881c08873eefa3e28.

	Migration was implemented by QEMU commit:
	commit 8cdcf3c1e58d04b6811956d7608efeb66c42d719
	Author: Peter Xu <peterx@redhat.com>
	Date:   Fri Jan 6 12:06:13 2017 +0800

	    intel_iommu: allow migration

	https://bugzilla.redhat.com/show_bug.cgi?id=1433994

2017-03-24  Laine Stump  <laine@laine.org>

	util: new function virNetDevPFGetVF()
	Given an SRIOV PF netdev name (e.g. "enp2s0f0") and VF#, this new
	function returns the netdev name of the referenced VF device
	(e.g. "enp2s11f6"), or NULL if the device isn't bound to a net driver.

2017-03-24  Laine Stump  <laine@laine.org>

	util: new internal function to permit silent failure of virNetDevSetMAC()
	We will want to allow silent failure of virNetDevSetMAC() in the case
	that the SIOSIFHWADDR ioctl fails with errno == EADDRNOTAVAIL. (Yes,
	that is very specific, but we really *do* want a logged failure in all
	other circumstances, and don't want to duplicate code in the caller
	for the other possibilities).

	This patch renames the 3 different virNetDevSetMAC() functions to
	virNetDevSetMACInternal(), adding a 3rd arg called "quiet" and making
	them static (because this extra control will only be needed within
	virnetdev.c). A new global virNetDevSetMAC() is defined that calls
	whichever of the three *Internal() functions gets compiled with quiet
	= false. Callers in virnetdev.c that want to notice a failure with
	errno == EADDRNOTAVAIL and retry with a different strategy rather than
	immediately failing, can call virNetDevSetMACInternal(..., true).

2017-03-24  Laine Stump  <laine@laine.org>

	util: new function virPCIDeviceRebind()
	This function unbinds a device from its driver, then immediately
	rebinds it to its driver again. The code for this new function is just
	the 2nd half of virPCIDeviceBindWithDriverOverride(), so that
	function's 2nd half is replaced with a call to virPCIDeviceRebind().

	util: make virPCIGetDeviceAddressFromSysfsLink() public
	This function will be useful in virnetdev.c, so promote it from static.

2017-03-24  Laine Stump  <laine@laine.org>

	util: change virPCIGetNetName() to not return error if device has no net name
	...and cleanup the callers to report it when it *is* an error.

	In many cases It's useful for virPCIGetNetName() to not log an error
	and simply return a NULL pointer when the given device isn't bound to
	a net driver (e.g. we're looking at a VF that is permanently bound to
	vfio-pci). The existing code would silently return an error in this
	case, which could eventually lead to the dreaded "An error occurred
	but the cause is unknown" log message.

	This patch changes virPCIGetNetName() to still return success if the
	device simply isn't bound to a net driver, and adjusts all the callers
	that require a non-null netname to check for that condition and log an
	error when it happens.

2017-03-24  Laine Stump  <laine@laine.org>

	util: make virMacAddrParse more versatile
	Previously the MAC address text was required to be terminated with a
	NULL. After this, it can be terminated with a space or any control
	character.

	util: eliminate useless local variable
	vf in virNetDevMacVLanDeleteWithVPortProfile() is initialized to -1
	and never set. It's not set for a good reason - because it doesn't
	make sense during macvtap device setup to refer to a VF device as
	"PF:VF#". This patch replaces the two uses of "vf" with "-1", and
	removes the local variable, so that it's more clear we are always
	calling the utility functions with vf set to -1.

	util: use cleanup label consistently in virHostdevNetConfigReplace()
	This will make an upcoming functional change more straightforward.

2017-03-24  Laine Stump  <laine@laine.org>

	util: remove unused args from virNetDevSetVfConfig()
	This function is only called in two places, and the ifindex,
	nltarget_kernel, and getPidFunc args are never used (and never will
	be).

	ifindex - we always know the name of the device, and never know the
	ifindex - if we really did need the ifindex we would have to get it
	from the name using virNetDevGetIndex(). In practice, we just send -1
	to virNetDevSetVfConfig(), which doesn't bother to learn the real
	ifindex (you only need a name *or* an ifindex for the netlink command
	to succeed, not both).

	nltarget_kernel - messages to set the config of an SRIOV VF will
	always go to netlink in the kernel, not to another user process, so
	this arg is always true (there are other uses of netlink messages
	where the message might need to go to another user process, but never
	in the case of RTM_SETLINK for SRIOV).

	getPidFunc - this arg is only used if nltarget_kernel is false, and it
	never is.

	None of this has any functional effect, it just makes it easier to
	follow what's happening when virNetDevSetVfConfig() is called.

2017-03-24  Laine Stump  <laine@laine.org>

	util: permit querying a VF MAC address or VLAN tag by itself
	virNetDevParseVfConfig() assumed that both the MAC address and VLAN
	tag pointers were valid, so even if you only wanted one or the other,
	you would need a variable to hold the returned value for both. This
	patch checks each for a NULL pointer before filling it in.

2017-03-23  Ján Tomko  <jtomko@redhat.com>

	qemu: forbid migration with an IOMMU device
	https://bugzilla.redhat.com/show_bug.cgi?id=1433994

2017-03-23  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix typo in __QEMU_CAPSPRIV_H_ALLOW__

2017-03-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build on non-Linux
	Decorate unused arguments of the virNetDevGetMaster() stub
	with ATTRIBUTE_UNUSED to fix build on systems where this
	stub is used.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	cpu: Remove NONNULL(1) for cpuBaseline
	Since the code checks and handles a NULL 'cpus' anyway, so no need
	for the NONNULL.

	util: Remove NONNULL(1) for virNetDevMacVLanDeleteWithVPortProfile
	Since the source code checks 'ifname' for NULL before using, the prototype
	doesn't need the NONNULL

2017-03-22  John Ferlan  <jferlan@redhat.com>

	util: Remove NONNULL's for virNetDevVPortProfile[Associate|Disassociate]
	The source code will check for NULL arguments for 'macvtap_macaddr' and
	'vmuuid', so no need for the NONNULL in the prototypes. Following the stack
	for both arguments to virNetDevVPortProfileOpSetLink also shows called
	functions would handle a NULL value.

	Additionally, modified the prototype to use the same 'macvtap_macaddr'
	name as the source code for consistency.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	util: Remove NONNULL(1) for virNetDevOpenvswitchGetVhostuserIfname
	Since the code checks and handles a NULL 'path', no need for the NONNULL

	util: Remove NONNULL(2) for virNetDevBandwidthPlug
	Since the code checks and handles a NULL 'net_bandwidth' parameter,
	so no need for NONNNULL.

	util: Remove NONNULL(1,3,4) from virTypedParamsFilter
	The API checks each parameter for NULL anyway and would error, so need
	to add NONNULL on prototype.

	util: Remove NONNULL(1) for virNetDevOpenvswitchSetMigrateData
	The code checks and handles a NULL 'migrate', so no need for NONNULL

	util: Remove NONNULL(1) for virHostdevReAttachDomainDevices
	Since the function handles a NULL 'mgr' condition, no need for the NONNULL

	util: Remove NONNULL(1) for virHostdevPrepareDomainDevices
	Since the code checks 'mgr == NULL' anyway, no need for the prototype
	to have the NONNULL arg check.  Also add an error message to indicate what
	the failure is so that there isn't a failed for some reason error.

	util: Remove NONNULL(2,3) for virHostdevReAttachSCSIVHostDevices
	The comparison code used STREQ_NULLABLE anyway for both 'drv_name' and
	'dom_name', so no need. Add a NULLSTR on the 'dom_name' too.

	util: Remove NONNULL(2,3) for virHostdevReAttachUSBDevices
	The comparison code used STREQ_NULLABLE anyway for both 'drv_name' and
	'dom_name', so no need. Add a NULLSTR on the 'dom_name' too.

	util: Remove NONNULL(2,3) for virHostdevReAttachPCIDevices
	The called function uses a STRNEQ_NULLABLE anyway for both 'drv_name' and
	'dom_name', so no need.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	util: Remove NONNULL(1) for virBitmapParseUnlimited
	The code checks and handles a NULL 'str', so just remove the NONNULL.

	Update the error message to add the NULLSTR() around 'str' also.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	util: Change return argument for virBitmapParseUnlimited
	Rather than returning an int and a *bitmap pointer, just return and
	check a NULL bitmap pointer

2017-03-22  John Ferlan  <jferlan@redhat.com>

	qemu: Remove NONNULL(1) for qemu_monitor prototypes
	The 'mon' argument validity is checked in the QEMU_CHECK_MONITOR for the
	following functions, so they don't need the NONNULL on their prototype:

	qemuMonitorUpdateVideoMemorySize
	qemuMonitorUpdateVideoVram64Size
	qemuMonitorGetAllBlockStatsInfo
	qemuMonitorBlockStatsUpdateCapacity

2017-03-22  John Ferlan  <jferlan@redhat.com>

	qemu: Remove non null 'vm' check from qemuMonitorOpen
	The prototype requires not passing a NULL in the parameter and the callers
	all would fail far before this code would fail if 'vm' was NULL, so just
	remove the check.

	network: Remove null newBandwidth check from networkBandwidthUpdate
	The prototype requires a NONNULL argument and the only caller passes in
	a non-null parameter. Besides the "else if" condition would deref it anyway.

	conf: Remove NONNULL(1) for virDomainNumaGetNodeCount
	Since the code checks and handles a NULL 'numa' parameter, remove the NONNULL
	from the prototype.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	conf: Remove NONNULL(1,2) for virNetDevBandwidthFormat
	Since the code checks and handles NULL parameters, remove the NONNULL
	from the prototype.

	Also fix the comment in the source to reference the right name.

2017-03-22  John Ferlan  <jferlan@redhat.com>

	conf: Remove NONNULL(2) for virNetDevBandwidthParse
	Since the code checks and handles a NULL 'node' before proceeding
	there's no need for the prototype with the NONNULL(2).

	util: Remove NONNULL(1) for virNetDevGetName
	The 'ifindex' argument is not a pointer, so no need for NONNULL in prototype

2017-03-22  John Ferlan  <jferlan@redhat.com>

	qemu: Always format formatStr for blockdev-snapshot-sync
	The qemuDomainSnapshotPrepare should always set a > 0 format value anyway,
	so remove the check.

	Found by Coverity.

2017-03-22  Laine Stump  <laine@laine.org>

	network: reconnect tap devices during networkNotifyActualDevice
	If a network is destroyed and restarted, or its bridge is changed, any
	tap devices that had previously been connected to the bridge will no
	longer be connected. As a first step in automating a reconnection of
	all tap devices when this happens, this patch modifies
	networkNotifyActualDevice() (which is called once for every
	<interface> of every active domain whenever libvirtd is restarted) to
	reconnect any tap devices that it finds disconnected.

	With this patch in place, you will need to restart libvirtd to
	reconnect all the taps to their proper bridges. A future patch will
	add a callback that hypervisor drivers can register with the network
	driver to that the network driver can trigger this behavior
	automatically whenever a network is started.

2017-03-22  Laine Stump  <laine@laine.org>

	util: new function virNetDevTapAttachBridge()
	This patch splits out the part of virNetDevTapCreateInBridgePort()
	that would need to be re-done if an existing tap device had to be
	re-attached to a bridge, and puts it into a separate function. This
	can be used both when an existing domain interface config is updated
	to change its connection, and also to re-attach to the "same" bridge
	when a network has been stopped and restarted. So far it is used for
	nothing.

	util: new function virNetDevGetMaster()
	This function provides the bridge/bond device that the given network
	device is attached to. The return value is 0 or -1, and the master
	device is a char** argument to the function - this is needed in order
	to allow for a "success" return from a device that has no master.

	network: remove unused typedef for networkDnsmasqLeaseFileNameFunc

	util: allow retrieving ethtool features when unprivileged
	The only reason that the ethtool features weren't being retrieved in
	an unprivileged libvirtd was because they required ioctl(), and the
	ioctl was using an AF_PACKET socket, which requires root. Now that we
	are using AF_UNIX for ioctl(), this restriction can be removed.

2017-03-22  Laine Stump  <laine@laine.org>

	util: use AF_UNIX family (not AF_PACKET) for ioctl sockets
	The exact family of the socket created for the fd used by ioctl(7)
	doesn't matter, it just needs to be a socket and not a file. But for
	some reason when macvtap support was added, it used
	AF_PACKET/SOCK_DGRAM sockets for its ioctls; we later used the same
	AF_PACKET/SOCK_DGRAM socket for new ioctls we added, and eventually
	modified the other pre-existing ioctl sockets (for creating/deleting
	bridges) to also use AF_PACKET/SOCK_DGRAM (that code originally used
	AF_UNIX/SOCK_STREAM).

	The problem with using AF_PACKET (intended for sending/receiving "raw"
	packets, i.e. packets that can be some protocol other than TCP or UDP)
	is that it requires root privileges. This meant that none of the
	ioctls in virnetdev.c or virnetdevip.c would work when running
	libvirtd unprivileged.

	This packet solves that problem by changing the family to AF_UNIX when
	creating the socket used for any ioctl().

2017-03-22  Michal Privoznik  <mprivozn@redhat.com>

	domain_capabilities: Don't report machine type for bhyve
	For some drivers the domain's machine type makes no sense. They
	just don't use it. A great example is bhyve driver. Therefore it
	makes very less sense to report machine in domain capabilities
	XML.

2017-03-22  Cédric Bosdonnat  <cbosdonnat@suse.com>

	network: check accept_ra before enabling ipv6 forwarding
	When enabling IPv6 on all interfaces, we may get the host Router
	Advertisement routes discarded. To avoid this, the user needs to set
	accept_ra to 2 for the interfaces with such routes.

	See https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
	on this topic.

	To avoid user mistakenly losing routes on their hosts, check
	accept_ra values before enabling IPv6 forwarding. If a RA route is
	detected, but neither the corresponding device nor global accept_ra
	is set to 2, the network will fail to start.

2017-03-22  Cédric Bosdonnat  <cbosdonnat@suse.com>

	util: add virNetDevGetName() function
	Add a function getting the name of a network interface out of its index.

	bridge_driver.c: more uses of SYSCTL_PATH
	Replace a few occurences of /proc/sys by the corresponding macro
	defined a few lines after: SYSCTL_PATH

	util: add virNetlinkDumpCommand()
	virNetlinkCommand() processes only one response message, while some
	netlink commands, like route dumping, need to process several.
	Add virNetlinkDumpCommand() as a virNetlinkCommand() sister.

	util: extract the request sending code from virNetlinkCommand()
	Allow to reuse as much as possible from virNetlinkCommand(). This
	comment prepares for the introduction of virNetlinkDumpCommand()
	only differing by how it handles the responses.

2017-03-21  John Ferlan  <jferlan@redhat.com>

	qemu: Fix qemuMonitorOpen prototype
	Commit id '85af0b8' added a 'timeout' as the 4th parameter to
	qemuMonitorOpen, but neglected to update the ATTRIBUTE_NONNULL(4)
	to be (5) for the cb parameter.

2017-03-21  Laine Stump  <laine@laine.org>

	network: don't add "no-resolv" if we still need DNS servers from resolv.conf
	It was pointed out here:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1331796#c4

	that we shouldn't be adding a "no-resolv" to the dnsmasq.conf file for
	a network if there isn't any <forwarder> element that specifies an IP
	address but no qualifying domain. If there is such an element, it will
	handle all DNS requests that weren't otherwise handled by one of the
	forwarder entries with a matching domain attribute. If not, then DNS
	requests that don't match the domain of any <forwarder> would not be
	resolved if we added no-resolv.

	So, only add "no-resolv" when there is at least one <forwarder>
	element that specifies an IP address but no qualifying domain.

2017-03-21  Chen Hanxiao  <chenhanxiao@gmail.com>

	cleanup: qemu_capabilities: remove redundant error messages
	We reported error in caller virQEMUCapsCacheLookupByArch.
	So the same error messages in qemuConnectGetDomainCapabilities
	is useless.

2017-03-21  Pavel Hrdina  <phrdina@redhat.com>

	tests: update QEMU 2.9.0 caps data

2017-03-20  Jiri Denemark  <jdenemar@redhat.com>

	news: Document "Enforce guest CPU specification" series

	qemu: Don't try to update undefined guest CPU
	Calling virCPUUpdateLive on a domain with no guest CPU configuration
	does not make sense. Especially when doing so would crash libvirtd.

2017-03-17  John Ferlan  <jferlan@redhat.com>

	conf: Use consistent function name prefixes for virstorageobj
	Use "virStoragePoolObj" as a prefix for any external API in virstorageobj.

	Also a couple of functions were local to virstorageobj.c, so remove their
	external defs iin virstorageobj.h.

	NB: The virStorageVolDef* API's won't change.

2017-03-17  John Ferlan  <jferlan@redhat.com>

	conf: Alter coding style of storage conf function prototypes
	In an effort to be consistent with the source module, alter the function
	prototypes to follow the similar style of source with the "type" on one
	line followed by the function name and arguments on subsequent lines with
	with argument getting it's own line.

	conf: Adjust coding style for storage conf sources
	Alter the format of the code to follow more recent style guidelines of
	two empty lines between functions, function decls with "[static] type"
	on one line followed by function name with arguments to functions each
	on one line.

2017-03-17  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virstorageobj
	Move all the StoragePoolObj related API's into their own module
	virstorageobj from the storage_conf

	Purely code motion at this point, plus adjustments to cleanly build

2017-03-17  Peter Krempa  <pkrempa@redhat.com>

	(log|lock)daemon: Don't spam logs with IO error messages after client disconnects
	The log and lock protocol don't have an extra handshake to close the
	connection. Instead they just close the socket. Unfortunately that
	resulted into a lot of spurious garbage logged to the system log files:

	2017-03-17 14:00:09.730+0000: 4714: error : virNetSocketReadWire:1800 : End of file while reading data: Input/output error

	or in the journal as:

	Mar 13 16:19:33 xxxx virtlogd[32360]: End of file while reading data: Input/output error

	Use the new facility in the netserverclient to suppress the IO error
	report from the virNetSocket layer.

2017-03-17  Peter Krempa  <pkrempa@redhat.com>

	rpc: serverclient: Add option to suppress errors on EOF
	The protocol may not use an explicit API to close the connection and
	just close the socket instead. Add option to suppress errors in such
	case.

	rpc: socket: Add possibility to suppress errors on read hangup
	In some cases a read error due to connection hangup is expected. This
	patch adds a flag that removes the logging of a virError in such case.

2017-03-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Enforce guest CPU specification
	When guest CPU definition uses VIR_CPU_CHECK_FULL checks, we need to
	make sure QEMU does not add or remove any features.

	https://bugzilla.redhat.com/show_bug.cgi?id=822148
	https://bugzilla.redhat.com/show_bug.cgi?id=824989

2017-03-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update CPU definition according to QEMU
	When starting a domain with custom guest CPU specification QEMU may add
	or remove some CPU features. There are several reasons for this, e.g.,
	QEMU/KVM does not support some requested features or the definition of
	the requested CPU model in libvirt's cpu_map.xml differs from the one
	QEMU is using. We can't really avoid this because CPU models are allowed
	to change with machine types and libvirt doesn't know (and probably
	doesn't even want to know) about such changes.

	Thus when we want to make sure guest ABI doesn't change when a domain
	gets migrated to another host, we need to update our live CPU definition
	according to the CPU QEMU created. Once updated, we will change CPU
	checking to VIR_CPU_CHECK_FULL to make sure the virtual CPU created
	after migration exactly matches the one on the source.

	https://bugzilla.redhat.com/show_bug.cgi?id=822148
	https://bugzilla.redhat.com/show_bug.cgi?id=824989

2017-03-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ask QEMU for filtered CPU features
	qemuMonitorGetGuestCPU can now optionally create CPU data from
	filtered-features in addition to feature-words.

	qemu: Use ARCH_IS_X86 in qemuMonitorJSONGetGuestCPU

	qemu: Refactor qemuProcessVerifyGuestCPU

	qemu: Refactor CPU features check
	The checks are now in a dedicated qemuProcessVerifyCPUFeatures function.

	qemu: Refactor KVM features check
	The checks are now in a dedicated qemuProcessVerifyKVMFeatures function.

2017-03-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor Hyper-V features check
	The checks are now in a dedicated qemuProcessVerifyHypervFeatures
	function.

	In addition to moving the code this patch also fixes a few bugs: the
	original code was leaking cpuFeature and the return value of
	virCPUDataCheckFeature was not checked properly.

2017-03-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Set default values for CPU check attribute

	Introduce /domain/cpu/@check XML attribute
	The attribute can be used to request a specific way of checking whether
	the virtual CPU matches created by the hypervisor matches the
	specification in domain XML.

	docs: Clarify /domain/cpu/@match description

	tests: Switch to sparse initialization of virCPUDef

2017-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Don't allow setting 'group_name' alone
	The disk tuning group parameter is ignored by qemu if no other
	throttling options are set. Reject such configuration, since the name
	would not be honored after setting parameters via the live tuning API.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1433180

2017-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Extract tests for subsets of blkdeviotune settings
	When checking capabilities for qemu we need to check whether subsets of
	the disk throttling settings are supported. Extract the checks into a
	separate functions as they will be reused in next patch.

	qemu: command: Extract blkdeviotune checks into a separate function
	qemuBuildDriveStr grew into 'megamoth' proportions. Cut out some parts.

2017-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't steal pointers from 'persistentDef' in qemuDomainGetBlockIoTune
	While the code path that queries the monitor allocates a separate copy
	of the 'group_name' string the path querying the config would not copy
	it. The call to virTypedParameterAssign would then steal the pointer
	(without clearing it) and the RPC layer freed it. Any subsequent call
	resulted into a crash.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1433183

2017-03-17  Guido Günther  <agx@sigxcpu.org>

	qemu: skip QMP probing of CPU definitions when missing
	This unbreaks emulators that don't support this command such as
	qemu-system-mips*.

	Reference: http://bugs.debian.org/854125

2017-03-17  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	perf: remote: Compare perf nparams against the correct constant
	Currently 'virsh perf domain' errors out as the perf nparams is
	incorrectly compared against REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX
	instead of REMOTE_DOMAIN_PERF_EVENTS_MAX.

2017-03-17  Andrea Bolognani  <abologna@redhat.com>

	news: Document support for generic PCIe Root Ports

2017-03-17  Andrea Bolognani  <abologna@redhat.com>

	tests: Test generic PCIe Root Ports
	We want pcie-root-ports to be used when available in QEMU,
	but at the same time we need to ensure that hosts running
	older QEMU releases keep working and that the user can
	override the default at any time.

	Add a comment for the original pcie-root-port test cases
	to make it clear how these new test cases are different.

2017-03-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use generic PCIe Root Ports by default when available
	ioh3420 is emulated Intel hardware, so it always looked
	quite out of place in aarch64/virt guests. Even for x86/q35
	guests, the recently-introduced pcie-root-port is a better
	choice because, unlike ioh3420, it doesn't require IO space
	(a fairly constrained resource) to work.

	If pcie-root-port is available in QEMU, use it; ioh3420 is
	still used as fallback for when pcie-root-port is not
	available.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1408808

2017-03-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Add support for generic PCIe Root Ports
	QEMU 2.9 introduces the pcie-root-port device, which is
	a generic version of the existing ioh3420 device.

	Make the new device available to libvirt users.

2017-03-17  Guido Günther  <agx@sigxcpu.org>

	apparmor: allow /usr/lib/qemu/qemu-bridge-helper
	This is where e.g. Debian puts it.

2017-03-16  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document NVDIMM

2017-03-16  Daniel P. Berrange  <berrange@redhat.com>

	Report what TLS priority string we use for a session

	Short circuit SASL auth when no mechanisms are available
	If the SASL config does not have any mechanisms we currently
	just report an empty list to the client which will then
	fail to identify a usable mechanism. This is a server config
	error, so we should fail immediately on the server side.

	Sanity check explicit TLS file paths
	When providing explicit x509 cert/key paths in libvirtd.conf,
	the user must provide all three. If one or more is missed,
	this leads to obscure errors at runtime when negotiating
	the TLS session

2017-03-16  Daniel P. Berrange  <berrange@redhat.com>

	Increase default file handle limits for daemons
	Linux still defaults to a 1024 open file handle limit. This causes
	scalability problems for libvirtd / virtlockd / virtlogd on large
	hosts which might want > 1024 guest to be running. In fact if each
	guest needs > 1 FD, we can't even get to 500 guests. This is not
	good enough when we see machines with 100's of physical cores and
	TBs of RAM.

	In comparison to other memory requirements of libvirtd & related
	daemons, the resource usage associated with open file handles
	is essentially line noise. It is thus reasonable to increase the
	limits unconditionally for all installs.

2017-03-16  Guido Günther  <agx@sigxcpu.org>

	libxl: fix typo in debug message

2017-03-16  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document adaptive timeout for qemu monitor

2017-03-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Adaptive timeout for connecting to monitor
	There were couple of reports on the list (e.g. [1]) that guests
	with huge amounts of RAM are unable to start because libvirt
	kills qemu in the initialization phase. The problem is that if
	guest is configured to use hugepages kernel has to zero them all
	out before handing over to qemu process. For instance, 402GiB
	worth of 1GiB pages took around 105 seconds (~3.8GiB/s). Since we
	do not want to make the timeout for connecting to monitor
	configurable, we have to teach libvirt to count with this
	fact. This commit implements "1s per each 1GiB of RAM" approach
	as suggested here [2].

	1: https://www.redhat.com/archives/libvir-list/2017-March/msg00373.html
	2: https://www.redhat.com/archives/libvir-list/2017-March/msg00405.html

2017-03-16  Michal Privoznik  <mprivozn@redhat.com>

	virTimeBackOffWait: Avoid long periods of sleep
	While connecting to qemu monitor, the first thing we do is wait
	for it to show up. However, we are doing it with some timeout to
	avoid indefinite waits (e.g. when qemu doesn't create the monitor
	socket at all). After beaa447a29 we are using exponential back
	off timeout meaning, after the first connection attempt we wait
	1ms, then 2ms, then 4 and so on.  This allows us to bring down
	wait time for small domains where qemu initializes quickly.
	However, on the other end of this scale are some domains with
	huge amounts of guest memory. Now imagine that we've gotten up to
	wait time of 15 seconds. The next one is going to be 30 seconds,
	and the one after that whole minute. Well, okay - with current
	code we are not going to wait longer than 30 seconds in total,
	but this is going to change in the next commit.

	The exponential back off is usable only for first few iterations.
	Then it needs to be caped (one second was chosen as the limit)
	and switch to constant wait time.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	test: Don't assume a configFile exists for Storage Pool tests
	Fix a "bug" in the storage pool test driver code which "assumed"
	testStoragePoolObjSetDefaults should fill in the configFile for
	both the Define/Create (persistent) and CreateXML (transient) pools
	by just VIR_FREE()'ing it during CreateXML.  Because the configFile
	was filled in, during Destroy the pool wouldn't be free'd which
	could cause issues for future patches which add tests to validate
	vHBA creation for the storage pool using the same name.

	conf: Alter error message for vHBA creation using parent wwnn/wwpn
	Commit id 'bb74a7ffe' added a fairly non specific message when providing
	only the <parent wwnn='xxx'/> or <parent wwpn='xxx'/> instead of providing
	both wwnn and wwpn. This patch just modifies the message to be more specific
	about which was missing.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Return the vHBA name from virNodeDeviceCreateVport
	Rather than returning true/false and having the caller check if the
	vHBA was actually created, let's do that check within the CreateVport
	function. That way the caller can faithfully assume success based
	on a name start the thread looking for the LUNs. Prior to this change
	it's possible that the vHBA wasn't really created (e.g if the call to
	virVHBAGetHostByWWN returned NULL), we'd claim success, but in reality
	there'd be no vHBA for the pool. This also fixes a second yet seen
	issue that if the nodedev was present, but the parent by name wasn't
	provided (perhaps parent by wwnn/wwpn or by fabric_name), then a failure
	would be returned. For this path it shouldn't be an error - we should
	just be happy that something else is managing the device and we don't
	have to create/delete it.

	The end result is that the createVport code can now just start the
	refresh thread once it gets a non NULL name back.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Move/Rename createVport and deleteVport
	Move the bulk of createVport and rename to virNodeDeviceCreateVport.

	Remove the deleteVport entirely and replace with virNodeDeviceDeleteVport

2017-03-16  John Ferlan  <jferlan@redhat.com>

	util: Rename virFileWaitForDevices
	The function is actually in virutil.c, but prototyped in virfile.h.
	This patch fixes that by renaming the function to virWaitForDevices,
	adding the prototype in virutil.h and libvirt_private.syms, and then
	changing the callers to use the new name.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Convert virStoragePoolSourceAdapter to virStorageAdapter
	Move the virStoragePoolSourceAdapter from storage_conf.h and rename
	to virStorageAdapter.

	Continue with code realignment for brevity and flow.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	storage: Rework createVport and deleteVport
	Rework the code to use the new FCHost specific adapter structures.

	Also rework the parameters to only pass what's need and leave logic in
	the caller for the adapter type and the need to call the helpers.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	storage: Rework getAdapterName to use adapter specific typedefs
	Use the FCHost and SCSIHost adapter specific typedefs

	conf: Rework storage_conf to use adapter specific typedefs
	Rework the helpers/APIs to use the FCHost and SCSIHost adapter types.
	Continue to realign the code for shorter lines.

	conf: Rework storage_adapter_conf to use adapter specific typedefs
	Rework the helpers/APIs to use the FCHost and SCSIHost adapter types.
	Continue to realign the code for shorter lines.

	conf: Split up virStoragePoolSourceAdapter
	Create typedef'd substructures and rework typedef to utilize.

	conf: Extract SCSI adapter type processing into their own helpers
	Rather than have lots of ugly inline code, create helpers to try and
	make things more readable. While creating the helpers realign the code
	as necessary.

	conf: Extract FCHost adapter type processing into their own helpers
	Rather than have lots of ugly inline code, create helpers to try and
	make things more readable. While creating the helpers realign the code
	as necessary.

	conf: Rename API's in storage_adapter_conf
	Rename the API's to remove the storage pool source pieces

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Introduce storage_adapter_conf
	Move code from storage_conf into storage_adapter_conf

	Pure code motion

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Rework parsing in virStoragePoolDefParseSourceAdapter
	Rather than use virXPathString, pass along an virXPathNode and alter
	the parsing to use virXMLPropString.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Split out storage pool source adapter helpers
	Split out the code that munges through the storage pool adapter into
	helpers - it's about to be moved into it's own source file.

	This is purely code motion at this point.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Add missing validate for fchost search fields
	Commit id 'bb74a7ffe' added some new fields to search for a fchost by
	parent wwnn/wwpn or parent_fabric_name, but neglected to validate that
	the data within the fields was valid at parse time. This could lead to
	eventual failure at run time, so rather than have the failure then, let's
	validate now.

2017-03-16  John Ferlan  <jferlan@redhat.com>

	conf: Ensure both parent_wwnn/parent_wwpn provided
	https://bugzilla.redhat.com/show_bug.cgi?id=1428209

	Commit id 'bb74a7ffe' neglected to check that both the parent_wwnn
	parent_wwpn are in the XML if one or the other is similar to how
	the node device code checked (commit id '2b13361bc').

	If only one is provided, the "default" is to use a vHBA capable
	adapter (see commit id '78be2e8b'), so the vHBA could start, but
	perhaps not on the expected adapter.

2017-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Switch to GSSAPI (kerberos) instead of the insecure DIGEST-MD5
	RFC 6331 documents a number of serious security weaknesses in
	the SASL DIGEST-MD5 mechanism. As such, libvirtd should not
	by using it as a default mechanism. GSSAPI is the only other
	viable SASL mechanism that can provide secure session encryption
	so enable that by defalt as the replacement.

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Namespaces for NVDIMM

	qemu: Allow nvdimm in devices CGroups
	Some users might want to pass a blockdev or a chardev as a
	backend for NVDIMM. In fact, this is expected to be the mostly
	used configuration. Therefore libvirt should allow the device in
	devices CGroup then.

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Relabel memdev
	Now that we have APIs for relabel memdevs on hotplug, fill in the
	missing implementation in qemu hotplug code.

	The qemuSecurity wrappers might look like overkill for now,
	because qemu namespace code does not deal with the nvdimms yet.
	Nor does our cgroup code.  But hey, there's cgroup_device_acl
	variable in qemu.conf. If users add their /dev/pmem* device in
	there, the device is allowed in cgroups and created in the
	namespace so they can successfully passthrough it to the domain.
	It doesn't look like overkill after all, does it?

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	secdrivers: Implement memdev relabel APIs

	security: Introduce internal APIs for memdev labelling
	These APIs will be used whenever we are hot (un-)plugging a
	memdev.

	security_selinux: Label host side of NVDIMM
	When domain is being started up, we ought to relabel the host
	side of NVDIMM so qemu has access to it.

	security_dac: Label host side of NVDIMM
	When domain is being started up, we ought to relabel the host
	side of NVDIMM so qemu has access to it.

	qemu: Introduce label-size for NVDIMMs
	For NVDIMM devices it is optionally possible to specify the size
	of internal storage for namespaces. Namespaces are a feature that
	allows users to partition the NVDIMM for different uses.

	qemu: Implement @access for <memory/> banks

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	conf: Introduce @access to <memory/>
	Now that NVDIMM has found its way into libvirt, users might want
	to fine tune some settings for each module separately. One such
	setting is 'share=on|off' for the memory-backend-file object.
	This setting - just like its name suggest already - enables
	sharing the nvdimm module with other applications. Under the hood
	it controls whether qemu mmaps() the file as MAP_PRIVATE or
	MAP_SHARED.

	Yet again, we have such config knob in domain XML, but it's just
	an attribute to numa <cell/>. This does not give fine enough
	tuning on per-memdevice basis so we need to have the attribute
	for each device too.

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement NVDIMM
	So, majority of the code is just ready as-is. Well, with one
	slight change: differentiate between dimm and nvdimm in places
	like device alias generation, generating the command line and so
	on.

	Speaking of the command line, we also need to append 'nvdimm=on'
	to the '-machine' argument so that the nvdimm feature is
	advertised in the ACPI tables properly.

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce QEMU_CAPS_DEVICE_NVDIMM
	Introduce a qemu capability for -device nvdimm.

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	Introduce NVDIMM memory model
	NVDIMM is new type of memory introduced into QEMU 2.6. The idea
	is that we have a Non-Volatile memory module that keeps the data
	persistent across domain reboots.

	At the domain XML level, we already have some representation of
	'dimm' modules. Long story short, NVDIMM will utilize the
	existing <memory/> element that lives under <devices/> by adding
	a new attribute 'nvdimm' to the existing @model and introduce a
	new <path/> element for <source/> while reusing other fields. The
	resulting XML would appear as:

	    <memory model='nvdimm'>
	      <source>
	        <path>/tmp/nvdimm</path>
	      </source>
	      <target>
	        <size unit='KiB'>523264</size>
	        <node>0</node>
	      </target>
	      <address type='dimm' slot='0'/>
	    </memory>

	So far, this is just a XML parser/formatter extension. QEMU
	driver implementation is in the next commit.

	For more info on NVDIMM visit the following web page:

	    http://pmem.io/

2017-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Reorder args and update comment
	Frankly, this function is one big mess. A lot of arguments,
	complicated behaviour. It's really surprising that arguments were
	in random order (input and output arguments were mixed together),
	the documentation was outdated, the description of return values
	was bogus.

	qemuBuildMemoryBackendStr: Pass virDomainMemoryDefPtr

	qemuBuildMemoryBackendStr: Check for @memAccess properly
	Even though this variable contains just values from an enum where
	zero has the usual meaning, it's enum after all and we should
	check it as such.

	qemuBuildMemoryBackendStr: Don't overwrite @force
	This is an input argument. We should not overwrite it.

2017-03-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add config file support
	Introduce config file support for the bhyve driver. The only available
	setting at present is 'firmware_dir' for specifying a directory with
	UEFI firmware files.

2017-03-14  Alexander Vasilenko  <kaperang07@gmail.com>

	docs: Move 'timestamps' and 'encryption' sub-element description
	The description should be in the target for a volume not a pool.

2017-03-13  Jiri Denemark  <jdenemar@redhat.com>

	cputest: New test for Intel Core i7-4510U

2017-03-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report better host-model CPUs in domain caps
	One of the main reasons for introducing host-model CPU definition in a
	domain capabilities XML was the inability to express disabled features
	in a host capabilities XML. That is, when a host CPU is, e.g., Haswell
	without x2apic support, host capabilities XML will have to report it as
	Westmere + a bunch of additional features., but we really want to use
	Haswell - x2apic when creating a host-model CPU.

	Unfortunately, I somehow forgot to do the last step and the code would
	just copy the CPU definition found in the host capabilities XML. This
	changed recently for new QEMU versions which allow us to query host CPU,
	but any slightly older QEMU will not benefit from any change I did. This
	patch makes sure the right CPU model is filled in the domain
	capabilities even with old QEMU.

	The issue was reported in
	https://bugzilla.redhat.com/show_bug.cgi?id=1426456

2017-03-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor virQEMUCapsInitCPU
	The function is now called virQEMUCapsProbeHostCPU. Both the refactoring
	and the change of the name is done for consistency with a new function
	which will be introduced in the following commit.

	cpu: Add list of allowed CPU models to virCPUGetHost
	When creating host CPU definition usable with a given emulator, the CPU
	should not be defined using an unsupported CPU model. The new @models
	and @nmodels parameters can be used to limit CPU models which can be
	used in the result.

	cpu: Add virCPUType parameter to virCPUGetHost
	The parameter can be used to request either VIR_CPU_TYPE_HOST (which has
	been assumed so far) or VIR_CPU_TYPE_GUEST definition.

	cpu: Replace cpuNodeData with virCPUGetHost
	cpuNodeData has always been followed by cpuDecode as no hypervisor
	driver is really interested in raw CPUID data for a host CPU. Let's
	create a new CPU driver API which returns virCPUDefPtr directly.

	Do not format <arch> in guest CPU XML
	This element is only allowed for host CPUs.

2017-03-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: document virt-host-validate bhyve support
	Add an entry about virt-host-validate bhyve support and
	update the driver's page.

2017-03-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBuildNamespace: Handle file mount points
	https://bugzilla.redhat.com/show_bug.cgi?id=1431112

	Yeah, that's right. A mount point doesn't have to be a directory.
	It can be a file too. However, the code that tries to preserve
	mount points under /dev for new namespace for qemu does not count
	with that option.

2017-03-13  Jiri Denemark  <jdenemar@redhat.com>

	Enable forgotten VIR_CONNECT_LIST_STORAGE_POOLS_* flags
	VIR_CONNECT_LIST_STORAGE_POOLS_VSTORAGE and
	VIR_CONNECT_LIST_STORAGE_POOLS_ZFS were added to libvirt but the listing
	API was not properly updated to use them.

	https://bugzilla.redhat.com/show_bug.cgi?id=1431543

2017-03-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: test cases for VNC

2017-03-11  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: add video support
	bhyve supports 'gop' video device that allows clients to connect
	to VMs using VNC clients. This commit adds support for that to
	the bhyve driver:

	 - Introducr 'gop' video device type
	 - Add capabilities probing for the 'fbuf' device that's
	   responsible for graphics
	 - Update command builder routines to let users configure
	   domain's VNC via gop graphics.

2017-03-11  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: enumerate UEFI firmwares
	Extend domain capabilities XML with the information about
	available UEFI firmware files. It searches in the location
	that the sysutils/bhyve-firmware FreeBSD port installs
	files to.

	bhyve: test cases for UEFI bhyvexml2argvtest

2017-03-11  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: add support for booting from UEFI
	Allow to boot using UEFI rather than using an external boot loader
	such as bhyveload or grub-bhyve.

	Also, make LPC PCI-ISA bridge handling more flexible as now it's
	needed not only for serial ports, but for bootrom as well.

2017-03-11  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: virBhyveProbeCaps: BHYVE_CAP_LPC_BOOTROM
	Implement the BHACE_CAP_LPC_BOOTROM capability by checking the stderr
	output of 'bhyve -l bootrom'. If the bootrom option is unsupported, this
	will contain the following output:

	    bhyve: invalid lpc device configuration 'bootrom'

	On newer bhyve versions that do support specifying a bootrom image, the
	standard help will be printed.

2017-03-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virt-host-validate: add bhyve support
	Add bhyve support to virt-host-validate(1). It checks for the
	essential kernel modules to be available so that user can actually
	start VMs, have networking and console access.

	It uses the kldnext(2)/kldstat(2) routines to retrieve modules list.
	As bhyve is only available on FreeBSD and these routines were available
	long before bhyve appeared, not adding any specific configure checks
	for that.

	Also, update tools/Makefile.am to add
	virt-host-validate-$driver.[hc] to the build only if the
	appropriate driver is enabled.

2017-03-10  John Ferlan  <jferlan@redhat.com>

	tests: Add createVHBAByStoragePool-by-parent to fchosttest
	Add a new test to fchosttest in order to test creation of our vHBA
	via the Storage Pool logic.  Unlike the real code, we cannot yet use
	the virVHBA* API's because they (currently) traverse the file system
	in order to get the parent vport capable scsi_host. Besides there's
	no "real" NPIV device here - so we have to take some liberties, at
	least for now.

	Instead, we'll follow the node device tests partially in order to
	create and destroy the vHBA with the test node devices.

2017-03-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHandleMonitorEOF: Disable namespace for domain
	https://bugzilla.redhat.com/show_bug.cgi?id=1430634

	If a qemu process has died, we get EOF on its monitor. At this
	point, since qemu process was the only one running in the
	namespace kernel has already cleaned the namespace up. Any
	attempt of ours to enter it has to fail.

	This really happened in the bug linked above. We've tried to
	attach a disk to qemu and while we were in the monitor talking to
	qemu it just died. Therefore our code tried to do some roll back
	(e.g. deny the device in cgroups again, restore labels, etc.).
	However, during the roll back (esp. when restoring labels) we
	still thought that domain has a namespace. So we used secdriver's
	transactions. This failed as there is no namespace to enter.

2017-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Document preferred naming conventions
	This documents the preferred conventions for naming files,
	structs, enums, typedefs and functions.

2017-03-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Don't overwrite driver stateDir
	This is a very historic artefact. Back in the old days of
	830ba76c3e when we had macros to add arguments onto qemu command
	line (!) we thought it was a good idea to let qemu write out the
	PID file. So we passed -pidfile $stateDir/$domName onto the
	command line. Thus, in order for tests to work we needed stable
	stateDir in the qemu driver. Unfortunately, after 16efa11aa696
	where stateDir is mkdtemp()-d, this approach lead to a leak of
	temp dir.

2017-03-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Reset device removal waiting code after vCPU unplug
	If the delivery of the DEVICE_DELETED event for the vCPU being deleted
	would time out, the code would not call 'qemuDomainResetDeviceRemoval'.

	Since the waiting thread did not unregister itself prior to stopping the
	waiting the monitor code would try to wake it up instead of dispatching
	it to the event worker. As a result the unplug process would not be
	completed and the definition would not be updated.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1428893
	          https://bugzilla.redhat.com/show_bug.cgi?id=1427801

2017-03-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Add debug log when dispatching device removal to existing thread
	Note that the waiting thread is signaled in the debug logs to simplify
	debugging.

2017-03-09  Pavel Hrdina  <phrdina@redhat.com>

	Revert "conf: move iothread XML validation from qemu_command"
	This reverts commit c96bd78e4e71c799dc391566fa9f0652dec55dca.

	So our code is one big mess and we modify domain definition while
	building qemu_command line and our hotplug code share only part
	of the parsing and command line building code.  Let's revert
	that change because to fix it properly would require refactor and
	move a lot of things.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1430275

2017-03-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	configure: disable scsi stroage driver on non-Linux
	Even though scsi storage driver builds fine on non-Linux, it
	will not work properly because it relies on Linux procfs, so
	disable that in configure if we're not building for Linux.

2017-03-09  Pavel Hrdina  <phrdina@redhat.com>

	conf: properly skip graphics listen element in migratable XML
	We should skip <listen type='socket'/> only if the 'socket' path
	is specified because if there is no 'socket' path we need to
	keep that element in migratable XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1366088

2017-03-09  Pavel Hrdina  <phrdina@redhat.com>

	conf: store "autoGenerated" for graphics listen in status XML
	When libvirtd is started we call qemuDomainRecheckInternalPaths
	to detect whether a domain has VNC socket path generated by libvirt
	based on option from qemu.conf.  However if we are parsing status XML
	for running domain the existing socket path can be generated also if
	the config XML uses the new <listen type='socket'/> element without
	specifying any socket.

	The current code doesn't make difference how the socket was generated
	and always marks it as "fromConfig".  We need to store the
	"autoGenerated" value in the status XML in order to preserve that
	information.

	The difference between "fromConfig" and "autoGenerated" is important
	for migration, because if the socket is based on "fromConfig" we don't
	print it into the migratable XML and we assume that user has properly
	configured qemu.conf on both hosts.  However if the socket is based
	on "autoGenerated" it means that a new feature was used and therefore
	we need to leave the socket in migratable XML to make sure that if
	this feature is not supported on destination the migration will fail.

2017-03-08  John Ferlan  <jferlan@redhat.com>

	qemu: Rename variable
	Rename 'secretUsageType' to 'usageType' since it's superfluous in an
	API qemu*Secret*

	qemu: Introduce qemuDomainGetTLSObjects
	Split apart and rename qemuDomainGetChardevTLSObjects in order to make a
	more generic API that can create the TLS JSON prop objects (secret and
	tls-creds-x509) to be used to create the objects

	qemu: Move qemuDomainPrepareChardevSourceTLS call
	Move the call to inside the qemuDomainAddChardevTLSObjects in order to
	further converge the code.

	qemu: Move qemuDomainSecretChardevPrepare call
	Move the call to inside the qemuDomainAddChardevTLSObjects in order to
	further converge the code.

2017-03-08  John Ferlan  <jferlan@redhat.com>

	qemu: Refactor qemuDomainGetChardevTLSObjects to converge code
	Create a qemuDomainAddChardevTLSObjects which will encapsulate the
	qemuDomainGetChardevTLSObjects and qemuDomainAddTLSObjects so that
	the callers don't need to worry about the props.

	Move the dev->type and haveTLS checks in to the Add function to avoid
	an unnecessary call to qemuDomainAddTLSObjects

2017-03-08  John Ferlan  <jferlan@redhat.com>

	qemu: Refactor hotplug to introduce qemuDomain{Add|Del}TLSObjects
	Refactor the TLS object adding code to make two separate API's that will
	handle the add/remove of the "secret" and "tls-creds-x509" objects including
	the Enter/Exit monitor commands.

	qemu: Move exit monitor calls in failure paths
	Since qemuDomainObjExitMonitor can also generate error messages,
	let's move it inside any error message saving code on error paths
	for various hotplug add activities.

	qemu: Introduce qemuDomainSecretInfoTLSNew
	Building upon the qemuDomainSecretInfoNew, create a helper which will
	build the secret used for TLS.

	qemu: Introduce qemuDomainSecretInfoNew
	Create a helper which will create the secinfo used for disks, hostdevs,
	and chardevs.

2017-03-08  Cole Robinson  <crobinso@redhat.com>

	tests: Add storagevol tests for format=iso
	Demonstrates the bug fix in commit 0e5db762627

2017-03-08  Philipp Hahn  <hahn@univention.de>

	doc: fix writing of QEMU
	QEMU should be written all upper or all lower case.

	doc: Correct the default werror policy
	It's only implemented by QEMU and its default is
	VIR_DOMAIN_DISK_ERROR_POLICY_ENOSPACE anyway.

2017-03-08  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: don't probe iothreads if it's not supported by QEMU
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1430258

2017-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuTestDriverInit: Don't access live data
	Some of our tests (e.g. qemuhotplugtest) call
	virDomainSaveConfig(). Now the problem is, qemuTestDriverInit()
	creates a fake qemu driver and fills it with some fake
	configuration. At least so we hoped. The truth is, it calls
	regular virQEMUDriverConfigNew() and then fix couple of paths.
	Literally. Therefore our tests see regular stateDir and configDir
	for the user that is running the tests. Directories, where live
	domain XMLs are stored. Let's just hope our test suite hasn't
	mangled any of them.

2017-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSaveImageUpdateDef: Don't overwrite errors from virDomainDefCheckABIStability
	https://bugzilla.redhat.com/show_bug.cgi?id=1379200

	When we are restoring a domain from a saved image, or just
	updating its XML in the saved image - we have to make sure that
	the ABI guests sees will not change. We have a function for that
	which reports errors. But for some reason if this function fails,
	we call it again with slightly different argument. Therefore it
	might happen that we overwrite the original error and leave user
	with less helpful one.

2017-03-07  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	news: Update the news.xml about perf events added

	perf: add emulation_faults software perf event support
	This patch adds support and documentation
	for the emulation_faults perf event.

	perf: add alignment_faults software perf event support
	This patch adds support and documentation
	for the alignment_faults perf event.

	perf: add page_faults_maj software perf event support
	This patch adds support and documentation
	for the page_faults_maj perf event.

	perf: add page_faults_min software perf event support
	This patch adds support and documentation
	for the page_faults_min perf event.

	perf: add cpu_migrations software perf event support
	This patch adds support and documentation
	for the cpu_migrations perf event.

	perf: add context_switches software perf event support
	This patch adds support and documentation
	for the context_switches perf event.

	perf: add page_faults software perf event support
	This patch adds support and documentation
	for the page_faults perf event.

	perf: add task_clock software perf event support
	This patch adds support and documentation for
	the task_clock perf event.

	perf: add cpu_clock software perf event support
	This patch adds support and documentation for
	the cpu_clock perf event.

2017-03-07  John Ferlan  <jferlan@redhat.com>

	conf: Use consistent function name prefixes for virnwfilterobj
	Use "virNWFilterObj" as a prefix for any external API in virnwfilterobj

	conf: Alter coding style of nwfilter function prototypes
	In an effort to be consistent with the source module, alter the function
	prototypes to follow the similar style of source with the "type" on one
	line followed by the function name and arguments on subsequent lines with
	with argument getting it's own line.

	conf: Adjust coding style for nwfilter conf sources
	Alter the format of the code to follow more recent style guidelines of
	two empty lines between functions, function decls with "[static] type"
	on one line followed by function name with arguments to functions each
	on one line.

2017-03-07  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virnwfilterobj
	Move all the NWFilterObj API's into their own module virnwfilterobj
	from the nwfilter_conf

	Purely code motion at this point, plus adjustments to cleanly build.

2017-03-07  John Ferlan  <jferlan@redhat.com>

	conf: Change virNWFilterObjDeleteDef to virNWFilterDeleteDef
	Rather than pass the nwfilter object, just pass the def to the function

	conf: Change virNWFilterObjSaveDef to virNWFilterSaveDef
	There's no need to pass the driver pointer to nwfilter_conf, just
	pass the configDir.

2017-03-07  John Ferlan  <jferlan@redhat.com>

	util: Avoid possible NULL dereference in virSysinfoParsePPCProcessor
	Found by Coverity. Because there's an "if ((cur = strstr(base, "revision"))
	 != NULL) {" followed by a "base = cur" coverity notes that 'base' could
	then be NULL causing the return to the top of the "while ((tmp_base =
	strstr(base, "processor")) != NULL) {" to have strstr deref a NULL 'base'
	pointer because the setting of base at the bottom of the loop is unconditional.

	Alter the code to set "base = cur" after processing each key. That will
	"ensure" that base doesn't get set to NULL if both "cpu" and "revision"
	do no follow a "processor".

	While a /proc/cpuinfo file that has a "processor" key but with neither
	a "cpu" nor a "revision" doesn't seem feasible, the code is written as if
	it could happen, so we have to account for it.

2017-03-07  John Ferlan  <jferlan@redhat.com>

	util: Resource some resource leaks in virsysinfo code
	Calls to virFileReadAll after a VIR_ALLOC that return NULL all show
	a memory leak since 'ret' isn't virSysinfoDefFree'd and normal path
	"return ret" doesn't free outbuf.

	Reported by Coverity

2017-03-07  Cole Robinson  <crobinso@redhat.com>

	libvirt: document UNDEFINE_KEEP_NVRAM in UndefineFlags docs

2017-03-07  Cole Robinson  <crobinso@redhat.com>

	storage: Don't pass 'iso' format to qemu-img
	$ virsh vol-clone /tmp/test.iso new.iso
	error: Failed to clone vol from test.iso
	error: internal error: Child process (/bin/qemu-img convert -f iso -O iso /tmp/test.iso /tmp/new.iso) unexpected exit status 1: qemu-img: Could not open '/tmp/test.iso': Unknown driver 'iso'

	Map iso->raw before sending the format value to qemu-img

	https://bugzilla.redhat.com/show_bug.cgi?id=972784
	https://bugzilla.redhat.com/show_bug.cgi?id=1419395

2017-03-07  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: cleanup the controller post parse code

	qemu_domain: move controller post parse code into its own function

2017-03-07  Peter Krempa  <pkrempa@redhat.com>

	tests: sysinfo: Add test data for HP moonshot aarch64 box
	Since the kernel does not report much data for that box the sysinfo
	output is comparatively sparse.

	tests: sysinfo: Run all sysinfo tests all the time
	There's no reason why we should avoid running all sysinfo tests on all
	platforms. Refactor the test to get rid of the conditionally compiled
	cruft.

	tests: sysinfo: Export virSysinfoSetup via the private header
	virSysinfoSetup should be used only in tests so it can be moved to the
	new header file rather than using an extern declaration.

	util: sysinfo: Reduce amount of conditionally compiled code
	Whole implementations along with helper totalling screens of code were
	conditionally compiled. That made the code totally unreadable and
	untestable. Rename functions to have the architecture in the name so
	that all can be compiled at the same time and introduce header to allow
	testing them all.

2017-03-07  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: report SATA bus in domain capabilities

2017-03-06  Laine Stump  <laine@laine.org>

	make all struct typedefs comply with proposed coding conventions
	Proposed formal coding conventions encourage defining typedefs for
	vir[Blah] and vir[Blah]Ptr separately from the associated struct named
	_vir[Blah]:

	    typedef struct _virBlah virBlah;
	    typedef virBlah *virBlahPtr;
	    struct _virBlah {
	    ...
	    };

	At some point in the past, I had submitted several patches using a
	more compact style that I prefer, and they were accepted:

	    typedef struct _virBlah {
	        ...
	    } virBlah, *virBlahPtr;

	Since these are by far a minority among all struct definitions, this
	patch changes all those definitions to reflect the style prefered by
	the proposal so that there is 100% consistency.

2017-03-06  Daniel P. Berrange  <berrange@redhat.com>

	Add virsystemdpriv.h to UTIL_SOURCES
	Ensure virsystemdpriv.h gets included in dist tarballs.

2017-03-06  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Don't print extra newline in virsh domstats output

2017-03-06  Ján Tomko  <jtomko@redhat.com>

	Test virSystemd APIs twice to check the cache effects
	Test virSystemd APIs twice to check the cache effects.

2017-03-06  Ján Tomko  <jtomko@redhat.com>

	Cache the presence of machine1 service
	After the system has been booted, it should not change.

	Cache the return value of virSystemdHasMachined.
	Allow starting and terminating machines with just one
	DBus call, instead of three, reducing the chance of
	the call timing out.

	Also introduce a small function for resetting the cache
	to be used in tests.

2017-03-06  Ján Tomko  <jtomko@redhat.com>

	Use macros for testing virSystemd APIs
	This hides the unused third parameter from every line
	and prepares for resetting the environment after each test
	case in the future.

2017-03-06  Ján Tomko  <jtomko@redhat.com>

	Unify checking for machine1 systemd service
	Both virSystemdTerminateMachine and virSystemdCreateMachine
	propagate the error to tell between a non-systemd system
	and a hard error.

	In virSystemdGetMachineNameByPID both are treated the same,
	but an error is ignored by the callers.

	Split out the checks into a separate function.

2017-03-06  John Ferlan  <jferlan@redhat.com>

	test: Make common test*ObjFindByUUID helpers
	Make common helpers testNetworkObjFindByUUID and testStoragePoolObjFindByUUID
	which will replace the repeated patter for each to find objects by UUID.

	As a bonus, the error message processing will also provide the failed uuidstr
	rather than a generic error message.

2017-03-06  John Ferlan  <jferlan@redhat.com>

	test: Make a common testNetworkObjFindByName
	Rather than have multiple places using the same pattern to find
	a network by name using virNetworkObjFindByName, create a common
	helper which will provide a consistent error message as well.

2017-03-06  John Ferlan  <jferlan@redhat.com>

	test: Make common test*ObjFindByName helpers
	Rather than have continued repeated sequences of :

	    testDriverLock()
	    xxx = vir*ObjFindByName()
	    testDriverUnlock()

	    if (xxx == NULL) {
	        virReportError
	        goto cleanup;
	    }

	Make some common helpers which will use the pattern and make a single
	reference using a single common error message.

	Altered for Interfaces, Storage Pools, Storage Volumes, and Node Devices.

	For each the common error message can now also indicate which 'name' was
	not found. For Storage Volumes, the "new" error will be more specific
	rather than just invalid argument.

2017-03-06  John Ferlan  <jferlan@redhat.com>

	conf: Alter coding style of interface function prototypes
	In an effort to be consistent with the source module, alter the function
	prototypes to follow the similar style of source with the "type" on one
	line followed by the function name and arguments on subsequent lines with
	with argument getting it's own line.

	conf: Use consistent function name prefixes for virinterfaceobj
	Use "virInterfaceObj" as a prefix for any external API in virinterfaceobj

	conf: Adjust coding style for interface conf sources
	Alter the format of the code to follow more recent style guidelines of
	two empty lines between functions, function decls with "[static] type"
	on one line followed by function name with arguments to functions each
	on one line.

2017-03-06  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virinterfaceobj
	Move all the InterfaceObj API's into their own module virinterfaceobj
	from the interface_conf

	Purely code motion at this point.

2017-03-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Enforce qemuSecurity wrappers
	Now that we have some qemuSecurity wrappers over
	virSecurityManager APIs, lets make sure everybody sticks with
	them. We have them for a reason and calling virSecurityManager
	API directly instead of wrapper may lead into accidentally
	labelling a file on the host instead of namespace.

2017-03-06  Jiri Denemark  <jdenemar@redhat.com>

	news: Fix typo

	qemu: Drop virQEMUCapsFreeStringList
	The implementation matches virStringListFreeCount. The only difference
	between the two functions is the ordering of their parameters.

2017-03-04  John Ferlan  <jferlan@redhat.com>

	node: Replace variable named 'system' with 'syscap'
	Changes in commit id 'dec6d9df' caused a compilation failure on a RHEL6
	CI build environment. So just replace 'system' with 'syscap' as a name.

	cc1: warnings being treated as errors
	../../src/conf/node_device_conf.c: In function 'virNodeDevCapSystemParseXML':
	../../src/conf/node_device_conf.c:1415: error: declaration of 'system' shadows a global declaration [-Wshadow]

2017-03-04  John Ferlan  <jferlan@redhat.com>

	nodedev: Reduce virNodeDevCapDataPtr usage
	Replace with more data specific pointer types.

	conf: Clean up the _virNodeDevCapData
	Rather than a bunch of embedded union structs, let's create structs
	for each of the structs within the union and make the struct easier
	to read.

	conf: Alter coding style of nodedev function prototypes
	In an effort to be consistent with the source module, alter the function
	prototypes to follow the similar style of source with the "type" on one
	line followed by the function name and arguments on subsequent lines with
	with argument getting it's own line.

	conf: Use consistent function name prefixes for virnodedeviceobj
	Use "virNodeDeviceObj" as a prefix for any external API in virnodedeviceobj

	conf: Adjust coding style for nodedev conf sources
	Alter the format of the code to follow more recent style guidelines of
	two empty lines between functions, function decls with "[static] type"
	on one line followed by function name with arguments to functions each
	on one line.

2017-03-04  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virnodedeviceobj
	Move all the NodeDeviceObj API's into their own module virnodedeviceobj
	from the node_device_conf

	Purely code motion at this point, plus adjustments to cleanly build.

2017-03-03  Matwey V. Kornilov  <matwey.kornilov@gmail.com>

	lxc: associate armv7l as 32-bit variant of aarch64
	AArch64 kernels are technically capable of running armv7l binaries.
	Though some vendors disable this feature during kernel build, we
	need to allow it in LXC.

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	news: Move host CPU model improvement to 3.2.0

	cputest: Add CPUID data for Haswell with TSX
	All existing Haswell CPUID data were gathered from CPUs with broken TSX.
	Let's add new data for Haswell with correct TSX implementation.

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Disable TSX on broken models
	All Intel Haswell processors (except Xeon E7 v3 with stepping >= 4) have
	TSX disabled by microcode update. As not all CPUs are guaranteed to be
	patched with microcode updates we need to explicitly disable TSX on
	affected CPUs to avoid its accidental usage.

	https://bugzilla.redhat.com/show_bug.cgi?id=1406791

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	news: Detect host CPU model by asking QEMU on x86_64

	cputest: Drop .new suffix from CPU test data files

	cputest: Drop obsolete CPU test data files

	cputest: Test virQEMUCapsInitCPUModel
	The original test didn't use family/model numbers to make better
	decisions about the CPU model and thus mis-detected the model in the two
	cases which are modified in this commit. The detected CPU models now
	match those obtained from raw CPUID data.

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Convert all json data files to query-cpu-model-expansion
	Converted by running the following command, renaming the files as
	*.new, and committing only the *.new files.

	    (cd tests/cputestdata; ./cpu-convert.py *.json)

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Switch host CPU data scripts to model expansion
	Instantiating "host" CPU and querying it using qom-get has been the only
	way of probing host CPU via QEMU until 2.9.0 implemented
	query-cpu-model-expansion for x86_64. Even though libvirt never really
	used the old way its result can be easily converted into the one
	produced by query-cpu-model-expansion. Thus we can reuse the original
	test data and possible get new data from hosts where QEMU does not
	support the new QMP command.

	qemu: Make virQEMUCapsInitCPUModel testable

	qemu: Use full CPU model expansion on x86
	The static CPU model expansion is designed to return only canonical
	names of all CPU properties. To maintain backwards compatibility libvirt
	is stuck with different spelling of some of the features, but we need to
	use the full expansion to get the additional spellings. In addition to
	returning all spelling variants for all properties the full expansion
	will contain properties which are not guaranteed to be migration
	compatible. Thus, we need to combine both expansions. First we need to
	call the static expansion to limit the result to migratable properties.
	Then we can use the result of the static expansion as an input to the
	full expansion to get both canonical names and their aliases.

	qemu: Use enum for CPU model expansion type

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Get host CPU model from QEMU on x86_64
	Until now host-model CPU mode tried to enable all CPU features supported
	by the host CPU even if QEMU/KVM did not support them. This caused a
	number of issues and made host-model quite unreliable. Asking QEMU for
	the CPU it can provide and the current host makes host-model much more
	robust.

	This commit fixes the following bugs:

	    https://bugzilla.redhat.com/show_bug.cgi?id=1018251
	    https://bugzilla.redhat.com/show_bug.cgi?id=1371617
	    https://bugzilla.redhat.com/show_bug.cgi?id=1372581
	    https://bugzilla.redhat.com/show_bug.cgi?id=1404627
	    https://bugzilla.redhat.com/show_bug.cgi?id=870071

	In addition to that, the following bug should be mostly limited to cases
	when an unsupported feature is explicitly requested:

	    https://bugzilla.redhat.com/show_bug.cgi?id=1335534

2017-03-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Probe "max" CPU model in TCG
	Querying "host" CPU model expansion only makes sense for KVM. QEMU 2.9.0
	introduces a new "max" CPU model which can be used to ask QEMU what the
	best CPU it can provide to a TCG domain is.

	qemu: Store more types in qemuMonitorCPUModelInfo
	While query-cpu-model-expansion returns only boolean features on s390,
	but x86_64 reports some integer and string properties which we are
	interested in.

	qemu: Prepare for more types in qemuMonitorCPUModelInfo

	qemu: Rename hostCPU/feature element in capabilities cache
	The element will be generalized in the following commits.

	docs: Update description of the host-model CPU mode

	domaincapstest: Add test data for QEMU 2.9.0

	qemucapstest: Update test data for QEMU 2.9.0

2017-03-03  Laine Stump  <laine@laine.org>

	test: fix pcie-root-port-too-many test
	While reviewing a patch from Andrea that modified this test case, I
	realized that although it was "properly failing" (it's a negative
	test), that it was failing for the wrong reason (the MULTIFUNCTION cap
	wasn't set in the test case, so it was saying that multifunction=on
	wasn't supported by the QEMU binary; instead it should have been
	complaining that it had run out of PCI slots of the appropriate type
	and couldn't automatically add any more).

	This improper failure had started when I added the patch to
	automatically aggregate pcie-root-ports onto multiple functions of
	each pcie-root slot, but I hadn't noticed it because the test still
	failed.

	This patch corrects the test case to 1) set the MULTIFUNCTION flag in
	the caps, and 2) attempt to add 241 pcie-root-ports to a domain. Since
	there are 30 slots available on a pcie-root (slot 0 is reserved, and
	slot 31 is used by the integrated SATA controller), and a
	pcie-root-port can only be placed on a function of a slot on
	pcie-root, the maximum number of pcie-root-ports in any domain is 240.

2017-03-03  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix location of blkid.h in include header
	The build system for libvirt correctly detects the location of blkid
	using PKG_CONFIG_PATH environment variable. The file blkid.pc states
	that the include flags should be: 'Cflags: -I${includedir}/blkid' but
	libvirt searches for blkid.h inside ${includedir}/blkid/blkid, which is
	wrong. Until now, the compilation for libvirt succeeded because of pure
	luck, as it had -I/usr/include as a CFLAG. This issue was faced while
	compiling libvirt on Ubuntu 16.04.2 with bare minimum dev packages and a
	custom compiled blkid kept in a non-standard $prefix.

2017-03-03  Andrea Bolognani  <abologna@redhat.com>

	news: Add an empty <change> to each <section>
	The generated HTML will contain <ul></ul> otherwise, which
	triggers an error during 'make check'.

	The proper fix would be not to generate the problematic
	HTML in the first place but, while I'm working on it, this
	workaround will do.

2017-03-03  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use ARCH_IS_X86() more
	In a few cases, we checked for VIR_ARCH_X86_64 and
	VIR_ARCH_I686 separately: change all those to use the
	ARCH_IS_X86() macro instead.

	qemu: Don't omit parentheses
	The ARCH_IS_*() macro are defined in a way that allows
	them to be used if a parentheses-less if statement, but
	we don't really want that to happen

	tests: Fix aliases for pSeries buses
	virQEMUCapsHasPCIMultiBus() performs a version check on
	the QEMU binary to figure out whether multiple buses are
	supported, so to get the correct aliases assigned when
	dealing with pSeries guests we need to spoof the version
	accordingly in the test suite.

	qemu: Drop QEMU_CAPS_PCI_MULTIBUS
	Due to the extra architecture-specific logic, it's already
	necessary for users to call virQEMUCapsHasPCIMultiBus(),
	so the capability itself is just a pointless distraction.

	Post-release version bump to 3.2.0

2017-03-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.1.0
	* docs/news.xml: updated and regenerated NEWS
	* po/*.po*: regenerated

2017-03-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Truncate the chardev logging file even if append is not present
	Our documentation states that the chardev logging file is truncated
	unless append='on' is specified. QEMU also behaves the same way and
	truncates the file unless we provide the argument. The new virlogd
	implementation did not honor if the argument was missing and continued
	to append to the file.

	Truncate the file even when the 'append' attribute is not present to
	behave the same with both implementations and adhere to the docs.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420205

2017-03-01  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachNetDevice: Support attach of type="user"
	https://bugzilla.redhat.com/show_bug.cgi?id=1420668

	This has worked in previous releases.
	My commit c266b60440 broke it.

2017-02-28  Michal Privoznik  <mprivozn@redhat.com>

	testNodeDeviceMockCreateVport: Don't call public APIs
	This function is calling public APIs (virNodeDeviceLookupByName
	etc.). That requires the driver lock to be unlocked and locked
	again. If we, however, replace the public APIs calls with the
	internal calls (that public APIs call anyway), we can drop the
	lock/unlock exercise.

2017-02-27  John Ferlan  <jferlan@redhat.com>

	conf: Fix leak in virNodeDeviceDefParseXML
	The 'nodes' is overwritten after the first usage and possibly leaked
	if any code in the first set of parsing goes to error.

	Found by Coverity.

2017-02-24  Erik Skultety  <eskultet@redhat.com>

	virfile: Fix virFileExists commentary
	Arguably though, function returning only on success is a very
	interesting, although quite impractical concept. Also, the errno isn't
	and shouldn't be preserved in this case, since the errno can be directly
	fed to the virReportSystemError.

2017-02-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessInit: Jump onto correct label in case of error
	After eca76884ea in case of error in qemuDomainSetPrivatePaths()
	in pretended start we jump to stop. I've changed this during
	review from 'cleanup' which turned out to be correct. Well, sort
	of. We can't call qemuProcessStop() as it decrements
	driver->nactive and we did not increment it. However, it calls
	virDomainObjRemoveTransientDef() which is basically the only
	function we need to call. So call that function and goto cleanup;

2017-02-24  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Use virArch enum rather than strings

	cputest: Rename x86 data files
	While "x86" is a CPU sub driver name, it is not a recognized name of any
	architecture known to libvirt. Let's use "x86_64" prefix which can be
	used with virArch APIs.

	cpu_x86: Introduce virCPUx86DataAddFeature
	The API is useful for creating virCPUData in a hypervisor driver from
	data we got by querying the hypervisor.

	cpu_x86: Introduce virCPUx86DataSetVendor
	The API is useful for creating virCPUData in a hypervisor driver from
	data we got by querying the hypervisor.

	cpu_x86: Introduce virCPUx86DataSetSignature
	The API is useful for creating virCPUData in a hypervisor driver from
	data we got by querying the hypervisor.

2017-02-24  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Make virCPUx86DataAddCPUID work with virCPUDataPtr
	The CPU driver provides APIs to create and free virCPUDataPtr. Thus all
	APIs exported from the driver should work with that rather than
	requiring the caller to pass a pointer to an internal part of the
	structure.

	In other words

	    virCPUx86DataAddCPUID(cpudata, &cpuid)

	is much better than the original

	    virCPUx86DataAddCPUID(&cpudata->data.x86, &cpuid)

2017-02-24  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Rework cpuDataFree
	The new API is called virCPUDataFree. Individual CPU drivers are no
	longer required to implement their own freeing function unless they need
	to free architecture specific data from virCPUData.

	cpu_x86: Make virCPUx86DataClear static

	cpu_x86: Drop virCPUx86MakeData and use virCPUDataNew

	qemu: Fix CPU model fallback in domain capabilities
	Our documentation of the domain capabilities XML says that the fallback
	attribute of a CPU model is used to indicate whether the CPU model was
	detected by libvirt itself (fallback="allow") or by asking the
	hypervisor (fallback="forbid"). We need to properly set
	fallback="forbid" when CPU model comes from QEMU to match the
	documentation.

	qemu: Refactor virQEMUCapsInitHostCPUModel

2017-02-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: properly escape socket path for graphics
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1352529

	util: virqemu: introduce virQEMUBuildBufferEscape
	This will eventually replace virQEMUBuildBufferEscapeComma, however
	it's not possible right now.  Some parts of the code that uses the
	old function needs to be refactored.

	util: virbuffer: introduce virBufferEscapeN

2017-02-24  Andrea Bolognani  <abologna@redhat.com>

	tests: Reduce QEMU_CAPS_DEVICE_{DMI_TO_, }PCI_BRIDGE usage
	Now that QEMU_CAPS_DEVICE_PCI_BRIDGE is no longer checked
	unless a pci-bridge is really part of the configuration,
	and most uses of the legacy PCI controller combo have been
	dropped from tests that use PCIe machine types, we can
	drop the corresponding capabilities from a lot of test
	cases.

	tests: Sync tests between qemuxml2argv and qemuxml2xml
	In some cases, only one of the two transformations was
	checked; in other cases, the capabilities set differed.

2017-02-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: spice: don't release used port
	The port is stored in graphics configuration and it will
	also get released in qemuProcessStop in case of error.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1397440

2017-02-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update physical storage size of empty drives
	Previously the code called virStorageSourceUpdateBlockPhysicalSize which
	did not do anything on empty drives since it worked only on block
	devices. After the refactor in c5f6151390 it's called for all devices
	and thus attempts to deref the NULL path of empty drives.

	Add a check that skips the update of the physical size if the storage
	source is empty.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1420718

2017-02-23  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Fix incorrect jump labels in error paths
	Fix incorrect jump labels in error paths as the stop jump is only
	needed if the driver has already changed the state. For example
	'virAtomicIntInc(&driver->nactive)' will be 'reverted' in the
	qemuProcessStop call.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_cgroup: Only try to allow devices if devices CGroup's available
	When a domain needs an access to some device (be it a disk, RNG,
	chardev, whatever), we have to allow it in the devices CGroup (if
	it is available), because by default we disallow all the devices.
	But some of the functions that are responsible for setting up
	devices CGroup are lacking check whether there is any CGroup
	available. Thus users might be unable to hotplug some devices:

	  virsh # attach-device fedora rng.xml
	  error: Failed to attach device from rng.xml
	  error: internal error: Controller 'devices' is not mounted

2017-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Add ATTRIBUTE_FALLTHROUGH for switch cases without break
	In GCC 7 there is a new warning triggered when a switch
	case has a conditional statement (eg if ... else...) and
	some of the code paths fallthrough to the next switch
	statement. e.g.

	conf/domain_conf.c: In function 'virDomainChrEquals':
	conf/domain_conf.c:14926:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
	         if (src->targetTypeAttr != tgt->targetTypeAttr)
	            ^
	conf/domain_conf.c:14928:5: note: here
	     case VIR_DOMAIN_CHR_DEVICE_TYPE_CONSOLE:
	     ^~~~
	conf/domain_conf.c: In function 'virDomainChrDefFormat':
	conf/domain_conf.c:22143:12: error: this statement may fall through [-Werror=implicit-fallthrough=]
	         if (def->targetTypeAttr) {
	            ^
	conf/domain_conf.c:22151:5: note: here
	     default:
	     ^~~~~~~

	GCC introduced a __attribute__((fallthrough)) to let you
	indicate that this is intentionale behaviour rather than
	a bug.

2017-02-23  Daniel P. Berrange  <berrange@redhat.com>

	qemu: add missing break in qemuDomainDeviceCalculatePCIConnectFlags
	One of the conditions in qemuDomainDeviceCalculatePCIConnectFlags
	was missing a break that could result it in falling through to
	an incorrect codepath.

	libxl: fix empty string check for channel path
	The libxl code was checking that a 'char *' was != '\0', instead
	of checking the first element in the string

2017-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Use explicit boolean comparison in OOM check
	GCC 7 gets upset by

	   if (!tmp && (size * count))

	warning

	  util/viralloc.c: In function 'virReallocN':
	  util/viralloc.c:246:23: error: '*' in boolean context, suggest '&&' instead [-Werror=int-in-bool-context]
	     if (!tmp && (size * count)) {
	                 ~~~~~~^~~~~~~~

	Keep it happy by adding != 0 to the right hand expression
	so it realizes we really are wanting to treat the result
	of the arithmetic expression as a boolean

2017-02-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: make more accurate closing connection to sdk
	Current code for example can call unsubscribe if connection
	succeeds but subscribing fails. This will probabaly lead
	only to spurious error messages without any actual inconsistencies
	but nevertheless.

2017-02-22  John Ferlan  <jferlan@redhat.com>

	virsh: Alter formatting a bit for output of domstats fields
	Alter the formatting of each line to not give the appearance of
	one long run-on sentence and to be consistent between the various
	elements of collected/displayed data. The formatting should fit
	within the 80 character display. This removes the need for commas
	at the end of each line.

2017-02-22  Andrea Bolognani  <abologna@redhat.com>

	qemu: Allow multiple bridges when pci-bridges is not available
	qemuDomainAssignPCIAddresses() hardcoded the assumption
	that the only way to support devices on a non-zero bus is
	to add one or more pci-bridges; however, since we now
	support a large selection of PCI controllers that can be
	used instead, the assumption is no longer true.

	Moreover, this check was always redundant, because the
	only sensible time to check for the availability of
	pci-bridge is when building the QEMU command line, and
	such a check is of course already in place.

	In fact, there were *two* such checks, but since one of
	the two was relying on the incorrect assumption explained
	above, and it was redundant anyway, it has been dropped.

2017-02-22  Andrea Bolognani  <abologna@redhat.com>

	tests: Reduce usage of legacy PCI controllers on PCIe machines
	Up until a while ago, libvirt would automatically add a legacy
	PCI controllers combo (dmi-to-pci-bridge + pci-bridge) to any
	PCIe machine type (x86_64/q35 and aarch64/virt).

	As a result, a number of input and output files in the test
	suite ended up containing the legacy PCI controllers, even
	though they are not needed or in any way relevant to the
	feature being tested.

	Get rid of most of the occurrences. Most of the time, this
	just means removing the controllers from the input file and
	regenerating the output files; in a few instances, some
	minor tweaking is performed on the input file, most notably
	removing the memory balloon: as memory balloon support was
	not the scope of the test being changed, there is no loss
	of test coverage from doing so.

	Several occurrences of the legacy PCI controllers remain in
	the test suite, both because removing their usage would have
	required even more tweaking, and because we still want to
	have coverage of this perfectly valid combination.

2017-02-22  Andrea Bolognani  <abologna@redhat.com>

	conf: Make switch statements more strict
	When switching over the values in the virDomainControllerModelPCI
	enumeration, make sure the proper cast is in place so that the
	compiler can warn us when the coverage is not exaustive.

	For the same reason, remove the 'default' case from one of the
	existing switch statements.

2017-02-22  Andrea Bolognani  <abologna@redhat.com>

	qemu: Make switch statements more strict
	When switching over the values in the virDomainControllerModelPCI
	enumeration, make sure the proper cast is in place so that the
	compiler can warn us when the coverage is not exaustive.

	For the same reason, fold some unstructured checks (performed by
	comparing directly against some values in the enumeration) inside
	an existing switch statement.

2017-02-22  Andrea Bolognani  <abologna@redhat.com>

	conf: Remove dead code
	The switch in virDomainPCIControllerModelToConnectType()
	had some code that, while techically part of the
	_PCIE_SWITCH_DOWNSTREAM_PORT case, was in fact dead due
	to the early return.

	Get rid of the dead code, and fix the inaccurate function
	description while at it.

2017-02-22  John Ferlan  <jferlan@redhat.com>

	qemu: Rename qemuAliasTLSObjFromChardevAlias
	It's not really 'Chardev' specific - we can reuse this for other objects.

2017-02-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Use virCPUData.arch in cpuDecode
	virCPUDef.arch is not required to be filled in for guest CPU
	definitions. It doesn't make sense to artificially mandate it to be set
	when cpuDecode is called especially when virCPUData.arch passed to
	cpuDecode already contains the architecture.

	cpu: Introduce virCPUDataNew

	qemu: Introduce virQEMUCapsFormatHostCPUModelInfo
	The CPU model info formating code in virQEMUCapsFormatCache will get
	more complicated soon. Separating the code in
	virQEMUCapsFormatHostCPUModelInfo will make the result easier to read.

	qemu: Skip virQEMUCapsCPUFilterFeatures on non-x86 CPUs
	All features the function is currently supposed to filter out are
	specific to x86_64. We should avoid removing them on other
	architectures. It seems to be quite unlikely other achitectures would
	use the same names, but one can never be sure.

	docs: Fix since statement in host-model documentation

	docs: Drop obsolete statement about CPU modes and migration
	The guest CPU definition has always been updated automatically during
	migration. And currently we just transform any host-model CPU into a
	custom one when a domain starts.

2017-02-22  Tomáš Golembiovský  <tgolembi@redhat.com>

	util: storage: add JSON backing volume parser 'raw' block driver
	The 'raw' block driver in Qemu is not directly interesting from
	libvirt's perspective, but it can be layered above some other block
	drivers and this may be interesting for the user.

	The patch adds support for the 'raw' block driver. The driver is treated
	simply as a pass-through and child driver in JSON is queried to get the
	necessary information.

2017-02-22  Tomáš Golembiovský  <tgolembi@redhat.com>

	util: storage: split function for JSON backing volume parsing in two
	Split virStorageSourceParseBackingJSON into two functions so that the
	core can be reused by other functions. The new function called
	virStorageSourceParseBackingJSONInternal accepts virJSONValuePtr.

2017-02-22  Peter Krempa  <pkrempa@redhat.com>

	news: Mention storage driver split

2017-02-22  Peter Krempa  <pkrempa@redhat.com>

	spec: Modularize the storage driver
	Create a new set of sub-packages containing the new storage driver
	modules so that certain heavy-weight backends (gluster, rbd) can be
	installed separately only if required.

	To keep backward compatibility the 'libvirt-driver-storage' package
	will be turned into a virtual package pulling in all the new storage
	backend sub-packages. The storage driver module will be moved into
	libvirt-driver-storage-core including the filesystem backend which is
	mandatory.

	This then allows to make libvirt-daemon-driver-qemu depend only on the
	core of the storage driver.

	All other meta-packages still depend on the full storage driver and thus
	pull in all the backends.

2017-02-22  Peter Krempa  <pkrempa@redhat.com>

	tests: drivermodule: Make sure that all compiled storage backends can be loaded
	Add a new storage driver registration function that will force the
	backend code to fail if any of the storage backend modules can't be
	loaded. This will make sure that they work and are present.

2017-02-22  Peter Krempa  <pkrempa@redhat.com>

	storage: Turn storage backends into dynamic modules
	If driver modules are enabled turn storage driver backends into
	dynamically loadable objects. This will allow greater modularity for
	binary distributions, where heavyweight dependencies as rbd and gluster
	can be avoided by selecting only a subset of drivers if the rest is not
	necessary.

	The storage modules are installed into 'LIBDIR/libvirt/storage-backend/'
	and users can override the location by using
	'LIBVIRT_STORAGE_BACKEND_DIR' environment variable.

	rpm based distros will at this point install all the backends when
	libvirt-daemon-driver-storage package is installed.

2017-02-22  Peter Krempa  <pkrempa@redhat.com>

	spec: Don't check for storage driver backends in configure script
	Explicitly enable --with-storage-scsi and disable --without-storage-zfs
	and --without-storage-vstorage so that the configure script doesn't
	check for them.

	Note that --with-storage-dir is enabled by default.

2017-02-22  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't accept dummy values for <memoryBacking/> attributes
	Our virSomeEnumTypeFromString() functions return either the value
	of item from the enum or -1 on error. Usually however the value 0
	means 'this value is not set in the domain XML, use some sensible
	default'. Therefore, we don't accept corresponding string in
	domain XML, for instance:

	<memoryBacking>
	  <source mode="none"/>
	  <access mode="default"/>
	  <allocation mode="none"/>
	</memoryBacking>

	should be rejected as invalid XML.

2017-02-21  John Ferlan  <jferlan@redhat.com>

	conf: Fix leak in virNodeDeviceObjListExport
	Fix a leak introduced by 4337bc57b when VIR_STRDUP'g the parent.

	conf: Cleanup matchFCHostToSCSIHost
	Rather than the inlined VIR_FREE's, use a cleanup: label... Fixes an
	issue introduced by 03346def where @name was free'd before usage in
	a virAsprintf to format scsi_host_name.

2017-02-21  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Fix deadlock across fork() in QEMU driver
	The functions in virCommand() after fork() must be careful with regard
	to accessing any mutexes that may have been locked by other threads in
	the parent process. It is possible that another thread in the parent
	process holds the lock for the virQEMUDriver while fork() is called.
	This leads to a deadlock in the child process when
	'virQEMUDriverGetConfig(driver)' is called and therefore the handshake
	never completes between the child and the parent process. Ultimately
	the virDomainObjectPtr will never be unlocked.

	It gets much worse if the other thread of the parent process, that
	holds the lock for the virQEMUDriver, tries to lock the already locked
	virDomainObject. This leads to a completely unresponsive libvirtd.

	It's possible to reproduce this case with calling 'virsh start XXX'
	and 'virsh managedsave XXX' in a tight loop for multiple domains.

	This commit fixes the deadlock in the same way as it is described in
	commit 61b52d2e3813cc8c9ff3ab67f232bd0c65f7318d.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	news: Mention specific vCPU hotplug API

	test: qemuhotplugtest: Add testing of individual vcpu hotplug
	Test that the vcpu entity selection code works properly

	qemu: Implement individual vcpu hotplug API
	Add code that validates user's selection of cores and then uses the
	existing code to plug in the vCPU.

	virsh: Implement command for virDomainSetVcpu called setvcpu
	Add a simple virsh command handler which makes use of the new API.

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	lib: Add API for specific vCPU hot(un)plug
	Similarly to domainSetGuestVcpus this commit adds API which allows to
	modify state of individual vcpus rather than just setting the count.

	This allows to enable CPUs in specific guest NUMA nodes to achieve any
	necessary configuration.

2017-02-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix build breaker after incomplete merge

2017-02-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Forbid slashes in shmem name
	With that users could access files outside /dev/shm.  That itself
	isn't a security problem, but might cause some errors we want to
	avoid.  So let's forbid slashes as we do with domain and volume names
	and also mention that in the schema.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1395496

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	storage: Turn storage backends into static modules
	Compile the storage driver into modules rather than by compiling all
	files together. All modules are still linked together statically.

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Refactor registration of the backend drivers
	Add APIs that allow to dynamically register driver backends so that the
	list of available drivers does not need to be known during compile time.

	This will allow us to modularize the storage driver on runtime.

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	daemon: Refactor connection driver module loading
	Pass the registration function name to virDriverLoadModule so that we
	can later call specific functions if necessary (e.g. for testing
	purposes). This gets rid of the rather ugly automatic name generator and
	unifies the code to load/initialize the modules.

	It's also clear which registration function gets called.

2017-02-21  Peter Krempa  <pkrempa@redhat.com>

	driver: Split/refactor driver module loading
	Split the convoluted driver loader function into simpler parts which
	will potentially allow reuse.

	tests: drivermodule: Drop unused macro arguments
	Refactors of the test resulted into the second argument of the 'TEST'
	macro to be unused. Drop them.

	tests: storagepoolxml2xml: Remove compile conditionals
	The XML2XML test should work properly even if the storage backend is
	disabled, since it does not use it.

	configure: Fix configure output for RBD storage backend
	We'd print status for the 'dir' backend instead of the correct one.

2017-02-20  Daniel P. Berrange  <berrange@redhat.com>

	Format printf format specifier used with niothreadids
	The niothreadids struct field is size_t, so must use %zu not %lu
	with printf. While they're identical on some platforms, on others
	they are different, causing warnings

	conf/domain_conf.c: In function 'virDomainDefCheckABIStabilityFlags':
	conf/domain_conf.c:19575:26: error: format '%lu' expects argument of type 'long unsigned int', but argument 7 has type 'size_t {aka unsigned int}' [-Werror=format=]
	                        _("Target domain iothreads count %lu does not "
	                          ^

	conf/domain_conf.c: In function 'virDomainDefFormatInternal':
	conf/domain_conf.c:23915:46: error: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'size_t {aka unsigned int}' [-Werror=format=]
	         virBufferAsprintf(buf, "<iothreads>%lu</iothreads>\n",
	                                              ^

2017-02-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu_driver: move iothread duplicate check into one place

	qemu_driver: check whether iothread is used by controller
	This follows the same check for disk, because we cannot remove iothread
	if it's used by disk or by controller.  It could lead to crashing QEMU.

	qemu_driver: move iothread existence check into one place

	qemu_driver: always check whether iothread is used by disk or not
	If virDomainDelIOThread API was called with VIR_DOMAIN_AFFECT_LIVE
	and VIR_DOMAIN_AFFECT_CONFIG and both XML were already a different
	it could result in removing iothread from config XML even if there
	was a disk using that iothread.

	conf: move iothread XML validation from qemu_command
	This will ensure that IOThreads are properly validated while
	a domain is defined.

	qemu_process: remove unnecessary iothread check
	The situation covered by the removed code will not ever happen.
	This code is called only while starting a new QEMU process where
	the capabilities where already checked and while attaching to
	existing QEMU process where we don't even detect the iothreads.

	qemu_process: move capabilities check for iothreads

	qemu_driver: check invalid iothread_id before we do anything else

	conf: display all iothread ids in the XML if one of them is not generated

	conf: move iothread parse code into its own function

	conf: remove redundant iothreads variable

	conf: fix indentation

2017-02-20  Peter Krempa  <pkrempa@redhat.com>

	Disallow inclusion of files from src/conf into src/utils
	The utils code should stay separated from other code (except for very
	well justified cases). Unfortunately commit 272769beccd7479c75e700a6cb
	made it trivial to break the separation (and not get slapped by the
	syntax-check rule) by adding -I src/conf to the CFLAGS for utils.

	Remove this shortcut and except the two offenders from the syntax check
	so that the codebase can be kept separated.

2017-02-20  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	node_device: Check return value for udev_new()
	The comment was actually wrong as
	https://www.freedesktop.org/software/systemd/man/udev_new.html#
	mentions that on failure NULL is returned.  Also the same return value
	is checked in src/interface/interface_backend_udev.c already.

2017-02-20  Pavel Hrdina  <phrdina@redhat.com>

	tests: add QEMU 2.9.0 caps data
	QEMU 2.9.0 is not released yet but it's close to its release and
	we need this data to implement new features that will be in
	that release.

	tests: update QEMU 2.8.0 caps data
	The old data was generated from not released QEMU.

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow @rendernode for virgl domains
	When enabling virgl, qemu opens /dev/dri/render*. So far, we are
	not allowing that in devices CGroup nor creating the file in
	domain's namespace and thus requiring users to set the paths in
	qemu.conf. This, however, is suboptimal as it allows access to
	ALL qemu processes even those which don't have virgl configured.
	Now that we have a way to specify render node that qemu will use
	we can be more cautious and enable just that.

	news: add entries for recent nodedev driver improvements

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetHostdevPath: Report /dev/vfio/vfio less frequently
	So far, qemuDomainGetHostdevPath has no knowledge of the reasong
	it is called and thus reports /dev/vfio/vfio for every VFIO
	backed device. This is suboptimal, as we want it to:

	a) report /dev/vfio/vfio on every addition or domain startup
	b) report /dev/vfio/vfio only on last VFIO device being unplugged

	If a domain is being stopped then namespace and CGroup die with
	it so no need to worry about that. I mean, even when a domain
	that's exiting has more than one VFIO devices assigned to it,
	this function does not clean /dev/vfio/vfio in CGroup nor in the
	namespace. But that doesn't matter.

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetHostdevPath: Create /dev/vfio/vfio iff needed
	So far, we are allowing /dev/vfio/vfio in the devices cgroup
	unconditionally (and creating it in the namespace too). Even if
	domain has no hostdev assignment configured. This is potential
	security hole. Therefore, when starting the domain (or
	hotplugging a hostdev) create & allow /dev/vfio/vfio too (if
	needed).

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuSetupHostdevCgroup: Use qemuDomainGetHostdevPath
	Since these two functions are nearly identical (with
	qemuSetupHostdevCgroup actually calling virCgroupAllowDevicePath)
	we can have one function call the other and thus de-duplicate
	some code.

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu_cgroup: Kill qemuSetupHostSCSIVHostDeviceCgroup
	There's no need for this function. Currently it is passed as a
	callback to virSCSIVHostDeviceFileIterate(). However, SCSI host
	devices have just one file path. Therefore we can mimic approach
	used in qemuDomainGetHostdevPath() to get path and call
	virCgroupAllowDevicePath() directly.

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
	There's no need for this function. Currently it is passed as a
	callback to virSCSIDeviceFileIterate(). However, SCSI devices
	have just one file path. Therefore we can mimic approach used in
	qemuDomainGetHostdevPath() to get path and call
	virCgroupAllowDevicePath() directly.

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu_cgroup: Kill qemuSetupHostUSBDeviceCgroup
	There's no need for this function. Currently it is passed as a
	callback to virUSBDeviceFileIterate(). However, USB devices have
	just one file path. Therefore we can mimic approach used in
	qemuDomainGetHostdevPath() to get path and call
	virCgroupAllowDevicePath() directly.

	Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

2017-02-19  Pavel Hrdina  <phrdina@redhat.com>

	util: virvhba: fix typo that breaks build on non-linux systems

2017-02-19  John Ferlan  <jferlan@redhat.com>

	tests: Add createVHBAByNodeDevice-parent-fabric-wwn to fchosttest
	Add a test that allows providing the parent fabric_wwn in the input XML
	in order to create the vHBA.

	This also fixes a mixed setting of the fabric_wwn field from the read
	test driver XML strings.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	tests: Add createVHBAByNodeDevice-parent-wwn to fchosttest
	Add a test that allows providing the parent wwnn/wwpn in the input XML
	in order to create the vHBA.

	tests: Add createVHBAByNodeDevice-no-parent to fchosttest
	Add a test that allows not providing a parent in the input XML, but still
	being able to create finding a VPORT capable NPIV HBA.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	nodedev: Rework virNodeDeviceGetParentHost
	Rework the code to perform the various searches by parent, parent_wwnn/
	parent_wwpn, parent_fabric_wwn, or vport capable in order to return the
	'parent_host' number that is vHBA capable.

	The former virNodeDeviceGetParentHost is renamed to add the ByParent
	on it fixes an issue where if no parent was supplied in the XML to
	create the vHBA, then virNodeDeviceFindByName was called with a NULL
	second parameter which had bad results.

	The reworked code will make the various calls to fetch the NPIV host
	by the passed parameter options or if none are provided find a vport
	capable NPIV HBA to perform the create. If the call is from the delete
	path, then this option won't be allowed.

	Each of virNodeDeviceGetParentHostBy* functions is now static, so
	remove them external definitions.

	A secondary benefit of this is the test_driver now can make use of
	the new API to add some new tests to test the various creation options.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	nodedev: Keep the node device lock longer in nodeDeviceDestroy
	While perhaps improbable, it could be possible that after finding our
	object that another thread running essentially in parallel could attempt
	to delete the same vHBA.

	So rather than dropping the lock right after finding the object, keep
	the lock around while we drop the object lock and work on deleting the
	object. Once the delete occurs we can safely drop the driver lock again.

	Cleanup some of the usage of cleanup instead out for the goto label.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	tests: Add new fchosttest tests for management of a vHBA
	Add a test that will mimic creation and destruction of a vHBA
	by using node device XML. The design will allow for testing the
	multiple mechanisms.

	The first test uses just <parent> in the node device XML. This is
	somewhat similar to the existing objecteventtest, except that this
	test will not provide input wwnn/wwpn's (similar to how the process
	is described for the the libvirt wiki).

	This requires mocking the virRandomGenerateWWN since parsing the
	input XML (virNodeDevCapSCSIHostParseXML) requires either a provided
	wwnn/wwpn in the XML or the ability to randomly generate the wwnn/wwpn.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	util: Move scsi_host specific functions from virutil
	Create a virscsihost.c and place the functions there. That removes the
	last #ifdef __linux__ from virutil.c.

	Take the opporunity to also change the function names and in one case
	the parameters slightly

2017-02-19  John Ferlan  <jferlan@redhat.com>

	util: Replace virStoragePoolGetVhbaSCSIHostParent
	Use the new virNodeDeviceGetParentName instead. Modify the callers to
	build the node device scsi_host# name string in order to call the new
	function so that proper lookup occurs.

	nodedev: Introduce virNodeDeviceGetParentName
	Create a function which takes a node device "name" entry to lookup
	and returns a string containing the parent name for the node device.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	util: Create a new virvhba module and move/rename API's
	Rather than have them mixed in with the virutil apis, create a separate
	virvhba.c module and move the vHBA related calls into there. Soon there
	will be more added.

	Also modify the names of the functions and some arguments to be more
	indicative of what is really happening. Adjust the callers respectively.

	While I was changing fchosttest, rather than the non-descriptive names
	test1...test6, rename them to match what the test is doing.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	test: Fix fchosttest resource leak
	Commit id '666bee3' made fabric_name optional; however, if fabric name
	was present, then a leak would occur.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	tests: Create a more realistic vHBA
	Modify the code to react more like a real HBA -> vHBA creation.

	Currently the code would just modify the input XML definition to
	set the name to a wwpn and then modify the scsi_host capability
	entry for the defintion to change the scsi_host# and unique_id
	before adding that into the node device.

	This patch does things a bit better. It finds and copies a known
	existing vHBA (scsi_host11) in the node_device database and modifies
	that definition to change the name to scsi_host12 and set the wwnn/
	wwpn to what the input XML would expect before adding the def to the
	node device object list.

	Then rather than create a returned "dev" using the (poorly) mocked
	name - perform the lookup using the new device name.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	test: Add helper to create vHBA for testNodeDeviceCreateXML
	Rather than inline the dummy creation of a vHBA to add to the node
	devices - create a helper to do that work.

	Also just tidy up a couple of things while at it...

2017-02-19  John Ferlan  <jferlan@redhat.com>

	test: Add new NPIV capable HBA and a vHBA
	Predefine a second NPIV capable HBA as well as a vHBA using the first
	NPIV capable HBA. This will allow for a mechanism to perform more
	realistic create vHBA testing.

2017-02-19  John Ferlan  <jferlan@redhat.com>

	tests: Alter test_driver HBA name/data to be closer to reality
	Alter "test-scsi-host-vport" to be "scsi_host1" to match the real
	environment. This is the vport capable HBA - IOW the NPIV device.
	Add more fields to scsi_host1 as well.

	Alter the XML being used by the objecttest to create a vHBA in order
	to match the scsi_host1 parent name and to use validateable wwnn/wwpn.
	This will allow for realistic testing.

2017-02-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nodedev: fix build with clang
	Build fails with:

	conf/node_device_conf.c:825:62: error: comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-compare]
	    if ((data->drm.type = virNodeDevDRMTypeFromString(type)) < 0) {
	        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
	conf/node_device_conf.c:1801:59: error: comparison of unsigned enum expression < 0 is always false [-Werror,-Wtautological-compare]
	        if ((type = virNodeDevDevnodeTypeFromString(tmp)) < 0) {
	            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
	2 errors generated.

	Fix by using intermediate variable to store the result similarly
	to how it's done for other FromString* calls.

2017-02-17  Michal Privoznik  <mprivozn@redhat.com>

	nodedev: Introduce new drm cap
	After 7f1bdec5fa0a0cd25 our nodedev driver is capable of
	determining DRM devices (DRM stands for Direct Render Manager not
	Digital rights management). There is still one bit missing
	though: virConnectListAllNodeDevices() is capable of listing
	either all devices or just those with specified capability. Well,
	DRM capability is missing there.

2017-02-17  Marc-André Lureau  <marcandre.lureau@redhat.com>

	qemu: add rendernode argument
	Add a new attribute 'rendernode' to <gl> spice element.

	Give it to QEMU if qemu supports it (queued for 2.9).

2017-02-17  Marc-André Lureau  <marcandre.lureau@redhat.com>

	nodedev: add drm capability
	Add a new 'drm' capability for Direct Rendering Manager (DRM) devices,
	providing device type information.

	Teach the udev backend to populate those devices.

2017-02-17  Marc-André Lureau  <marcandre.lureau@redhat.com>

	nodedev: parse <path>
	This should have been added with c4a4603de (or 0bdefd9b04).

2017-02-17  Marc-André Lureau  <marcandre.lureau@redhat.com>

	nodedev: add <devnode> paths
	Add new <devnode> top-level <device> element, that list the associated
	/dev files. Distinguish the main /dev name from symlinks with a 'type'
	attribute of value 'dev' or 'symlink'.

	Update a test to check XML schema, and actually add it to the test list
	since it was missing.

2017-02-17  Marc-André Lureau  <marcandre.lureau@redhat.com>

	nodedev: fix extra space in dump
	This is a cosmetic change, shouldn't change XML parsing, and doesn't
	break any test.

2017-02-17  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Fix name of the file removed by cpu-parse.sh
	We want to remove the file created by

	    json <<<"$data" >$fname.json

	in case it was empty.

2017-02-16  John Ferlan  <jferlan@redhat.com>

	nodedev: Return the parent for a virNodeDevicePtr struct
	When the 'parent' was added to the virNodeDevicePtr structure
	by commit id 'e8a4ea75a' the 'parent' field was not properly filled
	in when a virGetNodeDevice call was made within driver/config code.
	Only the device name was ever filled in. Fetching the parent required
	a second trip via virNodeDeviceGetParent into the node device lookup
	code was required in order to retrieve the specific parent field (and
	still the parent field was never filled in although it was free'd).

	Since we have the data when we initially call virGetNodeDevice from
	within driver/node_config code - let's just fill in the parent field
	as well for anyone that wants it without requiring another trip into
	the node_device lookup just to get the parent.

	This will allow API's such as virConnectListAllNodeDevices,
	virNodeDeviceLookupByName, and virNodeDeviceLookupSCSIHostByWWN
	to retrieve both name and parent in the returned virNodeDevicePtr.

2017-02-16  Joao Martins  <joao.m.martins@oracle.com>

	libxl: fix coverity issues introduced by 6a95edf
	As discussed here [0][1] Coverity reported two issues:

	- On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
	after sucessfull call libxlDomainMigrationPrepareAny hence we free it.

	Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
	on error paths addresses the issue. In case virThreadCreate fails,
	unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)

	- On libxlMigrationStartTunnel @tc would be leaked.

	Fixed by correctly saving the newly allocated @tc onto @tnl such that
	libxlMigrationStopTunnel would free it up.

	[0] https://www.redhat.com/archives/libvir-list/2017-February/msg00791.html
	[1] https://www.redhat.com/archives/libvir-list/2017-February/msg00833.html

2017-02-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow empty script path to <interface/>
	Before 9c17d665fdc5f (v1.3.2 - I know, right?) it was possible to
	have the following interface configuration:

	  <interface type='ethernet'/>
	    <script path=''/>
	  </interface>

	This resulted in -netdev tap,script=,.. Fortunately, qemu helped
	us to get away with this as it just ignored the empty script
	path. However, after the commit mentioned above it's libvirtd
	who is executing the script. Unfortunately without special
	case-ing empty script path.

2017-02-16  Jim Fehlig  <jfehlig@suse.com>

	news: add entries for libxl driver improvements and bug fixes

2017-02-16  Ján Tomko  <jtomko@redhat.com>

	Validate required CPU features even for host-passthrough
	Commit adff345 allowed enabling features with -cpu host
	without ajdusting the validity checks on domain startup
	and migration.

2017-02-16  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Ensure disk names follow the disk name regex
	Currently disk names do not follow the
	(regex) /^[fhv]d[a-z]+[0-9]*$/ completely
	and hence one can assign disk names like
	vd2 etc. This patch ensures that the
	disk names follow the regex mentioned.
	This patch also adds a testcase.

2017-02-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix potential double free in libxlDriverGetDom0MaxmemConf
	Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
	but introduced a potential double free of mem_tokens

	*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
	    0x00007fffc808cfd0 ***

	Avoid double free by setting mem_tokens to NULL after calling
	virStringListFree.

2017-02-16  Jim Fehlig  <jfehlig@suse.com>

	news: fix spelling of tunneled
	s/tunnelled/tunneled/ in news for the libxl tunneled migration feature.

2017-02-16  Joao Martins  <joao.m.martins@oracle.com>

	news: document libxl tunnelled migration support

2017-02-15  Bob Liu  <bob.liu@oracle.com>

	libxl: add tunnelled migration support
	Tunnelled migration doesn't require any extra network connections
	beside the libvirt daemon.  It's capable of strong encryption and the
	default option of openstack-nova.

	This patch adds the tunnelled migration(Tunnel3params) support to
	libxl.  On the source side, the data flow is:

	 * libxlDoMigrateSend() -> pipe libxlTunnel3MigrationFunc() polls pipe
	 * out and then write to dest stream.

	While on the destination side:
	 * Stream -> pipe -> 'recvfd of libxlDomainStartRestore'

	The usage is the same as p2p migration, execpt adding one extra
	'--tunnelled' to the libvirt p2p migration command.

2017-02-15  Joao Martins  <joao.m.martins@oracle.com>

	libxl: refactor libxlDomainMigrationPrepare
	The newly introduced function libxlDomainMigrationPrepareAny
	will be shared between P2P and tunnelled variations.

2017-02-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Properly check for retval of qemuDomainNamespaceAvailable
	This function is returning a boolean therefore check for '< 0'
	makes no sense. It should have been
	'!qemuDomainNamespaceAvailable'.

	qemu_conf: Check for namespaces availability more wisely
	The bare fact that mnt namespace is available is not enough for
	us to allow/enable qemu namespaces feature. There are other
	requirements: we must copy all the ACL & SELinux labels otherwise
	we might grant access that is administratively forbidden or vice
	versa.
	At the same time, the check for namespace prerequisites is moved
	from domain startup time to qemu.conf parser as it doesn't make
	much sense to allow users to start misconfigured libvirt just to
	find out they can't start a single domain.

2017-02-15  Jim Fehlig  <jfehlig@suse.com>

	apparmor: don't fail on non-apparmor <seclabel>
	If the apparmor security driver is loaded/enabled and domain config
	contains a <seclabel> element whose type attribute is not 'apparmor',
	starting the domain fails when attempting to label resources such
	as tap FDs.

	Many of the apparmor driver entry points attempt to retrieve the
	apparmor security label from the domain def, returning failure if
	not found. Functions such as AppArmorSetFDLabel fail even though
	domain config contains an explicit 'none' secuirty driver, e.g.

	  <seclabel type='none' model='none'/>

	Change the entry points to succeed if the domain config <seclabel>
	is not apparmor. This matches the behavior of the selinux driver.

2017-02-15  Jim Fehlig  <jfehlig@suse.com>

	apparmor: don't overwrite error from reload_profile
	Like other callers of reload_profile, don't overwrite errors in
	AppArmorSetSecurityHostdevLabelHelper.

2017-02-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu_monitor_json: Properly check GetArray return value
	Commit 2a8d40f4ec refactored qemuMonitorJSONGetCPUx86Data and replaced
	virJSONValueObjectGet(reply, "return") with virJSONValueObjectGetArray.
	While the former is guaranteed to always return non-NULL pointer the
	latter may return NULL if the returned JSON object is not an array.

2017-02-14  Andrea Bolognani  <abologna@redhat.com>

	qemu: Call chmod() after mknod()
	mknod() is affected my the current umask, so we're not
	guaranteed the newly-created device node will have the
	right permissions.

	Call chmod(), which is not affected by the current umask,
	immediately afterwards to solve the issue.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1421036

2017-02-14  Andrea Bolognani  <abologna@redhat.com>

	spec: Require libacl when building the QEMU driver
	For the namespaces feature to work properly we need to be able
	to make a perfect copy of the original /dev, including ACLs.

	By adding a BuildRequires on libacl-devel we ensure that ACL
	support will be enabled at configure time and made available
	to the QEMU driver.

2017-02-14  Andrea Bolognani  <abologna@redhat.com>

	configure: Move ACL checks to a separate file

2017-02-14  Ján Tomko  <jtomko@redhat.com>

	util: fix off-by-one when expanding a bitmap
	To make sure bit 'b' fits into the bitmap, we need to allocate b+1
	bits, since we number from 0.

	Adjust the bitmap test to set a bit at a multiple of 16.
	That way the test fails without this fix, because the VIR_REALLOC
	call clears the newly added memory even if the original pointer
	has not changed.

2017-02-14  Tomáš Golembiovský  <tgolembi@redhat.com>

	valgrind: add suppression for bash memory leak
	Add suppression for memory leak in bash observerd with bash 4.4.011 on
	Arch Linux.

2017-02-13  Ján Tomko  <jtomko@redhat.com>

	qemu: enforce maximum ports value for nec-xhci
	This controller only allows up to 15 ports.

	https://bugzilla.redhat.com/show_bug.cgi?id=1375417

2017-02-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: document bhyve e1000 support
	 * Add bhyve e1000 support entry to release notes
	 * Update the bhyve driver page with usage sample

2017-02-13  Ján Tomko  <jtomko@redhat.com>

	conf: check port range even for USB hubs
	Move the range check introduced by commit 2650d5e into
	virDomainUSBAddressFindPort. That way both virDomainUSBAddressRelease
	and virDomainUSBAddressSetAddHub can benefit from it.

	Reported-by: Michal Privoznik <mprivozn@redhat.com>

2017-02-13  Ján Tomko  <jtomko@redhat.com>

	qemu: assign USB port on a selected hub for all devices
	Due to a logic error, the autofilling of USB port when a bus is
	specified:
	    <address type='usb' bus='0'/>
	does not work for non-hub devices on domain startup.

	Fix the logic in qemuDomainAssignUSBPortsIterator to also
	assign ports for USB addresses that do not yet have one.

	https://bugzilla.redhat.com/show_bug.cgi?id=1374128

2017-02-12  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	rpc: Fix potentially segfaults
	We have to allocate first and if, and only if, it was successful we
	can set the count. A segfault has occurred in
	virNetServerServiceNewPostExecRestart() when VIR_ALLOC_N(svc->socks,
	n) has failed, but svc->nsocsk = n was already set. Thus
	virObejectUnref(svc) was called and therefore it was possible that
	virNetServerServiceDispose was called => segmentation fault.  For
	safeness NULL pointer check were added in
	virNetServerServiceDispose().

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add e1000 nic support
	Recently e1000 NIC support was added to bhyve; implement that in
	the bhyve driver:

	 - Add capability check by analyzing output of the 'bhyve -s 0,e1000'
	   command
	 - Modify bhyveBuildNetArgStr() to support e1000 and also pass
	   virConnectPtr so it could call bhyveDriverGetCaps() to check if this
	   NIC is supported
	 - Modify command parsing code to add support for e1000 and adjust tests
	 - Add net-e1000 test

2017-02-10  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	util: Fix indentation for virnetdevmacvlan

2017-02-10  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve possible resource leak in dom0 maximum memory setting
	If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
	or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
	is hit, control goes back to the outer loop processing 'cmd_tokens' and
	it's possible that the 'mem_tokens' would be overwritten.

	Found by Coverity

2017-02-10  Erik Skultety  <eskultet@redhat.com>

	storage: Fix checking whether source filesystem is mounted
	Right now, we use simple string comparison both on the source paths
	(mount's output vs pool's source) and the target (mount's mnt_dir vs
	pool's target). The problem are symlinks and mount indeed returns
	symlinks in its output, e.g. /dev/mappper/lvm_symlink. The same goes for
	the pool's source/target, so in order to successfully compare these two
	replace plain string comparison with virFileComparePaths which will
	resolve all symlinks and canonicalize the paths prior to comparison.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1417203

2017-02-10  Erik Skultety  <eskultet@redhat.com>

	util: Introduce virFileComparePaths
	So rather than comparing 2 paths (strings) as they are, which can very
	easily lead to unnecessary errors (e.g. in storage driver) that the paths
	are not the same when in fact they'd be e.g. just symlinks to the same
	location, we should put our best effort into resolving any symlinks and
	canonicalizing the path and only then compare the 2 paths for equality.

	storage: Fix reporting an error on an already mounted filesystem
	When FS pool's source is already mounted on the target location instead
	of just simply marking the pool as active, thus starting it we fail with
	an error stating that the source is indeed already mounted on the target.

2017-02-10  John Ferlan  <jferlan@redhat.com>

	tests: Link virusbmock with probes
	Seeing similar error to commit id '997be5c27' with the inability
	to find the libvirt_event_poll_purge_timeout_semaphore symbol
	causing a virusbtest failure.

2017-02-10  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	remote generator: Increase upper limit on lists of node devices
	On a system with 697 SCSI disks each configured with 8 paths the command
	virsh nodedev-list fails with
	error: Failed to list node devices
	error: internal error: Too many node_devices '16816' for limit '16384'
	Increasing the upper limit on lists of node devices from 16K to 64K.

2017-02-10  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Mention the min duration for nodesuspend explicitly
	Although currently this is documented in virsh man page
	and virsh help, the expicit mention in the error message
	is helful for tools using the API directly.

2017-02-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorCPUModelInfoFree: Don't leak model_info->props
	==11846== 240 bytes in 1 blocks are definitely lost in loss record 81 of 107
	==11846==    at 0x4C2BC75: calloc (vg_replace_malloc.c:624)
	==11846==    by 0x18C74242: virAllocN (viralloc.c:191)
	==11846==    by 0x4A05E8: qemuMonitorCPUModelInfoCopy (qemu_monitor.c:3677)
	==11846==    by 0x446E3C: virQEMUCapsNewCopy (qemu_capabilities.c:2171)
	==11846==    by 0x437335: testQemuCapsCopy (qemucapabilitiestest.c:108)
	==11846==    by 0x437CD2: virTestRun (testutils.c:180)
	==11846==    by 0x437AD8: mymain (qemucapabilitiestest.c:176)
	==11846==    by 0x4397B6: virTestMain (testutils.c:992)
	==11846==    by 0x437B44: main (qemucapabilitiestest.c:188)

	testUSBList: don't leak @dev
	==22187== 77 (56 direct, 21 indirect) bytes in 1 blocks are definitely lost in loss record 23 of 37
	==22187==    at 0x4C2BC75: calloc (vg_replace_malloc.c:624)
	==22187==    by 0x4E75685: virAlloc (viralloc.c:144)
	==22187==    by 0x4F0613A: virUSBDeviceNew (virusb.c:332)
	==22187==    by 0x4F05BA2: virUSBDeviceSearch (virusb.c:183)
	==22187==    by 0x4F05F95: virUSBDeviceFind (virusb.c:296)
	==22187==    by 0x403514: testUSBList (virusbtest.c:209)
	==22187==    by 0x403BD8: virTestRun (testutils.c:180)
	==22187==    by 0x4039E5: mymain (virusbtest.c:285)
	==22187==    by 0x4056BC: virTestMain (testutils.c:992)
	==22187==    by 0x403A4A: main (virusbtest.c:293)

	virusbmock: Link with libvirt_utils
	We are using couple of functions from there (e.g. virStrdup) and
	rely that the binary linking us has the libvirt_utils linked
	already. Well, this makes valgrind sad.

	tests: Trace re-executing processes with valgrind
	A lot of our tests re-execute themeselves after loading their
	mock library. This, however, makes valgrind sad because currently
	we do not tell it to trace the process after exec().

2017-02-09  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Fix indentation in datatypes.h

2017-02-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	remote generator: handle remoteDomainCreateWithFlags()
	This commit removes the handcrafted code for
	remoteDomainCreateWithFlags() and lets it auto generate.

	A little bit of history repeating...
	Commit 03d813bbcd7b4a183601055006 removed the auto generation of
	remoteDomainCreateWithFlags() because it was thought that the design
	flaw in the remote protocol for virDomainCreate is also within the
	remote protocol for virDomainCreateWithFlags. As the commit message of
	ddaf15d7a3863d54e242f8ff75 mentions this is not the case therefore we
	can auto generate the client part.

	Even worse there was a typo in remoteDomainCreateWithFlags()

	'remote_domain_create_with_flags_args ret;' but in fact it has to be
	'remote_domain_create_with_flags_ret ret;'.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2017-02-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	util: reset the counters to zero
	After freeing the data structures we have to reset the counters to
	zero. This fixes a segmentation fault when virNetDevIPInfoClear is
	called twice (e.g. this is possible in virDomainNetDefParseXML() if
	virDomainNetIPInfoParseXML(...) fails with ret < 0 (this leads to the
	first call of 'virNetDevIPInfoClear(&def->guestIP)') and the resulting
	call of virDomainNetDefFree(def) in the error path of
	virDomainNetDefParseXML() (this leads to the second call of
	virNetDevIPInfoClear(&def->guestIP), and finally to the segmentation
	fault).

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: Fix libvirtd free() segfault if virDomainChrSourceDefNew(...) fails
	If virDomainChrSourceDefNew(xmlopt) fails, it will lead to free()ing
	the uninitialized pointer bus. The fix for this is to initialize bus
	with NULL.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Check if virQEMUCapsNewCopy(...) has failed
	Check if virQEMUCapsNewCopy(...) has failed, thus a segmentation fault
	in virQEMUCapsFilterByMachineType(...) will be avoided.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  David Dai  <zdai@linux.vnet.ibm.com>

	qemu: Fix live migration over RDMA with IPv6
	Using libvirt to do live migration over RDMA via IPv6 address failed.

	For example:
	    rhel73_host1_guest1 qemu+ssh://[deba::2222]/system --verbose
	root@deba::2222's password:
	error: internal error: unable to execute QEMU command 'migrate': RDMA
	ERROR: could not rdma_getaddrinfo address deba

	As we can see, the IPv6 address used by rdma_getaddrinfo() has only
	"deba" part because we didn't properly enclose the IPv6 address in []
	and passed rdma:deba::2222:49152 as the migration URI in
	qemuMonitorMigrateToHost.

2017-02-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix dom0 maximum memory setting
	When the libxl driver is initialized, it creates a virDomainDef
	object for dom0 and adds it to the list of domains. Total memory
	for dom0 was being set from the max_memkb field of libxl_dominfo
	struct retrieved from libxl, but this field can be set to
	LIBXL_MEMKB_DEFAULT (~0ULL) if dom0 maximum memory has not been
	explicitly set by the user.

	This patch adds some simple parsing of the Xen commandline,
	looking for a dom0_mem parameter that also specifies a 'max' value.
	If not specified, dom0 maximum memory is effectively all physical
	host memory.

2017-02-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix reporting of maximum memory
	The libxl driver reports different values of maximum memory depending
	on state of a domain. If inactive, maximum memory value is reported
	correctly. When active, maximum memory is derived from max_pages value
	returned by the XEN_SYSCTL_getdomaininfolist sysctl operation. But
	max_pages can be changed by toolstacks and does not necessarily
	represent the maximum memory a domain can use during its active
	lifetime.

	A better location for determining a domain's maximum memory is the
	/local/domain/<id>/memory/static-max node in xenstore. This value
	is set from the libxl_domain_build_info.max_memkb field when creating
	the domain. Currently it cannot be changed nor can its value be
	exceeded by a balloon operation. From libvirt's perspective, always
	reporting maximum memory with virDomainDefGetMemoryTotal() will produce
	the same results as reading the static-max node in xenstore.

2017-02-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix disk detach when <driver> not specified
	When a user does not explicitly set a <driver> in the disk config,
	libvirt defers selection of a default to libxl. This approach works
	fine when starting a domain with such configuration or attaching a
	disk to a running domain. But when detaching such a disk, libxl
	will fail with "unrecognized disk backend type: 0". libxl makes no
	attempt to recalculate a default backend (driver) on detach and
	simply fails when uninitialized.

	This patch updates the libvirt disk config with the backend selected
	by libxl when starting a domain or attaching a disk to a running
	domain. Another benefit of this approach is that the live XML is
	also updated with the backend driver selected by libxl.

2017-02-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: set default disk format in device post-parse
	When starting a domian, a libxl_domain_config object is created from
	virDomainDef. Any virDomainDiskDef devices with a format of
	VIR_STORAGE_FILE_NONE are mapped to LIBXL_DISK_FORMAT_RAW in the
	corresponding libxl_disk_device, but the virDomainDiskDef format is
	never updated to reflect the change.

	A better place to set a default format for disk devices is the
	device post-parse callback, ensuring the virDomainDiskDef object
	reflects the default format.

2017-02-09  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	docs: Document new ovs_timeout configuration knob
	Document the ovs_timeout introduced to libvirtd.conf in previous
	patches.

2017-02-09  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	libvirtd: set openvswitch timeout value based on config data
	Since a successful completion of the calls to openvswitch is expected
	a longer timeout should be able to be chosen to account for loaded systems.
	Therefore this patch provides the ability to specify the timeout value for
	openvswitch calls in the libvirtd configuration file.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	network: allow to specify timeout for openvswitch calls
	This patchs allows to set the timeout value used for all
	openvswitch calls. The default timeout value remains as
	before at 5 seconds.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	libvirtd: add openvitch timeout value
	Provide the ability to specify a default timeout value for
	successful completion of openvswitch calls in the libvirtd
	configuration file.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2017-02-09  Jaroslav Safka  <jaroslavx.safka@intel.com>

	docs: Document new <memoryBacking/> elements
	Document the extensions made to domain <memoryBacking/> element
	made in previous commits.

2017-02-09  Jaroslav Safka  <jaroslavx.safka@intel.com>

	qemu: Add args generation for file memory backing
	This patch add support for file memory backing on numa topology.

	The specified access mode in memoryBacking can be overriden
	by specifying token memAccess in numa cell.

2017-02-09  Jaroslav Safka  <jaroslavx.safka@intel.com>

	conf: Add new xml elements for file memorybacking support
	This part introduces new xml elements for file based
	memorybacking support and their parsing.
	(It allows vhost-user to be used without hugepages.)

	New xml elements:
	<memoryBacking>
	  <source type="file|anonymous"/>
	  <access mode="shared|private"/>
	  <allocation mode="immediate|ondemand"/>
	</memoryBacking>

2017-02-09  Jaroslav Safka  <jaroslavx.safka@intel.com>

	qemu_conf: Add param memory_backing_dir
	Add new parameter memory_backing_dir where files will be stored when memoryBacking
	source is selected as file.

	Value is stored inside char* memoryBackingDir

2017-02-09  Jaroslav Safka  <jaroslavx.safka@intel.com>

	qemu, conf: Rename virNumaMemAccess to virDomainMemoryAccess
	Rename to avoid duplicate code. Because virDomainMemoryAccess will be
	used in memorybacking for setting default behaviour.

	NOTE: The enum cannot be moved to qemu/domain_conf because of headers
	dependency

2017-02-09  Maxim Nestratov  <mnestratov@virtuozzo.com>

	cpu: fix typo: rename __kvm_hv_spinlock to __kvm_hv_spinlocks
	Strings associated with virDomainHyperv values in domain_conf.c are used to
	construct HyperV CPU features names to be compared with names defined in
	cpu_x86_data.h and the names for HyperV "spinlocks" feature don't match.
	This leads to a misleading warning:
	"host doesn't support hyperv 'spinlocks' feature" even when it's supported.
	Let's fix it and rename along with it VIR_CPU_x86_KVM_HV_SPINLOCK to
	VIR_CPU_x86_KVM_HV_SPINLOCKS.

2017-02-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu_command: Fix check for gluster disks

	qemu_blockjob: Avoid dereferencing NULL on OOM

	cpu_x86: Fix memory leak in virCPUx86Translate
	virCPUDefStealModel is called with keepVendor == true which means the
	cpu structure will keep its original vendor/vendor_id values. Thus it
	makes no sense to copy them to the translated definition as they won't
	be used there anyway. Except that the translated->vendor pointer might
	get lost in x86Decode.

2017-02-09  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: cleanup: remove unused constant
	PARALLELS_STATISTICS_DROP_COUNT isn't used anymore

	vz: fix event handle leak in prlsdkHandlePerfEvent
	When we happen to lose a domain but still get a performance event
	for it, we should also free the event handle.

	vz: fix handle leak in prlsdkHandleVmStateEvent
	Every successful call of PrlEvent_GetParamByName allocates a handle,
	which has to be freed.

2017-02-09  Michal Privoznik  <mprivozn@redhat.com>

	qemu_security: Introduce ImageLabel APIs
	Just like we need wrappers over other virSecurityManager APIs, we
	need one for virSecurityManagerSetImageLabel and
	virSecurityManagerRestoreImageLabel. Otherwise we might end up
	relabelling device in wrong namespace.

2017-02-08  Jim Fehlig  <jfehlig@suse.com>

	libxl: use init and dispose functions with libxl_physinfo
	The typical pattern when calling libxl functions that populate a
	structure is

	  libxl_foo foo;
	  libxl_foo_init(&foo);
	  libxl_get_foo(ctx, &foo);
	  ...
	  libxl_foo_dispose(&foo);

	Fix several instances of libxl_physinfo missing the init and
	dispose calls.

2017-02-08  Jim Fehlig  <jfehlig@suse.com>

	libxl: honor autoballoon setting in libxl.conf
	libxlGetAutoballoonConf is supposed to honor user-specified
	autoballoon setting in libxl.conf. As written, the user-specified
	setting could be overwritten by the subsequent logic to check
	dom0_mem parameter. If user-specified setting is present and
	correct, accept it. Only fallback to checking Xen dom0_mem
	command line parameter if user-specfied setting is not present.

2017-02-08  Joao Martins  <joao.m.martins@oracle.com>

	xenconfig: fix xml to xl.cfg conversion with no graphics
	If no graphics element is in XML xenFormatXLSpice will access
	graphics without checking it has one in the first place, leading to a
	segmentation fault.

2017-02-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainNamespaceSetupDisk: Simplify disk check
	Firstly, instead of checking for next->path the
	virStorageSourceIsEmpty() function should be used which also
	takes disk type into account.
	Secondly, not every disk source passed has the correct type set
	(due to our laziness). Therefore, instead of checking for
	virStorageSourceIsBlockLocal() and also S_ISBLK() the former can
	be refined to just virStorageSourceIsLocalStorage().

	qemuDomainDiskChainElement{Prepare,Revoke}: manage /dev entry
	Again, one missed bit. This time without this commit there is no
	/dev entry  in the namespace of the qemu process when doing disk
	snapshots or block-copy.

	qemuDomainNamespace{Setup,Teardown}Disk: Don't pass pointer to full disk
	These functions do not need to see the whole virDomainDiskDef.
	Moreover, they are going to be called from places where we don't
	have access to the full disk definition. Sticking with
	virStorageSource is more than enough.

	qemuDomainNamespaceSetupDisk: Drop useless @src variable
	Since its introduction in 81df21507bef9 this variable was never
	used.

	qemu_domain: Don't pass virDomainDeviceDefPtr to ns helpers
	There is no need for this. None of the namespace helpers uses it.
	Historically it was used when calling secdriver APIs, but we
	don't to that anymore.

	qemu_security: Drop qemuSecuritySetRestoreAllLabelData struct
	This struct is unused after 095f042ed68b01.

	qemuDomainAttachSCSIVHostDevice: manage /dev entry
	Again, one missed bit. This time without this commit there is no
	/dev entry in the namespace of the qemu process when attaching
	vhost SCSI device.

	qemuDomainAttachSCSIVHostDevice: Prefer qemuSecurity wrappers
	Since we have qemuSecurity wrappers over
	virSecurityManagerSetHostdevLabel and
	virSecurityManagerRestoreHostdevLabel we ought to use them
	instead of calling secdriver APIs directly.  Without those
	wrappers the labelling won't be done in the correct namespace
	and thus won't apply to the nodes seen by qemu itself.

2017-02-07  Laine Stump  <laine@laine.org>

	qemu: propagate bridge MTU into qemu "host_mtu" option
	libvirt was able to set the host_mtu option when an MTU was explicitly
	given in the interface config (with <mtu size='n'/>), set the MTU of a
	libvirt network in the network config (with the same named
	subelement), and would automatically set the MTU of any tap device to
	the MTU of the network.

	This patch ties that all together (for networks based on tap devices
	and either Linux host bridges or OVS bridges) by learning the MTU of
	the network (i.e. the bridge) during qemuInterfaceBridgeConnect(), and
	returning that value so that it can then be passed to
	qemuBuildNicDevStr(); qemuBuildNicDevStr() then sets host_mtu in the
	interface's commandline options.

	The result is that a higher MTU for all guests connecting to a
	particular network will be plumbed top to bottom by simply changing
	the MTU of the network (in libvirt's config for libvirt-managed
	networks, or directly on the bridge device for simple host bridges or
	OVS bridges managed outside of libvirt).

	One question I have about this - it occurred to me that in the case of
	migrating a guest from a host with an older libvirt to one with a
	newer libvirt, the guest may have *not* had the host_mtu option on the
	older machine, but *will* have it on the newer machine. I'm curious if
	this could lead to incompatibilities between source and destination (I
	guess it all depends on whether or not the setting of host_mtu has a
	practical effect on a guest that is already running - Maxime?)

	Likewise, we could run into problems when migrating from a newer
	libvirt to older libvirt - The guest would have been told of the
	higher MTU on the newer libvirt, then migrated to a host that didn't
	understand <mtu size='blah'/>. (If this really is a problem, it would
	be a problem with or without the current patch).

2017-02-07  Laine Stump  <laine@laine.org>

	network: honor mtu setting when creating network
	This resolves: https://bugzilla.redhat.com/1224348

2017-02-07  Laine Stump  <laine@laine.org>

	conf: support configuring mtu size in a virtual network
	Example:

	  <network>
	     ...
	     <mtu size='9000'/>
	     ...

	If mtu is unset, it's assumed that we want the default for whatever is
	the underlying transport (usually this is 1500).

	This setting isn't yet wired in, so it will have no effect.

	This partially resolves: https://bugzilla.redhat.com/1224348

2017-02-07  Laine Stump  <laine@laine.org>

	util: add MTU arg to virNetDevTapCreateInBridgePort()
	virNetDevTapCreateInBridgePort() has always set the new tap device to
	the current MTU of the bridge it's being attached to. There is one
	case where we will want to set the new tap device to a different
	(usually larger) MTU - if that's done with the very first device added
	to the bridge, the bridge's MTU will be set to the device's MTU. This
	patch allows for that possibility by adding "int mtu" to the arg list
	for virNetDevTapCreateInBridgePort(), but all callers are sending -1,
	so it doesn't yet have any effect.

	Since the requested MTU isn't necessarily what is used in the end (for
	example, if there is no MTU requested, the tap device will be set to
	the current MTU of the bridge), and the hypervisor may want to know
	the actual MTU used, we also return the actual MTU to the caller (if
	actualMTU is non-NULL).

2017-02-07  Andrea Bolognani  <abologna@redhat.com>

	qemu: Forbid <memoryBacking><locked> without <memtune><hard_limit>
	In order for memory locking to work, the hard limit on memory
	locking (and usage) has to be set appropriately by the user.

	The documentation mentions the requirement already: with this
	patch, it's going to be enforced by runtime checks as well,
	by forbidding a non-compliant guest from being defined as well
	as edited and started.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316774

2017-02-07  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: mention bhyve SATA address changes in news.xml

2017-02-07  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix virtio disk addresses
	Like it usually happens, I fixed one thing and broke another:
	in 803966c76 address allocation was fixed for SATA disks, but
	broke that for virtio disks, because it dropped disk address
	assignment completely. It's not needed for SATA disks anymore,
	but still needed for the virtio ones.

	Bring that back and add a couple of tests to make sure it won't
	happen again.

2017-02-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceMknod: Don't loop endlessly
	When working with symlinks it is fairly easy to get into a loop.
	Don't.

	qemuDomainAttachDeviceMknod: Deal with symlinks
	Similarly to one of the previous commits, we need to deal
	properly with symlinks in hotplug case too.

	qemuDomainCreateDevice: Don't loop endlessly
	When working with symlinks it is fairly easy to get into a loop.
	Don't.

2017-02-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDevice: Properly deal with symlinks
	Imagine you have a disk with the following source set up:

	/dev/disk/by-uuid/$uuid (symlink to) -> /dev/sda

	After cbc45525cb21 the transitive end of the symlink chain is
	created (/dev/sda), but we need to create any item in chain too.
	Others might rely on that.
	In this case, /dev/disk/by-uuid/$uuid comes from domain XML thus
	it is this path that secdriver tries to relabel. Not the resolved
	one.

2017-02-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomain{Attach,Detach}Device NS helpers: Don't relabel devices
	After previous commit this has become redundant step.
	Also setting up devices in namespace and setting their label
	later on are two different steps and should be not done at once.

	qemu_security: Use more transactions
	The idea is to move all the seclabel setting to security driver.
	Having the relabel code spread all over the place looks very
	messy.

	qemuSecurityRestoreAllLabel: Don't use transactions
	Because of the nature of security driver transactions, it is
	impossible to use them properly. The thing is, transactions enter
	the domain namespace and commit all the seclabel changes.
	However, in RestoreAllLabel() this is impossible - the qemu
	process, the only process running in the namespace, is gone. And
	thus is the namespace. Therefore we shouldn't use the transactions
	as there is no namespace to enter.

2017-02-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainPrepareDisk: Fix ordering
	The current ordering is as follows:
	1) set label
	2) create the device in namespace
	3) allow device in the cgroup

	While this might work for now, it will definitely not work if the
	security driver would use transactions as in that case there
	would be no device to relabel in the domain namespace as the
	device is created in the second step.
	Swap steps 1) and 2) to allow security driver to use more
	transactions.

2017-02-07  Michal Privoznik  <mprivozn@redhat.com>

	util: Introduce virFileReadLink
	We will need to traverse the symlinks one step at the time.
	Therefore we need to see where a symlink is pointing to.

	virProcessRunInMountNamespace: Report errors from child
	The comment to the function states that the errors from the child
	process are reported. Well, the error buffer is filled with
	possible error messages. But then it is thrown away. Among with
	important error message from the child process.

	xenFormatXLDisk: Don't leak @target
	==11260== 1,006 bytes in 1 blocks are definitely lost in loss record 106 of 111
	==11260==    at 0x4C2AE5F: malloc (vg_replace_malloc.c:297)
	==11260==    by 0x4C2BDFF: realloc (vg_replace_malloc.c:693)
	==11260==    by 0x4EA430B: virReallocN (viralloc.c:245)
	==11260==    by 0x4EA7C52: virBufferGrow (virbuffer.c:130)
	==11260==    by 0x4EA7D28: virBufferAdd (virbuffer.c:165)
	==11260==    by 0x4EA8E10: virBufferStrcat (virbuffer.c:718)
	==11260==    by 0x42D263: xenFormatXLDiskSrcNet (xen_xl.c:960)
	==11260==    by 0x42D4EB: xenFormatXLDiskSrc (xen_xl.c:1015)
	==11260==    by 0x42D870: xenFormatXLDisk (xen_xl.c:1101)
	==11260==    by 0x42DA89: xenFormatXLDomainDisks (xen_xl.c:1148)
	==11260==    by 0x42EAF8: xenFormatXL (xen_xl.c:1558)
	==11260==    by 0x40E85F: testCompareParseXML (xlconfigtest.c:105)

2017-02-04  John Ferlan  <jferlan@redhat.com>

	util: Fix domain object leaks on closecallbacks
	Originally/discovered proposed by "Wang King <king.wang@huawei.com>"

	When the virCloseCallbacksSet is first called, it increments the refcnt
	on the domain object to ensure it doesn't get deleted before the callback
	is called. The refcnt would be decremented in virCloseCallbacksUnset once
	the entry is removed from the closeCallbacks has table.

	When (mostly) normal shutdown occurs, the qemuProcessStop will end up
	calling qemuProcessAutoDestroyRemove and will remove the callback from
	the list and hash table normally and decrement the refcnt.

	However, when qemuConnectClose calls virCloseCallbacksRun, it will scan
	the (locked) closeCallbacks list for matching domain and callback function.
	If an entry is found, it will be removed from the closeCallbacks list and
	placed into a lookaside list to be processed when the closeCallbacks lock
	is dropped. The callback function (e.g. qemuProcessAutoDestroy) is called
	and will run qemuProcessStop. That code will fail to find the callback
	in the list when qemuProcessAutoDestroyRemove is called and thus not decrement
	the domain refcnt. Instead since the entry isn't found the code will just
	return (mostly) harmlessly.

	This patch will resolve the issue by taking another ref during the
	search UUID process during virCloseCallackRun, decrementing the refcnt
	taken by virCloseCallbacksSet, calling the callback routine and returning
	overwriting the vm (since it could return NULL). Finally, it will call the
	virDomainObjEndAPI to lower the refcnt and remove the lock taken during
	the search UUID processing. This may cause the vm to be destroyed.

2017-02-03  Daniel P. Berrange  <berrange@redhat.com>

	virtlockd: fix systemd unit file dependancies
	After deploying virtlogd by default we identified a number of
	mistakes in the systemd unit file. virtlockd's relationship
	to libvirtd is the same as virtlogd, so we must apply the
	same unit file fixes to virtlockd

2017-02-03  Peter Krempa  <pkrempa@redhat.com>

	HACKING: Update after recent change of the html file

2017-02-03  Andrea Bolognani  <abologna@redhat.com>

	docs: Release notes should be updated in a separate commit
	Updating docs/news.xml in the same commit that performs the
	documented change makes backports needlessly complicated,
	both for mainteinance branches and downstream distributions,
	because it introduces additional potential for merge
	conflicts.

	Document in the contributor guidelines that the release notes
	should be updated in a separate commit instead, so that it's
	easy to backport just the code change.

2017-02-02  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix dom0 autoballooning with Xen 4.8
	xen.git commit 57f8b13c changed several of the libxl memory
	get/set functions to take 64 bit parameters. The libvirt
	libxl driver still uses uint32_t variables for these various
	parameters, which is particularly problematic for the
	libxl_set_memory_target() function.

	When dom0 autoballooning is enabled, libvirt (like xl) determines
	the memory needed to start a domain and the memory available. If
	memory available is less than memory needed, dom0 is ballooned
	down by passing a negative value to libxl_set_memory_target()
	'target_memkb' parameter. Prior to xen.git commit 57f8b13c,
	'target_memkb' was an int32_t. Subtracting a larger uint32 from
	a smaller uint32 and assigning it to int32 resulted in a negative
	number. After commit 57f8b13c, the same subtraction is widened
	to a int64, resulting in a large positive number. The simple
	fix taken by this patch is to assign the difference of the
	uint32 values to a temporary int32 variable, which is then
	passed to 'target_memkb' parameter of libxl_set_memory_target().

	Note that it is undesirable to change libvirt to use 64 bit
	variables since it requires setting LIBXL_API_VERSION to 0x040800.
	Currently libvirt supports LIBXL_API_VERSION >= 0x040400,
	essentially Xen >= 4.4.

2017-02-02  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuhotplug: Don't free the monitor object as part of @vm
	The test monitor should be freed separately so we need to remove the
	pointer from the @vm object. This fixes a race condition crash in the
	test introduced in commit a245abce43.

	tests: qemuhotplug: Fix memory leaks after cpu hotplug testing patches
	testQemuHotplugCpuDataFree leaked @data always and
	testQemuHotplugCpuPrepare leaked @prefix on success

2017-02-01  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	qemu: Fix indentation in qemu_interface.h

2017-01-31  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't lose group_name
	Now that we have a function for properly assigning the blockdeviotune
	info, let's use it instead of dropping the group name on every
	assignment.  Otherwise it will not work with both --live and --config
	options.

	conf: Add virDomainDiskSetBlockIOTune
	That function sets disk->blkdeviotune sensibly.

	qemu: Fix indentation in qemu_domain.h for RNG Namespaces

2017-01-31  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: change printing format specifier for network statistics
	This is necessary to be able to get statistics for venet0 or
	"host-routed" adapter, which has -1 index and thus, its statistics
	is shown as "net.nic4294967295".

2017-01-31  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: support virDomainReset

	vz: support virDomainAbortJob

2017-01-31  Ján Tomko  <jtomko@redhat.com>

	qemu: Add enough USB hubs to accomodate all devices
	Commit 815d98a started auto-adding one hub if there are more USB devices
	than available USB ports.

	This was a strange choice, since there might be even more devices.
	Before USB address allocation was implemented in libvirt, QEMU
	automatically added a new USB hub if the old one was full.

	Adjust the logic to try adding as many hubs as will be needed
	to plug in all the specified devices.

	https://bugzilla.redhat.com/show_bug.cgi?id=1410188

2017-01-31  Ján Tomko  <jtomko@redhat.com>

	conf: move VIR_DOMAIN_USB_HUB_PORTS to the header file
	For reusing in qemu_domain_address.c.

2017-01-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add tests for SATA address allocation

2017-01-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix SATA address allocation
	As bhyve for a long time didn't have a notion of the explicit SATA
	controller and created a controller for each drive, the bhyve driver
	in libvirt acted in a similar way and didn't care about the SATA
	controllers and assigned PCI addresses to drives directly, as
	the generated command will look like this anyway:

	 2:0,ahci-hd,somedisk.img

	This no longer makes sense because:

	 1. After commit c07d1c1c4f it's not possible to assign
	    PCI addresses to disks
	 2. Bhyve now supports multiple disk drives for a controller,
	    so it's going away from 1:1 controller:disk mapping, so
	    the controller object starts to make more sense now

	So, this patch does the following:

	 - Assign PCI address to SATA controllers (previously we didn't do this)
	 - Assign disk addresses instead of PCI addresses for disks. Now, when
	   building a bhyve command, we take PCI address not from the disk
	   itself but from its controller
	 - Assign addresses at XML parsing time using the
	   assignAddressesCallback. This is done mainly for being able to
	   verify address allocation via xml2xml tests
	 - Adjust existing bhyvexml2{xml,argv} tests to chase the new
	   address allocation

	This patch is largely based on work of Fabian Freyer.

2017-01-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add virBhyveDriverCreateXMLConf
	Add virBhyveDriverCreateXMLConf, a simple wrapper around
	virDomainXMLOptionNew that makes it easier to pass bhyveConnPtr
	as a private data for parser. It will be used later for device
	address allocation at parsing time.

	Update consumers to use it instead of direct calls to
	virDomainXMLOptionNew.

	As we now have proper callbacks connected for the tests, update
	test files accordingly to include the automatically generated
	PCI root controller.

2017-01-30  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: detect 32 SATA devices per controller support
	Introduce a BHYVE_CAP_AHCI32SLOT capability that shows
	if 32 devices per SATA controller are supported, and
	a bhyveProbeCapsAHCI32Slot function that probes it.

2017-01-30  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add state group to all domain stats

	vz: add balloon group to all domain stats

	vz: add vcpu group to all domain stats

	vz: add net group to all domain stats

	vz: provide block stats for all domain stats

	vz: don't show bootorder for containers
	Because this is invalid xml for containers. This patch almost
	reverts 7eda8369, but still skips converting vz sdk bootorder
	for containers to libvirt bootorder because we use boot order
	in containers for quite different purpurse.

2017-01-30  Ján Tomko  <jtomko@redhat.com>

	qemu: assign USB addresses on redirdev hotplug too
	https://bugzilla.redhat.com/show_bug.cgi?id=1375410

2017-01-30  Daniel P. Berrange  <berrange@redhat.com>

	Add libvirt-go-xml and libvirt-console-proxy to downloads
	Add recently created modules to the download page list.

2017-01-30  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildChrChardevStr: Don't leak @charAlias
	==12618== 110 bytes in 10 blocks are definitely lost in loss record 269 of 295
	==12618==    at 0x4C2AE5F: malloc (vg_replace_malloc.c:297)
	==12618==    by 0x1CFC6DD7: vasprintf (vasprintf.c:73)
	==12618==    by 0x1912B2FC: virVasprintfInternal (virstring.c:551)
	==12618==    by 0x1912B411: virAsprintfInternal (virstring.c:572)
	==12618==    by 0x50B1FF: qemuAliasChardevFromDevAlias (qemu_alias.c:638)
	==12618==    by 0x518CCE: qemuBuildChrChardevStr (qemu_command.c:4973)
	==12618==    by 0x522DA0: qemuBuildShmemBackendChrStr (qemu_command.c:8674)
	==12618==    by 0x523209: qemuBuildShmemCommandLine (qemu_command.c:8789)
	==12618==    by 0x526135: qemuBuildCommandLine (qemu_command.c:9843)
	==12618==    by 0x48B4BA: qemuProcessCreatePretendCmd (qemu_process.c:5897)
	==12618==    by 0x4378C9: testCompareXMLToArgv (qemuxml2argvtest.c:498)
	==12618==    by 0x44D5A6: virTestRun (testutils.c:180)

2017-01-30  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable qemu driver for RHEL-7 on aarch64

2017-01-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add better message for some invalid block I/O settings
	For example when both total_bytes_sec and total_bytes_sec_max are set,
	but the former gets cleaned due to new call setting, let's say,
	read_bytes_sec, we end up with this weird message for the command:

	 $ virsh blkdeviotune fedora vda --read-bytes-sec 3000
	 error: Unable to change block I/O throttle
	 error: unsupported configuration: value 'total_bytes_sec_max' cannot be set if 'total_bytes_sec' is not set

	So let's make it more descriptive.  This is how it looks after the change:

	 $ virsh blkdeviotune fedora vda --read-bytes-sec 3000
	 error: Unable to change block I/O throttle
	 error: unsupported configuration: cannot reset 'total_bytes_sec' when 'total_bytes_sec_max' is set

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1344897

2017-01-29  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Use consistent naming for blkdeviotune options
	All options started with underscores, but we switched them to dashes
	later on, making the style consistent.  The latest addition, however,
	did not respect that, so let's change that as well.  It is tempting to
	just change the name instead of adding alias, especially since nobody
	ever used it, which we know thanks to the fact that it didn't work.

	virsh: Actually make blkdeviotune --group_name work
	Function vshCommandOptStringReq() returns -1 on error and 0 on
	success.  The code, however, used the 'group_name' variable only if it
	returned 1 (never).

	qemu: Miscellaneous Block I/O tune cleanups
	Well, just two.  One indentation and the usage of 'ret'.

2017-01-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Only set group_name when actually requested
	We were setting it based on whether it was supported and that lead to
	setting it to NULL, which our JSON code caught.  However it ended up
	producing the following results:

	 $ virsh blkdeviotune fedora vda --total-bytes-sec-max 2000
	 error: Unable to change block I/O throttle
	 error: internal error: argument key 'group' must not have null value

2017-01-27  Peter Krempa  <pkrempa@redhat.com>

	tests: storage: Fix storage xml2xml test for vstorage pool
	The input and output were the same, but the output file did not
	correspond to what libvirt would output.

2017-01-27  Peter Krempa  <pkrempa@redhat.com>

	configure: Fix copy-paste error in vstorage backend check
	The 'fs' backend m4 code was copied, but one of the condition were not
	changed which resulted into:

	configure:    Gluster: yes
	configure:        ZFS: yes
	configure: Virtuozzo storage: check

	Make the code turn on the virtuozzo driver automatically if the tools
	are found.

2017-01-27  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: vnc: preserve autoport value if no port was specified
	The issue is that if this graphics definition is provided:

	  <graphics type='vnc' port='0'/>

	it's parsed as:

	  <graphics type='vnc' autoport='no'>
	    <listen type='address'/>
	  </graphics>

	but if the resulting XML is parsed again the output is:

	  <graphics type='vnc' port='-1' autoport='yes'>
	    <listen type='address'/>
	  </graphics>

	and this should not happen.  The XML have to always remain the same
	after it was already parsed by libvirt.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1383039

2017-01-27  Pavel Hrdina  <phrdina@redhat.com>

	doc: improve VNC/SPICE password documentation
	If the passwd attribute is set to empty string it disables VNC/SPICE
	access to the guest.

2017-01-26  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: Fix manpage typo

	virsh: Modify description for LIBVIRT_DEBUG=4 in manpage
	As LIBVIRT_DEBUG=4 logs only error messages and there
	are no levels above it, adjusting the description in
	the man page accordingly.

	virnettlssessiontest.c: fix grammar

	perf: Prevent enabling of already enabled perf event
	Currently, on every --enable perf_event command,
	a new event->fd is created and counting of perf
	event counter starts from zero and previous
	event->fd is lost. This patch prevents this
	behaviour.

	docs: Reword virsh manpage for --uuid --name --details options
	This commit is similar to commit 0977ada8.The virsh manpage
	lists options --uuid and --name as mutually exclusive if
	option --details is specified when actually the option
	--details is mutually exclusive and can't go with options
	--uuid and/or --name. This patch rewords the virsh manpage
	to state the correct meaning.

2017-01-26  Olga Krishtal  <okrishtal@virtuozzo.com>

	vstorage: Fix build
	Needed storage_util.h - missed while merging '5f07c3c07' with
	commit id '479a2f16'.

2017-01-26  John Ferlan  <jferlan@redhat.com>

	storage: Fix build due to recent storage backend code movement
	Commit id '5f07c3c07' broke the freebsd build in the libvirt CI test
	environment because the UMOUNT was not defined unless WITH_STORAGE_FS
	is defined.

	So remove the virStorageBackendUmountLocal from storage_util.c,h and
	restore the code back in the storage_backend_fs.c and _vstorage.c
	modules.

2017-01-26  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: vstorage pool documentation and simple test

2017-01-26  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: Introduce Virtuozzo vstorage pool and volume APIs
	Added create/define/etc pool operations for vstorage backend.

	Used the common/local pool API's from storage_util for operations
	that are not specific to vstorage. In particular Refresh and Delete
	Pool operations as well as all the Volume operations.

2017-01-26  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: Introduce Virtuozzo vstorage backend
	Added general definitions for vstorage pool backend including
	the build options to add --with-storage-vstorage checking.
	In order to use vstorage as a backend for a storage pool
	vstorage tools (vstorage and vstorage-mount) need to be installed.

2017-01-26  John Ferlan  <jferlan@redhat.com>

	storage: Create common file/dir volume backend helpers
	Move all the volume functions to storage_util to create local/common helpers
	using the same naming syntax as the existing upload, download, and wipe
	virStorageBackend*Local API's.

	In the process of doing so, found more API's that can now become local
	to storage_util. In order to distinguish between local/external - I
	changed the names of the now local only ones from "virStorageBackend..."
	to just "storageBackend..."

2017-01-26  John Ferlan  <jferlan@redhat.com>

	storage: Create common file/dir pool backend helpers
	Move some pool functions to storage_util to create local/common helpers
	using the same naming syntax as the existing upload, download, and wipe
	virStorageBackend*Local API's.

	In the process of doing so, found a few API's that can now become local
	to storage_util. In order to distinguish between local/external - I
	changed the names of the now local only ones from "virStorageBackend..."
	to just "storageBackend..."

2017-01-26  John Ferlan  <jferlan@redhat.com>

	storage: Move the virStorageBackendFileSystem{Start|Stop} API's
	Just moving code around with minor adjustment to have the Stop
	code combine with the Unmount code since all the Stop code did
	was call the Unmount code.

2017-01-26  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement mtu on interface
	Not only we should set the MTU on the host end of the device but
	also let qemu know what MTU did we set.

	domain_conf: Introduce <mtu/> to <interface/>
	So far we allow to set MTU for libvirt networks. However, not all
	domain interfaces have to be plugged into a libvirt network and
	even if they are, they might want to have a different MTU (e.g.
	for testing purposes).

2017-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virDomainNetDefParseXML: s/ret/rv/
	We use @ret to hold the actual return value of the function we
	are currently in. To hold a return value of a function called we
	use different variables: @rv, @rc, etc. Honour this naming
	scheme in virDomainNetDefParseXML too.

	formatnetwork.html.in: Fix #elementsNICS anchor

2017-01-25  Chen Hanxiao  <chenhanxiao@gmail.com>

	THREADS.txt: fix typos
	s/wakup/wakeup

2017-01-25  Jim Fehlig  <jfehlig@suse.com>

	tests: add xlconfig tests for <timer> configurations

	xenconfig: add support for more timers
	Currently xenconfig only supports the hpet timer for HVM domains.
	Include support for tsc timer for both PV and HVM domains.

	libxl: support emulate mode of tsc timer
	While at it, use members of libxl_tsc_mode enum instead of literal
	int values.

2017-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix timer configuration
	The current logic around configuring timers in libxl based on
	virDomainDef object is a bit brain dead. Unsupported timers are
	silently ignored and tsc is only recognized if it is the first
	timer specified.

	Change the logic to reject unsupported timers and honor the tsc
	timer regardless of its order when multiple timers are specified.

2017-01-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	configure: fix indentation in TLS priority result

2017-01-23  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	util: Forbid resetting non-endpoint devices
	It is destructive to attempt reset on a pci- or cardbus-bridge, the
	host can crash.  The bridges won't contain any guest data and neither
	they can be passed through using vfio/stub.  So, no point in allowing a
	reset on them.

	util: Forbid assigning a pci-bridge to a guest
	Non-endpoint devices like pci-bridges cannot be assigned to guests.
	Prevent such attempts.

2017-01-21  John Ferlan  <jferlan@redhat.com>

	util: Fix typo in previous commit
	Should be Unlock not Lock... Bad fingers.

2017-01-21  Wang King  <king.wang@huawei.com>

	util: unlock closeCallbacks if get callbacks for connect fail
	Avoid return with the closeCallbacks locked when get callbacks list for connect fail.

2017-01-21  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_domain: add timestamp in tainting of guests log
	We lacked of timestamp in tainting of guests log,
	which bring troubles for finding guest issues:
	such as whether a guest powerdown caused by qemu-monitor-command
	or others issues inside guests.
	If we had timestamp in tainting of guests log,
	it would be helpful when checking guest's /var/log/messages.

2017-01-20  Michal Privoznik  <mprivozn@redhat.com>

	virDomainHostdevSubsysSCSIVHostDefParseXML: Don't leak @protocol
	==24748== 12 bytes in 2 blocks are definitely lost in loss record 25 of 84
	==24748==    at 0x4C2BF80: malloc (vg_replace_malloc.c:296)
	==24748==    by 0x1A1E1E78: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
	==24748==    by 0x18D0495F: virXMLPropString (virxml.c:506)
	==24748==    by 0x18D1FB3E: virDomainHostdevSubsysSCSIVHostDefParseXML (domain_conf.c:6280)
	==24748==    by 0x18D20350: virDomainHostdevDefParseXMLSubsys (domain_conf.c:6450)
	==24748==    by 0x18D34E7D: virDomainHostdevDefParseXML (domain_conf.c:13218)
	==24748==    by 0x18D42598: virDomainDefParseXML (domain_conf.c:17745)
	==24748==    by 0x18D440A9: virDomainDefParseNode (domain_conf.c:18236)
	==24748==    by 0x18D43EFA: virDomainDefParse (domain_conf.c:18180)
	==24748==    by 0x18D43FA0: virDomainDefParseFile (domain_conf.c:18206)
	==24748==    by 0x44EDA1: testCompareDomXML2XMLFiles (testutils.c:1140)
	==24748==    by 0x4365F8: testXML2XMLActive (qemuxml2xmltest.c:59)

2017-01-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Reset hostModelInfo in virQEMUCapsReset

2017-01-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: set default vhost-user ifname
	Based on work of Mehdi Abaakouk <sileht@sileht.net>.

	When parsing vhost-user interface XML and no ifname is found we
	can try to fill it in in post parse callback. The way this works
	is we try to make up interface name from given socket path and
	then ask openvswitch whether it knows the interface.

2017-01-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Properly emit "DEVICE_DELETED" event when unplugging memory
	The event needs to be emitted after the last monitor call, so that it's
	not possible to find the device in the XML accidentally while the vm
	object is unlocked.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1414393

2017-01-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix interface type handling for argv2xml
	When generating a domain XML from native command (i.e. via
	the connectDomainXMLFromNative call), we should use
	interface type 'bridge' rather than 'ethernet' because we only
	support bridges at this point.

	As we don't have bridge name explicitly specified on the command line,
	just use 'virbr0' as a default.

2017-01-19  Andrea Bolognani  <abologna@redhat.com>

	nss: Remove RES_USE_INET6 usage
	The recent deprecation in glibc (commit b76e065991ec) means the
	module will fail to build entirely:

	  nss/libvirt_nss.c: In function '_nss_libvirt_gethostbyname_r':
	  nss/libvirt_nss.c:363:13: error: RES_USE_INET6 is deprecated [-Werror]
	     int af = ((_res.options & RES_USE_INET6) ? AF_INET6 : AF_INET);
	             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	This resolver option was removed shortly after being introduced,
	and application using it are already broken anyway.

2017-01-19  Daniel P. Berrange  <berrange@redhat.com>

	storage: avoid use of undefined GLUSTER_CLI variable
	Previous commit tried to change configure logic such that the
	GLUSTER_CLI parameter would always be set:

	  commit 9e97c8c0f0f3921d06bac2b92cd094a41373f748
	  Author: Peter Krempa <pkrempa@redhat.com>
	  Date:   Mon Jan 9 15:56:12 2017 +0100

	    storage: gluster: Remove build-time dependency on the 'gluster' cli tool

	This missed the fact that the AC_PATH_PROG call was itself inside an 'if'
	conditional that would not be called in with_storage_gluster was false. As
	a result, GLUSTER_CLI was still conditionally defined.

	Just kill the GLUSTER_CLI parameter and AC_PATH_PROG call entirely and pass a
	bare "gluster" string to virFindFileInPath instead.

2017-01-19  Daniel P. Berrange  <berrange@redhat.com>

	qemu: catch failure of drive_add
	Previously when QEMU failed "drive_add" due to an error opening
	a file it would report

	  "could not open disk image"

	These days though, QEMU reports

	  "Could not open '/tmp/virtd-test_e3hnhh5/disk1.qcow2': Permission denied"

	which we were not detecting as an error condition.

2017-01-19  Peter Krempa  <pkrempa@redhat.com>

	storage: sheepdog: Split out functions required for tests
	Separate the headers so that functions only required for testing of the
	sheepdog backend are separated into their own file.

	storage: scsi: Remove private constants from header
	They are used only in the SCSI backend driver so there's no need to
	pollute the headers.

	storage: scsi: Fix build if SCSI backend is disabled but iSCSI is enabled
	The iSCSI backend driver was using stuff from the SCSI driver without
	making sure that it's compiled in. Move the common code into the
	storage_util.c since it does not contain any specific code.

	storage: fs: Compile file backends even if filesystem support is disabled
	The file backend code was mistakenly put into #if WITH_STORAGE_FS. This
	is not necessary since all the backends just access files on disk, and
	thus the code for WITH_STORAGE_DIR is sufficient to compile everything.

	storage: Split utility functions from storage_backend.(ch)
	The file became a garbage dump for all kinds of utility functions over
	time. Move them to a separate file so that the files can become a clean
	interface for the storage backends.

	storage: Remove common code from specific driver backend
	The storage driver helper functions that deal with parted were put into
	the disk backend code but are used commonly across.

2017-01-18  Jim Fehlig  <jfehlig@suse.com>

	tests: fix compilation of shunloadtest
	While local builds succeed fine, a build worker building in a
	chroot environment is encountering the following error with
	libvirt 3.0.0 release candidates

	[  162s] shunloadtest.o: In function `main':
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:110: undefined reference to `dlopen'
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:114: undefined reference to `dlsym'
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:133: undefined reference to `dlclose'
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:111: undefined reference to `dlerror'
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:115: undefined reference to `dlerror'
	[  162s] /home/abuild/rpmbuild/BUILD/libvirt-3.0.0/tests/shunloadtest.c:116: undefined reference to `dlclose'

	Fix by appending DLOPEN_LIBS to shunloadtest_LDADD.

2017-01-18  John Ferlan  <jferlan@redhat.com>

	docs: Add news.xml entry for pool --uuid and --name adjustments

2017-01-18  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh: pool-list: allow both --uuid and --name in one cmd
	This patch will allow --uuid and --name in one cmd.
	The pool's UUID and name will be printed side by side.

	virsh: pool-list: introduce --name for printing pool's name only
	This patch will introduce option --name.
	If specified, only name of pools will be printed out.

	virsh: pool-list: introduce --uuid for printing pool's UUID only
	This patch will introduce option --uuid.
	If specified, only UUID of pools will be printed out.

2017-01-18  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	nodedev: Fabric name must not be required for fc_host capability
	fabric_name is one of many fc_host attributes in Linux that is optional
	and left to the low-level driver to decide if it is implemented.
	The zfcp device driver does not provide a fabric name for an fcp host.

	This patch removes the requirement for a fabric name by making it optional.

2017-01-18  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	util: add file exists check in virReadFCHost
	File open errors are prevented by a file exists check before
	virFileReadAll is called since all callers of the virReadFCHost
	method handle errors themselves based on the NULL return anyway.
	Also included is a minor spelling correction in a comment.

2017-01-18  John Ferlan  <jferlan@redhat.com>

	disk: Fixup error handling path for devmapper when part_separator='yes'
	https://bugzilla.redhat.com/show_bug.cgi?id=1346566

	If libvirt_parthelper is erroneously told to append the partition
	separator 'p' onto the generated output for a disk pool using device
	mapper that has 'user_friendly_names' set to true, then the error
	recovery path will fail to find volume resulting in the pool being
	in an unusable state.

	So, augment the documentation to provide the better hint that the
	part_separator='yes' should be set when user_friendly_names are not
	being used. Additionally, once we're in the error path where the
	returned name doesn't match the expected partition name try to see
	if the reason is because the 'p' was erroneosly added. If so alter
	the about to be removed vol->target.path so that the DiskDeleteVol
	code can find the partition that was created and remove it.

2017-01-18  John Ferlan  <jferlan@redhat.com>

	storage: Allow probe of volume capacity for BLOCK type
	If the voldef type is VIR_STORAGE_VOL_BLOCK, then as long as the
	format is known, let's allow the probe to happen - gets a truer value
	and the same probe/update would be allowed for the same volume defined
	in a domain.

2017-01-18  John Ferlan  <jferlan@redhat.com>

	storage: Fix virStorageBackendUpdateVolTargetInfo type check
	For volume processing in virStorageBackendUpdateVolTargetInfo to get
	the capacity commit id 'a760ba3a7' added the ability to probe a volume
	that didn't list a target format. Unfortunately, the code used the
	virStorageSource  (e.g. target->type - virStorageType) rather than
	virStorageVolDef (e.g. vol->type - virStorageVolType) in order to
	make the comparison. As it turns out target->type for a volume is
	not filled in at all for a voldef as the code relies on vol->type.
	Ironically the result is that only VIR_STORAGE_VOL_BLOCK's would get
	their capacity updated.

	This patch will adjust the code to check the "vol->type" field instead
	as an argument. This way for a voldef, the correct comparison is made.

	Additionally for a backingStore, the 'type' field is never filled in;
	however, since we know that the provided path is a location at which
	the backing store can be accessed on the local filesystem thus just
	pass VIR_STORAGE_VOL_FILE in order to satisfy the adjusted voltype
	check. Whether it's a FILE or a BLOCK only matters if we're trying to
	get more data based on the target->format.

2017-01-18  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump to 3.1.0

	tests: Distribute qemuhotplugtestcpus
	Starting from a245abce436f4f333 another set of tests for
	qemuhotplugtest has been introduced. This time for vcpu hotplug.
	However, the test data (which live in qemuhotplugtestcpus dir)
	are not being distributed properly.

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	spec: Depend on the gluster command line tool
	The gluster command line tool that is used to lookup storage pool
	sources moved from the gluster-client package to gluster-cli.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349441

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Remove build-time dependency on the 'gluster' cli tool
	The tool is used for pool discovery. Since we call an external binary we
	don't really need to compile out the code that uses it. We can check
	whether it exists at runtime.

	storage: gluster: Report error if no volumes were found in pool lookup
	Similarly to the 'netfs' pool, return an error if the host does not have
	any volumes.

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix error reporting when looking up storage pool sources
	In commit 4090e15399 we went back from reporting no errors if no storage
	pools were found on a given host to reporting a bad error. And only in
	cases when gluster was not installed.

	Report a less bad error in case there are no volumes. Also report the
	error when gluster is installed but no volumes were found, since
	virStorageBackendFindGlusterPoolSources would return success in that
	case.

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	tests: hotplug: Test CPU hotplug with ppc64 data
	Add a positive test and few negative tests.

	tests: hotplug: Add test data for legacy cpu hotplug
	Test that the old approach generates correct commands.

	tests: hotplug: Add test infrastructure for testing qemu CPU hotplug code
	The cpu hotplug operation is rather complex so the testing code needs to
	provide quite lot of data and monitor conversations to successfully test
	it. The code mainly tests the selection of cpus according to the target
	count request.

	tests: qemu: Add helper to load full monitor conversation from file
	Similar to the existing qemuMonitorTestNewFromFile the *Full version
	will allow to check both commands and supply responses for a better
	monitor testing.

	tests: qemu: monitor: Add helpers to test full command syntax
	Add test monitor infrastructure that will test the commands verbatim
	rather than trying to do any smart handling.

	tests: qemumonitor: Propagate better error messages

	qemu: Move cpu hotplug code into qemu_hotplug.c
	Move all the worker code into the appropriate file. This will also allow
	testing of cpu hotplug.

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Prepare for reuse of qemuDomainSetVcpusLive
	Extract the call to qemuDomainSelectHotplugVcpuEntities outside of
	qemuDomainSetVcpusLive and decide whether to hotplug or unplug the
	entities specified by the cpumap using a boolean flag.

	This will allow to use qemuDomainSetVcpusLive in cases where we prepare
	the list of vcpus to enable or disable by other means.

2017-01-18  Peter Krempa  <pkrempa@redhat.com>

	tests: qemu: Document qemuMonitorTestNewFromFile

	util: json: Add helper to reformat JSON strings
	For use in test cases it will be helpful to allow reformatting JSON
	strings. Add a wrapper on top of the parser and formatter to achieve
	this.

	qemu: monitor: More strict checking of 'query-cpus' if hotplug is supported
	In cases where CPU hotplug is supported by qemu force the monitor to
	reject invalid or broken responses to 'query-cpus'. It's expected that
	the command returns usable data in such case.

2017-01-18  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	news: Fix xml dump of autogenerated websocket

2017-01-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-3.0.0

2017-01-17  Jim Fehlig  <jfehlig@suse.com>

	tests: fix QED disk test in xlconfigtest
	When LIBXL_HAVE_QED is defined, xlconfigtest fails

	 9) Xen XL-2-XML Format disk-qed  ... command line: config parsing error
	 in disk specification: no vdev specified in
	 `target=/var/lib/libvirt/images/XenGuest2,format=qed,backendtype=qdisk,vdev=hda,access=rw'
	FAILED

	As per the xl-disk-configuration(5) man page, target= must come
	last in the disk specification when specified by name:

	When this parameter is specified by name, ie with the target=
	syntax in the configuration file, it consumes the whole rest of the
	DISKSPEC including trailing whitespaces.  Therefore in that case
	it must come last.

	Change tests/xlconfigdata/test-disk-qed.cfg to adhere to this
	restriction.

2017-01-17  Erik Skultety  <eskultet@redhat.com>

	security: SELinux: fix the transaction model's list append
	The problem is in the way how the list item is created prior to
	appending it to the transaction list - the @path argument is just a
	shallow copy instead of deep copy of the hostdev device's path.
	Unfortunately, the hostdev devices from which the @path is extracted, in
	order to add them into the transaction list, are only temporary and
	freed before the buildup of the qemu namespace, thus making the @path
	attribute in the transaction list NULL, causing 'permission denied' or
	'double free' or 'unknown cause' errors.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1413773

2017-01-17  Erik Skultety  <eskultet@redhat.com>

	security: DAC: fix the transaction model's list append
	The problem is in the way how the list item is created prior to
	appending it to the transaction list - the @path attribute is just a
	shallow copy instead of deep copy of the hostdev device's path.
	Unfortunately, the hostdev devices from which the @path is extracted, in
	order to add them into the transaction list, are only temporary and
	freed before the buildup of the qemu namespace, thus making the @path
	attribute in the transaction list NULL, causing 'permission denied' or
	'double free' or 'unknown cause' errors.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1413773

2017-01-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't leak hostCPUModelInfo in virQEMUCaps

2017-01-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Actually unshare() iff running as root
	https://bugzilla.redhat.com/show_bug.cgi?id=1413922

	While all the code that deals with qemu namespaces correctly
	detects whether we are running as root (and turn into NO-OP for
	qemu:///session) the actual unshare() call is not guarded with
	such check. Therefore any attempt to start a domain under
	qemu:///session shall fail as unshare() is reserved for root.

	The fix consists of moving unshare() call (for which we have a
	wrapper called virProcessSetupPrivateMountNS) into
	qemuDomainBuildNamespace() where the proper check is performed.

	Tested-by: Richard W.M. Jones <rjones@redhat.com>

2017-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Revert "perf: Add cache_l1d perf event support"
	This reverts commit ae16c95f1bb5591c27676c5de8d383e5612c3568.

	news: document events changes and lxc fix

2017-01-16  Jiri Denemark  <jdenemar@redhat.com>

	news: Add support for guest CPU configuration on s390

2017-01-14  John Ferlan  <jferlan@redhat.com>

	storage: Alter error message in probe/empty checks
	For case VIR_STORAGE_BLKID_PROBE_DIFFERENT, clean up the message to
	avoid using the virsh like --overwrite syntax. Additionally provide
	a different error message when not writing the label to avoid confusion.

	storage: Clean up return value checking
	Rather than special casing the VIR_STORAGE_BLKID_PROBE_UNKNOWN after
	calling virStorageBackendBLKIDFindPart, just allow the switch statement
	handle setting ret = -2.

	storage: Alter logic when both BLKID and PARTED unavailable
	If neither BLKID or PARTED is available and we're not writing, then
	just return 0 which allows the underlying storage pool to generate
	a failure. If both are unavailable and we're writing, then generate
	a more generic error message.

2017-01-13  Laine Stump  <laine@laine.org>

	docs: add entry for aggregation of pcie-root-ports to news.xml

2017-01-13  Collin L. Walling  <walling@linux.vnet.ibm.com>

	qemu-capabilities: Fix query-cpu-model-expansion on s390 with older kernel
	When running on s390 with a kernel that does not support cpu model checking and
	with a Qemu new enough to support query-cpu-model-expansion, the gathering of qemu
	capabilities will fail. Qemu responds to the query-cpu-model-expansion qmp
	command with an error because the needed kernel ioct does not exist. When this
	happens a guest cannot even be defined due to missing qemu capabilities data.

	This patch fixes the problem by silently ignoring generic errors stemming from
	calls to query-cpu-model-expansion.

	Reported-by: Farhan Ali <alifm@linux.vnet.ibm.com>

2017-01-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Copy SELinux labels for namespace too
	When creating new /dev/* for qemu, we do chown() and copy ACLs to
	create the exact copy from the original /dev. I though that
	copying SELinux labels is not necessary as SELinux will chose the
	sane defaults. Surprisingly, it does not leaving namespace with
	the following labels:

	crw-rw-rw-. root root system_u:object_r:tmpfs_t:s0     random
	crw-------. root root system_u:object_r:tmpfs_t:s0     rtc0
	drwxrwxrwt. root root system_u:object_r:tmpfs_t:s0     shm
	crw-rw-rw-. root root system_u:object_r:tmpfs_t:s0     urandom

	As a result, domain is unable to start:

	error: internal error: process exited while connecting to monitor: Error in GnuTLS initialization: Failed to acquire random data.
	qemu-kvm: cannot initialize crypto: Unable to initialize GNUTLS library: Failed to acquire random data.

	The solution is to copy the SELinux labels as well.

	Reported-by: Andrea Bolognani <abologna@redhat.com>

2017-01-13  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix libvirt_guest nss module name
	In the documentation we are mixing libvirt-guest and
	libvirt_guest module name. The correct name is the latter.

2017-01-13  Peter Krempa  <pkrempa@redhat.com>

	Revert "storage: Validate the device formats at logical startup"
	The check is pointless since LVM is capable to detect it's own members
	and the check is flawed as it would fail if neither libblkid nor parted
	is installed.

	We don't really need to babysit LVM in this way.

	This reverts commit cb38b6cbc7e35e7ee92a7f54828f21261227d17a.

2017-01-13  Peter Krempa  <pkrempa@redhat.com>

	Revert "storage: For FS pool check for properly formatted target volume"
	The check does not work properly (crashes) with netfs filesystems and
	also checking that a device is not empty when attempting to mount a
	filesystem is not very usefull since the mount will fail anyways.

	As the code would improve only a very minor corner case I don't really
	see a reason to have this code at all.

	This code would also fail if libvirt is compiled without support for
	blkid and without parted.

	This reverts commit a11fd69735e6951cda9bf256d8e423696a441aa4.

2017-01-13  Jim Fehlig  <jfehlig@suse.com>

	libxl: always enable pae for x86_64 HVM
	For HVM domains, pae is only set in libxl_domain_build_info when
	explicitly specified in the hypervisor <features> config. This is
	fine for i686 machines, but is incorrect behavior for x86_64 machines
	where pae must always be enabled. See the following discussion for
	additional details

	https://www.redhat.com/archives/libvir-list/2017-January/msg00254.html

2017-01-12  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document <sndbuf/>
	This element has been introduced in fe053dbea7, but isn't
	documented yet. After exactly 6 years I guess we can finally
	document it.

2017-01-12  Joao Martins  <joao.m.martins@oracle.com>

	news: document libxl HVM network attach fix

2017-01-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore non-boolean CPU model properties
	The query-cpu-model-expansion is currently implemented for s390(x) only
	and all CPU properties it returns are booleans. However, x86
	implementation will report more types of properties. Without making the
	code more tolerant older libvirt would fail to probe newer QEMU
	versions.

	qemu: Don't check CPU model property key
	The qemuMonitorJSONParseCPUModelProperty function is a callback for
	virJSONValueObjectForeachKeyValue and is called for each key/value pair,
	thus it doesn't really make sense to check whether key is NULL.

2017-01-12  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	news: document drive addresses fix

2017-01-12  Michal Privoznik  <mprivozn@redhat.com>

	news: Reflect hugepages patch
	In f55afd8 I've made libvirt to construct hugepage path on
	per-domain basis. However, this change was not reflected in
	the NEWS file.

2017-01-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDevice: Canonicalize paths
	So far the decision whether /dev/* entry is created in the qemu
	namespace is really simple: does the path starts with "/dev/"?
	This can be easily fooled by providing path like the following
	(for any considered device like disk, rng, chardev, ..):

	  /dev/../var/lib/libvirt/images/disk.qcow2

	Therefore, before making the decision the path should be
	canonicalized.

2017-01-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Use namespaces iff available on the host kernel
	So far the namespaces were turned on by default unconditionally.
	For all non-Linux platforms we provided stub functions that just
	ignored whatever namespaces setting there was in qemu.conf and
	returned 0 to indicate success. Moreover, we didn't really check
	if namespaces are available on the host kernel.

	This is suboptimal as we might have ignored user setting.

2017-01-11  Michal Privoznik  <mprivozn@redhat.com>

	util: Introduce virFileMoveMount
	This is a simple wrapper over mount(). However, not every system
	out there is capable of moving a mount point. Therefore, instead
	of having to deal with this fact in all the places of our code we
	can have a simple wrapper and deal with this fact at just one
	place.

	lxc_container: Drop userns_supported
	This is unnecessary wrapper around virProcessNamespaceAvailable().

2017-01-11  Michal Privoznik  <mprivozn@redhat.com>

	lxc: Move lxcContainerAvailable to virprocess
	Other drivers (like qemu) would like to know if the namespaces
	are available therefore it makes sense to move this function to
	a shared module.

	At the same time, this function had some default namespaces that
	are checked with every call. It is not necessary - let callers
	pass just those namespaces they are interested in.

	With the move the function is renamed to
	virProcessNamespaceAvailable.

2017-01-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSetupAllInputs: Update debug message
	Due to a copy-paste error, the debug message reads:

	  Setting up disks

	It should have been:

	  Setting up inputs.

2017-01-11  John Ferlan  <jferlan@redhat.com>

	docs: Add logical storage pool overwrite change description to news.xml
	Add "New Features" entry to describe the overwrite flag for logical backend.

	docs: Add file system pool overwrite change description to news.xml
	Add bug fixes description of overwrite changes for a file system storage pool

	docs: Add NPIV/vHBA change description to news.xml
	Add "Improvements" for commit id 'bb74a7ffe' and '78be2e8b7' which add
	support for using the parent wwnn/wwpn or fabric_name rather than just
	using the parent by scsi_hostX name.

	docs: Document the new vHBA/NPIV params for storage
	Commit id 'bb74a7ffe' forgot to adjust the storage docs to describe the
	new fields.

2017-01-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: fix usb inputs loop error
	List indexes where mixed up in the code looping over the USB
	input devices.

2017-01-11  Pino Toscano  <ptoscano@redhat.com>

	remote: do not check for an existing config dir
	When composing the path to the default known_hosts file (for the libssh
	and libssh2 drivers), do not check whether the configuration directory
	(determined by virGetUserConfigDirectory()) exists: both the drivers can
	handle non-existing files, and are able to create them (and their
	directories) in that case.

	This adds a small behaviour change: before, the key for an unknown host,
	and manually accepted, was saved only if the configuration directory
	existed -- a bit incoherent behaviour though.

2017-01-11  Pino Toscano  <ptoscano@redhat.com>

	remote: fix logic for known_hosts and keyfile checks
	If any of them is specified for the libssh and libssh2 drivers, there is
	no need to depend on checks based on other paths: in particular, a
	specified path for known_hosts was ignored if the local config directory
	could not be determined, and the path for keyfile was ignored if the
	home could not be determined.

	Instead, lazily determine and use these two paths only in case they are
	needed.

2017-01-11  Pino Toscano  <ptoscano@redhat.com>

	rpc: libssh: allow a NULL known_hosts file
	Make sure that virNetLibsshSessionSetHostKeyVerification accepts a NULL
	value for the path to the known_hosts file:
	- call ssh_options_set(SSH_OPTIONS_KNOWNHOSTS) anyway, using /dev/null,
	  otherwise libssh will use its default path
	- do not call ssh_write_knownhost when no known hosts file was set

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1406457

2017-01-11  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Add trailing periods to all sentences
	Suggested-by: John Ferlan <jferlan@redhat.com>

2017-01-11  Laine Stump  <laine@laine.org>

	conf: eliminate virDomainPCIAddressReleaseSlot() in favor of ...Addr()
	Surprisingly there was a virDomainPCIAddressReleaseAddr() function
	already, but it was completely unused. Since we don't reserve entire
	slots at once any more, there is no need to release entire slots
	either, so we just replace the single call to
	virDomainPCIAddressReleaseSlot() with a call to
	virDomainPCIAddressReleaseAddr() and remove the now unused function.

	The keen observer may be concerned that ...Addr() doesn't call
	virDomainPCIAddressValidate(), as ...Slot() did. But really the
	validation was pointless anyway - if the device hadn't been suitable
	to be connected at that address, it would have failed validation
	before every being reserved in the first place, so by definition it
	will pass validation when it is being unplugged. (And anyway, even if
	something "bad" happened and we managed to have a device incorrectly
	at the given address, we would still want to be able to free it up for
	use by a device that *did* validate properly).

2017-01-11  Laine Stump  <laine@laine.org>

	qemu: rename qemuDomainPCIAddressReserveNextSlot() to ...Addr()
	This function doesn't actually reserve an entire slot any more, it
	reserves a single PCI address, so this name is more appropriate.

	qemu: remove qemuDomainPCIAddressReserveNextAddr()
	This function is only called in two places, and the function itself is
	just adding a single argument and calling
	virDomainPCIAddressReserveNextAddr(), so we can remove it and instead
	call virDomainPCIAddressReserveNextAddr() directly. (The main
	motivation for doing this is to free up the name so that
	qemuDomainPCIAddressReserveNextSlot() can be renamed in the next
	patch, as its current name is now inaccurate and misleading).

	conf: rename virDomainPCIAddressReserveSlot() to ...Addr()
	This function doesn't actually reserve an entire slot any more, it
	reserves a single PCI address, so this name is more appropriate.

	conf: rename virDomainPCIAddressReserveAddr() to ...Internal()
	This is in preparation for renaming virDomainPCIAddressReserveSlot()
	to virDomainPCIAddressReserveAddr(), which is a better description of
	what it does.

	conf: make virDomainPCIAddressReserveAddr() a static function
	It is now only used in domain_addr.c.

	qemu: replace virDomainPCIAddressReserveAddr with virDomainPCIAddressReserveSlot
	All occurences of the former use fromConfig=true, and that's exactly
	how virDomainPCIAddressReserveSlot() calls
	virDomainPCIaddressReserveAddr(), so just use *Slot() so that *Addr()
	can be made static to conf/domain_addr.c (both functions will be
	renamed in upcoming patches).

	conf: eliminate virDomainPCIAddressReserveNextSlot()
	Since we don't actually reserve an entire slot at a time anymore, the
	name of this function is just confusing, and it's almost identical in
	operation to virDomainPCIAddressReserveNextAddr() anyway, so remove
	the *Slot() function and replace calls to it with calls to *Addr(...,
	-1).

	conf: rename virDomainPCIAddressGetNextSlot() to ...GetNextAddr()
	With the advent of VIR_PCI_CONNECT_AGGREGATE_SLOT, the new name is
	more appropriate, since the address returned may be another address
	on the same slot as last time, not necessarily a new slot.

	conf: fix fromConfig argument to virDomainPCIAddressValidate()
	fromConfig should be true if the caller wants
	virDomainPCIAddressValidate() to loosen restrictions on its
	interpretation of the pciConnectFlags. In particular, either
	PCI_DEVICE or PCIE_DEVICE will be counted as equivalent to both, and
	HOTPLUG will be ignored. In a few cases where libvirt was manually
	overriding automatic address assignment, it was setting fromConfig to
	false when validating the hardcoded manual override. This patch
	changes those to fromConfig=true as a preemptive strike against any
	future bugs that might otherwise surface.

2017-01-11  Laine Stump  <laine@laine.org>

	conf: fix fromConfig argument to virDomainPCIAddressReserveAddr()
	Although setting virDomainPCIAddressReserveAddr()'s fromConfig=true is
	correct when a PCI addres is coming from a domain's config, the *true*
	purpose of the fromConfig argument is to lower restrictions on what
	kind of device can plug into what kind of controller - if fromConfig
	is true, then a PCIE_DEVICE can plug into a slot that is marked as
	only compatible with PCI_DEVICE (and vice versa), and the HOTPLUG flag
	is ignored.

	For a long time there have been several calls to
	virDomainPCIAddressReserveAddr() that have fromConfig incorrectly set
	to false - it's correct that the addresses aren't coming from user
	config, but they are coming from hardcoded exceptions in libvirt that
	should, if anything, pay *even less* attention to following the
	pciConnectFlags (under the assumption that the libvirt programmer knew
	what they were doing).

	See commit b87703cf7 for an example of an actual bug caused by the
	incorrect setting of the "fromConfig" argument to
	virDomainPCIAddressReserveAddr(). Although they haven't resulted in
	any reported bugs, this patch corrects all the other incorrect
	settings of fromConfig in calls to virDomainPCIAddressReserveAddr().

2017-01-11  Laine Stump  <laine@laine.org>

	conf: aggregate multiple pcie-root-ports onto a single slot
	Set the VIR_PCI_CONNECT_AGGREGATE_SLOT flag for pcie-root-ports so
	that they will be assigned to all the functions on a slot.

	Some qemu test case outputs had to be adjusted due to the
	pcie-root-ports now being put on multiple functions.

2017-01-11  Laine Stump  <laine@laine.org>

	conf: aggregate multiple devices on a slot when assigning PCI addresses
	If a PCI device has VIR_PCI_CONNECT_AGGREGATE_SLOT set in its
	pciConnectFlags, then during address assignment we allow multiple
	instances of this type of device to be auto-assigned to multiple
	functions on the same device. A slot is used for aggregating multiple
	devices only if the first device assigned to that slot had
	VIR_PCI_CONNECT_AGGREGATE_SLOT set. but any device types that have
	AGGREGATE_SLOT set might be mix/matched on the same slot.

	(NB: libvirt should never set the AGGREGATE_SLOT flag for a device
	type that might need to be hotplugged. Currently it is only planned
	for pcie-root-port and possibly other PCI controller types, and none
	of those are hotpluggable anyway)

	There aren't yet any devices that use this flag. That will be in a
	later patch.

2017-01-11  Laine Stump  <laine@laine.org>

	qemu: use virDomainPCIAddressSetAllMulti() to set multi when needed
	If there are multiple devices assigned to the different functions of a
	single PCI slot, they will not work properly if the device at function
	0 doesn't have its "multi" attribute turned on, so it makes sense for
	libvirt to turn it on during PCI address assignment. Setting multi
	then assures that the new setting is stored in the config (so it will
	be used next time the domain is started), preventing any potential
	problems in the case that a future change in the configuration
	eliminates the devices on all non-0 functions (multi will still be set
	for function 0 even though it is the only function in use on the slot,
	which has no useful purpose, but also doesn't cause any problems).

	(NB: If we were to instead just decide on the setting for
	multifunction at runtime, a later removal of the non-0 functions of a
	slot would result in a silent change in the guest ABI for the
	remaining device on function 0 (although it may seem like an
	inconsequential guest ABI change, it *is* a guest ABI change to turn
	off the multi bit).)

2017-01-11  Laine Stump  <laine@laine.org>

	conf: new function virDomainPCIAddressSetAllMulti()
	This utility function iterates through all devices looking for any
	with a PCI address that has function != 0 (which implies that multiple
	functions are in use on that slot), then uses an inner iterator to
	find the device that's on function 0 of that same slot and sets the
	"multi" in its virDomainDeviceInfo (as long as it hasn't already been
	set explicitly by someone who presumably has better information than
	we do).

	It isn't yet called from anywhere, so will have no functional effect.

2017-01-11  Laine Stump  <laine@laine.org>

	conf: start search for next unused PCI address at same slot as previous find
	There is a very slight time advantage to beginning the search for the
	next unused PCI address at the slot *after* the previous find (which
	is now used), but if we do that, we will miss allocating the other
	functions of the same slot (when we implement a
	VIR_PCI_CONNECT_AGGREGATE_SLOT flag to support that).

	conf: eliminate repetitive code in virDomainPCIAddressGetNextSlot()
	virDomainPCIAddressGetNextSlot() starts searching from the last
	allocated address and goes to the end of all the buses, then goes back
	to the first bus and searches from there up to the starting point (in
	case any address has been freed since the last time an address was
	allocated. The loops for these two are almost, but not exactly, the
	same, so they have remained as separate loops with the same code
	inside the loop. To lessen maintenance headaches, the identical code
	has been moved out into the function
	virDomainPCIAddressFindUnusedFunctionOnBus(), which is called in place
	of the loop contents.

2017-01-11  Laine Stump  <laine@laine.org>

	conf: eliminate concept of "reserveEntireSlot"
	setting reserveEntireSlot really accomplishes nothing - instead of
	going to the trouble of computing the value for reserveEntireSlot and
	then possibly setting *all* functions of the slot as in-use, we can
	just set the in-use bit only for the specific function being used by a
	device.  Later we will know from the context (the PCI connect flags,
	and whether we are reserving a specific address or asking for "the
	next available") whether or not it is okay to allocate other functions
	on the same slot.

	Although it's not used yet, we allow specifying "-1" for the function
	number when looking for the "next available slot" - this is going to
	end up meaning "return the lowest available function in the slot, but
	since we currently only provide a function from an otherwise unused
	slot, "-1" ends up meaning "0".

2017-01-11  Laine Stump  <laine@laine.org>

	conf: use struct instead of int for each slot in virDomainPCIAddressBus
	When keeping track of which functions of which slots are allocated, we
	will need to have more information than just the current bitmap with a
	bit for each function that is currently stored for each slot in a
	virDomainPCIAddressBus. To prepare for adding more per-slot info, this
	patch changes "uint8_t slots" into "virDomainPCIAddressSlot slot", which
	currently has a single member named "functions" that serves the same
	purpose previously served directly by "slots".

2017-01-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: define a per-domain logger.
	libxl doesn't provide a way to write one log for each domain. Thus
	we need to demux the messages. If our logger doesn't know to which
	domain to attribute a message, then it will write it to the default
	log file.

	Starting with Xen 4.9 (commit f9858025 and following), libxl will
	write the domain ID in an easy to grab manner. The logger introduced
	by this commit will use it to demux the libxl log messages.

	Thanks to the default log file, this logger will also work with older
	versions of Xen.

2017-01-11  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh: pool-info: introduce option --bytes
	By default, pool-info will convert sizes to human friendly units.

	This patch will introduce option [--bytes].
	If specified, the raw sizes will be in the output.

2017-01-11  Dawid Zamirski  <dzamirski@datto.com>

	docs: add news entry in improvements section.

	vbox: consolidate vbox IID structures.
	* remove _vboxIID_v2_x and _vboxIID_v3_x structs and repalce with one
	  _vboxIID as all supprted vbox versions have the same IID structure.
	* remove vboxIIDUnion that was used to abstract version depended IID
	  differences.
	* remove IID_MEMBER macro and use the new vboxIID directly.

	vbox: fix _displayTakeScreenShotPNGToArray
	This function was not implemented for vbox 5+ which removed
	TakeScreenShotPNGToArray but provides TakeScreenShotToArray with
	BitmapFormat_PNG argument which is the same thing.

	vbox: IVRDxServer to IVRDEServer.
	The IVRDxServer was used because vbox < 4 used to have IVRDPServer
	whereas vbox >= 4 has IVRDEServer. Now that support for legacy
	versions is being removed, we can use IVRDEServer.

	vbox: remove code dealing with oldMediumInterface
	* removed oldMediumInterface flag and related code that was used for
	  vbox 2.x
	* remove accelerate2DVideo and networkRemoveInterface flags which were
	  also conditionals for handling legacy vbox versions.

	vbox: remove domain events support.
	this was implemented only for vbox 3 series and was mostly stubs
	anyway.

	vbox: remove getMachineForSession flag.
	* the getMachineForSession is always true for 4.0+. This also means that
	  checkflag argument in openSessionForMachine no longer has any meaning
	  because it was or'ed with getMachineForSession (always true)
	* remove supportScreenshot flag - vbox 4.0+ supports it
	* remove detachDevicesExplicitly flag only relevant for < 4.0

2017-01-11  Dawid Zamirski  <dzamirski@datto.com>

	vbox: do not use IHardDisk anymore.
	VirtualBox 4.0+ uses IMedium and IHardDisk is no longer used, so

	* remove typef IMedium IHardDisk
	* merge UIHardDisk into UIMedium
	* update all references accordingly

2017-01-11  Dawid Zamirski  <dzamirski@datto.com>

	vbox: remove _vboxAttachDrivesOld
	and fold vboxAttachDrivesNew into vboxAttachDrives

	vbox: remove code for old API versions.
	This removes most of the code wrapped in VBOX_API_VERSION < 4000000
	preprocessor checks. Those are the ones that can be safely removed
	without needing to update driver code to accomodate it.

	vbox: remove calls to *InstallUniformedAPI macros.
	That is, for versions older than 4.0. Also do not try to include
	headers for those old versions.

	vbox: remove SDK header files for vbox 3 and older.
	* delete SDK header files for vbox older than 4.0
	* delete .c files for vbox older than 4.0
	* update vbox_XPCOMCGlue to use oldest supported header file, that is 4.0
	  going forward.
	* remove deleted files from Makefile.am

2017-01-10  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among other recent changes, this includes a workaround to avoid
	Clang compiler bug https://llvm.org/bugs/show_bug.cgi?id=16404
	having spurious link failures.

	* .gnulib: Update.
	* bootstrap: Synchronize to upstream.

2017-01-10  Andrea Bolognani  <abologna@redhat.com>

	docs: Document the release notes process for contributors
	Now that we have built a fairly solid process for dealing with
	release notes, we should start pushing for contributors to
	provide the relevant information along with their code:
	documenting the process is clearly a requirement for this to
	happen.

2017-01-10  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Reformat at generation time
	Instead of encoding formatting information inside the
	corresponding XSLT stylesheet, use a Python script to reformat
	the text appropriately based on a few simple markers.

	Splitting the task between the XSLT stylesheet and the Python
	script allows us to keep both parts very simple.

2017-01-10  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Improve building pipeline
	Currently, building the NEWS file involves using a XSLT stylesheet
	to extract information from the same HTML file that's used on the
	libvirt website.

	The process works, but it's quite fiddly in that it requires the
	source HTML to be formatted in a very precise way, and a single
	missing newline can mess up the resulting plain text considerably.

	Moreover, the XSLT stylesheet itself encodes a lot of the details
	of converting to plain text in a way that's not necessarily easy
	to understand, tweak or fix.

	To improve the process, move all existing entries to a new XML
	file that contains exactly the information we care about in a
	simple structured format, and start generating both the HTML and
	plain text versions of the release notes using XSLT stylesheets
	that can now afford to be almost trivial.

2017-01-10  Michal Privoznik  <mprivozn@redhat.com>

	virSecuritySELinuxSetFileconHelper: Fix build with broken selinux.h
	There are still some systems out there that have broken
	setfilecon*() prototypes. Instead of taking 'const char *tcon' it
	is taking 'char *tcon'. The function should just set the context,
	not modify it.

	We had been bitten with this problem before which resulted in
	292d3f2d and subsequently b109c09765. However, with one my latest
	commits (4674fc6afd6d) I've changed the type of @tcon variable to
	'const char *' which results in build failure on the systems from
	above.

2017-01-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu_domain: Move qemuDomainGetPreservedMounts
	This function is used only from code compiled on Linux. Therefore
	on non-Linux platforms it triggers compilation error:

	../../src/qemu/qemu_domain.c:209:1: error: unused function 'qemuDomainGetPreservedMounts' [-Werror,-Wunused-function]

2017-01-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Fix locking of block copy/active block commit
	For the blockjobs, where libvirt is able to track the state internally
	we can fix locking of images we can remove the appropriate locks.

	Also when doing a pivoting operation we should not acquire the lock on
	any of those images since both are actually locked already.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1302168

2017-01-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Properly handle image locking
	Images that became the backing chain of the current image due to the
	snapshot need to be unlocked in the lock manager. Also if qemu was
	paused during the snapshot the current top level images need to be
	released until qemu is resumed so that they can be acquired properly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1191901

2017-01-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Refactor snapshot rollback on failure
	The code at first changed the definition and then rolled it back in case
	of failure. This was ridiculous. Refactor the code so that the image in
	the definition is changed only when the snapshot is successful.

	The refactor will also simplify further fix of image locking when doing
	snapshots.

2017-01-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't redetect backing chain after snapshot
	Libvirt is able to properly model what happens to the backing chain
	after a snapshot so there's no real need to redetect the data.
	Additionally with the _REUSE_EXT flag this might end up in redetecting
	wrong data if the user puts wrong backing chain reference into the
	snapshot image.

2017-01-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: implement virDomainGetMaxVcpus
	The libxl driver already supports getting maximum vcpu count via
	libxlDomainGetVcpusFlags, allowing to trivially implement
	virDomainGetMaxVcpus.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Fix storage_backend probing when PARTED not installed.
	Commit id 'a48c674f' caused problems for systems without PARTED installed.

	So move the PARTED probing code back to storage_backend_disk.c and create
	a shim within storage_backend.c to call it if WITH_STORAGE_DISK is true;
	otherwise, just return -1 with the error.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Validate the device formats at logical startup
	At startup time, rather than blindly trusting the target devices are
	still properly formatted, let's check to make sure the pool's target
	devices are all properly formatted before attempting to start the pool.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Add overwrite flag checking for logical pool
	https://bugzilla.redhat.com/show_bug.cgi?id=1373711

	Add support and documentation for the [NO_]OVERWRITE flags for the
	logical backend.

	Update virsh.pod with a description of the process for usage of
	the flags and building of the pool's volume group.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Extract logical device initialize into a helper
	Make the remaining code a bit cleaner.

	storage: Clean up logical pool devices on build failure
	If the build fails, then we need to ensure that we've run pvremove
	on any devices which we've run pvcreate on; otherwise, a subsequent
	build could fail since running pvcreate twice on a device requires
	special force arguments.

	storage: Adjust disk label found to match labels
	Currently as long as the disk is formatted using a known parted format
	type, the algorithm is happy to continue. However, that leaves a scenario
	whereby a disk formatted using "pc98" could be used by a pool that's defined
	using "dvh" (or vice versa). Alter the check to be match and different
	and adjust the caller.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Move and rename disk backend label checking
	Rather than have the Disk code having to use PARTED to determine if
	there's something on the device, let's use the virStorageBackendDeviceProbe.
	and only fallback to the PARTED probing if the BLKID code isn't built in.

	This will also provide a mechanism for the other current caller (File
	System Backend) to utilize a PARTED parsing algorithm in the event that
	BLKID isn't built in to at least see if *something* exists on the disk
	before blindly trying to use. The PARTED error checking will not find
	file system types, but if there is a partition table set on the device,
	it will at least cause a failure.

	Move virStorageBackendDiskValidLabel and virStorageBackendDiskFindLabel
	to storage_backend and rename/rework the code to fit the new model.

	Update the virsh.pod description to provide a more generic description
	of the process since we could now use either blkid or parted to find
	data on the target device.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: For FS pool check for properly formatted target volume
	Prior to starting up, let's be sure the target volume device is
	formatted as we expect; otherwise, inhibit the start.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Add writelabel bool for virStorageBackendDeviceProbe
	It's possible that the API could be called from a startup path in
	order to check whether the label on the device matches what our
	format is. In order to handle that condition, add a 'writelabel'
	boolean to the API in order to indicate whether a write or just
	read is about to happen.

	This alters two "error" conditions that would care about knowing.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Add partition type checks for BLKID probing
	A device may be formatted using some sort of disk partition format type.
	We can check that using the blkid_ API's as well - so alter the logic to
	allow checking the device for both a filesystem and a disk partition.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Fix implementation of no-overwrite for file system backend
	https://bugzilla.redhat.com/show_bug.cgi?id=1363586

	Commit id '27758859' introduced the "NO_OVERWRITE" flag check for
	file system backends; however, the implementation, documentation,
	and algorithm was inconsistent. For the "flag" description for the
	API the flag was described as "Do not overwrite existing pool";
	however, within the storage backend code the flag is described
	as "it probes to determine if filesystem already exists on the
	target device, renurning an error if exists".

	The code itself was implemented using the paradigm to set up the
	superblock probe by creating a filter that would cause the code
	to only search for the provided format type. If that type wasn't
	found, then the algorithm would return success allowing the caller
	to format the device. If the format type already existed on the
	device, then the code would fail indicating that the a filesystem
	of the same type existed on the device.

	The result is that if someone had a file system of one type on the
	device, it was possible to overwrite it if a different format type
	was specified in updated XML effectively trashing whatever was on
	the device already.

	This patch alters what NO_OVERWRITE does for a file system backend
	to be more realistic and consistent with what should be expected when
	the caller requests to not overwrite the data on the disk.

	Rather than filter results based on the expected format type, the
	code will allow success/failure be determined solely on whether the
	blkid_do_probe calls finds some known format on the device. This
	adjustment also allows removal of the virStoragePoolProbeResult
	enum that was under utilized.

	If it does find a formatted file system different errors will be
	generated indicating a file system of a specific type already exists
	or a file system of some other type already exists.

	In the original virsh support commit id 'ddcd5674', the description
	for '--no-overwrite' within the 'pool-build' command help output
	has an ambiguous "of this type" included in the short description.
	Compared to the longer description within the "Build a given pool."
	section of the virsh.pod file it's more apparent that the meaning
	of this flag would cause failure if a probe of the target already
	has a filesystem.

	So this patch also modifies the short description to just be the
	antecedent of the 'overwrite' flag, which matches the API description.
	This patch also modifies the grammar in virsh.pod for no-overwrite
	as well as reworking the paragraph formats to make it easier to read.

2017-01-10  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStorageBackendDeviceIsEmpty
	Rename virStorageBackendFileSystemProbe and to virStorageBackendBLKIDFindFS
	and move to the more common storage_backend module.

	Create a shim virStorageBackendDeviceIsEmpty which will make the call
	to the virStorageBackendBLKIDFindFS and check the return value.

2017-01-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Drop qemuDomainDeleteNamespace
	After previous commits, this function is no longer needed.

	qemuDomainCreateNamespace: move mkdir to qemuDomainBuildNamespace
	Again, there is no need to create /var/lib/libvirt/$domain.*
	directories in CreateNamespace(). It is sufficient to create them
	as soon as we need them which is in BuildNamespace. This way we
	don't leave them around for the whole lifetime of domain.

	qemuDomainGetPreservedMounts: Do not special case /dev
	The c1140eb9e got me thinking. We don't want to special case /dev
	in qemuDomainGetPreservedMounts(), but in all other places in the
	code we special case it anyway. I mean,
	/var/run/libvirt/$domain.dev path is constructed separately just
	so that it is not constructed here. It makes only a little sense
	(if any at all).

	qemuDomainCreateNamespace: s/unlink/rmdir/
	If something goes wrong in this function we try a rollback. That
	is unlink all the directories we created earlier. For some weird
	reason unlink() was called instead of rmdir().

	qemu: Use transactions from security driver
	So far if qemu is spawned under separate mount namespace in order
	to relabel everything it needs an access to the security driver
	to run in that namespace too. This has a very nasty down side -
	it is being run in a separate process, so any internal state
	transition is NOT reflected in the daemon. This can lead to many
	sleepless nights. Therefore, use the transaction APIs so that
	libvirt developers can sleep tight again.

	security_selinux: Implement transaction APIs

	security_dac: Implement transaction APIs

2017-01-10  Michal Privoznik  <mprivozn@redhat.com>

	security driver: Introduce transaction APIs
	With our new qemu namespace code in place, the relabelling of
	devices is done not as good is it could: a child process is
	spawned, it enters the mount namespace of the qemu process and
	then runs desired API of the security driver.

	Problem with this approach is that internal state transition of
	the security driver done in the child process is not reflected in
	the parent process. While currently it wouldn't matter that much,
	it is fairly easy to forget about that. We should take the extra
	step now while this limitation is still fresh in our minds.

	Three new APIs are introduced here:
	  virSecurityManagerTransactionStart()
	  virSecurityManagerTransactionCommit()
	  virSecurityManagerTransactionAbort()

	The Start() is going to be used to let security driver know that
	we are starting a new transaction. During a transaction no
	security labels are actually touched, but rather recorded and
	only at Commit() phase they are actually updated. Should
	something go wrong Abort() aborts the transaction freeing up all
	memory allocated by transaction.

2017-01-10  Michal Privoznik  <mprivozn@redhat.com>

	security_dac: Resolve virSecurityDACSetOwnershipInternal const correctness
	The code at the very bottom of the DAC secdriver that calls
	chown() should be fine with read-only data. If something needs to
	be prepared it should have been done beforehand.

2017-01-10  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Update for virtio-pci by default for mach-virt guests

	docs: Document virtio-pci by default for mach-virt guests

2017-01-10  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use virtio-pci by default for mach-virt guests
	virtio-pci is the way forward for aarch64 guests: it's faster
	and less alien to people coming from other architectures.
	Now that guest support is finally getting there (Fedora 24,
	CentOS 7.3, Ubuntu 16.04 and Debian testing all support
	virtio-pci out of the box), we'd like to start using it by
	default instead of virtio-mmio.

	Users and applications can already opt-in by explicitly using

	  <address type='pci'/>

	inside the relevant elements, but that's kind of cumbersome and
	requires all users and management applications to adapt, which
	we'd really like to avoid.

	What we can do instead is use virtio-mmio only if the guest
	already has at least one virtio-mmio device, and use virtio-pci
	in all other situations.

	That means existing virtio-mmio guests will keep using the old
	addressing scheme, and new guests will automatically be created
	using virtio-pci instead. Users can still override the default
	in either direction.

	Existing tests such as aarch64-aavmf-virtio-mmio and
	aarch64-virtio-pci-default already cover all possible
	scenarios, so no additions to the test suites are necessary.

2017-01-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: setvcpus: Properly coldplug vcpus when hotpluggable vcpus are present
	When coldplugging vcpus to a VM that already has a few hotpluggable
	vcpus the code might generate invalid configuration as
	non-hotpluggable cpus need to be clustered starting from vcpu 0.

	This fix forces the added vcpus to be hotpluggable in such case.

	Fixes a corner case described in:
	https://bugzilla.redhat.com/show_bug.cgi?id=1370357

2017-01-10  Laine Stump  <laine@laine.org>

	docs: fix list of domain states in virsh manpage
	The virsh manpage lists "shutdown" and "dying" as two of the possible
	domain states that could be listed in the output of the "virsh list"
	command. However, a domain that is being shutdown will be listed as
	"in shutdown", and the "dying" state doesn't even exist (and never
	has, as far as I can tell from looking through git history - it was
	shown in the original import of the virsh.pod file in 2006; there was
	no VIR_DOMAIN_DYING state then, there wasn't one when those lines of
	virsh.pod were tweaked in 2008, and there still isn't one
	today. Apparently it was just something that sounded like a good idea
	to someone at some time, but was never implemented...)

	Resolves: https://bugzilla.redhat.com/1408778

2017-01-10  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	perf: Add cache_l1d perf event support
	This patch adds support and documentation for
	a generalized hardware cache event called cache_l1d
	perf event.

	docs: Reword virsh manpage for --uuid --name --table options
	The virsh manpage lists options --uuid and --name as
	mutually exclusive along option --table when actually
	the option --table is mutually exclusive and can't go
	with options --uuid and/or --name. This patch rewords the
	virsh manpage to state the correct meaning.

2017-01-09  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: Display perf enabled/disabled message for set operations
	When setting perf events, the enabled/disabled perf events are not
	listed. Since we know which events were changed it's possible to
	print out the values on successful set, such as :

	    virsh perf Domain --enable instructions --disable cache_misses
	    instructions   : enabled
	    cache_misses   : disabled

	Created a helper to print the messages - use the vshPrintExtra to
	adhere to the --quiet|-q option being set by some script. This will
	cause the get code to print nothing, but will return success/failure.

2017-01-09  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: Fix English grammar in the virsh perf manpage

2017-01-09  Jiri Denemark  <jdenemar@redhat.com>

	Update remote_protocol-structs for new events

2017-01-09  Daniel P. Berrange  <berrange@redhat.com>

	secret: add support for value change events
	Emit an event whenever a secret value changes

	virsh: add secret lifecycle event handling

	examples: add secret events to event demo program

	secret: add support for lifecycle events

	remote: implement secret lifecycle event APIs

	conf: simplify internal virSecretDef handling of usage
	The public virSecret object has a single "usage_id" field
	but the virSecretDef object has a different 'char *' field
	for each usage type, but the code all assumes every usage
	type has a corresponding single string. Get rid of the
	pointless union in virSecretDef and just use "usage_id"
	everywhere. This doesn't impact public XML format, only
	the internal handling.

	conf: add secret event handling
	Add helper APIs / objects for managing secret events

	Introduce secret lifecycle event APIs
	Add public APIs to allow applications to watch for define and
	undefine of secret objects.

	remote: fix struct for device removal failed event
	The handler for the device removal failed event was using
	the struct for the device added event. Fortunately the
	layout was the same, so this was harmless.

	Add domain event for metadata changes
	When changing the metadata via virDomainSetMetadata, we now
	emit an event to notify the app of changes. This is useful
	when co-ordinating different applications read/write of
	custom metadata.

	cgroup: add virCgroupAddMachineTask stub for win32

2017-01-09  Daniel P. Berrange  <berrange@redhat.com>

	lxc: ensure libvirt_lxc and qemu-nbd move into systemd machine slice
	Currently when spawning containers with systemd, the container PID 1
	will get moved into the systemd machine slice. Libvirt then manually
	moves the libvirt_lxc and qemu-nbd processes into the cgroups associated
	with the slice, but skips the systemd controller cgroup. This means that
	from systemd's POV, libvirt_lxc and qemu-nbd are still part of the
	libvirtd.service unit.

	On systemctl daemon-reload, it will notice that libvirt_lxc & qemu-nbd
	are in the libvirtd.service unit for the systemd controller, but in the
	machine cgroups for resources. Systemd will thus move them back into
	the libvirtd.service resource cgroups next time libvirtd is restarted.
	This causes libvirtd to kill off the container due to incorrect cgroup
	placement.

	The solution is to ensure that when moving libvirt_lxc & qemu-nbd, we
	also move the systemd cgroup controller placement. Normally this is
	not something we ever want todo, but this is a special case as we are
	intentionally wanting to move them to a different systemd unit.

2017-01-09  Michal Privoznik  <mprivozn@redhat.com>

	security_selinux: s/virSecuritySELinuxSecurity/virSecuritySELinux/
	It doesn't make much sense to have two different prefix for
	functions within the same driver.

2017-01-09  Michal Privoznik  <mprivozn@redhat.com>

	virutil: Provide non-linux impl for virGetFCHostNameByFabricWWN
	Currently, there's only linux implementation for
	virGetFCHostNameByFabricWWN(). Since the symbol is exported in
	our private symbols we ought to have implementation for other
	platforms too. This also triggers compilation error on FreeBSD:

	../src/.libs/libvirt_driver_storage_impl.a(libvirt_driver_storage_impl_la-storage_backend_scsi.o): In function `createVport':
	/usr/home/jenkins/libvirt-master/systems/libvirt-freebsd/build/src/../../src/storage/storage_backend_scsi.c:740: undefined reference to `virGetFCHostNameByFabricWWN'

2017-01-07  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh: Fix grammar - s/rather then/rather than

2017-01-07  Maxim Nestratov  <mnestratov@virtuozzo.com>

	tests: Add "no-kvm-pit-device" testcase
	Add a test case for when the QEMU_CAPS_NO_KVM_PIT capability is set.
	This capability is mutually exclusive to QEMU_CAPS_KVM_PIT_TICK_POLICY
	and results in the same output regardless of whether "discard" or
	"delay" was specified in the guest XML for 'tickpolicy'.

2017-01-07  Maxim Nestratov  <mnestratov@virtuozzo.com>

	qemu: Allow to specify pit timer tick policy=discard
	Separate out the "policy=discard" into it's own specific
	qemu command line.

	We'll rename "kvm-pit-device" test case to be "kvm-pit-discard"
	since it has the syntax we'd be using.

2017-01-07  Maxim Nestratov  <mnestratov@virtuozzo.com>

	qemu: Fix pit timer tick policy=delay
	By a mistake, for the VIR_DOMAIN_TIMER_TICKPOLICY_DELAY qemu
	command line creation, 'discard' was used instead of 'delay'
	in commit id '1569fa14'.

	Test "kvm-pit-delay" is fixed accordingly to show the correct
	option being generated.

	Remove the (now) redundant kvm-pit-device tests. As it turns
	out there is no need to specify both QEMU_CAPS_NO_KVM_PIT and
	QEMU_CAPS_KVM_PIT_TICK_POLICY since they are mutually exclusive
	and "kvm-pit-device" becomes just the same as "kvm-pit-delay".

2017-01-06  John Ferlan  <jferlan@redhat.com>

	iscsi: Add parent wwnn/wwpn or fabric capability for createVport
	https://bugzilla.redhat.com/show_bug.cgi?id=1349696

	As it turns out using only the 'parent' to achieve the goal of a
	consistent vHBA parent has issues with reboots where the scsi_hostX
	parent could change to scsi_hostY causing either failure to create
	the vHBA or usage of the wrong HBA for our vHBA.

	Thus add the ability to search for the "parent" by the parent wwnn/
	wwpn values or just a fabric_name if someone only cares to ensure
	usage of the same SAN for the vHBA.

2017-01-06  John Ferlan  <jferlan@redhat.com>

	util: Introduce virGetFCHostNameByFabricWWN
	Create a utility routine in order to read the scsi_host fabric_name files
	looking for a match to a passed fabric_name

	conf: Add more fchost search fields for storage pool vHBA creation
	Add new fields to the fchost structure to allow creation of a vHBA via
	the storage pool when a parent_wwnn/parent_wwpn or parent_fabric_wwn is
	supplied in the storage pool XML.

2017-01-06  John Ferlan  <jferlan@redhat.com>

	nodedev: Add the ability to create vHBA by parent wwnn/wwpn or fabric_wwn
	https://bugzilla.redhat.com/show_bug.cgi?id=1349696

	When creating a vHBA, the process is to feed XML to nodeDeviceCreateXML
	that lists the <parent> scsi_hostX to use to create the vHBA. However,
	between reboots, it's possible that the <parent> changes its scsi_hostX
	to scsi_hostY and saved XML to perform the creation will either fail or
	create a vHBA using the wrong parent.

	So add the ability to provide "wwnn" and "wwpn" or "fabric_wwn" to
	the <parent> instead of a name of the scsi_hostN that is the parent.
	The allowed XML will thus be:

	  <parent>scsi_host3</parent>  (current)

	or

	  <parent wwnn='$WWNN' wwpn='$WWPN'/>

	or

	  <parent fabric_wwn='$WWNN'/>

	Using the wwnn/wwpn or fabric_wwn ensures the same 'scsi_hostN' is
	selected between hardware reconfigs or host reboots. The fabric_wwn
	Using the wwnn/wwpn pair will provide the most specific search option,
	while fabric_wwn will at least ensure usage of the same SAN, but maybe
	not the same scsi_hostN.

	This patch will add the new fields to the nodedev.rng for input purposes
	only since the input XML is essentially thrown away, no need to Format
	the values since they'd already be printed as part of the scsi_host
	data block.

	New API virNodeDeviceGetParentHostByWWNs will take the parent "wwnn" and
	"wwpn" in order to search the list of devices for matching capability
	data fields wwnn and wwpn.

	New API virNodeDeviceGetParentHostByFabricWWN will take the parent "fabric_wwn"
	in order to search the list of devices for matching capability data field
	fabric_wwn.

2017-01-06  Collin L. Walling  <walling@linux.vnet.ibm.com>

	qemu: command: Support new cpu feature argument syntax
	Qemu has abandoned the +/-feature syntax in favor of key=value. Some
	architectures (s390) do not support +/-feature. So we update libvirt to handle
	both formats.

	If we detect a sufficiently new Qemu (indicated by support for qmp
	query-cpu-model-expansion) we use key=value else we fall back to +/-feature.

2017-01-06  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	tests: qemuxml2argv s390x cpu model
	Test cases for qemu s390x cpu model argument generation.

2017-01-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu-caps: Get host model directly from Qemu when available
	When qmp query-cpu-model-expansion is available probe Qemu for its view of the
	host model. In kvm environments this can provide a more complete view of the
	host model because features supported by Qemu and Kvm can be considered.

2017-01-06  Collin L. Walling  <walling@linux.vnet.ibm.com>

	qemu: qmp query-cpu-model-expansion command
	query-cpu-model-expansion is used to get a list of features for a given cpu
	model name or to get the model and features of the host hardware/environment
	as seen by Qemu/kvm.

	tests: domain capabilities: qemu 2.7 and 2.8 on s390x
	Tests domain capabilities on s390x using the Qemu 2.8 capabilities data.

	test-data: Qemu caps replies and xml for s390x qemu 2.7 and 2.8
	Expected Qemu replies for versions 2.7 and 2.8 from the s390x
	Qemu binary.

2017-01-06  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	s390-cpu: Remove nodeData and decode
	On s390, the host's features are heavily influenced by not only the host
	hardware but also by hardware microcode level, host OS version, qemu
	version and kvm version. In this environment it does not make sense to
	attempt to report exact host details.

	Acked-by: Jiri Denemark <jdenemar@redhat.com>

2017-01-06  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	s390: Cpu driver support for update and compare
	Implement compare for s390. Required to test the guest against the host for
	guest cpu model runnability checking. We always return IDENTICAL to bypass
	Libvirt's checking. s390 will rely on Qemu to perform the runnability checking.

	Implement update for s390. required to support use of cpu "host-model" mode.

	Acked-by: Jiri Denemark <jdenemar@redhat.com>

2017-01-05  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Remove /dev mount info properly
	Just so it doesn't bite us in the future, even though it's unlikely.

	And fix the comment above it as well.  Commit e08ee7cd3405 took the
	info from the function it's calling, but that was lie itself in the
	first place.

2017-01-05  Martin Kletzander  <mkletzan@redhat.com>

	util: Don't lie in virFileGetMount*Subtree's docstrings
	The resulting function virFileGetMountSubtreeImpl() just uses
	virStringSortRevCompare or virStringSortCompare which uses strcmp().

	docs: Reference the right config option

2017-01-05  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetPreservedMounts: Fetch list of /dev/* mounts dynamically
	With my namespace patches, we are spawning qemu in its own
	namespace so that we can manage /dev entries ourselves. However,
	some filesystems mounted under /dev needs to be preserved in
	order to be shared with the parent namespace (e.g. /dev/pts).
	Currently, the list of mount points to preserve is hardcoded
	which ain't right - on some systems there might be less or more
	items under real /dev that on our list. The solution is to parse
	/proc/mounts and fetch the list from there.

	internal: Simplify STREQ_NULLABLE
	Our STREQ_NULLABLE and STRNEQ_NULLABLE macros are too
	complicated. This was a result of some broken version of gcc.
	However, that is long gone and therefore we can simplify the
	macros.

	qemuProcessLaunch: fix indentation

2017-01-05  Wangjing (King, Euler)  <king.wang@huawei.com>

	qemu: snapshot: restart CPUs when recover from interrupted snapshot job
	If we restart libvirtd while VM was doing external memory snapshot, VM's
	state be updated to paused as a result of running a migration-to-file
	operation, and then VM will be left as paused state. In this case we must
	restart the VM's CPUs to resume it.

2017-01-04  John Ferlan  <jferlan@redhat.com>

	util: Remove need for extra VIR_FREE's in virGetFCHostNameByWWN
	Rather than extraneous VIR_FREE's depending on where we are in the code,
	move them to the top of the loop and in the cleanup path.

	scsi: Converge more createVport checks
	Remove duplicated code - make one simple path through

	scsi: Change order of checks in createVport
	Move the check for an already existing vHBA to the top of the function.
	No sense in first decoding a provided parent if the next thing we're going
	to do is fail if a provided wwnn/wwpn already exists.

	scsi: Clean up createVport exit paths
	Use the ret = -1, goto cleanup, etc. rather than current hodgepodge.

	nodedev: Add ability to find a vport capable vHBA
	If a <parent> is not supplied in the XML used to create a non-persistent
	vHBA, then instead of failing, let's try to find a "vports" capable node
	device and use that.

2017-01-04  John Ferlan  <jferlan@redhat.com>

	nodedev: Create helpers to search for vport capable nodedevs
	Extract out code from virNodeDeviceGetParentHost into helpers - it's
	going to be reused in upcoming patches to search on more fields

	Create virNodeDeviceFindVPORTCapDef in order to return a virNodeDevCapsDefPtr
	of the VPORT_OPS and virNodeDeviceFindFCParentHost to use the function and
	generate an error message if the device doesn't have the capability.

	Also clean up the processing in virNodeDeviceGetParentHost to remove
	need for goto's.

2017-01-04  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Remove spurious period
	All other entries in the release notes omit the leading period,
	and so should this one in order to maintain consistency.

2017-01-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Resume VM after live snapshot
	Commit 4b951d1e38259ff5d03e9eedb65095eead8099e1 missed the fact that the
	VM needs to be resumed after a live external checkpoint (memory
	snapshot) where the cpus would be paused by the migration rather than
	libvirt.

2017-01-04  Andrea Bolognani  <abologna@redhat.com>

	HACKING: Reduce vertical whitespace
	When generating the plain text version of the contributor
	guidelines we add a ludicrous amount of vertical whitespace
	in some spots. Tweak the XSLT stylesheet and regenerate the
	now much better looking file.

2017-01-04  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCreateDevice: Be more careful about device path
	Again, not something that I'd hit, but there is a chance in
	theory that this might bite us. Currently the way we decide
	whether or not to create /dev entry for a device is by marching
	first four characters of path with "/dev". This might be not
	enough. Just imagine somebody has a disk image stored under
	"/devil/path/to/disk". We ought to be matching against "/dev/".

	qemuDomainAttachDeviceMknodHelper: Don't unlink() so often
	Not that I'd encounter any bug here, but the code doesn't look
	100% correct. Imagine, somebody is trying to attach a device to a
	domain, and the device's /dev entry already exists in the qemu
	namespace. This is handled gracefully and the control continues
	with setting up ACLs and calling security manager to set up
	labels. Now, if any of these steps fail, control jump on the
	'cleanup' label and unlink() the file straight away. Even when it
	was not us who created the file in the first place. This can be
	possibly dangerous.

2017-01-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Handle EEXIST gracefully in qemuDomainCreateDevice
	https://bugzilla.redhat.com/show_bug.cgi?id=1406837

	Imagine you have a domain configured in such way that you are
	assigning two PCI devices that fall into the same IOMMU group.
	With mount namespace enabled what happens is that for the first
	PCI device corresponding /dev/vfio/X entry is created and when
	the code tries to do the same for the second mknod() fails as
	/dev/vfio/X already exists:

	2016-12-21 14:40:45.648+0000: 24681: error :
	qemuProcessReportLogError:1792 : internal error: Process exited
	prior to exec: libvirt: QEMU Driver error : Failed to make device
	/var/run/libvirt/qemu/windoze.dev//vfio/22: File exists

	Worse, by default there are some devices that are created in the
	namespace regardless of domain configuration (e.g. /dev/null,
	/dev/urandom, etc.). If one of them is set as backend for some
	guest device (e.g. rng, chardev, etc.) it's the same story as
	described above.

	Weirdly, in attach code this is already handled.

2017-01-04  Martin Kletzander  <mkletzan@redhat.com>

	networkxml2conftest: Rename outxml to outconf
	Just a name, I know, but it bothered me a lot since it does not refer
	to XML.

	docs: Use href_base in absolute links
	That way all links work even if you click them in a subdirectory.

2017-01-04  Andrea Bolognani  <abologna@redhat.com>

	HACKING: Regenerate
	When updating the source file in commit bd4f4d168660, I forgot
	that we also store the generated plain text version in git and
	didn't regenerate it.

	I also missed one spot that required an additional <p> tag, so
	fix both mistakes in one go.

2017-01-04  Andrea Bolognani  <abologna@redhat.com>

	util: Fix syntax-check
	Commit b9cc24839b75 introduced a new #define but neglected
	to format it properly, thus breaking syntax-check.

	docs: Add missing <p> elements
	Some of the <li> elements in the "General tips for contributing
	patches" section were missing the corresponding inner <p> element,
	so they ended up all lumped together.

2017-01-04  Andrea Bolognani  <abologna@redhat.com>

	util: Turn virFirewallAddRule() into a macro
	Clang 3.9 refuses to compile the existing code with the
	following error:

	  util/virfirewall.c:425:20: error: passing an object that undergoes
	                             default argument promotion to 'va_start'
	                             has undefined behavior [-Werror,-Wvarargs]
	      va_start(args, layer);
	                     ^
	  util/virfirewall.c:420:37: note: parameter of type 'virFirewallLayer'
	                             is declared here
	                     virFirewallLayer layer,
	                                      ^

	This happens because 'layer' is of type virFirewallLayer, which
	is an enum type and not a standard type such as eg. void* or int.

	To solve the issue, turn virFirewallAddRule() from a very thin
	wrapper around virFirewallAddRuleFullV() to a macro that expands
	to a call to virFirewallAddRuleFull() - itself a very thin wrapper
	around the aforementioned virFirewallAddRuleFullV() - with no loss
	of functionality or type safety.

2017-01-03  John Ferlan  <jferlan@redhat.com>

	qemu: Don't assume secret provided for LUKS encryption
	https://bugzilla.redhat.com/show_bug.cgi?id=1405269

	If a secret was not provided for what was determined to be a LUKS
	encrypted disk (during virStorageFileGetMetadata processing when
	called from qemuDomainDetermineDiskChain as a result of hotplug
	attach qemuDomainAttachDeviceDiskLive), then do not attempt to
	look it up (avoiding a libvirtd crash) and do not alter the format
	to "luks" when adding the disk; otherwise, the device_add would
	fail with a message such as:

	   "unable to execute QEMU command 'device_add': Property 'scsi-hd.drive'
	    can't find value 'drive-scsi0-0-0-0'"

	because of assumptions that when the format=luks that libvirt would have
	provided the secret to decrypt the volume.

	Access to unlock the volume will thus be left to the application.

2017-01-02  Michal Privoznik  <mprivozn@redhat.com>

	bhyvexml2xmltest: Test more XMLs
	Currently, bhyvexml2xmltest does only one test. We can do better.

	bhyvexml2argvdata: Add mac address to <interface/>
	In the next patch we will need a stable mac address for
	<interface/>.

	bhyvexml2argvdata: Fix <drive/> addresses
	After c07d1c1c4f got merged it uncovered couple of broken domain
	XMLs for bhyvexml2argv test. Some disk drives had incompatible
	type of address configured.

	networkxml2conftest: s/lo/lo0/ on non-Linux
	After 478ddedc12 a bug is fixed where we wrongly presumed loopack
	device name on non-Linux systems. It's lo0. However, the fix is
	not reflected in the tests which are failing now.

	src: Build libvirt_nss.la iff WITH_NSS
	If the nss module is disabled we don't need to build the
	supplementary library for it either.

	tests: Run nss*test iff WITH_NSS
	If the nss module is disabled we shouldn't run the tests that
	include it either.

	virt-nss: Introduce more checks before enabling NSS
	The plugin depends on more modules than we currently check for,
	i.e. network driver and yajl library.

	tests: Move test_libraries a bit higher
	In the Makefile in tests/ we initialize couple of variables like
	test_programs, test_libraries and test_helpers. These variables
	contain all the targets that we need to build in order to run
	the test suite. So we initialize test_programs and test_helpers
	and then conditionally add targets to them depending on what we
	are building with. Then we repeat the same process with
	test_libraries. It makes no sense to have two separate if-endif
	sequences.

	tests: Run virmacmaptest iff WITH_YAJL
	Since the internal implementation relies on a json parser being
	available, it make no sense to run this test if there's none
	available.

2017-01-02  Michal Privoznik  <mprivozn@redhat.com>

	virmacmap: Don't use hash table dataFree callback
	Due to nature of operations we do over the string list (more
	precisely due to how virStringListRemove() works), it is not the
	best idea to use dataFree callback. Problem is, on MAC address
	remove, the string list remove function modifies the original
	list in place. Then, virHashUpdateEntry() is called which frees
	all the data stored in the list rendering @newMacsList point to
	freed data.

	==16002== Invalid read of size 8
	==16002==    at 0x50BC083: virFree (viralloc.c:582)
	==16002==    by 0x513DC39: virStringListFree (virstring.c:251)
	==16002==    by 0x51089B4: virMacMapHashFree (virmacmap.c:67)
	==16002==    by 0x50EF30B: virHashAddOrUpdateEntry (virhash.c:352)
	==16002==    by 0x50EF4FD: virHashUpdateEntry (virhash.c:415)
	==16002==    by 0x5108BED: virMacMapRemoveLocked (virmacmap.c:129)
	==16002==    by 0x51092D5: virMacMapRemove (virmacmap.c:346)
	==16002==    by 0x402F02: testMACRemove (virmacmaptest.c:107)
	==16002==    by 0x403F15: virTestRun (testutils.c:180)
	==16002==    by 0x4032C4: mymain (virmacmaptest.c:205)
	==16002==    by 0x405A3B: virTestMain (testutils.c:992)
	==16002==    by 0x403D87: main (virmacmaptest.c:237)
	==16002==  Address 0xdd5a4d0 is 0 bytes inside a block of size 24 free'd
	==16002==    at 0x4C2AD6F: realloc (vg_replace_malloc.c:693)
	==16002==    by 0x50BB99B: virReallocN (viralloc.c:245)
	==16002==    by 0x513DC0B: virStringListRemove (virstring.c:235)
	==16002==    by 0x5108BA6: virMacMapRemoveLocked (virmacmap.c:124)
	==16002==    by 0x51092D5: virMacMapRemove (virmacmap.c:346)
	==16002==    by 0x402F02: testMACRemove (virmacmaptest.c:107)
	==16002==    by 0x403F15: virTestRun (testutils.c:180)
	==16002==    by 0x4032C4: mymain (virmacmaptest.c:205)
	==16002==    by 0x405A3B: virTestMain (testutils.c:992)
	==16002==    by 0x403D87: main (virmacmaptest.c:237)

2017-01-02  Michal Privoznik  <mprivozn@redhat.com>

	virmacmap: Fix variable handling
	In virMacMapRemoveLocked() we have two variables: @macsList and
	@newMacsList. Obviously, @newMacsList is supposed to hold pointer
	to modified list but in fact it holds pointer to the old list.
	It's confusing.

2017-01-02  Andrea Bolognani  <abologna@redhat.com>

	maint: Sync bootstrap after gnulib update
	7fa7fe22d844 updated gnulib to the latest upstream commit,
	but forgot to include the corresponding bootstrap changes.

2017-01-02  Michal Privoznik  <mprivozn@redhat.com>

	maint: update to latest gnulib
	Required for the copyright year bump to keep 'make syntax-check'
	happy, and also pulls in several portability fixes.

	* .gnulib: Update to latest.
	* bootstrap: Resync from upstream.

2016-12-24  Michal Privoznik  <mprivozn@redhat.com>

	NEWS: Update after qemu namespace fix

2016-12-23  John Ferlan  <jferlan@redhat.com>

	docs: Update docs for recently added physical adjustments
	Add the description for <physical>... One is a new feature - the API
	and the other is an improvement for the volume xml output.

2016-12-22  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: get disks statistics for CTs
	A CT disk statistics is reported with prefix "hdd" and we should use
	it to extract data.

	vz: set boot from disk for CT only when there is no root filesystem
	Before, boot devices information for CTs was always empty and we
	didn't indicate that containers can boot from disk.

	vz: report disks either as disks or filesystems depending on original xml
	Virtuozzo SDK interface doesn't differ filesystems from disks and sees them as disks.
	Before, we always mistakenly presented disks based on files as filesystems, which is
	not completely correct. Now we are going to show either disks or filesystems depending
	on a hint, which uses boot device section of VZ config. Though this information
	doesn't change booting order of a CT, it is used by vz libvirt interface as a hint
	for libvirt representation of disks. Since now, if we have filesystems in input xml,
	then we add them to VZ booting devices list and rely on this information to show
	corresponding libvirt xml.

	vz: don't add implicit devices for CTs
	Implicit devices like controllers are confusing for CTs and
	function virDomainDefAddImplicitDevices never intended to be called
	for CTs.

	vz: report "scsi" bus for disks when nothing was set explixitly
	This is necessary to show CTs created out of libvirt correctly.

2016-12-22  Pino Toscano  <ptoscano@redhat.com>

	tests: enable virpolkittest on any ELF platform
	This tests uses preload, which should work on any ELF-based platform
	(and indeed it passes on Linux, GNU/kFreeBSD, and FreeBSD).

	Also remove the WITH_DBUS conditional, as the test is already built
	based on that conditional.

2016-12-22  Andrea Bolognani  <abologna@redhat.com>

	m4/virt-arg: Rename LIBVIRT_ARG_WITH* macros
	LIBVIRT_ARG_WITH_ALT is more generic than LIBVIRT_ARG_WITH, which
	is tailored at switching features on and off.

	Rename the macros according to their intended purpose, and add
	some documentation to help developers pick between the two.

2016-12-22  Andrea Bolognani  <abologna@redhat.com>

	m4/virt-arg: Move LIBVIRT_ARG_* macros to their own file
	They're not just used, or supposed to be just used, for
	library-related arguments, so they deserve to have their
	own separate file.

2016-12-22  Pavel Hrdina  <phrdina@redhat.com>

	m4/virt-gnutls: properly backup CFLAGS and LIBS for AC_CHECK_* macros
	Commit 943ddcb7120 partially fixed this bug in gnutls configure code.
	However we also need to backup and modify CFLAGS and do if for
	AC_CHECK_HEADERS as well.

2016-12-22  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Update after virtio console on ppc64 fix

2016-12-22  Pavel Hrdina  <phrdina@redhat.com>

	m4/virt-gnutls: use AC_CHECK_FUNCS to detect availability of functions
	Sigh, autoconf has AC_CHECK_FUNC and AC_CHECK_FUNCS and both check
	whether some function exists or not.  However in addition to the obvious
	difference that the later is able to check multiple functions it also
	defines HAVE_FUNCTION_NAME for each function.

	Commit 680d2f49da moved the code to separate file, but also blindly
	changed the macro to AC_CHECK_FUNC without confronting the
	documentation.

	Reported-by: John Ferlan <jferlan@redhat.com>

	<https://www.redhat.com/archives/libvir-list/2016-December/msg01086.html>

2016-12-21  Pavel Hrdina  <phrdina@redhat.com>

	m4/virt-lib: use correct format of package name for AC_ARG_* macros
	Introduced by commit 25034b3c40 and reused by commit 4519e94b743.
	This patch silences warning printed by configure:

	  configure: WARNING: unrecognized options: --with-qemu-user

2016-12-21  Pavel Hrdina  <phrdina@redhat.com>

	m4/virt-loader-nvram: use quotation for list of loader:nvram pairs
	The bug was introduced by commit 08c2d1480b.  The string must be quoted
	because it is used as function argument.

2016-12-21  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Fix indentation

2016-12-21  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	Allow virtio-console on PPC64
	virQEMUCapsSupportsChardev existing checks returns true
	for spapr-vty alone. Instead verify spapr-vty validity
	and let the logic to return true for other device types
	so that virtio-console passes.

	The non-pseries machines dont have spapr-vio-bus. So, the
	function always returned false for them before.

	Fixes - https://bugzilla.redhat.com/show_bug.cgi?id=1257813

2016-12-21  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: clean out unused migrate to unix

2016-12-21  Pavel Hrdina  <phrdina@redhat.com>

	configure: group all storage driver checks together

	configure: move storage ZFS check to its own file

	configure: move storage Gluster check to its own file

	configure: move storage Sheepdog check to its own file

	configure: move storage RBD check to its own file

	configure: move storage disk check to its own file

	configure: move storage mpath check to its own file

	configure: move storage SCSI check to its own file

	configure: move storage iSCSI check to its own file

	configure: move storage LVM check to its own file

	configure: move storage fs check to its own file

	configure: move storage dir check to its own file

	configure: move AppArmor secdriver check to its own file

	configure: move SELinux secdriver check into its own file

	configure: group all virtualization drivers checks together

	configure: move parallels version definition to m4/virt-driver-vz

	configure: move interface driver check to its own file

	configure: move network driver check to its own file

	configure: move libvirtd driver check to its own file

	configure: move Hyper-V driver check to its own file

	configure: move ESX driver check to its own file

	configure: move vbox driver check to its own file

	configure: move remote driver check to its own file

	configure: move test driver check to its own file

	configure: move PHYP driver check to its own file

	m4/virt-driver-xenapi: use LIBVIRT_CHECK_LIB macro

	configure: move XenAPI driver check to its own file

	m4/virt-libxl: cleanup storing CFLAGS and LIBS variables

	m4/virt-libxl: properly check for required libxl version

	m4/virt-libxl: use LIBVIRT_CHECK_(PKG|LIB) macros

	configure: move libxl driver check to its own file

	configure: move XEN driver check to its own file

	configure: move LXC driver check to its own file

	configure: move qemu bridge helper check to qemu driver file

	configure: move qemu privileges check to qemu driver file

	configure: move QEMU driver check to its own file

	configure: move VMware driver check to its own file

	configure: move OpenVZ driver check to its own file

	configure: group all Miscellaneous checks together

	configure: move debug check to its own file

	configure: move xml catalog file check to its own file

	configure: move TLS priority check to its own file

	configure: move default editor check to its own file

	configure: move loader/nvram check to its own file

	configure: move chrdev lock files check to its own file

	configure: move sysctl config check to its own file

	configure: move numad check to its own file

	configure: move DTrace check to its own file

	configure: group all library checks together

	m4/virt-parted: use LIBVIRT_CHECK_PKG

	configure: move libparted check to its own file

	m4/virt-devmapper: use LIBVIRT_CHECK_(PKG|LIB)

	configure: move devmapper check to its own file

	configure: move pm-utils check to its own file

	configure: move nwfilter check to its own file

	configure: move version script check to one place

	configure: move windres check to its own file

	configure: move windows symbols check to its own file

	configure: move MinGW check to its own file

	configure: move Cygwin check to its own file

	configure: move windows common check to its own file
	This renames MSCOM_LIBS to WIN32_EXTRA_LIBS to make it consistent with
	WIN32_EXTRA_CFLAGS.

	configure: move libnl check to its own file

	configure: move virtualport check to its own file
	This patch moves the virtualport result out of *Driver* section because
	it's not a driver.

	configure: move macvtap check to its own file
	This patch moves the macvtap result out of *Driver* section because
	it's not a driver.

	m4/virt-libpcap: error out if asked for libpcap but it was not found

	m4/virt-libpcap: remove unreasonable dependency on QEMU
	Libpcap is used by nwfilter driver and it could be build without QEMU
	driver.

	configure: move libpcap check to its own file

	configure: move XDR check to its own file

	configure: move atomic check to its own file

	configure: move pthread check it its own file

	configure: move polkit check to its own file

	configure: move firewalld check to its own file

	configure: move with-driver-modules check to its own file
	Rename DRIVER_MODULE_(LDFLAGS|LIBS|CFLAGS) to unify the naming.

	configure: move dlopen check to its own file

	m4/virt-libxml: use LIBVIRT_CHECK_PKG

	m4/virt-libxml: use only pkg-config to check for libxml2
	Pkg-config file libxml-2.0.pc was introduced in libxml2-2.2.4 and we
	require at least 2.6.0 so the crazy xml2-config check can be dropped.

	configure: move libxml check to its own file

	m4/virt-lib: add new parameter to override default fail action
	This allows to use two or more LIBVIRT_CHECK_(LIB|LIB_ALT|PKG) macros
	for one library.  For example, when we check for existence of
	pgk-config file of some library and we know that not all versions of
	that library that libvirt requires provides this file, we can fallback
	to use library check.

	m4/virt: introduce LIBVIRT_ARG_* macros for all library checks
	Usage of AC_REQUIRE will mess with order how LIBVIRT_CHECK_* macros
	are composed into configure.ac.  This ensures that the output of
	configure --help is properly ordered and grouped into sections.

	m4/virt-lib: move LIBVIRT_ARG_WITH out of LIBVIRT_CHECK_(LIB|LIB_ALT|PKG)
	Following patch will update LIBVIRT_CHECK_(LIB|LIB_ALT|PKG) macros in
	a way that you will be able to call a another macro as a fallback if
	the first one fails.  To allow that, we need to move the
	LIBVIRT_ARG_WITH out of those macro to not have two or more same lines
	in output of "configure --help".

	configure: use LIBVIRT_ARG_ENABLE macro

	configure: use LIBVIRT_ARG_WITH(_ALT) macros

	m4/virt-lib: introduce LIBVIRT_ARG_ENABLE macro
	This macro helps create unified output of "configure --help".

	m4/virt-lib: introduce LIBVIRT_ARG_WITH(_ALT) macro
	These macros help create unified output of "configure --help".

	m4/virt: use LIBVIRT_RESULT macro instead of AC_MSG_NOTICE
	The LIBVIRT_RESULT does a nice formatting of the output and ensures
	that the format is unified.

	m4/virt: create result macros for the remaining virt check
	All checks that prints result at the end of configure uses
	LIBVIRT_RESULT_${CHECK_NAME}.  Create those macros for remaining check.

	configure: move external programs check to its own file

	configure: fix wireshark dissector configure output
	Commit 373973206aa moved wireshark dissector code to its own file but
	forgot to properly update configure.

	m4/virt-netcf: fix bug where we overwrite LIBS

2016-12-21  Cédric Bosdonnat  <cbosdonnat@suse.com>

	xen: add QED format test
	Follow up of commit 340bb6b7 to add unit tests for the QED format
	support. Also add missing QED case in xenFormatXLDisk()

2016-12-21  Guido Günther  <agx@sigxcpu.org>

	apparmor: pass attach_disconnected
	to cure

	 + virsh lxc-enter-namespace --noseclabel sl /bin/ls /bin/ls
	 libvirt:  error : Expected at least one file descriptor
	 error: internal error: Child process (2714) unexpected exit status 125

	caused by

	 apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

2016-12-20  John Ferlan  <jferlan@redhat.com>

	virsh: Allow display of the physical volume size
	Add a new qualifier '--physical' to the 'vol-info' command in order to
	dispaly the physical size of the volume. The size can differ from the
	allocation value depending on the volume file time. In particular, qcow2
	volumes will have a physical value larger than allocation. This also occurs
	for sparse files, although for those the capacity is the largest size;
	whereas, for qcow2 capacity is the logical size.

2016-12-20  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStorageVolInfoFlags
	https://bugzilla.redhat.com/show_bug.cgi?id=1332019

	This function will essentially be a wrapper to virStorageVolInfo in order
	to provide a mechanism to have the "physical" size of the volume returned
	instead of the "allocation" size. This will provide similar capabilities to
	the virDomainBlockInfo which can return both allocation and physical of a
	domain storage volume.

	NB: Since we're reusing the _virStorageVolInfo and not creating a new
	_virStorageVolInfoFlags structure, we'll need to generate the rpc APIs
	remoteStorageVolGetInfoFlags and remoteDispatchStorageVolGetInfoFlags
	(although both were originally created from gendispatch.pl and then
	just copied into daemon/remote.c and src/remote/remote_driver.c).

	The new API will allow the usage of a VIR_STORAGE_VOL_GET_PHYSICAL flag
	and will make the decision to return the physical or allocation value
	into the allocation field.

	In order to get that physical value, virStorageBackendUpdateVolTargetInfoFD
	adds logic to fill in physical value matching logic in qemuStorageLimitsRefresh
	used by virDomainBlockInfo when the domain is inactive.

2016-12-20  John Ferlan  <jferlan@redhat.com>

	conf: Display <physical> in output of voldef
	Although the virStorageBackendUpdateVolTargetInfo will update the
	target.physical value, there is no way to provide that information
	via the virStorageGetVolInfo API since it only returns the capacity
	and allocation of a volume. So as described in commit id '0282ca45',
	it should be possible to generate an output only <physical> value
	for that purpose.

	This patch generates the <physical> value in the volume XML output
	for the sole purpose of being able to view/see the value to allow
	someone to parse the XML in order to obtain the value.

	Update the documentation to describe the output only nature.

2016-12-20  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust qemuDomainGetBlockInfo data for sparse backed files
	According to commit id '0282ca45a' the 'physical' value should
	essentially be the last offset of the image or the host physical
	size in bytes of the image container. However, commit id '15fa84ac'
	refactored the GetBlockInfo to use the same returned data as the
	GetStatsBlock API for an active domain. For the 'entry->physical'
	that would end up being the "actual-size" as set through the
	qemuMonitorJSONBlockStatsUpdateCapacityOne (commit '7b11f5e5').
	Digging deeper into QEMU code one finds that actual_size is
	filled in using the same algorithm as GetBlockInfo has used for
	setting the 'allocation' field when the domain is inactive.

	The difference in values is seen primarily in sparse raw files
	and other container type files (such as qcow2), which will return
	a smaller value via the stat API for 'st_blocks'. Additionally
	for container files, the 'capacity' field (populated via the
	QEMU "virtual-size" value) may be slightly different (smaller)
	in order to accomodate the overhead for the container. For
	sparse files, the state 'st_size' field is returned.

	This patch thus alters the allocation and physical values for
	sparse backed storage files to be more appropriate to the API
	contract. The result for GetBlockInfo is the following:

	 capacity: logical size in bytes of the image (how much storage
	           the guest will see)
	 allocation: host storage in bytes occupied by the image (such
	             as highest allocated extent if there are no holes,
	             similar to 'du')
	 physical: host physical size in bytes of the image container
	           (last offset, similar to 'ls')

	NB: The GetStatsBlock API allows a different contract for the
	values:

	 "block.<num>.allocation" - offset of the highest written sector
	                            as unsigned long long.
	 "block.<num>.capacity" - logical size in bytes of the block device
	                          backing image as unsigned long long.
	 "block.<num>.physical" - physical size in bytes of the container
	                          of the backing image as unsigned long long.

2016-12-20  Michal Privoznik  <mprivozn@redhat.com>

	examples: Resolve sign-compare warnings
	For instance:

	hellolibvirt/hellolibvirt.c: In function 'showDomains':
	hellolibvirt/hellolibvirt.c:100:19: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
	     for (i = 0; i < numNames; i++) {
	                   ^

2016-12-20  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	tests: Add tests for disk configuration validation
	Add tests for controller based disks to check disk address compatibility
	with disk bus types.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-12-20  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: Detect misconfiguration between disk bus and disk address
	This patch detects a misconfiguration between the disk bus type and disk
	address type for controller based disk buses (SATA, SCSI, FDC and
	IDE). The addresses of these bus types are all managed in common code so
	it's possible to decide in common code whether the disk address and bus
	type are compatible or not.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-12-20  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: qemuDomainDiskChangeSupported: Add missing 'address' check
	Disk->info is not live updatable so add a check for this. Otherwise
	libvirt reports success even though no data was updated.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-12-20  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: Make virDomainDeviceInfoAddressIsEqual() public
	This function will be needed by the QEMU driver in an upcoming
	patch. Additionally, removed a useless empty line.

2016-12-20  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	cgroup: reduce complexity of controller disabling
	This patch reduces the complexity of the filtering algorithm in
	virCgroupDetect by first correcting the controller mask and then
	checking for potential co-mounts without any correlating
	controller mask modifications.

	If you agree that this patch removes complexity and improves
	readability it could simply be squashed into the first patch
	of this series.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>

2016-12-20  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	cgroup: unavailable controller prevents controller disabling
	The cgroup controller filtering in virCgroupDetect does not work
	properly if the following conditions are met:
	1) the host system does not have a cgroup controller which
	libvirt requests (unavailable controller) and
	2) libvirt is configured to disable a controller (disabled controller) and
	3) the disabled controller is located before the unavailable controller
	in virCgroupController.

	As an example: The memory controller is unavailable and the cpuset
	controller is configured to be disabled.
	In this scenario trying to start a domain results in the error
	error: Controller 'cpuset' is not wanted, but 'memory' is co-mounted: Invalid argument

	This error occurs when virCgroupDetect is called with a valid parent group.
	The resulting group created by virCgroupCopyMounts holds for cpuset and
	memory controller empty mount points. The filtering of disabled controllers
	checks for co-mounts by comparing the mount points. The cpuset controller
	causes the filtering to occur before the memory controller is marked as to be
	ignored by modifying the controller mask since it is unavailable.
	Therefore the co-mount detection logic compares the cpuset and memory controller
	mount points and since both are empty the memory controller is regarded
	erroneously as being co-mounted.

	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-12-19  Peter Krempa  <pkrempa@redhat.com>

	locking: Fix documentation on how automatic sanlock leases are stored
	s/MD5 checkout/MD5 hash/

2016-12-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Save monitor error prior to calling into lock manager
	The error would be overwritten otherwise producing a meaningless error
	message.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1302171

2016-12-19  Daniel P. Berrange  <berrange@redhat.com>

	docs: link to news file and other resources
	In the website reorg we accidentally lost all links to the nice
	reformatted news.html file. Add a link on the front page, and
	also extend the download page table so that it includes links
	to API docs and news files for each module (where available)

2016-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Point to the new libvirt-go bindings
	The github.com/rgbkrk/libvirt-go bindings were the most complete
	bindings historically, but their API coverage stops at 1.2.4,
	with exception of a couple of newer APIs.

	The new bindings at http://libvirt.org/git/?p=libvirt-go.git;a=log
	how have (almost[1]) 100% API coverage all the way to 2.5.0. They also
	expose the APIs in a way that allows for much stronger go type
	checking by the compiler, and expose typed parameters as explicit
	structs. Finally the bindings are able to conditionally compile against
	any libvirt version 1.2.0 -> 2.5.0 without use of go build tags.

	Change the docs to point to these new bindings, since they'll be
	a better bet for users long term.

	[1] virEvent & virStream callbacks are still TODO to be fixed
	    real soon.

2016-12-19  Jiri Denemark  <jdenemar@redhat.com>

	network: Add support for local PTR domains
	Similarly to localOnly DNS domain, localPtr attribute can be used to
	tell the DNS server not to forward reverse lookups for unknown IPs which
	belong to the virtual network.

2016-12-19  Jiri Denemark  <jdenemar@redhat.com>

	util: Introduce virSocketAddrPTRDomain
	The API creates PTR domain which corresponds to a given addr/prefix.
	Both IPv4 and IPv6 addresses are supported, but the prefix must be
	divisible by 8 for IPv4 and divisible by 4 for IPv6.

	The generated PTR domain has the following format

	IPv4: 1.2.3.4.in-addr.arpa
	IPv6: 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.arpa

2016-12-19  Jiri Denemark  <jdenemar@redhat.com>

	conf: Make virNetworkIPDefParseXML a little bit saner
	Iterating over all child nodes when we only support one instance of each
	child is pretty weird. And it would even cause memory leaks if more
	than one <tftp> element was specified.

2016-12-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: block copy: Forbid block copy to relative paths
	Similarly to 29bb066915 forbid paths used with blockjobs to be relative.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300177

2016-12-16  Michal Privoznik  <mprivozn@redhat.com>

	virfile: Support bind mount only on linux
	Other systems (despite having sys/mount.h) do not support bind
	mounts.

	qemu: Mark more namespace code linux-only
	Some of the functions are not called on non-linux platforms
	which makes them useless there.

	configure: Link witch -lacl only on linux
	There's no -lacl on FreeBSD.

2016-12-16  Daniel P. Berrange  <berrange@redhat.com>

	Make use of PERF_COUNT_HW_REF_CPU_CYCLES conditional
	The PERF_COUNT_HW_REF_CPU_CYCLES constant is not available
	on all Linux distros libvirt targets, so its use must be
	made conditional. Other constant have existed long enough
	that we can assume they exist, as we don't support very
	old distros like RHEL-5 any more.

2016-12-16  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	docs: document cpu host-passthrough migration issue
	Documents in formatdomain.html that when migrating a guest
	defined with the host-passthrough CPU model from a machine that
	is running on a newer CPU model than the destination machine's
	CPU model, it is very likely that the guest will crash upon
	arrival.

2016-12-15  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	perf: add ref_cpu_cycles perf event support
	This patch adds support and documentation for
	the ref_cpu_cycles perf event.

	perf: add stalled_cycles_backend perf event support
	This patch adds support and documentation for
	the stalled_cycles_backend perf event.

	perf: add stalled_cycles_frontend perf event support
	This patch adds support and documentation
	for the stalled_cycles_frontend perf event.

	perf: add bus_cycles perf event support
	This patch adds support and documentation
	for the bus_cycles perf event.

2016-12-15  Erik Skultety  <eskultet@redhat.com>

	admin: Update the news file to include the new logging features

	admin: Add an example demonstrating how to use the logging APIs
	Provide a simple C example demonstrating the use of both query APIs as
	well as setter APIs.

	virt-admin: Wire-up the logging APIs
	Finally, now that all APIs have been introduced, wire them up to virt-admin
	and introduce daemon-log-outputs and daemon-log-filters commands.

	admin: Introduce virAdmConnectSetLoggingFilters
	Enable libvirt users to modify logging filters of a daemon from outside.

	admin: Introduce virAdmConnectSetLoggingOutputs
	Enable libvirt users to modify daemon's logging output settings from outside.
	If either an empty string or NULL is passed, a default logging output will be
	used the same way as it would be in case writing an empty string to the
	libvirtd.conf

	admin: Introduce virAdmConnectGetLoggingFilters
	Enable libvirt users to query logging filter settings.

	admin: Introduce virAdmConnectGetLoggingOutputs
	Enable libvirt users to query logging output settings.

	daemon: Hook up the virLog{Get,Set}DefaultOutput to the daemon's init routine
	Now that virLog{Get,Set}DefaultOutput routines are introduced we can wire them
	up to the daemon's logging initialization code. Also, change the order of
	operations a bit so that we still strictly honor our precedence of settings:
	cmdline > env > config now that outputs and filters are not appended anymore.

	admin: Allow passing NULL to virLogSetOutputs
	Along with an empty string, it should also be possible for users to pass
	NULL to the public APIs which in turn would trigger a routine(future
	work) responsible for defining an appropriate default logging output
	given the current circumstances.

2016-12-15  Erik Skultety  <eskultet@redhat.com>

	virlog: Introduce virLog{Get,Set}DefaultOutput
	These helpers will manage the log destination defaults (fetch/set). The reason
	for this is to stay consistent with the current daemon's behaviour with respect
	to /etc/libvirt/<daemon>.conf file, since both assignment of an empty string
	or not setting the log output variable at all trigger the daemon's decision on
	the default log destination which depends on whether the daemon runs daemonized
	or not.
	This patch also changes the logic of the selection of the default
	logging output compared to how it is done now. The main difference though is
	that we should only really care if we're running daemonized or not, disregarding
	the fact of (not) having a TTY completely (introduced by commit eba36a3878) as
	that should be of the libvirtd's parent concern (what FD it will pass to it).

	 Before:
	 if (godaemon || !hasTTY):
	     if (journald):
	         use journald

	 if (godaemon):
	     if (privileged):
	         use SYSCONFIG/libvirtd.log
	     else:
	         use XDG_CONFIG_HOME/libvirtd.log
	 else:
	     use stderr

	 After:
	 if (godaemon):
	     if (journald):
	         use journald

	     else:
	         if (privileged):
	             use SYSCONFIG/libvirtd.log
	         else:
	             use XDG_CONFIG_HOME/libvirtd.log
	 else:
	     use stderr

2016-12-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't attempt to resume cpus if they were not paused
	External disk-only snapshots with recent enough qemu don't require
	libvirt to pause the VM. The logic determining when to resume cpus was
	slightly flawed and attempted to resume them even if they were not
	paused by the snapshot code. This normally was not a problem, but with
	locking enabled the code would attempt to acquire the lock twice.

	The fallout of this bug would be a error from the API, but the actual
	snapshot being created. The bug was introduced with when adding support
	for external snapshots with memory (checkpoints) in commit f569b87.

	Resolves problems described by:
	https://bugzilla.redhat.com/show_bug.cgi?id=1403691

2016-12-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Don't resume lockspaces in resume event handler
	After qemu delivers the resume event it's already running and thus it's
	too late to enter lockspaces since it may already have modified the
	disk. The code only creates false log entries in the case when locking
	is enabled. The lockspace needs to be acquired prior to starting cpus.

2016-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Enable mount namespace
	https://bugzilla.redhat.com/show_bug.cgi?id=1404952

	qemu: Let users opt-out from containerization
	Given how intrusive previous patches are, it might happen that
	there's a bug or imperfection. Lets give users a way out: if they
	set 'namespaces' to an empty array in qemu.conf the feature is
	suppressed.

	qemu: Manage /dev entry on RNG hotplug
	When attaching a device to a domain that's using separate mount
	namespace we must maintain /dev entries in order for qemu process
	to see them.

	qemu: Manage /dev entry on chardev hotplug
	When attaching a device to a domain that's using separate mount
	namespace we must maintain /dev entries in order for qemu process
	to see them.

	qemu: Manage /dev entry on hostdev hotplug
	When attaching a device to a domain that's using separate mount
	namespace we must maintain /dev entries in order for qemu process
	to see them.

	qemu: Manage /dev entry on disk hotplug
	When attaching a device to a domain that's using separate mount
	namespace we must maintain /dev entries in order for qemu process
	to see them.

	qemu: Enter the namespace on relabelling
	Instead of trying to fix our security drivers, we can use a
	simple trick to relabel paths in both namespace and the host.
	I mean, if we enter the namespace some paths are still shared
	with the host so any change done to them is visible from the host
	too.
	Therefore, we can just enter the namespace and call
	SetAllLabel()/RestoreAllLabel() from there. Yes, it has slight
	overhead because we have to fork in order to enter the namespace.
	But on the other hand, no complexity is added to our code.

	qemu: Prepare RNGs when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

	qemu: Prepare inputs when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

	qemu: Prepare TPM when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

	qemu: Prepare chardevs when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

	qemu: Prepare hostdevs when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

	qemu: Prepare disks when starting a domain
	When starting a domain and separate mount namespace is used, we
	have to create all the /dev entries that are configured for the
	domain.

2016-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Spawn qemu under mount namespace
	Prime time. When it comes to spawning qemu process and
	relabelling all the devices it's going to touch, there's inherent
	race with other applications in the system (e.g. udev). Instead
	of trying convincing udev to not touch libvirt managed devices,
	we can create a separate mount namespace for the qemu, and mount
	our own /dev there. Of course this puts more work onto us as we
	have to maintain /dev files on each domain start and device
	hot(un-)plug. On the other hand, this enhances security also.

	From technical POV, on domain startup process the parent
	(libvirtd) creates:

	  /var/lib/libvirt/qemu/$domain.dev
	  /var/lib/libvirt/qemu/$domain.devpts

	The child (which is going to be qemu eventually) calls unshare()
	to create new mount namespace. From now on anything that child
	does is invisible to the parent. Child then mounts tmpfs on
	$domain.dev (so that it still sees original /dev from the host)
	and creates some devices (as explained in one of the previous
	patches). The devices have to be created exactly as they are in
	the host (including perms, seclabels, ACLs, ...). After that it
	moves $domain.dev mount to /dev.

	What's the $domain.devpts mount there for then you ask? QEMU can
	create PTYs for some chardevs. And historically we exposed the
	host ends in our domain XML allowing users to connect to them.
	Therefore we must preserve devpts mount to be shared with the
	host's one.

	To make this patch as small as possible, creating of devices
	configured for domain in question is implemented in next patches.

2016-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu_cgroup: Expose defaultDeviceACL
	This is a list of devices that qemu needs for its run (apart from
	what's configured for domain). The devices on the list are
	enabled in the CGroups by default so they will be good candidates
	for initial /dev for new qemu.

	virscsivhost: Introduce virSCSIVHostDeviceGetPath
	We will need this function in near future so that we know what
	/dev device corresponds to the SCSI device.

	virscsi: Introduce virSCSIDeviceGetPath
	We will need this function in near future so that we know what
	/dev device corresponds to the SCSI device.

	virusb: Introduce virUSBDeviceGetPath
	We will need this function in near future so that we know what
	/dev device corresponds to the USB device.

	virfile: Introduce ACL helpers
	Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and
	virFileCopyACLs. These functions are going to be required when we
	are creating /dev for qemu. We have copy anything that's in
	host's /dev exactly as is. Including ACLs.

	virfile: Introduce virFileSetupDev
	This part of code that LXC currently uses will be reused so move
	to a generic function.

	virprocess: Introduce virProcessSetupPrivateMountNS
	This part of code that LXC currently uses will be reused so move
	to a generic function.

2016-12-14  Joao Martins  <joao.m.martins@oracle.com>

	libxl: reverse defaults on HVM net device attach
	libvirt libxl picks its own default with respect to the default NIC
	to use. libxlMakeNic is the one responsible for this and on boot it
	picks LIBXL_NIC_TYPE_VIF_IOEMU for HVM domains such that it accomodates
	both PV and emulated one. The good behaving guest at boot will then
	select the pv and unplug the emulated device.

	Now, on HVM when attaching an interface it will pick the same default
	that is LIBXL_NIC_TYPE_VIF_IOEMU which as a result will fail the attach
	(see xen commit 32e9d0f ("libxl: nic type defaults to vif in hotplug for
	hvm guest"). Xen doesn't yet support the hotplug of emulated devices,
	but we don't want to rule out that case either, which might get support
	in the future. Hence we simply reverse the defaults when we are
	attaching the interface which allows libvirt to prefer the PV nic first
	without adding "model='netfront'" following the same pattern as above
	commit. Also to avoid ruling out the emulated one we set to
	LIBXL_NIC_TYPE_IOEMU when setting a model type that is not 'netfront'.

2016-12-14  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: add QED disk format support
	If libxl has QED disk format support, then pass the feature
	over to the user.

2016-12-14  Cédric Bosdonnat  <cbosdonnat@suse.com>

	xenconfig: add default in xenParseXLDisk()'s switches
	Without a default: case in the switches in xenParseXLDisk(), build
	would fail with every new disk backend or image format added in libxl,
	as this is the case in this error:

	http://logs.test-lab.xenproject.org/osstest/logs/103325/build-amd64-libvirt/5.ts-libvirt-build.log

2016-12-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove reference to enum that never existed
	The virDomainSendProcessSignal method says the flags values
	come from virDomainProcessSignalFlag, but this enum has
	never existed. No flags are needed for this method.

2016-12-14  Jiri Denemark  <jdenemar@redhat.com>

	virjson: Remove const from virJSONValueObjectForeachKeyValue
	Almost none of our virJSONValue*Get* functions accept const virJSONValue
	pointers and it wouldn't even make sense since we sometimes modify what
	we get. And because there is no reason for preventing callers of
	virJSONValueObjectForeachKeyValue from modifying the values they get in
	each iteration we can just stop doing it.

	schema: Let elements in /network/ip be specified in any order

2016-12-14  Daniel P. Berrange  <berrange@redhat.com>

	Avoid variable named 'stat'
	Using a variable named 'stat' clashes with the system function
	'stat()' causing compiler warnings on some platforms

	cc1: warnings being treated as errors
	../../src/qemu/qemu_monitor_text.c: In function 'parseMemoryStat':
	../../src/qemu/qemu_monitor_text.c:604: error: declaration of 'stat' shadows a global declaration [-Wshadow]
	/usr/include/sys/stat.h:455: error: shadowed declaration is here [-Wshadow]

2016-12-14  Jiri Denemark  <jdenemar@redhat.com>

	tests: Check more network XMLs for schema compliance
	This revealed bugs in RNG schema for /network/dns/srv.

2016-12-14  Peter Krempa  <pkrempa@redhat.com>

	log: Fix loading of conf file for log daemon
	'log_outputs' would be read into the variable for log_filters

	lock: Fix loading of config file for the lock daemon
	'log_outputs' would be read into the variable for log_filters

2016-12-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Allow use of hot plugged host CPUs if no affinity set
	If the cpuset cgroup controller is disabled in /etc/libvirt/qemu.conf
	QEMU virtual machines can in principle use all host CPUs, even if they
	are hot plugged, if they have no explicit CPU affinity defined.

	However, there's libvirt code supposed to handle the situation where
	the libvirt daemon itself is not using all host CPUs. The code in
	qemuProcessInitCpuAffinity attempts to set an affinity mask including
	all defined host CPUs. Unfortunately, the resulting affinity mask for
	the process will not contain the offline CPUs. See also the
	sched_setaffinity(2) man page.

	That means that even if the host CPUs come online again, they won't be
	used by the QEMU process anymore. The same is true for newly hot
	plugged CPUs. So we are effectively preventing that QEMU uses all
	processors instead of enabling it to use them.

	It only makes sense to set the QEMU process affinity if we're able
	to actually grow the set of usable CPUs, i.e. if the process affinity
	is a subset of the online host CPUs.

	There's still the chance that for some reason the deliberately chosen
	libvirtd affinity matches the online host CPU mask by accident. In this
	case the behavior remains as it was before (CPUs offline while setting
	the affinity will not be used if they show up later on).

	Tested-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>

2016-12-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	util: Allow to query the presence of host CPU bitmaps
	The functions to retrieve online and present host CPU information
	are only supported on Linux for the time being.

	This leads to runtime errors if these function are used on other
	platforms. To avoid that, code in higher levels using the functions
	must replicate the conditional compilation in higher level which
	is error prone (and is plainly spoken ugly).

	Adding a function virHostCPUHasBitmap that can be used to check
	for host CPU bitmap support.

	NB: There are other functions including the host CPU count that
	are lacking support on all platforms, but they are too essential
	in order to be bypassed.

2016-12-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix virQEMUCapsFindTarget on ppc64le
	virQEMUCapsFindTarget is supposed to find an alternative QEMU binary if
	qemu-system-$GUEST_ARCH doesn't exist. The alternative is using host
	architecture when it is compatible with $GUEST_ARCH. But a special
	treatment has to be applied for ppc64le since the QEMU binary is always
	called qemu-system-ppc64.

	Broken by me in v2.2.0-171-gf2e71550d.

	https://bugzilla.redhat.com/show_bug.cgi?id=1403745

2016-12-13  John Ferlan  <jferlan@redhat.com>

	docs: Update formatstorage to match code for pool path
	Seems commit id '0257d06b' forgot to include formatstorage when updating
	the docs to describe allowing zfs as a pool type and to furthermore note
	that the pool's target path element will be generated rather than read.

	Similarly commit id 'efab27afb' neglected to indicate that the target path
	for a logical pool will now be generated by libvirt.

2016-12-13  Jiri Denemark  <jdenemar@redhat.com>

	formatnetwork: Cleanup /network/ip documentation

	formatnetwork: Properly mark attributes of /network/dns/srv

	formatnetwork: Remove extra white space in examples

	formatnetwork: Split long lines
	Let's make sure all examples fit into their grey boxes.

	formatnetwork: Remove useless </route>
	Almost all XML examples use <tag .../> rather than <tag ...></tag> if
	the element is empty. Let's remove the two instances of the latter.

2016-12-13  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	perf: add branch_misses perf event support
	This patch adds support and documentation
	for the branch_misses perf event.

2016-12-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: take monitor lock in qemuAgentNotifyEvent
	qemuAgentNotifyEvent accesses monitor structure and is called on qemu
	reset/shutdown/suspend events under domain lock. Other monitor
	functions on the other hand take monitor lock and don't hold domain lock.
	Thus it is possible to have risky simultaneous access to the structure
	from 2 threads. Let's take monitor lock here to make access exclusive.

	qemu: don't use vm when lock is dropped in qemuDomainGetFSInfo
	Current call to qemuAgentGetFSInfo in qemuDomainGetFSInfo is
	unsafe. Domain lock is dropped and we use vm->def. Let's make
	def copy to fix that.

	qemu: agent: fix uninitialized var case in qemuAgentGetFSInfo
	In case of 0 filesystems *info is not set while according
	to virDomainGetFSInfo contract user should call free on it even
	in case of 0 filesystems. Thus we need to properly set
	it. NULL will be enough as free eats NULLs ok.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	news: Add news entry for qemuDomainGetBlockInfo adjustments

2016-12-12  John Ferlan  <jferlan@redhat.com>

	qemu: Fix GetBlockInfo setting allocation from wr_highest_offset
	The libvirt-domain.h documentation indicates that for a qcow2 file
	in a filesystem being used for a backing store should report the disk
	space occupied by a file; however, commit id '15fa84ac' altered the
	code to trust that the wr_highest_offset should be used whenever
	wr_highest_offset_valid was set.

	As it turns out this will lead to indeterminite results. For an active
	domain when qemu hasn't yet had the need to find the wr_highest_offset
	value, qemu will report 0 even though qemu-img will report the proper
	disk size. This causes reporting of the following XML:

	  <disk type='file' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source file='/path/to/test-1g.qcow2'/>

	to be as follows:

	Capacity:       1073741824
	Allocation:     0
	Physical:       1074139136

	with qemu-img indicating:

	image: /path/to/test-1g.qcow2
	file format: qcow2
	virtual size: 1.0G (1073741824 bytes)
	disk size: 1.0G

	Once the backing source file is opened on the guest, then wr_highest_offset
	is updated, but only to the high water mark and not the size of the file.

	This patch will adjust the logic to check for the file backed qcow2 image
	and enforce setting the allocation to the returned 'physical' value, which
	is the 'actual-size' value from a 'query-block' operation.

	NB: The other consumer of the wr_highest_offset output (GetAllDomainStats)
	has a contract that indicates 'allocation' is the offset of the highest
	written sector, so it doesn't need adjustment.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	util: Introduce virStorageSourceUpdateCapacity
	Instead of having duplicated code in qemuStorageLimitsRefresh and
	virStorageBackendUpdateVolTargetInfo to get capacity specific data
	about the storage backing source or volume -- create a common API
	to handle the details for both.

	As a side effect, virStorageFileProbeFormatFromBuf returns to being
	a local/static helper to virstoragefile.c

	For the QEMU code - if the probe is done, then the format is saved so
	as to avoid future such probes.

	For the storage backend code, there is no need to deal with the probe
	since we cannot call the new API if target->format == NONE.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	util: Introduce virStorageSourceUpdateBackingSizes
	Instead of having duplicated code in qemuStorageLimitsRefresh and
	virStorageBackendUpdateVolTargetInfoFD to fill in the storage backing
	source or volume allocation, capacity, and physical values - create a
	common API that will handle the details for both.

	The common API will fill in "default" capacity values as well - although
	those more than likely will be overridden by subsequent code. Having just
	one place to make the determination of what the values should be will
	make things be more consistent.

	For the QEMU code - the data filled in will be for inactive domains
	for the GetBlockInfo and DomainGetStatsOneBlock API's. For the storage
	backend code - the data will be filled in during the volume updates.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	util: Introduce virStorageSourceUpdatePhysicalSize
	Commit id '8dc27259' introduced virStorageSourceUpdateBlockPhysicalSize
	in order to retrieve the physical size for a block backed source device
	for an active domain since commit id '15fa84ac' changed to use the
	qemuMonitorGetAllBlockStatsInfo and qemuMonitorBlockStatsUpdateCapacity
	API's to (essentially) retrieve the "actual-size" from a 'query-block'
	operation for the source device.

	However, the code only was made functional for a BLOCK backing type
	and it neglected to use qemuOpenFile, instead using just open. After
	the open the block lseek would find the end of the block and set the
	physical value, close the fd and return.

	Since the code would return 0 immediately if the source device wasn't
	a BLOCK backed device, the physical would be displayed incorrectly,
	such as follows in domblkinfo for a file backed source device:

	Capacity:       1073741824
	Allocation:     0
	Physical:       0

	This patch will modify the algorithm to get the physical size for other
	backing types and it will make use of the qemuDomainStorageOpenStat
	helper in order to open/stat the source file depending on its type.
	The qemuDomainGetStatsOneBlock will no longer inhibit printing errors,
	but it will still ignore them leaving the physical value set to 0.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce helper qemuDomainStorageUpdatePhysical
	Currently just a shim to call virStorageSourceUpdateBlockPhysicalSize

2016-12-12  John Ferlan  <jferlan@redhat.com>

	qemu: Add helpers to handle stat data for qemuStorageLimitsRefresh
	Split out the opening of the file and fetch of the stat buffer into a
	helper qemuDomainStorageOpenStat. This will handle either opening the
	local or remote storage.

	Additionally split out the cleanup of that into a separate helper
	qemuDomainStorageCloseStat which will either close the file or
	call the virStorageFileDeinit function.

2016-12-12  John Ferlan  <jferlan@redhat.com>

	qemu: Clean up description for qemuStorageLimitsRefresh
	Originally added by commit id '89646e69' prior to commit id '15fa84ac'
	and '71d2c172' which ensured that qemuStorageLimitsRefresh was only called
	for inactive domains.

	Adjust the comment describing the need for FIXME and move all the text
	to the function description.

2016-12-12  intrigeri  <intrigeri+libvirt@boum.org>

	AppArmor: allow QEMU to set_process_name.
	https://bugzilla.redhat.com/show_bug.cgi?id=1369281

	Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>

2016-12-12  intrigeri  <intrigeri@debian.org>

	AppArmor policy: support merged-/usr.
	Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>

2016-12-11  John Ferlan  <jferlan@redhat.com>

	docs: Adjust pool/vol target output
	Looks like the <timestamps> and <encryption> were put in the wrong
	place... They're not <pool> elements, rather they are <volume> elements

	docs: Replace missing description for perf.cpu_cycles
	Lost during merge of commit id '8546adf80' and '585ad00b5'

2016-12-09  Peter Krempa  <pkrempa@redhat.com>

	virsh: maxvcpus: Always fall back to the old command if domain caps fail
	1ec22be5 added code that detects the maximum cpu count according to
	domain capabilities. The code fell back to the old command only if the
	API was not supported. If the API fails for other reasons the command
	would fail. There's no point in not trying the old API in such case.

	https://bugzilla.redhat.com/show_bug.cgi?id=1402690

2016-12-09  Pavel Glushchak  <pglushchak@virtuozzo.com>

	vz: added VIR_MIGRATE_NON_SHARED_INC migration flag support
	This flag is used in Virtuozzo backend implicitly, thus
	we need to support it and don't fail if it's set.

	vz: set PVMT_DONT_CREATE_DISK migration flag
	This flag tells backend not to create instance
	disks making behavior the same as in qemu driver.
	Disk files have to be created beforehand on target
	host manually or by upper management layer i.e.
	OpenStack Nova.

2016-12-09  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: Fix xml dump of autogenerated websocket
	When save/migrate a domain and we autogenerated a port, then if we
	print the inactive domain config, write out a -1 for the socket value;
	otherwise, it's possible that the subsequent start will fail if the
	autogenerated websocket used conflicts with an existing running config
	that also used autogenerated websockets.

	Examples:

	== A. Can not restore domain with autoconfigured websocket.

	domain 1 and 2 have autoconfigured websocket.

	1. domain 1 is started then, saved
	2. domain 2 is started
	3. domain 1 restoration is failed:

	error: internal error: qemu unexpectedly closed the monitor: 2016-11-21T10:23:11.356687Z
	qemu-kvm: -vnc 0.0.0.0:2,websocket=5700: Failed to start VNC server on `(null)':
	Failed to bind socket: Address already in use

	== B. Can not migrate domain with autoconfigured websocket.

	domain 1 on host A, domain 2 on host B, both have autoconfigured websocket

	1. domain 1 started, domain 2 started
	2. domain 1 migration to host B is failed with the above error.

2016-12-09  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: mark user defined websocket as used
	We need extra state variable to distinguish between autogenerated
	and user defined cases after auto generation is done.

	qemu: Refactor qemuProcessGraphicsReservePorts
	Use switch for enums rather than if/else conditions.

2016-12-09  Michal Privoznik  <mprivozn@redhat.com>

	vsh: Mark some function arguments as unused
	Some arguments in vshErrorHandler, vshReadlineCompletion and
	cmdSelfTest functions are not used. Mark them as such.

	qemuGetDomainHugepagePath: Initialize @ret
	The variable may be used uninitialized in this function.

2016-12-09  Mehdi Abaakouk  <sileht@redhat.com>

	Move virstat.c code to virnetdevtap.c
	This is just a code move of virstat.c to virnetdevtap.c

2016-12-09  Mehdi Abaakouk  <sileht@redhat.com>

	virstat: fix signature of virstat helper
	In preparation to the code move to virnetdevtap.c, this change:

	* renames virNetInterfaceStats to virNetDevTapInterfaceStats
	* changes 'path' to 'ifname', to use the same vocable as other
	  method in virnetdevtap.c.
	* Add the attributes checker

2016-12-09  Mehdi Abaakouk  <sileht@redhat.com>

	Gathering vhostuser interface stats with ovs
	When vhostuser interfaces are used, the interface statistics
	are not available in /proc/net/dev.

	This change looks at the openvswitch interfaces statistics
	tables to provide this information for vhostuser interface.

	Note that in openvswitch world drop/error doesn't always make sense
	for some interface type. When these informations are not available we
	set them to 0 on the virDomainInterfaceStats.

2016-12-08  John Ferlan  <jferlan@redhat.com>

	nss: Need to check error condition on virJSONValueArraySize
	If the 'nleases < 0' on return, then the subsequent call to
	findLeaseInJSON will not produce the expected results (passed
	in as a size_t, but nleases is a ssize_t).  So check if the
	returned value < 0 and if so, goto cleanup.

	Found by Coverity as a NEGATIVE_RETURNS event

2016-12-08  John Ferlan  <jferlan@redhat.com>

	tests: Fix virmacmaptest when allocation fails
	If the allocation fails in DO_TEST_FLUSH_PROLOGUE, then 'mgr == NULL',
	but the code continues on - which won't be good. So modify the macro
	to cause an immediate failure and jump to a cleanup label.

	Found by Coverity as FORWARD_NULL event.

2016-12-08  John Ferlan  <jferlan@redhat.com>

	news: Add description for perf.branch_instructions

2016-12-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't try to find compression program for "raw" memory images
	There's nothing to compress if the requested snapshot memory format is
	set to 'raw' explicitly. After commit 9e14689ea libvirt would try to
	run /sbin/raw to process the memory stream if the qemu.conf option
	snapshot_image_format is set.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1402726

2016-12-08  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: monitor now holds a reference to the domain
	If the monitor doesn't hold a reference to the domain object
	the object may be destroyed before the monitor actually stops.

2016-12-08  Michal Privoznik  <mprivozn@redhat.com>

	security: Drop virSecurityManagerSetHugepages
	Since its introduction in 2012 this internal API did nothing.
	Moreover we have the same API that does exactly the same:
	virSecurityManagerDomainSetPathLabel.

2016-12-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Create hugepage path on per domain basis
	If you've ever tried running a huge page backed guest under
	different user than in qemu.conf, you probably failed. Problem is
	even though we have corresponding APIs in the security drivers,
	there's no implementation and thus we don't relabel the huge page
	path. But even if we did, so far all of the domains share the
	same path:

	   /hugepageMount/libvirt/qemu

	Our only option there would be to set 0777 mode on the qemu dir
	which is totally unsafe. Therefore, we can create dir on
	per-domain basis, i.e.:

	   /hugepageMount/libvirt/qemu/domainName

	and chown domainName dir to the user that domain is configured to
	run under.

2016-12-08  Michal Privoznik  <mprivozn@redhat.com>

	virDomainObjGetShortName: take virDomainDef
	So far this function takes virDomainObjPtr which:
	1) is an overkill,
	2) might be not available in all the places we will use it.

2016-12-08  Martin Kletzander  <mkletzan@redhat.com>

	conf: Make scheduler formatting simpler
	Since the great rework of how we store vcpu- and iothread-related
	data, we have overly complex part of code that is trying to format the
	scheduler tuning data in as less lines as possible by grouping
	settings for multiple threads.  That was designed as an input syntax
	sugar for users, but we don't need to also use that when formatting
	the XML.  Switching to simple enumeration makes the code nicer,
	shorter and more welcoming to future changes.

2016-12-08  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Package libnss_libvirt_guest.so.2
	In 22f7ceb695a I've introduced another NSS module
	but forgot to package it in libvirt-nss.rpm.

2016-12-08  Daniel P. Berrange  <berrange@redhat.com>

	test: fix screenshot API impl
	When redoing the website we deleted the libvirtLogo.png file
	not remembering that the test driver screenshot API impl
	relied on it.

	Rather than having the test driver use the logo as a side
	effect, give it its own dedicated image to use. This is
	installed in /usr/share/libvirt/test-screenshot.png and
	is taken from a NeXT Cube running WorldWideWeb[1]. The
	very first web browser in existance, running on the
	hardware it was originally written on.

	[1] https://en.wikipedia.org/wiki/WorldWideWeb

2016-12-07  Pavel Hrdina  <phrdina@redhat.com>

	configure: sort libvirt macros

	m4/virt-lib: properly pass header_name in LIBVIRT_CHECK_LIB(_ALT)
	The *header_name* cannot be quoted, otherwise it is not translated to
	the passed argument.  Without this fix the generated configure contains
	*ac_cv_header_header_name*, but there should be for example
	*ac_cv_header_sals_sasl_h* for "sasl/sasl.h".

	configure: remove check for CPUID
	This check is not required because all i386 and x86_64 cpus have the
	cpuid instruction.

	configure: cleanup openwsman leftovers
	Commit a99bfb4b moved openwsman to its own file but forget to remove
	those few lines.

2016-12-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Add gluster.debug_level detection for 2.8.0+
	Qemu 2.8.0+ changes arguments structure for blockdev-add in the effort
	to make it finally stable. Since libvirt recently added the detection of
	gluster debug support relying on the old syntax we need to add the new
	as well.

	test: qemucaps: Bump 2.8.0 state to current master
	Qemu decided to change a parameter name in rc-state which was not
	captured by the 2.8.0 data. Bump it to current version.

2016-12-07  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	perf: add one more perf event support
	With current perf framework, this patch adds support and documentation
	for the branch_instructions perf event.

2016-12-07  John Ferlan  <jferlan@redhat.com>

	docs: Fix code example formatting for virDomainInterfaceAddresses
	Adjust the spacing so that the code examples are display in the code/text
	box rather than just as paragraph text.

	docs: Adjust formatting for virConnectGetAllDomainStats output
	Adjust the spacing a bit in order to generate 'cleaner' looking output.
	This matches what virDomainMemoryStats does and it creates text/code boxes
	in order to list each of the stats for each category.

2016-12-07  John Ferlan  <jferlan@redhat.com>

	docs: Rebuild apihtml docs when source changes
	When changing one of the src/libvirt-*.c files to alter the docs, the
	adjusted files weren't being built.  Added them into APIBUILD_STAMP and
	then added that to the html/index.html rule which is used for the
	$(apihtml_generated) generated rule.

	Also, for clean we can remove the html/*.html files

2016-12-06  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	cgroup: Use system reported "unlimited" value for comparison
	With kernel 3.18 (since commit 3e32cb2e0a12b6915056ff04601cf1bb9b44f967)
	the "unlimited" value for cgroup memory limits has changed once again as
	its byte value is now computed from a page counter.
	The new "unlimited" value reported by the cgroup fs is therefore 2**51-1
	pages which is (VIR_DOMAIN_MEMORY_PARAM_UNLIMITED - 3072). This results
	e.g. in virsh memtune displaying 9007199254740988 instead of unlimited
	for the limits.

	This patch uses the value of memory.limit_in_bytes from the cgroup
	memory root which is the system's "real" unlimited value for comparison.

	See also libvirt commit 231656bbeb9e4d3bedc44362784c35eee21cf0f4 for the
	history for kernel 3.12 and before.

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	nss: Introduce libvirt-guest module
	So far the NSS module looks up only hostnames as provided by
	guests themselves. However, there are some cases where this is
	not enough: e.g. when there's a fresh new guest being installed
	(with some generic hostname) say from a live ISO image; or some
	(older) systems don't advertise their hostname in DHCP
	transactions at all.
	In cases like that it would be helpful if we translate domain
	name as seen by libvirt too so that users can:

	  # virsh start $dom && ssh $dom

	In order to achieve that new libvirt-guest module is introduced,
	while older libvirt module maintains its current behaviour (that
	is translating guest provided names into IP addresses).

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	nss: Move address lookup code into a separate function
	The part of the code that iterates over an array of JSON values
	is going to be re-used. Instead of copying it over, move it to a
	separate function.

	nss: Move address appending code into a separate function
	The part of the code that appends found IP address into a list is
	going to be re-used. Instead of copying it over, move it to a
	separate function.

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	nss: Use macro to generate public API names
	The name of the exported functions for an NSS module is quite
	fixed, it is derived from the module name:

	  _nss_$module_$function

	Since we will create another NSS module with very similar
	implementation we might as well generate the function names at
	the compile time.

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	network: Track MAC address map
	Now that we have a module that's able to track
	<domain, mac addres list> pairs, hook it up into
	our network driver.

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	util: Introduce virMACMap module
	This module will be used to track:

	  <domain, mac address list>

	pairs. It will be important to know these mappings without
	libvirt connection (that is from a JSON file), because NSS
	module will use those to provide better host name translation.

2016-12-06  Michal Privoznik  <mprivozn@redhat.com>

	util: Introduce virFileRewriteStr
	There are couple of places where we have a string and want to
	save it to a file. Atomically. In all those places we use
	virFileRewrite() but also implement the very same callback which
	takes the string and write it into temp file. This makes no
	sense. Unify the callbacks and move them to one place.

	virstring: Introduce virStringListRemove

	virstring: Introduce virStringListAdd

	nssmock: Prefer free() over VIR_FREE()
	Problem with VIR_FREE() is that we are not linking
	libvirt-utils.so to our mock libs therefore there will be an
	unresolved symbol. Fortunately, nsstest that eventually links
	with the nssmock links also with libvirt-utils.so and thus the
	symbol is resolved after all. However, if one wants to run the
	test binary under valgrind it is impossible to do so. Because of
	the unresolved symbol.

	network: Don't unlock non-locked network driver
	In dd7bfb2cdc5d I've removed locking of the network driver upon
	it's allocation. However, I forgot to remove one location of the
	driver unlock.

2016-12-06  John Ferlan  <jferlan@redhat.com>

	docs: Add NEWS description for group_name support in iotune

2016-12-06  John Ferlan  <jferlan@redhat.com>

	virsh: Add group name to blkdeviotune output
	https://bugzilla.redhat.com/show_bug.cgi?id=1336564

	Add the ability to set/display the group_name for block device iotune

2016-12-06  John Ferlan  <jferlan@redhat.com>

	qemu: Add the group name option to the iotune command line
	Add in the block I/O throttling group parameter to the command line
	if supported. If not supported, fail command creation.

	Add the xml2argvtest for testing.

2016-12-06  John Ferlan  <jferlan@redhat.com>

	conf: Add support for blkiotune group_name option
	Modify _virDomainBlockIoTuneInfo and rng schema to support the group_name
	option for iotune throttling. Document the new value.

	qemu: Add support for parsing iotune group setting
	Add support to read/parse the iotune group setting for qemu.

	qemu: Adjust various bool BlockIoTune set_ values into a single mask
	Rather than have multiple bool values, create a single enum with bits
	representing what fields are set. Fields are generally set in groups
	of 3 (read, write, total).

2016-12-06  John Ferlan  <jferlan@redhat.com>

	qemu: Alter qemuMonitorJSONSetBlockIoThrottle command logic
	Currently we build the JSON object for the "block_set_io_throttle"
	command using the knowledge that a NULL for a support*Options boolean
	would essentially ignore the rest of the arguments.

	This may not work properly if some capability was backported, plus it just
	looks rather ugly. So instead, build the "base" arguments and then if
	the support*Option bool capability is set, add in the arguments on the fly.

	Then append those arguments to the basic command and send to qemu.

2016-12-06  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust maxparams logic for qemuDomainGetBlockIoTune
	Rather than using negative logic and setting the maxparams to a lesser
	value based on which capabilities exist, alter the logic to modify the
	maxparams based on a base value plus the found capabilities. Reduces the
	chance that some backported feature produces an incorrect value.

	caps: Add new capability for the iotune group name
	Add the capability to detect if the qemu binary can support the feature
	to use throttling.group.

	include: Add new "group_name" definition for iotune throttling
	Add the new field to support sharing I/O throttling quota between
	multiple drives.

2016-12-05  Lin Ma  <lma@suse.com>

	cpu: Add support for pku and ospke Intel features for Memory Protection Keys
	qemu commit: f74eefe0
	https://lwn.net/Articles/667156/

2016-12-05  Lin Ma  <lma@suse.com>

	cpu: Add support for more AVX512 Intel features
	These features are included:
	AVX512DQ, AVX512IFMA, AVX512BW, AVX512VL, AVX512VBMI, AVX512_4VNNIW and
	AVX512_4FMAPS.

	qemu commits: cc728d14 and 95ea69fb

2016-12-05  John Ferlan  <jferlan@redhat.com>

	storage: Fix type PLOOP type check for storageVolUpload
	Commit id '03e750f3' added support for checking the PLOOP type; however,
	it used 'target.type' which no storage code ever fills in, so it will
	never be set.  Change to just vol->type (could use vol->target.format
	as well).

2016-12-05  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	tests: add test cases for address conflicts
	Add test cases for address conflicts between disks and hostdevs that are
	using drive addresses.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-12-05  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: add global check for duplicate drive addresses
	Add a global check for duplicate drive addresses. This will fix the
	problem of duplicate disk and hostdev drive addresses.

	Example for duplicate drive addresses:
	<disk>
	  ...
	  <target name='sda'/>
	</disk>
	<disk>
	  ...
	  <target name='sdb'/>
	  <address type='drive' controller=0 bus=0 target=0 unit=0/>
	</disk>

	Another example:
	<hostdev mode='subsystem' type='scsi' managed='no'>
	  <source>
	  ...
	  </source>
	  <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	</hostdev>
	<hostdev mode='subsystem' type='scsi' managed='no'>
	  <source>
	  ...
	  </source>
	  <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	</hostdev>

	Unfortunately the fixes (1b08cc170a84077afd4d15f4639a9a2cf398e9a2,
	8d46386bfe01b84982e25e915ad9cfbae5cf4cb1) weren't enough to catch these
	cases and it isn't possible to add additional checks in
	virDomainDeviceDefPostParseInternal() for SCSI hostdevs or
	virDomainDiskDefAssignAddress() for SCSI/IDE/FDC/SATA disks without
	adding another parse flag (virDomainDefParseFlags) to disable this
	validation while updating or detaching a disk or hostdev.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-12-05  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	tests: don't use duplicate disk addresses
	Don't use duplicate disk addresses in test cases unless it's useful. At
	least the test case will break once we have a check for uniqueness of
	addresses at time of domain definition.

2016-12-05  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: virDomainDriveAddressIsUsedByDisk: Rename type to bus_type
	Comparing the parameter 'type' against the member 'bus' instead of
	against the member 'type' is quite confusing. Rename the parameter
	'type' to 'bus_type' to clarify its meaning.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-12-05  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	conf: simplify functions virDomainSCSIDriveAddressIsUsedBy*()
	Pass the virDomainDeviceDriveAddress as a struct instead of individual
	arguments. Reworked the function descriptions.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-12-05  Andrea Bolognani  <abologna@redhat.com>

	Fix version number
	The next release will be the first one of 2017, so the
	version number will be 3.0.0 rather than 2.6.0.

	Post-release version bump to 2.6.0

	NEWS: Add release date for 2.5.0

2016-12-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-2.5.0
	* po/*.po*

2016-12-02  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos

2016-12-01  gaohaifeng  <gaohaifeng.gao@huawei.com>

	qemuDomainAttachNetDevice: pass mq and vectors for vhost-user with multiqueue
	Two reasons:
	1.in none hotplug, we will pass it. We can see from libvirt function
	qemuBuildVhostuserCommandLine
	2.qemu will use this vetcor num to init msix table. If we don't pass, qemu
	will use default value, this will cause VM can only use default value
	interrupts at most.

2016-12-01  Martin Kletzander  <mkletzan@redhat.com>

	news: Remove full stop at the end of the sentence
	To stay consistent.

2016-12-01  Laine Stump  <laine@laine.org>

	news: Add "more PCIe less legacy PCI" to list of new features

2016-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Refresh translations from zanata

2016-12-01  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Remove end-of-sentence period
	None of the other sentences in the file ends with the period,
	and we want to maintain a consistent style.

2016-11-30  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Prevent detaching SCSI controller used by hostdev
	Consider the following XML snippets:

	  $ cat scsicontroller.xml
	      <controller type='scsi' model='virtio-scsi' index='0'/>
	  $ cat scsihostdev.xml
	      <hostdev mode='subsystem' type='scsi'>
	        <source>
	          <adapter name='scsi_host0'/>
	          <address bus='0' target='8' unit='1074151456'/>
	        </source>
	      </hostdev>

	If we create a guest that includes the contents of scsihostdev.xml,
	but forget the virtio-scsi controller described in scsicontroller.xml,
	one is silently created for us.  The same holds true when attaching
	a hostdev before the matching virtio-scsi controller.
	(See qemuDomainFindOrCreateSCSIDiskController for context.)

	Detaching the hostdev, followed by the controller, works well and the
	guest behaves appropriately.

	If we detach the virtio-scsi controller device first, any associated
	hostdevs are detached for us by the underlying virtio-scsi code (this
	is fine, since the connection is broken).  But all is not well, as the
	guest is unable to receive new virtio-scsi devices (the attach commands
	succeed, but devices never appear within the guest), nor even be
	shutdown, after this point.

	While this is not libvirt's problem, we can prevent falling into this
	scenario by checking if a controller is being used by any hostdev
	devices.  The same is already done for disk elements today.

	Applying this patch and then using the XML snippets from earlier:

	  $ virsh detach-device guest_01 scsicontroller.xml
	  error: Failed to detach device from scsicontroller.xml
	  error: operation failed: device cannot be detached: device is busy

	  $ virsh detach-device guest_01 scsihostdev.xml
	  Device detached successfully

	  $ virsh detach-device guest_01 scsicontroller.xml
	  Device detached successfully

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-30  Laine Stump  <laine@laine.org>

	qemu: assign VFIO devices to PCIe addresses when appropriate
	Although nearly all host devices that are assigned to guests using
	VFIO ("<hostdev>" devices in libvirt) are physically PCI Express
	devices, until now libvirt's PCI address assignment has always
	assigned them addresses on legacy PCI controllers in the guest, even
	if the guest's machinetype has a PCIe root bus (e.g. q35 and
	aarch64/virt).

	This patch tries to assign them to an address on a PCIe controller
	instead, when appropriate. First we do some preliminary checks that
	might allow setting the flags without doing any extra work, and if
	those conditions aren't met (and if libvirt is running privileged so
	that it has proper permissions), we perform the (relatively) time
	consuming task of reading the device's PCI config to see if it is an
	Express device. If this is successful, the connect flags are set based
	on the result, but if we aren't able to read the PCI config (most
	likely due to the device not being present on the system at the time
	of the check) we assume it is (or will be) an Express device, since
	that is almost always the case anyway.

2016-11-30  Laine Stump  <laine@laine.org>

	qemu: propagate virQEMUDriver object to qemuDomainDeviceCalculatePCIConnectFlags
	If libvirtd is running unprivileged, it can open a device's PCI config
	data in sysfs, but can only read the first 64 bytes. But as part of
	determining whether a device is Express or legacy PCI,
	qemuDomainDeviceCalculatePCIConnectFlags() will be updated in a future
	patch to call virPCIDeviceIsPCIExpress(), which tries to read beyond
	the first 64 bytes of the PCI config data and fails with an error log
	if the read is unsuccessful.

	In order to avoid creating a parallel "quiet" version of
	virPCIDeviceIsPCIExpress(), this patch passes a virQEMUDriverPtr down
	through all the call chains that initialize the
	qemuDomainFillDevicePCIConnectFlagsIterData, and saves the driver
	pointer with the rest of the iterdata so that it can be used by
	qemuDomainDeviceCalculatePCIConnectFlags(). This pointer isn't used
	yet, but will be used in an upcoming patch (that detects Express vs
	legacy PCI for VFIO assigned devices) to examine driver->privileged.

2016-11-30  Laine Stump  <laine@laine.org>

	util: new function virPCIDeviceGetConfigPath()
	The path to the config file for a PCI device is conventiently stored
	in a virPCIDevice object, but that object's contents aren't directly
	visible outside of virpci.c, so we need to have an accessor function
	for it if anyone needs to look at it.

	util: new function virFileLength()
	This new function just calls fstat() (if provided with a valid fd) or
	stat() (if fd is -1) and returns st_size (or -1 if there is an
	error). We may decide we want this function to be more complex, and
	handle things like block devices - this is a placeholder (that works)
	for any more complicated function.

2016-11-30  Nikos Mavrogiannopoulos  <nmav@redhat.com>

	virt-gnutls.m4: fixed check for gnutls_rnd and gnutls_cipher_encrypt

2016-11-30  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	docs: improve release numbering rule for minor numbers
	Adding first build of year minor number reset to 0.

2016-11-30  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add alternative feature spellings to CPU map
	We can't change feature names for compatibility reasons even if they
	contain typos or other software uses different names for the same
	features. By adding alternative spellings in our CPU map we at least
	allow anyone to grep for them and find the correct libvirt's name.

	cpu: Remove useless comments from CPU map
	They didn't really help anything.

2016-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: error out on USB ports out of range
	My overly sophisticated address reservation code forgot
	to add an error message for user-requested ports out of range.

	https://bugzilla.redhat.com/show_bug.cgi?id=1399260

2016-11-30  Ján Tomko  <jtomko@redhat.com>

	tests: Fix USB ports in usb-redir-filter
	This test case references ports 4 and 5 on the PIIX3 UHCI
	controller which only has two.

2016-11-30  Christian Ehrhardt  <christian.ehrhardt@canonical.com>

	virt-aa-helper: fix parsing security labels by introducing VIR_DOMAIN_DEF_PARSE_SKIP_SECLABEL
	When virt-aa-helper parses xml content it can fail on security labels.

	It fails by requiring to parse active domain content on seclabels that
	are not yet filled in.

	Testcase with virt-aa-helper on a minimal xml:
	 $ cat << EOF > /tmp/test.xml
	<domain type='kvm'>
	    <name>test-seclabel</name>
	    <uuid>12345678-9abc-def1-2345-6789abcdef00</uuid>
	    <memory unit='KiB'>1</memory>
	    <os><type arch='x86_64'>hvm</type></os>
	    <seclabel type='dynamic' model='apparmor' relabel='yes'/>
	    <seclabel type='dynamic' model='dac' relabel='yes'/>
	</domain>
	EOF
	 $ /usr/lib/libvirt/virt-aa-helper -d -r -p 0 \
	   -u libvirt-12345678-9abc-def1-2345-6789abcdef00 < /tmp/test.xml

	Current Result:
	 virt-aa-helper: error: could not parse XML
	 virt-aa-helper: error: could not get VM definition
	Expected Result is a valid apparmor profile

2016-11-29  Jiri Denemark  <jdenemar@redhat.com>

	docs: Update news

	Consolidate documentation of virDomainMigrate{,ToURI}{,2,3}
	Only the latest APIs are fully documented and the documentation of the
	older variants (which are just limited versions of the new APIs anyway)
	points to the newest APIs.

	Enhance documentation of virDomainMigrateFlags
	The enhanced documentation of VIR_MIGRATE_RDMA_PIN_ALL fixes
	https://bugzilla.redhat.com/show_bug.cgi?id=1373783

2016-11-29  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Install virt-guest-shutdown.target properly
	When trying to install libvirtd from sources I've noticed the
	following failure:

	/usr/bin/install: cannot stat 'virt-guest-shutdown.target': No such file or directory
	Makefile:2792: recipe for target 'install-init-systemd' failed
	make[3]: *** [install-init-systemd] Error 1
	make[3]: *** Waiting for unfinished jobs....

	The problem is that while other files around that location in
	Makefile are firstly generated into the builddir and only after
	that installed, virt-guest-shutdown.target file is not generated
	at all and should be installed from the srcdir.

	This was introduced in 01079727.

2016-11-29  Jiri Denemark  <jdenemar@redhat.com>

	qemuProcessReconnect: Avoid relabeling images after migration
	Restarting libvirtd on the source host at the end of migration when a
	domain is already running on the destination would cause image labels to
	be reset effectively killing the domain. Commit e8d0166e1d fixed similar
	issue on the destination host, but kept the source always resetting the
	labels, which was mostly correct except for the specific case handled by
	this patch.

	https://bugzilla.redhat.com/show_bug.cgi?id=1343858

2016-11-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report tunnelled post-copy migration as unsupported
	Post-copy migration needs bi-directional communication between the
	source and the destination QEMU processes, which is not supported by
	tunnelled migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1371358

2016-11-28  Chen Hanxiao  <chenhanxiao@gmail.com>

	storage_backend_rbd: check the return value of rados_conf_set
	We had a lot of rados_conf_set and check works.
	Use helper virStorageBackendRBDRADOSConfSet for them.

2016-11-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Don't partially reprope caps on process reconnect
	Thanks to the complex capability caching code virQEMUCapsProbeQMP was
	never called when we were starting a new qemu VM. On the other hand,
	when we are reconnecting to the qemu process we reload the capability
	list from the status XML file. This means that the flag preventing the
	function being called was not set and thus we partially reprobed some of
	the capabilities.

	The recent addition of CPU hotplug clears the
	QEMU_CAPS_QUERY_HOTPLUGGABLE_CPUS if the machine does not support it.
	The partial re-probe on reconnect results into attempting to call the
	unsupported command and then killing the VM.

	Remove the partial reprobe and depend on the stored capabilities. If it
	will be necessary to reprobe the capabilities in the future, we should
	do a full reprobe rather than this partial one.

2016-11-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for unavailable-features
	QEMU 2.8.0 adds support for unavailable-features in
	query-cpu-definitions reply. The unavailable-features array lists CPU
	features which prevent a corresponding CPU model from being usable on
	current host. It can only be used when all the unavailable features are
	disabled. Empty array means the CPU model can be used without
	modifications.

	We can use unavailable-features for providing CPU model usability info
	in domain capabilities XML:

	    <domainCapabilities>
	      ...
	      <cpu>
	        <mode name='host-passthrough' supported='yes'/>
	        <mode name='host-model' supported='yes'>
	          <model fallback='allow'>Skylake-Client</model>
	          ...
	        </mode>
	        <mode name='custom' supported='yes'>
	          <model usable='yes'>qemu64</model>
	          <model usable='yes'>qemu32</model>
	          <model usable='no'>phenom</model>
	          <model usable='yes'>pentium3</model>
	          <model usable='yes'>pentium2</model>
	          <model usable='yes'>pentium</model>
	          <model usable='yes'>n270</model>
	          <model usable='yes'>kvm64</model>
	          <model usable='yes'>kvm32</model>
	          <model usable='yes'>coreduo</model>
	          <model usable='yes'>core2duo</model>
	          <model usable='no'>athlon</model>
	          <model usable='yes'>Westmere</model>
	          <model usable='yes'>Skylake-Client</model>
	          ...
	        </mode>
	      </cpu>
	      ...
	    </domainCapabilities>

2016-11-28  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add QEMU 2.8.0 domain capabilities tests

	tests: Add QEMU 2.8.0 capabilities data

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	tests: Update capabilities for QEMU 2.7.0

	tests: Update capabilities for QEMU 2.6.0 (ppc64le)

	tests: Update capabilities for QEMU 2.6.0 (aarch64, GICv3)

	qemu: Avoid reporting "host" as a supported CPU model
	"host" CPU model is supported by a special host-passthrough CPU mode and
	users is not allowed to specify this model directly with custom mode.
	Thus we should not advertise "host" CPU model in domain capabilities.
	This worked well on architectures for which libvirt provides a list of
	supported CPU models in cpu_map.xml (since "host" is not in the list).
	But we need to explicitly filter "host" model out for all other
	architectures.

	tests: Update capabilities for QEMU 2.6.0 (aarch64, GICv2)

	tests: Update capabilities for QEMU 2.6.0

	tests: Update capabilities for QEMU 2.5.0

	tests: Update capabilities for QEMU 2.4.0

	tests: Update capabilities for QEMU 2.1.1

	tests: Update capabilities for QEMU 1.7.0

	tests: Update capabilities for QEMU 1.6.0

	tests: Update capabilities for QEMU 1.5.3

	tests: Update capabilities for QEMU 1.4.2

	tests: Update capabilities for QEMU 1.3.1

	tests: Update capabilities for QEMU 1.2.2

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Probe CPU models for KVM and TCG
	CPU models (and especially some additional details which we will start
	probing for later) differ depending on the accelerator. Thus we need to
	call query-cpu-definitions in both KVM and TCG mode to get all data we
	want.

	Tests in tests/domaincapstest.c are temporarily switched to TCG to avoid
	having to squash even more stuff into this single patch. They will all
	be switched back later in separate commits.

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce virQEMUCapsFormatCPUModels
	This patch moves the CPU models formatting code from
	virQEMUCapsFormatCache into a separate function.

	qemu: Introduce virQEMUCapsLoadCPUModels
	This patch moves the CPU models parsing code from virQEMUCapsLoadCache
	into a separate function.

	qemu: Refresh caps in virQEMUCapsCacheLookupByArch
	The function just returned cached capabilities without checking whether
	they are still valid. We should check that and refresh the capabilities
	to make sure we don't return stale data. In other words, we should do
	what all other lookup functions do.

	qemu: Refactor virQEMUCapsCacheLookup
	The function is made a little bit more readable and the code which
	refreshes cached capabilities if they are not valid any more was moved
	into a separate function (virQEMUCapsCacheValidate) so that it can be
	reused in other places.

	qemu: Don't return unusable virttype in domain capabilities
	If a user asked for a KVM domain capabilities when KVM is not available,
	we would happily return data we got when probing through TCG and
	pretended they were relevant for KVM. Let's just report KVM is not
	supported to avoid confusion.

	qemu: Use saner defaults for domain capabilities
	When domain capabilities were introduced we did not have enough data to
	decide whether KVM works on the host or not and thus working legacy/VFIO
	device assignment was used as a witness. Now that we know whether KVM
	was enabled when probing QEMU capabilities (and thus we know it's
	working), we can use this knowledge to provide better default value for
	virttype.

	qemu: Discard caps cache when KVM availability changes
	Since some may depend on the accelerator used when probing QEMU the
	cache becomes invalid when KVM becomes available or if it is not
	available anymore.

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Enable KVM when probing capabilities
	CPU related capabilities may differ depending on accelerator used when
	probing. Let's use KVM if available when probing QEMU and fall back to
	TCG. The created capabilities already contain all we need to distinguish
	whether KVM or TCG was used:

	    - KVM was used when probing capabilities:
	        QEMU_CAPS_KVM is set
	        QEMU_CAPS_ENABLE_KVM is not set

	    - TCG was used and QEMU supports KVM, but it failed (e.g., missing
	      kernel module or wrong /dev/kvm permissions)
	        QEMU_CAPS_KVM is not set
	        QEMU_CAPS_ENABLE_KVM is set

	    - KVM was not used and QEMU does not support it
	        QEMU_CAPS_KVM is not set
	        QEMU_CAPS_ENABLE_KVM is not set

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemucapsprobe: Ignore all greetings except the first one
	When starting QEMU more than once during a single probing process,
	qemucapsprobe utility would save QMP greeting several times, which
	doesn't play well with our test monitor.

	qemu: Probe KVM state earlier
	Let's set QEMU_CAPS_KVM and QEMU_CAPS_ENABLE_KVM early so that the rest
	of the probing code can use these capabilities to handle KVM/TCG replies
	differently.

	qemu: Use -machine when probing capabilities via QMP
	Using -machine instead of -M for QMP probing is safe because any QEMU
	binary which is capable of QMP probing supports -machine.

2016-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make QMP probing process reusable
	The code that runs a new QEMU process to be used for probing
	capabilities is separated into four reusable functions so that any code
	that wants to probe a QEMU process may just follow a few simple steps:

	    cmd = virQEMUCapsInitQMPCommandNew(...);
	    virQEMUCapsInitQMPCommandRun(cmd);

	    /* talk to the running QEMU process using its QMP monitor */

	    if (reprobeIsRequired) {
	        virQEMUCapsInitQMPCommandAbort(cmd, ...);
	        virQEMUCapsInitQMPCommandRun(cmd);

	        /* talk to the running QEMU process again */
	    }

	    virQEMUCapsInitQMPCommandFree(cmd);

2016-11-25  Maxim Nestratov  <mnestratov@virtuozzo.com>

	Revert "vz: fixed race in vzDomainAttach/DettachDevice"
	This reverts commit 3a6cf6fc16.

	Mistakenly this commit was pushed because I thought I missed the
	corret one b880ff42ddb while in fact I didn't.

2016-11-25  Michal Privoznik  <mprivozn@redhat.com>

	virstring: Unify string list function names
	We have couple of functions that operate over NULL terminated
	lits of strings. However, our naming sucks:

	virStringJoin
	virStringFreeList
	virStringFreeListCount
	virStringArrayHasString
	virStringGetFirstWithPrefix

	We can do better:

	virStringListJoin
	virStringListFree
	virStringListFreeCount
	virStringListHasString
	virStringListGetFirstWithPrefix

2016-11-25  Peter Krempa  <pkrempa@redhat.com>

	docs: NEWS: Mention changes in memory slot number allocation

	docs: NEWS: Mention 'gluster_debug_level' qemu.conf option in the news

2016-11-25  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Add some missing entries
	Catch up with changes that have been pushed but didn't include
	updates to the NEWS file themselves.

2016-11-25  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: fix internal error: NUMA isn't available on this host
	If libvirt is compiled without NUMACTL support starting libvirtd
	reports a libvirt internal error "NUMA isn't available on this host"
	without checking if NUMA support is compiled into the libvirt binaries.
	This patch adds the missing NUMA support check to prevent the internal error.
	It also includes a check if the cgroup controller cpuset is available before
	using it.

	The error was noticed when libvirtd was restarted with running domains and
	on libvirtd start the qemuConnectCgroup gets called during qemuProcessReconnect.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	conf: Wire up the vhost-scsi connection from/to XML
	With the QEMU components in place, provide the XML parsing to
	invoke that code when given the following XML snippet:

	    <hostdev mode='subsystem' type='scsi_host'>
	      <source protocol='vhost' wwpn='naa.501234567890abcd'/>
	    </hostdev>

	An optional address element can be specified within the hostdev
	(pick CCW or PCI as necessary):

	    <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0625'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>

	Add basic vhost-scsi tests which were cloned from hostdev-scsi-virtio-scsi
	in both xml2argv and xml2xml. Added ones for both vhost-scsi-ccw and
	vhost-scsi-pci since the syntaxes are slightly different between them.

	Also adjusted the docs to describe the changes.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	security: Include vhost-scsi in security labels
	Ensure that the vhost-scsi wwpn information is passed to the
	different security policies.

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Allow hotplug of vhost-scsi device
	Adjust the device string that is built for vhost-scsi devices so that it
	can be invoked from hotplug.

	From the QEMU command line, the file descriptors are expect to be numeric only.
	However, for hotplug, the file descriptors are expected to begin with at least
	one alphabetic character else this error occurs:

	  # virsh attach-device guest_0001 ~/vhost.xml
	  error: Failed to attach device from /root/vhost.xml
	  error: internal error: unable to execute QEMU command 'getfd':
	  Parameter 'fdname' expects a name not starting with a digit

	We also close the file descriptor in this case, so that shutting down the
	guest cleans up the host cgroup entries and allows future guests to use
	vhost-scsi devices.  (Otherwise the guest will silently end.)

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Add vhost-scsi string for -device parameter
	Open /dev/vhost-scsi, and record the resulting file descriptor, so that
	the guest has access to the host device outside of the libvirt daemon.
	Pass this information, along with data parsed from the XML file, to build
	a device string for the qemu command line.  That device string will be
	for either a vhost-scsi-ccw device in the case of an s390 machine, or
	vhost-scsi-pci for any others.

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	util: Management routines for scsi_host devices
	For a new hostdev type='scsi_host' we have a number of
	required functions for managing, adding, and removing the
	host device to/from guests.  Provide the basic infrastructure
	for these tasks.

	The name "SCSIVHost" (and its variants) is chosen to avoid
	conflicts with existing code named "SCSIHost" to refer to
	a hostdev type='scsi' protcol='none'.

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	Introduce framework for a hostdev SCSI_host subsystem type
	We already have a "scsi" hostdev subsys type, which refers to a single
	LUN that is passed through to a guest.  But what of things where
	multiple LUNs are passed through via a single SCSI HBA, such as with
	the vhost-scsi target?  Create a new hostdev subsys type that will
	carry this.

2016-11-24  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Introduce vhost-scsi capability
	Do all the stuff for the vhost-scsi capability in QEMU,
	so it's in place for our checks later.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: eventtest: fix build on macOS
	macOS doesn't support clock_gettime(2), at least versions prior 10.12
	(I didn't actually check 10.12 though). So, use its own routines in
	eventtest.

	 * configure.ac: check for requires symbols and define
	   HAVE_MACH_CLOCK_ROUTINES if found
	 * tests/eventtest.c: add clock_get_time() based implementation

2016-11-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: eventtest: fix LDADD
	Don't explicitly LDADD -lrt, use $(LIB_CLOCK_GETTIME) because
	not all platforms have clock_gettime(2) and librt available.

	genprotocol.pl: add darwin to fixup list

2016-11-23  Dawid Zamirski  <dzamirski@datto.com>

	vbox: get rid of g_pVBoxGlobalData
	now that we have a new global vboxDriver object, remove the old
	vboxGlobalData struct and all references to it.

2016-11-23  Dawid Zamirski  <dzamirski@datto.com>

	vbox: change how vbox API is initialized.
	* add vboxDriver object to serve as a singleton global object that
	  holds references to IVirtualBox and ISession to be shared among
	  multiple connections. The vbox_driver is instantiated only once in
	  the first call vboxGetDriverConnection function that is guarded by
	  a mutex.

	* call vbox API initialize only when the first connection is
	  established, and likewise uninitialize when last connection
	  disconnects. The prevents each subsequent connection from overwriting
	  IVirtualBox/ISession instances of any other active connection that
	  led to libvirtd segfaults. The virConnectOpen and virConnectClose
	  implementations are guarded by mutex on the global vbox_driver_lock
	  where the global vbox_driver object counts connectios and decides
	  when it's safe to call vbox's init/uninit routines.

	* add IVirutalBoxClient to vboxDriver and use it to in tandem with newer
	  pfnClientInitialize/pfnClientUninitalize APIs for vbox versions that
	  support it, to avoid usage of the old pfnComInitialize/Uninitialize.

2016-11-23  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Removed an outdated comment in qemuDomainSaveImageStartVM()
	Removed the comment 'Set the migration source' as it isn't valid anymore
	and 'start it up' isn't useful as qemuProcessStart() is already a
	speaking name.

2016-11-23  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	virutil: fix trailing '/' for path prefixes
	The path prefixes for sysfs trees are always prepended by paths
	beginning with a slash, making the trailing slash in the prefix
	redundant.

	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-23  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	virfile: Only generate a warning if there is something to report
	Only generate a warning if there is something to report.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-23  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Fix typos and grammar

2016-11-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Update cgroup on chardev hotplug
	Just like in the previous commit, we are not updating CGroups on
	chardev hot(un-)plug and thus leaving qemu unable to access any
	non-default device users are trying to hotplug.

	qemu: Update cgroup on RNG hotplug
	If users try to hotplug RNG device with a backend different to
	/dev/random or /dev/urandom the whole operation fails as qemu is
	unable to access the device. The problem is we don't update
	device CGroups during the operation.

	docs: Add apps.html link to index.html
	I think when trying to introduce libvirt (we have a section for
	that in our index page) it might be useful to promote success
	stories - other applications that are based on libvirt.

2016-11-23  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Close <li> tag properly
	Not closing the <li> tag on a separate line causes the plain
	text version of the file to have no empty line between entries.

2016-11-23  Pino Toscano  <ptoscano@redhat.com>

	NEWS: document the new libssh transport

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: fix unsafe agent access
	qemuDomainObjExitAgent is unsafe.

	First it accesses domain object without domain lock.
	Second it uses outdated logic that goes back to commit 79533da1 of
	year 2009 when code was quite different. (unref function
	instead of unreferencing only unlocked and disposed object
	in case of last reference and leaved unlocking to the caller otherwise).
	Nowadays this logic may lead to disposing locked object
	i guess.

	Another problem is that the callers of qemuDomainObjEnterAgent
	use domain object again (namely priv->agent) without domain lock.

	This patch address these two problems.

	qemuDomainGetAgent is dropped as unused.

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: drop write-only agentStart

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: cleanup agent error flag correctly
	Sometimes after domain restart agent is unavailabe even
	if it is up and running in guest. Diagnostic message is
	"QEMU guest agent is not available due to an error"
	that is 'priv->agentError' is set. Investiagion shows that
	'priv->agent' is not NULL, so error flag is set probably
	during domain shutdown process and not cleaned up eventually.

	The patch is quite simple - just clean up error flag unconditionally
	upon domain stop.

	Other hunks address other cases when error flag is not cleaned up.

	1. processSerialChangedEvent. We need to clean error flag
	unconditionally here too. For example if upon first 'connected' event we
	fail to connect and set error flag and then connect on second
	'connected' event then error flag will remain set erroneously
	and make agent unavailable.

	2. qemuProcessHandleAgentEOF. If error flag is set and we get
	EOF we need to change state (and diagnostic) from 'error' to
	'not connected'.

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: remove redundant check

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: handle agent connection errors in one place
	qemuConnectAgent return -1 or -2 in case of different errors.
	A. -1 is a case of unsuccessuful connection to guest agent.
	B. -2 is a case of destoyed domain during connection attempt.

	All qemuConnectAgent callers handle the first error the same way
	so let's move this logic into qemuConnectAgent itself. Patched
	function returns 0 in case A and -1 in case B.

2016-11-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	libvirtd: systemd: add special target for system shutdown
	It is already discussed in "[RFC] daemon: remove hardcode dep on libvirt-guests" [1].

	Mgmt can use means to save/restore domains on system shutdown/boot other than
	libvirt-guests.service. Thus we need to specify appropriate ordering dependency between
	libvirtd, domains and save/restore service. This patch takes approach suggested
	in RFC and introduces a systemd target, so that ordering can be built next way:

	libvirtd -> domain -> virt-guest-shutdown.target -> save-restore.service.

	This way domains are decoupled from specific shutdown service via intermediate
	target.

	[1] https://www.redhat.com/archives/libvir-list/2016-September/msg01353.html

2016-11-22  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Document --rdma-pin-all migrate option properly
	https://bugzilla.redhat.com/show_bug.cgi?id=1368351

2016-11-22  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add support for VIR_MIGRATE_PARAM_PERSIST_XML
	Commit v1.3.3-181-gb028e9d7c implmented support for
	VIR_MIGRATE_PARAM_PERSIST_XML migration parameter, but forgot to update
	virsh.

	https://bugzilla.redhat.com/show_bug.cgi?id=835300

2016-11-22  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	Refactoring: Use virHostdevIsSCSIDevice()
	Use the util function virHostdevIsSCSIDevice() to simplify if
	statements.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-22  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	util: Add virHostdevIsSCSIDevice()
	Add the function virHostdevIsSCSIDevice() which detects whether a
	hostdev is a SCSI device or not.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-22  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: Fix improper union member access on hostdevs
	Add missing checks if a hostdev is a subsystem/SCSI device before access
	the union member 'subsys'/'scsi'.  Also fix indentation and simplify
	qemuDomainObjCheckHostdevTaint().

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-11-22  Sławek Kapłoński  <slawek@kaplonski.pl>

	Forbid new-line char in name of new storagepool
	New line character in name of storagepool is now forbidden because it
	mess virsh output and can be confusing for users.
	Validation of name is done in driver, after parsing XML to avoid
	problems with dissappeared pools which was already created with
	new-line char in name.

	Forbid new-line char in name of new domain
	New line character in name of domain is now forbidden because it
	mess virsh output and can be confusing for users.
	Validation of name is done in drivers, after parsing XML to avoid
	problems with dissappeared domains which was already created with
	new-line char in name.

2016-11-22  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Update entries
	All of these changes have already been merged, so document
	them properly.

	NEWS: Update XSLT stylesheet
	The new format requires some tweaks to be translated into
	a nice plain text output, and the XSLT stylesheet needs to
	be updated to match.

2016-11-22  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Archive 2016 releases
	We're going to change the format of the source HTML quite
	a bit, and we're going to have to update the XSLT stylesheet
	accordingly.

	Move 2016 releases out of the way before doing so.

2016-11-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Properly propagate the 'qemu_id' field through the matcher
	Commit 3f71c797689a4a70 added 'qemu_id' field to track the id of the cpu
	as reported by query-cpus. The patch did not include changes necessary
	to propagate the id through the functions matching the data to the
	libvirt cpu structures and thus all vcpus had id 0.

	tests: qemumonitorjson: Rename 'qemu-id' to 'enable-id' in cpu info test
	The field is named 'enable_id' in other structures and a patch recently
	added 'qemu_id' which has different semantics. To avoid confusion in the
	tests rename the field.

2016-11-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: cleanup bhyveBuildNetArgStr error handling
	Use 'goto cleanup'-style error handling instead of explicitly
	freeing variables in every error path.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain:  Refresh vcpu halted state using qemuMonitorGetCpuHalted
	Don't use qemuMonitorGetCPUInfo which does a lot of matching to get the
	full picture which is not necessary and would be mostly discarded.

	Refresh only the vcpu halted state using data from query-cpus.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract halted state to a bitmap indexed by cpu id
	We don't need to call qemuMonitorGetCPUInfo which is very inefficient to
	get data required to update the vcpu 'halted' state.

	Add a monitor helper that will retrieve the halted state and return it
	in a bitmap so that it can be indexed easily.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract qemu cpu id along with other data
	Storing of the ID will allow simpler extraction of data present only in
	query-cpus without the need to call qemuMonitorGetCPUInfo in statistics
	paths.

2016-11-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu_monitor_json: Don't check existence of "return" object
	Whenever qemuMonitorJSONCheckError returns 0, the "return" object is
	guaranteed to exist. Thus virJSONValueObjectGetObject will never fail to
	get it. On the other hand, virJSONValueObjectGetArray may fail since the
	"return" object may not be an array.

2016-11-21  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Start using the improved format
	This entry is meant to both get the ball rolling on the
	switch and to provide a blueprint of what NEWS file entries
	are supposed to look like.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Set current vcpu count to maximum if it was not specified
	Mimic qemu's behavior on the given command line.

	qemu: parse: Assign maximum cpu count from topology if not provided
	qemu uses this if 'maxcpus' is not present. Do the same in the parsing
	code.

	qemu: parse: Assign topology info earlier
	Qemu can also use the topology to calculate the total vcpu count. To
	allow parsing this move the assignment earlier.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: parse: Allow the 'cpus=' prefix for current cpu number
	qemu allows following syntax:

	  -smp [cpus=]n[,cores=cores][,threads=threads][,sockets=sockets][,maxcpus=maxcpus]

	Allow the "cpus" prefix.

2016-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: parse: Validate that the VM has at least one cpu
	Libvirt's code relies on this fact so don't allow parsing a command line
	which would have none.

	Libvirtd would crash in the post parse callback on such config.

2016-11-21  Martin Kletzander  <mkletzan@redhat.com>

	docs: Use Overpass Mono as the monospace font
	Because this makes the font the same size as the non-monospaced one,
	let's change those properties a little bit as well.  <pre/> will be
	shrunk a bit and <code/> inside <p/> or <dd/> will have slightly greyer
	background.

	docs: Add monospaced Overpass fonts
	Overpass 3.0 has monospaced fonts, so why not have the same font for
	the monospaced parts of the documentation.

	docs: Upgrade Overpass fonts to 3.0
	Since we are using Overpass for the web pages, we might be using the
	latest version.

	docs: Clean-up font definitions
	Some of those were duplicate, so remove those.  In order to better see
	such things in the future, sort them so they are "regular, italic,
	bold, bold-italic, light, light-italic".

2016-11-21  Michal Privoznik  <mprivozn@redhat.com>

	tests: Adapt to gluster_debug_level in qemu.conf
	After a944bd92 we gained support for setting gluster debug level.
	However, due to a space we haven't tested whether augeas file
	actually works.

2016-11-20  Martin Kletzander  <mkletzan@redhat.com>

	util: Print pid_t as long long
	After commit f2bf5fbb0449, MinGW strikes again.  Simply print pid as any
	other place after commit b7d2d4af2bd5.

2016-11-19  Guido Günther  <agx@sigxcpu.org>

	configure: Look for daemons in **/sbin
	Unify the logic we use for looking up daemons and admin binaries. Some
	lookups prefered $PATH over **/sbin while others left out $PATH
	entierly.  We add **/sbin since non-root users might not have these in
	their path.

	This also unbreaks libvirt when built on Debian systems with usrmerge[0]
	and run on systems without it.

	[0]: https://packages.debian.org/sid/usrmerge

2016-11-18  Martin Kletzander  <mkletzan@redhat.com>

	Fix scheduler support check
	Commit 94cc577807ba tried fixing build on systems that did not have
	SCHED_BATCH or SCHED_IDLE defined.  But instead of changing it to
	conditional support, it rather completely disabled the support for
	setting any scheduler.  Since then, such old systems are not
	supported, but rather than reverting that commit, let's change that to
	the conditional support.  That way any addition to the list of
	schedulers can follow the same style so that we're consistent in the
	future.

2016-11-16  John Ferlan  <jferlan@redhat.com>

	fs: Add proper switch to create filesystem with overwrite
	https://bugzilla.redhat.com/show_bug.cgi?id=1366460

	When using the --overwrite switch on a pool-build or pool-create, the
	The mkfs.ext{2|3|4} commands use mke2fs which requires using the '-F' switch
	in order to force overwriting the current filesystem on the whole disk.

	Likewise, the mkfs.vfat command uses mkfs.fat which requires using the '-I'
	switch in order to force overwriting the current filesystem on the whole disk.

2016-11-16  Jiri Denemark  <jdenemar@redhat.com>

	Avoid compiler warnings in virCPUDefStealModel
	Old GCC on CentOS 6 thinks vendor and vendor_id might be used
	uninitialized in virCPUDefStealModel. The compiler is wrong, though.

2016-11-15  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	In particular, this is a quick gnulib fix for a mingw compile error.

	* .gnulib: Update to latest.

2016-11-15  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix memory leaks in bhyvexml2argvtest
	 * virNetDevTapCreateInBridgePort() mock: free '*ifname' before
	   strdupping a hardoded value to it
	 * testCompareXMLToArgvFiles(): unref 'conn' object in cleanup
	 * testCompareXMLToArgvHelper(): free 'ldargs' and 'dmargs' in
	   cleanup

2016-11-15  Pino Toscano  <ptoscano@redhat.com>

	docs: fix default value for sshauth option of libssh2/libssh
	Both transports include "password" in their default authentication
	methods.

	spec: enable libssh transport on Fedora

	remote: expose a new libssh transport
	Implement in virtNetClient and VirNetSocket the needed functions to
	expose a new libssh transport, providing all the options that the
	libssh2 transport supports.

2016-11-15  Pino Toscano  <ptoscano@redhat.com>

	libssh_transport: add new libssh-based transport
	Implement a new libssh transport, which uses libssh to communicate with
	remote hosts, and add all the build system stuff (search of libssh,
	private symbols, etc) to built it.

	This new transport supports all the common ssh authentication methods,
	making use of libvirt's auth callbacks for interaction with the user.

2016-11-15  Pino Toscano  <ptoscano@redhat.com>

	virnetsocket: improve search for default SSH key
	Add a couple of helper functions to check whether one of the default
	names of SSH keys (as documented in ssh-keygen(1)) exists, and use them
	to specify a key for the libssh2 transport if none was passed.

	virerror: add error for libssh transport
	Add a new error domain and number for a new libssh-based transport.

	virNetSocket: allow to not close FD
	Add an internal variable to mark the FD as "not owned" by the
	virNetSocket, in case the internal implementation takes the actual
	ownership of the descriptor; this avoids a warning when closing the
	socket, as the FD would be invalid.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Drop cpuGuestData
	The API is not used anywhere in the code.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Avoid adding <vendor> to custom CPUs
	Guest CPU definitions with mode='custom' and missing <vendor> are
	expected to run on a host CPU from any vendor as long as the required
	CPU model can be used as a guest CPU on the host. But even though no CPU
	vendor was explicitly requested we would sometimes force it due to a bug
	in virCPUUpdate and virCPUTranslate.

	The bug would effectively forbid cross vendor migrations even if they
	were previously working just fine.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Introduce virCPUConvertLegacy API
	PPC driver needs to convert POWERx_v* legacy CPU model names into POWERx
	to maintain backward compatibility with existing domains. This patch
	adds a new step into the guest CPU configuration work flow which CPU
	drivers can use to convert legacy CPU definitions.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Don't test cpuGuestData
	The API is no longer used anywhere else since it was replaced by a much
	saner work flow utilizing new APIs that work on virCPUDefPtr directly:
	virCPUCompare, virCPUUpdate, and virCPUTranslate.

	Not testing the new work flow caused some bugs to be hidden. This patch
	reveals them, but doesn't attempt to fix them. To make sure all test
	still pass after this patch, all affected test results are modified to
	pretend the tests succeeded. All of the bugs will be fixed in the
	following commits and the artificial modifications will be reverted.

	The following is the list of bugs in the new CPU model work flow:

	- a guest CPU with mode='custom' and missing <vendor/> gets the vendor
	  copied from host's CPU (the vendor should only be copied to host-model
	  CPUs):
	    DO_TEST_UPDATE("x86", "host", "min", VIR_CPU_COMPARE_IDENTICAL)
	    DO_TEST_UPDATE("x86", "host", "pentium3", VIR_CPU_COMPARE_IDENTICAL)
	    DO_TEST_GUESTCPU("x86", "host-better", "pentium3", NULL, 0)

	- when a guest CPU with mode='custom' needs to be translated into
	  another model because the original model is not supported by a
	  hypervisor, the result will have its vendor set to the vendor of the
	  original CPU model as specified in cpu_map.xml even if the original
	  guest CPU XML didn't contain <vendor/>:
	    DO_TEST_GUESTCPU("x86", "host", "guest", model486, 0)
	    DO_TEST_GUESTCPU("x86", "host", "guest", models, 0)
	    DO_TEST_GUESTCPU("x86", "host-Haswell-noTSX", "Haswell-noTSX",
	                     haswell, 0)

	- legacy POWERx_v* model names are not recognized:
	    DO_TEST_GUESTCPU("ppc64", "host", "guest-legacy", ppc_models, 0)

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Make models array in virCPUTranslate constant
	The API doesn't change the array so let's make it constant.

	cputest: Don't use preferred CPU model at all
	Now that all tests pass NULL as the preferred model, we can just drop
	that test parameter.

	cputest: Don't use superfluous preferred model
	In some cases preferred model doesn't really do anything since the
	result remains the same even if it is removed.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Don't use preferred model with forbidden fallback
	Using a preferred model for guest CPUs with forbidden fallback masks a
	bug in the code. It would just happily use another CPU model supported
	by a hypervisor even though it is explicitly forbidden in the CPU XML.

	This patch temporarily changes the expected result to -2, which is used
	when the result XML file cannot be found (but it was supposed not to be
	found since the tested API should have failed). The result will be
	switched back to -1 few commits later when the original bug gets fixed.

2016-11-15  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Don't use unsupported preferred model
	Using a preferred CPU model which is not in the list of CPU models
	supported by a hypervisor does not make sense.

	cputest: Don't use preferred model for minimum match CPUs
	Guest CPUs with match='minimum' should always be updated to match host
	CPU model. Trying to get different results by supplying preferred models
	does not make sense.

	cpu: Rename cpuDataFormat
	The new name is virCPUDataFormat.

	cpu: Rename cpuDataParse
	The new name is virCPUDataParse.

	cpu: Rename and document cpuModelIsAllowed
	The new name is virCPUModelIsAllowed.

	cpu: Rename cpuGetModels
	The new name is virCPUGetModels.

2016-11-15  Maxim Nestratov  <mnestratov@virtuozzo.com>

	qemu: fix libvirtd crash when querying halted cpus info
	It was introduced by commit 7a51d9ebb, which started to use
	monitor commands without job acquiring, which is unsafe and leads
	to simultaneous access to vm->mon structure by different threads.

	Crash backtrace is the following (shortened):

	Program received signal SIGSEGV, Segmentation fault.
	qemuMonitorSend (mon=mon@entry=0x7f4ef4000d20, msg=msg@entry=0x7f4f18e78640) at qemu/qemu_monitor.c:1011
	1011        while (!mon->msg->finished) {

	0  qemuMonitorSend () at qemu/qemu_monitor.c:1011
	1  0x00007f691abdc720 in qemuMonitorJSONCommandWithFd () at qemu/qemu_monitor_json.c:298
	2  0x00007f691abde64a in qemuMonitorJSONCommand at qemu/qemu_monitor_json.c:328
	3  qemuMonitorJSONQueryCPUs at qemu/qemu_monitor_json.c:1408
	4  0x00007f691abcaebd in qemuMonitorGetCPUInfo g@entry=false) at qemu/qemu_monitor.c:1931
	5  0x00007f691ab96863 in qemuDomainRefreshVcpuHalted at qemu/qemu_domain.c:6309
	6  0x00007f691ac0af99 in qemuDomainGetStatsVcpu at qemu/qemu_driver.c:18945
	7  0x00007f691abef921 in qemuDomainGetStats  at qemu/qemu_driver.c:19469
	8  qemuConnectGetAllDomainStats at qemu/qemu_driver.c:19559
	9  0x00007f693382e806 in virConnectGetAllDomainStats at libvirt-domain.c:11546
	10 0x00007f6934470c40 in remoteDispatchConnectGetAllDomainStats at remote.c:6267

	(gdb) p mon->msg
	$1 = (qemuMonitorMessagePtr) 0x0

	This change fixes it by calling qemuDomainRefreshVcpuHalted only when job is acquired.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: initially reserve one open pcie-root-port for hotplug
	For machinetypes with a pci-root bus (all legacy PCI), libvirt will
	make a "fake" reservation for one extra slot prior to assigning
	addresses to unaddressed PCI endpoint devices in the domain. This will
	trigger auto-adding of a pci-bridge for the final device to be
	assigned an address *if that device would have otherwise instead been
	the last device on the last available pci-bridge*; thus it assures
	that there will always be at least one slot left open in the domain's
	bus topology for expansion (which is important both for hotplug (since
	a new pci-bridge can't be added while the guest is running) as well as
	for offline additions to the config (since adding a new device might
	otherwise in some cases require re-addressing existing devices, which
	we want to avoid)).

	It's important to note that for the above case (legacy PCI), we must
	check for the special case of all slots on all buses being occupied
	*prior to assigning any addresses*, and avoid attempting to reserve
	the extra address in that case, because there is no free address in
	the existing topology, so no place to auto-add a pci-bridge for
	expansion (i.e. it would always fail anyway). Since that condition can
	only be reached by manual intervention, this is acceptable.

	For machinetypes with pcie-root (Q35, aarch64 virt), libvirt's
	methodology for automatically expanding the bus topology is different
	- pcie-root-ports are plugged into slots (soon to be functions) of
	pcie-root as needed, and the new endpoint devices are assigned to the
	single slot in each pcie-root-port. This is done so that the devices
	are, by default, hotpluggable (the slots of pcie-root don't support
	hotplug, but the single slot of the pcie-root-port does). Since
	pcie-root-ports can only be plugged into pcie-root, and we don't
	auto-assign endpoint devices to the pcie-root slots, this means
	topology expansion doesn't compete with endpoint devices for slots, so
	we don't need to worry about checking for all "useful" slots being
	free *prior* to assigning addresses to new endpoint devices - as a
	matter of fact, if we attempt to reserve the open slots before the
	used slots, it can lead to errors.

	Instead this patch just reserves one slot for a "future potential"
	PCIe device after doing the assignment for actual devices, but only
	if the only PCI controller defined prior to starting address
	assignment was pcie-root, and only if we auto-added at least one PCI
	controller during address assignment. This assures two things:

	1) that reserving the open slots will only be done when the domain is
	   initially defined, never at any time after, and

	2) that if the user understands enough about PCI controllers that they
	   are adding them manually, that we don't mess up their plan by
	   adding extras - if they know enough to add one pcie-root-port, or
	   to manually assign addresses such that no pcie-root-ports are
	   needed, they know enough to add extra pcie-root-ports if they want
	   them (this could be called the "libguestfs clause", since
	   libguestfs needs to be able to create domains with as few
	   devices/controllers as possible).

	This is set to reserve a single free port for now, but could be
	increased in the future if public sentiment goes in that direction
	(it's easy to increase later, but essentially impossible to decrease)

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: try to put ich9 sound device at 00:1B.0
	Real Q35 hardware has an ICH9 chip that includes several integrated
	devices at particular addresses (see the file docs/q35-chipset.cfg in
	the qemu source). libvirt already attempts to put the first two sets
	of ich9 USB2 controllers it finds at 00:1D.* and 00:1A.* to match the
	real hardware. This patch does the same for the ich9 "HD audio"
	device.

	The main inspiration for this patch is that currently the *only*
	device in a reasonable "workstation" type virtual machine config that
	requires a legacy PCI slot is the audio device, Without this patch,
	the standard Q35 machine created by virt-manager will have a
	dmi-to-pci-bridge and a pci-bridge just for the sound device; with the
	patch (and if you change the sound device model from the default
	"ich6" to "ich9"), the machine definition constructed by virt-manager
	has absolutely no legacy PCI controllers - any legacy PCI devices
	(e.g. video and sound) are on pcie-root as integrated devices.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: add a USB3 controller to Q35 domains by default
	Previously we added a set of EHCI+UHCI controllers to Q35 machines to
	mimic real hardware as closely as possible, but recent discussions
	have pointed out that the nec-usb-xhci (USB3) controller is much more
	virtualization-friendly (uses less CPU), so this patch switches the
	default for Q35 machinetypes to add an XHCI instead (if it's
	supported, which it of course *will* be).

	Since none of the existing test cases left out USB controllers in the
	input XML, a new Q35 test case was added which has *no* devices, so
	ends up with only the defaults always put in by qemu, plus those added
	by libvirt.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: don't force-add a dmi-to-pci-bridge just on principle
	Now the a dmi-to-pci-bridge is automatically added just as it's needed
	(when a pci-bridge is being added), we no longer have any need to
	force-add one to every single Q35 domain.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: update tests to not assume dmi-to-pci-bridge is always added
	A few of the qemu test cases assume that a dmi-to-pci-bridge will
	always be added at index 1, and so they omit it from the input data
	even though a pci-bridge is present at index 2, e.g.:

	   <controller type='pci' index='0' model='pcie-root'/>
	   <controller type='pci' index='2' model='pci-bridge'/>

	Support for this odd practice was discussed on libvir-list and we
	decided that the complex code required to make this continue was not
	worth the headache of maintaining. So instead, this patch modifies the
	test cases to manually add a dmi-to-pci-bridge at index 1 (since an
	upcoming patch is going to eliminate the unconditional adding of
	dmi-to-pci-bridge).

	Because the auto-add was placing the dmi-to-pci-bridge later in the
	list (even though it has a lower index) the test output is also
	updated to take account for the new order (which puts the pci
	controllers in index-order)

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: auto-add pcie-root-port/dmi-to-pci-bridge controllers as needed
	Previously libvirt would only add pci-bridge devices automatically
	when an address was requested for a device that required a legacy PCI
	slot and none was available. This patch expands that support to
	dmi-to-pci-bridge (which is needed in order to add a pci-bridge on a
	machine with a pcie-root), and pcie-root-port (which is needed to add
	a hotpluggable PCIe device). It does *not* automatically add
	pcie-switch-upstream-ports or pcie-switch-downstream-ports (and
	currently there are no plans for that).

	Given the existing code to auto-add pci-bridge devices, automatically
	adding pcie-root-ports is fairly straightforward. The
	dmi-to-pci-bridge support is a bit tricky though, for a few reasons:

	1) Although the only reason to add a dmi-to-pci-bridge is so that
	   there is a reasonable place to plug in a pci-bridge controller,
	   most of the time it's not the presence of a pci-bridge *in the
	   config* that triggers the requirement to add a dmi-to-pci-bridge.
	   Rather, it is the presence of a legacy-PCI device in the config,
	   which triggers auto-add of a pci-bridge, which triggers auto-add of
	   a dmi-to-pci-bridge (this is handled in
	   virDomainPCIAddressSetGrow() - if there's a request to add a
	   pci-bridge we'll check if there is a suitable bus to plug it into;
	   if not, we first add a dmi-to-pci-bridge).

	2) Once there is already a single dmi-to-pci-bridge on the system,
	   there won't be a need for any more, even if it's full, as long as
	   there is a pci-bridge with an open slot - you can also plug
	   pci-bridges into existing pci-bridges. So we have to make sure we
	   don't add a dmi-to-pci-bridge unless there aren't any
	   dmi-to-pci-bridges *or* any pci-bridges.

	3) Although it is strongly discouraged, it is legal for a pci-bridge
	   to be directly plugged into pcie-root, and we don't want to
	   auto-add a dmi-to-pci-bridge if there is already a pci-bridge
	   that's been forced directly into pcie-root.

	Although libvirt will now automatically create a dmi-to-pci-bridge
	when it's needed, the code still remains for now that forces a
	dmi-to-pci-bridge on all domains with pcie-root (in
	qemuDomainDefAddDefaultDevices()). That will be removed in a future
	patch.

	For now, the pcie-root-ports are added one to a slot, which is a bit
	wasteful and means it will fail after 31 total PCIe devices (30 if
	there are also some PCI devices), but helps keep the changeset down
	for this patch. A future patch will have 8 pcie-root-ports sharing the
	functions on a single slot.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: only force an available legacy-PCI slot on domains with pci-root
	Andrea had the right idea when he disabled the "reserve an extra
	unused slot" bit for aarch64/virt. For *any* PCI Express-based
	machine, it is pointless since 1) an extra legacy-PCI slot can't be
	used for hotplug, since hotplug into legacy PCI slots doesn't work on
	PCI Express machinetypes, and 2) even for "coldplug" expansion,
	everybody will want to expand using Express controllers, not legacy
	PCI.

	This patch eliminates the extra slot reserve unless the system has a
	pci-root (i.e. legacy PCI)

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: assign nec-xhci (USB3) controller to a PCIe address when appropriate
	The nec-usb-xhci device (which is a USB3 controller) has always
	presented itself as a PCI device when plugged into a legacy PCI slot,
	and a PCIe device when plugged into a PCIe slot, but libvirt has
	always auto-assigned it to a legacy PCI slot.

	This patch changes that behavior to auto-assign to a PCIe slot on
	systems that have pcie-root (e.g. Q35 and aarch64/virt).

	Since we don't yet auto-create pcie-*-port controllers on demand, this
	means a config with an nec-xhci USB controller that has no PCI address
	assigned will also need to have an otherwise-unused pcie-*-port
	controller specified:

	   <controller type='pci' model='pcie-root-port'/>
	   <controller type='usb' model='nec-xhci'/>

	(this assumes there is an otherwise-unused slot on pcie-root to accept
	the pcie-root-port)

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: assign e1000e network devices to PCIe slots when appropriate
	The e1000e is an emulated network device based on the Intel 82574,
	present in qemu 2.7.0 and later. Among other differences from the
	e1000, it presents itself as a PCIe device rather than legacy PCI. In
	order to get it assigned to a PCIe controller, this patch updates the
	flags setting for network devices when the model name is "e1000e".

	(Note that for some reason libvirt has never validated the network
	device model names other than to check that there are no dangerous
	characters in them. That should probably change, but is the subject of
	another patch.)

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1343094

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: assign virtio devices to PCIe slot when appropriate
	libvirt previously assigned nearly all devices to a "hotpluggable"
	legacy PCI slot even on machines with a PCIe root bus (and even though
	most such machines don't even support hotplug on legacy PCI slots!)
	Forcing all devices onto legacy PCI slots means that the domain will
	need a dmi-to-pci-bridge (to convert from PCIe to legacy PCI) and a
	pci-bridge (to provide hotpluggable legacy PCI slots which, again,
	usually aren't hotpluggable anyway).

	To help reduce the need for these legacy controllers, this patch tries
	to assign virtio-1.0-capable devices to PCIe slots whenever possible,
	by setting appropriate connectFlags in
	virDomainCalculateDevicePCIConnectFlags(). Happily, when that function
	was written (just a few commits ago) it was created with a
	"virtioFlags" argument, set by both of its callers, which is the
	proper connectFlags to set for any virtio-*-pci device - depending on
	the arch/machinetype of the domain, and whether or not the qemu binary
	supports virtio-1.0, that flag will have either been set to PCI or
	PCIe. This patch merely enables the functionality by setting the flags
	for the device to whatever is in virtioFlags if the device is a
	virtio-*-pci device.

	NB: the first virtio video device will be placed directly on bus 0
	slot 1 rather than on a pcie-root-port due to the override for primary
	video devices in qemuDomainValidateDevicePCISlotsQ35(). Whether or not
	to change that is a topic of discussion, but this patch doesn't change
	that particular behavior.

	NB2: since the slot must be hotpluggable, and pcie-root (the PCIe root
	complex) does *not* support hotplug, this means that suitable
	controllers must also be in the config (i.e. either pcie-root-port, or
	pcie-downstream-port). For now, libvirt doesn't add those
	automatically, so if you put virtio devices in a config for a qemu
	that has PCIe-capable virtio devices, you'll need to add extra
	pcie-root-ports yourself. That requirement will be eliminated in a
	future patch, but for now, it's simple to do this:

	   <controller type='pci' model='pcie-root-port'/>
	   <controller type='pci' model='pcie-root-port'/>
	   <controller type='pci' model='pcie-root-port'/>
	   ...

	Partially Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1330024

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: set pciConnectFlags to 0 instead of PCI|HOTPLUGGABLE if device isn't PCI
	This patch cleans up the connect flags for certain types/models of
	devices that aren't PCI to return 0. In the future that may be used as
	an indicator to the caller about whether or not a device needs a PCI
	address. For now it's just ignored, except for in
	virDomainPCIAddressEnsureAddr() - called during device hotplug - (and
	in some cases actually needs to be re-set to PCI|HOTPLUGGABLE just in
	case someone (in some old config) has manually set a PCI address for a
	device that isn't PCI.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: set/use proper pciConnectFlags during hotplug
	Before now, all the qemu hotplug functions assumed that all devices to
	be hotplugged were legacy PCI endpoint devices
	(VIR_PCI_CONNECT_TYPE_PCI_DEVICE). This worked out "okay", because all
	devices *are* legacy PCI endpoint devices on x86/440fx machinetypes,
	and hotplug didn't work properly on machinetypes using PCIe anyway
	(hotplugging onto a legacy PCI slot doesn't work, and until commit
	b87703cf any attempt to manually specify a PCIe address for a
	hotplugged device would be erroneously rejected).

	This patch makes all qemu hotplug operations honor the pciConnectFlags
	set by the single all-knowing function
	qemuDomainDeviceCalculatePCIConnectFlags(). This is done in 3 steps,
	but in a single commit since we would have to touch the other points
	at each step anyway:

	1) add a flags argument to the hypervisor-agnostic
	virDomainPCIAddressEnsureAddr() (previously it hardcoded
	..._PCI_DEVICE)

	2) add a new qemu-specific function qemuDomainEnsurePCIAddress() which
	gets the correct pciConnectFlags for the device from
	qemuDomainDeviceConnectFlags(), then calls
	virDomainPCIAddressEnsureAddr().

	3) in qemu_hotplug.c replace all calls to
	virDomainPCIAddressEnsureAddr() with calls to
	qemuDomainEnsurePCIAddress()

	So in effect, we're putting a "shim" on top of all calls to
	virDomainPCIAddressEnsureAddr() that sets the right pciConnectFlags.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: set/use info->pciConnectFlags when validating/assigning PCI addresses
	Set pciConnectFlags in each device's DeviceInfo and then use those
	flags later when validating existing addresses in
	qemuDomainCollectPCIAddress() and when assigning new addresses with
	qemuDomainPCIAddressReserveNextAddr() (rather than scattering the
	logic about which devices need which type of slot all over the place).

	Note that the exact flags set by
	qemuDomainDeviceCalculatePCIConnectFlags() are different from the
	flags previously set manually in qemuDomainCollectPCIAddress(), but
	this doesn't matter because all validation of addresses in that case
	ignores the setting of the HOTPLUGGABLE flag, and treats PCIE_DEVICE
	and PCI_DEVICE the same (this lax checking was done on purpose,
	because there are some things that we want to allow the user to
	specify manually, e.g. assigning a PCIe device to a PCI slot, that we
	*don't* ever want libvirt to do automatically. The flag settings that
	we *really* want to match are 1) the old flag settings in
	qemuDomainAssignDevicePCISlots() (which is HOTPLUGGABLE | PCI_DEVICE
	for everything except PCI controllers) and 2) the new flag settings
	done by qemuDomainDeviceCalculatePCIConnectFlags() (which are
	currently exactly that - HOTPLUGGABLE | PCI_DEVICE for everything
	except PCI controllers).

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: new functions to calculate/set device pciConnectFlags
	The lowest level function of this trio
	(qemuDomainDeviceCalculatePCIConnectFlags()) aims to be the single
	authority for the virDomainPCIConnectFlags to use for any given device
	using a particular arch/machinetype/qemu-binary.

	qemuDomainFillDevicePCIConnectFlags() sets info->pciConnectFlags in a
	single device (unless it has no virDomainDeviceInfo, in which case
	it's a NOP).

	qemuDomainFillAllPCIConnectFlags() sets info->pciConnectFlags in all
	devices that have a virDomainDeviceInfo

	The latter two functions aren't called anywhere yet. This commit is
	just making them available. Later patches will replace all the current
	hodge-podge of flag settings with calls to this single authority.

2016-11-14  Laine Stump  <laine@laine.org>

	qemu: new functions qemuDomainMachineHasPCI[e]Root()
	These functions provide a simple one line method of learning if the
	current domain has a pci-root or pcie-root bus.

2016-11-14  Pavel Glushchak  <pglushchak@virtuozzo.com>

	vz: fixed migration in p2p mode
	dom xml generated on begin step should be passed
	to perform step in VIR_MIGRATE_PARAM_DEST_XML parameter.
	Otherwise 'XML error: failed to parse xml document' is
	raised on destination host as dom xml is NULL.

2016-11-14  Erik Skultety  <eskultet@redhat.com>

	tools: Replace vshPrint with vshPrintExtra on places we forgot about
	Although there already was an effort (b620bdee) to replace vshPrint occurrences
	with vshPrintExtra due to '--quiet' flag, there were still some leftovers. So
	this patch fixes them, hopefully for good.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356881

2016-11-14  Erik Skultety  <eskultet@redhat.com>

	tools: use vshError rather than vshPrint on failure
	There were a few places in our virsh* code where instead of calling vshError
	on failure we called vshPrint.

2016-11-14  Michal Privoznik  <mprivozn@redhat.com>

	storage.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	migration.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	logging.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	locking-sanlock.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	locking-lockd.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	rpc.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	locking.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	command.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatstorageencryption.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatstorage.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatsecret.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatnwfilter.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatnetwork.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatdomain.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	formatcaps.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	format.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	drvlxc.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	drvesx.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	drvbhyve.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	downloads.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	devguide.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	compiling.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	cgroups.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	aclpolkit.html.in: Kill useless spaces in <pre/>
	The <pre/> section is rendered as-is on the page. That is, if all
	the lines are prefixed with 4 spaces the rendered page will also
	have them. Problem is if we put a box around such <pre/> because
	the content might not fix into it.

	qemuDomainAttachNetDevice: Avoid @originalError leak
	Coverity identified that this variable might be leaked. And it's
	right. If an error occurred and we have to roll back the control
	jumps to try_remove label where we save the current error (see
	0e82fa4c34 for more info). However, inside the code a jump onto
	other label is possible thus leaking the error object.

2016-11-14  Erik Skultety  <eskultet@redhat.com>

	admin: Use the newly introduced close callback handling helpers
	Use the newly introduced close callback helpers to make the code look just a
	bit cleaner and more importantly, to fix the following memleak regarding a
	dangling virAdmConnect object reference caused by assigning NULL to the close
	callback data once the catch-disconnect routine used the callback followed
	by a comparison of NULL to the originally defined close callback (which at that
	moment had already been NULL'd by remoteAdminClientCloseFunc) in
	virAdmConnectCloseCallbackUnregister.

	717 (88 direct, 629 indirect) bytes in 1 blocks are definitely lost record
	 110 of 141
	    at 0x4C2A988: calloc (vg_replace_malloc.c:711)
	    by 0x530696F: virAllocVar (viralloc.c:560)
	    by 0x53689E6: virObjectNew (virobject.c:193)
	    by 0x5368B5E: virObjectLockableNew (virobject.c:219)
	    by 0x4E3E7EE: virAdmConnectNew (datatypes.c:900)
	    by 0x4E398BB: virAdmConnectOpen (libvirt-admin.c:220)
	    by 0x10D3E3: vshAdmConnect (virt-admin.c:161)
	    by 0x10D624: vshAdmReconnect (virt-admin.c:215)
	    by 0x10DB0A: cmdConnect (virt-admin.c:353)
	    by 0x11288F: vshCommandRun (vsh.c:1313)
	    by 0x10FDB6: main (virt-admin.c:1439)

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357358

2016-11-14  Erik Skultety  <eskultet@redhat.com>

	datatypes: Introduce some admin-related close callback handling helpers
	Well, there were three different spots where closeCallback->freeCallback was
	called, not looking the same --> potential for bugs - and there indeed is a bug
	with refcounting of the @conn object. So this patch partially follows the path
	set by commit 24dbb69f by introducing some close callback helpers both to
	replace all the spots where we call clean the close callback data with a
	dedicated function and to be able to fix the refcounting bug causing a memleak.

	admin: Remove unnecessary @conn object locking
	The only place we change the @conn object is actually virAdmConnectOpen
	routine, thus at the moment we don't really need to lock it, given the fact that
	what we're trying to do here is to change the closeCallback object which is a
	lockable object itself, so that should be enough to avoid races.

	vsh: Drop conditional error reporting in vshErrorHandler
	First, since commit 834c5720 the error reporting within the vshErrorHandler
	doesn't work because there was a lot of renaming going on (dull mechanical
	renaming without much thinking about it, yep - shame on me) and so the original
	env variable VIRSH_DEBUG got renamed to VSH_DEBUG which we don't support nor
	document anywhere. Second, by specifying this env variable, the last libvirt
	error gets reported twice despite the fact we say the error reporting should be
	deferred until the command finishes, and last but not least the vintage code's
	logic is a bit 'odd', since the error would get reported iff the env variable
	is set, even if the value should be equal to our DEFAULT value in which case it
	doesn't make sense that we behave differently when an env variable is set to
	some value and when there's no env variable at all but we use the same value
	automatically as default.

2016-11-12  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	In particular, pull in gnulib's fix for the broken SIZE_MAX on s390.

	* .gnulib: Update to latest.
	* bootstrap: Resync to upstream.

2016-11-11  Eric Farman  <farman@linux.vnet.ibm.com>

	Cleanup switch statements on the hostdev subsystem type
	As was suggested in an earlier review comment[1], we can
	catch some additional code points by cleaning up how we use the
	hostdev subsystem type in some switch statements.

	[1] End of https://www.redhat.com/archives/libvir-list/2016-September/msg00399.html

2016-11-11  Erik Skultety  <eskultet@redhat.com>

	vsh: Fix the incorrect environment variable prefix in error message
	Unlike the other error messages in vshInitDebug, this one relied on a hardcoded
	name of a variable instead of using the prefix of the tool calling the init
	routine.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1393854

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: remove bogus line-height override
	The default browser line height is fine. Overriding it
	causes <pre> blocks inside a <dl> to have enourmous
	spacing.

	docs: add some content to the XML format main page
	The XML format main page has never had any content in it,
	relying on the left navbar to provide links to the XML
	schema pages. Since the navbar is gone, the page needs
	to have some content created, otherwise it is useless.

	docs: remove outdated or duplicated content
	Remove a bunch of pages which are either outdated, have no
	content, or duplicate content better described elsewhere
	in the site or wiki.

	docs: remove navigation sidebar from pages
	A combination of the index page, top nav bar and docs.html page
	provide links to all pages on the site. The left hand nav bar
	is thus redundant and can be removed to provide a simpler style
	for the site.

	docs: fill out docs page with useful links
	The docs page is currently completely empty. Fill it in with
	links to the various documentation, categorized as to whether
	it is targetting people deploying libvirt, application
	developers using libvirt, or people working on libvirt
	itself.

	docs: add some improved styling to contact page
	Change the contact page styling to better distinguish the
	various mailing lists.

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: expand downloads page to cover all modules
	Previously the download page only covered the main libvirt
	module and the app dev guide. Expand it to provide direct
	links to all artifacts published by the project, whether
	the main library, language bindings, docs, or testing.

	Tweak the top table styling to better fit in with new
	branding.

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: rewrite content on front page to be more useful
	The front page contains a bunch of content that is either
	outdated (eg links to libvirt qpid) or not particularly
	useful (links to vendor hypervisor sites).

	This rewrites it to be more directly useful to visitors,
	providing a updated intro to libvirt project, direct
	links to key pieces of website content (new contributors
	guide, security process, bug reporting, XML formats), and
	feed showing recent 5 blog posts on the virt tools planet.

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Revert "syntax-check: Enforce <code> inside <dt> elements"
	This reverts commit 1f29f3da065ef12d3ec39c3c673186f8ea6d764e.

	Assuming <dt> is always used to document symbols is way too
	broad, requiring far too many exemptions to be marked to
	avoid syntax check rules.

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: remove related links page
	The related links page is either horribly outdated, or duplicating
	stuff already linked elsewhere.

	docs: remove todo page
	The todo page used to be auto-generated from bugzilla but is
	no longer used.

	docs: add three core links in the header bar
	Add links to download, communicate and learn in the
	header bar, as the main jumping off points for
	navigation.

	docs: add page describing contribution to libvirt
	Add a page that describes what contributions libvirt is
	looking for and how to get involved.

	docs: simplify style for headers
	Remove the 1px border underneath all headers and make them
	use black text to simplify visual appearance

	docs: add footer to all pages
	Add a footer to all pages containing a blurb about the
	code of conduct, and links to various communication
	channels / social media / user self-help sites.

	docs: provide new style logos for the apps page
	Replace the old "Made with libvirt" logo with links to the
	new "Libvirt powered" logos, providing various sizes.

	docs: redo style of front page
	Use a large logo banner across the front page. Tile the
	three lists of links into three panels

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: switch to new website banner
	Use a dark banner whose color matches the dark green used in
	the logo. Introduce a newly rendered version of the header
	logo derived from new SVG file, instead of old one from
	(now lost) Adobe Illustrator file.

	The top banner logo now links to the front page as is common
	practice for most websites.

2016-11-11  Daniel P. Berrange  <berrange@redhat.com>

	docs: add master SVG for libvirt logo
	Add the SVG files for the libvirt logo, along with corresponding
	pre-rendered PNG bitmaps at key sizes. Also add a README file
	describing how to modify the logos and their intended usages.

	docs: use overpass font for website
	The original libvirt logo was built using what appears to be
	either Overpass font, or one stylistically very similar (the
	slanted top of letters like 'l', 't', etc). The newly recreated
	libvirt logo will use Overpass. Use this font for the website
	text too, to provide a consistent style.

2016-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Generate memory device aliases according to slot number
	The memory device alias needs to be treated as machine ABI as qemu is
	using it in the migration stream for section labels. To simplify this
	generate the alias from the slot number unless an existing broken
	configuration is detected.

	With this patch the aliases are predictable and even certain
	configurations which would not be migratable previously are fixed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1359135

2016-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Assign slots to memory devices prior to usage
	As with other devices assign the slot number right away when adding the
	device. This will make the slot numbers static as we do with other
	addressing elements and it will ultimately simplify allocation of the
	alias in a static way which does not break with qemu.

2016-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: detect if dimm aliases are broken on reconnect
	Detect on reconnect to a running qemu VM whether the alias of a
	hotpluggable memory device (dimm) does not match the dimm slot number
	where it's connected to. This is necessary as qemu is actually
	considering the alias as machine ABI used to connect the backend object
	to the dimm device.

	This will require us to keep them consistent so that we can reliably
	restore them on migration. In some situations it was currently possible
	to create a mismatched configuration and qemu would refuse to restore
	the migration stream.

	To avoid breaking existing VMs we'll need to keep the old algorithm
	though.

2016-11-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Allow specifying only the slot number for hotpluggable memory
	Simplify handling of the 'dimm' address element by allowing to specify
	the slot number only. This will allow libvirt to allocate slot numbers
	before starting qemu.

2016-11-10  Daniel P. Berrange  <berrange@redhat.com>

	configure: remove fallback check for parted
	Since we no longer support building on RHEL-5, we can
	drop the non-pkg-config based check for parted.

	xen: remove legacy hack for RHEL-5 Xen
	We dropped support for RHEL-5 vintage Xen a while ago,
	but forgot to remove some of the hacks for it.

2016-11-10  John Ferlan  <jferlan@redhat.com>

	qemu: Remove erroneously placed comments for numerical ordering
	Commit id '74bbb8c2ec' seems to have mismerged a bit - adding 240 comments
	out of place.  Just clean that up.

2016-11-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachNetDevice: Enable multiqueue for vhost-user
	https://bugzilla.redhat.com/show_bug.cgi?id=1386976

	We have everything ready. Actually the only limitation was our
	check that denied hotplug of vhost-user.

2016-11-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachNetDevice: Don't overwrite error on rollback
	If there is an error hotpluging a net device (for whatever
	reason) a rollback operation is performed. However, whilst doing
	so various helper functions that are called report errors on
	their own. This results in the original error to be overwritten
	and thus misleading the user.

2016-11-10  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Make sure shmem memory is shared
	Even though using /dev/shm/asdf as the backend, we still need to make
	the mapping shared.  The original patch forgot to add that parameter.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1392031

2016-11-09  Michal Privoznik  <mprivozn@redhat.com>

	lxc.conf: s/QEMU/LXC/
	There's one copy paste error where a comment mentions QEMU
	instead of LXC driver.

2016-11-09  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: fix build with for old gcc
	../../src/qemu/qemu_capabilities.c:3757: error: declaration of
	'basename' shadows a global declaration [-Wshadow]

2016-11-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix double free when live-attaching shmem
	Function qemuDomainAttachShmemDevice() steals the device data if the
	hotplug was successful, but the condition checked for unsuccessful
	execution otherwise.

2016-11-09  Prasanna Kumar Kalever  <prasanna.kalever@redhat.com>

	qemu: command: Add debug option for gluster volumes
	Propagate the selected or default level to qemu if it's supported.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1376009

2016-11-09  Prasanna Kumar Kalever  <prasanna.kalever@redhat.com>

	qemu: conf: add option for tuning debug logging level
	This helps in selecting log level of the gluster gfapi, output to stderr.
	The option is 'gluster_debug_level', can be tuned by editing
	'/etc/libvirt/qemu.conf'

	Debug levels ranges 0-9, with 9 being the most verbose, and 0
	representing no debugging output.  The default is the same as it was
	before, which is a level of 4.  The current logging levels defined in
	the gluster gfapi are:

	    0 - None
	    1 - Emergency
	    2 - Alert
	    3 - Critical
	    4 - Error
	    5 - Warning
	    6 - Notice
	    7 - Info
	    8 - Debug
	    9 - Trace

2016-11-09  Andrea Bolognani  <abologna@redhat.com>

	tests: qemucaps: Add QMP introspection data for qemu 2.6.0 on aarch64 gicv3
	Add QMP schema data query for aarch64. The gic capabilities are
	unfortunately queried after the QMP schema and thus this patch needs to
	undo the temporary removal of the declared support for query-qmp-schema.

	Note that as a gicv3 machine was not available the schema data is taken
	from the gicv2 case. It should be identical since qemu would be built
	from the same source.

2016-11-09  Andrea Bolognani  <abologna@redhat.com>

	tests: qemucaps: Add QMP introspection data for qemu 2.6.0 on aarch64 gicv2
	Add QMP schema data query for aarch64. The gic capabilities are
	unfortunately queried after the QMP schema and thus this patch needs to
	undo the temporary removal of the declared support for query-qmp-schema.

2016-11-09  Prasanna Kumar Kalever  <prasanna.kalever@redhat.com>

	qemu: capabilities: Detect support for gluster debug setting
	Teach qemu driver to detect whether qemu supports specifying debug level
	for gluster volumes.

2016-11-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Add support for QMP schema introspection
	Allow detecting capabilities according to the qemu QMP schema. This is
	necessary as sometimes the availability of certain options depends on
	the presence of a field in the schema.

	This patch adds support for loading the QMP schema when detecting qemu
	capabilities and adds a very simple query language to allow traversing
	the schema and selecting a certain element from it.

	The infrastructure in this patch uses a query path to set a specific
	capability flag according to the availability of the given element in
	the schema.

2016-11-09  Peter Krempa  <pkrempa@redhat.com>

	tests: qemucaps: Temporarily remove 'query-qmp-schema' from test data
	Remove the command from the supported commands list temporarily so that
	QMP introspection code can be added without breaking tests and having to
	tweak the test data in the same commit.

	This will be later reverted and test data will be added. The aarch64
	code is special as it calls additional commands and thus the test data
	can't be added upfront.

2016-11-09  Andrea Bolognani  <abologna@redhat.com>

	tests: qemucaps: Add QMP introspection data for qemu 2.6.0 on ppc64le

2016-11-09  Pavel Hrdina  <phrdina@redhat.com>

	tests: qemucaps: Add QMP introspection data for qemu 2.7.0 on x86

	tests: qemucaps: Add QMP introspection data for qemu 2.6.0 on x86

	tests: qemucaps: Add QMP introspection data for qemu 2.5.0 on x86
	Add output of 'query-qmp-schema' to the capabilities test.

2016-11-09  Andrea Bolognani  <abologna@redhat.com>

	tests: qemucaps: Update aarch64 gicv2 replies for qemu 2.6.0 release
	Sync up to the released version of qemu.

	tests: qemucaps: Update ppc64 replies for qemu 2.6.0 release
	Sync up to the released version of qemu.

2016-11-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add code to retrieve and store QMP schema data
	Call 'query-qmp-schema' and store the returned types in a hash table
	keyed by the 'name' field so that the capabilities code can traverse it.

	util: json: add helper to iterate and steal members of json array
	Simplifies cases where JSON array members need to be transferred to a
	different structure.

2016-11-08  Michal Privoznik  <mprivozn@redhat.com>

	test driver: Deny some operations on inactive domains
	Some operations like reboot, save, coreDump, blockStats,
	ifaceStats make sense iff domain is running. While it is
	technically possible for our test driver to return success
	regardless of domain state, we should copy constraints from
	other drivers and thus deny these operations over inactive
	domains.

2016-11-08  John Ferlan  <jferlan@redhat.com>

	qemu: Only allow 'raw' format for scsi-block using virtio-scsi
	https://bugzilla.redhat.com/show_bug.cgi?id=1379196

	Add check in qemuCheckDiskConfig for an invalid combination
	of using the 'scsi' bus for a block 'lun' device and any disk
	source format other than 'raw'.

2016-11-08  Daniel P. Berrange  <berrange@redhat.com>

	Add vbox 5.1 driver file

	docs: add note about when lxc: XML namespace was added

2016-11-08  Dawid Zamirski  <dzamirski@datto.com>

	vbox: hookup the 5.1 C API to the unified driver

	vbox: add vbox 5.1 C API header file.
	extracted from VirutalBox SDK and reindented with cppi.

2016-11-08  Félix Bouliane  <felixbouliane@gmail.com>

	test driver: error out when domain destroy twice
	Fixes the behavior when destroying a domain more than once.
	VIR_ERR_OPERATION_INVALID should be raised when destroying an
	already destroyed domain.

2016-11-07  Guido Günther  <agx@sigxcpu.org>

	Unbreak rebuilding docs with release tarballs
	Release tarballs ship the include/libvirt/libvirt-common.h.

	when srcdir != builddir we end up including libvirt-common.h twice: from
	$top_srcdir/include/libvirt-common.h and from
	$builddir/include/libvirt-common.h leading to

	  function virTypedParamsGetUInt from /tmp/buildd/libvirt-2.4.0/debian/build/docs/../include/libvirt/libvirt-common.h redeclared in /tmp/buildd/libvirt-2.4.0/docs/../include/libvirt/libvirt-common.h
	  function virTypedParamsAddBoolean from /tmp/buildd/libvirt-2.4.0/debian/build/docs/../include/libvirt/libvirt-common.h redeclared in /tmp/buildd/libvirt-2.4.0/docs/../include/libvirt/libvirt-common.h
	   …

	Only add the builddir to the search list if there is no pregenerated
	libvirt-common.h.

	Reuse the existing check that predates the libvirt.h → libvirt-common.h
	split and that probably was meant for exactly that.

	References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842452

2016-11-07  Andrea Bolognani  <abologna@redhat.com>

	spec: Run all make jobs in parallel
	Commit e8861f69714f changed our spec file to compile and run
	tests in parallel. That's a very good step forward, but why
	stop there? Let's run *all* make jobs in parallel and really
	put those expensive cores to use!

	On my laptop, this shaves ~10s off 'make rpm'.

2016-11-07  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Use ${exec_prefix} instead of ${prefix}
	${exec_prefix} and ${prefix} point to the same directory in
	most setups, but when that's not the case the former should
	be used for architecture-dependent data such as shared objects,
	which makes it the best fit for our Wireshark dissector.

	While at it, change all uses of $(var) to ${var}: they are
	absolutely identicaly as far as make's concerned, but autoconf
	itself seems to prefer the latter form so we might as well
	follow suit.

2016-11-07  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Make fallback path construction more reliable
	We only need to strip $ws_prefix from $ws_plugindir if we've
	retrieved it from pkg-config: if we're building it ourselves
	from $libdir, we can just use it without further processing.

	wireshark: Don't redefine ws_plugindir
	autoconf already defines the variable for us, and prints out
	a warning if we try to do it a second time. So let's not :)

2016-11-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix build on RHEL-6
	Commit c29e6d4805 cause build failure on RHEL-6:

	../../src/qemu/qemu_capabilities.c: In function 'virQEMUCapsIsValid':
	../../src/qemu/qemu_capabilities.c:4085: error: declaration of 'ctime'
	shadows a global declaration [-Wshadow]
	/usr/include/time.h:258: error: shadowed declaration is here [-Wshadow]

2016-11-04  Michal Privoznik  <mprivozn@redhat.com>

	vshReadlineParse: Remove unused variable
	After 06a7b1ff4 the @&opts_need_arg is not used anywhere. Well,
	it is set but never read:

	vsh.c: In function 'vshReadlineParse':
	vsh.c:2658:14: warning: variable 'opts_need_arg' set but not used [-Wunused-but-set-variable]
	     uint64_t opts_need_arg, opts_seen;
	              ^~~~~~~~~~~~~

2016-11-04  Alexander Vasilenko  <kaperang07@gmail.com>

	docs: Add Qt Virtual machines manager and Qt Remote viewer

2016-11-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unify cached caps validity checks
	Let's keep all run time validation of cached QEMU capabilities in
	virQEMUCapsIsValid and call it whenever we access the cache.
	virQEMUCapsInitCached should keep only the checks which do not make
	sense once the cache is loaded in memory.

	qemu: Store loaded QEMU binary ctime in qemuCaps
	virQEMUCapsLoadCache loads QEMU capabilities from a file, but strangely
	enough it returns the loaded QEMU binary ctime in qemuctime parameter
	instead of storing it in qemuCaps.

2016-11-03  Pavel Hrdina  <phrdina@redhat.com>

	configure: check gnutls related stuff only if gnutls was found
	This fixes a build issue with old gnutls.
	Broken by commit 680d2f49da.

	Reported-by: Olga Krishtal <okrishtal@virtuozzo.com>

2016-11-03  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Build & run tests in parallel
	So far, the main code is built in parallel, which makes it pretty
	fast. But with a lots of tests we have now I've noticed this part
	takes too much time to build. The problem was that tests were
	build and run in a single job.

	Also, 'make' in the first hunk is useless. The test suite is not
	built due to 'make all' because there's no .git in the sources
	unpacked from a tar.xz archive. It's 'make check' which triggers
	tests build.

2016-11-02  Pavel Timofeev  <timp87@gmail.com>

	loopback is not always just lo
	 On BSD family OSes (Free/Net/Open/DragonFlyBSD, Mac OS) and
	 Solaris loopback interface is called 'lo0' instead of just 'lo'.

2016-11-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for hot/cold-(un)plug of shmem devices
	This is needed in order to migrate a domain with shmem devices as that
	is not allowed to migrate.

2016-11-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Support newer ivshmem device variants
	QEMU added support for ivshmem-plain and ivshmem-doorbell.  Those are
	reworked varians of legacy ivshmem that are compatible from the guest
	POV, but not from host's POV and have sane specification and handling.

	Details about the newer device type can be found in qemu's commit
	5400c02b90bb:

	  http://git.qemu.org/?p=qemu.git;a=commit;h=5400c02b90bb

2016-11-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Save various defaults for shmem
	We're keeping some things at default and that's not something we want to
	do intentionally.  Let's save some sensible defaults upfront in order to
	avoid having problems later.  The details for the defaults (of the newer
	implementation) can be found in qemu's commit 5400c02b90bb:

	  http://git.qemu.org/?p=qemu.git;a=commit;h=5400c02b90bb

	Since we are merely saving the defaults it will not change the guest ABI
	and thanks to the fact that we're doing it in the PostParse callback it
	will not break the ABI stability checks.

2016-11-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add capabilities for ivshmem-{plain,doorbell}

	conf, qemu: Add newer shmem models
	The old ivshmem is deprecated in QEMU, so let's use the better
	ivshmem-{plain,doorbell} variants instead.

	conf, qemu: Add support for shmem model
	Just the default one now, new ones will be added in following commits.

2016-11-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Reset post-copy capability after migration
	Unlike other migration capabilities, post-copy is also set on the
	destination host which means it doesn't disappear once domain is
	migrated. As a result of that other functionality which internally uses
	migration to a file (virDomainManagedSave, virDomainSave,
	virDomainCoreDump) may fail after migration because the post-copy
	capability is still set.

	https://bugzilla.redhat.com/show_bug.cgi?id=1374718

2016-11-02  Pavel Hrdina  <phrdina@redhat.com>

	m4/virt-gnutls: remove code for gnutls < 2.2.0
	Commit d8a8af3492 changed the minimal required version of gnutls
	so it's safe to remove the code for older versions.

	configure: move gnutls check into virt-gnutls.m4

2016-11-02  Jiri Denemark  <jdenemar@redhat.com>

	Post-release version bump to 2.5.0

2016-11-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-2.4.0
	* docs/news.html.in: update for the release
	* po/*.po*: regenerated

2016-11-01  Daniel P. Berrange  <berrange@redhat.com>

	docs: remove obsolete library.xen file
	The library.xen file contains a braindump of thoughts dating
	from the very first days of libvirt, when it was briefly
	called libxen. This is not useful and potentially misleading
	or confusing for people.

2016-10-28  John Ferlan  <jferlan@redhat.com>

	vsh: Pass correct values for command line completion
	Commit id 'dcfdf341' passes 'opts_need_arg' and 'opts_seen' to
	vshCmddefGetData, but that seems to be incorrect as those values
	are not initialized properly (something at least one compiler found).
	Instead the static 'const_opts_need_arg' and 'const_opts_seen' values
	should be passed.

	By passing unitialized values leads to not finding possible options
	for simpler commands (domfsfreeze for example), where if you're in
	a virsh shell using command line completion - you'll get a list of
	files in your current directory instead of two options --domain and
	--mountpoint (as would happen with this patch applied.

2016-10-28  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	vsh: Using VSH_REQUIRE_OPTION rather than virReportError
	Correcting the error reporting method by using VSH_REQUIRE_OPTION
	instead of virReportError

2016-10-28  Laine Stump  <laine@laine.org>

	network: fix endless loop when starting network with multiple IPs and no dhcp
	commit 9065cfaa added the ability to disable DNS services for a
	libvirt virtual network. If neither DNS nor DHCP is needed for a
	network, then we don't need to start dnsmasq, so code was added to
	check for this.

	Unfortunately, it was written with a great lack of attention to detail
	(I can say that, because I was the author), and the loop that checked
	if DHCP is needed for the network would never end if the network had
	multiple IP addresses and the first <ip> had no <dhcp> subelement
	(which would have contained a <range> or <host> subelement, thus
	requiring DHCP services).

	This patch rewrites the check to be more compact and (more
	importantly) finite.

	This bug was present in release 2.2.0 and 2.3.0, so will need to be
	backported to any relevant maintainence branches.

	Reported here:
	  https://www.redhat.com/archives/libvirt-users/2016-October/msg00032.html
	  https://www.redhat.com/archives/libvirt-users/2016-October/msg00045.html

2016-10-28  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_driver: unlink new domain cfg file when rollback
	If we failed to unlink old dom cfg file, we goto rollback.
	But inside rollback, we fogot to unlink the new dom cfg file.
	This patch fixes this issue.

2016-10-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Minimalize global driver accesses
	Whilst working on another issue, I've noticed that in some
	functions we have a local @driver variable among with access to
	global @qemu_driver variable. This makes no sense.

2016-10-27  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: Fix crash during qemuStateCleanup
	Rather than waiting until we've free'd up all the resources, cause the
	'workerPool' thread pool to flush as soon as possible during stateCleanup.
	Otherwise, it's possible something waiting to run will SEGV such as is the
	case during race conditions of simultaneous exiting libvirtd and qemu process.
	Resolves the following crash:

	[1] crash backtrace: (bt is shortened a bit):

	0  0x00007ffff7282f2b in virClassIsDerivedFrom
	   (klass=0xdeadbeef, parent=0x55555581d650) at util/virobject.c:169
	1  0x00007ffff72835fd in virObjectIsClass
	   (anyobj=0x7fffd024f580, klass=0x55555581d650) at util/virobject.c:365
	2  0x00007ffff7283498 in virObjectLock
	   (anyobj=0x7fffd024f580) at util/virobject.c:317
	3  0x00007ffff722f0a3 in virCloseCallbacksUnset
	   (closeCallbacks=0x7fffd024f580, vm=0x7fffd0194db0,
	    cb=0x7fffdf1af765 <qemuProcessAutoDestroy>)
	   at util/virclosecallbacks.c:164
	4  0x00007fffdf1afa7b in qemuProcessAutoDestroyRemove
	   (driver=0x7fffd00f3a60, vm=0x7fffd0194db0) at qemu/qemu_process.c:6365
	5  0x00007fffdf1adff1 in qemuProcessStop
	   (driver=0x7fffd00f3a60, vm=0x7fffd0194db0, reason=VIR_DOMAIN_SHUTOFF_CRASHED,
	    asyncJob=QEMU_ASYNC_JOB_NONE, flags=0)
	   at qemu/qemu_process.c:5877
	6  0x00007fffdf1f711c in processMonitorEOFEvent
	   (driver=0x7fffd00f3a60, vm=0x7fffd0194db0) at qemu/qemu_driver.c:4545
	7  0x00007fffdf1f7313 in qemuProcessEventHandler
	   (data=0x555555832710, opaque=0x7fffd00f3a60) at qemu/qemu_driver.c:4589
	8  0x00007ffff72a84c4 in virThreadPoolWorker
	   (opaque=0x555555805da0) at util/virthreadpool.c:167

	Thread 1 (Thread 0x7ffff7fb1880 (LWP 494472)):
	1  0x00007ffff72a7898 in virCondWait
	   (c=0x7fffd01c21f8, m=0x7fffd01c21a0) at util/virthread.c:154
	2  0x00007ffff72a8a22 in virThreadPoolFree
	   (pool=0x7fffd01c2160) at util/virthreadpool.c:290
	3  0x00007fffdf1edd44 in qemuStateCleanup ()
	   at qemu/qemu_driver.c:1102
	4  0x00007ffff736570a in virStateCleanup ()
	   at libvirt.c:807
	5  0x000055555556f991 in main (argc=1, argv=0x7fffffffe458) at libvirtd.c:1660

2016-10-27  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	daemon: Fix crash during daemon cleanup
	Do not dereference the 'dmn' until after the virStateCleanup is completed.

	During initialization, virStateInitialize requires/uses the "dmn" as the
	argument to/for the daemonInhibitCallback functions. Thus, cleanup cannot
	dereference 'dmn' until after calling the virStateCleanup which calls the
	the daemonInhibitCallback using 'dmn'; otherwise, the following crash occurs:

	backtrace (shortened a bit)

	1  0x00007fd3a791b2e6 in virCondWait (c=<optimized out>, m=<optimized out>)
	   at util/virthread.c:154
	2  0x00007fd3a791bcb0 in virThreadPoolFree (pool=0x7fd38024ee00)
	   at util/virthreadpool.c:266
	3  0x00007fd38edaa00e in qemuStateCleanup () at qemu/qemu_driver.c:1116
	4  0x00007fd3a79abfeb in virStateCleanup () at libvirt.c:808
	5  0x00007fd3a85f2c9e in main (argc=<optimized out>, argv=<optimized out>)
	    at libvirtd.c:1660

	Thread 1 (Thread 0x7fd38722d700 (LWP 32256)):
	0  0x00007fd3a7900910 in virClassIsDerivedFrom
	   (klass=0xdfd36058d4853, parent=0x7fd3a8f394d0) at util/virobject.c:169
	1  0x00007fd3a7900c4e in virObjectIsClass
	   (anyobj=anyobj@entry=0x7fd3a8f2f850, klass=<optimized out>)
	   at util/virobject.c:365
	2  0x00007fd3a7900c74 in virObjectLock (anyobj=0x7fd3a8f2f850)
	   at util/virobject.c:317
	3  0x00007fd3a7a24d5d in virNetDaemonRemoveShutdownInhibition
	   (dmn=0x7fd3a8f2f850) at rpc/virnetdaemon.c:547
	4  0x00007fd38ed722cf in qemuProcessStop
	   (driver=driver@entry=0x7fd380103810, vm=vm@entry=0x7fd38025b6d0,
	    reason=reason@entry=VIR_DOMAIN_SHUTOFF_SHUTDOWN,
	    asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_NONE, flags=flags@entry=0)
	   at qemu/qemu_process.c:5786
	5  0x00007fd38edd9428 in processMonitorEOFEvent
	   (vm=0x7fd38025b6d0, driver=0x7fd380103810) at qemu/qemu_driver.c:4588
	6  qemuProcessEventHandler (data=<optimized out>, opaque=0x7fd380103810)
	   at qemu/qemu_driver.c:4632
	7  0x00007fd3a791bb55 in virThreadPoolWorker
	   (opaque=opaque@entry=0x7fd3a8f1e4c0) at util/virthreadpool.c:145

2016-10-27  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: remove Bridged network name and rename Routed
	It's funny, but Routed network name was incorrect. We should use
	host-routed instead.

	vz: support type=bridge network interface type correctly
	Recently, libprlsdk got a separate flag PNA_BRIDGE corresponding to
	type=bridge libvirt network interfaces. Let's use it and get rid of
	all workarounds previously added to  support it.

2016-10-27  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu: Forbid pinning vCPUs for TCG domain
	We don't support cpu pinning for TCG domains because QEMU runs them in
	one thread only.  But vcpupin command was able to set them, which
	resulted in a failed startup, so make sure that doesn't happen.

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Recreate the USB address cache at reconnect
	When starting a new domain, we allocate the USB addresses and keep
	an address cache in the domain object's private data.

	However this data is lost on libvirtd restart.

	Also generate the address cache if all the addresses have been
	specified, so that devices hotplugged after libvirtd restart
	also get theirs assigned.

	https://bugzilla.redhat.com/show_bug.cgi?id=1387666

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Do not try to release virtio serial addresses
	Return 0 instead of 1, so that qemuDomainAttachChrDevice does not
	assume the address neeeds to be released on error.

	No functional change, since qemuDomainReleaseDeviceAddress has been a noop
	for virtio serial addresses since the address cache was removed
	in commit 19a148b.

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Fix crash on usb-serial hotplug
	For domains with no USB address cache, we should not attempt
	to generate a USB address.

	https://bugzilla.redhat.com/show_bug.cgi?id=1387665

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Return directly from qemuDomainAttachChrDeviceAssignAddr
	This function should never need a cleanup section.

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Introduce virDomainVirtioSerialAddrAutoAssign again
	This time do not require an address cache as a parameter.

	Simplify qemuDomainAttachChrDeviceAssignAddr to not generate
	the virtio serial address cache for devices of other types.

	Partially reverts commit 925fa4b.

2016-10-27  Ján Tomko  <jtomko@redhat.com>

	Add 'FromCache' to  virDomainVirtioSerialAddrAutoAssign
	Commit 19a148b dropped the cache from QEMU's private domain object.
	Assume the callers do not have the cache by default and use
	a longer name for the internal ones that do.

	This makes the shorter 'virDomainVirtioSerialAddrAutoAssign'
	name availabe for a function that will not require the cache.

2016-10-27  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Fix on_shutdown to on_poweroff
	The 'on_shutdown' was the name in Xen, there was never such option in
	libvirt's domain XML.

	Reported-by: Ruben Kerkhof <ruben@rubenkerkhof.com>

2016-10-26  Sławek Kapłoński  <slawek@kaplonski.pl>

	qemu, lxc: Raise error message when resuming running domain
	When user tries to resume already running domain (Qemu or LXC)
	VIR_ERR_OPERATION_INVALID error should be raised with message that
	domain is already running.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009008

2016-10-26  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Rename plugindir to ws_plugindir
	Since we're using autoconf to substitute the right value in
	Makefile.am now, we can use a less generic name without running
	into circular dependencies.

2016-10-26  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Inject $(prefix) at the right time
	Adding $(prefix) in Makefile.am, as we were doing, means that
	it would be prepended even when using --with-ws-plugindir,
	which is something we don't want to happen.

	Instead, we add it beforehand but take care that it doesn't
	get expanded until make is called.

2016-10-26  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Strip prefix correctly
	Even when we're building $plugindir ourselves because we can't
	retrieve it using pkg-config, we still want to strip the prefix,
	except in that case it would be the same prefix we're using for
	building libvirt.

	The fact that $plugindir is missing also doesn't tell us
	anything about $ws_prefix, so we have to handle the two variables
	separately.

2016-10-26  Andrea Bolognani  <abologna@redhat.com>

	wireshark: Hoist $ws_prefix declaration
	Keep all variable declarations close together.

	wireshark: Introduce $ws_modversion
	Use a separate variable instead of setting it inline for
	slightly cleaner code.

2016-10-26  Gema Gomez  <gema.gomez-solano@linaro.org>

	qemu: Add support for using AES secret for SCSI hotplug
	Support for virtio disks was added in commit id 'fceeeda', but not for
	SCSI drives. Add the secret for the server when hotplugging a SCSI drive.
	No need to make any adjustments for unplug since that's handled during
	the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in
	the qemuDomainDetachDeviceDiskLive switch.

	Added a test to/for the command line processing to show the command line
	options when adding a SCSI drive for the guest.

2016-10-26  John Ferlan  <jferlan@redhat.com>

	qemu: Add secret object hotplug for TCP chardev TLS
	https://bugzilla.redhat.com/show_bug.cgi?id=1300776

	Complete the implementation of support for TLS encryption on
	chardev TCP transports by adding the hotplug ability of a secret
	to generate the passwordid for the TLS object for chrdev, RNG,
	and redirdev.

	Fix up the order of object removal on failure to be the inverse
	of the attempted attach (for redirdev, chr, rng) - for each the
	tls object was being removed before the chardev backend.

	Likewise, add the ability to hot unplug that secret object as well
	and be sure the order of unplug matches that inverse order of plug.

2016-10-26  John Ferlan  <jferlan@redhat.com>

	qemu: Add a secret object to/for a char source dev
	Add the secret object so the 'passwordid=' can be added if the command line
	if there's a secret defined in/on the host for TCP chardev TLS objects.

	Preparation for the secret involves adding the secinfo to the char source
	device prior to command line processing. There are multiple possibilities
	for TCP chardev source backend usage.

	Add test for at least a serial chardev as an example.

2016-10-26  John Ferlan  <jferlan@redhat.com>

	qemu: Need to remove TLS object in RemoveRNGDevice
	Commit id '6e6b4bfc' added the object, but forgot the other end.

	qemu: Fix depedency order in qemuRemoveDiskDevice
	Need to remove the drive first, then the secobj and/or encobj if they exist.
	This is because the drive has a dependency on secobj (or the secret for
	the networked storage server) and/or the encobj (or the secret for the
	LUKS encrypted volume).  Deleting either object first leaves an drive
	without it's respective objects.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	virsh: Add _length parameters to virsh output
	https://bugzilla.redhat.com/show_bug.cgi?id=1349898

	Add the duration parameters to the virsh input/output for blkdeviotune
	command and describe them in the pod file.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	virsh: Create macros to add IOTUNE values
	Rework the repetitive lines to add iotune values into easier to read macros.
	One to handle the SCALED values and one to handle the non scaled values.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Add the length options to the iotune command line
	Add in the block I/O throttling length/duration parameter to the command
	line if supported. If not supported, fail command creation.

	Add the xml2argvtest for testing.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	conf: Add support for blkiotune "_length" options
	Modify _virDomainBlockIoTuneInfo and rng schema to support the _length
	options for bps/iops throttling values. Document the new values.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Add length for bps/iops throttling parameters to driver
	Add support for a duration/length for the bps/iops and friends.

	Modify the API in order to add the "blkdeviotune." specific definitions
	for the iotune throttling duration/length options

	    total_bytes_sec_max_length
	    write_bytes_sec_max_length
	    read_bytes_sec_max_length
	    total_iops_sec_max_length
	    write_iops_sec_max_length
	    read_iops_sec_max_length

2016-10-25  John Ferlan  <jferlan@redhat.com>

	caps: Add new capability for the bps/iops throttling length
	Add the capability to detect if the qemu binary can support the feature
	to use bps-max-length and friends.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	include: Add new definitions for duration for bps/iops throttling
	Add new options to allow proving a duration/length in seconds to allow the
	bps/iops (and friends) to occur:

	    total_bytes_sec_max_length
	    write_bytes_sec_max_length
	    read_bytes_sec_max_length
	    total_iops_sec_max_length
	    write_iops_sec_max_length
	    read_iops_sec_max_length

	Add continue for compiler hint to return to for control

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSetBlockIoTuneDefaults
	Create a helper to set the bytes/iops iotune default values based on
	the current qemu setting for both the live and persistent definitions.
	NB: This also fixes an unreported bug where the persistent values for
	*_max and size_iops_sec would be set back to 0 if unrelated persistent
	values were set.

	qemu: Move setting of conf_disk in qemuDomainSetBlockIoTune
	Since persistent_def is the only place that uses it, let's just keep
	it closer to where it's used.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Return real error message for block_set_io_throttle
	This patch will also adjust the qemuMonitorJSONSetBlockIoThrottle error
	procession so that rather than returning/displaying:

	    "error: internal error: Unexpected error"

	Fetch the actual error message from qemu and display that

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Create a macro to handle setting bytes/iops iotune values
	Create a macros to hide all the comparisons for each of the fields.

	Add a 'continue;' for a compiler hint that we only need to find one
	this should be similar enough to the if - elseif - elseif logic.

2016-10-25  John Ferlan  <jferlan@redhat.com>

	qemu: Move TLS object remove from DetachChr to RemoveChr
	Commit id '2c32237' added the TLS object removal to the DetachChrDevice
	all when it should have been added to the RemoveChrDevice since that's
	the norm for similar processing (e.g. disk)

2016-10-25  Ján Tomko  <jtomko@redhat.com>

	virQEMUCapsReset: also clear out hostCPUModel
	After succesfully reading an outdated caps cache from disk,
	calling virQEMUCapsReset did not properly clear out the calculated
	host CPU model. This lead to a memory leak when the host CPU model
	pointer was overwritten later in virQEMUCapsNewForBinaryInternal.

	Introduced by commit 68c70118.

2016-10-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix leaking of allocated migration ports
	Although the migration port is immediately released in the
	finish phase of migration, it was never set in the domain
	private object when allocated in the prepare phase. So
	libxlDomainMigrationFinish() always released a 0-initialized
	migrationPort, leaking any allocated port. After enough
	migrations to exhaust the migration port pool, migration would
	fail with

	error: internal error: Unable to find an unused port in range
	       'migration' (49152-49216)

	Fix it by setting libxlDomainObjPrivate->migrationPort to the
	port allocated in the prepare phase. While at it, also fix
	leaking an allocated port if the prepare phase fails.

2016-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	doc: update virsh domstats documentation for vcpu statistics
	Added description for new vcpu.<num>.halted statistics value.
	While there, also added a description for vcpu.<num>.wait and
	clarified the units displayed for time and wait.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: add vcpu.n.halted to vcpu domain stats
	Extended qemuDomainGetStatsVcpu to include the per vcpu halted
	indicator if reported by QEMU. The key for new boolean value
	has the format "vcpu.<n>.halted".

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Add domain support for VCPU halted state
	Adding a field to the domain's private vcpu object to hold the halted
	state information.
	Adding two functions in support of the halted state:
	- qemuDomainGetVcpuHalted: retrieve the halted state from a
	  private vcpu object
	- qemuDomainRefreshVcpuHalted: obtain the per-vcpu halted states
	  via qemu monitor and store the results in the private vcpu objects

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Hao QingFeng <haoqf@linux.vnet.ibm.com>

2016-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Add monitor support for CPU halted state
	Extended the qemuMonitorCPUInfo with a halted flag. Extract the halted
	flag for both text and JSON monitor.

2016-10-24  Laine Stump  <laine@laine.org>

	qemu: replace calls to virDomainPCIAddressReserveNext*() with static function
	An upcoming commit will remove the "flag" argument from all the calls
	to reserve the next available address|slot, but I don't want to change
	the arguments in the hypervisor-agnostic
	virDomainPCIAddressReserveNext*() functions, so this patch places a
	simple qemu-specific wrapper around those functions - the new
	functions don't take a flags arg, but grab it from the device's
	info->pciConnectFlags.

	conf: make virDomainPCIAddressGetNextSlot() a local static function
	This function is no longer needed outside of domain_addr.c.

	qemu: use virDomainPCIAddressReserveNextAddr in qemuDomainAssignDevicePCISlots
	instead of calling virDomainPCIAddressGetNextSlot() (which I want to
	turn into a local static in domain_addr.c).

2016-10-24  Laine Stump  <laine@laine.org>

	conf: new function virDomainPCIAddressReserveNextAddr()
	There is an existing virDomainPCIAddressReserveNextSlot() which will
	reserve all functions of the next available PCI slot. One place in the
	qemu PCI address assignment code requires reserving a *single*
	function of the next available PCI slot. This patch modifies and
	renames virDomainPCIAddressReserveNextSlot() so that it can fulfill
	both the original purpose and the need to reserve a single function.

	(This is being done so that the abovementioned code in qemu can have
	its "kind of open coded" solution replaced with a call to this new
	function).

2016-10-24  Pavel Hrdina  <phrdina@redhat.com>

	domain: fix migration to older libvirt
	Since TLS was introduced hostwide for libvirt 2.3.0 and a domain
	configurable haveTLS was implemented for libvirt 2.4.0, we have to
	modify the migratable XML for specific case where the 'tls' attribute
	is based on setting from qemu.conf.

	The "tlsFromConfig" is libvirt internal attribute and is stored only in
	status XML to ensure that when libvirtd is restarted this internal flag
	is not lost by the restart.

	That flag is used to decide whether we should put *tls* attribute to
	migratable XML or not.

2016-10-24  Pavel Hrdina  <phrdina@redhat.com>

	domain: Add optional 'tls' attribute for TCP chardev
	Add an optional "tls='yes|no'" attribute for a TCP chardev.

	For QEMU, this will allow for disabling the host config setting of the
	'chardev_tls' for a domain chardev channel by setting the value to "no" or
	to attempt to use a host TLS environment when setting the value to "yes"
	when the host config 'chardev_tls' setting is disabled, but a TLS environment
	is configured via either the host config 'chardev_tls_x509_cert_dir' or
	'default_tls_x509_cert_dir'

2016-10-24  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: remove union for one member from redirdev struct
	Currently the union has only one member so remove that union.  If there
	is a need to add a new type of source for new bus in the future this
	will force the author to add a union and properly check bus type before
	any access to union member.

	domain_conf: fix memory leak in virDomainDefAddConsoleCompat

2016-10-24  John Ferlan  <jferlan@redhat.com>

	qemu: Add TLS hotplug for qemuDomainAttachRNGDevice
	Commit id '2c322378' missed the nuance that the rng backend could be
	using a TCP chardev and if TLS is enabled on the host, thus will need
	to have the TLS object added.

	qemu: Add TLS hotplug for qemuDomainAttachRedirdevDevice
	Commit id '2c322378' missed the nuance that the redirdev backend could
	be using a TCP chardev and if TLS is enabled on the host, thus will need
	to have the TLS object added.

	qemu: Clean up error path in qemuDomainAttachRedirdevDevice
	It's about to get more complicated - let's alter the logic to handle
	various failures. Adds saving of the error as well.

	qemu: Introduce qemuDomainGetChardevTLSObjects for hotplug
	As it turns out more than one place will need these objects, so rather
	than cut-copy-paste in each, make a helper

	conf: Use virDomainChrSourceDefNew for virDomainRNGDef allocation
	Rather than VIR_ALLOC() the data, use virDomainChrSourceDefNew in order
	to get the private data if necessary.

	conf: Use virDomainChrSourceDefPtr for _virDomainRedirdevDef 'source.chr'
	Use a pointer and the virDomainChrSourceDefNew() function in order to
	allocate the structure for _virDomainRedirdevDef.

	conf: Use virDomainChrSourceDefPtr for _virDomainSmartcardDef 'passthru'
	Use a pointer and the virDomainChrSourceDefNew() function in order to
	allocate the structure for _virDomainSmartcardDef.

2016-10-24  Michal Privoznik  <mprivozn@redhat.com>

	xenFormatXLDisk: Unify commas pattern for arguments
	instead of:

	  virBufferAdd(buf, "arg1,");
	  virBufferAdd(buf, "arg2");

	lets have:

	  virBufferAdd(buf, "arg1");
	  virBufferAdd(buf, ",arg2");

	Because it's better. Consider we want to add conditionally arg3.
	With this change, it's simple:

	  if (cond)
	    virBufferAdd(buf, ",arg3");

	with current code there might be a comma hanging at EOL.

2016-10-23  Laine Stump  <laine@laine.org>

	qemu: change first arg of qemuDomainAttachChrDeviceAssignAddr()
	from virDomainDefPtr to virDomainObjPtr so that the function has
	access to the other parts of the virDomainObjPtr. Take advantage of
	this by removing the "priv" arg and retrieving it from the
	virDomainObjPtr instead.

	No functional change.

2016-10-23  Laine Stump  <laine@laine.org>

	qemu: make error message in qemuDomainPCIAddressSetCreate more clear.
	This error should only ever be seen by a developer anyway, but the
	existing message made even less sense that this new version.

	qemu: remove superfluous setting of addrs->nbuses
	This is already set by virDomainPCIAddressSetAlloc().

	conf: add typedef for anonymous enum used for memballoon device model
	For some reason the values of memballoon model are set using an
	anonymous enum, making it impossible to perform nice tricks like
	demanding there are cases for all possible values in a switch. This
	patch turns the anonymous enum into virDomainMemballoonModel.

	qemu: replace "def->nets[i]" with "net" and "def->sounds[i]" with "sound"
	More occurences of repeatedly dereferencing the same pointer stored in
	an array are replaced with the definition of a temporary pointer that
	is then used directly. No functional change.

	qemu: replace a lot of "def->controllers[i]" with equivalent "cont"
	There's no functional change here. This pointer was just used so many
	times that the extra long lines became annoying.

2016-10-21  John Ferlan  <jferlan@redhat.com>

	conf: Move the privateData from virDomainChrDef to virDomainChrSourceDef
	Commit id '5f2a132786' should have placed the data in the host source
	def structure since that's also used by smartcard, redirdev, and rng in
	order to provide a backend tcp channel.  The data in the private structure
	will be necessary in order to provide the secret properly.

	This also renames the previous names from "Chardev" to "ChrSource" for
	the private data structures and API's

2016-10-21  John Ferlan  <jferlan@redhat.com>

	Introduce virDomainChrSourceDefNew for virDomainChrDefPtr
	Change the virDomainChrDef to use a pointer to 'source' and allocate
	that pointer during virDomainChrDefNew.

	This has tremendous "fallout" in the rest of the code which mainly
	has to change source.$field to source->$field.

2016-10-21  John Ferlan  <jferlan@redhat.com>

	vmx: Use the allocator virDomainChrDefNew
	Rather than VIR_ALLOC of the virDomainChrDefPtr

2016-10-21  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	doc: Describe the VCPU states returned by virsh vcpuinfo
	Added a brief description of the VCPU states.

2016-10-21  Ján Tomko  <jtomko@redhat.com>

	qemuBuildHostNetStr: remove dead code
	This function is never called for VIR_DOMAIN_NET_TYPE_HOSTDEV,
	and the dead code comment agrees.

	Introduced by commit 1dcbef8a.

2016-10-21  Ján Tomko  <jtomko@redhat.com>

	qemuBuildHostNetStr: do not start options with a comma
	Put the comma at the end and trim it later for consistency.

2016-10-21  Ján Tomko  <jtomko@redhat.com>

	qemuBuildHostNetStr: use type_sep earlier
	When hotplugging networks with ancient QEMUs not supporting
	QEMU_CAPS_NETDEV, we use space instead of a comma as the separator
	between the network type and other options.

	Except for "user", all the network types pass other options
	and use up the first separator by the time we get to the section
	that adds the alias (or vlan for QEMUs without CAPS_NETDEV).

	Since the alias/vlan is mandatory, convert all preceding code to add
	the separator at the end, removing the need to rewrite type_sep for
	all types but NET_TYPE_USER.

2016-10-21  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: set something in disk driver name
	Absent driver name attribute is invalid xml. Which in turn makes
	unusable 'virsh edit' for example. The value does not make
	much sense and ignored on input so nobody will hurt.

2016-10-21  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add serial number to disk devices
	vz sdk supports setting serial number only for disk devices.
	Getting serial upon cdrom(for example) is error however
	setting is just ignored. Let's check for disk device
	explicitly for clarity in both cases.

	Setting serial number for other devices is ignored
	with an info note just as before.

	We need usual conversion from "" to NULL in direction
	vz sdk -> libvirt, because "" is not valid for libvirt
	and "" means unspecifiend in vz sdk which is NULL for libvirt.

2016-10-21  John Ferlan  <jferlan@redhat.com>

	bhyve: Need to add parameter to virDomainChrDefNew
	Commit id '5f2a13278' missed this one.

2016-10-21  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: set localhost as vnc address
	We should set localhost as vnc address in case of empty string.
	Because Virtuozzo sets 0.0.0.0 as default vnc address.

2016-10-21  Michal Privoznik  <mprivozn@redhat.com>

	virt-wireshark.m4: Defer $(prefix) substitution
	The autoconf manual says we shouldn't be using this variable (and
	some others) outside of Makefiles as it prevents users providing
	their own prefix at the installation phase.

	https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html

2016-10-20  Sławek Kapłoński  <slawek@kaplonski.pl>

	networkValidate: Forbid new-line char in network name
	New line character in name of network is now forbidden because it
	mess virsh output and can be confusing for users.  Validation of
	name is done in network driver, after parsing XML to avoid
	problems with disappeared network which was already created with
	new-line char in name.

	Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=818064

2016-10-20  Sławek Kapłoński  <slawek@kaplonski.pl>

	network: Use new util function to check name
	New util function virXMLCheckIllegalChars is now used to test if
	parsed network contains illegal char '/' in it's name.

	virxml: Add function to check if string contains some illegal chars
	This new function can be used to check if e.g. name of XML
	node don't contains forbidden chars like "/" or "\n".

2016-10-19  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainChardevPrivatePtr
	Modeled after the qemuDomainHostdevPrivatePtr (commit id '27726d8c'),
	create a privateData pointer in the _virDomainChardevDef to allow storage
	of private data for a hypervisor in order to at least temporarily store
	secret data for usage during qemuBuildCommandLine.

	NB: Since the qemu_parse_command (qemuParseCommandLine) code is not
	expecting to restore the secret data, there's no need to add code
	code to handle this new structure there.

2016-10-19  John Ferlan  <jferlan@redhat.com>

	conf: Introduce {default|chardev}_tls_x509_secret_uuid
	Add a new qemu.conf variables to store the UUID for the secret that could
	be used to present credentials to access the TLS chardev.  Since this will
	be a server level and it's possible to use some sort of default, introduce
	both the default and chardev logic at the same time making the setting of
	the chardev check for it's own value, then if not present checking whether
	the default value had been set.

2016-10-19  Cédric Bosdonnat  <cbosdonnat@suse.com>

	xl: fix 8126d870 broken test
	xlconfigtest expects the comma, don't clean it up even if there is
	no target to write.

2016-10-19  Andrea Bolognani  <abologna@redhat.com>

	spec: Drop support for Fedora < 23
	We only claim support for OSs that are still supported by the
	respective vendors, which means anything older than Fedora 23
	is out. Reword the comment a bit to highlight the criteria.

2016-10-19  Cédric Bosdonnat  <cbosdonnat@suse.com>

	xl: don't output (null) target in domxml-to-native
	When converting a domain xml containing a CDROM device without
	any attached source, don't add a target=(null) to the libxl config
	disk definition: xen doesn't like it at all and would fail to start
	the domain.

2016-10-18  Pavel Hrdina  <phrdina@redhat.com>

	qemu: always generate the same alias for tls-creds-x509 object
	There was inconsistency between alias used to create tls-creds-x509
	object and alias used to link that object to chardev while hotpluging.
	Hotplug ends with this error:

	  error: Failed to detach device from channel-tcp.xml
	  error: internal error: unable to execute QEMU command 'chardev-add':
	  No TLS credentials with id 'objcharchannel3_tls0'

	In XML we have for example alias "serial0", but on qemu command line we
	generate "charserial0".

	The issue was that code, that creates QMP command to hotplug chardev
	devices uses only the second alias "charserial0" and that alias is also
	used to link the tls-creds-x509 object.

	This patch unifies the aliases for tls-creds-x509 to be always generated
	from "charserial0".

2016-10-18  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: create prefixed alias to separate variable
	Instead of typing the prefix every time we want to append parameters
	to qemu command line use a variable that contains prefixed alias.

	qemu_alias: introduce qemuAliasChardevFromDevAlias helper

	qemu_hotplug: fix crash in hot(un)plugging chardev devices
	We need to make sure that the chardev is TCP.  Without this check we
	may access different part of union and corrupt pointers.

2016-10-17  John Ferlan  <jferlan@redhat.com>

	qemu: Remove unnecessary NULL arg check
	qemuDomainSecret{Disk|Hostdev}Prepare has a prototype that checks for
	ATTRIBUTE_NONNULL(1) for 'conn'.

	qemu: Add 'verify-peer=yes' test for chardev TCP TLS
	Missing the option to set verify-peer to yes

	qemu: Remove unnecessary cfg fetch/unref
	qemuProcessPrepareDomain has no need to fetch/unref the cfg, so remove it.

2016-10-17  Andrea Bolognani  <abologna@redhat.com>

	conf: Explain some code in more detail
	The code is entirely correct, but it still managed to trip me
	up when I first ran into it because I did not realize right away
	that VIR_PCI_CONNECT_TYPES_ENDPOINT was not a single flag, but
	rather a mask including both VIR_PCI_CONNECT_TYPE_PCI_DEVICE and
	VIR_PCI_CONNECT_TYPE_PCIE_DEVICE.

	In order to save the next distracted traveler in PCI Address Land
	some time, document this fact with a comment. Add a test case for
	the behavior as well.

2016-10-14  Laine Stump  <laine@laine.org>

	conf: restrict what type of buses will accept a pci-bridge
	A pci-bridge has *almost* the same rules as a legacy PCI endpoint
	device for where it can be automatically connected, and until now both
	had been considered identical. There is one pairing that is okay when
	specifically requested by the user (i.e. manual assignment), but we
	want to avoid it when auto-assigning addresses - plugging a pci-bridge
	directly into pcie-root (it is cleaner to plug in a dmi-to-pci-bridge,
	then plug the pci-bridge into that).

	In order to allow that difference, this patch makes a separate
	CONNECT_TYPE for pci-bridge, and uses it to restrict auto-assigned
	addresses for pci-bridges to be only on pci-root, pci-expander-bus,
	dmi-to-pci-bridge, or on another pci-bridge.

	NB: As with other discouraged-but-seem-to-work configurations
	(e.g. plugging a legacy PCI device into a pcie-root-port) if someone
	*really* wants to, they can still force a pci-bridge to be plugged
	into pcie-root (by manually specifying its PCI address.)

2016-10-14  John Ferlan  <jferlan@redhat.com>

	util: Alter return value of virReadFCHost and fix mem leak
	https://bugzilla.redhat.com/show_bug.cgi?id=1357416

	Rather than return a 0 or -1 and the *result string, return just the result
	string to the caller.  Alter all the callers to handle the different return.

	As a side effect or result of this, it's much clearer that we cannot just
	assign the returned string into the scsi_host wwnn, wwpn, and fabric_wwn
	fields - rather we should fetch a temporary string, then as long as our
	fetch was good, VIR_FREE what may have been there, and STEAL what we just got.
	This fixes a memory leak in the virNodeDeviceCreateXML code path through
	find_new_device and nodeDeviceLookupSCSIHostByWWN which will continually
	call nodeDeviceSysfsGetSCSIHostCaps until the expected wwnn/wwpn is found
	in the device object capabilities.

2016-10-14  Martin Kletzander  <mkletzan@redhat.com>

	conf: Honour flags in virDomainPanicDefParseXML
	Without them we're keeping <alias/> even for inactive XML.

	schema: Allow alias for panic device
	As with all other devices, it's not part of 'address'.

2016-10-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Support interface type of vhost-user hotplug
	https://bugzilla.redhat.com/show_bug.cgi?id=1366108

	There are couple of things that needs to be done in order to
	allow vhost-user hotplug. Firstly, vhost-user requires a chardev
	which is connected to vhost-user bridge and through which qemu
	communicates with the bridge (no acutal guest traffic is sent
	through there, just some metadata). In order to generate proper
	chardev alias, we must assign device alias way sooner.

	Then, because we are plugging the chardev first, we need to do
	the proper undo if something fails - that is remove netdev too.
	We don't want anything to be left over in case attach fails at
	some point.

2016-10-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildHostNetStr: Support VIR_DOMAIN_NET_TYPE_VHOSTUSER
	https://bugzilla.redhat.com/show_bug.cgi?id=1366505

	So far, this function lacked support for
	VIR_DOMAIN_NET_TYPE_VHOSTUSER leaving callers to hack around the
	problem by constructing the command line on their own. This is
	not ideal as it blocks hot plug support.

2016-10-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildVhostuserCommandLine: Unify -netdev creation
	Currently, what we do for vhost-user network is generate the
	following part of command line:

	-netdev type=vhost-user,id=hostnet0,chardev=charnet0

	There's no need for 'type=' it is the default. Drop it.

2016-10-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildVhostuserCommandLine: Reuse qemuBuildChrChardevStr
	There's no need to reinvent the wheel here. We already have a
	function to format virDomainChrSourceDefPtr. It's called
	qemuBuildChrChardevStr(). Use that instead of some dummy
	virBufferAsprintf().

	qemuBuildChrChardevStr: Introduce @nowait argument
	This alone makes not much sense. But the aim is to reuse this
	function in qemuBuildVhostuserCommandLine() where 'nowait' is not
	supported for vhost-user devices.

	qemuBuildHostNetStr: Explicitly enumerate net types
	We tend to prevent using 'default' in switches. And it is for a
	good reason - control may end up in paths we wouldn't want for
	new values. In this specific case, if qemuBuildHostNetStr is
	called over VIR_DOMAIN_NET_TYPE_VHOSTUSER it would produce
	meaningless output. Fortunately, there no such call yet.

	qemuDomainAttachNetDevice: Explicitly list allowed types for hotplug
	Instead of blindly claim support for hot-plugging of every
	interface type out there we should copy approach we have for
	device types: white listing supported types and explicitly error
	out on unsupported ones.
	For instance, trying to hotplug vhostuser interface results in
	nothing usable from guest currently. vhostuser typed interfaces
	require additional work on our side.

	qemuDomainAttachNetDevice: Move hostdev handling a bit further
	The idea is to have function that does some checking at its
	beginning and then have one big switch for all the interface
	types it supports.

	qemuBuildInterfaceCommandLine: Move from if-else forest to switch

	qemuBuildInterfaceCommandLine: Move vhostuser handling a bit further
	The idea is to have function that does some checking of the
	arguments at its beginning and then have one big switch for all
	the interface types it supports. Each one of them generating the
	corresponding part of the command line.

	qemuBuildInterfaceCommandLine: Move hostdev handling a bit further
	The idea is to have function that does some checking of the
	arguments at its beginning and then have one big switch for all
	the interface types it supports. Each one of them generating the
	corresponding part of the command line.

	virDomainNetGetActualType: Return type is virDomainNetType
	This function for some weird reason returns integer instead of
	virDomainNetType type. It is important to return the correct type
	so that we know what values we can expect.

	virDomainNetDefParseXML: Realign
	There are couple of formatting issues. No functional change
	though.

	virLogDefineOutputs: Fix build without syslog.h
	Not every system out there has syslog, that's why we check for it
	in our configure script. However, in 640b58abdf while fixing
	another issue, some variables and functions are called that are
	defined only when syslog.h is present. But these function
	calls/variables were not guarded by #ifdef-s.

2016-10-14  Peter Krempa  <pkrempa@redhat.com>

	schema: smbios: allow any strings
	The smbios docs allow any string to be passed and libvirt does not
	really do any validation on them. Allow passing any string.

	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1373535

2016-10-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: escape smbios entry strings
	We pass free-form strings from the users to qemu, thus we need escape
	commas since they are passed to qemu monitor.

	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1373535

2016-10-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Don't bother reporting errors in smbios formatters
	qemuBuildSmbiosBiosStr and qemuBuildSmbiosSystemStr return NULL if
	there's nothing to format on the commandline. Reporting errors from
	buffer creation doesn't make sense since it would be ignored.

	qemu: command: Fix up coding style of smbios commandine formatters

2016-10-13  Michal Privoznik  <mprivozn@redhat.com>

	src: Treat PID as signed
	This initially started as a fix of some debug printing in
	virCgroupDetect. However it turned out that other places suffer
	from the similar problem. While dealing with pids, esp. in cases
	where we cannot use pid_t for ABI stability reasons, we often
	chose an unsigned integer type. This makes no sense as pid_t is
	signed.
	Also, new syntax-check rule is introduced so we won't repeat this
	mistake.

2016-10-13  Ivan Baldo  <ibaldo@adinet.com.uy>

	virsh: Be explicit that vol-resize is an offline operation.
	It is stated in the manual already, so let's mention the same thing in
	the description to avoid causing problems.

2016-10-13  Michal Privoznik  <mprivozn@redhat.com>

	testNodeGetCellsFreeMemory: Fix off by one error
	Consider the following scenario:

	  virsh # freecell --all
	      0:       2048 KiB
	      1:       4096 KiB
	  --------------------
	  Total:       6144 KiB

	  virsh # freecell 0
	  0: 2048 KiB

	  virsh # freecell 1
	  1: 4096 KiB

	And now before this change:

	  virsh # freecell 2

	After this change:

	  virsh # freecell 2
	  error: invalid argument: Range exceeds available cells

2016-10-13  Michal Privoznik  <mprivozn@redhat.com>

	testOpenDefault: Rename loop variable
	We have inclination to calling our loop variables i, j, k, not u.

2016-10-12  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: Fix typos in manpage

	virsh: Fix commas in manpage to enhance readability.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: add support to use virtio as secondary video device
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1369633

	qemu_command: introduce enum of secondary models for video device
	There are two video devices with models without VGA compatibility mode.
	They are primary used as secondary video devices, but in some cases it
	is required to use them also as primary video devices.

	qemu_command: cleanup qemuBuildVideoCommandLine

	qemu_command: properly detect which model to use for video device
	This improves commit 706b5b6277 in a way that we check qemu capabilities
	instead of what architecture we are running on to detect whether we can
	use *virtio-vga* model or not.  This is not a case only for arm/aarch64.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: check for existence of virtio-vga
	Commit 21373feb added support for primary virtio-vga device but it was
	checking for virtio-gpu.  Let's check for existence of virtio-vga if we
	want to use it.

	Virtio video device is currently represented by three different models
	*virtio-gpu-device*, *virtio-gpu-pci* and *virtio-vga*.  The first two
	models are tied together and if virtio video devices is compiled in they
	both exist.  However, the *virtio-vga* model doesn't have to exist on
	some architectures even if the first two models exist.  So we cannot
	group all three together.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: pass only video device to qemuBuildVgaVideoCommand

	qemu_command: separate code for video device via -vga attribute

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: always check capabilities for video devices
	Before this patch we've checked qemu capabilities for video devices
	only while constructing qemu command line using "-device" option.

	Since we support qemu only if "-device" option is present we can use
	the same capabilities to check also video devices while using "-vga"
	option to construct qemu command line.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: move video validation out of qemu_command
	Runtime validation that depend on qemu capabilities should be moved
	into qemuProcessStartValidateXML.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: move video validation out of qemu_command
	All definition validation that doesn't depend on qemu capabilities
	and was allowed previously as valid definition should be placed into
	qemuDomainDefValidate.

	The check whether video type is supported or not was based on an enum
	that translates type into model.  Use switch to ensure that if new
	video type is added, it will be properly handled.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: detect properties for virtio-gpu-device

	qemu_capabilities: rename QEMU_CAPS_VIRTIO_GPU_VIRGL
	We generally uses QEMU_CAPS_DEVICE_$NAME to probe for existence of some
	device and QEMU_CAPS_$NAME_$PROP to probe for existence of some property
	of that device.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: mark QEMU_CAPS_VGA_QXL capability as deprecated
	If QEMU in question supports QMP, this capability is set if
	QEMU_CAPS_DEVICE_QXL was set based on existence of "-device qxl". If
	libvirt needs to parse *help*, because there is no QMP support, it
	checks for existence of "-vga qxl", but it also parses output of
	"-device ?" and sets QEMU_CAPS_DEVICE_QXL too.

	Now that libvirt supports only QEMU that has "-device" implemented it's
	safe to drop this capability and stop using it.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: join capabilities for qxl and qxl-vga devices
	This patch simplifies QEMU capabilities for QXL video device.  QEMU
	exposes this device as *qxl-vga* and *qxl* and they are both the same
	device with the same set of parameters, the only difference is that
	*qxl-vga* includes VGA compatibility.

	Based on QEMU code they are tied together so it's safe to check only for
	presence of only one of them.

	This patch also removes an invalid test case "video-qxl-sec-nodevice"
	where there is only *qxl-vga* device and *qxl* device is not present.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	tests: fix some QXL capability combinations that don't make sense
	If one of QEMU_CAPS_DEVICE_QXL_VGA or QEMU_CAPS_DEVICE_QXL is set the
	other one will always be set as well because both devices are tied
	together in QEMU.

	The change of args files is caused by the presence of capability
	QEMU_CAPS_DEVICE_VIDEO_PRIMARY which means it's safe to use
	"-device qxl-vga" instead of "-vga qxl", see commit (e3f2686b) and
	by the fact that if QEMU_CAPS_VGA_QXL is set QEMU_CAPS_DEVICE_QXL_VGA
	and QEMU_CAPS_DEVICE_QXL would be set too (since we support only qemu
	with "-device" option).

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: remove xenner leftover from video device code
	Qemu supports *xen* video device only with XEN and this code was part
	of xenner code.  We dropped support for xenner in commit de9be0a.

	Before this patch if you used 'xen' video type you ended up with
	domain without any video device at all.  Now we don't allow to start
	such domain.

2016-10-12  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: move qemuProcessStartValidateGraphics to correct place

2016-10-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: vcpuinfo: Report proper vcpu numbers and data for offline VMs
	If the VM is offline virsh attempted to at least report the pinning
	information for the VM. This would not work properly now that the vcpus
	can be sparse. Fix it by getting the vcpu states from the XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1375920

2016-10-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Extract fallback handling in cmdVcpuinfo
	Put it into a separate function so that more fallback handling can be
	added without making a mess.

	virsh: Extract cpumap formatting in cmdVcpuinfo
	cmdVcpuinfo will be split in upcomming patches thus extract the common
	code that formats pinning cpumaps for the vcpus.

	virsh: Fix xpath queries for retrieving vcpu count
	The fallback code used if virDomainGetVcpusFlags is not supported used
	wrong XPath queries and basically did not work at all. Fix them to point
	to the <domain> <vcpu> element instead of <vcpus> which was not present
	until lately.

	virsh: domain: Fix broken indentation in virshCPUCountCollect
	I managed to space most of the code by 5 spaces instead of 4 when
	orignally implementing this function.

	util: bitmap: Make bitmaps const in virBitmapNewData and virBitmapDataToString
	The functions just read the passed pointer so it can be marked as const.

2016-10-12  Andrea Bolognani  <abologna@redhat.com>

	libvirt-guests: Weaken dependency on libvirtd
	The Requires relationship is very strong, in that it prevents
	a unit from running unless all the units it Requires are
	running as well.

	This turns out to be a problem because we want to be able to
	restart libvirtd at any time without having libvirt-guests
	suspend or shutdown running guests.

	Turn the Requires relationship into a Wants relationship:
	this way starting libvirt-guests will cause systemd to (attempt
	to) start libvirtd as well, but stopping or restarting libvirtd
	will not alter libvirt-guests' running state.

2016-10-12  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Disable migration with ivshmem
	It was never safe anyway and as such shouldn't have been enabled in the
	first place.  Future patches will allow hot-(un)pluging of some ivshmem
	devices as a workaround.

	conf: Don't complicate find loop

	conf: Fix virDomainShmemDefFind
	Due to the switch of parameters in a call to virDomainShmemDefEquals()
	no device was found when looking for device with all the information
	except address.  Also fix the indentation.

	Clean timer in virObjectEventStateFlush
	If the last event callback is unregistered while the event loop is
	dispatching, it is only marked as deleted, but not removed.  The number
	of callbacks is more than zero in that case, so the timer is not
	removed.  Because it can be removed in this function now (but also
	accessed afterwards so that we set 'isDispatching = false' and have it
	locked), we need to temporarily increase the reference counter of the
	state for the duration of this function.

	De-duplicate code into virObjectEventStateCleanupTimer()
	There is a repeating pattern of code that removes the timer if it's not
	needed.  So let's move it to a new function.  We'll also use it later.

	Reference state when using it as opaque
	There should be one more reference because it is being kept in the list
	of callbacks as an opaque.  We also unref it properly using
	virObjectFreeCallback.

	Change virDomainEventState to virObjectLockable
	This way we get reference counting and we can get rid of locking
	function.

2016-10-12  Corey S. McQuay  <csmcquay@linux.vnet.ibm.com>

	qemu: migration: Disallow migration of read only disk
	Currently Libvirt allows attempts to migrate read only disks. Qemu
	cannot handle this as read only disks cannot be written to on the
	destination system. The end result is a cryptic error message and a
	failed migration.

	This patch causes migration to fail earlier and provides a meaningful
	error message stating that migrating read only disks is not supported.

	Reviewed-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-10-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reuse virDomainDeGetVcpusTopology to calculate total vcpu count
	Rather than multiplying sockets, cores, and threads use the new helper
	for getting the vcpu count resulting from the topology.

2016-10-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Sanitize cpu topology numbers
	Make sure that the topology results into a sane number of cpus (up to
	UINT_MAX) so that it can be sanely compared to the vcpu count of the VM.

	Additionally the helper added in this patch allows to fetch the total
	number the topology results to so that it does not have to be
	reimplemented later.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1378290

2016-10-10  John Ferlan  <jferlan@redhat.com>

	util: Remove need for local 'nelems'
	Since it's only used in loop - just go direct.

	tests: Need to initialize data
	If not initialized and the virAsprintf to jsonreply or fulllablel fails,
	then the call to qemuMonitorTestFree will take stack data.

2016-10-10  John Ferlan  <jferlan@redhat.com>

	vsh: Fix some issues in auto completion code
	1. Move the declaration of const vshCmdDef *help - it should be at the
	   top of the "if" rather than in the middle.

	2. Change a comparison from && to || - without doing so we could crash
	   on commands like 'virsh list' which would allow completion of some
	   non -- option based on whatever was found in the current working
	   directory and then as soon as that was completed, the next <tab>
	   would crash since "opt" would be returned as NULL, but the check
	   was dereferencing "&& opt->type"

	3. Before dereferencing opt->completer, be sure opt isn't NULL.

2016-10-10  John Ferlan  <jferlan@redhat.com>

	util: Resolve memory leaks in virLogParse{Output|Filter}
	In both virLogParseOutput and virLogParseFilter, rather than returning
	NULL, goto cleanup since it's possible that for each the first condition
	passes, but the || condition doesn't and thus we leak memory.

	tests: Prefer virGetLastErrorMessage in testSELinuxLabeling
	Yet another case of not needing virGetLastError processing

	conf: Remove incorrect check when encoding shmem audit message
	Remove the !size check since size is initialized to NULL and thus
	causing the condition to always be true

2016-10-10  Martin Wilck  <mwilck@suse.de>

	network: add dnsmasq option 'dhcp-authoritative'
	The dnsmasq man page recommends that dhcp-authoritative "should be
	set when dnsmasq is definitely the only DHCP server on a network".
	This is the case for libvirt-managed virtual networks.

	The effect of this is that VMs that fail to renew their DHCP lease
	in time (e.g. if the VM or host is suspended) will be able to
	re-acquire the lease even if it's expired, unless the IP address has
	been taken by some other host. This avoids various annoyances caused
	by changing VM IP addresses.

2016-10-10  Martin Kletzander  <mkletzan@redhat.com>

	Don't update timer if there's none.
	Sometimes virObjectEventStateFlush can be called without timer (if the
	last event was unregistered right when the timer fired).  There is a
	check for timer == -1, but that triggers warning and other log messages,
	which is unnecessary.

2016-10-10  Stefan Bader  <stefan.bader@canonical.com>

	tools: Exclude Xen dom0 from libvirt-guests.sh list
	With newer versions of libvirt Domain-0 is again visible in the list of
	running guests but it should not be considered as a guest for shutdown
	or suspend.

	Signed-off-by Stefan Bader <stefan.bader@canonical.com>

2016-10-10  Stefan Bader  <stefan.bader@canonical.com>

	tools: Ignore newlines in libvirt-guests.sh guest list
	The list file expects all guest UUIDs on the same line as the URI
	which the guests run on. This does not happen when the list is
	echo'ed in quotes. When stripping the quotes, newlines get transformed
	into spaces. Without this, only the first guest on the list is actually
	handled.

	Based on a fix by Omar Siam <simar@gmx.net>

	Bug-Ubuntu: http://bugs.launchpad.net/bugs/1591695

2016-10-10  Luyao Huang  <lhuang@redhat.com>

	examples: Distribute all systemtap scripts.
	Due to a missing entries in Makefile, we were not distributing
	all the systemtap scripts we have.

2016-10-10  Erik Skultety  <eskultet@redhat.com>

	virlog: Split parsing and setting priority
	Handling of outputs and filters has been changed in a way that splits
	parsing and defining. Do the same thing for logging priority as well, this
	however, doesn't need much of a preparation.

	virlog: Remove functions that aren't used anywhere anymore
	This is mainly virLogAddOutputTo* which were replaced by virLogNewOutputTo* and
	the previously poorly named ones virLogParseAndDefine* functions. All of these
	are unnecessary now, since all the original callers were transparently switched
	to the new model of separate parsing and defining logic.

	daemon: Split filter parsing and filter defining
	Similar to outputs, parser should do parsing only, thus the 'define' logic
	is going to be stripped from virLogParseAndDefineFilters by replacing calls to
	this method to virLogSetFilters instead.

	daemon: Split output parsing and output defining
	Since virLogParseAndDefineOutputs is going to be stripped from 'output defining'
	logic, replace all relevant occurrences with virLogSetOutputs call to make the
	change transparent to all original callers (daemons mostly).

	virlog: Introduce virLogSetFilters
	This method will eventually replace virLogParseAndDefineFilters which
	currently does both parsing and defining.

	virlog: Introduce virLogSetOutputs
	This API is the entry point to output modification of the logger. Currently,
	everything is done by virLogParseAndDefineOutputs. Parsing and defining will be
	split into two operations both handled by this method transparently.

	virlog: Introduce virLogParseFilters
	Abstraction added over parsing a single filter. The method parses potentially a
	set of logging filters, while adding each filter logging object to a
	caller-provided array.

	virlog: Introduce virLogParseOutputs
	Another abstraction added on the top of parsing a single logging output. This
	method takes and parses the whole set of outputs, adding each single output
	that has already been parsed into a caller-provided array. If the user-supplied
	string contained duplicate outputs, only the last occurrence is taken into
	account (all the others are removed from the list), so we silently avoid
	duplicate logs.

	virlog: Introduce virLogParseFilter
	Same as for outputs, introduce a new method, that is basically the same as
	virLogParseAndDefineFilter with the difference that it does not define the
	filter. It rather returns a newly created object that needs to be inserted into
	a list and then defined separately.

	virlog: Introduce virLogParseOutput
	Introduce a method to parse an individual logging output. The difference
	compared to the virLogParseAndDefineOutput is that this method does not define
	the output, instead it makes use of the virLogNewOutputTo* methods introduced
	in the previous patch and just returns the virLogOutput object that has to be
	added to a list of object which then can be defined as a whole via
	virLogDefineOutputs. The idea remains still the same - split parsing and
	defining of the logging primitives (outputs, filters).
	Additionally, since virLogNewOutputTo* methods are now finally used,
	ATTRIBUTE_UNUSED can be successfully removed from the methods' definitions,
	since that was just to avoid compiler complaints about unused static functions.

	virlog: Take a special care of syslog when setting new set of log outputs
	Now that we're in the critical section, syslog connection can be re-opened
	by issuing openlog, which is something that cannot be done beforehand, since
	syslog keeps its file descriptor private and changing the tag earlier might
	introduce a log inconsistency if something went wrong with preparing a new set
	of logging outputs in order to replace the existing one.

	virlog: Introduce virLogNewOutputTo* as a replacement for virLogAddOutputTo*
	Continuing with the effort to split output parsing and defining, these new
	functions return a logging object reference instead of defining the output.
	Eventually, these functions will replace the existing ones (virLogAddOutputTo*)
	which will then be dropped.

	virlog: Introduce virLogDefineFilters
	Prepare a method that only defines a set of filters. It takes a list of
	filters, preferably created by virLogParseFilters. The original set of filters
	is reset and replaced by the new user-provided set of filters.

	virlog: Introduce virLogDefineOutputs
	Prepare a method that only defines a set of outputs. It takes a list of
	outputs, preferably created by virLogParseOutputs. The original set of outputs
	is reset and replaced by the new user-provided set of outputs.

	virlog: Introduce virLogFindOutput
	Outputs are a bit trickier than filters, since the user(config)-specified
	set of outputs can contain duplicates. That would lead to logging the same
	message twice. For compatibility reasons, we cannot just error out and forbid
	the daemon to start if we find duplicate outputs which do not make sense.
	Instead, we could silently take into account only the last occurrence of the
	duplicate output and remove all the previous ones, so that the logger will not
	try to use them when it is looping over all of its registered outputs.

	virlog: Introduce virLogFilterNew
	This method allocates a new filter object which it then returns back to caller.

	virlog: Introduce virLogOutputNew
	In order to later split output parsing and output defining, introduce a new
	function which will create a new virLogOutput object which the parser will
	insert into a list with the list being eventually defined.

	virlog: Store the journald fd within the output object
	There is really no reason why we could not keep journald's fd within the
	journald output object the same way as we do for regular file-based outputs.
	By doing this we later won't have to special case the journald-based output
	(due to the fd being globally shared) when replacing the existing set of outputs
	with a new one. Additionally, by making this change, we don't need the
	virLogCloseJournald routine anymore, plain virLogCloseFd will suffice.

	virlog: Rename virLogParse* to virLogParseAndDefine*
	Right now virLogParse* functions are doing both parsing and defining of filters
	and outputs which should be two separate operations. Since the naming is
	apparently a bit poor this patch renames these functions to
	virLogParseAndDefine* which eventually will be replaced by virLogSet*.
	Additionally, virLogParse{Filter,Output} will be later (after the split) reused,
	so that these functions do exactly what the their name suggests.

	virlog: Remove unused macro IS_SPACE
	During first stage of virlog.c refactor, commit 0b231195 forgot to remove the
	macro definition along with its usage.

2016-10-10  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh domdisplay: introduce '--all' for showing all possible graphical displays
	For one VM, it could had more than one graphical display.
	Such as we coud add both vnc and spice display to a VM.

	This patch introduces '--all' for showing all
	possible graphical display of a active VM.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2016-10-07  John Ferlan  <jferlan@redhat.com>

	util: Check/ignore already disabled event
	If the event is already disabled, then don't bother with setting it
	disabled again.  Causes unnecessary error on systems that don't support
	the feature anyway.

	util: Clear up some perf error messages
	Make it clearer that the perf event is based/for the host cpu and
	use the virPerfEventTypeToString to convert the type to a string

2016-10-07  John Ferlan  <jferlan@redhat.com>

	docs: Alter descriptions of perf cpu_cycles
	https://bugzilla.redhat.com/show_bug.cgi?id=1381714

	Alter the descriptions to match what the cpu_cycles actually is

2016-10-07  Daniel P. Berrange  <berrange@redhat.com>

	qemu: fix command line building for iommu devices
	The intel-iommu device has existed since QEMU 2.2.0, but
	it was only possible to create it with -device since
	QEMU 2.7.0, thanks to:

	  commit 621d983a1f9051f4cfc3f402569b46b77d8449fc
	  Author: Marcel Apfelbaum <marcel@redhat.com>
	  Date:   Mon Jun 27 18:38:34 2016 +0300

	    hw/iommu: enable iommu with -device

	    Use the standard '-device intel-iommu' to create the IOMMU device.
	    The legacy '-machine,iommu=on' can still be used.

	The libvirt capability check & command line formatting code
	is thus broken for all QEMU versions 2.2.0 -> 2.6.0 inclusive.

	This fixes it to use iommu=on instead.

2016-10-07  Marko Myllynen  <myllynen@redhat.com>

	docs: Add PCP as monitoring application
	This has been announced on the list:

	https://www.redhat.com/archives/libvir-list/2016-October/msg00187.html

2016-10-06  Erik Skultety  <eskultet@redhat.com>

	private_syms: add virLogFilterListFree to libvirt_private.syms
	Commit 660468b1 forgot to add it, so let's add it now to prevent future linker
	issues.

2016-10-06  Andrea Bolognani  <abologna@redhat.com>

	m4: Drop PKG_PROG_PKG_CONFIG compatibility code
	This was needed for RHEL 4 vintage distributions, which we
	haven't supported for a long time now.

2016-10-06  Martin Kletzander  <mkletzan@redhat.com>

	virt-yajl: Fix detection of yajl requirements
	Running the output of qemu -help doesn't make any sense.  We should be
	looking for libvirt being mentioned in the output.  This worked by
	accident, let's make it work as expected it to.

2016-10-06  Ján Tomko  <jtomko@redhat.com>

	docs/Makefile.am: build hvsupport.html earlier
	This file requires three steps instead of two.
	Move it earlier in the list of targets to avoid waiting for it.

2016-10-06  Ján Tomko  <jtomko@redhat.com>

	docs/Makefile.am: remove redundant variables
	Remove DOC_SOURCE_DIR, introduced by and
	unused since commit b325d74.

	PERL is already detected in configure.ac.

2016-10-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Properly configure backend for UDP chardevs
	Since introduction of chardev hotplug the code was wrong for the UDP
	case and basically created a TCP socket instead. Use proper objects and
	type for UDP.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1377602

2016-10-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Simplify construction of chardev backends

2016-10-06  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjsontest: Do some actual testing in qemuMonitorJSONTestAttachChardev
	Until now the test was rather useless since it didn't check the
	arguments formatted and didn't use properly configured chardev objects.

	Add the expected arguments and instrument the test to validate them.
	Modify some test cases to actually add valid data.

	Note that the UDP test data is currently wrong due to a bug.

2016-10-06  Peter Krempa  <pkrempa@redhat.com>

	tests: qemumonitorjson: Don't do multiple tests in one virTestRun
	The chardev attach test would do all the tests in one virTestRun
	instance. If one sub-test failed then the test would report failure
	improperly and the error would be hard to debug since the error pointer
	was overwritten.

	tests: qemu: Add support for testing aguments on monitor verbatim
	Add code that takes a string and matches it against the data passed as
	arguments from qemu. This is a simpler version of
	qemuMonitorTestAddItemParams.

	conf: Sanitize formatting of UDP chardev source
	Use much simpler logic to determine parts of the code to print.

2016-10-06  John Ferlan  <jferlan@redhat.com>

	conf: Add a formatting macro for all the blkiotune values
	Rather than copy-paste - use a macro

	Unfortunately due to how the RNG schema was written keeping the 'value'
	and 'value'_max next to each other in the XML causes a schema failure,
	so the FORMAT has to write out singly rather than optimizing to write
	out both values at once

2016-10-06  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust how supportMaxOptions is used.
	We're about to add more options, let's avoid having multiple if-then-else
	which each try to set up the qemuMonitorJSONMakeCommand call with all the
	parameters it knows about.

	Instead, use the fact that when a NULL is found in the argument list that
	processing of the remaining arguments stops and just have call.

2016-10-06  John Ferlan  <jferlan@redhat.com>

	qemu: Convert from shorthand to longer throttling names
	We're about to add 6 new options and it appears (from testing) one cannot
	utilize both the shorthand (alias) and (much) longer names for the arguments.
	So modify the command builder to use the longer name and of course alter the
	test output .args to have the similarly innocuous long name.

	Also utilize a macro to build that name makes it so much more visually
	appealing and saves a few characters or potential cut-n-paste issues.

2016-10-06  John Ferlan  <jferlan@redhat.com>

	tests: Add blkdeviotune-max xml2xmltest
	It was missing... Also since I'm using the soft link from qemuxml2xmloutdata
	to the qemuxml2argvdata file, modify the output file to have the necessary
	<address> elements plus the mouse and keyboard.

	include: Update description for <iotune> max params
	The upstream qemu commit 'dce13204' changed the wording just slightly
	to add 'in bursts' essentially.  Just following that model here.

	docs: Fix typo in libvirt-domain.h parameter description
	Change Marco to Macro

2016-10-05  Laine Stump  <laine@laine.org>

	qemu: allow 32 slots on pcie-expander-bus, not just 1
	When I added support for the pcie-expander-bus controller in commit
	bc07251f, I incorrectly thought that it only had a single slot
	available. Actually it has 32 slots, just like the root complex aka
	pcie-root (the part that I *did* get correct is that unlike pcie-root
	a pcie-expander-bus doesn't allow any integrated endpoint devices -
	only pcie-root-ports and dmi-to-pci-controllers are allowed).

2016-10-05  Jiri Denemark  <jdenemar@redhat.com>

	vsh: Fix warnings in command line completer
	GCC complained that

	vsh.c: In function 'vshReadlineOptionsGenerator':
	vsh.c:2622:29: warning: unused variable 'opt' [-Wunused-variable]
	         const vshCmdOptDef *opt = &cmd->opts[list_index];
	                             ^
	vsh.c: In function 'vshReadlineParse':
	vsh.c:2830:44: warning: 'opt' may be used uninitialized in this function
	[-Wmaybe-uninitialized]
	             completed_list = opt->completer(autoCompleteOpaque,

2016-10-05  John Ferlan  <jferlan@redhat.com>

	qemu: Create helper qemuMonitorJSONGetBlockDevDevice
	This will fetch "this device" from the recently returned 'dev' and perform
	common error checking for the paths that call it.

	qemu: Create helper qemuMonitorJSONGetBlockDev
	This will grab the 'dev' from devices and do the common validation checks.

2016-10-05  John Ferlan  <jferlan@redhat.com>

	qemu: Create common code for JSON "query-block" call
	Reduce some cut-n-paste code by creating common helper. Make use of the
	recently added virJSONValueObjectStealArray to grab the devices list as
	part of the common code (we we can Free the reply) and return devices for
	each of the callers to continue to parse.

	NB: This also adds error checking to qemuMonitorJSONDiskNameLookup

2016-10-05  John Ferlan  <jferlan@redhat.com>

	util: Introduce virJSONValueObjectStealArray
	Provide the Steal API for any code paths that will desire to grab the
	object array and then free it afterwards rather than relying to freeing
	the whole chain from the reply.

	rbd: Move the encryption check in build
	No sense opening a connection only to fail because we don't support the
	type of build being attempted.

	rbd: Change to using heap allocated state contexts
	Rather than use stack allocated state context pointers, let's allocate and
	free the state context pointer.  In doing so, we'll shrink the code a bit
	since many routines perform the same initialization sequence.

2016-10-05  John Ferlan  <jferlan@redhat.com>

	rbd: Change virStorageBackendRBDCloseRADOSConn to be static void
	Since none of the callers check the status, let's just alter it to
	a static void.

	While we're at it - scrap the local runtime variable and just do the
	math in the VIR_DEBUG directly.

2016-10-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Allow making vcpus hotpluggable with virDomainSetVcpusFlags
	Implement support for VIR_DOMAIN_VCPU_HOTPLUGGABLE so that users can
	choose to make vcpus added by the API removable.

	lib: Introduce VIR_DOMAIN_VCPU_HOTPLUGGABLE for virDomainSetVcpusFlags
	For compatibility reasons virDomainSetVcpus needs to add vcpus as non
	hotpluggable which means that the users will not be able to unplug it
	after the VM has started. Add a flag that will allow to tell the API
	that the unpluggable vcpus are okay.

2016-10-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: attach: Close monitor socket on connection failure
	If attaching to a qemu process fails after opening the monitor socket
	libvirt does not clean up the monitor. As the monitor also holds a
	reference to the domain object the qemu attach API basically leaks it.

	QEMU also does not interact on a second monitor connection and thus a
	further attempt to attach to it would lock up.

	Prevent libvirt from leaking the monitor by explicitly closing it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1378401

2016-10-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't strictly require JSON monitor for vCPU detection
	Attaching to a existing qemu process allows to get us into a situation
	when qemu is new enough to have JSON monitor and new vCPU hotplug but
	the json monitor is not used. The vCPU detection code would require it
	though. This broke attaching to qemu processes.

	Make the condition less strict and just skip the vCPU hotplug detection
	if JSON monitor is not available.

	Resolves one of the symptoms in:
	https://bugzilla.redhat.com/show_bug.cgi?id=1378401

2016-10-05  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Don't drop expired lease while reading custom leases file
	Libvirt, on its own, shouldn't decide whether an expired lease should
	stay in the custom leases database or not. It should rather rely on
	the 'DEL' event from dnsmasq.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2016-10-05  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	NSS: Add explicit check to not report expired lease
	The NSS module shouldn't rely on custom leases database to not have
	entries for leases which have expired.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2016-10-04  John Ferlan  <jferlan@redhat.com>

	remote: Increase bound limit for virDomainGetBlockIoTune
	We are about to add 6 new values to fetch. This will put us over the
	current limit of 16 (we're at 13 now).

	Once there are more than 16 parameters, this will affect existing clients
	that attempt to fetch blockiotune config values for the domain from the
	remote host since the server side has no mechanism to determine whether
	the capability for the emulator exists and thus would attempt to return
	all known values from the persistentDef. If attempting to fetch the
	blockiotune values from a running domain, the code will check the emulator
	capabilities and set maxparams (in qemuDomainGetBlockIoTune) appropriately.

	On the client side of the remote connection, it uses this constant in
	xdr_remote_domain_get_block_io_tune_ret and virTypedParamsDeserialize
	calls, so if a remote server returns more than 16 parameters, then the
	client will fail with "Unable to decode message payload".

2016-10-04  John Ferlan  <jferlan@redhat.com>

	remote: Fix erroneous usage of constant
	The REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX was erroneously used in the
	remoteDomainBlockStatsFlags and remoteDomainGetBlockIoTune calls. Change
	the constant to be the right one.

	Fortunately, all 3 are defined as 16.

2016-10-04  John Ferlan  <jferlan@redhat.com>

	Post-release version bump to 2.4.0

2016-10-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-2.3.0
	* docs/news.html.in: updated for release
	* po/*.po*: regenerated

2016-10-04  Michal Privoznik  <mprivozn@redhat.com>

	Revert "conf: Skip post parse callbacks when creating copy"
	This breaks vCPU hotplug, because when starting a domain, we
	create a copy of domain definition (which becomes live XML) and
	during the post parse callbacks we might adjust some tunings so
	that vCPU hotplug is possible.

	This reverts commit 581b7756af18dcf84b57d9947978725d2dfbfc18.

2016-10-04  Michal Privoznik  <mprivozn@redhat.com>

	Revert "domain_conf: Introduce VIR_DOMAIN_DEF_PARSE_SKIP_POST_PARSE"
	This breaks vCPU hotplug, because when starting a domain, we
	create a copy of domain definition (which becomes live XML) and
	during the post parse callbacks we might adjust some tunings so
	that vCPU hotplug is possible.

	This reverts commit c0f90799bc7fa4b690ead6a592806378a243873c.

2016-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: vcpu: Clear vcpu order information rather than making it invalid
	Certain operations may make the vcpu order information invalid. Since
	the order is primarily used to ensure migration compatibility and has
	basically no other user benefits, clear the order prior to certain
	operations and document that it may be cleared.

	All the operations that would clear the order can still be properly
	executed by defining a new domain configuration rather than using the
	helper APIs.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1370357

2016-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix coldplug of vcpus
	virDomainDefSetVcpus was not designed to handle coldplug of vcpus now
	that we can set state of vcpus individually.

	Introduce qemuDomainSetVcpusConfig that properly handles state changes
	of vcpus when coldplugging so that invalid configurations are not
	created.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1375939

2016-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Enforce 'vcpu' order range to <1,maxvcpus>
	The current code that validates duplicate vcpu order would not work
	properly if the order would exceed def->maxvcpus. Limit the order to the
	interval described.

	qemu: process: Don't use shifted indexes for vcpu order verification
	Allocate a one larger bitmap rather than shifting the indexes back to
	zero.

2016-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Fix off-by-one in vcpu order duplicate error message
	The bitmap indexes for the order duplicate check are shifted to 0 since
	vcpu order 0 is not allowed. The error message doesn't need such
	treating though.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1370360

2016-09-29  Laine Stump  <laine@laine.org>

	docs: correct version requirements for <kvm><hidden='on'/></kvm>
	When support was added for the kvm hidden='on' attribute in commit
	d07116, the version requirement was listed as "2.1.0 (QEMU
	only)". However, this was added when libvirt was at version 1.2.8 - it
	is *QEMU* that must be at version 2.1.0 or later.

	This went unnoticed for a very long time (over 2 years). Then a week
	or two ago a new Windows convert in the #virt channel on OFTC was told
	he needed to use this feature (to prevent nvidia drivers in a guest
	from refusing to work due to being run in a virtual machine). There
	was some problem with it being recognized and "someone" (it may have
	been me, or may have been someone else, I don't remember) pointed out
	that the documentation at

	  http://www.libvirt.org/formatdomain.html

	says that it requires libvirt 2.1.0. The next several days were filled
	with agony as a new convert to Linux first tried to upgrade a Linux
	Mint host running their "LTS" version to something newer, then tried
	to install a libvirt build built for Ubuntu onto this, and later back
	to the old LTS Linux Mint. After this he tried building his own
	libvirt from source (with all the expected problems), and finally
	switched to Fedora. In the end it was hours and hours of everybody's
	lives that they will never get back. To now learn that he didn't need
	to do this (his original libvirt version was 1.3.3, so whatever his
	problem was, it was elsewhere) makes the pain all that much worse.

	To prevent this from happening again, this simple patch changes the
	version requirement for the kvm hidden attribute from "2.1.0 (QEMU
	only)" to "1.2.8 (QEMU 2.1.0)".

2016-09-29  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Properly init io_timeout
	https://bugzilla.redhat.com/show_bug.cgi?id=1292984

	Hold on to your hats, because this is gonna be wild.

	In bd3e16a3 I've tried to expose sanlock io_timeout. What I had
	not realized (because there is like no documentation for sanlock
	at all) was very unusual way their APIs work. Basically, what we
	do currently is:

	    sanlock_add_lockspace_timeout(&ls, io_timeout);

	which adds a lockspace to sanlock daemon. One would expect that
	io_timeout sets the io_timeout for it. Nah! That's where you are
	completely off the tracks. It sets timeout for next lockspace you
	will probably add later. Therefore:

	   sanlock_add_lockspace_timeout(&ls, io_timeout = 10);
	   /* adds new lockspace with default io_timeout */

	   sanlock_add_lockspace_timeout(&ls, io_timeout = 20);
	   /* adds new lockspace with io_timeout = 10 */

	   sanlock_add_lockspace_timeout(&ls, io_timeout = 40);
	   /* adds new lockspace with io_timeout = 20 */

	And so on. You get the picture.
	Fortunately, we don't allow setting io_timeout per domain or per
	domain disk. So we just need to set the default used in the very
	first step and hope for the best (as all the io_timeout-s used
	later will have the same value).

2016-09-29  Michal Privoznik  <mprivozn@redhat.com>

	m4: Check for sanlock_write_lockspace
	Currently, we are checking for sanlock_add_lockspace_timeout
	which is good for now. But in a subsequent patch we are going to
	use sanlock_write_lockspace (which sets an initial value for io
	timeout for sanlock). Now, there is no reason to check for both
	functions in sanlock library as the sanlock_write_lockspace was
	introduced in 2.7 release and the one we are currently checking
	for in the 2.5 release. Therefore it is safe to assume presence
	of sanlock_add_lockspace_timeout when sanlock_write_lockspace
	is detected.

	Moreover, the macro for conditional compilation is renamed to
	HAVE_SANLOCK_IO_TIMEOUT (as it now encapsulates two functions).

2016-09-29  Michal Privoznik  <mprivozn@redhat.com>

	lock_driver_sanlock: Avoid global driver variable whenever possible
	Global variables are bad, we should avoid using them.

2016-09-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Only use memory-backend-file with NUMA if needed
	If this reminds you of a commit message from around a year ago, it's
	41c2aa729f0af084ede95ee9a06219a2dd5fb5df and yes, we're dealing with
	"the same thing" again.  Or f309db1f4d51009bad0d32e12efc75530b66836b and
	it's similar.

	There is a logic in place that if there is no real need for
	memory-backend-file, qemuBuildMemoryBackendStr() returns 0.  However
	that wasn't the case with hugepage backing.  The reason for that was
	that we abused the 'pagesize' variable for storing that information, but
	we should rather have a separate one that specifies whether we really
	need the new object for hugepage backing.  And that variable should be
	set only if this particular NUMA cell needs special treatment WRT
	hugepages.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153

2016-09-29  John Ferlan  <jferlan@redhat.com>

	vsh: Write out history on "quit" or "exit" in interactive mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1379895

	Introduced by commit id '834c5720'.

	During the code motion and creation of vsh.c, the function 'vshDeinit()'
	in the (new) vsh.c was altered from whence it came in virsh.c such that
	calling 'vshReadlineDeinit(ctl)' was conditional on "ctl->imode".

	This causes a problem for the interactive running if the "quit" and "exit"
	commands are used because 'cmdQuit' will clear ctl->imode, thus when the
	interactive loop in main() of virsh.c exits because ctl->mode is clear and
	virshDeinit is called which calls vshDeinit, the history file is now not
	written. Conversely, if one had exited the interactive loop via pressing
	<ctrl>D the file would be created because loop control is broken on EOF
	and ctl->imode is not set to false.

	This patch will remove the conditional call to vshReadlineDeinit and
	restore the former behaviour.

2016-09-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: chase cpuCompareXML rename
	In commit 7f127de cpuCompareXML was renamed to virCPUCompareXML,
	so change the bhyve driver to use the new function and thus
	fix the build.

2016-09-28  Jim Fehlig  <jfehlig@suse.com>

	doc: fix note about Xen credit scheduler
	Commit 6c504d6a added a note to the virsh man page about the
	deprecation of 'cap' and 'weight' settings for the credit
	scheduler. To this day, the default scheduler in Xen is credit
	and it supports setting 'cap' and 'weight'. Remove the deprecation
	notice from the note on the Xen credit scheduler.

	Reported-by: Volo M. <vm@vovs.net>

2016-09-28  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix param assignment in domainGetSchedulerParameters
	Due to a copy and paste error, the scheduler 'cap' parameter
	was over-writing the 'weight' parameter when preparing the
	return parameters in libxlDomainGetSchedulerParametersFlags.
	As a result, the scheduler weight was never shown when getting
	schedinfo and setting the weight failed as well

	virsh  schedinfo testvm
	Scheduler      : credit
	cap            : 0

	virsh  schedinfo testvm --cap 50 --weight 500
	Scheduler      : credit
	error: invalid scheduler option: weight

	The obvious fix is to assign the 'caps' parameter to the correct
	item in the parameter list.

	Reported-by: Volo M. <vm@vovs.net>

2016-09-27  Joao Martins  <joao.m.martins@oracle.com>

	xlconfigtest: add test for channel conversion
	Acked-by: Jim Fehlig <jfehlig@suse.com>

2016-09-27  Joao Martins  <joao.m.martins@oracle.com>

	xenconfig: channels conversion support
	Add support for formating/parsing libxl channels.

	Syntax on xen libxl goes as following:
	channel=["connection=pty|socket,path=/path/to/socket,name=XXX",...]

	Acked-by: Jim Fehlig <jfehlig@suse.com>

2016-09-27  Joao Martins  <joao.m.martins@oracle.com>

	libxl: channels support
	And allow libxl to handle channel element which creates a Xen
	console visible to the guest as a low-bandwitdh communication
	channel. If type is PTY we also fetch the tty after boot using
	libxl_channel_getinfo to fetch the tty path. On socket case,
	we autogenerate a path if not specified in the XML. Path autogenerated
	is slightly different from qemu driver: qemu stores also on
	"channels/target" but it creates then a directory per domain with
	each channel target name. libxl doesn't appear to have a clear
	definition of private files associated with each domain, so for
	simplicity we do it slightly different. On qemu each autogenerated
	channel goes like:

	channels/target/<domain-name>/<target name>

	Whereas for libxl:

	channels/target/<domain-name>-<target name>

	Should note that if path is not specified it won't persist,
	existing only on live XML, unless user had initially specified it.
	Since support for libxl channels only came on Xen >= 4.5 we therefore
	need to conditionally compile it with LIBXL_HAVE_DEVICE_CHANNEL.

	After this patch and having a qemu guest agent:
	 $ cat domain.xml | grep -a1 channel | head -n 5 | tail -n 4
	 <channel type='unix'>
	   <source mode='bind' path='/tmp/channel'/>
	   <target type='xen' name='org.qemu.guest_agent.0'/>
	 </channel>

	 $ virsh create domain.xml
	 $ echo '{"execute":"guest-network-get-interfaces"}' | socat
	 stdio,ignoreeof  unix-connect:/tmp/channel

	 {"execute":"guest-network-get-interfaces"}
	 {"return": [{"name": "lo", "ip-addresses": [{"ip-address-type": "ipv4",
	 "ip-address": "127.0.0.1", "prefix": 8}, {"ip-address-type": "ipv6",
	 "ip-address": "::1", "prefix": 128}], "hardware-address":
	 "00:00:00:00:00:00"}, {"name": "eth0", "ip-addresses":
	 [{"ip-address-type": "ipv4", "ip-address": "10.100.0.6", "prefix": 24},
	 {"ip-address-type": "ipv6", "ip-address": "fe80::216:3eff:fe40:88eb",
	 "prefix": 64}], "hardware-address": "00:16:3e:40:88:eb"}, {"name":
	 "sit0"}]}

2016-09-27  Joao Martins  <joao.m.martins@oracle.com>

	conf: add xen type for channels
	So far only guestfwd and virtio were supported. Add an additional
	for Xen as libxl channels create a Xen console visible to the guest.

2016-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix crash in qemucapsprobe
	The qemucapsprobe helper calls virQEMUCapsNewForBinaryInternal with
	caps == NULL, causing the following crash:

	    Program received signal SIGSEGV, Segmentation fault.
	    #0  0x00007ffff788775f in virQEMUCapsInitHostCPUModel
	        (qemuCaps=qemuCaps@entry=0x649680, host=host@entry=0x10) at
	        src/qemu/qemu_capabilities.c:2969
	    #1  0x00007ffff7889dbf in virQEMUCapsNewForBinaryInternal
	        (caps=caps@entry=0x0, binary=<optimized out>,
	        libDir=libDir@entry=0x4033f6 "/tmp", cacheDir=cacheDir@entry=0x0,
	        runUid=runUid@entry=4294967295, runGid=runGid@entry=4294967295,
	        qmpOnly=true) at src/qemu/qemu_capabilities.c:4039
	    #2  0x0000000000401702 in main (argc=2, argv=0x7fffffffd968) at
	        tests/qemucapsprobe.c:73

	Caused by v2.2.0-182-g68c7011.

2016-09-27  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUpdateDeviceConfig: Allow full disk update
	https://bugzilla.redhat.com/show_bug.cgi?id=1368417

	So far, when it comes to 'virsh update-device --config' of disks
	we are limiting ourselves for just the disk source update and
	just for CDROMs and floppies. This makes no sense. Especially if
	you look around and see that we already allow full update to
	graphics and net devices. So let's just take whatever XML user
	wants to have there and replace our internal definition with it.

2016-09-27  Jim Fehlig  <jfehlig@suse.com>

	libxl: find virDomainObj in libxlDomainShutdownThread
	libxl events are delivered to libvirt via the libxlDomainEventHandler
	callback registered with libxl. Documenation in
	$xensrc/tools/libxl/libxl_event.h states that the callback "may occur
	on any thread in which the application calls libxl". This can result
	in deadlock since many of the libvirt callees of libxl hold a lock on
	the virDomainObj they are working on. When the callback is invoked, it
	attempts to find a virDomainObj corresponding to the domain ID provided
	by libxl. Searching the domain obj list results in locking each obj
	before checking if it is active, and its ID equals the requested ID.
	Deadlock is possible when attempting to lock an obj that is already
	locked further up the call stack. Indeed, Max Ustermann reported an
	instance of this deadlock

	https://www.redhat.com/archives/libvir-list/2015-November/msg00130.html

	Guido Rossmueller also recently stumbled across it

	https://www.redhat.com/archives/libvir-list/2016-September/msg00287.html

	Fix the deadlock by moving the lookup of virDomainObj to the
	libxlDomainShutdownThread. After this patch, libxl events are
	enqueued on the libvirt side and processed by dedicated thread,
	avoiding the described deadlock.

	Reported-by: Max Ustermann <ustermann78@web.de>
	Reported-by: Guido Rossmueller <Guido.Rossmueller@gdata.de>

2016-09-27  Jiri Denemark  <jdenemar@redhat.com>

	mingw: Package cputypes.rng for mingw32 too

	mingw: Package cputypes.rng

	spec: Package cputypes.rng

2016-09-27  Daniel P. Berrange  <berrange@redhat.com>

	qemu: make qemuGetCompressionProgram return int not an enum
	enum types are unsigned and the qemuGetCompressionProgram
	function can return -1 on error. It is therefore inappropriate
	to return an enum type. This fixes a build error where the
	internal 'ret' variable was used in a comparison with -1

	../../src/qemu/qemu_driver.c: In function 'qemuGetCompressionProgram':
	../../src/qemu/qemu_driver.c:3280:5: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
	../../src/qemu/qemu_driver.c:3289:5: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
	cc1: all warnings being treated as errors

2016-09-27  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Fix coding style issues.

2016-09-26  Michal Privoznik  <mprivozn@redhat.com>

	conf: Skip post parse callbacks when creating copy
	When creating a copy of virDomainDef we save ourselves the
	trouble of writing deep-copy functions and just format and parse
	back domain/device XML. However, the XML we are parsing was
	already fully formatted - there is no reason to run post parse
	callbacks (which fill in blanks - there are none!).

	domain_conf: Introduce VIR_DOMAIN_DEF_PARSE_SKIP_POST_PARSE
	This is an internal flag that prevents our two entry points to
	XML parsing (virDomainDefParse and virDomainDeviceDefParse) from
	running post parse callbacks. This is expected to be used in
	cases when we already have full domain/device XML and we are just
	parsing it back (i.e. virDomainDefCopy or virDomainDeviceDefCopy)

	qemuDomainDefAssignAddresses: Fetch caps from domain object
	Just like we did two commits ago, don't try to fetch capabilities
	for non-existing binary. Re-use the ones we have for running
	domain.

	qemuDomainDeviceDefPostParse: Fetch caps from domain object
	Just like we did two commits ago, don't try to fetch capabilities
	for non-existing binary. Re-use the ones we have for running
	domain.

	qemuDomainDefPostParse: Fetch qemuCaps from domain object
	We can't rely on def->emulator path. It may be provided by user
	as we give them opportunity to provide their own XML for
	migration. Therefore the path may point to just whatever binary
	(or even to a non-existent file). Moreover, this path is meant
	for destination, but the capabilities lookup is done on source.
	What we can do is to assume same capabilities for post parse
	callbacks as the running domain has. They will be used just to
	add some default models/controllers/devices/... anyway.

	conf: Extend virDomainDefAssignAddressesCallback for parseOpaque

	conf: Extend virDomainDeviceDefPostParse for parseOpaque
	Just like virDomainDefPostParseCallback has gained new
	parseOpaque argument, we need to follow the logic with
	virDomainDeviceDefPostParse.

	virDomainDefCopy: Introduce @parseOpaque argument
	We want to pass the proper opaque pointer instead of NULL to
	virDomainDefParseString.

	virDomainDefParse{File,String}: Introduce @parseOpaque argument
	We want to pass the proper opaque pointer instead of NULL to
	virDomainDefParse and subsequently virDomainDefParseNode too.

	virDomainDefParseNode: Introduce @parseOpaque argument
	We want to pass the proper opaque pointer instead of NULL to
	virDomainDefParseXML and subsequently virDomainDefPostParse too.

	virDomainDefPostParse: Introduce @parseOpaque argument
	Some callers might want to pass yet another pointer to opaque
	data to post parse callbacks. The driver generic one is not
	enough because two threads executing post parse callback might
	want to see different data (e.g. domain object pointer that
	domain def belongs to).

2016-09-26  Chen Hanxiao  <chenhanxiao@gmail.com>

	storage_backend_rbd: remove unnessary translated message marker
	Remove unnessary translated message marker _()
	for the VIR_WARN messages.

2016-09-26  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Fix various code comment typos

2016-09-26  John Ferlan  <jferlan@redhat.com>

	qemu: Get/return compressedpath program
	Based upon a patch from Chen Hanxiao <chenhanxiao@gmail.com>, rather than
	need to call virFindFileInPath twice, let's just save the path and pass it
	along with the compressed type. (NB: the second call would be in virExec as
	called from virCommandRunAsync which is called from qemuMigrationToFile
	using the argument 'compressor' which up to this point would be the string
	from the cfg file that isn't the fully qualified path).

	Since we now have the path, we can remove qemuCompressProgramName which
	would return NULL or the string representation of the compress type.

2016-09-26  John Ferlan  <jferlan@redhat.com>

	qemu: Remove qemuCompressProgramAvailable
	There's only one caller and the code is duplicitous just converting the
	recently converted cfg image name back into it's string value in order to
	get/find the path to the image.  A subsequent patch can return this path.

2016-09-26  John Ferlan  <jferlan@redhat.com>

	qemu: Use qemuGetCompressionProgram for error paths
	Let's do some more code reuse - there are 3 other callers that care to
	check/get the compress program. Each of those though cares whether the
	requested cfg image is valid and exists. So, add a parameter to handle
	those cases.

	NB: We won't need to initialize the returned value in the case where
	the cfg image doesn't exist since the called program will handle that.

2016-09-26  John Ferlan  <jferlan@redhat.com>

	qemu: Alter qemuGetCompressionProgram warning message
	Add a new parameter 'styleFormat' to be used when printing the
	warning message so that it's "clearer" what style of compression
	call caused the error. Add that style to both messages as a paremter.

	Also a VIR_WARN error message doesn't need to be translated
	 (e.g. inside _()), so remove the need for the translation.

2016-09-26  John Ferlan  <jferlan@redhat.com>

	qemu: Remove getCompressionType
	There's only one caller now anyway... Besides it's just a shell for
	getting the compress type.  Subsequent patches will return the path
	to the compression program.

	qemu: Introduce helper qemuGetCompressionProgram
	Split out the guts of getCompressionType to perform the same functionality
	in the new helper program with a subsequent patch goal to be reusable for
	other callers making similar checks/calls to ensure the compression type
	is valid and that the compression program cannot be found.

	qemu: Adjust doCoreDump to call getCompressionType
	Rather than calling getCompressionType from each of the callers, just call
	it from doCoreDump.  A subsequent patch will be adjust the code even more.

	qemu: Move getCompressionType
	A subsequent patch will adjust the 3 callers to just call from doCoreDump.

2016-09-26  Cédric Bosdonnat  <cbosdonnat@suse.com>

	apparmor: move qemu-bridge-helper to libvirtd profile
	qemu-bridge-helper is only called from libvirtd, it has to be moved
	from the qemu domain abstraction to the usr.sbin.libvirtd profile.

2016-09-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: increase usbdevice list only when finding such an input device
	If passing an empty usbdevice_list to libxl, qemu will always get an
	-usb parameter for HVM guests with only non-USB input devices. This
	causes qemu to crash when passing pvusb device on HVM guests.

	The solution is to allocate the list only when an item to put in it
	is found.

2016-09-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildHostNetStr: Realign

2016-09-23  Pavel Hrdina  <phrdina@redhat.com>

	qemuhelptest: regenerate data for qemu-kvm-1.2.0

	qemuhelptest: regenerate data for qemu-kvm-0.13.0

	qemuhelptest: regenerate data for qemu-kvm-0.12.3

	qemuhelptest: regenerate data for qemu-1.2.0
	This patch also removes device data for qemu-1.2.0 as it was removed for
	qemu-kvm-1.2.0 by commit ae3e29e6e.  They are not required because we
	parse only version from help output and return with error that this qemu
	is too new to use help parsing.

	qemuhelptest: regenerate data for qemu-1.1.0

	qemuhelptest: regenerate data for qemu-1.0

	qemuhelptest: regenerate data for qemu-0.12.1

	qemuhelptest: remove downstream test data

2016-09-22  John Ferlan  <jferlan@redhat.com>

	qemu: Fix improper indention
	Commit id 'ce61c164' indented wrong - not sure how I did that...

2016-09-22  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Fix Multiple Typos

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	Move CMT feature filtering to QEMU driver
	It really doesn't belong to the generic CPU driver.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update guest CPU def in live XML
	Storing the updated CPU definition in the live domain definition saves
	us from having to update it over and over when we need it. Not to
	mention that we will soon further update the CPU definition according to
	QEMU once it's started.

	A highly wanted side effect of this patch, libvirt will pass all CPU
	features explicitly specified in domain XML to QEMU, even those that are
	already included in the host model.

	This patch should fix the following bugs:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1207095
	    https://bugzilla.redhat.com/show_bug.cgi?id=1339680
	    https://bugzilla.redhat.com/show_bug.cgi?id=1371039
	    https://bugzilla.redhat.com/show_bug.cgi?id=1373849
	    https://bugzilla.redhat.com/show_bug.cgi?id=1375524
	    https://bugzilla.redhat.com/show_bug.cgi?id=1377913

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Rework cpuCompare* APIs
	Both cpuCompare* APIs are renamed to virCPUCompare*. And they should now
	work for any guest CPU definition, i.e., even for host-passthrough
	(trivial) and host-model CPUs. The implementation in x86 driver is
	enhanced to provide a hint about -noTSX Broadwell and Haswell models
	when appropriate.

	cpu: Document missing parameters for cpuCompare*

	cpu: Introduce virCPUCheckFeature
	The function is similar to virCPUDataCheckFeature, but it works directly
	on CPU definition rather than requiring it to be transformed into CPU
	data first.

	cpu: Rework virCPUDataCheckFeature
	To match our coding style and to provide better debug and error
	messages.

	cpu: Rename cpuHasFeature to virCPUDataCheckFeature

	cpu: Introduce virCPUTranslate
	The API is supposed to make sure the provided CPU definition does not
	use a CPU model which is not supported by the hypervisor (if at all
	possible, of course).

	cpu: Set nfeatures_max correctly in x86Decode
	Keeping nfeatures_max set to 0 while nfeatures > 0 and some features are
	already stored in features array is just asking for problems once we
	want to add a new feature into the array.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Rework cpuUpdate
	The reworked API is now called virCPUUpdate and it should change the
	provided CPU definition into a one which can be consumed by the QEMU
	command line builder:

	    - host-passthrough remains unchanged
	    - host-model is turned into custom CPU with a model and features
	      copied from host
	    - custom CPU with minimum match is converted similarly to host-model
	    - optional features are updated according to host's CPU

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add x86FeatureInData
	The function checks CPUID data for a given feature.

	cpu: Report error for unknown features in x86HasFeature

	cpu: Make x86ModelFromCPU a bit smarter
	x86ModelFromCPU is used to provide CPUID data for features matching
	@policy. This patch allows callers to set @policy to -1 to get combined
	CPUID for all CPU features (including those implicitly provided a CPU
	model) specified in CPU def.

	cpu: Make x86ModelFromCPU easier to read

	qemu: Introduce virQEMUCapsIsCPUModeSupported

	qemu: Introduce virQEMUCapsGetHostModel

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	Show host model in domain capabilities
	The domain capabilities XML is capable of showing whether each guest CPU
	mode is supported or not with a possibility to provide additional
	details. This patch enhances host-model capability to advertise the
	exact CPU model which will be used as a host-model:

	    <cpu>
	        ...
	        <mode name='host-model' supported='yes'>
	            <model fallback='allow'>Broadwell</model>
	            <vendor>Intel</vendor>
	            <feature policy='disable' name='aes'/>
	            <feature policy='require' name='vmx'/>
	        </mode>
	        ...
	    </cpu>

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Drop false support for ARM cpu-model
	The ARM CPU driver wrongly reported host CPU model as "host", which made
	host-model to be just an alias for host-passthrough. Let's drop this
	insanity.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Store host-model CPU in qemu capabilities
	Host capabilities provide libvirt's view of the host CPU, but for a
	useful support for host-model CPUs we really need a hypervisor's view of
	the CPU. And since the view can be differ with emulator, qemu
	capabilities is the best place to store the host CPU model.

	This patch just copies the CPU model from host capabilities, but this
	will change in the future.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	conf: Introduce virCPUDefCopyModelFilter
	The function filters all CPU features through a given callback while
	copying CPU model related parts of a CPU definition.

	conf: Introduce virCPUDefStealModel
	The function moves CPU model related parts from one CPU definition to
	another. It can be used to avoid unnecessary copies from a temporary CPU
	definitions which will be freed anyway.

	conf: Introduce virCPUDefCopyWithoutModel
	Useful for copying a CPU definition without model related parts (i.e.,
	without model name, feature list, vendor).

	qemu: Propagate virCapsPtr to virQEMUCapsNewForBinaryInternal

	schema: Separate CPU related definitions into cputypes.rng

	domcaps: Add CPU usable flag
	In case a hypervisor is able to tell us a list of supported CPU models
	and whether each CPU models can be used on the current host, we can
	propagate this to domain capabilities. This is a better alternative
	to calling virConnectCompareCPU for each supported CPU model.

	domcaps: Show only CPU models supported by libvirt
	Listing all CPU models supported by QEMU in domain capabilities makes
	little sense when libvirt will refuse any model it doesn't know about.

	cpu: Don't overwrite errors in cpuGetModels
	cpuGetSubDriver already reports a useful error.

	cpu: Special case models == NULL in cpuGetModels
	Some CPU drivers (such as arm) do not provide list of CPUs libvirt
	supports and just pass any CPU model from domain XML directly to QEMU.
	Such driver need to return models == NULL and success from cpuGetModels.

	qemu: Fill in CPU domain capabilities

	qemu: Introduce virQEMUCapsGuestIsNative
	To have a single place where we decide whether a guest can run natively
	on a host.

	qemuxml2argvtest: Reorder CPU features
	The x86 CPU driver translated each CPU definition from domain XML into
	CPUID data and then back to CPU definition. This effectively sorted the
	list of CPU features according to their CPUID values. Since this is
	going to change, we need to reorder CPU features in a few test files to
	make sure the generated QEMU command lines will not change.

	qemuxml2argvtest: Set correct architecture for KVM guests
	Testing PPC64/AArch64 KVM domains on x86_64 host only works because we
	have a lot of bugs in our code. Since this series is going to fix them,
	we need to make sure the host architecture matches guest for KVM
	domains.

	qemuxml2argvtest: Properly setup CPU models in qemuCaps
	Adding x86 CPU models into a list of supported CPUs for non-x86
	architectures is not a very good idea. Each architecture we test needs
	to maintain its own list of supported CPU models.

	qemu: Separate guest CPU validation from command line creation
	qemu_command.c should deal with translating our domain definition into a
	QEMU command line and nothing else.

	testutilsqemu: Add default CPU for PPC64 architectures

	testutilsqemu: Helpers for changing host CPU and arch
	Changing a host architecture or a CPU is not as easy as assigning a new
	value to the appropriate element in virCaps since there is a relation
	between the CPU and host architecture (we don't really want to test
	anything on an AArch64 host with core2duo CPU). This patch introduces
	qemuTestSetHostArch and qemuTestSetHostCPU helpers which will make sure
	the host architecture matches the host CPU.

	qemuxml2argvtest: Properly initialize qemuCaps->arch
	qemuCaps->arch should match the guest architecture from domain XML.

	qemuxml2argvtest: Update qemuCaps after parsing domain XML
	Some parts of qemuCaps depend on guest architecture, machine type, and
	possibly other things that we know only once the domain XML has been
	parsed. Let's move all these updates into a dedicated function.

	qemuxml2argvtest: Reorder functions
	testCompareXMLToArgv will soon need to call a few function which are
	defined further in the code. Let's move them up a bit.

	qemuxml2argvtest: Get rid of testCompareXMLToArgvHelper

	qemuxml2argvtest: Rename "out" labels as "cleanup"

	qemuxml2argvtest: Rename extraFlags as qemuCaps

	qemu: Use virDomainCapsCPUModels for cpuDefinitions
	The list of supported CPU models in domain capabilities is stored in
	virDomainCapsCPUModels. Let's use the same object for storing CPU models
	in QEMU capabilities.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	domcaps: Add support for listing supported CPU models
	The patch adds <cpu> element to domain capabilities XML:

	    <cpu>
	        <mode name='host-passthrough' supported='yes'/>
	        <mode name='host-model' supported='yes'/>
	        <mode name='custom' supported='yes'>
	            <model>Broadwell</model>
	            <model>Broadwell-noTSX</model>
	            ...
	        </mode>
	    </cpu>

	Applications can use it to inspect what CPU configuration modes are
	supported for a specific combination of domain type, emulator binary,
	guest architecture and machine type.

2016-09-22  Jiri Denemark  <jdenemar@redhat.com>

	cpuGetModels: Switch to virArch
	Our internal APIs mostly use virArch rather than strings. Switching
	cpuGetModels to virArch will save us from unnecessary conversions in the
	future.

2016-09-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: support VIR_MIGRATE_PERSIST_DEST migration flag
	By default, virt-manager (and likely other libvirt-based apps) sets
	the VIR_MIGRATE_PERSIST_DEST flag when invoking the migrate API, which
	fails in a Xen setup since the libxl driver does not support the flag.

	Persisting a domain is a trivial task in the grand scheme of migration,
	so be nice to libvirt apps and add support for VIR_MIGRATE_PERSIST_DEST
	in the libxl driver.

2016-09-21  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: move graphics validation into separate function

2016-09-21  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_process: show shutoff reasons when debug log disabled
	We have a few of senarios that libvirtd would invoke qemuProcessStop
	and leave a "shutting down" in /var/log/libvirt/qemu/$DOMAIN.log.

	The shutoff reason showing in debug log is also very important
	for us to know why VM shutting down in domain log,
	as we seldom enable debug log of libvirtd.

2016-09-21  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	libvirt-nodedev.c:fix a typo

	libvirt-admin.c:fix a typo

	driver.c:fix a typo

	domain_conf.c:fix the comment.

	domain_conf.c:fix a typo

	domain_conf.c:fix a typo

2016-09-21  Michal Privoznik  <mprivozn@redhat.com>

	migration: Document we don't copy storage during offline migration
	https://bugzilla.redhat.com/show_bug.cgi?id=1322717

	During offline migration, no storage is copied. Nor disks, nor
	NVRAM file, nor anything. We use qemu for that and because domain
	is not running there's nobody to copy that for us.
	We should document this to avoid confusing users.

2016-09-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Don't return automatic NUMA emulator pinning data for persistentDef
	Calling virDomainGetEmulatorPinInfo on a live VM with automatic NUMA
	pinning and VIR_DOMAIN_AFFECT_CONFIG would return the automatic pinning
	data in some cases which is bogus. Use the autoCpuset property only when
	called on a live definition.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1365779

2016-09-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Don't return automatic NUMA vCPU pinning data for persistentDef
	Calling virDomainGetVcpuPinInfo on a live VM with automatic NUMA pinning
	and VIR_DOMAIN_AFFECT_CONFIG would return the automatic pinning data
	in some cases which is bogus. Use the autoCpuset property only when
	called on a live definition.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1365779

2016-09-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Add macro to simplify access to vm private data
	Sometimes adding a separate variable to access vm->privateData is not
	necessary. Add a macro that will do the typecasting rather than having
	to add a temp variable to force the compiler to typecast it.

	conf: Introduce virDomainObjGetOneDefState
	Return whether the live or persistent definition was returned. Sometimes
	it's necessary to base the decisions on this.

2016-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore graphics cookie if port == 0
	Old libvirt represents

	    <graphics type='spice'>
	      <listen type='none'/>
	    </graphics>

	as

	    <graphics type='spice' autoport='no'/>

	In this mode, QEMU doesn't listen for SPICE connection anywhere and
	clients have to use virDomainOpenGraphics* APIs to attach to the domain.
	That is, the client has to run on the same host where the domains runs
	and it's impossible to tell the client to reconnect to the destination
	QEMU during migration (unless there is some kind of proxy on the host).

	While current libvirt correctly ignores such graphics devices when
	creating graphics migration cookie, old libvirt just sends

	    <graphics type='spice' port='0' listen='0.0.0.0' tlsPort='-1'/>

	in the cookie. After seeing this cookie, we happily would call
	client_migrate_info QMP command and wait for SPICE_MIGRATE_COMPLETED
	event, which is quite pointless since the doesn't know where to connecti
	anyway. We should just ignore such cookies.

	https://bugzilla.redhat.com/show_bug.cgi?id=1376083

2016-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainOpenGraphics: Start job early
	Checking if a domain's definition or if it is active before we got a job
	is pointless since the domain might have changed in the meantime.

	Luckily libvirtd didn't crash when the API tried to talk to an inactive
	domain:

	debug : qemuDomainObjBeginJobInternal:2914 : Started job: modify
	    (async=none vm=0x7f8f340140c0 name=ble)
	debug : qemuDomainObjEnterMonitorInternal:3137 : Entering monitor
	    (mon=(nil) vm=0x7f8f340140c0 name=ble)
	warning : virObjectLock:319 : Object (nil) ((unknown)) is not a
	    virObjectLockable instance
	debug : qemuMonitorOpenGraphics:3505 : protocol=spice fd=27
	    fdname=graphicsfd skipauth=1
	error : qemuMonitorOpenGraphics:3508 : invalid argument: monitor must
	    not be NULL
	debug : qemuDomainObjExitMonitorInternal:3160 : Exited monitor
	    (mon=(nil) vm=0x7f8f340140c0 name=ble)
	debug : qemuDomainObjEndJob:3068 : Stopping job: modify (async=none
	    vm=0x7f8f340140c0 name=ble)

2016-09-21  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	stream.c: fix a typo
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

	config-post.h:fix a typo

2016-09-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: give better error messages whe agent monitor is down
	We can receive NULL as sync reply in two situations. First
	is garbage sync reply and this situation is handled by
	resending sync message. Second is different cases
	of rebooting guest, destroing domain etc and we can
	give more meaningful error message. Actually we have
	this error message in qemuAgentCommand already which checks
	for the same sitatuion. AFAIK case with mon->running
	is just to be safe on adding some future(?) cases of
	returning NULL reply.

	qemu: agent: reissue sync on garbage sync reply
	We can easily handle receiving garbage on sync. We don't
	have to make client deal with this situation. We just
	need to resend sync command but this time garbage is
	not be possible.

	qemu: agent: skip outdated sync replies
	When we wait for sync reply we can receive delayed
	reply to syncs or commands that were sent erlier. We can
	safely skip them until we receive sync reply with correct id.
	There is no much sense report this situation to client.
	Actually with a bit of "luck" if we involve client into
	this the play can go on forever: send sync 0, receive
	sync reply -1, send sync 1, receive reply 0 ...

2016-09-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: ignore garbage while waiting for sync reply
	After sync is sent we can receive garbare and this is not error.
	Consider next regular case:

	1. libvirtd sends sync
	2. qga sends partial sync reply and die
	3. libvirtd sends sync
	4. qga sends sync reply
	5. libvirtd receives garbage
	  (half of first reply and second reply together)

	We should handle this situation as it is recoverable.
	Next sync can succeed. Let's report reply is NULL,
	it will be converted to the VIR_ERR_AGENT_UNSYNCED
	which signals client to retry.

2016-09-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: agent: ignore delayed reply when unsynced
	Errors in qemuAgentIOProcessLine stop agent IO processing just
	like any regular IO error, however some of current errors
	that this functions spawns are false positives. Consider
	next case for example:

	1. send sync (unsynced state)
	2. receive sync reply (sync established)
	3. command send, but timeout occured (unsynced state)
	4. receive command reply

	Last IO triggers error because current code ignores
	only delayed syncs when unsynced

	We should not treat any delayed reply as error in unsynced
	state. Until client and qga are not in sync delayed reply to any
	command is possible. msg == NULL is the exact criterion
	that we are not in sync.

2016-09-20  Martin Kletzander  <mkletzan@redhat.com>

	conf: Add some shmem helpers for future use

	qemu: Add qemuAssignDeviceShmemAlias and use it

	qemu: Rename qemuBuildShmemBackendStr to qemuBuildShmemBackendChrStr
	There will be more backends in the future so let's not complicate it.

	qemu: Abstract shmem socket path preparation
	Put it into qemuDomainPrepareShmemChardev() so it can be used later.
	Also don't fill in the path unless the server option is enabled.

	qemu: Reorder shmem params nicely
	Always format id first so that we don't need to do that twice in
	different code paths.

	qemu: Move common checks outside qemuBuildShmemDevLegacyStr
	Some checks will need to be performed for newer device types as well, so
	let's not duplicate them.

	qemu: Rename qemuBuildShmemDevStr to qemuBuildShmemDevLegacyStr
	This will make sense after adding support for newer device types.

	qemu: Make qemuBuildShmemDevStr static
	It isn't used anywhere else.

2016-09-20  Andrea Bolognani  <abologna@redhat.com>

	virtlogd: Don't stop or restart along with libvirtd
	Commit 839a060 tied the lifecycle of virtlogd more
	closely to that of libvirtd. Unfortunately, while starting
	virtlogd when libvirtd is started is definitely a good idea,
	restarting virtlogd or shutting it down at any time outside
	of system poweroff is not.

	Revert part of that commit by removing the PartOf= lines,
	meaning that only startup requests will be propagated from
	libvirtd to virtlogd.

	Resolves: https://bugzilla.redhat.com/1372576

2016-09-20  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Add some command aliases to provide syntax sugar over ugly commands
	Make use of the new recently introduced alias handling for virt-admin srv-*
	commands.

	virt-admin: Tweak command parsing logic so that aliases point to new commands
	Change the logic in a way, so that VSH_CMD_FLAG_ALIAS behaves similarly to
	how VSH_OT_ALIAS for command options, i.e. there is no need for code duplication
	for the alias and the aliased command structures. Along with that change,
	switch any existing VSH_CMD_FLAG_ALIAS occurrences to this new format. Also,
	since this patch introduces a new command structure element, adjust the
	virsh-self-test test to make sure we won't ever miss to specify the '.alias'
	member for an aliased command because doing that would lead to an internal
	error.

	virsh: man: Do not document our old deprecated nodedev-dettach command
	The command is deprecated due to being grammatically incorrect, but for
	backwards compatibility reasons cannot be removed. However, we should not
	document such commands.

	vsh: discard vshCmddefOptFill and move its body to vshCmddefOptParse
	Recent changes extracted the command internals validation routine from
	vshCmddefOptParse method which now just calls vshCmddefOptFill. Therefore, make
	vshCmddefOptFill the new vshCmddefOptParse and drop the unnecessary name.

	vsh: Extract vshCmddefCheckInternals from vshCmddefOptParse
	Originally introduced by commit 2432521e which correctly split
	vshCmddefOptParse into command's options validation and options parsing.
	However, command's 'internals' are not tied solely to .options, rather it
	should be about the overall structure, therefore the validation should be
	extracted from vshCmddefOptParse and performed only within our test suite, i.e.
	in vshSelfTest.

	vsh: vshCmddefHelp: Drop the unnecessary 'else' branch
	If the initial check is true the function immediately returns so there's no
	need to enclose the code following the check within an 'else' block.
	Also, by removing the 'else' block, the declarations need to be moved to
	beginning of the function block to conform with our guidelines.

	vsh: vshCmddefHelp: Drop unnecessary variable 'help'
	Since it's used on a single place only, it can easily be replaced by the right
	side of the original assignment.

	vsh: Enforce checking for missing help string
	The intention is to move vshCmddefCheckInternals out of vshCmddefOptParse to
	our test suite. First step to do that is to enforce checking for an existing
	help string (that also means it's non-empty) in a command because a command
	without a help is not much of a use.

2016-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'extern' for VIR_EXPORT_VAR macro
	The recent update to gnulib

	  commit 9d7a37ecb2ab516c19164a57b8aeb32016a99d2c
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Thu Sep 15 15:12:52 2016 -0500

	    build: update to latest gnulib

	Pulled in a change that adds -fno-common to the default compiler
	flags

	  commit bf8e658ffadb95d444f56d222d04c9af955af765
	  Author: Jim Meyering <meyering@fb.com>
	  Date:   Fri Sep 2 09:16:16 2016 -0700

	    manywarnings: add -fno-common

	This caused libvirt Mingw build to break with the compiler
	reporting 100's of definitions of virConnectAuthPtrDefault

	./.libs/libvirt_util.a(libvirt_util_la-virarch.o):virarch.c:(.bss+0x0): multiple definition of `virConnectAuthPtrDefault'
	./.libs/libvirt_util.a(libvirt_util_la-viralloc.o):viralloc.c:(.bss+0x0): first defined here
	./.libs/libvirt_util.a(libvirt_util_la-viratomic.o):viratomic.c:(.bss+0x0): multiple definition of `virConnectAuthPtrDefault'
	./.libs/libvirt_util.a(libvirt_util_la-viralloc.o):/home/berrange/src/virt/libvirt/src/util/viralloc.c:87: first defined here
	./.libs/libvirt_util.a(libvirt_util_la-viraudit.o):viraudit.c:(.bss+0x0): multiple definition of `virConnectAuthPtrDefault'
	./.libs/libvirt_util.a(libvirt_util_la-viralloc.o):/home/berrange/src/virt/libvirt/src/util/viralloc.c:87: first defined here
	./.libs/libvirt_util.a(libvirt_util_la-virauth.o):virauth.c:(.bss+0x0): multiple definition of `virConnectAuthPtrDefault'
	./.libs/libvirt_util.a(libvirt_util_la-viralloc.o):/home/berrange/src/virt/libvirt/src/util/viralloc.c:87: first defined here
	./.libs/libvirt_util.a(libvirt_util_la-virauthconfig.o):virauthconfig.c:(.bss+0x0): multiple definition of `virConnectAuthPtrDefault'
	...snip...

	The cause is our VIR_EXPORT_VAR macro which has some
	magic on win to add dllexport/dllimport to the variable
	declaration. Unfortunately the dllexport branch missed
	off the 'extern' keyword, so the header file was in
	fact declaring an instance of the variable in every
	source file.

	Previously the linker would merge all these definitions
	into one, but that no longer happens due to -fno-common

2016-09-20  Pavel Hrdina  <phrdina@redhat.com>

	test: update capability replies for qemu-2.7.0

2016-09-20  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_process: fix a typo
	s/unitl/until

2016-09-19  Laine Stump  <laine@laine.org>

	tests: fix use of fixedcontent variable
	Commit 8563560026d192c2cf047b550ffd468692245ed6 switched from
	hardcoded use of strcontent to hardcoded use of fixedcontent
	(fixedcontent is *sometimes* a copy of strcontent with a \n
	appended). This was a problem because sometimes fixedcontent is *not*
	a copy of strcontent, but is instead NULL, leading to the regenerated
	test case output being a 0 length file.

	This patch creates a new const char *cmpcontent initialized to
	strcontent, but changed to fixedcontent if/when fixedcontent is
	created, then always uses cmpcontent instead of (str|fixed)content.

2016-09-19  Eric Blake  <eblake@redhat.com>

	Revert "configure: Check for major() more strictly"
	This reverts commit d53fa838e18d8c192296487ff40c3a37420b6d06,
	which is no longer needed now that gnulib does the job.

	build: update to latest gnulib
	In particular, pull in gnulib's fix for the broken AC_HEADER_MAJOR
	macro in autoconf.

2016-09-19  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce qemuGetHupageMemPath
	Now that we have two same implementations for getting path for
	huge pages backed guest memory, lets merge them into one function.

2016-09-19  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Don't crash if no hugetlbfs is mounted
	When trying to migrate a huge page enabled guest, I've noticed
	the following crash. Apparently, if no specific hugepages are
	requested:

	  <memoryBacking>
	    <hugepages/>
	  </memoryBacking>

	and there are no hugepages configured on the destination, we try
	to dereference a NULL pointer.

	Program received signal SIGSEGV, Segmentation fault.
	0x00007fcc907fb20e in qemuGetHugepagePath (hugepage=0x0) at qemu/qemu_conf.c:1447
	1447        if (virAsprintf(&ret, "%s/libvirt/qemu", hugepage->mnt_dir) < 0)
	(gdb) bt
	#0  0x00007fcc907fb20e in qemuGetHugepagePath (hugepage=0x0) at qemu/qemu_conf.c:1447
	#1  0x00007fcc907fb2f5 in qemuGetDefaultHugepath (hugetlbfs=0x0, nhugetlbfs=0) at qemu/qemu_conf.c:1466
	#2  0x00007fcc907b4afa in qemuBuildMemoryBackendStr (size=4194304, pagesize=0, guestNode=0, userNodeset=0x0, autoNodeset=0x0, def=0x7fcc70019070, qemuCaps=0x7fcc70004000, cfg=0x7fcc5c011800, backendType=0x7fcc95087228, backendProps=0x7fcc95087218,
	    force=false) at qemu/qemu_command.c:3297
	#3  0x00007fcc907b4f91 in qemuBuildMemoryCellBackendStr (def=0x7fcc70019070, qemuCaps=0x7fcc70004000, cfg=0x7fcc5c011800, cell=0, auto_nodeset=0x0, backendStr=0x7fcc70020360) at qemu/qemu_command.c:3413
	#4  0x00007fcc907c0406 in qemuBuildNumaArgStr (cfg=0x7fcc5c011800, def=0x7fcc70019070, cmd=0x7fcc700040c0, qemuCaps=0x7fcc70004000, auto_nodeset=0x0) at qemu/qemu_command.c:7470
	#5  0x00007fcc907c5fdf in qemuBuildCommandLine (driver=0x7fcc5c07b8a0, logManager=0x7fcc70003c00, def=0x7fcc70019070, monitor_chr=0x7fcc70004bb0, monitor_json=true, qemuCaps=0x7fcc70004000, migrateURI=0x7fcc700199c0 "defer", snapshot=0x0,
	    vmop=VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START, standalone=false, enableFips=false, nodeset=0x0, nnicindexes=0x7fcc95087498, nicindexes=0x7fcc950874a0, domainLibDir=0x7fcc700047c0 "/var/lib/libvirt/qemu/domain-1-fedora") at qemu/qemu_command.c:9547

2016-09-19  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_agent|monitor: use different log on hangup event
	Both qemu monitor and agent print the same
	log on HUANGUP event, which would be confusing
	when reading libvirtd log.

	This patch will give a different log message to them.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2016-09-19  Daniel P. Berrange  <berrange@redhat.com>

	docs: expand docs on user x509 cert locations
	The layout in $HOME/.pki is different from that in /etc/pki
	but we never tell anyone about this trap. Add docs showing
	the required $HOME/.pki layout.

2016-09-16  Martin Kletzander  <mkletzan@redhat.com>

	conf: Allow copying of shmem defs
	This way we'll be able to hotplug with both --live and --config in one
	API call.

	schema: Allow shmem to have alias
	It already is used and tests will be automatically added in later patches.

	qemuhotplugtest: Only read result_filename if used

2016-09-16  Laszlo Ersek  <lersek@redhat.com>

	qemu: map "virtio" video model to "virt" machtype correctly (arm/aarch64)
	Most of QEMU's PCI display device models, such as:

	  libvirt video/model/@type  QEMU -device
	  -------------------------  ------------
	  cirrus                     cirrus-vga
	  vga                        VGA
	  qxl                        qxl-vga
	  virtio                     virtio-vga

	come with a linear framebuffer (sometimes called "VGA compatibility
	framebuffer"). This linear framebuffer lives in one of the PCI device's
	MMIO BARs, and allows guest code (primarily: firmware drivers, and
	non-accelerated OS drivers) to display graphics with direct memory access.

	Due to architectural reasons on aarch64/KVM hosts, this kind of
	framebuffer doesn't / can't work in

	  qemu-system-(arm|aarch64) -M virt

	machines. Cache coherency issues guarantee a corrupted / unusable display.
	The problem has been researched by several people, including kvm-arm
	maintainers, and it's been decided that the best way (practically the only
	way) to have boot time graphics for such guests is to consolidate on
	QEMU's "virtio-gpu-pci" device.

	>From <https://bugzilla.redhat.com/show_bug.cgi?id=1195176>, libvirt
	supports

	  <devices>
	    <video>
	      <model type='virtio'/>
	    </video>
	  </devices>

	but libvirt unconditionally maps @type='virtio' to QEMU's "virtio-vga"
	device model. (See the qemuBuildDeviceVideoStr() function and the
	"qemuDeviceVideo" enum impl.)

	According to the above, this is not right for the "virt" machine type; the
	qemu-system-(arm|aarch64) binaries don't even recognize the "virtio-vga"
	device model (justifiedly). Whereas "virtio-gpu-pci", which is a pure
	virtio device without a compatibility framebuffer, is available, and works
	fine.

	(The ArmVirtQemu ("AAVMF") platform of edk2 -- that is, the UEFI firmware
	for "virt" -- supports "virtio-gpu-pci", as of upstream commit
	3ef3209d3028. See
	<https://tianocore.acgmultimedia.com/show_bug.cgi?id=66>.)

	Override the default mapping of "virtio", from "virtio-vga" to
	"virtio-gpu-pci", if qemuDomainMachineIsVirt() evaluates to true.

	Cc: Andrea Bolognani <abologna@redhat.com>
	Cc: Drew Jones <drjones@redhat.com>
	Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
	Cc: Martin Kletzander <mkletzan@redhat.com>
	Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372901
	Acked-by: Martin Kletzander <mkletzan@redhat.com>

2016-09-16  Martin Kletzander  <mkletzan@redhat.com>

	util: Expose virHostCPUStatsAssign on non-Linux
	There is nothing Linux-specific in that function.  Also since commit
	8c3b5bf48123783b812b97360db7ac51f1889e17 mingw build is broken due to
	the fact that this function is not compiled in the library.

2016-09-15  Tomáš Ryšavý  <tom.rysavy.0@gmail.com>

	test driver: Implement testNodeGetFreePages.

	test driver: added pages sizes into XML into test driver.

	test driver: Implement testNodeGetFreeMemory

	test driver: Implement testNodeGetCPUStats

	test driver: Implement virConnectGetType.

	test driver: Implement virConnectGetSysinfo.

	test_driver: Replace magic constant
	In testOpenDefault we create a virtual computer that is later
	presented to user. We also pretend to have NUMA cells and
	initialize them somehow. But whilst doing so a magical constant
	is used. Drop it.

	virhostcpu: Expose virHostCPUStatsAssign
	We will need this function shortly when implementing
	nodeGetCPUStats in the test driver.

2016-09-15  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	virsh: use virConnectGetDomainCapabilities with maxvcpus
	virsh maxvcpus --type kvm output is useless on PPC. Also, in
	commit e6806d79 we documented not rely on virConnectGetMaxVcpus
	output. Fix the  maxvcpus to use virConnectGetDomainCapabilities
	now to make it useful. The call is made to use the default emulator
	binary and to check for the host machine and arch which is what the
	command intends to show anyway.

2016-09-15  Martin Kletzander  <mkletzan@redhat.com>

	tests: Use fixedcontent variable
	Commit ca32929908bbc94116493ad8915e7cd7ae0f57d5 added function
	virTestCompareToFile(), but forgot to use a fixedcontent value for the
	actual comparison.  That lead to VIR_TEST_DEBUG=1 showing (for some
	tests) all the actual output from the first error to the end of the
	string due to the difference being an endline in the end.

2016-09-15  Jason Miesionczek  <jmiesionczek@datto.com>

	hyperv: additional server 2008 wmi classes

2016-09-14  Michal Privoznik  <mprivozn@redhat.com>

	tests: Self test virt-admin
	Just like we are running 'virsh self-test' from within our test
	suite, we should run 'virt-admin self-test' too.

	virsh: Move cmdSelfTest to vsh
	This command should be exposed to other shells of ours.
	They are gonna need it as soon as we want to test them too.

2016-09-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Don't infer vcpu state
	Use the state information (online, hotpluggable) provided by the monitor
	code rather than trying to infer it. This fixes an issue where on
	architectures that require hotplug of multiple threads at once the
	sub-cores would get updated as offline on daemon restart thus creating
	an invalid configuration.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1375783

2016-09-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add vcpu state information to monitor data
	Return whether a vcpu entry is hotpluggable or online so that upper
	layers don't have to infer the information from other data.

	Advantage is that this code can be tested by unit tests.

2016-09-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: qemuMonitorGetCPUInfoHotplug: Add iterator 'anycpu'
	Add separate iterator for iterating all the entries

	qemu: monitor: Use a more obvious iterator name
	The algorithm that matches data from query-cpus and
	query-hotpluggable-cpus is quite complex. Start using descriptive
	iterator names to avoid confusion.

2016-09-14  Michal Privoznik  <mprivozn@redhat.com>

	virDomainGetBlockJobInfo: Fix corner case when qemu reports no info
	https://bugzilla.redhat.com/show_bug.cgi?id=1372613

	Apparently, some management applications use the following code
	pattern when waiting for a block job to finish:

	  while (1) {
	    virDomainGetBlockJobInfo(dom, disk, info, flags);

	    if (info.cur == info.end)
	        break;

	    sleep(1);
	  }

	Problem with this approach is in its corner cases. In case of
	QEMU, libvirt merely pass what has been reported on the monitor.
	However, if the block job hasn't started yet, qemu reports cur ==
	end == 0 which tricks mgmt apps into thinking job is complete.

	The solution is to mangle cur/end values as described here [1].

	1: https://www.redhat.com/archives/libvir-list/2016-September/msg00017.html

2016-09-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetBlockJobInfo: Move info translation into separate func
	Even though we merely just pass to users whatever qemu provided
	on the monitor, we still do some translation. For instance we
	turn bytes into mebibytes, or fix job type if needed. However, in
	the future there is more fixing to be done so this code deserves
	its own function.

2016-09-14  Daniel P. Berrange  <berrange@redhat.com>

	tests: use a fixed chardev TLS path
	The test qemuxml2argv-serial-tcp-tlsx509-chardev.args
	will fail if libvirt is built with a --sysconfdir
	arg that is not /etc.  Fix this by setting a hardcoded
	path in the test code.

2016-09-14  Peter Krempa  <pkrempa@redhat.com>

	numa: Rename virNumaGetHostNodeset and make it return only nodes with memory
	Name it virNumaGetHostMemoryNodeset and return only NUMA nodes which
	have memory installed. This is necessary as the kernel is not very happy
	to set the memory cgroup setting for nodes which do not have any memory.

	This would break vcpu hotplug with following message on such
	configruation:

	  Invalid value '0,8' for 'cpuset.mems': Invalid argument

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1375268

2016-09-14  Peter Krempa  <pkrempa@redhat.com>

	util: numa: Remove impossible error handling
	The code guarantees that virBitmapSetBit won't be called with out of
	range values. Just ignore the return value and remove dead error
	handling.

2016-09-13  Michal Privoznik  <mprivozn@redhat.com>

	configure: Check for major() more strictly
	Thing is, in f3f15cc24 I'm trying to adapt libvirt to the newest
	glibc where major()/minor()/makedev() are moved from sys/types.h
	to sys/sysmacros.h. However, my commit back then expect autoconf
	to be fixed too as we already use AC_HEADER_MAJOR to determine
	which header file the functions are in, but because the header
	files just trigger a warning and not a compile error, the
	autoconf macro detects the bad header file.

	This is just a workaround until autoconf macro is fixed.

2016-09-13  Erik Skultety  <eskultet@redhat.com>

	tests: fix incorrect status handling by virsh-self-test
	The virsh-self-test script compared the test's return code with 1 and only if
	the return code matched this value then the test was marked as failed. Problem
	is that SIGSEGV returns 139 (or 11 to be precise, since shell reserves the MSB
	for abnormal exit signaling) which passes the check just fine and test then
	appears as successful which it most certainly wasn't.
	Therefore, flip the logic to compare against 0 instead and every other result
	will be treated as a failed test case.

2016-09-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add missing 'p' to qemuCgrouEmulatorAllNodesRestore

2016-09-13  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	virsh: add --keep-nvram option to undefine command

	qemu: add VIR_DOMAIN_UNDEFINE_KEEP_NVRAM support

	api: add VIR_DOMAIN_UNDEFINE_KEEP_NVRAM flag
	This flags specifies to keep nvram file if it is existed for inactive
	domains.

2016-09-12  Laine Stump  <laine@laine.org>

	conf: allow hotplugging "legacy PCI" device to manually addressed PCIe slot
	In a full domain config, libvirt allows overriding the normal PCI
	vs. PCI Express rules when a device address is explicitly provided
	(so, e.g., you can force a legacy PCI device to plug into a PCIe port,
	although libvirt would never do that on its own). However, due to a
	bug libvirt doesn't give this same leeway when hotplugging devices. On
	top of that, current libvirt assumes that *all* devices are legacy
	PCI. The result of all this is that it's impossible to hotplug a
	device into a PCIe port, even if you manually add the PCI address.

	This can all be traced to the function
	virDomainPCIAddressEnsureAddr(), and the fact that it calls
	virDomainPCIaddressReserveSlot() for manually set addresses, and that
	function hardcodes the argument "fromConfig" to false (meaning "this
	address was auto-assigned, so it should be subject to stricter
	validation").

	Since virDomainPCIAddressReserveSlot() is just a one line simple
	wrapper around virDomainPCIAddressReserveAddr() (adding in a hardcoded
	reserveEntireSlot = true and fromConfig = false), all that's needed to
	solve the problem with no unwanted side effects is to replace that
	call for virDomainPCIAddressReserveSlot() with a direct call to
	virDomainPCIAddressReserveAddr(), but with reserveEntireSlot = true,
	fromConfig = true. That's what this patch does.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1337490

2016-09-12  Laine Stump  <laine@laine.org>

	qemu: fix improper initialization of cgroupControllers bitmap
	virQEMUDriverConfigNew() always initializes the bitmap in its
	cgroupControllers member to -1 (i.e. all 1's).

	Prior to commit a9331394, if qemu.conf had a line with
	"cgroup_controllers", cgroupControllers would get reset to 0 before
	going through a loop setting a bit for each named cgroup controller.
	commit a9331394 left out the "reset to 0" part, so cgroupControllers
	would always be -1; if you didn't want a controller included, there
	was no longer a way to make that happen.

	This was discovered by users who were using qemu commandline
	passthrough to use the "input-linux" method of directing
	keyboard/mouse input to a virtual machine:

	 https://www.redhat.com/archives/vfio-users/2016-April/msg00105.html

	Here's the first report I found of the problem encountered after
	upgrading libvirt beyond v2.0.0:

	 https://www.redhat.com/archives/vfio-users/2016-August/msg00053.html

	Thanks to sL1pKn07 SpinFlo <sl1pkn07@gmail.com> for bringing the
	problem up in IRC, and then taking the time to do a git bisect and
	find the patch that started the problem.

2016-09-12  Martin Kletzander  <mkletzan@redhat.com>

	audit: Audit information about shmem devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1218603

2016-09-12  Daniel P. Berrange  <berrange@redhat.com>

	qemu: avoid parameter named 'listen'
	previous commit:

	  commit 2c3223785c121eafbdd503f11549d7964461934f
	  Author: John Ferlan <jferlan@redhat.com>
	  Date:   Mon Jun 13 12:30:34 2016 -0400

	    qemu: Add the ability to hotplug the TLS X.509 environment

	added a parameter "bool listen" in some methods. This
	unfortunately clashes with the listen() method, causing
	compile failures on certain platforms (RHEL-6 for example)

2016-09-12  John Ferlan  <jferlan@redhat.com>

	storage: Need to properly read the crypt offset value
	Commit id 'a48c7141' altered how to determine if a volume was encrypted
	by adding a peek at an offset into the file at a specific buffer location.
	Unfortunately, all that was compared was the first "char" of the buffer
	against the expect "int" value.

	Restore the virReadBufInt32BE to get the complete field in order to
	compare against the expected value from the qcow2EncryptionInfo or
	qcow1EncryptionInfo "modeValue" field.

	This restores the capability to create a volume with encryption, then
	refresh the pool, and still find the encryption for the volume.

2016-09-12  John Ferlan  <jferlan@redhat.com>

	storage: Need to refresh secret for luks volume after volume refresh
	A LUKS volume uses the volume secret type just like the QCOW2 secret, so
	adjust the loading of the default secrets to handle any volume that the
	virStorageFileGetMetadataFromBuf code has deemed to be an encrypted volume
	to search for the volume's secret. This lookup is done by volume usage
	where the usage is expected to be the path to volume.

2016-09-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	log: Fix reporting OOM error incorrectly when defining a logging filter
	When a new filter is being defined, the return code is not handled properly,
	thus triggering OOM error reporting routine (bug introduced by 51b2606f).

2016-09-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't use query-migrate on destination
	When migration fails, we need to poke QEMU monitor to check for a reason
	of the failure. We did this using query-migrate QMP command, which is
	not supposed to return any meaningful result on the destination side.
	Thus if the monitor was still functional when we detected the migration
	failure, parsing the answer from query-migrate always failed with the
	following error message:

	    "info migration reply was missing return status"

	This irrelevant message was then used as the reason for the migration
	failure replacing any message we might have had.

	Let's use harmless query-status for poking the monitor to make sure we
	only get an error if the monitor connection is broken.

	https://bugzilla.redhat.com/show_bug.cgi?id=1374613

2016-09-12  John Ferlan  <jferlan@redhat.com>

	util: Quiet the logging if perf file doesn't exist
	Commit id 'b00d7f29' shifted the opening of the /sys/devices/intel_cqm/type
	file from event enable to perf event initialization. If the file did not
	exist, then an error would be written to the domain log:

	2016-09-06 20:51:21.677+0000: 7310: error : virFileReadAll:1360 : Failed to open file '/sys/devices/intel_cqm/type': No such file or directory

	Since the error is now handled in virPerfEventEnable by checking if the
	event_attr->attrType == 0 for CMT, MBML, and MBMT events - we can just
	use the Quiet API in order to not log the error we're going to throw away.

	Additionally, rather than using virReportSystemError, use virReportError
	and VIR_ERR_ARGUMENT_UNSUPPORTED in order to signify that support isn't there
	for that type of perf event - adjust the error message as well.

2016-09-12  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virConnectBaselineCPU
	Akin to previous commit but for "virsh cpu-baseline" which
	computes a baseline CPU for a set of host cpu elements.

	libxl: implement virConnectCompareCPU
	Implement support for "virsh cpu-compare" so that we can calculate
	common cpu element between a pool of hosts, which had a requirement
	of providing host cpu description.

2016-09-12  Joao Martins  <joao.m.martins@oracle.com>

	libxl: describe host cpu features based on hwcaps
	Parse libxl_hwcap accounting for versions since Xen 4.4 - Xen 4.7.
	libxl_hwcaps is a set of cpuid leaves output that is described in [0] or
	[1] in Xen 4.7. This is a collection of CPUID leaves that we version
	in libvirt whenever feature words are reordered or added. Thus we keep the
	common ones in one struct and others for each version. Since
	libxl_hwcaps doesn't appear to have a stable format across all supported
	versions thus we need to keep track of changes as a compromise until it's
	exported in xen libxl API. We don't fail in initializing the driver in case
	parsing of hwcaps failed for that reason. In addition, change the notation
	on PAE feature such that is easier to read which bit it corresponds.

	[0] xen/include/asm-x86/cpufeature.h
	[1] xen/include/public/arch-x86/cpufeatureset.h

2016-09-12  Joao Martins  <joao.m.martins@oracle.com>

	libxl: describe host topology in capabilities
	Add support for describing cpu topology in host cpu element.  In doing
	so, refactor hwcaps part to its own helper namely libxlCapsInitCPU to
	handle all host cpu related operations, including topology.

2016-09-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Don't wait if cdrom tray is opened forcibly
	Qemu always opens the tray if forced to. Skip the waiting step in such
	case.

	This also helps if qemu does not report the tray change event when
	opening the cdrom forcibly (the documentation says that the event will
	not be sent although qemu in fact does trigger it even if @force is
	selceted).

	This is a workaround for a qemu issue where qemu does not send the tray
	change event in some cases (after migration with empty closed locked
	drive) and thus renders the cdrom useless from libvirt's point of view.

	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1368368

2016-09-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Clear startup policy for dropped removable media
	When a source image is dropped when missing due to startup policy the
	policy needs to be cleared since it was relevant only for the given
	storage source. New sources need to update it if needed.

2016-09-09  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virtio-net rx_queue_size

	qemu_capabilities: Introduce virtio-net-*.rx_queue_size
	Just like in the previous commit, teach qemu driver to detect
	whether qemu supports this configuration knob or not.

2016-09-09  Michal Privoznik  <mprivozn@redhat.com>

	conf: Add support for virtio-net.rx_queue_size
	https://bugzilla.redhat.com/show_bug.cgi?id=1366989

	QEMU added another virtio-net tunable [1]. It basically allows
	users to set the size of RX virtio ring. But because virtio-net
	uses two separate ring buffers to pass data from/to guest they
	named it explicitly rx_queue_size. We should expose it in our XML
	too.

	1: http://lists.nongnu.org/archive/html/qemu-devel/2016-08/msg02029.html

2016-09-09  John Ferlan  <jferlan@redhat.com>

	conf: Add new secret type "tls"
	Add a new secret usage type known as "tls" - it will handle adding the
	secret objects for various TLS objects that need to provide some sort
	of passphrase in order to access the credentials.

	The format is:

	   <secret ephemeral='no' private='no'>
	     <description>Sample TLS secret</description>
	     <usage type='tls'>
	       <name>mumblyfratz</name>
	     </usage>
	</secret>

	Once defined and a passphrase set, future patches will allow the UUID
	to be set in the qemu.conf file and thus used as a secret for various
	TLS options such as a chardev serial TCP connection, a NBD client/server
	connection, and migration.

2016-09-09  John Ferlan  <jferlan@redhat.com>

	qemu: Add the ability to hotplug the TLS X.509 environment
	If the incoming XML defined a path to a TLS X.509 certificate environment,
	add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
	character device.

	Likewise, if the environment exists the hot unplug needs adjustment as
	well.  Note that all the return ret were changed to goto cleanup since
	the cfg needs to be unref'd

2016-09-09  John Ferlan  <jferlan@redhat.com>

	qemu: Add support for TLS X.509 path to TCP chardev backend
	When building a chardev device string for tcp, add the necessary pieces to
	access provide the TLS X.509 path to qemu.  This includes generating the
	'tls-creds-x509' object and then adding the 'tls-creds' parameter to the
	VIR_DOMAIN_CHR_TYPE_TCP command line.

	Finally add the tests for the qemu command line. This test will make use
	of the "new(ish)" /etc/pki/qemu setting for a TLS certificate environment
	by *not* "resetting" the chardevTLSx509certdir prior to running the test.
	Also use the default "verify" option (which is "no").

2016-09-09  John Ferlan  <jferlan@redhat.com>

	conf: Introduce chartcp_tls_x509_cert_dir
	Add a new TLS X.509 certificate type - "chardev". This will handle the
	creation of a TLS certificate capability (and possibly repository) for
	properly configured character device TCP backends.

	Unlike the vnc and spice there is no "listen" or "passwd" associated. The
	credentials eventually will be handled via a libvirt secret provided to
	a specific backend.

	Make use of the default verify option as well.

2016-09-09  John Ferlan  <jferlan@redhat.com>

	conf: Add new default TLS X.509 certificate default directory
	Rather than specify perhaps multiple TLS X.509 certificate directories,
	let's create a "default" directory which can then be used if the service
	(e.g. for now vnc and spice) does not supply a default directory.

	Since the default for vnc and spice may have existed before without being
	supplied, the default check will first check if the service specific path
	exists and if so, set the cfg entry to that; otherwise, the default will
	be set to the (now) new defaultTLSx509certdir.

	Additionally add a "default_tls_x509_verify" entry which can also be used
	to force the peer verification option (for vnc it's a x509verify option).
	Add/alter the macro for the option being found in the config file to accept
	the default value.

2016-09-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove stale transient def when migration fails
	If a migration of a domain which is already defined on the destination
	host failed early (before we tried to start QEMU), we would forget to
	remove the incoming transient definition. Later on when someone starts
	the domain on the destination host, we will use the stale incoming
	definition and the persistent definition will just be ignored.

	https://bugzilla.redhat.com/show_bug.cgi?id=1368774

2016-09-08  Jiri Denemark  <jdenemar@redhat.com>

	Add helper for removing transient definition
	The code for replacing domain's transient definition with the persistent
	one is repeated in several places and we'll need to add one more. Let's
	make a nice helper for it.

2016-09-08  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Fix some English grammar in the manpage

	virt-admin: Document srv-list command in virt-admin's man page
	srv-list command was missing in the man page.

2016-09-08  Christophe Fergeau  <cfergeau@redhat.com>

	virsh: Fix *-event error string
	When using
	virsh net-event non-existing-net
	the error message says that 'either --list or event type is required'
	This is misleading as 'virsh net-event $valid-event-type' is not going
	to work either. What is expected is 'virsh net-event --event
	$valid-event-type'

	This commit fixes the string in pool-event, nodedev-event, event, and
	net-event.

2016-09-08  Julio Faracco  <jcfaracco@gmail.com>

	security: Fixing wrong label in virt-aa-helper.c.
	There is an issue with a wrong label inside vah_add_path().
	The compilation fails with the error:
	make[3]: Entering directory '/tmp/libvirt/src'
	  CC       security/virt_aa_helper-virt-aa-helper.o
	security/virt-aa-helper.c: In function 'vah_add_path':
	security/virt-aa-helper.c:769:9: error: label 'clean' used but not defined
	         goto clean;

	This patch moves 'clean' label to 'cleanup' label.

2016-09-07  Rufo Dogav  <rufo@rufoa.com>

	Avoid segfault in virt-aa-helper when handling read-only filesystems
	This patch fixes a segfault in virt-aa-helper caused by attempting to
	modify a static string literal. It is triggered when a domain has a
	<filesystem> with type='mount' configured read-only and libvirt is
	using the AppArmor security driver for sVirt confinement. An "R" is
	passed into the function and converted to 'r'.

2016-09-07  Yanqiu Zhang  <yanqzhan@redhat.com>

	storage: Delete extra wrap after vol-resize error
	This patch is to delete the extra wrap "\n" after failed vol-resize
	error for both "Failed to change size of volume to" and "Failed to change
	size of volume by". For error with wrap, there will be an extra wrap
	between two errors, such as:

	   (1)# virsh vol-resize --pool default --vol vol-test 5M
	        error: Failed to change size of volume 'vol-test' to 5M

	        error: invalid argument: Can't shrink capacity below current capacity unless shrink flag explicitly specified

	   (2)# virsh vol-resize /var/lib/libvirt/images/volds --shrink --delta 10M
	        error: Failed to change size of volume 'volds' by 10M

	        error: invalid argument: can't shrink capacity below existing allocation

2016-09-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Remove unnecessary condition
	At this point it's guaranteed that 'persistentDef' is non-NULL so we
	don't need to check it again.

2016-09-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Fix start with unpluggable vcpus with NUMA pinning
	Similarly to vcpu hotplug the emulator thread cgroup numa mapping needs
	to be relaxed while hot-adding vcpus so that the threads can allocate
	data in the DMA zone.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1370084

2016-09-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Extract temporary relaxing of cgroup setting for vcpu hotplug
	When hot-adding vcpus qemu needs to allocate some structures in the DMA
	zone which may be outside of the numa pinning. Extract the code doing
	this in a set of helpers so that it can be reused.

2016-09-07  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Output srv-clients-set data as unsigned int rather than signed
	Unfortunately, commit a8962f70 only fixed first half of the reported issue of
	virt-admin outputting negative values where unsigned int is expected by
	BZ below, so this commit represents the other missing half of the fix.

	resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356769

2016-09-07  Maxim Nestratov  <mnestratov@virtuozzo.com>

	util: fix crash in virClassIsDerivedFrom for CloseCallbacks objects
	There is a possibility that qemu driver frees by unreferencing its
	closeCallbacks pointer as it has the only reference to the object,
	while in fact not all users of CloseCallbacks called thier
	virCloseCallbacksUnset.

	Backtrace is the following:
	Thread #1:
	0  in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	1  in virCondWait (c=<optimized out>, m=<optimized out>)
	    at util/virthread.c:154
	2  in virThreadPoolFree (pool=0x7f0810110b50)
	    at util/virthreadpool.c:266
	3  in qemuStateCleanup () at qemu/qemu_driver.c:1116
	4  in virStateCleanup () at libvirt.c:808
	5  in main (argc=<optimized out>, argv=<optimized out>)
	    at libvirtd.c:1660

	Thread #2:
	0  in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7f0837c694d0) at util/virobject.c:169
	1  in virObjectIsClass (anyobj=anyobj@entry=0x7f08101d4760, klass=<optimized out>) at util/virobject.c:365
	2  in virObjectLock (anyobj=0x7f08101d4760) at util/virobject.c:317
	3  in virCloseCallbacksUnset (closeCallbacks=0x7f08101d4760, vm=vm@entry=0x7f08101d47b0, cb=cb@entry=0x7f081d078fc0 <qemuProcessAutoDestroy>) at util/virclosecallbacks.c:163
	4  in qemuProcessAutoDestroyRemove (driver=driver@entry=0x7f081018be50, vm=vm@entry=0x7f08101d47b0) at qemu/qemu_process.c:6368
	5  in qemuProcessStop (driver=driver@entry=0x7f081018be50, vm=vm@entry=0x7f08101d47b0, reason=reason@entry=VIR_DOMAIN_SHUTOFF_SHUTDOWN, asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_NONE, flags=flags@entry=0) at qemu/qemu_process.c:5854
	6  in processMonitorEOFEvent (vm=0x7f08101d47b0, driver=0x7f081018be50) at qemu/qemu_driver.c:4585
	7  qemuProcessEventHandler (data=<optimized out>, opaque=0x7f081018be50) at qemu/qemu_driver.c:4629
	8  in virThreadPoolWorker (opaque=opaque@entry=0x7f0837c4f820) at util/virthreadpool.c:145
	9  in virThreadHelper (data=<optimized out>) at util/virthread.c:206
	10 in start_thread () from /lib64/libpthread.so.0

	Let's reference CloseCallbacks object in virCloseCallbacksSet and
	unreference in virCloseCallbacksUnset.

2016-09-07  Yuri Pudgorodskiy  <yur@virtuozzo.com>

	qemu: guest agent: introduce new error code VIR_ERR_AGENT_UNSYNCED
	A separate error code will help recognize real failures from
	necessity to try again

2016-09-06  Michal Privoznik  <mprivozn@redhat.com>

	Make sure sys/types.h is included after sys/sysmacros.h
	In the latest glibc, major() and minor() functions are marked as
	deprecated (glibc commit dbab6577):

	  CC       util/libvirt_util_la-vircgroup.lo
	util/vircgroup.c: In function 'virCgroupGetBlockDevString':
	util/vircgroup.c:768:5: error: '__major_from_sys_types' is deprecated:
	  In the GNU C Library, `major' is defined by <sys/sysmacros.h>.
	  For historical compatibility, it is currently defined by
	  <sys/types.h> as well, but we plan to remove this soon.
	  To use `major', include <sys/sysmacros.h> directly.
	  If you did not intend to use a system-defined macro `major',
	  you should #undef it after including <sys/types.h>.
	  [-Werror=deprecated-declarations]
	     if (virAsprintf(&ret, "%d:%d ", major(sb.st_rdev), minor(sb.st_rdev)) < 0)
	     ^~
	In file included from /usr/include/features.h:397:0,
	                 from /usr/include/bits/libc-header-start.h:33,
	                 from /usr/include/stdio.h:28,
	                 from ../gnulib/lib/stdio.h:43,
	                 from util/vircgroup.c:26:
	/usr/include/sys/sysmacros.h:87:1: note: declared here
	 __SYSMACROS_DEFINE_MAJOR (__SYSMACROS_FST_IMPL_TEMPL)
	 ^

	Moreover, in the glibc commit, there's suggestion to keep
	ordering of including of header files as implemented here.

2016-09-06  Nishith Shah  <nishithshah.2211@gmail.com>

	tools: Pass opaque data in vshCompleter and introduce autoCompleteOpaque
	This patch changes the signature of vshCompleters, allowing to pass along
	some data that we might want to along with the completers; for example,
	we might want to pass the autocomplete vshControl along with the
	completer, in case the completer requires a connection to libvirtd.

2016-09-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: hostcpu: improve CPU freq code for FreeBSD
	Current implementation uses the dev.cpu.0.freq sysctl that is
	provided by the cpufreq(4) framework and returns the actual
	CPU frequency. However, there are environments where it's not available,
	e.g. when running nested in KVM. In this case fall back to hw.clockrate
	that reports CPU frequency at the boot time.

	Resolves (hopefully):
	https://bugzilla.redhat.com/show_bug.cgi?id=1369964

2016-09-06  Andrea Bolognani  <abologna@redhat.com>

	libvirt-guests.service: Add Requires=libvirtd.service
	Having After=libvirtd.service merely ensures that, if both
	services are asked to start, libvirtd.service will start
	first.

	What we really want is for libvirtd.service to be started
	whenever libvirt-guests.service is asked to start. Adding a
	Requires= relationship guarantees that will happen.

2016-09-06  Andrea Bolognani  <abologna@redhat.com>

	libvirt-guests.service: Split After= relationship
	We use a separate line for each After= relationship in other
	unit files: do the same here for consistency's sake, and also
	to make future changes nicer to diff

2016-09-06  Andrea Bolognani  <abologna@redhat.com>

	libvirt-guests.service: Improve description
	libvirt-guests.service does both suspend *and* resume guests,
	depending on whether it's being started or stopped: the
	description should reflect this, to avoid confusing messages
	during startup.

	Replace "active" with "running" (to match virsh list's output)
	and don't capitalize libvirt.

2016-09-06  Andrea Bolognani  <abologna@redhat.com>

	virtlogd.socket: Tie lifecycle to libvirtd.service
	We already guarantee that virtlogd.socket is enabled/disabled
	along with libvirtd.service, but if libvirtd.service has just
	been installed and is started before rebooting, then
	virtlogd.socket will not be running and guest startup will
	fail.

	Add Requires=virtlogd.socket to libvirtd.service to make sure
	virtlogd.socket is always started along with libvirtd.service,
	and add Before=libvirtd.service to both virtlogd.socket and
	virtlogd.service so that virtlogd never disappears before
	libvirtd has exited.

	Also add PartOf=libvirtd.service to both virtlogd.socket and
	virtlogd.service, so that virtlogd can be shut down when not
	needed.

	Resolves: https://bugzilla.redhat.com/1372576

2016-09-06  Daniel P. Berrange  <berrange@redhat.com>

	tests: add missing data files for core config

2016-09-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't warn about missing device in DEVICE_DELETED event
	Debug priority is good enough for this.

2016-09-06  Daniel P. Berrange  <berrange@redhat.com>

	qemu: allow turning off QEMU guest RAM dump globally
	We already have the ability to turn off dumping of guest
	RAM via the domain XML. This is not particularly useful
	though, as it is under control of the management application.
	What is needed is a way for the sysadmin to turn off guest
	RAM defaults globally, regardless of whether the mgmt app
	provides its own way to set this in the domain XML.

	So this adds a 'dump_guest_core' option in /etc/libvirt/qemu.conf
	which defaults to false. ie guest RAM will never be included in
	the QEMU core dumps by default. This default is different from
	historical practice, but is considered to be more suitable as
	a default because

	 a) guest RAM can be huge and so inflicts a DOS on the host
	    I/O subsystem when dumping core for QEMU crashes

	 b) guest RAM can contain alot of sensitive data belonging
	    to the VM owner. This should not generally be copied
	    around inside QEMU core dumps submitted to vendors for
	    debugging

	 c) guest RAM contents are rarely useful in diagnosing
	    QEMU crashes

2016-09-06  Daniel P. Berrange  <berrange@redhat.com>

	qemu: add a max_core setting to qemu.conf for core dump size
	Currently the QEMU processes inherit their core dump rlimit
	from libvirtd, which is really suboptimal. This change allows
	their limit to be directly controlled from qemu.conf instead.

2016-09-06  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add json pseudo protocol support for legacy RBD strings
	RBD in qemu still uses only the legacy 'filename' syntax.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1371758

2016-09-06  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Properly set protocol type when parsing gluster json string
	Commit 2ed772cd forgot to set proper protocol. This was also present in
	the test data.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372251

2016-09-06  Roman Mohr  <rmohr@redhat.com>

	docs: Add libvirt-go Go bindings to binding page

2016-09-05  Nishith Shah  <nishithshah.2211@gmail.com>

	virsh: Complete multiple options when any one option requires data
	Before this patch:
	    virsh # start --domain dom1 [TAB][TAB] <- offers filename completion
	    virsh # start --domain [TAB][TAB] <- offers filename completion

	After this patch:
	    virsh # start --domain dom1 [TAB][TAB] <- offers command completion
	    virsh # start --domain [TAB][TAB] <- calls domain completer if
	    defined, otherwise falls back to filename completion

2016-09-05  Nishith Shah  <nishithshah.2211@gmail.com>

	virsh: Allow data or argument options to be completed as well

	virsh: Introduce usage of option completers to auto-complete arguments
	Call option completers if argument completion is requested using the
	corresponding option completer, if it is defined.

2016-09-02  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: add more perf events support
	With current perf framework, this patch adds support and documentation
	for more perf events, including cache misses, cache references, cpu cycles,
	and instructions.

2016-09-02  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: Adjust the perf initialization
	Introduce a static attr table and refactor virPerfEventEnable() for
	general purpose usage.

	This patch creates a static table/matrix that converts the VIR_PERF_EVENT_*
	events into their respective "attr.type" and "attr.config" so that
	virPerfEventEnable doesn't have the switch the calling function passes
	by value the 'type'.

2016-09-02  John Ferlan  <jferlan@redhat.com>

	util: Move virPerfNew and virPerfFree
	Move them to the bottom under the #ifdef code.

	virsh: Rework the perf event names into a table.
	Should be easier to read

	virsh: Add a forward reference to perf command from domstats --perf
	Keep the details in one place...

2016-09-02  Qiaowei Ren  <qiaowei.ren@intel.com>

	util: Add some comment details for virPerfEventType
	Add to some details for the existing enum

	perf: Remove the switch from qemuDomainGetStatsPerf
	Remove the unnecessary switch since all VIR_PERF_EVENT* values are fetched

	perf: rename qemuDomainGetStatsPerfRdt()
	This patch rename qemuDomainGetStatsPerfRdt() to
	qemuDomainGetStatsPerfOneEvent()

2016-09-02  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: Filter cur_balloon ABI check for certain transactions
	Since the domain lock is not held during preparation of an external XML
	config, it is possible that the value can change resulting in unexpected
	failures during ABI consistency checking for some save and migrate
	operations.

	This patch adds a new flag to skip the checking of the cur_balloon value
	and then sets the destination value to the source value to ensure
	subsequent checks without the skip flag will succeed.

	This way it is protected from forges and is keeped up to date too.

2016-09-02  Bob Liu  <bob.liu@oracle.com>

	xmconfigdata: drop tests for multi serial
	xen-xm doesn't support mult serial devices at all, so these tests are
	meaningless.

	xlconfigdata: add tests for multi serial
	Adding tests for domXML <-> xl.cfg conversions containing multiple
	serial devices.

	xenconfig: rm format/parse multi serial for xen-xm
	xen-xm doesn't support multi serial at all, this patch drop the
	domXML <-> xl.cfg conversions.

2016-09-02  Bob Liu  <bob.liu@oracle.com>

	libxl: support serial list
	Add support for multi serial devices, after this patch virsh can be used to
	connect different serial devices of running domains. E.g.
	vish # console <xxx> --devname serial<xxx>

	Note:
	This depends on a xen/libxl bug fix to have libxl_console_get_tty(...) correctly
	returning the tty path (as opposed to always returning the first one).
	[0] https://lists.xen.org/archives/html/xen-devel/2016-08/msg00438.html

2016-09-02  Jim Fehlig  <jfehlig@suse.com>

	virpci: support driver_override sysfs interface
	libvirt uses the new_id PCI sysfs interface to bind a PCI stub driver
	to a PCI device. The new_id interface is known to be buggy and racey,
	hence a more deterministic interface was introduced in the 3.12 kernel:
	driver_override. For more details see

	https://www.redhat.com/archives/libvir-list/2016-June/msg02124.html

	For more details about the driver_override interface and examples of
	its usage, see

	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/pci/pci-driver.c?h=v3.12&id=782a985d7af26db39e86070d28f987cad21313c0

	This patch adds support for the driver_override interface by

	- adding new virPCIDevice{BindTo,UnbindFrom}StubWithOverride functions
	  that use the driver_override interface
	- renames the existing virPCIDevice{BindTo,UnbindFrom}Stub functions
	  to virPCIDevice{BindTo,UnbindFrom}StubWithNewid to perserve existing
	  behavior on new_id interface
	- changes virPCIDevice{BindTo,UnbindFrom}Stub function to call one of
	  the above depending on availability of driver_override

	The patch includes a bit of duplicate code, but allows for easily
	dropping the new_id code once support for older kernels is no
	longer desired.

2016-09-02  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: allow vendor/product addressing for USB hostdevs
	libxl only has API to address the host USB devices by bus/device.
	Find the bus/device if the user only provided the vendor/product
	of the USB device.

	Add virHostdevFindUSBDevice to private symbols
	Finding an USB device from the vendor/device values will be needed
	by libxl driver to convert from vendor/device to bus/dev addresses.

2016-09-02  Xian Han Yu  <xhyubj@linux.vnet.ibm.com>

	conf: Fix initialization value of 'multi' in PCI address
	The 'multi' element in PCI address struct used as 'virTristateSwitch',
	and its default value is 'VIR_TRISTATE_SWITCH_ABSENT'. Current PCI
	process use 'false' to initialization 'multi', which is ambiguously
	for assignment or comparison. This patch use '{0}' to initialize
	the whole PCI address struct, which fix the 'multi' initialization
	and makes code more simplify and explicitly.

2016-09-02  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump to 2.3.0

2016-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-2.2.0
	* docs/news.html.in: update for release
	* po/*po*: regenerate

2016-09-02  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	Make --postcopy flag mandatory with --postcopy-after-precopy
	--postcopy-after-precopy is just an aditional flag for
	postcopy migration.

2016-08-31  Michal Privoznik  <mprivozn@redhat.com>

	tools: Don't list virsh-* under EXTRA_DIST
	When we wanted to break huge and unmaintainable virsh into
	smaller files first thing we did was to just move funcs into
	virsh-.c files and then #include them from virsh. Having it done
	this way we also needed to have them listed under EXTRA_DIST.
	However, things got changed since then and now all the virsh-*.c
	files are proper source files. Therefore they are listed under
	virsh_SOURCES too. But for some reason we forgot to remove them
	from EXTRA_DIST.

2016-08-29  Jim Fehlig  <jfehlig@suse.com>

	libxl: advertise support for migration V3
	The libxl driver has long supported migration V3 but has never
	indicated so in the connectSupportsFeature API. As a result, apps
	such as virt-manager that use the more generic virDomainMigrate API
	fail with

	libvirtError: this function is not supported by the connection driver:
	virDomainMigrate

	Add VIR_DRV_FEATURE_MIGRATION_V3 to the list of features marked as
	supported in the connectSupportsFeature API.

2016-08-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: fix segfault in objecteventtest
	Test 12 from objecteventtest (createXML add event) segaults on FreeBSD
	with bus error.

	At some point it calls testNodeDeviceDestroy() from the test driver. And
	it fails when it tries to unlock the device in the "out:" label of this
	function.

	Unlocking fails because the previous step was a call to
	virNodeDeviceObjRemove from conf/node_device_conf.c. This function
	removes the given device from the device list and cleans up the object,
	including destroying of its mutex. However, it does not nullify the pointer
	that was given to it.

	As a result, we end up in testNodeDeviceDestroy() here:

	 out:
	    if (obj)
	        virNodeDeviceObjUnlock(obj);

	And instead of skipping this, we try to do Unlock and fail because of
	malformed mutex.

	Change virNodeDeviceObjRemove to use double pointer and set pointer to
	NULL.

2016-08-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix disks address allocation
	As bhyve currently doesn't use controller addressing and simply
	uses 1 implicit controller for 1 disk device, the scheme looks the
	following:

	 pci addrees -> (implicit controller) -> disk device

	So in fact we identify disk devices by pci address of implicit
	controller and just pass it this way to bhyve in a form:

	 -s pci_addr,ahci-(cd|hd),/path/to/disk

	Therefore, we cannot use virDeviceInfoPCIAddressWanted() because it
	does not expect that disk devices might need PCI address assignment.

	As a result, if a disk was specified without address, it will not be
	generated and domain will to start.

	Until proper controller addressing is implemented in the bhyve
	driver, force each disk to have PCI address generated if it was not
	specified by user.

2016-08-26  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	Check for --live flag for postcopy-after-precopy migration
	Unlike postcopy migration there is no --live flag check for
	postcopy-after-precopy.

2016-08-26  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Add missing / to closing tag
	The iothread example for virtio-scsi should be
	<driver iothread='4'/> rather than <driver iothread='4'>
	for the XML to be valid.

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix build with picky GCC
	../../src/conf/domain_conf.c:4425:21: error: potential null pointer dereference [-Werror=null-dereference]
	         switch (vcpu->hotpluggable) {
	                 ~~~~^~~~~~~~~~~~~~

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Validate configuration when setting maximum vcpu count
	Setting vcpu count when cpu topology is specified may result into an
	invalid configuration. Since the topology can't be modified, reject the
	setting if it doesn't match the requested topology. This will allow
	fixing the topology in case it was broken.

	Partially fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1370066

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't validate vcpu count in XML parser
	Validating the vcpu count is more intricate and doing it in the XML
	parser will make previously valid configs (with older qemus) vanish.

	Now that we have a very similar check in the qemu domain validation
	callback we can do it in a more appropriate place.

	This basically reverts commit b54de0830a.

	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1370066

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	doc: clarify documentation for vcpu order
	Make it clear that vcpu order is valid for online vcpus only and state
	that it has to be specified for all vcpus or not provided at all.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1370043

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Fix qemuDomainHelperGetVcpus for sparse vcpu topologies
	ce43cca0e refactored the helper to prepare it for sparse topologies but
	forgot to fix the iterator used to fill the structures. This would
	result into a weirdly sparse populated array and possible out of bounds
	access and crash once sparse vcpu topologies were allowed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1369988

2016-08-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: vcpuinfo: Report vcpu number from the structure rather than it's position
	virVcpuInfo contains the vcpu number that the data refers to. Report
	what's returned by the daemon rather than the sequence number as with
	sparse vcpu topologies they won't match.

2016-08-26  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: getting bus type for containers
	We should query bus type for containers too, like for VM.
	In openstack we add volume disk like SCSI, so we can't
	hardcode SATA bus.

2016-08-26  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: update domain cache after device updates

2016-08-26  Olga Krishtal  <okrishtal@virtuozzo.com>

	vz: fixed race in vzDomainAttach/DettachDevice
	While dettaching/attaching device in OpenStack, nova
	calls vzDomainDettachDevice twice, because the update of the internal
	configuration of the ct comes a bit latter than the update event.
	As the result, we suffer from the second call to dettach the same device.

2016-08-26  Pavel Glushchak  <pglushchak@virtuozzo.com>

	vz: added VIR_MIGRATE_PARAM_BANDWIDTH param handling
	libvirt-python passes parameter bandwidth = 0
	by default. This means that bandwidth is unlimited.
	VZ driver doesn't support bandwidth rate limiting,
	but we still need to handle it and fail if bandwidth > 0.

	vz: implicitly support additional migration flags
	* Added VIR_MIGRATE_LIVE, VIR_MIGRATE_UNDEFINE_SOURCE and
	  VIR_MIGRATE_PERSIST_DEST to supported migration flags

2016-08-26  Laine Stump  <laine@laine.org>

	qemu: set tap device online for type='ethernet'
	When support for auto-creating tap devices was added to <interface
	type='ethernet'> in commit 9c17d6, the code assumed that
	virNetDevTapCreate() would honor the VIR_NETDEV_TAP__CREATE_IFUP flag
	that is supported by virNetDevTapCreateInBridgePort(). That isn't the
	case - the latter function performs several operations, and one of
	them is setting the tap device online. But virNetDevTapCreate() *only*
	creates the tap device, and relies on the caller to do everything
	else, so qemuInterfaceEthernetConnect() needs to call
	virNetDevSetOnline() after the device is successfully created.

2016-08-26  Laine Stump  <laine@laine.org>

	qemu: remove unnecessary setting of tap device online state
	The linkstate setting of an <interface> is only meant to change the
	online status reported to the guest system by the emulated network
	device driver in qemu, but when support for auto-creating tap devices
	for <interface type='ethernet'> was added in commit 9717d6, a chunk of
	code was also added to qemuDomainChangeNetLinkState() that sets the
	online status of the tap device (i.e. the *host* side of the
	interface) for type='ethernet'. This was never done for tap devices
	used in type='bridge' or type='network' interfaces, nor was it done in
	the past for tap devices created by external scripts for
	type='ethernet', so we shouldn't be doing it now.

	This patch removes the bit of code in qemuDomainChangeNetLinkState()
	that modifies online status of the tap device.

2016-08-26  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	qemu: fix ethernet network type ip/route assign
	The call to virNetDevIPInfoAddToDev() that sets up tap device IP
	addresses and routes was somehow incorrectly placed in
	qemuInterfaceStopDevice() instead of qemuInterfaceStartDevice() in
	commit fe8567f6.  This fixes that error by moving the call to
	virNetDevIPInfoAddToDev() to qemuInterfaceStartDevice().

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Add support for VCPU unplug
	This patch removes the old vcpu unplug code completely and replaces it
	with the new code using device_del. The old hotplug code basically never
	worked with any recent qemu and thus is useless.

	As the new code is using device_del all the implications of using it
	are present. Contrary to the device deletion code, the vcpu deletion
	code fails if the unplug request is not executed in time.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Allow marking unplugged devices by alias
	Add a overlay function that takes the alias directly rather than
	extracting it from a device info.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use modern vcpu hotplug approach if possible
	To allow unplugging the vcpus, hotplugging of vcpus on platforms which
	require to plug multiple logical vcpus at once or plugging them in an
	arbitrary order it's necessary to use the new device_add interface for
	vcpu hotplug.

	This patch adds support for the device_add interface using the old
	setvcpus API by implementing an algorithm to select the appropriate
	entities to plug in.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Add support for sparse vcpu topologies
	Add support for using the new approach to hotplug vcpus using device_add
	during startup of qemu to allow sparse vcpu topologies.

	There are a few limitations imposed by qemu on the supported
	configuration:
	- vcpu0 needs to be always present and not hotpluggable
	- non-hotpluggable cpus need to be ordered at the beginning
	- order of the vcpus needs to be unique for every single hotpluggable
	  entity

	Qemu also doesn't really allow to query the information necessary to
	start a VM with the vcpus directly on the commandline. Fortunately they
	can be hotplugged during startup.

	The new hotplug code uses the following approach:
	- non-hotpluggable vcpus are counted and put to the -smp option
	- qemu is started
	- qemu is queried for the necessary information
	- the configuration is checked
	- the hotpluggable vcpus are hotplugged
	- vcpus are started

	This patch adds a lot of checking code and enables the support to
	specify the individual vcpu element with qemu.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Copy final vcpu order information into the vcpu definition
	The vcpu order information is extracted only for hotpluggable entities,
	while vcpu definitions belonging to the same hotpluggable entity need
	to all share the order information.

	We also can't overwrite it right away in the vcpu info detection code as
	the order is necessary to add the hotpluggable vcpus enabled on boot in
	the correct order.

	The helper will store the order information in places where we are
	certain that it's necessary.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Add helper to convert vcpu definition to JSON props
	For use on the monitor we need to format certain parts of the vcpu
	private definition into a JSON object. Add a helper.

	qemu: migration: Prepare for non-contiguous vcpu configurations
	Introduce a new migration cookie flag that will be used for any
	configurations that are not compatible with libvirt that would not
	support the specific vcpu hotplug approach. This will make sure that old
	libvirt does not fail to reproduce the configuration correctly.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	conf: Add XML for individual vCPU hotplug
	Individual vCPU hotplug requires us to track the state of any vCPU. To
	allow this add the following XML:

	<domain>
	  ...
	  <vcpu current='2'>3</vcpu>
	  <vcpus>
	    <vcpu id='0' enabled='yes' hotpluggable='no' order='1'/>
	    <vcpu id='1' enabled='yes' hotpluggable='yes' order='2'/>
	    <vcpu id='1' enabled='no' hotpluggable='yes'/>
	  </vcpus>
	  ...

	The 'enabled' attribute allows to control the state of the vcpu.
	'hotpluggable' controls whether given vcpu can be hotplugged and 'order'
	allows to specify the order to add the vcpus.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	util: Extract and rename qemuDomainDelCgroupForThread to virCgroupDelThread

	qemu: domain: Prepare for VCPUs vanishing while libvirt is not running
	Similarly to devices the guest may allow unplug of the VCPU if libvirt
	is down. To avoid problems, refresh the vcpu state on reconnect. Don't
	mess with the vcpu state otherwise.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Extract cpu-hotplug related data
	Now that the monitor code gathers all the data we can extract it to
	relevant places either in the definition or the private data of a vcpu.

	As only thread id is broken for TCG guests we may extract the rest of
	the data and just skip assigning of the thread id. In case where qemu
	would allow cpu hotplug in TCG mode this will make it work eventually.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	tests: cpu-hotplug: Add data for ppc64 without threads enabled
	The reported data is unusual so add it to the test suite.

	tests: cpu-hotplug: Add data for ppc64 out-of-order hotplug
	Test the algorithm that extracts the order in which the vcpu entries
	were plugged in on a sample of data created by plugging in vcpus
	arbitrarily.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	tests: cpu-hotplug: Add data for ppc64 platform including hotplug
	Power 8 platform's basic hotpluggable unit is a core rather than a
	thread for x86_64 family. This introduces most of the complexity of the
	matching code and thus needs to be tested.

	The test data contain data captured from in-order cpu hotplug and
	unplug operations.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	tests: cpu-hotplug: Add data for x86 hotplug with 11+ vcpus
	During review it was reported that adding at least 11 vcpus creates a
	collision of prefixes in the monitor matching algorithm. Add a test case
	to verify that the problem won't happen.

	tests: Add test infrastructure for qemuMonitorGetCPUInfo
	As the combination algorithm is rather complex and ugly it's necessary
	to make sure it works properly. Add test suite infrastructure for
	testing it along with a basic test based on x86_64 platform.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add algorithm for combining query-(hotpluggable-)-cpus data
	For hotplug purposes it's necessary to retrieve data using
	query-hotpluggable-cpus while the old query-cpus API report thread IDs
	and order of hotplug.

	This patch adds code that merges the data using a rather non-trivial
	algorithm and fills the data to the qemuMonitorCPUInfo structure for
	adding to appropriate place in the domain definition.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add support for calling query-hotpluggable-cpus
	Add support for retrieving information regarding hotpluggable cpu units
	supported by qemu. Data returned by the command carries information
	needed to figure out the granularity of hotplug, the necessary cpu type
	name and the topology information.

	Note that qemu doesn't specify any particular order of the entries thus
	it's necessary sort them by socket_id, core_id and thread_id to the
	order libvirt expects.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract QOM path from query-cpus reply
	To allow matching up the data returned by query-cpus to entries in the
	query-hotpluggable-cpus reply for CPU hotplug it's necessary to extract
	the QOM path as it's the only link between the two.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: capabilities: Extract availability of new cpu hotplug for machine types
	QEMU reports whether 'query-hotpluggable-cpus' is supported for a given
	machine type. Extract and cache the information using the capability
	cache.

	When copying the capabilities for a new start of qemu, mask out the
	presence of QEMU_CAPS_QUERY_HOTPLUGGABLE_CPUS if the machine type
	doesn't support hotpluggable cpus.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid config when topology based cpu count doesn't match the config
	As of qemu commit:
	commit a32ef3bfc12c8d0588f43f74dcc5280885bbdb30
	Author: Thomas Huth <thuth@redhat.com>
	Date:   Wed Jul 22 15:59:50 2015 +0200

	    vl: Add another sanity check to smp_parse() function

	v2.4.0-952-ga32ef3b

	configuration where the maximum CPU count doesn't match the topology is
	rejected. Prior to that only configurations where the topology would
	contain more cpus than the maximum count would be rejected.

	Use QEMU_CAPS_QUERY_HOTPLUGGABLE_CPUS as a relevant recent enough
	witness to avoid breaking old configs.

2016-08-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add capability for query-hotpluggable-cpus command

	qemu: monitor: Return struct from qemuMonitor(Text|Json)QueryCPUs
	Prepare to extract more data by returning an array of structs rather than
	just an array of thread ids. Additionally report fatal errors separately
	from qemu not being able to produce data.

	qemu: monitor: Return structures from qemuMonitorGetCPUInfo
	The function will gradually add more returned data. Return a struct for
	every vCPU containing the data.

2016-08-24  Chen Hanxiao  <chenhanxiao@gmail.com>

	storage_backend_rbd: fix typos
	s/failed/failed to

2016-08-24  Pino Toscano  <ptoscano@redhat.com>

	virsh: use vshError consistently after virBufferError checks
	If virBufferError() reports an error, then vshError() is needed to
	report the error situation instead of a simple vshError().

	virsh: avoid i18n puzzle
	Use the full versions of the message, instead of composing a base
	message with what was updated; the change makes the messages properly
	translatable, since different parts of a sentence might need different
	declensions for example.

2016-08-24  Pino Toscano  <ptoscano@redhat.com>

	virsh: respect -q/--quiet more
	Turn various vshPrint() informative messages into vshPrintExtra(), so
	they are not printed when requesting the quiet mode; neither XML/info
	outputs nor the results of commands are affected.
	Also change the expected outputs of the virsh-undefine test, since virsh
	is invoked in quiet mode there.

	Some informative messages might still be converted (and thus silenced
	when in quiet mode), but this is an improvements nonetheless.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358179

2016-08-23  Peter Krempa  <pkrempa@redhat.com>

	Fix remote_protocol-structs after recent commit
	Commit 0adc9d26ae0cfbb4aa227e89424f3d48bb977da0 broke the build since
	remote_protocol-structs was not updated.

2016-08-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add ACL checks to API calls
	  vzDomainMigrateConfirm3Params is whitelisted. Otherwise we need to
	move removing domain from domain list from perform to confirm
	step. This would further imply adding a flag and check that migration
	is in progress to prohibit mistakenly (maliciously) removing domains
	on confirm step. vz version of p2p also need to be fixed to include confirm step.
	One would also need to add means to cleanup pending migration
	on client disconnect as now is has state across several API
	calls.

	  On the other hand current version of confirm step is totaly
	harmless thus it is easier to whitelist it at the moment.

2016-08-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	remote: rename protocol names for close callbacks
	This way we make naming consistent to API calls and make subsequent
	ACL checks possible (otherwise ACL check would discover name
	discrepancies).

	vz: prepare migration for ACL checks
	  ACL check on perform step should be in API call itself to make ACL
	checking script pass. Thus we need to reorganize code to obtain
	domain object in perform API itself. Most of this is straight
	forward, the only nuance is dropping locks on lengthy remote
	operations.
	  The other motivation is to have only perform step ACL checks for
	p2p migration instead of both begin in perform if we can leave
	ACL check in vzDomainMigratePerformStep.

	vz: expand setting memory API calls
	We need it to prepare the calls for ACL checks otherwise ACL checking
	script will fail.

	vz: add missing flagged versions of API functions

	vz: factor out converting block stats to params
	This action deserves its own function and makes main API call
	structure much cleaner.

	vz: factor out block stats impl
	Now we can use intended ACL check for both API calls.

	vz: implement plain create API thru createFlags instead of visa versa

2016-08-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: expand start/stop/... APIs for ACL checks
	  The original motivation is to expand API calls like start/stop etc so that
	the ACL checks could be added. But this patch has its own befenits.

	1. functions like prlsdkStart/Stop use common routine to wait for
	job without domain lock. They become more self contained and do
	not return intermediate PRL_RESULT.

	2. vzDomainManagedSave do not update cache twice.

2016-08-22  John Ferlan  <jferlan@redhat.com>

	network: Need to free formatted addr in networkDnsmasqConfContents
	Commit id '0b6336c2' formatted the 'addr', but didn't VIR_FREE it.

	Found by Coverity.

2016-08-22  JieWang  <wangjie88@huawei.com>

	remove the dead code this patch is to remove the dead code Signed-off-by: JieWang <wangjie88@huawei.com>

2016-08-20  John Ferlan  <jferlan@redhat.com>

	qemu: Fix crash hot plugging luks volume
	https://bugzilla.redhat.com/show_bug.cgi?id=1367259

	Crash occurs because 'secrets' is being dereferenced in call:

	        if (qemuDomainSecretSetup(conn, priv, secinfo, disk->info.alias,
	                                  VIR_SECRET_USAGE_TYPE_VOLUME, NULL,
	                                  &src->encryption->secrets[0]->seclookupdef,
	                                  true) < 0)

	(gdb) p *src->encryption
	$1 = {format = 2, nsecrets = 0, secrets = 0x0, encinfo = {cipher_size = 0,
	    cipher_name = 0x0, cipher_mode = 0x0, cipher_hash = 0x0, ivgen_name = 0x0,
	    ivgen_hash = 0x0}}
	(gdb) bt
	    priv=priv@entry=0x7fffc03be160, disk=disk@entry=0x7fffb4002ae0)
	    at qemu/qemu_domain.c:1087
	    disk=0x7fffb4002ae0, vm=0x7fffc03a2580, driver=0x7fffc02ca390,
	    conn=0x7fffb00009a0) at qemu/qemu_hotplug.c:355

	Upon entry to qemuDomainAttachVirtioDiskDevice, src->encryption points
	at a valid 'secret' buffer w/ nsecrets == 1; however, the call to
	qemuDomainDetermineDiskChain will call virStorageFileGetMetadata
	and eventually virStorageFileGetMetadataInternal where the src->encryption
	was overwritten when probing the volume.

	Commit id 'a48c7141' added code to virStorageFileGetMetadataInternal
	to determine if the disk/volume would use/need encryption and allocated
	a meta->encryption. This overwrote an existing encryption buffer
	already provided by the XML

	This patch adds a check for meta->encryption already present before
	just allocating and overwriting an existing buffer. It then checks the
	existing encryption data to ensure the XML provided format for the
	disk matches the expected format read from the disk and errors if there
	is a mismatch.

2016-08-20  Laine Stump  <laine@laine.org>

	network: allow limiting a <forwarder> element to certain domains
	For some unknown reason the original implementation of the <forwarder>
	element only took advantage of part of the functionality in the
	dnsmasq feature it exposes - it allowed specifying the ip address of a
	DNS server which *all* DNS requests would be forwarded to, like this:

	   <forwarder addr='192.168.123.25'/>

	This is a frontend for dnsmasq's "server" option, which also allows
	you to specify a domain that must be matched in order for a request to
	be forwarded to a particular server. This patch adds support for
	specifying the domain. For example:

	   <forwarder domain='example.com' addr='192.168.1.1'/>
	   <forwarder domain='www.example.com'/>
	   <forwarder domain='travesty.org' addr='10.0.0.1'/>

	would forward requests for bob.example.com, ftp.example.com and
	joe.corp.example.com all to the DNS server at 192.168.1.1, but would
	forward requests for travesty.org and www.travesty.org to
	10.0.0.1. And due to the second line, requests for www.example.com,
	and odd.www.example.com would be resolved by the libvirt network's own
	DNS server (i.e. thery wouldn't be immediately forwarded) even though
	they also match 'example.com' - the match is given to the entry with
	the longest matching domain. DNS requests not matching any of the
	entries would be resolved by the libvirt network's own DNS server.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1331796

2016-08-20  Laine Stump  <laine@laine.org>

	network: allow disabling dnsmasq's DNS server
	If you define a libvirt virtual network with one or more IP addresses,
	it starts up an instance of dnsmasq. It's always been possible to
	avoid dnsmasq's dhcp server (simply don't include a <dhcp> element),
	but until now it wasn't possible to avoid having the DNS server
	listening; even if the network has no <dns> element, it is started
	using default settings.

	This patch adds a new attribute to <dns>: enable='yes|no'. For
	backward compatibility, it defaults to 'yes', but if you don't want a
	DNS server created for the network, you can simply add:

	   <dns enable='no'/>

	to the network configuration, and next time the network is started
	there will be no dns server created (if there is dhcp configuration,
	dnsmasq will be started with "port=0" which disables the DNS server;
	if there is no dhcp configuration, dnsmasq won't be started at all).

2016-08-20  Laine Stump  <laine@laine.org>

	network: new network forward mode 'open'
	The new forward mode 'open' is just like mode='route', except that no
	firewall rules are added to assure that any traffic does or doesn't
	pass. It is assumed that either they aren't necessary, or they will be
	setup outside the scope of libvirt.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=846810

2016-08-19  Michal Privoznik  <mprivozn@redhat.com>

	networkxml2conftest: Don't leak dnsmasq capabilities
	==18324== 32 bytes in 1 blocks are still reachable in loss record 41 of 114
	==18324==    at 0x4C2C070: calloc (vg_replace_malloc.c:623)
	==18324==    by 0x4EA479B: virAlloc (viralloc.c:144)
	==18324==    by 0x4EA674A: virBitmapNewQuiet (virbitmap.c:77)
	==18324==    by 0x4EA67F7: virBitmapNew (virbitmap.c:106)
	==18324==    by 0x4EC777D: dnsmasqCapsNewEmpty (virdnsmasq.c:801)
	==18324==    by 0x4EC781B: dnsmasqCapsNewFromBuffer (virdnsmasq.c:815)
	==18324==    by 0x407CF4: mymain (networkxml2conftest.c:99)
	==18324==    by 0x409CF0: virTestMain (testutils.c:982)
	==18324==    by 0x4080EA: main (networkxml2conftest.c:136)

2016-08-18  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: add validation callbacks
	This patch fixes a bug which occurs when we check a bus and unit number
	for a new attached disk. We should do this check in ValidadionCallback,
	not in PostParse callback. Because in PostParse we have not initialized
	disk->info.addr.drive struct yet.
	Move part of code from domainPostParseCallback to domainValidateCallback
	and part from devicesPostParseCallback to deviceValidateCallback.
	PostParse callbacks are for modification data.
	ValidateCallbacks are only for checks.

2016-08-18  Olga Krishtal  <okrishtal@virtuozzo.com>

	vz: fixed race in vzDomainAttach/DettachDevice
	While dettaching/attaching device in OpenStack, nova
	calls vzDomainDettachDevice twice, because the update of the internal
	configuration of the ct comes a bit latter than the update event.
	As the result, we suffer from the second call to dettach the same device.

2016-08-18  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: specify VIR_DOMAIN_NET_TYPE_NETWORK for routed networks
	Somehow we lost this during recent refactoring

	vz: reset errors after ignoring return values
	If we are going to ignore return value of a functions
	that can raise an error, it's not enough to use ignore_value
	construction. We should explicitly call virResetLastError

	vz: don't fail query domain info in case we don't have valid stats handle

	vz: get additional error information from job correctly
	First, make function logPrlEventErrorHelper be void and only
	print information (if any) from an event.
	Second, don't rewrite original error with any errors we get
	during parsing event info.
	Third, ignore PRL_ERR_NO_DATA at all.

2016-08-18  Ján Tomko  <jtomko@redhat.com>

	cfg.mk: join not_streq and not_strneq tests
	The marginally nicer error message is not worth the extra lines in
	cfg.mk.

	Also drop the excludes since there was only one offender in the tests.

2016-08-18  Ján Tomko  <jtomko@redhat.com>

	cfg.mk: drop redundant sc_prohibit_gethostby
	Both gethostbyaddr and gethostbyname* are already checked
	by sc_prohibit_nonreentrant.

	cfg.mk: use subst instead of tr
	GNU make is able to replace characters, no need to call tr.

	tests: fix the return value of test-wrap-argv
	The script was returning success unless it failed on the last file.
	This went unnoticed because sc_prohibit_long_lines forbids lines
	longer than 90 characters in .arg[sv] files.

	maint: update to latest gnulib
	Pick up the new syntax-check speedups.

2016-08-17  Ján Tomko  <jtomko@redhat.com>

	Introduce QEMU_CAPS_VIRTIO_PCI_DISABLE_LEGACY
	Check whether the disable-legacy property is present on the following
	devices:
	  virtio-balloon-pci
	  virtio-blk-pci
	  virtio-scsi-pci
	  virtio-serial-pci
	  virtio-9p-pci
	  virtio-net-pci
	  virtio-rng-pci
	  virtio-gpu-pci
	  virtio-input-host-pci
	  virtio-keyboard-pci
	  virtio-mouse-pci
	  virtio-tablet-pci

	Assuming that if QEMU knows other virtio devices where this property
	is applicable, it will have at least one of these devices.

	Added in QEMU by:
	commit e266d421490e0ae83044bbebb209b2d3650c0ba6
	    virtio-pci: add flags to enable/disable legacy/modern

2016-08-17  John Ferlan  <jferlan@redhat.com>

	qemu: Fix the command line generation for rbd auth using aes secrets
	https://bugzilla.redhat.com/show_bug.cgi?id=1182074

	Since libvirt still uses a legacy qemu arg format to add a disk, the
	manner in which the 'password-secret' argument is passed to qemu needs
	to change to prepend a 'file.' If in the future, usage of the more
	modern disk format, then the prepended 'file.' can be removed.

	Fix based on Jim Fehlig <jfehlig@suse.com> posting and subsequent
	upstream list followups, see:

	http://www.redhat.com/archives/libvir-list/2016-August/msg00777.html

	for details. Introduced by commit id 'a1344f70'.

2016-08-17  Chen Hanxiao  <chenhanxiao@gmail.com>

	qemu_driver: update comments for qemuDomainSaveInternal
	s/libvirt.c/libvirt-domain.c

2016-08-17  John Ferlan  <jferlan@redhat.com>

	conf: Provide error on undefined vcpusched entry
	Modify virDomainDefGetVcpuSched to emit an error message if
	virDomainDefGetVcpu returns NULL meaning the vcpu could not
	be found. Prior to commit id '9cc931f0b' the error message
	would have been issued in virDomainDefGetVcpu.

2016-08-17  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: graphics: setup listen types before ports are reserved/allocated
	The code that setups listen types may change a listen type from address to
	socket based on configuration from qemu.conf.  This needs to be done before we
	reserve/allocate ports that won't be used.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1364843

2016-08-17  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: graphics: reserve port only if listen type is address or network
	Ports are valid only for listen types 'address' and 'network', other listen
	types doesn't use them so we should not try to reserve any ports.

	qemu_process: graphics: extract for loop out of qemuProcessGraphicsReservePorts

	qemu_process: graphics: extract port allocation into function

	qemu_process: graphics: ref driver config only in function where it is used
	Signed-off-by: Pavel Hrdina <phrdina@redhat.com

2016-08-16  Andrea Bolognani  <abologna@redhat.com>

	util: Make virStringArrayHasString() const-correct
	The first argument should be const char ** instead of
	char **, because this is a search function and as such it
	doesn't, and shouldn't, alter the haystack in any way.

	This change means we no longer have to cast arrays of
	immutable strings to arrays of mutable strings; we still
	have to do the opposite, though, but that's reasonable.

2016-08-16  John Ferlan  <jferlan@redhat.com>

	conf: Provide error on undefined iothreadsched entry
	When commit id '6dfb4507' refactored where the iothreadsched data was
	stored, the error message for when the virDomainIOThreadIDFind failed
	to find an iothreadid ("iothreadsched attribute 'iothreads' uses
	undefined iothread ids") was lost. This led to the possibility that
	someone would try to use it, but receive the generic message "An error
	occurred, but the cause is unknown".

	This patch adds the error message back so that someone will know that
	they have an invalid configuration.

2016-08-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Split out regular vcpu hotplug code into a function
	All other modes of qemuDomainSetVcpusFlags have helpers so finish the
	work by splitting the regular code into a new function.

	This patch also touches up the coding (spacing) style.

2016-08-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Extract setting of live vcpu count
	The live code does ugly things. Contain it in a separate function.

	qemu: setvcpus: Extract setting of maximum vcpu count
	Setting of the maximum vcpu count is slightly semantically different
	thus split it into a self-contained func.

2016-08-16  Peter Krempa  <pkrempa@redhat.com>

	utils: storage: Fix JSON field name for uri based storage
	qemu uses 'url' instead of 'uri'. They unfortunately look very similar.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1367260

2016-08-16  Ján Tomko  <jtomko@redhat.com>

	conf: report an error message for non-existing USB hubs
	If any of the devices referenced a USB hub that does not exist,
	defining the domain would either fail with:
	error: An error occurred, but the cause is unknown
	(if only the last hub in the path is missing)
	or crash.

	Return a proper error instead of crashing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1367130

2016-08-16  Ján Tomko  <jtomko@redhat.com>

	conf: free the ports array of a USB hub
	The array needs to be freed too, not just its members.

	https://bugzilla.redhat.com/show_bug.cgi?id=1366097

2016-08-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: setcpus: Report better errors
	Mention whether it was the live or persistent definition which caused an
	error reported and explicitly error out in case when attempting to set
	maximum vcpu count for a live domain.

2016-08-16  Daniel P. Berrange  <berrange@redhat.com>

	lxc: don't try to reference NULL when mounting filesystems
	  <filesystem type='ram' accessmode='passthrough'>
	    <source usage='524288' units='KiB'/>
	    <target dir='/dev/shm'/>
	  </filesystem>

	would lead to lxcContainerMountAllFS calling STRPREFIX
	on a NLL pointer because it failed to check if fs->src->path
	was non-NULL. This is a regression caused by

	  commit da665fbd4858890fbb3bbf5da2a7b6ca37bb3220
	  Author: Olga Krishtal <okrishtal@virtuozzo.com>
	  Date:   Thu Jul 14 16:52:38 2016 +0300

	    filesystem: adds possibility to use storage pool as fs source

	    Signed-off-by: Olga Krishtal <okrishtal@virtuozzo.com>

2016-08-16  Daniel P. Berrange  <berrange@redhat.com>

	lxc: don't try to resolve a NULL path for filesystems
	  <filesystem type='ram' accessmode='passthrough'>
	    <source usage='524288' units='KiB'/>
	    <target dir='/dev/shm'/>
	  </filesystem>

	would lead to lxcContainerResolveSymlinks calling
	access(NULL) because it failed to check if fs->src->path
	was non-NULL. This is a regression caused by

	  commit da665fbd4858890fbb3bbf5da2a7b6ca37bb3220
	  Author: Olga Krishtal <okrishtal@virtuozzo.com>
	  Date:   Thu Jul 14 16:52:38 2016 +0300

	    filesystem: adds possibility to use storage pool as fs source

	    Signed-off-by: Olga Krishtal <okrishtal@virtuozzo.com>

2016-08-16  Michal Privoznik  <mprivozn@redhat.com>

	libxl_driver: Indent LIBXL_VBD_SECTOR_SIZE macro correctly
	Because of change in caaa1bd357a99ad this macro is no under
	#ifdef block. That means it needs to be re-intended correctly.

2016-08-16  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: fix domaincapstest linking for libxl
	Commit 11567cf added some libxl tests into domaincapstest and
	added libvirt_driver_libxl_impl.la to domaincapstest_LDADD.

	This causes link fail on systems without GNU regex implementation:

	gmake[2]: Entering directory '/usr/home/novel/code/libvirt/tests'
	  CCLD     domaincapstest
	  ../src/.libs/libvirt_driver_libxl_impl.a(libvirt_driver_libxl_impl_la-libxl_capabilities.o):
	  In function `libxlMakeCapabilities':
	  libxl/libxl_capabilities.c:(.text+0x6b2): undefined reference to
	  `rpl_regcomp'
	  libxl/libxl_capabilities.c:(.text+0x6d0): undefined reference to
	  `rpl_regerror'
	  libxl/libxl_capabilities.c:(.text+0x803): undefined reference to
	  `rpl_regexec'
	  libxl/libxl_capabilities.c:(.text+0xa58): undefined reference to
	  `rpl_regfree'
	  clang-3.8: error: linker command failed with exit code 1 (use -v to
	  see invocation)

	This happens because on these system it tries to use gnulib's builtin
	regex implementation, but doesn't link to gnulib.

	Fix by adding $(GNULIB_LIBS) along with libvirt_driver_libxl_impl.la to
	domaincapstest_LDADD.

2016-08-16  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	libxl: fix unused functions
	Commit eee7bd4e introduced two functions: libxlDiskPathToID and
	libxlDiskSectorSize.

	However, as they're used only by code under #ifdef __linux__,
	on non-Linux platforms it results in errors similar to this:

	 CC       libxl/libvirt_driver_libxl_impl_la-libxl_driver.lo
	libxl/libxl_driver.c:5263:1: error: unused function 'libxlDiskPathToID' [-Werror,-Wunused-function]
	libxlDiskPathToID(const char *virtpath)
	^
	libxl/libxl_driver.c:5312:1: error: unused function 'libxlDiskSectorSize' [-Werror,-Wunused-function]
	libxlDiskSectorSize(int domid, int devno)
	^
	2 errors generated.

	Fix that by moving these functions under the #ifdef __linux__ block.

2016-08-15  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	Introduce node device update event as top level event
	This event is emitted when a nodedev XML definition is updated,
	like when cdrom media is changed in a cdrom block device.

	Also includes node device update event implementation for udev
	backend, virsh nodedev-event support, and event-test support

2016-08-15  John Ferlan  <jferlan@redhat.com>

	virsh: Fix core for cmdSecretGetValue
	https://bugzilla.redhat.com/show_bug.cgi?id=1366611

	When commit id 'cb2e3e50' reworked the cmdSecretGetValue call to use
	VIR_DISPOSE_STRING for base64, it neglected to initialize the base64
	value to NULL since the cleanup: label could be reached prior to the
	base64 value being set or not.  This resulted in a core dump, adding
	the initialization will avoid the issue.

2016-08-15  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: don't modify heads for graphics device
	Setting heads to 0 in case that *max_outputs* is not supported while building
	command line doesn't have any real effect.  It only removes *heads* attribute
	from live XML, but after restarting libvirt the default value is restored.

2016-08-15  Michal Privoznik  <mprivozn@redhat.com>

	virschematest: Make sure that validator is initialized
	It may happen that a developer wants to run just a specific
	subset of tests:

	tests $ VIR_TEST_RANGE=22 ../run ./virschematest

	This now fails miserably:

	    ==6840== Invalid read of size 8
	    ==6840==    at 0x4F397C0: virXMLValidatorValidate (virxml.c:1216)
	    ==6840==    by 0x402B72: testSchemaFile (virschematest.c:53)
	    ==6840==    by 0x403737: virTestRun (testutils.c:180)
	    ==6840==    by 0x402CF5: testSchemaDir (virschematest.c:98)
	    ==6840==    by 0x402EB1: testSchemaDirs (virschematest.c:131)
	    ==6840==    by 0x40314D: mymain (virschematest.c:194)
	    ==6840==    by 0x4051AF: virTestMain (testutils.c:982)
	    ==6840==    by 0x4035A9: main (virschematest.c:217)
	    ==6840==  Address 0x10 is not stack'd, malloc'd or (recently) free'd

	Problem is, we are trying to do two types of tests here: validate
	RNG schema itself, and validate XML files against RNG schemas.
	And the latter tries to re-use a resource allocated in the
	former. Therefore if the former is skipped (due to
	VIR_TEST_RANGE) we have to allocate the resource manually.

2016-08-13  Jim Fehlig  <jfehlig@suse.com>

	cpu_x86: fix libvirtd crash when host cpu vendor is not available
	When starting a guest and copying host vendor cpuid to the guest
	cpu, libvirtd would crash if the host cpu contained a NULL vendor
	field. Avoid the crash by checking for a valid vendor in the host
	cpu before copying the cpuid to the guest cpu.

	For completeness, here is a backtrace from the crash

	(gdb) bt
	f0  0x00007ffff739bf33 in x86DataCpuid (cpuid=0x8, cpuid=0x8,
	    data=data@entry=0x7fffb800ee78) at cpu/cpu_x86.c:287
	f1  virCPUx86DataAddCPUID (data=data@entry=0x7fffb800ee78, cpuid=0x8)
	    at cpu/cpu_x86.c:355
	f2  0x00007ffff739ef47 in x86Compute (host=<optimized out>, cpu=0x7fffb8000cc0,
	    guest=0x7fffecca7348, message=<optimized out>) at cpu/cpu_x86.c:1580
	f3  0x00007fffd2b38e53 in qemuBuildCpuModelArgStr (migrating=false,
	    hasHwVirt=<synthetic pointer>, qemuCaps=0x7fffb8001040, buf=0x7fffecca7360,
	    def=0x7fffc400ce20, driver=0x1c) at qemu/qemu_command.c:6283
	f4  qemuBuildCpuCommandLine (cmd=cmd@entry=0x7fffb8002f60,
	    driver=driver@entry=0x7fffc80882c0, def=def@entry=0x7fffc400ce20,
	    qemuCaps=qemuCaps@entry=0x7fffb8001040, migrating=<optimized out>)
	    at qemu/qemu_command.c:6445
	(gdb) f2
	(gdb) p *host_model
	$23 = {name = 0x7fffb800ec50 "qemu64", vendor = 0x0, signature = 0, data = {
	    len = 2, data = 0x7fffb800e720}}

2016-08-12  Andrea Bolognani  <abologna@redhat.com>

	qemu: command: Simplify USB controller model selection
	Since we now pick the default USB controller model when parsing
	the guest XML, we can get rid of some duplicated code so that
	the default model selection happens in one place only.

	Add some comments as well.

2016-08-12  Andrea Bolognani  <abologna@redhat.com>

	qemu: domain: Drop piix3-ohci controller for migration
	Now that the default USB controller model is explicit rather
	than implicit for i440fx machines, we have to tweak the
	conditions for dropping it in order to keep migration towards
	libvirt <= 0.9.4 working.

2016-08-12  Andrea Bolognani  <abologna@redhat.com>

	qemu: domain: Reflect USB controller model in guest XML
	When the user doesn't specify any model for a USB controller,
	we use an architecture-dependent default, but we don't reflect
	it in the guest XML.

	Pick the default USB controller model when parsing the guest
	XML instead of when creating the QEMU command line, so that
	our choice is saved back to disk.

2016-08-12  Michal Privoznik  <mprivozn@redhat.com>

	virschematest: Initialize @data
	==8630== Invalid read of size 8
	==8630==    at 0x4EA4F0F: virFree (viralloc.c:582)
	==8630==    by 0x4F398F0: virXMLValidatorFree (virxml.c:1257)
	==8630==    by 0x40305C: mymain (virschematest.c:191)
	==8630==    by 0x405159: virTestMain (testutils.c:982)
	==8630==    by 0x403553: main (virschematest.c:215)
	==8630==  Address 0xcd72243 is 131 bytes inside a block of size 177 free'd
	==8630==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
	==8630==    by 0x4EA4F19: virFree (viralloc.c:582)
	==8630==    by 0x4ED0973: virFindFileInPath (virfile.c:1646)
	==8630==    by 0x405149: virTestMain (testutils.c:980)
	==8630==    by 0x403553: main (virschematest.c:215)

2016-08-12  Michal Privoznik  <mprivozn@redhat.com>

	schema: Don't validate paths
	https://bugzilla.redhat.com/show_bug.cgi?id=1353296

	On UNIX like systems there are no constraints on what characters
	can be in file/dir names (except for NULL, obviously). Moreover,
	some values that we think of as paths (e.g. disk source) are not
	necessarily paths at all. For instance, some hypervisors take
	that as an arbitrary identifier and corresponding file is then
	looked up by hypervisor in its table. Instead of trying to fix
	our regular expressions (and forgetting to include yet another
	character there), lets drop the validation completely.

2016-08-10  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevMacVLanCreateWithVPortProfile: Drop @ret
	Usually, this variable is used to hold the return value for a
	function of ours. Well, this is not the case. Its use does not
	match our pattern and therefore it is very misleading. Drop it
	and define an alternative @rc variable, but only in that single
	block where it is needed.

	virNetDevMacVLanCreateWithVPortProfile: Drop @rc
	This variable is very misleading. We use VIR_FORCE_CLOSE to set
	it to -1 and returning it even though it does not refer to a FD
	at all. It merely holds 0 or -1. Drop it completely. Also, at the
	same time some corner cases are fixed too.

2016-08-10  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevMacVLanCreateWithVPortProfile: Don't mask virNetDevMacVLanTapOpen error
	https://bugzilla.redhat.com/show_bug.cgi?id=1240439

	In this function we create a macvtap device and open its tap
	device. Possibly multiple times. Now the thing is, if opening the
	tap device fails, that is virNetDevMacVLanTapOpen() returns a
	negative value, we unroll all the changes BUT return 0 fooling
	caller into thinking everything went okay.

2016-08-10  Cole Robinson  <crobinso@redhat.com>

	qemu: fix qemu.conf security_driver
	Since a9331394 (first release v2.1.0), specifying a manual
	security_driver setting in qemu.conf causes the daemon to fail to
	start, erroring with 'Duplicate security driver X'.

	The duplicate checking was incorrectly comparing every entry
	against itself, guaranteeing a false positive.

	https://bugzilla.redhat.com/show_bug.cgi?id=1365607

2016-08-10  Laine Stump  <laine@laine.org>

	conf: restrict expander buses to connect only to a root bus
	More misunderstanding/mistaken assumptions on my part - I had thought
	that a pci-expander-bus could be plugged into any legacy PCI slot, and
	that pcie-expander-bus could be plugged into any PCIe slot. This isn't
	correct - they can both be plugged ontly into their respective root
	buses. This patch adds that restriction.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358712

2016-08-10  Laine Stump  <laine@laine.org>

	conf: restrict where dmi-to-pci-bridge can be connected
	libvirt had allowed a dmi-to-pci-bridge to be plugged in anywhere a
	normal PCIe endpoint can be connected, but this is wrong - it will
	only work if it's plugged into pcie-root (the PCIe root complex) or a
	pcie-expander-bus (the qemu device pxb-pcie). This patch adjusts the
	connection flags accordingly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363648

2016-08-10  Laine Stump  <laine@laine.org>

	conf: don't allow connecting upstream-port directly to pce-expander-bus
	I apparently misunderstood Marcel's description of what could and
	couldn't be plugged into qemu's pxb-pcie controller (known as
	pcie-expander-bus in libvirt) - I specifically allowed directly
	connecting a pcie-switch-upstream-port, and it turns out that causes
	the guest kernel to crash.

	This patch forbids such a connection, and updates the xml docs
	appropriately.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1361172

2016-08-10  Laine Stump  <laine@laine.org>

	conf: improve error log when PCI devices don't match requested controller
	The virDomainPCIAddressFlagsCompatible() error logs report that a
	device required a controller that accepted standard PCI endpoint
	devices, or PCI Express endpoint devices, and if hotplug was required
	by the configuration but not provided by the selected controller. But
	the wording of the error messages was apparently confusing (according
	to the bugzilla report referenced below). On top of that, if the
	device was something other than an endpoint device (e.g. a
	pcie-switch-downstream-port) the error message was a complete punt -
	it would just say that the flags were incorrect.

	This patch makes the messages for PCI/PCIe endpoint and hotplug
	requirements more clear, and also specifically indicates what was the
	device type when it is other than an endpoint device.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363627

2016-08-10  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Fix the error when an invalid URI has been provided
	After commit 9d479dd1 fiddled with the cmdConnect's output which used to be a
	bit more verbose prior to the mentioned commit, the program flow would result
	in a quite confusing error if an invalid URI has been provided:

	    error: Failed to connect to the admin server
	    Connected to the admin server
	    error: <some error>

	The problem is that the commit mentioned above relied on the fact that
	connect routine always succeeds which is not true.

2016-08-10  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Fix host-model CPUs on hosts with CMT
	Since the introduction of CMT features (commit v1.3.5-461-gf294b83)
	starting a domain with host-model CPU on a host which supports CMT fails
	because QEMU complains about unknown 'cmt' feature:

	    qemu-system-x86_64: CPU feature cmt not found

	https://bugzilla.redhat.com/show_bug.cgi?id=1355857

2016-08-10  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add a test for host-model CPU with CMT feature
	The generated command line wouldn't work since QEMU doesn't know what
	'cmt' is. The following patch will fix this issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=1355857

2016-08-10  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Properly drop non-migratable features
	By removing a non-migratable feature in a for loop we would fail to drop
	every second non-migratable feature if the features array contained
	several of them in a row.

	cpu_x86: Introduce x86FeatureIsMigratable

2016-08-10  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh: clarify snapshot --live
	In libvirt, snapshot means disk snapshot.
	snapshot --live is more like VM checkpoint.
	Make it clear in virsh.pod.

2016-08-09  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	virsh: Introduce nodedev-event command
	Add nodedev-event support for node device lifecycle events

2016-08-09  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Properly fix the default session daemon URI to admin server
	Commit 30ce2f0e tried to fix the issue with an incorrect session URI to admin
	server but it messed up the checks:

	    if (geteuid == 0 && VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
	        return -1;
	    else if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
	        return -1;

	So if a client executed with root privileges tries to connect, its euid is
	checked (true) and the correct URI is successfully copied to @uristr (false),
	therefore the 'else' branch is taken and @uristr is replaced by the session URI
	which for root results in:
	    Failed to connect socket to '/root/.cache/libvirt/libvirt-admin-sock':
	    No such file or directory

2016-08-09  Erik Skultety  <eskultet@redhat.com>

	admin: Fix the default uri for session daemon to libvirtd:///session
	Just like we decide on which URI we go with based on EUID for qemu in remote
	driver, do a similar thing for admin except we do not spawn a daemon in this
	case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356858

2016-08-08  Michal Privoznik  <mprivozn@redhat.com>

	docs: Distribute subsite.xsl
	So, I've ran into very interesting problem lately. When doing the
	following, I've encountered an error:

	  libvirt.git $ make dist && tar -xJf libvirt-2.2.0.tar.xz && \
	                cd libvirt-2.2.0 && ./configure && \
	                rm docs/formatdomain.html && make -C docs

	  make: Entering directory 'docs'
	  make: *** No rule to make target 'formatdomain.html', needed by 'web'.  Stop.
	  make: Leaving directory 'docs'

	I had no idea what was going on, so I've nailed down the commit
	that "broke it" via running git-bisect. It was this one:
	7659bd9221b9dd1cdf. But that shed no more light until I realized
	that the commit might actually just exposed a problem we had. And
	guess what - I've nailed it down. Of course we are not
	distributing subsite.xsl that's why make prints error message.
	Very misleading one I must say.

2016-08-08  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	virsystemd: Fix error check
	Commit b3e4401dc620 introduced a check to ignore an error if the guest
	is already terminated. However the check accidentally compared
	error.code with VIR_ERR_ERROR, which is an error level, not an error
	code. Because of this, almost every error got silently ignored.

	Fixes: b3e4401dc620 ("systemd: don't report an error if the guest is
	already terminated")

	Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-08-08  Kai Kang  <kai.kang@windriver.com>

	nsslinktest: also build virAtomic.h
	When build for architecture that don't use gcc atomic ops but pthread,
	it fails to build for armel:

	| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virClassNew':
	| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:153: undefined reference to `virAtomicLock'
	| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectNew':
	| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:205: undefined reference to `virAtomicLock'
	| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectUnref':
	| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:277: undefined reference to `virAtomicLock'
	| ../tools/nss/.libs/libnss_libvirt_impl.a(libvirt_nss_la-virobject.o): In function `virObjectRef':
	| /buildarea2/kkang/builds/qemuarm-Aug03/bitbake_build/tmp/work/armv5e-wrs-linux-gnueabi/libvirt/1.3.5-r0/build/src/../../libvirt-1.3.5/src/util/virobject.c:298: undefined reference to `virAtomicLock'
	| collect2: error: ld returned 1 exit status

	It is similar with:

	http://libvirt.org/git/?p=libvirt.git;a=commit;h=12dc729

2016-08-06  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add vzDomainGetJobStats

	vz: add getting job info for migration
	Unfortunately vz sdk do not provide detail information on migration
	progress, only progress percentage. Thus vz driver provides percents
	instead of bytes in data fields of virDomainJobInfoPtr.

2016-08-06  Eric Blake  <eblake@redhat.com>

	build: centralize use of extra Cygwin LDFLAGS
	The build was failing with:

	  CCLD     lockd.la
	libtool:   error: can't build i686-pc-cygwin shared library unless -no-undefined is specified

	Rather than add yet another $(CYGWIN_EXTRA_LDFLAGS) to all the
	impacted *_la_LDFLAGS, it was easier to just pull the extra
	flags into ALL libraries via AM_LDFLAGS.

	Then, fix lockd_la_LDFLAGS to include AM_LDFLAGS, like all other
	libraries.

2016-08-06  Eric Blake  <eblake@redhat.com>

	build: use XDR_CFLAGS for Cygwin build
	Without XDR_CFLAGS, compilation on Cygwin fails with:

	  CC       libvirt_driver_la-libvirt-stream.lo
	In file included from libvirt-stream.c:26:0:
	rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

2016-08-05  Michal Privoznik  <mprivozn@redhat.com>

	lxcDomainCreateXMLWithFiles: Avoid crash
	https://bugzilla.redhat.com/show_bug.cgi?id=1363773

	Imagine that you're creating a transient domain, but for some reason,
	starting it fails. That is virLXCProcessStart() returns an error. With
	current code, in the error handling code the domain object is removed
	from the domain object list, @vm is set to NULL and controls jump to
	enjob label where virLXCDomainObjEndJob() is called which dereference vm
	leading to instant crash.

	The fix is to end the job in the error handling code and only after that
	remove the domain from the list and jump onto cleanup label instead of
	endjob.

2016-08-05  John Ferlan  <jferlan@redhat.com>

	storage: Don't remove the pool for buildPool failure in storagePoolCreate
	https://bugzilla.redhat.com/show_bug.cgi?id=1362349

	When adding the ability to build the pool during the start pool processing
	using the similar flags as buildPool processing would use, the code was
	essentially cut-n-pasted from storagePoolCreateXML.  However, that included
	a call to virStoragePoolObjRemove which shouldn't happen within the
	storagePoolCreate path since that'll remove the pool from the list of
	pools only to be rediscovered if libvirtd restarts.

	So on failure, just fail and return as we should expect

2016-08-05  Ján Tomko  <jtomko@redhat.com>

	Fix indentation

2016-08-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add tests for virQEMUCapsNewCopy
	Doing a load, copy, format cycle on all QEMU capabilities XML files
	should make sure we don't forget to update virQEMUCapsNewCopy when
	adding new elements to QEMU capabilities.

	qemu: Copy missing QEMU caps elements

	qemu: Copy QEMU caps elements in order of definition

2016-08-05  Peter Krempa  <pkrempa@redhat.com>

	tests: qemucapabilities: Add data for qemu 2.7.0
	As of (v2.7.0-rc1-52-g42e0d60)

2016-08-05  Erik Skultety  <eskultet@redhat.com>

	storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
	There was a missing check for vol->target.encryption being NULL
	at one particular place (modified by commit a48c71411) which caused a crash
	when user attempted to create a raw volume using a non-raw file volume as
	source.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636

2016-08-05  Peter Krempa  <pkrempa@redhat.com>

	internal: Introduce macro for stealing pointers
	VIR_STEAL_PTR copies the pointer from the second argument into the
	first argument and then sets the second to NULL.

2016-08-04  John Ferlan  <jferlan@redhat.com>

	tests: Fix broken build
	Commit id 'f522b7d2' caused a build failure :

	GEN      check-augeas-virtlogd
	Test failure:test_libvirtd_qemu.aug:69.3-147.28:
	 Expected:
	{
	...
	  { "nvram"
	    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
	    { "2" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
	  }
	...
	 Actual:
	...
	{
	  { "nvram"
	    { "1" = "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd" }
	    { "2" = "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd" }
	    { "3" = "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd" }
	  }
	...

	This patch adds the OVMF_CODE.secboot.fd to the aug.in file

2016-08-04  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: fix capability counting

2016-08-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Advertise OVMF_CODE.secboot.fd

2016-08-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Enable secure boot
	In qemu, enabling this feature boils down to adding the following
	onto the command line:

	  -global driver=cfi.pflash01,property=secure,value=on

	However, there are some constraints resulting from the
	implementation. For instance, System Management Mode (SMM) is
	required to be enabled, the machine type must be q35-2.4 or
	later, and the guest should be x86_64. While technically it is
	possible to have 32 bit guests with secure boot, some non-trivial
	CPU flags tuning is required (for instance lm and nx flags must
	be prohibited). Given complexity of our CPU driver, this is not
	trivial. Therefore I've chosen to forbid 32 bit guests for now.
	If there's ever need, we can refine the check later.

2016-08-04  Michal Privoznik  <mprivozn@redhat.com>

	Introduce @secure attribute to os loader element
	This element will control secure boot implemented by some
	firmwares. If the firmware used in <loader/> does support the
	feature we must tell it to the underlying hypervisor. However, we
	can't know whether loader does support it or not just by looking
	at the file. Therefore we have to have an attribute to the
	element where users can tell us whether the firmware is secure
	boot enabled or not.

	Introduce SMM feature
	Since its release of 2.4.0 qemu is able to enable System
	Management Module in the firmware, or disable it. We should
	expose this capability in the XML. Unfortunately, there's no good
	way to determine whether the binary we are talking to supports
	it. I mean, if qemu's run with real machine type, the smm
	attribute can be seen in 'qom-list /machine' output. But it's not
	there when qemu's run with -M none. Therefore we're stuck with
	version based check.

	qemuBuildMachineCommandLine: Follow our pattern
	We use 'goto cleanup' for a reason. If a function can exit at
	many places but doesn't follow the pattern, it has to copy the
	free code in multiple places.

2016-08-04  Daniel P. Berrange  <berrange@redhat.com>

	rpm: set TLS priority to @LIBVIRT,SYSTEM on Fedora >= 25
	With newest gnutls available in Fedora 25/rawhide, it is
	possible to have TLS priority fallbacks, so we can finally
	use --tls-priority=@LIBVIRT,SYSTEM

2016-08-04  Andrea Bolognani  <abologna@redhat.com>

	tests: qemuxml2xml: Add some USB test cases
	All these configurations are already covered for qemuxml2argv,
	but there were no equivalent tests for qemuxml2xml.

	tests: qemuxml2xml: Use DO_TEST() for most tests
	Now that DO_TEST() can be passed capabilities, there is little
	need to use DO_TEST_FULL() instead of DO_TEST().

	tests: qemuxml2xml: Pass capabilities to DO_TEST()
	This will allow us to remove most DO_TEST_FULL() usages. For the
	time being, just add the extra argument to all DO_TEST() calls.

	tests: qemuxml2xml: Use WHEN_BOTH for most tests
	A bunch of cases were only being tested for WHEN_ACTIVE or
	WHEN_INACTIVE. Use WHEN_BOTH for all except the very few that
	actually require the existing setup.

	tests: qemuxml2xml: Clean up disk-mirror
	Instead of testing it twice using WHEN_ACTIVE and WHEN_INACTIVE
	separately, just use WHEN_BOTH.

	tests: qemuxml2argv: Fix usb-too-long-port-path-invalid
	The test case uses DO_TEST_PARSE_FLAGS_ERROR(), but doesn't
	pass any parse flag. Use DO_TEST_PARSE_ERROR() instead.

	tests: qemuxml2argv: Remove useless GIC flags
	DO_TEST_FAILURE() doesn't take a GIC version, but the GIC flag
	was passed anyway. Get rid of all such occurrences.

2016-08-04  Michal Privoznik  <mprivozn@redhat.com>

	virObjectEventNew: Use virObjectUnref() to free virObjectEvent
	While no leak was observed yet, there might be one if
	virObjectEventClass is ever derived from another class. Because
	in that case plain VIR_FREE() will not call dispose() from parent
	classes possibly leaking some memory.

	libxlDoMigrateReceive: Drop useless check for !vm
	In the cleanup path, @vm cannot be possibly NULL. If it were so,
	we would receive SIGSEGV much earlier. At the beginning of the
	function we do libxlDomainObjBeginJob(.., vm, ..); and so on.

	virshConnect: Don't leak polkit agent
	In our attempts to reconnect, we may create a polkit daemon.
	However, it may happen that we would rewrite the variable that
	already holds pointer to the agent.

	securityselinuxlabeltest: Prefer virGetLastErrorMessage() over virGetLastError
	At the beginning of the test, some preparation work is done. For
	instance new virSecurityManager is created. If this fails for
	whatever reason, we try to fetch the latest error and print the
	error message contained in it. However, if there's a bug in our
	code and no error is reported, this approach will lead to crash,
	while with virGetLastErrorMessage() it won't.

	virqemu: Reflect return type of virJSONValueArraySize()
	The virJSONValueArraySize() function return ssize_t (with
	possibly returning -1 if the passed json is not an array).
	Storing the return value into size_t is possibly dangerous then.

2016-08-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Simplify return values of qemuDomainRefreshVcpuInfo
	Call the vcpu thread info validation separately to decrease complexity
	of returned values by qemuDomainRefreshVcpuInfo.

	This function now returns 0 on success and -1 on error. Certain
	failures of qemu to report data are still considered as success. Any
	error reported now is fatal.

2016-08-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Improve vCPU data checking in qemuDomainRefreshVcpu
	Validate the presence of the thread id according to state of the vCPU
	rather than just checking the vCPU count. Additionally put the new
	validation code into a separate function so that the information
	retrieval can be split from the validation.

	qemu: monitor: Rename qemuMonitor(JSON|Text)GetCPUInfo
	Use a name that contains the command used to get the information.

	qemu: domain: Rename qemuDomainDetectVcpuPids to qemuDomainRefreshVcpuInfo
	The function will eventually do more useful stuff than just detection of
	thread ids.

	qemu: Improve error message in virDomainGetVcpus
	If the VM is offline we can't retrieve the runtime statistical
	information. Pinning could be retrieved but there are separate APIs for
	that.

	qemu: monitor: Add do-while block to QEMU_CHECK_MONITOR_FULL
	Assure that it's just one statement to avoid problems when used with
	conditions.

	qemu: monitor: Add monitor API for device_add supporting JSON objects
	Rather than formatting a string and splitting it back to a JSON object
	add API that will take a JSON object directly.

2016-08-04  Cole Robinson  <crobinso@redhat.com>

	conf: events: Fix coverity warning
	Since 2bfa75134 virObjectEventNew can be passed a NULL 'uuid' value,
	so drop the ATTRIBUTE_NONNULL annotation

2016-08-03  Jim Fehlig  <jfehlig@suse.com>

	libxl: allow libxl to calculate shadow mem requirements
	Long, long ago before libxl_get_required_shadow_memory() was
	made publicly available, its code was copied to the libxl driver
	for calculating shadow memory requirements of HVM domains.

	Long ago, libxl_get_required_shadow_memory() was exported in
	libxl_utils.h and included in xen-devel packages everywhere.

	Remove the copied code, which has become stale, and let libxl
	provode a proper shadow memory value.

2016-08-03  John Ferlan  <jferlan@redhat.com>

	qemu: Add support to get/set IOThread period and quota cgroup values
	https://bugzilla.redhat.com/show_bug.cgi?id=1356937

	Add support for IOThread quota/bandwidth and period parameters for non
	session mode. If in session mode, then error out.  Uses all the same
	places where {vcpu|emulator|global}_{period|quota} are adjusted and
	adds the iothread values.

2016-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Add IOThread quota and period scheduler/cputune defs
	https://bugzilla.redhat.com/show_bug.cgi?id=1356937

	Add the definitions to allow for viewing/setting cgroup period and quota
	limits for IOThreads.

	This is similar to the work done for emulator quota and period by
	commit ids 'b65dafa' and 'e051c482'.

	Being able to view/set the IOThread specific values is related to more
	recent changes adding global period (commmit id '4d92d58f') and global
	quota (commit id '55ecdae') definitions and qemu support (commit id
	'4e17ff79' and 'fbcbd1b2'). With a global setting though, if somehow
	the IOThread value in the cgroup hierarchy was set "outside of libvirt"
	to a value that is incompatible with the global value.

	Allowing control over IOThread specific values provides the capability
	to alter the IOThread values as necessary.

2016-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Don't error when attaching security label of model "none"
	If you invoke virDomainLxcEnterSecurityLabel() on security
	model of "none" it will report an error. Logically a "none"
	security model should be treated as a no-op, so we should
	just return success immediately, instead of an error.

	qemu: only report errno in trace message on failure
	Avoid reporting a stale errno value when the syscall succeeds,
	instead always pass 0.

2016-08-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: qemu-monitor-command: Don't print extra newline with --pretty
	The prettified JSON string already contains a newline so don't print
	another one. This allows to pipe the json output (in conjunction with
	the --quiet option) to files without having to truncate them afterwards.

2016-08-02  Peter Krempa  <pkrempa@redhat.com>

	tests: Make schema test fail on XML schema errors
	Failure to parse the schema file would not trigger a test suite failure.

	In addition to making the test fail it's necessary to split up the
	parsing of the schema file into a separate test.

	This is necessary as the XML validator uses libvirt errors to report
	problems parsing of the actual schema RNG needs to be split out into a
	separate function and called via virTestRun which has the
	infrastructure to report them.

2016-08-02  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix indentation of the remote protocol structs check file

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Use the hostdev alias in qemuDomainAttachHostSCSIDevice error path
	https://bugzilla.redhat.com/show_bug.cgi?id=1289391

	Rather than pass the whole drive string (which contained the alias),
	pass only the alias for the qemuMonitorDriveDel call in the error
	path when adding a host device in the monitor fails.

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Use qemuAliasFromHostdev
	When building the command line alias and for SCSI Host Device deletion,
	use the common API to build the alias

	qemu: Introduce qemuAliasFromHostdev
	Introduce a common API to generate the alias for a host device

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Add attempt to call qemuMonitorDriveDel for AttachSCSI failure path
	Completion of fix for:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1336225

	Similar to the other disk types, add the qemuMonitorDriveDel in the failure
	to add/hotplug a SCSI disk.

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Add attempt to call qemuMonitorDriveDel for USB failure path
	Partial fix for:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1336225

	Similar to the other disk types, add the qemuMonitorDriveDel in the failure
	to add/hotplug a USB.

	Added a couple of other formatting changes just to have a less cluttered look

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Make QEMU_DRIVE_HOST_PREFIX more private
	Move QEMU_DRIVE_HOST_PREFIX into the qemu_alias.c to dissuade future
	callers from using it. Create qemuAliasDiskDriveSkipPrefix in order
	to handle the current consumers that desire to check if an alias has
	the drive- prefix and "get beyond it" in order to get the disk alias.

	qemu: Use qemuAliasFromDisk to generate drive alias
	Rather than open code build the drive alias command in multiple places,
	use the helper to ensure consistency.

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Use qemuAliasFromDisk instead of qemuDeviceDriveHostAlias
	Since we already have a function that will generate the drivestr from
	the alias, let's use it and remove the qemuDeviceDriveHostAlias.

	Move the QEMU_DRIVE_HOST_PREFIX definition into qemu_alias.h

	Also alter qemuAliasFromDisk to use the QEMU_DRIVE_HOST_PREFIX instead
	of "drive-%s".

2016-08-02  John Ferlan  <jferlan@redhat.com>

	qemu: Use qemuAliasFromDisk to generate drive alias
	The qemuDomainSnapshotCreateSingleDiskActive open coded generating the
	disk drive alias. Let's use the common function.

	qemu: Remove generation of drive alias from qcow passphrase backends
	Rather than pass the disks[i]->info.alias to qemuMonitorSetDrivePassphrase
	and then generate the "drive-%s" alias from that, let's use qemuAliasFromDisk
	prior to the call to generate the drive alias and then pass that along
	thus removing the need to generate the alias from the monitor code.

	qemu: Reorder qemuDomainAttachUSBMassStorageDevice failure path
	Modify the error/exit path to match what was done for Virtio and SCSI.
	If nothing else it'll have a consistent look'n'feel

2016-08-02  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	event-test: support node device lifecycle event APIs

	node_device: Implement event queue in udev

	node_device: implement node device lifecycle event APIs

	remote: implement node device lifecycle event APIs

	test: implement node device lifecycle event APIs
	Also includes unittests for node device lifecycle events API

	conf: add node_device_event handling
	Add node device event handling infrastructure to node_device_event.[ch]

2016-08-02  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	Introduce node device lifecycle event APIs
	Node device lifecycle event API entry points for registering and
	deregistering node deivce events, as well as types of events
	associated with node device.
	These entry points will be used for implementing asynchronous
	lifecycle events.

	Node device API:
	virConnectNodeDeviceEventRegisterAny
	virConnectNodeDeviceEventDeregisterAny
	virNodeDeviceEventLifecycleType which has events CREATED and DELETED

2016-08-02  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: Set fake reboot flag to false when mode=agent
	As commit id 'e2b86f580' notes, when mode=agent possibly setting the
	fake reboot flag to true wouldn't be necessary; however, it doesn't
	"force" the issue by just ensuring the fake reboot is false, so this
	patch adds the explicit setting for the reboot path.

	More investigation and details can be found in commit id '8be502fd'
	as well as in the archives at:

	  https://www.redhat.com/archives/libvir-list/2015-April/msg00715.html

2016-08-02  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: Set fake reboot flag only in acpi mode for shutdown
	Conditional setting of the fake reboot flag should only happen for
	the acpi mode shutdown path; however, for the agent mode shutdown,
	the fake reboot should be cleared. This patch will essentially revert
	commit id '8be502fd', but adds an explicit setting of the flag to false
	when using mode=agent while also only conditionally setting the reboot
	flag if the guest went away. This also avoids an issue where a shutdown
	with reboot semantics is done from agent mode which sets the reboot
	flag followed by a shutdown from within the guest which would result
	in a reboot due to the fake reboot flag being set. The change will
	also properly handle the cases described in the following archive post:

	  https://www.redhat.com/archives/libvir-list/2015-April/msg00715.html

2016-08-02  John Ferlan  <jferlan@redhat.com>

	libxl: Fix broken build attach/detach controller device
	Commit id '44304c6eb' added the API libxlDomainAttachControllerDevice
	inside a conditional LIBXL_HAVE_PVUSB, but called that function outside
	the conditional in libxlDomainAttachDeviceLive.

	Similarly, the API libxlDomainDetachControllerDevice was added inside a
	conditional LIBXL_HAVE_PVUSB, but called outside the conditional in
	libxlDomainDetachDeviceLive.

	This patch adds the conditional LIBXL_HAVE_PVUSB around those two calls
	from within the switch.

2016-08-02  John Ferlan  <jferlan@redhat.com>

	libxl: Fix broken build from libxlDomainCleanup
	Commit id '7d3b2eb5' missed a closing parenthesis on the ignore_value
	macro, causing the failure

2016-08-02  Erik Skultety  <eskultet@redhat.com>

	rpc: virnetserver: Remove dead code checking the client limits
	Prior to commit 2737aaaf, we allowed every client to connect successfully,
	however, if accepting a client would eventually lead to an overcommit of the
	limits, we would disconnect it immediately with "Too many active clients,
	dropping connection from...". Recent changes refactored the code in a way, that
	it is not possible for the client-related callback to be dispatched and the
	client to be accepted if the limits wouldn't permit to do so, therefore a check
	if a connection should be dropped due to limits violation has become a dead
	code that could be removed.

2016-08-02  Erik Skultety  <eskultet@redhat.com>

	admin: rpc: virnetserver: Fix updating of the client limits
	Commit 2737aaaf changed our policy for accepting new clients in a way, that
	instead of accepting new clients only to disconnect them immediately, since
	that would overcommit the limit, we temporarily disable polling for the
	dedicated file descriptor, so any new connection will queue on the socket.
	Commit 8b1f0469 then added the possibility to change the limits during runtime
	but it didn't re-enable polling for the previously disabled file descriptor,
	thus any new connection would still continue to queue on the socket. This patch
	forces an update of the services each time the limits were changed in some way.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357776

2016-08-02  Erik Skultety  <eskultet@redhat.com>

	rpc: virnetserver: Add code to CheckLimits to handle suspending of services
	So far, virNetServerCheckLimits was only used to possibly re-enable accepting
	new clients that might have previously been disabled due to client limits
	violation (max_clients, max_anonymous_clients). This patch refactors
	virNetServerAddClient, which is currently the only place where the services get
	disabled, in order to use the virNetServerCheckLimits helper instead of
	checking the limits by itself.

	rpc: virnetserver: Move virNetServerCheckLimits which is static up in the file
	Since virNetServerAddClient checks for the limits in order to temporarily
	suspend the services, thus not accepting any more clients, there is no reason
	why virNetServerCheckLimits, which is only responsible for re-enabling
	previously disabled services according to the limits, could not do both. To be
	able to do that however, it needs to be moved up in the file since it's static
	(and because it's just a helper and there's only one caller it should remain
	 static).

	rpc: virnetserver: Rename ClientSetProcessingControls to ClientSetLimits
	The original naming was just a leftover that should have been fixed in commit
	8b1f0469.

2016-08-02  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: add hooks support
	Introduce libxl hook and use it for start, prepare, started,
	stop, stopped, migrate events.

2016-08-02  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: fix segfault in libxlReconnectDomain
	In case of error, libxlReconnectDomain may call
	virDomainObjListRemoveLocked. However it has no local reference on
	the domain object, leading to segfault. Get a reference to the domain
	object at the start of the function and release it at the end to avoid
	problems.

	This commit also factorizes code between the error and normal ends.

2016-08-02  Cédric Bosdonnat  <cbosdonnat@suse.com>

	libxl: add a flag to mark guests as tainted by a hook
	The migrate hook will affect the migrated guest definition. Allow
	these domains be marked as tainted in the libxl driver.

2016-08-02  Chunyan Liu  <cyliu@suse.com>

	qemuDomainDeviceDefPostParse: add USB controller model check
	To sync with virDomainControllerModelUSB, we add two models
	in qemuControllerModelUSB 'qusb1' and 'qusb2', but those
	models are not supported in qemu driver. So add check in
	device post parse to report errors if 'qusb1' and 'qusb2'
	are specified.

	xenconfig: add conversion of usb controller config to and from xml
	libxl configuration files conversion can now handle USB controllers.
	When parting libxl config file, USB controllers with type PV are
	ignored as those aren't handled.

	libxl: check available controller and port when hotplugging USB device
	When hotplugging a USB device, check if there is an available controller
	and port, if not, automatically create a USB controller of version
	2.0 and 8 ports.

2016-08-02  Chunyan Liu  <cyliu@suse.com>

	libxl: support usb controller hotplug
	Support USB controller hot-plug and hot-unplug.

	 #virsh attach-device dom usbctrl.xml
	 #virsh detach-device dom usbctrl.xml
	 usbctrl.xml example:
	 <controller type='usb' index='0' model='qusb2'>

2016-08-02  Chunyan Liu  <cyliu@suse.com>

	libxl: support USB controllers in creation time
	To support USB Controller in xen guest domains, just add
	USB controller in domain config xml as following:
	<controller type='usb' model='qusb2' ports='4'/>

2016-08-02  Chunyan Liu  <cyliu@suse.com>

	extend usb controller model to support xen pvusb
	According to libxl implementation, it supports pvusb
	controller of version 1.1 and version 2.0, and it
	supports two types of backend, 'pvusb' (dom0 backend)
	and 'qusb' (qemu backend). But currently pvusb backend
	is not checked in yet.

	To match libxl support, extend usb controller schema
	to support two more models: qusb1 (qusb, version 1.1)
	and 'qusb2' (qusb version 2.0).

2016-08-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: qemu-monitor-command: Simplify control flow
	Construct the query string by using virBufferTrim rather than having to
	remember to add a space and simplify cleanup path.

	virsh: qemu-monitor-command: Use macro for exclusive options

	qemu: cap: Refactor access to array in virQEMUCapsProbeQMPMachineTypes
	Use a temporary pointer rather than always recalculating the index in a
	very verbose way.

	qemu: caps: Sanitize storage of machine type related data
	Add a structure to store the data and use a single array of the
	structures rather than having 3 separate arrays with shared indexes.

	qemu: capabilities: Drop unused function virQEMUCapsGetMachineTypes

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	storage: Clean up volume wiping
	Let's cleanly differentiate what wiping a volume does for ploop and
	other volumes so it's more readable what is done for each one instead of
	branching out multiple times in different parts of the same function.

	storage: Use path instead of volume as an argument
	Some functions use volume specification merely to use the target path
	from it.  Let's change it to pass the path only so that it can be used
	for other files than just volumes.

	storage: Move functions around
	This is done in order to call them in next patches from each other and
	definitions would be missing otherwise.

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix domain state after reset
	When reset was called from a domain that crashed we didn't change the
	crashed state into a paused one which could confuse users.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1269575

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Report error when explicit connection fails
	Commit 0c56d9431839 forgot to return false in the cmdConnect command
	after the clean up made there.

	Before (assuming you don't have uri alias for 'asdf'):
	  $ virsh connect asdf
	  error: failed to connect to the hypervisor

	  $ echo $?
	  0

	After (with the same assumption):
	  $ virsh connect asdf
	  error: failed to connect to the hypervisor
	  error: no connection driver available for asdf

	  $ echo $?
	  1

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356461

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix support for startupPolicy with volume/pool disks
	Until now we simply errored out when the translation from pool+volume
	failed.  However, we should instead check whether that disk is needed or
	not since there is an option for that.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1168453

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Remove unnecessary label and its only reference

	qemu: Make qemuDomainCheckDiskStartupPolicy self-contained
	There is an error reset following the function and check for
	startupPolicy before that.  Let's reflect those things inside that
	function so that future code doesn't have to be that complex.

2016-08-02  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump to 2.2.0

2016-08-02  Yuri Chornoivan  <yurchor@ukr.net>

	Fix unbalanced quotation marks

2016-08-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-2.1.0
	* docs/news.html.in: updated for release
	* po/*.po*: regenerated

	Revert "Fix unbalanced quotation marks"
	This reverts commit 6a40801186d1fcba38360f58659f898b67f08a01.
	release of 2.1.0 need to go first

2016-08-02  Yuri Chornoivan  <yurchor@ukr.net>

	Fix unbalanced quotation marks

2016-08-02  Erik Skultety  <eskultet@redhat.com>

	daemon: sasl: Don't forget to save SASL username to client's identity
	Once the SASL authentication process has successfully passed, we should also
	save the SASL username used to client's identity, so that when a client like
	virt-admin tries to obtain it, the server will actually format the username to
	the response data.

	admin: Retrieve the SASL context for both local and remote connection
	When commit 4a0e9108 added a support for client information retrieval, it made
	the API return SASL identity info only for clients connected remotely, yet SASL
	can be happily used with UNIX sockets as well.

2016-08-02  Martin Kletzander  <mkletzan@redhat.com>

	storage: Document wiping formatted volume types
	When wiping a volume we just rewrite all the data of the volume, not
	only the content.  Since format gets overridden, we need to recreate the
	volume.  However we can't do that for every possible format out there.
	Since it was only coded for the ploop volume type, let's document what
	might be the consequences instead of forbidding it for every other
	format out there.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868771

2016-08-01  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: remove panic dev models s390 and pseries when migrating
	The panic devices with models s390 and pseries are autogenerated.
	For backwards compatibility reasons the devices are to be removed
	when migrating.

2016-08-01  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Drop glib dependency
	The only function that we currently use from glib is g_sprintf().
	That's a very big gun for such small target. Not only that, but
	we've silently relied on wireshark dragging in the glib. Replace
	the g_sprintf() with plain sprinf() so that we can drop the glib
	dependency.

2016-08-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	schema: fix resolved interfaces of network type
	  This patch reflects cases when <interface> element and its <source>
	subelement for network type are formated based on actual type resolved
	from referenced network instead of original one. networkAllocateActualDevice
	and virDomainActualNetDefContentsFormat are taken as reference.

	schema: add missed alias element to memory device

2016-08-01  Sascha Silbe  <silbe@linux.vnet.ibm.com>

	qemu: fix domain id after domainCreateWithFlags()
	Ever since virDomainCreateWithFlags() was introduced by de3aadaa
	[drivers: add virDomainCreateWithFlags if virDomainCreate exists], the
	domain ID retrieved with virDomainGetID() was incorrect for several
	drivers after virDomainCreateWithFlags() was called. The API consumer
	had to look up the domain anew to retrieve the correct ID.

	For the ESX driver, this was fixed in 6139b274 [esx: Update ID after
	starting a domain]. For the openvz driver, it was fixed in fd81a097
	[openvzDomainCreateWithFlags: set domain id to the correct value]. The
	test driver, the OpenNebula driver (removed in the meantime) and the
	vbox driver were already updating the domain ID correctly in
	domainCreate().

	Copy over the ID in qemuDomainCreateWithFlags() to fix this for the qemu
	driver, too.

	Fixes: de3aadaa ("drivers: add virDomainCreateWithFlags if virDomainCreate exists")
	Reported-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
	Tested-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>
	Reviewed-by: Marc Hartmayer <mhartmay@linux.vnet.ibm.com>

2016-08-01  Peter Krempa  <pkrempa@redhat.com>

	tests: qemu: Don't leak security manager object
	==2064442== 200 (88 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 54 of 73
	==2064442==    at 0x4C2E0F0: calloc (vg_replace_malloc.c:711)
	==2064442==    by 0x18E75B80: virAllocVar (viralloc.c:560)
	==2064442==    by 0x18EC43B0: virObjectNew (virobject.c:193)
	==2064442==    by 0x18EC476E: virObjectLockableNew (virobject.c:219)
	==2064442==    by 0x1906BC73: virSecurityManagerNewDriver (security_manager.c:93)
	==2064442==    by 0x1906C076: virSecurityManagerNewStack (security_manager.c:115)
	==2064442==    by 0x43CC39: qemuTestDriverInit (testutilsqemu.c:548)
	==2064442==    by 0x4337ED: mymain (qemumonitorjsontest.c:2440)
	==2064442==    by 0x43BABE: virTestMain (testutils.c:982)
	==2064442==    by 0x43A490: main (qemumonitorjsontest.c:2558)

2016-07-29  Michal Privoznik  <mprivozn@redhat.com>

	conf: Catch invalid memory model earlier
	Consider the following XML snippet:

	    <memory model=''>
	      <target>
	        <size unit='KiB'>523264</size>
	        <node>0</node>
	      </target>
	    </memory>

	Whats wrong you ask? The @model attribute. This should result in
	an error thrown into users faces during virDomainDefine phase.
	Except it doesn't. The XML validation catches this error, but if
	users chose to ignore that, they will end up with invalid XML.
	Well, they won't be able to start the machine - that's when error
	is produced currently. But it would be nice if we could catch the
	error like this earlier.

2016-07-29  Erik Skultety  <eskultet@redhat.com>

	admin: Fix default uri config option name s/admin_uri_default/uri_default
	The original name 'admin_uri_default' was introduced to our code by commit
	dbecb87f. However, at that time we already had a separate config file for
	admin library but the commit mentioned above didn't properly adjust the
	config's option name. The result is that when we're loading the config, we
	check a non-existent config option (there's not much to do with the URIs
	anyway, since we only allow local connection). Additionally, virt-admin's man
	page documents, that the default URI can be altered by setting
	admin_uri_default option. So the fix proposed by this patch leaves the
	libvirt-admin.conf as is and adjusts the naming in the code as well as in the
	virt-admin's man page.

2016-07-28  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Adapt to dissector function header change
	In wireshark commit bbdd89b9 (contained in 2.1.0 release) they
	have changed prototype of dissector function. Now it returns
	number of bytes consumed by the dissector, and can get a pointer
	to user specified data (which we don't use).

2016-07-28  John Ferlan  <jferlan@redhat.com>

	qemu: Need to free fileprops in error path
	The virJSONValueObjectCreate only consumes the object on success, so on
	failure we must free - from commit id 'f4441017' (found by Coverity).

2016-07-28  John Ferlan  <jferlan@redhat.com>

	iscsi: Establish connection to target via static target login
	https://bugzilla.redhat.com/show_bug.cgi?id=1356436

	Commit id '56057900' altered the discovery of iSCSI node targets by
	using the "--op nonpersistent". This caused issues for clean environments
	or if by chance a "-m node -o delete" was executed.

	Since each iSCSI Storage Pool has the required iSCSI target path, use
	that and the virISCSINodeNew API in order to generate the iSCSI node record.

2016-07-28  John Ferlan  <jferlan@redhat.com>

	util: Introduce virISCSINodeNew
	https://bugzilla.redhat.com/show_bug.cgi?id=1356436

	According to RFC 3721 (https://www.ietf.org/rfc/rfc3721.txt), there are
	two ways to "discover" targets in/for the iSCSI environment. Discovery
	is the process which allows the initiator to find the targets to which
	it has access and at least one address at which each target may be
	accessed.

	The method currently implemented in libvirt using the virISCSIScanTargets
	API is known as "SendTargets" discovery. This method is more useful when
	the target IP Address and TCP port information are available, e.g. in
	libvirt terms the "portal". It returns a list of targets for the portal.
	From that list, the target can be found. This operation can also fill an
	iSCSI node table into which iSCSI logins may occur. Commit id '56057900'
	altered that filling by adding the "--op nonpersistent" since it was
	not necessarily desired to perform that for non libvirt related targets.

	The second method is "Static Configuration". This method not only needs
	the IP Address and TCP port (e.g. portal), but also the iSCSI target name.
	In libvirt terms this would be the device path field from the iSCSI pool
	<source> XML. This patch implements the second methodology using that
	required device path as the targetname.

2016-07-28  Erik Skultety  <eskultet@redhat.com>

	tools: Make use of the correct environment variables
	Since commit 834c5720 which extracted the generic functionality out of virsh
	and made it available for other clients like virt-admin to make use of it, it
	also introduced a bug when it renamed the original VIRSH_ environment variables
	to VSH_ variables. Virt-admin of course suffers from the same bug, so this
	patch modifies the generic module vsh.c to construct the correct name for
	environment variables of each client from information it has.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357363

2016-07-28  Erik Skultety  <eskultet@redhat.com>

	vsh: Make vshInitDebug return int instead of void
	Well, the reason behind this change is that if the function is extended in some
	way that e.g. would involve allocation we do not have a way of telling it to
	the caller. More specifically, vshInitDebug only relies on some hardcoded
	environment variables (by a mistake) that aren't documented anywhere so neither
	virsh's nor virt-admin's documented environment variables take effect. One
	possible solution would be duplicate the code for each CLI client or leave the
	method be generic and provide means that it could figure out, which client
	called it, thus initializing the proper environment variables but that could
	involve operations that might as well fail in certain circumstances and the
	caller should know that an error occurred.

2016-07-28  Daniel P. Berrange  <berrange@redhat.com>

	Refresh translations from zanata

2016-07-28  Michal Privoznik  <mprivozn@redhat.com>

	vshReadlineParse: Drop some unused variables
	My compiler identified some variables that were set, but never
	actually used. For instance, opts_required, and data_acomplete.

	vshCmddefGetOption: Change type of opt_index
	This function tries to look up desired option for a given parsed
	command. Upon successful return it also stores option position
	into passed *opt_index. Now, this variable is type of int, even
	though it is never ever used to store negative value. Moreover,
	the variable is set from a local variable which is type of
	size_t.

2016-07-28  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec.in: fix indentation in previous commit

2016-07-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM spec for wireshark on Fedora < 24
	This previous commit

	  commit cd9fcc8be7dcb9126d70f744ce54b0b742eeefb8
	  Author: Michal Privoznik <mprivozn@redhat.com>
	  Date:   Wed Jul 27 16:58:32 2016 +0200

	    libvirt.spec.in: Adapt to newest wireshark plugindir

	Adapted the libvirt spec for wireshark >= 2.1.0 but
	this ignored the fact that we enable wireshark from
	Fedora 21 and 2.1.0 was only added in Fedora 24

2016-07-27  Daniel P. Berrange  <berrange@redhat.com>

	storage: remove "luks" storage volume type
	The current LUKS support has a "luks" volume type which has
	a "luks" encryption format.

	This partially makes sense if you consider the QEMU shorthand
	syntax only requires you to specify a format=luks, and it'll
	automagically uses "raw" as the next level driver. QEMU will
	however let you override the "raw" with any other driver it
	supports (vmdk, qcow, rbd, iscsi, etc, etc)

	IOW the intention though is that the "luks" encryption format
	is applied to all disk formats (whether raw, qcow2, rbd, gluster
	or whatever). As such it doesn't make much sense for libvirt
	to say the volume type is "luks" - we should be saying that it
	is a "raw" file, but with "luks" encryption applied.

	IOW, when creating a storage volume we should use this XML

	  <volume>
	    <name>demo.raw</name>
	    <capacity>5368709120</capacity>
	    <target>
	      <format type='raw'/>
	      <encryption format='luks'>
	        <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
	      </encryption>
	    </target>
	  </volume>

	and when configuring a guest disk we should use

	  <disk type='file' device='disk'>
	    <driver name='qemu' type='raw'/>
	    <source file='/home/berrange/VirtualMachines/demo.raw'/>
	    <target dev='sda' bus='scsi'/>
	    <encryption format='luks'>
	      <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccd2f80d6f'/>
	    </encryption>
	  </disk>

	This commit thus removes the "luks" storage volume type added
	in

	  commit 318ebb36f1027b3357a32d6f781bd77d7a9043fd
	  Author: John Ferlan <jferlan@redhat.com>
	  Date:   Tue Jun 21 12:59:54 2016 -0400

	    util: Add 'luks' to the FileTypeInfo

	The storage file probing code is modified so that it can probe
	the actual encryption formats explicitly, rather than merely
	probing existance of encryption and letting the storage driver
	guess the format.

	The rest of the code is then adapted to deal with
	VIR_STORAGE_FILE_RAW w/ VIR_STORAGE_ENCRYPTION_FORMAT_LUKS
	instead of just VIR_STORAGE_FILE_LUKS.

	The commit mentioned above was included in libvirt v2.0.0.
	So when querying volume XML this will be a change in behaviour
	vs the 2.0.0 release - it'll report 'raw' instead of 'luks'
	for the volume format, but still report 'luks' for encryption
	format.  I think this change is OK because the storage driver
	did not include any support for creating volumes, nor starting
	guets with luks volumes in v2.0.0 - that only since then.
	Clearly if we change this we must do it before v2.1.0 though.

2016-07-27  Daniel P. Berrange  <berrange@redhat.com>

	virstoragefile: refactor virStorageFileMatchesNNN methods
	Refactor the virStorageFileMatchesNNN methods so that
	they don't take a struct FileFormatInfo parameter, but
	instead get the actual raw dat items they needs. This
	will facilitate reuse in other contexts.

2016-07-27  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec.in: Adapt to newest wireshark plugindir
	In the old days, when wireshark plugin was introduced it was
	installed under /usr/lib64/wireshark/plugins/$VERSION/ while with
	wireshark-2.1.0 this path has changed just to
	/usr/lib64/wireshark/plugins. We should teach our spec file about
	this change.

2016-07-27  Michal Privoznik  <mprivozn@redhat.com>

	virt-wireshark: Properly substract wireshark prefix
	So, when building wireshark plugin, we get the plugindir variable
	from the wireshark.pc as well as prefix. Then we replace the
	prefix in the plugindir with our own prefix where libvirt is
	building to:

	  plugindir="${prefix}${plugindir#ws_prefix}"

	However, as you can see, there's '$' missing in front of the
	ws_prefix variable. This results in the mangled plugindir, for
	instance like this:

	  plugindir='/usr/usr/lib64/wireshark/plugins'

2016-07-27  Derbyshev Dmitry  <dderbyshev@virtuozzo.com>

	qemu: return balloon statistics when all domain statistics reported
	To collect all balloon statistics for all guests it was necessary to make
	several libvirt requests. Now it's possible to get all balloon statiscs via
	single connectGetAllDomainStats call.

	qemu: split qemuDomainMemoryStats into internal and external functions
	Is necessary to call it from other contexts, such as qemuDomainGetStatsBalloon.

2016-07-27  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix domain memory 'last-update' timestamp
	This fixes commit 200a40f9 which introduced 'last-update' timestamp.

	qemu: fix domain memory 'usable' stat
	This fixes commit 65bf0446 which introduced 'usable' stat.

2016-07-27  Derbyshev Dmitry  <dderbyshev@virtuozzo.com>

	virsh: Add balloon stats description to .pod
	Description for existing balloon stats was missing for dommemstat.

2016-07-27  Erik Skultety  <eskultet@redhat.com>

	virt-admin.pod: Remove a statement about remote access to the daemon
	There's been a forgotten fragment (copy-paste error probably) in the
	virt-admin's man page referring the reader to our web page on how to construct
	URIs in case of remote access, which sort of implies that we support it which
	we don't at the moment, so better remove that.

2016-07-27  Prasanna Kumar Kalever  <prasanna.kalever@redhat.com>

	qemu: command: Add support for multi-host gluster disks
	To allow using failover with gluster it's necessary to specify multiple
	volume hosts. Add support for starting qemu with such configurations.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Add infrastructure for object specified disk sources
	To allow richer definitions of disk sources add infrastructure that will
	allow to register functionst generating a JSON object based definition.

	This infrastructure will then convert the definition to the proper
	command line syntax and use it in cases where it's necessary. This will
	allow to keep legacy definitions for back-compat when possible and use
	the new definitions for the configurations requiring them.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: qemu: Add support for numbered array members
	Add support for converting objects nested in arrays with a numbering
	discriminator on the command line. This syntax is used for the
	object-based specification of disk source properties.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Support multiple hosts in backend functions
	As gluster natively supports multiple hosts for failover reasons we can
	easily add the support to the storage driver code in libvirt.

	Extract the code setting an individual host into a separate function and
	call them in a loop. The new code also tries to keep the debug log
	entries sane.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Refactor code extracted to qemuBuildDriveSourceStr
	Avoid a large block by tweaking the condition skipping empty drives and
	split up the switch containing two branches having different purpose.

	qemu: command: Extract drive source command line formatter
	The disk source formatting code grew rather ugly and complex and it will
	get worse. Extract it into a separated function to contain the mess.

	qemu: command: Split out network disk URI building
	Extract the code so that it can be called from multiple places. This
	also removes a tricky fallthrough in the large switch in
	qemuBuildNetworkDriveStr.

	qemu: command: Rename qemuBuildNetworkDriveURI to qemuBuildNetworkDriveStr
	The function builds also non-uri strings for the various protocols.

	util: storage: Add JSON backing volume parser for 'ssh' protocol

	util: storage: Add 'ssh' network storage protocol
	Allow using 'ssh' protocol in backing chains and later for disks
	themselves.

	util: storage: Add JSON backing store parser for 'sheepdog' protocol

	util: storage: Add JSON backing volume parser for 'nbd' protocol

	util: storage: Add json pseudo protocol support for iSCSI volumes
	iSCSI is a bit odd in this aspect since it only supports URIs but using
	the 'filename' property and does not have any alternative syntax.

	util: storage: Add json pseudo protocol support for gluster volumes
	Along with the legacy URI based syntax add support for the brand-new
	fully object based syntax.

	util: storage: Add support for URI based backing volumes in qemu's JSON pseudo-protocol
	http(s), ftp(s) and tftp use URIs for volume definitions in the JSON
	pseudo protocol so it's pretty straightforward to add support for them.

	util: storage: Add support for host device backing specified via JSON
	JSON pseudo protocol for qemu allows to explicitly specify devices.
	Add convertor to the internal type.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add parser for qemu's json backing pseudo-protocol
	Add a modular parser that will allow to parse 'json' backing definitions
	that are supported by qemu. The initial implementation adds support for
	the 'file' driver.

	Due to the approach qemu took to implement the JSON backing strings it's
	possible to specify them in two approaches.

	The object approach:
	    json:{ "file" : { "driver":"file",
	                      "filename":"/path/to/file"
	                    }
	         }

	And a partially flattened approach:
	    json:{"file.driver":"file"
	          "file.filename":"/path/to/file"
	         }

	Both of the above are supported by qemu and by the code added in this
	commit. The current implementation de-flattens the first level ('file.')
	if possible and required. Other handling may be added later but
	currently only one level was possible anyways.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: json: Make first argument of virJSONValueCopy const
	It's just read.

2016-07-27  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: Adjust the cur_ballon on coldplug/unplug of dimms
	The cur_balloon also increases/decreases with dimm hotplug/unplug.
	To be consistent, adjust the value for coldplug too. This was inconsistently
	taken care when cur_ballon != memory to begin with. The patch fixes it
	irrespective of that.

2016-07-27  Erik Skultety  <eskultet@redhat.com>

	virconf: Fix config file path construction
	Since commit c4bdff19, the path to the configuration file has been constructed
	in the following manner:
	 - if no config filename was passed to virConfLoadConfigPath, libvirt.conf was
	 used as default
	 - otherwise the filename was concatenated with
	 "<config_dir>/libvirt/libvirt%s%s.conf" which in admin case resulted in
	 "libvirt-libvirt-admin.conf.conf". Obviously, this non-existent config led to
	 ignoring  all user settings in libvirt-admin.conf. This patch requires the
	 config filename to be always provided as an argument with the concatenation
	 being simplified.

	 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1357364

2016-07-27  Ramon Medeiros  <ramonn@linux.vnet.ibm.com>

	docs: Add Kimchi as Web Application
	Kimchi is a open-source interface to kvm. It runs with HTML5, simple and
	easy to manage kvm guests.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: qemu: Don't generate any extra commas in virQEMUBuildCommandLineJSON
	The function would generate a leading comma. Let the callers properly
	add commas by formatting the commas at the end and trimming the trailing
	one.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: qemu: Allow for different approaches to format JSON arrays
	For use with memory hotplug virQEMUBuildCommandLineJSONRecurse attempted
	to format JSON arrays as bitmap on the command line. Make the formatter
	function configurable so that it can be reused with different syntaxes
	of arrays such as numbered arrays for use with disk sources.

	This patch extracts the code and adds a parameter for the function that
	will allow to plug in different formatters.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: qemu: Allow nested objects in JSON -> commandline generator
	Move the iterator of objects to the recursive function so that nested
	objects are supported by flattening the structure with '.' delimiters.

	util: qemu: Add support for user-passed strings in JSON->commandline
	Until now the JSON->commandline convertor was used only for objects
	created by qemu. To allow reusing it with disk formatter we'll need to
	escape ',' as usual in qemu commandlines.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: qemu: Add wrapper for JSON -> commandline conversion
	Refactor the command line generator by adding a wrapper (with
	documentation) that will handle the outermost object iteration.

	This patch also renames the functions and tweaks the error message for
	nested arrays to be more universal.

	The new function is then reused to simplify qemucommandutiltest.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	util: json: Make first argument of virJSONValueObjectForeachKeyValue const
	The iterator function (second argument) already requires that the object
	is handled as 'const' thus we won't modify the object itself.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: Add testing of backing store string parser
	As we already test that the extraction of the backing store string works
	well additional tests for the backing store string parser can be made
	simpler.

	Export virStorageSourceNewFromBackingAbsolute and use it to parse the
	backing store strings, format them using virDomainDiskSourceFormat and
	match them against expected XMLs.

2016-07-27  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuxml2xml: Avoid crash when processing an XML that fails to parse
	Failure to parse a XML that was not supposed to fail would result into a
	crash in the test suite as the vcpu bitmap would not be filled prior to
	the active XML->XML test.

	Skip formatting of the vcpu snippet in the fake status XML formatter in
	such case to avoid the crash. The test would fail anyways.

2016-07-27  John Ferlan  <jferlan@redhat.com>

	Remove unnecessary virDomainDefClearDeviceAliases
	Nothing in the code path after the removed call has needs/uses the alias
	anyway (as would be the case for command line building or talking to monitor).
	The alias is VIR_FREE'd in virDomainDeviceInfoClear which is called for any
	device that needs/uses an alias via virDomainDeviceDefFree or virDomainDefFree
	as well as during virDomainDeviceInfoFree for host devices.

	For persistent domains, the domain definition (including aliases) gets
	freed a few screens later when it's replaced with newDef.

	For transient domains, the definition is freed/unref'd along with the
	virDomainObj a few moments later.

2016-07-27  John Ferlan  <jferlan@redhat.com>

	conf: Remove CCW,PCI clear address helpers
	Since commit id 'fb06350' these are no longer called, so remove them

2016-07-26  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainBlockStats
	Introduce initial support for domainBlockStats API call that
	allow us to query block device statistics. OpenStack nova
	uses this API call to query block statistics, alongside
	virDomainMemoryStats and virDomainInterfaceStats.  Note that
	this patch only introduces it for VBD for starters. QDisk
	would come in a separate patch series.

	A new statistics data structure is introduced to fit common
	statistics among others specific to the underlying block
	backends. For the VBD statistics on linux these are exported
	via sysfs on the path:

	"/sys/bus/xen-backend/devices/vbd-<domid>-<devid>/statistics"

	To calculate the block devno libxlDiskPathToID is introduced.
	Each backend implements its own function to extract statistics,
	allowing support for multiple backends and different platforms.

	VBD stats are exposed in reqs and number of sectors from
	blkback, and it's up to us to convert it to sector sizes.
	The sector size is gathered through xenstore in the device
	backend entry "physical-sector-size".

	BlockStatsFlags variant is also implemented which has the
	added benefit of getting the number of flush requests.

2016-07-26  Henning Schild  <henning.schild@siemens.com>

	qemu: rename QEMU_CAPS_MLOCK to QEMU_CAPS_REALTIME_MLOCK
	Purely cosmetic change to be consistent with the other names.

2016-07-26  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	conf: events: handle NULL uuid
	Not all objects have a uuid, such as nodedevs. When we add events
	support for them, NULL will be passed here, so handle it.

2016-07-26  Anton Khramov  <anton@endocode.com>

	network: Added hook for network modification event
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181539

2016-07-26  Derbyshev Dmitry  <dderbyshev@virtuozzo.com>

	qemu: expand domain memory statistics with 'last-update' timestamp
	QEMU reports timestamp along with other memory statistics, but this information is not saved into domain statistics.
	It could be useful to determine if the data reported is fresh or not.
	Balloon statistics are not reported in hrf, so no modifications are made in qemu_monitor_text.c.

	qemu: expand domain memory statistics with 'usable'
	'memtotal' in virtio drivers and qemu corresponds to 'available' in libvirt.
	Because of that, 'stat-available-memory' is renamed into 'usable'.
	Balloon statistics are not reported in hrf, so no modifications are made in qemu_monitor_text.c.

2016-07-26  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemu: remove ccwaddrs caching
	Dropping the caching of ccw address set.
	The cached set is not required anymore, because the set is now being
	recalculated from the domain definition on demand, so the cache
	can be deleted.

	qemu_hotplug: generate ccw address list on demand
	Dropping the caching of ccw address set.
	Instead of using the cached address set, functions in qemu_hotplug.c
	now recalculate it on demand.

2016-07-26  Tomasz Flendrich  <t.flendrich@gmail.com>

	Add qemuDomainCCWAddrSetCreateFromDomain
	The address sets (pci, ccw, virtio serial) are currently cached
	in qemu private data, but all the information required to recreate
	these sets is in the domain definition. Therefore I am removing
	the redundant data and adding a way to recalculate these sets.

	Add a function that calculates the ccw address set
	from the domain definition.

2016-07-26  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemu: remove vioserialaddrs caching
	Dropping the caching of virtio serial address set.
	The cached set is not required anymore, because the set is now being
	recalculated from the domain definition on demand, so the cache
	can be deleted.

	Credit goes to Cole Robinson.

2016-07-26  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemu_hotplug: generate vioserial address list on demand
	Dropping the caching of virtio serial address set.
	Instead of using the cached address set, a function in qemu_hotplug.c
	now recalculates it on demand.

	Credit goes to Cole Robinson.

2016-07-26  Tomasz Flendrich  <t.flendrich@gmail.com>

	add virDomainVirtioSerialAddrSetCreateFromDomain
	The address sets (pci, ccw, virtio serial) are currently cached
	in qemu private data, but all the information required to recreate
	these sets is in the domain definition. Therefore I am removing
	the redundant data and adding a way to recalculate these sets.

	Add a function that calculates the virtio serial address set
	from the domain definition.

	Credit goes to Cole Robinson.

2016-07-26  Ján Tomko  <jtomko@redhat.com>

	cgroup: drop INSERT_ELEMENT usage virCgroupPartitionEscape
	Use virAsprintf to prepend an underscore to make the code more
	readable.

2016-07-26  Andrea Bolognani  <abologna@redhat.com>

	util: systemd: Define MSG_NOSIGNAL if needed
	The symbol being missing has been reported as causing build
	failures on OS X. If it's not already defined, define it to
	zero so that it won't have any effect.

2016-07-25  Pavel Hrdina  <phrdina@redhat.com>

	qemu_monitor: search memballoon QOM device path using alias
	Commit 4a585a88 introduced searching QOM device path by alias, let's use it for
	memballoon too.  This may speedup the search because in most cases we will find
	the correct QOM device path directly by using alias without the need for the
	recursion code.

2016-07-25  Pavel Hrdina  <phrdina@redhat.com>

	qemu_monitor_json: add support to search QOM device path by device alias
	Commit ce745914 introduced detection of actual video ram sizes to fix migration
	if QEMU decide to modify the values provided by libvirt.  This works perfectly
	for domains with number of video devices up to two.

	If there are more than two video devices in the guest all the secondary devices
	in the XML will have the same memory values.  This is because our current code
	search for QOM device path only by the device type name and all the secondary
	video devices has the same name "qxl".

	This patch introduces a new search function that will try to search a QOM device
	path using also device's alias if the alias is available. After that it will
	fallback to the old recursive code if the alias search found no results.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1358728

2016-07-25  Tomasz Flendrich  <t.flendrich@gmail.com>

	Split qemuDomainDetachDeviceFlags in two
	Previously, qemuDomainDetachDeviceFlags was doing two things:
	handling the job and detaching devices. Now the second part is
	in a new function.

	Narrow down a parameter in qemuDomainDetachDeviceFlags
	This will make splitting up qemuDomainDetachDeviceFlags into two
	functions easier.

2016-07-25  Tomasz Flendrich  <t.flendrich@gmail.com>

	Split qemuDomainAttachDeviceFlags in two
	Previously, qemuDomainAttachDeviceFlags was doing two things:
	handling the job and attaching devices. Now the second part is
	in a new function.

	This change is required to make it possible to test more complex
	device attachment situations, like attaching a device to both
	config and live at once.

2016-07-25  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemu: Remove an unnecessary variables
	qemuCaps is no longer used anywhere in these functions,
	so it can be deleted.

	Change parameters to qemuDomainAttachDeviceLive
	We want to be able to pass a NULL instead of the connection
	and use this function in tests. To achieve this, the virConnectPtr
	is passed instead of virDomainPtr, and the driver is a new separate
	parameter.

2016-07-25  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemuhotplugtest: Add tests for ccw devices
	There's a plan to rework the address handling, so testcases
	that verify hotplugging ccw devices will help in avoiding
	regression.

	In this commit, some files are duplicated because of the way
	qemuhotplug.c calculates the expected xml filenames.
	I plan on changing that to explicitly stating the basis domain
	xml, the device xml, and the expected xml.

2016-07-24  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Don't crash by forgetting to ref transient domains
	So commit 306b3a8504 tried mimicking behaviour of commit 540c339a25, but
	added a virObjectRef(vm) only after virDomainObjListAdd() in
	lxcDomainDefineXMLFlags() and not in lxcDomainCreateXMLWithFiles().
	That way undefining a domain that was started with different XML than
	defined will leave the domain object in a state with not enough
	references to then remove it.  Hence any lxcDomainDestroyFlags() called
	afterwards crashes the daemon.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351057

2016-07-22  Guido Günther  <agx@sigxcpu.org>

	virt-aa-helper: Make help output match option name

2016-07-22  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	qemu: hotplug: fix changeable media ejection
	Since return code is checked globally at the end of the function, let's
	make sure that we set it correctly at any point.

	This fixes a regression introduced in commit 0aa19f35 where the first
	command to eject changeable media would fail unconditionally.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-07-22  Katerina Koukiou  <k.koukiou@googlemail.com>

	lxc: make container's init process session leader
	This patch forces container's init process, to become a session leader,
	that is its session ID is made the same as its process ID.
	That might seem unnecessary in general, but if we want to checkpoint a
	container with CRIU, which is needed for container migration,
	we must ensure that the SID of each process inside the container points
	to a process that lives in the same PID namespace as the container.
	Therefore, we force that the session leader is the init.

2016-07-21  Ján Tomko  <jtomko@redhat.com>

	Auto-add one hub if there are too many USB devices
	When parsing a command line with USB devices that have
	no address specified, QEMU automatically adds a USB hub
	if the device would fill up all the available USB ports.

	To help most of the users, add one hub if there are more
	USB devices than available ports. For wilder configurations,
	expect the user to provide us with more hubs and/or controllers.

2016-07-21  Ján Tomko  <jtomko@redhat.com>

	Assign addresses on USB device hotplug
	USB disks, redirected devices, host devices and serial devices
	are supported.

2016-07-21  Ján Tomko  <jtomko@redhat.com>

	Assign addresses to USB devices
	Automatically assign addresses to USB devices.

	Just like reserving, this is only done for newly defined domains.

	https://bugzilla.redhat.com/show_bug.cgi?id=1215968

2016-07-21  Ján Tomko  <jtomko@redhat.com>

	Add tests for USB address assignment
	Introduce tests with the ich9, xhci and the default (piix3) usb
	controller to demonstrate the effect of the next patch.

	Reserve existing USB addresses
	Check if they fit on the USB controllers the domain has,
	and error out if two devices try to use the same address.

	Add functions for adding USB hubs to addrs
	Walk through all the usb hubs in the domain definition
	that have a USB address specified, create the
	corresponding structures in the virDomainUSBAddressSet
	and mark the port it occupies as used.

	Add functions for adding USB controllers to addrs
	Walk through all the usb controllers in the domain definition
	and create the corresponding structures in the virDomainUSBAddressSet.

2016-07-21  Ján Tomko  <jtomko@redhat.com>

	Introduce virDomainUSBAddressSet
	A new type to track USB addresses.

	Every <controller type='usb' index='i'/> is represented by an
	object of type virDomainUSBAddressHub located at buses[i].

	Each of these hubs has up to 'nports' ports.
	If a port is occupied, it has the corresponding bit set in
	the 'ports' bitmap, e.g. port 1 would have the 0th bit set.
	If there is a hub on this port, then hubs[i] will point
	to this hub.

2016-07-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: handle gracefully races on undefining domain
	Undefine procedure drops domain lock while waiting for detaching
	disks vz sdk call. Meanwhile vz sdk event domain-config-changed
	arrives, its handler finds domain and is blocked waiting for job
	condition. After undefine API call finishes event processing procedes
	and tries to refreshes domain config thru existing vz sdk domain handle.
	Domain does not exists anymore and event processing fails. Everything
	is fine we just don't want to see error message in log for this
	particular case.

	Fortunately domain has flag that domain is removed from list. This
	also imply that vz sdk domain is also undefined. Thus if we check
	for this flag right after domain is locked again on accuiring
	job condition we gracefully handle this situation.

	Actually the race can happen in other situations too. Any
	time we wait for job condition in mutualy exclusive job in
	time when we acquire it vz sdk domain can cease to exist.
	So instead of general internal error we can return domain
	not found which is easier to handle. We don't need to patch
	other places in mutually exclusive jobs where domain lock
	is dropped as if job is started domain can't be undefine
	by mutually exclusive undefine job.

	The code of this patch is quite similar to qemu driver checks
	for is domain is active after acquiring a job. The difference
	only while qemu domain is operational while process is active
	vz domain is operational while domain exists.

2016-07-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: make vz driver more responsive
	Current vz driver implementation is not usable when it comes to
	long runnig operations. Migration or saving a domain blocks all
	other operations even query ones which are expecteted to be available.
	This patch addresses this problem.

	All vz driver API calls fall into next 3 groups:
	1. only query domain cache (virDomainObj, vz cache statistic)
	   examples are vzDomainGetState, vzDomainGetXMLDesc etc.
	2. use thread shared sdkdom object
	   examples are vzDomainSetMemoryFlags, vzDomainAttachDevice etc.
	3. use no thread shared sdkdom object nor domain cache
	   examples are vzDomainSnapshotListNames, vzDomainSnapshotGetXMLDesc etc

	API calls from group 1 don't need to be changed as they hold domain lock only
	for short period of time. These calls [1] are easily distinguished. They query
	domain object thru libvirt common code or query vz sdk statistics handle thru
	vz sdk sync operations.

	vzDomainInterfaceStats is the only exception. It uses sdkdom object to
	convert interface name to its vz sdk stack index which could not be saved in
	domain cache. Interface statistics is available thru this stack index as a key
	rather than name. As a result we can have accidental 'not known interface'
	errors on quering intrerface stats. The reason is that in the process of
	updating domain configuration we drop all devices and then recreate them again
	in sdkdom object and domain lock can be dropped meanwhile (to remove networks
	for existing bridged interfaces and(or) (re)create new ones). We can fix this
	by changing the way we support bridged interfaces or by reordering operations
	and changing bridged networks beforehand. Anyway this is better than moving
	this API call into 2 group and making it an exclusive job.

	As to API calls from group 2, first thread shared sdkdom object needs to be
	explained. vz sdk has only one handle for a given domain, thus threads need
	exclusive access to operate on it. These calls are fixed to drop and reacquire
	domain lock on any lengthy operations - namely waiting the result of async vz
	sdk operation. As lock is dropped we need to take extra reference to domain
	object if it is not taken already as domain object can be deleted from list
	while lock is dropped. As this operations use thread shared sdkdom object, the
	simplest way to make calls from group 2 be consistent to each other is to make
	them mutually exclusive. This is done by taking/releasing job condition thru
	calling correspondent job routine. This approach makes group 1 and group
	2 calls consistent to each other too. Not all calls of group 2 change the
	domain cache but those that do update it thru prlsdkUpdateDomain which holds
	the lock thoughout the update.

	API calls from group [2] are easily distinguished too. They use
	beginEdit/commit to change domain configuration (vzDomainSetMemoryFlags) or/and
	update domain cache from sdkdom at the end of operation (vzDomainSuspend).

	There is a known issue however. Frankly speaking it was introduced by ealier
	patch '[PATCH 6/9] vz: cleanup loading domain code' from a different series.
	The patch significantly reduced amount of time when the driver lock is held when
	creating domain from API call or as a result of domain added event from vz sdk.
	The problem is these two paths race on using thread shared sdkdom as we don't
	have libvirt domain object and can not lock on it. However this don't
	invalidates the patch as we can't use the former approach of preadding domain
	into the list as we need name at least and name is not given by event. Anyway
	i'm against adding half baked object into the list. Eventually this race can be
	fixed by extra measures. As to current situation races with different
	configurations are unlikely and race when adding domain thru vz driver and
	simultaneous event from vz sdk is not dangerous as configuration is the same.

	The last group [3] is API calls that need only sdkdom object to make vz sdk
	call and don't change thread shared sdkdom object or domain cache in any way.
	For now these are mostly domain snapshot API calls. The changes are similar to
	those of group 2 - they add extra reference and drop/reacquire the lock on waiting
	vz async call result. One can simply take the immutable sdkdom object from the
	cache and drop the lock for the rest of operations but the chosen approach
	makes implementation of these API calls somewhat similar to those of from group
	2 and thus a bit futureproof. As calls of group 3 don't need vz driver
	domain/vz sdk cache in any way, they are consistent with respect to API calls from
	groups 1 and 3.

	There is another exception. Calls to make-snapshot/revert-to-snapshot/migrate
	are moved to group 2. That is they are made mutually exclusive. The reason
	is that libvirt API supports control/query only for one job per domain and
	these are jobs that are likely to be queried/aborted.

	Appendix.

	[1] API calls that only query domain cache.
	(marked [*] are included for a different reason)

	.domainLookupByID = vzDomainLookupByID,    /* 0.10.0 */
	.domainLookupByUUID = vzDomainLookupByUUID,        /* 0.10.0 */
	.domainLookupByName = vzDomainLookupByName,        /* 0.10.0 */
	.domainGetOSType = vzDomainGetOSType,    /* 0.10.0 */
	.domainGetInfo = vzDomainGetInfo,  /* 0.10.0 */
	.domainGetState = vzDomainGetState,        /* 0.10.0 */
	.domainGetXMLDesc = vzDomainGetXMLDesc,    /* 0.10.0 */
	.domainIsPersistent = vzDomainIsPersistent,        /* 0.10.0 */
	.domainGetAutostart = vzDomainGetAutostart,        /* 0.10.0 */
	.domainGetVcpus = vzDomainGetVcpus, /* 1.2.6 */
	.domainIsActive = vzDomainIsActive, /* 1.2.10 */
	.domainIsUpdated = vzDomainIsUpdated,     /* 1.2.21 */
	.domainGetVcpusFlags = vzDomainGetVcpusFlags, /* 1.2.21 */
	.domainGetMaxVcpus = vzDomainGetMaxVcpus, /* 1.2.21 */
	.domainHasManagedSaveImage = vzDomainHasManagedSaveImage, /* 1.2.13 */
	.domainGetMaxMemory = vzDomainGetMaxMemory, /* 1.2.15 */
	.domainBlockStats = vzDomainBlockStats, /* 1.2.17 */
	.domainBlockStatsFlags = vzDomainBlockStatsFlags, /* 1.2.17 */
	.domainInterfaceStats = vzDomainInterfaceStats, /* 1.2.17 */                   [*]
	.domainMemoryStats = vzDomainMemoryStats, /* 1.2.17 */
	.domainMigrateBegin3Params = vzDomainMigrateBegin3Params, /* 1.3.5 */
	.domainMigrateConfirm3Params = vzDomainMigrateConfirm3Params, /* 1.3.5 */

	[2] API calls that use thread shared sdkdom object
	(marked [*] are included for a different reason)

	.domainSuspend = vzDomainSuspend,    /* 0.10.0 */
	.domainResume = vzDomainResume,    /* 0.10.0 */
	.domainDestroy = vzDomainDestroy,  /* 0.10.0 */
	.domainShutdown = vzDomainShutdown, /* 0.10.0 */
	.domainCreate = vzDomainCreate,    /* 0.10.0 */
	.domainCreateWithFlags = vzDomainCreateWithFlags, /* 1.2.10 */
	.domainReboot = vzDomainReboot, /* 1.3.0 */
	.domainDefineXML = vzDomainDefineXML,      /* 0.10.0 */
	.domainDefineXMLFlags = vzDomainDefineXMLFlags, /* 1.2.12 */ (update part)
	.domainUndefine = vzDomainUndefine, /* 1.2.10 */
	.domainAttachDevice = vzDomainAttachDevice, /* 1.2.15 */
	.domainAttachDeviceFlags = vzDomainAttachDeviceFlags, /* 1.2.15 */
	.domainDetachDevice = vzDomainDetachDevice, /* 1.2.15 */
	.domainDetachDeviceFlags = vzDomainDetachDeviceFlags, /* 1.2.15 */
	.domainSetUserPassword = vzDomainSetUserPassword, /* 1.3.6 */
	.domainManagedSave = vzDomainManagedSave, /* 1.2.14 */
	.domainSetMemoryFlags = vzDomainSetMemoryFlags, /* 1.3.4 */
	.domainSetMemory = vzDomainSetMemory, /* 1.3.4 */
	.domainRevertToSnapshot = vzDomainRevertToSnapshot, /* 1.3.5 */                  [*]
	.domainSnapshotCreateXML = vzDomainSnapshotCreateXML, /* 1.3.5 */                [*]
	.domainMigratePerform3Params = vzDomainMigratePerform3Params, /* 1.3.5 */        [*]
	.domainUpdateDeviceFlags = vzDomainUpdateDeviceFlags, /* 2.0.0 */
	prlsdkHandleVmConfigEvent

	[3] API calls that do not use thread shared sdkdom object

	.domainManagedSaveRemove = vzDomainManagedSaveRemove, /* 1.2.14 */
	.domainSnapshotNum = vzDomainSnapshotNum, /* 1.3.5 */
	.domainSnapshotListNames = vzDomainSnapshotListNames, /* 1.3.5 */
	.domainListAllSnapshots = vzDomainListAllSnapshots, /* 1.3.5 */
	.domainSnapshotGetXMLDesc = vzDomainSnapshotGetXMLDesc, /* 1.3.5 */
	.domainSnapshotNumChildren = vzDomainSnapshotNumChildren, /* 1.3.5 */
	.domainSnapshotListChildrenNames = vzDomainSnapshotListChildrenNames, /* 1.3.5 */
	.domainSnapshotListAllChildren = vzDomainSnapshotListAllChildren, /* 1.3.5 */
	.domainSnapshotLookupByName = vzDomainSnapshotLookupByName, /* 1.3.5 */
	.domainHasCurrentSnapshot = vzDomainHasCurrentSnapshot, /* 1.3.5 */
	.domainSnapshotGetParent = vzDomainSnapshotGetParent, /* 1.3.5 */
	.domainSnapshotCurrent = vzDomainSnapshotCurrent, /* 1.3.5 */
	.domainSnapshotIsCurrent = vzDomainSnapshotIsCurrent, /* 1.3.5 */
	.domainSnapshotHasMetadata = vzDomainSnapshotHasMetadata, /* 1.3.5 */
	.domainSnapshotDelete = vzDomainSnapshotDelete, /* 1.3.5 */

	[4] Known issues.

	1. accidental errors on getting network statistics
	2. race with simultaneous use of thread shared domain object on paths
	 of adding domain thru API and adding domain on vz sdk domain added event.

2016-07-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: keep naming convention for domain objects
	see 4385b868

	vz: remove redundant variable in prlsdkHandleVmAddedEvent

	vz: use state variable sdkdom in prlsdkApplyConfig
	sdk domain handle is unique per connection so there is
	no sense to query it again if we have it in vzDomObjPtr.
	Side effect of prlsdkSdkDomainLookupByUUID is refreshing
	domain config is of no use too as PrlVm_BeginEdit do it too.

2016-07-20  John Ferlan  <jferlan@redhat.com>

	storage: Add extra failure condition for luks volume creation
	Commit id '5e46d7d6' did not take into account that usage of a luks
	volume will require usage of the master key encrypted passphrase for
	a QEMU environment.  So rather than allow creation of something that
	won't be usable, just fail the creation.

2016-07-20  John Ferlan  <jferlan@redhat.com>

	qemu: Disallow usage of luks encryption if aes secret not possible
	Resolves a CI test integration failure with a RHEL6/Centos6 environment.

	In order to use a LUKS encrypted device, the design decision was to
	generate an encrypted secret based on the master key. However, commit
	id 'da86c6c' missed checking for that specifically.

	When qemuDomainSecretSetup was implemented, a design decision was made
	to "fall back" to a plain text secret setup if the specific cipher was
	not available (e.g. virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC))
	as well as the QEMU_CAPS_OBJECT_SECRET. For the luks encryption setup
	there is no fall back to the plaintext secret, thus if that gets set
	up by qemuDomainSecretSetup, then we need to fail.

	Also, while the qemuxml2argvtest has set the QEMU_CAPS_OBJECT_SECRET
	bit, it didn't take into account the second requirement that the
	ability to generate the encrypted secret is possible. So modify the
	test to not attempt to run the luks-disk if we know we don't have
	the encryption algorithm.

2016-07-20  John Ferlan  <jferlan@redhat.com>

	storage: Fix error path
	virStorageBackendCreateQemuImgCheckEncryption didn't return -1 if there
	were no secrets.

	qemu: Move setting of encobjAdded for qemuDomainAttachSCSIDisk
	A post push realization that the boolean should be set inside the condition

	qemu: Move setting of obj bools for qemuDomainAttachVirtioDiskDevice
	A post push realization that the setting of the boolean needed to be
	inside the if condition.

2016-07-19  Ján Tomko  <jtomko@redhat.com>

	hvsupport: skip non-matching lines early
	Most of the lines we look at are not going to match one of the
	driver types contained in $groups_regex.

	Move on to the next line if it does not contain any of them early.
	This speeds up the script execution by 50%, since this simple regex
	does not have any capture groups.

2016-07-19  Ján Tomko  <jtomko@redhat.com>

	hvsupport: construct the group regex upfront
	The %groups hash contains all the driver types (e.g.
	virHypervisorDriver or virSecretDriver).

	When searching for all the APIs that are implemented by a driver
	of that specific driver type, we keep iterating over the %groups
	hash on every line we look at, then matching against the driver type.

	This is inefficient because it prevents perl from caching the regex
	and it executes the regex once for every driver type, even though
	one regex matching excludes all the others, since all the driver types
	are different.

	Construct the regex containing all the driver types upfront to save
	about 6.4s (~98%) of the script execution time.

2016-07-19  Ján Tomko  <jtomko@redhat.com>

	hvsupport: use a regex instead of XML::XPath
	When generating the hvsupport.html.in file, we parse the -api.xml
	files generated by apibuild.py to know in which HTML file the API
	function is.

	Doing an XPath query for every single 'function' element in the
	file is inefficient.

	Since the XML file is generated by another of our build scripts
	(apibuild.py, using Python's standard 'output.write' XML library),
	just find the function name->file mapping by a regex upfront.

	Also add a note about this next to the line that generates it
	in apibuild.py and do not check if XML::XPath is installed in
	bootstrap since we no longer use it.

2016-07-19  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: errors after the handshake won't be reported
	Any error happening after the hand shake in the lxc controller
	will not result in a failure as errors are checked during the handshake.
	Move the handshake after the last possible error.

	virt-aa-helper: better write denials handling
	Better fix replacing c726af2d: introducing an 'R' permission to
	add read rule, but no explicit deny write rule.

2016-07-19  John Ferlan  <jferlan@redhat.com>

	qemu: Add luks support for domain disk
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1301021

	Generate the luks command line using the AES secret key to encrypt the
	luks secret. A luks secret object will be in addition to a an AES secret.

	For hotplug, check if the encinfo exists and if so, add the AES secret
	for the passphrase for the secret object used to decrypt the device.

	Modify/augment the fakeSecret* in qemuxml2argvtest in order to handle
	find a uuid or a volume usage with a specific path prefix in the XML
	(corresponds to the already generated XML tests). Add error message
	when the 'usageID' is not 'mycluster_myname'. Commit id '1d632c39'
	altered the error message generation to rely on the errors from the
	secret_driver (or it's faked replacement).

	Add the .args output for adding the LUKS disk to the domain

2016-07-19  John Ferlan  <jferlan@redhat.com>

	qemu: Alter the qemuDomainGetSecretAESAlias to add new arg
	Soon we will be adding luks encryption support. Since a volume could require
	both a luks secret and a secret to give to the server to use of the device,
	alter the alias generation to create a slightly different alias so that
	we don't have two objects with the same alias.

	qemu: Add secinfo for hotplug virtio disk
	Commit id 'a1344f70a' added AES secret processing for RBD when starting
	up a guest. As such, when the hotplug code calls qemuDomainSecretDiskPrepare
	an AES secret could be added to the disk about to be hotplugged. If an AES
	secret was added, then the hotplug code would need to generate the secret
	object because qemuBuildDriveStr would add the "password-secret=" to the
	returned 'driveStr' rather than the base64 encoded password.

2016-07-19  John Ferlan  <jferlan@redhat.com>

	storage: Add support to create a luks volume
	Partially resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=1301021

	If the volume xml was looking to create a luks volume take the necessary
	steps in order to make that happen.

	The processing will be:
	 1. create a temporary file (virStorageBackendCreateQemuImgSecretPath)
	   1a. use the storage driver state dir path that uses the pool and
	       volume name as a base.

	 2. create a secret object (virStorageBackendCreateQemuImgSecretObject)
	   2a. use an alias combinding the volume name and "_luks0"
	   2b. add the file to the object

	 3. create/add luks options to the commandline (virQEMUBuildLuksOpts)
	   3a. at the very least a "key-secret=%s" using the secret object alias
	   3b. if found in the XML the various "cipher" and "ivgen" options

2016-07-19  John Ferlan  <jferlan@redhat.com>

	vsh: Properly initialize res
	The 'res' variable was only being initialized to NULL in the
	if (!state) path; however, that path never used res and evenutally
	res is assigned one of two results based on a pair of if then else if
	conditions. If for some reason neither of those paths was taken and
	the (!state) path wasn't taken, then 'res' would be indeterminate.

	Found by Coverity, probably a false positive based on code paths, but
	better safe than sorry for the future.

2016-07-19  John Ferlan  <jferlan@redhat.com>

	conf: Need to check for glisten before accessing
	When formatting the graphics data for TYPE_SPICE, check if the glisten
	is NULL before blindly referencing

	Found by Coverity

2016-07-19  John Ferlan  <jferlan@redhat.com>

	tests: Need to check return of virGetLastError
	Cannot assume virGetLastError returns non-NULL value - modify the code to
	fetch err and check if err && err->code

	Found by Coverity

2016-07-19  John Ferlan  <jferlan@redhat.com>

	tools: Fix comparison in virLoginShellGetShellArgv
	Commit id '740e4d70' altered the logic to fetch the sysconf values and
	added a new virConfGetValueStringList which returns -1 on failure, 0 if
	missing, and 1 if the value was present.

	However, the caller only checked !shargv which caught Coverity's attention
	since the following VIR_ALLOC_N(*shargv, 2) would be a NULL ptr deref

2016-07-19  John Ferlan  <jferlan@redhat.com>

	util: Fix incorrect VIR_FREE in virConfGetValueStringList
	Since we VIR_ALLOC_N to *values, the VIR_FREE should be done likewise

2016-07-19  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Output srv-threadpool-info data as unsigned int rather than signed
	Internally, all the data are represented as unsigned int, it is also documented
	in the header file that users should use our exported constants that also
	indicate that the data should be unsigned int. However, when polling for the
	current server threadpool's configuration, virt-admin uses an incorrect
	formatting parameter '%d' for printf. Instead, virt-admin should use formatting
	parameter '%u'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1356769

2016-07-19  John Ferlan  <jferlan@redhat.com>

	qemu: Move and rename qemuBufferEscapeComma
	Move to virqemu and rename to virQEMUBuildBufferEscapeComma. This can then
	be shared by the storage driver when it builds the command line for qemuimg

	qemu: Alter error path cleanup for qemuDomainAttachMemory
	A recent adjustment to qemuDomainAttachRNGDevice to properly cleanup
	the props object after a qemuMonitorAddObject also would affect this
	code. Alter the cleanup to be similar to RNG changes.

	qemu: Alter error path cleanup for qemuDomainAttachRNGDevice
	Based on recent review comment - rather than have a spate of goto failxxxx,
	change to a boolean based model. Ensures that the original error can be
	preserved and cleanup is a bit more orderly if more objects are added.

	qemu: Alter error path cleanup for qemuDomainAttachChrDevice
	Based on recent review comment - rather than have a spate of goto failxxxx,
	change to a boolean based model. Ensures that the original error can be
	preserved and cleanup is a bit more orderly if more objects are added.

	qemu: Alter error path cleanup for qemuDomainAttachSCSIDisk
	Based on recent review comment - rather than have a spate of goto failxxxx,
	change to a boolean based model. Ensures that the original error can be
	preserved and cleanup is a bit more orderly if more objects are added.

	qemu: Alter error path cleanup for qemuDomainAttachVirtioDiskDevice
	Based on recent review comment - rather than have a spate of goto failxxxx,
	change to a boolean based model. Ensures that the original error can be
	preserved and cleanup is a bit more orderly if more objects are added.

	qemu: Alter error path cleanup for qemuDomainAttachHostSCSIDevice
	Based on recent review comment - rather than have a spate of goto failxxxx,
	change to a boolean based model. Ensures that the original error can be
	preserved and cleanup is a bit more orderly if more objects are added.

2016-07-19  Erik Skultety  <eskultet@redhat.com>

	fs: Fix '<' comparison of value produced by logical not '!'
	Commit da665fbd introduced the following condition to virLXCProcessEnsureRootFS
	and openvzReadFSConf:

	if (!(<some_var> = virDomainFSDefNew()) < 0)

	which broke the build on fedora with GCC 5.3.1: "logical not is only applied to
	the left hand side of comparison".

2016-07-19  Julio Faracco  <jcfaracco@gmail.com>

	security: compilation error due to wrong parameter for vah_add_path().
	The commit da665fbd introduced virStorageSourcePtr inside the structure
	_virDomainFSDef. This is causing an error when libvirt is being compiled.

	make[3]: Entering directory `/media/julio/8d65c59c-6ade-4740-9cdc-38016a4cb8ae
	/home/julio/Desktop/virt/libvirt/src'
	  CC       security/virt_aa_helper-virt-aa-helper.o
	security/virt-aa-helper.c: In function 'get_files':
	security/virt-aa-helper.c:1087:13: error: passing argument 2 of 'vah_add_path'
	from incompatible pointer type [-Werror]
	             if (vah_add_path(&buf, fs->src, "rw", true) != 0)
	             ^
	security/virt-aa-helper.c:732:1: note: expected 'const char *' but argument is
	of type 'virStorageSourcePtr'
	 vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool
	recursive)
	 ^
	cc1: all warnings being treated as errors

	Adding the attribute "path" from virStorageSourcePtr fixes this issue.

2016-07-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add tcp and udp serial device support
	vz supports only a subset of tcp and udp parameters.

	1. tcp type supports only 'raw' protocol.
	2. udp type supports only same parameters of 'host' and 'service'
	for 'bind' and 'connect'.

2016-07-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add mode of unix socket serial device to xml dump

	vz: don't fail unregister on sending event error

	vz: use single variable for domain

	vz: dont remove domain from list on client object error
	After domain is in the domains list let's keep it there. This
	is approach taken by qemu driver and vz vzDomainMigrateFinish3Params too.
	It quite reasonable, driver domain object is fully constructed and
	can be discovered by client later.

2016-07-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: cleanup loading domain code
	  9c14a9ab introduced vzNewDomain function to enlist libvirt domain
	object before actually creating vz sdk domain. Fix should fix
	race on same vz sdk domain added event where libvirt domain object is
	enlisted too. But later eb5e9c1e added locked checks for
	adding livirtd domain object to list on vz sdk domain added event.
	Thus now approach of 9c14a9ab is unnecessary complicated.

	  See we have otherwise unuseful prlsdkGetDomainIds function only
	to create minimal domain definition to create libvirt domain object.
	Also vzNewDomain is difficult to use as it creates partially
	constructed domain object.

	  Let's move back to original approach where prlsdkLoadDomain do
	all the necessary job. Another benefit is that we can now
	take driver lock for bare minimum and in single place. Reducing
	locking time have small disadvatage of double parsing on race
	conditions which is typical if domain is added thru vz driver.
	Well we have this double parse inevitably with current vz sdk api
	on any domain updates so i would not take it here seriously.

	  Performance events subscribtion is done before locked check and
	therefore could be done twice on races but this is not the problem.

2016-07-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: use domain list infrastructure to deal with private domain

	vz: make error handling idiomatic in prlsdkCreateVm

	vz: fix leaks in prlsdkCreate* functions

	vz: restore accidentally removed locks around close callback calls

	vz: remove unnecessary labels in simple API calls

2016-07-18  Olga Krishtal  <okrishtal@virtuozzo.com>

	vz: support filesystem type volume
	Vz containers are able to use ploop volumes from storage pools
	to work upon.

	To use filesystem type volume, pool name and volume name should be
	specifaed in <source> :
	   <filesystem type='volume' accessmode='passthrough'>
	      <driver type='ploop' format='ploop'/>
	      <source pool='guest_images' volume='TEST_POOL_CT'/>
	      <target dir='/'/>
	   </filesystem>

	The information about pool and volume is stored in ct dom configuration:
	<StorageURL>libvirt://localhost/pool_name/vol_name</StorageURL>
	and can be easily obtained via PrlVmDevHd_GetStorageURL sdk call.

	The only shorcoming: if storage pool is moved somewhere the ct
	should be redefined in order to refresh the information aboot path
	to root.hdd

2016-07-18  Olga Krishtal  <okrishtal@virtuozzo.com>

	vz: refactoring of prlsdkCreateCt
	We do not need to check domainf fs type there,
	because it is done in prlsdkCheckUnsupportedParams.

2016-07-18  Olga Krishtal  <okrishtal@virtuozzo.com>

	devices: filesystems: added volume type
	New type of <devices> <filesystem type= 'volume'> is introduced.
	This patch allows to use volumes for storing the filesystem, that is
	accessed from the guest e.g. root directory for container.

	To take advantage of volumes as a backend of filesystem volume
	and pool names should be specified:
	<filesystem type= 'volume'>
	 <source pool='pool name' volume='volume name'/>

2016-07-18  Olga Krishtal  <okrishtal@virtuozzo.com>

	filesystem: adds possibility to use storage pool as fs source

	vz: fixed null-pointer dereference in applying graphic params

2016-07-18  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix destination domain synchronization
	Adding domain to domain list on preparation step is not correct.
	First domain is not fully constructed - domain definition is
	missing. Second we can't use VIR_MIGRATE_PARAM_DEST_XML parameter
	to parse definition as vz sdk can patch it by itself. Let's add/remove
	domain on finish step. This is for synchronization purpose only so domain
	is present/absent on destination after migration completion. Actually
	domain object will probably be created right after actual vz sdk
	migration start by vz sdk domain defined event.

	We can not and should not sync domain cache on error path in finish step
	of migration. We can not as we really don't know what is the reason of
	cancelling and we should not as user should not make assumptions on
	state on error path. What we should do is cleaning up temporary migration
	state that is induced on prepare step but we don't have one. Thus
	cancellation should be noop.

2016-07-18  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix memory leaks in prlsdkLoadDomains
	Free sdkdom on any result of prlsdkNewDomainByHandle.

	vz: fix missed defined domain event
	libvirt domain defined event is issued only on correspondent vz sdk
	event. But in case event delivered before domain is added to
	domain list we can mistakenly skip this event if prlsdkNewDomainByHandle
	return NULL in case of domain is discovered in the list under
	the driver lock. Let's return domain object in this case.
	Now prlsdkNewDomainByHandle returns NULL only in case of
	error which is more convinient.

	vz: don't pass empty and unused fields in migration cookie
	The first version of migration cookie was rather dumb resulting
	in passing empty or unused fields here and there. Add flags to
	specify what to bake to and eat from cookie so we deal only
	with meaningful data. However for backwards compatibility
	we still need to pass at least some faked fields sometimes.

2016-07-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix migration from old libvirt
	Older libvirt versions send persistent XML in a migration cookie even
	when VIR_MIGRATE_PERSIST_DEST flag is not used, but current libvirt
	properly fails if the cookie contains unexpected flags. Thus migration
	from old libvirt fails with

	    internal error: Unsupported migration cookie feature persistent

	unless VIR_MIGRATE_PERSIST_DEST flag is set.

	https://bugzilla.redhat.com/show_bug.cgi?id=1320500

2016-07-18  Cole Robinson  <crobinso@redhat.com>

	test: Add scsi vport nodedev to test:///default
	A nodedev device definition like this is required for testing
	NodeDeviceCreateXML and NodeDeviceDestroy. So unless it's part
	of the stock test:///default set there's no way to actually
	invoke those functions for the default URI

	test: Have test:///default open use file parsing helpers
	Convert the individual XML documents into one big XML document
	in the format expected by the non-default test://$PATH URI, and
	use the same internal helpers for assembling the driver contents.

	test: Move testOpenDefault definition later
	Upcoming patches need this defined later

	test: Introduce testOpenParse

2016-07-18  Andrea Bolognani  <abologna@redhat.com>

	util: conf: Rename VIR_CONF_{U,}LONG -> VIR_CONF_{U,}LLONG
	Since commit 6381c89f8cce, we're storing long long integers
	instead of long integers. Rename the corresponding virConfType
	value accordingly.

	util: conf: Clarify choice between VIR_CONF_LONG and VIR_CONF_ULONG
	We use unsigned long long integers unless we need to store a
	negative value. Rewrite the condition to make this more obvious.

	util: conf: Fix parameters alignment
	The parameters for virConfGetValueLLong() were not aligned
	properly.

	util: conf: Fix comment for virConfGetValueULLong()
	The name of the function is not virConfGetValueULongLong().

	util: conf: Claim the proper range for signed numbers
	virConfGetValueLLong() errors out if the value is too big to
	fit into a long long integer, but claims the supported range
	to be (0,LLONG_MAX) instead of (LLONG_MIN,LLONG_MAX).

	util: conf: Add integer casts
	For good measure.

	util: conf: Improve virConfGet*() logic
	When parsing numeric values, we always store them as unsigned
	unless they're negative. We can use this fact to simplify the
	logic by removing a bunch of unnecessary checks.

	util: conf: Use long long when parsing
	Commit 6381c89f8cce changed virConfValue to store long long
	integers instead of long integers; however, the temporary variable
	used in virConfParseLong() was not updated accordingly, causing
	trouble for 32-bit machines.

2016-07-18  Ján Tomko  <jtomko@redhat.com>

	hvsupport: Introduce parseSymsFile
	The code for parsing the different public syms files only differs
	in the filenames and version prefix.

	Unify it to a single subroutine.

2016-07-18  Ján Tomko  <jtomko@redhat.com>

	Store USB port path as an array of integers
	In preparation to tracking which USB addresses are occupied.
	Introduce two helper functions for printing the port path
	as a string and appending it to a virBuffer.

2016-07-18  Ján Tomko  <jtomko@redhat.com>

	Allow omitting USB port
	We were requiring a USB port path in the schema, but not enforcing it.
	Omitting the USB port would lead to libvirt formatting it as (null).
	Such domain cannot be started and will disappear after libvirtd restart
	(since it cannot parse back the XML).

	Only format the port if it has been specified and mark it as optional
	in the XML schema.

2016-07-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Drop default channel path during migration
	Migration to an older libvirt (pre v1.3.0-175-g7140807) is broken
	because older versions of libvirt generated different channel paths and
	they didn't drop the default paths when parsing domain XMLs. We'd get
	such a nice error message:

	    internal error: process exited while connecting to monitor:
	    2016-07-08T15:28:02.665706Z qemu-kvm: -chardev socket,
	    id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/
	    domain-3-nest/org.qemu.guest_agent.0,server,nowait: Failed to bind
	    socket to /var/lib/libvirt/qemu/channel/target/domain-3-nest/
	    org.qemu.guest_agent.0: No such file or directory

	That said, we should not even format the default paths when generating a
	migratable XML.

	https://bugzilla.redhat.com/show_bug.cgi?id=1320470

2016-07-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Copy complete domain def in qemuDomainDefFormatBuf
	Playing directly with our live definition, updating it, and reverting it
	back once we are done is very nice and it's quite dangerous too. Let's
	just make a copy of the domain definition if needed and do all tricks on
	the copy.

	https://bugzilla.redhat.com/show_bug.cgi?id=1320470

2016-07-15  Daniel P. Berrange  <berrange@redhat.com>

	virconf: skip some range checks if SSIZE_MAX >= LLONG_MAX
	If size_t is the same size as long long, then we can skip
	some of the range checks. This avoids triggering some
	bogus compiler warning messages.

	virconf: clarify type range checks for integers
	The virConf 'l' field is a 'signed long long', so whenever
	the 'type' field is VIR_CONF_ULONG, we should explicitly cast
	'l' to a 'unsigned long long' before doing range checks.

2016-07-15  Michal Privoznik  <mprivozn@redhat.com>

	virConfGetValueSSizeT: Fix build on 32 bits
	This function tries to get a ssize_t value from a config file.
	But before returning it, it checks whether the value would fit in
	ssize_t and if not an error is printed out among with the range
	for the ssize_t type. However, on some platforms SSIZE_MAX may
	actually be a signed long type:

	util/virconf.c: In function 'virConfGetValueSSizeT':
	util/virconf.c:1268:9: error: format '%zd' expects argument of type 'signed size_t', but argument 9 has type 'long int' [-Werror=format=]
	         virReportError(VIR_ERR_INTERNAL_ERROR,
	         ^
	$ grep -r SSIZE_MAX /usr/include/
	/usr/include/bits/posix1_lim.h:#ifndef  SSIZE_MAX
	/usr/include/bits/posix1_lim.h:# define SSIZE_MAX       LONG_MAX

2016-07-14  John Ferlan  <jferlan@redhat.com>

	conf: Revert changes to add new secret type "passphrase"
	Revert the remainder of commit id 'c84380106'

	docs: Update docs to reflect LUKS secret changes
	Commit id's 'c8438010', '9bbf0d7e', and '2552fec24' altered the documentation
	to describe adding a 'passphrase' type secret usage model in order to reference
	the secret for a luks volume. After commit, it was deemed that a 'volume'
	usage model should be used, so adjust the various documents in order rephrase
	descriptions in order to follow the correct usage model.

2016-07-14  John Ferlan  <jferlan@redhat.com>

	tests: Adjust LUKS tests to use 'volume' secret type
	Commit id's '9bbf0d7e6' and '2552fec24' added some XML parsing tests
	for a LUKS volume to use a 'passphrase' secret format. After commit,
	this was deemed to be incorrect, so covert the various tests to use
	the volume usage format where the 'usage' is the path to the volume
	rather than a user defined name string.

	Also, removed the qemuxml2argv-luks-disk-cipher.xml since it was
	just a duplicate of qemuxml2argv-luks-disks.xml.

2016-07-14  Andrea Bolognani  <abologna@redhat.com>

	tests: command: Fix build on ppc64/aarch64
	Commit ca10bb040fcf introduced a new test that fails to build
	on at least some architectures:

	  commandtest.c: In function 'test25':
	  commandtest.c:1121:5: error: comparison is always true due to
	                        limited range of data type [-Werror=type-limits]
	    if (rv >= 0) {
	    ^

	Change the type of 'rv' from char to int, which is the proper
	return type for virCommandExec() anyway.

2016-07-13  Andrea Bolognani  <abologna@redhat.com>

	spec: Fix indentation
	Commit ffc49e579c14 broke syntax-check:

	  cppi: libvirt.spec.in: line 622: not properly indented
	  cppi: libvirt.spec.in: line 624: not properly indented
	  cppi: libvirt.spec.in: line 640: not properly indented
	  cppi: libvirt.spec.in: line 642: not properly indented
	  maint.mk: incorrect preprocessor indentation
	  cfg.mk:697: recipe for target 'sc_spec_indentation' failed

	Indent the new conditionals properly.

2016-07-13  Martin Kletzander  <mkletzan@redhat.com>

	conf: Make really sure we don't access non-existing vCPUs again
	MinGW complained that we might be dereferencing a NULL pointer.  While
	that can't be true, the logic certainly allows for that.

	../../src/conf/domain_conf.c: In function 'virDomainDefPostParse':
	../../src/conf/domain_conf.c:4224:18: error: potential null pointer dereference [-Werror=null-dereference]
	         if (!vcpu->online && vcpu->cpumask) {
	              ~~~~^~~~~~~~

2016-07-13  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec.in: require systemd-container on >= f24
	The systemd-machined tools libvirt uses were split into a
	systemd-container RPM. Without depending on this, libvirt
	may silently fallback to the non-systemd cgroup impl which
	is not desirable.

2016-07-13  Andrea Bolognani  <abologna@redhat.com>

	qemu: command: Fix awkward formatting

2016-07-13  Martin Kletzander  <mkletzan@redhat.com>

	conf: Make really sure we don't access non-existing vCPUs
	MinGW complained that we might be dereferencing a NULL pointer.  While
	that can't be true, the logic certainly allows for that.

	src/conf/domain_conf.c: In function 'virDomainDefGetVcpuPinInfoHelper':
	src/conf/domain_conf.c:1545:17: error: potential null pointer dereference [-Werror=null-dereference]
	         if (vcpu->cpumask)
	              ~~~~^~~~~~~~~

2016-07-13  Maxim Perevedentsev  <mperevedentsev@virtuozzo.com>

	dnsmasq: disable IPv6 default gateway in RA for isolated networks
	IPv6 RA always contains an implicit default route via
	the link-local address of the source of RA. This forces
	the guest to install a route via isolated network, which
	may disturb the guest's networking in case of multiple interfaces.
	More info in 013427e6e733f7a662f4e8a9c11f7dad4cd65e3f.

	The validity of this route is controlled by "default [route] lifetime"
	field of RA. If the lifetime is set to 0 seconds, then no route
	is installed by receiver.

	dnsmasq 2.67+ supports "ra-param=<interface>,<RA interval>,<default
	lifetime>" option. We pass "ra-param=*,0,0"
	(here, RA_interval=0 means default) to disable default gateway in RA
	for isolated networks.

2016-07-13  Maxim Perevedentsev  <mperevedentsev@virtuozzo.com>

	Fix message about dnsmasq BINDTODEVICE capability.

2016-07-13  Yan Fu  <yafu@redhat.com>

	qemu: getAutoDumpPath() return value should be dumpfile not domname.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1354238

	So we spend some time and effort constructing perfect file name
	for an automatic coredump of a domain, but then just leak it and
	use the domain name anyway. This is probably due to a silly
	mistake that slipped even through review.

2016-07-12  Jim Fehlig  <jfehlig@suse.com>

	systemd: fix ready notification on abstract socket
	At least with systemd v210, NOTIFY_SOCKET is abstact, e.g.
	@/org/freedesktop/systemd1/notify. sendmsg() fails on such a socket
	with "Connection refused". The unix(7) man page contains the following
	details wrt abstract socket addresses

	abstract: an abstract socket address is distinguished (from a
	          pathname socket) by the fact that sun_path[0] is a null byte
	          ('\0').  The socket's address in this namespace is given by the
	          additional bytes in sun_path that are covered by the specified
	          length of the address structure.  (Null bytes in the name have
	          no special significance.)

	So we need to be more precise about the address length, setting it to
	the sizeof sa_family_t + length of address copied to sun_path instead
	of setting it to the sizeof the entire sockaddr_un struct.

	Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=987668

2016-07-12  Tomáš Golembiovský  <tgolembi@redhat.com>

	esx: Fetch snapshot info directly for filtering
	When fetching domains with virConnectListAllDomains() and when filtering
	by snapshot existence is requested the ESX driver first lists all the
	domains and then check one-by-one for snapshot existence. This process
	takes unnecessarily long time.

	To significantly improve the time necessary to finish the query we can
	request the snapshot related info directly when querying the list of
	domains from VMware.

2016-07-12  Eric Blake  <eblake@redhat.com>

	build: drop hack for old mingw ssize_t
	The old 32-bit-only mingw project had a mismatch in its <sys/types.h>
	that omitted ssize_t, but where size_t was a different rank than
	int as picked by gnulib.  But now that mingw64 (both 32- and 64-bit)
	is the more popular platform (Fedora has dropped mingw in favor of
	mingw64), we no longer need to carry a hack to gnulib to cater to
	the old mingw.  This reverts part of commit 1012dc29333.

	build: virrandommock.c not needed on mingw
	We can't mock tests on Mingw, which lacks dlopen() and friends;
	follow the paradigms used in other mock files of conditionally
	compiling nothing when not building for Linux.

2016-07-12  Michal Privoznik  <mprivozn@redhat.com>

	virCommandExec: Report error if execve fails
	In an unlikely event of execve() failing, the virCommandExec()
	function does not report any error, even though checks that are
	at the beginning of the function are verbose when failing.

2016-07-12  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: dir: adapts .wipeVol for ploop volumes
	The modification of .volWipe callback wipes ploop volume using one of
	given wiping algorithm: dod, nnsa, etc.
	However, in case of ploop volume we need to reinitialize root.hds and DiskDescriptor.xml.

	v2:
	- added check on ploop tools presens
	- virCommandAddArgFormat changed to virCommandAddArg

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	qemu: format intel-iommu on the command line
	<devices>
	  <iommu model='intel'/>
	</devices>

	results in:

	-device intel-iommu

	https://bugzilla.redhat.com/show_bug.cgi?id=1235580

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	Add QEMU_CAPS_DEVICE_INTEL_IOMMU
	Check whether QEMU supports -device intel-iommu

	Note that the presence of this option does not mean that it's
	usable because of a bug in earlier QEMU versions, but it's
	better than nothing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1235580

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	Introduce <iommu> device
	A device with an attribute 'model', with just one model
	so far:

	<devices>
	  ...
	  <iommu model='intel'/>
	</devices>

	https://bugzilla.redhat.com/show_bug.cgi?id=1235580

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	test-wrap-argv: set cutoff at 78 characters
	For every but the last argument, we also need space for a space
	and a backslash.

	Rewrap everything longer than 78 characters.

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	test-wrap-argv: print diff instead of the incorrectly wrapped file
	Commit c9c03ea stopped creating an intermediate file during syntax-check
	to save on execution time. It also switched to outputting the whole
	incorrectly wrapped file instead of a diff needed to fix it.

	Feed the newly wrapped file to diff via a pipe.

	Note that fixing it by running test-wrap-argv.pl --in-place or
	the unit test with VIR_TEST_REGENERATE_OUTPUT is easier.

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	testutils: only rewrap args files
	test-wrap-argv.pl does not know how to rewrap other files.

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	testutils: find perl early
	Commit 843a70a changed test-wrap-argv.pl to use
	/usr/bin/env perl
	instead of
	/usr/bin/perl

	However when called from qemuxml2argvtest with
	VIR_TEST_REGENERATE_OUTPUT, PATH is set to '/bin'.

	Find the path to perl early in virTestMain, in case we
	are going to need it later after we've overridden PATH.

2016-07-12  Ján Tomko  <jtomko@redhat.com>

	qemuxml2argvtest: drop empty pseries-vio-address-clash.args
	Unused since its introduction in commit 4b942fe.

2016-07-12  Luyao Huang  <lhuang@redhat.com>

	tests: add missing directories in EXTRA_DIST
	In commit ec5dcf2a and b0b4a35c we have moved qemuhotplugtest's XMLs to
	new directories but forgot to fix the Makefile. Add 2 directories in
	EXTRA_DIST to fix broken VPATH build. Also remove now unused
	qemuhotplugtestdata directory from the Makefile as well as from the
	tree.

2016-07-12  Daniel P. Berrange  <berrange@redhat.com>

	remote: convert to typesafe virConf accessors

	sanlock: convert to typesafe virConf accessors

	lockd: convert to typesafe virConf accessors

	selinux: convert to typesafe virConf accessors

	virt-login-shell: convert to typesafe virConf accessors

	uri: convert to typesafe virConf accessors

	libxl: convert to typesafe virConf accessors

	lxc: convert to typesafe virConf accessors

	virtlogd: convert to typedef virConf accessors

	virtlockd: convert to typesafe virConf accessors

	libvirt: convert to typesafe virConf accessors

	qemu: convert to typesafe virConf accessors

	libvirtd: convert to typesafe virConf accessors
	The libvirtdconftest was previously used to test data type
	handling of the libvirtd config file. Now we're using the
	typedef APIs, this test case has little value, and is pretty
	hard to fixup with deal with the new APIs.

	virconf: add typed value accessor methods
	Currently many users of virConf APIs are defining the same
	macros for calling virConfValue() and then doing type
	checking. To remove this repeated code, add a set of
	typesafe accessor methods.

	virconf: fix off-by-1 when appending \n to config file
	If the config file does not end with a \n, the parser will append
	one. When re-allocating the array though, it is mistakenly assuming
	that 'len' is the length including the trailing NUL, but it does
	not. So we must add 2 to len, when reallocating, not 1.

2016-07-12  Daniel P. Berrange  <berrange@redhat.com>

	tests: remove pointless virconftest.sh wrapper
	The virconftest is different from all our other tests in that
	the C program only tests a single in/out config file pair. It
	relies on a shell wrapper to invoke it once for each test
	file.

	This gets rid of the shell wrapper and makes the C program
	actually run over each test file using the normal test pattern.

2016-07-11  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemuhotplugtest: Move domain and device XMLs to different directories
	This way we can safely differentiate what XMLs contain whole domain
	definitions and which contain just devices.  Thanks to that we can
	test the domain XMLs in virschematest again.

	qemuhotplugtest: Move all XMLs to one directory
	This makes the search for related XMLs easier, plus they are not used in
	the xml2argv tests anyway.  This also makes future patches cleaner.
	While on that remove unnecessary '-hotplug' from the filenames.

2016-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvmock: Don't leak @netdef->ifname
	In the mock, we have a stub for virNetDevTapCreate(). However,
	the mocked version does not exactly as it's native counterpart.
	The function receives a string, which is an interface name that
	caller would like to have, but it's not guaranteed that they will
	get just that one. If they don't, the function free()-s the one
	passed and returns the new one. Just like the mocked version. But
	what is the mocked version missing is the free().

	==1068== 6 bytes in 1 blocks are definitely lost in loss record 9 of 132
	==1068==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
	==1068==    by 0xDE13356: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
	==1068==    by 0xAE2333E: virXMLPropString (virxml.c:479)
	==1068==    by 0xAE45975: virDomainNetDefParseXML (domain_conf.c:9038)
	==1068==    by 0xAE5C0BB: virDomainDefParseXML (domain_conf.c:16734)
	==1068==    by 0xAE5EB96: virDomainDefParseNode (domain_conf.c:17444)
	==1068==    by 0xAE5EA05: virDomainDefParse (domain_conf.c:17391)
	==1068==    by 0xAE5EA93: virDomainDefParseFile (domain_conf.c:17415)
	==1068==    by 0x433430: testCompareXMLToArgvFiles (qemuxml2argvtest.c:278)
	==1068==    by 0x433A18: testCompareXMLToArgvHelper (qemuxml2argvtest.c:414)
	==1068==    by 0x446ED4: virTestRun (testutils.c:179)
	==1068==    by 0x43A099: mymain (qemuxml2argvtest.c:1016)

2016-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Don't leak dummy monitor
	It's just test, but why leak it?

	==26971== 20 bytes in 1 blocks are definitely lost in loss record 623 of 704
	==26971==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
	==26971==    by 0xE560447: vasprintf (vasprintf.c:76)
	==26971==    by 0xAE0DEE2: virVasprintfInternal (virstring.c:480)
	==26971==    by 0xAE0DFF7: virAsprintfInternal (virstring.c:501)
	==26971==    by 0x4751F3: qemuProcessPrepareMonitorChr (qemu_process.c:2651)
	==26971==    by 0x4334B1: testCompareXMLToArgvFiles (qemuxml2argvtest.c:297)
	==26971==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
	==26971==    by 0x446E7A: virTestRun (testutils.c:179)
	==26971==    by 0x445D33: mymain (qemuxml2argvtest.c:2029)
	==26971==    by 0x44886F: virTestMain (testutils.c:969)
	==26971==    by 0x445D9B: main (qemuxml2argvtest.c:2036)

2016-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainObjPrivateFree: Free @masterKey too
	This one's a bit more complicated. In qemuProcessPrepareDomain()
	a master key for encrypting secret for ciphered disks is created.
	This object lives within qemuDomainObjPrivate object. It is freed
	in qemuProcessStop(), but if nobody calls it (for instance like
	our qemuxml2argvtest does), the key object leaks.

	==17078== 32 bytes in 1 blocks are definitely lost in loss record 633 of 707
	==17078==    at 0x4C2C070: calloc (vg_replace_malloc.c:623)
	==17078==    by 0xAD924DF: virAllocN (viralloc.c:191)
	==17078==    by 0x5050BA6: virCryptoGenerateRandom (qemuxml2argvmock.c:166)
	==17078==    by 0x453DC8: qemuDomainMasterKeyCreate (qemu_domain.c:678)
	==17078==    by 0x47A36B: qemuProcessPrepareDomain (qemu_process.c:4913)
	==17078==    by 0x47C728: qemuProcessCreatePretendCmd (qemu_process.c:5542)
	==17078==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)
	==17078==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
	==17078==    by 0x446E7A: virTestRun (testutils.c:179)
	==17078==    by 0x445BD9: mymain (qemuxml2argvtest.c:2022)
	==17078==    by 0x44886F: virTestMain (testutils.c:969)
	==17078==    by 0x445D9B: main (qemuxml2argvtest.c:2036)

2016-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCpuCommandLine: Don't leak @buf
	Just like every other qemuBuild*CommandLine() function, this uses
	a buffer to hold partial cmd line strings too. However, if
	there's an error, the control jumps to 'cleanup' label leaving
	the buffer behind and thus leaking it.

	==2013== 1,006 bytes in 1 blocks are definitely lost in loss record 701 of 711
	==2013==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
	==2013==    by 0x4C2C32F: realloc (vg_replace_malloc.c:692)
	==2013==    by 0xAD925A8: virReallocN (viralloc.c:245)
	==2013==    by 0xAD95EA8: virBufferGrow (virbuffer.c:130)
	==2013==    by 0xAD95F78: virBufferAdd (virbuffer.c:165)
	==2013==    by 0x5097F5: qemuBuildCpuModelArgStr (qemu_command.c:6339)
	==2013==    by 0x509CC3: qemuBuildCpuCommandLine (qemu_command.c:6437)
	==2013==    by 0x51142C: qemuBuildCommandLine (qemu_command.c:9174)
	==2013==    by 0x47CA3A: qemuProcessCreatePretendCmd (qemu_process.c:5546)
	==2013==    by 0x433698: testCompareXMLToArgvFiles (qemuxml2argvtest.c:332)
	==2013==    by 0x4339AC: testCompareXMLToArgvHelper (qemuxml2argvtest.c:413)
	==2013==    by 0x446E7A: virTestRun (testutils.c:179)

2016-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virStorageEncryptionSecretFree: Don't leak secret lookup definition
	When storage secret is parsed in virStorageEncryptionSecretParse(),
	virSecretLookupParseSecret() which allocates some memory. This is
	however never freed.

	==21711== 134 bytes in 6 blocks are definitely lost in loss record 70 of 85
	==21711==    at 0x4C29F80: malloc (vg_replace_malloc.c:296)
	==21711==    by 0xBCA0356: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
	==21711==    by 0xA9F432E: virXMLPropString (virxml.c:479)
	==21711==    by 0xA9D25B0: virSecretLookupParseSecret (virsecret.c:70)
	==21711==    by 0xA9D616E: virStorageEncryptionSecretParse (virstorageencryption.c:172)
	==21711==    by 0xA9D66B2: virStorageEncryptionParseXML (virstorageencryption.c:281)
	==21711==    by 0xA9D68DF: virStorageEncryptionParseNode (virstorageencryption.c:338)
	==21711==    by 0xAA12575: virDomainDiskDefParseXML (domain_conf.c:7606)
	==21711==    by 0xAA2CAC6: virDomainDefParseXML (domain_conf.c:16658)
	==21711==    by 0xAA2FC75: virDomainDefParseNode (domain_conf.c:17472)
	==21711==    by 0xAA2FAE4: virDomainDefParse (domain_conf.c:17419)
	==21711==    by 0xAA2FB72: virDomainDefParseFile (domain_conf.c:17443)

2016-07-11  Chen Hanxiao  <chenhanxiao@gmail.com>

	virsh: allow both --uuid and --name at same time
	#virsh list --uuid --name
	49c765a0-25e7-40d0-964f-dac99724b32c   c7
	918f1dd6-b19f-412b-ba17-d113bad89af8   f23

2016-07-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Use qemuProcessSetupPid() in qemuProcessSetupVcpu()

	qemu: Use qemuProcessSetupPid() in qemuProcessSetupEmulator()

	qemu: Add qemuProcessSetupPid() and use it in qemuProcessSetupIOThread()
	Setting up cgroups and other things for all kinds of threads (the
	emulator thread, vCPU threads, I/O threads) was copy-pasted every time
	new thing was added.  Over time each one of those functions changed a
	bit differently.  So create one function that does all that setup and
	start using it, starting with I/O thread setup.  That will shave some
	duplicated code and maybe fix some bugs as well.

2016-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix logic in qemuDomainObjPrivateXMLParseVcpu
	The code in qemuDomainObjPrivateXMLParseVcpu for parsing
	the 'idstr' string was comparing the overall boolean
	result against 0 which was always true

	qemu/qemu_domain.c: In function 'qemuDomainObjPrivateXMLParseVcpu':
	qemu/qemu_domain.c:1482:59: error: comparison of constant '0' with boolean expression is always false [-Werror=bool-compare]
	     if ((idstr && virStrToLong_uip(idstr, NULL, 10, &idx)) < 0 ||
	                                                           ^

	It was further performing two distinct error checks in
	the same conditional and reporting a single error message,
	which was misleading in one of the two cases.

	This splits the conditional check into two parts with
	distinct error messages and fixes the logic error.

	Fixes the bug in

	  commit 5184f398b40a5e0d7d84b86182edcb2b48ab04ba
	  Author: Peter Krempa <pkrempa@redhat.com>
	  Date:   Fri Jul 1 14:56:14 2016 +0200

	    qemu: Store vCPU thread ids in vcpu private data objects

2016-07-11  Andrea Bolognani  <abologna@redhat.com>

	qemu: capabilities: Make virHostCPUGetKVMMaxVCPUs() errors fatal
	An error in virHostCPUGetKVMMaxVCPUs() means we've been unable
	to access /dev/kvm, or we're running on a platform that doesn't
	support KVM in the first place.

	If that's the case, we shouldn't ignore the error and report
	domcapabilities even though we know the user won't be able to
	start any KVM guest.

2016-07-11  Andrea Bolognani  <abologna@redhat.com>

	util: hostcpu: Drop obsolete compatibility code
	All Linux releases we support (RHEL6 era) include these
	definitions.

	util: hostcpu: Add virHostCPUGetKVMMaxVCPUs() stub
	If we don't HAVE_LINUX_KVM_H, we can't query /dev/kvm to discover
	the limits on the number of vCPUs, so we report an error and
	return a negative value instead.

2016-07-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Store vCPU thread ids in vcpu private data objects
	Rather than storing them in an external array store them directly.

	qemu: Add cpu ID to the vCPU pid list in the status XML
	Note the vcpu ID so that once we allow non-contiguous vCPU topologies it
	will be possible to pair thread id's with the vcpus.

	qemu: domain: Extract formating and parsing of vCPU thread ids
	Further patches will be adding index and modifying the source variables
	so this will make it more clear.

	qemu: domain: Add vcpu private data structure
	Members will be added in follow-up patches.

2016-07-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Add private data for virDomainVcpuDef
	Allow to store driver specific data on a per-vcpu basis.

	Move of the virDomainDef*Vcpus* functions was necessary as
	virDomainXMLOptionPtr was declared below this block and I didn't want to
	split the function headers.

2016-07-11  Peter Krempa  <pkrempa@redhat.com>

	conf: convert def->vcpus to a array of pointers

2016-07-11  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuxml2xml: Format status XML header dynamically
	Status XML tests were done by prepending a constant string to an
	existing XML. With the planned changes the header will depend on data
	present in the definition rather than just on the data that was parsed.

	The first dynamic element in the header will be the vcpu thread list.
	Reuse and rename qemuXML2XMLPreFormatCallback for gathering the relevant
	data when checking the active XML parsing and formating and pass the
	bitmap to a newly crated header generator.

2016-07-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't report errors from virDomainDefGetVcpu
	Most callers make sure that it's never called with an out of range vCPU.
	Every other caller reports a different error explicitly. Drop the error
	reporting and clean up some dead code paths.

	conf: Rename virDomainVcpuInfoPtr to virDomainVcpuDefPtr

	conf: Extract code formatting vCPU info

	conf: Annotate that private data for objects are not copied
	Our copy functions format and parse XML thus are not able to copy data.
	Annotate the private data pointers that this is happening.

2016-07-11  Nishith Shah  <nishithshah.2211@gmail.com>

	virsh: Introduce vshReadlineParse for improved auto-completion
	The new function works as expected, and matches the current level of
	autocomplete offered, along with several other improvements like quotes
	handling, multiple command completion and space handling. Now, it is easy
	to introduce options completer here.

	virsh: Add option to suppress error in various functions
	A bool 'report' has been introduced in various functions, which when set
	to true will produce the error it is suppposed to produce, and when
	false, will suppress the error. These functions are used in the next
	patch for auto-completion.

	virsh: Fix variable types in readline generators
	Use unsigned int for array indexes and size_t for length variables.

2016-07-11  Nishith Shah  <nishithshah.2211@gmail.com>

	virsh: Break vshCmddefOptParse into helper functions
	Decompose vshCmddefOptParse into two helper functions, vshCmddefOptFill
	and vshCmddefCheckInternals.

	vshCmddefCheckInternals checks if the internal command definitions are
	correct or not.

	vshCmddefOptFill keeps track of the required options and mandatory
	arguments through opts_required and opts_need_arg.

2016-07-11  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement virConnectGetDomainCapabilities

2016-07-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix bhyveargv2xml custom loader test
	Before pushing this test, I changed the appropriate args file
	to pet test-wrap-argv.pl, but forgot to change the xml file, so
	update it accordingly.

2016-07-10  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: add tests for bhyveParseCommandLineString

2016-07-10  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement argument parser for loader
	A simple getopt-based argument parser is added for the /usr/sbin/bhyveload
	command, loosely based on its argument parser.

	The boot disk is guessed by iterating over all
	disks and matching their sources. If any non-default arguments are found,
	def->os.bootloaderArgs is set accordingly, and the bootloader is treated as a
	custom bootloader.

	Custom bootloader are supported by setting the def->os.bootloader and
	def->os.bootloaderArgs accordingly

	grub-bhyve is also treated as a custom bootloader. Since we don't get the
	device map in the native format anyways, we can't reconstruct the complete
	boot order. While it is possible to check what type the grub boot disk is by
	checking if the --root argument is "cd" or "hd0,msdos1", and then just use the
	first disk found, implementing the grub-bhyve argument parser as-is in the
	grub-bhyve source would mean adding a dependency to argp or duplicating lots
	of the code of argp. Therefore it's not really worth implementing that now.

2016-07-10  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement bhyve argument parser
	A simpe getopt-based argument parser is added for the /usr/sbin/bhyve command,
	loosely based on its argument parser, which reads the following from the bhyve
	command line string:

	* vm name
	* number of vcpus
	* memory size
	* the time offset (UTC or localtime)
	* features:
	  * acpi
	  * ioapic: While this flag is deprecated in FreeBSD r257423, keep checking for
	    it for backwards compatibiility.
	* the domain UUID; if not explicitely given, one will be generated.
	* lpc devices: for now only the com1 and com2 are supported. It is required for
	   these to be /dev/nmdm[\d+][AB], and the slave devices are automatically
	   inferred from these to be the corresponding end of the virtual null-modem
	   cable: /dev/nmdm<N>A <-> /dev/nmdm<N>B
	* PCI devices:
	  * Disks: these are numbered in the order they are found, for virtio and ahci
	    disks separately. The destination is set to sdX or vdX with X='a'+index;
	    therefore only 'z'-'a' disks are supported.
	    Disks are considered to be block devices if the path
	    starts with /dev, otherwise they are considered to be files.
	  * Networks: only tap devices are supported. Since it isn't possible to tell
	    the type of the network, VIR_DOMAIN_NET_TYPE_ETHERNET is assumed, since it
	    is the most generic. If no mac is specified, one will be generated.

2016-07-10  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement virConnectDomainXMLFromNative
	First, remove escaped newlines and split up the string into an argv-list for
	the bhyve and loader commands, respectively. This is done by iterating over the
	string splitting it by newlines, and then re-iterating over each line,
	splitting it by spaces.

	Since this code reuses part of the code of qemu_parse_command.c
	(in bhyveCommandLine2argv), add the appropriate copyright notices.

2016-07-10  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	gnulib: add getopt module
	Unconditionally use gnulib's getopt module. This is needed by the bhyve driver
	to provide a reentrant interface for getopt.

	Several gnulib headers rely on features.h being included by ctype.h to provide
	__GNUC_PREREQ, but on systems without glibc, this is not provided. In these
	cases __GNUC_PREREQ gets redefined to 0, which causes build errors from checks
	in src/internal.h.
	Therefore, define __GNUC_PREREQ as early as possible. config-post.h is probably
	the first header that is included, before any other headers.

2016-07-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	tests: Add test cases for the empty bitmap
	As the empty bitmap exists, we should also test it. This patch adds
	test cases for the procedures 'virBitmapNextSetBit', 'virBitmapLastSetBit',
	'virBitmapNextClearBit'.

	Tested-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
	Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-07-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	util: bitmap: Mention the size == 0 handling
	As there is an explicit constructor for the special case of empty
	bitmaps, we should mention that the generic constructors rejects the
	creation of empty bitmaps.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-07-09  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	util: bitmap: clarify virBitmapLastSetBit() behavior for empty bitmaps
	Before the variable 'bits' was initialized with 0 (commit
	3470cd860d517760b13e26d97b6a842ff72687a1), the following bug was
	possible.

	A function call with an empty bitmap leads to undefined
	behavior. Because if 'bitmap->map_len == 0' 'unusedBits' will be <= 0
	and 'sz == 1'. So the non global and non static variable 'bits' would
	have never been set. Consequently the check 'bits == 0' results in
	undefined behavior.

	This patch clarifies the current version of the function by handling the
	empty bitmap explicitly. Also, for an empty bitmap there is obviously no
	bit set so we can just return -1 (indicating no bit set) right away. The
	explicit check for 'bits == 0' after the loop is unnecessary because we
	only get to this point if no set bit was found.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Sascha Silbe <silbe@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-07-09  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	tests: env perl shebang for test-wrap-argv.pl
	On some systems perl is not necessarily in /usr/bin/perl. Use the perl version
	in the PATH instead.

2016-07-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Drop useless SPICE migration code
	The spiceMigration flag will never be true if there is no SPICE graphics
	configured for the domain.

	https://bugzilla.redhat.com/show_bug.cgi?id=1151723

2016-07-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly reset spiceMigration flag
	Otherwise migration during which we didn't send client_migrate_info QMP
	command will get stuck waiting for SPICE migration to finish if libvirtd
	sent the QMP command in a previous migration attempt.

	Broken by bd7c8a69.

	https://bugzilla.redhat.com/show_bug.cgi?id=1151723

2016-07-07  Daniel P. Berrange  <berrange@redhat.com>

	virtlogd: increase max file size to 2 MB
	People debugging guest OS boot processes and reported that
	the default 128 KB size is too small to capture an entire
	boot up sequence. Increase the default size to 2 MB which
	should allow capturing a full boot up even with verbose
	debugging.

	virtlogd: make max file size & number of backups configurable
	Currently virtlogd has a hardcoded max file size of 128kb
	and max of 3 backups. This adds two new config parameters
	to /etc/libvirt/virtlogd.conf to let these be customized.

2016-07-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: caps: Always assume QEMU_CAPS_SMP_TOPOLOGY
	Support for SMP topology was added by qemu commit dc6b1c09849484fbbc50
	prior to 0.12.0, our minimum supported qemu version.

	$ git describe --tags dc6b1c09849484fbbc50803307e4c7a3d81eab62
	v0.11.0-rc0-449-gdc6b1c0
	$ git describe --tags --contains dc6b1c09849484fbbc50803307e4c7a3d81eab
	v0.12.0-rc0~1477

2016-07-07  Michal Privoznik  <mprivozn@redhat.com>

	virDomainHostdevDefFree: Don't leak privateData
	After 27726d8c21 a privateData is allocated in
	virDomainHostdevDefAlloc(). However, the counter part - freeing
	them in Free() is missing which leads to the following memory
	leak:

	==6489== 24 bytes in 1 blocks are definitely lost in loss record 684 of 1,003
	==6489==    at 0x4C2C070: calloc (vg_replace_malloc.c:623)
	==6489==    by 0x54B7C94: virAllocVar (viralloc.c:560)
	==6489==    by 0x5517BE6: virObjectNew (virobject.c:193)
	==6489==    by 0x1B400121: qemuDomainHostdevPrivateNew (qemu_domain.c:798)
	==6489==    by 0x5557B24: virDomainHostdevDefAlloc (domain_conf.c:2152)
	==6489==    by 0x5575578: virDomainHostdevDefParseXML (domain_conf.c:12709)
	==6489==    by 0x5582292: virDomainDefParseXML (domain_conf.c:16995)
	==6489==    by 0x5583C98: virDomainDefParseNode (domain_conf.c:17470)
	==6489==    by 0x5583B07: virDomainDefParse (domain_conf.c:17417)
	==6489==    by 0x5583B95: virDomainDefParseFile (domain_conf.c:17441)
	==6489==    by 0x55A3F24: virDomainObjListLoadConfig (virdomainobjlist.c:465)
	==6489==    by 0x55A43E6: virDomainObjListLoadAllConfigs (virdomainobjlist.c:596)

2016-07-07  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: generate -display none
	This is preferrable to -nographic which (in addition to disabling
	graphics output) redirects the serial port to stdio and on OpenBIOS
	enables the firmware's serial console.

	qemu: detect -display
	Add a new capability for the -display command line option, which has
	been present since QEMU 1.0.

2016-07-07  Peter Krempa  <pkrempa@redhat.com>

	conf: Isolate virDomainLiveConfigHelperMethod to libxl only
	Libxl is the last user and I don't have the toolchain prepared to
	compile the libxl driver. Move it to the libxl driver to avoid having to
	refactor the code.

	conf: Don't use virDomainLiveConfigHelperMethod in virDomainObjGetMetadata
	Few arguments of the function are not necessary any more which leads to
	some cleanups. The 'uri' argument had a stray ATTRIBUTE_UNUSED.

	conf: Don't use virDomainLiveConfigHelperMethod in virDomainObjSetMetadata

	openvz: Remove use of virDomainLiveConfigHelperMethod

2016-07-07  Peter Krempa  <pkrempa@redhat.com>

	lxc: Synchronize implementation of qemuDomainSetMemoryParameters
	The impls are identical and I don't have a reasonable idea where to
	extract it.

	This also kills yet another use of virDomainLiveConfigHelperMethod.

2016-07-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Make name of QEMU_SET_MEM_PARAMETER more universal
	Use a VIR_ prefix even when it's a local helper macro. It will be later
	synced with the LXC implementation.

2016-07-07  Michal Privoznik  <mprivozn@redhat.com>

	spec: Move virt-admin into its own package
	The new package for the virt-admin binary is libvirt-admin.

	spec: Split libvirt-client
	Currently, we have libvirt-client library which serves as a
	collection point for all the libraries and client binaries we
	have. Therefore we have couple of silly dependencies, for
	instance libvirt-daemon depends on libvirt-client. Only because
	the shared library is in the client package.
	To solve this, new package libvirt-libs is introduced where all
	the libraries are going to live. The client package is then set
	to depend on this new package, just like the rest of packages
	that suffer the same problem.

2016-07-04  Erik Skultety  <eskultet@redhat.com>

	virlog: Introduce virLogFilterListFree
	This is just a convenience method for discarding a list of filters instead of
	using a 'for' loop everywhere. It is safe to pass -1 as the number of elements
	in the list as well as passing NULL as list reference.

	virlog: Introduce virLogFilterFree
	Provide a separate method to free a logging filter object. This will come handy
	once a method to create an individual logging filter object is introduced.

	virlog: Introduce virLogOutputListFree
	This is just a convenience method for discarding a list of outputs instead of
	using a 'for' loop everywhere. It is safe to pass -1 as the number of elements
	in the list as well as passing NULL as list reference.

	virlog: Introduce virLogOutputFree
	Provide a separate method to free a logging output object. This will come handy
	once a method to create an individual logging output object is introduced.

	virlog: Convert virLogFilters to a list of pointers to filters
	Same as with outputs; since the operations will be further divided into smaller
	tasks, creating a filter will become a separate operation that will return
	a reference to a newly created filter.

	virlog: Convert virLogOutputs to a list of pointers to outputs
	Right now, we define outputs one after another. However, the correct flow
	should be to define a set of outputs as a whole unit. Therefore each output
	should be first created, placed into an array/list and the list will be
	defined. Output creation should be a separate operation, so an output will be
	returned by a reference. From that perspective, it makes perfect sense to
	only store pointers to actual outputs.

	virlog: Return void instead of int in virLogReset<Foo> methods
	In this particular case, reset is meant as clearing the whole list of
	outputs/filters, not resetting it to a predefined default setting. Looking at
	it from that perspective, returning the number of records removed doesn't help
	the caller in any way (not that any of the callers would actually check for
	it). Well, callers could detect an error from the number of successfully
	removed records, but the only thing that can fail in virLogReset is force
	closing a file descriptor in which case the error isn't propagated back to
	virLogReset anyway. Conclusion: there is no practical use for having a return
	type of 'int' rather than 'void' in this case.

2016-07-04  Andrea Bolognani  <abologna@redhat.com>

	qemu: Memory locking is only required for KVM guests on ppc64
	Due to the way the hardware works, KVM on ppc64 always requires
	memory locking; however, that is not the case for non-KVM ppc64
	guests, eg. ppc64 guests that are running on x86_64 with TCG.

	Only require memory locking for ppc64 guests if they are using
	KVM or, as it's the case for all architectures, they have host
	devices assigned using VFIO.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1350772

2016-07-04  Martin Kletzander  <mkletzan@redhat.com>

	maint: update to latest gnulib
	Fix mingw build regarding rpl_{printf,scanf} symbols.

2016-07-02  Laine Stump  <laine@laine.org>

	qemu: support setting host-side IP addresses/routes
	For type='ethernet' interfaces only.

	(This patch had been pushed earlier in
	commit 0b4645a7e061abc8a4be71fe89865cf248ce6e56, but was reverted in
	commit 84d47a3cce71175bc1d8af596f835f66f38a190c because it had been
	accidentally pushed during the freeze for release 2.0.0)

2016-07-02  Laine Stump  <laine@laine.org>

	lxc: support setting host-side IP addresses/routes
	(This patch had been pushed earlier in
	commit cd5c9f21ded4f8e6216eba02b8795f70503ab404, but was reverted in
	commit 1549f16832ca23918b651fb4985a2e9f257cd429 because it had been
	accidentally pushed during the freeze for release 2.0.0)

2016-07-02  Laine Stump  <laine@laine.org>

	util: support setting peer for virNetDevIPInfo addresses
	This will apply to any IP address setting that uses
	virNetDevIPInfoAddToDev() (which so far is only the guest-side of LXC
	type='ethernet' interfaces).

	(This patch had been pushed earlier in
	commit cb20f989df393ec97ba65afb06089d0ab87af484, but was reverted in
	commit cba06aea8d500d4ea7e2f40272be484027dd3e4a because it had been
	accidentally pushed during the freeze for release 2.0.0)

2016-07-02  Laine Stump  <laine@laine.org>

	conf: support host-side IP/route information in <interface>
	This is place as a sub-element of <source>, where other aspects of the
	host-side connection to the network device are located (network or
	bridge name, udp listen port, etc). It's a bit odd that the interface
	we're configuring with this info is itself named in <target dev='x'/>,
	but that ship sailed long ago:

	    <interface type='ethernet'>
	      <mac address='00:16:3e:0f:ef:8a'/>
	      <source>
	        <ip address='192.168.122.12' family='ipv4'
	            prefix='24' peer='192.168.122.1'/>
	        <ip address='192.168.122.13' family='ipv4' prefix='24'/>
	        <route family='ipv4' address='0.0.0.0'
	               gateway='192.168.122.1'/>
	        <route family='ipv4' address='192.168.124.0' prefix='24'
	               gateway='192.168.124.1'/>
	      </source>
	    </interface>

	In practice, this will likely only be useful for type='ethernet', so
	its presence in any other type of interface is currently forbidden in
	the generic device Validate function (but it's been put into the
	general population of virDomainNetDef rather than the
	ethernet-specific union member so that 1) we can more easily add the
	capability to other types if needed, and 2) we can retain the info
	when set to an invalid interface type all the way through to
	validation and report a proper error, rather than just ignoring it
	(which is currently what happens for many other type-specific
	settings).

	(NB: The already-existing configuration of IP info for the guest-side
	of interfaces is in subelements directly under <interface>, and the
	name of the guest-side interface (when configurable) is in <guest
	dev='x'/>).

	(This patch had been pushed earlier in
	commit fe6a77898a38f491403a70cc49925a584101daee, but was reverted in
	commit d658456530c1010a49f45865613ed361a0fcc5b4 because it had been
	accidentally pushed during the freeze for release 2.0.0)

2016-07-02  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	conf: allow setting peer address in <ip> element of <interface>
	The peer attribute is used to set the property of the same name in the
	interface IP info:

	  <interface type='ethernet'>
	    ...
	    <ip family='ipv4' address='192.168.122.5'
	        prefix='32' peer='192.168.122.6'/>
	    ...
	  </interface>

	Note that this element is used to set the IP information on the
	*guest* side interface, not the host side interface - that will be
	supported in an upcoming patch.

	(This patch now has quite a history: it was originally pushed in
	commit 690969af, which was subsequently reverted in commit 1d14b13f,
	then reworked and pushed (along with a lot of other related/supporting
	patches) in commit 93135abf1; however *that* commit had been
	accidentally pushed during dev. freeze for release 2.0.0, so it was
	again reverted in commit f6acf039f0).

2016-07-02  Laine Stump  <laine@laine.org>

	util: new function virNetDevIPInfoAddToDev
	This patch takes the code out of
	lxcContainerRenameAndEnableInterfaces() that adds all IP addresses and
	IP routes to the interface, and puts it into a utility function
	virNetDevIPInfoAddToDev() in virnetdevip.c so that it can be used by
	anyone.

	One small change in functionality -
	lxcContainerRenameAndEnableInterfaces() previously would add all IP
	addresses to the interface while it was still offline, then set the
	interface online, and then add the routes. Because I don't want the
	utility function to set the interface online, I've moved this up so
	the interface is first set online, then IP addresses and routes are
	added. This is the same order that the network service from
	initscripts (in ifup-ether) does it, so it shouldn't pose any problem
	(and hasn't, in the tests that I've run).

	(This patch had been pushed earlier in commit
	f1e0d0da11c473905470c28a6488bf57d9d0ae6e, but was reverted in commit
	05eab47559950403aa67d18b098273269ae6916e because it had been
	accidentally pushed during the freeze for release 2.0.0)

2016-07-01  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce helper qemuDomainSecretDiskCapable
	Introduce a helper to help determine if a disk src could be possibly used
	for a disk secret... Going to need this for hot unplug.

	encryption: Add <cipher> and <ivgen> to encryption
	For a luks device, allow the configuration of a specific cipher to be
	used for encrypting the volume.

	encryption: Add luks parsing for storageencryption
	Add parse and format of the luks/passphrase secret including tests for
	volume XML parsing.

2016-07-01  John Ferlan  <jferlan@redhat.com>

	util: Add 'usage' for encryption
	In order to use more common code and set up for a future type, modify the
	encryption secret to allow the "usage" attribute or the "uuid" attribute
	to define the secret. The "usage" in the case of a volume secret would be
	the path to the volume as dictated by the backwards compatibility brought
	on by virStorageGenerateQcowEncryption where it set up the usage field as
	the vol->target.path and didn't allow someone to provide it. This carries
	into virSecretObjListFindByUsageLocked which takes the secret usage attribute
	value from from the domain disk definition and compares it against the
	usage type from the secret definition. Since none of the code dealing
	with qcow/qcow2 encryption secrets uses usage for lookup, it's a mostly
	cosmetic change. The real usage comes in a future path where the encryption
	is expanded to be a luks volume and the secret will allow definition of
	the usage field.

	This code will make use of the virSecretLookup{Parse|Format}Secret common code.

2016-07-01  John Ferlan  <jferlan@redhat.com>

	conf: Add new secret type "passphrase"
	Add a new secret type known as "passphrase" - it will handle adding the
	secret objects that need a passphrase without a specific username.

	The format is:

	   <secret ...>
	     <uuid>...</uuid>
	     ...
	     <usage type='passphrase'>
	       <name>mumblyfratz</name>
	     </usage>
	   </secret>

2016-07-01  John Ferlan  <jferlan@redhat.com>

	conf: No need to check for usage fields during Format
	Since the virSecretDefParseUsage ensures each of the fields is present,
	no need to check during virSecretDefFormatUsage (also virBufferEscapeString
	is a no-op with a NULL argument).

2016-07-01  Brandon Bennett  <bbennett@fb.com>

	Allow custom metadata in network configuration XML
	    This replicates the metadata field found in the domain configuration
	    and adds it to the network configuration XML.

2016-07-01  Laine Stump  <laine@laine.org>

	util: new function virXMLNodeSanitizeNamespaces()
	This is a generic version of virDomainDefMetadataSanitize() - the same
	functionality is now needed for network metadata.

	docs: remove outdated suggestion to make patches with "diff -urp"/"git diff"
	I can't think of any good reason to do either of those, and having the
	examples there will just lead to unusable patch emails from people who
	can't be bothered to read the entire page.

2016-07-01  Andrea Bolognani  <abologna@redhat.com>

	util: hostcpu: Only define /dev/kvm path once
	Remove the local kvmpath variable from
	virHostCPUGetThreadsPerSubcore() and use the file-global
	KVM_DEVICE define instead.

2016-07-01  Ján Tomko  <jtomko@redhat.com>

	examples: check asprintf return value in client_info.c
	On error, asprintf returns -1 and the contents of the string
	pointer is undefined. In the rest of the libvirt code,
	the virAsprintf wrapper takes care of that.

	Check the return value and report a generic error, since we
	purposefully avoid linking to virutil.

2016-07-01  Daniel P. Berrange  <berrange@redhat.com>

	mingw-libvirt.spec.in: add perl + perl(Getopt::Long) BRs
	The default Fedora build roots for f25 and newer no longer
	include perl. We must thus explicitly ask for it as the
	RPC gendispatch.pl program needs it, and the Getopt::Long
	module. Do this unconditionally since it isn't harmful for
	older Fedora

2016-07-01  Daniel P. Berrange  <berrange@redhat.com>

	mingw-libvirt.spec.in: fix packaging of admin API and other bugs
	When the admin API was enabled no entries were added to the
	file list.

	The virt-host-validate binary is also no longer built on
	win32

2016-07-01  Cole Robinson  <crobinso@redhat.com>

	events: Rename argument uuid->key
	Since it's not strictly a uuid anymore

	events: Add explicit lookup 'key' value
	This allows event implementations to match on something other
	than an object's uuid, like nodedev or interface objects which
	don't have a uuid.

	events: Pass in UUID as a string
	This should not have any functional difference, it's just a step
	towards matching on non-uuid string keys

	events: Cleanup callback variable name
	In every other instance virObjectEventCallbackPtr is named 'cb',
	and in other code 'event' usually means a virObjectEventPtr

	events: Add virObjectEventCallbackFree

	events: Privatize virObjectEventCallback
	It's only used in object_event.c, so remove it from the header. We
	need to move the _virObjectEventCallback definition earlier as a
	result.

2016-07-01  Ján Tomko  <jtomko@redhat.com>

	Introduce virDomainUSBDeviceDefForeach
	A helper that will execute a callback on every USB device
	in the domain definition.

	With an ability to skip USB hubs, since we will want to treat
	them differently in some cases.

2016-07-01  Ján Tomko  <jtomko@redhat.com>

	Add USB addresses to qemuhotplug test cases
	This test assumes the XML will be the same after formatting.
	Add USB addresses to it to keep it working when we autoassign them.

2016-07-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid needless copies of static strings

	qemu: Drop emitBootindex parameter

2016-07-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use bootindex whenever possible
	I'm not sure why our code claimed "-boot menu=on" cannot be used in
	combination with per-device bootindex, but it was proved wrong about
	four years ago by commit 8c952908. Let's always use bootindex when QEMU
	supports it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1323085

2016-07-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove redundant parameter in virQEMUCapsFillDomainCaps
	virttype is already included in domCaps, no need to pass it separately.

	domaincapstest: Don't read data from host
	virQEMUCapsFillDomainCaps would use virHostCPUGetKVMMaxVCPUs for KVM
	domains.

	cpu: Drop NR_DRIVERS macro

	cpu: Drop generic driver
	Pretending (partial) support for something we don't understand is risky.
	Reporting a failure is much better.

	Post-release version bump to 2.1.0

2016-07-01  Daniel Veillard  <veillard@redhat.com>

	Libvirt 2.0.0 release
	* docs/news.html.in: update documentation
	* po/*.po*: regenerate

2016-06-30  Martin Kletzander  <mkletzan@redhat.com>

	dist: Speed up distribution compression
	This almost reverts b7200d723648.  The size is increased from 11M to 13M
	and the compression is sped up from 2 minutes to 17 seconds.  The
	compression level is removed because -9 doesn't allow multiple threads
	to be spawned.  Effectively speeds up distcheck as well.

2016-06-30  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't free the constructed string in virDomainGetBlkioParametersAssignFromDef
	virTypedParameterAssign steals the string rather than copying it into
	the typed parameter and thus freeing it leads to a crash when attempting
	to serialize the results.

	This was introduced in commit 9f50f6e2 and later made an universal
	helper in 32e6339c.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351473

2016-06-30  Peter Krempa  <pkrempa@redhat.com>

	conf: def: Avoid unnecessary allocation of 'perf' events definition
	Some code paths already assume that it is allocated since it was always
	allocated by virDomainPerfDefParseXML. Make it member of virDomainDef
	directly so that we don't have to allocate it all the time.

	This fixes crash when attempting to connect to an existing process via
	virDomainQemuAttach since we would not allocate it in that code path.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1350688

2016-06-30  Jiri Denemark  <jdenemar@redhat.com>

	docs: Warn against locked memory limit too high
	https://bugzilla.redhat.com/show_bug.cgi?id=1046833

2016-06-30  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	tests: Add test cases for SCSI disk hot-plug with QEMU
	Verify that SCSI controllers get created automatically when a SCSI disk
	is hot-plugged to a domain that doesn't have a matching SCSI controller
	defined already.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-06-30  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: SCSI hostdev hot-plug: Fix automatic creation of SCSI controllers
	Ensure that the given controller and all controllers with a smaller
	index exist; there must not be any missing index in between.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-06-30  Marc Hartmayer  <mhartmay@linux.vnet.ibm.com>

	qemu: hot-plug: Fix broken SCSI disk hot-plug
	The commit "qemu: hot-plug: Assume support for -device in
	qemuDomainAttachSCSIDisk" dropped the code for the automatic SCSI
	controller creation used in SCSI disk hot-plugging. If we are
	hot-plugging a SCSI disk to a domain and there is no proper SCSI
	controller defined, it results in an "error: internal error: Could not
	find scsi controller with index X required for device" error.

	For that reason reverting a hunk of the commit
	d4d32005d6e8b2cc0a2f26b483ca1de10171db6d.

	This patch also adds an extra comment to the code to clarify the
	loop.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-06-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Let empty default VNC password work as documented
	CVE-2016-5008

	Setting an empty graphics password is documented as a way to disable
	VNC/SPICE access, but QEMU does not always behaves like that. VNC would
	happily accept the empty password. Let's enforce the behavior by setting
	password expiration to "now".

	https://bugzilla.redhat.com/show_bug.cgi?id=1180092

2016-06-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use proper async job to refresh virtio channels

2016-06-29  Jean-Marc Liger  <jean-marc.liger@parisdescartes.fr>

	libvirt.spec.in: Use libnl-devel for RHEL-6
	RHEL-6 still needs to use libnl instead of libnl3, so re-add
	the spec conditional mistakenly removed in

	  commit 3694e038fd12825042cca6204f7aa7322e2ed9c9
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed May 4 15:43:08 2016 +0100

	    libvirt.spec.in: drop Fedora < 20 and RHEL < 6

2016-06-29  Erik Skultety  <eskultet@redhat.com>

	admin: fix virt-admin startup crash by calling virAdmInitialize
	Similarly to what virsh virt-login-shell do, call virAdmInitialize prior to
	initializing an event loop and initializing the error handler. Commit 97973ebb7
	described and fixed an identical issue for libvirt_lxc.
	Since virAdmInitialize becomes a public API after applying this patch,
	the symbol is also added to public syms and the doc string of the method is
	slightly enhanced analogically to virInitialize.

2016-06-29  Ján Tomko  <jtomko@redhat.com>

	Fix possible invalid read in adminClientGetInfo
	virNetServerClientGetInfo returns the client's remote address
	as a string, which is a part of the client object.

	Use VIR_STRDUP to make a copy which can be freely accessed
	even after the virNetServerClient object is unlocked.

	To reproduce, put a sleep between virObjectUnlock in
	virNetServerClientGetInfo and virTypedParamsAddString in
	adminClientGetInfo, then close the queried connection during
	that sleep.

2016-06-28  Michal Privoznik  <mprivozn@redhat.com>

	virStorageTranslateDiskSourcePool: Avoid double free
	https://bugzilla.redhat.com/show_bug.cgi?id=1316370

	Consider the following disk for a domain:

	    <disk type='volume' device='cdrom'>
	      <driver name='qemu' type='raw'/>
	      <auth username='libvirt'>
	        <secret type='iscsi' usage='libvirtiscsi'/>
	      </auth>
	      <source pool='iscsi-secret-pool' volume='unit:0:0:0' mode='direct' startupPolicy='optional'/>
	      <target dev='sda' bus='scsi'/>
	      <readonly/>
	      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	    </disk>

	Now, startupPolicy is currently not allowed for iscsi disks, so
	one would expect an error message to be thrown. But what a
	surprise is waiting for users if they try to start up such
	domain:

	==15724== Invalid free() / delete / delete[] / realloc()
	==15724==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
	==15724==    by 0x54B7A69: virFree (viralloc.c:582)
	==15724==    by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549)
	==15724==    by 0x552F023: virStorageSourceClear (virstoragefile.c:2055)
	==15724==    by 0x552F054: virStorageSourceFree (virstoragefile.c:2067)
	==15724==    by 0x55556AA: virDomainDiskDefFree (domain_conf.c:1562)
	==15724==    by 0x5557ABE: virDomainDefFree (domain_conf.c:2547)
	==15724==    by 0x1B43CC42: qemuProcessStop (qemu_process.c:5918)
	==15724==    by 0x1B43BA2E: qemuProcessStart (qemu_process.c:5511)
	==15724==    by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050)
	==15724==    by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104)
	==15724==    by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122)
	==15724==  Address 0x21cfbb90 is 0 bytes inside a block of size 48 free'd
	==15724==    at 0x4C2B1F0: free (vg_replace_malloc.c:473)
	==15724==    by 0x54B7A69: virFree (viralloc.c:582)
	==15724==    by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549)
	==15724==    by 0x12D1C8D4: virStorageTranslateDiskSourcePool (storage_driver.c:3475)
	==15724==    by 0x1B4396E4: qemuProcessPrepareDomain (qemu_process.c:4896)
	==15724==    by 0x1B43B880: qemuProcessStart (qemu_process.c:5466)
	==15724==    by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050)
	==15724==    by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104)
	==15724==    by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122)
	==15724==    by 0x561CA97: virDomainCreate (libvirt-domain.c:6787)
	==15724==    by 0x12B6FD: remoteDispatchDomainCreate (remote_dispatch.h:4116)
	==15724==    by 0x12B61A: remoteDispatchDomainCreateHelper (remote_dispatch.h:4092)

	The problem is, in virStorageTranslateDiskSourcePool disk
	def->src->auth is freed, but the pointer is not set to NULL. So
	later, when qemuProcessStop starts to free the domain definition,
	virStorageAuthDefFree() tries to free the memory again, instead
	of jumping out immediately.

2016-06-28  Jaroslav Suchanek  <jsuchane@redhat.com>

	logging: fixing log level initialization from cmdline
	Reorder code for setting default log level from cmdline prior
	initialization of log outputs. Thus the --verbose option is reflected.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325072

2016-06-28  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainDeviceDefValidate: Drop unused qemuCaps

2016-06-28  Andrea Bolognani  <abologna@redhat.com>

	vz: Fix indentation in prlsdkGetNetAddresses()

2016-06-27  Olga Krishtal  <okrishtal@virtuozzo.com>

	vz: fix build for virNetDev* changes
	Patch fixes vz build after changes in IP-related netdev functions(cf0568b0, fbc1843d).

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "util: new function virNetDevIPInfoAddToDev"
	This reverts commit f1e0d0da11c473905470c28a6488bf57d9d0ae6e.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "conf: allow setting peer address in <ip> element of <interface>"
	This reverts commit 93135abf1454d8a1c8542e8c951ed615305ffa24.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "conf: support host-side IP/route information in <interface>"
	This reverts commit fe6a77898a38f491403a70cc49925a584101daee.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "util: support setting peer for virNetDevIPInfo addresses"
	This reverts commit cb20f989df393ec97ba65afb06089d0ab87af484.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "lxc: support setting host-side IP addresses/routes"
	This reverts commit cd5c9f21ded4f8e6216eba02b8795f70503ab404.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Ján Tomko  <jtomko@redhat.com>

	Revert "qemu: support setting host-side IP addresses/routes"
	This reverts commit 0b4645a7e061abc8a4be71fe89865cf248ce6e56.

	This feature was accidentally pushed in the feature freeze.

2016-06-27  Andrea Bolognani  <abologna@redhat.com>

	Clean up after virNetDevIP creation
	Commit cf0568b0af4e moved a bunch of functions from virNetDev
	to the more specific virNetDevIP; however, not all of the
	existing uses were moved properly, causing build failures on
	FreeBSD.

	Complete the transition to the new names and drop the
	obsolete declarations from the header file while at it.

2016-06-27  Andrea Bolognani  <abologna@redhat.com>

	util: netdevip: Include vircommand.h
	Not including the header causes

	  util/virnetdevip.c:520:5: error:
	  unknown type name 'virCommandPtr'; did you mean 'virCondPtr'?
	    virCommandPtr cmd = NULL;
	    ^~~~~~~~~~~~~

	and plenty more similar failures when compiling on FreeBSD.

2016-06-27  Michal Privoznik  <mprivozn@redhat.com>

	libvirtd.conf: Fix invalid default of max_anonymous_clients
	https://bugzilla.redhat.com/show_bug.cgi?id=1343442

	When a client connects, it is placed into a queue. As soon as it
	authenticate, it is taken out of that queue and placed into a
	different one. Now, we have a setting in the daemon config file
	that allows users to control the length of the queue of yet not
	authenticated clients. By default, it has a value 20 but in the
	description to the config knob we clam it's zero.

2016-06-27  Laine Stump  <laine@laine.org>

	qemu: support setting host-side IP addresses/routes
	For type='ethernet' interfaces only.

	lxc: support setting host-side IP addresses/routes

	util: support setting peer for virNetDevIPInfo addresses
	This will apply to any IP address setting that uses
	virNetDevIPInfoAddToDev() (which so far is only the guest-side of LXC
	type='ethernet' interfaces).

2016-06-27  Laine Stump  <laine@laine.org>

	conf: support host-side IP/route information in <interface>
	This is place as a sub-element of <source>, where other aspects of the
	host-side connection to the network device are located (network or
	bridge name, udp listen port, etc). It's a bit odd that the interface
	we're configuring with this info is itself named in <target dev='x'/>,
	but that ship sailed long ago:

	    <interface type='ethernet'>
	      <mac address='00:16:3e:0f:ef:8a'/>
	      <source>
	        <ip address='192.168.122.12' family='ipv4'
	            prefix='24' peer='192.168.122.1'/>
	        <ip address='192.168.122.13' family='ipv4' prefix='24'/>
	        <route family='ipv4' address='0.0.0.0'
	               gateway='192.168.122.1'/>
	        <route family='ipv4' address='192.168.124.0' prefix='24'
	               gateway='192.168.124.1'/>
	      </source>
	    </interface>

	In practice, this will likely only be useful for type='ethernet', so
	its presence in any other type of interface is currently forbidden in
	the generic device Validate function (but it's been put into the
	general population of virDomainNetDef rather than the
	ethernet-specific union member so that 1) we can more easily add the
	capability to other types, and 2) we can retain the info when set to
	an invalid interface type all the way through to validation and report
	a proper error, rather than just ignoring it (which is currently what
	happens for many other type-specific settings).

	(NB: The already-existing configuration of IP info for the guest-side
	of interfaces is in subelements directly under <interface>, and the
	name of the guest-side interface (when configurable) is in <guest
	dev='x'/>).

2016-06-27  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	conf: allow setting peer address in <ip> element of <interface>
	The peer attribute is used to set the property of the same name in the
	interface IP info:

	  <interface type='ethernet'>
	    ...
	    <ip family='ipv4' address='192.168.122.5'
	        prefix='32' peer='192.168.122.6'/>
	    ...
	  </interface>

	Note that this element is used to set the IP information on the
	*guest* side interface, not the host side interface - that will be
	supported in an upcoming patch.

	(This is an updated *re*-commit of commit 690969af, which was
	subsequently reverted in commit 1d14b13f).

2016-06-27  Laine Stump  <laine@laine.org>

	util: new function virNetDevIPInfoAddToDev
	This patch takes the code out of
	lxcContainerRenameAndEnableInterfaces() that adds all IP addresses and
	IP routes to the interface, and puts it into a utility function
	virNetDevIPInfoAddToDev() in virnetdevip.c so that it can be used by
	anyone.

	One small change in functionality -
	lxcContainerRenameAndEnableInterfaces() previously would add all IP
	addresses to the interface while it was still offline, then set the
	interface online, and then add the routes. Because I don't want the
	utility function to set the interface online, I've moved this up so
	the interface is first set online, then IP addresses and routes are
	added. This is the same order that the network service from
	initscripts (in ifup-ether) does it, so it shouldn't pose any problem
	(and hasn't, in the tests that I've run).

2016-06-27  Laine Stump  <laine@laine.org>

	lxc: move debug/error log when adding IP addresses to virNetDevIPAddrAdd
	It makes more sense to have the logging at the lower level so other
	callers can share the goodness.

	While removing so much stuff from / touching so many lines in
	lxcContainerRenameAndEnableInterfaces() (which used to have this
	debug/error logging), label names were changed and it was updated to
	use the now-more-common method of initializing ret to -1 (failure),
	then setting to 0 right before the cleanup label.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: clean up after adding calls to virNetDevIPInfo helpers
	virDomainNetIPInfoParseXML() and virDomainNetIPInfoFormat() are no
	longer "unused", so we can now remove the "ATTRIBUTE_UNUSED" from
	their definitions, since virDomainNetIPInfoFormat() is now the only
	caller of virDomainNetIPsFormat() and virDomainNetRoutesFormat(),
	those two functions can simply be subsumed into
	virDomainNetIPInfoFormat().

2016-06-27  Laine Stump  <laine@laine.org>

	qemu: forbid setting guest-side IP address/route info of <interface>
	libvirt's qemu driver doesn't have direct access to the config on the
	guest side of a network interface, and currently doesn't have any
	method in place to even inform the guest of the desired config. In the
	future, an unenforceable attempt to set the guest-side IP info could
	be made by adding a static host entry to the appropriate dnsmasq
	configuration (or changing the default dhcp client address on the qemu
	commandline for type='user' interfaces), or enhancing the guest agent
	to allow setting an IP address, but for now it can't have any effect,
	and we don't want to give the illusion that it does.

	To prevent the "disappearance" of any existing configs with ip
	address/route info (due to parser failure), this check is added in the
	newly implemented qemuDomainDeviceDefValidate(), which is only called
	when a domain is defined or started, *not* when it is reread from disk
	at libvirtd startup.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: use virNetDevIPInfo for guest-side <interface> config
	All the same information was already there, just in slightly different
	places in the virDomainNetDef.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: use virNetDevIPInfo in virDomainHostdevCaps
	a.k.a. <hostdev mode='capabilities' type='net'>.

	This replaces the existing nips, ips, nroutes, and routes with a
	single virNetDevIPInfo, and simplifies the code by calling that
	object's parse/format/clear functions instead of open coding.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: single object containing list of IP addresses, list of routes
	There are currently two places in the domain where this combination is
	used, and there is about to be another. This patch puts them together
	for brevity and uniformity.

	As with the newly-renamed virNetDevIPAddr and virNetDevIPRoute
	objects, the new virNetDevIPInfo object will need to be accessed by a
	utility function that calls low level Netlink functions (so we don't
	want it to be in the conf directory) and will be called from multiple
	hypervisor drivers (so it can't be in any hypervisor directory); the
	most appropriate place is thus once again the util directory.

	The parse and format functions are in conf/domain_conf.c because only
	the domain XML (i.e. *not* the network XML) has this exact combination
	of IP addresses plus routes. Note that virDomainNetIPInfoFormat() will
	end up being the only caller to virDomainNetRoutesFormat() and
	virDomainNetIPsFormat(), so it will just subsume those functions in a
	later patch, but we can't do that until they are no longer called.

	(It would have been nice to include the interface name within the
	virNetDevIPInfo object (with a slight name change), but that can't
	be done cleanly, because in each case the interface name is provided
	in a different place in the XML relative to the routes and IP
	addresses, so putting it in this object would actually make the code
	more confused rather than simpler).

2016-06-27  Laine Stump  <laine@laine.org>

	util: move IP route & address object-related functions to virnetdevip.c
	These functions all need to be called from a utility function that
	must be located in the util directory, so we move them all into
	util/virnetdevip.[ch] now that it exists.

	Function and struct names were appropriately changed for the new
	location, but all code is unchanged aside from motion and renaming.

2016-06-27  Laine Stump  <laine@laine.org>

	util: new files virnetdevip.[ch] for IP-related netdev functions
	This patch splits virnetdev.[ch] into multiple files, with the new
	virnetdevip.[ch] containing all the functions related to setting and
	retrieving IP-related info for a device (both addresses and routes).

2016-06-27  Laine Stump  <laine@laine.org>

	conf/openvz: eliminate incorrect/undocumented use of <source dev='blah'/>
	When support for <interface type='ethernet'> was added in commit
	9a4b705f back in 2010, it erroneously looked at <source dev='blah'/>
	for a user-specified guest-side interface name. This was never
	documented though. (that attribute already existed at the time in the
	data.ethernet union member of virDomainNetDef, but apparently had no
	practical use - it was only used as a storage place for a NetDef's
	bridge name during qemuDomainXMLToNative(), but even then that was
	never used for anything).

	When support for similar guest-side device naming was added to the lxc
	driver several years later, it was put in a new subelement <guest
	dev='blah'/>.

	In the intervening years, since there was no validation that
	ethernet.dev was NULL in the other drivers that didn't actually use
	it, innocent souls who were adding other features assuming they needed
	to account for non-NULL ethernet.dev when really they didn't, so
	little bits of the usual pointless cargo-cult code showed up.

	This patch not only switches the openvz driver to use the documented
	<guest dev='blah'/> notation for naming the guest-side device (just in
	case anyone is still using the openvz driver), and logs an error if
	anyone tries to set <source dev='blah'/> for a type='ethernet'
	interface, it also removes the cargo-cult uses of ethernet.dev and
	<source dev='blah'/>, and eliminates if from the RNG and from
	virDomainNetDef.

	NB: I decided on this course of action after mentioning the
	inconsistency here:

	  https://www.redhat.com/archives/libvir-list/2016-May/msg02038.html

	and getting encouragement do eliminate it in a later IRC discussion
	with danpb.

2016-06-27  Laine Stump  <laine@laine.org>

	qemu: eliminate memory leaks when converting NetDefs to type='ethernet'
	in qemuConnectDomainXMLToNative. This function was only accounting for
	about 1/10 of all the allocated items in the NetDef prior to memseting
	it to all 0's. On top of that, it was going to great pains to learn
	the name of the bridge device, but then never doing anything useful
	with it (just putting it into data.ethernet.dev, which is *never* used
	when building a qemu commandline). (I think this again all started off
	as code with good intentions, but it was never completed, and instead
	was just Frankensteinically cargo-culted into the odd mish mash we
	have today).

	The resulting code is much simpler, produces exactly the same output,
	and doesn't leak memory.

2016-06-27  Laine Stump  <laine@laine.org>

	qemu: don't set/clear NetDef IP addresses in qemuConnectDomainXMLToNative()
	This patch removes the expanded and duplicated code that all sprung
	out of two well-intentioned-but-useless settings of
	net->data.(bridge|ethernet).ipaddr.

	qemu has never supported even a single IP address in the interface
	config, much less a list of them. All of the instances of "clearing
	out the IP addresses" that are now in this function originated with
	commit d8dbd6 "Basic domain XML conversions for Xen/QEMU drivers" in
	May 2009, but even then the single "ipaddr" in the struct for
	type='ethernet' and type='bridge' wasn't used in the qemu driver (only
	in xen and openvz). Since then anyone who added a new interface type
	also tacked on another unnecessary clearing of ipaddr, and when it was
	made into a list of IPs (so far supported only by the LXC driver) this
	simple setting was turned into a loop (well, multiple loops) to clear
	them all.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: new function virDomainNetDefClear
	We need to clear these out without freeing the object completely.

2016-06-27  Laine Stump  <laine@laine.org>

	lxc: use correct prefix when setting veth IP address
	Commit c9a641 (first appearred in 1.2.12) added support for setting
	the guest-side IP address of veth devices in lxc domains.
	Unfortunately, it hardcoded the assumption that the proper prefix for
	any IP address with no explicit prefix in the config should be "24";
	that is only correct for class C IPv4 addresses, but not for any other
	IPv4 address, nor for any IPv6 address.

	The good news is that there is already a function in libvirt that will
	determine the proper default prefix for any IP address. This patch
	replaces the use of the ill-fated VIR_SOCKET_ADDR_DEFAULT_PREFIX with
	calls to virSocketAddrGetIPPrefix().

2016-06-27  Laine Stump  <laine@laine.org>

	lxc: eliminate extraneous free of netDef->ifname_guest
	lxcContainerRenameAndEnableInterfaces() isn't making a copy of the
	interface's ifname_guest (into newname), it's just copying the pointer
	to it. This means that when it later calls VIR_FREE(newname), it's
	actually freeing up (and fortunately NULLing out, so at least we don't
	try to access free'd memory) netDef->ifname_guest.

	util: allow calling virSocketAddrGetIPPrefix with NULL netmask or address
	There are times when we don't have a netmask pointer to give to
	virSocketAddrGetIPPrefix() (e.g. the IP addresses in domain interfaces
	only have a prefix, no netmask), but it would have caused a segv if we
	called it with NULL instead of a pointer to a netmask. This patch
	qualifies the code that would use the netmask or address pointers to
	check for NULL first.

	tests: mock virNetDevSetIPAddress
	Now that we can include <interface type='ethernet'> in tests, we could
	almost test XML that has an <ip> element in an interface. Except that
	the test fails when it tries to actually set the IP address for the
	interface's tap device. This patch mocks virNetDevSetIPAddress() to
	just return success.

2016-06-27  Laine Stump  <laine@laine.org>

	conf: clean up virDomainNetIPParseXML()
	Rearrange this function to be better organized and more correct:

	* the error codes were changed from the incorrect INVALID_ARG to
	  XML_ERROR

	* prefix still isn't required, but if present it must be valid or an
	  error will be logged.

	* don't emit a debug log just because prefix is missing - this
	  is valid.

	* group everything related to setting prefix in one place rather than
	  scattered through the function.

2016-06-27  Laine Stump  <laine@laine.org>

	global: consistently use IP rather than Ip in identifiers
	I'm tired of mistyping this all the time, so let's do it the same all
	the time (similar to how we changed all "Pci" to "PCI" awhile back).

	(NB: I've left alone some things in the esx and vbox drivers because
	I'm unable to compile them and they weren't obviously *not* a part of
	some API. I also didn't change a couple of variables named,
	e.g. "somethingIptables", because they were derived from the name of
	the "iptables" command)

2016-06-27  Laine Stump  <laine@laine.org>

	util: move virInterface(State|Link)/virNetDevFeature from conf to util
	These had been declared in conf/device_conf.h, but then used in
	util/virnetdev.c, meaning that we had to #include conf/device_conf.h
	in virnetdev.c (which we have for a long time said shouldn't be done.

	This caused a bigger problem when I tried to #include util/virnetdev.h
	in a file in src/conf (which is allowed) - for some reason the
	"device_conf.h: File not found" error.

	The solution is to move the data types and functions used in util
	sources from conf to util. Some names were adjusted during the move
	("virInterface" --> "virNetDevIf", and "VIR_INTERFACE" -->
	"VIR_NETDEV_IF")

2016-06-27  Laine Stump  <laine@laine.org>

	util: move virNetDevLinkDump to virnetlink.c
	virNetDevLinkDump should have been in virnetlink.c, but that file
	didn't exist yet when the function was created. It didn't really
	matter until now - I found that having virnetlink.h included by
	virnetdev.h caused build problems when trying to #include virnetdev.h
	in a .c file in src/conf (due to missing directory in -I). Rather than
	fix that to further institutionalize the incorrect placement of this
	one function, this patch moves the function.

2016-06-26  Erik Skultety  <eskultet@redhat.com>

	spec: distribute admin API within libvirt-client package
	With respect to to the following thread
	https://www.redhat.com/archives/libvir-list/2016-June/msg01822.html, until we
	introduce a new rpm package '-libs' that would allow us to drop daemon's
	dependency on the client package, distribute admin API related stuff within
	the client package (since it's the best analogy to the virsh client).

	examples: admin: Add some examples for the new admin APIs
	Some of the examples make use of asprintf and strtol functions (to keep
	things simple) which are prohibited to use within our code (enforced by
	syntax-check). Therefore besides adding some examples, this patch also updates
	cfg.mk to exclude examples directory from asprintf and strtol rules, as well as
	updates .gitignore to exclude all the new admin binaries created in the
	'examples' dir.

	admin: enable both admin API functionality and tarball distribution
	This patch enables admin socket creation in daemon's code, bumps the library
	version in libvirt_admin_public.syms, and performs all necessary modifications
	to our makefiles so that admin API can finally be included in the tarball,
	and eventually become part of an rpm package (a patch later in this series).

2016-06-25  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: always pass graphics address to sdk
	We need this because apply graphics functions is used on
	update too. Also in case of NULL address resolve it to default
	instead of error.

	vz: support vnc password

	vz: remove exlicitly setting zeros in dumping graphics
	Allocation will do this job. Also we don't use the explicit setting
	in other places.

	vz: support attach/detach/update/ of graphics device
	Move graphic device config to post parse. This way we
	detect error on early stage and leverage checking on detach too.

	vz: move getting container video devices out from vnc code

2016-06-25  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: trustGuestRxFilters fixes
	First we need to always set value to vz sdk parameter so
	we can leverage setting code for device updates. This patch
	resolves tristate default to off implicitly. This is easier
	then extract default value from vz sdk itself. First current
	default is off too, second this approach is already taken
	for 'net->linkstate'.

	Second dump this option in domain xml.

2016-06-25  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix minor type safey issues with net union usage
	Fix net->data usage accordingly to type field.

2016-06-25  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix updating to no gateways
	Current code that pass gateways to vz sdk is not suitable for
	updates. If update has no gateways while we had them before
	we need to pass "" for vz sdk gateways to reset old value.

	The code definitely deserves its own function.

	Drop checks that skip setting gateways if network address
	is not set. Such a configuration is possible in vz sdk.

2016-06-25  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: dump route info in domain xml

	vz: dump ip addresses to domain xml

	vz: give nice report if network device not found

	vz: fix memory leaks in attach/detach functions

	vz: move disks checks to device post parse
	And reformat so that we don't have lengthy lines. Also simplify
	some checks.

	vz: leverage disks parameters check on disks updates too
	This is as easy as moving disks checks from domain post
	parse callback to device post parse callback.

	vz: add device updates

	vz: reuse edit config frame in for attach/detach functions
	Attach/detach functions for disk/net are quite trivial and
	typically call a few functions in begin/end edit frame. Having
	in mind update function too adding configuring for another
	device (like graphics) will introduce 3 trivial functions more.
	Let's replace current approach by attach/detach functions for
	device.

	vz: make prlsdkGetDisk more generic
	Current implementation works with hard disks only. This patch
	adds support for any disk device (cdroms and hdds right now).

	vz: remove disk cache mode hunk
	This code was added as a part of huge patch that moves driver
	from working with prlctl to vz sdk so there is no good explanation
	why this is done this way. The problem that it is not correct.
	vz sdk cache mode parameter affects all domain disks while this hunk
	resets its on every disk to a new value.

2016-06-25  Qiaowei Ren  <qiaowei.ren@intel.com>

	cpu_map.xml: add cmt/mbm feature to x86
	Some Intel processor families (e.g. the Intel Xeon processor E5 v3
	family) introduced some PQos (Platform Qos) features, including CMT
	(Cache Monitoring technology) and MBM (Memory Bandwidth Monitoring),
	to monitor or control shared resource. This patch add them into x86
	part of cpu_map.xml to be used for applications based on libvirt to
	get cpu capabilities. For example, Nova in OpenStack schedules guests
	based on the CPU features that the host has.

2016-06-25  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Consolidate ARM drivers
	Both ARM and AArch64 drivers are exactly the same (modulo function
	names). Let's use just one driver for all ARM architectures.

2016-06-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build in virNetDevTapGetRealDeviceName
	Commit e81de04c switched virNetDevTapGetRealDeviceName() to use
	virDirOpen() instead of opendir(), however it mistakenly dropped
	DIR *dirp declaration, so restore that to fix build.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjBuildTempFilePath
	Create a function to return a temporary file path to be used in a mkostemp
	type call using the path to the stateDir + pool->def->name + vol->name

2016-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Promote storage pool refresh lifecycle event to top level event
	The VIR_STORAGE_POOL_EVENT_REFRESHED constant does not
	reflect any change in the lifecycle of the storage pool.

	It should thus not be part of the storage pool lifecycle
	event set, but rather be a top level event in its own
	right. Thus we introduce VIR_STORAGE_POOL_EVENT_ID_REFRESH
	to replace it.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	util: Add 'luks' to the FileTypeInfo
	Add the ability to detect a luks encrypted device.

	util: Modify the FileTypeInfo to add a version size
	The version field historically has been a 4 byte data; however, an upcoming
	new type will use a 2 byte version.  So let's adjust for that now.

	util: Introduce virReadBufInt16LE and virReadBufInt16BE
	In order to read 16 bits of data in the native format and convert add
	the 16 bit macros to match existing 32 and 64 bit code.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	qemu: Remove authdef from secret setup
	Rather than pass authdef, pass the 'authdef->username' and the
	'&authdef->secdef'

	Note that a username may be NULL.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	qemu: Change protocol parameter for secret setup
	Rather than assume/pass the protocol to the qemuDomainSecretPlainSetup
	and qemuDomainSecretAESSetup, set and pass the secretUsageType based
	on the src->protocol type. This will eventually be used by the
	virSecretGetSecretString call

2016-06-24  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	Document to not rely on virConnectGetMaxVcpus API
	The API virConnectGetMaxVcpus doesn't really reflect the actual usable number
	of cpus as the maximum limits can be different for kvm and/or qemu. So update
	the documentation to use virConnectGetDomainCapabilities() instead.

	qemu: check the kvm host cpu max limits in virConnectGetDomainCapabilities
	The qemu limit and host limit both should be considered for
	the domain vcpu max limits.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	qemu: Make qemuBuildSecretInfoProps global
	Need to create the object for a hotplug disk

	qemu: Remove type from qemuBuildSecretInfoProps
	It's just a constant "secret" string anyway

2016-06-24  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	Rename kvmGetMaxVCPUs() to virHostCPUGetKVMMaxVCPUs()
	This kvmGetMaxVCPUs() needs to be used at two different places
	so move it to utils with appropriate name and mark it as private
	global now.

2016-06-24  yuelongguang  <yuelongguang@le.com>

	add help document relevant to default mapping of credentials to machines
	* src/util/virauthconfig.c

2016-06-24  Peter Krempa  <pkrempa@redhat.com>

	conf: Allow disks with identical WWN or serial
	Disallowing them broke a use case of testing multipath configurations
	for storage. Originally this was added as it was impossible to
	use certain /dev/disk-by... links but the disks worked properly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349895

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	build: increase xz compression level
	Increase the default compression level to 9 from 6.

	This also increases decompression memory requirements
	from 9 MB to 65 MB.

	Also turn on verbosity.

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	openvz: do not open-code STRSKIP
	Remove one more use of STREQLEN with strlen as its argument.

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	Fix error detection in virStorageBackendISCSIGetHostNumber
	In the unlikely case the iSCSI session path exists, but does not
	contain an entry starting with "target", we would silently use
	an initialized value.

	Rewrite the function to correctly report errors.

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	Replace some uses STREQLEN with STRPREFIX
	Do not call it with a magic constant matching the length
	of the pattern.

2016-06-24  John Ferlan  <jferlan@redhat.com>

	docs: Fix whitespace in output
	Many moons ago, commit id '8d7800a55' adjusted the format of the output
	to add a space on the HEADER and the DATA... the docs weren't updated to
	reflect that... This makes that adjustment.

2016-06-24  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	qemu: Check for VFIO too where legacy passthrough is checked
	On PPC the legacy passthrough is not supported and only
	VFIO is supported. So, the checks at places to confirm if the
	host is passthrough capable checks only legacy, fix it. This
	is seen at only one place now.

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	virStorageBackendISCSIGetHostNumber: correctly use virDirOpen
	Incorrect conflict resolution in my commit e81de04c1 broke this.

	Prohibit opendir in syntax-check
	Prefer virDirOpen.

	Use virDirOpenQuiet
	Remove all the remaining usage of opendir.

	Introduce virDirOpenQuiet
	A helper function that does not report any errors.

	Use virDirOpenIfExists
	Use it instead of opendir everywhere we need to check for ENOENT.

	Add virDirOpenIfExists
	Just like virDirOpen, but it returns 0 without reporting an error
	on ENOENT.

	Use virDirOpen
	Switch from opendir to virDirOpen everywhere we need to report an error.

	Introduce virDirOpen
	A helper that calls opendir and reports an error if it fails.

2016-06-24  Cole Robinson  <crobinso@redhat.com>

	storage: Fix coverity warning
	After commit e808d3f227 cbdata is always available here, so the
	check is pointless

2016-06-24  Martin Kletzander  <mkletzan@redhat.com>

	Don't allow raneming domains to empty strings
	It may cause unwanted behaviour (of course, is there any wanted one for
	that case?) so we should rather disable the possibility of doing so.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1320893

2016-06-24  Ján Tomko  <jtomko@redhat.com>

	openvz: split single-line if
	Put the 'continue' statement on a separate line.

2016-06-24  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use stricter checks in virQEMUCapsFillDomainDeviceDiskCaps()
	Unfortunately, we can't just call qemuDomainMachineIsPSeries()
	here, because we don't have a virDomainDef instance; that said,
	the open-coded check should match said function as closely as
	possible.

	qemu: Introduce qemuDomainMachineIsPSeries()
	This new function checks for both the architecture and the
	machine type, so we can use it instead of writing the same
	checks over and over again.

	qemu: Add architecture checks to qemuDomainMachineIsVirt()
	Remove all external architecture checks that have been
	made redundant by this change.

	qemu: Remove redundant arguments to qemuBuildSerialChrDeviceStr()
	Since we're already passing the full virDomainDef, it doesn't
	make sense to also pass def->os.arch and def->os.machine as
	separate arguments.

2016-06-24  Martin Pietsch  <martin.pietsch@tu-dresden.de>

	Add support for VirtualBox 5

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Rename virNetClient*AddrString
	Add SASL at the end to make the format obvious.

	Rename virNetServerClient*AddrString
	Add SASL at the end to make the format obvious.

	Add SASL to virNetSocket{Local,Remote}AddrString
	Rename them to virNetSocket{Local,Remote}AddrStringSASL
	to make their format more obvious.

	virNetSocket: rename AddrStr to AddrStrSASL
	Make it more obvious that these are in the SASL format.

	virnetsockettest: fix error messages

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Introduce virNetServerClientRemoteAddrStringURI
	Use it in virNetServerClientGetInfo to switch back to using
	the URI-format (separated by ':') instead of the SASL format
	(separated by ';').

	Also use it in the error message reported by virNetServerAddClient.

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Introduce virNetSocketRemoteAddrStringURI
	It will return the socket address and port in a URI-like
	format: [::1]:1234
	Add a test case to virnetsockettest.

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Revert "virnetsocket: Provide socket address format in a more standard form"
	This partially reverts commit 9b45c9f049a7e9b6c1abfa6988b63b760714e169.

	It changed the default format of socket address from the one SASL
	requires, but did not adjust all the callers.

	It also removed the test coverage for it.

	Revert most of the changes except the virSocketAddrFormatFull support
	for URI-formatted strings.

	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1345743 while
	reverting the format used by virt-admin's client-info command from
	the URI one to the SASL one.

	https://bugzilla.redhat.com/show_bug.cgi?id=1345743

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Do not skip files starting with a dot in leases directory
	'.' and '..' are skipped by virDirRead already.

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Allow configs to start with a dot
	This fixes the disappearance of domains and networks starting with a
	dot.

	https://bugzilla.redhat.com/show_bug.cgi?id=1333248

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Do not skip hidden entries when looking for a stable path
	The device names are unlikely to start with a dot.
	'.' and '..' are already skipped by virDirRead.

	Do not ignore hidden files in /sys and /proc
	The directories we iterate over are unlikely to contain any entries
	starting with a dot, other than '.' and '..' which is already skipped
	by virDirRead.

	Fix comment in virStorageBackendFileSystemRefresh
	'.' and '..' are now skipped by virDirRead, there's no need to mention
	them in the comment.

	Do not check for '.' and '..' after virDirRead
	It skips those directory entries.

	Skip '.' and '..' in virDirRead
	All of the callers either skip these explicitly, skip all entries
	starting with a dot or match the entry name against stricter patterns.

	Introduce VIR_DIR_CLOSE
	Introduce a helper that only calls closedir if DIR* is non-NULL
	and sets it to NULL afterwards.

	Do not check the return value of closedir
	The only possible error is EBADFD.
	Since we only use the directory stream returned by opendir,
	this should never happen.

	Do not save errno in virUSBDeviceSearch
	The virUSBDeviceFind* callers do not check errno after calling
	this function.

2016-06-23  Peter Krempa  <pkrempa@redhat.com>

	tests: utils: Fail XML file comparison if input file doesn't exist
	In cases where we expect parse failure of the test input file the
	testsuite can't differentiate if the parser failed when parsing or when
	opening the file. Add a call to virFileExists and error out on missing
	input files.

	Missing output files are partially expected when regenerating test
	output.

2016-06-23  Peter Krempa  <pkrempa@redhat.com>

	tests: genericxml2xml: Fix test file name
	Commit b1fc6a7b added a test file but used a different name in the
	actual test.

2016-06-23  John Ferlan  <jferlan@redhat.com>

	qemu: Add new secret info type
	Add 'encinfo' to the extended disk structure. This will contain the
	encryption secret (if present).

	util: Introduce virSecretLookupFormatSecret
	Add utility to format the virSecretLookupTypeDefPtr in XML

	util: Move and rename virStorageAuthDefParseSecret
	Move to virsecret.c and rename to virSecretLookupParseSecret. Also convert
	to usage xmlNodePtr and virXMLPropString rather than virXPathString.

2016-06-23  John Ferlan  <jferlan@redhat.com>

	secret: Move virStorageSecretType and rename
	Move the enum into a new src/util/virsecret.h, rename it to be
	virSecretLookupType. Add a src/util/virsecret.h in order to perform
	a couple of simple operations on the secret XML and virSecretLookupTypeDef
	for clearing and copying.

	This includes quite a bit of collateral damage, but the goal is to remove
	the "virStorage*" and replace with the virSecretLookupType so that it's
	easier to to add new lookups that aren't necessarily storage pool related.

2016-06-23  Cole Robinson  <crobinso@redhat.com>

	storage: Remove redundant refreshPool check
	Every driver provides a refreshPool impl, and many other critical
	places in the code unconditionally call it without checking if
	it exists, so this check is pointless

	qemu: command: Error on accel2d
	qemu doesn't have any accel2d support wired up. Explicitly error
	if a user tries it out, or typos the accel3d option

	qemu: command: Error on accel3d with non-virtio
	We should be raising an error if accel3d is present for any
	non-virtio video as well, incase someone tries it for say 'qxl'

2016-06-23  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: make monitor command API available during async jobs
	  One can not issue monitor commands manually during async calls thru
	designated API while this could be useful for testing/debugging purposes.
	qemuDomainQemuMonitorCommand uses job of type QEMU_JOB_MODIFY and any async
	call disable parallel execution of this type of job. The only state that is
	changed is taint variable. AFAIU the only place we can mess is resetting
	taint flag in qemuProcessStop routine under some async job. But this can not
	happen thanx to both virDomainObjIsActive check in qemuDomainQemuMonitorCommand
	and resetting active status in qemuProcessStop before taint flag.

	  Change job type to QEMU_JOB_QUERY and thus make the API call available for
	most of async jobs.

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	prohibit-duplicate-header: print file name and line
	This way :make syntax-check in ViM will point you at the offending line.

	syntax-check: rewrite prohibit-duplicate-header in perl
	Invoke the script only once instead of once for every file.

2016-06-23  Peter Krempa  <pkrempa@redhat.com>

	Allow virDomain(SG)etGuestVcpus on read-write connection only
	Guest agent interaction is considered privileged.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349272

2016-06-23  Ján Tomko  <jtomko@redhat.com>

	Do not ignore perl scripts in build-aux
	Also remove the duplicate build-aux entry from .gitignore.

	Add newDomain parameter to qemuDomainAssignAddresses
	Pass 'true' if we are not dealing with a migration.

	Add a USB hub to controller order test
	The test has too many USB devices.

2016-06-23  Cole Robinson  <crobinso@redhat.com>

	conf: Remove dead console compat formatting
	This code was attempting to handle some implicit <console> XML
	formatting for manually assembled DomainDef, since previously the
	console<->serial compat copying was only done at XML parse time.

	Nowadays it's done via virDomainDefPostParse ->
	virDomainDefAddConsoleCompat, which all manual DomainDef builders
	already call, so we can drop this workaround.

2016-06-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: use serial device for console when targetType is serial
	When domXML contains only <console type='pty'> and no corresponding
	<serial>, the console is "stolen" [1] and used as the first <serial>
	device. When this "stolen" console is accessed from the libxl driver
	(in libxlConsoleCallback and libxlDomainOpenConsole), check if the
	targetType is VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL, and use the
	"stolen" device in def->serials[0] instead. Prior to this change,
	creating a domain with input XML containing only a <console> device
	and subsequently attempting to access its console with
	'virsh console' would fail

	error: internal error: character device <null> is not using a PTY

	[1] See comments associated with virDomainDefAddConsoleCompat() in
	    $LIBVIRT-SRC/src/conf/domain_conf.c:

2016-06-22  Ján Tomko  <jtomko@redhat.com>

	Use for instead of code duplication when parsing USB port
	We are done if the string ends and move to another nesting
	level if we find a dot.

	Split out USB port parsing
	Make rewriting it easier.

2016-06-22  Ján Tomko  <jtomko@redhat.com>

	Add a test for long USB port paths
	We support up to four levels of nested USB devices in the guest.

	Add a test for a domain using all four and a negative test for a domain
	using five.

2016-06-22  Jiri Denemark  <jdenemar@redhat.com>

	Report auto convergence throttle rate in migration stats

	qemu: Implement auto convergence migration parameters

	qemu: Add support for cpu throttling parameters

	qemu: Introduce qemuMigrationSetParams
	Several places in the code update qemuMonitorMigrationParams structure
	and qemuMigrationSetParams is then used to set them all at once.

	Add auto convergence migration parameters
	They can be used to tune auto-convergence algorithm (which is enabled
	with VIR_MIGRATE_AUTO_CONVERGE).

	test: Rework qemuMonitorJSONGetMigrationParams test

	qemu: Rework qemuMonitorJSONSetMigrationParams

	qemu: Rework qemuMonitorJSONGetMigrationParams
	We should not require any parameters to be present. After all we have
	the *_set bools to express that some parameters were not set.

	qemu: Rename qemuMonitorMigrationCompression
	qemuMonitorMigrationParams is a better name for a structure which
	contains various migration parameters. While doing that, we should use
	full names for individual parameters.

	qemu: Decouple migration parameters from compression settings
	Compression parameters are not the only migration parameters.

	qemu: Make qemuMonitorSetMigrationCompression saner
	Checking whether the function has anything to do is better done in the
	function rather then requiring callers to do that.

	conf: Simplify conditions in CPU parser/formatter

	qemucapsprobe: Don't put empty line at EOF

2016-06-22  Jiri Denemark  <jdenemar@redhat.com>

	conf: Remove redundant free in virCPUDefFree
	vendor_id is (and always was) already freed in virCPUDefFreeModel.

	This effectively reverts commit fb49ffc3.

2016-06-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix reference leak in qemuDomainDefPostParse
	The function gets a reference on virQEMUDriverConfig which needs to be
	released before returning.

	qemu: Hide virQEMUCapsNewForBinary
	Since virQEMUCapsNewForBinaryInternal was introduced,
	virQEMUCapsNewForBinary is no longer used outside qemu_capabilities.c.

2016-06-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement virDomainSetGuestVcpus
	Allow modification of specific vCPU states via the guest agent.

	qemu: Implement virDomainGetGuestVcpus
	Allow gathering available vcpu ids, their state and offlinability via
	the qemu guest agent. The maximum id was chosen arbitrarily and ought
	to be enough for everybody.

2016-06-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: agent: Make setting of vcpus more robust
	Documentation for the "guest-set-vcpus" command describes a proper
	algorithm how to set vcpus. This patch makes the following changes:

	- state of cpus that has not changed is not updated
	- if the command was partially successful the command is re-tried with
	  the rest of the arguments to get a proper error message
	- code is more robust against malicious guest agent
	- fix testsuite to the new semantics

2016-06-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add command 'guestvcpus' implementing virDomain(GS)etGuestVcpus
	Add a straightforward implementation for using the new APIs.

2016-06-22  Peter Krempa  <pkrempa@redhat.com>

	lib: Add API to set individual vcpu usage in the guest via guest agent
	To allow finer-grained control of vcpu state using guest agent this API
	can be used to individually set the state of the vCPU.

	This will allow to better control NUMA enabled guests and/or test
	various vCPU configurations.

2016-06-22  Peter Krempa  <pkrempa@redhat.com>

	lib: Add API to query guest vcpu info using guest agent
	Add a rather universal API implemented via typed params that will allow
	to query the guest agent for the state and possibly other aspects of
	guest vcpus.

	rpcgen: Add support for generating funcs returning alloc'd typed params
	Since it's rather tedious to write the dispatchers for functions that
	return an array of typed parameters (which are rather common) let's add
	some rpcgen code to generate them.

2016-06-21  John Ferlan  <jferlan@redhat.com>

	tests: Adjust tests for encrypted storage
	Make them work again...  The xml2xml had been working, but the xml2argv
	were not working. Making the xml2argv work required a few adjustments to
	the xml to update to more recent times.

	storage: Use virSecretGetSecretString
	Rather than inline code secret lookup for rbd/iscsi, use the common function.

	storage: Create helper to set options for CreateQemuImg code
	Create a helper virStorageBackendCreateQemuImgSetOptions to set either
	the qemu-img -o options or the previous mechanism using -F

	storage: Create helper to set backing for CreateQemuImg code
	Create a helper virStorageBackendCreateQemuImgSetBacking to perform the
	backing store set

2016-06-21  John Ferlan  <jferlan@redhat.com>

	storage: Adjust qemu-img switches check
	Since we support QEMU 0.12 and later, checking for support of specific flags
	added prior to that isn't necessary.

	Thus start with the base of having the "-o options" available for the
	qemu-img create option and then determine whether we have the compat
	option for qcow2 files (which would be necessary up through qemu 2.0
	where the default changes to compat 0.11).

	Adjust test to no long check for NONE and FLAG options as well was removing
	results of tests that would use that option.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	Do not call postParse with ABI_UPDATE when parsing cmdline
	So far this is only useful for recalculating NUMA memory size,
	which this function cannot parse.

	This will let us generate USB addresses based on this flag.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	Fix USB port in input-usbmouse test
	The default USB controller only has two ports.

	test-wrap-argv: add --check parameter
	This script can already operate on a list of files.
	Add a --check parameter to check if multiple files are wrapped
	correctly with a single invocation of the script.

	test-wrap-argv: add --in-place parameter
	If --in-place is supplied as the first argument to the script,
	replace the file in-place instead of printing to stdout.

	test-wrap-argv: hold a copy of the original file in an array
	This will be useful to check if the file is wrapped already.

	test-wrap-argv: return a string in rewrap_line
	Leave the printing up to &rewrap.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	test-wrap-argv: use map and join instead of a for cycle
	We have a list of parameters in @args, that need to be rewrapped
	and separated by a space and escaped newline: " \\\n", with the
	exception of the last one, which only needs a newline.

	Instead of a for cycle, rewrap the individual arguments using map,
	and interleave them with escaped newlines by using join.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	test-wrap-argv: return a string in rewrap_arg
	Do not print anything, let the caller take care of it.

	test-wrap-argv: split out rewrap_arg
	Split out the code wrapping the single argument.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	test-wrap-argv: split out rewrap_line
	Shorten the rewrap subroutine by splitting out the code
	dealing with a single line.

	Also remove $file from the warning.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	vsh: remove namespace poisoning
	We already have a syntax-check to prohibit direct use of these
	allocation functions.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	vbox: remove duplicate macros
	There is a definiton of VIR_FROM_THIS just two lines above.

	The rest is defined in vbox_common.h.

2016-06-21  Ján Tomko  <jtomko@redhat.com>

	Remove unused SOL_NETLINK macro
	Introduced by commit d575679, unused at the time.

2016-06-21  Laine Stump  <laine@laine.org>

	conf: limit chassisNr, and busNr to a minimum value of 1, not 0
	In the case of chassisNr (used to set chassis_nr of a pci-bridge
	controller), 0 is reserved for / used by the pci[e]-root bus. In the
	base of busNr, a value of 0 would mean that the root bus had no places
	available to plug in new buses, including the pxb itself (the
	documentation I wrote for pxb even noted the limit of busNr as 1.254).

	NB: oddly, the "chassis" attribute, which is used for pcie-root-port
	and pcie-switch-downstream-port *can* be set to 0, since it's the
	combination of {chassis, slot} that needs to be unique, not chassis by
	itself (and slot 0 of pcie-root is reserved, while pcie-*-port can use
	*only* slot 0).

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1342962

2016-06-21  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix typo pci-extender-bus -> pci-expander-bus

2016-06-21  Jiri Denemark  <jdenemar@redhat.com>

	virsh migrate: Fix positional parameters
	Thanks to our smart option parser which automatically assigns positional
	parameters the following (previously working) command fails:

	    virsh migrate test qemu+ssh://1.2.3.4/system tcp://1.2.3.4/
	    error: invalid argument: Unsupported compression method
	    'tcp://1.2.3.4/'

	We need to make sure new options are added at the end of the list rather
	than where they logically belong.

	Reported by Brian Rak.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Mark virsh-optparse as expensive

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Drop virrandomtest
	This test only checks if mocking of virRandomBytes works correctly.

	Drop it to avoid infinite recursion by testing the test suite.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Remove virsh-synopsis
	This tests checks that the first word after SYNOPSIS
	in virsh help ${command} output is ${command}.

	This was only good to check that the command option structures
	are valid, which is now served by 'virsh self-test'.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Introduce virsh self-test
	A new hidden command for virsh that will iterate over
	all command groups and commands and print help for every single one.

	This involves running vshCmddefOptParse so we can get an error if
	one of the command's option structure is invalid.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	tests: mock gnutls_dh_params_generate2
	This function generates some big random numbers.

	Cache the result and supply it to any subsequent generate2 calls.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Remove virsh-all
	Since e8ac4a7 this test wastes some CPU cycles by blindly trying to
	run almost every virsh command, blindly throwing away the output
	and the return value and returning success if 'virsh help' successfully
	returned at least one command.

	Drop it completely.

2016-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: Make failure to get supplementary group list for a uid non-fatal
	Since introduction of the DAC security driver we've documented that
	seclabels with a leading + can be used with numerical uid. This would
	not work though with the rest of libvirt if the uid was not actually
	used in the system as we'd fail when trying to get a list of
	supplementary groups for the given uid. Since a uid without entry in
	/etc/passwd (or other user database) will not have any supplementary
	groups we can treat the failure to obtain them as such.

	This patch modifies virGetGroupList to not report the error for missing
	users and makes it return an empty list or just the group specified in
	@gid.

	All callers will grant less permissions to a user in case of failure of
	this function and thus this change is safe.

2016-06-20  Peter Krempa  <pkrempa@redhat.com>

	util: Add option not to report errors in virGetUserEnt
	In some cases it will be necessary to ignore errors reported from this
	function. This allows suppressing them to avoid spamming logs.

	tools: virt-login-shell: Fix cut'n'paste mistake in error message
	Whine about 'allowed_users' having wrong format rather than 'shell'

	tools: virt-login-shell: Fix group list bounds checking
	The list certainly isn't zero terminated and it would disallow usage of
	group 'root'. Pass in the array size and match against it.

	conf: Fix label name in virDomainGraphicsListensParseXML
	Use 'cleanup' since it's also used on success.

2016-06-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix memory leak in graphics XML parser
	When loading status XMLs with following graphics definition:

	  <graphics type='spice' port='5900' autoport='yes' listen='127.0.0.1'>
	    <listen type='address' address='127.0.0.1' fromConfig='1'/>
	    <image compression='off'/>
	  </graphics>

	libvirtd would leak a few bytes:

	10 bytes in 1 blocks are definitely lost in loss record 71 of 1,127
	   at 0x4C2C000: malloc (vg_replace_malloc.c:299)
	   by 0x6789298: xmlStrndup (in /usr/lib64/libxml2.so.2.9.4)
	   by 0x552AB0A: virXMLPropString (virxml.c:479)
	   by 0x5539536: virDomainGraphicsListensParseXML (domain_conf.c:11171)
	   by 0x553DD5E: virDomainGraphicsDefParseXMLSpice (domain_conf.c:11414)
	   by 0x553DD5E: virDomainGraphicsDefParseXML (domain_conf.c:11749)
	   by 0x5566061: virDomainDefParseXML (domain_conf.c:16939)
	   by 0x556953F: virDomainObjParseXML (domain_conf.c:17348)
	   by 0x556953F: virDomainObjParseNode (domain_conf.c:17513)
	   by 0x5569902: virDomainObjParseFile (domain_conf.c:17532)
	   by 0x5571E02: virDomainObjListLoadStatus (virdomainobjlist.c:514)
	   by 0x5571E02: virDomainObjListLoadAllConfigs (virdomainobjlist.c:596)
	   by 0x26E0BDC8: qemuStateInitialize (qemu_driver.c:911)
	   by 0x55B1FDB: virStateInitialize (libvirt.c:770)
	   by 0x122039: daemonRunStateInit (libvirtd.c:960)

2016-06-20  Chen Hanxiao  <chenhanxiao@gmail.com>

	util: fix a typo
	s/succcess/success

2016-06-20  Jaroslav Suchanek  <jsuchane@redhat.com>

	docs: virsh: Added note for the dump command
	Crash dump in a old kvmdump format is being obsolete and cannot be loaded and
	processed by crash utility since its version 6.1.0. A --memory-only option is
	required in order to produce valid ELF file which can be later processed by the
	crash utility. A new note is added to the dump command description.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Allow disjunct ranges in VIR_TEST_RANGE
	Use virBitmapParseUnlimited to parse the env variable.

	Introduce virBitmapParseUnlimited
	For parsing a bitmap of an unknown size.

	Remove separator argument from virBitmapParse
	Most the callers pass 0 in one form or another, including
	vircapstest which used VIR_ARCH_NONE.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Introduce virBitmapParseSeparator
	This will be used for the caller that needs to specify a separator.
	Currently identical to virBitmapParse.

	Also change one test case to use the new function.

2016-06-20  Ján Tomko  <jtomko@redhat.com>

	Do not return number of set bits in virBitmapParse
	This is only used by one caller.

2016-06-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Don't use legacy USB for aarch64 mach-virt guests
	The '-usb' option doesn't have any effect for aarch64 mach-virt
	guests, so the fact that it's currently enabled by default is not
	really causing any issue.

	However, that might change in the future (although unlikely), and
	having it as part of the QEMU command line can cause confusion to
	someone looking through the process list.

	Avoid it completely, like it's already happening for q35.

2016-06-19  Tomasz Flendrich  <t.flendrich@gmail.com>

	qemu_hotplug: Use a helper variable consistently

2016-06-18  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	virsh: Introduce pool-event command
	Similar to 'event' and 'net-event', this prints info about incoming
	storage pool events.

2016-06-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: add USB to hostdev domcapabilities
	Commit 2a58ed0b added support for creating guests with USB
	hostdevs. Commit fc21d10 later added support for hotplut of
	USB hostdevs. Advertise support for USB hostdevs in the
	domcapabilities.

	In addition add the appropriate caps for USB support on
	domaincapstest when libvirt is built on a Xen with
	LIBXL_HAVE_PVUSB. Otherwise domaincapstest would fail i.e.
	testing the wrong domain capabilities.

2016-06-17  Ján Tomko  <jtomko@redhat.com>

	qemu: restore non-pci hostdev labels after detach
	Commit 409de00 changed the logic to only match PCI devices
	while moving this before Remove*HostDevice calls.

	https://bugzilla.redhat.com/show_bug.cgi?id=1342874

2016-06-17  Ján Tomko  <jtomko@redhat.com>

	Remove stray space in cmdHelp

2016-06-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Permit PCI-free aarch64 mach-virt guests
	There has been some progress lately in enabling virtio-pci on
	aarch64 guests; however, guest OS support is still spotty at best,
	so most guests are going to be using virtio-mmio instead.

	Currently, mach-virt guests are closely modeled after q35 guests,
	and that includes always adding a dmi-to-pci-bridge that's just
	impossible to get rid of. While that's acceptable (if suboptimal)
	for q35, where you will always need some kind of PCI device anyway,
	mach-virt guests should be allowed to avoid it.

2016-06-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDetachDeviceConfig: Allow cold unplug of redirdevs
	This is fairly simple. We lookup the device in the array of
	devices and remove it. No magic.

	qemuDomainAttachDeviceConfig: Allow redirdev coldplug
	This is really simple, we just need to append the device into the
	domain def and that's it.

	virDomainDeviceInfoIterateInternal: Iterate through redirdevs too
	This is going to be important later when we received
	DEVICE_DELETED event on the qemu monitor. If we do,
	virDomainDefFindDevice() is called to find the device for given
	device alias in the virDomainDef tree. When we enable removal for
	redirdevs we need to include them in the lookup process too.

	virDomainRedirdevDef: Introduce find & remove routines
	Basically, there are just two functions introduced here:
	virDomainRedirdevDefFind which looks up given redirdev in domain
	definition, and virDomainRedirdevDefRemove which removes the
	device at given index in the array of devices.

	domain_conf: Validate redirdev after parsing
	There's currently just one limitation: redirdevs that want to go
	on USB bus require a USB controller, surprisingly.
	At the same time, since I'm using virDomainDefHasUSB() in this
	new validator function, it has to be moved a few lines up and
	also its header needed to be changed a bit: it is now taking a
	const pointer to domain def since it's not changing anything in
	there.

2016-06-17  Ján Tomko  <jtomko@redhat.com>

	configure: remove definition of HAVE_GLIBC_RPCGEN
	Unused since commit fb1e8d9 in May 2011.

	configure: error out when asked for mpath on non-Linux

2016-06-17  Ján Tomko  <jtomko@redhat.com>

	configure: define preprocessor macros for SCSI and MPATH
	This fixes building these backends when explicitly enabled
	on the command line.

	Exposed by commit a659559 which started adding
	--with-storage-mpath in the spec file.

	https://bugzilla.redhat.com/show_bug.cgi?id=1346724

2016-06-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix alignment in virDomainDefAddController() call

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	tests: schema: Remove useless perf schema data
	We have a test case that excercises the parser and formatter now which
	takes part in schema checking so remove the schema-only test.

	docs: virsh: Add minimal documentation for 'mbmt' and 'mbml' perf events

2016-06-17  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Use signature in CPU detection code
	Our current detection code uses just the number of CPU features which
	need to be added/removed from the CPU model to fully describe the CPUID
	data. The smallest number wins. But this may sometimes generate wrong
	results as one can see from the fixed test cases. This patch modifies
	the algorithm to prefer the CPU model with matching signature even if
	this model results in a longer list of additional features.

2016-06-17  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add Skylake-Client x86 CPU model
	The CPU model was implemented in QEMU by commit f6f949e929.

	The change to i7-5600U is wrong since it's a 5th generation CPU, i.e.,
	Broadwell rather than Skylake, but that's just the result of our CPU
	detection code (which is fixed by the following commit).

2016-06-17  Martin Kletzander  <mkletzan@redhat.com>

	spec: Make driver-qemu require driver-storage
	Without that we might get similar messages in the log:

	  error : virDriverLoadModule:73 : failed to load module
	  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so
	  /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so: undefined
	  symbol: virStorageFileCreate

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Rename virDomainDefGetMemoryActual to virDomainDefGetMemoryTotal

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove pre-calculation of initial memory size
	While we need to know the difference between the total memory stored in
	<memory> and the actual size not included in the possible memory modules
	we can't pre-calculate it reliably. This is due to the fact that
	libvirt's XML is copied via formatting and parsing the XML and the
	initial memory size can be reliably calculated only when certain
	conditions are met due to backwards compatibility.

	This patch removes the storage of 'initial_memory' and fixes the helpers
	to recalculate the initial memory size all the time from the total
	memory size. This conversion is possible when we also make sure that
	memory hotplug accounts properly for the update of the total memory size
	and thus the helpers for inserting and removing memory devices need to
	be tweaked too.

	This fixes a bug where a cold-plug and cold-remove of a memory device
	would increase the size reported in <memory> in the XML by the size of
	the memory device. This would happen as the persistent definition is
	copied before attaching the device and this would lead to the loss of
	data in 'initial_memory'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1344892

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix perf event parser
	The parser was totaly broken. Fix it by rewriting it. Add tests so that
	it doesn't happen.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1346723

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	docs: Add at least some docs and fix schema entry for perf events
	There was no documentation at all for the XML part. I added at least
	some. The 2.0.0 introduction date is deliberate as the parser for the
	XML is broken.

	The schema file was missing entries for 'mbml' and 'mbmt'.

2016-06-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: perf: Don't set state of first event for every other event
	A bug in the code used the value of the first perf event as state for
	all the mentioned one rather than extracting individual ones.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1346730

2016-06-16  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: fix conversion of <driver> to backendtype
	When converting domXML to xen xl.cfg, backendtype should
	not be emitted if <driver> is not specified. Moreover,
	<driver name='file'/> should be converted to backendtype
	qdisk, similar to handling of <driver> in libxlMakeDisk()
	in libxl_conf.c.

	Prior to this change, connectDomainXMLToNative would
	produce incorrect xl.cfg when the input domXML contained
	<driver name='file'/>

	domXML:

	  <disk type="file" device="disk">
	    <driver name="file"/>
	    <source file="/image/file/path"/>
	    <target dev="xvda" bus="xen"/>
	  </disk>

	virsh domxml-to-native xen-xl domXML

	disk = [ "format=raw,vdev=xvda,access=rw,backendtype=target=/image/file/path" ]

	xl create xl.cfg
	config parsing error in disk specification: unknown value
	for backendtype: near `target=/image/file/path' in
	`format=raw,vdev=xvda,access=rw,backendtype=target=/image/file/path'

2016-06-16  Laine Stump  <laine@laine.org>

	util: fix missing broadcast address in bridge and tap device IP addresses
	Commit b3d069872ce53eb added peer address setting to the low level
	virNetDevSetIPAddress() function, but ended up causing a segfault in
	cases where the caller passed NULL for peer address.

	Commit a3510e33d33e52c fixed the segfault, but managed to cause us to
	skip setting the broadcast address when setting an interface's IP
	address. The result is that the broadcast address is 0.0.0.0 for all
	libvirt-created bridges (and interfaces in lxc containers with IP
	addresses set by libvirt).

	This was reported on the mailing list:

	  https://www.redhat.com/archives/libvir-list/2016-June/msg00027.html

	but I was too busy to investigate at the time. I found it by accident
	today while refactoring virNetDevSetIPAddress(). Since this regression
	is present in the 1.3.5 release, I'm sending the bugfix as a separate
	patch from my larger refactoring patchset.

2016-06-16  Laine Stump  <laine@laine.org>

	qemu: don't add pci-bridge to Q35/arm domains unless it's needed
	Until now, a Q35 domain (or arm/virt, or any other domain that has a
	pcie-root bus) would always have a pci-bridge added, so that there
	would be a hotpluggable standard PCI slot available to plug in any PCI
	devices that might be added. This patch removes the explicit add,
	instead relying on the pci-bridge being auto-added during PCI address
	assignment (it will add a pci-bridge if there are no free slots).

	This doesn't eliminate the dmi-to-pci-bridge controller that is
	explicitly added whether or not a standard PCI slot is required (and
	that is almost never used as anything other than a converter between
	pcie.0's PCIe slots and standard PCI). That will be done separately.

2016-06-16  Laine Stump  <laine@laine.org>

	qemu: don't be as insistent about adding dmi-to-pci-bridge or pci-bridge
	Previously there was no way to have a Q35 domain that didn't have
	these two controllers. This patch skips their creation as long as
	there are some other kinds of pci controllers at index 1 and 2
	(e.g. some pcie-root-port controllers).

	I'm hoping that soon we won't add them at all, plugging all devices
	into auto-added pcie-*-port ports instead, but in the meantime this
	makes it easier to experiment with alternative bus hierarchies.

2016-06-16  Chen Hanxiao  <chenhanxiao@gmail.com>

	util: remove redundant comments

2016-06-16  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	event-test: support storage lifecycle event APIs

	storage: implement storage lifecycle event APIs
	Implement storage pool event callbacks for START, STOP, DEFINE, UNDEFINED
	and REFRESHED in functions when a storage pool is created/started/stopped
	etc. accordingly

	remote: implement storage lifecycle event APIs

	test: implement storage lifecycle event APIs
	Also includes unittests for storage pool lifecycle events API

	conf: add storage_event handling
	Add storage event handling infrastructure to storage_event.[ch], following
	the network_event.[ch] pattern.

2016-06-16  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	Introduce storage lifecycle event APIs
	Storage pool lifecycle event API entry points for registering and deregistering
	storage pool events, as well as types of events associated with storage pools.
	These entry points will be used for implementing asynchronous lifecycle events.

	Storage pool API:
	virConnectStoragePoolEventRegisterAny
	virConnectStoragePoolEventDeregisterAny
	virStoragePoolEventLifecycleType which has events STARTED, STOPPED, DEFINED,
	UNDEFINED, and REFRESHED

2016-06-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Remove useless block in processWatchdogEvent
	Best viewed with -w since this is mostly just an indentation patch.

	qemu: Follow coding style convention

	qemu: Unify automatic coredump filenames
	Just create a helper for it and use it.

2016-06-16  John Ferlan  <jferlan@redhat.com>

	qemu: Add cfg pointer to various command line helpers
	Soon at least one of them will need to grab something out of the
	qemu config structure

	qemu: Make qemuBuildShmemBackendStr private
	It's not used externally anywhere else

2016-06-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Shorten domain name for watchdog coredump
	Similarly to commit d294f6b0dff7, if the name is long enough, the
	filename can be longer than filesystem's limit.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1334237

2016-06-16  Cole Robinson  <crobinso@redhat.com>

	qemu: migration: use consistent error message
	The other two DomainHasBlockJob usage error messages don't contain
	'an', so unify things to save translators some effort. Dropping
	the 'an' is closer to the sentence structure in the errors from
	qemuDomainDiskBlockJobIsActive as well

	qemu: More usage of qemuDomainDiskBlockJobIsActive
	qemuDomainDiskBlockJobIsActive already checks if a disk has a
	blockjob, and if so, raises an error

2016-06-16  sannyshao  <jishao@redhat.com>

	virsh: Fix help string for net-dumpxml
	Follow other examples (dumpxml, iface-dumpxml, and pool-dumpxml)
	for the --inactive .help string

2016-06-16  John Ferlan  <jferlan@redhat.com>

	util: Fix broken syntax-check
	Commit id '743db933' broke at least one syntax check rule regard open/close
	braces and perhaps more with spacing.  Just remove the braces

2016-06-16  yuelongguang  <yuelongguang@le.com>

	add default mapping of credentials to machine
	In the auth config file, it is currently required to have
	an entry for each hostname to connect to, eg

	  [auth-libvirt-prod1.example.com]
	  credentials=prod

	This is inconvenient when there are large numbers of machines
	all with the same credentials. Add support for a default
	entry:

	  [auth-default]
	  credentials=prod

2016-06-16  Ján Tomko  <jtomko@redhat.com>

	syntax-check: drop prohibit_undesirable_word_seq
	This checks forbids using "can not" and checks the placement
	of some texinfo tags.

	Drop it since we do not use texinfo and the check takes almost
	twice as much as the rest of the checks.

2016-06-15  Andrea Bolognani  <abologna@redhat.com>

	maint: Switch to xz compressed PAX release archives
	This allows us to produce releases that are roughly a third in
	size, have no limitation on path length, and are still readable
	by all supported platforms.

2016-06-15  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: get rid of unused home state variable in private domain obj

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	check-spacing: fix error message
	The check for whitespace before comma or semicolon referred
	to comma as colon.

	check-spacing: use non-capturing groups

	check-spacing: remove virAssertCmpInt exception
	The macro is now called testAssertEq and no longer
	takes an operator as its argument.

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	check-spacing: simplify keyword spacing check
	We do not need a separate check forbidding whitespace
	after the opening parenthesis after a keyword -
	we forbid it after all of them.

	The only allowed whitespace after an opening parenthesis
	is a newline, tune the regex to reflect that.

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	check-spacing: rewrite regex for checking the closing parenthesis
	Instead of matching multiple characters before the parenthesis,
	only check for a single whitespace, which is much less cpu-intensive.

	This only matches a few dozen of places where they are on an separate
	line, filter out those with a separate regex.

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	check-spacing: rewrite whitespace check before (semi)colon
	Instead of matching multiple characters, match any occurrence
	preceded by a single whitespace and handle the exceptions
	later.

	Rename bracket-spacing.pl to check-spacing.pl
	We test whitespace with lots of other characters now.

	Rename virAssertCmpInt to testAssertEq
	Drop the op parameter, we only use equality.
	Drop the vir prefix since it's only used in the tests.

	maint: remove whitespace from closing parentheses
	To allow tightening syntax check.

	vbox: reformat multi-line error reports
	Put the comma on the first line.

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	cfg.mk: use a single regex for all non-reentrant functions
	The prohibit_nonreentrant syntax-check rule spawns a new shell
	for every non-reentrant function we know, to make it easier
	to mention the function name in the error message, with the _r
	appended.

	Since the line with the offending function is already printed
	and some of the functions on our list do not have a _r counterpart,
	compile them into one big regex and use a more generic error message
	to save time.

2016-06-15  Ján Tomko  <jtomko@redhat.com>

	docs: document rng backend path restrictions of older libvirt
	Commit 67f2b72 removed the path restrictions for rng backend,
	along with the documentation of the restriction.

	Restore the documentation for users still using older libvirt.

	https://bugzilla.redhat.com/show_bug.cgi?id=1074464

2016-06-15  Michal Privoznik  <mprivozn@redhat.com>

	virHostCPUGetInfo: Fix build on non-Unix like systems
	This function is plenty of ifdefs providing implementations for
	Linux, *BSD and OS-X. However, if we are being build for any
	other architecture, all that's left behind by preprocessor is
	just a error reporting call and return of -1. In that case,
	passed arguments are unused:

	../../src/util/virhostcpu.c: In function 'virHostCPUGetInfo':
	../../src/util/virhostcpu.c:966:33: error: unused parameter 'cpus' [-Werror=unused-parameter]
	                   unsigned int *cpus,
	                                 ^~~~

2016-06-15  Jingjing Shao  <jishao@redhat.com>

	doc: Fix explanation of S3 and S4 states
	Explanation of S3 and S4 states was swapped.

2016-06-14  Chunyan Liu  <cyliu@suse.com>

	xlconfigtest: add test for USB config conversion

2016-06-14  Chunyan Liu  <cyliu@suse.com>

	Add conversion of domxml USB config to/from xl.cfg
	xl.cfg:
	usbdev = [ "hostbus=1,hostaddr=3" ]

	usb.xml:
	  <hostdev mode='subsystem' type='usb' managed='no'>
	    <source>
	      <address bus='1' device='3'/>
	    </source>
	  </hostdev>

2016-06-14  Chunyan Liu  <cyliu@suse.com>

	libxl: support hotplug USB host device
	Support hot attach/detach a USB host device to guest.
	Currently libxl only supports xen PV guest, and only
	supports specifying USB host device by 'bus number'
	and 'device number', for example:

	 usb.xml:
	    <hostdev mode='subsystem' type='usb' managed='no'>
	      <source>
	        <address bus='1' device='3'/>
	      </source>
	    </hostdev>
	 #xl attach-device dom usb.xml
	 #xl detach-device dom usb.xml

2016-06-14  Chunyan Liu  <cyliu@suse.com>

	libxl: support creating guest with USB hostdev
	Support creating guest with USB host device in config file.
	Currently libxl only supports xen PV guest, and only supports
	specifying USB host device by 'bus number' and 'device number',
	for example:

	    <hostdev mode='subsystem' type='usb' managed='no'>
	      <source>
	        <address bus='1' device='3'/>
	      </source>
	    </hostdev>

2016-06-14  John Ferlan  <jferlan@redhat.com>

	qemu: Refactor qemuDomainAttachChrDevice error paths
	Refactor the error paths for attaching char device (it's about to be
	more complicated).

	docs: Clarify chardev protocol
	Add a slight clarification to usage of "telnet", "telnets", or "tls" as
	the protocol type value.

	caps: Add capability for tls-x509-creds
	Add the capability flag and checks for the qemu object 'tls-creds-x509'

	docs: Fix syntax-check
	Commit id '42ff399a' broke syntax-check by not encasing <dt> elements
	in <code>xxx</code>

2016-06-14  Martin Kletzander  <mkletzan@redhat.com>

	Fix renumbering once again
	I screwed up by accidentally pushing incomplete version of the
	renumbering commit.  This patch just fixes the rest so the tree matches
	changes in v2.

	Change 1.3.6 occurrences to 2.0.0 to follow version bump
	Version was bumped but documentation (and comments) didn't follow the
	numbering.

2016-06-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow ACPI shutdown only for running domains
	If the domain is not running, but for example the CPUs are stopped, the
	ACPI event gets queued and resume of the domain will just shut it off.

	https://bugzilla.redhat.com/show_bug.cgi?id=1216281

2016-06-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Obtain job before checking if domain is live
	Since obtaining a job can wait for another job to finish, the state
	might change in the meantime.  And checking it more than once is
	pointless.

2016-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Bump release to 2.0.0 and document release schedule & versioning
	This bumps the release number of 2.0.0, to reflect the switch to
	a new time based release versioning scheme. The downloads page
	is updated to describe our policies for release schedules and
	release version numbering

	The stable release docs are changed to reflect the fact that
	the stable version numbers are now just 3 digits long instead
	of 4.

2016-06-14  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Get rid of the array of test functions

2016-06-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for zero-detection writes

	conf: Add support of zero-detection for disks
	This option allows or disallows detection of zero-writes if it is set to
	"on" or "off", respectively.  It can be also set to "unmap" in which
	case it will try discarding that part of image based on the value of the
	"discard" option.

	Fix build without xen
	Commit 11567cf66f36 introduced an include which will only work when
	building with xen (particularly libxl).  However, that file is supposed
	to be includable from anywhere (as with other testutils* files.

2016-06-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virt-host-validate: fix build with clang
	Building with clang 3.8 triggers the following error:

	  CC       virt_host_validate-virt-host-validate-qemu.o
	virt-host-validate-qemu.c:36:11: error: initializing 'char *' with an expression of type 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
	    char *kvmhint = _("Check that CPU and firmware supports virtualization "
	          ^         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	virt-host-validate-qemu.c:46:17: error: assigning to 'char *' from 'const char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
	        kvmhint = _("Check that the 'kvm-intel' or 'kvm-amd' modules are "
	                ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	2 errors generated.

	Fix by using 'const' for kvmhint declaration.

2016-06-13  Jim Fehlig  <jfehlig@suse.com>

	libxl: Add support for ovmf firmware
	Populate libxl_domain_build_info struct with bios and firmware
	info from virDomainLoaderDef.

	Note: Currently libxl only allows specifying the type of BIOS.
	For type LIBXL_BIOS_TYPE_OVMF, the firmware path is configured
	when building Xen using '--with-system-ovmf='. If not specified,
	LIBXL_FIRMWARE_DIR/ovmf.bin is used. In the future, Xen will
	support a user-specified firmware path. See

	http://lists.xenproject.org/archives/html/xen-devel/2016-03/msg01628.html

	Once that work is merged into xen.git, the libvirt libxl driver
	will be able to honor a user-specified path. In the meantime use
	the implicit path, which is tolerable since it is advertised in
	domcapabilities.

2016-06-13  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: support bios=ovmf xl.cfg
	Add support to xenconfig for conversion of xl.cfg(5) bios config
	to/from libvirt domXml <loader> config. SeaBIOS is the default
	for HVM guests using upstream QEMU. ROMBIOS is the default when
	using the old qemu-dm. This patch allows specifying OVMF as an
	alternate firmware.

	Example xl.cfg:
	  bios = "ovmf"

	Example domXML:
	  <os>
	    ...
	    <loader readonly='yes' type='pflash'>/usr/lib/xen/boot/ovmf.bin</loader>
	  </os>

	Note that currently Xen does not support a separate nvram for
	non-volatile variables.

2016-06-13  Jim Fehlig  <jfehlig@suse.com>

	libxl: implement connectGetDomainCapabilities
	Add domain capabilities for PV and HVM domains.

	libxl: introduce libxl_capabilities.{ch}
	Move capabilities code out of libxl_conf.{ch} and into new
	libxl_capabilities.{ch} files.

	libxl: add default firmwares to driver config object
	Prefer firmwares specified via --with-loader-nvram configure
	option. If none are specified, use the Xen-provided default
	firmwares found in LIBXL_FIRMWARE_DIR.

2016-06-13  Jim Fehlig  <jfehlig@suse.com>

	driver config: Introduce virFirmware object
	The virQEMUDriverConfig object contains lists of
	loader:nvram pairs to advertise firmwares supported by
	by the driver, and qemu_conf.c contains code to populate
	the lists, all of which is useful for other drivers too.

	To avoid code duplication, introduce a virFirmware object
	to encapsulate firmware details and switch the qemu driver
	to use it.

2016-06-13  Wang Yufei  <james.wangyufei@huawei.com>

	libxl: fix vm lock overwritten bug
	In libxl driver we do virObjectRef in libxlDomainObjBeginJob,
	If virCondWaitUntil failed, it goes to error, do virObjectUnref,
	There's a chance that someone undefine the vm at the same time,
	and refs unref to zero, vm is freed in libxlDomainObjBeginJob.
	But the vm outside function is not Null, we do virObjectUnlock(vm).
	That's how we overwrite the vm memory after it's freed. I fix it.

2016-06-13  Riku Voipio  <riku.voipio@linaro.org>

	virt-host-validate: improve tests for arm/aarch64
	ARM/Aarch64 /proc/cpuinfo has no virtualization related flags.
	Refactor the Qemu/KVM test a bit:

	1) run the "for hardware virtualization" test only on plaforms with known
	   cpuinfo flags (x86, s390)
	2) test for /dev/kvm also on platforms where no cpu flags are set

	Finally Add a more generic error hint message for non-x86 plaforms
	when /dev/kvm is missing.

2016-06-13  Wei Liu  <wei.liu2@citrix.com>

	tests: fix CPUID detection tests compilation failure
	In 3704b9003 ("tests: Add CPU detection tests"), a macro called
	DO_TEST_CPUID_JSON is added. But it took only two arguments when QEMU
	or YAJL is not set.

	Fix it by adding a third argument. Shouldn't have any effect because
	that macro compiles to nothing.

2016-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virt-login-shell: mark as Linux only
	Currently, virt-login-shell is not allowed to build on Windows.
	However, as it's designed around LXC, it does not make sense to
	build it on anything but Linux, so make the check stricter and allow to
	enable it on Linux only.

2016-06-12  Guido Günther  <agx@sigxcpu.org>

	apparmor: Don't scrub environment of virtlogd process
	otherwise we drop variables like XDG_RUNTIME_DIR with qemu:///session
	and libvirtd faild to find virtlogd's socket.

2016-06-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix bhyvexml2arg test
	Don't use duplicating target dev names.

	bhyve: add missing virhost(cpu|mem).h headers

	hostcpu: fix build on FreeBSD
	 * Fix misspelt function name:
	    s/virHostCPUGetStatsFreebsd/virHostCPUGetStatsFreeBSD/
	 * Mark the first argument to virHostCPUGetInfo with ATTRIBUTE_UNUSED
	   as it's not actually used on non-Linux

2016-06-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nodeinfo: fix build on non-Linux
	SYSFS_SYSTEM_PATH is only defined for Linux, however it's used outside
	of #ifdef __linux__ code, e.g. as the first argument to
	nodeCapsInitNUMAFake().

	But as this argument's value is used on Linux only, it's safe to define
	SYSFS_SYSTEM_PATH to "fake" to get things built on FreeBSD.

2016-06-11  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: fix crash when parsing unexpected disk configuration
	As it turned out PrlVmDev_GetStackIndex can return negative values
	without reporting an error, which is incorrect but nevertheless.
	After that we feed this negative index to virIndexToDiskName,
	which in turn returns NULL and we set it to virDomainDiskDef.dst.
	Using virDiskNameToBusDeviceIndex with a virDomainDiskDef structure
	which has NULL dst field crashes.
	Fix this by returning an error in prlsdkGetDiskId in such cases.

2016-06-11  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: implementation of domainSetUserPassword callback

2016-06-11  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: return correct result for unimplemented ChangeState actions
	Map PRL_ERR_UNIMPLEMENTED to VIR_ERR_OPERATION_INVALID

	vz: remove unused macro logPrlEventError

2016-06-11  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: keep subscription to performance events thru domain lifetime
	The approach of subscribing on first stat API call and then waiting
	for receiving of performance event from sdk to process the call originates
	in times when every vz libvirt connections spawns its own sdk connection.
	Thus without this waiting virsh stat call would return empty stats. Now
	with single sdk connection this scheme is unnecessary complicated.

	This patch subscribes to performance events on first domain appearence
	and unsubscribe on its removing.

2016-06-11  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: use consistent naming for different domain object in vz_driver.c
	Naming scheme is next:

	virDomainPtr domain;
	virDomainObjPtr dom;

2016-06-10  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: silence gcc warnings
	../../src/conf/domain_conf.c:10949: error: declaration of 'socket'
	shadows a global declaration [-Wshadow]

	../../src/conf/domain_conf.c:24373: error: declaration of 'listen'
	shadows a global declaration [-Wshadow]

2016-06-10  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: fixed build by including necessary headers
	After eaf18f4c2 some functions changed their homes
	Pushed under build breaking rule

2016-06-10  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorJSONAttachCharDev: Teach spicevmc
	https://bugzilla.redhat.com/show_bug.cgi?id=1298070

	We have the code for attaching redirdevs for ages now.
	Unfortunately, our monitor code that handles talking to the qemu
	process was missing a little piece of code that actually enabled
	the feature.

	BTW: it really is called "type" on the monitor, even though it's
	called "name" on the cmd line. Don't ask.

2016-06-10  Michal Privoznik  <mprivozn@redhat.com>

	Export virDomainRedirdevDefFree
	In the 162efa1a commit the function was introduced, but the
	commit forgot to update livirt_private.syms accordingly.

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virt-login-shell: add ability to join the container cgroups
	Prior to joining the namespaces of the container, move the
	process into the containers' cgroups, so that the shell that
	is subsequently launched is under the container resource
	constraints.

	virt-login-shell: add ability to auto-detect shell from container
	Currently the shell must be looked up from the config setting in
	/etc/libvirt/virt-login-shell.conf. This is inflexible if there
	are containers where different users need different shells. Add
	add a new 'auto-shell' config parameter which instructs us to
	query the containers' /etc/passwd for the shell to be exec'd.

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virt-login-shell: fully reset container environment
	The virt-login-shell environment will be initialized with
	an arbitrary number of environment variables determined
	by the SSH daemon and PAM configuration. Most of these are
	not relevant inside the container, and at best they are
	noise and at worst they'll break apps. For example if
	XDG_RUNTIME_DIR is leaked to the container, it'll break
	any apps using it, since  the directory it points to is
	only visible to the host OS filesystem, not the container
	FS.

	Use clearenv() to blank out everything and then set known
	good values for PATH, SHELL, USER, LOGNAME HOME and TERM.
	Everything else is left up to the login shell to initialize.

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virt-login-shell: avoid loosing error during cleanup
	The virDomainFree / virConnectClose methods will reset the
	last error handle, so we must save the error during cleanup

	virt-login-shell: allow shell to be a simple string argument
	Currently the shell config file parameter must be a list
	giving the shell path and args. Allow it to be a plain
	string argument as well.

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virt-login-shell: change way we request a login shell
	Currently we request a login shell by passing the -l argument
	to the shell. This is either hardcoded, or required to be
	specified by the user in the virt-login-shell.conf file.

	The standard way for login programs to request a shell run
	as a login shell is to modify the argv passed to execve()
	so that argv[0] contains the relative shell filename
	prefixed with a zero. eg instead of doing

	  const char **shellargs = ["/bin/bash", "-l", NULL];
	  execve(shellargs[0], shellargs, env);

	We should be doing

	  const char **shellargs = ["-bash", NULL];
	  execve("/bin/bash", shellargs, env);

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virt-login-shell: honour the -c option to launch commands
	The virt-login-shell program is supposed to look like a
	regular shell to clients. Login services like sshd
	expect the shell to accept a '-c cmdstring' argument to
	specify a command to launch instead of presenting an
	interactive prompt.

	We can implement this by simply passing the '-c cmdstring'
	data straight through to the real shell we use. This does
	not open any security holes, since the command is not run
	until we're inside the container namespaces. This allows
	scp to work for users with virt-login-shell.

2016-06-10  Daniel P. Berrange  <berrange@redhat.com>

	virsh: make lxc-enter-namespace also join the cgroups
	Extend the lxc-enter-namespace command so that it joins the
	containers' cgroups before starting new namespaces. This
	ensures that the commands run have the normal resource
	limits applied

	libvirt-lxc: add virDomainLxcEnterCGroup API
	Add the virDomainLxcEnterCGroup API to the libvirt-lxc.so
	file. This method moves the calling process into the cgroups
	associated with the container.

2016-06-09  Daniel P. Berrange  <berrange@redhat.com>

	util: add function for looking up the user shell
	Add a virGetUserShell wrapper around virGetUserEnt, that
	returns the shell field.

	nodeinfo: move host memory APIs out into virhostmem file
	Move all APIs with a virHostMEM name prefix out into new
	util/virhostmem.h & util/virhostmem.c files

	nodeinfo: move host CPU APIs out into virhostcpu.c file
	Move all APIs with a virHostCPU name prefix out into new
	util/virhostcpu.h & util/virhostcpu.c files

	nodeinfo: rename all CPU APIs to have a virHostCPU prefix
	In preparation for moving all the CPU related APIs out of
	the nodeinfo file, give them a virHostCPU name prefix.

	nodeinfo: rename all memory APIs to have a virHostMem prefix
	In preparation for moving all the memory related APIs out of
	the nodeinfo file, give them a virHostMem name prefix.

	nodeinfo: split CPU info retrieval out of nodeGetInfo
	Instead of having platform specific code in nodeGetInfo to
	fetch CPU topology, split it all out into a new method
	nodeGetCPUInfo.

	nodeinfo: remove FreeBSD specific code for getting memory
	The GNULIB physmem module already provides support for
	the FreeBSD platform, so there's no reason to re-implement
	FreeBSD portability code in libvirt. If there are bugs in
	the GNULIB code, we should fix GNULIB rather than workaround
	it in libvirt.

	nodeinfo: make nodeGetInfo() call nodeGetMemory for memory size
	The nodeGetInfo() method currently has its own code for getting
	memory size in KB, that basically just re-invents what nodeGetMemory
	already does. Remove it and just call nodeGetMemory, converting its
	result from bytes to KB, allowing removal of more platform specific
	conditional code.

2016-06-09  Daniel P. Berrange  <berrange@redhat.com>

	nodeinfo: remove sysfs_prefix from all methods
	Nearly all the methods in the nodeinfo file are given a
	'const char *sysfs_prefix' parameter to override the
	default sysfs path (/sys/devices/system). Every single
	caller passes in NULL for this, except one use in the
	unit tests. Furthermore this parameter is totally
	Linux-specific, when the APIs are intended to be cross
	platform portable.

	This removes the sysfs_prefix parameter and instead gives
	a new method linuxNodeInfoSetSysFSSystemPath for use by
	the test suite.

	For two of the methods this hardcodes use of the constant
	SYSFS_SYSTEM_PATH, since the test suite does not need to
	override the path for thos methods.

2016-06-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Yet another check for blkdeviotune values
	If you want to set block device I/O tuning values that end with '_max'
	and there is nothing else set, libvirt emits an error.  In particular:

	  error: internal error: Unexpected error

	That's an unknown error.  That is because *_max values depend on their
	respective non-_max values.  QEMU even says that in the error message
	sent as a response to the monitor command:

	  "error": {"class": "GenericError", "desc": "bps_max/iops_max require
	  corresponding bps/iops values"}

	the problem was that we didn't know that and there was no check for it.
	Adding such check makes sure that there will be less confused users.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	vnc: add support for listen type none

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	spice: introduce listen type none
	This new listen type is currently supported only by spice graphics.
	It's introduced to make it easier and clearer specify to not listen
	anywhere in order to start a guest with OpenGL support.

	The old way to do this was set spice graphics autoport='no' and don't
	specify any ports.  The new way is to use <listen type='none'/>.  In
	order to be able to migrate to old libvirt the migratable XML will be
	generated without the listen element and with autoport='no'.  Also the
	old configuration will be automatically converted to the this listen
	type.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	spice: introduce spice_auto_unix_socket config option

	spice: add support for listen type socket
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335832

	qemu_capabilites: add QEMU_CAPS_SPICE_UNIX
	Add a new capability to detect support of unix sockets for spice
	graphics.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	vnc: add support for listen type 'socket'
	VNC graphics already supports sockets but only via 'socket' attribute.
	This patch coverts that attribute into listen type 'socket'.

	For backward compatibility we need to handle listen type 'socket' and 'socket'
	attribute properly to support old XMLs and new XMLs.  If both are provided they
	have to match, if only one of them is provided we need to be able to parse that
	configuration too.

	To not break migration back to old libvirt if the socket is provided by user we
	need to generate migratable XML without the listen element and use only 'socket'
	attribute.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	graphics: introduce new listen type 'socket'

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	vnc: move generation of socket path to qemuProcessGraphicsSetupListen
	This moves the socket generation if "vnc_auto_unix_socket" is set.

	It also fixes a bug with this config option that we should auto-generate
	socket path only if listen type is address and there is no address
	specified.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	vnc: rename socketAutogenerated to socketFromConfig
	Even though it's auto-generated it's based on qemu.conf option and listen type
	address already uses "fromConfig" to carry this information.  Following commits
	will convert the socket to listen element so this rename is required because
	there will be also an option to get socket auto-generated independently on the
	qemu.conf option.

	qemu_command: move websocket code into else part for address listen
	There is no need to check again for vnc socket.

2016-06-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Generate channel target paths on hotplug as well
	Since commit 714080791778e3dfbd484ccb3953bffd820b8ba9, qemu agent
	channel cannot be plugged in because we won't generate its path
	automatically.  Let's not only fix that, but also add tests for it so
	next time it's checked for.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1322210

2016-06-09  Martin Kletzander  <mkletzan@redhat.com>

	qemuhotplugtest: Test live data
	Until now, the only hot thing in this test was the name.  That's because
	we set the id to '-1' before every test.  With this change, we test the
	hotplug on live domains as the name suggests and as it should be.

	qemu: Move channel path generation out of command creation
	Put it into separate function called qemuDomainPrepareChannel() and call
	it from the new qemuProcessPrepareDomain().

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	cputest: Rename nehalem-force to penryn-force
	The actual CPU model in the data files is Penryn which makes the file
	name look rather strange. Well, one of them contains Nehalem, but that's
	a bug which will be fixed soon.

	cpu: Add ARAT x86 CPU feature
	Implemented in QEMU by commit 28b8e4d0bf93ba176b4b7be819d537383c5a9060.

	cpu: Add x86 feature flags for CPUID leaf 0xd, sub leaf 1
	This was implemented in QEMU by commit 0bb0b2d2fe7f645dda.

	cpu: Sort CPU map features on eax_in
	As a side effect this changes the order of CPU features in XMLs
	generated by libvirt, but that's not a big deal since the order there is
	insignificant.

	cpu: Shorten eax_in values in CPU map
	For two reasons:
	- 0x00000001 is very similar to 0x80000001, but 0x01 is visually
	  different
	- 0x01 format is consistent with CPUID manual

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Add full support for ecx_in CPUID parameter
	This patch makes our CPUID handling code up-to-date with the current
	specification found in

	Intel® 64 and IA-32 Architectures Developer's Manual: Vol. 2A
	http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Prepare for ecx_in CPUID parameter
	CPUID instruction normally takes its parameter from EAX, but sometimes
	ECX is used as an additional parameter. This patch prepares the x86 CPU
	driver code for the new 'ecx_in' CPUID parameter.

	qemumonitorjsontest: Add getcpu test data

	tests: Add CPU detection test for Intel Xeon X5460

	tests: Add CPU detection test for Intel Xeon W3520

	tests: Add CPU detection test for Intel Xeon E7-4820

	tests: Add CPU detection test for Intel Xeon E5-2650

	tests: Add CPU detection test for Intel Xeon E5-2630

	tests: Add CPU detection test for Intel Xeon E3-1245

	tests: Add CPU detection test for Intel Xeon 5110

	tests: Add CPU detection test for AMD Phenom II X4 B95

	tests: Add CPU detection test for Intel Pentium P6100

	tests: Add CPU detection test for AMD Opteron 6282 SE

	tests: Add CPU detection test for AMD Opteron 6234

	tests: Add CPU detection test for AMD Opteron 2350

	tests: Add CPU detection test for AMD Opteron 1352

	tests: Add CPU detection test for AMD FX 8150

	tests: Add CPU detection test for Intel Core2 Quad Q9500

	tests: Add CPU detection test for Intel Core2 Duo E6850

	tests: Add CPU detection test for Intel Core i7-5600U

	tests: Add CPU detection test for Intel Core i7-4600U

	tests: Add CPU detection test for Intel Core i7-3770

	tests: Add CPU detection test for Intel Core i7-3740QM

	tests: Add CPU detection test for Intel Core i7-3520M

	tests: Add CPU detection test for Intel Core i7-2600

	tests: Add CPU detection test for Intel Core i5-6600

	tests: Add CPU detection test for Intel Core i5-4670T

	tests: Add CPU detection test for Intel Core i5-2540M

	tests: Add CPU detection test for Intel Core i5-2500

	tests: Add CPU detection test for Intel Atom N450

	tests: Add CPU detection test for Intel Atom D510

	tests: Add CPU detection test for AMD A10-5800K

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add CPU detection tests
	So far we only test CPUID -> CPU def conversion on artificial CPUID data
	computed from another CPU def. This patch adds the infrastructure to
	test this conversion on real data gathered from a host CPU and two
	helper scripts for adding new test data:

	- cpu-gather.sh runs cpuid tool and qemu-system-x86_64 to get CPUID data
	  from the host CPU; this is what users can be asked to run if they run
	  into an issue with host CPU detection in libvirt

	- cpu-parse.sh takes the data generated by cpu-gather.sh and creates
	  data files for CPU detection tests

	The CPUID data queried from QEMU will eventually switch to the format
	used by query-host-cpu QMP command once QEMU implements it. Until then
	we just spawn QEMU with -cpu host and query the guest CPU in QOM. They
	should both provide the same CPUID results, but query-host-cpu does not
	require any guest CPU to be created by QEMU.

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Refactor internal KVM features
	The internal features are only used in explicit checks with
	cpuHasFeature. Loading them into the CPU map is dangerous since the
	features may accidentally be reported to users when decoding CPUID data.

	cpu_ppc64: Avoid unnecessary pointer to virCPUppc64Data
	virCPUData and struct ppc64_model structures contained a pointer to
	virCPUppc64Data, which was not very nice since the real data were
	accessible by yet another level of pointers from virCPUppc64Data.

	cpu_x86: Avoid unnecessary pointers to virCPUx86Data
	virCPUData, virCPUx86Feature, and virCPUx86Model all contained a pointer
	to virCPUx86Data, which was not very nice since the real CPUID data were
	accessible by yet another pointer from virCPUx86Data. Moreover, using
	virCPUx86Data directly will make static definitions of internal CPU
	features a bit easier.

	tests: Create simple monitor in qemuMonitorTestNewFromFile
	The current version uses the first JSON reply from the file as monitor
	greeting. With the new parameter the caller can now request a simple
	test monitor to be created, which uses an artificial greeting and uses
	all JSON strings from the file as regular replies.

	tests: Fix "Reponse" typo

	tests: Introduce qemuMonitorTestNewFromFile
	It's a convenient wrapper around qemuMonitorTestNew which feeds the test
	monitor with QMP replies from a specified file.

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor qemuMonitorJSONGetCPUx86Data
	This patch splits qemuMonitorJSONGetCPUx86Data in three functions:

	- qemuMonitorJSONCheckCPUx86 checks if QEMU supports reporting CPUID
	  features for a guest CPU

	- qemuMonitorJSONParseCPUx86Features parses CPUID features from a JSON
	  array

	- qemuMonitorJSONGetCPUx86Data gets the requested guest CPU property
	  from QOM and uses qemuMonitorJSONParseCPUx86Features to parse it

2016-06-09  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Rename CPUID function to eax_in
	CPUID instruction normally takes its parameter from EAX, but sometimes
	ECX is used as an additional parameter. Let's rename 'function' to
	'eax_in' in preparation for adding 'ecx_in'.

	cpu: Detect arch when parsing CPU data
	A CPU data XML file already contains the architecture, let the parser
	use it to detect which CPU driver should be used to parse the rest of
	the file.

	cpu_x86: Fix CPU data parser
	The formatter uses /cpudata/cpuid elements and the parser should really
	do the same.

	cpu_x86: Propagate vendor to guest's virCPUData
	When computing CPU data for a given guest CPU we should set CPUID vendor
	bits appropriately so that we don't lose the vendor when transforming
	CPU data back to XML description.

2016-06-09  Pavel Hrdina  <phrdina@redhat.com>

	virsh-domain: fix memory leak in cmdDomDisplay

2016-06-09  Ján Tomko  <jtomko@redhat.com>

	Fix typo in virNetDevGetEthtoolGFeatures stub
	s/ATTRIBUGE/ATTRIBUTE/

	Reported-by: Olaf Hering <olaf@aepfle.de>

2016-06-08  Tomáš Ryšavý  <tom.rysavy.0@gmail.com>

	tests: Rename virtTestMain to virTestMain.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestErrorFuncQuiet to virTestErrorFuncQuiet.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestCounterNext to virTestCounterNext.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestCaptureProgramOutput to virTestCaptureProgramOutput.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestDifferenceBin to virTestDifferenceBin.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestCaptureProgramExecChild to virTestCaptureProgramExecChild.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestDifferenceFullInternal to virTestDifferenceFullInternal.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestDifferenceFullNoRegenerate.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestQuiesceLibvirtErrors to virTestQuiesceLibvirtErrors.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestUseTerminalColors to virTestUseTerminalColors.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestLogContentAndReset to virTestLogContentAndReset.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestCounterReset to virTestCounterReset.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTest00MActive to virTest00MActive.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestClearCommandPath to virTestClearCommandPath.
	This function doesn't follow our convention of naming functions.

	Rename virtTestDifferenceFull to virTestDifferenceFull.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestCompareToFile to virTestCompareToFile.
	This function doesn't follow our convention of naming functions.

	Rename virtTestLoadFile to virTestLoadFile.
	This function doesn't follow our convention of naming functions.

	Rename virtTestDifference to virTestDifference.
	This function doesn't follow our convention of naming functions.

	tests: Rename virtTestRun to virTestRun.
	This function doesn't follow our convention of naming functions.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	virschematest: call va_end even on OOM
	Jump to cleanup if virAsprintf fails.

2016-06-08  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	node_device: Replace VIR_ERROR with standard vir*Error in state driver init

2016-06-08  Michal Privoznik  <mprivozn@redhat.com>

	virsh-network: Avoid possible NULL deref in cmdNetworkDHCPLeases
	Problem is, localtime_r() returns a pointer to converted time or
	NULL in case of an error. But checking the glibc sources, error
	will occur iff a NULL has been passed as an either of arguments
	the function takes. But GCC fails to see that:

	../../tools/virsh-network.c: In function 'cmdNetworkDHCPLeases':
	../../tools/virsh-network.c:1370:12: error: potential null pointer dereference [-Werror=null-dereference]
	         ts = *localtime_r(&expirytime_tmp, &ts);
	         ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	cc1: all warnings being treated as errors

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	lxc: simplify lxcDomainGetBlkioParameters
	Replace all the repetitive code by using
	virDomainGetBlkioParametersAssignFromDef, similar to what commit 9f50f6e
	did in the qemu driver.

	Export virDomainGetBlkioParametersAssignFromDef
	Move qemuDomainGetBlkioParametersAssignFromDef into domain_conf
	and export it, to allow reuse in the LXC driver.

	Use virDomainObjGetDefs in lxcDomainGetBlkioParameters

	Use virDomainObjGetDefs in lxcDomainSetBlkioParameters
	Remove yet another usage of virDomainLiveConfigHelperMethod
	along with an sa_assert that helped clang understand the code flow.

	Use virDomainObjGetDefs in lxcDomainGetMemoryParameters
	Instead of virDomainLiveConfigHelperMethod.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	Use virDomainObjGetDefs in lxcDomainGetSchedulerParametersFlags
	On LXC domain startup we have already called virDomainObjSetDefTransient
	to fill vm->newDef.

	There is no need to call virDomainLiveConfigHelperMethod which has the
	ability to fill newDef if it's NULL.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	Use virDomainObjGetDefs in lxcDomainSetSchedulerParametersFlags
	On LXC domain startup we have already called virDomainObjSetDefTransient
	to fill vm->newDef.

	There is no need to call virDomainLiveConfigHelperMethod which has the
	ability to fill newDef if it's NULL.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	Use virDomainObjGetDefs in lxcDomainSetMemoryFlags
	On LXC domain startup we have already called virDomainObjSetDefTransient
	to fill vm->newDef.

	There is no need to call virDomainLiveConfigHelperMethod which has the
	ability to fill newDef if it's NULL.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	lxc: rename vmdef to persistentDef
	A few functions using virDomainLiveConfigHelperMethod use the generic
	name 'vmdef' to point to the persistent definition.

	Use persistentDef and/or persistentDefCopy to make its purpose obvious.

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Use @SYSTEM priority for TLS on Fedora >= 21
	In Fedora >= 21, there is a new crypto priority framework
	that sets TLS policies globally for all apps. To activate
	this with GNUTLS we must request "@SYSTEM" instead of
	the traditional "NORMAL" string. The '@' causes gnutls todo
	a lookup in its config file for the 'SYSTEM' keyword entry.

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	remote: allow TLS priority to be customized
	Support reading the TLS priority from the client configuration
	file via the "tls_priority" config option, eg

	 $ cat $HOME/.config/libvirt/libvirt.conf
	 tls_priority="NORMAL:-VERS-SSL3.0"

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Pass config file object through to driver open methods
	The virConnectOpenInternal method opens the libvirt client
	config file and uses it to resolve things like URI aliases.

	There may be driver specific things that are useful to
	store in the config file too, so rather than have them
	re-parse the same file, pass the virConfPtr down to the
	drivers.

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	remote: allow TLS protocol/cipher priority override in URI
	Add support for a "tls_priority" URI parameter in remote
	driver URIs. eg

	 qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	libvirtd: add config option for TLS priority
	Add a "tls_priority" config option to /etc/libvirt/libvirtd.conf
	to allow the administrator to override the built-in default
	setting. This only affects the server side configuration.

	rpc: allow priority string to be passed to TLS context
	Extend the virNetTLSContextNew* constructors to allow
	the TLS priority string to be passed in, overriding the
	compile time default.

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	configure: allow setting default TLS priority string
	Currently libvirt calls gnutls_set_default_priority()
	which on old systems resolves to "NORMAL" while new
	systems it resolves to "@SYSTEM". Either way, this
	is a global default that is identical across all apps.

	We want to allow distros to flexibility to define a
	custom default string for libvirt priority, so add
	a --tls-priority=STRING  flag to configure to enable
	this to be set.

	It is expected that distros would use this when creating
	RPM/Deb/etc packages, according to their preferred crypto
	handling policies.

2016-06-08  Daniel P. Berrange  <berrange@redhat.com>

	rpc: set gnutls log function at global init time
	Currently we set the gnutls log function when creating a
	TLS context, however, the setting is in fact global, not
	per context. So we should be setting it when we first call
	gnutls_global_init() instead.

	tls: remove support for gnutls 1.x.x, require 2.2.0
	We need to use the gnutls_priority_set_direct method which
	was not introduced until 2.1.7, so bump version to 2.2.0
	which is the first stable release with it included. This
	release dates from Dec 2007 so it is reasonable to ditch
	support for the 1.x.x series for gnutls releases entirely.

2016-06-08  Pavel Hrdina  <phrdina@redhat.com>

	virsh: domdisplay: if listen is 0.0.0.0 or [::] print address from URI
	Currently if a guest has listen address 0.0.0.0 or [::] and you run
	"virsh domdisplay $domain" you always get "spice://localhost:$port".

	We want to print better address if someone is connected from a different
	computer using "virsh -c qemu+ssh://some.host/system".  This patch fixes the
	behavior of virsh to print in this case "spice://some.host:$port".

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1332446

2016-06-08  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: don't print empty line if qemu exits without any error
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1335617

	qemu_monitor: rephrase error message if qemu closes monitor

2016-06-08  Michal Privoznik  <mprivozn@redhat.com>

	virschematest: Link with libxml2
	We use libxml2 APIs in the test (e.g. xmlFreeDoc) but not link
	with -lxml2 which can cause problems:

	/usr/bin/ld: virschematest.o: undefined reference to symbol 'xmlFreeDoc@@LIBXML2_2.4.30'
	//usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line
	collect2: error: ld returned 1 exit status
	Makefile:4702: recipe for target 'virschematest' failed

	Reported-by: Katerina Koukiou <k.koukiou@googlemail.com>

2016-06-08  Michal Privoznik  <mprivozn@redhat.com>

	virschematest: Access the right directory containing XMLs
	So the story goes like this. The testSchemaDirs() function is
	called with: a) the schema file, b) list of the directories that
	contains XMLs documents that should be checked against the schema
	file from a). However, the directories in the list are really
	just their names and it's up to testSchemaDirs to construct the
	absolute path and call testSchemaDir() which then does the actual
	validation. The absolute path is constructed, but never actually
	used (maybe due to a typo). Thus a VPATH build is broken.

2016-06-08  Ján Tomko  <jtomko@redhat.com>

	Introduce virschematest
	Instead of calling xmllint via a shell script, use our virXMLValidator
	API to do it directly via libxml.

	Introduce virXMLValidatorValidate
	Split out the code for XML validation into a new function.

	Introduce virXMLValidatorInit
	Split out all the code initializing the validator
	to a separate function.

	Introduce virXMLValidatorFree
	Split out the code cleaning up the validator.

	Introduce virXMLValidator structure
	Store all the data related to RNG validation in one structure to
	allow splitting virXMLValidateAgainstSchema.

2016-06-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Call disk startup policy check after cloning domain def
	In commit 1e38ef72 the disk startup policy check was moved prior to the
	call to virDomainObjSetDefTransient which dropped the disk from the
	config rather than the def to be started which is a bug.

	Additionally we'd not report the disk change event for this since the
	disk aliases were not set at that point.

	Finally 'volume' based disks would not work with startup policy too.

	Fix it by moving it back after the definition is copied, aliases are
	assigned and disk sources are translated.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1341415

2016-06-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Sanitize return value handling in disk presence checker
	One of the functions is returning always 0 and the second one uses
	unnecessary labels.

2016-06-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Unset log file watcher after restoring a VM save file
	qemuProcessStart does not unset the infrastructure that retrieves errors
	from the qemu log file in case of migration. As this wasn't handled
	properly in qemuDomainSaveImageStartVM we kept the logging context/fd
	open for the lifetime of the VM rather than closing it after it's not
	needed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325080

2016-06-07  Philipp Hahn  <hahn@univention.de>

	test: Remove executable permission from Xen xm files
	The configuration files are not directly executable as they don't have
	as hash-bang line.

2016-06-07  Philipp Hahn  <hahn@univention.de>

	xen: test for driver=tap2 sub-type in xen-xm
	tap2 only handles 'aio', but not 'raw', which must be explicitly given:

	XML:raw needs to be translated to XM:aio for 'tap' and 'tap2' Xen
	drivers.

2016-06-07  Philipp Hahn  <hahn@univention.de>

	xen: Also add sub-type for driver=tap2 in xen-xm
	tap2 only handles 'aio', but not 'raw', which must be explicitly given:

	| $ virsh domxml-to-native yyy.xml > yyy.xm
	| $ xm new yyy.xm
	| Error: tap:/srv/xen/xxx.img not a valid disk type
	| $ sed -i -e 's/tap2:/&aio:/' yyy.xm
	| $ xm new yyy.xm

	Fix reading and writing "xen-xm" format for "tap2" by handling it the
	same as "tap".

2016-06-07  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	qemu: Replace VIR_ERROR with standard vir*Error in state driver init

	xen: Replace VIR_ERROR with standard vir*Error in state driver init

	uml: Replace VIR_ERROR with standard vir*Error in state driver init

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Add VM log entry on start of migration
	Note the start of migration of a qemu process to the VM log file for
	possible debug purposes.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Append the "shutting down" message using the new APIs
	Use qemuDomainLogAppendMessage rather than attempting to open a new
	logging context with file descriptors. The new approach allows to log
	the message even if qemu is still running at that point which appens
	during migration finish phase where qemuProcessStop is killing qemu.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1312188

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Implement helper for one-shot log entries to the VM log file
	Along with the virtlogd addition of the log file appending API implement
	a helper for logging one-shot entries to the log file including the
	fallback approach of using direct file access.

	This will be used for noting the shutdown of the qemu proces and
	possibly other actions such as VM migration and other critical VM
	lifecycle events.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	log: daemon: Add remote protocol handling for the log appending API
	Implement the RPC dispatcher and caller for the new API.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	log: handler: Add new API to append to logging files
	For logging one-shot entries to the VM log file it's quite a waste to
	hold open the file descriptor for logging that is provided by the
	current API.

	This new API will be ideal for logging one-shot entries to the file
	e.g. at the point when we shut the VM down rather than having to add the
	whole file-descriptor infrastructure.

	Additionally this will allow to add the messages even after restart of
	libvirtd since virtlogd doesn't allow to obtain a regular context with
	filedescriptors while the VM is still active.

2016-06-07  John Ferlan  <jferlan@redhat.com>

	util: Perform proper virRandomBytes return value checking
	Document the return value of virRandomBytes as 0 or some errno value and
	then make sure all callers make the proper checks.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Reindent virNetDevSendEthtoolIoctl

	Reuse the socket in virNetDevGetFeatures
	This speeds up node_device_udev driver startup 11x.

	Return bool in virNetDevFeatureAvailable
	Simplify the logic

	Split out virNetDevGetEthtoolGFeatures
	Move out the code depending on HAVE_DECL_ETHTOOL_GFEATURES.

	Split out virNetDevGetEthtoolFeatures
	Split out the features that we probe via various ethtool commands
	and ETHTOOL_GFLAGS.

	Move struct elem out of virNetDevGetFeatures
	Rename struct elem to virNetDevEthtoolFeatureCmd and move it
	out of the function to allow reusing it.

	Reindent comment of virNetDevFeatureAvailable

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Allow VIR_QEMU_PROCESS_START_NEW in qemuProcessLaunch
	The new flag was not added to virCheckFlags in commit '0d1c17aa' causing
	a regression where VMs were not able to start.

2016-06-07  John Ferlan  <jferlan@redhat.com>

	util: Alter virCryptoEncryptData for non GNUTLS builds
	Rather than intermixing the ATTRIBUTE_UNUSED - use HAVE_GNUTLS_CIPHER_ENCRYPT
	for the whole function instead.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Add nomatch filters when enumerating udev devices
	Filter out some subsystems we are not interested in.

	node_device_udev: rename labels to cleanup
	Instead of the custom out and out_unlock.

	node_device_udev: remove unnecessary ret variables
	Remove ret variables and labels from functions where there is no cleanup
	to be done.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Move check that validates 'min_guarantee' to qemuDomainDefValidate
	Introduce a validation callback for qemu and move checking of
	min_guarantee to the new callback.

	conf: Move validation of disk LUN device to the appropriate place
	Now with the proper domain config validation infrastructure the check
	can be moved to a place that doesn't make domains vanish.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	conf: Move disk info validator to the domain conf validator
	Since it will not be called from outside of conf we can unexport it too
	if we move it to the appropriate place.

	Test suite change is necessary since the error will be reported sooner
	now.

2016-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Call the domain config validator when starting a new VM
	To avoid duplicating all the checks when starting a fresh VM from a
	possibly unchecked config, call the domain def validator.

	qemu: process: Convert multiple boolean args to a single flag
	Validation of qemu process startup requires to know whether the process
	is used for a fresh VM or whether it's reloaded from a
	snapshot/migration. Pass this information in via a flag rather than
	calculating it from a bunch of bools.

	qemu: process: Unexport qemuProcessStartValidate

	conf: Add device def validation callback
	Similarly to the domain definition validator add a device validator. The
	change to the prototype of the domain validator is necessary as
	virDomainDeviceInfoIterateInternal requires a non-const pointer.

	conf: drop 'def' from struct virDomainDefPostParseDeviceIteratorData
	It's passed to all places along with the structure.

	conf: Add infrastructure for adding configuration validation
	Until now we weren't able to add checks that would reject configuration
	once accepted by the parser. This patch adds a new callback and
	infrastructure to add such checks. In this patch all the places where
	rejecting a now-invalid configuration wouldn't be a good idea are marked
	with a new parser flag.

	conf: Rename VIR_DOMAIN_DEF_PARSE_VALIDATE to VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA
	Make it obvious that the flag is controlling RNG schema validation.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	node_device_udev: remove yoda condition

	udevSetupSystemDev: return if allocation fails
	There is no cleanup to be done.

	Reformat udevProcessRemoveableMedia
	Remove unnecessary ret variable and return early if we have no media
	to save on indentation.

	udevProcessStorage: trim all whitespace from model and vendor
	Use virTrimSpaces instead of a custom implementation.

	node_device_udev: switch to using virReportError
	Also use the more common "Unable to initialize mutex" string
	and virReportSystemError instead of virStrerror.

	Remove PROPERTY_* constants
	They are no longer used.

	Only return two values in udevGetUintSysfsAttr
	Open code the call to udev_device_get_sysattr_value
	in the one place where it's needed.

	Only return two values in udevGetIntSysfsAttr
	Callers only check for an error or a specific integer value.

	Only return two values in udevGetStringSysfsAttr
	The callers only care for an error, and a missing attribute
	is simply NULL.

	Remove extra allocation in udevGetDeviceSysfsAttr
	Most of the code paths free it right after converting it to
	an integer.

	Only return two values in udevGetUintProperty
	We only care about the failure, not a missing property.

	Only return two values in udevGetStringProperty
	There is no need to differentiate between PROPERTY_FOUND
	and PROPERTY_MISSING - we can just look if the string is non-NULL.

2016-06-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support to QXL's max_outputs parameter
	Historically, we added heads=1 to videos, but for example for qxl, we
	did not reflect that on the command line.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283207

2016-06-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Check for qxl's max_outputs parameter
	Add capabilities for both qxl and qxl-vga devices.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Rewrite disk type checking in udevProcessStorage
	Error out on parsing errors and use a local const char pointer
	instead of chained ifs to check whether we found a match.

	Fix the return value in udevKludgeStorageType
	Since the switch to VIR_STRDUP this function returns 1 on success,
	but the caller treats any non-zero value as failure.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	udevProcessFloppy; remove unnecessary allocation
	Use udevHasDeviceProperty instead of udevGetStringProperty.
	We do not need to copy the string since we do not need it.

	Also add braces around the if body, since the change made
	syntax check complain.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Move udevHasDeviceProperty earlier

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Do not VIR_STRDUP the string in udevGetDeviceProperty
	Two out of three callers free it right after converting it to a number.

	Also change the comment at the beginning of the function, because
	the comment inside the function told me to.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Remove udevStrToLong_i
	Open code the error message.

	Remove udevStrToLong_ui
	Remove the debug message, open code the error in the two udevGetUint
	callers and use a more specific error in SCSI and PCI processing.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Remove udevStrToLong_ull
	The wrapper adds an error message or a debug log.

	Since we already log the properties we get from udev as strings,
	there is no much use for the debug logs.

	Open code the error message and delete the function.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Rewrite usage of StrToLong_ui in udevProcess{PCI,SCSI}
	Use virStrToLong_ui instead of udevStrToLong_ui, reformat the code
	and report a more specific error message.

	udevProcessSCSIHost: use STRSKIP
	Instead of separating it into STRPEFIX and str + strlen.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	udevGetDMIData: remove unused variable
	A variable without use is pointless.

	Remove it, since we have no use for it.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Assign node device driver private data earlier

	Do not call nodeStateCleanup on early initialization error
	If we have not allocated driver yet, there is nothing to cleanup.

	Reformat nodeStateCleanup
	Remove the ret variable and return early if there is no driver.

	node_device_udev: initialize libpciaccess after the driver lock
	This will simplify cleanup.

	Split out pciaccess (de)initialization
	Move pci_system_init and pci_system_cleanup into separate functions,
	to make the conditional compilation easier to read.

2016-06-07  Ján Tomko  <jtomko@redhat.com>

	Initialize ret to -1 in nodeStateInitialize
	Most of the code paths had to reset it to -1 and returning 0 was
	only possible if we made it to the end of the function.

	Initialize it to -1 and only set it to 0 if we reach the end, as we do
	in most of libvirt code.

2016-06-07  Daniel P. Berrange  <berrange@redhat.com>

	systemd: directly notify systemd instead of using sd_notify
	The sd_notify method is used to tell systemd when libvirtd
	has finished starting up. All it does is send a datagram
	containing the string parameter to systemd on a UNIX socket
	named in the NOTIFY_SOCKET environment variable. Rather than
	pulling in the systemd libraries for this, just code the
	notification directly in libvirt as this is a stable ABI
	from systemd's POV which explicitly allows independant
	implementations:

	See "Reimplementable Independently" column in the
	"$NOTIFY_SOCKET Daemon Notifications" row:

	https://www.freedesktop.org/wiki/Software/systemd/InterfacePortabilityAndStabilityChart/

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314881

2016-06-06  John Ferlan  <jferlan@redhat.com>

	qemu: Move and rename qemuBuildObjectCommandlineFromJSON
	Move the module from qemu_command.c to a new module virqemu.c and
	rename the API to virQEMUBuildObjectCommandline.

	This API will then be shareable with qemu-img and the need to build
	a security object for luks support.

2016-06-06  John Ferlan  <jferlan@redhat.com>

	storage: Create helper to set input for CreateQemuImg code
	Create helper virStorageBackendCreateQemuImgSetInput to set the input

	storage: Split out a helper for encryption checks
	Split out a helper from virStorageBackendCreateQemuImgCmdFromVol
	to check the encryption - soon a new encryption sheriff will be
	patroling and that'll mean all sorts of new checks.

	storage: Split out setting default secret for encryption
	Split the qcow setting of encryption secrets into a helper

	util: Clean up code formatting in virstorageencryption
	Bring style more in line with more recent code.

2016-06-06  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document our event loop
	I was asked the other day what's event loop and how libvirt uses
	it. Well, I haven't found any good sources on the Internet so I
	thought of writing the documentation on my own.

2016-06-06  Ján Tomko  <jtomko@redhat.com>

	Do not check for domain liveness in virDomainObjSetDefTransient
	Remove the live attribute and mark the definition as transient
	whether the domain is runing or not.

	There were only two callers left calling with live=false:
	* testDomainStartState, where the domain already is active
	  because we assigned vm->def->id just a few lines above the call
	* virDomainObjGetPersistentDef, which now only calls
	  virDomainObjSetDefTransient for an active domain

2016-06-06  Ján Tomko  <jtomko@redhat.com>

	Check if the domain is active in virDomainObjGetPersistentDef
	Calling virDomainObjSetDefTransient with live=false is a no-op
	on an inactive domain.

	Only call it on an active domain, since this is the only place using
	the live bool.

2016-06-06  Ján Tomko  <jtomko@redhat.com>

	Clean up redundant usage of virDomainObjSetDefTransient
	Commit 45ec297d from November 2010:
	    Make state driver device hotplug/update actually transient
	added virDomainObjSetDefTransient calls to the domain startup
	function in several drivers.

	In November 2011, commit 8866eed:
	    Set aliases for LXC/UML console devices
	added a call earlier in the startup function, without removing the
	existing ones.

	Also, in the UML driver it seems the function never did anything
	useful - vm->def->id is set asynchronnously in umlNotifyEvent.
	At the time of calling virDomainObjSetDefTransient with live=false,
	vm->def->id was likely still -1, making the call a no-op.

2016-06-06  Ján Tomko  <jtomko@redhat.com>

	Post-release version bump to 1.3.6

2016-06-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.5
	* docs/news.html.in: update with 1.3.5 data

2016-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Refresh po files from zanata

2016-06-03  Martin Kletzander  <mkletzan@redhat.com>

	Fix building with -Og
	When building using -Og, gcc sees that some variables can be used
	uninitialized  It can be debatable whether it is possible with our
	codeflow, but functions should be self-contained and initializations are
	always good.  The return instead of goto is due to actualType being used
	in the cleanup.

2016-06-03  Michal Privoznik  <mprivozn@redhat.com>

	virPerfEventIsEnabled: Don't crash on shut off domains
	So imagine the following. You connect read only to a daemon and
	try to fetch stats for a shut off domain, e.g.:

	  virsh -r domstats $dom

	but all of a sudden, virsh instead of printing the stats throws
	the following error at you:

	  error: Disconnected from qemu:///system due to I/O error
	  error: End of file while reading data: Input/output error

	The daemon crashed. This is its backtrace:

	#0  0x00007fa43e3751a8 in virPerfEventIsEnabled (perf=0x0, type=VIR_PERF_EVENT_MBMT) at util/virperf.c:241
	#1  0x00007fa424a9f042 in qemuDomainGetStatsPerf (driver=0x7fa3f4022a30, dom=0x7fa3f40e24c0, record=0x7fa41c000e20, maxparams=0x7fa4360b38d0, privflags=1) at qemu/qemu_driver.c:19110
	#2  0x00007fa424a9f2e7 in qemuDomainGetStats (conn=0x7fa41c001b20, dom=0x7fa3f40e24c0, stats=127, record=0x7fa4360b3970, flags=1) at qemu/qemu_driver.c:19213
	#3  0x00007fa424a9f672 in qemuConnectGetAllDomainStats (conn=0x7fa41c001b20, doms=0x7fa41c0017f0, ndoms=1, stats=127, retStats=0x7fa4360b3a50, flags=0) at qemu/qemu_driver.c:19303
	#4  0x00007fa43e4e15f6 in virDomainListGetStats (doms=0x7fa41c0017f0, stats=0, retStats=0x7fa4360b3a50, flags=0) at libvirt-domain.c:11615

	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7f28d1a38700 (LWP 16154)]
	0x00007f28da4fa1a8 in virPerfEventIsEnabled (perf=0x0, type=VIR_PERF_EVENT_MBMT) at util/virperf.c:241
	241         return event->enabled;

	Problem is, shut off domains don't have priv->perf allocated.
	Therefore if in frame #1 qemuDomainGetStatsPerf() tries to check
	if perf events are enabled, NULL is passed to
	virPerfEventIsEnabled() which due to some incredible
	implementation dereference it. Fix this by checking whether
	passed object is not NULL.

2016-06-03  Michal Privoznik  <mprivozn@redhat.com>

	Drop virPerfGetEventFd
	This function is not used anywhere. Moreover, the code that would
	use lives in virperf.c and therefore has access to the FD anyway.
	Well, for instance virPerfReadEvent is doing just that.

2016-06-03  Michal Privoznik  <mprivozn@redhat.com>

	virDomainChrGetDomainPtrsInternal: Return an integer
	There's this problem on the recent gcc-6.1:

	In file included from conf/domain_conf.c:37:0:
	conf/domain_conf.c: In function 'virDomainChrPreAlloc':
	conf/domain_conf.c:14109:35: error: potential null pointer dereference [-Werror=null-dereference]
	     return VIR_REALLOC_N(*arrPtr, *cntPtr + 1);
	                                   ^~
	./util/viralloc.h:158:73: note: in definition of macro 'VIR_REALLOC_N'
	 # define VIR_REALLOC_N(ptr, count) virReallocN(&(ptr), sizeof(*(ptr)), (count), \
	                                                                         ^~~~~
	conf/domain_conf.c: In function 'virDomainChrRemove':
	conf/domain_conf.c:14133:21: error: potential null pointer dereference [-Werror=null-dereference]
	     for (i = 0; i < *cntPtr; i++) {
	                     ^~~~~~~

	GCC basically fails to see, that the
	virDomainChrGetDomainPtrsInternal will never actually return NULL
	because it's never called over a domain char device with _LAST
	type. But to make it shut up, lets turn this function into
	returning an integer and check in the callers if a zero value
	value was returned.

2016-06-02  Michal Privoznik  <mprivozn@redhat.com>

	virDomainFormatSchedDef: Avoid false positive NULL dereference
	Okay, I admit that our code here is complex. It's not easy to
	spot that NULL deref can't really happen here. So it's no wonder
	that a dumb compiler fails to see all the connections and
	produces the following errors:

	  CC       conf/libvirt_conf_la-domain_conf.lo
	conf/domain_conf.c: In function 'virDomainDefFormatInternal':
	conf/domain_conf.c:22162:22: error: potential null pointer dereference [-Werror=null-dereference]
	             if (sched->policy == i)
	                 ~~~~~^~~~~~~~
	<snip/>
	cc1: all warnings being treated as errors

2016-06-02  Michal Privoznik  <mprivozn@redhat.com>

	ppc64Compute: Avoid possible NULL dereference
	cpu/cpu_ppc64.c: In function 'ppc64Compute':
	cpu/cpu_ppc64.c:620:27: error: potential null pointer dereference [-Werror=null-dereference]
	     if (STRNEQ(guest_model->name, host_model->name)) {
	                ~~~~~~~~~~~^~~
	cpu/cpu_ppc64.c:620:9: note: in expansion of macro 'STRNEQ'
	     if (STRNEQ(guest_model->name, host_model->name)) {
	         ^~~~~~
	cc1: all warnings being treated as errors

	virNetDevBridgeGet: Don't require users to virNetDevSetupControl
	So far, this function has just three callers. Two of them call
	virNetDevSetupControl to create a socket that we can then
	optionally use for ioctl() to fetch data. However, querying sysfs
	is preferred. Therefore it doesn't make much sense to require
	users to set up the socket if they don't even know it will be
	used in favour of sysfs. We can set up the socket iff we need to.

2016-06-01  Laine Stump  <laine@laine.org>

	network: restart dnsmasq after adding/removing txt and srv records
	Although dns host records are stored in a separate configuration file
	that is reread by dnsmasq when it receives a SIGHUP, the txt and srv
	records are directly in the dnsmasq .conf file which can't be reread
	after initial dnsmasq startup. This means that if an srv or txt record
	is modified in a network config, libvirt needs to restart the dnsmasq
	process rather than just sending a SIGHUP.

	This was pointed out in a question in
	https://bugzilla.redhat.com/show_bug.cgi?id=988718 , but no separate
	BZ was filed.

2016-06-01  Pavel Hrdina  <phrdina@redhat.com>

	QXL: fix reloading of vram64 attribute
	Commit b4a5fd95 introduced vram64 attribute for QXL video device but
	there were two issues.  Only function
	qemuMonitorJSONUpdateVideoVram64Size should update the vram64 attribute
	and also the value is in MiB, not in B.

2016-05-31  Michal Privoznik  <mprivozn@redhat.com>

	esxStorageVolGetXMLDesc: Lookup SCSI lun properly
	So the idea is as follows: firstly we obtain a list of all the
	luns, then iterate over it trying to find the one we want to work
	with and after all the iterations we detect whether we have found
	something. Now, the last check is broken, because it compares a
	value form previous iteration, not the one we've just been
	through.

	Then, when computing md5 sum of lun's UUID, we use wrong variable
	again. Well, @hostScsiDisk which is type of esxVI_HostScsiDisk
	extends esxVI_ScsiLun type so they both have the uuid member, but
	it just doesn't feel right to access the data via two different
	variables in one function call.

2016-05-31  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorTextGetAllBlockStatsInfo: Fix line validation
	There's a bug in the function. We expect the following format for
	the data we are parsing here:

	  key: value

	So we use strchr() to find ':' and then see if it is followed by
	space. But the check that does just that is slightly incorrect.

2016-05-30  Michal Privoznik  <mprivozn@redhat.com>

	virSocketAddrIsPrivate: Work on 32bits platforms
	Yet another one of those where signed int (or long int) is not
	enough. And useless to as we're aiming at unsigned anyway.

	../../src/util/virsocketaddr.c: In function 'virSocketAddrIsPrivate':
	../../src/util/virsocketaddr.c:289:45: error: result of '192l << 24' requires 33 bits to represent, but 'long int' only has 32 bits [-Werror=shift-overflow=]
	        return ((val & 0xFFFF0000) == ((192L << 24) + (168 << 16)) ||
	                                             ^~
	../../src/util/virsocketaddr.c:290:45: error: result of '172l << 24' requires 33 bits to represent, but 'long int' only has 32 bits [-Werror=shift-overflow=]
	                (val & 0xFFF00000) == ((172L << 24) + (16  << 16)) ||
	                                             ^~
	cc1: all warnings being treated as errors

2016-05-30  Michal Privoznik  <mprivozn@redhat.com>

	apibuild: Substitute only pure number tokens
	In 38df47c9af1 I've tried to prepare our apibuild.py script for
	change made in 0628f3498ce (1U << 31). What I've done in the
	former commit was to replace \d+U in parsed tokens with \d.
	Problem was, my regular expression there was not quite right as
	it also translated VIR_123U_VAL into VIR_123_VAL.

2016-05-28  Michal Privoznik  <mprivozn@redhat.com>

	build: use gnulib's unsetenv
	Now that gnulib has lifted it's licensing of unsetenv, we should
	use it. Just like we use its counterpart - setenv, already.

2016-05-28  Michal Privoznik  <mprivozn@redhat.com>

	Turn 1<<31 into 1U<<31
	Apparently, 1 << 31 is signed which in turn does not fit into
	a signed integer variable:

	../../include/libvirt/libvirt-domain.h:1881:57: error: result of '1 << 31' requires 33 bits to represent, but 'int' only has 32 bits [-Werror=shift-overflow=]
	     VIR_CONNECT_GET_ALL_DOMAINS_STATS_ENFORCE_STATS = 1 << 31, /* enforce requested stats */
	                                                         ^~
	cc1: all warnings being treated as errors

	The solution is to make it an unsigned value. I've found only two
	such occurrences in our code base.

2016-05-28  Michal Privoznik  <mprivozn@redhat.com>

	docs: Teach apibuild to deal with (1U << 31) too
	The apibuild script is a terrifying beast that parses some source
	files of ours and produces an XML representation of them. When it
	comes to parsing enums we have in some header files, it tries to
	be clever and detect a value that an enum member has (or if it is
	an alias for a different member). Whilst doing that it has to
	deal with values we give to the members in many formats. At some
	places we just pass the value in decimal:

	    VIR_DOMAIN_BLOCK_JOB_TYPE_PULL = 1,

	in other places, we use the aliasing:

	    VIR_CONNECT_GET_ALL_DOMAINS_STATS_ACTIVE = VIR_CONNECT_LIST_DOMAINS_ACTIVE,

	and in other places bitwise shifts are used:

	    VIR_CONNECT_GET_ALL_DOMAINS_STATS_ENFORCE_STATS = 1 << 31, /* enforce requested stats */

	The script tries to parse all of these resulting in the following
	tokens: "1", "VIR_CONNECT_LIST_DOMAINS_ACTIVE", "1<<31"; Then, the
	script tries to turn these into integers using python's eval()
	function. This function succeeds on the first and the last
	tokens. But, if we were to modify the last example so that it's
	of the following form:

	    VIR_CONNECT_GET_ALL_DOMAINS_STATS_ENFORCE_STATS = 1U << 31, /* enforce requested stats */

	the token representing enum's member value will then be "1U<<31".
	So our parsing is good. Unfortunately, python is not aware of the
	difference between signed and unsigned C types, therefore eval()
	fails over this token and the parser falls back thinking it's an
	alias to another enum member. Well it's not.

	The solution is to transform [0-9]U into [0-9] as for our
	purposes here it's the same thing.

2016-05-27  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Fix a regression in checking for realpath (which caused link
	failures regarding duplicate rpl_canonicalize_file_name), and
	fix the mingw build regarding unsetenv.

	* .gnulib: Update to latest.

2016-05-27  Cole Robinson  <crobinso@redhat.com>

	spec: Advertise nvram paths of official fedora edk2 builds
	Fedora now ships edk2 firmware in its official repos, so adapt
	the nvram path list to match. Eventually we can remove the nightly
	links as well once some integration kinks have been worked out,
	and documentation updated.

	Move the macro building into the %build target, which lets us
	build up a shell variable and make things a bit more readable

	https://bugzilla.redhat.com/show_bug.cgi?id=1335395

2016-05-27  Katerina Koukiou  <k.koukiou@googlemail.com>

	lxc: Fix virLXCDomainObjBeginJob position in lxcDomainSetMemoryParameters
	Adjust the code to perform the virLXCDomainObjBeginJob first
	and then the call virDomainLiveConfigHelperMethod.
	As Ján Tomko pointed out, in virDomainLiveConfigHelperMethod,
	there is a check to see if the domain is active when AFFECT_LIVE is set.
	Since virLXCDomainObjBeginJob unlocks the virDomainObjPtr lock,
	the domain could possibly be destroyed while we wait for the job
	and the check results would no longer be valid.

2016-05-26  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Pulls in several portability fixes, including the fact that gnulib
	now only works on platforms with two's complement signed integers.
	Also makes for a smaller delta on the next update (we are waiting
	on a license change to unsetenv for the sake of mingw).

	* .gnulib: Update to latest.
	* bootstrap: Resync from upstream.
	* tests/virstringtest.c: Drop use of obsolete probes of integer
	properties.

2016-05-26  Dawid Zamirski  <dzamirski@datto.com>

	esx: do not store escaped password in esxVI_Context.
	This patch fixes an issue where screenshot API call was failing when
	the esx/vcenter password contains special characters such as
	apostrophee. The reason for failures was that passwords were escaped
	for XML and stored in esxVI_Context which was then passed to raw CURL
	API calls where the password must be passed in original form to
	authenticate successfully. So this patch addresses this by storing
	original passwords in the esxVI_Context struct and escape only for
	esxVI_Login call.

2016-05-26  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix error message when PCI bridge has index <= bus
	Commit ff2126225df0 changed the error message to be more
	detailed about the failure at hand; however, while the new
	error message claims that "bus must be <= index", the error
	message is displayed if "idx <= addr->bus", ie. when bus
	is larger than or *equal to* index.

	Change the error message to report the correct constraint,
	and format it in a way that mirrors the check exactly to
	make it clearer to people reading the code. The new error
	message reads "index must be larger than bus".

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1339900

2016-05-26  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	daemon: cleanup state drivers in order reverse to init order
	This patch aims to fix observed crash on daemon shutdown. Main thread is in
	the process of state drivers cleanup, network driver is cleaned up and
	qemu driver is not yet. Meanwhile eof event from qemu process triggers
	qemuProcessStop -> networkReleaseActualDevice and crash happens as
	network driver is already cleaned up.

2016-05-26  Dawid Zamirski  <dzamirski@datto.com>

	esx: use newer virtualHW version for 5.1+ hosts
	This is because there's a known issue where ESX will refuse to attach
	drives bigger than 4TB when virtualHW < 9. Therefore, to avoid that
	use the higher virtualHW for hosts that support it.

	https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2054952

2016-05-26  Dawid Zamirski  <dzamirski@datto.com>

	esx: Add VMCI device for virtualHW >= 7
	This patch fixes an issue where vMotion fails when VMCI device is not
	present in the vmx file.

	esx: add pciBridge devices when SCSI is used
	When a SCSI controller is present, ESX adds several pciBridge devices
	to vmx file. This fixes an error message where it refuses to create VM
	due to not enough PCI devices available. This applies only to virtualHW
	version >= 7.

2016-05-25  Laine Stump  <laine@laine.org>

	conf: permit auto-assignment of controller indexes
	Hand-entering indexes for 20 PCI controllers is not as tedious as
	manually determining and entering their PCI addresses, but it's still
	annoying, and the algorithm for determining the proper index is
	incredibly simple (in all cases except one) - just pick the lowest
	unused index.

	The one exception is USB2 controllers because multiple controllers in
	the same group have the same index. For these we look to see if 1) the
	most recently added USB controller is also a USB2 controller, and 2)
	the group *that* controller belongs to doesn't yet have a controller
	of the exact model we're just now adding - if both are true, the new
	controller gets the same index, but in all other cases we just assign
	the lowest unused index.

	With this patch in place and combined with the automatic PCI address
	assignment, we can define a PCIe switch with several ports like this:

	  <controller type='pci' model='pcie-root-port'/>
	  <controller type='pci' model='pcie-switch-upstream-port'/>
	  <controller type='pci' model='pcie-switch-downstream-port'/>
	  <controller type='pci' model='pcie-switch-downstream-port'/>
	  <controller type='pci' model='pcie-switch-downstream-port'/>
	  <controller type='pci' model='pcie-switch-downstream-port'/>
	  <controller type='pci' model='pcie-switch-downstream-port'/>
	  ...

	These will each get a unique index, and PCI addresses that connect
	them together appropriately with no pesky numbers required.

2016-05-25  Laine Stump  <laine@laine.org>

	conf: make virDomainControllerFindUnusedIndex() more generally usable
	Make virDomainControllerFindUnusedIndex() a global function so that it
	can be used outside domain_conf.c (as well as higher up in
	domain_conf.c itself)/ Also make its DomainDef arg a const* so that
	functions which only have a const* to the domain can use it.

	conf/qemu: make IS_USB2_CONTROLLER globally available
	IS_USB2_CONTROLLER() is useful in more places aside from just when
	assigning PCI addresses in QEMU, and is checking for enum values that
	are all defined in conf/domain_conf.h anyway, so define it there
	instead.

2016-05-25  Chunyan Liu  <cyliu@suse.com>

	libxl: add .domainInterfaceAddresses
	Add .domainInterfaceAddresses so that user can have a way to
	get domain interface address by 'virsh domifaddr'. Currently
	it only supports '--source lease'.

	Signed-off: Chunyan Liu <cyliu@suse.com>

2016-05-25  Ján Tomko  <jtomko@redhat.com>

	security: label the slic_table
	Add support for the slic_table to the security drivers.

2016-05-25  Ján Tomko  <jtomko@redhat.com>

	qemu: format SLIC ACPI table command line
	<os>
	  <acpi>
	    <table type="slic">/path/to/acpi/table/file</table>
	  </acpi>
	</os>

	will result in:

	-acpitable sig=SLIC,file=/path/to/acpi/table/file

	This option was introduced by QEMU commit 8a92ea2 in 2009.

	https://bugzilla.redhat.com/show_bug.cgi?id=1327537

2016-05-25  Ján Tomko  <jtomko@redhat.com>

	conf: add <acpi><table> to <os>
	Add a new element to <domain> XML:
	<os>
	  <acpi>
	    <table type="slic">/path/to/acpi/table/file</table>
	  </acpi>
	</os>

	To supply a path to a SLIC (Software Licensing) ACPI
	table blob.

	https://bugzilla.redhat.com/show_bug.cgi?id=1327537

2016-05-25  Pavel Hrdina  <phrdina@redhat.com>

	qemucapstest: replace caps-1.6.50 with updated caps-1.7.0
	The qemu-1.6.50 is a beta before the new minor version, let's replace it with
	the release qemu-1.7.0.

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove virDomainLiveConfigHelperMethod from qemuDomainSetSchedulerParametersFlags
	This refactor also makes a distinction between the pointer to the
	original definition and copied one to prevent mixups.

	qemu: Remove virDomainLiveConfigHelperMethod from qemuDomainSetBlockIoTune

	qemu: Refactor qemuDomainGetSchedulerParametersFlags
	Use virDomainCputune struct to store the data rather than exploding the
	fields and use macros to fill the typed params.

	conf: Change virDomainCputune member 'shares' to unsigned long long
	cgroup functions set and get the longer type so use it everywhere

	qemu: Remove virDomainLiveConfigHelperMethod from qemuDomainGetSchedulerParametersFlags

	qemu: Refactor qemuDomainGetBlkioParameters
	Get rid of lots of duplicated code.

	qemu: Remove virDomainLiveConfigHelperMethod from qemuDomainGetBlkioParameters

	qemu: Remove virDomainLiveConfigHelperMethod from qemuDomainSetMemoryParameters

	qemu: Refactor typed params assignment in qemuDomainGetBlockIoTune
	Introduce a macro to assign the parameters to avoid the for loop and
	shuffle around various checks for a simpler and saner function.

	qemu: Replace virDomainLiveConfigHelperMethod in qemuDomainGetBlockIoTune
	Use virDomainObjGetDefs since the API guarantees that both live and
	config are never set together.

	qemu: monitor: Remove 'supportMaxOptions' argument from qemuMonitorGetBlockIoThrottle
	The caller is already aware that the params are missing and the
	extractor is ignoring the missing ones so the parameter isn't necessary.

2016-05-25  Dawid Zamirski  <dzamirski@datto.com>

	esx: use lsilogic adapter type in vol create.
	ESX will refuse to attach VMDKS that have buslogic adatper type to 64bit
	VMs whereas lsilogic works fine both 32bit and 64bit VMs.

2016-05-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: default to qemu driver for network disks
	Xen only supports network-based disks with the qemu (aka qdisk) driver.
	Set the driverName to 'qemu' in libxlDomainDeviceDefPostParse() if
	not already set. When starting a domain with network-based disks,
	ensure the driverName is 'qemu'.

	Resolves: https://bugzilla.opensuse.org/show_bug.cgi?id=981094

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Allow disk update of startupPolicy/snapshot for all disks
	The libvirt internal bits can be changed for disks that don't otherwise
	support changing media. Remove the switch statement and allow changes of
	non-source data for all disks.

	qemu: driver: Move around code to avoid need to rollback
	qemuDomainChangeDiskLive rolled back few changes to the disk definition
	if changing of the media failed. This can be avoided by moving some code
	around.

2016-05-25  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	Call qemuDomainObjEndJob when qemuCaps is null during hotplug

	Unref the cfg in qemuDomainAttachHostPCIDevice()

2016-05-25  John Ferlan  <jferlan@redhat.com>

	lxc: Fix lxcDomainDestroyFlags endjob processing
	Commit id '15ccb0dbf' added job functions for the lxc driver; however,
	for shutdown and nonpersistent path, the vm was removed from the domain
	object list and the vm pointer cleared before the endjob.

	Adjust the code to perform the endjob first and then perform the
	ObjListRemove as long as the vm wasn't NULL. This follows more closely
	models from qemu and libxl

	Found by Coverity (FORWARD_NULL)

2016-05-25  John Ferlan  <jferlan@redhat.com>

	qemu: Remove unused persistentAddrs
	Based on some digital archaeology performed by jtomko, it's been determined
	that the persistentAddrs variable is no longer necessary...

	The variable was added by:
	commit 141dea6bc7222107c2357acb68066baea5b26df3
	CommitDate: 2010-02-12 17:25:52 +0000
	    Add persistence of PCI addresses to QEMU

	Where it was set to 0 on domain startup if qemu did not support the
	QEMUD_CMD_FLAG_DEVICE capability, to clear the addresses at shutdown,
	because QEMU might make up different ones next time.

	As of commit f5dd58a6088cfc6e8bd354b693d399807a8ec395
	CommitDate: 2012-07-11 11:19:05 +0200
	    qemu: Extended qemuDomainAssignAddresses to be callable from
	    everywhere.

	this was broken, when the persistentAddrs = 0 assignment was moved
	inside qemuDomainAssignPCIAddresses and while it pretends to check
	for !QEMU_CAPS_DEVICE, its parent qemuDomainAssignAddresses is only
	called if QEMU_CAPS_DEVICE is present.

2016-05-25  John Ferlan  <jferlan@redhat.com>

	qemu: Remove dead code
	Since commit id '20a0fa8e' removed the QEMU_CAPS_DEVICE, Coverity notes
	that it's no longer possible to have 'addrs' be NULL when checking for
	a live domain since qemuDomainPCIAddressSetCreate would have jumped to
	cleanup if addrs was NULL.

2016-05-25  Andrea Bolognani  <abologna@redhat.com>

	conf: nodedev: Set PCI_PHYSICAL_FUNCTION flag more carefully
	Instead of setting the flag before parsing the PCI address, set
	it afterwards. This ensure we can never end up in a situation
	where the flag has been set but pci_dev.physical_function has
	not been filled in.

2016-05-25  Andrea Bolognani  <abologna@redhat.com>

	pci: Fix virPCIGetPhysicalFunction()'s callers
	Commit c8b1a83605e4 changed the function, making it
	impossible for callers to be able to tell whether a
	non-negative return value means "physical function
	address found and parsed correctly" or "couldn't find
	corresponding physical function".

	The important difference between the two being that,
	in the latter case, the returned pointer is NULL and
	should never, ever be dereferenced.

	In order to cope with these changes, the callers
	have to be updated.

2016-05-25  Andrea Bolognani  <abologna@redhat.com>

	pci: Document virPCIGetPhysicalFunction()

	pci: Initialize return location in virPCIGetPhysicalFunction()
	Just an extra precaution in case the function returns early
	due to an OOM error.

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: wait for the tray to eject only for drives with a tray
	Use the detected tray presence flag to trigger the tray waiting code
	only if the given storage device in qemu reports to have a tray.

	This is necessary as the floppy device lost it's tray as of qemu commit:

	commit abb3e55b5b718d6392441f56ba0729a62105ac56
	Author: Max Reitz <mreitz@redhat.com>
	Date:   Fri Jan 29 20:49:12 2016 +0100

	    Revert "hw/block/fdc: Implement tray status"

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Fix error reported when cdrom tray is locked
	Commit 1fad65d49aae364576bd91352a001249510f8d4e used a really big hammer
	and overwrote the error message that might be reported by qemu if the
	tray is locked. Fix it by reporting the error only if no error is
	currently set.

	Error after commit mentioned above:
	error: internal error: timed out waiting for disk tray status update

	New error:
	error: internal error: unable to execute QEMU command 'eject': Tray of
	device 'drive-ide0-0-0' is not open

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Extract code for waiting for tray eject
	The code grew rather convoluted. Extract it to a separate function.

	qemu: process: Fix and improve disk data extraction
	Extract information for all disks and update tray state and source only
	for removable drives. Additionally store whether a drive is removable
	and whether it has a tray.

	qemu: Move and rename qemuDomainCheckEjectableMedia to qemuProcessRefreshDisks
	Move it to a more sane place since it's refreshing data about disks.

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Extract more information about qemu drives
	Extract whether a given drive has a tray and whether there is no image
	inserted.

	Negative logic for the image insertion is chosen so that the flag is set
	only if we are certain of the fact.

2016-05-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Move struct qemuDomainDiskInfo to qemu_domain.h

2016-05-25  Joao Martins  <joao.m.martins@oracle.com>

	xenconfig: xm: check for driver on disk format
	When reviewing libxl vif typename series[0] I found a bug
	on xen-xm formatter where "virsh domxml-to-native xen-xm file.xml"
	can lead to a NULL dereference if the disk driver isn't specified.
	Fix this by checking for driver before writing/testing it down.

	[0] https://www.redhat.com/archives/libvir-list/2016-April/msg01434.html

2016-05-24  Laine Stump  <laine@laine.org>

	lxc: support <interface type='ethernet'>
	This is identical to type='bridge', but without the "connect to a
	bridge" part, so it can be handled by using the same functions (and
	often even the same cases in switch statements), after renaming
	virLXCProcessSetupInterfaceBridged() to virLXCProcessInterfaceTap()
	and enhancing it to skip bridge-related items when brname == NULL.

	To be truly useful, we need to support setting the ip address on the
	host side veth as well as guest side veth (already supported for
	type='bridge'), as well as setting the peer address for both.

	The <script> element (supported by type='ethernet' in qemu) isn't
	supported in this patch. An error is logged at domain start time if it
	is encountered. This may be changed in a later patch.

2016-05-24  Katerina Koukiou  <k.koukiou@googlemail.com>

	lxc: completely rework reference counting
	This patch follows the pattern used in qemu driver regarding
	reference counting.
	It changes lxcDomObjFromDomain() to ref the domain (using
	virDomainObjListFindByUUIDRef()) and adds virDomainObjEndAPI() which
	should be the only function in which the return value of
	virObjectUnref() is checked.  This makes all reference counting
	deterministic and makes the code a bit clearer.

	lxc: use job functions in lxcDomainLxcOpenNamespace & lxcDomainSendProcessSignal
	Use the recently added job functions in lxcDomainLxcOpenNamespace,
	lxcDomainSendProcessSignal.

2016-05-24  Pavel Hrdina  <phrdina@redhat.com>

	qemucapstest: update caps for qemu-2.6.0

	qemucapstest: update caps for qemu-2.5.0

	qemucapstest: update caps for qemu-2.4.0

	qemucapstest: update caps for qemu-2.1.1

	qemucapstest: update caps for qemu-1.6.0

	qemucapstest: update caps for qemu-1.5.3

	qemucapstest: update caps for qemu-1.4.2

	qemucapstest: update caps for qemu-1.3.1

	qemucapstest: update caps for qemu-1.2.2

2016-05-24  Maxim Nestratov  <mnestratov@virtuozzo.com>

	nwfilter: fix lock order deadlock
	Below is backtraces of two deadlocked threads:

	thread #1:
	 virDomainConfVMNWFilterTeardown
	   virNWFilterTeardownFilter
	       lock updateMutex <------------
	       _virNWFilterTeardownFilter
	            try to lock interface <----------

	thread #2:
	 learnIPAddressThread
	    lock interface <-------
	    virNWFilterInstantiateFilterLate
	        try to lock updateMutex <----------

	The problem is fixed by unlocking interface before calling
	virNWFilterInstantiateFilterLate to avoid updateMutex and interface ordering
	deadlocks. Otherwise we are going to instantiate the filter while holding
	interface lock, which will try to lock updateMutex, and if some other thread
	instantiating a filter in parallel is holding updateMutex and is trying to
	lock interface, both will deadlock.
	Also it is safe to unlock interface before virNWFilterInstantiateFilterLate
	because learnIPAddressThread stopped capturing packets and applied necessary
	rules on the interface, while instantiating a new filter doesn't require a
	locked interface.

2016-05-24  Pavel Hrdina  <phrdina@redhat.com>

	maint: fix syntax-check sc_prohibit_int_ijk exclude rule
	Fix the regex for excluding files for this syntax-rule.  The rule "include/"
	will not work, because we are matching the whole line like this
	"^(...|include/|...)$ so we need to use "include/libvirt/libvirt.+".  The second
	issue is that we are using only one '$' but there should be two of those at the
	end.  The last small adjustment is to escape dots '.' so it match only dot.

	makefile: fix build on systems where gnutls is not in /usr/include
	We need to append GNUTLS_CFLAGS while building utils because virtcrypto
	is using it.  This fixes build on freebsd where gnutuls is in
	/usr/local/include.

	qemuxml2argvtest: skip test that depends on gnutls_cipher_encrypt()
	Test disk-drive-network-rbd-auth-AES depends on existence of
	gnutls_cipher_encrypt() function which was introduced in gnutls 2.10.0.
	On systems without this function we should skip this test.

2016-05-23  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	storage: Replace VIR_ERROR with standard vir*Error in state driver init
	Replace VIR_ERROR with virReportError and virReportSystemError

	nwfilter: Replace VIR_ERROR with standard vir*Error in state driver init
	Replace VIR_ERROR with virReportError

	libxl: Replace VIR_ERROR with standard vir*Error in state driver init
	Replace VIR_ERROR with virReportError

	bhyve: Replace VIR_ERROR with standard vir*Error in state driver init
	Replace VIR_ERROR with virReportError

2016-05-23  Laine Stump  <laine@laine.org>

	qemu: simplify addition of USB controller in qemuParseCommandLine
	virDomainDefAddUSBController() does everything that the multiple lines
	of code were doing.

2016-05-23  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: add error code for case if vm is already stopped
	If try to stop VM or container which is already stopped than
	Virtuozzo 7 returns code PRL_ERR_INVALID_ACTION_REQUESTED.
	Error code PRL_ERR_DISP_VM_IS_NOT_STARTED is used in Virtuozzo 6

2016-05-23  Ján Tomko  <jtomko@redhat.com>

	Revert "qemu_cgroup: allow access to /dev/dri for virtio-vga"
	This reverts commit 3943bdd60c7ff1de00e73f66d907664b74a88a3f.

2016-05-23  Ján Tomko  <jtomko@redhat.com>

	storage: do not clear vols before volume upload
	Commit 5e54361c added virStoragePoolObjClearVols before refreshPool
	to prevent duplicate volume entries.

	However it is not needed here because we're not refreshing the pool yet,
	just checking for the existence of the refresh callback.

	The actual refresh is done via virStorageVolFDStreamCloseCb
	in virStorageVolPoolRefreshThread, which already calls
	virStoragePoolObjClearVols.

2016-05-23  Ján Tomko  <jtomko@redhat.com>

	Deprecate QEMU_CAPS_PCIDEVICE
	Before removal of QEMU_CAPS_DEVICE, its only usage was
	or'd with QEMU_CAPS_DEVICE.

	Now it's unused.

2016-05-23  Ján Tomko  <jtomko@redhat.com>

	Deprecate QEMU_CAPS_DEVICE
	We support qemu version 0.12.0+, which has it.

	Deprecate QEMU_CAPS_DRIVE_READONLY
	We have been assuming its support if qemu supports -device,
	which all the supported versions do.

	qemu: always assume QEMU_CAPS_DRIVE_READONLY
	We have been always setting the capability on if qemu has
	QEMU_CAPS_DEVICE.

	tests: always assume QEMU_CAPS_DRIVE_READONLY

	tests: remove <readonly/> from IDE disks
	Read-only IDE disks are not supported, but the error
	is raised only when QEMU_CAPS_DRIVE_READONLY is set.

	tests: remove disk-drive-fat test
	This test requests a read-only virtual FAT drive on the IDE bus.
	Read-only IDE drives are unsupported, but libvirt only displays
	the error if it has the QEMU_CAPS_DRIVE_READONLY capability.
	Read-write FAT drives are also unsupported.

	qemu: assume QEMU_CAPS_DEVICE almost everywhere
	Remove more checks that are no longer necessary.

	qemu_command: assume QEMU_CAPS_DEVICE
	Drop some checks that are no longer necessary as well as
	-usbdevice -pcidevice and -soundhw support.

2016-05-22  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	util: fix build without GNUTLS

2016-05-20  Cole Robinson  <crobinso@redhat.com>

	tests: qemu: test <address type='pci'/> with aarch64
	This is an interesting test case since PCI isn't the default for
	aarch64.

2016-05-20  Laine Stump  <laine@laine.org>

	qemu: auto-assign addresses when <address type='pci'/> is specified
	Rather than only assigning a PCI address when no address is given at
	all, also do it when the config says that the address type is 'pci',
	but it gives no address (virDeviceInfoPCIAddressWanted()).

	There are also several places after parsing but prior to address
	assignment where code previously expected that any info with address
	type='pci' would have a *valid* PCI address, which isn't always the
	case - now we check not only for type='pci', but also for a valid
	address (virDeviceInfoPCIAddressPresent()).

	The test case added in this patch was directly copied from Cole's patch titled:

	    qemu: Wire up address type=pci auto_allocate

2016-05-20  Laine Stump  <laine@laine.org>

	bhyve: auto-assign addresses when <address type='pci'/> is specified
	Rather than only assigning a PCI address when no address is given at
	all, also do it when the config says that the address type is 'pci',
	but it gives no address.

2016-05-20  Laine Stump  <laine@laine.org>

	conf: allow type='pci' addresses with no address attributes specified
	Prior to this, <address type='pci'/> wasn't allowed when parsing
	(domain+bus+slot+function needed to be a "valid" PCI address, meaning
	that at least one of domain/bus/slot had to be non-0), the RNG
	required bus to be specified, and if type was set to PCI when
	formatting, domain+bus+slot+function would always be output.

	This makes all the address attributes optional during parse and RNG
	validation, and suppresses domain+bus+slot+function if domain+bus+slot
	are all 0 (NB: if d+b+s are all 0, any value for function is
	nonsensical as that will never happen in the real world, and after
	the next patch we will always assign a real working address to any
	empty PCI address before it is ever output to anywhere).

	Note that explicitly setting all attributes to 0 is equivalent to
	setting none of them, which is okay, since 0000:00:00 is reserved in
	any PCI bus setup, and can't be used anyway.

2016-05-20  Laine Stump  <laine@laine.org>

	conf: new functions to check if PCI address is wanted/present
	In order to allow <address type='pci'/> with no other attributes to
	mean "I want a PCI address, but any PCI address will do" (just as
	having no <address> at all usually indicates), we will need to change
	several places in the code from a simple "info->type == (or !=)
	VIR_DOMAIN_DEVICE_ADDRESS_TYPE_(PCI|NONE)" into something slightly
	more complex, this patch adds to new functions that take a
	virDomainDeviceInfoPtr and return true/false depending on 1) whether
	the current state of the info indicates that we "want" a PCI address
	for this device (virDeviceInfoPCIAddressWanted()) and 2) whether this
	device already has a valid PCI address
	(virDeviceInfoPCIAddressPresent()).

	Both of these functions required the simpler check for whether a pci
	address is "empty" (i.e. all of its attributes are 0, which can never
	happen in a real PCI address, since slot 0 of bus 0 of domain 0 is
	always reserved), so that function is also added.

2016-05-20  Laine Stump  <laine@laine.org>

	conf: move virDomainDeviceInfo definition from domain_conf.h to device_conf.h
	Also moves all the subordinate structs. This is necessary due to a new
	inline function that will be defined in device_conf.h, and also makes
	sense, because it is the *device* info that's in the struct. (Actually
	a lot more stuff from domain_conf.h could move to this newer file, but
	I didn't want to disturb any more than necessary).

2016-05-20  Michal Privoznik  <mprivozn@redhat.com>

	tests: Link virtestmock with probes
	I've encountered this error while trying out this feature on some
	systems:

	  $ VIR_TEST_FILE_ACCESS=1 ./virhashtest \
	 libvirt.git/tests/.libs/lt-virhashtest: \
	symbol lookup error: libvirt.git/tests/.libs/virtestmock.so: \
	undefined symbol: libvirt_event_poll_purge_timeout_semaphore

	Problem is, linking just libvirt_utils to virmock.la is not
	enough. We might need to link libvirt_probes.lo too.

2016-05-20  Michal Privoznik  <mprivozn@redhat.com>

	virtestmock: Mock stat() properly
	There is a lot to explain, but I try to make it as short as
	possible. I'd start by pasting some parts of sys/stat.h:

	extern int stat (const char *__restrict __file,
			 struct stat *__restrict __buf) __THROW __nonnull ((1, 2));

	extern int __REDIRECT_NTH (stat, (const char *__restrict __file,
					  struct stat *__restrict __buf), stat64)
	     __nonnull ((1, 2));

	__extern_inline int
	__NTH (stat (const char *__path, struct stat *__statbuf))
	{
	  return __xstat (_STAT_VER, __path, __statbuf);
	}

	Only one of these is effective at once, due to some usage of
	the mess we are dealing with in here. So, basically, while
	compiling or linking stat() in our code can be transformed into
	some other func. Or a dragon.
	Now, if you read stat(2) manpage, esp. "C library/kernel
	differences" section, you'll learn that glibc uses some tricks
	for older applications to work. I haven't gotten around actual
	code that does this, but based on my observations, if 'stat'
	symbol is found, glibc assumes it's dealing with ancient
	application. Unfortunately, it can be just ours stat coming from
	our mock. Therefore, calling stat() from a test will end up in
	our mock. But since glibc is not exposing the symbol anymore, our
	call of real_stat() will SIGSEGV immediately as the pointer to
	function is NULL. Therefore, we should expose only those symbols
	we know glibc has.

2016-05-20  Michal Privoznik  <mprivozn@redhat.com>

	tests: Drop VIR_MOCK_CALL_STAT
	It wasn't as great idea as I thought. Thing around stat() are
	more complicated than that. Therefore we need to revert
	86d1705a8ace349b plus drop use of the macro as introduced in
	later patches.

2016-05-20  John Ferlan  <jferlan@redhat.com>

	qemu: Utilize qemu secret objects for RBD auth/secret
	https://bugzilla.redhat.com/show_bug.cgi?id=1182074

	If they're available and we need to pass secrets to qemu, then use the
	qemu domain secret object in order to pass the secrets for RBD volumes
	instead of passing the base64 encoded secret on the command line.

	The goal is to make AES secrets the default and have no user interaction
	required in order to allow using the AES mechanism. If the mechanism
	is not available, then fall back to the current plain mechanism using
	a base64 encoded secret.

	New APIs:

	qemu_domain.c:
	  qemuDomainGetSecretAESAlias:
	    Generate/return the secret object alias for an AES Secret Info type.
	    This will be called from qemuDomainSecretAESSetup.

	  qemuDomainSecretAESSetup: (private)
	    This API handles the details of the generation of the AES secret
	    and saves the pieces that need to be passed to qemu in order for
	    the secret to be decrypted. The encrypted secret based upon the
	    domain master key, an initialization vector (16 byte random value),
	    and the stored secret. Finally, the requirement from qemu is the IV
	    and encrypted secret are to be base64 encoded.

	qemu_command.c:
	  qemuBuildSecretInfoProps: (private)
	    Generate/return a JSON properties object for the AES secret to
	    be used by both the command building and eventually the hotplug
	    code in order to add the secret object. Code was designed so that
	    in the future perhaps hotplug could use it if it made sense.

	  qemuBuildObjectSecretCommandLine (private)
	    Generate and add to the command line the -object secret for the
	    secret. This will be required for the subsequent RBD reference
	    to the object.

	  qemuBuildDiskSecinfoCommandLine (private)
	    Handle adding the AES secret object.

	Adjustments:

	qemu_domain.c:
	  The qemuDomainSecretSetup was altered to call either the AES or Plain
	  Setup functions based upon whether AES secrets are possible (we have
	  the encryption API) or not, we have secrets, and of course if the
	  protocol source is RBD.

	qemu_command.c:
	  Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
	  specific command options for an AES secret, such as:

	    -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
	            format=base64
	    -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
	           mon_host=mon1.example.org\:6321,password-secret=$alias,...

	  where the 'id=' value is the secret object alias generated by
	  concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
	  is the master key shared with qemu, and the -drive syntax will
	  reference that alias as the 'password-secret'. For the -drive
	  syntax, the 'id=myname' is kept to define the username, while the
	  'key=$base64 encoded secret' is removed.

	  While according to the syntax described for qemu commit '60390a21'
	  or as seen in the email archive:

	    https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html

	  it is possible to pass a plaintext password via a file, the qemu
	  commit 'ac1d8878' describes the more feature rich 'keyid=' option
	  based upon the shared masterKey.

	Add tests for checking/comparing output.

	NB: For hotplug, since the hotplug code doesn't add command line
	    arguments, passing the encoded secret directly to the monitor
	    will suffice.

2016-05-20  Peter Krempa  <pkrempa@redhat.com>

	tests: Allow multiple mock libraries
	Make virtTestMain take variable number of libraries to mock.

2016-05-20  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSecretSetup
	Currently just a shim to call qemuDomainSecretPlainSetup, but soon to be more

2016-05-20  John Ferlan  <jferlan@redhat.com>

	util: Introduce virCryptoGenerateRandom
	Move the logic from qemuDomainGenerateRandomKey into this new
	function, altering the comments, variable names, and error messages
	to keep things more generic.

	NB: Although perhaps more reasonable to add soemthing to virrandom.c.
	    The virrandom.c was included in the setuid_rpc_client, so I chose
	    placement in vircrypto.

2016-05-20  John Ferlan  <jferlan@redhat.com>

	util: Introduce encryption APIs
	Introduce virCryptoHaveCipher and virCryptoEncryptData to handle
	performing encryption.

	 virCryptoHaveCipher:
	   Boolean function to determine whether the requested cipher algorithm
	   is available. It's expected this API will be called prior to
	   virCryptoEncryptdata. It will return true/false.

	 virCryptoEncryptData:
	   Based on the requested cipher type, call the specific encryption
	   API to encrypt the data.

	Currently the only algorithm support is the AES 256 CBC encryption.

	Adjust tests for the API's

2016-05-20  John Ferlan  <jferlan@redhat.com>

	tests: Add mock for virRandomBytes
	Create a mock for virRandomBytes to generate a not so random value.
	This should be usable by other tests that need a not so random number
	to be generated by including the virrandommock at preload.

	The "random number" generated is based upon the size of the expected
	stream of bytes being returned where each byte in the result gets
	the index of the array - hence a 4 byte array returns 0x00010203.

2016-05-20  Nishith Shah  <nishithshah.2211@gmail.com>

	qemu: parse: Handle suffixes for -m memory
	According to QEMU docs, the '-m' option for specifying RAM is by default
	in MiB, and a suffix of "M" or "G" may be passed for values in MiB and
	GiB respectively. This commit adds support and a test for the same.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=812295

2016-05-20  Nishith Shah  <nishithshah.2211@gmail.com>

	qemu: parse: Use qemuParseCommandLineMem for -m memory
	Move the parsing of -m memory to a new function, qemuParseCommandLineMem

2016-05-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu_command: refactor spice channel code
	This prepares the code for other listen types.

	qemu_process: separate graphics socket and address generation

	graphics: resolve address for listen type network in qemu_process
	Both VNC and SPICE requires the same code to resolve address for listen
	type network.  Remove code duplication and create a new function that
	will be used in qemuProcessSetupGraphics().

	qemu_command: move sasl parameter after port and addr definition
	This is required for following patches where new listen types will be
	introduced.

	domain_conf: introduce virDomainGraphicsListenDefFormatAddr
	Move code that decide whether we print the 'listen' attribute or not
	into virDomainGraphicsListenDefFormatAddr() function.

	graphics: rename gListen to glisten
	We have both in the code.  Let's use only one format.

2016-05-20  Pavel Hrdina  <phrdina@redhat.com>

	tests: cleanup vnc auto socket test
	Commit 55320c23 introduced a new test for VNC to test if
	vnc_auto_unix_socket is set in qemu.conf, but forget to enable it in
	qemuxml2argvtest.c.

	This patch also moves the code in qemuxml2xmltest.c next to other VNC
	tests and refactor the test so we also check the case for parsing active
	XML.

2016-05-20  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: add a empty listen type address if we remove socket for VNC

2016-05-20  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Fix documentation of cpuGetModels
	All callers of cpuGetModels expect @models to be NULL-terminated. Once
	both x86GetModels and ppc64GetModels were fixed to meet this
	expectation, we can explicitly document it.

	cpu: Rework CPU map loading
	The architecture specific loaders are now called with a list of all
	elements of a given type (rather than a single element at a time). This
	avoids the need to reallocate the arrays in CPU maps for each element.

2016-05-20  Jiri Denemark  <jdenemar@redhat.com>

	cpu_ppc64: Use array of models in CPU map
	There's no reason for keeping the models in a linked list. Especially
	when we know upfront the total number of models we are loading.

	As a nice side effect, this fixes ppc64GetModels to always return a
	NULL-terminated list of models.

2016-05-20  Jiri Denemark  <jdenemar@redhat.com>

	cpu_ppc64: Use array of vendors in CPU map
	There's no reason for keeping the vendors in a linked list. Especially
	when we know upfront the total number of models we are loading.

	cpu_x86: Use array of features in CPU map
	There's no reason for keeping the features in a linked list. Especially
	when we know upfront the total number of features we are loading.

	cpu_x86: Use array of vendors in CPU map
	There's no reason for keeping the vendors in a linked list. Especially
	when we know upfront the total number of models we are loading.

2016-05-20  Jiri Denemark  <jdenemar@redhat.com>

	cpu_x86: Use array of models in CPU map
	There's no reason for keeping the models in a linked list. Especially
	when we know upfront the total number of models we are loading.

	As a nice side effect, this fixes x86GetModels to always return a
	NULL-terminated list of models.

2016-05-20  Ján Tomko  <jtomko@redhat.com>

	docs: fix <spice><gl enable> since version
	The support was added by commit 937ebba which was released in
	1.3.3.

2016-05-20  Ján Tomko  <jtomko@redhat.com>

	Do not mask QEMU_CAPS_DEVICE in qemuBuildDriveStr
	For some disk types (SD), we want to emit the syntax
	we used for disks before -device was available even
	if QEMU supports -device.

	Use the qemuDiskBusNeedsDeviceArg helper to figure out
	whether to use the old or new syntax.

2016-05-20  Ján Tomko  <jtomko@redhat.com>

	Introduce qemuDiskBusNeedsDeviceArg
	Replace the two uses of the withDeviceArg bool in
	qemuBuildDiskDriveCommandLine and allow this function to be reused in
	qemuBuildDriveStr.

	Assume QEMU_CAPS_DEVICE in qemuBuildDiskDriveCommandLine
	We no longer need to handle -usbdevice and the withDeviceArg
	logic becomes clearer.

	Remove DISK_BUS_XEN support from qemuBuildDiskDriveCommandLine
	We have stopped supporting Xenner some time ago.

	qemu: always add -nodefaults
	Since we always asumme support of QEMU_CAPS_DEVICE.

2016-05-20  Cole Robinson  <crobinso@redhat.com>

	qemu: process: Drop !QEMU_CAPS_DEVICE code
	Nowadays we only support qemu 0.12.0+ which provides QEMU_CAPS_DEVICE,
	so this is all dead code.

2016-05-20  Ján Tomko  <jtomko@redhat.com>

	Remove qemuProcessInitPCIAddresses with dependencies
	It was only called for QEMUs without QEMU_CAPS_DEVICE,
	which we no longer support.

2016-05-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Fix function header alignment of some functions

	conf: disk: Rename virDomainDiskDefValidate to virDomainDiskDefParseValidate
	Name the validation function distinctively since it's called in the
	parser. Later patches will add function that will validate disk
	definitions that are invalid but need to be parsed to avoid losing
	domains.

2016-05-19  John Ferlan  <jferlan@redhat.com>

	util: Remove need for STATIC_ANALYSIS check
	Seems recent versions of Coverity have (mostly) resolved the issue using
	ternary operations in VIR_FREE (and now VIR_DISPOSE*) macros.  So let's
	just remove it and if necessary handle one off issues as the arise.

2016-05-19  John Ferlan  <jferlan@redhat.com>

	util: Adjust return for virPCIGetDeviceAddressFromSysfsLink
	Rather than return 0/-1 and/or a pointer to some memory, adjust the
	helper to just return the allocated structure or NULL on failure.

	Adjust the callers in order to handle that

2016-05-19  John Ferlan  <jferlan@redhat.com>

	util: Remove need for ret in virPCIGetPhysicalFunction
	Since the callers only ever expect 0 or -1, let's just return that directly

2016-05-19  John Ferlan  <jferlan@redhat.com>

	util: Fix error path for virPCIGetVirtualFunctions
	If we get to the error: label and clear out the *virtual_functions[]
	pointers and then return w/ error to the caller - the caller has it's
	own cleanup of the same array in the out: label which is keyed off the
	value of num_virt_fns, which wasn't reset to 0 in the called function
	leading to a possible problem.

	Just clear the value (found by Coverity)

2016-05-19  Cole Robinson  <crobinso@redhat.com>

	tests: nodeinfotest: Remove virSaveLastError() usage
	It's overkill here, we can use virGetLast* instead

2016-05-19  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	More usage of virGetLastErrorMessage
	Convert to virGetLastErrorMessage() in the rest of the code

	tests: More usage of virGetLastErrorMessage()
	Use virGetLastErrorMessage() instead of virGetLastError() in tests

2016-05-19  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add forgotten backslash
	While introducing virtestmock.la, I've forgotten to add '\' at
	the end of one line leaving our Makefile.am mangled. Fortunately,
	the only thing that comes after is '$(NULL)' so nothing is
	terribly broken.

2016-05-19  Katerina Koukiou  <k.koukiou@googlemail.com>

	lxc: use job functions in lxcDomain* functions that perform modify actions.
	Use the recently added job functions and unlock the virDomainObj while
	performing the respective modify operation.
	This commit affects lxcDomain{DestroyFlags, Reboot, SetBlkioParameters,
	SetMemoryParameters, SetMetadata, SetSchedulerParameterFlags, ShutdownFlags}

	lxc: use job functions in lxcDomain* functions that do query operations.
	This commit affects lxcDomain{InterfaceStats, MemoryStats, BlockStats,
	BlockStatsFlags}

	lxc: add job functions in lxcDomainSetAutostart
	This operation isn't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	lxc: use job functions in lxcDomain{AttachDeviceFlags, DetachDeviceFlags, UpdateDeviceFlags}
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	lxc: use job functions in lxcDomain{Suspend, Resume}
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	lxc: use job functions in lxcDomainSetMemoryFlags
	Large balloon operation can be time consuming.  Use the recently
	added job functions and unlock the virDomainObj while ballooning.

	lxc: use job functions in lxcDomain{CreateXMLWithFiles, CreateWithFiles}
	Creating a large domain could potentially be time consuming.  Use the
	recently added job functions and unlock the virDomainObj while
	the create operation is in progress.

	lxc: Add job support to lxc driver
	Follows the pattern used in the libxl driver for managing multiple,
	simultaneous jobs within the driver.

2016-05-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: bulk stats: Don't access possibly blocked storage
	If the stats for a block device can't be acquired from qemu we've
	fallen back to loading them from the file on the disk in libvirt.

	If qemu is not cooperating due to being stuck on an inaccessible NFS
	share we would then attempt to read the files and get stuck too with
	the VM object locked. All other APIs would eventually get stuck waiting
	on the VM lock.

	Avoid this problem by skipping the block stats if the VM is online but
	the monitor did not provide any stats.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1337073

2016-05-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Separate bulk stats worker for block devices
	Extract the fallback path that reloads the stats from disk into a
	separate function.

	qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock
	'abbreviated' was true if 'stats' were NULL

2016-05-19  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: add support to perf event for MBM
	Some Intel processor families (e.g. the Intel Xeon processor E5 v3
	family) introduced some RDT (Resource Director Technology) features
	to monitor or control shared resource. Among these features, MBM
	(Memory Bandwidth Monitoring), which is build on the CMT (Cache
	Monitoring Technology) infrastructure, provides OS/VMM a way to
	monitor bandwidth from one level of cache to another.

	With current perf framework, this patch adds support to perf event
	for MBM.

2016-05-19  Ján Tomko  <jtomko@redhat.com>

	Separate virDomainDefParseBootOptions
	Split out parsing of most of the <os> subelements into a separate
	function.

2016-05-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: cleanup: define vz format of uuids
	vz puts uuids into curly braces. Simply introduce new contstant to reflect this
	and get rid of magic +2 in code.

	vz: implement p2p migration
	Peer to peer migration is implemented just as in managed case. Basically
	it is copy paste from managed case but with all the branches that are not
	applied to vz removed.

	vz: implement managed migration
	The newest version of migration protocol - version 3 with parameters is implemented.
	Supported flags is VIR_MIGRATE_PAUSED only. Supported parameters are
	VIR_MIGRATE_PARAM_URI and VIR_MIGRATE_PARAM_DEST_NAME. VIR_MIGRATE_PARAM_DEST_XML
	is in VZ_MIGRATION_PARAMETERS for technical onyl reasons.

	vz: fix const correctness case

	vz: save session uuid on login
	This session uuid acts as authN token for different multihost vz operations one
	of which is migration. Unfortunately we can't get it from server at any time
	thus we need to save it at login.

2016-05-19  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Introduce commands srv-clients-info and srv-clients-set
	Finally wire-up virAdmServer{Get,Set}ClientLimits APIs into virt-admin client.
	Update the virt-admin's man page accordingly.

	admin: Introduce virAdmServerSetClientLimits
	Opposite operation to virAdmServerGetClientLimits. Understandably though,
	setting values for current number of clients connected or still waiting
	for authentication does not make sense, since changes to these values are event
	dependent, i.e. a client connects - counter is increased. Thus only the limits
	to maximum clients connected and waiting for authentication can be set. Should
	a request for other controls to be set arrive (provided such a setting will
	be first introduced to the config), the set of configuration controls can be
	later expanded (thanks to typed params). This patch also introduces a
	constraint that the maximum number of clients waiting for authentication has to
	be less than the overall maximum number of clients connected and any attempt to
	violate this constraint will be denied.

	admin: Introduce virAdmServerGetClientLimits
	Enable retrieval of the number of maximum clients connected to all sockets
	combined, as well as the number of maximum clients waiting for authentication,
	in order to be successfully connected. These are the attributes configurable
	through libvirtd.conf, however, it could be handy to not only know values for
	these limits, but also the values for the current number of clients
	connected and number of clients currently waiting for authentication which are
	changing dynamically. This API does both, retrieves the limits as well as the
	current dynamic values.

	admin: Introduce some public constants related to server's client limits
	In order for typed params validation to pass on daemon side, we should
	encourage users to use our exported constants with typed params to diminish
	to avoid any potential problems related to argument validity.

	virnetserver: Introduce server's client-related limits getters
	Add some trivial getters for client related attributes to virnetserver before
	any admin method can be introduced.

2016-05-19  Ján Tomko  <jtomko@redhat.com>

	qemu_cgroup: allow access to /dev/dri for virtio-vga
	QEMU needs access to the /dev/dri/render* device for
	virgl to work.

	Allow access to all /dev/dri/* devices for domains with
	<video>
	  <model type='virtio' heads='1' primary='yes'>
	    <acceleration accel3d='yes'/>
	  </model>
	</video>

	https://bugzilla.redhat.com/show_bug.cgi?id=1337290

2016-05-18  Cole Robinson  <crobinso@redhat.com>

	qemu: address: Remove QEMU_CAPS_DEVICE usage
	All qemu versions we support have QEMU_CAPS_DEVICE, so checking
	for it is redundant. Remove the usage.

	The code diff isn't clear, but all that code is just inindented
	with no other change.

	Test cases that hit qemuDomainAssignAddresses but don't have
	infrastructure for specifying qemuCaps values see lots of
	churn, since now PCI addresses are in the XML output.

2016-05-18  Cole Robinson  <crobinso@redhat.com>

	tests: qemuargv2xmltest: Drop disk for s390 aes tests
	Upcoming patches are going to make the disk portion of these
	test cases fail. In order to make it work, we would need to
	extend the qemuargv2xml test infrastructure to handle qemuCaps.
	This is worthwhile to do at some point but isn't critical.

	Instead just drop the offending portion, which isn't even the
	target of the test cases anyways

2016-05-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Call virDomainDefPostParse via CONFIG hotplug
	hotplug APIs with the AFFECT_CONFIG flag are essentially replicating
	'insert <device> into XML document, and redefine XML'. Thinking of
	it this way, it's natural that we call virDomainDefPostParse after
	manually editing the XML here.

	Not only does doing so allow us to drop a bunch of open coded calls
	to qemuDomainAssignAddresses, but it also means we are going through
	the standard channels for XML validation and potentially catching
	errors in user submitted XML.

2016-05-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Assign device addresses in PostParse
	This wires up qemuDomainAssignAddresses into the new
	virDomainDefAssignAddressesCallback, so it's always triggered
	via virDomainDefPostParse. We are essentially doing this already
	with open coded calls sprinkled about.

	qemu argv parse output changes slightly since previously it wasn't
	hitting qemuDomainAssignAddresses.

2016-05-18  Cole Robinson  <crobinso@redhat.com>

	domain: Add virDomainDefAssignAddressesCallback
	This will be called at the end of virDomainDefPostParse to
	allow hypervisor drivers to fill in device addresses.

2016-05-18  Pavel Hrdina  <phrdina@redhat.com>

	Revert "qemu_hotplug: fix checking graphics ports"
	This reverts commit 1ccc7fbff34ea44e5b0cf01a359d127a4c62a695.

	We cannot check ports if autoport is set because we set ports to 0 while
	parsing device XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1336134

2016-05-18  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: drop prlsdkDomainHasSnapshots
	Let's use introduced domain snapshots infrastructure instead.

2016-05-18  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add domain snapshots functionality
	This solution does not keep snapshots cache because vz sdk lacks good support
	for snapshot related events.

	Libvirt and vz sdk has different approach to snapshot ids. vz sdk always
	auto generate them while libvirt has ability to specify id by user.
	Thus I have no other choice rather than simply ignore ids set by user
	or generated by libvirt.

2016-05-18  John Ferlan  <jferlan@redhat.com>

	iscsi: Remove initiatoriqn from virISCSIScanTargets
	No longer necessary to have it, so remove it.

2016-05-18  Fritz Elfert  <fritz@fritz-elfert.de>

	util: Remove disabling of autologin for iscsi-targets
	https://bugzilla.redhat.com/show_bug.cgi?id=1331552

	Instead of disabling auto-login of all scsi targets (even those
	that do not "belong" to libvirt), use iscsiadm's "--op nonpersistent"
	during discovery of iSCSI targets (e.g. "iscsiadm --mode discovery
	--type sendtargets") in order to avoid the node database being altered
	which led to the need for the "large hammer" approach taken by
	commit id '3c12b654'.

	This commit removes the virISCSITargetAutologin adjustment (eg. the setting
	of node.startup to "manual"). The iscsiadm command has supported this mode
	of operation as of commit id 'ad873767' to open-iscsi.

2016-05-18  John Ferlan  <jferlan@redhat.com>

	iscsi: Add exit status checking for virISCSIGetSession
	Utilize the exit status parameter for virCommandRunRegex in order to
	check the return error from the 'iscsiadm --mode session' command.
	Without this enabled, if there are no sessions running then virCommandRun
	would have displayed an error such as:

	    2016-05-13 15:17:15.165+0000: 10920: error : virCommandWait:2553 :
	               internal error: Child process (iscsiadm --mode session)
	               unexpected exit status 21: iscsiadm: No active sessions.

	It is possible that for certain paths (when probe is true) we only care
	whether it's running or not to make certain decisions.  Spitting out
	the error for those paths is unnecessary.

	If we do have a situation where probe = false and there's an error,
	then display the error from iscsiadm if it's there.

2016-05-18  John Ferlan  <jferlan@redhat.com>

	util: Add exitstatus parameter to virCommandRunRegex
	Rather than have virCommandRun just spit out the error, allow callers
	to decide to pass the exitstatus so the caller can make intelligent
	decisions based on the error.

2016-05-18  Andrea Bolognani  <abologna@redhat.com>

	tests: Try different usable GIC versions
	The only case where the hardware capabilities influence the result
	is when no <gic/> element was provided.

	The test programs now ensure both that the correct GIC version is
	picked in that case, and that hardware capabilities are not taken
	into account when the user has already picked a GIC version.

2016-05-18  Andrea Bolognani  <abologna@redhat.com>

	tests: Prepare to have different usable GIC versions
	Now that we choose the GIC version based on hardware features when
	no <gic/> element has been provided, we need a way to fake the GIC
	capabilities of the host.

	Update the qemuxml2argv and qemuxml2xml tests to allow this.

2016-05-18  Andrea Bolognani  <abologna@redhat.com>

	qemu: Add virQEMUCapsSetGICCapabilities()
	For use in the test suite.

2016-05-18  Andrea Bolognani  <abologna@redhat.com>

	qemu: Automatically choose usable GIC version
	When the <gic/> element in not present in the domain XML, use the
	domain capabilities to figure out what GIC version is usable and
	choose that one automatically.

	This allows guests to be created on hardware that only supports
	GIC v3 without having to update virt-manager and similar tools.

	Keep using the default GIC version if the <gic/> element has been
	added to the domain XML but no version has been specified, as not
	to break existing guests.

2016-05-18  Andrea Bolognani  <abologna@redhat.com>

	qemu: Add virQEMUCapsSupportsGICVersion()
	This utility function extracts some of the logic from
	virQEMUCapsFillDomainFeatureGICCaps() so that it can be used
	in a different context.

2016-05-18  Jiri Denemark  <jdenemar@redhat.com>

	Change return value of VIR_APPEND*INPLACE* to void
	The INPLACE variants of the VIR_APPEND macros cannot fail and they are
	inherently quiet.

	Remove virDomainRNGInsert
	It was just a useless wrapper around VIR_APPEND_ELEMENT*.

2016-05-17  Chunyan Liu  <cyliu@suse.com>

	xlconfigtest: add test case for type=vif in xl format

2016-05-17  Chunyan Liu  <cyliu@suse.com>

	xenFormatNet: correct `type=netfront' to 'type=vif' to match libxl
	According to current xl.cfg docs and xl codes, it uses type=vif
	instead of type=netfront.

	Currently after domxml-to-native, libvirt xml model=netfront will be
	converted to xl type=netfront. This has no problem before, xen codes
	for a long time just check type=ioemu, if not, set type to _VIF.

	Since libxl uses parse_nic_config to avoid duplicate codes, it
	compares 'type=vif' and 'type=ioemu' for valid parameters, others
	are considered as invalid, thus we have problem with type=netfront
	in xl config file.
	 #xl create sles12gm-hvm.orig
	 Parsing config from sles12gm-hvm.orig
	 Invalid parameter `type'.

	Correct the conversion in libvirt, so that it matchs libxl codes
	and also xl.cfg.

2016-05-17  Chunyan Liu  <cyliu@suse.com>

	extract XEN_CONFIG_FORMAT_XM/XL to xen_common.h
	Unify XEN_CONFIG_FORMAT_x and LIBXL_CONFIG_FORMAT_x to
	XEN_CONFIG_FORMAT_x, and move to xen_common.h.

2016-05-17  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement virConnectIsSecure
	Trivially return 1, since bhyve is considered a local connection that
	should not be vulnerable to eavesdropping.

	bhyve: Implement virConnectIsEncrypted
	Being a local connection, bhyve does not support encryption. Therefore
	trivially return 0.

2016-05-17  Cole Robinson  <crobinso@redhat.com>

	spec: Remove %defattr usage
	It was only needed for rpm versions that are much older than our
	minimally supported distro

	Some more details here: https://fedorahosted.org/fpc/ticket/77

2016-05-17  Maxim Nestratov  <mnestratov@virtuozzo.com>

	Revert "vz: handle sourceless cdroms"
	This reverts commit 071fe092.
	It was committed by a mistake and correct patch was committed
	earlier as baad90fb.

2016-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Report error if we hit tray status timeout
	If we exceed the timeout waiting for the tray status to change,
	we don't report an error. Fix it

	docs: formatdomain: document virtio-mmio device addresses

2016-05-17  Erik Skultety  <eskultet@redhat.com>

	admin: include: Rename argument dmn to conn in virAdmConnectListServers
	This is just a trivial cosmetic change, throughout all the APIs the argument
	is called conn as from 'connection', having 'dmn' at just this single place
	might look odd, so better change it now when the interface is still explicitly
	disabled and we still have the ability to alter the signatures and public
	names before officially enabling it.

2016-05-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: make error path code idiomatic

2016-05-17  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: fix template ct creation
	First we don't need to add disk in this case. Second flag should
	be skipped.

2016-05-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix error message for readonly fs

2016-05-17  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: handle sourceless cdroms
	SDK handles empty cdroms all right. We just need to
	pass "" instead of NULL (not setting is good too).

	However we can get problems here. Disk detaching treats source
	as ids. Fortunately disk detaching is not supported for cdroms
	yet and for hard disks we can not get empty source - this is prohibitited
	by xml parsing code.

2016-05-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix vzCheckUnsupportedDisks format checks for cdroms
	Current version of the function does not check format of cdroms at all.
	At the same time prlsdkGetDiskInfo give hints that cdroms always
	have format VIR_STORAGE_FILE_RAW. So fix vzCheckUnsupportedDisks.

	About structure of checks. As we don't have means to store format
	in SDK we always have only one format in every situation. So instead
	of setting boolean let's get allowed format instead and finally compare
	it to the requested. This structure of checks seems stable to me
	because we have only one format in every situation.

2016-05-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: remove check for auto file format for disks
	VIR_STORAGE_FILE_AUTO can not be set from xml description.
	At the same time we don't set disks format to this value
	as for example qemu does. Thus this we can never get this
	value in format.

2016-05-17  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: cleanup virDomainGraphicsListenDefParseXML

	graphics: make address attribute for listen type='address' optional
	We support omitting listen attribute of graphics element so we should
	also support omitting address attribute of listen element.  This patch
	also updates libvirt to always add a listen element into domain XML
	except for VNC graphics if socket attribute is specified.

2016-05-17  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: parse listen attribute while parsing listen elements
	Move the compatibility code out of virDomainGraphicsListensParseXML()
	into virDomainGraphicsListenDefParseXML().  This also fixes a small
	inconsistency between the code and error message itself.

	Before this patch we would search first listen element that is
	type='address' to validate listen and address attributes. After this
	patch we always take the first listen element regardless of the type.

	This shouldn't break anything since all drivers supports only one
	listen.

2016-05-17  Pavel Hrdina  <phrdina@redhat.com>

	graphics: don't parse listens if socket attribute is present
	If socket attribute is present we start VNC that listens only on that
	unix socket.  This makes the parser behave the same way as we actually
	use the socket attribute.

2016-05-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Allow all volume modes for disk type='lun' sources
	Commit 82ba41108acd0f3f made possible to use direct mapped iSCSI
	volumes in qemu as disk sources but didn't remove the define time check.

	Rework the check by simplifying the condition and allow any volumes to
	be used with disk type='lun'.

2016-05-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Drop QEMU_CAPS_VIRTIO_BLK_SG_IO
	The only QEMU versions that don't have such capability are <0.11,
	which we no longer support anyway

	qemu: Drop QEMU_CAPS_CPU_HOST
	The only QEMU versions that don't have such capability are <0.11,
	which we no longer support anyway

2016-05-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Drop QEMU_CAPS_PCI_ROMBAR
	The only QEMU versions that don't have such capability are <0.12,
	which we no longer support anyway.

	Additionally, this solves the issue of some QEMU binaries being
	reported as not having such capability just because they lacked
	the {kvm-}pci-assign QMP object.

2016-05-16  John Ferlan  <jferlan@redhat.com>

	libxl: Free migration cookie
	Commit id 'f9edcfa4' added cookie manipulation for libxl; however, some
	cookie crumb cleanup was missed. Found by Coverity.

	In libxlDomainMigrationBegin, the cookie is allocated and baked; however,
	the mig ingredients weren't cleaned up.

	In libxlDomainMigrationPrepare, when the 'mig' cookie is added to the
	args, set the 'mig = NULL'; otherwise, other failure paths between when
	the code ate the cookie data and when it was added to args would fail
	to clean up the crumbs.

2016-05-16  John Ferlan  <jferlan@redhat.com>

	qemu:  More qemu_monitor_json cleanups
	Recent adjustments to the code produced a litany of coverity false
	positives, but only because the "standard" procedure of setting a
	variable to NULL after it was assigned to something else and keeping
	the *Free/*FREE call in the cleanup path wasn't kept. So this patch
	makes those adjustments (assign variable to NULL and remove the if
	'ret < 0' condition to clean it up).

2016-05-16  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	bhyve: implement virConnectIsAlive
	bhyve connections are local, and a "connection will be classed as alive
	if it is [...] local".

2016-05-16  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Use -name guest= if available
	-name guest= is the explicit parameter for passing a VM name. Using
	it is required to allow a VM with an '=' in the name

	https://bugzilla.redhat.com/show_bug.cgi?id=1276485

2016-05-16  Cole Robinson  <crobinso@redhat.com>

	qemu: command: escape commas in chardev socket path
	After this, a default virt-manager VM will startup with a comma
	in the VM name:

	https://bugzilla.redhat.com/show_bug.cgi?id=639926

2016-05-16  Cole Robinson  <crobinso@redhat.com>

	qemu: command: escape commas in VNC socket path
	This path can be dependent on the VM libdir, which contains its name

	qemu: command: escape commas in secret master path
	Need to convert the local function to virBuffer usage, so we
	can use qemuBufferEscapeComma

	qemu: command: escape commas in VM name
	This isn't sufficient on its own, since the VM name is used for things
	like monitor paths, which we don't escape yet

	qemu: command: Add qemuBufferEscapeComma
	Centralize the magic invocation for escaping commas on the qemu
	command line, and document it a bit

	qemu: alias: Remove QEMU_CAPS_DEVICE
	QEMU_CAPS_DEVICE is always set nowadays, so drop code that depends
	on not-DEVICE

2016-05-16  Erik Skultety  <eskultet@redhat.com>

	admin: Fix passing an incorrect readonly attribute to virNetServerServiceNew
	When registering admin UNIX socket, a new service is created for it. This
	service is incorrectly initialized to be readonly, which is later inherited by
	all clients connected to the socket. In libvirt-admin's case there currently
	isn't any use for the attribute anyway, but since the socket has root-only
	access permissions, the least we can do is to make every admin client
	connected to it report readonly as false.

2016-05-16  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Properly report errors when parsing CPU map XML

	cpu_x86: Check vendor early
	When searching for the best CPU model for CPUID data we can easily
	ignore models with non-matching vendor before spending time on CPUID
	data to virCPUDef conversion.

	cpu_x86: Don't ignore parsing errors in x86ModelLoad
	CPU map XML is our internal data file, it makes no sense to tolerate any
	errors in it.

	cpu_x86: Don't ignore parsing errors in x86FeatureLoad
	CPU map XML is our internal data file, it makes no sense to tolerate any
	errors in it.

	cpu_x86: Don't ignore parsing errors in x86VendorLoad
	CPU map XML is our internal data file, it makes no sense to tolerate any
	errors in it.

	cpu_x86: Simplify insertions into a linked list
	The next pointer is initialized to NULL, overwriting to with another
	NULL doesn't hurt.

	cpu_x86: Remove comparisons to NULL

	cpu_x86: Use for loop in x86Decode

	cpu_x86: Rename cleanup labels

	cpu_x86: Compare CPU candidates in a separate function
	Splitting the comparison into a separate function makes the code cleaner
	and easier to update in the future.

	cpu_x86: Rename struct virCPUx86DataIterator

	cpu_x86: Rename enum compare_result

	cpu_x86: Rename struct x86_map

	cpu_x86: Rename struct x86_model

	cpu_x86: Rename struct x86_kvm_feature

	cpu_x86: Rename struct x86_feature

	cpu_x86: Rename struct x86_vendor

2016-05-16  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Ignore QEMU_CAPS_DEVICE when building drive alias
	QEMU_CAPS_DEVICE is always set nowadays, so we can drop the
	non-DEVICE code paths

2016-05-16  Jiri Denemark  <jdenemar@redhat.com>

	cpuGetModels: Fix memory leak on error

2016-05-16  Alexander Burluka  <aburluka@virtuozzo.com>

	cpu: Add support for clflushopt and tsc_adjust Intel features
	Corresponding QEMU commits:
	    clflushopt f7fda280948a5e74aeb076ef346b991ecb173c56
	    tsc_adjust 7b458bfd12a71b3da6b531daedc417492c9334e0

2016-05-16  John Ferlan  <jferlan@redhat.com>

	secret: Alter virSecretGetSecretString
	Rather than returning a "char *" indicating perhaps some sized set of
	characters that is NUL terminated, alter the function to return 0 or -1
	for success/failure and add two parameters to handle returning the
	buffer and it's size.

	The function no longer encodes the returned secret, rather it returns
	the unencoded secret forcing callers to make the necessary adjustments.

	Alter the callers to handle the adjusted model.

2016-05-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Fix names for functions that clear security info
	They don't free the structure itself so they should be called *Clear
	rather than *Free.

2016-05-16  John Ferlan  <jferlan@redhat.com>

	util: string: Introduce helper to determine whether a byte buffer is printable

2016-05-16  Peter Krempa  <pkrempa@redhat.com>

	util: string: Introduce virStringEncodeBase64
	Add a new helper that sanitizes error semantics of base64_encode_alloc.

	secret: util: Refactor virSecretGetSecretString
	Call the internal driver callbacks rather than the public APIs to avoid
	calling unnecessarily the error dispatching code and don't overwrite
	the error messages provided by the APIs. They are good enough to
	describe which secret is missing either by UUID or the usage (basically
	name).

2016-05-16  Peter Krempa  <pkrempa@redhat.com>

	util: alloc: Introduce freeing helpers that clear the memory before freeing
	For a few cases where we handle secret information it's good to clear
	the buffers containing sensitive data before freeing them.

	Introduce VIR_DISPOSE, VIR_DISPOSE_N and VIR_DISPOSE_STRING that allow
	simple clearing fo the buffers holding sensitive information on cleanup
	paths.

2016-05-16  Jiri Denemark  <jdenemar@redhat.com>

	capabilities: Advertise cpuselection if -cpu host is usable
	When -cpu host is supported by a QEMU binary, a user can use
	<cpu mode='host-passthrough'/> in domain XML even when libvirtd failed
	to find a matching model for the host CPU. Let's make it obvious by
	advertising <cpuselection/> guest capability whenever -cpu host is
	supported.

	qemuaincapstest: Give better names to test data files

	domaincapstest: Give better names to test data files

	domaincapstest: Use arch strings
	They are shorter and most of the code requires the strings anyway.

2016-05-14  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce check-file-access.pl
	This script will check output generated by virtestmock against a
	white list. All non matching records found are printed out. So
	far, the white list is rather sparse at the moment.
	This test should be ran only after all other tests finished, and
	should cleanup the temporary file before their execution. Because
	I'm unable to reflect these requirements in Makefile.am
	correctly, I've introduced new target 'check-access' under which
	this test is available.

2016-05-14  Michal Privoznik  <mprivozn@redhat.com>

	virtestmock: Print invalid file accesses into a file
	All the accesses to files outside our build or source directories
	are now identified and appended into a file for later processing.
	The location of the file that contains all the records can be
	controlled via VIR_TEST_FILE_ACCESS env variable and defaults to
	abs_builddir "/test_file_access.txt".

	The script that will process the access file is to be added in
	next commit.

2016-05-14  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce global mock library
	The intent is that this library is going to be called every time
	to check if we are not touching anything outside srcdir or
	builddir.

	virmock.h: Introduce VIR_MOCK_CALL_STAT
	There is some magic going on when it comes to stat() or lstat().
	Basically, stat() can either be a regular function, an inline
	function that calls __xstat(_STAT_VER, ...) or a macro that does
	the same as the inline func. Don't ask why is that, just read the
	documentation in sys/stat.h and make sure you have a bucket next
	to you. Anyway, currently there will not be both stat and __xstat
	symbols at the same time, as one of them gets overwritten to the
	other one during compilation. But this is not true anymore once
	we start chaining our mocking libraries. Therefore we need a
	wrapper that calls desired function from glibc.

	securityselinuxhelper: Adapt to virmock.h
	Instead of introducing our own wrapper for dlsym()
	we can use the one provided by virmock.h.

	nssmock: Adapt to virmock.h
	Instead of introducing our own wrapper for dlsym()
	we can use the one provided by virmock.h.

	vircgroupmock: Adapt to virmock.h
	Instead of introducing our own wrapper for dlsym()
	we can use the one provided by virmock.h.

	virpcimock: Adapt to virmock.h
	Instead of introducing our own wrapper for dlsym()
	we can use the one provided by virmock.h.

2016-05-13  Fabian Freyer  <fabian.freyer@physik.tu-berlin.de>

	qemu: remove ATTRIBUTE_UNUSED in connectGetType
	This is not needed here, since the conn parameter is used in the ACL
	checking calls, which were introduced in abf75aea2.

	bhyve: implement virConnectGetType
	This implements virConnectGetType for the bhyve driver.

2016-05-13  Jim Fehlig  <jfehlig@suse.com>

	xlconfigtests: use qemu-xen in all test data files
	Some of the test configuration files in tests/xlconfigdata
	use the old qemu-dm as the emulator. Many of the configuration
	features tested (spice, rbd, multi-usb) are not even usable with
	the old qemu. Change these files to use the new qemu-xen (also
	known as qemu upstream) emulator.

	Note: This change fixes xlconfigtest failures when the old
	qemu is actually installed on the system. During device post
	parse, the libxl driver attempts to invoke the emulator to
	determine if it is the old or new qemu so it can properly set
	video RAM defaults. With the old qemu installed, the default
	video RAM was set differently than the expected value.
	Changing all the test data files to use qemu-xen ensures
	predictable results wrt default video RAM size.

2016-05-13  Jim Fehlig  <jfehlig@suse.com>

	libxl: don't attempt to probe a non-existent emulator
	When probing the <emulator> with '-help' to determine if
	it is the old qemu, errors are reported if the emulator
	doesn't exist

	libvirt:  error : internal error: Child process
	(/usr/lib/xen/bin/qemu-dm -help) unexpected exit status 127:
	libvirt:  error : cannot execute binary /usr/lib/xen/bin/qemu-dm:
	No such file or directory

	Avoid the probe if the specified emulator doesn't exist,
	squelching the error. There is no behavior change since
	libxlDomainGetEmulatorType() would return
	LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN if the probe failed
	via virCommandRun().

2016-05-13  Pavel Hrdina  <phrdina@redhat.com>

	virt-aa-helper: remove replace_string and use virStringReplace instead

2016-05-13  Laine Stump  <laine@laine.org>

	network: log error when <bandwidth> is requested for hostdev interfaces
	This would previously be silently ignored.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1319044

2016-05-13  Michal Privoznik  <mprivozn@redhat.com>

	virfile: Introduce virFileRemoveLastComponent
	Move some parts of virStorageFileRemoveLastPathComponent
	into a separate function so they can be reused.

2016-05-13  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	leave out the default USB controller only on i440fx during migration
	Further followup discussions in list on commit 192a53e concluded
	that we should be leaving out the USB controller only for
	i440fx machines as default USB can be used by someone on q35
	at random slots.

2016-05-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Fix name of macro defining AES IV length
	The initialization vector is a technical term by itself different from
	the key.

2016-05-12  John Ferlan  <jferlan@redhat.com>

	qemu: Change from SecretIV or _IV to SecretAES or _AES
	The preferred name will be AES not IV, change current references

2016-05-12  Christophe Fergeau  <cfergeau@redhat.com>

	schemas: Improve outdated comment

2016-05-12  Ján Tomko  <jtomko@redhat.com>

	Fix tests to include video ram size
	My commit 3e42867 started filling out the video size in post-parse,
	but did not adjust the tests.

2016-05-12  Ján Tomko  <jtomko@redhat.com>

	Fill out default vram in DeviceDefPostParse
	Move filling out the default video (v)ram to DeviceDefPostParse.

	This means it can be removed from virDomainVideoDefParseXML
	and qemuParseCommandLine. Also, we no longer need to special case
	VIR_DOMAIN_VIRT_XEN, since the per-driver callback gets called
	before the generic one.

2016-05-12  Ján Tomko  <jtomko@redhat.com>

	Call per-device post-parse callback even on implicit video
	Commit 6879be48 moved adding of an implicit video device after XML
	parsing. As a result, libxlDomainDeviceDefPostParse() is no longer
	called to set the default vram when adding an implicit device.
	Commit 6879be48 assumes virDomainVideoDefaultRAM() will set the
	default vram, but it returns 0 if the domain virtType is
	VIR_DOMAIN_VIRT_XEN. Attempting to start an HVM domain with vram=0
	results in

	error: unsupported configuration: videoram must be at least 4MB for CIRRUS

	The default vram setting for Xen HVM domains depends on the device
	model used (qemu-xen vs qemu-traditional), hence setting the
	default is deferred to libxlDomainDeviceDefPostParse().

	Call the device post-parse callback even for implicit video,
	to fill out the default vram even for VIR_DOMAIN_VIRT_XEN.

	https://bugzilla.redhat.com/show_bug.cgi?id=1334557
	Most-of-commit-message-by: Jim Fehlig <jfehlig@suse.com>

2016-05-12  Ján Tomko  <jtomko@redhat.com>

	Move virDomainDefPostParseInternal after virDomainDeviceDefPostParse
	Future commit will call DeviceDefPostParse on a device auto-added
	in DomainDefPostParse.

2016-05-11  Erik Skultety  <eskultet@redhat.com>

	util: Fix virGetLastErrorMessage to return proper error when 'err' is NULL
	Both virGetLastError and virGetLastErrorMessage call virLastErrorObject method
	that returns a thread-local error object. However, if a direct call to malloc
	or pthread_setspecific (probably also due to malloc, since it sets ENOMEM)
	fail, virLastErrorObject returns NULL which, although incorrectly interpreted
	by virGetLastError as no error, still requires the caller to check for NULL
	pointer. This isn't the case with virGetLastErrorMessage that also treated it
	incorrectly as no error, but returned the literal "no error".
	This patch tweaks the checks in the virGetLastErrorMessage function, so that
	if virLastErrorObject failed, it returned "unknown error" which is equivalent
	to the current approach with virGetLastError and if it returned NULL,
	"unknown error" was set.

	spec: Fix broken indentation reported by syntax-check
	syntax-check complained about broken indentation in libvirt.spec.in which was
	broken by commit 3694e038

2016-05-11  Daniel P. Berrange  <berrange@redhat.com>

	libvit.spec.in: Add missing BuildRequires against sheepdog
	We were adding a sheepdog requirement at runtime, but forgetting
	to turn it on at build time, so the underlying code was never
	built.

	libvirt.spec.in: remove all changelog entries
	The %changelog entries in the RPM are just a poor immitation
	of the release notes, which is not what %changelog section
	is for. It should be reflecting changes in the RPM packaging,
	not changes in the application releases. Further, this bogus
	list of changes has to be manually deleted every time we sync
	the RPM with Fedora. Remove them, since they serve no useful
	purpose.

	libvirt.spec.in: use explicit --with-xxx for all features
	Rather than letting the configure script auto-detect features
	we expect, use --with-xxx to explicitly mandate them. This
	ensures that we get an error upfront when running configure,
	rather than a failure later during build or RPM file packaging
	time.

	libvirt.spec.in: remove nss plugin conditional
	Both RHEL and Fedora build the nss plugin at all times.

	libvirt.spec.in: remove libnl conditional
	Both RHEL and Fedora build with libnl3 at all times.

	libvirt.spec.in: remove macvtap conditional
	Both RHEL and Fedora build with macvtap at all times.

	libvirt.spec.in: remove libpcap conditional
	Both RHEL and Fedora build with libpcap at all times.

	libvirt.spec.in: remove nwfilter driver conditional
	Both RHEL and Fedora build with the nwfilter driver enabled
	at all times

	libvirt.spec.in: remove nodedev conditional
	Both RHEL and Fedora build with the nodedev driver enabled
	at all times.

	libvirt.spec.in: remove most storage conditionals
	Both RHEL and Fedora build with the storage driver and
	most of its sub-drivers enabled at all times.

	libvirt.spec.in: remove network driver conditiaonl
	Both RHEL and Fedora build with the network driver
	enabled at all times.

	libvirt.spec.in: remove interface driver conditional
	Both RHEL and Fedora build with the interface driver
	enabled at all times.

	libvirt.spec.in: remove selinux conditional
	Both RHEL and Fedora build with selinux enabled at all
	times.

	libvirt.spec.in: remove yajl conditional
	Both RHEL and Fedora build with yajl enabled at all times.

	libvirt.spec.in: remove polkit conditional
	Both RHEL and Fedora build with polkit enabled at all
	times.

	libvirt.spec.in: remove sasl conditionals
	Both RHEL and Fedora build with sasl enabled at all times.

	libvirt.spec.in: remove dtrace conditional
	Both RHEL and Fedora build with dtrace enabled at all
	times.

	libvirt.spec.in: remove audit conditional
	Both RHEL and Fedora build with audit enabled at all
	times.

	libvirt.spec.in: remove netcf conditional
	Both RHEL and Fedora build with netcf enabled at all
	times.

	libvirt.spec.in: remove udev conditional
	Both RHEL and Fedora build with udev enabled at all
	times.

	libvirt.spec.in: remove capng conditional
	Both RHEL and Fedora build with capng enabled at all
	times.

	libvirt.spec.in: remove apparmor conditional
	Neither RHEL or Fedora build apparmor

	libvirt.spec.in: remove hal conditional
	Neither RHEL or Fedora build HAL anymore.

	libvirt.spec.in: remove avahi conditional
	Both RHEL and Fedora build with avahi enabled at all
	times.

	libvirt.spec.in: remove libvirtd conditional
	Both RHEL and Fedora build with libvirtd enabled at
	all times.

	libvirt.spec.in: remove conditional for driver modules
	Both RHEL and Fedora build with driver modules enabled by
	default, so there is no need for any conditional.

	libvirt.spec.in: remove client only build option
	A client only build dates back to RHEL5 where some architectures
	did not build the libvirtd daemon, only the clients. Since RHEL5
	was dropped this is no longer required.

2016-05-11  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec.in: drop Fedora < 20 and RHEL < 6
	Simplify conditionals to assume Fedora >= 20 or RHEL >= 6

	The %prep section will explicitly check the version and
	refuse to run if insufficient.

2016-05-11  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec.in: explicitly disable xenapi & vz drivers
	The xenapi & vz drivers won't build in Fedora or RHEL
	since their deps don't exist there.

2016-05-11  John Ferlan  <jferlan@redhat.com>

	storage: Fix virStorageBackendDiskDeleteVol for device mapper
	Commit id 'df1011ca8' modified virStorageBackendDiskDeleteVol to use
	"dmsetup remove --force" to remove the volume, but left things in an
	inconsistent state since the partition still existed on the disk and
	only the device mapper device (/dev/dm-#) was removed.

	Prior to commit '1895b421' (or '1ffd82bb' and '471e1c4e'), this could
	go unnoticed since virStorageBackendDiskRefreshPool wasn't called.
	However, the pool would be unusable since the /dev/dm-# device would
	be removed even though the partition was not removed unless a multipathd
	restart reset the link. That would of course make the volume appear again
	in the pool after a refresh or pool start after libvirt reload.

	This patch removes the 'dmsetup' logic and re-implements the partition
	deletion logic for device mapper devices. The removal of the partition
	via 'parted rm --script #' will cause udev device change logic to allow
	multipathd to handle removing the dm-* device associated with the partition.

2016-05-11  John Ferlan  <jferlan@redhat.com>

	storage: Fix algorithm generating path names for devmapper
	https://bugzilla.redhat.com/show_bug.cgi?id=1265694

	Commit id '020135dc' didn't quite get the algorithm correct when a
	device mapper source ended with a non numeric value (e.g. ends with
	an alphabet value).

	This patch modifies the 'part_separator' logic to add the "p" separator
	to the attempted target path name only when specified as part_separator='yes'.

	For a source name that already ends with a number, the logic doesn't change
	as the part separator would need to be there.

	For a source name that ends with something other than a number, this allows
	the possibility that a "p" separator can be added. The default for one of
	these source devices is to not add the separator.

	The key for device mapper and the need for a partition separator "p" is
	the presence of a number in the last character of the device name link
	in /dev/mapper.  A name such as "/dev/mapper/mpatha1" would generate
	a "/dev/mapper/mpatha1p1" partition, while "/dev/mapper/mpatha" would
	generate partition "/dev/mapper/mpatha1". Similarly for a device
	mapper entry not using friendly names or an alias, a device such as
	"/dev/mapper/3600a0b80005b10ca00005ad656fd8d93" would generate a
	paritition "/dev/mapper/3600a0b80005b10ca00005ad656fd8d93p1", while
	a device such as "/dev/mapper/3600a0b80005b10ca00005e115729093f" would
	generate a partition "/dev/mapper/3600a0b80005b10ca00005e115729093f1".
	The long number is the WWID of the device. It's also possible to assign
	an alias for a device mapper entry, that alias follows the same rules
	with respect to ending with a number or not when adding a "p" to create
	the target device path.

2016-05-11  John Ferlan  <jferlan@redhat.com>

	storage: Need to clear pool prior to calling the refreshPool
	Prior to calling the 'refreshPool' during CreatePool or UploadPool
	operations, we need to clear the pool; otherwise, the pool will
	have duplicated entries.

2016-05-11  John Ferlan  <jferlan@redhat.com>

	storage: Fix regression cloning volume into a logical pool
	https://bugzilla.redhat.com/show_bug.cgi?id=1318993

	Commit id 'dd519a294' caused a regression cloning a volume into a
	logical pool by removing just the 'allocation' adjustment during
	storageVolCreateXMLFrom. Combined with the change to not require the
	new volume input XML to have a capacity listed (commit id 'e3f1d2a8')
	left the possibility that a zero allocation value (e.g., not provided)
	would create a thin/sparse logical volume. When a thin lv becomes fully
	populated, then LVM sets the partition 'inactive' and the subsequent
	fdatasync() fails.

	Add a new 'has_allocation' flag to be set at XML parse time to indicate
	that allocation was provided. This is done so that if it's not provided
	the create-from code uses the capacity value since we document that if
	omitted, the volume will be fully allocated at time of creation.

	For a logical backend, that creation time is 'createVol', while for a
	file backend, creation doesn't set the size, but the 'createRaw' called
	during buildVolFrom will decide whether the file is sparse or not based
	on the provided capacity and allocation value.

	For volume clones that provide different allocation and capacity values
	to allow for sparse files, there is no change.

2016-05-11  Erik Skultety  <eskultet@redhat.com>

	headers: Remove unnecessary keyword extern from function declaration
	Usage of this keyword in front of function declaration that is exported via a
	header file is unnecessary, since internally, this has been the default for most
	compilers for quite some time.

2016-05-10  Laine Stump  <laine@laine.org>

	conf: log error when incorrect PCI root controller is added to domain
	libvirt may automatically add a pci-root or pcie-root controller to a
	domain, depending on the arch/machinetype, and it hopefully always
	makes the right decision about which to add (since in all cases these
	controllers are an implicit part of the virtual machine).

	But it's always possible that someone will create a config that
	explicitly supplies the wrong type of PCI controller for the selected
	machinetype. In the past that would lead to an error later when
	libvirt was trying to assign addresses to other devices, for example:

	  XML error: PCI bus is not compatible with the device at
	  0000:00:02.0. Device requires a PCI Express slot, which is not
	  provided by bus 0000:00

	(that's the error message that appears if you replace the pcie-root
	controller in a Q35 domain with a pci-root controller).

	This patch adds a check at the same place that the implicit
	controllers are added (to ensure that the same logic is used to check
	which type of pci root is correct). If a pci controller with index='0'
	is already present, we verify that it is of the model that we would
	have otherwise added automatically; if not, an error is logged:

	  The PCI controller with index='0' must be " model='pcie-root' for
	  this machine type, " but model='pci-root' was found instead.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004602

2016-05-10  Laine Stump  <laine@laine.org>

	conf: make virDomainDefAddController() public
	This will be needed by the qemu driver in an upcoming patch.

2016-05-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: support migration stream V2 in migration
	Similar to "support Xen migration stream V2 in save/restore",
	add support for indicating the migration stream version in
	the migration code. To accomplish this, add a minimal migration
	cookie in the libxl driver that is passed between source and
	destination hosts. Initially, the cookie is only used in
	the Begin and Prepare phases of migration to communicate the
	version of the migration stream produced by the source.

2016-05-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: support Xen migration stream V2 in save/restore
	Xen 4.6 introduced a new migration stream commonly referred to as
	"migration V2". Xen 4.6 and newer always produce this new stream,
	whereas Xen 4.5 and older always produce the legacy stream.
	Support for migration stream V2 can be detected at build time with
	LIBXL_HAVE_SRM_V2 from libxl.h. The legacy and V2 streams are not
	compatible, but a V2 host can accept and convert a legacy stream.

	Commit e7440656 changed the libxl driver to use the lowest libxl
	API version possible (version 0x040200) to ensure the driver
	builds against older Xen releases. The old 4.2 restore API does
	not support specifying a stream version and assumes a legacy
	stream, even if the incoming stream is migration V2. Thinking it
	has been given a legacy stream, libxl will fail to convert an
	incoming stream that is already V2, which causes the entire
	restore operation to fail. Xen's libvirt-related OSSTest has been
	failing since commit e7440656 landed in libvirt.git master. One
	of the more recent failures can be seen here

	http://lists.xenproject.org/archives/html/xen-devel/2016-05/msg00071.html

	This patch changes the call to libxl_domain_create_restore() to
	include the stream version if LIBXL_HAVE_SRM_V2 is defined. The
	version field of the libxlSavefileHeader struct is also updated
	to '2' when LIBXL_HAVE_SRM_V2 is defined, ensuring the stream
	version in the header matches the actual stream version produced
	by Xen. Along with bumping the libxl API requirement to 0x040400,
	this patch fixes save/restore on a migration V2 Xen host.

	Oddly, migration has never used the libxlSavefileHeader. It
	handles passing configuration in the Begin and Prepare phases,
	and then calls libxl directly to transfer domain state/memory
	in the Perform phase. A subsequent patch will add stream
	version handling in the Begin and Prepare phase handshaking,
	which will fix the migration related OSSTest failures.

2016-05-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: switch to using libxl_domain_create_restore from v4.4 API
	In LIBXL_API_VERSION 0x040400, the libxl_domain_create_restore API
	gained a parameter for specifying restore parameters. Switch to
	using version 0x040400, which will be useful in a subsequent commit
	to specify the Xen migration stream version when restoring.

2016-05-10  John Ferlan  <jferlan@redhat.com>

	docs: Fix disk "volume" description
	Missing a close single quote and a 'be' before used.

	qemu: Add extra checks for secret destroy API's
	Remove the possibility that a NULL hostdev->privateData or a
	disk->privateData could crash libvirtd by checking for NULL
	before dereferencing for the secinfo structure in the
	qemuDomainSecret{Disk|Hostdev}Destroy functions. The hostdevPriv
	could be NULL if qemuProcessNetworkPrepareDevices adds a new
	hostdev during virDomainNetGetActualHostdev that then gets
	inserted via virDomainHostdevInsert. The hostdevPriv was added
	by commit id '27726d8' and is currently only used by scsi hostdev.

2016-05-10  Laine Stump  <laine@laine.org>

	docs: fix version number in vlan tagging documentation
	My brain suffered a time warp and I got the version number wrong.

2016-05-10  Laine Stump  <laine@laine.org>

	util: set vlan tag for macvtap passthrough mode on SRIOV VFs
	SRIOV VFs used in macvtap passthrough mode can take advantage of the
	SRIOV card's transparent vlan tagging. All the code was there to set
	the vlan tag, and it has been used for SRIOV VFs used for hostdev
	interfaces for several years, but for some reason, the vlan tag for
	macvtap passthrough devices was stubbed out with a -1.

	This patch moves a bit of common validation down to a lower level
	(virNetDevReplaceNetConfig()) so it is shared by hostdev and macvtap
	modes, and updates the macvtap caller to actually send the vlan config
	instead of -1.

2016-05-10  Michal Privoznik  <mprivozn@redhat.com>

	seclabeltest: Update to use VIRT_TEST_MAIN
	Our tests should use either VIRT_TEST_MAIN() or
	VIRT_TEST_MAIN_PRELOAD() macros which create main() function and
	call the passed callback subsequently. This is important because
	the wrapper which calls the callback eventually does important
	stuff like setting logging based on env variables and such.

2016-05-10  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Introduce client-disconnect command
	Enable the client disconnect within virt-admin. Also, update the man page
	accordingly.

	admin: Introduce virAdmClientClose API
	Once we're able to list and identify all clients connected to a specific
	server, we can then support force-closing a connection. This patch introduces
	a simple API calling virNetServerClientClose on a specific client, which
	can be later extended easily, e.g. by sending an event once the client is
	disconnected successfully.

	admin: Remove flags checking from virAdmConnectOpen public API
	Unlike the previous commit, we do actually support one client-side only flag
	VIR_CONNECT_NO_ALIASES, so besides removing the check for flags this flag
	has to be masked out before sending a message to the daemon, otherwise it
	would trigger an error when checking flags on the daemon side.

	admin: Remove flags checking from public API entry points
	Due to compatibility reasons these should be checked on the server side.

2016-05-10  Pavel Hrdina  <phrdina@redhat.com>

	qemu_hotplug: fix checking graphics ports
	We cannot change ports for running domain and we should error out if
	autoport is enabled.

	qemu_process: merge graphics code into qemuProcessSetupGraphics

	graphics: generate fake ports also for tests

	qemu_process: separate graphics port reservation

2016-05-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	uml: only build on Linux

	configure: split out UML driver checks
	Move all the UML driver related routines into m4/virt-driver-uml.m4.

2016-05-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	conf: don't redefine virDomainCapsDeviceHostdev
	Commit 5ed235c6 added unnecessary redifinition of
	virDomainCapsDeviceHostdev in conf/domain_capabilities.h. This breaks
	build with clang 3.4:

	In file included from conf/domain_capabilities.c:25:
	conf/domain_capabilities.h:88:44: error: redefinition of typedef
	'virDomainCapsDeviceHostdev' is a C11 feature
	[-Werror,-Wtypedef-redefinition]
	typedef struct _virDomainCapsDeviceHostdev virDomainCapsDeviceHostdev;
	                                           ^
	conf/domain_capabilities.h:86:44: note: previous definition is here
	typedef struct _virDomainCapsDeviceHostdev virDomainCapsDeviceHostdev;

	So drop one of those.

2016-05-10  John Ferlan  <jferlan@redhat.com>

	conf: Fix error path in virNodeDevPCICapabilityParseXML
	If the call to virXPathNodeSet to set naddresses fails, Coverity notes
	that the subsequent VIR_ALLOC_N cannot have a negative value (well it
	probably wouldn't be negative per se).

2016-05-10  John Ferlan  <jferlan@redhat.com>

	admin: Clean up error path in adminServerListClients
	Coverity noted that in adminServerListClients if virNetServerGetClients
	returns a -1 into ret, then the call virObjectListFreeCount in cleanup
	will not be very happy.

	Adjust the code to skip the cleanup label and just return -1 if
	virNetServerGetClients fails.

2016-05-10  John Ferlan  <jferlan@redhat.com>

	Use virGetLastErrorMessage to avoid Coverity message
	Both instances use VIR_WARN() to print the error from a failed
	virDBusGetSystemBus() call.  Rather than use the virGetLastError
	and need to check for valid return err pointer, just use the
	virGetLastErrorMessage.

2016-05-09  Cole Robinson  <crobinso@redhat.com>

	qemu: command: unconditionally allow accel3d='no'
	This matches how we handle spice gl='no' even if spice GL isn't
	supported. Not too interesting in practice but I figure we should
	be consistent

2016-05-09  Cole Robinson  <crobinso@redhat.com>

	domaincaps: Report video modelType
	Requires adding the plumbing for <device><video>
	The value is <enum name='modelType'> to match the associated domain
	XML of <video><model type='XXX'/>

	Wire it up for qemu too

2016-05-09  Cole Robinson  <crobinso@redhat.com>

	domaincaps: Report graphics type enum
	Requires adding the plumbing for <device><graphics>
	Wire it up for qemu too

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	util: polkit: Fix polkit agent startup
	Commit 0b36b0e9 broke polkit agent startup when attempting to fix a
	coverity warning. Refactor it properly so that we don't need the 'cmd'
	intermediate variable.

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Don't treat unknown storage type as not having backing chain
	qemuDomainCheckDiskPresence has short-circuit code to skip the
	determination of the disk backing chain for storage formats that can't
	have backing volumes. The code treats VIR_STORAGE_FILE_NONE as not
	having backing chain and skips the call to qemuDomainDetermineDiskChain.

	This is wrong as qemuDomainDetermineDiskChain is responsible for storage
	format detection and has logic to determine the default type if format
	detection is disabled.

	This allows to storage passed via <disk type="volume"> to circumvent the
	enforcement to have correct storage format or that we shall default to
	format='raw', since we don't set the default type via the post parse
	callback for "volume" backed disks as the translation code could come up
	with a better guess.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1328003

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reject invalid block copy targets for <disk device='lun'>
	Extract the relevant parts of the existing checker and reuse them for
	blockcopy since copying to a non-block device creates an invalid
	configuration.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209802

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Remove unnecessary label in qemuCheckDiskConfig

	conf: Kill now unused virDomainDiskSourceIsBlockType

	qemu: command: Use more appropriate checking function for block devices
	In qemuCheckDiskConfig would now use virDomainDiskSourceIsBlockType just
	as a glorified version of virStorageSourceIsBlockLocal that reports
	error messages. Replace it with the latter including the message for
	clarity.

	qemu: Support <disk device='lun'> for iSCSI direct mapped volumes
	Commit c820fbff9fbfe1f2549a5b60967496587f8d8bfc added support for iSCSI
	disk as backing for <disk device='lun'>. We would not use it for a disk
	type="volume" with direct access mode which basically maps to direct
	iSCSI usage. Fix it by adding the storage source type accessor that
	resolves the volume type.

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	lxc: Fix wrong error message on disk hotplug
	Commit 36025c552 tried to improve error reporting for <disk type="lun">
	but reused the code in LXC which doesn't care about the actual disk
	type. The error messages would then contain a bogous hint that the
	config for the 'lun' device is invalid which might not be the case.

	Re-do the relevant portion of the commit with the original message.

2016-05-09  Peter Krempa  <pkrempa@redhat.com>

	util: Replace virDomainDiskSourceIsBlockType with a new helper
	For disks sources described by a libvirt volume we don't need to do a
	complicated check since virStorageTranslateDiskSourcePool already
	correctly determines the actual disk type.

	Replace the checks using a new accessor that does not open-code the
	whole logic.

2016-05-09  Michal Privoznik  <mprivozn@redhat.com>

	qemu_monitor_json: Follow refactor
	In 7884d089d2f I've started to refactor qemu_monitor_json.c.
	Thing is, it's current structure is nothing like the rest of our
	code. The @ret variable is rewritten all the time, if()-s are
	nested instead of using goto and so on.

2016-05-09  Nishith Shah  <nishithshah.2211@gmail.com>

	virsh: blkdeviotune: accept human readable values for bytes
	https://bugzilla.redhat.com/show_bug.cgi?id=885380

	Use vshCommandOptScaledInt instead of vshCommandOptULongLong so that
	values with suffixes can be passed when bytes are being passed along.
	Values for the iops parameters still need to be given in the absolute
	form as they are not bytes but numbers.

2016-05-06  Pavel Hrdina  <phrdina@redhat.com>

	genericxml2xml: add several graphics tests

	domain_conf: fix migration/managedsave with usb keyboard
	Commin 36785c7e refactored the code for input devices but introduced a
	bug where we removed all keyboard from migratable XML.  We have to
	remove only implicit keyboards like PS2 or XEN.

	qemu_hotplug: cleanup error messages in qemuDomainChangeGraphics

	qemu_process: handle port allocation for VNC the same way as for Spice

	qemu_process: move listen code out of qemuProcessSetupGraphics
	Move adding the config listen type=address if there is none in
	qemuProcessPrepareDomain and move check for multiple listens to
	qemuProcessStartValidate.

	graphics: use enums instead of int

2016-05-06  Michal Privoznik  <mprivozn@redhat.com>

	virCgroupValidateMachineGroup: Reflect change in CGroup struct naming
	Fron c3bd0019c0e on instead of creating the following path for
	cgroups:

	  /sys/fs/cgroupX/$name.libvirt-$driver

	we generate rather more verbose one:

	  /sys/fs/cgroupX/$driver-$id-$name.libvirt-$driver

	where $name is optional and included iff contains allowed chars.
	See original commit for more reasoning. Now, problem with the
	original commit is that we are unable to start any LXC domain
	after it. Because when starting LXC container, the CGroup layout
	is created by our lxc_controller process and then detected and
	validated by libvirtd. The validation is done by trying to match
	detected layout against all the possible patterns for cgroup
	paths that we've ever had. And the commit in question forgot to
	update this part of the code.

2016-05-06  Jiri Denemark  <jdenemar@redhat.com>

	domaincapstest: Add tests for QEMU 2.6

	qemucapabilitiestest: Add tests for aarch64 and ppc64le

	domaincapstest: Use default machine type

	qemucapabilitiestest: Rename *.caps to *.xml

	qemucapabilitiestest: Test all capabilities
	Enhance the test to cover all capabilities we probe for rather than
	testing the flags only.

	qemucapabilitiestest: Reorder flags in caps files
	The flags should follow the order in which they are defined in
	virQEMUCaps enum.

	qemucapabilitiestest: Reindent *.caps files

	qemucapabilitiestest: Uses consistent names
	In other tests we use "expected" and "actual" to refer to the expected
	outcome of the tested API and the result we got, respectively.

	qemu: Export caps cache APIs for tests

	qemu: Separate formatting from saving into caps cache
	We will need to use the formatter directly for testing QEMU capabilities
	code.

	qemucapabilitiestest: Prepare for testing non-x86_64 archs

	tests: Refactor domaincapstest
	The test was just a big mess passing callbacks and their data through
	data for another callback.

2016-05-05  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSecretIV
	Add the data structure and infrastructure to support an initialization
	vector (IV) secrets. The IV secret generation will need to have access
	to the domain private master key, so let's make sure the prepare disk
	and hostdev functions can accept that now.

	Anywhere that needs to make a decision over which secret type to use
	in order to fill in or use the IV secret has a switch added.

2016-05-05  John Ferlan  <jferlan@redhat.com>

	qemu: Separate network URI command building code
	Create helper API's in order to build the network URI as shortly we will
	be adding a new SecretInfo type

	qemu: Move qemuDomainSecretDestroy to qemuProcessLaunch
	Rather than need to call qemuDomainSecretDestroy after any call to
	qemuProcessLaunch, let's do the destroy in qemuProcessLaunch since
	that's where command line is eventually generated and processed. Once
	it's generated, we can clear out the secrets.

	qemu: Move qemuDomainSecretPrepare to qemuProcessPrepareDomain
	Commit id '40d8e2ba3' added the function to qemuProcessStart because
	in order to set up some secrets in the future we will need the master
	key. However, since the previous patch split the master key creation
	into two parts (create just the key and create the file), we can now
	call qemuDomainSecretPrepare from qemuProcessPrepareDomain since the
	file is not necessary.

2016-05-05  John Ferlan  <jferlan@redhat.com>

	qemu: Split out the master key create and write
	A recent review of related changes noted that we should split the creation
	(or generation) of the master key into the qemuProcessPrepareDomain and leave
	the writing of the master key for qemuProcessPrepareHost.

	Made the adjustment and modified some comments to functions that have
	changed calling parameters, but didn't change the intro doc.

2016-05-05  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust names of qemuDomainSecretInfoType enums
	From a review after push, add the "_TYPE" into the name.

	Also use qemuDomainSecretInfoType in the struct rather than int
	with the comment field containing the struct name

2016-05-05  Cole Robinson  <crobinso@redhat.com>

	rpc: use virNetMessageClearPayload in client
	This removes the opencoded payload freeing in the client, to use
	the shared virNetMessageClearPayload call. Two changes:

	- ClearPayload sets nfds=0, which fixes a potential crash if
	  an error path called virNetMessageFree/Clear on the message
	  after fds was free'd
	- We drop the inner loop VIR_FORCE_CLOSE... this may mean fds are
	  kept open a little bit longer if the call is blocking but in
	  practice I don't think it will have any effect

2016-05-05  Cole Robinson  <crobinso@redhat.com>

	rpc: Clear more in virNetMessageClearPayload
	Set all counters to 0. This doesn't impact current users, but
	future users will want this

	rpc: Add virNetMessageClearPayload
	Handles freeing the buffer and fds, but not the message details.
	Use it to drop some duplicate code.

2016-05-05  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerClientNewPostExecRestart: Avoid align problems
	I've noticed this while trying to compile libvirt on my arm box.

	  CC       rpc/libvirt_net_rpc_server_la-virnetserverclient.lo
	rpc/virnetserverclient.c: In function 'virNetServerClientNewPostExecRestart':
	rpc/virnetserverclient.c:516:45: error: cast increases required alignment of target type [-Werror=cast-align]
	                                             (long long *) &timestamp) < 0) {
	                                             ^
	cc1: all warnings being treated as errors

	Problem is, @timestap is defined as time_t which is 32 bits long,
	and we are typecasting it to long long which is 64bits long.
	Solution is to make @timestamp type of long long. At the same
	time, we can make @conn_time in _virNetServerClient struct long
	long too. There is no need for it to be type of time_t.

2016-05-05  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerClientNewPostExecRestart: Drop useless typecasts
	In this function, @id is defined as unsigned long long. When
	passing this variable to virJSONValueObjectGetNumberUlong(),
	well address of this variable, it's typecasted to ull*. There
	is no need for that. It's a same story with @nrequests_max.

2016-05-05  Jiri Denemark  <jdenemar@redhat.com>

	Add qemucapsprobe in .gitignore

2016-05-05  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add qemucapsprobe helper
	Adding new *.replies files for qemucapabilitiestest or updating the
	files when libvirt adds an additional QMP command into the probing
	process is quite painful. The goal of the new qemucapsprobe command is
	to make this process as easy as

	    tests/qemucapsprobe /path/to/qemu/binary >caps.replies

2016-05-05  Jiri Denemark  <jdenemar@redhat.com>

	virjson: Make pretty format more compact
	json_reformat uses two spaces for when indenting nested objects, let's
	do the same. The result of virJSONValueToString will be exactly the same
	as json_reformat would produce.

	qemu: Make qemuMonitorJSONIOProcessLine available for tests

	qemu: Make virQEMUCapsNewForBinary usable from tests
	virQEMUCapsNewForBinary unconditionally loads data from cache and probes
	using both QMP and -help parsing, which is suboptimal when we want to
	use it in tests.

	tests: Decouple preload code from main()
	The new VIRT_TEST_PRELOAD macro does not force the caller to create a
	special main function which would need to be called through
	virtTestMain().

2016-05-05  Jiri Denemark  <jdenemar@redhat.com>

	tests: Create a shared library with qemu driver
	Currently all qemu driver tests are statically linked to qemu driver
	library, which makes it impossible to mock any API from the library.
	This patch creates a shared qemu driver library which can be used
	instead of the static one.

	NB we can't use libvirt_driver_qemu.so directly since it is linked with
	-module and it is supposed to be dlopened.

2016-05-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement domainShutdown
	Bhyve supports ACPI shutdown by issuing SIGTERM signal to a bhyve
	process.

	Add the bhyveDomainShutdown() function and virBhyveProcessShutdown()
	helper function that just sends SIGTERM to VM's bhyve process. If
	a guest supports ACPI shutdown then process will be terminated and
	this event will be noticed by the bhyve monitor code that will handle
	setting proper status and clean up VM's resources by calling
	virBhyveProcessStop().

2016-05-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: drop virProcessKillPainfully() from destroy
	Current implementation of domainDestroy for bhyve calls
	virProcessKillPainfully() for the bhyve process and then
	executes "bhyvectl --destroy".

	This is wrong for two reasons:

	 * bhyvectl --destroy alone is sufficient because it terminates
	   the process
	 * virProcessKillPainfully() first sends SIGTERM and after few
	   attempts sends SIGKILL. As SIGTERM triggers ACPI shutdown that
	   we're not interested in, it creates an unwanted side effect in
	   domainDestroy.

	Also, destroy monitor only after "bhyvectl --destroy" command succeeded
	to avoid a case when the command fails and domain remains running, but
	not being monitored anymore.

2016-05-04  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit build of admin
	We can't guarantee which 64-bit type will be used in an RPC struct;
	while %lu worked on 64-bit Linux, that won't always be the type
	used on all 64-bit platforms; and certainly is not right for 32-bit:

	admin.c: In function 'adminDispatchClientGetInfo':
	admin.c:265:25: error: format '%lu' expects argument of type 'long unsigned int', but argument 7 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=]

2016-05-04  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: Pass the correct live/config xml to virshDomainDetachInterface.
	cmdDetachInterface function checks for live config
	flags and then passes the live/config domain xml
	to virshDomainDetachInterface accordingly.

	virsh: Introduce virshDomainDetachInterface function
	virshDomainDetachInterface handles virsh interface
	detach from the specified live/config domain xml.

2016-05-04  Erik Skultety  <eskultet@redhat.com>

	admin: Add a check to reject negative argument for number of typed params
	Since nparams can be technically negative, it is a good practice throughout
	our code to check if nparams actually has a non-negative value. The same effect
	would be achieved by converting our internal typed params serializer argument
	to 'unsigned' type, but it definitely would not be the path of least resistance.

2016-05-04  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	tools: virt-host-validate: HW virt support on s390
	Extend the detection of hardware virtualization to the s390 platform.

	tools: virt-host-validate: improve error handling
	When virHostValidateCPUFlag returns NULL, that's more an unexpected
	error than the sign of missing CPU flags. Let's react to this
	appropriately.

	tools: virt-host-validate: fix CPU flag detection
	Let's fix CPU flag detection on s390, where the flags line begins with
	a lower-case 'features'.

	tools: virt-host-validate: fix missing translation marker
	Fix a minor typo.

2016-05-04  John Ferlan  <jferlan@redhat.com>

	qemu: Add 'iothread' to command line for supported controller
	https://bugzilla.redhat.com/show_bug.cgi?id=1286709

	Now that we have all the pieces in place, we can add the 'iothread=#' to
	the command line for the (two) controllers that support it (virtio-scsi-pci
	and virtio-scsi-ccw). Add the tests as well...

2016-05-04  John Ferlan  <jferlan@redhat.com>

	qemu: Use switch for qemuCheckIOThreads
	Rather than an if statement, use a switch.

	The switch will also catch the illegal usage of 'iothread' with some other
	kind of unsupported bus configuration.

2016-05-04  John Ferlan  <jferlan@redhat.com>

	conf: Add support for virtio-scsi iothreads
	Add the ability to add an 'iothread' to the controller which will be how
	virtio-scsi-pci and virtio-scsi-ccw iothreads have been implemented in qemu.

	Describe the new functionality and add tests to parse/validate that the
	new attribute can be added.

2016-05-04  Daniel P. Berrange  <berrange@redhat.com>

	Pull latest translations from zanata

2016-05-04  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec: remove duplicate files from -docs package
	Previous commit moved some lists out of the -devel package
	and into the -docs package

	  commit feffcc03a0d3690dcffd860682dcbaa61d726b39
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Wed Apr 13 10:37:42 2016 -0400

	    spec: Only pull in API docs with -devel package

	What was not realized is that the rule 'libvirt-docs/*'
	and ' docs/*.html docs/html docs/*.gif' actually point
	to the exact same content. ie, we had previously included
	the website HTML in *both* the -docs and -devel packages.

	So this change ended up listing the files twice, which
	caused RPM to print a load of warnings:

	warning: File listed twice: /usr/share/doc/libvirt-docs/html
	warning: File listed twice: /usr/share/doc/libvirt-docs/html/32favicon.png
	warning: File listed twice: /usr/share/doc/libvirt-docs/html/404.html
	warning: File listed twice: /usr/share/doc/libvirt-docs/html/acl.html
	warning: File listed twice: /usr/share/doc/libvirt-docs/html/aclpolkit.html

2016-05-04  Peter Krempa  <pkrempa@redhat.com>

	virsh: volume: Add --bytes to 'vol-info'

2016-05-04  Erik Skultety  <eskultet@redhat.com>

	daemon: Add VIR_ERR_NO_SERVER and VIR_ERR_NO_CLIENT to daemonErrorLogFilter
	Commits 52a2eef9 and 62be5486 forgot to add these errors to daemon's error
	whitelist, i.e. in order to avoid log file pollution with errors like "Domain
	not found" or "Server not found" in this case, since these events are valid
	and expected to occur.

2016-05-03  John Ferlan  <jferlan@redhat.com>

	conf: Move virDomainControllerModelTypeToString
	Move virDomainControllerModelTypeToString closer to it's counterpart
	virDomainControllerModelTypeFromString.

	docs: Reformat the Controllers description
	Reformat to use <dt> elements to make it a bit easier to read.

	docs: clarify disk iothread support
	Rather than be specific about which devices in the <iothreads> description,
	let's leave that for the <disk> description for it's <iothread> value.

2016-05-03  John Ferlan  <jferlan@redhat.com>

	qemu: Add capability for virtio-scsi iothreads
	An iothread for virtio-scsi is a property of the controller. Add a lookup
	of the 'virtio-scsi-pci' and 'virtio-scsi-ccw' device properties and parse
	the output.  For both, support for the iothread was added in qemu 2.4
	while support for virtio-scsi in general was added in qemu 1.4.

	Modify the various mock capabilities replies (by hand) to reflect the
	when virtio-scsi was supported and then specifically when the iothread
	property was added. For versions prior to 1.4, use the no device error
	return for virtio-scsi. For versions 1.4 to before 2.4, add some data
	for virtio-scsi-pci even though it isn't complete we're not looking for
	anything specific there anyway. For 2.4 to 2.6, add a more complete reply.

2016-05-03  Andrea Bolognani  <abologna@redhat.com>

	spec: Rename %{init_scripts} -> %{with_init_script}
	The convention used throughout the file is to name variables after
	the configure option they refer to.

	spec: Type --with-init-script correctly
	Mixing dashes and underscores in configure options apparently
	works fine, but it's confusing and just plain ugly.

2016-05-03  Andrea Bolognani  <abologna@redhat.com>

	configure: Remove nested conditionals in LIBVIRT_CHECK_INIT_SCRIPT
	We don't need them any longer; moreover, the previous structure
	made it very easy for bugs to slip in, by having the result of one
	check influence the following one.

	By placing the check for "$with_init_script" = check front and
	center, hopefully this won't happen (as easily) again.

2016-05-03  Andrea Bolognani  <abologna@redhat.com>

	configure: Change RHEL default from systemd+redhat to systemd
	We don't want to install legacy init scripts on modern,
	systemd-native hosts.

	maint: Ignore all .init, .service and .socket files
	All files with those extensions are generated, so we can have
	three generic rules instead of explicitly ignoring every single
	instance.

2016-05-03  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Introduce command client-info
	Wire-up the client identity getter into virt-admin tool. This patch adjusts
	man-page accordingly.

	admin: Introduce virAdmClientGetInfo API
	Expose a public API to retrieve some identity and connection information about
	a client connected to the specified server on daemon. The identity info
	retrieved is mostly connection transport dependent, i.e. there won't be any
	socket address returned for a local (UNIX socket) connection, while on the
	other hand, when connected through TLS or unencrypted TCP, obviously no UNIX
	process identification will be present in the returned data. All supported
	values that can be returned in typed params are exposed and documented in
	include/libvirt/libvirt-admin.h

	virnetserverclient: Add an internal method to retrieve client's identity
	This method just aggregates various client object attributes, like socket
	address, connection type (RO/RW), and some TCP/TLS/UNIX identity in an atomic
	manner.

	virneserverclient: Introduce virNetServerClientHasSASLSession
	We do have a similar method, serving the same purpose, for TLS, but we lack
	one for SASL. So introduce one, in order for other modules to be able to find
	out, if a SASL session is active, or better said, that a SASL session exists
	at all.

2016-05-03  Erik Skultety  <eskultet@redhat.com>

	virnetsocket: Provide socket address format in a more standard form
	Our socket address format is in a rather non-standard format and that is
	because sasl library requires the IP address and service to be delimited by a
	semicolon. The string form is a completely internal matter, however once the
	admin interfaces to retrieve client identity information are merged, we should
	return the socket address string in a common format, e.g. format defined by
	URI rfc-3986, i.e. the IP address and service are delimited by a colon and
	in case of an IPv6 address, square brackets are added:

	Examples:
	    127.0.0.1:1234
	    [::1]:1234

	This patch changes our default format to the one described above, while adding
	separate methods to request the non-standard SASL format using semicolon as a
	delimiter.

2016-05-03  Erik Skultety  <eskultet@redhat.com>

	admin: include: Introduce some client's identity related typed params macros
	This patch could easily be squashed with the virAdmClientGetInfo method
	introduced later one, but the idea was to split the logic to as many preferably
	independent patches as possible. As the subject hints, this patch defines
	some public typed params-related macros used within virAdmClientGetInfo
	method. The thing is, there's one identity attribute missing in the set --
	SELinux context, which libvirt internally supports in virIdentity, but it
	doesn't seem to do much (or anything at all), so there's some room to extend
	the set in the future.

	admin: Introduce virAdmServerLookupClient
	Just like with server-related APIs, before any of client-based APIs can be
	called, a reference to a client-side client object needs to be obtained. For
	this purpose, a lookup method should exist. Apart from the client retrieval
	logic, a new error code for non-existent client had to be added as well.

2016-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu_monitor_json: Follow our coding style
	In majority of our functions we have this variable @ret that is
	overwritten a lot. In other areas of the code we use 'goto
	cleanup;' just so that this wouldn't happen. But here.

2016-05-03  Andrea Bolognani  <abologna@redhat.com>

	maint: Don't ignore libvirtd.pod any longer
	Starting from commit 5b479f3b5b82, libvirtd.pod is a source file
	rather than a generated file. Update ignore patterns accordingly.

2016-05-03  Cole Robinson  <crobinso@redhat.com>

	gitignore: ignore virt(log|lock)d.(service|socket)

2016-05-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	daemon: add option to read host uuid from /etc/machine-id
	Daemon config parameter switch between reading host uuid
	either from smbios or machine-id:

	host_uuid_source = "smbios|machine-id"

2016-05-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	util: factor out reading file into preallocated buffer

2016-05-03  Cole Robinson  <crobinso@redhat.com>

	qemu: support configuring usb3 controller port count
	This adds a ports= attribute to usb controller XML, like

	  <controller type='usb' model='nec-xhci' ports='8'/>

	This maps to:

	  qemu -device nec-usb-xhci,p2=8,p3=8

	Meaning, 8 ports that support both usb2 and usb3 devices. Gerd
	suggested to just expose them as one knob.

	https://bugzilla.redhat.com/show_bug.cgi?id=1271408

2016-05-03  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: introduce QEMU_CAPS_NEC_USB_XHCI_PORTS
	Reports whether we support -device nec-usb-xhci,p3=XXX value,
	which has been available since qemu 1.3.0

	qemu: parse: Use virControllerDefNew
	Rather than reimplement it. This will be needed in upcoming patches

2016-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu_monitor_json: Drop redundant checks
	In these functions I'm fixing here, we do call
	qemuMonitorJSONCheckError() followed by another check if qemu
	reply contains 'return' object. If it wouldn't, the former
	CheckError() function would error out and the flow would not even
	get to the latter.

2016-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorJSONQueryRxFilter: Validate qemu reply prior parsing it
	Usually, the flow in this area of the code is as follows:

	qemuMonitorJSONMakeCommand()
	qemuMonitorJSONCommand()
	qemuMonitorJSONCheckError()
	parseReply()

	But in this function, for some reasons, the last two steps were
	swapped. This makes no sense.

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Remove useless os.machine NULL check
	In qemuDomainDefAddDefaultDevices we check for a non-NULL
	def->os.machine for x86 archs, but not the others.

	Moreover, the only caller - qemuDomainDefPostParse
	already checks for it and even then it can happen only
	if /etc/libvirt contains an XML without a machine type.

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Introduce qemuDomainMachineIsVirt
	Use it everywhere except for virQEMUCapsFillDomainFeatureGICCaps.

	Rewrite the condition in qemuDomainAssignARMVirtioMMIOAddresses
	It was not indented correctly.

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Remove useless variable in qemuDomainAssignAddresses
	We do not need to propagate the exact return values
	and the only possible ones are 0 and -1 anyway.

	Remove the temporary variable and use the usual pattern:

	if (f() < 0)
	    return -1;

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Return void in qemuDomainAssignARMVirtioMMIOAddresses
	This function does not fail and it does not need to return anything.

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Invert condition in qemuDomainDefAddDefaultDevices
	For all the other machine types, we use a positive condition.

	Be more positive and use it for i440fx too.

2016-05-03  Ján Tomko  <jtomko@redhat.com>

	Use qemuDomainMachineIs helpers when adding default devices
	Do not duplicate the string comparisons by writing them twice.

2016-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Refresh RTC adjustment on qemuProcessReconnect
	https://bugzilla.redhat.com/show_bug.cgi?id=1139766

	Thing is, for some reasons you can have your domain's RTC to be
	in something different than UTC. More weirdly, it's not only time
	zone what you can shift it of, but an arbitrary value. So, if
	domain is configured that way, libvirt will correctly put it onto
	qemu cmd line and moreover track it as this offset changes during
	domain's life time (e.g. because guest OS decides the best thing
	to do is set new time to RTC). Anyway, they way in which this
	tracking is implemented is events. But we've got a problem if
	change in guest's RTC occurs and the daemon is not running. The
	event is lost and we end up reporting invalid value in domain
	XML. Therefore, when the daemon is starting up again and it is
	reconnecting to all running domains, re-fetch their RTC so the
	correct offset value can be computed.

2016-05-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce qemuMonitorGetRTCTime

2016-05-03  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Introduce srv-clients-list command
	Wire-up the public client listing API. Along with this change, a private time
	simple conversion method to interpret client's timestamp obtained from server
	has been added as well. Format used to for time output is as follows:
	YYYY-mm-DD HH:MM:SS+ZZZZ.

	Although libvirt exposes methods time-related methods through virtime.h
	internally, it utilizes millisecond precision which we don't need in this case,
	especially when connection timestamps use precision to seconds only.
	This is just a convenience int to string conversion method.

	To reflect the new API, man page has been adjusted accordingly.

2016-05-03  Erik Skultety  <eskultet@redhat.com>

	admin: Introduce listing clients
	Finally add public method to retrieve the list of currently connected clients
	to a given server.

	rpc: virnetserverclient: Implement client connection transport retrieval
	Although we document 6 types of transport that we support, internally we can
	only differentiate between TCP, TLS, and UNIX transports only, since both SSH
	and libssh2 transports, due to using netcat, behave in the exactly the same
	way as a UNIX socket.

2016-05-02  Erik Skultety  <eskultet@redhat.com>

	include: admin: export connection transport constants
	We have to expose some constants, in order for the client object transport
	field to make sense.

	rpc: virnetserver: Support retrieval of a list of clients
	For now, the list copy is done simply by locking the whole server, walking the
	original and increasing the refcount on each object. We may want to change
	the list to a lockable object (like list of domains) later in the future if
	we discover some performance issues related to locking the whole server in
	order to walk the whole list of clients, possibly issuing some 'ForEach'
	callback.

	rpc: gendispatch: Tune it to support client structure
	Now that libvirt-admin supports another client-side object and provided that
	we want to generate as many both client-side and server-side RPC dispatchers,
	support for this needs to be added to gendispatch.

	admin: Introduce virAdmClient client-side object
	Besides ID, the object also stores static data like connection transport and
	connection timestamp, since once obtained a list of all clients connected to a
	server, from user's perspective, it would be nice to know whether a given
	client is remote or local only and when did it connect to the daemon.
	Along with the object introduction, all necessary client-side methods necessary
	to work with the object are added as well.

	rpc: virnetserverclient: Introduce new attribute conn_time to client
	Besides ID, libvirt should provide several parameters to help the user
	distinguish two clients from each other. One of them is the connection
	timestamp. This patch also adds a testcase for proper JSON formatting of the
	new attribute too (proper formatting of older clients that did not support
	this attribute yet is included in the existing tests) - in order to
	testGenerateJSON to work, a mock of time_t time(time_t *timer) needed to be
	created.

	rpc: virnetserverclient: Identify clients by an integer ID
	Admin API needs a way of addressing specific clients. Unlike servers, which we
	are happy to address by names both because its name reflects its purpose (to
	some extent) and we only have two of them (so far), naming clients doesn't make
	any sense, since a) each client is an anonymous, i.e. not recognized after a
	disconnect followed by a reconnect, b) we can't predict what kind of requests
	it's going to send to daemon, and c) the are loads of them comming and going,
	so the only viable option is to use an ID which is of a reasonably wide data
	type.

2016-05-02  Andrea Bolognani  <abologna@redhat.com>

	configure: Introduce LIBVIRT_{CHECK,RESULT}_INIT_SCRIPT
	Move the code dealing with init scripts to a separate file
	so configure.ac itself can be a little bit smaller.

2016-05-02  Andrea Bolognani  <abologna@redhat.com>

	configure: Add systemd detection to --with-init-script=check
	Most distributions, including RHEL, have switched to systemd,
	so we should detect it and act accordingly. This also means
	that 'systemd+redhat' should be preferred to legacy 'redhat'.

	Our witness for the check is the availability of the systemctl
	command on the host.

2016-05-02  Andrea Bolognani  <abologna@redhat.com>

	configure: Improve --with-init-script=check
	If we didn't find a match, either because we're cross compiling
	or because we're not building on RHEL, we won't install any
	init script.

	Make sure this is reported correctly in the configure summary.

2016-05-02  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	tests: add tests for panic device model s390

	qemu: add default panic device to S390 guests
	This patch adds by default a panic device with model s390 to S390 guests.

2016-05-02  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: add panic device support for S390
	If a panic device is being defined without a model in a domain
	the default value is always overwritten with model ISA. An ISA
	bus does not exist on S390 and therefore specifying a panic device
	results in an unsupported configuration.
	Since the S390 architecture inherently provides a crash detection
	capability the panic device should be defined in the domain xml.

	This patch adds an s390 panic device model and prevents setting a
	device address on it.

	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2016-05-02  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: merge S390 and S390X default device creation

	qemu: fix error message for default panic device
	Adding the default bus type ISA to the message.

	docs: align spelling of S390

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	fdstream: don't raise error on SIGPIPE if abort requested
	The iohelper dies on SIGPIPE if the stream is closed before all data
	is processed. IMO this should be an error condition for virStreamFinish
	according to docs like:

	  * This method is a synchronization point for all asynchronous
	  * errors, so if this returns a success code the application can
	  * be sure that all data has been successfully processed.

	However for virStreamAbort, not so much:

	  * Request that the in progress data transfer be cancelled
	  * abnormally before the end of the stream has been reached.
	  * For output streams this can be used to inform the driver
	  * that the stream is being terminated early. For input
	  * streams this can be used to inform the driver that it
	  * should stop sending data.

	Without this, virStreamAbort will realistically always error for
	active streams like domain console. So, treat the SIGPIPE case
	as non-fatal if abort is requested.

	Note, this will only affect an explicit user requested abort. An
	abnormal abort, like from a server error, always raises an error
	in the daemon.

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	daemon: stream: Don't force error when client aborts
	Every time a client aborts a stream via the virStreamAbort API,
	the daemon always logs an error like:

	  error : daemonStreamHandleAbort:617 : stream aborted at client request

	and that same error is returned to the client. Meaning virStreamAbort
	always returns -1, which seems strange.

	This reworks the error handling to only raise an error on virStreamAbort
	if the actual server side abort call raises an error. This is similar
	to how virStreamFinish works.

	If the abort code path is triggered by an unexpected message type
	then we continue to raise an unconditional error. Also drop a redundant
	VIR_WARN call there, since virReportError will raise a VIR_ERROR anyways

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	rpc: protocol: Clarify VIR_NET_ERROR usage with streams
	The described protocol semantics really only apply to server initiated
	stream messages. Document the semantics for client messages.

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	daemon: stream: set stream->closed on removal
	These are the only places where we don't set stream->closed when
	aborting the stream. This leads to spurious errors when the client
	hangs up unexpectedly:

	error : virFDStreamUpdateCallback:127 : internal error: stream is not open

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	daemon: stream: don't update events if stream->closed
	Calling virStreamFinish prematurely seems to trigger this code path
	even after the stream is closed, which ends up hitting this error
	message later:

	error : virFDStreamUpdateCallback:127 : internal error: stream is not open

	Skip this function if stream->closed, which is used in many other places
	like read/write handlers

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	daemon: stream: Close stream on send failure
	This is the only place in daemon/stream.c that sets
	'stream->closed = true' but neglects to actually abort the stream
	and remove the callback, which seems wrong.

	fdstream: Raise explicit error when iohelper gets SIGPIPE
	This happens when virStreamFinish/Abort are called, but iohelper
	still has data to process.

	fdstream: Report error with virProcessTranslateStatus
	Rather than poorly duplicate it

	fdstream: separate out virCommandPtr cleanup
	Let's us de-nest some of the logic, and will simplify upcoming
	patches

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	nwfilter: Save config to disk if we generated a UUID
	libvirt-daemon-config-nwfilter will put a bunch of xml configs
	into /etc/libvirt/nwfilter. These configs don't hardcode a UUID
	and depends on libvirt to generate one. However the generated UUID
	is never saved to disk, unless the user manually calls Define.

	This makes daemon reload quite noisy with many errors like:

	error : virNWFilterObjAssignDef:3101 : operation failed: filter 'allow-incoming-ipv4' already exists with uuid 50def3b5-48d6-46a3-b005-cc22df4e5c5c

	Because a new UUID is generated every time the config is read from
	disk, so libvirt constantly thinks it's finding a new nwfilter.

	Detect if we generated a UUID when the config file is loaded; if so,
	resave the new contents to disk to ensure the UUID is persisteny.

	This is similar to what was done in commit a47ae7c0 with virtual
	networks and generated MAC addresses

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	nwfilter: Push configFile building into LoadConfig
	This matches the pattern used for network object APIs, and we want
	configDir in LoadConfig for upcoming patches

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	nwfilter: Fix potential locking problems on ObjLoad failure
	In virNWFilterObjLoad we can still fail after virNWFilterObjAssignDef,
	but we don't unlock and free the created virNWFilterObjPtr in the
	cleanup path.

	The bit we are trying to do after AssignDef is just STRDUP in the
	configFile path. However caching the configFile in the NWFilterObj
	is largely redundant and doesn't follow the same pattern we use
	for domain and network objects.

	So just remove all the configFile caching which fixes the latent
	bug as a side effect.

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	network: Fix segfault on daemon reload
	We will segfault of a daemon reload picks up a new network config
	that needs to be autostarted. We shouldn't be passing NULL for
	network_driver here. This seems like it was missed in the larger
	rework in commit 1009a61e

2016-05-02  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	send default USB controller in xml to destination during migration
	The default USB controller is not sent to destination as the older versions
	of libvirt(0.9.4 or earlier as I see in commit log of 409b5f54) didn't
	support them. For some archs where the support started much later can
	safely send the USB controllers without this worry. So, send the controller
	to destination for all archs except x86. Moreover this is not very applicable
	to x86 as the USB controller has model ich9_ehci1 on q35 and for pc-i440fx,
	there cant be any slots before USB as it is fixed on slot 1.

	The patch fixes a bug that, if the USB controller happens to occupy
	a slot after disks/interfaces and one of them is hot-unplugged, then
	the default USB controller added on destination takes the smallest slot
	number and that would lead to savestate mismatch and migration
	failure. Seen and verified on PPC64.

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	conf: format runtime DAC seclabel, unless MIGRATABLE
	We historically format runtime seclabel selinux/apparmor values,
	however we skip formatting runtime DAC values. This was added in

	commit 990e46c4542349f838e001d30638872576c389e9
	Author: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
	Date:   Fri Aug 31 13:40:41 2012 +0200

	    conf: Avoid formatting auto-generated DAC labels

	to maintain migration compatibility with libvirt < 0.10.0.

	However the formatting was skipped unconditionally. Instead only
	skip formatting in the VIR_DOMAIN_DEF_FORMAT_MIGRATABLE case.

	https://bugzilla.redhat.com/show_bug.cgi?id=1215833

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	conf: storage: pool: reject name containing '/'
	Trying to define a pool name containing an embedded '/'
	will immediately fail when trying to write the XML to disk.
	This patch explicitly rejects names containing a '/'

	Besides our stateful driver, there are two other storage impls:
	esx and phyp. esx doesn't support pool creation, so this should
	doesn't apply.

	phyp does support pool creation, and the name is passed to the
	'mksp' tool, which google doesn't reveal whether it accepts '/'
	or not. IMO the likeliness of this impacting any users is near zero

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	conf: network: reject name containing '/'
	Trying to define a network name containing an embedded '/'
	will immediately fail when trying to write the XML to disk.
	This patch explicitly rejects names containing a '/'

	Besides the network bridge driver, the only other network
	implementation is a very thin one for virtualbox, which seems to
	use the network name as a host interface name, which won't
	accept '/' anyways, so I think this is fine to do unconitionally.

	https://bugzilla.redhat.com/show_bug.cgi?id=787604

2016-05-02  Cole Robinson  <crobinso@redhat.com>

	conf: domain: reject name containing '/'
	Trying to define a domain name containing an embedded '/'
	will immediately fail when trying to write the XML to disk for
	our stateful drivers. This patch explicitly rejects names
	containing a '/', and provides an xmlopt feature for drivers
	to avoid this validation check, which is enabled in every
	non-stateful driver that already has xmlopt handling wired up.

	(Technically this could reject a previously accepted vmname like
	 '/foo', however at least for the qemu driver that falls over
	 later when starting qemu)

	https://bugzilla.redhat.com/show_bug.cgi?id=639923

2016-05-02  Martin Kletzander  <mkletzan@redhat.com>

	conf: Parse more of our nodedev XML
	We were lacking tests that are checking for the completeness of our
	nodedev XMLs and also whether we output properly formatted ones.  This
	patch adds parsing for the capability elements inside the <capability
	type='pci'> element.  Also bunch of tests are added to show everything
	works properly.

	schemas: Update nodedev schema to match reality
	There were few things done in the nodedev code but we were lacking tests
	for it.  And because of that we missed that the schema was not updated
	either.  Fix the schema and add various test files to show the schema
	is correct.

	Move capability formatting together
	All sub-PCI capabilities should be next to each other for clarity.

	Change virDevicePCIAddress to virPCIDeviceAddress
	We had both and the only difference was that the latter also included
	information about multifunction setting.  The problem with that was that
	we couldn't use functions made for only one of the structs (e.g.
	parsing).  To consolidate those two structs, use the one in virpci.h,
	include that in domain_conf.h and add the multifunction member in it.

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: hotplug: Fix possible memory leak of props
	If we failed to build the aliases or attach the chardev, then the props
	would be leaked - fix that.

	qemu: hotplug: Adjust error path for attach hostdev scsi disk
	Adjust error path logic to make it clearer how to undo the failed add.

	qemu: hotplug: Adjust error path for attach virtio disk
	Adjust error path logic to make it clearer how to undo the failed add.

	qemu: hotplug: Adjust error path for attach scsi disk
	Adjust error path logic to make it clearer how to undo the failed add.

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: Use qemuDomainSecretInfoPtr in qemuBuildNetworkDriveURI
	Rather than take username and password as parameters, now take
	a qemuDomainSecretInfoPtr and decode within the function.

	NB: Having secinfo implies having the username for a plain type
	    from a successful virSecretGetSecretString

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSecretHostdevPrepare and Destroy
	Similar to the qemuDomainSecretDiskPrepare, generate the secret
	for the Hostdev's prior to call qemuProcessLaunch which calls
	qemuBuildCommandLine. Additionally, since the secret is not longer
	added as part of building the command, the hotplug code will need
	to make the call to add the secret in the hostdevPriv.

	Since this then is the last requirement to pass a virConnectPtr
	to qemuBuildCommandLine, we now can remove that as part of these
	changes. That removal has cascading effects through various callers.

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainHostdevPrivatePtr
	Modeled after the qemuDomainDiskPrivatePtr logic, create a privateData
	pointer in the _virDomainHostdevDef to allow storage of private data
	for a hypervisor in order to at least temporarily store auth/secrets
	data for usage during qemuBuildCommandLine.

	NB: Since the qemu_parse_command (qemuParseCommandLine) code is not
	expecting to restore the auth/secret data, there's no need to add
	code to handle this new structure there.

	Updated copyrights for modules touched. Some didn't have updates in a
	couple years even though changes have been made.

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSecretPrepare and Destroy
	Rather than needing to pass the conn parameter to various command
	line building API's, add qemuDomainSecretPrepare just prior to the
	qemuProcessLaunch which calls qemuBuilCommandLine. The function
	must be called after qemuProcessPrepareHost since it's expected
	to eventually need the domain masterKey generated during the prepare
	host call. Additionally, future patches may require device aliases
	(assigned during the prepare domain call) in order to associate
	the secret objects.

	The qemuDomainSecretDestroy is called after the qemuProcessLaunch
	finishes in order to clear and free memory used by the secrets
	that were recently prepared, so they are not kept around in memory
	too long.

	Placing the setup here is beneficial for future patches which will
	need the domain masterKey in order to generate an encrypted secret
	along with an initialization vector to be saved and passed (since
	the masterKey shouldn't be passed around).

	Finally, since the secret is not added during command line build,
	the hotplug code will need to get the secret into the private disk data.

2016-05-02  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainSecretInfo
	Introduce a new private structure to hold qemu domain auth/secret data.
	This will be stored in the qemuDomainDiskPrivate as a means to store the
	auth and fetched secret data rather than generating during building of
	the command line.

	The initial changes will handle the current username and secret values
	for rbd and iscsi disks (in their various forms). The rbd secret is
	stored as a base64 encoded value, while the iscsi secret is stored as
	a plain text value. Future changes will store encoded/encrypted secret
	data as well as an initialization vector needed to be given to qemu
	in order to decrypt the encoded password along with the domain masterKey.
	The inital assumption will be that VIR_DOMAIN_SECRET_INFO_PLAIN is
	being used.

	Although it's expected that the cleanup of the secret data will be
	done immediately after command line generation, reintroduce the object
	dispose function qemuDomainDiskPrivateDispose to handle removing
	memory associated with the structure for "normal" cleanup paths.

2016-05-02  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Adapt augeas profile to handle negative int values.
	Introducing keepalive_interval = -1 breaks to augeas lens. Fix the lens
	by allowing signed ints in the regular expression.

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Kill legacy PCI hotplug code

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachControllerDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainDetachNetDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainDetachHostPCIDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainDetachControllerDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainDetachVirtioDiskDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachHostPCIDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachNetDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachVirtioDiskDevice
	After killing one of the conditionals it's now guaranteed to have
	@drivealias populated when calling the monitor, so the code attempting
	to cleanup can be simplified.

	qemu: monitor: Kill legacy USB monitor code
	Code was obsoleted by using -device.

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachHostUSBDevice

	qemu: hotplug: Assume QEMU_CAPS_DEVICE in qemuDomainAttachUSBMassStorageDevice

	qemu: remove default case from few typecasted enums
	Commit 98c5c53d69b partially reverted the effort to use typecasted enums
	for compiler notification. Turn it back.

	qemu: process: Don't needlesly clear the perf events in qemuDomainPerfRestart
	At that point the perf events struct should not be allocated so there's
	no use in clearing it.

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Fix failure semantics for perf events
	For strange reasons if a perf event type was not supported or failed to
	be enabled at VM start libvirt would ignore the failure.

	On the other hand on restart if the event could not be re-enabled
	libvirt would fail to reconnect to the VM and kill it.

	Both don't make really sense. Fix it by failing to start the VM if the
	event is not supported and change the event to disabled if it can't be
	reconnected (unlikely).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329045

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	util: perf: Adhere to coding style of error checks in qemuDomainSetPerfEvents

	util: perf: Adhere to coding style of error checks in virPerfEventEnable

	util: perf: Use 'error' label in virPerfCmtEnable
	The label is used only for the error path, thus rename cleanup.

	qemu: perf: Don't ignore perf setup if allocation fails
	Reject the VM startup if the perf event structure can't be allocated.

	qemu: hotplug: Allow update of disk default snapshot location
	Since the field is internal to libvirt we can allow the users to modify
	it.

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Check few more fields for when changing disk source
	Both disk->src->shared and disk->src->readonly can't be modified when
	changing disk source for floppy and cdrom drives since both arguments
	are passed as arguments of the disk rather than the image in qemu.

	Historically these fields have only two possible values since they are
	represented as XML thus we need to ignore if user did not provide them
	and thus we are treating them as false.

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Fix error message in qemuDomainDiskChangeSupported
	disk->dst represents the <target> element in the XML.

	qemu: hotplug: Skip waiting for tray opening if qemu doesn't notify us
	If qemu doesn't support DEVICE_TRAY_MOVED event the code that attempts
	to change media would attempt to re-eject the tray even if it wouldn't
	be notified when the tray opened. Add a capability bit and skip retrying
	for old qemus.

2016-05-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refresh ejectable media tray state on VM start
	Empty floppy drives start with tray in "open" state and libvirt did not
	refresh it after startup. The code that inserts media into the tray then
	waited until the tray was open before inserting the media and thus
	floppies could not be inserted.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1326660

2016-05-02  Michal Privoznik  <mprivozn@redhat.com>

	virStream{Recv,Send}All: Increase client buffer
	These are wrappers over virStreamRecv and virStreamSend so that
	users have to care about nothing but writing data into / reading
	data from a sink (typically a file). Note, that these wrappers
	are used exclusively on client side as the daemon has slightly
	different approach. Anyway, the wrappers allocate this buffer and
	use it for intermediate data storage until the data is passed to
	stream to send, or to the client application. So far, we are
	using 64KB buffer. This is enough, but suboptimal because server
	can send messages up to VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX bytes
	big (262120B, roughly 256KB). So if we make the buffer this big,
	a single message containing the data is sent instead of four,
	which is current situation. This means lower overhead, because
	each message contains a header which needs to be processed, each
	message is processed roughly same amount of time regardless of
	its size, less bytes need to be sent through the wire, and so on.
	Note that since server will never sent us a stream message bigger
	than VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX there's no point in
	sizing up the client buffer past this threshold.

	virnetclientstream: Process stream messages later
	There are two functions on the client that handle incoming stream
	data.  The first one virNetClientStreamQueuePacket() is a low
	level function that just processes the incoming stream data from
	the socket and stores it into an internal structure. This happens
	in the client event loop therefore the shorter the callbacks are,
	the better. The second function virNetClientStreamRecvPacket()
	then handles copying data from internal structure into a client
	provided buffer.
	Change introduced in this commit makes just that: new queue for
	incoming stream packets is introduced. Then instead of copying
	data into intermediate internal buffer and then copying them into
	user buffer, incoming stream messages are queue into the queue
	and data is copied just once - in the upper layer function
	virNetClientStreamRecvPacket(). In the end, there's just one
	copying of data and therefore shorter event loop callback. This
	should boost the performance which has proven to be the case in
	my testing.

2016-05-02  Michal Privoznik  <mprivozn@redhat.com>

	Revert "rpc: Fix slow volume download (virsh vol-download)"
	This reverts commit d9c9e138f22c48626f719f880920e04c639e0177.

	Unfortunately, things are going to be handled differently so this
	commit must go.

2016-05-02  Martin Kletzander  <mkletzan@redhat.com>

	tools: Fix connect command
	The man page says: "(Re)-Connect to the hypervisor. When the shell is
	first started, this is automatically run with the URI parameter
	requested by the "-c" option on the command line."  However, if you run:

	  virsh -c 'test://default' 'connect; uri'

	the output will not be 'test://default'.  That's because the 'connect'
	command does not care about any virsh-only related settings and if it is
	run without parameters, it connects with @uri == NULL.  Not only that
	doesn't comply to what the man page describes, but it also doesn't make
	sense.  It also means you aren't able to reconnect to whatever you are
	connected currently.

	So let's fix that in both virsh and virt-admin add a test case for it.

2016-05-01  John Ferlan  <jferlan@redhat.com>

	Post-release version bump to 1.3.5

2016-05-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.4
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po* : regenerated

2016-04-30  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos in messages

2016-04-29  Laine Stump  <laine@laine.org>

	Revert "qemu domain allow to set ip address, peer address and route"
	This reverts commit 6e244c659fb004503fd2a94319dae8fa6fecf045, which
	added support to qemu for the "peer" attribute in domain interface <ip>
	elements.

	It's being removed temporarily for the release of libvirt 1.3.4
	because the feature doesn't work, and there are concerns that it may
	need to be modified in an externally visible manner which could create
	backward compatibility problems.

	 Conflicts:
	   tests/qemuxml2argvmock.c - a mock of virNetDevSetOnline() was added
	   which may be assumed by other tests added since the original commit,
	   so it isn't being reverted.

2016-04-29  Laine Stump  <laine@laine.org>

	Revert "lxc domain allow to set peer address"
	This reverts commit afee47d07c521b4bb10a12e253a29363d16ab8f0, which
	added support to lxc for the "peer" attribute in domain interface <ip>
	elements.

	It's being removed temporarily for the release of libvirt 1.3.4
	because the feature doesn't work, and there are concerns that it may
	need to be modified in an externally visible manner which could create
	backward compatibility problems.

2016-04-29  Laine Stump  <laine@laine.org>

	Revert "libvirt domain xml allow to set peer address"
	This reverts commit 690969af9ccdf9b2012b97af0462bae8e312c9c9, which
	added the domain config parts to support a "peer" attribute in domain
	interface <ip> elements.

	It's being removed temporarily for the release of libvirt 1.3.4
	because the feature doesn't work, and there are concerns that it may
	need to be modified in an externally visible manner which could create
	backward compatibility problems.

2016-04-29  Ben Gray  <ben.r.gray@gmail.com>

	rpc: Don't leak fd via CreateXMLWithFiles
	FD passing APIs like CreateXMLWithFiles or OpenGraphicsFD will leak
	file descriptors. The user passes in an fd, which is dup()'d in
	virNetClientProgramCall. The new fd is what is transfered to the
	server virNetClientIOWriteMessage.

	Once all the fds have been written though, the parent msg->fds list
	is immediately free'd, so the individual fds are never closed.

	This closes each FD as its send to the server, so all fds have been
	closed by the time msg->fds is free'd.

	https://bugzilla.redhat.com/show_bug.cgi?id=1159766

2016-04-28  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: fix disk enumeration
	If we want to delete all disks for container or vm
	we should make a loop from 0 to NumberOfDisks and always
	use zero index in PrlVmCfg_GetHardDisk to get disk handle.
	When we delete first disk after that numbers of other disks
	will be changed, start from 0 to NumberOfDisks-1.
	That's why we should always use zero index.

2016-04-28  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	virsh: Fix support for 64 migration options
	Add ULL suffix to all related operands of << or shift will give
	all zeros instead of correct mask.

2016-04-28  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Regenerate VNC socket paths
	Similarly to what commit 714080791778 did with some internal paths,
	clear vnc socket paths that were generated by us.  Having such path in
	the definition can cause trouble when restoring the domain.  The path is
	generated to the per-domain directory that contains the domain ID.
	However, that ID will be different upon restoration, so qemu won't be
	able to create that socket because the directory will not be prepared.

	To be able to migrate to older libvirt, skip formatting the socket path
	in migratable XML if it was autogenerated.  And mark it as autogenerated
	if it already exists and we're parsing live XML.

	Best viewed with '-C'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1326270

2016-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Error out if setting vcpu count would lead to invalid config
	When the domain definition describes a machine with NUMA, setting the
	maximum vCPU count via the API might lead to an invalid config.

	Add a check that will forbid this until we add more advanced cpu config
	capabilities.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1327499

2016-04-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: conf: Set default logging approach in virQEMUDriverConfigNew
	Instead of setting the default qemu stdio logging approach in
	virQEMUDriverConfigLoadFile set it in virQEMUDriverConfigNew so that
	it's properly set even when the config is not present.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325075

2016-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Shorten domain name for automatic coredump
	If the domain name is long enough, the timestamp can prolong the
	filename for automatic coredump to more than the filesystem's limit.
	Simply shorten it like we do in other places.  The timestamp helps with
	the unification, but having the ID in the name won't hurt.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1289363

2016-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Unify domain name shortening
	Add virDomainObjGetShortName() and use it.  For now that's used in one
	place, but we should expose it so that future patches can use it.

	qemu: Unref cfg in qemuDomainDefPostParse
	Introduced by commit 15ad2ecf114d.

2016-04-26  Cole Robinson  <crobinso@redhat.com>

	conf: Drop restrictions on rng backend path
	Currently we only allow /dev/random and /dev/hwrng as host input
	for <rng><backend model='random'/> device. This was added after
	various upstream discussions in commit 4932ef45

	However this restriction has generated quite a few complaints over
	the years, so a new discussion was initiated:

	http://www.redhat.com/archives/libvir-list/2016-April/msg00987.html

	Several people suggested removing the restriction, and nobody really
	spoke up to defend it. So this patch drops the path restriction
	entirely

	https://bugzilla.redhat.com/show_bug.cgi?id=1074464

2016-04-26  Cole Robinson  <crobinso@redhat.com>

	remote: Don't reject remote polkit if client lacks support
	If you compile a client --without-polkit, and connect to a URI that needs
	polkit auth, the connection will fail with:

	$ ./tools/virsh --connect qemu+ssh://crobinso@machine/system
	error: failed to connect to the hypervisor
	error: authentication failed: unsupported authentication type 2

	This is because the client side portion of the polkit handling is
	compiled out. However, nothing polkit specific is actually required
	of the client.

	Fix that error by unconditionally compiling the basic polkit client
	handling.

	https://bugzilla.redhat.com/show_bug.cgi?id=635529

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	spec: Use proper indentation
	Commit 1d4400082a02 added some code that was not indented properly
	and broke syntax-check. Fix it.

2016-04-26  Cole Robinson  <crobinso@redhat.com>

	spec: If installing default network, restart libvirtd
	If libvirt-daemon-config-network is installed while libvirtd is already
	running, the daemon doesn't notice the network. Users then have to
	manually restart libvirtd (or reboot) to pick up the network.

	Instead let's trigger a daemon restart when the package is first installed.
	Then the default network is available immediately if libvirtd was already
	running.

	https://bugzilla.redhat.com/show_bug.cgi?id=867546

2016-04-26  Cole Robinson  <crobinso@redhat.com>

	schema: Allow space character in disk vendor/product
	The hex range already tried to allow for it, but it wasn't using
	the correct XML hex syntax. Fix it, and test it

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	maint: Ignore all intermediate and generated man pages
	Since commit 9b77ce63f1d7 we create a .in file while building all
	man pages, including those in the tools/ directory; update the
	ignore patterns to take this change into account.

	The new ignore patterns are generic enough that we can get rid of
	a few existing ones as well.

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	apibuild: Fix method call

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	apibuild: Introduce app class
	All top-level functions have been moved to this class.

	On top of that, the app.warning() method has been defined,
	so that calls to it - already present in rebuild() - can
	actually succeed.

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	apibuild: Add index.warning() method
	This method is used in eg. index.merge(), but is not defined
	anywhere. The implementation has been copied from docBuilder.

2016-04-26  Andrea Bolognani  <abologna@redhat.com>

	docs: Pass relative paths to apibuild.py
	Since commit d195cffa2e1b, both $(srcdir) and $(abs_builddir)
	are passed to the apibuild.py script; however, since the
	former is a relative path and the latter an absolute one, the
	script might not be able to detect whether they point to the
	same location.

	Pass both as relative paths to avoid the issue.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Change virSecretDef variable names
	Change 'ephemeral' to 'isephemeral' and 'private' to 'isprivate' since
	both are bools.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjGetValue and virSecretObjGetValueSize
	Introduce the final accessor's to _virSecretObject data and move the
	structure from virsecretobj.h to virsecretobj.c

	The virSecretObjSetValue logic will handle setting both the secret
	value and the value_size. Some slight adjustments to the error path
	over what was in secretSetValue were made.

	Additionally, a slight logic change in secretGetValue where we'll
	check for the internalFlags and error out before checking for
	and erroring out for a NULL secret->value. That way, it won't be
	obvious to anyone that the secret value wasn't set rather they'll
	just know they cannot get the secret value since it's private.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObj{Get|Set}Def
	Introduce fetch and set accessor to the secretObj->def field for usage
	by the driver to avoid the driver needing to know the format of virSecretObj

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjSave{Config|Data}
	Move and rename the secretRewriteFile, secretSaveDef, and secretSaveValue
	from secret_driver to virsecretobj

	Need to make some slight adjustments since the secretSave* functions
	called secretEnsureDirectory, but otherwise mostly just a move of code.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjDelete{Config|Data}
	Move and rename secretDeleteSaved from secret_driver into virsecretobj and
	split it up into two parts since there is error path code that looks to
	just delete the secret data file

	secret: Move and rename secretLoadAllConfigs
	Move to secret_conf.c and rename to virSecretLoadAllConfigs. Also includes
	moving/renaming the supporting virSecretLoad, virSecretLoadValue, and
	virSecretLoadValidateUUID.

	secret: Use the hashed virSecretObjList
	This patch replaces most of the guts of secret_driver.c with recently
	added secret_conf.c APIs in order manage secret lists and objects
	using the hashed virSecretObjList* lookup API's.

	secret: Introduce virSecretObjListGetUUIDs
	Add function to return counted listed of uuids to from the hashed secrets
	object list. This will replace the guts of secretConnectListSecrets.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjListExport
	Add function to return a "match" filtered list of secret objects. This
	function replaces the guts of secretConnectListAllSecrets.

	Need to also move and make global virSecretUsageIDForDef since it'll
	be used by both secret_driver.c and secret_conf.c

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjListNumOfSecrets
	Add function to count the hashed secret obj list with filters. This
	will replace the guts of secret_driver's secretConnectNumOfSecrets.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjListAdd* and virSecretObjListRemove
	Add the functions to add/remove elements from the hashed secret obj list.
	These will replace secret_driver functions secretAssignDef and secretObjRemove.

	The virSecretObjListAddLocked will perform the necessary lookups and
	decide whether to replace an existing hash entry or create a new one.
	This includes setting up the configPath and base64Path as well as being
	able to support the caller's need to restore from a previous definition
	in case something goes wrong in the caller.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretUsageIDForDef
	Move the driver specific secretUsageIDForDef into secret_conf.c. It could
	be more of a general purpose API.

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretObjListFindBy{UUID|Usage} support
	New API's including unlocked and Locked versions in order to be able
	to use in either manner.

	Support for searching hash object lists instead of linked lists will
	replace existing secret_driver functions secretFindByUUID and
	secretFindByUsage

2016-04-25  John Ferlan  <jferlan@redhat.com>

	secret: Create virsecretobj.c and virsecretconf.h
	Move virSecretObj from secret_driver.c to virsecretobj.h

	To support being able to create a hashed secrets list, move the
	virSecretObj to virsecretobj.h so that the code can at least find
	the definition.

	This should be a temporary situation while the virsecretobj.c code
	is patched in order to support a hashed secret object while still
	having the linked list support in secret_driver.c. Eventually, the
	goal is to move the virSecretObj into virsecretobj.c, although it
	is notable that the existing model from which virSecretObj was
	derived has virDomainObj in src/conf/domain_conf.h and virNetworkObj
	in src/conf/network_conf.h, so virSecretObj wouldn't be unique if
	it were to remain in virsecretobj.h  Still adding accessors to fetch
	and store hashed object data will be the end goal.

	Add definitions and infrastucture in virsecretobj.c to create and
	handle a hashed virSecretObj and virSecretObjList including the class,
	object, lock setup, and disposal API's. Nothing will call these yet.

	This infrastructure will replace the forward linked list logic
	within the secret_driver, eventually.

2016-04-25  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Fix distcheck
	Our distcheck is broken. Well, it works but only by pure chance.
	When wireshark plugin is enabled, we try to query which path
	should the plugin be installed into. Firstly, we try to ask
	pkg-config as some releases of wireshark already sets
	corresponding variable in their pkg-config files. However, if we
	obtained no value from there we try to construct the path on our
	own. Based on our observations it usually is:
	$libdir/wireshark/plugins/$version/.
	Now, the problem is in the way we are deciding whether we have
	obtained the plugin directory from pkg-config or not. Simply
	said, we are checking wrong variable. The variable we are
	checking has never been set, thus in our test is empty and
	therefore we will always construct the plugin dir path on our
	own, regardless of its presence in the pkg-config file.
	To make things worse, after fixing this problem, VPATH build was
	broken as it now tried to install plugin into correct directory.
	Yes, this is problem, because --prefix was not honoured and
	everything but the plugin was installed into given prefix. I've
	managed to resolve this issue by replacing plugin dir prefix with
	our own. So when doing regular installation (our prefix ==
	wireshark prefix), nothing changes. When doing VPATH build &
	installation plugin is installed into correctly prefixed dir.

2016-04-25  Michal Privoznik  <mprivozn@redhat.com>

	tools: Introduce install-nss targets
	We do have something similar for installing init system files.
	Basically I'm trying to avoid the following warning produced by
	automake:

	tools/Makefile.am:429: warning: uninstall-local was already defined in condition TRUE, which includes condition WITH_BSD_NSS ...
	tools/Makefile.am:292: ... 'uninstall-local' previously defined here

2016-04-25  Michal Privoznik  <mprivozn@redhat.com>

	Makefile: Enable distuninstallcheck again
	This target has been disabled historically for whatever reason.
	Now that we do uninstall properly enable the test again.

	qemuProcessCreatePretendCmd: Rework FIPS handling
	This function - in contrast with qemuBuildCommandLine - merely
	constructs our internal command representation of a domain. This
	is then later compared against expected output. Or, this function
	is used also in virConnectDomainXMLToNative(). But due to a copy
	paste error this function, just like its image - has @forceFips
	argument that if enabled forces FIPS, otherwise mimics FIPS state
	in the host. If FIPS is enabled or forced the generated command
	line is different to state in which FIPS is disabled. Problem is,
	while this could be desired in the virConnectDomainXMLToNative()
	case, this is undesirable in the test suite as it will produce
	unpredicted results.
	Solution to this is to rename argument to @enableFips to
	specifically tell whether we expect command line to be build in
	either of fashions and make virConnectDomainXMLToNative()
	implementation fetch FIPS state and pass it to
	qemuProcessCreatePretendCmd().

2016-04-25  Laine Stump  <laine@laine.org>

	qemu: fix error log in qemuAssignPCIAddresses()
	This error message was too specific, based on the incorrect assumption
	that any error was cause by auto-added bridges:

	  failed to create PCI bridge on bus 2: too many devices
	  with fixed addresses

	In practice you can't know if a bridge with an index <= the bus it's
	connecting to was added automatically, or if it was a mistake in
	explicit config, and the auto-add problem is going to be dealt with in
	a different way in an upcoming patch. The new message is this:

	  PCI Controller at index 1 (0x01) has "
	  bus='0x02', but bus must be <= index

	(note that index is given in both decimal and hex because it is
	formatted as decimal in the XML, but bus is formatted as hex, and
	displaying the hex value of index makes it easier to see the problem
	when index > 9 (which will often be the case with PCIe, since most
	controllers only have a single port, not 32 slots as with standard
	PCI)).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1004593

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	man: Fix links
	Use L<> instead of C<> for URLs and man pages.

	man: Fix SYNOPSIS section
	Format the text properly.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	man: Fix NAME section
	podchecker(1) complained about these, eg.

	  *** WARNING: Verbatim paragraph in NAME section at line 3 in
	               file tools/virt-host-validate.pod

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Always ship virt-login-shell.conf
	No need to special-case this one: we can add it to EXTRA_DIST so
	that it will be shipped in any case, and if WITH_LOGIN_SHELL
	happens to be enabled we mark it for installation as well.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Replace variables in man pages
	We can't use eg. @sysconfdir@ directly in the .pod file, because
	pod2man(1) will interpret that as a variable name and format it
	accordingly.

	Instead, we use eg. SYSCONFDIR and use a subsequent sed(1) call
	to turn it into the expected @sysconfdir@.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Ensure intermediate files are cleaned up properly
	All $(MANINFILES) should be deleted on distclean.

	build: Group files
	Define $(PODFILES) and $(MANINFILES) so that adding a new man
	page only requires changes in a few, well defined spots.

	build: Never ship man pages
	The generated man pages may contain information that depend on
	the build configuration, so they should not be shipped but
	rather always built on the user's machine.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Standardize on .pod -> .x.in -> .x
	After this commit, all man pages are generated using the same two
	steps:

	  1. Process a source $command.pod file with pod2man(1) to obtain
	     a valid man page in $command.$section.in

	  2. Process $command.$section.in with sed(1) to obtain the final
	     man page in $command.$section

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Perform post-processing on all man pages
	Man pages in daemon/ and src/ are being already subjected to this
	post-processing step: make it so those in tools/ are as well.

	build: Build man pages in $(builddir)
	No file should be created inside $(srcdir) during build.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Extract pod from source files
	Instead of embedding the pod information inside the respective
	source files, store them in separate files.

	This allows us to reduce the number of custom build rules as
	most of the information can be inferred for the file name;
	moreover, text editors are more likely to use proper syntax
	highlighting for standalone pod files.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	build: Ship virt-admin.pod
	This is the source file for the virt-admin(1) manual page, so
	it should be shipped.

2016-04-25  Peter Krempa  <pkrempa@redhat.com>

	virsh: host: Use bitmap size in bytes rather than bit count
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329819

2016-04-25  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix off-by-one error in block I/O throttle messages
	QEMU_BLOCK_IOTUNE_MAX is the maximum inclusively, so let's modify the
	message so it makes sense.

	https://bugzilla.redhat.com/show_bug.cgi?id=1329041

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	docs: Fix some formatting oddities
	When describing attributes and elements, we mostly stick to
	a certain pattern; however, there are a few cases when the
	information is not presented in the usual way.

	Since there doesn't seem to be any reason not to follow the
	tried and true formula, rework those bits to fit the rest of
	the documentation.

2016-04-25  Andrea Bolognani  <abologna@redhat.com>

	syntax-check: Enforce <code> inside <dt> elements
	Commit 61b070cf20b5 cleaned up a number of cases where the <dt>
	element was used to document symbols, but the symbol itself was
	not inside a <code> element.

	To make sure we don't end up having to clean up again a few
	months from now, introduce a syntax-check rule that can spot
	such mistakes.

	All existing exceptions are marked as such, with either file
	or line granularity depending on the case.

2016-04-25  Peter Krempa  <pkrempa@redhat.com>

	docs: apibuild: Fix VPATH build
	libvirt-common.h is generated into builddir/include/libvirt. apibuild.py
	only operated on srcdir/inlcude/libvirt. With VPATH build
	srcdir/docs/libvirt-libvirt-common.html would not get generated and make
	RPM failed.

2016-04-23  Cole Robinson  <crobinso@redhat.com>

	tests: consistently source test-lib.sh in scripts
	This unifies the test scripts to all use the similar pattern added for
	schematests in ace4aecd. This gives the following

	- Enables running all tests from outside of tests/ dir
	- Drops redundant abs_* definitions, which are set by test-lib.sh
	- Drops unnecessary srcdir variable which was only used for sourcing
	    test-lib.sh

	Behavior changes:

	- srcdir can no longer be overwritten, but I don't know why anyone would
	    really need to...
	- Script VERBOSE setting no longer prints commands executed by test-lib.sh.
	    if anyone cares I suggest handling this in test-lib.sh which already
	    has other verbose style handling

2016-04-23  Cole Robinson  <crobinso@redhat.com>

	vbox: VIR_WARN if we don't support the API version
	We presently don't give any indication if the VirtualBox version
	isn't in our support whitelist.

	tests: remove 'reconnect' and 'statstest'
	These old tests expect to run against a real xen connection via
	xend running on the host. Our intentions for the test suite are
	that it doesn't require interacting with any specific host resources,
	so these don't really belong here.

2016-04-22  Laine Stump  <laine@laine.org>

	docs: remove *other* reference to igmp for IPv6
	This finishes the job started by commit 81f3839f8 - removing the
	erroneous reference to nonexistent "igmp-ipv6" protocol.

2016-04-22  John Ferlan  <jferlan@redhat.com>

	docs: Add bold style for <dt><code> elements
	Add bolding for <dt><code> elements to make them "stick out" on the
	page rather that just a stream of text where the elements only differ
	by slightly different font style.

2016-04-22  Andrea Bolognani  <abologna@redhat.com>

	docs: Use <code> inside <dt> for symbols
	Most of the time, the <dt> tag is used when providing
	documentation for a symbol; enclose symbols in <code> tags to
	style them appropriately.

2016-04-22  Peter Krempa  <pkrempa@redhat.com>

	docs: apibuild: Fix for python 2.6
	Ancient python didn't like the new list added in 99283874. Convert it to
	a dict.

2016-04-22  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Limit maximum block device I/O tune values
	The values are currently limited to LLONG_MAX which causes some
	problems.  QEMU conveniently changed their maximum to 1e15 (1 PB) which
	is enough for some time and we need to adapt to that so that we don't
	throw "Unknown error" messages.  Strictly limiting these values actually
	fixes some corner case values (off-by-one checks in QEMU probably).

	Since values out of the new specified range do not overflow anything,
	change the type of error as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1317531

2016-04-22  Cole Robinson  <crobinso@redhat.com>

	tests: rename test_conf -> virconftest
	And confdata to virconfdata, since 'conf' can mean a few different
	things in libvirt

	tests: consistently name virsh tests with 'virsh-' prefix

	tests: build: Remove duplicate libvirtd test list
	Store the test list in libvirtd_test_scripts, and use it where
	appropriate. This also fixes the fact that we didn't ship
	virsh-uriprecedence when libvirtd build is disabled.

2016-04-22  Cole Robinson  <crobinso@redhat.com>

	virconf: Handle conf file without ending newline
	$ echo -n 'log_level=1' > ~/.config/libvirt/libvirtd.conf
	$ libvirtd --timeout=10
	2014-10-10 10:30:56.394+0000: 6626: info : libvirt version: 1.1.3.6, package: 1.fc20 (Fedora Project, 2014-09-08-17:50:42, buildvm-05.phx2.fedoraproject.org)
	2014-10-10 10:30:56.394+0000: 6626: error : main:1261 : Can't load config file: configuration file syntax error: /home/rjones/.config/libvirt/libvirtd.conf:1: expecting a value: /home/rjones/.config/libvirt/libvirtd.conf

	Rather than try to fix this in the depths of the parser, just catch
	the case when a config file doesn't end in a newline, and manually
	append a newline to the content before parsing

	https://bugzilla.redhat.com/show_bug.cgi?id=1151409

2016-04-21  Laine Stump  <laine@laine.org>

	docs: remove reference to non-existent "igmp-ipv6" protocol
	IGMP is used on IPv4 networks tp setup multicast group memberships. On
	IPv6, this job is done by Multicast Listener Discovery (MLD), which
	uses ICMPv6 packets rather than its own IP protocol number like IGMP.

	The nwfilter documentation lists "igmp-ipv6" as one of the possible
	protocols, but this is ignored (and stripped from the xml). This patch
	removes that erroneous reference.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1038888

2016-04-21  Laine Stump  <laine@laine.org>

	network: fix DHCPv6 on networks with prefix != 64
	According to the dnsmasq manpage, the netmask for IPv4 address ranges
	will be auto-deteremined from the interface dnsmasq is listening on,
	but it can't do this for IPv6 for some reason - it instead assumes a
	network prefix of 64 for all IPv6 address ranges. If this is
	incorrect, dnsmasq will refuse to give out an address to clients,
	instead logging this message:

	 dnsmasq-dhcp[2380]: no address range available for DHCPv6 request via virbr0

	The solution is for libvirt to add ",$prefix" to all IPv6 dhcp-range
	arguments when building the dnsmasq.conf file.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1033739

2016-04-21  Peter Krempa  <pkrempa@redhat.com>

	conf: disk: extract validation of startup policy

	conf: disk: Extract checking of removable status

	conf: disk: Move validation of disk bus vs disk type

	conf: disk: extract sgio/rawio validation

	conf: disk: Don't bother setting removable state to 0 by default

	conf: disk: Initialize closed device tray state to 0
	Additionally avoid initializing it after being calloced.

	conf: disk: Extract disk type and device right away
	Additionally switch to using a common temp variable for the xml
	elements.

	conf: disk: Remove custom single-use temporary variables
	Use a single temporary variable instead shortening the code.

	conf: disk: Mark VIR_DOMAIN_DISK_IO_DEFAULT as 0 and simplify parsing

	conf: disk: Sanitize parsing of disk format

	conf: disk: Avoid temporary variable when parsing driver name

	conf: disk: Split out parsing of disk <driver> element

	conf: disk: Extract verification of disk config
	Rather than checking individual fields in dubious places extract them to
	a central point.

2016-04-21  Andrea Bolognani  <abologna@redhat.com>

	build: Fix default network generation on FreeBSD
	FreeBSD's sed(1) doesn't support using "\n" to insert a newline,
	so the installed default.xml file ends up containing a literal
	"n" between tags; to work around this problem, add a tr(1)
	invocation as suggested by the sed FAQ[1].

	[1] http://sed.sourceforge.net/sedfaq4.html (4.1 c)

2016-04-21  Michal Privoznik  <mprivozn@redhat.com>

	daemonStreamHandleRead: Rework to follow our coding pattern
	Usually, we have this 'if() goto cleanup;' pattern in our new
	code. It is going to be useful here too. Thing is, there was a
	memleak. If there has been an error in
	virNetServerProgramSendStreamError() or
	virNetServerProgramSendStreamData() created message was never
	freed.

	virNet{Client,Server}*Stream: Update comment
	After 434de30da545aea137 the status values are prefixed VIR_NET_
	rather than REMOTE_.

	daemon stream: Remove useless empty lines from header file

	daemon stream: Convert @tx in daemonClientStream to bool
	This structure item is used as pure boolean. There's no need to
	hold whole integer for it.

	daemon stream: Prefer bool over unsigned int var:1
	There is no need for doing that since we have a bool type.

	daemonClientStream: Use unsigned int to store stream @serial
	The stream serial number is the serial number of the RPC call
	that initiated a data transfer. And as such can never be
	negative. Moreover, when looking up internal state for a stream,
	the serial numbers are compared. But hey, the serial number in
	message header is unsigned too!

2016-04-21  Peter Krempa  <pkrempa@redhat.com>

	include: common: Fix function formatting

	api: Generate docs for libvirt-common.h
	Since commit f5d9c5d00cfc0c moved the virTypedParam stuff into
	libvirt-common we did not generate any docs for them and neither did we
	populate them into libvirt-api.xml. This broke the sanity check in
	libvirt python. Fix it by generating docs for libvirt-common.h too.

	apibuild: Allow completely skipping certain macros
	Some macros don't make sense to be documented at all. Add infrastructure
	to the web/api generator and add VIR_DEPRECATED and VIR_EXPORT_VAR as
	macros we should not document.

	include: common: Fix file header for apibuild.py
	Our docs/web generator would take the complete license text and put it
	into the description of the file, since it depends on position of the
	"Author:" line. Move the author line to the top and remove the spurious
	emacs comment.

2016-04-21  Andrea Bolognani  <abologna@redhat.com>

	dist: ln(1) is not guaranteed to have a '-f' option
	According to the autoconf manual, using '$(LN_S) -f' is not
	portable; remove the target explicitly beforehand to work around
	this limitation.

	Adjust some slightly awkward indentation while at it.

2016-04-21  Cole Robinson  <crobinso@redhat.com>

	qemu: process: split out startup XML validation
	And document that these specific bits are done at startup time for
	back compat reasons

	qemu: process: split out shmem startup warning
	Now we can return early and save some indentation

2016-04-21  Cole Robinson  <crobinso@redhat.com>

	virsh: Don't clear old connection if 'connect $uri' fails
	    virsh # list --all
	     Id    Name                           State
	    ----------------------------------------------------
	     1     test                           running

	    virsh # connect frob
	    error: Failed to connect to the hypervisor
	    error: no connection driver available for frob

	    virsh # list --all
	    error: failed to connect to the hypervisor
	    error: no valid connection
	    error: no connection driver available for frob

	Seems sensible IMO to just not clear out the old connection state
	until the new virConnectOpen succeeds.

	https://bugzilla.redhat.com/show_bug.cgi?id=829160

2016-04-21  Cole Robinson  <crobinso@redhat.com>

	libvirt: Fix crash on URI without scheme
	My commit 0d1579572 crashes on a URI without a scheme, like via
	'virsh --connect frob'

	Add a check on uri->server too while we are at it, and centralize
	them all

2016-04-21  Erik Skultety  <eskultet@redhat.com>

	tests: virnetdaemontest: Enable testing for no-keepalive-required
	Commit a8743c39 removed keepalive_required attribute from daemon, added a test
	case for it, but forgot to enable the test itself in virnetdaemontest.

	tests: virnetdaemon: Replace tabs with spaces
	We already did this once, but somehow commit 252610f7 managed to bring the tabs
	back again.

	tests: remove virnetservertest data leftovers
	Commit a4746114 renamed virnetservertest to virnetdaemontest to reflect some
	refactor changes to virNetServer code (which moved daemon-related parts to
	virNetDaemon module). Moving test data from virnetserverdata to
	virnetdaemondata was also part of the commit, but the commit failed to clean
	half of the files that were copied (rather than moved).

2016-04-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: re-fix help printing without connection
	Re-do 0217089 so it does not add regression for commit c0726e0 that allowed to
	print help without making a connection to the daemon.

2016-04-21  Andrea Bolognani  <abologna@redhat.com>

	build: Use $(LN_S) safely
	The autoconf documentation recommends to always use this
	construct when creating symbolic links with $(LN_S) to avoid
	unexpected behavior.

2016-04-21  Andrea Bolognani  <abologna@redhat.com>

	build: Overwrite existing symbolic links
	The current rule fails if the target already exists:

	  cd /home/jenkins/build/libvirt/lib && \
	    ln -s libnss_libvirt.so.1 nss_libvirt.so.1
	  ln: nss_libvirt.so.1: File exists
	  Makefile:3357: recipe for target 'install-exec-hook' failed

	However, all other rules concerned with installation are
	idempotent and will happily overwrite an existing target,
	so this one should as well.

2016-04-21  Andrea Bolognani  <abologna@redhat.com>

	build: Add AC_PROG_LN_S to configure
	We use $(LN_S) for creating symbolic links, but the appropriate
	autoconf macro was not included among the checks for external
	programs.

	build: Always use $(LN_S) and $(MKDIR_P)
	autotools provide those for our convenience, so let's use them
	everywhere instead of mixing in native command invocation.

2016-04-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: perf: Remove unnecessary 'error' label
	The only place that uses it doesn't warrant a separate label.

2016-04-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: perf: Don't leak domain
	After failing to parse the perf event list, the code would return
	failure without freeing the previously acquired object. Rearrange the
	code to avoid the problem.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1329046

2016-04-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: don't override connection URI from argv
	Currently, if a connection URI was specified on the command line by the
	'-c' switch, virsh connects to it, but after connecting overrides its
	value with the one it tries to obtain from the VIRSH_DEFAULT_CONNECT_URI
	environment variable.

	This makes virsh connecting to the wrong URI if it disconnects from the
	hypervisor and then tries to reconnect, and also leaks the original connname.

	Fix by calling virGetEnvBlockSUID() before virshParseArgv().

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	docs: domain: Document network <filterref>
	The proper nwfilter docs go into full detail, but we should still
	have a brief bit about domain XML in the domain documentation

2016-04-20  Michal Privoznik  <mprivozn@redhat.com>

	docs: Don't leave any documentation behind
	Our uninstall script is not exact counterpart of install one.
	Therefore we are leaving couple of files behind. This should not
	happen.

	docs: Uninstall libvirt logo too
	While we could leave it behind as an indelible sign that libvirt
	has been running on host, other users might not be that fond of
	it.

2016-04-20  Michal Privoznik  <mprivozn@redhat.com>

	examples: Try harder to uninstall nwfilter
	We have this code in our Makefile that tries to remove
	/etc/libvirt/nwfilter if directory is left empty after all our
	example nwfilters were uninstalled. However, the check for that
	is missing quotation marks thus rendering the test useless:

	test -z allow-arp.xml allow-dhcp-server.xml .. qemu-announce-self.xml || \
	  rmdir "/some/path/libvirt.git/_install/etc/libvirt/nwfilter"
	/bin/sh: line 0: test: too many arguments

2016-04-20  Michal Privoznik  <mprivozn@redhat.com>

	nss: Try harder to uninstall
	On BSD we are creating this symlink to libnss_libvirt.so called
	nss_libvirt.so. That's just the way it is on BSD. However, when
	uninstalling, we try to remove libnss_libvirt.so instead of the
	symlink. Moreover, if file we are trying to remove does not exist
	we error out instead of ignoring the error.

2016-04-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix config input device check
	We don't have input devices in SDK thus for define/dumpxml
	operations to be consistent we need to:

	1. on dumpxml: infer input devices from other parts of config.
	It is already done in prlsdkLoadDomain.

	2. on define: check that input devices are the same that
	will be infer back on dumpxml operation.

	The second part should be fixed.

2016-04-20  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: add default input devices on post parse
	It is on par with prlsdkLoadDomain actions.

2016-04-20  Simon Arlott  <bugzilla.redhat.simon@arlott.org>

	virt-aa-helper: disallow VNC socket read permissions
	The VM does not need read permission for its own VNC socket to create(),
	bind(), accept() connections or to receive(), send(), etc. on connections.

	https://bugzilla.redhat.com/show_bug.cgi?id=1312573

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	storage: drop the plumbing needed for kvm-img/qcow-create
	Remove all the plumbing needed for the different qcow-create/kvm-img
	non-raw file creation.

	We can drop the error messages because CreateQemuImg will thrown an
	error for us but with slightly less fidelity (unable to find qemu-img),
	which I think is acceptable given the unlikeliness of that error in
	practice.

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	storage: remove support for /usr/bin/kvm-img
	This an ubuntu/debian packaging convention. At one point it may have
	been an actually different binary, but at least as of ubuntu precise
	(the oldest supported ubuntu distro, released april 2012) kvm-img is
	just a symlink to qemu-img for back compat.

	I think it's safe to drop support for it

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	storage: remove support for /usr/bin/qcow-create
	qcow-create was a crippled qemu-img impl that shipped with xen. I
	think supporting this was only relevant for really old distros
	that didn't have a proper qemu package, like early RHEL5. I think
	it's fair to drop support

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	man: Clarify virsh vol-clone works within a single pool
	virsh vol-clone is expected to clone a volume within a single
	pool; it doesn't work for cloning across pools. Clarify the docs

	https://bugzilla.redhat.com/show_bug.cgi?id=1103714

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	network: Don't use ERR_NO_SUPPORT for invalid net-update requests
	VIR_ERR_NO_SUPPORT maps to the error string

	    this function is not supported by the connection driver

	and is largely only used for when a driver doesn't have any
	implementation for a public API. So its usage with invalid
	net-update requests is a bit out of place. Instead use
	VIR_ERR_OPERATION_UNSUPPORTED which maps to:

	    Operation not supported

	And is what qemu's hotplug routines use in similar scenarios

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	libvirt: Use conventional function names
	do_open and winsock_init don't follow the naming pattern of other
	functions in this file. Rename them to match

2016-04-20  Cole Robinson  <crobinso@redhat.com>

	Revert "daemon: use socket activation with systemd"
	This reverts commit 1e9808d3a1e00a7121bae8b163d9c42d441d2ca8.

	We shouldn't advertise libvirtd.socket activation, since currently
	it means VM/network/... autostart won't work as expected.

	We tried to find a middle ground by installing the config file without
	an [Install] section, since systemd won't allow .socket to be enabled
	without one... or at least it did do that; presently on f24 it allows
	activating the socket quite happily. This also caused user confusion[1]

	Just remove the socket file. I've filed a new RFE to track coming up
	with a solution to the autostart problem[2], we can point users at that
	if there's more confusion:

	[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1279348
	[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1326136

2016-04-20  Andrea Bolognani  <abologna@redhat.com>

	tests: Fix enumeration value
	Commit 3a773c43c801 introduced the testCompareNetXML2XMLResult
	enumeration; however, in one instance the result variable was
	assigned a value from the very similar testCompareDocXML2XMLResult
	enumeration, leading to a build error.

	  networkxml2xmltest.c:33:42: error:
	    implicit conversion from enumeration type 'testCompareDomXML2XMLResult'
	    to different enumeration type 'testCompareNetXML2XMLResult'
	    [-Werror,-Wenum-conversion]

	  testCompareNetXML2XMLResult result = TEST_COMPARE_DOM_XML2XML_RESULT_SUCCESS;
	                              ~~~~~~   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Use the proper value (TEST_COMPARE_NET_XML2XML_RESULT_SUCCESS) instead.

2016-04-20  Andrea Bolognani  <abologna@redhat.com>

	docs: Document the new XML elements

	qemu: Cache GIC capabilities
	Implement support for saving GIC capabilities in the cache and
	read them back.

	qemu: Fill in GIC capabilities
	Take the GIC capabilities stored in a virQEMUCaps instance and
	update a virDomainCaps instance appropriately.

	conf: Expose GIC capabilities
	Add information about GIC capabilities to virDomainCaps and update
	the formatter to include them in the XML output.

	schema: Validate GIC capabilities
	We need to expose GIC capabilities in the domain capabilities
	XML: update the schema to validate documents that contain the
	new information.

2016-04-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Probe GIC capabilities
	QEMU introduced the query-gic-capabilities QMP command
	with commit 4468d4e0f383: use the command, if available,
	to probe available GIC capabilities.

	The information obtained is stored in a virQEMUCaps
	instance, and will be later used to fill in a
	virDomainCaps instance.

2016-04-20  Andrea Bolognani  <abologna@redhat.com>

	conf: Get rid of virDomainCapsDevice
	The struct contains a single boolean field, 'supported':
	the meaning of this field is too generic to be limited to
	devices only, and in fact it's already being used for
	other things like loaders and OSs.

	Instead of trying to come up with a more generic name just
	get rid of the struct altogether.

2016-04-19  Cole Robinson  <crobinso@redhat.com>

	Explicitly error on uri=qemu://system
	It's a fairly common error that a user tries to connect to a URI
	like qemu://system or qemu://session (missing a slash). This errors
	like:

	$ virsh --connect qemu://session
	error: failed to connect to the hypervisor
	error: Unable to resolve address 'session' service '16514': No address associated with hostname

	If you already know that the standard qemu URI has 3 slashes, that
	error will make it obvious enough. But new user's may not get it.
	There's even a RHEL support page explicitly mentioning it!:

	https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/sect-Troubleshooting-Common_libvirt_errors_and_troubleshooting.html

	Catch this error early in libvirt.c virConnectOpen for qemu (and vbox
	which has similar rules

	https://bugzilla.redhat.com/show_bug.cgi?id=1038304

2016-04-19  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: handle sourceless cdroms
	libvirt handles empty source as NULL, while vz sdk as
	"" thus we need a bit of conversion.

2016-04-19  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: cleanup: remove trivial function

	vz: fix boot check to use new disk id
	Current implementation does not detect all incompatible configurations.
	For example if we have in vzsdk bootorder "cdrom1, cdrom0" (that is
	"hdb, hda" in case of ide cdroms) and cdroms do not have disk
	images inserted. In this case boot order check code fails to
	distiguish them at all as for both PrlVmDev_GetFriendlyName gives "".
	Well the consequences are only missing warnings but as
	we just have introduced all the necessary tools to face the problem -
	let's fix it.

	vz: fix detach disk to use new disk id
	Actually using disk PrlVmDev_GetFriendlyName as id on
	detaching volumes is not a problem. We can only detach
	hard disks and these can not have empty friendly names.
	But upcoming update device functionality for cdroms
	can not use disk source as id at all as update operation
	typically change this same source value. Thus we will need
	to use cdrom bus and cdrom target name as cdrom id. So in attempt
	to use same id scheme for all purpuses lets fix hard disk
	detach function to use new id.

	vz: introduce vzsdk disk id function
	Our intention is to use disk bus and disk target name pair
	as disk id instead of name returned by PrlVmDev_GetFriendlyName.
	We already have the code that extracts this pair from vzsdk
	data. Let's factor it out into a function.

2016-04-19  Laine Stump  <laine@laine.org>

	network: prevent duplicate entries in network device pools
	Prior to this patch we didn't make any attempt to prevent two entries
	in the array of interfaces/PCI devices from pointing to the same
	device.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1002423

2016-04-19  Laine Stump  <laine@laine.org>

	test: enable testing for expected parse errors in network XML
	This is patterned after similar functionality for domain XML tests,
	but tries harder to avoid reading non-existent networkxml2xmlout data
	file when parse fails.

2016-04-19  Cole Robinson  <crobinso@redhat.com>

	qemu: command: drop redundant min_guarantee check
	We already reject a VM with min_guarantee early in the VM startup
	in qemuProcessStartValidate

2016-04-19  Cole Robinson  <crobinso@redhat.com>

	qemu: Remove redundant DomainObjIsActive calls
	The common idiom in the driver API implementations is roughly:

	- ACL check
	- BeginJob (if needed)
	- AgentAvailable (if needed)
	- !IsActive

	A few calls had an extra !IsActive before BeginJob, which doesn't
	seem to serve much use. Drop them

2016-04-18  Cole Robinson  <crobinso@redhat.com>

	lxc: explicitly error on interface type=ethernet
	It isn't implemented and does not work:

	error: internal error: guest failed to start: /usr/lib/libvirt/libvirt_lxc: option '--veth' requires an argument
	syntax: /usr/lib/libvirt/libvirt_lxc [OPTIONS] ...

	We previously threw an explicit error, but this changed in
	22cff52a2b8e06c913b1f97767e5d390fb17fc3b , which I suspect was
	untested for LXC

2016-04-18  Martin Kletzander  <mkletzan@redhat.com>

	Include sysmacros.h where needed
	So in glibc-2.23 sys/sysmacros.h is no longer included from sys/types.h
	and we don't build because of the usage of major/minor/makedev macros.
	Autoconf already has AC_HEADER_MAJOR macro that check where exactly
	these functions/macros are defined, so let's use that.

	security: Rename DomainSetDirLabel to DomainSetPathLabel
	It already labels abritrary paths, so it's just the naming that was
	wrong.

2016-04-18  John Ferlan  <jferlan@redhat.com>

	tests: Fix syntax in iSCSI auth/secret tests
	While working on the tests for the secret initialization vector, I found
	that the existing iSCSI tests were lacking in how they defined the IQN.
	Many had IQN's of just 'iqn.1992-01.com.example' for one disk while using
	'iqn.1992-01.com.example/1' for the second disk (same for hostdevs - guess
	how they were copied/generated).

	Typically (and documented this way), IQN's would include be of the form
	'iqn.1992-01.com.example:storage/1' indicating an IQN using "storage" for
	naming authority specific string and "/1" for the iSCSI LUN.

	So modify the input XML's to use the more proper format - this of course
	has a ripple effect on the output XML and the args.

	Also note that the "%3A" is generated by the virURIFormat/xmlSaveUri
	to represent the colon.

2016-04-18  Michal Privoznik  <mprivozn@redhat.com>

	virDomain{Get,Set}PerfEvents: Tweak documentation
	These API already support VIR_DOMAIN_AFFECT_* flags. But the
	documentation does not mention it. Eww.

2016-04-18  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Introduce srv-threadpool-info and srv-threadpool-set commands
	Wire up the server threadpool tunable APIs to virt-admin client. Also, provide
	a man page for both commands.

	admin: Introduce virAdmServerSetThreadPoolParameters
	Since threadpool increments the current number of threads according to current
	load, i.e. how many jobs are waiting in the queue. The count however, is
	constrained by max and min limits of workers. The logic of this new API works
	like this:
	    1) setting the minimum
	        a) When the limit is increased, depending on the current number of
	           threads, new threads are possibly spawned if the current number of
	           threads is less than the new minimum limit
	        b) Decreasing the minimum limit has no possible effect on the current
	           number of threads
	    2) setting the maximum
	        a) Icreasing the maximum limit has no immediate effect on the current
	           number of threads, it only allows the threadpool to spawn more
	           threads when new jobs, that would otherwise end up queued, arrive.
	        b) Decreasing the maximum limit may affect the current number of
	           threads, if the current number of threads is less than the new
	           maximum limit. Since there may be some ongoing time-consuming jobs
	           that would effectively block this API from killing any threads.
	           Therefore, this API is asynchronous with best-effort execution,
	           i.e. the necessary number of workers will be terminated once they
	           finish their previous job, unless other workers had already
	           terminated, decreasing the limit to the requested value.
	    3) setting priority workers
	        - both increase and decrease in count of these workers have an
	          immediate impact on the current number of workers, new ones will be
	          spawned or some of them get terminated respectively.

	admin: Introduce virAdmServerGethreadPoolParameters
	New API to retrieve current server workerpool specs. Since it uses typed
	parameters, more specs to retrieve can be further included in the pool of
	supported ones.

	admin: Prepare admin protocol for future worker related procedures
	Before any getter or setter methods can be introduced, first specify a set of
	public attributes/flags that these methods will be compatible with.

	util: Add more getters to threadpool parameters
	In order for the client to see all thread counts and limits, current total
	and free worker count getters need to be introduced. Client might also be
	interested in the job queue length, so provide a getter for that too. As with
	the other getters, preparing for the admin interface, mutual exclusion is used
	within all getters.

	util: Use a mutex when retrieving threadpool data
	So far, the values the affected getters retrieve are static, i.e. there's no
	way of changing them during runtime. But admin interface will later enable
	not only getting but changing them as well. So to prevent phenomenons like
	torn reads or concurrent reads and writes of unaligned values, use mutual
	exclusion when getting these values (writes do, understandably, use them
	already).

	util: Report system error when virThreadCreateFull fails
	Otherwise 'Unknown' error will be returned to client.

	util: Refactor thread creation by introducing virThreadPoolExpand
	When either creating a threadpool, or creating a new thread to accomplish a job
	that had been placed into the jobqueue, every time thread-specific data need to
	be allocated, threadpool needs to be (re)-allocated and thread count indicators
	updated. Make the code clearer to read by compressing these operations into a
	more complex one.

	admin: Enable usage of typed parameters
	Make all relevant changes to admin protocol, in order to achieve $(subj)

	libvirt-host: Move virTypedParam* to libvirt-common
	Commits 0472cef6, 9afc115f, 8cd1d546 exported typed params handlers internally,
	but a commit which would move the public definition from libvirt-host to
	libvirt-common was missing.

2016-04-18  Peter Krempa  <pkrempa@redhat.com>

	event-test: Enforce domain event sync
	Use verify to force adding new events by means of static assertions.

	event-test: Add VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON
	When adding the static check I've noticed that one other event is
	missing.

	event-test: Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVAL_FAILED

	event-test: Add VIR_DOMAIN_EVENT_ID_JOB_COMPLETED

	event-test: Add VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION callback

	event-test: Add VIR_DOMAIN_EVENT_ID_BLOCK_JOB and VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2

	event-test: make domain event registration declarative
	Rather than copying loads of ugly code, let's help out by a few C
	tricks.

	event-test: warn on unhandled enum values
	Avoid forgetting to add the correct fields to the switches in
	event-test.

	event-test: make few switch statements future proof
	Make them return "uknown" for invalid values without breaking compiler
	checks to add new values.

	event-test: Use switch instead of if/else if chains for lifecycle event translation

	event-test: Use typecasted enum to convert graphics event phase

	event-test: Force compiler check in switch for connectClose callback

	lib: document fields virConnectDomainEventDiskChangeReason

	event-test: Use functions with typecasted switch to convert enums
	Arrays would induce crash if a new value was introduced without adding
	it here. This could happen for
	VIR_DOMAIN_EVENT_DISK_DROP_MISSING_ON_START

	event-test: touch up coding style
	Break long lines and format headers correctly.

	event-test: Remove unnecessary 'usage' function

2016-04-18  Peter Krempa  <pkrempa@redhat.com>

	event-test: Get rid of useless and ambiguous VIR_DEBUG macro
	The event test does not try to include libvirt internals. Using a macro
	named VIR_DEBUG might hint to such usage. Additionally it's useless
	since it's used only in the main() function.

	Modernize the message strings while touching them.

2016-04-18  Peter Krempa  <pkrempa@redhat.com>

	event-test: Remove forward declarations
	Most of the functions are no longer in this file. 'usage' does not need
	a declaration.

2016-04-18  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	Libvirt: virTypedParamsValidate: Fix detection of multiple parameters
	virTypedParamsValidate currently uses an index based check to find
	duplicate parameters. This check does not work. Consider the following
	simple example:

	We have only 2 keys
	A  (multiples allowed)
	B  (multiples NOT allowed)

	We are given the following list of parameters to check:
	A
	A
	B

	If you work through the validation loop you will see that our last iteration
	through the loop has i=2 and j=1. In this case, i > j and keys[j].value.i will
	indicate that multiples are not allowed. Both conditionals are satisfied so
	an incorrect error will be given: "parameter '%s' occurs multiple times"

	This patch replaces the index based check with code that remembers
	the name of the last parameter seen and only triggers the error case if
	the current parameter name equals the last one. This works because the
	list is sorted and duplicate parameters will be grouped together.

	In reality, we hit this bug while using selective block migration to migrate
	a guest with 5 disks. 5 was apparently just the right number to push i > j
	and hit this bug.

	virsh migrate --live guestname --copy-storage-all
	              --migrate-disks vdb,vdc,vdd,vde,vdf
	              qemu+ssh://dsthost/system

	Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>

2016-04-18  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemu: migration: new migration param for persistent destination XML
	Migration API allows to specify a destination domain configuration.
	Offline domain has only inactive XML and it is replaced by configuration
	specified using VIR_MIGRATE_PARAM_DEST_XML param. In case of live
	migration VIR_MIGRATE_PARAM_DEST_XML param is applied for active XML.

	This commit introduces the new VIR_MIGRATE_PARAM_PERSIST_XML param
	that can be used within live migration to replace persistent/inactive
	configuration.

	Required for: https://bugzilla.redhat.com/show_bug.cgi?id=835300

2016-04-18  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemuMigrationCookieAddPersistent: move it out and change argument type
	This changes allow to use qemuMigrationCookieAddPersistent with
	an XML definition that isn't assigned to any domain.

2016-04-17  Richard Laager  <rlaager@wiktel.com>

	ZFS: Support sparse volumes
	By default, `zfs create -V ...` reserves space for the entire volsize,
	plus some extra (which attempts to account for overhead).

	If `zfs create -s -V ...` is used instead, zvols are (fully) sparse.

	A middle ground (partial allocation) can be achieved with
	`zfs create -s -o refreservation=... -V ...`.  Both libvirt and ZFS
	support this approach, so the ZFS storage backend should support it.

2016-04-16  John Ferlan  <jferlan@redhat.com>

	Resolve a couple of memory leaks
	Commit id '4b75237f' seems to have triggered Coverity into finding
	at least one memory leak in xen_xl.c for error path for cleanup where
	the listenAddr would be leaked. Reviewing other callers, it seems that
	qemu_parse_command.c would have the same issue, so just it too.

	tools: Fix memory leak
	Coverity found that commit id 'c661b675f' needed to create a cleanup
	path to handle the closing of 'fp' if the virBitmapNewQuiet failed.

	qemu: Fix qemuBuildCommandLine prototype
	Commit id '0da965c5e' removed the 11th parameter, but neglected to
	remove the ATTRIBUTE_NONNULL for it and adjust the 17th and 18th.

2016-04-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: use LIBXL_API_VERSION 0x040200
	To ensure the libvirt libxl driver will build with future versions
	of Xen where the libxl API may change in incompatible ways,
	explicitly use LIBXL_API_VERSION 0x040200. The libxl driver
	does use new libxl APIs that have been added since Xen 4.2, but
	currently it does not make use of any changes made to existing
	APIs such as libxl_domain_create_restore or libxl_set_vcpuaffinity.
	The version can be bumped if/when the libxl driver consumes the
	changed APIs.

	Further details can be found in the following discussion thread

	https://www.redhat.com/archives/libvir-list/2016-April/msg00178.html

2016-04-15  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Label master key file
	When creating the master key, we used mode 0600 (which we should) but
	because we were creating it as root, the file is not readable by any
	qemu running as non-root.  Fortunately, it's just a matter of labelling
	the file.  We are generating the file path few times already, so let's
	label it in the same function that has access to the path already.

2016-04-15  Jiri Denemark  <jdenemar@redhat.com>

	ploop: Fix build with gluster
	Recent patches addiing support for ploop volumes did not properly update
	gluster backend.

2016-04-15  Richard W.M. Jones  <rjones@redhat.com>

	Add functions for handling exponential backoff loops.
	In a few places in libvirt we busy-wait for events, for example qemu
	creating a monitor socket.  This is problematic because:

	 - We need to choose a sufficiently small polling period so that
	   libvirt doesn't add unnecessary delays.

	 - We need to choose a sufficiently large polling period so that
	   the effect of busy-waiting doesn't affect the system.

	The solution to this conflict is to use an exponential backoff.

	This patch adds two functions to hide the details, and modifies a few
	places where we currently busy-wait.

2016-04-15  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: dir: adapt .uploadVol .dowloadVol for ploop volume
	In case of ploop volume, target path of the volume is the path to the
	directory that contains image file named root.hds and DiskDescriptor.xml.
	While using uploadVol and downloadVol callbacks we need to open root.hds
	itself.
	Upload or download operations with ploop volume are only allowed when
	images do not have snapshots. Otherwise operation fails.

2016-04-15  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: dir: adapt .refreshVol and .refreshPool for ploop volumes
	Refreshes meta-information such as allocation, capacity, format, etc.
	Ploop volumes differ from other volume types. Path to volume is the path
	to directory with image file root.hds and DiskDescriptor.xml.
	https://openvz.org/Ploop/format
	Due to this fact, operations of opening the volume have to be done once
	again. get the information.

	To decide whether the given volume is ploops one, it is necessary to check
	the presence of root.hds and DiskDescriptor.xml files in volumes' directory.
	Only in this case the volume can be manipulated as the ploops one.
	Such strategy helps us to resolve problems that might occure, when we
	upload some other volume type from ploop source.

2016-04-15  Olga Krishtal  <okrishtal@virtuozzo.com>

	storage: dir: .wipeVol is left unsupported for ploop volume
	Returns error in case of vol-wipe cmd for a ploop volume

	storage: dir: .resizeVol callback for ploop volume
	Changes the size of given ploop volume via ploop resize tool.

	storage: dir: .deleteVol callback for ploop volume
	Recursively deletes whole directory of a ploop volume.
	To delete ploop image it has to be unmounted.

	storage: dir: .buildVol and .buildVolFrom callbacks for ploop
	These callbacks let us to create ploop volumes in dir, fs and etc. pools.
	If a ploop volume was created via buildVol callback, then this volume
	is an empty ploop device with DiskDescriptor.xml.
	If the volume was created via .buildFrom - then its content is similar to
	input volume content.

	storage: add ploop volume type
	Ploop image consists of directory with two files: ploop image itself,
	called root.hds and DiskDescriptor.xml that contains information about
	ploop device: https://openvz.org/Ploop/format.
	Such volume are difficult to manipulate in terms of existing volume types
	because they are neither a single files nor a directory.
	This patch introduces new volume type - ploop. This volume type is used
	by ploop volume's exclusively.

2016-04-15  Andrea Bolognani  <abologna@redhat.com>

	cfg.mk: Get rid of quotation tricks
	To prevent the error messages in cfg.mk from triggering the very
	same rules they're supposed to explain, we split the message in
	the middle of a symbol name, ending up with stuff like

	  'I am a me'ssage

	Instead of relying on these quotation tricks, simply exclude
	cfg.mk from the relevant checks.

2016-04-15  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Return error when --start <number> in cpu-stats is invalid.

2016-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Properly recalculate/reload balloon size after hot(un)plug
	Rather than trying some magic calculations on our side query the monitor
	for the current size of the memory balloon both on hotplug and
	hotunplug.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1220702

2016-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Simplify condition in qemuProcessRefreshBalloonState
	No need to store failure and re-check right away.

	qemu: driver: Reuse qemuDomainGetMonitor in qemuDomainMemoryStats

	domain: Add helper to determine presence of memory baloon

2016-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Refactor memballoon command line formatting
	Now that there is just one format of the memory balloon command line
	used the code can be merged into a single function.

	Additionally with some tweaks to the control flow the code is easier to
	read.

2016-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Drop obsolete comment
	The change that made qemu not add the memballoon by default happened
	prior to 0.12.0. Additionaly the comment was misleading due to the code
	that was added below. Since we always need to add a balloon on the
	commandline drop the comment.

	qemu: caps: Deprecate QEMU_CAPS_BALLOON
	The flag is now unused and all qemus supported by libvirt already
	support it.

	qemu: command: Assume QEMU_CAPS_DEVICE when building memballoon args

2016-04-15  Cole Robinson  <crobinso@redhat.com>

	spec: Only pull in API docs with -devel package
	Move some API specific documentation out of -docs package and into
	-devel, and some end user docs out of -devel and into -docs, then
	drop the -devel dep on -docs. This is more in line with the suggested
	Fedora guidelines.

	https://bugzilla.redhat.com/show_bug.cgi?id=1310155

2016-04-15  Cole Robinson  <crobinso@redhat.com>

	qemu: migration: Drop dead VNC cookie handling
	The only caller of this code is:

	    for (i = 0; i < dom->def->ngraphics; i++) {
	       if (dom->def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE) {
	           if (!(mig->graphics =
	                 qemuMigrationCookieGraphicsAlloc(driver, dom->def->graphics[i])))
	               return -1;
	           mig->flags |= QEMU_MIGRATION_COOKIE_GRAPHICS;
	           break;
	       }
	    }

	So this is never triggered for VNC, and in fact VNC has no support for
	seamless migration anyways so that seems correct. Drop the dead VNC
	handling.

2016-04-15  Erik Skultety  <eskultet@redhat.com>

	makefile: Move include/Makefile.am to include/libvirt/Makefile.am
	The reason for this is to fix the automatic rebuild of libvirt-common.h.in.
	All *.in files should be automatically rebuilt each time they're modified.
	It works well for makefiles and pkgconfig files, since they do have a valid
	dependency in the top-level Makefile. However, with libvirt-common.h.in
	there is no dependency in the top-level Makefile and there's no need for it
	either, so this rule

	include/libvirt/libvirt-common.h: $(top_builddir)/config.status \
	        $(top_srcdir)/include/libvirt/libvirt-common.h.in
	    cd $(top_builddir) && $(SHELL) ./config.status $@

	is never hit and should be moved to include/Makefile, but that's automake's
	job. According to GNU automake docs:

	"Files created by AC_CONFIG_FILES, be they
	Automake Makefiles or not, are all removed by ‘make distclean’. Their inputs
	are automatically distributed, unless they are the output of prior
	AC_CONFIG_FILES commands. Finally, rebuild rules are generated in the Automake
	Makefile existing in the subdirectory of the output file, if there is one, or
	in the top-level Makefile otherwise."

	Which means that if we want to have the rule for libvirt-common.h automatically
	generated by automake, the include/Makefile.am needs to be moved into libvirt/
	subdirectory and $SUBDIRS in the top-level Makefile need to be adjusted as
	well. This patch moves Makefile.am from include/ to include/libvirt, adjusting
	the prefixes accordingly as well as updates the top-level Makefile $SUBDIRS to
	properly hint automake to generate all rules at proper places.

	Best way to see the changes, use -M with 'git show'.

2016-04-15  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: make it possible to use shared drivers API with vz driver connection
	Since vz driver is now lives as a part of daemon we can benefit from
	this fact and allow vz clients to use shared drivers API like storage,
	network, nwfilter etc.

2016-04-14  Laine Stump  <laine@laine.org>

	qemu: support new pci controller model "pcie-expander-bus"
	This is backed by the qemu device pxb-pcie, which will be available in
	qemu 2.6.0.

	As with pci-expander-bus (which uses qemu's pxb device), the busNr
	attribute and <node> subelement of <target> are used to set the bus_nr
	and numa_node options.

	During post-parse we validate that the domain's machinetype is
	q35-based (since the device shows up for 440fx-based machinetypes, but
	is unusable), as well as checking that <node> specifies a node that is
	actually configured on the guest.

2016-04-14  Laine Stump  <laine@laine.org>

	conf: new pci controller model pcie-expander-bus
	This controller provides a single PCIe port on a new root. It is
	similar to pci-expander-bus, intended to provide a bus that can be
	associated with a guest-identifiable NUMA node, but is for
	machinetypes with PCIe rather than PCI (e.g. q35-based machinetypes).

	Aside from PCIe vs. PCI, the other main difference is that a
	pci-expander-bus has a companion pci-bridge that is automatically
	attached along with it, but pcie-expander-bus has only a single port,
	and that port will only connect to a pcie-root-port, or to a
	pcie-switch-upstream-port. In order for the bus to be of any use in
	the guest, it must have either a pcie-root-port or a
	pcie-switch-upstream-port attached (and one or more
	pcie-switch-downstream-ports attached to the
	pcie-switch-upstream-port).

2016-04-14  Laine Stump  <laine@laine.org>

	qemu: add capabilities bit for device "pxb-pcie"
	    The pxb device is a PCIe expander bus that can be added to any
	    Q35-based machinetype. A single PCIe port (*not* hotpluggable) is
	    provided; if more than one device is desired, or if hotplug
	    support is needed, either a pcie-root-port, or some combination of
	    pcie-switch-upstream-port and pcie-swith-downstream-ports must be
	    added to it. It can have a NUMA node number associated with it, as
	    well as a bus number.

2016-04-14  Laine Stump  <laine@laine.org>

	qemu: support new pci controller model "pci-expander-bus"
	This is backed by the qemu device "pxb".

	The pxb device always includes a pci-bridge that is at the bus number
	of the pxb + 1.

	busNr and <node> from the <target> subelement are used to set the
	bus_nr and numa_node options for pxb.

	During post-parse we validate that the domain's machinetype is
	440fx-based (since the pxb device only works on 440fx-based machines),
	and <node> also gets a sanity check to assure that the NUMA node
	specified for the pxb (if any - it's optional) actually exists on the
	guest.

2016-04-14  Laine Stump  <laine@laine.org>

	conf: new pci controller model pci-expander-bus
	This is a standard PCI root bus (not a bridge) that can be added to a
	440fx-based domain. Although it uses a PCI slot, this is *not* how it
	is connected into the PCI bus hierarchy, but is only used for
	control. Each pci-expander-bus provides 32 slots (0-31) that can
	accept hotplug of standard PCI devices.

	The usefulness of pci-expander-bus relative to a pci-bridge is that
	the NUMA node of the bus can be specified with the <node> subelement
	of <target>. This gives guest-side visibility to the NUMA node of
	attached devices (presuming that management apps only assign a device
	to a bus that has a NUMA node number matching the node number of the
	device on the host).

	Each pci-expander-bus also has a "busNr" attribute. The expander-bus
	itself will take the busNr specified, and all buses that are connected
	to this bus (including the pci-bridge that is automatically added to
	any expander bus of model "pxb" (see the next commit)) will use
	busNr+1, busNr+2, etc, and the pci-root (or the expander-bus with next
	lower busNr) will use bus numbers lower than busNr.

2016-04-14  Laine Stump  <laine@laine.org>

	qemu: add capabilities bit for device "pxb"
	The pxb device is a PCI expander bus that can be added to any
	440fx-based machinetype. The PCI bus that is created has 32 standard
	PCI slots (hotpluggable). It can have a NUMA node number associated
	with it, as well as a bus number.

	qemu: set PCI controller default modelName in a separate function
	Since every PCI controller model has to have a default model name set,
	put it in a separate function to clean up qemuDomainAssignPCIAddresses
	a bit.

	conf: utility function to convert PCI controller model into connect type
	There are two places in qemu_domain_address.c where we have a switch
	statement to convert PCI controller models
	(VIR_DOMAIN_CONTROLLER_MODEL_PCI*) into the connection type flag that
	is matched when looking for an upstream connection for that model of
	controller (VIR_PCI_CONNECT_TYPE_*). This patch makes a utility
	function in conf/domain_addr.c to do that, so that when a new PCI
	controller is added, we only need to add the new model-->connect-type
	in a single place.

2016-04-14  Laine Stump  <laine@laine.org>

	conf/qemu: change the way VIR_PCI_CONNECT_TYPE_* flags work
	The flags used to determine which devices could be plugged into which
	controllers were quite confusing, as they tried to create classes of
	connections, then put particular devices into possibly multiple
	classes, while sometimes setting multiple flags for the controllers
	themselves. The attempt to have a single flag indicate, e.g. that a
	root-port or a switch-downstream-port could connect was not only
	confusing, it was leading to a situation where it would be impossible
	to specify exactly the right combinations for a new controller.

	The solution is for the VIR_PCI_CONNECT_TYPE_* flags to have a 1:1
	correspondence with each type of PCI controller, plus a flag for a PCI
	endpoint device and another for a PCIe endpoint device (the only
	exception to this is that pci-bridge and pcie-expander-bus controllers
	have their upstream connection classified as
	VIR_PCI_CONNECT_TYPE_PCI_DEVICE since they can be plugged into
	*exactly* the same ports as any endpoint device).  Each device then
	has a single flag for connect type (plus the HOTPLUG flag if that
	device can e hotplugged), and each controller sets the CONNECT bits
	for all controllers that can be plugged into it, as well as for either
	type of endpoint device that can be plugged in (and the HOTPLUG flag
	if it can accept hotplugged devices).

	With this change, it is *slightly* easier to understand the matching
	of connections (as long as you remember that the flag for a
	device/upstream-facing connection of a controller is the same as that
	device's type, while the flags for a controller's downstream
	connections is the OR of all device types that can be plugged into
	that controller). More importantly, it will be possible to correctly
	specify what can be plugged into a pcie-switch-expander-bus, when
	support for it is added.

2016-04-14  Laine Stump  <laine@laine.org>

	conf: allow use of slot 0 in a dmi-to-pci-bridge
	When support for dmi-to-pci-bridge was added, it was assumed that,
	just as with the pci-root bus, slot 0 was reserved. This is not the
	case - it can be used to connect a device just like any other slot, so
	remove the restriction and update the test cases that auto-assign an
	address on a dmi-to-pci-bridge.

	conf: use #define instead of literal for highest slot in upstream port
	Every other maxSlot was either set to 0 or to
	VIR_PCI_ADDRESS_SLOT_LAST, but this one was for some reason set to the
	literal value 31 (which is the same as VIR_PCI_ADDRESS_SLOT_LAST).
	This makes them all consistent.

2016-04-14  Laine Stump  <laine@laine.org>

	schema: allow pci address attributes to be in decimal
	This is especially useful for "bus", since the bus of a device's pci
	address is matched to the "index" of a controller to determine which
	bus it will be connected to, and "index" is always specified in
	decimal - being able to specify both in decimal at least makes it
	easier to assure a device is being assigned to the correct bus when it
	is added. For the other attributes, it is just a convenience.

	(MB: the parser already allows for any of these attributes to be given
	in decimal, and there are even examples floating around on the
	internet that give them in decimal rather than hex (written in the
	days before virsh did schema validation on all XML). This only updates
	the schema to match the parser.)

2016-04-14  Laine Stump  <laine@laine.org>

	schema: new basic type - uint16
	This is a number between 0 and 65535 (or 0x0000 - 0xffff if specified
	in hexadecimal).

2016-04-14  Laine Stump  <laine@laine.org>

	schema: rename uint8range/uint24range to uint8/uint24
	nwfilter.rng defines uint16range and uint32range, but in a different
	manner (it also allows a variable name as the value, rather than just
	a decimal or hex number). I wanted to add uint16range to
	basictypes.rng, but my desired definition was parallel to those for
	uint8range and uint24range which are defined in basictypes.rng - they
	*don't* allow a variable name for the value.

	The simplest path to make everyone happy is to make the "plain"
	versions in basictypes.rng have simpler names - "uint8", "uint16", and
	"uint24". This patch renames uint8range and uint24range to uint8 and
	uint24, while the next patch will add uint16.

2016-04-14  Laine Stump  <laine@laine.org>

	schema: make pci slot and function optional
	The pcie-switch-downstream-port and pcie-root-port controllers have
	only a single slot, numbered 0, and the greate majority of all guest
	PCI devices are plugged into function 0 of whatever slot they're
	using. The parser makes these optional, setting them to 0 when not
	specified, and it's logical for the schema to also make them optional.

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	util: Add virGettextInitialize, convert the code
	Take setlocale/gettext error handling pattern from tools/virsh-*
	and use it for all standalone binaries via a new shared
	virGettextInitialize routine. The virsh* pattern differed slightly
	from other callers. All users now consistently:

	* Ignore setlocale errors. virsh has done this forever, presumably for
	  good reason. This has been partially responsible for some bug reports:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1312688
	  https://bugzilla.redhat.com/show_bug.cgi?id=1026514
	  https://bugzilla.redhat.com/show_bug.cgi?id=1016158

	* Report the failed function name
	* Report strerror

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	man: virsh: Document lxc-enter-namespace --noseclabel
	https://bugzilla.redhat.com/show_bug.cgi?id=1147737

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	docs: formatdomain: document versions for video acceleration
	clarify what version initial support was added, and when libvirt
	started supporting it for the qemu driver

	https://bugzilla.redhat.com/show_bug.cgi?id=657931

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	docs: domain: document blkiotune {read, write}_{bytes, iops}_sec
	Added with commit 3b431929 in v1.2.2 but never documented

	https://bugzilla.redhat.com/show_bug.cgi?id=1313613

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	storage: mpath: Don't error on target_type=NULL
	We use device-mapper to enumerate all dm devices, and filter out
	the list of multipath devices by checking the target_type string
	name. The code however cancels all scanning if we encounter
	target_type=NULL

	I don't know how to reproduce that situation, but a user was hitting
	it in their setup, and inspecting the lvm2/device-mapper code shows
	many places where !target_type is explicitly ignored and processing
	continues on to the next device. So I think we should do the same

	https://bugzilla.redhat.com/show_bug.cgi?id=1069317

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	qemu: command: don't overwrite watchdog dump action
	The watchdog cli refactoring in 4666b762 dropped the temporary variable
	we use to convert to action=dump to action=pause for the qemu cli, and
	stored the converted value in the domain structure. Our other watchdog
	handling code then treated it as though the user requested action=pause,
	which broke action=dump handling.

	Revive the temporary variable to fix things.

2016-04-14  Cole Robinson  <crobinso@redhat.com>

	test: genericxml2xml: test graphics listen= compat
	* Add a test for listen=XXX and <listen address=YYY/> collision error
	* Add an explicit test for listen=XXX duplicated to <listen address=XXX/>
	  We implicitly test it elsewhere but I figure it's better to be explicit,
	  and this test case can be extended in the future for additional listen
	  back compat if/when we support <listen type='socket'/> syntax

	tests: Enable failure testing with CompareDomXML2XML
	This allows tests to check for specific failure scenarios

2016-04-14  Ján Tomko  <jtomko@redhat.com>

	tests: do not overwrite return value when filling qemuCapsCache
	In qemuHotplugCreateObjects, the ret variable was filled by
	the value returned by qemuTestCapsCacheInsert.

	If any of the functions after this assignment failed, we would still
	return success.

	Also adjust testCompareXMLToArgvHelper, where this change is just
	cosmetic, because the value was overwritten right away.

2016-04-14  ShaoHe Feng  <shaohe.feng@intel.com>

	virsh: add compression options for migration

2016-04-14  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: migration: support setting compession parameters

2016-04-14  Eli Qiao  <liyong.qiao@intel.com>

	qemumonitorjsontest: add test for getting multithread compress params

2016-04-14  ShaoHe Feng  <shaohe.feng@intel.com>

	qemu: monitor: add migration parameters accessors

2016-04-14  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: qemu: add option to select compression methods

2016-04-14  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	virsh: support up to 64 migration options for command
	Upcoming compression options for migration command patch
	series hits current limit of 32 possible options for a command.
	Lets take one step further and support 64 possible options.

	And all it takes is moving from 32 bit integers to 64 bit ones.
	The only less then trivial change i found is moving from
	'ffs' to 'ffsl'.

2016-04-14  Martin Kletzander  <mkletzan@redhat.com>

	Fix various shadowed declarations
	I tried compiling libvirt with older gcc and probably because I used
	different configure options I got some shadowed declarations.

2016-04-14  Chunyan Liu  <cyliu@suse.com>

	libxl: support creating domain with VF assignment from a pool
	Add codes to support creating domain with network defition of assigning
	SRIOV VF from a pool.

2016-04-14  Maxim Nestratov  <mnestratov@virtuozzo.com>

	fix build by correcting functions order and src/Makefile.am
	commit 30c61901 added new functions to libvirt_private.syms
	not alpabetically sorted and erroneously added vz sources to
	STATEFUL_DRIVER_SOURCE_FILES, which triggered check-aclrules
	running while vz driver isn't ready for it yet.

	Pushing under build-breaker rule.

2016-04-13  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: simplify getting strings from vzsdk
	SDK does not allocate memory when getting strings thus we
	need to call every function that returns string twice.
	First to obtain string length, second to obtain string
	itself. It is tedious so let's create helper functions
	for cases when we know length of the result beforehand
	and we are not.

2016-04-13  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: minor cleanup
	remove unnecessary vzConnectClose prototype and make
	local structure vzDomainDefParserConfig be static

	vz: remove vzDriverLock/Unlock function
	We don't need them anymore as all pointers within vzDriver structure
	are not changed during the time it exists.
	Where we still need to synchronize we use virObjectLock/Unlock as far
	as vzDriver is lockable object.

	vz: implement connectGetSysinfo hypervisor callback

	vz: fix possible vzDomainDefineXMLFlags and prlsdkNewDomainByHandle race
	Lock driver when a new domain is created in prlsdkNewDomainByHandle
	and try to find it in the list under lock again because it can race
	with vzDomainDefineXMLFlags when a domain with the same uuid is added
	via vz dispatcher directly and libvirt define.

	vz: introduce new vzDriver lockable structure and use it
	This patch introduces a new 'vzDriver' lockable object and provides
	helper functions to allocate/destroy it and we pass it to prlsdkXxx
	functions instead of virConnectPtr.
	Now we store domain related objects such as domain list, capabitilies
	etc. within a single vz_driver vzDriver structure, which is shared by
	all driver connections. It is allocated during daemon initialization or
	in a lazy manner when a new connection to 'vz' driver is established.
	When a connection to vz daemon drops, vzDestroyConnection is called,
	which in turn relays disconnect event to all connection to 'vz' driver.

	vz: build driver as module and don't register it on client's side
	Make it possible to build vz driver as a module and don't link it with
	libvirt.so statically.
	Remove registering it on client's side as far as we start relying on daemon

2016-04-13  Pavel Hrdina  <phrdina@redhat.com>

	build: fix build on RHEL-6
	GCC in RHEL-6 complains about listen:

	../../src/conf/domain_conf.c:23718: error: declaration of 'listen' shadows a global declaration [-Wshadow]
	/usr/include/sys/socket.h:204: error: shadowed declaration is here [-Wshadow]

	This renames all the listen to gListen.

2016-04-13  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: correct iomode check
	Virtuozzo hypervisor supports native iomode.
	So we should allow to add disk with iomode "native" or "default".

2016-04-13  Cole Robinson  <crobinso@redhat.com>

	rpc: daemon: Fix virtlog/virtlock daemon reload
	Trying to reload/SIGUSR1 virtlogd or virtlockd fails with:

	error : virNetDaemonRun:747 : internal error: Not all servers restored, cannot run server

	Commit 252610f7 changed the daemon state json to allow tracking
	multiple servers. However it missed clearing dmn->srvObject after
	the json is empty, like the previous code paths handled.  Later on in
	virNewDaemonRun, dmn->srvObject is expected to be empty otherwise we
	throw the above error.

	https://bugzilla.redhat.com/show_bug.cgi?id=1311013

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	qemuxml2argvtest: do not mock virCommand
	Mock virNetDevRunEthernetScript instead.

	This restores the VIR_TEST_REGENERATE_OUTPUT functionality.

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	qemuExecuteEthernetScript: move to util
	This is just a wrapper for virCommand that takes two strings
	and runs them.

	Move it to virnetdev.c for easier mocking.

2016-04-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Wire up ACPI OST events to notify users of failed memory unplug
	Since qemu is now able to notify us that the guest rejected the memory
	unplug operation we can relay this to the user and make the API fail
	right away.

	Additionally document the possible values from the ACPI docs for future
	reference.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1320447

2016-04-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add support for ACPI_DEVICE_OST event handling
	The event is emitted on ACPI OSPM Status Indication events.

	ACPI standard documentation describes the method as:

	This object is an optional control method that is invoked by OSPM to
	indicate processing status to the platform. During device ejection,
	device hot add, or other event processing, OSPM may need to perform
	specific handshaking with the platform. OSPM may also need to indicate
	to the platform its inability to complete a requested operation; for
	example, when a user presses an ejection button for a device that is
	currently in use or is otherwise currently incapable of being ejected.
	In this case, the processing of the ACPI Eject Request notification by
	OSPM fails. OSPM may indicate this failure to the platform through the
	invocation of the _OST control method. As a result of the status
	notification indicating ejection failure, the platform may take certain
	action including reissuing the notification or perhaps turning on an
	appropriate indicator light to signal the failure to the user.

2016-04-13  Peter Krempa  <pkrempa@redhat.com>

	Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVAL_FAILED event
	Since we didn't opt to use one single event for device lifecycle for a
	VM we are missing one last event if the device removal failed. This
	event will be emitted once we asked to eject the device but for some
	reason it is not possible.

	qemu: hotplug: Add support for signalling device unplug failure
	Similarly to the DEVICE_DELETED event we will be able to tell when
	unplug of certain device types will be rejected by the guest OS. Wire up
	the device deletion signalling code to allow handling this.

	qemu: Use domain condition for device removal signaling
	No need to keep two separate conditions. A slight juggling of return
	values is needed to accomodate virDomainObjWaitUntil.

	qemu: hotplug: Refactor semantics of qemuDomainWaitForDeviceRemoval
	Neither of the callers cares whether the DEVICE_DELETED event isn't
	supported or the event was received. Simplify the code and callers by
	unifying the two values and changing the return value constants so that
	a temporary variable can be omitted.

	qemu: hotplug: Properly handle errors in qemuDomainWaitForDeviceRemoval
	Callers ignore if this function returns -1 and continue as though the
	DEVICE_DELETED event was not received. Since we can't be sure that the
	event was not received we should behave as if the event was not
	supported and remove the device definition right away. The error
	fortunately won't really happen here.

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	qemu: assign addresses before aliases
	The address assigning code might add new pci bridges.
	We need them to have an alias when building the command line.

	In real word usage, this is not a problem because all the code
	paths already call qemuDomainAssignAddresses. However moving
	this call lets us remove one extra call from qemuxml2argvtest.

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	qemuxml2argvtest: drop FLAG_EXPECT_ERROR
	It is only used for failed address allocation
	Since we already have FLAG_EXPECT_FAILURE, use that instead.

	Also unify the output to print the whole log buffer instead
	of just the last error message.

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	tests: clean up includes
	After removing qemuBuildCommandLineCallbacks, testutilsqemu.h does not
	need to include qemu_command.h.

	Include just qemu_conf.h here and qemu_domain_address.h in files that
	need it.

2016-04-13  Ján Tomko  <jtomko@redhat.com>

	drop qemuBuildCommandLineCallbacks
	Essentially revert commit 3a6204c which added these to allow the test
	suite to pass without depending on the host system state.

	Since commit 4b527c1 we already mock virSCSIDeviceGetSgName, so these
	callbacks are useless.

2016-04-13  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: call ...ListensParseXML only for appropriate graphics
	Instead of calling the virDomainGraphicsListensParseXML function for all
	graphics types and ignore the wrong ones move the call only to graphics
	types where we supports listen elements.

	domain_conf: remove unused virDomainGraphicsListenGet*
	Those are the last two places that uses the getter functions.  Use a
	direct access instead and remove those getters.

	use virDomainGraphicsGetListen instead of the other getters
	There is no point the use two different getters on the same listen
	structure few lines apart.

2016-04-13  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: cleanup virDomainGraphicsGetListen
	Removes the check for graphics type, it's not a public API and developer
	know what he's doing and this check makes no sense.  It also removes
	the ability to allocate a new array if there is none.  This was used by
	the virDomainGraphicsListenAdd* functions and isn't used anymore.

	This is now a simple getter with simple check for listens array presence
	and whether the index in out of bounds.

2016-04-13  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: remove unused virDomainGraphicsListenSetType

	domain_conf: remove virDomainGraphicsListenSetNetwork

2016-04-13  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: introduce virDomainGraphicsListenAppendAddress
	This effectively removes virDomainGraphicsListenSetAddress which was
	used only to change the address of listen structure and possible change
	the listen type.  The new function will auto-expand the listens array
	and append a new listen.

	The old function was used on pre-allocated array of listens and in most
	cases it only "add" a new listen.  The two remaining uses can access the
	listen structure directly.

2016-04-13  Andrea Bolognani  <abologna@redhat.com>

	configure: Make virt-host-validate optional
	virt-host-validate, just like virt-login-shell, doesn't make sense
	on Windows, so we should avoid building it.

	Make the tool optional and build it by default on all platforms
	except Windows, erroring out if the user attempts to build it
	anyway.

2016-04-13  Andrea Bolognani  <abologna@redhat.com>

	tools: Reorganize conditional bits
	Instead of having separate handling for programs and man pages,
	deal with both in the same place.

2016-04-13  Peter Krempa  <pkrempa@redhat.com>

	conf: extract disk geometry parsing code

	conf: Refactor virDomainDiskDefMirrorParse
	Now that the mirror parsing code is not crammed in the main disk parser
	we can employ better coding style.

	conf: disk: Split out parsing of disk mirror data
	Changes are indentation and 'cleanup' label instead of 'error'.

	conf: virDomainDiskDefIotuneParse: Report malformed number errors
	Rest of the fields of the iotune data structure did not check for
	malformed integers. Use the previously defined macro to extract them
	which will simplify the code and add error reporting.

	conf: virDomainDiskDefIotuneParse: simplify parsing
	Since the structure was pre-initialized to 0 we don't need to set every
	single member to 0 if it's not present in the XML. Additionally if we
	put the name of the field into the error message the code can be
	simplified using a macro to parse the members.

	conf: disk: Remove error label from virDomainDiskDefIotuneParse
	Since this function isn't doing any cleanup, the label is not necessary.

	conf: disk: Extract iotune parsing into a separate func

	conf: disk: Remove one unnecessary level of indentation
	Also simplify the code by switching to a for loop.

	conf: disk: Don't initialize fields allocated by calloc
	All the fields were initialized to 0.

	util: Rename and move virStrIsPrint to virStringIsPrintable

2016-04-12  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: add Hypervisor prefix to vz and parallels Driver structures

	vz: remove drivername field from vzConn structure
	No need to remember connection name and have corresponding
	domain type to keep backward compatibility with former
	'parallels' driver. It is enough to be able to accept 'parallels'
	uri and domain types.

	vz: change the order of capabilities reported
	'vz' goes first now to make clients like virt-manager choose 'vz'
	instead of 'parallels'

	virsh: report when vz driver is compiled

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	tests: fix xen-related tests
	My commit 6879be4 moved the addition of the implicit video device
	from the XML parser to the PostParse function, but did not regenerate
	all the tests.

2016-04-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix memory leak
	we don't need to allocate macstr at all as it is an array
	and already has the the space it needs.

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: use VIR_APPEND_ELEMENT in virDomainDefAddImplicitVideo

	conf: reduce indentation in virDomainDefAddImplicitVideo
	Return early if there is nothing to do.

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: delete useless primaryVideo variable
	If we encounter a video device with primary=yes, we insert it
	at def->videos[0].

	There is no need to record this in a separate variable,
	just check if there already is a primary video at def->videos[0].

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: use insertAt instead of j
	We call VIR_INSERT_ELEMENT_INPLACE either with 0 (for primary video)
	or def->nvideos (for the rest).

	Use a variable with more semantic name, since j is usually used
	for iterating.

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: use the iterator directly when parsing video devices
	We start with both i and def->nvideos at 0 and increment both
	after every successful iteration.

	Use i directly, instead of passing the def->nvideos value through j.

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: also mark the implicit video as primary
	Commit 119cd06 started setting the primary bool for the first
	user-specified video even if user omitted the 'primary' attribute.

	However this was done before the addition of the implicit device.
	This broke startup of transient qemu domains with no <video>:
	https://bugzilla.redhat.com/show_bug.cgi?id=1325757

	Move this default to virDomainDefPostParseInternal,
	after the addition of the implicit video device, to catch the implicit
	video as well.

2016-04-12  Ján Tomko  <jtomko@redhat.com>

	conf: move default video addition after XML parsing
	Separate parsing of the XML from auto-generating the device.

2016-04-12  Andrea Bolognani  <abologna@redhat.com>

	cfg.mk: Use single quotes wherever possible
	Being consistent is nice, especially when it comes to defining our
	regular expression, where using single quotes instead of double
	quotes allows us to leave out a few backslashes.

	Changing this required altering a few error messages.

	The only remaining use of double quotes is one where they are
	actually required for the check to work.

2016-04-12  Andrea Bolognani  <abologna@redhat.com>

	cfg.mk: Remove spurious whitespace

	util: Fix 'exempt from syntax-check' comment

2016-04-11  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: implement memory setting functions
	Quite straigthforward as vz sdk memory setting function makes
	just what we want to that is set "amount of physical memory
	allocated to a domain".

	'useflags' is introduced for non flag function implementation.
	We can't just use combination of flags like "live | config" or
	we fail for inactive domains. Other combinations have drawbacks
	too.

2016-04-11  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: factor out config update flags checks
	Actually this is not pure refactoring. Part of common code is
	replaced with virDomainObjUpdateModificationImpact and this
	a good replacement. It includes removed check of inactive
	domain and active flags set. Additionally we resolve
	current flag in accordance with current state of domain.
	Thus it becames possible to attach/detach devices for
	inactive domains if this flag is set.

2016-04-11  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: fix graphics parsing
	Commit dc98a5bc refactored the code a lot and forget about checking if
	listen attribute is specified.  This ensures that listen attribute and
	first listen element are compared only if both exist.

2016-04-11  Cole Robinson  <crobinso@redhat.com>

	virtlogd: Fix a couple minor memory leaks
	https://bugzilla.redhat.com/show_bug.cgi?id=1303885

2016-04-11  Pavel Hrdina  <phrdina@redhat.com>

	build: add GCC 6.0 -Wlogical-op workaround
	fdstream.c: In function 'virFDStreamWrite':
	fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op]
	        if (errno == EAGAIN || errno == EWOULDBLOCK) {
	                            ^~

	Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op
	producing false warnings.

	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602

	Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports
	push/pop pragma and also has this bug.

2016-04-11  Pavel Hrdina  <phrdina@redhat.com>

	build: cleanup GCC < 4.6 -Wlogical-op workaround

2016-04-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Free priv->machineName
	Commit c3bd0019c0e3 forgot to cleanup after itself.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325043

2016-04-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: agent: Fix incorrect and weird debug/warning log entries
	Replace the nonsensical debug statement by adding the expected event
	code into the existing debug statement.

	Since the monitor code always notifies the agent on guest
	reboot/shutdown even if that was not initiated by the agent the warning
	emitted later is bogus and pollutes the logs in such cases. Delete it
	and keep just the original debug message where this info can be
	inferred.

2016-04-11  Andrea Bolognani  <abologna@redhat.com>

	host-validate: Be more careful when checking for cgroup support
	Simply checking whether the cgroup name appears somewhere inside
	/proc/self/cgroup is enough most of the time, but there are some
	corner cases that require a more mindful parsing.

2016-04-11  Andrea Bolognani  <abologna@redhat.com>

	configure: Fix check for --with-login-shell on Windows
	The check is supposed to stop users from trying to compile
	virt-login-shell on Windows by erroring out during the
	configure phase; however, there are two flaws in it:

	  * the value of "x$with_win" is compared to "yes" instead
	    of "xyes" (note the "x" in the first string)

	  * "test" is not being used, so the script will actually
	    try to run a command called "x$with_win" instead of
	    performing string comparison

	This patch fixes both issues.

2016-04-10  Erik Skultety  <eskultet@redhat.com>

	po: Really fix po/POTFILES.in ordering
	Commit e72667bd tried to fix the incorrect file ordering in po/POTFILES.in
	except it didn't, since the sort was run using locale en_US instead of
	using locale C which is the default in libvirt. So this patch hopefully fixes
	it for good.

	po: fix POTFILES.in file ordering
	When it comes to a situation that a new translatable file needs to be added
	into the list of files, an automatically generated patch is proposed during
	syntax-check. However, the diff was made against a sorted list of files and
	the same sorted list of files + the new file that actually needs to be added
	into the list. Since we do not keep POTFILES sorted, the proposed patch thus
	can't be applied...most of the time - depending on the context.

2016-04-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: fix build without gnutls installed
	Move including of gnutls/gnutls.h in qemu/qemu_domain.c under the
	"ifdef WITH_GNUTLS" check because otherwise it fails like this:

	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_domain.lo
	qemu/qemu_domain.c:50:10: fatal error: 'gnutls/gnutls.h' file not found

	in case if gnutls is not installed on the system.

2016-04-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nss: properly include syms files to dist
	Explicitly add Linux and BSD syms files for nss to EXTRA_DIST
	instead of using the LIBVIRT_NSS_SYMBOL_FILE variable, because its value
	will point to either Linux or BSD syms file, but we need to ship both.

	nss: fix typo in configure help string
	Servie -> Service

2016-04-08  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: cleanup error paths for graphics parser

	domain_conf: split graphics xml parser into multiple functions

	domain_conf: cleanup virDomainGraphicsListensParseXML
	Refactor the listen parser to use only one loop.

	domain_conf: introduce virDomainGraphicsListensParseXML
	Move code, that parses graphics listens, to its own function.

	docs: rewrite graphics XML documentation
	This cleanups the documentation, reformat some of the paragraphs to use
	<p> instead of </br> and rewrites the listen part to be more extendable.

	tests: remove unwanted VIR_FREE of spice and vnc default listen
	After the test and qemu_process refactor now we can benefit from default
	listen address for spice and vnc in tests.

2016-04-08  Andrea Bolognani  <abologna@redhat.com>

	docs: Remove unused div.body CSS rule
	The 'body' CSS class is not used anywhere in the HTML files,
	so we can get rid of the definition as well.

2016-04-08  Peter Krempa  <pkrempa@redhat.com>

	util: netdev: Don't crash in virNetDevSetIPAddress if @peer is NULL
	VIR_SOCKET_ADDR_VALID dereferences the pointer, thus if we pass NULL
	into virNetDevSetIPAddress it crashes. Regression introduced by
	b3d069872ce53eb.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325120

2016-04-08  Ján Tomko  <jtomko@redhat.com>

	qemu: support virt-2.6 machine type on arm
	Some places already check for "virt-" prefix as well as plain "virt".
	virQEMUCapsHasPCIMultiBus did not, resulting in multiple PCI devices
	having assigned the same unnumbered "pci" alias.

	Add a test for the "virt-2.6" machine type which also omits the
	<model type='virtio'/> in <interface>, to check if
	qemuDomainDefaultNetModel works too.

	https://bugzilla.redhat.com/show_bug.cgi?id=1325085

2016-04-08  Andrea Bolognani  <abologna@redhat.com>

	host-validate: Be more careful when checking for cgroup mounts
	The existing code is built on the assumption that no cgroup
	name can appear as part of another cgroup name; moreover, cgroups
	are expected to always be listed in a specific order.

	If that's not the case, eg. 'cpuacct' is listed before 'cpu', the
	algorithm fails to detect the cgroup mount point.

	Rewrite it to get rid of such assumptions.

2016-04-08  Andrea Bolognani  <abologna@redhat.com>

	netdev: Use the correct pointer type for virSocketAddrFormat()
	virSocketAddrFormat() wants a single pointer, not a double pointer.

	Fixes the following compilation error on FreeBSD:

	  util/virnetdev.c:1448:72: error: incompatible pointer types passing
	   'virSocketAddr **' to parameter of type 'const virSocketAddr *';
	   remove & [-Werror,-Wincompatible-pointer-types]
	      if (VIR_SOCKET_ADDR_VALID(peer) && !(peerstr = virSocketAddrFormat(&peer)))
	                                                                         ^~~~~
	  ./util/virsocketaddr.h:92:48: note: passing argument to parameter 'addr' here
	  char *virSocketAddrFormat(const virSocketAddr *addr);
	                                                 ^

2016-04-08  Andrea Bolognani  <abologna@redhat.com>

	configure: Move check for <gnutls/crypto.h>
	Checking for the availability of this header, just like checking
	for the availability of gnutls_rnd(), requires CFLAGS and LIBS to
	be set appropriately.

	Fixes the following compilation errors on FreeBSD:

	  qemu/qemu_domain.c:640:16: error: implicit declaration of function
	   'gnutls_rnd' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
	      if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) {
	                 ^
	  qemu/qemu_domain.c:640:27: error: use of undeclared identifier
	   'GNUTLS_RND_RANDOM'; did you mean 'GNUTLS_CRD_ANON'?
	      if ((ret = gnutls_rnd(GNUTLS_RND_RANDOM, key, nbytes)) < 0) {
	                            ^~~~~~~~~~~~~~~~~
	                            GNUTLS_CRD_ANON

2016-04-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: move ENODATA redefine to internal.h
	FreeBSD lacks ENODATA, and viruuid.c redefines it to EIO, but it's not
	actually using it. On the other hand, we have virrandom.c that's using
	ENODATA. So make this re-definition common by moving it to internal.h,
	so all the current and possible future users don't need to care about
	that.

2016-04-07  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	qemu domain allow to set ip address, peer address and route

	lxc domain allow to set peer address

	libvirt domain xml allow to set peer address

	virnetdev allow to set peer address

2016-04-07  Wei Liu  <wei.liu2@citrix.com>

	libxl: libxl_domain_create_restore has an extra argument
	In the latest libxenlight code, libxl_domain_create_restore accepts a
	new argument. Update libvirt's libxl driver for that. Use the macro
	provided by libxenlight to detect which version should be used.

	The new parameter (send_back_fd) is set to -1 because libvirt provides
	no such fd.

	Message-id: 1459866012-27081-1-git-send-email-wei.liu2@citrix.com

2016-04-07  Andrea Bolognani  <abologna@redhat.com>

	qemu: Explicitly check for gnutls_rnd()
	Our use of gnutls_rnd(), introduced with commit ad7520e8, is
	conditional to the availability of the <gnutls/crypto.h> header
	file.

	Such check, however, turns out not to be strict enough, as there
	are some versions of GnuTLS (eg. 2.8.5 from CentOS 6) that provide
	the header file, but not the function itself, which was introduced
	only in GnuTLS 2.12.0.

	Introduce an explicit check for the function.

2016-04-07  Andrea Bolognani  <abologna@redhat.com>

	configure: Always use old_CFLAGS and old_LIBS
	The variables used for storing CFLAGS and LIBS before temporarily
	modifying them was consistent when it comes to the name, but not
	when it comes to the case.

	Make sure names are completely consistent.

2016-04-07  Andrea Bolognani  <abologna@redhat.com>

	configure: Restore CFLAGS properly after GnuTLS checks
	The previous value of CFLAGS was saved as old_cflags but later
	restored from old_CFLAGS, which is clearly not correct.

	Restore CFLAGS from the right variable.

2016-04-07  Andrea Bolognani  <abologna@redhat.com>

	host-validate: Improve CPU flags processing
	Instead of relying on substring search, tokenize the input
	and process each CPU flag separately. This ensures CPU flag
	detection will continue to work correctly even if we start
	looking for CPU flags whose name might appear as part of
	other CPU flags' names.

	The result of processing is stored in a virBitmap, which
	means we don't have to parse /proc/cpuinfo in its entirety
	for each single CPU flag we want to check.

	Moreover, use of the newly-introduced virHostValidateCPUFlag
	enumeration ensures we don't go looking for random CPU flags
	which might actually be simple typos.

2016-04-07  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: support boot order in domain xml dump
	As usual we try to deal correctly with vz domains that were
	created by other means and thus can have all range of SDK domain
	parameters. If vz domain boot order can't be represented
	in libvirt os boot section let's give warning and make os boot section
	represent SDK to some extent.

	1. Os boot section supports up to 4 boot devices. Here we just
	cut SDK boot order up to this limit. Not too bad.

	2. If there is a floppy in boot order let's just skip it.
	Anyway we don't show it in the xml. Not too bad too.

	3. SDK boot order with unsupported disks order. Say we have "hdb, hda" in
	SDK. We can not present this thru os boot order. Well let's just
	give warning but leave double <boot dev='hd'/> in xml. It's
	kind of misleading but we warn you!

	SDK boot order have an extra parameters 'inUse' and 'sequenceIndex'
	which makes our task more complicated. In realitly however 'inUse'
	is always on and 'sequenceIndex' is not less than 'boot position index'
	which simplifies out task back again! To be on a safe side let's explicitly
	check for this conditions!

	We have another exercise here. We want to check for unrepresentable
	condition 3 (see above). The tricky part is that in contrast to
	domains defined thru this driver 3-rd party defined domains can
	have device ordering different from default. Thus we need
	some id to check that N-th boot disk of os boot section is same as
	N-th boot disk of SDK boot. This is what prlsdkBootOrderCheck
	for. It uses disks sources paths as id for disks and iface names
	for network devices.

2016-04-07  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix disk order on load domain
	We want to report boot order in dumpxml for vz domains.
	Thus we want disks devices to be sorted in output compatible with boot
	ordering specification. So let's just use virDomainDiskInsert
	which makes appropriate sorting.

2016-04-07  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: support boot order specification on define domain
	The patch makes some refactoring of the existing code. Current boot order spec code
	makes very simple thing in somewhat obscure way. In case of VMs
	it sets the first hdd as the only bootable device. In case of CTs it
	doesn't touch the boot order at all if one of the filesystems is mounted to root.
	Otherwise like in case of VMs it sets the first hdd as the only bootable
	device and additionally sets this device mount point to root. Refactored
	code makes all this explicit.

	The actual boot order support is simple. Common libvirt domain xml parsing
	code makes the exact ordering of disks devices as described in docs
	for boot ordering (disks are sorted by bus order first, device target
	second. Bus order is the order of disk buses appearence in original
	xml. Device targets order is alphabetical). We add devices in the
	same order and SDK designates device indexes sequentially for each
	device type. Thus device index is equal to its boot index. For
	example N-th cdrom in boot specification refers to sdk cdrom with
	it's device index N.

	If there is no boot spec in xml the parsing code will add <boot dev='hdd'>
	for HVMs automatically and we backward compatibly set fist hdd as
	bootable.

2016-04-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: perf: Fix crash/memory corruption on failed VM start
	The new perf code didn't bother to clear a pointer in 'priv' causing a
	double free or other memory corruption goodness if a VM failed to start.

	Clear the pointer after freeing the memory.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1324757

2016-04-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: alias: Fix calculation of memory device aliases
	For device hotplug, the new alias ID needs to be checked in the list
	rather than using the count of devices. Unplugging a device that is not
	last in the array will make further hotplug impossible due to alias
	collision.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1324551

2016-04-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: alias: Fix calculation of RNG device aliases
	For device hotplug, the new alias ID needs to be checked in the list
	rather than using the count of devices. Unplugging a device that is not
	last in the array will make further hotplug impossible due to alias
	collision.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1324551

2016-04-07  John Ferlan  <jferlan@redhat.com>

	secret: Introduce virSecretGetSecretString
	Commit id 'fb2bd208' essentially copied the qemuGetSecretString
	creating an libxlGetSecretString.  Rather than have multiple copies
	of the same code, create src/secret/secret_util.{c,h} files and
	place the common function in there.

	Modify the the build in order to build the module as a library
	which is then pulled in by both the qemu and libxl drivers for
	usage from both qemu_command.c and libxl_conf.c

2016-04-07  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildMasterKeyCommandLine
	If the -object secret capability exists, then get the path to the
	masterKey file and provide that to qemu. Checking for the existence
	of the file before passing to qemu could be done, but causes issues
	in mock test environment.

	Since the qemuDomainObjPrivate is not available when building the
	command line, the qemuBuildHasMasterKey API will have to suffice
	as the primary arbiter for whether the capability exists in order
	to find/return the path to the master key for usage.

	Created the qemuDomainGetMasterKeyAlias API which will be used by
	later patches to define the 'keyid' (eg, masterKey) to be used by
	other secrets to provide the id to qemu for the master key.

2016-04-07  John Ferlan  <jferlan@redhat.com>

	qemu: Create domain master key
	Add a masterKey and masterKeyLen to _qemuDomainObjPrivate to store a
	random domain master key and its length in order to support the ability
	to encrypt/decrypt sensitive data shared between libvirt and qemu. The
	key will be base64 encoded and written to a file to be used by the
	command line building code to share with qemu.

	New API's from this patch:

	  qemuDomainGetMasterKeyFilePath:
	    Return a path to where the key is located

	  qemuDomainWriteMasterKeyFile: (private)
	    Open (create/trunc) the masterKey path and write the masterKey

	  qemuDomainMasterKeyReadFile:
	    Using the master key path, open/read the file, and store the
	    masterKey and masterKeyLen. Expected use only from qemuProcessReconnect

	  qemuDomainGenerateRandomKey: (private)
	    Generate a random key using available algorithms

	    The key is generated either from the gnutls_rnd function if it
	    exists or a less cryptographically strong mechanism using
	    virGenerateRandomBytes

	   qemuDomainMasterKeyRemove:
	    Remove traces of the master key, remove the *KeyFilePath

	  qemuDomainMasterKeyCreate:
	    Generate the domain master key and save the key in the location
	    returned by qemuDomainGetMasterKeyFilePath.

	    This API will first ensure the QEMU_CAPS_OBJECT_SECRET is set
	    in the capabilities. If not, then there's no need to generate
	    the secret or file.

	The creation of the key will be attempted from qemuProcessPrepareHost
	once the libDir directory structure exists.

	The removal of the key will handled from qemuProcessStop just prior
	to deleting the libDir tree.

	Since the key will not be written out to the domain object XML file,
	the qemuProcessReconnect will read the saved file and restore the
	masterKey and masterKeyLen.

2016-04-07  John Ferlan  <jferlan@redhat.com>

	util: Introduce virRandomBytes
	Using the existing virUUIDGenerateRandomBytes, move API to virrandom.c
	rename it to virRandomBytes and add it to libvirt_private.syms.

	This will be used as a fallback for generating a domain master key.

2016-04-07  John Ferlan  <jferlan@redhat.com>

	qemu: Add capability bit for qemu secret object
	Add a capability bit for the qemu secret object.

	Adjust the 2.6.0-1 caps/replies to add the secret object. For the
	.replies it's take from the '{"execute":"qom-list-types"}' output.

2016-04-07  John Ferlan  <jferlan@redhat.com>

	qemu: Tear down the cgroup before reattach device to host
	When a hostdev is attached to the guest (and removed from the host),
	the order of operations is call qemuHostdevPreparePCIDevices to remove
	the device from the host, call qemuSetupHostdevCgroup to setup the cgroups,
	and virSecurityManagerSetHostdevLabel to set the labels.

	When the device is removed from the guest, the code didn't use the
	reverse order leading to possible issues (especially if the path to
	the device no longer exists). This patch will move the call to
	qemuTeardownHostdevCgroup to prior to reattaching the device to
	the host.

2016-04-07  John Ferlan  <jferlan@redhat.com>

	qemu: Restore label before reattach device to host
	When a hostdev is attached to the guest (and removed from the host),
	the order of operations is call qemuHostdevPreparePCIDevices to remove
	the device from the host, call qemuSetupHostdevCgroup to setup the cgroups,
	and virSecurityManagerSetHostdevLabel to set the labels.

	When the device is removed from the guest, the code didn't use the
	reverse order leading to possible issues (especially if the path to
	the device no longer exists). This patch will move the call to
	virSecurityManagerRestoreHostdevLabel to prior to reattaching the
	device to the host.

2016-04-06  Guido Günther  <agx@sigxcpu.org>

	Link libvirt_xenconfig instead of libvirt against libxl
	to avoid the test failure

	 7) Test driver "xen"  ... 2016-03-31 12:53:26.950+0000: 22430: debug : virDriverLoadModule:54 : Module load xen
	 2016-03-31 12:53:26.950+0000: 22430: error : virDriverLoadModule:73 : failed to load module /build/libvirt-1.3.3~rc1/debian/build/src/.libs/libvirt_driver_xen.so /build/libvirt-1.3.3~rc1/debian/build/src/.libs/libvirt_driver_xen.so: undefined symbol: xlu_cfg_destroy
	FAILED

2016-04-06  Ján Tomko  <jtomko@redhat.com>

	virt-admin: get rid of LIBVIRT_DEFAULT_ADMIN_URI env var
	There is a LIBVIRT_ADMIN_DEFAULT_URI environment variable
	which is honored by virAdmConnectOpen and documented
	in the virt-admin man page.

	LIBVIRT_DEFAULT_ADMIN_URI is undocumented and this is its
	only occurrence.

2016-04-06  Ján Tomko  <jtomko@redhat.com>

	libvirt-admin: do not crash on URI without a scheme

	tools: remove unnecessary defaultConn variable
	vshStrdup returns NULL without exiting on NULL input.

2016-04-06  Ján Tomko  <jtomko@redhat.com>

	virsh: read default connection uri from env later
	Postpone filling out the default connection in ctl->connname
	after calling virshInit.

	This allows printing help without a connection to the daemon.

2016-04-06  Andrea Bolognani  <abologna@redhat.com>

	spec: Include KVM support on RHEL 7 ppc64 and newer

2016-04-06  Peter Krempa  <pkrempa@redhat.com>

	conf: store bootindex as unsigned int
	The value is never negative thus there's no need to store it in a signed
	type.

	conf: Pass the whole device info struct to virDomainDeviceBootParseXML
	No need to extract the single element.

	Post-release version bump to 1.3.4

2016-04-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.3 - docs/news.html.in libvirt.spec.in: update for release - po/*.po*: regenerated

2016-04-05  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	docs: fix logfile paragraph

2016-04-05  John Ferlan  <jferlan@redhat.com>

	network: Remove extraneous ATTRIBUTE_NONNULL
	Commit id '3992ff14' added the prototype for networkGetActualType
	with 1 parameter, but added 2 ATTRIBUTE_NONNULL's (assume from a
	cut-n-paste), just remove (2).

2016-04-04  John Ferlan  <jferlan@redhat.com>

	qemu: Fix mis-merge of qemuBuildRedirdevCommandLine
	Commit id '59e7ef3c' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

	qemu: Fix mis-merge of qemuBuildConsoleCommandLine
	Commit id 'e6944a52' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

	qemu: Fix mis-merge of qemuBuildChannelsCommandLine
	Commit id '3cdcc910' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

	qemu: Fix mis-merge of qemuBuildParallelsCommandLine
	Commit id '0e1e7ade' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

	qemu: Fix mis-merge of qemuBuildSerialCommandLine
	Commit id '5ab8640' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

	qemu: Fix mis-merge of qemuBuildSmartcardCommandLine
	Commit id '858bafeb' misapplied a merge of commit id '019244751'
	to place the "-chardev" command after formatting the character
	backend value.

2016-04-04  Martin Kletzander  <mkletzan@redhat.com>

	nodedev: Fix parsing of generated XMLs
	Commit d77ffb6876 added not only reporting of the PCI header type, but
	also parsing of that information.  However, because there was no parsing
	done for the other sub-PCI capabilities, if there was any other
	capability then a valid header type name (like phys_function or
	virt_functions) the parsing would fail.  This prevented passing node
	device XMLs that we generated into our own functions when dealing with,
	e.g. with SRIOV cards.

	Instead of reworking the whole parsing, just fix this one occurence and
	remove a test for it for the time being.  Future patches will deal with
	the rest.

2016-04-04  Laine Stump  <laine@laine.org>

	qemu: fix alias name for <interface type='hostdev'>
	Starting with commit f8e712fe, if you start a domain that has an
	<interface type='hostdev' (or that has <interface type='network'>
	where the network is a pool of devices for hostdev assignment), when
	you later try to add *another* interface (of any kind) with hotplug,
	the function qemuAssignDeviceNetAlias() fails as soon as it sees a
	"hostdevN" alias in the list of interfaces), causing the attach to
	fail.

	This is because (starting with f8e712fe) the device alias names are
	assigned during the new function qemuProcessPrepareDomain(), which is
	called *before* networkAllocateActualDevice() (which is called from
	qemuProcessPrepareHost(), which is called from
	qemuProcessLaunch()). Prior to that commit,
	networkAllocateActualDevice() was called first.

	The problem with this is that the alias for interfaces that are really
	a hostdev (<interface type='hostdev'>) is of the form "hostdevN" (just
	like other hostdevs), while other interfaces are "netN". But if you
	don't know that the interface is going to be a hostdev at the time you
	assign the alias name, you can't name it differently. (As far as I've
	seen so far, the change in name by itself wouldn't have been a problem
	(other than just an outwardly noticeable change in behavior) except
	for the abovementioned failure to attach/detach new interfaces.

	Rather than take the chance that there may be other not-yet-revealed
	problems associated with changing the alias name, this patch changes
	the way that aliases are assigned to restore the old behavior.

	Old: In the past, assigning an alias to an interface was skipped if it
	was seen that the interface was type='hostdev' - we knew that the
	hostdev part of the interface was also in the list of hostdevs (that's
	part of what happens in networkAllocateActualDevice()) and it would be
	assigned when all the other hostdev aliases were assigned.

	New: When assigning an alias to an interface, we haven't yet called
	networkAllocateActualDevice() to construct the hostdev part of the
	interface, so we can't just wait for the loop that creates aliases for
	all the hostdevs (there's nothing on that list for this device
	yet!). Instead we handle it immediately in the loop creating interface
	aliases, by calling the new function networkGetActualType() to
	determine if it is going to be hostdev, and if so calling
	qemuAssignDeviceHostdevAlias() instead.

	Some adjustments have to be made to both
	qemuAssignDeviceHostdevAlias() and to qemuAssignDeviceNetAlias() to
	accommodate this. In both of them, an error return from
	qemuDomainDeviceAliasIndex() is no longer considered an error; instead
	it's just ignored (because it almost certainly means that the alias
	string for the device was "net" when we expected "hostdev" or vice
	versa). in qemuAssignDeviceHostdevAlias() we have to look at all
	interface aliases for hostdevN in addition to looking at all hostdev
	aliases (this wasn't necessary in the past, because both the interface
	entry and the hostdev entry for the device already pointed at the
	device info; no longer the case since the hostdev entry hasn't yet
	been setup).

	Fortunately the buggy behavior hasn't yet been in any official release
	of libvirt.

2016-04-04  Laine Stump  <laine@laine.org>

	qemu: change args to qemuAssignDeviceHostdevAlias()
	In certain cases, we need to assign a hostdevN-style alias in a case
	when we don't have a virDomainHostdevDefPtr (instead we have a
	virDomainNetDefPtr). Since qemuAssignDeviceHostdevAlias() doesn't use
	anything in the virDomainHostdevDef except the alias string itself
	anyway, this patch just changes the arguments to pass a pointer to the
	alias pointer instead.

2016-04-04  Laine Stump  <laine@laine.org>

	network: new function networkGetActualType
	There are times when it's necessary to learn the actual type of a
	network connection before any resources have been allocated
	(e.g. during qemuProcessPrepareDomain()), but in the past it was
	necessary to call networkAllocateActualDevice() in order to have the
	actual type filled in.

	This new function returns the type of network that *will be* setup
	once it actually happens, but without making any changes on the host.

2016-04-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Clear generated private paths
	The paths have the domain ID in them.  Without cleaning them, they would
	contain the same ID even after multiple restarts.  That could cause
	various problems, e.g. with access.

	Add function qemuDomainClearPrivatePaths() for this as a counterpart of
	qemuDomainSetPrivatePaths().

2016-04-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Simplify calls to qemuDomainSetPrivatePaths
	Since commit 9dca74ee6f54, the function can take driver and a vm, no
	need to overcomplicate.

2016-04-02  Guido Günther  <agx@sigxcpu.org>

	apparmor: QEMU monitor socket moved
	The directory name changed in a89f05ba8df095875f5ec8a9065a585af63a010b.

	This unbreaks launching QEMU/KVM VMs with apparmor enabled. It also adds
	the directory for the qemu guest-agent socket which is not known when
	parsing the domain XML.

2016-04-01  Andrea Bolognani  <abologna@redhat.com>

	Revert "hostdev: Use actual device when reattaching"
	This reverts commit ee4cfb56436b50345b072c706b87aff82e06d760.

	Since we're still not persisting our bookkeeping lists across
	daemon restarts, we might have lost some information
	virPCIDeviceReattach() relies on, for example whether the
	device needs to be unbound from the stub driver.

	As a result, if the daemon has been restarted in the meantime,
	the device might end up remaining bound to the stub driver even
	after 'virsh nodedev-reattach' or similar has been called, with
	no way of giving it back to the host short of messing with
	sysfs behind libvirt's back.

	Revert back to the previous behavior of always trying to bind
	the device to the host driver, regardless of its status when it
	was detached, until persistent bookkeeping lists have been
	implemented.

2016-04-01  Andrea Bolognani  <abologna@redhat.com>

	docs: Remove useless p:first-line CSS rule
	According to MDN[1], 'margin-left' and similar CSS properties,
	including 'margin-right', cannot be applied to the '::first-line'
	pseudo-element, so this rule will never have any effect and can
	be safely removed.

	[1] https://developer.mozilla.org/en/docs/Web/CSS/::first-line

2016-04-01  Andrea Bolognani  <abologna@redhat.com>

	docs: Remove unused #sponsor CSS rule
	Commit e14c5069c512 dropped the only user of the 'sponsor'
	CSS id, so we can drop it from the stylesheet as well.

2016-04-01  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	Pass the correct cpu count when calling virDomainGetCPUStats.
	When using the --start option, the show_count should not be set to
	max_id as the --start <cpu> means we dont need those many initial cpu
	stats. Hence, show_count should be adjusted accordingly.

	https://bugzilla.redhat.com/show_bug.cgi?id=1249441

2016-04-01  Rudy Zhang  <rudyflyzhang@gmail.com>

	migration: convert speed from MiB/sec to bytes/sec in drive-mirror jobs
	Commit 08cc14f moved the conversion of MiB/s to B/s out of the
	qemuMonitor APIs, but forgot to adjust the qemuMigrationDriveMirror
	caller.

	This patch will convert the migrate_speed value from MiB/s to its
	mirror_speed equivalent in bytes/s.

2016-04-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: perf: Tweak flags before using them
	@flags have a valid modification impact only after calling
	virDomainObjUpdateModificationImpact. virDomainObjGetOneDef calls it but
	doesn't update them in the caller.

2016-03-31  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix net device detach
	Chunyan sent a nice cleanup patch for libxlDomainDetachNetDevice

	https://www.redhat.com/archives/libvir-list/2016-March/msg00926.html

	which I incorrectly modified before pushing as commit b5534e53. My
	modification caused network devices of type hostdev to no longer
	be removed. This patch changes b5534e53 to resemble Chunyan's
	original, correct patch.

2016-03-31  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix attaching net device of type hostdev
	Chunyan sent a correct patch to fix a resource leak on error in
	libxlDomainAttachNetDevice

	https://www.redhat.com/archives/libvir-list/2016-March/msg00924.html

	I made what was thought to be an improvement and pushed the patch as
	commit e6336442. As it turns out, my change broke adding net devices
	that are actually hostdevs to the list of nets in virDomainDef. This
	patch changes e6336442 to resemble Chunyan's original, correct
	patch.

2016-03-31  Fabiano Fidêncio  <fidencio@redhat.com>

	build: workaround broken SASL header (again)
	Compilation for xdg-app failed due to a buggy SASL headers present on
	the used runtime (org.gnome.Sdk 3.18).

	In file included from rpc/virnetsaslcontext.h:24:0,
	                 from rpc/virnetsaslcontext.c:25:
	/usr/include/sasl/sasl.h:230:38: error: unknown type name 'size_t'
	 typedef void *sasl_realloc_t(void *, size_t);
	                                      ^
	/usr/include/sasl/sasl.h:235:5: error: unknown type name 'sasl_realloc_t'
	     sasl_realloc_t *,

	Use the same workaround as commit 1be3dfd did.

2016-03-31  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessVerifyGuestCPU: Avoid coverity false positive
	We use _LAST items in enums to mark the last position in given
	enum. Now, if and enum is passed to switch(), compiler checks
	that all the values from enum occur in 'case' enumeration.
	Including _LAST. But coverity spots it's a dead code. And it
	really is. So to resolve this, we tend to put a comment just
	above 'case ..._LAST' notifying coverity that we know this is a
	dead code but we want to have it that way.

	virPerfReadEvent: Prefer saferead over read
	Do I really need to explain why?
	Well, if read() is interrupted int the middle of reading, we will
	never read the rest (even though it's highly unlikely as we are
	reading just 8 bytes).

2016-03-31  Andrea Bolognani  <abologna@redhat.com>

	docs: Make most headers a bit smaller
	Headers are bold already, so the font doesn't need to be that
	big to draw attention.

	docs: Use bold text for all headers
	All headers except for <h1> were already bold: make it bold as
	well to increase visual consistency.

	docs: Don't use bold text for menu entries
	The menu should not take the focus away from the actual contents.

	docs: Make menu entries smaller
	The menu should not take the focus away from the actual contents.

	docs: Don't use <strong> in headers
	There's only one instance of that happening, and it looks
	kinda off. Get rid of it, along with the corresponding
	CSS rules.

	docs: Remove empty CSS rule

	docs: Adjust vertical whitespace in CSS
	Ensure all CSS rules are separated with a single blank line.

2016-03-31  Martin Kletzander  <mkletzan@redhat.com>

	remote: Add flags to remote_protocol-structs
	Caused by 3b6c8185328f.

2016-03-31  Michal Privoznik  <mprivozn@redhat.com>

	virDomain{Get,Set}PerfEvents: Grab job
	Even though we have the machine locked throughout whole APIs we
	are querying/modifying domain internal state. We should grab a
	job whilst doing that.

	virDomain{Get,Set}PerfEvents: support --config --live --current
	Now that we have @flags we can support changing perf events just
	in active or inactive configuration regardless of the other.
	Previously, calling virDomainSetPerfEvents set events in both
	active and inactive configuration at once. Even though we allow
	users to set perf events that are to be enabled once domain is
	started up. The virDomainGetPerfEvents API was flawed too. It
	returned just runtime info.

	virsh: Make perf accept event list separated by commas
	Everywhere else we use a comma separated list. There's no good
	reason to make 'perf' command an exception. Currently, it accepts
	string list separated by '|'.

	virsh: Prefer VIRSH_COMMON_OPT_DOMAIN_FULL over full enumeration
	We have a macro that does exactly what is done via full
	enumeration.

	virDomain{Get,Set}PerfEvents: Add @flags argument
	I've noticed that these APIs are missing @flags argument. Even
	though we don't have a use for them, it's our policy that every
	new API must have @flags.

	remoteDomainGetPerfEvents: Re-indent
	There are few lines off the indentation.

2016-03-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Split up formatting of -numa and memory devices
	They recently were extracted to a separate function. They don't belong
	together though. Since -numa formatting is pretty compact, move it to
	the main function and rename qemuBuildNumaCommandLine to
	qemuBuildMemoryDeviceCommandLine.

2016-03-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Pass numad nodeset when formatting memory devices at boot
	When starting up a VM libvirtd asks numad to place the VM in case of
	automatic nodeset. The nodeset would not be passed to the memory device
	formatter and the user would get an error.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1269715

2016-03-30  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: add check for hyperv features
	Commit 7068b56c introduced several hyperv features.  Not all hyperv
	features are supported by old enough kernels and we shouldn't allow to
	start a guest if kernel doesn't support any of the hyperv feature.

	There is one exception, for backward compatibility we cannot error out
	if one of the RELAXED, VAPIC or SPINLOCKS isn't supported, for the same
	reason we ignore invtsc, to not break restoring saved domains with older
	libvirt.

2016-03-30  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: skip only cpu features
	This check is there to allow restore saved domain with older libvirt
	where we included invtsc by default for host-passthrough model.  Don't
	skip the whole function, but only the part that checks for invtsc.

	docs: fix qemu version for hyperv features

2016-03-30  Andrea Bolognani  <abologna@redhat.com>

	host-validate: Fix suggestion for missing cpu cgroup
	If the cpu cgroup is not found when validating an host for
	LXC support, virt-host-validate will suggest to enable the
	CONFIG_CGROUP_SCHED kconfig option.

	The appropriate option is really CONFIG_CGROUP_CPU. The
	QEMU checks already get that right, so no changes needed.

2016-03-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nss: FreeBSD support
	 * tools/nss/libvirt_nss.[ch]: add BSD-comptabile wrappers and
	   register via the nss_module_register() interface
	 * m4/virt-nss.m4: add checks if we're building NSS for FreeBSD
	 * tools/Makefile.am: handle target library name differences, as
	   Linux needs libnss_libvirt.so.2 and FreeBSD needs
	   nss_libvirt.so.1. Also, different syms files have to be used
	   as Linux needs to export all the methods while FreeBSD
	   only needs to have nss_module_register()
	 * tests/nsstest.c, tests/nssmock.c: s/__linux__/NSS/
	 * tests/nssmock.c: pass int instead of mode_t to va_arg() to please
	   gcc 4.8
	 * libvirt_nss_bsd.syms: FreeBSD syms file

2016-03-29  Jim Fehlig  <jfehlig@suse.com>

	libxl: only disable domain death events in libxlDomainCleanup
	Remove disabling domain death events from libxlDomainStart error
	path. The domain death event is already disabled in libxlDomainCleanup.

2016-03-29  Chunyan Liu  <cyliu@suse.com>

	libxl: fix resource leaks in libxlDomainStart error paths
	libxlDomainStart allocates and reserves resources that were not
	being released in error paths. libxlDomainCleanup already handles
	the job of releasing resources, and libxlDomainStart should call
	it when encountering a failure.

	Change the error handling logic to call libxlDomainCleanup on
	failure. This includes acquiring the lease sooner and allowing
	it to be released in libxlDomainCleanup on failure, similar to
	the way other resources are reclaimed. With the lease now
	released in libxlDomainCleanup, the release_dom label can be
	renamed to cleanup_dom to better reflect its changed semantics.

2016-03-29  Jim Fehlig  <jfehlig@suse.com>

	libxl: rename cleanup_dom label
	Rename cleanup_dom label to destroy_dom, which better describes what
	it does.

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove now unused virDomainIOThreadIDMap

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	conf: decrease iterations complexity when formatting iothreads
	Create a bitmap of iothreads that have scheduler info set so that the
	transformation algorithm does not have to iterate the empty bitmap many
	times. By reusing self-expanding bitmaps the bitmap size does not need
	to be pre-calculated.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1264008

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	util: bitmap: Introduce self-expanding bitmap APIs
	In some cases it's impractical to use the regular APIs as the bitmap
	size needs to be pre-declared. These new APIs allow to use bitmaps that
	self expand.

	The new code adds a property to the bitmap to track the allocation of
	memory so that VIR_RESIZE_N can be used.

2016-03-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	perf: fix build on non-Linux
	 * Sync stubbed functions with prototypes
	 * Add missing ATTRIBUTE_UNUSED where needed

	Pushing under the build breaker rule.

2016-03-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix /proc/**/stat parsing
	Since commit v1.3.2-119-g1e34a8f which enabled debug-threads in QEMU
	qemuGetProcessInfo would fail to parse stats for any thread with a space
	in its name.

	https://bugzilla.redhat.com/show_bug.cgi?id=1316803

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: blockpull: Support --bytes and scaled integers
	Use vshBlockJobOptionBandwidth to parse the bandwidth value which will
	allow users to specify bandwidth in bytes or as a scaled integer.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: blockcopy: Support --bytes and scaled integers
	Use vshBlockJobOptionBandwidth to parse the bandwidth value which will
	allow users to specify bandwidth in bytes or as a scaled integer.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: blockcommit: Support --bytes and scaled integers
	Use vshBlockJobOptionBandwidth to parse the bandwidth value which will
	allow users to specify bandwidth in bytes or as a scaled integer.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: blockjob: Support --bytes and scaled integers as bandwidth
	Use vshBlockJobOptionBandwidth to parse the bandwidth value which will
	allow users to specify bandwidth in bytes or as a scaled integer.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1288000

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	vsh: Introduce helper to parse --bandwidth
	Historically we've used 'unsigned long' and allowed wrapping of negative
	numbers for bandwidth values. Add a helper that will simplify adding
	support for scaled integers and support for byte granularity while
	keeping the compatibility with the older approach.

	vsh: Refactor vshCommandOptScaledInt
	Fix control flow and spacing issues.

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	vsh: Tweak error message for scaled integers
	It was too similar to the non-scaled alternative.

	before:
	error: Numeric value 'abc' for <size> option is malformed or out of range
	after:
	error: Scaled numeric value 'abc' for <size> option is malformed or out of range

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Move and export qemuDomainDiskChainElement(Prepare|Revoke)
	Move the function to qemu_domain.c and export them for further use.

	qemu: Refactor qemuDomainPrepareDiskChainElement
	Now that there are only two elements in the enum, let's change it to a
	bool and rename the function similarly to the one added in previous
	commit.

	qemu: Split image access revoking from qemuDomainPrepareDiskChainElement
	Introduce qemuDomainDiskChainElementRevoke that revokes the access
	rather than having a flag to do so.

	qemu: Kill qemuDiskPathToAlias
	The function has terrible semantics. Split it into two functions.

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Remove JSON impls of drive_add and drive_del
	qemu won't ever add those functions directly to QMP. They will be
	replaced with 'blockdev-add' and 'blockdev-del' eventually. At this time
	there's no need to keep the stubs around.

	Additionally the drive_del stub in JSON contained dead code in the
	attempt to report errors. (VIR_ERR_OPERATION_UNSUPPORTED was never
	reported). Since the text impl does have the same message it is reported
	anyways.

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Drop qemuMonitorAttachDrive and leaves in call tree
	Functions no longer required for attaching SCSI disks since
	QEMU_CAPS_DEVICE is expected.

	qemu: hotplug: Assume support for -device in qemuDomainAttachSCSIDisk
	We've started to assume support for QEMU_CAPS_DEVICE. Doing so in the
	SCSI disk hotplug code allows us to drop a lot of ugly legacy code.

2016-03-29  Maxim Nestratov  <mnestratov@virtuozzo.com>

	bhyve: fix invalid hostsysinfo freeing

	bhyve: cleanup unnecessary variables

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	virsh: extend domstats command
	This patch extend domstats command to match extended
	virDomainListGetStats API in previous patch.

	Message-id: 1459171833-26416-9-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	virsh: implement new command to support perf
	This patch add new perf command to enable/disable perf event
	for a guest domain.

	Message-id: 1459171833-26416-8-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: reenable perf events when libvirtd restart
	When libvirtd daemon restart, this patch will reenable those perf
	events previously enabled.

	Message-id: 1459171833-26416-7-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: add new xml element
	This patch adds new xml element, and so we can have the option of
	also having perf events enabled immediately at startup.

	Message-id: 1459171833-26416-6-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	qemu_driver: add support to perf event
	This patch implement the internal driver API for perf event into
	qemu driver.

	Message-id: 1459171833-26416-5-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: implement a set of util functions for perf event
	This patch implement a set of interfaces for perf event. Based on
	these interfaces, we can implement internal driver API for perf,
	and get the results of perf conuter you care about.

	Message-id: 1459171833-26416-4-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: implement the remote protocol for perf event
	Add remote support for perf event.

	Message-id: 1459171833-26416-3-git-send-email-qiaowei.ren@intel.com

2016-03-29  Qiaowei Ren  <qiaowei.ren@intel.com>

	perf: add new public APIs for perf event
	API agreed on in
	https://www.redhat.com/archives/libvir-list/2015-October/msg00872.html

	* include/libvirt/libvirt-domain.h (virDomainGetPerfEvents,
	virDomainSetPerfEvents): New declarations.
	* src/libvirt_public.syms: Export new symbols.
	* src/driver-hypervisor.h (virDrvDomainGetPerfEvents,
	virDrvDomainSetPerfEvents): New typedefs.
	* src/libvirt-domain.c: Implement virDomainGetPerfEvents and
	virDomainSetPerfEvents.

	Message-id: 1459171833-26416-2-git-send-email-qiaowei.ren@intel.com

2016-03-29  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document NSS module
	While we have a wiki page describing the feature [1] since the
	feature is distributed in our .tar.gz we ought to document it. So
	I went ahead, copied the wiki page and reformatted so it fits our
	docs coding style.

	1: http://wiki.libvirt.org/page/NSS_module

2016-03-29  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	storage: Initialize pool size parameters for refresh thread
	If the pool creation thread happens to detect the luns in
	the scsi target, the size parameters will be calculated as
	part of the refreshPool called from storagePoolCreate().

	This means the virStoragePoolFCRefreshThread (commit id
	'512b874') waiting to run and "refresh" the pool will
	essentially double the allocation and capacity values.
	A separate refresh would correct the values.

	To avoid this, the FCRefreshThread needs to reinitialize
	the pool size values prior to calling virStorageBackendSCSIFindLUs
	which eventually calls virStorageBackendSCSINewLun and
	updates the size values for each volume found.

2016-03-29  Peter Krempa  <pkrempa@redhat.com>

	storage: rbd: Fix build
	After the recent commits the build didn't work for me. Fix it by
	using size_t as the callback argument is using and the correct
	formatter. The attempted fixup to use %llu as a formatter was wrong.

2016-03-28  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove reference to non-existent out label
	Commit e6336442 changed the 'out:' label to 'cleanup'  in
	libxlDomainAttachNetDevice(), but missed a comment referencing
	the 'out:' label. Remove it from the comment since it is no
	longer accurate anyhow.

2016-03-28  Cole Robinson  <crobinso@redhat.com>

	tests: virtnettlscontexttest: Use virGetLastErrorMessage()
	Use virGetLastErrorMessage() rather than open code it

	docs: website: more header spacing tweaks
	- remove top padding for h1. this means page titles sit flush with the top
	  of the side bar (like 'The virtualization API' on the front page)
	- up the top padding for the remaining sections. makes it visually easier
	  to tell adjacent header sections apart, especially in dense wiki pages
	- use two different spacing levels for h2-h4 and h5-h6,
	  gives pages some more visual flexibility
	- use a slightly lower bottom padding... this makes top padding stick out
	  more which makes it visually easier to differentiate between adjacent
	  header sections

2016-03-28  John Ferlan  <jferlan@redhat.com>

	docs: Update the hyperv feature qemu supported version
	In order to follow recent comments which indicate support for specific
	feature bits are supported by a specific QEMU version add the version
	from whence the relaxed, vapic, and spinlocks support was added.

2016-03-28  Maxim Nestratov  <mnestratov@virtuozzo.com>

	conf: qemu: Add support for more HyperV Enlightenment features
	This patch adds support for "vpindex", "runtime", "synic",
	"stimer", and "vendor_id" features available in qemu 2.5+.

	- When Hyper-V "vpindex" is on, guest can use MSR HV_X64_MSR_VP_INDEX
	to get virtual processor ID.

	- Hyper-V "runtime" enlightement feature allows to use MSR
	HV_X64_MSR_VP_RUNTIME to get the time the virtual processor consumes
	running guest code, as well as the time the hypervisor spends running
	code on behalf of that guest.

	- Hyper-V "synic" stands for Synthetic Interrupt Controller, which is
	lapic extension controlled via MSRs.

	- Hyper-V "stimer" switches on Hyper-V SynIC timers MSR's support.
	Guest can setup and use fired by host events (SynIC interrupt and
	appropriate timer expiration message) as guest clock events

	- Hyper-V "reset" allows guest to reset VM.

	- Hyper-V "vendor_id" exposes hypervisor vendor id to guest.

2016-03-28  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	conf: refactor hyperv features xml output
	1. All hyperv features are tristate ones. So make tristate generating part common.
	2. Reduce nesting on spinlocks.

	conf: refactor hyperv features parsing
	1. All hyperv features are tristate ones. So make tristate parsing code common.
	2. Reindent switch statement.
	3. Reduce nesting in spinlocks parsing.

2016-03-28  Laine Stump  <laine@laine.org>

	util: avoid getting stuck on macvtapN name created outside libvirt
	After the patches that added tracking of in-use macvtap names (commit
	370608, first appearing in libvirt-1.3.2), if the function to allocate
	a new macvtap device came to a device name created outside libvirt, it
	would retry the same device name MACVLAN_MAX_ID (8191) times before
	finally giving up in failure.

	The problem was that virBitmapNextClearBit was always being called
	with "0" rather than the value most recently checked (which would
	increment each time through the loop), so it would always return the
	same id (since we dutifully release that id after failing to create a
	new device using it).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1321546

2016-03-28  Chunyan Liu  <cyliu@suse.com>

	libxl: fix hot add/remove VF from a pool
	For those VF allocated from a network pool, we need to set its backend
	to be VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN so that later work can be
	correct.

2016-03-28  Anatole Denis  <natolumin@gmail.com>

	tests: storagepoolxml2xmltest: Enable pool-rbd
	This test was commited 4 years ago, but was never enabled in
	storagepoolxml2xmltest.c. This patch reactivates it, conditionnaly on RBD
	storage support being enabled

	tests: storagepoolxml2xmltest: Fix pool-rbd test
	This test failed for two reasons:
	* The uuid was missing from the input file
	* The output file had the <name> in a different place from the actual output

2016-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Revert "zfs: Only raw volumes are supported"
	This reverts commit bb5f2dc91f43f48ff726aa589bdac546738d2980.

	The "if (vol->target.format != VIR_STORAGE_FILE_RAW)" check in the
	createVol backend. This check is bogus because virStorageVolDefParseXML()
	in conf/storage_conf.c sets target.format only if volOptions in
	virStoragePoolTypeInfo has formatFromString set, and that's not the
	case the zfs backend.

	So the check always fails and breaks volume creation.

2016-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Revert "logical: Only raw volumes are supported"
	This reverts commit 6682d6219d4595b51f06867e0c30e7efd745f682.

	The "if (vol->target.format != VIR_STORAGE_FILE_RAW)" check in the
	createVol backend. This check is bogus because virStorageVolDefParseXML()
	in conf/storage_conf.c sets target.format only if volOptions in
	virStoragePoolTypeInfo has formatFromString set, and that's not the
	case the logical backend.

	So the check always fails and breaks volume creation.

2016-03-25  Chunyan Liu  <cyliu@suse.com>

	libxlDomainDetachDeviceLive: handle hostdev parent is network device
	When hostdev parent is network device, should call
	libxlDomainDetachNetDevice to detach the device from a higher level.

	libxlDomainDetachNetDevice: cleanup codes
	Adjust codes to make it cleaner.

	libxlDomainAttachNetDevice: release actual deivce and remove hostdev when fail
	When AttachNetDevice failed, should call networkReleaseActualDevice
	to release actual device, and if actual device is hostdev, should
	remove the hostdev from vm->def->hostdevs.

2016-03-25  Laine Stump  <laine@laine.org>

	network: call proper start/stop functions for macvtap bridge-mode networks
	networkStartNetwork() and networkShutdownNetwork() were calling the
	wrong type-specific function in the case of networks that were
	configured for macvtap ("direct") bridge mode - they were instead
	calling the functions for a tap+bridge network. Currently none of
	these functions does anything (they just return 0) so it hasn't
	created any problems, but that could change in the future.

2016-03-25  Laine Stump  <laine@laine.org>

	network: differentiate macvtap/bridge from host-bridge based networks
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316465

	An attempt to simplify the code for the VIR_NETWORK_FORWARD_BRIDGE
	case of networkUpdateState in commit b61db335 (first in release
	1.2.14) resulted in networks based on macvtap bridge mode being
	erroneously marked as inactive any time libvirtd was restarted.

	The problem is that the original code had differentiated between a
	network using tap devices to connect to an existing host-bridge device
	(forward mode of VIR_NETWORK_FORWARD_BRIDGE and a non-NULL
	def->bridge), and one using macvtap bridge mode to connect to any
	ethernet device (still forward mode VIR_NETWORK_FORWARD_BRIDGE, but
	null def->bridge), but the changed code assumed that all networks with
	VIR_NETWORK_FORWARD_BRIDGE were tap + host-bridge networks, so a null
	def->bridge was interpreted as "inactive".

	This patch restores the original code in networkUpdateState

2016-03-25  Christophe Fergeau  <cfergeau@redhat.com>

	test: Fix typo in testutils.h header guard
	This changes __VIT_TEST_UTILS_H__ to __VIR_TEST_UTILS_H__

	storage/rbd: Use correct printf-modifier for uint64
	%zu is for size_t variables, not uint64 ones. This causes a warning when building on
	a 32 bit linux.

2016-03-25  Michal Privoznik  <mprivozn@redhat.com>

	virTestSetEnvPath: Avoid clearing out PATH
	If the abs_builddir path already is in PATH and it's in the first
	position, due to a bug in our code PATH would be cleared out.

	admin_server: Avoid accessing unallocated memory
	In 68b726b93c11cc90 we tried to fix a mem leak. However, it
	wasn't done quite well. Problem is, virNetDaemonGetServers() may
	fail in which case virObjectListFreeCount() would be called with
	-1 objects to free. But the number of elements is taken in
	unsigned rather than signed integer.

2016-03-24  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	qemu: Replace some VIR_ERROR with vir*Error
	qemuStateInitialize uses a mix of VIR_ERROR and standard vir*Error
	calls. Prefer the standard vir*Error

	qemu: Don't duplicate virGetLastErrorMessage
	These uses of virGetLastError message are just duplicating
	virGetLastErrorMessage.

2016-03-24  Michal Privoznik  <mprivozn@redhat.com>

	testutils: Adapt to highly unlikely case
	Coverity pointed out that getenv("PATH") may return NULL. Well,
	we check for that in virFindFileInPath() too. If this happens, we
	will pass NULL into strstr(). Ouch.

	nsstest: Drop useless @data check
	The variable is dereferenced prior its check for NULL. The check
	itself does not make much sense anyway - it's our test, we know
	we are not passing NULL.

2016-03-24  Erik Skultety  <eskultet@redhat.com>

	virlog: Refactor virLogParseFilters
	Patch 0b231195 refactored logging output parser to make it more readable.
	This patch does similar thing to logging filter parser.

	tests: Add new testcases to test parsing of log filters in virlogtest

	tests: virlogtest: Fix testLogParseOutputs return value
	The test can return positive value even though it should have failed. It just
	returns the value parser returned, which should be flipped back to -1 if
	something went wrong or the result was unexpected, but it isn't.

2016-03-24  Pavel Hrdina  <phrdina@redhat.com>

	admin_server: fix memory leak
	If caller of adminConnectListServers() pass NULL instead of servers we
	need to free the list we've received from virNetDaemonGetServers().

2016-03-24  Michal Privoznik  <mprivozn@redhat.com>

	gendispatch: Avoid comparing signed and unsigned vars
	The adminDispatchConnectListServers() function is generated by
	our great perl script. However, it has a tiny flaw: if
	adminConnectListServers() it calls fails, the control jumps onto
	cleanup label where we try to free any list of servers built so
	far. However, in the loop @i is unsigned (size_t) while @nresults
	is signed (int). Currently, it does no harm because of the check
	for @result being non-NULL. But if that ever changes in the
	future, this bug will be hard to chase.

	event-test: Check for virConnectRegisterCloseCallback return value
	In an unlikely event of virConnectRegisterCloseCallback failing,
	the error is ignored. This is an example file and we shouldn't
	get a bad example.

	event-test: Use goto cleanup instead of if else jungle
	Like in the rest of our code we tend to prefer 'goto' and
	'cleanup' over 'if else' code structure. Do the same here.

	qemuxml2argvtest: Adapt to ethernet automatic tap creation
	After 9c17d665fdc5 the tap device for ethernet network type is
	automatically precreated before spawning qemu. Problem is, the
	qemuxml2argvtest wasn't updated and thus is failing. Because of
	all the APIs that new code is calling, I had to mock a lot. Also,
	since the tap FDs are labeled separately from the rest of the
	devices/files I had to enable NOP security driver for the test
	too.

2016-03-23  Cole Robinson  <crobinso@redhat.com>

	remote: Fix error message
	We were printing the wrong MAX value

2016-03-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argv: Mock virSCSIDeviceGetSgName
	When constructing SCSI hostdev command line for qemu, the
	/sys/bus/scsi/devices/... dir is scanned. Unfortunately, even in
	the tests. This is needed to determine the name of SCSI device to
	passthrough to qemu, because in the domain XML we were given its
	address instead. Anyway, we should not be touching live system
	data in our test suite as it produced unpredictable results. The
	test is regressing from 1e9a083742efe on.

2016-03-23  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	autocreate tap device for ethernet network type
	If a user specify network type ethernet, then create it via libvirt and run
	script if it provided. After this commit user does not need to
	run external script to create tap device or add root permissions to qemu
	process.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	tests: hostdev: Add more tests
	Ensure the code behaves properly even for situations that were not
	being considered before, such as simply detaching devices from the
	host without attaching them to a guest and attaching devices as
	managed even though they had already been manually detached from
	the host.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Use actual device when reattaching
	Instead of forcing the values for the unbind_from_stub, remove_slot
	and reprobe properties, look up the actual device and use that when
	calling virPCIDeviceReattach().

	This ensures the device is restored to its original state after
	reattach: for example, if it was not bound to any driver before
	detach, it will not be bound forcefully during reattach.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Save netdev configuration of actual device
	We would be just fine looking up the information in pcidevs most
	of the time; however, some corner cases would not be handled
	properly, so look up the actual device instead.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Streamline device ownership tracking
	After this patch, ownership of virPCIDevice instances is very easy
	to keep track of: for each host PCI device, the only instance that
	actually matters is the one inside one of the bookkeeping list.

	Whenever some operation needs to be performed on a PCI device, the
	actual device is looked up first; when this is not the case, a
	comment explains the reason.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Stop early if unmanaged devices have not been detached
	Unmanaged devices, as the name suggests, are not detached
	automatically from the host by libvirt before being attached to a
	guest: it's the user's responsability to detach them manually
	beforehand. If that preliminary step has not been performed, the
	attach operation can't complete successfully.

	Instead of relying on the lower layers to error out with cryptic
	messages such as

	  error: Failed to attach device from /tmp/hostdev.xml
	  error: Path '/dev/vfio/12' is not accessible: No such file or directory

	prevent the situation altogether and provide the user with a more
	useful error message.

2016-03-23  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Detect untracked inactive devices
	Unmanaged devices are attached to guests in two steps: first,
	the device is detached from the host and marked as inactive;
	subsequently, it is marked as active and attached to the guest.

	If the daemon is restarted between these two operations, we lose
	track of the inactive device.

	Steps 5 and 6 of virHostdevPreparePCIDevices() already subtly
	take care of this situation, but some planned changes will make
	it so that's no longer the case. Plus, explicit is always better
	than implicit.

2016-03-22  Pavel Hrdina  <phrdina@redhat.com>

	qemuxml2argvtest: cleanup test
	Use qemuProcessCreatePretendCmd instead duplicating required steps from
	qemuProcessStart.

	qemuxml2argvtest: use driver.config and priv for qemuDomainSetPrivatePaths
	Update testutilsqemu to overwrite libDir and channelTargetDir and set
	private paths using domain's privateData.  This changes is required for
	following patch.

	qemu_driver: cleanup qemuConnectDomainXMLToNative
	Use qemuProcessCreatePretendCmd instead duplicating required steps from
	qemuProcessStart.

2016-03-22  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: introduce qemuProcessCreatePretendCmd
	This will skip few steps from qemuProcessStart in order to create only
	qemu CMD.  Use a VIR_QEMU_PROCESS_START_PRETEND for all the qemuProcess*
	functions called by this one to not modify or check host.

	This new function will be used later on for XMLToNative API and also for
	qemuxml2argvtest to make sure that both API and test uses the same code
	as qemuProcessStart.

	We need also update qemuProcessInit to wrap few lines of code with check
	that VIR_QEMU_PROCESS_START_PRETEND that makes sense only for
	qemuProcessStart.

2016-03-22  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: move qemuDomainSetPrivatePaths to qemuProcessInit

	qemu_process: move checks to qemuProcessStartValidate
	Move all code that checks host and domain.  Do not check host if we use
	VIR_QEMU_PROCESS_START_PRETEND flag.

	qemu: update callers of qemuProcessStartValidate to use virDomainObjPtr
	This change is required by following patches.

	qemu_process: introduce qemuProcessPrepareHost
	Move all code that modifies host system to this function.

	qemu_process: introduce qemuProcessPrepareDomain
	Move all code that modifies only live XML to this function.  The new
	VIR_QEMU_PROCESS_START_PRETEND flag will be used by qemuXMLToNative and
	qemuxml2argvtest later in order to reuse the same code as
	qemuProcessStart uses.

	tests: cleanup qemuxml2argvtest
	This removes the testFailed magic and makes the code more readable.

	nvram: generate it's path in qemuDomainDefPostParse
	The postParse callback is the correct place to generate default values
	that should be present in offline XML.

	qemu_process: check for correct return value while starting domain
	Function qemuProcessLaunch returns '-2' in case there was an error and
	we need to cleanup labels.

2016-03-22  Pavel Hrdina  <phrdina@redhat.com>

	qemu-hotplug: fix eject media
	QEMU changed the error message to:

	        "Tray of device 'drive-sata0-0-1' is not open"

	and they may change the error massage in the future.

	This updates the code to not depend on the text from the error message
	but only on error itself.

2016-03-21  Martin Kletzander  <mkletzan@redhat.com>

	nss: Make aligning look nicer
	Every aligning requires at least one cast and it's hard to read.  Let's
	make a function that makes sure the pointer is moved according to the
	alignment and use that to move throughout the data buffer.

2016-03-21  Michal Privoznik  <mprivozn@redhat.com>

	tests: Produce predictable results in nsstest
	Problem is that in the test any status file matching
	tests/nssdata/*.status is loaded as it contains IP addresses that
	are parsed. However, there's no order specified in which the
	files are loaded. Therefore on different systems the order may be
	different. This is then producing an unexpected results.
	Instead of defining an order in which the files are loaded, make
	the code that checks for missing IP addresses (or redundant ones)
	cope with unordered list of addresses. The reasoning behind is
	that the code doing the parsing is used in real NSS module where
	we don't care for ordering.

2016-03-21  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	tests: nodedevxml2xml: add test for SCSI target
	Let's add a test for SCSI target nodedev devices.

2016-03-21  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	conf: node_device: fix up SCSI target
	When reading in an XML definition for a SCSI target device, the name
	property of struct scsi_target refers to the @target element.

	Let's fix this obvious typo and also extend the XML schema to provide
	validation.

2016-03-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: support enabling and disabling <hap> feature
	Until now, the libxl driver ignored any <hap> setting in domain XML
	and deferred to libxl, which enables hap if not specified. While
	this is a good default, it prevents disabling hap if desired.

	This change allows disabling hap with <hap state='off'/>. hap is
	explicitly enabled with <hap/> or <hap state='on/>. Absense of <hap>
	retains current behavior of deferring default state to libxl.

2016-03-21  Jim Fehlig  <jfehlig@suse.com>

	Xen drivers: show hap enabled by default in capabilities
	Hardware Assisted Paging is enabled by default in Xen. Change
	the capabilities output to reflect this.

	xenconfig: change 'hap' setting to align with Xen behavior
	hap is enabled by default in xm and xl config and usually only
	specified when it is desirable to disable hap (hap = 0). Change
	the xm,xl <-> xml converter to behave similarly. I.e. only
	produce 'hap = 0' when <hap state='off'/> and vice versa.

2016-03-21  Jim Fehlig  <jfehlig@suse.com>

	conf: add 'state' attribute to <hap> feature
	Most hypervisors use Hardware Assisted Paging by default and don't
	require specifying the feature in domain conf. But some hypervisors
	support disabling HAP on a per-domain basis. To enable HAP by default
	yet provide a knob to disable it, extend the <hap> feature with a
	'state=on|off' attribute, similar to <pvspinlock> and <vmport> features.

	In the absence of <hap>, the hypervisor default (on) is used. <hap>
	without the state attribute would be the same as <hap state='on'/> for
	backwards compatibility. And of course <hap state='off'/> disables hap.

2016-03-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add flags to qemuMigrationWaitForCompletion
	The function already takes two bool arguments, switching to flags makes
	it a lot easier to read. Especially in case we need to add another
	boolean in the future.

	qemu: Refuse to abort migration in post-copy mode
	In post-copy mode none of the hosts has a complete guest state and
	rolling back migration is impossible. Thus aborting it would be
	equivalent to destroying the domain.

	qemu: Handle post-copy migration failures
	When migration fails in the post-copy mode, it's impossible to just kill
	the destination domain and resume the source since the source no longer
	contains current guest state. Let's mark domains on both sides as
	VIR_DOMAIN_PAUSED_POSTCOPY_FAILED to let the upper layer decide what to
	do with them.

	qemu: Refactor qemuProcessRecoverMigration

	qemu: Don't kill running migrated domain on daemon restart
	When destination libvirtd is restarted during migration in Finish phase
	just after the point we started guest CPUs, we should not kill the
	domain.

2016-03-21  Cristian Klein  <cristiklein@gmail.com>

	virsh: Add --postcopy-after-precopy option to migrate

2016-03-21  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Configurable migrate --timeout action

2016-03-21  Cristian Klein  <cristiklein@gmail.com>

	virsh: Add support for post-copy migration

	qemu: Implement virDomainMigrateStartPostCopy

	qemu: Add support for VIR_MIGRATE_POSTCOPY flag

	qemu: Add QMP functions for post-copy migration

2016-03-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Handle postcopy-active migration state
	Migration enters "postcopy-active" state after QEMU switches to
	post-copy and pauses guest CPUs. From libvirt's point of view this state
	is similar to "completed" because we need to transfer guest execution to
	the destination host.

2016-03-21  Cristian Klein  <cristiklein@gmail.com>

	Add public APIs for post-copy migration
	To use post-copy one has to start the migration with
	VIR_MIGRATE_POSTCOPY flag and, while migration is in progress, call
	virDomainMigrateStartPostCopy() to switch from pre-copy to post-copy.

2016-03-21  Jiri Denemark  <jdenemar@redhat.com>

	Add event and state details for post-copy
	VIR_DOMAIN_EVENT_SUSPENDED_POSTCOPY and VIR_DOMAIN_PAUSED_POSTCOPY are
	used on the source host once migration enters post-copy mode (which
	means the domain gets paused on the source. After the destination host
	takes over the execution of the domain, its virtual CPUs are resumed and
	the domain enters VIR_DOMAIN_RUNNING_POSTCOPY state and
	VIR_DOMAIN_EVENT_RESUMED_POSTCOPY event is emitted.

	In case migration fails during post-copy mode and none of the hosts have
	complete state of the domain, both domains will remain paused with
	VIR_DOMAIN_PAUSED_POSTCOPY_FAILED reason and an upper layer may decide
	what to do.

2016-03-21  Martin Kletzander  <mkletzan@redhat.com>

	util: Add virSocketAddrSetIPv[46]AddrNetOrder and use it
	This allows setting the address in host and/or network order and makes
	the naming consistent.  Now you don't need to call [hn]to[nh]l()
	functions as that is taken care of by these functions.  Also, now
	the *NetOrder take the address in network order, the other functions in
	host order so the naming and usage is consistent.  Some places were
	having the address in network order and calling ntohl() just so the
	original function can call htonl() again.  This makes it nicer to read.

2016-03-21  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: Don't add -spice port=0 when no port is specified
	If a <graphics type='spice'> has no port nor tlsPort set, the generated
	QEMU command line will contain -spice port=0.
	This is later going to be ignored by spice-server, but it's better not
	to add it at all in this situation.
	As an empty -spice is not allowed, we still need to append port=0 if we
	did not add any other argument.

	qemu: Omit SPICE address if no port is specified
	Currently -spice addr=127.0.0.1 is generated, but spice-server is going
	to ignore this as no port is specified.

2016-03-21  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: Make all SPICE command-line args optional
	The end goal is to avoid adding -spice port=0,addr=127.0.0.1 to QEMU command
	line when no SPICE port is specified in libvirt XML.

	Currently, the code relies on port=xx to always be present, so subsequent
	args can be unconditionally appended with a leading ','. Since port=0
	will no longer be added in a subsequent commit, we append a ',' to every
	arg instead of prepending, and remove the last one before adding it to
	the arg list.

2016-03-21  Richard Laager  <rlaager@wiktel.com>

	zfs: Only unencrypted volumes are supported

	zfs: Only raw volumes are supported

	logical: Only raw volumes are supported

	storage: Improve code consistency between backends
	This improves the code consistency around freeing vol->target.path in
	createVol implementations.

	sheepdog: Use a consistent error message
	This also reduces the number of strings to translate.

	rbd: Use proper error type

2016-03-20  Cole Robinson  <crobinso@redhat.com>

	domain: Add virDomainDefAddImplicitDevices
	It's just a combination of AddImplicitControllers, and AddConsoleCompat.
	Every caller that wants ImplicitControllers also wants the ConsoleCompat
	AFAICT, so lump them together. We also need it for future patches.

2016-03-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nss: don't try to build nss plugin when disabled
	Even if nss is disabled, the build system tries to build some
	targets like libnss_libvirt_impl.la and nsstest. Hide those
	under the "if WITH_NSS" block like the rest of NSS plugin bits.

2016-03-18  Cole Robinson  <crobinso@redhat.com>

	bhyve: caps: Log error message when CPU init fails
	virBhyveCapsInitCPU will raise a libvirt error; even though we treat
	it as non-fatal we should log the actual message.

2016-03-18  Cole Robinson  <crobinso@redhat.com>

	domain: Remove controller/net address whitelists
	Judging by how the whitelist has skewed quite far from the original
	error message, I think it's better to just drop these.

	If someone wants to revive this check I suggest implementing it on
	a per-HV driver basis with PostParse callbacks.

2016-03-18  Martin Kletzander  <mkletzan@redhat.com>

	nodedev: Expose PCI header type
	If we expose this information, which is one byte in every PCI config
	file, we let all mgmt apps know whether the device itself is an endpoint
	or not so it's easier for them to decide whether such device can be
	passed through into a VM (endpoint) or not (*-bridge).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1317531

2016-03-18  Martin Kletzander  <mkletzan@redhat.com>

	nodedev: Indent PCI express for future fix
	Best viewed with '-w' as this is just an adjustment for future patch to
	be readable without that.

2016-03-18  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce nsslinktest
	The only purpose of this test is to catch possible linking
	problems with libnss_libvirt.so.2.
	One of the problems I faced was that the NSS plugin was unloaded
	immediately after it got loaded and the name resolution process
	continued with next configured option. Without any error. It was
	very hard to debug why until I created this simple test and found
	out immediately that there were some symbols missing. The reason
	why problem was not caught in nsstest is that in the test we want
	to use all the fancy stuff and therefore link it with libvirt.la.
	So even if there's a symbol missing in the NSS plugin it will be
	found in the libvirt.la.
	But even after I resolved the issue we still need this test
	because files the NSS plugin is built from are still live (mostly
	those under utils/ dir). So as they change new symbol might be
	required which would render the NSS plugin unusable.

	nss: Introduce a test
	A small test to see how is the nss module working.

	Implement _nss_libvirt_gethostbyname4_r
	This function is a different beast compared to previous ones.
	But yet again, nothing surprising is happening here.

	nss: Implement _nss_libvirt_gethostbyname3_r
	The implementation is pretty straightforward. Moreover, because
	of the nature of things, gethostbyname_r and gethostbyname2_r can
	be implemented at the same time too.

	libvirt.spec.in: Introduce libvirt-nss package
	Lets put the NSS module into its own package.

	Initial support for NSS plugin skeleton
	Name Service Switch is a glibc feature responsible for many
	things. Translating domain names into IP addresses and vice versa
	is just one of them. However, currently it's the only
	functionality that this commit is tickling. Well, in this commit
	the plugin skeleton is introduced. Implementation to come in next
	patches.
	Because of the future testing, where the implementation is to be
	linked with a test, this needs to go into static library. Linking
	a program with an .so statically is not portable. Therefore a
	dummy libnss_libvirt_impl library is being introduced too.

	virsocketaddr: Introduce virSocketAddrSetIPv6Addr
	This is a missing counterpart for virSocketAddrSetIPv4Addr()
	and is going to be needed later in the tests.

	virLeaseReadCustomLeaseFile: Allow server_duid to be NULL
	This function is going to be used later in such context where the
	argument makes no sense. Teach this function to cope with that
	instead of the caller having to deal with passing some dummy
	argument.

	Export virLease* functions for leases file handling
	These functions are going to be reused very shortly. So instead
	of duplicating the code, lets move them into utils module.

2016-03-18  Jim Fehlig  <jfehlig@suse.com>

	tests: add schema test for default cache mode
	None of the existing domXML configs under tests/* specify a
	default cache mode since default generally means "use the
	hypervisor default" and is left unset by the various hypervisor
	drivers. Add a config to tests/domainschemadata that specifies
	cache='default'.

	tests: add xlconfigdata to domainschematests
	Include the XML files under tests/xlconfigdata in the domain
	schema tests

2016-03-18  John Ferlan  <jferlan@redhat.com>

	conf: Format disk pool part_separator attribute for running pool
	Commit id '4f846170' added printing of a new field 'part_separator';
	however, neglected to do so when there was an "freeExtent" defined
	for the device (as there would be when the disk pool was started).

	This patch adjusts the logic to appropriately format the device path and
	if there the part_separator attribute.

2016-03-18  John Ferlan  <jferlan@redhat.com>

	qemu: Move last error save/restore to qemuBuildNetCommandLine
	Commit 'ef2ab8fd' moved just the virDomainConfNWFilterTeardown and left
	the logic to save/restore the current error essentially doing nothing
	in the error path for qemuBuildCommandLine.  So move it to where it
	was meant to be.

	Although the original code would reset the filter on command creation
	errors after building the network command portion and commit 'ef2ab8fd'
	altered that logic, the teardown is called during qemuProcessStop from
	virDomainConfVMNWFilterTeardown and that code has the save/restore
	last error logic, so just allow that code to handle the teardown rather
	than running it twice. The qemuProcessStop would be called in the failure
	path of qemuBuildCommandLine.

2016-03-18  Michal Privoznik  <mprivozn@redhat.com>

	tests: Set PATH in each test
	Currently we spawn couple of binaries in our test suite.
	Moreover, we provide some spoofed versions of system binaries
	hoping that those will be executed instead of the system ones.
	For instance, for testing SSH socket we have written our own ssh
	binary for producing predictable results. We certainly don't want
	to execute the system ssh binary.
	However, in order to prefer our binaries over system ones, we
	need to set PATH environment variable. But this is done only at
	the Makefile level. So if anybody runs a test by hand that
	expects our spoofed binary, the test ends up executing real
	system binaries. This is not good. In fact, it's terribly wrong.
	The fix lies in a small trick - putting our build directory at
	the beginning of the PATH environment variable in each test.
	Hopefully, since every test has this VIRT_TEST_MAIN* wrapper, we
	can fix this at a single place.
	Moreover, while this removes setting PATH for our tests written
	in bash, it's safe as we are not calling anything ours that would
	require PATH change there.

	Drop paths.h include
	We include the file in plenty of places. This is mostly due to
	historical reasons. The only place that needs something from the
	header file is storage_backend_fs which opens _PATH_MOUNTED. But
	it gets the file included indirectly via mntent.h. At no other
	place in our code we need _PATH_.*. Drop the include and
	configure check then.

2016-03-17  Jovanka Gulicoska  <jovanka.gulicoska@gmail.com>

	driver: log missing modules as INFO, not WARN
	Missing modules is a common expected scenario for most libvirt usage on
	RPM distributions like Fedora, so it doesn't really warrant logging at
	WARN level. Use INFO instead

	https://bugzilla.redhat.com/show_bug.cgi?id=1274849

2016-03-17  Martin Kletzander  <mkletzan@redhat.com>

	admin: Add virAdmConnectLookupServer
	It does not have a suffix ByName because there are no other means of
	looking up the server and since the name is known, this should be the
	preferred one.

2016-03-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: implement setting target disks migration port
	Mostly it is just passing new parameter here and there. In case
	of zero value we fallback to auto selecting port and thus keep
	backward compatibility.

	Also we need to fix places of auto selected port managment.
	We should bother only when auto selected was done that is
	when externally specified port is not 0.

2016-03-17  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: add target peer disks port
	Some hypervisors (namely qemu) can have a separate connecton for
	non-shared disks migration of active domains. Currently we have
	no means to control the port of such a connection. At the same
	time we have options to control port of memory migration traffic
	(thru migration uri) as well as interfaces that target server
	is bound to for incoming migration (thru VIR_MIGRATE_PARAM_LISTEN_ADDRESS).
	Let's add the option for setting disks port too.

2016-03-17  Pavel Hrdina  <phrdina@redhat.com>

	docs: fix libvirt version for vram64 in formatdomain.html.in

2016-03-17  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: code refactoring
	In prlsdkAddNet() Attach/DetachNet() functions
	privconn should be the first argument

2016-03-17  Cole Robinson  <crobinso@redhat.com>

	rpc: wait longer for session daemon to start up
	https://bugzilla.redhat.com/show_bug.cgi?id=1271183

	We only wait 0.5 seconds for the session daemon to start up and present
	its socket, which isn't sufficient for many users. Bump up the sleep
	interval and retry amount so we wait for a total of 5.0 seconds.

2016-03-16  Erik Skultety  <eskultet@redhat.com>

	virlog: Fix build breaker with "comparison between signed and unsigned"
	Refactor series 0b231195 worked with virLogDestination type which, depending
	on the compiler, might be (and probably will be) an unsigned data type.
	However, virEnumFromString may return -1 in case of an error. So, when enum
	happens to be unsigned, some compilers will naturally complain about foo:
	    'if (foo < 0)'

2016-03-16  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: set default SCSI model
	Each version of virtuozzo supports only one type of SCSI controller
	So if we add disk on SCSI bus, we should set SCSI controller model.
	We can take it from vzCapabilities structure.

	vz: check supported controllers
	Because Vz6 supports SCSI(BUSLOGIC), IDE and SATA controllers only and
	Vz7 supports SCSI(VIRTIO_SCSI) and IDE only we add list of supported
	controllers and scsi models to vzCapabilities structure.
	When a new  connection opens, we select proper capabilities values according
	to Virtuozzo version and check them in XMLPostParse.

	vz: report correct disk format in domainGetXMLDesc
	We should report correct disk format depending on vz version and domain type.
	Since we support only one disk format for each domain type, we can take it
	from vzCapabilities structure.

2016-03-16  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: move prlsdkCheckDiskUnsupportedParams to vz_utils.c
	As long as we have another function checking disk parameters correctness,
	let's have them in one place. Here we change prefix of the moved function and
	start to call it from vzCheckUnsupportedDisks rather than add disk.

2016-03-16  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: check supported disk format and bus
	Now we check disk parameters correctness in DomainPostParse.

2016-03-16  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: add vzCapabilities to connection structure
	As far as Virtuozzo6 and Virtuozzo7 support different disk types for virtual
	machines (ploop and qcow2 respectively) and different buses (vz6: IDE, SCSI,
	SATA; vz7: IDE SCSI) we add vzCapabilities structure to help undestand which
	disk formats and buses are supported in the context of a current connection.

	When a new connection opens, we select proper capabilities in accordance to
	current Virtuozzo version.

2016-03-16  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: save vz version in connection structure
	Move code from connectGetVersion callback to vzInitVersion function

2016-03-16  Erik Skultety  <eskultet@redhat.com>

	virlog: Refactor virLogParseOutputs
	The problem with the original virLogParseOutputs method was that the way it
	parsed the input, walking the string char by char and using absolute jumps
	depending on the virLogDestination type, was rather complicated to read.
	This patch utilizes virStringSplit method twice, first time to filter out any
	spaces and split the input to individual log outputs and then for each
	individual output to tokenize it by to the parts according to our
	PRIORITY:DESTINATION?(:DATA) format. Also, to STREQLEN for matching destination
	was replaced with virDestinationTypeFromString call.

	virlog: Introduce Type{To,From}String for virLogDestination
	In order to refactor the ugly virLogParseOutputs method, this is a neat way of
	finding out whether the destination type (in the form of a string) user
	provided is a valid one. As a bonus, if it turns out it is valid, we get the
	actual enum which will later be passed to any of virLogAddOutput methods right
	away.

	tests: Add a new test for logging outputs parser
	Test for parser's functionality.

	tests: Slightly tweak virlogtest
	Patch adds a generic DO_TEST_FULL macro, some PASS/FAIL macros to better
	visually distinguish tests that should fail and tests that should pass. Also,
	some cosmetic changes like renames and direct call to fprintf is replaced with
	our VIR_TEST_DEBUG macro, as using testutils should be our preferred way of
	reporting errors in tests.

2016-03-16  Martin Kletzander  <mkletzan@redhat.com>

	nodedev: Shorten match condition
	Just a cleanup I stumbled upon in one of my older branches I did when
	browsing through some code and forgot to send it.

	qemu: Don't access uninitialized memory
	In qemuConnectDomainXMLToNative() we set up the monitor, but we never
	memset() it to zeros.  Thanks to the introduction of the logfile
	parameter of chardevs (and the logfile member of the struct), we started
	checking whether that's non-NULL and that exposed this old error.

2016-03-15  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't overwrite DomainSave errors
	These functions already report fine grained errors, there's no
	benefit to overwriting the error here.

2016-03-15  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemuDomainRevertToSnapshot: save domain configuration
	Reverting to a snapshot may change domain configuration. New
	configuration should be saved if domain has persistent flag.

	VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT is emitted in case of
	configuration update.

2016-03-15  Dmitry Andreev  <dandreev@virtuozzo.com>

	Introduce new VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT sub-event
	VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT event should be emitted
	when domain configuration was changed on revert to snapshot.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildPanicCommandLine
	Add new function to manage adding the panic device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	qemu: Introduce qemuBuildNVRAMCommandLine
	Add new function to manage adding the NVRAM device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildRNGCommandLine
	Add new function to manage adding the RNG device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also modify the qemuBuildRNGDevStr to use const virDomainDef instead
	of virDomainDefPtr.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildMemballoonCommandLine
	Add new function to manage adding the memballoon device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also modify the qemuBuildMemballoonDevStr to use const virDomainDef
	instead of virDomainDefPtr.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildHostdevCommandLine
	Add new function to manage adding the host device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also modify qemuBuildPCIHostdevDevStr, qemuBuildUSBHostdevDevStr,
	and qemuBuildSCSIHostdevDevStr to use const virDomainDef instead
	of virDomainDefPtr.

	Make qemuBuildPCIHostdevPCIDevStr and qemuBuildUSBHostdevUSBDevStr
	static to the qemu_command.c.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildRedirdevCommandLine
	Add new function to manage adding the redirdev device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also move the qemuBuildRedirdevDevStr closer to the new function and
	modify to use the const virDomainDef instead of virDomainDefPtr

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildWatchdogCommandLine
	Add new function to manage adding the watchdog device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also since qemuBuildWatchdogDevStr was only local here, make it static as
	well as modifying the const virDomainDef.

2016-03-15  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildSoundCommandLine
	Add new function to manage adding the sound device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also since qemuBuildSoundDevStr was only local here, make it static as
	well as modifying the const virDomainDef.

2016-03-15  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Add more comments
	These comments explain the difference between a virPCIDevice
	instance used for lookups and an actual device instance; some
	information is also provided for specific uses.

	hostdev: Use consistent variable names
	This is not just a cosmetic change: the name of the variable now
	gives a hint about what it is supposed to be used for.

2016-03-15  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Remove virHostdevGetActivePCIHostDeviceList()
	virHostdevGetPCIHostDeviceList() is similar but does not filter out
	devices that are not in the active list; that said, we are looking
	up the device in the active list just a few lines after anyway, so
	we might as well just keep a single function around.

	This also helps stress the fact the objects contained in pcidevs are
	only for looking up the actual devices, which is something later
	commits will make even more explicit.

2016-03-14  Jim Fehlig  <jfehlig@suse.com>

	schema: support 'default' cache mode
	The docs claims the cache attribute of the disk <driver>
	element supports 'default' as one of its permissible values,
	but such configuration fails virt-xml-validate. Add 'default'
	as one of the cache attribute choices in domaincommon.rng.

2016-03-14  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Rename usesVfio -> usesVFIO
	Acronyms should be written in all caps.

2016-03-14  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Rename hostdev_mgr -> mgr
	We're in the hostdev module, so mgr is not an ambiguous name, and
	in fact it's already used in some cases. Switch all the code over.

	Take the chance to shorten declaration of
	virHostdevIsPCINodeDeviceUsedData structures.

2016-03-14  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Look up devices using IDs when possible
	When we want to look up a device in a device list and we already
	have the IDs from another source, we can simply use
	virPCIDeviceListFindByIDs() instead of creating a temporary device
	object.

	hostdev: Change argument order for virHostdevReattachPCIDevice()
	The new order aligns better with the virHostdev prefix.

	hostdev: virHostdevIsPCINetDevice() should return a bool
	The only possible return values are true and false, so the return
	type should be bool instead of int.

2016-03-14  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Rework resetvfnetconfig loop condition
	If 'last_processed_hostdev_vf != -1' is false then, since the
	loop counter 'i' starts at 0, 'i <= last_processed_hostdev_vf'
	can't possibly be true and the loop body will never be executed.

	However, since 'i' is unsigned and 'last_processed_hostdev_vf'
	is signed, we can't just get rid of the check completely; what
	we can do is move it outside of the loop to avoid checking its
	value on every iteration and cluttering the actual loop
	condition.

2016-03-14  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: fix active domain listing
	Since commit 9c14a9ab we have broken active domain listing
	because reworked prlsdkLoadDomain doesn't set dom->def->id
	propely. It just looses it when a new def structure is set.
	Now we make prlsdkConvertDomainState function return void
	and move calling it after an old dom->def is replaces with
	a new one within prlsdkLoadDomain function.

2016-03-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildVideoCommandLine: Don't access def->videos without check
	This function can be called over a domain definition that has no
	video configured. The
	tests/qemuxml2argvdata/qemuxml2argv-minimal.xml file could serve
	as an example. Problem is, before the check that domain has some
	or none video configured, def->videos is dereferenced causing a
	segmentation fault in case there's none video configured.

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildVideoCommandLine
	Add new function to manage adding the video device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildInputCommandLine
	Add new function to manage adding the input device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Make qemuBuildUSBInputDevStr static since only this module calls it.

	Also the change to use const virDomainDef forces other changes.

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Modify qemuBuildTPMCommandLine
	Modify the argument order and types to match other similar helpers.

	Also modify called functions to use the def->emulator instead of passing
	def->emulator and def.

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildConsoleCommandLine
	Add new function to manage adding the console device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	qemu: Introduce qemuBuildChannelsCommandLine
	Add new function to manage adding the channel device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	qemu: Introduce qemuBuildParallelsCommandLine
	Add new function to manage adding the parallels device options to the
	command line removing that task from the mainline qemuBuildCommandLine.
	Alter logic slight to reduce indention level.

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildSerialCommandLine
	Add new function to manage adding the serial device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Using const virDomainDef causes collateral damage in other called APIs
	which need to make the similar adjustment

2016-03-12  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildSmartcardCommandLine
	Add new function to manage adding the smartcard device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Alter the logic slightly to make !nsmartcards check first so that remainder
	of the code is less indented.

2016-03-11  Martin Kletzander  <mkletzan@redhat.com>

	gendispatch: Use proper error for limit checking
	All other places use VIR_ERR_RPC except this one, let's be consistent,
	shall we?

	virt-admin: Don't tell everyone needlessly we're connected
	There are cases when we don't want to tell the user we are connected.
	That's for example when we first connect to the server without the
	command 'connect' itself.  That helps to clear out output of first
	command, mainly when running non-interactively.

	remote: Generate what's possible
	Since gendisplatch can now generate "modern" *ListAll* functions, let
	them all be generated.

	gendispatch: Support modern listing of more types

	gendispatch: Remember the name of snapshot variable name
	Until now, the script assumed that snapshot name is 'snap', but that's
	going to change.

	gendispatch: Accept server as an argument

	admin: Generate ConnectListServers dispatch helpers
	Since we have the opportunity now, let's save some precious code lines.

	gendispatch: Be able to generate multi-return values
	Let's call it modern_ret_as_list as opposed to single_ret_as_list.  The
	latter was able to return list of things.  However the new, more modern,
	version came and it is used since listAllDomains till nowadays in
	ListServers.

	gendispatch: Cluster, don't capture if not needed
	We were using parentheses for grouping admin|remote even though we didn't
	need to capture what's in it.  That caused some changes to be greater
	than needed and, to be honest, some confusion as well.  Let's use it as
	it should be used.  It'll also make future changes more consistent.

	admin: Be consistent when resetting errors
	Resetting an error should be the first thing public API does.

	virt-admin: Don't leak uri in cmdSrvList
	virAdmConnectGetURI() returns string that needs to be free()'d but we
	haven't done that.

	admin: Don't use priority for admin APIs
	There are no priority workers as they don't make sense for now.

	Change virNetDaemonGetServerNames to virNetDaemonGetServers
	For now it does not matter which ones we return as the code is similarly
	complex, however it will fit in with other constructs in the future,
	mainly when we will be able to generate dispatch helpers.

2016-03-11  Martin Kletzander  <mkletzan@redhat.com>

	admin: Do not work with virAdm on the server side
	virAdm is prefix only used on the client side.  Or at least for now.  On
	server, though, this corresponds to virNet structures (virAdmConnect is
	virNetDaemon, virAdmServer should be virNetServer, in the future
	virAdmClient will be resolved to virNetServerClient, and so on).

	This will also make future work clearer and easier.

2016-03-11  Martin Kletzander  <mkletzan@redhat.com>

	Expose virNetServerGetName

2016-03-11  Martin Kletzander  <mkletzan@redhat.com>

	daemon: Properly check for clients
	virHashForEach() returns 0 if everything went nice, so our session
	daemon was timing out even when there was a client connected.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1315606

2016-03-11  Martin Kletzander  <mkletzan@redhat.com>

	daemon: Set error for unknown server name

	virerror: Introduce new error type NO_SERVER
	This serves the same purpose as VIR_ERR_NO_xxx where xxx is any object
	that API can be called upon.  Only this particular one is used for
	daemon's servers.

	daemon: Get server name from the server itself
	Since servers know their name, there is no need to supply such
	information twice.  Also defeats inconsistencies.

	server: Store server name in server object
	At first I did not want to do this, but after trying to implement some
	newer feaures in the admin API I realized we need that to make our lives
	easier.  On the other hand they are not saved redundantly and the
	virNetServer objects are still kept in a hash table.

	admin: Check for flags properly
	Function virAdmConnectListServers() forgot to check for flags at all,
	virAdmConnectOpen() on the other hand checked them but did no dispatch
	the error.  virCheckFlags() should be used only when there should be no
	other thing done after erroring out and since they are used on different
	places then just public API, they cannot dispatch errors.  So let's use
	virCheckFlagsGoto instead.

	admin: Make virAdmServerFree() handle NULL gracefully
	We don't want to end up like with virDomainFree() and other, right?

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildNetCommandLine
	Add new function to manage adding the network device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildFSDevCommandLine
	Add new function to manage adding the -fsdev options to the
	command line removing that task from the mainline qemuBuildCommandLine.
	Alter the code slightly to perform the !caps and fsdev failure check
	up front.

	Since both qemuBuildFSStr and qemuBuildFSDevStr are local, make them
	static and fix their prototypes to use the const virDomainDef as well.
	Make some minor formatting changes for long lines.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildDiskDriveCommandLine
	Add new function to manage adding the disk -drive options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also since using const virDomainDef in new function, that means other
	functions called needed to change their usage.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildHubCommandLine
	Add new function to manage adding the hub -device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also make qemuBuildHubDevStr static to the module since it's only
	used here.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildControllerDevCommandLine
	Add new function to manage adding the controller -device options to the
	command line removing that task from the mainline qemuBuildCommandLine.

	Also adjust to using const virDomainDef instead of virDomainDefPtr.
	This causes collateral damage in order to modify called APIs to use
	the const virDomainDef instead as well.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildGlobalControllerCommandLine
	Add new function to manage adding the -global controller options to
	the command line removing that task from the mainline qemuBuildCommandLine.

	qemu: Introduce qemuBuildBootCommandLine
	Add new function to manage adding the -boot options to the command
	line removing that task from the mainline qemuBuildCommandLine.

	qemu: Introduce qemuBuildPMCommandLine
	Add new function to manage adding the power management options to the
	command line removing that task from the mainline qemuBuildCommandLine.

2016-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildClockCommandLine
	Add new function to manage adding the '-clock' options to the command
	line removing that task from the mainline qemuBuildCommandLine.

	Also includes some minor formatting cleanups.

2016-03-10  Marc-André Lureau  <marcandre.lureau@redhat.com>

	qemu: enable debug threads
	When debug-threads is enabled, individual threads are given a separate
	name (on Linux)

	Fixes:
	https://bugzilla.redhat.com/show_bug.cgi?id=1140121

2016-03-10  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: check for debug-threads capability
	QEMU (somewhere around 2.0) added a new sub-option to the -name flag
	-name debug-threads=on.

2016-03-10  Chunyan Liu  <cyliu@suse.com>

	libxl_conf: reuse virDomainNetGetActualtype in libxlMakeNicList
	Reuse existing helper function virDomainNetGetActualtype.

2016-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemuxml2argvtest: Fix monitor path in serial-file-log

2016-03-10  Cole Robinson  <crobinso@redhat.com>

	docs: generic.css: Indentation and spacing tweaks
	- Add line-height:150% spacing for all text. This makes text lines far
	  less cramped, and seems closer visually to what wikipedia uses.

	- Remove bottom and top margin from lists: entries seemed needlessly
	  spread out.

	- Reduce sublist indentation a bit

	- Add a bottom border after headings: IMO this greatly helps in break
	  up the vertical flow of a big page of text. Doesn't look great on the
	  front page, but helps a lot on dense pages like formatdomain

2016-03-10  Cole Robinson  <crobinso@redhat.com>

	docs: generic.css: font size tweaks
	- change font-family to just 'sans-serif' rather than hardcode a few
	  font families. this means we abide the user's browser font setting,
	  and makes us consistent with other sites like en.wikipedia.org
	- raise font-size to 90%. this is what en.wikipedia.org uses.

	With these two tweaks, libvirt.org text renders the same as
	en.wikipedia.org with fedora firefox out of the box config. Previously
	the font on libvirt.org was very small and difficult to read.

2016-03-10  Cole Robinson  <crobinso@redhat.com>

	docs: generic.css: minor cleanups
	- Drop some redundant bits
	- Use consistent spacing
	- Group similar blocks near each other

	There should be no functional change

2016-03-10  Cole Robinson  <crobinso@redhat.com>

	docs: website: Remove the et.redhat.com footer
	This is long since obsolete, just scrap it all

2016-03-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: support use of virtlogd with file based chardevs
	Currently the file based character devices let QEMU write
	directly to a file on disk. This allows a malicious QEMU
	to inflict a denial of service by consuming all free space.

	Switch QEMU to use a pipe to virtlogd, which will enforce
	file rollover.

2016-03-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: use virtlogd for character device log files
	If use of virtlogd is enabled, then use it for backing the
	character device log files too. This avoids the possibility
	of a guest denial of service by writing too much data to
	the log file.

	logging: support truncation of logfiles when opening
	The virtlogd daemon currently opens all files for append, but
	in some cases the user may wish to discard existing data. Define
	a new flag to indicate that logfiles should be truncated when
	opening.

	qemu: move functions for handling FD passing
	The functions for handling FD passing when building command line
	arguments need to be used by many different bits of code, so need
	to be at the start of the source file

	qemu: don't append -chardev arg until after value is formatted
	The act of formatting a chardev backend value may need to
	append command line arguments for passing FDs. If we append
	the -chardev arg before formatting the value, then the
	resulting arguments will end up interspersed

	qemu: add support for logging chardev output to a file
	Honour the <log file='...'/> element in chardevs to output
	data to a file. This requires QEMU >= 2.6

2016-03-10  Daniel P. Berrange  <berrange@redhat.com>

	conf: allow use of a logfile with chardev backends
	Extend the chardev source XML so that there is a new optional
	<log/> element, which is applicable to all character device
	backend types. For example, to log output of a TCP backed
	serial port

	    <serial type='tcp'>
	      <source mode='connect' host='127.0.0.1' service='9999'/>
	      <protocol type='raw'/>
	      <log file='/var/log/libvirt/qemu/demo-serial0.log' append='on'/>
	      <target port='0'/>
	    </serial>

	Not all hypervisors will support use of logfiles.

2016-03-10  Daniel P. Berrange  <berrange@redhat.com>

	logging: allow inode/offset params to be NULL
	Not all callers of virLogManagerDomainOpenLogFile will
	care about getting the current inode/offset, so we should
	allow those parameters to be NULL

2016-03-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: cpu: Don't remove pinning of cold-unplugged cpu
	After adding support for offline vcpu pinning the code that removes the
	pinning for cpu cold-unplug was forgotten. This fixes up commit 02ae21d

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316371

2016-03-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix memory leak in qemuGetSchedInfo
	Memory returned from virStringSplit shall be freed with
	virStringFreeList rather than VIR_FREE. Introduced in commit 511e7c5b.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316433

2016-03-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix off-by-one in virDomainDefGetVcpu
	Cpus are indexed starting from '0' so the check was invalid.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316384
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1316420

2016-03-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor bitmap handling in qemuDomainPinVcpuFlags
	Now that the function was extracted we can get rid of some temp
	variables. Additionally formatting of the bitmap string for the event
	code should be checked.

	qemu: vcpupin: Extract live vcpupin setting into a separate function
	The function was now beyond maintainability.

2016-03-09  Cole Robinson  <crobinso@redhat.com>

	util: virfile: Only setuid for virFileRemove if on NFS
	NFS with root-squash is the only reason we need to do setuid/setgid
	crazyness in virFileRemove, so limit that behavior to the NFS case.

	util: virfile: Clarify setuid usage for virFileRemove
	Break these checks out into their own function, and clearly document
	each one. This shouldn't change behavior

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: add support for offline vcpupin
	Allow pinning for inactive vcpus. The pinning mask will be automatically
	applied as we would apply the default mask in case of a cpu hotplug.

	Setting the scheduler settings for a vcpu has the same semantics.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1306556

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	conf: extract ignoring of inactive vcpu pinning information
	Introduce VIR_DOMAIN_DEF_FEATURE_OFFLINE_VCPUPIN domain feature flag
	whcih will allow to skip ignoring of the pinning information for
	hypervisor drivers which will want to implement forward-pinning of
	vcpus.

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	conf: refactor checking for unsupported memory devices
	Introduce a helper to check supported device and domain config and move
	the memory hotplug checks to it.

	The advantage of this approach is that by default all new features are
	considered unsupported by all hypervisors unless specifically changed
	rather than the previous approach where every hypervisor would need to
	declare that a given feature is unsupported.

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	conf: introduce parser feature flags
	To avoid having to forbid new features added to domain XML in post parse
	callbacks for individual hypervisor drivers the feature flag mechanism
	will allow to add a central check that will be disabled for the drivers
	that will add support.

	As a first example flag, the 'hasWideSCSIBus' is converted to the new
	bitmap.

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Report pinning for all vCPUs in qemuDomainGetVcpuPinInfo
	The API documentation states that the function is returning pinning for
	all vCPUs, so we can actually do so if the user passes a large enough
	array.

	conf: Extract code filling data for virDomainGetVcpuPinInfo
	The implementation of the inner guts of the function is similar for all
	drivers, so we can add a helper and not have to reimplement it three
	times.

2016-03-09  Peter Krempa  <pkrempa@redhat.com>

	virsh: vcpupin: Ask for pinning info for all vCPUs
	The API docs state that the API queries pinning info for all vCPUs and
	thus we should allocate the bitmap even for the inactive ones.

	The API will currently return bitmap only for the active vCPUs but that
	will change in the future.

2016-03-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for job completed event

	Introduce job completed event
	The VIR_DOMAIN_EVENT_ID_JOB_COMPLETED event will be triggered once a job
	(such as migration) finishes and it will contain statistics for the job
	as one would get by calling virDomainGetJobStats. Thanks to this event
	it is now possible to get statistics of a completed migration of a
	transient domain on the source host.

	qemu: Do not report completed stats until the job finishes
	We would happily report and free statistics of a completed migration
	even before it actually completed (on the source host while migration is
	in the Finish phase).

2016-03-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix a race when computing migration downtime
	Computing a total downtime during a migration requires us to store a
	time stamp when guest CPUs get stopped. The value (and all other
	statistics) is then transferred to the destination to compute the
	downtime. Because the stopped time stamp is stored by a STOP event
	handler while the statistics which will be sent over to the destination
	are copied synchronously within qemuMigrationWaitForCompletion.

	Depending on the timing of STOP and MIGRATION events, we may end up
	copying (and transferring) statistics without the stopped time stamp
	set. Let's make sure we always use the correct time stamp.

	https://bugzilla.redhat.com/show_bug.cgi?id=1282744

2016-03-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't explicitly stop CPUs after migration
	With a very old QEMU which doesn't support events we need to explicitly
	call qemuMigrationSetOffline at the end of migration to update our
	internal state. On the other hand, if we talk to QEMU using QMP, we
	should just wait for the STOP event and let the event handler update the
	state and trigger a libvirt event.

	qemu: Properly update completed migration stats
	We should not overwrite all migration statistics on the source with the
	numbers sent by the destination since the source may have an updated
	view in some cases (such as post-copy migration). It's safer to update
	just the timing info we need to get from the destination and be prepared
	for the future. And we should only do all this after a successful
	migration.

	qemu: Store completed stats at the very end of migration
	Statistics for a completed migration only make sense if the migration
	was successful. Let's not store them in priv->job.completed until we
	are sure it was a success.

2016-03-08  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Remove explicit NULL checks
	NULL checks are performed implicitly in the rest of the module,
	including other allocations in the very same function.

	hostdev: Fix indentation

	hostdev: Remove inaccurate comment
	The comment claimed that virPCIDeviceReattach() does not reattach
	a device to the host driver; except it actually does, so the
	comment is just confusing and we're better off removing it.

2016-03-08  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Make comments easier to change later
	Replace the term "loop" with the more generic "step". This allows us
	to be more flexible and eg. have a step that consists in a single
	function call.

	Don't include the number of steps in the first comment of the
	function, so that we can add or remove steps without having to worry
	about keeping that comment in sync.

	For the same reason, remove the summary contained in that comment.

	Clean up some weird vertical spacing while we're at it.

2016-03-08  Andrea Bolognani  <abologna@redhat.com>

	tests: hostdev: Group test cases
	Instead of considering each single step its own test case, create
	high level test cases that reproduce a certain scenario.

	tests: hostdev: Add more checks on list size
	Always call CHECK_LIST_COUNT() to check the size of both the active
	and inactive devices list.

	tests: hostdev: Use size_t for count variables
	virPCIDeviceListCount()'s return type is size_t, so variables that
	store its return value should be of that type.

2016-03-08  Andrea Bolognani  <abologna@redhat.com>

	tests: hostdev: Move variable declaration inside CHECK_LIST_COUNT()
	The 'actualCount' variable, formerly just 'count', is only used
	internally by the macro, so it's better to move its declaration
	inside the macro as well: this way, it doesn't have to be declared
	by every single user.

	The new name is less generic to make clashes less likely.

2016-03-08  Andrea Bolognani  <abologna@redhat.com>

	tests: hostdev: Use better variable names
	Change the extremely generic count1 and count2 to the more
	descriptive active_count and inactive_count.

	tests: hostdev: Remove magic numbers
	When checking the number of devices added to a device list, use the
	nhostdevs variable instead of its value, so that the test can keep
	working even if more hostdevs are added.

2016-03-08  Michal Privoznik  <mprivozn@redhat.com>

	_virtualboxCreateMachine: Avoid unbounded stack
	If the stars are in the right position and you're building with
	VBox >= 4.2.0 it will happen that compiler thinks an array
	allocated on the stack may be unbounded:

	In file included from vbox/vbox_V4_2.c:13:0:
	vbox/vbox_tmpl.c: In function '_virtualboxCreateMachine':
	vbox/vbox_tmpl.c:2811:1: error: stack usage might be unbounded [-Werror=stack-usage=]
	 _virtualboxCreateMachine(vboxGlobalData *data, virDomainDefPtr def, IMachine **machine, char *uuidstr ATTRIBUTE_UNUSED)
	 ^

	Well, given how the variable is declared, I had some hard time
	seeing it is actually bounded. Surprisingly compiler does not
	complain because of -Wframe-larger-than. This is because
	variable length arrays do not count into that warning.

2016-03-07  John Ferlan  <jferlan@redhat.com>

	Add secretObjFromSecret

	locking: Use bit shift for flag values not constant values.
	So far it hasn't bitten us, but if the next value wasn't 4, then
	the logic used to check flag bits would have issues.

2016-03-07  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos

2016-03-07  Shanzhi Yu  <shyu@redhat.com>

	qemu: improve the error when try to undefine transient network
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1315059

2016-03-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: rename: Forbid renaming domains with managed save image
	The code does not handle renaming of the save state file. In addition to
	that the resuming code would need to be tweaked to handle the name
	change since the XML is extracted from the save image. The easies option
	is to make the rename API even less useful by forbiding this.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1314594

2016-03-04  Michal Privoznik  <mprivozn@redhat.com>

	virLXCProcessMonitorInitNotify: Initialize @inode
	This is an error message I've just seen. Fix it by initializing
	@inode.

	  CC       lxc/libvirt_driver_lxc_impl_la-lxc_process.lo
	lxc/lxc_process.c: In function 'virLXCProcessMonitorInitNotify':
	lxc/lxc_process.c:767:23: error: 'inode' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     virDomainAuditInit(vm, initpid, inode);
	                       ^

2016-03-04  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	libxl: reuse virDomainObjUpdateModificationImpact
	Original current flag expansion does not filter out non
	_CONFIG and _LIVE flags explicitly but they are prohibited
	earlier by virCheckFlags.

	lxc: reuse virDomainObjUpdateModificationImpact

	libxl: Use virDomainLiveConfigHelperMethod for libxlDomainSetMemoryFlags
	Flag expansion is the same as in virDomainObjUpdateModificationImpact
	which virDomainLiveConfigHelperMethod calls internally. The difference
	is merely in implementation. Note that VIR_DOMAIN_MEM_CONFIG is the
	same as VIR_DOMAIN_AFFECT_CONFIG.  Additionally, the called functions
	will properly use flag OR and thus handle the VIR_DOMAIN_MEM_MAXIMUM case.

2016-03-04  Ján Tomko  <jtomko@redhat.com>

	tools: do not leak uri in disconnect handler
	Commit 035947e introduced a call to virConnectGetURI
	without a matching free() in virshCatchDisconnect.

	Also fix vshAdmCatchDisconnect where it was copied by
	commit 6dd7e42.

	https://bugzilla.redhat.com/show_bug.cgi?id=1303891

2016-03-03  Michal Privoznik  <mprivozn@redhat.com>

	Initialize couple of variables.
	While trying to build with -Os couple of compile errors showed
	up.

	conf/domain_conf.c: In function 'virDomainChrRemove':
	conf/domain_conf.c:13666:24: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     virDomainChrDefPtr ret, **arrPtr = NULL;
	                        ^
	Compiler fails to see that @ret is used only if set in the loop,
	but whatever, there's no harm in initializing the variable.

	In vboxAttachDrivesNew and _vboxAttachDrivesOld compiler thinks
	that @rc may be used uninitialized. Well, not directly, but maybe
	after some optimization. Yet again, no harm in initializing a
	variable.

	In file included from ./util/virthread.h:26:0,
	                 from ./datatypes.h:28,
	                 from vbox/vbox_tmpl.c:43,
	                 from vbox/vbox_V3_1.c:37:
	vbox/vbox_tmpl.c: In function '_vboxAttachDrivesOld':
	./util/virerror.h:181:5: error: 'rc' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     virReportErrorHelper(VIR_FROM_THIS, code, __FILE__,              \
	     ^
	In file included from vbox/vbox_V3_1.c:37:0:
	vbox/vbox_tmpl.c:1041:14: note: 'rc' was declared here
	     nsresult rc;
	              ^
	Yet again, one uninitialized variable:

	qemu/qemu_driver.c: In function 'qemuDomainBlockCommit':
	qemu/qemu_driver.c:17194:9: error: 'baseSource' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         qemuDomainPrepareDiskChainElement(driver, vm, baseSource,
	         ^

	And another one:

	storage/storage_backend_logical.c: In function 'virStorageBackendLogicalMatchPoolSource.isra.2':
	storage/storage_backend_logical.c:618:33: error: 'thisSource' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	                       thisSource->devices[j].path))
	                                 ^

2016-03-03  Michal Privoznik  <mprivozn@redhat.com>

	Drop inline keyword from some functions.
	While trying to build with -Os I've encountered some build
	failures.

	util/vircommand.c: In function 'virCommandAddEnvFormat':
	util/vircommand.c:1257:1: error: inlining failed in call to 'virCommandAddEnv': call is unlikely and code size would grow [-Werror=inline]
	 virCommandAddEnv(virCommandPtr cmd, char *env)
	 ^
	util/vircommand.c:1308:5: error: called from here [-Werror=inline]
	     virCommandAddEnv(cmd, env);
	     ^
	This function is big enough for the compiler to be not inlined.
	This is the error message I'm seeing:

	Then virDomainNumatuneNodeSpecified is exported and called from
	other places. It shouldn't be inlined then.

	In file included from network/bridge_driver_platform.h:30:0,
	                 from network/bridge_driver_platform.c:26:
	network/bridge_driver_linux.c: In function 'networkRemoveRoutingFirewallRules':
	./conf/network_conf.h:350:1: error: inlining failed in call to 'virNetworkDefForwardIf.constprop': call is unlikely and code size would grow [-Werror=inline]
	 virNetworkDefForwardIf(const virNetworkDef *def, size_t n)
	 ^

2016-03-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Check if domain is active in GetControlInfo
	Reporting status of a control connection makes no sense for an inactive
	domain.

	https://bugzilla.redhat.com/show_bug.cgi?id=1281706

2016-03-03  Jiri Denemark  <jdenemar@redhat.com>

	Use correct LDFLAGS for leaseshelper

2016-03-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	daemon: fixup refcounting in close callback handling
	remoteDispatchConnectCloseCallbackRegister introduced in
	f484310a has problems. It refcounts network client object and in case of NOOP
	driver operations for registering/unregistering close callback (any driver
	except for vz) nobody will unref it later. As a result, client connection
	will not be disposed and driver connection will not be closed.

	The fix is easy. We don't need to refcount at all. We don't get a dangling
	pointer because in remoteClientFreeFunc, which is called
	upon disposing this network client object, we unregister the close
	callback.

2016-03-02  John Ferlan  <jferlan@redhat.com>

	util: Cleanup error path for virPolkitAgentCreate
	More fallout from changing to using virPolkitAgent and handling error
	paths.  Needed to clear the 'cmd' once stored and of course add the
	virCommandFree(cmd) in the error: label.

2016-03-02  Michal Privoznik  <mprivozn@redhat.com>

	datatypes.c: Replace 'close' with 'closeData'
	Older compilers fail to see that 'close' is not used a function
	rather than a variable and produce the following error:

	cc1: warnings being treated as errors
	../../src/datatypes.c: In function 'virConnectCloseCallbackDataReset':
	../../src/datatypes.c:149: error: declaration of 'close' shadows a global declaration [-Wshadow]

	Replace all the 'close' occurrences with 'closeData' to resolve
	this.

2016-03-02  John Ferlan  <jferlan@redhat.com>

	util: Fix missing initializer for agent
	In virPolkitAgentCreate neglected to initialize agent to NULL. If
	there was an error in the pipe, then we jump to error and would have
	an issue. Found by coverity.

2016-03-01  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	Libvirt: Add missing default value for config option max_queued_clients
	Commit 1199edb1d4e3 added config option max_queued_clients and documented the
	default value as 1000 but never actually set that value. This patch sets the
	default value.

	This addresses an issue whereby the following error message is reported if too
	many migrations are started simultaneously:

	error: End of file while reading data: Ncat: Invalid argument.: Input/output error

	The problem is that too many ncat processes are spawned on the destination
	system. They all attempt to connect to the libvirt socket. Because the
	destination libvirtd cannot respond to the connect requests quickly enough we
	overrun the socket's pending connections queue.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2016-03-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	libxl: Remove extraneous AFFECT_LIVE and not active check.
	libxlDomainPinVcpuFlags calls virDomainLiveConfigHelperMethod which will
	call virDomainObjUpdateModificationImpact make the same AFFECT_LIVE flags
	and !active check, so remove this duplicated check.

2016-03-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	conf: Combine if condition in virDomainObjUpdateModificationImpact
	Prior to commit id '3d021381' virDomainObjUpdateModificationImpact was
	part of virDomainLiveConfigHelperMethod and the *flags if condition
	VIR_DOMAIN_AFFECT_CONFIG checked the ->persistent boolean and made the
	virDomainObjGetPersistentDef call.

	Since the functions were split the ->persistent check is all that remained
	and thus could be combined into one if statement.

2016-03-01  Shanzhi Yu  <shyu@redhat.com>

	qemu: enalbe hotplugging of macvtap device with multiqueue
	in commit 81a110, multiqueue for macvtap is enabled but forget
	to support hotplugging enabled

2016-03-01  Jiri Denemark  <jdenemar@redhat.com>

	docs: Clarify interface/target/@dev docs
	https://bugzilla.redhat.com/show_bug.cgi?id=1313314

2016-03-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't always wait for SPICE to finish migration
	When SPICE graphics is configured for a domain but we did not ask the
	client to switch to the destination, we should not wait for
	SPICE_MIGRATE_COMPLETED event (which will never come).

	https://bugzilla.redhat.com/show_bug.cgi?id=1151723

2016-03-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't try to fetch migration stats on destination
	Migration statistics are not available on the destination host and
	starting a query job during incoming migration is not allowed. Trying to
	do that would result in

	    Timed out during operation: cannot acquire state change lock (held
	    by remoteDispatchDomainMigratePrepare3Params)

	error. We should not even try to start the job.

	https://bugzilla.redhat.com/show_bug.cgi?id=1278727

2016-03-01  Jiri Denemark  <jdenemar@redhat.com>

	Fix formatting in remote_protocol-structs

	util: Fix build without polkit

2016-03-01  Alexander Burluka  <aburluka@virtuozzo.com>

	Implement handling of per-domain bandwidth settings

	Implement qemuSetupGlobalCpuCgroup
	This functions setups per-domain cpu bandwidth parameters

	Add global_period and global_quota XML validation test

	Add error checking on global quota and period

	Add global quota parameter necessary definitions
	This parameter controls the maximum bandwidth to be used
	within a period for whole domain.

	Add global period definitions
	This parameter represents top level period cgroup
	that limits whole domain enforcement period for a quota

2016-03-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: implement connection close notification

	daemon: add connection close rpc

	remote: factor out feature checks on connection open

	close callback: move it to driver

	virConnectCloseCallbackDataDispose: remove unnecessary locks
	We don't need locks in dispose functions as they can only
	be run in one thread for given object.

	close callback API: remove unnecessary locks
	closeCallback pointer is immutable (set on connection object creation)
	and self-locking.

	virConnectCloseCallbackData: factor out callback disarming

2016-03-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	close callback: make unregister clean after connect close event
	If connect close is fired then following unregister will fail
	as we set callback to NULL and thus callback equality checking
	will fail.

	Callback is set to NULL to make it fired only one time probabaly.
	Instead lets use connection equality to NULL to check if callback
	is already fired.

2016-03-01  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	virConnectCloseCallbackData: fix connection object refcount
	We have reference to connection object in virConnectCloseCallbackData
	object thus we have to refcount it. Obviously we have problems
	in dispose and call functions. Let's fix it.

	factor out virConnectCloseCallbackDataPtr methods
	Make register and unregister functions return void because
	we can check the state of callback object beforehand via
	virConnectCloseCallbackDataGetCallback. This can be done
	without race conditions if we use higher level locks for registering
	and unregistering. The fact they return void simplifies
	task of consistent registering/unregistering.

2016-03-01  Henning Schild  <henning.schild@siemens.com>

	qemu_cgroup: use virCgroupAddTask instead of virCgroupMoveTask
	qemuProcessSetupEmulator runs at a point in time where there is only
	the qemu main thread. Use virCgroupAddTask to put just that one task
	into the emulator cgroup. That patch makes virCgroupMoveTask and
	virCgroupAddTaskStrController obsolete.

	qemu_cgroup: put qemu right into emulator sub-cgroup
	Move qemuProcessSetupEmulator up under qemuSetupCgroup. That way
	we move the one main thread right into the emulator cgroup, instead
	of moving multiple threads later on. And we do not actually want any
	threads running in the parent cgroups (cpu cpuacct cpuset).

2016-03-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Move emulator thread setting code into one function
	Similarly to the refactors to iothreads and vcpus, move the code that
	initializes the emulator thread settings into single function.

2016-03-01  Pavel Hrdina  <phrdina@redhat.com>

	qemu: introduce vram64 attribute for QXL video device
	This attribute is used to extend secondary PCI bar and expose it to the
	guest as 64bit memory.  It works like this: attribute vram is there to
	set size of secondary PCI bar and guest sees it as 32bit memory,
	attribute vram64 can extend this secondary PCI bar.  If both attributes
	are used, guest sees two memory bars, both address the same memory, with
	the difference that the 32bit bar can address only the first part of the
	whole memory.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260749

2016-03-01  Pavel Hrdina  <phrdina@redhat.com>

	qemu_capabilities: introduce QEMU_CAPS_QXL(_VGA)_VRAM64

	docs/formatdomain: rewrite video documentation

	domain_conf: always set primary video device as primary
	We always place primary video device at first place, to make it easier
	to create a qemu command or format an xml, but we should also set the
	primary boolean for primary video device to 'true'.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	virsh: Add support for text based polkit authentication
	https://bugzilla.redhat.com/show_bug.cgi?id=872166

	When the login session doesn't have an ssh -X type display agent in
	order for libvirtd to run the polkit session authentication, attempts
	to run 'virsh -c qemu:///system list' from an unauthorized user (or one
	that isn't part of the libvirt /etc/group) will fail with the following
	error from libvirtd:

	error: authentication unavailable: no polkit agent available to
	       authenticate action 'org.libvirt.unix.manage'

	In order to handle the local authentication, we will use the new
	virPolkitAgentCreate API in order to create a text based authentication
	agent for our non readonly session to authenticate with.

	The new code will execute in a loop allowing 5 failures to authenticate
	before failing out.

	With this patch in place, the following occurs:

	$ virsh -c qemu:///system list
	==== AUTHENTICATING FOR org.libvirt.unix.manage ===
	System policy prevents management of local virtualized systems
	Authenticating as: Some User (SUser)
	Password:
	==== AUTHENTICATION COMPLETE ===
	 Id    Name                           State
	 ----------------------------------------------------
	  1     somedomain                     running

	$

2016-03-01  John Ferlan  <jferlan@redhat.com>

	util: Introduce API's for Polkit text authentication
	Introduce virPolkitAgentCreate and virPolkitAgentDestroy

	virPolkitAgentCreate will run the polkit pkttyagent image as an asynchronous
	command in order to handle the local agent authentication via stdin/stdout.
	The code makes use of the pkttyagent --notify-fd mechanism to let it know
	when the agent is successfully registered.

	virPolkitAgentDestroy will close the command effectively reaping our
	child process

2016-03-01  John Ferlan  <jferlan@redhat.com>

	polkit: Adjust message when authentication agent isn't found
	When there isn't a ssh -X type session running and a user has not
	been added to the libvirt group, attempts to run 'virsh -c qemu:///system'
	commands from an otherwise unprivileged user will fail with rather
	generic or opaque error message:

	    "error: authentication failed: no agent is available to authenticate"

	This patch will adjust the error code and message to help reflect the
	situation that the problem is the requested mechanism is UNAVAILABLE and
	a slightly more descriptive error. The result on a failure then becomes:

	    "error: authentication unavailable: no polkit agent available to
	            authenticate action 'org.libvirt.unix.manage'"

	A bit more history on this - at one time a failure generated the
	following type message when running the 'pkcheck' as a subprocess:

	"error: authentication failed: polkit\56retains_authorization_after_challenge=1
	Authorization requires authentication but no agent is available."

	but, a patch was generated to adjust the error message to help provide
	more details about what failed. This was pushed as commit id '96a108c99'.
	That patch prepended a "polkit: " to the output. It really didn't solve
	the problem, but gave a hint.

	After some time it was deemed using DBus API calls directly was a
	better way to go (since pkcheck calls them anyway). So, commit id
	'1b854c76' (more or less) copied the code from remoteDispatchAuthPolkit
	and adjusted it. Then commit id 'c7542573' adjusted the remote.c
	code to call the new API (virPolkitCheckAuth). Finally, commit id
	'308c0c5a' altered the code to call DBus APIs directly. In doing
	so, it reverted the failing error message to the generic message
	that would have been received from DBus anyway.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Rename loadSecrets
	Rename to secretLoadAllConfigs and add the 'driver->configDir' as
	a parameter.

	secret: Introduce secretAssignDef
	This new API will allocate the secret, assign the def pointer, and
	insert the secret onto the passed list. Whether that's the temporary
	list in loadSecrets which gets loaded into the driver list or driver
	list during secretDefineXML.

	secret: Introduce listUnlinkSecret
	Add a temporary helper to search for a specific secret by address
	on the list and remove it if it's found. The following patch will
	introduce a common allocation and listInsert helper. That means
	error paths of the routines calling would need a way to remove the
	secret off the list.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Create a 'base64File' in virSecretObj
	This patch removes need for secretBase64Path and secretComputePath. Similar
	to the configFile, create an entry for base64File, which will be generated
	as the driver->configDir, the UUID value, plus the ".base" suffix. Rather
	than generating on the fly, store this in the virSecretObj.

	The buildup of the pathname done in loadSecrets where the failure to build
	is ignored which is no different than the failure to generate the name
	in secretLoadValue which would have been ignored in the failure path
	after secretLoad.

	This also removes the need for secretComputPath and secretBase64Path.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Create a 'configFile' in virSecretObj
	This patch removes the need for secretXMLPath. Instead save 'path' during
	loadSecret as 'configFile'. The secretXMLPath is nothing more than an
	open coded virFileBuildPath.  All that code did was concantenate the
	driver->configDir, the UUID of the secret, and the ".xml" suffix to form
	the configFile name which we now will generate and save instead.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Adjust logic to build file path in secretLoad
	The 'secretLoad' was essentially open coding virFileBuildPath.

	Adjust the logic to have the caller build the path and pass it. The net
	sum of ignoring the virFileBuildPath failure is the same as before where
	the failure to virAsprintf the path would have been ignored anyway in
	the secretLoad error path.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Rename directory to configDir
	This follows other drivers usage model.

	secret: Use 'secret' instead of 's' for variable name
	Remove one letter variable.

	secret: Rename virSecretObjPtr 'entry' to 'secret'
	Just renaming the variable in secretConnectListAllSecrets.

	secret: Remove local virSecretPtr 'secret'
	Remove the need for the local 'secret' in secretConnectListAllSecrets.
	A subsequent patch will rename the ObjPtr entry to secret.

	secret: Rename virSecretEntry
	Rename to virSecretObj - preparation for future patch, but also follows
	similar code in other drivers.

	secret: Use virFileRewrite instead of replaceFile
	Use the common API instead of essentially open coding same functionality.

2016-03-01  John Ferlan  <jferlan@redhat.com>

	secret: Various formatting cleanups
	Rather than having it interspersed with other changes, do it once.

	Remove a couple ^L, 1 argument per line for functions, less than 80 chars
	per line, use of spacing between logical groups of code, use of one line
	if statements when doing fetch followed by comparison, use direct return
	when no cleanup to be done.

2016-03-01  Henning Schild  <henning.schild@siemens.com>

	vircgroup: one central point for adding tasks to cgroups
	Use virCgroupAddTaskController in virCgroupAddTask so we have one
	single point where we add tasks to cgroups.

2016-03-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: Allow setting pinning of emulator/iohtread with automatic placement
	We honour the placement bitmaps when starting up, so there's no point in
	having this check. Additionally the check was buggy since it checked
	vm->def all the time even if the user requested to modify the persistent
	definition which had different configuration.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1308317

2016-03-01  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: add spice opengl support
	Add Spice graphics gl attribute. qemu 2.6 should have -spice gl=on argument to
	enable opengl rendering context (patches on the ML). This is necessary to
	actually enable virgl rendering.

	Add a qemuxml2argv test for virtio-gpu + spice with virgl.

2016-03-01  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump to 1.3.3

2016-03-01  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Shorten per-domain directory names
	Per-domain directories were introduced in order to be able to
	completely separate security labels for each domain (commit
	f1f68ca33433825ce0deed2d96f1990200bc6618).  However when the domain
	name is long (let's say a ridiculous 110 characters), we cannot
	connect to the monitor socket because on length of UNIX socket address
	is limited.  In order to get around this, let's shorten it in similar
	fashion and in order to avoid conflicts, throw in an ID there as well.
	Also save that into the status XML and load the old status XMLs
	properly (to clean up after older domains).  That way we can change it
	in the future.

	The shortening can be seen in qemuxml2argv tests, for example in the
	hugepages-pages2 case.

2016-03-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.2
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: regenerated

2016-02-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: mention ZFS on Linux support

2016-02-26  John Ferlan  <jferlan@redhat.com>

	storage: Fix error path in storagePoolDefineXML
	Found by inspection - after calling virStoragePoolObjAssignDef the
	pool is part of the driver->pools.objs list and the failure path
	for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove
	to remove the pool from the objs list which will unlock and free
	the pool pointer (as pools->objs[i] during the loop). Since the call
	doesn't clear the pool address from the callee, we need to set it
	to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code
	will fail miserably.

2016-02-26  John Ferlan  <jferlan@redhat.com>

	storage: Fix error path in virStoragePoolObjLoad
	While reviewing how storage driver used ObjListPtr's for reference
	in some recent secret driver patches to use the same mechanism, I came
	across an instance where the wrong API was called for error paths after
	successfully allocating the storage pool pointer and inserting into
	the driver pool list.

	The path is after virStoragePoolObjAssignDef succeeds - the 'def' passed
	in is assigned to pool->def (or newDef) so it shouldn't be the only thing
	deleted. The pool is now part of driver->pools.objs, so it would need to
	be removed (as happens in the storagePoolCreateXML error paths).

	Rather than calling virStoragePoolDefFree to free the def which is now
	assigned to the pool, call virStoragePoolObjRemove to ensure the pool
	element is removed from the driver list and that anything stored in pool
	is properly handled by virStoragePoolObjFree including the call to
	virStoragePoolDefFree for the pool->{def|newDef} element.

2016-02-26  Richard W.M. Jones  <rjones@redhat.com>

	docs: formatdomain: Document "spice" as a valid value for <graphics type=..>
	Trivial documentation fix.

2016-02-26  Nitesh Konkar  <niteshkonkar.libvirt@gmail.com>

	virsh: reject migration with both --live and --offline

2016-02-26  Ján Tomko  <jtomko@redhat.com>

	qemu: error out on missing machine type in configs
	Commit f1a89a8 allowed parsing configs from /etc/libvirt
	without validating the emulator capabilities.

	Check for the presence of a machine type in the qemu driver's
	post parse function instead of crashing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1267256

2016-02-26  Ján Tomko  <jtomko@redhat.com>

	tests: add parseFlags to qemuxml2argvtest

	tests: add a test for persistent LXC XML parsing
	Check if we correctly parse the persistent config even with
	the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag.

2016-02-26  Ján Tomko  <jtomko@redhat.com>

	Revert "Error out on missing machine type in machine configs"
	Revert commit 55e6d8cd9eac7eb2aaa4d221585e9402cf7269d5.

	This fix for https://bugzilla.redhat.com/show_bug.cgi?id=1267256
	unconditionally required a machine type for all machine types
	even though qemu is the only emulator using them.

	Revert it to fix persistent configs for drivers with no machine type:
	https://www.redhat.com/archives/libvir-list/2016-February/msg01228.html

2016-02-26  Ján Tomko  <jtomko@redhat.com>

	testCompareDomXML2XMLFiles: add parseFlags parameter
	Allow testing XML parsing with different flags.

2016-02-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: unref objects in error paths
	libxlMakeNic opens a virConnect object and takes a reference on a
	virNetwork object, but doesn't drop the references on all error
	paths. Rework the function to follow the standard libvirt pattern
	of using a local 'ret' variable to hold the function return value,
	performing all cleanup and returning 'ret' at a 'cleanup' label.

2016-02-25  John Ferlan  <jferlan@redhat.com>

	storage: No need to check ret after VIR_APPEND_ELEMENT
	Generates a false positive for Coverity, but it turns out there's no need
	to check ret == -1 since if VIR_APPEND_ELEMENT is successful, the local
	vol pointer is cleared anyway.

	zfs: Resolve RESOURCE_LEAK
	Found by my Coverity checker - virCheckFlags call could return -1, but
	not virCommandFree(destroy_cmd).

	openvz: Use virStringSplitCount instead of strtok_r
	When parsing the barrier:limit values, use virStringSplitCount in order
	to split the pair and make the approriate checks to get the data.

2016-02-25  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Remove temporary variable when checking for VF
	The virHostdevIsVirtualFunction() was called exactly twice, and in
	both cases the return value was saved to a temporary variable before
	being checked. This would be okay if it improved readability, but in
	this case is pretty pointless.

	Get rid of the temporary variable and check the return value
	directly; while at it, change the check from '<= 0' to '!= 1' to
	align it with the way other similar *IsVirtualFunction() functions
	are used thorough the code.

2016-02-25  Andrea Bolognani  <abologna@redhat.com>

	netdev: Use virNetDevIsVirtualFunction() properly
	virNetDevIsVirtualFunction() returns 1 if the interface is a
	virtual function, 0 if it isn't and -1 on error. This means that,
	despite the name suggesting otherwise, using it as a predicate is
	not correct.

	Fix two callers that were doing so adding an explicit check on
	the return value.

2016-02-25  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid calling closedir(NULL)

2016-02-25  Michal Privoznik  <mprivozn@redhat.com>

	vircgroupmock: Mock access("/sys/devices/system/cpu/present")
	There's been a report on the upstream list [1] describing we
	access /sys/devices/system/cpu/present directly on the host from
	within our test suite. This may end up in unpredictable results
	as no all linux systems are required to have that file. Mock
	access to the file.

	libvirt.git/tests $ ../run strace vircgrouptest
	...
	access("/sys/devices/system/cpu/present", F_OK) = 0
	...

2016-02-25  Osier Yang  <osier@yunify.com>

	Fix bug of attaching redirdev device
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1298070

	The corresponding chardev must be attached first, otherwise the
	the qemu command line won't be complete (missing the host part),

2016-02-24  Eric Blake  <eblake@redhat.com>

	build: accomodate selinux 2.5 header API change
	Yet again, selinux has been adding const-correctness; this change
	is ABI-compatible, but breaks API, which affects us when we try to
	override things in our testsuite:

	../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open'
	 struct selabel_handle *selabel_open(unsigned int backend,
	                        ^~~~~~~~~~~~
	In file included from ../../tests/securityselinuxhelper.c:32:0:
	/usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here

	The problem is a new 'const' prior to the second parameter.

	Fix it the same way we did in commit 292d3f2d: check for the new
	const at configure time.

2016-02-24  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainInterfaceStats
	Introduce support for domainInterfaceStats API call for querying
	network interface statistics. Consequently it also enables the use of
	`virsh domifstat <dom> <interface name>` command plus seeing the
	interfaces names instead of "-" when doing `virsh domiflist <dom>`.

	After successful guest creation we fill the network interfaces names
	based on domain, device id and append suffix if it's emulated in the
	following form: vif<domid>.<devid>[-emu].  We extract the network
	interfaces info from the libxl_domain_config object in
	libxlDomainCreateIfaceNames() to generate ifname. On domain cleanup we
	also clear ifname, in case it was set by libvirt (i.e. being prefixed
	with "vif"). We also skip these two steps in case the name of the
	interface was manually inserted by the administrator. Since the
	introduction of netprefix (commit a040ba9), ifnames with a registered
	prefix will be freed on virDomain{Obj,Def}Format*, thus eliminating
	the migration issues observed with the reverted commit d2e5538 whereas
	source and destination would have the same ifname.

	For getting the interface statistics we resort to virNetInterfaceStats
	and let libvirt handle the platform specific nits. Note that the
	latter is not yet supported in FreeBSD.

2016-02-24  Chunyan Liu  <cyliu@suse.com>

	libxl: small fix in parsing network

2016-02-24  Eric Blake  <eblake@redhat.com>

	rbd: fix 32-bit build
	%zu is not always synonymous with uint64_t; on 32-bit machines,
	size_t is only 32 bits.  Prefer "%lld"/'unsigned long long' when
	the variable is under our control, and "%"PRIu64 when we are
	stuck with 'uint64_t' from RBD.

	Fixes errors such as:

	../../src/storage/storage_backend_rbd.c: In function 'virStorageBackendRBDVolWipe':
	../../src/storage/storage_backend_rbd.c:1281:15: error: format '%zu' expects argument of type 'size_t', but argument 8 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
	     VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s",
	               ^
	../../src/util/virlog.h:90:73: note: in definition of macro 'VIR_DEBUG_INT'
	     virLogMessage(src, VIR_LOG_DEBUG, filename, linenr, funcname, NULL, __VA_ARGS__)
	                                                                         ^
	../../src/storage/storage_backend_rbd.c:1281:5: note: in expansion of macro 'VIR_DEBUG'
	     VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s",
	     ^

2016-02-23  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix bogus indentation from commit fb2bd208

2016-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCommandLine: Change the condition for -nographics
	There's this check when building command line that whenever
	domain has no graphics card configured we put -nographics onto
	qemu command line. The check is 'if (!def->graphics)'. This
	makes coverity think that def->graphics can be NULL, which is
	true. But later in the code every access to def->graphics is
	guarded by check for def->ngraphics, so no crash occurs. But this
	is something that coverity fails to deduct.
	In order to shut coverity up lets change the condition to
	'if (!def->ngraphics)'.

	xen: Check return value of virStringReplace
	After 6604a3dd9f8 in which new helper function has been
	introduced, the code calls virStringReplace and dereference the
	result immediately. The string function can, however, return NULL
	so this would SIGSEGV right away. Check for the return value of
	the string function.

	vbox: Avoid signed and unsigned comparison
	After 457ff97fa there are two defects in our code. In both of
	them we use a signed variable to hold up a number of snapshots
	that domain has. We use a helper function to count the number.
	However, the helper function may fail in which case it returns
	a negative one and control jumps to cleanup label where an
	unsigned variable is used to iterate over array of snapshots. The
	loop condition thus compare signed and unsigned variables which
	in this specific case ends up badly for us.

	docs: Try harder to uninstall
	Imagine you have partially installed libvirt, or maybe you're
	just running 'make uninstall' from a different version than 'make
	install' has been ran. One way or another, we are doing plain
	'rm' instead of 'rm -f' and thus not trying hard enough when
	uninstalling. In the rest of our code we stick with -f switch. Do
	that for docs too.

2016-02-23  Andrea Bolognani  <abologna@redhat.com>

	tests: Fix typo oaque -> opaque
	No functional changes.

2016-02-22  Jim Fehlig  <jfehlig@suse.com>

	libxl: add support for rbd qdisk
	xl/libxl already supports qemu's network-based block backends
	such as nbd and rbd. libvirt has supported configuring such
	<disk>s for long time too. This patch adds support for rbd
	disks in the libxl driver by generating a rbd device URL from
	the virDomainDiskDef object. The URL is passed to libxl via the
	pdev_path field of libxl_device_disk struct. libxl then passes
	the URL to qemu for cosumption by the rbd backend.

2016-02-22  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: support xl<->xml conversion of rbd disk devices
	The target= setting in xl disk configuration can be used to encode
	meta info that is meaningful to a backend. Leverage this fact to
	support qdisk network disk types such as rbd. E.g. <disk> config
	such as

	   <disk type='network' device='disk'>
	     <driver name='qemu' type='raw'/>
	     <source protocol='rbd' name='pool/image'>
	       <host name='mon1.example.org' port='6321'/>
	       <host name='mon2.example.org' port='6322'/>
	       <host name='mon3.example.org' port='6322'/>
	     </source>
	     <target dev='hdb' bus='ide'/>
	     <address type='drive' controller='0' bus='0' target='0' unit='1'/>
	   </disk>

	can be converted to the following xl config (and vice versa)

	  disk = [ "format=raw,vdev=hdb,access=rw,backendtype=qdisk,
	            target=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\\:6321\\;mon2.example.org\\:6322\\;mon3.example.org\\:6322"
	         ]

	Note that in xl disk config, a literal backslash in target= must
	be escaped with a backslash. Conversion of <auth> config is not
	handled in this patch, but can be done in a follow-up patch.

	Also add a test for the conversions.

2016-02-22  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: produce key=value disk config syntax in xl formatter
	The most formal form of xl disk configuration uses key=value
	syntax to define each configuration item, e.g.

	format=raw, vdev=xvda, access=rw, backendtype=phy, target=disksrc

	Change the xl disk formatter to produce this syntax, which allows
	target= to contain meta info needed to setup a network-based
	disksrc (e.g. rbd, nbd, iscsi). For details on xl disk config
	format, see  $xen-src/docs/misc/xl-disk-configuration.txt

	Update the disk config in the tests to use the formal syntax.
	But add tests to ensure disks specified with the positional
	parameter syntax are correctly converted to <disk> XML.

2016-02-22  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: replace text 'xm' with 'xl' in xlconfigtest
	While at it, improve a few comments. No functional change.

2016-02-22  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Minor style adjustments
	Mostly labels names and whitespace.

	No functional changes.

2016-02-22  Michal Privoznik  <mprivozn@redhat.com>

	cmdSaveImageEdit: Prefer VSH_EXCLUSIVE_OPTIONS over by hand check
	Since we have the macro there's no need for us to unwind it by
	hand and check for mutually exclusive flags ourselves.

	cmdNetworkUpdate: Prefer VSH_EXCLUSIVE_OPTIONS over if-else tree
	We have macros that check and reject mutually exclusive
	parameters to our commands. Use those instead of if-else tree.
	At the same time, the variable @current becomes useless therefore
	it is dropped.

2016-02-22  Marc-André Lureau  <marcandre.lureau@gmail.com>

	util: TristateBool and TristateSwitch are interchangeable
	It may be useful in some cases to call TristateSwitch helper with TristateBool.
	Document that enum values equivalency in the code.

2016-02-22  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: mark auto-generated spice ports as reserved
	In case you will specify graphics like this:

	<graphics type='spice' port='-1'/>

	or

	<graphics type='spice' port='-1' tlsPort='6000'/>

	libvirt will automatically add autoport='no'.  This leads to an issue
	that in qemuProcessStop() we don't release that port because we are
	releasing both port if autoport=yes or only port marked as reserved.

	If autoport=no but we request to generate port via '-1' we need to mark
	that port as reserved in order to release it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1299696

2016-02-22  Martin Kletzander  <mkletzan@redhat.com>

	Miscellaneous for-loop syntax clean-ups
	Checking whether x > 0 before looping over [0..x] items doesn't make
	sense and multi-line body must have curly brackets around it.

	Best viewed with '-w'.

2016-02-22  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add support for LSI SAS1068 (aka MPT Fusion) SCSI controller
	This does nothing more than adding the new device and capability.
	The device is present since QEMU 2.6.0.

2016-02-22  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDefFormatInternal: Drop useless check
	There's a check if a domain definition has any graphics card and
	if so, we iterate over each one of them. This makes no sense,
	because even if it has none we can still iterate over.

2016-02-22  Michal Privoznik  <mprivozn@redhat.com>

	adminDaemonListServers: Don't leak @srv_names array
	When getting a list of servers registered for a daemon, it's
	returned as a dynamically allocated array filled in with pointers
	to constant strings. Because the array is dynamic, it should be
	freed when no longer needed (but not the strings!). Even the
	function that creates the array suggests that.

	==19446== 48 bytes in 3 blocks are definitely lost in loss record 821 of 1,034
	==19446==    at 0x4C2C28E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19446==    by 0x54BAFC8: virReallocN (viralloc.c:245)
	==19446==    by 0x54BB0BE: virExpandN (viralloc.c:294)
	==19446==    by 0x54BB391: virInsertElementsN (viralloc.c:436)
	==19446==    by 0x164E3D: virNetDaemonGetServerNames (virnetdaemon.c:217)
	==19446==    by 0x15616F: adminDaemonListServers (admin_server.c:52)
	==19446==    by 0x155B8C: adminDispatchConnectListServers (admin.c:151)
	==19446==    by 0x155FD8: adminDispatchConnectListServersHelper (admin_dispatch.h:101)
	==19446==    by 0x568E862: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==19446==    by 0x568E3C3: virNetServerProgramDispatch (virnetserverprogram.c:307)
	==19446==    by 0x5687B5B: virNetServerProcessMsg (virnetserver.c:135)
	==19446==    by 0x5687C1B: virNetServerHandleJob (virnetserver.c:156)

2016-02-19  Andrea Bolognani  <abologna@redhat.com>

	gic: Introduce VIR_GIC_VERSION_DEFAULT alias
	GIC v2 is the default, but checking against that specific version when
	we want to know whether the default has been selected is potentially
	error prone; using an alias instead makes it safer.

	docs: List possible GIC versions
	Recent changes to the handling of GIC version, specifically commit
	2a7b11eafb67, have clearly defined what values are acceptable for the
	version attribute of the <gic> element. Update the documentation
	accordingly.

2016-02-19  Laurent Bigonville  <bigon@bigon.be>

	security_selinux: Fix typo in error message

2016-02-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: iothreadpin: Always set affinity when pinning iothread
	Similarly to VM startup always set the legacy affinity. Additionally we
	don't need to report an explicit error since virProcessSetAffinity
	reports them themselves.

	qemu: emulatorpin: Always set affinity when pinning emulator thread
	Similarly to VM startup always set the legacy affinity. Additionally we
	don't need to report an explicit error since virProcessSetAffinity
	reports them themselves.

2016-02-19  Cole Robinson  <crobinso@redhat.com>

	qemu: parse: drop redundant AddImplicitControllers
	PostParse handles it for us now.

	This causes some test suite churn; qemu's custom PostParse could is
	now invoked before the generic AddImplicitControllers, so PCI
	controllers end up sequentially in the XML before the generically
	added IDE controllers. So it's just some XML reordering

2016-02-19  Cole Robinson  <crobinso@redhat.com>

	qemu: parse: rename qemuCaps->caps
	Everywhere else in qemu driver code 'qemuCaps' is a virQEMUCapsPtr,
	and virCapsPtr is generally named just 'caps'. Rename the offenders

2016-02-19  Cole Robinson  <crobinso@redhat.com>

	domain: add implicit controllers from post parse
	Seems like the natural fit, since we are already adding other XML bits
	in the PostParse routine.

	Previously AddImplicitControllers was only called at the end of XML
	parsing, meaning code that builds a DomainDef by hand had to manually
	call it. Now those PostParse callers get it for free.

	There's some test churn here; xen xm and sexpr test suite bits weren't
	calling this before, but now they are, so you'll see new IDE controllers.
	I don't think this will cause problems in practice, since the code already
	needs to handle these implicit controllers like in the case when a user
	defines their own XML.

2016-02-19  Jiri Denemark  <jdenemar@redhat.com>

	Check for active domain in virDomainObjWait
	virDomainObjWait is designed to be called in a loop. Make sure we break
	the loop in case the domain dies to avoid waiting for an event which
	will never happen.

2016-02-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid calling qemuProcessStop without a job
	Calling qemuProcessStop without a job opens a way to race conditions
	with qemuDomainObjExitMonitor called in another thread. A real world
	example of such a race condition:

	  - migration thread (A) calls qemuMigrationWaitForSpice
	  - another thread (B) starts processing qemuDomainAbortJob API
	  - thread B signals thread A via qemuDomainObjAbortAsyncJob
	  - thread B enters monitor (qemuDomainObjEnterMonitor)
	  - thread B calls qemuMonitorSend
	  - thread A awakens and calls qemuProcessStop
	  - thread A calls qemuMonitorClose and sets priv->mon to NULL
	  - thread B calls qemuDomainObjExitMonitor with priv->mon == NULL
	  => monitor stays ref'ed and locked

	Depending on how lucky we are, the race may result in a memory leak or
	it can even deadlock libvirtd's event loop if it tries to lock the
	monitor to process an event received before qemuMonitorClose was called.

2016-02-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Simplify error handling in qemuProcessReconnect

	qemu: Process monitor EOF in a job
	Stopping a domain without a job risks a race condition with another
	thread which started a job a which does not expect anyone else to be
	messing around with the same domain object.

	qemu: Start an async job for processGuestPanicEvent
	Only a small portion of processGuestPanicEvent was enclosed within a
	job, let's make sure we use the job for all operations to avoid race
	conditions.

	qemu: Start job in qemuDomainDestroyFlags early

2016-02-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce qemuProcessBeginStopJob
	When destroying a domain we need to make sure we will be able to start a
	job no matter what other operations are running or even stuck in a job.
	This is done by killing the domain before starting the destroy job.

	Let's introduce qemuProcessBeginStopJob which combines killing a domain
	and starting a job in a single API which can be called everywhere we
	need a job to stop a domain.

2016-02-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Pass async job to qemuProcessInit

	qemu: End nested jobs properly
	Ending a nested job is no different from ending any other (non-async)
	job, after all the code in qemuDomainBeginJobInternal does not handle
	them differently either. Thus we should call qemuDomainObjEndJob to stop
	nested jobs.

	qemu: Export qemuDomainObjBeginNestedJob

2016-02-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: cpupin: Extract getter code into a separate function

	qemu: qemuDomainGetStatsVcpu: Fix output for possible sparse vCPU settings
	qemuDomainHelperGetVcpus would correctly return an array of
	virVcpuInfoPtr structs for online vcpus even for sparse topologies, but
	the loop that fills the returned typed parameters would number the vcpus
	incorrectly. Fortunately sparse topologies aren't supported yet.

	qemu: vcpupin: Always set affinity even when cgroups are supported
	VM startup and CPU hotplug always set the affinity regardless of cgroups
	support. Use the same approach for the pinning API.

	qemu: vcpupin: Don't overwrite errors from functions setting pinning
	Both errors from the cgroups code and from the affinity code would be
	overwritten by the API. Report the more specific error.

	util: Use virBitmapIsBitSet in freebsd impl of virProcessSetAffinity
	Use the helper that does not return errors to fix spuriously looking
	dead return of -1.

	virsh: cmdVcpuPin: Simplify handling of API flags
	Rather than setting flags to -1 if none were specified, move the logic
	to use the old API to the place where we need to decide. It simplifies
	the logic a bit.

2016-02-19  Andrea Bolognani  <abologna@redhat.com>

	test: qemuxml2argv: Drop QEMU_CAPS_DEVICE uses
	Since commit 51045df01b3c, the QEMU_CAPS_DEVICE capability is enabled
	automatically and shouldn't be passed as an argument to DO_TEST();
	however, commit 998a936c4c1a accidentally introduced few such uses.

2016-02-19  Erik Skultety  <eskultet@redhat.com>

	admin: Fix memory leak in remoteAdminConnectClose
	When virt-admin is run with valgrind, this kind of output can be obtained:

	HEAP SUMMARY:
	  in use at exit: 134,589 bytes in 1,031 blocks
	  total heap usage: 2,667 allocs, 1,636 frees, 496,755 bytes allocated

	88 bytes in 1 blocks are definitely lost in loss record 82 of 128
	 at 0x4C2A9C7: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	 by 0x52F6D1F: virAllocVar (viralloc.c:560)
	 by 0x5350268: virObjectNew (virobject.c:193)
	 by 0x53503E0: virObjectLockableNew (virobject.c:219)
	 by 0x4E3BBCB: virAdmConnectNew (datatypes.c:832)
	 by 0x4E38495: virAdmConnectOpen (libvirt-admin.c:209)
	 by 0x10C541: vshAdmConnect (virt-admin.c:107)
	 by 0x10C7B2: vshAdmReconnect (virt-admin.c:163)
	 by 0x10CC7C: cmdConnect (virt-admin.c:298)
	 by 0x110838: vshCommandRun (vsh.c:1224)
	 by 0x10DFD8: main (virt-admin.c:862)

	 LEAK SUMMARY:
	    definitely lost: 88 bytes in 1 blocks
	    indirectly lost: 0 bytes in 0 blocks
	    possibly lost: 0 bytes in 0 blocks
	    still reachable: 134,501 bytes in 1,030 blocks
	    suppressed: 0 bytes in 0 blocks

	This is because virNetClientSetCloseCallback was being reinitialized
	incorrectly. By resetting the callbacks in a proper way, the leak is fixed.

2016-02-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Avoid using vSphere SessionIsActive function
	A login session with the vSphere API might expire after some idle time.
	The esxVI_EnsureSession function uses the SessionIsActive function to
	check if the current session has expired and a relogin needs to be done.

	But the SessionIsActive function needs the Sessions.ValidateSession
	privilege that is considered as an admin level privilege.

	Only vCenter actually provides the SessionIsActive function. This results
	in requiring an admin level privilege even for read-only operations on
	a vCenter server.

	ESX and VMware Server don't provide the SessionIsActive function and
	the code already works around that. Use the same workaround for vCenter
	again.

	This basically reverts commit 5699034b65afd49d91dff13c46481bea545cbaac.

2016-02-18  Ján Tomko  <jtomko@redhat.com>

	Error out on missing machine type in machine configs
	Commit f1a89a8 allowed parsing configs from /etc/libvirt
	without validating the emulator capabilities.

	Check for the presence of os->type.machine even if the
	VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag is set,
	otherwise the daemon can crash on carelessly crafted input
	in the config directory.

	https://bugzilla.redhat.com/show_bug.cgi?id=1267256

2016-02-18  Ján Tomko  <jtomko@redhat.com>

	vsh: use virBufferTrim in vshOutputLogFile
	Use virBufferTrim to strip the extra newline at the end
	of the message instead of open-coding it after the buffer's
	string is formatted.

2016-02-18  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildMonitorCommandLine
	Add new function to manage adding the '-mon' or '-monitor' options to
	the command line removing that task from the mainline qemuBuildCommandLine.

	Also adjusted qemuBuildChrChardevStr and qemuBuildChrArgStr to use
	const virDomainChrSourceDef *def rather than virDomainChrSourceDefPtr def.

2016-02-18  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildSgaCommandLine
	Add new function to manage adding the '-device sga' to the command
	line removing that task from the mainline qemuBuildCommandLine

2016-02-18  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildSmbiosCommandLine
	Add new function to manage adding the '-smbios' options to the command
	line removing that task from the mainline qemuBuildCommandLine

	Also while I was looking at it, move the uuid processing closer to usage.

2016-02-18  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuBuildNumaCommandLine
	Add new function to manage adding the '-numa' options to the command
	line removing that task from the mainline qemuBuildCommandLine

	qemu: Introduce qemuBuildIOThreadCommandLine
	Add new function to manage adding the IOThread '-object' to the command
	line removing that task from the mainline qemuBuildCommandLine

	qemu: Rename qemuBuildSmpArgStr to qemuBuildSmpCommandLine
	Rename function and move code in from qemuBuildCommandLine to
	keep smp related code together. Also make a few style changes
	for long lines, return value change, and 2 spaces between functions.

	qemu: Introduce qemuBuildMemCommandLine
	Add new function to manage adding the '-m' memory options to the command
	line removing that task from the mainline qemuBuildCommandLine

	qemu: Rename qemuBuildCpuArgStr to qemuBuildCpuCommandLine
	Rename function and move code from mainline qemuBuildCommandLine to
	keep alike code together.

	qemu: Rename qemuBuildMachineArgStr
	Rename to qemuBuildMachineCommandLine to fit current (and future)
	helper naming conventions.

	qemu: Make basic upfront checks before create command
	Create qemuBuildCommandLineValidate to make some checks before trying
	to build the command. This will move some logic from much later to much
	earlier - we shouldn't be adjusting any data so that shouldn't matter.

2016-02-18  Bjoern Walk  <bwalk@linux.vnet.ibm.com>

	qemu: cgroup: fix cgroup permission logic
	Fix logic error introduced in commit d6c91b3c which essentially broke
	starting any domain.

2016-02-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: Remove <backingStore> when changing cdrom media source
	Since the code is changing the source image path by modifying the
	existing XML snippet the <backingStore> stays in place.

	As <backingStore> is relevant to the <source> part of the image, the
	update of that part makes the element invalid.

	CD/floppy images usually don't have a backing chain and the element is
	currently ignored though but it might start being used in the future so
	let's start behaving correctly.

	Drop the <backingStore> subtree once we want to update the XML.

	Before this patch, you'd get:
	$ virsh change-media --eject --print-xml 10 hdc
	<disk type="file" device="cdrom">
	      <driver name="qemu" type="qcow2"/>

	      <backingStore type="file" index="1">
	        <format type="qcow2"/>
	        <source file="/var/lib/libvirt/images/vm.1436949097"/>
	        <backingStore/>
	      </backingStore>
	      <target dev="hdc" bus="ide"/>
	      ...
	    </disk>

	After:

	 $ virsh change-media --eject --print-xml 10 hdc
	<disk type="file" device="cdrom">
	      <driver name="qemu" type="qcow2"/>

	      <target dev="hdc" bus="ide"/>
	      ...
	    </disk>

2016-02-18  John Ferlan  <jferlan@redhat.com>

	qemu: Remove local emulator
	Remove the local variable 'emulator' and just use def->emulator

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Kill VIR_WRAPPER_SHELL_PREFIX
	The migration code now doesn't need it, so remove the macros and the
	configure code that is detecting it.

2016-02-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Move PORT definitions to qemu_conf.c
	Which is the only user. That was the only reason for including
	qemu_command.h, though we need to explicitly include qemu_domain.h
	afterwards.

	tests: Remove unused virtTestClearLineRegex
	This was only used for test 'xml blanking', which has now all
	been removed, and isn't an ideal paradigm anyways since it
	inhibits easy XML regeneration.

	tests: lxcconf2xml: Drop XML blanking
	Hardcode a UUID like we did for qemuargv2xml, so we can use standard
	comparison helpers, which gives us VIR_TEST_REGENERATE_OUTPUT support

2016-02-17  Cole Robinson  <crobinso@redhat.com>

	tests: qemuargv2xml: Drop memory XML blanking
	The memory XML blanking is only there to avoid the unit= churn that
	was added by default a long time ago.

	Drop the blanking, switch over to using the standard comparison
	helpers, and regenerate the output with VIR_TEST_REGENERATE_OUTPUT.

2016-02-17  Cole Robinson  <crobinso@redhat.com>

	tests: qemuargv2xml: hardcode disk auth usage
	If a qemuargv has iscsi or ceph secrets on the command line, we will
	convert that to XML like:

	  <auth username='myname'>
	    <secret type='iscsi'/>
	  </auth>

	This is not valid XML, as either a UUID or usage must be specified in
	the secret block. It's not clear though how the argv2xml code can do
	anything correct here, since XML like this requires a libvirt secret
	object to have already been defined.

	The current test suite handles this by blanking out any <secret> block
	in the XML. This avoids domainschematest failures.

	Instead of blanking, let's hardcode a usage= name. This lets us test
	the other bits of generated <secret> XML, and is a step towards wiring
	up VIR_TEST_REGENERATE_OUTPUT

2016-02-17  Cole Robinson  <crobinso@redhat.com>

	tests: qemuargv2xml: Remove UUID randomness
	Overwrite any randomly generated UUID to use a hardcoded value, so
	we don't need to blank it when comparing XML.

	tests: qemuargv2xml: Remove unneeded XML blanking
	None of the test cases depend on dropping these XML bits

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove unnecessary calculations in qemuDomainSaveMemory
	Now that the file migration doesn't require us to use 'dd' and other
	legacy stuff for too old qemus we don't even have to calcuate the
	offsets and other stuff.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Remove unused qemuMonitorMigrateToFile
	With the currently supported qemus we always migrate to file
	descriptors so the old function is not required any more.

	Additionally QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE macro is now
	unused.

2016-02-17  Michal Privoznik  <mprivozn@redhat.com>

	vircgroup: Update virCgroupDenyDevicePath stub
	In cf113e8d we changed the declaration of
	virCgroupAllowDevicePath() and virCgroupDenyDevicePath().
	However, while updating the stub for non-cgroup platforms for the
	former we forgot to update the latter too causing a build
	failure.

2016-02-17  Ján Tomko  <jtomko@redhat.com>

	Revert "storageVolCreateXMLFrom: Check if backend knows how to createVol"
	This reverts commit 611a278fa46d3136b7fe5c6ab05e660ca3c8fdf4.

	According to the original commit message, this is dead code:

	  It is highly unlikely that a backend will know how to create a
	  volume from a different volume (buildVolFrom) and not know how to
	  create an empty volume (createVol).

2016-02-17  Erik Skultety  <eskultet@redhat.com>

	syms: add forgotten virAdmConnectClass symbol
	Although it currently doesn't cause any linking issues, the symbol should be
	exported correctly according to our conventions.

	virt-admin: Introduce cmdSrvList
	Since we introduced listing API earlier in these series, it's time
	to wire up the API to the virt-admin client.

	admin: Introduce adminDaemonConnectListServers API
	This API is merely a convenience API, i.e. when managing clients connected to
	daemon's servers, we should know (convenience) which server the specific client
	is connected to. This implies a client-side representation of a server along
	with a basic API to let the administrating client know what servers are actually
	available on the daemon.

	admin: Introduce virAdmServer structure
	This is the key structure of all management operations performed on the
	daemon/clients. An admin client needs to be able to identify
	another client (either admin or non-privileged client) to perform an
	action on it. This identification includes a server the client is
	connected to, thus a client-side representation of a server is needed.

2016-02-17  Erik Skultety  <eskultet@redhat.com>

	admin: Move admin_server.{h,c} to admin.{h,c}
	This change is merely because admin_server would contain all the code
	from dispatchers and helpers to the actual APIs. Admin should have
	similar structure to the daemon-side remote driver - dispatchers and
	helpers in a separate module, APIs in a separate module.

	Best viewed with -M.

2016-02-17  Erik Skultety  <eskultet@redhat.com>

	virnetdaemon: Store servers in a hash table
	Since the daemon can manage and add (at fresh start) multiple servers,
	we also should be able to add them from a JSON state file in case of a
	daemon restart, so post exec restart support for multiple servers is also
	provided. Patch also updates virnetdaemontest accordingly.

	util: Refactor virHashForEach so it returns as soon as an iterator fails
	The method will now return 0 on success and -1 on error, rather than number of
	items which it iterated over before it returned back to the caller. Since the
	only place where we actually check the number of elements iterated is in
	virhashtest, return value of 0 and -1 can be a pretty accurate hint that it
	iterated over all the items. However, if we really want to know the number of
	items iterated over (like virhashtest does), a counter has to be provided
	through opaque data to each iterator call. This patch adjusts return value of
	virHashForEach, refactors the body, so it returns as soon as one of the
	iterators fail and adjusts virhashtest to reflect these changes.

	util: Add a return value to void hash iterators
	Our existing virHashForEach method iterates through all items disregarding the
	fact, that some of the iterators might have actually failed. Errors are usually
	dispatched through an error element in opaque data which then causes the
	original caller of virHashForEach to return -1. In that case, virHashForEach
	could return as soon as one of the iterators fail. This patch changes the
	iterator return type and adjusts all of its instances accordingly, so the
	actual refactor of virHashForEach method can be dealt with later.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Setup cgroups for bios/firmware images
	oVirt wants to use OVMF images on top of lvm for their 'logical'
	storage thus we should set up device ACLs for them so it will actually
	work.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1305922

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Extract guts of qemuSetupImageCgroupInternal
	They will later be reused for setting cgroup for other image backed
	devices.

	qemu: cgroup: Split up qemuSetImageCgroupInternal
	Separate the Teardown and Setup code paths into separate helpers.

	qemu: cgroup: Switch to qemu(Setup|Teardown)ImageCgroup
	For other objects we use the two functions rather than one with a bool.
	Convert qemuSetImageCgroup to the same approach.

	qemu: cgroup: Avoid reporting errors from inaccessible NFS volumes
	Rather than reporting it and then reseting the error, don't report it in
	the first place.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	util: cgroup: Allow ignoring EACCES in virCgroup(Allow|Deny)DevicePath
	When adding disk images to ACL we may call those functions on NFS
	shares. In that case we might get an EACCES, which isn't really relevant
	since NFS would not hold a block device. This patch adds a flag that
	allows to stop reporting an error on EACCES to avoid spaming logs.

	Currently there's no functional change.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	util: cgroup: Drop virCgroup(Allow|Deny)DeviceMajor
	Since commit 47e5b5ae virCgroupAllowDevice allows to pass -1 as either
	the minor or major device number and it automatically uses '*' in place
	of that. Reuse the new approach through the code and drop the duplicated
	functions.

	util: cgroup: Instrument virCgroupDenyDevice to handle -1 device number as *
	Similarly to commit 47e5b5ae virCgroupDenyDevice will handle -1 as *.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Refactor code now that we assume support for fd migration
	After removing capability check for fd migration the code that was left
	behind didn't make quite sense. The old exec migration would be used in
	case when pipe() failed. Remove the old code and make failure of pipe()
	a hard error.

	This additionally removes usage of virCgroupAllowDevicePath outside of
	qemu_cgroup.c.

2016-02-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Remove abandoned function qemuAddToCgroup
	This function doesn't do anything useful since 2049ef99425db33f1e66fa8.

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	conf: Use a temporary int variable to store GIC version
	Since no value in the virGICVersion enumeration is negative, a clever
	enough compiler can report an error such as

	  src/conf/domain_conf.c:15337:75: error: comparison of unsigned enum
	  expression < 0 is always false [-Werror,-Wtautological-compare]
	    if ((def->gic_version = virGICVersionTypeFromString(tmp)) < 0 ||
	        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~

	virGICVersionTypeFromString() can, however, return a negative value if
	the input string is not part of the enumeration, so we definitely need
	that check.

	Work around the problem by storing the return value in a temporary int
	variable.

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuDomainNetVLAN
	Move function into qemu_domain.c.

	qemu: Move qemuAssign*Alias* API's into their own module
	Create a new module qemu_alias.c to handle the qemuAssign*Alias* APIs
	and the qemuDomainDeviceAliasIndex

	qemu: Move qemuNetworkPrepareDevices
	Move function to qemu_process.c, rename to qemuProcessNetworkPrepareDevices
	and make it static.

	qemu: Move and rename qemuOpenVhostNet
	Move function to qemu_interface.c and rename to qemuInterfaceOpenVhostNet

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuDomain*Address* functions
	Create new modules qemu_domain_address.c and qemu_domain_address.h to
	contain all the new functions and header data. Additionally move any
	supporting static functions.

	Make qemuDomainSupportsPCI non static.

	Also, move and rename the following:

	qemuSetSCSIControllerModel to qemuDomainSetSCSIControllerModel
	qemuCollectPCIAddress to qemuDomainCollectPCIAddress
	qemuValidateDevicePCISlotsPIIX3 to qemuDomainValidateDevicePCISlotsPIIX3
	qemuAssignDevicePCISlots to qemuDomainAssignDevicePCISlots

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuDomainSupports* functions
	Move qemuDomainSupportsNicdev and qemuDomainSupportsNetdev into qemu_domain.c
	and expose from there.

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuNetworkIfaceConnect to qemu_interface.c and rename
	Move the misplaced function from qemu_command.c to qemu_interface.c
	since it's closer in functionality there and had less to do with building
	the command line.

	Rename function to qemuInterfaceBridgeConnect and modify callers.

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuPhysIfaceConnect to qemu_interface.c and rename
	Move the misplaced function from qemu_command.c to qemu_interface.c
	since it's closer in functionality there and had less to do with building
	the command line.

	Rename function to qemuInterfaceDirectConnect and modify callers.

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuVirCommandGetDevSet
	Move function closer to where it's used in qemuBuildTPMBackendStr

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuBuildTPMDevStr
	Move function closer to where it's used in qemuBuildTPMCommandLine

	Also fix function header to match current coding practices

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuVirCommandGetFDSet
	Move function closer to where it's used in qemuBuildTPMCommandLine

2016-02-16  John Ferlan  <jferlan@redhat.com>

	qemu: Move qemuBuildTPMBackendStr
	Move function closer to where it's called in qemuBuildTPMCommandLine

	Also adjust function header to fit current coding guidelines

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	tests: Add more GIC test cases
	Test all kinds of scenarios, including guests asking for GIC but
	failing to specify a version, guests specifying an invalid version
	and guests trying to use GIC with non-virt or even non-ARM machines.

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	tests: Reorganize and simplify GIC test cases
	Unify the naming to prepare for new test cases that will be added
	later on.

	Convert a couple of output XML files for the qemuxml2xml test to
	symlinks while at it, since they were identical to the corresponding
	input XML files anyways.

	Moreover, since we're only interested in testing GIC support here,
	simplify XML files by getting rid of the unrelevant bits.

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	qemu: Always enable GIC on ARM virt machines
	GIC is always available to ARM virt machines, and the domain XML should
	reflect this fact.

	qemu: Default to GIC v2
	When a domain is configured to use GIC but no version has been
	specified by the user, default to GIC v2.

	conf: Use virGICVersion enumeration in virDomainDef
	Instead of allowing any random positive number, restrict the possible
	values to the ones that are part of the virGICVersion enumeration.

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	schema: List allowed GIC versions
	This change allows to use "host" as a GIC version in the domain XML.

	Since we'll need to update the virGICVersion enumeration to support
	new GIC versions anyway, it makes sense to be a bit more strict in
	the schema as well and reject values that are not in the enumeration.

2016-02-16  Andrea Bolognani  <abologna@redhat.com>

	gic: Introduce virGICVersion enumeration
	We currently blindly accept any numeric value as a GIC version, even
	though only GIC v2 and GIC v3 actually exist; on the other hand, we
	reject "host", which is a perfectly legitimate value for QEMU guests.

	This new enumeration contains all GIC versions libvirt is aware of.

2016-02-16  Ludovic Beliveau  <ludovic.beliveau@windriver.com>

	qemu: fix hot unplug of PCI devices with VFIO
	Currently, on hot unplug of PCI devices with VFIO driver for QEMU, libvirt is
	trying to restore the host devices to it's previous value (basically a chown
	on the previous user/group).

	However for devices with VFIO driver, when the device is unbinded it is
	removed from the /dev/vfio file system causing the restore label to fail.

	The fix is to not restore the label for those PCI devices since they are going
	to be teared down anyway.

2016-02-15  Ján Tomko  <jtomko@redhat.com>

	Spell VMware with a lowercase w
	Replace all occurrences of VMWare outside the news.

2016-02-15  Peter Krempa  <pkrempa@redhat.com>

	vsh: Replace vshPrint macro with function
	The macro would eat the first parameter. In some cases the format string
	for vshPrint was eaten. In other cases the calls referenced variables
	which did not exist in the given context. Avoid errors by doing compile
	time checking.

	vsh: Simplify bailing out on OOM conditions
	When we hit OOM it doesn't really make sense to format the error message
	by attempting to allocate it. Introduce a simple helper that prints a
	static message and terminates the execution.

2016-02-14  Laine Stump  <laine@laine.org>

	util: clean up and expand 802.1QbX negotiation logging
	The existing log messages for this have several problems; there are
	two lines of log when one will suffice, they duplicate the function
	name in log message (when it's already included by VIR_DEBUG), they're
	missing some useful bits, they get logged even when the call is a NOP.

	This patch cleans up the problems with those existing logs, and also
	adds a new VIR_INFO-level log down at the function that is actually
	creating and sending the netlink message that logs *everything* going
	into the netlink message (which turns out to be much more useful in
	practice for me; I didn't want to eliminate the logs at the existing
	location though, in case they are useful in some scenario I'm
	unfamiliar with; anyway those logs are remaining at debug level, so it
	shouldn't be a bother to anyone).

2016-02-14  Laine Stump  <laine@laine.org>

	network: consolidated info log for all network allocate/free operations
	There are three functions that deal with allocating and freeing
	devices from a networks netdev/pci device pool:
	network(Allocate|Notify|Release)ActualDevice(). These functions also
	maintain a counter of the number of domains currently using a network
	(regardless of whether or not that network uses a device pool). Each
	of these functions had multiple log messages (output using VIR_DEBUG)
	that were in slightly different formats and gave varying amounts of
	information.

	This patch creates a single function to log the pertinent information
	in a consistent manner for all three of these functions. Along with
	assuring that all the functions produce a consistent form of output
	(and making it simpler to change), it adds the MAC address of the
	domain interface involved in the operation, making it possible to
	verify which interface of which domain the operation is being done for
	(assuming that all MAC addresses are unique, of course).

	All of these messages are raised from DEBUG to INFO, since they don't
	happen that often (once per interface per domain/libvirtd start or
	domain stop), and can be very informative and helpful - eliminating
	the need to log debug level messages makes it much easier to sort
	these out.

2016-02-14  Laine Stump  <laine@laine.org>

	network: consolidate connection count updates for device pool
	networkReleaseActualDevice() and networkNotifyActualDevice() both were
	updating the individual devices' connections count in two separate
	places (unlike networkAllocateActualDevice() which does it in a single
	unified place after success:). The code is correct, but prone to
	confusion / later breakage. All of these updates are anyway located at
	the end of if/else clauses that are (with the exception of a single
	VIR_DEBUG() in each case) immediately followed by the success: label
	anyway, so this patch replaces the duplicated ++/-- instructions with
	a single ++/-- inside a qualifying "if (dev)" down below success:.
	(NB: if dev != NULL, by definition we are using a device (either pci
	or netdev, doesn't matter for these purposes) from the network's pool)

	The VIR_DEBUG args (which will be replaced in a followup patch anyway)
	were all adjusted to account for the connection count being out of
	date at the time.

2016-02-12  Wido den Hollander  <wido@widodh.nl>

	rbd: Use RBD fast-diff for querying actual volume allocation
	Since Ceph version Infernalis (9.2.0) the new fast-diff mechanism
	of RBD allows for querying actual volume usage.

	Prior to this version there was no easy and fast way to query how
	much allocation a RBD volume had inside a Ceph cluster.

	To use the fast-diff feature it needs to be enabled per RBD image
	and is only supported by Ceph cluster running version Infernalis
	(9.2.0) or newer.

	Without the fast-diff feature enabled libvirt will report an allocation
	identical to the image capacity. This is how libvirt behaves currently.

	'virsh vol-info rbd/image2' might output for example:

	  Name:           image2
	  Type:           network
	  Capacity:       1,00 GiB
	  Allocation:     124,00 MiB

	Newly created volumes will have the fast-diff feature enabled if the
	backing Ceph cluster supports it.

2016-02-12  Wido den Hollander  <wido@widodh.nl>

	rbd: rbd_diff_iterate2() is available in librbd since 266
	In commit 0b15f920 there is a #ifdef which requires LIBRBD_VERSION_CODE
	266 or newer for rbd_diff_iterate2()

	rbd_diff_iterate2() is available since 266, so this if-statement should
	require anything newer than 265.

2016-02-12  Wido den Hollander  <wido@widodh.nl>

	rbd: Add volStorageBackendRBDGetFeatures() for internal calls
	As more and more features are added to RBD volumes we will need to
	call this method more often.

	By moving it into a internal function we can re-use code inside the
	storage backend.

2016-02-12  Andrea Bolognani  <abologna@redhat.com>

	domsuspend: Fix warning on mingw build
	Commit d82170d introduced a workaround for domtop: in that example
	program, we define a symbol called ERROR for our own use, but since
	a symbol with the same name is already defined in one of mingw's
	header files, we get a warning when using that compiler.

	domsuspend defines the same problematic symbol, so the workaround
	has been copied over.

2016-02-12  Michal Privoznik  <mprivozn@redhat.com>

	storageVolCreateXMLFrom: Check if backend knows how to createVol
	It is highly unlikely that a backend will know how to create a
	volume from a different volume (buildVolFrom) and not know how to
	create an empty volume (createVol). But:
	1) we call the function without any prior check so if that's the
	case we would SIGSEGV immediatelly
	2) it's better to be safe than sorry.

	storageVolCreateXML: Swap order of two operations
	Firstly, we realloc internal list to hold new item (=volume that
	will be potentially created) and then we check whether we
	actually know how to create it. If we don't we consume more
	memory than we really need for no good reason.

	virsh: Teach vol-create-as to --print-xml
	We have the same argument to many other commands that produce an
	XML based on what user typed. But unfortunately vol-create-as
	was missing it. Maybe nobody had needed it yet. Well, I did
	just now.

	cmdVolCreateAs: Rework to follow usual func pattern
	The way we usually write functions is that we start the work and
	if something goes bad we goto cleanup and roll back there. Or
	just free resources that are no longer needed. Do the same here.

2016-02-12  Michal Privoznik  <mprivozn@redhat.com>

	virportallocatortest: Run on linux only
	After the rework of mocking of our tests there's the
	virportallocator test failing to link on mingw. Well, it's the
	mocking library actually:

	../gnulib/lib/.libs/libgnu.a(bind.o): In function `rpl_bind':
	/home/jenkins/libvirt-mingw/build32/gnulib/lib/../../../gnulib/lib/bind.c:33: multiple definition of `rpl_bind'
	.libs/virportallocatormock_la-virportallocatormock.o:/home/jenkins/libvirt-mingw/build32/tests/../../tests/virportallocatormock.c:79: first defined here

	I've no idea why this matters to mingw and does not to others.
	Nevertheless, if we make the test linux only the problem goes
	away.

	Apparently, our test for RTLD_NEXT is not sufficient because
	mingw32 defines it. Lets put aside for a while fact that it has
	the same value as RTLD_DEFAULT which by description has different
	meaning, shall we?

2016-02-12  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: fix race condition when adding domain to domains list
	Race condition:
	User calls defineXML to create new instance.
	The main thread from vzDomainDefineXMLFlags() creates new instance by prlsdkCreateVm.
	Then this thread calls prlsdkAddDomain to add new domain to domains list.
	The second thread receives notification from hypervisor that new VM was created.
	It calls prlsdkHandleVmAddedEvent() and also tries to add new domain to domains list.
	These two threads call virDomainObjListFindByUUID() from prlsdkAddDomain() and don't find new domain.
	So they add two domains with the same uuid to domains list.

	This fix splits logic of prlsdkAddDomain() into two functions.
	1. vzNewDomain() creates new empty domain in domains list with the specific uuid.
	2. prlsdkLoadDomain() add data from VM to domain object.

	New algorithm for creating an instance:
	In vzDomainDefineXMLFlags() we add new domain to domain list by calling vzNewDomain()
	and only after that we call CreateVm() to create VM.
	It means that we "reserve" domain object with the specific uuid.
	After creation of new VM we add info from this VM
	to reserved domain object by calling prlsdkLoadDomain().

	Before this patch prlsdkLoadDomain() worked in 2 different cases:
	1. It creates and initializes new domain. Then updates it from sdk handle.
	2. It updates existed domain from sdk handle.
	In this patch we remove code which creates new domain from LoadDomain()
	and move it to vzNewDomain().
	Now prlsdkLoadDomain() only updates domain from skd handle.

	In notification handler prlsdkHandleVmAddedEvent() we check
	the existence of a domain and if it doesn't exist we add new domain by calling
	vzNewDomain() and load info from sdk handle via prlsdkLoadDomain().

2016-02-12  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: fix notification subscription
	Bug cause:
	Update the domain that is subscribed to hypervisor notification.
	LoadDomain() rewrites notifications fields in vzDomObj structure and makes domain as "unsubscribed".
	Fix:
	Initialize notification fields in vzDomObj only if we create a new domain.
	And do not reinitialize these fields if we update domain (by calling LoadDomain with olddom argument)

	vz: remove unused struct field
	In commit 7039bb3c we have removed code that saves uuid to vzDomObj.uuid
	So this field is no longer needed.

	vz: make output arguments in prlsdkGetDomainIds as optional
	prlsdkGetDomainIds() returns name and uuid for specified instance.
	Now output arguments can be NULL.
	It allows to get only necessary info(name or uuid).

2016-02-12  Maxim Nestratov  <mnestratov@virtuozzo.com>

	Change maintainers list
	Add Maxim Nestratov to the commiters list.
	Move Dmitry Guryanov to the previous maintainers list.

2016-02-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Rename virmockdbus -> virdbusmock for consistency
	All mock libraries were called vir*mock except for this one; now
	the naming is consistent across the board.

	tests: Don't use "lib" prefix for mock libraries
	virportallocatormock was the only one using it, and has been
	changed accordingly.

2016-02-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Allow use of close() in mock libraries
	As mock libraries are not to be linked against libvirt, the
	sc_prohibit_close syntax-check rule does not apply.

	This fixes a syntax-check failure introduced by commit a03cbfe0fb.

2016-02-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Split off the mock part of the port allocator test
	Instead of compiling either the mock or the non-mock part of the
	file based on a compiler flag, split the mock part off to its
	own file.

2016-02-11  Peter Krempa  <pkrempa@redhat.com>

	conf: snapshot: Avoid autogenerating duplicate snapshot names
	The snapshot name generator truncates the original file name after a '.'
	and replaces the suffix with the snapshot name. If two disks source
	images differ only in the suffix portion, the generated name will be
	duplicate.

	Since this is a corner case just error out stating that a duplicate name
	was generated. The user can work around this situation by providing
	the file names explicitly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1283085

2016-02-11  Peter Krempa  <pkrempa@redhat.com>

	conf: snapshot: Refactor virDomainSnapshotDefAssignExternalNames
	Get rid of one indentation level by negating condition and remove ugly
	pointer arithmetic at the cost of one extra allocation.

	conf: snapshot: Extract code to generate default external file names

	conf: snapshot: Rename disksorter to virDomainSnapshotCompareDiskIndex
	Stick to the naming pattern.

2016-02-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Link mock libraries against gnulib and gnulib only
	Mock libraries should not be linked against libvirt, but some of
	them did - fix that.

	On the other hand, not linking against gnulib can cause build
	failures on mingw, so define a new $(MOCKLIBS_LIBS) variable and
	use it everywhere.

2016-02-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Use plain close() in mock code
	The virportallocatortest.c file is compiled both as a test case
	and as a mock library; in the latter case, it can't use
	VIR_FORCE_CLOSE() because mock libraries are not linked against
	libvirt.

	Replace VIR_FORCE_CLOSE() with plain close() to solve the issue.

2016-02-11  Michal Privoznik  <mprivozn@redhat.com>

	dbus: Don't unref NULL messages
	Apparently we are not the only ones with dumb free functions
	because dbus_message_unref() does not accept NULL either. But if
	I were to vote, this one is even more evil. Instead of returning
	an error just like we do it immediately dereference any pointer
	passed and thus crash you app. Well done DBus!

	  Program received signal SIGSEGV, Segmentation fault.
	  [Switching to Thread 0x7f878ebda700 (LWP 31264)]
	  0x00007f87be4016e5 in ?? () from /usr/lib64/libdbus-1.so.3
	  (gdb) bt
	  #0  0x00007f87be4016e5 in ?? () from /usr/lib64/libdbus-1.so.3
	  #1  0x00007f87be3f004e in dbus_message_unref () from /usr/lib64/libdbus-1.so.3
	  #2  0x00007f87bf6ecf95 in virSystemdGetMachineNameByPID (pid=9849) at util/virsystemd.c:228
	  #3  0x00007f879761bd4d in qemuConnectCgroup (driver=0x7f87600a32a0, vm=0x7f87600c7550) at qemu/qemu_cgroup.c:909
	  #4  0x00007f87976386b7 in qemuProcessReconnect (opaque=0x7f87600db840) at qemu/qemu_process.c:3386
	  #5  0x00007f87bf6edfff in virThreadHelper (data=0x7f87600d5580) at util/virthread.c:206
	  #6  0x00007f87bb602334 in start_thread (arg=0x7f878ebda700) at pthread_create.c:333
	  #7  0x00007f87bb3481bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
	  (gdb) frame 2
	  #2  0x00007f87bf6ecf95 in virSystemdGetMachineNameByPID (pid=9849) at util/virsystemd.c:228
	  228         dbus_message_unref(reply);
	  (gdb) p reply
	  $1 = (DBusMessage *) 0x0

2016-02-11  Ján Tomko  <jtomko@redhat.com>

	virhook: do not save the return value of virBuildPath
	This function returns -1 on allocation error, there's no
	need to check the path for NULL again.

2016-02-11  Ján Tomko  <jtomko@redhat.com>

	Clean up usage of 'ret' variable
	Do not store the return value of called functions in the same variable
	as the (future) return value of the current function.

	This makes tracking the origin of the value easier and reduces
	the chance of introducing a new point of exit without resetting
	the return value back to -1.

2016-02-11  Ján Tomko  <jtomko@redhat.com>

	Prohibit verbose strcat
	Using strcat directly is more readable than passing strlen
	of the copied string to strncat.

	vbox: remove more extra spaces

	vbox: remove extra spaces from function headers
	Also fix the curly brace to pass sytnax-check.

	vbox: remove extra spaces from assignments

	vbox: remove extra spaces from variable initializations

	vbox: remove extra spaces from macro definitions

2016-02-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Connect to guest agent iff needed
	https://bugzilla.redhat.com/show_bug.cgi?id=1293351

	Since we already have virtio channel events, we know when guest
	agent within guest has (dis-)connected. Instead of us blindly
	connecting to a socket that no one is listening to, we can just
	follow what qemu-ga does. This has a nice benefit that we don't
	need to 'guest-ping' the agent just to timeout and find out
	nobody is listening.

	The way that this commit is implemented:
	- don't connect in qemuProcessLaunch directly, defer that to event
	  callback (which already follows the agent) -
	  processSerialChangedEvent
	- after migration is settled, before we resume vCPUs, ask qemu
	  whether somebody is listening on the socket and if so, connect
	  to it.

2016-02-10  John Ferlan  <jferlan@redhat.com>

	qemu: Split the command parsing routines into own module
	Extract out the qemuParseCommandLine{String|Pid} into their own
	separate module - taking with it all the various static functions.

	Causes a ripple effect with a few other modules to include the
	new qemu_parse_command.h.

	Narrowed down the list of #include's in the split out module to
	those that are necessary for build.

2016-02-10  John Ferlan  <jferlan@redhat.com>

	qemu: Check return status for virDomainGraphicsListenSetAddress
	Recent refactors in the vbox code to check the return status for the
	function tipped Coverity's scales of justice for any functions that
	do not check status - such as this one.

	While I'm at it, since the call is essentially the same other than
	whether starting from val or val+1 when val[0] = '[', just adjust
	the val pointer by one and have one call instead of two.

	Additionally, the call to virDomainGraphicsListenGetAddress is redundant
	since it checking that the address field got filled.  It's a leftover
	from the strndup -> ListenSetAddress conversion (commit id 'ef79fb5b5')

2016-02-10  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuParseCommandLineVnc
	Refactor qemuParseCommandLine to pull out the "-vnc" argument parsing
	into its own helper function.  Modify the code to use "cleanup" instead
	of "error" and use the standard return processing to indicate success
	or failure by using ret

2016-02-10  Andrea Bolognani  <abologna@redhat.com>

	Revert "tests: Don't link mock libraries against libvirt and gnulib"
	This reverts commit 6aa90452aa63cb1e1ffa84ff5f93f5873bf810a0.

	Turns out that not linking against libvirt and gnulib is okay for
	regular Linux (and FreeBSD) builds, but makes mingw very unhappy.

	  .../virnetserverclientmock_la-virnetserverclientmock.o:
	    In function `virNetSocketGetSELinuxContext':
	    .../virnetserverclientmock.c:61: undefined reference to `rpl_strdup'
	  .../libvirportallocatormock_la-virportallocatortest.o:
	    In function `init_syms':
	    .../virportallocatortest.c:61: undefined reference to `virFileClose'

2016-02-10  Andrea Bolognani  <abologna@redhat.com>

	tests: Don't link mock libraries against libvirt and gnulib
	Mock libraries are used with LD_PRELOAD from test binaries that
	are already linked against those libraries, so they will be able
	to resolve the symbols anyway.

2016-02-10  Michal Privoznik  <mprivozn@redhat.com>

	xenconfig: Properly check retval of virDomainGraphicsListenSetAddress
	The function, like others in our code, returns zero on success
	and a negative value on error. However, there are two places in
	xenconfig source code where we check for non-zero value. While
	the function can't currently return a positive value, those
	checks look okay, but does not really follow our style.

2016-02-10  Joao Martins  <joao.m.martins@oracle.com>

	libxl: keepalive messages support
	This patch introduces keep alive messages support for P2P migration
	and it adds two new configuration entries namely 'keepalive_interval'
	'keepalive_count' to control it. Behavior of these entries is the
	same as qemu driver thus the description is copied from there
	with just a few simplifications.

2016-02-10  Joao Martins  <joao.m.martins@oracle.com>

	libxl: add p2p migration
	Introduce support for VIR_MIGRATE_PEER2PEER in libvirt migration.
	Most of the changes occur at the source and no modifications at
	the receiver.

	In P2P mode there is only the Perform phase so we must handle the
	connection with the destination and actually perform the
	migration. libxlDomainPerformP2P implements the connection to the
	destination and libxlDoMigrateP2P implements the actual migration
	logic with virConnectPtr. In this function we take care of doing
	all phases of migration in the destination similar to
	virDomainMigrateVersion3Full. We appropriately save the last
	error reported in each of the phases to provide proper reporting.
	We don't yet support VIR_MIGRATE_TUNNELED and we always use V3
	with extensible params, thus it also makes the implementation
	simpler.

	It is worth noting that the receiver didn't have any changes, and
	since it's still the v3 sequence thus it is possible to migrate
	from a P2P to non-P2P host.

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemu: More aarch64 virtio and pci tests
	Clarify the point of some of the test cases by renaming them. Add more
	xml2xml tests.

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2xml: assign device addresses
	We use the PreFormat callback for this. Many test cases need to be extended
	to pass in proper qemuCaps flags so AssignAddresses doesn't throw errors.

	One test case (pcie-root-port-too-many) is dropped, since it was meant
	only for checking an error condition in qemuxml2argv, and one we add in
	AssignAddresses it errors here too.

	Long term I think AssignAddresses should be handled in qemu's PostParse
	callback, but that's not entirely straightforward. Handling it here
	means we can get the test suite churn over with.

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: utils: Add PreFormat callback for CompareXML2XML helper
	This allows individual driver tests to hook in their own code before
	the def is formatted and compared.

	We will eventually use this in the qemuxml2xml

2016-02-09  Michal Privoznik  <mprivozn@redhat.com>

	virStringListLength: Ensure const correctness
	The virStringListLength function does not ever modify the passed
	string list. It merely counts the items in it. Make sure that we
	reflect this bit in the function header.


	(crobinso: fix up spacing and squash in sheepdog bit suggested
	 by Andrea)

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2xml: specify qemuCaps in test cases
	Similar to how we do it for qemuxml2argvtest. This will be used in future
	patches.

	tests: Unconditionally enable QEMU_CAPS_DEVICE
	QEMU_CAPS_DEVICE is always enabled for qemu binaries we support.
	Sync qemuxml2* to match, and regenerate all test output.

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2argv: remove some QEMU_CAPS_DEVICE problem cases
	When we unconditionally enable QEMU_CAPS_DEVICE, these tests need
	some massaging, so do it ahead of time to not mix it in with the
	big test refresh.

	- minimal-s390 is not a real world working config, so drop it
	- disk-usb was testing for an old code path that will be removed.
	  instead use it to test lack of USB disk support, and rename it
	  to disk-usb-nosupport. Switch xml2xml to use disk-usb-device for
	  input.
	- cputune-numatune was needlessly using q35, switch it to an older
	  machine type

2016-02-09  Michal Privoznik  <mprivozn@redhat.com>

	virDomainFormatSchedDef: Initialize @priority
	Older gcc fails to see that the variable is set iff @hasPriority
	== true in which case the former is set a value. Initialize the
	value while declaring it to make the compiler shut up.

2016-02-09  Martin Kletzander  <mkletzan@redhat.com>

	util: Get rid of virStringListLen()
	It does exactly the same thing as virStringListLength() and it's used in
	one place only.

2016-02-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2xml: Always use different output file
	Most qemuxml2xml tests expect that the input XML is unchanged after
	parsing. This is unlike 99% of new qemu configs in the wild, which after
	initial parsing end up with stable PCI device addresses. The xml2xml bit
	doesn't currently hit that code path though, so most XML testing indeed
	does not change.

	Future patches will add that PCI address bits, which means most test cases
	will have different output. So let's do away with the hardcoded same vs
	different test split, and always track a separate output file. Tests can
	still have same input and output, it just necessitates 2 separate XML files.

2016-02-09  Martin Kletzander  <mkletzan@redhat.com>

	Fix '-pie' build with clang
	Commit 97e70a593589e8f0432a748b4b93c3cdc18b9e5a added the option -pie to
	CFLAGS and LDFLAGS, however '-pie' is just a linker option.  That
	wouldn't be a problem.  However, clang is checking for that and outputs
	an error or unused argument:

	error: argument unused during compilation: '-pie'

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: swap two parameters of virLeaseNew
	My commit e11aa74 messed up the parameter order.

	Reported by John Ferlan.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: realign variable initializations
	Remove the extra spaces, do not align them on '='.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: remove suspicious strlen
	The return type of strlen is 'size_t', which is unsigned and therefore
	never less than zero.

	Use STREQ to make the check obvious.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: reuse the keyUtf16 variable
	We free the key right after calling the API.

	Reuse a single variable to remove the typo.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: use VIR_APPEND_ELEMENT
	Instead of open-coding it.

	vboxDumpDisplay: check return of virDomainGraphicsListenSetAddress
	Error out if the allocation failed.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: clean up VIR_STRDUP usage
	Two VIR_STRDUP calls are redundant - just steal the string
	converted by VBOX_UTF16_TO_UTF8.

	Report an error when the third one fails.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: fill out the graphics structure earlier
	Remove the need to track what type of graphics were present
	by temporary variables.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: allocate the graphics structure upfront
	Allocate it as soon as we know we will need it.

	Add it to def->ngraphics if it's allocated, removing the need
	to use the addDesktop and totalPresent variables to track this.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: split out def->graphics allocation
	Separate allocation of the def->graphics array from the allocation
	and initialization of its first element.

	Note that the only possible values of totalPresent at this point
	are 0 or 1, because it equals to guiPresent + sdlPresent.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	vboxDumpDisplay: remove extra virReportOOMError
	VIR_ALLOC* already reported an error.

	vboxDumpDisplay: add addDesktop bool
	When FRONTEND/Type is not any of "sdl", "gui", "vrdp", we add a DESKTOP.
	Use a bool to track this, instead of checking that both
	totalPresent ("sdl" or "gui" present) and vrdpPresent are zero.

	vboxDumpDisplay: more indentation reducing
	VRDxEnabled is initialized to false. Put the if (VRDxEnabled)
	on the top level to reduce nesting.

	vboxDumpDisplay: reduce indentation level
	Use STREQ_NULLABLE instead of deep nesting.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	Check return value of vboxDumpVideo
	Error out on allocation failures instead of creating an incomplete
	definition.

	Fixes a possible crash when def->nvideos is 1, but def->videos is NULL.

2016-02-09  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: split out virLeaseNew
	For the actions ADD and OLD, split out creating the new lease object,
	as well as getting the environment variables that do not affect
	the parsing of command line arguments.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: iothread: Reuse qemuProcessSetupIOThread in iothread hotplug
	Since majority of the steps is shared, the function can be reused to
	simplify code.

	Similarly to previous path doing this same for vCPUs this also fixes the
	a similar bug (which is not tracked).

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: iothread: Aggregate code to set IOThread tuning
	Rather than iterating 3 times for various settings this function
	aggregates all the code into single place. One of the other advantages
	is that it can then be reused for properly setting IOThread info on
	hotplug.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: vcpu: Reuse qemuProcessSetupVcpu in vcpu hotplug
	Since majority of the steps is shared, the function can be reused to
	simplify code.

	Additionally this resolves
	https://bugzilla.redhat.com/show_bug.cgi?id=1244128 since the cpu
	bandwidth limiting with cgroups would not be set on the hotplug path.

	Additionally the code now sets the thread affinity and honors autoCpuset
	as in the regular startup code path.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: vcpu: Aggregate code to set vCPU tuning
	Rather than iterating 3 times for various settings this function
	aggregates all the code into single place. One of the other advantages
	is that it can then be reused for properly setting vCPU info on hotplug.

	With this approach autoCpuset is also used when setting the process
	affinity rather than just via cgroups.

2016-02-08  Joao Martins  <joao.m.martins@oracle.com>

	remote: enforce VIR_TYPED_PARAM_STRING_OKAY flag on client side serialization
	Commit 8cd1d54 consolidates both daemon and remote driver typed param
	serialization functions. The consolidation now enforces client to use
	VIR_TYPED_PARAM_STRING_OKAY flag to properly serialize string parameters, which
	server has used for quite some time now. And this caused an issue, since the
	commit had not adjusted client remote calls appropriately, thus causing a
	failure in blkiotune, numatune and migration APIs (as per Xen CI tests). This
	patch adjusts both remote_driver.c and gendispatch.pl to properly address this
	issue.

	http://lists.xenproject.org/archives/html/xen-devel/2016-02/msg01012.html

2016-02-08  Michal Privoznik  <mprivozn@redhat.com>

	vircgroup: Update virCgroupGetPercpuStats stump
	In the commit 7938b533 we've changed the function signature,
	however forgot to update stump that's used on systems without
	CGroups causing a build failure.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix how iothread scheduler info is stored
	Similarly to previous commit change the way how iothread scheduler info
	is stored and clean up a lot of unnecessary code.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't store vcpusched orthogonally to other vcpu info
	Due to bad design the vcpu sched element is orthogonal to the way how
	the data belongs to the corresponding objects. Now that vcpus are a
	struct that allow to store other info too, let's convert the data to the
	sane structure.

	The helpers for the conversion are made universal so that they can be
	reused for iothreads too.

	This patch also resolves https://bugzilla.redhat.com/show_bug.cgi?id=1235180
	since with the correct storage approach you can't have dangling data.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Extract code that formats <cputune>
	virDomainDefFormatInternal is growing rather large. Extract the cputune
	formatter into a separate function.

	conf: remove unused cpu pinning helpers and data structures
	Now that the pinning info is stored elsewhere we can delete all the
	obsolete code.

	conf: Store cpu pinning data in def->vcpus
	Now with the new struct the data can be stored in a much saner place.

	conf: Don't copy def->cpumask into cpu pinning info
	This step can be omitted, so that drivers can decide what to do when the
	user requests to use default vcpu pinning.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reuse qemuDomainDetectVcpuPids in cpu hot(un)plug
	Now that qemuDomainDetectVcpuPids is able to refresh the vCPU pid
	information it can be reused in the hotplug and hotunplug code paths
	rather than open-coding a very similar algorithm.

	A slight algorithm change is necessary for unplug since the vCPU needs
	to be marked offline prior to calling the thread detector function and
	eventually rolled back if something fails.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Differentiate error codes when VM exits in qemuDomainDetectVcpuPids
	Some callers will need to behave differently when the detection failed
	and when the VM crashed during the redetection. Return -2 if it crashed.

	cgroup: Prepare for sparse vCPU topologies in virCgroupGetPercpuStats
	Pass a bitmap of enabled guest vCPUs to virCgroupGetPercpuStats so that
	non-continuous vCPU topologies can be used.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Move and optimize disk target duplicity checking
	Move the logic from virDomainDiskDefDstDuplicates into
	virDomainDiskDefCheckDuplicateInfo so that we don't have to loop
	multiple times through the array of disks. Since the original function
	was called in qemuBuildDriveDevStr, it was actually called for every
	single disk which was quite wasteful.

	Additionally the target uniqueness check needed to be duplicated in
	the disk hotplug case, since the disk was inserted into the domain
	definition after the device string was formatted and thus
	virDomainDiskDefDstDuplicates didn't do anything in that case.

2016-02-08  Peter Krempa  <pkrempa@redhat.com>

	tests: Integrate startup checks to qemuxml2argvtest
	Some of the tests that are not a part of qemuBuildCommandLine were not
	executed in the test suite. We can now reuse qemuProcessStartValidate to
	integrate these tests.

	qemu: process: Extract pre-start checks into a function
	When starting a qemu process there are certain checks done to ensure
	that the configuration makes sense. Extract them into a separate
	function so that they can be reused in the test code.

	qemu: process: Reorder operations on early VM startup
	Retrieval of the driver capabilities as well as emulator capabilities
	does not require the complete qemuProcessStop to be executed on
	failure.

	qemu: hotplug: Check duplicate disk serial/wwn on hotplug too
	We do the check on VM start, but the user could still hotplug a disk
	with a conflicting serial or WWN. Reuse the checker function to fix the
	issue.

	conf: Extract code that checks disk serial/wwn conflict
	Put it into a separate function that can be called on two disk def
	pointers.

	qemu: hotplug: Extract common code to qemuDomainAttachDeviceDiskLive
	Target uniqueness check was duplicated in all of the three workers
	called from it. Extract it to the parent.

	qemu: hotplug: Use more common 'cleanup' label in qemuDomainAttachDeviceDiskLive

	qemu: hotplug: Break up if/else statement into switch

	qemu: hotplug: Remove unnecessary variable

	qemu: hotplug: Use typecasted switch
	Remove the default case since all cases are covered.

	qemu: snapshot: Avoid infinite loop if vCPUs can't be resumed
	In b3d2a42e I've refactored the code and moved the 'cleanup' label.
	Unfortunately the code that was originally in the 'endjob' label and
	wanted to jump to cleanup is now in the cleanup label. Remove the jump
	and let the function finish.

	qemu: snapshot: Don't overwrite existing errors when thawing filesystems
	If we are attempting to thaw the filesystems on error, the code would
	overwrite the error code that caused the snapshot to fail with the error
	of thawing the filesystem. Since the thawing function allows control of
	error reporting behavior we can use this feature.

2016-02-07  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nodedev: stub nodeDeviceSysfsGetPCIRelatedDevCaps
	Add a stub for nodeDeviceSysfsGetPCIRelatedDevCaps() for non-Linux
	platforms. It allows nodedev driver to work on non-Linux platoforms
	that, however, have HAL.

2016-02-06  John Ferlan  <jferlan@redhat.com>

	util: Fix virCgroupNewMachine ATTRIBUTE_NONNULL args
	Commit id 'c3bd0019c0' removed arg3, but forgot to adjust the numbers
	for NONNULL - caused build failure for coverity

2016-02-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix preprocessor indentation
	Syntax-check fails with:

	cppi: src/bhyve/bhyve_driver.h: line 26: not properly indented
	cppi: src/bhyve/bhyve_driver.h: line 27: not properly indented
	maint.mk: incorrect preprocessor indentation

	Fix by properly indenting '#include's.

	Pushed as trivial.

2016-02-05  Michal Privoznik  <mprivozn@redhat.com>

	bhyve: Fix the build
	After 1036ddadb276e we use bhyveDriverGetCapabilities from other
	sources too, not only from bhyve_driver.c. However, the function
	was static so not properly expose to other files. In order to
	expose it, we need to move couple of #include-s too.
	Then, there has been a copy paste error in
	virBhyveProcessReconnect: s/privconn/data->driver/.

2016-02-05  Cole Robinson  <crobinso@redhat.com>

	tests: qemuargv2xml: separate from qemuxml2argv data
	Most of the qemuargv2xml tests are parsing old style qemu command
	lines (with -disk, -serial, etc), and it gets its input from
	qemuxml2argv output.

	But since we've raise the minimum supported qemu version to 0.12.0,
	which supports -device, once that changes propagates through libvirt
	the vast majority of qemuxml2argv output is _not_ going to be using
	old style qemu options.

	In preparation for this, switch qemuargv2xml to use its own copies
	of input and output, so it's not tied to qemuxml2argv results.

	This is just a straight copy of the current tests.

2016-02-05  Cole Robinson  <crobinso@redhat.com>

	tests: Run test-wrap-argv with REGENERATE_OUTPUT
	To get properly wrapped output

2016-02-05  Wido den Hollander  <wido@widodh.nl>

	rbd: Use %zu for uint64_t instead of casting to unsigned long long
	This was only used in debugging messages and not in any real code.

	Ceph/RBD uses uint64_t for sizes internally and they can be printed
	with %zu without any need for casting.

2016-02-05  Wido den Hollander  <wido@widodh.nl>

	rbd: Code styling cleanup
	Through the years the RBD storage pool code hasn't maintained the
	same or correct coding standard which applies to libvirt.

	This patch doesn't change any logic in the code, it only applies
	the proper coding standards to the code where possible without
	making large changes.

	This way the code style used in this storage pool is consistent
	throughout the whole file.

2016-02-05  Michal Privoznik  <mprivozn@redhat.com>

	virSystemdGetMachineNameByPID: Initialize @reply
	I've noticed that variable @reply is not initialized and if
	something at the beginning of the function fails, e.g.
	virDBusGetSystemBus(), the control jump straight to cleanup label
	where dbus_message_unref() is then called over this uninitialized
	variable.

2016-02-05  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidth: Compute quantum value
	I've noticed couple of warning in dmesg while debugging
	something:

	[ 9683.973754] HTB: quantum of class 10001 is big. Consider r2q change.
	[ 9683.976460] HTB: quantum of class 10002 is big. Consider r2q change.

	I've read the HTB documentation and linux kernel code to find out
	what's wrong. Basically we need to pass another argument
	"quantum" to our tc cmd line because the default computed by HTB
	does not always work in which case the warning message is printed
	out.

	You can read more details here:

	http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm#sharing

2016-02-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Extract code for parsing thread resource scheduler info
	As the scheduler info elements are represented orthogonally to how it
	makes sense to actually store the information, the extracted code will
	be later used when converting between XML and internal definitions.

	conf: Add helper to return a bitmap of active iothread ids

	util: bitmap: Introduce bitmap subtraction
	Performs binary subtraction of two bitmaps. Stores result in the first
	operand.

2016-02-05  Martin Kletzander  <mkletzan@redhat.com>

	systemd: Modernize machine naming
	So, systemd-machined has this philosophy that machine names are like
	hostnames and hence should follow the same rules.  But we always allowed
	international characters in domain names.  Thus we need to modify the
	machine name we are passing to systemd.

	In order to change some machine names that we will be passing to systemd,
	we also need to call TerminateMachine at the end of a lifetime of a
	domain.  Even for domains that were started with older libvirt.  That
	can be achieved thanks to virSystemdGetMachineNameByPID().  And because
	we can change machine names, we can get rid of the inconsistent and
	pointless escaping of domain names when creating machine names.

	So this patch modifies the naming in the following way.  It creates the
	name as <drivername>-<id>-<name> where invalid hostname characters are
	stripped out of the name and if the resulting name is longer, it
	truncates it to 64 characters.  That way we can start domains we
	couldn't start before.  Well, at least on systemd.

	To make it work all together, the machineName (which is needed only with
	systemd) is saved in domain's private data.  That way the generation is
	moved to the driver and we don't need to pass various unnecessary
	arguments to cgroup functions.

	The only thing this complicates a bit is the scope generation when
	validating a cgroup where we must check both old and new naming, so a
	slight modification was needed there.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846

2016-02-05  Joao Martins  <joao.m.martins@oracle.com>

	conf: add caps to virDomainSnapshotDefFormat
	The virDomainSnapshotDefFormat calls into virDomainDefFormat,
	so should be providing a non-NULL virCapsPtr instance. On the
	qemu driver we change qemuDomainSnapshotWriteMetadata to also
	include caps since it calls virDomainSnapshotDefFormat.

2016-02-05  Daniel P. Berrange  <berrange@redhat.com>

	conf: add caps to virDomainObjFormat/SaveStatus
	The virDomainObjFormat and virDomainSaveStatus methods
	both call into virDomainDefFormat, so should be providing
	a non-NULL virCapsPtr instance.

2016-02-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build
	Fix build fail introduced as a side effect of commit d239a54.

	Pushed under the build breaker rule.

2016-02-04  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu migration: factor out setting migration option

2016-02-04  Peter Krempa  <pkrempa@redhat.com>

	Fix build after recent patches
	Few build breaking mistakes in less-popular parts of our code.

2016-02-04  John Ferlan  <jferlan@redhat.com>

	logical: Clarify pieces of lvs regex
	Rather than have a unwieldy regex string - split it up into its components
	each having it's own #define and then combine in a different #define

2016-02-04  Joao Martins  <joao.m.martins@oracle.com>

	libxl: set net device prefix
	Use the newly added virCapabilitiesSetNetPrefix to set
	the network prefix for the driver. This in return will
	be use by NetDefFormat() and NetDefParseXML() routines
	to free any interface name that start with the registered
	prefix.

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2016-02-04  Joao Martins  <joao.m.martins@oracle.com>

	conf: add caps to virDomainSaveConfig
	virDomainSaveConfig calls virDomainDefFormat which was setting the caps
	to NULL, thus keeping the old behaviour (i.e. not looking at
	netprefix). This patch adds the virCapsPtr to the function and allows
	the configuration to be saved and skipping interface names that were
	registered with virCapabilitiesSetNetPrefix().

	conf: add caps to virDomainDefFormat*
	And use the newly added caps->host.netprefix (if it exists) for
	interface names that match the autogenerated target names.

	conf: add prefix in virDomainNetDefParseXML
	And use the newly added caps->host.netprefix for free interface
	names that match the autogenerated target names.

2016-02-04  Joao Martins  <joao.m.martins@oracle.com>

	conf: add net device prefix to capabilities
	In the reverted commit d2e5538b1, the libxl driver was changed to copy
	interface names autogenerated by libxl to the corresponding network def
	in the domain's virDomainDef object. The copied name is freed when the
	domain transitions to the shutoff state. But when migrating a domain,
	the autogenerated name is included in the XML sent to the destination
	host.  It is possible an interface with the same name already exists on
	the destination host, causing migration to fail.

	This patch defines a new capability for setting the network device
	prefix that will be used in the driver. Valid prefixes are
	VIR_NET_GENERATED_PREFIX or the one announced by the driver.

2016-02-04  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: display if ZFS storage backend is enabled
	Make 'virsh -V' list ZFS storage backend if it's enabled.

2016-02-04  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	configure: zfs: enable on Linux
	ZFS-on-Linux implementation of ZFS starting with version 0.6.4
	contains all the features we use. Additionally, as we support
	'volmode' option handling that's not available on ZoL but is
	available on FreeBSD, there is no need to block ZFS storage driver
	on Linux anymore.

	So un-mark zfs storage driver as FreeBSD-only.

2016-02-04  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: zfs: flexible use of 'volmode' option
	There are slight differences in various ZFS implementations.
	Specifically, ZFS on FreeBSD requires to set value of 'volmode'
	option to 'dev' to expose volumes as raw disk device (that's what
	we need) rather than geom provides, for example.

	With ZFS on Linux, however, such option is not available and
	volumes exposed like we need by default.

	To make our implementation more flexible, only pass 'volmode'
	when it's supported. Support is checked by parsing usage
	information of the 'zfs get' command.

2016-02-03  Erik Skultety  <eskultet@redhat.com>

	util: Export remoteSerializeTypedParameters internally via util
	Same as for deserializer, this method might get handy for admin one day.
	The major reason for this patch is to stay consistent with idea, i.e.
	when deserializer can be shared, why not serializer as well. The only
	problem to be solved was that the daemon side serializer uses a code
	snippet which handles sparse arrays returned by some APIs as well as
	removes any string parameters that can't be returned to older clients.
	This patch makes of the new virTypedParameterRemote datatype introduced
	by one of the pvious patches.

	util: Export remoteFreeTypedParameters internally via util
	Since the method is static to remote_driver, it can't even be used by our
	daemon. Other than that, it would be useful to be able to use it with admin as
	well. This patch uses the new virTypedParameterRemote datatype introduced in
	one of previous patches.

2016-02-03  Erik Skultety  <eskultet@redhat.com>

	util: Export remoteDeserializeTypedParameters internally via util
	Currently, the deserializer is hardcoded into remote_driver which makes
	it impossible for admin to use it. One way to achieve a shared implementation
	(besides moving the code to another module) would be pass @ret_params_val as a
	void pointer as opposed to the remote_typed_param pointer and add a new extra
	argument specifying which of those two protocols is being used and typecast
	the pointer at the function entry. An example from remote_protocol:

	struct remote_typed_param_value {
	        int type;
	        union {
	                int i;
	                u_int ui;
	                int64_t l;
	                uint64_t ul;
	                double d;
	                int b;
	                remote_nonnull_string s;
	        } remote_typed_param_value_u;
	};
	typedef struct remote_typed_param_value remote_typed_param_value;

	struct remote_typed_param {
	        remote_nonnull_string field;
	        remote_typed_param_value value;
	};

	That would leave us with a bunch of if-then-elses that needed to be used across
	the method. This patch takes the other approach using the new datatype
	introduced in one of earlier commits.

2016-02-03  Erik Skultety  <eskultet@redhat.com>

	util: Introduce virTypedParameterRemote datatype
	Both admin and remote protocols define their own types
	(remote_typed_param vs admin_typed_param). Because of the naming convention,
	admin typed params wouldn't be able to reuse the serialization/deserialization
	methods, which are tailored for use by remote protocol, even if those method
	were exported properly. In that case, introduce a new internal data type
	structurally copying both admin and remote protocols which, eventually, would
	allow serializer and deserializer to be used in a more generic way.

2016-02-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: qemuDomainRename and virDomainObjListNumOfDomains ABBA deadlock fix
	A pretty nasty deadlock occurs while trying to rename a VM in parallel
	with virDomainObjListNumOfDomains.
	The short description of the problem is as follows:

	Thread #1:

	qemuDomainRename:
	    ------> aquires domain lock by qemuDomObjFromDomain
	       ---------> waits for domain list lock in any of the listed functions:
	          - virDomainObjListFindByName
	          - virDomainObjListRenameAddNew
	          - virDomainObjListRenameRemove

	Thread #2:

	virDomainObjListNumOfDomains:
	    ------> aquires domain list lock
	       ---------> waits for domain lock in virDomainObjListCount

	Introduce generic virDomainObjListRename function for renaming domains.
	It aquires list lock in right order to avoid deadlock. Callback is used
	to make driver specific domain updates.

2016-02-03  Martin Kletzander  <mkletzan@redhat.com>

	systemd: Add virSystemdGetMachineNameByPID

2016-02-03  Martin Kletzander  <mkletzan@redhat.com>

	Revert "systemd: Escape only needed characters for machined"
	This reverts commit 0e0149ce91d84f40b98acf4c4bb0da6e29b9c15c.

	That commit was added to comply with systemd rules that were changed in
	the meantime, so this patch is pointless.

2016-02-03  Ján Tomko  <jtomko@redhat.com>

	Simplify virDomainParseMemory
	Do not store the return value of virDomainParseScaledValue,
	it was overwritten anyway.

	Delete the cleanup label, there is nothing to clean up.

2016-02-03  Peter Krempa  <pkrempa@redhat.com>

	conf: Split out logic to determine whether cpupin was provided

	qemu: domain: Prepare qemuDomainDetectVcpuPids for reuse
	Free the old vcpupids array in case when this function is called again
	during the run of the VM. It will be later reused in the vCPU hotplug
	code. The function now returns the number of detected VCPUs.

	qemu: Move and rename qemuProcessDetectVcpuPIDs to qemuDomainDetectVcpuPids
	Future patches will tweak and reuse the function in different places so
	move it separately first.

	qemu: cpu hotplug: Set vcpu state directly in the new structure
	Avoid using virDomainDefSetVcpus when we can set it directly in the
	structure.

	conf: Add helper to retrieve bitmap of active vcpus for a definition
	In some cases it may be better to have a bitmap representing state of
	individual vcpus rather than iterating the definition. The new helper
	creates a bitmap representing the state from the domain definition.

	cgroup: Clean up virCgroupGetPercpuStats
	Use 'ret' for return variable name, clarify use of 'param_idx' and avoid
	unnecessary 'success' label. No functional changes. Also document the
	function.

2016-02-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't crash when create fails early
	Since commit 714080791778e3dfbd484ccb3953bffd820b8ba9 we are generating
	socket path later than before -- when starting a domain.  That makes one
	particular inconsistent state of a chardev, which was not possible
	before, currently valid.  However, SELinux security driver forgot to
	guard the main restoring function by a check for NULL-paths.  So make it
	no-op for NULL paths, as in the DAC driver.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300532

2016-02-03  Erik Skultety  <eskultet@redhat.com>

	cfg.mk: Adjust sc_prohibit_int_ijk to support 'exempt from syntax-check'
	There might be cases, like with typed params, where triggering this check isn't
	desirable. But including the whole module in the exception regex is not always
	to right way of doing things. By adding an option to manually disable this check
	on a specific occurrence, the module itself will still be checked against the
	rule.

2016-02-03  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemuDomainResume: allow to resume domain with guest panicked
	In case of guest panicked, preserved crashed domain has stopped CPUs.
	It's not possible to use tools like WinDbg for the problem investigation
	until we start CPUs back.

2016-02-03  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	qemu: return -1 on error paths in qemuDomainSaveImageStartVM
	Error paths after sending the event that domain is started written as if ret = -1
	which is set at the beginning of the function. It's common idioma to keep 'ret'
	equal to -1 until the end of function where it is set to 0. But here we use ret
	to keep result of restore operation too and thus breaks the idioma and its users :)

	Let's use different variable to hold restore result.

2016-02-02  John Ferlan  <jferlan@redhat.com>

	logical: Clean up allocation when building regex on the fly
	Rather than a loop reallocating space to build the regex, just allocate
	it once up front, then if there's more than 1 nextent, append a comma and
	another regex_unit string.

	logical: Use 'stripes' value for mirror/raid segtype
	The 'stripes' value is described as the "Number of stripes or mirrors in
	a logical volume". So add "mirror" and anything that starts with "raid"
	to the list of segtypes that can have an 'nextents' value greater than one.
	Use of raid segtypes (raid1, raid4, raid5*, raid6*, and raid10) is favored
	over mirror in more recent lvm code.

	logical: Use VIR_APPEND_ELEMENT instead of VIR_REALLOC_N
	Rather than preallocating a set number of elements, then walking through
	the extents and adjusting the specific element in place, use the APPEND
	macros to handle that chore.

2016-02-02  Michal Privoznik  <mprivozn@redhat.com>

	include: Handle case when builddir == srcdir
	In my previous commit a70f3b1c779120129 I've tried to fix case
	when building from VPATH and a file wasn't being installed.
	However, my fix broke non-VPATH build.

2016-02-01  Eric Blake  <eblake@redhat.com>

	tests: avoid realpath in test-lib.sh
	Ever since commit ace4aecd, running 'make check' on RHEL 6 produces:

	./test-lib.sh: line 21: realpath: command not found

	for every shell script test, because 'realpath' was not part of
	coreutils back then.

	* tests/test-lib.sh (_scriptdir): Compute with only portable shell.

2016-02-01  Michael Chapman  <mike@very.puzzling.org>

	virsh: improve waiting for block job readiness
	After a block job hits 100%, we only need to apply a timeout waiting for
	a block job event if exactly one of the BLOCK_JOB or BLOCK_JOB_2
	callbacks were able to be registered.

	If neither callback could be registered, there's clearly no need for a
	timeout.

	If both callbacks were registered, then we're guaranteed to eventually
	get one of the events. The path being used by virsh must be exactly the
	source path or target device in the domain's disk definition, and these
	are the respective strings sent back in these two events.

2016-02-01  Michael Chapman  <mike@very.puzzling.org>

	virsh: ensure SIGINT action is reset on all errors
	If virTimeMillisNow() fails, the SIGINT action must be reset back to
	its previous state.

	virsh: be consistent with style of loop exit
	When waiting for a block job, the various statuses (COMPLETED, READY,
	CANCELED, etc.) should all be treated consistently by having the loop be
	exited with "break". Use "goto cleanup" for the error cases only, when
	no block job status is available.

	virsh: avoid unnecessary progress updates
	There is no need to call virshPrintJobProgress() unless the block job's
	cur or end cursors have changed since the last iteration.

2016-02-01  Cole Robinson  <crobinso@redhat.com>

	qemu: Mark some functions as static

2016-02-01  Michal Privoznik  <mprivozn@redhat.com>

	fdstream: Realign
	Some lines in this file are misaligned which fires up my OCD.

2016-02-01  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Align dump options for watchdog and on_crash events
	Having on_crash set to either coredump-destroy or coredump-restart
	creates core dumps with option memory-only in the directory specified
	by auto_dump_path. When a watchdog is triggered with the action dump
	the core dump is also placed into the directory specified by auto_dump_path
	but is created without the option memory-only.

	This patch sets the option memory-only also for core dumps created by the
	watchdog event.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2016-01-30  Michal Privoznik  <mprivozn@redhat.com>

	includes: Install libvirt-common.h
	The libvirt-common.h is build time generated file from .in.
	Obviously, it's generated into builddir and not srcdir. Problem
	is, the list of header files to install, virinc_HEADERS contains
	only $(srcdir)/*.h and this misses libvirt-common.h. This problem
	is pretty obvious when doing a VPATH build.

2016-01-29  John Ferlan  <jferlan@redhat.com>

	logical: Create helper virStorageBackendLogicalParseVolExtents
	Create a helper routine in order to parse any extents information
	including the extent size, length, and the device string contained
	within the generated 'lvs' output string.

	A future patch would then be able to avoid the code more cleanly

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	rbd: Open in Read-Only mode when refreshing a volume
	By opening a RBD volume in Read-Only we do not register a
	watcher on the header object inside the Ceph cluster.

	Refreshing a volume only calls rbd_stat() which is a operation
	which does not write to a RBD image.

	This allows us to use a cephx user which has no write
	permissions if we would want to use the libvirt storage pool
	for informational purposes only.

	It also saves us a write into the Ceph cluster which should
	speed up refreshing a RBD pool.

	rbd_open_read_only() is available in all librbd versions which
	also support rbd_open().

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	rbd: Implement buildVolFrom using RBD cloning
	RBD supports cloning by creating a snapshot, protecting it and create
	a child image based on that snapshot afterwards.

	The RBD storage driver will try to find a snapshot with zero deltas between
	the current state of the original volume and the snapshot.

	If such a snapshot is found a clone/child image will be created using
	the rbd_clone2() function from librbd.

	rbd_clone2() is available in librbd since Ceph version Dumpling (0.67) which
	dates back to August 2013.

	It will use the same features, strip size and stripe count as the parent image.

	This implementation will only create a single snapshot on the parent image if
	never changes. This reduces the amount of snapshots created for that RBD image
	which benefits the performance of the Ceph cluster.

	During build the decision will be made to use either rbd_diff_iterate() or
	rbd_diff_iterate2().

	The latter is faster, but only available on Ceph versions after 0.94 (Hammer).

	Cloning is only supported if RBD format 2 is used. All images created by libvirt
	are already format 2.

	If a RBD format 1 image is used as the original volume the backend will report
	a VIR_ERR_OPERATION_UNSUPPORTED error.

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	rbd: Add support for wiping RBD volumes using TRIM.
	Using VIR_STORAGE_VOL_WIPE_ALG_TRIM a RBD volume can be trimmed down
	to 0 bytes using rbd_discard()

	Effectively all the data on the volume will be lost/gone, but the volume
	remains available for use afterwards.

	Starting at offset 0 the storage pool will call rbd_discard() in stripe
	size * count increments which is usually 4MB. Stripe size being 4MB and
	count 1.

	rbd_discard() is available since Ceph version Dumpling (0.67) which dates
	back to August 2013.

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	storage: Add TRIM algorithm to storage volume API
	This new algorithm adds support for wiping volumes using TRIM.

	It does not overwrite all the data in a volume, but it tells the
	backing storage pool/driver that all bytes in a volume can be
	discarded.

	It depends on the backing storage pool how this is handled.

	A SCSI backend might send UNMAP commands to remove all data present
	on a LUN.

	A Ceph backend might use rbd_discard() to instruct the Ceph cluster
	that all data on that RBD volume can be discarded.

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	rbd: Add support for wiping RBD volumes
	When wiping the RBD image will be filled with zeros started
	at offset 0 and until the end of the volume.

	This will result in the RBD volume growing to it's full allocation
	on the Ceph cluster. All data on the volume will be overwritten
	however, making it unavailable.

	It does NOT take any RBD snapshots into account. The original data
	might still be in a snapshot of that RBD volume.

2016-01-29  Wido den Hollander  <wido@widodh.nl>

	storage: Adjust fix virStorageBackendVolWipeLocal switch
	Use the cast of (virStorageVolWipeAlgorithm) adding the missing case:'s
	(VIR_STORAGE_VOL_WIPE_ALG_ZERO and VIR_STORAGE_VOL_WIPE_ALG_LAST).

	Additionally, the old code would also still run the SCRUB command on
	default since it didn't go to cleanup when a invalid flag was supplied.
	We now go to cleanup and exit if a invalid flag would be provided.

2016-01-28  John Ferlan  <jferlan@redhat.com>

	logical: Fix comment examples for virStorageBackendLogicalFindLVs
	When commit id '82c1740a' made changes to the output format (changing from
	using a ',' separator to '#'), the examples in the lvs output from the
	comments weren't changed.

	Additionally, the two new fields added ('segtype' and 'stripes') were
	not included in the output, leaving it well confusing.

	This patch fixes the sample output, adds a 'striped' example, and makes
	other comment related adjustments for long line and spacing between followup
	'NB' remarks (while I'm there).

2016-01-28  Andrea Bolognani  <abologna@redhat.com>

	pci: Use bool return type for some virPCIDeviceGet*() functions
	The affected functions are:

	  virPCIDeviceGetManaged()
	  virPCIDeviceGetUnbindFromStub()
	  virPCIDeviceGetRemoveSlot()
	  virPCIDeviceGetReprobe()

	Change their return type from unsigned int to bool: the corresponding
	members in struct _virPCIDevice are defined as bool, and even the
	corresponding virPCIDeviceSet*() functions take a bool value as input
	so there's no point in these functions having unsigned int as return
	type.

	Suggested-by: John Ferlan <jferlan@redhat.com>

2016-01-28  Michal Privoznik  <mprivozn@redhat.com>

	gendispatch: Don't output spaces on empty line
	In our generator for some code we put empty lines in the output
	to separate blocks of code. However, in some cases we put couple
	of spaces on the empty line too. It's not bug, it just isn't
	nice.

2016-01-28  Andrea Bolognani  <abologna@redhat.com>

	pci: Add debug messages when unbinding from stub driver
	Unbinding a PCI device from the stub driver can require several steps,
	and it can be useful for debugging to be able to trace which of these
	steps are performed and which are skipped for each device.

	pci: Phase out virPCIDeviceReattachInit()
	The name is confusing, and there are just two uses: one is a test case,
	and the other will be removed as part of an upcoming refactoring of
	the hostdev code.

2016-01-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: don't iterate vcpus using priv->nvcpupids in qemuProcessSetSchedParams
	This should be the last offender.

2016-01-27  Peter Krempa  <pkrempa@redhat.com>

	conf: disallow empty cpuset for emulatorpin
	It's disallowed in the API.

2016-01-27  Peter Krempa  <pkrempa@redhat.com>

	conf: disallow empty cpusets for vcpu pinning when parsing XML
	They are disallowed in the pinning API and as default cpuset.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1293241

2016-01-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't use priv->ncpus to iterate cgroup setting
	Iterate over all cpus skipping inactive ones.

2016-01-27  Andrea Bolognani  <abologna@redhat.com>

	virnetdevopenvswitch: Don't call strlen() twice on the same string
	Commit 871e10f fixed a memory corruption error, but called strlen()
	twice on the same string to do so. Even though the compiler is
	probably smart enough to optimize the second call away, having a
	single invocation makes the code slightly cleaner.

	Suggested-by: Michal Privoznik <mprivozn@redhat.com>

2016-01-27  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevmacvlan: Provide stubs for build without macvtap
	In 370608b4c76f we have introduced two new internal APIs.
	However, there are no stubs for build without macvtap. Therefore
	build on systems lacking macvtap support (e.g. mingw or freebds)
	fails when trying to link.

2016-01-27  Jason J. Herne  <jjherne@linux.vnet.ibm.com>

	Fix libvirtd free() segfault when migrating guest with deleted open vswitch port
	libvirtd crashes on free()ing portData for an open vswitch port if that port
	was deleted.  To reproduce:

	ovs-vsctl del-port vnet0
	virsh migrate --live kvm1 qemu+ssh://dstHost/system

	Error message:
	libvirtd: *** Error in `/usr/sbin/libvirtd': free(): invalid pointer: 0x000003ff90001e20 ***

	The problem is that virCommandRun can return an empty string in the event that
	the port being queried does not exist. When this happens then we are
	unconditionally overwriting a newline character at position strlen()-1. When
	strlen is 0, we overwrite memory that does not belong to the string.

	The fix: Only overwrite the newline if the string is not empty.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>

2016-01-26  Laine Stump  <laine@laine.org>

	util: keep/use a bitmap of in-use macvtap devices
	This patch creates two bitmaps, one for macvlan device names and one
	for macvtap. The bitmap position is used to indicate that libvirt is
	currently using a device with the name macvtap%d/macvlan%d, where %d
	is the position in the bitmap. When requested to create a new
	macvtap/macvlan device, libvirt will now look for the first clear bit
	in the appropriate bitmap and derive the device name from that rather
	than just starting at 0 and counting up until one works.

	When libvirtd is restarted, the qemu driver code that reattaches to
	active domains calls the appropriate function to "re-reserve" the
	device names as it is scanning the status of running domains.

	Note that it may seem strange that the retry counter now starts at
	8191 instead of 5. This is because we now don't do a "pre-check" for
	the existence of a device once we've reserved it in the bitmap - we
	move straight to creating it; although very unlikely, it's possible
	that someone has a running system where they have a large number of
	network devices *created outside libvirt* named "macvtap%d" or
	"macvlan%d" - such a setup would still allow creating more devices
	with the old code, while a low retry max in the new code would cause a
	failure. Since the objective of the retry max is just to prevent an
	infinite loop, and it's highly unlikely to do more than 1 iteration
	anyway, having a high max is a reasonable concession in order to
	prevent lots of new failures.

2016-01-26  Leno Hou  <houqy@linux.vnet.ibm.com>

	util: increase libnl buffer size
	In the following cases nl_recv() was returning the error "No buffer
	space available":

	* When switching CPUs to offline/online in a system more than 128 cpus
	* When using virsh to destroy domain in a system with many interfaces

	This patch sets the buffer size for all netlink sockets created by
	libnl to 128K and turns on message peeking for nl_recv(). This
	eliminates the "No buffer space available" errors seen in the cases
	above, and also preempts other future errors the smaller buffers could
	have caused.

2016-01-26  Pavel Hrdina  <phrdina@redhat.com>

	device: cleanup input device code
	The current code was a little bit odd.  At first we've removed all
	possible implicit input devices from domain definition to add them later
	back if there was any graphics device defined while parsing XML
	description.  That's not all, while formating domain definition to XML
	description we at first ignore any input devices with bus different to
	USB and VIRTIO and few lines later we add implicit input devices to XML.

	This seems to me as a lot of code for nothing.  This patch may look
	to be more complicated than original approach, but this is a preferred
	way to modify/add driver specific stuff only in those drivers and not
	deal with them in common parsing/formating functions.

	The update is to add those implicit input devices into config XML to
	follow the real HW configuration visible by guest OS.

	There was also inconsistence between our behavior and QEMU's in the way,
	that in QEMU there is no way how to disable those implicit input devices
	for x86 architecture and they are available always, even without graphics
	device.  This applies also to XEN hypervisor.  VZ driver already does its
	part by putting correct implicit devices into live XML.

2016-01-26  Pavel Hrdina  <phrdina@redhat.com>

	tests: add some missing tests to qemuxml2xmltest
	Those tests are in qemuargv2xmltest and it makes sense to include them
	also in qemuxml2xmltest and qemuxml2argvtest.

	tests: use virtTestDifferenceFull in tests where we have output file
	This will enable regenerate functionality for those tests to make
	developer lives easier while updating tests.

2016-01-26  Michal Privoznik  <mprivozn@redhat.com>

	vircgroup: Finish renaming of virCgroupIsolateMount
	In dc576025c360 we renamed virCgroupIsolateMount function to
	virCgroupBindMount. However, we forgot about one occurrence in
	section of the code which provides stubs for platforms without
	support for CGroups like *BSD for instance.

2016-01-26  Daniel P. Berrange  <berrange@redhat.com>

	lxc: don't try to hide parent cgroups inside container
	On the host when we start a container, it will be
	placed in a cgroup path of

	   /machine.slice/machine-lxc\x2ddemo.scope

	under /sys/fs/cgroup/*

	Inside the containers' namespace we need to setup
	/sys/fs/cgroup mounts, and currently will bind
	mount /machine.slice/machine-lxc\x2ddemo.scope on
	the host to appear as / in the container.

	While this may sound nice, it confuses applications
	dealing with cgroups, because /proc/$PID/cgroup
	now does not match the directory in /sys/fs/cgroup

	This particularly causes problems for systems and
	will make it create repeated path components in
	the cgroup for apps run in the container eg

	  /machine.slice/machine-lxc\x2ddemo.scope/machine.slice/machine-lxc\x2ddemo.scope/user.slice/user-0.slice/session-61.scope

	This also causes any systemd service that uses
	sd-notify to fail to start, because when systemd
	receives the notification it won't be able to
	identify the corresponding unit it came from.
	In particular this break rabbitmq-server startup

	Future kernels will provide proper cgroup namespacing
	which will handle this problem, but until that time
	we should not try to play games with hiding parent
	cgroups.

2016-01-26  Daniel P. Berrange  <berrange@redhat.com>

	qemu: add reporting of vCPU wait time
	The VIR_DOMAIN_STATS_VCPU flag to virDomainListGetStats
	enables reporting of stats about vCPUs. Currently we
	only report the cumulative CPU running time and the
	execution state.

	This adds reporting of the wait time - time the vCPU
	wants to run, but the host scheduler has something else
	running ahead of it.

	The data is reported per-vCPU eg

	$ virsh domstats --vcpu demo
	 Domain: 'demo'
	   vcpu.current=4
	   vcpu.maximum=4
	   vcpu.0.state=1
	   vcpu.0.time=1420000000
	   vcpu.0.wait=18403928
	   vcpu.1.state=1
	   vcpu.1.time=130000000
	   vcpu.1.wait=10612111
	   vcpu.2.state=1
	   vcpu.2.time=110000000
	   vcpu.2.wait=12759501
	   vcpu.3.state=1
	   vcpu.3.time=90000000
	   vcpu.3.wait=21825087

	In implementing this I notice our reporting of CPU execute
	time has very poor granularity, since we are getting it
	from /proc/$PID/stat. As a future enhancement we should
	prefer to get CPU execute time from /proc/$PID/schedstat
	or /proc/$PID/sched (if either exist on the running kernel)

2016-01-26  Luyao Huang  <lhuang@redhat.com>

	virsh: fix cpu-stats command output format issue
	After commit 57177f1, the cpu-stats command format change to:

	CPU0:
	    cpu_time         14401.507878990 seconds
	    vcpu_time    14378732785511

	vcpu_time is not user friendly. After this patch, it will
	change back:
	CPU0:
	    cpu_time         14401.507878990 seconds
	    vcpu_time        14378.732785511 seconds

	https://bugzilla.redhat.com/show_bug.cgi?id=1301807

2016-01-25  Peter Krempa  <pkrempa@redhat.com>

	util: buffer: Sanitize comment for virBufferAddBuffer
	Idioms are usually weird and obscure when translated literally.

	test: Touch up error message when attempting to pin invalid vCPU
	Report
	error: invalid argument: requested vcpu '100' is not present in the domain
	instead of
	error: invalid argument: requested vcpu is higher than allocated vcpus

	tests: qemuxml2xml: Order pinning information numerically
	A future patch will refactor the storage of the pinning information in a
	way where the ordering will be lost. Order them numerically to avoid
	changing the tests later.

	virsh: cpu-stats: Remove unneeded flags
	virDomainGetCPUStats doesn't support flags so there's no need to carry
	the 'flags' variable around. Additionally since the API is poorly
	designed I doubt that it will be extended.

	virsh: cpu-stats: Extract common printing code into a function
	Simplify the code by extracting a common code path.

	(qemu|lxc)DomainGetCPUStats: Clean up
	Remove unnecessary condition and variable.

	vz: Fix invalid iteration of def->cputune.vcpupin
	The array doesn't necessarily have the same cardinality as the count of
	vCPUs for a domain. Iterating it can cause access beyond the end of the
	array.

2016-01-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Disallow VMs with 0 vcpus
	Counterintuitively the user would end up with a VM with maximum number
	of vCPUs available.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1290324

2016-01-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: refactor and rename qemuValidateCpuMax to qemuValidateCpuCount
	Next patch will add minimum checking, so use a more generic name.
	Refactor return values to the commonly used semantics.

2016-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virt-host-validate: Fix error level for user namespace check
	From the code it seems to me that we need user namespace if
	configured in domain XML. Otherwise we don't use it at all.
	However our tool is more strict about that. Fix this discrepancy.

	virt-host-validate: Check those CGroups that we actually use
	Since the introduction of virt-host-validate tool the set of
	cgroup controllers we use has changed so the tool is checking for
	some cgroups that we don't need (e.g. net_cls, although I doubt
	we have ever used that one) and is not checking for those we
	actually use (e.g. cpuset).

2016-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Correctly detect inserted media in change-media command
	https://bugzilla.redhat.com/show_bug.cgi?id=1250331

	It all works like this. The change-media command dumps domain
	XML, finds the corresponding cdrom device we want to change media
	in and returns it in the xmlNodePtr form. This way we don't have
	to bother with keeping all the subelements or attributes that we
	don't care about in the XML that is fed back to libvirt for the
	update API.

	Now, the problem is we try to be clever here and detect if disk
	already has a source (indicated by <source/> subelement).
	However, bare fact that the element is there does not mean disk
	has source. Make our clever check better.

2016-01-25  Michal Privoznik  <mprivozn@redhat.com>

	vmx: Adapt to emptyBackingString for cdrom-image
	https://bugzilla.redhat.com/show_bug.cgi?id=1266088

	We are missing this value for cdrom-image device. It seems like
	there's no added value to extend this to other types of disk
	devices [1].

	1: https://www.redhat.com/archives/libvir-list/2016-January/msg01038.html

2016-01-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Correctly report qemu error on 'savevm'
	Since 'savevm' was not converted to QMP libvirt has to parse for error
	strings in the text monitor output. One of the unhandled errors is
	produced when qemu treats a device as unmigratable.

	As current qemu actually does support AHCI migration this bug is
	applicable only to older versions of qemu.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1293899

2016-01-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Refactor error handling for 'savevm'
	Unify few error conditions into a single error reporting case.

2016-01-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: bhyveload: respect boot dev and boot order
	Make bhyveload respect boot order as specified by os.boot section of the
	domain XML or by "boot order" for specific devices. As bhyve does not
	support a real boot order specification right now, it's just about
	choosing a single device to boot from.

	conf: expose virDomainBootType(From|To)String
	These functions are going to be used by the Bhyve driver.

2016-01-22  Laine Stump  <laine@laine.org>

	util: reset MAC address of macvtap passthrough physdev after disassociate
	libvirt always resets the MAC address of the physdev used for macvtap
	passthrough when the guest is finished with it. This was happening
	prior to the 802.1Qb[gh] DISASSOCIATE command, and was quite often
	failing, presumably because the driver wouldn't allow the MAC address
	to be reset while the association was still active, with a log message
	like this:

	virNetDevSetMAC:168 : Cannot set interface MAC to 00:00:00:00:00:00 on 'eth13': Cannot assign requested address

	This patch changes the order - we now do the 802.1Qb[gh] disassociate
	and delete the macvtap interface first, then and reset the MAC
	address.

2016-01-22  Cole Robinson  <crobinso@redhat.com>

	lxc: fuse: Stub out Slab bits in /proc/meminfo
	'free' on fedora23 wants to use the Slab field for calculated used
	memory. The equation is:

	used = MemTotal - MemFree - (Cached + Slab) - Buffers

	We already set Cached and Buffers to 0, do the same for Slab and its
	related values

	https://bugzilla.redhat.com/show_bug.cgi?id=1300781

2016-01-22  Cole Robinson  <crobinso@redhat.com>

	lxc: fuse: Fill in MemAvailable for /proc/meminfo
	'free' on Fedora 23 will use MemAvailable to calculate its 'available'
	field, but we are passing through the host's value. Set it to match
	MemFree, which is what 'free' will do for older linux that don't have
	MemAvailable

	https://bugzilla.redhat.com/show_bug.cgi?id=1300781

2016-01-22  Cole Robinson  <crobinso@redhat.com>

	lxc: fuse: Fix /proc/meminfo size calculation
	We virtualize bits of /proc/meminfo by replacing host values with
	values specific to the container.

	However for calculating the final size of the returned data, we are
	using the size of the original file and not the altered copy, which
	could give garbelled output.

2016-01-22  Cole Robinson  <crobinso@redhat.com>

	lxc: fuse: Unindent meminfo logic
	Reverse the conditional at the start so we aren't stuffing all the logic
	in an 'if' block

2016-01-21  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Support cmdline= in xl config files
	... and consolidate the cmdline/extra/root parsing to facilitate doing
	so.

	The logic is the same as xl's parse_cmdline from the current xen.git master
	branch (e6f0e099d2c17de47fd86e817b1998db903cab61).

	On the formatting side switch to producing cmdline= instead of extra=.

	Update a few tests and add serveral more.
	  - test-cmdline is added to test the exclusive use of cmdline.
	  - test-fullvirt-direct-kernel-boot.cfg is updated due to the switch
	    on the formatting side and now tests the exclusive use of cmdline=.
	  - Tests are added for both paravirt and fullvirt where the .cfg uses
	    extra= and (paravirt only) root=. These are format (xl->xml) only
	    since the inverse will generate cmdline= hence is not a round trip
	    (which was already true if using root=, which used to generate
	    extra= on the way back).
	  - Tests are added for both paravirt and fullvirt where the .cfg
	    declares cmdline= as well as bogus extra= and (paravirt only) root=
	    entries which should be ignored. Again these are format only tests
	    since the inverse won't include the bogus lines.

	The last two bullets here required splitting the DO_TEST macro into
	two halves, as is done in the xmconfigtest.c case.

	In order to introduce a use of VIR_WARN for logging I had to add
	virerror.h and VIR_LOG_INIT.

2016-01-21  Joao Martins  <joao.m.martins@oracle.com>

	libxl: dispose libxl_dominfo after libxl_domain_info()
	As suggested in a previous thread [0] this patch adds some missing calls
	to libxl_dominfo_{init,dispose} when doing some of the libxl_domain_info
	operations which would otherwise lead to memory leaks.

	[0]
	https://www.redhat.com/archives/libvir-list/2015-September/msg00519.html

2016-01-21  Jim Fehlig  <jfehlig@suse.com>

	Xen: add XENXL to virErrorDomain enum
	Add "Xen XL Config" to the virErrorDomain enum and use it in
	src/xenconfig/xen_xl.c.

	Xen: VIR_FROM_THIS cleanup
	The virErrorDomain enum has VIR_FROM_XEN, VIR_FROM_XEND,
	VIR_FROM_XENSTORE, VIR_FROM_SEXPR, and VIR_FROM_XENXM. Use
	these elements in the corresponding .c files. While at it,
	remove the VIR_FROM_THIS define in src/xenconfig/xenxs_private.h.

2016-01-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for migration iteration event
	The corresponding event in QEMU is called MIGRATION_PASS.

	Introduce migration iteration event
	The VIR_DOMAIN_EVENT_ID_MIGRATION_ITERATION event will be triggered
	whenever VIR_DOMAIN_JOB_MEMORY_ITERATION changes its value, i.e.,
	whenever a new iteration over guest memory pages is started during
	migration.

2016-01-21  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemuDomainReboot: use fakeReboot=true only for acpi mode
	When acpi is used to reboot/shutdown qemu domain, qemu emits
	SHUTDOWN event. Libvirt uses fakeReboot variable in order to
	differentiate reboot or shutdown. fakeReboot value is reseted
	to false after domain restart/reset.

	When mode=agent is used to reboot qemu domain, qemu doesn't emit
	SHUTDOWN event and libvirt doesn't reset fakeReboot value to false.
	In this case next 'shutdown -h now' performs reboot. That's why
	we don't need to set fakeReboot=true for mode=agent.

2016-01-21  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Don't fetch status for all domains in cmdList
	We are getting the list of domains and after that we iterate over
	the list and try to get status for each domain hoping it will
	skip over domains that disappeared meanwhile. However, this
	solution to race is bogus - domain may disappear right after we
	have checked its state and before we exec another API over it
	(e.g. virDomainHasManagedSaveImage()). Also, when printing just
	names or uuids (list --name / --uuid) we issue APIs to obtain the
	values, however these require no RPC call as all requested info
	is in virDomain object that client already has.
	Therefore move the status obtaining only to the place that really
	needs it.

2016-01-20  Cole Robinson  <crobinso@redhat.com>

	docs: fix syntax-check long line error

2016-01-20  Cole Robinson  <crobinso@redhat.com>

	build: predictably generate systemtap tapsets (bz 1173641)
	The generated output is dependent on perl hashtable ordering, which
	gives different results for i686 and x86_64. Fix this by sorting
	the hash keys before iterating over them

	https://bugzilla.redhat.com/show_bug.cgi?id=1173641

2016-01-20  Daniel P. Berrange  <berrange@redhat.com>

	docs: fix generation of docs from VPATH build
	When generating docs in a VPATH build we get a failure to
	create a file due to the 'internals' subdir not existing:

	  Generating internals/locking.html.tmp
	  /bin/sh: line 3: internals/locking.html.tmp: No such file or directory
	  rm: cannot remove ‘internals/locking.html.tmp’: No such file or directory
	  Makefile:2229: recipe for target 'internals/locking.html.tmp' failed
	  make: *** [internals/locking.html.tmp] Error 1

	For some reason, make has decided to run the target

	  %.html.tmp: %.html.in site.xsl page.xsl sitemap.html.in $(acl_generated)

	instead of the target

	  internals/%.html.tmp: internals/%.html.in subsite.xsl page.xsl sitemap.html.in

	Removing '$(acl_generated)' from the first target, inexplicably
	causes make to now run the correct target for the internals/
	files.

	Rather than figure this out, lets just combine the two targets
	into one.

2016-01-20  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: reduce indentation level in virLeaseReadCustomLeaseFile
	Instead of nested ifs, jump out early.

	Mostly whitespace changes.

2016-01-20  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: remove useless comparison
	We do not care if the mac was specified in the delete section,
	we are going to delete the record anyway.

	leaseshelper: move comment about adding IPv6 leases
	The comment is relevant to the ADD action, not DEL.

	leaseshelper: split out virLeasePrintLeases
	Introduce a function for printing the leases on the 'init' operation.

2016-01-20  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: split out custom leases file read
	Introduce virLeaseReadCustomLeaseFile which will populate
	the new leases array with all the leases, except for expired
	ones and the ones matching 'ip_to_delete'.

	This removes five variables from main().

2016-01-20  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: store server_duid as an allocated string
	We either use the value from the environment variable, or learn it from
	the existing lease file.

	In the second case, the pointer would be pointing into the JSON object
	of the first lease with a DUID, owned by leases_array, then
	leases_array_new.

	Always allocate the string instead, making obvious who should free the
	string.

2016-01-20  Ján Tomko  <jtomko@redhat.com>

	leaseshelper: fix crash when no mac is specified
	If dnsmasq specified DNSMASQ_IAID (so we're dealing with an IPv6
	lease) but no DNSMASQ_MAC, we skip creation of the new lease object.

	Also skip adding it to the leases array.

	https://bugzilla.redhat.com/show_bug.cgi?id=1202350

2016-01-19  John Ferlan  <jferlan@redhat.com>

	storage: Add new flag for libvirt_parthelper
	https://bugzilla.redhat.com/show_bug.cgi?id=1265694

	In order to be able to process disk storage pool's using a multipath
	device to handle the partitions, libvirt_parthelper will need a way to
	not automatically add a partition separator "p" to the generated device
	name for each partition found. This is designed to mimic the multipath
	features known as 'user_friendly_names' and custom 'alias' name.

	If the part_separator attribute is set to "no", then generation of the
	multipath partition name will not include the "p" partition separator
	unless the source device path name ends with a number. The generated
	partition names that get passed back to libvirt are processed in order
	to find the device mapper multipath (dm-#) path device.

	For example, device path "/dev/mapper/mpatha" would create partitions
	"/dev/mapper/mpatha1", "/dev/mapper/mpatha2", etc. instead of
	"/dev/mapper/mpathap1", "/dev/mapper/mpathap2", etc. If the device
	path ends with a number "/dev/mapper/mpatha1", then the algorithm
	to generate names "/dev/mapper/mpatha1p1", "/dev/mapper/mpatha1p2", etc.
	would be utilized.

2016-01-19  John Ferlan  <jferlan@redhat.com>

	conf: Add storage pool device attribute part_separator
	Add a new storage pool source device attribute 'part_separator=[yes|no]'
	in order to allow a 'disk' storage pool using a device mapper multipath
	device to not add the "p" partition separator to the generated device
	name when libvirt_parthelper is run.

	This will allow libvirt to find device mapper multipath devices which were
	configured in /etc/multipath.conf to use 'user_friendly_names' or custom
	'alias' names for the LUN.

2016-01-18  Michal Privoznik  <mprivozn@redhat.com>

	virLogManagerDomainReadLogFile: Don't do dummy allocs
	Since we pass dummy variables @fdout and @fdoutlen into
	virNetClientProgramCall() we make it alloc @fdout array (even
	though it's an array of 0 elements since vitlogd can hardly pass
	us some FDs at this stage). Nevertheless, it's an allocation not
	followed by free():

	==29385== 0 bytes in 60 blocks are definitely lost in loss record 2 of 1,009
	==29385==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29385==    by 0x54B99EF: virAllocN (viralloc.c:191)
	==29385==    by 0x56821B1: virNetClientProgramCall (virnetclientprogram.c:359)
	==29385==    by 0x563B304: virLogManagerDomainReadLogFile (log_manager.c:272)
	==29385==    by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485)
	==29385==    by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660)
	==29385==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
	==29385==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
	==29385==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)
	==29385==    by 0x217F71A4: qemuProcessStart (qemu_process.c:5152)
	==29385==    by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396)
	==29385==    by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450)

2016-01-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessReadLog: Fix memmove arguments
	So I can observe this crasher that with freshly started daemon
	(and virtlogd enabled) I am trying to startup a domain that
	immediately dies (because it's said to use huge pages but I
	haven't allocated a single one in the pool). Hardly reproducible
	with -O0 or under valgrind. But I just got lucky:

	==20469== Invalid write of size 8
	==20469==    at 0x4C2E99B: memcpy@GLIBC_2.2.5 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20469==    by 0x217EDD07: qemuProcessReadLog (qemu_process.c:1670)
	==20469==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
	==20469==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
	==20469==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)
	==20469==    by 0x217F71A4: qemuProcessStart (qemu_process.c:5152)
	==20469==    by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396)
	==20469==    by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450)
	==20469==    by 0x21846845: qemuDomainCreate (qemu_driver.c:7468)
	==20469==    by 0x5611CD0: virDomainCreate (libvirt-domain.c:6753)
	==20469==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
	==20469==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
	==20469==  Address 0x27a52ad0 is 0 bytes after a block of size 5,584 alloc'd
	==20469==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20469==    by 0x9B8D1DB: xdr_string (in /lib64/libc-2.21.so)
	==20469==    by 0x563B39C: xdr_virLogManagerProtocolNonNullString (log_protocol.c:24)
	==20469==    by 0x563B6B7: xdr_virLogManagerProtocolDomainReadLogFileRet (log_protocol.c:123)
	==20469==    by 0x164B34: virNetMessageDecodePayload (virnetmessage.c:407)
	==20469==    by 0x5682360: virNetClientProgramCall (virnetclientprogram.c:379)
	==20469==    by 0x563B30E: virLogManagerDomainReadLogFile (log_manager.c:272)
	==20469==    by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485)
	==20469==    by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660)
	==20469==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
	==20469==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
	==20469==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)

	This points to memmove() in qemuProcessReadLog(). Imagine we just
	read the following string from qemu:

	"abc\n2016-01-18T09:40:44.022744Z qemu-system-x86_64: Error\n"

	After the first pass of the while() loop in the
	qemuProcessReadLog() (in which we have taken the false branch in
	the if) @buf still points to the beginning of the string,
	@filter_next points to the beginning of the second line.  So we
	start second iteration because there is yet another newline
	character at the end. In this iteration @eol points to it
	actually. Now, the control gets inside true branch of if(). Just
	to remind you:

	got = 58
	filter_next = buf + 5,
	eol = buf + 58.

	Therefore skip = 54 which is correct. The message we want to skip
	is 54 bytes long. However:

	memmove(filter_next, eol + 1, (got - skip) +1);

	which is

	memmove(filter_next, eol + 1, 5)

	is obviously wrong as there is only one byte we can access, not 5!

2016-01-18  Martin Kletzander  <mkletzan@redhat.com>

	Fix make check with gcc version 5
	When building with gcc-5 (particularly gcc-5.3.0 now) and having pdwtags
	installed (package dwarves) make check fails with the following error:

	  $ make lock_protocol-struct
	  GEN      lock_protocol-struct
	  --- lock_protocol-structs	2016-01-13 15:04:59.318809607 +0100
	  +++ lock_protocol-struct-t3	2016-01-13 15:05:17.703501234 +0100
	  @@ -26,10 +26,6 @@
	           virLockSpaceProtocolNonNullString name;
	           u_int                      flags;
	   };
	  -enum virLockSpaceProtocolAcquireResourceFlags {
	  -        VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_SHARED = 1,
	  -        VIR_LOCK_SPACE_PROTOCOL_ACQUIRE_RESOURCE_AUTOCREATE = 2,
	  -};
	   struct virLockSpaceProtocolAcquireResourceArgs {
	           virLockSpaceProtocolNonNullString path;
	           virLockSpaceProtocolNonNullString name;
	  Makefile:10415: recipe for target 'lock_protocol-struct' failed
	  make: *** [lock_protocol-struct] Error 1

	That happens because without any specific options gcc doesn't keep enum
	information in the resulting binary object.  I managed to isolate the
	parameters of gcc that caused this issue to disappear, however I
	remember that they influenced the resulting binaries quite a bit and
	were definitely not something we would want to add as mandatory to the
	build process.

	So to deal with this cleanly, let's take that enum and separate it out
	to its own header file.  Since it is only used in the lockd driver and
	the protocol, lock_driver_lockd.h feels like a suitable name.

2016-01-18  Wido den Hollander  <wido@widodh.nl>

	rbd: Set r variable so it can be returned should an error occur
	This was reported in bug #1298024 where r would be filled with the
	return code of rbd_open().

	Should rbd_snap_unprotect() fail for any reason the virReportSystemError
	call would return 'Success' since rbd_open() succeeded.

	https://bugzilla.redhat.com/show_bug.cgi?id=1298024

2016-01-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuTestDriverInit: fill driver with zeroes
	In the commit aea47e48c473a we have fixed a single pointer within
	driver structure. Since all callers pass statically allocated
	driver on stack other pointers within driver may contain random
	values too. Before touching it lets overwrite it with zeroes and
	thus fix all dangling pointers.

	Post-release version bump to 1.3.2

2016-01-18  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Don't prefix version numbers with 'v'
	It was only used in two instances, so get rid of it for
	consistency's sake.

	NEWS: Fix whitespace issues

	NEWS: Move 2015 entries to a separate file
	Now that the first release made in 2016 is out, we can move all
	entries for 2015 to their own file, just like we did for all previous
	years.

2016-01-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.1
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: regenerated

2016-01-15  Jiri Denemark  <jdenemar@redhat.com>

	security: Do not restore labels on device tree binary
	A device tree binary file specified by /domain/os/dtb element is a
	read-only resource similar to kernel and initrd files. We shouldn't
	restore its label when destroying a domain to avoid breaking other
	domains configure with the same device tree.

2016-01-15  Jiri Denemark  <jdenemar@redhat.com>

	security: Do not restore kernel and initrd labels
	Kernel/initrd files are essentially read-only shareable images and thus
	should be handled in the same way. We already use the appropriate label
	for kernel/initrd files when starting a domain, but when a domain gets
	destroyed we would remove the labels which would make other running
	domains using the same files very unhappy.

	https://bugzilla.redhat.com/show_bug.cgi?id=921135

2016-01-15  Yaniv Kaul  <ykaul@redhat.com>

	qemu: Print better warning in qemuAgentNotifyEvent
	We have this function qemuAgentNotifyEvent() which is supposed to
	be called from thread pool responsible for processing qemu
	monitor events. The function then should wake up other thread
	that is waiting for a guest to shutdown or reboot. However, if we
	have received a different error a warning is printed out. This
	warning lacks info on which event is expected.

2016-01-14  John Ferlan  <jferlan@redhat.com>

	cgroup: Fix possible bug as a result of code motion for vcpu cgroup setup
	Commit id '90b721e43' moved where the virCgroupAddTask was made until
	after the check for the vcpupin checks. However, in doing so it missed
	an option where if the cpumap didn't exist, then the code would continue
	back to the top of the current vcpu loop. The results was that the
	virCgroupAddTask wouldn't be called.

2016-01-14  John Ferlan  <jferlan@redhat.com>

	Revert "lxc_cgroup: Add check for NULL cgroup before AddTask call"
	This reverts commit ae09988eb787df63d3bb298f713a3bbd77275901.

	Since commit id '71ce4759' has been reverted, this one is no
	longer necessary.

2016-01-14  John Ferlan  <jferlan@redhat.com>

	Revert "util: cgroups do not implicitly add task to new machine cgroup"
	This reverts commit 71ce475967b3523882b0e1a0f649fdbea5abf9d5.

	Since commit id 'a41c00b47' has been reverted, this no longer is
	necessary

2016-01-14  John Ferlan  <jferlan@redhat.com>

	Revert "qemu: do not put a task into machine cgroup"
	This reverts commit a41c00b472efaa192d2deae51ab732e65903238f.

	After much testing and upstream discussion this has been deemed to be
	the incorrect operation since it means we no longer have any guarantee
	about which resource controllers the QEMU processes in general are in.

2016-01-14  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virt-aa-helper: don't deny writes to readonly mounts
	There is no need to deny writes on a readonly mount: write still
	won't be accepted, even if the user remounts the folder as RW in
	the guest as qemu sets the 9p mount as ro.

	This deny rule was leading to problems for example with readonly /:
	The qemu process had to write to a bunch of files in / like logs,
	sockets, etc. This deny rule was also preventing auditing of these
	denials, making it harder to debug.

2016-01-14  John Ferlan  <jferlan@redhat.com>

	conf: Initialize 'deflate' for balloon parse XML
	Commit id '7bf3198df' neglected to initialize deflate leading to a
	possibility if model allocation/checks fail, then the VIR_FREE(deflate)
	would be erroneous. Noted by Jan Tomko.

2016-01-14  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Drop DESTDIR from install path
	In 50078cfbcbf3c8 I've tried to fix distcheck but accidentally
	broke rpm build. The problem is that rpm build not only sets
	DESTDIR but also passes plugindir path. This results in double
	DESTDIR being in the plugin path, Drop one.

2016-01-13  Guido Günther  <agx@sigxcpu.org>

	virsh: Update description of lxc-enter-namespace
	Mention that we run a command in that namespace

2016-01-13  Cole Robinson  <crobinso@redhat.com>

	build: fix distdir with wireshark disabled
	Even though the Makefile has WITH_WIRESHARK guards, the _SOURCES
	variables are still processed when adding bits to the dist archive.

	plugin.c is a generated file that is only built when wireshark is
	enabled and it shouldn't be distributed, so use 'nodist'

2016-01-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessCleanupChardevDevice: Don't unlink NULL paths
	So, you try to start a domain, but before we even get to the part
	where chardev part of qemu command line is generated (and
	possibly missing path to unix sockets is made up) an error occurs
	which results in calling qemuProcessStop. This will then try to
	clean up the mess and possibly ends up calling unlink(NULL).

	==8085== Thread 3:
	==8085== Syscall param unlink(pathname) points to unaddressable byte(s)
	==8085==    at 0xA85EA57: unlink (in /lib64/libc-2.21.so)
	==8085==    by 0x213D3C24: qemuProcessCleanupChardevDevice (qemu_process.c:2866)
	==8085==    by 0x558D6B1: virDomainChrDefForeach (domain_conf.c:22924)
	==8085==    by 0x213DA9AE: qemuProcessStop (qemu_process.c:5326)
	==8085==    by 0x213DA2F2: qemuProcessStart (qemu_process.c:5190)
	==8085==    by 0x2142957F: qemuDomainObjStart (qemu_driver.c:7396)
	==8085==    by 0x214297DB: qemuDomainCreateWithFlags (qemu_driver.c:7450)
	==8085==    by 0x21429842: qemuDomainCreate (qemu_driver.c:7468)
	==8085==    by 0x5611B95: virDomainCreate (libvirt-domain.c:6753)
	==8085==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
	==8085==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
	==8085==    by 0x568BF41: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==8085==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
	==8085==

2016-01-12  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: check return value of regcomp
	Commit ec63000a missed checking the return value of regcomp(),
	which coverity promptly identified.

2016-01-12  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Install into DESTDIR
	Like everything we install, it should be prefixed with DESTDIR.

2016-01-12  Jim Fehlig  <jfehlig@suse.com>

	Xen: use correct domctl version in domaininfolist union
	Commmit fd2e3c4c used the domctl version 8 structure for version 9
	in the xen_getdomaininfolist union, resulting in insufficient buffer
	size (and subsequent memory corruption) for the GETDOMAININFOLIST
	ioctl.

2016-01-12  Cole Robinson  <crobinso@redhat.com>

	testutils: Fix coverity warning with REGENERATE_OUTPUT
	- Don't double check for expectName
	- actual is always non-NULL by this point, so don't check it either

	build: Kill tools/wireshark Makefiles
	Just handle it all in tools/Makefile.am. I verified the generated output
	looks similar to the pre patch output, but I didn't test it.

2016-01-12  Michal Privoznik  <mprivozn@redhat.com>

	Expand $(wildcard) correctly
	So after da176bf6b756 and friend we have switched to $(wildcard
	some/path/*.xml) instead of enumerating the files explicitly.
	This is nice, however it makes distcheck build from VPATH fail.
	The reason is that it's is not obvious to what does the wildcard
	refer to: srcdir or builddir?

2016-01-12  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemu: add support of optional 'autodeflate' attribute
	Autodeflate can be enabled/disabled for memballon device
	of model 'virtio'.

	xml:
	<devices>
	  <memballoon model='virtio' autodeflate='on'/>
	</devices>

	qemu:
	qemu -device virtio-balloon-pci,...,deflate-on-oom=on

	Autodeflate cannot be enabled/disabled for running domain.

2016-01-12  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemu: add capability check for memballoon 'deflate-on-oom' feature
	Add appropriate capability check and new virQEMUCaps flag for the new
	virtio balloon feature. QEMU commit with the complete feature description:
	http://git.qemu.org/?p=qemu.git;a=commit;h=e3816255bf4b6377bb405331e2ee0dc14d841b80

2016-01-12  Dmitry Andreev  <dandreev@virtuozzo.com>

	conf: introduce 'autodeflate' attribute for memballoon device
	Excessive memory balloon inflation can cause invocation of OOM-killer,
	when Linux is under severe memory pressure. QEMU memballoon device
	has a feature to release some memory at the last moment before some
	process will be get killed by OOM-killer.

	Introduce a new optional balloon device attribute 'autodeflate' to
	enable or disable this feature.

2016-01-12  Cole Robinson  <crobinso@redhat.com>

	rpc: socket: Don't repeatedly attempt to launch daemon
	On every socket connect(2) attempt we were re-launching session
	libvirtd, up to 100 times in 5 seconds.

	This understandably caused some weird load races and intermittent
	qemu:///session startup failures

	https://bugzilla.redhat.com/show_bug.cgi?id=1271183

2016-01-12  Cole Robinson  <crobinso@redhat.com>

	rpc: socket: Explicitly error if we exceed retry count
	When we autolaunch libvirtd for session URIs, we spin in a retry
	loop waiting for the daemon to start and the connect(2) to succeed.

	However if we exceed the retry count, we don't explicitly raise an
	error, which can yield a slew of different error messages elsewhere
	in the code.

	Explicitly raise the last connect(2) failure if we run out of retries.

2016-01-12  Cole Robinson  <crobinso@redhat.com>

	rpc: socket: Minor cleanups
	- Add some debugging
	- Make the loop dependent only on retries
	- Make it explicit that connect(2) success exits the loop
	- Invert the error checking logic

2016-01-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Add missing virxdrdefs.h include to log_protocol
	Commit 2b6f6ad introduced the virxdrdefs.h header with
	common definitions to be included in the protocol files,
	but logging/log_protocol.x was missed, so add it there as well.

	Hopefully this fixes build on OS X.

2016-01-12  Andrea Bolognani  <abologna@redhat.com>

	virsh: Fix alignment in VIRSH_COMMON_OPT_CONFIG definition

2016-01-12  Ben Gray  <ben.r.gray@gmail.com>

	rpc: Don't rewrite msg->fds on every read dispatch
	When we are receiving data in smaller chunks it might happen that
	virNetServerClientDispatchRead() will be called multiple times.  And as
	that happens, if it is a message that also transfer headers, we decode
	the number of them every single time and, unfortunately, also allocate
	the memory for them.  That causes a leak, in the best scenario.

	Best viewed with '-w'.

2016-01-12  John Ferlan  <jferlan@redhat.com>

	virsh: Create macro for common "interface" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically.  Note that not all
	'{.name = "interface",' entries are replaced, just those that have the
	common .help string of "interface name or MAC address".

	virsh: Create macro for common "network" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically.  Note that not all
	'{.name = "network",' entries are replaced, just those that have the
	common .help string of "network name or uuid".

	virsh: Create macros for common "vol" options
	Rather than continually cut-n-paste the strings into each command,
	create common macros to be used generically.  Replace the more commonly
	used "vol" option with a macro. This also adjusts 2 commands that
	didn't have the correct helpstr - 'vol-create-from' and 'vol-clone'.
	Both are described in the man page as taking vol, path, or key and
	the code uses the virshCommandOptVol instead of virshCommandOptVolBy.

	virsh: Create macro for common "file" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically. The macro will take a
	single argument _helpstr for the less common help string for each
	command option.  Note that only file options using "OT_DATA" and
	"OFLAG_REQ" will be replace - others are left as is.

	virsh: Create macro for common "current" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically. The macro will take a
	single argument _helpstr which for many options in virsh-domain.c
	is simply "affect current domain". So, create a second macro within that
	file in order to define the more common use as a revector to the
	common macro with the common _helpstr.

	virsh: Create macro for common "live" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically. The macro will take a
	single argument _helpstr which for many options in virsh-domain.c
	is simply "affect running domain". So, create a second macro within that
	file in order to define the more common use as a revector to the
	common macro with the common _helpstr.

	virsh: Create macro for common "config" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically. The macro will take a
	single argument _helpstr which for many options in virsh-domain.c
	is simply "affect next boot". So, create a second macro within that
	file in order to define the more common use as a revector to the
	common macro with the common _helpstr.

2016-01-12  John Ferlan  <jferlan@redhat.com>

	virsh: Create macro for common "persistent" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically.  Note that not all
	'{.name = "persistent",' entries are replaced, just those that have the
	common .help string of "make live change persistent".

	Non replaced instances are unique to the command.

2016-01-12  John Ferlan  <jferlan@redhat.com>

	virsh: Create macro for common "domain" option
	Rather than continually cut-n-paste the strings into each command,
	create a common macro to be used generically. The macro will take a
	single argument _helpstr which will be used to pass the translatable
	helpstr since not all domain options can take the same string.

	The majority of the options take 'N_("domain name, id or uuid")', so
	create a separate macro with a _FULL suffix while those that do not
	take the same string will use the VIRSH_COMMON_OPT_DOMAIN macro.

2016-01-12  John Ferlan  <jferlan@redhat.com>

	virsh: Adjustments for the VIRSH_COMMON_OPT_POOL
	The macro is slightly adjusted to add an argument "_helpstr". This
	will be passed as a translation macro string since other uses of the
	option may not have the same exact help string (such as is the case
	when the uuid is not suppliable for create commands).

	In virsh-pool.c - we'll create a singular VIRSH_COMMON_OPT_POOL_FULL
	in order to pass along the 'N_("pool name or uuid")'

	In virsh-volume.c there will be a VIRSH_COMMON_OPT_POOL_FULL and a
	VIRSH_COMMON_OPT_POOL_NAME, which passes 'N_("pool name")' for
	the commands that can only pass a name. There will also be a
	VIRSH_COMMON_OPT_POOL_OPTIONAL which is used for the command
	options which use OT_STRING and don't require the --pool argument.

2016-01-12  John Ferlan  <jferlan@redhat.com>

	virsh: Convert VSH_POOL_ macro to VIRSH_COMMON_OPT_
	Commit id's 'cf793b00', 'e178688f', 'f9a6110f', '5372d49', and 'e193735'
	added new VSH_POOL_ macros; however, it was pointed out after push that
	commit id '834c5720' preferred use of VIRSH_ for the prefix over VSH_.

	So this patch just changes the VSH_ to VIRSH_ and it changes the naming
	format from VIRSH_<opt>_OPT_COMMON to VIRSH_COMMON_OPT_<opt>.

2016-01-11  Laine Stump  <laine@laine.org>

	util: eliminate bogus error log in virNetDevVPortProfileGetStatus
	 if instanceId is NULL

	When virNetDevVPortProfileGetStatus() was called with instanceId =
	NULL (which is the case for all DISASSOCIATE requests in 802.1Qbh) it
	would log the following error:

	   Could not find netlink response with expected parameters

	even though the disassociate had been successfully completely. Then,
	due to the fortunate coincidence of status having been initialized to
	0 and then not changed when the "failure" was encountered, it would
	still return a status of 0 (PORT_VDP_RESPONSE_SUCCESS), so the caller
	would assume a successful operation.

	This would result in a spurious log message though, and would fill in
	LastErrorMessage, so that the API would return that error if it
	happened during cleanup from some other error. That, in turn, would
	lead to an incorrect supposition that the response to the port profile
	disassociate was the cause of the failure.

	During debugging, I noticed that the VF in question usually had *no
	uuid* associated with it (big surprise)by the time the disassociate
	completed, so the solution is *not* to send the previous instanceId
	down.

	This patch fixes virNetDevVPortProfileGetStatus() to only check the
	VF's uuid in the status if it was given an instanceId to check against
	when originally called. Otherwise it only checks that the particular
	VF is present (it will be).

	This does cause a slight difference in behavior - rather than
	returning with status unchanged (and thus always 0) it will actually
	get the IFLA_PORT_RESPONSE. This could lead to revelation of error
	conditions we were previously ignoring. Or not. So far "not".

2016-01-11  Laine Stump  <laine@laine.org>

	qemu: use enum when setting PCI "multi" value, not 0 or 1
	Use the VIR_TRISTATE_SWITCH_* enums appropriately.

	No functional change.

2016-01-11  Laine Stump  <laine@laine.org>

	qemu: auto-add a USB2 controller set for Q35 machines
	Use virDomainDefAddUSBController() to add an EHCI1+UHCI1+UHCI2+UHCI3
	controller set to newly defined Q35 domains that don't have any USB
	controllers defined.

2016-01-11  Laine Stump  <laine@laine.org>

	qemu: define virDomainDevAddUSBController()
	This new function will add a single controller of the given model,
	except the case of ich9-usb-ehci1 (the master controller for a USB2
	controller set) in which case a set of related controllers will be
	added (EHCI1, UHCI1, UHCI2, UHCI3). These controllers will not be
	given PCI addresses, but should be otherwise ready to use.

	"-1" is allowed for controller model, and means "default for this
	machinetype". This matches the existing practice in
	qemuDomainDefPostParse(), which always adds the default controller
	with model = -1, and relies on the commandline builder to set a model
	(that is wrong, but will be fixed later).

2016-01-11  Laine Stump  <laine@laine.org>

	conf: add virDomainDefAddController()
	We need a virDomainDefAddController() that doesn't check for an
	existing controller at the same index (since USB2 controllers must be
	added in sets of 4 that are all at the same index), so rather than
	duplicating the code in virDomainDefMaybeAddController(), split it
	into two functions, in the process eliminating existing duplicated
	code that loops through the controller list by calling
	virDomainControllerFind(), which does the same thing).

2016-01-11  Laine Stump  <laine@laine.org>

	qemu: prefer 00:1D.x and 00:1A.x for USB2 controllers on Q35
	The real Q35 machine puts the first USB controller set (EHCI+(UHCIx4))
	on bus 0 slot 0x1D, and the 2nd USB controller set on bus 0 slot 0x1A,
	so let's attempt to make the virtual machine match that for
	controllers with auto-assigned addresses when possible.

	Three test cases were added to assure that the proper addresses are
	assigned - one with a single set of unaddressed USB controllers, one
	with 3 (to grab both preferred slots plus one more), and one with the
	order of the controller definitions reordered, to assure that the
	auto-assignment isn't mixed up by order.

2016-01-11  Laine Stump  <laine@laine.org>

	qemu: don't assume slot 0 is unused/reserved.
	When qemuAssignDevicePCISlots() is looking for companion controllers
	for a USB controller that has no PCI address specified, it initializes
	a virDevicePCIAddress to 0000:00:00.0, fills it in with the
	companion's address if one is found, then checks whether or not there
	was a find based on slot == 0. On a system with a single PCI bus, that
	is a valid way to check, because slot 0 is reserved, but on most other
	PCI buses, slot 0 is not reserved, and is open for use by any
	device. This patch adds a separate bool that is set when a companion
	is found rather than relying on the faulty information provided with
	"slot == 0".

2016-01-11  Jasper Lievisse Adriaanse  <jasper@openbsd.org>

	Unify int types handling in protocol files
	Some of the protocol files already include handing of the missing int
	types such as xdr_uint64_t, some don't. To fix it everywhere, move out
	of the appropriate defines to the utils/virxdrdefs.h file and include
	it where needed.

	Use struct sockpeercred when available
	OpenBSD uses 'struct sockpeercred' instead of 'struct ucred'. Add a
	configure check that detects its presence and use if in the code that
	could be compiled on OpenBSD.

2016-01-11  Jasper Lievisse Adriaanse  <jasper@openbsd.org>

	cgroup: don't include sys/mount.h if not needed
	As cgroup implementation only works on Linux, it does not
	make much sense to include sys/mount.h if other requirements are
	not met, such as HAVE_MNTENT_H and HAVE_GETMNTENT_R.

	Also, it fixes build on OpenBSD that requires to include sys/param.h
	along with sys/mount.h.

2016-01-11  Cole Robinson  <crobinso@redhat.com>

	build: Kill docs/schemas/Makefile.am
	Move the logic to docs/Makefile.am, and simplify it with a wildcard
	expression.

	build: Kill include/libvirt/Makefile.am
	Move all the logic to include/Makefile.am, simplify it with a wildcard,
	then kill include/libvirt/Makefile.am

2016-01-11  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Fix header of get_message_len()
	In wireshark commit ceb8d954 (v1.99.2) they have changed the
	signature of a function that determines how long a libvirt packet
	is. Now it accepts a void pointer for passing data into the
	function. Well, this is nice, but we don't need it right now.
	Anyway, we have to change our code.

	wireshark: Replace WIRESHARK_COMPAT with actual version comparison
	In the upcoming patch we will need yet another #ifdef code block
	depending on wireshark version. Instead of defining
	WIRESHARK_COMPAT2 or something lets just compare the version
	right at the place so that we can clearly see what version broke
	API.

	wireshark: s/tvb_length/tvb_captured_length/
	In wireshak commit 22149c55 (v.1.11.3) the API was renamed.
	Follow the change in our code too. Since the wireshark change was
	made in the very same version that we require at least we are
	good to go.

	wireshark: s/ep_alloc/wmem_alloc/
	In wireshark, they have introduced their own memory allocator
	wmem. This means that we need to adapt our code to that change
	too. Notably 0ad15f88ccf434e8210ca is the wireshark commit you
	want to look at. It's the one where they dropped the old API. The
	new allocator has been introduced in 84cc3daa (v1.10.0), however,
	was not exposed until 5c05c9e0 (v1.10.0). Since we already are
	requiring 1.11.3 or higher no other change is needed.

2016-01-11  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: s/proto_tree_add_text/proto_tree_add_item/
	In the wireshark commit e2735ecfdd7a96c they dropped
	proto_tree_add_text in favor of proto_tree_add_item. Adapt to
	this change.

	Moreover, the proto_tree_add_item API is around for ages and we
	are already using it anyway. Therefore we don't need to change
	required version of wireshark.

2016-01-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce QEMU_CAPS_VSERPORT_CHANGE
	This capability tells if qemu is capable of vserport_change
	events.

	qemu: change qemuFindAgentConfig return type
	While this is no functional change, whole channel definition is
	going to be needed very soon. Moreover, while touching this obey
	const correctness rule in qemuAgentOpen() - so far it was passed
	regular pointer to channel config even though the function is
	expected to not change pointee at all. Pass const pointer
	instead.

	qemu: Set virtio channel state sooner
	In qemu driver we listen to virtio channel events like an agent
	connected to or disconnected from the guest part of socket.
	However, with a little exception - when we find out that the
	socket in question is the guest agent one, we connect or
	disconnect guest agent which is done prior setting new state in
	internal structure. Due to a bug in our code it may happen that
	we got the event but failed to set it in internal structure
	representing the channel.

2016-01-11  Martin Kletzander  <mkletzan@redhat.com>

	Fix LSB requirements in service script and sync them
	Commit b22344f3285187ee1768d6e031bc0ff20e32552d mistakenly reordered
	Default-* lines.  Thanks to that I noticed that we are very inconsistent
	with our init scripts, so I took the liberty of synchronizing them,
	updating them and making them all look shiny and new.  So apart from
	fixing the LSB requirements, I also fixed the ordering, specified
	runlevels and fix the link to the reference specification.

2016-01-11  Michal Privoznik  <mprivozn@redhat.com>

	virDomainGetTime: Deny on RO connections
	We have a policy that if API may end up talking to a guest agent
	it should require RW connection. We don't obey the rule in
	virDomainGetTime().

	virDomainInterfaceAddresses: Allow API on RO connection too
	This API does not change domain state. However, we have a policy
	that an API talking to a guest agent requires RW access. But that
	happens only if source == VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.

2016-01-11  Andrea Bolognani  <abologna@redhat.com>

	virsh: Document the --timestamp option
	The event, net-event and qemu-monitor-event virsh commands all
	support the --timestamp option now, but such option was not
	referenced in the man page.

2016-01-11  Andrea Bolognani  <abologna@redhat.com>

	virsh: Add timestamps to network events
	Implement a --timestamp option for 'virsh net-event', similar to the
	one for 'virsh event'.

	When the option is used, the human-readable timestamp will be printed
	before the message.

2016-01-11  Andrea Bolognani  <abologna@redhat.com>

	virsh: Add timestamps to QEMU monitor events
	Implement a --timestamp option for 'virsh qemu-monitor-event', similar
	to the one for 'virsh event'.

	When the option is used, the human-readable timestamp will be printed
	before the message, and the timing information provided by QEMU will
	not be displayed.

2016-01-11  Martin Kletzander  <mkletzan@redhat.com>

	Don't clear libvirt-internal paths when parsing status XML
	Earlier commit 714080791778e3dfbd484ccb3953bffd820b8ba9 forgot to deal
	properly with status XMLs where we want the libvirt-internal paths to be
	kept in place and not cleared, otherwise we could end up copying a NULL
	string and segfaulting th daemon.

	Provide parse flags to PostParse functions
	This way both Domain and Device PostParse functions can act based on the
	flags.

2016-01-10  Cole Robinson  <crobinso@redhat.com>

	qemu: command: wire up usage of q35/ich9 disable s3/s4
	If the q35 specific disable s3/s4 setting isn't supported, fallback to
	specifying the PIIX setting, which is the previous behavior. It doesn't
	have any effect, but qemu will just warn about it rather than error:

	  qemu-system-x86_64: Warning: global PIIX4_PM.disable_s3=1 not used
	  qemu-system-x86_64: Warning: global PIIX4_PM.disable_s4=1 not used

	Since it doesn't error, I don't think we should either, since there
	may be configs in the wild that already have q35 + disable_s3/4 (via
	virt-manager)

2016-01-10  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: check for q35/ICH9 disable S3/S4
	Update test data to match

	qemu: caps: Rename CAPS_DISABLE_S[34] to CAPS_PIIX_DISABLE_S[34]
	These settings are specific to PIIX, so clarify it

	qemu: capabilities: s/Pixx/Piix/g
	The chipset is called PIIX; the functions are misnamed

2016-01-10  Cole Robinson  <crobinso@redhat.com>

	examples: Use one top level makefile
	Using one Makefile per example subdirectory essentially serializes 'make'
	calls. Convert to one example/Makefile that builds and distributes
	all the subdir files. This reduces example/ rebuild time from about 5.8
	seconds to 1.5 seconds on my machine.

	One slight difference is that we no longer ship Makefile.am with the
	examples in the rpm. This was virtually useless anyways since the Makefile
	was very specific to libvirt infrastructure, so wasn't generically
	reusable anyways.

	Tested with 'make distcheck' and 'make rpm'

2016-01-09  Cole Robinson  <crobinso@redhat.com>

	cfg.mk: Drop period after filename for indent failures
	The period makes it more difficult to copy/paste the errant filename
	for manual fixup

2016-01-09  Michal Privoznik  <mprivozn@redhat.com>

	virt-host-validate-common: Print warning on missing IOMMU
	No only coverity warns about this, but it kind of makes sense
	too. We have a test whether host supports IOMMU. Some platforms
	don't have it, I know. But in that case we should print a message
	that it's unknown whether platform has it or not.

	Before:
	  (no output)

	After:
	  QEMU: Checking for device assignment IOMMU support                         : WARN (Unknown if this platform has IOMMU support)

2016-01-09  Michal Privoznik  <mprivozn@redhat.com>

	virDomainMigrateUnmanagedParams: Don't blindly dereference @dconnuri
	This function may be called with @dconnuri == NULL, e.g. from
	virDomainMigrateToURI3() if the flags are missing
	VIR_MIGRATE_PEER2PEER flag. Moreover, all later functions called
	from here do wrap it into NULLSTR() so why not do the same here?

2016-01-09  Martin Kletzander  <mkletzan@redhat.com>

	Fix USB model defaults for ppc64
	The condition was checking for UHCI (and OHCI for ppc64) availability so
	that it can specify the proper device instead of legacy usb.  However,
	for ppc64, we don't need to check both OHCI and UHCI, but only OHCI as
	that is the legacy default.  The condition is so big that it was just a
	matter of time when someone will make a mistake there, so let's use more
	lines so that it is visible what the condition checks for.

	This fixes usage of -device instead of -usb for ppc64 that supports
	pci-usb-ohci and does not support piix3-usb-uhci.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1297020

2016-01-09  Martin Kletzander  <mkletzan@redhat.com>

	Avoid wild securityManager pointer in tests
	For some reason we are not setting the driver with memset() to zeros.
	But since commit 74abc3deac6e14ffa9151e425c6e6cd2b075aac5
	driver->securityManager is being accessed and qemuagenttest started
	crashing due to that.

2016-01-09  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2xml: Wire up QEMUCaps usage
	Future changes will make some of these tests dependent on specific
	QEMUCaps flags, so wire up the basic handling. Flags will be added
	in future patches.

	tests: add genericxml2xmltest
	For testing hypervisor independent XML handling. Right now it's just
	populated with an example test case.

	tests: qemuxml2xml: drop early file loading
	For the standard active/inactive XML testing, if we leave the file loading
	up to the generic XML2XML infrastructure, we get the benefit of
	VIR_TEST_REGENERATE_OUTPUT, at the price of a few more disk reads. Seems
	worth it.

	tests: Share domain XML2XML compare helper
	This creates a shared function in testutils.c that consolidates all
	the slightly different implementations.

2016-01-09  Cole Robinson  <crobinso@redhat.com>

	tests: Fix running schematests directly from topdir
	Previously it failed like:

	$ ./tests/domainschematest
	./tests/domainschematest: line 4: ./test-lib.sh: No such file or directory

2016-01-09  Cole Robinson  <crobinso@redhat.com>

	tests: Add newlines with VIR_TEST_REGENERATE_OUTPUT
	Since test files are formatted predictably nowadays, we can make
	VIR_TEST_REGENERATE_OUTPUT handle most cases for us with a simple
	replacement. test-wrap-argv.pl is still canon, but this bit makes
	it easier to confirm test output changes during active development.

2016-01-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: support vif outgoing bandwidth QoS
	The libxl_device_nic structure supports specifying an outgoing rate
	limit based on a time interval and bytes allowed per interval. In xl
	config a rate limit is specified as "<RATE>/s@<INTERVAL>". INTERVAL
	is optional and defaults to 50ms.

	libvirt expresses outgoing limits by average (required), peak, burst,
	and floor attributes in units of KB/s. This patch supports the outgoing
	bandwidth limit by converting the average KB/s to bytes per interval
	based on the same default interval (50ms) used by xl.

2016-01-09  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: support vif bandwidth in xm and xl parser and formatter
	Both xm and xl config have long supported specifying vif rate
	limiting, e.g.

	vif = [ 'mac=00:16:3E:74:3d:76,bridge=br0,rate=10MB/s' ]

	Add support for mapping rate to and from <bandwidth> in the xenconfig
	parser and formatter. rate is mapped to the required 'average' attribute
	of the <outbound> element, e.g.

	  <interface type='bridge'>
	    ...
	    <bandwidth>
	      <outbound average='10240'/>
	    </bandwidth>
	  </interface>

	Also add a unit test to check the conversion logic.

2016-01-09  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: support vif bandwidth in sexpr parser and formatter
	The xen sexpr config format has long supported specifying vif rate
	limiting, e.g.

	  (device
	    (vif
	      (mac '00:16:3e:1b:b1:47')
	      (rate '10240KB/s')
	      ...
	    )
	  )

	Add support for mapping rate to and from <bandwidth> in the xenconfig
	sexpr parser and formatter. rate is mapped to the required 'average'
	attribute of the <outbound> element, e.g.

	  <interface type='bridge'>
	    ...
	    <bandwidth>
	      <outbound average='10240'/>
	    </bandwidth>
	  </interface>

	Also add unit tests to check the conversion logic.

	This patch benefits both the old xen driver and the libxl driver.
	Both drivers gain support for vif bandwidth when converting to/from
	domXML and xen-sxpr. In addition, the old xen driver will now be
	able to handle vif 'rate' setting when communicating with xend.

2016-01-09  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix crash when defining XML with bogus emulator
	We weren't checking for failure of qemuCaps lookup

2016-01-08  Laine Stump  <laine@laine.org>

	util: add missing newline
	Somehow I managed to backspace over the newline between the closing
	brace and goto cleanup; in commit 36e244f3.

2016-01-08  Andrea Bolognani  <abologna@redhat.com>

	tests: qemuxml2argv: Add tests for USB controller on q35

2016-01-08  Cole Robinson  <crobinso@redhat.com>

	tests: qemuxml2xml: Convert fprintf to VIR_TEST_DEBUG

	qemu: Handle SecurityManagerVerify in post parse
	Rather than open coding calls. I can't see any reason not to

	qemu: Handle CanonicalizeMachine in post parse
	Rather than open coding calls. I can't see any reason not to

	qemu: domain: split out post parse default device handling
	Should be a no-op

	domain: separate out function for post parse timer validation
	This should be a no-op

	domain: separate out function for post parse console compat
	This should be a no-op

2016-01-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor qemuMigrationFinish
	To get rid of a giant if-else block which is very easy to get lost in.

	qemu: Report more migration statistics
	memory_dirty_rate corresponds to dirty-pages-rate in QEMU and
	memory_iteration is what QEMU reports in dirty-sync-count.

	qemu: Create a proper type for migration status enum
	The enum will be called qemuMonitorMigrationStatus.

	qemu: Rename qemuMonitorMigrationStatus struct
	The structure actually contains migration statistics rather than just
	the status as the name suggests. Renaming it as
	qemuMonitorMigrationStats removes the confusion.

	qemu: Reorder migration status enum
	A migration is in "setup" state after it was "inactive" and before it
	becomes "active". Let's reflect this in our migration status enum.

2016-01-08  Pavel Hrdina  <phrdina@redhat.com>

	tests.nwfilterebiptablestest: swap actual and expected
	Those parameters should be in opposite order.

	tests.testutils: use virTestDifferenceFull in virtTestCompareToFile
	Let's use the new virTestDifferenceFull function that will regenerate
	the expected output and fail the test to let developer know that there
	something was updated.

	tests.testutils: use VIR_TEST_REGENERATE_OUTPUT for virTestDifferenceFull
	This patch enable regeneration of expected output file for
	virTestDifferenceFull.  It also introduces new
	virTestDifferenceFullNoRegenerate function for special cases, where we
	don't want to regenerate output.

	tests: add helper for VIR_TEST_REGENERATE_OUTPUT flag
	When this flag is specified, some of the expected output files will be
	regenerated with the actual output data.  Use helper function like for
	other flags.

	xen: move virDomainDefPostParse to xenParseSxpr
	This patch partially reverts previous commit 91a00424 and moves the post
	parse function to xenParseSxpr.  This update is required because xen
	driver calls xenParseSxpr directly.

2016-01-08  Martin Kletzander  <mkletzan@redhat.com>

	Remove non-breaking space in comment
	It was added by mistake before the 'If' by commit 714080791778.

2016-01-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix NBD migration with default listenAddress
	My commit 674afcb09e3d33500cfbbcf870ebf92cb99ecfa3 moved computing the
	default listen address from qemuMigrationPrepareAny to
	qemuMigrationPrepareIncoming. However, I didn't notice listenAddress was
	later passed to qemuMigrationStartNBDServer. Thus, it would be called
	with the original value of listenAddress (NULL).

	Let's add the updated listen address to qemuProcessIncomingDef and use
	it when starting NBD servers.

	Reported-by: Michael Chapman <mike@very.puzzling.org>

2016-01-08  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add timestamps to events
	A new --timestamp option for event virsh command can be used to print
	timestamp of each event.

	virsh: Refactor event printing
	To reduce code duplication.

2016-01-08  Andrea Bolognani  <abologna@redhat.com>

	pci: Log debug messages when manipulating the inactive list
	Most of the changes to the list of active and inactive PCI devices
	happen in virHostdev, where they are properly logged.

	virPCIDeviceDetach() and virPCIDeviceReattach(), however, change the
	inactive list as well, so they should be logging similar messages.

2016-01-08  Michal Privoznik  <mprivozn@redhat.com>

	virLogVMessage: Don't leak rawinitmsg
	Instead of misusing a const string to hold up runtime allocated
	data, introduce new variable @hoststr and obey const correctness.

	==6879== 15 bytes in 1 blocks are definitely lost in loss record 68 of 1,064
	==6879==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==6879==    by 0xA7DDF97: vasprintf (in /lib64/libc-2.21.so)
	==6879==    by 0x552BBC6: virVasprintfInternal (virstring.c:493)
	==6879==    by 0x552BCDB: virAsprintfInternal (virstring.c:514)
	==6879==    by 0x54FA44C: virLogHostnameString (virlog.c:468)
	==6879==    by 0x54FAB0F: virLogVMessage (virlog.c:645)
	==6879==    by 0x54FA680: virLogMessage (virlog.c:531)
	==6879==    by 0x54FBBF4: virLogParseOutputs (virlog.c:1130)
	==6879==    by 0x11CB4F: daemonSetupLogging (libvirtd.c:685)
	==6879==    by 0x11E137: main (libvirtd.c:1297)

2016-01-08  Michal Privoznik  <mprivozn@redhat.com>

	virLogHostnameString: Don't leak hostname
	Once @hostname is printed into @hoststr we don't need it anymore.

	==6879== 5 bytes in 1 blocks are definitely lost in loss record 10 of 1,064
	==6879==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==6879==    by 0xA7ED599: strdup (in /lib64/libc-2.21.so)
	==6879==    by 0x552C126: virStrdup (virstring.c:726)
	==6879==    by 0x553B13E: virGetHostnameImpl (virutil.c:720)
	==6879==    by 0x553B1BF: virGetHostnameQuiet (virutil.c:741)
	==6879==    by 0x54FA3FD: virLogHostnameString (virlog.c:462)
	==6879==    by 0x54FAB0F: virLogVMessage (virlog.c:645)
	==6879==    by 0x54FA680: virLogMessage (virlog.c:531)
	==6879==    by 0x54FBBF4: virLogParseOutputs (virlog.c:1130)
	==6879==    by 0x11CB4F: daemonSetupLogging (libvirtd.c:685)
	==6879==    by 0x11E137: main (libvirtd.c:1297)

2016-01-07  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Interrupt *event --loop on disconnect
	The *event --loop commands would keep running even though a connection
	to libvirtd is lost. This doesn't make a lot of sense since clearly we
	won't get any new events from the closed connection.

	virsh: Pass ctl to virshCatchDisconnect
	virshCatchDisconnect expects ctl, but we were just passing NULL instead.

	qemu: Add debug message to spice migration

2016-01-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't bother user with libvirt-internal paths
	If user defines a virtio channel with UNIX socket backend and doesn't
	care about the path for the socket (e.g. qemu-agent channel), we still
	generate it into the persistent XML.  Moreover when then user renames
	the domain, due to its persistent socket path saved into the per-domain
	directory, it will not start.  So let's forget about old generated paths
	and also stop putting them into the persistent definition.

	https://bugzilla.redhat.com/show_bug.cgi?id=1278068

2016-01-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Skip 'transaction' command when no disks are selected
	When doing a memory-only snapshot libvirt would still issue the
	'transaction' command without any disk. Skip it if it isn't necessary.

2016-01-06  Wido den Hollander  <wido@widodh.nl>

	rbd: Do not append Ceph monitor port number 6789 if not provided
	If no port number was provided for a storage pool libvirt defaults to
	port 6789; however, librbd/librados already default to 6789 when no port
	number is provided.

	In the future Ceph will switch to a new port for the Ceph monitors since
	port 6789 is already assigned to a different application by IANA.

	Port 6789 is assigned to SMC-HTTPS and Ceph now has port 3300 assigned as
	the 'Ceph monitor' port.

	In this case it is the best solution to not hardcode any port number into
	libvirt and let librados handle the connection.

	Only if a user specifies a different port number we pass it down to librados,
	otherwise we leave it blank.


	merge

2016-01-06  Wido den Hollander  <wido@widodh.nl>

	rbd: Do not error out on a single image during pool refresh
	It could happen that rbd_list() returns X names, but that while
	refreshing the pool one of those RBD images is removed from Ceph
	through a different route then libvirt.

	We do not need to error out in such case, we can simply ignore the
	volume and continue.

	  error : volStorageBackendRBDRefreshVolInfo:289 :
	    failed to open the RBD image 'vol-998': No such file or directory

	It could also be that one or more Placement Groups (PGs) inside Ceph
	are inactive due to a system failure.

	If that happens it could be that some RBD images can not be refreshed
	and a timeout will be raised by librados.

	  error : volStorageBackendRBDRefreshVolInfo:289 :
	    failed to open the RBD image 'vol-893': Connection timed out

	Ignore the error and continue to refresh the rest of the pool's
	contents.

2016-01-06  Wido den Hollander  <wido@widodh.nl>

	rbd: Only close RBD image if it has been opened
	It could be that we error out while the RBD image has not been
	opened yet. This would cause us to call rbd_close() on pointer
	which has not been initialized.

	Set it to NULL by default and only close if it is not NULL.

2016-01-06  Olaf Hering  <olaf@aepfle.de>

	fix LSB part of virtlogd runlevel script
	Currently pkg build of master branch fails:

	[  300s] + /usr/lib/rpm/brp-boot-scripts
	[  300s] E: File `virtlogd' is missing `Required-Start', please add even if empty!
	[  300s] W: File `virtlogd' is missing `Required-Stop', please add even if empty!
	[  300s] E: File `virtlogd' has empty `Default-Start', please specify default runlevel(s)!
	[  300s] ERROR: found one or more broken init or boot scripts, please fix them.
	[  300s]        For more information about LSB headers please read the manual
	[  300s]        page of of insserv by executing the command `man 8 insserv'.
	[  300s]        If you don't understand this, mailto=werner@suse.de
	[  300s] error: Bad exit status from /var/tmp/rpm-tmp.44965 (%install)

	Add the required tags, fix the existing tags.
	Use soft dependency "Should-Start" because virtlogd may work without network.

2016-01-06  Michael Chapman  <mike@very.puzzling.org>

	virtlogd: fix lock file path in initscript
	The virtlogd initscript's lock file should go in /var/lock/subsys/, not
	(the nonexistent) /var/log/subsys/.

2016-01-05  Michael Chapman  <mike@very.puzzling.org>

	spec: chkconfig(8) and service(8) are in /sbin/, not /bin/

	spec: dbus-devel is needed as build dependency if polkit support is enabled

2016-01-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Specify format= iff disk source is not empty
	Just recently, qemu forbade specifying format for sourceless
	disks (qemu commit 39c4ae941ed992a3bb5). It kind of makes sense.
	If there's no file to open, why specify its format. Anyway, I
	have a domain like this:

	    <disk type='file' device='cdrom'>
	      <driver name='qemu' type='raw'/>
	      <target dev='hda' bus='ide'/>
	      <readonly/>
	      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	    </disk>

	and obviously I am unable to start it. Therefore, a fix on our
	side is needed too.

2016-01-05  John Ferlan  <jferlan@redhat.com>

	storage: Clean up error path for create buildPool failure
	Commit id 'aeb1078ab' added a buildPool option and failure path which
	calls virStoragePoolObjRemove, which unlocks the pool, clears the 'pool'
	variable, and goto cleanup.  However, at cleanup virStoragePoolObjUnlock
	is called without check if pool is non NULL.

2016-01-05  Ján Tomko  <jtomko@redhat.com>

	libvirt-domain: fix dxml passing in virDomainMigrateToURI2
	The refactoring in commit a26669d silently ignored the dxml
	parameter of virDomainMigrateToURI2.

	https://bugzilla.redhat.com/show_bug.cgi?id=1295405

2016-01-05  Dmitry Mishin  <dim@virtuozzo.com>

	conf: Rework code around 'append' attribute
	Commit id '70ffa02fc' added the data.file.append option to some
	VIR_DOMAIN_CHR_TYPE_FILE cases in switch statements allowing the
	code to "fall through" for the remainder of the cases. This causes
	angst in code profiling tools, like Coverity since there is no break;
	followed by more case conditions. Adjust the logic to be more specific
	within each case.

	Use tristate constants for new 'append' field
	For completeness, use the VIR_TRISTATE_SWITCH_ABSENT for data.file.append
	comparisons. Commit ids '70ffa02f' and '53a15aed' just went with the non
	zero comparison.

	docs: Describe new 'append' attribute for chardevs source

2016-01-05  Ján Tomko  <jtomko@redhat.com>

	schema: interleave domain name and uuid with other elements
	Allow <name> and <uuid> anywhere under <domain>, not just at the top:

	error:XML document failed to validate against schema: Unable to validate
	doc against /usr/share/libvirt/schemas/domain.rng
	Expecting an element name, got nothing
	Invalid sequence in interleave
	Element domain failed to validate content

	Introduced with the first RelaxNG schema in commit c642103.

	https://bugzilla.redhat.com/show_bug.cgi?id=1292131

2016-01-05  Martin Kletzander  <mkletzan@redhat.com>

	Fix formatting for virDomainGetCPUStats docstring
	We have few code samples there that are almost unreadable when formatted
	because they are not indented properly.  By indenting them they are
	formatted as code and hence quite readable.  Also adjust descriptions to
	be comments and add semicolons so that the code sample looks like sample
	of a working code.

2016-01-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix return value of qemuDomainGetBlockJobInfo
	While reviewing 1b43885d1784640 I've noticed a virReportError()
	followed by a goto endjob; without setting the correct return
	value. Problem is, if block job is so fast that it's bandwidth
	does not fit into ulong, an error is reported. However, by that
	time @ret is already set to 1 which means success. Since the
	scenario can be hardly considered successful, we should return a
	value meaning error.

2016-01-04  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Required for the copyright year bump to keep 'make syntax-check'
	happy, and also pulls in several portability fixes.

	* .gnulib: Update to latest.
	* bootstrap: Resync from upstream.
	* gnulib/local/m4/ssize_t.m4.diff: Regenerate.

2016-01-04  Laine Stump  <laine@laine.org>

	docs: update to properly reflect meaning of fields in log filter
	The documentation (and comment in libvirtd.conf) says that the text in
	a log filter is compared to the "source file name", and gives the
	example of "util/json", but this is not correct (at least not since
	commit 2835c1e, possibly earlier). It is instead compared to the
	string given in the VIR_LOG_INIT() macro invocation at the top of each
	source file, which is always "similar to but not the same as" the
	source file name (in the example above, the proper name is
	"util.json", while the file name is "util/virjson.c"). This patch
	corrects the misstatement in both the documentation and in
	libvirtd.conf.

2016-01-04  Laine Stump  <laine@laine.org>

	util: reduce debug log in virPCIGetVirtualFunctions()
	Due to debug logs like this:

	  virPCIGetDeviceAddressFromSysfsLink:2432 : Attempting to resolve device path from device link '/sys/class/net/eth1/device/virtfn6'
	  logStrToLong_ui:2369 : Converted '0000:07:00.7' to unsigned int 0
	  logStrToLong_ui:2369 : Converted '07:00.7' to unsigned int 7
	  logStrToLong_ui:2369 : Converted '00.7' to unsigned int 0
	  logStrToLong_ui:2369 : Converted '7' to unsigned int 7
	  virPCIGetDeviceAddressFromSysfs:1947 : virPCIDeviceAddress 0000:07:00.7
	  virPCIGetVirtualFunctions:2554 : Found virtual function 7

	printed *once for each SR-IOV Virtual Function* of a Physical Function
	each time libvirt retrieved the list of VFs (so if the system has 128
	VFs, there would be 900 lines of log for each call), the debug logs on
	any system with a large number of VFs was dominated by "information"
	that was possibly useful for debugging when the code was being
	written, but is now useless for debugging of any problem on a running
	system, and only serves to obscure the real useful information. This
	overkill has no place in production code, so this patch removes it.

2016-01-04  Laine Stump  <laine@laine.org>

	util: improve error reporting in virNetDevVPortProfileGetStatus
	The previous error message just indicated that the desired response
	couldn't be found, this patch tells what was desired, as well as
	listing out the entire table that had been in the netlink response, to
	give some kind of idea why it failed.

	util: report the MAC address that couldn't be set
	I noticed in a log file that we had failed to set a MAC address. The
	log said which interface we were trying to set, but didn't give the
	offending MAC address, which could have been useful in determining the
	source of the problem. This patch modifies all three places in the
	code that set MAC addresses to report the failed MAC as well as
	interface.

2016-01-04  Wido den Hollander  <wido@widodh.nl>

	rbd: Return VIR_STORAGE_FILE_RAW as format for RBD volumes
	This used to return 'unkown' and that was not correct.

	A vol-dumpxml now returns:

	<volume type='network'>
	  <name>image3</name>
	  <key>libvirt/image3</key>
	  <source>
	  </source>
	  <capacity unit='bytes'>10737418240</capacity>
	  <allocation unit='bytes'>10737418240</allocation>
	  <target>
	    <path>libvirt/image3</path>
	    <format type='raw'/>
	  </target>
	</volume>

	The RBD driver will now error out if a different format than RAW
	is provided when creating a volume.

2016-01-04  Michael Chapman  <mike@very.puzzling.org>

	storage: do not leak storage pool XML filename
	Valgrind complained:

	==28277== 38 bytes in 1 blocks are definitely lost in loss record 298 of 957
	==28277==    at 0x4A06A2E: malloc (vg_replace_malloc.c:270)
	==28277==    by 0x82D7F57: __vasprintf_chk (in /lib64/libc-2.12.so)
	==28277==    by 0x52EF16A: virVasprintfInternal (stdio2.h:199)
	==28277==    by 0x52EF25C: virAsprintfInternal (virstring.c:514)
	==28277==    by 0x52B1FA9: virFileBuildPath (virfile.c:2831)
	==28277==    by 0x19B1947C: storageDriverAutostart (storage_driver.c:191)
	==28277==    by 0x19B196A7: storageStateAutoStart (storage_driver.c:307)
	==28277==    by 0x538527E: virStateInitialize (libvirt.c:793)
	==28277==    by 0x11D7CF: daemonRunStateInit (libvirtd.c:947)
	==28277==    by 0x52F4694: virThreadHelper (virthread.c:206)
	==28277==    by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so)
	==28277==    by 0x82BE93C: clone (in /lib64/libc-2.12.so)

2016-01-04  Michael Chapman  <mike@very.puzzling.org>

	qemu: do not leak NBD disk data in migration cookie
	Valgrind complained:

	==18990== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 188 of 996
	==18990==    at 0x4A057BB: calloc (vg_replace_malloc.c:593)
	==18990==    by 0x5292E9B: virAllocN (viralloc.c:191)
	==18990==    by 0x2221E731: qemuMigrationCookieXMLParseStr (qemu_migration.c:1012)
	==18990==    by 0x2221F390: qemuMigrationEatCookie (qemu_migration.c:1413)
	==18990==    by 0x222228CE: qemuMigrationPrepareAny (qemu_migration.c:3463)
	==18990==    by 0x22224121: qemuMigrationPrepareDirect (qemu_migration.c:3865)
	==18990==    by 0x22251C25: qemuDomainMigratePrepare3Params (qemu_driver.c:12414)
	==18990==    by 0x5389EE0: virDomainMigratePrepare3Params (libvirt-domain.c:5107)
	==18990==    by 0x1278DB: remoteDispatchDomainMigratePrepare3ParamsHelper (remote.c:5425)
	==18990==    by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437)
	==18990==    by 0x540523D: virNetServerProcessMsg (virnetserver.c:135)
	==18990==    by 0x54052C7: virNetServerHandleJob (virnetserver.c:156)
	==18990==
	==18990== 20 (16 direct, 4 indirect) bytes in 1 blocks are definitely lost in loss record 189 of 996
	==18990==    at 0x4A057BB: calloc (vg_replace_malloc.c:593)
	==18990==    by 0x5292E9B: virAllocN (viralloc.c:191)
	==18990==    by 0x2221E731: qemuMigrationCookieXMLParseStr (qemu_migration.c:1012)
	==18990==    by 0x2221F390: qemuMigrationEatCookie (qemu_migration.c:1413)
	==18990==    by 0x222249D2: qemuMigrationRun (qemu_migration.c:4395)
	==18990==    by 0x22226365: doNativeMigrate (qemu_migration.c:4693)
	==18990==    by 0x22228E45: qemuMigrationPerform (qemu_migration.c:5553)
	==18990==    by 0x2225144B: qemuDomainMigratePerform3Params (qemu_driver.c:12621)
	==18990==    by 0x539F5D8: virDomainMigratePerform3Params (libvirt-domain.c:5206)
	==18990==    by 0x127305: remoteDispatchDomainMigratePerform3ParamsHelper (remote.c:5557)
	==18990==    by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437)
	==18990==    by 0x540523D: virNetServerProcessMsg (virnetserver.c:135)

	If we're replacing the NBD data, it's simplest to free the old object
	(including the disk list) and allocate a new one.

2016-01-04  Michael Chapman  <mike@very.puzzling.org>

	qemu: do not copy out non-existent block job info
	Valgrind complained:

	==23975== Conditional jump or move depends on uninitialised value(s)
	==23975==    at 0x22255FA6: qemuDomainGetBlockJobInfo (qemu_driver.c:16538)
	==23975==    by 0x538E97C: virDomainGetBlockJobInfo (libvirt-domain.c:9685)
	==23975==    by 0x12F740: remoteDispatchDomainGetBlockJobInfoHelper (remote.c:2834)
	==23975==    by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437)
	==23975==    by 0x540523D: virNetServerProcessMsg (virnetserver.c:135)
	==23975==    by 0x54052C7: virNetServerHandleJob (virnetserver.c:156)
	==23975==    by 0x52F515B: virThreadPoolWorker (virthreadpool.c:145)
	==23975==    by 0x52F4668: virThreadHelper (virthread.c:206)
	==23975==    by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so)
	==23975==    by 0x82BE93C: clone (in /lib64/libc-2.12.so)
	==23975==
	==23975== Conditional jump or move depends on uninitialised value(s)
	==23975==    at 0x22255FB4: qemuDomainGetBlockJobInfo (qemu_driver.c:16542)
	==23975==    by 0x538E97C: virDomainGetBlockJobInfo (libvirt-domain.c:9685)
	==23975==    by 0x12F740: remoteDispatchDomainGetBlockJobInfoHelper (remote.c:2834)
	==23975==    by 0x53FF287: virNetServerProgramDispatch (virnetserverprogram.c:437)
	==23975==    by 0x540523D: virNetServerProcessMsg (virnetserver.c:135)
	==23975==    by 0x54052C7: virNetServerHandleJob (virnetserver.c:156)
	==23975==    by 0x52F515B: virThreadPoolWorker (virthreadpool.c:145)
	==23975==    by 0x52F4668: virThreadHelper (virthread.c:206)
	==23975==    by 0x6E08A50: start_thread (in /lib64/libpthread-2.12.so)
	==23975==    by 0x82BE93C: clone (in /lib64/libc-2.12.so)

	If no matching block job is found, qemuMonitorGetBlockJobInfo returns 0
	and we should not write anything to the caller-supplied
	virDomainBlockJobInfo pointer.

2015-12-29  Michal Privoznik  <mprivozn@redhat.com>

	tests: Make test-wrap-argv.pl executable
	While 'perl test-wrap-argv.pl' is not too long,
	'./test-wrap-argv.pl' is shorter.

2015-12-24  Michal Privoznik  <mprivozn@redhat.com>

	tools: Disable virt-login-shell on mingw
	So, after bec787ee9da we are building virt-login-shell
	independent of LXC driver. This is nice, but the binary is
	enabled by default which makes no sense on mingw. In fact, it
	triggers some compilation errors there:

	  CC       virt_login_shell-virt-login-shell.o
	../../tools/virt-login-shell.c: In function 'main':
	../../tools/virt-login-shell.c:289:15: error: implicit declaration of function 'sysconf' [-Werror=implicit-function-declaration]
	     openmax = sysconf(_SC_OPEN_MAX);
	               ^
	../../tools/virt-login-shell.c:289:5: error: nested extern declaration of 'sysconf' [-Werror=nested-externs]
	     openmax = sysconf(_SC_OPEN_MAX);
	     ^
	../../tools/virt-login-shell.c:289:23: error: '_SC_OPEN_MAX' undeclared (first use in this function)
	     openmax = sysconf(_SC_OPEN_MAX);
	                       ^
	../../tools/virt-login-shell.c:289:23: note: each undeclared identifier is reported only once for each function it appears in
	cc1: all warnings being treated as errors

	While we could workaround sysconf(_SC_OPEN_MAX) issue, the binary
	itself makes no sense on systems where no LXC can be spawned.

2015-12-24  Michal Privoznik  <mprivozn@redhat.com>

	tools: Include PIE_LDFLAGS at the correct place
	This is no functional change, but I find it disturbing that
	something_LDADD contains PIE_LDFLAGS while something_LDFLAGS
	doesn't.

	sysconf: Include unistd.h
	The manpage for sysconf() suggest including unistd.h as the
	function is declared there. Even though we are not hitting any
	compile issues currently, let's include the correct header file
	instead of relying on some hidden include chain.

	virStorageVolWipe: Document that wiping journaled FS is useless
	So you have a libvirt volume that you want to wipe out. But lets
	say that the volume is actually a file stored on a journaled
	filesystem. Overwriting it with zeroes or a pattern does not mean
	that corresponding physical location on the disk is overwritten
	too, due to journaling. It's the same story with network based
	volumes, copy-on-write filesystems, and so on. Since there is no
	way that an userland application can write onto specific areas on
	disk, all that we can do is document the fact.

2015-12-24  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: BUG: fix connecting hang in case of init failure
	In case of prlsdkLoadDomains fails, vzOpenDefault should
	clear connection privateData pointer every time its
	memory is actually freed.
	Also it is not necessary to call vzConnectClose if a call
	to vzOpenDefault fails, because they both make cleanup of
	connection privateData.

2015-12-24  Dmitry Mishin  <dim@virtuozzo.com>

	qemu: Process new 'append' attribute for char dev with output to a file
	By default, QEMU truncates serial file on open. Sometimes, it could be weird -
	for example, when we are trying to investigate some event, which occured several
	restarts ago. This patch adds an ability to preserve previous content.

	conf: Add new 'append' attribute for chardevs with file source
	Currently, there is no possibility for user to specify desired behaviour of
	output to file - truncate or append. This patch adds an ability to explicitly
	specify that user wants to preserve file's content on reopen.

	tests: add qemu 2.6 caps test

2015-12-24  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: support additional flags in domain undefine
	Implement VIR_DOMAIN_UNDEFINE_MANAGED_SAVE and
	VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA flags support.

	vz: move prlsdkCleanupBridgedNet after domain deletion
	prlsdkCleanupBridgedNet call should be made strongly after
	any actual domain deletion accurs. By doing this we avoid
	any potential problems connected with second undefine call
	when it is made after first one fails by some reason, and
	we detect that network is already deleted.

	vz: delete domains when undefine is called
	Currently vz driver unregisters domains when undefine is called,
	which is wrong because it contradicts with expected behavior.
	All vz domains are persistent, which means that when one is
	defined a new bundle directory containing meta data is created.
	Undefining domains in a way we do now leaves those directories
	undeleted, which prevents subsequent define call for the same
	domain xml. I.e. the following sequence define->undefine->define
	doesn't work now.
	The patch fixes the problem by calling PrlVm_Delete instead of
	PrlVm_Unreg detaching all disks prior actually doing this to
	prevent images deletion.

2015-12-21  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Emit debug messages while handling PCI hostdevs
	Both detach and reattach are complex operations involving several steps,
	and it can be useful to be able to follow along by reading the log.

	hostdev: Only rollback detach of managed devices on error
	Since we don't detach unmanaged devices before attaching them to a
	domain, we shouldn't reattach them to rollback an error either.

2015-12-21  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Mark PCI devices as inactive as they're detached
	We want to eventually factor out the code dealing with device detaching
	and reattaching, so that we can share it and make sure it's called eg.
	when 'virsh nodedev-detach' is used.

	For that to happen, it's important that the lists of active and inactive
	PCI devices are updated every time a device changes its state.

	Instead of passing NULL as the last argument of virPCIDeviceDetach() and
	virPCIDeviceReattach(), pass the proper list so that it can be updated.

2015-12-21  Andrea Bolognani  <abologna@redhat.com>

	pci: Introduce virPCIStubDriver enumeration
	This replaces the virPCIKnownStubs string array that was used
	internally for stub driver validation.

	Advantages:

	  * possible values are well-defined
	  * typos in driver names will be detected at compile time
	  * avoids having several copies of the same string around
	  * no error checking required when setting / getting value

	The names used mirror those in the
	virDomainHostdevSubsysPCIBackendType enumeration.

2015-12-21  Andrea Bolognani  <abologna@redhat.com>

	pci: Remove 'reprobe' parameter from virPCIDeviceUnbind()
	The value is not inspected inside the function, so it makes more
	sense for the caller to change the device's setting explicitly.

2015-12-21  Andrea Bolognani  <abologna@redhat.com>

	pci: Remove redundant parameter from virPCIDeviceBindToStub()
	This internal function supports, in theory, binding to a different
	stub driver than the one the PCI device has been configured to use.

	In practice, it is only ever called like

	  virPCIDeviceBindToStub(dev, dev->stubDriver);

	which makes its second parameter redundant. Get rid of it, along
	with the extra string copy required to support it.

2015-12-21  Erik Skultety  <eskultet@redhat.com>

	Revert "admin: Rename virAdmConnect to virAdmDaemon"
	Commmit df8192aa introduced admin related rename and some minor
	(caused by automated approach, aka sed) and some more severe isues along with
	it. First reason to revert is the inconsistency with libvirt library.
	Although we deal with the daemon directly rather than with a specific
	hypervisor, we still do have a connection. That being said, contributors might
	get under the impression that AdmDaemonNew would spawn/start a new daemon
	(since it's admin API, why not...), or AdmDaemonClose would do the exact
	opposite or they might expect DaemonIsAlive report overall status of the daemon
	which definitely isn't the case.
	The second reason to revert this patch is renaming virt-admin client. The
	client tool does not necessarily have to reflect the names of the API's it's
	using in his internals. An example would be 's/vshAdmConnect/vshAdmDaemon'
	where noone can be certain of what the latter function really does. The former
	is quite expressive about some connection magic it performs, but the latter does
	not say anything, especially when vshAdmReconnect and vshAdmDisconnect were
	left untouched.

2015-12-19  Jim Fehlig  <jfehlig@suse.com>

	Xen: support maxvcpus in xm and xl config
	From: Ian Campbell <ian.campbell@citrix.com>

	xend prior to 4.0 understands vcpus as maxvcpus and vcpu_avail
	as a bit map of which cpus are online (default is all).

	xend from 4.0 onwards understands maxvcpus as maxvcpus and
	vcpus as the number which are online (from 0..N-1). The
	upstream commit (68a94cf528e6 "xm: Add maxvcpus support")
	claims that if maxvcpus is omitted then the old behaviour
	(i.e. obeying vcpu_avail) is retained, but AFAICT it was not,
	in this case vcpu==maxcpus==online cpus. This is good for us
	because handling anything else would be fiddly.

	This patch changes parsing of the virDomainDef maxvcpus and vcpus
	entries to use the corresponding 'maxvcpus' and 'vcpus' settings
	from xm and xl config. It also drops use of the old Xen 3.x
	'vcpu_avail' setting.

	The change also removes the maxvcpus limit of MAX_VIRT_VCPUS (since
	maxvcpus is simply a count, not a bit mask), which is particularly
	crucial on ARM where MAX_VIRT_CPUS == 1 (since all guests are
	expected to support vcpu placement, and therefore only the boot
	vcpu's info lives in the shared info page).

	Existing tests adjusted accordingly, and new tests added for the
	'maxvcpus' setting.

2015-12-18  John Ferlan  <jferlan@redhat.com>

	virsh: Add --delete-snapshots flag for undefine and vol-delete
	https://bugzilla.redhat.com/show_bug.cgi?id=1281710

	Commit id '3c7590e0a' added the flag to the rbd backend, but provided
	no means via virsh to use the flag.  This patch adds a '--delete-snapshots'
	option to both the "undefine" and "vol-delete" commands.

	For "undefine", the flag is combined with the "--remove-all-storage" flag
	in order to add the appropriate flag for the virStorageVolDelete call;
	whereas, for the "vol-delete" command, just the flag is sufficient since
	it's only operating on one volume.

	Currently only supported for rbd backends.

2015-12-18  John Ferlan  <jferlan@redhat.com>

	libvirt: Add virStorageVolDeleteFlags to virStorageVolDelete
	Although they've been present for quite a while, they weren't added
	to the API definition, so add them there to make it clearer.

	Currently only the RBD backend even checks for any flags.

2015-12-18  John Ferlan  <jferlan@redhat.com>

	storage: Add virCheckFlags to virStorageBackendRBDDeleteVol
	The initial commit '74951eade' did not include the proper check for whether
	any flags are supported by the driver.

	Even though the driver doesn't support VIR_STORAGE_VOL_DELETE_ZEROED,
	it still checks and allows the processing to continue

	Also add the new VIR_STORAGE_VOL_DELETE_WITH_SNAPSHOTS since it is handled
	as of commit id '3c7590e0a'.

2015-12-18  John Ferlan  <jferlan@redhat.com>

	lxc_cgroup: Add check for NULL cgroup before AddTask call
	Commit id '71ce4759' altered the cgroup processing with respect to the
	call to virCgroupAddTask being moved out from lower layers into the calling
	layers especially for qemu processing of emulator and vcpu threads. The
	movement affected lxc insomuch as it is possible for a code path to
	return a NULL cgroup *and* a 0 return status via virCgroupNewPartition
	failure when virCgroupNewIgnoreError succeeded when virCgroupNewMachineManual
	returns. Coverity pointed out that would cause virCgroupAddTask to core.

	This patch will check for a NULL cgroup as well as the negative return
	and just return the NULL cgroup to the caller (as it would have previously)

2015-12-18  Jim Fehlig  <jfehlig@suse.com>

	Xen: remove xendConfigVersion from driver private struct
	xendConfigVersion is no longer used, so remove it from the
	xenUnifiedPrivate struct.

	Xen: xenconfig: remove xendConfigVersion from public sexpr functions
	Remove use of xendConfigVersion in the s-expresion config formatter/parser
	in src/xenconfig/. Adjust callers in the xen and libxl drivers accordingly.

	Xen: xend: remove use of XEND_CONFIG_VERSION
	Remove use of XEND_CONFIG_VERSION_* in xend_internal.c

	Xen: xen_driver: remove use of XEND_CONFIG_VERSION
	Remove use of XEND_CONFIG_VERSION_* in the Xen unified driver.

	Xen: xenconfig: remove use of XEND_CONFIG_VERSION in xen_sxpr
	Remove use of XEND_CONFIG_VERSION_* in s-expression parser/formatter.

	Xen: tests: use latest XEND_CONFIG_VERSION in xml2sexpr tests
	Change all xml2sexpr tests to use the latest XEND_CONFIG_VERSION
	(XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to
	the latest version.

	Xen: xenconfig: remove disks from '(image)' sexpr
	It has been quite some time since xend required specifying cdroms
	and fds in '(image (hvm ...))'. Remove the code from the parsing
	and formatting functions and fixup the associated tests.

	Xen: tests: use latest XEND_CONFIG_VERSION in sexpr2xml tests
	Change all sexpr2xml tests to use the latest XEND_CONFIG_VERSION
	(XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to
	the latest version.

	Xen: xenconfig: remove xendConfigVersion from public functions
	Remove use of xendConfigVersion in the xm and xl config formatter/parsers
	in src/xenconfig/. Adjust callers in the xen and libxl drivers accordingly.

	Xen: xenconfig: remove use of XEND_CONFIG_VERSION in xen_xm
	Remove use of XEND_CONFIG_VERSION_* in xm parser/formatter.

	Xen: xenconfig: remove XEND_CONFIG_VERSION in common code
	Remove use of XEND_CONFIG_VERSION_* from xenconfig/xen_common.c

	Xen: tests: use latest XEND_CONFIG_VERSION in xm/xl tests
	Change all tests to use the latest XEND_CONFIG_VERSION
	(XEND_CONFIG_VERSION_3_1_0 = 4). Fix tests that do not conform to
	the latest version.

	Xen: tests: remove old xml2sexpr tests
	Remove XML to s-expression converstion tests for old xend 3.0.2
	config format.

	Xen: tests: remove old sexpr2xml tests
	Remove s-expression to XML conversion tests for old xend 3.0.2
	config format.

	Xen: tests: remove net-ioemu xm config test
	Remove the fullvirt-net-ioemu test since explicitly specifying
	'type=ioemu' has not been needed in xm/xend for a long time. It is
	not used at all in xl/libxl.

	Xen: tests: remove old xm config tests
	Remove xm config tests for old xend 3.0.2 config format.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	virsh: Add build flags to pool-create[-as] and pool-start
	https://bugzilla.redhat.com/show_bug.cgi?id=830056

	Utilize recently added VIR_STORAGE_POOL_CREATE_WITH_BUILD* flags in
	order to pass the flags along to the virStoragePoolCreateXML and
	virStoragePoolCreate API's.

	This affects the 'virsh pool-create', 'virsh pool-create-as', and
	'virsh pool-start' commands.  While it could be argued that pool-start
	doesn't need the flags, they could prove useful for someone trying to
	do one command build --overwrite and start command processing or
	essentially starting with a clean slate.

	NB:
	This patch is loosely based upon code originally authored by Osier
	Yang that were not reviewed and pushed, see:

	https://www.redhat.com/archives/libvir-list/2012-July/msg00497.html

2015-12-17  John Ferlan  <jferlan@redhat.com>

	virsh: Create a macro for pool-define-as and pool-create-as options
	Although they both are the same now, a future patch will add new options
	to pool-create-as. So create a common macro to capture commonality, then
	use that in the command specific structure.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	virsh: Create macro for "overwrite" and no-overwrite" options
	Although not currently used in more than one command, it soon will be
	so create a common macro to be used in the new command location.

	Additionally, add the ".flags = 0," for both to match the expections
	of the structure being predefined.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	virsh: Create macro for "file" option
	Rather than continually cut/paste the "file" option for pool command
	option structures, generate a macro which will commonly define it for
	any command.  Then of course use that macro.

	virsh: Create macro for "pool" option
	Rather than continually cut/paste the "pool" option for pool command
	option structures, generate a macro which will commonly define it for
	any command.  Then of course use that macro.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	storage: Add flags to allow building pool during create processing
	https://bugzilla.redhat.com/show_bug.cgi?id=830056

	Add flags handling to the virStoragePoolCreate and virStoragePoolCreateXML
	API's which will allow the caller to provide the capability for the storage
	pool create API's to also perform a pool build during creation rather than
	requiring the additional buildPool step. This will allow transient pools
	to be defined, built, and started.

	The new flags are:

	    * VIR_STORAGE_POOL_CREATE_WITH_BUILD
	      Perform buildPool without any flags passed.

	    * VIR_STORAGE_POOL_CREATE_WITH_BUILD_OVERWRITE
	      Perform buildPool using VIR_STORAGE_POOL_BUILD_OVERWRITE flag.

	    * VIR_STORAGE_POOL_CREATE_WITH_BUILD_NO_OVERWRITE
	      Perform buildPool using VIR_STORAGE_POOL_BUILD_NO_OVERWRITE flag.

	It is up to the backend to handle the processing of build flags. The
	overwrite and no-overwrite flags are mutually exclusive.

	NB:
	This patch is loosely based upon code originally authored by Osier
	Yang that were not reviewed and pushed, see:

	https://www.redhat.com/archives/libvir-list/2012-July/msg01328.html

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	mark virDomainVirtioSerialAddrSetAddController as static.
	This function is no longer used outside domain_addr.c

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	Remove dead code from qemuDomainAttachControllerDevice
	We only support hotplugging SCSI controllers.
	The USB and virtio-serial related code was never reachable because
	this function was only called for VIR_DOMAIN_CONTROLLER_TYPE_SCSI
	controllers.

	This reverts commit ee0d97a and parts of commits 16db8d2
	and d6d54cd1.

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	qemu_hotplug: remove qemuDomainAttachDeviceControllerLive
	This function calls qemuDomainAttachControllerDevice for SCSI
	controllers and reports an error for all other controllers.

	Move the error inside qemuDomainAttachControllerDevice and delete this
	wrapper.

2015-12-17  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Allow building lxc without virt-login-shell
	Add a configure option to disable virt-login-shell build even if lxc is
	enabled.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	storage: Fix startup issue for logical pool
	Commit id '71b803ac' assumed that the storage pool source device path
	was required for a 'logical' pool. This resulted in a failure to start
	a pool without any device path defined.

	So, adjust the virStorageBackendLogicalMatchPoolSource logic to
	return success if at least the pool name matches the vgs output
	when no pool source device path is/are provided.

2015-12-17  John Ferlan  <jferlan@redhat.com>

	qemu: Fix event generated for qemuDomainRevertToSnapshot (pause->run)
	A closer review of the code shows that for the transition from paused to
	running which was supposed to emit the VIR_DOMAIN_EVENT_RESUMED - no event
	would be generated. Rather the event is generated when going from running
	to running.

	Following the 'was_running' boolean shows it is set when the domain obj
	is active and the domain obj state is VIR_DOMAIN_RUNNING. So rather than
	using was_running to generate the RESUMED event, use !was_running

2015-12-17  John Ferlan  <jferlan@redhat.com>

	storage: Attempt to refresh volume after successful wipe volume
	https://bugzilla.redhat.com/show_bug.cgi?id=1270709

	When a volume wipe is successful, perform a volume refresh afterwards to
	update any volume data that may be used in future volume commands, such as
	volume resize.  For a raw file volume, a wipe could truncate the file and
	a followup volume resize the capacity may fail because the volume target
	allocation isn't updated to reflect the wipe activity.

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	virStorageBackendWipeLocal: remove bytes_wiped argument
	It is not used by the caller.

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	storage: drop 'Extent' from virStorageBackendWipeExtentLocal
	The only caller always passes 0 for the extent start.
	Drop the 'extent_start' parameter, as well as the mention of extents
	from the function name.

	Change off_t extent_length to unsigned long long wipe_len, as well as the
	'remain' variable.

2015-12-17  Ján Tomko  <jtomko@redhat.com>

	storage: move buffer allocation inside virStorageBackendWipeExtentLocal
	We do not need to pass a zero-filled buffer as an argument,
	the function can allocate its own.

	storage: fix return values of virStorageBackendWipeExtentLocal
	Return -1:
	* on all failures of fdatasync. Instead of propagating -errno
	  all the way up to the virStorageVolWipe API, which is documented
	  to return 0 or -1.
	* after a partial wipe. If safewrite failed, we would re-use the
	  non-negative return value of lseek (which should be 0 in this case,
	  because that's the only offset we seek to).

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Replace Mlock with MemLock in function names
	MemLock is already used in other modules and, while still an
	abbreviation, is not ambiguous.

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Allow qemuDomainAdjustMaxMemLock() to restore previous value
	When the function changes the memory lock limit for the first time,
	it will retrieve the current value and store it inside the
	virDomainObj for the domain.

	When the function is called again, if memory locking is no longer
	needed, it will be able to restore the memory locking limit to its
	original value.

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Reduce memlock limit after detaching PCI hostdev
	We increase the limit before plugging in a PCI hostdev or a memory
	module because some memory might need to be locked due to eg. VFIO.

	Of course we should do the opposite after unplugging a device: this
	was already the case for memory modules, but not for PCI hostdevs.

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use qemuDomainAdjustMaxMemLock()
	Replace all uses of the qemuDomainRequiresMlock/virProcessSetMaxMemLock
	combination with the equivalent qemuDomainAdjustMaxMemLock() call.

	qemu: Add qemuDomainAdjustMaxMemLock()
	This function detects whether a domain needs RLIMIT_MEMLOCK
	to be set, and if so, uses an appropriate value.

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	process: Add virProcessGetMaxMemLock()
	This function can be used to retrieve the current locked memory
	limit for a process, so that the setting can be later restored.

	Add a configure check for getrlimit(), which we now use.

2015-12-17  Andrea Bolognani  <abologna@redhat.com>

	process: Allow virProcessPrLimit() to get current limit
	The prlimit() function allows both getting and setting limits for
	a process; expose the same functionality in our wrapper.

	Add the const modifier for new_limit, in accordance with the
	prototype for prlimit().

2015-12-17  Eric Blake  <eblake@redhat.com>

	build: disable vbox on cygwin
	Cygwin cannot build the vbox driver yet:

	  CC       vbox/libvirt_driver_vbox_impl_la-vbox_glue.lo
	In file included from vbox/vbox_glue.c:27:0:
	vblox/vbox_XPCOMCGlue.c:63:3: error: #error "Port me"
	 # error "Port me"
	   ^
	In file included from vbox/vbox_XPCOMCGlue.c:45:0,
	                 from vbox/vbox_glue.c:27:
	vbox/vbox_XPCOMCGlue.c: In function 'tryLoadOne':
	vbox/vbox_XPCOMCGlue.c:98:46: error: 'DYNLIB_NAME' undeclared (first use in this function)
	         if (virAsprintf(&name, "%s/%s", dir, DYNLIB_NAME) < 0)
		                                      ^
	./util/virstring.h:245:31: note: in definition of macro 'virAsprintf'
	                         strp, __VA_ARGS__)
				       ^

	Rather than trying to figure out how to get dynamic loading of
	vbox to work under cygwin (since I don't even have a working vbox
	setup to test whether it works), I'm going to be lazy and just
	default to not even trying vbox on cygwin.

2015-12-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Search all nodes for shared memory access
	In commit 686eb7a24f7d, the break was not considered part of the
	condition, hence breaking after first node when searching.

2015-12-16  Andrea Bolognani  <abologna@redhat.com>

	pci: Use virPCIDeviceAddress in virPCIDevice
	Instead of replicating the information (domain, bus, slot, function)
	inside the virPCIDevice structure, use the already-existing
	virPCIDeviceAddress structure.

	For users of the module, this means that the object returned by
	virPCIDeviceGetAddress() can no longer be NULL and must no longer
	be freed by the caller.

2015-12-15  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Use libxentoollog in preference to libxenctrl if available.
	Upstream Xen is in the process of splitting the (stable API) xtl_*
	interfaces out from the (unstable API) libxenctrl library and into a
	new (stable API) libxentoollog.

	In order to be compatible with Xen both before and after this
	transition check for xtl_createlogger_stdiostream in a libxentoollog
	library and use it if present. If it is not present assume it is in
	libxenctrl.

	Compile tested on Xen 4.6 and a development tree with the split in
	place.

2015-12-15  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainGetJobStats
	Introduces support for domainGetJobStats which has the same
	info as domainGetJobInfo but in a slightly different format.
	Another difference is that virDomainGetJobStats can also
	retrieve info on the most recently completed job. Though so
	far this is only used in the source node to know if the
	migration has been completed. But because we don't support
	completed jobs we will deliver an error.

2015-12-15  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainGetJobInfo
	Introduce support for domainGetJobInfo to get info about the
	ongoing job. If the job is active it will update the
	timeElapsed which is computed with the "started" field added to
	struct libxlDomainJobObj.  For now we support just the very basic
	info and all jobs have VIR_DOMAIN_JOB_UNBOUNDED (i.e. no completion
	time estimation) plus timeElapsed computed.

	Openstack Kilo uses the Job API to monitor live-migration
	progress which is currently nonexistent in libxl driver and
	therefore leads to a crash in the nova compute node. Right
	now, migration doesn't use jobs in the source node and will
	return VIR_DOMAIN_JOB_NONE. Though nova handles this case and
	will migrate it properly instead of crashing.

2015-12-15  John Ferlan  <jferlan@redhat.com>

	storage: Add helper to compare logical pool def against pvs output
	https://bugzilla.redhat.com/show_bug.cgi?id=1025230

	Add a new helper virStorageBackendLogicalMatchPoolSource to compare the
	pool's source name against the output from a 'pvs' command to list all
	volume group physical volume data on the host.  In addition, compare the
	pool's source device list against the particular volume group's device
	list to ensure the source device(s) listed for the pool match what the
	was listed for the volume group.

	Then for pool startup or check API's we need to call this new API in
	order to ensure that the pool we're about to start or declare active
	during checkPool has a valid definition vs. the running host.

2015-12-15  John Ferlan  <jferlan@redhat.com>

	storage: Create helper for virStorageBackendLogicalFindPoolSources
	Rework virStorageBackendLogicalFindPoolSources a bit to create a
	helper virStorageBackendLogicalGetPoolSources that will make the
	pvs call in order to generate a list of associated pv_name and vg_name's.

	A future patch will make use of this for start/check processing to
	ensure the storage pool source definition matches expectations.

2015-12-15  John Ferlan  <jferlan@redhat.com>

	storage: Check FS pool source during virStorageBackendFileSystemIsMounted
	https://bugzilla.redhat.com/show_bug.cgi?id=1025230

	When determining whether a FS pool is mounted, rather than assuming that
	the FS pool is mounted just because the target.path is in the mount list,
	let's make sure that the FS pool source matches what is mounted

2015-12-15  John Ferlan  <jferlan@redhat.com>

	storage: Refactor virStorageBackendFileSystemGetPoolSource
	Refactor code to use standard return functioning with respect to setting
	a ret value and going to cleanup.

2015-12-15  John Ferlan  <jferlan@redhat.com>

	storage: Create helper to generate FS pool source value
	Refactor the code that builds the pool source string during the FS
	storage pool mount to be a separate helper.

	A future patch will use the helper in order to validate the mounted
	FS matches the pool's expectation during poolCheck processing

2015-12-15  Laine Stump  <laine@laine.org>

	qemu: add bootindex option to hostdev network interface commandline
	when appropriate, of course. If the config for a domain specifies boot
	order with <boot dev='blah'/> elements, e.g.:

	     <os>
	       ...
	       <boot dev='hd'/>
	       <boot dev='network'/>
	     </os>

	Then the first disk device in the config will have ",bootindex=1"
	appended to its qemu commandline -device options, and the first (and
	*only* the first) network interface device will get ",bootindex=2".

	However, if the first network interface device is a "hostdev" device
	(an SRIOV Virtual Function (VF) being assigned to the domain with
	vfio), then the bootindex option will *not* be appended. This happens
	because the bootindex=n option corresponding to the order of "<boot
	dev='network'/>" is added to the -device for the first network device
	when network device commandline args are constructed, but if it's a
	hostdev network device, its commandline arg is instead constructed in
	the loop for hostdevs.

	This patch fixes that omission by noticing (in bootHostdevNet) if the
	first network device was a hostdev, and if so passing on the proper
	bootindex to the commandline generator for hostdev devices - the
	result is that ",bootindex=2" will be properly appended to the first
	"network" device in the config even if it is really a hostdev
	(including if it is assigned from a libvirt network pool). (note that
	this is only the case if there is no <bootmenu enabled='yes'/> element
	in the config ("-boot menu-on" in qemu) , since the two are mutually
	exclusive - when the bootmenu is enabled, the individual per-device
	bootindex options can't be used by qemu, and we revert to using "-boot
	order=xyz" instead).

	If a greater level of control over boot order is desired (e.g., more
	than one network device should be tried, or a network device other
	than the first one encountered in the config), then <boot
	dev='network'/> in the <os> element should not be used; instead, the
	individual device elements in the config should be given a "<boot
	order='n'/>

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1278421

2015-12-15  Ján Tomko  <jtomko@redhat.com>

	security_stack: remove extra Security from function names
	Many of the functions follow the pattern:
	virSecurity.*Security.*Label

	Remove the second 'Security' from the names, it should be
	obvious that the virSecurity* functions deal with security
	labels even without it.

2015-12-15  Ján Tomko  <jtomko@redhat.com>

	security_selinux: remove extra Security from function names
	Many of the functions follow the pattern:
	virSecurity.*Security.*Label

	Remove the second 'Security' from the names, it should be obvious
	that the virSecurity* functions deal with security labels even
	without it.

2015-12-15  Ján Tomko  <jtomko@redhat.com>

	security_dac: remove extra Security from function names
	Many of the functions follow the pattern:
	virSecurity.*Security.*Label

	Remove the second 'Security' from the names, it should be obvious
	that the virSecurity* functions deal with security labels even
	without it.

2015-12-15  Pavel Hrdina  <phrdina@redhat.com>

	qemuMonitorJSONEjectMedia: don't stringify the replay at all
	Commit 256496e1 introduced a detection if "is locked" in error replay
	from qemu monitor. Commit c4073657 fixed a memory leak, but it was
	pointed out by Peter, that this could be done cleaner without
	stringifing the replay.

2015-12-15  Andrea Bolognani  <abologna@redhat.com>

	pci: Use 'addr' instead of 'dev' for virPCIDeviceAddressPtr
	The name 'dev' is more appropriate for virPCIDevicePtr.

2015-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorJSONEjectMedia: Don't leak stringified reply
	The return value of virJSONValueToString() should be freed when
	no longer needed. This is not the case after 256496e1.

	==26902== 138 bytes in 2 blocks are definitely lost in loss record 1,051 of 1,239
	==26902==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==26902==    by 0xAA5F599: strdup (in /lib64/libc-2.21.so)
	==26902==    by 0x552BAD9: virStrdup (virstring.c:726)
	==26902==    by 0x54F60A7: virJSONValueToString (virjson.c:1790)
	==26902==    by 0x1DF6EBB9: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2225)
	==26902==    by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985)
	==26902==    by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199)
	==26902==    by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985)
	==26902==    by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030)
	==26902==    by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677)
	==26902==    by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559)
	==26902==    by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966)

	==26902== 106 bytes in 1 blocks are definitely lost in loss record 1,033 of 1,239
	==26902==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==26902==    by 0xAA5F599: strdup (in /lib64/libc-2.21.so)
	==26902==    by 0x552BAD9: virStrdup (virstring.c:726)
	==26902==    by 0x54F60A7: virJSONValueToString (virjson.c:1790)
	==26902==    by 0x1DF6EC0C: qemuMonitorJSONEjectMedia (qemu_monitor_json.c:2227)
	==26902==    by 0x1DF57A4C: qemuMonitorEjectMedia (qemu_monitor.c:1985)
	==26902==    by 0x1DF1EF2D: qemuDomainChangeEjectableMedia (qemu_hotplug.c:199)
	==26902==    by 0x1DF90314: qemuDomainChangeDiskLive (qemu_driver.c:7985)
	==26902==    by 0x1DF90476: qemuDomainUpdateDeviceLive (qemu_driver.c:8030)
	==26902==    by 0x1DF91ED7: qemuDomainUpdateDeviceFlags (qemu_driver.c:8677)
	==26902==    by 0x561785F: virDomainUpdateDeviceFlags (libvirt-domain.c:8559)
	==26902==    by 0x134210: remoteDispatchDomainUpdateDeviceFlags (remote_dispatch.h:10966)

2015-12-14  Henning Schild  <henning.schild@siemens.com>

	qemu cgroups: move new threads to new cgroup after cpuset is set up
	Moving tasks to cgroups implied sched_setaffinity. Changing the cpus in
	a set implies the same for all tasks in the group.
	The old code put the the thread into the cpuset inherited from the
	machine cgroup, which allowed it to run outside of vcpupin for a short
	while.

	qemu: do not put a task into machine cgroup
	The machine cgroup is a superset, a parent to the emulator and vcpuX
	cgroups. The parent cgroup should never have any tasks directly in it.
	In fact the parent cpuset might contain way more cpus than the sum of
	emulatorpin and vcpupins. So putting tasks in the superset will allow
	them to run outside of <cputune>.

	util: cgroups do not implicitly add task to new machine cgroup
	virCgroupNewMachine used to add the pidleader to the newly created
	machine cgroup. Do not do this implicit anymore.

2015-12-14  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevMacVLanTapSetup: Drop @multiqueue argument
	Firstly, there's a bug (or typo) in the only place where we call
	this function: @multiqueue is set whenever @tapfdSize is greater
	than zero, while in fact the condition should have been 'greater
	than one'.
	Then, secondly, since the condition depends on just one
	variable, that we are even passing down to the function, we can
	move the condition into the function and drop useless argument.

2015-12-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Warn when using vhost-user without shared memory
	When user configures vhost-user interface and forgets to also configure
	any shared memory, the search for the root cause of non-operational
	interface might take unpleasantly long time.  Let's enhance user
	experience by emitting a warning in the logs.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1266982

2015-12-13  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevMacVLanTapSetup: Work around older systems
	Some older systems, e.g. RHEL-6 do not have IFF_MULTI_QUEUE flag
	which we use to enable multiqueue feature. Therefore one gets the
	following compile error there:

	  CC     util/libvirt_util_la-virnetdevmacvlan.lo
	util/virnetdevmacvlan.c: In function 'virNetDevMacVLanTapSetup':
	util/virnetdevmacvlan.c:338: error: 'IFF_MULTI_QUEUE' undeclared (first use in this function)
	util/virnetdevmacvlan.c:338: error: (Each undeclared identifier is reported only once
	util/virnetdevmacvlan.c:338: error: for each function it appears in.)
	make[3]: *** [util/libvirt_util_la-virnetdevmacvlan.lo] Error 1

	So, whenever user wants us to enable the feature on such systems,
	we will just throw a runtime error instead.

2015-12-12  Eric Blake  <eblake@redhat.com>

	CVE-2015-5313: storage: don't allow '/' in filesystem volume names
	The libvirt file system storage driver determines what file to
	act on by concatenating the pool location with the volume name.
	If a user is able to pick names like "../../../etc/passwd", then
	they can escape the bounds of the pool.  For that matter,
	virStoragePoolListVolumes() doesn't descend into subdirectories,
	so a user really shouldn't use a name with a slash.

	Normally, only privileged users can coerce libvirt into creating
	or opening existing files using the virStorageVol APIs; and such
	users already have full privilege to create any domain XML (so it
	is not an escalation of privilege).  But in the case of
	fine-grained ACLs, it is feasible that a user can be granted
	storage_vol:create but not domain:write, and it violates
	assumptions if such a user can abuse libvirt to access files
	outside of the storage pool.

	Therefore, prevent all use of volume names that contain "/",
	whether or not such a name is actually attempting to escape the
	pool.

	This changes things from:

	$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
	Vol ../../../../../../etc/haha created
	$ rm /etc/haha

	to:

	$ virsh vol-create-as default ../../../../../../etc/haha --capacity 128
	error: Failed to create vol ../../../../../../etc/haha
	error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/'

2015-12-11  John Ferlan  <jferlan@redhat.com>

	util: Fixup virnetdevmacvlan.h ATTRIBUTE_NONNULL's
	Commit id '56e2171c6' removed a variable from the argument list, but
	neglected to update the ATTRIBUTE_NONNULL values, so when commit id
	'08da97bfb' added a couple of arguments, the values were off.

2015-12-11  Peter Krempa  <pkrempa@redhat.com>

	test: qemuxml2argv: Mock virMemoryMaxValue to remove 32/64 bit difference
	Always return LLONG_MAX even on 32 bit systems. The limitation
	originates from our use of "unsigned long" in several APIs. The internal
	data type is unsigned long long. Make the test suite deterministic by
	removing the architecture difference.

	Flaw was introduced in 645881139b3d2c86acf9d644c3a1471520bc9e57 where
	I've added a test that uses too large numbers.

2015-12-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Enable multiqueue for macvtaps
	https://bugzilla.redhat.com/show_bug.cgi?id=1240439

	Ta-da! Now that we know how to open a macvtap device multiple
	times, we can finally enable the multiqueue feature. Everything
	else is already prepared (e.g. command line generation) from the
	previous iteration where the feature was implemented for
	TUN/TAP devices.

2015-12-11  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevMacVLanCreateWithVPortProfile: Rework to support multiple FDs
	For the multiqueue on macvtaps we are going to need to open
	the device multiple times. Currently, this is not supported.
	Rework the function, so that upper layers can be reworked too.

	virNetDevMacVLanTapSetup: Allow enabling of IFF_MULTI_QUEUE
	Like we are doing for TUN/TAP devices, we should do the same for
	macvtaps. Although, it's not as critical as in that case, we
	should do it for the consistency.

	virNetDevMacVLanTapSetup: Rework to support multiple FDs
	For the multiqueue on macvtaps we are going to need to open
	the device multiple times. Currently, this is not supported.
	Rework the function, so that upper layers can be reworked too.

	virNetDevMacVLanTapOpen: Rework to support multiple FDs
	For the multiqueue on macvtaps we are going to need to open
	the device multiple times. Currently, this is not supported.
	Rework the function, so that upper layers can be reworked too.

	virNetDevMacVLanTapOpen: Slightly rework
	There are few outdated things. Firstly, we don't need to undergo
	the torture of fopen, fscanf and fclose just to get the interface
	index when we have nice wrapper over that: virNetDevGetIndex.
	Secondly, we don't need to have statically allocated buffer for
	the path we are opening.

	virNetDevMacVLanCreateWithVPortProfile: Turn vnet_hdr into flag
	So yet again one of integer arguments that we use as a boolean.
	Since the argument count of the function is unbearably long
	enough, lets turn those booleans into flags.

2015-12-10  Daniel P. Berrange  <berrange@redhat.com>

	log: include hostname in initial log message
	On the very first log message we send to any output, we include
	the libvirt version number and package string. In some bug reports
	we have been given libvirtd.log files that came from a different
	host than the corresponding /var/log/libvirt/qemu log files. So
	extend the initial log message to include the hostname too.

	eg on first log message we would now see:

	 $ libvirtd
	 2015-12-04 17:35:36.610+0000: 20917: info : libvirt version: 1.3.0
	 2015-12-04 17:35:36.610+0000: 20917: info : hostname: dhcp-1-180.lcy.redhat.com
	 2015-12-04 17:35:36.610+0000: 20917: error : qemuMonitorIO:687 : internal error: End of file from monitor

2015-12-09  John Ferlan  <jferlan@redhat.com>

	storage: Ignore block devices that fail format detection
	https://bugzilla.redhat.com/show_bug.cgi?id=1276198

	Prior to commit id '98322052' failure to saferead the block device would
	cause an error to be logged and the device to be skipped while attempting
	to discover/create a stable target path for a new LUN (NPIV).

	This was because virStorageBackendSCSIFindLUs ignored errors from
	processLU and virStorageBackendSCSINewLun.

	Ignoring the failure allowed a multipath device with an "active" and
	"ghost" to be present on the host with the "ghost" block device being
	ignored. This patch will return a -2 to the caller indicating the desire
	to ignore the block device since it cannot be used directly rather than
	fail the pool startup.

2015-12-09  John Ferlan  <jferlan@redhat.com>

	storage: Add debug message
	I found this useful while processing a volume that wouldn't end up
	showing up in the resulting list of block volumes. In this case, the
	partition type wasn't found in the disk_types table.

	storage: Handle readflags errors
	Similar to the openflags VIR_STORAGE_VOL_OPEN_NOERROR processing, if some
	read processing operation fails, check the readflags for the corresponding
	error flag being set. If so, rather then causing an error - use VIR_WARN
	to flag the error, but return -2 which some callers can use to perform
	specific actions. Use a new VIR_STORAGE_VOL_READ_NOERROR flag in a new
	VolReadErrorMode enum.

	storage: Set ret = -1 on failures in virStorageBackendUpdateVolTargetInfo
	While processing the volume for lseek, virFileReadHeaderFD, and
	virStorageFileGetMetadataFromBuf - failure would cause an error,
	but ret would not be set. That would result in an error message being
	sent, but successful status being returned.

	storage: Add comments for backend APIs
	Just so it's clearer what to expect upon input and what types of return
	values could be generated.  These were loosely copied from existing
	virStorageBackendUpdateVolTargetInfoFD.

	storage: Add readflags for backend error processing
	Similar to the openflags which allow VIR_STORAGE_VOL_OPEN_NOERROR to be
	passed to avoid open errors, add a 'readflags' variable so that in the
	future read failures could also be ignored.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: scsihost: Use fakerootdir instead of fakesysfsdir
	This updates the test program to make it consistent with recent changes
	to the mock libraries, and also opens up the possibility of mocking more
	than just /sys in the future.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: Use more specific names for variables
	Instead of fakesysfsdir, which is very generic, use fakesysfspcidir and
	fakesysfscgroupdir. This makes it explicit what part of the fake sysfs
	filesystem they're referring to, and also leaves open the possibility of
	handling files in two unrelated parts of the fake sysfs filesystem.

	No functional changes.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: Rename LIBVIRT_FAKE_SYSFS_DIR to LIBVIRT_FAKE_ROOT_DIR
	The old name is no longer accurate, since now we're using its value as
	the root of the fake filesystem.

	No functional changes.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: cgroupmock: Use the temporary directory as fake root
	We might need to mock files living outside SYSFS_PREFIX later on,
	so it's better to treat the temporary directory we are passed via
	the environment as the root of the fake filesystem and create
	SYSFS_PREFIX inside it.

	The environment variable name will be changed to reflect the new use
	we're making of it in a later commit.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: pcimock: Use the temporary directory as fake root
	We might need to mock files living outside PCI_SYSFS_PREFIX later on,
	so it's better to treat the temporary directory we are passed via
	the environment as the root of the fake filesystem and create
	PCI_SYSFS_PREFIX inside it.

	The environment variable name will be changed to reflect the new use
	we're making of it in a later commit.

2015-12-09  Andrea Bolognani  <abologna@redhat.com>

	tests: pcimock: Remove check for fakesysfsdir
	init_env() will return right away if fakesysfsdir is already
	initialized, so this check is redundant.

	tests: scsihost: Don't set LIBVIRT_FAKE_SYSFS_DIR
	The test program is not preloading any of the mock libraries that read
	that environment variable, so setting it is pointless.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Don't use priv->ncpupids to iterate domain vCPUs
	Use the proper data structures for the iteration since ncpupids will be
	made private later.

	qemu: driver: Refactor qemuDomainHelperGetVcpus
	Change some of the control structures and switch to using the new vcpu
	structure.

	qemu: Add helper to retrieve vCPU pid
	Instead of directly accessing the array add a helper to do this.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Replace checking for vcpu<->pid mapping availability with a helper
	Add qemuDomainHasVCpuPids to do the checking and replace in place checks
	with it.

	We no longer need checking whether the thread contains fake data
	(vcpupids[0] == vm->pid) as in b07f3d821dfb11a118ee75ea275fd6ab737d9500
	and 65686e5a81d654d834d338fceeaf0229b2ca4f0d this was removed.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Drop checking vcpu threads in emulator bandwidth getter/setter
	The vCPU threads make sense in the counterparts that set the vCPU
	bandwidth/quota, not in the emulator one. The emulator tunables are set
	all the time anyways.

	Drop the extra check and remove the now unneeded vm argument.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Remove now unreachable check
	Since commit 0c04906fa the check for priv->cgroup doesn't make sense as
	the calls to virCgroupHasController return the same information. Remove
	it and move it's comment partially to the new check.

	The already spurious check was also later copied to the iothreads code.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	conf: Add helper to get pointer to a certain vCPU definition
	Once more stuff will be moved into the vCPU data structure it will be
	necessary to get a specific one in some ocasions. Add a helper that will
	simplify this task.

	conf: ABI: Split up and improve vcpu info ABI checking
	Extract the checking code into a separate function and prepare the
	infrastructure for checking the new structure type.

	conf: turn def->vcpus into a structure
	To allow collecting all relevant data at one place let's make def->vcpus
	a structure and then we can start moving stuff into it.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: refactor qemuDomainHotunplugVcpus
	Refactor the code flow so that 'exit_monitor:' can be removed.

	This patch moves the auditing functions into places where it's certain
	that hotunplug was or was not successful and reports errors from
	qemuMonitorGetCPUInfo properly.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainHotplugVcpus
	Refactor the code flow so that 'exit_monitor:' can be removed.

	This patch also moves the auditing and setting of the new vCPU count
	right to the place where the hotplug happens, since it's possible that
	the hotplug succeeds and adds a cpu while other stuff fails.

	Lastly, failures of qemuMonitorGetCPUInfo are now reported rather than
	ignored. The function retuns 0 if it "successfully" detected 0 threads.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: cpu hotplug: Move loops to qemuDomainSetVcpusFlags
	qemuDomainHotplugVcpus/qemuDomainHotunplugVcpus are complex enough in
	regards of adding one CPU. Additionally it will be desired to reuse
	those functions later with specific vCPU hotplug.

	Move the loops for adding vCPUs into qemuDomainSetVcpusFlags so that the
	helpers can be made simpler and more straightforward.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Remove weird return values from qemuMonitorSetCPU
	Let the function report errors internally and change it to return
	standard return codes.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: cpu hotplug: Fix error handling logic
	The cpu hotplug helper functions used negative error handling in a part
	of them, although some code that was added later didn't properly set the
	error codes in some cases. This would cause improper error messages in
	cases where we couldn't modify the numa cpu mask and a few other cases.

	Fix the logic by converting it to the regularly used pattern.

2015-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split up vCPU hotplug and hotunplug
	There's only very little common code among the two operations. Split the
	functions so that the internals are easier to understand and refactor
	later.

	qemu: qemuDomainSetVcpusAgent: re-check agent before calling it the again
	With a very unfortunate timing, the agent might vanish before we do the
	second call while the locks were down. Re-check that the agent is
	available before attempting it again.

	qemu: Extract vCPU onlining/offlining via agent into a separate function
	Separate the code so that qemuDomainSetVcpusFlags contains only code
	relevant to hardware hotplug/unplug.

	qemu: domain: Add helper to access vm->privateData->agent
	As in commit 88dc7e0c2fb, the helper can be used in cases where the
	function actually does not access anyting in the private data besides
	the agent.

	conf: Turn def->maxvcpus into size_t
	Later on this will also be used to track size of the vcpu data array.
	Use size_t so that we can utilize the memory allocation helpers.

	conf: Replace read accesses to def->vcpus with accessor

	conf: Move vcpu count check into helper

	conf: Replace writes to def->vcpus with accessor

	conf: Replace read access to def->maxvcpus with accessor
	Finalize the refactor by adding the 'virDomainDefGetVCpusMax' getter and
	reusing it accross libvirt.

	conf: Add helper to check whether domain has offline vCPUs
	The new helper will simplify checking whether the domain config contains
	inactive vCPUs.

	conf: Extract update of vcpu count if maxvcpus is decreased
	The code can be unified into the new accessor rather than being
	scattered accross the drivers.

	conf: Use local copy of maxvcpus in virDomainVcpuParse
	Use the local variable rather than getting it all the time from the
	struct. This will simplify further refactors.

	conf: Replace writes to def->maxvcpus with accessor
	To support further refactors replace all write access to def->maxvcpus
	with a accessor function.

2015-12-09  Pavel Hrdina  <phrdina@redhat.com>

	libxl: copy persistent domain definition while starting a guest
	We should make a copy of current definition to preserve a persistent
	definition, because we later update the definition with live changes.
	The live definition is discarded on domain shutdown and replaced by the
	copy we make before starting the domain.

	xen: fix timer bug found by updated test
	Only 'tsc' timer allows set mode and track is valid only for 'rtc' and
	'platform' timers.

	xen: use virDomainDefPostParse for parsing XM/XL/SEXPR cofings
	This change ensures to call driver specific post-parse code to modify
	domain definition after parsing hypervisor config the same way we do
	after parsing XML.

	lxc: use virDomainDefPostParse for parsing LXC config string
	This change ensures to call driver specific post-parse code to modify
	domain definition after parsing hypervisor config the same way we do
	after parsing XML.

	vmware/vmx: use virDomainDefPostParse after parsing vmx config
	This change ensures to call driver specific post-parse code to modify
	domain definition after parsing hypervisor config the same way we do
	after parsing XML.

2015-12-09  Ján Tomko  <jtomko@redhat.com>

	virsh: rename vshCommandOptString to vshCommandOptStringQuiet
	This function does not set an error. Make it obvious in its name
	to discourage its usage without reporting an error in the caller.

	security_selinux: fix indentation

2015-12-09  Ján Tomko  <jtomko@redhat.com>

	security_dac: check if virSecurityDACGetIds returns negative
	Use the customary check '< 0' instead of checking for non-zero.

	No functional change.

2015-12-09  Ján Tomko  <jtomko@redhat.com>

	Post-release version bump to 1.3.1

2015-12-09  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.3.0
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: regenerated

2015-12-08  Jim Fehlig  <jfehlig@suse.com>

	Revert "libxl: implement virDomainInterfaceStats"
	This reverts commit d2e5538b16e325d9095f3ccb0dac88bbd9fc98f0.

	A migration regression was introduced by this commit. When migrating
	a domain, its active XML is sent to the destination libvirtd, where
	it is parsed as inactive XML. d2e5538b copied the libxl generated
	interface name into the active config, which was being passed to the
	migration destination and being parsed into inactive config. Attempting
	to start the config could result in failure if an interface with the
	same generated name already exists.

	The qemu driver behaves similarly, but the parser contains a hack to
	skip interface names starting with 'vnet' when parsing inactive XML.
	We could extend the hack to skip names starting with 'vif' too, but a
	better fix would be to expose these hypervisor-specific interface name
	prefixes in capabilities. See the following discussion thread for more
	details

	https://www.redhat.com/archives/libvir-list/2015-December/msg00262.html

	For the pending 1.3.0 release, it is best to revert d2e5538b. It can
	be added again post release, after moving the prefix to capabilities.

2015-12-08  Daniel P. Berrange  <berrange@redhat.com>

	rpm: explicitly enable & start virtlogd on install
	When installing the libvirt-daemon RPM, we have a %post rule to
	enable the libvirtd.service, virtlockd.socket and virtlogd.socket
	files. This is only done, however, when the RPM is first installed,
	not when upgrading RPMs. So virtlogd will not get activated on
	upgrading, which is a problem as libvirt qemu driver will expect
	it to be available by default.

	This adds a trigger that is run when uninstalling libvirt-daemon
	older than 1.3.0 that will enable & start virtlogd.socket if
	libvirtd is enabled and/or started. Using the trigger rather
	than %post ensures that it only runs once, allowing admins to
	disable it explicitly thereafter without future upgrades
	re-enabling it.

2015-12-07  Daniel P. Berrange  <berrange@redhat.com>

	libvirtd: enable virtlockd/virtlogd socket activation on install
	When someone does 'systemctl enable libvirtd.service' we should
	also enable virtlockd.socket/virtlogd.socket, so that they can
	be auto-activated if libvirtd tries to access the sockets.

	Without this, people have to manually enable the units themselves
	via 'systemctl enable virtdlogd.socket'.

	This also ensures that if distros uses  'systemctl preset' for
	enabling 'libvirtd.service', then the virtdlogd.socket gets
	enabled without having to wait for the distro to update their
	presets file.

2015-12-07  Daniel P. Berrange  <berrange@redhat.com>

	logging: validate flags passed from client in virtlogd
	The virtlogd RPC messages all have a flags parameter. For
	sake of future error reporting we should be verifying
	these are all 0 for now.

2015-12-07  Daniel P. Berrange  <berrange@redhat.com>

	logging: change log protocol to be more reusable
	The current virtlogd RPC protocol provides the ability to
	handle log files associated with QEMU stdout/err. The log
	protocol messages take the virt driver, domain name and
	use that to form a log file path. This is quite restrictive
	as it prevents us re-using the same RPC protocol messages
	for logging to char device backends where the filename
	can be arbitrarily user specified. It is also bad because
	it means we have 2 separate locations which have to decide
	on logfile name.

	This change alters the RPC protocol so that we pass the
	desired log file path along when opening the log file
	initially. Now the virt driver is exclusively in charge
	of deciding the log filename

2015-12-07  Daniel P. Berrange  <berrange@redhat.com>

	logging: preserve driver, dom name & uuid against log file
	The virt driver, dom name and uuid associated with a log
	file are important pieces of metadata to keep around for
	sake of future enhancements to virtlogd. Currently we
	discard them after opening the log file, but we should
	preserve them, even across restarts.

	qemu: fix memory leak in opening log file
	The qemuDomainLogContextNew method leaks the "logfile" path
	on the non-virtlogd code path.

2015-12-04  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	libvirt: Update virDomainSetMemory description
	virDomainSetMemory is documented to change only runtime configuration of
	running domain. However, that's not true of all hypervisors supported.
	Seems as though when commit id '0f2e50be5' added the current flag, the
	function description should have been updated similar to when commit id
	'c1795c52' updated the virDomainSetMaxMemory description. Especially since
	commit id '80427f1d' updated the virsh 'setmem' description to indicate
	"behavior is different depending on hypervisor."

	This patch will update the description to match current functionality.

2015-12-04  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Automatic SCSI controller creation in SCSI disk hotplug broken
	When a SCSI disk is hotplugged to a domain that does not have the required
	SCSI controller already defined and loaded the following internal error occurs

	error: Failed to attach device from scsi_disk.xml
	error: internal error: Could not find scsi controller with index 0 required for device

	Commit 0260506c added in method qemuBuildDriveDevStr a lookup of the controller
	alias. The internal error occurs because in method qemuDomainAttachSCSIDisk
	the automatic creation of the potentially missing SCSI controller occurs after
	calling qemuBuildDriveDevStr.

	This patch reverses the calling sequence.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-12-04  Daniel P. Berrange  <berrange@redhat.com>

	qemu: include hostname in QEMU log files
	Often when debugging bug reports one is given a copy of the file
	from /var/log/libvirt/qemu/$NAME.log along with other supporting
	files. In a number of cases I've been given sets of files which
	were from different machines. Including the hostname in the QEMU
	log file will help identify when the bug reporter is providing
	bad information.

	rotatingfile: mark log files as close-on-exec
	The log file descriptor associated with the virRotatingFile
	struct should be marked close-on-exec, as even when virtlogd
	re-exec's itself it expect to open the log file fresh. It
	does not need to preserve the logfile handles, only the network
	client FDs.

2015-12-04  Guido Günther  <agx@sigxcpu.org>

	libvirtd: require virtlogd to start before libvirtd
	In the non-systemd case, without socket activation, we need to proper
	ordering.

2015-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Prevent overflows in memory alignment code
	Since libvirt for dubious historical reasons stores memory size as
	kibibytes, it's possible that the alignments done in the qemu code
	overflow the the maximum representable size in bytes. The XML parser
	code handles them in bytes in some stages. Prevent this by doing
	overflow checks when alinging the size and add a test case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260576

2015-12-04  Peter Krempa  <pkrempa@redhat.com>

	schema: Allow > UINT_MAX KiB of memory for NUMA nodes
	Using more than 4TiB of memory per NUMA node would not be possible to
	express in the XML without violating the schema. Not that such boxes
	would be common, but we should use a longer type at this point.

	The pattern is not necessary since libvirt redefines the type already in
	basictypes.rng with the same pattern.

2015-12-03  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	conf: Revert some code to resolve issues for hostdev hotplug
	This patch reverts parts of commits 0d8b24f6b and 0785966d dealing with
	the addition of a controller during virDomainHostdevAssignAddress. This
	caused a regression for the hostdev hotplug path which assumes the
	qemuDomainFindOrCreateSCSIDiskController will add the new controller
	during qemuDomainAttachHostSCSIDevice to both the running domain and
	the domain def controller list when the controller doesn't yet exist
	(whether due to no SCSI controllers existing or the addition of a new
	controller because existing ones are full).

	Since commit id 0d8b24f6 will call virDomainHostdevAssignAddress during
	virDomainDeviceDefPostParseInternal which is called either during domain
	definition post processing (via an iterator during virDomainDefPostParse)
	or directly from virDomainDeviceDefParse during hotplug, the change
	broke the "side effect" of being able to add both a hostdev and controller
	to the running domain.

	The regression would only be seen if the running domain didn't have a
	SCSI controller already defined or if the existing SCSI controller was
	"full" of devices and a new controller needed to be created.

	This patch will also add some extra comments to the code to avoid a
	similar future change.

	Reviewed-by: Bjoern Walk <bwalk@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-12-03  Ján Tomko  <jtomko@redhat.com>

	virsh: remove custom error for cpulist from cmdIOThreadPin
	Instead of the custom error:
	error: iothreadpin: invalid cpulist.

	use vshCommandOptStringReq and let it report a more specific error:
	error: Failed to get option 'cpulist': Option argument is empty

2015-12-03  Ján Tomko  <jtomko@redhat.com>

	virsh: report errors for empty strings
	Several callers were using vshCommandOptString without setting an error.
	Use vshCommandOptStringReq which sets the error.

	https://bugzilla.redhat.com/show_bug.cgi?id=1281707

2015-12-03  Ján Tomko  <jtomko@redhat.com>

	bridge: check for invalid MAC in networkGetDHCPLeases
	Instead of comparing garbage strings against real MAC addresses,
	introduce an error mesage for unparsable ones:

	$ virsh net-dhcp-leases default  --mac t12
	error: Failed to get leases info for default
	error: invalid MAC address: t12

	https://bugzilla.redhat.com/show_bug.cgi?id=1261432

2015-12-02  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainInterfaceStats
	Introduce support for domainInterfaceStats API call for querying
	network interface statistics. Consequently it also enables the
	use of `virsh domifstat <dom> <interface name>` command plus
	seeing the interfaces names instead of "-" when doing
	`virsh domiflist <dom>`.

	After successful guest creation we fill the network
	interfaces names based on domain, device id and append suffix
	if it's emulated in the following form: vif<domid>.<devid>[-emu].
	We extract the network interfaces info from the libxl_domain_config
	object in libxlDomainCreateIfaceNames() to generate ifname. On domain
	cleanup we also clear ifname, in case it was set by libvirt (i.e.
	being prefixed with "vif"). We also skip these two steps in case the name
	of the interface was manually inserted by the adminstrator.

	For getting the interface statistics we resort to virNetInterfaceStats
	and let libvirt handle the platform specific nits. Note that the latter
	is not yet supported in FreeBSD.

2015-12-02  Ian Campbell  <ian.campbell@citrix.com>

	network: selectively disable -Wcast-align in virNetDevParseDadStatus
	Commit 0f7436ca54c9 "network: wait for DAD to finish for bridge IPv6 addresses"
	results in:

	 CC     util/libvirt_util_la-virnetdevmacvlan.lo
	util/virnetdev.c: In function 'virNetDevParseDadStatus':
	util/virnetdev.c:1319:188: error: cast increases required alignment of target type [-Werror=cast-align]
	util/virnetdev.c:1332:41: error: cast increases required alignment of target type [-Werror=cast-align]
	util/virnetdev.c:1334:92: error: cast increases required alignment of target type [-Werror=cast-align]
	cc1: all warnings being treated as errors

	on at least ARM platforms.

	The three macros involved (NLMSG_NEXT, IFA_RTA and RTA_NEXT) all appear to
	correctly take care of alignment, therefore suppress Wcast-align around their
	uses.

	Cc: Maxim Perevedentsev <mperevedentsev@virtuozzo.com>
	Cc: Laine Stump <laine@laine.org>
	Cc: Dario Faggioli <dario.faggioli@citrix.com>
	Cc: Jim Fehlig <jfehlig@suse.com>

2015-12-01  Michal Privoznik  <mprivozn@redhat.com>

	log_manager: Include configmake.h last
	The problem is that in some mingw header DATADIR is used but
	gnulib defines it too. This leads to the following compile error:

	  CC       locking/libvirt_driver_la-lock_manager.lo
	In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/objbase.h:66:0,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/ole2.h:17,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/wtypes.h:12,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/winscard.h:10,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/windows.h:97,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:23,
	                 from ../gnulib/lib/unistd.h:48,
	                 from ../../src/util/virutil.h:29,
	                 from ../../src/logging/log_manager.c:30:
	/usr/i686-w64-mingw32/sys-root/mingw/include/objidl.h:12275:2: error: expected identifier or '(' before string constant
	 } DATADIR;
	  ^
	Makefile:7888: recipe for target 'logging/libvirt_driver_la-log_manager.lo' failed

	The fix is to include configmake.h at the end of includes.

2015-12-01  Michal Privoznik  <mprivozn@redhat.com>

	tests: Run virnetdaemontest iff WITH_YAJL
	The test itself and daemon require a JSON parsing library. If not
	present, skip the test.

2015-12-01  Martin Kletzander  <mkletzan@redhat.com>

	admin: Distribute libvirt-admin.conf
	Commit 48cd3dfa668e5033b02dd029c2e6de558a3c4583 introduced configuration
	file for libvirt-admin but forgot to distribute it.  Also the change
	made to libvirt.conf in commit dbecb87f94e8f1591e3c471b34ae48a7203c9cb3
	should've been removed thanks to introduction of separate config file.

2015-12-01  Martin Kletzander  <mkletzan@redhat.com>

	admin: Rename virAdmConnect to virAdmDaemon
	virAdmConnect was named after virConnect, but after some discussions,
	most of the APIs called will be working with remote daemon and starting
	them virAdmDaemon will make more sense.  Only possibly controversal name
	is CloseCallback (de)registration, and connecting to the daemon (which
	will still be Open/Close), but even this makes sense if one thinks about
	the daemon being opened and closed, e.g. as file, etc.

	This way all the APIs working with the daemon will start with
	virAdmDaemon prefix, they will accept virAdmDaemonPtr as first parameter
	and that will better suit with other namings as well (virDomain*,
	virAdmServer*, etc.).

	Because in virt-admin, the connection name does not refer to a struct
	that would have a connect in its name, also adjust 'connname' in
	clients.  And because it is not used anywhere in the vsh code, move it
	from there into each client.

2015-12-01  Martin Kletzander  <mkletzan@redhat.com>

	spec: Temporarily disable new admin-related files
	The virt-admin binary and its man page should not yet be distributed,
	but we need libvirt-common.h.  RPM build fails without specifying these.

	admin: Include admin_remote.c in the dist package
	Otherwise all builds from the package will fail.

2015-11-30  Wang Yufei  <james.wangyufei@huawei.com>

	qemu_agent: fix deadlock in qemuProcessHandleAgentEOF
	If VM A is shutdown a by qemu agent at appoximately the same time
	an agent EOF of VM A happened, there's a chance that deadlock may occur:

	qemuProcessHandleAgentEOF in main thread
	A)  priv->agent = NULL; //A happened before B

	    //deadlock when we get agent lock which's held by worker thread
	    qemuAgentClose(agent);

	qemuDomainObjExitAgent called by qemuDomainShutdownFlags in worker thread
	B)  hasRefs = virObjectUnref(priv->agent); // priv->agent is NULL,
	                                           // return false
	    if (hasRefs)
	        virObjectUnlock(priv->agent); //agent lock will not be released here

	In order to resolve, during EOF close the agent first, then set priv->agent
	to NULL to fix the deadlock.

	This essentially reverts commit id '1020a504'. It's also of note that commit
	id '362d0477' notes a possible/rare deadlock similar to what was seen in
	the monitor in commit id '25f582e3'. However, it seems interceding changes
	including commit id 'd960d06f' should remove the deadlock issue.

	With this change, if EOF is called:

	    Get VM lock
	    Check if !priv->agent || priv->beingDestroyed, then unlock VM
	    Call qemuAgentClose
	    Unlock VM

	When qemuAgentClose is called
	    Get Agent lock
	    If Agent->fd open, close it
	    Unlock Agent
	    Unref Agent

	qemuDomainObjEnterAgent
	    Enter with VM lock
	    Get Agent lock
	    Increase Agent refcnt
	    Unlock VM

	After running agent command, calling qemuDomainObjExitAgent
	    Enter with Agent lock
	    Unref Agent
	    If not last reference, unlock Agent
	    Get VM lock

	If we were in the middle of an EnterAgent, call Agent command, and
	ExitAgent sequence and the EOF code is triggered, then the EOF code
	can get the VM lock, make it's checks against !priv->agent ||
	priv->beingDestroyed, and call qemuAgentClose. The CloseAgent
	would wait to get agent lock. The other thread then will eventually
	call ExitAgent, release the Agent lock and unref the Agent. Once
	ExitAgent releases the Agent lock, AgentClose will get the Agent
	Agent lock, close the fd, unlock the agent, and unref the agent.
	The final unref would cause deletion of the agent.

	Reviewed-by: Ren Guannan <renguannan@huawei.com>

2015-11-30  Martin Kletzander  <mkletzan@redhat.com>

	build: Create needed folders without dependency tracking
	The parameter --disable-dependency-tracking is supposed to speed up
	one-time build due to the fact that it disables some dependency
	extractors that, apparently, take longer time to execute.  That is a
	problem for code that is generated into builddir (especially some
	specific subdirectory) because the directory it should be installed to
	does not exists in VPATH and without the dependency tracking is not
	created.  Generating such file hence fails with -ENOENT.  In order to
	keep generating files into builddir instead of srcdir, we must create
	the directory ourselves.  This should finally fix the problem that is
	being fixed multiple times since its introduction in commit a9fe62037214
	and let us continue with cleaning those parts of Makefiles that depend
	on generating files into the srcdir rather than builddir as it should
	be.

	include: Install libvirt-common.h
	Otherwise nobody will be able to include libvirt.h.

	util: Avoid variable named 'truncate' shadowing global declaration

2015-11-30  Wei Jiangang  <weijg.fnst@cn.fujitsu.com>

	tools: fix output of list with state-shutoff
	Due to the default of flags is VIR_CONNECT_LIST_DOMAINS_ACTIVE,
	It doesn't show the domains that have been shutdown when we use
	'virsh list' with only --state-shutoff.

2015-11-30  Michal Privoznik  <mprivozn@redhat.com>

	conf: Split virDomainObjList into a separate file
	Our domain_conf.* files are big enough. Not only they contain XML
	parsing code, but they served as a storage of all functions whose
	name is virDomain prefixed. This is just wrong as it gathers not
	related functions (and modules) into one big file which is then
	harder to maintain. Split virDomainObjList module into a separate
	file called virdomainobjlist.[ch].

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: build command line for virtio-input-host device
	<input type='passthrough' bus='virtio'>
	  <source evdev='/dev/input/event1234'/>
	</input>

	results in:

	-device virtio-input-host-pci,id=input0,evdev=/dev/input/event1234

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: add passed-through input devs to cgroup ACL
	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	security: label the evdev for input device passthrough
	Add functions for setting and restoring the label of input devices
	to DAC and SELinux drivers.

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	conf: add XML for input device passthrough
	Add xml for the new virtio-input-host-pci device:
	<input type='passthrough' bus='virtio'>
	  <source evdev='/dev/input/event1234'/>
	</input>

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: add capability for virtio-input-host-device
	Add QEMU_CAPS_VIRTIO_INPUT_HOST for both
	virtio-input-host-device and virtio-input-host-pci.

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: build command line for virtio input devices
	Add support for these qemu devices:
	virtio-mouse-{pci,device}
	virtio-keyboard-{pci,device}
	virtio-tablet-{pci,device}

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	conf: parse and format virtio input bus in domain XML
	To be used by the family of virtio input devices:

	<input type='mouse' bus='virtio'/>
	<input type='tablet' bus='virtio'/>
	<input type='keyboard' bus='virtio'/>

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Ján Tomko  <jtomko@redhat.com>

	qemu: add capabilities for virtio input devices
	Add capabilities for virtio-keyboard, virtio-mouse
	and virtio-tablet devices:

	name "virtio-keyboard-device", bus virtio-bus
	name "virtio-keyboard-pci", bus PCI
	name "virtio-mouse-device", bus virtio-bus
	name "virtio-mouse-pci", bus PCI
	name "virtio-tablet-device", bus virtio-bus
	name "virtio-tablet-pci", bus PCI

	Map both -device and -pci versions of the device to one capability.

	https://bugzilla.redhat.com/show_bug.cgi?id=1231114

2015-11-30  Pavel Hrdina  <phrdina@redhat.com>

	virlogd: fix crash if log file exists and it's larger the maxlen
	If for some reason there is an existing log file, that is larger then
	max length of log file, we need to rollover that file immediately.
	Trying to figure out how much data we could write will resolve in
	overflow of unsigned variable 'towrite' and this leads to segfault.

2015-11-30  Erik Skultety  <eskultet@redhat.com>

	virt-admin: Provide a man page for virt-admin

	admin: Introduce virAdmConnectGetLibVersion
	Introduce a new API to get libvirt version. It is worth noting, that
	libvirt-admin and libvirt share the same version number. Unfortunately,
	our existing API isn't generic enough to be used with virAdmConnectPtr
	as well. Also this patch wires up this API to the virt-admin client
	as a generic cmdVersion command.

	admin: Add support for connection close callbacks
	As we need a client disconnect handler, we also need a mechanism to register
	such handlers for a client. This patch introduced both the close callbacks and
	also the client vshAdmCatchDisconnect handler to be registered with it. By
	registering the handler we still need to make sure the client can react to
	daemon's events like disconnect or keepalive, so asynchronous I/O event polling
	is necessary to be enabled too.

	admin: Add support for URI aliases
	Now that we introduced URI support in libvirt-admin, we should also support URI
	aliases during connection establishment phase. After applying this patch,
	virAdmConnectOpen will also support VIR_CONNECT_NO_ALIASES flag.

	livirt: Move URI alias matching to util
	As we need to provide support for URI aliases in libvirt-admin as well, URI
	alias matching needs to be internally visible. Since
	virConnectOpenResolveURIAlias does have a compatible signature, it could be
	easily reused by libvirt-admin. This patch moves URI alias matching to util,
	renaming it accordingly.

	admin: Add URI support and introduce virAdmGetDefaultURI
	Since virt-admin should be able to connect to various admin servers
	on hosted different daemons, we need to provide URI support to
	libvirt-admin.

	admin: Do not generate remoteAdminConnect{Open,Close}
	As we plan to add more and more logic to remote connecting methods,
	these cannot be generated from admin_protocol.x anymore. Instead,
	this patch implements these to methods explicitly.

	admin: Move remote admin API version to a separate module
	By moving the remote version into a separate module, we gain a slightly
	better maintainability in the long run than just by leaving it in one
	place with the existing libvirt-admin library which can start getting
	pretty messy later on.

	admin: Introduce virAdmConnectIsAlive
	Since most of our APIs rely on an acive functional connection to a daemon and
	we have such a mechanism in libvirt already, there's need to have such a way in
	libvirt-admin as well. By introducing a new public API, this patch provides
	support to check for an active connection.

	virt-admin: Introduce first working skeleton
	This patch introduces virt-admin client which is based on virsh client,
	but had to reimplement several methods to meet virt-admin specific needs
	or remove unnecessary virsh specific logic.

	admin: introduce virAdmGetVersion
	Unfortunately, client side version retrieval API virGetVersion uses
	one-time initialization (due to the fact we might not have initialized the
	library by calling connect prior to this) which is not completely compatible
	with admin initialization. This API is rather simplistic and reimplementing
	it for admin might be the preferred method of reusing it. Note that even though
	the method will be reimplemented, the version number is still the same for both
	the libvirt and libvirt-admin library.

	libvirt: Move config getters to util
	virConnectGetConfig and virConnectGetConfigPath were static libvirt
	methods, merely because there hasn't been any need for having them
	internally exported yet. Since libvirt-admin also needs to reference
	its config file, 'xGetConfig' should be exported.
	Besides moving, this patch also renames the methods accordingly,
	as they are libvirt config specific.

	admin: Introduce libvirt-admin.conf
	Since libvirt-admin is a separate library, it should also have a separate
	config file. Available settings are currently the same as for libvirt.conf.

	libvirt: introduce libvirt/libvirt-common.h.in
	As it turned out, we need to share some enums and declarations between
	libvirt.h and libvirt-admin.h, but since our policy forbids direct includes of
	libvirt*.h, there has to be some header exempt from this rule. This patch moves
	the relevant part of code from libvirt.h.in to libvirt-common.h.in. Moreover,
	since there is no need to have libvirt.h generated anymore, introduce a new
	header libvirt.h which was previosly ignored from git and make the common
	header ignored and generated instead.

2015-11-27  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: add virtio-gpu virgl support
	Check if virtio-gpu provides virgl option, and add qemu command line
	formatter.

	It is enabled with the existing accel3d attribute:
	<model type='virtio' heads='1'>
	 <acceleration accel3d='yes'/>
	</model>

2015-11-27  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: add virtio video device
	qemu 2.5 provides virtio video device.  It can be used with -device
	virtio-vga for primary devices, or -device virtio-gpu for non-vga
	devices. However, only the primary device (VGA) is supported with this
	patch.

	Reference:
	https://bugzilla.redhat.com/show_bug.cgi?id=1195176

2015-11-27  Marc-André Lureau  <marcandre.lureau@gmail.com>

	domain: replace bool accel{2d, 3d} with a tristate
	Allowing to have the extra undefined/default state.

	Replace support{2d,3d} with accel{2d,3d}
	Following the domain XML naming

2015-11-27  Martin Kletzander  <mkletzan@redhat.com>

	systemd: Escape only needed characters for machined
	Machine name escaping follows the same rules as serice name escape,
	except that '.' and '-' must not be escaped in machine names, due
	to a bug in systemd-machined.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846

2015-11-27  Martin Kletzander  <mkletzan@redhat.com>

	virtlogd: Fix build without DBus
	The rule for virrotatingfiletest was defined in DBUS-only block even
	though the test does not use DBus at all.  Also DBUS_CFLAGS and
	DBUS_LIBS are removed from the rules.  The original error was:

	/usr/lib/gcc/x86_64-pc-linux-gnu/5.2.0/../../../../lib64/Scrt1.o: In
	function `_start':
	(.text+0x20): undefined reference to `main'

2015-11-27  Daniel P. Berrange  <berrange@redhat.com>

	logging: remove reference to non-existent augeas files
	The libvirt_logd.aug and test_libvirt_logd.aug.in files
	have never existed so shouldn't be in EXTRA_DIST. It was
	a copy+paste mistake when closing virtlogd from virtlockd

	logging: avoid variables called 'daemon' due to function clash
	With some versions of GLibC / GCC, a variable called 'daemon'
	will result in a warning about clashing with the function also
	named 'daemon'. Rename it to 'dmn' to avoid the clash.

2015-11-26  Guido Günther  <agx@sigxcpu.org>

	virtlogd: use %llu to print 64bit types
	Otherwise we fail on 32bit with:

	CC     logging/virtlogd-log_daemon_dispatch.o
	logging/log_daemon_dispatch.c: In function 'virLogManagerProtocolDispatchDomainReadLogFile':
	logging/log_daemon_dispatch.c:120:9: error: format '%zu' expects argument of type 'size_t', but argument 7 has type 'uint64_t' [-Werror=format]

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	virtlockd: fix misc memory leaks and other bugs
	Fix memory leaks, failure to restore umask and missing man
	page docs.

	logging: inhibit virtlogd shutdown while log files are open
	The virtlogd daemon is launched with a 30 second timeout for
	unprivileged users. Unfortunately the timeout is only inhibited
	while RPC clients are connected, and they only connect for a
	short while to open the log file descriptor. We need to hold
	an inhibition for as long as the log file descriptor itself
	is open.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	qemu: add support for sending QEMU stdout/stderr to virtlogd
	Currently the QEMU stdout/stderr streams are written directly to
	a regular file (eg /var/log/libvirt/qemu/$GUEST.log). While those
	can be rotated by logrotate (using copytruncate option) this is
	not very efficient. It also leaves open a window of opportunity
	for a compromised/broken QEMU to DOS the host filesystem by
	writing lots of text to stdout/stderr.

	This makes it possible to connect the stdout/stderr file handles
	to a pipe that is provided by virtlogd. The virtlogd daemon will
	read from this pipe and write data to the log file, performing
	file rotation whenever a pre-determined size limit is reached.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	qemu: convert monitor to use qemuDomainLogContextPtr indirectly
	Currently the QEMU monitor is given an FD to the logfile. This
	won't work in the future with virtlogd, so it needs to use the
	qemuDomainLogContextPtr instead, but it shouldn't directly
	access that object either. So define a callback that the
	monitor can use for reporting errors from the log file.

	qemu: convert process stop/attach to use qemuDomainLogContextPtr
	When the qemuProcessAttach/Stop methods write a marker into
	the log file, they can use qemuDomainLogContextWrite to
	write a formatted message.

	qemu: convert qemuLogOperation to take a qemuDomainLogContextPtr
	Instead of writing directly to a log file descriptor, change
	qemuLogOperation to use qemuDomainLogContextWrite().

	qemu: change qemuDomainTaint APIs to accept qemuDomainLogContextPtr
	The qemuDomainTaint APIs currently expect to be passed a log file
	descriptor. Change them to instead use a qemuDomainLogContextPtr
	to hide the implementation details.

	qemu: convert log file creation to use qemuDomainLogContextPtr
	Convert the places which create/open log files to use the new
	qemuDomainLogContextPtr object instead.

	qemu: introduce a qemuDomainLogContext object
	Introduce a qemuDomainLogContext object to encapsulate
	handling of I/O to/from the domain log file. This will
	hide details of the log file implementation from the
	rest of the driver, making it easier to introduce
	support for virtlogd later.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	qemu: unify code for reporting errors from QEMU log files
	There are two pretty similar functions qemuProcessReadLog and
	qemuProcessReadChildErrors. Both read from the QEMU log file
	and try to strip out libvirt messages. The latter then reports
	an error, while the former lets the callers report an error.

	Re-write qemuProcessReadLog so that it uses a single read
	into a dynamically allocated buffer. Then introduce a new
	qemuProcessReportLogError that calls qemuProcessReadLog
	and reports an error.

	Convert all callers to use qemuProcessReportLogError.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	qemu: remove writing to QEMU log file for rename operation
	The rename operation only works on inactive virtual machines,
	but it none the less writes to the log file used by the QEMU
	processes. This log file is not intended to provide a general
	purpose audit trail of operations performed on VMs. The audit
	subsystem has recording of important operations. If we want
	to extend that to cover all significant public APIs that is
	a valid thing to consider, but we shouldn't arbitrarily log
	specific APIs into the QEMU log file in the meantime.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	logging: add client for virtlogd daemon
	Add the virLogManager API which allows for communication with
	the virtlogd daemon to RPC program. This provides the client
	side API to open log files for guest domains.

	The virtlogd daemon is setup to auto-spawn on first use when
	running unprivileged. For privileged usage, systemd socket
	activation is used instead.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	logging: introduce log handling protocol
	Define a new RPC protocol for the virtlogd daemon that provides
	for handling of logs. The initial RPC method defined allows a
	client to obtain a file handle to use for writing to a log
	file for a guest domain. The file handle passed back will not
	actually refer to the log file, but rather an anonymous pipe.
	The virtlogd daemon will forward I/O between them, ensuring
	file rotation happens when required.

	Initially the log setup is hardcoded to cap log files at
	128 KB, and keep 3 backups when rolling over, which gives
	a max usage of 512 KB per guest.

2015-11-26  Daniel P. Berrange  <berrange@redhat.com>

	Import stripped down virtlockd code as basis of virtlogd
	Copy the virtlockd codebase across to form the initial virlogd
	code. Simple search & replace of s/lock/log/ and gut the remote
	protocol & dispatcher. This gives us a daemon that starts up
	and listens for connections, but does nothing with them.

	util: add APIs for reading/writing from/to rotating files
	Add virRotatingFileReader and virRotatingFileWriter objects
	which allow reading & writing from/to files with automation
	rotation to N backup files when a size limit is reached. This
	is useful for guest logging when a guaranteed finite size
	limit is required. Use of external tools like logrotate is
	inadequate since it leaves the possibility for guest to DOS
	the host in between invokations of logrotate.

2015-11-26  Martin Kletzander  <mkletzan@redhat.com>

	systemd: Escape machine name for machined
	According to the documentation, CreateMachine accepts only 7bit ASCII
	characters in the machinename parameter, so let's make sure we can start
	machines with unicode names with systemd.  We already have a function
	for that, we just forgot to use it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1062943
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846

2015-11-26  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Try to keep printed XML pretty with change-media
	When adding a new media with change-media and --print-xml, let's try
	making it more readable and nice.

	Before:
	<disk type="file" device="cdrom">
	...
	      <target dev="hdb" bus="ide"/>
	      <address type="drive" controller="0" bus="0" target="0" unit="1"/>
	    <source file="/tmp/a.iso"/></disk>

	After:
	<disk type="file" device="cdrom">
	...
	      <source file="/tmp/a.iso"/>
	      <target dev="hdb" bus="ide"/>
	      <address type="drive" controller="0" bus="0" target="0" unit="1"/>
	    </disk>

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1219719

2015-11-26  Ján Tomko  <jtomko@redhat.com>

	schema: use a better regex for listen addresses
	A domain with '::' as the listen address fails to validate.

	Reuse the 'ipAddr' and 'dnsName' regexes from basictypes instead
	of reinventing them.

	https://bugzilla.redhat.com/show_bug.cgi?id=1285665

2015-11-25  Jiri Denemark  <jdenemar@redhat.com>

	Enhance documentation of virDomainDetachDevice
	Link it to virDomainDetachDeviceFlags.

	https://bugzilla.redhat.com/show_bug.cgi?id=1257280

2015-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use qemuProcessLaunch in migration Prepare phase
	Using qemuProcess{Init,Launch,FinishStartup} allows us to run
	pre-migration commands on destination before asking QEMU to wait for
	incoming migration data.

	qemu: Skip starting NBD servers for offline migration
	NBD storage migration will not work with offline migration anyway and we
	already checked that the user did not ask for it. Thus it doesn't make
	sense to keep the code after 'done' label where we jump in case of
	offline migration.

	qemu: Kill QEMU process if Prepare phase fails
	Some failure paths in qemuMigrationPrepareAny forgot to kill the just
	started QEMU process. This patch fixes this by combining 'stop' and
	'endjob' label into a new label 'stopjob'. This name was chosen to avoid
	confusion with the most common semantics of 'endjob'. Normally, 'endjob'
	is always called at the end of an API to stop the job we entered at the
	beginning. In qemuMigrationPrepareAny we only want to stop the job in
	failure path; on success we need to carry the job over to the Finish
	phase.

	qemu: Separate incoming URI generation from qemuMigrationPrepareAny

	qemu: Introduce qemuProcessFinishStartup
	Finishes starting a new domain launched by qemuProcessLaunch.

	qemu: Introduce qemuProcessLaunch
	Once qemuProcessInit was called, qemuProcessLaunch will launch a new
	QEMU process with stopped virtual CPUs.

2015-11-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce qemuProcessInit
	qemuProcessStart is going to be split in three parts: qemuProcessInit,
	qemuProcessLaunch, and qemuProcessFinish so that migration Prepare phase
	can insert additional code in the process. qemuProcessStart will be a
	small wrapper for all other callers.

	qemuProcessInit prepares the domain up to the point when priv->qemuCaps
	is initialized.

2015-11-25  Dmitry Andreev  <dandreev@virtuozzo.com>

	conf: reject multiple panic devices of same model
	Only one panic device per model is allowed.

	Allow multiple panic devices
	'model' attribute was added to a panic device but only one panic
	device is allowed. This patch changes panic device presence
	from 'optional' to 'zeroOrMore'.

2015-11-25  Dmitry Andreev  <dandreev@virtuozzo.com>

	qemu: add support for hv_crash feature as a panic device
	Panic device type used depends on 'model' attribute.

	If no model is specified then device type depends on hypervisor
	and guest arch. 'pseries' model is used for pSeries guest and
	'isa' model is used in other cases.

	XML:
	<devices>
	  <panic model='hyperv'/>
	</devices>

	QEMU command line:
	qemu -cpu <cpu_model>,hv_crash

2015-11-25  Dmitry Andreev  <dandreev@virtuozzo.com>

	tests: add tests for the new panic device attribute - 'model'

2015-11-25  Dmitry Andreev  <dandreev@virtuozzo.com>

	conf: add 'model' attribute for panic device with values isa, pseries, hyperv
	Libvirt already has two types of panic devices - pvpanic and pSeries firmware.
	This patch introduces the 'model' attribute and a new type of panic device.

	'isa' model is for ISA pvpanic device.
	'pseries' model is a default value for pSeries guests.
	'hyperv' model is the new type. It's used for Hyper-V crash.

	Schema and docs are updated for the new attribute.

2015-11-25  Dmitry Andreev  <dandreev@virtuozzo.com>

	conf: refactor code for checking ABI stability of panic device

2015-11-25  Guido Günther  <agx@sigxcpu.org>

	apparmor: add missing qemu binaries
	This adds the qemu binaries as of 1.2.4 in Debian. It also removes a
	duplicate sparc64 entry.

2015-11-24  Laine Stump  <laine@laine.org>

	nodedev: report maxCount for virtual_functions capability
	A PCI device may have the capability to setup virtual functions (VFs)
	but have them currently all disabled. Prior to this patch, if that was
	the case the the node device XML for the device wouldn't report any
	virtual_functions capability.

	With this patch, if a file called "sriov_totalvfs" is found in the
	device's sysfs directory, its contents will be interpreted as a
	decimal number, and that value will be reported as "maxCount" in a
	capability element of the device's XML, e.g.:

	   <capability type='virtual_functions' maxCount='7'/>

	This will be reported regardless of whether or not any VFs are
	currently enabled for the device.

	NB: sriov_numvfs (the number of VFs currently active) is also
	available in sysfs, but that value is implied by the number of items
	in the list that is inside the capability element, so there is no
	reason to explicitly provide it as an attribute.

	sriov_totalvfs and sriov_numvfs are available in kernels at least as far
	back as the 2.6.32 that is in RHEL6.7, but in the case that they
	simply aren't there, libvirt will behave as it did prior to this patch
	- no maxCount will be displayed, and the virtual_functions capability
	will be absent from the device's XML when 0 VFs are enabled.

2015-11-24  Laine Stump  <laine@laine.org>

	conf: support reporting maxCount attribute for virtual_functions cap
	Report the maximum possible number of VFs for an SRIOV PF, like this:

	   <capability type='virtual_functions' maxCount='7'>
	      ...
	   </capability>

	I've just discovered that the virtual_functions and physical_functions
	capabilities are not supported in the virNodeDeviceParse functions,
	only in virNodeDeviceFormat (I suppose because they are only reported,
	not set from XML). This should probably be remedied, but is less
	immediately useful than the current patch.

2015-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Explain logic of qemuMonitorGetCPUInfo
	The return value has non-obvious semantics. Document it.

2015-11-24  Pavel Hrdina  <phrdina@redhat.com>

	Post-release version bump to 1.3.0

2015-11-24  Peter Krempa  <pkrempa@redhat.com>

	conf: Drop useless check when parsing cpu scheduler info
	The checked predicate is a deduction from the following checks:

	1) maximum cpu id is checked for every parsed <vcpusched> element
	2) the resulting bitmaps are checked for overlaps
	3) there has to be at least one cpu per <vcpusched>

	From the above checks we can indeed deduce that if we have one
	<vcpusched> element per CPU we will have at most 'maxvcpus' of them.

	Drop the explicit check since it's redundant.

2015-11-24  Ján Tomko  <jtomko@redhat.com>

	qemu: pass the asyncJob to qemuProcessStartCPUs
	Now that new domains are started inside a QEMU_ASYNC_JOB_START job,
	we need to pass it down to qemuProcessStartCPUs too.

	This removes the warning:
	qemuDomainObjEnterMonitorInternal:1750 : This thread seems to be the
	async job owner; entering monitor without asking for a nested job is
	dangerous

	Introduced by commit 04c721f, before that this code path was only
	executed with QEMU_ASYNC_JOB_NONE.

	(This code is not executed on migration, because qemuMigrationPrepareAny
	 sets the VIR_QEMU_PROCESS_START_PAUSED flag.)

2015-11-24  Peter Krempa  <pkrempa@redhat.com>

	xenapi: Refactor extraction of vcpu count
	To simplify further refactors change the way the vcpu count is extracted
	to use a temp variable rather than juggling with def->maxvcpus.

	phyp: Refactor extraction of vcpu count
	To simplify further refactors change the way the vcpu count is extracted
	to use a temp variable rather than juggling with def.maxvcpus.

	openvz: Refactor extraction of vcpu count
	To simplify further refactors change the way the vcpu count is extracted
	to use a temp variable rather than juggling with def->maxvcpus.

	hyperv: Allocate 'def' via virDomainDefNew
	Use the helper that is necessary to fill out some values rather than
	allocating it directly.

2015-11-24  Christian Loehle  <cloehle@linutronix.de>

	document virCommandRunRegex function

2015-11-23  Ján Tomko  <jtomko@redhat.com>

	qemuSetupChrSourceCgroup: rename dev to source
	We do not have a pointer to the device here, just its source.

2015-11-23  Ján Tomko  <jtomko@redhat.com>

	Simplify qemuSetupChrSourceCgroup and its callers
	The domain definition is not needed in any of these functions.
	Only pass it to qemuSetupChardevCgroup, which is used as a callback
	for virDomainChrDefForeach.

	Use the right type for passing virDomainObjPtr instead of
	void* where possible.

2015-11-23  Ján Tomko  <jtomko@redhat.com>

	rename qemuSetupHostdevCGroup to qemuSetupHostdevCgroup
	Change CGroup to Cgroup to match other functions in the file.

2015-11-23  Guido Günther  <agx@sigxcpu.org>

	qemu: handle more machines with a single builtin IDE controller
	like I440FX by moving the condition into qemuDomainMachineHasBuiltinIDE
	and adding more machines.

	Reference: http://bugs.debian.org/805189

2015-11-20  John Ferlan  <jferlan@redhat.com>

	storage: Change virStorageBackendVolOpen to use virFileOpenAs
	https://bugzilla.redhat.com/show_bug.cgi?id=1282288

	Rather than using just open on the path, allow for the possibility that
	the path to be opened resides on an NFS root-squash target and was created
	under a different uid/gid.

	Without using virFileOpenAs an attempt to get the volume size data may fail
	if the current user doesn't have permissions to read the volume, such as
	would be the case if mode wasn't supplied in the volume XML and the default
	VIR_STORAGE_DEFAULT_VOL_PERM_MODE (e.g. 0600) was used. Under this scenario
	the owner/group is not root:root, thus this path run under root would fail
	to open/read the volume.

	NB: The virFileOpenAs code using OPEN_FORK will only work when the failure
	is not EACESS/EPERM and the path resolves to a shared file system.

2015-11-20  John Ferlan  <jferlan@redhat.com>

	storage: Really fix setting mode for backend exec in NFS root-squash env
	https://bugzilla.redhat.com/show_bug.cgi?id=1282288

	Although commit id '77346f27' resolves part of the problem regarding creating
	a qemu-img image in an NFS root-squash environment, it really didn't fix the
	entire problem. Unfortunately it only masked the problem. It seems qemu-img
	must open/create the image using 0644, which if used by target.perms would
	result in the chmod not being called since the mode desired and set match.

	Although qemu-img could conceivably ignore the mode when creating, libvirt
	has more knowledge of the environment and can make the adjustment to the
	mode far more easily by using virFileOpenAs with VIR_FILE_OPEN_FORCE_MODE.
	If that's successful, then we know on return the file will have the right
	owner and mode, so we can declare success

2015-11-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Always set locked memory limit for ppc64 domains
	Unlike other architectures, ppc64 domains need to lock memory
	even when VFIO is not used.

	Change qemuDomainRequiresMlock() to reflect this fact.

2015-11-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Add ppc64-specific math to qemuDomainGetMlockLimitBytes()
	The amount of memory a ppc64 domain might need to lock is different
	than that of a equally-sized x86 domain, so we need to check the
	domain's architecture and act accordingly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1273480

2015-11-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use qemuDomainRequiresMlock() when attaching PCI hostdev
	The function is used everywhere else to check whether the locked
	memory limit should be set / updated, and it should be used here
	as well.

	Moreover, qemuDomainGetMlockLimitBytes() expects the hostdev to
	have already been added to the domain definition, but we only do
	that at the end of qemuDomainAttachHostPCIDevice(). Work around
	the issue by adding the hostdev before adjusting the locked memory
	limit and removing it immediately afterwards.

2015-11-20  Andrea Bolognani  <abologna@redhat.com>

	qemu: Use qemuDomainRequiresMlock() in qemuBuildCommandLine()
	This removes a duplication of the logic used to decide whether
	the memory locking limit should be set.

	process: Log when limiting the amount of locked memory
	This can be useful for debugging.

2015-11-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: don't unlock virDomainObj if refcnt is 0
	Commit 6472e54a unlocks the virDomainObj even if libxlDomainObjEndJob
	returns false, indicating that its refcnt has dropped to 0.

	libxl: unref libxlDriverConfig object
	Commits b6e19cf4 and 6472e54a missed unref'ing the
	libxlDriverConfig object. Add missing calls to virObjectUnref.

2015-11-19  John Ferlan  <jferlan@redhat.com>

	qemu: Fix build error in Coverity environment
	Commit id '08600de37' changed the prototype to reduce an argument, but
	didn't adjust the ATTRIBUTE_NONNULL(11) to (10)

2015-11-19  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: implementation of domainReboot callback
	Diff from v1.
	1. Add virCheckFlags() call in vzDomainReboot

	vz: allow only en-us keymap for VNC
	In virtuozzo we support only en-us keymap for VMs and containers.
	If keymap is specified than check that it's en-us, otherwise
	show error message.

2015-11-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Close logfd when closing monitor
	Remembering to call qemuMonitorSetDomainLog in the right paths before
	calling qemuProcessStop is annoying and easy to forget. And I already
	forgot to do so in commit v1.2.8-52-g0389060: logfd may be leaked if
	QEMU process dies between Prepare and Finish migration phases.

	qemu: Do not infer flags from other qemuProcessStart arguments
	Every caller setting migrateFrom already sets
	VIR_QEMU_PROCESS_START_PAUSED flag anyway.

	qemu: Introduce qemuProcessMakeDir
	qemuProcessMakeDir is used for creating a per-domain directory in a
	given parent directory.

	qemu: Separate balloon code from qemuProcessStart
	qemuProcessStart is so big that any nontrivial code should be moved to
	dedicated functions to make the code easier to read and maintain.

	qemu: Enter monitor within qemuProcessSetLinkStates
	Move {Enter,Exit}Monitor calls inside qemuProcessSetLinkStates to
	simplify qemuProcessStart.

	qemu: Separate raw IO code from qemuProcessStart
	qemuProcessStart is so big that any nontrivial code should be moved to
	dedicated functions to make the code easier to read and maintain.

	qemu: Separate graphics handling code from qemuProcessStart
	qemuProcessStart is so big that any nontrivial code should be moved to
	dedicated functions to make the code easier to read and maintain.

	qemu: Separate hook handling code from qemuProcessStart
	qemuProcessStart is so big that any nontrivial code should be moved to
	dedicated functions to make the code easier to read and maintain.

	qemu: Rename stdin_{fd,path} in qemuProcessStart

2015-11-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use -incoming defer for migrations
	Traditionally, we pass incoming migration URI on QEMU command line,
	which has some drawbacks. Depending on the URI QEMU may initialize its
	migration state immediately without giving us a chance to set any
	additional migration parameters (this applies mainly for fd: URIs). For
	some URIs the monitor may be completely blocked from the beginning until
	migration is finished, which means we may be stuck in qmp_capabilities
	command without being able to send any QMP commands.

	QEMU solved this by introducing "defer" parameter for -incoming command
	line option. This will tell QEMU to prepare for an incoming migration
	while the actual incoming URI is sent using migrate-incoming QMP
	command. Before calling this command we can normally talk to the
	monitor and even set any migration parameters which will be honored by
	the incoming migration.

2015-11-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add APIs for migrate-incoming QMP command

	qemu: Always set async job when starting a domain
	We only started an async job for incoming migration from another host.
	When we were starting a domain from scratch or restoring from a saved
	state (migration from file) we didn't set any async job. Let's introduce
	a new QEMU_ASYNC_JOB_START for these cases.

	qemu: Introduce qemuProcessIncomingDef
	Incoming migration may require quite a few parameters (URI, fd, path) to
	be considered while starting QEMU and we will soon add another one.
	Let's group all of them in a single struct.

	qemu: Move incoming URI code to qemu_migration

	qemu: Don't generate migration URI in qemuBuildCommandLine
	Make callers of qemuBuildCommandLine responsible for providing the URI
	which should be passed as a parameter for -incoming.

	qemu: Refactor the code to build -incoming command line
	Move the code from qemuBuildCommandLine into dedicated functions.

	qemu: Refactor waiting for completed migration on destination
	Move the code from qemuMigrationFinish into a dedicated function.

2015-11-19  Cole Robinson  <crobinso@redhat.com>

	libvirt-domain: Fix typo in debug message

2015-11-18  Joao Martins  <joao.m.martins@oracle.com>

	util: add virDiskNameParse to handle disk and partition idx
	Introduce a new helper function "virDiskNameParse" which extends
	virDiskNameToIndex but handling both disk index and partition index.
	Also rework virDiskNameToIndex to be based on virDiskNameParse.
	A test is also added for this function testing both valid and
	invalid disk names.

2015-11-18  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainMemorystats
	Introduce support for domainMemoryStats API call, which
	consequently enables the use of `virsh dommemstat` command to
	query for memory statistics of a domain. We support
	the following statistics: balloon info, available and currently
	in use. swap-in, swap-out, major-faults, minor-faults require
	cooperation of the guest and thus currently not supported.

	We build on the data returned from libxl_domain_info and deliver
	it in the virDomainMemoryStat format.

2015-11-18  Richard Weinberger  <richard@nod.at>

	virSetUIDGID: Don't leak supplementary groups
	The LXC driver uses virSetUIDGID() to become UID/GID 0.
	It passes an empty groups list to virSetUIDGID()
	to get rid of all supplementary groups from the host side.
	But virSetUIDGID() calls setgroups() only if the supplied list
	is larger than 0.
	This leads to a container root with unrelated supplementary groups.
	In most cases this issue is unoticed as libvirtd runs as UID/GID 0
	without any supplementary groups.

	lxc: Bind mount container TTYs
	Instead of creating symlinks, bind mount the devices to
	/dev/pts/XY.
	Using bind mounts it is no longer needed to add pts devices
	to files like /etc/securetty.

2015-11-18  Richard Weinberger  <richard@nod.at>

	lxc: Don't make container's TTY a controlling TTY
	Userspace does not expect that the initial console
	is a controlling TTY. systemd can deal with that, others not.
	On sysv init distros getty will fail to spawn a controlling on
	/dev/console or /dev/tty1. Which will cause to whole container
	to reboot upon ctrl-c.

	This patch changes the behavior of libvirt to match the kernel
	behavior where the initial TTY is also not controlling.

	The only user visible change should be that a container with
	bash as PID 1 would complain. But this matches exactly the kernel
	be behavior with init=/bin/bash.
	To get a controlling TTY for bash just run "setsid /bin/bash".

2015-11-18  Michal Privoznik  <mprivozn@redhat.com>

	locking: Add io_timeout to sanlock
	https://bugzilla.redhat.com/show_bug.cgi?id=1251190

	So, if domain loses access to storage, sanlock tries to kill it
	after some timeout. So far, the default is 80 seconds. But for
	some scenarios this might not be enough. We should allow users to
	adjust the timeout according to their needs.

2015-11-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: ppc64: Support memory hotplug without NUMA enabled
	ppc64 guests don't require adding a NUMA node for hotplug memory to
	work. Lift the requirement and add test cases.

	qemu: command: Prepare memory device def formatter for missing target node
	Prepare the command line generator for the possibility that in some
	configurations the target NUMA node info will be missing.

	conf: Prepare making memory device target node optional
	Adjust the config code so that it does not enforce that target memory
	node is specified. To avoid breakage, adjust the qemu memory hotplug
	config checker to disallow such config for now.

	qemu: command: Move dimm device checks from formatter to checker
	Aggregate the checks of the dimm device into the verification function
	rather than having them in the formatter.

	qemu: domain: Add common function to perform memory hotplug checks
	Add a function that will aggregate various checks related to memory
	hotplug so that they aren't scattered accross various parts of the
	code.

2015-11-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Always execute memory device formatter
	Since we already make sure before that the domain configuration is
	valid we may execute it always at the cost of doing 0 iterations of the
	for loop.

	This patch will simplify later refactor as it will avoid whitespace
	changes.

2015-11-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Make qemuBuildMemoryBackendStr usable without NUMA
	Make the function usable so that -1 can be passed to it as cell ID so
	that we can later enable memory hotplug on non-NUMA guests for certain
	architectures.

2015-11-18  Guido Günther  <agx@sigxcpu.org>

	libvirt-guests: Disable shutdown timeout
	Since we can't know at service start how many VMs will be running we
	can't calculate an apropriate shutdown timeout. So instead of killing
	off the service just let it use it's own internal timeout mechanism.

	References:
	    http://bugs.debian.org/803714
	    https://bugzilla.redhat.com/show_bug.cgi?id=1195544

2015-11-18  Stefan Berger  <stefanb@us.ibm.com>

	tpm: adapt sysfs cancel path for new TPM driver
	This patch addresses BZ 1244895.

	Adapt the sysfs TPM command cancel path for the TPM driver that
	does not use a miscdevice anymore since Linux 4.0. Support old
	and new paths and check their availability.

	Add a mockup for the test cases to avoid the testing for
	availability of the cancel path.

2015-11-17  Joao Martins  <joao.m.martins@oracle.com>

	libxl: implement virDomainGetCPUStats
	Introduce support for domainGetCPUStats API call and consequently
	allow us to use `virsh cpu-stats`. The latter returns a more brief
	output than the one provided by`virsh vcpuinfo`.

2015-11-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: monitor: do not override domain's privateData
	Current monitor code overrides domain object's privateData, e.g.
	in virBhyveProcessStart():

	  vm->privateData = bhyveMonitorOpen(vm, driver);

	where bhyveMonitorPtr() returns bhyveMonitorPtr.

	This is not right thing to do, so make bhyveMonitorPtr
	a part of the bhyveDomainObjPrivate struct and change related code
	accordingly.

2015-11-16  Andrea Bolognani  <abologna@redhat.com>

	syntax-check: Add prohibit_space_in_label rule
	This guards against code such as

	 cleanup :

	which is happily accepted by the compiler but does not conform
	to our style guidelines.

2015-11-16  Chen Hanxiao  <chenhanxiao@gmail.com>

	util: remove unnecessary needSize
	Use toadd->use directly.

2015-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Don't assume storage pool exists for FC/SCSI refresh thread
	https://bugzilla.redhat.com/show_bug.cgi?id=1277781

	The virStoragePoolFCRefreshThread had passed a pointer to the pool obj
	in the virStoragePoolFCRefreshInfoPtr; however, we cannot assume that
	the pool exists still since we don't keep the pool lock throughout
	the duration of the thread.

	Therefore, instead of passing the pool obj pointer, pass the UUID of
	the pool and perform a lookup.  If found, then we can perform the
	refresh using the locked pool obj pointer; otherwise, we just exit
	the thread since the pool is now gone.

2015-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolObjFindPoolByUUID
	Add a new API to search the currently defined pool list for a pool with
	a matching UUID and return the locked pool object pointer.

	storage: Change cbdata scsi refresh thread field name
	Change the field name from 'name' to 'fchost_name' to better id it.

	storage: Make active boolean
	Since we treat it like a boolean, let's store it that way. At least one
	path had already treated as true/false anyway.

2015-11-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Explain mlock limit size more in detail
	Based on Alex's explanation [1] in the recent discussion let's update
	the comment explaining the memory lock limit calculation.

	[1]
	http://www.redhat.com/archives/libvir-list/2015-November/msg00329.html

2015-11-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Restructurate control flow in qemuDomainGetMlockLimitBytes
	Break early when hard limit is set so that it's not intermixed by other
	logic for determining the limit.

2015-11-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix job entry debug message
	Logging current async job while in BeginJob is useful, but the async job
	we want to start is even more interesting.

	tests: Add QEMU 2.4.0 capabilities

	tests: Remove qemuxmlnstest
	It's just a copy&paste of qemuxml2argv test anyway. We can test most of
	them (except for qemuxmlns-qemu-ns-domain.xml which fails to validate
	against our schema) by qemuxml2argv test.

	qemu: Fix style in qemuProcessStart

	security: Cleanup DAC driver
	Fixes several style issues and removes "DEF" (what is it supposed to
	mean anyway?) from debug messages.

2015-11-11  Pavel Hrdina  <phrdina@redhat.com>

	domain-conf: reorder usb controllers so the master is first
	USB controllers can share the same 'index' which indicates, that there
	is some sort of master-companion relationship.  Reorder the controllers
	in XML in to place the master controller before its companions.  This is
	required by QEMU to not fail with error message:

	error: internal error: process exited while connecting to monitor:
	2015-10-26T16:25:17.630265Z qemu-system-x86_64:
	-device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6:
	USB bus 'usb.0' not found

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166452

2015-11-11  Pavel Hrdina  <phrdina@redhat.com>

	domain-conf: cleanup controller insert function

2015-11-11  Pavel Hrdina  <phrdina@redhat.com>

	virsh-domain: update attach-interface to support type=hostdev
	Adding this feature will allow users to easily attach a hostdev network
	interface using PCI passthrough.

	The interface can be attached using --type=hostdev and PCI address or
	as --source.  This command also allows you to tell, whether the interface
	should be managed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997561

2015-11-11  Pavel Hrdina  <phrdina@redhat.com>

	virsh.pod: improve attach-interface section
	Rewrite the attach-interface section in man page to be more readable and
	extendable.

2015-11-10  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: support cpu time in driver's domainGetInfo
	Just straight-forward patch.
	Use reference counting for privdom as stats internally could drop domain lock.

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: fix parsing of -sdl arg
	The previous commit

	  commit 4e8993a25006bc5d7c95311d430cc01d8de63564
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Mon Nov 9 16:20:08 2015 +0000

	    qemu: assume various QEMU 0.10 features are always available

	Added broken handling of -sdl. Instead of duplicating existing
	SDL handling code, just ensure it is invoked in the right
	scenarios.

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: assume various QEMU 0.10 features are always available
	The -sdl and -net ...name=XXX arguments were both introduced
	in QEMU 0.10, so the QEMU driver can assume they are always
	available.

	qemu: assume -vga is always available
	As of QEMU 0.10.0 the -vga argument was introduced, so the
	QEMU driver can assume it is always available.

	qemu: assume -drive format is always available
	As of QEMU 0.10.0 the -drive format= parameter was added,
	so the QEMU driver can assume it is always available.

	qemu: assume -drive cache always uses v2 option names
	As of QEMU 0.10.0, the -drive cache option stopped using
	the on/off value names, so the QEMU driver can assume
	use of the new value names.

	qemu: assume support for all migration protocols except rdma
	Since we require QEMU 0.12.0, we can assume that QEMU supports
	all of the fd, tcp, unix and exec migration protocols.

	qemu: assume vnet-hdr feature is always available

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: really remove last traces of Xenner support
	We have twice previously attempted to remove Xenner
	support

	  commit de9be0ab4d7abe4c3ae5beaaff7ddb208921f1f1
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Aug 22 17:29:01 2012 +0100

	    Remove xenner support

	  commit 92572c3d71bd08e6dd1897c7b14be9d27df608e9
	  Author: Ján Tomko <jtomko@redhat.com>
	  Date:   Wed Feb 18 16:33:50 2015 +0100

	    Remove code handling the QEMU_CAPS_DOMID capability

	This change really does remove the last traces of it
	in the capabilities handling code

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: assume -uuid is always available
	The -uuid arg was added in QEMU 0.10.0, so the QEMU driver can
	assume it is always available.

	qemu: assume -name is always available
	The -name arg was added in QEMU 0.9.1, so the QEMU driver can
	assume it is always available.

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: assume -drive argument is always available
	As of QEMU 0.9.1 the -drive argument can be used to configure
	all disks, so the QEMU driver can assume it is always available
	and drop support for -hda/-cdrom/etc.

	Many of the tests need updating because a great many were
	running without CAPS_DRIVE set, so using the -hda legacy
	syntax.

	Fixing the tests uncovered a bug in the argv -> xml
	convertor which failed to handle disk with if=floppy.

2015-11-10  Daniel P. Berrange  <berrange@redhat.com>

	qemu: handle floppy disk bus when parsing command line argv
	The QEMU argv -> virDomainDef conversion code was not handling
	-drive arguments using the floppy bus. This caused them to be
	added as hard disks instead.

	qemu: handle USB bus in qemuAssignDeviceDiskAliasFixed()
	The qemuAssignDeviceDiskAliasFixed() method was missing handling
	for the USB disk bus type.

	qemu: assume -no-reboot is always available
	The -no-reboot arg was added in QEMU 0.9.0, so the QEMU driver
	can now assume it is always present.

	qemu: assume 'info chardev' is always available
	As of QEMU 0.11.0 the 'info chardev' monitor command can be
	used to report on allocated chardev paths, so we can drop
	support for parsing QEMU stderr to locate the PTY paths.

	qemu: assume -vnc arg always takes a ':'
	As of QEMU 0.9.0 the -vnc option accepts a ':' to separate port
	from listen address, so the QEMU driver can assume that support
	for listen addresses is always available.

	qemu: remove all support for kQEMU
	The kQEMU accelerator was deleted in QEMU 0.12, so we no
	longer need to support it in the QEMU driver.

	qemu: mandate QEMU version 0.12.0 or newer
	Check the QEMU version and refuse to work with QEMU versions
	older than 0.12.0. This is approximately the vintage of QEMU
	that is available in RHEL-6 era distros.

2015-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Reject VFIO hotplug if setting RLIMIT_MEMLOCK fails
	Check the return value of virCommandSetMaxMemLock when hotplugging VFIO
	PCI hostdevs and reject the hotplug if the memory limit can't be set.

2015-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Fix mlock limit handling on memory hotplug
	If mlock is required either due to use of VFIO hostdevs or due to the
	fact that it's enabled it needs to be tweaked prior to adding new memory
	or after removing a module. Add a helper to determine when it's
	necessary and reuse it both on hotplug and hotunplug.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1273491

2015-11-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Extract logic to determine the mlock limit size for VFIO
	New function qemuDomainGetMlockLimitBytes will now handle the
	calculation so that it unifies the logic to one place and allows later
	reuse.

	conf: Make @def const in virDomainDefGetMemoryInitial
	Keep const correctness and allow to use this function in cases where
	@def is const in the caller.

2015-11-09  Daniel P. Berrange  <berrange@redhat.com>

	tests: redo test argv file line wrapping
	Back in

	  commit bd6c46fa0cfe275c24debc1152cfc5206c04b59b
	  Author: Juerg Haefliger <juerg.haefliger@hp.com>
	  Date:   Mon Jan 31 06:42:57 2011 -0500

	    tests: handle backspace-newline pairs in test input files

	all the test argv files were line wrapped so that the args
	were less than 80 characters.

	The way the line wrapping was done turns out to be quite
	undesirable, because it often leaves multiple parameters
	on the same line. If we later need to add or remove
	individual parameters, then it leaves us having to redo
	line wrapping.

	This commit changes the line wrapping so that every
	single "-param value" is one its own new line. If the
	"value" is still too long, then we break on ',' or ':'
	or ' ' as needed.

	This means that when we come to add / remove parameters
	from the test files line, the patch diffs will only
	ever show a single line added/removed which will greatly
	simplify review work.

2015-11-06  John Ferlan  <jferlan@redhat.com>

	virnetdev: Use virNetDevSetupControl in virNetDevSendEthtoolIoctl
	Use virNetDevSetupControl instead of open coding using socket(AF_LOCAL...)
	and clearing virIfreq.

	By using virNetDevSetupControl, the socket is then opened using
	AF_PACKET which requires being privileged (effectively root) in
	order to complete successfully.  Since that's now a requirement,
	then the ioctl(SIOCETHTOOL) should not fail with EPERM, thus it
	is removed from the filtered listed of failure codes.

2015-11-06  John Ferlan  <jferlan@redhat.com>

	virnetdev: Check for root in virNetDevGetFeatures
	Since the SIOCETHTOOL ioctl only works for privileged daemons, if called
	when not root, then virNetDevGetFeatures will VIR_DEBUG a message and
	return 0 as if the functions were not available for the architecture.
	This effectively returns an empty bitmap indicating no features available.

	Introduced by commit id 'c9027d8f4'

2015-11-06  John Ferlan  <jferlan@redhat.com>

	virnetdev: Fix function comments for virNetDevGetFeatures
	In commit id 'c9027d8f4' when updating the posted patch to generate
	a bitmap instead of an array of named feature bits, adjustment of
	the args was missed

2015-11-06  John Ferlan  <jferlan@redhat.com>

	virnetdev: Document reasons for ignoring some SIOCETHTOOL errno values
	Recently reverted commit id '6f2a0198' showed a need to add extra
	comments when dealing with filtering of potential "non-issues".

	Scanning through upstream patch postings indicates early on the
	reasons for the filtering of specific ioctl failures were provided;
	however, when converted from causing an error to VIR_DEBUG's the
	reasons were missing. A future read/change of the code incorrectly
	assumed they could or should be removed.

2015-11-06  Daniel P. Berrange  <berrange@redhat.com>

	Revert "utils: Remove the logging of errors from virNetDevSendEthtoolIoctl"
	This reverts commit 6f2a0198e913c91a2ef8b99db79b7d3cc5396957.

	This commit removed error reporting from virNetDevSendEthtoolIoctl
	pushing responsibility onto the callers. This is wrong, however,
	since virNetDevSendEthtoolIoctl calls virNetDevSetupControl
	which can still report errors. So as a result virNetDevSendEthtoolIoctl
	may or may not report errors depending on which bit of it fails, and as
	a result callers now overwrite some errors.

	It also introduced a regression causing unprivileged libvirtd to
	spew error messages to the console due to inability to query the
	NIC features, an error which was previously ignored.

	virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted
	virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted
	virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted
	virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted
	virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted
	virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted
	virNetDevSetupControlFull:148 : Cannot open network interface control socket: Operation not permitted
	virNetDevFeatureAvailable:3062 : Cannot get device wlp3s0 flags: Operation not permitted

	Looking back at the original posting I see no explanation of why
	thsi refactoring was needed, so reverting the clearly broken
	error reporting logic looks like the best option.

2015-11-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Actually error out on unsupported migration flag
	The code reported that a migration flag is unsupported but didn't jump
	to the error label. Probably an oversight in commit f88af9dc that
	introduced the flag checking.

2015-11-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Properly parse memory hotplug migration flag
	Since the flag was not enabled when 'eating' the migration cookie,
	libvirt reported a bogus error when memory hotplug was enabled:

	 unsupported migration cookie feature memory-hotplug

	The error was ignored though due to a bug in the code so it slipped
	through testing.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1278404

2015-11-04  John Ferlan  <jferlan@redhat.com>

	network: Remove extraneous ATTRIBUTE_NONNULL for virNetDevWaitDadFinish
	Commit id '0f7436ca' added virNetDevWaitDadFinish using ATTRIBUTE_NONNULL
	for both arguments, although one is a non-null argument. A Coverity build
	balks at that.

2015-11-04  John Ferlan  <jferlan@redhat.com>

	virnetdev: Check correct return value for virNetDevFeatureAvailable
	Rather than "if (virNetDevFeatureAvailable(ifname, &cmd))" change the
	success criteria to "if (virNetDevFeatureAvailable(ifname, &cmd) == 1)".

	The called helper returns -1 on failure, 0 on not found, and 1 on found.
	Thus a failure was setting bits.

	Introduced by commit ac3ed20 which changed the helper's return
	values without adjusting its callers

2015-11-04  Michel Normand  <normand@linux.vnet.ibm.com>

	qemu: add /usr/lib to AC_PATH_PROG for qemu-bridge-helper
	For openSUSE the qemu-bridge-helper is installed in /usr/lib
	So libvirt has to search it in this directory.

2015-11-04  John Ferlan  <jferlan@redhat.com>

	storage: On 'buildVol' failure don't delete the volume
	https://bugzilla.redhat.com/show_bug.cgi?id=1233003

	Commit id 'fdda3760' only managed a symptom where it was possible to
	create a file in a pool without libvirt's knowledge, so it was reverted.

	The real fix is to have all the createVol API's which actually create
	a volume (disk, logical, zfs) and the buildVol API's which handle the
	real creation of some volume file (fs, rbd, sheepdog) manage deleting
	any volume which they create when there is some sort of error in
	processing the volume.

	This way the onus isn't left up to the storage_driver to determine whether
	the buildVol failure was due to some failure as a result of adjustments
	made to the volume after creation such as getting sizes, changing ownership,
	changing volume protections, etc. or simple a failure in creation.

	Without needing to consider that the volume has to be removed, the
	buildVol failure path only needs to remove the volume from the pool.
	This way if a creation failed due to duplicate name, libvirt wouldn't
	remove a volume that it didn't create in the pool target.

2015-11-04  John Ferlan  <jferlan@redhat.com>

	Revert "storage: Prior to creating a volume, refresh the pool"
	This reverts commit fdda37608a6e22406fbdfe4ac0c573a96a8d0417.

	This commit only manages a symptom of finding a buildRet failure
	where a volume was not listed in the pool, but someone created the
	volume outside of libvirt in the pool being managed by libvirt.

2015-11-04  John Ferlan  <jferlan@redhat.com>

	storage: Pull volume removal from pool in storageVolDeleteInternal
	Create a helper function to remove volume from the pool.

	storage: Cleanup failures in virStorageBackendCreateRaw
	After successfully returning from virFileOpenAs, if subsequent calls fail,
	then we need to remove the file since our caller expects that failures after
	creation will remove the created file.

	storage: Cleanup failures virStorageBackendCreateExecCommand
	After a successful qemu-img/qcow-create of the backing file, if we
	fail to stat the file, change it owner/group, or mode, then the
	cleanup path should remove the file.

2015-11-04  John Ferlan  <jferlan@redhat.com>

	storage: Fix setting mode in virStorageBackendCreateExecCommand
	Currently the code does not handle the NFS root squash environment
	properly since if the file gets created, then the subsequent chmod
	will fail in a root squash environment where we're creating a file
	in the pool with qemu tools, such as seen via:

	   $ virsh vol-create-from $pool $file.xml file.img --inputpool $pool

	assuming $file.xml is creating a file of "<format type='qcow2'"> from
	an existing file.img in the pool of "<format type='raw'>".

	This patch will utilize the virCommandSetUmask when creating the file
	in the NETFS pool. The virCommandSetUmask API was added in commit id
	'0e1a1a8c4', which was after the original code was developed in commit
	id 'e1f27784' to attempt to handle the root squash environment.

	Also, rather than blindly attempting to chmod, check to see if the
	st_mode bits from the stat match what we're trying to set and only
	make the chmod if they don't.

	Also, a slight adjustment to the fallback algorithm to move the
	virCommandSetUID/virCommandSetGID inside the if (!filecreated) since
	they're only useful if we need to attempt to create the file again.

2015-11-04  Jiri Denemark  <jdenemar@redhat.com>

	Remove new lines from log messages
	VIR_DEBUG and VIR_WARN will automatically add a new line to the message,
	having "\n" at the end or at the beginning of the message results in
	empty lines.

2015-11-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak in qemuProcessStart
	nodeset should be freed in both success and failure paths.

	While tmppath is freed immediately after it's consumed, moving it from
	error to cleanup label is a bit more consistent and robust.

2015-11-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce cleanup label in qemuProcessStart
	Remove code duplication by moving common cleanup code in a dedicated
	label.

	qemu: Rename ret variable in qemuProcessStart
	Generally, we use "ret" variable for storing the value we are going to
	return at the and of a function, but this is not the case in
	qemuProcessStart. Let's rename "ret" as "rv".

	qemu: Rename cleanup label in qemuProcessStart
	Current "cleanup" label is only used in error path, thus it should
	rather be called "error".

	qemu: Use correct type when calling qemuPrepareNVRAM
	qemuProcessStart was passing char * migrateFrom as the third argument to
	qemuPrepareNVRAM. We should explicitly convert the pointer to bool which
	is what the function expects.

	Post-release version bump to 1.2.22

2015-11-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.21
	* docs/news.html.in libvirt.spec.in: Updated for the release
	* po/*.po*: regenerated

2015-10-29  Laine Stump  <laine@laine.org>

	util: set max wait for IPv6 DAD to 20 seconds
	This was originally set to 5 seconds, but times of 5.5 to 7 seconds
	were experienced. Since it's an arbitrary number intended to prevent
	an infinite hang, having it a bit too high won't hurt anything, and 20
	seconds looks to be adequate (i.e. I think/hope we don't need to make
	it tunable in libvirtd.conf)

2015-10-29  Luyao Huang  <lhuang@redhat.com>

	util: set error if DAD is not finished
	If DAD not finished in 5 seconds, user will get an
	unknown error like this:

	 # virsh net-start ipv6
	 error: Failed to start network ipv6
	 error: An error occurred, but the cause is unknown

	Call virReportError to set an error.

2015-10-29  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Install to generic plugin directory
	There has been a report on the list [1] that we are not
	installing the wireshark dissector into the correct plugin
	directory. And in fact we are not. The problem is, the plugin
	directory path is constructed at compile time. However, it's
	dependent on the wireshark version, e.g.

	  /usr/lib/wireshark/plugins/1.12.6

	This is rather unfortunate, because if libvirt RPMs were built
	with one version, but installed on a system with newer one, the
	plugins are not really loaded. This problem lead fedora packagers
	to unify plugin path to:

	  /usr/lib/wireshark/plugins/

	Cool! But this was enabled just in wireshark-1.12.6-4. Therefore,
	we must require at least that version.

	And while at it, on some distributions, the wireshark.pc file
	already has a variable that defines where plugin dir is. Use that
	if possible.

	1: https://www.redhat.com/archives/libvirt-users/2015-October/msg00063.html

2015-10-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix virNetDevWaitDadFinish stub
	Build on non-Linux fails because the virNetDevWaitDadFinish() stub
	has unused parameters. Fix by adding appropriate ATTRIBUTE_UNUSED
	for these parameters.

	Pushing under build-breaker rule.

2015-10-29  Maxim Perevedentsev  <mperevedentsev@virtuozzo.com>

	network: wait for DAD to finish for bridge IPv6 addresses
	commit db488c79 assumed that dnsmasq would complete IPv6 DAD before
	daemonizing, but in reality it doesn't wait, which creates problems
	when libvirt's bridge driver sets the matching "dummy tap device" to
	IFF_DOWN prior to DAD completing.

	This patch waits for DAD completion by periodically polling the kernel
	using netlink to check whether there are any IPv6 addresses assigned
	to bridge which have a 'tentative' state (if there are any in this
	state, then DAD hasn't yet finished). After DAD is finished, execution
	continues. To avoid an endless hang in case something was wrong with
	the kernel's DAD, we wait a maximum of 5 seconds.

2015-10-29  Maxim Perevedentsev  <mperevedentsev@virtuozzo.com>

	netlink: add support for multi-part netlink messages.
	Such messages do not have NLMSG_ERROR or NLMSG_DONE type
	but they are valid responses. We test 'multi-partness'
	by looking for NLM_F_MULTI flag.

2015-10-28  Luyao Huang  <lhuang@redhat.com>

	qemu: Use live autoNodeset when numatune placement is auto
	https://bugzilla.redhat.com/show_bug.cgi?id=1270715

	Commit id '9deb96f' removed the code to fetch the nodeset from the
	CpusetMems cgroup for a running vm in favor of using the return from
	virDomainNumatuneFormatNodeset introduced by commit id '43b67f2e7'.
	However, that API will return the value of the passed 'auto_nodeset'
	when placement is VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO, which happens
	to be NULL.

	Since commit id 'c74d58ad' started using priv->autoNodeset in order
	to manage the auto placement value during qemuProcessStart, it should
	be passed along in order to return the correct value if the domain
	requests the auto placement.

2015-10-27  Wido den Hollander  <wido@widodh.nl>

	rbd: Remove snapshots if the DELETE_WITH_SNAPSHOTS flag has been provided
	When a RBD volume has snapshots it can not be removed.

	This patch introduces a new flag to force volume removal,
	VIR_STORAGE_VOL_DELETE_WITH_SNAPSHOTS.

	With this flag any existing snapshots will be removed prior to
	removing the volume.

	No existing mechanism in libvirt allowed us to pass such information,
	so that's why a new flag was introduced.

2015-10-27  Pino Toscano  <ptoscano@redhat.com>

	util: implement virProcessGetStartTime on GNU/kFreeBSD
	Use the virProcessGetStartTime implementation also when only the kernel
	is FreeBSD, such as on GNU/kFreeBSD.

2015-10-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement domainGetOSType

2015-10-27  Pavel Hrdina  <phrdina@redhat.com>

	virsh-domain: use correct base for virStrToLong_ui
	While parsing device addresses we should use correct base and don't
	count on auto-detect.  For example, PCI address uses hex numbers, but
	each number starting with 0 will be auto-detected as octal number and
	that's wrong.  Another wrong use-case is for PCI address if for example
	bus is 10, than it's incorrectly parsed as decimal number.

	PCI and CCW addresses have all values as hex numbers, IDE and SCSI
	addresses are in decimal numbers.

2015-10-27  Luyao Huang  <lhuang@redhat.com>

	libvirt-domain: fix the error reporting when use the localhost as target uri
	Remove the extra %s in error message when call virReportInvalidArg().

	libvirt-domain: fix no error report when p2p migrate fail
	After commit a26669d7, we only jump to error when
	virDomainMigrateUnmanagedParams return a value less than -1.
	this will make the migrate result always be success even we
	meet some problem.

	qemu: fix migration flags undefinesource cannot work
	In commit f41be296, we moved vm->persistent check into
	qemuDomainRemoveInactive, but we didn't change the vm->persistent
	before call qemuDomainRemoveInactive in some place before and just
	call it to remove the inactive vm.

2015-10-27  Luyao Huang  <lhuang@redhat.com>

	conf: Add serial target type to ABI stability check
	https://bugzilla.redhat.com/show_bug.cgi?id=1273686

	There is no ABI check for serial target type attribute, just
	add it.

2015-10-27  Michal Privoznik  <mprivozn@redhat.com>

	lock_daemon: Switch to wrapper locking functions
	Lets use wrapper functions virLockDaemonLock and
	virLockDaemonUnlock instead of virMutexLock and virMutexUnlock.
	This has no functional impact, but it's easier to read (at least
	for me).

2015-10-26  Andrea Bolognani  <abologna@redhat.com>

	qemu: hostdev: Introduce qemuHostdevUpdateActiveDomainDevices()
	This calls the PCI-, USB- and SCSI-specific functions just
	like qemuHostdev{Prepare,ReAttach}DomainDevices() already do,
	and was the missing piece for the qemuHostdev API to nicely
	mirror the virHostdev API.

	Update qemuProcessReconnect() to use the new function.

2015-10-26  Andrea Bolognani  <abologna@redhat.com>

	qemu: hostdev: Unify naming for qemuHostdevUpdateActive*Devices()
	Adopt the same names used for virHostdevUpdateActive*Devices() for
	consistency's sake and to make it easier to jump between the two.

	No functional changes.

2015-10-26  Andrea Bolognani  <abologna@redhat.com>

	qemu: hostdev: Unify naming for qemuHostdevReAttach*Devices()
	Adopt the same names used for virHostdevReAttach*Devices() for
	consistency's sake and to make it easier to jump between the two.

	No functional changes.

2015-10-26  Andrea Bolognani  <abologna@redhat.com>

	qemu: hostdev: Unify naming for qemuHostdevPrepare*Devices()
	Adopt the same names used for virHostdevPrepare*Devices() for
	consistency's sake and to make it easier to jump between the two.

	No functional changes.

2015-10-26  Andrea Bolognani  <abologna@redhat.com>

	hostdev: Rename virHostdevUpdateDomainActiveDevices()
	The new name, virHostdevUpdateActiveDomainDevices(), follows the
	same naming conventions used by the rest of the module.

	No functional changes.

2015-10-22  Andrea Bolognani  <abologna@redhat.com>

	tests: Remove unused nodeinfo test data
	A bunch of files that we don't currently parse, and are very
	unlikely to ever start parsing, made their way into the nodeinfo
	test data. Get rid of them.

2015-10-22  Luyao Huang  <lhuang@redhat.com>

	virsh: Display an error when passing count <= 0 to setvcpus
	The number of vCPUs for a guest must be between 1 and the
	maximum value configured in the domain XML. This commit
	introduces checks to make sure that passing count <= 0
	results in an error.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1248277

2015-10-21  John Ferlan  <jferlan@redhat.com>

	conf: Fix error message to use correct parameter
	Fix a cut-n-paste error from commit id '35eecdde' where the previous
	check for max_sectors seems to have been copied, but the error message
	parameter not updated to be ioeventfd

2015-10-21  Luyao Huang  <lhuang@redhat.com>

	util: Produce friendlier error message to user
	Commit id '1c24cfe9' added error messages for virNumaSetPagePoolSize;
	however, virNumaGetHugePageInfo also uses virNumaGetHugePageInfoPath
	in order to build the path, but it never checked upon return if
	the built path exists which could lead to an error message as follows:

	$ virsh freepages 0 1
	error: Failed to open file
	    '/sys/devices/system/node/node0/hugepages/hugepages-1kB/free_hugepages':
	    No such file or directory

	Rather than add the same message for the other two callers, adjust
	the virNumaGetHugePageInfoPath in order not only build the path, but
	also check if the built path exists.  If the path does not exist,
	then generate the error message and return failure.

2015-10-21  Luyao Huang  <lhuang@redhat.com>

	util: Adjust error paths for virNumaSetPagePoolSize
	Commit id '1c24cfe9' added new checks and error messaes for failure
	scenarios. Let's adjust those error messages to after the call to
	virNumaGetHugePageInfoPath in order to provide a more specific error
	message depending on node and page_size

	After this patch:
	 # virsh allocpages --pagesize 2047 --pagecount 1 --cellno 0
	 error: operation failed: page size 2047 is not available on node 0

	 # virsh allocpages --pagesize 2047 --pagecount 1
	 error: operation failed: page size 2047 is not available

2015-10-21  Luyao Huang  <lhuang@redhat.com>

	util: split the virNumaGetHugePageInfoPath into separate function
	https://bugzilla.redhat.com/show_bug.cgi?id=1265114

	Refactor helper virNumaGetHugePageInfoPath to handle returning a directory
	path when passed a page_size of 0 and suffix == NULL into a new helper
	virNumaGetHugePageInfoDir which will only be called when a directory
	path is expected to be returned. This solves the issue where the helper
	was called with page_size == 0 expecting a file path in return, but
	instead got a directory path and failed in virFileReadAll with:

	    error : virFileReadAll:1358 : Failed to read file
	                '/sys/devices/system/node/node0/hugepages/': Is a directory

	Since virNumaGetPages API expects to return a directory by passing
	page_size == 0 and suffix == NULL, it will now call the new helper.
	Callers to virNumaGetHugePageInfoPath expect to return a file path
	which could then be used in the call to virFileReadAll.

2015-10-21  Ishmanpreet Kaur Khera  <khera.ishman@gmail.com>

	Avoid using !STREQ and !STRNEQ
	We have macros for both positive and negative string matching.
	Therefore there is no need to use !STREQ or !STRNEQ. At the same
	time as we are dropping this, new syntax-check rule is
	introduced to make sure we won't introduce it again.

2015-10-20  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Fix XSLT stylesheet
	This has been broken for a looong time - in fact, we've been
	shipping a mostly-empty NEWS file for at least the past two years.

	Including the html namespace and using it for matching elements,
	like hacking1.xsl and hacking2.xsl were already doing, makes the
	NEWS file useful again.

	Add a note explaining that the release list has been split up
	by year as well.

2015-10-20  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Split releases by year
	Update cfg.mk to ignore the split files during
	syntax-check (thanks Martin).

2015-10-20  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: implement some domain API calls
	The following functions are implemented:

	vzDomainIsUpdated, vzDomainGetVcpusFlags and vzDomainGetMaxVcpus.

2015-10-20  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: implement API calls of nodeGetxxx family
	The following functions were implemented:

	 vzNodeGetCPUStats, vzNodeGetMemoryStats,
	 vzNodeGetCellsFreeMemory and vzNodeGetFreeMemory.

2015-10-20  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: implement connectGetMaxVcpus API calls
	Because we have no limitation for maximal number of vcpus in containers
	we report as maximum 1028 just for the sake of common sence.

2015-10-16  Michal Privoznik  <mprivozn@redhat.com>

	security_dac: Introduce remember/recall APIs
	Even though the APIs are not implemented yet, they create a
	skeleton that can be filled in later.

	security_dac: Limit usage of virSecurityDACSetOwnershipInternal
	This function should really be called only when we want to change
	ownership of a file (or disk source). Lets switch to calling a
	wrapper function which will eventually record the current owner
	of the file and call virSecurityDACSetOwnershipInternal
	subsequently.

	virSecurityDACRestoreSecurityFileLabel: Pass virSecurityDACDataPtr
	This is pure code adjustment. The structure is going to be needed
	later as it will hold a reference that will be used to talk to
	virtlockd. However, so far this is no functional change just code
	preparation.

	virSecurityDACSetOwnership: Pass virSecurityDACDataPtr
	This is pure code adjustment. The structure is going to be needed
	later as it will hold a reference that will be used to talk to
	virtlockd. However, so far this is no functional change just code
	preparation.

	virSecurityDACSetOwnershipInternal: Don't chown so often
	It's better if we stat() file that we are about to chown() at
	first and check if there's something we need to change. Not that
	it would make much difference, but for the upcoming patches we
	need to be doing stat() anyway. Moreover, if we do things this
	way, we can drop @chown_errno variable which will become
	redundant.

	security_dac: Fix TODO marks
	Correctly mark the places where we need to remember and recall
	file ownership. We don't want to mislead any potential developer.

2015-10-16  Michal Privoznik  <mprivozn@redhat.com>

	virtlockd: Don't SIGSEGV on SIGUSR1
	So we have this mechanism that on SIGUSR1 the virtlockd dumps its
	internal state into a JSON file, reexec itself and the reloads
	the internal state back. However, there's a bug in our
	implementation:

	  (gdb) signal SIGUSR1
	  Continuing with signal SIGUSR1.
	  [Thread 0x7fd094f7b700 (LWP 10602) exited]
	  process 10600 is executing new program: /home/zippy/work/libvirt/libvirt.git/src/virtlockd
	  warning: Could not load shared library symbols for linux-vdso.so.1.
	  Do you need "set solib-search-path" or "set sysroot"?
	  [Thread debugging using libthread_db enabled]
	  Using host libthread_db library "/lib64/libthread_db.so.1".
	  [New Thread 0x7fb28bc3c700 (LWP 14501)]

	  Program received signal SIGSEGV, Segmentation fault.
	  0x00007fb29133d530 in virExpandN (ptrptr=0x70, size=8, countptr=0x68, add=1, report=true, domcode=7, filename=0x7fb29138aeab "rpc/virnetserver.c", funcname=0x7fb29138b680 <__FUNCTION__.15821> "virNetServerAddProgram", linenr=661) at util/viralloc.c:288
	  288         if (*countptr + add < *countptr) {
	  (gdb) bt
	  #0  0x00007fb29133d530 in virExpandN (ptrptr=0x70, size=8, countptr=0x68, add=1, report=true, domcode=7, filename=0x7fb29138aeab "rpc/virnetserver.c", funcname=0x7fb29138b680 <__FUNCTION__.15821> "virNetServerAddProgram", linenr=661) at util/viralloc.c:288
	  #1  0x00007fb29132a267 in virNetServerAddProgram (srv=0x0, prog=0x7fb2915d08b0) at rpc/virnetserver.c:661
	  #2  0x00007fb29131f27f in main (argc=1, argv=0x7fff8f771298) at locking/lock_daemon.c:1445

	Notice the NULL @srv passed to frame 2? Usually, the @srv
	variable is initialized on fresh start. However, in case of
	daemon reload, the code path that is responsible for initializing
	the value was not triggered and therefore we crashed immediately.
	Fix this by always setting the variable.

2015-10-16  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	Close the source fd if the destination qemu exits during tunnelled migration
	Tunnelled migration can hang if the destination qemu exits despite all the
	ABI checks. This happens whenever the destination qemu exits before the
	complete transfer is noticed by source qemu. The savevm state checks at
	runtime can fail at destination and cause qemu to error out.
	The source qemu cant notice it as the EPIPE is not propogated to it.
	The qemuMigrationIOFunc() notices the stream being broken from virStreamSend()
	and it cleans up the stream alone. The qemuMigrationWaitForCompletion() would
	never get to 100% transfer completion.
	The qemuMigrationWaitForCompletion() never breaks out as well since
	the ssh connection to destination is healthy, and the source qemu also thinks
	the migration is ongoing as the Fd to which it transfers, is never
	closed or broken. So, the migration will hang forever. Even Ctrl-C on the
	virsh migrate wouldn't be honoured. Close the source side FD when there is
	an error in the stream. That way, the source qemu updates itself and
	qemuMigrationWaitForCompletion() notices the failure.

	Close the FD for all kinds of errors to be sure. The error message is not
	copied for EPIPE so that the destination error is copied instead later.

	Note:
	Reproducible with repeated migrations between Power hosts running in different
	subcores-per-core modes.

2015-10-16  John Ferlan  <jferlan@redhat.com>

	conf: Optimize the iothreadid initialization
	https://bugzilla.redhat.com/show_bug.cgi?id=1264008

	The existing algorithm assumed that someone was making small, incremental
	changes; however, it is possible to change iothreads from 0 (or relatively
	small number) to some really large number and the algorithm would possibly
	spin its wheels doing unnecessary searches.

	So, optimize the algorithm using a bitmap to find available iothread_id's
	starting at 1 that aren't already defined by a "<thread id='#'>" and
	filling in the iothreadids array with those iothread_id values.

2015-10-16  John Ferlan  <jferlan@redhat.com>

	qemu: Fix qemu startup check for QEMU_CAPS_OBJECT_IOTHREAD
	https://bugzilla.redhat.com/show_bug.cgi?id=1249981

	When qemuDomainPinIOThread was added in commit id 'fb562614', a check
	for the IOThread capability was not needed since a check for iothreadpids
	covered the condition where the support for IOThreads was not present.
	The iothreadpids array was only created if qemuProcessDetectIOThreadPIDs
	was able to query the monitor for IOThreads. It would only do that if
	the QEMU_CAPS_OBJECT_IOTHREAD capability was set.

	However, when iothreadids were added in commit id '8d4614a5' and the
	check for iothreadpids was replaced by a search through the iothreadids[]
	array for the matching iothread_id that left open the possibility that
	an iothreadids[] array was defined, but the entries essentially pointed
	to elements with only the 'iothread_id' defined leaving the 'thread_id'
	value of 0 and eventually the cpumap entry of NULL.

	This was because, the original IOThreads commit id '72edaae7' only
	checked if IOThreads were defined and if the emulator had the IOThreads
	capability, then IOThread objects were added at startup. The "capability
	failure" check was only done when a disk was assigned to an IOThread in
	qemuCheckIOThreads. This was because the initial implementation had no way
	to dynamically add IOThreads, but it was possible to dynamically add a
	disk to the domain. So the decision was if the domain supported it, then
	add the IOThread objects. Then if a disk with an IOThread defined was
	added, it could check the capability and fail to add if not there. This
	just meant the 'iothreads' value was essentially ignored.

	Eventually commit id 'a27ed6e7' allowed for the dynamic addition and
	deletion of IOThread objects. So it was no longer necessary to generate
	IOThread objects to dynamically attach a disk to. However, the startup
	and disk check code was not modified to reflect this.

	This patch will move the capability failure check to when IOThread
	objects are being added to the command line. Thus a domain that has
	IOThreads defined will not be started if the emulator doesn't support
	the capability. This means when qemuCheckIOThreads is called to add
	a disk, it's no longer necessary to check the capability. Instead the
	code can use the IOThreadFind call to indicate that the IOThread
	doesn't exist.

	Finally because it could be possible to have a domain running with the
	iothreadids[] defined prior to this change if libvirtd is restarted each
	having mostly empty elements, qemuProcessDetectIOThreadPIDs will check
	if there are niothreadids when the QEMU_CAPS_OBJECT_IOTHREAD capability
	check fails and remove the elements and array if it exists.

	With these changes in place, it turns out the cputune-numatune test
	was failing because the right bit wasn't set in the test. So used the
	opportunity to fix that and create a test that would expect to fail
	with some sort of iothreads defined and used, but not having the
	correct capability.

2015-10-16  John Ferlan  <jferlan@redhat.com>

	qemu: Check for niothreads == 0 in qemuSetupCgroupForIOThreads
	If there are no IOThreads defined, no sense making other checks

	qemu: Use 'niothreadids' instead of 'iothreads'
	Although theoretically both should be the same value, the niothreadids
	should be used in favor of iothreads when performing comparisons. This
	leaves the iothreads as a purely numeric value to be saved in the config
	file.  The one exception to the rule is virDomainIOThreadIDDefArrayInit
	where the iothreadids are being generated from the iothreads count since
	iothreadids were added after initial iothreads support.

2015-10-16  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use 'format' argument only when specified
	The condition checking whether --format was specified was incorrect.
	virsh crashed if the following format was used:

	 virsh dump VM dump --format '' --memory-only

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1272301

2015-10-16  Dominik Perpeet  <dperpeet@redhat.com>

	docs: event impl. registration before hypervisor connection
	Event implementations need to be registered before a connection to the
	Hypervisor is opened, otherwise event handling can be impaired (e.g.
	delayed messages). This fact is referenced in an e-mail [1], but should
	also be noted in the documentation of the registration functions.

	[1] https://www.redhat.com/archives/libvirt-users/2014-April/msg00011.html

2015-10-15  Wei Jiangang  <weijg.fnst@cn.fujitsu.com>

	Fix conficts with HACKING doc
	Don't compare a bool variable against the literal, "true".

	libvirt-secret: Fix typo
	seclets ==> selects
	qualfied ==> qualified

2015-10-15  John Ferlan  <jferlan@redhat.com>

	conf: Refactor the iothreadid initialization
	Create a separate local API that will fill in the iothreadid array
	entries that were not defined by <iothread id='#'> entries in the XML.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Unify date format
	There were some inconsistencies, eg. the number of digits used for
	the day. The month name was also spelled out instead of abbreviated
	in some instances.

	NEWS: Unify section titles
	There were some inconsistencies; now the section title is always
	one of Bug Fixes, Cleanups, Documentation, Features, Improvements,
	Portability, Security.

	NEWS: Add empty lines
	Make sure there is always an empty line between sections.

	NEWS: Fix indentation
	Some of the paragraphs were not properly indented: while this was
	not a problem in the HTML version, you could tell the difference
	in the plain text version.

	NEWS: Fix newlines
	Some <br/> tags were missing from the end of the corresponding
	line, some of there were in the middle of the line instead.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Fix whitespace
	Mostly missing space between change description and author name or
	spurious space before section title.

	Reflow the introductory paragraph as well.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Organize old entries
	Sort all items into the standard categories: Features, Bug Fixes,
	Improvements, Cleanups, etc.

	The sorting is somewhat arbitrary in certain instances.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Split old entries (2009)
	The changes for releases earlier than 0.7.1 were mostly lumped
	together as opposed to being tidly organized with one change per
	line, like we have done from that point onwards.

	As a result, they look awful in the HTML version and don't work
	too well in the plain text version either.

	Luckily, except for the very first releases, the information is
	still very detailed, so it's enough to organize it properly.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Split old entries (2008)
	The changes for releases earlier than 0.7.1 were mostly lumped
	together as opposed to being tidly organized with one change per
	line, like we have done from that point onwards.

	As a result, they look awful in the HTML version and don't work
	too well in the plain text version either.

	Luckily, except for the very first releases, the information is
	still very detailed, so it's enough to organize it properly.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Split old entries (2006-2007)
	The changes for releases earlier than 0.7.1 were mostly lumped
	together as opposed to being tidly organized with one change per
	line, like we have done from that point onwards.

	As a result, they look awful in the HTML version and don't work
	too well in the plain text version either.

	Luckily, except for the very first releases, the information is
	still very detailed, so it's enough to organize it properly.

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Properly escape > in HTML

	NEWS: Split off merged sections
	Portability and Bug Fixes for release 0.7.3 were merged together;
	same for Features and Security for release 1.1.3. Split them off

	NEWS: Remove empty sections

2015-10-14  Andrea Bolognani  <abologna@redhat.com>

	NEWS: Include description for release 0.7.3
	The description for this release, unlike all other descriptions,
	was inside a <p> element; however, the XSLT stylesheet contains a
	template that drops all <p> elements from the output file, so it
	never made it to the generated NEWS file.

	Use a <li> element, same as all other releases, instead.

2015-10-14  Wei Jiangang  <weijg.fnst@cn.fujitsu.com>

	tests: make redirects happen in correct order
	It should redirect stdout to /dev/null first,
	then redirect stderr to whatever stdout currently points at.

2015-10-14  John Ferlan  <jferlan@redhat.com>

	storage: Rework error paths for virStorageBackendCreateExecCommand
	Rework the code in order to use the "ret = -1;" and goto cleanup;
	coding style.

	storage: On error rmdir created directory in virDirCreate[NoFork]
	After a successful creation of a directory, if some other call results
	in returning a failure, let's remove the directory we created to
	prevent another round trip or confusion in the caller. In particular, this
	function can be called during a storage backend buildVol, so in order
	to ensure that caller doesn't need to distinguish between failed create
	or some other failure after create, just remove the directory we created.

	storage: On error unlink created file in virFileOpen{As|Forked}
	After a successful creation of a file, if some other call results
	in returning a failure, let's unlink the file we created to prevent
	another round trip or confusion in the caller. In particular, this
	function can be called during a storage backend buildVol, so in order
	to ensure that caller doesn't need to distinguish between failed create
	or some other failure after create, just remove the volume we created.

2015-10-14  John Ferlan  <jferlan@redhat.com>

	storage: Track successful creation of LV for removal
	https://bugzilla.redhat.com/show_bug.cgi?id=1233003

	Track when the logical volume was successfully created in order to
	properly handle the call to virStorageBackendLogicalDeleteVol. It's
	possible that the failure to create was because someone created an
	LV in the pool outside of libvirt's knowledge. In this case, we don't
	want to delete that LV.  A subsequent or future refresh of the pool
	will find the volume and cause an earlier failure

2015-10-14  John Ferlan  <jferlan@redhat.com>

	storage: Fix a resource leak in storageVolCreateXML
	Commit id '1b5685da' refactored the code to move buildvoldef inside
	the buildVol conditional; however, the VIR_FREE of the memory was
	left only when 'buildret' failed, thus we're leaking memory.

2015-10-14  John Ferlan  <jferlan@redhat.com>

	storage: Remove duplicitous refreshVol in Sheepdog buildVol
	As of commit id '155ca616' a 'refreshVol' is called after a buildVol
	succeeds in storageVolCreateXML, thus a volStorageBackendSheepdogRefreshVolInfo
	call in virStorageBackendSheepdogBuildVol is no longer necessary.

	Additionally, the 'conn' parameter becomes unused.

2015-10-14  John Ferlan  <jferlan@redhat.com>

	storage: Remove duplicitous refreshVol in RBD buildVol
	As of commit id '155ca616' a 'refreshVol' is called after the buildVol
	succeeds in storageVolCreateXML, thus the volStorageBackendRBDRefreshVolInfo
	call in virStorageBackendRBDBuildVol is no longer necessary.

2015-10-13  Eric Blake  <eblake@redhat.com>

	build: include xdr cflags for libvirt-admin
	Without this, building on cygwin fails with:

	  CC       libvirt_admin_la-libvirt-admin.lo
	libvirt-admin.c:25:21: fatal error: rpc/rpc.h: No such file or directory
	 #include <rpc/rpc.h>
	                     ^

	Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>

2015-10-13  Daniel P. Berrange  <berrange@redhat.com>

	virt-host-validate: check for IOMMU support
	This looks for existance of DMAR (Intel) and IVRS (AMD)
	files under /sys/firmware/acpi/tables/, as a sign that
	the platform has IOMMU present & enabled in the BIOS.

	If these are present and /sys/kernel/iommu_groups does
	not contain any entries this is taken as a sign that
	the kernel has not enabled the IOMMU currently.

	If no ACPI tables are found we can't distinguish between
	disabled in BIOS and not present in the hardware, so we
	have to give the user a generic hint.

2015-10-12  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-domain: Drop virDomainMigrateCheckNotLocal attribute
	Our apibuild.py script does not cope with ATTRIBUTE_NONNULL:

	Parse Error: parsing function type, ')' expected
	Got token  ('name', 'char')
	Last token:  ('name', 'char')
	Token queue:  [('op', '*'), ('name', 'dconnuri'), ('sep', ')')]
	Line 3297 end:
	Makefile:2441: recipe for target '../../docs/apibuild.py.stamp' failed

	Let's drop it. Moreover, up until e17ae3ccc2dbc1400 where it was
	introduced we did not really care about NULL-ity of dconnuri. And
	moreover the ATTRIBUTE_NONNULL merely checks for static calls
	over NULL, it won't catch the dynamic ones, where a NULL is
	passed by a variable at runtime.

2015-10-12  John Ferlan  <jferlan@redhat.com>

	storage: Fix incorrect format for <disk> <auth> XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1256999

	After creating a copy of the 'authdef' in a pool -> disk translation,
	unconditionally clear the 'authType' in the resulting disk auth def
	structure since that's used for a storage pool and not a disk.  This
	ensures virStorageAuthDefFormat will properly format the <auth> XML
	for a <disk> (e.g. it won't have a <auth type='%s'.../>).

2015-10-12  Daniel P. Berrange  <berrange@redhat.com>

	virt-host-validate: disable mntent code on Win32
	Win32 does not have support for mntent.h header, so the
	method which uses this must be stubbed out.

	virt-host-validate: check for required cgroups
	Extend the virt-host-validate checks to see if the required
	cgroups are compiled into the kernel and that they are
	mounted on the system. The cgroups are all optional except
	for 3 that LXC mandates

	virt-host-validate: distinguish exists vs accessible for devices
	Currently we just check that various devices are accessible.
	This leads to inaccurate errors reported for /dev/kvm and
	/dev/vhost-net if they exist but an unprivileged user lacks
	access. Switch existing checks to look for file existance,
	and add a separate check for accessibility of /dev/kvm
	since some distros don't grant users access by default.

	virt-host-validate.c: check for kernel namespaces
	The LXC driver requires the uts, mnt, pid & ipc
	namespaces, while net & user namespaces are
	optional. Validate all these are present.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: check dconnuri in p2p mode
	Check dconnuri is not null or we will catch nullpointer later.
	I hope this makes Coverity happy.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: refactor: introduce parameter checking function
	virDomainMigrateUnmanagedParams is not a good candidate for this functionality
	as it is used by migrate family functions too and its have its own checks that
	are superset of extracted and we don't need to check twice.

	Actually name of the function is slightly misleading as there is also a check
	for consistensy of flags parameter alone. So it could be refactored further and
	reused by all migrate functions but for now let it be a matter of a different
	patchset.

	It is *not* a pure refactoring patch as it introduces offline check for older
	versions. Looks like it must be done that way and no one will be broken too.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: merge all proto branches into single function
	Finally on this step we get what we were aimed for - toURI{1, 2} (and
	migration{*} APIs too) now can work thru V3_PARAMS protocol. Execution path
	goes thru unchanged virDomainMigrateUnmanaged adapter function which is called
	by all target places.

	Note that we keep the fact that direct migration never works
	thru V3_PARAMS proto. We can't change this aspect without
	further investigation.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: refactor: refactor parameter compatibility checks
	Move virDomainMigrateUnmanagedProto* expected params list check into
	function itself and use common virTypedParamsCheck for this purpose.

	migration: refactor: extract parameter adaption functions
	Extract parameter adaptation and checking which is protocol dependent into
	designated functions. Leave only branching and common checks in
	virDomainMigrateUnmanagedParams.

	migration: refactor: introduce params version of unmanaged
	Let's put main functionality into params version of virDomainMigrateUnmanaged
	as a preparation step for merging it with virDomainMigratePeer2PeerParams.
	virDomainMigrateUnmanaged then does nothing more then just adapting arguments.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: refactor: merge direct and p2p into unmanaged
	p2p plain and direct function are good candidates for code reuse. Their main
	function is same - to branch among different versions of migration protocol and
	implementation of this function is also same. Also they have other common
	functionality in lesser aspects. So let's merge them.

	But as they have different signatures we have to get to convention on how to
	pass direct migration 'uri' in 'dconnuri' and 'miguri'. Fortunately we alreay
	have such convention in parameters passed to toURI2 function, just let's follow
	it. 'uri' is passed in miguri and dconnuri is ignored.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: refactor: rename uri parameter to miguri
	We use miguri name for this parameter in other places. So
	make naming more consitent.

2015-10-12  Michal Privoznik  <mprivozn@redhat.com>

	migration: remove direct migration dependency on version1 of driver
	Direct migration should work if *perform3 is present but *perform
	is not. This is situation when driver migration is implemented
	after new version of driver function is introduced. We should not
	be forced to support old version too as its parameter space is
	subspace of newer one.

2015-10-12  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	migration: move implementation check to branches in p2p
	This is more structured code so it will be easier to add branch for _PARAMS
	protocol here. It is not a pure refactoring strictly speaking as we remove
	scenarios for broken cases when driver defines V3 feature and implements
	perform function. So it is additionally a more solid code.

	migration: refactor: reuse p2p url check
	Refactor dconnuri local server URI check to common API.

	migration: refactor: get rid of use_params p2p_full
	'useParams' parameter usage is an example of control coupling. Most of the work
	inside the function is done differently except for the uri check. Lets split
	this function into two, one with extensible parameters set and one with hardcoded
	parameter set.

2015-10-09  Michal Privoznik  <mprivozn@redhat.com>

	virJSONValueArraySize: return ssize_t
	The internal representation of a JSON array counts the items in
	size_t. However, for some reason, when asking for the count it's
	reported as int. Firstly, we need the function to return a signed
	type as it's returning -1 on an error. But, not every system has
	integer the same size as size_t. Therefore, lets return ssize_t.

2015-10-09  Andrea Bolognani  <abologna@redhat.com>

	src: Remove $(builddir) usage
	Commit 4e8032272f1704f7 used $(builddir) in the header search
	path to fix a build issue; however, $(builddir) is not defined
	by old autoconf versions such as the one available in CentOS 5,
	resulting in the following error:

	  cc1: error: /util: No such file or directory
	  make[3]: *** [libvirt_driver_la-fdstream.lo] Error 1

	Since $(builddir) is defined to always be '.', just use that
	value directly instead.

2015-10-09  Andrea Bolognani  <abologna@redhat.com>

	src: Include $(builddir)/util in the header search path
	Since a9fe620372144db, we are generating virkeymaps.h at build
	time; however, we are not including $(builddir)/util in the
	header search path, so when doing a VPATH build the compiler
	is unable to locate the file.

	make[2]: Entering directory
	`/home/jenkins/libvirt/systems/libvirt-fedora-20/build/src'
	  GEN      util/virkeymaps.h
	  ...
	  CC       util/libvirt_util_la-virkeycode.lo
	  CC       util/libvirt_util_la-virkeyfile.lo
	  CC       util/libvirt_util_la-virlockspace.lo
	  CC       util/libvirt_util_la-virlog.lo
	../../src/util/virkeycode.c:27:24: fatal error: virkeymaps.h: No such file or directory
	 #include "virkeymaps.h"
	                        ^
	compilation terminated.

2015-10-08  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: cleanup
	Remove unused definitions, functions and structure fields.

2015-10-08  John Ferlan  <jferlan@redhat.com>

	storage: Perform some cleanup of calls
	Cleanup calls to virStorageBackendCopyToFD a bit.

2015-10-08  Andrea Bolognani  <abologna@redhat.com>

	AUTHORS: Add myself to the list of committers

2015-10-08  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity FORWARD_NULL
	Coverity notices that net->ifname is potentially referenced after a
	VIR_FREE().  Since the net->ifname will eventually be free'd during
	virDomainDefFree when calling virDomainNetDefFree, let's just that
	processing take care the free.

	libxl: Resolve Coverity FORWARD_NULL
	Since the strtok_r call in libxlCapsInitGuests expects a non NULL first
	parameter when the third parameter is NULL, we need to check that
	the returned 'capabilities' from a libxl_get_version_info call is
	not NULL and error out if so since the code expects it.

2015-10-07  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityManagerNew: Turn array of booleans into flags
	So imagine you want to crate new security manager:

	  if (!(mgr = virSecurityManagerNew("selinux", "QEMU", false, true, false, true)));

	Hard to parse, right? What about this:

	  if (!(mgr = virSecurityManagerNew("selinux", "QEMU",
	                                    VIR_SECURITY_MANAGER_DEFAULT_CONFINED |
	                                    VIR_SECURITY_MANAGER_PRIVILEGED)));

	Now that's better! This is what the commit does.

2015-10-07  Cole Robinson  <crobinso@redhat.com>

	tests: eventtest: Fix coverity warning
	We can ignore the result of virtTestResult here, because failure is
	unconditionally reported by the callers

2015-10-07  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix indentation issue
	Two #define lines introduced by b527aa0 did not respect the
	indentation rules, thus breaking syntax-check.

2015-10-07  Andrea Bolognani  <abologna@redhat.com>

	qemu: Remove explicit values from virQEMUCapsFlags
	This gets rid of the partially enforced alignment and makes it less
	likely for a bogus value to be introduced in the enumeration.
	Capabilities are divided in five-element groups for better readability.

	Use #define for QEMU_CAPS_NET_NAME and QEMU_CAPS_HOST_NET_ADD, both
	of which are aliases for QEMU_CAPS_0_10.

2015-10-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Skip few checks while doing offline migration
	qemuMigrationIsAllowed would disallow offline migration if the VM
	contained host devices or memory modules. Since during offline migration
	we don't transfer any state we can safely migrate VMs with such
	configuration.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1265049

2015-10-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Use migration flags in qemuMigrationIsAllowed
	Use the migration @flags for checking various migration aspects rather
	than picking them out as booleans. Document the new semantics in the
	function header.

2015-10-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Drop @def from qemuMigrationIsAllowed
	Now that qemuMigrationIsAllowed is always called with @vm, we can drop
	the @def argument and simplify the control flow.

	Additionally the comment is invalid so drop it.

2015-10-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Split source and destination migration checks
	Extract the hostdev check from qemuMigrationIsAllowed into a separate
	function since that is the only part that needs to be done in the v2
	migration protocol prepare phase on the destination. All other checks
	were added when the v3 protocol existed so they don't need to be
	extracted.

	This change will allow to drop the @def argument for
	qemuMigrationIsAllowed and further simplify the function.

2015-10-06  Cole Robinson  <crobinso@redhat.com>

	spec: Delete .git after applying patches
	I'm hitting this little annoyance in fedora's package repo:

	$ fedpkg prep
	Downloading libvirt-1.2.20.tar.gz
	...
	+ /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz
	$ git clean -xdf
	Removing libvirt-1.2.20.tar.gz
	Skipping repository libvirt-1.2.20/

	We git-ify the libvirt directory as part of applying patches in the spec
	file, but 'git clean' will ignore subfolders that appear to be standalone
	git repos.

	Let's just delete the .git directory after we're done with it.

2015-10-06  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: remove storage driver as never used
	In fact, it was never used as far as vz has no features supporting it.
	That is why there will be no harm to anyone if we just remove this code to
	prevent further misunderstanding and efforts to support dead code.

	vz: remove network driver as never used
	At the time this code was added we had intentions to support libvirt interface
	to manage vz networks. In fact, it was never implemented completely to work
	correctly that makes me think that there will be no harm to anyone if we just
	rip it off. Moreover, in vz7 we started to use libvirt bridge network driver to
	manage networks.

2015-10-06  Cole Robinson  <crobinso@redhat.com>

	tests: qemu: Add aarch64 virtio pci tests
	- qemuxml2argv-aarch64-mmio-default-pci: Verify that we still default
	  to virtio-mmio even if qemu is new enough to support PCI
	- qemuxml2argv-aarch64-virtio-pci: Check generated arm virtio PCI args

2015-10-06  Cole Robinson  <crobinso@redhat.com>

	docs: domain: Show canonical pvspinlock XML
	The example pvspinlock XML is:

	  <pvspinlock/>

	While this is accepted by libvirt and works correctly, it's currently
	always output as a tristate like

	  <pvspinlock state='on'/>

	So document that format instead

2015-10-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Wait until destination QEMU consumes all migration data
	Even though QEMU on the source host reports completed migration and thus
	we move to the Finish phase, QEMU on the destination host may still be
	processing migration data. Thus before we can start guest CPUs on the
	destination, we have to wait for a completed migration event.

	https://bugzilla.redhat.com/show_bug.cgi?id=1265902

2015-10-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make updating stats in qemuMigrationCheckJobStatus optional
	With new QEMU which supports migration events,
	qemuMigrationCheckJobStatus needs to explicitly query QEMU for migration
	statistics once migration is completed to make sure the caller sees
	up-to-date statistics with both old and new QEMU. However, some callers
	are not interested in the statistics at all and once we start waiting
	for a completed migration on the destination host too, checking the
	statistics would even fail. Let's push the decision whether to update
	the statistics or not to the caller.

	qemu: Introduce flags in qemuMigrationCompleted
	The function already has two bool parameters and we will need to add a
	new one. Let's switch to flags to make the callers readable.

	qemu: Copy completed migration stats only on success
	The destination host gets detailed statistics about the current
	migration form the source host via migration cookie and copies them to
	the domain object so that they can be queried using
	virDomainGetJobStats. However, we should only copy statistics to the
	domain object when migration finished successfully.

	qemu: Always update migration times on destination
	Even if we are migrating a domain with VIR_MIGRATE_PAUSED flag set, we
	should still update the total time of the migration. Updating downtime
	doesn't hurt either, even though we don't actually start guest CPUs.

2015-10-06  Martin Kletzander  <mkletzan@redhat.com>

	tests: Check GIC-related XMLs in qemuxml2xmltest

	Do not distribute generated virkeymaps.h
	We are distributing virkeymaps.h and all the tools needed to rebuild
	that file.  On top of that, we are generating that file into the
	$(srcdir) and that sometimes fails when trying to do make dist in VPATH
	on rawhide fedora.  And we don't clean the file when maintainer-clean
	make target is requested.  So let's not distribute the file and rather
	let everyone rebuild it when needed and clean it when appropriate.

2015-10-06  Cédric Bosdonnat  <cbosdonnat@suse.com>

	apparmor: differentiate between error and unconfined profiles
	profile_status function was not making any difference between error
	cases and unconfined profiles. The problem with this approach is that
	dominfo was throwing an error on unconfined domains.

2015-10-06  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove <metadata> elements with no namespace
	Our docs state that subelements of <metadata> shall have a namespace
	and the medatata APIs expect that too. To avoid inaccessible
	<metadata> sub-elements, just remove those that don't conform to the
	documentation.

	Apart from adding the new condition this patch renames the function and
	refactors the code flow to allow the changes.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245525

2015-10-05  Cole Robinson  <crobinso@redhat.com>

	testutils: Drop virtTestResult
	virtTestResult is suboptimal for a few reasons:

	- It poorly duplicates virtTestRun pass/fail reporting logic
	- It doesn't have virtTestRun's alloc testing support
	- It only reports the test name _after_ the test has run.
	- It doesn't follow the standard virtTestRun pattern that most other
	  tests use.

	There's no users left, so drop it. If any other async tests like eventtest
	spring up that don't cleanly fit the virtTestRun pattern, I suggest they
	just open code the support for it around virtTestRun

2015-10-05  Cole Robinson  <crobinso@redhat.com>

	tests: eventtest: Open code virtTestResult
	These event tests aren't run synchronously, so there isn't an obvious
	function to pass to virtTestRun. Instead, open code roughly what
	virtTestResult did before: printing an error message if a test failed.

	tests: sheepdog: Drop use of virtTestResult
	Instead use the same pattern that most other test files use.

2015-10-05  Cole Robinson  <crobinso@redhat.com>

	testutils: Add coloring to verbose PASS/FAILED output
	Helps to visually track down test failures if debugging the test suite.

	The colors match what 'make check' does for pass/fail/skip

2015-10-05  John Ferlan  <jferlan@redhat.com>

	storage: Adjust calculation of alloc/capacity for disk
	https://bugzilla.redhat.com/show_bug.cgi?id=1247987

	Calculation of the extended and logical partition values for the disk
	pool is complex. As the bz points out an extended partition should have
	it's allocation initialized to 0 (zero) and keep the capacity as the size
	dictated by the extents read.  Then for each logical partition found,
	adjust the allocation of the extended partition.

	Finally, previous logic tried to avoid recalculating things if a logical
	partition was deleted; however, since we now have special logic to handle
	the allocation of the extended partition, just make life easier by reading
	the partition table again - rather than doing the reverse adjustment.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStorageBackendDiskStartPool
	https://bugzilla.redhat.com/show_bug.cgi?id=1251461

	When 'starting' up a disk pool, we need to make sure the label on the
	device is valid; otherwise, the followup refreshPool will assume the
	disk has been properly formatted for use. If we don't find the valid
	label, then refuse the start and give a proper reason.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	storage: Add additional errors/checks for disk label
	Let's check to ensure we can find the Partition Table in the label
	and that libvirt actually recognizes that type; otherwise, when we
	go to read the partitions during a refresh operation we may not be
	reading what we expect.

	This will expand upon the types of errors or reason that a build
	would fail, so we can create more direct error messages.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	storage: Add param to check whether we can write a disk label
	Modify virStorageBackendDiskValidLabel to add a 'writelabel' parameter.
	While initially for the purpose of determining whether the label should
	be written during DiskBuild, a future use during DiskStart could determine
	whether the pool should be started using the label found. Augment the
	error messages also to give a hint as to what someone may need to do
	or why the command failed.

	storage: Refactor disk label checking
	Create a new function virStorageBackendDiskValidLabel to handle checking
	whether there is a label on the device and whether it's valid or not.
	While initially for the purpose of determining whether the label can be
	overwritten during DiskBuild, a future use during DiskStart could determine
	whether the pool should be started using the label found.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	storage: Prior to creating a volume, refresh the pool
	https://bugzilla.redhat.com/show_bug.cgi?id=1233003

	Although perhaps bordering on a don't do that type scenario, if
	someone creates a volume in a pool outside of libvirt, then uses that
	same name to create a volume in the pool via libvirt, then the creation
	will fail and in some cases cause the same name volume to be deleted.

	This patch will refresh the pool just prior to checking whether the
	named volume exists prior to creating the volume in the pool. While
	it's still possible to have a timing window to create a file after the
	check - at least we tried.  At that point, someone is being malicious.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	virfile: Fix error path for forked virFileRemove
	As it turns out the caller in this case expects a return < 0 for failure
	and to get/use "errno" rather than using the negative of returned status.
	Again different than the create path.

	If someone "deleted" a file from the pool without using virsh vol-delete,
	then the unlink/rmdir would return an error (-1) and set errno to ENOENT.
	The caller checks errno for ENOENT when determining whether to throw an
	error message indicating the failure.  Without the change, the error
	message is:

	error: Failed to delete vol $vol
	error: cannot unlink file '/$pathto/$vol': Success

	This patch thus allows the fork path to follow the non-fork path
	where unlink/rmdir return -1 and errno.

2015-10-05  John Ferlan  <jferlan@redhat.com>

	virfile: Add extra check for direct delete in virFileRemove
	Unlike create options, if the file to be removed is already in the
	pool, then the uid/gid will come from the pool. If it's the same as the
	currently running process, then just do the unlink/rmdir directly
	rather than going through the fork processing unnecessarily

2015-10-05  Andrea Bolognani  <abologna@redhat.com>

	qemu: Add conditions for qemu-kvm use on ppc64
	qemu-kvm can be used to run ppc64 guests on ppc64le hosts and vice
	versa, since the hardware is actually the same and the endianness
	is chosen by the guest kernel.

	Up until now, however, libvirt didn't allow the use of qemu-kvm
	to run guests if their endianness didn't match the host's.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1267882

2015-10-05  Peter Krempa  <pkrempa@redhat.com>

	rpc: libssh2: Fix regression in ssh host key verification
	Commit 792f81a40e caused a regression in the libssh2 host key
	verification code by changing the variable type of 'i' to unsigned.
	Since one of the loops used -1 as a special value if the asking
	callback was found the conversion made a subsequent test always fail.

	The bug was stealth enough to pass review, compilers and coverity.

	Refactor the condition to avoid problems.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861

2015-10-05  Peter Krempa  <pkrempa@redhat.com>

	rpc: libssh2: Add more debugging info

2015-10-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Reuse virDomainDefCheckDuplicateDiskWWN to check disk serial too
	Rename the function to virDomainDefCheckDuplicateDiskInfo and make it
	check disk serials too.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1245013

2015-10-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Perform the disk WWN check only on fresh starts
	Since we'd disallow migration of a guest that would have possibly
	invalid config but still be able to work, relax the WWN check to be
	performed only on new starts of the VM.

2015-10-02  Laine Stump  <laine@laine.org>

	interface: let netcf pre-filter for active vs. inactive
	If a system has a large number of active or active interfaces, it can
	be a big waste of time to retrieve and qualify all interfaces if the
	caller only wanted one subset. Since netcf has a simple flag for this,
	translate the libvirt flag into a netcf flag and let netcf pre-filter.

2015-10-02  Laine Stump  <laine@laine.org>

	interface: re-use name and mac address rather than re-retrieving
	Getting the MAC address of an interface is actually fairly expensive,
	and we've already gotten it and stored it into def, so just keep def
	around a bit longer and retrieve it from there.

	This reduces the time for "virsh iface-list --all" from 28 to 23
	seconds when there are 400 interfaces.

2015-10-02  Laine Stump  <laine@laine.org>

	interface: report correct interface count when not returning list
	The spec for virConnectListAllInterfaces says that if the pointer that
	is supposed to hold the list of interfaces is NULL, the function
	should just return the count of interfaces that matched the filter,
	but the code never increments the count if the list pointer is NULL.

	interface: fail on OOM from virGetInterface()

2015-10-02  Daniel P. Berrange  <berrange@redhat.com>

	libvirt.spec: fix accidental conditional inclusion of polkit docs
	In previous change:

	  commit 29b5167417483ef80f6c3fce12811b59a1e2bd55
	  Author: Jiri Denemark <jdenemar@redhat.com>
	  Date:   Tue Aug 4 14:05:52 2015 +0200

	    examples: Add example polkit ACL rules

	The polkit examples were accidentally added to the spec inside
	a %if %{with_network} conditional.

2015-10-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Use memory-backing-file only when needed
	We are using memory-backing-file even when it's not needed, for example
	if user requests hugepages for memory backing, but does not specify any
	pagesize or memory node pinning.  This causes migrations to fail when
	migrating from older libvirt that did not do this.  So similarly to
	commit 7832fac84741d65e851dbdbfaf474785cbfdcf3c which does it for
	memory-backend-ram, this commit makes is more generic and
	backend-agnostic, so the backend is not used if there is no specific
	pagesize of hugepages requested, no nodeset the memory node should be
	bound to, no memory access change required, and so on.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1266856

2015-10-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add -mem-path even with numa
	So since the introduction of the memory-backend-file object until now we
	only added '-mem-path' for non-NUMA guests and we used the parameters of
	the memory-backend-file object to specify the path to the hugetlbfs
	mount.  But hugepages can be also used without memory-backend-file
	object, as it used to be before its introduction.  Let's just get this
	part of the code back and properly append the '-mem-path' for NUMA
	guests as well, but only when the memory backend is not needed.

	This parameter is already being applied when no numa is requested and
	because we still use memory-object-file unconditionally for
	hugepage-backed NUMA guests, this should not fire until later.

2015-10-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Extract -mem-path building into its own function
	That function is called qemuBuildMemPathStr() and will be used in
	other places in the future.  The change in the test suite is proper due
	to the fact that -mem-prealloc makes only sense with -mem-path (from
	qemu documentation -- html/qemu-doc.html).

	qemu: Move memory size detection to the top of the function
	To get rid of very long line and make it more readable.

	qemu: Move simplification variable to begining of the function

	docs: Add Cuckoo Sandbox into apps.html

2015-10-02  Pavel Fedin  <p.fedin@samsung.com>

	qemu: Add test cases for gic-version option
	These tests make sure that we can use this option only when the capability is
	set.

	qemu: Add support for gic-version machine option
	Support for GICv3 has been recently introduced in qemu using gic-version
	option for the 'virt' machine. The option can actually take values of
	'2', '3' and 'host', however, since in libvirt this is a numeric
	parameter, we limit it only to 2 and 3. Value of 2 is not added to the
	command line in order to keep backward compatibility with older qemu
	versions.

	qemu: Introduce QEMU_CAPS_MACH_VIRT_GIC_VERSION capability
	Unfortunately qemu currently doesn't offer introspection for machine types,
	so we have to rely on version number, similar to QEMU_CAPS_MACHINE_USB_OPT.

2015-10-02  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump to 1.2.21

2015-10-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.20
	* docs/news.html.in libvirt.spec.in: update for new release
	* po/*.po*: regenerate localization

2015-09-29  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix dynamic_ownership qemu.conf setting
	Commit 307fb904 (Sep 10) added a 'privileged' variable when creating
	the DAC driver:

	@@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver,
	                          bool defaultConfined,
	                          bool requireConfined,
	                          bool dynamicOwnership,
	+                         bool privileged,
	                          virSecurityManagerDACChownCallback chownCallback)

	But argument order is mixed up at the caller, swapping dynamicOwnership
	and privileged values. This corrects the argument order

	https://bugzilla.redhat.com/show_bug.cgi?id=1266628

2015-09-29  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Preserve startupPolicy in change-media command
	https://bugzilla.redhat.com/show_bug.cgi?id=1250331

	Even after my rework of startupPolicy handling, one command
	slipped my attention. The change-media command has a very unique
	approach to constructing disk XML. However, it will not preserve
	startupPolicy attribute.

2015-09-29  Ján Tomko  <jtomko@redhat.com>

	Create a shallow copy for volume building only if supported
	Since the previous commit, the shallow copy is only used inside
	the if (backend->buildVol) if.

2015-09-29  Ján Tomko  <jtomko@redhat.com>

	Update pool allocation with new values on volume creation
	Since commit e0139e3, we update the pool allocation with
	the user-provided allocation values.

	For qcow2, the allocation is ignored for volume building,
	but we still subtracted it from pool's allocation.
	This can result in interesting values if the user-provided
	allocation is large enough:

	Capacity:       104.71 GiB
	Allocation:     109.13 GiB
	Available:      16.00 EiB

	We already do a VolRefresh on volume creation. Also refresh
	the volume after creating and use the new value to update the pool.

	https://bugzilla.redhat.com/show_bug.cgi?id=1163091

2015-09-25  John Ferlan  <jferlan@redhat.com>

	conf: Fix virtType check
	Commit id '7383b8cc' changed virDomainDef 'virtType' to an enum, that
	caused a build failure on some archs due to comparing an unsigned value
	to < 0.  Adjust the fetch of 'type' to be into temporary 'int virtType'
	and then assign that virtType to the def->virtType

2015-09-25  Shivangi Dhir  <shivangi.dhir.02@gmail.com>

	qemu: Make virtType of type virDomainVirtType
	Earlier virtType was of type int. After, introducing the enum VIR_DOMAIN_VIRT_NONE,
	the type of virtType is modified to virDomainVirtType.

2015-09-25  Shivangi Dhir  <shivangi.dhir.02@gmail.com>

	conf: Add new VIR_DOMAIN_VIRT_NONE enum
	Introduce VIR_DOMAIN_VIRT_NONE to give domaintype the default value of zero.
	This is specially helpful in constructing better error messages
	when we don't want to look up the default emulator by virtType.

	The test data in vircapstest.c is also modified to reflect this change.

2015-09-25  Guido Günther  <agx@sigxcpu.org>

	Use daemon log facility for journald
	otherwise messages end up in /var/log/kern.log if journald forwards to
	syslog.

	Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799633

2015-09-25  Michal Privoznik  <mprivozn@redhat.com>

	tools: Link libvirt.la and readline to libvirt_shell.a
	So, our mingw build is broken. It's because while libvirt_shell
	library is using some of our internal APIs, e.g. virStrndup, and
	readline API but it's not being linked with nor libvirt.la nor
	libreadline.  Only subsequent users of the library, like virsh,
	do link to the needed libraries. In fact, I'm surprised Linux
	linker doesn't care, because how can it make a static library
	with missing symbols is mystery to me.

2015-09-25  Andrea Bolognani  <abologna@redhat.com>

	maint: Remove control characters from LGPL license file

2015-09-24  Jiri Denemark  <jdenemar@redhat.com>

	domain: Fix migratable XML with graphics/@listen
	As of commit 6992994, we set graphics/@listen attribute according to the
	first listen child element even if that element is of type='network'.
	This was done for backward compatibility with applications which only
	support the original listen attribute. However, by doing so we broke
	migration to older libvirt which tried to check that the listen
	attribute matches one of the listen child elements but which did not
	take type='network' elements into account.

	We are not concerned about compatibility with old applications when
	formatting domain XML for migration for two reasons. The XML is consumed
	only by libvirtd and the IP address associated with type='network'
	listen address on the source host is just useless on the destination
	host. Thus, we can safely avoid propagating the type='network' IP
	address to graphics/@listen attribute when creating migratable XML.

	https://bugzilla.redhat.com/show_bug.cgi?id=1265111

2015-09-24  Erik Skultety  <eskultet@redhat.com>

	vsh: create a noinstall libvirt_shell library
	Instead of referencing vsh sources in all relevant client targets,
	create a library that the client can link against.

2015-09-24  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity RESOURCE_LEAK
	This seemed to be more of a false positive as for some reason Coverity
	was missing the "ret < 0" goto error condition and somehow believing that
	event could be overwritten.  At first I thought it was just the ret != 0
	condition difference, but it wasn't.

	In any case, make use of the recent change to qemuDomainEventQueue to
	check event == NULL and just pass it as a parameter directly in the
	error path. That avoids the error.

2015-09-24  John Ferlan  <jferlan@redhat.com>

	qemu: Clean up ret in qemuDomainSaveMemory and qemuDomainSaveInternal
	As it turns out, ret can only be 0 or -1, so rather than have some comparisons
	be "ret < 0" and others be "ret != 0", make them all "ret < 0".

	qemu: Resolve Coverity CHECKED_RETURN
	Coverity complains that return from virHookCall is not checked in
	one place in qemuProcessStop.  Since the comment notes that we cannot
	stop the operation even it if fails, just added the ignore_value.

	virsh: Resolve Coverity DEADCODE
	Use 'dead_error_condition' instead of 'dead_error_begin'

	tests: Resolve Coverity RESOURCE_LEAK
	The cleanup path did not clear the reference for sk1 and sk2

	tests: Resolve Coverity RESOURCE_LEAK
	In the error path need to unref the 'caps' as well

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	virDomainRestore: Don't keep transient domains around
	So while working on my previous patches, I've noticed that
	virDomainRestore implementation in qemu and test drivers has the
	same problem as I am fixing.

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Move vm->persistent check into qemuDomainRemoveInactive
	So far we have the following pattern occurring over and over
	again:

	  if (!vm->persistent)
	      qemuDomainRemoveInactive(driver, vm);

	It's safe to put the check into the function and save some LoC.

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	virDomainCreateXML: Make domain definition transient
	https://bugzilla.redhat.com/show_bug.cgi?id=871452

	So, you want to create a domain from XML. The domain already
	exists in libvirt's database of domains. It's okay, because name
	and UUID matches. However, on domain startup, internal
	representation of the domain is overwritten with your XML even
	though we claim that the XML you've provided is a transient one.
	The bug is to be found across nearly all the drivers.
	Le sigh.

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	virDomainCreateXML: Don't remove persistent domains on error
	https://bugzilla.redhat.com/show_bug.cgi?id=871452

	Okay, so we allow users to 'virsh create' an already existing
	domain, providing completely different XML than the one stored in
	Libvirt. Well, as long as name and UUID matches. However, in some
	drivers the code that handles errors unconditionally removes the
	domain that failed to start even though the domain might have
	been persistent. Fortunately, the domain is removed just from the
	internal list of domains and the config file is kept around.

	Steps to reproduce:

	1) virsh dumpxml $dom > /tmp/dom.xml
	2) change XML so that it is still parse-able but won't boot, e.g.
	change guest agent path to /foo/bar
	3) virsh create /tmp/dom.xml
	4) virsh dumpxml $dom
	5) Observe "No such domain" error

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	docs: Add yet another libvirt based app
	As announced on the list [1], Cherrypop is a management
	application based on libvirt. It's a decentralized cloud software
	with nice scaling ability.

	1: https://www.redhat.com/archives/libvir-list/2015-September/msg00670.html

2015-09-24  Martin Kletzander  <mkletzan@redhat.com>

	Remove redundand assignment
	I initially added this in order to keep the code more error-prone to
	following additions, but it seems it's still frowned upon.

2015-09-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDeviceDefPostParse: Drop useless checks
	Now that virQEMUDriverCreateXMLConf is never called with NULL
	(after 086f37e97aab) we can safely drop useless check in
	qemuDomainDeviceDefPostParse as we are guaranteed to be always
	called with the driver initialized. Therefore checking if driver
	is NULL makes no sense. Moreover, if we mix it with direct driver
	dereference. And after that, we are sure that nor @cfg will be
	NULL, therefore we can drop checks for that too.

2015-09-23  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix job status indicator for 0 length block jobs
	Although 0 length block jobs aren't entirely useful, the output of virsh
	blockjob is empty due to the condition that suppresses the output for
	migration jobs that did not start. Since the only place that actually
	uses the condition that suppresses the output is in migration, let's
	move the check there and thus add support for 0 of 0 equaling to 100%.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196711

2015-09-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refresh memory size only on fresh starts
	Qemu unfortunately doesn't update internal state right after migration
	and so the actual balloon size as returned by 'query-balloon' are
	invalid for a while after the CPUs are started after migration. If we'd
	refresh our internal state at this point we would report invalid current
	memory size until the next balloon event would arrive.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940

2015-09-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Align memory module sizes to 2MiB
	My original implementation was based on a qemu version that still did
	not have all the checks in place. Using sizes that would align to odd
	megabyte increments will produce the following error:

	qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: backend memory size must be multiple of 0x200000
	qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,id=dimm0: Device 'pc-dimm' could not be initialized

	Introduce an alignment retrieval function for memory devices and use it
	to align the devices separately and modify a test case to verify it.

2015-09-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Notify users about disconnects
	After my "client rpc: Report proper error for keepalive disconnections"
	patch, virsh would no long print a warning when it closes a connection
	to a daemon after a keepalive timeout. Although the warning

	    virsh # 2015-09-15 10:59:26.729+0000: 642080: info :
	    libvirt version: 1.2.19
	    2015-09-15 10:59:26.729+0000: 642080: warning :
	    virKeepAliveTimerInternal:143 : No response from client
	    0x7efdc0a46730 after 1 keepalive messages in 2 seconds

	was pretty ugly, it was still useful. This patch brings the useful part
	back while making it much nicer:

	virsh # error: Disconnected from qemu:///system due to keepalive timeout

2015-09-23  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Process pending data on error
	Even though we hit an error in client's IO loop, we still want to
	process any pending data. So instead of reporting the error right away,
	we can finish the current iteration and report the error once we're done
	with it. Note that the error is stored in client->error by
	virNetClientMarkClose so we don't need to worry about it being reset or
	rewritten by any API we call in the meantime.

2015-09-23  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Report proper error for keepalive disconnections
	Whenever a connection was closed due to keepalive timeout, we would log
	a warning but the interrupted API would return rather useless generic
	error:

	    internal error: received hangup / error event on socket

	Let's report a proper keepalive timeout error and make sure it is
	propagated to all pending APIs. The error should be better now:

	    internal error: connection closed due to keepalive timeout

	Based on an old patch from Martin Kletzander.

2015-09-23  Luyao Huang  <lhuang@redhat.com>

	conf: escape string for disk driver name attribute
	Just like e92e5ba1, this attribute was missed.

2015-09-23  Martin Kletzander  <mkletzan@redhat.com>

	Use VIR_DIV_UP macro where possible

2015-09-23  Luyao Huang  <lhuang@redhat.com>

	Makefile: fix build fail when make rpm
	Build fail and error like this:

	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
	qemu/qemu_capabilities.c:46:27: fatal error: qemu_capspriv.h: No such file or directory
	 #include "qemu_capspriv.h"

	Add qemu_capspriv.h to source.

2015-09-22  Cole Robinson  <crobinso@redhat.com>

	spec: Fix some warnings with latest rpmbuild
	$ rpmbuild -ba libvirt.spec
	warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist}

	warning: Macro %enable_autotools defined but not used within scope
	warning: Macro %client_only defined but not used within scope
	...

2015-09-22  Michal Privoznik  <mprivozn@redhat.com>

	tests: Avoid use of virQEMUDriverCreateXMLConf(NULL)
	We use the function to create a virDomainXMLOption object that is
	required for some functions. However, we don't pass the driver
	pointer to the object anywhere - rather than pass NULL. This
	causes trouble later when parsing a domain XML and calling post
	parse callbacks:

	  Program received signal SIGSEGV, Segmentation fault.
	  0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
	  1043        qemuCaps = virQEMUCapsCacheLookup(driver->qemuCapsCache, def->emulator);
	  (gdb) bt
	  #0  0x000000000043fa3e in qemuDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, opaque=0x0) at qemu/qemu_domain.c:1043
	  #1  0x00007ffff2928bf9 in virDomainDefPostParse (def=0x7d36c0, caps=0x7caf10, xmlopt=0x7c82c0) at conf/domain_conf.c:4269
	  #2  0x00007ffff294de04 in virDomainDefParseXML (xml=0x7da8c0, root=0x7dab80, ctxt=0x7da980, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16400
	  #3  0x00007ffff294e5b5 in virDomainDefParseNode (xml=0x7da8c0, root=0x7dab80, caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16582
	  #4  0x00007ffff294e424 in virDomainDefParse (xmlStr=0x0, filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16529
	  #5  0x00007ffff294e4b2 in virDomainDefParseFile (filename=0x7c7ef0 "/home/zippy/work/libvirt/libvirt.git/tests/securityselinuxlabeldata/disks.xml", caps=0x7caf10, xmlopt=0x7c82c0, flags=0) at conf/domain_conf.c:16553
	  #6  0x00000000004303ca in testSELinuxLoadDef (testname=0x53c929 "disks") at securityselinuxlabeltest.c:192
	  #7  0x00000000004309e8 in testSELinuxLabeling (opaque=0x53c929) at securityselinuxlabeltest.c:313
	  #8  0x0000000000431207 in virtTestRun (title=0x53c92f "Labelling \"disks\"", body=0x430964 <testSELinuxLabeling>, data=0x53c929) at testutils.c:211
	  #9  0x0000000000430c5d in mymain () at securityselinuxlabeltest.c:373
	  #10 0x00000000004325c2 in virtTestMain (argc=1, argv=0x7fffffffd7e8, func=0x430b4a <mymain>) at testutils.c:863
	  #11 0x0000000000430deb in main (argc=1, argv=0x7fffffffd7e8) at securityselinuxlabeltest.c:381

2015-09-22  Michal Privoznik  <mprivozn@redhat.com>

	qemuTestDriverInit: init the driver lock too
	Even though usage of the lock is limited to a very few cases,
	it's still needed. Therefore we should initialize it too.
	Otherwise we may get some random test failures:

	==1204== Conditional jump or move depends on uninitialised value(s)
	==1204==    at 0xEF7F7CF: pthread_mutex_lock (in /lib64/libpthread-2.20.so)
	==1204==    by 0x9CA89A5: virMutexLock (virthread.c:89)
	==1204==    by 0x450B2A: qemuDriverLock (qemu_conf.c:83)
	==1204==    by 0x45549C: virQEMUDriverGetConfig (qemu_conf.c:869)
	==1204==    by 0x448E29: qemuDomainDeviceDefPostParse (qemu_domain.c:1240)
	==1204==    by 0x9CC9B13: virDomainDeviceDefPostParse (domain_conf.c:4224)
	==1204==    by 0x9CC9B91: virDomainDefPostParseDeviceIterator (domain_conf.c:4251)
	==1204==    by 0x9CC7843: virDomainDeviceInfoIterateInternal (domain_conf.c:3440)
	==1204==    by 0x9CC9C25: virDomainDefPostParse (domain_conf.c:4276)
	==1204==    by 0x9CEEE03: virDomainDefParseXML (domain_conf.c:16400)
	==1204==    by 0x9CEF5B4: virDomainDefParseNode (domain_conf.c:16582)
	==1204==    by 0x9CEF423: virDomainDefParse (domain_conf.c:16529)

2015-09-22  John Ferlan  <jferlan@redhat.com>

	Revert "qemu: Fix integer/boolean logic in qemuSetUnprivSGIO"
	This reverts commit 69b850fe2a19d0c32ae2f209e8d8463df6ead665.

	This change broke the ability to "clear" or reset unfiltered back
	to filtered.

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	test: Add test to validate that memory sizes don't get updated on migration

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: ppc64: Align memory sizes to 256MiB blocks
	For some machine types ppc64 machines now require that memory sizes are
	aligned to 256MiB increments (due to the dynamically reconfigurable
	memory). As now we treat existing configs reasonably in regards to
	migration, we can round all the sizes unconditionally. The only drawback
	will be that the memory size of a VM can potentially increase by
	(256MiB - 1byte) * number_of_NUMA_nodes.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249006

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Align memory sizes only on fresh starts
	When we are starting a qemu process for an incomming migration or
	snapshot reloading we should not modify the memory sizes in the domain
	since we could potentially change the guest ABI that was tediously
	checked before. Additionally the function now updates the initial memory
	size according to the NUMA node size, which should not happen if we are
	restoring state.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252685

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't always recalculate initial memory size from NUMA size totals
	When implementing memory hotplug I've opted to recalculate the initial
	memory size (contents of the <memory> element) as a sum of the sizes of
	NUMA nodes when NUMA was enabled. This was based on an assumption that
	qemu did not allow starting when the NUMA node size total didn't equal
	to the initial memory size. Unfortunately the check was introduced to
	qemu just lately.

	This patch uses the new XML parser flag to decide whether it's safe to
	update the memory size total from the NUMA cell sizes or not.

	As an additional improvement we now report an error in case when the
	size of hotplug memory would exceed the total memory size.

	The rest of the changes assures that the function is called with correct
	flags.

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	conf: Pre-calculate initial memory size instead of always calculating it
	Add 'initial_memory' member to struct virDomainMemtune so that the
	memory size can be pre-calculated once instead of inferring it always
	again and again.

	Separating of the fields will also allow finer granularity of decisions
	in later patches where it will allow to keep the old initial memory
	value in cases where we are handling incomming migration from older
	versions that did not always update the size from NUMA as the code did
	previously.

	The change also requires modification of the qemu memory alignment
	function since at the point where we are modifying the size of NUMA
	nodes the total size needs to be recalculated too.

	The refactoring done in this patch also fixes a crash in the hyperv
	driver that did not properly initialize def->numa and thus
	virDomainNumaGetMemorySize(def->numa) crashed.

	In summary this patch should have no functional impact at this point.

2015-09-22  Peter Krempa  <pkrempa@redhat.com>

	conf: Rename max_balloon to total_memory
	The name of the variable was misleading. Rename it and it's setting
	accessor before other fixes.

	conf: Split memory related post parse stuff into separate function
	The post parse func is growing rather large. Since later patches will
	introduce more logic in the memory post parse code, split it into a
	separate handler.

	conf: Add XML parser flag that will allow us to do incompatible updates
	Add a new parser flag that will mark code paths that parse XML files
	wich will not be used with existing VM state so that post parse
	callbacks can possibly do ABI incompatible changes if needed.

	conf: Document all VIR_DOMAIN_DEF_PARSE_* flags

	conf: Drop VIR_DOMAIN_DEF_PARSE_CLOCK_ADJUST flag
	The flag was used only for formatting the XML and once the parser and
	formatter flags were split in 0ecd6851093945dd5ddc78266c61b577c65394ae
	it doesn't make sense any more to have it.

	qemu: Make memory alignment helper more universal
	Extract the size determination into a separate function and reuse it
	across the memory device alignment functions. Since later we will need
	to decide the alignment size according to architecture let's pass def to
	the functions.

	conf: Add helper to determine whether memory hotplug is enabled for a vm
	Add a simple helper so that the code doesn't have to rewrite the same
	condition multiple times.

	libxl: vz: Use accessor instead of direct access for max_balloon
	Commits 45697fe5 and f863ac80 used direct access to the variable instead
	of the preferred accessor method.

2015-09-22  Pavel Fedin  <p.fedin@samsung.com>

	Removed unneeded check
	Since test suite now correctly creates capabilities cache, the hack is not
	needed any more.

	tests: use mockup cache
	Use the new API in order to correctly add capability sets to the cache
	before parsing XML files

2015-09-22  Pavel Fedin  <p.fedin@samsung.com>

	Implement infrastracture for mocking up QEMU capabilities cache
	The main purpose of this patch is to introduce test mode to
	virQEMUCapsCacheLookup(). This is done by adding a global variable, which
	effectively overrides binary name. This variable is supposed to be set by
	test suite.

	The second addition is qemuTestCapsCacheInsert() function which allows the
	test suite to actually populate the cache.

2015-09-22  Pavel Fedin  <p.fedin@samsung.com>

	tests: split out common qemu driver initialization
	Two utility functions are introduced for proper initialization and
	cleanup of the driver.

2015-09-21  David Mansfield  <dmansfield@gmail.com>

	test driver: don't unlock pool after freeing it
	 Invalid read of size 4
	    at 0x945CA30: __pthread_mutex_unlock_full (in /lib64/libpthread-2.20.so)
	    by 0x4F0404B: virMutexUnlock (virthread.c:94)
	    by 0x4F7161B: virStoragePoolObjUnlock (storage_conf.c:2603)
	    by 0x4FE0476: testStoragePoolUndefine (test_driver.c:4328)
	    by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656)
	    by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721)
	    by 0x12F48D: vshCommandRun (vsh.c:1212)
	    by 0x132AA7: main (virsh.c:943)
	  Address 0xfda56a0 is 16 bytes inside a block of size 104 free'd
	    at 0x4C2BA6C: free (vg_replace_malloc.c:473)
	    by 0x4EA5C96: virFree (viralloc.c:582)
	    by 0x4F70B69: virStoragePoolObjFree (storage_conf.c:412)
	    by 0x4F7167B: virStoragePoolObjRemove (storage_conf.c:437)
	    by 0x4FE0468: testStoragePoolUndefine (test_driver.c:4323)
	    by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656)
	    by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721)
	    by 0x12F48D: vshCommandRun (vsh.c:1212)
	    by 0x132AA7: main (virsh.c:943)

2015-09-21  John Ferlan  <jferlan@redhat.com>

	virfile: Use virProcessWait in virDirCreate
	Rather than inlining the code, use the common API.

	virfile: Use virProcessWait in virFileUnlink
	Rather than inlining the code, use the common API.

	virfile: Use virProcessWait in virFileOpenForked
	Rather than inlining the code, use the common API

2015-09-21  John Ferlan  <jferlan@redhat.com>

	virfile: Rename virFileUnlink to virFileRemove
	Similar to commit id '35847860', it's possible to attempt to create
	a 'netfs' directory in an NFS root-squash environment which will cause
	the 'vol-delete' command to fail.  It's also possible error paths from
	the 'vol-create' would result in an error to remove a created directory
	if the permissions were incorrect (and disallowed root access).

	Thus rename the virFileUnlink to be virFileRemove to match the C API
	functionality, adjust the code to following using rmdir or unlink
	depending on the path type, and then use/call it for the VIR_STORAGE_VOL_DIR

2015-09-21  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: remove error logging from prlsdkUUIDParse
	As far as not every call of prlsdkUUIDParse assume correct UUID
	supplied, there is no use to complain about wrong format in it.
	Otherwise our log is flooded with false error messages.
	For instance, calling prlsdkUUIDParse from prlsdkEventsHandler
	works as a filter and in case of uuid absence for event issuer,
	we simply know that we shouldn't continue further processing.
	Instead of error logging for all calls we should explicitly take
	into accaunt where it is called from.

2015-09-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeDiskLive: Allow startupPolicy change
	https://bugzilla.redhat.com/show_bug.cgi?id=1159219

2015-09-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDiskChangeSupported: Fill in missing checks
	So far this function was not kept in sync with changing
	virDomainDiskDef. Fill in all the missing checks and reorganize
	their order so it's easier to track which items are not being
	checked for.

	qemu: s/virDomainDiskDiffersSourceOnly/qemuDomainDiskChangeSupported/
	I always felt like this function is qemu specific rather than
	libvirt-wide. Other drivers may act differently on virDomainDef
	change and in fact may require talking to underlying hypervisor
	even if something else's than disk->src has changed.  I know that
	the function is still incomplete, but lets break that into two
	commits that are easier to review. This one is pure code
	movement.

	qemuDomainChangeDiskLive: rework slightly
	Firstly, our coding guidelines suggest using 'cleanup' label
	instead of 'end'. Then, @ret should be set to value representing
	success as the last statement before the 'cleanup' label.
	And while I am at this function, lets enumerate all the possible
	enum items (virDomainDiskDevice) and avoid using 'default' in
	switch(). Pooh. Also, nothing bad happens if we look up the disk
	to change in the domain upfront. In fact, it's going to be
	helpful later when we want to keep some old values for performing
	a rollback.

	qemu_domain: Introduce qemuDomainDiskSourceDiffers
	This new private API should return true iff sources of two disks
	differs in sense that qemu should be instructed to change the
	disk backend. For instance, ejecting a CDROM is such case, or
	pointing disk into a different ISO location, and so on.

	qemu: s/qemuDomainChangeDiskMediaLive/qemuDomainChangeDiskLive/
	While we currently only allow changing a media in a disk, this is
	going to change in a while, so the function name would be
	invalid. Moreover, the old name does not match the pattern laid
	out by other update functions.

2015-09-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUpdateDeviceConfig: Allow startupPolicy update, yet again
	https://bugzilla.redhat.com/show_bug.cgi?id=1159219

	So, in 11e058ca589808bd I've tried to make UpdateDevice update
	startupPolicy too. And it worked well until somebody came around
	and pushed d0dc6c036914da which accidentally removed my
	contribution. Redo my commit.

2015-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix some corner cases in persistent migration
	When persistently migrating a domain to a destination host where the
	same domain already exists (i.e., it is persistent and shutdown at the
	destination), we would happily throw away the original persistent
	definition without properly freeing it. And when updating the definition
	fails for some reason we don't properly revert to the original state
	leaving the domain broken.

	In addition to fixing these issues, the patch also makes sure the domain
	definition parsed from a migration cookie is either used or freed.

2015-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Queue events in migration Finish phase ASAP
	For quite a long time we don't need to postpone queueing events until
	the end of the function since we no longer have the big driver lock.
	Let's make the code of qemuMigrationFinish simpler by queuing events at
	the time we generate them.

2015-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainEventQueue: Check if event is non-NULL
	Every single call to qemuDomainEventQueue() uses the following pattern:

	    if (event)
	        qemuDomainEventQueue(driver, event);

	Let's move the check for valid event to qemuDomainEventQueue and
	simplify all callers.

2015-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't report false errors in migration protocol v2
	Finish is the final state in v2 of our migration protocol. If something
	fails, we have no option to abort the migration and resume the original
	domain. Non fatal errors (such as failure to start guest CPUs or make
	the domain persistent) has to be treated as success. Keeping the domain
	running while reporting the failure was just asking for trouble.

	qemu: Kill domain when migration finish fails
	Whenever something fails during incoming migration in Finish phase
	before we started guest CPUs, we need to kill the domain in addition to
	reporting the failure.

	qemu: Don't fail migration on save status failure
	When we save status XML at the point during migration where we have
	already started the domain on destination, we can't really go back and
	abort migration. Thus the only thing we can do is to log a warning and
	report success.

	qemu: Simplify qemuMigrationFinish
	Offline migration is quite special because we don't really need to do
	anything but make the domain persistent. Let's do it separately from
	normal migration to avoid cluttering the code with
	!(flags & VIR_MIGRATE_OFFLINE).

	qemu: Split qemuMigrationFinish
	Separate code which makes incoming domain persistent into
	qemuMigrationPersist.

2015-09-17  Chunyan Liu  <cyliu@suse.com>

	libxl: fix AttachDeviceConfig on hostdev type
	After attach-device a <hostdev> with --config, new device doesn't
	show up in dumpxml and in guest.

	To fix that, set dev->data.hostdev = NULL after work so that the
	pointer is not freed, since vmdef has the pointer and still need it.

2015-09-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Expose datacenter path in domain XML
	Tool such as libguestfs need the datacenter path to get access to disk
	images. The ESX driver knows the correct datacenter path, but this
	information cannot be accessed using libvirt API yet. Also, it cannot
	be deduced from the connection URI in a robust way.

	Expose the datacenter path in the domain XML as <vmware:datacenterpath>
	node similar to the way the <qemu:commandline> node works. The new node
	is ignored while parsing the domain XML. In contrast to <qemu:commandline>
	it is output only.

2015-09-16  John Ferlan  <jferlan@redhat.com>

	virfile: Check for existence of dir in virFileDeleteTree
	Commit id 'f1f68ca33' added code to remove the directory paths for
	auto-generated sockets, but that code could be called before the
	paths were created resulting in generating error messages from
	virFileDeleteTree indicating that the file doesn't exist.

	Rather than "enforce" all callers to make the non-NULL and existence
	checks, modify the virFileDeleteTree API to silently ignore NULL on
	input and non-existent directory trees.

2015-09-16  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Teach attach-interface to --print-xml
	We have the same argument to many other commands that produce an
	XML based on what user typed. But unfortunately attach-interface
	was missing it. Maybe nobody had needed it yet. Well, I did
	just now.

2015-09-16  Andrea Bolognani  <abologna@redhat.com>

	qemu: Fix using guest architecture as lookup key
	When looking for a QEMU binary suitable for running ppc64le guests
	we have to take into account the fact that we use the QEMU target
	as key for the hash, so direct comparison is not good enough.

	Factor out the logic from virQEMUCapsFindBinaryForArch() to a new
	virQEMUCapsFindTarget() function and use that both when looking
	for QEMU binaries available on the system and when looking up
	QEMU capabilities later.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260753

2015-09-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix compiler error introduced by commit ba25c214
	libxl/libxl_conf.c: In function 'libxlDriverConfigNew':
	libxl/libxl_conf.c:1560:30: error: 'log_level' may be used uninitialized
	in this function [-Werror=maybe-uninitialized]

2015-09-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: open libxl log stream with libvirtd log_level
	Instead of a hardcoded DEBUG log level, use the overall
	daemon log level specified in libvirtd.conf when opening
	a log stream with libxl. libxl is very verbose when DEBUG
	log level is set, resulting in huge log files that can
	potentially fill a disk. Control of libxl verbosity should
	be placed in the administrator's hands.

2015-09-15  Pavel Fedin  <p.fedin@samsung.com>

	Ignore virtio-mmio disks in qemuAssignDevicePCISlots()
	Fixes the following error when attempting to add a disk with bus='virtio'
	to a machine which actually supports virtio-mmio (caught with ARM virt):

	virtio disk cannot have an address of type 'virtio-mmio'

	The problem has been likely introduced by
	e8d55172544c1fafe31a9e09346bdebca4f0d6f9. Before that
	qemuAssignDevicePCISlots() was never called for ARM "virt" machine.

2015-09-15  Michal Privoznik  <mprivozn@redhat.com>

	security_selinux: Take @privileged into account
	https://bugzilla.redhat.com/show_bug.cgi?id=1124841

	If running in session mode it may happen that we fail to set
	correct SELinux label, but the image may still be readable to
	the qemu process. Take this into account.

2015-09-15  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityManager: Track if running as privileged
	We may want to do some decisions in drivers based on fact if we
	are running as privileged user or not. Propagate this info there.

	security_selinux: Replace SELinuxSCSICallbackData with proper struct
	We have plenty of callbacks in the driver. Some of these
	callbacks require more than one argument to be passed. For that
	we currently have a data type (struct) per each callback. Well,
	so far for only one - SELinuxSCSICallbackData. But lets turn it
	into more general name so it can be reused in other callbacks too
	instead of each one introducing a new, duplicate data type.

	virSecuritySELinuxSetSecurityAllLabel: drop useless virFileIsSharedFSType
	The check is done in virSecuritySELinuxSetFilecon itself. There's
	no need to check it again.

2015-09-15  Christian Loehle  <cloehle@linutronix.de>

	Minor typo fixes in documentation

2015-09-14  Andrea Bolognani  <abologna@redhat.com>

	util: Add space before comment end marker
	This allows the Wikipedia link to be recognized correctly by eg.
	gnome-terminal's Open Link and Copy Link Address features.

2015-09-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow others to browse /var/lib/libvirt/qemu
	Commit f1f68ca33433 tried fixing running multiple domains under various
	users, but if the user can't browse the directory, it's hard for the
	qemu running under that user to create the monitor socket.

	The permissions need to be fixed in two places in the spec file due to
	support for both installations with and without driver modules.

	Creating a directory with '$(MKDIR_P) -m' shouldn't fail even on systems
	where autoconf needs to fallback to 'install-sh -d'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

2015-09-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Do not allow others into per-VM subdirectories

2015-09-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Properly clean up drive backend if frontend hotplug fails
	Commit 8125113c added code that should remove the disk backend if the
	fronted hotplug failed for any reason. The code had a bug though as it
	used the disk string for unplug rather than the backend alias. Fix the
	code by pre-creating an alias string and using it instead of the disk
	string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore
	the unplug of the backend since we can't really create an alias in that
	case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399

2015-09-11  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Report stderr from qemu-bridge-helper
	There's a couple reports of things failing in this area (bug 1259070),
	but it's tough to tell what's going wrong without stderr from
	qemu-bridge-helper. So let's report stderr in the error message

	Couple new examples:

	virbr0 is inactive:
	internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=virbr0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
	stderr=failed to get mtu of bridge `virbr0': No such device

	bridge isn't on the ACL:
	internal error: /usr/libexec/qemu-bridge-helper --use-vnet --br=br0 --fd=21: failed to communicate with bridge helper: Transport endpoint is not connected
	stderr=access denied by acl file

2015-09-11  Daniel P. Berrange  <berrange@redhat.com>

	xen: fix race in refresh of config cache
	The xenXMConfigCacheRefresh method scans /etc/xen and loads
	all config files it finds. It then scans its internal hash
	table and purges any (previously) loaded config files whose
	refresh timestamp does not match the timestamp recorded at
	the start of xenXMConfigCacheRefresh(). There is unfortunately
	a subtle flaw in this, because if loading the config files
	takes longer than 1 second, some of the config files will
	have a refresh timestamp that is 1 or more seconds different
	(newer) than is checked for. So we immediately purge a bunch
	of valid config files we just loaded.

	To avoid this flaw, we must pass the timestamp we record at
	the start of xenXMConfigCacheRefresh() into the
	xenXMConfigCacheAddFile() method, instead of letting the
	latter call time(NULL) again.

2015-09-11  Martin Kletzander  <mkletzan@redhat.com>

	tests: Don't use testutils in mock libraries
	Mock libraries are not built with testutils.c, but there's one which
	uses VIR_TEST_DEBUG.  But because that debug should be an error, if we
	change it, then it will not only be more semantically correct, but mingw
	compiler will be happier as well.

	It also follows suit with all other mock libraries.

	For few other things, used in this file, need libvirt.la to be added
	into LIBADD for mingw as well.

2015-09-11  Ian Campbell  <ian.campbell@citrix.com>

	libxl: don't end job for ephemeal domain on start failure
	commit 4b53d0d4ac9c "libxl: don't remove persistent domain on start
	failure" cleans up the vm object and sets it to NULL if the vm is not
	persistent, however at end job vm (now NULL) is dereferenced via the call to
	libxlDomainObjEndJob. Avoid this by skipping "endjob" and going
	straight to "cleanup" in this case.

2015-09-10  Daniel P. Berrange  <berrange@redhat.com>

	docs: Update devguide.html to point to the new Python dev guide
	We have a new libvirt-appdev-guide-python which we need to
	promote to users. Rewrite the existing page to mention it
	too. Also use the new URL location which is automatically
	refreshed once a day.

2015-09-10  Andrea Bolognani  <abologna@redhat.com>

	qemu: Try several network devices when looking for a default
	Up until now, the default has been rtl8139, but no check was in
	place to make sure that device was actually available.

	Now we try rtl8139, e1000 and virtio-net in turn, checking for
	availability before using any of them: this means we have a much
	better chance for the guest to be able to boot.

2015-09-10  Andrea Bolognani  <abologna@redhat.com>

	qemu: Introduce QEMU_CAPS_DEVICE_VIRTIO_NET
	This capability can be used to detect whether or not the QEMU
	binary supports the virtio-net-* network device.

	qemu: Introduce QEMU_CAPS_DEVICE_E1000
	This capability can be used to detect whether or not the QEMU
	binary supports the e1000 network device.

	qemu: Introduce QEMU_CAPS_DEVICE_RTL8139
	This capability can be used to detect whether or not the QEMU
	binary supports the rtl8139 network device.

2015-09-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Report error if per-VM directory cannot be created
	Commit f1f68ca33433 did not report an error if virFileMakePath()
	returned -1.  Well, who would've guessed function with name starting
	with 'vir' sets an errno instead of reporting an error the libvirt way.
	Anyway, let's fix it, so the output changes from:

	  $ virsh start arm
	  error: Failed to start domain arm
	  error: An error occurred, but the cause is unknown

	to:

	  $ virsh start arm
	  error: Failed to start domain arm
	  error: Cannot create directory '/var/lib/libvirt/qemu/domain-arm': Not
	  a directory

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

2015-09-09  Martin Kletzander  <mkletzan@redhat.com>

	Revert "docs: Drop unused rule for internals/%.html.tmp target"
	This reverts commit e5470dd0e0a5be02cbf18a882cfc676b39d1c1a5.

	This has been ACK'd by the original author in the original mail thread:
	https://www.redhat.com/archives/libvir-list/2015-September/msg00310.html

	The reason to revert this is due to the patch breaking the generation of
	internal subsites.  The original issue still needs to be dealt with,
	though.

2015-09-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Relax enforcement of memory hotplug support
	If the current live definition does not have memory hotplug enabled, but
	the persistent one does libvirt would reject migration if the
	destination does not support memory hotplug even if the user didn't want
	to persist the VM at the destination and thus the XML containing the
	memory hotplug definition would not be used. To fix this corner case the
	code will check for memory hotplug in the newDef only if
	VIR_MIGRATE_PERSIST_DEST was used.

2015-09-08  Martin Kletzander  <mkletzan@redhat.com>

	docs: Remove last use of double semicolon in Makefile
	Double semicolons have special meaning in makefiles, but they would have
	to be combined with other rules witch such separators in order to be
	used as intended.  Since there are no other rules like that, let's
	clean it up.

2015-09-08  Martin Kletzander  <mkletzan@redhat.com>

	util: Add win32 version of virFileUnlink
	Commit 35847860f65f Added the virFileUnlink function, but failed to add
	a version for mingw build, causing the following error:

	  Cannot export virFileUnlink: symbol not defined

2015-09-08  Luyao Huang  <lhuang@redhat.com>

	conf: fix crash when parsing a unordered NUMA <cell/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1260846

	Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will
	get a segfault. This is because of a check for overlapping @cpus
	sets we have there. However, since the array to hold guest NUMA
	cells is allocated upfront and therefore it contains all zeros,
	an out of order cell will break our assumption that cell IDs have
	increasing character. At this point we try to access yet NULL
	bitmap and therefore segfault.

2015-09-08  Erik Skultety  <eskultet@redhat.com>

	admin: Resolve leaked reference to private data
	Running valgrind on a very simplistic program consisting only of
	opening and closing admin connection (virAdmConnect{Open,Close}) shows a
	leak in remoteAdminPrivNew, because the last reference to privateData is
	not decremented, thus the object won't be disposed. This patch unrefs
	the privateData object once we closed the active connection to daemon,
	making further use of this connection  useless.

	==24577==    at 0x4A089C7: calloc (in /usr/lib64/valgrind/vgpreload_***linux.so)
	==24577==    by 0x4E8835F: virAllocVar (viralloc.c:560)
	==24577==    by 0x4EDFA5C: virObjectNew (virobject.c:193)
	==24577==    by 0x4EDFBD4: virObjectLockableNew (virobject.c:219)
	==24577==    by 0x4C14DAF: remoteAdminPrivNew (libvirt-admin.c:152)
	==24577==    by 0x4C1537E: virAdmConnectOpen (libvirt-admin.c:308)
	==24577==    by 0x400BAD: main (listservers.c:39)

	==24577== LEAK SUMMARY:
	==24577==    definitely lost: 80 bytes in 1 blocks
	==24577==    indirectly lost: 840 bytes in 6 blocks
	==24577==      possibly lost: 0 bytes in 0 blocks
	==24577==    still reachable: 12,179 bytes in 199 blocks
	==24577==         suppressed: 0 bytes in 0 blocks

2015-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Add handling for CDROM devices with SCSI passthru
	https://bugzilla.redhat.com/show_bug.cgi?id=1172544

	vmx: The virVMXParseDisk deviceType can be NULL, add some missing checks

2015-09-07  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Introduce IvyBridge CPU model
	https://bugzilla.redhat.com/show_bug.cgi?id=1254420

2015-09-07  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Slightly rework cmdDomblklist
	Let's move some variables from an inside loop to global function
	declaration header block. It's going to be easier for next
	patches. At the same time, order the cleanup calls at the
	function's end so it's easier to track which variables are freed
	and which not.

	.gitignore: Ignore the correct rename example binary
	In e755186c5c305a9 we tried to introduce an example demonstrating
	new virDomainRename API. Unfortunately, in the .gitignore we had
	a different binary listed. It's 'rename' binary which we want git
	to ignore, not 'test'.

2015-09-07  Martin Kletzander  <mkletzan@redhat.com>

	examples: Add missing build data for 'rename'
	Commit e755186c5c30 added the rename example, but forgot to build some
	essential files in there as well as add it to the spec file.

2015-09-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Some whitespace cleanup

2015-09-04  John Ferlan  <jferlan@redhat.com>

	conf: Remove need for a couple of sa_asserts
	Remove the need for a couple of sa_asserts.

	util: Avoid Coverity FORWARD_NULL
	Coverity claims it could be possible to call virDBusTypeStackFree with
	*stack == NULL and although the two API's that call it don't appear to
	allow that - I suppose it's better to be safe than sorry

	virfile: Avoid Coverity IDENTICAL_BRANCHES error
	In virFileNBDDeviceFindUnused if virFileNBDDeviceIsBusy returns 0,
	then both branches jumped to cleanup, so just use ignore_value
	since the function returns NULL or some memory and the caller
	handles the error.

	lxc: Avoid Coverity SIZEOF_MISMATCH
	Commit id '692e9fac7' used virProcessSetNamespaces instead of inlining
	the similar functionality; however, Coverity notes that the function
	prototype expects a size_t value and not an enum and complains. So,
	just typecast the enum as a size_t to avoid the noise.

	qemu: Check virGetLastError return value for migration finish failure
	Commit id '2e7cea243' added a check for an error from Finish instead
	of 'unexpected error'; however, if for some reason there wasn't an
	error, then virGetLastError could return NULL resulting in the
	NULL pointer deref to err->domain.

2015-09-04  Martin Kletzander  <mkletzan@redhat.com>

	Change name of the domain upon successful rename

	Add example that renames domain there and back
	And in the middle it prints out its name to demonstrate changes in later
	patch(es).

2015-09-04  Jiri Denemark  <jdenemar@redhat.com>

	examples: Add example polkit ACL rules
	Creating ACL rules is not exactly easy and existing examples are pretty
	simple. This patch adds a somewhat complex example which defines several
	roles. Admins can do everything, operators can do basic operations
	on any domain and several groups of users who act as operators but only
	on a limited set of domains.

2015-09-04  John Ferlan  <jferlan@redhat.com>

	qemu: Need to check for machine.os when using ADDRESS_TYPE_CCW
	https://bugzilla.redhat.com/show_bug.cgi?id=1258361

	When attaching a disk, controller, or rng using an address type ccw
	or s390, we need to ensure the support is provided by both the machine.os
	and the emulator capabilities (corollary to unconditional setting when
	address was not provided for the correct machine.os and emulator.

	For an inactive guest, an addition followed by a start would cause the
	startup to fail after qemu_command builds the command line and attempts
	to start the guest. For an active guest, libvirtd would crash.

2015-09-04  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuDomainMachineIsS390CCW
	Rather than have different usages of STR function in order to determine
	whether the domain is s390-ccw or s390-ccw-virtio, make a single API
	which will check the machine.os prefix. Then use the function.

2015-09-04  Erik Skultety  <eskultet@redhat.com>

	vsh: Make vshInitDebug static
	There's no reason why debug initialization could not be made completely
	hidden, just like readline initialization is. The point of the global
	initializer vshInit is to make initialization of smaller features transparent
	to the user/caller.

	virsh: Do not make interactive mode default
	Currently, we set interactive mode as default possibly reverting the
	setting after we parse the command line arguments. There's nothing
	particulary wrong with that, but a call to vshReadlineInit is performed
	always in the global initializer just because the default mode is interactive.
	Rather than moving vshReadlineInit call somewhere else (because another client
	might want to implement interactive mode only), we could make the decision
	if we're about to run in interactive mode once the command line is parsed.

	vsh: Introduce vshInitReload
	Commit a0b6a36f separated vshInitDebug from the original vshInit
	(before virsh got split and vshInit became virshInit - commit 834c5720)
	in order to be able to debug command line parsing.
	After the parsing is finished, debugging is reinitialized to work properly.
	There might as well be other features that require re-initialization as
	the command line could specify parameters that override our defaults which
	had been set prior to calling vshArgvParse.

	vsh: adjust vshInit signature and remove redundant error label
	As part of the effort to stay consistent, change the vshInit signature
	from returning int to returning bool. Moreover, remove the
	unnecessary error label as there is no cleanup that would make use of
	it.

2015-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: don't overwrite error from virNetSocketNewConnectTCP()
	Remove redundant error reporting in libxlDomainMigrationPerform().
	virNetSocketNewConnectTCP() is perfectly capable of reporting
	sensible errors.

2015-09-03  Pavel Hrdina  <phrdina@redhat.com>

	domain-conf: escape string for socket attribute
	Commit d091518b tried to escape all strings in produced XML, but missed
	this one.

2015-09-03  Laine Stump  <laine@laine.org>

	util: don't use netlink to save/set mac for macvtap+passthrough+802.1Qbh
	Before libvirt sets the MAC address of the physdev (the physical
	ethernet device) linked to a macvtap passthrough device, it always
	saves the previous MAC address to restore when the guest is finished
	(following a "leave nothing behind" policy). For a long time it
	accomplished the save/restore with a combination of
	ioctl(SIOCGIFHWADDR) and ioctl(SIOCSIFHWADDR), but in commit cbfe38c
	(first in libvirt 1.2.15) this was changed to use netlink RTM_GETLINK
	and RTM_SETLINK commands sent to the Physical Function (PF) of any
	device that was detected to be a Virtual Function (VF).

	We later found out that this caused problems with any devices using
	the Cisco enic driver (e.g. vmfex cards) because the enic driver
	hasn't implemented the function that is called to gather the
	information in the IFLA_VFINFO_LIST attribute of RTM_GETLINK
	(ndo_get_vf_config() for those keeping score), so we would never get
	back a useful response.

	In an ideal world, all drivers would implement all functions, but it
	turns out that in this case we can work around this omission without
	any bad side effects - since all macvtap passthrough <interface>
	definitions pointing to a physdev that uses the enic driver *must*
	have a <virtualport type='802.1Qbh'>, and since no other type of
	ethernet devices use 802.1Qbh, libvirt can change its behavior in this
	case to use the old-style.  ioctl(SIOC[GS]IFHWADDR).  That's what this
	patch does.

	Resolves:  https://bugzilla.redhat.com/show_bug.cgi?id=1257004

2015-09-03  Laine Stump  <laine@laine.org>

	util: make virNetDev(Replace|Restore)MacAddress public functions
	These functions were made static as a part of commit cbfe38c since
	they were no longer called from outside virnetdev.c. We once again
	need to call them from another file, so this patch makes them once
	again public.

2015-09-03  Michal Privoznik  <mprivozn@redhat.com>

	remoteClientCloseFunc: Don't mangle connection object refcount
	Well, in 8ad126e6 we tried to fix a memory corruption problem.
	However, the fix was not as good as it could be. I mean, the
	commit has one line more than it should. I've noticed this output
	just recently:

	  # ./run valgrind --leak-check=full --show-reachable=yes ./tools/virsh domblklist gentoo
	  ==17019== Memcheck, a memory error detector
	  ==17019== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
	  ==17019== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
	  ==17019== Command: /home/zippy/work/libvirt/libvirt.git/tools/.libs/virsh domblklist gentoo
	  ==17019==
	  Target     Source
	  ------------------------------------------------
	  fda        /var/lib/libvirt/images/fd.img
	  vda        /var/lib/libvirt/images/gentoo.qcow2
	  hdc        /home/zippy/tmp/install-amd64-minimal-20150402.iso

	  ==17019== Thread 2:
	  ==17019== Invalid read of size 4
	  ==17019==    at 0x4EFF5B4: virObjectUnref (virobject.c:258)
	  ==17019==    by 0x5038CFF: remoteClientCloseFunc (remote_driver.c:552)
	  ==17019==    by 0x5069D57: virNetClientCloseLocked (virnetclient.c:685)
	  ==17019==    by 0x506C848: virNetClientIncomingEvent (virnetclient.c:1852)
	  ==17019==    by 0x5082136: virNetSocketEventHandle (virnetsocket.c:1913)
	  ==17019==    by 0x4ECD64E: virEventPollDispatchHandles (vireventpoll.c:509)
	  ==17019==    by 0x4ECDE02: virEventPollRunOnce (vireventpoll.c:658)
	  ==17019==    by 0x4ECBF00: virEventRunDefaultImpl (virevent.c:308)
	  ==17019==    by 0x130386: vshEventLoop (vsh.c:1864)
	  ==17019==    by 0x4F1EB07: virThreadHelper (virthread.c:206)
	  ==17019==    by 0xA8462D3: start_thread (in /lib64/libpthread-2.20.so)
	  ==17019==    by 0xAB441FC: clone (in /lib64/libc-2.20.so)
	  ==17019==  Address 0x139023f4 is 4 bytes inside a block of size 240 free'd
	  ==17019==    at 0x4C2B1F0: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	  ==17019==    by 0x4EA8949: virFree (viralloc.c:582)
	  ==17019==    by 0x4EFF6D0: virObjectUnref (virobject.c:273)
	  ==17019==    by 0x4FE74D6: virConnectClose (libvirt.c:1390)
	  ==17019==    by 0x13342A: virshDeinit (virsh.c:406)
	  ==17019==    by 0x134A37: main (virsh.c:950)

	The problem is, when registering remoteClientCloseFunc(), it's
	conn->closeCallback which is ref'd. But in the function itself
	it's conn->closeCallback->conn what is unref'd. This is causing
	imbalance in reference counting. Moreover, there's no need for
	the remote driver to increase/decrease conn refcount since it's
	not used anywhere. It's just merely passed to client registered
	callback. And for that purpose it's correctly ref'd in
	virConnectRegisterCloseCallback() and then unref'd in
	virConnectUnregisterCloseCallback().

2015-09-03  Michal Privoznik  <mprivozn@redhat.com>

	vshInit: Don't leak @histsize_env
	Caller is responsible for freeing the result of virStringJoin()
	when no longer needed:

	==10701== 1 bytes in 1 blocks are definitely lost in loss record 1 of 806
	==10701==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==10701==    by 0xAADB679: strdup (in /lib64/libc-2.20.so)
	==10701==    by 0x4F18655: virStrdup (virstring.c:726)
	==10701==    by 0x4F175AF: virStringJoin (virstring.c:165)
	==10701==    by 0x131D4D: vshReadlineInit (vsh.c:2572)
	==10701==    by 0x1322DF: vshInit (vsh.c:2736)
	==10701==    by 0x1347C1: main (virsh.c:907)

2015-09-02  John Ferlan  <jferlan@redhat.com>

	storage: Handle failure from refreshVol
	Commit id '155ca616' added the 'refreshVol' API. In an NFS root-squash
	environment it was possible that if the just created volume from XML wasn't
	properly created with the right uid/gid and/or mode, then the followup
	refreshVol will fail to open the volume in order to get the allocation/
	capacity values. This would leave the volume still on the server and
	cause a libvirtd crash because 'voldef' would be in the pool list, but
	the cleanup code would free it.

2015-09-02  John Ferlan  <jferlan@redhat.com>

	storage: Correct the 'mode' check
	Commit id '7c2d65dde2' changed the default value of mode to be -1 if not
	supplied in the XML, which should cause creation of the volume using the
	default mode of VIR_STORAGE_DEFAULT_VOL_PERM_MODE; however, the check
	made was whether mode was '0' or not to use default or provided value.

	This patch fixes the issue to check if the 'mode' was provided in the XML
	and use that value.

2015-09-02  John Ferlan  <jferlan@redhat.com>

	virfile: Introduce virFileUnlink
	In an NFS root-squashed environment the 'vol-delete' command will fail to
	'unlink' the target volume since it was created under a different uid:gid.

	This code continues the concepts introduced in virFileOpenForked and
	virDirCreate[NoFork] with respect to running the unlink command under
	the uid/gid of the child. Unlike the other two, don't retry on EACCES
	(that's why we're here doing this now).

2015-09-02  John Ferlan  <jferlan@redhat.com>

	virfile: Add error for root squash change mode failure
	This will only be seen when debugging, but in order to help determine
	whether a virFileOpenForceOwnerMode failed during an NFS root-squash
	volume/file creation, add an error message from the child.

2015-09-02  Jonathan Toppins  <jtoppins@cumulusnetworks.com>

	qemu: add udp interface support
	Adds a new interface type using UDP sockets, this seems only applicable
	to QEMU but have edited tree-wide to support the new interface type.

	The interface type required the addition of a "localaddr" (local
	address), this then maps into the following xml and qemu call.

	<interface type='udp'>
	  <mac address='52:54:00:5c:67:56'/>
	  <source address='127.0.0.1' port='11112'>
	    <local address='127.0.0.1' port='22222'/>
	  </source>
	  <model type='virtio'/>
	  <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
	</interface>

	QEMU call:
		-net socket,udp=127.0.0.1:11112,localaddr=127.0.0.1:22222

	Notice the xml "local" entry becomes the "localaddr" for the qemu call.

	reference:
	http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00629.html

2015-09-02  Ján Tomko  <jtomko@redhat.com>

	Post release version bump to 1.2.20

2015-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.19
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: regenerated

2015-08-31  Michal Privoznik  <mprivozn@redhat.com>

	src: Check for symbols ordering in ADMIN_SYM_FILES
	Like we are checking for the correct order in SYM_FILES, we
	should do the same for ADMIN_SYM_FILES.

	src: Cleanup libvirt_admin.syms
	It's a generated file, so after 'distclean' it should be gone.
	But it isn't yet.

	src: Check libvirt_admin.syms for exported symbols
	We have this check rule in src/Makefile: check-symfile that
	should check if all symbols we wanted to export are exported.
	Moreover, if we are not exporting something more. Do the same
	with libvirt_admin.syms.

2015-08-29  Guido Günther  <agx@sigxcpu.org>

	apparmor: Adjust path to domain monitor socket
	f1f68ca33 moved the monitor socket to a per domain directory. Adjust the
	path accordingly.

2015-08-28  Laine Stump  <laine@laine.org>

	util: fallback to ioctl(SIOCBRDELBR) if netlink RTM_DELLINK fails
	commit 09778e09 switched from using ioctl(SIOCBRDELBR) for bridge
	device deletion to using a netlink RTM_DELLINK message, which is the
	more modern way to delete a bridge (and also doesn't require the
	bridge to be ~IFF_UP to succeed). However, although older kernels
	(e.g. 2.6.32, in RHEL6/CentOS6) support deleting *some* link types
	with RTM_NEWLINK, they don't support deleting bridges, and there is no
	compile-time way to figure this out.

	This patch moves the body of the SIOCBRDELBR version of
	virNetDevBridgeDelete() into a static function, calls the new function
	from the original, and also calls the new function from the
	RTM_DELLINK version if the RTM_DELLINK message generates an EOPNOTSUPP
	error. Since RTM_DELLINK is done from the subordinate function
	virNetlinkDelLink, which is also called for other purposes (deleting a
	macvtap interface), a function pointer called "fallback" has been
	added to the arglist of virNetlinkDelLink() - if that arg != NULL, the
	provided function will be called when (and only when) RTM_DELLINK
	fails with EOPNOTSUPP.

	Resolves:  https://bugzilla.redhat.com/show_bug.cgi?id=1252780 (part 2)

2015-08-28  Laine Stump  <laine@laine.org>

	util: fallback to ioctl(SIOCBRADDBR) if netlink RTM_NEWLINK fails
	commit fc7b23db switched from using ioctl(SIOCBRADDBR) for bridge
	creation to using a netlink RTM_NEWLINK message with IFLA_INFO_KIND =
	"bridge", which is the more modern way to create a bridge. However,
	although older kernels (e.g. 2.6.32, in RHEL6/CentOS6) support
	creating *some* link types with RTM_NEWLINK, they don't support
	creating bridges, and there is no compile-time way to figure this out
	(since the "type" isn't an enum, but rather a character string).

	This patch moves the body of the SIOCBRADDBR version of
	virNetDevBridgeCreate() into a static function, calls the new function
	from the original, and also calls the new function from the
	RTM_NEWLINK version if the RTM_NEWLINK message generates an EOPNOTSUPP
	error.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1252780

2015-08-28  Jim Fehlig  <jfehlig@suse.com>

	Revert "LXC: show used memory as 0 when domain is not active"
	This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e,
	which introduced a significant semantic change to the
	virDomainGetInfo() API. Additionally, the change was only
	made to 2 of the 15 virt drivers.

	Conflicts:
		src/qemu/qemu_driver.c

2015-08-27  Jim Fehlig  <jfehlig@suse.com>

	libxl: acquire a job when receiving a migrating domain
	Commit f86ae403 moved acquiring a job from libxlDomainStart()
	to its callers. One spot missed was in libxlDoMigrateReceive().
	Acquire a job in libxlDoMigrateReceive() before calling
	libxlDomainStart().

	libxl: don't attempt to resume domain when suspend fails
	Failure of libxl_domain_suspend() does not leave the domain in
	a suspended state, so no need to call libxl_domain_resume(),
	which btw will fail with "domain not suspended".

2015-08-27  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix ref counting of libxlMigrationDstArgs
	This patch fixes some flawed logic around ref counting the
	libxlMigrationDstArgs object.

	First, when adding sockets to the event loop with
	virNetSocketAddIOCallback(), the generic virObjectFreeCallback()
	was registered as a free function, with libxlMigrationDstArgs as
	its parameter. A reference was also taken on
	libxlMigrationDstArgs for each successful call to
	virNetSocketAddIOCallback(). The rational behind this logic was
	that the libxlMigrationDstArgs object had to out-live the socket
	objects. But virNetSocketAddIOCallback() already takes a
	reference on socket objects, ensuring their life until removed
	from the event loop and unref'ed in virNetSocketEventFree(). We
	only need to ensure libxlMigrationDstArgs lives until
	libxlDoMigrateReceive() finishes, which can be done by simply
	unref'ing libxlMigrationDstArgs at the end of
	libxlDoMigrateReceive().

	The second flaw was unref'ing the sockets in the failure path of
	libxlMigrateReceive() and at the end of libxlDoMigrateReceive().
	As mentioned above, the sockets are already unref'ed by
	virNetSocketEventFree() when removed from the event loop.
	Attempting to unref the socket a second time resulted in a
	libvirtd crash since the socket was previously unref'ed and
	disposed.

2015-08-27  Michal Privoznik  <mprivozn@redhat.com>

	Revert "lxc: ensure setns() syscall is defined"
	After my previous commit this commit is no longer needed.

	This reverts commit eff95ac8fce8af47c0948a1c8a654b210633a350.

2015-08-27  Michal Privoznik  <mprivozn@redhat.com>

	lxc_container: Turn lxcAttachNS into calling virProcessSetNamespaces
	Now that virProcessSetNamespaces() does accept FD list in the
	correct format, we can simply turn lxcAttachNS into calling
	virProcessSetNamespaces().

	libvirt_lxc: Claim success for --help
	So far, if libvirt_lxc binary (usually to be found under
	/usr/libexec/) is run with --help, due to a missing line
	and our usual functions pattern, an 'uknown' error is returned.
	Yeah, the help is printed out, but we should not claim error.

	util: Allow virProcessSetNamespaces() to have sparse FD list
	So far, the virProcessSetNamespaces() takes an array of FDs that
	it tries to set namespace on. However, in the very next commit
	this array may be sparse, having some -1's in it. Teach the
	function to cope with that.

2015-08-27  Michal Privoznik  <mprivozn@redhat.com>

	virt-aa-helper: Improve valid_path
	So, after some movement in virt-aa-helper, I've noticed the
	virt-aa-helper-test failing. I've ran gdb (it took me a while to
	realize how to do that) and this showed up immediately:

	  Program received signal SIGSEGV, Segmentation fault.
	  strlen () at ../sysdeps/x86_64/strlen.S:106
	  106     ../sysdeps/x86_64/strlen.S: No such file or directory.
	  (gdb) bt
	  #0  strlen () at ../sysdeps/x86_64/strlen.S:106
	  #1  0x0000555555561a13 in array_starts_with (str=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", arr=0x7fffffffd160, size=-1540438016) at security/virt-aa-helper.c:525
	  #2  0x0000555555561d49 in valid_path (path=0x5555557ce910 "/tmp/tmp.6nI2Fkv0KL/1.img", readonly=false) at security/virt-aa-helper.c:617
	  #3  0x0000555555562506 in vah_add_path (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw", recursive=false) at security/virt-aa-helper.c:823
	  #4  0x0000555555562693 in vah_add_file (buf=0x7fffffffd3e0, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", perms=0x555555581585 "rw") at security/virt-aa-helper.c:854
	  #5  0x0000555555562918 in add_file_path (disk=0x5555557d4440, path=0x5555557cb910 "/tmp/tmp.6nI2Fkv0KL/1.img", depth=0, opaque=0x7fffffffd3e0) at security/virt-aa-helper.c:931
	  #6  0x00007ffff78f18b1 in virDomainDiskDefForeachPath (disk=0x5555557d4440, ignoreOpenFailure=true, iter=0x5555555628a6 <add_file_path>, opaque=0x7fffffffd3e0) at conf/domain_conf.c:23286
	  #7  0x0000555555562b5f in get_files (ctl=0x7fffffffd670) at security/virt-aa-helper.c:982
	  #8  0x0000555555564100 in vahParseArgv (ctl=0x7fffffffd670, argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1277
	  #9  0x00005555555643d6 in main (argc=5, argv=0x7fffffffd7e8) at security/virt-aa-helper.c:1332

	So I've taken look at valid_path() because it is obviously
	calling array_starts_with() with malformed @size. And here's the
	result: there are two variables to hold the size of three arrays
	and their value is recalculated before each call of
	array_starts_with(). What if we just use three variables,
	initialize them and do not touch them afterwards?

2015-08-27  John Ferlan  <jferlan@redhat.com>

	lxc: Resolve Coverity RESOURCE_LEAK
	Commit id 'c27553b6e' added a return -1 in a failure path without
	the necessary VIR_FREE(stack)

2015-08-26  Luyao Huang  <lhuang@redhat.com>

	qemu: Emit correct audit message for memory hot unplug
	https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3

	If the qemu monitor fails to remove the memory from the guest for
	any reason, the auditlog message will incorrectly use the current
	actual memory (via virDomainDefGetMemoryActual) instead of the
	value we were attempting to reduce to. The result is the 'new-mem'
	and 'old-mem' values for the auditlog message would be identical.

	This patch creates a local 'newmem' which accounts for the current
	memory size minus the memory which is being removed. NB, for the
	success case this results in the same value that would be returned
	by virDomainDefGetMemoryActual without the need to do the math. This
	follows the existing code which would subtract the size for cur_balloon.

2015-08-26  Luyao Huang  <lhuang@redhat.com>

	qemu: Emit correct audit message for memory hot plug
	https://bugzilla.redhat.com/show_bug.cgi?id=1226234#c3

	Prior to this patch, after successfully hot plugging memory
	the audit log indicated that the update failed, e.g.:

	type=VIRT_RESOURCE ... old-mem=1024000 new-mem=1548288 \
	exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=pts/2 res=failed

	This patch will adjust where virDomainAuditMemory is called to
	ensure the proper 'ret' value is used based on success or failure.

	Additionally, the audit message should include the size of the
	memory we were attempting to change to rather than the current
	actual size. On failure to add, the message showed the same value
	for old-mem and new-mem.

	In order to do this, introduce a 'newmem' local which will compute
	the new size based on the oldmem size plus the size of memory we
	are about to add. NB: This would be the same as calling the
	virDomainDefGetMemoryActual again on success, but avoids the
	overhead of recalculating. Plus cur_balloon is already adjusted
	by the same value, so this follows that.

2015-08-26  Moshe Levi  <moshele@mellanox.com>

	utils: Remove the logging of errors from virNetDevSendEthtoolIoctl
	This patch remove the logging of errors of ioctl api and instead
	let the caller to choose what errors to log

2015-08-26  Laine Stump  <laine@laine.org>

	hostdev: skip ACS check when using VFIO for device assignment
	The ACS checks are meaningless when using the more modern VFIO driver
	for device assignment since VFIO has its own more complete and exact
	checks, but I didn't realize that when I added support for VFIO. This
	patch eliminates the ACS check when preparing PCI devices for
	assignment if VFIO is being used.

	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1256486

2015-08-26  Daniel P. Berrange  <berrange@redhat.com>

	lxc: ensure setns() syscall is defined
	Older versions of glibc don't provide the setns() syscall
	function wrapper, so we must define it ourselves to prevent
	build failure on old distros.

2015-08-26  Martin Kletzander  <mkletzan@redhat.com>

	Start daemon only after filesystems are mounted
	When images are on mounted filesystems, there is no guarantee libvirtd
	will start before they are mounted.  Since we want to start after both
	local and remote filesystems are mounted, we need to add both local-fs
	and remote-fs as targets that should precede starting libvirtd service.

2015-08-26  Peter Kieser  <peter@kieser.ca>

	virt-aa-helper: add NVRAM store file for read/write
	This is a cryptographically signed message in MIME format.

	Some UEFI firmwares may want to use a non-volatile memory to store some
	variables.
	If AppArmor is enabled, and NVRAM store file is set currently
	virt-aa-helper does
	not add the NVRAM store file to the template. Add this file for
	read/write when
	this functionality is defined in domain XML.

2015-08-26  Sergey Bronnikov  <sergeyb@openvz.org>

	Fix link to page for Virtuozzo driver

2015-08-26  ik.nitk  <ik.nitk@gmail.com>

	lxc: Inherit namespace feature
	This patch adds feature for lxc containers to inherit namespaces.
	This is very similar to what lxc-tools or docker provides.  Look
	for "man lxc-start" and you will find that you can pass command
	args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
	networking option in which you can give --net=container:NAME_or_ID
	as an option for sharing +namespace.

	>From this patch you can add extra libvirt option to share
	namespace in following way.

	 <lxc:namespace>
	   <lxc:sharenet type='netns' value='red'/>
	   <lxc:shareipc type='pid' value='12345'/>
	   <lxc:shareuts type='name' value='container1'/>
	 </lxc:namespace>

	The netns option is specific to sharenet. It can be used to
	inherit from existing network namespace.

	Co-authored: Daniel P. Berrange <berrange@redhat.com>

2015-08-26  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Label correct per-VM path when starting
	Commit f1f68ca33433825ce0deed2d96f1990200bc6618 overused mdir_name()
	event though it was not needed in the latest version, hence labelling
	directory one level up in the tree and not the one it should.

	If anyone with SElinux managed to try run a domain with guest agent set
	up, it's highly possible that they will need to run 'restorecon -F
	/var/lib/libvirt/qemu/channel/target' to fix what was done.

	Reported-by: Luyao Huang <lhuang@redhat.com>

2015-08-25  Luyao Huang  <lhuang@redhat.com>

	qemu: Update blkio.weight value after successful set
	https://bugzilla.redhat.com/show_bug.cgi?id=1253107

	Make a call virCgroupGetBlkioWeight to re-read blkio.weight right
	after it is set in order to keep internal data up-to-date.

2015-08-25  Sergey Bronnikov  <sergeyb@openvz.org>

	Rename page about vz driver

	docs: Rename 'parallels' to 'vz'
	Parallels driver was renamed to Virtuozzo. Replace old name by new
	one for libvirt docs and schemas.

2015-08-24  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	Eliminate incorrect and unnecessary check for changed IP address
	Commit aa2cc7 modified a previously unnecessary but innocuous check
	for interface IP address during interface update incorrectly, causing
	all attempted updates (e.g. changing link state) to interfaces of
	type='ethernet' for QEMU to fail.

	This patch fixes the issue by completely removing the check for IP
	address, which is pointless since QEMU doesn't support setting
	interface IP addresses from the domain interface XML anyway.

2015-08-24  Tomas Meszaros  <exo@tty.sk>

	virDomainRename: Extend API documentation

2015-08-24  Luyao Huang  <lhuang@redhat.com>

	qemu: add a check for nodeset in qemuDomainSetNumaParamsLive
	We will try to set the node to cpuset.mems without check if
	it is available, since we already have helper to check this.
	Call virNumaNodesetIsAvailable to check if node is available,
	then try to change it in the cgroup.

2015-08-24  Guido Günther  <agx@sigxcpu.org>

	selinux: fix compile errors
	Remove unused variable, tag unused parameter and adjust return type.

	introduced by 3f48345f7ec0c44b8ce2371cab454d2118f830b4

	CC     security/libvirt_security_manager_la-security_selinux.lo
	security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel':
	security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror]
	security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable]
	security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter]

2015-08-24  Guido Günther  <agx@sigxcpu.org>

	storage: only run safezero if allocation is > 0
	While a zero allocation in safezero should be fine it isn't when we use
	posix_fallocate which returns EINVAL on a zero allocation.

	While we could skip the zero allocation in safezero_posix_fallocate it's
	an optimization to do it for all allocations.

	This fixes vm installation via virtinst for me which otherwise aborts
	like:

	   Starting install...
	   Retrieving file linux...               | 5.9 MB     00:01 ...
	   Retrieving file initrd.gz...           |  29 MB     00:07 ...
	   ERROR    Couldn't create storage volume 'virtinst-linux.sBgds4': 'cannot fill file '/var/lib/libvirt/boot/virtinst-linux.sBgds4': Invalid argument'

	The error was introduced by e30297b0 as spotted by Chunyan Liu

2015-08-24  intrigeri  <intrigeri@debian.org>

	virt-aa-helper: allow access to /usr/share/ovmf/
	We forbid access to /usr/share/, but (at least on Debian-based systems)
	the Open Virtual Machine Firmware files needed for booting UEFI virtual
	machines in QEMU live in /usr/share/ovmf/. Therefore, we need to add
	that directory to the list of read only paths.

	A similar patch was suggested by Jamie Strandboge <jamie@canonical.com>
	on https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071.

2015-08-24  Guido Günther  <agx@sigxcpu.org>

	virt-aa-helper: Simplify restriction logic
	First check overrides, then read only files then restricted access
	itself.

	This allows us to mark files for read only access whose parents were
	already restricted for read write.

	Based on a proposal by Martin Kletzander

2015-08-24  Guido Günther  <agx@sigxcpu.org>

	virt-aa-helper: document --probing and --dry-run

2015-08-24  Martin Kletzander  <mkletzan@redhat.com>

	tests: Use qemuProcessPrepareMonitorChr in qemuxmlnstest
	The output of that function was not tested until now.  In order to keep
	the paths in /tmp, the test driver config is "fixed" as well.

2015-08-24  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix access to auto-generated socket paths
	We are automatically generating some socket paths for domains, but all
	those paths end up in a directory that's the same for multiple domains.
	The problem is that multiple domains can each run with different
	seclabels (users, selinux contexts, etc.).  The idea here is to create a
	per-domain directory labelled in a way that each domain can access its
	own unix sockets.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886

2015-08-24  Martin Kletzander  <mkletzan@redhat.com>

	security_dac: Add SetDirLabel support

	security_selinux: Add SetDirLabel support

	security_stack: Add SetDirLabel support

	security: Add virSecurityDomainSetDirLabel
	That function can be used for setting security labels on arbitrary
	directories.

	security_dac: Label non-listening sockets
	SELinux security driver already does that, but DAC driver somehow missed
	the memo.  Let's fix it so it works the same way.

	security_selinux: Use proper structure to access socket data
	In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix
	socket path, but accessing another structure of the union.  This does
	not pose a problem currently as both paths are at the same offset, but
	this should be fixed for the future.

2015-08-24  Erik Skultety  <eskultet@redhat.com>

	locking: Remove redundant 'srv' element from virLockDaemon
	Now that we have virNetDaemon object holding all the data and being
	capable of referencing multiple servers, having a duplicate reference to
	a single server stored in virLockDaemon isn't necessary anymore. This
	patch removes the above described element.

	test: Replace tabs with spaces in virnetdaemondata json files
	JSON data that are used to initialize tests in virnetdaemontest should
	be in a consistent format, i.e. not using tabs for indentation, those
	should be replaced by spaces.

2015-08-22  Andrea Bolognani  <abologna@redhat.com>

	tests: Add some compatibility-related cases to the CPU tests

2015-08-22  Andrea Bolognani  <abologna@redhat.com>

	cpu: Move check for NULL CPU model inside the driver
	While the check is appropriate for eg. the x86 and generic drivers,
	there are some valid ppc64 guest configurations where the CPU
	model is supposed to be NULL.

	Moving this check from the generic code to the drivers makes it
	possible to accomodate both use cases.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

2015-08-22  Andrea Bolognani  <abologna@redhat.com>

	cpu: Better support for ppc64 compatibility modes
	Not all combinations of host CPU models and compatibility modes
	are valid, so we need to make sure we don't try to do something
	that QEMU will reject.

	Moreover, we need to apply a different logic to guests using
	host-model and host-passthrough modes when testing them for host
	compatibility.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

2015-08-21  Andrea Bolognani  <abologna@redhat.com>

	cpu: Don't update host-model guest CPUs on ppc64
	If a guest CPU is defined using

	  <cpu mode='host-model'/>

	the <model> sub-element will contain the compatibility mode to use.
	That means we can't just copy the host CPU model on cpuUpdate(),
	otherwise we'll overwrite that information and migration of such
	guests will fail.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1251927

2015-08-20  Martin Kletzander  <mkletzan@redhat.com>

	Add generated libvirt_admin.syms into .gitignore
	Commit a2c5d16a70a6161449c687be74db2813b362cf5e switched to generating
	libvirt_admin.syms, but forgot to add the generated file into
	.gitignore, hence causing tree pollution post-build.

2015-08-20  John Ferlan  <jferlan@redhat.com>

	conf: Check for attach disk usage of iothread=0
	Since iothreadid = 0 is invalid, we need to check for it when attempting
	to add a disk; otherwise, someone would think/believe their attempt to
	add an IOThread to the disk would succeed. Luckily other code ignored
	things when ->iothread == 0...

2015-08-20  Guido Günther  <agx@sigxcpu.org>

	docs: Drop unused rule for internals/%.html.tmp target
	We're using the %.html.tmp for all html files now so drop the unused one
	and rather make sure the needed directory exists.

	This fixes build failures as described in

	    https://www.redhat.com/archives/libvir-list/2015-August/msg00603.html

2015-08-20  Guido Günther  <agx@sigxcpu.org>

	libvirt-admin: Generate symbols file
	Since we're linking this into libvirtd we need some symbols to be public
	but not part of the public API so mark them as
	LIBVIRT_ADMIN_PRIVATE_<VERSION> as we do with libvirt.

	Making all other symbols local makes sure we don't accidentally leak
	unwanted ones.

2015-08-20  Guido Günther  <agx@sigxcpu.org>

	daemon: Use $(NULL) for libvird_admin's flags
	This makes it consistent with the other FLAGS in this file and reduced
	clutter in the diff when adding new entries.

2015-08-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build without cgroup
	Commit 89c509a0 added getters for cgroup block device I/O throttling,
	however stub versions of these functions have not matching function
	prototypes that result in compilation fail on platforms not supporting
	cgroup.

	Fix build by correcting prototypes of the stubbed functions.

	Pushing under build-breaker rule.

2015-08-20  Cao jin  <caoj.fnst@cn.fujitsu.com>

	virconf: correct code formatting

	virConfWalk: fix the inconsistent name
	Fix inconsistency between function description and actual
	parameter name.

2015-08-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Report better error message when renaming to existing domain name

2015-08-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Sync BlkioDevice values when setting them in cgroups
	The problem here is that there are some values that kernel accepts, but
	does not set them, for example 18446744073709551615 which acts the same
	way as zero.  Let's do the same thing we do with other tuning options
	and re-read them right after they are set in order to keep our internal
	structures up-to-date.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165580

2015-08-19  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Sync BlkioDevice values when setting them in cgroups
	The problem here is that there are some values that kernel accepts, but
	does not set them, for example 18446744073709551615 which acts the same
	way as zero.  Let's do the same thing we do with other tuning options
	and re-read them right after they are set in order to keep our internal
	structures up-to-date.

	util: Add getters for cgroup block device I/O throttling
	Since now they were not needed, but I sense they will be in a short
	while.

	util: Add virCgroupGetBlockDevString
	This function translates device paths to "major:minor " string, and all
	virCgroupSetBlkioDevice* functions are modified to use it.  It's a
	cleanup with no functional change.

	util: Add virStringGetFirstWithPrefix
	That function takes string list and returns first string in that list
	that starts with the @prefix parameter with that prefix being skipped as
	the caller knows what it starts with (also for easier manipulation in
	future).

2015-08-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainRename: Don't leave a domain locked uppon fail
	Well, yet again one case of 'goto cleanup' while 'goto endjob'
	was needed. Sorry.

2015-08-18  John Ferlan  <jferlan@redhat.com>

	qemu: Add check for invalid iothread_id in qemuDomainChgIOThread
	https://bugzilla.redhat.com/show_bug.cgi?id=1251886

	Since iothread_id == 0 is an invalid value for QEMU let's point
	that out specifically.  For the IOThreadDel code, the failure would
	have ended up being a failure to find the IOThread ID; however, for
	the IOThreadAdd code - an IOThread 0 was added and that isn't good.

	It seems during many reviews/edits to the code the check for
	iothread_id = 0 being invalid was lost - it could have originally
	been in the API code, but requested to be moved - I cannot remember.

2015-08-18  John Ferlan  <jferlan@redhat.com>

	api: Adjust comment for virDomainAddIOThread
	The comment for the function indicated that iothread_id had to be
	a positive non-zero value; however, that wasn't checked - that is
	a value of 0 is/was allowed by the API and was left up to the
	hypervisor to reject the value.

	More than likely this nuance was missed during the many "adjustments"
	to the API in the review phase.

2015-08-18  John Ferlan  <jferlan@redhat.com>

	api: Remove check on iothread_id arg in virDomainPinIOThread
	Allow 0 as an iothread_id and force the hypervisor to handle.
	The qemuDomainPinIOThread API will look up the iothread_id of
	0 and not find it and message that anyway.

2015-08-18  Luyao Huang  <lhuang@redhat.com>

	qemuDomainAddCgroupForThread: Don't overwrite the error
	Just like in commit 704cf06, if virCgroup*() fails, the error is
	already reported. There's no need to overwrite the error with a
	generic one and possibly hiding the true root cause of the error.

2015-08-18  Cao jin  <caoj.fnst@cn.fujitsu.com>

	virconf: fix the inconsistent name
	Fix inconsistency between function description and actual
	parameter name in virConfGetValue/virConfSetValue.

2015-08-18  Luyao Huang  <lhuang@redhat.com>

	virsh: Reset global error after successfull domain lookup
	When looking up a domain, we try to look up by ID, UUID and NAME
	consequently while not really caring which of those lookups succeeds.
	The problem is that if any of them fails, we dispatch the error from the
	driver and that means setting both threadlocal and global error. Let's
	say the last lookup (by NAME) succeeds and resets the threadlocal error as any
	other API does, however leaving the global error unchanged. If the underlying
	virsh command does not succeed afterwards, our cleanup routine in
	vshCommandRun ensures that no libvirt error will be forgotten and that's
	exactly where this global error comes in incorrectly.

	 # virsh domif-setlink 123 vnet1 up
	 error: interface (target: vnet1) not found
	 error: Domain not found: no domain with matching id 123

	This patch also resets the global error which would otherwise cause some
	minor confusion in reported error messages.

	https://bugzilla.redhat.com/show_bug.cgi?id=1254152

2015-08-18  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	Ever since commit e44b0269, 64-bit mingw compilation fails with:

	../../src/util/virprocess.c: In function 'virProcessGetPids':
	../../src/util/virprocess.c:628:50: error: passing argument 4 of 'virStrToLong_i' from incompatible pointer type [-Werror=incompatible-pointer-types]
	         if (virStrToLong_i(ent->d_name, NULL, 10, &tmp_pid) < 0)
	                                                  ^
	In file included from ../../src/util/virprocess.c:59:0:
	../../src/util/virstring.h:53:5: note: expected 'int *' but argument is of type 'pid_t * {aka long long int *}'
	 int virStrToLong_i(char const *s,
	     ^
	cc1: all warnings being treated as errors

	Although mingw won't be using this function, it does compile the
	file, and the fix is relatively simple.

	* src/util/virprocess.c (virProcessGetPids): Don't assume pid_t
	fits in int.

2015-08-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainRename: Explicitly check if domain is renaming to itself
	It may happen that user (mistakenly) wants to rename a domain to
	itself. Which is no renaming at all. We should reject that with
	some meaningful error message.

	virHashAddEntry: Report error on duplicate key
	If this function fails, the error message is reported only in
	some cases (e.g. OOM), but in some it's not (e.g. duplicate key).
	This fact is painful and we should either not report error at all
	or report the error in all possible cases. I vote for the latter.
	Unfortunately, since the key may be an arbitrary value (not
	necessarily a string) we can't report it in the error message.

	virHashAddOrUpdateEntry: Turn @new_name into void *
	In 9190f0b0 we've tried to fix an OOM. And boy, was that fix
	successful. But back then, the hash table implementation worked
	strictly over string keys, which is not the case anymore. Hash
	table have this function keyCopy() which returns void *.
	Therefore a local variable that is temporarily holding the
	intermediate return value from that function should be void *
	too.

2015-08-17  Luyao Huang  <lhuang@redhat.com>

	libvirt-domain: forbid use virDomainRename in readonly connection
	This function will change the guest name, we shouldn't
	allow the readonly user do this.

	virsh: fix always return false in domrename

2015-08-15  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity UNINIT
	Coverity complained that 'vm' wasn't initialized before jumping to
	cleanup: and calling virDomainObjEndAPI if the VIR_STRDUP fails.
	So I initialized vm = NULL and also moved the VIR_STRDUP closer to
	usage and used endjob for goto. Lots of other reasons for failures.

2015-08-15  Martin Kletzander  <mkletzan@redhat.com>

	protocol: Don't use rename as a variable name
	That causes shadowing errors on older compilers.

2015-08-15  Moshe Levi  <moshele@mellanox.com>

	Remove static keyword from vshReadline when readline does not exist
	This patch removes the static keyword from the vshReadline which was
	introduced in commit 834c5720e4434f0bcc807bb1cf20855af63e24a3. With
	readline the vshReadline function is not static but when compiling
	without readline it was defined as static which caused compilation
	error.

2015-08-14  Erik Skultety  <eskultet@redhat.com>

	tools: Introduce new client generic module vsh
	In order to share as much virsh' logic as possible with upcomming
	virt-admin client we need to split virsh logic into virsh specific and
	client generic features.

	Since majority of virsh methods should be generic enough to be used by
	other clients, it's much easier to rename virsh specific data to virshX
	than doing this vice versa. It moved generic virsh commands (including info
	and opts structures) to generic module vsh.c.

	Besides renaming methods and structures, this patch also involves introduction
	of a client specific control structure being referenced as private data in the
	original control structure, introduction of a new global vsh Initializer,
	which currently doesn't do much, but there is a potential for added
	functionality in the future.
	Lastly it introduced client hooks which are especially necessary during
	client connecting phase.

2015-08-14  Tomas Meszaros  <exo@tty.sk>

	qemu: Implement virDomainRename
	Currently supports only renaming inactive domains without snapshots.

	Introduce new VIR_DOMAIN_EVENT_DEFINED_RENAMED event
	This should be emitted whenever a domain is renamed.

2015-08-14  Tomas Meszaros  <exo@tty.sk>

	domain_conf: Introducde virDomainObjListRenameAddNew() & virDomainObjListRenameRemove()
	We just need to update the entry in the second hash table. Since commit 8728a56
	we have two hash tables for the domain list so that we can do O(1) lookup
	regardless of looking up by UUID or name. Since with renaming a domain UUID does
	not change, we only need to update the second hash table, where domains are
	referenced by their name.

	We will call both functions from the qemuDomainRename().

2015-08-14  Tomas Meszaros  <exo@tty.sk>

	virsh: Implement "domrename" command
	This patch implements new virsh command, domrename.

	Using domrename, it will be possible to rename domain from the virsh shell by
	calling virRenameDomain API.

	It takes two arguments, current domain name and new domain name.

	Example:

	virsh # list --all
	 Id    Name                           State
	 ----------------------------------------------------
	  -     bar                            shut off

	virsh # domrename bar foo
	Domain successfully renamed

	virsh # list --all
	 Id    Name                           State
	 ----------------------------------------------------
	  -     foo                            shut off

	virsh #

2015-08-14  Tomas Meszaros  <exo@tty.sk>

	Introduce virDomainRename API
	Also, among with this new API new ACL that restricts rename
	capability is invented too.

2015-08-13  Guido Günther  <agx@sigxcpu.org>

	Detect location of qemu-bridge-helper
	RedHat and Debian based distros use different locations

	Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790935

2015-08-13  Guido Günther  <agx@sigxcpu.org>

	Check if qemu-bridge-helper exists and is executable
	Otherwise the error is just

	    error: Failed to create domain from test1.xml
	    error: failed to retrieve file descriptor for interface: Transport endpoint is not connected

	since we don't get a sensible error after the fork.

2015-08-13  John Ferlan  <jferlan@redhat.com>

	conf: Remove 'vmdef' from virDomainHostdevDefParseXML
	Since it's not used, let's remove it to avoid any future usage.

2015-08-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Use numad information when getting pin information
	Pinning information returned for emulatorpin and vcpupin calls is being
	returned from our data without querying cgroups for some time.  However,
	not all the data were utilized.  When automatic placement is used the
	information is not returned for the calls mentioned above.  Since the
	numad hint in private data is properly saved/restored, we can safely use
	it to return true information.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1162947

2015-08-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Keep numad hint after daemon restart
	The numad hint stored in priv->autoNodeset is information that gets lost
	during daemon restart.  And because we would like to use that
	information in the future, we also need to save it in the status XML.
	For the sake of tests, we need to initialize nnumaCell_max to some
	value, so that the restoration doesn't fail in our test suite.  There is
	no need to fill in the actual numa cell data since the recalculating
	function virCapabilitiesGetCpusForNodemask() will not fail, it will just
	skip filling the data in the bitmap which we don't use in tests anyway.

	conf: Pass private data to Parse function of XML options
	This needs a reorder of XML option definitions.  It might come in handy
	one day.

	qemu: Fix segfault when parsing private domain data
	When parsing private domain data, there are two paths that are flawed.
	They are both error paths, just from different parts of the function.
	One of them can call free() on an uninitialized pointer.  Initialization
	to NULL is enough here.  The other one is a bit trickier to explain, but
	as easy as the first one to fix.  We create capabilities, parse them and
	then assign them into the private data pointer inside the domain object.
	If, however, we get to fail from now on, the error path calls unrefs the
	capabilities and then, when the domain object is being cleaned,
	qemuDomainObjPrivateFree() tries to unref them as well.  That causes a
	segfault.  Settin the pointer to NULL upon successful addition to the
	private data is enough.

2015-08-12  John Ferlan  <jferlan@redhat.com>

	conf: Check for hostdev conflicts when assign default disk address
	https://bugzilla.redhat.com/show_bug.cgi?id=1210587  (completed)

	When generating the default drive address for a SCSI <disk> device,
	check the generated address to ensure it doesn't conflict with a SCSI
	<hostdev> address. The <disk> address generation algorithm uses the
	<target> "dev" name in order to determine which controller and unit
	in order to place the device. Since a SCSI <hostdev> device doesn't
	require a target device name, its placement on the guest SCSI address
	"could" conflict.  For instance, if a SCSI <hostdev> exists at
	controller=0 unit=0 and an attempt to hotplug 'sda' into the guest
	made, there would be a conflict if the <hostdev> is already using
	/dev/sda.

2015-08-12  John Ferlan  <jferlan@redhat.com>

	conf: Create locals for virDomainDiskDefAssignAddress
	Create local controller/bus variables to be used by a future patch

2015-08-12  John Ferlan  <jferlan@redhat.com>

	conf: Add SCSI hostdev check for disk drive address already in use
	https://bugzilla.redhat.com/show_bug.cgi?id=1210587  (partial)

	If a SCSI subsystem <hostdev> element address is provided, we need to
	make sure the address provided doesn't conflict with an existing or
	libvirt generated address for a SCSI <disk> element. We can handle
	this condition in device post processing since we're not generating an
	address based on some target name - rather it's either generated based
	on space or provided from the user. If the user provides one that conflicts,
	then we need to disallow the change.

	This will fix the issue where the domain XML provided an <address> for
	the <hostdev>, but not the <disk> element where the address provided
	ends up being the same address used for the <disk>. A <disk> address
	is generated using it's assigned <target> 'dev' name prior to the
	check/validation of the <hostdev> address value.

2015-08-12  Frank Schreuder  <fschreuder@transip.nl>

	Drive hot-unplug: reliable parsing of HMP results
	Hot-unplugging a disk from a guest that supports hot-unplugging generates an error
	in the libvirt log when running QEMU with the "-msg timestamp=on" flag.

	2015-08-06 10:48:59.945+0000: 11662: error : qemuMonitorTextDriveDel:2594 :
	operation failed: deleting drive-virtio-disk4 drive failed:
	2015-08-06T10:48:59.945058Z Device 'drive-virtio-disk4' not found

	This error is caused because the HMP results are getting prefixed with a timestamp.
	Parsing the output is not reliable with STRPREFIX as the results can be prefixed with a timestamp.

	Using strstr ensures that parsing the output works whether the results are prefixed or not.

	Cc: Stefan Hajnoczi <stefanha@redhat.com>
	Cc: Daniel P. Berrange <berrange@redhat.com>

2015-08-12  Laine Stump  <laine@laine.org>

	Revert "qemu: Allow to plug virtio-net-pci into PCIe slot"
	This reverts commit ede34470fde19c0f326cdb0dfca39fa86fd9ec16, which
	was apparently written based on testing performed before commits
	1e15be1 and 9a12b6 were pushed upstream. Once those two patches are in
	place, commit ede34470 is redundant, and can even cause
	incorrect/unexpected behavior when auto-assigning addresses for
	virtio-net devices.

2015-08-12  Michal Privoznik  <mprivozn@redhat.com>

	cmdAttachInterface: Fully implement @floor support
	In my previous commit d7f5c88961b52 I tried to introduce support
	for inbound.floor. But the code change was incomplete. This is
	the change needed to fully enable the feature.

	networkBandwidthGenericChecks: Drop useless check
	There's a check right at the beginning of the function that
	shortcuts if the function was called over all NULL arguments.
	However, this was meant just as a fool-proof check so that we
	don't crash if function is used in a bad manner. Anyway, it makes
	Coverity unhappy as it then thinks any of the arguments could be
	NULL. Well, with the current state of the code it can't.

	networkBandwidthUpdate: Don't blindly dereference pointers
	It may happen that an interface don't have any bandwidth set and
	a new one is to be set. In that case, @ifaceBand will be NULL.
	This will cause troubles later in the code when deciding what to
	do.

2015-08-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Refactor parseRateStr to avoid false-positive uninitialized variable
	Commit 6983d6d2 tried to improve parseRateStr but broke the build
	instead for compilers that were not able to properly introspect the for
	loop indexed by the enum resulting into the following error:

	virsh-domain.c: In function 'parseRateStr':
	virsh-domain.c:916:13: error: 'field_name' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	             vshError(ctl, _("malformed %s field"), field_name);
	             ^
	virsh-domain.c:915:13: error: 'tmp' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         if (virStrToLong_ullp(token, NULL, 10, tmp) < 0) {
	             ^
	Rather than trying to fix the code, refactor the function again by
	reusing virStringSplit.

2015-08-11  Cole Robinson  <crobinso@redhat.com>

	domain: Fix crash if trying to live update disk <serial>
	If you pass <disk><serial> XML to UpdateDevice, and the original device
	didn't have a <serial> block, libvirtd crashes trying to read the original
	NULL serial string.

	Use _NULLABLE string comparisons to avoid the crash. A couple other
	properties needed the change too.

2015-08-11  Laine Stump  <laine@laine.org>

	qemu: fix qemuDomainSupportsPCI() for ARM machines of "virt" machinetype
	Commit e8d5517 updated the domain post-parse to automatically add
	pcie-root et al for certain ARM "virt" machinetypes, but didn't update
	the function qemuDomainSupportsPCI() which is called later on when we
	are auto-assigning PCI addresses and default settings for the PCI
	controller <model> and <target> attributes. The result was that PCI
	addresses weren't assigned, and the controllers didn't have their
	attribute default values set, leading to an error when the domain was
	started, e.g.:

	  internal error: autogenerated dmi-to-pci-bridge options not set

	This patch adds the same check made in the earlier patch to
	qemuDomainSupportsPCI(), so that PCI address auto-assignment and
	target/model default values will be set.

2015-08-11  Guido Günther  <agx@sigxcpu.org>

	virNetSocketCheckProtocols: handle EAI_NONAME as IPv6 unavailable
	When running the test suite using "unshare -n" we might have IPv6 but no
	configured addresses. Due to AI_ADDRCONFIG getaddrinfo then fails with
	EAI_NONAME which we should then treat as IPv6 unavailable.

2015-08-11  Laine Stump  <laine@laine.org>

	util: don't overwrite stack when getting ethtool gfeatures
	This fixes the crash described here:

	 https://www.redhat.com/archives/libvir-list/2015-August/msg00162.html

	In short, we were calling ioctl(SIOCETHTOOL) pointing to a too-short
	object that was a local on the stack, resulting in the memory past the
	end of the object being overwritten. This was because the struct used
	by the ETHTOOL_GFEATURES command of SIOCETHTOOL ends with a 0-length
	array, but we were telling ethtool that it could use 2 elements on the
	array.

	The fix is to allocate the necessary memory with VIR_ALLOC_VAR(),
	including the extra length needed for a 2 element array at the end.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Fix segfault in the ppc64 driver
	Commit adb865d introduced some changes in ppc64DriverNodeData()
	that cause libvirtd to crash on startup unless this patch is
	applied as well.

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement VIR_DOMAIN_BANDWIDTH_IN_FLOOR
	Well, there are just two places that needs adjustment:

	qemuDomainGetInterfaceParameters - to report the @floor
	qemuDomainSetInterfaceParameters - now that the function has been
	fixed, we can allow updating @floor too.

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Implement VIR_DOMAIN_BANDWIDTH_IN_FLOOR
	We have a function parseRateStr() that parses --inbound and
	--outbound arguments to both attach-interface and domiftune.
	Now that we have all virTypedParams macros needed for QoS,
	lets parse even floor attribute. The extended format for the
	arguments looks like this then:

	  --inbound average[,peak[,burst[,floor]]]

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	Introduce VIR_DOMAIN_BANDWIDTH_IN_FLOOR
	This macro represents the single missing field we don't expose
	yet within QoS: inbound.floor.

	virsh: Rework parseRateStr
	The function is used to parse a tuple delimited by commas into
	virNetDevBandwidth structure. So far only three out of fore
	fields are supported: average, peak and burst. The single missing
	field is floor. Well, the parsing works, but I think we can do
	better. Especially when we will need to parse floor too in very
	close future.

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSetInterfaceParameters: Use new functions to update bandwidth
	As sketched in previous commits, imagine the following scenario:

	  virsh # domiftune gentoo vnet0
	  inbound.average: 100
	  inbound.peak   : 0
	  inbound.burst  : 0
	  outbound.average: 100
	  outbound.peak  : 0
	  outbound.burst : 0

	  virsh # domiftune gentoo vnet0 --inbound 0

	  virsh # shutdown gentoo
	  Domain gentoo is being shutdown

	  virsh # list --all
	  error: Failed to list domains
	  error: Cannot recv data: Connection reset by peer

	  Program received signal SIGSEGV, Segmentation fault.
	  0x00007fffe80ea221 in networkUnplugBandwidth (net=0x7fff9400c1a0, iface=0x7fff940ea3e0) at network/bridge_driver.c:4881
	  4881            net->floor_sum -= ifaceBand->in->floor;

	This is rather unfortunate. We should not SIGSEGV here. The
	problem is, that while in the second step the inbound QoS was
	cleared out, the network part of it was not updated (moreover, we
	don't report that vnet0 had inbound.floor set). Internal
	structure therefore still had some fragments left (e.g.
	class_id). So when qemuProcessStop() started to clean up the
	environment it got to networkUnplugBandwidth(). Here, class_id is
	set therefore function assumes that there is an inbound QoS. This
	actually is a fair assumption to make, there's no need for a
	special QoS box in network's QoS when there's no QoS to set.
	Anyway, the problem is not the networkUnplugBandwidth() rather
	than qemuDomainSetInterfaceParameters() which completely forgot
	about QoS being disperse (some parts are set directly on
	interface itself, some on bridge the interface is plugged into).

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver: Introduce networkBandwidthUpdate
	So, if a domain vNIC's bandwidth has been successfully set, it's
	possible that because @floor is set on network's bridge, this
	part may need updating too. And that's exactly what this function
	does. While the previous commit introduced a function to check if
	@floor can be satisfied, this does all the hard work. In general,
	there may be three, well four possibilities:

	  1) No change in @floor value (either it remain unset, or its
	  value hasn't changed)

	  2) The @floor value has changed from a non-zero to a non-zero
	  value

	  3) New @floor is to be set

	  4) Old @floor must be cleared out

	The difference between 2), 3) and 4) is, that while in 2) the QoS
	tree on the network's bridge already has a special class for the
	vNIC, in 3) the class must be created from scratch. In 4) it must
	be removed. Fortunately, we have helpers for all three
	interesting cases.

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver: Introduce networkBandwidthChangeAllowed
	When a domain vNIC's bandwidth is to be changed (at runtime) it is
	possible that guaranteed minimal bandwidth (@floor) will change too.
	Well, so far it is, because we still don't have an implementation that
	allows setting it dynamically, so it's effectively erased on:

	    #virsh domiftune $dom vnet0 --inbound 0

	However, that's slightly unfortunate. We do some checks on domain
	startup to see if @floor can be guaranteed. We ought do the same if
	QoS is changed at runtime.

2015-08-11  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevBandwidthUpdateRate: turn class_id into integer
	This is no functional change. It's just that later in the series we
	will need to pass class_id as an integer.

	virNetDevParseMcast: Avoid magic constant
	There is no guarantee that an enum start it mapped onto a value
	of zero. However, we are guaranteed that enum items are
	consecutive integers. Moreover, it's a pity to define an enum to
	avoid using magical constants but then using them anyway.

2015-08-11  Martin Kletzander  <mkletzan@redhat.com>

	conf: Don't try formating non-existing addresses
	Commit a6f9af8292b6 added checking for address colisions between
	starting and ending addresses of forwarding addresses, but forgot that
	there might be no addresses set at all.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Add a bunch of cpu test case for ppc64
	The test cases cover the cpuCompare(), cpuBaseline() and
	cpuNodeData() implementation.

	tests: Re-enable ppc64 cpu tests
	Now that all the changes have been implemented we can run the
	test cases once again, after updating them to reflect the new
	behaviour.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Forbid model fallback in the ppc64 driver
	Unlike what happens on x86, on ppc64 you can't mix and match CPU
	features to obtain the guest CPU you want regardless of the host
	CPU, so the concept of model fallback doesn't apply.

	Make sure CPU definitions emitted by the driver, eg. as output of
	the cpuBaseline() and cpuUpdate() calls, reflect this fact.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Implement backwards compatibility in the ppc64 driver
	All previously recognized CPU models (POWER7_v2.1, POWER7_v2.3,
	POWER7+_v2.1 and POWER8_v1.0) are internally converted to the
	corrisponding generation name so that existing guests don't stop
	working.

	cpu: Add POWER8NVL information to CPU map XML
	This is yet another variation of POWER8. The PVR information comes
	from arch/powerpc/kernel/cputable.c in the Linux kernel tree.

	cpu: Parse and use PVR masks in the ppc64 driver
	Instead of relying on a hard-coded mask value, read it from the CPU
	map XML and use it when looking up models by PVR.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Simplify ppc64 part of CPU map XML
	Use multiple PVRs per CPU model to reduce the number of models we
	need to keep track of.

	Remove specific CPU models (eg. POWER7+_v2.1): the corresponding
	generic CPU model (eg. POWER7) should be used instead to ensure
	the guest can be booted on any compatible host.

	Get rid of all the entries that did not match any of the CPU
	models supported by QEMU, like power8 and power8e.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Support multiple PVRs in the ppc64 driver
	This will allow us to perform PVR matching more broadly, eg. consider
	both POWER8 and POWER8E CPUs to be the same even though they have
	different PVR values.

	cpu: Align ppc64 CPU data with x86
	Use a typedef instead of the plain struct and heap allocation. This
	will make it easier to extend the ppc64 specific CPU data later on.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Temporarily disable ppc64 cpu tests
	The upcoming commits will make heavy modifications to the ppc64
	driver, split so that it's easier to review the changes.

	Instead of updating the test cases so that they pass, possibly
	only to update them again with the following commit, disable them
	for the time being.

	Another commit will update them all in one go once all required
	changes are in place.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Use ppc64Compute() to implement ppc64DriverCompare()
	This ensures comparison of two CPU definitions will be consistent
	regardless of the fact that it is performed using cpuCompare() or
	cpuGuestData(). The x86 driver uses the same exact code.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: CPU model names have to match on ppc64
	Limitations of the POWER architecture mean that you can't run
	eg. a POWER7 guest on a POWER8 host when using KVM. This applies
	to all guests, not just those using VIR_CPU_MATCH_STRICT in the
	CPU definition; in fact, exact and strict CPU matching are
	basically the same on ppc64.

	This means, of course, that hosts using different CPUs have to be
	considered incompatible as well.

	Change ppc64Compute(), called by cpuGuestData(), to reflect this
	fact and update test cases accordingly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250977

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Never skip CPU model name check in ppc64 driver
	ppc64Compute(), called by cpuNodeData(), is used not only to retrieve
	the driver-specific data associated to a guest CPU definition, but
	also to check whether said guest CPU is compatible with the host CPU.

	If the user is not interested in the CPU data, it's perfectly fine
	to pass a NULL pointer instead of a return location, and the
	compatibility data returned should not be affected by this. One of
	the checks, specifically the one on CPU model name, was however
	only performed if the return location was non-NULL.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Improve result handling in cpuTestGuestData()
	A test is considered successful if the obtained result matches
	the expected result: if that's not the case, whether because a
	test that was expected to succeed failed or because a test that
	was supposed to fail succeeded, then something's not right and
	we want the user to know about this.

	On the other hand, if a failure that's unrelated to the bits
	we're testing occurs, then the user should be notified even if
	the test was expected to fail.

	Use different values to tell these two situations apart.

	Fix a test case that was wrongly expected to fail as well.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	tests: Remove unused file
	No functional changes.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Remove ISA information from CPU map XML
	The information is not used anywhere in libvirt.

	No functional changes.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Reorder functions in the ppc64 driver
	Having the functions grouped together this way will avoid further
	shuffling around down the line.

	No functional changes.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Simplify ppc64ModelFromCPU()

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Simplify NULL handling in ppc64 driver
	Use briefer checks, eg. (!model) instead of (model == NULL), and
	avoid initializing to NULL a pointer that would be assigned in
	the first line of the function anyway.

	Also remove a pointless NULL assignment.

	No functional changes.

2015-08-11  Andrea Bolognani  <abologna@redhat.com>

	cpu: Mark driver functions in ppc64 driver
	Use the ppc64Driver prefix for all functions that are used to
	fill in the cpuDriverPPC64 structure, ie. those that are going
	to be called by the generic CPU code.

	This makes it clear which functions are exported and which are
	implementation details; it also gets rid of the ambiguity that
	affected the ppc64DataFree() function which, despite what the
	name suggested, was not related to ppc64DataCopy() and could
	not be used to release the memory allocated for a
	virCPUppc64Data* instance.

	No functional changes.

2015-08-11  Erik Skultety  <eskultet@redhat.com>

	admin: Drop 'internal.h' include from libvirt-admin.h
	This is a public library, it shouldn't include anything that is
	internal. Including the library in it's current state to an example
	application fails the preprocessor phase.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: fail on attempts to use <filterref> for non-tap network connections
	nwfilter uses iptables and ebtables, which only work properly on
	tap-based network connections (*not* on macvtap, for example), but we
	just ignore any <filterref> elements for other types of networks,
	potentially giving users a false sense of security.

	This patch checks the network type and fails/logs an error if any
	domain <interface> has a <filterref> when the connection isn't using a
	tap device.

	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1180011

2015-08-10  Laine Stump  <laine@laine.org>

	network: validate network NAT range
	This patch modifies virSocketAddrGetRange() to function properly when
	the containing network/prefix of the address range isn't known, for
	example in the case of the NAT range of a virtual network (since it is
	a range of addresses on the *host*, not within the network itself). We
	then take advantage of this new functionality to validate the NAT
	range of a virtual network.

	Extra test cases are also added to verify that virSocketAddrGetRange()
	works properly in both positive and negative cases when the network
	pointer is NULL.

	This is the *real* fix for:

	https://bugzilla.redhat.com/show_bug.cgi?id=985653

	Commits 1e334a and 48e8b9 had earlier been pushed as fixes for that
	bug, but I had neglected to read the report carefully, so instead of
	fixing validation for the NAT range, I had fixed validation for the
	DHCP range. sigh.

2015-08-10  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Enable ioeventfd usage for virtio-scsi controllers
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150484

	conf: Add ioeventfd option for controllers
	This will be used with a virtio-scsi controller later on.

2015-08-10  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevBandwidthParseRate: Reject negative values
	https://bugzilla.redhat.com/show_bug.cgi?id=1022292

	The following XML really does not make any sense:

	<inbound average="-1" burst="-2" peak="-3" floor="-4"/>

	There can't be a negative packet rate. Well, so far we haven't
	assigned any meaning to it. So reject it unless users harm themselves,
	because otherwise we turn the negative numbers into really big values.

2015-08-10  Cao jin  <caoj.fnst@cn.fujitsu.com>

	qemuMonitorOpenInternal: remove redundant code
	There's no need to set mon->fd to a dummy value since
	it's initialized to proper value just a few lines below.

2015-08-10  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Remove keepalive_required option
	Since its introduction in 2011 (particularly in commit f4324e329275),
	the option doesn't work.  It just effectively disables all incoming
	connections.  That's because the client private data that contain the
	'keepalive_supported' boolean, are initialized to zeroes so the bool is
	false and the only other place where the bool is used is when checking
	whether the client supports keepalive.  Thus, according to the server,
	no client supports keepalive.

	Removing this instead of fixing it is better because a) apparently
	nobody ever tried it since 2011 (4 years without one month) and b) we
	cannot know whether the client supports keepalive until we get a ping or
	pong keepalive packet.  And that won't happen until after we dispatched
	the ConnectOpen call.

	Another two reasons would be c) the keepalive_required was tracked on
	the server level, but keepalive_supported was in private data of the
	client as well as the check that was made in the remote layer, thus
	making all other instances of virNetServer miss this feature unless they
	all implemented it for themselves and d) we can always add it back in
	case there is a request and a use-case for it.

2015-08-10  Cao jin  <caoj.fnst@cn.fujitsu.com>

	fix typo in comments

2015-08-10  Michal Privoznik  <mprivozn@redhat.com>

	virDomainCoreDumpWithFormat: Mention enum for @dumpformat
	So the API takes @dumpformat argument. This is what makes it special
	when compared to virDomainCoreDump. The argument is there so that
	users can choose the format of resulting core dump file. And to ease
	them the choosing process we even have an enum with supported values
	across all the hypervisors. But we don't mention the enum in  the
	function description anywhere. Fix it!

2015-08-10  Laine Stump  <laine@laine.org>

	network: verify proper address family in updates to <host> and <range>
	By specifying parentIndex in a call to virNetworkUpdate(), it was
	possible to direct libvirt to add a dhcp range or static host of a
	non-matching address family to the <dhcp> element of an <ip>. For
	example, given:

	 <ip address='192.168.122.1' netmask='255.255.255.0'/>
	 <ip family='ipv6' address='2001:db6:ca3:45::1' prefix='64'/>

	you could provide a static host entry with an IPv4 address, and
	specify that it be added to the 2nd <ip> element (index 1):

	  virsh net-update default add ip-dhcp-host --parent-index 1 \
	  '<host mac="52:54:00:00:00:01" ip="192.168.122.45"/>'

	This would be happily added with no error (and no concern of any
	possible future consequences).

	This patch checks that any dhcp range or host element being added to a
	network ip's <dhcp> subelement has addresses of the same family as the
	ip element they are being added to.

	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1184736

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: support new pci controller model "pcie-switch-downstream-port"
	This is backed by the qemu device xio3130-downstream. It can only be
	connected to a pcie-switch-upstream-port (x3130-upstream) on the
	upstream side.

	conf: new pcie-controller model "pcie-switch-downstream-port"
	This controller can be connected only to a port on a
	pcie-switch-upstream-port. It provides a single hotpluggable port that
	will accept any PCI or PCIe device, as well as any device requiring a
	pcie-*-port (the only current example of such a device is the
	pcie-switch-upstream-port).

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: add capabilities bit for device xio3130-downstream
	The downstream ports of an x3130-upstream switch can each have one of
	these plugged into them (and that is the only place they can be
	connected). Each xio3130-downstream provides a single PCIe port that
	can have PCI or PCIe devices hotplugged into it. Apparently an entire
	set of x3130-upstream + several xio3130-downstreams can be hotplugged
	as a unit, but it's not clear to me yet how that would be done, since
	qemu only allows attaching a single device at a time.

	This device will be used to implement the
	"pcie-switch-downstream-port" model of pci controller.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: support new pci controller model "pcie-switch-upstream-port"
	this is backed by the qemu device x3130-upstream. It can only plug
	into a pcie-root-port or pcie-switch-downstream-port.

	conf: new pci controller model "pcie-switch-upstream-port"
	This controller can be connected only to a pcie-root-port or a
	pcie-switch-downstream-port (which will be added in a later patch),
	which is the reason for the new connect type
	VIR_PCI_CONNECT_TYPE_PCIE_PORT. A pcie-switch-upstream-port provides
	32 ports (slot=0 to slot=31) on the downstream side, which can only
	have pci controllers of model "pcie-switch-downstream-port" plugged
	into them, which is the reason for the other new connect type
	VIR_PCI_CONNECT_TYPE_PCIE_SWITCH.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: add capabilities bit for device x3130-upstream
	This is the upstream part of a PCIe switch. It connects to a PCIe port
	(but not PCI) on the upstream side, and can have up to 31
	xio3130-downstream controllers (but no other types of devices)
	connected to its downstream side.

	This device will be used to implement the "pcie-switch-upstream-port"
	model of pci controller.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: support new pci controller model "pcie-root-port"
	This is backed by the qemu device ioh3420.

	chassis and port from the <target> subelement are used to store/set the
	respective qemu device options for the ioh3420. Currently, chassis is
	set to be the index of the controller, and port is set to
	"(slot << 3) + function" (per suggestion from Alex Williamson).

2015-08-10  Laine Stump  <laine@laine.org>

	conf: new pci controller model "pcie-root-port"
	This controller can be connected (at domain startup time only - not
	hotpluggable) only to a port on the pcie root complex ("pcie-root" in
	libvirt config), hence the new connect type
	VIR_PCI_CONNECT_TYPE_PCIE_ROOT. It provides a hotpluggable port that
	will accept any PCI or PCIe device.

	New attributes must be added to the controller <target> subelement for
	this - chassis and port are guest-visible option values that will be
	set by libvirt with values derived from the controller's index and pci
	address information.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: add capabilities bit for device ioh3420
	This is a PCIE "root port". It connects only to a port of the
	integrated pcie.0 bus of a Q35 machine (can't be hotplugged), and
	provides a single PCIe port that can have PCI or PCIe devices
	hotplugged into it.

	This device will be used to implement the "pcie-root-port" model of
	pci controller.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: implement <target chassisNr='n'/> subelement/attribute of <controller>
	This uses the new subelement/attribute in two ways:

	1) If a "pci-bridge" pci controller has no chassisNr attribute, it
	will automatically be set to the controller's index as soon as the
	controller's PCI address is known (during
	qemuDomainAssignPCIAddresses()).

	2) when creating the commandline for a pci-bridge device, chassisNr
	will be used to set qemu's chassis_nr option (rather than the previous
	practice of hard-coding it to the controller's index).

2015-08-10  Laine Stump  <laine@laine.org>

	conf: add new <target> subelement with chassisNr attribute to <controller>
	There are some configuration options to some types of pci controllers
	that are currently automatically derived from other parts of the
	controller's configuration. For example, in qemu a pci-bridge
	controller has an option that is called "chassis_nr"; up until now
	libvirt has always set chassis_nr to the index of the pci-bridge. So
	this:

	  <controller type='pci' model='pci-bridge' index='2'/>

	will always result in:

	  -device pci-bridge,chassis_nr=2,...

	on the qemu commandline. In the future we may decide there is a better
	way to derive that option, but even in that case we will need for
	existing domains to retain the same chassis_nr they were using in the
	past - that is something that is visible to the guest so it is part of
	the guest ABI and changing it would lead to problems for migrating
	guests (or just guests with very picky OSes).

	The <target> subelement has been added as a place to put the new
	"chassisNr" attribute that will be filled in by libvirt when it
	auto-generates the chassisNr; it will be saved in the config, then
	reused any time the domain is started:

	  <controller type='pci' model='pci-bridge' index='2'>
	    <model type='pci-bridge'/>
	    <target chassisNr='2'/>
	  </controller>

	The one oddity of all this is that if the controller configuration
	is changed (for example to change the index or the pci address
	where the controller is plugged in), the items in <target> will
	*not* be re-generated, which might lead to conflict. I can't
	really see any way around this, but fortunately if there is a
	material conflict qemu will let us know and we will pass that on
	to the user.

2015-08-10  Laine Stump  <laine@laine.org>

	qemu: implement <model> subelement to <controller>
	This patch provides qemu support for the contents of <model> in
	<controller> for the two existing PCI controller types that need it
	(i.e. the two controller types that are backed by a device that must
	be specified on the qemu commandline):

	1) pci-bridge - sets <model> name attribute default as "pci-bridge"

	2) dmi-to-pci-bridge - sets <model> name attribute default as
	   "i82801b11-bridge".

	These both match current hardcoded practice.

	The defaults are set at the end of qemuDomainAssignPCIAddresses().
	This can't be done earlier because some of the options that will be
	autogenerated need full PCI address info for the controller, and
	because qemuDomainAssignPCIAddresses() might create extra controllers
	which would need default settings added, and that hasn't yet been done
	at the time the PostParse callbacks are being run.
	qemuDomainAssignPCIAddresses() is still called prior to the XML being
	written to disk, though, so the autogenerated defaults are persistent.

	qemu capabilities bits aren't checked when the domain is defined, but
	rather when the commandline is actually created (so the domain can
	possibly be defined on a host that doesn't yet have support for the
	given device, or a host different from the one where it will
	eventually be run). When the commandline is being generated we compare
	the modelName to known qemu device names implementing the given type
	of controller, and check the capabilities bit for that device.

2015-08-10  Laine Stump  <laine@laine.org>

	conf: add new <model> subelement with name attribute to <controller>
	This new subelement is used in PCI controllers: the toplevel
	*attribute* "model" of a controller denotes what kind of PCI
	controller is being described, e.g. a "dmi-to-pci-bridge",
	"pci-bridge", or "pci-root". But in the future there will be different
	implementations of some of those types of PCI controllers, which
	behave similarly from libvirt's point of view (and so should have the
	same model), but use a different device in qemu (and present
	themselves as a different piece of hardware in the guest). In an ideal
	world we (i.e. "I") would have thought of that back when the pci
	controllers were added, and used some sort of type/class/model
	notation (where class was used in the way we are now using model, and
	model was used for the actual manufacturer's model number of a
	particular family of PCI controller), but that opportunity is long
	past, so as an alternative, this patch allows selecting a particular
	implementation of a pci controller with the "name" attribute of the
	<model> subelement, e.g.:

	  <controller type='pci' model='dmi-to-pci-bridge' index='1'>
	    <model name='i82801b11-bridge'/>
	  </controller>

	In this case, "dmi-to-pci-bridge" is the kind of controller (one that
	has a single PCIe port upstream, and 32 standard PCI ports downstream,
	which are not hotpluggable), and the qemu device to be used to
	implement this kind of controller is named "i82801b11-bridge".

	Implementing the above now will allow us in the future to add a new
	kind of dmi-to-pci-bridge that doesn't use qemu's i82801b11-bridge
	device, but instead uses something else (which doesn't yet exist, but
	qemu people have been discussing it), all without breaking existing
	configs.

	(note that for the existing "pci-bridge" type of PCI controller, both
	the model attribute and <model> name are 'pci-bridge'. This is just a
	coincidence, since it turns out that in this case the device name in
	qemu really is a generic 'pci-bridge' rather than being the name of
	some real-world chip)

2015-08-09  Laine Stump  <laine@laine.org>

	conf: more useful error message when pci function is out of range
	If a pci address had a function number out of range, the error message
	would be:

	  Insufficient specification for PCI address

	which is logged by virDevicePCIAddressParseXML() after
	virDevicePCIAddressIsValid returns a failure.

	This patch enhances virDevicePCIAddressIsValid() to optionally report
	the error itself (since it is the place that decides which part of the
	address is "invalid"), and uses that feature when calling from
	virDevicePCIAddressParseXML(), so that the error will be more useful,
	e.g.:

	  Invalid PCI address function=0x8, must be <= 7

	Previously, virDevicePCIAddressIsValid didn't check for the
	theoretical limits of domain or bus, only for slot or function. While
	adding log messages, we also correct that ommission. (The RNG for PCI
	addresses already enforces this limit, which by the way means that we
	can't add any negative tests for this - as far as I know our
	domainschematest has no provisions for passing XML that is supposed to
	fail).

	Note that virDevicePCIAddressIsValid() can only check against the
	absolute maximum attribute values for *any* possible PCI controller,
	not for the actual maximums of the specific controller that this
	device is attaching to; fortunately there is later more specific
	validation for guest-side PCI addresses when building the set of
	assigned PCI addresses. For host-side PCI addresses (e.g. for
	<hostdev> and for network device pools), we rely on the error that
	will be logged when it is found that the device doesn't actually
	exist.

	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1004596

2015-08-07  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDefParseXML: Check for malicious cpu ids in <numa/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1176020

	Some users think this is a good idea:

	      <vcpu placement='static'>4</vcpu>
	      <cpu mode='host-model'>
	        <model fallback='allow'/>
	        <numa>
	          <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
	          <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
	        </numa>
	      </cpu>

	It's not. Lets therefore introduce a check and discourage them in
	doing so.

2015-08-07  Michal Privoznik  <mprivozn@redhat.com>

	numa_conf: Introduce virDomainNumaGetMaxCPUID
	This function should return the greatest CPU number set in
	/domain/cpu/numa/cell/@cpus. The idea is that we should compare
	the returned value against /domain/vcpu value. Yes, there exist
	users who think the following is a good idea:

	  <vcpu placement='static'>4</vcpu>
	  <cpu mode='host-model'>
	    <model fallback='allow'/>
	    <numa>
	      <cell id='0' cpus='0-1' memory='1048576' unit='KiB'/>
	      <cell id='1' cpus='9-10' memory='2097152' unit='KiB'/>
	    </numa>
	  </cpu>

2015-08-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix reporting of physical capacity for block devices
	Qemu reports physical size 0 for block devices. As 15fa84acbb55ebfee6a4
	changed the behavior of qemuDomainGetBlockInfo to just query the monitor
	this created a regression since we didn't report the size correctly any
	more.

	This patch adds code to refresh the physical size of a block device by
	opening it and seeking to the end and uses it both in
	qemuDomainGetBlockInfo and also in qemuDomainGetStatsOneBlock that was
	broken since it was introduced in this respect.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1250982

2015-08-06  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	Allow vfio hotplug of a device to the domain which owns the iommu
	The commit 7e72de4 didn't consider the hotplug scenarios. The patch addresses
	the hotplug case whereby if atleast one of the pci function is owned by a
	guest, the hotplug of other functions/devices in the same iommu group to the
	same guest goes through successfully.

2015-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDefPostParse: Adjust indent
	While reviewing e8d551725 I've noticed a few unaligned lines.
	Fix this.

	bootstrap: Don't require python-config
	We've split the python bindings a long time ago. However,
	we are still requiring python-config (as an obfuscation to
	python-devel). This does not make any sense. The only thing
	we need is python, not python-devel.

2015-08-06  Pavel Fedin  <p.fedin@samsung.com>

	qemu: Allow to plug virtio-net-pci into PCIe slot
	virtio-net-pci adapter is capable to use irqfd with vhost-net only in MSI-X
	mode, which appears to be available only on PCIe bus, at least on ARM

	qemu: Build correct command line for PCI NICs on ARM
	Legacy -net option works correctly only with embedded device models, which
	do not require any bus specification. Therefore, we should use -device for
	PCI hardware

2015-08-06  Pavel Fedin  <p.fedin@samsung.com>

	qemu: Add PCI-Express root to ARM virt machine
	Here we assume that if qemu supports generic PCI host controller,
	it is a part of virt machine and can be used for adding PCI devices.

	In qemu this is actually a PCIe bus, so we also declare multibus
	capability so that 0'th bus is specified to qemu correctly as 'pcie.0'

2015-08-06  Pavel Fedin  <p.fedin@samsung.com>

	qemu: Introduce QEMU_CAPS_OBJECT_GPEX
	This capability specifies that qemu can implement generic PCI host
	controller. It is often used for virtual environments, including ARM.

2015-08-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid image pre-creation for non-shared storage migration
	Libvirt doesn't reliably know the location of the backing chain when
	pre-creating images for non-shared migration. This isn't a problem for
	full copy, but incremental copy requires the information.

	Forbid pre-creating the image in cases where incremental migration is
	required. This limitation can perhaps be lifted once libvirt will fully
	support loading of backing chain information from the XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1249587

2015-08-05  Andrea Bolognani  <abologna@redhat.com>

	cpu: Indentation changes in the ppc64 driver

2015-08-05  Andrea Bolognani  <abologna@redhat.com>

	cpu: Rename {powerpc,ppc} => ppc64 (internal symbols)
	Update the names of the symbols used internally by the driver.

	No functional changes.

2015-08-05  Andrea Bolognani  <abologna@redhat.com>

	cpu: Rename {powerpc,ppc} => ppc64 (exported symbols)
	Only the symbols exported by the driver have been updated;
	the driver implementation itself still uses the old names
	internally.

	No functional changes.

2015-08-05  Andrea Bolognani  <abologna@redhat.com>

	cpu: Rename {powerpc,ppc} => ppc64 (filesystem)
	The driver only supports VIR_ARCH_PPC64 and VIR_ARCH_PPC64LE.

	Just shuffling files around and updating the build system
	accordingly. No functional changes.

2015-08-05  John Ferlan  <jferlan@redhat.com>

	conf: Resolve Coverity FORWARD_NULL
	The recent changes to perform SCSI device address checks during the
	post parse callbacks ran afoul of the Coverity checker since the changes
	assumed that the 'xmlopt' parameter to virDomainDeviceDefPostParse
	would be non NULL (commit id 'ca2cf74e87'); however, what was missed
	is there was an "if (xmlopt &&" check being made, so Coverity believed
	that it could be possible for a NULL 'xmlopt'.

	Checking the various calling paths seemingly disproves that. If called
	from virDomainDeviceDefParse, there were two other possible calls that
	would end up dereffing, so that path could not be NULL. If called via
	virDomainDefPostParseDeviceIterator via virDomainDefPostParse there
	are two callers (virDomainDefParseXML and qemuParseCommandLine)
	which deref xmlopt either directly or through another call.

	So I'm removing the check for non-NULL xmlopt.

2015-08-05  Luyao Huang  <lhuang@redhat.com>

	virsh: fix domfsinfo output in quiet mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1250287

	When run domfsinfo in quiet mode, we cannot get any
	useful information (just get \n), this is because
	we didn't use vshPrint to print useful information.

2015-08-04  Daniel P. Berrange  <berrange@redhat.com>

	tests: extend workaround for gnutls private key loading failure
	In gnutls 3.4.3 there is a regression in the loading of private
	keys via gnutls_x509_privkey_import. We already have a workaround
	to deal with failures on older gnutls, but the error code that
	the new gnutls returns is different. Extend the workaround so that
	is checks for GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE too.

	See also gnutls https://bugzilla.redhat.com/show_bug.cgi?id=1250020

2015-08-04  John Ferlan  <jferlan@redhat.com>

	conf: Allow error reporting in virDomainDiskSourceIsBlockType
	Rather than provide a somewhat generic error message when the API
	returns false, allow the caller to supply a "report = true" option
	in order to cause virReportError's to describe which of the 3 paths
	that can cause failure.

	Some callers don't care about what caused the failure, they just want
	to have a true/false - for those, calling with report = false should
	be sufficient.

2015-08-04  John Ferlan  <jferlan@redhat.com>

	docs: Add Fibre Channel NPIV supported option for volume lun config
	"Further" clarification (and testing) shows that using a SCSI Fibre
	Channel NPIV device/lun from a storage pool as a <disk type='volume'
	device'lun'> will work. So just add that to the allowable options

	Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1230179

2015-08-04  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	Avoid starting a PowerPC VM with floppy disk
	PowerPC pseries based VMs do not support a floppy disk controller.
	This prohibits libvirt from creating qemu command with floppy device.


	https://bugzilla.redhat.com/show_bug.cgi?id=1180486

2015-08-04  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	Caps: Disable floppy disk for PowerPC VM
	PowerPC pseries based VMs do not support a floppy disk controller.
	This prohibits libvirt from adding floppy disk for a PowerPC pseries VM.

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Change when virDomainDiskDefAssignAddress is called
	Rather than calling virDomainDiskDefAssignAddress during the parsing of
	the XML, moving the setting of disk addresses into the domain/device post
	processing.

	Commit id '37588b25' which introduced VIR_DOMAIN_DEF_PARSE_DISK_SOURCE
	in order to avoid generating the address which wasn't required will not
	be affected by this as all it cared about was processing the source XML.

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Remove unused param from virDomainHostdevDefParseXML
	Remove unused xmlopt param

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Change when virDomainHostdevAssignAddress is called
	Rather than calling virDomainHostdevAssignAddress during the parsing
	of the XML, move the setting of a default hostdev address to domain/
	device post processing.

	Since the parse code no longer generates an address, we can remove
	the virDomainDefMaybeAddHostdevSCSIcontroller since the call to
	virDomainHostdevAssignAddress will attempt to add the controllers
	that were not already defined in the XML.

	This patch will also enforce that the address type is type 'drive'
	when a SCSI subsystem <hostdev> element is provided with an <address>.

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Try controller add when searching hostdev bus for unit
	If virDomainControllerSCSINextUnit failed to find a slot on the current
	VIR_DOMAIN_CONTROLLER_TYPE_SCSI controller(s), try to add a new controller;
	otherwise, there may be multiple unit=0 entries for the same "next"
	controller.

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Add check for host address type while checking in use
	While searching the hostdevs the drive type can be either *_TYPE_DRIVE
	or *_TYPE_NONE.  If the type is _TYPE_NONE on the first scsi_host, then
	there is an erroneous "match" that the address already exists.

	Although this works by chance currently because hostdev's are added one
	at a time and 'nhostdevs' would be zero, thus returning false for the
	first hostdev added, a future patch will move the hostdev address
	assignment into post processing resulting in the bad match.

	This code is only called by path's expecting either drive or none.

2015-08-03  John Ferlan  <jferlan@redhat.com>

	conf: Add xmlopt to virDomainDeviceDefPostParseInternal
	Add the xmlopt parameter that was saved during virDomainDefPostParse
	to the parameters. A future patch will use it.

	conf: Move hostdev and disk address validations
	Move the functions above the post processing for upcoming patch

	conf: Add 'bus' and 'target' to SCSI address conflict checks
	Modify virDomainDriveAddressIsUsedBy{Disk|Hostdev} and
	virDomainSCSIDriveAddressIsUsed to take 'bus' and 'target'
	parameters.  Will be used by future patches for more complete
	address conflict checks

	conf: Remove extraneous check in virDomainHostdevAssignAddress
	Since the only way virDomainHostdevAssignAddress can be called is from
	within virDomainHostdevDefParseXML when hostdev->source.subsys.type is
	VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI, thus there's no need for redundancy.

2015-08-03  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Fix build failure when KVM headers are not available
	Compiler error:

	  ../../src/nodeinfo.c: In function 'nodeGetThreadsPerSubcore':
	  ../../src/nodeinfo.c:2393: error: label 'out' defined but not used [-Wunused-label]
	  ../../src/nodeinfo.c:2352: error: unused parameter 'arch' [-Wunused-parameter]

2015-08-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Remove double unlock for domains
	The virDomainObjListRemove() function unlocks a domain that it's given
	due to legacy code.  And because of that code, which should be
	refactored, that last virObjectUnlock() cannot be just removed.  So
	instead, lock it right back for qemu for now.  All calls to
	qemuDomainRemoveInactive() are followed by code that unlocks the domain
	again, plus the domain should be locked during qemuDomainObjEndJob(), so
	the right place to lock it is right after virDomainObjListRemove().

	The only place where this would cause a problem is the autodestroy
	callback, so we need to get another reference there and uref+unlock it
	afterwards.  Luckily, returning NULL from that function doesn't mean an
	error, and only means that it doesn't need to be unlocked anymore.

2015-08-03  Andrea Bolognani  <abologna@redhat.com>

	tests: Add subcores3 nodeinfo test
	This makes sure the subcore-unaware CPU counting logic is used
	whenever the configuration is invalid.

	tests: Add subcores2 nodeinfo test
	This makes sure CPUs are counted correctly when some of the cores are
	completely offline.

	tests: Add subcores1 nodeinfo test
	This makes sure CPUs are counted correctly when using the default
	configuration, that is, all primary threads are online and all
	secondary threads are offline.

2015-08-03  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	tests: Prepare for subcore tests
	The nodeGetThreadsPerSubcore() function is mocked to return 8 for
	ppc64 tests, which corresponds to the default subcore mode.

	Update the expected output for the deconfigured-cpus nodeinfo
	test to account for this change.

2015-08-03  Shivaprasad G Bhat  <sbhat@linux.vnet.ibm.com>

	nodeinfo: Fix output on PPC64 KVM hosts
	The nodeinfo is reporting incorrect number of cpus and incorrect host
	topology on PPC64 KVM hosts. The KVM hypervisor on PPC64 needs only
	the primary thread in a core to be online, and the secondaries offlined.
	While scheduling a guest in, the kvm scheduler wakes up the secondaries to
	run in guest context.

	The host scheduling of the guests happen at the core level(as only primary
	thread is online). The kvm scheduler exploits as many threads of the core
	as needed by guest. Further, starting POWER8, the processor allows splitting
	a physical core into multiple subcores with 2 or 4 threads each. Again, only
	the primary thread in a subcore is online in the host. The KVM-PPC
	scheduler allows guests to exploit all the offline threads in the subcore,
	by bringing them online when needed.
	(Kernel patches on split-core http://www.spinics.net/lists/kvm-ppc/msg09121.html)

	Recently with dynamic micro-threading changes in ppc-kvm, makes sure
	to utilize all the offline cpus across guests, and across guests with
	different cpu topologies.
	(https://www.mail-archive.com/kvm@vger.kernel.org/msg115978.html)

	Since the offline cpus are brought online in the guest context, it is safe
	to count them as online. Nodeinfo today discounts these offline cpus from
	cpu count/topology calclulation, and the nodeinfo output is not of any help
	and the host appears overcommited when it is actually not.

	The patch carefully counts those offline threads whose primary threads are
	online. The host topology displayed by the nodeinfo is also fixed when the
	host is in valid kvm state.

2015-08-03  Ossi Herrala  <oherrala@gmail.com>

	rpc: Fix slow volume download (virsh vol-download)
	Use I/O vector (iovec) instead of one huge memory buffer as suggested
	in https://bugzilla.redhat.com/show_bug.cgi?id=1026137#c7. This avoids
	doing memmove() to big buffers and performance doesn't degrade if
	source (virNetClientStreamQueuePacket()) is faster than sink
	(virNetClientStreamRecvPacket()).

	Resolves: http://bugzilla.redhat.com/1026137

2015-08-03  Cao jin  <caoj.fnst@cn.fujitsu.com>

	There is no virDomainFindBy{ID, Name, UUID} anymore
	s/virDomainFindBy/virDomainObjListFindBy/

2015-08-03  Luyao Huang  <lhuang@redhat.com>

	qemu: fix some api cannot work when disable cpuset in conf
	If cpuset is disabled or not available, it libvirt must not use it.
	Mainly for actions that do not need it and can use sched_setaffinity()
	or numa_membind() instead, because they will fail without good reason.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1244664

2015-08-03  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump to 1.2.19

2015-08-03  Daniel Veillard  <veillard@redhat.com>

	Fix a trailing space in spec file

	Release of libvirt-1.2.18
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: regenerated

2015-07-31  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not reset labels when migration fails
	When stopping a domain on the destination host after a failed migration,
	we need to avoid reseting security labels since the domain is still
	running on the source host. While we were correctly doing so in some
	cases, there were still some paths which did this wrong.

	https://bugzilla.redhat.com/show_bug.cgi?id=1242904

2015-07-31  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly check for incoming migration job
	In addition to checking the current asynchronous job
	qemuMigrationJobIsActive reports an error if the current job does not
	match the one we asked for. Let's just check the job directly since we
	are not interested in the error in qemuProcessHandleMonitorEOF.

2015-07-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reject migration with memory-hotplug if destination doesn't support it
	If destination libvirt doesn't support memory hotplug since all the
	support was introduced by adding new elements the destination would
	attempt to start qemu with an invalid configuration. The worse part is
	that qemu might hang in such situation.

	Fix this by sending a required migration feature called 'memory-hotplug'
	to the destination. If the destination doesn't recognize it it will fail
	the migration.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1248350

2015-07-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix syntax-check: missing "%s"

	Load nbd module before running qemu-nbd
	So far qemu-nbd is run even if the nbd kernel module isn't loaded. This
	leads to errors when the user starts his lxc container while libvirt
	could easily load the nbd module automatically.

2015-07-29  Erik Skultety  <eskultet@redhat.com>

	qemu: Adjust VM id allocation
	Our atomic increment (virAtomicIntInc) uses (if available) gcc
	__sync_add_and_fetch builtin. In qemu driver though, we'd profit more
	from __sync_fetch_and_add builtin. To keep it simplistic, this patch
	adjusts qemu driver initialization rather than adding a new atomic
	increment macro.

2015-07-28  Peter Krempa  <pkrempa@redhat.com>

	lxc: Don't accidentaly reset autostart flag in virLXCProcessCleanup
	virDomainDeleteConfig is meant to delete the persistent config and thus
	it resets vm->autostart. Copy parts of qemuProcessRemoveDomainStatus to
	a new helper to avoid using the incorrect function.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1230071

2015-07-27  Daniel P. Berrange  <berrange@redhat.com>

	remote: fix typo in remoteDomainOpenGraphicsFD
	The remoteDomainOpenGraphicsFD method was using the wrong RPC
	arg struct remote_domain_open_graphics_args instead of
	remote_domain_open_graphics_fd_args. Fortunately both structs
	had identical contents so there was no functional bug, but to
	avoid confusing future maintainers, we should fix it.

2015-07-27  Martin Kletzander  <mkletzan@redhat.com>

	admin: Tiny cleanups
	First hunk changes the use of srcdir to top_srcdir so it complies with
	other rules in the Makefile.  Second one removes the need of
	remote_protocol.h in admin_protocol.h as it was suggested and worked in,
	but this one line was missed apparently.  Last one just removes the
	'remote' naming from admin protocol specification, just so it's cleaner.

2015-07-27  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Check for iotune_max support properly
	Commit d506a51aeb2a7a7b0c963f760e32b94376ea7173 meant to check for
	QEMU_CAPS_DRIVE_IOTUNE_MAX, but checked for QEMU_CAPS_DRIVE_IOTUNE
	instead.  That's clearly visible from the diff, but it got in.  Because
	of that, we were supplying information unknown for QEMU if it wasn't new
	enough and we couldn't even properly handle the error, leading to
	"Unexpected error".  Also iops_size came at the same time with all the
	other "_max" options, so check whether we're not setting that either if
	QEMU_CAPS_DRIVE_IOTUNE_MAX is not supported.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1224053

2015-07-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: Finish rename of the long nodeinfo test case
	Commit 2094d01e2f54e5774c0d0d380e83154b42ea65be forgot to rename two
	more files.

2015-07-27  Daniel Veillard  <veillard@redhat.com>

	Renamed deconfigured-cpus to allow make dist
	Simplest was just to rename that extra long name and move files in git
	accordingly

2015-07-25  Laine Stump  <laine@laine.org>

	conf: add virDomainControllerDefNew()
	There are some non-0 default values in virDomainControllerDef (and
	will soon be more) that are easier to not forget if the remembering is
	done by a single initializer function (rather than inline code after
	allocating the obejct with generic VIR_ALLOC().

2015-07-25  Laine Stump  <laine@laine.org>

	qemu: reorganize loop in qemuDomainAssignPCIAddresses
	This loop occurs just after we've assured that all devices that
	require a PCI device have been assigned and all necessary PCI
	controllers have been added. It is the perfect place to add other
	potentially auto-generated PCI controller attributes that are
	dependent on the controller's PCI address (upcoming patch).

	There is a convenient loop through all controllers at the end of the
	function, but the patch to add new functionality will be cleaner if we
	first rearrange that loop a bit.

	Note that the loop originally was accessing info.addr.pci.bus prior to
	determining that the pci part of the object was valid. This isn't
	dangerous in any way, but seemed a bit ugly, so I fixed it.

2015-07-25  Laine Stump  <laine@laine.org>

	conf: pay attention to bus minSlot/maxSlot when autoassigning PCI addresses
	The function that auto-assigns PCI addresses was written with the
	hardcoded assumptions that any PCI bus would have slots available
	starting at 1 and ending at 31. This isn't true for many types of
	controllers (some have a single slot/port at 0, some have slots/ports
	from 0 to 31). This patch updates that function to remove the
	hardcoded assumptions. It will properly find/assign addresses for
	devices that can only connect to pcie-(root|downstream)-port (which
	have minSlot/maxSlot of 0/0) or a pcie-switch-upstream-port (0/31).

	It still will not auto-create a new bus of the proper kind for these
	connections when one doesn't exist, that task is for another day.

2015-07-24  Chris J Arges  <chris.j.arges@canonical.com>

	tests: add vol-qcow2-zerocapacity test to storagevolxml2argvtest
	Add a testcase for the previous change to ensure zero capacity volumes can be
	defined without a backing store.

	storage: allow zero capacity with non-backing file to be created
	In commit 155ca616e, a change was introduced that no longer allowed defining
	volumes via XML with a capacity of '0'. Because we check for info.size_arg
	to be non-zero, this use-case fails. This patch allows info.size_arg to be
	zero if no backing store is specified.

2015-07-24  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Check for SYSFS_INFINIBAND_DIR before open
	Commit id 'ac3ed2085' causes 'virsh nodedev-list --cap net' to fail
	on any system without SYSFS_INFINIBAND_DIR (/sys/class/infiniband).

	Rather than assume it's there and fail on the attempt to open the
	non-existent directory, check if it's there - if not, return
	success and move on. Also fix caller to check < 0 upon return.

	As reported by Suren Hajyan <shajyan@redhat.com> from run of unit tests

2015-07-24  Cao jin  <caoj.fnst@cn.fujitsu.com>

	fix typo in qemu_monitor

2015-07-24  Martin Kletzander  <mkletzan@redhat.com>

	Revert "qemu: Use heads parameter for QXL driver"
	This reverts commit 7b401c3bdacdf8367a0070e625d73eafb802045d.

	Until libvirt is able to differentiate whether heads='1' is just a
	leftover from previous libvirt or whether that's added by user on
	purpose and also whether the domain was started with the support for
	qxl's max_outputs, we cannot incorporate this patch into the tree
	due to compatibility reasons.

2015-07-24  Luyao Huang  <lhuang@redhat.com>

	test: introduce a function in test driver to check get vcpupin info
	As there is a regression in use vcpupin get info, introduce a new function
	to test the virsh client.

2015-07-23  Laine Stump  <laine@laine.org>

	conf: reorganize virNetworkDHCPDefParseXML
	This makes the range and static host array management in
	virNetworkDHCPDefParseXML() more similar to what is done in
	virNetworkDefUpdateIPDHCPRange() and virNetworkDefUpdateIPDHCPHost() -
	they use VIR_APPEND_ELEMENT rather than a combination of
	VIR_REALLOC_N() and separate incrementing of the array size.

	The one functional change here is that a memory leak of the contents
	of the last (unsuccessful) virNetworkDHCPHostDef was previously leaked
	in certain failure conditions, but it is now properly cleaned up.

2015-07-23  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Check for errors when reading core_id

2015-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve: document clock configuration

2015-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add UTC clock support
	Bhyve as of r279225 (FreeBSD -CURRENT) or r284894 (FreeBSD 10-STABLE)
	supports using UTC time offset via the '-u' argument to bhyve(8). By
	default it's still using localtime.

	Make the bhyve driver use UTC clock if it's requested by specifying
	<clock offset='utc'> in domain XML and if the bhyve(8) binary supports
	the '-u' flag.

2015-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	netdev: fix build on FreeBSD
	Commit ac3ed20 breaks build on FreeBSD with:

	  CC       util/libvirt_util_la-virnetdev.lo
	util/virnetdev.c:2967:1: error: unused function 'virNetDevRDMAFeature' [-Werror,-Wunused-function]
	virNetDevRDMAFeature(const char *ifname,
	^

	So hide virNetDevRDMAFeature function under the #ifdef 'SIOCETHTOOL'
	and 'HAVE_STRUCT_IFREQ' section.

	Pushed under the build breaker rule.

2015-07-22  Daniel P. Berrange  <berrange@redhat.com>

	configure: clarify rationale for checking pkcheck
	We don't need pkcheck binary, but we must detect it in order
	to see if we're preferring polkit-1 over polkit-0 when both
	are installed. We should also check $with_dbus to see if we
	have dbus-devel available, as that's required to talk to
	polkit-1.

2015-07-22  Luyao Huang  <lhuang@redhat.com>

	qemu: fix the error cover issue in SetMemoryParameters
	https://bugzilla.redhat.com/show_bug.cgi?id=1245476

	We won't return the errno after commit 0d7f45ae, and
	the more clearly error will be set in the code in vircgroup*.
	Also We will always report error "Operation not permitted",
	because the return is -1.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Calculate present and online CPUs only once
	Move the calls to the respective functions from virNodeParseNode(),
	which is executed once for every NUMA node, to
	linuxNodeInfoCPUPopulate(), which is executed just once per host.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Use a bitmap to keep track of node CPUs
	Keep track of what CPUs belong to the current node while walking
	through the sysfs node entry, so we don't need to do it a second
	time immediately afterwards.

	This also allows us to loop through all CPUs that are part of a
	node in guaranteed ascending order, which is something that is
	required for some upcoming changes.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Use nodeGetOnlineCPUBitmap() when parsing node
	No need to look up the online status of each CPU separately when we
	can get all the information in one go.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Phase out cpu_set_t usage
	Swap out all instances of cpu_set_t and replace them with virBitmap,
	which some of the code was already using anyway.

	The changes are pretty mechanical, with one notable exception: an
	assumption has been added on the max value we can run into while
	reading either socket_it or core_id.

	While this specific assumption was not in place before, we were
	using cpu_set_t improperly by not making sure not to set any bit
	past CPU_SETSIZE or explicitly allocating bigger bitmaps; in fact
	the default size of a cpu_set_t, 1024, is way too low to run our
	testsuite, which includes core_id values in the 2000s.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Rename nodeGetCPUBitmap() to nodeGetOnlineCPUBitmap()
	The new name makes it clear that the returned bitmap contains the
	information about which CPUs are online, not eg. which CPUs are
	present.

	No behavioral change.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Remove out parameter from nodeGetCPUBitmap()
	Not all users of this API will need the size of the returned
	bitmap; those who do can simply call virBitmapSize() themselves.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Add old kernel compatibility to nodeGetPresentCPUBitmap()
	If the cpu/present file is not available, we assume that the kernel
	is too old to support non-consecutive CPU ids and return a bitmap
	with all the bits set to represent this fact. This assumption is
	already exploited in nodeGetCPUCount().

	This means users of this API can expect the information to always
	be available unless an error has occurred, and no longer need to
	treat the NULL return value as a special case.

	The error message has been updated as well.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Rename linuxParseCPUmax() to linuxParseCPUCount()
	The original name was confusing because the function returns the number
	of CPUs, not the maximum CPU id. The comment above the function has
	been updated to reflect this.

	No behavioral changes.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Introduce linuxGetCPUOnlinePath()

	nodeinfo: Introduce linuxGetCPUGlobalPath()
	This is just a more generic version of linuxGetCPUPresentPath(),
	which is now implemented by calling the new function appropriately.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Fix nodeGetCPUBitmap()'s fallback code path
	During the recent refactoring/cleanups, a bug has been introduced
	that caused all CPUs to be reported as online unless the sysfs
	cpu/present file was available.

	This commit fixes the fallback code path by building the directory
	path passed to virNodeGetCpuValue() correctly.

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Add nodeGetPresentCPUBitmap() to libvirt_private.syms

2015-07-22  Andrea Bolognani  <abologna@redhat.com>

	tests: Restore links in deconfigured-cpus nodeinfo test
	When cleaning up the data (taken from a running system) for inclusion
	I went a little too far and deleted a bunch of links that should have
	been left alone. The test worked despite this because it was going
	through a fallback code path.

	A few other files are affected as well: again, the data is taken from
	a running system, so even thought we would probably be okay if we
	just added the links, aligning everything is definitely safer.

2015-07-22  Peter Krempa  <pkrempa@redhat.com>

	cgroup: Drop resource partition from virSystemdMakeScopeName
	The scope name, even according to our docs is
	"machine-$DRIVER\x2d$VMNAME.scope" virSystemdMakeScopeName would use the
	resource partition name instead of "machine-" if it was specified thus
	creating invalid scope paths.

	This makes libvirt drop cgroups for a VM that uses custom resource
	partition upon reconnecting since the detected scope name would not
	match the expected name generated by virSystemdMakeScopeName.

	The error is exposed by the following log entry:

	debug : virCgroupValidateMachineGroup:302 : Name 'machine-qemu\x2dtestvm.scope' for controller 'cpu' does not match 'testvm', 'testvm.libvirt-qemu' or 'machine-test-qemu\x2dtestvm.scope'

	for a "/machine/test" resource and "testvm" vm.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238570

2015-07-21  Cole Robinson  <crobinso@redhat.com>

	spec: Fix polkit dep on F23
	As of fedora polkit-0.113-2, polkit-devel only pulls in polkit-libs, not
	full polkit, but we need the latter for pkcheck otherwise our configure
	test fails.

2015-07-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Refactor block job waiting in cmdBlockCopy
	Similarly to the refactor of cmdBlockCommit in a previous commit this
	does the same change for cmdBlockCopy.

	virsh: Refactor block job waiting in cmdBlockCommit
	Reuse the vshBlockJobWait infrastructure to refactor cmdBlockCommit to
	use the common code. This additionally fixes a bug when working with
	new qemus, where when doing an active commit with --pivot the pivoting
	would fail, since qemu reaches 100% completion but the job doesn't
	switch to synchronized phase right away.

2015-07-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Refactor block job waiting in cmdBlockPull
	Introduce helper function that will provide logic for waiting for block
	job completion so the 3 open coded places can be unified and improved.

	This patch introduces the whole logic and uses it to fix
	cmdBlockJobPull. The vshBlockJobWait function provides common logic for
	block job waiting that should be robust enough to work across all
	previous versions of libvirt. Since virsh allows passing user-provided
	strings as paths of block devices we can't reliably use block job events
	for detection of block job states so the function contains a great deal
	of fallback logic.

2015-07-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Update state of block job to READY only if it actually is ready
	Few parts of the code looked at the current progress of and assumed that
	a two phase blockjob is in the _READY state as soon as the progress
	reached 100% (info.cur == info.end). In current versions of qemu this
	assumption is invalid and qemu exposes a new flag 'ready' in the
	query-block-jobs output that is set to true if the job is actually
	finished.

	This patch adds internal data handling for reading the 'ready' flag and
	acting appropriately as long as the flag is present.

	While this still doesn't fix the virsh client problem with two phase
	block jobs and the --pivot option, it at least improves the error
	message:

	$ virsh blockcommit  --wait --verbose vm vda  --base vda[1] --active --pivot
	Block commit: [100 %]error: failed to pivot job for disk vda
	error: internal error: unable to execute QEMU command 'block-job-complete': The active block job for device 'drive-virtio-disk0' cannot be completed

	to

	$ virsh blockcommit  --wait --verbose VM vda  --base vda[1] --active --pivot
	Block commit: [100 %]error: failed to pivot job for disk vda
	error: block copy still active: disk 'vda' not ready for pivot yet

2015-07-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Refactor argument handling in cmdBlockPull
	Put all argument parsing together and refactor the argument checking
	code.

	virsh: Refactor argument handling in cmdBlockCopy
	Put all argument parsing together and refactor the argument checking
	code.

	virsh: Refactor argument checking in cmdBlockCommit
	Use the VSH_EXCLUSIVE_OPTIONS to exclude combinations of --pivot and
	--keep-overlay and refactor the enforcing of the --wait option and other
	flags that imply --wait.

	virsh: Kill blockJobImpl by moving the final impl into cmdBlockCommit
	Final cleanup to get rid of the hub function.

	virsh: Split out block pull implementation from blockJobImpl

	virsh: block job: separate abort from blockJobImpl

	virsh: blockjob: Split out vshBlockJobSetSpeed from blockJobImpl

	virsh: cmdBlockJob: Switch to declarative flag interlocking
	Use the VSH_EXCLUSIVE_OPTIONS_VAR to interlock incompatible options.
	Since a variable named 'abort' would conflict with older compilers use
	VSH_EXCLUSIVE_OPTIONS for the --abort option.

	virsh: blockjob: Extract block job info code into a separate function
	cmdBlockJob will be converted to a hub that will call into the
	individual executor functions.

2015-07-21  Moshe Levi  <moshele@mellanox.com>

	nodedev: add RDMA and tx-udp_tnl-segmentation NIC capabilities
	Adding functionality to libvirt that will allow
	it query the interface for the availability of RDMA and
	tx-udp_tnl-segmentation Offloading NIC capabilities

	Here is an example of the feature XML definition:

	<device>
	<name>net_eth4_90_e2_ba_5e_a5_45</name>
	  <path>/sys/devices/pci0000:00/0000:00:03.0/0000:08:00.1/net/eth4</path>
	  <parent>pci_0000_08_00_1</parent>
	  <capability type='net'>
	    <interface>eth4</interface>
	    <address>90:e2:ba:5e:a5:45</address>
	    <link speed='10000' state='up'/>
	    <feature name='rx'/>
	    <feature name='tx'/>
	    <feature name='sg'/>
	    <feature name='tso'/>
	    <feature name='gso'/>
	    <feature name='gro'/>
	    <feature name='rxvlan'/>
	    <feature name='txvlan'/>
	    <feature name='rxhash'/>
	    <feature name='rdma'/>
	    <feature name='txudptnl'/>
	    <capability type='80203'/>
	  </capability>
	</device>

2015-07-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	nodeinfo: fix build on FreeBSD
	Currently, build fails on FreeBSD with:

	  CC       libvirt_driver_la-nodeinfo.lo
	nodeinfo.c:1941:56: error: use of undeclared identifier 'SYSFS_SYSTEM_PATH'
	    const char *prefix = sysfs_prefix ? sysfs_prefix : SYSFS_SYSTEM_PATH;
	                                                       ^
	1 error generated.

	This is caused by commit b97b3048 that added sysfs_prefix to
	nodeCapsInitNUMA and used SYSFS_CPU_PATH.

	Fix it by unconditionally defining SYSFS_CPU_PATH instead of defining it
	under #ifdef __linux__.

2015-07-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Reject updating unsupported disk information
	If one calls update-device with information that is not updatable,
	libvirt reports success even though no data were updated.  The example
	used in the bug linked below uses updating device with <boot order='2'/>
	which, in my opinion, is a valid thing to request from user's
	perspective.  Mainly since we properly error out if user wants to update
	such data on a network device for example.

	And since there are many things that might happen (update-device on disk
	basically knows just how to change removable media), check for what's
	changing and moreover, since the function might be usable in other
	drivers (updating only disk path is a valid possibility) let's abstract
	it for any two disks.

	We can't possibly check for everything since for many fields our code
	does not properly differentiate between default and unspecified values.
	Even though this could be changed, I don't feel like it's worth the
	complexity so it's not the aim of this patch.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1007228

2015-07-20  Martin Kletzander  <mkletzan@redhat.com>

	Escape left brace as new perl suggests
	After upgrade to perl-5.22.0, it started complaining about one of our
	scripts.  The thing is that even though it works, it wants all curly
	brackets escaped properly.  The change is not functional, it merely gets
	rid of the following error:

	  Unescaped left brace in regex is deprecated, passed through in regex;
	  marked by <-- HERE in m/^enum { <-- HERE / at -e line 3.

	There is one more error like this that I'm getting, but it is because of
	GNU automake bug #21001:

	  https://debbugs.gnu.org/cgi/bugreport.cgi?bug=21001

2015-07-20  Frediano Ziglio  <fziglio@redhat.com>

	qemu: Use heads parameter for QXL driver
	Allows to specify maximum number of head to QXL driver.

	Actually can be a compatiblity problem as heads in the XML configuration
	was set by default to '1'.

2015-07-17  Christophe Fergeau  <cfergeau@redhat.com>

	storage: Fix pool building when directory already exists
	Currently, when trying to virsh pool-define/virsh pool-build a new
	'dir' pool, if the target directory already exists, virsh
	pool-build/virStoragePoolBuild will error out. This is a change of
	behaviour compared to eg libvirt 1.2.13

	This is caused by the wrong type being used for the dir_create_flags
	variable in virStorageBackendFileSystemBuild , it's defined as a bool
	but is used as a flag bit field so should be unsigned int (this matches
	the type virDirCreate expects for this variable).

	This should fix https://bugzilla.gnome.org/show_bug.cgi?id=752417 (GNOME
	Boxes) and https://bugzilla.redhat.com/show_bug.cgi?id=1244080
	(downstream virt-manager).

2015-07-17  Daniel P. Berrange  <berrange@redhat.com>

	rpc: ensure daemon is spawn even if dead socket exists
	The auto-spawn code would originally attempt to spawn the
	daemon for both ENOENT and ECONNREFUSED errors from connect().
	The various refactorings eventually lost this so we only
	spawn the daemon on ENOENT. The result is if the daemon exits
	uncleanly, so that the socket is left in the filesystem, we
	will never be able to auto-spawn the daemon again.

2015-07-17  Michal Privoznik  <mprivozn@redhat.com>

	viraccessperm.h: Fix some typos
	Like s/authoriation/authorization/ and s/requries/requires/

2015-07-17  Martin Kletzander  <mkletzan@redhat.com>

	docs: Document how libvirt handles companion controllers
	The information on companion controllers we give in our documentation is
	rather sparse.  For example, it looks like any controller can be used as
	a companion one.  Also, when using ich9-uhci2, for example, we are able
	to set some sensible defaults, but it might get confusing for the user
	as we don't do that for all controller models.

	https://bugzilla.redhat.com/show_bug.cgi?id=1069590

2015-07-16  John Ferlan  <jferlan@redhat.com>

	rbd: Return error from rbd_create for message processing
	Resolving an error reporting bug introduced by commit id '761491e' which
	just took the return of virStorageBackendRBDCreateImage and used it as
	the basis for the message generated. This would generate EPERM regardless
	of error seen.

2015-07-16  Wido den Hollander  <wido@widodh.nl>

	rbd: Use RBD format 2 by default when creating images.
	We used to look at the librbd code version and depending on that
	we would invoke rbd_create3() or rbd_create().

	Since librbd version 0.67.9 we can however tell RBD that it should
	create rbd format 2 images even if we invoke rbd_create().

	The less options we pass to librbd, the more we can lean on the sane
	defaults it uses.

	For rbd_create3() we had things like the stripe count and unit hardcoded
	in libvirt and that might cause problems down the road.

2015-07-16  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Don't output node frequency if unknown
	Commit ed8155eafbff5c5ca0bdfe84a8388f58b718c2f9 documented that
	mhz field in virNodeInfo might be 0 if the frequency is unknown.  Modify
	virsh to know about that.

2015-07-15  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Test for virtio-9p-ccw support
	This patch adds a test for the qemu command line generation.

	Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-07-15  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Make virtio-9p-ccw the default for s390-ccw-virtio machines
	For s390-ccw-virtio machines the default bus type is set to ccw.
	Specifing an address element allows to override the default.

	Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-07-15  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Support for virtio-9p-ccw
	Adding the recently in qemu added 9pfs support for virtio-ccw.

	Reviewed-by: Jason J. Herne <jjherne@us.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-07-15  Michal Privoznik  <mprivozn@redhat.com>

	daemonRunStateInit: Fix a typo on a comment
	s/priviledged/privileged/

	virsh: Teach cmdFreepages to work with lxc driver
	Some drivers don't expose available huge page sizes in the
	capabilities XML. For instance, LXC driver is one of those.
	This has a downside that when virsh is trying to get
	aggregated info on free pages per all NUMA nodes, it fails.
	The problem is that the virNodeGetFreePages() API expects
	caller to pass an array of page sizes he is interested in.
	In virsh, this array is filled from the capabilities from
	'/capabilities/host/cpu/pages' XPath. As said, in LXC
	there's no such XPath and therefore virsh fails currently.
	But hey, we can fallback: the page sizes are exposed under
	'/capabilities/host/topology/cells/cell/pages'. The page
	size can be collected from there, and voilà the command
	works again. But now we must make sure that there are no
	duplicates in the array passed to the public API. Otherwise
	we won't get as beautiful output as we are getting now.

2015-07-15  Michal Privoznik  <mprivozn@redhat.com>

	cmdVcpuPin: Remove dead code
	There's this condition:

	flags & VIR_DOMAIN_AFFECT_CURRENT && virDomainIsActive(dom)

	which can never be true since VIR_DOMAIN_AFFECT_CURRENT has hardcoded
	value of zero. Therefore virDomainIsActive() is a dead code. However,
	the condition could make sense if it is rewritten as the following:

	!(flags & VIR_DOMAIN_AFFECT_CONFIG) && virDomainIsActive(dom)

2015-07-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationRun: Don't leak @fd
	If we are migrating to an UNIX socket, we accept() a connection
	from qemu and use that FD to set up a tunnel. However, the FD is
	not closed as often as it should be.

2015-07-15  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: wait for nbd device to be up to get its PIDs
	The nbd device pid file doesn't appear immediately after starting
	qemu-nbd: adding a small loop to wait for it before getting it's
	processes PIDs.

	Fix qemu-nbd cleanup crashes
	The virLXCControllerAppendNBDPids function didn't properly initialize
	pids and npids. In case of failure it was crashing when freeing those.

2015-07-14  Andrea Bolognani  <abologna@redhat.com>

	nodeinfo: Formatting changes

	nodeinfo: Make sysfs_prefix usage more consistent
	Make sure sysfs_prefix, when present, is always the first argument
	to a function; don't use a different name to refer to it; check
	whether it is NULL, and hence SYSFS_SYSTEM_PATH should be used, only
	when using it directly and not just passing it down to another
	function; always pass down the same value we've been passed when
	calling another function.

2015-07-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Improve update of maximum balloon state at startup
	In commit 641a145d73fdc3dd9350fd57b3d3247abf101c05 I've added code that
	resets the balloon memory value to full size prior to resuming the vCPUs
	since the size certainly was not reduced at that point.

	Since qemuProcessStart is used also in code paths with already booted
	up guests (migration, save/restore) the assumption is not entirely true
	since the guest might already been running before.

	This patch adds a function that queries the monitor rather than using
	the full size since a balloon event would not be reissued in case we are
	recovering a saved migration state.

	Additionally the new function is used also when reconnecting to a VM
	after libvirtd restart since we might have missed a few balloon events
	while libvirtd was not running.

2015-07-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSetNumaParamsLive: Check for NUMA mode more wisely
	https://bugzilla.redhat.com/show_bug.cgi?id=1232663

	In one of my previous ptaches (bcd9a564) I've tried to fix the problem
	that we blindly assumed strict NUMA mode for guests. This led to
	several problems like us pinning a domain onto a nodeset via libnuma
	among with CGroups. Once the nodeset was changed by user, well, it did
	not result in desired effect. See the original commit for more info.
	But, the commit I wrote had a bug: when NUMA parameters are changed on
	a running domain we require domain to be strictly pinned onto a
	nodeset. Due to a typo a condition was mis-evaluated.

2015-07-14  Martin Kletzander  <mkletzan@redhat.com>

	network: Add another collision check into networkCheckRouteCollision
	The comment above that function says: "This function can be a lot more
	exhaustive, ...", so let's be.

	Check for collisions between routes in the system and static routes
	being added explicitly from the <route/> element of the network XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1094205

2015-07-14  Martin Kletzander  <mkletzan@redhat.com>

	conf: Add getter for network routes
	Add virNetworkDefGetRouteByIndex() similarly to
	virNetworkDefGetIpByIndex(), but for routes.

2015-07-13  Andrea Bolognani  <abologna@redhat.com>

	tests: Add nodeinfo test for non-present CPUs
	Some of the possible CPUs in a system might not be present, eg. they
	might be defective or might have been deconfigured from the ASM console
	in a Power system. Due to this fact, Linux keeps track of what CPUs are
	possible and what are present separately.

	This test uses the data from a system where not all the possible CPUs
	are present to make sure libvirt handles this situation correctly.

2015-07-13  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	nodeinfo: fix to parse present cpus rather than possible cpus
	This patch resolves a situation where a core is defective and is not
	in the present mask during boot. Optionally a host can have empty sockets
	could be brought online if the socket is added. In this case the present
	mask contains the cpu's that are actually there in the sockets even though
	they might be offline for some reason. This patch excludes the cpu's that
	are offline because the socket is defective/empty by checking the present
	mask before reading the cpu directory. Otherwise, the nodeinfo on such
	hosts always displays wrong output which includes the defective/empty
	sockets as set of offline cpu's.

2015-07-13  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Add sysfs_prefix to nodeGetMemoryStats
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

2015-07-13  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Add sysfs_prefix to nodeCapsInitNUMA
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_CPU_PATH which is a
	derivative of SYSFS_SYSTEM_PATH

	Use cpupath for nodeCapsInitNUMAFake and remove SYSFS_CPU_PATH

2015-07-13  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Add sysfs_prefix to nodeGetInfo
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

	nodeinfo: Add sysfs_prefix to nodeGetCPUMap
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

	nodeinfo: Add sysfs_prefix to nodeGetCPUBitmap
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

	nodeinfo: Add sysfs_prefix to nodeGetPresentCPUBitmap
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

	nodeinfo: Add sysfs_prefix to nodeGetCPUCount
	Add the sysfs_prefix argument to the call to allow for setting the
	path for tests to something other than SYSFS_SYSTEM_PATH.

2015-07-13  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Introduce local linuxGetCPUPresentPath
	The API will print the path to the /cpu/present file using the sysfs_prefix.

	NB: This is setup for future patches which will allow local/test sysfs paths.

2015-07-13  Michal Privoznik  <mprivozn@redhat.com>

	virt-driver-vz: Require parallels-7.0.22 at least
	With the latest patch to the vz driver (7d73ca06cefe) I was
	getting some compilation errors. It turned out, my installation
	of the parallels SDK was not as fresh as it could be. Parallels
	installed in my system were missing the
	PRL_USE_VNET_NAME_FOR_BRIDGE_NAME symbol which simply was not
	introduced at the time I was installing the SDK. The symbol was
	introduced in 86e62a5d which was then part of the 7.0.22 release.
	Require that version at least therefore.

	configure: Move Virtuozzo checks to a specific module
	Eventually, every driver will be moved to a special module.
	But for today the winner is Virtuozzo driver.

2015-07-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHandleMigrationStatus: Update migration status more frequently
	After Jirka's migration patches libvirt is listening on migration
	events from qemu instead of actively polling on the monitor. There is,
	however, a little regression (introduced in 6d2edb6a42d0d41). The
	problem is, the current status of migration job is updated in
	qemuProcessHandleMigrationStatus if and only if migration job was
	started. But eventually every asynchronous job may result in
	migration. Therefore, since this job is not strictly a
	migration job, internal state was not updated and later checks failed:

	  virsh # save fedora22 /tmp/fedora22_ble.save
	  error: Failed to save domain fedora22 to /tmp/fedora22_ble.save
	  error: operation failed: domain save job: is not active

2015-07-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: set dom0 state to running
	Commit 45697fe5 added dom0 to driver->domains, but missed
	setting its state to 'running'

	$ virsh list
	 Id    Name                           State
	----------------------------------------------------
	 0     Domain-0                       shut off

2015-07-10  Dmitry Guryanov  <dguryanov@parallels.com>

	vz: fix cleanup of nets of bridged type
	We create a virtual network of special type, which
	has the same name as bridge name to create bridged
	network adapter in vz. So when we delete such an
	adapter we have to remove corresponding virtual
	network.

	So let's rename prlsdkDelNet to prlsdkCleanupBridgedNet
	and don't check for return value.

2015-07-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use error from Finish instead of "unexpectedly failed"
	When QEMU exits on destination during migration, the source reports
	either success (if the failure happened at the very end) or unhelpful
	"unexpectedly failed" error message. However, the Finish API called on
	the destination may report a real error so let's use it instead of the
	generic one.

2015-07-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't report false error from MigrateFinish
	virDomainMigrateFinish* APIs were unfortunately designed to return the
	pointer to the domain on destination and NULL on error. This looks OK in
	normal cases but the same API is also called when we know migration
	failed and thus we expect Finish to return NULL even if it actually did
	all it was supposed to do without any error. The call is defined to
	return nonnull domain pointer over RPC, which means returning NULL will
	always result in an error being send. If this was not in fact an error,
	the API itself wouldn't set anything to the thread local virError, which
	makes the RPC layer come up with it's own "Library function returned
	error but did not set virError" error.

	This is quite confusing and also hard to detect by the caller. This
	patch adds a special error code which can be used to check that Finish
	successfully aborted migration.

2015-07-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remember incoming migration errors
	If QEMU fails during incoming migration, the domain disappears including
	a possibly useful error message read from QEMU log file. Let's remember
	the error in virQEMUDriver so that Finish can report more than just "no
	such domain".

	Introduce virErrorCopyNew
	A helper function for copying error objects.

	Introduce virHashAtomic
	This is a self-locking wrapper around virHashTable. Only a limited set
	of APIs are implemented now (the ones which are used in the following
	patch) as more can be added on demand.

	cpu: Add support for MPX and AVX512 Intel features
	Corresponding QEMU commits:
	    MPX     79e9ebebbf2a00c46fcedb6dc7dd5e12bbd30216
	    AVX512  9aecd6f8aef653cea58932f06a2740299dbe5fd3

2015-07-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virt-aa-helper: add DomainGuest to mockup caps
	With commit 3f9868a virt-aa-helper stopped working due to missing
	DomainGuest in the caps.

	The test with -c without arch also needs to be
	removed since the new capabilities code uses the host arch when none is
	provided.

2015-07-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virt-aa-helper: rename ctl->hvm to ctl->os
	ctl->hvm contains os.type string value, change the name to reflect it.

	Get more libvirt errors from virt-aa-helper
	Initializing libvirt log in virt-aa-helper and getting it to output
	libvirt log to stderr. This will help debugging problems happening in
	libvirt functions called from within virt-aa-helper

	virt-aa-helper: fix rules for paths with trailing slash
	Rules generated for a path like '/' were having '//' which isn't
	correct for apparmor. Make virt-aa-helper smarter to avoid these.

2015-07-10  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Rework timerActive logic in daemon
	Daemon used false logic for determining whether there were any clients.
	When the timer was inactive, it was activated if at least one of the
	servers did not have clients.  So the bool was being flipped there and
	back all the time in case there was one client, for example.

	Initially introduced by fa1420736882.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1240283

2015-07-10  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Add virNetDaemonHasClients
	So callers don't have to iterate over each server.

2015-07-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Check duplicate WWNs also for hotplugged disks
	In commit 714b38cb232bcbbd7487af4c058fa6d0999b3326 I tried to avoid
	having two disks with the same WWN in a VM. I forgot to check the
	hotplug paths though which make it possible bypass that check. Reinforce
	the fix by checking the wwn when attaching the disk.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208009

2015-07-10  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Fix cloning of raw, sparse volumes
	When virsh vol-clone is attempted on a raw file where capacity > allocation,
	the resulting cloned volume has a size that matches the virtual-size of
	the parent; in place of matching its actual, disk size.
	This patch fixes the cloned disk to have same _allocated_size_ as
	the parent file from which it was cloned.

	Ref: http://www.redhat.com/archives/libvir-list/2015-May/msg00050.html

	Also fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1130739

2015-07-10  Ján Tomko  <jtomko@redhat.com>

	Rewrite allocation tracking when cloning volumes
	Instead of storing the remaining bytes, store the position of the first
	unallocated byte. This will allow changing the amount of bytes copied
	by virStorageBackendCopyToFD without changing the safezero call.

	No functional impact.

2015-07-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Drop LFs at the end of error from QEMU log
	Libvirt's error messages do not end with a LF. However, when reading the
	error from QEMU log, we would read the LF from the log and keep it in
	the message.

	qemu: Log all arguments of qemuProcessStart

	qemu: Wait for migration events on domain condition
	Since we already support the MIGRATION event, we just need to make sure
	the domain condition is signalled whenever a p2p connection drops or the
	domain is paused due to IO error and we can avoid waking up every 50 ms
	to check whether something happened.

	qemu: Update migration state according to MIGRATION event
	We don't need to call query-migrate every 50ms when we get the current
	migration state via MIGRATION event.

	qemuDomainGetJobStatsInternal: Support migration events
	When QEMU supports migration events the qemuDomainJobInfo structure will
	no longer be updated with migration statistics. We have to enter a job
	and explicitly ask QEMU every time virDomainGetJob{Info,Stats} is
	called.

	qemu: Enable migration events on QMP monitor
	Even if QEMU supports migration events it doesn't send them by default.
	We have to enable them by calling migrate-set-capabilities. Let's enable
	migration events everytime we can and clear QEMU_CAPS_MIGRATION_EVENT in
	case migrate-set-capabilities does not support events.

	qemu_monitor: Wire up MIGRATION event
	Thanks to Juan's work QEMU finally emits an event whenever migration
	state changes.

2015-07-09  Guido Günther  <agx@sigxcpu.org>

	qemu: don't use initialized ret in qemuRemoveSharedDevice
	This fixes

	  CC     qemu/libvirt_driver_qemu_impl_la-qemu_conf.lo
	  qemu/qemu_conf.c: In function 'qemuRemoveSharedDevice':
	  qemu/qemu_conf.c:1384:9: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized]

2015-07-09  Pavel Hrdina  <phrdina@redhat.com>

	qemu_hotplug: try harder to eject media
	Some guests lock the tray and QEMU eject command will simply fail to
	eject the media.  But the guest OS can handle this attempt to eject the
	media and can unlock the tray and open it. In this case, we should try
	again to actually eject the media.

	If the first attempt fails to detect a tray_open we will fail with
	error, from monitor.  If we receive that event, we know, that the guest
	properly reacted to the eject request, unlocked the tray and opened it.
	In this case, we need to run the command again to actually eject the
	media from the device.  The reason to call it again is, that QEMU
	doesn't wait for the guest to react and report an error, that the tray
	is locked.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1147471

2015-07-09  Pavel Hrdina  <phrdina@redhat.com>

	monitor: detect that eject fails because the tray is locked
	Modify the eject monitor functions to parse the return code and detect,
	whether the error contains "is locked" to report this type of failure to
	upper layers.

	virDomainObjSignal: drop this function
	There are multiple consumers for the domain condition and we should
	always wake them all.

	virCondWaitUntil: add another return value
	We should distinguish between success and timeout, to let the user
	handle those two events differently.

2015-07-09  Luyao Huang  <lhuang@redhat.com>

	qemu: report error for non-existing disk in blockjobinfo
	Before:

	 # virsh blockjob r7 vdc
	 error: An error occurred, but the cause is unknown

	After:

	 # virsh blockjob r7 vdc
	 error: Disk 'vdc' not found in the domain

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1241355

2015-07-09  John Ferlan  <jferlan@redhat.com>

	conf: Don't allow duplicated target names regardless of bus
	https://bugzilla.redhat.com/show_bug.cgi?id=1142631

	Commit id 'e0e290552' added a check to determine if the same bus
	had the same target value.  It seems that's not quite good enough
	as the check should check the target name value regardless of bus type.

	Also added a DO_TEST_DIFFERENT to exhibit the issue

2015-07-09  Erik Skultety  <eskultet@redhat.com>

	storage: Revert volume obj list updating after volume creation (4749d82a)
	This patch reverts commit 4749d82a which tried to tweak the logic in
	volume creation. We did realloc and update our object list before we executed
	volume building within a specific storage backend. If that failed, we
	had to update (again) our object list to the original state as it was before the
	build and delete the volume from the pool (even though it didn't exist - this
	truly depends on the backend).
	I misunderstood the base idea to be able to poll the status of the volume
	creation using vol-info. After commit 4749d82a this wasn't possible
	anymore, although no BZ has been reported yet.

	Commit 4749d82a also claimed to fix
	https://bugzilla.redhat.com/show_bug.cgi?id=1223177, but commit c8be606b of the
	same series as 4749d82ad (which was more of a refactor than a fix)
	fixes the same issue so the revert should be pretty straightforward.
	Further more, BZ https://bugzilla.redhat.com/show_bug.cgi?id=1241454 can be
	fixed with this revert.

2015-07-09  John Ferlan  <jferlan@redhat.com>

	qemu: Fix integer/boolean logic in qemuSetUnprivSGIO
	Setting of 'val' is a boolean expression, so handle it that way and
	adjust the check/return logic to be clearer

	qemu: Refactor qemuSetUnprivSGIO return values
	Set to ret = -1 and prove otherwise, like usual

	qemu: Inline qemuGetHostdevPath
	Since a future patch will need the device path generated when adding a
	shared host device, remove the qemuAddSharedHostdev and inline the two
	calls into qemuAddSharedHostdev and qemuRemoveSharedHostdev

	qemu: Refactor qemuCheckSharedDisk to create qemuCheckUnprivSGIO
	Split out the current function in order to share the code with hostdev
	in a future patch. Failure to match the expected sgio value against what
	is stored will cause an error which the caller would need to handle since
	only the caller has the disk (or eventually hostdev) specific data in
	order to uniquely identify the disk in an error message.

2015-07-08  Jim Fehlig  <jfehlig@suse.com>

	libxl: rework setting the state of virDomainObj
	Set the state of virDomainObj in the functions that
	actually change the domain state, instead of the generic
	libxlDomainCleanup function. This approach gives functions
	calling libxlDomainCleanup more flexibility wrt when and
	how they change virDomainObj state via virDomainObjSetState.

	The prior approach of calling virDomainObjSetState in
	libxlDomainCleanup resulted in the following incorrect
	coding pattern in the various functions that change
	domain state

	 libxlDomain<DoStateTransition>
	   call libxl function to do state transition
	   emit lifecycle event
	   libxlDomainCleanup
	     virDomainObjSetState

	Once simple manifestation of this bug is seeing a domain
	running in virt-manager after selecting the shutdown button,
	even after the domain has long shutdown.

2015-07-08  Jim Fehlig  <jfehlig@suse.com>

	libxl: support dom0
	In Xen, dom0 is really just another domain that supports ballooning,
	adding/removing devices, changing vcpu configuration, etc. This patch
	adds support to the libxl driver for managing dom0. Note that the
	legacy xend driver has long supported managing dom0.

	Operations that are not supported on dom0 are filtered in libvirt
	where a sensible error is reported. Errors from libxl are not
	always helpful. E.g., attempting a save on dom0 results in

	2015-06-23 15:25:05 MDT libxl: debug: libxl_dom.c:1570:libxl__toolstack_save: domain=0 toolstack data size=8
	2015-06-23 15:25:05 MDT libxl: debug: libxl.c:979:do_libxl_domain_suspend: ao 0x7f7e68000b70: inprogress: poller=0x7f7e68000930, flags=i
	2015-06-23 15:25:05 MDT libxl-save-helper: debug: starting save: Success
	2015-06-23 15:25:05 MDT xc: detail: xc_domain_save_suse: starting save of domid 0
	2015-06-23 15:25:05 MDT xc: error: Couldn't map live_shinfo (3 = No such process): Internal error
	2015-06-23 15:25:05 MDT xc: detail: Save exit of domid 0 with errno=3
	2015-06-23 15:25:05 MDT libxl-save-helper: debug: complete r=1: No such process
	2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:1876:libxl__xc_domain_save_done: saving domain: domain did not respond to suspend request: No such process
	2015-06-23 15:25:05 MDT libxl: error: libxl_dom.c:2033:remus_teardown_done: Remus: failed to teardown device for guest with domid 0, rc -8

2015-07-08  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuGetHostdevPath
	Introduce a convenience function to handle formulating the hostdev path

2015-07-08  John Ferlan  <jferlan@redhat.com>

	qemu: Introduce qemuIsSharedHostdev
	Add a single boolean function to handle whether the hostdev is shared or not.

	Use the new function for the qemu{Add|Remove}SharedHostdev calls as well
	as qemuSetUnprivSGIO. NB: This third usage fixes a possible bug where
	if this feature is enabled at some time in the future and the shareable flag
	wasn't set, the sgio would have been erroneously set.

2015-07-08  John Ferlan  <jferlan@redhat.com>

	docs: Clarify unprivileged sgio feature
	Update the descriptions for disk and hostdev sgio in order to indicate
	not all hypervisors and OS's support this feature

2015-07-08  Luyao Huang  <lhuang@redhat.com>

	qemu: report error when shmem has an invalid address
	If user passes an invalid address for shared memory device to qemu,
	neither libvirt nor qemu will report an error, but qemu will auto assign
	a pci address to the shared memory device.

	conf: use virDomainChrSourceDef to save server path
	As the backend of shmem server is a unix type chr device, save it in
	virDomainChrSourceDef, so we can reuse the existing code for chr device.

2015-07-08  Luyao Huang  <lhuang@redhat.com>

	qemu: Refactor creation of shared memory device commandline
	Rename qemuBuildShmemDevCmd to qemuBuildShmemDevStr and change the
	return type so that it can be reused in the device hotplug code later.

	And split the chardev creation part in a new function
	qemuBuildShmemBackendStr for reuse in the device hotplug code later.

2015-07-08  Luyao Huang  <lhuang@redhat.com>

	qemu: Assign IDs for shared memory devices

	qemu: Auto assign pci addresses for shared memory devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165029

2015-07-08  Maxim Nestratov  <mnestratov@virtuozzo.com>

	vz: use PRL_USE_VNET_NAME_FOR_BRIDGE_NAME
	It is better not to assume that newly created network should be
	connected to a bridge with same name, but specify it explicitly
	by PRL_USE_VNET_NAME_FOR_BRIDGE_NAME flag.

2015-07-08  Ján Tomko  <jtomko@redhat.com>

	Explicitly format the isa-fdc controller for newer q35 machines
	Since QEMU commit ea96bc6 [1]:
	i386: drop FDC in pc-q35-2.4+ if neither it nor floppy drives are wanted
	the floppy controller is no longer implicit.

	Specify it explicitly on the command line if the machine type version
	is 2.4 or later.

	Note that libvirt's floppy drives do not result in QEMU implying the
	controller, because libvirt uses if=none instead of if=floppy.

	https://bugzilla.redhat.com/show_bug.cgi?id=1227880

	[1] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ea96bc6

2015-07-08  Ján Tomko  <jtomko@redhat.com>

	Separate isa-fdc options generation
	For the implicit controller, we set them via -global.
	Separating them will allow reuse for explicit fdc controller as well.

	No functional impact apart from one extra allocation.

2015-07-08  Pavel Fedin  <p.fedin@samsung.com>

	Add support for portable-rpcgen from portablexdr library
	This allows to build libvirt under MinGW

	Remove explicit enum from protocol structures
	Explicit 'enum' keyword does not work with portablexdr-rpcgeb, causing its
	parser to fail. Fix method is borrowed from virnetprotocol.x

2015-07-08  Serge Hallyn  <serge.hallyn@ubuntu.com>

	virt-aa-helper: add unix channels for nserials as well
	Commit 03d7462d added it for channels, but it is also needed for serials.  Add
	it for serials, parallels, and consoles as well.

	This solves https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1015154

2015-07-08  Erik Skultety  <eskultet@redhat.com>

	storage: Fix regression in storagePoolUpdateAllState
	Commit 2a31c5f0 introduced support for storage pool state XMLs, however
	it also introduced a regression:

	if (!virstoragePoolObjIsActive(pool)) {
	    virStoragePoolObjUnlock(pool);
	    continue;
	}

	The idea behind this was that since we've got state XMLs and the pool
	wasn't marked as active by autostart routine (if the autostart flag had been
	set earlier), the pool is inactive and we can leave it be and continue with
	other pools. However, filesystem type pools like fs,dir, possibly netfs are
	supposed to be active if the filesystem is mounted on the host. And this is
	exactly where the regression occurs, e.g. pool type 'dir' which has been
	previously destroyed and marked as !autostart gets filtered out
	by the condition above.
	The resolution should be simply to remove the condition completely,
	all pools will get their 'active' flag updated by check callback and if
	they do not support such callback, the logic doesn't change and such
	pools will be inactive by default (e.g. RBD, even if a state XML exists).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238610

2015-07-08  Peter Krempa  <pkrempa@redhat.com>

	util: bitmap: Don't alloc overly large binary bitmaps
	Optimize the virBitmap to array-of-char bitmap conversion by skipping
	trailing zero bytes.

	This also fixes a regression when requesting iothread information from a
	live VM since after commit 825df8c3158cfaf5f398418471f10f4ff3c3515a the
	bitmap returned from virProcessGetAffinity is too big to be formatted
	properly via RPC. A user would get the following error:

	error: Unable to get domain IOThreads information
	error: Unable to encode message payload

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1238589

2015-07-08  Peter Krempa  <pkrempa@redhat.com>

	vz: Use virBitmapToDataBuf instead of virBitmapToData in vzDomainGetVcpus

	vz: Remove dead code from vzDomainGetVcpus
	'maxcpu' and 'vcpus' are set but not used after that

2015-07-08  Luyao Huang  <lhuang@redhat.com>

	qemu: move the guest status check before agent config and status check
	When use setvcpus command with --guest option to a offline vm,
	we will get error:

	 # virsh setvcpus test3 1 --guest
	 error: Guest agent is not responding: QEMU guest agent is not connected

	However guest is not running, agent status could not be connected.
	In this case, report domain is not running will be better than agent is
	not connected. Move the guest status check more early to output error to
	point out guest status is not right.

	Also from the logic, a running vm is a basic requirement to use
	agent, we cannot use agent if vm is not running.

2015-07-08  Luyao Huang  <lhuang@redhat.com>

	qemu: remove deadcode in qemuDomain{HelperGetVcpus|GetIOThreadsLive}
	We set @hostcpus variable but not use it.

2015-07-07  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: assign static IPs and default gateways for network adapter
	We support only one IPv4 and one IPv6 default gateway.
	If static IPs are not present in instance config,
	then we switch on DHCP for this adapter.
	PrlVmDevNet_SetAutoApply to makes necessary settings within guest OS
	In linux case it creates network startup scripts
	/etc/sysconfig/network-scripts/ifcfg-ethN and fills it with necessary
	parameters.

2015-07-06  Dmitry Guryanov  <dguryanov@parallels.com>

	vz: fix building capabilities
	There should be at least one domain for each guest
	in cababilities. And in current code we don't add
	domain for this guest for example.

	    if ((guest = virCapabilitiesAddGuest(caps, VIR_DOMAIN_OSTYPE_HVM,
	                                         VIR_ARCH_X86_64,
	                                         "vz",
	                                         NULL, 0, NULL)) == NULL)

	Anyway, with two virt types it looks a litte messy, so let's
	move adding guest and domain to a separate function.

2015-07-03  Pavel Hrdina  <phrdina@redhat.com>

	qemu_driver: live/config checks cleanup

2015-07-03  Daniel Veillard  <veillard@redhat.com>

	better patch for the XSS search issue
	Since the query string could be output when displaying the results too

	Avoid XSS vulnerability on the search engine
	Raised by https://www.xssposed.org/incidents/69566/
	Need to escape the user provided query before displaying it back

2015-07-02  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: fix SDK event dispatching
	Current version of SDK event dispatcing is incorrect. For most VM events (add,
	delete etc) issuer type is PIE_DISPATCHER. Actually analyzing issuer type
	doesn't have any benifints so this patch get rid of it. All dispatching is done
	only on event type.

2015-07-02  John Ferlan  <jferlan@redhat.com>

	util: Avoid Coverity FORWARD_NULL
	Avoid a false positive since Coverity find a path in virResizeN which
	could return 0 prior to the allocation of memory and thus flags a
	possible NULL dereference. Instead allocate the output buffer based
	on 'nparams' and only fill it partially if need be - shouldn't be too
	much a waste of space. Quicker than multiple VIR_RESIZE_N calls or
	two loops of STREQ's sandwiched around a single VIR_ALLOC_N using
	'n' matches from a first loop to generate the 'n' addresses to return

2015-07-02  Luyao Huang  <lhuang@redhat.com>

	virsh: report error if vcpu number exceed the guest maxvcpu number
	Commit id '81dd81e' caused a regression when attempting to print a
	specific vcpuid that is out of the range of the maximum vcpus for
	the guest, such as:

	 $ virsh vcpupin $dom 1000
	 VCPU: CPU Affinity
	 ----------------------------------

	 $

	Rather than just recover the old message, let's adjust the message based
	on what would be displayed for a similar failure in the set path, such as:

	 $ virsh vcpupin $dom 1000
	 error: vcpu 1000 is out of range of persistent cpu count 2

	 $ virsh vcpupin $dom 1000 --live
	 error: vcpu 1000 is out of range of live cpu count 2

	 $

2015-07-02  Michal Dubiel  <md@semihalf.com>

	virt-aa-helper: Fix permissions for vhost-user socket files
	QEMU working in vhost-user mode communicates with the other end (i.e.
	some virtual router application) via unix domain sockets. This requires
	that permissions for the socket files are correctly written into
	/etc/apparmor.d/libvirt/libvirt-UUID.files.

2015-07-02  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump to 1.2.18

2015-07-02  Jiri Denemark  <jdenemar@redhat.com>

	cpu_map.xml: Expand Opteron_G4 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Opteron_G2 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Opteron_G1 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Broadwell-noTSX CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Haswell-noTSX CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand SandyBridge CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Westmere CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Nehalem CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Penryn CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand Conroe CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand kvm64 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand cpu64-rhel5 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand kvm32 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand qemu32 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand n270 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand coreduo CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand pentiumpro CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand pentium2 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand pentium CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Expand 486 CPU model
	Inheritance among CPU model is cool but it makes reviewing CPU model
	definitions and comparing them to CPU models from QEMU rather hard and
	unpleasant. Let's define all CPU models from scratch.

	cpu_map.xml: Sort features in x86 CPU models
	Sorted feature list is easier to review or compare.

2015-07-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.17
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*po*: regenerated

2015-07-01  John Ferlan  <jferlan@redhat.com>

	phyp: Resolve Coverity FORWARD_NULL
	Commit id 'cd490086' added a VIR_FORCE_CLOSE of the 'sock', but it
	was after the VIR_FREE() of phyp_driver, resulting in a possible/likely
	NULL dereference.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIDriverDir to return the buffer allocated (or not) and make the
	appropriate check in the caller.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIDriverFile to return the buffer allocated (or not) and make the
	appropriate check in the caller.

	util: Resolve Coverity FORWARD_NULL
	Convert virPCIFile to return the buffer allocated (or not) and make the
	appropriate check in the caller.

2015-07-01  Michal Privoznik  <mprivozn@redhat.com>

	lxc: Don't pass a local variable address randomly
	So, recently I was testing the LXC driver. You know, startup some
	domains. But to my surprise, I was not able to start a single one:

	  virsh # start --console test
	  error: Reconnected to the hypervisor
	  error: Failed to start domain test
	  error: internal error: guest failed to start: unexpected exit status 125

	So I've start digging. It turns out, that in virExec(), when I printed
	out the @cmd, I got strange values: *(cmd->outfdptr) was certainly not
	valid FD number: it has random value of several millions. This
	obviously made prepareStdFd(childout, STDOUT_FILENO) fail (line 611).
	But outfdptr is set in virCommandSetOutputFD(). The only place within
	LXC driver where the function is called is in
	virLXCProcessBuildControllerCmd(). If you take a closer look at the
	function it looks like this:

	static virCommandPtr
	virLXCProcessBuildControllerCmd(virLXCDriverPtr driver,
	                                ..
	                                int logfd,
	                                const char *pidfile)
	{
	    ...
	    virCommandSetOutputFD(cmd, &logfd);
	    virCommandSetErrorFD(cmd, &logfd);
	    ...
	}

	Yes, you guessed it. @logfd is passed into the function by value.
	However, in the function we try to get its address (an address of a
	local variable) which is no longer valid once function is finished and
	stack is cleaned. Therefore when cmd->outfdptr is evaluated at any
	point after this function, we may get a random number, depending on
	what's currently on the stack. Of course, this may work sometimes too
	- it depends on the compiler how it arranges the code, when the stack
	is wiped out.

	In order to fix this, lets pass a pointer to @logfd instead of
	figuring out (wrong) its value in a function.

	The bug was introduced in e1de5521.

2015-07-01  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity DEADCODE
	Commit id 'f967e7a6' didn't place the closing parentheses quite right
	causing DEADCODE errors since the rc setting/comparison was wrong.

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	conf: qemu: Taint VMs using custom device tree blob
	Using a custom device tree image may cause unexpected behavior in
	architectures that use this approach to detect platform devices. Since
	usually the device tree is generated by qemu and thus it's not normally
	used let's taint VMs using it to make it obvious as a possible source of
	problems.

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: Audit memory size with memory hotplug operations
	The memory device hot(un)plug was missing calls to the auditing code.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1226234

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	conf: audit: Audit physical memory size rather than balloon request
	Since the balloon driver does not guarantee that it returns memory to
	the host, using the value in the audit message is not a good idea.

	This patch removes auditing from updating the balloon size and reports
	the total physical size at startup.

2015-07-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid using ".(null)" in UNIX socket path
	The code which generates paths for UNIX socket blindly used target name
	without checking if it was set. Thus for the following device XML

	    <channel type='unix'>
	      <source mode='bind'/>
	      <target type='virtio'/>
	    </channel>

	we would generate "/var/lib/libvirt/qemu/channel/target/NAME.(null)"
	path which works but is not really correct. Let's not use the
	".target_name" suffix at all if target name is not set.

	https://bugzilla.redhat.com/show_bug.cgi?id=1226854

2015-07-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: agent: Don't automatically disable CPU0 via guest agent
	While CPU0 was made unpluggable in Linux a while ago it's not desirable
	to unplug it since some parts of the kernel (suspend-to-ram) still
	depend on it.

	This patch fixes the vCPU selection code in libvirt so that it will not
	be disabled.

2015-07-01  Luyao Huang  <lhuang@redhat.com>

	qemu: End job even if exiting monitor after OpenGraphics(FD) fails

2015-07-01  Ján Tomko  <jtomko@redhat.com>

	qemu: properly free addresses on non-serial chardev unplug
	The target type comparison in qemuDomainDetachChrDevice
	used the VIR_DOMAIN_CHR_SERIAL_TARGET_TYPE enum, so virtio-serial
	addresses were not freed properly for channel devices.

	Call qemuDomainReleaseDeviceAddress uncoditionally and decide
	based on the address type instead of the target/device types.

2015-07-01  Luyao Huang  <lhuang@redhat.com>

	qemu: fix address allocation on chardev attach
	Also check the device type when deciding what type the address should
	be. Commit 9807c47 (aiming to fix another error in address allocation)
	only checked the target type, but its value is different for different
	device types. This resulted in an error when trying to attach
	a channel with target type 'virtio':

	error: Failed to attach device from channel-file.xml
	error: internal error: virtio serial device has invalid address type

	Make the logic for releasing the address dependent only on
	* the address type
	* whether it was allocated earlier
	to avoid copying the device and target type checks.

	https://bugzilla.redhat.com/show_bug.cgi?id=1230039

2015-06-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: Set def->vcpus after successfully modifying live vcpu count
	def->vcpus was never updated after successfully changing the live
	vcpu count of a domain. Subsequent queries for vcpu info would
	return incorrect results.  E.g.:

	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           4

	virsh setvcpus test 2

	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           4

	After patch, live current config is reported correctly:

	virsh vcpucount test
	maximum      config         4
	maximum      live           4
	current      config         4
	current      live           2

	While fixing this, noticed that the live config was not saved
	to cfg->stateDir via virDomainSaveStatus. Save the live config
	and change error handling of virDomainSave{Config,Status} to
	log a message via VIR_WARN, instead of failing the entire
	DomainSetVcpusFlags operation.

2015-06-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: honor domainGetXMLDesc() --inactive flag
	The libxl driver always uses virDomainObj->def when formatting
	the domain XML description.  Use virDomainObj->newDef when
	--inactive flag is set.

	libxl: don't remove persistent domain on start failure
	libxlDomainCreateXML() would remove a persistent domain if
	libxlDomainStart() failed.  Check if domain is persistent
	before removing.

	libxl: don't overwrite domain state from statedir config
	When restarting libvirtd and reconnecting to running domains,
	libxlReconnectDomain() would unconditionally set the domain state
	to VIR_DOMAIN_RUNNING, overwriting the state maintained in
	$statedir/<domname>.xml.  A domain in a paused state would have
	the state changed to running, even though it was actually in a
	paused state.

2015-06-30  John Ferlan  <jferlan@redhat.com>

	qemu: Add missing on_crash lifecycle type
	https://bugzilla.redhat.com/show_bug.cgi?id=1201760

	When the domain "<on_crash>coredump-destroy</on_crash>" is set, the
	domain wasn't being destroyed, rather it was being rebooted.

	Add VIR_DOMAIN_LIFECYCLE_CRASH_COREDUMP_DESTROY to the list of
	on_crash types that cause "-no-reboot" to be added to the qemu
	command line.

2015-06-30  John Ferlan  <jferlan@redhat.com>

	Use the correct symbol for 'onCrash'
	Although defined the same way, fortunately there hadn't been any deviation.
	Ensure any assignments to onCrash use VIR_DOMAIN_LIFECYCLE_CRASH_* defs and
	not VIR_DOMAIN_LIFECYCLE_* defs

2015-06-30  John Ferlan  <jferlan@redhat.com>

	mpath: Don't allow more than one mpath pool at a time
	https://bugzilla.redhat.com/show_bug.cgi?id=1232606

	Since an mpath pool contains all the Multipath devices on a host, allowing
	more than one defined on a host at a time should be disallowed under the
	policy of disallowing duplicate source pools for the host.

	Adjust to docs to clarify the Multipath target path value usage for both
	the storage driver (only 1 pool per host) and formatstorage references
	(ignore the target element in favor of the default target mapping of
	/dev/mapper).

2015-06-30  John Ferlan  <jferlan@redhat.com>

	mpath: Update path in CheckPool function
	https://bugzilla.redhat.com/show_bug.cgi?id=1230664

	Per the devmapper docs, use "/dev/mapper" or "/dev/dm-n" in order to
	determine if a device is under control of DM Multipath.

	So add "/dev/mapper" to the virFileExists, leaving the "/dev/mpath"
	as a "legacy" option since it appears for a while it was the preferred
	mechanism, but is no longer maintained

2015-06-30  John Ferlan  <jferlan@redhat.com>

	conf: Validate disk lun using correct types
	https://bugzilla.redhat.com/show_bug.cgi?id=1201143

	The formatdomain.html description for <disk> device 'lun' indicates that
	it must be either a type 'block' or type 'network' with protocol 'iscsi';
	however, we did not make that check until domain startup.

	This caused issues for virt-manager which had an unexpected failure at
	run time rather config time.

	This patch adds a check in post part disk device checking for the specific
	and supported lun types as well as adjusting the test failure to be for
	parse config rather than run time.

2015-06-30  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Storage: Introduce shadow vol for refresh while the main vol builds.
	Libvirt periodically refreshes all volumes in a storage pool, including
	the volumes being cloned.
	While cloning a storage volume from parent, we drop pool locks. Subsequent
	volume refresh sometimes changes allocation for an ongoing copy, and leads
	to corrupt images.
	Fix: Introduce a shadow volume that isolates the volume object under refresh
	from the base which has a copy ongoing.

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	conf: storage: Fix duplicate check for gluster pools
	The pool name has to be the same too to warrant rejecting a pool
	definition as duplicate. This regression was introduced in commit
	2184ade3a0546b915252cb3b6a5dc88e9a8d2ccf.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236438

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: event: Clean up VNC monitor handling
	Get rid of spice specific stuff from the handler func and save a few
	lines by reflowing the conditions.

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: event: Properly handle spice events
	Spice events have mostly similar information present in the event JSON
	but they differ in the name of the element containing the port.

	The JSON event also provides connection ID which might be useful in the
	future.

	This patch splits up the event parser code into two functions and the
	SPICE reimplements the event parsing with correct names and drops the
	VNC only stuff.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236585

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	Revert "Introduce QEMU_CAPS_ARM_VIRT_PCI"
	The capability was not used up to the feature freeze.

	This reverts commit 7f3515b4bb677d0ead1887547efc844e4761268a.

2015-06-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Close the agent connection only on agent channel events
	processSerialChangedEvent processes events for all channels. Commit
	2af51483 broke all agent interaction if a channel other than the agent
	closes since it did not check that the event actually originated from
	the guest agent channel.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1236924
	Fixes up: https://bugzilla.redhat.com/show_bug.cgi?id=890648

2015-06-30  John Ferlan  <jferlan@redhat.com>

	storage: Set correct vol->type at VolCreate
	https://bugzilla.redhat.com/show_bug.cgi?id=1227664

	If the requested format type for the new entry in the file system pool
	is a 'dir', then be sure to set the vol->type correctly as would be done
	when the pool is refreshed.

2015-06-30  Andrea Bolognani  <abologna@redhat.com>

	Fix typo incomaptible -> incompatible

2015-06-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix assignment of the default spicevmc channel name
	Make sure we only assign the default spicevmc channel name to spicevmc
	virtio channels. Caused by commits 3269ee65 and 1133ee2b, which moved
	the assignment from XML parsing code to QEMU but failed to keep the
	logic.

	https://bugzilla.redhat.com/show_bug.cgi?id=1179680

2015-06-29  Jiri Denemark  <jdenemar@redhat.com>

	qemuxml2argv: Remove Haswell CPU from unrelated tests
	Proper Haswell CPU model handling is tested in several
	qemuxml2argv-cpu-* which are run in a special environment. Let's remove
	the CPU model from other tests to make them less fragile.

2015-06-28  Martin Kletzander  <mkletzan@redhat.com>

	Revert "Change livbirt version to 1.3.0 for the next release"
	This reverts commit 9a8d916e89173890d7f7ce538b1ab781192b8440.

	Also some changes that were introduced after that commit are fixed to
	use 1.2.17 instead of 1.3.0

2015-06-28  Martin Kletzander  <mkletzan@redhat.com>

	Temporarily disable admin API
	Don't listen on the admin socket in the daemon and comment out the
	admin devel files out of specfile.

	Library is still being compiled and installed in order to link easily
	without any disturbing modifications to the daemon code.

2015-06-28  Martin Kletzander  <mkletzan@redhat.com>

	spec: Remove admin package specification
	Its only file must be included in the daemon package anyway, since the
	daemon is linked with the admin library and so then it's just an empty
	package until we have virt-admin binary which we can decide later on
	whether to just move it to clients or create a new package for it.

2015-06-27  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity RESOURCE_LEAK
	Commit id '15fa84acb' added the alias fetch, but forgot to free it.

2015-06-26  John Ferlan  <jferlan@redhat.com>

	docs: Clarification for when allowed to use 'lun' for "volume"
	While re-reading what I wrote for commit id '785a8940e', I realized
	I needed to clarify that being able to present as a 'lun', the mode
	property for the pool source element needed to be "host" (or empty)
	and not "direct".

	It was described correctly later in the mode host description, but
	this just ensures it's not missed here as well.

2015-06-26  Laine Stump  <laine@laine.org>

	docs: document when pcie-root/dmi-to-pci-bridge support was added
	Also move the mention of version numbers for the various PCI
	controller models up to the end of the sentence where they are first
	given, to avoid confusion.

2015-06-26  Laine Stump  <laine@laine.org>

	qemu: ignore assumptions about hotplug requirement when address is from config
	Certain PCI buses don't support hotplug, and when automatically
	assigning PCI addresses for devices, libvirt is very conservative in
	its assumptions about whether or not a device will need to be
	hotplugged/unplugged in the future. But if the user manually assigns
	an address, they likely are aware of any hotplug requirements of the
	device (or at least they should be).

	In short, after this patch, automatically PCI address assignment will
	assume that the device must be plugged in to a hot-pluggable slot, but
	manually assignment can place the device in any bus that is
	compatible, regardless of whether or not it supports hotplug. If the
	user makes a mistake and plugs the device into a bus that doesn't
	support hotplug, then later tries to do a hot-unplug, qemu will give
	an appropriate error.

	(in the future we may want to add a "hotpluggable" attribute to all
	devices, with default being "yes" for autoassign, and "no" for manual
	assign).

2015-06-26  Laine Stump  <laine@laine.org>

	qemu: always permit PCI devices to be manually assigned to a PCIe bus
	When support for the pcie-root and dmi-to-pci-bridge buses on a Q35
	machinetype was added, I was concerned that even though qemu at the
	time allowed plugging a PCI device into a PCIe port, that it might not
	be supported in the future. To prevent painful backtracking in the
	possible future where this happened, I disallowed such connections
	except in a few specific cases requested by qemu developers (indicated
	in the code with the flag VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG).

	Now that a couple years have passed, there is a clear message from
	qemu that there is no danger in allowing PCI devices to be plugged
	into PCIe ports. This patch eliminates
	VIR_PCI_CONNECT_TYPE_EITHER_IF_CONFIG and changes the code to always
	allow PCI->PCIe or PCIe->PCI connection *when the PCI address is
	specified in the config. (For newly added devices that haven't yet
	been given a PCI address, the auto-placement still prefers using the
	correct type of bus).

2015-06-26  Laine Stump  <laine@laine.org>

	qemu: refactor qemuBuildControllerDevStr to eliminate future duplicate code
	The PCI case of the switch statement in this function contains another
	switch statement with a case for each model. Currently every model
	except pci-root and pcie-root has a check for index > 0 (since only
	those two can have index==0), and the function should never be called
	for those two anyway. If we move the check for !pci[e]-root to the top
	of the pci case, then we can move the check for index > 0 out of the
	individual model cases. This will save repeating that check for the
	three new controller models about to be added.

2015-06-26  Peter Krempa  <pkrempa@redhat.com>

	test: qemu: Make sure that wr_highest_offset_valid gets set properly
	Remove one instance of the field being present so that the code that
	sets that flag can be tested.

	qemu: monitor: Remove qemuMonitorGetBlockExtent
	Now that qemuMonitorGetAllBlockStatsInfo collects also wr_highest_offset
	the whole function can be killed.

	qemu: Refactor qemuDomainGetBlockInfo
	Change the code so that it queries the monitor when the VM is alive.

2015-06-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Open-code retrieval of wr_highest_offset
	Instead of using qemuMonitorJSONDevGetBlockExtent (which I plan to
	remove later) extract the data in place.

	Additionally add a flag that will be set when the wr_highest_offset was
	extracted correctly so that callers can act according to that.

	The test case addition should help make sure that everything works.

2015-06-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix indentation in qemuMonitorJSONGetOneBlockStatsInfo

	internal: Introduce virCheckNonEmptyStringArgGoto and reuse it
	The helper makes sure that strings passed to APIs are non-NULL and
	non-empty. This allows to drop some inlined checks where it does not
	make sense.

2015-06-26  Peter Krempa  <pkrempa@redhat.com>

	vz: Fix build after recent commit
	Function prlsdkGetStatsParam was missing a prototype or the static
	keyword. I went with static since it built successfully.

	Pushed as a build breaker fix.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	vz: add memory statistics
	Implemented counters:
	 VIR_DOMAIN_MEMORY_STAT_SWAP_IN
	 VIR_DOMAIN_MEMORY_STAT_SWAP_OUT
	 VIR_DOMAIN_MEMORY_STAT_MINOR_FAULT
	 VIR_DOMAIN_MEMORY_STAT_MAJOR_FAULT
	 VIR_DOMAIN_MEMORY_STAT_AVAILABLE
	 VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON
	 VIR_DOMAIN_MEMORY_STAT_UNUSED

	Comments.

	1. Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain
	object as we use prlsdkGetStatsParam. See previous statistics
	comments.

	2. Balloon statistics is not applicable to containers. Fault
	statistics for containers not provided in PCS6 yet.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	vz: add vcpu statistics
	Comments.

	Replace vzDomObjFromDomain/virObjectUnlock pair
	to vzDomObjFromDomainRef/virDomainObjEndAPI as we
	use prlsdkGetStatsParam. See previous statistics
	comments.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@virtuozzo.com>

	vz: cleanup, make in par net device lookup functions
	Make net device lookup by mac return sdk handle
	instead of quite ephemeral enumeration index. After
	this change there is no need anymore in special
	function of removing device by enumeration index.

2015-06-26  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	vz: add net dev statistiscs
	Populate counters SDK currenly supports:
	 rx_bytes
	 rx_packets
	 tx_bytes
	 tx_packets

	Comments.

	Use vzDomObjFromDomainRef/virDomainObjEndAPI pair to get domain
	object as we use prlsdkGetStatsParam that can release domain
	object lock and thus we need a reference in case domain
	is deleated meanwhile.

2015-06-26  Michal Privoznik  <mprivozn@redhat.com>

	docs: Don't keep temporary files around
	In my previous fix (1310b1358) I've tried to solve an ordering
	issue.  Well, while it worked it has a side effect of keeping a
	temporary file around. My patch was buggy in that sense. Solve
	this by properly marking the dependency without any side effect.

	vz_utils: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_storage: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_sdk: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_network: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

	vz_driver: Reformat
	Honour our formatting style. Adjust indentation so it matches the
	rest of our code.

2015-06-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Honour passed @pagesize
	So far the argument has not much meaning and was practically ignored.
	This is not good since when doing memory hotplug, the size of desired
	hugepage backing is passed in that argument. Taking closer look at the
	tests I'm fixing reveals the bug. For instance, while the following is
	in the test:

	    <memory model='dimm'>
	      <source>
	        <nodemask>1-3</nodemask>
	        <pagesize unit='KiB'>4096</pagesize>
	      </source>
	      <target>
	        <size unit='KiB'>524287</size>
	        <node>0</node>
	      </target>
	      <address type='dimm' slot='0' base='0x100000000'/>
	    </memory>

	the generated commandline corresponding to this XML was:

	    -object memory-backend-ram,id=memdimm0,size=536870912,\
	    host-nodes=1-3,policy=bind

	Have you noticed? Yes, memory-backend-ram! Nothing can be further away
	from the right answer. The hugepage backing is requested in the XML
	and we happily ignore it. This is just not right. It's
	memory-backend-file which should have been used:

	    -object memory-backend-file,id=memdimm0,prealloc=yes,\
	    mem-path=/dev/hugepages4M/libvirt/qemu,size=536870912,\
	    host-nodes=1-3,policy=bind

	The problem is, that @pagesize passed to qemuBuildMemoryBackendStr
	(where this part of commandline is built) was ignored. The hugepage to
	back memory was searched only and only by NUMA nodes pinning. This
	works only for regular guest NUMA nodes.

	Then, I'm changing the hugepages size in the test XMLs too. This is
	simply because in the test suite we create dummy mount points just for
	2M and 1G hugepages. And in the test 4M was requested. I'm sticking to
	2M, but 1G should just work too.

2015-06-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Fix hugepages lookup process
	https://bugzilla.redhat.com/show_bug.cgi?id=1196644

	This function constructs the backend (host facing) part of the
	memory device.  At the beginning, the configured hugepages are
	searched to find the best match for given guest NUMA node.
	Configured hugepages can have a @nodeset attribute to specify on
	which guest NUMA nodes should be the hugepages backing used.
	There is, however, one 'corner case'. Users may just tell 'use
	hugepages to back all the nodes'. In other words:

	  <memoryBacking>
	    <hugepages/>
	  </memoryBacking>

	  <cpu>
	    <numa>
	      <cell id='0' cpus='0-1' memory='1024000' unit='KiB'/>
	    </numa>
	  </cpu>

	Our code fails in this case. Well, since there's no @nodeset (nor
	any <page/> child element to <hugepages/>) we fail to lookup the
	default hugepage size to use.

2015-06-25  Luyao Huang  <lhuang@redhat.com>

	conf: Format scheduler priority when it is zero
	https://bugzilla.redhat.com/show_bug.cgi?id=1235116

	According to our XML definition, zero is as valid as any other value.
	Mainly because it should be kernel-agnostic.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Refactor testNodeGetCPUMap
	Drop locking of the driver since it is not accessed and simplify the
	code flow.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Refactor vcpu pinning and vcpu info retrieval
	Drop internal data structures and use the proper fields in virDomainDef.

	This allows to greatly simplify the code and allows to remove the
	private data structure that was holding just redundant data.

	This patch also fixes the bogous output where we'd report that a fresh
	VM without vCPU pinning would not run on all vcpus.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Refactor testDomainSetVcpusFlags
	Remove the bogus flag check and refactor the code by using
	virDomainObjGetDefs instead of virDomainObjGetPersistentDef.

	test: Refactor test driver domain object retrieval
	Reuse testDomObjFromDomain to retrieve domain objects in the rest of
	the test driver instead of open-coding it in every API.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Drop locked access to testDriver->domains
	Only self-locking APIs are used and the pointer is immutable so there's
	no need to lock the driver to access the domain list.

	This patch removes locking partially for everything that will not be
	converted to testDomObjFromDomain in the next patch.

2015-06-25  Peter Krempa  <pkrempa@redhat.com>

	test: Finalize removal of locking from driver->eventState
	Don't lock the driver when registering event callbacks.

	test: Refactor test driver event sending
	Make testObjectEventQueue tolerant to NULL @event and move it so that it
	does not require a prototype. Additionally we are now able to remove
	locking when accessing driver->eventState, since it's using self-locking
	APIs and the pointer is immutable.

	test: Use atomic access to @nextDomID in struct virTestDriver

	test: Annotate few fields of testDriver structure
	Some of the fields are either immutable or self locking, so make a note
	of that for future reference.

	test: Drop unused attribute @path from testDriver struct
	It's filled and then freed, but not used anywhere else.

	test: Extract common parts of test driver data allocation

	test: Extract code to free testDriver into testDriverFree
	Avoid reimplementing it 3 times.

	test: turn 'defaultConn' into a pointer

	test: Drop useless forward declaration

	test: Rename testConn to testDriver

2015-06-25  Luyao Huang  <lhuang@redhat.com>

	qemu: Avoid removing persistent config if migration fails
	When migration fails in qemuMigrationPrepareAny, we unconditionally call
	qemuDomainRemoveInactive, which should only be called for transient
	domains. The check for !vm->persistent was accidentally removed by
	commit 540c339.

2015-06-25  Michal Privoznik  <mprivozn@redhat.com>

	vz: Adapt to driver rename
	In the e6d180f07fb06 commit the parallels driver was renamed to vz.
	However, there was a commit merged later, which was sent to the list
	before the rename. The other commit is 6de12b026b73. Fix all the
	missing renames.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: enhance parser test
	We already enable the parser option to detect invalid UTF-8, but
	didn't test it.  Also, JSON states that behavior of an object
	with a duplicated key is undefined; we chose to reject it, but
	were not testing it.

	With the enhanced tests in place, we can simplify yajl2
	initialization by relying on parser defaults being sane.

	* src/util/virjson.c (virJSONValueFromString): Simplify.
	* tests/jsontest.c (mymain): Test more bad usage.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: even stricter trailing garbage detection
	Since older yajl ignores trailing garbage, a client can cause
	problems by intentionally ending the wrapper array early. Since
	we already track nesting, it's not too much harder to reject
	invalid nesting pops.

	* src/util/virjson. (_virJSONParser): Add field.
	(virJSONValueFromString): Set witness.
	(virJSONParserHandleEndArray): Use it to catch abuse.
	* tests/jsontest.c (mymain): Test it.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: reject trailing garbage
	Yajl 2 has a nice feature that it can be configured whether to
	allow multiple JSON objects parsed from a single stream, defaulting
	to off.  And yajl 1.0.12 at least provided a way to tell if all
	input bytes were parsed, or if trailing bytes remained after a
	valid JSON object was parsed.  But we target RHEL 6 yajl 1.0.7,
	which has neither of these.  So fake it by always parsing '[...]'
	instead, so that trailing garbage either trips up the array parse,
	or is easily detected when unwrapping the result.

	* src/util/virjson.c (virJSONValueFromString): With older json,
	wrap text to avoid trailing garbage.
	* tests/jsontest.c (mymain): Add tests for this.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: reject javascript comments
	We have been allowing javascript style comments in JSON ever
	since commit 9428f2c (v0.7.5), but qemu doesn't send them, and
	they are not strict JSON.  Reject them for now; if we can later
	prove that it is worthwhile, we can reinstate it at that point
	(or even make it conditional, by adding a bool parameter to
	the libvirt entry point).

	* src/util/virjson.c (virJSONValueFromString): Don't enable
	comment parsing.
	* tests/jsontest.c (mymain): Test it.

2015-06-25  Eric Blake  <eblake@redhat.com>

	json: cope with older yajl semantics
	Commit ceb496e5 fails on RHEL 6, with yajl 1.0.7, because that
	version of yajl returns yajl_status_insufficient_data when the
	parser is waiting for the rest of a token (this enum value was
	dropped in yajl 2, so we have to wrap it).  It also exposes a
	problem where older yajl silently ignores trailing garbage after
	a successful parse, so this patch works around that by changing
	the testsuite.  Another more invasive patch can add tighter
	semantics to json parsing, but this is sufficient for a minimal
	clean backport.

	While touching this, fix up our error message cleanup. Yajl
	documents that error messages produced by yajl_get_error()
	MUST be cleaned with yajl_free_error(); this is certainly
	true if we were to pass non-NULL allocator callbacks during
	yajl_alloc(), but probably harmless in our usage of passing
	NULL.  But better safe than sorry.

	* src/util/virjson.c (virJSONValueFromString): Allow different
	error code.  Use canonical cleanup of error message.
	(VIR_YAJL_STATUS_OK): New helper macro.
	* tests/jsontest.c (mymain): Wrap text to avoid difference in
	trailing garbage handling

2015-06-24  Dmitry Guryanov  <dguryanov@parallels.com>

	vz: fix syntax-check errors
	Remove braces around single-statement blocks in vz_sdk.c

2015-06-24  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	vz: implementation of attach/detach network devices
	In this patch we add VIR_DOMAIN_DEVICE_NET handlers implementation
	for domainAttachDevice and domainDetachDevice callbacks.

	As soon as we don't support this operation for hypervisor type domains,
	we implement this functionality for containers only.

	In detach procedure we find network device by MAC address.
	Because PrlVmDevNet_GetMacAddress() returns MAC as a UTF-8 encoded
	null-terminated string, we use memcmp() to compare it.
	Also we remove corresponding virtual network by prlsdkDelNetAdapter call.

2015-06-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Test for the new watchdog model diag288
	Adding a test for the new watchdog model diag288.

2015-06-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Support for the new watchdog model diag288
	This patch provides support for the new watchdog model "diag288".

	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>

2015-06-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Test for the new watchdog action inject-nmi
	Adding a test for the new watchdog action "inject-nmi".

2015-06-24  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Support for a new watchdog action inject-nmi
	This patch provides support for a new watchdog action "inject-nmi" which
	allows to define an inject of a non-maskable interrupt into a guest.

	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Tony Krowiak <akrowiak@linux.vnet.ibm.com>

2015-06-24  John Ferlan  <jferlan@redhat.com>

	scsi: Force error for SCSI pools on virStorageBackendSCSIFindLUs failure
	Related to :

	https://bugzilla.redhat.com/show_bug.cgi?id=1171933

	Rather than ignore the return status from virStorageBackendSCSIFindLUs,
	cause a failure to start the pool if a -1 is returned. Issue was noted
	during testing of the bz for iscsi that 'scsi' and 'fc' pools don't fail.

2015-06-24  Michal Privoznik  <mprivozn@redhat.com>

	vircapstest: Properly report error for failed tests
	There are two macros used in the test: CAPSCOMP and CAPS_EXPECT_ERR.
	Both run a test case and if a failure occurred, they set the @ret
	variable to a value of -1 to indicate an error. Well, that's what they
	should do. Due to a typo, they set the variable to a positive one
	effectively masking any failed test.

	Then, we have couple of tests failing. Fix them too.

2015-06-24  John Ferlan  <jferlan@redhat.com>

	conf: Adjust invalid secrettype setting during parse
	Commit id '1feaccf0' attempted to handle an empty secrettype value; however,
	it made a mistake by processing the secretType as if it was the original
	secrettype string.  The 'secretType' is actually whether 'usage' or 'uuid'
	was used.

	Thus adjust part of the change to make the same check for def->src->type !=
	VIR_STORAGE_TYPE_VOLUME before setting auth_secret_usage from the
	secrettype field.

	Luckily the aforementioned commits misdeed would be overwritten by the
	call to virStorageTranslateDiskSourcePool

2015-06-24  Luyao Huang  <lhuang@redhat.com>

	conf: improve the way we format blkiotune and cputune
	Just refactor existing code to use a child buf instead of
	check all element before format <blkiotune> and <cputune>.
	This will avoid the more and more bigger element check during
	we introduce new elements in <blkiotune> and <cputune> in the
	future.

2015-06-24  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix trivial copy-paste error

2015-06-24  Luyao Huang  <lhuang@redhat.com>

	Improve some errors for openconsole/channel
	Functions like virDomainOpenConsole() and virDomainOpenChannel() accept
	NULL as a dev_name parameter.  Try using alias for the error message if
	dev_name is not specified.

	Before:
	  error: internal error: character device <null> is not using a PTY

	After:
	  error: internal error: character device serial0 is not using a PTY

2015-06-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Enforce scheduler name when parsing XML
	We require the scheduler name attribute in the schemas but the code
	would actually be fine when it was omitted. Make it mandatory.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1234729

2015-06-23  Michal Privoznik  <mprivozn@redhat.com>

	docs: Properly mark acl.html dependencies
	The acl.html file includes aclperms.htmlinc which is generated.
	However, acl.html is generated too from acl.html.tmp. And in fact,
	this is the place where the aclperms file is needed. Fix the
	dependency in Makefile.

2015-06-23  John Ferlan  <jferlan@redhat.com>

	storage: Force setting of disk format type
	Commit id '832a9256' adjusted the code to recognize when the default
	type of "unknown" was provided as the format type and to use "dos" if
	found. Since the pool is built with "dos" and it could cause some
	confusion when formatting the XML after building by seeing "unknown"
	in the output, let's just adjust the pool's setting to "dos" so that
	subsequent formats will see the value.

	docs: Adjust Disk storage rng
	Currently the grammar uses "none" for a "valid" Disk Storage Pool
	format type; however, virStoragePoolFormatDisk uses "unknown" so
	virt-xml-validate will fail to validate when "unknown" is found

2015-06-23  Martin Kletzander  <mkletzan@redhat.com>

	admin: Fix mingw build by reordering includes
	By trying to lead the way of clean includes, I sorted the lines
	alphabetically and that is a problem for mingw builds with gnulib.
	As 'configmake.h' defines DATADIR and 'datatypes.h' transitively
	includes 'winsock.h' that uses 'DATADIR' as a name for a struct,
	it's enough to reorder those.

	Even though this might be worked around in gnulib later on, this
	fixes the build for now.

2015-06-22  Eric Farman  <farman@linux.vnet.ibm.com>

	docs: Correct typos in scsi hostdev and address elements
	The type='scsi' parameter of an address element is ignored
	if placed within a hostdev section, and rejected by the XML
	schema used by virt-xml-validate. Remove it from the doc,
	and correct a typo in the remaining address arguments.

	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-06-22  Eric Farman  <farman@linux.vnet.ibm.com>

	docs: Fix XML schema handling of LUN address in hostdev tag
	Defining a domain with a SCSI disk attached via a hostdev
	tag and a source address unit value longer than two digits
	causes an error when editing the domain with virsh edit,
	even if no changes are made to the domain definition.
	The error suggests invalid XML, somewhere:

	  # virsh edit lmb_guest
	  error: XML document failed to validate against schema:
	  Unable to validate doc against /usr/local/share/libvirt/schemas/domain.rng
	  Extra element devices in interleave
	  Element domain failed to validate content

	The virt-xml-validate tool fails with a similar error:

	  # virt-xml-validate lmb_guest.xml
	  Relax-NG validity error : Extra element devices in interleave
	  lmb_guest.xml:17: element devices: Relax-NG validity error :
	  Element domain failed to validate content
	  lmb_guest.xml fails to validate

	The hostdev tag requires a source address to be specified,
	which includes bus, target, and unit address attributes.
	According to the SCSI Architecture Model spec (section
	4.9 of SAM-2), a LUN address is 64 bits and thus could be
	up to 20 decimal digits long.  Unfortunately, the XML
	schema limits this string to just two digits.  Similarly,
	the target field can be up to 32 bits in length, which
	would be 10 decimal digits.

	  # lsscsi -xx
	  [0:0:19:0x4022401100000000]  disk    IBM      2107900          3.44 /dev/sda
	  # lsscsi
	  [0:0:19:1074872354]disk    IBM      2107900          3.44  /dev/sda
	  # cat lmb_guest.xml
	  <domain type='kvm'>
	    <name>lmb_guest</name>
	    <memory unit='MiB'>1024</memory>
	  ...trimmed...
	    <devices>
	      <controller type='scsi' model='virtio-scsi' index='0'/>
	      <hostdev mode='subsystem' type='scsi'>
	        <source>
	          <adapter name='scsi_host0'/>
	          <address bus='0' target='19' unit='1074872354'/>
	        </source>
	      </hostdev>
	  ...trimmed...

	Since the reference unit and target fields are used in
	several places in the XML schema, create a separate one
	specific for SCSI Logical Units that will permit the
	greater length.  This permits both the validation utility
	and the virsh edit command to succeed when a hostdev
	tag is included.

	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-06-22  Eric Farman  <farman@linux.vnet.ibm.com>

	Convert SCSI logical unit from unsigned int to unsigned long long
	The SCSI Architecture Model defines a logical unit address
	as 64-bits in length, so change the field accordingly so
	that the entire value could be stored.

	Print SCSI address attributes bus, target, unit as unsigned integer
	The address elements are all unsigned integers, so we should
	use the appropriate print directive when printing it.

	Read SCSI address attributes bus, target, unit as positive integer
	The SCSI address element attributes bus, target, and unit are expected
	to be positive values, so make sure no one provides a negative value since
	the value is stored as an unsigned.

2015-06-22  Eric Blake  <eblake@redhat.com>

	qemu: simplify json parsing
	Rather than grabbing an arbitrary JSON value and then checking
	if it has the right type, we might as well request the correct
	type to begin with.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONIOProcessEvent)
	(qemuMonitorJSONCommandWithFd, qemuMonitorJSONHandleGraphics)
	(qemuMonitorJSONGetStatus, qemuMonitorJSONExtractCPUInfo)
	(qemuMonitorJSONGetVirtType, qemuMonitorJSONGetBalloonInfo)
	(qemuMonitorJSONGetMemoryStats)
	(qemuMonitorJSONDevGetBlockExtent)
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne)
	(qemuMonitorJSONBlockStatsUpdateCapacity)
	(qemuMonitorJSONGetBlockExtent)
	(qemuMonitorJSONGetMigrationStatusReply)
	(qemuMonitorJSONGetDumpGuestMemoryCapability)
	(qemuMonitorJSONAddFd, qemuMonitorJSONQueryRxFilterParse)
	(qemuMonitorJSONExtractChardevInfo)
	(qemuMonitorJSONDiskNameLookupOne)
	(qemuMonitorJSONDiskNameLookup)
	(qemuMonitorJSONGetAllBlockJobInfo)
	(qemuMonitorJSONBlockIoThrottleInfo, qemuMonitorJSONGetVersion)
	(qemuMonitorJSONGetMachines, qemuMonitorJSONGetCPUDefinitions)
	(qemuMonitorJSONGetCommands, qemuMonitorJSONGetEvents)
	(qemuMonitorJSONGetKVMState, qemuMonitorJSONGetObjectTypes)
	(qemuMonitorJSONGetObjectListPaths)
	(qemuMonitorJSONGetObjectProps, qemuMonitorJSONGetTargetArch)
	(qemuMonitorJSONGetMigrationCapabilities)
	(qemuMonitorJSONGetStringArray, qemuMonitorJSONAttachCharDev)
	(qemuMonitorJSONGetCPUx86Data, qemuMonitorJSONGetIOThreads)
	(qemuMonitorJSONGetMemoryDeviceInfo): Use shorter idioms.

2015-06-22  Eric Blake  <eblake@redhat.com>

	json: make it easier to type-check when getting from object
	While working in qemu_monitor_json, I repeatedly found myself
	getting a value then checking if it was an object.  Add some
	wrappers to make this task easier.

	* src/util/virjson.c (virJSONValueObjectGetByType)
	(virJSONValueObjectGetObject, virJSONValueObjectGetArray): New
	functions.
	(virJSONValueObjectGetString, virJSONValueObjectGetNumberInt)
	(virJSONValueObjectGetNumberUint)
	(virJSONValueObjectGetNumberLong)
	(virJSONValueObjectGetNumberUlong)
	(virJSONValueObjectGetNumberDouble)
	(virJSONValueObjectGetBoolean): Simplify.
	(virJSONValueIsNull): Change return type.
	* src/util/virjson.h: Reflect changes.
	* src/libvirt_private.syms (virjson.h): Export them.
	* tests/jsontest.c (testJSONLookup): New test.

2015-06-22  Eric Blake  <eblake@redhat.com>

	json: fully parse input string
	I was adding a JSON test, and was shocked to find out our parser
	treated the input string of "1" as invalid JSON.  It turns out
	that YAJL specifically documents that it buffers input, and that
	if the last input read could be a prefix to a longer token, then
	you have to explicitly tell the parser that the buffer has ended
	before that token will be processed.

	It doesn't help that yajl 2 renamed the function from what it was
	in yajl 1.

	* src/util/virjson.c (virJSONValueFromString): Complete parse, in
	case buffer ends in possible token prefix.
	* tests/jsontest.c (mymain): Expose the problem.

2015-06-22  Peter Krempa  <pkrempa@redhat.com>

	test: Switch to reference counting with testDomObjFromDomain
	Retrieve domain objects with reference and release them with
	virDomainObjEndAPI.

	test: Reuse virDomainObjGetOneDef in testDomainGetVcpusFlags
	The test driver copies the domain definition correctly so we can reuse
	the helper.

2015-06-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: blockcopy: Report error if the copy job fails
	When the block job would fail while watching it using the "--wait"
	option for blockcopy, virsh would rather unhelpfully report:

	$ virsh blockcopy vm hdc /tmp/raw.img --granularity 4096 --verbose --wait

	Now in mirroring phase

	Add a special case when the block job vanishes while waiting for it to
	finish to improve the message:

	$ virsh blockcopy vm hdc /tmp/raw.img --granularity 8192 --verbose --wait
	error: Block Copy unexpectedly failed

2015-06-22  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsComputeCmdFlags: Indent correctly
	There's a small formatting problem in the function. One line is
	not correctly indented. Fix this.

2015-06-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: caps: Fix syntax-check failure in version based capabilities
	A single-line 'if' body should not be encased in curly braces. Our
	syntax-check enforces it. Introduced in 7f3515b4bb677d0ead1887547efc844

2015-06-21  Pavel Fedin  <p.fedin@samsung.com>

	Introduce QEMU_CAPS_ARM_VIRT_PCI
	This capability specifies that "virt" machine on ARM has PCI controller. Enabled when version is at least 2.3.0.

2015-06-19  Ian Campbell  <ian.campbell@citrix.com>

	libxl: avoid freeing an uninitialised bitmap
	If vm->def->cputune.nvcpupin is 0 in libxlDomainSetVcpuAffinities (as
	seems to be the case on arm) then the VIR_FREE after cleanup: would be
	operating on an uninitialised pointer in map.map.

	Fix this by using libxl_bitmap_init and libxl_bitmap_dispose in the
	appropriate places (like VIR_FREE, libxl_bitmap_dispose is also
	idempotent, so there is no double free on exit from the loop).

	libxl_bitmap_dispose is slightly preferable since it also sets
	map.size back to 0, avoiding a potential source of confusion.

	This fixes the crashes we've been seeing in the Xen automated tests on
	ARM.

	I had a glance at the handful of other users of libxl_bitmap and none
	of them looked to have a similar issue.

2015-06-19  Vasiliy Tolstov  <v.tolstov@selfip.ru>

	update sheepdog client] update sheepdog client path
	Nnever sheepdog versions have dog client binary
	while old have collie. Check them both.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: cancel drive mirrors when p2p connection breaks
	When a connection to the destination host during a p2p migration drops,
	we know we will have to cancel the migration; it doesn't make sense to
	waste resources by trying to finish the migration. We already do so
	after sending "migrate" command to QEMU and we should do it while
	waiting for drive mirrors to become ready too.

	qemu: Refactor qemuMigrationWaitForCompletion
	Checking status of all part of migration and aborting it when something
	failed is a complex thing which makes the waiting loop hard to read.
	This patch moves all the checks into a separate function similarly to
	what was done for drive mirror loops.

	qemu: Don't pass redundant job name around
	Instead of passing current job name to several functions which already
	know what the current job is we can generate the name where we actually
	need to use it.

	qemu: Refactor qemuMigrationUpdateJobStatus
	Once we start waiting for migration events instead of polling
	query-migrate, priv->job.current will not be regularly updated anymore
	because we will get the current status directly from the events. Thus
	virDomainGetJob{Info,Stats} will have to query QEMU, but they can't just
	blindly update priv->job.current structure. This patch introduces
	qemuMigrationFetchJobStatus which just fills in a caller supplied
	structure and makes qemuMigrationUpdateJobStatus a tiny wrapper around
	it.

	qemu: Refactor qemuDomainGetJob{Info,Stats}
	Move common parts of qemuDomainGetJobInfo and qemuDomainGetJobStats into
	a separate API (qemuDomainGetJobStatsInternal).

	qemu: Do not poll for spice migration status
	QEMU_CAPS_SEAMLESS_MIGRATION capability says QEMU supports
	SPICE_MIGRATE_COMPLETED event. Thus we can just drop all code which
	polls query-spice and replace it with waiting for the event.

	qemu_monitor: Wire up SPICE_MIGRATE_COMPLETED event

	qemu: Use domain condition for asyncAbort
	To avoid polling for asyncAbort flag changes.

	qemu: Cancel disk mirrors after libvirtd restart
	When libvirtd is restarted during migration, we properly cancel the
	ongoing migration (unless it managed to almost finished before the
	restart). But if we were also migrating storage using NBD, we would
	completely forget about the running disk mirrors.

	qemu: Refactor qemuMonitorBlockJobInfo
	"query-block-jobs" QMP command returns all running block jobs at once,
	while qemuMonitorBlockJobInfo would only report one. This is not very
	nice in case we need to check several block jobs. This patch refactors
	the monitor code to always parse all block jobs and store them in a
	hash.

	qemu: Make qemuMigrationCancelDriveMirror usable without async job
	We don't have an async job when reconnecting to existing domains after
	libvirtd restart.

	Pass domain object to private data formatter/parser
	So that they can format private data (e.g., disk private data) stored
	elsewhere in the domain object.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't mess with disk->mirrorState
	This patch reverts commit 76c61cdca20c106960af033e5d0f5da70177af0f.

	VIR_DOMAIN_DISK_MIRROR_STATE_ABORT says we asked for a block job to be
	aborted rather than saying it was aborted. Let's just use
	VIR_DOMAIN_DISK_MIRROR_STATE_NONE consistently whenever a block job
	finishes since no caller depends on VIR_DOMAIN_DISK_MIRROR_STATE_ABORT
	(anymore) to check whether a block job failed or it was cancelled.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Abort migration early if disk mirror failed
	Abort migration as soon as we detect that some of the disk mirrors
	failed. There's no sense in trying to finish memory migration first.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Cancel storage migration in parallel
	Instead of cancelling disk mirrors sequentially, let's just call
	block-job-cancel for all migrating disks and then wait until all
	disappear.

	In case we cancel disk mirrors at the end of successful migration we
	also need to check all block jobs completed successfully. Otherwise we
	have to abort the migration.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use domain condition for synchronous block jobs
	By switching block jobs to use domain conditions, we can drop some
	pretty complicated code in NBD storage migration.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly report failed migration
	Because we are polling we may detect some errors after we asked QEMU for
	migration status even though they occurred before. If this happens and
	QEMU reports migration completed successfully, we would happily report
	the migration succeeded even though we should have cancelled it because
	of the other error.

	In practise it is not a big issue now but it will become a much bigger
	issue once the check for storage migration status is moved inside the
	loop in qemuMigrationWaitForCompletion.

2015-06-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce qemuBlockJobUpdate
	The wrapper is useful for calling qemuBlockJobEventProcess with the
	event details stored in disk's privateData, which is the most likely
	usage of qemuBlockJobEventProcess.

	conf: Introduce per-domain condition variable
	Complex jobs, such as migration, need to monitor several events at once,
	which is impossible when each of the event uses its own condition
	variable. This patch adds a single condition variable to each domain
	object. This variable can be used instead of the other event specific
	conditions.

2015-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerServiceClose: Don't leak sockets
	Well, if a server is being destructed, all underlying services and
	their sockets should disappear with it. But due to bug in our
	implementation this is not the case. Yes, we are closing the sockets,
	but that's not enough. We must also:

	1) Unregister them from the event loop
	2) Unref the service for each socket

	The last step is needed, because each socket callback holds a
	reference to the service object. Since in the first step we are
	unregistering the callbacks, they no longer need the reference.

2015-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virNetSocket: Fix @watch corner case
	Although highly unlikely, nobody says that virEventAddHandle()
	can't return 0 as a handle to socket callback. It can't happen
	with our default implementation since all watches will have value
	1 or greater, but users can register their own callback functions
	(which can re-use unused watch IDs for instance). If this is the
	case, weird things may happen.

	Also, there's a little bug I'm fixing too, upon
	virNetSocketRemoveIOCallback(), the variable holding callback ID
	was not reset. Therefore calling AddIOCallback() once again would
	fail. Not that we are doing it right now, but we might.

2015-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virNetSocketRemoveIOCallback: Be explicit about unref
	When going through the code I've notice that
	virNetSocketAddIOCallback() increases the reference counter of
	@socket. However, its counter part RemoveIOCallback does not. It took
	me a while to realize this disproportion. The AddIOCallback registers
	our own callback which eventually calls the desired callback and then
	unref the @sock. Yeah, a bit complicated but it works. So, lets note
	this hard learned fact in a comment in RemoveIOCallback().

	daemonSetupNetworking: Don't leak services
	When setting up the daemon networking, new services are created. These
	services then have sockets to listen on. Once created, the service
	objects are added to corresponding server object. However, during that
	process, server increases reference counter of the service object. So,
	at the end of the function, we should decrease it again. This way the
	service objects will have only 1 reference, but that's okay since
	servers are the only objects having a reference.

2015-06-19  Peter Krempa  <pkrempa@redhat.com>

	lib: setvcpus: Remove bogus flag check
	Since VIR_DOMAIN_AFFECT_CURRENT is 0 the flag check does not make sense
	as masking @flags with 0 will always equal to false.

2015-06-18  John Ferlan  <jferlan@redhat.com>

	scsi: Adjust return status from getBlockDevice
	https://bugzilla.redhat.com/show_bug.cgi?id=1224233

	Currently it's not possible to determine the difference between a
	fatal memory allocation or failure to open/read the directory error
	with a perhaps less fatal, I didn't find the "block" device in the
	directory (which may be a disk entry without a block device).

	In the case of the latter, we shouldn't cause failure to continue
	searching in the caller (virStorageBackendSCSIFindLUs), rather we
	should allow trying reading the next directory entry.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	virsh: selective block device migration
	Add `virsh migrate' option `--migrate-disks' that allows CLI user to
	explicitly specify block devices to migrate.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	qemu: migration: selective block device migration
	https://bugzilla.redhat.com/show_bug.cgi?id=1203032

	Implement a `migrate_disks' parameters for the QEMU driver. This multi-
	value parameter can be used to explicitly specify what block devices
	are to be migrated using the NBD server. Tunnelled migration using NBD
	is to be done.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	util: add virTypedParamsAddStringList
	The `virTypedParamsAddStringList' function provides interface to add a
	NULL-terminated array of string values as a multi-value to the params.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	util: virTypedParams{Filter,GetStringList}
	Add multikey API:

	 * virTypedParamsFilter that filters all the parameters with specified name.
	 * virTypedParamsGetStringList that returns a list with all the values for
	   specified name and string type.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	util: multi-value parameters in virTypedParamsAdd*
	Allow multi-value parameters to be build using virTypedParamsAdd*
	functions by removing check for duplicates.

2015-06-18  Pavel Boldin  <pboldin@mirantis.com>

	util: multi-value virTypedParameter
	The `virTypedParamsValidate' function now can be instructed to allow
	multiple entries for some of the keys. For this flag the type with
	the `VIR_TYPED_PARAM_MULTIPLE' flag.

	Add unit tests for this new behaviour.

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationDriveMirror: Force raw format for NBD
	When playing with disk migration lately, I've noticed this warning in
	domain logs:

	WARNING: Image format was not specified for 'nbd://masina:49153/drive-virtio-disk0' and probing guessed raw.
	         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
	         Specify the 'raw' format explicitly to remove the restrictions.

	So I started digging into qemu source code to see what has triggered
	the warning. I'd expect qemu to know formats of guest's disks since we
	tell them on command line. This lead me to qmp_drive_mirror() where
	the following can be found:

	    if (!has_format) {
	        format = mode == NEW_IMAGE_MODE_EXISTING ? NULL : bs->drv->format_name;
	    }

	So, format is automatically initialized from the disk iff mode !=
	"existing". Unfortunately, in migration we are tied to use this mode
	(NBD doesn't support creating new images). Therefore the only way to
	avoid this warning is to pass format. The discussion on the mail-list [1]
	resulted in the code that always forces NBD export as "raw" format.

	[1] https://www.redhat.com/archives/libvir-list/2015-June/msg00153.html

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationBeginPhase: Fix function header indentation
	This function is returning a string (domain XML). Since d3ce7363
	when it was first introduced, it was indented incorrectly:

	static char
	*qemuMigrationBeginPhase(..)

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	virDomainDiskGetSource: Mark passed disk as 'const'
	The disk is not changed anywhere in the function. Mark this fact
	in the function header too.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix double space in error message in qemuDomainGetVcpusFlags

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Jump to correct label in qemuDomainPinIOThread
	If virDomainObjGetDefs used in qemuDomainPinIOThread would fail the code
	would jump to the 'cleanup' label after acquiring the job, thus the VM
	would be locked forever.

	Introduced in commit cac6d639.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Move vcpu info parsing code into a separate function

	qemu: 'privileged' flag is not really configuration
	The privileged flag will not change while the configuration might
	change. Make the 'privileged' flag member of the driver again and mark
	it immutable. Should that ever change add an accessor that will group
	reads of the state.

	qemu: Reuse virDomainObjGetDefs in qemuDomainGetMemoryParameters
	Simplify the code by restructuring control flow and reusing the better
	helper.

	qemu: Refactor qemuDomainGetMemoryParameters
	Replace the for loops with case inside with temp variables and a macro.

	qemu: Refactor qemuDomainSetNumaParameters
	Use virDomainObjGetDefs and sanitize the control flow.

	qemu: Simplify qemuDomainSetInterfaceParameters by using virDomainObjGetDefs

	qemu: Simplify qemuDomainGetVcpusFlags by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetEmulatorPinInfo by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetVcpuPinInfo by using virDomainObjGetOneDef
	virDomainObjGetOneDef is simpler to use than virDomainObjGetDefs

	qemu: Simplify qemuDomainGetNumaParameters by using virDomainObjGetOneDef

	qemu: Simplify qemuDomainGetInterfaceParameters by using virDomainObjGetOneDef

	conf: Introduce helper to help getting correct def for getter functions
	virDomainObjGetOneDef will help to retrieve the correct definition
	pointer from @vm in cases where VIR_DOMAIN_AFFECT_LIVE and
	VIR_DOMAIN_AFFECT_CONFIG are mutually exclusive. The function simply
	returns the correct pointer. This similarly to virDomainObjGetDefs will
	greatly simplify the code.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix virDomainObjGetDefs when getting persistent config on a live vm
	If @flags contains only VIR_DOMAIN_AFFECT_CONFIG and @vm is active, the
	function would return the active config rather than the persistent one
	that it should return. This happened due to the fact that
	virDomainObjGetDefs was checking the updated flags which may not contain
	VIR_DOMAIN_AFFECT_LIVE if it is not requested even if @vm is active.

	Additionally the function would not take the flags into account when
	setting the pointers which was later used to determine whether the code
	needs to update the given configuration.

	The mistake was caught by the virt-test suite.

2015-06-18  James Cowgill  <james410@cowgill.org.uk>

	qemu: implement address for isa-serial
	I needed to specify the iobase address for certain exotic mips configurations.

2015-06-18  Luyao Huang  <lhuang@redhat.com>

	qemu: Add a check for slot and base dimm address conflicts
	When hotplugging a memory device, there wasn't a check to determine
	if there is a conflict with the address space being used by the to
	be added memory device and any existing device which is disallowed by qemu.

	This patch adds a check to ensure the new device address doesn't
	conflict with any existing device.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	daemon: Add the admin service to the admin server only if it was allocated
	If the admin service is disabled it would not be allocated, but the NULL
	pointer still would be added to the admin server. Since
	virNetServerAddService would dereference it, the daemon would crash.

	Move the service registration into the block that allocates it.

2015-06-18  Peter Krempa  <pkrempa@redhat.com>

	rpc: Actually increase reference count on @srv in virNetDaemonAddServer
	VIR_APPEND_ELEMENT would clear @srv to NULL after it successfully
	inserted it thus the reference count could not be increased afterwards.

	Switch to VIR_APPEND_ELEMENT_COPY. This fixes crash after terminating
	the daemon.

2015-06-18  Mikhail Feoktistov  <mfeoktistov@virtuozzo.com>

	parallels: Fix false error messages in libvirt log
	There was many errors in libvirt.log caused by prlsdkDelNet function because
	job variable was always initialized as PRL_INVALID_HANDLE
	In this patch job variable gets return value of PrlSrv_DeleteVirtualNetwork function()

	parallels: Fix initialization of buflen variable in each loop iteration
	We need to initialize buflen every time when we get network adapter's
	friendly name because we call PrlVmDev_GetFriendlyName in a loop

2015-06-18  Ján Tomko  <jtomko@redhat.com>

	remove redundant condition
	If the address type is SPAPRVIO, it will match the != NONE condition.

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	virSysinfo: Introduce SMBIOS type 2 support
	https://bugzilla.redhat.com/show_bug.cgi?id=1220527

	This type of information defines attributes of a system
	baseboard. With one exception: board type is yet not implemented
	in qemu so it's not introduced here either.

2015-06-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Report all supported machine types in capabilities
	Some machine types are only reported as canonical names for other
	machine types, which make it a bit harder to find what machine types are
	supported by a specific QEMU binary. Ideally, one would just use
	/capabilities/guest/arch[@name='...']/machine/text() XPath to get a list
	of all supported machine types, but it doesn't work right now.

	For example, we report

	    <machine canonical='pc-i440fx-2.3' maxCpus='255'>pc</machine>

	in guest capabilities, but the corresponding

	    <machine maxCpus='255'>pc-i440fx-2.3</machine>

	is missing.

	This is a result of QMP probing. With "-machine ?" parsing QEMU sends
	us two lines:

	pc                   Standard PC (i440FX + PIIX, 1996) (alias of pc-i440fx-2.3)
	pc-i440fx-2.3        Standard PC (i440FX + PIIX, 1996) (default)

	while query-machines QMP command reports both in the same entry:

	{"name": "pc-i440fx-2.3", "is-default": true, "cpu-max": 255, "alias": "pc"}

	Let's make sure we always report separate <machine/> for both the
	canonical name and its alias and using the canonical name as the default
	machine type (i.e., inserting it before its alias) in case is-default is
	true.

	https://bugzilla.redhat.com/show_bug.cgi?id=1229666

2015-06-18  Michal Privoznik  <mprivozn@redhat.com>

	tests: Sort EXTRA_DIST in the Makefile
	We tend to keep the folders in the EXTRA_DIST sorted alphabetically.
	However, we've failed sometimes and the list is not ordered anymore.
	Reorder it back.

	daemon: Don't just include admin RPC
	So, it's a little paradox that we use the file twice. Firstly to build
	libvirt-admin.la (a client side of the Admin API), then once again to
	build the server side. Well, the problem is, this does not play nicely
	with the distclean since the file is generated. So while it's removed
	in the src/ the distclean running in daemon/ will not find the file
	and fail. The file is needed because it contains the RPC wrappers. So
	let's leave the client code as is and from the daemon/ just link the
	client library. The linker will find desired symbols and use them.

2015-06-17  Laine Stump  <laine@laine.org>

	nodedev: update netdev feature bits before each dumpxml
	As with several other attributes of devices (link status, sriov VF
	list, IOMMU group list), the detdev feature bits aren't automatically
	updated in the nodedev driver's cache when they change. In order to
	get a properly up-to-date list when getting the XML of a device, we
	must reget them in update-caps prior to each dumpxml.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1232880

2015-06-17  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Don't expect virt-admin in libvirt-admin yet
	While Martin introduced the binary (and its manpage) in commit
	4e7ccf87133 it was pushed by mistake. Therefore it was reverted in
	220393bfb043. The problem is, the original commit was not quite right
	as the binary was added into the spec file in a different commit:
	55e0c840af. So as long as the binary does not exist, we must remove it
	from the spec file too.

	tests: Follow virnetserver to virnetdaemon transition
	In a4746114582 the virnetserver test was renamed to virnetdaemon.
	Moreover, as the test relies on some data stored under
	virnetserverdata/ the folder was renamed too. But this was not
	reflected in the Makefile. Therefore when building outside of the
	repository, the data folder was not distributed and test failed.

	daemon: Distribute admin_server.h
	The Admin API consists of a few files on daemon side. Notably
	daemon/admin_server.{ch}. While they are both on the repo, only
	the .c file is mentioned in Makefile. Therefore, .h is not
	distributed and 'make rpm' fails.

2015-06-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: substitute parallels with vz spec file and Makefile
	Since we have changed the name of the driver to vz, let's
	reference it as vz everywhere.

	parallels: rename all parallels files and driver directory to vz
	This patch moves all src/parallels/parallels* files to vz/vz*
	and fixes build accordingly.
	No functional changes.

	parallels: substitute parallels with vz in strings
	Here we stop referencing vz driver by different names
	in error messages. 'parallels driver', 'Parallels Cloud
	Server', 'Parallels driver' all become just 'vz driver'.
	No functional changes. Only renaming and a bit of rewording.

	parallels: change parallels prefixes to vz
	This patch changes all parallels/vz driver structure and
	function prefixes from parallels to vz.
	No functional changes.

2015-06-16  Michal Privoznik  <mprivozn@redhat.com>

	daemon/Makefile: Add forgotten dependency
	In latest patches we added Admin API. However, the Makefile in daemon
	was missing one dependency: admin_server.c is including generated file
	admin_dispatch.h. However, this dependency was not explicitly marked
	in the Makefile therefore the build happened to fail on some
	occasions.

2015-06-16  Erik Skultety  <eskultet@redhat.com>

	virfile: virDirCreate: Insert blank lines to assure slightly better readability

2015-06-16  Erik Skultety  <eskultet@redhat.com>

	util: virfile: Fix 'unknown cause' error if NFS mount point creation fails
	This happens if user requires creation of a directory with specified
	UID/GID permissions. To accomplish this, we use fork approach and
	set particular UID/GID permissions in child process. However, child
	process doesn't have a valid descriptor to a logfile (this is prohibited
	explicitly) and since parent process doesn't handle negative exit codes from
	child in any way, 'uknown cause' error is returned to the user.

	Commit 92d9114e tweaked the way we handle child errors when using fork
	approach to set specific permissions (features originally introduced
	by 98f6f381). The same logic should be used to create directories with
	specified permissions as well.

	https://bugzilla.redhat.com/show_bug.cgi?id=1230137

2015-06-16  Erik Skultety  <eskultet@redhat.com>

	util: virDirCreate: Child now exits with positive errno-code
	Previous patch of this series proposed a fix to virDirCreate, so that parent
	process reports an error if child process failed its task.
	However our logic still permits the child to exit with negative errno followed
	by a check of the status on the parent side using WEXITSTATUS which, being
	POSIX compliant, takes the lower 8 bits of the exit code and returns is to
	the caller. However, by taking 8 bits from a negative exit code
	(two's complement) the status value we read and append to stream is
	'2^8 - abs(original exit code)' which doesn't quite reflect the real cause when
	compared to the meaning of errno values.

2015-06-16  Eric W. Biederman  <ebiederm@xmission.com>

	lxc: set nosuid+nodev+noexec flags on /proc/sys mount
	Future kernels will mandate the use of nosuid+nodev+noexec
	flags when mounting the /proc/sys filesystem. Unconditionally
	add them now since they don't harm things regardless and could
	mitigate future security attacks.

2015-06-16  John Ferlan  <jferlan@redhat.com>

	util: Fix Coverity RESOURCE_LEAK
	Commit id 'e44b0269c9' in advertently checked !dir before calling closedir

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Rename daemon to dmn
	On older systems it shadows global declaration of daemon() function.

	netserver: Remove duplicate forward declaration
	Commit fa14207368820b264123ba8429927b62258f996e added forward
	declaration of virNetServerPtr into virnetserver.h even though we are
	keeping these in virnetserverprogram.h due to older compilers having
	problems with duplicate ones.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Revert "rpc: Add virNetServerGetNClients"
	This reverts commit 6bda9f8aa2cd07a3defda571c7d61401fd66c226.

	I mistakenly pushed it along with the Admin API series.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Revert "admin: Add virAdmHello function"
	This reverts commit 5792fabb7b712749147e9d03348c798dc1943651.

	I mistakenly pushed it along with the Admin API series.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Revert "Example virt-admin"
	This reverts commit 4e7ccf87133ac59f68bdd0b4897178fa9e2feefd.

	I mistakenly pushed it along with the Admin API series.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Change livbirt version to 1.3.0 for the next release
	Since the background for Admin API is merged upstream, we are bumping
	the minor release version as discussed previously

	Example virt-admin
	You had only one job.  That's what you can say about this example
	binary.  In future, parts of virsh that are usable for this binary
	should be split into separate shell-utils and virt-admin should gain all
	the cool features of virsh without too much code addition.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	admin: Add virAdmHello function
	Just one of the simplest functions that returns string "Clients: X"
	where X is the number of connected clients to daemon's first
	subserver (the original one), so it can be tested using virsh, ipython,
	etc.

	The subserver is gathered by incrementing its reference
	counter (similarly to getting qemu capabilities), so there is no
	deadlock with admin subserver in this API.

	Here you can see how functions should be named in the client (virAdm*)
	and server (adm*).

	There is also a parameter @flags that must be 0, which helps testing
	proper error propagation into the client.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Add virNetServerGetNClients
	This function accesses the number of connected clients while properly
	locking the server it returns the data about.

	Add support for admin API in libvirt daemon
	For this to pe properly separated from other protocols used by the
	server, there is second server added which allows access to the whole
	virNetDaemon to its clients.

	Add configuration options for permissions on daemon's admin socket
	This is not going to be very widely used, but for some corner cases and
	easier (unsafe) debugging, it might be nice.

	Add XML files with admin API specification
	No online docs are build from it since it doesn't really fit into our
	document structure and new page will need to be created for it, but this
	is at least a heads-up commit for easier parsing in order to build some
	documentation (or python bindings) later on.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Add libvirt-admin library
	Initial scratch of the admin library.  It has its own virAdmConnectPtr
	that inherits from virAbstractConnectPtr and thus trivially supports
	error reporting.

	There's pkg-config file added and spec-file adjusted as well.

	Since the library should be "minimalistic" and not depend on any other
	library, the list of files is especially crafted for it.  Most of them
	could've been put to it's own sub-libraries that would be LIBADD'd to
	libvirt_util, libvirt_net_rpc and libvirt_setuid_rpc_client to minimize
	the number of object files being built, but that's a refactoring that
	isn't the orginal aim of this commit.

2015-06-16  Martin Kletzander  <mkletzan@redhat.com>

	Add admin error domain
	Just the addition of VIR_FROM_ADMIN to the enum of error domains.

	Build client headers for admin protocol

	Add admin protocol
	For now there are only CONNECT_OPEN and CONNECT_CLOSE procedures.

	Teach gendispatch how to handle admin dispatching files
	Since this is just a new option for gendispatch, it looks more like a
	cleanup.  The only differences handled by it are connect pointers,
	private pointers and API naming customs.

	tests: Adapt virnetservertest to daemon refactor
	Rename the test to virnetdaemontest and use virNetDaemon objects instead
	of virNetServer inside.

	Move daemon-related parts of virNetServer to virNetDaemon
	This allows to have more servers in one daemon which helps isolating
	some resources.

2015-06-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: properly clean up qemu-nbd
	Add the qemu-nbd tasks to the container cgroup to make sure those will
	be killed when the container is stopped. In order to reliably get the
	qemu-nbd tasks PIDs, we use /sys/devices/virtual/block/<DEV>/pid as
	qemu-nbd is daemonizing itself.

	Add virProcessGetPids to get all tasks of a process
	This function gets all the PIDs listed in /proc/PID/task. This will be
	needed at least to move all qmeu-nbd tasks to the container cgroup.

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Generate correct parameters for CIFS
	https://bugzilla.redhat.com/show_bug.cgi?id=1186969

	When generating the path to the dir for a CIFS/Samba driver, the code
	would generate a source path for the mount using "%s:%s" while the
	mount.cifs expects to see "//%s/%s". So check for the cifsfs and
	format the source path appropriately.

	Additionally, since there is no means to authenticate, the mount
	needs a "-o guest" on the command line in order to anonymously mount
	the Samba directory.

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Adjust command arglist for gluster
	In order for the glusterfs boolean to be set, the pool->def->type must be
	VIR_STORAGE_POOL_NETFS, thus the check within virCommandNewArgList whether
	pool->def->type is VIR_STORAGE_POOL_FS will never be true, so remove it

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Fix the schema and add tests for cifs pool
	Commit id '887dd362' added support for a netfs pool format type 'cifs'
	and 'gluster' in order to add rng support for Samba and glusterfs netfs
	pools. Originally, the CIFS type support was added as part of commit
	id '61fb6979'. Eventually commit id 'b325be12' fixed the gluster rng
	definition to match expectations.

	As it turns out the CIFS rng needed a similar change since the directory
	path is not an absDirPath, rather just a dirPath will be required.

2015-06-15  Guido Günther  <agx@sigxcpu.org>

	configure: Remove check for pkcheck_supports_uid
	We're using Polkit's DBus API so no need to check wether this feature is
	supported. We don't use the result or the path to the pkcheck program
	anywhere.

2015-06-15  Martin Kletzander  <mkletzan@redhat.com>

	tests: Use libvirt properly with initialization and error dispatching
	We were using "complicated" error printing in virnetservertest even
	though we could've just dispatched the error.  Also add some good
	practices that might come in handy (the code may fail without proper
	initialization and event loop).

	Generate JSON with mDNS entries only when built --with-avahi
	One string was already used only if that condition was true, second one
	is added now.  Both are used in a nicer way.

	rpc: Fix possible crash when MDNSAddEntry fails
	If virNetServerMDNSAddEntry() fails when adding a service to a server,
	it doesn't decrease the number of services.  Hence access to their
	members segfaults (e.g. when free()-ing the sruct).

	build: Remove unnecessarily repeated rules for syms -> def
	Suggested-by: Michal Prívozník <mprivozn@redhat.com>

2015-06-15  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: monitor: Add memory balloon support for virtio-ccw
	The search for the memory balloon driver object is extended by a
	second known name "virtio-balloon-ccw" in support for virtio-ccw.

	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Eric Farman <farman@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>

2015-06-15  Ján Tomko  <jtomko@redhat.com>

	man: clarify usage of virsh blockcopy with --xml
	The --xml option is mandatory if an XML description is used.
	Otherwise the third parameter is treated as the destination.

	https://bugzilla.redhat.com/show_bug.cgi?id=1206406#c3

2015-06-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: emulatorpin: Don't reset pinning when pinning to all cpus
	Similarly to a02a161bb8a6caf0db4dd446ed1cdf53d97b40 remove the default
	pinning assumption from emulatorpin.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1227180

2015-06-15  Michal Privoznik  <mprivozn@redhat.com>

	getOldStyleBlockDevice: Adjust formatting
	Instead of initializing return value to zero (success) and overwriting
	it on every failure just before the control jumps onto 'out' label,
	let's initialize to an error value and set to zero only when we are
	sure about the success. Just follow the pattern we have in the rest of
	the code.

	getNewStyleBlockDevice: Adjust formatting
	Instead of initializing return value to zero (success) and overwriting
	it on every failure just before the control jumps onto 'out' label,
	let's initialize to an error value and set to zero only when we are
	sure about the success. Just follow the pattern we have in the rest of
	the code.

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Disallow wiping an extended disk partition
	https://bugzilla.redhat.com/show_bug.cgi?id=1225694

	Check if the disk partition to be wiped is the extended partition, if
	so then disallow it. Do this via changing the wipeVol backend to check
	the volume before passing to the common virStorageBackendVolWipeLocal

2015-06-15  Ján Tomko  <jtomko@redhat.com>

	qemu caps: spell queue

2015-06-15  John Ferlan  <jferlan@redhat.com>

	qemu: Do not support 'serial' scsi-block 'lun' devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1021480

	Seems the property has been deprecated for qemu, although seemingly ignored.

	This patch enforces from a libvirt perspective that a scsi-block 'lun'
	device should not provide the 'serial' property.

2015-06-15  John Ferlan  <jferlan@redhat.com>

	storage: Need to set secrettype for direct iscsi disk volume
	https://bugzilla.redhat.com/show_bug.cgi?id=1200206

	Commit id '1b4eaa61' added the ability to have a mode='direct' for
	an iscsi disk volume.  It relied on virStorageTranslateDiskSourcePool
	in order to copy any disk source pool authentication information to
	the direct disk volume, but it neglected to also copy the 'secrettype'
	field which ends up being used in the domain volume formatting code.
	Adding a secrettype for this case will allow for proper formatting later
	and allow disk snapshotting to work properly

	Additionally libvirtd restart processing would fail to find the domain
	since the translation processing code is run after domain xml processing,
	so handle the the case where the authdef could have an empty secrettype
	field when processing the auth and additionally ignore performing the
	actual and expected auth secret type checks for a DISK_VOLUME since that
	data will be reassembled later during translation processing of the
	running domain.

2015-06-15  Michal Privoznik  <mprivozn@redhat.com>

	virCapabilitiesDomainDataLookup: Produce saner error message
	During a review, I've noticed this error message that was eventually
	produced when I was trying to define a domain:

	error: invalid argument: could not find capabilities for arch=mips64el
	domaintype=(null)

	Look at the (null). Why is it there? Well, during XML parsing, we try
	to look up the default emulator for given OS type and possibly virt
	type too. And this is the problem, because if we don't want to look up
	by virt type, a -1 is passed to note this fact. Later, the code
	handles -1 just right. Except for error message. When it is
	constructed (in a very fabulous way I must say), the value is compared
	to zero, not -1. And since we don't have any translation from -1 to a
	virt type string, we just print (null).

2015-06-13  Anthony PERARD  <anthony.perard@citrix.com>

	libxl: Add timestamp to the libxl driver log.

2015-06-12  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: update netdevs of the same mac addrs correctly
	If a guest has multiple network devices with the same MAC address,
	when we online update the second device, libvirtd always updates
	the first one.

	commit def31e4c forgot to fix the online updating scenario. We need to
	use virDomainNetFindIdx() to find the correct network device.

2015-06-12  John Ferlan  <jferlan@redhat.com>

	scsi: Need to translate disk source pool in config attach path
	https://bugzilla.redhat.com/show_bug.cgi?id=1228007

	When attaching a scsi volume lun via the attach-device --config or
	--persistent options, there was no translation of the source pool
	like there was for the live path, thus the attempt to modify the config
	would fail since not enough was known about the disk.

2015-06-12  Michal Privoznik  <mprivozn@redhat.com>

	virsysinfo: s/system/sysdef/
	A variable can't be named system, obviously. Well, it can if the
	compiler is new enough to distinguish a variable named system and a
	function call system(). And some older systems, don't have wise
	compiler.

	  CC     util/libvirt_util_la-virsysinfo.lo
	cc1: warnings being treated as errors
	../../src/util/virsysinfo.c: In function 'virSysinfoParseSystem':
	../../src/util/virsysinfo.c:649: error: declaration of 'system' shadows a global declaration [-Wshadow]
	/usr/include/stdlib.h:717: error: shadowed declaration is here [-Wshadow]
	make[3]: *** [util/libvirt_util_la-virsysinfo.lo] Error 1

2015-06-12  Michal Privoznik  <mprivozn@redhat.com>

	cmdNetworkList: Introduce --name, --uuid, --table
	When reviewing some network patches, I've noticed we don't have
	those switches to the 'net-list' command. We should. They are
	merely copied over from 'list' command.

	cmdNetworkList: switch to FILTER
	Instead of sticking to old code pattern use the one laid out by
	cmdList. Use FILTER() macro instead of series of boolean
	variables.

	qemuBuildDriveStr: s/virBufferEscapeString/virBufferAsprintf/
	We are using it to print a value that can't be NULL and does not need
	any escaping anyway.

	virQEMUCapsArch: openrisc vs or32
	With a few exceptions, we assume that qemu binary for given
	architecture has form of qemu-system-$arch. Well, openrisc is yet
	another exception. It's binary is called qemu-system-or32.

	virSysinfoDef: Exempt SYSTEM variables
	Move all the system_* fields into a separate struct. Not only this
	simplifies the code a bit it also helps us to identify whether BIOS
	info is present. We don't have to check all the four variables for
	being not-NULL, but we can just check the pointer to the struct.

	virSysinfoDef: Exempt BIOS variables
	Move all the bios_* fields into a separate struct. Not only this
	simplifies the code a bit it also helps us to identify whether BIOS
	info is present. We don't have to check all the four variables for
	being not-NULL, but we can just check the pointer to the struct.

	tests: Distribute virnetserverdata
	Fairly recently we've introduced virnetservertest. This test has some
	input data stored under tests/virnetserverdata which unfortunately was
	not distributed among with the test. Therefore 'make distcheck'
	failed. Fix this by adding the directory into EXTRA_DIST.

2015-06-11  James Cowgill  <james410@cowgill.org.uk>

	schema: use arch list from basictypes for os arch attribute
	I see no reason to duplicate this list of architectures. This also allows
	more guest architectures to be used with libvirt (like the mips64el qemu
	machine I am trying to run).

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	util: add virJSONValueCopy
	Faster version of virJSONValueFromString(virJSONValueToString()).

2015-06-11  Maxime Leroy  <maxime.leroy@6wind.com>

	qemu: add multiqueue vhost-user support
	This patch adds the support of queues attribute of the driver element
	for vhost-user interface type. Example:

	<interface type='vhostuser'>
	      <mac address='52:54:00:ee:96:6d'/>
	      <source type='unix' path='/tmp/vhost2.sock' mode='client'/>
	      <model type='virtio'/>
	      <driver queues='4'/>
	</interface>

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207692

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add capability for vhost-user multiqueue
	The support for this was added in QEMU with commit
	830d70db692e374b55555f4407f96a1ceefdcc97.  Unfortunately we have to do
	another ugly version-based capability check.  The other option would be
	not to check for the capability at all and leave that to qemu as it's
	done with multiqueue tap devices.

2015-06-11  Maxime Leroy  <maxime.leroy@6wind.com>

	docs: Clarify that attribute name is not used for vhostuser

2015-06-11  Martin Kletzander  <mkletzan@redhat.com>

	conf: Ignore multiqueue with one queue.
	Multi != One.  And indeed, libvirt behaves the same way for queues='1'
	as without such setting.  Let's make it clear in the XML.

2015-06-11  Peter Krempa  <pkrempa@redhat.com>

	util: Make virProcessGetAffinity more readable and fix coverity warning
	Store the cpu count in an intermediate variable and reuse it rather than
	caluclating the index.

	Additionally add a coverity silencing comment.

2015-06-11  Jiri Denemark  <jdenemar@redhat.com>

	apibuild: Generate macro/@string attribute
	If a macro has a string value, the @string attribute will contain the
	value. Otherwise @string attribute will be missing.

	For example, the following macro definition from libvirt-domain.h:

	 /**
	  * VIR_MIGRATE_PARAM_URI:
	  * ...
	  */
	 # define VIR_MIGRATE_PARAM_URI               "migrate_uri"

	will result in

	 <macro name='VIR_MIGRATE_PARAM_URI' file='libvirt-domain' string='migrate_uri'>
	   <info><![CDATA[...]]></info>
	 </macro>

	https://bugzilla.redhat.com/show_bug.cgi?id=1229199

2015-06-11  Jiri Denemark  <jdenemar@redhat.com>

	apibuild: Fix indentation

2015-06-11  Daniel P. Berrange  <berrange@redhat.com>

	rpc: add testing of RPC JSON (de)serialization
	The virNetServer class has the ability to serialize its state
	to a JSON file, and then re-load that data after an in-place
	execve() call to re-connect to active file handles. This data
	format is critical ABI that must have compatibility across
	releases, so it should be tested...

	rpc: add API for checking IPv4/6 availability
	The socket test suite has a function for checking if IPv4
	or IPv6 are available, and returning a free socket. The
	first bit of that will be needed in another test, so pull
	that logic out into a separate helper method.

	rpc: allow selection of TCP address family
	By default, getaddrinfo() will return addresses for both
	IPv4 and IPv6 if both protocols are enabled, and so the
	RPC code will listen/connect to both protocols too. There
	may be cases where it is desirable to restrict this to
	just one of the two protocols, so add an 'int family'
	parameter to all the TCP related APIs.

2015-06-10  Eric Blake  <eblake@redhat.com>

	maint: document use of zanata for translations
	Based on recent list questions on how to contribute a translation fix.

2015-06-10  Michal Privoznik  <mprivozn@redhat.com>

	virNumaSetPagePoolSize: Produce friendlier error message
	https://bugzilla.redhat.com/show_bug.cgi?id=1224587

	The function takes two important arguments (among many others): @node
	and @page_size. From these two a path under /sys is constructed. The
	path is then used to read and write the desired size of huge pages
	pool. However, if the path does not exists due to either @node or
	@page_size having nonexistent value (e.g. there's no such NUMA node or
	no page size like -2), an cryptic error message is produced:

	  virsh # allocpages --pagesize 2049 --pagecount 8 --cellno -2
	  error: Failed to open file '/sys/devices/system/node/node-2/hugepages/hugepages-2049kB/nr_hugepages': No such file or directory

	Add two more checks to catch this and therefore produce much more
	friendlier error messages.

2015-06-10  John Ferlan  <jferlan@redhat.com>

	logical: Fix typo in error message

2015-06-09  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	network: escape quotes for dsmasq conf contents
	dnsmasq conf file contents needs to have quotes escaped for it to
	work.  Because of this, the network-create/start for a network with
	quotes in the name fails. The patch escapes strings for the entries
	that go into the conf file.

	conf: fix domaincommon.rng to accept network name with quotes
	The network name is currently of type "deviceName" but it should be
	"text" as name is defined in the network.rng.

2015-06-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix formatting errors in parallels driver
	This patch fixes several formatting errors, which I
	missed before pushing previous patches. Mostly because
	of missing cppi package.

2015-06-09  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: treat block devices as disks for containers
	We are going to add block devices as disks for containers
	not as filesystems.

	parallels: report SATA bus type for container block devices disks
	As we can add disks based on block devices to containers and bus type
	doesn't have any meaning here, let us report always SATA for them.

	parallels: process '/' mount point correctly for containers
	Since we are going to add block devices as root disks we have
	to specify root mount point for boot block devices. But we
	shouldn't do this if a filesystem disk with such
	target mount point already exists.

	parallels: add isCt parameter to prlsdkGetDiskInfo and prlsdkAddDisk

2015-06-09  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: add block device statistics to driver
	Statistics provided through PCS SDK. As we have only async interface in SDK we
	need to be subscribed to statistics in order to get it. Trivial solution on
	every stat request to subscribe, wait event and then unsubscribe will lead to
	significant delays in case of a number of successive requests, as the event
	will be delivered on next PCS server notify cycle. On the other hand we don't
	want to keep unnesessary subscribtion. So we take an hibrid solution to
	subcsribe on first request and then keep a subscription while requests are
	active. We populate cache of statistics on subscribtion events and use this
	cache to serve libvirts requests.

	 * Cache details.
	Cache is just handle to last arrived event, we call this cache
	as if this handle is valid it is used to serve synchronous
	statistics requests. We use number of successive events count
	to detect that user lost interest to statistics. We reset this
	count to 0 on every request. If more than PARALLELS_STATISTICS_DROP_COUNT
	successive events arrive we unsubscribe. Special value of -1
	of this counter is used to differentiate between subscribed/unsubscribed state
	to protect from delayed events.

	Values of PARALLELS_STATISTICS_DROP_COUNT and PARALLELS_STATISTICS_TIMEOUT are
	just drop-ins, choosen without special consideration.

	 * Thread safety issues
	Use parallelsDomObjFromDomainRef in parallelsDomainBlockStats as
	we could wait on domain lock down on stack in prlsdkGetStatsParam
	and if we won't keep reference we could get dangling pointer
	on return from wait.

2015-06-09  Peter Krempa  <pkrempa@redhat.com>

	virsh: change-media: Fix behavior with --update without a source
	Docs state that it should behave like eject. Currently the code does not
	do that. This is a regression since f4b5f53027da4fed2250628e11bac4019.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1229592

2015-06-09  Andrea Bolognani  <abologna@redhat.com>

	qemu: Capitalize "storage" in qemuDomainAttachUSBMassStorageDevice()

2015-06-08  Cole Robinson  <crobinso@redhat.com>

	qemu: caps: Advertise arm 32-on-64 KVM option
	We need to use qemu-system-aarch64 to run armv7l KVM VMs on an aarch64
	host.

	qemu: caps: qemu-system-aarch64 supports armv7l
	And it always has, so advertise it similarly to i686

2015-06-08  Cole Robinson  <crobinso@redhat.com>

	qemu: command: Support arm 32-on-64 KVM with -cpu aarch64=off
	qemu 2.3.0 added the -cpu host,aarch64=off option, which allows using
	qemu-system-aarch64 KVM to run armv7l VMs.

	Add a capabilities check for it, wire it up in qemu_command, and test
	the command line generation.

2015-06-08  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: return only success from PCS event handler
	2 reasons to to this.
	1. PCS SDK really don't care of handler return value.
	2. It hard to imagine how notifier can handle
	subscriber failures. Even if there are some situations
	we probably will use some special error codes and
	not just throw error codes we get from SDK itself.

	parallels: simplify event types discrimination
	Use issuer type instead of event type to group
	vm related events. This saves us from
	explicit enumeration of all vm event types in
	prlsdkHandleVmEvent.

2015-06-08  Michal Privoznik  <mprivozn@redhat.com>

	utiltest: Use int8_t instead of char.
	Not every architecture out there has 'char' signed by default.
	For instance, my arm box has it unsigned by default:

	  $ gcc -dM -E - < /dev/null | grep __CHAR_UNSIGNED__
	  #define __CHAR_UNSIGNED__ 1

	Therefore, after 65c61e50 the test if failing for me. Problem is,
	we are trying to assign couple of negative values into char
	assuming some will overflow and some don't. That can't be the
	case if 'char' is unsigned by default. Lets use more explicit types
	instead: int8_t and uint8_t where is no ambiguity.

2015-06-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: process: fix build on FreeBSD
	Commit 825df8c3 refactored virProcess{Set,Get}Affinity routines,
	however broke BSD implementation because of the incorrect variable
	name. Fix build by using a proper variable name.

	Pushing as trivial and build break fix.

2015-06-08  Peter Krempa  <pkrempa@redhat.com>

	util: Properly return error from virGetUserID and virGetGroupID stubs
	The stubs for the two functions that are compiled on platforms that
	don't have HAVE_GETPWUID_R and friends defined do not return error but
	report an error message. The calling code then assumes that the @uid or
	@gid arguments were filled, which is not the case in the stubs.

2015-06-05  Ján Tomko  <jtomko@redhat.com>

	Turn qemuMonitorFindBalloonObjectPath into a void function
	We were effectively ignoring its errors anyway.

	Do not access the domain definition in qemuMonitorFindBalloonObjectPath
	The monitor code does not hold the virDomainObjPtr lock and should
	not access the defitinion.

	Only call SetMemoryStatsPeriod for virtio memballoon

	Check for balloon model in qemuDomainSetMemoryStatsPeriod
	There's no point in calling the monitor if there is no balloon.

	Only call qemuMonitorGetMemoryStats for virtio memballoon
	There is nothing to get from the monitor for model='none'.

	Invert the condition in qemuDomainMemoryStats
	It only makes sense if qemuMonitorGetMemoryStats is called,
	but the following patch will make that call conditional.

	Add endjob label to qemuDomainMemoryStats
	Reduce the indentation level.

	Remove path argument from qemuMonitorJSONFindLinkPath
	All the callers use "/" anyway.

2015-06-05  Ján Tomko  <jtomko@redhat.com>

	Introduce qemuMonitorJSONFindLinkPath
	When traversing through the QOM tree, we're looking for
	a link to a device, e.g.:
	link<virtio-balloon-pci>

	Introduce a helper that will format the link name at the start,
	instead of doing it every time while recursing through the tree.

2015-06-05  Ján Tomko  <jtomko@redhat.com>

	Move qemuMonitorFindObjectPath to qemu_monitor_json
	This function is specific to the JSON monitor.

2015-06-05  Daniel P. Berrange  <berrange@redhat.com>

	rpc: Fix reference counting around virNetSocketAddIOCallback
	Ref service passed as a parameter to the callback.  And don't unref the
	socket that is part of the service being passed at another point in code.

	rpc: Don't use unrelated value as privateData of client
	Append privateData of the client only if there are any, otherwise the
	previous value (socket data) will get there again.

	rpc: Make virNetServerAddClient function dynamic
	As opposed to 'static'; by exporting it (privately).

2015-06-05  Martin Kletzander  <mkletzan@redhat.com>

	mdns: Set error when failing due to missing avahi
	When building without avahi support, we used VIR_DEBUG() to note that to
	the user.  However, functions that fail because of that (return NULL/-1)
	did not set the error message.  This was the only file that forgot to do
	such thing.

2015-06-05  John Ferlan  <jferlan@redhat.com>

	storage: Add check for valid FS types in checkPool callback
	https://bugzilla.redhat.com/show_bug.cgi?id=1181087

	The virStorageBackendFileSystemIsMounted is called from three source paths
	checkPool, startPool, and stopPool. Both start and stop validate the FS
	fields before calling *IsMounted; however the check path there is no call.
	This could lead the code into returning a true in "isActive" if for some
	reason the target path for the pool was mounted. The assumption being
	that if it was mounted, then we believe we started/mounted it.

	It's also of note that commit id '81165294' added an error message for
	the start/mount path regarding that the target is already mounted so
	fail the start. That check was adjusted by commit id '13fde7ce' to
	only message if actually mounted.

	At one time this led to the libvirtd restart autostart code to declare
	that the pool was active even though the startPool would inhibit startup
	and the stopPool would inhibit shutdown. The autostart path changed as
	of commit id '2a31c5f0' as part of the keep storage pools started between
	libvirtd restarts.

	This patch adds the same check made prior to start/mount and stop/unmount
	to ensure we have a valid configuration before attempting to see if the
	target is already mounted to declare "isActive" or not. Finding an improper
	configuration will now cause an error at checkPool, which should make it
	so we can no longer be left in a situation where the pool was started and
	we have no way to stop it.

2015-06-05  John Ferlan  <jferlan@redhat.com>

	storage: FS backend adjust error message on error path
	https://bugzilla.redhat.com/show_bug.cgi?id=1181087

	Currently the assumption on the error message is that there are
	no source device paths defined when the number of devices check
	fails, but in reality the XML could have had none or it could have
	had more than the value supported. Adjust the error message accordingly
	to make it clearer what the error really is.

2015-06-05  John Ferlan  <jferlan@redhat.com>

	storage: Refactor storage pool type checks
	Refactor the code for both startPool (*Mount) and stopPool (*Unmount) code
	paths by introducing virStorageBackendFileSystemIsValid.

	storage: Remove extraneous @conn from function comments
	Over time the parameters changed, but the comment wasn't updated

2015-06-05  Eric Blake  <eblake@redhat.com>

	remote: fix odd comma operator
	Commit 1882c0bd accidentally used ',' instead of ';'; oddly
	enough, the result was still syntactically valid (yes, C is
	a fun language).  But it made me do a double take; it's better
	to use idiomatic syntax.

	* daemon/remote.c (remoteRelayDomainEventDeviceAdded): Fix
	harmless typo.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Update balloon info only if job is allowed
	In qemuDomainUpdateCurrentMemorySize I misplaced the actual update of
	the balloon size to a place where it may not be initialized. Move it a
	few lines above.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix mistakes in pointer usage in virDomainObjGetDefs
	Coverity rightfully determined that in commit 3d021381c71221e563182f03
	I made a mistake in the first check if @persDef is not NULL is
	dereferencing it rather than checking.

	Additionally if the vm is online the code would set @liveDef twice
	rather than modifying @persDef. Fix both mistakes.

2015-06-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Check for qemu capability when calling virDomainGetBlockIoTune()
	When getting block device I/O tuning data there is no check for whether
	QEMU supports such options and the call fails on
	qemuMonitorGetBlockIoThrottle() when getting the particular throttle
	data.  So try reporting a better error when blkdeviotune is not
	supported.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1224053

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainSetVcpusFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetEmulatorPinInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinEmulator by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetVcpuPinInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinVcpuFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetBlkioParameters by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainChgIOThread by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainPinIOThread by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetIOThreadInfo by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainGetVcpusFlags by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetMemoryStatsPeriod by reusing virDomainObjGetDefs

	qemu: Refactor qemuDomainSetMemoryFlags by reusing virDomainObjGetDefs

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Add new helpers to resolve virDomainModificationImpact to domain defs
	virDomainLiveConfigHelperMethod that is used for this job now does
	modify the flags but still requires the callers to extract the correct
	definition objects.

	In addition coverity and other static analyzers are usually unhappy as
	they don't grasp the fact that @flags are upadted according to the
	correct def to be present.

	To work this issue around and simplify the calling chain let's add a new
	helper that will work only on drivers that always copy the persistent
	def to a transient at start of a vm. This will allow to drop a few
	arguments. The new function syntax will also fill two definition
	pointers rather than modifying the @flags parameter.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	libxl: Don't remove vcpu pin definition in libxlDomainCleanup
	The vCPU pinning definition gets removed when the domain definition is
	being freed later. If there is no next configuration it would remove the
	configured pinning.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	Revert "cputune: Support cputune for xend driver"
	This reverts commit 01692bb167f7ab81213921ba1116d46a4651ef0e.

	Quoting the original commit message:

	"Not sure if it's the correct way to add cputune xml for xend driver..."

	It is not. The defition created that is converted from the internal xend
	structures would also be leaked since it isn't used any more.

	Revert the commit since it does not make sense to keep the info
	internally.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: libxl: vcpupin: Don't reset pinning when pinning to all pcpus
	In the pre-NUMA ages pinning a vCPU to all pCPUs was eaqual to deleting
	the pinning info. Now it does not entirely work that way. Pinning a vCPU
	to all pCPUs might be a desired operation. Additionally removal of the
	pinning will result into using the default pinning information at the
	next boot which might be different from all vcpus.

	This patch removes the false assumption that we should remove the
	pinning after pinning to all vCPUs and tweaks the documentation for
	virsh.

	A later patch will implement a new flag for the virDomainPinVcpuFlags
	API that will allow to remove the pinning in a sane way.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	lib: virDomainPinIOThread: Remove spurious overflow check
	Internal structures use unsigned int, so there's no need for this legacy
	check that was copied from the vCPU pinning api.

	conf: Store cpu count as unsigned int
	While we probably won't see machines with more than 65536 cpus for a
	while lets store the cpu count as an integer so that we can avoid quite
	a lot of overflow checks in our code.

	qemu: Refactor qemuDomainGetInfo
	Since the returned structure uses "unsigned long" for memory sizes add a
	few overflow checks to notify the user in case we are not able to
	represent given values.

	qemu: Add helper to update domain balloon size and refactor usage places
	When qemu does not support the balloon event the current memory size
	needs to be queried. Since there are two places that implement the same
	logic, split it out into a function and reuse.

2015-06-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Update current balloon state to maximum on vm startup
	After libvirt issues the balloon resize command, the current balloon
	size needs to be changed to the maximum memory size since the vCPUs were
	not started and thus the balloon driver could not return the memory.

	Since GetXMLDesc and other APIs return the balloon size without updating
	it in case they are not able to obtain the job and the memory balloon
	does not support the asynchronous event the sizing might be incorrect.

2015-06-04  Ján Tomko  <jtomko@redhat.com>

	Always add 'console' matching the 'serial' device
	We have been formatting the first serial device also
	as a console device, but only if there were no other consoles.

	If there is a <serial> device present in the XML, but no serial
	<console>, or if there isn't any <console> at all but the domain
	definition hasn't gone through a parse->format->parse round-trip,
	the <console> device would not be formatted.

	Change the code to always add the stub device for the first
	serial device.

	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1089914

2015-06-04  Ján Tomko  <jtomko@redhat.com>

	maint: remove incorrect apostrophes from 'its'

	docs: php: remove reference to Red Hat
	Also remove the redudant apostrophe from "it's".

2015-06-03  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	check if console/channel PTY is null before attempting to open
	Console/channel devices have their pty devices assigned when the emulator is
	actually started. If time is spent in guest preparation, someone attempts
	to open the console/channel, the libvirt crashes in virChrdevLockFilePath().
	The patch attempts to fix the crash by adding a check before attempting to
	open.

2015-06-03  Lubomir Rintel  <lkundrak@v3.sk>

	virnetdev: fix moving of 802.11 phys
	There was a couple of problems with the style fixes applied to the original
	patch:

	1.) virFileReadAllQuiet comparison was incorrectly parenthesized when moved
	into a condition, causing the len to be set to the result of comparison. This,
	together with the removed underflow check would underflow the phy buffer.

	2.) The logic was broken. Failure to call "ip" would abort the function, thus
	the "iw" branch would never be reached.

	This aims to fix the issues and work around possible style complains :)

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	util: process: Refactor and fix virProcessSetAffinity
	Refactor the function to return the bitmap instead of an integer and the
	inner workings so that they make more sense.

	This patch also fixes possible segfault on old systems that was
	introduced by commit:

	commit f1a43a8e4139b028257ef4ed05a81cfb5f8a8741
	Author: Hu Tao <hutao@cn.fujitsu.com>
	Date:   Fri Sep 14 15:46:59 2012 +0800

	    use virBitmap to store cpu affinity info

2015-06-03  Martin Kletzander  <mkletzan@redhat.com>

	util: Clear output broadcast address before filling it in
	Since commit 55ace7c4789c8a7408139460f4b639cee00e5125, the sockettest
	fails without VIR_TEST_DEBUG set.  The problem is found by test number
	42 (co-incidence?), which tests range '192.168.122.1' -
	'192.168.122.255' in network '192.168.122.0/24'.  That is supposed to
	fail because the end address is equal to the broadcast address.

	When comparing these two in 'virSocketAddrEqual(end, &broadcast)',
	there is a check for sin_addr as well as for sin_port.  That port,
	however, is different when we do not enable test debugging.  With the
	testing enabled, the port is 0 (correctly initialized), but without that
	it has a random number there.  And that's because the structure is not
	initialized anywhere.

	By zeroing the structure before filling in the info, we make sure we
	return only the address and not any information that was not requested.
	And the test work once again.

2015-06-03  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix Ctrl-C behavior when watching a job
	When watching a job (save, managedsave, dump, migrate) virsh spawns a
	thread to call the appropriate API and waits for the result while
	watching for interruption signals (SIGINT, Ctrl-C on the terminal).
	Whenever such signal is caught, virsh calls virDomainAbortJob, stops
	waiting for the job, and returns the result of virDomainAbortJob.

	This is wrong because the job might have finished in the meantime or it
	might have been cancelled by someone else and virsh would just report
	the failure to abort the job. However, we are not interested in the
	virDomainAbortJob's result at all, we need to keep waiting for the main
	job to finish and report its result instead.

	https://bugzilla.redhat.com/show_bug.cgi?id=1131755

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refactor setup of memory ballooning
	Since the monitor code now supports ullongs when setting balloon size,
	drop the legacy code with overflow checking.

	Additionally the comment mentioning that the job is treated as a sync
	job does not make sense any more since the monitor is entered
	asynchronously.

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Make qemuMonitorSetBalloon operate on unsinged long long

	monitor: Move documentation for qemuMonitorGetBalloonInfo
	Document the top level function rather than both bottom level ones. It
	makes looking the docs up quicker.

	util: Add macro to overflow check integer assignments
	Add a macro that will allow to simplify overflow checks and make them
	more universal in case data types change.

	libxl: Refactor libxlDomainGetVcpuPinInfo
	Reuse the approach in qemuDomainGetVcpuPinInfo.

	libxl: Unbreak vcpu pinning
	Libxl's vcpu pinning would work only if the vcpu array was ordered and
	was not sparse. Remove the condition and iterate the pinning array
	properly.

	libxl: Reuse virBitmapToData in libxlDomainSetVcpuAffinities

	qemu: Refactor qemuDomainHelperGetVcpus by reusing virBitmapToDataBuf
	Get rid of the unnecessary allocation and copying of the bitmap and
	clean up some unnecesary temporary variables.

	qemu: Reuse virBitmapToDataBuf in qemuDomainGetEmulatorPinInfo

	qemu: Use virBitmapToDataBuf in qemuDomainGetVcpuPinInfo
	Reuse the function so that we can get rid of a lot of temporary
	allocations.

	util: bitmap: Add virBitmapToDataBuf that does not allocate the buffer
	Since some functions can be optimized by reusing the buffers that they
	already have instead of allocating and copying new ones, lets split
	virBitmapToData to two functions where one only converts the data and
	the second one is a wrapper that allocates the buffer if necessary.

	conf: Move pinning information definition closer to the usage place

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor emulatorpin handling
	Store the emulator pinning cpu mask as a pure virBitmap rather than the
	virDomainPinDef since it stores only the bitmap and refactor
	qemuDomainPinEmulator to do the same operations in a much saner way.

	As a side effect virDomainEmulatorPinAdd and virDomainEmulatorPinDel can
	be removed since they don't add any value.

2015-06-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix possible crash in qemuProcessSetVcpuAffinities
	In case when <vcpu ... cpuset=""> is not specified, the vcpupin array is
	not guaranteed to be allocated to def->vcpus. This would cause a crash
	for TCG since it does not report thread IDs for vCPUs.

2015-06-03  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: set virtType depending on driver name
	We remember driver name in a new field 'drivername' within
	private parallels connection structure. When a new domain
	is defined we use this name to set corresponding virtType.
	We set VIR_DOMAIN_VIRT_VZ for 'vz' driver and
	VIR_DOMAIN_VIRT_PARALLELS for 'Parallels'.

	parallels: recommend to connect to vz:///system when connection fails
	Though parallels:///system is still accepted we will encourage users
	to use vz:///system instead.

	parallels: increment the number of connection drivers
	We need to do this because we have just added a vz driver.

	parallels: add a new vz connection driver and hypervisor structures
	We add this connection driver just as an exact copy with different
	name to keep backward compatibility.
	Vz stands for Virtuozzo, which is a new name of Parallels Cloud Server.

	parallels: accept vz as a driver uri and name
	If 'parallels:///system' uri is specified then connection is made to
	'Parallels' driver and domain type will be VIR_DOMAIN_VIRT_PARALLELS.
	In case of 'vz:///system' connection is established to 'vz' driver
	and domain type will be VIR_DOMAIN_VIRT_VZ.

	parallels: add new guest capabilities assigned to vz driver

	parallels: use newly introduced VIR_DOMAIN_VIRT_VZ
	As soon as we keep backward compatibility we treat this constant
	as synonym to VIR_DOMAIN_VIRT_PARALLELS.

	parallels: introduce vz driver constant and string
	This new name and constant will be used as substitutions for parallels driver one.

2015-06-02  Luyao Huang  <lhuang@redhat.com>

	qemu: Do not release device address on successful RNG attach
	Commit id '980b265d' neglected to check for a successful status when
	deciding whether to release the device address for the RNG attach thus
	the address would be released even though the device was added.

	qemu: Need to return status of RNG device removal
	Commit id '862473fa' neglected to return the status from the
	qemuDomainRemoveRNGDevice call in qemuDomainRemoveDevice causing
	the function to always fail when receiving an RNG device unplug
	event. Additionally the domain status/state would not be updated
	in the processDeviceDeletedEvent path.

	audit: Audit number of iothreads at domain startup
	If the domain has IOThreads defined, then audit the number started
	at domain startup time.

2015-06-02  Eric Blake  <eblake@redhat.com>

	build: silence ar warnings on rawhide
	Newer binutils 'ar' has added an option 'D' for deterministic
	builds, and at least on rawhide, this option is enabled by default.
	But it conflicts with the 'u' optimization where the linker only
	modifies libraries based on file timestamps, but can result in
	different library ordering based on which files were touched last.
	Thus, it results in some noisy compilation, for every CCLD line:

	  CCLD     libvirt_driver_qemu_impl.la
	  ar: `u' modifier ignored since `D' is the default (see `U')

	Upstream automake has decided that defaulting ARFLAGS to 'cru' is
	no longer beneficial, and that switching the default to 'cr' will
	both silence the noise and not penalize modern build systems.

	https://lists.gnu.org/archive/html/automake-patches/2015-06/msg00000.html

	But rather than wait for newer automake to propagate to all systems
	that already have newer binutils, we might as well just use the new
	default ourselves, even on older platforms.

	* configure.ac: Default AR[_]FLAGS to 'cr', not 'cru'.

2015-06-02  Laine Stump  <laine@laine.org>

	util: report all address range errors in virSocketAddrGetRange()
	There are now many more reasons that virSocketAddrGetRange() could
	fail, so it is much more informative to report the error there instead
	of in the caller. (one of the two callers was previously assuming
	success, which is almost surely safe based on the parsing that has
	already happened to the config by that time, but it still is nicer to
	account for an error "just in case")

	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

2015-06-02  Laine Stump  <laine@laine.org>

	network: cleanup range loop in networkDnsmasqConfContents
	This loop had automatic variable definitions mixed with code. This
	patch moves the definitions to the top of the function and puts
	cleanup for them at the bottom. No functional change.

	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

2015-06-02  Laine Stump  <laine@laine.org>

	network: validate DHCP ranges are completely within defined network
	virSocketAddrGetRange() has been updated to take the network address
	and prefix, and now checks that both the start and end of the range
	are within that network, thus validating that the entire range of
	addresses is in the network. For IPv4, it also checks that ranges to
	not start with the "network address" of the subnet, nor end with the
	broadcast address of the subnet (this check doesn't apply to IPv6,
	since IPv6 doesn't have a broadcast or network address)

	Negative tests have been added to the network update and socket tests
	to verify that bad ranges properly generate an error.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=985653

2015-06-02  Laine Stump  <laine@laine.org>

	test: fix IP address range failure test
	This was revealed when I made a cut-paste mistake in an upgrade to
	virSocketAddrGetRange(), leading to failure to check for the end
	address being outside of the defined network, but a negative test case
	that should have caught the error instead returned success.

	The problem was that testRange in sockettest.c was written so that
	when it expected a failure, even an "unexpected success" would be
	considered as an "expected failure" because of the way the check in
	testRange was done. testRange had this:

	 if (gotsize < 0 || gotsize != size) {
	     return pass ? -1 : 0;
	 } else {
	     return pass ? 0 : -1;
	 }

	but all the tests that expected a failure give "-1" as the expected
	size. So in a case where we expect a failure, we would have pass ==
	false and size == -1. If virSocketAddrGetRange() was incorrectly
	*successful* (returned some positive number), then "gotsize != size"
	would be, e.g. "276 != -1", so we would take the if clause and, since
	pass == false, we would return 0 (success i.e. expected failure).

	The solution is that in the case where we expect failure, we should
	just ignore size - virSocketAddrGetRange() must return -1 in order for
	us to report "expected failure == success".

	Part of fix for: https://bugzilla.redhat.com/show_bug.cgi?id=985653

2015-06-02  Ján Tomko  <jtomko@redhat.com>

	Simplify virNodeCountThreadSiblings
	Use a for loop instead of while.

	Do not opencode c_isxdigit and virHexToBin.

2015-06-02  Ján Tomko  <jtomko@redhat.com>

	Report errors in virNodeCountThreadSiblings
	Use virFileReadAll which reports an error when the file is larger
	than the specified maximum.

	https://bugzilla.redhat.com/show_bug.cgi?id=1207849

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Move error messages inside vshCommandOpt*() functions

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Pass vshControl to all vshCommandOpt*() calls
	This will allow us to use vshError() to report errors from inside
	vshCommandOpt*(), instead of replicating the same logic and error
	messages all over the place.

	We also have more context inside the vshCommandOpt*() functions,
	for example the actual value used on the command line, which means
	we can produce more detailed error messages.

	vshCommandOptBool() is the exception here, because it's explicitly
	designed not to report any error.

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Make vshCommandOptScaledInt() use vshCommandOpt()
	This aligns it to the other vshCommandOpt*() functions.

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Improve vshCommandOptTimeoutToMs()
	Use vshCommandOptUInt() instead of parsing the value as a signed
	integer and checking whether it's positive afterwards.

	Improve comments as well.

2015-06-02  Andrea Bolognani  <abologna@redhat.com>

	virsh: Use standard error messages in vshCommandOptTimeoutToMs()
	I missed this in the first time around, thanks Michal for noticing.

	tests: Add a bunch of new tests to virsh-optparse
	The new tests deal with numeric options of three kinds: regular,
	scaled and timeouts. For each, both valid and invalid inputs
	are provided, hopefully covering all cases: this should allow us
	to avoid regressions when changing the relevant code in virsh.

2015-06-02  Erik Skultety  <eskultet@redhat.com>

	storage: RBD: do not return error when deleting non-existent volume
	RBD API returns negative value of errno, in that case we can silently
	ignore if RBD tries to delete a non-existent volume, just like FS
	backend does.

2015-06-02  Erik Skultety  <eskultet@redhat.com>

	storage: Don't update volume objs list before we successfully create one
	We do update pool volume object list before we actually create any
	volume. If buildVol fails, we then try to delete the volume in the
	storage as well as remove it from our structures. The problem is, that
	any backend that supports both buildVol and deleteVol would fail in this
	case which is completely unnecessary. This patch causes the update to
	take place after we know a volume has been created successfully, thus no
	removal in case of a buildVol failure is necessary.

	https://bugzilla.redhat.com/show_bug.cgi?id=1223177

2015-06-02  Erik Skultety  <eskultet@redhat.com>

	nwfilter: Fix sscanf off-by-one error in virNWFilterSnoopLeaseFileLoad
	We allocate 16 bytes for IPv4 address and 55 bytes for interface
	key, therefore we should read up to 15/54 bytes and let the last byte
	reserved for terminating null byte in sscanf.

	https://bugzilla.redhat.com/show_bug.cgi?id=1226400

2015-06-02  Peter Krempa  <pkrempa@redhat.com>

	util: process: @pid in virProcessSetAffinity's BSD impl is not unused

2015-06-01  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Incorporates fixes for cross-compiling to mingw on rawhide, where
	gcc 5.1 changes detection of how to properly determine PRIdMAX.
	Also picks up some improvements for compilation on Mac OS X.

	* .gnulib: Update to latest, for at least mingw.

2015-06-01  Jim Fehlig  <jfehlig@suse.com>

	spec: fixes for recently introduced libxl conf files
	Commit 198cc1d3 introduced libxl-lockd and libxl-sanlock config
	files but forgot to add them to the spec file.  Follow-up commit
	62b18d98 added the files to daemon-driver-libxl, but missed adding
	them to the daemon package when configuring libvirt
	--without-driver-modules.  In addition, commit 62b18d98 added
	libxl-sanlock to daemon-driver-libxl, but it should be included
	in lock-sanlock when libvirt is configured --with-sanlock.

2015-06-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	libxl: load on FreeBSD
	The libxl tries to check if it's running in dom0 by parsing
	/proc/xen/capabilities and if that fails it doesn't load.

	There's no procfs interface in Xen on FreeBSD, so this check always
	fails.

	In addition to checking procfs, check if /dev/xen/xenstored, that's enough to
	check if we're running in dom0 in FreeBSD case.

2015-06-01  Ján Tomko  <jtomko@redhat.com>

	virsh: make negative values with vol-resize more convenient
	When shrinking a volume by a certain size, instead of typing
	  vol-resize volume 1G --delta --shrink
	we allow the convience of specifying a negative value:
	  vol-resize volume -1G --delta --shrink
	getting the same results with one more character.

	A negative value only makes sense as a delta. Imply the
	--delta parameter if the value is negative.

	Still require --shrink, because the operation is potentially
	destructive.

2015-06-01  Andrea Bolognani  <abologna@redhat.com>

	qemu: Automatically add <panic> element for pSeries guests.
	The guest firmware provides the same functionality as the pvpanic
	device, and the relevant element should always be present in the
	domain XML to reflect this fact, so add it after parsing the
	definition if it wasn't there already.

2015-06-01  Andrea Bolognani  <abologna@redhat.com>

	qemu: Allow panic device for pSeries guests
	The guest firmware provides the same functionality as the pvpanic
	device, which is not available in QEMU on pSeries, so the domain
	XML should be allowed to contain the <panic> element.

	On the other hand, unlike the pvpanic device, the guest firmware
	can't be configured, so report an error if an address has been
	provided in the XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182388

2015-06-01  Andrea Bolognani  <abologna@redhat.com>

	qemu: Improve error message for missing QEMU_CAPS_DEVICE_PANIC.

2015-06-01  John Ferlan  <jferlan@redhat.com>

	virsh: Fix printing of XML for pool-create-as
	https://bugzilla.redhat.com/show_bug.cgi?id=1224088

	commit id 'bd00e00e' neglected to add the new adapter source options
	into the if condition that allowed printing the <source> XML fields.
	The <adapter type='fc_host'.../> doesn't require other options in order
	to be complete.

2015-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Post-release version bump to 1.2.17

2015-06-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.16
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerate

2015-05-29  Ján Tomko  <jtomko@redhat.com>

	Allocate priv->vioserialaddrs unconditionally
	When attempting to hotplug a virtio-serial console to a domain
	that had no virtio-serial controllers (not even those that
	are added by libvirt when some devices need them) at daemon startup,
	report a user-friendly error:

	error: Failed to attach device from console.xml
	error: internal error: no virtio-serial controllers are available

	instead of crashing the daemon:

	Process terminating with default action of signal 11 (SIGSEGV): dumping core
	 Access not within mapped region at address 0x8
	   at 0x531028F: virDomainVirtioSerialAddrNext (domain_addr.c:916)
	   by 0x531028F: virDomainVirtioSerialAddrAssign (domain_addr.c:1029)
	   by 0x1CBF68: qemuDomainAttachChrDevice (qemu_hotplug.c:1565)
	   by 0x1BCD5E: qemuDomainAttachDeviceLive (qemu_driver.c:7997)
	   by 0x1BCD5E: qemuDomainAttachDeviceFlags (qemu_driver.c:8743)

	Introduced in v1.2.14-30-g5903378.

2015-05-29  Ján Tomko  <jtomko@redhat.com>

	Properly free the xmlDocPtr when loading pool state
	Use xmlFreeDoc instead of plain xmlFree.

	4 bytes in 1 blocks are definitely lost in loss record 9 of 1,084
	    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x70730D6: xmlStrndup (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x701E3DC: xmlNewDoc (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x70C39F8: xmlSAX2StartDocument (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x7017245: xmlParseDocument (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x7017606: xmlDoRead (in /usr/lib64/libxml2.so.2.9.2)
	    by 0x5309DAD: virXMLParseHelper (virxml.c:742)
	    by 0x5367584: virStoragePoolLoadState (storage_conf.c:1863)

2015-05-28  Jim Fehlig  <jfehlig@suse.com>

	libxl: support QXL video device
	libxl recently gained support for QXL video device.  Support
	it in the libxl driver too.

	libxl: support SPICE graphics for HVM domains

	libxl: change reservedVNCPorts to reservedGraphicsPorts
	A later change will use the PortAllocator for SPICE too.

2015-05-28  Jim Fehlig  <jfehlig@suse.com>

	libxl: populate build_info vfb in separate function
	For HVM domains, vfb info must be populated in the libxl_domain_build_info
	struct.  Currently this is done in the libxlMakeVfbList function, but IMO
	it would be cleaner to populate the build_info vfb in a separate
	libxlMakeBuildInfoVfb function.  libxlMakeVfbList would then handle only
	vfb devices, simiar to the other libxlMake<device>List functions.

	A future patch will extend libxlMakeBuildInfoVfb to support SPICE.

2015-05-28  John Ferlan  <jferlan@redhat.com>

	storage: Fix problem with disk backend pool allocation calculation
	https://bugzilla.redhat.com/show_bug.cgi?id=1224018

	The disk pool recalculates the pool allocation, capacity, and available
	values each time through processing a newly created disk partition. This
	created an issue with the allocation setting since the code used is shared
	with the refresh path. Each path calls virStorageBackendDiskReadPartitions
	which initializes the pool values and then processes the partition table
	from the 'libvirt_parthelper' utility output with the only difference being
	create passes a specific volume to be processed while refresh pass a NULL
	indicating to process all volumes. That passed volume is check during the
	virStorageBackendDiskMakeVol call to see if the current partition described
	by the volume key already exists. If it exists, then no adjustments are
	made to the allocation and the next entry in the output is checked.

	For the create path this resulted in only the most recently created
	partition size would be accounted for in the 'allocation' setting. This
	patch thus checks whether the incoming volume is NULL before clearing
	the pool allocation value.

2015-05-28  John Ferlan  <jferlan@redhat.com>

	storage: Don't adjust pool alloc/avail values for disk backend
	Commit id '2ac0e647' for https://bugzilla.redhat.com/show_bug.cgi?id=1206521
	was meant to be a generic check for the CreateVol, CreateVolFrom, and
	DeleteVol paths to check if the storage backend's changed the pool's view
	of allocation or available values.

	Unfortunately as it turns out this caused a side effect when the disk backend
	created an extended partition there would be no actual storage removed from
	the pool, thus the changes would not find any change in allocation or
	available and incorrectly update the pool values using the size of the
	extended partition. A subsequent refresh of the pool would reset the
	values appropriately.

	This patch modifies those checks in order to specifically not update the
	pool allocation and available for only the disk backend rather than be
	generic before and after checks.

2015-05-28  John Ferlan  <jferlan@redhat.com>

	Revert "storage: Don't duplicate efforts of backend driver"
	This reverts commit 2ac0e647bdd33d93a374e7ef3eadf2a253c7bf79.

2015-05-28  Laine Stump  <laine@laine.org>

	debug: assure NULLSTR() around all %s args in debug at top of public APIs
	There are also a couple that were very uninformatively just logging
	the value of the pointer rather than the string itself:

	* the "name" arg to virNodeDeviceLookupByName()
	* wwnn and wwpn args to virNodeDeviceLookupSCSIHostByWWN()

	All char*'s that make sense should now have their contents logged
	rather than the pointer, and all %s args should now be inside
	NULLSTR().

2015-05-28  Laine Stump  <laine@laine.org>

	node_device: more informative error log when device isn't found
	In a couple of cases, the node device driver (and the test node device
	driver which likely copied it) was only logging "Node device not
	found" when it couldn't find the requested device. This patch changes
	those cases to log the name (and in the case when it's relevant, the
	wwnn and wwpn) as well.

2015-05-28  Kothapally Madhu Pavan  <kmp@linux.vnet.ibm.com>

	virsh: Fix to list online cpus using virsh capabilities
	Virsh capabilities will list offline cpus as online when
	libvirt is compiled with numactl option disabled. This
	fix will list correct set of online cpus.

2015-05-28  Ján Tomko  <jtomko@redhat.com>

	Fix the event name in vshEventTrayChangePrint
	https://bugzilla.redhat.com/show_bug.cgi?id=1206114#c5

	Reported by: zhenfeng wang <zhwang@redhat.com>

2015-05-28  Ján Tomko  <jtomko@redhat.com>

	Fix shrinking volumes with the delta flag
	This never worked.

	In 0.9.10 when this API was introduced, it was intended that
	the SHRINK flag combined with DELTA would shrink the volume by
	the specified capacity (to avoid passing negative numbers).
	See commit 055bbf4.

	When the SHRINK flag was finally implemented for the first backend
	in 1.2.13 (commit aa9aa6a), it was only implemented for the absolute
	values and with the delta flag the volume is always extended,
	regardless of the SHRINK flag.

	Treat the SHRINK flag as a minus sign when used together with DELTA,
	to allow shrinking volumes as was documented in the API since 0.9.10.

	https://bugzilla.redhat.com/show_bug.cgi?id=1220213

2015-05-28  Ján Tomko  <jtomko@redhat.com>

	Simplify allocation check in storageVolResize
	Since shrinking a volume below existing allocation is not allowed,
	it is not possible for a successful resize with VOL_RESIZE_ALLOCATE
	to increase the pool's available value.

	Even with the SHRINK flag it is possible to extend the current
	allocation or even the capacity. Remove the overflow when
	computing delta with this flag and do the check even if the
	flag was specified.

	https://bugzilla.redhat.com/show_bug.cgi?id=1073305

2015-05-28  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: suppress console output from parallels SDK
	It is necessary to have unpolluted screen when connecting to
	parallels driver via virsh.
	Otherwise a lot of unexpected output one will get on the console.

2015-05-27  Lubomir Rintel  <lkundrak@v3.sk>

	interface: don't error out if a bond has no interfaces
	It's not a problem at all and causes virt-manager to break down.

	Note: netcf 0.2.8 and earlier generates invalid XML for a bond with no
	interfaces anyway, so in that case this error in libvirt is never
	reached since we fail earlier.

2015-05-27  Andrea Bolognani  <abologna@redhat.com>

	qemu: Limit rtc-reset-reinjection requirement to x86 only.
	The QMP command, like the interrupt reinjection logic it's connected
	to, is only implemented in QEMU when TARGET_I386 is defined, so
	checking for its availability on any other architecture is pointless.

	On the other hand, when we're on x86, we shouldn still make sure that
	rtc-reset-reinjection is available and refuse to set the time
	otherwise.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211938

2015-05-27  Martin Kletzander  <mkletzan@redhat.com>

	storage_fs: Create directory with UID if needed
	The code already exists there, it just modified different flags.  I just
	noticed this when looking at the code.  This patch is better to view
	with bigger context or '-W'.

2015-05-27  Zhang Bo  <oscar.zhangbo@huawei.com>

	util: make it more robust to calculate timeout value
	When we change system clock to years ago, a certain CPU may use up 100% cputime.
	The reason is that in function virEventPollCalculateTimeout(), we assign the
	unsigned long long result to an INT variable,
	        *timeout = then - now; // timeout is INT, and then/now are long long
	        if (*timeout < 0)
	            *timeout = 0;
	there's a chance that variable @then minus variable @now may be a very large number
	that overflows INT value expression, then *timeout will be negative and be assigned to 0.
	Next the 'poll' in function virEventPollRunOnce() will get into an 'endless' while loop there.
	thus, the cpu that virEventPollRunOnce() thread runs on will go up to 100%.

	Although as we discussed before in https://www.redhat.com/archives/libvir-list/2015-May/msg00400.html
	it should be prohibited to set-time while other applications are running, but it does
	seems to have no harm to make the codes more robust.

2015-05-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	zfs: fix storagepoolxml2xml test
	Commit 7c2d65d dropped setting default mode.

	Update zfs tests accordingly.

2015-05-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix compilation error when enum variable size differs from 'int'
	Since commit bcd9a564b631aa virDomainNumatuneGetMode returns the value
	via a pointer rather than in the return value. The change triggered
	problems with platforms where the compiler decides to use a data type of
	size different than integer at the point where we typecast it.

	Work around the issue by using an intermediate variable of the correct
	type that gets casted back by the default typecasting rules.

2015-05-27  Luyao Huang  <lhuang@redhat.com>

	util: improve the sysinfo element XML format
	If the <sysinfo type='smbios'...> ends up not formatting any sub-elements,
	then rather than formatting as:

	  <sysinfo type='smbios'>
	  </sysinfo>

	Just format it more cleanly as:

	  <sysinfo type='smbios'/>

2015-05-27  Luyao Huang  <lhuang@redhat.com>

	conf: Avoid formatting empty redirfilter element
	If the redirfilter has no usbdev sub-elements, then do not format anything
	rather than formatting an empty pair of elements:

	    <redirfilter>
	    </redirfilter>

2015-05-26  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Time to update to new gnulib before a release.

	gcc 5.1 introduced a new -Wformat-signedness, and new gnulib now
	turns it on by default.  However, it is still rather lame at the
	moment, because it warns for enums, even though there is no way
	to control the signeness of an enum which does not use any members
	that are negative or larger than INT_MAX, and even though such an
	enum would always print the same for both %d and %u:
	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66249

	In file included from ../../src/util/virarch.c:26:0:
	../../src/util/virarch.c: In function 'virArchFromHost':
	../../src/util/virarch.c:180:15: error: format '%d' expects argument of type 'int', but argument 9 has type 'unsigned int' [-Werror=format=]
	     VIR_DEBUG("Mapped %s to %d (%s)",

	So this patch turns off the new warning as part of enabling all
	other new gcc 5.1 warnings that gnulib now enables.

	* .gnulib: Update to latest, in part for gcc 5.1 interaction.
	* m4/virt-compile-warnings.m4: Ignore -Wformat-signedness, for now.

2015-05-26  John Ferlan  <jferlan@redhat.com>

	qemu: Add libvirt version check to refresh capabilities algorithm
	Rather than an algorithm based solely on libvirtd ctime to refresh the
	capabilities add the element of the libvirt build version into the equation.
	Since that version wouldn't be there prior to this code being run - don't
	fail on reading the capabilities if not found. In this case, the cache
	will always be rebuilt when a new libvirt version is installed.

2015-05-26  John Ferlan  <jferlan@redhat.com>

	qemu: Force capabilities cache refresh if libvirtd date is different
	https://bugzilla.redhat.com/show_bug.cgi?id=1195882

	Original commit id 'cbde3589' indicates that the cache file would be
	discarded if either the QEMU binary or libvirtd 'ctime' changes; however,
	the code only discarded if the QEMU binary time didn't match or if the
	new libvirtd ctime was later than what created the cache file.

	Since many factors come into play with 'ctime' adjustments (including
	perhaps turning back the hands of time), change the logic to also force
	a refresh if the ctime of libvirt is different than what's in the cache.

2015-05-26  Daniel P. Berrange  <berrange@redhat.com>

	docs: update github project name
	The github project was renamed from libvirtproject to libvirt

2015-05-26  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity RESOURCE_LEAK
	Recent changes to the -M/--machine processing code in qemuParseCommandLine
	caused Coverity to determine there was a possible resource leak with how
	the 'list' is managed. Rather than try to add virStringFreeList calls
	everywhere - just promote list to the top of the variables and free it
	within the error processing code. Also required a couple of other tweaks
	in order to avoid double free's.

2015-05-26  John Ferlan  <jferlan@redhat.com>

	conf: Resolve Coverity NEGATIVE_RETURNS
	Commit id '73eda710' added virDomainKeyWrapDefParseXML which uses
	virXPathNodeSet, but does not handle a -1 return thus causing a possible
	loop condition exit problem later when the return value is used.

	Change the logic to return the value from virXPathNodeSet if <= 0

2015-05-26  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Only force directory permissions if required
	Only set directory permissions at pool build time, if:

	- User explicitly requested a mode via the XML
	- The directory needs to be created
	- We need to do the crazy NFS root-squash workaround

	This allows qemu:///session to call build on an existing directory
	like /tmp.

2015-05-26  Cole Robinson  <crobinso@redhat.com>

	conf: storage: Don't emit empty <permissions> block

2015-05-26  Cole Robinson  <crobinso@redhat.com>

	storage: conf: Don't set any default <mode> in the XML
	The XML parser sets a default <mode> if none is explicitly passed in.
	This is then used at pool/vol creation time, and unconditionally reported
	in the XML.

	The problem with this approach is that it's impossible for other code
	to determine if the user explicitly requested a storage mode. There
	are some cases where we want to make this distinction, but we currently
	can't.

	Handle <mode> parsing like we handle <owner>/<group>: if no value is
	passed in, set it to -1, and adjust the internal consumers to handle
	it.

2015-05-26  Cole Robinson  <crobinso@redhat.com>

	docs: formatstorage: Update <permissions> docs
	- Don't redocument the permissions fields for backingstore, just point to
	  the volume docs.
	- Clarify that owner/group are inherited from the parent directory at
	  volume create/pool build time.
	- Clarify that <permissions> fields report runtime values too

2015-05-25  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix possible crash in case of errors in prlsdkLoadDomain
	Cleanup code in prlsdkLoadDomain doesn't take into account the fact
	if private domain structure along with freeing function is assigned
	or not. In case it is, we shouldn't call it manually because
	virDomainObjListRemove calls it and frees pdom.
	Also, allocated def structure should be freed only if it's not
	assigned to domain. Otherwise it will be called twice: one time by
	virDomainObjListRemove and the second by prlsdkLoadDomain itself.

	parallels: move up updating parameter in prlsdkLoadDomain
	It is better to get all necessary parameters and check them on newly
	created configuration before actually creating a domain with them or
	applying them to an existing domain.

2015-05-25  Pavel Hrdina  <phrdina@redhat.com>

	virsh: reject negative values for scaled integer
	Some virsh commands have a size parameter, which is handled as scaled
	integer.  We don't have any *feature* that would allow to use '-1' as
	maximum size, so it's safe to reject any negative values for those
	commands.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1159171

2015-05-25  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document new RO repo mirrors
	In the upstream discussion on creating a github mirror [1], it turned
	out that there are some read-only mirrors of our repository. Lets
	advertise them on our downloads page. But do it wisely and discourage
	people in sending a pull requests on GitHub.

	1: https://www.redhat.com/archives/libvir-list/2015-May/msg00775.html

2015-05-24  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	To silence Coverity just add a 'p &&' in front of the check in
	networkFindUnusedBridgeName after the strchr() call.  Even though
	we know it's not possible to have strchr return NULL since the only
	way into the function is if there is a '%' in def->bridge or it's NULL.

2015-05-24  John Ferlan  <jferlan@redhat.com>

	conf: Resolve Coverity FORWARD_NULL
	Even though it's been pointed out they are false positives:

	http://www.redhat.com/archives/libvir-list/2015-May/msg00301.html

	and

	http://www.redhat.com/archives/libvir-list/2015-May/msg00302.html

	these still show up as Coverity issues. In order to silence Coverity
	add an 'sa_assert' prior to check failure.

2015-05-24  John Ferlan  <jferlan@redhat.com>

	storage: Resolve Coverity FORWARD_NULL
	Coverity points out it's possible for one of the virCommand{Output|Error}*
	API's to have not allocated 'output' and/or 'error' in which case the
	strstr comparison will cause a NULL deref

2015-05-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	zfs: fix storagepoolxml2xml test
	Commit c4d27bd dropped output of owner/group -1.

	Update zfs tests accordingly.

2015-05-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build with gcc48
	Build with gcc 4.8 fails with:

	bhyve/bhyve_monitor.c: In function 'bhyveMonitorIO':
	bhyve/bhyve_monitor.c:51:18: error: missing initializer for field 'tv_sec' of 'const struct timespec' [-Werror=missing-field-initializers]
	     const struct timespec zerowait = {};

	Explicitly initialize zerowait to fix the build.

2015-05-23  Pavel Fedin  <p.fedin@samsung.com>

	Add missing XDR_FLAGS
	Fixes build problems on x86_64-cygwin host for aarch64 target:
	  CC       lxc/libvirt_driver_lxc_impl_la-lxc_monitor_protocol.lo
	In file included from lxc/lxc_monitor_protocol.c:7:0:
	lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

	  CC       rpc/libvirt_setuid_rpc_client_la-virnetmessage.lo
	In file included from rpc/virnetmessage.h:24:0,
	                 from rpc/virnetmessage.c:26:
	rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

	  CC       lxc/libvirt_lxc-lxc_monitor_protocol.o
	In file included from lxc/lxc_monitor_protocol.c:7:0:
	lxc/lxc_monitor_protocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

2015-05-22  Laine Stump  <laine@laine.org>

	util: better error message after failure to initialize firewall backend
	If the firewalld backend wasn't available and libvirt decides to try
	setting up a "direct" backend, it checks for the presence of iptables,
	ip6tables, and ebtables. If they are not found, a message like this is logged:

	  error : virFirewallValidateBackend:193 : direct firewall backend
	          requested, but /usr/sbin/ip6tables is not available:
	          No such file or directory

	But then at a later time if an attempt is made to use the virFirewall
	API, failure will be indicated with:

	  error : virFirewallApply:936 : out of memory

	This patch changes virFirewallApply to first check if a firewall
	backend hadn't been successfully setup, and logs a slightly more
	informative message in that case:

	  error : virFirewallApply:940 : internal error:
	          Failed to initialize a valid firewall backend

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876

2015-05-22  Laine Stump  <laine@laine.org>

	interface: allow multiple IPv4 addresses + dhcp on a single interface
	As of netcf-0.2.8, netcf supports configuring multipl IPv4 addresses,
	as well as simultaneously configuring dhcp and static IPv4 addresses,
	on a single interface. This patch updates libvirt's interface.rng to
	allow such configurations.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223688

2015-05-22  Laine Stump  <laine@laine.org>

	netdev: fail when setting up an SRIOV VF if PF is offline
	If an SRIOV PF is offline, the kernel won't complain if you set the
	mac address and vlan tag for a VF via this PF, and it will even let
	you assign the VF to a guest using PCI device assignment or macvtap
	passthrough. But in this case (the PF isn't online), the device won't
	be usable in the guest.

	Silently setting the PF online would solve the connectivity problem,
	but as pointed out by Dan Berrange, when an interface is set online
	with no associated config, the kernel will by default turn on IPv6
	autoconf, which could create unexpected security problems for the
	host. For this reason, this patch instead logs an error and fails the
	operation.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=893738

	Originally filed against RHEL6, but present in every version of
	libvirt until today.

2015-05-21  Cole Robinson  <crobinso@redhat.com>

	storage: conf: Don't output owner/group -1
	-1 is just an internal placeholder and is meaningless to output in the XML.

2015-05-21  Maxim Nestratov  <mnestratov@parallels.com>

	node_device: fix libvirt build if WITH_HAL is defined
	commit ffc40b63b50ecb changed uniond _virNodeDevCapData into a typedef
	named virNodeDevCapData with a struct that contains the union as well
	as a type enum. This change necessitated changing every reference to
	"caps->type" into "caps->data.type", but the author of that patch
	failed to test a build "WITH_HAL". This patch fixes the one place in
	the hal backend that needed changing.

2015-05-21  Michal Privoznik  <mprivozn@redhat.com>

	sysinfo: Fix reports on ARM
	Due to a kernel commit (b4b8f770e), cpuinfo format has changed on
	ARMs. Firstly, 'Processor: ...' may not be reported, it's
	replaced by 'model name: ...'. Secondly, the "Processor" string
	may occur in CPU name, e.g. 'ARMv7 Processor rev 5 (v7l)'.
	Therefore, we must firstly look for 'model name' and then for
	'Processor' if not found.
	Moreover, lines in the cpuinfo file are shuffled, so we better
	not manipulate the pointer to start of internal buffer as we may
	lost some info.

	qemuDomainDetachChrDevice: Fix chardev hot-unplug
	Not every chardev is plugged onto virtio-serial bus. However, the
	code introduced in 89e991a2aa36b04 assumes that. Incorrectly.
	With previous patches we have three options where a chardev can
	be plugged: virtio-serial, USB and PCI. This commit fixes the
	detach part. However, since we are not auto allocating USB
	addresses yet, I'm just marking the place where appropriate code
	should go.

	qemuDomainAttachChrDevice: Fix chardev hotplug
	Not every chardev is plugged onto virtio-serial bus. However, the
	code introduced in 89e991a2aa36b04 assumes that. Incorrectly.
	With previous patches we have three options where a chardev can
	be plugged: virtio-serial, USB and PCI. This commit fixes the
	attach part.  However, since we are not auto allocating USB
	addresses yet, I'm just marking the place where appropriate code
	should go.

2015-05-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement pci-serial
	https://bugzilla.redhat.com/show_bug.cgi?id=998813

	Implementation is pretty straight-forward. Of course, not all qemus
	out there supports the device, so new capability is introduced and
	checked prior each use of the device.

2015-05-21  Michal Privoznik  <mprivozn@redhat.com>

	Introduce pci-serial
	https://bugzilla.redhat.com/show_bug.cgi?id=998813

	Like usb-serial, the pci-serial device allows a serial device to be
	attached to PCI bus. An example XML looks like this:

	  <serial type='dev'>
	    <source path='/dev/ttyS2'/>
	    <target type='pci-serial' port='0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	  </serial>

2015-05-21  Peter Krempa  <pkrempa@redhat.com>

	util: Avoid shadow of 'ulong' in virMemoryMaxValue
	Old compilers whine:
	src/util/virutil.c: In function 'virMemoryMaxValue':
	src/util/virutil.c:2612: error: declaration of 'ulong' shadows a global declaration [-Wshadow]
	/usr/include/sys/types.h:151: error: shadowed declaration is here [-Wshadow]

	s/ulong/capped/ to work around the problem

2015-05-21  Ján Tomko  <jtomko@redhat.com>

	qemu: wire up virDomainSetUserPassword
	Base-64 encode the password and pass it to the guest agent
	via the 'guest-set-user-password' command.

	https://bugzilla.redhat.com/show_bug.cgi?id=1174177

2015-05-21  Ján Tomko  <jtomko@redhat.com>

	virsh: add set-user-password command
	Expose the virDomainSetUserPassword API in virsh:
	virsh set-user-password dom user 123456

2015-05-21  Ján Tomko  <jtomko@redhat.com>

	Introduce virDomainSetUserPassword API
	For setting passwords of users inside the domain.

	With the VIR_DOMAIN_PASSWORD_ENCRYPTED flag set, the password
	is assumed to be already encrypted by the method required
	by the guest OS.

	https://bugzilla.redhat.com/show_bug.cgi?id=1174177

2015-05-21  Jiri Denemark  <jdenemar@redhat.com>

	threadpool: Switch to detached threads
	Using joinable threads does not help anything, but it can lead to memory
	leaks.

	When a worker thread exits, it decreases nWorkers or nPrioWorkers and
	once both nWorkers and nPrioWorkers are zero (i.e., the last worker is
	gone), quit_cond is signaled. When freeing the pool we first tell all
	threads to die and then we are waiting for both nWorkers and
	nPrioWorkers to become zero. At this point we already know all threads
	are gone. So the only reason for calling virThreadJoin of all workers is
	to free the memory allocated for joinable threads. If we avoid
	allocating this memory, we don't need to take care of freeing it.

	Moreover, any memory associated with a worker thread which died before
	we asked it to die (e.g., because virCondWait failed in the thread)
	would be lost anyway since virThreadPoolFree calls virThreadJoin only
	for threads which were running at the time virThreadPoolFree was called.

2015-05-21  Jiri Denemark  <jdenemar@redhat.com>

	Use virDomainDiskByName where appropriate
	Most virDomainDiskIndexByName callers do not care about the index; what
	they really want is a disk def pointer.

	Add wrappers for virDomainDiskIndexBy*
	Sometimes the only thing we need is the pointer to virDomainDiskDef and
	having to call virDomainDiskIndexBy* APIs, storing the disk index, and
	looking it up in the disks array is ugly. After this patch, we can just
	call virDomainDiskBy* and get the pointer in one step.

2015-05-21  Erik Skultety  <eskultet@redhat.com>

	qemu: Log error if domain uses security driver which is not loaded
	When starting a domain, if a domain specifies security drivers we do not have
	loaded, we fail. However we don't check for this during
	reconnect, so any operation relying on security driver functionality would fail.
	If someone e.g. starts a domain with selinux driver loaded, then they change
	the security driver to 'none' in config, restart the daemon and call dump/save/..,
	QEMU will return an error.
	As we shouldn't kill the domain, we should at least log an error to let the
	user know that domain reconnect wasn't completely clean.

	https://bugzilla.redhat.com/show_bug.cgi?id=1183893

2015-05-21  Luyao Huang  <lhuang@redhat.com>

	conf: Restore the XML parser context in virDomainMemoryDefParseXML
	After parsing the memory device XML the function would not restore the
	XML parser context causing invalid XPath starting point for the rest of
	the elements. This is a regression since 3e4230d2.

	The test case addition uses the <idmap> element that is currently unused
	by qemu, but parsed after the memory device definition and formatted
	always.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223631

2015-05-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Catch memory size overflow earlier
	virDomainParseMemory parses the size and then rounds up while converting
	it to kibibytes. Since the number is limit-checked before the rounding
	it's possible to use a number that would be correctly parsed the first
	time, but not the second time. For numbers not limited to 32 bit systems
	the magic is 9223372036854775807 bytes. That number then can't be parsed
	back in kibibytes.

	To solve the issue add a second overflow check for the few values that
	would cause the problem. Since virDomainParseMemory is used in config
	parsing, this avoids vanishing VMs.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221504

2015-05-20  Michal Privoznik  <mprivozn@redhat.com>

	virDomainNumatuneGetMode: Report if numatune was defined
	So far, we are not reporting if numatune was even defined. The
	value of zero is blindly returned (which maps onto
	VIR_DOMAIN_NUMATUNE_MEM_STRICT). Unfortunately, we are making
	decisions based on this value. Instead, we should not only return
	the correct value, but report to the caller if the value is valid
	at all.

	For better viewing of this patch use '-w'.

2015-05-20  John Ferlan  <jferlan@redhat.com>

	Taint domains using cdrom-passthrough
	https://bugzilla.redhat.com/show_bug.cgi?id=976387

	For a domain configured using the host cdrom, we should taint the domain
	due to problems encountered when the host and guest try to control the tray.

2015-05-20  Cole Robinson  <crobinso@redhat.com>

	virfile: virDirCreate: Drop redundant FORCE_PERMS flag
	The only two virDirCreate callers already use it

	virfile: virDirCreate: Fix ALLOW_EXIST conditional
	I screwed this up in the previous (post 1.2.16) commits

2015-05-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix numatune nodeset reporting
	Since af2a1f0587d88656f2c14265a63fbc11ecbd924e,
	qemuDomainGetNumaParameters() returns invalid value for a running
	guest.  The problem is that it is getting the information from cgroups,
	but the parent cgroup is being left alone since the mentioned commit.
	Since the running guest's XML is in sync with cgroups, there is no need
	to look into cgroups (unless someone changes the configuration behind
	libvirt's back).  Returning the info from the definition fixes a bug and
	is also a cleanup.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1221047

2015-05-18  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: fix spice mousemode and copypaste
	From xl.cfg950 man page:

	spiceagent_mouse=BOOLEAN
	Whether SPICE agent is used for client mouse mode. The default is
	true (1) (turn on)

	spicevdagent=BOOLEAN
	Enables spice vdagent. The Spice vdagent is an optional component for
	enhancing user experience and performing guest-oriented management
	tasks. Its features includes: client mouse mode (no need to grab
	mouse by client, no mouse lag), automatic adjustment of screen
	resolution, copy and paste (text and image) between client and domU.
	It also requires vdagent service installed on domU o.s. to work.
	The default is 0.

	spice_clipboard_sharing=BOOLEAN
	Enables Spice clipboard sharing (copy/paste). It requires spicevdagent
	enabled. The default is false (0).

	So if spiceagent_mouse is enabled (client mouse mode) or
	spice_clipboard_sharing is enabled, spicevdagent must be enabled.
	Along with this change, s/spicedvagent/spicevdagent, set
	spiceagent_mouse correctly, and add a test for these spice
	features.

2015-05-18  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: fix spicepasswd handling
	The logic related to spicedisable_ticketing and spicepasswd was
	inverted.  As per man xl.cfg(5), 'spicedisable_ticketing = 1'
	means no passwd is required.  On the other hand, a passwd is
	required if 'spicedisable_ticketing = 0'.  Fix the logic and
	produce and error if 'spicedisable_ticketing = 0' but spicepasswd
	is not provided.  Also fix the spice cfg test file.

	xenconfig: format spice listenAddr when formating ports
	Move formating of spice listenAddr to the section of code
	where spice ports are formatted.  It is more logical to
	format address and ports together.  Account for the change
	in spice cfg test file by moving 'spicehost'.

	xenconfig: use local variable for graphics def
	'graphics->' is a bit easier to read and type, and makes for
	shorter lines than 'def->graphics[0]->'.

2015-05-18  Laine Stump  <laine@laine.org>

	node_device: replace duplicated code in hal and udev backends
	Both the hal and udev drivers call virPCI*() functions to the the
	SRIOV VF/PF info about PCI devices, and the UDEV backend calls
	virPCI*() to get IOMMU group info. Since there is now a single
	function call in node_device_linux_sysfs.c to do all of this, replace
	all that code in the two backends with calls to
	nodeDeviceSysfsGetPCIRelatedDevCaps().

	Note that this results in the HAL driver (probably) unnecessarily
	calling virPCIDevieAddressGetIOMMUGroupNum(), but in the case that the
	host doesn't support IOMMU groups, that function turns into a NOP (it
	returns -2, which causes the caller to skip the call to
	virPCIDeviceAddressGetIOMMUGroupAddresses()). So in the worst case it
	is a few extra cycles spent, and in the best case a mythical platform
	that supported IOMMU groups but used HAL rather than UDEV would gain
	proper reporting of IOMMU group info.

2015-05-18  Laine Stump  <laine@laine.org>

	node_device: update sriov/iommu info before dumpxml of a device
	Because reloading a PF driver with a different number of VFs doesn't
	result in any sort of event sent from udev to the libvirt node_device
	driver, libvirt's cache of that info can be out of date when a request
	arrives for the info about a device. To fix this, we refresh that data
	at the time of the dumpxml request, similar to what is already done
	for netdev link info and SCSI host capabilities.

	Since the same is true for iommu group information (for example, some
	other device in the same iommu group could have been detached from the
	host), we also create a function to update the iommu group info from
	sysfs, and a common function that does both. (a later patch will call
	this common function from the udev and hal backends).

	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=981546

2015-05-18  Laine Stump  <laine@laine.org>

	node_device: new functions to get sriov/iommu info from sysfs
	The udev and hal drivers both already call the same functions as these
	new functions added to node_device_linux_sysfs.c, but 1) we need to
	call them from node_device_driver.c, and 2) it would be nice to
	eliminate the duplicated code from the hal and udev backends.

	node device: prepare node_device_linux_sysfs.c to add more functions
	This file contains only a single function, detect_scsi_host_caps(),
	which is declared in node_device_driver.h and called from both the hal
	and udev backends. Other things common to the hal and udev drivers
	can be placed in that file though. As a prelude to adding further
	functions, this patch renames the existing function to something
	closer in line with other internal libvirt function names
	(nodeDeviceSysfsGetSCSIHostCaps()), and puts the declarations into a
	separate .h file.

	nodedev: change if-else if in update_caps to switch
	Makes it nicer as update bits are added for different cap types.

2015-05-18  Laine Stump  <laine@laine.org>

	conf: make virNodeDevCapData an official type
	For some reason a union (_virNodeDevCapData) that had only been
	declared inside the toplevel struct virNodeDevCapsDef was being used
	as an argument to functions all over the place. Since it was only a
	union, the "type" attribute wasn't necessarily sent with it. While
	this works, it just seems wrong.

	This patch creates a toplevel typedef for virNodeDevCapData and
	virNodeDevCapDataPtr, making it a struct that has the type attribute
	as a member, along with an anonymous union of everything that used to
	be in union _virNodeDevCapData. This way we only have to change the
	following:

	  s/union _virNodeDevCapData */virNodeDevCapDataPtr /

	and

	  s/caps->type/caps->data.type/

	This will make me feel less guilty when adding functions that need a
	pointer to one of these.

2015-05-18  Andrea Bolognani  <abologna@redhat.com>

	virsh: Improve handling of send-process-signal --pid.
	Use vshCommandOptLongLong() instead of retrieving the value as a
	string and converting it to a number manually.

	virsh: Fix dommemstat --period option type.
	The option didn't have VSH_OT_INT type even thought it's expected
	to be numeric, as shown by the fact that vshCommandOptInt() is later
	used to retrieve its value.

2015-05-18  Andrea Bolognani  <abologna@redhat.com>

	virsh: Improve error message on integer value parsing failure.
	Replace more than 30 ad-hoc error messages with a single, generic one
	that contains the name of the option being processed and some hints
	to help the user understand what could have gone wrong.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207043

2015-05-18  Tony Krowiak  <aekrowia@us.ibm.com>

	libvirt: tests: test protected key mgmt ops support
	Test the support for enabling/disabling CPACF protected key management
	operations for a guest.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-05-18  Tony Krowiak  <aekrowia@us.ibm.com>

	libvirt: qemu: enable/disable protected key management ops
	Introduces two new -machine option parameters to the QEMU command to
	enable/disable the CPACF protected key management operations for a guest:

	    aes-key-wrap='on|off'
	    dea-key-wrap='on|off'

	The QEMU code maps the corresponding domain configuration elements to the
	QEMU -machine option parameters to create the QEMU command:

	    <cipher name='aes' state='on'>   --> aes-key-wrap=on
	    <cipher name='aes' state='off'>  --> aes-key-wrap=off
	    <cipher name='dea' state='on'>   --> dea-key-wrap=on
	    <cipher name='dea' state='off'>  --> dea-key-wrap=off

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-05-18  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	libvirt: Introduce protected key mgmt ops
	Two new domain configuration XML elements are added to enable/disable
	the protected key management operations for a guest:

	    <domain>
	      ...
	      <keywrap>
	        <cipher name='aes|dea' state='on|off'/>
	      </keywrap>
	      ...
	    </domain>

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-05-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: provide impl for nodeGetSecurityModel
	Currently, the libxl driver does not support any security drivers.
	When the qemu driver has no security driver configued,
	nodeGetSecurityModel succeeds but returns an empty virSecurityModel
	object.  Do the same in the libxl driver instead of reporting

	this function is not supported by the connection driver:
	virNodeGetSecurityModel

2015-05-15  Laine Stump  <laine@laine.org>

	qemu: log error when domain has an unsupported IDE controller
	We have previously effectively ignored all <controller type='ide'>
	elements in a domain definition.

	On the i440fx-based machinetypes there is an IDE controller that is
	included in the chipset and can't be removed (which is the ide
	controller with index='0'>), so it makes sense to ignore that one
	controller. However, if an i440fx domain definition has a 2nd
	controller, nothing catches this error (unless you also have a disk
	attached to it, in which case qemu will complain that you're trying to
	use the ide controller named "ide1", which doesn't exist), and if any
	other type of domain has even a single controller defined, it will be
	incorrectly ignored.

	Ignoring a bogus controller definition isn't such a big problem, as
	long as an error is logged when any disk is attached to that
	non-existent controller. But in the case of q35-based machinetypes,
	the hardcoded id ("alias" in libvirt terms) of its builtin SATA
	controller is "ide", which happens to be the same id as the builtin
	IDE controller on i440fx machinetypes. So libvirt creates a
	commandline believing that it is connecting the disk to the builtin
	(but actually nonexistent) IDE controller, qemu thinks that libvirt
	wanted that disk connected to the builtin SATA controller, and
	everybody is happy.

	Until you try to connect a 2nd disk to the IDE controller. Then qemu
	will complain that you're trying to set unit=1 on a controller that
	requires unit=0 (SATA controllers are organized differently than IDE
	controllers).

	After this patch, if a domain has an IDE controller defined for a
	machinetype that has no IDE controllers, libvirt will log an error
	about the controller itself as it is building the qemu commandline
	(rather than a (possible) error from qemu about disks attached to that
	controller). This is done by adding IDE to the list of controller
	types that are handled in the loop that creates controller command
	strings in qemuBuildCommandline() (previously it would *always* skip
	IDE controllers). Then qemuBuildControllerDevStr() is modified to log
	an appropriate error in the case of IDE controllers.

	In the future, if we add support for extra IDE controllers (piix3-ide
	and/or piix4-ide) we can just add it into the IDE case in
	qemuBuildControllerDevStr(). For now, nobody seems anxious to add
	extra support for an aging and very slow controller, when there are so
	many better options available.

	Resolves:

	https://bugzilla.redhat.com/show_bug.cgi?id=1176071 (Fedora)

2015-05-15  Laine Stump  <laine@laine.org>

	qemu: clean up qemuBuildCommandline loop that builds controller args
	Reorganize the loop that builds controller args to remove unnecessary
	duplicated code and superfluous else clauses. No functional change.

2015-05-15  Laine Stump  <laine@laine.org>

	qemu: remove test for allowing ide controller in s390, rename usb tests
	Back in 2013, commit 877bc089 added in some tests that made sure no
	error was generated on a domain definition that had an automatically
	added usb controller if that domain didn't have a PCI bus to attach
	the usb controller to. This was done because, at that time, libvirt
	was automatically adding a usb controller to *any* domain definition
	that didn't have one.  Along with permitting the controller, two
	s390-specific tests were added to ensure this behavior was maintained
	- one with <controller type='usb' model='none'/> and another (called
	"s390-piix-controllers") that had both usb and ide controllers, but
	nothing attached to them.

	Then in February of this year, commit 09ab9dcc eliminated the annoying
	auto-adding of a usb device for s390 and s390x machines, stating:

	 "Since s390 does not support usb the default creation of a usb
	  controller for a domain should not occur."

	Although, as verified here, the s390 doesn't support usb, and usb
	controllers aren't currently added to s390 domain definitions
	automatically, there are likely still some domain definitions in the
	wild that have a usb controller (which was added *by libvirt*, not by
	the user), so we will keep the tests verifying that behavior for
	now. But this patch changes the names of the tests to reflect that
	they don't actually contain a valid s390 config; this way future
	developers won't propagate the incorrect idea that an s390 virtual
	machine can have a USB (or IDE) bus.

	In the case of the IDE controller, though, libvirt has never
	automatically added an IDE controller unless a user added an IDE disk
	(which itself would have caused an error), and we specifically *do*
	want to begin generating an error when someone tries to add an IDE
	controller to a domain that can't support one. For that reason, while
	renaming the sz390-piix-controllers patch, this patch removes the
	<controller type='ide'...> from it (otherwise the upcoming patch would
	break make check)

2015-05-15  Laine Stump  <laine@laine.org>

	qemu: use controller alias when constructing device/controller args
	This makes sure that that the commandlines generated for devices and
	controller devices are all using the alias that has been set in the
	controller's object as the id of the controller, rather than
	hardcoding a printf (or worse, encoding exceptions to the standard
	${controller}${index} into the logic)

	Since this "fixes" the controller name used for the sata controller,
	the commandline arg for the sata controller in the sata test case had
	to be adjusted to be "sata0" instead of "ahci0". All other tests
	remain unchanged, verifying that the patch causes no other functional
	change.

	Because the function that finds a controller alias based on a device
	def requires a pointer to the full domainDef in order to get the list
	of controllers, the arglist of a few functions had to have this added.

2015-05-15  Laine Stump  <laine@laine.org>

	qemu: fix exceptions in qemuAssignDeviceControllerAlias
	There are a few extra exceptions that weren't being accounted for when
	creating the alias for a controller. This resulted in 1) incorrect
	status XML, and 2) exceptions/printfs of what *should* have been
	directly available in the controller alias when constructing device
	commandline arguments:

	1) The primary (and only) IDE controller on a 440FX machinetype is
	hardcoded to be "ide" in qemu.

	2) The primary SATA controller on a 440FX machinetype is also
	hardcoded to be "ide" in qemu.

	3) On machinetypes that don't support multiple PCI buses, the PCI bus
	is hardcoded in qemu to have the name "pci".

	4) The first usb master controller is "usb", all others are the normal
	"usb%d". (note that usb controllers that are not a "master" will have
	the same index, and thus alias, as the master).

	We needed to pass in the full domainDef and qemuCaps in order to
	properly make the decisions about these exceptions.

2015-05-15  Laine Stump  <laine@laine.org>

	conf: utility to return alias of a controller based on type/index
	Because there are multiple potential reasons for an error, this
	function logs any errors before returning NULL (since the caller won't
	have the information needed to determine which was the reason for
	failure).

2015-05-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't give up on first error in qemuMigrationCancelDriverMirror
	When cancelling drive mirror, always try to do that for all disks even
	if it fails for some of them. Report the first error we saw.

	qemu: Keep track of what disks are being migrated
	Instead of redoing the same filtering over and over everytime we need to
	walk through all disks which are being migrated.

	Move QEMU-only fields from virDomainDiskDef into privateData

	Rename virDomainHasBlockjob as qemuDomainHasBlockjob
	And move it to qemu_domain.[ch] because this API is QEMU-only.

	Add privateData to virDomainDiskDef

2015-05-14  Ján Tomko  <jtomko@redhat.com>

	reject out of range memory in SetMemory APIs
	The APIs take the memory value in KiB and we store it in KiB
	internally, but we cannot parse the whole ULONG_MAX range
	on 64-bit systems, because virDomainParseScaledValue
	needs to fit the value in bytes in an unsigned long long.

	https://bugzilla.redhat.com/show_bug.cgi?id=1176739

2015-05-14  Martin Kletzander  <mkletzan@redhat.com>

	Some alignment fixes in lxc_controller and jsontest
	Again, a clean-up for which we don't have proper syntax-check.

	gendispatch: Don't generate long lines
	We don't allow it in normal code, why would it need to be in the
	generated one.  IT also splits the line in perl code so it's readable.

	virnetserver: Remove unnecessary double space
	Since we don't have syntax-check for this, it has to be checked
	manually.  Let's hope this is the only place it happened.

	rpc: Don't mix max_clients and max_workers in PostExecRestart
	This only affected the servers that re-exec themselves, which is only
	virtlockd and it didn't do any mess, so this is mostly a clenaup.

2015-05-14  John Ferlan  <jferlan@redhat.com>

	qemu: Clear autofil fill flag when pinning iothread
	https://bugzilla.redhat.com/show_bug.cgi?id=1218577

	Treat pinning an IOThread via API as if someone added an IOThread to
	ensure the iothreadid doesn't cause the guest to disappear

2015-05-14  John Ferlan  <jferlan@redhat.com>

	conf: Expose iothreadids when delete non sequential iothreadids
	Since 'autofill'd iothreadid entries are not written during XML format
	processing, it is possible that if an iothreadid in the middle of an
	autofilled list would then change it's id on a subsequent restart.

	Thus during the iothreadid deletion, if we determine the delete is not
	the "last" thread, then clear the autofill bit for all iothreadid's
	following the one being deleted (either the first or one in the middle).
	This way, iothreadid's will be printed/saved.

2015-05-14  Luyao Huang  <lhuang@redhat.com>

	virsh: Report an error when cpulist parsing fails
	When parsing a cpulist, the virBitmapParse is used. On an invalid
	bitmap an error is reported, but the error gets cleared
	immediately by subsequent public APIs call, e.g. virDomainFree().
	Moreover, we don't check whether bitmap fits into maximal CPU ID
	on the host. Therefore the following examples failed without any
	error:

	 # virsh vcpupin test3 1 aaa

	 # virsh vcpupin test3 1 1000

2015-05-13  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: remove connection wide wait timeout
	We have a lot of passing arguments code just to pass connection
	object cause it holds jobTimeout. Taking into account that
	right now this value is defined at compile time let's just
	get rid of it and make arguments list more clear in many
	places.

	In case we later need some runtime configurable timeout
	value we can provide this value through arguments
	function already operate such as a parallels domain
	object etc as this timeouts are operation( and thus
	object) specific in practice.

2015-05-13  zhang bo  <oscar.zhangbo@huawei.com>

	qemuMigrationPrepareAny: Drop useless variable @now
	As of eeb008dbfcf31 the variable is not used anymore. Drop it.

2015-05-13  Andrea Bolognani  <abologna@redhat.com>

	maint: Ignore Vim swap files
	This removes some noise when you're working on the repository
	and also have a bunch of source files open in Vim in another
	terminal.

2015-05-13  Martin Kletzander  <mkletzan@redhat.com>

	Fix build --without-network
	In order not to bring in any link dependencies, bridge driver doesn't
	use the usual stubs as other conditionally-built code does.  However,
	having the function as a macro imposes a problem with possibly unused
	variables if just defined as "0".  This was worked around by using
	(dom=dom, iface=iface, 0) which should act like a 0 if used in a
	condition.  However, gcc still bugs about that, so I came up with
	another way how to fix that.

	Using static inline functions in the header won't collide with anything,
	it fixes the bug and does one thing that the macro didn't do.  It checks
	whenther passed variables are pointers of compatible type.  It has only
	one downside, and that is that we need to either a) define it with
	ATTRIBUTE_UNUSED, which needs an exception in cfg.mk or b) do something
	like ignore_value(variable); in the function body.  I went with the
	first variant.

2015-05-13  Ján Tomko  <jtomko@redhat.com>

	Assign virtio-serial addresses after coldplugging a device
	Otherwise we might allow coldplugging a device
	that uses an address that is already occupied, creating
	an unstartable domain.

	https://bugzilla.redhat.com/show_bug.cgi?id=1220195

2015-05-13  Pavel Hrdina  <phrdina@redhat.com>

	qemu: vnc: error out for invalid port number
	In the XML we have the vnc port number, but QEMU takes on command line
	a vnc screen number, it's port-5900.  We should fail with error message
	that only ports in range [5900,65535] are valid.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1164966

2015-05-13  Michal Privoznik  <mprivozn@redhat.com>

	virSysinfoParseProcessor: Drop useless check for NULL
	VIR_STRDUP plays nicely with NULLs. Theres no need to guard its
	call with check for non-NULL.

2015-05-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: support VNC passwd
	While implementing support for SPICE, I noticed VNC passwd was
	never copied to libxl_device_vfb's vnc.passwd field.

2015-05-12  John Ferlan  <jferlan@redhat.com>

	conf: Remove source host name check for iSCSI
	https://bugzilla.redhat.com/show_bug.cgi?id=1171984
	https://bugzilla.redhat.com/show_bug.cgi?id=1188463

	Remove the check for the source host name for iSCSI source XML processing
	declaring duplicate sources when the source device path and if present the
	initiator of a proposed storage pool matches an existing storage pool.

	The backend iSCSI storage driver uses 'iscsiadm --mode session' to query
	available iscsid target sessions. The output displayed is the IP address
	and the IQN (target path) of known targets. The displayed IP address
	is a resolved address based on the session --login. Additionally, iscsid
	keeps track of the various ways to define the host name (IPv4 Address,
	IPv6 Address, /etc/hosts, etc.) for that IQN (see output of an 'iscsiadm
	--mode node'). If an incoming IQN matches and the host name provided by
	libvirt is resolved to the existing IQN, then iscsid will "reuse" the
	session. Although libvirt could do the same name resolution, if there
	is a difference, iscsid could still declare two seemingly different sources
	to be the same and not create a new session which means libvirt now has
	two storage pools looking at the same source. Thus to avoid any strange
	host name resolution issues, just rely on iscsid for that and do not
	allow multiple pools on the same host to use the same device path (IQN).

2015-05-12  John Ferlan  <jferlan@redhat.com>

	conf: Adjust duplicate source host port check
	Only perform the port number check if the incoming definition actually
	provides it. Since the port number is optional we could erroneously pass
	a duplicate source host check since some storage pool backends which fill
	in the default port number (e.g., iSCSI and sheepdog) for the started pool.

2015-05-12  Luyao Huang  <lhuang@redhat.com>

	qemu: fix double free when RNG cold-plug fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1220809

	When cold-plugging an RNG device but something fails in
	qemuDomainAssignAddresses, we will double free the RNG device.
	Once a device is plugged into the domain, we should set the
	device pointer to NULL to fix this issue.

	...
	5  0x00007fb7d180ac8a in virFree at util/viralloc.c:582
	6  0x00007fb7d1895cdd in virDomainRNGDefFree at conf/domain_conf.c:19786
	7  0x00007fb7d1895d99 in virDomainDeviceDefFree at conf/domain_conf.c:2022
	8  0x00007fb7b92b8baf in qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:8785
	9  0x00007fb7d190c5d7 in virDomainAttachDeviceFlags at libvirt-domain.c:8488
	10 0x00007fb7d23af9d2 in remoteDispatchDomainAttachDeviceFlags at remote_dispatch.h:2842
	...

2015-05-12  Peter Krempa  <pkrempa@redhat.com>

	daemon: Suppress logging of VIR_ERR_NO_DOMAIN_METADATA
	Similarly to other error codes that notify the user that the object does
	not exist lower the priority of VIR_ERR_NO_DOMAIN_METADATA to
	VIR_LOG_DEBUG when writing the log entry.

2015-05-12  Pavel Hrdina  <phrdina@redhat.com>

	conf_capabilities: fix wrong indentation

2015-05-12  Pavel Hrdina  <phrdina@redhat.com>

	XML: escape strings where we should do it
	There is a lot of places, were it's pretty easy for user to enter some
	characters that we need to escape to create a valid XML description.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1197580

2015-05-12  Richard W.M. Jones  <rjones@redhat.com>

	Document that virNodeGetInfo can return mhz == 0.
	On the s/390x architecture, libvirt may already return 0 in the
	node_info->mhz field (see src/nodeinfo.c:linuxNodeInfoCPUPopulate).

	We may also want to return this on aarch64 in future, because
	calculating the proper value requires SMBIOS, which is not available
	on non-server-class systems (specifically on systems which don't
	adhere to the SBSA standard).

	Therefore this change documents the existing behaviour and provides a
	valid path for aarch64.

	Bug-URL: https://bugzilla.redhat.com/1206353

2015-05-12  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-guests: Initialize SYNC_TIME
	https://bugzilla.redhat.com/show_bug.cgi?id=1191227

	Since 0fa15b19 we have this variable SYNC_TIME which allows users to
	synchronize time on domain resume. However, despite what documentation
	says, it's by default on because it's never initialized. Fix this by
	setting it to zero at the beginning of the libvirt-guests script.

2015-05-11  Laine Stump  <laine@laine.org>

	qemu: eliminate duplicated code in qemuBuildDriveDevStr()
	The code to add device type to the commandline was identical for lsi
	and other models of SCSI controllers, but was duplicated (with the
	exception of a minor ordering difference of the if-else clauses) for
	the two cases. This patch replaces those two with a single instance of
	the code just before the if().

	qemu: use qemuDomainMachineIsI440FX() in appropriate place
	This patch makes qemuValideDevicePCISlotsChipsets() more consistent in
	appearance by replacing several clauses of an if with the equivalent
	call to qemuDomainMachineIsI440FX. The if was checking exactly the
	same items, just in a slightly different order.

2015-05-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: extend PIE support check
	GCC installed from FreeBSD ports doesn't support building PIE executables
	and fails with:

	/usr/local/bin/ld: /usr/lib/crt1.o: relocation R_X86_64_32 against
	`_DYNAMIC' can not be used when making a shared object; recompile with
	-fPIC
	/usr/lib/crt1.o: error adding symbols: Bad value
	collect2: error: ld returned 1 exit status

	However, the configure check for '-fPIC -DPIC' doesn't catch that. In
	order to catch this case, add '-pie' to CFLAGS in m4/virt-compile-pie.m4
	so it could detect lack of PIE support on configure time and don't fail
	the build.

2015-05-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix bhyvexml2argvtest build with gcc
	gcc5 reports an error like this:

	bhyvexml2argvtest.c: In function 'testCompareXMLToArgvFiles':
	bhyvexml2argvtest.c:24:18: error: variable 'vm' set but not used
	[-Werror=unused-but-set-variable]
	     virDomainObj vm;
	                  ^
	cc1: all warnings being treated as errors

	Fix by dropping this variable.

2015-05-11  Luyao Huang  <lhuang@redhat.com>

	conf: Report error for unknown shmem ioeventfd value
	https://bugzilla.redhat.com/show_bug.cgi?id=1220265

	Passing the return value to an enum directly is not safe.  Fix this by
	comparing the true integer result of virTristateSwitchTypeFromString().

2015-05-11  Ján Tomko  <jtomko@redhat.com>

	Ignore bridge template names with multiple printf conversions
	For some reason, we allow a bridge name with %d in it, which we replace
	with an unsigned integer to form a bridge name that does not yet exist
	on the host.

	Do not blindly pass it to virAsprintf if it's not the only conversion,
	to prevent crashing on input like:

	<network>
	  <name>test</name>
	  <forward mode='none'/>
	  <bridge name='virbr%d%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s'/>
	</network>

	Ignore any template strings that do not have exactly one %d conversion,
	like we do in various drivers before calling virNetDevTapCreateInBridgePort.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix balloon size handling with memory hot(un)plug
	Since libvirt doesn't call to update the new balloon size in qemu add
	code that will handle tweaking of the size of the current balloon
	statistic until qemu reports the new size using the event.

	conf: Fix up balloon size after removing a memory device from def
	To avoid having the ballooned memory size larger than the actual
	physical memory size, truncate the ballooned size if it overflows.

	conf: Always truncate balloon size to maximum memory size
	Specifying a balloon size more than the memory size of a guest isn't
	something that should be rejected when parsing the XML. Truncate the
	size to the maximum memory size.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Convert qemuConnectGetAllDomainStats to use new helpers
	Use the new domain list collection helpers to avoid going through
	virDomainPtrs.

	This additionally implements filter capability when called through the
	api that accepts domain list filters.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Add helper to convert list of virDomains to a list of virDomainObjs
	Add virDomainObjListConvert that will take a list of virDomains, apply
	filters and return a list of virDomainObjs.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor domain list collection critical section
	Until now the virDomainListAllDomains API would lock the domain list and
	then every single domain object to access and filter it. This would
	potentially allow a unresponsive VM to block the whole daemon if a
	*listAllDomains call would get stuck.

	To avoid this problem this patch collects a list of referenced domain
	objects first from the list and then unlocks it right away. The
	expensive operation requiring locking of the domain object is executed
	after the list lock is dropped. While a single blocked domain will still
	lock up a listAllDomains call, the domain list won't be held locked and
	thus other APIs won't be blocked.

	Additionally this patch also fixes the lookup code, where we'd ignore
	the vm->removing flag and thus potentially return domain objects that
	would be deleted very soon so calling any API wouldn't make sense.

	As other clients also could benefit from operating on a list of domain
	objects rather than the public domain descriptors a new intermediate
	API - virDomainObjListCollect - is introduced by this patch.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181074

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	conf: Rename virDomainObjListFilter type to virDomainObjListACLFilter
	The passed function is meant to filter domains according to ACL match.

	conf: Extract code to filter domain list into a separate function
	Separate the code to simplify future refactors.

2015-05-11  Peter Krempa  <pkrempa@redhat.com>

	util: Make the virDomainListFree helper more universal
	Extend it to a universal helper used for clearing lists of any objects.
	Note that the argument type is specifically void * to allow implicit
	typecasting.

	Additionally add a helper that works on non-NULL terminated arrays once
	we know the length.

2015-05-08  Cole Robinson  <crobinso@redhat.com>

	caps: Fix regression defaulting to host arch
	My commit 747761a79 (v1.2.15 only) dropped this bit of logic when filling
	in a default arch in the XML:

	-    /* First try to find one matching host arch */
	-    for (i = 0; i < caps->nguests; i++) {
	-        if (caps->guests[i]->ostype == ostype) {
	-            for (j = 0; j < caps->guests[i]->arch.ndomains; j++) {
	-                if (caps->guests[i]->arch.domains[j]->type == domain &&
	-                    caps->guests[i]->arch.id == caps->host.arch)
	-                    return caps->guests[i]->arch.id;
	-            }
	-        }
	-    }

	That attempt to match host.arch is important, otherwise we end up
	defaulting to i686 on x86_64 host for KVM, which is not intended.
	Duplicate it in the centralized CapsLookup function.

	Additionally add some testcases that would have caught this.

	https://bugzilla.redhat.com/show_bug.cgi?id=1219191

2015-05-07  Cole Robinson  <crobinso@redhat.com>

	tests: Remove redundant aarch64 tests
	My commit 7b9de914 added some aarch64 CPU test cases. I wanted to test
	two different code paths but inadvertently added two of the same test
	cases.

	The second code path (using <cpu><model>host</model</cpu>) isn't easily
	exercised via the qemu tests anyways, I'll need to look elsewhere.

	Regardless, remove the redundant tests for now

2015-05-07  Michal Privoznik  <mprivozn@redhat.com>

	processSerialChangedEvent: Close agent monitor early
	https://bugzilla.redhat.com/show_bug.cgi?id=890648

	So, imagine you've issued an API that involves guest agent. For
	instance, you want to query guest's IP addresses. So the API acquires
	QUERY_JOB, locks the guest agent and issues the agent command.
	However, for some reason, guest agent replies to initial ping
	correctly, but then crashes tragically while executing real command
	(in this case guest-network-get-interfaces). Since initial ping went
	well, libvirt thinks guest agent is accessible and awaits reply to the
	real command. But it will never come. What will is a monitor event.
	Our handler (processSerialChangedEvent) will try to acquire
	MODIFY_JOB, which will fail obviously because the other thread that's
	executing the API already holds a job. So the event handler exits
	early, and the QUERY_JOB is never released nor ended.

	The way how to solve this is to put flag somewhere in the monitor
	internals. The flag is called @running and agent commands are issued
	iff the flag is set. The flag itself is set when we connect to the
	agent socket. And unset whenever we see DISCONNECT event from the
	agent. Moreover, we must wake up all the threads waiting for the
	agent. This is done by signalizing the condition they're waiting on.

2015-05-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainShutdownFlags: check for domain activeness prior to guest presence
	Running shutdown with mode agent on a shutoff domain gives cryptic
	error message:

	    virsh # shutdown --mode agent gentoo
	    error: Failed to shutdown domain gentoo
	    error: Guest agent is not responding: QEMU guest agent is not connected

	After this patch, the error is more clear:

	    virsh # shutdown --mode agent gentoo
	    error: Failed to shutdown domain gentoo
	    error: Requested operation is not valid: domain is not running

	Reported-by: Martin Kletzander <mkletzan@redhat.com>

2015-05-06  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: don't up the veth interfaces unless explicitly asked to
	Upping an interface for no reason and not configuring it is a cardinal sin.

	With the default addrgenmode if eui64 it sticks a link-local address to the
	interface. That is not good, as NetworkManager would see an address configured,
	assume the interface is already configured and won't touch it iself and the
	interface might stay unconfigured until the end of the days.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1124721

2015-05-06  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: multiqueue for ccw devices
	Allow ccw devices to be used with multiqueues. ccw provides a one to
	one relation of fds to queues and does not support the vectors option.

	Reviewed-by: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2015-05-06  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity FORWARD_NULL
	Coverity points out that qemuMonitorGetAllBlockStatsInfo could return a
	-1 and thus not fill in 'stats' (leaving it NULL). Then the call to
	qemuMonitorBlockStatsUpdateCapacity will dereference it.

	qemu: Resolve Coverity FORWARD_NULL
	Coverity complains over the [n]values pairing in virQEMUCapsFreeStringList
	and rather than make a bunch if "if values" checks prior to calling, by
	just adding the values check inside the free function we avoid the chance
	that somehow nvalues is > 0, while values == NULL

	qemu: Resolve Coverity FORWARD_NULL
	Coverity points out it was possible to have a zero return from
	qemuBuildRNGBackendProps thus not filling in 'props' and then
	causing a NULL dereference on the next call.

	xen: Resolve Coverity FORWARD_NULL
	Coverity found that xenXMConfigCacheAddFile has an error path in which
	no error message and a -1 was not returned which could have resulted in
	a NULL dereference in a VIR_DEBUG statement and of course an erroneous
	0 value returned!

2015-05-06  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity FORWARD_NULL
	Coverity notes that ->ifname is used after the VIR_FREE done in the
	code path after the call to virNetDevMacVLanDeleteWithVPortProfile
	by a call to virNetDevOpenvswitchRemovePort.

	Since the ->ifname will be VIR_FREE()'d eventually in virDomainNetDefFree
	just remove the extraneous VIR_FREE here.

	When originally added, the Openvswitch code wasn't present and checks
	were made for non NULL prior to use.

2015-05-06  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity IDENTICAL_BRANCHES
	Coverity complains that in the error paths both the < 0 condition and
	the success path after the qemuDomainObjExitMonitor failure will end
	up going to cleanup.  So just use ignore_value in this error path to
	resolve the complaint.

	vbox: Resolve Coverity RESOURCE_LEAK
	If the virStringSearch() returns a 0 (zero), then each of the uses
	of the call will just jump to cleanup forgetting to free the returned
	empty list. Expand the scope a bit of each use and free at cleanup.

	libxl: Resolve Coverity RESOURCE_LEAK
	The returned socks from virNetSocketNewListenTCP needs to be VIR_FREE'd
	as well as seach of the Close/Unref on all the socks[i] that is
	already done

2015-05-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: support soundhw for hvm domains
	The xend driver and the parsing/formating code in src/xenconfig
	have long supported soundhw.  Add support in the libxl driver too.

	libxl: add logrotate config file
	Add logrotate config for log files in /var/log/libvirt/libxl.

2015-05-05  Luyao Huang  <lhuang@redhat.com>

	docs: fix a small xml error in docs

2015-05-05  Luyao Huang  <lhuang@redhat.com>

	conf: Add the cpu duplicate use check for vm numa settings
	https://bugzilla.redhat.com/show_bug.cgi?id=1176020

	We had a check for the vcpu count total number in <numa>
	before, however this check is not good enough. There are
	some examples:

	1. one of cpu id is out of maxvcpus, can set success(cpu count = 5 < 10):

	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-3,100' memory='512000' unit='KiB'/>

	2. use the same cpu in 2 cell, can set success(cpu count = 8 < 10):
	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-3' memory='512000' unit='KiB'/>
	<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>

	3. use the same cpu in 2 cell, cannot set success(cpu count = 11 > 10):
	<vcpu placement='static'>10</vcpu>
	<cell id='0' cpus='0-6' memory='512000' unit='KiB'/>
	<cell id='1' cpus='0-3' memory='512000' unit='KiB'/>

	Add a check for numa cpus, check if duplicate use one cpu in more
	than one cell.

2015-05-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement GIC
	The only version that's supported in QEMU is version 2, currently.
	Fortunately, it is enabled by aarch64 automatically, so there's
	nothing for us that needs to be put onto command line.

	Introduce GIC feature
	Some platforms, like aarch64, don't have APIC but GIC. So there's
	no reason to have <apic/> feature turned on. However, we are
	still missing <gic/> feature. This commit introduces the feature
	to XML parser and formatter, adds documentation and updates RNG
	schema.

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly rename persistent def after migration
	When migrating a domain while changing its name and using
	VIR_MIGRATE_PERSIST_DEST flag, libvirt would fail to properly change the
	name in the persistent definition. The inconsistency results in weird
	behavior when dumping domain XML, destroying the domain, restarting
	libvirtd and likely in several other situations.

	Since the new name is already stored in vm->def->name, we just need to
	make sure the persistent definition uses this new name too.

	https://bugzilla.redhat.com/show_bug.cgi?id=1076354

2015-05-04  Cole Robinson  <crobinso@redhat.com>

	polkit: Allow password-less access for 'libvirt' group
	Many users, who admin their own machines, want to be able to access
	system libvirtd via tools like virt-manager without having to enter
	a root password. Just google 'virt-manager without password' and
	you'll find many hits. I've read at least 5 blog posts over the years
	describing slightly different ways of achieving this goal.

	Let's finally add official support for this.

	Install a polkit-1 rules file granting password-less auth for any user
	in the new 'libvirt' group. Create the group on RPM install

	https://bugzilla.redhat.com/show_bug.cgi?id=957300

2015-05-04  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Don't try to chown directory unless user requested
	Currently we try to chown any directory passed to virDirCreate,
	even if the user didn't request any explicit owner/group via the
	pool/vol XML.

	This causes issues with qemu:///session: try to build a pool of
	a root owned directory like /tmp, and it fails trying to chown the
	directory to the session user. Instead it should just leave things
	as they are, unless the user requests changing permissions via
	the pool XML.

	Similarly this is annoying if creating a storage pool via system
	libvirtd of an existing directory in user $HOME, it's now owned
	by root.

	The virDirCreate function is pretty convoluted, since it needs to
	fork off in certain specific cases. Try to document that, to make
	it clear where exactly we are changing behavior.

2015-05-04  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Don't attempt directory creation if it already exists
	The current code attempts to handle this, but it only catches mkdir
	failing with EEXIST. However if say trying to build /tmp for an
	unprivileged qemu:///session, mkdir will fail with EPERM.

	Rather than catch any errors, just don't attempt mkdir if the directory
	already exists.

2015-05-04  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Fill in permissions on pool refresh
	This means pool XML actually reports accurate user/group/mode/label.

	This uses UpdateVolTargetInfoFD in a bit of a hackish way, but it works

2015-05-04  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Don't overwrite virDirCreate error
	virDirCreate will give us fine grained details about what actually failed.

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Don't check migrate parameters
	Just pass anything a user specified to the appropriate API. It's the API
	or libvirtd that should be responsible for checking its parameters.

	https://bugzilla.redhat.com/show_bug.cgi?id=1066375
	https://bugzilla.redhat.com/show_bug.cgi?id=1073233

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Forbid unsupported parameters for tunnelled migration
	Neither migrate URI nor lister address make any sense for tunnelled
	migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1066375
	https://bugzilla.redhat.com/show_bug.cgi?id=1073233

2015-05-04  Andrea Bolognani  <abologna@redhat.com>

	tests: Fix grammar in comments.
	Replace all occurrences of "stream write to differences to"
	with "stream to write differences to".

2015-05-04  Marc-André Lureau  <marcandre.lureau@gmail.com>

	tests: add machine vmport qemu test
	Check that the vmport feature is correctly used in qemu commande line.

	qemu: add machine vmport argument
	Fill qemu command line vmport argument as required.

	qemu: add virQEMUCapsSupportsVmport
	The vmport machine argument works with pc machine kind, not with xen for
	example.

	qemu: move qemuDomainMachineIs{I440FX,Q35}
	Move common functions being used by the following
	virQEMUCapsSupportsVmport commit.

	qemu: add QEMU_CAPS_MACHINE_VMPORT_OPT
	Set the capability based on qmp query, or qemu version.  The qmp query
	includes vmport with 2.2, but no longer with 2.3. It lists only
	non-machine specific capabilities, so check the qemu version too until a
	machine-specific query is supported.

	domain/conf: add VIR_DOMAIN_FEATURE_VMPORT

2015-05-04  Marc-André Lureau  <marcandre.lureau@gmail.com>

	docs: add domain vmport feature
	A new feature that can be turned on or off.

	The QEMU machine vmport option allows to set the VMWare IO port
	emulation. This emulation is useful for absolute pointer input when the
	guest has vmware input drivers, and is enabled by default for kvm.

	However it is unnecessary for Spice-enabled VM, since the agent already
	handles absolute pointer and multi-monitors. Furthermore, it prevents
	Spice from switching to relative input since the regular ps/2 pointer
	driver is replaced by the vmware driver. It is thus advised to disable
	vmport when using a Spice VM. This will permit the Spice client to
	switch from absolute to relative pointer, as it may be required for
	certain games or applications.

2015-05-04  Jiri Denemark  <jdenemar@redhat.com>

	Bump version to 1.2.16 for new dev cycle

2015-05-04  Luyao Huang  <lhuang@redhat.com>

	qemu: fix the vm deadlock when deleting a nonexistent iothread
	https://bugzilla.redhat.com/show_bug.cgi?id=1218145

	Jump to endjob instead of cleanup to fix this deadlock.

2015-05-04  Luyao Huang  <lhuang@redhat.com>

	tools: fix the wrong check when use virsh setvcpus --maximum
	The --maximum option wasn't properly parsed and the equivalent flag
	wasn't set.  Fix this bug and also rewrite the way we check this option
	by using new macro.  The new approach is that --maximum requires
	--config, no other combination is allowed, because they don't make sense.

	The new error will be:

	 # virsh setvcpus test --maximum 10
	 error: Option --config is required by option --maximum

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1204033

2015-05-04  Pavel Hrdina  <phrdina@redhat.com>

	virsh: introduce new macros to help check flag requirements

	qemu: use new macros for setvcpus to check flags and cleanup the code
	Now that we have macros for exclusive flags and flag requirements we can
	use them to cleanup the code for setvcpus and error out for all wrong
	flag combination.

	use new macro helpers to check flag requirements

	use new macro helpers to check exclusive flags

	internal: introduce macro helpers to check flag requirements
	Similar to VIR_EXLUSIVE_FLAGS, it will error out if flag requirement is
	not met.

	internal: introduce macro helpers to reject exclusive flags
	Inspired by commit 7e437ee7 that introduced similar macros for virsh
	commands so we don't have to repeat the same code all over.

2015-05-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.15
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerated

2015-04-30  John Ferlan  <jferlan@redhat.com>

	qemu: Fix bus and lun checks when scsi-disk.channel not present
	Found by Laine and discussed a bit on internal IRC.

	Commit id c56fe7f1d6 added support for creating a command line to support
	scsi-disk.channel.

	Series was here:
	http://www.redhat.com/archives/libvir-list/2012-February/msg01052.html

	Which pointed to a design proposal here:
	http://permalink.gmane.org/gmane.comp.emulators.libvirt/50428

	Which states (in part):

	Libvirt should check for the QEMU "scsi-disk.channel" property.  If it
	is unavailable, QEMU will only support channel=lun=0 and 0<=target<=7.

	However, the check added was ensuring that bus != lun *and* bus != 0. So
	if bus == lun and both were non zero, we'd never make the second check.
	Changing this to an *or* check fixes the check, but still is less readable
	than the just checking each for 0

2015-04-30  Pavel Hrdina  <phrdina@redhat.com>

	main: add new generated files to .gitignore
	This means new libxl-lockd.conf and libxl-sanlock.conf

	rpm-build: update %files section for libxl
	Recent commit 198cc1d3 introduced integration of lockd and sanlock into
	libxl, but forget to update libvirt.spec.in to also list new files
	distributed via package.

2015-04-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Call qemuDomainSupportsBlockJobs only on online VMs
	Since the qemu capabilities are not initialized for offline VMs the
	caller might get suboptimal error message:

	$ virsh blockjob VM PATH --bandwidth 1
	error: unsupported configuration: block jobs not supported with this QEMU binary

	Move the checks after we make sure that the VM is alive.

2015-04-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Check address type for USB disks
	Only USB addresses are allowed for USB disks. Report an error if another
	address is configured.

	https://bugzilla.redhat.com/show_bug.cgi?id=1043436

2015-04-30  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Honor vendor_id override in host-model
	https://bugzilla.redhat.com/show_bug.cgi?id=858147

2015-04-30  Ján Tomko  <jtomko@redhat.com>

	iscsi: do not fail to stop a stopped pool
	Just as we allow stopping filesystem pools when they were unmounted
	externally, do not fail to stop an iscsi pool when someone else
	closed the session externally.

	Reported at:
	https://bugzilla.redhat.com/show_bug.cgi?id=1171984

2015-04-29  Jim Fehlig  <jfehlig@suse.com>

	libxl: provide integration with lock manager
	Provide integration with libvirt's lock manager in the libxl driver.

2015-04-29  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Drop unused OSTYPE_AIX
	The phyp driver stuffed it into a DomainDefPtr during its attachdevice
	routine, but the value is never advertised via capabilities so it should
	be safe to drop.

	Have the phyp driver use OSTYPE_LINUX, which is what it advertises via
	capabilities.

2015-04-29  Michael Chapman  <mike@very.puzzling.org>

	qemu: migration: use sync block job helpers
	In qemuMigrationDriveMirror we can start all disk mirrors in parallel.
	We wait until they are all ready, or one of them aborts.

	In qemuMigrationCancelDriveMirror, we wait until all mirrors are
	properly stopped. This is necessary to ensure that destination VM is
	fully in sync with the (paused) source VM.

	If a drive mirror can not be cancelled, then the destination is not in a
	consistent state. In this case it is not safe to continue with the
	migration.

2015-04-29  Michael Chapman  <mike@very.puzzling.org>

	qemuDomainBlockJobAbort: use sync block job helpers
	The !modern code path needs to call qemuBlockJobEventProcess directly.
	the modern code path will call it via qemuBlockJobSyncWait.

	qemuProcessStop: wake up pending sync block jobs
	Other threads may be blocked in qemuBlockJobSyncWait. Ensure that
	they're woken up when the domain is stopped.

2015-04-29  Michael Chapman  <mike@very.puzzling.org>

	qemuBlockJobSync*: introduce sync block job helpers
	qemuBlockJobSyncBegin and qemuBlockJobSyncEnd delimit a region of code
	where block job events are processed "synchronously".
	qemuBlockJobSyncWait and qemuBlockJobSyncWaitWithTimeout wait for an
	event generated by a block job.

	The Wait* functions may be called multiple times while the synchronous
	block job is active. Any pending block job event will be processed by
	only when Wait* or End is called.  disk->blockJobStatus is reset by
	these functions, so if it is needed a pointer to a
	virConnectDomainEventBlockJobStatus variable should be passed as the
	last argument. It is safe to pass NULL if you do not care about the
	block job status.

	All functions assume the VM object is locked. The Wait* functions will
	unlock the object for as long as they are waiting. They will return -1
	and report an error if the domain exits before an event is received.

	Typical use is as follows:

	  virQEMUDriverPtr driver;
	  virDomainObjPtr vm; /* locked */
	  virDomainDiskDefPtr disk;
	  virConnectDomainEventBlockJobStatus status;

	  qemuBlockJobSyncBegin(disk);

	  ... start block job ...

	  if (qemuBlockJobSyncWait(driver, vm, disk, &status) < 0) {
	      /* domain died while waiting for event */
	      ret = -1;
	      goto error;
	  }

	  ... possibly start other block jobs
	      or wait for further events ...

	  qemuBlockJobSyncEnd(driver, vm, disk, NULL);

	To perform other tasks periodically while waiting for an event:

	  virQEMUDriverPtr driver;
	  virDomainObjPtr vm; /* locked */
	  virDomainDiskDefPtr disk;
	  virConnectDomainEventBlockJobStatus status;
	  unsigned long long timeout = 500 * 1000ull; /* milliseconds */

	  qemuBlockJobSyncBegin(disk);

	  ... start block job ...

	  do {
	      ... do other task ...

	      if (qemuBlockJobSyncWaitWithTimeout(driver, vm, disk,
	                                          timeout, &status) < 0) {
	          /* domain died while waiting for event */
	          ret = -1;
	          goto error;
	      }
	  } while (status == -1);

	  qemuBlockJobSyncEnd(driver, vm, disk, NULL);

2015-04-29  Michael Chapman  <mike@very.puzzling.org>

	qemuBlockJobEventProcess: move to new source file
	We will want to use synchronous block jobs from qemu_migration as well,
	so split this function out into a new source file.

2015-04-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Validate available slot count for memory devices
	While qemu would reject the configuration we can check whether it makes
	sense to plug the device upfront.

	qemu: command: Validate that memory devices slot ID is in range
	slot id, if specified, has to be less than the slots count.

2015-04-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: conf: Reject memory device if it would exceed configured max size
	If the added memory device would exceed the maximum memory size, reject
	it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1216046

2015-04-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockCopy: Allow reuse of raw image for shallow block copy
	The documentation states that for shallow block copy the image has to
	have the same guest visible content as backing file of the current
	image if the file is being reused. This condition can be achieved also
	with a raw file (or a qcow without a backing file) so remove the
	condition that would disallow it.

	(This patch additionally fixes crash described in
	 https://bugzilla.redhat.com/show_bug.cgi?id=1215569 )

2015-04-28  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: implement domainDetachDevice and domainDetachDeviceFlags
	New functions utilize previosly added prlsdkDelDisk and prlsdkGetDiskIndex

	parallels: add prlsdkDelDisk and prlsdkGetDiskIndex functions

2015-04-28  Martin Kletzander  <mkletzan@redhat.com>

	Fix building virnetserverclientmock with MinGW

2015-04-28  Zhang Bo  <oscar.zhangbo@huawei.com>

	tests: free ChardevInfo correctly in qemumonitorjsontest
	The free callback should be qemuMonitorChardevInfoFree rather
	than just 'free' when virHashCreate'ing the chardevInfo hash.

	==29959== 24 bytes in 2 blocks are definitely lost in loss record 19 of 53
	==29959==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29959==    by 0xB95C679: strdup (in /lib64/libc-2.20.so)
	==29959==    by 0x63C6546: virStrdup (virstring.c:709)
	==29959==    by 0x4805ED: qemuMonitorJSONExtractChardevInfo (qemu_monitor_json.c:3429)
	==29959==    by 0x4807A5: qemuMonitorJSONGetChardevInfo (qemu_monitor_json.c:3479)
	==29959==    by 0x434AEC: testQemuMonitorJSONqemuMonitorJSONGetChardevInfo (qemumonitorjsontest.c:1824)
	==29959==    by 0x436F2F: virtTestRun (testutils.c:211)
	==29959==    by 0x436932: mymain (qemumonitorjsontest.c:2404)
	==29959==    by 0x4382EA: virtTestMain (testutils.c:863)
	==29959==    by 0x436B27: main (qemumonitorjsontest.c:2423)

2015-04-28  Zhang Bo  <oscar.zhangbo@huawei.com>

	qemu: make qemuMonitorChardevInfoFree non-static
	It would be used in qemumonitorjsontest, thus we make it non-static.

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: fs: Ignore volumes that fail to open with EACCESS/EPERM
	Trying to use qemu:///session to create a storage pool pointing at
	/tmp will usually fail with something like:

	$ virsh pool-start tmp
	error: Failed to start pool tmp
	error: cannot open volume '/tmp/systemd-private-c38cf0418d7a4734a66a8175996c384f-colord.service-kEyiTA': Permission denied

	If any volume in an FS pool can't be opened by the daemon, the refresh
	fails, and the pool can't be used.

	This causes pain for virt-install/virt-manager though. Imaging a user
	downloads a disk image to /tmp. virt-manager wants to import /tmp as
	a storage pool, so we can detect what disk format it is, and set the
	XML correctly. However this case will likely fail as explained above.

	Change the logic here to skip volumes that fail to open. This could
	conceivably cause user complaints along the lines of 'why doesn't
	libvirt show $ROOT-OWNED-VOLUME-FOO', but figuring that currently
	the pool won't even startup, I don't think there are any current
	users that care about that case.

	https://bugzilla.redhat.com/show_bug.cgi?id=1103308

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: If driver startup state syncing fails, delete statefile
	If you end up with a state file for a pool that no longer starts up
	or refreshes correctly, the state file is never removed and adds
	noise to the logs everytime libvirtd is started.

	If the initial state syncing fails, delete the statefile.

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: Break out storageDriverLoadPoolState
	Will simplify a future patch

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: Don't leave stale state file if pool startup fails
	After pool startup we call refreshPool(). If that fails, we leave
	a stale pool state file hanging around.

	Hit this trying to create a pool with qemu:///session containing
	root owned files.

2015-04-28  Cole Robinson  <crobinso@redhat.com>

	storage: Fix autostart dir for qemu:///session

2015-04-28  John Ferlan  <jferlan@redhat.com>

	qemu: Remove need for qemuMonitorIOThreadInfoFree
	Replace with just VIR_FREE.

	qemu: qemuProcessDetectIOThreadPIDs invert checks
	If we received zero iothreads from the monitor, but were perhaps
	expecting to receive something, then the code was skipping the check
	to ensure what's in the monitor matches our expectations.  So invert
	the checks to check that what we get back matches expectations and
	then check there are zero iothreads returned.

2015-04-28  John Ferlan  <jferlan@redhat.com>

	qemu: Remove need for qemuDomainParseIOThreadAlias
	Rather than have a separate routine to parse the alias of an iothread
	returned from qemu in order to get the iothread_id value, parse the alias
	when returning and just return the iothread_id in qemuMonitorIOThreadInfoPtr

	This set of patches removes the function, changes the "char *name" to
	"unsigned int" and handles all the fallout.

2015-04-28  John Ferlan  <jferlan@redhat.com>

	conf: Resolve some Coverity errors
	Resolve some Coverity errors with IOThread changes

2015-04-28  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	conf: explicitly initialize 'cpumask' variable
	Build with clang fails with:

	  CC       conf/libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c:13377:9: error: variable 'cpumask' is used
	  uninitialized whenever 'if' condition is true
	  [-Werror,-Wsometimes-uninitialized]
	      if (!(tmp = virXMLPropString(node, "cpuset"))) {
	                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	and many other similar errors regarding the 'cpuset' variable.

	Fix by explicitly initializing it with NULL.

2015-04-28  Laine Stump  <laine@laine.org>

	network: check newDef for used bridge names in addition to def
	If someone has updated a network to change its bridge name, but the
	network is still active (so that bridge name hasn't taken effect yet),
	we still want to disallow another network from taking that new name.

	network: check for bridge name conflict with existing devices
	Since some people use the same naming convention as libvirt for bridge
	devices they create outside the context of libvirt, it is much nicer
	if we check for those devices when looking for a bridge device name to
	auto-assign to a new network.

2015-04-28  Laine Stump  <laine@laine.org>

	network: move auto-assign of bridge name from XML parser to net driver
	We already check that any auto-assigned bridge device name for a
	virtual network (e.g. "virbr1") doesn't conflict with the bridge name
	for any existing libvirt network (via virNetworkSetBridgeName() in
	conf/network_conf.c).

	We also want to check that the name doesn't conflict with any bridge
	device created on the host system outside the control of libvirt
	(history: possibly due to the ploriferation of references to libvirt's
	bridge devices in HOWTO documents all around the web, it is not
	uncommon for an admin to manually create a bridge in their host's
	system network config and name it "virbrX"). To add such a check to
	virNetworkBridgeInUse() (which is called by virNetworkSetBridgeName())
	we would have to call virNetDevExists() (from util/virnetdev.c); this
	function calls ioctl(SIOCGIFFLAGS), which everyone on the mailing list
	agreed should not be done from an XML parsing function in the conf
	directory.

	To remedy that problem, this patch removes virNetworkSetBridgeName()
	from conf/network_conf.c and puts an identically functioning
	networkBridgeNameValidate() in network/bridge_driver.c (because it's
	reasonable for the bridge driver to call virNetDevExists(), although
	we don't do that yet because I wanted this patch to have as close to 0
	effect on function as possible).

	There are a couple of inevitable changes though:

	1) We no longer check the bridge name during
	   virNetworkLoadConfig(). Close examination of the code shows that
	   this wasn't necessary anyway - the only *correct* way to get XML
	   into the config files is via networkDefine(), and networkDefine()
	   will always call networkValidate(), which previously called
	   virNetworkSetBridgeName() (and now calls
	   networkBridgeNameValidate()). This means that the only way the
	   bridge name can be unset during virNetworkLoadConfig() is if
	   someone edited the config file on disk by hand (which we explicitly
	   prohibit).

	2) Just on the off chance that somebody *has* edited the file by hand,
	   rather than crashing when they try to start their malformed
	   network, a check for non-NULL bridge name has been added to
	   networkStartNetworkVirtual().

	   (For those wondering why I don't instead call
	   networkValidateBridgeName() there to set a bridge name if one
	   wasn't present - the problem is that during
	   networkStartNetworkVirtual(), the lock for the network being
	   started has already been acquired, but the lock for the network
	   list itself *has not* (because we aren't adding/removing a
	   network). But virNetworkBridgeInuse() iterates through *all*
	   networks (including this one) and locks each network as it is
	   checked for a duplicate entry; it is necessary to lock each network
	   even before checking if it is the designated "skip" network because
	   otherwise some other thread might acquire the list lock and delete
	   the very entry we're examining. In the end, permitting a setting of
	   the bridge name during network start would require that we lock the
	   entire network list during any networkStartNetwork(), which
	   eliminates a *lot* of parallelism that we've worked so hard to
	   achieve (it can make a huge difference during libvirtd startup). So
	   rather than try to adjust for someone playing against the rules, I
	   choose to instead give them the error they deserve.)

	3) virNetworkAllocateBridge() (now removed) would leak any "template"
	   string set as the bridge name. Its replacement
	   networkFindUnusedBridgeName() doesn't leak the template string - it
	   is properly freed.

2015-04-27  Laine Stump  <laine@laine.org>

	test: Fix actual vs. expected in virtTestCompareFiles
	Commit ca329299 added a utility function virtTestCompareFiles() to
	eliminate repetitive code in several test programs. It unfortunately
	calls virtTestDifference() with the arguments in the wrong order -
	strcontent is the "actual" output gathered by the test rig, while
	filecontent is the "expected", and virtTestDifference() wants expected
	(filecontent) followed by actual (strcontent), but
	virtTestCompareFiles() does the opposite, which can make the output a
	bit confusing when there is a failure.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity DEADCODE
	Coverity notes that the switch() used to check 'connected' values has
	two DEADCODE paths (_DEFAULT & _LAST).  Since 'connected' is a boolean
	it can only be one or the other (CONNECTED or DISCONNECTED), so it just
	seems pointless to use a switch to get "all" values.  Convert to if-else

2015-04-27  John Ferlan  <jferlan@redhat.com>

	virsh: Add iothreadadd and iothreaddel commands
	https://bugzilla.redhat.com/show_bug.cgi?id=1161617

	Add command to allow adding and removing IOThreads from the domain including
	the configuration and live domain.

	$ virsh iothreadadd --help
	  NAME
	    iothreadadd - add an IOThread to the guest domain

	  SYNOPSIS
	    iothreadadd <domain> <id> [--config] [--live] [--current]

	  DESCRIPTION
	    Add an IOThread to the guest domain.

	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--id] <number>  iothread for the new IOThread
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain

	$ virsh iothreaddel --help
	  NAME
	    iothreaddel - delete an IOThread from the guest domain

	  SYNOPSIS
	    iothreaddel <domain> <id> [--config] [--live] [--current]

	  DESCRIPTION
	    Delete an IOThread from the guest domain.

	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--id] <number>  iothread_id for the IOThread to delete
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain

	Assuming a running $dom with multiple IOThreads assigned and that
	that the $dom has disks assigned to IOThread 1 and IOThread 2:

	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1

	$ virsh iothreadadd $dom 1
	error: invalid argument: an IOThread is already using iothread_id '1' in iothreadpids

	$ virsh iothreadadd $dom 1 --config
	error: invalid argument: an IOThread is already using iothread_id '1' in persistent iothreadids

	$ virsh iothreadadd $dom 4
	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1
	  4               0-3

	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1

	$ virsh iothreadadd $dom 4 --config
	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	  ---------------------------------------------------
	    1               2
	    2               3
	    3               0-1
	    4               0-3

	Assuming the same original configuration

	$ virsh iothreaddel $dom 1
	error: invalid argument: cannot remove IOThread 1 since it is being used by disk 'vde'

	$ virsh iothreaddel $dom 3

	$ virsh iothreadinfo $dom
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3

	$ virsh iothreadinfo $dom --config
	 IOThread ID     CPU Affinity
	 ---------------------------------------------------
	  1               2
	  2               3
	  3               0-1

2015-04-27  John Ferlan  <jferlan@redhat.com>

	qemu: Add support to Add/Delete IOThreads
	Add qemuDomainAddIOThread and qemuDomainDelIOThread in order to add or
	remove an IOThread to/from the host either for live or config optoins

	The implementation for the 'live' option will use the iothreadpids list
	in order to make decision, while the 'config' option will use the
	iothreadids list.  Additionally, for deletion each may have to adjust
	the iothreadpin list.

	IOThreads are implemented by qmp objects, the code makes use of the existing
	qemuMonitorAddObject or qemuMonitorDelObject APIs.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	domain: Introduce virDomainIOThreadSchedDelId
	We're about to allow IOThreads to be deleted, but an iothreadid may be
	included in some domain thread sched, so add a new API to allow removing
	an iothread from some entry.

	Then during the writing of the threadsched data and an additional check
	to determine whether the bitmap is all clear before writing it out.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	remote: Add support for AddIOThread and DelIOThread
	Add remote support for the add/delete IOThread API's

	Implement virDomainAddIOThread and virDomainDelIOThread
	Add libvirt API's to manage adding and deleting IOThreads to/from the
	domain

	conf: Adjust the iothreadsched expectations
	With iothreadid's allowing any 'id' value for an iothread_id, the
	iothreadsched code needs a slight adjustment to allow for "any"
	unsigned int value in order to create the bitmap of ids that will
	have scheduler adjustments. Adjusted the doc description as well.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	Move iothreadspin information into iothreadids
	Remove the iothreadspin array from cputune and replace with a cpumask
	to be stored in the iothreadids list.

	Adjust the test output because our printing goes in order of the iothreadids
	list now.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	conf: Move virDomainPinIsDuplicate and make static
	Since it's only ever referenced in domain_conf.c, make the function
	static, but also will need to move it to somewhere before it's referenced
	rather than forward referencing it.

2015-04-27  John Ferlan  <jferlan@redhat.com>

	qemu: Use domain iothreadids to IOThread's 'thread_id'
	Add 'thread_id' to the virDomainIOThreadIDDef as a means to store the
	'thread_id' as returned from the live qemu monitor data.

	Remove the iothreadpids list from _qemuDomainObjPrivate and replace with
	the new iothreadids 'thread_id' element.

	Rather than use the default numbering scheme of 1..number of iothreads
	defined for the domain, use the iothreadid's list for the iothread_id

	Since iothreadids list keeps track of the iothread_id's, these are
	now used in place of the many places where a for loop would "know"
	that the ID was "+ 1" from the array element.

	The new tests ensure usage of the <iothreadid> values for an exact number
	of iothreads and the usage of a smaller number of <iothreadid> values than
	iothreads that exist (and usage of the default numbering scheme).

2015-04-27  John Ferlan  <jferlan@redhat.com>

	conf: Add new domain XML element 'iothreadids'
	Adding a new XML element 'iothreadids' in order to allow defining
	specific IOThread ID's rather than relying on the algorithm to assign
	IOThread ID's starting at 1 and incrementing to iothreads count.

	This will allow future patches to be able to add new IOThreads by
	a specific iothread_id and of course delete any exisiting IOThread.

	Each iothreadids element will have 'n' <iothread> children elements
	which will have attribute "id".  The "id" will allow for definition
	of any "valid" (eg > 0) iothread_id value.

	On input, if any <iothreadids> <iothread>'s are provided, they will
	be marked so that we only print out what we read in.

	On input, if no <iothreadids> are provided, the PostParse code will
	self generate a list of ID's starting at 1 and going to the number
	of iothreads defined for the domain (just like the current algorithm
	numbering scheme).  A future patch will rework the existing algorithm
	to make use of the iothreadids list.

	On output, only print out the <iothreadids> if they were read in.

2015-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup parameters for mock libraries
	All the libraries use same parameters when building, why not have it in
	one place at the begining of the Makefile.

	This will also ensure no new mock library will have a problem with
	missing e.g. MINGW_EXTRA_LDFLAGS.

2015-04-27  Michal Privoznik  <mprivozn@redhat.com>

	Cleanup srcdir usage
	In a lot places we use path like this:

	  $(srcdir)/../src/....

	when in fact it can be:

	  $(top_srcdir)/src/

2015-04-27  zhang bo  <oscar.zhangbo@huawei.com>

	util: fix memleak in virStorageSourceClear
	snapshot and configFile are not freed, free them.

2015-04-27  Pavel Fedin  <p.fedin@samsung.com>

	Add missing linker flags for MinGW build
	This fix should completely close
	https://bugzilla.redhat.com/show_bug.cgi?id=1214605

2015-04-27  John Ferlan  <jferlan@redhat.com>

	storage: Resolve Coverity UNINIT
	commit id '1e13eff4' didn't init found when changed from a bool to
	an int in virStoragePoolFCRefreshThread and Coverity...

2015-04-27  Michal Privoznik  <mprivozn@redhat.com>

	openvz: Drop useless domain lookup
	The lookup is just for check whether a domain we are about to add does
	not already exists. Well, the virDomainObjListAdd() function does that
	for us already so there's no need to duplicate the check.

2015-04-27  Martin Kletzander  <mkletzan@redhat.com>

	Fix check for return value of qemuDomainAgentAvailable()
	Commit dcbb243bbc3470431d15cec4c5bb96d2de89a88b used the return value of
	the function as int even though it returns bool.

2015-04-27  Zhang Bo  <oscar.zhangbo@huawei.com>

	conf: fix memleak in virDomainHostdevDefClear
	use virNetworkRouteDefFree() instead of VIR_FREE to free routes, otherwise
	the element 'family' would not be freed.

	conf: fix memleak in virDomainNetIpParseXML
	use cleanup instead of error, so that the allocated strings could also get freed
	when there's no error.

	qemu: fix memleak in virCapabilitiesDomainDataLookup
	virBufferContentAndReset() doesn't free buf contents, we should use
	virBufferFreeAndReset() to get buf freed.

	qemu: fix memleaks in qemuBuildCommandLine
	free boot_opts_str and boot_order_str both in normal and error paths.

	util: fix memleak in virFindSCSIHostByPCI
	free buf in cleanup.

	tests: fix some memleaks in tests

2015-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix comment for timeDelta

2015-04-27  zhang bo  <oscar.zhangbo@huawei.com>

	Fix typo in comment about memory binding
	rather then -> rather than

2015-04-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Connect to guest agent after channel hotplug
	If a user hot-attaches the guest agent channel libvirt would ignore it
	until the restart of libvirtd or shutdown/destroy and start of the VM
	itself.

	This patch adds code that opens or closes the guest agent connection
	according to the state of the guest agent channel according to
	connect/disconnect events.

	To allow opening the channel from the event handler qemuConnectAgent
	needed to be exported.

2015-04-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: agent: Differentiate errors when the agent channel was hotplugged
	When the guest agent channel gets hotplugged to a VM, libvirt would
	still report that "QEMU guest agent is not configured" rather than
	stating that the connection was not established yet.

	Currently the code won't be able to connect to the agent after hotplug
	but that will change in a later patch.

	As the qemuFindAgentConfig() helper is quite helpful in this case move
	it to a more usable place and export it.

2015-04-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reuse qemuDomainAgentAvailable in qemuDomainInterfaceAddresses

	qemu: Fix domain object leak in qemuDomainInterfaceAddresses
	The API didn't use virDomainObjEndAPI to release the domain object thus
	it leaked a reference to it.

	qemu: agent: Reuse virJSONValueObjectCreateVArgs in qemuAgentMakeCommand
	Since the code is now separated into the common helper, we can reuse it
	instead of maintaining two copies.

2015-04-24  Olaf Hering  <olaf@aepfle.de>

	libxl: remove duplicate check for pci subsystem type
	Both attach and detach functions get called only if the type matches.

	Cc: Jim Fehlig <jfehlig@suse.com>

2015-04-24  Olaf Hering  <olaf@aepfle.de>

	libxl: use pci init and dispose functions
	Rearrange code so that the local variable is always initialized and
	disposed.

	Cc: Jim Fehlig <jfehlig@suse.com>

2015-04-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: initialize sdl.opengl defbool in libxlMakeVfb
	Commit bf32462b missed initializing sdl.opengl.  Without the
	initialization, libvirtd will be terminated by an assert from libxl:

	Assertion `!libxl_defbool_is_default(db)' failed.

	Reported-by: Olaf Hering <olaf@aepfle.de>

2015-04-24  Olaf Hering  <olaf@aepfle.de>

	libxl: initialize vfb defbools in libxlMakeVfb
	If the domU configu has sdl enabled libvirtd crashes:
	libvirtd[5158]: libvirtd: libxl.c:343: libxl_defbool_val:
	Assertion `!libxl_defbool_is_default(db)' failed.

	Initialize the relevant defbool variables in libxl_device_vfb.

	Cc: Jim Fehlig <jfehlig@suse.com>

2015-04-24  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix crash in prlsdkAddNet in case of CT definition
	Since net->model is not defined for containers we shouldn't touch it.
	In case network adapter model is defined, a warning about ignoring
	it is shown.

2015-04-24  John Ferlan  <jferlan@redhat.com>

	virhostdev: Fix comments for virHostdevReAttachPCIDevices
	Pushed previous patch (commit id 'd45dadae6') too quickly...

	The patch just updates the patch from Laine's suggestions.

2015-04-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build in tests
	Commit ca32929 caused build errors in bhyvexml2argvtest.c because of
	some undefined variables.

	Pushing under the build breaker rule.

2015-04-24  Huanle Han  <hanxueluo@gmail.com>

	hostdev: fix net config restore error
	Fix for such a case:
	1. Domain A and B xml contain the same SRIOV net hostdev(<interface
	type='hostdev' /> with same pci address).
	2. virsh start A (Successfully, and configure the SRIOV net with
	custom mac)
	3. virsh start B (Fail because of the hostdev used by domain A or other
	reason.)
	In step 3, 'virHostdevNetConfigRestore' is called for the hostdev
	which is still used by domain A. It makes the mac/vlan of the SRIOV net
	change.

	Code Change in this fix:
	1. As the pci used by other domain have been removed from
	'pcidevs' in previous loop, we only restore the nic config for
	the hostdev still in 'pcidevs'(used by this domain)
	2. update the comments to make it more clear

2015-04-24  Huanle Han  <hanxueluo@gmail.com>

	hostdev: Create virHostdevIsPCINetDevice
	Refactor some code to create a static function virHostdevIsPCINetDevice
	which will detect whether the hostdev is a pci net device or not.

2015-04-24  Cole Robinson  <crobinso@redhat.com>

	qemu: Build nvram directory at driver startup
	Similar to what was done for the channel socket in the previous commit.

2015-04-24  Cole Robinson  <crobinso@redhat.com>

	qemu: Build channel autosocket directory at driver startup
	Rather than depend on the RPM to put it in place, since this doesn't
	cover the qemu:///session case. Currently auto allocated socket path is
	completely busted with qemu:///session

	https://bugzilla.redhat.com/show_bug.cgi?id=1105274

	And because we chown the directory at driver startup now, this also fixes
	autosocket startup failures when using user/group=root

	https://bugzilla.redhat.com/show_bug.cgi?id=1044561
	https://bugzilla.redhat.com/show_bug.cgi?id=1146886

2015-04-24  Cole Robinson  <crobinso@redhat.com>

	qemu: chown autoDumpPath on driver startup
	Not sure if this is required, but it makes things consistent with the
	rest of the directories.

	qemu: conf: Clarify paths that are relative to libDir
	Rather than duplicate libDir for each new path

	tests: qemu: Couple aarch64 CPU tests
	- Make sure aarch64 host-passthrough works correctly
	- Make sure libvirt doesn't choke on cpu model=host, which is what
	  virt-install/virt-manager were incorrectly specifying up until recently.

2015-04-24  Jiri Denemark  <jdenemar@redhat.com>

	migration: Usable time statistics without requiring NTP
	virDomainGetJobStats is able to report statistics of a completed
	migration, however to get usable downtime and total time statistics both
	hosts have to keep synchronized time. To provide at least some
	estimation of the times even when NTP daemons are not running on both
	hosts we can just ignore the time needed to transfer a migration cookie
	to the destination host. The result will be also inaccurate but a bit
	more predictable. The total/down time will just be at least what we
	report.

	https://bugzilla.redhat.com/show_bug.cgi?id=1213434

2015-04-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix memory leak in virNetSocketNewConnectUNIX
	==26726==    by 0x673CD67: __vasprintf_chk (vasprintf_chk.c:80)
	==26726==    by 0x5673605: UnknownInlinedFun (stdio2.h:210)
	==26726==    by 0x5673605: virVasprintfInternal (virstring.c:476)
	==26726==    by 0x56736EE: virAsprintfInternal (virstring.c:497)
	==26726==    by 0x5680C37: virGetUserRuntimeDirectory (virutil.c:866)
	==26726==    by 0x5783A89: virNetSocketNewConnectUNIX (virnetsocket.c:572)
	==26726==    by 0x57751AF: virNetClientNewUNIX (virnetclient.c:344)
	==26726==    by 0x57689B3: doRemoteOpen (remote_driver.c:895)
	==26726==    by 0x5769F8E: remoteConnectOpen (remote_driver.c:1195)
	==26726==    by 0x57092DF: do_open (libvirt.c:1189)
	==26726==    by 0x570A7BF: virConnectOpenAuth (libvirt.c:1341)

	https://bugzilla.redhat.com/show_bug.cgi?id=1215042

2015-04-24  Pavel Hrdina  <phrdina@redhat.com>

	build: add pragma directive to fix build on some gcc
	Commit 1268820a removed obsolete index() function and replaced it by
	strchr.  Few versions of gcc has a bug and reports a warning about
	strchr:

	../../src/util/virstring.c:1006: error: logical '&&' with non-zero
	constant will always evaluate as true [-Wlogical-op]

2015-04-24  Michal Privoznik  <mprivozn@redhat.com>

	uml: s/virDomainObjListFindByID/virDomainObjListFindByUUID/
	ListFindByID() still requires to step through items in the hash table
	(in the worst case scenario through all of them), lock each one and
	compare whether we've found what we're looking for. This is suboptimal
	as locking a domain object means we need to wait for the current API
	running over the object to finish.

	Unfortunately, we can't drop the function completely because we have
	this public API virDomainLookupByID which we can't drop.

2015-04-24  Michal Privoznik  <mprivozn@redhat.com>

	virDomainObjList: Introduce yet another hash table
	This hash table will contain the same data as already existing one.
	The only difference is that while the first table uses domain uuid as
	key, the new table uses domain name. This will allow much faster (and
	lockless) lookups by domain name.

	virDomainObjListFindByName: Return referenced object
	Every domain that grabs a domain object to work over should
	reference it to make sure it won't disappear meanwhile.

	Introduce virDomainObjEndAPI
	This is basically turning qemuDomObjEndAPI into a more general
	function. Other drivers which gets a reference to domain objects may
	benefit from this function too.

	virDomainObjListNew: Use virObjectFreeHashData
	There's no point in duplicating virObjectFreeHashData() in a separate
	function.

	virDomainObjListAddLocked: s/false/NULL/ for @oldDef
	It's a pointer after all. We should initialize it to NULL instead of
	false.

2015-04-24  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement .domainGetMaxMemory
	Since we haven't implemented balloon parameters tuning
	we can just return amount of memory in this function.

2015-04-24  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Apparmor: allow reading block-rbd.so

	Allow access to vendor and device file for PCI device passthrough
	For some devices, the $PCIDIR/vendor and $PCIDIR/device need to be
	read. Iterate over them to get them as well in the the generated
	apparmor profile.

2015-04-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Fix priorities when setting emulatorpin
	Use the custom emulator pin setting with the highest priority same as
	with vcpupin.

2015-04-23  Cole Robinson  <crobinso@redhat.com>

	tests: Add VIR_TEST_REGENERATE_OUTPUT
	If this enviroment variable is set, the virTestCompareToFile helper
	will overwrite the file content we are comparing against, if the
	file doesn't exist or it doesn't match the expected input.

	This is useful when adding new test cases, or making changes that
	generate a lot of output churn.

2015-04-23  Cole Robinson  <crobinso@redhat.com>

	tests: Add virtTestCompareToFile
	Replaces a common pattern used in many test files

	tests: Use *DefParseFile more

	tests: Add VIR_TEST_DEBUG and VIR_TEST_VERBOSE
	To remove a bunch of TestGetDebug()/TestGetVerbose() checks

2015-04-23  Eric Blake  <eblake@redhat.com>

	build: avoid obsolete index()
	Commit 2a530a3e5 is not portable to mingw, which intentionally
	avoids declaring the obsolete index().  See also:
	https://bugzilla.redhat.com/show_bug.cgi?id=1214605

	* src/util/virstring.c (virStringStripControlChars): Use strchr.

2015-04-23  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix IS_CT macro
	CT stands for containers, i.e. def->os.type should be compared with VIR_DOMAIN_OSTYPE_EXE
	rather than VIR_DOMAIN_OSTYPE_HVM

2015-04-23  Michal Privoznik  <mprivozn@redhat.com>

	parallels_sdk: Utilize parallelsDomObjFromDomain()
	Instead of each API copying the same lines of code, lets use the
	generic function designed just for that purpose.

	parallels_driver: Utilize parallelsDomObjFromDomain()
	Instead of each API copying the same lines of code, lets use the
	generic function designed just for that purpose. At the same time,
	drop useless connection object locking in some functions.

	parallels: Introduce parallelsDomObjFromDomain()
	This function is practically copied over from qemu driver. Its
	only purpose in life is to lookup a domain object and print an
	error if no object is found.

	struct _parallelsConn: Mark @domains as immutable pointer
	The pointer does not change throughout the while life of a
	parallels connection. Mark it as such.

2015-04-23  Daniel P. Berrange  <berrange@redhat.com>

	rng: fix port number range validation
	The PortNumber data type is declared to derive from 'short'.
	Unfortunately this is an signed type, so validates the range
	[-32,768, 32,767] which excludes valid port numbers between
	32767 and 65535.

	We can't use 'unsignedShort', since we need -1 to be a valid
	port number too.

	This change is to use 'int' and set an explicit max boundary
	instead of relying on the data types' built-in max.

	One of the existing tests is changed to use a high port number
	to validate the schema.

	https://bugzilla.redhat.com/show_bug.cgi?id=1214664

2015-04-23  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: Don't fail to reboot domains with unresponsive agent
	just as what b8e25c35d7f80a2fadc0e51e95318e39db3d1687 did, we
	fall back to the ACPI method when the guest agent is unresponsive
	in qemuDomainReboot().

2015-04-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build in tests
	Commit 835cf84 dropped expectedVirtTypes argument for
	virDomainDefParse*() functions, however bhyve tests still try to pass
	that to virDomainDefParseFile(), therefore build fails.

	Fix build by fixing virDomainDefParseFile() usage.

2015-04-23  Cole Robinson  <crobinso@redhat.com>

	spec: Point fedora --with-loader-nvram at nightly firmware repo
	Fedora doesn't ship OVMF/AAVMF builds in its repos due to licensing
	issues, so the recommended way to consume these bits is via Gerd's
	nightly repo: https://www.kraxel.org/repos

	Let's teach fedora builds about the loader/nvram pairs these packages
	installed, so users don't need to edit qemu.conf to get virt-manager
	UEFI support.

2015-04-22  Cole Robinson  <crobinso@redhat.com>

	configure: Report --with-loader-nvram value in summary

2015-04-22  Jim Fehlig  <jfehlig@suse.com>

	locking: relax PID requirement
	Some hypervisors like Xen do not have PIDs associated with domains.
	Relax the requirement for PID != 0 in the locking code so it can
	be used by hypervisors that do not represent domains as a process
	running on the host.

2015-04-22  Cole Robinson  <crobinso@redhat.com>

	spec: Fix libxl build with driver modules

	configure: Fix --loader-nvram typo

2015-04-22  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: don't forget to unlock domain after successful virDomainObjListFindByUUID call
	Also a typo is fixed (s/detached/attached/)

	Signed-off-by: Maxim Nestratov mnestratov@parallels.com

2015-04-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vircommand: fix polling in virCommandProcessIO
	When running on FreeBSD, there's a bug in virCommandProcessIO
	polling that is triggered by the commandtest.

	A test that triggers EPIPE in commandtest (named "test20") hungs
	forever on FreeBSD.

	Apparently, this happens because FreeBSD sets POLLHUP flag on revents
	when stdin in closed. And as the current implementation only checks for
	POLLOUT and POLLERR, it ends up looping forever inside
	virCommandProcessIO and not trying to do one more write() that would
	trigger EPIPE.

	To fix that check for the POLLHUP flag along with POLLOUT and POLLERR.

2015-04-22  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Improve error message when requesting image above 'start'
	When a user would specify a backing chain index that is above the start
	point libvirt would report a rather unhelpful error:

	invalid argument: could not find backing store 1 in chain for 'sub/link2'

	This patch adds an explicit check that the index is below start point in
	the backing store and reports the following error if not:

	invalid argument: requested backing store index 1 is above 'sub/../qcow2' in chain for 'sub/link2'

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177062

2015-04-22  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add hint to error message that indexed access was used

	util: storage: Fix possible crash when source path is NULL
	Some storage protocols allow to have the @path field in struct
	virStorageSource set to NULL. Add NULLSTR() wrappers to handle this
	possibility until I finish the storage source error formatter.

	util: command: Deduplicate code in virCommandNewArgList
	virCommandNewArgList can use virCommandNewVAList.

	qemu: migration: Refactor hostdev validation in migration check
	The hostdev check can error out right away.

2015-04-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: fix build on non-Linux
	Build fails on non-Linux systems with this error:

	  CC       util/libvirt_util_la-virnetdev.lo
	util/virnetdev.c:364:1: error: unused function 'virNetDevReplaceMacAddress' [-Werror,-Wunused-function]
	virNetDevReplaceMacAddress(const char *linkdev,
	^
	util/virnetdev.c:406:1: error: unused function 'virNetDevRestoreMacAddress' [-Werror,-Wunused-function]
	virNetDevRestoreMacAddress(const char *linkdev,
	^
	2 errors generated.

	The virNetDev{Restore,Replace}MacAddress() functions are only used
	by VF-related routines that are available on Linux only. So move these
	functions under the same #ifdef.

2015-04-22  Michal Privoznik  <mprivozn@redhat.com>

	processNicRxFilterChangedEvent: Take appropriate actions for NET_TYPE_NETWORK too
	Because packets going through the egress from a bridge (where our
	bandwidth limiting takes place) have no information about which
	interface they came from, the QoS rules that we create instead
	use the source MAC address of the packets to make their decisions
	about which QDisc the packet should be in.

	One flaw in this is that when a guest changed the MAC address it
	used, packets from the guest would no longer be put into the
	correct QDisc, but would instead be put in an "unprivileged"
	class, resulting in the bandwidth "floor" (minimum guaranteed)
	being no longer honored.

	Now that libvirt has infrastructure to capture and respond to
	RX_FILTER_CHANGE events from qemu (sent whenever a guest
	interface modifies its MAC address, among other things), we can
	notice when a guest MAC address changes, and update the QoS rules
	accordingly, so that bandwidth floor is honored even after a
	guest MAC address change.

2015-04-22  Michal Privoznik  <mprivozn@redhat.com>

	virDomainActualNetDefContentsFormat: Format class_id only for status XML
	In one of my previous patches (b68a56bcfe) I made class_id to
	format more frequently. Well, now it's formatting way too
	frequent - even for regular active XML. Users don't need to see
	it, so lets format it only for the status XML where it's really
	needed.

2015-04-22  Luyao Huang  <lhuang@redhat.com>

	qemu: Fix issues with maxMemory in qemuDomainSetMemoryFlags()
	qemuDomainSetMemoryFlags() would allow to set the initial memory greater
	than the <maxMemory> field. While the configuration would not work as
	memory hotplug requires NUMA to be enabled and the
	qemuDomainSetMemoryFlags() API does not work on NUMA guests this just
	fixes a corner case.

	The fix is still worth though as it allows to induce an invalid
	configuration and make the VM vanish on libvirt restart.

	Additionally this tweaks error message to be more accurate.

2015-04-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: Introduce configuration file for libxl driver
	Introduce libxl.conf configuration file, adding the 'autoballoon'
	setting as the first knob for controlling the libxl driver.

2015-04-21  Laine Stump  <laine@laine.org>

	qemu: set macvtap physdevs online when macvtap is set online
	A further fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1113474

	Since there is no possibility that any type of macvtap will work if
	the parent physdev it's attached to is offline, we should bring the
	physdev online at the same time as the macvtap. When taking the
	macvtap offline, it's also necessary to take the physdev offline for
	macvtap passthrough mode (because the physdev has the same MAC address
	as the macvtap device, so could potentially cause problems with
	misdirected packets during migration, as outlined in commits 829770
	and 879c13). We can't set the physdev offline for other macvtap modes
	1) because there may be other macvtap devices attached to the same
	physdev (and/or the host itself may be using the device) in the other
	modes whereas passthrough mode is exclusive to one macvtap at a time,
	and 2) there's no practical reason to do so anyway.

2015-04-21  Laine Stump  <laine@laine.org>

	util: set MAC address for VF via netlink message to PF+VF# when possible
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1113474

	When we set the MAC address of a network device as a part of setting
	up macvtap "passthrough" mode (where the domain has an emulated netdev
	connected to a host macvtap device that has exclusive use of the
	physical device, and sets the device MAC address to match its own,
	i.e. "<interface type='direct'> <source mode='passthrough' .../>"), we
	use ioctl(SIOCSIFHWADDR) giving it the name of that device. This is
	true even if it is an SRIOV Virtual Function (VF).

	But, when we are setting the MAC address / vlan ID of a VF in
	preparation for "hostdev network" passthrough (this is where we set
	the MAC address and vlan id of the VF after detaching the host net
	driver and before assigning the device to the domain with PCI
	passthrough, i.e. "<interface type='hostdev'>", we do the setting via
	a netlink RTM_SETLINK message for that VF's Physical Function (PF),
	telling it the VF# we want to change. This sets an "administratively
	changed MAC" flag for that VF in the PF's driver, and from that point
	on (until the PF driver is reloaded, *not* merely the VF driver) that
	VF's MAC address can't be changed using ioctl(SIOCSIFHWADDR) - the
	only way to change it is via the PF with RTM_SETLINK.

	This means that if a VF is used for hostdev passthrough, it will have
	the admin flag set, and future attempts to use that VF for macvtap
	passthrough will fail.

	The solution to this problem is to check if the device being used for
	macvtap passthrough is actually a VF; if so, we use the netlink
	RTM_SETLINK message to the PF to set the VF's mac address instead of
	ioctl(SIOCSIFHWADDR) directly to the VF; if not, behavior does not
	change from previously.

	There are three pieces to making this work:

	1) virNetDevMacVLan(Create|Delete)WithVPortProfile() now call
	   virNetDev(Replace|Restore)NetConfig() rather than
	   virNetDev(Replace|Restore)MacAddress() (simply passing -1 for VF#
	   and vlanid).

	2) virNetDev(Replace|Restore)NetConfig() check to see if the device is
	   a VF. If so, they find the PF's name and VF#, allowing them to call
	   virNetDev(Replace|Restore)VfConfig().

	3) To prevent mixups when detaching a macvtap passthrough device that
	   had been attached while running an older version of libvirt,
	   virNetDevRestoreVfConfig() is potentially given the preserved name
	   of the VF, and if the proper statefile for a VF can't be found in
	   the stateDir (${stateDir}/${pfname}_vf${vfid}),
	   virNetDevRestoreMacAddress() is called instead (which will look in
	   the file named ${stateDir}/${vfname}).

	This problem has existed in every version of libvirt that has both
	macvtap passthrough and interface type='hostdev'. Fortunately people
	seem to use one or the other though, so it hasn't caused any real
	world problem reports.

2015-04-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Always refresh capabilities if no <guests> found
	- Remove all qemu emulators
	- Restart libvirtd
	- Install qemu emulators
	- Call 'virsh version' -> errors

	The only thing that will force the qemu driver to refresh it's cached
	capablities info is an explict API call to GetCapabilities.

	However in the case when the initial caps lookup at driver connect didn't
	find a single qemu emulator to poll, the driver is effectively useless
	and really can't do anything until it's populated some qemu capabilities
	info.

	With the above steps, the user would have to either know about the
	magic refresh capabilities call, or restart libvirtd to pick up the
	changes.

	Instead, this patch changes things so that every time a part of th
	driver requests access to capabilities info, check to see if
	we've previously seen any emulators. If not, force a refresh.

	In the case of 'still no emulators found', this is still very quick, so
	I can't think of a downside.

	https://bugzilla.redhat.com/show_bug.cgi?id=1000116

2015-04-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vircapstest: fix build without LXC, QEMU or XEN
	When building without lxc support enabled, build fails with:

	CLD     vircapstest
	vircapstest.o: In function `test_virCapsDomainDataLookupLXC':
	vircapstest.c:(.text+0x9ef): undefined reference to `testLXCCapsInit'

	Fix that by hiding LXC tests under appropriate #ifdef. Same applies
	for QEMU and XEN.

2015-04-21  John Ferlan  <jferlan@redhat.com>

	scsi: Adjust return values from processLU
	https://bugzilla.redhat.com/show_bug.cgi?id=1171933

	Adjust the processLU error returns to be a bit more logical. Currently,
	the calling code cannot determine the difference between a non disk/lun
	volume and a processed/found disk/lun. It can also not differentiate
	between perhaps real/fatal error and one that won't necessarily stop
	the code from finding other volumes.

	After this patch virStorageBackendSCSIFindLUsInternal will stop processing
	as soon as a "fatal" message occurs rather than continuting processing
	for no apparent reason. It will also only set the *found value when
	at least one of the processLU's was successful.

	With the failed return, if the reason for the stop was that the pool
	target path did not exist, was /dev, was /dev/, or did not start with
	/dev, then iSCSI pool startup and refresh will fail.

2015-04-21  John Ferlan  <jferlan@redhat.com>

	scsi: Change return values for virStorageBackendSCSIFindLUs
	Rather than passing/returning a pointer to a boolean to indicate that
	perhaps we should try again - adjust the return of the call to return
	the count of LU's found during processing, then let the caller decide
	what to do with that value.

2015-04-21  John Ferlan  <jferlan@redhat.com>

	scsi: Adjust return value for virStorageBackendSCSINewLun
	Use virStorageBackendPoolUseDevPath API to determine whether creation of
	stable target path is possible for the volume.

	This will differentiate a failed virStorageBackendStablePath which won't
	need to be fatal. Thus, we'll add a -2 return value to differentiate that
	the failure was a result of either the inability to find the symlink for
	the device or failure to open the target path directory

2015-04-21  John Ferlan  <jferlan@redhat.com>

	storage: Fix check for stable path check
	Fix the if (!STRPREFIX(path, "/dev")) to be if (!STRPREFIX(path, "/dev/"))
	to ensure a path such as "/device" isn't declared stable.

	storage: Split out the stable path check
	For virStorageBackendStablePath, in order to make decisions in other code
	split out the checks regarding whether the pool's target is empty, using /dev,
	using /dev/, or doesn't start with /dev

2015-04-21  Richard W.M. Jones  <rjones@redhat.com>

	xend: Remove a couple of unused function prototypes.
	Commit 70f446631f142ae92b4d4eb349fcf11408171556 (from 2008) introduced
	some functions for testing whether xend was returning correct sound
	models.  Those functions have long gone, but the function prototypes
	remain.  This commit removes the unused prototypes.

2015-04-21  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Properly free cpu status
	So, in the example the cpu stats are collected within a function
	called do_top. At the beginning of the function we ask the daemon for
	how much vCPUs can we get stats, and how many stats for a vCPU can we
	get. This is because it's how our API works - users are required to
	preallocate a chunk of memory for the results. Now, at the end, we try
	to free the allocated array, but we are not doing it correctly.
	There's this virTypedParamsFree() function which gets a pointer to the
	array and the length of the array. However, if there was an error in
	getting vCPU stats we pass a negative number instead of the originally
	computed value. This flaw results in SIGSEGV:

	libvirt: QEMU Driver error : Requested operation is not valid: domain is not running
	ERROR do_top:333 : Unable to get cpu stats
	==29201== Invalid read of size 4
	==29201==    at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145)
	==29201==    by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165)
	==29201==    by 0x4023C3: do_top (domtop.c:349)
	==29201==    by 0x40260B: main (domtop.c:386)
	==29201==  Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd
	==29201==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29201==    by 0x401FF1: do_top (domtop.c:295)
	==29201==    by 0x40260B: main (domtop.c:386)

2015-04-20  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Drop expectedVirtTypes
	This needs to specified in way too many places for a simple validation
	check. The ostype/arch/virttype validation checks later in
	DomainDefParseXML should catch most of the cases that this was covering.

	caps: Use DomainDataLookup to replace GuestDefault*
	This revealed that GuestDefaultEmulator was a bit buggy, capable
	of returning an emulator that didn't match the passed domain type. Fix
	up the test suite input to continue to pass.

	domain: conf: Use CapabilitiesDomainDataLookup for caps validation
	The strange logic here is just to duplicate the previous behavior,
	which parts of the test suite are currently relying on.

	domain: conf: Do ostype/arch/machine parsing earlier
	Just move this code to where we parse virtType. Lots of things depend
	on os.type values so it should be handled early like virtType.

2015-04-20  Cole Robinson  <crobinso@redhat.com>

	caps: Add virCapabilitiesDomainDataLookup
	This is a helper function to look up all capabilities data for all
	the OS bits that are relevant to <domain>. This is

	- os type
	- arch
	- domain type
	- emulator
	- machine type

	This will be used to replace several functions in later commits.

2015-04-20  Cole Robinson  <crobinso@redhat.com>

	caps: Convert to use VIR_DOMAIN_VIRT internally

	domain: Convert os.type to VIR_DOMAIN_OSTYPE enum

	caps: Switch AddGuest to take VIR_DOMAIN_OSTYPE value
	Rather than an opencoded string. This should be a no-op

	caps: Use an enum internally for ostype value
	But the internal API stays the same, and we just convert the value as
	needed. Not useful yet, but this is the beginning step of using an enum
	for ostype throughout the code.

2015-04-20  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Don't validate VM ostype/arch at daemon startup
	When parsing XML, we validate the passed ostype + arch combo against
	the detected hypervisor capabilities. This has led to the following
	problem:

	- Define x86 qemu guest
	- qemu is inadvertently removed from the host
	- libvirtd is restarted. fails to parse VM config since arch is removed
	- 'virsh list --all' is now empty, user is wondering where their VMs went

	Add a new internal flag VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS. Use
	it when loading VM and snapshot configs from disk.

	https://bugzilla.redhat.com/show_bug.cgi?id=1043572

2015-04-20  Cole Robinson  <crobinso@redhat.com>

	domain: conf: Better errors on bad os <type> values
	If no <os><type> was specified:
	  before: unknown OS type no OS type
	  after : xml error: an os <type> must be specified

	If an <os><type> is specified that's not in our capabiliities data:
	  before: unknown OS type: $type
	  after : unsupported configuration: no support found for os <type> '$type'

	VIR_ERR_OS_TYPE is now unused (as it should be frankly) so drop its strings
	as well to save our translators some effort.

2015-04-20  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: make device addressing consistent
	In Parallels we do not support device name hints
	aka <target dev=../> option and full-fledged device
	disk device addressing through
	<address type=.. controller=.. bus=.. target=.. unit=../>
	and have only one index instead.
	In this situation to be consistent we can only take
	one-to-one mapping from some reasonable subset
	of full address. Values outside this subset are
	invalid to create Parallels VMs.

	Reasonable mapping is default one defined in virDomainDiskDefAssignAddress.

2015-04-20  Nikolay Shirokovskiy  <nshirokovskiy@parallels.com>

	parallels: fix return status for parallelsConnectOpen
	We should return VIR_DRV_OPEN_ERROR in case
	if we handle scheme in query but some
	error occur. Previously we sometimes
	return VIR_DRV_OPEN_DECLINE.

2015-04-20  Luyao Huang  <lhuang@redhat.com>

	lxc: fix starting a domain with non-strict numa memory mode
	 # virsh -c lxc:/// start helloworld
	 error: Failed to start domain helloworld
	 error: internal error: guest failed to start: Unknown
	 failure in libvirt_lxc startup

	Return success when there are no cpuset.mems to be set,
	instead of failing without setting an error.

2015-04-20  Luyao Huang  <lhuang@redhat.com>

	lxc: fix starting a domain with a cpuset but no numatune
	 # virsh -c lxc:/// start helloworld
	 error: Failed to start domain helloworld
	 error: internal error: guest failed to start: Invalid value '1-3'
	 for 'cpuset.mems': Invalid argument

	Free the cpu mask to avoid reusing it as a mem mask
	in virCgroupSetCpusetMems
	if virDomainNumatuneMaybeFormatNodeset does not set a mask.

2015-04-20  Erik Skultety  <eskultet@redhat.com>

	rng: Move sgio attr definition to a separate block
	it might be worth having sgio attribute defined in a separate block the same way
	as rawio attribute.

2015-04-20  Erik Skultety  <eskultet@redhat.com>

	rng: Forbid to validate mismatched <disk> 'device' and 'type' attributes
	According to docs, using 'lun' as a value for device attribute is only valid
	with disk types 'block' and 'network'. However current RNG schema also allows
	a combination type='file' device='lun' which results in a successfull
	xml validation, but fails at qemuBuildCommandLine.
	Besides fixing the RNG schema, this patch also adds a qemuxml2argvtest
	for this case.

	https://bugzilla.redhat.com/show_bug.cgi?id=1210669

2015-04-20  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Apparmor: removed duplicate nscd rules

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	domcaps: Check for architecture more wisely
	https://bugzilla.redhat.com/show_bug.cgi?id=1209948

	So we have this bug. The virConnectGetDomainCapabilities() API
	performs a couple of checks before it produces any result. One of
	the checks is if the architecture requested by user can be run by
	the binary (again user provided). However, the check is pretty
	dumb. It merely compares if the default binary architecture
	matches the one provided by user. However, a qemu binary can run
	multiple architectures. For instance: qemu-system-ppc64 can run:
	ppc, ppcle, ppc64, ppc64le and ppcemb. The default is ppc64, so
	if user requested something else, like ppc64le, the check would
	have failed without obvious reason.

2015-04-17  Martin Kletzander  <mkletzan@redhat.com>

	schema: Allow multiple machines for VMs and unite architectures
	Use the same pattern for all machine types on all archs and same archs
	for hvm and exe types.

2015-04-17  zhang bo  <oscar.zhangbo@huawei.com>

	qemuDomainShutdownFlags: Set fakeReboot more frequently
	When a qemu domain is to be rebooted, from outside, at libvirt
	level it looks like regular shutdown. To really restart the
	domain, libvirt needs to issue reset command on the monitor once
	SHUTDOWN event appeared. So, in order to differentiate bare
	shutdown and reboot libvirt uses a variable within domain private
	data. It's called fakeReboot. When the reboot API is called, the
	variable is set, but when the shutdown API is called it must be
	cleared out. But it was not for every possible case. So if user
	called virDomainReboot(), and there was no ACPI daemon running
	inside the guest (so guest didn't initiated shutdown sequence)
	and then virDomainShutdown(mode=agent) was called bad thing
	happened. We remembered the fakeReboot and instead of shutting
	the domain down, we just rebooted it.

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virNetDevBandwidthUpdateFilter
	This is a simple wrapper around virNetDevBandwidthManipulateFilter() that
	will update the desired filter on an interface (usually a network bridge)
	with a new MAC address. Although, the MAC address in question usually
	refers to some other interface - the one that the filter is constructed
	for. Yeah, hard to parse. Thing is, our NATed network has a bridge where
	some part of QoS takes place. And vNICs from guests are plugged into
	the bridge. However, if a guest decides to change the MAC of its vNIC,
	the corresponding qemu process emits an event which we can use to
	update the QoS configuration based on the new MAC address.. However,
	our QoS hierarchy is currently not notified, therefore it falls apart.
	This function (when called in response to the aforementioned event)
	will update our QoS hierarchy and duct tape it together again.

	virnetdevbandwidth.c: Separate tc filter creation to a function
	Not only this simplifies the code a bit, it prepares the
	environment for upcoming patches. The new
	virNetDevBandwidthManipulateFilter() function is capable of both
	removing a filter and adding a new one. At the same time! Yeah,
	this is not currently used anywhere but look at the next commit
	where you'll see it.

	virNetDevBandwidthSet: Add priority to filter
	Currently, when constructing traffic shaping rules, the ingress
	filter is created without any priority specified on the command
	line. This makes kernel to make up one. While this works, it
	simplifies things a bit if we provide the filter priority. In
	this case, since it's the root filter lets give it the highest
	priority of number 1.

	virDomainActualNetDefContentsFormat: Format class_id more frequently
	After a360912179 the formatting of virDomainActualNetDefPtr was
	changed a bit. However, during the function rewrite, iface's class_id
	is not formatted as frequently as it could be. In fact, after rewrite
	it's formatted only for iface of type VIR_DOMAIN_NET_TYPE_DIRECT where
	it makes no sense and is unused. While where needed (_TYPE_NETWORK) is
	not formatted at all. This makes the daemon forget it upon daemon
	restart resulting in bad behaviour.

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Partly initialize driver even for non-privileged users
	https://bugzilla.redhat.com/show_bug.cgi?id=1211436

	This reverts commit b7829f959b33c6e32422222a9ed745c0da7dc696.

	The previous fix was not correct. Like everywhere else, a driver is a
	global variable allocated in stateInitialize function (or something
	similar for stateless drivers). Later, when a driver API is called,
	it's possible that the global variable is accessed and dereferenced.
	Now, some drivers require root privileges because they undertake some
	actions reserved only for the system admin (e.g. manipulating host
	firewall). And here's the trouble, the NWFilter state initializer
	exited too early when finding out it's running unprivileged, leaving
	the global NWFilter driver variable uninitialized. Any subsequent
	API call that tried to lock the driver resulted in dereferencing the
	driver and thus crash.

	On the other hand, in order to not resurrect the bug the original
	commit was fixing, Let's forbid the nwfilter define in session mode.


	Conflicts:
		src/nwfilter/nwfilter_driver.c: Context. Code changed a bit
	        since 2013.

2015-04-17  Michal Privoznik  <mprivozn@redhat.com>

	virNetSocketNewConnectUNIX: Don't unlink(NULL)
	There is a possibility that we jump onto error label with @lockpath
	still initialized to NULL. Here, the @lockpath should be unlink()-ed,
	but passing there a NULL is not a good idea. Don't do that. In fact,
	we should call unlink() only if we created the lock file successfully.

	Reported-by: John Ferlan <jferlan@redhat.com>

2015-04-17  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: move wireless PHYs to a network namespace
	The 802.11 interfaces can not be moved by themselves, their Phy has to move too.

	If there are other interfaces, they have to move too -- hopefully it's not too
	confusing. This is a less-invasive alternative to defining a new hostdev type
	for PHYs.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: drop virDomainObj lock when destroying a domain
	A destroy operation can take considerable time on large memory
	domains due to scrubbing the domain's memory.  Unlock the
	virDomainObj while libxl_domain_destroy is executing.

	Implement libxlDomainDestroyInternal wrapper to handle unlocking,
	calling destroy, and locking.  Change all callers of
	libxl_domain_destroy to use the wrapper.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: acquire a job when destroying a domain
	A job should be acquired at the beginning of a domain destroy operation,
	not at the end when cleaning up the domain.  Fix two occurrences of this
	late job acquisition in the libxl driver.  Doing so renders
	libxlDomainCleanupJob unused, so it is removed.

	libxl: Move job acquisition in libxlDomainStart to callers
	Let callers of libxlDomainStart decide when it is appropriate to
	acquire a job on the associated virDomainObj.

	libxl: support HVM direct kernel boot
	Add support for HVM direct kernel boot in libxl.  Also add a
	test to verify domXML <-> native conversions.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: don't use "kernel" for hvmloader
	In xl config, hvmloader is implied for hvm guests.  It is not
	specified with the "kernel" option like xm config.  The "kernel"
	option, along with "ramdisk" and "extra", is used for HVM direct
	kernel boot.  Instead of using "kernel" option to populate
	virDomainDef object's os.loader->path, use hvmloader discovered
	when gathering capabilities.

	This change required fixing initialization of capabilities in
	the test utils and removing 'kernel = "/usr/lib/xen/boot/hvmloader"'
	from the test config files.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: move <os> parsing/formating to config-specific files
	xl and xm differ a bit in how <os> configuration is represented.
	E.g. xl config supports <os><nvram .../></os> via its "bios"
	setting.

	Move the xenParseOS and xenFormatOS functions from xen_common.c
	and copy to xen_xl.c and xen_xm.c so they can be customized for
	xm vs xl config.  An unfortunate fallout is reordering of entries
	in the test config files.

2015-04-17  Jim Fehlig  <jfehlig@suse.com>

	xenconfig: remove redunant parsing of device_model
	device_model is parsed in xenParseOS(), then later in
	xenParseConfigCommon().  <emulator> is not part of <os>,
	so makes sense to remove the parsing in xenParseOS().

	xenconfig: export xenConfigCopyString
	Export xenConfigCopyString for use outside of xen_common.c

2015-04-16  Pavel Hrdina  <phrdina@redhat.com>

	virbuffer: fix build on rhel-6
	On rhel-6 is broken gcc that reports this warning:

	util/virbuffer.c:500: error: logical '&&' with non-zero constant will
	    always evaluate as true [-Wlogical-op]

	Move the pragma directive before function virBufferEscapeString because
	since commit aeb5262e this function uses 'strchr' too.

2015-04-16  John Ferlan  <jferlan@redhat.com>

	storage: Refactor virStorageBackendSCSINewLun
	Invert the logical of retval and clean up code paths, especially goto's

2015-04-16  Michael Chapman  <mike@very.puzzling.org>

	virCondWaitUntil: calculate timespec correctly
	ts.tv_nsec was off by a factor of 1000, making timeouts less than a
	second in the future often expiring immediately.

2015-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Refactor and fix monitor checking
	Among all the monitor APIs some where checking if mon is NULL and some
	were not. Since it's possible to have mon equal to NULL in case a second
	call is attempted once entered the monitor. This requires that every
	single API checks for the monitor.

	This patch adds a macro that helps checking the state of the monitor and
	either refactors existing checking code to use the macro or adds it in
	case it was missing.

2015-04-16  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Prefix sysctl configuration filename with a number
	Apparently, files in /usr/lib/sysctl.d are usually prefixed with numbers
	for easier ordering. Let's be consistent with this. I chose 60 for
	libvirtd so that it goes after 50-default.conf.

	https://bugzilla.redhat.com/show_bug.cgi?id=1084876

2015-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: bulk stats: Ignore errors from missing/inaccessible disks
	Rather than erroring out make the best attempt to retrieve other data if
	disks are inaccessible or missing. The failure will still be logged
	though.

	Since the bulk stats API is called on multiple domains an error like
	this makes the API unusable. This regression was introduced by commit
	596a13713420e01b20ce3dc3fdbe06d073682675

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1209394

2015-04-16  Michal Privoznik  <mprivozn@redhat.com>

	RNG schema: allow plain @floor to <bandwidth/>
	The <inbound/> element to <bandwidth/> has several attributes from
	which two are mandatory. Well, from two at least one has to be
	present: @average or @floor or both. Instead of inventing crazy RNG
	schema, let's make all the attributes optional there and rely on our
	parsing code to correctly handle the situation.

	virNetDevBandwidthPlug: Update function description
	The comment is describing arguments passed to the function.
	However, there's no @ifmac argument. In 955af4d4 it was replaced
	with @ifmac_ptr.  Unfortunately, the comment wasn't updated.

2015-04-15  Eric Blake  <eblake@redhat.com>

	tests: fix build on old 32-bit platforms
	gcc 4.1.2 (hello RHEL 5) on 32-bit platforms complains:

	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:627: warning: integer constant is too large for 'long' type
	vircgrouptest.c:628: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:634: warning: integer constant is too large for 'long' type
	vircgrouptest.c:635: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:636: warning: this decimal constant is unsigned only in ISO C90
	vircgrouptest.c:644: warning: integer constant is too large for 'long' type

	* tests/vircgrouptest.c (testCgroupGetPercpuStats): Use ULL suffix.

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Strip control codes in virBufferEscapeString
	These cannot be represented in XML.

	We have been stripping them, but only if the string had
	characters that needed escaping: <>"'&

	Extend the strcspn check to include control codes, and strip
	them even if we don't do any escaping.

	https://bugzilla.redhat.com/show_bug.cgi?id=1184131
	https://bugzilla.redhat.com/show_bug.cgi?id=1066564

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Ignore storage volumes with control codes in their names
	To prevent generating invalid XML.

	https://bugzilla.redhat.com/show_bug.cgi?id=1066564

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Strip control characters from sysfs attributes
	Including them in the XML makes them unparsable.

	https://bugzilla.redhat.com/show_bug.cgi?id=1184131

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Add functions dealing with control characters in strings
	Add virStringHasControlChars that checks if the string has
	any control characters other than \t\r\n,
	and virStringStripControlChars that removes them in-place.

	tests: rename testStripIPv6BracketsData to testStripData
	For reuse with other Strip* functions.

	Add an example for EVENT_ID_DEVICE_ADDED

	Emit VIR_DOMAIN_EVENT_ID_DEVICE_ADDED in the QEMU driver
	Only for devices that have an alias.

2015-04-15  Ján Tomko  <jtomko@redhat.com>

	Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event
	The counterpart to VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED.

	https://bugzilla.redhat.com/show_bug.cgi?id=1206114

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	Cleanup "/sys/class/net" usage
	Throughout the code, we have several places need to construct a path
	somewhere in /sys/class/net/... They are not consistent and nearly
	each code piece invents its own way how to do it. So unify this by:

	1) use virNetDevSysfsFile() wherever possible

	2) At least use common macro SYSFS_NET_DIR declared in virnetdev.h at
	   the rest of places which can't go with 1)

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add virnetdevtestdata to EXTRA_DIST
	In one of my previous commits (49ed6cff9) I've introduced a test
	among with some files stored under virnetdevtestdata folder.
	While this works perfectly within a git tree, the folder was not
	getting into .tar.gz and therefore the dist-check would fail.

2015-04-15  John Ferlan  <jferlan@redhat.com>

	tests: Resolve Coverity RESOURCE_LEAK
	Commit id 'b77ce18a2' added a new bitmap, but neglected to virBitmapFree it

2015-04-15  Eric Blake  <eblake@redhat.com>

	virsh: fix regression in 'virsh event' by domain
	Commit a0670ae caused a regression in 'virsh event' and
	'virsh qemu-monitor-event' - if a user tries to filter the
	command to a specific domain, an error message is printed:

	$ virsh event dom --loop
	error: internal error: virsh qemu-monitor-event: no domain VSH_OT_DATA option

	and then the command continues as though no domain had been
	supplied (giving events for ALL domains, instead of the
	requested one).  This is because the code was incorrectly
	assuming that all "domain" options would be supplied via a
	mandatory VSH_OT_DATA, even though "domain" is optional for
	these two commands, so we had changed them to VSH_OT_STRING
	to quit failing for other reasons (ever since it was decided
	that VSH_OT_DATA and VSH_OT_STRING should no longer be
	synonyms).

	In looking at the situation, though, the code for looking up
	a domain was making a pointless check for whether the option
	exists prior to finding the option's string value, as
	vshCommandOptStringReq does just fine at reporting any errors
	when looking up a string whether or not the option was present.

	So this is a case of regression fixing by pure code deletion :)

	* tools/virsh-domain.c (vshCommandOptDomainBy): Drop useless filter.
	* tools/virsh-interface.c (vshCommandOptInterfaceBy): Likewise.
	* tools/virsh-network.c (vshCommandOptNetworkBy): Likewise.
	* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
	* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
	* tools/virsh.h (vshCmdHasOption): Drop unused function.
	* tools/virsh.c (vshCmdHasOption): Likewise.

2015-04-15  Peter Krempa  <pkrempa@redhat.com>

	node: udev: Remove some redundant error reports
	All the called functions already report an error.

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	virPidFileConstructPath: Drop useless VIR_FREE()
	If a virAsprintf() within the function fails, we call VIR_FREE()
	over @rundir variable and jump onto cleanup label, where it is
	freed again.  It doesn't hurt, but not make much sense too.

2015-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix qemuMonitorGetAllBlockStatsInfo with HMP
	Commit f6563bc3 introduced HMP impl of the function (so that a different
	uglier function could be removed). Before the HMP code is called there's
	a leftover check that the monitor is JSON which inhibits the code from
	working.

	qemu: monitor: @running in qemuMonitorGetStatus is always non-NULL
	Add the attribute and remove the check.

	qemu: monitor: Don't use 'ret' variable where not necessary
	Quite a lot places set the 'ret' variable just once right before
	returning it's value. Remove such usage.

	qemu: monitor: Ensure that qemuMonitorSetLink is called with non-null name

	qemu: monitor: Sanitize control flow in qemuMonitorSetCapabilities

	qemu: monitor: Clean up coding style
	Fix line spacing between functions, ensure that function return type is
	on a separate line and reflow arguments for VIR_DEBUG statements.

2015-04-15  Michal Privoznik  <mprivozn@redhat.com>

	virNetSocketNewConnectUNIX: Use flocks when spawning a daemon
	https://bugzilla.redhat.com/show_bug.cgi?id=1200149

	Even though we have a mutex mechanism so that two clients don't spawn
	two daemons, it's not strong enough. It can happen that while one
	client is spawning the daemon, the other one fails to connect.
	Basically two possible errors can happen:

	  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': Connection refused

	or:

	  error: Failed to connect socket to '/home/mprivozn/.cache/libvirt/libvirt-sock': No such file or directory

	The problem in both cases is, the daemon is only starting up, while we
	are trying to connect (and fail). We should postpone the connecting
	phase until the daemon is started (by the other thread that is
	spawning it). In order to do that, create a file lock 'libvirt-lock'
	in the directory where session daemon would create its socket. So even
	when called from multiple processes, spawning a daemon will serialize
	on the file lock. So only the first to come will spawn the daemon.

	Tested-by: Richard W. M. Jones <rjones@redhat.com>

2015-04-15  Martin Kletzander  <mkletzan@redhat.com>

	json: export non-static functions
	Two non-static functions in virjson.c were missing their export info in
	libvirt_private.syms, so they couldn't be used anywhere it the code (and
	that's about to get changed).

	Change virConnectPtr into virObjectLocklable
	It already had a virMutex inside, so this is just a cleanup.

	closeCallback is already lockable, initialize it as such
	Luckily we are allocating structs as clean memory and
	PTHREAD_MUTEX_INITIALIZER is "{ 0 }", so nothing happened, but it should
	still be created as lockable object.

	configure: Align messages
	The first two were a bit off.

2015-04-15  John Ferlan  <jferlan@redhat.com>

	storage: Add duplicate devices check for zfs pool def
	Check proposed pool definitions to ensure they aren't trying to use the
	same devices as currently defined definitions - disallow the duplicate

	storage: Add duplicate source pool for Gluster pool def
	Check the proposed pool source host XML definition against existing gluster
	pools to ensure the incoming definition doesn't use the same source dir and
	soure host XML definition as an existing pool.

	storage: Add duplicate host check for Sheepdog pool def
	Check the proposed pool source host XML definition against existing sheepdog
	pools to ensure the incoming definition doesn't use the same source host XML
	definition as an existing pool.

	storage: Remove default from switch in virStoragePoolSourceFindDuplicate
	So that we can cover all the cases.

	storage: Use virStoragePoolSourceMatchSingleHost for NETFS
	Rather than have duplicate code doing the same check, have the netfs
	matching processing code use the new virStoragePoolSourceMatchSingleHost.

	storage: Add check for different ports for host duplicate matching
	In virStoragePoolSourceMatchSingleHost, add a comparison for port number
	being different prior to checking the 'name' field.

	storage: Create virStoragePoolSourceMatchSingleHost
	Split out the nhost == 1 and hosts[0].name logic into a separate routine

2015-04-15  John Ferlan  <jferlan@redhat.com>

	storage: Refactor iSCSI Source matching
	Create a separate iSCSI Source matching subroutine. Makes the calling
	code a bit cleaner as well as sets up for future patches which need to
	do better source hosts[0].name processing/checking.

	As part of the effort the logic will be inverted from a multi-level
	if statement to a series of single level checks for better readability
	and further separation

2015-04-15  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Use VIR_ERR_RESOURCE_BUSY if sanlock_acquire fails
	When acquiring resource via sanlock fails, we would report it as
	VIR_ERR_INTERNAL_ERROR, which is not very friendly to applications using
	libvirt. Moreover, the lockd driver would report the same failure as
	VIR_ERR_RESOURCE_BUSY, which looks better.

	Unfortunately, in sanlock driver we don't really know if acquiring the
	resource failed because it was already locked or there was another
	reason behind. But the end result is the same and I think using
	VIR_ERR_RESOURCE_BUSY reason for all acquire failures is still better
	than what we have now.

	https://bugzilla.redhat.com/show_bug.cgi?id=1165119

2015-04-14  Eric Blake  <eblake@redhat.com>

	build: provide virNetDevSysfsFile on non-Linux
	Commit 49ed6cff is broken on mingw and other non-linux platforms:

	  CCLD     libvirt.la
	  Cannot export virNetDevSysfsFile: symbol not defined
	  collect2: error: ld returned 1 exit status

	* src/util/virnetdev.c: Provide virNetDevSysfsFile fallback.

2015-04-14  Eric Blake  <eblake@redhat.com>

	build: include correct header for time()
	Found by ./autobuild.sh during a mingw cross-compile:

	Commit 8a96e87 was not innocuous - glibc happens to leak the
	definition of time() through other headers, so that even without
	<sys/select.h>, virrandom.c compiled just fine.  But on mingw,
	we were not so lucky; <sys/select.h> was important for its side
	effect of dragging in <time.h>, and we now have nothing providing
	the declaration of time():

	../../src/util/virrandom.c: In function 'virRandomOnceInit':
	../../src/util/virrandom.c:65:5: error: implicit declaration of function 'time' [-Werror=implicit-function-declaration]
	     unsigned int seed = time(NULL) ^ getpid();
	          ^
		  ../../src/util/virrandom.c:65:5: error: nested extern declaration of 'time' [-Werror=nested-externs]

2015-04-14  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virnetdevtest
	This is yet another test for check of basic functionality of our
	NIC state handling code.

2015-04-14  John Ferlan  <jferlan@redhat.com>

	cfg: Disallow usage of 'index' as variable name
	Since we've run afoul of the Xen-devel build for shadowing a global
	declaration of 'index', just disallow using index for a variable name

	nwfilter: Change 'index' to 'idx'
	Forthcoming syntax check rule will disallow usage of 'int index', so
	change it for nwfilter

	snapshot: Change 'index' to 'idx'
	Forthcoming syntax check rule will disallow usage of 'int index', so
	change it for snapshot

	util: Use 'idx' instead of 'index'
	Impending syntax checker will disallow 'int index', so change it here.

	qemu: Adjust the prototype to match the function
	Changing the prototype to not have "int *index" since we'll soon be
	disallowing index as a name. Curiously the original commit (a4504ac)
	for the function used 'int idx' in the function - so they didn't match.
	Now they do.

2015-04-14  Ján Tomko  <jtomko@redhat.com>

	Add articles to virDomainDeviceDetachFlags docs
	Reported by John Ferlan.

2015-04-14  Pavel Hrdina  <phrdina@redhat.com>

	xen: fix build error on rhel-5
	../../src/xen/block_stats.c:82: warning: dereferencing type-punned
	    pointer will break strict-aliasing rules [-Wstrict-aliasing]

2015-04-14  Martin Kletzander  <mkletzan@redhat.com>

	sparc: Add default PCI root controller
	It is there even with -nodefaults and -no-user-config, so count with
	that so we can start sparc domains.

2015-04-14  Huanle Han  <hanxueluo@gmail.com>

	hostdev: fix loop index error when resetvfnetconfig
	The variable 'last_processed_hostdev_vf' indicates index of the last
	successfully configed vf. When resetvfnetconfig because of failure,
	hostdevs[last_processed_hostdev_vf] should also be reset.

2015-04-14  Huanle Han  <hanxueluo@gmail.com>

	qemu: fix index error when clean up vport profile
	1. 'last_good_net' indicates the index of last successfully configured
	net. so def->nets[last_good_net] should also be clean up if error occurs.

	2. if error occurs in 'virNetDevMacVLanVPortProfileRegisterCallback'
	(second 'goto err_exit' in loop), we should also do
	'virNetDevVPortProfileDisassociate' cleanup for the
	'virNetDevVPortProfileAssociate'(first code block in loop). So we should
	consider the net is successfully configured after first code block in
	loop finishes.

2015-04-14  Serge Hallyn  <serge.hallyn@ubuntu.com>

	virt-aa-helper: add unix channels (esp for qemu-guest-agent)
	The original bug report was at
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842

	Also skip abstract unix sockets.

2015-04-14  Shanzhi Yu  <shyu@redhat.com>

	qemu: save domain status after set memory parameters
	After set memory parameters for running domain, save the change to live
	xml is needed otherwise it will disappear after restart libvirtd.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211548

2015-04-14  Shanzhi Yu  <shyu@redhat.com>

	virsh: improve the error for wrong memtune parameters
	When set guest memory with a invalid parameter of --soft-limit,
	it posts weird error:

	$ virsh memtune r7 --hard-limit 20417224 --soft-limit 9007199254740992 \
	  --swap-hard-limit 35417224
	error: Unable to parse integer parameter 'NAME

	Change it to

	error: Unable to parse integer parameter soft-limit

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1211550

2015-04-14  John Ferlan  <jferlan@redhat.com>

	qemu: Use 'idx' instead of 'index' for variable name
	Apparently for Xen-devel 'index' is a global and causes a build failure,
	so just use the shortened 'idx' instead to avoid the conflict.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainBlockJobAbort()
	Change few variable names and refactor the code flow. As an additional
	bonus the function now fails if the event state is not as expected.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: drivePivot: Fix assumption when 'block-job-complete' fails
	QEMU does not abandon the mirror. The job carries on in the synchronised
	phase and it might be either pivoted again or cancelled. The commit
	hints that the described behavior was happening in a downstream version.

	If the command returns false there are two possible options:
	1) qemu did not reach the point where it would ask the block job to
	pivot
	2) pivotting failed in the actual qemu coroutine

	If either of those would happen we return failure and reset the
	condition that waits for the block job to complete. This makes the API
	fail but in case where qemu would actually abandon the mirror the fact
	is notified via the event and handled asynchronously.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1202704

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockPull: Refactor the rest of qemuDomainBlockJobImpl
	Since it now handles only block pull code paths we can refactor it and
	remove tons of cruft.

	qemu: blockjob: Separate qemuDomainBlockJobAbort from qemuDomainBlockJobImpl
	Sacrifice a few lines of code in favor of the code being more readable.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Split qemuDomainBlockJobSetSpeed from qemuDomainBlockJobImpl
	qemuDomainBlockJobImpl become an unmaintainable mess over the years of
	adding new stuff to it. This patch starts splitting up individual
	functions from it until it can be killed entirely.

	In bulk this will add lines of code rather than delete them but it will
	be traded for maintainability.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Extract handling of JSON block job error codes
	My intention is to split qemuMonitorJSONBlockJob() into simpler separate
	functions for every block job type. Since the error handling code is the
	same for all block jobs, this patch extracts the code into a separate
	function that will later be reused in more places.

	With the new helper qemuMonitorJSONErrorIsClass we can save a few
	function calls as we can extract the error object once.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: json: Refactor error code class checker
	Split out the function that checks the actual error class string into a
	separate helper as it will be useful later and refactor
	qemuMonitorJSONHasError to return bool type and remove few useless
	checks.

	Basically virJSONValueObjectHasKey are useless here since the next call
	to virJSONValueObjectGet is checking the return value again (which can't
	fail at that point). By removing the first check we save a function
	call.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix condition for checking vcpu when pinning vcpus
	Previously we checked that the vcpu we are trying to set is in range of
	the number of threads presented by qemu. The problem is that if the VM
	is offline the count is 0. Since the condition subtracted 1 from the
	count the number would overflow and the check would never trigger.

	Change the condition for more sensible ones with specific error
	messages.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208434

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainVcpuPinDefParseXML
	Refactor the code to parse the vcpupin in a similar way the iothreadpin
	code is now structured. This allows to get rid of some very strange
	conditions and error messages.

	Additionally since a existing bug
	( https://bugzilla.redhat.com/show_bug.cgi?id=1208434 ) allows to add
	vcpupin definitions for vcpus that don't exist, this patch makes the
	parser to ignore all vcpupins that don't have a matching vCPU in the
	definition rather than just offlined ones.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	conf: Error out if iothread id is missing in iothreadpin
	Defining a domain with the following config:

	<domain ...>
	  ...
	  <iothreads>1</iothreads>
	  <cputune>
	    <iothreadpin cpuset='1'/>

	will result in the following config formatted back:
	<domain type='kvm'>
	  ...
	  <iothreads>1</iothreads>
	  <cputune>
	    <iothreadpin iothread='0' cpuset='1'/>

	After restart the VM would vanish. Since our schema requires the
	@iothread field to be present in <iothreadpin> make it required by the
	code too.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	conf: Split up virDomainVcpuPinDefParseXML
	Extract part that parses iothreads into virDomainIothreadPinDefParseXML

	conf: Split out parsing of emulatorpin
	Split up parts of virDomainVcpuPinDefParseXML into
	virDomainEmulatorPinDefParseXML.

	lib: snapshot: Explain that only one layer of images is inserted
	When creating a snapshot with _REUSE_EXTERNAL when the pre-created image
	does not directly link to the current active layer libvirt would
	re-detect the backing chain incorrectly and it would not match with
	qemu's view. Since the configuration is an operator mistake, document
	that only the top layer image gets inserted.

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Enforce WWN to be unique among VM's disks
	Operating systems use the identifier to name the disks. As the name
	suggests the ID should be unique.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1208009

2015-04-14  Peter Krempa  <pkrempa@redhat.com>

	conf: ABI: Check WWN in disk abi stability check
	Since the WWN influences guest behavior in naming disks we should treat
	this as vm ABI.

2015-04-14  John Ferlan  <jferlan@redhat.com>

	Convert virDomainPinIsDuplicate into bool return

2015-04-13  John Ferlan  <jferlan@redhat.com>

	Rename qemuCheckIothreads to qemuCheckIOThreads

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Rewrite vshParseCPUList
	Use virBitmap helpers that were added after this function.

	Change cpumaplen to int and fill it out by this function.

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Rewrite vshPrintPinInfo
	Use virBitmapDataToString instead of constructing the ranges bit
	by bit, remove the checking of parameters (that is already done
	by the callers).

	Let the callers choose the right bitmap, since there's only
	one that uses this helper on a matrix-in-an-array.

2015-04-13  Alexander Burluka  <aburluka@parallels.com>

	Parallels: implemented domainAttachDevice
	That function uses domainAttachDeviceFlags

	Parallels: implement domainAttachDeviceFlags
	Parallels Cloud Server supports block devices and virtual NIC
	live attachment. I implemented that function for block devices so
	OpenStack volume attachment is now works.

	Parallels: remove disk serial number check
	OpenStack needs disk serial number setup because
	nova boot --block-device-mapping command generates that param in
	libvirt xml. I took QEMU libvirt driver behavior as a base.
	QEMU driver skips inability to set serial and continues work.
	So Parallels driver will ignore this param too and let domain
	boot.

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Remove overengineered loop
	Do not loop over enum with one value.

	Introduce struct _virStorageBackendQemuImgInfo
	This will contain the data required for creating the qemu-img
	command line without having access to the volume definition.

	Rename virStorageBackendCreateQemuImgCmd
	Add FromVol at the end. This function will create the qemu-img
	command line from volume definitions and check them.

	Use XPath when parsing snapshot disk definition
	Instead of going through XML nodes in a loop and
	having to check if they are duplicate.

	Split out storage format 'compat' attribute sanity check
	For future reuse in the snapshot XML.

2015-04-13  Erik Skultety  <eskultet@redhat.com>

	virBitmap: Place virBitmapIsAllClear check after virBitmapParse calls
	This patch adds checks for empty bitmaps right after the calls of
	virBitmapParse. These only include spots where set API's are called and
	where domain's XML is parsed.
	Also, it partially reverts commit 983f5a which added a check for
	invalid nodeset "0,^0" into virBitmapParse function. This change broke
	the logic, as an empty bitmap should not cause an error.

	https://bugzilla.redhat.com/show_bug.cgi?id=1210545

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Remove feature formating funcs from pool-specific options
	We only have one formatting function for the features.

	Visually separate snapshot disk subelements
	Create four smaller blocks of texts instead of one large one.

	Rewrite usb device version parsing
	Simplify the function by leaving out the local copy and checking
	return values of virStrToLong.

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Fix usb device version parsing issues
	Request that the number be parsed as decimal, to allow 08
	and 09.

	Format it with the leading zero, 1.01 and 1.10 are two
	different versions.

	https://bugzilla.redhat.com/show_bug.cgi?id=1210650

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Do xml->xml test for usb-redir-filter
	We don't format the default '-1' fields back.

2015-04-13  Ján Tomko  <jtomko@redhat.com>

	Do not require virtio-pci devices when using virtio-mmio
	On arm, we probe for virtio-*-pci devices, but use their
	virtio-*-device variants.

	Set the capabilities based on the -device variants as well,
	to make them work with qemus with the PCI devices compiled out.

2015-04-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationPrecreateStorage: Fix debug message
	When pre-creating storage for domains, we need to find corresponding
	disk in the XML on the destination (domain XML may differ there, e.g.
	disk is accessible under different path). For better debugging, I'm
	printing all info I received on a disk. But there was a typo when
	printing the disk capacity: "%lluu" instead of "%llu".

2015-04-13  Xing Lin  <xinglin@cs.utah.edu>

	qemu_migration.c: sleep first before checking for migration status.
	The problem with the previous implementation is,
	even when qemuMigrationUpdateJobStatus() detects a migration job
	has completed, it will do a sleep for 50 ms (which is unnecessary
	and only adds up to the VM pause time).

2015-04-13  Andrea Bolognani  <abologna@redhat.com>

	conf: Don't output <cpu> tag if it contains no information.
	The tag is already marked as optional in the schema, so no changes
	are needed there.

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1202606

2015-04-10  John Ferlan  <jferlan@redhat.com>

	qemu: qemuDomainHotplugVcpus - separate out pin adjustment code
	Future IOThread setting patches would copy the code anyway, so create
	and generalize the adding of pindef for the vcpu and the pinning of the
	thread into their own APIs.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	AUTHORS: Add my email address to AUTHORS.in

2015-04-10  Ján Tomko  <jtomko@redhat.com>

	Support IPv6 in networkGetNetworkAddress
	We've been explicitly requesting IPv4 for some reason,
	even if there were only IPv6 addresses in the network
	definition.

	https://bugzilla.redhat.com/show_bug.cgi?id=1192318

2015-04-10  Luyao Huang  <lhuang@redhat.com>

	util: Update virNetDevGetIPAddress to get IPv6 addresses
	Add static virNetDevGetifaddrsAddress to attempt to get the interface
	IP address. If getifaddrs is not supported, fall back to
	virNetDevGetIPv4AddressIoctl to get the IP address.

	This allows IPv6 addresses to be used for <listen type='network>
	with device-backed networks.

	https://bugzilla.redhat.com/show_bug.cgi?id=1192318

2015-04-10  John Ferlan  <jferlan@redhat.com>

	util: Replace virNetDevGetIPv4Address with virNetDevGetIPAddress
	Rename it to virNetDevGetIPv4AddressIoctl and make
	virNetDevGetIPAddress a wrapper around it, allowing
	other ways of getting the address to be implemented,
	and still falling back to the old method.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix virDomainDefineXML for domain in saved state
	PCS doesn't store domain config in managed save state file.
	It's forbidden to change config for VMs in this state.
	It's possible to change config for containers, but after
	restoring domain will have that new config, not a config,
	which domain had at the moment of virDomainManagedSave.

	So we need to handle this case differently from other states.
	Let's forbid this operation, if config is changed and if it's
	not changed - just do nothing.

	Openstack/nova calls virDomainDefineXML on resume with
	current domain config, so we can't forbid this operation
	in managed save state.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	conf: fix virDomainDefFormatInternal for parallels
	We should add input devices with proper bus,
	not VIR_DOMAIN_INPUT_BUS_XEN.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	conf: fix virDomainDefParseXML for parallels
	Handle input devices in virDomainDefParseXML properly
	in case of parallels containers and VMs.

	Parallels containers support only
	VIR_DOMAIN_INPUT_BUS_PARALLELS. And if VNC is enabled
	we should add implicit mouse and keyboard.

	For VMs we should add implicit PS/2 mouse and
	keyboard.

	BTW, is it worth to refactor code and move
	all this code to drivers, to *DomainDefPostParse
	functions?

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add implicit input devices
	Add implicit input devices in parallelsLoadDomains,
	when VNC is enabled.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	conf: add input device type for parallels containers
	Add VIR_DOMAIN_INPUT_BUS_PARALLELS device type
	to handle domain configuration properly for
	parallels containers, when VNC is enabled.

	When domain configuration has at least one
	'graphics', there should be mouse and keyboard.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	conf: return proper default video type for parallels
	Fix function virDomainVideoDefaultType for
	parallels VMs and containers. It should return
	VGA for VMs and VIR_DOMAIN_VIDEO_TYPE_PARALLELS
	for containers.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	conf: add VIR_DOMAIN_VIDEO_TYPE_PARALLELS video type
	We support VNC for containers to have the same
	interface with VMs. At this moment it just renders
	linux text console.

	Of course we don't pass any physical devices and
	don't emulate virtual devices. Our VNC server
	renders text from terminal master and sends
	input events from VNC client to terminal.

	So add special video type VIR_DOMAIN_VIDEO_TYPE_PARALLELS
	for these pseudo-devices.

2015-04-10  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: don't fill net adapter model for containers
	Network adapter model has no sense for container,
	so we shouldn't set it to e1000 in
	parallelsDomainDeviceDefPostParse.

	parallels: fill adapter model in virDomainNetDef
	We handle this parameter for VMs while defining
	domains, so let's get this property from PCS and
	set corresponding field of virDomainNetDef in
	prlsdkLoadDomains function.

	parallels: add controllers in prlsdkLoadDomain
	Call virDomainDefAddImplicitControllers to add disk
	controllers, so virDomainDef, filled by this function
	will look exactly like the one returned by virDomainDefParseString.

	parallels: report, that cdroms are readonly
	Set readonly flag for cdrom devices when we
	retrieve a list of domains from PCS.

	parallels: implement virDomainManagedSave
	Implement virDomainManagedSave api function. In PCS
	this feature called "suspend". You can suspend VM or
	CT while it is in running or paused state. And after
	resuming (or starting) it will have the same state, as
	before suspend.

	parallels: split prlsdkDomainChangeState function
	Split function prlsdkDomainChangeState into
	prlsdkDomainChangeStateLocked and prlsdkDomainChangeState.
	So it can be used from places, where virDomainObj already
	found and locked.

	parallels: fix headers in parallels_sdk.h
	Return value of functions prlsdkStart/Kill/Stop e.t.c.
	is PRL_RESULT in parallels_sdk.c and int in parallels_sdk.h.
	PRL_RESULT is int, so compiler didn't report errors.
	Let's fix the difference.

2015-04-10  John Ferlan  <jferlan@redhat.com>

	qemu: qemuDomainHotplugVcpus - separate out the del cgroup and pin
	Future IOThread setting patches would copy the code anyway, so create
	and generalize a delete cgroup and pindef for the vcpu into its own API.

	qemu: qemuDomainHotplugVcpus - separate out the add cgroup
	Future IOThread setting patches would copy the code anyway, so create
	and generalize the add the vcpu to a cgroup into its own API.

	cgroup: Use virCgroupNewThread
	Replace the virCgroupNew{Vcpu|Emulator|IOThread} calls with the common
	virCgroupNewThread API

	cgroup: Introduce virCgroupNewThread
	Create a new common API to replace the virCgroupNew{Vcpu|Emulator|IOThread}
	API's using an emum to generate the cgroup name

2015-04-10  John Ferlan  <jferlan@redhat.com>

	storage: Don't duplicate efforts of backend driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1206521

	If the backend driver updates the pool available and/or allocation values,
	then the storage_driver VolCreateXML, VolCreateXMLFrom, and VolDelete APIs
	should not change the value; otherwise, it will appear as if the values
	were "doubled" for each change.  Additionally since unsigned arithmetic will
	be used depending on the size and operation, either or both values could be
	appear to be much larger than they should be (in the EiB range).

	Currently only the disk pool updates the values, but other pools could.
	Assume a "fresh" disk pool of 500 MiB using /dev/sde:

	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     0.00 B
	Available:      509.84 MiB

	$ virsh vol-create-as disk-pool sde1 --capacity 300M

	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     600.47 MiB
	Available:      16.00 EiB

	Following assumes disk backend updated to refresh the disk pool at deletion
	of primary partition as well as extended partition:

	$ virsh vol-delete --pool disk-pool sde1
	Vol sde1 deleted

	$ virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     9.73 EiB
	Available:      6.27 EiB

	This patch will check if the backend updated the pool values and honor that
	update.

2015-04-10  John Ferlan  <jferlan@redhat.com>

	storage: Need to update freeExtent at delete primary partition
	Commit id '471e1c4e' only considered updating the pool if the extended
	partition was removed. As it turns out removing a primary partition
	would also need to update the freeExtent list otherwise the following
	sequence would fail (assuming a "fresh" disk pool for /dev/sde of 500M):

	$  virsh pool-info disk-pool
	...
	Capacity:       509.88 MiB
	Allocation:     0.00 B
	Available:      509.84 MiB

	$ virsh vol-create-as disk-pool sde1 --capacity 300M
	$ virsh vol-delete --pool disk-pool sde1
	$ virsh vol-create-as disk-pool sde1 --capacity 300M
	error: Failed to create vol sde1
	error: internal error: no large enough free extent

	$

	This patch will refresh the pool, rereading the partitions, and
	return

2015-04-10  John Ferlan  <jferlan@redhat.com>

	storage: Fix issues in storageVolResize
	https://bugzilla.redhat.com/show_bug.cgi?id=1073305

	When creating a volume in a pool, the creation allows the 'capacity'
	value to be larger than the available space in the pool. As long as
	the 'allocation' value will fit in the space, the volume will be created.

	However, resizing the volume checks were made with the new absolute
	capacity value against existing capacity + the available space without
	regard for whether the new absolute capacity was actually allocating
	space or not.  For example, a pool with 75G of available space creates
	a volume of 10G using a capacity of 100G and allocation of 10G will succeed;
	however, if the allocation used a capacity of 10G instead and then tried
	to resize the allocation to 100G the code would fail to allow the backend
	to try the resize.

	Furthermore, when updating the pool "available" and "allocation" values,
	the resize code would just "blindly" adjust them regardless of whether
	space was "allocated" or just "capacity" was being adjusted.  This left
	a scenario whereby a resize to 100G would fail; however, a resize to 50G
	followed by one to 100G would both succeed.  Again, neither was adjusting
	the allocation value, just the "capacity" value.

	This patch adds more logic to the resize code to understand whether the
	new capacity value is actually "allocating" space as well and whether it
	shrinking or expanding. Since unsigned arithmatic is involved, the possibility
	that we adjust the pool size values incorrectly is probable.

	This patch also ensures that updates to the pool values only occur if we
	actually performed the allocation.

	NB: The storageVolDelete, storageVolCreateXML, and storageVolCreateXMLFrom
	each only updates the pool allocation/availability values by the target
	volume allocation value.

2015-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid shadow of 'sync' symbol
	Old compilers whine that 'sync' is being shadowed in the function
	introduced in 1eccac1d2da7bbe97e1df25fd0ddac6e71b0794a.

	qemu: blockPivot: Don't pause the VM any more since we don't use drive-reopen
	Support for drive-reopen was never present in the upstream code so we
	don't need to pause the VM when doing the block pivot. Kill all the
	code related to this semi-upstream artifact.

	qemu: Clean up old leftovers in qemuMonitorDrivePivot
	There are two leftover unused variables. Remove them and clean up the
	fallout of the change.

	qemu: blockjob: Use the new helpers in qemuDomainGetBlockJobInfo
	Refactor the function to use the new helpers.

	qemu: domain: Add helper to check block job support
	We need to check that qemu supports block jobs in multiple places. Add a
	helper to do the check.

	qemu: domain: Introduce helper to retrieve domain monitor object
	In some cases where the function does not need to access the private
	data this helper may be used to retrieve the monitor object.

2015-04-09  Erik Skultety  <eskultet@redhat.com>

	doc: Add info (where necessary) that paths should be specified as absolute
	We documented this almost everywhere, but missed it on several places.

	https://bugzilla.redhat.com/show_bug.cgi?id=1208763

2015-04-09  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Open /proc/PID/ns/* read-only to avoid getting permission denied
	lxc-enter-namespace stopped working on recent kernels (at least 3.19+)
	due to /proc/PID/ns/* file descriptors being opened RW. From outside
	the namespace these can only be opened RO.

	Apparmor qemu abstraction fixes for SLES
	SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and
	/usr/share/qemu-kvm need to be accessed to domains.

2015-04-09  Lubomir Rintel  <lkundrak@v3.sk>

	lxc: create the required directories upon driver start
	/var/run may reside on a tmpfs and we fail to create the PID file if
	/var/run/lxc does not exist.

	Since commit 0a8addc1, the lxc driver's state directory isn't
	automatically created before starting a domain. Now, the lxc driver
	makes sure the state directory exists when it initializes.

2015-04-09  Peter Krempa  <pkrempa@redhat.com>

	util: file: Don't carelessly sanitize URIs
	rfc3986 states that the separator in URI path is a single slash.
	Multiple slashes may potentially lead to different resources and thus we
	should not remove them.

	test: Add tests for virFileSanitizePath
	Add test infrastructure for virFileSanitizePath so that it can be
	sensibly refactored later.

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	virLXCControllerSetupResourceLimits: Call virNuma*() iff needed
	Like we are doing in qemu driver (ea576ee543d6fb95583), lets call
	virNumaSetupMemoryPolicy() only if really needed. Problem is, if
	we numa_set_membind() child, there's no way to change it from the
	daemon afterwards. So any later attempts to change the pinning
	will fail. But in very weird way - CGroups will be set, but due
	to membind child will not allocate memory from any other node.

2015-04-08  Luyao Huang  <lhuang@redhat.com>

	fix memleak in qemuRestoreCgroupState
	 131,088 bytes in 16 blocks are definitely lost in loss record 2,174 of 2,176
	    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x4C2BACB: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x52A026F: virReallocN (viralloc.c:245)
	    by 0x52BFCB5: saferead_lim (virfile.c:1268)
	    by 0x52C00EF: virFileReadLimFD (virfile.c:1328)
	    by 0x52C019A: virFileReadAll (virfile.c:1351)
	    by 0x52A5D4F: virCgroupGetValueStr (vircgroup.c:763)
	    by 0x1DDA0DA3: qemuRestoreCgroupState (qemu_cgroup.c:805)
	    by 0x1DDA0DA3: qemuConnectCgroup (qemu_cgroup.c:857)
	    by 0x1DDB7BA1: qemuProcessReconnect (qemu_process.c:3694)
	    by 0x52FD171: virThreadHelper (virthread.c:206)
	    by 0x82B8DF4: start_thread (pthread_create.c:308)
	    by 0x85C31AC: clone (clone.S:113)

2015-04-08  Dawid Zamirski  <dzamirski@datto.com>

	vbox: Implement virDomainSendKey
	Since the holdtime is not supported by VBOX SDK, it's being simulated
	by sleeping before sending the key-up codes. The key-up codes are
	auto-generated based on XT codeset rules (adding of 0x80 to key-down)
	which results in the same behavior as for QEMU implementation.

	vbox: Register IKeyboard with the unified API.
	The IKeyboard COM object is needed to implement virDomainSendKey and is
	available in all supported VBOX versions.

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHook: Call virNuma*() only when needed
	https://bugzilla.redhat.com/show_bug.cgi?id=1198645

	Once upon a time, there was a little domain. And the domain was pinned
	onto a NUMA node and hasn't fully allocated its memory:

	  <memory unit='KiB'>2355200</memory>
	  <currentMemory unit='KiB'>1048576</currentMemory>

	  <numatune>
	    <memory mode='strict' nodeset='0'/>
	  </numatune>

	Oh little me, said the domain, what will I do with so little memory.
	If I only had a few megabytes more. But the old admin noticed the
	whimpering, barely audible to untrained human ear. And good admin he
	was, he gave the domain yet more memory. But the old NUMA topology
	witch forbade to allocate more memory on the node zero. So he
	decided to allocate it on a different node:

	virsh # numatune little_domain --nodeset 0-1

	virsh # setmem little_domain 2355200

	The little domain was happy. For a while. Until bad, sharp teeth
	shaped creature came. Every process in the system was afraid of him.
	The OOM Killer they called him. Oh no, he's after the little domain.
	There's no escape.

	Do you kids know why? Because when the little domain was born, her
	father, Libvirt, called numa_set_membind(). So even if the admin
	allowed her to allocate memory from other nodes in the cgroups, the
	membind() forbid it.

	So what's the lesson? Libvirt should rely on cgroups, whenever
	possible and use numa_set_membind() as the last ditch effort.

2015-04-08  Michal Privoznik  <mprivozn@redhat.com>

	vircgroup: Introduce virCgroupControllerAvailable
	This new internal API checks if given CGroup controller is
	available.  It is going to be needed later when we need to make a
	decision whether pin domain memory onto NUMA nodes using cpuset
	CGroup controller or using numa_set_membind().

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu_driver: check caps after starting block job
	Currently we check qemuCaps before starting the block job. But qemuCaps
	isn't available on a stopped domain, which means we get a misleading
	error message in this case:

	  # virsh domstate example
	  shut off

	  # virsh blockjob example vda
	  error: unsupported configuration: block jobs not supported with this QEMU binary

	Move the qemuCaps check into the block job so that we are guaranteed the
	domain is running.

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu_migrate: use nested job when adding NBD to cookie
	qemuMigrationCookieAddNBD is usually called from within an async
	MIGRATION_OUT or MIGRATION_IN job, so it needs to start a nested job.

	(The one exception is during the Begin phase when change protection
	isn't enabled, but qemuDomainObjEnterMonitorAsync will behave the same
	as qemuDomainObjEnterMonitor in this case.)

	This bug was encountered with a libvirt client that repeatedly queries
	the disk mirroring block job info during a migration. If one of these
	queries occurs just as the Perform migration cookie is baked, libvirt
	crashes.

	Relevant logs are as follows:

	    6701: warning : qemuDomainObjEnterMonitorInternal:1544 : This thread seems to be the async job owner; entering monitor without asking for a nested job is dangerous
	[1] 6701: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block","id":"libvirt-629"}
	[2] 6699: info : qemuMonitorIOWrite:503 : QEMU_MONITOR_IO_WRITE: mon=0x7fefdc004700 buf={"execute":"query-block","id":"libvirt-629"}
	[3] 6704: info : qemuMonitorSend:972 : QEMU_MONITOR_SEND_MSG: mon=0x7fefdc004700 msg={"execute":"query-block-jobs","id":"libvirt-630"}
	[4] 6699: info : qemuMonitorJSONIOProcessLine:203 : QEMU_MONITOR_RECV_REPLY: mon=0x7fefdc004700 reply={"return": [...], "id": "libvirt-629"}
	    6699: error : qemuMonitorJSONIOProcessLine:211 : internal error: Unexpected JSON reply '{"return": [...], "id": "libvirt-629"}'

	At [1] qemuMonitorBlockStatsUpdateCapacity sends its request, then waits
	on mon->notify. At [2] the request is written out to the monitor socket.
	At [3] qemuMonitorBlockJobInfo sends its request, and also waits on
	mon->notify. The reply from the first request is received at [4].
	However, qemuMonitorJSONIOProcessLine is not expecting this reply since
	the second request hadn't completed sending. The reply is dropped and an
	error is returned.

	qemuMonitorIO signals mon->notify twice during its error handling,
	waking up both of the threads waiting on it. One of them clears mon->msg
	as it exits qemuMonitorSend; the other crashes:

	  qemuMonitorSend (mon=0x7fefdc004700, msg=<value optimized out>) at qemu/qemu_monitor.c:975
	  975         while (!mon->msg->finished) {
	  (gdb) print mon->msg
	  $1 = (qemuMonitorMessagePtr) 0x0

2015-04-08  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: delete old networks in prlsdkDoApplyConfig before adding new ones
	In order to change an existing domain we delete all existing devices and add
	new from scratch. In case of network devices we should also delete corresponding
	virtual networks (if any) before removing actual devices from xml. In the patch,
	we do it by extending prlsdkDoApplyConfig with a new parameter, which stands for
	old xml, and calling prlsdkDelNet every time old xml is specified.

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	util: fix removal of callbacks in virCloseCallbacksRun
	The close callbacks hash are keyed by a UUID-string, but
	virCloseCallbacksRun was attempting to remove them by raw UUID. This
	patch ensures the callback entries are removed by UUID-string as well.

	This bug caused problems when guest migrations were abnormally aborted:

	  # timeout --signal KILL 1 \
	      virsh migrate example qemu+tls://remote/system \
	        --verbose --compressed --live --auto-converge \
	        --abort-on-error --unsafe --persistent \
	        --undefinesource --copy-storage-all --xml example.xml
	  Killed

	  # virsh migrate example qemu+tls://remote/system \
	      --verbose --compressed --live --auto-converge \
	      --abort-on-error --unsafe --persistent \
	      --undefinesource --copy-storage-all --xml example.xml
	  error: Requested operation is not valid: domain 'example' is not being migrated

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu: fix race between disk mirror fail and cancel
	If a VM migration is aborted, a disk mirror may be failed by QEMU before
	libvirt has a chance to cancel it. The disk->mirrorState remains at
	_ABORT in this case, and this breaks subsequent mirrorings of that disk.

	We should instead check the mirrorState directly and transition to _NONE
	if it is already aborted. Do the check *after* aborting the block job in
	QEMU to avoid a race.

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu: fix error propagation in qemuMigrationBegin
	If virCloseCallbacksSet fails, qemuMigrationBegin must return NULL to
	indicate an error occurred.

2015-04-08  Michael Chapman  <mike@very.puzzling.org>

	qemu: fix crash in qemuProcessAutoDestroy
	The destination libvirt daemon in a migration may segfault if the client
	disconnects immediately after the migration has begun:

	  # virsh -c qemu+tls://remote/system list --all
	   Id    Name                           State
	  ----------------------------------------------------
	  ...

	  # timeout --signal KILL 1 \
	      virsh migrate example qemu+tls://remote/system \
	        --verbose --compressed --live --auto-converge \
	        --abort-on-error --unsafe --persistent \
	        --undefinesource --copy-storage-all --xml example.xml
	  Killed

	  # virsh -c qemu+tls://remote/system list --all
	  error: failed to connect to the hypervisor
	  error: unable to connect to server at 'remote:16514': Connection refused

	The crash is in:

	   1531 void
	   1532 qemuDomainObjEndJob(virQEMUDriverPtr driver, virDomainObjPtr obj)
	   1533 {
	   1534     qemuDomainObjPrivatePtr priv = obj->privateData;
	   1535     qemuDomainJob job = priv->job.active;
	   1536
	   1537     priv->jobs_queued--;

	Backtrace:

	  #0  at qemuDomainObjEndJob at qemu/qemu_domain.c:1537
	  #1  in qemuDomainRemoveInactive at qemu/qemu_domain.c:2497
	  #2  in qemuProcessAutoDestroy at qemu/qemu_process.c:5646
	  #3  in virCloseCallbacksRun at util/virclosecallbacks.c:350
	  #4  in qemuConnectClose at qemu/qemu_driver.c:1154
	  ...

	qemuDomainRemoveInactive calls virDomainObjListRemove, which in this
	case is holding the last remaining reference to the domain.
	qemuDomainRemoveInactive then calls qemuDomainObjEndJob, but the domain
	object has been freed and poisoned by then.

	This patch bumps the domain's refcount until qemuDomainRemoveInactive
	has completed. We also ensure qemuProcessAutoDestroy does not return the
	domain to virCloseCallbacksRun to be unlocked in this case. There is
	similar logic in bhyveProcessAutoDestroy and lxcProcessAutoDestroy
	(which call virDomainObjListRemove directly).

2015-04-07  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUDriverGetConfig: Fix memleak
	==19015== 968 (416 direct, 552 indirect) bytes in 1 blocks are definitely lost in loss record 999 of 1,049
	==19015==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52ADF14: virAllocVar (viralloc.c:560)
	==19015==    by 0x5302FD1: virObjectNew (virobject.c:193)
	==19015==    by 0x1DD9401E: virQEMUDriverConfigNew (qemu_conf.c:164)
	==19015==    by 0x1DDDF65D: qemuStateInitialize (qemu_driver.c:666)
	==19015==    by 0x53E0823: virStateInitialize (libvirt.c:777)
	==19015==    by 0x11E067: daemonRunStateInit (libvirtd.c:905)
	==19015==    by 0x53201AD: virThreadHelper (virthread.c:206)
	==19015==    by 0xA1EE1F2: start_thread (in /lib64/libpthread-2.19.so)
	==19015==    by 0xA4EFC8C: clone (in /lib64/libc-2.19.so)

	virDomainVirtioSerialAddrSetFree: Fix memleak
	==19015== 8 bytes in 1 blocks are definitely lost in loss record 34 of 1,049
	==19015==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x4C2C32F: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52AD888: virReallocN (viralloc.c:245)
	==19015==    by 0x52AD97E: virExpandN (viralloc.c:294)
	==19015==    by 0x52ADC51: virInsertElementsN (viralloc.c:436)
	==19015==    by 0x5335864: virDomainVirtioSerialAddrSetAddController (domain_addr.c:816)
	==19015==    by 0x53358E0: virDomainVirtioSerialAddrSetAddControllers (domain_addr.c:839)
	==19015==    by 0x1DD5513B: qemuDomainAssignVirtioSerialAddresses (qemu_command.c:1422)
	==19015==    by 0x1DD55A6E: qemuDomainAssignAddresses (qemu_command.c:1711)
	==19015==    by 0x1DDA5818: qemuProcessStart (qemu_process.c:4616)
	==19015==    by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265)
	==19015==    by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320)

	qemuSetupCgroupForVcpu: Fix memleak
	==19015== 1,064 (656 direct, 408 indirect) bytes in 2 blocks are definitely lost in loss record 1,002 of 1,049
	==19015==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==19015==    by 0x52AD74B: virAlloc (viralloc.c:144)
	==19015==    by 0x52B47CA: virCgroupNew (vircgroup.c:1057)
	==19015==    by 0x52B53E5: virCgroupNewVcpu (vircgroup.c:1451)
	==19015==    by 0x1DD85A40: qemuSetupCgroupForVcpu (qemu_cgroup.c:1013)
	==19015==    by 0x1DDA66EA: qemuProcessStart (qemu_process.c:4844)
	==19015==    by 0x1DDF1807: qemuDomainObjStart (qemu_driver.c:7265)
	==19015==    by 0x1DDF1A66: qemuDomainCreateWithFlags (qemu_driver.c:7320)
	==19015==    by 0x1DDF1ACD: qemuDomainCreate (qemu_driver.c:7337)
	==19015==    by 0x53F87EA: virDomainCreate (libvirt-domain.c:6820)
	==19015==    by 0x12690A: remoteDispatchDomainCreate (remote_dispatch.h:3481)
	==19015==    by 0x126827: remoteDispatchDomainCreateHelper (remote_dispatch.h:3457)

2015-04-07  Erik Skultety  <eskultet@redhat.com>

	storage: Introduce storagePoolUpdateAllState function
	The 'checkPool' callback was originally part of the storageDriverAutostart function,
	but the pools need to be checked earlier during initialization phase,
	otherwise we can't start a domain which mounts a volume after the
	libvirtd daemon restarted. This is because qemuProcessReconnect is called
	earlier than storageDriverAutostart. Therefore the 'checkPool' logic has been
	moved to storagePoolUpdateAllState which is called inside storageDriverInitialize.

	We also need a valid 'conn' reference to be able to execute 'refreshPool'
	during initialization phase. Though it isn't available until storageDriverAutostart
	all of our storage backends do ignore 'conn' pointer, except for RBD,
	but RBD doesn't support 'checkPool' callback, so it's safe to pass
	conn = NULL in this case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177733

2015-04-07  Erik Skultety  <eskultet@redhat.com>

	conf: Introduce virStoragePoolLoadAllState && virStoragePoolLoadState
	These functions operate exactly the same as their network equivalents
	virNetworkLoadAllState, virNetworkLoadState.

	storage: Add support for storage pool state XML
	This patch introduces new virStorageDriverState element stateDir.
	Also adds necessary changes to storageStateInitialize, so that
	directories initialization becomes more generic.

2015-04-07  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	hostdev: Report the domain name for used hostdevs during nodedev-detach
	The nodedev-detach can report the name of the domain using the device
	just the way nodedev-reattach does it.

2015-04-06  Cole Robinson  <crobinso@redhat.com>

	virsh: Improve change-media success message
	$ sudo virsh change-media f19 hdc /mnt/data/devel/media/Fedora-16-x86_64-Live-KDE.iso
	succeeded to complete action update on media

	Change the message to:

	  Successfully {inserted,ejected,changed} media.

	https://bugzilla.redhat.com/show_bug.cgi?id=967946

2015-04-06  Laine Stump  <laine@laine.org>

	interface: allow multiple IPv4 addresses in interface XML
	An upcoming netcf release will support multiple ipv4 addresses, so
	let's loosen up libvirt's interface.rng to allow it.

2015-04-03  Jiri Denemark  <jdenemar@redhat.com>

	virsh.pod: Remove redundant --config from attach-interface

2015-04-03  Noella Ashu  <ashu.noella207@gmail.com>

	libvirt: virsh: Kill all uses of __FUNCTION__ in error messages
	The error output of snapshot-revert should be more friendly.
	There is no need to show virDomainRevertToSnapshot to user.
	virReportError already includes __FUNCTION__ information in a
	separate member of the struct, so repeating it in the message is
	redundant and leads to situations where higher level code ends up
	reporting the lower level name. We correctly converted the error
	output making it more succinct and user-friendly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1086726

2015-04-03  Luyao Huang  <lhuang@redhat.com>

	virsh: Fix domifaddr output in quiet mode
	In virsh we have two printing functions: vshPrint() which prints a
	string onto stdout and vshPrintExtra() which does not print anything
	if virsh is run in quiet mode. Usually, the former is used to print
	actual results, while the latter to print strings like table headers
	and other formatting stuff. However, in cmdDomIfAddr we have
	mistakenly used vshPrintExtra even for actual data. After this patch,
	the output should look like the following:

	  # virsh -q domifaddr test3 --source agent
	  lo         00:00:00:00:00:00    ipv4         127.0.0.1/8
	  -          -                    ipv6         ::1/128
	  ens8       52:54:00:1a:cb:3f    ipv6         fe80::5054:ff:fe1a:cb3f/64
	  virbr0     52:54:00:db:51:e7    ipv4         192.168.122.1/24
	  virbr0-nic 52:54:00:db:51:e7    N/A          N/A

2015-04-03  Dawid Zamirski  <dzamirski@datto.com>

	esx: esxNodeGetFreeMemory return info from host.
	Before this patch, when connected via vCenter, the free memory returned
	was from the resorcePool (usually a cluster). This is in conflict with
	e.g esxNodeGetInfo which always pulls info from the ESX host.
	Since libvirt ESX driver works primarily with ESX hosts, this patch
	changes esxNodeGetFreeMemory to pull that information from ESX host so
	it's consistent with behavior of esxNodeGetInfo.

	esx: add esxVI_GetInt
	Modeled after the already existing esxVI_GetLong.

2015-04-03  Erik Skultety  <eskultet@redhat.com>

	conf: Change virStoragePoolSaveConfig prototype s/configDir/configFile
	Just a minor change which might be a little confusing for someone
	looking only at the API.

	conf: Introduce virStoragePoolSaveState
	Introduce virStoragePoolSaveState to properly format the state XML in
	the same manner as virStoragePoolDefFormat, except for adding a
	<poolstate> ... </poolstate> around the definition. This is similar to
	virNetworkObjFormat used to save the live/active network information.

	conf: Introduce virStoragePoolDefFormatBuf
	When modifying config/status XML, it might be handy to include some
	additional XML elements (e.g. <poolstate>). In order to do so,
	introduce new formatting function virStoragePoolDefFormatBuf and make
	virStoragePoolDefFormat call it.

2015-04-02  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix dom0 balloon logic
	Recent testing on large memory systems revealed a bug in the Xen xl
	tool's freemem() function.  When autoballooning is enabled, freemem()
	is used to ensure enough memory is available to start a domain,
	ballooning dom0 if necessary.  When ballooning large amounts of memory
	from dom0, freemem() would exceed its self-imposed wait time and
	return an error.  Meanwhile, dom0 continued to balloon.  Starting the
	domain later, after sufficient memory was ballooned from dom0, would
	succeed.  The libvirt implementation in libxlDomainFreeMem() suffers
	the same bug since it is modeled after freemem().

	In the end, the best place to fix the bug on the Xen side was to
	slightly change the behavior of libxl_wait_for_memory_target().
	Instead of failing after caller-provided wait_sec, the function now
	blocks as long as dom0 memory ballooning is progressing.  It will return
	failure only when more memory is needed to reach the target and wait_sec
	have expired with no progress being made.  See xen.git commit fd3aa246.
	There was a dicussion on how this would affect other libxl apps like
	libvirt

	http://lists.xen.org/archives/html/xen-devel/2015-03/msg00739.html

	If libvirt containing this patch was build against a Xen containing
	the old libxl_wait_for_memory_target() behavior, libxlDomainFreeMem()
	will fail after 30 sec and domain creation will be terminated.
	Without this patch and with old libxl_wait_for_memory_target() behavior,
	libxlDomainFreeMem() does not succeed after 30 sec, but returns success
	anyway.  Domain creation continues resulting in all sorts of fun stuff
	like cpu soft lockups in the guest OS.  It was decided to properly fix
	libxl_wait_for_memory_target(), and if anything improve the default
	behavior of apps using the freemem reference impl in xl.

	xl was patched to accommodate the change in libxl_wait_for_memory_target()
	with xen.git commit 883b30a0.  This patch does the same in the libxl
	driver.  While at it, I changed the logic to essentially match
	freemem() in $xensrc/tools/libxl/xl_cmdimpl.c.  It was a bit cleaner
	IMO and will make it easier to spot future, potentially interesting
	divergences.

2015-04-02  Martin Kletzander  <mkletzan@redhat.com>

	Typos: Get rid of dependan(t|cies)
	Dependant is flagged as wrong in US dictionary (only valid in UK
	dictionary, and even then, it has only the financial sense and not the
	inter-relatedness sense that we are more prone to be wanting throughout
	code).

	docs: Add Host sFlow into monitoring apps
	Reported-by: Peter Phaal <peter.phaal@gmail.com>

2015-04-02  Huanle Han  <hanxueluo@gmail.com>

	hostdev: Fix index error in loop after remove an element
	'virPCIDeviceList' is actually an array. Removing one element makes the
	rest of the element move.

	Use while loop, increase index only when not virPCIDeviceListDel(pcidevs, dev)

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix xlconfigtest with older libxl
	Commit cd5dc30 added this test, but it fails if
	LIBXL_HAVE_BUILDINFO_USBDEVICE_LIST is not defined:

	6) Xen XM-2-XML Format fullvirt-multiusb
	... libvirt:  error : unsupported configuration: multiple USB
	devices not supported
	FAILED

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Auto add virtio-serial controllers
	In virDomainVirtioSerialAddrNext, add another controller
	if we've exhausted all ports of the existing controllers.

	https://bugzilla.redhat.com/show_bug.cgi?id=1076708

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Assign an address when hotplugging a virtio-serial device

	Expand the address set when attaching a virtio-serial controller

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Allocate virtio-serial addresses when starting a domain
	Instead of always using controller 0 and incrementing port number,
	respect the maximum port numbers of controllers and use all of them.

	Ports for virtio consoles are quietly reserved, but not formatted
	(neither in XML nor on QEMU command line).

	Also rejects duplicate virtio-serial addresses.
	https://bugzilla.redhat.com/show_bug.cgi?id=890606
	https://bugzilla.redhat.com/show_bug.cgi?id=1076708

	Test changes:
	* virtio-auto.args
	  Filling out the port when just the controller is specified.
	  switched from using
	    maxport + 1
	  to:
	    first free port on the controller
	* virtio-autoassign.args
	  Filling out the address when no <address> is specified.
	  Started using all the controllers instead of 0, also discards
	  the bus value.
	* xml -> xml output of virtio-auto
	  The port assignment is no longer done as a part of XML parsing,
	  so the unspecified values stay 0.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Add functions to track virtio-serial addresses
	Create a sorted array of virtio-serial controllers.
	Each of the elements contains the controller index
	and a bitmap of available ports.

	Buses are not tracked, because they aren't supported by QEMU.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Add test for virtio serial port assignment
	Add a test to demonstrate the effect of automatic virtio-serial
	address assignment.

2015-04-02  John Ferlan  <jferlan@redhat.com>

	scsi: Remove unused 'type_path' in processLU
	Seems to be a remnant that was never cleaned up from original submit...

	iscsi: Fix exit path for virStorageBackendISCSIFindLUs failure
	If the call to virStorageBackendISCSIGetHostNumber failed, we set
	retval = -1, but yet still called virStorageBackendSCSIFindLUs.
	Need to add a goto cleanup - while at it, adjust the logic to
	initialize retval to -1 and only changed to 0 (zero) on success.

	iscsi: Use error message from virStorageBackendSCSIFindLUs
	Don't supercede the error message virStorageBackendSCSIFindLUs as the
	message such as "error: Failed to find LUs on host 60: ..." is not overly
	clear as to what the real problem might be.

2015-04-02  Erik Skultety  <eskultet@redhat.com>

	conf: Introduce virStoragePoolSaveXML
	Make XML definition saving more generic by moving the common code into
	virStoragePoolSaveXML and leave case specific code to
	PoolSave{Status,Config,...} functions.

	storage: Remove unused attribute conn from 'checkPool' callback
	In order to be able to use 'checkPool' inside functions which do not
	have any connection reference, 'conn' attribute needs to be discarded
	from the checkPool's signature, since it's not used by any storage backend
	anyway.

2015-04-02  Luyao Huang  <lhuang@redhat.com>

	qemuDomainBlockCopy: Check @granularity to be a power of two
	https://bugzilla.redhat.com/show_bug.cgi?id=1206479

	As described in virDomainBlockCopy() parameters description, the
	VIR_DOMAIN_BLOCK_COPY_GRANULARITY parameter may require the value to
	have some specific attributes (e.g. be a power of two or fall within a
	certain range). And in qemu, a power of two is required. However, our
	code does not check that and let qemu operation fail. Moreover, the
	virsh man page is not as exact as it could be in this respect.

2015-04-02  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfodata: Remove broken symlinks and uneeded files
	The 7c3c7f217ebae5 and f5c2d6 commits introduced a nodeinfo test.
	In order to do that, some parts of sysfs had to be copied.
	However, sysfs is full of symlinks, so during copying some
	symlinks broke. Remove them, as on different systems they can
	point to different files or be broken. At the same time, we don't
	need all files added in those commits. For instance we don't care
	about 'uevent' files, 'power' folders, and others.

2015-04-02  zhang bo  <oscar.zhangbo@huawei.com>

	qemu: lifecycle: make agent-mode shutdown and reboot timeout
	When we shutdown/reboot a guest using agent-mode, if the guest itself blocks infinitely,
	libvirt would block in qemuAgentShutdown() forever.
	Thus, we set a timeout for shutdown/reboot, from our experience, 60 seconds would be fine.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in cmdVcpuPin

	virsh: remove stale comment
	Copied from the vcpupin command, which has two modes of operation.

2015-04-02  Shanzhi Yu  <shyu@redhat.com>

	conf: Rename virDomainHasDiskMirror and detect block jobs properly
	virDomainHasDiskMirror() currently detects only jobs that add the mirror
	elements. Since some operations like migration are interlocked by
	existing block jobs on the given domain the check needs to be
	instrumented to check regular jobs too.

	This patch renames virDomainHasDiskMirror to virDomainHasDiskBlockjob
	and adds an argument that allows to select that it returns true only for
	block copy jobs as those interlock making the domain persistent.

	Other two uses trigger on any block job type.

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Check for block jobs individually
	If any disk of a VM was involved in a (copy) block job we refused to do
	a snapshot. As not only copy jobs interlock snapshots and the
	interlocking is applicable to individual disks only we can make the
	check in a more individual fashion and interlock all block job types
	supported by libvirt.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203628

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Remove unnecessary includes from virsh.h
	Include them in the files that need them instead.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Remove unused includes from virsh
	After splitting out most of virsh command, some includes
	are no longer needed.

	Some files have the libXML includes despite not needing them.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Clean up headers in src/util/virutil.h
	* "verify.h" from gnulib is included in internal.h
	* <sys/select.h> is no longer needed
	  added by commit da196338 to use fd_set in virExec prototype

	Do not include cpu_map.h in libvirtd.c
	No longer needed after commit dd47723

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Use the DEFAULT_DRIVER_DIR macro
	Unused since commit bc2f42a0.

	Move it under the WITHOUT_DRIVER_MODULES #ifdef
	and start using it again.

2015-04-02  Ján Tomko  <jtomko@redhat.com>

	Remove unused macros
	In the order of appearance:

	* MAX_LISTEN - never used
	  added by 23ad665c (qemud) and addec57 (lock daemon)

	* NEXT_FREE_CLASS_ID - never used, added by 07d1b6b

	* virLockError - never used, added by eb8268a4

	* OPENVZ_MAX_ARG, CMDBUF_LEN, CMDOP_LEN
	  unused since the removal of ADD_ARG_LIT in d8b31306

	* QEMU_NB_PER_CPU_STAT_PARAM - unused since 897808e

	* QEMU_CMD_PROMPT, QEMU_PASSWD_PROMPT - unused since 1dc10a7

	* TEST_MODEL_WORDSIZE - unused since c25c18f7

	* TEMPDIR - never used, added by 714bef5

	* NSIG - workaround around old headers
	  added by commit 60ed1d2
	  unused since virExec was moved by commit 02e8691

	* DO_TEST_PARSE - never used, added by 9afa006

	* DIFF_MSEC, GETTIMEOFDAY - unused since eee6eb6

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Copy bitmap in a sane way
	Use virBitmapNewCopy instead of a combination of virBitmapNew and
	virBitmapCopy.

	qemu: cgroup: Kill qemuSetupCgroupVcpuPin()
	The function doesn't make sense. There's a simpler way to achieve the
	same.

	qemu: cgroup: Kill qemuSetupCgroupIOThreadsPin()
	The function doesn't make sense. There's a simpler way to achieve the
	same.

	qemu: cgroup: Rename qemuSetupCgroupEmulatorPin to qemuSetupCgroupCpusetCpus
	The function is used to set cpuset.cpus in various other helpers.

	qemu: cgroup: Use priv->autoCpuset instead of using qemuPrepareCpumap()
	Two places would call to qemuPrepareCpumap() with priv->autoNodeset to
	convert it to a cpuset. Remove the function and use the prepared cpuset
	automatically.

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Properly set up vcpu pinning
	When the default cpuset or automatic numa placement is used libvirt
	would place the whole parent cgroup in the specified cpuset. This then
	disallowed to re-pin the vcpus to a different cpu.

	This patch pins only the vcpu threads to the default cpuset and thus
	allows to re-pin them later.

	The following config would fail to start:
	<domain type='kvm'>
	  ...
	  <vcpu placement='static' cpuset='0-1' current='2'>4</vcpu>
	  <cputune>
	    <vcpupin vcpu='0' cpuset='2-3'/>
	    ...

	This is a regression since a39f69d2b.

2015-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Refactor setup for IOThread cgroups
	Use the default or auto cpuset if they are provided for IOThreads.

	qemu: cgroup: Store auto cpuset instead of re-creating it on demand
	The automatic cpuset can be stored along with automatic nodeset and it
	does not have to be recreated when used.

	Bump version to 1.2.15 for new dev cycle

2015-04-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.14
	- docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: regenerated localization

2015-03-31  Cole Robinson  <crobinso@redhat.com>

	tests: nodeinfo: Add test for RHELSA on APM mustang
	This would have caught the bug fixed by Wei's commit c13de016

	tests: nodeinfo: Test F21 aarch64 on APM mustang

2015-03-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Synchronously update backing chain in XML on ABORT/PIVOT
	When the synchronous pivot option is selected, libvirt would not update
	the backing chain until the job was exitted. Some applications then
	received invalid data as their job serialized first.

	This patch removes polling to wait for the ABORT/PIVOT job completion
	and replaces it with a condition. If a synchronous operation is
	requested the update of the XML is executed in the job of the caller of
	the synchronous request. Otherwise the monitor event callback uses a
	separate worker to update the backing chain with a new job.

	This is a regression since 1a92c719101e5bfa6fe2b78006ad04c7f075ea28

	When the ABORT job is finished synchronously you get the following call
	stack:
	 #0  qemuBlockJobEventProcess
	 #1  qemuDomainBlockJobImpl
	 #2  qemuDomainBlockJobAbort
	 #3  virDomainBlockJobAbort

	While previously or while using the _ASYNC flag you'd get:
	 #0  qemuBlockJobEventProcess
	 #1  processBlockJobEvent
	 #2  qemuProcessEventHandler
	 #3  virThreadPoolWorker

2015-03-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: Extract internals of processBlockJobEvent into a helper
	Later on I'll be adding a condition that will allow to synchronise a
	SYNC block job abort. The approach will require this code to be called
	from two different places so it has to be extracted into a helper.

	qemu: processBlockJob: Don't unlock @vm twice
	Commit 1a92c719 moved code to handle block job events to a different
	function that is executed in a separate thread. The caller of
	processBlockJob handles locking and unlocking of @vm, so the we should
	not do it in the function itself.

2015-03-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockCopy: Pass adjusted bandwidth when called via blockRebase
	The block copy API takes the speed in bytes/s rather than MiB/s that was
	the prior approach in virDomainBlockRebase. We correctly converted the
	speed to bytes/s in the old API but we still called the common helper
	virDomainBlockCopyCommon with the unadjusted variable.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1207122

2015-03-30  Luyao Huang  <lhuang@redhat.com>

	virsh: blockCopy: Add missing jump on error path
	The overflow check for the bandwidth parameter did not jump to the
	cleanup label.

	Additionally virsh should use vshError instead of virReportError.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206987

2015-03-30  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetNumaParameters: Check for the correct CGroup controller
	When getting info on NUMA parameters for domain,
	virCgroupGetCpusetMems() may be called. However, as of 43b67f2e
	the call is guarded by check if memory controller is present.
	Even though it may be not obvious instantly, NUMA parameters are
	stored under cpuset controller. Therefore the check needs to look
	like this:

	  if (!virCgroupHasController(priv->cgroup,
	                              VIR_CGROUP_CONTROLLER_CPUSET) ||
	      virCgroupGetCpusetMems(priv->cgroup, &nodeset) < 0) {

2015-03-30  Michal Privoznik  <mprivozn@redhat.com>

	virCgroupController: Check the enum fits into 'int'
	Throughout our code, the virCgroupController enum is used in two ways.
	First as an index to an array of cgroup controllers:

	struct virCgroup {
	    char *path;

	    struct virCgroupController controllers[VIR_CGROUP_CONTROLLER_LAST];
	};

	Second way is that when calling virCgroupNew() a bitmask of the enum
	items can be passed to selectively detect only some controllers. For
	instance:

	int
	virCgroupNewVcpu(virCgroupPtr domain,
	                 int vcpuid,
	                 bool create,
	                 virCgroupPtr *group)
	{
	    ...
	    controllers = ((1 << VIR_CGROUP_CONTROLLER_CPU) |
	                   (1 << VIR_CGROUP_CONTROLLER_CPUACCT) |
	                   (1 << VIR_CGROUP_CONTROLLER_CPUSET));

	    if (virCgroupNew(-1, name, domain, controllers, group) < 0)
	        goto cleanup;
	}

	Even though it's highly unlikely that so many new controllers will be
	invented so that we would overflow when constructing the bitmask, it
	doesn't hurt to check at compile time either.

2015-03-30  Michal Privoznik  <mprivozn@redhat.com>

	virCgroupNew: Enhance debug message
	When creating new internal representation of cgroups, all passed
	arguments are logged. Well, except for two: pid and pointer for
	return value. Lets log them too.

	virCgroupNewPartition: Fix comment
	The function has no argument named @name rather than @path
	instead.  The comment is, however, referring to @name while it
	should have been referring to @path really.

2015-03-28  Eric Blake  <eblake@redhat.com>

	build: avoid variable named 'interface', for mingw
	Commit 2f36e6944 (re-)introduced a use of an identifier 'interface',
	which causes this build failure on mingw:

	../../tools/virsh-domain-monitor.c: In function 'cmdDomIfAddr':
	../../tools/virsh-domain-monitor.c:2233:17: error: expected identifier or '(' before 'struct'
	     const char *interface = NULL;
	                      ^

	See also commit 6512c8b.  Sadly, I'm not quite sure how to write a
	syntax check that can poison the use of this identifier.

	* tools/virsh-domain-monitor.c (cmdDomIfAddr): Use ifacestr instead.

2015-03-27  John Ferlan  <jferlan@redhat.com>

	vircgroup: Fix build issue mingw cross compile
	Commit id '2dbfa716' exposed virCgroupDetectMountsFromFile, but did not
	add the corresponding entry in the "#else /* !VIR_CGROUP_SUPPORTED */"
	section of the module.

	vircgroup: Fix build issue on mingw cross compile
	Commit id 'ba1dfc5' added virCgroupSetCpusetMemoryMigrate and
	virCgroupGetCpusetMemoryMigrate, but did not add the corresponding
	entry points into the "#else /* !VIR_CGROUP_SUPPORTED */" section

2015-03-27  Pavel Hrdina  <phrdina@redhat.com>

	tests: introduce qemucaps2xmlmock
	We need to mock virFileExists to return true for "/dev/kvm" because the
	test should not depend on host system.

	Revert "qemucaps2xmltest: fix test to successfully run without kvm support"
	This reverts commit 49bf09d16cb7050795f6963a2746d686a2fbaece.  That
	commit is wrong and doesn't fix the issue.

	virnetlink: fix build error
	Commint 0473b45cc introduced new function virNetlinkDelLink, but in
	it's counterpart for non-linux platform there should be ATTRIBUTE_UNUSED
	instead of ATTRIBUTE_UNSUPPORTED.

2015-03-27  Shanzhi Yu  <shyu@redhat.com>

	qemu: end the job when try to blockcopy to non-file destination
	Blockcopy to non-file destination is not supported according the code,
	but a 'goto endjob' is missed after checking the destination.

	This leads to calling drive-mirror with wrong parameters.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1206406

2015-03-27  Wei Huang  <wei@redhat.com>

	nodeinfo: Increase the num of CPU thread siblings to a larger value
	Current libvirt can only handle up to 1023 bytes when it
	reads Linux sysfs topology/thread_siblings. This isn't enough for
	Linux distributions that support a large value. This patch fixes
	the problem by using VIR_ALLOC()/VIR_FREE(), instead of using a
	fixed-size (1024) local char array. In the meanwhile
	SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX is increased to 8192 which
	should be large enough for a foreseeable future.

2015-03-26  Eric Blake  <eblake@redhat.com>

	relaxng: allow : in /dev/disk/by-path names
	On IRC, Hydrar pointed a problem where 'virsh edit' failed on
	his domain created through an ISCSI pool managed by virt-manager,
	all because the XML included a block device with colons in the
	name.

	* docs/schemas/basictypes.rng (absFilePath): Add colon as safe.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.xml: New file.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-iscsi.args: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Test it.

2015-03-26  Konrad Rzeszutek Wilk  <konrad@kernel.org>

	libxl: Fix memory leak if pthread_create fails.
	If we fail to create the thread we leak the shutdown_info
	structure.

2015-03-26  Laine Stump  <laine@laine.org>

	util: use netlink to create bridge devices
	Just as it is possible to delete a bridge device with the netlink
	RTM_DELLINK message, one can be created with the RTM_NEWLINK
	message. Because of differences in the format of the message, it's not
	as straightforward as with virNetlinkDelLink() to create a single
	utility function that can be used to create any type of interface, so
	the new netlink version of virNetDevBridgeCreate() does its own
	construction of the netlink message and calls virNetlinkCommand()
	itself.

	This doesn't provide any extra functionality, just provides symmetry
	with the previous commit.

	NB: We *could* alter the API of virNetDevBridgeCreate() to take a MAC
	address, and directly program that mac address into the bridge (by
	adding an IFLA_ADDRESS attribute, as is done in
	virNetDevMacVLanCreate()) rather than separately creating the "dummy
	tap" (e.g. virbr0-nic) to maintain a fixed mac address on the bridge,
	but the commit history of virnetdevbridge.c shows that the presence of
	this dummy tap is essential in some older versions of the kernel
	(between 2.6.39 and 3.1 or 3.2, possibly?) to proper operation of IPv6
	DAD, and I don't want to take the chance of breaking something that I
	don't have the time/setup to test (my RHEL6 box is at kernel
	2.6.32-544, and the next lowest kernel I have is 3.17)

2015-03-26  Laine Stump  <laine@laine.org>

	util: use netlink to delete bridge devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1125755

	reported that a stray bridge device was left on the system when a
	libvirt network failed to start due to an illegal iptables rule caused
	by bad config. Apparently the reason this was happening was that
	NetworkManager was noticing immediately when the bridge device was
	created and automatically setting it IFF_UP. libvirt would then try to
	setup the iptables rules, get an error back, and since libvirt had
	never IFF_UPed the bridge, it didn't expect that it needed to set it
	~IFF_UP before deleting it during the cleanup process. But the
	ioctl(SIOCBRDELBR) ioctl will fail to delete a bridge if it is IFF_UP.

	Since that bug was reported, NetworkManager has gotten a bit more
	polite in this respect, but just in case something similar happens in
	the future, this patch switches to using the netlink RTM_DELLINK
	message to delete the bridge - unlike SIOCBRDELBR, it will delete the
	requested bridge no matter what the setting of IFF_UP.

2015-03-26  Laine Stump  <laine@laine.org>

	util: replace body of virNetDevMacVLanDelete() with virNetlinkDelLink()
	These two functions are identical, so no sense in having the
	duplication. I resisted the temptation to replace calls to
	virNetDevMacVLanDelete() with calls to virNetlinkDelLink() just in
	case some mythical future platform has macvtap devices that aren't
	managed with netlink (or in case we some day need to do more than just
	tell the kernel to delete the device).

	util: netlink function to delete any network device
	libvirt has always used the netlink RTM_DELLINK message to delete
	macvtap/macvlan devices, but it can actually be used to delete other
	types of network devices, such as bonds and bridges. This patch makes
	virNetDevMacVLanDelete() available as a generic function so it can
	intelligibly be called to delete these other types of interfaces.

2015-03-26  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Usual update to latest gnulib status.  In particular this update
	fixes at least one issue that can be seen in libvirt, by silencing
	a valgrind detection of uninitialized memory:
	https://bugzilla.redhat.com/show_bug.cgi?id=1174147

	* .gnulib: Update to latest.
	* bootstrap: Resync to gnulib.

2015-03-26  Ján Tomko  <jtomko@redhat.com>

	Rename DomainGetIOThreadsInfo to DomainGetIOThreadInfo
	While it returns info about multiple threads, the version
	without the plural is easier to read.

	Rename qemuMonitorIOThreadsInfo* to qemuMonitorIOThreadInfo*
	It only deals with a single thread.

	Rename virDomainIOThreadsInfoFree to virDomainIOThreadInfoFree
	This function only frees the info for one thread.

	virsh: rename iothreadsinfo to iothreadinfo
	The plural seems unnecessary.

2015-03-26  Luyao Huang  <lhuang@redhat.com>

	qemu: command: Fix property name for start address of a pc-dimm module
	Starting a qemu VM with a memory module that has the base address
	specified results in the following error:

	 error: internal error: early end of file from monitor: possible problem:
	 2015-03-26T03:45:52.338891Z qemu-kvm: -device pc-dimm,node=0,memdev=memdimm0,
	 id=dimm0,slot=0,base=4294967296: Property '.base' not found

	The correct property name for the base address is 'addr'.

2015-03-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Give hint about -noTSX CPU model
	Because of the microcode update to Haswell/Broadwell CPUs, existing
	domains using these CPUs may fail to start even though they used to run
	just fine. To help users solve this issue we try to suggest switching to
	-noTSX variant of the CPU model:

	    virsh # start cd
	    error: Failed to start domain cd
	    error: unsupported configuration: guest and host CPU are not
	    compatible: Host CPU does not provide required features: rtm, hle;
	    try using 'Haswell-noTSX' CPU model

2015-03-26  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add {Haswell,Broadwell}-noTSX CPU models
	QEMU 2.3 adds these new models to cover Haswell and Broadwell CPUs with
	updated microcode. Luckily, they also reverted former the machine type
	specific changes to existing models. And since these changes were never
	released, we don't need to hack around them in libvirt.

2015-03-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Check for empty network source when formatting drive cmd
	Use the virStorageSourceIsEmpty helper to determine whether the drive
	source is empty rather than checking for src->path. This will fix start
	of VM with empty network cdrom that would not report any error.

2015-03-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Report error when formatting network source with protocol _NONE
	The function that formats the string for network drives would return
	error code but did not set the error message when called on storage
	source with VIR_STORAGE_NET_PROTOCOL_LAST or _NONE.

	Report an error in this case if it would ever be called in that way.

2015-03-25  Amy Fong  <amy.fong@windriver.com>

	build: fix race when creating the cpu_map.xml symlink
	In some circumstances where the build tree differs from the source,
	libvirt's compile will try to create the symlink for cpu_map.xml before
	creating the directory $(abs_builddir)/cpu:

	'src/cpu/cpu_map.xml': No such file or directory'

	Do not create the symlink, it is no longer needed after
	commit e562e82f
	    Load CPU map from builddir when run uninstalled

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuxml2xml: Test status XML formatting and parsing
	Recently we've fixed a bug where the status XML could not be parsed as
	the parser used absolute path XPath queries. This test enhancement tests
	all XML files used in the qemu-xml-2-xml test as a part of a status XML
	snippet to see whether they are parsed correctly. The status XML-2-XML is
	currently tested in 223 cases with this patch.

	util: buffer: Add support for adding text blocks with indentation
	The current auto-indentation buffer code applies indentation only on
	complete strings. To allow adding a string containing newlines and
	having it properly indented this patch adds virBufferAddStr.

2015-03-25  Guido Günther  <agx@sigxcpu.org>

	Don't validata filesystem target type
	When using QEMU's 9pfs the target "dir" element is not necessarily an
	absolute path but merely an arbitrary identifier. So validation in that
	case currently fails with the misleading

	   $ virt-xml-validate /tmp/test.xml
	   Relax-NG validity error : Extra element devices in interleave
	   /tmp/test.xml:24: element devices: Relax-NG validity error : Element domain failed to validate content
	   /tmp/test.xml fails to validate

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	rpc: Don't unref identity object while callbacks still can be executed
	While this thread is cleaning up the client and connection objects:
	 #2  virFileReadAll (path=0x7f28780012b0 "/proc/1319/stat", maxlen=maxlen@entry=1024, buf=buf@entry=0x7f289c60fc40) at util/virfile.c:1287
	 #3  0x00007f28adbb1539 in virProcessGetStartTime (pid=<optimized out>, timestamp=timestamp@entry=0x7f289c60fc98) at util/virprocess.c:838
	 #4  0x00007f28adb91981 in virIdentityGetSystem () at util/viridentity.c:151
	 #5  0x00007f28ae73f17c in remoteClientFreeFunc (data=<optimized out>) at remote.c:1131
	 #6  0x00007f28adcb7f33 in virNetServerClientDispose (obj=0x7f28aecad180) at rpc/virnetserverclient.c:858
	 #7  0x00007f28adba8eeb in virObjectUnref (anyobj=<optimized out>) at util/virobject.c:265
	 #8  0x00007f28ae74ad05 in virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x7f28aec93ff0) at rpc/virnetserver.c:205
	 #9  0x00007f28adbbef4e in virThreadPoolWorker (opaque=opaque@entry=0x7f28aec88030) at util/virthreadpool.c:145

	In stack frame #6 the client->identity object got unref'd, but the code
	that removes the event callbacks in frame #5 did not run yet as we are
	trying to obtain the system identity (frames #4, #3, #2).

	In other thead:
	 #0  virObjectUnref (anyobj=anyobj@entry=0x7f288c162c60) at util/virobject.c:264
	        klass = 0xdeadbeef
	        obj = 0x7f288c162c60
	 #1  0x00007f28ae71c709 in remoteRelayDomainEventCheckACL (client=<optimized out>, conn=<optimized out>, dom=dom@entry=0x7f28aecaafc0) at remote.c:164
	 #2  0x00007f28ae71fc83 in remoteRelayDomainEventTrayChange (conn=<optimized out>, dom=0x7f28aecaafc0, ... ) at remote.c:717
	 #3  0x00007f28adc04e53 in virDomainEventDispatchDefaultFunc (conn=0x7f287c0009a0, event=0x7f28aecab1a0, ...) at conf/domain_event.c:1455
	 #4  0x00007f28adc03831 in virObjectEventStateDispatchCallbacks (callbacks=<optimized out>, ....) at conf/object_event.c:724
	 #5  virObjectEventStateQueueDispatch (callbacks=0x7f288c083730, queue=0x7fff51f90030, state=0x7f288c18da20) at conf/object_event.c:738
	 #6  virObjectEventStateFlush (state=0x7f288c18da20) at conf/object_event.c:816
	 #7  virObjectEventTimer (timer=<optimized out>, opaque=0x7f288c18da20) at conf/object_event.c:562
	 #8  0x00007f28adb859cd in virEventPollDispatchTimeouts () at util/vireventpoll.c:459

	Frame #0 is unrefing an invalid identity object while frame #2 hints
	that the client is still dispatching the event.

	For untrimmed backtrace see the bugzilla attachment.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1203030

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	daemon: Clear fake domain def object that is used to check ACL prior to use
	The fake object is used to pass the domain name and UUID to the ACL code
	for events where we don't have the full domain def when dispatching
	events. The rest of the entries would be left uninitialized. While this
	is not a problem code-wise as the used fields are initialized it looks
	ugly in the debugger.

	util: identity: Harden virIdentitySetCurrent()
	Don't unref the old identity unless we set the new one correctly and
	unref the new one on failure to set it so that we don't leak any
	references or use invalid pointers.

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	tests: qemuxml2xml: Refactor the qemuxml2xml test
	To allow adding more tests, refactor the XML-2-XML test so that the
	files are not reloaded always and clarify the control flow.

	Result of this changes is that the active and inactive portions of the
	XML are tested in separate steps rather than one test step.

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: domain: Don't leak device alias list
	While adding tests for status XML parsing and formatting I've noticed
	that the device alias list is leaked.

	==763001== 81 (48 direct, 33 indirect) bytes in 1 blocks are definitely lost in loss record 414 of 514
	==763001==    at 0x4C2B8F0: calloc (vg_replace_malloc.c:623)
	==763001==    by 0x6ACF70F: virAllocN (viralloc.c:191)
	==763001==    by 0x447B64: qemuDomainObjPrivateXMLParse (qemu_domain.c:727)
	==763001==    by 0x6B848F9: virDomainObjParseXML (domain_conf.c:15491)
	==763001==    by 0x6B84CAC: virDomainObjParseNode (domain_conf.c:15608)

2015-03-25  Pavel Hrdina  <phrdina@redhat.com>

	qemucaps2xmltest: fix test to successfully run without kvm support
	Function virQEMUCapsInitGuestFromBinary detect kvm support by testing
	whether /dev/kvm exists or whether we pass path to kvmbin.  Provide the
	path we are testing via kvmbin for testing purpose instead of detecting
	presence of /dev/kvm to successfully run the tests on all hosts.

2015-03-25  Luyao Huang  <lhuang@redhat.com>

	qemu: Report better error when memory device source has wrong NUMA node
	When starting a VM with hotpluggable memory devices the user may specify
	an invalid source NUMA node. Libvirt would pass through the error from
	qemu:

	 # virsh start test3
	 error: Failed to start domain test3
	 error: internal error: process exited while connecting to monitor:
	 2015-03-25T01:12:17.205913Z qemu-kvm: -object memory-backend-ram,id=memdimm0
	 ,size=536870912,host-nodes=1-3,policy=bind: cannot bind memory to host NUMA nodes:
	 Invalid argument

	This patch adds a check that allows to report better error:

	 # virsh start test3
	 error: Failed to start domain test3
	 error: configuration unsupported: NUMA node 1 is unavailable

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	util: NUMA: Change error code in virNumaNodesetIsAvailable()
	An invalid nodeset is a configuration problem rather than an internal
	error.

2015-03-25  Luyao Huang  <lhuang@redhat.com>

	conf: Add missing apostrophe to error message

2015-03-25  Pavel Hrdina  <phrdina@redhat.com>

	Makefile: fix typo
	Commit 95695388 introduced new util/virthreadjob.c/h files but the
	makefile has type that breaks rpm build.

2015-03-25  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: route element must specify network address
	because network address is required by route, so
	here we should add one avoid user misunderstand.

	docs: no 'via' attribute in route element
	via -> gateway

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add timing to domain jobs
	Whenever we fail to acquire a job, we can report how long ago it was
	locked by another API.

	https://bugzilla.redhat.com/show_bug.cgi?id=853839

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Track the API which started the current job
	This is very helpful when we want to log and report why we could not
	acquire a state change lock. Reporting what job keeps it locked helps
	with understanding the issue. Moreover, after calling
	virDomainGetControlInfo, it's possible to tell whether libvirt is just
	stuck somewhere within the API (or it just forgot to cleanup the job) or
	whether libvirt is waiting for QEMU to reply.

	The error message will look like the following:

	    # virsh resume cd
	    error: Failed to resume domain cd
	    error: Timed out during operation: cannot acquire state change lock
	    (held by remoteDispatchDomainSuspend)

	https://bugzilla.redhat.com/show_bug.cgi?id=853839

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	Set thread job for every RPC call
	Since all APIs are also RPC calls, we automatically get all APIs covered
	with thread jobs.

	virThreadPool: Set thread worker name
	Every thread created as a worker thread within a pool gets a name
	according to virThreadPoolJobFunc name.

	virThread: Set thread job
	Automatically assign a job to every thread created by virThreadCreate.
	The name of the virThreadFunc function passed to virThreadCreate is used
	as the job or worker name in case no name is explicitly passed.

	Force usage of virThreadCreate
	We want all threads to be set as workers or to have a job assigned to
	them, which can easily be achieved in virThreadCreate wrapper to
	pthread_create. Let's make sure we always use the wrapper.

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	Add support for tracking thread jobs
	Each thread can use a thread local variable to keep the name of a job
	which is currently running in the job.

	The virThreadJobSetWorker API is supposed to be called once by any
	thread which is used as a worker, i.e., it is waiting in a pool, woken
	up to do a job, and returned back to the pool.

	The virThreadJobSet/virThreadJobClear APIs are to be called at the
	beginning/end of each job.

2015-03-25  Jiri Denemark  <jdenemar@redhat.com>

	POTFILES.in: Sort

2015-03-25  Ján Tomko  <jtomko@redhat.com>

	Document that USB hostdevs do not need nodeDettach
	The virNodeDeviceDettach API only works on PCI devices.

	Originally added by commit 10d3272e, but the API never
	supported USB devices.

	Reported by: Martin Polednik <mpolednik@redhat.com>

2015-03-25  Peter Krempa  <pkrempa@redhat.com>

	rpc: serverclient: Clear pointer with NULL instead of 0

2015-03-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove per-domain libxl_ctx
	Although needed in the Xen 4.1 libxl days, there is no longer any
	benefit to having per-domain libxl_ctx.  On the contrary, their use
	makes the code unecessarily complicated and prone to deadlocks under
	load.  As suggested by the libxl maintainers, use a single libxl_ctx
	as a handle to libxl instead of per-domain ctx's.

	One downside to using a single libxl_ctx is there are no longer
	per-domain log files for log messages emitted by libxl.  Messages
	for all domains will be sent to /var/log/libvirt/libxl/libxl-driver.log.

2015-03-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: make libxlDomainFreeMem static
	libxlDomainFreeMem() is only used in libxl_domain.c and thus should
	be declared static.  While at it, change the signature to take a
	libxl_ctx instead of libxlDomainObjPrivatePtr, since only the
	libxl_ctx is needed.

	libxl: remove unnecessary libxlDomainEventsRegister
	This function now only enables domain death events.  Simply call
	libxl_evenable_domain_death() instead of an unnecessary wrapper.

	libxl: use global libxl_ctx in event handler
	Change the domain event handler code to use the driver-wide
	libxl_ctx instead of the domain-specific one.

	libxl: move event registration to driver initialization
	Register a domain event handler with the driver-wide libxl_ctx
	during driver initialization.

	libxl: Move setup of child processing code to driver initialization
	Informing libxl how to handle its child proceses should be done once
	during driver initialization, not once for each domain-specific
	libxl_ctx object.  The related libxl documentation in
	$xen-src/tools/libxl/libxl_event.h even mentions that "it is best to
	call this at initialisation".

2015-03-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: use driver-wide ctx in fd and timer event handling
	Long ago I incorrectly associated libxl fd and timer registrations
	with per-domain libxl_ctx objects.  When creating a libxlDomainObjPrivate,
	a libxl_ctx is allocated, and libxl_osevent_register_hooks is called
	passing a pointer to the libxlDomainObjPrivate.  When an fd or timer
	registration occurred, the registration callback received the
	libxlDomainObjPrivate, containing the per-domain libxl_ctx.  This
	libxl_ctx was then used when informing libxl about fd events or
	timer expirations.

	The problem with this approach is that fd and timer registrations do not
	share the same lifespan as libxlDomainObjPrivate, and hence the per-domain
	libxl_ctx ojects.  The result is races between per-domain libxl_ctx's being
	destoryed and events firing on associated fds/timers, typically manifesting
	as an assert in libxl

	libxl_internal.h:2788: libxl__ctx_unlock: Assertion `!r' failed

	There is no need to associate libxlDomainObjPrivate objects with libxl's
	desire to use libvirt's event loop.  Instead, the driver-wide libxl_ctx can
	be used for the fd and timer registrations.

	This patch moves the fd and timer handling code away from the
	domain-specific code in libxl_domain.c into libxl_driver.c.  While at it,
	function names were changed a bit to better describe their purpose.

	The unnecessary locking was also removed since the code simply provides a
	wrapper over the event loop interface.  Indeed the locks may have been
	causing some deadlocks when repeatedly creating/destroying muliple domains.
	There have also been rumors about such deadlocks during parallel OpenStack
	Tempest runs.

2015-03-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix set vcpus on host without NUMA
	We don't have to modify cpuset.mems on hosts without NUMA.  It also
	fixes an error message that you get instead of success if you trying
	update vcpus of a guest on a host without NUMA.

	error: internal error: NUMA isn't available on this host

	Signer-off-by: Pavel Hrdina <phrdina@redhat.com>

2015-03-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: cleanup setvcpus
	Remove unnecessary maximum variable.

2015-03-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: move virDomainLiveConfigHelperMethod right after BeginJob
	We should call virDomainLiveConfigHelperMethod ASAP because this
	function transfers VIR_DOMAIN_AFFECT_CURRENT to VIR_DOMAIN_AFFECT_LIVE
	or VIR_DOMAIN_AFFECT_CONFIG.  All other additional checks for those two
	flags should consider that the user give us VIR_DOMAIN_AFFECT_CURRENT.

	Remove the unnecessary check whether the domain is live in case of
	VIR_DOMAIN_VCPU_GUEST because this check is done by
	virDomainLiveConfigHelperMethod.

2015-03-24  Ján Tomko  <jtomko@redhat.com>

	Document behavior of compat when creating qcow2 volumes
	Commit bab2eda changed the behavior for missing compat attribute,
	but failed to update the documentation.

	Before, the option was omitted from qemu-img command line and the
	qemu-img default was used. Now we always specify the compat value
	and the default is 0.10.

	Reported by Christophe Fergeau
	https://bugzilla.gnome.org/show_bug.cgi?id=746660#c4

2015-03-24  Ján Tomko  <jtomko@redhat.com>

	Fix typo in error message
	by rewriting it completely from:
	error: unsupported configuration: virtio only support device address
	type 'PCI'

	to:

	error: unsupported configuration: virtio disk cannot have an address of type
	drive

	Since we now support CCW addresses as well.

2015-03-24  Laine Stump  <laine@laine.org>

	qemu: change accidental VIR_WARNING back to VIR_DEBUG
	While debugging the support for responding to qemu RX_FILTER_CHANGED
	events, I had changed the "ignoring this event" log message from
	VIR_DEBUG to VIR_WARN, but forgot to change it back before
	pushing. Since many guest OSes make enough changes to multicast lists
	and/or promiscuous mode settings to trigger this message, it's
	starting to show up as a red herring in bug reports.

2015-03-24  Pavel Hrdina  <phrdina@redhat.com>

	qemucaps2xmltest: fix the test to correspond to new domain formatting
	Commit 2360fe5d updated formating of <domain> element but forgot to
	update qemucaps2xmldata xml files.  In addition the test code was broken
	too.  Update the xml files and return -1 if testCompareXMLToXML fails
	together with indentation fix.

2015-03-24  Luyao Huang  <lhuang@redhat.com>

	conf: fix parsing of NUMA settings in VM status XML
	Commit 5bba61f changed the XPath strings to be absolute when parsing
	the VM NUMA configuration. Unfortunately the <domain> element is not a
	top level element when parsing the domain status XML thus the absolute
	XPath string doesn't match.

	Use the relative string so that the <numa> settings are not lost.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement memory device hotunplug
	Add code to hot-remove memory devices from qemu. Unfortunately QEMU
	doesn't support this right now, so this is just for completenes.

	qemu: Implement memory device hotplug
	Add code to hot-add memory devices to running qemu instances.

	qemu: conf: Add support for memory device cold(un)plug
	Add a few helpers that allow to operate with memory device definitions
	on the domain config and use them to implement memory device coldplug in
	the qemu driver.

	qemu: add support for memory devices
	Add support to start qemu instance with 'pc-dimm' device. Thanks to the
	refactors we are able to reuse the existing function to determine the
	parameters.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Forbid migration with memory modules lacking info
	Make sure that libvirt has all vital information needed to reliably
	represent configuration of guest's memory devices in case of a
	migration.

	This patch forbids migration in case the required slot number and module
	base address are not present (failed to be loaded from qemu via
	monitor).

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: memdev: Add infrastructure to load memory device information
	When using 'dimm' memory devices with qemu, some of the information
	like the slot number and base address need to be reloaded from qemu
	after process start so that it reflects the actual state. The state then
	allows to use memory devices across migrations.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Add interface to parse and format memory device information
	This patch adds code that parses and formats configuration for memory
	devices.

	A simple configuration would be:
	<memory model='dimm'>
	  <target>
	    <size unit='KiB'>524287</size>
	    <node>0</node>
	  </target>
	</memory>

	A complete configuration of a memory device:
	<memory model='dimm'>
	  <source>
	    <pagesize unit='KiB'>4096</pagesize>
	    <nodemask>1-3</nodemask>
	  </source>
	  <target>
	    <size unit='KiB'>524287</size>
	    <node>1</node>
	  </target>
	</memory>

	This patch preemptively forbids use of the <memory> device in individual
	drivers so the users are warned right away that the device is not
	supported.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Add device address type for dimm devices
	Dimm devices are described by the slot and base address. Add a new
	address type to be able to describe such address.

	qemu: Implement setup of memory hotplug parameters
	To enable memory hotplug the maximum memory size and slot count need to
	be specified. As qemu supports now other units than mebibytes when
	specifying memory, use the new interface in this case.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Add support for parsing and formatting max memory and slot count
	Add a XML element that will allow to specify maximum supportable memory
	and the count of memory slots to use with memory hotplug.

	To avoid possible confusion and misuse of the new element this patch
	also explicitly forbids the use of the maxMemory setting in individual
	drivers's post parse callbacks. This limitation will be lifted when the
	support is implemented.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	libxl: Refactor logic in domain post parse callback
	With the current control flow the post parse callback returned success
	right away for fully virtualized VMs. To allow adding additional checks
	into the post parse callback tweak the conditions so that the function
	doesn't return early except for error cases.

	To clarify the original piece of code borrow the wording from the commit
	message for the patch that introduced the code.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Don't leak @props with non-JSON in qemuMonitorAddObject
	The function comment states that @props is always consumed, even on
	failure. This was not true with the failure if the monitor is not using
	QMP.

2015-03-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't return memory device config on error in qemuBuildMemoryBackendStr
	In the last section if the function determines that the config is
	invalid when QEMU doesn't support the memory device the JSON config
	object would be returned even if it doesn't make sense.

	Assign the object to be returned only on success.

2015-03-23  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Set default SCSI controller model for S390 arch
	When no model is specified in the domain definition for
	a scsi controller and the architectur is s390 than virtio-scsi
	is set as default model.

	Reviewed-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
	Reviewed-by: Stefan Zimmermann <stzi@linux.vnet.ibm.com>
	Reviewed-by: Jens Freimann <jfrei@linux.vnet.ibm.com>
	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2015-03-23  Natanael Copa  <ncopa@alpinelinux.org>

	Fix underlinking of libvirt_driver_interface.so
	Always add udev linker flags when WITH_UDEV is enabled to avoid
	underlinking.

	See commit 43dbcb15 (interface: always build all available backends)

2015-03-23  Michael Chapman  <mike@very.puzzling.org>

	qemu: skip precreation of network disks
	Commit cf54c60699833b3791a5d0eb3eb5a1948c267f6b introduced the ability
	to create missing storage volumes during migration. For network disks,
	however, we may not necessarily be able to detect whether they already
	exist -- there is no straight-forward way to map the disk to a storage
	volume, and even if there were it's possible no configured storage pool
	actually contains the disk.

	It is better to assume the network disk exists in this case, rather than
	aborting the migration completely. If the volume really is missing, QEMU
	will generate an appropriate error later in the migration.

2015-03-23  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Drop virNetworkObjIsDuplicate
	This function does not make any sense now, that network driver is
	(almost) dropped. I mean, previously, when threads were
	serialized, this function was there to check, if no other network
	with the same name or UUID exists. However, nowadays that threads
	can run more in parallel, this function is useless, in fact it
	gives misleading return values. Consider the following scenario.
	Two threads, both trying to define networks with same name but
	different UUID (e.g. because it was generated during XML parsing
	phase, whatever). Lets assume that both threads are about to call
	networkValidate() which immediately calls
	virNetworkObjIsDuplicate().

	T1: calls virNetworkObjIsDuplicate() and since no network with
	given name or UUID exist, success is returned.
	T2: calls virNetworkObjIsDuplicate() and since no network with
	given name or UUID exist, success is returned.

	T1: calls virNetworkAssignDef() and successfully places its
	network into the virNetworkObjList.
	T2: calls virNetworkAssignDef() and since network with the same
	name exists, the network definition is replaced.

	Okay, this is mainly because virNetworkAssignDef() does not check
	whether name and UUID matches. Well, lets make it so! And drop
	useless function too.

2015-03-23  Michal Privoznik  <mprivozn@redhat.com>

	objecteventtest: Check for virNetwork* return values
	Lets not give a bad example and check for return values of
	virNetwork* APIs called within the test. Even though it's
	unlikely that any API will fail, it can happen. We're connected
	to the test driver after all, and our API sequence is correct. So
	test driver should fail only in case of bug or OOM.

2015-03-23  Michal Privoznik  <mprivozn@redhat.com>

	networkStateInitialize: Don't lock network driver
	There's no need to lock the network driver, as network driver
	initialization is done prior accepting any client. There's nobody
	to hop in and do something over partially initialized driver. Nor
	qemu driver is doing that.

	==30532== Observed (incorrect) order is: acquisition of lock at 0x1439EF50
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x5307E86: virObjectLock (virobject.c:323)
	==30532==    by 0x5396440: virNetworkObjListForEach (network_conf.c:4511)
	==30532==    by 0x19B29308: networkStateInitialize (bridge_driver.c:686)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)
	==30532==    by 0xA4EDC8C: clone (in /lib64/libc-2.19.so)
	==30532==
	==30532==  followed by a later acquisition of lock at 0x1439CD60
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x19B27B2C: networkDriverLock (bridge_driver.c:102)
	==30532==    by 0x19B27B60: networkGetDnsmasqCaps (bridge_driver.c:113)
	==30532==    by 0x19B2856A: networkUpdateState (bridge_driver.c:389)
	==30532==    by 0x53963E9: virNetworkObjListForEachHelper (network_conf.c:4488)
	==30532==    by 0x52E2224: virHashForEach (virhash.c:521)
	==30532==    by 0x539645B: virNetworkObjListForEach (network_conf.c:4512)
	==30532==    by 0x19B29308: networkStateInitialize (bridge_driver.c:686)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==
	==30532== Required order was established by acquisition of lock at 0x1439CD60
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x19B27B2C: networkDriverLock (bridge_driver.c:102)
	==30532==    by 0x19B28DF9: networkStateInitialize (bridge_driver.c:609)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)
	==30532==    by 0xA4EDC8C: clone (in /lib64/libc-2.19.so)
	==30532==
	==30532==  followed by a later acquisition of lock at 0x1439EF50
	==30532==    at 0x4C31A26: pthread_mutex_lock (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0x5324895: virMutexLock (virthread.c:88)
	==30532==    by 0x5307E86: virObjectLock (virobject.c:323)
	==30532==    by 0x538A09C: virNetworkAssignDef (network_conf.c:527)
	==30532==    by 0x5391EB2: virNetworkLoadState (network_conf.c:3008)
	==30532==    by 0x53922D4: virNetworkLoadAllState (network_conf.c:3128)
	==30532==    by 0x19B2929A: networkStateInitialize (bridge_driver.c:671)
	==30532==    by 0x53E1CCC: virStateInitialize (libvirt.c:777)
	==30532==    by 0x11DEB7: daemonRunStateInit (libvirtd.c:906)
	==30532==    by 0x5324B6A: virThreadHelper (virthread.c:197)
	==30532==    by 0x4C30456: ??? (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==30532==    by 0xA1EC1F2: start_thread (in /lib64/libpthread-2.19.so)

2015-03-23  Martin Kletzander  <mkletzan@redhat.com>

	Fix common misspellings
	Wikipedia's list of common misspellings [1] has a machine-readable
	version.  This patch fixes those misspellings mentioned in the list
	which don't have multiple right variants (as e.g. "accension", which can
	be both "accession" and "ascension"), such misspellings are left
	untouched.  The list of changes was manually re-checked for false
	positives.

	[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines

2015-03-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Migrate memory on numatune change
	We've never set the cpuset.memory_migrate value to anything, keeping it
	on default.  However, we allow changing cpuset.mems on live domain.
	That setting, however, don't have any consequence on a domain unless
	it's going to allocate new memory.

	I managed to make 'virsh numatune' move all the memory to any node I
	wanted even without disabling libnuma's numa_set_membind(), so this
	should be safe to use with it as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1198497

2015-03-20  Martin Kletzander  <mkletzan@redhat.com>

	cgroup: Add accessors for cpuset.memory_migrate

2015-03-20  Eric Blake  <eblake@redhat.com>

	maint: update .mailmap for recent contributions
	Deepak Shetty has changed preferred email address since prior
	contributions.

2015-03-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: use xenlight pkgconfig file if present
	xen.git commit babeca32 added a pkgconfig file for libxenlight,
	allowing libxl apps to determine the location of Xen binaries
	such as firmware blobs, device emulator, etc.

	This patch adds support for xenlight.pc in the libxl driver, falling
	back to the previous configure logic if not found.  It introduces
	LIBXL_FIRMWARE_DIR and LIBXL_EXECBIN_DIR to define the firmware and
	libexec_bin locations.  If xenlight.pc does not exist, the defines
	are set to the current hardcoded paths.  The capabilities'
	<emulator> and <loader> elements are updated to use the paths.

2015-03-19  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix libvirt crash if parallelsNetworkOpen fails
	If, by any reason, parallelsNetworkOpen fails it dereferences
	newly allocated privconn->networks via virObjectUnref, which in
	turn deallocates its memory.
	Subsequent call of parallelsNetworkClose calls virObjectUnref
	that leads to double memory free. To prevent this we should zero
	privconn->networks to make all subsequent virObjectUnref be safe.

2015-03-19  Luyao Huang  <lhuang@redhat.com>

	qemu: do not overwrite the error in qemuDomainObjExitMonitor
	https://bugzilla.redhat.com/show_bug.cgi?id=1196934

	When qemu exits during startup, libvirt includes the error from
	/var/log/libvirt/qemu/vm.log in the error message:

	$ virsh start test3
	error: Failed to start domain test3
	error: internal error: early end of file from monitor: possible problem:
	2015-02-27T03:03:16.985494Z qemu-kvm: -numa memdev is not supported by
	machine rhel6.5.0

	The check for domain liveness added to qemuDomainObjExitMonitor
	in commit dc2fd51f sometimes overwrites this error:
	$ virsh start test3
	error: Failed to start domain test3
	error: operation failed: domain is no longer running

	Fix the check to only report an error if there is none set.

2015-03-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: Don't overwrite errors from xenconfig
	When converting domXML from native, the libxl driver was overwriting
	useful errors from the xenconfig parsing code with a useless, generic
	error.  E.g. "internal error: parsing xm config failed" vs
	"internal error: config value usbdevice was malformed".  Remove the
	redundant (and useless) error reporting in the libxl driver.

2015-03-18  John Ferlan  <jferlan@redhat.com>

	qemu: Fix two issues in qemuDomainSetVcpus error handling
	Issue #1 - A call to virBitmapNew did not check if the allocation
	failed which could lead to a NULL dereference

	Issue #2 - When deleting the pin entries from the config file, the
	code loops from the number of elements down to the "new" vcpu count;
	however, the pin id values are numbered 0..n-1 not 1..n, so the "first"
	pin attempt would never work. Luckily the check was for whether the
	incoming 'n' (vcpu id) matched the entry in the array from 0..arraysize
	rather than a dereference of the 'n' entry

2015-03-18  Deepak Shetty  <dpkshetty@gmail.com>

	doc: Fix doc for backingStore
	I spent quite some time figuring that backingStore info
	isn't included in the dom xml, unless guest is up and
	running. Hopefully putting that in the doc should help.

	Also, several people have complained that libvirt reports
	a backing file as raw, even though they expected it to be
	qcow2; where the culprit is usually the user forgetting to
	create the file with qemu-img create -o backing_fmt=qcow2.

	This patch adds that info to the doc.

2015-03-18  Eric Blake  <eblake@redhat.com>

	qemu: track 'cancelling' migration state
	In qemu 2.3, the migration status will include 'cancelling' in the
	window between when an asynchronous cancel has been requested and
	when the migration is actually halted.  Previously, qemu hid this
	state and reported 'active'.  Libvirt manages the sequence okay
	even when the string is unrecognized (that is, it will report an
	unknown state:

	Migration: [ 69 %]^Cerror: internal error: unexpected migration status in cancelling.

	but the migration is still cancelled), but recognizing the string
	makes for a smoother user experience.

	* src/qemu/qemu_monitor.h
	(QEMU_MONITOR_MIGRATION_STATUS_CANCELLING): Add enum.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrationStatus): Map it.
	* src/qemu/qemu_migration.c (qemuMigrationUpdateJobStatus): Adjust
	clients.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetMigrationStatusReply): Likewise.

2015-03-18  Laine Stump  <laine@laine.org>

	util: more verbose error when failing to create macvtap device
	Investigation of a problem with creating passthrough macvtap devices
	(https://bugzilla.redhat.com/show_bug.cgi?id=1185501) has shown that
	this slightly more verbose failure message is useful. In particular,
	the mac address can be used to determine the domain. You could also
	figure this out by looking at preceding messages in a debug log, but
	this gets it in a single place.

	util: clean up #includes of virnetdevopenvswitch.h
	virnetdevopenvswitch.h declares a few functions that can be called to
	add ports to and remove them from OVS bridges, and retrieve the
	migration data for a port. It does not contain any data definitions
	that are used by domain_conf.h. But for some reason, domain_conf.h
	virnetdevopenvswitch.h should be directly #including it. This adds a
	few lines to the project, but saves all the files that don't need it
	from the extra computing, and makes the dependencies more clear cut.

2015-03-18  zhang bo  <oscar.zhangbo@huawei.com>

	util: vhost user: support for bootindex
	Problem Description:
	When we set boot order for a vhost-user network interface, we found the boot index
	doesn't work.

	Cause of the Problem:
	In the function qemuBuildVhostuserCommandLine(), it forcely set the arg bootindex of
	function qemuBuildNicDevStr() to 0. Thus, the bootindex parameter got missing.

	Solution:
	Trans the arg bootindex down.

2015-03-18  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: don't prevent domain define if VIR_DOMAIN_NET_TYPE_BRIDGE
	network adapter is used

	parallels: switch off offline management feature
	which is on by default when a new VM/CT is created.
	We should do this because this feature can't be controlled
	by libvirt now and it sets up some iptables rules. So it's
	better to do this to avoid potential conflict of different
	set of rules or to avoid unexpected behavior.

	parallels: make E1000 network adapter model default
	and set adapter model specified in xml

	parallels: set correct network adapter link state
	when a new network adapter device is added

	parallels: better bridge network interface support
	In order to support 'bridge' network adapters in parallels
	driver we need to plug our veth devices into corresponding
	linux bridges.
	We are going to do this by reusing our abstraction of
	Virtual Networks in terms of PCS. On a domain creation, we
	create a new Virtual Network naming it with the same name
	as a source bridge for each network  interface.
	Having done this, we plug PCS veth interfaces created with names of
	target dev into specified bridges using our standard PCS procedures

	parallels: fix parallelsLoadNetworks
	Don't fail initialization of parallels driver if
	parallelsLoadNetwork fails for optional networks.
	This can happen when some of them are added manually
	and configured incompletely. PCS requires only two networks
	created automatically (named Host-Only and Bridged), others
	are optional and their incompleteness can be ignored.

	parallels: introduce and use string constants for network types and names

2015-03-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Distribute tests/vircgroupdata
	My commit 2dbfa71 added test data for vircgrouptest but forgot to
	distribute the new directory.

2015-03-18  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	The following is a long winded way to say this patch is avoiding a
	false positive.

	Coverity complains that calling networkPlugBandwidth() could eventually
	end up with a NULL dereference on iface->bandwidth because in the
	networkAllocateActualDevice there's a check of 'iface->bandwidth'
	before deciding to try to use the 'portgroup' if it exists or to not
	perferm the virNetDevBandwidthCopy if 'bandwidth' is not NULL.

	Later in networkPlugBandwidth the 'iface->bandwidth' is sourced from
	virDomainNetGetActualBandwidth - which would be either iface->bandwidth
	or (preferably) iface->data.network.actual->bandwidth which would have
	been filled in from either 'iface->bandwidth' or 'portgroup->bandwidth'
	back in networkAllocateActualDevice

	There *is* a check in networkCheckBandwidth for the result of the
	virDomainNetGetActualBandwidth being NULL and a return 1 based on
	that which would cause networkPlugBandwidth to exit properly and thus
	never hit the condition that Coverity complains about.

	However, since Coverity checks all paths - it somehow believes that
	a return of 0 by networkCheckBandwidth in this condition would end
	up causing the possible NULL dereference. The "fix" to silence Coverity
	is to not have networkCheckBandwidth also call virDomainNetGetActualBandwidth
	in order to get the ifaceBand, but rather have it accept it as an argument
	which causes Coverity to "see" that it's the exit condition of 1 that won't
	have the possible NULL dereference.  Since we're passing that, I added the
	passing of iface->mac rather than passing iface as well. This just hopefully
	makes sure someone doesn't undo this in the future...

2015-03-18  Jiri Denemark  <jdenemar@redhat.com>

	Use PAUSED state for domains that are starting up
	When libvirt is starting a domain, it reports the state as SHUTOFF until
	it's RUNNING. This is not ideal because domain startup may take a long
	time (usually because of some configuration issues, firewalls blocking
	access to network disks, etc.) and domain lists provided by libvirt look
	awkward. One can see weird shutoff domains with IDs in a list of active
	domains or even shutoff transient domains. In any case, it looks more
	like a bug in libvirt than a normal state a domain goes through.

	tests: Add tests for virCgroupDetectMounts

2015-03-18  Michal Privoznik  <mprivozn@redhat.com>

	qemuGetDHCPInterfaces: Don't leak @network
	The function needs a pointer to the network to get list of DHCP
	leases. The pointer is obtained via virNetworkLookupByName() which
	requires callers to free the returned network once no longer needed.
	Otherwise it's leaked.

	cmdDomIfAddr: Free @ip_addr_str
	The variable holds formatted suffix to each line printed out
	(address type, address and prefix). However, the variable is
	never freed. At the same time, honour fact, that data held in
	the variable is not constant.

	qemuAgentGetInterfaces: Don't error out on missing HW address
	Now that we allow HW address to be not present on our RPC layer,
	don't error out if qemu-ga hasn't provided any.

	virsh: Adapt to new HW address scenario
	Make sure we don't print (null) (which in fact is printf()'s
	cleverness anyway, not ours). If no HW address is present, print
	"N/A" string just like we do for other fields.

	RPC: Allow HW address in remote_domain_interface struct to be NULL
	Not all NICs (esp. the virtual ones like TUN) must have a hardware
	address. Teach our RPC that it's possible.

2015-03-17  Eric Blake  <eblake@redhat.com>

	qemu: read backing chain names from qemu
	https://bugzilla.redhat.com/show_bug.cgi?id=1199182 documents that
	after a series of disk snapshots into existing destination images,
	followed by active commits of the top image, it is possible for
	qemu 2.2 and earlier to end up tracking a different name for the
	image than what it would have had when opening the chain afresh.
	That is, when starting with the chain 'a <- b <- c', the name
	associated with 'b' is how it was spelled in the metadata of 'c',
	but when starting with 'a', taking two snapshots into 'a <- b <- c',
	then committing 'c' back into 'b', the name associated with 'b' is
	now the name used when taking the first snapshot.

	Sadly, older qemu doesn't know how to treat different spellings of
	the same filename as identical files (it uses strcmp() instead of
	checking for the same inode), which means libvirt's attempt to
	commit an image using solely the names learned from qcow2 metadata
	fails with a cryptic:

	error: internal error: unable to execute QEMU command 'block-commit': Top image file /tmp/images/c/../b/b not found

	even though the file exists.  Trying to teach libvirt the rules on
	which name qemu will expect is not worth the effort (besides, we'd
	have to remember it across libvirtd restarts, and track whether a
	file was opened via metadata or via snapshot creation for a given
	qemu process); it is easier to just always directly ask qemu what
	string it expects to see in the first place.

	As a safety valve, we validate that any name returned by qemu
	still maps to the same local file as we have tracked it, so that
	a compromised qemu cannot accidentally cause us to act on an
	incorrect file.

	* src/qemu/qemu_monitor.h (qemuMonitorDiskNameLookup): New
	prototype.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskNameLookup):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskNameLookup): New function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskNameLookup)
	(qemuMonitorJSONDiskNameLookupOne): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit)
	(qemuDomainBlockJobImpl): Use it.

2015-03-17  Antoni Segura Puimedon  <toni@midokura.com>

	network: Add midonet virtual port type support to qemu
	Use the utilities introduced in the previous patches so the qemu
	driver is able to create tap devices that are bound (and unbound
	on domain destroyal) to Midonet virtual ports.

2015-03-17  Antoni Segura Puimedon  <toni@midokura.com>

	docs: schema and docs for the midonet virtualport type
	Midonet is an opensource virtual networking that over lays the IP
	network between hypervisors. Currently, such networks can be made
	with the openvswitch virtualport type.

	This patch, defines the schema and documentation that will serve
	as basis for the follow up patches that will add support to libvirt
	for using Midonet virtual ports for its interfaces. The schema
	definition requires that the port profile expresses its interfaceid
	as part of the port profile. For that reason, this is part of the
	patch too.

2015-03-17  Antoni Segura Puimedon  <toni@midokura.com>

	util: functions to support binding/unbinding midonet virtualports
	Adds the port type definitions and methods that will be used to bind
	interfaces to the Midonet virtual ports.

	virtnetdevmidonet.c adds the way to bind and unbind the ports by
	calling into the Midonet Host Agent control command line (installed
	with the midolman package).

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	conf: disk: Simplify checking if source definition was parsed
	Previously we had to check for 3 fields to see if the source was filled.
	Repurpose one of the variables as a boolean flag and use it instead of
	combining multiple sources.

	For the condition that checks that only CDROM/FLOPPY drives can be empty
	we can use the virStorageSourceIsEmpty() helper.

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix check for empty storage device
	If the storage device type is parsed as network our parser still allows
	it to omit the <source> element. The empty drive check would not trigger
	on such device as it expects that every network storage source is valid.

	Use VIR_STORAGE_NET_PROTOCOL_NONE as a marker that the storage source is
	empty.

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Fix cold-update of removable storage devices
	Only selected fields from the disk source were copied when cold updating
	source in a CDROM drive. When such drive was backed by a network file
	this resulted into corruption of the definition:

	    <disk type='network' device='cdrom'>
	      <driver name='qemu' type='raw' cache='none'/>
	      <source protocol='gluster' name='gluster-vol1(null)'>
	        <host name='localhost'/>
	      </source>
	      <target dev='vdc' bus='virtio'/>
	      <readonly/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
	    </disk>

	Update the whole source instead of cherry-picking elements.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1166024

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Use checker function to check if disk is empty

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Fix the change-media command
	The command did not modify the disk type and thus didn't allow to change
	media from a file image to a block backed image or vice versa. In
	addition when operating on a network backed removable devices the
	command would replace the while <source> subelement with an invalid one.

	This patch adds the --block option that allows to specify that the new
	image is block backed and assumes that without that option all images
	are file backed. Since network backends were always mangled it should
	not cause problems.

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Add --print-xml flag for command change-media
	Allow printing the XML that would be used mostly for debugging purposes.

2015-03-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Don't use vshPrepareDiskXML for creating XML to detach disk
	Since cmdDetachDisk() calls into vshPrepareDiskXML() with
	type == VSH_PREPARE_DISK_XML_NONE && source == NULL this would result
	into skipping all the checks and effectively turn the function into a
	XML formatter.

	This patch changes the code to use the formatter directly so that the
	function can be refactored in a easier way.

2015-03-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels_sdk.c: minor cleanup
	Fix indentation in prlsdkGetNetInf()o, remove unnecessary error
	message in prlsdkDomainChangeState(), remove unnecessary job
	freeing in prlsdkLoadDomains().

2015-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	domifaddr: Add virsh support
	tools/virsh-domain-monitor.c
	   * Introduce new command : domifaddr
	     Usage: domifaddr <domain> [interface] [--full] [--source lease|agent]

	     Example outputs:
	     virsh # domifaddr f20
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     lo         00:00:00:00:00:00    ipv4         127.0.0.1/8
	     -          -                    ipv6         ::1/128
	     vnet0      52:54:00:2e:45:ce    ipv4         10.1.33.188/24
	     -          -                    ipv6         2001:db8:0:f101::2/64
	     -          -                    ipv6         fe80::5054:ff:fe2e:45ce/64
	     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
	     -          -                    ipv4         192.168.201.195/16
	     -          -                    ipv6         fe80::5054:ff:feb1:7019/64
	     vnet2      52:54:00:36:2a:e5    N/A          N/A
	     vnet3      52:54:00:20:70:3d    ipv4         192.168.105.240/16
	     -          -                    ipv6         fe80::5054:ff:fe20:703d/64

	     virsh # domifaddr f20 eth1 --source lease
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     vnet1      52:54:00:b1:70:19    ipv4         192.168.105.201/16
	     -          -                    ipv4         192.168.201.195/16
	     -          -                    ipv6         fe80::5054:ff:feb1:7019/64

	     virsh # domifaddr f20 eth0 --source agent --full
	     Name       MAC address          Protocol     Address
	     -------------------------------------------------------------------------------
	     eth0       52:54:00:2e:45:ce    ipv4         10.1.33.188/24
	     eth0       52:54:00:2e:45:ce    ipv6         2001:db8:0:f101::2/64
	     eth0       52:54:00:2e:45:ce    ipv6         fe80::5054:ff:fe2e:45ce/64

	tools/virsh.pod
	   * Document new command

2015-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	domifaddr: Implement the API for qemu
	By querying the qemu guest agent with the QMP command
	"guest-network-get-interfaces" and converting the received JSON
	output to structured objects.

	Although "ifconfig" is deprecated, IP aliases created by "ifconfig"
	are supported by this API. The legacy syntax of an IP alias is:
	"<ifname>:<alias-name>". Since we want all aliases to be clubbed
	under parent interface, simply stripping ":<alias-name>" suffices.
	Note that IP aliases formed by "ip" aren't visible to "ifconfig",
	and aliases created by "ip" do not have any specific name. But
	we are lucky, as qemu guest agent detects aliases created by both.

	src/qemu/qemu_agent.h:
	  * Define qemuAgentGetInterfaces

	src/qemu/qemu_agent.c:
	  * Implement qemuAgentGetInterface

	src/qemu/qemu_driver.c:
	  * New function qemuGetDHCPInterfaces
	  * New function qemuDomainInterfaceAddresses

	src/remote_protocol-sructs:
	  * Define new structs

	tests/qemuagenttest.c:
	  * Add new test: testQemuAgentGetInterfaces
	    Test cases for IP aliases, 0 or multiple ipv4/ipv6 address(es)

2015-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	domifaddr: Implement the remote protocol
	daemon/remote.c
	   * Define remoteSerializeDomainInterface, remoteDispatchDomainInterfaceAddresses

	src/remote/remote_driver.c
	   * Define remoteDomainInterfaceAddresses

	src/remote/remote_protocol.x
	   * New RPC procedure: REMOTE_PROC_DOMAIN_INTERFACE_ADDRESSES
	   * Define structs remote_domain_ip_addr, remote_domain_interface,
	     remote_domain_interfaces_addresse_args, remote_domain_interface_addresses_ret
	   * Introduce upper bounds (to handle DoS attacks):
	     REMOTE_DOMAIN_INTERFACE_MAX = 2048
	     REMOTE_DOMAIN_IP_ADDR_MAX = 2048
	     Restrictions on the maximum number of aliases per interface were
	     removed after kernel v2.0, and theoretically, at present, there
	     are no upper limits on number of interfaces per virtual machine
	     and on the number of IP addresses per interface.

	src/remote_protocol-structs
	   * New structs added

2015-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	domifaddr: Implement the public APIs
	Define helper function virDomainInterfaceFree, which allows
	the upper layer application to free the domain interface object
	conveniently.

	The API is going to provide multiple methods by flags, e.g.
	  * Query guest agent
	  * Parse DHCP lease file

	include/libvirt/libvirt-domain.h
	  * Define virDomainInterfaceAddresses, virDomainInterfaceFree
	  * Define structs virDomainInterface, virDomainIPAddress

	src/driver-hypervisor.h:
	  * Define domainInterfaceAddresses

	src/libvirt-domain.c:
	  * Implement virDomainInterfaceAddresses
	  * Implement virDomainInterfaceFree

	src/libvirt_public.syms:
	  * Export the new symbols

2015-03-17  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix home directory for VMs
	Failures of parallelsStorageOpen occured because we incorrectly treated
	path to VM' configuration file as a directory. Now initialization of
	parallels VM domains home directory is fixed.

	parallels: don't forget to unlock domain if unregister fails

2015-03-17  Mikhail Feoktistov  <mfeoktistov@parallels.com>

	parallels: set cpu mode when applying xml configuration
	Otherwise exporting existing domain config and defining a new one like this:
	virsh -c parallels:///system dumpxml instance01 > my.xml
	virsh -c parallels:///system define my.xml
	leads to an error because PCS default x64 mode turns to x32.
	Thus, we need to set correct cpuMode in prlsdkDoApplyConfig() explicitly.

2015-03-17  Martin Kletzander  <mkletzan@redhat.com>

	conf: Use correct type for balloon stats period
	We're parsing memballoon status period as unsigned int, but when we're
	trying to set it, both we and qemu use signed int.  That means large
	values will get wrapped around to negative one resulting in error.
	Basically the same problem as commit e3a7b874 was dealing with when
	updating live domain.

	QEMU changed the accepted value to int64 in commit 1f9296b5, but even
	values as INT_MAX don't make sense since the value passed means seconds.
	Hence adding capability flag for this change isn't worth it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140958

2015-03-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't duplicate errors when settings stats period
	In order not to leave old error messages set, this patch refactors the
	code so the error is reported only when acted upon.  The only such place
	already rewrites any error, so cleaning up all the error reporting in
	qemuMonitorSetMemoryStatsPeriod() is enough.

	conf: Reorder elements inside memballoon
	All the devices we have format their address as its last sub-element, so
	let's change memballoon to follow suit.  Also adjust RNG to allow any
	order of them so 'virsh edit' doesn't shout at us.

	util: Make sure the comment about virBufferAddBuffer is true
	Change it so it really *always* eats the @toadd buffer.

2015-03-17  Pavel Hrdina  <phrdina@redhat.com>

	wireshark: fix VPATH build
	Add $(top_builddir) paths to INCLUDES to fix VPATH build.

2015-03-17  Luyao Huang  <lhuang@redhat.com>

	qemu_command: Fix some indentation and a typo

2015-03-16  Pavel Hrdina  <phrdina@redhat.com>

	rpm-build: use pkg-config to detect wireshark presence
	Wireshark supports pkg-config since 1.11.3.  Right now we build
	wireshark-dissectior tool as default trough rpm build only on
	fedora >= 21 and there is new wireshark that supports pkg-config.
	If someone wants to build libvirt with wireshark-dissector against old
	wireshark, they should specify the location by hand.

	This patch is mainly to fix wrong dependency on wireshark binary as it
	doesn't make sense to require that binary file to just get version info
	of that package in makefile.

2015-03-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix regression introduced by commit 4ab8cd77
	Commit 4ab8cd77 added a check requiring input devices to have
	a bus type of VIR_DOMAIN_INPUT_BUS_USB, failing to start the
	domain otherwise.  But virDomainDefParseXML adds implicit mouse
	and keyboard if a graphics device is configured.  See calls to
	virDomainDefMaybeAddInput.

	The regression is fixed by removing the check requiring USB input
	devices, and skipping non-USB input devices when populating USB
	'usbdevice' in libxl_domain_build_info struct.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: block-commit: Mark disk in block jobs only on successful command
	Patch 51f9f03a4ca50b070c0fbfb29748d49f583e15e1 introduces a regression
	where if a blockCommit operation fails the disk is still marked as being
	part of a block job but can't be unmarked later.

2015-03-16  Eric Blake  <eblake@redhat.com>

	daemon: avoid memleak when ListAll returns nothing
	Commit 4f25146 (v1.2.8) managed to silence Coverity, but at the
	cost of a memory leak detected by valgrind:
	==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
	==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
	==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
	==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
	==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
	==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
	==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)

	In short, every time a client calls a ListAll variant and asks
	for the resulting list, but there are 0 elements to return, we
	end up leaking the 1-entry array that holds the NULL terminator.

	What's worse, a read-only client can access these functions in a
	tight loop to cause libvirtd to eventually run out of memory; and
	this can be considered a denial of service attack against more
	privileged clients.  Thankfully, the leak is so small (8 bytes per
	call) that you would already have some other denial of service with
	any guest calling the API that frequently, so an out-of-memory
	crash is unlikely enough that this did not warrant a CVE.

	* daemon/remote.c (remoteDispatchConnectListAllDomains)
	(remoteDispatchDomainListAllSnapshots)
	(remoteDispatchDomainSnapshotListAllChildren)
	(remoteDispatchConnectListAllStoragePools)
	(remoteDispatchStoragePoolListAllVolumes)
	(remoteDispatchConnectListAllNetworks)
	(remoteDispatchConnectListAllInterfaces)
	(remoteDispatchConnectListAllNodeDevices)
	(remoteDispatchConnectListAllNWFilters)
	(remoteDispatchConnectListAllSecrets)
	(remoteDispatchNetworkGetDHCPLeases): Plug leak.

2015-03-16  John Ferlan  <jferlan@redhat.com>

	Remove virDomainIOThreadsPinDel
	This one is no longer necessary since the Vcpu and IOThreads API's share

	Replace virDomainVcpuPinDel with virDomainPinDel
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Replace virDomainIOThreadsPinAdd with virDomainPinAdd
	This one is no longer necessary since the Vcpu and IOThreads API's share

	Replace virDomainVcpuPinAdd with virDomainPinAdd
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinFindByVcpu into virDomainPinFindByVcpu
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinIsDuplicate into virDomainPinIsDuplicate
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefCopy into virDomainPinDefCopy
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefArrayFree to virDomainPinDefArrayFree
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainVcpuPinDefFree to virDomainPinDefFree
	Since both Vcpu and IOThreads code use the same API's, alter the naming
	of the API's to remove the "Vcpu" specific reference

	Convert virDomainPinDefPtr->vcpuid to virDomainPinDefPtr->id
	Since we're not specifically a vcpu related structure anymore...

2015-03-16  John Ferlan  <jferlan@redhat.com>

	Convert virDomainVcpuPinDefPtr to virDomainPinDefPtr
	As pointed out by jtomko in his review of the IOThreads pinning code:

	http://www.redhat.com/archives/libvir-list/2015-March/msg00495.html

	there are some comments sprinkled in indicating IOThreads were using
	the same structure as the VcpuPin code...

	This is the first patch of a few that will change the virDomainVcpuPin*
	structures and code to just virDomainPin* - starting with the data
	structure naming...

2015-03-16  John Ferlan  <jferlan@redhat.com>

	qemu: Fix possible memory leak in qemuDomainPinVcpuFlags
	During his review of the iothreads pin setting code, Pavel noted that
	there was a potential memory leak with respect to how the newVcpuPin
	is handled and the goto endjob's in failure paths which would not free
	the memory.  For reference, See:

	http://www.redhat.com/archives/libvir-list/2015-March/msg00415.html

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	conf: Make specifying <memory> optional
	Now that the size of guest's memory can be inferred from the NUMA
	configuration (if present) make it optional to specify <memory>
	explicitly.

	To make sure that memory is specified add a check that some form of
	memory size was specified. One side effect of this change is that it is
	no longer possible to specify 0KiB as memory size for the VM, but I
	don't think it would be any useful to do so. (I can imagine embedded
	systems without memory, just registers, but that's far from what libvirt
	is usually doing).

	Forbidding 0 memory for guests also fixes a few corner cases where 0 was
	not interpreted correctly and caused failures. (Arguments for numad when
	using automatic placement, size of the balloon). This fixes problems
	described in https://bugzilla.redhat.com/show_bug.cgi?id=1161461

	Test case changes are added to verify that the schema change and code
	behave correctly.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	conf: Automatically use NUMA memory size in case NUMA is enabled
	Use the NUMA total instead of the configured size both in XML and for
	uses in the code once NUMA is enabled for a domain.

	One test case change is necessary as the rounding of the individual cell
	sizes was not matching the rounding of the total size.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Add helper to align memory sizes
	The memory sizes in qemu are aligned up to 1 MiB boundaries. There are
	two places where this was done once for the total size and then for
	individual NUMA cell sizes.

	Add a function that will align the sizes in one place so that it's clear
	where the sizes are aligned.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	conf: Replace access to def->mem.max_balloon with accessor functions
	As there are two possible approaches to define a domain's memory size -
	one used with legacy, non-NUMA VMs configured in the <memory> element
	and per-node based approach on NUMA machines - the user needs to make
	sure that both are specified correctly in the NUMA case.

	To avoid this burden on the user I'd like to replace the NUMA case with
	automatic totaling of the memory size. To achieve this I need to replace
	direct access to the virDomainMemtune's 'max_balloon' field with
	two separate getters depending on the desired size.

	The two sizes are needed as:
	1) Startup memory size doesn't include memory modules in some
	hypervisors.
	2) After startup these count as the usable memory size.

	Note that the comments for the functions are future aware and document
	state that will be present after a few later patches.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: Disallow concurrent block jobs on a single disk
	While qemu may be prepared to do this libvirt is not. Forbid the block
	ops until we fix our code.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: event: Don't fiddle with disk backing trees without a job
	Surprisingly we did not grab a VM job when a block job finished and we'd
	happily rewrite the backing chain data. This made it possible to crash
	libvirt when queueing two backing chains tightly and other badness.

	To fix it, add yet another handler to the helper thread that handles
	monitor events that require a job.

2015-03-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Export qemuProcessFindDomainDiskByAlias

2015-03-16  Erik Skultety  <eskultet@redhat.com>

	qemu: Check for negative port values in network drive configuration
	We interpret port values as signed int (convert them from char *),
	so if a negative value is provided in network disk's configuration,
	we accept it as valid, however there's an 'unknown cause' error raised later.
	This error is only accidental because we return the port value in the return code.
	This patch adds just a minor tweak to the already existing check so we
	reject negative values the same way as we reject non-numerical strings.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1163553

2015-03-16  Erik Skultety  <eskultet@redhat.com>

	AUTHORS: add myself to commiters list

2015-03-15  Eric Blake  <eblake@redhat.com>

	network: avoid memory leak of dnsmasq capabilities
	Valgrind detected a leak:

	==17820== 102 (56 direct, 46 indirect) bytes in 1 blocks are definitely lost in loss record 479 of 646
	==17820==    at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==17820==    by 0x508521A: virAllocVar (viralloc.c:560)
	==17820==    by 0x50D9FCA: virObjectNew (virobject.c:193)
	==17820==    by 0x50A4FD9: dnsmasqCapsNewEmpty (virdnsmasq.c:784)
	==17820==    by 0x50A514E: dnsmasqCapsNewFromBinary (virdnsmasq.c:830)
	==17820==    by 0x1B508287: networkStateInitialize (bridge_driver.c:666)

	It looks like commit 172acef introduced the problem, because
	networkGetDnsmasqCaps() increments the reference count but an
	early exit never does a matching decrement.

	* src/network/bridge_driver.c (networkStateCleanup): Plug leak.

2015-03-15  Eric Blake  <eblake@redhat.com>

	netdev: silence valgrind warning about ioctl use
	Valgrind complained:

	==3770== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
	==3770==    at 0x919D407: ioctl (syscall-template.S:81)
	==3770==    by 0x530FE7E: rpl_ioctl (ioctl.c:42)
	==3770==    by 0x50CB433: virNetDevFeatureAvailable (virnetdev.c:2764)
	==3770==    by 0x50CB6A7: virNetDevGetFeatures (virnetdev.c:2830)
	==3770==    by 0x1F0E5347: udevProcessNetworkInterface (node_device_udev.c:722)
	==3770==    by 0x1F0E689F: udevGetDeviceDetails (node_device_udev.c:1300)
	==3770==    by 0x1F0E6E06: udevAddOneDevice (node_device_udev.c:1422)
	==3770==    by 0x1F0E6FB8: udevProcessDeviceListEntry (node_device_udev.c:1464)
	==3770==    by 0x1F0E70CF: udevEnumerateDevices (node_device_udev.c:1494)
	==3770==    by 0x1F0E7BB4: nodeStateInitialize (node_device_udev.c:1806)
	==3770==    by 0x51B4303: virStateInitialize (libvirt.c:777)
	==3770==    by 0x11DEE7: daemonRunStateInit (libvirtd.c:906)
	==3770==  Address 0x228e38d4 is on thread 12's stack
	==3770==  in frame #2, created by virNetDevFeatureAvailable (virnetdev.c:2750)

	* src/util/virnetdev.c (virNetDevFeatureAvailable): Initialize all
	bytes of ifr.

2015-03-15  Eric Blake  <eblake@redhat.com>

	virsh: fix report of non-active commit completion
	Commit f182da20 (v1.2.6) caused a slight regression in virsh
	reporting of a non-active block job; where it used to state
	"Commit complete", it now states "Now in synchronized phase".
	But the synchronized phase is only possible for an active commit.

	For a reproducer, I created a chain 'a <- b <- c <- d <- e' and
	ran virsh blockcommit $dom vda --top c --base a --verbose --wait

	* tools/virsh-domain.c (cmdBlockCommit): Synchronized phase is
	only possible on active commits.

2015-03-14  zhang bo  <oscar.zhangbo@huawei.com>

	util: don't fail if no PortData is found while getting migrateData
	Introduced by f6a2f97e

	Problem Description:
	After multiple times of migrating a domain, which has an ovs interface with no portData set,
	with non-shared disk, nbd ports got overflowed.

	The steps to reproduce the problem:
	1 define and start a domain with its network configured as:
	    <interface type='bridge'>
	          <source bridge='br0'/>
	          <virtualport type='openvswitch'>
	          </virtualport>
	          <model type='virtio'/>
	          <driver name='vhost' queues='4'/>
	    </interface>
	2 do not set the network's portData.
	3 migrate(ToURI2) it with flag 91(1011011), which means:
	  VIR_MIGRATE_LIVE
	  VIR_MIGRATE_PEER2PEER
	  VIR_MIGRATE_PERSIST_DEST
	  VIR_MIGRATE_UNDEFINE_SOURCE
	  VIR_MIGRATE_NON_SHARED_DISK
	4 migrate success, but we got an error log in libvirtd.log:
	  error : virCommandWait:2423 : internal error: Child process (ovs-vsctl --timeout=5 get Interface
	  vnet1 external_ids:PortData) unexpected exit status 1: ovs-vsctl: no key "PortData" in Interface
	  record "vnet1" column external_ids
	5 migrate it back, migrate it , migrate it back, .......
	6 nbd port got overflowed.

	The reasons for the problem is :
	1 virNetDevOpenvswitchGetMigrateData() takes it as wrong if no portData is available for  the ovs
	 interface of a domain. (We think it's not appropriate, as portData is just OPTIONAL)
	2 in func qemuMigrationBakeCookie(), it fails in qemuMigrationCookieAddNetwork(), and returns with -1.
	 qemuMigrationCookieAddNBD() is not called thereafter, and mig->nbd is still NULL.
	3 However, qemuMigrationRun() just *WARN* if qemuMigrationBakeCookie() fails, migration still successes.
	 cookie is NULL, it's not baked on the src side.
	4 On the destination side, it would alloc a port first and then free the nbd port in COOKIE.
	 But the cookie is NULL due to qemuMigrationCookieAddNetwork() failure at src side. thus the nbd port
	 is not freed.

	In this patch, we add "--if-exists" option to make ovs-vsctl not raise error if there's no portData available.
	Further more, because portData may be NULL in the cookie at the dest side, check it before setting portData.

2015-03-13  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: prevent attaching multiple netdevs with the same MAC
	It will not be possible to detach such device later. Also improve
	logging in such cases.

	conf: add virDomainHasNet
	virDomainNetFindIdx no longer returns info whether device was not found,
	or there was multiple matches. Additionally it already handle error
	reporting. Introduce virDomainHasNet which does a simple task, without
	implicit error reporting.

	tests: xenconfig: test for multiple USB devices and other HVM options

2015-03-13  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	xenconfig: add support for multiple USB devices syntax
	In Xen>=4.3, libxl supports new syntax for USB devices:
	usbdevice=[ "DEVICE", "DEVICE", ... ]
	Add support for that in xenconfig driver. When only one device is
	defined, keep using old syntax for backward compatibility.

	Adjust tests for changed options order.

2015-03-13  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	libxl: add tablet/mouse input device support

2015-03-13  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver: Use more of networkObjFromNetwork
	Now that the network driver lock is ash heap of history,
	we can use more of networkObjFromNetwork().

	parallels_network: Drop parallelsDriverLock() from everywhere.
	While in previous commits there were some places that relied on
	the big lock, in this file there's no such place and the big
	driver lock can be dropped completely. Yay!

	test_driver: Drop testDriverLock() from almost everywhere
	Well, if 'everywhere' is defined as that part of the driver code
	that serves virNetwork* APIs. Again, we lower layers already have
	their locks, so there's no point doing big lock.

	bridge_driver: Drop networkDriverLock() from almost everywhere
	Now that we have fine grained locks, there's no need to
	lock the whole driver. We can rely on self-locking APIs.

	struct _virNetworkDriverState: Annotate items
	In order to drop network driver lock, lets annotate which
	structure items are immutable, which have self-locking
	APIs and so on.

	network_driver: Use accessor for dnsmasqCaps
	This is not an immutable pointer and can change during lifetime.
	Therefore, in order to drop network driver lock, we must use an
	internal accessor which does not lock the network driver yet, but
	it will soon. Now it merely returns an referenced object.

	bridge_driver: Don't access global driver randomly
	Well, network driver code has the driver accessible as a global
	variable. This makes any rework hard, as it's unclear where the
	variable is accessed and/or modified. Lets just pass the driver
	as a parameter to all functions where needed.

2015-03-13  Ján Tomko  <jtomko@redhat.com>

	Introduce virBitmapIsBitSet
	A helper that never returns an error and treats bits out of bitmap range
	as false.

	Use it everywhere we use ignore_value on virBitmapGetBit, or loop over
	the bitmap size.

2015-03-13  Ján Tomko  <jtomko@redhat.com>

	Clarify the meaning of version in redirdev filters
	The version attribute in redirdev filters refers to the revision
	of the device, not the version of the USB protocol.

	Explicitly state that this is not the USB protocol and remove references
	to those round version numbers that resemble USB protocol versions.

	https://bugzilla.redhat.com/show_bug.cgi?id=1177237

2015-03-13  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: fix prlsdkCheckUnsupportedParams checks
	for memory limits since unset ones are no longer zero

2015-03-12  Dawid Zamirski  <dzamirski@dattobackup.com>

	vmx: add e1000e to supported NIC models.
	This NIC model is supported on hardware version 8 and newer and libvirt
	ESX driver does support those.

2015-03-12  Dawid Zamirski  <dzamirski@datto.com>

	vbox: use user cache dir when screenshotting.
	For VBOX it's most likely that the connection is vbox:///session and it
	runs with local non-root account. This caused permission denied when
	LOCALSTATEDIR was used to create temp file. This patch makes use of the
	virGetUserCacheDirectory to address this problem for non-root users.

2015-03-12  Pavel Hrdina  <phrdina@redhat.com>

	virnetdev: fix build with old kernel
	Commit c9027d8f added a detection of NIC HW features, but some of them
	are not available in old kernel.  Very old kernels lack enum
	ethtool_flags and even if this enum is present, not all values are
	available for all kernels.  To be sure that we have everything in kernel
	that we need, we must check for existence of most of that flags, because
	only few of them were defined at first.

	Also to successfully build libvirt with older kernel we need to include
	<linux/types.h> before <linux/ethtool.h> to have __u32 and friends
	defined.

2015-03-12  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: add VIR_ARCH_I686 capability to parallels driver
	as soon as x32 architecture is also supported

2015-03-12  Ján Tomko  <jtomko@redhat.com>

	Error out on an address for isa-serial in QEMU driver.
	We've never formatted them on the qemu command line.

	https://bugzilla.redhat.com/show_bug.cgi?id=1164053

2015-03-11  John Ferlan  <jferlan@redhat.com>

	xenapi: Resolve Coverity REVERSE_INULL
	Coverity notes in xenapiDomainGetXMLDesc that 'vms' is dereferenced
	a few times before a "if (vms) xen_vm_set_free(vms);" call is made.
	Since we'd exit out much sooner if the fetch of the vms failed, just
	remove the unnecessary "if (vms)" check.

	xenapi: Resolve Coverity REVERSE_INULL
	Coverity complains that "net_set" is compared to NULL before calling
	xen_network_set_free, but used rather liberally before that.  While
	I was looking at the code I also noted that if the virAsprintfQuiet
	fails, then we leak our structures - so I added those too.

	xenapi: Resolve Coverity NULL_RETURNS
	Coverity points out that the return from virDomainDefParseString is
	not checked in xenapiDomainCreateXML like it should be which could
	end up in a NULL pointer dereference

	xenapi: Resolve Coverity NO_EFFECT
	Coverity points out that check (def->uuid) has no effect since it's not
	a pointer, rather an array of characters.   Just remove the extranous check.

	xenapi: Resolve Coverity FORWARD_NULL
	Since inception.  Coverity complains that the code checks "(record ==
	NULL && !session->ok)", but doesn't check (record != NULL) before
	dereferencing at "record->is_a_template"

	conf: Resolve Coverity RESOURCE_LEAK
	Commit id 'c9027d8f' added parsing of the CapNet for offload SRIOV NIC
	discovery, but forgot to free the nodes

2015-03-11  John Ferlan  <jferlan@redhat.com>

	virsh: Add iothreadpin command
	https://bugzilla.redhat.com/show_bug.cgi?id=1135491

	$ virsh iothread --help

	  NAME
	    iothreadpin - control domain IOThread affinity

	  SYNOPSIS
	    iothreadpin <domain> <iothread> <cpulist> [--config] [--live] [--current]

	  DESCRIPTION
	    Pin domain IOThreads to host physical CPUs.

	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    [--iothread] <number>  IOThread ID number
	    [--cpulist] <string>  host cpu number(s) to set
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain

	Using the output from iothreadsinfo, allow changing the pinned CPUs for
	a single IOThread.

	$ virsh iothreadsinfo $dom
	 IOThread ID    CPU Affinity
	---------------------------------------------------
	 1               2
	 2               3
	 3               0-1

	$ virsh iothreadpin $dom 3 0-2

	Then view the change

	$ virsh iothreadsinfo $dom
	 IOThread ID    CPU Affinity
	---------------------------------------------------
	 1               2
	 2               3
	 3               0-2

	If an invalid value is supplied or require option missing,
	then an error will be displayed:

	$ virsh iothreadpin $dom 4 3
	error: invalid argument: iothread value out of range 4 > 3

	$ virsh iothreadpin $dom 3
	error: command 'iothreadpin' requires <cpulist> option

2015-03-11  John Ferlan  <jferlan@redhat.com>

	qemu: Add support to pin IOThreads to specific CPU
	Add qemuDomainPinIOThread to handle setting the CPU affinity
	for a specific IOThread

2015-03-11  John Ferlan  <jferlan@redhat.com>

	domain: Introduce virDomainIOThreadsPin{Add|Del}
	https://bugzilla.redhat.com/show_bug.cgi?id=1135491

	More or less a virtual copy of the existing virDomainVcpuPin{Add|Del} API's.

	NB: The IOThreads implementation "reused" the virDomainVcpuPinDefPtr
	since it provided everything necessary - an "id" and a "map" for each
	thread id configured.

2015-03-11  John Ferlan  <jferlan@redhat.com>

	remote: Implement the plumbing for virDomainPinIOThread
	Implement the remote plumbing.

2015-03-11  John Ferlan  <jferlan@redhat.com>

	Implement public API for virDomainPinIOThread
	Add virDomainPinIOThread to allow setting the CPU affinity for a specific
	IOThread based on the output generated from virDomainGetIOThreadsInfo

	The API supports updating both the --live domain and the --config data

2015-03-11  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkObjFindBy*: Return an reference to found object
	This patch turns both virNetworkObjFindByUUID() and
	virNetworkObjFindByName() to return an referenced object so that
	even if caller unlocks it, it's for sure that object won't
	disappear meanwhile. Especially if the object (in general) is
	locked and unlocked during the caller run.
	Moreover, this commit is nicely small, since the object unrefing
	can be done in virNetworkObjEndAPI().

	virNetworkObjListPtr: Make APIs self-locking
	Every API that touches internal structure of the object must lock
	the object first. Not every API that has the object as an
	argument needs to do that though. Some APIs just pass the object
	to lower layers which, however, must lock the object then. Look
	at the code, you'll get my meaning soon.

	network_conf: Introduce locked versions of lookup functions
	This is going to be needed later, when some functions already
	have the virNetworkObjList object already locked and need to
	lookup a object to work on. As an example of such function is
	virNetworkAssignDef(). The other use case might be in
	virNetworkObjListForEach() callback.

	virNetworkObjList: Derive from virObjectLockableClass
	Later we can turn APIs to lock the object if needed instead of
	relying on caller to mutually exclude itself (probably done by
	locking a big lock anyway).

	parallels_network: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	test_driver: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	bridge_driver: Use virNetworkObjEndAPI
	So far, this is pure code replacement. But once we introduce
	reference counting to virNetworkObj this will be more handy as
	there'll be only one function to change: virNetworkObjEndAPI().

	network_conf: Introduce virNetworkObjEndAPI
	This is practically copy of qemuDomObjEndAPI. The reason why is
	it so widely available is to avoid code duplication, since the
	function is going to be called from our bridge driver, test
	driver and parallels driver too.

	network_conf: Make virNetworkObj actually virObject
	So far it's just a structure which happens to have 'Obj' in its
	name, but otherwise it not related to virObject at all. No
	reference counting, not virObjectLock(), nothing.

	virNetworkObjListPtr: Turn list into a hash table

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Kill qemuMonitorGetBlockStats(Info,ParamsNumber)
	The functions and their QMP and HMP implementations are no longer needed
	since everything is now done via the *AllStats functions.

	test: qemu: json: Avoid using the now obsolete functions
	Use the new single function instead of calling
	qemuMonitorJSONGetBlockStatsInfo and
	qemuMonitorJSONGetBlockStatsParamsNumber. This will allow to delete the
	functions later while still maintaining coverage.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockstats: Refactor qemuDomainBlockStatsFlags
	Now that qemuDomainBlocksStatsGather provides functions of both
	qemuMonitorGetBlockStatsParamsNumber and qemuMonitorGetBlockStatsInfo we
	can reuse it and kill a lot of code.

	Additionally as a bonus qemuDomainBlockStatsFlags will now support
	summary statistics so add a statement to the virsh man page about that.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1142636

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockstats: Add support for totalled block statistics
	In the LXC driver, if the disk path is not provided the API returns
	total statistics for all disks of the domain. With the new text monitor
	implementation this can be now done in the qemu driver too.

	Add code that wil total the stats for all disks if the path is not
	provided.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out working code qemuDomainBlockStats
	Extract the code to look up the disk alias and return the block stats
	struct so that it can be reused later in qemuDomainBlockStatsFlags.

	The function uses qemuMonitorGetAllBlockStatsInfo instead of
	qemuMonitorGetBlockStatsInfo.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Count block stats fields in qemuMonitorGetAllBlockStatsInfo
	Our virDomainBlockStatsFlags API uses the old approach where, when it's
	called without the typed parameter array, returns the count of parameters
	supported by qemu.

	The supported parameter count is obtained via separate monitor calls
	which is a waste since we can calculate it when gathering the data.

	This patch adds code to the qemuMonitorGetAllBlockStatsInfo workers that
	allows to track the count of supported fields reported by qemu and will
	allow to remove the old duplicate code.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Convert common code to a macro
	The function that is extracting block stats data from the QMP monitor
	reply contains a lot of repeated code. Since I'd be changing each of the
	copies in the next patch, lets convert it to a macro right away.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Implement HMP version for listing all block device stats
	Add a different version of parser for "info blockstats" that basically
	parses the same information as the existing copy of the function.

	This will allow us to remove the single device version
	qemuMonitorGetBlockStatsInfo in the future.

	The new implementation uses few new helpers so it should be more
	understandable and provides a test case to verify that it works.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	test: qemu: Fix qemu monitor test utils to allow testing HMP
	qemu HMP commands sent by libvirt are terminated just by a '\r'. The
	fake monitor used in tests wasn't prepared to handle this and the
	communication would hang on an attempt to do a HMP conversation.

	Add a special case for handling commands separated by \r in case HMP is
	used.

2015-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockstats: Switch to caller allocated hash table
	Allocate the hash table in the monitor wrapper function instead of the
	worker itself so that the text monitor impl that will be added in the
	next patch doesn't have to duplicate it.

	qemu: monitor: Drop parsing of 'errs' from block info
	The error count statistic is not supported by qemu, so there's no need
	to pass the variables around if the result is ignored anyways.

	qemu: Use macro to set block stats typed parameters
	All the setters are the same code except for parameter name and
	variable, so they can be converted to a macro to save a ton of
	duplicated code.

2015-03-11  Michal Privoznik  <mprivozn@redhat.com>

	RNG: Allow multiple parameters to be passed to an interface filter
	Our code supports that for ages. When using a <filterref/> to an
	<interface/> several parameters can be passed to the filter. Later,
	when building firewall rules, parameters are substituted for their
	values. However, our RNG schema allowed only one parameter to be
	passed.

	Reported-by: Brian Rak <brak@gameservers.com>

2015-03-11  Maxim Nestratov  <mnestratov@parallels.com>

	parallels: prevent domain define only if vcpupin is specified
	and their settings differ from common cpumask

	parallels: prevent domain define only if NUMA is really specified

	parallels: don't forget to unlock domain in parallelsDomainHasManagedSaveImage

	parallels: cpumask support

2015-03-11  Michael Chapman  <mike@very.puzzling.org>

	domain_conf: fix crash in virDomainObjListFindByUUIDInternal
	If a domain object is being removed and looked up concurrently we must
	ensure we unlock the object before unreferencing it, since the latter
	might free the object.

	The flaw was introduced in commit feb1a4d792e1c35b1009e69c00bf351b39.

2015-03-11  Michael Chapman  <mike@very.puzzling.org>

	{domain, network}_conf: disable autostart when deleting config
	Undefining a running, autostarted domain removes the autostart link, but
	dom->autostart is not cleared. If the domain is subsequently redefined,
	libvirt thinks it is already autostarted and will not create the link
	even if requested:

	  # virsh dominfo example | grep Autostart
	  Autostart:      enable

	  # ls /etc/libvirt/qemu/autostart/example.xml
	  /etc/libvirt/qemu/autostart/example.xml

	  # virsh undefine example
	  Domain example has been undefined

	  # virsh define example.xml
	  Domain example defined from example.xml

	  # virsh dominfo example | grep Autostart
	  Autostart:      enable

	  # virsh autostart example
	  Domain example marked as autostarted

	  # ls /etc/libvirt/qemu/autostart/example.xml
	  ls: cannot access /etc/libvirt/qemu/autostart/example.xml: No such file or directory

	This commit ensures dom->autostart is cleared whenever the config and
	autostart link (if present) are removed.

	The bridge network driver cleared this flag itself in networkUndefine.
	This commit moves this into virNetworkDeleteConfig for symmetry with
	virDomainDeleteConfig, and to ensure it is not missed in future network
	drivers.

2015-03-10  Luyao Huang  <lhuang@redhat.com>

	qemu: Remove unnecessary virReportError on networkGetNetworkAddress return
	Error messages are already set in all code paths returning -1 from
	networkGetNetworkAddress, so we don't want to overwrite them.

2015-03-10  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsInitQMP: Don't dispose locked @vm
	When creating qemu capabilities, a dummy virDomainObj is created just
	because our monitor code expects that. However, the object is created
	locked already. Then, under cleanup label, we simply unref the object
	which results in whole domain object to be disposed. The object lock
	is destroyed subsequently, but hey - it's still locked:

	==24845== Thread #14's call to pthread_mutex_destroy failed
	==24845==    with error code 16 (EBUSY: Device or resource busy)
	==24845==    at 0x4C3024E: pthread_mutex_destroy (in /usr/lib64/valgrind/vgpreload_helgrind-amd64-linux.so)
	==24845==    by 0x531F72E: virMutexDestroy (virthread.c:83)
	==24845==    by 0x5302977: virObjectLockableDispose (virobject.c:237)
	==24845==    by 0x5302A89: virObjectUnref (virobject.c:265)
	==24845==    by 0x1DD37866: virQEMUCapsInitQMP (qemu_capabilities.c:3397)
	==24845==    by 0x1DD37CC6: virQEMUCapsNewForBinary (qemu_capabilities.c:3481)
	==24845==    by 0x1DD381E2: virQEMUCapsCacheLookup (qemu_capabilities.c:3609)
	==24845==    by 0x1DD30F8A: virQEMUCapsInitGuest (qemu_capabilities.c:744)
	==24845==    by 0x1DD31889: virQEMUCapsInit (qemu_capabilities.c:1020)
	==24845==    by 0x1DD7DD36: virQEMUDriverCreateCapabilities (qemu_conf.c:888)
	==24845==    by 0x1DDC57C0: qemuStateInitialize (qemu_driver.c:803)
	==24845==    by 0x53DC743: virStateInitialize (libvirt.c:777)
	==24845==

2015-03-10  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	qemu: fix memory leak in qemuAgentGetFSInfo
	in virDomainFSInfoFree(), don't free the virDomainFSInfo data.

	==10670== 80 bytes in 2 blocks are definitely lost in loss record 576 of 793
	==10670==    at 0x4A06BC3: calloc (vg_replace_malloc.c:618)
	==10670==    by 0x509DEBD: virAlloc (viralloc.c:144)
	==10670==    by 0x19FBD558: qemuAgentGetFSInfo (qemu_agent.c:1837)
	==10670==    by 0x1A03CF91: qemuDomainGetFSInfo (qemu_driver.c:19238)

2015-03-10  Ján Tomko  <jtomko@redhat.com>

	Reverse the logic in virbitmaptest
	Test the whole range in testBit, not just the first bit.

	Use virBitmapNextClearBit in networkNextClassID
	Instead of finding the next clear bit by calling virBitmapGetBit
	in a loop, use the virBitmapNextClearBit helper.

2015-03-10  Laine Stump  <laine@laine.org>

	qemu: don't fill in nicindexes for session mode libvirtd
	Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call
	to virNetDevGetIndex() to a location common to all interface types (so
	that the nicindex array would be filled in for macvtap as well as tap
	interfaces), but the location was *too* common, as the original call
	to virNetDevGetIndex() had been in a section qualified by "if
	(cfg->privileged)". The result was that the "fixed" libvirtd would try
	to call virNetDevGetIndex() even for session mode libvirtd, and end up
	failing with the log message:

	  Unable to open control socket: Operation not permitted

	To remedy that, this patch qualifies the call to virNetDevGetIndex()
	in its new location with cfg->privileged.

	This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244

2015-03-10  Michal Privoznik  <mprivozn@redhat.com>

	virnet*: Don't unlock object in dispose
	As of bba93d40 all of our RPC objects are derived from
	virObjectLockable. However, during rewrite some errors sneaked
	in. For instance, the dispose functions to virNetClient and
	virNetServerClient objects were not only freeing allocated
	memory, but unlocking themselves. This is wrong. Object should
	never disappear while locked.

2015-03-10  Pavel Hrdina  <phrdina@redhat.com>

	docs: add a note that spice channel is usable only with spice graphics
	To prevent a confusion about missing chardev argument in qemu
	command line add a note about that behavior into documentation.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129198

2015-03-09  Pavel Hrdina  <phrdina@redhat.com>

	net-define: update or unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

	pool-define: update and unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

	iface-define: update and unify documentation
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1127045

2015-03-09  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Turn struct _virNetworkObjList private
	Now that all the code uses accessors, don't expose the structure
	anyway.

	network_conf: Turn virNetworkObjList into virObject
	Well, one day this will be self-locking object, but not today.
	But lets prepare the code for that! Moreover,
	virNetworkObjListFree() is no longer needed, so turn it into
	virNetworkObjListDispose().

	parallels_network: Adapt to new virNetworkObjList accessors

	test_driver: Adapt to new virNetworkObjList accessors

	bridge_driver: Adapt to new virNetworkObjList accessors

	network_conf: Introduce virNetworkObjListPrune
	The API will iterate over the list of network object and remove
	desired ones from it.

	network_conf: Introduce virNetworkObjListNumOfNetworks
	An accessor following pattern laid out by virDomainObjList* APIs.

	network_conf: Introduce virNetworkObjListGetNames
	An accessor following pattern laid out by virDomainObjList* APIs.

	network_conf: Introduce virNetworkObjListForEach
	This API will be used in the future to call passed callback over
	each network object in the list. It's slightly different to its
	virDomainObjListForEach counterpart, because virDomainObjList
	uses a hash table to store domain object, while virNetworkObjList
	uses an array.

2015-03-09  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Don't spam logs with "target pid not found"
	Commit v1.2.4-52-gda879e5 fixed issues with domains started before
	sanlock driver was enabled by checking whether a running domain is
	registered with sanlock and if it's not, sanlock driver is basically
	ignored for the domain.

	However, it was checking this even for domain which has just been
	started and no sanlock_* API was called for them yet. This results in

	    cmd 9 target pid 2135544 not found

	error messages to appear in sanlock.log whenever we start a new domain.

	This patch avoids this useless check for freshly started domains.

2015-03-09  Jiri Denemark  <jdenemar@redhat.com>

	locking: Fix flags in virLockManagerLockDaemonNew
	virLockManager*New APIs are never called with
	VIR_LOCK_MANAGER_USES_STATE. Moreover, lockd driver does not maintain
	any state that would need to be transferred during migration and thus it
	should not mention VIR_LOCK_MANAGER_USES_STATE at all.

2015-03-09  Pavel Hrdina  <phrdina@redhat.com>

	tests: fix qemuxml2argvtest to be arch independent
	Commit 5aee81a0 introduced a new test for disk-serial.  The test fails
	on i686 arch because there is no need to add "-cpu qemu32" to command
	line.  To fix the test update emulator in XML to "/usr/bin/qemu" so we
	don't add the "-cpu qemu32" to command while running the test on i686 or
	x86_64 host.

2015-03-09  John Ferlan  <jferlan@redhat.com>

	qemu: Change qemuDomainGetEmulatorPinInfo bitmap manipulation
	Follow-up to the IOThread review on CPU affinity map manipulation:

	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html

	indicates that the GetEmulatorPinInfo could use similar algorithm adjustments
	which is what this patch does.

2015-03-09  John Ferlan  <jferlan@redhat.com>

	qemu: Change qemuDomainGetVcpuPinInfo bitmap manipulation
	Follow-up to the IOThread review on CPU affinity map manipulation:

	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html

	indicates that the GetVcpuPinInfo could use similar algorithm adjustments
	which is what this patch does.

2015-03-09  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity CHECKED_RETURN issue
	By adding a call and check of return of virBitmapToData to the
	IOThreads code, my Coverity checker lets me know qemuDomainHelperGetVcpus
	also needs to check the status...

2015-03-09  John Ferlan  <jferlan@redhat.com>

	qemu: Change/Fix IOThread CPU affinity bitmap manipulation
	Based on review:

	http://www.redhat.com/archives/libvir-list/2015-March/msg00294.html

	Adjust how the cpumap and cpumaplen to be returned are generated

2015-03-09  John Ferlan  <jferlan@redhat.com>

	Remove ReadOnly check for GetIOThreadsInfo

	Fix syntax for vcpupin description

2015-03-09  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add test for os interleaving
	We don't usually do tests purely for one change, but one change was
	special because when users will migrate to OVMF/AAVMF, commit 18f9f69b
	makes their lives easier by allowing them to interleave <type/> inside
	<os/>.  It would be nice of us to keep the possibility of them pasting
	the loader and nvram elements wherever it is valid, hence this test.

	tests: Add test for virtio-mmio address type
	Commit 3e4b783e fixed an issue with RNG schema where this address type
	was missing, this commit adds a test for it.

2015-03-06  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Format <pvpanic/> without address correctly
	We have something like pvpanic device. However, in some cases it does
	not have any address assigned, in which case we produce this ugly XML
	(still valid though):

	  <devices>
	    <emulator>/usr/bin/qemu</emulator>
	    ...
	    <panic>
	    </panic>
	  </devices>

	Lets format "<panic/>" instead.

2015-03-06  Daniel P. Berrange  <berrange@redhat.com>

	Refresh translations from Zanata
	Delete .po files which contain zero translated strings. Refresh
	the .pot file and pull down latest translations from Zanata.

	When refreshing the libvirt.pot, it can be pushed to zanata
	and .po files resynchonized using

	 # cd po
	 # rm libvirt.pot
	 # make libvirt.pot
	 # zanata-cli push
	 # zanata-cli pull

	Note there is no need for 'make update-po', as long as you do
	a zanata push, immediately followed by zanata pull, as the
	Zanata server will ensure the .po files downloaded match the
	just pushed .pot file.

	Note at time of writing, it is strongly recommended to only
	use the zanata Java client binary (zanata-cli), and not the
	python client binary (zanata). This is because the moderately
	large size of the libvirt pot file is causing errors when the
	python client tries to push, which have been known to result
	in the loss of all translations on the server, as well as also
	preventing uploading of .po files themselves :-(

2015-03-06  John Ferlan  <jferlan@redhat.com>

	virsh: Add 'iothreadsinfo' command
	Add the 'iothreadsinfo' command to display IOThread Info data. Allow for
	[--live] or [--config] options in order to display live or config data
	for an active domain.

	$ virsh iothreadsinfo --help
	  NAME
	    iothreadsinfo - view domain IOThreads

	  SYNOPSIS
	    iothreadsinfo <domain> [--config] [--live] [--current]

	  DESCRIPTION
	    Returns basic information about the domain IOThreads.

	  OPTIONS
	    [--domain] <string>  domain name, id or uuid
	    --config         affect next boot
	    --live           affect running domain
	    --current        affect current domain

	An active domain may return:

	$ virsh iothreads $dom
	 IOThread ID     CPU Affinity
	---------------------------------------------------
	  1               2
	  2               3
	  3               0

	$ echo $?
	0

	For domains which don't have IOThreads the following is returned:

	$ virsh iothreads $dom
	No IOThreads found for the domain

	$ echo $?
	0

	For domains which are not running the following is returned:

	$ virsh iothreads $dom --live
	error: Unable to get domain IOThreads information
	error: Requested operation is not valid: domain is not running

	$ echo $?
	1

	Editing a domains configuration and modifying the iothreadpin data for
	thread 3 from nothing provided to setting a cpuset of '0-1' and then
	displaying using --config would display:

	$ virsh iothreads f18iothr --config
	 IOThread ID     CPU Affinity
	 ----------------------------
	  1               2
	  2               3
	  3               0-1

	$

2015-03-06  John Ferlan  <jferlan@redhat.com>

	qemu: Implement the qemu driver fetch for IOThreads
	Depending on the flags passed, either attempt to return the active/live
	IOThread data for the domain or the config data.

	The active/live path will call into the Monitor in order to get the
	IOThread data and then correlate the thread_id's returned from the
	monitor to the currently running system/threads in order to ascertain
	the affinity for each iothread_id.

	The config path will map each of the configured IOThreads and return
	any configured iothreadspin data

2015-03-06  John Ferlan  <jferlan@redhat.com>

	remote: Implement the remote plumbing for virDomainGetIOThreadsInfo
	Implement the remote plumbing for virDomainGetIOThreadsInfo

2015-03-06  John Ferlan  <jferlan@redhat.com>

	Implement public API for virDomainGetIOThreadsInfo
	Add virDomainGetIOThreadInfo in order to return a list of
	virDomainIOThreadInfoPtr structures which list the IOThread ID
	and the CPU Affinity map for each IOThread for the domain.

	For an active domain, the live data will be returned, while for
	an inactive domain, the config data will be returned.

	The API supports either the --live or --config flag, but not both.

	Also added virDomainIOThreadsInfoFree in order to free the cpumap
	and the IOThreadInfo structure.

2015-03-06  Pavel Hrdina  <phrdina@redhat.com>

	memtune: change the way how we store unlimited value
	There was a mess in the way how we store unlimited value for memory
	limits and how we handled values provided by user.  Internally there
	were two possible ways how to store unlimited value: as 0 value or as
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED.  Because we chose to store memory
	limits as unsigned long long, we cannot use -1 to represent unlimited.
	It's much easier for us to say that everything greater than
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED means unlimited and leave 0 as valid
	value despite that it makes no sense to set limit to 0.

	Remove unnecessary function virCompareLimitUlong.  The update of test
	is to prevent the 0 to be miss-used as unlimited in future.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146539

2015-03-06  Pavel Hrdina  <phrdina@redhat.com>

	virutil: introduce helper functions for memory limits
	The first one is to truncate the memory limit to
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED if the value is greater and the second
	one is to decide whether the memory limit is set or not, unlimited means
	that it's not set.

	virsh: fix memtune to also accept 0 as valid value
	Fix vshMemtuneGetSize to return correct value.  We can then decide
	according that return code whether a parameter is present and valid or
	not.  This will allow as to accept 0 as a valid value.

2015-03-06  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	qemu: Pass file descriptor when using TPM passthrough
	Pass the TPM file descriptor to QEMU via command line.
	Instead of passing /dev/tpm0 we now pass /dev/fdset/10 and the additional
	parameters -add-fd set=10,fd=20.

	This addresses the use case when QEMU is started with non-root privileges
	and QEMU cannot open /dev/tpm0 for example.

2015-03-06  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	qemu: Move TPM command line build code into own function
	Move the TPM command line build code into its own function.

	utils: Implement virCommandPassFDGetFDIndex
	Implement virCommandPassFDGetFDIndex to determine the index a given
	file descriptor will have when passed to the child process.

2015-03-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unneeded cleanup_unlock label
	In the old days of a global driver lock, it was necessary to unlock
	the driver after a domain restore operation.  When the global lock
	was removed from the driver, some remnants were left behind in
	libxlDomainRestoreFlags.  Remove this unneeded (and incorrect) code.

	libxl: use libxl_ctx passed to libxlConsoleCallback
	Instead of using the libxl_ctx in the libxlDomainObjPrivatePtr,
	use the ctx passed to the callback.

	libxl: remove redundant calls to libxl_evdisable_domain_death
	Domain death watch is already disabled in libxlDomainCleanup.  No
	need to disable it a second and third time.

2015-03-05  Peter Krempa  <pkrempa@redhat.com>

	spec: Enable RBD storage driver in RHEL-7
	Use correct package names too as they differ.

2015-03-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove duplicate entries in <metadata> by namespace
	Since the APIs support just one element per namespace and while
	modifying an element all duplicates would be removed, let's do this
	right away in the post parse callback.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190590

2015-03-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow spaces in disk serial
	https://bugzilla.redhat.com/show_bug.cgi?id=1195660

	There's been a bug report appearing on the qemu-devel list, that
	libvirt is unable to pass spaces in disk serial number [1]. Not only
	our RNG schema forbids that, the code is not prepared either. However,
	with a bit of escaping (if needed) we can allow spaces there.

	1: https://lists.gnu.org/archive/html/qemu-devel/2015-02/msg04041.html

2015-03-05  Ján Tomko  <jtomko@redhat.com>

	Fix build on mingw
	Last commit unconditionally included a linux-specific header.

	Do not do that.

2015-03-05  James Chapman  <james.p.chapman@intel.com>

	SRIOV NIC offload feature discovery
	Adding functionality to libvirt that will allow it
	query the ethtool interface for the availability
	of certain NIC HW offload features

	Here is an example of the feature XML definition:

	<device>
	<name>net_eth4_90_e2_ba_5e_a5_45</name>
	  <path>/sys/devices/pci0000:00/0000:00:03.0/0000:08:00.1/net/eth4</path>
	  <parent>pci_0000_08_00_1</parent>
	  <capability type='net'>
	    <interface>eth4</interface>
	    <address>90:e2:ba:5e:a5:45</address>
	    <link speed='10000' state='up'/>
	    <feature name='rx'/>
	    <feature name='tx'/>
	    <feature name='sg'/>
	    <feature name='tso'/>
	    <feature name='gso'/>
	    <feature name='gro'/>
	    <feature name='rxvlan'/>
	    <feature name='txvlan'/>
	    <feature name='rxhash'/>
	    <capability type='80203'/>
	  </capability>
	</device>

2015-03-05  Michal Privoznik  <mprivozn@redhat.com>

	parallels: Cleanup partly opened drivers on connect open failure
	Well, the parallelsConnectOpen() joins several sub-driver openings
	into one big if condition. If any of sub-driver fails to open, the
	whole API finishes immediately. The problem is, sub-drivers may have
	left some memory allocated. Fortunately, we have a free function for
	that: parallelsConnectClose(). This is, however, not prepared for
	partially allocated driver structure. So, prepare the free function
	for it and call it at the right place, in the if body.

2015-03-04  Erik Skultety  <eskultet@redhat.com>

	storage: tweak condition to properly test lseek
	According to the POSIX standard, off_t (returned by lseek) is defined as
	signed integral type no shorter than int. Because our offset variable is defined
	as unsigned long long, the original check was passed successfully if UINT64_MAX had
	been used as offset value, due to implicit conversion.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1177219

2015-03-04  Erik Skultety  <eskultet@redhat.com>

	virsh: tweak domif-getlink link state reporting message
	According to docs, we only support 2 link states for an interface
	up/down, 'up' being the default state if link state is unspecified in
	domain's XML, so the message when no link state is provided should be
	changed a little.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1141119

2015-03-04  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: Don't skip check for qcow2 format with network disks
	When the domain's source disk type is network, if source protocol is rbd
	or sheepdog, the 'if().. break' will end the current case, which lead to
	miss check the driver type is raw or qcow2. Libvirt will allow to create
	internal snapshot for a running domain with raw format disk which based
	on rbd storage.

	While both protocols support internal snapshots of the disk qemu is not
	able to use it as it requires some place to store the memory image. The
	check if the disk is backed by a qcow2 image needs to be executed
	always.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179533

2015-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Allow inactive domains in qemuDomainGetControlInfo()
	Inactive domains can still be stuck in a job or other problems. Add a
	way to detect it.

2015-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Properly report error state in qemuDomainGetControlInfo()
	Previously when a domain would get stuck in a domain job due to a
	programming mistake we'd report the following control state:

	$ virsh domcontrol domain
	occupied (1424343406.150s)

	The timestamp is invalid as the monitor was not entered for that domain.
	We can use that to detect that the domain has an active job and report a
	better error instead:

	$ virsh domcontrol domain
	error: internal (locking) error

2015-03-04  Michal Privoznik  <mprivozn@redhat.com>

	conf: s/virNetworkFindByName/virNetworkObjFindByName/
	It's returning virNetworkObjPtr after all. And it matches the
	pattern laid out by domain_conf.h.

	conf: s/virNetworkFindByUUID/virNetworkObjFindByUUID/
	It's returning virNetworkObjPtr after all. And it matches the
	pattern laid out by domain_conf.h.

	bridge_driver: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	parallels: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	test_driver: s/virNetworkObjList/virNetworkObjListPtr/
	In order to hide the object internals (and use just accessors
	everywhere), lets store a pointer to the object, instead of object
	itself.

	virNetworkObjListExport: Pass virNetworkObjListPtr
	Instead of copying the whole object onto stack when calling the
	function, just pass the pointer to the object and save up some
	space on the stack. Moreover, this prepares the code to hide the
	virNetworkObjList structure into network_conf.c and use accessors
	only.

	virNetworkObjListFree: Accept NULL
	All of our vir*Free() functions should accept NULL, even though
	that there's no way of actually passing NULL with current code.

	virNetworkObjIsDuplicate: s/@doms/@nets/
	This is probably a copy-paste error from virDomainObj*
	counterpart.  But when speaking of virNetworkObj we should use
	variable @nets for an array of networks, rather than @doms. It's
	just confusing.

	networkGetNetworkAddress: Drop empty 'error' label
	Moreover, there are two points within the function, where we're
	missing 'goto cleanup'. Fix this too.

	testNetworkUpdate: Unlock network at the end
	Silly this bug went unnoticed so long. At the beginning we try to
	find the passed network in the list of network objects. If found,
	it's locked and real work takes place. Then, in the end, the
	network object is never unlocked.

	bridge_driver: Don't check network active unlocked
	Okay, this is mainly for educational purposes since is called
	from single point only with all the possible locks held. So
	there's no way for other thread to hop in and do something wrong.
	Nevertheless, we should not give bad example.

2015-03-04  Michal Privoznik  <mprivozn@redhat.com>

	networkLookupByUUID: Improve error message
	We have this function networkObjFromNetwork() which for given
	virNetworkPtr tries to find corresponding virNetworkObjPtr. If no
	object is found, a nice error message is printed out:

	  no network with matching uuid '$uuid' ($name)

	Let's improve the error message produced by networkLookupByUUID to
	follow that logic.

2015-03-03  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessReconnect: Fill in pid file path
	https://bugzilla.redhat.com/show_bug.cgi?id=1197600

	So, libvirt uses pid file to track pid of started qemus. Whenever
	a domain is started, its pid is put into corresponding pid file.
	The pid file path is generated based on domain name and stored
	into domain object internals. However, it's not stored in the
	status XML and therefore lost on daemon restarts. Hence, later,
	when domain is being shut down, the daemon does not know which
	pid file to unlink, and the correct pid file is left behind. To
	avoid this, lets generate the pid file path again in
	qemuProcessReconnect().

	Reported-by: Luyao Huang <lhuang@redhat.com>

2015-03-03  Pavel Hrdina  <phrdina@redhat.com>

	qemu: check defaultMode for spice graphics independently
	Instead of checking defaultMode for every channel that has no mode
	configured, test it only once outside of channel loop.  This fixes a bug
	that in case all possible channels are fore example set to insecure, but
	defaultMode is set to secure, we wouldn't auto-generate TLS port.  This
	results in failure while starting a guest.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143832

2015-03-03  Pavel Hrdina  <phrdina@redhat.com>

	qemu: remove duplicated code for allocating spice ports
	We have two different places that needs to be updated while touching
	code for allocation spice ports.  Add a bool option to
	'qemuProcessSPICEAllocatePorts' function to switch between true and fake
	allocation so we can use this function also in qemu_driver to generate
	native domain definition.

2015-03-03  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	tests : Add test for 'ppc64le' architecture.

	RNG: Add 'ppc64le' arch and newer pseries-2.* machine types
	Acked-by: Ján Tomko <jtomko@redhat.com>

2015-03-03  Peter Krempa  <pkrempa@redhat.com>

	schema: Fix interface link state schema
	In commit edd1295e1da6bfe8e4e257e5fbfad71ac0bf7c87 I've introduced an
	XML element that allows to configure state of the network interface
	link. Somehow the RNG schema hunk ended up in a weird place in the
	network schema definition. Move it to the right place and add a test
	case.

	Note that the link state is set up via the monitor at VM startup so I
	originally didn't think of adding a test case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1173468

2015-03-03  Martin Kletzander  <mkletzan@redhat.com>

	conf: De-duplicate scheduling policy enums
	Since adding the support for scheduler policy settings in commit
	8680ea97, there are two enums with the same information.  That was
	caused by rewriting the patch since first draft.

	Find out thanks to clang, but there was no impact whatsoever.

2015-03-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Don't crash in qemuDomainOpenChannel()
	The problem here was that when opening a channel, we were checking
	whether the channel given is alias (can't be NULL for running domain) or
	it's name, which can be NULL (for example with spicevmc).  In case of
	such domain qemuDomainOpenChannel() made the daemon crash.
	STREQ_NULLABLE() is safe to use since the code in question is wrapped in
	"if (name)" and is more readable, so use that instead of checking for
	non-NULL "vm->def->channels[i]->target.name".

2015-03-03  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Update find-storage-pool-sources[-as] man page
	https://bugzilla.redhat.com/show_bug.cgi?id=921426

	Add to the man page a more complete description of what exactly the
	command expects on input and will return on output based on what is
	currently supported.

	Perhaps missing findPoolSources implementations are backends for
	sheepdog and rbd.  Also missing any backend is zfs.

2015-03-03  John Ferlan  <jferlan@redhat.com>

	iscsi: Adjust error message for findStorageSources backend
	The virStorageBackendISCSIFindPoolSources API only needs the 'host' name
	in order to discover iSCSI pools, it returns the various device paths.
	On input, it's also possible to further restrict a search by providing the
	port attribute for the host element and the (undocumented) initiator element.

	For example:

	$  virsh find-storage-pool-sources-as iscsi
	error: Failed to find any iscsi pool sources
	error: invalid argument: hostname and device path must be specified for iscsi sources

	$ virsh find-storage-pool-sources-as iscsi 192.168.122.1
	<sources>
	  <source>
	    <host name='192.168.122.1' port='3260'/>
	    <device path='iqn.2013-12.com.example:iscsi-chap-lclpool'/>
	  </source>
	</sources>

2015-03-03  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Add information regarding LXC for setmem, memtune, and dominfo
	https://bugzilla.redhat.com/show_bug.cgi?id=1070695

	Modify the virsh man page to more accurately describe which values are
	set by the virsh setmem and displayed by the virsh memtune or dominfo
	based on the setmem command results.

2015-03-03  John Ferlan  <jferlan@redhat.com>

	disk: Provide a default storage source format type.
	https://bugzilla.redhat.com/show_bug.cgi?id=1181062

	According to the formatstorage.html description for <source> element
	and "format" attribute: "All drivers are required to have a default
	value for this, so it is optional."

	As it turns out the disk backend did not choose a default value, so I
	added a default of "msdos" if the source type is "unknown" as well as
	updating the storage.html backend disk volume driver documentation to
	indicate the default format is dos.

2015-03-03  John Ferlan  <jferlan@redhat.com>

	disk: Disallow duplicated target 'dev' values
	https://bugzilla.redhat.com/show_bug.cgi?id=1142631

	This patch resolves a situation where the same "<target dev='$name'...>"
	can be used for multiple disks in the domain.

	While the $name is "mostly" advisory regarding the expected order that
	the disk is added to the domain and not guaranteed to map to the device
	name in the guest OS, it still should be unique enough such that other
	domblk* type operations can be performed.

	Without the patch, the domblklist will list the same Target twice:

	$ virsh domblklist $dom
	Target     Source
	------------------------------------------------
	sda        /var/lib/libvirt/images/file.qcow2
	sda        /var/lib/libvirt/images/file.img

	Additionally, getting domblkstat, domblkerror, domblkinfo, and other block*
	type calls will not be able to reference the second target.

	Fortunately, hotplug disallows adding a "third" sda value:

	$ qemu-img create -f raw /var/lib/libvirt/images/file2.img 10M
	$ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sda
	error: Failed to attach disk
	error: operation failed: target sda already exists

	$

	BUT, it since 'sdb' doesn't exist one would get the following on the same
	hotplug attempt, but changing to use 'sdb' instead of 'sda'

	$ virsh attach-disk $dom /var/lib/libvirt/images/file2.img sdb
	error: Failed to attach disk
	error: internal error: unable to execute QEMU command 'device_add': Duplicate ID 'scsi0-0-1' for device

	$

	Since we cannot fix this issue at parsing time, the best that can be done so
	as to not "lose" a domain is to make the check prior to starting the guest
	with the results as follows:

	$ virsh start $dom
	error: Failed to start domain $dom
	error: XML error: target 'sda' duplicated for disk sources '/var/lib/libvirt/images/file.qcow2' and '/var/lib/libvirt/images/file.img'

	$

	Running 'make check' found a few more instances in the tests where this
	duplicated target dev value was being used. These also exhibited some
	duplicated 'id=' values (negating the uniqueness argument of aliases) in
	the corresponding .args file and of course the *xmlout version of a few
	input XML files.

2015-03-02  John Ferlan  <jferlan@redhat.com>

	virsh: Adjust domblklist to understand disk volume syntax
	A disk using a source pool is listed as having a source '-' in domblklist
	because it doesn't check the right XML syntax to find the source.

	Add a check for "./source/volume" which is where the "path" (of sorts)
	to the volume name is described.

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Add helper to count total memory size configured in NUMA
	The total NUMA memory consists of the sum of individual NUMA node memory
	amounts.

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid setting maximum memory size with the API with NUMA enabled
	NUMA enabled guest configuration explicitly specifies memory sizes for
	individual nodes. Allowing the virDomainSetMemoryFlags API (and friends)
	to change the total doesn't make sense as the individual node configs
	are not updated in that case.

	Forbid use of the API in case NUMA is specified.

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	phyp: Fix error messages mentioning memory
	The messages for currentMemory and memory were swapped.

2015-03-02  Erik Skultety  <eskultet@redhat.com>

	docs: add a note that attr 'managed' is only used by PCI devices
	Our documentation isn't 100% clear about hostdev 'managed' attribute usage,
	because it only makes sense to use it with PCI devices, yet we format
	this attribute to all hostdev devices. By adding a note into the docs,
	we can possibly avoid confusion from customer's side and also avoid a solution
	using ternary logic.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155887

2015-03-02  Peter Krempa  <pkrempa@redhat.com>

	storage: sheepdog: Avoid skipping variable initialization
	Commit 155ca616eb231181f6978efc9e3a1eb0eb60af8a added a error message
	that skips initialization of the 'cmd' variable. Fortunately it was not
	released.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Check if domain is running in qemuDomainAgentIsAvailable
	If the domain is not running, the agent will not respond.
	Do not even try.

	https://bugzilla.redhat.com/show_bug.cgi?id=872424

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Pass virDomainObjPtr to qemuDomainAgentAvailable
	Not just the DomainObj's private data.

	Check for qemu guest agent availability after getting the job
	This way checks requiring the job can be done in qemuDomainAgentAvailable.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Allow creating volumes with a backing store but no capacity
	The tool creating the image can get the capacity from the backing
	storage. Just refresh the volume afterwards.

	https://bugzilla.redhat.com/show_bug.cgi?id=958510

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Allow omitting volume capacity when backing store is specified
	Add VIR_VOL_XML_PARSE_OPT_CAPACITY flag to virStorageVolDefParseXML.
	With this flag, no error is reported when the capacity is missing
	if there is a backing store.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Revert "Restore skipping of setting capacity"
	This reverts commit f1856eb622fde2e6c3a6a932d1dded7f1691d205.

	Now that we can update capacity from image metadata,
	we don't need to skip the update.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Probe for capacity in virStorageBackendUpdateVolTargetInfo
	Instead of just looking at the output of fstat, call
	virStorageFileGetMetadata to get the full capacity from
	image headers.

	Note that the capacity is probed unconditionally. The updateCapacity
	bool parameter is ignored and will be removed in the following commit.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Allow cloning volumes with no capacity specified
	In virStorageVolCreateXML, add VIR_VOL_XML_PARSE_NO_CAPACITY
	to the call parsing the XML of the new volume to make the capacity
	optional.

	If the capacity is omitted, use the capacity of the old volume.
	We already do that for values that are less than the original
	volume capacity.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Allow parsing volumes without specifying the capacity
	Add VIR_VOL_XML_PARSE_NO_CAPACITY flag to the volume XML
	parser. When set, it allows the capacity element to be omitted.

	Parse backingStore before capacity in volume XML
	So we can allow omitting the capacity element if backing store is
	present.

	Add flags argument to virStorageVolDefParse*
	Allow the callers to pass down libvirt-internal flags.

	Add --migratable support to virsh cpu-baseline
	Wire up VIR_CONNECT_BASELINE_CPU_MIGRATABLE to this
	command line option.

	Trivially implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE for non-x86 cpus
	Assume no features block migration.

	Implement VIR_CONNECT_BASELINE_CPU_MIGRATABLE in the x86 cpu driver
	Filter out non-migratable features if
	VIR_CONNECT_BASELINE_CPU_MIGRATABLE was specified.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Add VIR_CONNECT_BASELINE_CPU_MIGRATABLE flag
	This flag for virConnectBaselineCPU will allow filtering out
	CPU features that block migration from the result.

	https://bugzilla.redhat.com/show_bug.cgi?id=1171484

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Use virBufferTrim when generating boot options
	Instead of tracking the number of added parameters,
	add a comma at the end of each one unconditionally
	and trim the trailing one at the end.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Make -boot arg generation more readable
	If we combine the boot order on the command line with other
	boot options, we prepend order= in front of it.

	Instead of checking if the number of added arguments is between
	0 and 2, separate the strings for boot order and options
	and prepend boot order only if both strings are not empty.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Remove code handling the QEMU_CAPS_DOMID capability
	This option is xenner-only (since commit b81a7ece),
	and we dropped support for xenner in commit de9be0a.

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Remove bootloader option from QEMU
	It was only supported by xenner (since commit 763a59d8),
	for which we removed support in commit de9be0a.

	Remove the code generating this command line option,
	refuse to parse it and delete the outdated tests.

	https://bugzilla.redhat.com/show_bug.cgi?id=1176050

2015-03-02  Ján Tomko  <jtomko@redhat.com>

	Post-release version bump for new dev cycle

2015-03-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.13

2015-02-27  Michal Privoznik  <mprivozn@redhat.com>

	docs: Add mist.io as libvirt-based application
	As reported on the libvirt-users list [1], there's new web
	application called mist.io which uses libvirt as one of its
	backends. Lets add it into our list of libivrt based
	applications.

	1: https://www.redhat.com/archives/libvirt-users/2015-February/msg00096.html

2015-02-27  Ján Tomko  <jtomko@redhat.com>

	Really fix XML formatting flags in SaveImageUpdateDef
	Commit cf2d4c6 used a logical or instead of bitwise or,
	effectively passing 1, that is VIR_DOMAIN_XML_INACTIVE.

	This was caught by a warning when building with clang.

	https://bugzilla.redhat.com/show_bug.cgi?id=1183869

2015-02-27  Ján Tomko  <jtomko@redhat.com>

	Ignore listen attribute of <graphics> for type network listens
	Commit 6992994 started filling the listen attribute
	of the parent <graphics> elements from type='network' listens.

	When this XML is passed to UpdateDevice, parsing fails:
	XML error: graphics listen attribute 10.20.30.40 must match
	address attribute of first listen element (found none)

	Ignore the address in the parent <graphics> attribute
	when no type='address' listens are found,
	the same we ignore the address for the <listen> subelements
	when parsing inactive XML.

2015-02-26  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix error type in virStorageSourceParseBackingURI
	The gluster volume name extraction code was copied from the XML parser
	without changing the VIR_ERR_XML_ERROR error code. Use
	VIR_ERR_CONFIG_UNSUPPORTED instead.

2015-02-26  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Don't crash on gluster URIs without path
	Similar to commit fdb80ed4f6563928b9942a0d1450e0c725aa6c06 libvirtd
	would crash if a gluster URI without path would be used in the backing
	chain of a volume. The crash happens in the gluster specific part of the
	parser that extracts the gluster volume name from the path.

	Fix the crash by checking that the PATH is NULL.

	This patch does not contain a test case as it's not possible to test it
	with the current infrastructure as the test suite would attempt to
	contact the gluster server in the URI. I'm working on the test suite
	addition but that will be post-release material.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1196528

2015-02-26  Ján Tomko  <jtomko@redhat.com>

	conf: error out on missing dhcp host attributes
	In virNetworkDHCPHostDefParseXML an error is reported
	when partialOkay == true, and none of ip, mac, name
	were supplied.

	Add the missing goto and error out in this case.

2015-02-26  Luyao Huang  <lhuang@redhat.com>

	conf: error out on invalid host id
	https://bugzilla.redhat.com/show_bug.cgi?id=1196503

	We already check whether the host id is valid or not, add a jump
	to forbid invalid host id.

2015-02-25  Laine Stump  <laine@laine.org>

	qemu: fix ifindex array reported to systemd
	Commit f7afeddc added code to report to systemd an array of interface
	indexes for all tap devices used by a guest. Unfortunately it not only
	didn't add code to report the ifindexes for macvtap interfaces
	(interface type='direct') or the tap devices used by type='ethernet',
	it ended up sending "-1" as the ifindex for each macvtap or hostdev
	interface. This resulted in a failure to start any domain that had a
	macvtap or hostdev interface (or actually any type other than
	"network" or "bridge").

	This patch does the following with the nicindexes array:

	1) Modify qemuBuildInterfaceCommandLine() to only fill in the
	nicindexes array if given a non-NULL pointer to an array (and modifies
	the test jig calls to the function to send NULL). This is because
	there are tests in the test suite that have type='ethernet' and still
	have an ifname specified, but that device of course doesn't actually
	exist on the test system, so attempts to call virNetDevGetIndex() will
	fail.

	2) Even then, only add an entry to the nicindexes array for
	appropriate types, and to do so for all appropriate types ("network",
	"bridge", and "direct"), but only if the ifname is known (since that
	is required to call virNetDevGetIndex().

2015-02-25  Laine Stump  <laine@laine.org>

	util: check for null ifname inside virNetDevBandwidthSet()
	Previously this function relied on having ATTRIBUTE_NONNULL(1) in its
	prototype rather than explicitly checking for a null
	ifname. Unfortunately, ATTRIBUTE_NONNULL is just a hint to the
	optimizer and code analyzers like Coverity, it doesn't actually check
	anything at execution time, so the result was possible warnings from
	Coverity, along with the possibility of null dereferences when ifname
	wasn't available.

	This patch removes the ATTRIBUTE_NONNULL from the prototype, and
	checks ifname inside the function, logging an error if it's NULL (once
	we've determined that the user really is trying to set a bandwidth).

2015-02-25  Laine Stump  <laine@laine.org>

	network: only clear bandwidth if it has been set
	libvirt was unconditionally calling virNetDevBandwidthClear() for
	every interface (and network bridge) of a type that supported
	bandwidth, whether it actually had anything set or not. This doesn't
	hurt anything (unless ifname == NULL!), but is wasteful.

	This patch makes sure that all calls to virNetDevBandwidthClear() are
	qualified by checking that the interface really had some bandwidth
	setup done, and checks for a null ifname inside
	virNetDevBandwidthClear(), silently returning success if it is null
	(as well as removing the ATTRIBUTE_NONNULL from that function's
	prototype, since we can't guarantee that it is never null,
	e.g. sometimes a type='ethernet' interface has no ifname as it is
	provided on the fly by qemu).

2015-02-25  Peter Krempa  <pkrempa@redhat.com>

	schema: Allow interleaving the /domain/os/type element
	The element wasn't declared under the interleave thus it was required
	always to be first. This made it inconvenient when pasting new stuff to
	the XML manually in the "wrong" place.

2015-02-25  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos in messages

2015-02-25  Ján Tomko  <jtomko@redhat.com>

	Fix error messages in virStorageFileGetMetadataFromFD
	Do not use relPath, it has not been filled by virStorageFileMetadataNew.

2015-02-25  Martin Kletzander  <mkletzan@redhat.com>

	schema: Add virtio-mmio address type into RNG
	The "virtio-mmio" is perfectly valid address type which we parse and
	format correctly, but it's missing in our RNG schemas, hence editing a
	domain with device having such address fails the validation.

2015-02-25  Ján Tomko  <jtomko@redhat.com>

	Clarify behavior or virDomainDetachDevice
	Document that a complete device definition should be used
	and a partial match can lead to the device being detached.

	https://bugzilla.redhat.com/show_bug.cgi?id=872028

2015-02-25  Ján Tomko  <jtomko@redhat.com>

	Assign default SCSI controller model before checking attribute validity
	If the qemu binary on x86 does not support lsi SCSI controller,
	but it supports virtio-scsi, we reject the virtio-specific attributes
	for no reason.

	Move the default controller assignment before the check.

	https://bugzilla.redhat.com/show_bug.cgi?id=1168849

2015-02-25  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Add missing parenthesis into man page

2015-02-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Use correct flags for ABI stability check in SaveImageUpdateDef
	https://bugzilla.redhat.com/show_bug.cgi?id=1183869

	Soo. you've successfully started yourself a domain. And since you want
	to use it on your host exclusively you are confident enough to
	passthrough the host CPU model, like this:

	  <cpu mode='host-passthrough'/>

	Then, after a while, you want to save the domain into a file (e.g.
	virsh save dom dom.save). And here comes the trouble. The file consist
	of two parts: Libvirt header (containing domain XML among other
	things), and qemu migration data. Now, the domain XML in the header is
	formatted using special flags (VIR_DOMAIN_XML_SECURE |
	VIR_DOMAIN_XML_UPDATE_CPU | VIR_DOMAIN_XML_INACTIVE |
	VIR_DOMAIN_XML_MIGRATABLE).

	Then, on your way back from the bar, you think of changing something
	in the XML in the saved file (we have a command for it after all), say
	listen address for graphics console. So you successfully type in the
	command:

	  virsh save-image-edit dom.save

	Change all the bits, and exit the editor. But instead of success
	you're left with sad error message:

	  error: unsupported configuration: Target CPU model <null> does not
	  match source Pentium Pro

	Sigh. Digging into the code you see lines, where we check for ABI
	stability. The new XML you've produced is compared with the old one
	from the saved file to see if qemu ABI will break or not. Wait, what?
	We are using different flags to parse the XML you've provided so we
	were just lucky it worked in some cases? Yep, that's right.

2015-02-25  Michal Privoznik  <mprivozn@redhat.com>

	cpu: Format <cpu/> properly
	Well, not that we are not formatting invalid XML, rather than not as
	beautiful as we can:

	  <cpu mode='host-passthrough'>
	  </cpu>

	If there are no children, let's use the singleton element.

2015-02-25  Michal Privoznik  <mprivozn@redhat.com>

	virCPUDefFormatBufFull: Use our general error handling pattern
	Well, so far there are no variables to free, no cleanup work needed on
	an error, so bare 'return -1;' after each error is just okay. But this
	will change in a while.

2015-02-25  Michal Privoznik  <mprivozn@redhat.com>

	util: Introduce virBufferAddBuffer
	This API joins the following two lines:

	char *s = virBufferContentAndReset(buf1);
	virBufferAdd(buf2, s, -1);

	into one:

	virBufferAddBuffer(buf2, buf1);

	With one exception: there's no re-indentation applied to @buf1.
	The idea is, that in general both can have different indentation
	(like the test I'm adding proves)

2015-02-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu: fix memory leak while starting a guest
	In commit cc41c648 I've re-factored qemuMonitorFindBalloonObjectPath, but
	missed that there is a memory leak. The "nextpath" variable is
	overwritten while looping in for cycle and we have to free it before next
	cycle.

2015-02-24  Michal Privoznik  <mprivozn@redhat.com>

	network_conf: Forbid commas in DNS TXT
	https://bugzilla.redhat.com/show_bug.cgi?id=1151942

	While the restriction doesn't have origin in any RFC, it matters
	to us while constructing the dnsmasq config file (or command line
	previously). For better picture, this is how the corresponding
	part of network XML look like:

	  <dns>
	    <forwarder addr='8.8.4.4'/>
	    <txt name='example' value='example value'/>
	  </dns>

	And this is how the config file looks like then:

	  server=8.8.4.4
	  txt-record=example,example value

	Now we can see why there can't be any commas in the TXT name.
	They are used by dnsmasq to separate @name and @value.

	Funny, we have it in the documentation, but the code (which was
	pushed back in 2011) didn't reflect that.

2015-02-23  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	Rework s390 architecture checking
	Making use of the ARCH_IS_S390 macro introduced with
	e808357528d8be1ebc3970424b4a7b7c04eda2b6

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-02-23  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	Prevent default creation of usb controller on s390 and s390x
	Since s390 does not support usb the default creation of a usb controller
	for a domain should not occur.

	Also adjust s390 test cases by removing usb device instances since
	usb devices are no longer created by default for s390 the s390
	test cases need to be adjusted.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>

2015-02-23  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	man: moved virsh command cpu-models
	The description of the virsh command 'cpu-models' was written in the
	wrong context (i.e. beside the domain states).
	This patch moves the command description just to the cpu related
	commands like 'cpu-baseline' and 'cpu-compare'.

2015-02-23  Daniel P. Berrange  <berrange@redhat.com>

	po: Add config file for zanata
	Add configuration file for use with https://fedora.zanata.org
	translation system

2015-02-23  Michal Privoznik  <mprivozn@redhat.com>

	libvirt-guests: Allow time sync on guests resume
	Well, imagine domains were running, and as the host went down, they
	were managesaved. Later, after some time, the host went up again and
	domains got restored. But without correct time. And depending on how
	long was the host shut off, it may take some time for ntp to sync the
	time too. But hey, wait a minute. We have an API just for that! So:

	1) Introduce SYNC_TIME variable in libvirt-guests.sysconf to allow
	users control over the new functionality
	2) Call 'virsh domtime --sync $dom' in the libvirt-guests script.

	Unfortunately, this is all-or-nothing approach (just like anything
	else with the script). Domains are required to have configured and
	running qemu-ga inside.

2015-02-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix AAVMF/OVMF #define names
	The AAVMF and OVMF names were swapped. Reorder the one usage where it
	matters so behavior doesn't change.

2015-02-20  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	libxl: support backend domain setting for disk and net devices
	This implement handling of <backenddomain name=''/>  parameter introduced
	in previous patch.

	Works on Xen >= 4.3, because only there libxl supports setting backend
	domain by name.  Specifying backend domain by ID or UUID is currently not
	supported.

2015-02-20  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	conf: support backend domain name in disk and network devices
	At least Xen supports backend drivers in another domain (aka "driver
	domain"). This patch introduces an XML config option for specifying the
	backend domain name for <disk> and <interface> devices.  E.g.

	  <disk>
	    <backenddomain name='diskvm'/>
	    ...
	  </disk>
	  <interface type='bridge'>
	    <backenddomain name='netvm'/>
	    ...
	  </interface>

	In the future, same option will be needed for USB devices (hostdev
	objects), but for now libxl doesn't have support for PVUSB.

2015-02-20  Laine Stump  <laine@laine.org>

	network: allow <pf> together with <interface>/<address> in network status
	The function that parses the <forward> subelement of a network used to
	fail/log an error if the network definition contained both a <pf>
	element as well as at least one <interface> or <address> element. That
	check was present because the configuration of a network should have
	either one <pf>, one or more <interface>, or one or more <address>,
	but never combinations of multiple kinds.

	This caused a problem when libvirtd was restarted with a network
	already active - when a network with a <pf> element is started, the
	referenced PF (Physical Function of an SRIOV-capable network card) is
	checked for VFs (Virtual Functions), and the <forward> is filled in
	with a list of all VFs for that PF either in the form of their PCI
	addresses (a list of <address>) or their netdev names (a list of
	<interface>); the <pf> element is not removed though. When libvirtd is
	restarted, it parses the network status and finds both the original
	<pf> from the config, as well as the list of either <address> or
	<interface>, fails the parse, and the network is not added to the
	active list. This failure is often obscured because the network is
	marked as autostart so libvirt immediately restarts it.

	It seems odd to me that <interface> and <address> are stored in the
	same array rather than keeping two separate arrays, and having
	separate arrays would have made the check much simpler. However,
	changing to use two separate arrays would have required changes in
	more places, potentially creating more conflicts and (more
	importantly) more possible regressions in the event of a backport, so
	I chose to keep the existing data structure in order to localize the
	change.

	It appears that this problem has been in the code ever since support
	for <pf> was added (0.9.10), but until commit
	34cc3b2f106e296df5e64309620c79d16fd76c85 (first in libvirt 1.2.4)
	networks with interface pools were not properly marked as active on
	restart anyway, so there is no point in backporting this patch any
	further than that.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: caps: Add capability bit for the "pc-dimm" device
	The pc-dimm device represents a RAM memory module.

	conf: Hoist validation of memory size into the post parse callback
	Later patches will need to access the full definition to do check the
	memory size and thus the checking needs to be done after the whole
	definition including devices is known.

	conf: numa: Check ABI stability of NUMA configuration
	Add helper to compare initial sizes of indivitual NUMA nodes and the map
	of belonging vCPUs. Other configuration is not ABI.

	conf: ABI: Hugepage backing definition is not guest ABI
	The backing of the vm's memory isn't influencing the guest ABI thus
	shouldn't be checked.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Move all NUMA configuration to virDomainNuma
	For historical reasons data regarding NUMA configuration were split
	between the CPU definition and numatune. We cannot do anything about the
	XML still being split, but we certainly can at least store the relevant
	data in one place.

	This patch moves the NUMA stuff to the right place.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Add setter/getter for NUMA node memory size
	Add the helpers and refactor places where the value is accessed without
	them.

	conf: numa: Add accessor to NUMA node's memory access mode

	conf: numa: Add accessor for the NUMA node cpu mask
	Add virDomainNumaGetNodeCpumask() and refactor a few places that would
	get the cpu mask without the helper.

	conf: numa: Add helper to get guest NUMA node count and refactor users
	Add an accessor so that a later refactor is simpler.

	qemu: command: Unify retrieval of NUMA cell count in qemuBuildNumaArgStr
	The function uses the cell count in 6 places. Add a temp variable to
	hold the count as it will greatly simplify the refactor.

	conf: numa: Don't pass double pointer to virDomainNumatuneParseXML
	virDomainNumatuneParseXML now doesn't allocate the def->numa object any
	longer so we don't need to pass a double pointer.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	numa: conf: Tweak parameters of virDomainNumatuneSet
	As virDomainNumatuneSet now doesn't allocate the virDomainNuma object
	any longer it's not necessary to pass the pointer to a pointer to store
	the object as it will not change any longer.

	While touching the parameter definitions I've also changed the name of
	the parameter to "numa".

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Always allocate the NUMA config
	Since our formatter now handles well if the config is allocated and not
	filled we can safely always-allocate the NUMA config and remove the
	ad-hoc allocation code.

	This will help in later patches as the parser will be refactored to just
	fill the data.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Allocate domain definition with the new helper
	Use the virDomainDefNew() helper to allocate the definition instead of
	doing it via VIR_ALLOC.

	conf: Separate helper for creating domain objects
	Move the existing virDomainDefNew to virDomainDefNewFull as it's setting
	a few things in the conf and re-introduce virDomainDefNew as a function
	without parameters for common use.

	conf: numa: Format <numatune> XML only if necessary
	Do a content-aware check if formatting of the <numatune> element is
	necessary. Later on the def->numa structure will be always present so we
	cannot decide only on the basis whether it's allocated.

	conf: numa: Refactor logic in virDomainNumatuneParseXML
	Shuffling around the logic will allow to simplify the code quite a bit.
	As an additional bonus the change in the logic now reports an error if
	automatic placement is selected and individual placement is configured.

	conf: numa: Reformat virDomainNumatuneParseXML
	Collapse few of the conditions so that the program flow is more clear.

	conf: numa: Improve error message in case a numa node doesn't have cpus
	Currently the code would exit without reporting an error as
	virBitmapParse reports one only if it fails to parse the bitmap, whereas
	the code was jumping to the error label even in case 0 cpus were
	correctly parsed in the map.

	conf: numa: Recalculate rather than remember total NUMA cpu count
	It's easier to recalculate the number in the one place it's used as
	having a separate variable to track it. It will also help with moving
	the NUMA code to the separate module.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Move enum virMemAccess to the NUMA code and rename it
	Name it virNumaMemAccess and add it to conf/numa_conf.[ch]

	Note that to avoid a circular dependency the type of the NUMA cell
	memAccess variable was changed to int. It will be turned back later
	after the circular dependency will not exist.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Rename virDomainNumatune to virDomainNuma
	The structure will gradually become the only place for NUMA related
	config, thus rename it appropriately.

	conf: Move NUMA cell formatter to numa_conf
	Move the code that formats the /domain/cpu/numa element to numa_conf as
	it belongs there.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: numa: Don't duplicate NUMA cell cpumask
	The mask was stored both as a bitmap and as a string. The string is used
	for XML output only. Remove the string, as it can be reconstructed from
	the bitmap.

	The test change is necessary as the bitmap formatter doesn't "optimize"
	using the '^' operator.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainNumaDefCPUParseXML
	Rewrite the function to save a few local variables and reorder the code
	to make more sense.

	Additionally the ncells_max member of the virCPUDef structure is used
	only for tracking allocation when parsing the numa definition, which can
	be avoided by switching to VIR_ALLOC_N as the array is not resized
	after initial allocation.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Move NUMA cell parsing code from cpu conf to numa conf
	For weird historical reasons NUMA cells are added as a subelement of
	<cpu> while the actual configuration is done in <numatune>.

	This patch splits out the cell parser code from cpu config to NUMA
	config. Note that the changes to the code are minimal just to make it
	work and the function will be refactored in the next patch.

2015-02-20  Peter Krempa  <pkrempa@redhat.com>

	conf: Move numatune_conf to numa_conf
	For a while now there are two places that gather information about NUMA
	related guest configuration. While the XML can't be changed we can at
	least store the data in one place in the definition.

	Rename the numatune_conf.[ch] files to numa_conf as later patches will
	move the rest of the definitions from the cpu definition to this one.

2015-02-20  Pavel Hrdina  <phrdina@redhat.com>

	virsh: fix vcpupin info
	The "virDomainGetInfo" will get for running domain only live info and for
	offline domain only config info. There was no way how to get config info
	for running domain. We will use "vshCPUCountCollect" instead to get the
	correct cpu count that we need to pass to "virDomainGetVcpuPinInfo".

	Also cleanup some unnecessary variables and checks that are done by
	drivers.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1160559

2015-02-20  Michal Privoznik  <mprivozn@redhat.com>

	virQEMUCapsCacheLookupCopy: Filter qemuCaps based on machineType
	Not all machine types support all devices, device properties, backends,
	etc. So until we create a matrix of [machineType, qemuCaps], lets just
	filter out some capabilities before we return them to the consumer
	(which is going to make decisions based on them straight away).
	Currently, as qemu is unable to tell which capabilities are (not)
	enabled for given machine types, it's us who has to hardcode the matrix.
	One day maybe the hardcoding will go away and we can create the matrix
	dynamically on the fly based on a few monitor calls.

	virQEMUCapsCacheLookupCopy: Pass machine type
	It will come handy in the near future when we will filter some
	capabilities based on it.

2015-02-20  Martin Kletzander  <mkletzan@redhat.com>

	virsh-edit: Make force editing usable
	When editing a domain with 'virsh edit' and failing validation, the
	usual message pops up:

	  Failed. Try again? [y,n,f,?]:

	Turning off validation can be useful, mainly for testing (but other
	purposes too), so this patch adds support for relaxing definition in
	virsh-edit and makes 'virsh edit <domain>' more usable.

2015-02-19  Mikhail Feoktistov  <mfeoktistov@parallels.com>

	parallels: Set the first HDD from XML as bootable
	1. Delete all boot devices for VM instance
	2. Find the first HDD from XML and set it as bootable

	Now we support only one boot device and it should be HDD.

2015-02-19  Mikhail Feoktistov  <mfeoktistov@parallels.com>

	parallels: Use IS_CT() macro instead of STREQ("exe")

	parallels: code aligment

2015-02-19  Jiri Denemark  <jdenemar@redhat.com>

	Search for schemas and cpu_map.xml in source tree
	Not all files we want to find using virFileFindResource{,Full} are
	generated when libvirt is built, some of them (such as RNG schemas) are
	distributed with sources. The current API was not able to find source
	files if libvirt was built in VPATH.

	Both RNG schemas and cpu_map.xml are distributed in source tarball.

2015-02-19  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationDriveMirror: Listen to events
	https://bugzilla.redhat.com/show_bug.cgi?id=1179678

	When migrating with storage, libvirt iterates over domain disks and
	instruct qemu to migrate the ones we are interested in (shared, RO and
	source-less disks are skipped). The disks are migrated in series. No
	new disk is transferred until the previous one hasn't been quiesced.
	This is checked on the qemu monitor via 'query-jobs' command. If the
	disk has been quiesced, it practically went from copying its content
	to mirroring state, where all disk writes are mirrored to the other
	side of migration too. Having said that, there's one inherent error in
	the design. The monitor command we use reports only active jobs. So if
	the job fails for whatever reason, we will not see it anymore in the
	command output. And this can happen fairly simply: just try to migrate
	a domain with storage. If the storage migration fails (e.g. due to
	ENOSPC on the destination) we resume the host on the destination and
	let it run on partly copied disk.

	The proper fix is what even the comment in the code says: listen for
	qemu events instead of polling. If storage migration changes state an
	event is emitted and we can act accordingly: either consider disk
	copied and continue the process, or consider disk mangled and abort
	the migration.

2015-02-19  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHandleBlockJob: Take status into account
	Upon BLOCK_JOB_COMPLETED event delivery, we check if the job has
	completed (in qemuMonitorJSONHandleBlockJobImpl()). For better image,
	the event looks something like this:

	"timestamp": {"seconds": 1423582694, "microseconds": 372666}, "event":
	"BLOCK_JOB_COMPLETED", "data": {"device": "drive-virtio-disk0", "len":
	8412790784, "offset": 409993216, "speed": 8796093022207, "type":
	"mirror", "error": "No space left on device"}}

	If "len" does not equal "offset" it's considered an error, and we can
	clearly see "error" field filled in. However, later in the event
	processing this case was handled no differently to case of job being
	aborted via separate API. It's time that we start differentiate these
	two because of the future work.

2015-02-19  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessHandleBlockJob: Set disk->mirrorState more often
	Currently, upon BLOCK_JOB_* event, disk->mirrorState is not updated
	each time. The callback code handling the events checks if a blockjob
	was started via our public APIs prior to setting the mirrorState.
	However, some block jobs may be started internally (e.g. during
	storage migration), in which case we don't bother with setting
	disk->mirror (there's nothing we can set it to anyway), or other
	fields. But it will come handy if we update the mirrorState in these
	cases too. The event wasn't delivered just for fun - we've started the
	job after all.

	So, in this commit, the mirrorState is set to whatever job status
	we've obtained. Of course, there are some actions on some statuses
	that we want to perform. But instead of if {} else if {} else {} ...
	enumeration, let's move to switch().

2015-02-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Exit job on error path of qemuDomainSetVcpusFlags()
	Commit e105dc981438bc33fa771bd67cece6234dbf6c8d moved some code but
	didn't adjust the jump labels so that the job would be terminated.

2015-02-18  Pavel Hrdina  <phrdina@redhat.com>

	daemon: Fix segfault by reloading daemon right after start
	Libvirt could crash with segfault if user issue "service reload" right
	after "service start". One possible way to crash libvirt is to run reload
	during initialization of QEMU driver.

	It could happen when qemu driver will initialize qemu_driver_lock but
	don't have a time to set it's "config" and the SIGHUP arrives. The
	reload handler tries to get qemu_drv->config during "virStorageAutostart"
	and dereference it which ends with segfault.

	Let's ignore all reload requests until all drivers are initialized. In
	addition set driversInitialized before we enter virStateCleanup to
	ignore reload request while we are shutting down.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1179981

2015-02-18  Ján Tomko  <jtomko@redhat.com>

	docs: clarify nat range behavior
	All the addresses from the range are used, not just those
	that are in use on the host.

	https://bugzilla.redhat.com/show_bug.cgi?id=1079917

2015-02-17  Daniel P. Berrange  <berrange@redhat.com>

	docs: add page about virtlockd setup
	Introduce some basic docs describing the virtlockd setup.

	docs: split out sanlock setup docs
	In preparation for adding docs about virtlockd, split out
	the sanlock setup docs into a separate page.

2015-02-17  Pavel Hrdina  <phrdina@redhat.com>

	qemu_cgroup: initialize mem_mask to NULL
	If 'virNumaGetHostNodeset()' fails then the error path will try to free
	uninitialized pointer mem_mask. Introduced by commit af2a1f058.

2015-02-17  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	PowerPC : Forbid NULL CPU model with 'host-model' mode.
	PowerPC : Forbid NULL CPU model with 'host-model' mode in qemu command line.

	This ensures that an XML such as following:
	...
	  <cpu mode='host-model'>
	    <model fallback='allow'/>
	  </cpu>
	...

	will not generate a '-cpu host,compat=(null)' command line with qemu-system-ppc64.

2015-02-17  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	PowerPC : Make 'qemu-system-ppc64' the default emulator on ppc64[le].
	PowerPC : Explicitly associate 'qemu-system-ppc64' as the
	 default emulator for all 64-bit PowerPC guests ( both Big & Little Endian )

2015-02-17  Luyao Huang  <lhuang@redhat.com>

	qemu: fix vm deadlock when try to use numatune in session mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1126762

	Commit 43b67f introduced a deadlock issue when we use numatune
	to change numa settings to a vm in session mode.

	Jump to endjob instead of jump to cleanup.

2015-02-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildMemoryBackendStr: Report backend requirement more appropriately
	So, when building the '-numa' command line, the
	qemuBuildMemoryBackendStr() function does quite a lot of checks to
	chose the best backend, or to check if one is in fact needed. However,
	it returned that backend is needed even for this little fella:

	  <numatune>
	    <memory mode="strict" nodeset="0,2"/>
	  </numatune>

	This can be guaranteed via CGroups entirely, there's no need to use
	memory-backend-ram to let qemu know where to get memory from. Well, as
	long as there's no <memnode/> element, which explicitly requires the
	backend. Long story short, we wouldn't have to care, as qemu works
	either way. However, the problem is migration (as always). Previously,
	libvirt would have started qemu with:

	  -numa node,memory=X

	in this case and restricted memory placement in CGroups. Today, libvirt
	creates more complicated command line:

	  -object memory-backend-ram,id=ram-node0,size=X
	  -numa node,memdev=ram-node0

	Again, one wouldn't find anything wrong with these two approaches.
	Both work just fine. Unless you try to migrated from the older libvirt
	into the newer one. These two approaches are, unfortunately, not
	compatible. My suggestion is, in order to allow users to migrate, lets
	use the older approach for as long as the newer one is not needed.

2015-02-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Fake response from numad
	Well, we can pretend that we've asked numad for its suggestion and let
	qemu command line be built with that respect. Again, this alone has no
	big value, but see later commits which build on the top of this.

	numatune_conf: Expose virDomainNumatuneNodeSpecified
	This function is going to be needed in the near future.

2015-02-16  Luyao Huang  <lhuang@redhat.com>

	virsh: fix IP address in vncdisplay for listen type='network'
	Just like the fix for domdisplay in commit 1ba815.

2015-02-14  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Periodically my Coverity scan will return a checked_return failure
	for libxlDomainShutdownThread call to libxlDomainStart. Followed the
	libxlAutostartDomain example in order to check the status, emit a
	message, and continue on.

	security: Resolve Coverity RESOURCE_LEAK
	Introduced by commit id 'c3d9d3bb' - return from virSecurityManagerCheckModel
	wasn't VIR_FREE()'ing the virSecurityManagerGetNested allocated memory.

2015-02-13  Luyao Huang  <lhuang@redhat.com>

	lxc: Fix container cleanup for LXCProcessStart
	Jumping to the cleanup label prior to starting the container failed to
	properly clean everything up that is handled by the virLXCProcessCleanup
	which is called if virLXCProcessStop is called on failure after the
	container properly starts. Most importantly is prior to this patch none
	of the stop/release hooks, host device reattachment, and network cleanup
	(that is reverse of virLXCProcessSetupInterfaces).

2015-02-13  John Ferlan  <jferlan@redhat.com>

	lxc: Modify/add some debug messages
	Modify the VIR_DEBUG message in virLXCProcessCleanup to make it clearer
	about the path.  Also add some more VIR_DEBUG messages in virLXCProcessStart
	in order to help debug error flow.

2015-02-13  Luyao Huang  <lhuang@redhat.com>

	lxc: Move console checks in LXCProcessStart
	https://bugzilla.redhat.com/show_bug.cgi?id=1176503

	Move the two console checks - one for zero nconsoles present and the
	other for an invalid console type to earlier in the processing rather than
	getting after performing some setup that has to be undone for what amounts
	to an invalid configuration.

	This resolves the above bug since it's not not possible to have changed
	the security labels when we cause the configuration check failure.

2015-02-13  Erik Skultety  <eskultet@redhat.com>

	security: Refactor virSecurityManagerGenLabel
	if (mgr == NULL || mgr->drv == NULL)
	    return ret;

	This check isn't really necessary, security manager cannot be a NULL
	pointer as it is either selinux (by default) or 'none', if no other driver is
	set in the config. Even with no config file driver name yields 'none'.

	The other hunk checks for domain's security model validity, but we should
	also check devices' security model as well, therefore this hunk is moved into
	a separate function which is called by virSecurityManagerCheckAllLabel that
	checks both the domain's security model and devices' security model.

	https://bugzilla.redhat.com/show_bug.cgi?id=1165485

2015-02-13  Erik Skultety  <eskultet@redhat.com>

	security: introduce virSecurityManagerCheckAllLabel function
	We do have a check for valid per-domain security model, however we still
	do permit an invalid security model for a domain's device (those which
	are specified with <source> element).
	This patch introduces a new function virSecurityManagerCheckAllLabel
	which compares user specified security model against currently
	registered security drivers. That being said, it also permits 'none'
	being specified as a device security model.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485

2015-02-13  Ján Tomko  <jtomko@redhat.com>

	Wire up mrg_rxbuf option for qemu
	<interface ...>
	  ...
	  <model type='virtio'/>
	  <driver ...>
	    <host mrg_rxbuf='off'/>
	  </driver>
	</interface>

	will result in:
	-device virtio-net-pci,mrg_rxbuf=off,...

	https://bugzilla.redhat.com/show_bug.cgi?id=1186886

2015-02-13  Ján Tomko  <jtomko@redhat.com>

	Add mrg_rxbuf option to virtio interfaces
	Add an XML attribute to allow disabling merge of rx buffers
	on the host:
	<interface ...>
	  ...
	  <model type='virtio'/>
	  <driver ...>
	    <host mrg_rxbuf='off'/>
	  </driver>
	</interface>

	https://bugzilla.redhat.com/show_bug.cgi?id=1186886

2015-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virsh attach-interface: Allow macvtap hotplug
	Our hotplug code supports macvtap insertion to guests. However, we
	somehow forgot about 'attach-interface' (which tries to build XML from
	passed arguments and use virDomainAttachDeviceFlags()).
	New type is accessible under 'direct' type, to keep the same type as
	used in domain XML.

	virsh attach-interface: Use virDomainNetType{From,To}String()
	Instead of verbose string to enum conversion (if STREQ() else if
	STREQ() else if STREQ() ...) lets use virDomainNetType{From,To}String.

	virsh attach-interface: Use enum instead of arbitrary integers
	The type of interface to attach is held in the variable 'typ'.
	Depending on interface type selected by user, the variable is set
	either to 1 (network), or 2 (bridge). Lets use already existing
	enum from domain_conf.h instead: virDomainNetType.

	libvirt_private.syms: Expose virDomainNetTypeFromString
	The enum converters are defined in the domain_conf.h (so
	accessible widely across the code), but on the symbol layer, only
	virDomainNetTypeToString was exposed. However, FromString variant
	is going to be needed shortly.

2015-02-12  Pavel Hrdina  <phrdina@redhat.com>

	virprocess: fix MinGW build and RHEL-5 build
	Commit b6a2828e introduced new functions to set process scheduler. There
	is a small typo in ELSE path for systems where scheduler is not
	available.

	Also some of the definitions were introduced later in kernel. For
	example RHEL-5 is running on kernel 2.6.18, but SCHED_IDLE was introduces
	in 2.6.23 [1] and SCHED_BATCH in 2.6.16 [1]. We should not count only on
	existence of function sched_setscheduler(), we must also check for
	existence of used macros as they might not be defined.

	[1] see 'man 7 sched'

2015-02-12  Zhang Bo  <oscar.zhangbo@huawei.com>

	Fix a syntax error in the description text of libvirtd.conf
	not yet not -> not yet.

2015-02-12  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix version reference in vcpu/iothread scheduling

2015-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Allow shrinking of file based volumes
	While the main storage driver code allows the flag
	VIR_STORAGE_VOL_RESIZE_SHRINK to be set, none of the backend
	drivers are supporting it. At the very least this can work
	for plain file based volumes since we just ftruncate() them
	to the new size. It does not work with qcow2 volumes, but we
	can arguably delegate to qemu-img for error reporting for that
	instead of second guessing this for ourselves:

	$ virsh vol-resize --shrink /home/berrange/VirtualMachines/demo.qcow2 2G
	error: Failed to change size of volume 'demo.qcow2' to 2G

	error: internal error: Child process (/usr/bin/qemu-img resize /home/berrange/VirtualMachines/demo.qcow2 2147483648) unexpected exit status 1: qemu-img: qcow2 doesn't support shrinking images yet
	qemu-img: This image does not support resize

	See also https://bugzilla.redhat.com/show_bug.cgi?id=1021802

2015-02-12  Daniel P. Berrange  <berrange@redhat.com>

	qemu: do upfront check for vcpupids being null when querying pinning
	The qemuDomainHelperGetVcpus attempted to report an error when the
	vcpupids info was NULL. Unfortunately earlier code would clamp the
	value of 'maxinfo' to 0 when nvcpupids was 0, so the error reporting
	would end up being skipped.

	This lead to 'virsh vcpuinfo <dom>' just returning an empty list
	instead of giving the user a clear error.

2015-02-12  Daniel P. Berrange  <berrange@redhat.com>

	qemu: fix setting of VM CPU affinity with TCG
	If a previous commit I fixed the incorrect handling of vcpu pids
	for TCG mode QEMU:

	  commit b07f3d821dfb11a118ee75ea275fd6ab737d9500
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Thu Dec 18 16:34:39 2014 +0000

	    Don't setup fake CPU pids for old QEMU

	    The code assumes that def->vcpus == nvcpupids, so when we setup
	    fake CPU pids for old QEMU with nvcpupids == 1, we cause the
	    later code to read off the end of the array. This has fun results
	    like sche_setaffinity(0, ...) which changes libvirtd's own CPU
	    affinity, or even better sched_setaffinity($RANDOM, ...) which
	    changes the affinity of a random OS process.

	The intent was that this would merely disable the ability to set
	per-vCPU affinity. It should still have been possible to set VM
	level host CPU affinity.

	Unfortunately, when you set  <vcpu cpuset='0-1'>4</vcpu>, the XML
	parser will internally take this & initialize an entry in the
	def->cputune.vcpupin array for every VCPU. IOW this is implicitly
	being treated as

	  <cputune>
	    <vcpupin cpuset='0-1' vcpu='0'/>
	    <vcpupin cpuset='0-1' vcpu='1'/>
	    <vcpupin cpuset='0-1' vcpu='2'/>
	    <vcpupin cpuset='0-1' vcpu='3'/>
	  </cputune>

	Even more fun, the faked cputune elements are hidden from view when
	querying the live XML, because their cpuset mask is the same as the
	VM default cpumask.

	The upshot was that it was impossible to set VM level CPU affinity.

	To fix this we must update qemuProcessSetVcpuAffinities so that it
	only reports a fatal error if the per-VCPU cpu mask is different
	from the VM level cpu mask.

2015-02-12  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: disable VNC and SDL until explicitly enabled
	When initializing a libxl_domain_build_info struct with
	libxl_domain_build_info_init(), VNC is enabled by default.  As a
	result, VMs configured with no graphics still have VNC enabled.
	This behavior is a regression wrt to the legacy Xen driver.

	libxl: pass ipaddr to libxl toolstack
	Do not silently ignore its value. LibXL support only one address, so
	refuse multiple IPs.

2015-02-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for setting vCPU and I/O thread scheduler setting
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

2015-02-11  Martin Kletzander  <mkletzan@redhat.com>

	docs, schema, conf: Add support for setting scheduler parameters of guest threads
	In order for QEMU vCPU (and other) threads to run with RT scheduler,
	libvirt needs to take care of that so QEMU doesn't have to run privileged.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178986

2015-02-11  Martin Kletzander  <mkletzan@redhat.com>

	util: Add virProcessSetScheduler() function for scheduler settings
	This function uses sched_setscheduler() function so it works with
	processes and threads as well (even threads not created by us, which is
	what we'll need in the future).

2015-02-11  Laine Stump  <laine@laine.org>

	domain: include portgroup in interface status xml
	Prior to commit 7d5bf484747 (first appearing in libvirt 1.2.2), the
	status XML of a domain's interface was missing a lot of important
	information; mainly it just output the config of the interface, plus
	the name of the tap device and qemu device alias. Commit 7d5bf484747
	changed the status XML to include many important bits of information
	that were required to make network "hook" scripts useful - bandwidth
	information, vlan tag, the name of the bridge (or physical device in
	the case of macvtap) that the tap/macvtap device was attached to - the
	commit log for 7d5bf484747 has a very detailed explanation of the
	change. For quick reference - in the example given there, prior to the
	change, status XML looked like figure [C]:

	      <interface type='network'>
	        <source network='testnet' portgroup='admin'/>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>

	and after the change, it looked like figure [E]:

	      <interface type='direct'>
	        <source dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>

	You'll notice that bandwidth info, physdev, and macvtap mode have been
	added, but the network and portgroup names are now missing - I didn't
	think that this information was of any use once the needed
	bandwidth/vlan/etc config had been pulled from the network/portgroup.

	I was wrong.

	A few months after that change a user on IRC asked what happened to
	portgroup in the status XML and described how he used it (more or less
	as a tag to decide what external information to use in a hook script
	that was run at startup/migration time - see
	http://wiki.libvirt.org/page/OVS_and_PVLANS ). At that time I planned
	to make a patch to re-add portgroup, but life intervened as that was
	just prior to a transatlantic move involving several weeks of
	"vacation". During this time I somehow forgot to make the patch, and
	also mistakenly remembered that I *had* made it.

	Subsequent to this, as a part of mprivozn's work to add support for
	network-specific hooks, I did re-add the output of the network name in
	status XML, but once again completely forgot about portgroup. This was
	in commit a3609121 (first appearing in libvirt 1.2.11). This made the
	status XML from the above example look like this:

	      <interface type='direct'>
	        <source network='testnet' dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>

	*This* patch just adds the portgroup back to the status XML, so the
	 same example interface will look like this:

	      <interface type='direct'>
	        <source network='testnet' portgroup='admin'
	                dev='p4p1_0' mode='bridge'/>
	        <bandwidth>
	            <inbound average='1000' peak='5000' burst='1024'/>
	            <outbound average='128' peak='256' burst='256'/>
	        </bandwidth>
	        <target dev='macvtap0'/>
	        <alias name='net0'/>
	        <address type='pci' domain='0x0000' bus='0x00'
	                 slot='0x03' function='0x0'/>
	      </interface>

	The result is that the status XML now contains all information about
	how the interface is setup (bandwidth, physical device, tap device,
	etc), in addition to pointers to its origin (the network and
	portgroup).

2015-02-11  Laine Stump  <laine@laine.org>

	domain: avoid potential memory leak in virDomainGraphicsListenSet*()
	virDomainGraphicsListenSetAddress() and
	virDomainGraphicsListenSetNetwork() both set their respective char* to
	NULL directly when asked to set it to NULL, which is okay as long as
	it's already set to NULL. If these functions are ever called to clear
	a listen object that has a valid string in address or network, it will
	end up leaking the old value. Currently that doesn't happen, so this
	is just a preemptive strike.

2015-02-11  Laine Stump  <laine@laine.org>

	domain: backfill listen address to parent <graphics> listen attribute
	Prior to 0.9.4, libvirt only supported a single listen, and it had to
	be an IP address:

	   <graphics listen='1.2.3.4' ..../>

	Starting with 0.9.4, a graphics element could have a <listen>
	subelement (actually the grammar supports multiples, but all of the
	drivers only support a single <listen> per <graphics>), and that
	listen element can be of type='address' or type='network'. For
	type='address', <listen> also has an attribute called 'address' which
	contains the IP address for listening:

	    <graphics ....>
	      <listen type='address' address='1.2.3.4' .../>
	    </graphics>

	type can also be "network", and in that case listen will have a
	"network" attribute which will contain the name of a libvirt
	network:

	    <graphics ....>
	      <listen type='network' network='testnet' .../>
	    </graphics>

	At domain start (or migrate) time, libvirt will attempt to
	find an IP address associated with that network (e.g. the IP address
	of the bridge device used by the network, or the physical device
	listed in <forward dev='physdev'/>) and fill in that address in the
	status XML:

	    <graphics ....>
	      <listen type='network' network='testnet' address='1.2.3.4' .../>
	    </graphics>

	In the case that a <graphics> element has a <listen> subelement of
	type='address', that listen subelement's "address" attribute is
	backfilled into the parent graphics element's "listen" *attribute* for
	backward compatibility (so that a management application unaware of
	the separate <listen> element can still learn the listen
	address). This backfill should be done with the IP learned from
	type='network' as well, and that's what this patch does:

	    <graphics listen='1.2.3.4' ....>
	      <listen type='network' network='testnet' address='1.2.3.4' .../>
	    </graphics>

	This is a continuation of the fix for:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1191016

2015-02-11  Luyao Huang  <lhuang@redhat.com>

	virsh: fix IP address in domdisplay for listen type='network'
	https://bugzilla.redhat.com/show_bug.cgi?id=1191016

	virsh's domdisplay command looks in /domain/devices/graphics/@listen
	of the domain's XML for the listen address, however for listen
	type='network' (added in libvirt 0.9.4), the <graphics> element
	doesn't have a listen attribute, but has a <listen> subelement,
	*still* with no address (this is the inactive XML):

	 <graphics type='spice' autoport='yes' keymap='en-us'>
	  <listen type='network' network='default'/>
	 </graphics>

	However, at domain start time the <listen> subelement gets its address
	attribute filled in once libvirt figures out the IP address associated
	with the named network (this is the status XML):

	 <graphics type='spice' port='5901' autoport='yes' keymap='en-us'>
	  <listen type='network' address='192.168.122.1' network='default'/>
	 </graphics>

	So in these cases, we need to look at
	/domain/devices/graphics/listen/@address instead.

	Even though another patch is being pushed that will backfill
	listen/@address into @listen, this patch is still useful, as it fixes
	domdisplay for cases of a new virsh (with this patch) connecting to a
	libvirtd that is newer than 0.9.4 but doesn't have the followup patch.

2015-02-11  Pavel Hrdina  <phrdina@redhat.com>

	bhyvexml2argvmock: change int to size_t for tapfdSize
	Commit c5b6a4a5 forget to update also this mock function.

2015-02-11  John Ferlan  <jferlan@redhat.com>

	qemu: qemuOpenFileAs - set flag VIR_FILE_OPEN_FORCE_MODE
	In the event we're falling into the code that tries to create the file
	in a forked environment (VIR_FILE_OPEN_FORK) we pass different mode bits,
	but those are never set because the virFileOpenForceOwnerMode has a check
	if the OPEN_FORCE_MODE bit is set before attempting to change the mode.

	Since this is a special case it seems reasonable to set u+rw,g+rw,o

2015-02-11  John Ferlan  <jferlan@redhat.com>

	virfile: Adjust error path for virFileOpenForked
	Rather than have a dummy waitpid loop and return of the failure status
	from recvfd, adjust the logic to save the recvfd error & fd and then
	in priority order:

	- if waitpid failed, use that errno value
	- waitpid succeeded, but if the child exited abnormally, report failure
	(use EACCES to report as return failure, since either EACCES or EPERM is
	what caused us to fall into the fork+setuid path)
	- waitpid succeeded, but if the child reported non-zero status, report
	failure (use the errno value that the child encoded into exit status)
	- waitpid succeeded, but if recvfd failed, report recvfd_errno
	- waitpid and recvfd succeeded, use the fd

	NOTE: Original logic to retry the open and force owner mode was
	"documented" as only being attempted if we had already tried opening
	with the fork+setuid, but checked flags vs. VIR_FILE_OPEN_NOFORK which
	is counter to how we would get to that point. So that code was removed.

2015-02-11  Luyao Huang  <lhuang@redhat.com>

	qemu: fix crash when migrateuri has no scheme
	https://bugzilla.redhat.com/show_bug.cgi?id=1191355

	When we attempt to migrate a vm with a migrateuri that has no scheme:

	 # virsh migrate test4 --live qemu+ssh://lhuang/system --migrateuri 127.0.0.1

	target libvirtd will crash because uri->scheme is NULL in
	qemuMigrationPrepareDirect on this line:

	     if (STRNEQ(uri->scheme, "tcp") &&

	Add a value check before this line. Also fix a bug like this in
	doNativeMigrate, that could only happen when destination libvirtd
	returned an incorrect URI.

2015-02-11  Zhang Bo  <oscar.zhangbo@huawei.com>

	conf: Fix libvirtd crash and memory leak caused by virDomainVcpuPinDel()
	The function virDomainVcpuPinDel() used vcpupin_list to stand for
	def->cputune.vcpupin, which made the codes more readable.
	However, in this function, it will realloc vcpupin_list later.
	As the definition of realloc(), it may free vcpupin_list and then
	points it to a new-realloced address, but def->cputune.vcpupin doesn't
	point to the new address(it's freed however).
	Thus,
	1) When we refer to the def->cputune.vcpupin afterwards, which was freed
	by realloc(), an INVALID READ occurs, and libvirtd may crash.
	2) As no one will use vcpupin_list any more, and no one frees it(it's just
	alloced by realloc()), memory leak occurs.

	Part of the valgrind logs are shown as below:
	==1837== Thread 15:
	==1837== Invalid read of size 8
	==1837==    at 0x5367337: virDomainDefFormatInternal (domain_conf.c:18392)
	        which is : virBufferAsprintf(buf, "<vcpupin vcpu='%u' ",
	                          def->cputune.vcpupin[i]->vcpuid);
	==1837==    by 0x536966C: virDomainObjFormat (domain_conf.c:18970)
	==1837==    by 0x5369743: virDomainSaveStatus (domain_conf.c:19166)
	==1837==    by 0x117B26DC: qemuDomainPinVcpuFlags (qemu_driver.c:4586)
	==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
	==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
	==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
	==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
	==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)
	==1837==    by 0x171E6E: virNetServerHandleJob (virnetserver.c:193)
	==1837==    by 0x5318E78: virThreadPoolWorker (virthreadpool.c:145)
	==1837==  Address 0x12ea2870 is 0 bytes inside a block of size 16 free'd
	==1837==    at 0x4C291AC: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==1837==    by 0x52A3D14: virReallocN (viralloc.c:245)
	==1837==    by 0x52A3DFB: virShrinkN (viralloc.c:372)
	==1837==    by 0x52A3F57: virDeleteElementsN (viralloc.c:503)
	==1837==    by 0x533939E: virDomainVcpuPinDel (domain_conf.c:15405)  //doReset为true时才会进到。
	==1837==    by 0x117B2642: qemuDomainPinVcpuFlags (qemu_driver.c:4573)
	==1837==    by 0x53EA313: virDomainPinVcpuFlags (libvirt.c:9803)
	==1837==    by 0x14CB7D: remoteDispatchDomainPinVcpuFlags (remote_dispatch.h:6762)
	==1837==    by 0x14CC81: remoteDispatchDomainPinVcpuFlagsHelper (remote_dispatch.h:6740)
	==1837==    by 0x5464C30: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
	==1837==    by 0x546507A: virNetServerProgramDispatch (virnetserverprogram.c:307)
	==1837==    by 0x171B83: virNetServerProcessMsg (virnetserver.c:172)

	Steps to reproduce the problem:
	1) use virDomainPinVcpuFlags() to pin a guest's vcpu to all the pcpus
	of the host.

	This patch uses def->cputune.vcpupin instead of vcpupin_list to do the
	realloc() job, to avoid invalid read or memory leaking.

2015-02-11  Erik Skultety  <eskultet@redhat.com>

	conf: forbid seclabel duplicates for domain devices
	Parser checks for per-domain seclabel duplicates, so it would be nice if
	it checked for per-device seclabel duplicates the same way

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1165485

2015-02-11  Erik Skultety  <eskultet@redhat.com>

	schema: allow multiple seclabel for devices in domaincommon.rng
	In our RNG schema we do allow multiple (different) seclabels per-domain,
	but don't allow this for devices, yet we neither have a check in our XML parser,
	nor in a post-parse callback. In that case we should allow multiple
	(different) seclabels for devices as well.

2015-02-10  Ján Tomko  <jtomko@redhat.com>

	Fix qemu job handling in SetSchedulerParameters
	Commit c5ee5cf added a job to SetSchedulerParameters, but
	forgot to change one label in the SCHED_RANGE_CHECK macro.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	qemu: Implement random number generator hotunplug

	qemu: Implement random number generator hotplug
	Export the required helpers and add backend code to hotplug RNG devices.

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement random number generator cold (un)plug
	Add support for using the attach/detach device APIs on the inactive
	configuration to add RNG devices.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	conf: Add helpers to insert/remove/find RNG devices in domain def
	The helpers will be useful when implementing hotplug and coldplug of
	random number generator devices.

	audit: export virDomainAuditRNG

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Refactor creation of RNG device commandline
	As the RNG device is using an -object as backend refactor the code to
	use the JSON to commandline generator so that we can reuse the code
	later in hotplug.

	qemu: command: Break some very long lines in qemuBuildRNGDevStr()

	qemu: command: Shuffle around formatting of alias for RNG device backend
	Move the alias name right after the object type for rng-egd backend so
	that we can later use the JSON to commandline generator to create the
	command line.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	qemu: command: Make RNG backend device IDs unique
	Libvirt didn't prefix the random number generator backend object alias
	with any string thus the device alias and object alias were identical.

	To avoid possible problems, rename the alias for the backend object and
	tweak tests to comply with the change.

2015-02-10  Luyao Huang  <lhuang@redhat.com>

	qemu: refactor qemuBuildRNGDeviceArgs to allow reuse in RNG hotplug
	Rename qemuBuildRNGDeviceArgs to qemuBuildRNGDevStr and change the
	return type so that it can be reused in the device hotplug code later.

	qemu: Add helper to assign RNG device aliases
	This function is used to assign an alias for a RNG device. It will be
	later reused when hotplugging RNGs.

2015-02-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Introduce helper to find duplicate device address
	When adding devices to the definition it's useful to check whether the
	devices don't reside on a conflicting address. This patch adds a helper
	that iterates all device info and compares the addresses with the given
	info.

2015-02-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: disallow invalid values for video attributes
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1190956

2015-02-09  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	S390: Documentation for ccw address type
	Change the wording in the device-address-part of the docmunentation since
	the ccw bus address support added to the optional address parameter of
	virsh attach-disk for S390.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2015-02-09  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	S390: ccw support for virsh attach-disk address parameter
	Adding ccw bus address support to the optional address parameter of virsh
	attach-disk. The format used is ccw:cssid. ssid.devno, e.g.
	ccw:0xfe.0x0.0x0201

	Virtio-ccw devices must have their cssid set to 0xfe.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>

2015-02-09  Erik Skultety  <eskultet@redhat.com>

	conf: fix a minor typo

2015-02-09  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Clear dynamic seclabels on LXCProcessStart failure
	commit a58e1cb4 didn't fix the bug if the security_default_confined is
	not set to 1. We now clean up even if there is no seclabel defined or
	the default one.

2015-02-06  Stefan Zimmermann  <stzi@linux.vnet.ibm.com>

	maint: improve usage of autogen's --no-git
	If you build libvirt with the --no-git option, then gnulib requires
	either $GNULIB_SRCDIR in the environment or --gnulib-srcdir on the
	command line.  But we had not been supporting its use from the
	command line.  This patch is a bit picky: --gnulib-srcdir must be
	passed immediately after --no-git; but since we don't reorder
	arguments, and since we already required --no-git to be first to
	have any effect, it's not too horrible.  It also does the wrong
	thing if you include spaces in your arguments, but developers
	doing that deserve what they get, right?

2015-02-06  Laine Stump  <laine@laine.org>

	network: don't allow multiple portgroups with the same name in a network
	When defining and creating networks, we have been checking to make
	sure there is only a single "default" portgroup, but haven't verified
	that no two portgroups have the same name. We *do* check for multiple
	definitions when updating the portgroups in an existing network
	though.

	This patch adds a check to networkValidate(), which is called when a
	network is defined or created, to disallow duplicate names. It would
	actually make sense to do this in the network XML parser (since it's
	not really "something that might make sense but isn't supported by
	this driver", but is instead "something that should never be
	allowed"), but doing that carries the danger of causing errors when
	rereading the config of existing networks when libvirtd is restarted
	after an upgrade, and that would result in networks disappearing from
	libvirt's list. (I'm thinking I should change the error to "XML_ERROR"
	instead of "UNSUPPORTED", even though that's not the type of error
	that networkValidate is intended for)

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1115858

2015-02-06  Ján Tomko  <jtomko@redhat.com>

	Error out when custom tap device path makes no sense
	It is only usable for NETWORK and BRIDGE type interfaces.
	Error out when trying to start a domain where the custom
	tap device path is specified for interfaces of other types,
	or when the daemon is not privileged.

	Note that this cannot be checked at definition time, because
	the comparison is against actual type.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147195

2015-02-06  Ján Tomko  <jtomko@redhat.com>

	Only parse custom vhost path for virtio interfaces
	It is only supported for virtio adapters.
	Silently drop it if it was specified for other models,
	as is done for other virtio attributes.

	Also mention this in the documentation.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147195

2015-02-06  Ján Tomko  <jtomko@redhat.com>

	Trivially support DomainHasManagedSaveImage
	Return 0 instead of ERR_NO_SUPPORT in each driver
	where we don't support managed save or -1 if
	the domain does not exist.

	This avoids spamming daemon logs when 'virsh dominfo' is run.

	https://bugzilla.redhat.com/show_bug.cgi?id=1095637

2015-02-06  Daniel P. Berrange  <berrange@redhat.com>

	qemu: include libvirt & QEMU versions in QEMU log files
	It is often helpful to know which version of libvirt and QEMU
	was present when a guest was first launched. Ensure this info
	is written into the QEMU log file for each guest.

2015-02-05  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: update dom->id in libxlDomainCreateWithFlags
	Otherwise domainCreateWithFlags via remote returns -1 as domid.

2015-02-05  John Ferlan  <jferlan@redhat.com>

	nodedev: check/add for scsi_host caps for NumOfCaps and ListCaps
	Commit id '652a2ec6' introduced two new node device capability flags
	and the ability to use those flags as a way to search for a specific
	subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'.
	The code modified the virNodeDeviceCapMatch whichs allows for searching
	using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices.

	However, the original patches did not account for other searches for
	the same capability key from virNodeDeviceNumOfCaps and virNodeDeviceListCaps
	using nodeDeviceNumOfCaps and nodeDeviceListCaps. Since 'fc_host' and
	'vports' are self defined bits of a 'scsi_host' device mere string
	comparison against the basic/root type is not sufficient.

	This patch adds the check for the 'fc_host' and 'vports' bits within
	a 'scsi_host' device and allows the following python code to find the
	capabilities for the device:

	import libvirt
	conn = libvirt.openReadOnly('qemu:///system')
	devs = conn.listAllDevices()
	for dev in devs:
	    if 'fc_host' in dev.listCaps() or 'vports' in dev.listCaps():
	        print dev.name(),dev.numOfCaps(),dev.listCaps()

2015-02-05  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	nodedev: check/add for scsi_host caps for ListDevices
	Commit id '652a2ec6' introduced two new node device capability flags
	and the ability to use those flags as a way to search for a specific
	subset of a 'scsi_host' device - namely a 'fc_host' and/or 'vports'.
	The code modified the virNodeDeviceCapMatch whichs allows for searching
	using the 'virsh nodedev-list [cap]' via virConnectListAllNodeDevices.

	However, the original patches did not account for other searches for
	the same capability key from virNodeListDevices using virNodeDeviceHasCap.
	Since 'fc_host' and 'vports' are self defined bits of a 'scsi_host'
	device mere string comparison against the basic/root type is not
	sufficient.

	This patch adds the check for the 'fc_host' and 'vports' bits within
	a 'scsi_host' device and allows the following python code to find the
	capabilities for the device:

	import libvirt
	conn = libvirt.openReadOnly('qemu:///system')
	fc = conn.listDevices('fc_host', 0)
	print(fc)
	fc = conn.listDevices('vports', 0)
	print(fc)

2015-02-05  Luyao Huang  <lhuang@redhat.com>

	qemu: Properly report error on uuid mismatch in the migration cookie
	Add the missing jump to the error label when the uuid in the
	migration cookie XML does not match the uuid of the migrated
	domain.

2015-02-04  Luyao Huang  <lhuang@redhat.com>

	lxc: fix double close handshakefds[1]

2015-02-04  Olivia Yin  <hong-hua.yin@freescale.com>

	cpu: add Freescale ppc64 CPU models
	With this patch, Freescale ppc64 CPU modesl could be recognized.

	virsh # cpu-models ppc64
	POWERPC_e6500
	POWERPC_e5500
	power8
	power8e
	power7+
	power7
	power6
	POWER8_v1.0
	POWER7+_v2.1
	POWER7_v2.3
	POWER7_v2.1
	POWER7

	virsh # capabilities
	<capabilities>
	  <host>
	    <uuid>5a54efa6-20dc-4da7-b271-0b7fb7062cb8</uuid>
	    <cpu>
	      <arch>ppc64</arch>
	      <model>POWERPC_e6500</model>
	      <vendor>Freescale</vendor>

2015-02-04  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix parsing of nbd:// URI without path
	If a storage file would be backed with a NBD device without path
	(nbd://localhost) libvirt would crash when parsing the backing path for
	the disk as the URI structure's path element is NULL in such case but
	the NBD parser would access it shamelessly.

	tests: virstoragetest: Switch backing chain test to use automatic numbering
	I'm going to add a few test cases so it's the best time to convert the
	test to automatic numbering.

2015-02-04  Luyao Huang  <lhuang@redhat.com>

	conf: Properly report error of unsupported input bus type
	https://bugzilla.redhat.com/show_bug.cgi?id=1188914

	Add a missing jump to the error label in case the input device bus is
	invalid.

2015-02-04  Luyao Huang  <lhuang@redhat.com>

	conf: Properly report error when an unsupported chr device name is passed
	Add the missing jump to thje error label. The error message shouldn't
	ever be triggered though as it's called only on pre-selected nodes.

2015-02-03  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh-volume: add support for --reflink
	Add support for --reflink to the virsh 'vol-create-from' and 'vol-clone'
	commands to signify usage of the VIR_STORAGE_VOL_CREATE_REFLINK flag in the
	ensuing virStorageVolCreateXMLFrom API call.

	Updated the man page to describe the new flag.

2015-02-03  Pavel Hrdina  <phrdina@redhat.com>

	virutil: fix MinGW build
	Commit b38da584 introduced two new functions to get a page size but it
	won't work on Windows. We should take care of this.

	virnetdev: fix some issues found by coverity and mingw builds
	Commit e562a61a introduced new function to get/set interface state but
	there was misuse of ATTRIBUTE_NONNULL on non-pointer attributes and also
	we need to wrap that functions by #ifdef to not break mingw build.

2015-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Make tests independant of system page size
	Some code paths have special logic depending on the page size
	reported by sysconf, which in turn affects the test results.
	We must mock this so tests always have a consistent page size.

2015-02-02  Laine Stump  <laine@laine.org>

	util: make virNetDev(Get|Set)IFFlags() static
	e562a61a0739 added these two new helper functions and only used them
	within virnetdev.c, but declared them in the .h file. If some
	currently unsupported interface flags need to be accessed in the
	future, it will make more sense to write the appropriate higher level
	function rather than require us to artificially define IFF_* on some
	mythical platform that doesn't have SIOC[SG]IFFLAGS (and therefore
	doesn't have IFF_*) just so we can call virNetDevSetIFFFlags() to
	return an error.

	To help someone in not going down the wrong road, this patch makes the
	two helper functions static, hopefully making it less likely that
	someone will want to use them outside of virnetdev.c.

2015-01-31  John Ferlan  <jferlan@redhat.com>

	storage: Need to clear pool prior to refreshPool during Autostart
	https://bugzilla.redhat.com/show_bug.cgi?id=1176510

	When storageDriverAutostart is called path virStateReload via a 'service
	libvirtd reload', then because the volume list in the pool wasn't cleared
	prior to the call, each volume would be listed multiple times (as many
	times as we reload). I believe the issue would be introduced by commit
	id '9e093f0b' at least for the libvirtd reload path, although I suppose
	the introduction of virStateReload (commit id '70da0494') could be a
	different cause.

	Thus like other places prior to calling refreshPool, we need to call
	virStoragePoolObjClearVols

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Don't combine old and modern NUMA node creation
	Change done by commit f309db1f4d51009bad0d32e12efc75530b66836b wrongly
	assumes that qemu can start with a combination of NUMA nodes specified
	with the "memdev" option and the appropriate backends, and the legacy
	way by specifying only "mem" as a size argument. QEMU rejects such
	commandline though:

	$ /usr/bin/qemu-system-x86_64 -S -M pc -m 1024 -smp 2 \
	-numa node,nodeid=0,cpus=0,mem=256 \
	-object memory-backend-ram,id=ram-node1,size=12345 \
	-numa node,nodeid=1,cpus=1,memdev=ram-node1
	qemu-system-x86_64: -numa node,nodeid=1,cpus=1,memdev=ram-node1: qemu: memdev option must be specified for either all or no nodes

	To fix this issue we need to check if any of the nodes requires the new
	definition with the backend and if so, then all other nodes have to use
	it too.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1182467

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Refactor NUMA backend object formatting to use JSON objs
	With the new JSON to argv formatter we are now able to represent the
	memory backend definitions in the JSON object format that is reusable
	for monitor use (hotplug) and then convert it into the shell string.
	This will avoid having two separate instances of the same code that
	would create the different formats.

	Previous refactors now allow to make this step without changes to the
	test suite.

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Switch to bytes when formatting size for memory backends
	QEMU's command line visitor as well as the JSON interface take bytes by
	default for memory object sizes. Convert mebibytes to bytes so that we
	can later refactor the existing code for hotplug purposes.

	qemu: command: Unify values for boolean values when formating memory backends
	QEMU's qapi visitor code allows yes/on/y for true and no/off/n for false
	value of boolean properities. Unify the used style so that we can
	generate it later and fix test cases.

	qemu: command: Shuffle around formating of alias for memory backend objs
	Move the alias as the second formated argument and tweak the tests so
	that a future refactor that will change the order doesn't break tests.

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: Extract code to setup memory backing objects
	Extract the memory backend device code into a separate function so that
	it can be later easily refactored and reused.

	Few small changes for future reusability, namely:
	- new (currently unused) parameter for user specified page size
	- size of the memory is specified in kibibytes, divided up in the
	function
	- new (currently unused) parameter for user specifed source nodeset
	- option to enforce capability check

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Add helper to format -object strings from JSON representation
	Unlike -device, qemu uses a JSON object to add backend "objects" via the
	monitor rather than the string that would be passed on the commandline.

	To be able to reuse code parts that configure backends for various
	devices, this patch adds a helper that will allow generating the command
	line representations from the JSON property object.

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	util: json: add helper to iterate JSON object key=value pairs
	This helper eases iterating all key=value pairs stored in a JSON
	object. Usually we pick only certain known keys from a JSON object, but
	this will allow to walk complete objects and have the callback act on
	those.

	util: json: Add functions to convert JSON arrays from/to virBitmaps
	To be able to easily represent nodesets and other data stored in
	virBitmaps in libvirt, this patch introduces a set of helpers that allow
	to convert the bitmap to and from JSON value objects.

	util: bitmap: Add option to allocate bitmap without reporting error
	The virBitmapNew() function reports only OOM errors. Split out the
	internals into a "quiet" function and add a wrapper that reports the
	error.

	util: json: make value object creator universal by supporting adding
	To allow constructing of value objects stepwise explode the helper into
	separate steps and allow appending into existing value objects.

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	test: utils: Add helpers for automatic numbering of test cases
	Adding or reordering test cases is usually a pain due to static test
	case names that are then passed to virtTestRun(). To ease the numbering
	of test cases, this patch adds two simple helpers that generate the test
	names according to the order they are run. The test name can be
	configured via the reset function.

	This will allow us to freely add test cases in middle of test groups
	without the need to re-number the rest of test cases.

2015-01-31  Peter Krempa  <pkrempa@redhat.com>

	conf: numatune: Extract code for requesting memory nodeset from formatting
	Extract the logic to determine which nodeset has to be used for a domain
	from the formatting step so that it can be reused separately when the
	nodeset is used in a different way.

2015-01-30  Michal Privoznik  <mprivozn@redhat.com>

	xend: Don't crash in virDomainXMLDevID
	The function is called from all {Attach,Update,Detach}Device APIs to
	create config strings that are later passed to the xend to perform the
	desired action. The function is intended to handle all supported
	devices. However, as of 5b05358abacb1029fa0d61f72decacf0d4fd8ffb we
	are trying to get disk driver of the device without checking if the
	device really is a disk. This leads to an segmentation fault:

	  #0 0x00007ffff7571815 in virDomainDiskGetDriver () from /usr/lib/libvirt.so.0
	  #1 0x00007fffeb9ad471 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #2 0x00007fffeb9b1062 in xenDaemonAttachDeviceFlags () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #3 0x00007fffeb9a8a86 in ?? () from /usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	  #4 0x00007ffff7609266 in virDomainAttachDevice () from /usr/lib/libvirt.so.0
	  #5 0x0000555555593c9d in ?? ()
	  #6 0x00007ffff76743c9 in virNetServerProgramDispatch () from /usr/lib/libvirt.so.0
	  #7 0x00005555555a678d in ?? ()
	  #8 0x00007ffff755460e in ?? () from /usr/lib/libvirt.so.0
	  #9 0x00007ffff7553b06 in ?? () from /usr/lib/libvirt.so.0
	  #10 0x00007ffff4998b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
	  #11 0x00007ffff46e30ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
	  #12 0x0000000000000000 in ?? ()

	Reported-by: Xiaolin Su <linxxnil@126.com>

2015-01-30  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't mangle vcpu placement randomly
	https://bugzilla.redhat.com/show_bug.cgi?id=1170492

	In one of our previous commits (dc8b7ce7) we've done a functional
	change even though it was intended as pure refactor. The problem is,
	that the following XML:

	 <vcpu placement='static' current='2'>6</vcpu>
	 <cputune>
	   <emulatorpin cpuset='1-3'/>
	 </cputune>
	 <numatune>
	   <memory mode='strict' placement='auto'/>
	 </numatune>

	gets translated into this one:

	 <vcpu placement='auto' current='2'>6</vcpu>
	 <cputune>
	   <emulatorpin cpuset='1-3'/>
	 </cputune>
	 <numatune>
	   <memory mode='strict' placement='auto'/>
	 </numatune>

	We should not change the vcpu placement mode. Moreover, we're doing
	something similar in case of emulatorpin and iothreadpin. If they were
	set, but vcpu placement was auto, we've mistakenly removed them from
	the domain XML even though we are able to set them independently on
	vcpus.

2015-01-30  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	qemu: change macvtap device options in response to NIC_RX_FILTER_CHANGED
	This patch enables synchronization of the host macvtap
	device options with the guest device's in response to the
	NIC_RX_FILTER_CHANGED event.

	The following device options will be synchronized:
	* PROMISC
	* MULTICAST
	* ALLMULTI

2015-01-30  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	util: Functions for getting/setting device options
	This patch provides the utility functions needed to synchronize
	the rxfilter changes made to a guest domain with the corresponding
	macvtap devices on the host:

	* Get/set PROMISC flag
	* Get/set ALLMULTI, MULTICAST

2015-01-29  John Ferlan  <jferlan@redhat.com>

	qemu: Don't unconditionally delete file in qemuOpenFileAs
	https://bugzilla.redhat.com/show_bug.cgi?id=1158034

	If we're expecting to create a file somewhere and that fails for some
	reason during qemuOpenFileAs, then we unlink the path we're attempting
	to create leaving no way to determine what the "existing" privileges,
	protections, or labels are that caused the failure (open, change owner
	and group, change mode, etc.).

	Furthermore, if we fall into the path where we'll be opening / creating
	the file using VIR_FILE_OPEN_FORK, we need to first unlink/delete the file
	we created in the first path; otherwise, the attempt by the child process
	to open as some specific user:group may fail because the file was already
	created using nfsnobody:nfsnobody. Again, if we didn't create the file we
	don't want to blindly delete what already exists. Thus, a second reason for
	the original check to set need_unlink to false when we find the file with
	CREAT set, but already existing.

2015-01-29  John Ferlan  <jferlan@redhat.com>

	virfile: Need to check for ENOTCONN from recvfd failure
	A gnulib change (commit id 'beae0bdc') causes ENOTCONN to be returned
	from recvfd which causes us to fall into the throwaway waitpid() call
	and return ENOTCONN to the caller, this then gets displayed during
	a 'virsh save' when using a root squashed NFS environment that's trying
	to save the file as something other than root:root.

	This patch will add the additional check for ENOTCONN to force the code
	into the waitpid loop looking for the actual status from the _exit()'d
	child fork.

2015-01-29  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust EndAsyncJob for qemuDomainSaveInternal error path
	Commit id '540c339a' to fix issues with reference counting and transient
	domains moved the qemuDomainObjEndAsyncJob call prior to the attempt to
	restart the guest CPU's resulting in an error:

	    error: Failed to save domain rhel70 to /tmp/pl/rhel70.save
	    error: internal error: unexpected async job 3

	when (ret != 0) - eg, the error path from qemuDomainSaveMemory.

	This patch will adjust the logic to call the EndAsyncJob only after
	we've tried to restart the guest CPUs. It also needs to adjust the
	test for qemuDomainRemoveInactive to add the ret == 0 condition.

	Additionally, if we get to endjob: because of some error earlier, then
	we need to save that error in the event the CPU restart logic fails.
	We don't want to return the error from CPU restart failure, rather we
	want to return the error from the failed save that caused us to fall
	into the retry to start the CPU logic.

2015-01-29  Michal Privoznik  <mprivozn@redhat.com>

	schemas: Allow all generic elements and attributes for all interfaces
	There are some interface types (notably 'server' and 'client')
	which instead of allowing the default set of elements and
	attributes (like the rest do), try to enumerate only the elements
	they know of. This way it's, however, easy to miss something. For
	instance, the <address/> element was not mentioned at all. This
	resulted in a strange behavior: when such interface was added
	into XML, the address was automatically generated by parsing
	code. Later, the formatted XML hasn't passed the RNG schema. This
	became more visible once we've turned on the XML validation on
	domain XML changes: appending an empty line at the end of
	formatted XML (to trick virsh think the XML had changed) made
	libvirt to refuse the very same XML it formatted.

	Instead of trying to find each element and attribute we are
	missing in the schema, lets just allow all the elements and
	attributes like we're doing that for the rest of types. It's no
	harm if the schema is wider than our parser allows.

2015-01-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Add AAVMF to the list of known UEFIs
	Well, even though users can pass the list of UEFI:NVRAM pairs at the
	configure time, we may maintain the list of widely available UEFI
	ourselves too. And as arm64 begin to rises, OVMF was ported there too.
	With a slight name change - it's called AAVMF, with AAVMF_CODE.fd
	being the UEFI firmware and AAVMF_VARS.fd being the NVRAM store file.

	qemu: Allow UEFI paths to be specified at compile time
	Up until now there are just two ways how to specify UEFI paths to
	libvirt. The first one is editing qemu.conf, the other is editing
	qemu_conf.c and recompile which is not that fancy. So, new
	configure option is introduced: --with-loader-nvram which takes a
	list of pairs of UEFI firmware and NVRAM store. This way, the
	compiled in defaults can be passed during compile time without
	need to change the code itself.

2015-01-29  Ján Tomko  <jtomko@redhat.com>

	Fix syntax-check
	My commit 08d1ae1 broke syntax-check by adding ATTRIBUTE_UNUSED
	to the flags parameter.

	Rename the parameter to unused_flags to bypass the check.

2015-01-29  Ján Tomko  <jtomko@redhat.com>

	Remove flag checking in MacVLanCreate helper stub
	When compiling without WITH_MACVTAP, we can get:
	'unsupported flags (0x1) in function
	virNetDevMacVLanCreateWithVPortProfile'
	on an attempt to start a domain.

	Remove the flag check to reach the more helpful error:
	Cannot create macvlan devices on this platform

	https://bugzilla.redhat.com/show_bug.cgi?id=1186928

2015-01-29  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Document behavior of some blkdeviotune's flags when querying
	--live and --config can't be specified together when querying the
	configuration, but are valid when setting. The man page was hinting that
	they are valid always.

	util: bitmap: Tolerate NULL bitmaps in virBitmapEqual
	After virBitmapEqual is able to compare NULL bitmaps few bits of code
	can be cleaned up.

2015-01-28  John Ferlan  <jferlan@redhat.com>

	storage: Check the partition name against provided name
	https://bugzilla.redhat.com/show_bug.cgi?id=1138516

	If the provided volume name doesn't match what parted generated as the
	partition name, then return a failure.

	Update virsh.pod and formatstorage.html.in to describe the 'name' restriction
	for disk pools as well as the usage of the <target>'s <format type='value'>.

2015-01-28  John Ferlan  <jferlan@redhat.com>

	storage: When delete extended partition, need to refresh pool
	When removing a volume that is the extended partition, all the logical
	volume partitions that exist within the extended partition will also be
	removed, so we need to refresh the pool to have the updated list

2015-01-28  John Ferlan  <jferlan@redhat.com>

	storage: Adjust how to refresh extended partition disk data
	During virStorageBackendDiskMakeDataVol processing, if we find an extended
	partition, then handle it specially when updating the capacity/allocation
	rather than calling virStorageBackendUpdateVolInfo.

	As it turns out, once a logical partition exists, any attempt to refresh
	the pool or after libvirtd restart/reload will result in a failure to open
	the extended partition device resulting in the inability to start the pool.
	The downside to this is we will lose the <permissions> and <timestamps> for
	the extended partition upon subsequent restart, refresh, reload since the
	stat() in virStorageBackendUpdateVolTargetInfoFD will not be called. However,
	since it's really only a container and shouldn't directly be used for
	storage that seems reasonable.

	Therefore, only use the existing code that already had a comment about
	getting the allocation wrong for extended partitions for just the setting
	of the extended partition data.

2015-01-28  John Ferlan  <jferlan@redhat.com>

	storage: Fix check for partition type for disk backing volumes
	While checking the existing partitions in virStorageBackendDiskPartFormat,
	the code would erroneously compare the volume target format type (eg, the
	virStoragePartedFsType) rather than the source partition type (eg, the
	virStorageVolTypeDisk) which is set during virStorageBackendDiskReadPartitions.

	storage: Attempt error recovery in virStorageBackendDiskCreateVol
	During virStorageBackendDiskCreateVol if virStorageBackendDiskReadPartitions
	fails, then we were leaving with an error and a partition on the disk for
	which there was no corresponding volume and used space on the disk which
	could be reclaimable through direct parted activity. On a subsequent restart,
	reload, or refresh the volume may magically appear too.

	storage: Move virStorageBackendDiskDeleteVol
	Move the API to before virStorageBackendDiskCreateVol in order to be
	able to call the DeleteVol API when virStorageBackendDiskReadPartitions
	fails so that we don't by chance leave a partition on the disk.

2015-01-28  Pavel Hrdina  <phrdina@redhat.com>

	libvirt.spec: remove vbox storage and network .so files
	Commit 55ea7be7 removed separated modules for vbox_network and
	vbox_storage drivers but forget to update libvirt.spec.in file. This
	patch will fix rpm build.

2015-01-28  Luyao Huang  <lhuang@redhat.com>

	qemu: fix cannot set graphic passwd via qemuDomainSaveImageDefineXML
	https://bugzilla.redhat.com/show_bug.cgi?id=1183890

	When we try to update a xml to a image file, we will clear the
	graphics passwd settings, because we do not pass VIR_DOMAIN_XML_SECURE
	to qemuDomainDefCopy, qemuDomainDefFormatBuf won't format the passwd.

	Add VIR_DOMAIN_XML_SECURE flag when we call qemuDomainDefCopy
	in qemuDomainSaveImageUpdateDef.

2015-01-28  Ján Tomko  <jtomko@redhat.com>

	hotplug: only add a chardev to vmdef after monitor call
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024

	This way the device is in vmdef only if ret = 0 and the caller
	(qemuDomainAttachDeviceFlags) does not free it.

	Otherwise it might get double freed by qemuProcessStop
	and qemuDomainAttachDeviceFlags if the domain crashed
	in monitor after we've added it to vm->def.

2015-01-27  Ján Tomko  <jtomko@redhat.com>

	Split qemuDomainChrInsert into two parts
	Do the allocation first, then add the actual device.
	The second part should never fail. This is good
	for live hotplug where we don't want to remove the device
	on OOM after the monitor command succeeded.

	The only change in behavior is that on failure, the
	vmdef->consoles array is freed, not just the first console.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: report veth device indexes to systemd
	Record the index of each host-side veth device created and report
	them to systemd, so they show up in machinectl status for the VM.

	lxc-shell(95449419f969d649d9962566ec42af7d)
	     Since: Fri 2015-01-16 16:53:37 GMT; 3s ago
	    Leader: 28085 (sh)
	   Service: libvirt-lxc; class container
	     Iface: vnet0
	   Address: fe80::216:3eff:fe00:c317%124
	        OS: Fedora 21 (Twenty One)
	      Unit: machine-lxc\x2dshell.scope
	            └─28085 /bin/sh

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: more logging during startup paths
	Add more logging to the lxc controller and container files to
	facilitate debugging startup problems. Also make it clear when
	the container is going to close stdout and thus no longer do
	any logging.

	lxc: delay setup of cgroup until we have the init pid
	Don't create the cgroups ahead of launching the container since
	there is no need for the limits to apply during initial bootstrap.
	Create the cgroup after the container PID is known and tell
	systemd the initpid is the leader, instead of the controller
	pid.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: only write XML once for lxc controller
	Currently when launching the LXC controller we first write out
	the plain, inactive XML configuration, then launch the controller,
	then replace the file with the live status XML configuration.
	By good fortune this hasn't caused any problems other than some
	misleading error messages during failure scenarios.

	This simplifies the code so it only writes out the XML once and
	always writes the live status XML. To do this we need to handshake
	with the child process, to make execution pause just before exec()
	so we can write the XML status with the child PID present.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: re-arrange startup synchronization sequence with controller
	Currently the lxc controller process itself is responsible for
	daemonizing itself into the background and writing out its pid
	file. The lxc driver would fork the controller and then attempt
	to connect to the lxc monitor. This connection would only
	succeed after the controller has backgrounded itself, setup
	cgroups and written its pid file, so startup was race free.

	The problem is that we need to delay create of the cgroups to
	much later, such that we can tell systemd the container init
	pid when we create the cgroups. If we delay cgroup creation
	though the current synchronization won't work.

	A second problem is that the controller needs the XML config
	of the guest. Currently we write out the plain virDomainDefPtr
	XML before starting the controller, and then later replace it
	with the full virDomainObjPtr status XML. This is kind of gross
	and also means that the controller doesn't get a record of the
	live XML config right away. This means it doesn't have a record
	of the veth device names either and so can't give that info
	to systemd when creating the cgroups.

	To address this we change the startup sequencing. The goal
	is that we want to get the PID as soon as possible, before
	the LXC controller even starts. So we stop letting the LXC
	controller daemonize itself, and instead use virCommand's
	built-in capabilities. This daemonizes and writes the PID
	before LXC controller is exec'd. So the driver can read
	the PID as soon as virCommandRun returns. It is no longer
	safe to connect to the monitor or detect the cgroups though.

	Fortunately the LXC controller already has a second point
	of synchronization. Immediately before its  event loop
	starts running, it performs a handshake with the driver.
	So we move the opening of the monitor connection and cgroup
	detection after this synchronization point.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	lxc: don't build pidfile string multiple times
	Build the pidfile string once when starting a guest and then
	use the same string thereafter. This will benefit following
	patches which need the pidfile string in more situations.

	systemd: don't report an error if the guest is already terminated
	In many cases where we invoke virSystemdTerminateMachine the
	process(es) will have already gone away on their own accord.
	In these cases we log an error message that the machine does
	not exist. We should catch this particular error and simply
	ignore it, so we don't pollute the logs.

	qemu: report TAP device indexes to systemd
	Record the index of each TAP device created and report them to
	systemd, so they show up in machinectl status for the VM.

2015-01-27  Ján Tomko  <jtomko@redhat.com>

	Fix shadowed variable warning
	libvirtd.c: In function 'daemonSetupAccessManager':
	libvirtd.c:730:18: error: declaration of 'driver' shadows
	  a global declaration [-Werror=shadow]
	     const char **driver = (const char **)config->access_drivers;
	                  ^
	In file included from libvirtd.c:95:0:
	../src/node_device/node_device_driver.h:43:36: error: shadowed
	  declaration is here [-Werror=shadow]
	 extern virNodeDeviceDriverStatePtr driver;
	                                    ^

2015-01-27  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage: add a flag to clone files on btrfs
	When creating a RAW file, we don't take advantage
	of clone of btrfs.

	Add a VIR_STORAGE_VOL_CREATE_REFLINK flag to request
	a reflink copy.

2015-01-27  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage: introduce btrfsCloneFile() for COW copy
	Add a wrapper for BTRFS_IOC_CLONE ioctl.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	Removing probing of secondary drivers
	For stateless, client side drivers, it is never correct to
	probe for secondary drivers. It is only ever appropriate to
	use the secondary driver that is associated with the
	hypervisor in question. As a result the ESX & HyperV drivers
	have both been forced to do hacks where they register no-op
	drivers for the ones they don't implement.

	For stateful, server side drivers, we always just want to
	use the same built-in shared driver. The exception is
	virtualbox which is really a stateless driver and so wants
	to use its own server side secondary drivers. To deal with
	this virtualbox has to be built as 3 separate loadable
	modules to allow registration to work in the right order.

	This can all be simplified by introducing a new struct
	recording the precise set of secondary drivers each
	hypervisor driver wants

	struct _virConnectDriver {
	    virHypervisorDriverPtr hypervisorDriver;
	    virInterfaceDriverPtr interfaceDriver;
	    virNetworkDriverPtr networkDriver;
	    virNodeDeviceDriverPtr nodeDeviceDriver;
	    virNWFilterDriverPtr nwfilterDriver;
	    virSecretDriverPtr secretDriver;
	    virStorageDriverPtr storageDriver;
	};

	Instead of registering the hypervisor driver, we now
	just register a virConnectDriver instead. This allows
	us to remove all probing of secondary drivers. Once we
	have chosen the primary driver, we immediately know the
	correct secondary drivers to use.

2015-01-27  Daniel P. Berrange  <berrange@redhat.com>

	don't disable state driver when libvirtd is not built
	A bunch of code is wrapped in #if WITH_LIBVIRTD in order to
	enable the virStateDriver to be disabled when libvirtd is not
	built. Disabling this code doesn't have any real functional
	benefit beyond removing 1 pointer from the virConnectPtr struct,
	while having a cost of many more conditionals.

	Remove all secondary driver private data fields
	Now all drivers are converted to use their global state
	directly, there is no need for private data fields for
	the secondary drivers in virConnectPtr

	Remove use of interfacePrivateData from udev driver
	The udev driver can be implemented using global state instead
	of the connect private data.

	Remove use of nodeDevicePrivateData from nodeDev driver
	The node device driver can rely on its global state instead
	of the connect private data.

	Remove use of storagePrivateData/networkPrivateData from vbox
	The vbox driver can use the main hypervisor private data and
	so does not need to use the storage/network private data fields.

	Remove use of nwfilterPrivateData from nwfilter driver
	The nwfilter driver can rely on its global state instead
	of the connect private data.

	Remove use of secretPrivateData from secret driver
	The secret driver can rely on its global state instead
	of the connect private data.

2015-01-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix job handling in qemuDomainSetMetadata
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job type in qemuDomainGetBlockIoTune
	The function just queries status so there's no need for a MODIFY type
	job.

	qemu: Fix job handling in qemuDomainSetSchedulerParametersFlags
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job handling in qemuDomainSetMemoryParameters
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

2015-01-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix job handling in qemuDomainSetAutostart
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	This patch also fixes a few very long lines of code around the touched
	parts.

2015-01-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix job handling in qemuDomainPinEmulator
	The code modifies the domain configuration but doesn't take a MODIFY
	type job to do so.

	qemu: Fix job handling in qemuDomainPinVcpuFlags
	The domain modifies the domain configuration but doesn't take a MODIFY
	type job to do it.

	Post-release version bump for new dev cycle

2015-01-27  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.12
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: regenerated the po

2015-01-26  Michal Privoznik  <mprivozn@redhat.com>

	tests: Check for virQEMUDriverConfigNew return value
	The function may return NULL if something went wrong. In some places
	in the tests we are not checking the return value rather than
	accessing the pointer directly resulting in SIGSEGV.

2015-01-26  Ján Tomko  <jtomko@redhat.com>

	Fix a memory leak in virCgroupGetPercpuStats
	Coverity reports that my commit af1c98e introduced
	two memory leaks:
	the cpumap if ncpus == 0 in virCgroupGetPercpuStats
	and the params array in the test of the function.

2015-01-26  Ján Tomko  <jtomko@redhat.com>

	Use correct location for qcow1 encryption header
	After the 8-byte size header, there are two one-byte headers
	and two bytes of padding before the crypt_header field.

	Our QCOW1_HDR_CRYPT constant did not skip the padding.
	http://git.qemu.org/?p=qemu.git;a=blob;f=block/qcow.c;h=ece22697#l41

	https://bugzilla.redhat.com/show_bug.cgi?id=1185165

2015-01-26  Daniel P. Berrange  <berrange@redhat.com>

	systemd: avoid string comparisons on dbus error messages
	Add a virDBusErrorIsUnknownMethod helper so that callers
	don't need todo string comparisons themselves to detect
	standard error names.

2015-01-26  Daniel P. Berrange  <berrange@redhat.com>

	systemd: fix build without dbus
	The virDBusMethodCall method has a DBusError as one of its
	parameters. If the caller wants to pass a non-NULL value
	for this, it immediately makes the calling code require
	DBus at build time. This has led to breakage of non-DBus
	builds several times. It is desirable that only the virdbus.c
	file should need WITH_DBUS conditionals, so we must ideally
	remove the DBusError parameter from the method.

	We can't simply raise a libvirt error, since the whole point
	of this parameter is to give the callers a way to check if
	the error is one they want to ignore, without having the logs
	polluted with an error message. So, we add a virErrorPtr
	parameter which the caller can then either ignore or raise
	using the new virReportErrorObject method.

	This new method is distinct from virSetError in that it
	ensures the logging hooks are run.

2015-01-23  Richard W.M. Jones  <rjones@redhat.com>

	aarch64: Support versioned machine types.
	For distros that want to add versioned machine types, they will add
	(downstream) machine types like "virt-foo-1.2.3".  Detect these as
	MMIO too.

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: Add check for PCI bridge placement if there are too many PCI devices
	Previous patch of this series fixed the issue with adding a new PCI bridge
	when all the slots were reserved by devices with user specified addresses.
	In case there are still some PCI devices waiting to get a slot reserved
	by qemuAssignDevicePCISlots, this means a new bus needs to be
	created along with a corresponding bridge controller. By adding an
	additional check, this scenario now results in a reasonable error
	instead of generating wrong qemu command line.

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix auto-adding PCI bridge when all slots are reserved
	Commit 93c8ca tried to fix the issue with auto-adding of a PCI bridge
	controller, but didn't work properly in all scenarios.

	This patch provides a better fix of the issue when all slots on a PCI bus
	are reserved by devices with user specified addresses and no additional
	bridges need to be created.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: move PCI slot assignment for PIIX3, Q35 into a separate function
	In order to be able to test for fully reserved PCI buses, assignment of
	PCI slots for integrated devices needs to be moved to a separate function.
	This also might be a good preparation if we decide to add support for
	other chipsets as well.

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: reorder PCI slot assignment functions
	Move qemuDomainAssignPCIAddresses after the definition
	of the static function qemuDomainValidateDevicePCISlotsQ35.

	This lets us define a new static function using
	qemuDomainValidateDevicePCISlots* and use it in
	qemuDomainAssignPCIAddresses without a forward declaration.

2015-01-23  Peter Krempa  <pkrempa@redhat.com>

	schemas: Move definition of 'hexuint' to basictypes
	Allow reuse of the type.

	util: json: Make argument of virJSONValueArraySize const
	The function doesn't allow to modify the array in any way, thus the
	argument can be const.

	qemu: command: Honor const-correctnes in qemuBuildNumaArgStr
	@def is modified in the function indirectly although it's marked as
	const.

	conf: Fix comment mentioning actual type of @multi member of virDevicePCIAddress
	After refactor to use the virTristateSwitch enum the comment in the
	struct was not adjusted.

2015-01-23  Mike Latimer  <mlatimer@suse.com>

	Grant access to helpers
	Apparmor must not prevent access to required helper programs. The following
	helpers should be allowed to run in unconfined execution mode:

	 - libvirt_parthelper
	 - libvirt_iohelper

2015-01-23  Mike Latimer  <mlatimer@suse.com>

	Fix apparmor issues for tck
	The network and nwfilter tests contained in the libvirt-TCK testkit can fail
	unless access to raw network packets is granted. Without this access, the
	following apparmor error can be seen while running the tests:

	  apparmor="DENIED" operation="create" parent=1 profile="/usr/sbin/libvirtd"
	  pid=94731 comm="libvirtd" family="packet" sock_type="raw" protocol=768

2015-01-23  Mike Latimer  <mlatimer@suse.com>

	Fix apparmor issues for Xen
	In order for apparmor to work properly in Xen environments, the following
	access rights need to be allowed:

	 - Allow CAP_SYS_PACCT, which is required when resetting some multi-port
	   Broadcom cards by writting to the PCI config space

	 - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
	   this setting, an error 'Resource temporarily unavailable' can be seen
	   while attempting to mmap memory. At the same time, the following
	   apparmor message is seen:

	   apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
	   pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
	   capname="ipc_lock"

	 - Allow access to distribution specific directories:
	     /usr/{lib,lib64}/xen/bin

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	conf: virDomainDefMaybeAddController tweak return code
	Previously the function returned either -1 in case of an error or 0 on
	success. However, we should also distinguish between a case we
	successfully added a controller and a case there wasn't a need to add any
	controller

2015-01-23  Erik Skultety  <eskultet@redhat.com>

	qemu: Remove dead code in qemuDomainAssignPCIAddresses revert patch
	As it turned out, fix of dead code 419a22 changed the affected condition
	from "never true" to "always true", so better fix would be to change the
	return code of virDomainMaybeAddController from 0 to 1 if
	a new bridge has been added, thus distinguishing case when we didn't need to
	add any controller and case we successfully added one.

	The return code is changed in the next commit

2015-01-23  Ján Tomko  <jtomko@redhat.com>

	Fix build with older gcc
	My commit af1c98e4 broke the build on RHEL-6:
	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:566: error: nested extern declaration of
	'_gl_verify_function2' [-Wnested-externs]

	The only thing that needs checking is that the array size
	is at least EXPECTED_NCPUS, to prevent access beyond the array.

	We can ensure the minimum size also by specifying the array
	size upfront.

2015-01-22  Pavel Hrdina  <phrdina@redhat.com>

	esx_vi: fix possible segfault
	Clang found possible dereference of NULL pointer which is right.
	Function 'esxVI_LookupTaskInfoByTask' should find a task info. The issue
	is that we could return 0 and leave 'taksInfo' pointer NULL because if
	there is no match we simply end the search loop end set 'result' to 0.
	Every caller count on the fact that if the return value is 0 than it's
	safe to dereference 'taskInfo'. We should return 0 only in case we found
	something and the '*taskInfo' is not NULL.

	xenapi_driver: fix copy-paste typo
	Clang found that we are passing variable with wrong enum type to
	'xenapiCrashExitEnum2virDomainLifecycle' function. This is probably
	copy-paste typo as the correct variable exists in the code, but it isn't
	used.

2015-01-22  Ján Tomko  <jtomko@redhat.com>

	Fix virCgroupGetPercpuStats with non-continuous present CPUs
	Per-cpu stats are only shown for present CPUs in the cgroups,
	but we were only parsing the largest CPU number from
	/sys/devices/system/cpu/present and looking for stats even for
	non-present CPUs.
	This resulted in:
	internal error: cpuacct parse error

2015-01-22  Peter Krempa  <pkrempa@redhat.com>

	CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots
	The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
	appropriate permission for it. Found via code inspection while fixing
	permissions for save images.

	CVE-2015-0236: qemu: Check ACLs when dumping security info from save image
	The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the
	appropriate permission for it.

2015-01-22  Luyao Huang  <lhuang@redhat.com>

	qemu: output error when try to hotplug unsupported console type
	https://bugzilla.redhat.com/show_bug.cgi?id=1164627

	When using 'virsh attach-device' to hotplug an unsupported console type
	into a qemu guest the attachment would succeed as the command line
	formatter didn't report error in such case.

2015-01-21  Ján Tomko  <jtomko@redhat.com>

	qemu: format server interface without a listen address
	https://bugzilla.redhat.com/show_bug.cgi?id=1130390

	The listen address is not mandatory for <interface type='server'>
	but when it's not specified, we've been formatting it as:
	-netdev socket,listen=(null):5558,id=hostnet0
	which failed with:
	Device 'socket' could not be initialized

	Omit the address completely and only format the port in the listen
	attribute.

	Also fix the schema to allow specifying a model.

2015-01-21  Jim Fehlig  <jfehlig@suse.com>

	tests: fix xlconfigtest build failure
	When libvirt is configured --without-xen, building the xlconfigtest
	fails with

	  CCLD   xlconfigtest
	  /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../x86_64-linux-gnu/crt1.o
	  In function `_start': (.text+0x20): undefined reference to `main'
	  collect2: error: ld returned 1 exit status

	Introduced in commit 4ed5fb91 by too much copy and paste from
	xmconfigtest.

2015-01-20  Ján Tomko  <jtomko@redhat.com>

	Fix virCgroupNewMachine prototype on non-Linux
	Commit 318df5a changed the prototype of virCgroupNewMachine
	without adjusting the stub function for platforms without
	cgroups.

2015-01-20  Josh Stone  <jistone@redhat.com>

	network: Let domains be restricted to local DNS
	This adds a new "localOnly" attribute on the domain element of the
	network xml.  With this set to "yes", DNS requests under that domain
	will only be resolved by libvirt's dnsmasq, never forwarded upstream.

	This was how it worked before commit f69a6b987d616, and I found that
	functionality useful.  For example, I have my host's NetworkManager
	dnsmasq configured to forward that domain to libvirt's dnsmasq, so I can
	easily resolve guest names from outside.  But if libvirt's dnsmasq
	doesn't know a name and forwards it to the host, I'd get an endless
	forwarding loop.  Now I can set localOnly="yes" to prevent the loop.

2015-01-19  Gary R Hook  <grhookatwork@gmail.com>

	Make ZFS storage pool XML tests optional
	Do not run ZFS tests when ZFS is unsupported in the environment.

	The recent patch b4af40226d09adeaf9e33a1d6594c4e8ce7f771d adds tests
	to storagepoolxml2xmltest for the optional ZFS feature. When ZFS is
	not included in the configuration these tests should not / cannot be
	run. Modify the test source file to check for use of the feature and
	compile in the tests accordingly.

2015-01-19  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix docs about python bindings package
	Since the day we removed python bindings from the core repository, the
	documentation was missing that information.

	Reported-by: Lingyu Zhu <lynuszhu@gmail.com>

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	qemu_conf: check for duplicate security drivers
	Using the same driver multiple times is pointless and
	it can result in confusing errors:

	$ virsh start test
	error: Failed to start domain test
	error: internal error: security label already defined for VM

	https://bugzilla.redhat.com/show_bug.cgi?id=1153891

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	Always check return value of qemuDomainObjExitMonitor
	Depending on the context, either error out if the domain
	has disappeared in the meantime, or just ignore the value
	to allow marking the function as ATTRIBUTE_RETURN_CHECK.

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage after domain crash in monitor on device attach
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024

	If the domain crashed while we were in monitor,
	we cannot rely on the REALLOC done on live definition,
	since vm->def now points to the persistent definition.
	Skip adding the attached devices to domain definition
	if the domain crashed.

	In AttachChrDevice, the chardev was already added to the
	live definition and freed by qemuProcessStop in the case
	of a crash. Skip the device removal in that case.

	Also skip audit if the domain crashed in the meantime.

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage after domain crash in monitor on device detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1161024

	In the device type-specific functions, exit early
	if the domain has disappeared, because the cleanup
	should have been done by qemuProcessStop.

	Check the return value in processDeviceDeletedEvent
	and qemuProcessUpdateDevices.

	Skip audit and removing the device from live def because
	it has already been cleaned up.

2015-01-19  Ján Tomko  <jtomko@redhat.com>

	Simplify condition for formatting CPU features
	Commit adff345 added support for features to MODE_HOSTPASSTHROUGH
	as well. Since we support all modes now, the condition can be
	eliminated.

	Add an XML test for host-model CPU with features
	This was broken in a dowstream build due to a missing backport:
	https://bugzilla.redhat.com/show_bug.cgi?id=1182448

2015-01-16  Anthony PERARD  <anthony.perard@citrix.com>

	libxl: Set path to console on domain startup.
	The path to the pty of a Xen PV console is set only in
	virDomainOpenConsole. But this is done too late. A call to
	virDomainGetXMLDesc done before OpenConsole will not have the path to
	the pty, but a call after OpenConsole will.

	e.g. of the current issue.
	Starting a domain with '<console type="pty"/>'
	Then:
	virDomainGetXMLDesc():
	  <devices>
	    <console type='pty'>
	      <target type='xen' port='0'/>
	    </console>
	  </devices>
	virDomainOpenConsole()
	virDomainGetXMLDesc():
	  <devices>
	    <console type='pty' tty='/dev/pts/30'>
	      <source path='/dev/pts/30'/>
	      <target type='xen' port='0'/>
	    </console>
	  </devices>

	The patch intend to have the TTY path on the first call of GetXMLDesc.
	This is done by setting up the path at domain start up instead of in
	OpenConsole.

	https://bugzilla.redhat.com/show_bug.cgi?id=1170743

2015-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize use of -Wno-suggest-attribute=format pragma
	Many GCC versions don't understand -Wno-suggest-attribute=format
	so the pragma must only be used when supported

2015-01-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Coverity fix: properly check for 0 ipv6 address.

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create container from existing image
	It's possible to create a container with existing
	disk image as root filesystem. You need to remove
	existing disks from PCS VM config and then add a new
	one, pointing to your image. And then call PrlVm_RegEx
	with PRNVM_PRESERVE_DISK flag.

	With this patch you can create such container with
	something like this for new domain XML config:

	    <filesystem type='file' accessmode='passthrough'>
	      <driver type='ploop' format='ploop'/>
	      <source file='/path-to-image'/>
	      <target dir='/'/>
	    </filesystem>

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: allow to add filesystems to container
	Handle information about filesystems in domain config
	and add corresponding devices to container via
	parallels sdk.

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: commit with PVCF_DETACH_HDD_BUNDLE flag
	PCS removes disk image from filesystem, if you remove it
	from config. There is a special flag PVCF_DETACH_HDD_BUNDLE
	which allow to remove disk only from VM/CT config.

	If you call virDomainDefine and remove some disk from
	config it should be preserved, so call PrlVm_CommitEx
	always with flag PVCF_DETACH_HDD_BUNDLE.

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: dump info about container filesystems
	Obtain information about container's filesystems and
	store it in virDomainDef structure.

2015-01-16  Dmitry Guryanov  <dguryanov@parallels.com>

	add ploop fs driver type
	Ploop is a pseudo device which makeit possible to access
	to an image in a file as a block device. Like loop devices,
	but with additional features, like snapshots, write tracker
	and without double-caching.

	It used in PCS for containers and in OpenVZ. You can manage
	ploop devices and images with ploop utility
	(http://git.openvz.org/?p=ploop).

2015-01-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for enabling/disabling PMU
	This is used as a boolean parameter for the '-cpu' option.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178853

2015-01-16  Martin Kletzander  <mkletzan@redhat.com>

	docs, schema, conf: Add support for PMU feature
	Just a new feature that can be turned on/off.

	https://bugzilla.redhat.com/show_bug.cgi?id=1178853

2015-01-16  John Ferlan  <jferlan@redhat.com>

	network: Resolve Coverity FORWARD_NULL
	Commit id 'ca481a6f' added virNetworkRouteDefFree which may be called
	in an error path from lxcAddNetworkRouteDefinition with 'route = NULL'.
	So just add the (!def) at the top to resolve.

2015-01-16  Daniel P. Berrange  <berrange@redhat.com>

	virsh: add support for domain XML validation
	The 'virsh edit' command gets XML validation enabled by default,
	with a --skip-validate option to disable it. The 'virsh define'
	and 'virsh create' commands get a --validate option to enable
	it, to avoid regressions for existing scripts.

	The quality of error reporting from libxml2 varies depending
	on the type of XML error made. Sometimes it is quite clear
	and useful, other times it is obscure & inaccurate. At least
	the user will see an error now, rather than having their
	XML modification silently disappear.

2015-01-16  Erik Skultety  <eskultet@redhat.com>

	Add XML test for too many PCI devices on default PCI bus

	Remove dead code in qemuDomainAssignPCIAddresses
	We tested for positive return value from virDomainMaybeAddController,
	but it returns 0 or -1 only resulting in a dead code.

2015-01-16  Erik Skultety  <eskultet@redhat.com>

	qemu: Tweak auto adding PCI bridge controller when extending default PCI bus
	In case we find out, there are more PCI devices to be connected
	than there are available slots on the default PCI bus, we automatically add a
	new bus and a related PCI bridge controller as well. As there are no free slots
	left on the default PCI bus, PCI bridge controller gets a free slot on a
	newly created PCI bus which causes qemu to refuse to start the guest.
	This fix introduces a new function qemuDomainPCIBusFullyReserved which
	is checked right before we possibly try to reserve a slot for PCI bridge
	controller.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132900

2015-01-16  John Ferlan  <jferlan@redhat.com>

	domain_conf: Check errors from virSocketAddrFormat
	Commit id 'aa2cc721' added calls to virSocketAddrFormat but did not
	check for a NULL (error) return which could lead to bad output
	in the XML file.  Need to check for NULL return and cause failure.

	domain_conf: Resolve Coverity RESOURCE_LEAK
	Commit id 'aa2cc721' added call to virSocketAddrFormat
	and did not VIR_FREE() the returned memory.

2015-01-16  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virSocketAddrGetIpPrefix 0.0.0.0 and :: special cases
	If 0.0.0.0  or :: address is provided, then the returned prefix should
	be 0, for the default address.

	Use the network route definitions for domains

	Move code related to network routes to networkcommon_conf.[ch]
	Moving code for parsing and formatting network routes to
	networkcommon_conf helps reusing those routes for domains. The route
	definition has been hidden to help reducing the number of unnecessary
	checks in the format function.

	Move network route definition to networkcommon.rng
	Moving network route to the network common schema will allow reusing it.

	Fix ipv6 regex in RNG schemas to match '::'

2015-01-16  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkDefUpdateIPDHCPHost: Don't crash when updating network
	https://bugzilla.redhat.com/show_bug.cgi?id=1182486

	When updating a network and adding new ip-dhcp-host entry, the deamon
	may crash. The problem is, we iterate over existing <host/> entries
	trying to compare MAC addresses to see if there's already an existing
	rule. However, not all entries are required to have MAC address. For
	instance, the following is perfectly valid entry:

	<host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e'
	name='redhatipv6.redhat.com' ip='2001:db8:ca2:2::119'/>

	When the checking loop iterates over this, the entry's MAC address is
	accessed directly. Well, the fix is obvious - check if the address is
	defined before trying to compare it.

2015-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for schema validation when passing in XML
	The virDomainDefineXMLFlags and virDomainCreateXML APIs both
	gain new flags allowing them to be told to validate XML.
	This updates all the drivers to turn on validation in the
	XML parser when the flags are set

	Add virXMLValidateAgainstSchema helper method
	Add a helper method that can validate an XML document against
	an RNG schema

	Change int to size_t in size var for tap/vhost FDs
	A number of methods take an int for a parameter that indicates
	the size of an array. The correct type for array sizes is
	size_t

	Log dtrace/systemd probes at INFO level instead of DEBUG
	Every dtrace/systemd probe also include a libvirt log message.
	These are logged at level DEBUG currently, which means if you
	want to see all probes they are drowned by the rest of the
	DEBUG messages. Since we don't really use the INFO log level
	for much, it seems reasonable to suggest we log all probes at
	level INFO.

	Add systemd/dtrace probes for DBus APIs
	When debugging libvirt it is helpful to set probes around RPC
	calls. We already have probes for libvirt's native RPC layer,
	so it makes sense to add them for the DBus RPC layer too.

2015-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for systemd-machined CreateMachineWithNetwork
	systemd-machined introduced a new method CreateMachineWithNetwork
	that obsoletes CreateMachine. It expects to be given a list of
	VETH/TAP device indexes for the host side device(s) associated
	with a container/machine.

	This falls back to the old CreateMachine method when the new
	one is not supported.

2015-01-15  Luyao Huang  <lhuang@redhat.com>

	qemu: free priv->origname when qemuMigrationPrepareAny fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1181182

	When we meet error in qemuMigrationPrepareAny and goto
	cleanup with rc < 0, we forget clear the priv->origname and this
	will make this vm migrate fail next time because leave a wrong
	origname in  priv, and will Generate a wrong cookie when do
	migrate next time.

	This patch will make priv->origname is NULL when migrate fail
	in target host.

2015-01-14  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage while in monitor in qemu process
	Make local copy of the disk alias in qemuProcessInitPasswords,
	instead of referencing the one in domain definition, which
	might get freed if the domain crashes while we're in monitor.

	Also copy the memballoon period value.

2015-01-14  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage while in monitor in BlockStat* APIs
	Make a local copy of the disk alias instead of pointing
	to the domain definition, which might get freed if
	the domain dies while we're in monitor.

	Also exit early if that happens.

2015-01-14  Ján Tomko  <jtomko@redhat.com>

	Fix vmdef usage while in monitor in qemuDomainHotplugVcpus
	Exit the monitor right after we've done with it to get
	the virDomainObjPtr lock back, otherwise we might be accessing
	vm->def while it's being cleaned up by qemuProcessStop.

	If the domain crashed while we were in the monitor, exit
	early instead of changing vm->def which is now the persistent
	definition.

2015-01-14  Ján Tomko  <jtomko@redhat.com>

	Mark the domain as active in qemuhotplugtest
	This will allow us to call qemuDomainObjIsActive() in
	the tested functions to check if the domain has crashed.

2015-01-14  Ján Tomko  <jtomko@redhat.com>

	Check for domain liveness in qemuDomainObjExitMonitor
	The domain might disappear during the time in monitor when
	the virDomainObjPtr is unlocked, so the caller needs to check
	if it's still alive.

	Since most of the callers are going to need it, put the
	check inside qemuDomainObjExitMonitor and return -1 if
	the domain died in the meantime.

2015-01-14  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	check IOMMU group devices usage when preparing device for vfio passthrough
	The virsh start <domain> fails with qemu error when the hostdevices of the
	same iommu group are used actively by other vms. It is not clear which
	hostdev from the same iommu group is used by any of the running guests.
	User has to go through every guest xml to figure out who is using the
	hostdev of same iommu group.

	Solution:
	Iterate the iommu group of the hostdev and error our neatly in case a
	device in the same iommu group is busy. Reattach code also does the same
	kind of check, remove duplicate code as well.

2015-01-14  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	virpci: Implement virPCIDeviceGetAddress function
	Basically a getter function which is implemented for accessing the
	address fields in virPCIDevice.

2015-01-14  Kiarie Kahurani  <davidkiarie4@gmail.com>

	libxl: Add support for parsing/formating Xen XL config
	Now that xenconfig supports parsing and formatting Xen's
	XL config format, integrate it into the libxl driver's
	connectDomainXML{From,To}Native functions.

	tests: Tests for the xen-xl parser
	Add disk and spice config tests for the xen_xl config parser

2015-01-14  Jim Fehlig  <jfehlig@suse.com>

	Introduce support for parsing/formatting Xen xl config format
	Introduce a parser/formatter for the xl config format.  Since the
	deprecation of xm/xend, the VM config file format has diverged as
	new features are added to libxl.  This patch adds support for parsing
	and formating the xl config format.  It supports the existing xm config
	format, plus adds support for spice graphics and xl disk config syntax.

	Disk config is specified a bit differently in xl as compared to xm.  In
	xl, disk config consists of comma-separated positional parameters and
	keyword/value pairs separated by commas. Positional parameters are
	specified as follows

	   target, format, vdev, access

	Supported keys for key=value options are

	  devtype, backendtype

	The positional paramters can also be specified in key/value form.  For
	example the following xl disk config are equivalent

	    /dev/vg/guest-volume,,hda
	    /dev/vg/guest-volume,raw,hda,rw
	    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

	See $xen_sources/docs/misc/xl-disk-configuration.txt for more details.

	xl disk config is parsed with the help of xlu_disk_parse() from
	libxlutil, libxl's utility library.  Although the library exists
	in all Xen versions supported by the libxl virt driver, only
	recently has the corresponding header file been included.  A check
	for the header is done in configure.ac.  If not found, xlu_disk_parse()
	is declared externally.

2015-01-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: detect updated video ram size values from QEMU
	QEMU internally updates the size of video memory if the domain XML had
	provided too low memory size or there are some dependencies for a QXL
	devices 'vgamem' and 'ram' size. We need to know about the changes and
	store them into the status XML to not break migration or managedsave
	through different libvirt versions.

	The values would be loaded only if the "vgamem_mb" property exists for
	the device.  The presence of the "vgamem_mb" also tells that the
	"ram_size" and "vram_size" exists for QXL devices.

2015-01-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu_monitor: introduce new function to get QOM path
	The search is done recursively only through QOM object that has a type
	prefixed with "child<" as this indicate that the QOM is a parent for
	other QOM objects.

	The usage is that you give known device name with starting path where to
	search.

2015-01-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu_driver: fix setting vcpus for offline domain
	Commit e3435caf fixed hot-plugging of vcpus with strict memory pinning
	on NUMA hosts, but unfortunately it also broke updating number of vcpus
	for offline guests using our API.

	The issue is that we try to create a cpu cgroup for non-running guest
	which fails as there are no cgroups for that domain. We should create
	cgroups and update cpuset.mems only if we are hot-plugging.

2015-01-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu, lxc: Warn if setting QoS on unsupported vNIC types
	https://bugzilla.redhat.com/show_bug.cgi?id=1165993

	So, there are still plenty of vNIC types that we don't know how to set
	bandwidth on. Let's warn explicitly in case user has requested it
	instead of pretending everything was set.

2015-01-13  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: inactive external snapshot can't work after libvirtd restart
	When create inactive external snapshot, after update disk definitions,
	virDomainSaveConfig is needed, if not after restart libvirtd the new snapshot
	file definitions in xml will be lost.

	Reproduce steps:

	1. prepare a shut off guest
	$ virsh domstate rhel7 && virsh domblklist rhel7
	shut off

	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.img

	2. create external disk snapshot
	$ virsh snapshot-create rhel7 --disk-only && virsh domblklist rhel7
	Domain snapshot 1417882967 created
	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.1417882967

	3. restart libvirtd then check guest source file
	$ service  libvirtd restart && virsh domblklist rhel7
	Redirecting to /bin/systemctl restart  libvirtd.service
	Target     Source
	------------------------------------------------
	vda        /var/lib/libvirt/images/rhel7.img

	This was first reported by Eric Blake
	http://www.redhat.com/archives/libvir-list/2014-December/msg00369.html

2015-01-13  Michal Privoznik  <mprivozn@redhat.com>

	conf: Increase virNetDevBandwidthParse intelligence
	There's this function virNetDevBandwidthParse which parses the
	bandwidth XML snippet. But it's not clever much. For the
	following XML it allocates the virNetDevBandwidth structure even
	though it's completely empty:

	    <bandwidth>
	    </bandwidth>

	Later in the code there are some places where we check if
	bandwidth was set or not. And since we obtained pointer from the
	parsing function we think that it is when in fact it isn't.

2015-01-13  Daniel P. Berrange  <berrange@redhat.com>

	Give virDomainDef parser & formatter their own flags
	The virDomainDefParse* and virDomainDefFormat* methods both
	accept the VIR_DOMAIN_XML_* flags defined in the public API,
	along with a set of other VIR_DOMAIN_XML_INTERNAL_* flags
	defined in domain_conf.c.

	This is seriously confusing & error prone for a number of
	reasons:

	 - VIR_DOMAIN_XML_SECURE, VIR_DOMAIN_XML_MIGRATABLE and
	   VIR_DOMAIN_XML_UPDATE_CPU are only relevant for the
	   formatting operation
	 - Some of the VIR_DOMAIN_XML_INTERNAL_* flags only apply
	   to parse or to format, but not both.

	This patch cleanly separates out the flags. There are two
	distint VIR_DOMAIN_DEF_PARSE_* and VIR_DOMAIN_DEF_FORMAT_*
	flags that are used by the corresponding methods. The
	VIR_DOMAIN_XML_* flags received via public API calls must
	be converted to the VIR_DOMAIN_DEF_FORMAT_* flags where
	needed.

	The various calls to virDomainDefParse which hardcoded the
	use of the VIR_DOMAIN_XML_INACTIVE flag change to use the
	VIR_DOMAIN_DEF_PARSE_INACTIVE flag.

2015-01-13  Daniel P. Berrange  <berrange@redhat.com>

	Decouple CPU XML formatting from domain XML public API flags
	The virCPUDefFormat* methods were relying on the VIR_DOMAIN_XML_*
	flag definitions. It is not desirable for low level internal
	functions to be coupled to flags for the public API, since they
	may need to be called from several different contexts where the
	flags would not be appropriate.

2015-01-13  Michal Privoznik  <mprivozn@redhat.com>

	formatdomaincaps: Correctly format API reference
	Well, since the link to the virConnectGetDomainCapabilities API is in
	<pre/> section we must take special care about the spaces around the
	link.

	Acked-by: Laszlo Ersek <lersek@redhat.com>

2015-01-13  Eric Blake  <eblake@redhat.com>

	qemu: forbid second blockcommit during active commit
	https://bugzilla.redhat.com/show_bug.cgi?id=1135339 documents some
	confusing behavior when a user tries to start an inactive block
	commit in a second connection while there is already an on-going
	active commit from a first connection.  Eventually, qemu will
	support multiple simultaneous block jobs, but as of now, it does
	not; furthermore, libvirt also needs an overhaul before we can
	support simultaneous jobs.  So, the best way to avoid confusing
	ourselves is to quit relying on qemu to tell us about the situation
	(where we risk getting in weird states) and instead forbid a
	duplicate block commit ourselves.

	Note that we are still relying on qemu to diagnose attempts to
	interrupt an inactive commit (since we only track XML of an active
	commit), but as inactive commit is less confusing for libvirt to
	manage, there is less that can go wrong by leaving that detection
	up to qemu.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Hoist check for
	active commit to occur earlier outside of conditions.

2015-01-13  Daniel P. Berrange  <berrange@redhat.com>

	parallels: don't override error message when XML parsing fails
	The virDomainDefParseString method will report a suitable error
	on parsing fail, so don't replace that.

	Fix flags passed to virDomainDefParseString by XenAPI driver
	The XenAPI driver was passing the flags for
	virDomainCreateXML straight into the virDomainDefParseString
	method, even though they expect totally different sets of
	flags. It should have been using VIR_DOMAIN_XML_INACTIVE

	Don't use VIR_DOMAIN_XML_SECURE when parsing XML
	The VIR_DOMAIN_XML_SECURE flag only has effect on the formatting
	of XML so should not be passed to virDomainDefParseNode

	Add stub virDomainDefineXMLFlags impls
	Make sure every virt driver implements virDomainDefineXMLFlags
	by adding a trivial passthrough from the existing impl with
	no flags set.

	Add new virDomainDefineXMLFlags public API
	The virDomainDefineXML method is one of the few that still lacks
	an 'unsigned int flags' parameter. This will be needed for adding
	XML validation to this API. virDomainCreateXML fortunately already
	has flags.

2015-01-13  Luyao Huang  <lhuang@redhat.com>

	conf: fix crash when hotplug a channel chr device with no target
	https://bugzilla.redhat.com/show_bug.cgi?id=1181408

	When we try to hotplug a channel chr device with no target, we
	will get success (which should fail) in virDomainChrDefParseXML,
	because we use goto cleanup this place and return an incomplete
	definition (with no target). In qemuDomainAttachChrDevice,
	we add it to the domain definition, but fail to remove it from
	there when chardev-add fails, because virDomainChrRemove
	matches chardevices according to the target name.
	The device definition is then freed in qemuDomainAttachDeviceFlags,
	leaving a stale pointer in the domain definition.

2015-01-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow enabling/disabling features with host-passthrough
	QEMU supports feature specification with -cpu host and we just skip
	using that.  Since QEMU developers themselves would like to use this
	feature, this patch modifies the code to work.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1178850

2015-01-12  Jim Fehlig  <jfehlig@suse.com>

	Revert "src/xenconfig: Xen-xl parser"
	This reverts commit 2c78051a14acfb7aba078d569b1632dfe0ca0853.

	Conflicts:
		src/Makefile.am

2015-01-12  Jim Fehlig  <jfehlig@suse.com>

	Revert "tests: Tests for the xen-xl parser"
	This reverts commit 6b818d3b09f4e74ac2ea1d4020896be1e6871867.

	Revert "libxl: Add support for parsing/formating Xen XL config"
	This reverts commit 4f524212ce614e1ca84b34dd8330a48957c8f823.

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

2015-01-12  Jim Fehlig  <jfehlig@suse.com>

	Revert "build: fix xenconfig VPATH builds"
	This reverts commit 1b21d300691a78f73d94446616a6d1f9fd88991e.

	Conflicts:
		src/Makefile.am

2015-01-12  Jim Fehlig  <jfehlig@suse.com>

	Revert "Revert "src/Makefile.am: fix build breaker for xenconfig""
	This reverts commit e662968fd980158e8f8d8990bb43378dbc3d036a.

	Revert "src/Makefile: move the new xen_xl_disk parser code at the correct place"
	This reverts commit edacdb3d12256af4f6e31ec65c9dd4797fb3aa0d.

	Revert "src/Makefile: Fix parallel build after xen_xl_disk parser introduction"
	This reverts commit 533349ff43ddf091026fbcb0d9a714d9cc570dc7.

	Revert "bootstrap.conf: add check for flex"
	This reverts commit cab767831f74ec72809dacd07cb782a88a097f21.

2015-01-12  Guido Günther  <agx@sigxcpu.org>

	lxc: Move setting ifname_guest_actual to virLXCSetupInterfaces
	so it applies to interfaces of type 'direct' too.

	Reported and patch provided by Bastian Blank at

	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Fix test after change of qxl vgamem_mb default
	Well, apparently it's possible for a patch to sneak in through
	review process and break 'make check'. It happened just lately
	with 0e502466acb84a which changed the default of vgamem_mb for
	qxl device. However, there were left some domain XMLs within our
	test suite relying on the old default. These should be updated to
	match the change.

2015-01-12  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	cpu: Bugfix for s390 CPU driver to return a host CPU model
	The curent libvirt CPU driver for s390 does not return a host CPU model.
	This patch returns 'host' according to the other platforms that would
	not decode any CPU model.
	This is an intermediate bugfix due to a discussion on OpenStack mailing
	list. The final patch introducing the CPU model support for s390x will
	exchange the hard-coded decode method.

2015-01-12  John Ferlan  <jferlan@redhat.com>

	virconf: Resolve a possible memory leak in virConfSetValue
	Found this one by inspection... The API claims to "own" the input
	value even in the case of error.  However, in the initial entry
	to the API if the value exists, was STRING, but without a str value
	it just returned without freeing the 'value' which it claims to now
	own.  So I added the virConfFreeValue() call in order to resolve.

	openvz: Check errors from virSocketAddrFormat
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times; however, it did not account for the condition where a NULL is
	returned which will could lead to some interesting errors with multiple
	--ipadd's without parameters.

	openvz: Resolve Coverity RESOURCE_LEAK
	Commit id 'a4e86390' modified the command line to allow --ipadd multiple
	times, which caused Coverity to notice a latent memory leak with the
	'ipAddr' string not being VIR_FREE()'d

2015-01-12  Pavel Hrdina  <phrdina@redhat.com>

	qxl: change the default value for vgamem_mb to 16 MiB
	The default value should be 16 MiB instead of 8 MiB. Only really old
	version of upstream QEMU used the 8 MiB as default for vga framebuffer.

	Without this change if you update your libvirt where we introduced the
	"vgamem" attribute for QXL video device the value will be set to 8 MiB,
	but previously your guest had 16 MiB because we didn't pass any value to
	QEMU command line which means QEMU used its own 16 MiB as default.

	This will affect all users with guest's display resolution higher than
	1920x1080.

2015-01-12  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document some -boot option limitations on UEFI
	It was brought to my attention that some -boot options may not
	work with UEFI. For instance, rebootTimeout is very SeaBIOS
	specific,splash logo is not implemented yet on OVMF, and so on.
	We should document this limitation at least.

2015-01-12  Hao Liu  <hliu@redhat.com>

	virsh: Emit error for VSH_OT_DATA without VSH_OFLAG_REQ
	Commit 6b9964 enforces checking invalid use of VSH_OT_STRING with
	VSH_OFLAG_REQ. This commit tries to do the same thing to stop using
	VSH_OT_DATA without VSH_OFLAG_REQ and also fix existing misuse.

2015-01-12  Guido Günther  <agx@sigxcpu.org>

	lxc: Don't crash on NULL ifname_guest_actual
	Reported and patch provided by Bastian Blank at

	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769600

2015-01-09  Luyao Huang  <lhuang@redhat.com>

	conf: Correctly format controller's driver
	https://bugzilla.redhat.com/show_bug.cgi?id=1179684

	The way that we currently generate the <driver/> for <controller/> is
	just madness:

	    <controller type='scsi' index='0' model='virtio-scsi'>
	      <driver queues='12'/>
	      <driver cmd_per_lun='123'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	    </controller>

	It's obvious that we should be aiming at the following:

	    <controller type='scsi' index='0' model='virtio-scsi'>
	      <driver queues='12' cmd_per_lun='123'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
	    </controller>

2015-01-09  Ján Tomko  <jtomko@redhat.com>

	safezero: fall back to writing zeroes even when resizing
	Remove the resize flag and use the same code path for all callers.
	This flag was added by commit 18f0316 to allow virStorageFileResize
	use 'safezero' while preserving the behavior.

	Explicitly return -2 when a fallback to a different method should
	be done, to make the code path more obvious.

	Fail immediately when ftruncate fails in the mmap method,
	as we did before commit 18f0316.

2015-01-09  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Update description
	The 'pool-build' command description for --overwrite and --no-overwrite
	indicated usage for only 'filesystem' pools; however, the 'disk' pool
	also supports the flags as of commit id 'afa1029a'. So add a description
	for that usage.

2015-01-08  Eric Blake  <eblake@redhat.com>

	maint: in src/Makefile.am, $(top_srcdir)/src is verbose
	I noticed this while working on a previous commit.  Why should
	we be calling out '../src/' when it is sufficient to refer to just
	'./'?  Blind copy-and-paste runs rampant in this file :)

	* src/Makefile.am (INCLUDES, *_CFLAGS): Shorten to $(srcdir).

2015-01-08  Pavel Hrdina  <phrdina@redhat.com>

	bootstrap.conf: add check for flex
	We need the flex to generate new xen_xl_disk parser.

2015-01-08  Pavel Hrdina  <phrdina@redhat.com>

	src/Makefile: Fix parallel build after xen_xl_disk parser introduction
	Well, the parallel build doesn't work as there are not dependencies
	set correctly. When running 'make -j' I see this error:

	make[2]: Entering directory '/home/zippy/work/libvirt/libvirt.git/src'
	  GEN      util/virkeymaps.h
	  GEN      locking/lock_protocol.h
	make[2]: *** No rule to make target 'xenconfig/xen_xl_disk.h', needed by 'all'.  Stop.
	make[2]: *** Waiting for unfinished jobs....
	  GEN      lxc/lxc_controller_dispatch.h

	The fix is to correctly set dependencies by letting make know that .c
	and .h are to be generated from .l. Moreover, the section is moved
	closer to the other section which uses it.

2015-01-08  Pavel Hrdina  <phrdina@redhat.com>

	src/Makefile: move the new xen_xl_disk parser code at the correct place

	Revert "src/Makefile.am: fix build breaker for xenconfig"
	This reverts commit 703ef9667abf016ef1040eac296a81792b366932.

2015-01-08  Geoff Hickey  <ghickey@datagravity.com>

	vmx: Fix a VMX parsing problem
	VMware ESX does not always set the "serialX.fileType" tag in VMX files. The
	default value for this tag is "device", and when adding a new serial port
	of this type VMware will omit the fileType tag. This caused libvirt to
	fail to parse the VMX file. Fixed by making this tag optional and using
	"device" as a default value. Also updated vmx2xmltest to test for this
	case.

2015-01-08  Eric Blake  <eblake@redhat.com>

	build: fix xenconfig VPATH builds
	Ever since commit 2c78051 split out a helper library for the sake of
	changing CFLAGS, a VPATH build with xenconfig enabled has failed:

	  CC       xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo
	  ../../src/xenconfig/xen_xl_disk.l:37:21: fatal error: xen_xl.h: No such file or directory
	   # include "xen_xl.h"
	             ^
	  compilation terminated.
	  Makefile:9462: recipe for target 'xenconfig/libvirt_xenxldiskparser_la-xen_xl_disk.lo' failed

	The solution is to tell the build to look for xen_xl.h relative
	to $(srcdir), since we keep that file under version control.

	[Not fixed here - the raw use of -Wno-unused-parameter in CFLAGS
	is NOT portable; ideally, we should be doing a configure test
	and only supplying that argument when we know the compiler supports
	-Wunused-parameter; but that's a patch for another day]

	[Not fixed here - there are still issues with parallel builds hitting
	a race between generating the files and trying to compile/distribute
	them]

	* src/Makefile.am (libvirt_xenxldiskparser_la_CFLAGS): Add another
	include directory.

2015-01-07  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix system pages handling in <memoryBacking/>
	In one of my previous commits (311b4a67) I've tried to allow to
	pass regular system pages to <hugepages>. However, there was a
	little bug that wasn't caught. If domain has guest NUMA topology
	defined, qemuBuildNumaArgStr() function takes care of generating
	corresponding command line. The hugepages backing for guest NUMA
	nodes is handled there too. And here comes the bug: the hugepages
	setting from XML is stored in KiB internally, however, the system
	pages size was queried and stored in Bytes. So the check whether
	these two are equal was failing even if it shouldn't.

2015-01-07  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add support for icmpv6 filtering
	Make use of the ebtables functionality to be able to filter certain
	parameters of icmpv6 packets. Extend the XML parser for icmpv6 types,
	type ranges, codes, and code ranges. Extend the nwfilter documentation,
	schema, and test cases.

	Being able to filter icmpv6 types and codes helps extending the DHCP
	snooper for IPv6 and filtering at least some parameters of IPv6's NDP
	(Neighbor Discovery Protocol) packets. However, the filtering will not
	be as good as the filtering of ARP packets since we cannot
	check on IP addresses in the payload of the NDP packets.

2015-01-07  Ján Tomko  <jtomko@redhat.com>

	Indentation

2015-01-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't unref domain after exit from nested async job
	In commit 540c339a2535ec30d79e5ef84d8f50a17bc60723 the whole domain
	reference counting was refactored in the qemu driver. Domain jobs now
	don't need to reference the domain object as they now expect the
	reference from the calling function.

	However, the patch forgot to remove the unref call in case we exit the
	monitor when we were acquiring a nested job. This caused the daemon to
	crash on a subsequent access to the domain object once we've done an
	operation requiring a nested job for a monitor access.

	An easy reproducer case:

	1) Start a vm with qcow disks
	2) virsh snapshot-create-as DOMNAME
	3) virsh dumpxml DOMNAME
	4) daemon crashes in a semi-random spot while accessing a now-removed VM
	object.

	Fortunately, the commit wasn't released yet, so there are no security
	implications.

	Reported-by: Shanzi Yu <shyu@redhat.com>

2015-01-07  Luyao Huang  <lhuang@redhat.com>

	conf: Don't format actual network definition in migratable XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1177194

	When migrate a vm, we will generate a xml via qemuDomainDefFormatLive and
	pass this xml to target libvirtd. Libvirt will use the current network
	state in def->data.network.actual to generate the xml, this will make
	migrate failed when we set a network type guest interface use a macvtap
	network as a source in a vm then migrate vm to another host(which has the
	different macvtap network settings: different interface name, bridge name...)

	Add a flag check in virDomainNetDefFormat, if we set a VIR_DOMAIN_XML_MIGRATABLE
	flag when call virDomainNetDefFormat, we won't get the current vm interface
	state.

2015-01-07  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Add VNC hostname setup
	Add missing VNC setup via Parallels SDK.
	Parallels Cloud Server starts one VNC server per domain,
	so we could process only one VNC server definition.
	Network-based listening currently is unimplemented.

2015-01-06  Luyao Huang  <lhuang@redhat.com>

	qemu: Restore old bandwidth rules when setting new fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1177723

	When setting new bandwidth limits via
	virDomainSetInterfaceParameters, the old ones are cleared first.
	However, if setting the new ones fails, the old are already gone
	and interface is left in inconsistent state.  Therefore, right
	before failing we ought to try to restore the old bandwidth.

2015-01-06  Luyao Huang  <lhuang@redhat.com>

	qemu: fix miss goto cleanup in qemuDomainAttachNetDevice
	This place have a wrong logic, maybe forget goto cleanup.
	Also fix some small things.

2015-01-06  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	networkGetDHCPLeases: Remove unnecessary error reporting
	Lack of a lease (whether mac is given or not) is a normal expected
	scenario, since we are already filling in rv with nleases (which is
	okay as 0 if there is no lease).  There is no need to raise an error.

	This fixes:

	> virsh # net-dhcp-leases --mac 00:50:56:c0:00:01  default
	> error: Failed to get leases info for default
	> error: internal error: no lease with matching MAC address: 00:50:56:c0:00:01

2015-01-06  Luyao Huang  <lhuang@redhat.com>

	qemu: use a wrong name for guest panic status
	https://bugzilla.redhat.com/show_bug.cgi?id=1178652

	We will get a warning when we have a guest in paused
	status (caused by kernel panic) and restart libvirtd,
	warning message like this:

	Qemu reported unknown VM status: 'guest-panicked'

	and this seems because we set a wrong status name in
	qemu_monitor.c, and from qemu qapi-schema.json file
	we know this status should named 'guest-panicked'.

2015-01-06  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Another update is required to pick up today's gnulib fix for mingw
	builds (now that gnulib turns on mingw's replacement printf that
	understands %lld, it must also tell the compiler to respect the
	improved definition of PRIdMAX and friends).

	* .gnulib: Update to latest.

2015-01-06  Eric Blake  <eblake@redhat.com>

	virnetlink: fix build on non-Linux
	Commit 4dc04d3a added virNetlinkGetErrorCode, but forgot to provide
	a fallback, which kills the build on mingw (among others):

	  CCLD     libvirt.la
	  Cannot export virNetlinkGetErrorCode: symbol not defined
	  collect2: error: ld returned 1 exit status

	* src/util/virnetlink.c (virNetlinkGetErrorCode): Provide fallback.

2015-01-05  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Report error if a driver can't handle multiple IP addresses
	Drivers supporting one and only one IP address raise an error if more IP
	addresses are configured.

	Openvz --ipadd can be provided multiple times
	Vzctl man page says that --ipadd can be provided multiple times to add
	several IP addresses. Looping over the configured ip addresses to add
	one --ipadd for each. This would even handle the multiple IPs handled
	by openvz_conf.c

	LXC: honour network devices link state
	Don't activate LXC network device if <link state='down'/> has been set
	in its configuration.

	LXC: use the new net devices routes definition
	Actually set routes in lxc containers if there are defined ones.

	lxc conf2xml: convert lxc.network.ipv[46].gateway

	Domain network devices can now have a <route> element
	Network interfaces devices and host devices with net capabilities can
	now have IPv4 and/or an IPv6 routes configured.

	lxc conf2xml: convert ip addresses for hostdev NICs

	Allow network capabilities hostdev to configure IP addresses

	lxc conf2xml: convert IP addresses

	LXC: set IP addresses to veth devices in the container
	Uses the new virDomainNetDef ips to set the IP addresses on the network
	interfaces in the container.

	Domain conf: allow more than one IP address for net devices
	Add the possibility to have more than one IP address configured for a
	domain network interface. IP addresses can also have a prefix to define
	the corresponding netmask.

	Renamed virNetDevClearIPv4Address to virNetDevClearIPAddress
	Make clear that virNetDevClearIPv4Address can also handle IPv6
	addresses by changing the name

	virNetDevClearIPv4Address: netlink implementation

	virNetDevAddRoute: implementation using netlink

	Renamed virNetDevSetIPv4Address to virNetDevSetIPAddress
	Renamed virNetDevSetIPv4Address as it also handles IPv6 addresses.

	virNetDevSetIPv4Address: libnl implementation
	Add a default implementation of virNetDevSetIPv4Address using netlink
	and libnl. This avoids requiring /usr/sbin/ip or /usr/sbin/ifconfig
	external binaries.

	Forgot to cleanup ifname_guest* in domain network def parsing

2015-01-05  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix error when starting a container after an error
	The typical case for the problem is starting a domain needing a network
	that isn't started. Even after starting the network, we get an unknown error
	when starting the container.

	This is due to dynamic security label not being removed.

2015-01-05  Daniel P. Berrange  <berrange@redhat.com>

	maint: fix date in local gnulib patch
	The local gnulib ssize_t.m4.diff patch no longer applied due to
	changed context from the date change.

2015-01-05  Daniel P. Berrange  <berrange@redhat.com>

	maint: update to latest gnulib
	Sync to latest gnulib to get files updated with 2015 copyright
	date to fix syntax-check

	* .gnulib: update to latest
	* bootstrap: Regenerate from upstream

2015-01-05  Cedric Bosdonnat  <cbosdonnat@suse.com>

	Teach AppArmor, that /usr/lib64 may exist.
	The apparmor profiles forgot about /usr/lib64 folders, just add lib64
	as a possible alternative to lib in the paths

2015-01-05  Pavel Hrdina  <phrdina@redhat.com>

	src/Makefile.am: fix build breaker for xenconfig
	Commit 2c78051a introduced build breaker with type in Makefile.am by
	specifying wrong header file.

2015-01-04  Chunyan Liu  <cyliu@suse.com>

	Add tests to xmconfigtest
	Add tests to testing HVM default features (pae, acpi, apic)
	conversion from xm config to libvirt xml. If no pae|acpi|apic
	specified in xm config, after conversion, libvirt xml should
	by default include:
	 <features>
	   <pae/>
	   <apic/>
	   <acpi/>
	 </features>

2015-01-04  Chunyan Liu  <cyliu@suse.com>

	xenconfig: set HVM pae/apic/acpi/ default to 1
	According to xm.config manual, HVM pae|apic|acpi feature default
	is 1 (enabled). But in conversion from xm config to libvirt xml,
	if xm config doesn't contain pae|apic|acpi, it sets default value
	to 0, this causes some problems in HVM guest.

	Update parser codes to set HVM pae|apic|acpi default value to 1
	to match xm config convension.

2015-01-04  Kiarie Kahurani  <davidkiarie4@gmail.com>

	libxl: Add support for parsing/formating Xen XL config
	Now that xenconfig supports parsing and formatting Xen's
	XL config format, integrate it into the libxl driver's
	connectDomainXML{From,To}Native functions.

	tests: Tests for the xen-xl parser
	add tests for the xen_xl config parser

2015-01-04  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenconfig: Xen-xl parser
	Introduce a Xen xl parser

	This parser allows for users to convert the new xl disk format and
	spice graphics config to libvirt xml format and vice versa. Regarding
	the spice graphics config, the code is pretty much straight forward.
	For the disk {formating, parsing}, this parser takes care of the new
	xl format which include positional parameters and key/value parameters.
	In xl format disk config a <diskspec> consists of parameters separated by
	commas. If the parameters do not contain an '=' they are automatically
	assigned to certain options following the order below

	   target, format, vdev, access

	The above are the only mandatory parameters in the <diskspec> but there
	are many more disk config options. These options can be specified as
	key=value pairs. This takes care of the rest of the options such as

	  devtype, backend, backendtype, script, direct-io-safe,

	The positional paramters can also be specified in key/value form
	for example

	    /dev/vg/guest-volume,,hda
	    /dev/vg/guest-volume,raw,hda,rw
	    format=raw, vdev=hda, access=rw, target=/dev/vg/guest-volume

	are interpleted to one config.

	In xm format, the above diskspec would be written as

	phy:/dev/vg/guest-volume,hda,w

	The disk parser is based on the same parser used successfully by
	the Xen project for several years now.  Ian Jackson authored the
	scanner, which is used by this commit with mimimal changes.  Only
	the PREFIX option is changed, to produce function and file names
	more consistent with libvirt's convention.

2015-01-04  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenconfig: Export helper functions
	Export helper functions for reuse in getting values
	from a virConfPtr object

2014-12-24  Michal Privoznik  <mprivozn@redhat.com>

	capabilities: Format <domain/> properly
	The <domain/> element under /capabilities/guest/arch/ can have no
	child elements. If that's the case we format:

	        <domain type='xen'>
	        </domain>

	instead of simpler:

	        <domain type='xen'/>

	This commit fixes that.

2014-12-23  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: report, that cdrom image is raw
	VIR_STORAGE_FILE_AUTO should be used only in xml provided to
	libvirt by user, if I understood correctly. Driver should
	set storage source format to specific disk format in
	*DomainGetXMLDesc.

	CDROMs in PCS use raw image format.

2014-12-23  Martin Kletzander  <mkletzan@redhat.com>

	tests: Set up two more overrides for root builders
	There are two more places after commit 3865941b that need to be adapted
	in order to get rid of some test failures when building as root.

	qemu: Fix coverity issues after refcount refactoring

2014-12-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	test: fix nwfilter tests following changes in virfirewall.c
	Some of the nwfilter tests are now failing since --concurrent shows
	up in the ebtables command. To avoid this, implement a function
	preventing the probing for lock support in the eb/iptables tools
	and use it in the tests.

2014-12-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: completely rework reference counting
	There is one problem that causes various errors in the daemon.  When
	domain is waiting for a job, it is unlocked while waiting on the
	condition.  However, if that domain is for example transient and being
	removed in another API (e.g. cancelling incoming migration), it get's
	unref'd.  If the first call, that was waiting, fails to get the job, it
	unref's the domain object, and because it was the last reference, it
	causes clearing of the whole domain object.  However, when finishing the
	call, the domain must be unlocked, but there is no way for the API to
	know whether it was cleaned or not (unless there is some ugly temporary
	variable, but let's scratch that).

	The root cause is that our APIs don't ref the objects they are using and
	all use the implicit reference that the object has when it is in the
	domain list.  That reference can be removed when the API is waiting for
	a job.  And because each domain doesn't do its ref'ing, it results in
	the ugly checking of the return value of virObjectUnref() that we have
	everywhere.

	This patch changes qemuDomObjFromDomain() to ref the domain (using
	virDomainObjListFindByUUIDRef()) and adds qemuDomObjEndAPI() which
	should be the only function in which the return value of
	virObjectUnref() is checked.  This makes all reference counting
	deterministic and makes the code a bit clearer.

2014-12-21  Martin Kletzander  <mkletzan@redhat.com>

	util: Fix possible NULL dereference
	Commit 1a80b97d, which added the virCgroupHasEmptyTasks() function
	forgot that the parameter @cgroup may be NULL and did not check that.

2014-12-21  Claudio Bley  <claudio.bley@gmail.com>

	maint: update .mailmap
	Add an email alias after updating my email address in commit 738a2ae.

2014-12-20  Claudio Bley  <claudio.bley@gmail.com>

	Fix typo s/interpetation/interpretation/
	Fix the typo in struct virSecurityModel's comment for its doi field.

2014-12-19  Claudio Bley  <claudio.bley@gmail.com>

	Update my email address in AUTHORS.in

2014-12-19  Claudio Bley  <claudio.bley@gmail.com>

	docs: split typedef and struct definition for apibuild.py
	The members of struct virSecurityLabel and struct virSecurityModel
	were not shown in the libvirt API docs because the corresponding
	<field> elements were missing from the libvirt-api.xml.

	The reason is that apibuild.py does not cope well with typedef's
	using inline struct definitions. It fails to associate the comment
	with the typedef and because of this refuses to write out the
	field of the struct.

2014-12-19  Daniel P. Berrange  <berrange@redhat.com>

	disable vCPU pinning with TCG mode
	Although QMP returns info about vCPU threads in TCG mode, the
	data it returns is mostly lies. Only the first vCPU has a valid
	thread_id returned. The thread_id given for the other vCPUs is
	in fact the main emulator thread. All vCPUs actually run under
	the same thread in TCG mode.

	Our vCPU pinning code is not at all able to cope with this
	so if you try to set CPU affinity per-vCPU you end up with
	wierd errors

	error: Failed to start domain instance-00000007
	error: cannot set CPU affinity on process 24365: Invalid argument

	Since few people will care about the performance of TCG with
	strict CPU pinning, lets just disable that for now, so we get
	a clear error message

	error: Failed to start domain instance-00000007
	error: Requested operation is not valid: cpu affinity is not supported

2014-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Don't setup fake CPU pids for old QEMU
	The code assumes that def->vcpus == nvcpupids, so when we setup
	fake CPU pids for old QEMU with nvcpupids == 1, we cause the
	later code to read off the end of the array. This has fun results
	like sche_setaffinity(0, ...) which changes libvirtd's own CPU
	affinity, or even better sched_setaffinity($RANDOM, ...) which
	changes the affinity of a random OS process.

2014-12-19  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Create memory-backend-{ram,file} iff needed
	Libvirt BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1175397
	QEMU BZ:    https://bugzilla.redhat.com/show_bug.cgi?id=1170093

	In qemu there are two interesting arguments:

	1) -numa to create a guest NUMA node
	2) -object memory-backend-{ram,file} to tell qemu which memory
	region on which host's NUMA node it should allocate the guest
	memory from.

	Combining these two together we can instruct qemu to create a
	guest NUMA node that is tied to a host NUMA node. And it works
	just fine. However, depending on machine type used, there might
	be some issued during migration when OVMF is enabled (see QEMU
	BZ). While this truly is a QEMU bug, we can help avoiding it. The
	problem lies within the memory backend objects somewhere. Having
	said that, fix on our side consists on putting those objects on
	the command line if and only if needed. For instance, while
	previously we would construct this (in all ways correct) command
	line:

	    -object memory-backend-ram,size=256M,id=ram-node0 \
	    -numa node,nodeid=0,cpus=0,memdev=ram-node0

	now we create just:

	    -numa node,nodeid=0,cpus=0,mem=256

	because the backend object is obviously not tied to any specific
	host NUMA node.

2014-12-18  Ján Tomko  <jtomko@redhat.com>

	Remove redundant cleanup in qemuDomainAttachVirtioDiskDevice
	Commit ca91ba7 moved these into the qemuDomainPrepareDisk helper,
	but forgot to remove them from here as well.

2014-12-18  Ján Tomko  <jtomko@redhat.com>

	Fix hotplugging of block device-backed usb disks
	Commit ca91ba7 moved qemuSetupDiskCgroup into the qemuDomainPrepareDisk
	helper, but failed to call it for usb disks.

	https://bugzilla.redhat.com/show_bug.cgi?id=1175668`

2014-12-18  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	Buffer size too small when reading sysinfo
	On a system with 160 CPUs the /proc/cpuinfo size grows beyond
	the currently set limit of 10KB causing an internal error.

	This patch increases the buffer size to 1MB.

2014-12-18  Eric Blake  <eblake@redhat.com>

	qemu: fix memory leak in blockinfo
	Coverity flagged commit 0282ca45 as introducing a memory leak;
	in all my refactoring to make capacity probing conditional on
	whether the image is non-raw, I missed deleting the unconditional
	probe.

	* src/qemu/qemu_driver.c (qemuStorageLimitsRefresh): Drop
	redundant assignment.

2014-12-17  Ján Tomko  <jtomko@redhat.com>

	Fix error message on redirdev caps detection

2014-12-17  John Ferlan  <jferlan@redhat.com>

	logical: Add "--type snapshot" to lvcreate command
	A recent lvm change has resulted in a change for the "default" type of
	logical volume created when the "--virtualsize" or "--V" is supplied on
	the command line (e.g. when the allocation and capacity values of a to
	be created volume differ). It seems that at the very least the following
	change adjusts the default type:

	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=e0164f21

	and the following may also have some impact.

	https://git.fedorahosted.org/cgit/lvm2.git/commit/?id=87fc3b71

	When using the virsh vol-create-as or vol-create xmlfile commands, the
	result is that libvirt will now create a "thin logical volume" and a
	"thin logical volume pool" rather than just a "thin snapshot logical
	volume". For example the following sequence:

	  # lvcreate --name test -L 2M -V 5M lvm_test
	    Rounding up size to full physical extent 4.00 MiB
	    Rounding up size to full physical extent 8.00 MiB
	    Logical volume "test" created.
	  # lvs lvm_test
	    LV    VG       Attr       LSize Pool  Origin Data%  Meta%  Move Log Cpy%Sync Convert
	    lvol1 lvm_test twi-a-tz-- 4.00m              0.00   0.98
	    test  lvm_test Vwi-a-tz-- 8.00m lvol1        0.00

	compared to the former code which had the following:

	    LV   VG       Attr       LSize  Pool Origin         Data%  Move Log Cpy%Sync Convert
	    test LVM_Test swi-a-s---  4.00m      [test_vorigin]   0.00

	Since libvirt doesn't know how to parse the thin logical volume
	and pool, it will fail to find the newly created volume and pool
	even though it exists in the volume group.

	It cannot find since the command used to find/parse returns a thin volume
	'test' with no associated device, for example the output is:

	  lvol1##UgUwkp-fTFP-C0rc-ufue-xrYh-dkPr-FGPFPx#lvol1_tdata(0)#thin-pool#1#4194304#4194304#4194304#twi-a-tz--
	  test##NcaIoH-4YWJ-QKu3-sJc3-EOcS-goff-cThLIL##thin#0#8388608#4194304#8388608#Vwi-a-tz--

	as compared to the former which had the following:

	      test#[test_vorigin]#Dt5Of3-4WE6-buvw-CWJ4-XOiz-ywOU-YULYw6#/dev/sda3(1300)#linear#1#4194304#4194304#4194304#swi-a-s---

	While it's possible to generate code to handle the new thin lv and pool, this
	patch will add a "--type snapshot" onto the lvcreate command libvirt uses
	in order to "for now" be able to continue to utilize the thin snapshots

2014-12-17  Luyao Huang  <lhuang@redhat.com>

	conf: fix cannot start a guest have a shareable network iscsi hostdev
	https://bugzilla.redhat.com/show_bug.cgi?id=1174569

	There's nothing we need to do for shared iSCSI devices in
	qemuAddSharedHostdev and qemuRemoveSharedHostdev. The iSCSI layer
	takes care about that for us.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: crawl backing chain for qemu
	Wire up backing chain recursion.  For the first time, it is now
	possible to get libvirt to expose that qemu tracks read statistics
	on backing files, as well as report maximum extent written on a
	backing file during a block-commit operation.

	For a running domain, where one of the two images has a backing
	file, I see the traditional output:

	$ virsh domstats --block testvm2
	Domain: 'testvm2'
	  block.count=2
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vdb
	  block.1.path=/dev/sda7
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=0
	  block.1.capacity=1310720000

	vs. the new output:

	$ virsh domstats --block --backing testvm2
	Domain: 'testvm2'
	  block.count=3
	  block.0.name=vda
	  block.0.path=/tmp/wrapper.qcow2
	  block.0.rd.reqs=1
	  block.0.rd.bytes=512
	  block.0.rd.times=28858
	  block.0.wr.reqs=0
	  block.0.wr.bytes=0
	  block.0.wr.times=0
	  block.0.fl.reqs=0
	  block.0.fl.times=0
	  block.0.allocation=0
	  block.0.capacity=1310720000
	  block.0.physical=200704
	  block.1.name=vda
	  block.1.path=/dev/sda6
	  block.1.backingIndex=1
	  block.1.rd.reqs=0
	  block.1.rd.bytes=0
	  block.1.rd.times=0
	  block.1.wr.reqs=0
	  block.1.wr.bytes=0
	  block.1.wr.times=0
	  block.1.fl.reqs=0
	  block.1.fl.times=0
	  block.1.allocation=327680
	  block.1.capacity=786432000
	  block.2.name=vdb
	  block.2.path=/dev/sda7
	  block.2.rd.reqs=0
	  block.2.rd.bytes=0
	  block.2.rd.times=0
	  block.2.wr.reqs=0
	  block.2.wr.bytes=0
	  block.2.wr.times=0
	  block.2.fl.reqs=0
	  block.2.fl.times=0
	  block.2.allocation=0
	  block.2.capacity=1310720000

	I may later do a patch that trims the output to avoid 0 stats,
	particularly for backing files (which are more likely to have
	0 stats, at least for write statistics when no block-commit
	is performed).  Also, I still plan to expose physical size
	information (qemu doesn't expose it yet, so it requires a stat,
	and for block devices, a further open/seek operation).  But
	this patch is good enough without worrying about that yet.

	* src/qemu/qemu_driver.c (QEMU_DOMAIN_STATS_BACKING): New internal
	enum bit.
	(qemuConnectGetAllDomainStats): Recognize new user flag, and pass
	details to...
	(qemuDomainGetStatsBlock): ...here, where we can do longer recursion.
	(qemuDomainGetStatsOneBlock): Output new field.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: split block stats reporting for easier recursion
	In order to report stats on backing chains, we need to separate
	the output of stats for one block from how we traverse blocks.

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Split...
	(qemuDomainGetStatsOneBlock): ...into new helper.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: add new flag for block backing chain
	This patch introduces access to allocation information about
	a backing chain of a live domain.  While querying storage
	volumes for read-only disks could provide some of the details,
	we do NOT want to read() a file while qemu is writing it.
	Also, there is one case where we have to rely on qemu: when
	doing a block commit into a backing file, where that file is
	stored in qcow2 format on a host block device, we want to know
	the current highest write offset into that image, in order to
	know if the disk must be resized larger.  qemu-img does not
	(currently) show this information, and none of the earlier
	block APIs were extensible enough to expose it.  But
	virDomainListGetStats is perfect for the job!

	We don't need a new group of statistics, as the existing block
	group is sufficient.  On the other hand, as existing libvirt
	releases already report 1:1 mapping of block.count to <disk>
	devices, changing the array size could confuse older clients;
	and even with newer clients, the time and memory taken to
	report additional statistics is not always necessary (backing
	files are generally read-only except for block-commit, so while
	read statistics may change, sizing statistics will not).  So
	the choice here is to add a new flag that only newer callers
	will pass, when they are prepared for the additional information.

	This patch introduces the new API, but it will take more
	patches to get it implemented for qemu.

	* include/libvirt/libvirt-domain.h
	(VIR_CONNECT_GET_ALL_DOMAINS_STATS_BACKING): New flag.
	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document it,
	and add a new field when it is in use.
	* tools/virsh-domain-monitor.c (cmdDomstats): Use new flag.
	* tools/virsh.pod (domstats): Document it.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: prepare for dynamic block.count stat
	A coming patch will make it optionally possible to list backing
	chain block stats; in this mode of operation, block.counts is no
	longer the number of <disks> in the domain, but the number of
	blocks in the array being reported.  We still want block.count
	listed first, but rather than iterate the tree twice (once to
	count, and once to list stats), it's easier to just touch things
	up after the fact.

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Compute count
	after the fact.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: report block sizes for offline domains
	The prior refactoring can now be put to use. With the same domain
	as the earlier commit 7b49926 (one qcow2 disk and an empty
	cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.0.allocation=1309614080
	  block.0.capacity=42949672960
	  block.0.physical=1309671424
	  block.1.name=hdc

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Use
	qemuStorageLimitsRefresh to report offline statistics.

2014-12-17  Eric Blake  <eblake@redhat.com>

	qemu: refactor blockinfo data gathering
	Create a helper function that can be reused for gathering block
	info from virDomainListGetStats.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Split guts...
	(qemuStorageLimitsRefresh): ...into new helper function.

2014-12-17  Eric Blake  <eblake@redhat.com>

	qemu: fix bugs in blockstats
	The documentation for virDomainBlockInfo was confusing: it stated
	that 'physical' was the size of the container, then gave an example
	of it being the amount of storage used by a sparse file (that is,
	for a sparse raw image on a regular file, the wording implied
	capacity==physical, while allocation was smaller; but the example
	instead claimed physical==allocation).  Since we use 'physical' for
	the last offset of a block device, we should do likewise for
	regular files.

	Furthermore, the example claimed that for a qcow2 regular file,
	allocation==physical.  At the time the code was first written,
	this was true (qcow2 files were allocated sequentially, and were
	never sparse, so the last sector written happened to also match
	the disk space occupied); but modern qemu does much better and
	can punch holes for a qcow2 with allocation < physical.

	Basically, after this patch, the three fields are now reliably
	mapped as:
	 'capacity' - how much storage the guest can see (equal to
	physical for raw images, determined by image metadata otherwise)
	 'allocation' - how much storage the image occupies (similar to
	what 'du' would report)
	 'physical' - the last offset of the image (similar to what 'ls'
	would report)

	'capacity' can be larger than 'physical' (such as for a qcow2
	image that does not vary much from a backing file) or smaller
	(such as for a qcow2 file with lots of internal snapshots).
	Likewise, 'allocation' can be (slightly) larger than 'physical'
	(such as counting the tail of cluster allocations required to
	round a file size up to filesystem granularity) or smaller
	(for a sparse file).  A block-resize operation changes capacity
	(which, for raw images, also changes physical); many non-raw
	images automatically grow physical and allocation as necessary
	when starting with an allocation smaller than capacity; and even
	when capacity and physical stay unchanged, allocation can change
	when converting sectors from holes to data or back.

	Note that this does not change semantics for qcow2 images stored
	on block devices; there, we still rely on qemu to report the
	highest written extent for allocation.  So using this API to
	track when to extend a block device because a qcow2 image is
	about to exceed a threshold will not see any changes.

	Also, note that virStorageVolInfo is unfortunately limited to
	just 'capacity' and 'allocation' (we can't expand it to add
	'physical', although we can expand the XML to add it there);
	historically, that struct's 'allocation' value has reported
	file size for qcow2 files (what this patch terms 'physical'
	for a domain block device), but disk usage for raw files (what
	this patch terms 'allocation').  So follow-up patches will be
	needed to make storage volumes report the same allocation
	values and get at physical values, where those differ.

	* include/libvirt/libvirt-domain.h (_virDomainBlockInfo): Tweak
	documentation to match saner definition.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): For regular
	files, physical size is capacity, not allocation.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: rearrange blockinfo gathering
	Ultimately, we want to avoid read()ing a file while qemu is running.
	We still have to open() block devices to determine their physical
	size, but that is safer.  This patch rearranges code to group
	together all code that reads the image, to make it easier for later
	patches to skip the metadata collection when possible.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Check for empty
	disk up front.  Place metadata reading next to use.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: perform recursion in monitor collection
	When requested in a later patch, the QMP command results are now
	examined recursively.  As qemu_driver will eventually have to
	read items out of the hash table as stored by this patch, the
	computation of backing alias string is done in a shared location.

	* src/qemu/qemu_domain.h (qemuDomainStorageAlias): New prototype.
	* src/qemu/qemu_domain.c (qemuDomainStorageAlias): Implement it.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): Perform recursion.
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Update callers.

2014-12-17  Eric Blake  <eblake@redhat.com>

	getstats: prepare monitor collection for recursion
	A future patch will allow recursion into backing chains when
	collecting block stats.  This patch should not change behavior,
	but merely moves out the common code that will be reused once
	recursion is enabled, and adds the parameter that will turn on
	recursion.

	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Add recursion parameter,
	although it is ignored for now.
	* src/qemu/qemu_monitor.h (qemuMonitorGetAllBlockStatsInfo)
	(qemuMonitorBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.h
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Likewise.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetAllBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacity): Add parameter, and
	split...
	(qemuMonitorJSONGetOneBlockStatsInfo)
	(qemuMonitorJSONBlockStatsUpdateCapacityOne): ...into helpers.
	(qemuMonitorJSONGetBlockStatsInfo): Update caller.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Update caller.
	* src/qemu/qemu_migration.c (qemuMigrationCookieAddNBD): Likewise.

2014-12-17  Eric Blake  <eblake@redhat.com>

	qemu: let blockinfo reuse virStorageSource
	Right now, grabbing blockinfo always calls stat on the disk, then
	opens the image to determine the capacity, using a throw-away
	virStorageSourcePtr.  This has a couple of drawbacks:

	1. We are calling stat and opening a file on every invocation of
	the API.  However, there are cases where the stats should NOT be
	changing between successive calls (if a domain is running, no
	one should be changing the physical size of a block device or raw
	image behind our backs; capacity of read-only files should not
	be changing; and we are the gateway to the block-resize command
	to know when the capacity of read-write files should be changing).
	True, we still have to use stat in some cases (a sparse raw file
	changes allocation if it is read-write and the amount of holes is
	changing, and a read-write qcow2 image stored in a file changes
	physical size if it was not fully pre-allocated).  But for
	read-only images, even this should be something we can remember
	from the previous time, rather than repeating every call.

	2. We want to enhance the power of virDomainListGetStats, by
	sharing code.  But we already have a virStorageSourcePtr for
	each disk, and it would be easier to reuse the common structure
	than to have to worry about the one-off virDomainBlockInfoPtr.

	While this patch does not optimize reuse of information in point
	1, it does get us closer to being able to do so; by updating a
	structure that survives between consecutive calls.

	* src/util/virstoragefile.h (_virStorageSource): Add physical, to
	mirror virDomainBlockInfo; rearrange fields to match public struct.
	(virStorageSourceCopy): Copy the new field.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Store into
	storage source, then copy to block info.

2014-12-16  Eric Blake  <eblake@redhat.com>

	qemu: refactor blockinfo job handling
	In order for a future patch to virDomainListGetStats to reuse
	some code for determining disk usage of offline domains, we
	need to make it easier to pull out part of the guts of grabbing
	blockinfo.  The current implementation grabs a job fairly late
	in the game, while getstats will already own a job; reordering
	things so that the job is always grabbed up front in both
	functions will make it easier to pull out the common code.
	This patch results in grabbing a job in cases where one was not
	previously needed, but as it is a query job, it should not be
	noticeably slower.

	This patch touches the same code as the fix for CVE-2014-6458
	(commit b799259); in that patch, we avoided hotplug changing
	a disk reference during the time of obtaining a monitor lock
	by copying all data we needed and no longer referencing disk;
	this patch goes the other way and ensures that by holding the
	job, the disk cannot be changed so we no longer need to worry
	about the disk being invalidated across the monitor lock.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Rearrange job
	control to be outside of disk information.

2014-12-16  Eric Blake  <eblake@redhat.com>

	build: fix typo in previous patch
	* src/util/virfile.c (safezero_mmap): Fix missing semicolon.

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	util: Fix fallocate stubs for mingw build
	When any of the functions modified in commit 214c687b took false branch,
	the function itself used none of its parameters resulting in "unused
	parameter" error.  Rewriting these functions to the stubs we use
	elsewhere should fix the problem.

	qemu: Free saved error in qemuDomainSetVcpusFlags
	Commit e3435caf added cleanup code to qemuDomainSetVcpusFlags() that was
	not supposed to reset the error.  Usual procedure was done, saving the
	error to temporary variable, but it was never free'd, but rather leaked.

	qemu: Add missing goto error in qemuRestoreCgroupState
	Commit af2a1f05 tried clearly separating each condition in
	qemuRestoreCgroupState() for the sake of readability, however somehow
	one condition body was missing.  That means that the body of the next
	condition got executed only if both of there were true, which is
	impossible, thus resulting in a dead code and a logic error.

	conf: Fix invalid condition when parsing storage owner
	In commit d2632d60 we agreed taht we want the parsed uid to properly
	overflow but only to -1, however the value was read into long and then
	wrapped into uid_t.  That meaned it failed on 32-bit systems.

2014-12-16  John Ferlan  <jferlan@redhat.com>

	virstoragefile: Have virStorageFileResize use safezero
	Currently virStorageFileResize() function uses build conditionals to
	choose either the posix_fallocate() or syscall(SYS_fallocate) with no
	fallback in order to preallocate the space in the newly resized file.

	Since the safezero code has a similar set of conditionals modify the
	resize and safezero code in order to allow the resize logic to make use
	of safezero to unify the look/feel of the code paths.

	Add a new boolean (resize) to safezero() to make the optional decision
	whether to try syscall(SYS_fallocate) if the posix_fallocate fails because
	HAVE_POSIX_FALLOCATE is not defined (eg, return -1 and errno == 0).

	Create a local safezero_sys_fallocate in order to handle the resize
	code paths that support that.  If not present, the set errno = ENOSYS
	in order to allow the caller to handle the failure scenarios.

2014-12-16  John Ferlan  <jferlan@redhat.com>

	virfile: Refactor safezero
	Currently build conditionals decide which of two safezero() functions
	should be built - either the posix_fallocate() or mmap() with a fallback
	to a slower safewrite() algorithm in order to preallocate space in a raw file.

	This patch will refactor safezero to utilize static functions for either
	posix_fallocate or mmap/safewrite. The build conditional still exist, but
	are only for shorter sections of code.

	The posix_fallocate path will make use of the ret/errno setting to contain
	the logic for safezero to decide whether it needs to fallback to other
	algorithms. A return of -1 with errno not changed will indicate the conditional
	is not present; otherwise, a return of -1 with errno change indicates the
	call was made and it failed (no functional difference to current algorithm).

	The mmap/safewrite option changes only slightly to handle the ftruncate
	failure for mmap. That is, previously if the ftruncate failed, there was
	no fallback to the slow safewrite option.

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	conf: Rework virDomainObjListFindByUUID to allow more concurrent APIs
	Currently, when there is an API that's blocking with locked domain and
	second API that's waiting in virDomainObjListFindByUUID() for the domain
	lock (with the domain list locked) no other API can be executed on any
	domain on the whole hypervisor because all would wait for the domain
	list to be locked.  This patch adds new optional approach to this in
	which the domain is only ref'd (reference counter is incremented)
	instead of being locked and is locked *after* the list itself is
	unlocked.  We might consider only ref'ing the domain in the future and
	leaving locking on particular APIs, but that's no tonight's fairy tale.

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	storage: unify permission formatting
	Volume and pool formatting functions took different approaches to
	unspecified uids/gids.  When unknown, it is always parsed as -1, but one
	of the functions formatted it as unsigned int (wrong) and one as
	int (better).  Due to that, our two of our XML files from tests cannot
	be parsed on 32-bit machines.

	RNG schema needs to be modified as well, but because both
	storagepool.rng and storagevol.rng need same schema for permission
	element, save some space by moving it to storagecommon.rng.

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix hotplugging cpus with strict memory pinning
	When hot-plugging a VCPU into the guest, kvm needs to allocate some data
	from the DMA zone, which might be in a memory node that's not allowed in
	cpuset.mems.  Basically the same problem as there was with starting the
	domain and due to which commit 7e72ac787848b7434c9359a57c1e2789d92350f8
	exists.  This patch just extends it to hotplugging as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1161540

2014-12-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Leave cpuset.mems in parent cgroup alone
	Instead of setting the value of cpuset.mems once when the domain starts
	and then re-calculating the value every time we need to change the child
	cgroup values, leave the cgroup alone and rather set the child data
	every time there is new cgroup created.  We don't leave any task in the
	parent group anyway.  This will ease both current and future code.

	qemu: Save numad advice into qemuDomainObjPrivate
	Thanks to that we don't need to drag the pointer everywhere and future
	code will get cleaner.

	qemu: Remove unnecessary qemuSetupCgroupPostInit function

	util: Add virNumaGetHostNodeset
	That function tries its best to create a bitmap of host NUMA nodes.

	util: Add function virCgroupHasEmptyTasks
	That function helps checking whether there's a task in that cgroup.

2014-12-16  Jiri Denemark  <jdenemar@redhat.com>

	spec: Fix syntax

2014-12-15  Daniel P. Berrange  <berrange@redhat.com>

	avoid using deprecated udev logging functions
	In systemd >= 218, the udev_set_log_fn method has been marked
	deprecated and turned into a no-op. Nothing in the udev client
	library will print to stderr by default anymore, so we can
	just stop installing a logging hook for new enough udev.

	spec: Disable -Werror in Fedora RPM builds
	Since we switched to using GIT to apply patches in the RPM spec,
	we automagically also turned on -Werror, since the .git directory
	now exists. We don't want this on in Fedora, since changing
	header files often lead to new warnings being issued. Explicitly
	turn off -Werror for non-RHEL platforms, instead of relying on
	the defaults

2014-12-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix usage of disk->info.addr.drive structure
	For SCSI and SATA devices controller and unit are used
	to specify drive address. For IDE devices - bus specifies
	IDE bus, becase usually there are 2 IDE buses on IDE
	controller.

	Parallels SDK allows to set drive position by calling
	PrlVmDev_SetStackIndex. Since PCS VMs have only one
	controller of each type, for SATA and SCSI devices it
	simple means position on bus, for IDE devices -
	2 * bus_number + position_on_bus.

	This patch fixes mapping from libvirt's disk->info.addr.drive
	to parallels's 'StackIndex'.

2014-12-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: set format for real disk devices
	It seems file format is usually specified event for
	real block devices. So report that file format is
	raw in virDomainGetXMLDesc and add checks for proper
	file format to prlsdkAddDisk.

	parallels: support NULL virDomainVideoAccelDefPtr
	NULL value of virDomainVideoAccelDefPtr means default
	values for video acceleration, so don't report error in
	this case.

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	qemu: Auto generate a controller when attach hostdev and chr device
	https://bugzilla.redhat.com/show_bug.cgi?id=1174154

	When we use attach-device add a hostdev or chr device which have a
	iscsi address or others (just like guest agent, subsys iscsi disk...),
	we will find there is no basic controller for our new attached device.
	Somtimes this will make guest cannot start after we add them (although
	they can start at the second time).

2014-12-15  Laine Stump  <laine@laine.org>

	qemu: add/remove bridge fdb entries as guest CPUs are started/stopped
	When libvirt is managing a bridge's forwarding database (FDB)
	(macTableManager='libvirt'), if we add FDB entries for a new guest
	interface even before the qemu process is created, then in the case of
	a migration any other guest attached to the "destination" bridge will
	have its traffic immediately sent to the destination of the migration
	even while the source domain is still running (and the destination, of
	course, isn't). To make sure that traffic from other guests on the new
	host continues flowing to the old guest until the new one is ready, we
	have to wait until the new guest CPUs are started to add the FDB
	entries.

	Conversely, we need to remove the FDB entries from the bridge any time
	the guest CPUs are stopped; among other things, this will assure
	proper operation during a post-copy migration (which is just the
	opposite of the problem described in the previous paragraph).

2014-12-15  Wang Rui  <moon.wangrui@huawei.com>

	qemu: make persistent update of graphics device supported
	We can change vnc password by using virDomainUpdateDeviceFlags API with
	live flag. But it can't be changed with config flag. Error is reported as
	below.

	error: Operation not supported: persistent update of device 'graphics' is not supported

	This patch supports the graphics arguments changed with config flag.

2014-12-15  Wang Rui  <moon.wangrui@huawei.com>

	qemu: fix alignment of qemuDomainFindGraphics

	qemu: report properer error number when change graphics failed
	It's not supported to change some graphics arguments with '--live'.
	Replace some error code VIR_ERR_INTERNAL_ERROR and VIR_ERR_INVALID_ARG
	with VIR_ERR_OPERATION_UNSUPPORTED.

2014-12-15  Wei Liu  <wei.liu2@citrix.com>

	xenconfig: fix boot device parsing
	The original code always checked *boot which was in effect boot[0]. It
	should use boot[i].

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	conf: fix virDomainLeaseIndex logic
	https://bugzilla.redhat.com/show_bug.cgi?id=1174096

	When both parameter have lockspaces present, virDomainLeaseIndex
	always returns -1 even there is a lease the same with the one we
	check. This is due to broken logic in 'if-else' statement.

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Allow system pages to <memoryBacking/>
	https://bugzilla.redhat.com/show_bug.cgi?id=1173507

	It occurred to me that OpenStack uses the following XML when not using
	regular huge pages:

	  <memoryBacking>
	    <hugepages>
	      <page size='4' unit='KiB'/>
	    </hugepages>
	  </memoryBacking>

	However, since we are expecting to see huge pages only, we fail to
	startup the domain with following error:

	  libvirtError: internal error: Unable to find any usable hugetlbfs
	  mount for 4 KiB

	While regular system pages are not huge pages technically, our code is
	prepared for that and if it helps OpenStack (or other management
	applications) we should cope with that.

2014-12-15  Luyao Huang  <lhuang@redhat.com>

	conf: Fix libvirtd crash matching hostdev XML
	https://bugzilla.redhat.com/show_bug.cgi?id=1174053

	Introduced by commit id '17bddc46f' - fix a libvirtd crash when
	matching a network iscsi hostdev with a host iscsi hostdev.

	When we use attach-device to coldplug a network iscsi hostdev,
	libvirt will check if there is already a device in XML. But if
	the 'b' is a host iscsi hostdev and 'a' is a network iscsi hostdev,
	then libvirtd will crash in virDomainHostdevMatchSubsysSCSIiSCSI
	because 'b' doesn't have a hostname.

	Add a check in virDomainHostdevMatchSubsys, if the a's protocol
	and b's protocol is not the same.

	Following is the backtrace:

	0  0x00007f850d6bc307 in virDomainHostdevMatchSubsysSCSIiSCSI at conf/domain_conf.c:10889
	1  virDomainHostdevMatchSubsys at conf/domain_conf.c:10911
	2  virDomainHostdevMatch at conf/domain_conf.c:10973
	3  virDomainHostdevFind at conf/domain_conf.c:10998
	4  0x00007f84f6a10560 in qemuDomainAttachDeviceConfig at qemu/qemu_driver.c:7223
	5  qemuDomainAttachDeviceFlags at qemu/qemu_driver.c:7554

2014-12-15  Daniel P. Berrange  <berrange@redhat.com>

	fix typo in sanlock driver s/VIR_CONF_UONG/VIR_CONF_ULONG/
	fix typo introduced in previous commit

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	virconf: Introduce VIR_CONF_ULONG
	https://bugzilla.redhat.com/show_bug.cgi?id=1160995

	In our config files users are expected to pass several integer values
	for different configuration knobs. However, majority of them expect a
	nonnegative number and only a few of them accept a negative number too
	(notably keepalive_interval in libvirtd.conf).
	Therefore, a new type to config value is introduced: VIR_CONF_ULONG
	that is set whenever an integer is positive or zero. With this
	approach knobs accepting VIR_CONF_LONG should accept VIR_CONF_ULONG
	too.

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	virConfType: switch to VIR_ENUM_{DECL,IMPL}
	There's no need to implement ToString() function like we do if we
	can use our shiny macros.

2014-12-15  Michal Privoznik  <mprivozn@redhat.com>

	virConfSetValue: Simplify condition
	There's no need for condition of the following form:

	  if (str && STREQ(str, dst))

	since we have STREQ_NULLABLE macro that handles NULL cases.

2014-12-15  Erik Skultety  <eskultet@redhat.com>

	conf: move the check for secondary consoles of targetType serial
	For historical reasons, only the first <console> element might be of targetType
	serial, but we checked for other consoles of targetType serial in our post-parse
	callback if and only if we knew the first console was serial, otherwise
	the check was skipped.
	This patch moves the check one level up, so first
	the check for secondary console of type serial is performed and then the
	rest of operations continue unchanged.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1170092

2014-12-14  Laine Stump  <laine@laine.org>

	qemu: add a qemuInterfaceStopDevices(), called when guest CPUs stop
	We now have a qemuInterfaceStartDevices() which does the final
	activation needed for the host-side tap/macvtap devices that are used
	for qemu network connections. It will soon make sense to have the
	converse qemuInterfaceStopDevices() which will undo whatever was done
	during qemuInterfaceStartDevices().

	A function to "stop" a single device has also been added, and is
	called from the appropriate place in qemuDomainDetachNetDevice(),
	although this is currently unnecessary - the device is going to
	immediately be deleted anyway, so any extra "deactivation" will be for
	naught. The call is included for completeness, though, in anticipation
	that in the future there may be some required action that *isn't*
	nullified by deleting the device.

	This patch is a part of a more complete fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

2014-12-14  Laine Stump  <laine@laine.org>

	qemu: always call qemuInterfaceStartDevices() when starting CPUs
	The patch that added qemuInterfaceStartDevices() (upstream commit
	82977058f5b1d143a355079900029e9cbfee2fe4) had an extra conditional to
	prevent calling it if the reason for starting the CPUs was
	VIR_DOMAIN_RUNNING_UNPAUSED or VIR_DOMAIN_RUNNING_SAVE_CANCELED.  This
	was put in by the author as the result of a reviewer asking if it was
	necessary to ifup the interfaces in *all* occasions (because these
	were the two cases where the CPU would have already been started (and
	stopped) once, so the interface would already be ifup'ed).

	It turns out that, as long as there is no corresponding
	qemuInterfaceStopDevices() to ifdown the interfaces anytime the CPUs
	are stopped, neglecting to ifup when reason is RUNNING_UNPAUSED or
	RUNNING_SAVE_CANCELED doesn't cause any problems (because it just
	happens that the interface will have already been ifup'ed by a prior
	call when the CPU was previously started for some other reason).

	However, it also doesn't *help*, and there will soon be a
	qemuInterfaceStopDevices() function which *will* ifdown these
	interfaces when the guest CPUs are stopped, and once that is done, the
	interfaces will be left down in some cases when they should be up (for
	example, if a domain is paused and then unpaused).

	So, this patch is removing the condition in favor of always calling
	qemuInterfaeStartDevices() when the guest CPUs are started.

	This patch (and the aforementioned patch) resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1081461

2014-12-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: avoid rare race when undefining domain
	When one domain is being undefined and at the same time started, for
	example, there is a possibility of a rare problem occuring.

	 - Thread 1 does virDomainUndefine(), has the lock, checks that the
	   domain is active and because it's not, calls
	   virDomainObjListRemove().

	 - Thread 2 does virDomainCreate() and tries to lock the domain.

	 - Thread 1 needs to lock domain list in order to remove the domain from
	   it, but must unlock domain first (proper order is to lock domain list
	   first and the domain itself second).

	 - Thread 2 grabs the lock, starts the domain and releases the lock.

	 - Thread 1 grabs the lock and removes the domain from list.

	With this patch:

	 - The undefining domain gets marked as "to undefine" before it is
	    unlocked.

	 - If domain is found in any of the search APIs, it's returned only if
	   it is not marked as "to undefine".  The check is done while the
	   domain is locked.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

2014-12-13  Luyao Huang  <lhuang@redhat.com>

	conf: Ignore device address for model=none usb controller and memballon
	It make no sense at all to have it there.

2014-12-13  Martin Kletzander  <mkletzan@redhat.com>

	Post-release version bump for new dev cycle

2014-12-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.11
	- docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: updated localization and regenerated

2014-12-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Avoid getting '-1:-1' in devices cgroup list
	When calling virCgroupAllowAllDevices we get these invalid entries
	in the device cgroup config.
	    b -1:-1 rw
	    c -1:-1 rw
	Check for positive values before outputting the major and minor to
	avoid that.

2014-12-12  Luyao Huang  <lhuang@redhat.com>

	conf: goto error when value of max_sectors is too large
	Output error when we try to set a too large max_sectors.
	Just like queues and cmd_per_lun here.

2014-12-11  Ján Tomko  <jtomko@redhat.com>

	Ignore CPU features without a model for host-passthrough
	This fixes reverting to snapshots created by older libvirt
	and allows libvirt not to lose track of a domain that
	has this in its live status XML (such as a domain
	restored from managedsave)

	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

2014-12-11  Ján Tomko  <jtomko@redhat.com>

	Do not format CPU features without a model
	For host-passthrough CPU we don't honor the CPU
	features specified in the XML, but we allow
	outputting them via the UPDATE_CPU flag for dumpxml,
	this gives user a rough idea of what features the CPU
	might have.

	After restoring a managedsave'd domain, the features
	might end up in the live status XML (in /var/run) without
	the model. This XML cannot be parsed by the daemon after
	restart and the domain might disappear.

	This fix skips formatting the features for HOST_PASSTHROUGH
	when UPDATE_CPU is not specified, so the newly restored domains
	and newly created snapshots won't be affected.

	Note: this doesn't fix existing snapshots or already restored
	running domains.

	https://bugzilla.redhat.com/show_bug.cgi?id=1030793
	https://bugzilla.redhat.com/show_bug.cgi?id=1151885

2014-12-11  Ján Tomko  <jtomko@redhat.com>

	Fix build on mingw
	Add missing ATTRIBUTE_UNUSED markers.

2014-12-11  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: Fix logic in monitor handling
	A logic bug in qemuConnectGetAllDomainStats makes the code mark the
	monitor as available when qemuDomainObjBeginJob fails, instead of when
	it succeeds, as the correct flow requires.

	This patch fixes the check and updates the code documentation
	accordingly.

	Broken by commit 57023c0a3af4af1c547189c1f6712ed5edeb0c0b.

2014-12-11  Luyao Huang  <lhuang@redhat.com>

	dac: Add a new func to get DAC label of a running process
	When using qemuProcessAttach to attach a qemu process,
	the DAC label is not filled correctly.

	Introduce a new function to get the uid:gid from the system
	and fill the label.

	This fixes the daemon crash when 'virsh screenshot' is called:
	https://bugzilla.redhat.com/show_bug.cgi?id=1161831

	It also fixes qemu-attach after the prerequisite of this patch
	(commit f8c1fb3) was pushed out of order.

2014-12-10  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	network: Bring netdevs online later
	Currently, MAC registration occurs during device creation, which is
	early enough that, during live migration, you end up with duplicate
	MAC addresses on still-running source and target devices, even though
	the target device isn't actually being used yet.
	This patch proposes to defer MAC registration until right before
	the guest can actually use the device -- In other words, right
	before starting guest CPUs.

2014-12-10  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Fix typo
	Commit id 'c9ffd3ea9e' updated the descriptions, but pointed at the
	wrong place for the pool-define-as (it should have been pool-create-as)

2014-12-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: give RW access to /proc/sys/net/ipv[46] to containers
	Some programs want to change some values for the network interfaces
	configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
	allows wicked to work on openSUSE 13.2+.

	Reusing the lxcNeedNetworkNamespace function to tell
	lxcContainerMountBasicFS if the netns is disabled. When no netns is
	set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as
	these would provide full access to the host NICs config.

2014-12-10  John Ferlan  <jferlan@redhat.com>

	viriscsi: Need to sendtargets on Initiator IQN
	https://bugzilla.redhat.com/show_bug.cgi?id=1172015

	The refactoring done as part of commit id '59446096' caused a regression
	for the multi initiator IQN commit '6aabcb5b' because the sendtargets was
	not done on/for the initiator IQN prior to login (or trying to disable
	autologin)

	Prior to that commit, the paths were essentially

	virStorageBackendISCSIStartPool
	    virStorageBackendISCSILogin
	        virStorageBackendISCSIConnection
	            if initiatoriqn
	                virStorageBackendCreateIfaceIQN
	                Issue sendtargets
	                Perform --login
	            else
	                Issue sendtargets
	                Perform --login

	After that commit:

	virStorageBackendISCSIStartPool
	    Issue sendtargets
	    Call virStorageBackendISCSIConnection
	        If initiatoriqn
	            virStorageBackendCreateIfaceIQN
	            Perform --login
	        else
	            Perform --login

	So for non initiator IQN paths, nothing changed. For the initiator path,
	the --login fails as does any attempts to change autologin via "--op update
	--name node.startup --value manual".

2014-12-10  John Ferlan  <jferlan@redhat.com>

	docs: Fix typo in path for storage pool

2014-12-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: Ignore device address for guestfwd channel
	It make no sense at all to have it there.

2014-12-10  Wang Rui  <moon.wangrui@huawei.com>

	maint: clean up the unused variable 'caps' in src/qemu/qemu_*.c

2014-12-10  Hao Liu  <hliu@redhat.com>

	docs: Fix missing curly braces

2014-12-10  Hao Liu  <hliu@redhat.com>

	storage: Check stderr when matching parted output
	In old version of parted like parted-2.1-25, error message is shown in
	stdout when printing a disk info without disk label.

	    Error: /dev/sda: unrecognised disk label

	This line has been moved to stderr in newer version of parted. So we
	should check both stdout and stderr when locating this message.

	This should fix bug:
	    https://bugzilla.redhat.com/show_bug.cgi?id=1172468

2014-12-10  Martin Kletzander  <mkletzan@redhat.com>

	CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats()
	When user doesn't have read access on one of the domains he requested,
	the for loop could exit abruptly or continue and override pointer which
	pointed to locked object.

	This patch fixed two issues at once.  One is that domflags might have
	had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this
	is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the
	job was acquired and cleaning domflags on every start of the loop.
	Second one is that the domain is kept locked when
	virConnectGetAllDomainStatsCheckACL() fails and continues the loop when
	it didn't end.  Adding a simple virObjectUnlock() and clearing the
	pointer ought to do.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: report proper error in Create/Destroy/Suspend e.t.c.
	If we want to perform some operation and domain state is not suitable
	for that operation, we should report error VIR_ERR_OPERATION_INVALID.

	parallels: fix getJobResultHelper
	When PrlJob_GetRetCode sets second argument to
	error value it means sdk function failed and we
	must return error from getJobResultHelper.

	parallels: return PRL_RESULT from waitJob and getJobResult
	Return error code, returned by parallels SDK from
	waitJob and getJobResult, so that caller can handle
	different errors.

	parallels: implement domainUndefine and domainUndefineFlags

	parallels: add cdroms support
	Get cdrom devices list from parallels server in
	prlsdkLoadDomains and add ability to define a domain
	with cdroms.

2014-12-09  Alexander Burluka  <aburluka@parallels.com>

	parallels: Add domainCreateWithFlags() function.
	domainCreateWithFlags function is used by OpenStack/Nova to boot
	an instance.

	parallels: added function virDomainIsActive()
	That function is necessary for proper domain removal
	in openstack/nova.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: refactor parallelsDomainDefineXML
	First, we don't need to call prlsdkApplyConfig after
	creating new VM or containers, because it's done in
	functions prlsdkCreateVm and prlsdkCreateCt.

	No need to check, if domain exists in the list after
	prlsdkAddDomain.

	Also organize code, so that we can call virObjectUnlock
	in one place.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create VMs and containers with sdk
	This patch replaces code, which creates domains by
	running prlctl command.

	prlsdkCreateVm/Ct will do prlsdkApplyConfig, because
	we send request to the server only once in this case.

	But prlsdkApplyConfig will be called also from
	parallelsDomainDefineXML function. There is no problem with
	it, parallelsDomainDefineXML will be refactored later.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: rewrite parallelsApplyConfig with SDK
	Rewrite code, which applies domain configuration given
	to virDomainDefineXML function to the VM of container
	registered in PCS.

	This code first check if there are unsupported parameters
	in domain XML and if yes - reports error. Some of such
	parameters are not supported by PCS, for some - it's not
	obvious, how to convert them into PCS's corresponding params,
	so let's put off it, and implement only basic params in
	this patch.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: reimplement functions, which change domain state
	Change domain state using parallels SDK functions instead of
	prlctl command.

	We don't need to send events from these functions now, becase
	events handler will send them. But we still need to update
	virDomainObj in privconn->domains.

2014-12-09  Alexander Burluka  <aburluka@parallels.com>

	parallels: handle events from parallels server
	Subscribe to events from parallels server. It's
	needed for 2 things: to update cached domains list
	and to send corresponding libvirt events.

	Parallels server sends a lot of different events, in
	this patch we handle only some of them. In the future
	we can handle for example, changes in a host network
	configuration or devices states.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: move parallelsDomNotFoundError to parallels_utils.h
	Move macro parallelsDomNotFoundError to file parallels_utils.h, because
	it will be used in parallels_sdk.c.

2014-12-09  Alexander Burluka  <aburluka@parallels.com>

	parallels: get domain info with SDK
	Obtain information about domains using parallels sdk instead of prlctl.
	prlsdkLoadDomains functions behaves as former parallelsLoadDomains with
	NULL as second parameter (name) - it fills parallelsConn.domains list.

	prlsdkLoadDomain is now able to update specified domain by given
	virDomainObjPtr.

2014-12-09  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: move IS_CT macro to parallels_utils.h
	This macro will be used in paralles_sdk.c so move it to common header.

2014-12-09  Guido Günther  <agx@sigxcpu.org>

	define NTF_{SELF,MASTER} if undefined
	Older kernel headers lack this definition (e.g. Debian Wheezy's 3.2)

2014-12-09  John Ferlan  <jferlan@redhat.com>

	security: Manage SELinux labels on shared/readonly hostdev's
	https://bugzilla.redhat.com/show_bug.cgi?id=1082521

	Support for shared hostdev's was added in a number of commits, initially
	starting with 'f2c1d9a80' and most recently commit id 'fd243fc4' to fix
	issues with the initial implementation.  Missed in all those changes was
	the need to mimic the virSELinux{Set|Restore}SecurityDiskLabel code to
	handle the "shared" (or shareable) and readonly options when Setting
	or Restoring the SELinux labels.

	This patch will adjust the virSecuritySELinuxSetSecuritySCSILabel to not
	use the virSecuritySELinuxSetSecurityHostdevLabelHelper in order to set
	the label. Rather follow what the Disk code does by setting the label
	differently based on whether shareable/readonly is set.  This patch will
	also modify the virSecuritySELinuxRestoreSecuritySCSILabel to follow
	the same logic as virSecuritySELinuxRestoreSecurityImageLabelInt and not
	restore the label if shared/readonly

2014-12-09  John Ferlan  <jferlan@redhat.com>

	tests: Fix sharable typo

2014-12-09  Luyao Huang  <lhuang@redhat.com>

	conf: forbid negative number in address(like controller, bus, slot...)
	https://bugzilla.redhat.com/show_bug.cgi?id=1171582

	When we edit a negative controller address number to a device,
	some of them will auto generate a controller with invalid index
	number. This will make guest disappear after restart libvirtd.
	Instead of allowing negative number for controller index, we
	should forbid negative number in these place (we did this before,
	but after f18c02ec, virStrToLong_ui changed to allow negative
	number). Therefore switch to virStrToLong_uip in these places.

2014-12-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Unlock vm on failed ACL check in protocol v2 APIs
	Avoid leaving the domain locked on a failed ACL check in
	qemuDomainMigratePerform() and qemuDomainMigrateFinish2().

	Introduced in commit abf75aea247e (Add ACL checks into the QEMU driver).

2014-12-09  Martin Kletzander  <mkletzan@redhat.com>

	docs: Fix simple typo s/ a API/ an API/

	build: Move check for XML::XPath into bootstrap
	The module XML::XPath is needed when building from git only (no need to
	have it when building from tarball), so this patch moves the check from
	specfile into bootstrap.conf.

2014-12-09  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Several portability changes, but the one we are most interested in
	is the improvement to bootstrap to detect perl modules.

	This patch doesn't actually change our bootstrap requirements
	(that will be a separate patch), but sets the stage for it.

	* .gnulib: Update to latest.
	* bootstrap: Regenerate from upstream.

2014-12-08  Eric Blake  <eblake@redhat.com>

	build: fix mingw printing of pid
	Commit c75425734 introduced a compilation failure:

	../../src/access/viraccessdriverpolkit.c: In function 'virAccessDriverPolkitCheck':
	../../src/access/viraccessdriverpolkit.c:137:5: error: format '%d' expects argument of type 'int', but argument 9 has type 'pid_t' [-Werror=format=]
	     VIR_DEBUG("Check action '%s' for process '%d' time %lld uid %d",
	     ^

	Since mingw pid_t is 64 bits, it's easier to just follow what we've
	done elsewhere and cast to a large enough type when printing pids.

	* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
	Add cast.

2014-12-08  Eric Blake  <eblake@redhat.com>

	build: fix unused variable in mingw
	Bug introduced in commit 100b7a72a:

	util/virnetdevbridge.c: In function 'virNetDevBridgePortSetLearning':
	util/virnetdevbridge.c:359:38: error: unused parameter 'enable' [-Werror=unused-parameter]
	                                bool enable)
	                                      ^

	* src/util/virnetdevbridge.c (virNetDevBridgePortSetLearning): Mark
	unused variable.

2014-12-08  Kyle DeFrancia  <kdef@linux.vnet.ibm.com>

	network: don't allow multiple dhcp sections
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=907779

	A <dhcp> element can exist in only one IPv4 address and one IPv6
	address per network.  This patch enforces that in virNetworkUpdate.

2014-12-08  Laine Stump  <laine@laine.org>

	lxc: always use virDomainNetGetActualBridgeName to get interface's bridge
	lxcProcessSetupInterfaces() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.

2014-12-08  Laine Stump  <laine@laine.org>

	qemu: always use virDomainNetGetActualBridgeName to get interface's bridge
	qemuNetworkIfaceConnect() used to have a special case for
	actualType='network' (a network with forward mode of route, nat, or
	isolated) to call the libvirt public API to retrieve the bridge being
	used by a network. That is no longer necessary - since all network
	types that use a bridge and tap device now get the bridge name stored
	in the ActualNetDef, we can just always use
	virDomainNetGetActualBridgeName() instead.

	(an audit of the two callers to qemuNetworkIfaceConnect() confirms
	that it is never called for any other type of network, so the dead
	code in the else statement (logging an internal error if it is called
	for any other type of network) is eliminated in the process.)

2014-12-08  Laine Stump  <laine@laine.org>

	qemu: setup tap devices for macTableManager='libvirt'
	When libvirt is managing the MAC table of a Linux host bridge, it must
	turn off learning and unicast_flood for each tap device attached to
	that bridge, then add a Forwarding Database (fdb) entry for the tap
	device using the MAC address from the domain interface config.

	Once we have disabled learning and flooding, any packet that has a
	destination MAC address not present in the fdb will be dropped by the
	bridge. This, along with the opportunistic disabling of promiscuous
	mode[*], can result in enhanced network performance. and a potential
	slight security improvement.

	[*] If there is only one device on the bridge with learning/unicast_flood
	enabled, then that device will automatically have promiscuous mode
	disabled. If there are *no* devices with learning/unicast_flood
	enabled (e.g. for a libvirt "route", "nat", or isolated network that
	has no physical device attached), then all non-tap devices will have
	promiscuous mode disabled (tap devices always have promiscuous mode
	enabled, which may be a bug in the kernel, but in practice has 0
	effect).

	None of this has any effect for kernels prior to 3.15 (upstream kernel
	commit 2796d0c648c940b4796f84384fbcfb0a2399db84 "bridge: Automatically
	manage port promiscuous mode"). Even after that, until kernel 3.17
	(upstream commit 5be5a2df40f005ea7fb7e280e87bbbcfcf1c2fc0 "bridge: Add
	filtering support for default_pvid") traffic will not be properly
	forwarded without manually adding vlan table entries. Unfortunately,
	although the presence of the first patch is signalled by existence of
	the "learning" and "unicast_flood" options in sysfs, there is no
	reliable way to query whether or not the system's kernel has the
	second of those patches installed, the only thing that can be done is
	to try the setting and see if traffic continues to pass.

2014-12-08  Laine Stump  <laine@laine.org>

	network: setup bridge devices for macTableManager='libvirt'
	When the bridge device for a network has macTableManager='libvirt' the
	intent is that all kernel management of the bridge's MAC table
	(Forwarding Database, or fdb, in the case of a Linux Host Bridge) be
	disabled, with libvirt handling updates to the table instead. The
	setup required for the bridge itself is:

	1) set the "vlan_filtering" property of the bridge device to 1.

	2) If the bridge has a "Dummy" tap device used to set a fixed MAC
	address on the bridge (which is always the case for a bridge created
	by libvirt, and never the case for a bridge created by the host system
	network config), turn off learning and unicast_flood on this tap (this
	is needed even though this tap is never IFF_UP, because the kernel
	ignores the IFF_UP flag of devices when using their settings to
	automatically decide whether or not to turn off promiscuous mode for
	any attached device).

	(1) is done both for libvirt-created/managed bridges, and for bridges
	that are created by the host system config, while (2) is done only for
	bridges created by libvirt (i.e. for forward modes of nat, routed, and
	isolated bridges)

	There is no attempt to turn vlan_filtering off when destroying the
	network because in the case of a libvirt-created bridge, the bridge is
	about to be destroyed anyway, and in the case of a system bridge, if
	the other devices attached to the bridge could operate properly before
	destroying libvirt's network object, they will continue to operate
	properly (this is similar to the way that libvirt will enable
	ip_forwarding whenever a routed/natted network is started, but will
	never attempt to disable it if they are stopped).

2014-12-08  Laine Stump  <laine@laine.org>

	network: store network macTableManager setting in NetDef actual object
	At the time that the network driver allocates a connection to a
	network, the tap device that will be used hasn't yet been created -
	that will be done later by qemu (or lxc or whoever) - but if the
	network has macTableManager='libvirt', then when we do get around to
	creating the tap device, we will need to add an entry for it to the
	network bridge's fdb (forwarding database) *and* turn off learning and
	unicast_flood for that tap device in the bridge's sysfs settings. This
	means that qemu needs to know both the bridge name as well as the
	setting of macTableManager, so we either need to create a new API to
	retrieve that info, or just pass it back in the ActualNetDef that is
	created during networkAllocateActualDevice. We choose the latter
	method, since it's already done for the bridge device, and it has the
	side effect of making the information available in domain status.

	(NB: in the future, I think that the tap device should actually be
	created by networkAllocateActualDevice(), as that will solve several
	other problems, but that is a battle for another day, and this
	information will still be useful outside the network driver)

2014-12-08  Laine Stump  <laine@laine.org>

	network: save bridge name in ActualNetDef when actualType==network too
	When the actualType of a virDomainNetDef is "network", it means that
	we are connecting to a libvirt-managed network (routed, natted, or
	isolated) which does use a bridge device (created by libvirt). In the
	past we have required drivers such as qemu to call the public API to
	retrieve the bridge name in this case (even though it is available in
	the NetDef's ActualNetDef if the actualType is "bridge" (i.e., an
	externally-created bridge that isn't managed by libvirt). There is no
	real reason for this difference, and as a matter of fact it
	complicates things for qemu. Also, there is another bridge-related
	attribute (macTableManager) that will need to be available in both
	cases, so this makes things consistent.

	In order to avoid problems when restarting libvirtd after an update
	from an older version that *doesn't* store the network's bridgename in
	the ActualNetDef, we also need to put it in place during
	networkNotifyActualDevice() (this function is run for each interface
	of each domain whenever libvirtd is restarted).

	Along with making the bridge name available in the internal object, it
	is also now reported in the <source> element of the <interface> state
	XML (or the <actual> subelement in the internally-stored format).

	The one oddity about this change is that usually there is a separate
	union for every different "type" in a higher level object (e.g. in the
	case of a virDomainNetDef there are separate "network" and "bridge"
	members of the union that pivots on the type), but in this case
	network and bridge types both have exactly the same attributes, so the
	"bridge" member is used for both type==network and type==bridge.

2014-12-08  Laine Stump  <laine@laine.org>

	conf: new network bridge device attribute macTableManager
	The macTableManager attribute of a network's bridge subelement tells
	libvirt how the bridge's MAC address table (used to determine the
	egress port for packets) is managed. In the default mode, "kernel",
	management is left to the kernel, which usually determines entries in
	part by turning on promiscuous mode on all ports of the bridge,
	flooding packets to all ports when the correct destination is unknown,
	and adding/removing entries to the fdb as it sees incoming traffic
	from particular MAC addresses.  In "libvirt" mode, libvirt turns off
	learning and flooding on all the bridge ports connected to guest
	domain interfaces, and adds/removes entries according to the MAC
	addresses in the domain interface configurations. A side effect of
	turning off learning and unicast_flood on the ports of a bridge is
	that (with Linux kernel 3.17 and newer), the kernel can automatically
	turn off promiscuous mode on one or more of the bridge's ports
	(usually only the one interface that is used to connect the bridge to
	the physical network). The result is better performance (because
	packets aren't being flooded to all ports, and can be dropped earlier
	when they are of no interest) and slightly better security (a guest
	can still send out packets with a spoofed source MAC address, but will
	only receive traffic intended for the guest interface's configured MAC
	address).

	The attribute looks like this in the configuration:

	  <network>
	    <name>test</name>
	    <bridge name='br0' macTableManager='libvirt'/>
	    ...

	This patch only adds the config knob, documentation, and test
	cases. The functionality behind this knob is added in later patches.

2014-12-08  Laine Stump  <laine@laine.org>

	util: functions to manage bridge fdb (forwarding database)
	These two functions use netlink RTM_NEWNEIGH and RTM_DELNEIGH messages
	to add and delete entries from a bridge's fdb. The bridge itself is
	not referenced in the arguments to the functions, only the name of the
	device that is attached to the bridge (since a device can only be
	attached to one bridge at a time, and must be attached for this
	function to make sense, the kernel easily infers which bridge's fdb is
	being modified by looking at the device name/index).

	util: new functions for setting bridge and bridge port attributes
	These functions all set/get items in the sysfs for a bridge device.

2014-12-08  Eric Blake  <eblake@redhat.com>

	getstats: add block.n.path stat
	I'm about to make block stats optionally more complex to cover
	backing chains, where block.count will no longer equal the number
	of <disks> for a domain.  For these reasons, it is nicer if the
	statistics output includes the source path (for local files).
	This patch doesn't add anything for network disks, although we
	may decide to add that later.

	With this patch, I now see the following for the same domain as
	in the previous patch (one qcow2 file, and an empty cdrom drive):
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.0.path=/var/lib/libvirt/images/foo.qcow2
	  block.1.name=hdc

	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	new field.
	* tools/virsh.pod (domstats): Document new field.
	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Return the new
	stat for local files/block devices.
	(QEMU_ADD_NAME_PARAM): Add parameter.
	(qemuDomainGetStatsInterface): Update caller.

2014-12-08  Eric Blake  <eblake@redhat.com>

	getstats: start giving offline block stats
	I noticed that for an offline domain, 'virsh domstats --block $dom'
	was producing just the domain name, with no stats.  But the older
	'virsh domblkinfo' works just fine on offline domains.  This patch
	starts to get us closer, by at least reporting the disk names for
	an offline domain.

	With this patch, I now see the following for an offline domain
	with one qcow2 disk and an empty cdrom drive:
	$ virsh domstats --block foo
	Domain: 'foo'
	  block.count=2
	  block.0.name=hda
	  block.1.name=hdc

	* src/qemu/qemu_driver.c (qemuDomainGetStatsBlock): Don't short-circuit
	output of block name.

2014-12-08  Eric Blake  <eblake@redhat.com>

	getstats: improve documentation
	At least with 'virsh domstats --block' on an offline domain, we
	currently output no stats even though we recognize the stat
	category.  Although a later patch will improve this situation,
	it is better to document that this is expected behavior.

	Also, while the current implementation rejects filtering flags
	for virDomainListGetStats, this limitation may be lifted in the
	future and we do not enforce it at the API level.

	* src/libvirt-domain.c (virConnectGetAllDomainStats): Document
	that recognized stats might not be reported.
	(virDomainListGetStats): Likewise, and tweak filtering documentation.

2014-12-08  Eric Blake  <eblake@redhat.com>

	getstats: avoid memory leak on OOM
	qemuDomainGetStatsBlock() could leak a stats hash table if it
	encountered OOM while populating the virTypedParameters.
	Oddly, the fix doesn't even touch qemuDomainGetStatsBlock :)

	* src/qemu/qemu_driver.c (QEMU_ADD_COUNT_PARAM)
	(QEMU_ADD_NAME_PARAM): Don't return early.
	(qemuDomainGetStatsInterface): Adjust caller.

2014-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Use gender-neutral pronoun in hacking.html.in
	Use 'they' instead of 'he'.

2014-12-08  Martin Kletzander  <mkletzan@redhat.com>

	rpc: Report proper close reason
	Whenever client socket was marked as closed for some reason, it could've
	been changed when really closing the connection.  With this patch the
	proper reason is kept since the first time it's marked as closed.

	virsh: Don't reconnect after the command when disconnected
	Each command that needs a connection causes a new connection to be
	made.  Reconnecting after a command failed is pointless, mainly when
	there is no other command to run.  Removeing three lines of code takes
	care of that and keeps virsh working as it should.

2014-12-08  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix printing/casting of uid_t/gid_t
	Other parts of libvirt use "%u" for formatting uid/gid and typecast to
	unsigned int. Storage driver used the signed variant.

2014-12-05  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: network: fix some trivial typos in docs/formatnetwork.html
	this patch fix some weird typos:
	   1. < hostdev>     => <hostdev>
	   2. < type>        => <type>
	   3. <virtualport > => <virtualport>
	   4. redundant comma
	   5. missing right-half bracket

2014-12-05  John Ferlan  <jferlan@redhat.com>

	virsh: Add adapter options for pool-{create|define}-as
	Add the optional adapter options for pool create/define.  Results in
	either:

	<adapter type='scsi_host' name='scsi_host2'/>

	or (on one line)

	<adapter type='fc_host' parent='scsi_host5'
	         wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>

	being generated.

2014-12-05  John Ferlan  <jferlan@redhat.com>

	virsh: Add auth options for pool-{create|define}-as
	Add 3 new optional options for the pool-create-as and pool-define-as
	command in order to define the 3 elements required in order to add
	an auth element, such as:

	<auth type='chap' username='myuser'>
	  <secret usage='libvirtiscsi'/>
	</auth>

2014-12-05  John Ferlan  <jferlan@redhat.com>

	virsh.pod: Fix the pool-define-as and pool-create-as description
	Properly format the options and provide meaningful descriptions for
	the various options.

2014-12-05  John Ferlan  <jferlan@redhat.com>

	docs: Fix a couple of typos on the storage pool html
	Fix format of the secret XML in the example. The XML had an extraneous
	"type='iscsi'" (which is used by the <disk> definitions)

	The world wide node name had a typo in the acronym (wwwn).

2014-12-05  Erik Skultety  <eskultet@redhat.com>

	util: check for an illegal character in a XML namespace prefix
	When user tries to insert element metadata providing a namespace
	declaration as well, currently we insert the element without any validation
	check for XML prefix (if provided). The next VM start would then
	fail with parse error. This patch fixes this issue by adding a call to
	xmlValidateNCName function to check for illegal characters in the
	prefix.
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143921

2014-12-05  Daniel P. Berrange  <berrange@redhat.com>

	Report original error when QMP probing fails with new QEMU
	If probing capabilities via QMP fails, we now have a check
	that prevents us falling back to -help parsing. Unfortunately
	the error message

	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   unsupported configuration: QEMU 2.1.2 is too new for help parsing"

	is proving rather unhelpful to the user. We need to be telling
	them why QMP failed (the root cause), rather than they can't
	use -help (the side effect).

	To do this we should capture stderr during QMP probing, and
	if -help parsing then sees a new QEMU version, we know that
	QMP should have worked, and so we can show the messages from
	stderr. The message thus becomes

	  "Failed to probe capabilities for /usr/bin/qemu-kvm:
	   internal error: QEMU / QMP failed: Could not access
	   KVM kernel module: No such file or directory
	   failed to initialize KVM: No such file or directory"

2014-12-05  Shanzhi Yu  <shyu@redhat.com>

	qemu: snapshot: Forbid internal snapshot with passthrough devices
	When attempting to create internal system checkpoint with a passthrough
	device qemu will report the following error:

	error: operation failed: Error -22 while writing VM

	This patch calls the function to check if migration is possible with
	given VM and thus improves the error to:

	error: Requested operation is not valid: domain has assigned non-USB host devices

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418#c19

2014-12-05  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Log uid/gid when initializing storage file backend
	To ease debugging permission problems add uid/gid values to the debug
	message when initializing a storage file backend.

2014-12-05  Michal Privoznik  <mprivozn@redhat.com>

	networkValidate: Disallow bandwidth in portgroups too
	https://bugzilla.redhat.com/show_bug.cgi?id=1115292

	In one of the previous commits (eafb53fe) we disallowed
	network-wide bandwidth to some network types. However, we
	forgot about <portgroups/> which can have <bandwidth/> too.

2014-12-04  Cole Robinson  <crobinso@redhat.com>

	docs: storage: fix rbd pool indentation

2014-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Avoid uninitialized use two vars when reconnecting to vm
	3ecebf07110ca8d3413072557f29137943e848e3 breaks the build as it adds a
	way to jump to cleanup before the 'cfg' object is retrieved and 'priv'
	is initialized.

2014-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of whitespae in preprocessor macros for API generator
	The apibuild.py script did not handle whitespace in preprocessor
	macros, so it failed to detect constants declared with '# define'
	instead of '#define'. Since we now correctly indent our public
	header files, we have silently lost all constants from
	libvirt-api.xml. This also caused us to not detect formatting
	errors in constant docs

2014-12-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refactor reconnecting to qemu processes
	Move entering the job into the thread to simplify the program flow. Also
	as the code holds a separate reference to the domain object some
	conditions can be simplified.

	After this patch qemuDomainObjTransferJob is no longer needed so this
	patch removes it.

2014-12-04  Ian Campbell  <ian.campbell@citrix.com>

	docs: Create html documentation even if XHTML1 DTD is not available to validate
	On a Debian system lacking the w3c-dtd-xhtml package the build fails
	with:

	        $ make -C docs/ formatcaps.html
	        make: Entering directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        Generating formatcaps.html.tmp
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        formatcaps.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        I/O error : Attempt to load network entity http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd
	        ../docs/sitemap.html.in:2: warning: failed to load external entity "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	        C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
	                                                                                       ^
	        missing XHTML1 DTD
	        rm formatcaps.html.tmp
	        make: Leaving directory '/local/scratch/ianc/devel/libvirt.git/docs'
	        $ ls docs/formatcaps*
	        docs/formatcaps.html.in

	https://www.redhat.com/archives/libvir-list/2009-November/msg00413.html
	suggests that the XHTML1 DTD should not be a hard requirement and the
	docs should be generated but not validated if it is not available.

	Therefore when the DTD is not available arrange for the .html.tmp file
	to be propagated to the .html output.

	Cc: Daniel Veillard <veillard@redhat.com>

2014-12-04  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix misplaced parenthesis in qemumonitorjsontest
	When trying clang, it found out that we were comparing sizeof with 0
	even though we wanted to check the return value of memcmp.  That showed
	us that the test was wrong and it needs a fix as well.

2014-12-04  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Automatically tear down guest domains on shutdown
	Reboot requires more sophistication and is left as a future work item --
	but at least part of the plumbing is in place.

2014-12-04  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix virsh freeze when blockcopy storage file is removed
	If someone removes blockcopy storage file when still in mirroring phase
	and then requesting blockjob abort using pivot, virsh cmd freezes. This
	is not an issue with older qemu versions which did not support
	asynchronous jobs (which we prefer by default).
	As we have reached the mirroring phase successfully, polling monitor for
	blockjob info always returns 1 and the loop never ends.
	This fix introduces a check for qemuDomainBlockPivot return code, possibly
	skipping the asynchronous waiting completely, if an error occurred and
	asynchronous waiting was the preferred method.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1139567

2014-12-03  John Ferlan  <jferlan@redhat.com>

	docs: More html/docs changes from libvirt.h.in split
	This changes the display from:

	libvirt-storage: APIs for management of storages

	to

	libvirt-storage: APIs for management of storage pools and volumes

	In making that change I expected my build tree html output to be
	regenerated; however, it wasn't because the dependency for the separated
	libvirt-storage.h wasn't there.  It was only present for libvirt.h.in

	So I added each in the order displayed on the docs/html/index.html page

2014-12-03  Pavel Hrdina  <phrdina@redhat.com>

	cpu: fix possible crash in getModels
	Commit 86a15a25 introduced a new cpu driver API 'getModels'. Public API
	allow you to pass NULL for models to get only number of existing models.
	However the new code will crash with segfault so we have to count with
	the possibility that the user wants only the number.

	There is also difference in order of the models gathered by this new API
	as the old approach was inserting the elements to the end of the array
	so we should use 'VIR_APPEND_ELEMENT'.

2014-12-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: driver: Reload snapshots and managedsaves prior to reconnecting
	Reconnect to the VM is a possibly long-running job spawned in a separate
	thread. We should reload the snapshot defs and managedsave state prior
	to spawning the thread to avoid blocking of the daemon startup which
	would serialize on the VM lock.

	Also the reloading code would violate the domain job held while
	reconnecting as the loader functions don't create jobs.

2014-12-03  Peter Krempa  <pkrempa@redhat.com>

	leaseshelper: Fix incorrect alignment of a switch case
	Introduced in ca6dbdd047d1ed691ccbae72556d85722a5f7a36

	leaseshelper: Skip entries missing expiry time on INIT action
	Coverity pointed out that in other places we always check the return
	value from virJSONValueObjectGetNumberLong() but not in the new addition
	in leaseshelper. To solve the issue and also be more robust in case
	somebody would corrupt the file, skip outputting of the lease entry in
	case the expiry time is missing.

2014-12-03  Luyao Huang  <lhuang@redhat.com>

	storage: fix crash caused by no check return before set close
	https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5

	When trying to use an invalid offset to virStorageVolUpload(), libvirt
	fails in virFDStreamOpenFileInternal(), although it seems libvirt does
	not check the return in storageVolUpload(), and calls
	virFDStreamSetInternalCloseCb() right after.  But stream doesn't have a
	privateData (is NULL) yet, and the daemon crashes then.

	0  0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
	1  0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
	2  0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
	3  0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
	4  0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
	5  0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
	6  remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
	7  0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437

2014-12-03  Shanzhi Yu  <shyu@redhat.com>

	virsh: vol-upload disallow negative offset
	Commit 570d0f63 describes disabling negative offset usage for
	vol-upload/download (e.g. cmdVolDownload and cmdVolUpload; however,
	the change was only made to cmdVolDownload. There was no change to
	cmdVolUpload.  This patch adds the same checks for vol-upload.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1087104

2014-12-03  Peter Krempa  <pkrempa@redhat.com>

	network: dnsmasq: Don't format lease file path
	Now that we don't use the leases file at all for leases just don't
	format it into the config and use the leaseshelper to do all the
	lifting.

	leaseshelper: Refactor control flow
	Untangle a few conditions into a case statement and improve reporting of
	invaid commands.

2014-12-03  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	leaseshelper: improvements to support all events
	This patch enables the helper program to detect event(s) triggered when
	there is a change in lease length or expiry and client-id. This
	transfers complete control of leases database to libvirt and obsoletes
	use of the lease database file (<network-name>.leases). That file will
	not be created, read, or written.  This is achieved by adding the option
	--leasefile-ro to dnsmasq and passing a custom env var to leaseshelper,
	which helps us map events related to leases with their corresponding
	network bridges, no matter what the event be.

	Also, this requires the addition of a new non-lease entry in our custom
	lease database: "server-duid". It is required to identify a DHCPv6
	server.

	Now that dnsmasq doesn't maintain its own leases database, it relies on
	our helper program to tell it about previous leases and server duid.
	Thus, this patch makes our leases program honor an extra action: "init",
	in which it sends the known info in a particular format to dnsmasq
	by printing it to stdout.

	The drawback of this change is that upgrade to this new approach does
	not transfer the existing leases for the network if the leaseshelper
	wasn't already used.

2014-12-02  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	cpu-driver: Fix the cross driver function call
	For Intel and PowerPC the implementation is calling a cpu driver
	function across driver layers (i.e. from qemu driver directly to cpu
	driver).
	The correct behavior is to use libvirt API functionality to perform such
	a inter-driver call.

	This patch introduces a new cpu driver API function getModels() to
	retrieve the cpu models. The currect implementation to process the
	cpu_map XML content is transferred to the INTEL and PowerPC cpu driver
	specific API functions.
	Additionally processing the cpu_map XML file is not safe due to the fact
	that the cpu map does not exist for all architectures. Therefore it is
	better to encapsulate the processing in the architecture specific cpu
	drivers.

	Reviewed-by: Boris Fiuczynski <fiuczy@linux.vnet.ibm.com>
	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2014-12-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Precreate missing storage
	Based on previous commit, we can now precreate missing volumes. While
	digging out the functionality from storage driver would be nicer, if
	you've seen the code it's nearly impossible. So I'm going from the
	other end:

	1) For given disk target, disk path is looked up.
	2) For the disk path, storage pool is looked up, a volume XML is
	constructed and then passed to virStorageVolCreateXML() which has all
	the knowledge how to create raw images, (encrypted) qcow(2) images,
	etc.

	One of the advantages of this approach is, we don't have to care about
	image conversion - qemu does that for us. So for instance, users can
	transform qcow2 into raw on migration (if the correct XML is passed to
	the migration API).

2014-12-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Send disk sizes to the other side
	Up 'til now, users need to precreate non-shared storage on migration
	themselves. This is not very friendly requirement and we should do
	something about it. In this patch, the migration cookie is extended,
	so that <nbd/> section does not only contain NBD port, but info on
	disks being migrated. This patch sends a list of pairs of:

	    <disk target; disk size>

	to the destination. The actual storage allocation is left for next
	commit.

2014-12-02  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorJSONBlockStatsUpdateCapacity: Don't skip disks
	The function queries the block devices visible to qemu
	('query-block') and parses the qemu's output. The info is
	returned in a hash table which is expected to be pre-filled by
	qemuMonitorJSONGetAllBlockStatsInfo(). However, in the next patch
	we are not going to call the latter function at all, so we should
	make the former function add devices into the hash table if not
	found there.

	storage: Introduce storagePoolLookupByTargetPath
	While this could be exposed as a public API, it's not done yet as
	there's no demand for that yet. Anyway, this is just preparing
	the environment for easier volume creation on the destination.

2014-12-02  John Ferlan  <jferlan@redhat.com>

	Replace virDomainSnapshotFree with virObjectUnref
	Since virDomainSnapshotFree will call virObjectUnref anyway, let's just use
	that directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virInterfaceFree with virObjectUnref
	Since virInterfaceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNWFilterFree with virObjectUnref
	Since virNWFilterFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virSecretFree with virObjectUnref
	Since virSecretFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStreamFree with virObjectUnref
	Since virStreamFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStoragePoolFree with virObjectUnref
	Since virStoragePoolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virStorageVolFree with virObjectUnref
	Since virStorageVolFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNodeDeviceFree with virObjectUnref
	Since virNodeDeviceFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virNetworkFree with virObjectUnref
	Since virNetworkFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	Replace virDomainFree with virObjectUnref
	Since virDomainFree will call virObjectUnref anyway, let's just use that
	directly so as to avoid the possibility that we inadvertently clear out
	a pending error message when using the public API.

	rpc: Replace virXXXFree with virObjectUnref
	Modify the various virXXXFree calls to only call virObjectUnref. Calling
	the public API will reset the last error thus clearing out a pending error.

2014-12-02  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix compilation of parallels_storage.c
	virConnect.privateData is void *, so we can't access
	fields of parallelsConn, pointer to which is stored in
	virConnect.privateData. So replace all occurences of
	conn->privateData->storageState with privconn->storageState.

2014-12-02  Ján Tomko  <jtomko@redhat.com>

	Generate a MAC when loading a config instead of package update
	Partially reverts commit 5754dbd.

	The code in the specfile adds a MAC address to every <bridge>,
	even for <forward mode='bridge'> for which we don't support
	changing MAC addresses.

	Remove it completely. For new networks, we have been adding
	MAC addresses on definition/creation since the commit mentioned above.
	For existing networks (pre-0.9.0), the MAC is added by this commit.

	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

2014-12-02  Ján Tomko  <jtomko@redhat.com>

	Silently ignore MAC in NetworkLoadConfig
	Libvirt's RPMs have been adding it to networks which don't support it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1156367

2014-12-02  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Move virDomainGetFSInfo to libvirt-domain.c
	Since our big split of libvirt.c there are only a few functions
	living there. The majority was moved to corresponding subfile,
	e.g. domain functions were moved to libvirt-domain.c. However,
	the patches for virDomainGetFSInfo() and virDomainFSInfoFree()
	introduction were posted prior the big split and merged after.
	This resulted in two domain functions landing in wrong file.
	Move them to the correct one.

2014-12-02  Pavel Hrdina  <phrdina@redhat.com>

	nwfilter: fix crash when adding non-existing nwfilter
	Adding non-existing nwfilter to a network interface device without any
	nwfilter specified will crash libvirt daemon with segfault. The reason is
	that the nwfilter is not found an libvirt will try to restore old
	nwfilter configuration but there is no nwfilter specified.

2014-12-02  Wang Rui  <moon.wangrui@huawei.com>

	conf: fix a comment typo in virDomainVideoDefaultRAM

2014-12-02  Laine Stump  <laine@laine.org>

	conf: replace call to virNetworkFree() with virObjectUnref()
	The function virNetworkObjListExport() in network_conf.c had a call to
	the public API virNetworkFree() which was causing a link error:

	CCLD     libvirt_driver_vbox_network_impl.la
	 ./.libs/libvirt_conf.a(libvirt_conf_la-network_conf.o): In function `virNetworkObjListExport':
	/home/laine/devel/libvirt/src/conf/network_conf.c:4496: undefined reference to `virNetworkFree'

	This would happen when I added

	  #include "network_conf.h"

	into domain_conf.h, then attempted to call a new function from that
	file (and enum converter, similar to virNetworkForwardTypeToString())

	In the end, virNetworkFree() ends up just calling virObjectUnref(obj)
	anyway (after clearing all pending errors, which we probably *don't*
	want to do in the cleanup of a utility function), so this is likely
	more correct than the original code as well.

2014-12-02  Martin Kletzander  <mkletzan@redhat.com>

	build, docs: Let make see the dependencies for html/*.html
	Make was not able to realize the dependencies for html/*.html files when
	running 'make -j9 dist'.  All the files are generated together with
	html/index.html, so simply separating them into another variable and
	adding one block into the dependency chain solves the issue.

	docs: Correct invalid hyperlinks
	Since libvirt.h was split into multiple files and similarly
	docs/libvirt-libvirt.html, docs/hvsupport.html have bad hyperlinks.  The
	same happens for all the html.in files that used <code class='docref'>
	tag, because page.xsl has no idea where to point the link that's found.

2014-12-01  Eduardo Costa  <eduardobmc@gmail.com>

	Fix race condition in qemuGetProcessInfo
	There is a race condition between the fopen and fscanf calls
	in qemuGetProcessInfo. If fopen succeeds, there is a small
	possibility that the file no longer exists before reading from it.
	Now, if either fopen or fscanf calls fail, the function will behave
	just as only fopen had failed.

	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1169055

2014-12-01  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Commit id 'cb88d433' refactored the calling sequence to use a thread;
	however, in doing so "lost" the check for if virNetSocketAccept returns
	failure.  Since other code makes that check, Coverity complains. Although
	a false positive, adding back the failure check pacifies Coverity

	domain_conf: Resolve Coverity CHECKED_RETURN
	Commit id '0d36a5d05' modified the code slightly, but removed the
	return value check thus causing Coverity to complain that this call
	was the only one where the return value wasn't checked. Since nothing
	was done previously if there was a failure, just use ignore_value here
	to pacify Coverity

	virhook: Resolve Coverity NULL_RETURNS
	Coverity complains that many other callers to return err from
	virGetLastError() will check if err is not NULL before dereferencing
	it.  Just do the same here for safety.

2014-12-01  John Ferlan  <jferlan@redhat.com>

	hotplug: Resolve Coverity FORWARD_NULL
	Coverity complained that because the cfg->macFilter call checked
	net->ifname != NULL before calling ebtablesRemoveForwardAllowIn, then
	the virNetDevOpenvswitchRemovePort call should have the same check.

	However, if I move the ebtables call prior to the check for TYPE_DIRECT
	(where there is a VIR_FREE(net->ifname)), then it seems Coverity is
	happy.  Since firewall info is tacked on last during setup, removing
	it in the opposite order of initialization seems to be natural anyway

2014-12-01  John Ferlan  <jferlan@redhat.com>

	storage: Add mixed fc_host/scsi_host duplicate adapter source checks
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180

	The virStoragePoolSourceFindDuplicate only checks the incoming definition
	against the same type of pool as the def; however, for "scsi_host" and
	"fc_host" adapter pools, it's possible that either some pool "scsi_host"
	adapter definition is already using the scsi_hostN that the "fc_host"
	adapter definition wants to use or some "fc_host" pool adapter definition
	is using a vHBA scsi_hostN or parent scsi_hostN that an incoming "scsi_host"
	definition is trying to use.

	This patch adds the mismatched type checks and adds extraneous comments
	to describe what each check is determining.

	This patch also modifies the documentation to be describe what scsi_hostN
	devices a "scsi_host" source adapter should use and which to avoid. It also
	updates the parent definition to specifically call out that for mixed
	environments it's better to define which parent to use so that the duplicate
	pool checks can be done properly.

2014-12-01  John Ferlan  <jferlan@redhat.com>

	storage: Move and rename getVhbaSCSIHostParent
	https://bugzilla.redhat.com/show_bug.cgi?id=1159180

	Move the API from the backend to storage_conf and rename it to
	virStoragePoolGetVhbaSCSIHostParent.  A future patch will need to
	use this functionality from storage_conf

2014-12-01  Martin Kletzander  <mkletzan@redhat.com>

	conf: Don't redefine virDomainTPMDefPtr

2014-12-01  Luyao Huang  <lhuang@redhat.com>

	qemu: Make pid available for security managers in qemuProcessAttach
	There are some small issue in qemuProcessAttach:

	1.Fix virSecurityManagerGetProcessLabel always get pid = 0,
	move 'vm->pid = pid' before call virSecurityManagerGetProcessLabel.

	2.Use virSecurityManagerGenLabel to get image label.

	3.Fix always set selinux label for other security driver label.

2014-12-01  Martin Kletzander  <mkletzan@redhat.com>

	conf: Add device-related code for panic devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

	conf: Add device-related code for TPM devices
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1169183

2014-12-01  Erik Skultety  <eskultet@redhat.com>

	qemu: fix block{commit,copy} abort handling
	When a block{commit,copy} job was aborted on a domain, block job handler
	did not process it correctly, leaving a phantom job in the background.
	Any further calls to any blockjob causes "block <jobtype> still active"
	error. This patch fixes the blockjob handler so that it checks not only
	for VIR_DOMAIN_BLOCK_JOB_FAILED status, but VIR_DOMAIN_BLOCK_JOB_CANCELED
	status as well, followed by our existing cleanup routine.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135169

2014-12-01  Wang Rui  <moon.wangrui@huawei.com>

	qemu: set jobinfo type to FAILED if job is failed in qemuMigrationRun
	If job is failed in qemuMigrationRun, we expect the jobinfo type as
	FAILED. But jobinfo type won't be updated until entering
	qemuMigrationWaitForCompletion. We should make it updated in all
	conditions. Moreover, we can't use qemuMigrationUpdateJobStatus
	here because job may fail in libvirt, so we can't query job status
	from QEMU.

	qemu: set jobinfo type to CANCELLED if migration is cancelled in all conditions
	The migration job status is traced in qemuMigrationUpdateJobStatus
	which is called in qemuMigrationRun. But if migration is cancelled
	before the trace such as in qemuMigrationDriveMirror, the jobinfo
	type won't be updated to CANCELLED. After this patch, we can get
	jobinfo type CANCELLED if migration is cancelled during drive
	mirror.  Moreover, we can't use qemuMigrationUpdateJobStatus
	because from qemu's point of view it's just the drive mirror being
	cancelled and the migration hasn't even started yet.

2014-11-30  Luyao Huang  <lhuang@redhat.com>

	docs: Fix missing slashes in XML examples
	When I pasted some XML from libvirt.org, I've found a small mistake.

2014-11-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't track quiesced state of FSs
	https://bugzilla.redhat.com/show_bug.cgi?id=1160084

	As of b6d4dad11b (1.2.5) we are trying to keep the status of FSFreeze
	in the guest. Even though I've tried to fixed couple of corner cases
	(6ea54769ba18), it occurred to me just recently, that the approach is
	broken by design. Firstly, there are many other ways to talk to
	qemu-ga (even through libvirt) that filesystems can be thawed (e.g.
	qemu-agent-command) without libvirt noticing. Moreover, there are
	plenty of ways to thaw filesystems without even qemu-ga noticing (yes,
	qemu-ga keeps internal track of FSFreeze status). So, instead of
	keeping the track ourselves, or asking qemu-ga for stale state, it's
	the best to let qemu-ga deal with that (and possibly let guest kernel
	propagate an error).

	Moreover, there's one bug with the following approach, if fsfreeze
	command failed, we've executed fsthaw subsequently. So issuing
	domfsfreeze in virsh gave the following result:

	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)

	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance

	virsh # domfsfreeze gentoo
	Froze 1 filesystem(s)

	virsh # domfsfreeze gentoo
	error: Unable to freeze filesystems
	error: internal error: unable to execute QEMU agent command 'guest-fsfreeze-freeze': The command guest-fsfreeze-freeze has been disabled for this instance

2014-11-28  Jiri Denemark  <jdenemar@redhat.com>

	Fix usage of virReportSystemError
	virReportSystemError is reserved for reporting system errors, calling it
	with VIR_ERR_* error codes produces error messages that do not make any
	sense, such as

	    internal error: guest failed to start: Kernel doesn't support user
	    namespace: Link has been severed

	We should prohibit wrong usage with a syntax-check rule.

2014-11-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix simple typo in TPM paragraph

2014-11-27  Martin Kletzander  <mkletzan@redhat.com>

	tests: fix documentation for mocking methods
	It looks like it was copy-pasted, so in case anyone wonders what some of
	those methods do without looking at them, and for the sake of
	completeness, fix them.

2014-11-27  Martin Kletzander  <mkletzan@redhat.com>

	Revert "ip link needs 'name' in 3.16 to create the veth pair"
	This reverts commit 433b427ff853ab72d32573d415e6ec569b77c7cb.

	The patch was added in order to overcome a bug in iproute2 and since it
	was properly identified as a bug, particularly in openSUSE 13.2, and it
	is being worked on [1], the best solution for libvirt seems to be to
	keep the old behaviour.

	[1] https://bugzilla.novell.com/show_bug.cgi?id=907093

2014-11-27  Jiri Denemark  <jdenemar@redhat.com>

	network: Fix upgrade from libvirt older than 1.2.4
	Starting from libvirt-1.2.4, network state XML files moved to another
	directory (see commit b9e95491) and libvirt automatically migrates the
	network state files to a new location. However, the code used
	dirent.d_type which is not supported by all filesystems. Thus, when
	libvirt was upgraded on a host which used such filesystem, network state
	XMLs were not properly moved and running networks disappeared from
	libvirt.

	This patch falls back to lstat() whenever dirent.d_type is DT_UNKNOWN to
	fix this issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=1167145

2014-11-26  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid calling closedir(NULL)

2014-11-25  Eric Blake  <eblake@redhat.com>

	virsh: document block.n.allocation stat
	Commit 7557ddf added some additional block.* stats to
	virDomainListGetStats, but failed to document them in 'man
	virsh'.  Also, I noticed some inconsistent use of commas.

	* tools/virsh.pod (domstats): Tweak commas, add missing stats.

2014-11-25  Eric Blake  <eblake@redhat.com>

	dbus: fix arrays of bools
	Commit 2aa167ca tried to fix the DBus interaction code to allow
	callers to use native types instead of 4-byte bools.  But in
	fixing the issue, I missed the case of an arrayref; Conrad Meyer
	shows the following valid complaint issued by clang:

	  CC       util/libvirt_util_la-virdbus.lo
	util/virdbus.c:956:13: error: cast from 'bool *' to 'dbus_bool_t *' (aka 'unsigned int *') increases required alignment from 1 to 4 [-Werror,-Wcast-align]
	            GET_NEXT_VAL(dbus_bool_t, bool_val, bool, "%d");
	            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	util/virdbus.c:858:17: note: expanded from macro 'GET_NEXT_VAL'
	            x = (dbustype *)(*xptrptr + (*narrayptr - 1));              \
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated.

	But fixing that points out that we have NEVER supported arrayrefs
	of sub-int types (byte, i16, u16, and now bool).  Again, while raw
	types promote, arrays do not; so the macros HAVE to deal with both
	size possibilities rather than assuming that an arrayref uses the
	same sizing as the promoted raw type.

	Obviously, our testsuite wasn't covering as much as it should have.

	* src/util/virdbus.c (GET_NEXT_VAL): Also fix array cases.
	(SET_NEXT_VAL): Fix uses of sub-int arrays.
	* tests/virdbustest.c (testMessageArray, testMessageArrayRef):
	Test it.

2014-11-25  Wang Rui  <moon.wangrui@huawei.com>

	qemu: add the missing jobinfo type in qemuDomainGetJobInfo
	Commit 6fcddfcd refactored job statistics but missed the jobinfo type updated
	in qemuDomainGetJobInfo. After this patch, we can use virDomainGetJobInfo to
	get jobinfo type again.

2014-11-25  John Ferlan  <jferlan@redhat.com>

	Resolve build breaker
	Commit 'c264eeaa' didn't do the prerequisite 'make syntax-check' before
	pushing. There was a <tab> in the whitespace for the comment.  Replaced
	with spaces and aligned.

	pushed as build breaker since Jenkins complained loudly

2014-11-25  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: don't unmount subtree if it contains the source of the mount
	The typical case where we had a problem is with such a filesystem
	definition as created by virt-sandbox-service:

	    <filesystem type='bind' accessmode='passthrough'>
	      <source dir='/var/lib/libvirt/filesystems/mysshd/var'/>
	      <target dir='/var'/>
	    </filesystem>

	In this case, we don't want to unmount the /var subtree or we may
	loose the access to the source folder.

2014-11-25  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: be more patient while resolving symlinks
	Resolving symlinks can fail before mounting any file system if one file
	system depends on another being mounted. Symlinks are now resolved in
	two passes:

	  * Before any file system is mounted, but then we are more gentle if
	    the source path can't be accessed
	  * Right before mounting a file system, so that we are sure that we
	    have the resolved path... but then if it can't be accessed we raise
	    an error.

2014-11-25  Cédric Bosdonnat  <cbosdonnat@suse.com>

	ip link needs 'name' in 3.16 to create the veth pair
	Due to a change (or bug?) in ip link implementation, the command
	    'ip link add vnet0...'
	is forced into
	    'ip link add name vnet0...'
	The changed command also works on older versions of iproute2, just the
	'name' parameter has been made mandatory.

	virt-aa-helper: /etc/libvirt-sandbox/services isn't restricted
	To get virt-sandbox-service working with AppArmor, virt-aa-helper
	needs not to choke on path in /etc/libvirt-sandbox/services.

	virt-aa-helper wasn't running virErrorInitialize
	This turns out to be working by magic but needs to be fixed.

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu-command: introduce new vgamem attribute for QXL video device
	Add attribute to set vgamem_mb parameter of QXL device for QEMU. This
	value sets the size of VGA framebuffer for QXL device. Default value in
	QEMU is 8MB so reuse it also in libvirt to not break things.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	qemu-command: use vram attribute for all video devices
	So far we didn't have any option to set video memory size for qemu video
	devices. There was only the vram (ram for QXL) attribute but it was valid
	only for the QXL video device.

	To provide this feature to users QEMU has a dedicated device attribute
	called 'vgamem_mb' to set the video memory size. We will use the 'vram'
	attribute for setting video memory size for other QEMU video devices.

	For the cirrus device we will ignore the vram value because it has
	hardcoded video size in QEMU.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	caps: introduce new QEMU capability for vgamem_mb device property
	Allow setting vgamem size for video devices.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	QXL: fix setting ram and vram values for QEMU QXL device
	QEMU has two different type of QXL display device. The first "qxl-vga"
	is for primary video device and second "qxl" is for secondary video
	device.

	There are also two different ways how to specify those devices on qemu
	command line, the first one and obsolete is using "-vga" option and the
	current new one is using "-device" option. The "-vga" could be used only
	to setup primary video device, so the "-vga qxl" equal to
	"-device qxl-vga". Unfortunately the "-vga qxl" doesn't support setting
	additional parameters for the device and "-global" option must be used
	for this purpose. It's mandatory to use "-global qxl-vga...." to set the
	parameters of primary video device previously defined with "-vga qxl".

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	video: cleanup usage of vram attribute and update documentation
	The vram attribute was introduced to set the video memory but it is
	usable only for few hypervisors excluding QEMU/KVM and the old XEN
	driver. Only in case of QEMU the vram was used for QXL.

	This patch updates the documentation to reflect current code in libvirt
	and also changes the cases when we will set the default vram attribute.
	It also fixes existing strange default value for VGA devices 9MB to 16MB
	because the video ram should be rounded to power of two.

	The change of default value could affect migrations but I found out that
	QEMU always round the video ram to power of two internally so it's safe
	to change the default value to the next closest power of two and also
	silently correct every domain XML definition. And it's also safe because
	we don't pass the value to QEMU.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1076098

2014-11-24  Pavel Hrdina  <phrdina@redhat.com>

	internal: add macro to round value to the next closest power of 2
	There are two special cases, if the input number is 0 or the number is
	larger then 2^31 (for 32bit unsigned int). For the special cases the
	return value is 0 because they cannot be rounded.

2014-11-24  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage_driver: fix a comment typo
	s/rereshed/refreshed

2014-11-24  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	virsh: expose virDomainGetFSInfo
	Add a "domfsinfo" command that shows a list of filesystems info mounted in
	the guest. For example:

	virsh # domfsinfo vm1
	Mountpoint                           Name     Type     Target
	-------------------------------------------------------------------
	/                                    sda1     ext4     hdc
	/opt                                 dm-2     vfat     vda,vdb
	/mnt/test                            sdb1     xfs      sda

2014-11-24  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: add test for qemuAgentGetFSInfo
	Add test cases for qemuAgentGetFSInfo, with a sample agent response for
	the qemu-get-fsinfo command and a configuration xml.

	qemu: Implement the qemu driver for virDomainGetFSInfo
	Get mounted filesystems list, which contains hardware info of disks and its
	controllers, from QEMU guest agent 2.2+. Then, convert the hardware info
	to corresponding device aliases for the disks.

	remote: Implement the remote protocol for virDomainGetFSInfo
	Add daemon and driver code to (de-)serialize virDomainFSInfo.

	Implement public API for virDomainGetFSInfo
	virDomainGetFSInfo returns a list of filesystems information mounted in the
	guest, which contains mountpoints, device names, filesystem types, and
	device aliases named by libvirt. This will be useful, for example, to
	specify mountpoints to fsfreeze when taking snapshot of a part of disks.

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Emit the guest agent lifecycle event
	Add code to emit the event on change of the channel state and reconnect
	to the qemu process.

	examples: Add support for the guest agent lifecycle event
	Add code to support the event in the object-event example.

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	event: Add guest agent lifecycle event
	As qemu is now able to notify us about change of the channel state used
	for communication with the guest agent we now can more precisely track
	the state of the guest agent.

	To allow notifying management apps this patch implements a new event
	that will be triggered on changes of the guest agent state.

2014-11-24  Jiri Denemark  <jdenemar@redhat.com>

	spec: Automatically apply all patches with git
	With this change, any patch declared in libvirt.spec with Patch[0-9]* is
	automatically applied in %prep. Unlike with the standard %patch[0-9]*,
	patches are applied with "git am" to avoid some unexpected results.
	However, as a result of this, all patches must be in the right format
	for "git am" to be able to apply them; they should ideally be generated
	from git using "git format-patch".

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Refresh virtio channel guest state when connecting to mon
	Use data provided by "query-chardev" to refresh the guest frontend state
	of virtio channels.

2014-11-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: chardev: Extract more information about character devices
	Improve the monitor function to also retrieve the guest state of
	character device (if provided) so that we can refresh the state of
	virtio-serial channels and perhaps react to changes in the state in
	future patches.

	This patch changes the returned data from qemuMonitorGetChardevInfo to
	return a structure containing the pty path and the state for all the
	character devices.

	The change to the testsuite makes sure that the data is parsed
	correctly.

2014-11-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: destroy domain in migration finish phase on failure
	This patch contains three domain cleanup improvements in the migration
	finish phase, ensuring a domain is properly disposed when a failure is
	detected or the migration is cancelled.

	The check for virDomainObjIsActive is moved to libxlDomainMigrationFinish,
	where cleanup can occur if migration failed and the domain is inactive.

	The 'cleanup' label was missplaced in libxlDomainMigrationFinish, causing
	a migrated domain to remain in the event of an error or cancelled migration.

	In cleanup, the domain was not removed from the driver's list of domains.

2014-11-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: start domain paused on migration dst
	During the perform phase of migration, the domain is started on
	the dst host in a running state if VIR_MIGRATE_PAUSED flag is not
	specified.  In the finish phase, the domain is also unpaused if
	VIR_MIGRATE_PAUSED flag is unset.  I've noticed this second unpause
	fails if the domain was already unpaused following the perform phase.

	This patch changes the perform phase to always start the domain
	paused, and defers unpausing, if requested, to the finish phase.
	Unpausing should occur in the finish phase anyhow, where the domain
	can be properly destroyed if the perform phase fails and migration
	is cancelled.

2014-11-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: acquire job in migration finish phase
	Moving data reception of the perform phase of migration to a
	thread introduces a race with the finish phase, where checking
	if the domain is active races with the thread finishing the
	perform phase.  The race is easily solved by acquiring a job in
	the finish phase, which must wait for the perform phase job to
	complete.

	While wrapping the finish phase in a job, noticed the virDomainObj
	was being unlocked in a callee - libxlDomainMigrationFinish.  Move
	the unlocking to libxlDomainMigrateFinish3Params, where the lock
	is acquired.

2014-11-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: Receive migration data in a thread
	The libxl driver receives migration data within an IO callback invoked
	by the event loop, effectively disabling the event loop while migration
	occurs.

	This patch moves receving of the migration data to a thread.  The
	incoming connection is still accepted in the IO callback, but control
	is immediately returned to the event loop after spawning the thread.

2014-11-21  Ian Campbell  <Ian.Campbell@citrix.com>

	libxl: Allow libxl to find pygrub binary.
	Specifying an explicit path to pygrub (e.g. BINDIR "/pygrub") only works if
	Xen and libvirt happen to be installed to the same prefix. A more flexible
	approach is to simply specify "pygrub" which will cause libxl to use the
	correct path which it knows (since it is built with the same prefix as pygrub).

	This is particular problematic in the Debian packaging, since the Debian Xen
	package relocates pygrub into a libexec dir, however I think this change makes
	sense upstream.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: rbd: Implement support for passing config file option
	To be able to express some use cases of the RBD backing with libvirt, we
	need to be able to specify a config file for the RBD client to qemu as
	that is one of the commonly used options.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: rbd: qemu: Add support for specifying internal RBD snapshots
	Some storage systems have internal support for snapshots. Libvirt should
	be able to select a correct snapshot when starting a VM.

	This patch adds a XML element to select a storage source snapshot for
	the RBD protocol which supports this feature.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: Allow parsing of RBD backing strings when building backing chain
	As we now have a common function to parse backing store string for RBD
	backing store we can reuse it in the backing store walker so that we
	don't fail on files backed by RBD storage.

	This patch also adds a few tests to verify that the parsing works as
	expected.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Split out parsing of NBD string into a separate func
	Split out the code so that the function looks homogenous after adding
	more protocol specific parsers.

	util: split out qemuParseRBDString into a common helper
	To allow reuse this non-trivial parser code in the backing store parser
	this part of the command line parser needs to be split out into a
	separate funciton.

	tests: Reflow the expected output from RBD disk test
	Addition of tested cases to the test will be more obvious.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuBuildNetworkDriveURI to take a virStorageSourcePtr
	Instead of splitting out various fields, pass the complete structure and
	let the function pick various things of it.

	As one of the callers isn't using virStorageSourcePtr to store the data,
	this patch adds glue code that fills the data into a dummy
	virStorageSourcePtr before calling the func.

	This change will help when adding new fields that need output processing
	in the future.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Copy hosts of a storage file only if they exist
	If there are no hosts for a storage source virStorageSourceCopy and
	virStorageSourceNewFromBackingRelative would try to copy them anyways.
	As the success of virStorageNetHostDefCopy is determined by returning
	a pointer and malloc of 0 elements might return NULL according to the
	implementation, the result of the copy function may vary.

	Fix this by copying the hosts array only if there are hosts defined.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add notice for extension of struct virStorageSource
	As we now have a deep copy function for struct virStorageSource add a
	notice that extensions of the structure require also appropriate changes
	to the virStorageSourceCopy func.

	util: buffer: Clarify scope of the escape operation in virBufferEscape
	The escaping is applied only to the string, not the format argument.
	State this fact in the docs.

	test: virstoragetest: Add testing of network disk details
	To be able to fully test parsing of networked storage strings we need to
	add a few fields for: hostname, protocol and auth string.

	docs: domain: Move docs for storage hosts under the <source> element
	The docs describing the <host> element that are under the <source>
	element in the XML document were incorrectly placed under the <disk>
	element. Move them to the correct place.

2014-11-21  Martin Kletzander  <mkletzan@redhat.com>

	virsh: sync domdisplay help and manual

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add handling for VSERPORT_CHANGE event
	New qemu added a new event that is emitted when a virtio serial channel
	is opened in the guest OS. This allows us to update the state of the
	port in the output-only XML element.

	This patch implements the monitor callbacks and necessary handlers to
	update the state in the definition.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	conf: Add channel state for virtio channels to the XML
	To track state of virtio channels this patch adds a new output-only
	attribute called 'state' to the <target> element of virtio channels.

	This will be later populated with the guest state of the channel.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Rename and improve qemuMonitorGetPtyPaths
	To unify future additions that require information from "query-chardev"
	rename qemuMonitorGetPtyPaths and friends to qemuMonitorGetChardevInfo
	and move the allocation of the returned hash into the top level
	function.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	test: xml2xml: Print full filenames if xml2xml test fails
	To simplify looking for a problem instrument the XML comparator function
	with possibility to print the filename of the failed/expected XML
	output.

	This is necessary as the VIR_TEST_DIFFERENT macro possibly tests two XML
	files for the inactive/active state and the resulting error may not be
	obvious.

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	conf: Annotate source enums for character device struct members
	Add a comment to track which values may be present in certain members of
	a struct _virDomainChrDef.

	qemu: process: report useful error if alias formatting fails
	When retrieving the paths for PTY devices the alias gets formatted into
	a static string. If it doesn't fit we wouldn't report an error.

2014-11-21  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	docs: fix a typo in formatdomain.html

2014-11-21  Peter Krempa  <pkrempa@redhat.com>

	storage: qemu: Fix security labelling of new image chain elements
	When creating a disk image snapshot the libvirt code would blindly copy
	the parents label to the newly created image. This runs into problems
	when you start a VM from an image hosted on NFS (or other storage system
	that doesn't support selinux labels) and the snapshot destination is on
	a storage system that does support selinux labels. Libvirt's code in
	that case generates a different security label for the image hosted on
	NFS. This label is valid only for NFS images and doesn't allow access in
	case of a locally stored image.

	To fix this issue libvirt needs to refrain from copying security
	information in cases where the default domain seclabel is a better
	choice.

	This patch repurposes the now unused @force argument of
	virStorageSourceInitChainElement to denote whether a copy of the
	security labelling stuff should be attempted or not. This allows to
	fine-control the copy operation for cases where we need to keep the
	label of the old disk vs. the cases where we need to keep the label
	unset to use the default domain imagelabel.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1151718

2014-11-20  Eric Blake  <eblake@redhat.com>

	build: fix build when not using dbus
	Commit c0e7022 breaks on a machine that lacks dbus headers:

	In file included from util/virdbus.c:24:0:
	util/virdbuspriv.h:31:3: error: unknown type name 'dbus_int16_t'

	* src/util/virdbuspriv.h (DBusBasicValue): Only provide fallback
	when dbus is compiled.

2014-11-20  Eric Blake  <eblake@redhat.com>

	build: avoid 32-bit failure on older gcc
	On 32-bit platforms with old gcc (hello RHEL 5 gcc 4.1.2), the
	build fails with:
	virsh-domain.c: In function 'cmdBlockCopy':
	virsh-domain.c:2172: warning: comparison is always false due to limited range of data type

	Adjust the code to silence the warning.

	* tools/virsh-domain.c (cmdBlockCopy): Pacify RHEL 5 gcc.

2014-11-20  John Ferlan  <jferlan@redhat.com>

	storage: Add thread to refresh for createVport
	https://bugzilla.redhat.com/show_bug.cgi?id=1152382

	When libvirt create's the vport (VPORT_CREATE) for the vHBA, there isn't
	enough "time" between the creation and the running of the following
	backend->refreshPool after a backend->startPool in order to find the LU's.
	Population of LU's happens asynchronously when udevEventHandleCallback
	discovers the "new" vHBA port.  Creation of the infrastructure by udev
	is an iterative process creating and discovering actual storage devices and
	adjusting the environment.

	Because of the time it takes to discover and set things up, the backend
	refreshPool call done after the startPool call will generally fail to
	find any devices. This leaves the newly started pool appear empty when
	querying via 'vol-list' after startup. The "workaround" has always been
	to run pool-refresh after startup (or any time thereafter) in order to
	find the LU's. Depending on how quickly run after startup, this too may
	not find any LUs in the pool. Eventually though given enough time and
	retries it will find something if LU's exist for the vHBA.

	This patch adds a thread to be executed after the VPORT_CREATE which will
	attempt to find the LU's without requiring the external run of refresh-pool.
	It does this by waiting for 5 seconds and searching for the LU's. If any
	are found, then the thread completes; otherwise, it will retry once more
	in another 5 seconds.  If none are found in that second pass, the thread
	gives up.

	Things learned while investigating this... No need to try and fill the
	pool too quickly or too many times. Over the course of creation, the udev
	code may 'add', 'change', and 'delete' the same device. So if the refresh
	code runs and finds something, it may display it only to have a subsequent
	refresh appear to "lose" the device. The udev processing doesn't seem to
	have a way to indicate that it's all done with the creation processing of a
	newly found vHBA. Only the Lone Ranger has silver bullets to fix everything.

2014-11-20  John Ferlan  <jferlan@redhat.com>

	storage: Fix issue finding LU's when block doesn't exist
	Fix a problem in the getBlockDevice and processLU where retval initialized
	to zero causing some failures to erroneously continue through to the
	virStorageBackendSCSINewLun with an attempt to find a path for "/dev/(null)".
	This would fail approximately 10 seconds later with debug message:

	virStorageBackendSCSINewLun:203 :
	     No stable path found for '/dev/(null)' in '/dev/disk/by-path'

	The root cause of the issue is for many /sys/bus/scsi/devices/<lun path>
	there is no "block*" device found for the vHBA's, where "<lun path>" are
	the various paths created for the vHBA, such as "17:0:0:0", "17:0:1:0",
	"17:0:2:0", "17:0:3:0", etc.  If the block device isn't found, then the
	directory should just be ignored rather than attempting to process it.

	The bug was that in getBlockDevice the assumption was "block" would exist
	and either getNewStyleBlockDevice or getOldStyleBlockDevice would fill in
	@block_device. However, if 'block*' doesn't exist, then the code returned
	NULL for block_device *and* a good (zero) retval value.  This caused the
	processLU code to attempt the virStorageBackendSCSINewLun which failed
	"at some point in time" in the future.

	After this change - on test system the refresh-pool didn't have a noticable
	pause of about 20 seconds - it completed within a second since no longer
	was there an attempt/need to find "/dev/(null)".

	Additionally, the virStorageBackendSCSIFindLU's shouldn't be declaring
	found unless the processLU actually returns success. This will be
	important in the followup patch which relies on whether a LU was found.

2014-11-20  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	docs: Remove references to unused libvirt-libvirt.html
	The libvirt-libvirt.html file is no longer generated so
	should not be referenced by the Makefile.am

2014-11-20  Eric Blake  <eblake@redhat.com>

	build: fix build with older dbus headers
	Compilation on a RHEL 5 host failed, due to the older dbus headers
	present on that machine, and triggered by commit 2aa167ca:

	util/virdbus.c: In function 'virDBusMessageIterDecode':
	util/virdbus.c:952: error: 'DBusBasicValue' undeclared (first use in this function)

	* m4/virt-dbus.m4 (LIBVIRT_CHECK_DBUS): Check for DBusBasicValue.
	* src/util/virdbuspriv.h (DBusBasicValue): Provide fallback.

2014-11-20  Giuseppe Scrivano  <gscrivan@redhat.com>

	rpc: do not fail if the pid of the connecting process is not set
	getsockopt(sock->fd, SOL_SOCKET, SO_PEERCRED, ...) sets the pid to 0
	when the process that opens the connection is in another container.

2014-11-20  Eric Blake  <eblake@redhat.com>

	util: don't log failure when older iptables lacks -w
	Commit dc33e6e4 caused older platforms like Fedora 20 to emit
	scary log messages at startup:

	2014-11-19 23:12:58.800+0000: 28906: error : virCommandWait:2532 : internal error: Child process (/usr/sbin/iptables -w -L -n) unexpected exit status 2: iptables v1.4.19.1: unknown option "-w"
	Try `iptables -h' or 'iptables --help' for more information.

	Since we are probing and expect to handle the case where -w is not
	supported, we should not let virCommand log it as an error.

	* src/util/virfirewall.c (virFirewallCheckUpdateLock): Handle
	non-zero status ourselves.

2014-11-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Really fix crash in tunnelled migration
	Oops, I forgot to squash one more instance of the same check in the
	previous commit (v1.2.10-144-g52691f9).

	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-20  Erik Skultety  <eskultet@redhat.com>

	virsh: Fix msg: blockjob is aborted from another client
	When a block{pull, copy, commit} is aborted via keyboard interrupt,
	the job is properly canceled followed by proper error message.
	However, when the job receives an abort from another client connected
	to the same domain, the error message incorrectly indicates that
	a blockjob has been finished successfully, though the abort request
	took effect. This patch introduces a new blockjob abort handler, which
	is registered when the client calls block{copy,commit,pull} routine,
	providing its caller the status of the finished blockjob.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135442

2014-11-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix crash in tunnelled migration
	Any attempt to start a tunnelled migration with libvirtd that supports
	RDMA migration (specifically commit v1.2.8-226-ged22a47) crashes
	libvirtd on the destination host.

	The crash is inevitable because qemuMigrationPrepareAny is always called
	with NULL protocol in case of tunnelled migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147331

2014-11-19  Eric Blake  <eblake@redhat.com>

	maint: use portable shell
	Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1165827;
	dash complains:

	checking for pkcheck... /usr/bin/pkcheck
	checking whether pkcheck supports uid value... yes
	./configure: 63906: test: xno: unexpected operator
	checking for dtrace... no

	* configure.ac: Use '=' not '==' in test.

2014-11-19  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Drop OVMF whitelist
	As discussed on the upstream list, it's better not to make this
	kind of predictions in libvirt. It may happen that qemu learns
	how to enable OVMF on other architectures too and we shouldn't
	try to chase that.

	qemu: Support OVMF on armv7l aarch64 guests
	Currently, we are whitelisting architectures, that we know how to run
	OVMF on. So far, only x86_64 was enabled. However, looking at qemu
	code, the same commandline can be used to enable OVMF for armv7l and
	aarch64.

2014-11-19  Eric Blake  <eblake@redhat.com>

	maint: forbid 'int foo = true'
	I noticed this while working on qemuDomainGetBlockInfo.  Assigning
	a bool value to an int variable compiles fine, but raises red flags
	on the maintenance front as it becomes too easy to assign -1 or 2
	or any other non-bool value to the same variable.

	* cfg.mk (sc_prohibit_int_assign_bool): New rule.
	* src/conf/snapshot_conf.c (virDomainSnapshotRedefinePrep): Fix
	offenders.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo)
	(qemuDomainSnapshotCreateXML): Likewise.
	* src/test/test_driver.c (testDomainSnapshotAlignDisks):
	Likewise.
	* src/util/vircgroup.c (virCgroupSupportsCpuBW): Likewise.
	* src/util/virpci.c (virPCIDeviceBindToStub): Likewise.
	* src/util/virutil.c (virIsCapableVport): Likewise.
	* tools/virsh-domain-monitor.c (cmdDomMemStat): Likewise.
	* tools/virsh-domain.c (cmdBlockResize, cmdScreenshot)
	(cmdInjectNMI, cmdSendKey, cmdSendProcessSignal)
	(cmdDetachInterface): Likewise.

2014-11-19  Eric Blake  <eblake@redhat.com>

	virdbus: don't force users to pass int for bool values
	Use of an 'int' to represent a 'bool' value is confusing.  Just
	because dbus made the mistake of cementing their 4-byte wire
	format of dbus_bool_t into their API doesn't mean we have to
	repeat the mistake.  With a little bit of finesse, we can
	guarantee that we provide a large-enough value to the DBus
	code, while still copying only the relevant one-byte bool
	to the client code, and isolate the rest of our code base from
	the DBus stupidity.

	* src/util/virdbus.c (GET_NEXT_VAL): Add parameter.
	(virDBusMessageIterDecode): Adjust all clients.
	* src/util/virpolkit.c (virPolkitCheckAuth): Use nicer type.
	* tests/virdbustest.c (testMessageSimple, testMessageStruct):
	Test new behavior.

2014-11-19  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	storage: wrap storage_driver.c to 80 columns

2014-11-19  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox: fix a bug in _machineStateInactive
	This function returned non-inactive domains instead of active
	domains.  This broke virConnectNumOfDefinedDomains() and
	virConnectListDefinedDomains() functions.

2014-11-19  Anirban Chakraborty  <abchak@juniper.net>

	network: Add network bandwidth support to ethernet interfaces
	Ethernet interfaces in libvirt currently do not support bandwidth setting.
	For example, following xml file for an interface will not apply these
	settings to corresponding qdiscs.

	    <interface type="ethernet">
	      <mac address="02:36:1d:18:2a:e4"/>
	      <model type="virtio"/>
	      <script path=""/>
	      <target dev="tap361d182a-e4"/>
	      <bandwidth>
	        <inbound average="984" peak="1024" burst="64"/>
	        <outbound average="2000" peak="2048" burst="128"/>
	      </bandwidth>
	    </interface>

2014-11-19  Michal Privoznik  <mprivozn@redhat.com>

	docs: Document NVRAM behavior on transient domains
	Since 1.2.8 it's possible to use OVMF on domains. Moreover, it's
	possible to have libvirt create NVRAM file per domain. Later,
	when domain is undefined, the file is removed too. However,
	things are a bit complicated when domain's transient. There's no
	undefine to transient domains. There are two options: 1) leave
	the file behind and let mgmt app remove it. 2) remove it
	automatically as domain dies.
	But, in some scenarios mgmt app may want to preserve the file,
	copy it somewhere safe, and then copy it back when the domain is
	starting again. And this wouldn't be possible with case 2). So,
	even though case 1) leaves some files behind (possibly undeleted
	for a long time), the files themselves are small (128K each). And
	data loss is worse than full disk, isn't it?

2014-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove left over debug in hvsupport.pl script

2014-11-15  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity UNINIT
	For some reason, commit id '72b4151f' triggered a Coverity uninitialized
	'reply' variable check when referenced within the for loop.

	It seems Coverity doesn't know that flags will have to be either AFFECT_LIVE
	or AFFECT_CONFIG after the virDomainLiveConfigHelperMethod call.

	By adding a "sa_assert()" to confirm that fact, Coverity is happy again.

2014-11-14  Luyao Huang  <lhuang@redhat.com>

	qemu: Fix get blkiodevtune for a disk that has been hot unplugged
	https://bugzilla.redhat.com/show_bug.cgi?id=1164080

	After a disk is hotunplugged a subsequent call to qemuDomainGetBlockIoTune
	to get the --config settings of that disk will fail because the disk is no
	longer found by qemuDiskPathToAlias causing an unexpected failure.

	Since only the --live flag needs to have the disk device pointer, move the
	fetch inside the (flags & VIR_DOMAIN_AFFECT_LIVE) condition. This will also
	affect the results if no flags are provided or the --current flag is provided.

2014-11-14  John Ferlan  <jferlan@redhat.com>

	qemu: Add tests for new blkdeviotune arguments
	The recent commit to add support for block_set_io_throttle parameters
	from version 1.7 of qemu did not add any tests - this adds the tests

2014-11-14  John Ferlan  <jferlan@redhat.com>

	qemu: Add checks for blkdeviotune 'size_iops_sec' and adjust error
	Seems the 'size_iops_sec' was a late add and the checks for whether
	the field was defined, but unsupported and the maximum size of the
	field were not being made.

	Also, adjust blkdeviotune support error message for grammar, spelling
	(paramater), and remove the "(need QEMU 1.7 or superior)".  None of
	our other similar error messages list which QEMU version is required.

2014-11-14  Martin Kletzander  <mkletzan@redhat.com>

	bracket-spacing: Add syntax-check for unnecessary curly brackets
	We're looking for three consecutive lines, first one is a if/for/while
	with a condition and start of body, second one is a body with one and
	only semicolon and third is end of the body by itself.

	bracket-spacing-check: Print out more specific error message

	bracket-spacing: Remove pointless cycles
	Change while () { smth; last; } to if () { smth; } as 'last' in perl is
	analogous to 'break' in C.  These are probably copy-paste leftovers from
	creating new syntax-check rules.

	bracket-spacing: Don't modify current line
	In bracket-spacing.pl, the current $line is being modified in $data.
	That, however, spoils that $data for another check.  Introduce new
	$tmpdata variable that can be used for temporary modifications.  The
	difference between $data and $line is that $data are as much cleaned as
	possible from non-code blocks and these changes must be kept.

	docs: Adjust contributor guidelines about curly brackets
	After recent discussion it looks like curly brackets around one-line
	bodies are preferred if the preceding condition is, itself, multiline.

	Remove unnecessary curly brackets in tests/

	Remove unnecessary curly brackets in tools/

	Remove unnecessary curly brackets in rest of src/

	Remove unnecessary curly brackets in rest of src/[o-u]*/

	Remove unnecessary curly brackets in rest of src/[a-n]*/

	Remove unnecessary curly brackets in src/vbox/

	Remove unnecessary curly brackets in src/util/

	Remove unnecessary curly brackets in src/test/test_driver.c

	Remove unnecessary curly brackets in src/storage/

	Remove unnecessary curly brackets in src/qemu/

	Remove unnecessary curly brackets in src/node_device/

	Remove unnecessary curly brackets in src/hyperv/

	Remove unnecessary curly brackets in src/conf/

	Remove unnecessary curly brackets in src/vmx/vmx.c

	Remove unnecessary curly brackets in rest of src/esx/

	Remove unnecessary curly brackets in src/esx/esx_driver.c

	Remove unnecessary curly brackets in daemon/ and examples/

	virsh: Convert EDIT_NOT_CHANGED macro to do-while block.
	This macro is being used as an inline body after an if and might get
	pretty confusing.

	virt-aa-helper: Trick invalid syntax-check
	Rule sc_prohibit_newline_at_end_of_diagnostic for syntax-check does
	check for passing strings ending with '\n' two lines after known
	functions.  This is, of course subject to false positives, so for the
	sake of future changes, trick that syntax-check by adding one more line
	with a comment.

2014-11-14  Daniel P. Berrange  <berrange@redhat.com>

	Re-add use of locking with iptables/ip6tables/ebtables
	A previous commit introduced use of locking with invocation
	of iptables in the viriptables.c module

	  commit ba95426d6f39aec1da6e069dd7222f7a8c6a5862
	  Author: Serge Hallyn <serge.hallyn@ubuntu.com>
	  Date:   Fri Nov 1 12:36:59 2013 -0500

	    util: use -w flag when calling iptables

	This only ever had effect with the virtual network driver,
	as it was not wired up into the nwfilter driver. Unfortunately
	in the firewall refactoring the use of the -w flag was
	accidentally lost.

	This patch introduces it to the virfirewall.c module so that
	both the virtual network and nwfilter drivers will be using
	it. It also ensures that the equivalent --concurrent flag
	to ebtables is used.

2014-11-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't try to parse -help for new QEMU
	Since QEMU 1.2.0, we switched to QMP probing instead of parsing -help
	(and other commands, such as -cpu ?) output. However, if QMP probing
	failed, we still tried starting QEMU with various options and parsing
	the output, which was guaranteed to fail because the output changed.
	Let's just refuse parsing -help for QEMU >= 1.2.0.

	https://bugzilla.redhat.com/show_bug.cgi?id=1160318

2014-11-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always set migration capabilities
	We used to set migration capabilities only when a user asked for them in
	flags. This is fine when migration succeeds since the QEMU process is
	killed in the end but in case migration fails or if it's cancelled, some
	capabilities may remain turned on with no way to turn them off. To fix
	that, migration capabilities have to be turned on if requested but
	explicitly turned off in case they were not requested but QEMU supports
	them.

	https://bugzilla.redhat.com/show_bug.cgi?id=1163953

2014-11-13  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Error out if VSH_OT_STRING option has VSH_OFLAG_REQ flag
	Recent commit 12bd207e217f3c5dc2272a5ea943b81067bd8034 fixed few
	VSH_OT_STRING options that should've been VSH_OT_DATA.  That lead me to
	this commit that enforces people to check that newly added options have
	proper type.  Thanks to virsh erroring out with error message, this will
	immediately show up in 'make check' thanks to our virsh-synopsis test.

2014-11-13  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Enforce proper ordering of options
	Even though vshCmddefOptParse() tried returning -1 if there was an
	optional option specification that preceded a required one, it failed to
	check that for boolean type options and options with VSH_OFLAG_REQ_OPT
	flag set.  On the other hand, it makes sense that VSH_OT_ARGV is
	specified at the end of the option list.

	Returning -1 enforces the proper ordering thanks to virsh-synopsis test
	in 'make check'.

2014-11-13  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Reorder some options
	According to comments in parsing functions, optional options should be
	specified *after* required ones.  It makes sense and help output looks
	cleaner.  The only exceptions are options with type == VSH_OT_ARGV.

2014-11-13  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Use boot-order for grub-bhyve boot device
	Rather than just picking the first CD (or failing that, HDD) we come
	across, if the user has picked a boot device ordering with <boot
	order=''>, respect that (and just try to boot the lowest-index device).

	Adds two sets of tests to bhyve2xmlargv; 'grub-bootorder' shows that we
	pick a user-specified device over the first device in the domain;
	'grub-bootorder2' shows that we pick the first (lowest index) device.

2014-11-13  Erik Skultety  <eskultet@redhat.com>

	lxc: fix setmem effect on a running LXC machine
	When user calls setmem on a running LXC machine, we do update its cgroup
	entry, however we neither update domain's runtime XML nor
	we update our internal structures and this patch fixes it.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131919

2014-11-13  Conrad Meyer  <cse.cem@gmail.com>

	drvbhyve: Clean-up some used ATTRIBUTE_UNUSEDs.

2014-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix API docs for header file re-organization
	The API docs generators were broken by the header file
	re-organization. Specifically

	 * html/libvirt-libvirt.html was empty (and should be deleted)
	 * Makefile.am didn't install html/libvirt-libvirt-*.html
	 * hvsupport.html was mostly empty
	 * sitemap.html.in didn't list the new html/*.html files

2014-11-13  Pavel Hrdina  <phrdina@redhat.com>

	nwfilter: fix deadlock caused updating network device and nwfilter
	Commit 6e5c79a1 tried to fix deadlock between nwfilter{Define,Undefine}
	and starting of guest, but this same deadlock exists for
	updating/attaching network device to domain.

	The deadlock was introduced by removing global QEMU driver lock because
	nwfilter was counting on this lock and ensure that all driver locks are
	locked inside of nwfilter{Define,Undefine}.

	This patch extends usage of virNWFilterReadLockFilterUpdates to prevent
	the deadlock for all possible paths in QEMU driver. LXC and UML drivers
	still have global lock.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1143780

2014-11-13  Michal Privoznik  <mprivozn@redhat.com>

	qemuPrepareNVRAM: Save domain conf only if domain's persistent
	In one of my previous patches (3a3c3780b) I've tried to fix the
	problem of nvram path disappearing on a domain that's been
	started and shut down again. I fixed this by explicitly saving
	domain's config file.  However, I did a bit of clumsy without
	realizing we have a transient domains for which we don't save the
	config file. Hence, any domain using UEFI became persistent.

2014-11-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Run some test only on Linux
	As I was reviewing bhyve commits, I've noticed qemuxml2argvtest
	failing for some test cases. This is not bug in qemu driver code
	rather than being unable to load qemuxml2argvmock on non-Linux
	platforms. For instance:

	318) QEMU XML-2-ARGV numatune-memnode
	... libvirt:  error : internal error: NUMA node 0 is unavailable
	FAILED

	Rather than disabling qemuxml2argvtest on BSD (we do compile qemu
	driver there) disable only those test cases which require mocking.
	To achieve that goal new DO_TEST_LINUX() macro is introduced which
	invokes the test case on Linux only and consume arguments on other
	systems.

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Introduce 'managed' for the fchost parent
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926

	Introduce a 'managed' attribute to allow libvirt to decide whether to
	delete a vHBA vport created via external means such as nodedev-create.
	The code currently decides whether to delete the vHBA based solely on
	whether the parent was provided at creation time. However, that may not
	be the desired action, so rather than delete and force someone to create
	another vHBA via an additional nodedev-create allow the configuration of
	the storage pool to decide the desired action.

	During createVport when libvirt does the VPORT_CREATE, set the managed
	value to YES if not already set to indicate to the deleteVport code that
	it should delete the vHBA when the pool is destroyed.

	If libvirtd is restarted all the memory only state was lost, so for a
	persistent storage pool, use the virStoragePoolSaveConfig in order to
	write out the managed value.

	Because we're now saving the current configuration, we need to be sure
	to not save the parent in the output XML if it was undefined at start.
	Saving the name would cause future starts to always use the same parent
	which is not the expected result when not providing a parent. By not
	providing a parent, libvirt is expected to find the best available
	vHBA port for each subsequent (re)start.

	At deleteVport, use the new managed value to decide whether to execute
	the VPORT_DELETE.  Since we no longer save the parent in memory or in
	XML when provided, if it was not provided, then we have to look it up.

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Introduce virStoragePoolSaveConfig
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926

	Introduce the ability to save a configuration of a persistent configuration
	that may be changed by storage pool backend activity, such as start or stop

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Don't use a stack copy of the adapter
	https://bugzilla.redhat.com/show_bug.cgi?id=1160926

	Passing a copy of the storage pool adapter to a function just changes the
	copy of the fields in the particular function and then when returning to
	the caller those changes are discarded.  While not yet biting us in the
	storage clean-up case, it did cause an issue for the fchost storage pool
	startup case, createVport.  The issue was at startup, if no parent is found
	in the XML, the code will search for the 'best available' parent and then
	store that in the in memory copy of the adapter.  Of course, in this case
	it was a copy, so when returning to the virStorageBackendSCSIStartPool that
	change was discarded (or lost) from the pool->def->source.adapter which
	meant at shutdown (deleteVport), the code assumed no adapter was passed
	and skipped the deletion, leaving the vHBA created by libvirt still defined
	requiring an additional stop of a nodedev-destroy to remove.

	Adjusted the createVport to take virStoragePoolDefPtr instead of the
	adapter copy. Then use the virStoragePoolSourceAdapterPtr when processing.
	A future patch will need the 'def' anyway, so this just sets up for that.

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Ensure fc_host parent matches wwnn/wwpn
	https://bugzilla.redhat.com/show_bug.cgi?id=1160565

	The existing code assumed that the configuration of a 'parent' attribute
	was correct for the createVport path. As it turns out, that may not be
	the case which leads errors during the deleteVport path because the
	wwnn/wwpn isn't associated with the parent.

	With this change the following is reported:

	error: Failed to start pool fc_pool_host3
	error: XML error: Parent attribute 'scsi_host4' does not match parent 'scsi_host3' determined for the 'scsi_host16' wwnn/wwpn lookup.

	for XML as follows:

	  <pool type='scsi'>
	    <name>fc_pool</name>
	    <source>
	      <adapter type='fc_host' parent='scsi_host4' wwnn='5001a4aaf3ca174b' wwpn='5001a4a77192b864'/>
	    </source>

	Where 'nodedev-dumpxml scsi_host16' provides:

	  <device>
	    <name>scsi_host16</name>
	    <path>/sys/devices/pci0000:00/0000:00:04.0/0000:10:00.0/host3/vport-3:0-11/host16</path>
	    <parent>scsi_host3</parent>
	    <capability type='scsi_host'>
	      <host>16</host>
	      <unique_id>13</unique_id>
	      <capability type='fc_host'>
	        <wwnn>5001a4aaf3ca174b</wwnn>
	        <wwpn>5001a4a77192b864</wwpn>
	...

	The patch also adjusts the description of the storage pool to describe the
	restrictions.

2014-11-12  John Ferlan  <jferlan@redhat.com>

	storage: Check for valid fc_host parent at startup
	https://bugzilla.redhat.com/show_bug.cgi?id=1160565

	If a 'parent' attribute is provided for the fchost, then at startup
	time check to ensure it is a vport capable scsi_host. If the parent
	is not vport capable, then disallow the startup. The following is the
	expected results:

	error: Failed to start pool fc_pool
	error: XML error: parent 'scsi_host2' specified for vHBA is not vport capable

	where the XML for the fc_pool is:

	    <pool type='scsi'>
	      <name>fc_pool</name>
	      <source>
	        <adapter type='fc_host' parent='scsi_host2' wwnn='5001a4aaf3ca174b' wwpn='5001a4a77192b864'/>
	      </source>
	...

	and 'scsi_host2' is not vport capable.

	Providing an incorrect parent and a correct wwnn/wwpn could lead to
	failures at shutdown (deleteVport) where the assumption is the parent
	is for the fchost.

	NOTE: If the provided wwnn/wwpn doesn't resolve to an existing scsi_host,
	      then we will be creating one with code (virManageVport) which
	      assumes the parent is vport capable.

2014-11-12  Matthias Gatto  <matthias.gatto@outscale.com>

	qemu: Resolve Coverity DEADCODE.
	reported here: http://www.redhat.com/archives/libvir-list/2014-November/msg00327.html

	I could have just remove bool supportMaxOptions variable, but
	if I had do this, we could not check anymore if the nparams variable is
	superior to QEMU_NB_BLOCK_IO_TUNE_PARAM_MAX.

	v2: change following this proposal:
	http://www.redhat.com/archives/libvir-list/2014-November/msg00379.html

2014-11-12  Matthias Gatto  <matthias.gatto@outscale.com>

	qemu: Fix copy_paste_error in qemuBuildDriveStr.
	Fix for this: http://www.redhat.com/archives/libvir-list/2014-November/msg00324.html

2014-11-12  Conrad Meyer  <cse.cem@gmail.com>

	bhyvexml2argv: Add test for grub console support

2014-11-12  Conrad Meyer  <cse.cem@gmail.com>

	bhyve: Add console support for grub-bhyve bootloader
	This enables booting interactive GRUB menus (e.g. install CDs) with
	libvirt-bhyve.

	Caveat: A terminal other than the '--console' option to 'virsh start'
	(e.g. 'cu -l /dev/nmdm0B -s 115200') must be used to connect to
	grub-bhyve because the bhyve loader path is synchronous and must occur
	before the VM actually starts.

	Changing the bhyveProcessStart logic around to accommodate '--console'
	for interactive loader use seems like a significant project and probably
	not worth it, if UEFI/BIOS support for bhyve is "coming soon."

2014-11-12  Conrad Meyer  <cse.cem@gmail.com>

	bhyve: Probe grub-bhyve for --cons-dev capability

	bhyvexml2argv: Add tests for domain-configured bootloader, args

	domaincommon.rng: Add 'bootloader' to os=hvm schema for Bhyve
	Additionally, make the <bootloader> tag optional (for bhyveload with
	custom arguments) (also, matches the actual parser).

	bhyvexml2argv: Add loader argv tests.

2014-11-12  Conrad Meyer  <cse.cem@gmail.com>

	bhyve: Support /domain/bootloader configuration for non-FreeBSD guests.
	We still default to bhyveloader(1) if no explicit bootloader
	configuration is supplied in the domain.

	If the /domain/bootloader looks like grub-bhyve and the user doesn't
	supply /domain/bootloader_args, we make an intelligent guess and try
	chainloading the first partition on the disk (or a CD if one exists,
	under the assumption that for a VM a CD is likely an install source).

	Caveat: Assumes the HDD boots from the msdos1 partition. I think this is
	a pretty reasonable assumption for a VM. (DrvBhyve with Bhyveload
	already assumes that the first disk should be booted.)

	I've tested both HDD and CD boot and they seem to work.

2014-11-12  Ján Tomko  <jtomko@redhat.com>

	Do not crash on gluster snapshots with no host name
	virStorageFileBackendGlusterInit did not check nhosts.

	https://bugzilla.redhat.com/show_bug.cgi?id=1162974

2014-11-11  Ján Tomko  <jtomko@redhat.com>

	Display nicer error message for unsupported chardev hotplug
	Use the device type name if we know it instead of its number,
	even if we can't hotplug it:
	qemuMonitorJSONAttachCharDevCommand:6094 : operation failed: Unsupported
	char device type '10'

2014-11-11  Ján Tomko  <jtomko@redhat.com>

	Fix virDomainChrEquals for spicevmc
	virDomainChrSourceDefIsEqual should return 'true' for
	identical SPICEVMC chardevs, and those that have no source
	specification.

	After this change, a failed hotplug no longer leaves a stale
	pointer in the domain definition.

	https://bugzilla.redhat.com/show_bug.cgi?id=1162097

2014-11-11  Wang Rui  <moon.wangrui@huawei.com>

	qemu: fix domain startup failing with 'strict' mode in numatune
	If the memory mode is specified as 'strict' and with one node, we
	get the following error when starting domain.

	error: Unable to write to '$cgroup_path/cpuset.mems': Device or resource busy

	XML is configured with numatune as follows:
	  <numatune>
	    <memory mode='strict' nodeset='0'/>
	  </numatune>

	It's broken by Commit 411cea638f6ec8503b7142a31e58b1cd85dbeaba
	which moved qemuSetupCgroupForEmulator() before setting cpuset.mems
	in qemuSetupCgroupPostInit.

	Directory '$cgroup_path/emulator/' is created in qemuSetupCgroupForEmulator.
	But '$cgroup_path/emulator/cpuset.mems' it not set and has a default value
	(all nodes, such as 0-1). Then we setup '$cgroup_path/cpuset.mems' to the
	nodemask (in this case it's '0') in qemuSetupCgroupPostInit. It must fail.

	This patch makes '$cgroup_path/emulator/cpuset.mems' is set before
	'$cgroup_path/cpuset.mems'. The action is similar with that in
	qemuDomainSetNumaParamsLive.

2014-11-11  Wang Rui  <moon.wangrui@huawei.com>

	lxc: don't setup cpuset.mems if memory mode in numatune is not 'strict'
	If the memory mode in numatune is not 'strict', we should not setup
	cpuset.mems. Before commit 1a7be8c600905aa07ac2d78293336ba8523ad48e
	we have checked the memory mode in virDomainNumatuneGetNodeset. This
	patch adds the check as before.

2014-11-11  Wang Rui  <moon.wangrui@huawei.com>

	qemu: don't setup cpuset.mems if memory mode in numatune is not 'strict'
	If the memory mode in numatune is specified as 'preferred' with one node
	(such as nodeset='0'), domain's memory is not all in node 0 absolutely.
	Assumption that node 0 doesn't have enough memory, memory can be allocated
	on node 1 when qemu process startup. Then if we set cpuset.mems to '0',
	it may invoke OOM.

	Commit 1a7be8c600905aa07ac2d78293336ba8523ad48e changed the former logic of
	checking memory mode in virDomainNumatuneGetNodeset. This patch adds the
	check as before.

2014-11-11  Hao Liu  <hliu@redhat.com>

	Fix invalid log, misused option types and a typo
	This patch fixes the following issues.

	1)  When an invalid wwn is introduced, libvirt reports
	    "Malformed wwn: %s". The template won't be replaced.

	2)  "target" option for dompmsuspend and "xml" option for
	    save-image-define are required options and should use
	    VSH_OT_DATA instead of VSH_OT_STRING as an option type.

	3)  A typo.

2014-11-11  Martin Kletzander  <mkletzan@redhat.com>

	phyp: Fix NULL dereference in phypConnectOpen
	Coverity found out that commit cd490086 caused a possible NULL pointer
	dereference.  This is due to the fact, that phyp_driver is NULL at the
	time of closing the socket, instead of connection_data, which kept the
	socket before the mentioned commit, could not be NULL.

	However, internal_socket is still the local socket that can be
	closed, even unconditionally, if we initialize it to -1.

2014-11-10  Matthias Gatto  <matthias.gatto@outscale.com>

	virsh: Add bps_max and friends to virsh
	Add the new throttle options to virsh, and send them to libvirt.

	qemu: Add bps_max and friends to qemu command generation
	Check the arability of the options with the current qemu binary,
	add them in the varable opt if yes, print a message if not.

	qemu: Add bps_max and friends QMP suport
	Detect if the the qemu binary currently in use support the bps_max option,
	If yes add it to the command, if not, just ignore the option.
	We don't print error here, because the check for invalide arguments
	has alerady been made in qemu_driver.c

	qemu: Add bps_max and friends qemu driver
	Add support for bps_max and friends in the driver part.
	In the part checking if a qemu is running, check if the running binary
	support bps_max, if not print an error message, if yes add it to
	"info" variable

	qemu: Add Qemu capability for bps_max and friends
	Add the capability to detect if the qemu binary have the capability
	to use bps_max and friends
	Add a value in the enum virQEMUCapsFlags for the qemu capability.
	Set it with virQEMUCapsSet if the binary suport bps_max and they friends.

	qemu: Modify the structure _virDomainBlockIoTuneInfo.
	Modify the structure _virDomainBlockIoTuneInfo to support these the new
	options.
	Change the initialization of the variable expectedInfo in qemumonitorjsontest.c
	to avoid compiling problem.
	Add documentation about the new xml options

	qemu: Add define for the new throttle options
	Add defines for the new options total_bytes_sec_max, write_bytes_sec_max,
	read_bytes_sec_max, total_iops_sec_max, write_iops_sec_max, read_iops_sec_max,
	size_iops_sec.

2014-11-10  Jincheng Miao  <jmiao@redhat.com>

	nodeinfo: report error when failure in nodeSetMemoryParameters
	nodeSetMemoryParameters() will call nodeSetMemoryParameterValue()
	to set parameters. But it just filter the return code '-2' as
	failure. Indeed we should report error when rc is negative.

	https://bugzilla.redhat.com/show_bug.cgi?id=1161541

2014-11-10  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	cpu_conf: Allow specification of 'units' for @memory on numa nodes.
	CPU numa topology implicitly allows memory specification in 'KiB'.

	Enabling this to accept the 'unit' in which memory needs to be specified.
	This now allows users to specify memory in units of choice, and
	lists the same in 'KiB' -- just like other 'memory' elements in XML.

	    <numa>
	      <cell cpus='0-3' memory='1024' unit='MiB' />
	      <cell cpus='4-7' memory='1024' unit='MiB' />
	    </numa>

	Also augment test cases to correctly model NUMA memory specification.
	This adds the tag 'unit="KiB"' for memory attribute in NUMA cells.

2014-11-10  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	conf: Expose virDomainParseMemory for use outside domain_conf
	Commit 01b4de2b9f5ca82 abstracts virDomainParseMemory()
	for use by other functions in domain_conf.c
	Extend the same for use, for functions outside of this file.

2014-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify VI (vSphere) API and VMware product version handling
	Store version numbers in this format

	version = 1000000 * major + 1000 * minor + micro

	produced by virParseVersionString instead of dedicated enums.

	Split the complex esxVI_ProductVersion enum into a simpler
	esxVI_ProductLine enum and a product version number.

	Relax API and product version number checks to accept everything that
	is equal or greater than the supported minimum version. VMware ESX
	went through 3 major versions and the vSphere API always stayed
	backward compatible. This commit assumes that this will also be true
	for future VMware ESX versions.

	Also reword error messages in esxConnectTo* to say what was expected
	and what was found instead (suggested by Richard W.M. Jones).

2014-11-07  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Use virDomainParseMemory more widely
	As reviewing patches upstream it occurred to me, that we have two
	functions doing nearly the same: virDomainParseMemory which
	expects XML in the following format:

	  <memory unit='MiB'>1337</memory>

	The other function being virDomainHugepagesParseXML expecting the
	following format:

	  <someElement size='1337' unit='MiB'/>

	It wouldn't matter to have two functions handle two different
	scenarios like this if we could only not copy code that handles
	32bit arches around. So this code merges the common parts into
	one by inventing new @units_xpath argument to
	virDomainParseMemory which allows overriding the default location
	of @unit attribute in XML. With this change both scenarios above
	can be parsed with virDomainParseMemory.

2014-11-07  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Transform VIR_ERROR into VIR_WARN in detect_scsi_host_caps
	If detect_scsi_host_caps reports errors but keeps libvirtd going on
	startup, the user is misled by the error messages. Transforming them
	into warning still shows the problems, but indicates this is not fatal.

2014-11-07  Martin Kletzander  <mkletzan@redhat.com>

	vbox: Remove useless condition branches
	These were probably left there after some code movement.

2014-11-07  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virnuma: add nodeset NULL check in virNumaSetupMemoryPolicy
	Introduced by commit c63ef0452b, when nodeset is NULL, validation will
	pass in virNumaSetupMemoryPolicy, but virBitmapNextSetBit must ensure
	bitmap is not NULL, otherwise that might cause a segmentation fault.
	This patch fixes it.

2014-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of networkPrivateData from netcf driver
	The shared netcf driver is stateful and inside the daemon so
	there is no need to use the networkPrivateData field to get the
	driver handle. Just access the global driver handle directly.

2014-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of networkPrivateData from network driver
	The shared network driver is stateful and inside the daemon so
	there is no need to use the networkPrivateData field to get the
	driver handle. Just access the global driver handle directly.

	Many places already directly accessed the global driver handle
	in any case, so the code could never work without relying on
	this.

2014-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of storagePrivateData from storage driver
	The shared storage driver is stateful and inside the daemon so
	there is no need to use the storagePrivateData field to get the
	driver handle. Just access the global driver handle directly.

	Update Test driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Test driver, there is no need to use the
	different type specific privateData fields.

	Update Parallels driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Parallels driver, there is no need to use the
	different type specific privateData fields. The object that was
	being stored in the storagePrivateData can easily be kept in the
	parallelsConn struct instead.

	Remove abuse of networkPrivateData in phyp driver
	For inexplicable reasons the phyp driver defined two separate
	structs for holding its private data. One it keeps in privateData
	and the other it keeps in networkPrivateData. It uses them both
	from all API driver methods. Merge the two separate structs
	into one to remove this horrible abuse.

	Move phyp internal info out of the header file
	The phyp_driver.h file has various declarations that are only
	ever used from phyp_driver.c, so they should be in the .c file
	only.

	Update Hyper-V driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the Hyper-V driver, there is no need to use the
	different type specific privateData fields.

	Update ESX driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the ESX driver, there is no need to use the
	different type specific privateData fields.

	Update remote driver to always use privateData
	Since the secondary drivers are only active when the primary
	driver is also the remote driver, there is no need to use the
	different type specific privateData fields.

	Clean up remote driver connection open code
	The remote driver has had a long term hack to deal with the fact
	that the old Xen driver worked outside libvirtd, but the rest
	of the drivers worked inside. So you could have a local hypervisor
	driver but everything else go via the remote driver. The Xen driver
	long ago moved inside libvirtd, so this hack is no longer needed.
	Thus we should open use the remote driver for secondary drivers
	if the primary driver is already the remote driver.

2014-11-07  Luyao Huang  <lhuang@redhat.com>

	doc: fix mismatched ACL attribute name
	As documented in https://bugzilla.redhat.com/show_bug.cgi?id=1161358,
	the ACL attribute should be named: interface_macaddr

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Test: Add a testcase for PowerPC compat mode cpu specification.
	This introduces a testcase for PowerPC compat mode cpu specification.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	docs: Add documentation for compat mode.
	Add documentation to explain how compat-mode can be invoked with libvirt
	running on PowerPC architecture.
	It also mentions that this change is available libvirt 1.2.11 onwards.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	PowerPC:Improve PVR handling to fall back to cpu generation.
	IBM Power processors differ uniquely across generations (such as power6,
	power7, power8). Each generation signifies a new PowerISA version
	that exhibits features unique to that generation.
	The higher 16 bits of PVR for IBM Power processors encode the CPU
	generation, while the CPU chip (sub)version is encoded in lower 16 bits.

	For all practical purposes of launching a VM, we care about the
	generation which the vCPU will belong to, and not specifically the chip
	version. This patch updates the libvirt PVR check to reflect this
	relationship. It allows libvirt to select the right CPU generation
	in case the exact match for a a specific CPU is not found.
	Hence, there will no longer be a need to add each PowerPC CPU model to
	cpu_map.xml; just adding entry for the matching ISA generation will
	suffice.

	It also contains changes to cpu_map.xml since processor generations
	as understood by QEMU compat mode go as "power6", "power7" or "power8"
	[Reference : QEMU commit 8dfa3a5e85 ]

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	PowerPC : Add support for launching VM in 'compat' mode.
	PowerISA allows processors to run VMs in binary compatibility ("compat")
	mode supporting an older version of ISA. QEMU has recently added support to
	explicitly denote a VM running in compatibility mode through commit 6d9412ea
	& 8dfa3a5e85. Now, a "compat" mode VM can be run by invoking this qemu
	commandline on a POWER8 host:  -cpu host,compat=power7.

	This patch allows libvirt to exploit cpu mode 'host-model' to describe this
	new mode for PowerKVM guests. For example, when a user wants to request a
	power7 vm to run in compatibility mode on a Power8 host, this can be
	described in XML as follows :

	  <cpu mode='host-model'>
	    <model>power7</model>
	  </cpu>

	Acked-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Cpu: Add support for Power LE Architecture.
	This adds support for PowerPC Little Endian architecture.,
	and allows libvirt to spawn VMs based on 'ppc64le' architecture.

	Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	gitignore: use wildcard for configure's temporary files
	Pushed as trivial and pre-ACK'd here:

	https://www.redhat.com/archives/libvir-list/2014-November/msg00180.html

2014-11-06  Jiri Denemark  <jdenemar@redhat.com>

	Fix build-time pkg-config files in VPATH
	Since libvirt.h was split into several files, it is impossible to
	compile anything against a VPATH-built libvirt. In VPATH, only libvirt.h
	is in build/include/libvirt while all other libvirt-*.h files are in
	source/include/libvirt.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidth: Include virutil.h
	One of the latest patches (9a8fc3efc2470) introduced call of
	geteuid(). However, not all systems have the function
	implemented, e.g. mingw. Therefore, we fail to build on those
	system. The fix consist of including virutil.h which defines
	geteuid in needed. Sigh.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Update fsfreeze status on domain state transitions
	https://bugzilla.redhat.com/show_bug.cgi?id=1160084

	As of b6d4dad1 (1.2.5) libvirt keeps track if domain disks have been
	frozen. However, this falls into that set of information which don't
	survive domain restart. Therefore, we need to clear the flag upon some
	state transitions. Moreover, once we clear the flag we must update the
	status file too.

2014-11-06  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Allow use of iothreads for virtio ccw disk definitions
	Extending the iothread disk support from pci to pci and ccw.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
	Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>

2014-11-06  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Correct disk type checking logic for iothreads
	Finding the right type of disk should check for virtio as bus and
	pci as device address type.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2014-11-06  Luyao Huang  <lhuang@redhat.com>

	virsh: fix net-dhcp-leases no output in quiet mode
	When run net-dhcp-leases in quiet mode, cannot get
	any output.

	 # virsh -q net-dhcp-leases default

2014-11-06  Luyao Huang  <lhuang@redhat.com>

	network: fix call virNetworkEventLifecycleNew when networkStartNetwork fail
	When start a network fail, libvirt still call virNetworkEventLifecycleNew
	to send a event.

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	numa: fix assumption in virNumaNodeIsAvailable()
	When compiled without full numa support, the stub function for
	virNumaNodeIsAvailable() just checks whether specified node is in range
	<0, max); where max is maximum NUMA node available on the host.  But
	because the maximum node number is the highest usabe number (and not the
	count of nodes), the check is incorrect as it should check whether the
	specified node is in range <0, max> instead.

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	numa: split util/ and conf/ and support non-contiguous nodesets
	This is a reaction to Michal's fix [1] for non-NUMA systems that also
	splits out conf/ out of util/ because libvirt_util shouldn't require
	libvirt_conf if it is the other way around.  This particular use case
	worked, but we're trying to avoid it as mentioned [2], many times.

	The only functions from virnuma.c that needed numatune_conf were
	virDomainNumatuneNodesetIsAvailable() and virNumaSetupMemoryPolicy().
	The first one should be in numatune_conf as it works with
	virDomainNumatune, the second one just needs nodeset and mode, both of
	which can be passed without the need of numatune_conf.

	Apart from fixing that, this patch also fixes recently added
	code (between commits d2460f85^..5c8515620) that doesn't support
	non-contiguous nodesets.  It uses new function
	virNumaNodesetIsAvailable(), which doesn't need a stub as it doesn't use
	any libnuma functions, to check if every specified nodeset is available.

	[1] https://www.redhat.com/archives/libvir-list/2014-November/msg00118.html
	[2] http://www.redhat.com/archives/libvir-list/2011-June/msg01040.html

2014-11-06  Martin Kletzander  <mkletzan@redhat.com>

	add temporary compilation files into .gitignore
	When using git-status during configure phase, three additional files are
	shown as untracked.

2014-11-06  Erik Skultety  <eskultet@redhat.com>

	Iface: disallow network tuning in session mode globally
	Patch 43b67f2e disallowed network tuning only with qemu driver, however
	this patch moved the check for root privileges into
	virNetDevBandwidthSet function, so the call should now
	fail in all possible cases. A mock function was created so that the test
	suite doesn't fail because of unsufficient privileges.

	qemu: revert patch - bandwidth tuning in session mode
	Since there was a valid note to patch 43b67f2e about the best spot to
	check for bandwidth set call while having libvirt daemon run in session
	mode, this patch reverts previous changes dealing with bandwith
	(also reverts adding variable @cfg in qemuDomainGetNumaParameters which
	 does not have any use at the moment, but getting and unreferencing
	 driver's config) in qemu_driver.c and qemu_command.c. There will be
	another patch in the series which introduces the fix itself.

2014-11-06  Ján Tomko  <jtomko@redhat.com>

	Free job statistics from the migration cookie
	==404== 232 bytes in 1 blocks are definitely lost in loss record 669 of 758
	==404==    at 0x4C2B934: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==404==    by 0x52A2BF3: virAlloc (viralloc.c:144)
	==404==    by 0x1D49AD70: qemuMigrationCookieAddStatistics (qemu_migration.c:554)
	==404==    by 0x1D49AD70: qemuMigrationBakeCookie (qemu_migration.c:1228)
	==404==    by 0x1D4A43B8: qemuMigrationFinish (qemu_migration.c:5002)
	==404==    by 0x1D4C9339: qemuDomainMigrateFinish3Params (qemu_driver.c:11526)

	Introduced by commit 5d6fb96

2014-11-06  Hao Liu  <hliu@redhat.com>

	virsh: Fix types for option bandwidth in block*
	Bandwidth options in blockcommit, blockcopy, blockjob and blockpull
	are parsed by vshCommandOptULWrap() and should be shown as a number
	type option.

	And a typo is fixed.

2014-11-06  Michal Privoznik  <mprivozn@redhat.com>

	private.syms: Export virDomainNumatuneSpecifiedMaxNode
	As of 90286418 the function is introduced. However, it's missing
	an entry in the libvirt_private.syms so it can't be mocked.

	virnuma: Add some more comments
	Well, in fact only add comments to mark ifdef,
	else and endif sections.

2014-11-06  Eric Blake  <eblake@redhat.com>

	CVE-2014-7823: dumpxml: security hole with migratable flag
	Commit 28f8dfd (v1.0.0) introduced a security hole: in at least
	the qemu implementation of virDomainGetXMLDesc, the use of the
	flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only
	connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE
	prior to calling qemuDomainFormatXML.  However, the use of
	VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write
	clients only.  This patch treats the migratable flag as requiring
	the same permissions, rather than analyzing what might break if
	migratable xml no longer includes secret information.

	Fortunately, the information leak is low-risk: all that is gated
	by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password;
	but VNC passwords are already weak (FIPS forbids their use, and
	on a non-FIPS machine, anyone stupid enough to trust a max-8-byte
	password sent in plaintext over the network deserves what they
	get).  SPICE offers better security than VNC, and all other
	secrets are properly protected by use of virSecret associations
	rather than direct output in domain XML.

	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC):
	Tighten rules on use of migratable flag.
	* src/libvirt-domain.c (virDomainGetXMLDesc): Likewise.

2014-11-05  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainUpdateDeviceConfig: Allow startupPolicy update
	https://bugzilla.redhat.com/show_bug.cgi?id=1159219

	Users might want to update startupPolicy via the
	virDomainUpdateDeviceFlags API too. This patch
	implements the feature on config layer.

2014-11-05  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix memory leak in remoteConnectGetAllDomainStats
	The remote call actually doesn't free the arguments array so we leak
	memory in case a domain list is specified. As the remote domain list
	array consists only of stolen pointers from the actual domain objects
	it's sufficient just to free the array.

	Valgrind message:
	==1081452== 64 bytes in 1 blocks are definitely lost in loss record 632 of 726
	==1081452==    at 0x4C296D0: calloc (vg_replace_malloc.c:618)
	==1081452==    by 0x4EA5CB4: virAllocN (viralloc.c:191)
	==1081452==    by 0x505D21E: remoteConnectGetAllDomainStats (remote_driver.c:7785)
	==1081452==    by 0x50081AA: virDomainListGetStats (libvirt-domain.c:11080)
	==1081452==    by 0x155249: cmdDomstats (virsh-domain-monitor.c:2147)
	==1081452==    by 0x12FB73: vshCommandRun (virsh.c:1935)
	==1081452==    by 0x133FEB: main (virsh.c:3719)

2014-11-05  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Memory: Use consistent type for all memory elements.
	Domain memory elements such as max_balloon and cur_balloon are
	implemented as 'unsigned long long', whereas the 'memory' element
	in NUMA cells is implemented as 'unsigned int'.

	Use the same data type (unsigned long long) for 'memory' element
	in NUMA cells.

2014-11-04  Ján Tomko  <jtomko@redhat.com>

	Require at least one console for LXC domain
	A domain without a console quietly dies soon after start,
	because we try to set /dev/null as a controlling TTY
	2014-10-30 15:10:59.705+0000: 1: error : lxcContainerSetupFDs:283 :
	ioctl(TIOCSCTTY) failed: Inappropriate ioctl for device

	Report an error early instead of trying to start it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1155410

2014-11-04  Ján Tomko  <jtomko@redhat.com>

	Do not probe for power mgmt capabilities in lxc emulator
	It fails after 30 seconds with this error:
	error : virDBusCall:1429 : error from service: CanSuspend:
	Did not receive a reply. Possible causes include: the remote
	application did not send a reply, the message bus security
	policy blocked the reply, the reply timeout expired, or the
	network connection was broken.

	Only probe for the power mgmt capabilities when driver is non-NULL.
	This speeds up domain startup by 30 seconds.

	https://bugzilla.redhat.com/show_bug.cgi?id=1159227

2014-11-04  Martin Kletzander  <mkletzan@redhat.com>

	util: fix releasing pidfile in cleanup
	Coverity found out the very obvious problem in the code.  That is that
	virPidFileReleasePath() was called only if
	virPidFileAcquirePath() returned 0.  But virPidFileAcquirePath() doesn't
	return only 0 on success, but the FD that needs to be closed.

2014-11-04  Weiwei Li  <nuonuoli@tencent.com>

	qemu: stop NBD server after successful migration
	In qemuMigrationFinish mig->nbd can not be initialized by
	qemuMigrationEatCookie without the QEMU_MIGRATION_COOKIE_NBD flag.
	That causes qemuMigrationStopNBDServer to return early without
	stopping the NBD server properly.

2014-11-04  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virnuma: use virNumaNodesetIsAvailable checking nodeset in virNumaSetupMemoryPolicy

	numatune: add check for numatune nodeset range
	There was no check for 'nodeset' attribute in numatune-related
	elements.  This patch adds validation that any nodeset specified does
	not exceed maximum host node.

	bitmap: add virBitmapLastSetBit for finding the last bit position of bitmap

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	examples: add systemtap script to ease lock debugging
	As discussed before, this simple script should help with debugging
	deadlocks, although there are still some caveats.  RWLocks are not
	handled by this and if your deadlock if very racy, it may not lock
	up when running with this script due to the slowdown.

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: avoid rare race when undefining domain
	When one domain is being undefined and at the same time started, for
	example, there is a possibility of a rare problem occuring.

	 - Thread 1 does virDomainUndefine(), has the lock, checks that the
	   domain is active and because it's not, calls
	   virDomainObjListRemove().

	 - Thread 2 does virDomainCreate() and tries to lock the domain.

	 - Thread 1 needs to lock domain list in order to remove the domain from
	   it, but must unlock domain first (proper order is to lock domain list
	   first and the domain itself second).

	 - Thread 2 grabs the lock, starts the domain and releases the lock.

	 - Thread 1 grabs the lock and removes the domain from list.

	With this patch:

	 - qemuDomainRemoveInactive() creates a QEMU_JOB_MODIFY if that's
	   possible, but since it must remove the domain from list either way,
	   it continues even when starting the job failed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1150505

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	virsh: don't list unknown domains
	When the list of domains is fetched and being printed, but in the
	meantime one domain was undefined before its status was fetched, the
	output then includes domain with "no state".  With this patch, such
	domain is skipped over as consecutive 'virsh list --all' (or the same
	one ran a second later) wouldn't list it anyway.

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	lxc: improve error message for invalid blkiotune settings
	Before:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: unable to parse blkio device
	  'device_read_bytes_sec' '/dev/sda,-1'

	After:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: invalid value '-1' for parameter
	  'device_read_bytes_sec' of device '/dev/sda'

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: improve error message for invalid blkiotune settings
	Before:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: unable to parse blkio device
	  'device_read_bytes_sec' '/dev/sda,-1'

	After:
	  $ virsh blkiotune dummy --device-read-bytes-sec /dev/sda,-1
	  error: Unable to change blkio parameters
	  error: invalid argument: invalid value '-1' for parameter
	  'device_read_bytes_sec' of device '/dev/sda'

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: make sure capability probing process can start
	When daemon is killed right in the middle of probing a qemu binary for
	its capabilities, the qemu process is left running.  Next time the
	daemon is starting, it cannot start the probing qemu process because the
	one that's already running does have the pidfile flock()'d.

	Reported-by: Wang Yufei <james.wangyufei@huawei.com>

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	util: Introduce virPidFileForceCleanupPath
	This function is used to cleanup a pidfile doing whatever it takes, even
	killing the owning process.

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	vbox: don't register NULL driver
	We were missing check for the fact that the storage driver was found and
	in case there is no vbox storage driver available, daemon raised the
	following error each start:

	  error : virRegisterStorageDriver:592 : driver in
	  virRegisterStorageDriver must not be NULL

	Fixing this makes the condition unified with networkDriver registration
	in vbox as well.

2014-11-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: make advice from numad available when building commandline
	Particularly in qemuBuildNumaArgStr(), there was a need for the advice
	due to memory backing, which needs to know the nodeset it will be pinned
	to.  With newer qemu this caused the following error when starting
	domain:

	  error: internal error: Advice from numad is needed in case of
	  automatic numa placement

	even when starting perfectly valid domain, e.g.:

	  ...
	  <vcpu placement='auto'>4</vcpu>
	  <numatune>
	    <memory mode='strict' placement='auto'/>
	  </numatune>
	  <cpu>
	    <numa>
	      <cell id='0' cpus='0' memory='524288'/>
	      <cell id='1' cpus='1' memory='524288'/>
	    </numa>
	  </cpu>
	  ...

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138545

2014-11-03  John Ferlan  <jferlan@redhat.com>

	Post-release version bump for new dev cycle

2014-11-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.10
	- docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: fetched loclalization and regenerated

2014-11-01  Pavel Hrdina  <phrdina@redhat.com>

	hotplug: fix char device detach
	Hotplugging and hotunplugging char devices is only supported through
	'-device' and the check for device capability should be independently.

	Coverity also complains about 'tmpChr->info.alias' could be NULL and we
	are dereferencing it but it somehow only in this case don't recognize
	that the value is set by 'qemuAssignDeviceChrAlias' so it's clearly
	false positive. Add sa_assert to make coverity happy.

2014-11-01  Pavel Hrdina  <phrdina@redhat.com>

	vbox_storage: fix coverity issue with overwriting value
	Coverity is complaining about overwriting value in 'rc' variable
	without using the old value because it somehow doesn't recognize that
	the value is used by MACRO. The 'rc' variable is there only for checking
	return code so it's save to remove it and make coverity happy.

2014-11-01  Ján Tomko  <jtomko@redhat.com>

	Relax duplicate SCSI host pool checking
	Since commit 3f99d64 no new scsi_host pools can be defined
	if one of the already defined scsi_host pools does not refer
	to an accessible scsi_host adapter.

	Relax the check by skipping over these inaccessible pools
	when checking for duplicates.

2014-11-01  Ján Tomko  <jtomko@redhat.com>

	Match scsi_host pools by parent address first
	If both source adapters are specified by a parent address,
	just comparing the address is faster and catches even addresses
	that do not refer to valid adapters.

2014-11-01  Pavel Hrdina  <phrdina@redhat.com>

	mingw: fix build failure
	This macro seems to be defined only on linux/unix and it fails during
	mingw build. Its value is '16' (taken from net/if.h) so define it if
	it's not defined.

2014-10-31  Eric Blake  <eblake@redhat.com>

	domain: fix parsing of memory tunables on 32-bit machines
	Commit 6c9a8a4 (Oct 2014) exposed a long-standing issue on 32-bit
	machines: code related to virDomainSetMemoryParameters has always
	been documented as using a 64-bit limit, but it was implemented by
	calling virDomainParseMemory which enforced an 'unsigned long'
	limit.  Since VIR_DOMAIN_MEMORY_PARAM_UNLIMITED capped to a
	long is -1, but virDomainParseScaledValue no longer accepts
	negative values, an attempt to use 2^53-1 as a hard memory limit
	started failing the testsuite.  However, the problem with capping
	things artificially low has existed for much longer - ever since
	commits 4888f0fb and 2e22f23 (Mar 2012) switched internal tracking
	from 'unsigned long' to 'unsigned long long' (prior to that time,
	the cap was a side-effect of the choice of types).  We _have_ to
	cap the balloon memory values, (no thanks to baked in 'unsigned long'
	of API such as virDomainSetMaxMemory or virDomainGetInfo with no
	counterpart API that guarantees 64-bit access to those numbers)
	but memory parameters have never needed the artificial limit.

	At any rate, the solution is to make the parser function gain a
	parameter, and only do the reduced 32-bit cap for the values that
	are constrained due to API.

	* src/conf/domain_conf.h (_virDomainMemtune): Add comments.
	* src/conf/domain_conf.c (virDomainParseMemory): Add parameter.
	(virDomainDefParseXML): Adjust callers.

2014-10-31  weiwei li  <weiweili821@gmail.com>

	qemu: Release nbd port from migrationPorts instead of remotePorts
	commit 3e1e16aa8d4238241a1806cb9bdb3b9ad60db777 (Use a port from the
	migration range for NBD as well) changed ndb port allocation from
	remotePorts to migrationPorts, but did not change the port releasing
	process, which makes an error when migrating several times (above 64):
	error: internal error: Unable to find an unused port in range
	'migration' (49152-49215)

	https://bugzilla.redhat.com/show_bug.cgi?id=1159245

2014-10-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix double-free of libxl_domain_build_info
	On error, libxlMakeDomBuildInfo() frees the caller-provided
	libxl_domain_build_info struct embedded in libxl_domain_config,
	causing a segfault

	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7f9c13020700 (LWP 40988)]
	(gdb) bt
	0  0x00007f9c162f95b4 in free () from /lib64/libc.so.6
	1  0x00007f9c0d0965ad in libxl_bitmap_dispose () from
	   /usr/lib64/libxenlight.so.4.4
	2  0x00007f9c0d0a73bf in libxl_domain_build_info_dispose ()
	   from /usr/lib64/libxenlight.so.4.4
	3  0x00007f9c0d0a7974 in libxl_domain_config_dispose () from
	   /usr/lib64/libxenlight.so.4.4
	4  0x00007f9c0d2e00c5 in libxlDomainStart (driver=0x7f9c0400e4e0,
	   vm=0x7f9c0412b0d0, start_paused=false, restore_fd=-1) at
	   libxl/libxl_domain.c:1323
	5  0x00007f9c0d2e1d4b in libxlDomainCreateXML (conn=0x7f9c000009a0,...)
	   at libxl/libxl_driver.c:660

	Remove the call to libxl_domain_build_info_dispose() from
	libxlMakeDomBuildInfo().  On error, callers will dispose the
	libxl_domain_config object, which in turn disposes the build info.

2014-10-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: Support user-specified <emulator>
	With the introduction of the libxlDomainGetEmulatorType function,
	it is trivial to support a user-specfied <emulator> in the libxl
	driver.  This patch is based loosely on David Scott's old patch
	to do the same

	https://www.redhat.com/archives/libvir-list/2013-April/msg02119.html

2014-10-30  Ján Tomko  <jtomko@redhat.com>

	Spell TIOCSCTTY right in the error message

	Reject live update of offloading options
	https://bugzilla.redhat.com/show_bug.cgi?id=1155441

2014-10-30  Martin Kletzander  <mkletzan@redhat.com>

	conf: forbid negative values in virDomainParseScaledValue
	It makes sense for none of the callers to have negative value as an
	output and, fortunately, if anyone tried defining domain with negative
	memory or any other value parsed by virDomainParseScaledValue(), the
	resulting value was 0.  That means we can error out during parsing as
	it won't break anything.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1155843

2014-10-30  Luyao Huang  <lhuang@redhat.com>

	virsh: Fix memory leak in cmdNetworkDHCPLeases
	After cidr_format is allocated by virAsprintf and used by vshPrintExtra
	it needs to be freed.

	Fix the following memory leak from valgrind:
	 18 bytes in 1 blocks are definitely lost in loss record 41 of 192
	    at 0x4C29BBD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	    by 0x85CE36F: __vasprintf_chk (vasprintf_chk.c:80)
	    by 0x4EE52D5: UnknownInlinedFun (stdio2.h:210)
	    by 0x4EE52D5: virVasprintfInternal (virstring.c:459)
	    by 0x4EE53CA: virAsprintfInternal (virstring.c:480)
	    by 0x14FE96: cmdNetworkDHCPLeases (virsh-network.c:1378)
	    by 0x13006B: vshCommandRun (virsh.c:1915)
	    by 0x12A9E1: main (virsh.c:3699)

2014-10-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virutil: fix virGetSCSIHostNumber stub return type
	The virGetSCSIHostNumber function return type is int, however
	its stubbed version returns NULL. That results in a build fail
	on systems that use the stubbed version. Fix by using a proper
	return type.

	virnetdev: stub virNetDev{Add,Del}Multi on FreeBSD
	Currently, build fails on FreeBSD because its struct ifreq does not
	have ifr_hwaddr member. In order to fix that, check if this member
	is present, otherwise fall back to the stub version of the
	virNetDev{Add,Del}Multi functions.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	virnetdev: Resolve Coverity RESOURCE_LEAK
	virFileReadAll returns a chunk of memory that needs to be free'd when
	done

	virnetdev: Resolve Coverity FORWARD_NULL
	The complaint is that if cleanup is called when virFileReadAll fails,
	then mcast->entries is NULL and could be dereferenced in the clear
	function. After following the code some - I saw that the caller to
	the function (virNetDevGetMulticastTable) will also call
	virNetDevMcastListClear if this function returns -1, so this
	isn't necessary, so I removed the call.

	virnetdev: Resolve Coverity DEADCODE
	Coverity complains that because the for loop is from 0 to 5 (max tokens)
	and the impending switch/case statements used each of the #define values
	that the 'default' wouldn't reachable. This patch will convert the #define's
	into enum's and add the obligatory dead_error_begin marker for these type
	situations.

2014-10-29  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu

2014-10-29  Eric Blake  <eblake@redhat.com>

	qemu: better error message when block job can't succeed
	https://bugzilla.redhat.com/show_bug.cgi?id=1140981 reports that
	the qemu-kvm shipped as part of RHEL 7.0 intentionally[1] cripples
	block jobs by removing the 'block-stream' QMP command, while still
	leaving 'block-job-cancel' as an unusable no-op.  Meanwhile, we
	already had existing code that checked whether block jobs were
	completely missing (such as qemu 0.15), old style (cancel is
	synchronous, and all commands spelled with '_'), or new style
	(cancel is asynchronous, and all commands spelled with '-'), and
	used that three-way probe to give decent error messages.  At the
	time that code was added, all existing qemu versions fell in one
	of three buckets, and the code was using the presence of
	'block-job-cancel' as the witness of which of the three buckets.
	But now that RHEL qemu has shipped with intentionally crippled
	'block-stream', we have a fourth bucket, which results in ugly
	error messages when trying 'virsh blockpull':

	 error: Requested operation is not valid: Command 'block-stream' is not found

	In reality, the fourth bucket should be treated the same as the
	first bucket (no block job support); we can do that by realizing
	that no existing build of qemu has working block-stream while
	lacking block-job-cancel, so it is easiest to change our witness
	to the command that starts a job rather than ends one.  We still
	act correctly regarding command spelling and whether cancel is
	asynchronous.  And on crippled RHEL builds, we now get the desired:

	 error: unsupported configuration: block jobs not supported with this qemu binary

	[1] The intentional cripple is limited to qemu-kvm of RHEL; when using
	qemu-kvm-rhev of RHEV, block job functionality is supported.  Don't ask
	me to explain the "why" behind it all - I'm just dealing with fallout
	from someone else's decision.

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCKJOB_SYNC): Tweak comment.
	* src/qemu/qemu_capabilities.c (virQEMUCapsCommands): Look for stream
	rather than cancel when determining the flavor of block jobs supported.

2014-10-29  Peter Krempa  <pkrempa@redhat.com>

	test: Add test to verify helpers used for backing file name parsing
	Add two test cases to verify that the helpers split and parse the
	backing store components properly.

2014-10-29  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix crash when parsing backing store URI with schema
	The code that parses the schema from the URI touches the "hosts[0]"
	member of the storage file source structure in case the URI contains a
	schema. The hosts array was not yet allocated at the point in the code
	where the transport protocol was parsed and set. This lead to a crash of
	libvirtd.

	Fix the code by allocating the "hosts" array upfront and add a test case
	to verify this scenario. (Unfortunately this requires shuffling the test
	case numbers too).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1156288

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: add syntax check to prohibit static zero init
	Now that all offenders have been cleaned, turn on a syntax-check
	rule to prevent future offenders.

	* cfg.mk (sc_prohibit_static_zero_init): New rule.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Avoid false
	positive.

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: avoid static zero init in drivers
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.

	* src/libxl/libxl_driver.c: Fix initialization.
	* src/lxc/lxc_controller.c: Likewise.
	* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: avoid static zero init in helpers
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.

	* src/conf/nwfilter_conf.c: Fix initialization.
	* src/cpu/cpu_x86.c: Likewise.
	* src/interface/interface_backend_netcf.c: Likewise.
	* src/locking/lock_daemon.c: Likewise.
	* src/locking/lock_driver_lockd.c: Likewise.
	* src/locking/lock_driver_sanlock.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
	* src/rpc/virnetserver.c: Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxGenSecurityLabel): Likewise.

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: avoid static zero init in tests
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.

	* tests/eventtest.c: Fix initialization.
	* tests/testutils.c: Likewise.
	* tests/virhostdevtest.c: Likewise.
	* tests/virportallocatortest.c: Likewise.
	* tests/virscsitest.c: Likewise.

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: avoid static zero init in tools
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.

	* tools/virsh-console.c (got_signal): Drop unused variable.
	* tools/virsh-domain.c: Fix initialization.
	* tools/virsh.c: Likewise.
	* tools/virt-host-validate-common.c (virHostMsgWantEscape):
	Likewise.

2014-10-29  Eric Blake  <eblake@redhat.com>

	maint: avoid static zero init in core files
	C guarantees that static variables are zero-initialized.  Some older
	compilers (and also gcc -fno-zero-initialized-in-bss) create larger
	binaries if you explicitly zero-initialize a static variable.

	* src/libvirt.c: Fix initialization.
	* src/util/viralloc.c: Likewise.
	* src/util/virdbus.c: Likewise.
	* src/util/virevent.c: Likewise.
	* src/util/virfile.c (safezero): Likewise.
	* src/util/virlog.c: Likewise.
	* src/util/virnetlink.c: Likewise.
	* src/util/virthread.h (VIR_ONCE_GLOBAL_INIT): Likewise.
	* src/util/virprocess.c (virProcessGetStartTime): Likewise.

2014-10-29  Eric Blake  <eblake@redhat.com>

	audit: use bool for audit log choice
	We weren't ever using the value for anything other than being non-zero.

	* src/util/viraudit.h (virAuditLog): Change signature.
	* src/util/viraudit.c (virAuditLog): Update user.
	* daemon/libvirtd.c (main): Likewise.

2014-10-29  Michal Privoznik  <mprivozn@redhat.com>

	src/Makefile.am: Add forgotten backslash
	As I've pushed 5892944f I haven't noticed one small nitpick.
	There was this backslash missing on the line 1231 in the
	enumeration of libraries to be added to vbox storage driver. This
	resulted in nondeterministic build which sometimes succeeded and
	sometimes failed.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	storage_conf: Resolve libvirtd crash matching scsi_host
	https://bugzilla.redhat.com/show_bug.cgi?id=1146837

	Resolve a crash in libvirtd resulting from commit id 'a4bd62ad' (1.0.6)
	which added parentaddr and unique_id to allow unique identification of
	a scsi_host, but assumed that all the pool entries and the incoming
	definition would be similarly defined. If the existing pool uses the
	'name' attribute and an incoming pool is using the parentaddr/unique_id,
	then the code will attempt to compare the existing name string against
	the incoming name string which doesn't exist (is NULL) and results in
	a core (STREQ).

	Conversely, if the existing pool used the parentaddr/unique_id and the
	to be defined pool used the name, then the comparison would be against
	the parentaddr, but since the incoming pool doesn't have one - that would
	leave the comparison against a parentaddr of all 0's and a unique_id of 0,
	which will always comparison to fail. This means someone could define the
	same source adapter for two pools

	In order to resolve this, adjust the code to get the 'host#' to be used
	by the storage scsi backend in order to check/start the pool and make sure
	the incoming definition doesn't match any of the existing pool defs.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	virutil: Introduce virGetSCSIHostNameByParentaddr
	Create the function from the code in getAdapterName() in order to return
	the "host#" name for the provided parentaddr values.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	virutil: Introduce virGetSCSIHostNumber
	Create/use virGetSCSIHostNumber to replace the static getHostNumber

	Removed the "if (result &&" since result is now required to be non NULL
	on input.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	qemu-attach: Assign device aliases
	https://bugzilla.redhat.com/show_bug.cgi?id=1141621

	As part of attach processing, assign the device aliases by calling
	qemuAssignDeviceAliases during qemuDomainQemuAttach once all the devices
	are found after the qemuParseCommandLinePid processing.

	This will alleviate a symptom that caused a libvirtd crash during an
	attempted device detach.

2014-10-29  John Ferlan  <jferlan@redhat.com>

	hotplug: Check for alias in net detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1141621

	If the QEMU_CAPS_DEVICE is set, then ensure the host device alias has
	been properly set before making the calls to detach the device

2014-10-29  John Ferlan  <jferlan@redhat.com>

	hotplug: Check for alias in chrdev detach
	If the QEMU_CAPS_DEVICE is set, then ensure the chr device alias has
	been properly set before making the calls to detach the device

	hotplug: Check for alias in hostdev detach
	If the QEMU_CAPS_DEVICE is set, then ensure the host device alias has
	been properly set before making the calls to detach the device

	hotplug: Check for alias in disk detach
	If the QEMU_CAPS_DEVICE is set, then ensure the disk device alias has
	been properly set in prior to making the calls to detach the device.

	hotplug: Check for alias in controller detach
	In qemuDomainDetachControllerDevice if the info.alias already exists
	a call to qemuAssignDeviceControllerAlias would overwrite the existing
	so avoid this possibility.

	virsh: Adjust the text in man page regarding qemu-attach
	Slight adjustment to the qemu-attach man page to note device hotplug
	and hot unplug may not work and that the environment should be considered
	read-only

2014-10-29  Jincheng Miao  <jmiao@redhat.com>

	remote: fix jump depends on uninitialised value
	Currently remote driver only initializes partial fields of
	remote_connect_get_all_domain_stats_args. But xdr_array()
	will check the uninitialised field 'doms_val'.
	For safty reason, memset all fields of args is better.

	Fix the following error from valgrind, like:
	==30515== 1 errors in context 1 of 3:
	==30515== Conditional jump or move depends on uninitialised value(s)
	==30515==    at 0x85E9402: xdr_array (xdr_array.c:88)
	==30515==    by 0x4FD8FC9: xdr_remote_connect_get_all_domain_stats_args (remote_protocol.c:6473)
	==30515==    by 0x4FE72F2: virNetMessageEncodePayload (virnetmessage.c:350)
	==30515==    by 0x4FDD21C: virNetClientProgramCall (virnetclientprogram.c:326)
	==30515==    by 0x4FB4D01: callFull.isra.2 (remote_driver.c:6667)
	==30515==    by 0x4FCBD45: call (remote_driver.c:6689)
	==30515==    by 0x4FCBD45: remoteConnectGetAllDomainStats (remote_driver.c:7793)
	==30515==    by 0x4FA0E75: virConnectGetAllDomainStats (libvirt.c:21678)
	==30515==    by 0x147FD1: cmdDomstats (virsh-domain-monitor.c:2148)
	==30515==    by 0x13006B: vshCommandRun (virsh.c:1915)
	==30515==    by 0x12A9E1: main (virsh.c:3699)

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Remove unused things in vbox_tmpl.c
	After rewriting the whole driver, Only version specified code is
	remained in vbox_tmpl.c. So, this patch removes those unused macros
	header files in vbox_tmpl.c.

	vbox: New storage driver
	This patch provides the new stroage driver for vbox. The work
	is similar with patch 87dea4fc and the next b4022de33.

	vbox: Rewrite vboxStorageVolGetPath

	vbox: Rewrite vboxStorageVolGetXMLDesc

	vbox: Rewrite vboxStorageVolGetInfo

	vbox: Rewrite vboxStorageVolDelete
	The API on IHardDiskAttachment is merged into IMediumAttachment.
	So, we don't need it anymore.

	vbox: Make IMediumAttachment work with vbox2.2 and 3.0
	The GetMedium will always return a IHardDisk object them.
	In 2.2 and 3.0, it is what GetHardDisk exactly do. In 3.1 and later,
	The IMedium is same as IHardDisk.

	vbox: Rewrite vboxStorageVolCreateXML
	If the <path> in target element is not given, libvirt will put the
	new volume in ~/.VirtualBox by default.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Make CreateHardDisk support all vbox versions
	The CreateHardDiskMedium only support create HardDisk for medium
	type, and it only works when vbox version >= 3.1. This patch make
	the function workable with all vbox versions and rename it as
	CreateHardDisk.

	In vbox 2.2 and 3.0 this function will create a IHardDisk object.
	In vbox later than 3.0, this function will create a IMedium object.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Rewrite vboxStorageVolLookupByPath

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Make FindMedium support old vbox versions
	In old version, function FindMedium in UIVirtualBox doesn't work
	for vbox2.2 and 3.0. We assume it will not be used when vbox in
	these versions.

	But when rewriting vboxStorageVolLookupByPath, we found it was
	compatibe to use FindMedium to get a IHardDisk object, even in
	vbox old versions. To achieve this, first make FindMedium call
	FindHardDisk when VBOX_API_VERSION < 4000000.
	Then change the argument type **IMedium to **IHardDisk. (As the
	rules in heriachy, we can't transfer a IHardDisk to match
	IMedium in output)

	In vbox 2.2 and 3.0, the caller must be aware that they will get
	a IHardDisk object in return.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Rewrite vboxStorageVolLookupByKey

	vbox: Rewrite vboxStorageVolLookupByName

	vbox: Rewrite vboxStoragePoolListVolumes

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Rewrite vboxStoragePoolNumOfVolumes
	We use typedef IMedium IHardDisk to make IHardDisk hierachy from
	IMedium (Actually it did on vbox 2.2 and 3.0's C++ API).
	So when calling
	    VBOX_MEDIUM_FUNC_ARG*(IHardDisk, func, args)
	we can directly replace it to
	    gVBoxAPI.UIMedium.func(IHardDisk, args)

	When dealing with this two types, we get some rules from it's
	hierachy relationship.

	When using IHardDisk and IMedium as input, we can't transfer a
	IMedium to IHardDisk. Like:
	    gVBoxAPI.UIHardDisk.func(IHardDisk *hardDisk, args)
	    Here, we can't put a *IMedium as a argument.

	When using IHardDisk and IMedium as output, we can't transfer a
	IHardDisk to IMedium. Like:
	    gVBoxAPI.UIMachine.GetMedium(IMedium **out)
	    Here, we can't put a **IHardDisk as a argument. If this case
	    do happen, we either change the API to GetHardDisk or write a
	    new one.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Rewrite vbox-independent functions
	This patch rewrites the following functions
	    *vboxStorageOpen
	    *vboxStorageClose
	    *vboxConnectNumOfStoragePools
	    *vboxConnectListStoragePools
	    *vboxStoragePoolLookupByName

	These functions do not call any vbox API, so I directly move it
	from vbox_tmpl.c to vbox_storage.c

	A small improvement is made on vboxConnectListStoragePools.
	The if condition nnames == 1 is modified to nnames > 0. So if the
	caller put more than one slot to get active storage pools, the new
	function will return exactly one, while the old one would only
	return 0.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: move common codes to vbox_common.h
	There are lots of macro declarations in vbox_common.c,
	vbox_network.c, and the coming vbox_storage.c which simply the API
	calling. Since they are totally the same. We shouldn't keep three
	copies of that, so they are moved to vbox_common.h.

	Note: The macros are quite different from those in vbox_tmpl.c,
	      because they are using different API.

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Remove VBOX_OBJECT_CHECK macro
	We should follow the rules that CHECK macro only do checking works.
	But this VBOX_OBJECT_CHECK and VBOX_OBJECT_HOST_CHECK declared some
	varibles at the same time, which broke the rule. So the patch
	removed this macros and dispatched it in source code.

	The storage driver is still not rewriten at this point. So, I
	remains the VBOX_OBJECT_CHECK macro in vbox_tmpl.c. But this will
	finally be removed in patch 'vbox: Remove unused things in vbox_tmpl.c'

2014-10-29  Taowei Luo  <uaedante@gmail.com>

	vbox: Fix copyright mistake
	I made a mistake on copyright in patch 7f0f415b87.

	If I copied codes from one file to another, I should copy the
	copyright announcement as well. So this patch makes up the
	copyright which I should have added in the previous patch.

2014-10-29  Shanzhi Yu  <shyu@redhat.com>

	virsh: Improve the job type reported of virsh cmd blockcommit
	When starting an active block commit job in virsh, it will report
	"Block Commit started", but for more precise message it could
	report "Active Block Commit started".

2014-10-28  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Renamed internal __mon_yday into mon_yday to avoid conflicts
	libc has another constant with the same name, which leads to
	redefinition error when building against static libvirt

2014-10-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Produce more readable error messages
	Not every error message from qemu-ga has to have the 'class' field
	filled out. For instance, I've seen this error message lately:

	  qemuAgentCheckError:1047 : unable to execute QEMU agent command \
	  {"execute":"guest-set-time"}: \
	  {"error":{"desc":"Invalid parameter type, expected: integer"}}

	However, this got translated into rather generic error message:

	  internal error: unable to execute QEMU agent command
	  'guest-set-time': unknown QEMU command error

	So we've dropped better error message in favor of a generic one.
	This is due to our code which expects 'class' which is not
	present here.

2014-10-28  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	qemu: change macvtap multicast list in response to NIC_RX_FILTER_CHANGED
	This patch adds functionality to processNicRxFilterChangedEvent().
	The old and new multicast lists are compared and the filters in
	the macvtap are programmed to match the guest's filters.

2014-10-28  Tony Krowiak  <akrowiak@linux.vnet.ibm.com>

	util: Functions to update host network device's multicast filter
	This patch provides the utility functions to needed to synchronize the
	changes made to a guest domain network device's multicast filter
	with the corresponding macvtap device's filter on the host:

	* Get/add/remove multicast MAC addresses
	* Get the macvtap device's RX filter list

2014-10-27  Eric Blake  <eblake@redhat.com>

	qemu: forbid snapshot-delete --children-only on external snapshot
	https://bugzilla.redhat.com/show_bug.cgi?id=956506 documents that
	given a domain where an internal snapshot parent has an external
	snapshot child, we lacked a safety check when trying to use the
	--children-only option to snapshot-delete:

	$ virsh start dom
	$ virsh snapshot-create-as dom internal
	$ virsh snapshot-create-as dom external --disk-only
	$ virsh snapshot-delete dom external
	error: Failed to delete snapshot external
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet
	$ virsh snapshot-delete dom internal --children
	error: Failed to delete snapshot internal
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet
	$ virsh snapshot-delete dom internal --children-only
	Domain snapshot internal children deleted

	While I'd still like to see patches that actually do proper external
	snapshot deletion, we should at least fix the inconsistency in the
	meantime.  With this patch:

	$ virsh snapshot-delete dom internal --children-only
	error: Failed to delete snapshot internal
	error: unsupported configuration: deletion of 1 external disk snapshots not supported yet

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Fix condition.

2014-10-26  Laine Stump  <laine@laine.org>

	util: eliminate "use after free" in callers of virNetDevLinkDump
	virNetDevLinkDump() gets a message from netlink into "resp", then
	calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
	then returns tb to its caller, but not before freeing the buffer at
	resp. That means that all the callers of virNetDevLinkDump() are
	examining memory that has already been freed. This can be verified by
	filling the buffer at resp with garbage prior to freeing it (or, I
	suppose, just running libvirtd under valgrind) then performing some
	operation that calls virNetDevLinkDump().

	The code has been like this ever since virNetDevLinkDump() was written
	- the original author didn't notice it, and neither did later
	additional users of the function. It has only been pure luck (or maybe
	a lack of heavy load, and/or maybe an allocation algorithm in malloc()
	that delays re-use of just-freed memory) that has kept this from
	causing errors, for example when configuring a PCI passthrough or
	macvtap passthrough network interface.

	The solution taken in this patch is the simplest - just return resp to
	the caller along with tb, then have the caller free it after they are
	finished using the data (pointers) in tb. I alternately could have
	made a cleaner interface by creating a new struct that put tb and resp
	together along with a vir*Free() function for it, but this function is
	only used in a couple places, and I'm not sure there will be
	additional new uses of virNetDevLinkDump(), so the value of adding a
	new type, extra APIs, etc. is dubious.

2014-10-24  Julio Faracco  <jcfaracco@gmail.com>

	tests: Add SELINUX_LIBS to fix viridentitytest linker bug
	In a clean build system (Ubuntu 14.04), the viridentitytest failed to compile.
	Even if all the SELINUX libraries and depedencies are installed. See the error
	message below:

	[...]
	  CC       viridentitytest.o
	  CCLD     viridentitytest
	/usr/bin/ld: viridentitytest.o: undefined reference to symbol
	                                                       'security_disable'
	//lib/x86_64-linux-gnu/libselinux.so.1: error adding symbols: DSO missing
	                                                           from command line
	collect2: error: ld returned 1 exit status
	make: *** [viridentitytest] Error 1

	Simply adding the variable SELINUX_LIBS in viridentitytest rules of
	Makefile.am to include SELINUX libraries into viridentitytest solved that
	compilation issue.

2014-10-24  Shanzhi Yu  <shyu@redhat.com>

	vbox: network: make sure driver is not NULL in virRegisterNetworkDriver
	libvirtd will report below error if it does not make sure driver was not NULL
	in virRegisterNetworkDriver

	$ libvirtd
	2014-10-24 09:24:36.443+0000: 28876: info : libvirt version: 1.2.10
	2014-10-24 09:24:36.443+0000: 28876: error : virRegisterNetworkDriver:549 : driver in virRegisterNetworkDriver must not be NULL
	2014-10-24 09:24:36.443+0000: 28876: error : virDriverLoadModule:99 : Failed module registration vboxNetworkRegister

2014-10-24  Daniel P. Berrange  <berrange@redhat.com>

	Add new driver-*.h files to DRIVER_SOURCES
	The recently added driver-*.h files were not listed in the
	Makefile.am causing them to be missed when creating dists.

	Fix indentation of sysinfo data
	The <sysinfo> data block was indented by 2 spaces too many.
	This was missed because we never had any test validating
	the XML formatting.

	Fix preprocessor indentation in libvirt.h.in
	The cfg.mk rule for checking preprocessor indentation was
	mistakenly missing the libvirt.h.in file due to bad file
	extension matching rule. Fix that and the resolve the
	incorrect indentation that is identified.

	Move virConnect related APIs out of libvirt.h.in
	Create a new libvirt-host.h file to hold the public
	API definitions for the virConnect type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virDomain related APIs out of libvirt.h.in
	Create a new libvirt-domain.h file to hold the public
	API definitions for the virDomain type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virEvent related APIs out of libvirt.h.in
	Create a new libvirt-event.h file to hold the public
	API definitions for the virEvent type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virStoragePool/Vol related APIs out of libvirt.h.in
	Create a new libvirt-storage.h file to hold the public
	API definitions for the virStorage/Vol type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

2014-10-24  Daniel P. Berrange  <berrange@redhat.com>

	Move virStream related APIs out of libvirt.h.in
	Create a new libvirt-stream.h file to hold the public
	API definitions for the virStream type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Note the definition of virStreamPtr is not moved, since that
	must be declared early for all other libvirt APIs to be able
	to reference it.

2014-10-24  Daniel P. Berrange  <berrange@redhat.com>

	Move virSecret related APIs out of libvirt.h.in
	Create a new libvirt-secret.h file to hold the public
	API definitions for the virSecret type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNodeDevice related APIs out of libvirt.h.in
	Create a new libvirt-nodedev.h file to hold the public
	API definitions for the virNodeDevice type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNWFilter related APIs out of libvirt.h.in
	Create a new libvirt-nwfilter.h file to hold the public
	API definitions for the virNWFilter type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virInterface related APIs out of libvirt.h.in
	Create a new libvirt-interface.h file to hold the public
	API definitions for the virInterface type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virNetwork related APIs out of libvirt.h.in
	Create a new libvirt-network.h file to hold the public
	API definitions for the virNetwork type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virDomainSnapshot related APIs out of libvirt.h.in
	Create a new libvirt-domain-snapshot.h file to hold the public
	API definitions for the virDomainSnapshot type. This header
	file is not self-contained, so applications will not directly
	include it. They will continue to #include <libvirt/libvirt.h>

	Move virConnect/virNode related APIs out of libvirt.c
	Introduce a src/libvirt-host.c file to hold all the
	methods related to the virConnect type.

	Move virDomain related APIs out of libvirt.c
	Introduce a src/libvirt-domain.c file to hold all the
	methods related to the virDomain type.

	Make virTypedParameterValidateSet non-static
	The virTypedParameterValidateSet method will need to be used
	from several libvirt-*.c files so must be non-static

	Move virStorage{Pool,Vol} related APIs out of libvirt.c
	Introduce a src/libvirt-storage.c file to hold all the
	methods related to the virStorage{Pool,Vol} types.

	Move virStream related APIs out of libvirt.c
	Introduce a src/libvirt-stream.c file to hold all the
	methods related to the virStream type.

	Move virSecret related APIs out of libvirt.c
	Introduce a src/libvirt-secret.c file to hold all the
	methods related to the virSecret type.

	Move virNodeDevice related APIs out of libvirt.c
	Introduce a src/libvirt-nodedev.c file to hold all the
	methods related to the virNodeDevice type.

	Move virNWFilter related APIs out of libvirt.c
	Introduce a src/libvirt-nwfilter.c file to hold all the
	methods related to the virNWFilter type.

	Move virInterface related APIs out of libvirt.c
	Introduce a src/libvirt-interface.c file to hold all the
	methods related to the virInterface type.

	Move virNetwork related APIs out of libvirt.c
	Introduce a src/libvirt-network.c file to hold all the
	methods related to the virNetwork type.

	Move virDomainSnapshot related APIs out of libvirt.c
	Introduce a src/libvirt-domain-snapshot.c file to hold all the
	methods related to the virDomainSnapshot type.

2014-10-24  Eric Blake  <eblake@redhat.com>

	hyperv: avoid query memleaks on failure
	The function hypervEnumAndPull consumes query on success, but leaked
	it on failure.  Rather than having to change all callers (many of
	them indirect callers through the generated
	hypervGetMsvmComputerSystemList), it was easier to just guarantee
	that the buffer is cleaned on return from the function.

	* src/hyperv/hyperv_wmi.c (hypervEnumAndPull): Don't leak query on
	failure.

2014-10-23  Daniel P. Berrange  <berrange@redhat.com>

	Split driver.h into multiple parts
	With the large number of APIs in libvirt the driver.h file,
	it is easy to get lost looking for things. Split each driver
	into a separate header file based on the functional driver
	groups.

	Rename virDriver to virHypervisorDriver
	To prepare for introducing a single global driver, rename the
	virDriver struct to virHypervisorDriver and the registration
	API to virRegisterHypervisorDriver()

2014-10-22  Erik Skultety  <eskultet@redhat.com>

	qemu: Disallow NUMA/network tuning for session mode
	Tuning NUMA or network interface parameters requires root
	privileges to manage cgroups. Thus an attempt to set some of these
	parameters in session mode on a running domain should be invalid
	followed by an error. An example might be memory tuning which raises
	an error in such case.

	The following behavior in session mode will be present after applying
	this patch:

	  Tuning  |      SET      |   GET  |
	----------|---------------|--------|
	NUMA      | shut off only | always |
	Memory    |     never     | never  |
	Interface |     never     | always |

	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1126762

2014-10-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Make check for empty hook XML robust
	Also consider whitespace only strings returned from the hook as empty
	result.

	qemu: restore: Fix restoring of VM when the restore hook returns empty XML
	The documentation for the restore hook states that returning an empty
	XML is equivalent with copying the input. There was a bug in the code
	checking the returned string by checking the string instead of the
	contents. Use the new helper to check if the string is empty.

	util: string: Add helper to check whether string is empty
	The helper checks whether a string contains only whitespace or is NULL.
	This will be helpful to skip cases where a user string is optional, but
	may be provided empty with the same meaning.

	doc: HACKING: Regenerate after recent change

2014-10-22  Rick Harris  <rconradharris@gmail.com>

	Add support for /run/initctl
	Newer versions of Debian use '/run/initctl' instead of '/dev/initctl'.
	This patch updates the code to search for the FIFO from a list of
	well-known locations.

2014-10-22  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix an improper git browsable address

2014-10-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix cast errors with clang
	Build with clang fails with:

	  CC       util/libvirt_util_la-virsocketaddr.lo
	util/virsocketaddr.c:904:17: error: cast from 'struct sockaddr *' to
	'struct sockaddr_in *' increases required alignment from 1 to 4
	[-Werror,-Wcast-align]
	        inet4 = (struct sockaddr_in*) res->ai_addr;
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	util/virsocketaddr.c:909:17: error: cast from 'struct sockaddr *' to
	'struct sockaddr_in6 *' increases required alignment from 1 to 4
	[-Werror,-Wcast-align]
	        inet6 = (struct sockaddr_in6*) res->ai_addr;
	                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	2 errors generated.

	Fix that by replacing virSocketAddrParseInternal() call with
	virSocketAddrParse() in the virSocketAddrIsNumericLocalhost() function.
	virSocketAddrParse stores an address in virSocketAddr.
	virSocketAddr uses a union to store an address, so it doesn't
	need casting.

2014-10-21  Martin Kletzander  <mkletzan@redhat.com>

	docs: Mention repository locations in contributor guidelines

	qemu: unref cfg after TerminateMachine has been called
	Commit 4882618ed13b469d92fa8b2b4a158fdb17dbe9f1 added the code that
	requests driver cfg, but forgot to unref it.

2014-10-21  Lubomir Rintel  <lkundrak@v3.sk>

	qemu: x86_64 is good enough for i686
	virt-manager on Fedora sets up i686 hosts with "/usr/bin/qemu-kvm" emulator,
	which in turn unconditionally execs qemu-system-x86_64 querying capabilities
	then fails:

	Error launching details: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'

	Traceback (most recent call last):
	  File "/usr/share/virt-manager/virtManager/engine.py", line 748, in _show_vm_helper
	    details = self._get_details_dialog(uri, vm.get_connkey())
	  File "/usr/share/virt-manager/virtManager/engine.py", line 726, in _get_details_dialog
	    obj = vmmDetails(conn.get_vm(connkey))
	  File "/usr/share/virt-manager/virtManager/details.py", line 399, in __init__
	    self.init_details()
	  File "/usr/share/virt-manager/virtManager/details.py", line 784, in init_details
	    domcaps = self.vm.get_domain_capabilities()
	  File "/usr/share/virt-manager/virtManager/domain.py", line 518, in get_domain_capabilities
	    self.get_xmlobj().os.machine, self.get_xmlobj().type)
	  File "/usr/lib/python2.7/site-packages/libvirt.py", line 3492, in getDomainCapabilities
	    if ret is None: raise libvirtError ('virConnectGetDomainCapabilities() failed', conn=self)
	libvirtError: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'

	Journal:

	Oct 16 21:08:26 goatlord.localdomain libvirtd[1530]: invalid argument: architecture from emulator 'x86_64' doesn't match given architecture 'i686'

2014-10-21  Zhou yimin  <zhouyimin@huawei.com>

	qemu: move setting emulatorpin ahead of monitor showing up
	If VM is configured with many devices(including passthrough devices)
	and large memory, libvirtd will take seconds(in the worst case) to
	wait for monitor. In this period the qemu process may run on any
	PCPU though I intend to pin emulator to the specified PCPU in xml
	configuration.

	Actually qemu process takes high cpu usage during vm startup.
	So this is not the strict CPU isolation in this case.

2014-10-20  Richard W.M. Jones  <rjones@redhat.com>

	docs: apps: Update references to virt-p2v and virt-v2v.
	These tools have been rewritten upstream, so you don't need to link to
	the old tools, link to the new ones and mention they are part of
	libguestfs.

	Also remove the link to "Poor man's P2V".  There's no real reason to
	use that technique any longer since the rewritten tools are simple,
	fast and highly capable.

2014-10-20  Maxime Leroy  <maxime.leroy@6wind.com>

	tests: fix incorrect caps for shmem-invalid-size, shmem-small-size
	VIR_TEST_DEBUG=2 ./qemuxml2argvtest generates the following output:

	409) QEMU XML-2-ARGV shmem-invalid-size
	... Got expected error: unsupported configuration: ivshmem device is not \
		 supported with this QEMU binary
	OK
	410) QEMU XML-2-ARGV shmem-small-size
	... Got expected error: unsupported configuration: ivshmem device is not \
	supported with this QEMU binary
	OK

	We should have:

	409) QEMU XML-2-ARGV shmem-invalid-size
	... Got expected error: XML error: shmem size must be a power of two
	OK
	410) QEMU XML-2-ARGV shmem-small-size
	... Got expected error: XML error: shmem size must be at least 1 MiB
	OK

	This commit fixes the issue by providing QEMU_CAPS_DEVICE_IVSHMEM caps
	for shmem-invalid-size, shmem-small-size test.

2014-10-20  Maxime Leroy  <maxime.leroy@6wind.com>

	conf: tests: fix virDomainNetDefFormat for vhost-user in client mode
	The mode attribute is required for the source element of vhost-user.
	Thus virDomainNetDefFormat should always generate a xml with it and not
	only when the mode is server.

	The commit fixes the issue. And it adds a vhostuser interface in
	'client' mode to qemuxml2argv-net-vhostuser.(args|xml) to test this
	usecase.

2014-10-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: add missing 'break' from commit 1298daca
	Add missing 'break's from commit 1298daca, as noted by John Ferlan

	https://www.redhat.com/archives/libvir-list/2014-October/msg00430.html

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Convert qemuDomainUpdateDeviceConfig to typecasted enum

	qemu: Convert qemuDomainDetachDeviceConfig to typecasted enum

	qemu: Convert qemuDomainAttachDeviceConfig to typecasted enum

	qemu: Convert qemuDomainUpdateDeviceLive to typecasted enum

	qemu: Convert qemuDomainDetachDeviceLive to typecasted enum

2014-10-15  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: fix an memory leak in virSocketAddrIsNumericLocalhost()

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	conf: Move definition of virDomainParseMemory
	Shove it to the top of the file so that it can be reused earlier.

	Implement empty post parse callbacks for all drivers
	To allow easy implementation of a callback check this patch adds empty
	post parse callbacks to drivers that were missing them.

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add functions for object hot-add/remove
	To allow live modification of device backends in qemu libvirt needs to
	be able to hot-add/remove "objects". Add monitor backend functions to
	allow this.

	This function will be used for hot-add/remove of RNG backends,
	IOThreads, memory backing objects, etc.

2014-10-15  Peter Krempa  <pkrempa@redhat.com>

	util: json: Add option to skip adding a JSON object if it is NULL
	Add a new option specifier that will optionally add a JSON key=value pair
	containing a nested object if the added object isn't NULL.

	util: json: Improve handling and docs for adding JSON objects
	The JSON structure constructor has an option to add JSON arrays to the
	constructed object. The description is inaccurate as it can add any json
	object even a dict. Change the docs to cover this option and reject
	adding NULL objects.

	util: json: Split out code to create json value objects
	Our qemu monitor code has a converter from key-value pairs to a json
	value object. I want to re-use the code later and having it part of the
	monitor command generator is inflexible. Split it out into a separate
	helper.

	qemu: hotplug: Use typecasted switch statement when plugging new devices

	conf: Add compile time check that devices were checked for ABI stability
	As in the device info iterator add a switch that will force the compiler
	to check that new device types are added to the ABI stability checker.

	conf: shmem: Add ABI stability check
	Although the device will probably inhibit migration add checks to make
	sure that the configuration change gets caught.

	conf: Improve adding of new address types
	Use typecasted switch statement and note the type used to select the
	address type in a comment.

2014-10-15  Jiri Denemark  <jdenemar@redhat.com>

	Cleanup maintainers list

2014-10-15  Cole Robinson  <crobinso@redhat.com>

	libvirt: Document UNDEFINE_NVRAM in UndefineFlags doc

2014-10-15  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: fix a wrong comment in virSocketAddrNumericFamily()

	conf: Check whether migration_address is localhost
	When enabling the migration_address option, by default it is
	set to "127.0.0.1", but it's not a valid address for migration.
	so we should add verification and set the default migration_address
	to "0.0.0.0".

	conf: add check if migration_host is a localhost address
	 Signed-off-by: Chen Fan <chen.fan.fnst@cn.fujitsu.com>

	migration: add migration_host support for IPv6 address without brackets
	if specifying migration_host to an Ipv6 address without brackets,
	it was resolved to an incorrect address, such as:
	    tcp:2001:0DB8::1428:4444,
	but the correct address should be:
	    tcp:[2001:0DB8::1428]:4444
	so we should add brackets when parsing it.

2014-10-15  Ján Tomko  <jtomko@redhat.com>

	Introduce virStringStripIPv6Brackets
	Helper function to strip the brackets from an IPv6 address.
	Tested by viruritest.

2014-10-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Use global constant for XML file size limit
	Few places still used hardcoded limit for maximum XML size for commands
	that accept XML files. The hardcoded limits ranged from 8k to 1M. Use
	VSH_MAX_XML_FILE to express this limit in a unified way. This will bump
	the limit for the commands that used hardcoded string lengths to 10M.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1152427

2014-10-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Fix description of --live/--config usage
	dommemstat and blkdeviotune's man page incorrectly stated the usage of
	--live and --config.

2014-10-13  Wang Rui  <moon.wangrui@huawei.com>

	conf: improve the comments for "xmlopt"

2014-10-12  Martin Kletzander  <mkletzan@redhat.com>

	Fix leftover typo '&' -> '&&'
	The actual origin of this so called typo are two commits.  The first one
	was commit 72f8a7f that came up with the following condition:

	if ((i == 8) & (flags & VIR_QEMU_PROCESS_KILL_FORCE))

	Fortunately this succeeded thanks to bool being (int)1 and
	VIR_QEMU_PROCESS_KILL_FORCE having the value of 1 << 0.  The check was
	then moved and altered in 8fd38231179c394f07d8a26bcbf3a0faa5eeaf24 to
	current state:

	if ((i == 50) & force)

	that will work again (both sides of '&' being booleans), but since this
	was missed so many times, it may pose a problem in the future in case it
	gets copy-pasted again.

2014-10-10  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Implement basic video device selection
	This started as an investigation into an issue where libvirt (using the
	libxl driver) and the Xen host, like an old couple, could not agree on
	who is responsible for selecting the VNC port to use.

	Things usually (and a bit surprisingly) did work because, just like that
	old couple, they had the same idea on what to do by default. However it
	was possible that this ended up in a big argument.

	The problem is that display information exists in two different places:
	in the vfbs list and in the build info. And for launching the device model,
	only the latter is used. But that never gets initialized from libvirt. So
	Xen allows the device model to select a default port while libvirt thinks
	it has told Xen that this is done by libvirt (though the vfbs config).

	While fixing that, I made a stab at actually evaluating the configuration
	of the video device. So that it is now possible to at least decide between
	a Cirrus or standard VGA emulation and to modify the VRAM within certain
	limits using libvirt.

2014-10-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: Add function to determine device model type
	This patch introduces a function to detect whether the specified
	emulator is QEMU_XEN or QEMU_XEN_TRADITIONAL.  Detection is based on the
	string "Options specific to the Xen version:" in '$qemu -help' output.
	AFAIK, the only qemu containing that string in help output is the
	old Xen fork (aka qemu-dm).

	Note:
	QEMU_XEN means a qemu that contains support for Xen.

	QEMU_XEN_TRADITIONAL means Xen's old forked qemu 0.10.2

2014-10-10  Jim Fehlig  <jfehlig@suse.com>

	Xen: Defer setting default vram value to Xen drivers
	Allow the Xen drivers to determine default vram values.  Sane
	default vaules depend on the device model being used, so the
	drivers are in the best position to determine the defaults.

	For the legacy xen driver, it is best to maintain the existing
	logic for setting default vram values to ensure there are no
	regressions.  The libxl driver currently does not support
	configuring a video device.  Support will be added in a
	subsequent patch, where the benefit of this change will be
	reaped.

2014-10-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: Copy user-specified keymap to libxl build info struct
	Commit 4dfc34c3 missed copying the user-specified keymap to
	libxl_domain_build_info struct when creating a VFB device.

2014-10-09  Shanzhi Yu  <shyu@redhat.com>

	qemu: save domain status after set domain's numa parameters
	After set domain's numa parameters for running domain, save the change,
	save the change into live xml is needed to survive restarting the libvirtd,
	same story with bug 1146511; meanwihle add call
	qemuDomainObjBeginJob/qemuDomainObjEndJob in qemuDomainSetNumaParameters

	qemu: call qemuDomainObjBeginJob/qemuDomainObjEndJob in qemuDomainSetInterfaceParameters
	add call qemuDomainObjBeginJob/qemuDomainObjEndJob in
	qemuDomainSetInterfaceParameters

	qemu: save domain status after set the blkio parameters
	After set the blkio parameters for running domain, save the change into
	live xml is needed to survive restarting the libvirtd, same story with
	bug 1146511, meanwhile add call qemuDomainObjBeginJob/qemuDomainObjEndJob
	in qemuDomainSetBlkioParameters

2014-10-09  Jiri Denemark  <jdenemar@redhat.com>

	Fix build-time pkg-config files in VPATH
	The pkg-config files in src/ make it pretty easy to build language
	bindings against an uninstalled libvirt, however, they don't work with
	VPATH builds. The reason is that all *-api.xml files are generated in
	source rather than build directory.

2014-10-08  Michal Privoznik  <mprivozn@redhat.com>

	security_selinux: Don't relabel /dev/net/tun
	https://bugzilla.redhat.com/show_bug.cgi?id=1147057

	The code for relabelling the TAP FD is there due to a race. When
	libvirt creates a /dev/tapN device it's labeled as
	'system_u:object_r:device_t:s0' by default. Later, when
	udev/systemd reacts to this device, it's relabelled to the
	expected label 'system_u:object_r:tun_tap_device_t:s0'. Hence, we
	have a code that relabels the device, to cut the race down. For
	more info see ae368ebfcc4.

	But the problem is, the relabel function is called on all TUN/TAP
	devices. Yes, on /dev/net/tun too. This is however a special kind
	of device - other processes uses it too. We shouldn't touch it's
	label then.

	Ideally, there would an API in SELinux that would label just the
	passed FD and not the underlying path. That way, we wouldn't need
	to care as we would be not labeling /dev/net/tun but the FD
	passed to the domain. Unfortunately, there's no such API so we
	have to workaround until then.

	Tested-by: Richard W.M. Jones <rjones@redhat.com>

2014-10-08  Ján Tomko  <jtomko@redhat.com>

	Fix build with older libcurl
	Add ATTRIBUTE_UNUSED marker to the unused timeout_ms option
	in esxVI_MultiCURL_TimerCallback.

	Introduced by commit 125007d.

2014-10-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Implement virDomainScreenshot using libcurl stream driver
	This implementation uses the https://esx-server/screen?id=<id> way to get
	a screenshot of a running domain. Compared to the CreateScreenshot_Task
	way this works since ESX 2.5 while CreateScreenshot_Task was added in
	version 4.0.

	The newly added libcurl stream driver is used to directly provide the
	downloaded data without saving it to a temporary file first.

2014-10-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add libcurl based stream driver
	This allows to implement libvirt functions that use streams, such as
	virDoaminScreenshot, without the need to store the downloaded data in
	a temporary file first. The stream driver directly interacts with
	libcurl to send and receive data.

	The driver uses the libcurl multi interface that allows to do a transfer
	in multiple curl_multi_perform() calls. The easy interface would do the
	whole transfer in a single curl_easy_perform() call. This doesn't work
	with the libvirt stream API that is driven by multiple calls to the
	virStreamSend() and virStreamRecv() functions.

	The curl_multi_wait() function is used to do blocking operations. But it
	was added in libcurl 7.28.0. For older versions it is emulated using the
	socket callback of the multi interface.

	The current driver only supports blocking operations. There is already
	some code in place for non-blocking mode but it is not complete.

2014-10-06  Laine Stump  <laine@laine.org>

	qemu: change macvtap device MAC address in response to NIC_RX_FILTER_CHANGED
	This patch fills in the functionality of
	processNicRxFilterChangedEvent().  It now checks if it is appropriate
	to respond to the NIC_RX_FILTER_CHANGED event (based on device type
	and configuration) and takes appropriate action. Currently it checks
	if the guest interface has been configured with
	trustGuestRxFilters='yes', and if the host side device is macvtap. If
	so, and the MAC address on the guest has changed, the MAC address of
	the macvtap device is changed to match.

	The result of this is that networking from the guest will continue to
	work if the mac address of a macvtap-connected network device is
	changed from within the guest, as long as trustGuestRxFilters='yes'
	(previously changing the MAC address in the guest would break
	networking).

2014-10-06  Laine Stump  <laine@laine.org>

	qemu: setup infrastructure to handle NIC_RX_FILTER_CHANGED event
	NIC_RX_FILTER_CHANGED is sent by qemu any time a NIC driver in the
	guest modified the NIC's RX Filter (for example, if the MAC address of
	the NIC is changed by the guest).

	This patch doesn't do anything useful with that event; it just sets up
	all the plumbing to get news of the event into a worker thread with
	all proper locking/reference counting, and provide an easy place to
	add in desired functionality.

	See src/qemu/EVENTHANDLERS.txt for information/instructions on adding
	a libvirt-internal handler for a qemu event (using
	NIC_RX_FILTER_CHANGED as an example).

2014-10-06  Laine Stump  <laine@laine.org>

	qemu: add short document on qemu event handlers
	This text was in the commit log for the patch that added the event
	handler for NIC_RX_FILTER_CHANGED, and John Ferlan expressed a desire
	that the information not be "lost", so I've put it into a file in the
	qemu directory, hoping that it might catch the attention of future
	writers of handlers for qemu events.

2014-10-06  Laine Stump  <laine@laine.org>

	qemu: qemuMonitorQueryRxFilter - retrieve guest netdev rx-filter
	This function can be called at any time to get the current status of a
	guest's network device rx-filter. In particular it is useful to call
	after libvirt recieves a NIC_RX_FILTER_CHANGED event - this event only
	tells you that something has changed in the rx-filter, the details are
	retrieved with the query-rx-filter monitor command (only available in
	the json monitor). The command sent to the qemu monitor looks like this:

	  {"execute":"query-rx-filter", "arguments": {"name":"net2"} }'

	and the results will look something like this:

	{
	    "return": [
	        {
	            "promiscuous": false,
	            "name": "net2",
	            "main-mac": "52:54:00:98:2d:e3",
	            "unicast": "normal",
	            "vlan": "normal",
	            "vlan-table": [
	                42,
	                0
	            ],
	            "unicast-table": [

	            ],
	            "multicast": "normal",
	            "multicast-overflow": false,
	            "unicast-overflow": false,
	            "multicast-table": [
	                "33:33:ff:98:2d:e3",
	                "01:80:c2:00:00:21",
	                "01:00:5e:00:00:fb",
	                "33:33:ff:98:2d:e2",
	                "01:00:5e:00:00:01",
	                "33:33:00:00:00:01"
	            ],
	            "broadcast-allowed": false
	        }
	    ],
	    "id": "libvirt-14"
	}

	This is all parsed from JSON into a virNetDevRxFilter object for
	easier consumption. (unicast-table is usually empty, but is also an
	array of mac addresses similar to multicast-table).

	(NB: LIBNL_CFLAGS was added to tests/Makefile.am because virnetdev.h
	now includes util/virnetlink.h, which includes netlink/msg.h when
	appropriate. Without LIBNL_CFLAGS, gcc can't find that file (if
	libnl/netlink isn't available, LIBNL_CFLAGS will be empty and
	virnetlink.h won't try to include netlink/msg.h anyway).)

2014-10-06  Laine Stump  <laine@laine.org>

	util: define virNetDevRxFilter and basic utility functions
	This same structure will be used to retrieve RX filter info for
	interfaces on the host via netlink messages, and RX filter info for
	interfaces on the guest via the qemu "query-rx-filter" command.

	network: set interface actual trustGuestRxFilters from network/portgroup
	As is done with other items such as vlan, virtualport, and bandwidth,
	set the actual trustGuestRxFilters value to be used by a domain
	interface according to a merge of the same attribute in the interface,
	portgroup, and network in use. the interface setting always takes
	precedence (if specified), followed by portgroup, and finally the
	setting in the network is used if it's not specified in the interface
	or portgroup.

2014-10-06  Laine Stump  <laine@laine.org>

	conf: add trustGuestRxFilters attribute to network and domain interface
	This new attribute will control whether or not libvirt will pay
	attention to guest notifications about changes to network device mac
	addresses and receive filters. The default for this is 'no' (for
	security reasons). If it is set to 'yes' *and* the specified device
	model and connection support it (currently only macvtap+virtio) then
	libvirt will watch for NIC_RX_FILTER_CHANGED events, and when it
	receives one, it will issue a query-rx-filter command, retrieve the
	result, and modify the host-side macvtap interface's mac address and
	unicast/multicast filters accordingly.

	The functionality behind this attribute will be in a later patch. This
	patch merely adds the attribute to the top-level of a domain's
	<interface> as well as to <network> and <portgroup>, and adds
	documentation and schema/xml2xml tests. Rather than adding even more
	test files, I've just added the net attribute in various applicable
	places of existing test files.

2014-10-06  John Ferlan  <jferlan@redhat.com>

	qemu: Remove possible NULL deref in debug output
	Check for !dev->info.alias was done after a VIR_DEBUG() statement
	that already tried to print - just flip sequence

	qemu: Remove need for virConnectPtr in hotunplug detach host, net
	Prior patch removed the need for the virConnectPtr in the unplug
	detach host path which caused ripple effect to remove in multiple
	callers.  The previous patch just left things as ATTRIBUTE_UNUSED -
	this patch will remove the variable.

2014-10-06  John Ferlan  <jferlan@redhat.com>

	qemu: Fix hot unplug of SCSI_HOST device
	https://bugzilla.redhat.com/show_bug.cgi?id=1141732

	Introduced by commit id '8f76ad99' the logic to detach a scsi_host
	device (SCSI or iSCSI) fails when attempting to remove the 'drive'
	because as I found in my investigation - the DelDevice takes care of
	that for us.

	The investigation turned up commits to adjust the logic for the
	qemuMonitorDelDevice and qemuMonitorDriveDel processing for interfaces
	(commit id '81f76598'), disk bus=VIRTIO,SCSI,USB (commit id '0635785b'),
	and chr devices (commit id '55b21f9b'), but nothing with the host devices.

	This commit uses the model for the previous set of changes and applies
	it to the hostdev path. The call to qemuDomainDetachHostSCSIDevice will
	return to qemuDomainDetachThisHostDevice handling either the audit of
	the failure or the wait for the removal and then call into
	qemuDomainRemoveHostDevice for the event, removal from the domain hostdev
	list, and audit of the removal similar to other paths.

	NOTE: For now the 'conn' param to +qemuDomainDetachHostSCSIDevice is left
	as ATTRIBUTE_UNUSED.  Removing requires a cascade of other changes to be
	left for a future patch.

2014-10-06  Eric Blake  <eblake@redhat.com>

	maint: update .mailmap
	Consolidate several commits made by James:
	https://www.redhat.com/archives/libvir-list/2014-September/msg01156.html

2014-10-06  Ján Tomko  <jtomko@redhat.com>

	Include .libs in libdir in source tree pkg-config files
	This lets me build against an uninstalled source tree without
	libtool.

2014-10-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in drvlxc
	s/the/The

2014-10-04  Martin Kletzander  <mkletzan@redhat.com>

	minor shmem clean-ups

2014-10-03  Martin Kletzander  <mkletzan@redhat.com>

	util: Prepare URI formatting for libxml2 >= 2.9.2
	Since commit 8eb55d782a2b9afacc7938694891cc6fad7b42a5 libxml2 removes
	two slashes from the URI when there is no server part.  This is fixed
	with beb7281055dbf0ed4d041022a67c6c5cfd126f25, but only if the calling
	application calls xmlSaveUri() on URI that xmlURIParse() parsed.  And
	that is not the case in virURIFormat().  virURIFormat() accepts
	virURIPtr that can be created without parsing it and we do that when we
	format network storage paths for gluster for example.  Even though
	virStorageSourceParseBackingURI() uses virURIParse(), it throws that data
	structure right away.

	Since we want to format URIs as URIs and not absolute URIs or opaque
	URIs (see RFC 3986), we can specify that with a special hack thanks to
	commit beb7281055dbf0ed4d041022a67c6c5cfd126f25, by setting port to -1.

	This fixes qemuxml2argvtest test where the disk-drive-network-gluster
	case was failing.

2014-10-03  Martin Kletzander  <mkletzan@redhat.com>

	vbox: remove unused code that causes build failures
	Since 87dea4fcffb2d1b120e7841adc0e3d8ea97ed777 vboxGetDrivers() is not
	used for getting the vbox network driver.  The only call the code does
	is using NULL as the @networkDriver_ret param , but the code still used
	vbox[0-9][0-9]NetworkDriver that didn't exist anymore.

	qemu: Build command line for ivshmem device
	This patch implements support for the ivshmem device in QEMU.

2014-10-03  Maxime Leroy  <maxime.leroy@6wind.com>

	qemu: add capability probing for ivshmem device
	Ivshmem is supported by QEMU since 0.13 release.

2014-10-03  Martin Kletzander  <mkletzan@redhat.com>

	docs, conf, schema: add support for shmem device
	This patch adds parsing/formatting code as well as documentation for
	shared memory devices.  This will currently be only accessible in QEMU
	using it's ivshmem device, but is designed as generic as possible to
	allow future expansion for other hypervisors.

	In the devices section in the domain XML users may specify:

	- For shmem device using a server:

	 <shmem name='shmem0'>
	   <server path='/tmp/socket-ivshmem0'/>
	   <size unit='M'>32</size>
	   <msi vectors='32' ioeventfd='on'/>
	 </shmem>

	- For ivshmem device not using an ivshmem server:

	 <shmem name='shmem1'>
	   <size unit='M'>32</size>
	 </shmem>

	Most of the configuration is made optional so it also allows
	specifications like:

	 <shmem name='shmem1/>
	 <shmem name='shmem2'>
	   <server/>
	 </shmem>

2014-10-03  Eric Blake  <eblake@redhat.com>

	qemu: support nospace reason in io error event
	Aeons ago (commit 34dcbbb4, v0.8.2), we added a new libvirt event
	(VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON) in order to tell the user WHY
	the guest halted.  This is because at least VDSM wants to react
	differently to ENOSPC events (resize the lvm partition to be larger,
	and resume the guest as if nothing had happened) from all other events
	(I/O is hosed, throw up our hands and flag things as broken).  At the
	time this was done, downstream RHEL qemu added a vendor extension
	'__com.redhat_reason', which would be exactly one of these strings:
	"enospc", "eperm", "eio", and "eother".  In our stupidity, we exposed
	those exact strings to clients, rather than an enum, and we also
	return "" if we did not have access to a reason (which was the case
	for upstream qemu).

	Fast forward to now: upstream qemu commit c7c2ff0c (will be qemu 2.2)
	FINALLY adds a 'nospace' boolean, after discussion with multiple
	projects determined that VDSM really doesn't care about distinction
	between any other error types.  So this patch converts 'nospace' into
	the string "enospc" for compatibility with RHEL clients that were
	already used to the downstream extension, while leaving the reason
	blank for all other cases (no change from the status quo).

	See also https://bugzilla.redhat.com/show_bug.cgi?id=1119784

	* src/qemu/qemu_monitor_json.c (qewmuMonitorJSONHandleIOError):
	Parse reason field from modern qemu.
	* include/libvirt/libvirt.h.in
	(virConnectDomainEventIOErrorReasonCallback): Document it.

2014-10-03  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't compare CPU against host for TCG
	Right now when building the qemu command line, we try to do various
	unconditional validations of the guest CPU against the host CPU. However
	this checks are overly applied. The only time we should use the checks
	are:

	- The user requests host-model/host-passthrough, or

	- When KVM is requsted. CPU features requested in TCG mode are always
	  emulated by qemu and are independent of the host CPU, so no host CPU
	  checks should be performed.

	Right now if trying to specify a CPU for arm on an x86 host, it attempts
	to do non-sensical validation and falls over.

	Switch all the test cases that were intending to test CPU validation to
	use KVM, so they continue to test the intended code.

	Amend some aarch64 XML tests with a CPU model, to ensure things work
	correctly.

2014-10-03  Cole Robinson  <crobinso@redhat.com>

	qemu_command: Split qemuBuildCpuArgStr
	Move the CPU mode/model handling to its own function. This is just
	code movement and re-indentation.

2014-10-03  Shanzhi Yu  <shyu@redhat.com>

	configure: improve misleading libnl3-devel missing error message
	When building libvirt from source with netcf-devel installed, the
	configure script reports error "libnl-devel >=3.0 is required for
	macvtap support", while actually libnl3-devel is required.

2014-10-03  Shanzhi Yu  <shyu@redhat.com>

	qemu: Improve domainSetTime error info report
	check domain's status before call virQEMUCapsGet to report a accurate
	error when domain is shut off

	Resolve: https://bugzilla.redhat.com/show_bug.cgi?id=1147847

2014-10-03  Michal Privoznik  <mprivozn@redhat.com>

	Makefile: Fix build without driver modules
	After 87dea4fcf one can observe a build failure:

	./autogen.sh --system --without-driver-modules && make

	  CCLD     libvirtd
	../src/.libs/libvirt_driver_vbox.a(libvirt_driver_vbox_impl_la-vbox_driver.o):
	In function `vboxNetworkRegister':
	/home/jtomko/work/libvirt/libvirt.git/src/vbox/vbox_driver.c:168: undefined
	reference to `vboxGetNetworkDriver'
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

	The problem is that when building without driver modules the VBOX
	network driver is not linked into the the VBOX driver.

2014-10-03  Taowei  <uaedante@gmail.com>

	vbox: New network driver
	This patch seperate the domain driver and the network driver.

	libvirt_driver_vbox_impl.la has been linked in the network driver.
	So that the version specified codes in vbox_V*.c would only be
	compiled once.

	The vboxGetNetworkDriver provides a simple interface to get vbox
	network driver.

2014-10-03  Taowei  <uaedante@gmail.com>

	vbox: Rewrite vboxNetworkGetXMLDesc

	vbox: Rewrite vboxNetworkCreate

	vbox: Rewrite vboxNetworkUndefineDestroy
	This patch rewrites two public APIs. They are vboxNetworkUndefine
	and vboxNetworkDestroy. They use the same core function
	vboxNetworkUndefineDestroy. I merged it in one patch.

	vbox: Rewrite vboxNetworkDefineCreateXML
	This patch actually contains two public API, virNetworkDefineXML
	and virNetworkCreateXML. They use the same core function
	vboxNetworkDefineCreateXML. So I merged it together.

	vbox: Rewrite vboxNetworkLookupByName

	vbox: Rewrite vboxNetworkLookupByUUID

	vbox: Rewrite vboxConnectListDefinedNetworks

	vbox: Rewrite vboxConnectNumOfDefinedNetworks

	vbox: Rewrite vboxConnectListNetworks

	vbox: Rewrite vboxConnectNumOfNetworks

	vbox: Rewrite vboxNetworkClose

	vbox: Rewrite vboxNetworkOpen

2014-10-03  Taowei  <uaedante@gmail.com>

	vbox: Interfaces for register per parties
	The patch dbb4cbf532fa by Michal has splited the vbox driver into
	three parties. This modification brings a more suitable interface
	to the previous patch.

	The new function vboxGetDriver is introduced to get the
	corresponding vbox domain driver directly thought the vbox version.

	Functions like vboxGetNetworkDriver and vboxGetStorageDriver
	will be introduced after rewriting it's drivers.

	This patch, by the way, fixed the align problem for vbox in
	Makefile.am

2014-10-02  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix updating balloon period in live XML
	Up until now, we set memballoon period in monitor successfully, however
	we did not update domain definition structure, thus dumpxml was omitting
	period attribute in memballoon element

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140960

2014-10-02  Erik Skultety  <eskultet@redhat.com>

	qemu: Fix updating bandwidth limits in live XML
	When trying to update bandwidth limits on a running domain, limits get
	updated in our internal structures, however XML parser reads
	bandwidth limits from network 'actual' definition. Committing this patch
	it is now available to update bandwidth 'actual' definition as well,
	thus updating domain runtime XML.

2014-10-02  Ján Tomko  <jtomko@redhat.com>

	Add virCgroupTerminateMachine stub
	Fix the build on FreeBSD, broken by commit 4882618.

2014-10-02  Eric Blake  <eblake@redhat.com>

	build: fix build on non-Linux
	A cygwin build of 1.2.9 fails with:

	util/virprocess.c:87:27: fatal error: sys/syscall.h: No such file or directory
	 #  include <sys/syscall.h>

	But in reality, the ONLY user of setns() is lxc, which is Linux-only.
	It's easiest to just limit the setns workarounds to Linux.

	* src/util/virprocess.c (setns): Limit definition to Linux.

2014-10-01  Guido Günther  <agx@sigxcpu.org>

	Make editor used for 'virsh edit' configurable
	Debian wants to use 'sensible-editor' instead of vi other distros might
	want to use other defaults. This avoids distro specific patches.

2014-10-01  Guido Günther  <agx@sigxcpu.org>

	qemu: use systemd's TerminateMachine to kill all processes
	If we don't properly clean up all processes in the
	machine-<vmname>.scope systemd won't remove the cgroup and subsequent vm
	starts fail with

	  'CreateMachine: File exists'

	Additional processes can e.g. be added via

	  echo $PID > /sys/fs/cgroup/systemd/machine.slice/machine-${VMNAME}.scope/tasks

	but there are other cases like

	  http://bugs.debian.org/761521

	Invoke TerminateMachine to be on the safe side since systemd tracks the
	cgroup anyway. This is a noop if all processes have terminated already.

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	maint: Prohibit "devname" by a syntax check rules
	and tweak the code to avoid using it.

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Avoid shadowing variable "devname" on FreeBSD. Again.
	FreeBSD's compiler complains that we shadow the symbol. Sigh.

	s/devname/dev_name/

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: json: Fix missing break in error reporting function
	Otherwise we'd report a different error.

	Reported by John Ferlan's coverity run.

2014-10-01  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: add block allocation information
	Management software wants to be able to allocate disk space on demand.
	To support this they need keep track of the space occupation of the
	block device.  This information is reported by qemu as part of block
	stats.

	This patch extend the block information in the bulk stats with the
	allocation information.

	To keep the same behaviour a helper is extracted from
	qemuMonitorJSONGetBlockExtent in order to get per-device allocation
	information.

2014-10-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add helper function to fill physical/virtual image size
	While our code gathers block stats via "query-blockstats" some
	information need to be gathered via "query-block". Add a helper function
	that will update the blockstats structure if requested.

	Bump version to 1.2.10 for new dev cycle

2014-10-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.9
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: updated localizations and regenerated

2014-10-01  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: fix domain deadlock
	If you use public api virConnectListAllDomains() with second parameter
	set to NULL to get only the number of domains you will lock out all
	other operations with domains.

	Introduced by commit 2c680804.

2014-09-30  Chris St. Pierre  <chris.a.st.pierre@gmail.com>

	Allow setting migration max downtime any time
	This removes the artificial and unnecessary restriction that
	virDomainSetMaxDowntime() only be called while a migration is in
	progress.

	https://bugzilla.redhat.com/show_bug.cgi?id=1146618

2014-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Avoid shadowing variable "devname" on FreeBSD
	FreeBSD's compiler complains that we shadow the symbol. Sigh.

	s/devname/dev_name/

2014-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: return block stats data as a hash to avoid disk mixup
	The current block stats code matched up the disk name with the actual
	stats by the order in the data returned from qemu. This unfortunately
	isn't right as qemu may return the disks in any order. Fix this by
	returning a hash of stats and index them by the disk alias.

2014-09-30  Ján Tomko  <jtomko@redhat.com>

	Also filter out non-migratable features out of host-passthrough
	Commit de0aeaf filtered them out from the host-model features,
	to allow host-model to be migratable by default.

	Even though they are not passed to QEMU for host-passthrough,
	(and not enabled by default) filter them out too
	so the user does not think the domain has them.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147584

2014-09-30  Ján Tomko  <jtomko@redhat.com>

	Don't verify CPU features with host-passthrough
	Commit fba6bc4 introduced the non-migratable invtsc feature,
	breaking save/migration with host-model and host-passthrough.

	On hosts with this feature present it was automatically included
	in the CPU definition, regardless of QEMU support.

	Commit de0aeaf stopped including it by default for host-model,
	but failed to fix host-passthrough.

	This commit ignores checking of CPU features with host-passthrough,
	since we don't pass them to QEMU (only -cpu host is passed),
	allowing domains using host-passthrough that were saved with
	the broken version of libvirtd to be restored.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147584

2014-09-29  Ján Tomko  <jtomko@redhat.com>

	Fix crash cpu_shares change event crash on domain startup
	Introduced by commit 0dce260.

	qemuDomainEventQueue was called with qemuDomainObjPrivatePtr instead
	of virQEMUDriverPtr.

	https://bugzilla.redhat.com/show_bug.cgi?id=1147494

2014-09-29  Erik Skultety  <eskultet@redhat.com>

	storage: Fix logical pool fmt type
	According to our documentation logical pool supports formats 'auto' and
	'lvm2'. However, in storage_conf.c we previously defined storage pool
	formats: unknown, lvm2. Due to backward compatibility reasons
	we must continue refer to pool format type 'unknown' instead of 'auto'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1123767

2014-09-29  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	virsh: Fix help message of allocpages
	Fix info in the command definition of allocpages, which is currently
	pointing info for 'capabilities'.

2014-09-26  Guido Günther  <agx@sigxcpu.org>

	qemu: remove capabilities.monitor.sock when done
	Prompted by

	   http://bugs.debian.org/761131

2014-09-26  Jincheng Miao  <jmiao@redhat.com>

	conf: report error in virCPUDefParseXML
	When detected invalid 'memAccess', virCPUDefParseXML should report error.

	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1146334

2014-09-26  Ján Tomko  <jtomko@redhat.com>

	Check for NULL in qemu monitor event filter
	When virConnectDomainQemuMonitorEventRegister is called with the
	VIR_CONNECT_DOMAIN_QEMU_MONITOR_EVENT_REGISTER_REGEX flag,
	ignore the flag instead of crashing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1144920

2014-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo s/EMULATORIN/EMULATORPIN/
	Fix the typo in VIR_DOMAIN_TUNABLE_CPU_EMULATORIN

2014-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Rename tunable event constants
	For the new VIR_DOMAIN_EVENT_ID_TUNABLE event we have a bunch of
	constants added

	   VIR_DOMAIN_EVENT_CPUTUNE_<blah>
	   VIR_DOMAIN_EVENT_BLKDEVIOTUNE_<blah>

	This naming convention is bad for two reasons

	  - There is no common prefix unique for the events to both
	    relate them, and distinguish them from other event
	    constants

	  - The values associated with the constants were chosen
	    to match the names used with virConnectGetAllDomainStats
	    so having EVENT in the constant name is not applicable in
	    that respect

	This patch proposes renaming the constants to

	    VIR_DOMAIN_TUNABLE_CPU_<blah>
	    VIR_DOMAIN_TUNABLE_BLKDEV_<blah>

	ie, given them a common VIR_DOMAIN_TUNABLE prefix.

2014-09-26  Michal Privoznik  <mprivozn@redhat.com>

	lxc_monitor_protocol: Redefine xdr_uint64_t if needed
	https://bugzilla.redhat.com/show_bug.cgi?id=993411

	On some systems (using libtirpc instead of glibc's
	implementation), xdr_uint64_t exists rather under different name:
	xdr_u_int64_t. This makes compilation fail then:

	libvirt_lxc-lxc_monitor_protocol.o: In function `xdr_virLXCMonitorInitEventMsg':
	/usr/local/src/libvirt/libvirt-1.1.1/src/./lxc/lxc_monitor_protocol.c:31: undefined reference to `xdr_uint64_t'

	Therefore we rather mirror the d707c866 commit and redefine
	xdr_uint64_t if needed.

2014-09-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuPrepareNVRAM: Save domain after NVRAM path generation
	On a domain startup, the variable store path is generated if needed.
	The path is intended to be generated only once. However, the updated
	domain definition is not saved into config dir rather than state XML
	only. So later, whenever the domain is destroyed and the daemon is
	restarted, the generated path is forgotten and the file may be left
	behind on virDomainUndefine() call.

2014-09-26  Michal Privoznik  <mprivozn@redhat.com>

	remoteNodeGetFreePages: Don't alloc args.pages.pages_val
	There's no one to free() it anyway. Instead, we can just pass the
	provided array pointer directly.

	==20039== 48 bytes in 4 blocks are definitely lost in loss record 658 of 787
	==20039==    at 0x4C2A700: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20039==    by 0x4EA661F: virAllocN (viralloc.c:191)
	==20039==    by 0x50386EF: remoteNodeGetFreePages (remote_driver.c:7625)
	==20039==    by 0x5003504: virNodeGetFreePages (libvirt.c:21379)
	==20039==    by 0x154625: cmdFreepages (virsh-host.c:374)
	==20039==    by 0x12F718: vshCommandRun (virsh.c:1935)
	==20039==    by 0x1339FB: main (virsh.c:3747)

2014-09-26  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	nodeinfo: fix version of nodeAllocPages
	Fix comments about the version in which '.nodeAllocPages' are added.

2014-09-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Always re-detect backing chain
	Since 363e9a68 we track backing chain metadata when creating snapshots
	the right way even for the inactive configuration. As we did not yet
	update other code paths that modify the backing chain (blockpull) the
	newDef backing chain gets out of sync.

	After stopping of a VM the new definition gets copied to the next start
	one. The new VM then has incorrect backing chain info. This patch
	switches the backing chain detector to always purge the existing backing
	chain and forces re-detection to avoid this issue until we'll have full
	backing chain tracking support.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1144922

2014-09-26  Pavel Hrdina  <phrdina@redhat.com>

	event_example: cleanup example code for tunable event

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virNodeAllocPages: Disallow RO connection
	Due to a missing check the API can be successfully called even if
	the connection is ReadOnly. Fortunately, the API hasn't been
	released yet, so there's no need for a CVE.

2014-09-25  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: login to parallels SDK
	Add files parallels_sdk.c and parallels_sdk.h for code
	which works with SDK, so libvirt's code will not mix with
	dealing with parallels SDK.

	To use Parallels SDK you must first call PrlApi_InitEx function,
	and then you will be able to connect to a server with
	PrlSrv_LoginLocalEx function. When you've done you must call
	PrlApi_Deinit. So let's call PrlApi_InitEx on first .connectOpen,
	count number of connections and deinitialize, when this counter
	becomes zero.

2014-09-25  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: build with parallels SDK
	Executing prlctl command is not an optimal way to interact with
	Parallels Cloud Server (PCS), it's better to use parallels SDK,
	which is a remote API to paralles dispatcher service.

	We prepared opensource version of this SDK and published it on
	github, it's distributed under LGPL license. Here is a git repo:
	https://github.com/Parallels/parallels-sdk.

	To build with parallels SDK user should get compiler and linker
	options from pkg-config 'parallels-sdk' file. So fix checks in
	configure script and build with parallels SDK, if that pkg-config
	file exists and add gcc options to makefile.

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virnetserver: Raise log level of max_clients related messages
	We have these configuration knobs, like max_clients and
	max_anonymous_clients. They limit the number of clients
	connected.  Whenever the limit is reached, the daemon stops
	accepting new ones and resumes if one of the connected clients
	disconnects. If that's the case, a debug message is printed into
	the logs. And when the daemon starts over to accept new clients
	too. However, the problem is the messages have debug priority.
	This may be unfortunate, because if the daemon stops accepting
	new clients all of a sudden, and users don't have debug logs
	enabled they have no idea what's going on. Raise the messages
	level to INFO at least.

2014-09-25  Pavel Hrdina  <phrdina@redhat.com>

	polkit_driver: fix possible segfault
	The changes in commit c7542573 introduced possible segfault. Looking
	deeper into the code and the original code before the patch series were
	applied I think that we should report error for each function failure
	and also we shouldn't call some of the function twice.

	Found by coverity.

2014-09-25  Pavel Hrdina  <phrdina@redhat.com>

	blkdeviotune: trigger tunable event for blkdeviotune updates
	Use the universal tunable event to report changes to user. All
	blkdeviotune values are prefixed with "blkdeviotune".

	blkdeviotune: fix bug with saving values into live XML
	When you updated some blkdeviotune values for running domain the values
	were stored only internally, but not saved into the live XML so they
	won't survive restarting the libvirtd.

	Fix build without polkit
	The commit 1b854c76 introduced a new function 'virPolkitCheckAuth' and
	in the #else section when you don't have polkit all attributes should be
	follwed by ATTRIBUTE_UNUSED.

	tunable_event: extend debug message and tweak limit for remote message
	It would be nice to also print a params pointer and number of params in
	the debug message and the previous limit for number of params in the rpc
	message was too large. The 2048 params will be enough for future events.

2014-09-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose virNodeAllocPages
	The new virsh command is named 'allocpages'.

	nodeinfo: Implement nodeAllocPages
	And add stubs to other drivers like: lxc, qemu, uml and vbox.

	virnuma: Introduce virNumaSetPagePoolSize
	This internal API can be used to allocate or free some pages in
	the huge pages pool.

	Introduce virNodeAllocPages
	A long time ago in a galaxy far, far away it has been decided
	that libvirt will manage not only domains but host as well. And
	with my latest work on qemu driver supporting huge pages, we miss
	the cherry on top: an API to allocate huge pages on the run.
	Currently users are forced to log into the host and adjust the
	huge pages pool themselves.  However, with this API the problem
	is gone - they can both size up and size down the pool.

	nodeGetFreePages: Push forgotten change
	In the previous patch I've changed the for loop bounds but forgot
	to 'git add' changes that adapt the rest of the code.

2014-09-24  Cole Robinson  <crobinso@redhat.com>

	security: Fix labelling host devices (bz 1145968)
	The check for ISCSI devices was missing a check of subsys type, which
	meant we could skip labelling of other host devices as well. This fixes
	USB hotplug on F21

	https://bugzilla.redhat.com/show_bug.cgi?id=1145968

2014-09-24  Pavel Hrdina  <phrdina@redhat.com>

	Fix MinGW build
	When building on mingw the format string for long long/unsigned long
	long have to be I64d/I64u instead of lld/llu.

2014-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Convert polkit code to use DBus API instead of CLI helper
	Spawning the pkcheck program every time a permission check is
	required is hugely expensive on CPU. The pkcheck program is just
	a dumb wrapper for the DBus API, so rewrite the code to use the
	DBus API directly. This also simplifies error handling a bit.

2014-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Support passing dict by reference for dbus messages
	Currently DBus dict values must be passed inline

	   virDBusMessageEncode("a{ss}",
	                        3,
	                        "key1", "val1",
	                        "key2", "val2",
	                        "key3", "val3");
	   virDBusMessageDecode("a{ss}",
	                        3,
	                        &key1, &val1,
	                        &key2, &val2,
	                        &key3, &val3);

	This allows them to be passed by reference

	   const char **dictin = {
	      "key1", "val1",
	      "key2", "val2",
	      "key3", "val3"
	   };
	   char **dictout;
	   size_t ndictout;

	   virDBusMessageEncode("a&{ss}",
	                        ARRAY_CARDINALITY(dict) / 2,
	                        dictin);
	   virDBusMessageDecode("a&{ss}",
	                        &ndictout,
	                        &dictout);

2014-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Convert remote daemon & acl code to use polkit API
	Convert the remote daemon auth check and the access control
	code to use the common polkit API for checking auth.

	Convert callers to use typesafe APIs for getting identity attrs
	Convert virAccessDriverPolkitFormatProcess to use typesafe API
	for getting process ID attribute.

	Convert callers to use typesafe APIs for setting identity attrs
	Update virNetServerClientCreateIdentity and virIdentityGetSystem
	to use the new typesafe APIs for setting identity attributes

	Add typesafe APIs for virIdentity attributes
	Instead of requiring the caller to format to/from strings,
	add typesafe APIs todo this work.

2014-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Add common API for doing polkit authentication
	There are now two places in libvirt which use polkit. Currently
	they use pkexec, which is set to be replaced by direct DBus API
	calls. Add a common API which they will both be able to use for
	this purpose.

	No tests are added at this time, since the impl will be gutted
	in favour of a DBus API call shortly.

2014-09-24  Ján Tomko  <jtomko@redhat.com>

	qemu: wire up virtio-net segment offloading options
	Format the segment offloading options specified by
	<driver>
	  <host .../>
	  <guest .../>
	</driver>
	on virtio-net command line.

	conf: add options for disabling segment offloading
	Add options for tuning segment offloading:
	<driver>
	  <host csum='off' gso='off' tso4='off' tso6='off'
	        ecn='off' ufo='off'/>
	  <guest csum='off' tso4='off' tso6='off' ecn='off' ufo='off'/>
	</driver>
	which control the respective host_ and guest_ properties
	of the virtio-net device.

2014-09-24  Jincheng Miao  <jmiao@redhat.com>

	nodeinfo: fix nodeGetFreePages when max node is zero
	In nodeGetFreePages, if startCell is given by '0',
	and the max node number is '0' too. The for-loop
	wouldn't be executed.
	So convert it to while-loop.

	Before:
	> virsh freepages --cellno 0 --pagesize 4
	error: internal error: no suitable info found

	After:
	> virsh freepages --cellno 0 --pagesize 4
	4KiB: 472637

2014-09-24  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: emphasis uid start of idmap only accept '0' in docs
	We don't accept any other values except '0'.

2014-09-24  Pavel Hrdina  <phrdina@redhat.com>

	Fix bug with loading bridge name for active domain during libvirtd start
	If you have a bridge network in running domain and libvirtd is restarted
	the information about host bridge interface is lost from live xml.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140085

2014-09-24  Peter Krempa  <pkrempa@redhat.com>

	storage: Improve error message when traversing backing chains
	Report also the name of the parent file and uid/gid used to access it to
	help debugging broken storage configurations.

2014-09-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Report better errors from broken backing chains
	Request erroring out from the backing chain traveller and drop qemu's
	internal backing chain integrity tester.

	The backing chain traveller reports errors by itself with possibly more
	detail than qemuDiskChainCheckBroken ever could.

	We also need to make sure that we reconnect to existing qemu instances
	even at the cost of losing the backing chain info (this really should be
	stored in the XML rather than reloaded from disk, but that needs some
	work).

2014-09-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Sanitize argument names and empty disk check in qemuDomainDetermineDiskChain
	Reuse virStorageSourceIsEmpty and rename "force" argument to
	"force_probe".

2014-09-24  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Allow metadata crawler to report useful errors
	Add a new parameter to virStorageFileGetMetadata that will break the
	backing chain detection process and report useful error message rather
	than having to use virStorageFileChainGetBroken.

	This patch just introduces the option, usage will be provided
	separately.

2014-09-23  Jim Fehlig  <jfehlig@suse.com>

	libvirt-guests: run after time-sync.target
	When libvirt-guests is configured to start guests on host
	boot, it is possible for guests start and read the host
	clock before it is synchronized.  Services such as
	libvirt-guests that require correct time should use the
	Special Passive System Unit time-sync.target

	http://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target

2014-09-23  Pavel Hrdina  <phrdina@redhat.com>

	cputune_event: queue the event for cputune updates
	Now we have universal tunable event so we can use it for reporting
	changes to user. The cputune values will be prefixed with "cputune" to
	distinguish it from other tunable events.

	add an example how to use tunable event

	event: introduce new event for tunable values
	This new event will use typedParameters to expose what has been actually
	updated and the reason is that we can in the future extend any tunable
	values or add new tunable values. With typedParameters we don't have to
	worry about creating some other events, we will just use this universal
	event to inform user about updates.

2014-09-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak in RDMA migration code

2014-09-23  Martin Kletzander  <mkletzan@redhat.com>

	conf: sanitize tap and vhost paths

2014-09-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNumaArgStr: Discard def->cpu check
	In the function at one place we check if def->cpu is NULL prior
	to accessing def->cpu->ncells. Then, later in the code,
	def->cpu->ncells is accessed directly, without the check. This
	makes coverity unhappy, because the first check makes it think
	def->cpu can be NULL. However, the function is not called if
	def->cpu is NULL. Therefore, remove the first check and hopefully
	make coverity cheer again.

	nodeinfo: Prefer MIN in nodeGetFreePages
	It's better to use a macro instead of if-else construct.

2014-09-23  Pavel Hrdina  <phrdina@redhat.com>

	domain_conf: separate structures from virDomainDef
	Cleanup virDomanDef structure from other nested structure and create
	separate type definition for them.

	Fix a typo in virDomainHugePage.

2014-09-23  Jincheng Miao  <jmiao@redhat.com>

	Fix typo of virNodeGetFreePages comment

	nodeinfo: report error when given node is out of range
	https://bugzilla.redhat.com/show_bug.cgi?id=1145050

2014-09-23  Jincheng Miao  <jmiao@redhat.com>

	virsh-host: fix pagesize unit of freepages
	The unit of '--pagesize' of freepages is kibibytes.

	https://bugzilla.redhat.com/show_bug.cgi?id=1145048

2014-09-23  Michael R. Hines  <mrhines@us.ibm.com>

	qemu: Memory pre-pinning support for RDMA migration
	RDMA Live migration requires registering memory with the hardware, and
	thus QEMU offers a new 'capability' to pre-register / mlock() the guest
	memory in advance for higher RDMA performance before the migration
	begins. This capability is disabled by default, which means QEMU will
	register the memory with the hardware in an on-demand basis.

	This patch exposes this capability with the following example usage:

	virsh migrate --live --rdma-pin-all --migrateuri rdma://hostname domain qemu+ssh://hostname/system

2014-09-23  Michael R. Hines  <mrhines@us.ibm.com>

	qemu: RDMA migration support
	This patch adds support for RDMA protocol in migration URIs.

	USAGE: $ virsh migrate --live --migrateuri rdma://hostname domain qemu+ssh://hostname/system

	Since libvirt runs QEMU in a pretty restricted environment, several
	files needs to be added to cgroup_device_acl (in qemu.conf) for QEMU to
	be able to access the host's infiniband hardware. Full documenation of
	the feature can be found on QEMU wiki:
	http://wiki.qemu.org/Features/RDMALiveMigration

2014-09-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add RDMA migration capabilities

	qemu: Prepare support for arbitrary migration protocol
	Currently we only support TCP protocol for native QEMU migration but
	this is going to be changed. Let's make the code more general and remove
	hardcoded TCP protocol from several places.

	qemu: Fix old tcp:host URIs more cleanly
	For compatibility with old libvirt we need to support both tcp:host and
	tcp://host migration URIs. Let's make the code that parses them a bit
	cleaner.

2014-09-23  Michael R. Hines  <mrhines@us.ibm.com>

	qemu: Expose additional migration statistics
	RDMA migration uses the 'setup' state in QEMU to optionally lock
	all memory before the migration starts. The total time spent in
	this state is exposed as VIR_DOMAIN_JOB_SETUP_TIME.

	Additionally, QEMU also exports migration throughput (mbps) for both
	memory and disk, so let's add them too: VIR_DOMAIN_JOB_MEMORY_BPS,
	VIR_DOMAIN_JOB_DISK_BPS.

2014-09-23  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	cpu: fix wrong single quote mark

2014-09-22  Daniel P. Berrange  <berrange@redhat.com>

	cpu: remove repeated word in error message

2014-09-22  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an error when trying to use readonly sata disks
	commit 72f919f558902968bd0cf9f99f25ac62cbfe3ac6 introduced an user
	friendly error message when trying to use IDE disks as readonly.

	Do the same thing for the SATA bus.

	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1112939

2014-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: hook: Provide hook when restoring a domain save image

2014-09-22  Jianwei Hu  <jiahu@redhat.com>

	docs: specify vhost-net instead of net-vhost
	For the tap backend the default is specified and the same should be
	done for the vhost attribute.

	schema: properly set tap and vhost backend attributes optional
	Each attribute is optional, commit af8b4a2 forgot to mention that.

2014-09-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: save image: Split out checks done only when editing the save img
	Move them to the single corresponding function rather than having them
	in the common chunk of code.

	qemu: save image: Split out new definition check/update
	Split out the call to the update method only to places where it is
	actually used rather than having a mega-method that does all the stuff.

	qemu: save image: Add possibility to return XML stored in the image
	Add a new parameter that will allow to return the XML stored in the save
	image for further manipulation and adjust the callers. This option will
	be used in later patches.

	qemu: save image: Split out user provided XML checker
	Extract code used to check save image XMLs provided by users to separate
	use.

2014-09-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: Drop driver lock in libxlDomainDefineXML
	There is no need to acquire the driver-wide lock in
	libxlDomainDefineXML.  When switching to jobs in the libxl
	driver, most driver-wide locks were removed.  The locking here
	was preserved since I mistakenly thought virDomainObjListAdd
	needed protection.  This is not the case, so remove the
	unnecessary locking.

2014-09-19  John Ferlan  <jferlan@redhat.com>

	qemu: Process the hostdev "rawio" setting
	Mimic the "Disk" processing for 'rawio', but for a scsi_host hostdev
	lun device.

	hostdev: Add "rawio" attribute to _virDomainHostdevSubsysSCSI
	Add the 'rawio' attribute to match _virDomainDiskDef and process the
	hostdev XML similarly to the disk XML for a lun which supports/requires rawio

	domain_conf: Change virDomainDiskDef 'rawio' to use virTristateBool
	Adjust disk definition for 'rawio' to use the TristateBool logic

2014-09-19  John Ferlan  <jferlan@redhat.com>

	qemu: Add missing goto on rawio
	Commit id '9a2f36ec' added a build conditional of CAP_SYS_RAWIO
	in order to determine whether or not a disk definition using rawio
	should be allowed on platforms without CAP_SYS_RAWIO. If one was
	found, virReportError was used but the code didn't goto cleanup.

	This patch adds the goto.

2014-09-19  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add HOME environment variable docs
	commit
	3020594ac57c5e06e79f3db8c765f6bb18c40802
	add HOME environment variable.
	Add a doc for this.

2014-09-19  Pavel Hrdina  <phrdina@redhat.com>

	Move the FIPS detection from capabilities
	We are not detecting the presence of FIPS from QEMU, but from procfs and
	that means it's not QEMU capability. It was decided that we will pass
	this flag to QEMU even if it's not supported by old QEMU binaries.

	This patch also reverts changes done by commit a21cfb0f to
	qemucapabilitestest and implements a new test case in qemuxml2argvtest.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1135431

2014-09-18  Michal Privoznik  <mprivozn@redhat.com>

	virSecuritySELinuxSetTapFDLabel: Temporarily revert to old behavior
	https://bugzilla.redhat.com/show_bug.cgi?id=1141879

	A long time ago I've implemented support for so called multiqueue
	net.  The idea was to let guest network traffic be processed by
	multiple host CPUs and thus increasing performance. However, this
	behavior is enabled by QEMU via special ioctl() iterated over the
	all tap FDs passed in by libvirt. Unfortunately, SELinux comes in
	and disallows the ioctl() call because the /dev/net/tun has label
	system_u:object_r:tun_tap_device_t:s0 and 'attach_queue' ioctl()
	is not allowed on tun_tap_device_t type. So after discussion with
	a SELinux developer we've decided that the FDs passed to the QEMU
	should be labelled with svirt_t type and SELinux policy will
	allow the ioctl(). Therefore I've made a patch
	(cf976d9dcf4e592261b14f03572) that does exactly this. The patch
	was fixed then by a4431931393aeb1ac5893f121151fa3df4fde612 and
	b635b7a1af0e64754016d758376f382470bc11e7. However, things are not
	that easy - even though the API to label FD is called
	(fsetfilecon_raw) the underlying file is labelled too! So
	effectively we are mangling /dev/net/tun label. Yes, that broke
	dozen of other application from openvpn, or boxes, to qemu
	running other domains.

	The best solution would be if SELinux provides a way to label an
	FD only, which could be then labeled when passed to the qemu.
	However that's a long path to go and we should fix this
	regression AQAP. So I went to talk to the SELinux developer again
	and we agreed on temporary solution that:

	1) All the three patches are reverted
	2) SELinux temporarily allows 'attach_queue' on the
	tun_tap_device_t

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: update zfs documentation
	 - docs/formatstorage.html.in: document 'zfs' pool type, add it
	   to a list of pool types that could use source physical devices
	 - docs/storage.html.in: update a ZFS pool example XML with
	   source physical devices, mention that starting from 1.2.9 a
	   pool could be created from this devices by libvirt and in earlier
	   versions user still has to create a pool manually
	 - docs/drvbhyve.html.in: add an example with ZFS pools

	storage: zfs: implement pool build and delete
	 - Provide an implementation for buildPool and deletePool operations
	   for the ZFS storage backend.
	 - Add VIR_STORAGE_POOL_SOURCE_DEVICE flag to ZFS pool poolOptions
	   as now we can specify devices to build pool from
	 - storagepool.rng: add an optional 'sourceinfodev' to 'sourcezfs' and
	   add an optional 'target' to 'poolzfs' entity
	 - Add a couple of tests to storagepoolxml2xmltest

2014-09-18  Ján Tomko  <jtomko@redhat.com>

	audit: fix memory leak without WITH_AUDIT
	Free str unconditionally since we allocate it without WITH_AUDIT
	too.

	audit: remove redundant NULL assignment
	virVasprintf sets the output to NULL on failure.

	Fixes for domains with no iothreads
	Plug a memory leak and silence a warning.

	Fix leak in x86UpdateHostModel
	Commit de0aeaf introduced a memory leak.

2014-09-18  Erik Skultety  <eskultet@redhat.com>

	Fix libvirtd crash when removing metadata
	When trying to remove nonexistent metadata from XML, libvirt daemon
	crashes due to dereferencing NULL pointer.

	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1143955

2014-09-18  John Ferlan  <jferlan@redhat.com>

	qemu: Don't fail startup/attach for IOThreads if no JSON
	If the qemu being used doesn't support JSON, then querying for IOThread
	data would fail. In that case, ensure the *iothreads is NULL and return 0
	as the count of iothreads available.

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build in qemu_command
	Currently, build with clang fails with:

	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_command.lo
	qemu/qemu_command.c:6580:58: error: implicit conversion from enumeration type
	'virMemAccess' to different enumeration type 'virTristateSwitch'
	[-Werror,-Wenum-conversion]
	        virTristateSwitch memAccess = def->cpu->cells[i].memAccess;
	                          ~~~~~~~~~   ~~~~~~~~~~~~~~~~~~~^~~~~~~~~
	1 error generated.

	Fix that by using virMemAccess instead of virTristateSwitch.

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build in qemu_capabilities
	Commit f05b6a91 added virQEMUDriverConfigPtr argument to the
	virQEMUCapsFillDomainCaps function and it uses forward declaration
	of virQEMUDriverConfig and virQEMUDriverConfigPtr that casues clang
	build to fail:

	gmake[3]: Entering directory `/usr/home/novel/code/libvirt/src'
	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_capabilities.lo
	In file included from qemu/qemu_capabilities.c:43:
	In file included from qemu/qemu_hostdev.h:27:
	qemu/qemu_conf.h:63:37: error: redefinition of typedef 'virQEMUDriverConfig'
	is a C11 feature [-Werror,-Wtypedef-redefinition]
	typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
	                                    ^
	qemu/qemu_capabilities.h:328:37: note: previous definition is here
	typedef struct _virQEMUDriverConfig virQEMUDriverConfig;
	                                    ^

	Fix that by passing loader and nloader config attributes directly
	instead of passing complete config.

2014-09-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: tests: fix build
	Commit b20d39a introduced a new argument for the
	virNetDevTapCreateInBridgePort function, however, its mock
	in bhyve tests wasn't updated, so the build failed.

	Fix build by adding this new argument to the mock version.

2014-09-18  Ján Tomko  <jtomko@redhat.com>

	qemu: fix crash with shared disks
	Commit f36a94f introduced a double free on all success paths
	in qemuSharedDeviceEntryInsert.

	Only call qemuSharedDeviceEntryFree on the error path and
	set entry to NULL before jumping there if the entry already
	is in the hash table.

	https://bugzilla.redhat.com/show_bug.cgi?id=1142722

2014-09-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve check for local storage
	Now that we have a simple function to check locality of storage, reuse
	it in qemuDomainCheckDiskPresence().

	Also reuse check for empty storage source.

2014-09-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Drop unused formatting of uuid
	The formatted UUID isn't used anywhere else in
	qemuDomainCheckDiskStartupPolicy. Drop it.

2014-09-17  Wang Yufei  <james.wangyufei@huawei.com>

	maint: clean up _virDomainMemoryStat
	Clean up all _virDomainMemoryStat.

	maint: clean up _virDomainBlockStats
	Clean up all _virDomainBlockStats.

	maint: clean up _virDomainInterfaceStats
	Clean up all _virDomainInterfaceStats.

2014-09-17  Peter Krempa  <pkrempa@redhat.com>

	CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk
	Live definition was used to look up the disk index while persistent one
	was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the
	correct def and report a nice error.

	Unfortunately it's accessible via read-only connection, though it can
	only crash libvirtd in the cases where the guest is hot-plugging disks
	without reflecting those changes to the persistent definition.  So
	avoiding hotplug, or doing hotplug where persistent is always modified
	alongside live definition, will avoid the out-of-bounds access.

	Introduced in: eca96694a7f992be633d48d5ca03cedc9bbc3c9aa (v0.9.8)
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724
	Reported-by: Luyao Huang <lhuang@redhat.com>

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Honor hugepages for UMA domains
	https://bugzilla.redhat.com/show_bug.cgi?id=1135396

	There are two ways how to tell qemu to use huge pages. The first one
	is suitable for domains with NUMA nodes: the path to hugetlbfs mount
	is appended to NUMA node definition on the command line. The second
	one is suitable for UMA domains: here there's this global '-mem-path'
	argument that accepts path to the hugetlbfs mount point. However, the
	latter case was not used for all the cases that it should be. For
	instance:

	  <memoryBacking>
	    <hugepages>
	      <page size='2048' unit='KiB' nodeset='0'/>
	    </hugepages>
	  </memoryBacking>

	didn't trigger the '-mem-path' so the huge pages - despite being
	configured - were not used at all.

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	conf: Disallow nonexistent NUMA nodes for hugepages
	As of 136ad4974 it is possible to specify different huge pages per
	guest NUMA node. However, there's no check if nodeset specified in
	./hugepages/page contains only those guest NUMA nodes that exist.
	In other words with current code it is possible to define meaningless
	combination:

	  <memoryBacking>
	    <hugepages>
	      <page size='1048576' unit='KiB' nodeset='0,2-3'/>
	      <page size='2048' unit='KiB' nodeset='1,4'/>
	    </hugepages>
	  </memoryBacking>
	  <vcpu placement='static'>4</vcpu>
	  <cpu>
	    <numa>
	      <cell id='0' cpus='0' memory='1048576'/>
	      <cell id='1' cpus='1' memory='1048576'/>
	      <cell id='2' cpus='2' memory='1048576'/>
	      <cell id='3' cpus='3' memory='1048576'/>
	    </numa>
	  </cpu>

	Notice the node 4 in <hugepages/>?

2014-09-17  Peter Krempa  <pkrempa@redhat.com>

	man: virsh: Add docs for supported stats groups
	Document the fields returned.

	lib: Document that virConnectGetAllDomainStats may omit some stats fields
	Add a note to make the users aware that some stats groups or fields may
	be missing in certain cases.

	lib: De-duplicate stats group documentation for all stats functions
	State that full stats for the stats groups are available in the
	virConnectGetAllDomainStats documentation section rather than
	duplicating the docs.

2014-09-17  Francesco Romani  <fromani@redhat.com>

	virsh: add options to query bulk stats group
	Add new bulk stats groups to the domstats command.

2014-09-17  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: implement block group
	This patch implements the VIR_DOMAIN_STATS_BLOCK group of statistics.

	To do so, a helper function to get the block stats of all the disks of
	a domain is added.

2014-09-17  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: implement interface group
	This patch implements the VIR_DOMAIN_STATS_INTERFACE group of
	statistics.

	qemu: bulk stats: implement VCPU group
	This patch implements the VIR_DOMAIN_STATS_VCPU group of statistics. To
	do so, this patch also extracts a helper to gather the vCPU information.

	qemu: bulk stats: implement balloon group
	This patch implements the VIR_DOMAIN_STATS_BALLOON group of statistics.

	qemu: bulk stats: implement CPU stats group
	This patch implements the VIR_DOMAIN_STATS_CPU_TOTAL group of
	statistics.

2014-09-17  Francesco Romani  <fromani@redhat.com>

	qemu: bulk stats: extend internal collection API
	Future patches which will implement more bulk stats groups for QEMU will
	need to access the connection object.

	To accommodate that, a few changes are needed:

	* enrich internal prototype to pass qemu driver object

	* add per-group flag to mark if one collector needs monitor access or not

	* If at least one collector of the requested stats needs monitor access
	  we must start a query job for each domain.  The specific collectors
	  will run nested monitor jobs inside that.

	* If the job can't be acquired we pass flags to the collector so
	  specific collectors that need monitor access can be skipped in order
	  to gather as much data as is possible.

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincapstest: Run cleanly on systems missing OVMF firmware
	As of f05b6a918e28 the test produces the list of paths that can
	be passed to <loader/> and libvirt knows about them. However,
	during the process of generating the list the paths are checked
	for their presence. This may produce different results on
	different systems.  Therefore, the path - if missing - is
	added to pretend it's there.

2014-09-17  Martin Kletzander  <mkletzan@redhat.com>

	rpc: make daemon spawning a bit more intelligent
	This way it behaves more like the daemon itself does (acquiring a
	pidfile, deleting the socket before binding, etc.).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138604

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincaps: Expose UEFI binary path, if it exists
	Check to see if the UEFI binary mentioned in qemu.conf actually
	exists, and if so expose it in domcapabilities like

	<loader ...>
	  <value>/path/to/ovmf</value>
	</loader>

	We introduce some generic domcaps infrastructure for handling
	a dynamic list of string values, it may be of use for future bits.

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu_capabilities: Change virQEMUCapsFillDomainCaps signature
	Up till now the virQEMUCapsFillDomainCaps() was type of void as
	there was no way for it to fail. This is, however, going to
	change in the next commit.

2014-09-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: add support for shared memory mapping

	docs, conf, schema: add support for shared memory mapping

	schemas: finish virTristate{Bool,Switch} transition

2014-09-17  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	qemu: Add support for multiple versions of 'pseries' machine type
	qemu for IBM Power processor architecture is adding functionality for
	supporting multiple 'pseries' machine type versions, each with different
	capabilities. This patch is for supporting the same

2014-09-17  Michal Privoznik  <mprivozn@redhat.com>

	domaincaps: Expose UEFI capability
	As of 542899168c38 we learned libvirt to use UEFI for domains.
	However, management applications may firstly query if libvirt
	supports it. And this is where virConnectGetDomainCapabilities()
	API comes handy.

2014-09-16  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Copy driver type when initializing chain element
	virStorageSourceInitChainElement initializes a new storage chain element
	for use as a new disk source. If the new element doesn't contain the
	driver name, copy it from the old source.

	This fixes issue where a disk would forget the driver after a snapshot.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140984

2014-09-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: time: Report errors if agent command fails
	Commit b606bbb4 broke reporting of errors when setting of guest time
	fails via the guest agent as the return value is not checked and later
	overwritten by the return value qemuMonitorRTCResetReinjection();

	Fix this by checking the return value before resetting the RTC
	reinjection.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1142294

2014-09-16  Ján Tomko  <jtomko@redhat.com>

	Wire up the interface backend options
	Pass the user-specified tun path down when creating tap device
	when called from the qemu driver.

	Also honor the vhost device path specified by user.

2014-09-16  Ján Tomko  <jtomko@redhat.com>

	conf: add backend element to interfaces
	For tuning the network, alternative devices
	for creating tap and vhost devices can be specified via:
	<backend tap='/dev/net/tun' vhost='/dev/net-vhost'/>

	conf: remove redundant local variable
	Use just one int variable for all the FromString calls.

	conf: split out virtio net driver formatting
	Instead of checking upfront if the <driver> element will be needed
	in a big condition, just format all the attributes into a string
	and output the <driver> element if the string is not empty.

2014-09-16  John Ferlan  <jferlan@redhat.com>

	qemu: Need to check for capability before query
	Prior to trying the query-iothreads call - check if the qemu has
	the capability

2014-09-16  Erik Skultety  <eskultet@redhat.com>

	network: check negative values in bridge queues
	We already are checking for negative value, reporting an error, but
	using wrong function and the check only succeeds when a value that
	cannot be converted to number successfully is encountered. This patch
	provides just a minor change in call of the right version
	of function virStrToLong.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138539

2014-09-16  Hongbin Lu  <hongbin034@gmail.com>

	openvz: fixed two memory leaks on migration code
	The first one occurs in openvzDomainMigratePrepare3Params() where in
	case no remote uri is given, the distant hostname is used. The name is
	obtained via virGetHostname() which require callers to free the
	returned value.
	The second leak lies in openvzDomainMigratePerform3Params(). There's a
	virCommand used later. However, at the beginning of the function
	virCheckFlags() is called which returns. So the command created was
	leaked.

2014-09-16  Michal Privoznik  <mprivozn@redhat.com>

	virprocess: Extend list of platforms for setns wrapper
	Currently, the setns() wrapper is supported only for x86_64 and i686
	which leaves us failing to build on other platforms like arm, aarch64
	and so on. This means, that the wrapper needs to be extended to those
	platforms and make to fail on runtime not compile time.

	The syscall numbers for other platforms was fetched using this
	command:

	kernel.git $ git grep "define.*__NR_setns" | grep -e arm -e powerpc -e s390
	arch/arm/include/uapi/asm/unistd.h:#define __NR_setns                   (__NR_SYSCALL_BASE+375)
	arch/arm64/include/asm/unistd32.h:#define __NR_setns 375
	arch/powerpc/include/uapi/asm/unistd.h:#define __NR_setns               350
	arch/s390/include/uapi/asm/unistd.h:#define __NR_setns          339

2014-09-16  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix qcow(2) header parser according to docs
	The backing store string location offset 0 determines that the file
	isn't present. The string size shouldn't be then checked:

	from qemu.git/docs/specs/qcow2.txt

	== Header ==

	The first cluster of a qcow2 image contains the file header:

	Byte  0 -  3:   magic
	                QCOW magic string ("QFI\xfb")

	      4 -  7:   version
	                Version number (valid values are 2 and 3)

	      8 - 15:   backing_file_offset
	                Offset into the image file at which the backing file name
	                is stored (NB: The string is not null terminated). 0 if the
	                image doesn't have a backing file.

	     16 - 19:   backing_file_size
	                Length of the backing file name in bytes. Must not be
	                longer than 1023 bytes. Undefined if the image doesn't have
	                a backing file.         ^^^^^^^^^

	This patch intentionally leaves the backing file string size check in
	place in case a malformatted file would be presented to libvirt. Also
	according to the docs the string size is maximum 1023 bytes, thus this
	patch adds a check to verify that.

	I was also able to verify that the check was done the same way in the
	legacy qcow fromat (in qemu's code).

2014-09-16  John Ferlan  <jferlan@redhat.com>

	qemu: Fix call in qemuDomainSetNumaParamsLive for virCgroupNewIOThread
	Found by inspection of the "i+1" change.  IOThreads are numbered 1..n
	thus the virCgroupNewIOThread needs to create a 1..n value not 0 based.

	qemu_cgroup: Adjust spacing around incrementor
	Change "i+1" to "i + 1"

2014-09-16  John Ferlan  <jferlan@redhat.com>

	qemu: Fix iothreads issue
	If there are no iothreads, then return from qemuProcessDetectIOThreadPIDs
	without error; otherwise, the following occurs:

	error: Failed to start domain $dom
	error: An error occurred, but the cause is unknown

2014-09-16  Eric Blake  <eblake@redhat.com>

	cputune: allow interleaved xml
	I noticed this with the recent iothread pinning code, but the
	problem existed longer than that. The XML validation required
	users to supply <cputune> children in a strict order, even though
	there was no conceptual reason why they can't occur in any order.

	docs/ changes best viewed with -w

	* docs/schemas/domaincommon.rng (cputune): Add interleave.
	* tests/qemuxml2argvdata/qemuxml2argv-cputune-iothreads.xml: Swap
	up order, copying canonical form...
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-cputune-iothreads.xml:
	...here.
	* tests/qemuxml2xmltest.c (mymain): Mark the difference.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	vircgroup: Fix broken builds without cgroups
	I missed adding virCgroupNewIOThread to the !VIR_CGROUP_SUPPORTED

	Pushing as build breaker

2014-09-15  Laine Stump  <laine@laine.org>

	network: detect conflicting route even if it is the final entry
	This is a folloup to commit 5f719596, which checks for a route
	conflicting with the standard libvirt default network subnet
	(192.168.122.0/24). It turns out that $() strips the trailing newline
	from the output of "ip route show", so there would be no match if the
	route we were looking for was the final line of output. This can be
	solved by adding ${nl} to the end of the output (just as we were
	already adding it at the beginning of the output).

2014-09-15  John Ferlan  <jferlan@redhat.com>

	domain_conf: Add iothreadpin to cputune
	https://bugzilla.redhat.com/show_bug.cgi?id=1101574

	Add an option 'iothreadpin' to the <cpuset> to allow for setting the
	CPU affinity for each IOThread.

	The iothreadspin will mimic the vcpupin with respect to being able to
	assign each iothread to a specific CPU, although iothreads ids start
	at 1 while vcpu ids start at 0. This matches the iothread naming scheme.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu: Allow pinning specific IOThreads to a CPU
	Modify qemuProcessStart() in order to allowing setting affinity to
	specific CPU's for IOThreads. The process followed is similar to
	that for the vCPU's.

	This involves adding a function to fetch the IOThread id's via
	qemuMonitorGetIOThreads() and adding them to iothreadpids[] list.
	Then making sure all the cgroup data has been properly set up and
	finally assigning affinity.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu_cgroup: Introduce cgroup functions for IOThreads
	In order to support cpuset setting, introduce qemuSetupCgroupIOThreadsPin
	and qemuSetupCgroupForIOThreads to mimic the existing Vcpu API's.

	These will support having an 'iotrhreadpin' element in the 'cpuset' in
	order to pin named IOThreads to specific CPU's. The IOThread pin names
	will follow the IOThread naming scheme starting at 1 (eg "iothread1")
	up through an including the def->iothreads value.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu_domain: Add niothreadpids and iothreadpids
	Add new 'niothreadpids' and 'iothreadpids' to mimic the 'ncpupids' and
	'vcpupids' that already exist.

	vircgroup: Introduce virCgroupNewIOThread
	Add virCgroupNewIOThread() to mimic virCgroupNewVcpu() except the naming
	scheme with use "iothread" rather than "vcpu".

	qemu: Issue query-iothreads and to get list of active IOThreads
	Generate infrastructure and test to handle fetching the QMP
	IOThreads data.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	virsh: Add iothread to 'attach-disk'
	Add an iothread parameter to allow attaching to an IOThread, such as:

	virsh attach-disk $dom $source $target --live --config --iothread 2 \
	     --targetbus virtio --driver qemu --subdriver raw  --type disk

2014-09-15  Martin Kletzander  <mkletzan@redhat.com>

	util: Fix copy-paste error in virXPathLongLong description

2014-09-15  Erik Skultety  <eskultet@redhat.com>

	network: check for invalid forward delay time
	When spanning tree protocol is allowed in bridge settings, forward delay
	value is set as well (default is 0 if omitted). Until now, there was no
	check for delay value validity. Delay makes sense only as a positive
	numerical value.

	Note: However, even if you provide positive  numerical value, brctl
	utility only uses values from range <2,30>, so the number provided can
	be modified (kernel most likely) to fall within this range.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1125764

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu: Fix build breaker on printf directive
	%zu for size_t not %lu

2014-09-15  John Ferlan  <jferlan@redhat.com>

	daemon: Resolve Coverity FORWARD_NULL
	Coverity complains that the comparison:

	  if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro))

	could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX
	there's a direct dereference of path in the error path:

	  if (path[0] != '@')

	A bit of sleuthing proves that upon entry to daemonSetupNetworking
	there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths
	will set up 'sock_file' (although it may not set up 'sock_file_ro')
	in all 3 paths.

	Adjusted code to add ATTRIBUTE_NONNULL(3) on incoming path parameter and
	then fixup the comparison of nfds to be a comparison against 2 or 1
	depending on whether sock_path_ro is NULL or not.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity BAD_SIZEOF
	Coverity complains about the calculation of the buf & len within
	the PROBE macro.  So to quiet things down, do the calculation prior
	to usage in either write() or qemuMonitorIOWriteWithFD() calls and
	then have the PROBE use the calculated values - which works.

	Resolve Coverity CHECKED_RETURN
	Coverity complained that checking the return of virDomainCreate()
	was not consistent amongst the callers - so added the return check
	to the objecteventtest.c and adjust the virt-login-shell to compare
	< 0 rather than just non zero for the failure condition.

	virsh: Resolve Coverity DEADCODE
	Coverity complains that on the first pass through the for loop that
	'params' cannot be true, thus the ternary setting to "&" cannot be
	done. Since we can only ever get to this point once, drop the ternary

	domain_conf: Resolve Coverity COPY_PASTE_ERROR
	Seems when commit id 'ea130e3b' added the checks to ensure each of
	the hard_limit, soft_limit, and swap_hard_limit wasn't set at
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED - a copy/paste error of using
	the 'hard_limit' for each comparison was done. Adjust the code.

2014-09-15  John Ferlan  <jferlan@redhat.com>

	virtime: Resolve Coverity DEADCODE
	Coverity complains that because of how 'offset' is initialized to
	0 (zero), the resulting math and comparison on rem is pointless.

	According to the origin commit id '3ec128989', the code is a
	replacement for gmtime(), but without the localtime() or GMT
	calculations - so just remove this code and add a comment
	indicating the removal

2014-09-15  John Ferlan  <jferlan@redhat.com>

	remote_driver: Resolve Coverity RESOURCE_LEAK
	Since 98b9acf5aa02551dd37d0209339aba2e22e4004a

	This was a false positive where Coverity was complaining that the
	remoteDeserializeTypedParameters() could allocate 'params', but
	none of the callers could return the allocated memory back to their
	caller since on input the param was passed by value. Additionally,
	the flow of the code was that if params was NULL on entry, then each
	function would return 'nparams' as the number of params entries the
	caller would need to allocate in order to call the function again
	with 'nparams' and 'params' being set.  By the time the deserialize
	routine was called params would have something.  For other callers
	where the 'params' was passed by reference as NULL since it's expected
	that the deserialize allocates the memory and then have that passed
	back to the original caller to dispose there was no Coverity issue.

	As it turns out Coverity didn't quite seem to understand the
	relationship between 'nparams' and 'params'; however, if the
	!userAllocated path of the deserialize code compared against
	limit in any manner, then the Coverity error went away which
	was quite strange, but useful.

	As it turns out one code path remoteDomainGetJobStats had a
	comparison against 'limit' while another remoteConnectGetAllDomainStats
	did not assuming that limit would be checked.  So I refactored the
	code a bit to cause the limit check to occur in deserialize for
	both conditions and then only made the check of current returned
	size against the incoming *nparams fail the non allocation case.
	This means the job code doesn't need to check the limit any more,
	while the stats code now does check the limit.

	Additionally, to help perhaps decipher which of the various
	callers to the deserialize code caused the failure - I used
	a #define to pass the __FUNCNAME__ of the caller along so that
	error messages could have something like:

	error: remoteConnectGetAllDomainStats: too many parameters '2' for nparams '0'
	error: Reconnected to the hypervisor

	(it's a contrived error just to show the funcname in the error)

2014-09-15  Lubomir Rintel  <lkundrak@v3.sk>

	node_device_udev: Try harder to get human readable vendor:product
	The manufacurer and product from USB device itself are usually not particularly
	useful -- they tend to be missing, or ugly (all-uppercase, padded with spaces,
	etc.). Prefer what's in the usb id database and fall back to descriptors only
	if the device is too new to be in database.

	https://bugzilla.redhat.com/show_bug.cgi?id=1138887

2014-09-15  Hongbin Lu  <hongbin034@gmail.com>

	add migration support for OpenVZ driver
	This patch adds initial migration support to the OpenVZ driver,
	using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
	functions.

2014-09-15  Martin Kletzander  <mkletzan@redhat.com>

	util: get rid of unnecessary umask() call

	util: fix potential leak in error codepath

	remove redundant pidfile path constructions

	rpc: reformat the flow to make a bit more sense
	Just remove useless "else".  Best viewed with '-w'.

2014-09-14  Laine Stump  <laine@laine.org>

	network: try to eliminate default network conflict during package install
	Sometimes libvirt is installed on a host that is already using the
	network 192.168.122.0/24. If the libvirt-daemon-config-network package
	is installed, this creates a conflict, since that package has been
	hard-coded to create a virtual network that also uses
	192.168.122.0/24. In the past libvirt has attempted to warn of /
	remediate this situation by checking for conflicting routes when the
	network is started, but it turns out that isn't always useful (for
	example in the case that the *other* interface/network creating the
	conflict hasn't yet been started at the time libvirtd start its own
	networks).

	This patch attempts to catch the problem earlier - at install
	time. During the %post install script for
	libvirt-daemon-config-network, we use a case statement to look through
	the output of "ip route show" for a route that exactly matches
	192.168.122.0/24, and if found we search for a similar route that
	*doesn't* match (e.g. 192.168.124.0/24) (note that the search starts
	with "124" instead of 123 because of reports of people already
	modifying their L1 host's network to 192.168.123.0/24 in an attempt to
	solve exactly the problem we are also trying to solve).  When we find
	an available route, we just replace all occurrences of "122" in the
	default.xml that is being created with the newly found 192.168
	subnet. This could obviously be made more complicated - examine the
	template defaul.xml to automatically determine the existing network
	address and mask rather than hard coding it in the specfile, etc, but
	this scripting is simpler and gets the job done as long as we continue
	to use 192.168.122.0/24 in the template. (If anyone with mad bash
	skillz wants to suggest something to do that, by all means please do).

	This is intended to at least "further reduce" occurrence of the
	problems detailed in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=811967

2014-09-12  Eric Blake  <eblake@redhat.com>

	blockjob: allow finer bandwidth tuning for set speed
	We stupidly modeled block job bandwidth after migration
	bandwidth, which in turn was an 'unsigned long' and therefore
	subject to 32-bit vs. 64-bit interpretations.  To work around
	the fact that 10-gigabit interfaces are possible but don't fit
	within 32 bits, the original interface took the number scaled
	as MiB/sec.  But this scaling is rather coarse, and it might
	be nice to tune bandwidth finer than in megabyte chunks.

	Several of the block job calls that can set speed are fed
	through a common interface, so it was easier to adjust them all
	at once.  Note that there is intentionally no flag for the new
	virDomainBlockCopy; there, since the API already uses a 64-bit
	type always, instead of a possible 32-bit type, and is brand
	new, it was easier to just avoid scaling issues.  As with the
	previous patch that adjusted the query side (commit db33cc24),
	omitting the new flag preserves old behavior, and the
	documentation now mentions limits of what happens when a 32-bit
	machine is on either client or server side.

	* include/libvirt/libvirt.h.in (virDomainBlockJobSetSpeedFlags)
	(virDomainBlockPullFlags)
	(VIR_DOMAIN_BLOCK_REBASE_BANDWIDTH_BYTES)
	(VIR_DOMAIN_BLOCK_COMMIT_BANDWIDTH_BYTES): New enums.
	* src/libvirt.c (virDomainBlockJobSetSpeed, virDomainBlockPull)
	(virDomainBlockRebase, virDomainBlockCommit): Document them.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobSetSpeed)
	(qemuDomainBlockPull, qemuDomainBlockRebase)
	(qemuDomainBlockCommit, qemuDomainBlockJobImpl): Support new flag.

2014-09-12  Eric Blake  <eblake@redhat.com>

	blockcopy: add qemu implementation of new tunables
	Upstream qemu 1.4 added some drive-mirror tunables not present
	when it was first introduced in 1.3.  Management apps may want
	to set these in some cases (for example, without tuning
	granularity down to sector size, a copy may end up occupying
	more bytes than the original because an entire cluster is
	copied even when only a sector within the cluster is dirty,
	although tuning it down results in more CPU time to do the
	copy).  I haven't personally needed to use the parameters, but
	since they exist, and since the new API supports virTypedParams,
	we might as well expose them.

	Since the tuning parameters aren't often used, and omitted from
	the QMP command when unspecified, I think it is safe to rely on
	qemu 1.3 to issue an error about them being unsupported, rather
	than trying to create a new capability bit in libvirt.

	Meanwhile, all versions of qemu from 1.4 to 2.1 have a bug where
	a bad granularity (such as non-power-of-2) gives a poor message:
	error: internal error: unable to execute QEMU command 'drive-mirror': Invalid parameter 'drive-virtio-disk0'

	because of abuse of QERR_INVALID_PARAMETER (which is supposed to
	name the parameter that was given a bad value, rather than the
	value passed to some other parameter).  I don't see that a
	capability check will help, so we'll just live with it (and it
	has since been improved in upstream qemu).

	* src/qemu/qemu_monitor.h (qemuMonitorDriveMirror): Add
	parameters.
	* src/qemu/qemu_monitor.c (qemuMonitorDriveMirror): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDriveMirror):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveMirror):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopyCommon): Likewise.
	(qemuDomainBlockRebase, qemuDomainBlockCopy): Adjust callers.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Likewise.
	* tests/qemumonitorjsontest.c (qemuMonitorJSONDriveMirror): Likewise.

2014-09-12  Eric Blake  <eblake@redhat.com>

	blockcopy: add qemu implementation of new API
	The hard part of managing the disk copy is already coded; all
	this had to do was convert the XML and virTypedParameters into
	the internal representation.

	With this patch, all blockcopy operations that used the old
	API should also work via the new API.  Additional extensions,
	such as supporting the granularity tunable or a network rather
	than file destination, will be added as later patches.

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): New function.

2014-09-12  Eric Blake  <eblake@redhat.com>

	blockcopy: tweak how rebase calls into copy
	In order to implement the new virDomainBlockCopy, the existing
	block copy internal implementation needs to be adjusted.  The
	new function will parse XML into a storage source, and parse
	typed parameters into integers, then call into the same common
	backend.  For now, it's easier to keep the same implementation
	limits that only local file destinations are suported, but now
	the check needs to be explicit.  Similar to qemuDomainBlockJobImpl
	consuming 'vm', this code also consumes the caller's 'mirror'
	description of the destination.

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Rename...
	(qemuDomainBlockCopyCommon): ...and adjust parameters.
	(qemuDomainBlockRebase): Adjust caller.

2014-09-12  Michal Privoznik  <mprivozn@redhat.com>

	formatdomain: Update <loader/> example to match the rest
	At the beginning when I was inventing <loader/> attributes and
	<nvram/> I've introduced this @readonly attribute to the loader
	element. It accepted values 'on' and 'off'. However, later, during the
	review process, that has changed to 'yes' and 'no', but the example
	XML snippet wasn't updated, so while the description is correct, the
	example isn't.

	Reported-by: Laszlo Ersek <lersek@redhat.com>

2014-09-12  Michal Privoznik  <mprivozn@redhat.com>

	virDomainUndefineFlags: Allow NVRAM unlinking
	When a domain is undefined, there are options to remove it's
	managed save state or snapshots. However, there's another file
	that libvirt creates per domain: the NVRAM variable store file.
	Make sure that the file is not left behind if the domain is
	undefined.

2014-09-12  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity CHECKED_RETURN
	Add a check of the return for virDomainHostdevInsert() like every
	other call.

	qemu: Resolve Coverity FORWARD_NULL
	If we end up at the cleanup lable before we've VIR_EXPAND_N the list,
	then calling virQEMUCapsFreeStringList() with a NULL proplist could
	theoretically deref proplist if nproplist was set. Coverity doesn't
	seem to acknowledge the relationship between proplist and nproplist
	assuming in virQEMUCapsFreeStringList that nproplist could be at
	least 1 and thus have a null deref.  It only seems to follow the
	NULL proplist.

	virfile: Resolve Coverity RESOURCE_LEAK
	With the virGetGroupList() change in place - Coverity further complains
	that if we fail to virFork(), the groups will be leaked - which aha seems
	to be the case. Adjust the logic to save off the -errno, free the groups,
	and then return the value we saved

2014-09-12  John Ferlan  <jferlan@redhat.com>

	virutil: Resolve Coverity RESOURCE_LEAK
	This ends up being a very bizarre false positive. With an assist from
	eblake, the claim is that mgetgroups() could return a -1 value, but yet
	still have a groups buffer allocated, yet the example shown doesn't
	seem to prove that.

	Rather than fret about it, by adding a well placed sa_assert() on the
	returned *list value we can "assure" ourselves that the mgetgroups()
	failure path won't signal this condition.

2014-09-12  John Ferlan  <jferlan@redhat.com>

	daemon: Resolve Coverity RESOURCE_LEAK
	With eblake's help - adjust the checks for stdinfd/stdoutfd to ensure the
	values are within the range we expect; otherwise the dup2()'s and subsequent
	VIR_CLOSE() calls cause Coverity to believe there's a resource leak.

2014-09-12  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that after we VIR_ALLOC_N(params, nparams) a failed call to
	virDomainGetCPUStats could result in nparams being set to -1. In that case,
	the subsequent virTypedParamsFree in cleanup will pass -1 which isn't good.

	Use the returned value as the number of stats to display in the loop as
	it will be the value reported from the hypervisor and may be less than
	nparams which is OK

2014-09-12  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Move --completed from resume to domjobinfo
	Because of similar contexts, git rebase I did just before pushing the
	series which added --completed option patched the wrong command.

2014-09-12  Peter Krempa  <pkrempa@redhat.com>

	conf: snapshot: Don't default-snapshot empty drives
	If a (floppy) drive isn't selected for snapshot explicitly and is empty
	don't try to snapshot it. For external snapshots this would fail as we
	can't generate a name for the snapshot from an empty drive.

	Reported-by: Pavel Hrdina <phrdina@redhat.com>

2014-09-12  Peter Krempa  <pkrempa@redhat.com>

	util:  Add function to check if a virStorageSource is "empty"
	To express empty drive we historically use storage source with empty
	path. Unfortunately NBD disks may be declared without a path.

	Add a helper to wrap this logic.

2014-09-12  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.spec: Fix permission even for libvirt-driver-qemu
	In my previous patch (37d8c75fad) I've tried to fix permissions
	for nvram store path. The aim was to give the nvram directory
	execute permission so that domain running under other users
	than qemu:qemu can access their nvram file. However, my fix
	was incomplete as the path belongs to libvirt-driver-qemu
	package too and I've fixed it only for the libvirt-daemon
	package.

	Reported-by: Laszlo Ersek <lersek@redhat.com>

2014-09-11  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix mapping of libvirt and libxl lifecycle actions
	The libxl driver was blindly assigning libvirt's
	virDomainLifecycleAction to libxl's libxl_action_on_shutdown, when
	in fact the various actions take on different values in these enums.

	Introduce helpers to properly map the enum values.

2014-09-11  Daniel P. Berrange  <berrange@redhat.com>

	tests: Add more test suite mock helpers
	Rename the VIR_MOCK_IMPL* macros to VIR_MOCK_WRAP*
	and add new VIR_MOCK_IMPL macros which let you directly
	implement overrides in the preloaded source.

	util: Allow port allocator to skip bind() check
	Test suites using the port allocator don't want to have different
	behaviour depending on whether a port is in use on the host. Add
	a VIR_PORT_ALLOCATOR_SKIP_BIND_CHECK which test suites can use
	to skip the bind() test. The port allocator will thus only track
	ports in use by the test suite process itself. This is fine when
	using the port allocator to generate guest configs which won't
	actually be launched

2014-09-11  Michal Privoznik  <mprivozn@redhat.com>

	nvram: Fix permissions
	I've noticed two problem with the automatically created NVRAM varstore
	file. The first, even though I run qemu as root:root for some reason I
	get Permission denied when trying to open the _VARS.fd file. The
	problem is, the upper directory misses execute permissions, which in
	combination with us dropping some capabilities result in EPERM.

	The next thing is, that if I switch SELinux to enforcing mode, I get
	another EPERM because the vars file is not labeled correctly. It is
	passed to qemu as disk and hence should be labelled as disk. QEMU may
	write to it eventually, so this is different to kernel or initrd.

2014-09-11  Pavel Hrdina  <phrdina@redhat.com>

	util/virprocess.c: fix MinGW build
	The build failed because of missing "sys/syscall.h".

2014-09-11  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity NULL_RETURNS
	With all the changes in my previous foray into this code, I forgot to
	remove the libxlDomainEventQueue(driver, event); call inside the
	dom == NULL condition.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if the virConnectListAllDomains returns a negative
	value then the loop at the cleanup label that ends on numDomains will
	have issues.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if qemuMonitorGetMachines() returns a negative
	nmachines value, then the code at the cleanup label will have issues.

	xen: Resolve Coverity NEGATIVE_RETURNS
	Coverity notes that if the call to virBitmapParse() returns a negative
	value, then when we jump to the error label, the call to
	virCapabilitiesClearHostNUMACellCPUTopology() will have issues
	with the negative nb_cpus

	nodeinfo: Resolve Coverity NEGATIVE_RETURNS
	If the virNumaGetNodeCPUs() call fails with -1, then jumping to cleanup
	with 'cpus == NULL' and calling virCapabilitiesClearHostNUMACellCPUTopology
	will cause issues.

	qemu: Resolve Coverity NEGATIVE_RETURNS
	In qemuProcessInitPCIAddresses() if qemuMonitorGetAllPCIAddresses()
	returns a negative (or zero) value, then no need to call the
	qemuProcessDetectPCIAddresses().

	network_conf: Resolve Coverity FORWARD_NULL
	The code compares def->forwarders when deciding to return 0 at a
	couple of points, then uses "def->nfwds" as a way to index into
	the def->forwarders array.  That reference results in Coverity
	complaining that def->forwarders being NULL was checked as part
	of an arithmetic OR operation where failure could be any one 5
	conditions, but that is not checked when entering the loop to
	dereference the array.  Changing the comparisons to use nfwds
	will clear the warnings

	qemu: Resolve Coverity FORWARD_NULL
	If the qemuMigrationEatCookie() fails to set mig, we jump to cleanup:
	which will call qemuMigrationCancelDriveMirror() without first checking
	if mig == NULL

	virstring: Resolve Coverity FORWARD_NULL
	Perhaps a false positive, but since Coverity doesn't understand the
	relationship between the 'count' and the 'strings', rather than leave
	the chance the on input 'strings' is NULL and causes a deref - just
	check for it and return

	network: Resolve Coverity FORWARD_NULL
	If the VIR_STRDUP(exptime,...) fails, then we will jump to cleanup,
	no need to check if exptime is set which causes Coverity to issue
	a complaint in the virStrToLong_ll call because there wasn't a check
	for a NULL value while there was one for the reference right after
	the VIR_STRDUP().

	qemu: Resolve Coverity FORWARD_NULL
	If we jump to cleanup before allocating the 'result', then the call
	to virBlkioDeviceArrayClear will deref result causing a problem.

	lxc: Resolve Coverity FORWARD_NULL
	If we jump to cleanup before allocating 'result', then the call to
	virBlkioDeviceArrayClear() could dereference result

	qemu: Resolve Coverity FORWARD_NULL
	If the virJSONValueNewObject() fails, then rather than going to error
	and getting a Coverity false positive since it doesn't seem to understand
	the relationship between nkeywords, keywords, and values and seems to
	believe calling qemuFreeKeywords will cause a NULL deref - just return NULL

2014-09-11  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity DEADCODE
	Coverity points out that if 'dom' isn't returned from virDomainQemuAttach,
	then the code already jumps to cleanup, so there was no need for the
	subsequent if (dom != NULL) check.

	I moved the error message about failure into the goto cleanup on failure
	and then removed the if (dom != NULL)

2014-09-11  John Ferlan  <jferlan@redhat.com>

	tests: Resolve Coverity DEADCODE
	Coverity complains that the various checks for autoincrement and changed
	variables are DEADCODE - seems to me to be a false positive - so mark it.

	qemu: Resolve Coverity DEADCODE
	Add another 'dead_code_begin' - victims of our own coding practices

2014-09-11  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity DEADCODE
	Coverity points out that by using EMPTYSTR(type) we are guarding against
	the possibility that it could be NULL; however, based on how 'type' was
	initialized to NULL, then using nested ternary if-then-else's (?:?:)
	setting either "ipv4", "ipv6", or "" - there is no way it could be NULL.
	Since "-" is supposed to mean something empty in a field - modify the
	nested ternary to an easier to read/process if-then-else leaving the
	initialization to NULL to mean "-" in the formatted output.

	Also changed the name from 'type' to 'typestr'.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	virfile: Resolve Coverity DEADCODE
	Adjust the parentheses in/for the waitpid loops; otherwise, Coverity
	points out:

	(1) Event assignment:   Assigning: "waitret" = "waitpid(pid, &status, 0) == -1"
	(2) Event between:      At condition "waitret == -1", the value of "waitret"
	                        must be between 0 and 1.
	(3) Event dead_error_condition:     The condition "waitret == -1" cannot
	                        be true.
	(4) Event dead_error_begin:     Execution cannot reach this statement:
	                        "ret = -*__errno_location();".

2014-09-11  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity DEADCODE
	Since 0766783abbe8bbc9ea686c2c3149f4c0ac139e19

	Coverity complains that the EDIT_FREE definition results in DEADCODE.

	As it turns out with the change to use the EDIT_FREE macro the call to
	vir*Free() wouldn't be necessary nor would it happen...

	Prior code to above commitid would :

	  vir*Ptr foo = NULL;
	  ...
	  foo = vir*GetXMLDesc()
	  ...
	  vir*Free(foo);
	  foo = vir*DefineXML()
	  ...

	And thus the free was needed.  With the change to use EDIT_FREE the
	same code changed to:

	  vir*Ptr foo = NULL;
	  vir*Ptr foo_edited = NULL;
	  ...
	  foo = vir*GetXMLDesc()
	  ...
	  if (foo_edited)
	      vir*Free(foo_edited);
	  foo_edited = vir*DefineXML()
	  ...

	However, foo_edited could never be set in the code path - even with
	all the goto's since the only way for it to be set is if vir*DefineXML()
	succeeds in which case the code to allow a retry (and thus all the goto's)
	never leaves foo_edited set

	All error paths lead to "cleanup:" which causes both foo and foo_edited
	to call the respective vir*Free() routines if set.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	storage: Resolve Coverity OVERFLOW_BEFORE_WIDEN
	Coverity complains that when multiplying to 32 bit values that eventually
	will be stored in a 64 bit value that it's possible the math could
	overflow unless one of the values being multiplied is type cast to
	the proper size.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve Coverity REVERSE_INULL
	Coverity complains that checking for !domlist after setting doms = domlist
	and making a deref of doms just above

	It seems the call in question was intended to me made in the case that
	'doms' was passed in and not when the virDomainObjListExport() call
	allocated domlist and already called virConnectGetAllDomainStatsCheckACL().

	Thus rather than check for !domlist - check that "doms != domlist" in
	order to avoid the Coverity message.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	vbox: Resolve Coverity UNUSED_VALUE
	Handle a few places where Coverity complains about the value being
	unused. For two of them (Close cases) - the comments above the close
	indicate there is no harm to ignore the error - so added an ignore_value.
	For the other condition, added an rc check like other callers.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	storage: Resolve Coverity UNUSED_VALUE
	Since cd4d547576a4f0371d1d4d4e0ca6db124c5ba257

	Coverity notes that setting 'ret = -3' prior to the unconditional
	setting of 'ret = 0' will cause the value to be UNUSED.

	Since the comment indicates that it is expect to allow the code
	to continue, just remove the ret = -3 setting.

2014-09-11  John Ferlan  <jferlan@redhat.com>

	qemu_driver: Resolve Coverity COPY_PASTE_ERROR
	In qemuDomainSetBlkioParameters(), Coverity points out that the calls
	to qemuDomainParseBlkioDeviceStr() are slightly different and points
	out there may be a cut-n-paste error.

	In the first call (AFFECT_LIVE), the second parameter is "param->field";
	however, for the second call (AFFECT_CONFIG), the second parameter is
	"params->field".  It seems the "param->field" is correct especially since
	each path as a setting of "param" to "&params[i]".  Furthermore, there
	were a few more instances of using "params[i]" instead of "param->"
	which I cleaned up.

2014-09-11  Michal Privoznik  <mprivozn@redhat.com>

	selinux: Properly check TAP FD label
	After a4431931 the TAP FDs ale labeled with image label instead
	of the process label. On the other hand, the commit was
	incomplete as a few lines above, there's still old check for the
	process label presence while it should be check for the image
	label instead.

2014-09-10  Ján Tomko  <jtomko@redhat.com>

	qemu: remove leftover virResetLastError
	As of commit 5d29ca0:
	qemu: switch PCI address set from hash table to an array

	There is no error to be reset.

2014-09-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: desc command in --title mode mentions description instead of title
	Tweak the messages so that they mention "title" rather than
	"description" when operating in title mode. Also fixes one missing "%s"
	before non-formatted gettext message.

	Before:
	 $ virsh desc --title dom
	 No description for domain: dom

	After:
	 $ virsh desc --title dom
	 No title for domain: dom

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140034

2014-09-10  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Convert disk locality check to switch statement
	To allow the compiler to track future additions of disk types, convert
	the function to use a switch statement with the correct type.

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	virprocess: Introduce our own setns() wrapper
	From time to time weird bugreports occur on the list, e.g [1].
	Even though the kernel supports setns syscall, there's an older
	glibc in the system that misses a wrapper over the syscall.
	Hence, after the configure phase we think there's no setns
	support in the system, which is obviously wrong. On the other
	hand, we can't rely on linux distributions to provide newer glibc
	soon. Therefore we need to introduce the wrapper on or own.

	1: https://www.redhat.com/archives/libvir-list/2014-September/msg00492.html

2014-09-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: dump: Resume CPUs only when the VM is still alive
	Check if the VM is alive after we possibly called into monitor to reset
	the guest.

	qemu: dump: Fix formatting of function headers and code inline
	Also drop a comment with obvious content.

	virsh: domain: Clean up handling of "dom" in "save" command

	util: process: Don't report OOM errors in helper
	virProcessTranslateStatus is used on error paths that should not spoil
	the returned error. As the errors are ignored, use the quiet versions of
	virAsprintf to create the message.

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Automatically create NVRAM store
	When using split UEFI image, it may come handy if libvirt manages per
	domain _VARS file automatically. While the _CODE file is RO and can be
	shared among multiple domains, you certainly don't want to do that on
	the _VARS file. This latter one needs to be per domain. So at the
	domain startup process, if it's determined that domain needs _VARS
	file it's copied from this master _VARS file. The location of the
	master file is configurable in qemu.conf.

	Temporary, on per domain basis the location of master NVRAM file can
	be overridden by this @template attribute I'm inventing to the
	<nvram/> element. All it does is holding path to the master NVRAM file
	from which local copy is created. If that's the case, the map in
	qemu.conf is not consulted.

	Acked-by: Laszlo Ersek <lersek@redhat.com>

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement extended loader and nvram
	QEMU now supports UEFI with the following command line:

	  -drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \
	  -drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \

	where the first line reflects <loader> and the second one <nvram>.
	Moreover, these two lines obsolete the -bios argument.

	Note that UEFI is unusable without ACPI. This is handled properly now.
	Among with this extension, the variable file is expected to be
	writable and hence we need security drivers to label it.

	Acked-by: Laszlo Ersek <lersek@redhat.com>

2014-09-10  Michal Privoznik  <mprivozn@redhat.com>

	conf: Extend <loader/> and introduce <nvram/>
	Up to now, users can configure BIOS via the <loader/> element. With
	the upcoming implementation of UEFI this is not enough as BIOS and
	UEFI are conceptually different. For instance, while BIOS is ROM, UEFI
	is programmable flash (although all writes to code section are
	denied). Therefore we need new attribute @type which will
	differentiate the two. Then, new attribute @readonly is introduced to
	reflect the fact that some images are RO.

	Moreover, the OVMF (which is going to be used mostly), works in two
	modes:
	1) Code and UEFI variable store is mixed in one file.
	2) Code and UEFI variable store is separated in two files

	The latter has advantage of updating the UEFI code without losing the
	configuration. However, in order to represent the latter case we need
	yet another XML element: <nvram/>. Currently, it has no additional
	attributes, it's just a bare element containing path to the variable
	store file.

	Acked-by: Laszlo Ersek <lersek@redhat.com>

2014-09-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Transfer recomputed stats back to source
	After the previous commit, migration statistics on the source and
	destination hosts are not equal because the destination updated time
	statistics. Let's send the result back so that the same data can be
	queried on both sides of the migration.

	qemu: Recompute downtime and total time when migration completes
	Total time of a migration and total downtime transfered from a source to
	a destination host do not count with the transfer time to the
	destination host and with the time elapsed before guest CPUs are
	resumed. Thus, source libvirtd remembers when migration started and when
	guest CPUs were paused. Both timestamps are transferred to destination
	libvirtd which uses them to compute total migration time and total
	downtime. Obviously, this requires the time to be synchronized between
	the two hosts. The reported times are useless otherwise but they would
	be equally useless if we didn't do this recomputation so don't lose
	anything by doing it.

	qemu: Transfer migration statistics to destination
	When migrating a transient domain or with VIR_MIGRATE_UNDEFINE_SOURCE
	flag, the domain may disappear from source host. And so will migration
	statistics associated with the domain. We need to transfer the
	statistics at the end of a migration so that they can be queried at the
	destination host.

	virsh: Add support for completed job stats
	New --completed flag for virsh domjobinfo command.

	qemu: Silence coverity on optional migration stats

	Add support for fetching statistics of completed jobs
	virDomainGetJobStats gains new VIR_DOMAIN_JOB_STATS_COMPLETED flag that
	can be used to fetch statistics of a completed job rather than a
	currently running job.

	qemu: Avoid incrementing jobs_queued if virTimeMillisNow fails

	Refactor job statistics
	Job statistics data were tracked in several structures and variables.
	Let's make a new qemuDomainJobInfo structure which can be used as a
	single source of statistics data as a preparation for storing data about
	completed a job.

2014-09-10  Ján Tomko  <jtomko@redhat.com>

	docs: fix encryption format attribute in example
	The correct attribute name is 'format', not 'type'.

	https://bugzilla.redhat.com/show_bug.cgi?id=1139910

2014-09-09  Eric Blake  <eblake@redhat.com>

	virsh: additional scaled output units
	The parser accepts P and E, so the formatter should too.

	* tools/virsh.c (vshPrettyCapacity): Handle larger units.

2014-09-09  Martin Kletzander  <mkletzan@redhat.com>

	util: let virSetSockReuseAddr report unified error message

2014-09-08  Eric Blake  <eblake@redhat.com>

	blockcopy: add a way to parse disk source
	The new blockcopy API wants to reuse only a subset of the disk
	hotplug parser - namely, we only care about the embedded
	virStorageSourcePtr inside a <disk> XML.  Strange as it may
	seem, it was easier to just parse an entire disk definition,
	then throw away everything but the embedded source, than it
	was to disentangle the source parsing code from the rest of
	the overall disk parsing function.  All that I needed was a
	couple of tweaks and a new internal flag that determines
	whether the normally-mandatory target element can be
	gracefully skipped, since everything else was already optional.

	* src/conf/domain_conf.h (virDomainDiskSourceParse): New
	prototype.
	* src/conf/domain_conf.c (VIR_DOMAIN_XML_INTERNAL_DISK_SOURCE):
	New flag.
	(virDomainDiskDefParseXML): Honor flag to make target optional.
	(virDomainDiskSourceParse): New function.

2014-09-08  Eric Blake  <eblake@redhat.com>

	blockjob: avoid 32-bit compilation warning
	Commit c1d75de caused this warning on 32-bit platforms (fatal when
	-Werror is enabled):

	virsh-domain.c: In function 'cmdBlockCopy':
	virsh-domain.c:2003:17: error: comparison is always false due to limited range of data type [-Werror=type-limits]

	Forcing the left side of the < to be ull instead of ul shuts up
	the 32-bit compiler while still protecting 64-bit code from overflow.

	* tools/virsh-domain.c (cmdBlockCopy): Add type coercion.

2014-09-08  Erik Skultety  <eskultet@redhat.com>

	qemu: panic device: check for invalid address type
	qemu now checks for invalid address type for a panic device, which is
	currently implemented only to use ISA address type, thus rejecting
	any other options, except for leaving XML attributes blank, in that case,
	defaults are used (this behaviour remains the same from earlier verions).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1138125

2014-09-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Propagate QEMU errors during incoming migrations
	When QEMU fails during incoming migration after we successfully started
	it (i.e., during Perform or Finish phase), we report a rather unhelpful
	message

	    Unable to read from monitor: Connection reset by peer

	We already have a code that takes error messages from QEMU's error
	output but we disable it once QEMU successfully starts. This patch
	postpones this until the end of Finish phase during incoming migration
	so that we can report a much better error message:

	    internal error: early end of file from monitor: possible problem:
	    Unknown savevm section or instance '0000:00:05.0/virtio-balloon' 0
	    load of migration failed

	https://bugzilla.redhat.com/show_bug.cgi?id=1090093

2014-09-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Simplify error paths
	Return failure right away when the domain object can't be looked up
	instead of jumping to cleanup. This allows to remove the condition
	before unlocking the domain object.

	qemu: snapshot: Fix snapshot function header formatting and spacing

2014-09-08  Jincheng Miao  <jmiao@redhat.com>

	qemu: snapshot: Acquire job earlier on snapshot revert/delete
	The code would lookup the snapshot object before acquiring the job. This
	could lead to a crash as one thread could delete the snapshot object,
	while a second thread already had the reference.

2014-09-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Fix job handling when creating snapshots
	Creating snapshots modifies the domain state. Currently we wouldn't
	enter the job for certain operations although they would modify the
	state. Refactor job handling so that everything is covered by an async
	job.

	qemu: Rename DEFAULT_JOB_MASK to QEMU_DEFAULT_JOB_MASK
	Be consistent with naming of private defines. Also line up code
	correctly in few places where the macro is used.

2014-09-07  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	selinux: Avoid label reservations for type = none
	For security type='none' libvirt according to the docs should not
	generate seclabel be it for selinux or any model. So, skip the
	reservation of labels when type is none.

2014-09-07  Eric Blake  <eblake@redhat.com>

	blockcopy: remote implementation for new API
	Fairly straightforward - I got lucky that the generated functions
	worked out of the box :)

	* src/remote/remote_protocol.x (remote_domain_block_copy_args):
	New struct.
	(REMOTE_PROC_DOMAIN_BLOCK_COPY): New RPC.
	* src/remote/remote_driver.c (remote_driver): Wire it up.
	* src/remote_protocol-structs: Regenerate.

2014-09-07  Eric Blake  <eblake@redhat.com>

	blockcopy: expose new API in virsh
	Expose the new power of virDomainBlockCopy through virsh (well,
	all but the finer-grained bandwidth, as that is its own can of
	worms for a later patch).  Continue to use the older API where
	possible, for maximum compatibility.

	The command now requires either --dest (with optional --format
	and --blockdev), to directly describe the file destination, or
	--xml, to name a file that contains an XML description such as:

	<disk type='network'>
	  <driver type='raw'/>
	  <source protocol='gluster' name='vol1/img'>
	    <host name='red'/>
	  </source>
	</disk>

	[well, it may be a while before the qemu driver is actually patched
	to act on that particular xml beyond just parsing it, but the virsh
	interface won't need changing at that time]

	Non-zero option parameters are converted into virTypedParameters,
	and if anything requires the new API, the command can synthesize
	appropriate XML even if the --dest option was used instead of --xml.

	The existing --raw flag remains for back-compat, but the preferred
	spelling is now --format=raw, since the new API now allows us
	to specify all formats rather than just a boolean raw to suppress
	probing.

	I hope I did justice in describing the effects of granularity and
	buf-size on how they get passed through to qemu.

	* tools/virsh-domain.c (cmdBlockCopy): Add new options --xml,
	--granularity, --buf-size, --format. Make --raw an alias for
	--format=raw. Call new API if new parameters are in use.
	* tools/virsh.pod (blockcopy): Document new options.

2014-09-07  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	The usual portability fixes; and this includes a fix that adds
	a new syntax check for double semicolons (commit 28de556 fixed
	some, but gnulib found a better check).

	* .gnulib: Update to latest.
	* src/xenconfig/xen_common.c (xenFormatConfigCommon): Fix offender.

2014-09-06  Eric Blake  <eblake@redhat.com>

	blockcopy: split out virsh implementation
	I'm about to extend the capabilities of blockcopy.  Hiding a few
	common lines of implementation gets in the way of the new required
	logic, and putting the new logic in the common implementation won't
	benefit any of the other blockjob operations.  Therefore, it is
	simpler to just do the work inline.  There should be no semantic
	change in this patch.

	* tools/virsh-domain.c (blockJobImpl): Move block copy guts...
	(cmdBlockCopy): ...into their lone caller.

2014-09-05  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	storage_conf: Fix libvirtd crash when defining scsi storage pool
	Since 9f781da69de02745acb719e78982df9aeccfcd7b

	Resolve a libvirtd crash in virStoragePoolSourceFindDuplicate()
	when there is an existing SCSI pool defined with adapter type as
	'scsi_host' and defining a new SCSI pool with adapter type as
	'fc_host' and parent attribute missing or vice versa.

	For example, if there is an existing SCSI pool with adapter type
	as 'scsi_host' defined using the following XML

	<pool type='scsi'>
	  <name>TEST_SCSI_POOL</name>
	    <source>
	       <adapter type='scsi_host' name='scsi_host1'/>
	    </source>
	    <target>
	        <path>/dev/disk/by-path</path>
	    </target>
	</pool>

	When defining another SCSI pool with adapter type as 'fc_host' using the
	following XML will crash libvirtd

	<pool type='scsi'>
	  <name>TEST_SCSI_FC_POOL</name>
	  <source>
	     <adapter type='fc_host' wwnn='1234567890abcdef' wwpn='abcdef1234567890'/>
	  </source>
	  <target>
	     <path>/dev/disk/by-path</path>
	  </target>
	</pool>

	Same is true for the reverse case as well where there exists a SCSI pool
	with adapter type as 'fc_host' and another SCSI pool is defined with
	adapter type as 'scsi_host'.

	This happens because for fc_host 'name' is optional attribute whereas for
	scsi_host its mandatory. However the check in libvirt for finding duplicate
	storage pools didn't take that into account while comparing

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockcopy: allow block device destination
	To date, anyone performing a block copy and pivot ends up with
	the destination being treated as <disk type='file'>.  While this
	works for data access for a block device, it has at least one
	noticeable shortcoming: virDomainGetBlockInfo() reports allocation
	differently for block devices visited as files (the size of the
	device) than for block devices visited as <disk type='block'>
	(the maximum sector used, as reported by qemu); and this difference
	is significant when trying to manage qcow2 format on block devices
	that can be grown as needed.

	Of course, the more powerful virDomainBlockCopy() API can already
	express the ability to set the <disk> type.  But a new API can't
	be backported, while a new flag to an existing API can; and it is
	also rather inconvenient to have to resort to the full power of
	generating XML when just adding a flag to the older call will do
	the trick.  So this patch enhances blockcopy to let the user flag
	when the resulting XML after the copy must list the device as
	type='block'.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_REBASE_COPY_DEV):
	New flag.
	* src/libvirt.c (virDomainBlockRebase): Document it.
	* tools/virsh-domain.c (opts_block_copy, blockJobImpl): Add
	--blockdev option.
	* tools/virsh.pod (blockcopy): Document it.
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Allow new flag.
	(qemuDomainBlockCopy): Remember the flag, and make sure it is only
	used on actual block devices.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Test it.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: add new --bytes flag to virsh blockjob
	Expose the new flag just added to virDomainGetBlockJobInfo.
	With --raw, the presence or absence of --bytes determines which
	flag to use in the single API call.  Without --raw, the use of
	--bytes forces an error if the server doesn't support it,
	otherwise, the code tries to silently fall back to scaling the
	MiB/s value.

	My goal is to eventually also support --bytes in bandwidth mode;
	but that's a bit further down the road (and needs a new API flag
	added in libvirt.h first).

	This changes the human output, but the previous patch added
	raw output precisely so that we can have flexibility with the
	human output.  For this commit, I used qemu-monitor-command to
	force an unusual bandwidth, but the same will be possible once
	qemu implements virDomainBlockCopy:

	Before:
	Block Copy: [100 %]    Bandwidth limit: 2 MiB/s
	After:
	Block Copy: [100 %]    Bandwidth limit: 1048577 bytes/s (1.000 MiB/s)

	The cache avoids having to repeatedly checking whether the flag
	works when talking to an older server, when multiple blockjob
	commands are issued during a batch session and the user is
	manually polling for job completion.

	* tools/virsh.h (_vshControl): Add a cache.
	* tools/virsh.c (cmdConnect, vshReconnect): Initialize the cache.
	* tools/virsh-domain.c (opts_block_job): Add --bytes.
	* tools/virsh.pod (blockjob): Document this.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: add new --raw flag to virsh blockjob
	The current output of 'blockjob [--info]' is a single line
	designed for human consumption; it's not very nice for machine
	parsing.  Furthermore, I have plans to modify the line in
	response to the new flag for controlling bandwidth units.
	Solve that by adding a --raw parameter, which outputs
	information closer to the C struct.

	$ virsh blockjob testvm1 vda --raw
	 type=Block Copy
	 bandwidth=1
	 cur=197120
	 end=197120

	The information is indented, because I'd like for a later patch
	to add a mode that iterates over all the vm's disks with status
	for each; in that mode, each block name would be listed unindented
	before information (if any) about that block.

	Now that we have a raw mode, we can guarantee that it won't change
	format over time.  Any app that cares about parsing the output can
	try --raw, and if it fails, know that it was talking to an older
	virsh and fall back to parsing the human-readable format which had
	not changed until now; meanwhile, when not using --raw, we have
	freed future virsh to change the output to whatever makes sense.

	My first change to human mode: this command now guarantees a line
	is printed on successful use of the API, even when the API did
	not find a current block job (consistent with the rest of virsh).

	Bonus: https://bugzilla.redhat.com/show_bug.cgi?id=1135441
	complained that this message was confusing:

	$ virsh blockjob test1 hda  --async --bandwidth 10
	error: conflict between --abort, --info, and --bandwidth modes

	even though the man page already documents that --async implies
	abort mode, all because '--abort' wasn't present in the command
	line.  Since I'm adding another case where options are tied
	to or imply a mode, I changed that error to:

	error: conflict between abort, info, and bandwidth modes

	* tools/virsh-domain.c (cmdBlockJob): Add --raw parameter; tweak
	error wording.
	* tools/virsh.pod (blockjob): Document it.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: split up virsh blockjob info
	I have plans to make future enhancements to the job list mode,
	which will be easier to do if the common blockJobImpl function
	is not mixing a query command with multiple modify commands.
	Besides, it just feels weird that all callers to blockJobImpl
	had to supply both a bandwidth input argument (unused for info
	mode) and an info output argument (unused for all other modes);
	not to mention I just made similar cleanups on the libvirtd
	side.

	The only reason blockJobImpl returned int was because of info
	mode returning -1/0/1 (all other job API are -1/0), so that
	can also be cleaned up.  No user-visible changes in this commit.

	* tools/virsh-domain.c (blockJobImpl): Change signature and return
	value.  Drop info handling.
	(cmdBlockJob): Handle info here.
	(cmdBlockCommit, cmdBlockCopy, cmdBlockPull): Adjust callers.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: allow finer bandwidth tuning for query
	While reviewing the new virDomainBlockCopy API, Peter Krempa
	pointed out that our existing design of using MiB/s for block
	job bandwidth is rather coarse, especially since qemu tracks
	it in bytes/s; so virDomainBlockCopy only accepts bytes/s.
	But once the new API is implemented for qemu, we will be in
	the situation where it is possible to set a value that cannot
	be accurately reflected back to the user, because the existing
	virDomainGetBlockJobInfo defaults to the coarser units.

	Fortunately, we have an escape hatch; and one that has already
	served us well in the past: we can use the flags argument to
	specify which scale to use (see virDomainBlockResize for prior
	art).  This patch fixes the query side of the API; made easier
	by previous patches that split the query side out from the
	modification code.  Later patches will address the virsh
	interface, as well retrofitting all other blockjob APIs to
	also accept a flag for toggling bandwidth units.

	* include/libvirt/libvirt.h.in (_virDomainBlockJobInfo)
	(VIR_DOMAIN_BLOCK_COPY_BANDWIDTH): Document sizing issues.
	(virDomainBlockJobInfoFlags): New enum.
	* src/libvirt.c (virDomainGetBlockJobInfo): Document new flag.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJobInfo): Add parameter.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJobInfo): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJobInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJobInfo)
	(qemuMonitorJSONGetBlockJobInfoOne): Likewise. Don't scale here.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror): Update
	callers.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl): Likewise.
	(qemuDomainGetBlockJobInfo): Likewise, and support new flag.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: add new monitor json conversions
	The previous patch hoisted some bounds checks to the callers;
	but someone that is not aware of the hoisted check could now
	try passing an integer between LLONG_MAX and ULLONG_MAX.  As a
	safety measure, add new json conversion modes that let libvirt
	error out early instead of pass bad numbers to qemu, if the
	caller ever makes a mistake due to later refactoring.

	Convert the various blockjob QMP calls to use the new modes,
	and switch some of them to be optional (QMP has always supported
	an omitted "speed" the same as "speed":0, for everything except
	block-job-set-speed).

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw):
	Add 'j'/'y' and 'J'/'Y' to error out on negative input.
	(qemuMonitorJSONDriveMirror, qemuMonitorJSONBlockCommit)
	(qemuMonitorJSONBlockJob): Use it.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: hoist bandwidth scaling out of monitor code
	qemu treats blockjob bandwidth as a 64-bit number, in the units
	of bytes/second.  But we stupidly modeled block job bandwidth
	after migration bandwidth, which in turn was an 'unsigned long'
	and therefore subject to 32-bit vs. 64-bit interpretations, and
	with a scale of MiB/s.  Our code already has to convert between
	the two scales, and report overflow as appropriate; although
	this conversion currently lives in the monitor code.  In fact,
	our conversion code limited things to 63 bits, because we
	checked against LLONG_MAX and reject what would be negative
	bandwidth if treated as signed.

	On the bright side, our use of MiB/s means that even with a
	32-bit unsigned long, we still have no problem representing a
	bandwidth of 2GiB/s, which is starting to be more feasible as
	10-gigabit or even faster interfaces are used.  And once you
	get past the physical speeds of existing interfaces, any larger
	bandwidth number behaves the same - effectively unlimited.
	But on the low side, the granularity of 1MiB/s tuning is rather
	coarse.  So the new virDomainBlockJob API decided to go with
	a direct 64-bit bytes/sec number instead of the scaled number
	that prior blockjob APIs had used.  But there is no point in
	rounding this number to MiB/s just to scale it back to bytes/s
	for handing to qemu.

	In order to make future code sharing possible between the old
	virDomainBlockRebase and the new virDomainBlockCopy, this patch
	moves the scaling and overflow detection into the driver code.
	Several of the block job calls that can set speed are fed
	through a common interface, so it was easier to adjust all block
	jobs at once, for consistency.  This patch is just code motion;
	there should be no user-visible change in behavior.

	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob)
	(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Change
	parameter type and scale.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob)
	(qemuMonitorBlockCommit, qemuMonitorDriveMirror): Move scaling
	and overflow detection...
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl)
	(qemuDomainBlockRebase, qemuDomainBlockCommit): ...here.
	(qemuDomainBlockCopy): Use bytes/sec.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: split out block info monitor handling
	Another layer of overly-multiplexed code that deserves to be
	split into obviously separate paths for query vs. modify.
	This continues the cleanup started in commit cefe0ba.

	In the process, make some tweaks to simplify the logic when
	parsing the JSON reply.  There should be no user-visible
	semantic changes.

	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Drop parameter.
	(qemuMonitorBlockJobInfo): New prototype.
	(BLOCK_JOB_INFO): Drop enum.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob)
	(qemuMonitorJSONBlockJobInfo): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Split...
	(qemuMonitorBlockJobInfo): ...into second function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Move
	block info portions...
	(qemuMonitorJSONGetBlockJobInfo): ...here, and rename...
	(qemuMonitorJSONBlockJobInfo): ...and export.
	(qemuMonitorJSONGetBlockJobInfoOne): Alter return semantics.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl, qemuDomainGetBlockJobInfo): Adjust
	callers.
	* src/qemu/qemu_migration.c (qemuMigrationDriveMirror)
	(qemuMigrationCancelDriveMirror): Likewise.

2014-09-05  Ján Tomko  <jtomko@redhat.com>

	Don't include non-migratable features in host-model
	Commit fba6bc4 introduced support for the 'invtsc' feature,
	which blocks migration. We should not include it in the
	host-model CPU by default, because it's intended to be used
	with migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1138221

2014-09-05  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add test cases for previous commit
	This commit is rather big. Firstly, the in memory config
	representation is adjusted like if security_driver was set to "none".
	The rest is then just adaptation to the new code that will generate
	different seclabels.

2014-09-05  Michal Privoznik  <mprivozn@redhat.com>

	conf: Fix even implicit labels
	https://bugzilla.redhat.com/show_bug.cgi?id=1027096#c8

	There are two ways in which security model can make it way into
	<seclabel/>. One is as the @model attribute, the second one is
	via security_driver knob in qemu.conf. Then, while parsing
	<seclabel/> several checks and fix ups of old, stale combinations
	are performed. However, iff @model is specified. They are not
	done in the latter case. So it's still possible to feed libvirt
	with senseless combinations (if qemu.conf is adjusted correctly).

	One example of a seclabel that needs some adjustment (in case
	security_driver=none in qemu.conf) is:

	    <seclabel type='dynamic' relabel='yes'/>

	The fixup code is copied from virSecurityLabelDefParseXML
	(covering the former case) into virSecurityLabelDefsParseXML
	(which handles the latter case).

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: split out block info driver handling
	The qemu implementation for virDomainGetBlockJobInfo() has a
	minor bug: it grabs the qemu job with intent to QEMU_JOB_MODIFY,
	which means it cannot be run in parallel with any other
	domain-modifying command.  Among others, virDomainBlockJobAbort()
	is such a modifying command, and it defaults to being
	synchronous, and can wait as long as several seconds to ensure
	that the job has actually finished.  Due to the job rules, this
	means a user cannot obtain status about the job during that
	timeframe, even though we know that some client management code
	exists which is using a polling loop on status to see when a job
	finishes.

	This bug has been present ever since blockpull support was first
	introduced (commit b976165, v0.9.4 in Jul 2011), all because we
	stupidly tried to cram too much multiplexing through a single
	helper routine, but was made worse in 97c59b9 (v1.2.7) when
	BlockJobAbort was fixed to wait longer.  It's time to disentangle
	some of the mess in qemuDomainBlockJobImpl, and in the process
	relax block job query to use QEMU_JOB_QUERY, since it can safely
	be used in parallel with any long running modify command.

	Technically, there is one case where getting block job info can
	modify domain XML - we do snooping to see if a 2-phase job has
	transitioned into the second phase, for an optimization in the
	case of old qemu that lacked an event for the transition.  I
	claim this optimization is safe (the jobs are all about modifying
	qemu state, not necessarily xml state); but if it proves to be
	a problem, we could use the difference between the capabilities
	QEMU_CAPS_BLOCKJOB_{ASYNC,SYNC} to determine whether we even
	need snooping, and only request a modifying job in the case of
	older qemu.

	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Move info
	handling...
	(qemuDomainGetBlockJobInfo): ...here, and relax job type.
	(qemuDomainBlockJobAbort, qemuDomainBlockJobSetSpeed)
	(qemuDomainBlockRebase, qemuDomainBlockPull): Adjust callers.

2014-09-05  Eric Blake  <eblake@redhat.com>

	blockjob: shuffle block rebase code
	The existing virDomainBlockRebase code rejected the combination of
	_RELATIVE and _COPY flags, but only by accident.  It makes sense
	to add support for the combination someday, at least for the case
	of _SHALLOW and not _REUSE_EXT; but to implement it, libvirt would
	have to pre-create the file with a relative backing name, and I'm
	not ready to code that in yet.

	Meanwhile, the code to forward on to the block copy code is getting
	longer, and reorganizing the function to have the block pull done
	early makes it easier to add even more block copy prep code.

	This patch should have no semantic difference other than the quality
	of the error message on the unsupported flag combination.  Pre-patch:

	error: unsupported flags (0x10) in function qemuDomainBlockCopy

	Post-patch:

	error: argument unsupported: Relative backing during copy not supported yet

	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Reorder code,
	and improve error message of relative copy.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: tighten curly brace syntax checking
	Now that hanging brace offenders have been fixed, we can automate
	the check, and document our style.  Done as a separate commit from
	code changes, to make it easier to just backport code changes, if
	that is ever needed.

	* cfg.mk (sc_curly_braces_style): Catch hanging braces.
	* docs/hacking.html.in: Document it.
	* HACKING: Regenerate.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use hanging curly braces
	Our style overwhelmingly uses hanging braces (the open brace
	hangs at the end of the compound condition, rather than on
	its own line), with the primary exception of the top level function
	body.  Fix the few remaining outliers, before adding a syntax
	check in a later patch.

	* src/interface/interface_backend_netcf.c (netcfStateReload)
	(netcfInterfaceClose, netcf_to_vir_err): Correct use of { in
	compound statement.
	* src/conf/domain_conf.c (virDomainHostdevDefFormatSubsys)
	(virDomainHostdevDefFormatCaps): Likewise.
	* src/network/bridge_driver.c (networkAllocateActualDevice):
	Likewise.
	* src/util/virfile.c (virBuildPathInternal): Likewise.
	* src/util/virnetdev.c (virNetDevGetVirtualFunctions): Likewise.
	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanVPortProfileCallback): Likewise.
	* src/util/virtypedparam.c (virTypedParameterAssign): Likewise.
	* src/util/virutil.c (virGetWin32DirectoryRoot)
	(virFileWaitForDevices): Likewise.
	* src/vbox/vbox_common.c (vboxDumpNetwork): Likewise.
	* tests/seclabeltest.c (main): Likewise.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: enforce previous if-else {} cleanups
	Done as a separate commit in case earlier cleanups are backported
	independently.

	* cfg.mk (sc_require_space_before_label): New rule.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in remaining spots
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.

	This patch focuses on all remaining problems, where there weren't
	enough issues to warrant splitting it further.

	* src/remote/remote_driver.c (doRemoteOpen): Correct use of {}.
	* src/security/virt-aa-helper.c (vah_add_path, valid_path, main):
	Likewise.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectLibSSH2):
	Likewise.
	* src/esx/esx_vi_types.c (esxVI_Type_FromString): Likewise.
	* src/uml/uml_driver.c (umlDomainDetachDevice): Likewise.
	* src/util/viralloc.c (virShrinkN): Likewise.
	* src/util/virbuffer.c (virBufferURIEncodeString): Likewise.
	* src/util/virdbus.c (virDBusCall): Likewise.
	* src/util/virnetdev.c (virNetDevValidateConfig): Likewise.
	* src/util/virnetdevvportprofile.c
	(virNetDevVPortProfileGetNthParent): Likewise.
	* src/util/virpci.c (virPCIDeviceIterDevices)
	(virPCIDeviceWaitForCleanup)
	(virPCIDeviceIsBehindSwitchLackingACS): Likewise.
	* src/util/virsocketaddr.c (virSocketAddrGetNumNetmaskBits):
	Likewise.
	* src/util/viruri.c (virURIParseParams): Likewise.
	* daemon/stream.c (daemonStreamHandleAbort): Likewise.
	* tests/testutils.c (virtTestResult): Likewise.
	* tests/cputest.c (cpuTestBaseline): Likewise.
	* tools/virsh-domain.c (cmdDomPMSuspend): Likewise.
	* tools/virsh-host.c (cmdNodeSuspend): Likewise.
	* src/esx/esx_vi_generator.py (Type.generate_typefromstring):
	Tweak generated code.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in lxc, vbox, phyp
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.

	This patch focuses on drivers that had several issues.

	* src/lxc/lxc_fuse.c (lxcProcGetattr, lxcProcReadMeminfo): Correct
	use of {}.
	* src/lxc/lxc_driver.c (lxcDomainMergeBlkioDevice): Likewise.
	* src/phyp/phyp_driver.c (phypConnectNumOfDomainsGeneric)
	(phypUUIDTable_Init, openSSHSession, phypStoragePoolListVolumes)
	(phypConnectListStoragePools, phypDomainSetVcpusFlags)
	(phypStorageVolGetXMLDesc, phypStoragePoolGetXMLDesc)
	(phypConnectListDefinedDomains): Likewise.
	* src/vbox/vbox_common.c (vboxAttachSound, vboxDumpDisplay)
	(vboxDomainRevertToSnapshot, vboxDomainSnapshotDelete): Likewise.
	* src/vbox/vbox_tmpl.c (vboxStorageVolGetXMLDesc): Likewise.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in xen and friends
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.

	This patch focuses on code related to xen.

	* src/libxl/libxl_conf.c (libxlCapsInitGuests)
	(libxlMakeDomBuildInfo): Correct use of {}.
	* src/xen/xen_hypervisor.c (virXen_getvcpusinfo)
	(xenHypervisorMakeCapabilitiesInternal): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen)
	(xenDaemonDomainMigratePerform, xend_detect_config_version)
	(xenDaemonDetachDeviceFlags, xenDaemonDomainMigratePerform)
	(xenDaemonDomainBlockPeek): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiConnectListDomains)
	(xenapiDomainLookupByUUID, xenapiDomainGetOSType): Likewise.
	* src/xenconfig/xen_common.c (xenParseCPUFeatures, xenFormatNet):
	Likewise.
	* src/xenconfig/xen_sxpr.c (xenParseSxpr, xenFormatSxprNet)
	(xenFormatSxpr): Likewise.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in qemu
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.

	This commit focuses on the qemu driver.

	* src/qemu/qemu_command.c (qemuParseISCSIString)
	(qemuParseCommandLineDisk, qemuParseCommandLine)
	(qemuBuildSmpArgStr, qemuBuildCommandLine)
	(qemuParseCommandLineDisk, qemuParseCommandLineSmp): Correct use
	of {}.
	* src/qemu/qemu_capabilities.c (virQEMUCapsProbeCPUModels):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainCoreDumpWithFormat)
	(qemuDomainRestoreFlags, qemuDomainGetInfo)
	(qemuDomainMergeBlkioDevice): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextCreateSnapshot)
	(qemuMonitorTextLoadSnapshot, qemuMonitorTextDeleteSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStop): Likewise.

2014-09-04  Eric Blake  <eblake@redhat.com>

	maint: use consistent if-else braces in conf and friends
	I'm about to add a syntax check that enforces our documented
	HACKING style of always using matching {} on if-else statements.

	This patch focuses on code shared between multiple drivers.

	* src/conf/domain_conf.c (virDomainFSDefParseXML)
	(virSysinfoParseXML, virDomainNetDefParseXML)
	(virDomainWatchdogDefParseXML)
	(virDomainRedirFilterUSBDevDefParseXML): Correct use of {}.
	* src/conf/interface_conf.c (virInterfaceDefParseDhcp)
	(virInterfaceDefParseIp, virInterfaceVlanDefFormat)
	(virInterfaceDefParseStartMode, virInterfaceDefParseBondMode)
	(virInterfaceDefParseBondMiiCarrier)
	(virInterfaceDefParseBondArpValid): Likewise.
	* src/conf/node_device_conf.c (virNodeDevCapStorageParseXML):
	Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDetailsParse)
	(virNWFilterRuleParse, virNWFilterDefParseXML): Likewise.
	* src/conf/secret_conf.c (secretXMLParseNode): Likewise.
	* src/cpu/cpu_x86.c (x86Baseline, x86FeatureLoad, x86ModelLoad):
	Likewise.
	* src/network/bridge_driver.c (networkKillDaemon)
	(networkDnsmasqConfContents): Likewise.
	* src/node_device/node_device_hal.c (dev_refresh): Likewise.
	* src/nwfilter/nwfilter_gentech_driver.c (virNWFilterInstantiate):
	Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(_iptablesCreateRuleInstance): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskBuildPool): Likewise.

2014-09-04  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add HOME environment variable
	We lacked of HOME environment variable,
	set 'HOME=/' as default.

	The kernel sets up $HOME for the init process.
	Therefore any init can assume that $HOME is set.
	libvirt currently violates that implicit rule.

2014-09-04  Felix Geyer  <debfx@fobos.de>

	apparmor: allow reading cap_last_cap
	libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
	and thus running a qemu guest fails.

	Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.

2014-09-04  Giuseppe Scrivano  <gscrivan@redhat.com>

	tests: force FIPS testing mode with new enough GNU TLS versions

	security: fix DH key generation when FIPS mode is on
	When FIPS mode is on, gnutls_dh_params_generate2 will fail if 1024 is
	specified as the prime's number of bits, a bigger value works in both
	cases.

2014-09-03  Wang Rui  <moon.wangrui@huawei.com>

	lxc_container: Resolve Coverity RESOURCE_LEAK
	Memory is allocated for 'mnt_src' by VIR_STRDUP in the loop. Next
	loop it will be allocated again. So we need to free 'mnt_src'
	before continue the loop.

	vircgroup: Resolve Coverity RESOURCE_LEAK
	Need to free 'root' and 'opts' before 'return -1' if symlink fails.

	qemu_process: Resolve Coverity RESOURCE_LEAK
	If virSecurityManagerClearSocketLabel() fails, 'agent' won't
	be freed before jumping to cleanup.

	remote: Resolve Coverity RESOURCE_LEAK
	Need to free 'uri_out' on error path.

	test_conf: Resolve Coverity RESOURCE_LEAK
	If the condition 'ret < 0' is true, the code will jump to
	'cleanup' and 'conf' won't be freed.

	tests: Resolve Coverity RESOURCE_LEAK in commandhelper
	Coverity determined that 'log' and 'newenv' were not freed in
	some cases. Free them in 'error' branch and normal branch.

2014-09-03  Eric Blake  <eblake@redhat.com>

	command: test umask support
	Add testsuite coverage for the recent commit 0e1a1a8.

	* tests/commandhelper.c (main): Output umask.
	* tests/commandtest.c (test15): Also test umask.
	(mymain): Add test.
	* tests/commanddata/*.log: Update expected output.

2014-09-03  Martin Kletzander  <mkletzan@redhat.com>

	util: don't shadow global umask declaration
	Commit 0e1a1a8c introduced umask for virCommand, but the variables
	used emit a warning on older compilers about shadowed global
	declaration.

2014-09-03  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Avoid freeing uninitialized value
	https://bugzilla.redhat.com/show_bug.cgi?id=1136788

2014-09-03  Chunyan Liu  <cyliu@suse.com>

	qemu: ensure sane umask for qemu process
	Add umask to _virCommand, allow user to set umask to command.
	Set umask(002) to qemu process to overwrite the default umask
	of 022 set by many distros, so that unix sockets created for
	virtio-serial has expected permissions.

	Fix problem reported here:
	https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
	https://bugzilla.novell.com/show_bug.cgi?id=888166

	To use virtio-serial device, unix socket created for chardev with
	default umask(022) has insufficient permissions.
	e.g.:
	-device virtio-serial \
	-chardev socket,path=/tmp/foo,server,nowait,id=foo \
	-device virtserialport,chardev=foo,name=org.fedoraproject.port.0

	srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock

	Other users in the same group (like real user, test engines, etc)
	cannot write to this socket.

2014-09-03  Jiri Denemark  <jdenemar@redhat.com>

	spec: Fix preun script for daemon
	%systemd_preun macro cannot be split into several lines.

	https://bugzilla.redhat.com/show_bug.cgi?id=1136736

2014-09-02  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix memory leak on error path when deserializing bulk stats
	The 'elem' variable along with the domain object would be leaked when
	taking the error path.

	Found by coverity.

2014-09-02  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	util: Introduce flags field for macvtap creation
	Currently, there is one flag passed in during macvtap creation
	(withTap) -- Let's convert this field to an unsigned int flag
	field for future expansion.

2014-09-02  Ján Tomko  <jtomko@redhat.com>

	Free ifname in testDomainGenerateIfnames
	https://bugzilla.redhat.com/show_bug.cgi?id=1135388

2014-09-02  Michal Privoznik  <mprivozn@redhat.com>

	Post-release version bump for new dev cycle

2014-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.8
	* docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: new localizations and regenerate pos

2014-09-01  Eric Blake  <eblake@redhat.com>

	blockcopy: allow larger buf-size
	While qemu definitely caps granularity to 64 MiB, it places no
	limits on buf-size.  On a machine beefy enough for lots of
	memory, a buf-size larger than 2 GiB is feasible, so we should
	pass a 64-bit parameter.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COPY_BUF_SIZE):
	Allow 64 bits.

2014-09-01  Martin Kletzander  <mkletzan@redhat.com>

	selinux: properly label tap FDs with imagelabel
	The cleanup in commit cf976d9d used secdef->label to label the tap
	FDs, but that is not possible since it's process-only label (svirt_t)
	and not a object label (e.g. svirt_image_t).  Starting a domain failed
	with EPERM, but simply using secdef->imagelabel instead of
	secdef->label fixes it.

2014-09-01  Christophe Fergeau  <cfergeau@redhat.com>

	Fix connection to already running session libvirtd
	Since 1b807f92, connecting with virsh to an already running session
	libvirtd fails with:
	$ virsh list --all
	error: failed to connect to the hypervisor
	error: no valid connection
	error: Failed to connect socket to
	'/run/user/1000/libvirt/libvirt-sock': Transport endpoint is already
	connected

	This is caused by a logic error in virNetSocketNewConnectUnix: even if
	the connection to the daemon socket succeeded, we still try to spawn the
	daemon and then connect to it.
	This commit changes the logic to not try to spawn libvirtd if we
	successfully connected to its socket.

	Most of this commit is whitespace changes, use of -w is recommended to
	look at it.

2014-08-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: zfs: fix double listing of new volumes
	Currently, after calling commands to create a new volumes,
	virStorageBackendZFSCreateVol calls virStorageBackendZFSFindVols that
	calls virStorageBackendZFSParseVol.

	virStorageBackendZFSParseVol checks if a volume already exists by
	trying to get it using virStorageVolDefFindByName.

	For a just created volume it returns NULL, so volume is reported as
	new and appended to pool->volumes. This causes a volume to be listed
	twice as storageVolCreateXML appends this new volume to the list as
	well.

	Fix that by passing a new volume definition to
	virStorageBackendZFSParseVol so it could determine if it needs to add
	this volume to the list.

2014-08-29  John Ferlan  <jferlan@redhat.com>

	qemu_driver: Resolve Coverity FORWARD_NULL
	In qemuDomainSnapshotCreateDiskActive() if we jumped to cleanup from a
	failed actions = virJSONValueNewArray(), then 'cfg' would be NULL.

	So just return -1, which in turn removes the need for cleanup:

2014-08-29  John Ferlan  <jferlan@redhat.com>

	virnetserverservice: Resolve Coverity ARRAY_VS_SINGLETON
	Coverity complained about the following:

	(3) Event ptr_arith:
	   Performing pointer arithmetic on "cur_fd" in expression "cur_fd++".
	130             return virNetServerServiceNewFD(*cur_fd++,

	The complaint is that pointer arithmetic taking place instead of the
	expected auto increment of the variable...  Adding some well placed
	parentheses ensures our order of operation.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu: Allow use of iothreads for disk definitions
	For virtio-blk-pci disks with the disk iothread attribute that are
	running the correct emulator, add the "iothread=iothread#" to the
	-device command line in order to enable iothreads for the disk as
	long as the command is available, the disk iothread value provided is
	valid, and is supported for the disk device being added

	domain_conf: Add support for iothreads in disk definition
	Add a new disk "driver" attribute "iothread" to be parsed as the thread
	number for the disk to use. In order to more easily facilitate the usage
	and configuration of the iothread, a "zero" for the attribute indicates
	iothreads are not supported for the device and a positive value indicates
	the specific thread to try and use.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu: Add support for iothreads
	Add a new capability to ensure the iothreads feature exists for the qemu
	emulator being run - requires the "query-iothreads" QMP command. Using the
	domain XML add correspoding command argument in order to generate the
	threads. The iothreads will use a name space "iothread#" where, the
	future patch to add support for using an iothread to a disk definition to
	merely define which of the available threads to use.

	Add tests to ensure the xml/argv processing is correct.  Note that no
	change was made to qemuargv2xmltest.c as processing the -object element
	would require knowing more than just iothreads.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	domain_conf: Introduce iothreads XML
	Introduce XML to allowing adding iothreads to the domain. These can be
	used by virtio-blk-pci devices in order to assign a specific thread to
	handle the workload for the device.  The iothreads are the official
	implementation of the virtio-blk Data Plane that's been in tech preview
	for QEMU.

	libxl_migration: Resolve Coverity NULL_RETURNS
	Coverity noted that all callers to libxlDomainEventQueue() could ensure
	the second parameter (event) was true before calling except this case.
	As I look at the code and how events are used - it seems that prior to
	generating an event for the dom == NULL condition, the resume/suspend
	event should be queue'd after the virDomainSaveStatus() call which will
	goto cleanup and queue the saved event anyway.

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement bulk stats API and one of the stats groups to return
	Implement the API function for virDomainListGetStats and
	virConnectGetAllDomainStats in a modular way and implement the
	VIR_DOMAIN_STATS_STATE group of statistics.

	Although it may look like the function looks universal I'd rather not
	expose it to other drivers as the coming stats groups are likely to do
	qemu specific stuff to obtain the stats.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu_command: Resolve Coverity DEADCODE
	One useless warning, but the other one rather pertinent. On entry
	the 'trans' variable is initialized to VIR_DOMAIN_DISK_TRANS_DEFAULT.
	When the "trans" was found in the parsing loop it def->geometry.trans
	was assigned to the return from virDomainDiskGeometryTransTypeFromString
	and then 'trans' was used to do the comparison to see if it was valid.

	So remove 'trans' and use def->geometry.trans properly

2014-08-28  John Ferlan  <jferlan@redhat.com>

	qemu_driver: Resolve Coverity DEADCODE
	A bunch of false positives brought on by our own doings

	domain_conf: Resolve Coverity DEADCODE
	A bunch of a useless warnings brought on by our own doing.

	qemu_monitor: Resolve Coverity NESTING_INDENT_MISMATCH
	The PROBE macro can expand to more than one line/statement - put curly
	braces around the if statement to be safe

	storage_conf: Resolve Coverity RESOURCE_LEAK
	If there was a failure processing 'authdef' and the code went to cleanup
	before the setting to source->auth, then it'd be leaked.

	qemu_driver: Resolve Coverity RESOURCE_LEAK
	Coverity found that the 'buf' wasn't VIR_FREE'd at exit.

	phyp_driver: Resolve Coverity RESOURCE_LEAK
	Coverity determines that when jumping to the connected: label, the
	addressinfo (ai) is not free'd.

2014-08-28  John Ferlan  <jferlan@redhat.com>

	libxl_migration: Resolve Coverity RESOURCE_LEAK
	In libxlDomainMigrationPrepare() if the uri_in is false, then
	'hostname' is allocated and used "generically" in the routine,
	but not freed.  Conversely, if uri_in is true, then a uri is
	allocated and hostname is set to the uri->hostname value and
	likewise generically used.

	At function exit, hostname wasn't free'd in the !uri_in path,
	so that was added.  To just make it clearer on usage the else
	path became the call to virURIFree() although I suppose technically
	it didn't have to since it would be a call using (NULL)

2014-08-28  John Ferlan  <jferlan@redhat.com>

	bridge_driver: Resolve Coverity RESOURCE_LEAK
	In the error path the 'ipaddr' wasn't VIR_FREE'd before jumping to cleanup

	virsh-network: Resolve Coverity RESOURCE_LEAK
	Need to free 'xmlFromFile' on/for the error path when current was
	returning false only

	network_conf: Resolve Coverity RESOURCE_LEAK
	Need to VIR_FREE the startip/endip we allocated for the error message

	qemu_capabilities: Resolve Coverity RESOURCE_LEAK
	Coverity determined that on error path that 'mach' wouldn't be free'd
	Since virCapabilitiesFreeGuestMachine() isn't globally available, we'll
	insert first and then if the VIR_STRDUP's fail they it will eventually
	cause the 'mach' to be freed in the error path

	libxl_domain: Resolve Coverity RESOURCE_LEAK
	On the error path need to free the chrdef

	qemu_agent: Resolve Coverity RESOURCE_LEAK
	Coverity found that on error paths, the 'arg' value wasn't be cleaned
	up. Followed the example in qemuAgentSetVCPUs() where upon successful call
	to qemuAgentCommand() the 'cpus' is set to NULL; otherwise, when cleanup
	occurs the free the memory for 'arg'

	qemu_command: Resolve Coverity RESOURCE_LEAK
	In qemuParseISCSIString() if an error was returned, then the call
	to qemuParseDriveURIString() where the uri is free'd wouldn't be run

	cpu_x86: Resolve Coverity RESOURCE_LEAK
	Coverity determined that the copied 'oldguest' would be leaked for
	both error and success paths.

	domain_conf: Resolve Coverity RESOURCE_LEAK
	Resolve a few RESOURCE_LEAK's identified by Coverity

	daemon: Resolve Coverity NEGATIVE_RETURNS
	In each of these cases, Coverity complains that the result count returned
	on error paths would be -1 disregarding that the count and the corresponding
	are "linked" together (it doesn't know that).  Simple enough to check and
	remove the warning

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Implement command to excercise the bulk stats APIs
	Add "domstats" command that excercises both of the new APIs depending if
	you specify a domain list or not. The output is printed as a key=value
	list of the returned parameters.

2014-08-28  Wang Rui  <moon.wangrui@huawei.com>

	qemu_capabilities: Resolve Coverity RESOURCE_LEAK
	In function virQEMUCapsParseMachineTypesStr, VIR_STRNDUP allocates
	memory for 'name' in {do,while} loop. If 'name' isn't freed before
	'continue', its memory will be allocated again in the next loop.
	In this case the memory allocated for 'name' in privious loop is
	useless and not freed. Free it before continue this loop to fix that.

	tests: Resolve Coverity RESOURCE_LEAK
	The 'lib' handle will be leaked if 'dlsym' condition fails.
	So close the handle before return.

	util: Resolve Coverity RESOURCE_LEAK
	Coverity determined that 'conflict' would be leaked.

2014-08-28  Peter Krempa  <pkrempa@redhat.com>

	remote: Implement bulk domain stats APIs in the remote driver
	Implement the remote driver support for shuffling the domain stats
	around.

	lib: Add few flags for the bulk stats APIs
	Add domain list filtering functions and a flag to enforce checking
	whether the remote daemon supports the requested stats groups.

	conf: Add helper to free domain list
	Add helper to free a list of virDomainPtrs without raising or clearing
	errors. Use it in one place and prepare it for reuse.

2014-08-28  Erik Skultety  <eskultet@redhat.com>

	virsh: fix keepalive error msg
	resolves https://bugzilla.redhat.com/show_bug.cgi?id=1132305:

	The error message for an out-of-range argument was confusing:

	virsh -k 9999999999
	error: option --k requires a positive numeric argument

	After this patch, it is:

	error: Invalid value for option -k

2014-08-27  John Ferlan  <jferlan@redhat.com>

	qemu_capabilities: Resolve Coverity NULL_RETURNS
	Adjust the initialization of qemuCaps() to check for a NULL before
	attempting to dereference like other callers/users do.

	qemu_driver: Resolve Coverity CONSTANT_EXPRESSION_RESULT
	The call to virDomainSnapshotRedefinePrep() had a spurrious ! in front of
	it which caused Coverity to complan that the expression is always false.

2014-08-27  John Ferlan  <jferlan@redhat.com>

	domain_conf: Resolve Coverity REVERSE_INULL
	Coverity complains that checking for domain->def being non NULL in the
	if (live) path of virDomainObjAssignDef() would be unnecessary or a
	NULL deref since the call to virDomainObjIsActive() would already
	dereference domain->def when checking if the def->id field was != -1.

	Checked all callers to virDomainObjAssignDef() and each at some point
	dereferences (vm)->def->{field} prior to calling when live is true.

2014-08-27  John Ferlan  <jferlan@redhat.com>

	qemu_command: Resolve Coverity REVERSE_INULL
	In qemuNetworkIfaceConnect() a call to virNetDevBandwidthSet() is
	made where the function prototype requires the first parameter
	(net->ifname) to be non NULL.  Coverity complains that the subsequent
	non NULL check for net->ifname prior to the next call gets flagged as
	an unnecessary check.  Resolve by removing the extra check

	domain_conf: Resolve Coverity REVERSE_INULL
	In virDomainActualNetDefFormat() a call to virDomainNetGetActualType(def)
	was made before a check for (!def) a few lines later. This triggered
	Coverity to note the possible NULL deref.  Just moving the initialization
	to after the !def checks resolves the issue

2014-08-27  John Ferlan  <jferlan@redhat.com>

	storage_driver: Resolve Coverity REVERSE_INULL
	There were two occurrances of attempting to initialize actualType by
	calling virStorageSourceGetActualType(src) prior to a check if (!src)
	resulting in Coverity complaining about the possible NULL dereference
	in virStorageSourceGetActualType() of src.

	Resolve by moving the actualType setting until after checking !src

2014-08-27  John Ferlan  <jferlan@redhat.com>

	xen_xm: Resolve Coverity USE_AFTER_FREE
	If virDomainDiskDefFree(disk) is called in 'skipdisk:', then it's possible
	to either return to skipdisk without reallocating a new disk (via the if
	condition just prior) or to end the loop having deleted the disk. Since
	virDomainDiskDefFree() does not pass by reference, disk isn't changed in
	this context, thus the possible issue.

2014-08-27  John Ferlan  <jferlan@redhat.com>

	xen_common: Resolve Coverity USE_AFTER_FREE
	There were two warnings in this module

	  If the VIR_ALLOC_N(def->serials, 1) fails, then a virDomainChrDefFree(chr)
	  is called and we jump to cleanup which makes the same call. Just remove
	  the one after VIR_ALLOC_N()

	  In the label "skipnic:" a virDomainNetDefFree(net) is made; however, if
	  in going back to the top of the loop we jump back down to skipnic for any
	  reason, the call will attempt to free an already freed structure since
	  "net" was not passed by reference to virDomainNetDefFree().  Just set
	  net = NULL in skipnic: to resolve the issue.

2014-08-27  John Ferlan  <jferlan@redhat.com>

	parallels: Resolve Coverity USE_AFTER_FREE
	Coverity complains that calling virNetworkDefFree(def), then jumping
	to the cleanup: label which calls virNetworkDefFree(def) could result
	in a double_free.  Just remove the call from the if statement.

2014-08-27  Martin Kletzander  <mkletzan@redhat.com>

	conf: fix leak with def->mem.hugepages

2014-08-27  Michal Privoznik  <mprivozn@redhat.com>

	vbox: Register per partes
	Since times when vbox moved to the daemon (due to some licensing
	issue) the subdrivers that vbox implements were registered, but not
	opened since our generic subdrivers took priority. I've tried to fix
	this in 65b7d553f39ff9 but it was not correct. Apparently moving
	vbox driver registration upfront changes the default connection URI
	which makes some users sad. So, this commit breaks vbox into pieces
	and register vbox's network and storage drivers first, and vbox driver
	then at the end. This way, the vbox driver is registered in the order
	it always was, but its subdrivers are registered prior the generic
	ones.

	virDriverLoadModule: Honor libvirt func name tranlsation
	There's this unwritten rule in libvirt that vir_function is translated
	into virFunction when needed (e.g. in remote protocol definition,
	python, ...). Up till now we ignored such translation in driver module
	loading and did fine. Well, we didn't have any module with an
	underscore in its name. But this will change in next commit. The
	problem is, once an a module is dlopen()-ed, we derive register
	function name from its name. So instead of "driver_subdriverRegister"
	do some magic to turn that into "driverSubdriverRegister".

	virdrivermoduletest: Test all the modules
	Even though we kept adding new and new modules (e.g. vbox or bhyve)
	the test wasn't updated. Do that now. Moreover, while it's not
	crucial, it's nice to reorder test cases to match the order in which
	the daemon loads the modules.

2014-08-27  Eric Blake  <eblake@redhat.com>

	domain_conf: fix internal flag verification
	While working on virDomainBlockCopy, I noticed we had a verify()
	concerning internal XML flags that was incomplete after several
	recent flag additions; move that up higher in the code to make it
	harder to forget to modify on the next flag addition.  Adjust
	some formatting while at it.

	* src/conf/domain_conf.c (verify): Move closer to internal flag
	definitions.  Cover missing flags ALLOW_ROM and ALLOW_BOOT.

2014-08-27  Eric Blake  <eblake@redhat.com>

	virsh: drop unused variable
	While prepping for virDomainBlockJob patches, I found some dead code.

	* tools/virsh-domain.c (blockJobImpl): Kill unused 'name'.

2014-08-27  Jincheng Miao  <jmiao@redhat.com>

	qemu: call endjob in RevertToSnapshot
	In qemuDomainRevertToSnapshot(), it will check snap->def->state.
	But when the state is PMSUSPENDED/NOSTATE/BLOCKED, it forgets to
	call qemuDomainObjEndJob.

	https://bugzilla.redhat.com/show_bug.cgi?id=1134154
	Bug introduced in commit 1e833899.

2014-08-27  Eric Blake  <eblake@redhat.com>

	API: Tweak virDomainOpenGraphics to return fd directly
	Let's fix this before we bake in a painful API.  Since we know
	that we have exactly one non-negative fd on success, we might
	as well return the fd directly instead of forcing the user to
	pass in a pointer.  Furthermore, I found some memory and fd
	leaks while reviewing the code - the idea is that on success,
	libvirtd will have handed two fds in two different directions:
	one to qemu, and one to the RPC client.

	* include/libvirt/libvirt.h.in (virDomainOpenGraphicsFD): Drop
	unneeded parameter.
	* src/driver.h (virDrvDomainOpenGraphicsFD): Likewise.
	* src/libvirt.c (virDomainOpenGraphicsFD): Adjust interface to
	return fd directly.
	* daemon/remote.c (remoteDispatchDomainOpenGraphicsFd): Adjust
	semantics.
	* src/qemu/qemu_driver.c (qemuDomainOpenGraphicsFD): Likewise,
	and plug fd leak.
	* src/remote/remote_driver.c (remoteDomainOpenGraphicsFD):
	Likewise, and plug memory and fd leak.

2014-08-26  Eric Blake  <eblake@redhat.com>

	blockcopy: virDomainBlockCopy with XML destination, typed params
	This commit (finally) adds the virDomainBlockCopy API, with the
	intent that it will provide more power to the existing 'virsh
	blockcopy' command.

	'virsh blockcopy' was first added in Apr 2012 (v0.9.12), which
	corresponds to the upstream qemu 1.2 timeframe.  It was done as
	a hack on top of the existing virDomainBlockRebase() API call,
	for two reasons: 1) it was targetting a feature that landed first
	in downstream RHEL qemu, but had not stabilized in upstream qemu
	at the time (and indeed, 'drive-mirror' only landed upstream in
	qemu 1.3 with slight differences to the first RHEL attempt,
	and later gained further parameters like granularity and buf-size
	that are also worth exposing), and 2) extending an existing API
	allowed it to be backported without worrying about bumping .so
	versions.  A virDomainBlockCopy() API was proposed at that time
	[1], but we decided not to accept it into libvirt until after
	upstream qemu stabilized, and it ended up getting scrapped.
	Whether or not RHEL should have attempted adding a new feature
	without getting it upstream first is a debate that can be held
	another day; but enough time has now elapsed that we are ready to
	do the interface cleanly.

	[1] https://www.redhat.com/archives/libvir-list/2012-April/msg00768.html

	Delaying the creation of a clean API until now has also had a
	benefit: we've only recently learned of a few shortcomings in the
	original design: 1) it is unable to target a network destination
	(such as a gluster volume) because it hard-coded the assumption
	that the destination is a local file name.  Because of all the
	refactoring we've done to add virStorageSourcePtr, we are in a
	better position to declare an API that parses XML describing a
	host storage source as the copy destination, which was not
	possible had we implemented virDomainBlockCopy as it had been
	originally envisioned (although a network target will have to wait
	until a later libvirt release compared to the API addition to
	actually be implemented).  2) the design of using MiB/sec as the
	bandwidth throttle is rather coarse; qemu is actually tuned to
	bytes/second, and libvirt is preventing access to that level of
	detail.  A later patch will add flags to existing block job API
	that can request bytes/second instead of back-compat MiB/s, but as
	this is a new API, we can get it right to begin with.

	At least I had the foresight to create 'virsh blockcopy' as a
	separate command at the UI level (commit 1f06c00) rather than
	leaking the underlying API overload of virDomainBlockRebase onto
	shell users.

	A further note on the bandwidth option: virTypedParameters
	intentionally lacks unsigned long (since variable-width
	interaction between mixed 32- vs. 64-bit client/server setups is
	nasty), but we have to deal with the fact that we are interacting
	with existing older code that mistakenly chose unsigned long
	bandwidth at a point before we decided to prohibit it in all new
	API.  The typed parameter is therefore unsigned long long, but
	the implementation (in a later patch) will have to do overflow
	detection on 32-bit platforms, as well as capping the value to
	match the LLONG_MAX>>20 cap of the existing MiB/s interfaces.

	* include/libvirt/libvirt.h.in (virDomainBlockCopy): New API.
	(virDomainBlockJobType, virConnectDomainEventBlockJobStatus):
	Update related documentation.
	* src/libvirt.c (virDomainBlockCopy): Implement it.
	* src/libvirt_public.syms (LIBVIRT_1.2.8): Export it.
	* src/driver.h (_virDriver): New driver callback.

2014-08-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Split out code to lookup domain from string
	Split out guts of the function to reuse it to get domain objects from
	string.

2014-08-26  Peter Krempa  <pkrempa@redhat.com>

	lib: Introduce API for retrieving bulk domain stats
	The motivation for this API is that management layers that use libvirt
	usually poll for statistics using various split up APIs we currently
	provide. To get all the necessary stuff, the app needs to issue a lot of
	calls and aggregate the results.

	The APIs I'm introducing here:
	1) Returns data in a format that we can expand in the future and is
	(pseudo) hierarchical. The data is returned as typed parameters where
	the fields are constructed as dot-separated strings containing names and
	other stuff in a list of typed params.

	2) Stats for multiple (all) domains can be queried at once and are
	returned in one call. This will decrease the overhead necessary to issue
	multiple calls per domain multiplied by the count of domains.

	3) Selectable (bit mask) fields in the returned format. This will allow
	to retrieve only specific stats according to the app's need.

	The stats groups will be enabled using a bit field @stats passed as the
	function argument. A few sample stats groups that this API will support:

	VIR_DOMAIN_STATS_STATE
	VIR_DOMAIN_STATS_CPU
	VIR_DOMAIN_STATS_BLOCK
	VIR_DOMAIN_STATS_INTERFACE

	(Note that this is only an example, the initial implementation supports
	 only VIR_DOMAIN_STATS_STATE while others will be added later.)

	the returned typed params will use the following scheme

	state.state = VIR_DOMAIN_RUNNING
	state.reason = VIR_DOMAIN_RUNNING_BOOTED (the actual values according to
	                                          the enum)
	cpu.count = 8
	cpu.0.state = running
	cpu.0.time = 1234

2014-08-26  Ján Tomko  <jtomko@redhat.com>

	Wire up virDomainOpenGraphicsFD in QEMU driver
	Should fix https://bugzilla.redhat.com/show_bug.cgi?id=999926

	Add RPC implementation for virDomainOpenGraphicsFd

	Introduce virDomainOpenGraphicsFD API
	Define the public API implementation and declare internal
	driver prototype.

2014-08-26  Erik Skultety  <eskultet@redhat.com>

	blkdeviotune: check for overflow when parsing XML
	According to docs/schemas/domaincommon.rng and _virDomainBlockIoTuneInfo
	all the iotune values are interpreted as unsigned long long, however
	according to qemu_monitor_json.c, qemu silently truncates numbers
	larger than LLONG_MAX. There's really not much of a usage for such
	large numbers anyway yet. This patch provides the same overflow
	check during a domain start as it does during setting
	a blkdeviotune element in qemu_driver.c and thus reports an error when
	a larger number than LLONG_MAX is detected.

	https://bugzilla.redhat.com/show_bug.cgi?id=1131876

2014-08-26  Ján Tomko  <jtomko@redhat.com>

	virsh: Initialize vshData in cmdMigrate
	If the virConnect did not succeeed, we called
	virConnectClose on uninitialized data.

	Introduced by commit 7eabd55.

2014-08-26  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	storage: remove unused 'canonPath' in virStorageFileGetMetadata
	Introduced by commit 395171f.

2014-08-26  Alex Williamson  <alex.williamson@redhat.com>

	Add new 'kvm' domain feature and ability to hide KVM signature
	QEMU 2.1 added support for the kvm=off option to the -cpu command,
	allowing the KVM hypervisor signature to be hidden from the guest.
	This enables disabling of some paravirualization features in the
	guest as well as allowing certain drivers which test for the
	hypervisor to load.  Domain XML syntax is as follows:

	<domain type='kvm>
	  ...
	  <features>
	    ...
	    <kvm>
	      <hidden state='on'/>
	    </kvm>
	  </features>
	  ...

2014-08-26  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix memory corruption introduced by commit b55cc5f4e
	Commit b55cc5f4e did a shallow copy of libxl_{sdl,vnc}_info from the
	domain config to the build info, which resulted in double-freeing
	strings contained in the structures during cleanup, which later
	resulted in a libvirtd crash.  Fix by performing a deep copy of the
	structure, VIR_STRDUP'ing embedded strings instead of simply copying
	their pointers.

	Fixes the following issue reported on the libvirt dev list

	https://www.redhat.com/archives/libvir-list/2014-August/msg01112.html

2014-08-26  Eric Blake  <eblake@redhat.com>

	maint: drop spurious semicolons
	I noticed a line 'int nparams = 0;;' in remote_dispatch.h, and
	tracked down where it was generated.  While at it, I found a
	couple of other double semicolons.  Additionally, I noticed that
	commit df0b57a95 left a stale reference to the file name
	remote_dispatch_bodies.h.

	* src/conf/numatune_conf.c (virDomainNumatuneNodeParseXML): Drop
	empty statement.
	* tests/virdbustest.c (testMessageStruct, testMessageSimple):
	Likewise.
	* src/rpc/gendispatch.pl (remote_dispatch_bodies.h): Likewise, and
	update stale comments.

2014-08-25  Eric Blake  <eblake@redhat.com>

	spec: drop anything older than Fedora 13
	RHEL 5 is based on libvirt 0.8.2, as was Fedora 13.  RHEL 5 also
	happens to be the oldest box that we actively support with a
	buildbot, so it is time to clean up some crufty conditionals in
	the spec file that no longer are necessary for modern Fedora.

	Although it is probably okay to make further simplifications to
	a newer minimum Fedora version, that can be done as a later patch.
	This patch just focuses on cleaning any comparison of %{?fedora}
	that will always be true or false once we assume a minimum of F13.

	* libvirt.spec.in: Make with_audit default to on. Move other
	conditionals to a single RHEL-5 block. Simplify any fedora
	comparison older than 13.  Document our assumptions.

2014-08-25  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix bootmenu timeout description

2014-08-25  Zhou Yimin  <zhouyimin@huawei.com>

	daemon: Fix option -v missing info priority log
	Introduce by 63fbcc692.

	When start libvirtd with commandline "/usr/sbin/libvirtd -d -l -v",
	we expect verbose(info level) log if neither environment variable
	nor config file about logging controls is set. But in fact we can't
	get any info priority log in the default output file.

	The log priority of default output is VIR_LOG_DEFAULT(VIR_LOG_WARN),
	so the info log is filtered out.
	To record info priority log we must parse option -v before setting the
	default output.

	After this patch, we get all verbose log in the default output file.

2014-08-25  Erik Skultety  <eskultet@redhat.com>

	iotune: setting an invalid value now reports error
	When trying to set an invalid value into iotune element, standard
	behavior was to not report any error, rather to reset all affected
	subelements of the iotune element back to 0 which results in ignoring
	those particular subelements by XML generator. Patch further
	examines the return code of the virXPathULongLong function
	and in case of an invalid non-integer value raises an error.
	Fixed to preserve consistency with invalid value checking
	of other elements.

	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1131811

2014-08-25  Martin Kletzander  <mkletzan@redhat.com>

	qemu: add support for splash-timeout
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1021703

	qemu: add capability probing for splash-timeout

	docs, conf: add support for bootmenu timeout

2014-08-25  Pavel Hrdina  <phrdina@redhat.com>

	fix mingw build
	The commit "f5b4c141" introduced new "force" parameter
	for "virFDStreamOpenFileInternal" but forget to update
	one call of that function.

2014-08-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: zfs: implement download and upload
	Add an implementation of uploadVol and downloadVol using
	virStorageBackendVolUploadLocal and virStorageBackendVolDownloadLocal
	respectively.

2014-08-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	fdstream: introduce virFDStreamOpenBlockDevice
	virStorageBackendVolDownloadLocal and virStorageBackendVolUploadLocal
	use virFDStreamOpenFile function to work with the volume fd.

	virFDStreamOpenFile calls virFDStreamOpenFileInternal that implements
	handling of the non-blocking I/O. If a file is not a character device and
	not a fifo, it uses libvirt_iohelper.

	On FreeBSD, it doesn't work as expected because disk devices (including
	ZFS volumes) are exposed as character devices, and ZFS volumes do not
	support open(2) with O_NONBLOCK.

	To overcome this, introduce a forceIOHelper flag to
	virFDStreamOpenFileInternal that forces using libvirt_iohelper. And
	introduce virFDStreamOpenBlockDevice that calls
	virFDStreamOpenFileInternal with the forceIOHelper set to true.

2014-08-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	fdstream: report error if virSetNonBlock fails
	virFDStreamOpenInternal terminates if virSetNonBlock fails. As
	virSetNonBlock uses gnulib's set_nonblocking_flag that sets errno,
	call virReportSystemError() to let user know the reason of fail.

2014-08-23  Eric Blake  <eblake@redhat.com>

	maint: fix comment typo
	* src/util/virbuffer.h: s/occured/occurred/

2014-08-22  Eric Blake  <eblake@redhat.com>

	qemu: check for active domain after agent interaction
	Commit b606bbb41 reminded me that any time we drop locks to run
	back-to-back guest interaction commands, we have to check that
	the guest didn't disappear in between the two commands.  A quick
	audit found a couple of spots that were missing this check.

	* src/qemu/qemu_driver.c (qemuDomainShutdownFlags)
	(qemuDomainSetVcpusFlags): Check that domain is still up.

2014-08-22  John Ferlan  <jferlan@redhat.com>

	xenconfig: Resolve Coverity RESOURCE_LEAK
	Since '337a13628' - Coverity complains that 'net' is VIR_ALLOC()'d, but
	on various 'cleanup' exit paths from the code there is no corresponding
	cleanup.

2014-08-22  John Ferlan  <jferlan@redhat.com>

	virnetsocket: Resolve Coverity RESOURCE_LEAK
	Since '1b807f92d' - Coverity complains that in the error paths of
	both virFork() and virProcessWait() that the 'passfd' will not be closed.
	Added the VIR_FORCE_CLOSE(passfd) and initialized it to -1.

	Also noted that variable 'buf' was never really used - so I removed it

2014-08-22  John Ferlan  <jferlan@redhat.com>

	commandtest: Resolve Coverity RESOURCE_LEAK
	Since '62f263a73' - Coverity complains if the !pidfile path is taken,
	then newfd1 would be leaked.

2014-08-22  Erik Skultety  <eskultet@redhat.com>

	numatune: setting --mode does not work well
	When trying to set numatune mode directly using virsh numatune command,
	correct error is raised, however numatune structure was not deallocated,
	thus resulting in creating an empty numatune element in the guest XML,
	if none was present before. Running the same command aftewards results
	in a successful change with broken XML structure. Patch fixes the
	deallocation problem as well as checking for invalid attribute
	combination VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO + a nonempty nodeset.

	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1129998

2014-08-22  Erik Skultety  <eskultet@redhat.com>

	qemu: min_guarantee: Parameter 'min_guarantee' not supported
	The 'min_guarantee' is used by VMware ESX and OpenVZ drivers,
	with qemu however, libvirt should report error when starting a domain,
	because this element is not used.
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1122455

2014-08-22  John Ferlan  <jferlan@redhat.com>

	formatdomain: Reformat vCPU description
	Reformat the vCPU description to use list elements rather than one long
	run-on paragraph

2014-08-22  Michal Privoznik  <mprivozn@redhat.com>

	Fix spacing around commas
	On some places in the libvirt code we have:

	  f(a,z)

	instead of

	  f(a, z)

	This trivial patch fixes couple of such occurrences.

2014-08-22  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Change config report errors code.
	Wrong error code in config errors reporting was used. Fixed it.

	Parallels: fix error with video card RAM dimension
	Libvirt measures vram in Kbytes, not in bytes, so calculation
	of Mbytes was incorrect. PCS server can take vram argument
	with units, so I added K postfix to make params a little bit clearer.

	Parallels: add virNodeGetCPUMap().
	That function caused errors in libvirtd logs when OpenStack Nova
	starts VM instance.

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	util: compare floor attribute in virNetDevBandwidthEqual
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1064770

2014-08-22  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix help info for freepages

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	build: fix mingw build with virCommandReorderFDs

	daemon: use socket activation with systemd

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	rpc: pass listen FD to the daemon being started
	This eliminates the need for active waiting.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=927369

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	util: add virCommandPassListenFDs() function
	That sets a new flag, but that flag does mean the child will get
	LISTEN_FDS and LISTEN_PID environment variables properly set and
	passed FDs reordered so that it corresponds with LISTEN_FDS (they must
	start right after STDERR_FILENO).

	tests: support dynamic prefixes in commandtest

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	cfg.mk: allow integers to be assigned a value computed with i|j|k
	Even line like this:

	int asdf = i - somevar;

	was matched by the regex, so this patch adds '=' to the list of
	characters that break the regexp.

2014-08-22  Martin Kletzander  <mkletzan@redhat.com>

	daemon: support passing FDs from the calling process
	First FD is the RW unix socket to listen on, second one (if
	applicable) is the RO unix socket.

	rpc: set listen backlog on FDs as well as on other sockets

	remote: create virNetServerServiceNewFDOrUNIX() wrapper
	It's just a wrapper around NewFD and NewUNIX that selects the right
	option and increments the number of used FDs.

	util: abstract parsing of passed FDs into virGetListenFDs()
	Since not only systemd can do this (we'll be doing it as well few
	patches later), change 'systemd' to 'caller' and fix LISTEN_FDS to
	LISTEN_PID where applicable.

2014-08-21  Peter Krempa  <pkrempa@redhat.com>

	conf: net: Correctly switch how to format address fields
	When formatting the forward mode addresses or interfaces the switch was
	done based on the type of the network rather than of the type of the
	individual <interface>/<address> element. In case a user would specify
	an incorrect network type ("passhtrough") with <address> elements,
	libvirtd would crash as it would attempt to format an <interface>.

	Use the type of the individual element to format the XML.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1132347

2014-08-21  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: man: Add LXC format info for domxml-from/to-native

2014-08-21  John Ferlan  <jferlan@redhat.com>

	Perform disk config validity checking for attach-device config
	https://bugzilla.redhat.com/show_bug.cgi?id=1078126

	Using 'virsh attach-device --config' (or --persistent) to attach a
	file backed lun device will succeed; however, subsequent domain restarts
	will result in failure because the configuration of a file backed lun
	is not supported.

	Although allowing 'illegal configurations' is something that can be
	allowed, it may not be practical in this case. Generally, when attaching
	a device to a domain means the domain must be running. A way around
	this is using the --config (or --persistent) option. When an attach
	is done to a running domain, a temporary configuration is modified
	first followed by the live update. The live update will make a number
	of disk validity checks when building the qemu command to attach the
	disk. If any fail, then change is rejected.

	Rather than allow a potentially illegal combination, adjust the code
	in the configuration path to make the same checks as the running path
	will make with respect to disk validity checks. This way we avoid
	having the potential for some subsequent start/reboot to fail because
	an illegal combination was allowed.

	NB: The live path still checks the configuration since it is possible
	to just do --live guest modification...

2014-08-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't print extra '-'s in error message for -k and -K options
	The error message contains one extra dash.

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	hvsupport: Adapt to vbox driver rewrite
	Since vbox driver rewrite the virDriver structure init moved from
	vbox_tmpl.c into vbox_common.c. However, our hvsupport.pl script
	doesn't count with that. It still parses vbox_tmp.c and looks for
	virDriver structure which is not found there anymore. As a result,
	at hvsupport page is seems like vbox driver doesn't support
	anything.

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	nodeCapsInitNUMA: Avoid @cpumap leak
	In case the host has 2 or more NUMA nodes, we fetch CPU map for each
	node. However, we need to free the CPU map in between loops:

	==29513== 96 (72 direct, 24 indirect) bytes in 3 blocks are definitely lost in loss record 951 of 1,264
	==29513==    at 0x4C2A700: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==29513==    by 0x52AD24B: virAlloc (viralloc.c:144)
	==29513==    by 0x52AF0E6: virBitmapNew (virbitmap.c:78)
	==29513==    by 0x52FB720: virNumaGetNodeCPUs (virnuma.c:294)
	==29513==    by 0x53C700B: nodeCapsInitNUMA (nodeinfo.c:1886)
	==29513==    by 0x11759708: vboxCapsInit (vbox_common.c:398)
	==29513==    by 0x11759CC4: vboxConnectOpen (vbox_common.c:514)
	==29513==    by 0x53C965F: do_open (libvirt.c:1147)
	==29513==    by 0x53C9EBC: virConnectOpen (libvirt.c:1317)
	==29513==    by 0x142905: remoteDispatchConnectOpen (remote.c:1215)
	==29513==    by 0x126ADF: remoteDispatchConnectOpenHelper (remote_dispatch.h:2346)
	==29513==    by 0x5453D21: virNetServerProgramDispatchCall (virnetserverprogram.c:437)

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	examples: test: Kill unsupported maxMemory element
	The "maxMemory" element was never supported by libvirt. Remove it from
	the test XMLs. (Found while actually trying to add support for a
	identically named element).

2014-08-20  Martin Kletzander  <mkletzan@redhat.com>

	cleanup spaces between parentheses and braces
	And add a syntax-check for '){$'.  It's not perfect, but better than
	nothing.

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Issue rtc-reset-reinjection command after guest-set-time
	https://bugzilla.redhat.com/show_bug.cgi?id=1103245

	An advice appeared there on the qemu-devel list [1]. When a domain is
	suspended and then resumed guest kernel is not aware of this. So we've
	introduced virDomainSetTime API that resets the time within guest
	using qemu-ga. On the other hand, qemu itself is trying to make RTC
	beat faster to catch the difference. But if we don't tell qemu that
	guest's time was reset via the other method, both mechanisms are
	applied resulting in again wrong guest time. In order to avoid summing
	both corrections we need to tell qemu that it should not use the RTC
	injection if the guest time is set via guest agent.

	1: http://www.mail-archive.com/qemu-devel@nongnu.org/msg236435.html

2014-08-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: forbid negative blkio values
	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

	lxc: forbid negative blkio values
	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131306

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix build error introduced in 653137eb957a278b556c6226424aad5395a
	The build failure is caused by a false positive of some static analysys
	steps done by gcc (that don't happen on -O0).

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: blkiotune: Avoid accessing non-existing disk configuration
	When a user would try changing the persistent IO tuning settings for a
	disk that was hotplugged to a vm in a transient way, the
	qemuDomainSetBlockIoTune API would use the same index for both the
	live and config disk array. The disk was missing from the config array
	though causing a crash of libvirtd.

	To fix the issue, determine the indexes separately.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1131819

2014-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Label all TAP FDs
	https://bugzilla.redhat.com/show_bug.cgi?id=1095636

	When starting up the domain the domain's NICs are allocated. As of
	1f24f682 (v1.0.6) we are able to use multiqueue feature on virtio
	NICs. It breaks network processing into multiple queues which can be
	processed in parallel by different host CPUs. The queues are, however,
	created by opening /dev/net/tun several times. Unfortunately, only the
	first FD in the row is labelled so when turning the multiqueue feature
	on in the guest, qemu will get AVC denial. Make sure we label all the
	FDs needed.

	Moreover, the default label of /dev/net/tun doesn't allow
	attaching a queue:

	    type=AVC msg=audit(1399622478.790:893): avc:  denied  { attach_queue }
	    for  pid=7585 comm="qemu-kvm"
	    scontext=system_u:system_r:svirt_t:s0:c638,c877
	    tcontext=system_u:system_r:virtd_t:s0-s0:c0.c1023
	    tclass=tun_socket

	And as suggested by SELinux maintainers, the tun FD should be labeled
	as svirt_t. Therefore, we don't need to adjust any range (as done
	previously by Guannan in ae368ebf) rather set the seclabel of the
	domain directly.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Sanitize shared device removal on media change
	Instead of tediously copying of the disk source to remove it later
	ensure that the media change function removes the old device after it
	succeeds.

	qemu: conf: Split out code to retrieve hostdev key and reuse it
	Both addition and removal of a shared hostdev share the code to generate
	the hostdev key. Split it out into a separate function and refactor
	them.

	qemu: conf: Split up qemuRemoveSharedDevice into per-device-type functions
	Removing a shared device needs special steps for disks and hostdevs.
	Instead of having one function dealing this split the code into two
	separate functions that can be used with better granularity.

	qemu: conf: Split up qemuAddSharedDevice into per-device-type functions
	Adding a shared device needs special steps for disks and hostdevs.
	Instead of having one function dealing this split the code into two
	separate functions that can be used with better granularity.

	qemu: conf: rename qemuCheckSharedDevice to qemuCheckSharedDisk
	The qemuCheckSharedDevice function is operating only on disk devices.
	Rename it and change the arguments to reflect that and refactor some
	logic for more readability.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: shared: Split out shared device list remove code
	Split it out into a separate function and simplify the code. There's no
	need to copy the entry to update it as the hash returns pointer to the
	existing item.

	Also remove the now unused qemuSharedDeviceEntryCopy function.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: shared: Split out insertion code to the shared device list
	To allow reuse split the code into a separate function and refactor it.
	To update an existing entry there's no need to copy it first, just
	update it inplace.

	qemu: hotplug: Format proper source string for cdrom media change
	Use the qemu source string formatter to format the source string
	correctly for remote and other storage instead of passing source->path
	blindly.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Change arguments for qemuDomainChangeEjectableMedia
	Pass the source of the changed media instead of a complete disk
	definition.

	Note that the @disk argument now contains what @olddisk would contain.
	The new source is passed as a virStorageSource struct.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Add helper to initialize/teardown new disks for VMs
	When we are changing media (or doing other hotplug operations) we need
	to setup cgroups, locking and seclabels on the new disk. This is a
	multi-step process where every piece can fail. To simplify dealing with
	this introduce qemuDomainPrepareDisk that similarly to
	qemuDomainPrepareDiskChainElement initializes/tears down  a whole new
	disk to be used with the domain.

	Additionally the function supports passing a different source struct for
	media changes of cdroms that will be refactored later.

2014-08-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: hotplug: Untangle cleanup paths in qemuDomainChangeEjectableMedia
	Avoid the "audit" label to simplify control flow.

	conf: Pass virStorageSource into virDomainDiskSourceIsBlockType
	All checks are based on the storage source, thus there's no need to pass
	the complete disk def.

	qemu: Explicitly state that hotplugging cdroms and floppies doesn't work

2014-08-19  Giuseppe Scrivano  <gscrivan@redhat.com>

	conf: fix comment

	qemu_command: fix block indentation

	conf, virDomainFSDefPtr: rename "path" argument to "target"

2014-08-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add volumes support
	Update bhyveBuildDiskArgStr to support volumes:

	 - Make virBhyveProcessBuildBhyveCmd and
	   virBhyveProcessBuildLoadCmd take virConnectPtr as the
	   first argument instead of bhyveConnPtr as virConnectPtr is
	   needed for virStorageTranslateDiskSourcePool,
	 - Add virStorageTranslateDiskSourcePool call to
	   virBhyveProcessBuildBhyveCmd and
	   virBhyveProcessBuildLoadCmd,
	 - Allow disks of type VIR_STORAGE_TYPE_VOLUME

2014-08-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: make disk source pool translation generic
	Currently, qemu driver uses qemuTranslateDiskSourcePool()
	to translate disk volume information. This function is
	general enough and could be used for other drivers as well,
	so move it to conf/domain_conf.c along with its helpers.

	 - qemuTranslateDiskSourcePool: move to storage/storage_driver.c
	   and rename to virStorageTranslateDiskSourcePool,
	 - qemuAddISCSIPoolSourceHost: move to storage/storage_driver.c
	   and rename to virStorageAddISCSIPoolSourceHost,
	 - qemuTranslateDiskSourcePoolAuth: move to storage/storage_driver.c
	   and rename to virStorageTranslateDiskSourcePoolAuth,
	 - Update users of qemuTranslateDiskSourcePool to use a
	   new name.

2014-08-19  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix comment for net-undefine
	net-undefine doesn't only undefine an inactive network,
	but also an active network(persistent), it just cannot
	undefine a transient network.

2014-08-19  Peter Krempa  <pkrempa@redhat.com>

	driver: Move virDrvNetworkGetDHCPLeases to the appropriate section
	The prototype was along with domain API prototypes instead of network
	API ones.

2014-08-19  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	man: virsh: add missing auto-converge option for 'migrate'
	  * tools/virsh.pod (migrate): Add --auto-converge flag

2014-08-19  Martin Kletzander  <mkletzan@redhat.com>

	qemu: allow device block I/O tuning in session mode
	In commit 45ad1adb I added a nicer message for tunings that need
	cgroups when unavailable (unprivileged), but I added this check for
	I/O tuning of block devices, which doesn't need cgroups, because it is
	done by QEMU, so let's fix that.

2014-08-19  Jianwei Hu  <jiahu@redhat.com>

	docs: nwfilter: add missing dscp attribute
	Added attribute dscp to below supported protocols table in nwfilter docs.
	IPV4 (ip)
	TCP/UDP/SCTP (tcp/udp/sctp)
	ICMP (icmp)
	IGMP,ESP,AH,UDPLITE,'ALL' (igmp,esp,ah,udplite,all)
	TCP/UDP/SCTP over IPV6 (tcp-ipv6,udp-ipv6,sctp-ipv6)
	ICMPV6 (icmpv6)
	IGMP,ESP,AH,UDPLITE,'ALL' over IPv6 (igmp-ipv6,esp-ipv6,ah-ipv6,udplite-ipv6,all-ipv6)

	Here is a simple example:
	[root@localhost ~]# virsh nwfilter-dumpxml myself
	<filter name='myself' chain='root'>
	  <uuid>7192ef51-cd50-4f14-ad7b-fa5c69ea19e3</uuid>
	  <rule action='accept' direction='in' priority='500'>
	    <ip dscp='1'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <tcp dscp='1'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <tcp-ipv6 dscp='2'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <icmp dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <icmpv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udp dscp='3'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udp-ipv6 dscp='4'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udplite dscp='5'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <udplite-ipv6 dscp='6'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <esp dscp='7'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <esp-ipv6 dscp='8'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <ah dscp='9'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <ah-ipv6 dscp='10'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <sctp dscp='11'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <sctp-ipv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <igmp dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <all-ipv6 dscp='55'/>
	  </rule>
	  <rule action='accept' direction='in' priority='500'>
	    <all dscp='55'/>
	  </rule>
	</filter>

2014-08-19  Chunyan Liu  <cyliu@suse.com>

	cmdMigrate: move vshConnect before vshWatchJob
	A possible fix to issue:
	http://www.redhat.com/archives/libvir-list/2014-August/thread.html#00227

	While doing migration on KVM host, found problem sometimes:
	VM is already running on the target host and disappears from source
	host, but 'virsh migrate' command line hangs, cannot exit normally.
	If pressing "ENTER" key, it will exit.

	The code hangs at tools/virsh-domain.c: cmdMigrate
	->vshWatchJob->poll():
	poll() is trying to select pipe_fd, which is used to receive message
	from doMigrate thread. In debugging, found that doMigrate finishes
	and at the end it does call safewrite() to write the retval ('0' or
	'1') to pipe_fd, and the write is completed. But cmdMigrate poll()
	cannot get the event. If pressing "ENTER" key, poll() can get the
	event and select pipe_fd, then command line can exit.

	In current code, authentication thread which is called by vshConnect
	will use stdin, and at the same time, in cmdMigrate main process,
	poll() is listening to stdin, that probably affect poll() to get
	pipe_fd event. Better to move authentication before vshWatchJob. With
	this change, above problem does not exist.

2014-08-19  Jim Fehlig  <jfehlig@suse.com>

	src/xenconfig: move common parsing/formatting to xen_common
	XM and XL config are very similar.  Disks are specified differently
	in XL, but the old XM disk config is still supported by XL.  XL also
	supports new config like spice that was never supported by XM.

	This patch moves all the common parsing and formatting functions to
	the new file xen_common.c and adapts the XM parser/formatter accordingly.
	This restructuring paves way for introducing an XL parser/formatter in
	the future.

	While moving the code, fixup whitespace, comments, and style issues.

2014-08-19  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenconfig: wrap common formatting code
	Wrap formatting code common to xm and xl in xenFormatConfigCommon
	and export it.

	src/xenconfig: wrap common parsing code
	Wrap parsing code common to xm and xl in xenParseConfigCommon
	and export it.

2014-08-19  Jim Fehlig  <jfehlig@suse.com>

	xen: rename xenxs to xenconfig
	src/xenxs contains parsing/formating functions for the various xen
	config formats, and is better named src/xenconfig.

2014-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Pin on per-vcpu basis instead of per-vcpupin element
	Pin existing vcpus rather than existing vcpu pinning infos. This
	increases the complexity of the lookup, but avoids pinning cpus that are
	not enabled actually.

2014-08-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: cpu: unplug: Remove vcpu pinning on cold cpu unplug
	Remove the pinning info when removing to CPU, otherwise when the VM will
	be started our code will try to pin non-existing vcpus as the definition
	wasn't updated.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129372

2014-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainVcpuPinDefParseXML
	Tidy up control flow, change boolean argument to use 'bool', improve
	error message in case the function is used to parse emulator pinning
	info and avoid a few temp variables that made no sense.

	Also when the function is called to parse emulator pinning info, there's
	no need to check the processor ID in that case.

2014-08-18  Peter Krempa  <pkrempa@redhat.com>

	conf: cpupin: Remove useless checking of vcpupin element count
	The check doesn't make much sense as right below it the entries are
	either checked for duplicity or ignored in some cases. Having this check
	doesn't actually forbid passing invalid values.

	qemu: process: Remove unnecessary argument and rename function
	We set just one affinity of the emulator and the virConnectPtr isn't
	needed for that function.

	virsh: man: Crosslink "desc" and "metadata" sections
	Those two commands work with a single API so cross-link them.

2014-08-18  Li Yang  <liyang.fnst@cn.fujitsu.com>

	man: virsh: Add 'vcpu_period' and 'vcpu_quota' support info for LXC

2014-08-18  Erik Skultety  <eskultet@redhat.com>

	qemu: Redundant listen address entry in quest xml
	When editing guest's XML (on QEMU), it was possible to add multiple
	listen elements into graphics parent element. However QEMU does not
	support listening on multiple addresses. Configuration is tested for
	multiple 'listen address' and if positive, an error is raised.

	https://bugzilla.redhat.com/show_bug.cgi?id=1119212

2014-08-18  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Fix driver registration ordering
	There are some stateless drivers which implement subdrivers
	(typically vbox and its own network and storage subdrivers). However,
	as of ba5f3c7c8ecc10 the vbox driver lives in the daemon, not the
	client library. This means, in order for vbox (or any stateless domain
	driver) to use its subdrivers, it must register before the general
	drivers. Later, when the virConnectOpen function goes through the
	subdrivers, stateless drivers are searched first. If the connection
	request is aiming at stateless driver, it will be opened. Otherwise
	the generic subdriver is opened.

	The other change done in this commit is moving interface module load a
	bit earlier to match the ordering in case libvirt is built without
	driver modules.

	Reported-by: Taowei Luo <uaedante@gmail.com>

2014-08-15  Peter Krempa  <pkrempa@redhat.com>

	man: virsh: Add man page for "virsh metadata"
	Patch adding the command forgot to add the man page entry.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1130379

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Introducing vboxCommonDriver
	After this patch, we will have only one common domain driver.
	So, the rewritten on domain driver is finished in this patch.

	vbox: Add registerDomainEvent

	vbox: Rewrite vboxNode functions
	Four functions are rewrite in this patch, that is:
	vboxNodeGetInfo
	vboxNodeGetCellsFreeMemory
	vboxNodeGetFreeMemory
	vboxNodeGetFreePages
	Since these functions has nothing to do with vbox,
	it can be directly moved to vbox_common.c. So, I
	merged these things into one patch.

	vbox: Rewrite vboxConnectListAllDomains

	vbox: Rewrite vboxDomainScreenshot

	vbox: Rewrite vboxDomainSnapshotDelete

	vbox: Rewrite vboxDomainRevertToSnapshot

	vbox: Rewrite vboxDomainSnapshotHasMetadata

	vbox: Rewrite vboxDomainSnapshotIsCurrent

	vbox: Rewrite vboxDomainSnapshotCurrent

	vbox: Rewrite vboxDomainSnapshotGetParent

	vbox: Rewrite vboxDomainHasCurrentSnapshot

	vbox: Rewrite vboxSnapshotLookupByName

	vbox: Rewrite vboxDomainSnapshotListNames

	vbox: Rewrite vboxDomainSnapshotNum

	vbox: Rewrite vboxDomainSnapshotGetXMLDesc

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Rewrite vboxDomainSnapshotCreateXML
	The vboxDomainSnapshotCreateXML integrated the snapshot redefine
	with this patch:
	http://www.redhat.com/archives/libvir-list/2014-May/msg00589.html
	This patch introduced vboxSnapshotRedefine in vboxUniformedAPI to
	enable the features.

	This patch replace all version specified APIs to the uniformed api,
	then, moving the whole implementation to vbox_common.c. As there
	is only API level changes, the behavior of the function doesn't
	change.

	Some old version's defects has brought to the new one. The already
	known things are:
	    *goto cleanup in a loop without releasing the pointers in the
	    loop.
	    *When function failed after machine unregister, no roll back
	    to recovery it and the virtual machine would disappear.

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Add API for vboxDomainSnapshotCreateXML

	vbox: Rewrite vboxDomainDetachDeviceFlags

	vbox: Rewrite vboxDomainDetachDevice

	vbox: Rewrite vboxDomainUpdateDeviceFlags
	Since vboxDomainAttachDeviceImple not used in vbox_tmpl.c, it has
	been deleted.

	vbox: Rewrite vboxDomainAttachDeviceFlags

	vbox: Rewrite vboxDomainAttachDevice

	vbox: Rewrite vboxDomainUndefine

	vbox: Rewrite vboxConnectNumOfDefinedDomains

	vbox: Rewrite vboxConnectListDefinedDomains

	vbox: Rewrite vboxDomainGetXMLDesc

	vbox: Add API for vboxDomainGetXMLDesc

	vbox: Rewrite vboxDomainGetMaxVcpus

	vbox: Rewrite vboxDomainGetVcpusFlags

	vbox: Rewrite vboxDomainSetVcpus

	vbox: Rewrite vboxDomainSetVcpusFlags

	vbox: Rewrite vboxDomainGetState

	vbox: Rewrite vboxDomainGetInfo

	vbox: Rewrite vboxDomainSetMemory

	vbox: Rewrite vboxDomainGetOSType

	vbox: Rewrite vboxDomainDestroy

	vbox: Rewrite vboxDomainDestroyFlags

	vbox: Rewrite vboxDomainReboot

	vbox: Rewrite vboxDomainShutdown

	vbox: Rewrite vboxDomainShutdownFlags

	vbox: Rewrite vboxDomainResume

	vbox: Rewrite vboxDomainSuspend

	vbox: Rewrite vboxDomainIsUpdated

	vbox: Rewrite vboxDomainIsPersistent

	vbox: Rewrite vboxDomainIsActive

	vbox: Rewrite vboxDomainLookupByName

	vbox: Rewrite vboxDomainCreateXML

	vbox: Rewrite vboxDomainCreate

	vbox: Rewrite vboxDomainCreateWithFlags

	vbox: Rewrite vboxDomainDefineXML

	vbox: Rewrite vboxDomainUndefineFlags

	vbox: Rewrite vboxDomainLookupByUUID

	vbox: Rewrite vboxDomainLookupById

	vbox: Rewrite vboxConnectNumOfDomains

	vbox: Rewrite vboxConnectListDomains

	vbox: Rewrite vboxConnectGetCapabilities

	vbox: Rewrite vboxConnectGetMaxVcpus

	vbox: Rewrite vboxConnectIsAlive

	vbox: Rewrite vboxConnectIsEncrypted

	vbox: Rewrite vboxConnectIsSecure

	vbox: Rewrite vboxConnectGetHostname

	vbox: Rewrite vboxConnectGetVersion

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Rewrite vboxDomainSave
	All vbox objects are child objects from the nsISupports in vbox's
	C++ API version. Since the CAPI is generated from the C++ API, I
	kept their relationship here, by the definitations below:

	typedef struct nsISupports nsISupports;
	typedef nsISupports IVirtualBox;
	typedef nsISupports ISession;
	and so on...

	So, when calling the API from nsISupports, we don't need to do
	typecasting, and things work still work well.

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Rewrite vboxConnectClose

2014-08-15  Taowei  <uaedante@gmail.com>

	vbox: Begin to rewrite, vboxConnectOpen
	Introduce vbox_uniformed_api to deal with version conflicts. Use
	vbox_install_api to register the currect vboxUniformedAPI with
	vbox version.

	vboxConnectOpen has been rewritten.

2014-08-15  Laine Stump  <laine@laine.org>

	network: fix crash when starting a network with no <pf> element
	Martin Kletzander pointed out in email that my commit 2a193f64
	introduced a crash in networkCreateInterfacePool() during startup of
	any network that doesn't have a <pf> subelement of its <forward>
	element. He also supplied a patch.

	 http://www.redhat.com/archives/libvir-list/2014-August/msg00655.html

	I expanded on that patch by cleaning up now-extraneous checks in the
	callers of networkCreateInterfacePool().

	Fortunately the offending patch hasn't been in any release, and hasn't
	been (to my knowledge) backported to any other branch.

2014-08-14  Jim Fehlig  <jfehlig@suse.com>

	src/xenxs: Refactor code formating vif device config
	Handle formating of VIF config in a new function xenFormatXMVif().

2014-08-14  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenxs: Refactor code formating peripheral device config
	introduce functions
	  xenFormatXMSound
	  xenFormatXMInputDevs(virConfPtr conf,....);
	which formats peripheral device config instead

	src/xenxs: Refactor code formating Vfb config
	introduce function
	   xenFormatXMVfb(virConfPtr conf,.........);
	which formats Vfb config instead

	src/xenxs: Refactor code formating OS config
	introduce functions
	   xenFormatXMEmulator(virConfPtr conf,........);
	   xenFormatXMCDROM(virConfPtr conf, .......);
	   xenFormatXMOS(virConfPtr conf,........);
	which formats OS and associated config instead

	src/xenxs: Refactor code formating CPU config
	introduce functions
	  xenFormatXMCPUAllocation(virConfPtr conf, ......);
	  xenFormatXMCPUFeatures(virConfPtr conf, ......);
	which formats CPU allocation and features config

	src/xenxs: Refactor code formating xm disk config
	introduce function
	  xenFormatXMDisks(virConfPtr conf,.........);
	which formats domain disks config instead

	src/xenxs: Refactor code formating Char devices config
	introduce function
	   xenFormatXMCharDev(virConfPtr conf,........);
	which formats Char devices config instead

	src/xenxs: Refactor code formating event actions config
	introduce function
	   xenFormatXMEventActions(virConfPtr conf,.........);
	which formats event actions instead

	src/xenxs: Refactor code formating virtual time config
	introduce function
	  xenFormatXMTimeOffset(virConfPtr conf,........);
	which formats time config instead

	src/xenxs: Refactor code formating memory config
	introduce function
	   xenFormatXMMem(virConfPtr conf,...........);
	which parses memory config instead

	src/xenxs: Refactor code formating general VM config
	introduce function
	  xenFormatXMGeneralMeta(virConfPtr conf,......);
	which parses uuid and name instead

2014-08-14  Pavel Hrdina  <phrdina@redhat.com>

	qemu_process: fix memleak found by coverity

2014-08-14  Jianwei Hu  <jiahu@redhat.com>

	Maximum vlanid should be 4095 in interface.rng
	The correct vlanid range is 0~4095.

	After merging this patch, we can not validate a interface xml with vlanid >= 4096.
	[root@localhost ~]# cat vlan.xml
	<interface type='vlan' name='eno1.4096'>
	   <start mode='onboot'/>
	   <protocol family='ipv4'>
	    <dhcp/>
	   </protocol>
	   <vlan tag='4096'>
	     <interface name='eno1'/>
	   </vlan>
	</interface>
	[root@localhost ~]# virt-xml-validate vlan.xml
	vlan.xml:1: element interface: Relax-NG validity error : Invalid sequence in interleave
	vlan.xml:6: element vlan: Relax-NG validity error : Element interface failed to validate content
	vlan.xml:6: element vlan: Relax-NG validity error : Element vlan failed to validate attributes
	vlan.xml fails to validate
	[root@localhost ~]#

	Here is a ip command help on this.
	[root@localhost /]# ip link add link eno1 name eno1.90 type vlan help
	Usage: ... vlan [ protocol VLANPROTO ] id VLANID                [ FLAG-LIST ]
	                [ ingress-qos-map QOS-MAP ] [ egress-qos-map QOS-MAP ]

	VLANPROTO: [ 802.1Q / 802.1ad ]
	VLANID := 0-4095
	FLAG-LIST := [ FLAG-LIST ] FLAG
	FLAG := [ reorder_hdr { on | off } ] [ gvrp { on | off } ] [ mvrp { on | off } ]
	        [ loose_binding { on | off } ]
	QOS-MAP := [ QOS-MAP ] QOS-MAPPING
	QOS-MAPPING := FROM:TO

2014-08-14  Richard Weinberger  <richard@nod.at>

	LXC: Fix virLXCControllerSetupDevPTS() wrt user namespaces
	The gid value passed to devpts has to be translated by hand as
	virLXCControllerSetupDevPTS() is called before setting up the user
	and group mappings.
	Otherwise devpts will use an unmapped gid and openpty()
	will fail within containers.
	Linux kernel commit 23adbe12
	("fs,userns: Change inode_capable to capable_wrt_inode_uidgid")
	uncovered that issue.

2014-08-14  Jianwei Hu  <jiahu@redhat.com>

	docs: fix missing forward slash
	   Should like below:
	    <interface type='server'>
	      <mac address='52:54:00:22:c9:42'/>
	      <source address='192.168.0.1' port='5558'/>
	    </interface>
	    ...
	    <interface type='client'>
	      <mac address='52:54:00:8b:c9:51'/>
	      <source address='192.168.0.1' port='5558'/>
	    </interface>

2014-08-14  Sam Bobroff  <sam.bobroff@au1.ibm.com>

	qemu: Tidy up job handling during live migration
	During a QEMU live migration several warning messages about job
	handling could be written to syslog on the destination host:

	"entering monitor without asking for a nested job is dangerous"

	The messages are written because the job handling during migration
	uses hard coded asyncJob values in several places that are incorrect.

	This patch passes the required asyncJob value around and prevents
	the warnings as well as any issues that the warnings may be referring
	to.

	https://bugzilla.redhat.com/show_bug.cgi?id=1130089

2014-08-14  Jincheng Miao  <jmiao@redhat.com>

	build: force configure failed when perl is missing
	Perl is necessary to our build processing, it will invoke a lot of
	generating script, like: gendispatch.pl. If perl is missing, it's
	ok for build from git checkout, because autogen.sh will tell you.
	But for compiling from a release tarball, configure will just record
	a missing message, and continue, then build failed, like:
	https://www.redhat.com/archives/libvirt-users/2014-August/msg00050.html

	So need to enhance configure script to handle this negative case.

	Reported-by: Hongbin Lu <hongbin@savinetwork.ca>

2014-08-14  Mo yuxiang  <moyuxiang@huawei.com>

	conf: fix parsing 'cmd_per_lun' and 'max_sectors'
	commit d9504941 introduces two new attributes "cmd_per_lun" and
	"max_sectors" same with the names QEMU uses for virtio-scsi.
	But the case of parsing them is not exact. Change to parse
	them if controller has "driver" element.

2014-08-13  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: resolve issues in lxcDomainSetMaxMemory
	This patch changes the setmaxmem function to support the '--live',
	'--config', and '--current' flags by revectoring the code through
	the setmem function using the VIR_DOMAIN_MEM_MAXIMUM flag. The
	setmem code is refactored to handle both cases depending on the flag.

	The changed maxmem code for the MEM_MAXIMUM path will not allow
	modification to the memory values of an active guest unless the --config
	switch is used.

2014-08-13  Peter Krempa  <pkrempa@redhat.com>

	daemon: Limit default log level to journald to VIR_LOG_INFO
	Libvirt is really chatty when the DEBUG log level is enabled. When a
	host uses journald we'd enable debug logging to journald when only
	specifying the debug log level. As journald may employ rate throttling
	this would lock up the daemon until it's able to flush all debug
	messages.

	This patch changes the default log level to VIR_LOG_INFO when using the
	default (unconfigured) log output to journald.

	To still allow debug logging to journald the user now has to explicitly
	specify journald as a log output with priority 1 in the "log_outputs"
	configuration option. This patch also changes the config file template
	to be explicit about this change and notify the user about the possible
	consequence of debug logging into journald.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1121955

2014-08-13  Peter Krempa  <pkrempa@redhat.com>

	libvirtd: conf: Mention support for logging into journald
	Our docs didn't mention the explicit option to log into journald.

2014-08-12  Eric Blake  <eblake@redhat.com>

	maint: improve syntax check for space around =
	Laine Stump noted on IRC that syntax check wasn't flagging his
	typo of 'i= 0'.  This fixes it.

	* build-aux/bracket-spacing.pl: Tighten 'space around =' rule.
	* src/storage/storage_backend.c
	(virStorageBackendCreateExecCommand): Fix offenders.
	* src/util/virnuma.c (virNumaGetDistances): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDeleteMetadataOnly)
	(vboxNetworkGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainLookupByName):
	Likewise.

2014-08-12  Dmitry Guryanov  <dguryanov@parallels.com>

	bhyve: fix error message in bhyveStateInitialize
	If we failed to create BHYVE_STATE_DIR, we should show this
	path, not BHYVE_LOG_DIR.

2014-08-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Undefine the correct symbol
	At the beginning of the qemu config file parsing function there
	are 3 helper macros defined: GET_VALUE_BOOL, GET_VALUE_LONG and
	GET_VALUE_STR. Later, when they are no longer needed they are
	undefined in order to keep the namespace clean. However, the
	GET_VALUE_STRING is undefined instead of GET_VALUE_STR.

2014-08-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: ZFS support
	Implement ZFS storage backend driver. Currently supported
	only on FreeBSD because of ZFS limitations on Linux.

	Features supported:

	 - pool-start, pool-stop
	 - pool-info
	 - vol-list
	 - vol-create / vol-delete

	Pool definition looks like that:

	 <pool type='zfs'>
	  <name>myzfspool</name>
	  <source>
	    <name>actualpoolname</name>
	  </source>
	 </pool>

	The 'actualpoolname' value is a name of the pool on the system,
	such as shown by 'zpool list' command. Target makes no sense
	here because volumes path is always /dev/zvol/$poolname/$volname.

	User has to create a pool on his own, this driver doesn't
	support pool creation currently.

	A volume could be used with Qemu by adding an entry like this:

	    <disk type='volume' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source pool='myzfspool' volume='vol5'/>
	      <target dev='hdc' bus='ide'/>
	    </disk>

2014-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: migration: Check domain live state after exitting the monitor
	In qemuMigrationToFile we enter the monitor multiple times and don't
	check if the VM is still alive after returning form the monitor. Add the
	checks to skip pieces of code in case the VM crashes while saving it's
	state.

2014-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: managedsave: Check that VM is alive after entering async job
	Saving a shutoff VM doesn't make sense and libvirtd crashes while
	attempting to do that. Check that the domain is alive after entering
	the save async job.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1129207

2014-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Fix header format of qemuProcessSetVcpuAffinities
	Fix header alignment and remove the unused conn parameter.

2014-08-12  Erik Skultety  <eskultet@redhat.com>

	numatune: Fix parsing of empty nodeset (0,^0)
	Resolves https://bugzilla.redhat.com/show_bug.cgi?id=1121837

2014-08-12  Michal Privoznik  <mprivozn@redhat.com>

	conf: Format interface's driver more frequently
	https://bugzilla.redhat.com/show_bug.cgi?id=1128751

	There's this <driver/> element under <interface/> which can have
	several attributes. However, the driver element is currently formated
	only if the driver's name or txmode has been specified. This makes
	only a little sense as we parse even partial <driver/>, for instance:

	    <interface type='user'>
	      <mac address='52:54:00:e5:48:58'/>
	      <model type='virtio'/>
	      <driver ioeventfd='on' event_idx='on' queues='5'/>
	    </interface>

	But such XML would never get formatted back.

2014-08-11  Eric Blake  <eblake@redhat.com>

	docs: use correct hints per bus type in <disk> examples
	Commit 4cf53158 tried to set up unique labels per disk in the
	example, but ended up choosing strings that don't correspond
	to the usual choice of bus types.  Tweak the strings once again.

	* docs/formatdomain.html.in: Use preferred names.

2014-08-11  Laine Stump  <laine@laine.org>

	network: populate interface pool immediately when network is started
	When a network is defined with "<pf dev='xyz'/>", libvirt will query
	sysfs to learn the list of all virtual functions (VF) associated with
	that Physical Function (PF) then populate the network's interface pool
	accordingly. This action was previously done only when the first guest
	actually requested an interface from the network. This patch changes
	it to populate the pool immediately when the network is started. This
	way any problems with the PF or its VFs will become apparent sooner.

	Note that we can't remove the old calls to networkCreateInterfacePool
	that happen whenever a guest requests an interface - doing so would be
	asking for failures on hosts that had libvirt upgraded with a network
	that had been started but not yet used.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047818

2014-08-11  Laine Stump  <laine@laine.org>

	network: make networkCreateInterfacePool more robust
	networkCreateInterfacePool was a bit loose in its error cleanup, which
	could result in a network definition with interfaces in the pool that
	were NULL. This would in turn lead to a libvirtd crash when a guest
	tried to attach an interface using the network with that pool.

	In particular this would happen when creating a pool to be used for
	macvtap connections. macvtap needs the netdev name of the virtual
	function in order to use it, and each VF only has a netdev name if it
	is currently bound to a network driver. If one of the VFs of a PF
	happened to be bound to the pci-stub or vfio-pci driver (indicating
	it's already in use for PCI passthrough), or no driver at all, it
	would have no name. In this case networkCreateInterfacePool would
	return an error, but would leave the netdef->forward.nifs set to the
	total number of VFs in the PF. The interface attach that triggered
	calling of networkCreateInterfacePool (it uses a "lazy fill" strategy)
	would simply fail, but the very next attempt to attach an interface
	using the same network pool would result in a crash.

	This patch refactors networkCreateInterfacePool to bring it more in
	line with current coding practices (label name, use of a switch with
	no default case) as well as providing the following two changes to
	behavior:

	1) If a VF with no netdev name is encountered, just log a warning and
	continue; only fail if exactly 0 devices are found to put in the pool.

	2) If the function fails, clean up any partial interface pool and set
	netdef->forward.nifs to 0.

	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1111455

2014-08-11  Guido Günther  <agx@sigxcpu.org>

	Make 'uri' command a bit more prominent.
	This tries to address

	    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688778

	were libvirt autodetected vbox:///session and it wasn't listed in the
	manpage.

2014-08-11  Guido Günther  <agx@sigxcpu.org>

	Don't fail qemu driver intialization if we can't determine hugepage size
	Otherwise we fail like

	  libvirt version: 1.2.7, package: 6 (root 2014-08-08-16:09:22 bogon)
	  virAuditOpen:62 : Unable to initialize audit layer: Protocol not supported
	  virFileGetDefaultHugepageSize:2958 : internal error: Unable to parse /proc/meminfo
	  virStateInitialize:749 : Initialization of QEMU state driver failed: internal error: Unable to parse /proc/meminfo
	  daemonRunStateInit:922 : Driver state initialization failed

	if the data can't be determined.

	Reference: http://bugs.debian.org/757609

2014-08-11  Guido Günther  <agx@sigxcpu.org>

	Include param.h in case of HAVE_BSD_CPU_AFFINITY
	This fixes compilation on kFreeBSD which otherwise fails like

	  CC       util/libvirt_util_la-virprocess.lo
	In file included from /usr/include/sys/cpuset.h:35:0,
	                 from util/virprocess.c:43:
	/usr/include/sys/_cpuset.h:49:43: error: 'NBBY' undeclared here (not in
	a function)
	  long __bits[howmany(CPU_SETSIZE, _NCPUBITS)];
	                                           ^
	In file included from util/virprocess.c:43:0:
	/usr/include/sys/cpuset.h:215:12: error: unknown type name 'cpusetid_t'
	 int cpuset(cpusetid_t *);
	            ^
	/usr/include/sys/cpuset.h:216:30: error: expected ')' before 'id_t'
	 int cpuset_setid(cpuwhich_t, id_t, cpusetid_t);
	                              ^
	/usr/include/sys/cpuset.h:217:42: error: expected ')' before 'id_t'
	 int cpuset_getid(cpulevel_t, cpuwhich_t, id_t, cpusetid_t *);
	                                          ^
	/usr/include/sys/cpuset.h:218:48: error: expected ')' before 'id_t'
	 int cpuset_getaffinity(cpulevel_t, cpuwhich_t, id_t, size_t, cpuset_t
	*);
	                                                ^
	/usr/include/sys/cpuset.h:219:48: error: expected ')' before 'id_t'
	 int cpuset_setaffinity(cpulevel_t, cpuwhich_t, id_t, size_t, const
	cpuset_t *);

	And it's the correct usage as documented in

	  http://www.freebsd.org/cgi/man.cgi?query=cpuset_setid

	Also change the #ifdef HAVE_BSH_CPU_AFFINITY to #if for consistency.

2014-08-11  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: use guest-fsfreeze-freeze-list command if mountpoints to freeze specified
	A command to freeze a part of mounted file systems is implemented in
	upstream QEMU-guest-agent with a name of 'guest-fsfreeze-freeze-list'.
	This fixes the name of the command used to partial fsfreeze in qemu driver
	when 'mountpoints' option is specified to virDomainFSFreeze API.

2014-08-11  Jianwei Hu  <jiahu@redhat.com>

	qemu: Actually clear bandwidth settings
	The virDomainSetInterfaceParameters implementation in qemu over
	VIR_DOMAIN_AFFECT_CONFIG doesn't work as expected. When trying to
	clear out the bandwidth settings for an interface, it has no
	actual effect:

	    virsh # domiftune --config $domain $interface
	    inbound.average: 100
	    inbound.peak   : 0
	    inbound.burst  : 0
	    outbound.average: 10
	    outbound.peak  : 0
	    outbound.burst : 0

	    virsh domiftune --config $domain $interface 0 0

	    virsh # domiftune --config $domain $interface
	    inbound.average: 100
	    inbound.peak   : 0
	    inbound.burst  : 0
	    outbound.average: 10
	    outbound.peak  : 0
	    outbound.burst : 0

	But according to virsh man page:

	    To clear inbound or outbound settings, use --inbound or
	    --outbound respectfully with average value of zero.

2014-08-08  Kiarie Kahurani  <davidkiarie4@gmail.com>

	src/xenxs: Refactor code parsing OS config
	introduce function
	  xenParseXMOS(virConfPtr conf,...........);
	which parses the OS config instead

	src/xenxs: Refactor code parsing general config
	introduce function
	   xenParseXMGeneralMeta(virConfPtr conf, .......);
	which parses general metadata instead

	src/xenxs: Refactor code parsing emulated hardware config
	introduce function
	   xenParseXMEmulatedHardware(virConfPtr conf,.........);
	which parses emulated devices config instead

	src/xenxs: Refactor code parsing Vif config
	introduce function
	  xenParseXMVif(virConfPtr conf,........);
	which parses Vfb config instead

	src/xenxs: Refactor code parsing Char devices config
	introduce function
	  xenParseXMCharDev(virConfPtr conf,.........);
	which parses Char devices config instead

	src/xenxs: Refactor code parsing Vfb config
	introduce function
	 xenParseXMVfb(virConfPtr conf,..........);
	which parses Vfb config instead

	src/xenxs: Refactor code parsing xm disk config
	introduce function
	  xenParseXMDisk(virConfPtr conf, ........);
	which parses xm disk config instead

	src/xenxs: Refactor code parsing CPU features
	introduce function
	  xenParseXMCPUFeatures(virConfPtr conf,.........);
	which parses CPU features instead

	src/xenxs: Refactor code parsing PCI config
	introduce function
	   xenParseXMPCI(virConfPtr conf, ........);
	which parses PCI config instead

	src/xenxs: Refactor code parsing event actions
	introduce function
	  xenParseXMEventActions(virConfPtr conf,........)
	which parses events leading to certain actions

	src/xenxs: Refactor code parsing virtual time config
	introduce function
	    xenParseXMTimeOffset(virConfPtr conf,.......);
	which parses time offset config instead

	src/xenxs: Refactor code parsing memory config
	introduce function
	  xenParseXMMem(virConfPtr conf,.........);
	which parses memory config instead

2014-08-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Add USB sound card support and implement it for qemu

2014-08-07  John Ferlan  <jferlan@redhat.com>

	qemu: Remove extraneous space in function prototypes
	During review of the iSCSI hostdev series, eblake noted that the
	prototypes shouldn't have the extranenous space between the "*" and
	the function name:

	http://www.redhat.com/archives/libvir-list/2014-July/msg01227.html

	Since it was more invasive than 1 or 2 lines - I said I'd send a
	patch covering this once committed.

2014-08-07  John Ferlan  <jferlan@redhat.com>

	hostdev: Add iSCSI hostdev XML
	Introduce a new structure to handle an iSCSI host device based on the
	existing virDomainHostdevSubsysSCSI by adding a "protocol='iscsi'" to
	the <source/> element. The existing scsi_host subsystem RNG was modified
	to read an optional "protocol='adapter'", although it won't be written
	out nor is it documented as an option (by choice).

	The new hostdev structure mimics the existing <disk/> element for an
	iSCSI device (network) device. New XML is:

	  <hostdev mode='subsystem' type='scsi' managed='yes'>
	    <source protocol='iscsi' name='iqn.1992-01.com.example'>
	      <host name='example.org' port='3260'/>
	      <auth username='myname'>
	        <secret type='iscsi' usage='mycluster_myname'/>
	      </auth>
	    </source>
	    <address type='drive' controller='0' bus='0' target='2' unit='5'/>
	  </hostdev>

	The controller element will mimic the existing scsi_host code insomuch
	as when 'lsi' and 'virtio-scsi' are used.

2014-08-07  John Ferlan  <jferlan@redhat.com>

	domain_conf: Common routine to handle network storage host xml def
	In preparation for hostdev support for iSCSI and a virStorageNetHostDefPtr,
	split out the network disk storage parsing of the 'host' element into a
	separate routine.

2014-08-07  Eric Blake  <eblake@redhat.com>

	blockjob: fix use-after-free in blockcopy
	Commit febf84c2 tried to delay in-memory modification of the actual
	domain disk structure until after the qemu event was received.
	However, I missed that the code for block pivot had been temporarily
	setting disk->src = disk->mirror prior to the qemu command, in order
	to label the backing chain of a reused external blockcopy disk;
	and calls into qemu while still in that state before finally undoing
	things at the cleanup label.  Since the qemu event handler then does:
	 virStorageSourceFree(disk->src);
	 disk->src = disk->mirror;
	we have the sad race that a fast enough qemu event can cause a leak of
	the original disk->src, as well as a use-after-free of the disk->mirror
	contents, bad enough to crash libvirtd in some of my test runs, even
	though the common case of the qemu event being much later won't trip
	the race.

	I'll go wear the brown paper bag of shame, for introducing a crasher
	in between rc1 and rc2 of the freeze for 1.2.7 :(  My only
	consolation is that virDomainBlockJobAbort requires the domain:write
	ACL, so it is not a CVE.

	The valgrind report when the race occurs looks like:

	==25612== Invalid read of size 4
	==25612==    at 0x50E7C90: virStorageSourceGetActualType (virstoragefile.c:1948)
	==25612==    by 0x209C0B18: qemuDomainDetermineDiskChain (qemu_domain.c:2473)
	==25612==    by 0x209D7F6A: qemuProcessHandleBlockJob (qemu_process.c:1087)
	==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
	...
	==25612==  Address 0xe4b5610 is 0 bytes inside a block of size 200 free'd
	==25612==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==25612==    by 0x50839E9: virFree (viralloc.c:582)
	==25612==    by 0x50E7E51: virStorageSourceFree (virstoragefile.c:2015)
	==25612==    by 0x209D7EFF: qemuProcessHandleBlockJob (qemu_process.c:1073)
	==25612==    by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)

	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Don't corrupt
	disk->src, and only label chain for blockcopy.

2014-08-07  Eric Blake  <eblake@redhat.com>

	blockjob: avoid memory leak during block pivot
	Valgrind caught a memory leak:

	==2018== 9 bytes in 1 blocks are definitely lost in loss record 143 of 927
	==2018==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==2018==    by 0x8C42369: strdup (strdup.c:42)
	==2018==    by 0x50EACC9: virStrdup (virstring.c:676)
	==2018==    by 0x50E79E5: virStorageSourceCopy (virstoragefile.c:1845)
	==2018==    by 0x20A3FAA7: qemuDomainBlockCommit (qemu_driver.c:15620)
	==2018==    by 0x51DC6B2: virDomainBlockCommit (libvirt.c:20092)

	I traced it to the fact that blockcopy and blockcommit end up
	reparsing a backing chain on pivot, but the chain parsing code
	doesn't gracefully handle the case where the backing file is
	already known.

	I'm not exactly sure when this was introduced, but suspect that the
	refactoring in commit 9944b71 and friends that moved towards probing
	in-place rather than into a temporary structure are part of the cause.

	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Don't leak any prior value.

2014-08-07  Eric Blake  <eblake@redhat.com>

	docs: use unique dev names in <disk> examples
	Jiri Moskovcak reported on IRC that the documentation on valid
	<disk> was confusing because it didn't have unique dev='...'
	entries.

	* docs/formatdomain.html.in: Use unique names.

2014-08-07  Laine Stump  <laine@laine.org>

	virsh: clean up attach-interface paragraph in man page
	This makes the paragaph about attach-interface more descriptive and
	correct, adding in a few bits of information that were previously
	missing, e.g. --script is only allowed for bridge interfaces of Xen
	domains, target name is regenerated if it starts with vnet, mac
	address will be autogenerated if not specified.

	(I did this in response to an email asking why a script couldn't be
	specified for a bridge interface of a qemu domain, and why an
	interface of type='ethernet' couldn't be created with
	attach-interface)

2014-08-07  Wang Rui  <moon.wangrui@huawei.com>

	daemon: Fix indentation in libvirtd.c

	audit: Fix some comments
	Fix a comment in virDomainAuditNetDevice.
	Fix a typo in comment of qemuPhysIfaceConnect which is
	the caller of virDomainAuditNetDevice.

2014-08-06  Peter Krempa  <pkrempa@redhat.com>

	snapshot: conf: Enforce absolute paths on disk and memory images
	RNG schema as well as the qemu driver requires absolute paths for memory
	and disk snapshot image files but the XML parser was not enforcing it.
	Add checks to avoid problems in qemu where the configuration it creates
	is invalid.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1126329

2014-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Make virFileFindHugeTLBFS fault tolerant
	Since commit be0782e1 we are parsing /proc/meminfo to find out the
	default huge page size. However, if the host we are running at does
	not support any huge pages (e.g. CONFIG_HUGETLB_PAGE is turned off),
	we will not successfully parse the meminfo file and hence the whole
	qemu driver init process fails. Moreover, the default huge page size
	is needed if and only if there's at least one hugetlbfs mount point.
	So the fix consists of moving the virFileGetDefaultHugepageSize
	function call after the first hugetlbfs mount point is found.

	With this fix, we fail to start with one or more hugetlbfs mounts and
	malformed meminfo file, but that's expected (how can one mount
	hugetlbfs without kernel supporting huge pages?). Workaround in that
	case is to umount all the hugetlbfs mounts.

	Reported-by: Jim Fehlig <jfehlig@suse.com>

2014-08-06  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Node Devices: Fix nodedev-list for fc_host & vports.
	In a system with Fiber Channel Host Adapters, a query to list all Fibre Channel
	HBAs OR Vports currently returns empty list:
	  $ virsh nodedev-list --cap fc_host

	  $

	Libvirt correctly discovers properties for all HBAs. However, the reporting
	fails because of incorrect flag comparison while filtering these types.

	This is fixed by removing references to 'VIR_CONNECT_LIST_NODE_DEVICES_CAP_*'
	for comparison and replacing those with 'VIR_NODE_DEV_CAP_*'

	Introduced by original commit id '652a2ec6'

2014-08-06  Martin Kletzander  <mkletzan@redhat.com>

	qemu: reword caps-related error

2014-08-05  Eric Blake  <eblake@redhat.com>

	blockjob: correctly report active commit for job info
	Commit 232a31b munged job info to report 'active commit' instead of
	'commit' when generating events, but forgot to also munge the polling
	variant of the command.

	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Adjust type as
	needed.

2014-08-05  Jianwei Hu  <jiahu@redhat.com>

	Fix vlanid attribute name in nwfilter docs
	'vlanid' is the attribute name in our XML,
	'vlan-id' is the ebtables attribute:

	[root@localhost ~]# virsh nwfilter-dumpxml myself
	<filter name='myself' chain='root'>
	  <uuid>7192ef51-cd50-4f14-ad7b-fa5c69ea19e3</uuid>
	  <rule action='accept' direction='in' priority='500'>
	    <vlan dstmacaddr='00:11:22:33:44:55' vlanid='44'/>
	  </rule>
	</filter>

	[root@localhost ~]# ebtables -t nat -L
	Bridge table: nat

	...
	-p 802_1Q -d 0:11:22:33:44:55 --vlan-id 44 -j ACCEPT

	https://bugzilla.redhat.com/show_bug.cgi?id=1126721

2014-08-04  Ján Tomko  <jtomko@redhat.com>

	Don't overwrite errors from virNetDevBandwidthSet
	Otherwise this beautiful error would be overwritten when
	the function is called with a really high rate number:

	2014-07-28 12:51:47.920+0000: 2304: error : virCommandWait:2399 :
	internal error: Child process (/sbin/tc class add dev vnet0 parent 1:
	classid 1:1 htb rate 4294968kbps) unexpected exit status 1: Illegal "rate"
	Usage: ... qdisc add ... htb [default N] [r2q N]
	 default  minor id of class to which unclassified packets are sent {0}
	 r2q      DRR quantums are computed as rate in Bps/r2q {10}
	 debug    string of 16 numbers each 0-3 {0}

	... class add ... htb rate R1 [burst B1] [mpu B] [overhead O]
	                      [prio P] [slot S] [pslot PS]
	                      [ceil R2] [cburst B2] [mtu MTU] [quantum Q]
	 rate     rate allocated to this class (class can still borrow)
	 burst    max bytes burst which can be accumulated during idle period {computed}
	 mpu      minimum packet size used in rate computations
	 overhead per-packet size overhead used in rate computations
	 linklay  adapting to a linklayer e.g. atm
	 ceil     definite upper class rate (no borrows) {rate}
	 cburst   burst but for ceil {computed}
	 mtu      max packet size we create rate map for {1600}
	 prio     priority of leaf; lowe

	https://bugzilla.redhat.com/show_bug.cgi?id=1043735

2014-08-04  Ján Tomko  <jtomko@redhat.com>

	virsh: check if domiftune parameters fit into UINT
	We parse the bandwidth rates as unsinged long long,
	then try to fit them in VIR_TYPED_PARAM_UINT.

	Report an error if they exceed UINT_MAX instead of
	quietly using wrong values.

	https://bugzilla.redhat.com/show_bug.cgi?id=1043735

2014-08-04  John Ferlan  <jferlan@redhat.com>

	storage: Refresh storage pool after upload
	https://bugzilla.redhat.com/show_bug.cgi?id=1072653

	Upon successful upload of a volume, the target volume and storage pool
	were not updated to reflect any changes as a result of the upload. Make
	use of the existing stream close callback mechanism to force a backend
	pool refresh to occur in a separate thread once the stream closes. The
	separate thread should avoid potential deadlocks if the refresh needed
	to wait on some event from the event loop which is used to perform
	the stream callback.

2014-08-04  Eric Blake  <eblake@redhat.com>

	Post-release version bump for new dev cycle

2014-08-04  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Remove unused variable
	The variable 'k' in the print_cpu_usage function is not used anywhere
	and can fire a warning on some compilers.

2014-08-04  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Turn parse_argv into void
	Currently, the function follows the usual pattern used in our code:

	  int ret = -1;
	  ...
	  ret = 0;
	 cleanup:
	  return ret;

	However, the function always call exit() on error, so the cleanup
	label is never jumped onto. Therefore, it doesn't make any sense to
	have the parse_argv function return an integer value, if it
	effectively can return only value of zero.

2014-08-04  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix comment in qemu.conf
	There are multiple mount points after commit 725a211f, but one comment
	wasn't changed to use plurals.

2014-08-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.7
	* docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localizations and regenerate

2014-08-03  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	Cygwin has getifaddrs(), but not AF_LINK, leading to:

	util/virstats.c: In function 'virNetInterfaceStats':
	util/virstats.c:138:41: error: 'AF_LINK' undeclared (first use in this function)
	         if (ifa->ifa_addr->sa_family != AF_LINK)
	...

	* src/util/virstats.c (virNetInterfaceStats): Only use getifaddrs
	if AF_LINK is present.

2014-08-03  Laine Stump  <laine@laine.org>

	network: always set disable_ipv6, even when it should be 0
	libvirt previously only touched an interface's disable_ipv6 setting in
	sysfs if it needed to be set to 1, assuming that 0 is the
	default. Apparently that isn't always the case though (kernel 3.15.7-1
	in Arch Linux reportedly defaults a new interface's disable_ipv6
	setting to 1) so this patch explicitly sets it to 0 or 1 as
	appropriate.

2014-08-01  Ján Tomko  <jtomko@redhat.com>

	Fix a crash when cloning a volume with no backing store
	Introduced by commit 15213d1, not yet released.

2014-07-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve: document recent changes
	 - mention that one disk and one network limitation
	   is no longer current for 1.2.6 and newer
	 - add 'cdrom' device to the sample domain XML

2014-07-30  Eric Blake  <eblake@redhat.com>

	blockcommit: turn on active commit
	With this in place, I can (finally!) now do:

	virsh blockcommit $dom vda --shallow --verbose --pivot

	and watch qemu shorten the backing chain by one, followed by
	libvirt automatically updating the dumpxml output, effectively
	undoing the work of virsh snapshot-commit --no-metadata --disk-only.
	Commit is SOOOO much faster than blockpull, when I'm still fairly
	close in time to when the temporary qcow2 wrapper file was created
	via a snapshot operation!

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Implement live
	commit.

2014-07-30  Eric Blake  <eblake@redhat.com>

	blockcommit: track job type in xml
	A future patch is going to wire up qemu active block commit jobs;
	but as they have similar events and are canceled/pivoted in the
	same way as block copy jobs, it is easiest to track all bookkeeping
	for the commit job by reusing the <mirror> element.  This patch
	adds domain XML to track which job was responsible for creating a
	mirroring situation, and adds a job='copy' attribute to all
	existing uses of <mirror>.  Along the way, it also massages the
	qemu monitor backend to read the new field in order to generate
	the correct type of libvirt job (even though it requires a
	future patch to actually cause a qemu event that can be reported
	as an active commit).  It also prepares to update persistent XML
	to match changes made to live XML when a copy completes.

	* docs/schemas/domaincommon.rng: Enhance schema.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (_virDomainDiskDef): Add a field.
	* src/conf/domain_conf.c (virDomainBlockJobType): String conversion.
	(virDomainDiskDefParseXML): Parse job type.
	(virDomainDiskDefFormat): Output job type.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Distinguish
	active from regular commit.
	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set job type.
	(qemuDomainBlockPivot, qemuDomainBlockJobImpl): Clean up job type
	on completion.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old.xml:
	Update tests.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-active-commit.xml: New
	file.
	* tests/qemuxml2xmltest.c (mymain): Drive new test.

2014-07-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Domain config: write <features/> if some capabilities are set.
	If all features are set to default (including the capabilities policy),
	but some capabilities are toggled, we need to output the <features>
	element when formatting the config.

2014-07-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix an incorrect example for memoryBacking
	commit 136ad49740f017aabcac48d02d2df6ab7b0195e9
	forgot to add an end-tags for hugepages.

2014-07-29  Eric Blake  <eblake@redhat.com>

	blockjob: properly track blockcopy xml changes on disk
	We were not directly saving the domain XML to file after starting
	or finishing a blockcopy.  Without the startup write, a libvirtd
	restart in the middle of a copy job would forget that the job was
	underway.  Then at pivot, we were indirectly writing new XML in
	reaction to events that occur as we stop and restart the guest CPUs.
	But there was a race: since pivot is an async action, it is possible
	that libvirtd is restarted before the pivot completes, so if XML
	changes during the event, that change was not written.  The original
	blockcopy code cleared out the <mirror> element prior to restarting
	the CPUs, but this is also a race, observed if a user does an async
	pivot and a dumpxml before the event occurs.  Furthermore, this race
	will interfere with active commit in a future patch, because that
	code will rely on the <mirror> element at the time of the qemu event
	to determine whether to inform the user of a normal commit or an
	active commit.

	Fix things by saving state any time we modify live XML, while
	delaying XML disk modifications until after the event completes.  We
	still need a to teach libvirtd restarts to examine all existing
	<mirror> elements to see if the job completed in the meantime (that
	is, if libvirtd misses the event, the updated state still needs to be
	updated in live XML), but that will be a later patch, in part because
	we also need to to start taking advantage of newer qemu's ability to
	keep the job around after completion rather than the current usage
	where the job disappears both on error and on success.

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Track XML change
	on disk.
	(qemuDomainBlockJobImpl, qemuDomainBlockPivot): Move job-end XML
	rewrites...
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): ...here.

2014-07-29  Eric Blake  <eblake@redhat.com>

	blockcopy: add more XML for state tracking
	Doing a blockcopy operation across a libvirtd restart is not very
	robust at the moment.  In particular, we are clearing the <mirror>
	element prior to telling qemu to finish the job.  Also, thanks to the
	ability to request async completion, the user can easily regain
	control prior to qemu actually finishing the effort, and they should
	be able to poll the domain XML to see if the job is still going.

	A future patch will fix things to actually wait until qemu is done
	before modifying the XML to reflect the job completion.  But since
	qemu issues identical BLOCK_JOB_COMPLETE events regardless of whether
	the job was cancelled (kept the original disk) or completed (pivoted
	to the new disk), we have to track which of the two operations were
	used to end the job.  Furthermore, we'd like to avoid attempts to
	end a job where we are already waiting on an earlier request to qemu
	to end the job.  Likewise, if we miss the qemu event (perhaps because
	it arrived during a libvirtd restart), we still need enough state
	recorded to be able to determine how to modify the domain XML once
	we reconnect to qemu and manually learn whether the job still exists.

	Although this patch doesn't actually fix the problem, it is a
	preliminary step that makes it possible to track whether a job
	has already begun steps towards completion.

	* src/conf/domain_conf.h (virDomainDiskMirrorState): New enum.
	(_virDomainDiskDef): Convert bool mirroring to new enum.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Handle new values.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Adjust
	client.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl): Likewise.
	* docs/schemas/domaincommon.rng (diskMirror): Expose new values.
	* docs/formatdomain.html.in (elementsDisks): Document it.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Test it.

2014-07-29  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: error out if PCI passthrough type is not supported
	If PCI passthrough type is not supported, we should error out rather than
	continue building the command line.

	When starting a domain, the type has been already checked by
	qemuPrepareHostdevPCICheckSupport() before building qemu command line,
	so the problem doesn't emerge.

	But when coverting a domain xml without specifying passthrough type explictly
	to qemu arg, we will get a malformed command line.

	the xml:

	    <hostdev mode='subsystem' type='pci' managed='yes'>
	      <source>
	        <address domain='0x0001' bus='0x03' slot='0x00' function='0x0'/>
	      </source>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
	    </hostdev>

	the converted command line:

	  -device ,host=0001:03:00.0,id=hostdev0,bus=pci.0,addr=0x5

	After this patch, virsh gives an error message:

	  virsh domxml-to-native qemu-argv /tmp/tmp.xml
	  error: internal error: invalid PCI passthrough type 'default'

2014-07-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement ./hugepages/page/[@size, @unit, @nodeset]

	domain: Introduce ./hugepages/page/[@size, @unit, @nodeset]
	  <memoryBacking>
	    <hugepages>
	      <page size="1" unit="G" nodeset="0-3,5"/>
	      <page size="2" unit="M" nodeset="4"/>
	    </hugepages>
	  </memoryBacking>

	virbitmap: Introduce virBitmapOverlaps
	This internal API just checks if two bitmaps intersect or not.

2014-07-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Utilize virFileFindHugeTLBFS
	Use better detection of hugetlbfs mount points. Yes, there can be
	multiple mount points each serving different huge page size.

	Since we already have ability to override the mount point in the
	qemu.conf file, this crazy backward compatibility code is brought in.
	Now we allow multiple mount points, so the "hugetlbfs_mount" option
	must take an list of strings (mount points). But previously, it was
	just a string, so we must accept both types now.

2014-07-29  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virFileFindHugeTLBFS
	This should iterate over mount tab and search for hugetlbfs among with
	looking for the default value of huge pages.

2014-07-29  Peter Krempa  <pkrempa@redhat.com>

	storage: create: Create files with correct mode
	Use correct mode when pre-creating files (for snapshots). The refactor
	changing to storage driver usage caused a regression as some systems
	created the file with 000 permissions forbidding qemu to write the file.

	Pass mode to the creating functions to avoid the problem.

	Regression since 185e07a5f82bc0692324f3ee13b4816d71b653c1.

2014-07-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	schema: bhyve and nmdm updates
	* docs/schemas/domaincommon.rng: Add bhyve domain type, nmdm
	  serial type and master and slave optional attributes for
	  serial that are used by nmdm
	* tests/domainschematest: Add bhyvexml2argvdata directory
	  to validate bhyve XMLs

2014-07-29  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	nodedev: fix a uninitialized variable build failure
	Fix a -Werror=maybe-uninitialized warning

2014-07-28  Eric Blake  <eblake@redhat.com>

	nodedev: fix pci express memory leak
	Leak introduced in commit 16ebf10f (v1.2.6), detected by valgrind:

	==9816== 216 (96 direct, 120 indirect) bytes in 6 blocks are definitely lost in loss record 665 of 821
	==9816==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9816==    by 0x50836FB: virAlloc (viralloc.c:144)
	==9816==    by 0x1DBDBE27: udevProcessPCI (node_device_udev.c:546)
	==9816==    by 0x1DBDD79D: udevGetDeviceDetails (node_device_udev.c:1293)

	* src/util/virpci.h (virPCIEDeviceInfoFree): New prototype.
	* src/util/virpci.c (virPCIEDeviceInfoFree): New function.
	* src/conf/node_device_conf.c (virNodeDevCapsDefFree): Clear
	pci_express under pci case.
	(virNodeDevCapPCIDevParseXML): Avoid leak.
	* src/node_device/node_device_udev.c (udevProcessPCI): Likewise.
	* src/libvirt_private.syms (virpci.h): Export it.

2014-07-28  Eric Blake  <eblake@redhat.com>

	nodedev: move pci express types to virpci.h
	Finding virPCIE* code is more intuitive if located in virpci.h
	instead of node_device_conf.h.

	* src/conf/node_device_conf.h (virPCIELinkSpeed, virPCIELink)
	(virPCIEDeviceInfo): Move...
	* src/util/virpci.h: ...here.
	* src/conf/node_device_conf.c (virPCIELinkSpeed): Likewise.

2014-07-28  Eric Blake  <eblake@redhat.com>

	nodedev: let compiler help us on switches
	The compiler can alert us to places where we need to expand switch
	statements because we add a new enum value, but only if we don't
	have a default case.

	* src/conf/node_device_conf.c (virNodeDeviceDefFormat)
	(virNodeDevCapsDefParseXML, virNodeDevCapsDefFree): Drop default
	case.

2014-07-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: sound: Fix uninitialized model string
	Commit e5f36698e3efc3d258b2996c7423c47e05ec52b2 introduces a
	false-positive build failure in the sound card model handling switch.
	Initialize the model to NULL although the value should never be used.

	qemu: sound: Handle all possible sound cards in switch statement
	Use correct type in the switch and handle all sound card models in it so
	that the compiler tracks additions.

	conf: RNG: Always fill in default random source path for default backend
	Libvirt documents that the default entropy source for the 'random'
	backend of a RNG device is /dev/random. Instead of storing and
	propagating NULL across our code and checking it in multiple places fill
	the default in the post parse callback and use that in the other places.

2014-07-25  Cole Robinson  <crobinso@redhat.com>

	spec: arm and aarch64 have kvm support with F20+

2014-07-25  Cole Robinson  <crobinso@redhat.com>

	spec: Use power64 macro
	Covers the whole ppc64 family. Example bug for binutils:

	https://bugzilla.redhat.com/show_bug.cgi?id=834651

2014-07-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix starting of VMs with empty CDROM drives
	Since 24e5cafba6dbc2722e05f92dc0ae31b0f938f9f0 (thankfully unreleased)
	when a VM with an empty disk drive would be started the code would call
	stat() on NULL path as a check was missing from the callback rendering
	machines unstartable.

	Report success when the path is empty (denoting an empty drive).

2014-07-25  Martin Kletzander  <mkletzan@redhat.com>

	libvirt-guests: fix some typos in a comment

2014-07-25  James  <james.wangyufei@huawei.com>

	util: virTimeFieldsThenRaw never returns negative
	virTimeFieldsThenRaw will never return negative result, so I clean up
	the related meaningless judgements to make it better.

2014-07-25  Li Yang  <liyang.fnst@cn.fujitsu.com>

	libvirt: Fix 'quest' typo in comment

2014-07-25  Peter Krempa  <pkrempa@redhat.com>

	test: qemu: Add tests for multiple virtio-rng devices

	virtio-rng: allow multiple RNG devices
	qemu supports adding multiple RNG devices. This patch allows libvirt to
	support this.

2014-07-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: cgroup: Don't use NULL path on default backed RNGs
	The "random" backend for virtio-rng can be started with no path
	specified which equals to /dev/random. The cgroup code didn't consider
	this and called few of the functions with NULL resulting into:

	 $ virsh start rng-vm
	 error: Failed to start domain rng-vm
	 error: Path '(null)' is not accessible: Bad address

	Problem introduced by commit c6320d34637a9883e31c4081d418fc33a4277cf2

2014-07-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuConnectGetDomainCapabilities: Report error on unknown arch
	If user hasn't provided any @emulatorbin, the qemuCaps are
	searched by @arch provided (which in fact can be guessed from the
	host). However, there's no guarantee that the qemu binary for
	@arch will exist.  Therefore qemu capabilities may be nonexistent
	too. If that's the case, we should throw an error message prior
	jumping onto 'cleanup' label as the helper lookup function
	remains silent on no search result.

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	remove range checking for blkiotune weight
	This was changed before:

	https://www.redhat.com/archives/libvir-list/2013-October/msg00525.html

	but not everywhere in the code.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1100769

2014-07-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: cdrom support
	Add support for CDROM devices for bhyve driver using
	bhyve(8)'s 'ahci-cd' device type.

	As bhyve currently does not support media insertion at runtime,
	disallow to start a domain with an empty source path for cdrom
	devices.

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	virsh: add option for selecting domdisplay type
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997802

	virsh: add error message when no graphical display is found

2014-07-24  John Ferlan  <jferlan@redhat.com>

	hostdev: Introduce virDomainHostdevSubsysSCSIiSCSI
	Create the structures and API's to hold and manage the iSCSI host device.
	This extends the 'scsi_host' definitions added in commit id '5c811dce'.
	A future patch will add the XML parsing, but that code requires some
	infrastructure to be in place first in order to handle the differences
	between a 'scsi_host' and an 'iSCSI host' device.

	Add virConnectPtr for qemuBuildSCSIHostdevDrvStr
	Add a conn for future patches to be able to grab the secret when
	authenticating an iSCSI host device

	hostdev: Introduce virDomainHostdevSubsysSCSIHost
	Split virDomainHostdevSubsysSCSI further. In preparation for having
	either SCSI or iSCSI data, create a union in virDomainHostdevSubsysSCSI
	to contain just a virDomainHostdevSubsysSCSIHost to describe the
	'scsi_host' host device

	hostdev: Introduce virDomainHostdevSubsysSCSI
	Create a separate typedef for the hostdev union data describing SCSI
	Then adjust the code to use the new pointer

	hostdev: Introduce virDomainHostdevSubsysPCI
	Create a separate typedef for the hostdev union data describing PCI.
	Then adjust the code to use the new pointer

	hostdev: Introduce virDomainHostdevSubsysUSB
	Create a separate typedef for the hostdev union data describing USB.
	Then adjust the code to use the new pointer

2014-07-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Use storage driver to pre-create snapshot file
	Move the last operation done on local files to the storage driver API.

	storage: Implement virStorageFileCreate for local and gluster files
	Add backends for this frontend function so that we can use it in the
	snapshot creation code.

	qemu: Implement DAC driver chown callback to co-operate with storage drv
	Use the storage driver to chown remote images.

	security: DAC: Plumb usage of chown callback
	Use the callback to set disk and storage image labels by modifying the
	existing functions and adding wrappers to avoid refactoring a lot of the
	code.

2014-07-24  Peter Krempa  <pkrempa@redhat.com>

	security: DAC: Introduce callback to perform image chown
	To integrate the security driver with the storage driver we need to
	pass a callback for a function that will chown storage volumes.

	Introduce and document the callback prototype.

2014-07-24  Peter Krempa  <pkrempa@redhat.com>

	security: DAC: Remove superfluous link resolution
	When restoring security labels in the dac driver the code would resolve
	the file path and use the resolved one to be chown-ed. The setting code
	doesn't do that. Remove the unnecessary code.

	storage: Add witness for checking storage volume use in security driver
	With my intended use of storage driver assist to chown files on remote
	storage we will need a witness that will tell us whether the given
	storage volume supports operations needed by the storage driver.

	storage: Implement storage driver helper to chown disk images
	Gluster storage works on a similar principle to NFS where it takes the
	uid and gid of the actual process and uses it to access the storage
	volume on the remote server. This introduces a need to chown storage
	files on gluster via native API.

2014-07-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuConnectGetDomainCapabilities: Use wiser defaults
	Up to now, users have to pass two arguments at least: domain virt type
	('qemu' vs 'kvm') and one of emulatorbin or architecture. This is not
	much user friendly. Nowadays users mostly use KVM and share the host
	architecture with the guest. So now, the API (and subsequently virsh
	command) can be called with all NULLs  (without any arguments).

	Before this patch:
	 # virsh domcapabilities
	 error: failed to get emulator capabilities
	 error: virttype_str in qemuConnectGetDomainCapabilities must not be NULL

	 # virsh domcapabilities kvm
	 error: failed to get emulator capabilities
	 error: invalid argument: at least one of emulatorbin or architecture fields must be present

	After:

	 # virsh domcapabilities
	 <domainCapabilities>
	   <path>/usr/bin/qemu-system-x86_64</path>
	   <domain>kvm</domain>
	   <machine>pc-i440fx-2.1</machine>
	   <arch>x86_64</arch>
	   <vcpu max='255'/>
	 </domainCapabilities>

2014-07-24  Martin Kletzander  <mkletzan@redhat.com>

	numatune: finish the split from domain_conf and remove all dependencies
	This patch adds back the virDomainDef typedef into domain_conf and
	makes all the numatune_conf functions independent of any virDomainDef
	definitions.

2014-07-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	leaseshelper: avoid mem leak after storing lease entries
	Contents of existing lease file were being stored in a variable
	which was never freed.

2014-07-23  Eric Blake  <eblake@redhat.com>

	maint: simplify some syntax check exemptions
	Commit 5028160 accidentally weakened the strtol prohibitions to
	skip ALL files under src/util instead of the former situation of
	just protecting util/virsexpr.c; even though NONE of the files
	in that directory need any protection.

	Shorten some long lines while at it.

	* cfg.mk (exclude_file_name_regexp--sc_prohibit_strtol): No need
	to exclude all of util.
	(exclude_file_name_regexp--sc_prohibit_sprintf): Reduce long line.
	(exclude_file_name_regexp--sc_prohibit_raw_allocation): Likewise.

2014-07-23  Eric Blake  <eblake@redhat.com>

	conf: avoid memory leaks while parsing seclabel
	Our seclabel parsing was repeatedly assigning malloc'd data into a
	temporary variable, without first freeing the previous use.  Among
	other leaks flagged by valgrind:

	==9312== 8 bytes in 1 blocks are definitely lost in loss record 88 of 821
	==9312==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9312==    by 0x8C40369: strdup (strdup.c:42)
	==9312==    by 0x50EA799: virStrdup (virstring.c:676)
	==9312==    by 0x50FAEB9: virXPathString (virxml.c:90)
	==9312==    by 0x50FAF1E: virXPathStringLimit (virxml.c:112)
	==9312==    by 0x510F516: virSecurityLabelDefParseXML (domain_conf.c:4571)
	==9312==    by 0x510FB20: virSecurityLabelDefsParseXML (domain_conf.c:4720)

	While it was multiple problems, it looks like commit da78351 (thankfully
	unreleased) was to blame for all of them.

	* src/conf/domain_conf.c (virSecurityLabelDefParseXML): Plug leaks
	detected by valgrind.

2014-07-23  Eric Blake  <eblake@redhat.com>

	nwfilter: plug memory leak with firewall
	Introduced in commit 70571ccc (v1.2.4). Caught by valgrind:

	==9816== 170 (32 direct, 138 indirect) bytes in 1 blocks are definitely lost in loss record 646 of 821
	==9816==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9816==    by 0x50836FB: virAlloc (viralloc.c:144)
	==9816==    by 0x50AEC2B: virFirewallNew (virfirewall.c:204)
	==9816==    by 0x1E2308ED: ebiptablesDriverProbeStateMatch (nwfilter_ebiptables_driver.c:3715)
	==9816==    by 0x1E2309AD: ebiptablesDriverInit (nwfilter_ebiptables_driver.c:3742)

	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesDriverProbeStateMatch): Properly clean up.

2014-07-23  Eric Blake  <eblake@redhat.com>

	metadata: track title edits across libvirtd restart
	https://bugzilla.redhat.com/show_bug.cgi?id=1122205

	Although the edits were changing in-memory XML, it was not flushed
	to disk; so unless some other action changes XML, a libvirtd restart
	would lose the changed information.

	* src/conf/domain_conf.c (virDomainObjSetMetadata): Add parameter,
	to save live status across restarts.
	(virDomainSaveXML): Allow for test driver.
	* src/conf/domain_conf.h (virDomainObjSetMetadata): Adjust
	signature.
	* src/bhyve/bhyve_driver.c (bhyveDomainSetMetadata): Adjust caller.
	* src/lxc/lxc_driver.c (lxcDomainSetMetadata): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetMetadata): Likewise.
	* src/test/test_driver.c (testDomainSetMetadata): Likewise.

2014-07-23  John Ferlan  <jferlan@redhat.com>

	docs: Point to list of valid pool target volume formats
	https://bugzilla.redhat.com/show_bug.cgi?id=1092886

	Rather than point off to some nefarious "pool-specific docs" page when
	describing the "format" field for the target pool provide a link to the
	storage driver page which describes the various valid formats for each
	pool type.  Also make it a bit more clear that if a valid format isn't
	specified, then the type field is ignored.

2014-07-23  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable sanlock on qemu_kvm_arches for RHEL

2014-07-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added myself in AUTHORS.in

	Documented VIR_DOMAIN_FEATURE_CAPABILITIES use of virDomainCapabilitesPolicy

2014-07-23  Ján Tomko  <jtomko@redhat.com>

	Introduce virTristateSwitch enum
	For the values "default", "on", "off"

	Replaces
	virDeviceAddressPCIMulti
	virDomainFeatureState
	virDomainIoEventFd
	virDomainVirtioEventIdx
	virDomainDiskCopyOnRead
	virDomainMemDump
	virDomainPCIRombarMode
	virDomainGraphicsSpicePlaybackCompression

2014-07-23  Ján Tomko  <jtomko@redhat.com>

	Introduce virTristateBool enum type
	Replace all three-state (default/yes/no) enums with it:
	virDomainBIOSUseserial
	virDomainBootMenu
	virDomainPMState
	virDomainGraphicsSpiceClipboardCopypaste
	virDomainGraphicsSpiceAgentFileTransfer
	virNetworkDNSForwardPlainNames

2014-07-23  Peter Krempa  <pkrempa@redhat.com>

	Fix build after 47e5b5ae3262f140955abd57bbb13337c65a3497
	The patch described above introduced two problems caught by the compiler
	and thus breaking the build.

	One of the problems was comparison of unsigned with < 0 and the second
	one jumped a variable init.

2014-07-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: show used memory as 0 when domain is not active
	Before:
	virsh # dominfo chx3
	State:          shut off
	Max memory:     92160 KiB
	Used memory:    92160 KiB

	After:
	virsh # dominfo container1
	State:          shut off
	Max memory:     92160 KiB
	Used memory:    0 KiB

	Similar to qemu cases.

2014-07-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc domain from xml: convert lxc.cap.drop

2014-07-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc: allow to keep or drop capabilities
	Added <capabilities> in the <features> section of LXC domains
	configuration. This section can contain elements named after the
	capabilities like:

	  <mknod state="on"/>, keep CAP_MKNOD capability
	  <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability

	Users can restrict or give more capabilities than the default using
	this mechanism.

2014-07-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: create a bind mount for sysfs when enable userns but disable netns
	kernel commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e
	forbid us doing a fresh mount for sysfs
	when enable userns but disable netns.
	This patch will create a bind mount in this senario.

2014-07-22  Michal Privoznik  <mprivozn@redhat.com>

	tests: Remove stale scsihostdata dir
	In the fbd91d49 commit, new scsihostdata dir is added to EXTRA_DIST in
	the tests/Makefile.am. However, the directory itself is not created
	anywhere, nor in the commit.

2014-07-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid taking/reverting snapshots in PMSUSPENDED state
	Qemu doesn't currently support them and behaves strangely. Just forbid
	them.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1079162

2014-07-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid taking snapshot in invalid state
	Similarly to 49a3a649a85f9d3d478be355aa8694bce889586a forbid creating
	snapshots in domain states impossible to reach in qemu.

2014-07-22  Michal Privoznik  <mprivozn@redhat.com>

	domtop: Fix build on mingw
	Firstly, there's no sigaction() nor struct sigaction on mingw. We have
	to use the one implemented by gnulib (and hence link with gnulib).
	Then, for some reason one header file from windows defines ERROR
	symbol. Yes it does. Sigh.

2014-07-21  Eric Blake  <eblake@redhat.com>

	build: fix build without numactl
	Under ./configure --without-numactl but with numactl-devel installed,
	the build fails with:

	../../src/util/virnuma.c: In function 'virNumaNodeIsAvailable':
	../../src/util/virnuma.c:407:5: error: implicit declaration of function 'numa_bitmask_isbitset' [-Werror=implicit-function-declaration]
	     return numa_bitmask_isbitset(numa_nodes_ptr, node);
	     ^

	and other failures, all because the configure results for particular
	functions were used without regard to whether libnuma was even being
	linked in.

	* src/util/virnuma.c (virNumaGetPages): Fix message typo.
	(virNumaNodeIsAvailable): Correct build when not using numactl.

2014-07-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	storage: logical: drop useless if
	virStorageBackendLogicalCreateVol contains a piece like:

	    if (vol->target.path != NULL) {
	        /* A target path passed to CreateVol has no meaning */
	        VIR_FREE(vol->target.path);
	    }

	The 'if' is useless here, but 'syntax-check' doesn't catch that
	because of the comment, so drop the 'if'.

2014-07-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build on non-Linux platforms
	Commit ef48a1b introduced virFindSCSIHostByPCI for Linux and
	a stub for other platforms that returns -1 while the function
	should return 'char *', so use 'return NULL' instead.

	Commit fbd91d4 introduced virReadSCSIUniqueId with the third
	argument 'int *result', however the stub for non-Linux patform
	uses 'unsigned int *result', so change it to 'int *result'.

	Pushed under the build breaker rule.

2014-07-21  John Ferlan  <jferlan@redhat.com>

	getAdapterName: Lookup stable scsi_host
	If a parentaddr was provided in the XML, have getAdapterName lookup
	the stable address.  This allows virStorageBackendSCSICheckPool() and
	virStorageBackendSCSIRefreshPool() to automagically find the scsi_host
	by its PCI address and unique_id

2014-07-21  John Ferlan  <jferlan@redhat.com>

	scsi_host: Introduce virFindSCSIHostByPCI
	Introduce a new function to parse the provided scsi_host parent address
	and unique_id value in order to find the /sys/class/scsi_host directory
	which will allow a stable SCSI host address

	Add a test to scsihosttest to lookup the host# name by using the PCI address
	and unique_id value

2014-07-21  John Ferlan  <jferlan@redhat.com>

	Add unique_id to nodedev output
	Add an optional unique_id parameter to nodedev.  Allows for easier lookup
	and display of the unique_id value in order to document for use with
	scsi_host code.

2014-07-21  John Ferlan  <jferlan@redhat.com>

	virutil: Introduce virReadSCSIUniqueId
	Introduce a new function to read the current scsi_host entry and return
	the value found in the 'unique_id' file.

	Add a 'scsihosttest' test (similar to the fchosttest, but incorporating some
	of the concepts of the mocked pci test library) in order to read the
	unique_id file like would be found in the /sys/class/scsi_host tree.

2014-07-21  John Ferlan  <jferlan@redhat.com>

	scsi_backend: Use existing LINUX_SYSFS_SCSI_HOST_PREFIX definition
	Rather than supplying the path again in the formatting of the sysfs
	scsi_host directory.

2014-07-21  Osier Yang  <jyang@redhat.com>

	storage: Introduce parentaddr into virStoragePoolSourceAdapter
	Between reboots and kernel reloads, the SCSI host number used for SCSI
	storage pools may change requiring modification to the storage pool XML
	in order to use a specific SCSI host adapter.

	This patch introduces the "parentaddr" element and "unique_id" attribute
	for the SCSI host adapter in order to uniquely identify the adapter
	between reboots and kernel reloads. For now the goal is to only parse
	and format the XML. Both will be required to be provided in order to
	uniquely identify the desired SCSI host.

	The new XML is expected to be as follows:

	  <adapter type='scsi_host'>
	    <parentaddr unique_id='3'>
	      <address domain='0x0000' bus='0x00' slot='0x1f' func='0x2'/>
	    </parentaddr>
	  </adapter>

	where "parentaddr" is the parent device of the SCSI host using the PCI
	address on which the device resides and the value from the unique_id file
	for the device. Both the PCI address and unique_id values will be used
	to traverse the /sys/class/scsi_host/ directories looking at each link
	to match the PCI address reformatted to the directory link format where
	"domain:bus:slot:function" is found.  Then for each matching directory
	the unique_id file for the scsi_host will be used to match the unique_id
	value in the xml.

	For a PCI address listed above, this will be formatted to "0000:00:1f.2"
	and the links in /sys/class/scsi_host will be used to find the host#
	to be used for the 'scsi_host' device. Each entry is a link to the
	/sys/bus/pci/devices directories, e.g.:

	%  ls -al /sys/class/scsi_host/host2
	lrwxrwxrwx. 1 root root 0 Jun  1 00:22 /sys/class/scsi_host/host2 -> ../../devices/pci0000:00/0000:00:1f.2/ata3/host2/scsi_host/host2

	% cat /sys/class/scsi_host/host2/unique_id
	3

	The "parentaddr" and "name" attributes are mutually exclusive to identify
	the SCSI host number. Use of the "parentaddr" element will be the preferred
	mechanism.

	This patch only supports to parse and format the XMLs. Later patches will
	add code to find out the scsi host number.

2014-07-21  Osier Yang  <jyang@redhat.com>

	virStoragePoolSourceAdapter: Refine the SCSI_HOST adapter name
	Preparation for future patches by creating a scsi_host union. For now,
	just the 'name' will be present.

2014-07-21  John Ferlan  <jferlan@redhat.com>

	getAdapterName: check for SCSI_HOST
	Rather than assume that NOT FC_HOST is SCSI_HOST, let's call them out
	specifically. Makes it easier to find SCSI_HOST code/structs and ensures
	something isn't missed in the future

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	schema: pool: netfs: Don't enforce slash in glusterfs pool source
	Gluster volumes don't start with a leading slash. Our schema for netfs
	gluster pools enforces it though. Luckily mount.glusterfs skips it.
	Allow a slashless volume name for glusterfs netfs mounts in the schema.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1101999

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	doc: Explicitly specify how to override spice channel mode
	Be more clear that the "<channel mode=" attribute overrides the default
	set by "defaultMode".

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1033704

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	node_device: HAL: Ignore return value of virStrToLong_ui
	Commit 5df813177c3b609a8cf5db26ae94b26d4a40063d forgot to adjust a few
	callers of virStrToLong_ui to ignore the returned value in some ancient
	parts of the code.

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	util: Check return value from virStrToLong* functions
	We do so in the vast majority of places, so there's no problem of adding
	the attribute to enforce it by the complier and fix a few leftover
	places.

	This was originally pointed out by Coverity as a recent change triggered
	it's warning that our code checked the vast majority of returns from
	virStrToLong_ui.

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	examples: domtop: Avoid leaking memory
	Use the virTypedParamsFree unconditionally as it handles NULL well and
	has the benefit of freeing a typed parameter array even if it wasn't yet
	assigned, but only allocated.

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	examples: domtop: Fix uninitialized variable use
	max_id could be used uninitialized in the cleanup section after the
	domain wasn't found.

	Discovered by Coverity.

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Reject revertion from clearly bad states
	Report errors on some states snapshots done by qemu should never reach

2014-07-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Convert if-else switch to switch statement
	Convert the target snapshot state selector to a switch statement
	enumerating all possible values. This points out a few mistakes in the
	original selector.

	The logic of the code is preserved until later patches.

2014-07-18  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: reconnect to domains after libvirtd restart
	Try to reconnect to the running domains after libvirtd restart. To
	achieve that, do:

	 * Save domain state
	  - Modify virBhyveProcessStart() to save domain state to the state
	    dir
	  - Modify virBhyveProcessStop() to cleanup the pidfile and the state

	 * Detect if the state information loaded from the driver's state
	   dir matches the actual state. Consider domain active if:
	    - PID it points to exist
	    - Process title of this PID matches the expected one with the
	      domain name

	   Otherwise, mark the domain as shut off.

	Note: earlier development bhyve versions before FreeBSD 10.0-RELEASE
	didn't set proctitle we expect, so the current code will not detect
	it. I don't plan adding support for this unless somebody requests
	this.

2014-07-18  Hu Tao  <hutao@cn.fujitsu.com>

	doc: add domain to address of hostdev pci
	libvirt supports pci domain already, so update the documentation.
	Otherwise users who lookup the documentation for how to use hostdev may
	miss the domain and encounter error when pass-through a pci device in a
	domain other than 0.

2014-07-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid snapshots of iSCSI passthrough devices
	As with the local SCSI passthrough devicesm qemu can't support snapshots
	on those as the block ops are handled by the device. This is also true
	for iSCSI backing of the disk. Remove the check for the local block
	device and just forbid snapshot when the disk is of type 'lun'.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1073368

2014-07-18  Peter Krempa  <pkrempa@redhat.com>

	doc: domain: Clarify that disk type 'lun' works with iSCSI too
	Disk type 'lun' enables SCSI command passthrough for a disk. We stated
	that it works only with "block" disks. Qemu supports it also when using
	the iSCSI protocol.

2014-07-18  Michal Privoznik  <mprivozn@redhat.com>

	examples: Introduce domtop
	There's this question on the list that is asked over and over again.
	How do I get {cpu, memory, ...} usage in percentage? Or its modified
	version: How do I plot nice graphs like virt-manager does?

	It would be nice if we have an example to inspire people. And that's
	what domtop should do. Yes, it could be written in different ways, but
	I've chosen this one as I think it show explicitly what users need to
	implement in order to imitate virt-manager's graphing.

	Note: The usage is displayed from host perspective. That is, how much
	host CPUs the domain is using. But it should be fairly simple to
	switch do just guest CPU usage if needed.

2014-07-18  Michal Privoznik  <mprivozn@redhat.com>

	Kill last strto{l,ll,d} scouts
	There's no need to use it since we have this shiny functions
	that even checks for conversion and overflow errors.

2014-07-18  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc conf2xml: convert lxc.network.name for veth networks

2014-07-18  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc network configuration allows setting target container NIC name
	LXC network devices can now be assigned a custom NIC device name on the
	container side. For example, this is configured with:

	    <interface type='network'>
	      <source network='default'/>
	      <guest dev="eth1"/>
	    </interface>

	In this example the network card will appear as eth1 in the guest.

2014-07-18  Jiri Denemark  <jdenemar@redhat.com>

	spec: Consolidate with_qemu* definitions
	Decisions whether qemu driver and libvirt-daemon-{qemu,kvm} packages
	should be built on various OS/arch combinations were scattered around
	the spec file. Let's make it easier to see where qemu driver is going to
	be built.

2014-07-17  John Ferlan  <jferlan@redhat.com>

	storage: Disallow vol_wipe for sparse logical volumes
	https://bugzilla.redhat.com/show_bug.cgi?id=1091866

	Add a new boolean 'sparse'.  This will be used by the logical backend
	storage driver to determine whether the target volume is sparse or not
	(also known by a snapshot or thin logical volume). Although setting sparse
	to true at creation could be seen as duplicitous to setting during
	virStorageBackendLogicalMakeVol() in case there are ever other code paths
	between Create and FindLVs that need to know about the volume be sparse.

	Use the 'sparse' in a new virStorageBackendLogicalVolWipe() to decide whether
	to attempt to wipe the logical volume or not. For now, I have found no
	means to wipe the volume without writing to it. Writing to the sparse
	volume causes it to be filled. A sparse logical volume is not completely
	writeable as there exists metadata which if overwritten will cause the
	sparse lv to go INACTIVE which means pool-refresh will not find it.
	Access to whatever lvm uses to manage data blocks is not provided by
	any API I could find.

2014-07-17  John Ferlan  <jferlan@redhat.com>

	storage: Convert 'building' into a bool
	Rather than a unsigned int, use a 'bool' since that's how it was used.

2014-07-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix a comment about VSphere versions
	Update the VSphere version comment in esx_vi.c for ESX 5.1 and 5.5.

2014-07-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build by dropping redefined typedefs
	Commit 93e82727 introduced numatune_conf.h file that contains
	typedefs already defined in domain_conf.h, such as:

	 - virDomainNumatune
	 - virDomainNumatunePtr
	 - virDomainDef
	 - virDomainDefPtr

	As numatune_conf.h is included by domain_conf.h, clang
	complains about redefinition of typedef and the build fails.

	In order to fix it, drop typedefs already defined by numatume_conf.h
	from domain_conf.h.

2014-07-17  John Ferlan  <jferlan@redhat.com>

	virsh: Document bandwidth maximum more clearly
	Commit id '0e2d7305' modified the code to allow a negative value to be
	supplied for the bandwidth argument of the various block virsh commands
	and the migrate-setspeed; however, it failed to update the man page to
	describe the "feature" whereby a very large value could be interpreted
	by the hypervisor to mean maximum value allowed. Although initially
	designed to handle a -1 value, the reality is just about any negative
	value could be provided and essentially perform the same feature.

2014-07-17  John Ferlan  <jferlan@redhat.com>

	virsh vol-upload/download disallow negative offset
	https://bugzilla.redhat.com/show_bug.cgi?id=1087104

	Commit id 'c6212539' explicitly allowed a negative value to be used for
	offset and length as a shorthand for the largest value after commit id
	'f18c02ec' modified virStrToLong_ui() to essentially disallow a negative
	value.

	However, allowing a negative value for offset ONLY worked if the negative
	value was -1 since the eventual lseek() does allow a -1 to mean the end
	of the file.  Providing other negative values resulted in errors such as:

	$ virsh vol-download --pool default qcow3-vol2 /home/vm-images/raw \
	  --offset -2 --length -1000
	error: cannot download from volume qcow3-vol2
	error: Unable to seek /home/vm-images/qcow3-vol2 to 18446744073709551614: Invalid argument

	$

	Thus, it seems unreasonable to expect or allow a negative value for offset
	since the only benefit is to lseek() to the end of the file and then only
	take advantage of how the OS would handle such a seek. For the purposes of
	upload or download of volume data, that seems to be a no-op.  Therefore,
	disallow a negative value for offset.

	Additionally, modify the man page for vol-upload and vol-download to provide
	more details regarding the valid values for both offset and length.

2014-07-17  Peter Krempa  <pkrempa@redhat.com>

	test: metadata: Improve test coverage
	Test also the TITLE and DESCRIPTION metadata types.

2014-07-17  Ján Tomko  <jtomko@redhat.com>

	Log an error when we fail to set the COW attribute
	Coverity complains about the return value of ioctl not being checked.

	Even though we carry on when this fails (just like qemu-img does),
	we can log an error.

2014-07-17  Peter Krempa  <pkrempa@redhat.com>

	storage: Split out volume wiping as separate backend function
	For non-local storage drivers we can't expect to use the "scrub" tool to
	wipe the volume. Split the code into a separate backend function so that
	we can add protocol specific code later.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1118710

2014-07-17  Peter Krempa  <pkrempa@redhat.com>

	storage: wipe: Move helper code into storage backend
	The next patch will move the storage volume wiping code into the
	individual backends. This patch splits out the common code to wipe a
	local volume into a separate backend helper so that the next patch is
	simpler.

2014-07-17  Eric Blake  <eblake@redhat.com>

	schema: put interleave at correct level
	The previous commit 09d4d26 put the interleave at the wrong point;
	it didn't allow interleaving with <memory>.

	* docs/schema/domaincommon.rng (numatune): Fix interleave location.
	* tests/qemuxml2argvdata/qemuxml2argv-numatune-memnode.xml: Adjust test.

2014-07-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix a bug in the XML code for storage pools
	For ESX, the code that builds XML descriptions for attached storage pools was
	not setting the host count to anything when it returned a host name.

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	schema: add interleave inside numatune

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: leave restricting cpuset.mems after initialization
	When domain is started with numatune memory mode strict and the
	nodeset does not include host NUMA node with DMA and DMA32 zones, KVM
	initialization fails.  This is because cgroup restrict even kernel
	allocations.  We are already doing numa_set_membind() which does the
	same thing, only it does not restrict kernel allocations.

	This patch leaves the userspace numa_set_membind() in place and moves
	the cpuset.mems setting after the point where monitor comes up, but
	before vcpu and emulator sub-groups are created.

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: split out cpuset.mems setting

	qemu: pass numa node binding preferences to qemu
	Currently, we only bind the whole QEMU domain to memory nodes
	specified in nodemask altogether.  That, however, doesn't make much
	sense when one wants to control from where the memory for particular
	guest nodes should be allocated.  QEMU allows us to do that by
	specifying 'host-nodes' parameter for the 'memory-backend-ram' object,
	so let's use that.

	qemu: enable disjoint numa cpu ranges

	qemu: newer -numa parameter capability probing
	When qemu switched to using OptsVisitor for -numa parameter, it did
	two things in the same patch.  One of them is that the numa parameter
	is now visible in "query-command-line-options", the second one is that
	it enabled using disjoint cpu ranges for -numa specification.  This
	will be used in later patch.

	qemu: memory-backend-ram capability probing
	The numa patch series in qemu adds "memory-backend-ram" object type by
	which we can tell whether we can use such objects.

	qemu: allow qmp probing for cmdline options without params
	That can be lately achieved with by having .param == NULL in the
	virQEMUCapsCommandLineProps struct.

	numatune: add support for per-node memory bindings in private APIs

	conf, schema: add support for memnode elements

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	numatune: Encapsulate numatune configuration in order to unify results
	There were numerous places where numatune configuration (and thus
	domain config as well) was changed in different ways.  On some
	places this even resulted in persistent domain definition not to be
	stable (it would change with daemon's restart).

	In order to uniformly change how numatune config is dealt with, all
	the internals are now accessible directly only in numatune_conf.c and
	outside this file accessors must be used.

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	numatune: unify numatune struct and enum names
	Since there was already public virDomainNumatune*, I changed the
	private virNumaTune to match the same, so all the uses are unified and
	public API is kept:

	s/vir\(Domain\)\?Numa[tT]une/virDomainNumatune/g

	then shrunk long lines, and mainly functions, that were created after
	that:

	sed -i 's/virDomainNumatuneMemPlacementMode/virDomainNumatunePlacement/g'

	And to cope with the enum name, I haad to change the constants as
	well:

	s/VIR_NUMA_TUNE_MEM_PLACEMENT_MODE/VIR_DOMAIN_NUMATUNE_PLACEMENT/g

	Last thing I did was at least a little shortening of already long
	name:

	s/virDomainNumatuneDef/virDomainNumatune/g

2014-07-16  Martin Kletzander  <mkletzan@redhat.com>

	numatune: create new module for numatune
	There are many places with numatune-related code that should be put
	into special numatune_conf and this patch creates a basis for that.

	conf, schema: add 'id' field for cells
	In XML format, by definition, order of fields should not matter, so
	order of parsing the elements doesn't affect the end result.  When
	specifying guest NUMA cells, we depend only on the order of the 'cell'
	elements.  With this patch all older domain XMLs are parsed as before,
	but with the 'id' attribute they are parsed and formatted according to
	that field.  This will be useful when we have tuning settings for
	particular guest NUMA node.

	conf: purely a code movement
	to ease the review of commits to follow.

	qemu: remove useless error check
	Excerpt from the virCommandAddArgBuffer() description: "Correctly
	transfers memory errors or contents from buf to cmd."

	qemu: purely a code movement
	to ease the review of commits to follow.

2014-07-16  Michele Paolino  <m.paolino@virtualopensystems.com>

	support for QEMU vhost-user
	This patch adds support for the QEMU vhost-user feature to libvirt.
	vhost-user enables the communication between a QEMU virtual machine
	and other userspace process using the Virtio transport protocol.
	It uses a char dev (e.g. Unix socket) for the control plane,
	while the data plane based on shared memory.

	The XML looks like:

	<interface type='vhostuser'>
	    <mac address='52:54:00:3b:83:1a'/>
	    <source type='unix' path='/tmp/vhost.sock' mode='server'/>
	    <model type='virtio'/>
	</interface>

2014-07-16  Eric Blake  <eblake@redhat.com>

	blockjob: wait for pivot to complete
	https://bugzilla.redhat.com/show_bug.cgi?id=1119173 documents that
	commit eaba79d was flawed in the implementation of the
	VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC flag when it comes to completing
	a blockcopy.  Basically, the qemu pivot action is async (the QMP
	command returns immediately, but the user must wait for the
	BLOCK_JOB_COMPLETE event to know that all I/O related to the job
	has finally been flushed), but the libvirt command was documented
	as synchronous by default.  As active block commit will also be
	using this code, it is worth fixing now.

	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Don't skip wait
	loop after pivot.

2014-07-16  Eric Blake  <eblake@redhat.com>

	util: forbid freeing const pointers
	Now that we've finally fixed all the violators, it's time to
	enforce that any pointer to a const object is never freed (it
	is aliasing some other memory, where the non-const original
	should be freed instead).  Alas, the code still needs a normal
	vs. Coverity version, but at least we are still guaranteeing
	that the macro call evaluates its argument exactly once.

	I verified that we still get the following compiler warnings,
	which in turn halts the build thanks to -Werror on gcc (hmm,
	gcc 4.8.3's placement of the ^ for ?: type mismatch is a bit
	off, but that's not our problem):

	    int oops1 = 0;
	    VIR_FREE(oops1);
	    const char *oops2 = NULL;
	    VIR_FREE(oops2);
	    struct blah { int dummy; } oops3;
	    VIR_FREE(oops3);

	util/virauthconfig.c:159:35: error: pointer/integer type mismatch in conditional expression [-Werror]
	     VIR_FREE(oops1);
	                                   ^
	util/virauthconfig.c:161:5: error: passing argument 1 of 'virFree' discards 'const' qualifier from pointer target type [-Werror]
	     VIR_FREE(oops2);
	     ^
	In file included from util/virauthconfig.c:28:0:
	util/viralloc.h:79:6: note: expected 'void *' but argument is of type 'const void *'
	 void virFree(void *ptrptr) ATTRIBUTE_NONNULL(1);
	      ^
	util/virauthconfig.c:163:35: error: type mismatch in conditional expression
	     VIR_FREE(oops3);
	                                   ^

	* src/util/viralloc.h (VIR_FREE): No longer cast away const.
	* src/xenapi/xenapi_utils.c (xenSessionFree): Work around bogus
	header.

2014-07-16  Chunyan Liu  <cyliu@suse.com>

	add nocow test case
	Add file in storagevolxml2xmlin and storagevolxml2xmlout, let
	storagevolxml2xmltest and storagevolschematest cover 'nocow'.
	Add test case to storagevolxml2argvtest to cover 'nocow'.

2014-07-16  Chunyan Liu  <cyliu@suse.com>

	storagevol: add nocow to vol xml
	Add 'nocow' to storage volume xml so that user can have an option
	to set NOCOW flag to the newly created volume. It's useful on btrfs
	file system to enhance performance.

	Btrfs has low performance when hosting VM images, even more when the guest
	in those VM are also using btrfs as file system. One way to mitigate this
	bad performance is to turn off COW attributes on VM files. Generally, there
	are two ways to turn off COW on btrfs: a) by mounting fs with nodatacow,
	then all newly created files will be NOCOW. b) per file. Add the NOCOW file
	attribute. It could only be done to empty or new files.

	This patch tries the second way, according to 'nocow' option, it could set
	NOCOW flag per file:
	for raw file images, handle 'nocow' in libvirt code; for non-raw file images,
	pass 'nocow=on' option to qemu-img, and let qemu-img to handle that (requires
	qemu-img version >= 2.1).

2014-07-16  Michal Privoznik  <mprivozn@redhat.com>

	Fix const correctness
	In many places we define a variable as a 'const char *' when in fact
	we modify it just a few lines below. Or even free it. We should not do
	that.

	There's one exception though, in xenSessionFree() xenapi_utils.c. We
	are freeing the xen_session structure which is defined in
	xen/api/xen_common.h public header. The structure contains session_id
	which is type of 'const char *' when in fact it should have been just
	'char *'. So I'm leaving this unmodified, just noticing the fact in
	comment.

2014-07-16  Peter Krempa  <pkrempa@redhat.com>

	storage: fs: Don't fail volume update if backing store isn't accessible
	When the backing store of a volume wasn't accessible while updating the
	volume definition the call would fail altogether. In cases where we
	currently (incorrectly) treat remote backing stores as local one this
	might lead to strange errors.

	Ignore the opening errors until we figure out how to track proper volume
	metadata.

2014-07-16  Peter Krempa  <pkrempa@redhat.com>

	storage: fs: Properly parse backing store info
	Use the backing store parser to properly create the information about a
	volume's backing store. Unfortunately as the storage driver isn't
	prepared to allow volumes backed by networked filesystems add a
	workaround that will avoid changing the XML output.

	storage: fs: Process backing store data in virStorageBackendProbeTarget
	Move the processing of the backend metadata directly to the helper
	instead of passing it through arguments to the function.

	storage: backend: fs: Touch up coding style
	virStorageBackendFileSystemRefresh() used "cleanup" label just for error
	exits and didn't meet libvirt's standard for braces in one case.

	storage: Track backing store of a volume in the target struct
	As we have a nested pointer for storing the backing store of a volume
	there's no need to store it in a separate struct.

	storage: backend: Fix formatting of function arguments

2014-07-16  Ján Tomko  <jtomko@redhat.com>

	Fix assignment of comparison against zero
	Assign the value we're comparing:
	(val = func()) < 0
	instead of assigning the comparison value:
	(val = func() < 0)

	Both were introduced along with the code,
	the TLS tests by commit bd789df in 0.9.4
	net events by commit de87691 in 1.2.2.

	Note that the event id type fix is a no-op:
	vshNetworkEventIdTypeFromString can only return
	-1 (failure) and the event is never used or
	0 (the only possible event) and the value of 0 < 0 is still 0.

2014-07-16  Ján Tomko  <jtomko@redhat.com>

	Fix error on fs pool build failure
	https://bugzilla.redhat.com/show_bug.cgi?id=1119592

	Introduced by commit 62927dd v0.7.6.

2014-07-16  Eric Blake  <eblake@redhat.com>

	spec: fix invalid syntax
	Commit 20e01504 broke 'make rpm':

	error: line 540: Unknown tag:     %elif 020 >= 12 || 0 >= 6

	Apparently, even though shell has elif so that you can do a chain
	of conditionals, the rpm spec file does not, and you have to nest
	things instead.

	* libvirt.spec.in: Convert %elif to proper nested %if.

2014-07-15  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Rework lxc apparmor profile
	Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default.
	This profile allows quite a lot, but strives to restrict access to
	dangerous resources.

	Removing the explicit authorizations to bash, systemd and cron files,
	forces them to keep the lxc profile for all applications inside the
	container. PUx permissions where leading to running systemd (and others
	tasks) unconfined.

	Put the generic files, network and capabilities restrictions directly
	in the TEMPLATE.lxc: this way, users can restrict them on a per
	container basis.

2014-07-15  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Implement interface stats for BSD

2014-07-15  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: virstatslinux: make more generic
	Rename linuxDomainInterfaceStats to virNetInterfaceStats in order
	to allow adding platform specific implementations without
	making consumer worrying about specific implementation to be used.

	Also, rename util/virstatslinux.c to util/virstats.c so placing
	other platform specific implementations into this file don't
	look unexpected from the file name.

2014-07-15  Chunyan Liu  <cyliu@suse.com>

	libxl: fix return value error Attach|DetachDeviceFlags
	Code logic in libxlDomainAttachDeviceFlags and libxlDomainDetachDeviceFlags
	is wrong with return value in error cases.

	'ret' was being set to 0 if 'flags & VIR_DOMAIN_DEVICE_MODIFY_CONFIG' was
	false. Then if something like virDomainDeviceDefParse() failed in the
	VIR_DOMAIN_DEVICE_MODIFY_LIVE logic, the error would be reported but the
	function would return success.

2014-07-15  Chunyan Liu  <cyliu@suse.com>

	libxl: support hotplug of <interface>
	Add code to support attach/detaching a network device.

	libxl: add HOSTDEV type in libxlDomainDetachDeviceConfig
	Missing HOSTDEV type in libxlDomainDetachDeviceConfig. Add it.

2014-07-15  Jiri Denemark  <jdenemar@redhat.com>

	spec: Update polkit dependencies for CVE-2013-4311
	Use secured polkit on distros which provide it. However, RHEL-6 will
	still allow for older polkit-0.93 rather than forcing polkit-0.96-5
	which is not available in all RHEL-6 releases.

2014-07-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Initialize correct source structure
	4cc1f1a01fb338de939ba88eb933931687b22336 introduced a crash when doing a
	block copy as virStorageSourceInitChainElement was called on
	"disk->mirror" that is still NULL at that point instead of "mirror"
	which temporarily holds the mirror source struct until it's fully
	initialized. This resulted into a crash as a NULL was dereferenced.

	Reported by: Shanzi Yu <shyu@redhat.com>

2014-07-14  John Ferlan  <jferlan@redhat.com>

	GetBlockInfo: Use the correct path to qemuOpenFile
	Commit id '3ea661de' refactored the code to use the 'disk->src->path'
	instead of getting the path from virDomainDiskGetSource().  The one
	call to qemuOpenFile() didn't use the disk source path, rather it used
	the path as passed from the caller (in this case 'vda') - this caused
	a failure with the virt-test/tp-libvirt as follows:

	$ virsh domblkinfo virt-tests-vm1 vda
	error: cannot stat file '/home/virt-test/shared/data/images/jeos-20-64.qcow2': Bad file descriptor

	$

2014-07-14  Eric Blake  <eblake@redhat.com>

	capabilities: use bool instead of int
	While preparing to add a capability for active commit, I noticed
	that the existing code was abusing int for boolean values.

	* src/conf/capabilities.h (_virCapsGuestFeature, _virCapsHost)
	(virCapabilitiesNew, virCapabilitiesAddGuestFeature): Improve
	types.
	* src/conf/capabilities.c (virCapabilitiesNew)
	(virCapabilitiesAddGuestFeature): Adjust signature.
	* src/bhyve/bhyve_capabilities.c (virBhyveCapsBuild): Update
	clients.
	* src/esx/esx_driver.c (esxCapsInit): Likewise.
	* src/libxl/libxl_conf.c (libxlMakeCapabilities): Likewise.
	* src/lxc/lxc_conf.c (virLXCDriverCapsInit): Likewise.
	* src/openvz/openvz_conf.c (openvzCapsInit): Likewise.
	* src/parallels/parallels_driver.c (parallelsBuildCapabilities):
	Likewise.
	* src/phyp/phyp_driver.c (phypCapsInit): Likewise.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInit)
	(virQEMUCapsInitGuestFromBinary): Likewise.
	* src/security/virt-aa-helper.c (get_definition): Likewise.
	* src/test/test_driver.c (testBuildCapabilities): Likewise.
	* src/uml/uml_conf.c (umlCapsInit): Likewise.
	* src/vbox/vbox_tmpl.c (vboxCapsInit): Likewise.
	* src/vmware/vmware_conf.c (vmwareCapsInit): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorBuildCapabilities):
	Likewise.
	* src/xenapi/xenapi_driver.c (getCapsObject): Likewise.
	* tests/qemucaps2xmltest.c (testGetCaps): Likewise.
	* tests/testutils.c (virTestGenericCapsInit): Likewise.
	* tests/testutilslxc.c (testLXCCapsInit): Likewise.
	* tests/testutilsqemu.c (testQemuCapsInit): Likewise.
	* tests/testutilsxen.c (testXenCapsInit): Likewise.
	* tests/vircaps2xmltest.c (buildVirCapabilities): Likewise.
	* tests/vircapstest.c (buildNUMATopology): Likewise.
	* tests/vmx2xmltest.c (testCapsInit): Likewise.
	* tests/xml2vmxtest.c (testCapsInit): Likewise.

2014-07-14  Eric Blake  <eblake@redhat.com>

	docs: mention more about older capability feature bits
	Our documentation for features was rather sparse; this fleshes out
	more of the details for other existing capabilities (and cost me
	some time trawling git history).

	* docs/formatcaps.html.in: Document it feature bits.

2014-07-14  Chunhe Li  <lichunhe@huawei.com>

	openvswitch: Delete port if it exists while adding a new one
	If the openvswitch service is stopped, and is followed by destroying a
	VM, the openvswitch bridge translates into a state where it doesn't
	recover the port configuration. While it successfully fetches data
	from the internal DB, since the corresponding virtual interface does
	not exists anymore the whole recovery process fails leaving restarted
	VM with inability to connect to the bridge. The following set of
	commands will trigger the problem:

	virsh start vm
	service openvswitch-switch stop
	virsh destroy vm
	service openvswitch-switch start
	virsh start vm

2014-07-14  John Ferlan  <jferlan@redhat.com>

	virseclabel: Resolve Coverity FORWARD_NULL issue
	Resolve issue introduced by commit id '13adf1b'

2014-07-14  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityLabelDefParseXML: Rework
	Instead of allocating the virSecurityLabelDef structure ourselves, we
	can utilize virSecurityLabelDefNew which even sets the default values
	for us.

2014-07-14  Michal Privoznik  <mprivozn@redhat.com>

	conf: Always format seclabel's model
	https://bugzilla.redhat.com/show_bug.cgi?id=1113860

	We've always done that. Well, until 990e46c45. Point is, if we don't
	format model, we may lose a domain on libvirtd restart. If the
	seclabel is implicit however, we should skip it's formatting.

2014-07-14  Peter Krempa  <pkrempa@redhat.com>

	doc: Be more specific about semantics of _REUSE_EXT flag
	Snapshots and block-copy have a flag that forces qemu to re-use existing
	file. Our docs weren't exactly clear on what the existing file should
	contain for this to actually work.

	Re-word the docs a bit to state that the file needs to be pre-created in
	the desired format and the backing chain metadata needs to be set prior
	to handing it over to qemu.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1084360

2014-07-14  Peter Krempa  <pkrempa@redhat.com>

	doc: Document that snapshot name of block-backed disk isn't autogenerated
	Libvirt generates external snapshot target file names for file backed
	storage but not for block backed storage. Document the limitation.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1032363

2014-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Fix possible NULL dereference in virStorageVolTargetDefFormat
	Commit dae1568c6c6455091e8cd9bc2e90a22af3d3880c converted the perms
	member of the virStorageVolTarget struct into a pointer to make it
	optional. But virStorageVolTargetDefFormat did not check perms for
	NULL before dereferencing it.

2014-07-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	aa-helper: adjust previous patch
	Don't fail when there is nothing to do, as a tweak to the previous
	patch regarding output of libvirt-UUID.files for LXC apparmor profiles

	Don't output libvirt-UUID.files for LXC apparmor profiles

2014-07-11  Ian Campbell  <Ian.Campbell@citrix.com>

	libxl: Correct cast to virDomainDiskDiscard enum.
	This was converted to a typedef in 5a2bd4c9171d "conf: more enum
	cleanups in "src/conf/domain_conf.h"" causing:
	    libxl/libxl_conf.c: In function 'libxlDiskSetDiscard':
	    libxl/libxl_conf.c:724:19: error: conversion to incomplete type

2014-07-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: add support for --config in setmem command
	In lxc, we could not use setmem command
	with --config options.
	This patch will add support for this.

2014-07-11  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't allow multiple seclabels for same model
	https://bugzilla.redhat.com/show_bug.cgi?id=1066894

	With current code it's possible to have for instance:

	virsh dumpxml mydomain | grep seclabel
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>
	  <seclabel type='dynamic' model='selinux' relabel='yes'/>

	what doesn't make any sense. We should reject the XML in the config
	parsing phase.

2014-07-11  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityDeviceLabelDef: substitute 'norelabel' with 'relabel'
	Similarly to the previous commit, boolean variables should not start
	with 'no-' prefix.

	virSecurityLabelDef: substitute 'norelabel' with 'relabel'
	This negation in names of boolean variables is driving me insane. The
	code is much more readable if we drop the 'no-' prefix. Well, at least
	for me.

2014-07-11  Peter Krempa  <pkrempa@redhat.com>

	storage: Split out volume upload/download as separate backend function
	For non-local storage drivers we can't expect to use the FDStream
	backend for up/downloading volumes. Split the code into a separate
	backend function so that we can add protocol specific code later.

2014-07-10  Ján Tomko  <jtomko@redhat.com>

	check for cfg->spiceTLS earlier in qemuProcessSPICEAllocatePorts
	This saves a few lines of code and catches the error when:
	<spice autoport ='yes' defaultMode='any' ..>
	  <channel name='main' mode='secure'/>
	</spice>
	is specified with spice_tls = 0 in qemu.conf.

	Instead of this error in qemuBuildGraphicsSPICECommandLine:
	error: unsupported configuration: spice secure channels set in XML
	configuration, but TLS port is not provided

	an error is reported in qemuProcessSPICEAllocatePorts:
	error: unsupported configuration: Auto allocation of spice TLS port
	requested but spice TLS is disabled in qemu.conf

	Inspired by:
	https://www.redhat.com/archives/libvir-list/2014-June/msg01408.html

2014-07-10  Eric Blake  <eblake@redhat.com>

	build: package .pc files for mingw64
	Commit 65d8c92a fixed the mingw spec file for 32-bit builds,
	but forgot to make the adjustment for 64-bit builds:

	Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/eblake/rpmbuild/BUILDROOT/mingw-libvirt-1.2.7-1.fc20.eblake1404944503.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig/libvirt-lxc.pc
	   /usr/x86_64-w64-mingw32/sys-root/mingw/lib/pkgconfig/libvirt-qemu.pc

	* mingw-libvirt.spec.in (%files): List missing .pc files.

2014-07-10  Eric Blake  <eblake@redhat.com>

	build: fix gnulib build for mingw
	Pavel flagged a build regression under mingw, and traced it to a
	recent flaw in gnulib for working around nl_langinfo. This picks
	up the fix.

	* gnulib: Update to latest, for mingw build fixes.

2014-07-09  Olaf Hering  <olaf@aepfle.de>

	libxl: add discard support to libxl_device_disk
	Translate libvirt discard settings into libxl-4.5 discard settings.

2014-07-09  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't error out when cgroups don't exist
	When creating cgroups for vcpu and emulator threads whilst starting a
	domain, we explicitly skip creating those cgroups in case priv->cgroup
	is NULL (cgroups not supported) because SetAffinity() serves the same
	purpose.  If the host supports only some cgroups (the ones we need are
	either unmounted or disabled in qemu.conf), we error out with weird
	message even though we could continue starting the domain.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1097028

2014-07-09  Martin Kletzander  <mkletzan@redhat.com>

	virsh: document the possibility of accepting integers for numatune mode
	According to the code, 'virsh numatune' supports integers for
	specifying --mode as well as the string definitions "strict",
	"interleave", and "preferred".  However, this possibility was not
	documented anywhere, so this patch adds it to both the man page and
	command help.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1085706

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix build after 25924dec0f9329d429aadae14e273602307e2214
	The commit referenced above changed function arguments of
	virStorageFileGetMetadataFromBuf() but didn't tweak the
	ATTRIBUTE_NONNULL tied to them. This was caught by coverity as it
	actually obeys them. We disabled them for GCC and thus it didn't show
	up.

	Additionally in commit 3ea661deeabadc3c114dfb6f662b9fd17d714a01 I passed
	NULL to the backingFormat argument which was also marked as nonnull. Use
	a dummy int's address when the argument isn't supplied so that the code
	doesn't need to change much.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	conf: Improve metadata type verification
	Split out checking of invalid metadata type from the switch statement so
	that we can use the typecasted enum value to allow tracking addition of
	new items by the compliler.

	Also avoids two dead-code break statements.

2014-07-09  Jincheng Miao  <jmiao@redhat.com>

	qemu: fix domxml-to-native failing when spice_tls is not enabled
	The default graphics channel mode is 'any', so as to defaultMode attribute.
	If defaultMode and channel mode are all the default value 'any',
	qemuConnectDomainXMLToNative will set TLSPort.
	But in qemuBuildGraphicsSPICECommandLine, if spice_tls is not enabled, libvirtd
	will report an error to tell the user that spice TLS is disabled in qemu.conf.

	So qemuConnectDomainXMLToNative should check spice_tls is enabled,
	then decide to allocate an tlsPort number to this graphics.

	If user specified defaultMode is 'secure', qemuConnectDomainXMLToNative
	could allocate tlsPort, and then let qemuBuildGraphicsSPICECommandLine reports
	the spice_tls disabled error.

	The related bug is:
	https://bugzilla.redhat.com/show_bug.cgi?id=1113868

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Refactor image labelling of new snapshot files
	Now that cgroups/security driver/locking driver support labelling of
	individual images and tolerate network storage we don't have to refrain
	from passing all image files to it. This allows removing the checking
	code as we already make sure that the snapshot function won't be called
	with unsupported options.

	qemu: Refactor qemuDomainPrepareDiskChainElement
	Now that security, cgroup and locking APIs support working on individual
	images and we track the backing chain security info on a per-image basis
	we can finally kill swapping the disk source in virDomainDiskDef and use
	the virStorageSource directly.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Improve approach to deal with snapshot metadata
	Until now we were changing information about the disk source via
	multiple steps of copying data. Now that we changed to a pointer to
	store the disk source we might use it to change the approach to track
	the data.

	Additionally this will allow proper tracking of the backing chain.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: block: Properly track disk source while pivoting to new image
	When pivoting to a new disk source after a block commit (and possibly
	after a soon-to-be-added active block commit) we changed just a few
	fields to the new target. In case we'd copy a network disk to a local
	file we'd not change the type properly.

	To avoid such problems, switch to tracking of the source via changing of
	the complete source struct to the one tracking the mirroring info.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Use the mirror disk source to label the files
	Use the source struct and the corresponding function so that we can
	avoid using the path separately. Now that
	qemuDomainPrepareDiskChainElementPath isn't use anywhere, we can safely
	remove it.

	Additionally, the removal fixes a misaligned comment as the removed
	function was added under a comment for a different function.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Return complete parent info from virStorageFileChainLookup
	Instead of just returning the parent path, return the complete parent
	source structure.

	util: storage: Make virStorageFileChainLookup more network storage aware
	Add a few checks and avoid resolving relative links on networked
	storage.

	security: AppArmor: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: AppArmor: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: DAC: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: DAC: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: selinux: Implement per-image seclabel set
	Refactor the code and reuse it to implement the functionality.

	security: selinux: Implement per-image seclabel restore
	Refactor the existing code to allow re-using it for the per-image label
	restore too.

	security: Introduce APIs to label single images
	Add security driver functions to label separate storage images using the
	virStorageSource definition. This will help to avoid the need to do ugly
	changes to the disk struct and use the source directly.

	locking: Add APIs to lock individual image files
	Add helper APIs to manage individual image files rather than disks. To
	simplify the addition some parts of the code were refactored in this
	patch.

	qemu: cgroup: Setup only the top level disk image for read-write access
	Only the top level gets writes, so the rest of the backing chain
	requires only read-only access.

	qemu: cgroup: Add functions to set cgroup image stuff on individual imgs
	Add functions that will allow to set all the required cgroup stuff on
	individual images taking a virStorageSourcePtr. Also convert functions
	designed to setup whole backing chain to take advantage of the change.

2014-07-09  Michal Privoznik  <mprivozn@redhat.com>

	virEventPollDispatchHandles: Honour array boundaries
	When dispatching events from the event loop, the array of registered
	handles is searched to see what handles happened an event on. However,
	the array is searched in weird way: the check for the array boundaries
	is at the end, so we may touch the elements after the end of the
	array:

	==10434== Invalid read of size 4
	==10434==    at 0x52D06B6: virEventPollDispatchHandles (vireventpoll.c:486)
	==10434==    by 0x52D10E4: virEventPollRunOnce (vireventpoll.c:660)
	==10434==    by 0x52CF207: virEventRunDefaultImpl (virevent.c:308)
	==10434==    by 0x1639D1: virNetServerRun (virnetserver.c:1139)
	==10434==    by 0x1220DC: main (libvirtd.c:1507)
	==10434==  Address 0xc11ff04 is 4 bytes after a block of size 960 alloc'd
	==10434==    at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==10434==    by 0x52AD378: virReallocN (viralloc.c:245)
	==10434==    by 0x52AD46E: virExpandN (viralloc.c:294)
	==10434==    by 0x52AD5B1: virResizeN (viralloc.c:352)
	==10434==    by 0x52CF2EC: virEventPollAddHandle (vireventpoll.c:116)
	==10434==    by 0x52CEF5B: virEventAddHandle (virevent.c:78)
	==10434==    by 0x11F69A90: nodeStateInitialize (node_device_udev.c:1797)
	==10434==    by 0x53C3C89: virStateInitialize (libvirt.c:743)
	==10434==    by 0x120563: daemonRunStateInit (libvirtd.c:919)
	==10434==    by 0x5317719: virThreadHelper (virthread.c:197)
	==10434==    by 0x8376F39: start_thread (in /lib64/libpthread-2.17.so)
	==10434==    by 0x8A7F9FC: clone (in /lib64/libc-2.17.so)

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: XML: Avoid forward function declaration
	Recursive functions apparently don't need them, but I originally thought
	they do.

2014-07-09  Peter Krempa  <pkrempa@redhat.com>

	util: cgroup: Fix build on non-cgroup platforms
	Commit a48f44510098cead629ede9a49ea4e840a28ccca introduced a helper
	function to convert cgroup device mode to string. The function was only
	conditionally compiled on platforms that support cgroup. This broke the
	build when attempting to export the symbol:

	  CCLD     libvirt.la
	  Cannot export virCgroupGetDevicePermsString: symbol not defined

	Move the function out of the ifdef, as it doesn't really depend on the
	cgroup code being present.

2014-07-09  Ján Tomko  <jtomko@redhat.com>

	Allow updating names in DHCP hosts by matching IPs.
	Also fix the error message if an IPv6 host with no MAC
	is not found.

	https://bugzilla.redhat.com/show_bug.cgi?id=991290

2014-07-09  Ján Tomko  <jtomko@redhat.com>

	Document the need to free vir*Ptr objects per-function
	Another patch for
	https://bugzilla.redhat.com/show_bug.cgi?id=994731

	Document the need to free vir*Ptr objects
	https://bugzilla.redhat.com/show_bug.cgi?id=994731

	Actually fix the spec file
	There was a '%' missing before the last {rhel}.
	Tested on RHEL-7 this time.

2014-07-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix crash in migrate confirm for transient domains
	In libxlDomainMigrationConfirm(), a transient domain is removed
	from the domain list after successful migration.  Later in cleanup,
	the domain object is unlocked, resulting in a crash

	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7fb4208ed700 (LWP 12044)]
	0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
	  parent=0x7fb42830d0c0) at util/virobject.c:169
	169	        if (klass->magic == parent->magic)
	(gdb) bt
	0  0x00007fb4267251e6 in virClassIsDerivedFrom (klass=0xdeadbeef,
	  parent=0x7fb42830d0c0) at util/virobject.c:169
	1  0x00007fb42672591b in virObjectIsClass (anyobj=0x7fb4100082b0,
	  klass=0x7fb42830d0c0) at util/virobject.c:365
	2  0x00007fb42672583c in virObjectUnlock (anyobj=0x7fb4100082b0)
	  at util/virobject.c:338
	3  0x00007fb41a8c7d7a in libxlDomainMigrationConfirm (driver=0x7fb4100404c0,
	  vm=0x7fb4100082b0, flags=1, cancelled=0) at libxl/libxl_migration.c:583

	Fix by setting the virDomainObjPtr to NULL after removing it from
	the domain list.

2014-07-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: acquire job though begin phase only
	During migration, the libxl driver starts a modify job in the
	begin phase, ending the job in the confirm phase.  This is
	essentially VIR_MIGRATE_CHANGE_PROTECTION semantics, but the
	driver does not support that flag.  Without CHANGE_PROTECTION
	support, the job would never be terminated in error conditions
	where migrate confirm phase is not executed.  Further attempts
	to modify the domain would result in failure to acquire a job
	after LIBXL_JOB_WAIT_TIME.

	Similar to the qemu driver, end the job in the begin phase.
	Protecting the domain object across all phases of migration can
	be done in a future patch adding CHANGE_PROTECTION support.

2014-07-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove domain when migration prepare fails
	In libxlDomainMigrationPrepare(), a new virDomainObj is created
	from the incoming domain def and added to the driver's domain
	list, but never removed if there are subsequent failures during
	the prepare phase.

	targethost# virsh list --all

	sourcehost# virsh migrate --live dom xen+ssh://targethost/system
	   error: operation failed: Fail to create socket for incoming migration.

	targethost# virsh list --all
	error: Failed to list domains
	error: name in virGetDomain must not be NULL

	After adding code to remove the domain on prepare failure, noticed
	that libvirtd crashed due to double free of the virDomainDef.  Similar
	to the qemu driver, pass a pointer to virDomainDefPtr so it can be set
	to NULL once a virDomainObj is created from it.

2014-07-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: rename goto label
	In libxlDomainMigrationPrepare(), the cleanup label handles error
	conditions and should be renamed as such for clarity.

2014-07-08  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: fix an improper comments for lxcDomainDestroyFlags
	Currently @flag is not used yet.

2014-07-08  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an eror when using aio=native without cache=none
	Qemu will fallback to aio=threads when the cache mode doesn't use
	O_DIRECT, even if aio=native was explictly set.

	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1086704

2014-07-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	When run under an environment that inherits an ignored SIGPIPE
	(hello, annoying buildbots), a syntax-check was producing quite
	a bit of noise, such as:

	> prohibit_argmatch_without_use
	> grep: write error
	> grep: write error
	> /bin/sed: couldn't write 25 items to stdout: Broken pipe
	> sed: couldn't write 1 item to stdout: Broken pipe
	> 0.46 prohibit_argmatch_without_use

	This has been fixed upstream in gnulib.  There are several other
	portability improvements in our regular submodule update.

	* .gnulib: Update to latest, in part for quieter syntax-check.

2014-07-08  Martin Kletzander  <mkletzan@redhat.com>

	properly indent virSecurityLabelDefsParseXML() parameters

2014-07-08  Ján Tomko  <jtomko@redhat.com>

	Fix the indentation in libvirt.spec.in
	Over 66% of my last commit 66e7061 was not indented properly.

2014-07-08  Ján Tomko  <jtomko@redhat.com>

	Don't require iptables-ipv6 on >= F17 and RHEL >= 7
	We only need ip6tables, which is now a part of the iptables package:
	http://pkgs.fedoraproject.org/cgit/iptables.git/commit/?h=1392835

	This needlessly pulls in iptables-services:
	https://bugzilla.redhat.com/show_bug.cgi?id=1101510
	which can conflict with firewalld:
	https://bugzilla.redhat.com/show_bug.cgi?id=1101484

2014-07-08  Peter Krempa  <pkrempa@redhat.com>

	util: cgroup: Add helper to convert device mode to string
	Cgroups code uses VIR_CGROUP_DEVICE_* flags to specify the mode but in
	the end it needs to be converted to a string. Add a helper to do it and
	use it in the cgroup code before introducing it into the rest of the
	code.

	util: storage: Copy parent's disk metadata to backing chain elements
	When discovering a disk backing chain the parent disk's metadata need to
	be populated into the guest images so that each piece of the backing
	chain contains a copy of those. This will allow us to refactor the
	security driver so that it will not need to carry around the original
	disk definition.

	util: storage: Add function to transfer config parts to new chain element
	We are going to modify storage source chains in place. Add a helper that
	will copy relevant information such as security labels to the new
	element if that doesn't contain it.

	util: storagefile: Add deep copy for struct virStorageSource
	Now that we have pointers to store disk source information and thus can
	easily exchange the structs behind we need a function to copy all the
	data.

	storage: Move readonly and shared flags to disk source from disk def
	In the future we might need to track state of individual images. Move
	the readonly and shared flags to the virStorageSource struct so that we
	can keep them in a per-image basis.

	conf: Don't output seclabels for backingStore elements
	Some of the further changes will propagate seclabels from a disk source
	element into the backing store elements. This would change the XML
	output of the backing store as the seclabels would be formatted for each
	backing store element. Skip the seclabels formatting until we decide
	that it's necessary.

	storage: file: Tolerate NULL src when uninitializing the backend
	Allow de-init of null storage sources.

	qemu: Add helper to initialize storage file backend with correct uid/gid
	Add a wrapper that determines the correct uid and gid for a certain
	storage file and domain.

	qemu: Don't propagate whole disk definition into qemuDomainGetImageIds
	It will help re-using the function.

	qemu: Add support for networked disks for block pull/block rebase
	Now that we are able to select images from the backing chain via indexed
	access we should also convert possible network sources to
	qemu-compatible strings before passing them to qemu.

	qemu: Add support for networked disks for block commit
	Now that we are able to select images from the backing chain via indexed
	access we should also convert possible network sources to
	qemu-compatible strings before passing them to qemu.

	lib: Introduce flag VIR_DOMAIN_BLOCK_REBASE_RELATIVE
	Introduce flag for the block rebase API to allow the rebase operation to
	leave the chain relatively addressed. Also adds a virsh switch to enable
	this behavior.

	lib: Introduce flag VIR_DOMAIN_BLOCK_COMMIT_RELATIVE
	Introduce flag for the block commit API to allow the commit operation to
	leave the chain relatively addressed. Also adds a virsh switch to enable
	this behavior.

2014-07-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: refactor qemuDomainGetBlockInfo to work with remote storage
	The qemu block info function relied on working with local storage. Break
	this assumption by adding support for remote volumes. Unfortunately we
	still need to take a hybrid approach as some of the operations require a
	filedescriptor.

	Previously you'd get:
	 $ virsh domblkinfo gl vda
	 error: cannot stat file '/img10': Bad file descriptor

	Now you get some stats:
	 $ virsh domblkinfo gl vda
	 Capacity:       10485760
	 Allocation:     197120
	 Physical:       197120

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1110198

2014-07-08  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Optimize header reader functions
	The gluster code had two functions for reading volume headers, remove
	one and reuse the second one.

	util: storage: Allow specifying format for virStorageFileGetMetadataFromBuf
	To allow reusing this function in the qemu driver we need to allow
	specifying the storage format. Also separate return of the backing store
	path now isn't necessary.

	util: storage: Inline use of virStorageFileGetMetadataFromFDInternal
	There was just one callsite left. Integrate the body to the only calling
	function.

2014-07-08  Pavel Hrdina  <phrdina@redhat.com>

	tools/wireshark: fix rpm build
	There is a missing include of $(top_srcdir)/include to handle
	"libvirt/libvirt.h" header file.

2014-07-07  Hu Jianwei  <jiahu@redhat.com>

	Do not allow changing the UUID of a nwfilter
	https://bugzilla.redhat.com/show_bug.cgi?id=1077009

2014-07-07  Ján Tomko  <jtomko@redhat.com>

	LXC: Allow setting max mem lower than current mem
	For inactive domains, set both current and maximum memory
	to the specified 'maximum memory' value.

	This matches the behavior of QEMU driver's SetMaxMemory.

	https://bugzilla.redhat.com/show_bug.cgi?id=1091132

2014-07-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Use inactive XML when unplugging interface with --config
	Similary to cmdDetachDisk fetch the inactive definition when --config
	is specified as the active may not contain the network interface
	if it was plugged with --config.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056902

2014-07-07  Peter Krempa  <pkrempa@redhat.com>

	audit: Audit smartcard devices

	audit: Add auditing for serial/parallel/channel/console character devs
	Add startup auditing and also hotplug auditing for said devices.

2014-07-07  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virt-lxc-convert: make free return values in bytes
	Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while
	free may give us values in a different unit by default: force free to output
	bytes with -b flag.

2014-07-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: dump: Report better error when dumping VM with passthrough devices
	For the regular dump operation we migrate the VM to a file. This won't
	work when the VM has passthrough devices assigned. Rather than reporting
	a cryptic error from qemu run our check whether it can be migrated.

	This does not influence the memory-only dump that is allowed with
	passthrough devices.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=874418

2014-07-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: remove duplicate controller check code
	We invoked virCgroupHasController twice for checking
	VIR_CGROUP_CONTROLLER_DEVICES
	in lxcDomainAttachDeviceDiskLive.

2014-07-07  Ján Tomko  <jtomko@redhat.com>

	Free the return value of virFileFindResource
	Commits e18a80a and 57e5c3c switched from a getenv wrapper which
	does not allocate a string to virFileFindResource which does not,
	without freeing it.

	https://bugzilla.redhat.com/show_bug.cgi?id=1116427

2014-07-04  Michele Paolino  <m.paolino@virtualopensystems.com>

	docs: formatdomain.html fixes
	Fixed some XML tags in the formatdomain page.

	docs: Fix broken link in the HACKING page
	The link to the page "how to get your code into an open source
	project" has been fixed.

2014-07-04  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Honor API change coming with 1.12 release
	https://bugs.gentoo.org/show_bug.cgi?id=508336

	At wireshark, they have this promise to change public dissector APIs
	only with minor version number change. Which they did when releasing
	the version of 1.12.

	Firstly, they've changed tvb_memdup() in
	a0c53ffaa1bb46d8c9db2ec739401aa411c9790e so now it takes four arguments
	instead of three. The new argument is placed at the very beginning of
	the list of arguments and basically says the scope where we'd like to
	allocate the memory. According to the documentation NULL should be the
	default value.

	Then, the tcp_dissect_pdus() signature changed too. Well, the function
	that actually dissects reassembled packets as tcp_dissect_pdus()
	reorder TCP packets into one big chunk and then calls a user function
	to dissect the PDU at once. The change is dated back to
	8081cf1d90397cbbb4404f9720595e1537ed5e14.

	Then, WS_DLL_PUBLIC_NOEXTERN was replaced with WS_DLL_PUBLIC_DEF in
	5d87a8c46171f572568db5a47c093423482e342f.

2014-07-04  Michal Privoznik  <mprivozn@redhat.com>

	wireshark: Include more of libvirt internals
	The rationale is to not duplicate code which is done in
	packet-libvirt.h for instance. Moreover, this way we can drop
	__attribute_((unused)) used int packet-libvirt.c in favor of
	ATTRIBUTE_UNUSED.

2014-07-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add support for backing name specification for block-stream
	To allow changing the name that is recorded in the top of the current
	image chain used in a block pull/rebase operation, we need to specify
	the backing name to qemu. This is done via the "backing-file" attribute
	to the block-stream commad.

	qemu: monitor: Add argument for specifying backing name for block commit
	To allow changing the name that is recorded in the overlay of the TOP
	image used in a block commit operation, we need to specify the backing
	name to qemu. This is done via the "backing-file" attribute to the
	block-commit command.

	qemu: caps: Add capability for change-backing-file command
	This command allows to change the backing file name recorded in the
	metadata of a qcow (or other) image. The capability also notifies that
	the "block-stream" and "block-commit" commands understand the
	"backing-file" attribute.

	audit: disk: Refactor disk auditing to avoid auditing remote storage
	Pass the virStorageSource struct to the auditing function and check if
	storage is local before auditing.

	conf: audit: Split out common steps to audit domain devices
	Extract common operations done when creating an audit message to a
	separate generic function that can be reused and convert RNG, disk, FS
	and net audit to use it.

	conf: audit: rng: Reorder new and old RNG device definitions
	The audit functions usually take the old definition before the new one
	in the argument list. Unify RNG device to use the same order.

2014-07-04  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add helper to determine whether storage is local
	There's a lot of places where we skip doing actions based on the
	locality of given storage type. The usual pattern is to skip it if:

	virStorageSourceGetActualType(src) == VIR_STORAGE_TYPE_NETWORK

	Add a simple helper to simplify the pattern to
	virStorageSourceIsLocalStorage(src)

2014-07-03  John Ferlan  <jferlan@redhat.com>

	Utilize virDomainDiskAuth for storage pools
	Replace the authType, chap, and cephx unions in virStoragePoolSource
	with a single pointer to a virStorageAuthDefPtr.  Adjust all users of
	the previous chap/cephx and secret unions with the source->auth data.

	formatdomain: Fix issues found describing auth
	Fix a couple of typos ('chap' should have been 'iscsi' and there was
	a stray 'iqn.2013-07.com.example:iscsi-pool' entry.  Clean up the
	description of the <auth> element for the disk

	Utilize virDomainDiskAuth for domain disk
	Replace the inline "auth" struct in virStorageSource with a pointer
	to a virStorageAuthDefPtr and utilize between the domain_conf, qemu_conf,
	and qemu_command sources for finding the auth data for a domain disk

2014-07-03  John Ferlan  <jferlan@redhat.com>

	qemuargv2xmltest: Resurrect RBD and iSCSI auth
	Ressurect the disk-drive-network-iscsi-auth and disk-drive-network-rbd-auth
	tests.  Make adjustments to the args and xml file to be compatible with
	other changes made to the non "-auth" so that the only difference is the
	authentication information.

	Adjust the qemuargv2xmltest.c to filter out "<secret" and "</auth>" since
	the args -> xml has no concept of usage it doesn't get printed. This results
	in the </auth> being printed on the same line as "<secret" and the secret
	XML is not closed - a bit of an issue, but soon to be fixed.

2014-07-03  John Ferlan  <jferlan@redhat.com>

	virstorage: Introduce virStorageAuthDef
	Introduce virStorageAuthDef and friends.  Future patches will merge/utilize
	their view of storage source/pool auth/secret definitions.

	New API's include:
	    virStorageAuthDefParse:  Parse the "<auth/>" XML data for either the
	                             domain disk or storage pool returning a
	                             virStorageAuthDefPtr
	    virStorageAuthDefCopy:   Copy a virStorageAuthDefPtr - to be used by
	                             the qemuTranslateDiskSourcePoolAuth when it
	                             copies storage pool auth data into domain
	                             disk auth data
	    virStorageAuthDefFormat: Common output of the "<auth" in the domain
	                             disk or storage pool XML
	    virStorageAuthDefFree:   Free memory associated with virStorageAuthDef

	Subsequent patches will utilize the new functions for the domain disk and
	storage pools.

	Future work in the hostdev pass through can then make use of common data
	structures and code.

2014-07-03  Eric Blake  <eblake@redhat.com>

	blockjob: turn on qemu capability bit for active commit
	Use the probing functionality added in the last patch to turn on
	a capability bit when active commit is present, and gate active
	commit on that capability.

	For my own reference: the difference between BLOCKJOB_SYNC and
	BLOCKJOB_ASYNC is whether qemu generated an event at the
	conclusion of blockpull; basically, RHEL 6.2 was the only release
	of qemu that has the sync semantics and lacks the event.  RHEL
	6.3 added blockcopy, but also picked up on the upstream style
	of qemu generating events.  As no one is likely to backport
	active commit to RHEL 6.2, it's safe for blockcommit to always
	require async blockjob support.

	Modifying qemucapabilitiestest is painful; the .replies files would
	be so much easier if they had comments correlating which command
	generated the given reply.  Maybe I'll fix that up later...

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_ACTIVE_COMMIT): New
	capability.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Use the new bit
	* src/qemu/qemu_capabilities.c (virQEMUCaps): Name the new bit.
	(virQEMUCapsProbeQMPCommands): Set it.
	* tests/qemucapabilitiesdata/caps_1.3.1-1.replies: Update.
	* tests/qemucapabilitiesdata/caps_1.4.2-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.5.3-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.6.0-1.replies: Likewise.
	* tests/qemucapabilitiesdata/caps_1.6.50-1.replies: Likewise.

2014-07-03  Eric Blake  <eblake@redhat.com>

	blockjob: allow omitted arguments to QMP block-commit
	We are about to turn on support for active block commit.  Although
	qemu 2.0 was the first version to mostly support it, that version
	mis-handles 0-length files, and doesn't have anything available for
	easy probing.  But qemu 2.1 fixed bugs, and made life simpler by
	letting the 'top' argument be optional.  Unless someone begs for
	active commit with qemu 2.0, for now we are just going to enable
	it only by probing for qemu 2.1 behavior (anyone backporting active
	commit can also backport the optional argument behavior).  This
	requires qemu.git commit 7676e2c597000eff3a7233b40cca768b358f9bc9.

	Although all our actual uses of block-commit supply arguments for
	both base and top, we can omit both arguments and use a bogus
	device string to trigger an interesting behavior in qemu.  All QMP
	commands first do argument validation, failing with GenericError
	if a mandatory argument is missing.  Once that passes, the code
	in the specific command gets to do further checking, and the qemu
	developers made sure that if device is the only supplied argument,
	then the block-commit code will look up the device first, with a
	failure of DeviceNotFound, before attempting any further argument
	validation (most other validations fail with GenericError).  Thus,
	the category of error class can reliably be used to decipher
	whether the top argument was optional, which in turn implies a
	working active commit.  Since we expect our bogus device string to
	trigger an error either way, the code is written to return a
	distinct return value without spamming the logs.

	* src/qemu/qemu_monitor.h (qemuMonitorSupportsActiveCommit): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorSupportsActiveCommit):
	Implement it.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Allow NULL for top and base, for probing purposes.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise, implementing the probe.
	* tests/qemumonitorjsontest.c (mymain): Enable...
	(testQemuMonitorJSONqemuMonitorSupportsActiveCommit): ...a new test.

2014-07-03  Michal Privoznik  <mprivozn@redhat.com>

	tests: Avoid double linking some libraries
	The problem is, since 614581f32b domaincapstest is linked with
	$(LDADDS) by default. Then, since 94e3f23e8a7 the test may be
	conditionally linked with $(qemu_LDADDS) which already contains
	$(LDADDS). And some linkers doesn't cope with this nicely:

	  CCLD     domaincapstest
	../src/libvirt_probes.o:(.probes+0x0): multiple definition of `libvirt_event_poll_add_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x0): first defined here
	../src/libvirt_probes.o:(.probes+0x2): multiple definition of `libvirt_event_poll_update_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x2): first defined here
	../src/libvirt_probes.o:(.probes+0x4): multiple definition of `libvirt_event_poll_remove_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x4): first defined here
	../src/libvirt_probes.o:(.probes+0x6): multiple definition of `libvirt_event_poll_dispatch_handle_semaphore'
	../src/libvirt_probes.o:(.probes+0x6): first defined here

	And so on.

2014-07-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virConnectGetDomainCapabilities
	So far only information on disks and host devices are exposed in the
	capabilities XML. Well, at least something. Even a new test is
	introduced. The qemu capabilities are stolen from already existing
	qemucapabilities test. There's one tricky point though. Functions that
	checks host's KVM and VFIO capabilities, are impossible to mock
	currently. So in the test, we are setting the capabilities by hand.

	qemu_capabilities: Introduce virQEMUCapsGetDefaultMachine
	Sometimes it may be useful to get a default machine for given qemu
	binary. Fortunately, the default machine is stored always on the first
	position in the supported machines array.

	qemu_capabilities: Introduce virQEMUCapsIsMachineSupported
	This internal API is meant to answer the question 'Is this machine
	type supported by given qemu?'.

	qemu_capabilities: Introduce virQEMUCapsCacheLookupByArch
	The API may come handy if somebody has an architecture and wants to
	look through available qemus if the architecture is supported or not.

	tests: Move qemu caps XML parsing into shared unit
	Later on, we the qemu capabilities XML parsing code may come handy so
	instead of duplicating the code make the already existing one shared.
	By the same time, make the function accept file name instead of XML
	document stored already in memory.

	virsh: expose virConnectGetDomainCapabilities
	The API is exposed under 'domcapabilities' command. Currently, with
	the variety of drivers that libvirt supports, none of the command
	arguments is obligatory, but all are optional instead.

	Introduce virConnectGetDomainCapabilities
	The API should expose the information contained in virDomainCapsPtr.

2014-07-03  Michal Privoznik  <mprivozn@redhat.com>

	Introduce domain_capabilities
	This new module holds and formats capabilities for emulator. If you
	are about to create a new domain, you may want to know what is the
	host or hypervisor capable of. To make sure we don't regress on the
	XML, the formatting is not something left for each driver to
	implement, rather there's general format function.

	The domain capabilities is a lockable object (even though the locking
	is not necessary yet) which uses reference counter.

2014-07-03  Michal Privoznik  <mprivozn@redhat.com>

	xenapiConnectGetCapabilities: Remove unused 'cleanup' label
	In the lastest rework (9e7ecabf) a cleanup label was left over which
	results in compilation error.

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Remove double OOM error reporting

	Remove double OOM error reporting from JSON monitor
	The functions called here report an OOM error when the allocation
	fails, or quietly return -1 on wrong usage (which is not the case
	here)

	Add OOM error reporting to a few fucntions
	They report errors in all other cases.

	Set errno on OOM in lxcProcReadMeminfo
	It sets the errno on all other errors, do it here too.
	Also report an error.

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Use virBufferCheckError everywhere we report OOM error
	Replace:
	if (virBufferError(&buf)) {
	    virBufferFreeAndReset(&buf);
	    virReportOOMError();
	    ...
	}

	with:
	if (virBufferCheckError(&buf) < 0)
	    ...

	This should not be a functional change (unless some callers
	misused the virBuffer APIs - a different error would be reported
	then)

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Report errors in virCapabilitiesFormatXML
	So far, we only report an error if formatting the siblings bitmap
	in NUMA topology fails.

	Be consistent and always report error in virCapabilitiesFormatXML.

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Introduce virBufferCheckError
	Check if the buffer is in error state and report an error if it is.

	This replaces the pattern:
	if (virBufferError(buf)) {
	    virReportOOMError();
	    goto cleanup;
	}
	with:

	if (virBufferCheckError(buf) < 0)
	    goto cleanup;

	Document typical buffer usage to favor this.
	Also remove the redundant FreeAndReset - if an error has
	been set via virBufferSetError, the content is already freed.

2014-07-03  Ján Tomko  <jtomko@redhat.com>

	Use virStringReplace instead of openvz_replace
	This function didn't report an error on OOM. Better delete it
	and use virStringReplace instead. :)

	Remove useless condition in networkRadvdConfContents
	If v6present is false, this code is not reachable.
	Also, there is no need to check for errors twice.

	usb: Remove redundant comment

	More indentation fixes
	Reindent nwfilter gentech driver and one block in rbd storage backend.

	Fix indentation in bridge driver

2014-07-02  Pavel Hrdina  <phrdina@redhat.com>

	qemu_domain: fix startup policy for disks
	https://bugzilla.redhat.com/show_bug.cgi?id=1086121

	We now support startupPolicy='optional' for disks, but this
	should work only for cold boot, not for restore or migrate.

2014-07-02  Yue wenyuan  <yuewenyuan@huawei.com>

	LXC: update comments of lxcDomainCreateXMLWithFiles() and lxcDomainCreateXML()
	The comments for lxcDomainCreateXMLWithFiles are out of date. So update them.
	And add comments for lxcDomainCreateXML

2014-07-02  Yanbing Du  <ydu@ydu-0.nay.redhat.com>

	virsh: Allow attach-disk to specify disk target bus
	By default, the bus type is inferred from the style of the device
	name('target' in this command), e.g. a device named 'sda' will
	typically be exported using a SCSI bus. Actually, not only SCSI bus,
	but USB/SATA bus also use this kind of device name. So add '--bus'
	option for attach-disk command to allow user specify the target bus.

2014-07-02  Ján Tomko  <jtomko@redhat.com>

	Fix segfault when starting a domain with no cpu definition
	My commit fba6bc4 iterated over the features in cpu definition
	without checking if there is one.

2014-07-02  Mike Perez  <thingee@gmail.com>

	qemu: Add cmd_per_lun, max_sectors to virtio-scsi
	This introduces two new attributes "cmd_per_lun" and "max_sectors" same
	with the names QEMU uses for virtio-scsi. An example of the XML:

	<controller type='scsi' index='0' model='virtio-scsi' cmd_per_lun='50'
	max_sectors='512'/>

	The corresponding QEMU command line:

	-device virtio-scsi-pci,id=scsi0,cmd_per_lun=50,max_sectors=512,
	bus=pci.0,addr=0x3

2014-07-02  Ján Tomko  <jtomko@redhat.com>

	Add invariant TSC cpu flag
	Add suport for invariant TSC flag (CPUID 0x80000007, bit 8 of EDX).
	If this flag is enabled, the TSC ticks at a constant rate across
	all ACPI P-, C- and T-states.

	This can be enabled by adding:
	<feature name='invtsc'/>
	to the <cpu> element.

	Migration and saving the domain does not work with this flag.

	QEMU support: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=303752a

	The feature name "invtsc" differs from the name "" used by the linux kernel:
	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kernel/cpu/powerflags.c?id=30321c7b#n18

2014-07-02  Giuseppe Scrivano  <gscrivan@redhat.com>

	qemu: raise an error when trying to use readonly ide disks
	The IDE bus doesn't support readonly disks, so inform the user with an
	error message instead of let qemu fail with a more obscure "Device
	'ide-hd' could not be initialized" error message.

	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1112939

2014-07-02  Martin Kletzander  <mkletzan@redhat.com>

	util: unify extra asterisk in viralloc.h

	Post-release version bump for new dev cycle

2014-07-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.6

2014-07-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: copy: Accept 'format' parameter when copying to a non-existing img
	We have the following matrix of possible arguments handled by the logic
	statement touched by this patch:
	       | flags & _REUSE_EXT | !(flags & _REUSE_EXT)
	-------+--------------------+----------------------
	 format| (1)                | (2)
	-------+--------------------+----------------------
	!format| (3)                | (4)
	-------+--------------------+----------------------

	In cases 1 and 2 the user provided a format, in cases 3 and 4 not. The
	user requests to use a pre-existing image in 1 and 3 and libvirt will
	create a new image in 2 and 4.

	The difference between cases 3 and 4 is that for 3 the format is probed
	from the user-provided image, whereas in 4 we just use the existing disk
	format.

	The current code would treat cases 1,3 and 4 correctly but in case 2 the
	format provided by the user would be ignored.

	The particular piece of code was broken in commit 35c7701c64508f975dfeb8
	but since it was introduced a few commits before that it was never
	released as working.

2014-07-01  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Fix header reader function
	Advance the right pointer to actually append to the buffer. We were
	lucky that all reads were completed in one try.

2014-07-01  Peter Krempa  <pkrempa@redhat.com>

	conf: storage: Add volume feature formatter for gluster pools
	Libvirt didn't output feature flags for images stored on native gluster.
	Fix this trivially by adding a feature formatter callback.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1095035

2014-07-01  Martin Kletzander  <mkletzan@redhat.com>

	build: link libvirt_conf with libxml
	Since there is code using functions from the libxml library,
	libvirt_conf should have that in LIBADD so it can be linked against
	even without libvirt_util (which usually deals with the error itself,
	since libvirt_util has libxml in LIBADD).  The same applies to
	storage_backend.c.

2014-07-01  Michal Privoznik  <mprivozn@redhat.com>

	vboxsnapshotxmltest: Don't write to a file in abs_srcdir
	In the test, the snapshot XML is written into a file that's located
	under:

	  abs_srcdir/vboxsnapshotxmldata/testResult.vbox

	However, the abs_srcdir doesn't have to be necessarily writable. It
	should have been abs_builddir instead. Moreover, the label in the func
	creating the file is called 'fail' while it fulfils the duty of
	'cleanup' label.

2014-07-01  Michal Privoznik  <mprivozn@redhat.com>

	securityselinuxlabeltest: Don't create dummy file in the srcdir
	At the very beginning of the test we check if the underlying
	filesystem supports extended attributes as they are used to store fake
	SELinux labels. In order to check that, a dummy file is created and
	semi-random attribute is set. However, the file is created under:

	  abs_srcdir "/securityselinuxlabeldata/testxattr"

	which has two problems: abs_srcdir is not required to be writable, so
	it should have been abs_builddir. The second one is - there's no
	"securityselinuxlabeldata" folder under abs_builddir. The problem was
	introduced in caf164f1.

2014-07-01  Ján Tomko  <jtomko@redhat.com>

	Report one error less when getting net dev speed
	virFileReadAll already logs an error. If reading the 'speed' file
	fails with EINVAL, we log an error even though we ignore it. If it
	fails with other errors, we log two errors.

	Use virFileReadAllQuiet - ignore EINVAL and report just one error
	in other cases.

	Fixes this error on libvirtd startup:
	2014-06-30 12:47:14.583+0000: 20971: error : virFileReadAll:1297 :
	Failed to read file '/sys/class/net/wlan0/speed': Invalid argument

2014-07-01  Ján Tomko  <jtomko@redhat.com>

	Introduce virFileReadAllQuiet
	Just like virFileReadAll, but returns -errno instead
	of reporting errors. Useful for ignoring some errors.

2014-07-01  Ján Tomko  <jtomko@redhat.com>

	Only detect PCI Express devices as root in udev nodedev driver
	This stops the error message spam when running unprivileged
	libvirtd:
	2014-06-30 12:38:47.990+0000: 631: error : virPCIDeviceConfigOpen:300 :
	Failed to open config space file
	'/sys/bus/pci/devices/0000:00:00.0/config': Permission denied

	Reported by Daniel Berrange:
	https://www.redhat.com/archives/libvir-list/2014-June/msg01082.html

2014-07-01  Ján Tomko  <jtomko@redhat.com>

	Track privileged state in udev nodedev driver
	Remember if libvirtd is running as root or not.

2014-07-01  Jim Fehlig  <jfehlig@suse.com>

	libxl: add PV console if not explicitly specified
	Xen PV domains always have a PV console, so add one to the domain
	config via post-parse callback if not explicitly specified in
	the XML.  The legacy Xen driver behaves similarly, causing a
	regression when switching to the new Xen toolstack.  I.e.

	  virsh console pv-domain

	will no longer work after upgrading a xm/xend stack to xl/libxl.

2014-07-01  Jim Fehlig  <jfehlig@suse.com>

	build: fix 'make syntax-check' after commit c6cf5df3
	The commit caused prohibit_long_lines to fail in src/Makefile.am.

2014-07-01  Jim Fehlig  <jfehlig@suse.com>

	vbox: fix linker error
	Noticed the following error when building the vbox driver
	in the openSUSE build service

	CCLD     vboxsnapshotxmltest
	/usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld:
	../src/.libs/libvirt_driver_vbox_impl.a
	(libvirt_driver_vbox_impl_la-vbox_snapshot_conf.o):
	undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30'
	/usr/lib64/libxml2.so: error adding symbols: DSO missing from command line
	collect2: error: ld returned 1 exit status

	Fixed by adding LIBXML_LIBS to libvirt_driver_vbox_impl_la_LIBADD

2014-06-30  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: don't break the build on Xen>=4.5 because of libxl_vcpu_setaffinity()
	libxl interface for vcpu pinning is changing in Xen 4.5. Basically,
	libxl_set_vcpuaffinity() now wants one more parameter. That is
	representative of 'VCPU soft affinity', which libvirt does not use.

	To mark such change, the macro LIBXL_HAVE_VCPUINFO_SOFT_AFFINITY is
	defined. Use it as a gate and, if present, re-#define the calls from
	the old to the new interface, to avoid breaking the build.

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Campbell <Ian.Campbell@citrix.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2014-06-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: throw an error if we failed to get Idmap elements
	Throwing an error is much friendly than just
	"error: An error occurred, but the cause is unknown"

2014-06-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Save persistent domain config when taking external snapshot
	Commit 55bbb011b965c7962933604c70f61cef45e8ec04 introduced a regression
	where we forgot to save the persistent domain configuration after an
	external snapshot. This would make libvirt forget the snapshots and
	effectively revert to the previous state in the following scenario:

	1) Start VM
	2) Take snapshot
	3) Destroy VM
	4) Restart libvirtd

	Also fix spurious blank line added by patch mentioned above.

2014-06-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix build by fixing typo in variable name
	Commit 80d0918b introduced a typo in variable name:

	s/failIncomaptible/failIncompatible/

	Pushed under the build breaker rule.

2014-06-27  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add new Broadwell CPU model

2014-06-27  Peter Krempa  <pkrempa@redhat.com>

	net: merge virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC
	Instead of maintaining two very similar APIs, add the "@mac" parameter
	to virNetworkGetDHCPLeases and kill virNetworkGetDHCPLeasesForMAC. Both
	of those functions would return data the same way, so making @mac an
	optional filter simplifies a lot of stuff.

2014-06-27  Ján Tomko  <jtomko@redhat.com>

	Add test for type none model dac seclabel

2014-06-26  Jincheng Miao  <jmiao@redhat.com>

	test: add user_xattr check for securityselinuxlabeltest
	libvirt unit test used setxattr with "user.libvirt.selinux" name to
	emulate setfilecon of selinux. But for some old kernel filesystem
	(like 2.6.32-431.el6.x86_64), if the filesystem is not mounted with
	user_xattr flag, the setxattr with "user.libvirt.selinux" will fail.

	So adding testUserXattrEnabled() in securityselinuxlabeltest.c,
	if user_xattr is not enabled, skip this case.

	The user_xattr is departed in newer kernel, therefore this commit is
	only for the compatablity for old kernel.

	Tested-by: Scott Sullivan <ssullivan@liquidweb.com>

2014-06-26  Eric Blake  <eblake@redhat.com>

	docs: publish correct enum values
	We publish libvirt-api.xml for others to use, and in fact, the
	libvirt-python bindings use it to generate python constants that
	correspond to our enum values.  However, we had an off-by-one bug
	that any enum that relied on C's rules for implicit initialization
	of the first enum member to 0 got listed in the xml as having a
	value of 1 (and all later members of the enum were equally
	botched).

	The fix is simple - since we add one to the previous value when
	encountering an enum without an initializer, the previous value
	must start at -1 so that the first enum member is assigned 0.

	The python generator code has had the off-by-one ever since DV
	first wrote it years ago, but most of our public enums were immune
	because they had an explicit = 0 initializer.  The only affected
	enums are:
	- virDomainEventGraphicsAddressType (such as
	VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31e
	(libvirt v0.8.0)
	- virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW),
	since commit 9fbaff0 (libvirt v1.2.3)
	- virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit
	03e0e79 (not yet released)

	Thanks to Nehal J Wani for reporting the problem on IRC, and
	for helping me zero in on the culprit function.

	* docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum
	values.

2014-06-26  Jim Fehlig  <jfehlig@suse.com>

	libxl: detect support for save and restore
	libxl does not support save, restore, or migrate on all architectures,
	notably ARM.  Detect whether libxl supports these operations using
	LIBXL_HAVE_NO_SUSPEND_RESUME.  If not supported, drop advertisement of
	<migration_features>.

	Found by Ian Campbell while improving Xen's OSSTEST infrastructure

	http://lists.xen.org/archives/html/xen-devel/2014-06/msg02171.html

2014-06-26  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix guestfwd chardev option back how it was
	Since commit d86c876a66e320b55220d00113027c9ad6199cff we are using
	guestfwd=tcp:IP:PORT,chardev=ID for guestfwd specification, however,
	that has not changed in qemu, so guestfwd does not work since.

	Apart from that, guestfwd is not working with older qemu that doesn't
	have QEMU_CAPS_DEVICE.

	Both regressions exist since late 2009 and nobody found that (until
	now), so I'm only fixing the first one.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1112066

2014-06-26  Daniel P. Berrange  <berrange@redhat.com>

	Add PKG_CONFIG_PATH to run.in script.
	Allow people to build external bindings using the 'run' script
	by defining the PKG_CONFIG_PATH var in it. eg to build Python
	you could do

	   ../libvirt/run python setup.py build

2014-06-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo s/SASL_CONF_DIR/SASL_CONF_PATH/ in QEMU VNC code
	The QEMU VNC client arg code has a long standing typo
	of SASL_CONF_DIR when it should be SASL_CONF_PATH for
	the env variable name.

2014-06-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockcopy: Don't remove existing disk mirror info
	When creating a new disk mirror the new struct is stored in a separate
	variable until everything went well. The removed hunk would actually
	remove existing mirror information for example when the api would be run
	if a mirror still exists.

	security: nop: Avoid very long lines
	The function headers contain type on the same line as the name. When
	combined with usage of ATTRIBUTE_UNUSED, the function headers were very
	long. Shorten them by breaking the line after the type.

	security: Fix header formatting of a few functions
	Some of the functions in the storage driver had their headers formatted
	incorrectly.

	security: manager: Document behavior of disk label manipulation funcs
	virSecurityManagerSetDiskLabel and virSecurityManagerRestoreDiskLabel
	don't have complementary semantics. Document the semantics to avoid
	possible problems.

	security: manager: Unify function header format

	security: manager: Avoid forward decl of virSecurityManagerDispose

	security: Rename virSecurityManagerRestoreImageLabel to *Disk*
	I'm going to add functions that will deal with individual image files
	rather than whole disks. Rename the security function to make room for
	the new one.

	util: s/virStorageSourceClearBackingStore/virStorageSourceBackingStoreClear
	Rename them to comply with the naming policy.

2014-06-26  Daniel Veillard  <veillard@redhat.com>

	Fix a typo in a localized string
	As pointed by Yuri Chornoivan in transifex:
	https://fedora.transifex.com/projects/p/libvirt/translate/#uk/strings/27026506

2014-06-26  Jiri Denemark  <jdenemar@redhat.com>

	virConnectCompareCPU: Introduce FAIL_INCOMPATIBLE flag
	The new VIR_CONNECT_COMPARE_CPU_FAIL_INCOMPATIBLE flag for
	virConnectCompareCPU can be used to get an error
	(VIR_ERR_CPU_INCOMPATIBLE) describing the incompatibility instead of the
	usual VIR_CPU_COMPARE_INCOMPATIBLE return code.

2014-06-26  Jiri Denemark  <jdenemar@redhat.com>

	cpuCompare*: Add support for reporting failure on incompatible CPUs
	When CPU comparison APIs return VIR_CPU_COMPARE_INCOMPATIBLE, the caller
	has no clue why the CPU is considered incompatible with host CPU. And in
	some cases, it would be nice to be able to get such info in a client
	rather than having to look in logs.

	To achieve this, the APIs can be told to return VIR_ERR_CPU_INCOMPATIBLE
	error for incompatible CPUs and the reason will be described in the
	associated error message.

2014-06-26  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Cleanup coding style in generic CPU driver

	Remove redundant docs from libvirt.h
	Only types and macros are documented in libvirt.h, APIs are documented
	in the *.c file they are implemented in.

	virsh: Remove bogus stat on log file
	Let's just open the file right away and deal with errors. Moreover,
	there's no reason to forbid logging to, e.g., a pipe.

2014-06-25  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	conf: whitespace tweak
	Fix missing whitespace when parsing 'managed' attribute.

2014-06-25  Jincheng Miao  <jmiao@redhat.com>

	enhance hostdev mode 'capabilities' process
	Currently, only LXC has hostdev mode 'capabilities' support,
	so the other drivers should forbid to define it in XML.
	The hostdev mode check is added to devicesPostParseCallback()
	for each hypervisor driver.

	But there are some drivers lack function devicesPostParseCallback(),
	so only add check for qemu, libxl, openvz, uml, xen, xenapi.

2014-06-25  Peter Krempa  <pkrempa@redhat.com>

	storage: Don't store parent directory of an image explicitly
	The parent directory doesn't necessarily need to be stored after we
	don't mangle the path stored in the image. Remove it and tweak the code
	to avoid using it.

	storage: Don't canonicalize paths unnecessarily
	Store backing chain paths as non-canonical. The canonicalization step
	will be already taken. This will allow to avoid storing unnecessary
	amounts of data.

	tests: virstoragetest: Remove unneeded relative test plumbing
	After we don't test relative paths, remove even more unnecessary cruft
	from the test code.

	tests: virstoragetest: Don't test relative start of backing chains
	libvirt always uses an absolute path to address the top image of an
	image chain. Our storage test tests also the relative path which won't
	ever be used. Additionally it makes the test more complicated.

	util: storage: Remove now redundant backingRelative from virStorageSource
	Now that we store only relative names in virStorageSource's member
	relPath the backingRelative member is obsolete. Remove it and adapt the
	code to the removal.

	tests: virstoragetest: Remove now unused pathAbs
	Separately remove the now unused variable.

	storage: Store relative path only for relatively backed storage
	Due to various refactors and compatibility with the virstoragetest the
	relPath field of the virStorageSource structure was always filled either
	with the relative name or the full path in case of absolutely backed
	storage. Return its original purpose to store only the relative name of
	the disk if it is backed relatively and tweak the tests.

2014-06-25  Peter Krempa  <pkrempa@redhat.com>

	tests: virstoragetest: Remove "expBackingStore" field
	Now that we changed ordering of the stored metadata so that the backing
	store is described by the child element the test should reflect this
	change too.

	Remove the expected backing store field as it's actually described by
	the next element in the backing chain, so there's no need for
	duplication.

2014-06-25  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Add helper to resolve relative path difference
	This patch introduces a function that will allow us to resolve a
	relative difference between two elements of a disk backing chain. This
	function will be used to allow relative block commit and block pull
	where we need to specify the new relative name of the image to qemu.

	This patch also adds unit tests for the function to verify that it works
	correctly.

2014-06-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: check whether we get MemSwap[Total|Usage]

2014-06-24  Julio Faracco  <jcfaracco@gmail.com>

	qemu: enum cleanups in "src/qemu/*"
	As we are doing with the enum structures, a cleanup in "src/qemu/"
	directory was done now. All the enums that were defined in the
	header files were converted to typedefs in this directory. This
	patch includes all the adjustments to remove conflicts when you do
	this kind of change. "Enum-to-typedef"'s conversions were made in
	"src/qemu/qemu_{capabilities, domain, migration, hotplug}.h".

2014-06-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix version annotation of migration functions
	Commit 9b8d6e1e missed updating the libvirt version which
	introduced support for domainMigrate*3Params functions.

2014-06-24  Peter Krempa  <pkrempa@redhat.com>

	bridge: leases: Fix potential crash caused by use after free
	Don't free individual JSON array members as the array will be freed at
	the end. This may potentially lead to a crash although it didn't crash
	on my setup.

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Free DHCP leases file in networkGetDHCPLeasesHelper
	Introduced by commit ba51398

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Rework remoteSerializeDHCPLease
	Don't leak the temporary variables on success if NULL is returned
	for that field.

	Don't dereference NULL on failure to allocate some of the temporaries.

	Introduced by commit 990c3b6

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Free file header in virStorageFileGetMetadataRecurse
	Introduced by commit 2bdb8b9

2014-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Change 'interface' to 'iface' in virNetworkDHCPLease
	Variables/fields named 'interface' clash with system
	header symbols on some platforms.

2014-06-24  Giuseppe Scrivano  <gscrivan@redhat.com>

	graphics: remember graphics not auto allocated ports
	When looking for a port to allocate, the port allocator didn't take in
	consideration ports that are statically set by the user.  Defining
	these two graphics elements in the XML would cause an error, as the
	port allocator would try to use the same port for the spice graphics
	element:

	    <graphics type='spice' autoport='yes'/>
	    <graphics type='vnc' port='5900' autoport='no'/>

	The new *[pP]ortReserved variables keep track of the ports that were
	successfully tracked as used by the port allocator but that weren't
	bound.

	Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1081881

2014-06-24  Giuseppe Scrivano  <gscrivan@redhat.com>

	virtportallocator: new function "virPortAllocatorSetUsed"
	virPortAllocatorSetUsed permits to set a port as already used and
	prevent the port allocator to use it without any attempt to bind it.

2014-06-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	net-dhcp-leases: Add virsh support
	Use virNetworkGetDHCPLeases and virNetworkGetDHCPLeasesForMAC in virsh.

	The new feature supports the follwing methods:

	1. Retrieve leases info for a given virtual network

	2. Retrieve leases info for given network interface

	tools/virsh-domain-monitor.c
	   * Introduce new command : net-dhcp-leases
	     Example Usage: net-dhcp-leases <network> [mac]

	   virsh # net-dhcp-leases --network default6
	   Expiry Time          MAC address        Protocol  IP address                Hostname        Client ID or DUID
	   -------------------------------------------------------------------------------------------------------------------
	   2014-06-16 03:40:14  52:54:00:85:90:e2  ipv4      192.168.150.231/24        fedora20-test   01:52:54:00:85:90:e2
	   2014-06-16 03:40:17  52:54:00:85:90:e2  ipv6      2001:db8:ca2:2:1::c0/64   fedora20-test   00:04:b1:d8:86:42:e1:6a:aa:cf:d5:86:94:23:6f:94:04:cd
	   2014-06-16 03:34:42  52:54:00:e8:73:eb  ipv4      192.168.150.181/24        ubuntu14-vm     -
	   2014-06-16 03:34:46  52:54:00:e8:73:eb  ipv6      2001:db8:ca2:2:1::5b/64   -               00:01:00:01:1b:30:c6:aa:52:54:00:e8:73:eb

	tools/virsh.pod
	   * Document new command

	src/internal.h
	   * Introduce new macro: EMPTYSTR

2014-06-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	net-dhcp-leases: Private implementation inside network
	Query the network driver for the path of the custom leases file for the given
	virtual network and parse it to retrieve info.

	src/network/bridge_driver.c:
	* Implement networkGetDHCPLeases
	* Implement networkGetDHCPLeasesForMAC
	* Implement networkGetDHCPLeasesHelper

2014-06-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	net-dhcp-leases: Implement the remote protocol
	Implement RPC calls for virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC

	daemon/remote.c
	   * Define remoteSerializeNetworkDHCPLeases,
	            remoteDispatchNetworkGetDHCPLeases
	   * Define remoteDispatchNetworkGetDHCPLeasesForMAC
	   * Define helper function remoteSerializeDHCPLease

	src/remote/remote_driver.c
	   * Define remoteNetworkGetDHCPLeases
	   * Define remoteNetworkGetDHCPLeasesForMAC
	   * Define helper function remoteSerializeDHCPLease

	src/remote/remote_protocol.x
	   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES
	   * Define structs remote_network_dhcp_leases, remote_network_get_dhcp_leases_args,
	                    remote_network_get_dhcp_leases_ret
	   * New RPC procedure: REMOTE_PROC_NETWORK_GET_DHCP_LEASES_FOR_MAC
	   * Define structs remote_network_dhcp_leases_for_mac, remote_network_get_dhcp_leases_for_mac_args,
	                    remote_network_get_dhcp_leases_for_mac_ret

	src/remote_protocol-structs
	   * New structs added

	src/rpc/gendispatch.pl
	   * Add exception (s/Dhcp/DHCP) for auto-generating names of the remote functions
	     in daemon/remote_dispatch.h

2014-06-24  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	net-dhcp-leases: Implement the public APIs
	Introduce 3 new APIs, virNetworkGetDHCPLeases, virNetworkGetDHCPLeasesForMAC
	and virNetworkDHCPLeaseFree.

	* virNetworkGetDHCPLeases: returns the dhcp leases information for a given
	     virtual network.

	  For DHCPv4, the information returned:
	  - Network Interface Name
	  - Expiry Time
	  - MAC address
	  - IAID (NULL)
	  - IPv4 address (with type and prefix)
	  - Hostname (can be NULL)
	  - Client ID (can be NULL)

	  For DHCPv6, the information returned:
	  - Network Interface Name
	  - Expiry Time
	  - MAC address
	  - IAID (can be NULL, only in rare cases)
	  - IPv6 address (with type and prefix)
	  - Hostname (can be NULL)
	  - Client DUID

	  Note: @mac, @iaid, @ipaddr, @clientid are in ASCII form, not raw bytes.
	  Note: @expirytime can 0, in case the lease is for infinite time.

	* virNetworkGetDHCPLeasesForMAC: returns the dhcp leases information for a
	     given virtual network and specified MAC Address.

	* virNetworkDHCPLeaseFree: allows the upper layer application to free the
	     network interface object conveniently.

	There is no support for flags, so user is expected to pass 0 for
	both the APIs.

	include/libvirt/libvirt.h.in:
	  * Define virNetworkGetDHCPLeases
	  * Define virNetworkGetDHCPLeasesForMAC
	  * Define virNetworkDHCPLeaseFree

	src/driver.h:
	  * Define networkGetDHCPLeases
	  * Define networkGetDHCPLeasesForMAC

	src/libvirt.c:
	  * Implement virNetworkGetDHCPLeases
	  * Implement virNetworkGetDHCPLeasesForMAC
	  * Implement virNetworkDHCPLeaseFree

	src/libvirt_public.syms:
	  * Export the new symbols

2014-06-24  Ján Tomko  <jtomko@redhat.com>

	Fix shadowed variable with older gcc
	Commit 2cff94c fixed the shadowed 'link' added by commit 975f0e2,
	but forgot the 'link' added by commit 08aa22e.

2014-06-24  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING
	Fix lxcDomainGetMemoryParameters and lxcDomainGetSchedulerParametersFlags:
	virsh -c lxc:/// memtune DOMAIN
	error: Unable to get number of memory parameters
	error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters

	Introduced by commit 399394.

2014-06-24  Michal Privoznik  <mprivozn@redhat.com>

	virNumaGetPages: Don't fail on huge page-less systems
	If we are running on a system that is not capable of huge pages (e.g.
	because the kernel is not configured that way) we still try to open
	"/sys/kernel/mm/hugepages/" which however does not exist. We should
	be tolerant to this specific use case.

2014-06-24  Michal Privoznik  <mprivozn@redhat.com>

	virNumaGetPageInfo: Take huge pages into account
	On the Linux kernel, if huge pages are allocated the size they cut off
	from memory is accounted under the 'MemUsed' in the meminfo file.
	However, we want the sum to be subtracted from 'MemTotal'. This patch
	implements this feature. After this change, we can enable reporting
	of the ordinary system pages in the capability XML:

	<capabilities>

	  <host>
	    <uuid>01281cda-f352-cb11-a9db-e905fe22010c</uuid>
	    <cpu>
	      <arch>x86_64</arch>
	      <model>Haswell</model>
	      <vendor>Intel</vendor>
	      <topology sockets='1' cores='1' threads='1'/>
	      <feature/>
	      <pages unit='KiB' size='4'/>
	      <pages unit='KiB' size='2048'/>
	      <pages unit='KiB' size='1048576'/>
	    </cpu>
	    <power_management/>
	    <migration_features/>
	    <topology>
	      <cells num='4'>
	        <cell id='0'>
	          <memory unit='KiB'>4048248</memory>
	          <pages unit='KiB' size='4'>748382</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	          </cpus>
	        </cell>
	        ...
	      </cells>
	    </topology>
	  </host>
	</capabilities>

	You can see the beautiful thing about this: if you sum up all the
	<pages/> you'll get <memory/>.

2014-06-24  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Avoid name shadow on older compilers
	s/link/linkpath/g in virStorageFileBackendGlusterReadlinkCallback as
	older gcc complains.

	storage: gluster: Add backend to return unique storage file path
	Use virStorageFileSimplifyPathInternal to canonicalize gluster paths
	via a callback and use it for the unique volume path retrieval API.

	util: storagefile: Introduce universal function to canonicalize paths
	Introduce a common function that will take a callback to resolve links
	that will be used to canonicalize paths on various storage systems and
	add extensive tests.

	util: string: Add helper to free non-NULL terminated string arrays
	To free string lists with some strings stolen from the middle we need to
	walk the complete array. Introduce a new helper that takes the string
	list size to free such string lists.

2014-06-23  Jim Fehlig  <jfehlig@suse.com>

	libxl: prefer qdisk for <driver name='file'>
	The libxl driver currently sets the disk backend to
	LIBXL_DISK_BACKEND_TAP when <driver name='file'> is specified
	in the <disk> config.  qdisk should be prefered with this
	configuration, otherwise existing configuration such as the
	following, which worked with the old Xen driver, will not work
	with the libxl driver

	  <disk type='file' device='cdrom'>
	    <driver name='file'/>
	    <source file='/path/to/some/iso'/>
	    <target dev='hdc' bus='ide'/>
	    <readonly/>
	  </disk>

	In addition, tap performs poorly compared to qdisk.

2014-06-23  Michal Privoznik  <mprivozn@redhat.com>

	cmdFreepages: initialize @tmp
	In the 404bac14 the @tmp variable was introduced. It's purpose is to
	avoid typecasting when parsing --pagesize argument. However, if the
	argument is not presented, tmp may be used uninitialized resulting in
	bogus virNodeGetFreePages() API call:

	virsh freepages --cellno 2
	error: Failed to open file '/sys/devices/system/node/node2/hugepages/hugepages-4294967295kB/free_hugepages': No such file or directory

2014-06-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix closedir usage in virNumaGetPages
	virNumaGetPages calls closedir(dir) in cleanup and dir could
	be NULL if we jump there from the failed opendir() call.

	While it's not harmful on Linux, FreeBSD libc crashes [1], so
	make sure that dir is not NULL before calling closedir.

	1: http://lists.freebsd.org/pipermail/freebsd-standards/2014-January/002704.html

2014-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add pkg-config files to allow deps to build against source tree
	When testing language bindings it is useful to be able to build
	them against an uninstalled libvirt source tree. Add a dummy
	set of pkg-config files to allow for this. This can be used by
	setting

	  export PKG_CONFIG_PATH=/path/to/libvirt/git/src

2014-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add pkg-config files for libvirt-qemu & libvirt-lxc
	For some reason there have never been pkg-config files created
	for the libvirt-qemu.so and libvirt-lxc.so libraries.

2014-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Don't include @LIBS@ in libvirt.pc.in file
	The libvirt.pc file we install is ending up polluted with a
	load of compiler flags that should be private to the libvirt
	build. eg

	Libs: -L${libdir} -lvirt -ldl -O2 -g -pipe -Wall \
	      -Wp,-D_FORTIFY_SOURCE=2 -fexceptions \
	      -fstack-protector-strong --param=ssp-buffer-size=4 \
	      -grecord-gcc-switches  -m64 -mtune=generic

	this is caused by including @LIBS@ in the Libs: line of the
	pkgconfig.pc.in file.

2014-06-23  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Actually build huge page code
	One of previous commits (e6258a33) tried to build the huge page code
	only on Linux since it's Linux centric indeed. But it failed miserably
	as it used 'WITH_LINUX' which is an automake conditional not a gcc
	one. In the sources we need to use __linux__.

2014-06-23  Laine Stump  <laine@laine.org>

	qemu: parse -device virtio-balloon
	There are no options to parse here other than the name of the device,
	and all three possible device names have the same prefix
	("virtio-balloon" with "-ccw", "-pci", or "-device" appended), so the
	code is fairly simple. It has been implemented such that it will be
	easier to add handling for other -device entries that aren't otherwise
	recognized - just add another "else if (STRPREFIX(opts, ....)" clause.

	qemuParseCommandLineString() previously would always add a <memballoon
	model='virtio'/> to every result (the comments erroneously say that it
	is adding a <memballoon model='none'/>) This has been changed to add
	model='none', and 84 test case xml's updated accordingly (so that
	qemuxml2argvtest won't fail).

	Now that the memballoon device is properly parsed, we can safely add a
	test for properly ignoring -nodefconfig and -nodefaults. Rather than
	adding an entire new test case for this (and memballoon), we just
	randomly pick the clock-utc test and modify it slightly to fulfill the
	purpose.

2014-06-23  Ján Tomko  <jtomko@redhat.com>

	Report correct error in virNetDevTapCreate
	ioctl returns -1, not the errno value

	Do not call closedir with NULL argument
	Only three other callers possibly call closedir on a NULL argument.
	Even though these probably won't be used on FreeBSD where this crashes,
	let's be nice and only call closedir on an actual directory stream.

	Fix invalid write in virNumaGetDistances
	==== Invalid write of size 4
	====    at 0x52E678C: virNumaGetDistances (virnuma.c:479)
	====    by 0x5396890: nodeCapsInitNUMA (nodeinfo.c:1796)
	====    by 0x203C2B: virQEMUCapsInit (qemu_capabilities.c:960)
	====  Address 0xe10a1e0 is 0 bytes after a block of size 0 alloc'd
	====    at 0x4C2A6D0: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	====    by 0x52A10D6: virAllocN (viralloc.c:191)
	====    by 0x52E674D: virNumaGetDistances (virnuma.c:470)
	====    by 0x5396890: nodeCapsInitNUMA (nodeinfo.c:1796)
	====    by 0x203C2B: virQEMUCapsInit (qemu_capabilities.c:960)

2014-06-23  Peter Krempa  <pkrempa@redhat.com>

	util: numa: Stub out hugepage code on non-Linux platforms
	The hugepage sizing and counting code gathers the information from sysfs
	and thus isn't portable. Stub it out for non-Linux so that we can report
	a better error. This patch also avoids calling sysinfo() on Mingw where
	it isn't supported.

	util: numa: Catch readdir errors in virNumaGetPages
	Don't return possibly incomplete result if virDirRead fails.

	tests: Fix syntax-check after cdd11151791bc9e61538988438980f41c0185681
	makefile_conditionals
	tests/Makefile.am:293:endif
	maint.mk: match "if FOO" with "endif FOO" in Makefiles
	make: *** [sc_makefile_conditionals] Error 1

2014-06-23  Peter Krempa  <pkrempa@redhat.com>

	test: Disable storage test when FS backend isn't compiled in
	'virstoragetest' accesses backing chains of files on local storage with
	the help of the storage driver. Disable the test on builds without the
	storage driver as the test is crashing otherwise.

	Reported by: Roman Bogorodskiy

2014-06-23  Ján Tomko  <jtomko@redhat.com>

	Properly check the return value of CCWAddressAsString
	It returns NULL on failure. Checking if the negation of it
	is less than zero makes no sense. (Found by coverity after moving
	the code)

	In another case, the return value wasn't checked at all.

2014-06-21  Ján Tomko  <jtomko@redhat.com>

	Split out CCW address allocation
	Just code movement and rename.

2014-06-20  Jason Andryuk  <andryuk@aero.org>

	libxl: Use cooperative resume for migration
	Migration code specifies the problematic non-cooperative resume mode
	which is a known issue with Xen's libxl [1].  Instead, use the better
	supported cooperative mode.

	Without this, guests BUG() in xen_irq_resume after failing to bind
	still-bound event channels.

	[1] http://bugs.xenproject.org/xen/bug/30

2014-06-20  Michal Privoznik  <mprivozn@redhat.com>

	cpu_arm: Support all ARM processors we know about
	So far three ARM processor families are known to libvirt,
	however the cpu driver knows only about one of them. This
	make host initialization on the other two fail:

	2014-06-17 13:35:41.419+0000: 6840: info : libvirt version: 1.2.6
	2014-06-17 13:35:41.419+0000: 6840: error : cpuNodeData:342 : this function is not supported by the connection driver: cannot get node CPU data for armv6l architecture
	2014-06-17 13:35:41.433+0000: 6840: warning : virQEMUCapsInit:943 : Failed to get host CPU

2014-06-20  Michal Privoznik  <miso.privoznik@gmail.com>

	virNodeParseSocket: Take ARM into account
	The virNodeParseSocket() function tries to get socked ID from
	'topology/physical_package_id' file. However, on some architectures
	the file contains the -1 constant which makes in turn libvirt think
	the info extraction was unsuccessful. If that's the case, we need to
	overwrite the obtained integer with zero like we are doing for other
	architectures.

2014-06-20  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfotest: Print error if cpuinfo file can't be opened
	Currently, we are opening the cpuinfo file via fopen() which if fails
	doesn't print any error message. We should do that instead.

	virNodeParseNode: Propagate host architecture
	As in previous commit, there are again some places where we can do
	runtime decision instead of compile time. This time it's whether the
	'topology/physical_package_id' is allowed to have '-1' within or not.
	Then, core ID is pared differently on s390(x) than on the rest of
	architectures.

	nodeinfo: Introduce @arch to linuxNodeInfoCPUPopulate
	So far, we are doing compile time decisions on which architecture is
	used. However, for testing purposes it's much easier if we pass host
	architecture as parameter and then let the function decide which code
	snippet for extracting host CPU info will be used.

2014-06-20  Laine Stump  <laine@laine.org>

	interface: clean up virInterfaceDefDevFormat
	This modifies the formatting function of virInterface to be a proper
	mirror of the parse function, including the addition of a
	"parentIfType" arg so that we can decide whether or not it is
	appropriate to emit the elements that are only in toplevel interfaces,
	as well as the <link> element (which isn't allowed for bridge
	interfaces).

	Since the restructuring of the code necessarily changes the order of
	some of the elements, some test case data had to be updated.

2014-06-20  Laine Stump  <laine@laine.org>

	interface: clean up virInterfaceDefParseXML
	the switch cases for the 4 different interface types had repetitive
	code which has now been pulled out as common. While touching those
	lines, some extra usage of "!= NULL" etc has been eliminated to make
	things more compact and inline with current coding practices.

	NB: parentIfType == VIR_INTERFACE_TYPE_LAST means that this is a
	toplevel interface (not a subordinate of a bridge or bond). Only
	toplevel interfaces can have a start mode, mtu, or IP address element.

2014-06-20  Laine Stump  <laine@laine.org>

	interface: move parsing of bridge attributes into appropriate function
	For some reason the bridge stp mode and delay were put directly into
	the "bridge" case of the switch in virInterfaceDefParseXML(), although
	they are inside the <bridge> element, and so should be parsed in the
	function created for that purpose - virInterfaceBridgeDefFormat().

2014-06-20  Laine Stump  <laine@laine.org>

	interface: report link state for bonds and vlans too
	The interface state for bonds and vlans does seem to reflect the state
	of the underlying physical devices, at least in some cases, so it
	makes sense to allow reporting it (netcf now does).

	The link state/speed for bridge devices is meaningless though, so we
	don't even look for it.

2014-06-20  Peter Krempa  <pkrempa@redhat.com>

	security: Rename virSecurityManagerSetImageLabel to *Disk*
	I'm going to add functions that will deal with individual image files
	rather than whole disks. Rename the security function to make room for
	the new one.

	security: Sanitize type of @migrated in virSecurityManagerRestoreAllLabel
	Also remove one spurious ATTRIBUTE_UNUSED guarding the @migrated
	argument.

	util: Don't require full disk definition when getting imagelabels
	The image labels are stored in the virStorageSource struct. Convert the
	virDomainDiskDefGetSecurityLabelDef helper not to use the full disk def
	and move it appropriately.

	util: storagefile: Introduce helper to free storage source perms
	It will also be reused later.

	util: seclabel: Add deep copy function for device labels

	storage: encryption: Add deep copy function for storage encryption

2014-06-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: limit support for specifying an interface script
	Generally, <interface> ... <script> is only supported for
	type='ethernet'.  Due to the long and pervasive use of

	  <interface type='bridge'>
	    ...
	    <script path='foo'/>
	  </interface>

	in Xen domain configuration, it was agreed to allow the use
	of <script> with type='bridge' for backwards compatibility.  See
	the following discussion thread

	http://www.redhat.com/archives/libvir-list/2013-April/msg00755.html

	This patch limits the use of <script> to interface types ethernet
	and bridge, raising an unsupported config error if <script> is
	specified for all other interface types.

	While at it, use VIR_ERR_CONFIG_UNSUPPORTED instead of
	VIR_ERR_INTERNAL_ERROR when reporting unsupported interface types.

2014-06-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: support interface type=network
	Add support for <interface type='network'> in the libxl driver.

2014-06-19  Eric Blake  <eblake@redhat.com>

	virsh: fix broken code in freepages
	Commit 9e3efe53 broke the build under valgrind or clang, by writing
	8 bytes through an allocation of 4 bytes.  It also risks multiplication
	overflow when mallocing (that's a pervasive problem that needs an
	audit in the rest of the code, but we might as well fix this one while
	we are here), and had a typo.

	* tools/virsh-host.c (cmdFreepages): Avoid integer overflow and
	undefined behavior.

2014-06-19  Laine Stump  <laine@laine.org>

	interface: allow reordering of elements in xml
	The interface xml schema was written with strict rules about the
	ordering of the elements. This was never intentional, but just due to
	omission of <interleave> in the appropriate places. This patch just
	adds in <interleave> wherever there is more than one element, and
	re-indents everything else appropriately.

2014-06-19  Jincheng Miao  <jmiao@redhat.com>

	docs: fix some typos in formatdomain.html
	In section "Block / character devices" of "Host device assignment",
	the description of hostdev element has some error:

	For a block device, the type should be "storage", not "block";
	For a character device, the type should be "misc", not "char".

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfo: Implement nodeGetFreePages
	And add stubs to other drivers like: lxc, qemu, uml and vbox.

	virsh: Expose virNodeGetFreePages
	The new API is exposed under 'freepages' command.

	Introduce virNodeGetFreePages
	The aim of the API is to get information on number of free pages
	on the system. The API behaves similar to the
	virNodeGetCellsFreeMemory(). User passes starting NUMA cell, the
	count of nodes that he's interested in, pages sizes (yes,
	multiple sizes can be queried at once) and the counts are
	returned in an array.

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virCaps: expose pages info
	There are two places where you'll find info on page sizes. The first
	one is under <cpu/> element, where all supported pages sizes are
	listed. Then the second one is under each <cell/> element which refers
	to concrete NUMA node. At this place, the size of page's pool is
	reported. So the capabilities XML looks something like this:

	<capabilities>

	  <host>
	    <uuid>01281cda-f352-cb11-a9db-e905fe22010c</uuid>
	    <cpu>
	      <arch>x86_64</arch>
	      <model>Westmere</model>
	      <vendor>Intel</vendor>
	      <topology sockets='1' cores='1' threads='1'/>
	      ...
	      <pages unit='KiB' size='4'/>
	      <pages unit='KiB' size='2048'/>
	      <pages unit='KiB' size='1048576'/>
	    </cpu>
	    ...
	    <topology>
	      <cells num='4'>
	        <cell id='0'>
	          <memory unit='KiB'>4054408</memory>
	          <pages unit='KiB' size='4'>1013602</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>4071072</memory>
	          <pages unit='KiB' size='4'>1017768</pages>
	          <pages unit='KiB' size='2048'>3</pages>
	          <pages unit='KiB' size='1048576'>1</pages>
	          <distances/>
	          <cpus num='1'>
	            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
	          </cpus>
	        </cell>
	        ...
	      </cells>
	    </topology>
	    ...
	  </host>

	  <guest/>

	</capabilities>

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Introduce pages helpers
	For future work we need two functions that fetches total number of
	pages and number of free pages for given NUMA node and page size
	(virNumaGetPageInfo()).

	Then we need to learn pages of what sizes are supported on given node
	(virNumaGetPages()).

	Note that system page size is disabled at the moment as there's one
	issue connected. If you have a NUMA node with huge pages allocated the
	kernel would return the normal size of memory for that node. It
	basically ignores the fact that huge pages steal size from the system
	memory. Until we resolve this, it's safer to not confuse users and
	hence not report any system pages yet.

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	nodeinfo: Rename nodeGetFreeMemory to nodeGetMemory
	For future work we want to get info for not only the free memory
	but overall memory size too. That's why the function must have
	new signature too.

2014-06-19  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Introduce virNumaNodeIsAvailable
	Not on all hosts the set of NUMA nodes IDs is continuous. This is
	critical, because our code currently assumes the set doesn't contain
	holes. For instance in nodeGetFreeMemory() we can see the following
	pattern:

	    if ((max_node = virNumaGetMaxNode()) < 0)
	        return 0;

	    for (n = 0; n <= max_node; n++) {
	        ...
	    }

	while it should be something like this:

	    if ((max_node = virNumaGetMaxNode()) < 0)
	        return 0;

	    for (n = 0; n <= max_node; n++) {
	        if (!virNumaNodeIsAvailable(n))
	            continue;
	        ...
	    }

2014-06-19  Eric Blake  <eblake@redhat.com>

	virsh: expose new active commit controls
	Add knobs to virsh to manage a 2-phase active commit of the top
	layer, similar to knobs already present on blockcopy.  While this
	code will fail until later patches actually implement the new
	knobs in the qemu driver, doing it now proves that the API is
	usable and also makes it easier for testing the qemu changes as
	they are made.

	* tools/virsh-domain.c (cmdBlockCommit): Add --active, --pivot,
	and --keep-overlay options, modeled after blockcopy.
	(blockJobImpl): Support --active flag.
	* tools/virsh.pod (blockcommit): Document new flags.
	(blockjob): Mention 2-phase commit interaction.

2014-06-19  Eric Blake  <eblake@redhat.com>

	blockjob: use stable disk string in job event
	When the block job event was first added, it was for block pull,
	where the active layer of the disk remains the same name.  It was
	also in a day where we only cared about local files, and so we
	always had a canonical absolute file name.  But two things have
	changed since then: we now have network disks, where determining
	a single absolute string does not really make sense; and we have
	two-phase jobs (copy and active commit) where the name of the
	active layer changes between the first event (ready, on the old
	name) and second (complete, on the pivoted name).

	Adam Litke reported that having an unstable string between events
	makes life harder for clients.  Furthermore, all of our API that
	operate on a particular disk of a domain accept multiple strings:
	not only the absolute name of the active layer, but also the
	destination device name (such as 'vda').  As this latter name is
	stable, even for network sources, it serves as a better string
	to supply in block job events.

	But backwards-compatibility demands that we should not change the
	name handed to users unless they explicitly request it.  Therefore,
	this patch adds a new event, BLOCK_JOB_2 (alas, I couldn't think of
	any nicer name - but at least Migrate2 and Migrate3 are precedent
	for a number suffix).  We must double up on emitting both old-style
	and new-style events according to what clients have registered for
	(see also how IOError and IOErrorReason emits double events, but
	there the difference was a larger struct rather than changed
	meaning of one of the struct members).

	Unfortunately, adding a new event isn't something that can easily
	be broken into pieces, so the commit is rather large.

	* include/libvirt/libvirt.h.in (virDomainEventID): Add a new id
	for VIR_DOMAIN_EVENT_ID_BLOCK_JOB_2.
	(virConnectDomainEventBlockJobCallback): Document new semantics.
	* src/conf/domain_event.c (_virDomainEventBlockJob): Rename field,
	to ensure we catch all clients.
	(virDomainEventBlockJobNew): Add parameter.
	(virDomainEventBlockJobDispose)
	(virDomainEventBlockJobNewFromObj)
	(virDomainEventBlockJobNewFromDom)
	(virDomainEventDispatchDefaultFunc): Adjust clients.
	(virDomainEventBlockJob2NewFromObj)
	(virDomainEventBlockJob2NewFromDom): New functions.
	* src/conf/domain_event.h: Add new prototypes.
	* src/libvirt_private.syms (domain_event.h): Export new functions.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Generate two
	different events.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Likewise.
	* src/remote/remote_protocol.x
	(remote_domain_event_block_job_2_msg): New struct.
	(REMOTE_PROC_DOMAIN_EVENT_BLOCK_JOB_2): New RPC.
	* src/remote/remote_driver.c
	(remoteDomainBuildEventBlockJob2): New handler.
	(remoteEvents): Register new event.
	* daemon/remote.c (remoteRelayDomainEventBlockJob2): New handler.
	(domainEventCallbacks): Register new event.
	* tools/virsh-domain.c (vshEventCallbacks): Likewise.
	(vshEventBlockJobPrint): Adjust client.
	* src/remote_protocol-structs: Regenerate.

2014-06-19  Jim Fehlig  <jfehlig@suse.com>

	Fix xmconfigtest
	Commit ac63014c introduced a regression in the conversion of Xen
	xm config to XML by emitting an empty <cmdline>.  Prior to this
	commit, <cmdline> was omitted if the xm config was missing (or
	contained an empty) 'extra='.

2014-06-18  Ian Campbell  <Ian.Campbell@citrix.com>

	xen: handle root= in xen-xm configuration files.
	In addition to extra= xm supported a root= option which was supposed
	to be incorporated into the final command line. Handle that for "virsh
	domxml-from-native xen-xm". Tested with the libxl backend.

2014-06-18  Pavel Hrdina  <phrdina@redhat.com>

	vbox_snapshot_conf: fix wrong use of 'xmlSaveFormatFileEnc'
	The function 'xmlSaveFormatFileEnc' has a last option to set
	if you want to format dumped xml with whitespaces or not.

	Older libxml2, the one used in RHEL6, take this option as it is
	but newer libxml2 check this option if it's true or not. This
	small difference somehow makes things messy on RHEL6 and generated
	xml had extra new line and extra whitespaces.

	We should pass 1 instead if -1 because the -1 confuses the libxml2.

2014-06-18  Pavel Hrdina  <phrdina@redhat.com>

	tests: fix vbox snapshot xmls
	On RHEL6 the vboxsnapshotxmltest fails because of wrong xml that
	is generated by libvirt. However the core issue is in the xml data
	itself with the wrong indentation.

2014-06-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Correctly spell QEMU
	s/QEemu/QEMU/g

2014-06-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Fix examples and docs for virsh version
	The version command now takes the --daemon parameter for a while and the
	output example was pretty outdated.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1110673

2014-06-18  Serge Hallyn  <serge.hallyn@ubuntu.com>

	virt-aa-helper: allow access to /dev/vhost-net if needed
	Only allow the access if it is a KVM domain which has a NIC which wants
	non-userspace networking.

	This addresses https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1322568

2014-06-18  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added example script on how to convert LXC container config

2014-06-18  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox: fix a segfault when taking a snapshot
	there is a segfault in the vbox driver when taking a snapshot in the
	following functions:
	- vboxDomainGetXMLDesc
	- vboxSnapshotGetReadWriteDisks
	- vboxSnapshotGetReadOnlyDisks

	The virStorageSourcePtr in virDomainDiskDef was not correctly allocated.

	(The problem stems from the fact that commit 4dc5d8f and commit bc3f5f1
	were written in one order but applied in another; so each tested in
	isolation passed, but the combination introduces the problem due to
	changed semantics).

2014-06-17  Peter Krempa  <pkrempa@redhat.com>

	vbox: snapshot: Avoid memleaks in functions dealing with disk arrays
	In virVBoxSnapshotConfRemoveFakeDisks and
	virVBoxSnapshotConfDiskIsInMediaRegistry the disk array constructed from
	all the disks would be leaked at the end of the function and on
	allocation errors. Also the temporary disk list would be leaked.

	Add a cleanup section and free the memory properly.

	Found by coverity.

2014-06-17  Peter Krempa  <pkrempa@redhat.com>

	vbox: snapshot: Avoid memleak in virVBoxSnapshotConfAllChildren
	On re-allocation failure the function would leak already allocated
	memory.

	uuid: Fix coverity warning of unchecked return value
	Coverity checks for patterns of handling return values of functions.
	Some recent addition must have tripped a threshold where coverity now
	complains that we usually check the return value of virUUIDGenerate but
	don't do it in one place. Add a check to make coverity happy.

	network: bridge: Avoid freeing uninitialized pointer on cleanup path
	The cleanup path in networkBuildDhcpDaemonCommandLine could cause a
	crash by freeing uninitialized pointer.

2014-06-17  Peter Krempa  <pkrempa@redhat.com>

	net: leaseshelper: Refactor copying of old entries to avoid double free
	When copying entries from the old lease file into the new array the old
	code would copy the pointer of the json object into the second array
	without removing it from the first. Afterwards when both arrays were
	freed this might lead to a crash due to access of already freed memory.

	Refactor the code to use the new array item stealing helper added to the
	json code so that the entry resides just in one array.

2014-06-17  Peter Krempa  <pkrempa@redhat.com>

	net: leaseshelper: Ignore corrupted lease file and rewrite it
	Instead of reporting an error and terminating, rewrite the file with
	the newly learned info.

	net: leaseshelper: Don't crash if DNSMASQ doesn't provide lease expiry
	The value is provided via environment and causes a crash if not defined.

	util: json: Add helpers for manipulating json arrays
	Add a checker to determine whether a JSON object is an array and a
	helper to steal objects from a JSON array.

	util: json: Unify function header formatting
	Use consistent formatting of function headers:
	- two newlines separating functions
	- function return type on separate line
	- one argument per line

2014-06-16  Eric Blake  <eblake@redhat.com>

	blockjob: don't remove older-style mirror XML
	Commit 7c6fc39 introduced a regression in the XML produced for older
	clients.  The argument at the time was that clients shouldn't be
	depending on output-only data for something that is only going to
	be triggered for a transient guest; but John Ferlan reported that
	the automated testsuite was such a client.  It's better to be safe
	than sorry by guaranteeing back-compat cruft.  Note that later
	patches will be using <mirror> for active block commit, but there
	we don't have to worry about back-compat.

	* src/conf/domain_conf.c (virDomainDiskDefFormat): Restore old
	style output when necessary.
	* docs/schemas/domaincommon.rng: Validate back-compat style.
	* docs/formatdomain.html.in: Update the documentation.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old.xml:
	Update tests.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: Likewise.

2014-06-16  Eric Blake  <eblake@redhat.com>

	blockjob: avoid compiler uncertainty in info sizing
	We have a policy of avoiding enum types in structs in our public
	API, because it is possible for a client to choose compiler options
	that can change the in-memory ABI of that struct based on whether
	the enum value occupies an int or a minimal size.  But we missed
	this for virDomainBlockJobInfo.  We got lucky on little-endian
	machines - if the enum fits minimal size (a char), we still end
	up padding to the next long before the next field; but on
	big-endian, a client interpreting the enum as a char would always
	see 0 when the server supplies contents as an int.

	* include/libvirt/libvirt.h.in (virDomainBlockJobInfo): Enforce
	particular sizing.

2014-06-16  Eric Blake  <eblake@redhat.com>

	blockjob: document recent job addition
	I noticed that the web page lacked documentation on block jobs:
	http://libvirt.org/html/libvirt-libvirt.html#virDomainBlockJobType
	not only for the recently added active commit, but also for all
	the other job types.

	* include/libvirt/libvirt.h.in (virDomainBlockJobType): Document
	recent addition.

2014-06-16  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	Increase the size of REMOTE_MIGRATE_COOKIE_MAX to REMOTE_STRING_MAX
	During guest migration, if the domain xml is bigger than 16384 which is
	easily possible for a guest with good number of disks, message encode fails
	for xdr_remote_domain_migrate_perform3_ret().
	So, Increase the COOKIE_MAX to STRING_MAX value.

2014-06-16  Michal Privoznik  <mprivozn@redhat.com>

	nodedev: Introduce <pci-express/> to PCI devices
	This new element is there to represent PCI-Express capabilities
	of a PCI devices, like link speed, number of lanes, etc.

	virpci: Introduce virPCIDeviceIsPCIExpress and friends
	These functions will handle PCIe devices and their link capabilities
	to query some info about it.

2014-06-16  Eric Blake  <eblake@redhat.com>

	blockcommit: require base below top
	The block commit code looks for an explicit base file relative
	to the discovered top file; so for a chain of:
	  base <- snap1 <- snap2 <- snap3
	and a command of:
	  virsh blockcommit $dom vda --base snap2 --top snap1
	we got a sane message (here from libvirt 1.0.5):
	error: invalid argument: could not find base 'snap2' below 'snap1' in chain for 'vda'

	Meanwhile, recent refactoring has slightly reduced the quality of the
	libvirt error messages, by losing the phrase 'below xyz':
	error: invalid argument: could not find image 'snap2' in chain for 'snap3'

	But we had a one-off, where we were not excluding the top file
	itself in searching for the base; thankfully qemu still reports
	the error, but the quality is worse:
	  virsh blockcommit $dom vda --base snap2 --top snap2
	error: internal error unable to execute QEMU command 'block-commit': Base '/snap2' not found

	Fix the one-off in blockcommit by changing the semantics of name
	lookup - if a starting point is specified, then the result must
	be below that point, rather than including that point.  The only
	other call to chain lookup was blockpull code, which was already
	forcing the lookup to omit the active layer and only needs a
	tweak to use the new semantics.

	This also fixes the bug exposed in the testsuite, where when doing
	a lookup pinned to an intermediate point in the chain, we were
	unable to return the name of the parent also in the chain.

	* src/util/virstoragefile.c (virStorageFileChainLookup): Change
	semantics for non-NULL startFrom.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Adjust caller,
	to keep existing semantics.
	* tests/virstoragetest.c (mymain): Adjust to expose new semantics.

2014-06-16  Eric Blake  <eblake@redhat.com>

	storage: better tests of lookup
	Add some more tests of what happens when we restrict a lookup
	to begin at a point in the middle of a chain.  In particular,
	we want to ensure that a parent is not found when starting at
	the child.  This commit also demonstrates that we have a slight
	difference in behavior on what parent we report when filtering
	is in effect; as the determination of the parent affects the
	code in block commit, exposing this in the testsuite will help
	justify changes in future patches that tweak the semantics of
	what lookups are allowed.

	* tests/virstoragetest.c (testStorageLookup): Test user input.
	(TEST_LOOKUP_TARGET): Add parameter.
	(mymain): Add lookup tests.

2014-06-16  Eric Blake  <eblake@redhat.com>

	storage: renumber lookup tests
	The next patch will be adding tests, including adding a parameter
	for testing more conditions.  For ease of review of that patch, I
	want to create common context lines that don't change when the new
	tests are added (it's easier to visually review additions than it
	is to review an entire chunk of tests rewritten into another
	larger chunk of tests).

	* tests/virstoragetest.c (mymain): Add a parameter and renumber
	the lookup tests.

2014-06-16  Eric Blake  <eblake@redhat.com>

	storage: add alias for less typing
	Typing chain->backingStore->backingStore gets old after a while;
	introduce some alias variables to make the test more compact.

	* tests/virstoragetest.c (mymain): Introduce some shorthand.

2014-06-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't mark all block disks for metadata reuse
	For block devices used as snapshot source the new snapshot code would
	set the reuse flag. This inhibits to take snapshot without specially
	preparing the block image before taking the snapshot.

	Fortunately this is not a regression as only the new way of specifying
	snapshot source is affected.

	For the followin snapshot XML:
	 <domainsnapshot>
	   <disks>
	     <disk name='vda' type='block'>
	       <driver type='qcow2'/>
	       <source dev="/dev/andariel/testsnap" />
	     </disk>
	   </disks>
	 </domainsnapshot>

	You'd get:
	error: internal error: unable to execute QEMU command 'transaction': Image is not in qcow2 format

	After this patch the snapshot is created successfully.

2014-06-16  Pavel Hrdina  <phrdina@redhat.com>

	leaseshelper: fix another crash
	We create a 'lease_new' when we are adding new lease entry, then later
	in the code we add the 'lease_new' into a 'leases_array_new' which
	leads into the crash because we double free the 'lease_new'.

	To prevent the double free we set the 'lease_new' to NULL after
	successful append into the 'leases_array_new'.

2014-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: silent destroy command errors on cleanup
	When virBhyveProcessStart() fails, it tries to unload
	a guest that could have been already loaded using
	bhyveload(8) to make sure not to leave it hanging in memory.

	However, we could fail before loading a VM into memory,
	so 'bhyvectl --destroy' command will fail and print
	an error message that looks confusing to users.

	So ignore errors when running this in cleanup.

2014-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: do not cleanup unallocated networks on fail
	virBhyveProcessStart() calls bhyveNetCleanup() if it fails. However,
	it might fail earlier than networks are allocated, so modify
	bhyveNetCleanup() to check if net->ifname is not NULL before
	going further with the cleanup.

2014-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix crash in bhyveBuildNetArgStr
	bhyveBuildNetArgStr() calls virNetDevTapCreateInBridgePort() and
	passes tapfd = NULL, but tapfdSize = 1. That is wrong, because
	if virNetDevTapCreateInBridgePort() crashes after successfully
	creating a TAP device, it'll jump to 'error' label, that
	loops over tapfd and calls VIR_FORCE_CLOSE:

	   for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)

	In that case we get a segfault.

	As the bhyve code doesn't use tapfd, pass NULL and set tapfdSize to 0.

2014-06-13  Giuseppe Scrivano  <gscrivan@redhat.com>

	storage: report VIR_ERR_NO_STORAGE_VOL when the file doesn't exist
	Report VIR_ERR_NO_STORAGE_VOL instead of a system error when lstat
	fails because the file doesn't exist.

	Fixes this problem in virt-install:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1108922

2014-06-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement PCI address allocation
	Automatically allocate PCI addresses for devices instead
	of hardcoding them in the driver code. The current
	allocation schema is to dedicate an entire slot for each devices.

	Also, allow having arbitrary number of devices.

2014-06-13  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevGetLinkInfo: Don't report link speed if NIC's not up
	The kernel's more broken than one would think. Various drivers report
	various (usually spurious) values if the interface is in other state
	than 'up' . While on some we experience -EINVAL when read()-ing the
	speed sysfs file, with other drivers we might get anything from 0 to
	UINT_MAX. If that's the case it's better to not report link speed.
	Well, the interface is not up anyway.

2014-06-13  Peter Krempa  <pkrempa@redhat.com>

	tests: virstoragetest: Fix output when hitting errors
	When the test is failing but the debug output isn't enabled the
	resulting line would look ugly like and would not contain the actual
	difference.

	TEST: virstoragetest
	      .................chain member 1!chain member 1!chain member 1!

	Store the member index in the actual checked string to hide this problem

2014-06-13  Eric Blake  <eblake@redhat.com>

	blockcommit: update error messages related to block jobs
	A future patch will add two-phase block commit jobs; as the
	mechanism for managing them is similar to managing a block copy
	job, existing errors should be made generic enough to occur
	for either job type.

	* src/conf/domain_conf.c (virDomainHasDiskMirror): Update
	comment.
	* src/qemu/qemu_driver.c (qemuDomainDefineXML)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy): Update error
	message.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice): Likewise.

2014-06-12  Eric Blake  <eblake@redhat.com>

	virsh: improve blockcopy UI
	Peter's review of an early version of my addition of active block
	commit pointed out some issues that I was copying from the block
	copy code; fix them up now before perpetuating them.

	For virsh commands that manage a single API call, it's nice to have
	a 1:1 mapping of options to flags, so that we can test that
	lower-layer software handles flag combinations correctly.  But where
	virsh is introducing syntactic sugar to combine multiple API calls
	into a single user interface, we might as well make that interface
	compact.  That is, we should allow the shorter command-line of
	'blockcopy $dom $disk --pivot' without having to explicitly specify
	--wait, because this isn't directly a flag passed to a single
	underlying API call.

	Also, my use of embedded ?: ternaries bordered on unreadable.

	* tools/virsh-domain.c (cmdBlockCopy): Make --pivot, --finish,
	and --timeout imply --wait. Drop excess ?: operators.
	* tools/virsh.pod (blockcopy): Update documentation.

2014-06-12  Michal Privoznik  <mprivozn@redhat.com>

	virNodeDevCapPCIDevParseXML: Initialize numa_node variable
	With one of my recent patches (1c70277) libvirt's capable of
	reporting NUMA node locality for PCI devices. The node ID is
	stored in pci_dev.numa_node variable. However, since zero is
	valid NUMA node ID, the default is -1 as it is in kernel too.
	So, if the PCI device is not tied to any specific NUMA node, the
	default is then NOT printed into XML. Therefore, when parsing
	node device XML, the <node/> element is optional. But currently,
	if it's not there, we must set sane default, otherwise after
	parsing in the memory representation doesn't match the XML. We
	are already doing this in other place: udevProcessPCI().

2014-06-12  Eric Blake  <eblake@redhat.com>

	blockcommit: fix regression with explicit top argument
	Commit f586965 accidentally changed the semantics of the
	virDomainBlockCommit command; where it previously looked for
	an explicit top argument from the top of the chain, it now
	starts from the backing file of the top.  Of course, until
	we allow active commits, the only difference it makes is in
	the quality of the error message, but with code for active
	commit coming soon, we need to support an explicit mention
	of the active layer.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Start looking
	from top of chain.

2014-06-12  Jincheng Miao  <jmiao@redhat.com>

	virsh: forbid negative vcpu argument to vcpupin
	The vcpupin command allowed specifying a negative number for the --vcpu
	argument. This would the overflow when the underlying virDomainPinVcpu
	API was called.

	 $ virsh vcpupin r7 -1 0
	 error: numerical overflow: input too large: 4294967295

	Switch the vCPU variable to a unsigned int and parse it using the
	corresponding function.

	Also improve the vcpupin test to cover all the defects.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1101059

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Reject negative numbers in vshCommandOptULongLong
	To follow the new semantics of the vshCommandOptToU* functions convert
	this one to reject negative numbers too. To allow using -1 for "maximum"
	semantics for the vol-*load two bandwidth functions that use this helper
	introduce vshCommandOptULongLongWrap.

	virsh: Reject negative numbers in vshCommandOptUL
	To follow the new semantics of the vshCommandOptToU* functions convert
	this one to reject negative numbers too. To allow using -1 for "maximum"
	semantics for the two bandwidth functions that use this helper introduce
	vshCommandOptULWrap. Although currently the migrate-setspeed function
	for the qemu driver will reject -1 as maximum.

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Reject negative numbers in vshCommandOptUInt
	Use virStrToLong_uip instead of virStrToLong_ui to reject negative
	numbers in the helper. None of the callers expects the wraparound
	"feature" for negative numbers.

	Also add a function that allows wrapping of negative numbers as it might
	be used in the future and be explicit about the new semantics in the
	function docs.

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	Fix crash when saving a domain with type none dac label
	qemuDomainGetImageIds did not check if there was a label
	in the seclabel, thus crashing on
	<seclabel type='none' model='dac'/>

	https://bugzilla.redhat.com/show_bug.cgi?id=1108590

2014-06-12  John Ferlan  <jferlan@redhat.com>

	vbox_snapshot_conf: Resolve Coverity warnings
	Clean up some Coverity warnings from commit id '4dc5d8f1'

	vbox_temp: Resolve Coverity warnings
	Clean up code to resolve Coverity RESOURCE_LEAK's from commit id's
	'632b9600' and 'b739f807'.

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	security: Don't skip labelling for network disks
	A network disk might actually be backed by local storage. Also the path
	iterator actually handles networked disks well now so remove the code
	that skips the labelling in dac and selinux security driver.

	storage: volume: Rework lookup of volume objects
	Add a helper to do all the lookup steps and remove a ton of duplicated
	code.

	storage: Clean up unlocking of storage pool objects
	Most of the APIs now don't reach the cleanup section when the pool
	object wasn't found and thus don't need to check before unlocking it.

2014-06-12  Peter Krempa  <pkrempa@redhat.com>

	storage: pool: Fix handling of errors on pool lookup failure
	Rework internal pool lookup code to avoid printing the raw UUID buffer
	in the case a storage pool can't be found:

	 $ virsh pool-name e012ace0-0460-5810-39ef-1bce5fa5a4dd
	 error: failed to get pool 'e012ace0-0460-5810-39ef-1bce5fa5a4dd'
	 error: Storage pool not found: no storage pool with matching uuid à¬à`X9ï_¥¤Ý

	The rework is mostly done by switching the lookup code to the newly
	introduced helper virStoragePoolObjFromStoragePool

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1104993

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	build: prefer -fstack-protector-strong to -all
	Try -fstack-protector-strong first on Linux. If that fails,
	fall back to -fstack-protector-all.

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	build: remove ssp-buffer-size
	This option only makes sense for -fstack-protector.
	With -fstack-protector-all or -fstack-protector-strong,
	functions are protected regardless of buffer size.

	https://bugzilla.redhat.com/show_bug.cgi?id=1105456

2014-06-12  Ján Tomko  <jtomko@redhat.com>

	build: remove duplicit warning suppression
	These warnings have already been added to $dontwarn.

2014-06-11  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve Coverity warnings
	Resolve two Coverity issues introduced by commit id '9b8d6e1e'

2014-06-11  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	virsh: include bhyve in virsh -V output
	Add 'Bhyve' in hypervisor list reported by 'virsh -V'
	if it's compiled it.

2014-06-11  Pavel Hrdina  <phrdina@redhat.com>

	leaseshelper: fix crash
	Commit baafe668 introduced new leaseshelper with a crash of freeing
	env string. Calling 'getenv()' inside 'virGetEnvAllowSUID()' may
	return a static string and we definitely should not free it.

	The author probably want to free the copy of that string.

2014-06-11  Eric Blake  <eblake@redhat.com>

	maint: exempt graphic binaries from syntax check
	Roman Bogorodskiy reported a syntax-check failure when using
	FreeBSD; complaining that:

	prohibit_empty_first_line
	tools/libvirt_win_icon_16x16.ico:1:
	tools/libvirt_win_icon_32x32.ico:1:
	tools/libvirt_win_icon_48x48.ico:1:
	tools/libvirt_win_icon_64x64.ico:1:
	maint.mk: Prohibited empty first line

	In reality, the first 'line' of that file is NOT empty; but since
	it is a binary file, awk is not required to handle it gracefully.
	The simplest solution is to exempt all image files from syntax
	checks in the first place - after all, we only store them in git
	because they are inconvenient to regenerate, but they are not our
	preferred format for making modifications, and syntax check should
	only cover files that we are likely to modify.

	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt images.
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Simplify.
	(exclude_file_name_regexp--sc_trailing_blank): Likewise.

2014-06-11  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	qemu: Properly label FDs when restoring domain with static label
	When saving domain with relabel=no, the file that gets created must have the
	context set anyway.  That way restore can be successful without the need of
	relabelling the file.

2014-06-11  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: make version parsing more robust
	Since commit d69415d4, vmware version is parsed from both stdout and
	stderr. This patch makes version parsing work even if there is garbage
	(libvirt debug messages for example) in the command output.

	Add test data for this case.

2014-06-11  Michal Privoznik  <mprivozn@redhat.com>

	virnetdev: Use ifname in virNetDevGetLinkInfo
	If we're compiling on non-Linux platform, the virNetDevGetLinkInfo()
	is a dummy function which barely logs debug message that getting link
	info is not supported. However, while the debug message was prepared
	for printing the interface name too, I actually forgot to pass the
	variable which resulted in build error on platforms like mingw or
	FreeBSD.

2014-06-11  Michal Privoznik  <mprivozn@redhat.com>

	node_device: Expose link state & speed
	While exposing the info under <interface/> in previous patch works, it
	may work only in cases where interface is configured on the host.
	However, orchestrating application may want to know the link state and
	speed even in that case. That's why we ought to expose this in nodedev
	XML too:

	virsh # nodedev-dumpxml net_eth0_f0_de_f1_2b_1b_f3
	<device>
	  <name>net_eth0_f0_de_f1_2b_1b_f3</name>
	  <path>/sys/devices/pci0000:00/0000:00:19.0/net/eth0</path>
	  <parent>pci_0000_00_19_0</parent>
	  <capability type='net'>
	    <interface>eth0</interface>
	    <address>f0:de:f1:2b:1b:f3</address>
	    <link speed='1000' state='up'/>
	    <capability type='80203'/>
	  </capability>
	</device>

2014-06-11  Michal Privoznik  <mprivozn@redhat.com>

	interface_backend_udev: Implement link speed & state
	In the previous commit the helper function was prepared, so now
	we can wire it up and benefit from it. The Makefile change is
	required because we're including virnedev,h which includes
	virnetlink.h which tries to include netlink/msg.h. However this
	file is not under /usr/include directly but is dependent on libnl
	used.

	virnetdev: Introduce virNetDevGetLinkInfo
	The purpose of this function is to fetch link state
	and link speed for given NIC name from the SYSFS.

2014-06-11  Michal Privoznik  <mprivozn@redhat.com>

	virInterface: Expose link state & speed
	Currently it is not possible to determine the speed of an interface
	and whether a link is actually detected from the API. Orchestrating
	platforms want to be able to determine when the link has failed and
	where multiple speeds may be available which one the interface is
	actually connected at. This commit introduces an extension to our
	interface XML (without implementation to interface driver backends):

	  <interface type='ethernet' name='eth0'>
	    <start mode='none'/>
	    <mac address='aa:bb:cc:dd:ee:ff'/>
	    <link speed='1000' state='up'/>
	    <mtu size='1492'/>
	    ...
	  </interface>

	Where @speed is negotiated link speed in Mbits per second, and state
	is the current NIC state (can be one of the following:  "unknown",
	"notpresent", "down", "lowerlayerdown","testing", "dormant", "up").

2014-06-11  Eric Blake  <eblake@redhat.com>

	nodeinfo: avoid uninitialized variable on error
	Commit 8ba0a58 introduced a compiler warning that I hit during
	a run of ./autobuild.sh:

	../../src/nodeinfo.c: In function 'nodeCapsInitNUMA':
	../../src/nodeinfo.c:1853:43: error: 'nsiblings' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         if (virCapabilitiesAddHostNUMACell(caps, n, memory,
	                                           ^

	Sure enough, nsiblings starts uninitialized, and is set by a call
	to virNodeCapsGetSiblingInfo, but that function fails to assign
	through the pointer if virNumaGetDistances fails.

	* src/nodeinfo.c (nodeCapsInitNUMA): Initialize nsiblings.

2014-06-10  Eric Blake  <eblake@redhat.com>

	storage: fix memory leak with encrypted images
	Jim Fehlig reported a regression found by libvirt-TCK tests:

	> ~ # perl /usr/share/libvirt-tck/tests/qemu/100-disk-encryption.t
	...
	> ok 4 - defined persistent domain config
	> # Starting inactive domain config
	> libvirt error code: 1, message: internal error: unable to execute QEMU command
	> 'cont': 'drive-ide0-0-1'
	> (/var/cache/libvirt-tck/300-disk-encryption/demo.qcow2) is encrypted

	Commit 2279d560 converted a boolean into a pointer with the intent of
	transferring that pointer out of a temporary object into the caller's
	data structure.  The temporary structure meant that meta->encryption
	was always NULL on entry, so we could get away with blindly allocating
	the pointer when the header said so.  But later, commit 8823272d
	tweaked things to do backing chain detection in-place, rather than via
	a temporary object; this has the net result that meta->encryption can
	be non-NULL on entry.  Not only did this turn the latent behavior into
	a memory leak, it is also a behavior regression: blindly allocating a
	new pointer wipes out what secrets we already knew about the chain,
	making it impossible to restart the domain.

	Of course, no one in their right mind should be relying on qcow2
	encryption - it is fundamentally flawed.  And sadly, the TCK tests
	don't get run often enough, and this shows that our virstoragetest
	does not exercise encrypted images at all.  Otherwise, we could
	have avoided a release containing this regression.

	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Don't nuke an already-existing encryption.

2014-06-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	vbox: fix compilation error
	clang complains about possibly uninitialized variable:

	vbox/vbox_snapshot_conf.c:1355:9: error: variable 'ret' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
	    if (!(xPathContext = xmlXPathNewContext(xml))) {
	        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	So init 'ret' with NULL.

2014-06-10  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	virsh: Add details about specified migration host
	the 'migration_host' description may be a bit difficult to
	understand for some users, so enhance the manual

2014-06-10  Eric Blake  <eblake@redhat.com>

	blockcommit: document semantics of committing active layer
	Now that qemu 2.0 allows commit of the active layer, people are
	attempting to use virsh blockcommit and getting into a stuck
	state, because libvirt is unprepared to handle the two-phase
	commit required by qemu.

	Stepping back a bit, there are two valid semantics for a
	commit operation:

	1. Maintain a 'golden' base, and a transient overlay. Make
	changes in the overlay, and if everything appears to work,
	commit those changes into the base, but still keep the overlay
	for the next round of changes; repeat the cycle as desired.

	2. Create an external snapshot, then back up the stable state
	in the backing file. Once the backup is complete, commit the
	overlay back into the base, and delete the temporary snapshot.

	Since qemu doesn't know up front which of the two styles is
	preferred, a block commit of the active layer merely gets
	the job into a synchronized state, and sends an event; then
	the user must either cancel (case 1) or complete (case 2),
	where qemu then sends a second event that actually ends the
	job.  However, until commit e6bcbcd, libvirt was blindly
	assuming the semantics that apply to a commit of an
	intermediate image, where there is only one sane conclusion
	(the job automatically ends with fewer elements in the chain);
	and getting stuck because it wasn't prepared for qemu to enter
	a second phase of the job.

	This patch adds a flag to the libvirt API that a user MUST
	supply in order to acknowledge that they will be using two-phase
	semantics.  It might be possible to have a mode where if the
	flag is omitted, we automatically do the case 2 semantics on
	the user's behalf; but before that happens, I must do additional
	patches to track the fact that we are doing an active commit
	in the domain XML.  Later patches will add support of the flag,
	and once 2-phase semantics are working, we can then decide
	whether to relax things to allow an omitted flag to cause an
	automatic pivot.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_COMMIT_ACTIVE)
	(VIR_DOMAIN_BLOCK_JOB_TYPE_ACTIVE_COMMIT): New enums.
	* src/libvirt.c (virDomainBlockCommit): Document two-phase job
	when committing active layer, through new flag.
	(virDomainBlockJobAbort): Document that pivot also occurs after
	active commit.
	* tools/virsh-domain.c (vshDomainBlockJob): Cover new job.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Explicitly
	reject active copy; later patches will add it in.

2014-06-10  Wangrui (K)  <moon.wangrui@huawei.com>

	docs: fix a typo in hacking.html.in

2014-06-10  Yohan BELLEGUIC  <yohan.belleguic@diateam.net>

	vbox_tmpl.c: Add function for undefining snapshot
	All snapshots information will be deleted from the vbox XML, but
	differencing disks will be kept so the user will be able to redefine the
	snapshot.

	vbox_tmpl.c: Patch for redefining snapshots
	The machine is unregistered and its vbox XML file is changed in order to
	add snapshot information. The machine is then registered with the
	snapshot to redefine.

	Add vbox_snapshot_conf struct
	This structure contains the data to be saved in the VirtualBox XML file
	and can be manipulated with severals exposed functions.
	The structure is created by vboxSnapshotLoadVboxFile taking the
	machine XML file.
	It also can rewrite the XML by using vboxSnapshotSaveVboxFile.

2014-06-10  Manuel VIVES  <manuel.vives@diateam.net>

	vbox_tmpl.c: Better XML description for snapshots
	It will be needed for the future patches because we will
	redefine snapshots

2014-06-10  Ján Tomko  <jtomko@redhat.com>

	SELinux: don't fail silently when no label is present
	This fixes startup of a domain with:
	<seclabel type='none' model='dac'/>
	on a host with selinux and dac drivers and
	security_default_confined = 0

	https://bugzilla.redhat.com/show_bug.cgi?id=1105939
	https://bugzilla.redhat.com/show_bug.cgi?id=1102611

2014-06-09  Laine Stump  <laine@laine.org>

	qemu: ignore -nodefconfig and -nodefaults when parsing commandline
	The qemu driver always adds these options to the qemu commandlines,
	but the commandline parser didn't recognize them, so sending a
	libvirt-generated qemu commandline to its own argvtoxml would always
	result in a warning message and a qemu namespace added to the
	xml. Since the options don't add any functionality to the domain, they
	should just be ignored (similar to -S).

	Note that we can't yet add a test for this to qemuargv2xmltest,
	because we would have to add QEMU_CAPS_NODEFCONFIG and
	QEMU_CAPS_DEVICE to the capabilities for any corresponding
	xml2argvtest, and QEMU_CAPS_DEVICE would necessitate having support
	for parsing a memballoon device in order for qemuargv2xmltest to
	pass. So we wait to add a test for -nodefconfig and -nodefaults until
	after adding support for parsing -device virtio-balloon-*.

2014-06-09  Laine Stump  <laine@laine.org>

	test: display qemuParseCommandline warnings when VIR_TEST_DEBUG > 0
	qmeuargv2xmltest.c would fail any test that logged anything during
	qemuParseCommandline(), but then discard the log message, even with
	VIR_TEST_DEBUG=2. This patch outputs the log messages with
	fprintf(stderr,...) when debug logging is on.

	In the process of modifying that logic, the testInfo data was made
	more similar to that of qemuxml2argvtest.c - rather than turning
	info->extraFlags into a bool, an enum of flags is defined, the info
	struct is given an "unsigned int flags", and FLAG_EXPECT_WARNING is
	saved into info->flags, to be checked during the test; this will make
	it easier to add other FLAG_EXPECT_* items in the future.

2014-06-09  Peter Krempa  <pkrempa@redhat.com>

	parallels: Avoid possible leak of "cpu" from parallelsBuildCapabilities
	4d06af97d38c3648937eb8f732704379b3cd9e59 introduced a possible memory
	leak of the memory allocated into the "cpu" pointer in
	parallelsBuildCapabilities in the case "nodeGetInfo()" would fail right
	after the allocation. Rearrange the code to avoid the possibility of the
	leak.

	Found by Coverity.

2014-06-09  Peter Krempa  <pkrempa@redhat.com>

	m4: bhyve: Fix check for the required bhyve programs
	bhyveload and bhyvectl wouldn't be checked otherwise as the configure
	script wouldn't execute one of the tests:

	checking for bhyve... /usr/local/sbin/bhyve
	checking for bhyvectl... /usr/local/sbin/bhyvectl
	checking for bhyveload... /usr/local/sbin/bhyveload
	./configure: line 62602: test: too many arguments

	Fix the shell statement testing the 3 binaries.

2014-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Relax virtualHW.version check
	The original implementation of the VMX config parser assumed that the
	virtualHW.version would have more influence on the content of the VMX
	file than it actually seems to have. It started with accepting only
	version 4. Additonal versions were added later without any additional
	changes in the parser itself. This suggests that the influence of the
	virtualHW.version on the content and format of the VMX file is small
	or non-existent.

	The parser worked without any changes across several virtualHW and
	vSphere versions. So instead of adding new virtualHW.version values to
	the parser as they come along, or adding an extra flag to allow unknown
	virtualHW.version values just relax the check to require version 4 or
	later.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: alter disk mirror xml output
	Now that we track a disk mirror as a virStorageSource, we might
	as well update the XML to theoretically allow any type of
	mirroring destination (not just a local file).  A later patch
	will also be reusing <mirror> to track the block commit of the
	top layer of a chain, which is another case where libvirt needs
	to update the backing chain after the job is finally pivoted,
	and since backing chains can have network backing files as the
	destination to commit into, it makes more sense to display that
	in the XML.

	This patch changes output-only XML; it was already documented
	that <mirror> does not affect a domain definition at this point
	(because qemu doesn't provide persistent bitmaps yet).  Any
	application that was starting a block copy job with older libvirt
	and then relying on the domain XML to determine if it was
	complete will no longer be able to access the file= and format=
	attributes of mirror that were previously used.  However, this is
	not going to be a problem in practice: the only time a block copy
	job works is on a transient domain, and any app that is managing
	a transient domain probably already does enough of its own
	bookkeeping to know which file it is mirroring into without
	having to re-read it from the libvirt XML.  The one thing that
	was likely to be used in a mirroring job was the ready=
	attribute, which is unchanged.  Meanwhile, I made sure the schema
	and parser still accept the old format, even if we no longer
	output it, so that upgrading from an older version of libvirt is
	seamless.

	* docs/schemas/domaincommon.rng (diskMirror): Alter definition.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Parse two
	styles of mirror elements.
	(virDomainDiskDefFormat): Output new style.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror-old.xml: New
	file, copied from...
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: ...here
	before modernizing.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror-old*: New
	files.
	* tests/qemuxml2xmltest.c (mymain): Test both styles.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: store mirroring information in virStorageSource
	The current implementation of 'virsh blockcopy' (virDomainBlockRebase)
	is limited to copying to a local file name.  But future patches want
	to extend it to also copy to network disks.  This patch converts over
	to a virStorageSourcePtr, although it should have no semantic change
	visible to the user, in anticipation of those future patches being
	able to use more fields for non-file destinations.

	* src/conf/domain_conf.h (_virDomainDiskDef): Change type of
	mirror information.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Localize
	mirror parsing into new object.
	(virDomainDiskDefFormat): Adjust clients.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockPivot)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy): Likewise.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: store disk source as pointer, for easier manipulation
	As part of the work on backing chains, I'm finding that it would
	be easier to directly manipulate chains of pointers (adding a
	snapshot merely adjusts pointers to form the correct list) rather
	than copy data from one struct to another.  This patch converts
	domain disk source to be a pointer.

	In this patch, the pointer is ALWAYS allocated (thanks in part to
	the previous patch forwarding all disk def allocation through a
	common point), and all other changse are just mechanical fallout of
	the new type; there should be no functional change.  It is possible
	that we may want to leave the pointer NULL for a cdrom with no
	medium in a later patch, but as that requires a closer audit of the
	source to ensure we don't fault on a null dereference, I didn't do
	it here.

	* src/conf/domain_conf.h (_virDomainDiskDef): Change type of src.
	* src/conf/domain_conf.c: Adjust all clients.
	* src/security/security_selinux.c: Likewise.
	* src/qemu/qemu_domain.c: Likewise.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_process.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/lxc/lxc_controller.c: Likewise.
	* tests/securityselinuxlabeltest.c: Likewise.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: consolidate disk def allocation
	A future patch wants to create disk definitions with non-zero
	default contents; to avoid crashes, all callers that allocate
	a disk definition should go through a common point.

	I found allocation points by looking for any code that increments
	ndisks, as well as any matches for ALLOC.*disk.  Most places that
	modified ndisks were covered by the parse from XML to domain/device
	definition by initial domain creation or device hotplug; I also
	hand-checked all drivers that generate a device struct on the
	fly during getXMLDesc.

	* src/conf/domain_conf.h (virDomainDiskDefNew): New prototype.
	* src/conf/domain_conf.c (virDomainDiskDefNew): New function.
	(virDomainDiskDefParseXML): Use it.
	* src/parallels/parallels_driver.c (parallelsAddHddInfo):
	Likewise.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
	* src/vmx/vmx.c (virVMXParseDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr):
	Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export it.

2014-06-06  Eric Blake  <eblake@redhat.com>

	conf: store snapshot source as pointer, for easier manipulation
	As part of the work on backing chains, I'm finding that it would
	be easier to directly manipulate chains of pointers (adding a
	snapshot merely adjusts pointers to form the correct list) rather
	than copy data from one struct to another. This patch converts
	snapshot source to be a pointer.

	In this patch, the pointer is ALWAYS allocated (any code that
	increases ndisks now also allocates a source pointer for each
	new disk), and all other changes are just mechanical fallout of
	the new type; there should be no functional change.  It is
	possible that we may want to leave the pointer NULL for internal
	snapshots in a later patch, but as that requires a closer audit
	of the source to ensure we don't fault on a null dereference, I
	didn't do it here.

	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Change
	type of src.
	* src/conf/snapshot_conf.c: Adjust all clients.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Fix virbitmaptest on 32-bit
	My commit 7d8afc4 was passing the incorrect size to
	virBitmapDataToString in the newly added test.

2014-06-06  Michal Privoznik  <mprivozn@redhat.com>

	nodedev: Export NUMA node locality for PCI devices
	A PCI device can be associated with a specific NUMA node. Later, when
	a guest is pinned to one NUMA node the PCI device can be assigned on
	different NUMA node. This makes DMA transfers travel across nodes and
	thus results in suboptimal performance. We should expose the NUMA node
	locality for PCI devices so management applications can make better
	decisions.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Implement pretty flag for vcpuinfo and nodecpumap
	Report CPU affinities / online CPUs in human-readable form when
	this flag is present:

	Before:
	CPU Affinity:   y-yy

	After:
	CPU Affinity:   0,2-3 (out of 4)

	https://bugzilla.redhat.com/show_bug.cgi?id=985980

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Introduce virBitmapDataToString
	For converting bitmap data to human-readable strings.

	Always report an error if virBitmapFormat fails
	It already reports an error if STRDUP fails.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	Format NULL bitmap as an empty string
	This simplifies the usage in {libxl,qemu}DomainGetNumaParameters
	and it's needed for consistent error reporting in virBitmapFormat.

	Also remove the forgotten ATTRIBUTE_NONNULL marker.

2014-06-06  Ján Tomko  <jtomko@redhat.com>

	virsh: Separate API calls and result printing in cmdVcpuinfo
	This allows reuse of the result printing code.

	virsh: Invert logic in cmdVcpuinfo
	Initialize 'ret' to false and introduce a cleanup label.

2014-06-06  Alexander Burluka  <aburluka@parallels.com>

	Parallels: Include CPU info in the capabilities XML
	Openstack uses (or will start to using) CPU info from the
	capabilities XML. So this section is expanded, added CPU info
	about arch, type and info about number of cores, sockets and threads.

	Parallels: add connectBaselineCPU()
	Openstack Nova (starting at Icehouse release) requires this function
	to start VM.

	Parallels: add domainGetVcpus()
	OpenStack Nova requires this function
	to start VM instance. Cpumask info is obtained via prlctl utility.
	Unlike KVM, Parallels Cloud Server is unable to set cpu affinity
	mask for every VCpu. Mask is unique for all VCpu. You can set it
	using 'prlctl set <vm_id|vm_name> --cpumask <{n[,n,n1-n2]|all}>'
	command. For example, 'prlctl set SomeDomain --cpumask 0,1,5-7'
	would set this mask to yy---yyy.

2014-06-06  Martin Kletzander  <mkletzan@redhat.com>

	maint: prohibit empty first lines
	Based on discussion with Eric:

	https://www.redhat.com/archives/libvir-list/2014-March/msg01001.html

2014-06-06  Martin Kletzander  <mkletzan@redhat.com>

	Remove unnecessary empty first lines

	translations: Don't leave default template fields in .po files
	New gettext-0.19 doesn't like it and we can't build without it.

2014-06-05  Ján Tomko  <jtomko@redhat.com>

	Fix storage format probing
	Commit fff74b2 moved the probing into virStorageFileGetMetadataFromBuf
	but didn't update the format in volume definition.

	https://bugzilla.redhat.com/show_bug.cgi?id=1104908

2014-06-05  Ján Tomko  <jtomko@redhat.com>

	Simplify conditions in virStorageBackendProbeTarget
	Jump out early if no metadata was detected (for directories).
	Join the error and cleanup labels.

	Don't reuse 'ret' variable in virStorageBackendProbeTarget
	To match the convention:
	ret - current function's return value
	rc - other function's return values

2014-06-05  Michal Privoznik  <mprivozn@redhat.com>

	formatcaps: Rework and add stubs to document
	At the moment we are missing even basic documentation on our
	capabilities XML. Without demand on completeness, I'm
	reorganizing the document structure and adding very basic
	documentation to two major components of the capabilities XML.
	These stubs are intended to be enhanced in the future.

	vircaps2xmltest: Introduce basic testing
	For now only one test is introduced. It's purpose in life
	is to check we don't break NUMA host distances XML format.

2014-06-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: add migration support
	This patch adds initial migration support to the libxl driver,
	using the VIR_DRV_FEATURE_MIGRATION_PARAMS family of migration
	functions.

	libxl: introduce libxlDomainDefCheckABIStability
	Introduce a simple libxlDomainDefCheckABIStability() function that
	can be used check ABI stability between two virDomainDef objects.

2014-06-05  Eric Blake  <eblake@redhat.com>

	maint: detect VPATH builds when checking for gnulib update
	I accidentally typed 'make' in the srcdir of a VPATH build, and
	was surprised to see this:

	$ make
	/bin/sh: s/^[ +-]//;s/ .*//: No such file or directory
	INFO: gnulib update required; running ./autogen.sh first
	make: -n: Command not found
	./autogen.sh
	I am going to run ./configure with no arguments - if you wish
	to pass any to it, please specify them on the ./autogen.sh command line.
	running bootstrap...
	./bootstrap: Bootstrapping from checked-out libvirt sources...
	./bootstrap: getting gnulib files...

	Oops - we're trying to execute some fairly bogus command names,
	and then trying to configure in-tree (which breaks all existing
	VPATH builds, since automake refuses to do a VPATH build if it
	detects an in-tree configure).  The third line (executing "-n")
	is fixed by updating to the latest gnulib; the rest of the problem
	is fixed by copying the same filtering in our cfg.mk as what
	gnulib just added, so that we avoid any $(shell) invocations which
	in turn depend on variables that are only populated by a working
	Makefile.  With that in place, we are back to the much nicer:

	$ make
	There seems to be no Makefile in this directory.
	You must run ./configure before running 'make'.
	make: *** [abort-due-to-no-makefile] Error 1

	Additionally, although harder to see - there was a trailing space in
	the message warning us that autogen would run an in-tree configure.

	* .gnulib: Update to latest, in part for maint.mk improvements.
	* cfg.mk (_update_required): Don't check for update in
	unconfigured directory.
	* autogen.sh (no_git): Drop trailing space.

2014-06-04  Eric Blake  <eblake@redhat.com>

	maint: optimize locale.h syntax check
	Reusing the maint.mk code allows for a more efficient syntax check
	(fewer grep processes), and a more compact representation of what
	we are really checking for in commit 1919e35.

	* cfg.mk (sc_require_locale_h): Use maint.mk loop instead of
	rolling our own.

2014-06-04  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Check for numa_bitmask_isbitset presence
	On some systems, libnuma can be present but it's so ancient that
	it misses some symbols that virNumaGetDistances() needs. To be
	more precise: numa_bitmask_isbitset() and numa_nodes_ptr are the
	symbols in question. Fortunately, they were both introduced in
	the same release so it's sufficient for us to check for only one
	of them. And the winner is numa_bitmask_isbitset().

	cfg.mk: Introduce rule for setlocale()
	In the past we had some issues where setlocale() was called without
	corresponding include of locale.h. While on some systems this may
	work, on others the compilation failed. We should have a syntax-check
	rule for that to prevent this from happening again.

2014-06-04  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Implement virNumaGetDistances stub for non-NUMA
	In case the libvirt is built without numactl support, we're
	missing the virNumaGetDistances() stub so the linking fails:

	  CCLD     libvirt_lxc
	libvirt_lxc-nodeinfo.o: In function `virNodeCapsGetSiblingInfo':
	/home/zippy/tmp/libvirt.git/src/nodeinfo.c:1763: undefined reference to `virNumaGetDistances'
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirt_lxc] Error 1

	The issue was introduced in 77c830d8c4.

2014-06-04  Michal Privoznik  <mprivozn@redhat.com>

	virCaps: Expose distance between host NUMA nodes
	If user or management application wants to create a guest,
	it may be useful to know the cost of internode latencies
	before the guest resources are pinned. For example:

	<capabilities>

	  <host>
	    ...
	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>4004132</memory>
	          <distances>
	            <sibling id='0' value='10'/>
	            <sibling id='1' value='20'/>
	          </distances>
	          <cpus num='2'>
	            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
	            <cpu id='2' socket_id='0' core_id='2' siblings='2'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>4030064</memory>
	          <distances>
	            <sibling id='0' value='20'/>
	            <sibling id='1' value='10'/>
	          </distances>
	          <cpus num='2'>
	            <cpu id='1' socket_id='0' core_id='0' siblings='1'/>
	            <cpu id='3' socket_id='0' core_id='2' siblings='3'/>
	          </cpus>
	        </cell>
	      </cells>
	    </topology>
	    ...
	  </host>
	  ...
	</capabilities>

	We can see the distance from node1 to node0 is 20 and within nodes 10.

2014-06-04  Michal Privoznik  <mprivozn@redhat.com>

	virnuma: Introduce virNumaGetDistances
	The API gets a NUMA node and find distances to other nodes.  The
	distances are returned in an array. If an item X within the array
	equals to value of zero, then there's no such node as X.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	tests: monitor: json: Fix error message when returning json in json
	The qemu JSON monitor test allows to test also expected command
	arguments. As the error from the monitor simulator is returned as a
	simulated qemu error (in JSON) all other JSON contained in the error
	message needs to be escaped. This will happen if the monitor command
	under test receives a JSON array as an argument.

	This will improve the error message from:
	libvirt:  error : internal error: cannot parse json { "error":  { "desc":
	"Invalid value of argument 'keys' of command 'send-key': expected 'ble'
	got '[{"type":"number","data":43},{"type":"number","data":26},
	{"type":"number","data":46},{"type":"number","data":32}]'",
	"class": "UnexpectedCommand" } }: lexical error: invalid string in json text.

	To:
	libvirt: QEMU Driver error : internal error: unable to execute QEMU
	command 'send-key': Invalid value of argument 'keys' of command
	'send-key': expected 'ble' got '[{"type":"number","data":43},
	{"type":"number","data":26},{"type":"number","data":46},
	{"type":"number","data":32}]'

	This improvement will not have any effect on tests executing as
	expected, but it will help test development.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	network: bridge: Avoid memory leak from networkBuildDhcpDaemonCommandLine
	If the leasehelper_path couldn't be found the code would leak the
	freshly constructed command structure. Re-arrange code to avoid the
	problem.

	Found by coverity, broken by baafe668fa56767c031468ccd5df3e62eaa11370.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	tests: Build virstoragetest only when storage driver is compiled too
	virstoragetest now requires parts of the storage driver to be built.
	Without this change the test can't be compiled on platforms that don't
	build the storage driver (mingw).

	make[2]: *** No rule to make target `../src/libvirt_driver_storage_impl.la', needed by `virstoragetest.exe'.  Stop.

	Broken by commit 713cc3b0a7ff8ad42b4c13429b624d1b2b5a99f2

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix type of holdtime argument in qemuMonitorJSONSendKey
	qemuMonitorJSONSendKey declares the "holdtime" argument as unsigned int
	while the command was constructed in qemuMonitorJSONMakeCommand using
	the "P" modifier which took a unsigned long from the variable
	arguments which then made it possible to access uninitialized memory.

	This broke the qemumonitorjsontest on 32bit fedora 20:
	64) qemuMonitorJSONSendKey
	... libvirt: QEMU Driver error : internal error: unsupported data type 'W' for arg 'WVSì D$0èwÿÿÃAå' FAILED

	Uncovered by upstream commit f744b831c66d9e82453f7a96cab5eddf7570c253.

	Additionally add test for the hold-time option.

2014-06-03  Daniel P. Berrange  <berrange@redhat.com>

	libxl: Avoid possible use of uninitialized mem in libxlDomainStart
	The 'libxl_domain_config' object is stack allocated which means its
	memory contents are undefined. The libxl_domain_config_dispose() call
	is only safe if the memory is initialized to a defined state. Not all
	code paths which reach libxl_domain_config_dispose() will ensure that
	libxl_domain_config_init() is called. Move the libxl_domain_config_init()
	call earlier in the function to ensure all codepaths have defined
	memory state.

	libxl: Move virDomainXMLOptionNew into libxlCreateXMLConf
	To allow the test suite to creat the XML option object,
	move the virDomainXMLOptionNew call into a libxlCreateXMLConf
	method.

	libxl: Don't pass libxlDriverPrivatePtr into libxlBuildDomainConfig
	To make it easier to test, change libxlBuildDomainConfig so
	that it takes a virPortAllocatorPtr instead of the larger
	libxlDriverPrivatePtr object.

	libxl: Don't pass virDomainObjPtr to libxlBuildDomainConfig
	To make it easier to unit test, change libxlBuildDomainConfig
	so that it takes 'virDomainDefPtr' and 'libxl_ctx *' objects
	as separate parameters.

2014-06-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return in from qemuDomainRemove*Device
	Some of the APIs already return int since they can produce errors that
	need to be propagated. For consistency reasons, this patch changes the
	rest of the APIs to also return int even though they do not fail or
	report any errors.

	qemu: Remove character device backend only after frontend is gone
	In general, we should only remove a backend after seeing DEVICE_DELETED
	event for a corresponding frontend.

	qemu: Remove disk backend only after frontend is gone
	In general, we should only remove a backend after seeing DEVICE_DELETED
	event for a corresponding frontend. This doesn't make any difference for
	disks attached using -drive or drive_add since QEMU automatically
	removes their backends but it's still better to make our code
	consistent. And it may start making difference in case we switch to
	attaching disks using -blockdev.

2014-06-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove interface backend only after frontend is gone
	[1] reported that we are removing network's backend too early. I didn't
	really get the reproducer but libvirt behaves strangely when a guest
	does not confirm the removal, e.g., it does not support PCI hotplug. In
	such case, detaching a network device leaves its frontend in place but
	removes the backend, which makes the device unusable for the guest.
	Moreover attaching the same device again succeeds and both the guest and
	libvirt will see two network interfaces attached but only one of them is
	actually working.

	I checked with Paolo Bonzini and he confirmed we should only remove a
	backend after seeing DEVICE_DELETED event for a corresponding frontend.

	[1] https://www.redhat.com/archives/libvir-list/2014-March/msg01740.html

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	tests: storagetest: Unify and reformat storage chain format string
	All the fields crammed into two lines weren't easy to parse by human
	eyes. Split up the format string into lines and put it into a central
	variable so that changes in two places aren't necessary.

	qemu: json: Add format strings for optional command arguments
	This patch adds option to specify that a json qemu command argument is
	optional without the need to use if's or ternary operators to pass the
	list. Additionally all the modifier characters are documented to avoid
	user confusion.

	util: string: Return element count from virStringSplit
	To allow using the array manipulation macros on the arrays returned by
	virStringSplit we need to know the count of the elements in the array.
	Modify virStringSplit to return this value, rename it and add a helper
	with the old name so that we don't need to update all the code.

	storage: Traverse backing chains of network disks
	Now we don't need to skip backing chain detection for remote disks.

	storage: Change to new backing store parser
	Use the new backing store parser in the backing chain crawler. This
	change needs one test change where information about the NBD image are
	now parsed differently.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Add infrastructure to parse remote network backing names
	Add parsers for relative and absolute backing names for local and remote
	storage files.

	This parser parses relative paths as relative to their parents and
	absolute paths according to the protocol or local access.

	For remote storage volumes, all URI based backing file names are
	supported and for the qemu colon syntax the NBD protocol is supported.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Switch metadata crawler to use storage driver file access check
	Use virStorageFileAccess() to to check whether the file is accessible in
	the main part of the metadata crawler.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Switch metadata crawler to use storage driver to read headers
	Use virStorageFileReadHeader() to read headers of storage files possibly
	on remote storage to retrieve the image metadata.

	The backend information is now parsed by
	virStorageFileGetMetadataInternal which is now exported from the util
	source and virStorageFileGetMetadataFromFDInternal now doesn't need to
	be exported.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Switch metadata crawler to use storage driver to get unique path
	Use the virStorageFileGetUniqueIdentifier() function to get a unique
	identifier regardless of the target storage type instead of relying on
	canonicalize_path().

	A new function that checks whether we support a given image is
	introduced to avoid errors for unimplemented backends.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Add possibility to suppress errors from backend lookup
	Add a new function wrapper and tweak the storage file backend lookup
	function so that it can be used without reporting error. This will be
	useful in the metadata crawler code where we need silently break if
	metadata retrieval is not supported for the current storage type.

	test: storage: Initialize storage source to correct type
	Stat the path of the storage file being tested to set the correct type
	into the virStorageSource. This will avoid breaking the test suite when
	inquiring metadata of directory paths in the next patches.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Determine the local storage type right away
	When walking the backing chain we previously set the storage type to
	_FILE and let the virStorageFileGetMetadataFromFDInternal update it to
	the correct type later on.

	This patch moves the actual storage type determination to the place
	where we parse the backing store name so that the code can later be
	switched to use virStorageFileReadHeader() directly.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Move virStorageFileGetMetadata to the storage driver
	My future work will modify the metadata crawler function to use the
	storage driver file APIs to access the files instead of accessing them
	directly so that we will be able to request the metadata for remote
	files too. To avoid linking the storage driver to every helper file
	using the utils code, the backing chain traversal function needs to be
	moved to the storage driver source.

	Additionally the virt-aa-helper and virstoragetest programs need to be
	linked with the storage driver as a result of this change.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: Add API to check accessibility of storage volumes
	Add a storage driver API equivalent of the access() function.
	Implementations for the filesystem and gluster backends are provided.

2014-06-03  Peter Krempa  <pkrempa@redhat.com>

	storage: backend: Add unique id retrieval API
	Different protocols have different means to uniquely identify a storage
	file. This patch implements a storage driver API to retrieve a unique
	string describing a volume. The current implementation works for local
	storage only and returns the canonical path of the volume.

	To add caching support the local filesystem driver now has a private
	structure holding the cached string, which is created only when it's
	initially accessed.

	This patch provides the implementation for local files only for start.

2014-06-03  Michal Privoznik  <mprivozn@redhat.com>

	xenapi_utils: Adapt to enum cleanups
	It was just very recently that we transfered from:

	  enum virSomeEnumName{
	      ...
	  };

	to:
	  typedef enum {
	      ...
	  } virSomeEnumName;

	This change requires some code adaptation, which wasn't done for
	xenapi driver. With this fix we are able to build again.

2014-06-03  Michal Privoznik  <mprivozn@redhat.com>

	virnuma.c: Fix some comments
	In 9dd02965 the virNumaGetNodeMemory was introduced, however the
	comment describing the function mentions virNumaGetNodeMemorySize.
	And there's one typo in virNumaIsAvailable() description.

2014-06-02  Julio Faracco  <jcfaracco@gmail.com>

	conf: more enum cleanups in "src/conf/domain_conf.h"
	In "src/conf/domain_conf.h" there are many enum declarations. The
	cleanup in this header filer was started, but it wasn't enough and
	there are many other files that has enum variables declared. So, the
	commit was starting to be big. This commit finish the cleanup in this
	header file and in other files that has enum variables, parameters,
	or functions declared.

	conf: enum cleanups in "src/conf/domain_conf.h"
	In "src/conf/domain_conf.h" there are many enumerations (enum)
	declarations to be converted as a typedef too. As mentioned before,
	it's better to use a typedef for variable types, function types and
	other usages. I think this file has most of those enum declarations
	at "src/conf/". So, me and Eric Blake plan to keep the cleanups all
	over the source code. This time, most of the files changed in this
	commit are related to part of one file: "src/conf/domain_conf.h".

	cpu: use typedefs for enums in "src/cpu/cpu_map.h"
	In "src/cpu/" there are some enumerations (enum) declarations.
	Similar to the recent cleanup to "src/util", "src/conf" and other
	directories, it's better to use a typedef for variable types,
	function types and other usages. Other enumeration and folders will
	be changed to typedef's in the future. Specially, in files that are
	in different places of "src/util" and "src/conf". Most of the files
	changed in this commit are related to CPU (cpu_map.h) enums.

2014-06-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh-nodedev: Avoid spurious errors
	Our public free functions explicitly don't accept NULL pointers
	(sigh). Therefore, callers must do something like this:

	    if (dev)
	        virNodeDeviceFree(dev);

	And we are not doing that on two places I've found. This leads to
	dummy error message thrown by virsh:

	    virsh # nodedev-dumpxml nonexistent-device
	    error: Could not find matching device 'nonexistent-device'
	    error: invalid node device pointer in virNodeDeviceFree

2014-06-02  Ján Tomko  <jtomko@redhat.com>

	Don't use AI_ADDRCONFIG when binding to wildcard addresses
	https://bugzilla.redhat.com/show_bug.cgi?id=1098659

	With parallel boot, network addresses might not yet be assigned [1],
	but binding to wildcard addresses should work.

	For non-wildcard addresses, ADDRCONFIG is still used. Document this
	in libvirtd.conf.

	[1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

2014-06-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unref cfg when detaching hostdev interface

2014-06-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Process DEVICE_DELETED event in a separate thread
	Currently, we don not acquire any job when removing a device after
	DEVICE_DELETED event was received from QEMU. This means that if there is
	another API running at the time DEVICE_DELETED is delivered and the API
	acquired a job, we may happily change the definition of the domain the
	API is working with whenever it unlocks the domain object (e.g., to talk
	with its monitor). That said, we have to acquire a job before finishing
	device removal to make things safe. However, doing so in the main event
	loop would cause a deadlock so we need to move most of the event handler
	into a separate thread.

	Another good reason for both acquiring a job and handling the event in a
	separate thread is that we currently remove a device backend immediately
	after removing its frontend while we should only remove the backend once
	we already received DEVICE_DELETED event. That is, we will have to talk
	to QEMU monitor from the event handler.

2014-06-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Finish device removal in the original thread
	If QEMU supports DEVICE_DELETED event, we always call
	qemuDomainRemoveDevice from the event handler. However, we will need to
	push this call away from the main event loop and begin a job for it (see
	the following commit), we need to make sure the device is fully removed
	by the original thread (and within its existing job) in case the
	DEVICE_DELETED event arrives before qemuDomainWaitForDeviceRemoval times
	out.

	Without this patch, device removals would be guaranteed to never finish
	before the timeout because the could would be blocked by the original
	job being still active.

2014-06-02  Pavel Hrdina  <phrdina@redhat.com>

	Fix build on freebsd
	On freebsd there isn't known "setlocale" so we have to include locale.h

2014-06-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Add helper program to create custom leases
	Introduce helper program to catch events from dnsmasq and maintain a custom
	lease file per network. It supports dhcpv4 and dhcpv6. The file is saved as
	"<interface-name>.status".

	Each lease contains the following info:
	<expiry-time (epoch time)> <mac> <iaid> <ip-address> <hostname> <clientid>

	Example of custom leases file content:
	[
	    {
	        "iaid": "1221229",
	        "ip-address": "2001:db8:ca2:2:1::95",
	        "mac-address": "52:54:00:12:a2:6d",
	        "hostname": "Fedora20",
	        "client-id": "00:04:1a:c1:d9:6b:5a:0a:e2:bc:f8:4b:1e:37:2e:38:22:55",
	        "expiry-time": 1393244216
	    },
	    {
	        "ip-address": "192.168.150.208",
	        "mac-address": "52:54:00:11:56:b3",
	        "hostname": "Wani-PC",
	        "client-id": "01:52:54:00:11:56:b3",
	        "expiry-time": 1393244248
	    }
	]

	src/Makefile.am:
	   * Add options to compile the helper program

	src/network/bridge_driver.c:
	   * Introduce networkDnsmasqLeaseFileNameCustom()
	   * Invoke helper program along with dnsmasq
	   * Delete the .status file when corresponding n/w is destroyed.

	src/network/leaseshelper.c
	   * Helper program to create the custom lease file

2014-06-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: Check whether found volume is member of the specified storage pool
	When looking up storage volumes virsh uses multiple lookup steps. Some
	of the steps don't require a pool name specified. This resulted into a
	possibility that a volume would be part of a different pool than the
	user specified:

	Let's have a /var/lib/libvirt/images/test.qcow image in the 'default'
	pool and a second pool 'emptypool':

	Currently we'd return:
	  $ virsh vol-info --pool emptypool /var/lib/libvirt/images/test.qcow
	  Name:           test.qcow
	  Type:           file
	  Capacity:       100.00 MiB
	  Allocation:     212.00 KiB

	After the fix:
	 $ tools/virsh vol-info --pool emptypool /var/lib/libvirt/images/test.qcow
	 error: Requested volume '/var/lib/libvirt/images/test.qcow' is not in pool 'emptypool'

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1088667

2014-06-02  Daniel Veillard  <veillard@redhat.com>

	Bump version to 1.2.6 for new dev cycle

	Forgot spec changelog in 1.2.5 commit

	Release of libvirt-1.2.5
	* docs/news.html.in: update for release
	* po/*.po*: updated ukrainian localization and regenerated

2014-06-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: bhyve driver documentation improvements
	- Document 'domxml-to-native' command
	- Mention that the nmdm console support needs an appropriate
	  kernel module loaded

2014-06-01  Laine Stump  <laine@laine.org>

	util: fix DST end date in virtimetest timezones
	Reported by: Roman Bogorodskiy <bogorodskiy@gmail.com>

	Some of the tests for virTimeLocalOffsetFromUTC set an imaginary
	timezone that attempts to force dyalight savings time active all the
	time by setting a start date of 0/00:00:00 and end date of
	366/23:59:59. Since the day is 0-based, 366 really means "day 367"
	which will never occur - this was an attempt to eliminate problems
	with DST not being active in some cases right around midnight on
	January 1. Even though it didn't completely solve the problem, it
	didn't seem to cause harm so it was left in the test timezones.

	Although Linux glibc doesn't mind having a DST end date of 366,
	FreeBSD refuses to use such timezones, so the tests fail. This patch
	changes the 366 to 365.

	This may or may not cause failure of the remaining DST tests around
	midnight Jan 1. If so, we will need to disable those tests at year's
	end too.

2014-05-31  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on 32-bit platform
	On a 32-bit platform:

	virstringtest.c: In function 'mymain':
	virstringtest.c:673: warning: this decimal constant is unsigned only in ISO C90

	I already had a comment in the file about the 64-bit counterpart;
	the easiest fix was to make both sites use the standardized macro
	that is guaranteed to work.

	* tests/virstringtest.c (mymain): Minimum signed integers are a pain.

2014-05-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Improve detection of mixed snapshots
	Currently we don't support mixed (external + internal) snapshots. The
	code detecting the snapshot type didn't make sure that the memory image
	was consistent with the snapshot type leading into strange error
	message:

	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=external,file=/tmp/blah
	 error: internal error: unexpected code path

	Fix the mixed detection code to detect this kind of mistake:

	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=external,file=/tmp/blah
	 error: unsupported configuration: mixing internal and external targets for a snapshot is not yet supported

2014-05-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Reject internal active snapshot without memory state
	A internal snapshot of a active VM with the memory snapshot disabled
	explicitly would actually still take the memory snapshot. Reject it
	explicitly.

	Before:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=no
	 Domain snapshot 1401353155 created

	After:
	 $ virsh snapshot-create-as --domain VM --diskspec vda,snapshot=internal --memspec snapshot=no
	 error: Operation not supported: internal snapshot of a running VM must include the memory state

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1083345

2014-05-29  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Fix crash of libvirtd on network backed guest block-pull
	For guests backed by gluster volumes (or other network storage) we don't
	fill the backing chain (see qemuDomainDetermineDiskChain). This leaves
	the "relPath" field of the top image NULL. This causes a crash in
	virStorageFileChainLookup() when looking up a backing element for such a
	disk.

	Since I'm working on adding support for network storage and one of the
	steps will make the "relPath" field optional let's use STREQ_NULLABLE
	instead of STREQ in virStorageFileChainLookup() to avoid the problem.

2014-05-29  Laine Stump  <laine@laine.org>

	util: fix virTimeLocalOffsetFromUTC DST processing
	The original version of virTimeLocalOffsetFromUTC() would fail for
	certain times of the day if daylight savings time was active. This
	could most easily be seen by uncommenting the TEST_LOCALOFFSET() cases
	that include a DST setting.

	After a lot of experimenting, I found that the way to solve it in
	almost all test cases is to set tm_isdst = -1 in the struct tm prior
	to calling mktime(). Once this is done, the correct offset is returned
	for all test cases at all times except the two hours just after
	00:00:00 Jan 1 UTC - during that time, any timezone that is *behind*
	UTC, and that is supposed to always be in DST will not have DST
	accounted for in its offset.

	I believe that the code of virTimeLocalOffsetFromUTC() actually is
	correct for all cases, but the problem still encountered is due to our
	inability to come up with a TZ string that properly forces DST to
	*always* be active. Since a modfication of the (currently fixed)
	expected result data to account for this would necessarily use the
	same functions that we're trying to test, I've instead just made the
	test program conditionally bypass the problematic cases if the current
	date is either December 31 or January 1. This way we get maximum
	testing during 363 days of the year, but don't get false failures on
	Dec 31 and Jan 1.

2014-05-29  Eric Blake  <eblake@redhat.com>

	virsh: fix typos in virsh man page
	* tools/virsh.pod (attach-disk): Drop duplicate --config, fix typo
	in --sourcetype.

2014-05-29  Eric Blake  <eblake@redhat.com>

	maint: fix typo in previous patch
	Use correct variable name.

	* m4/virt-selinux.m4: Fix one last variable name.

2014-05-29  Jim Fehlig  <jfehlig@suse.com>

	maint: cleanup detection of const'ness of selinux ctx
	Commit 292d3f2d fixed the build with libselinux 2.3, but missed
	some suggestions by eblake

	https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html

	This patch changes the macro introduced in 292d3f2d to either be
	empty in the case of newer libselinux, or contain 'const' in the
	case of older libselinux.  The macro is then used directly in
	tests/securityselinuxhelper.c.

2014-05-28  Cédric Bosdonnat  <cbosdonnat@suse.com>

	build: fix build with libselinux 2.3
	Several function signatures changed in libselinux 2.3, now taking
	a 'const char *' instead of 'security_context_t'.  The latter is
	defined in selinux/selinux.h as

	  typedef char *security_context_t;

2014-05-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: managedsave: Don't spam logs with warnings about corrupted image
	Even successful start of a VM from a managed save image would spam the
	logs with the following message:

	Unable to restore from managed state [path]. Maybe the file is
	corrupted?

	Re-arrange the logic to output the warning only when the image is
	corrupted.

	The flaw was introduced in commit cfc28c66.

2014-05-28  Peter Krempa  <pkrempa@redhat.com>

	utils: storage: Canonicalize paths only for local filesystems
	Now that virStorageFileGetMetadataFromBuf is used only for remote
	filesystems, don't canonicalize the path in it.

2014-05-28  Peter Krempa  <pkrempa@redhat.com>

	storage: fs: Drop-in replace use of virStorageFileGetMetadataFromBuf
	Use virStorageFileGetMetadataFromFD instead in
	virStorageBackendProbeTarget as it now returns all required data and the
	storage file is already open in a filedescriptor.

	Also fix improper error code being returned when virFileReadHeaderFD
	would fail as virStorageBackendUpdateVolTargetInfoFD would set the
	return code to 0.

2014-05-28  Peter Krempa  <pkrempa@redhat.com>

	storage: Return backing format from virStorageFileGetMetadataFromFD
	Add argument to return backing file format of a file probed by
	virStorageFileGetMetadataFromFD so that it can be used in place of
	virStorageFileGetMetadataFromBuf.

2014-05-28  Eric Blake  <eblake@redhat.com>

	qemu: reject rather than hang on blockcommit of active layer
	qemu 2.0 added the ability to commit the active layer, but slightly
	differently than what libvirt had been anticipating in its
	implementation of the virDomainBlockCommit call.  As a result, if
	you attempt to do a 'virsh blockcommit $dom vda', qemu gets into a
	state where it is waiting on libvirt to end the job, while libvirt
	is waiting on qemu to end the job, and the guest is effectively
	hung with regards to further commands for that block device.

	I have patches coming down the pipeline that will add full support
	for blockcommit of the active layer when coupled with qemu 2.0 or
	later; but they depend on Peter's improvements to block job handling
	and form enough of a new feature that they are not ready for
	inclusion in the 1.2.5 release.  So for now, just reject the
	attempt, rather than letting the user get stuck.  This is no worse
	than the behavior of qemu 1.7 rejecting the job.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Reject active
	commit.

2014-05-28  Dan Kenigsberg  <danken@redhat.com>

	doc: fix documentation of virDomainSet(Get)Metadata
	The documentation of the functions should match the argument name in the actual
	function signature.

2014-05-27  Olivia Yin  <Hong-Hua.Yin@freescale.com>

	qemu: Fix specifying char devs for PPC
	QEMU ppce500 board uses the legacy -serial option.

	Other PPC boards don't give any way to explicitly wire in a -chardev
	except pseries which uses -device spapr-vty with -chardev.

	Add test case for -serial option for ppce500

2014-05-27  Olivia Yin  <Hong-Hua.Yin@freescale.com>

	change machine name ppce500v2 to ppce500
	ppce500v2 is not machine supported by official release of QEMU.
	It should be replaced by ppce500.

2014-05-26  Daniel Veillard  <veillard@redhat.com>

	Fix an extra ' in a translated string
	Raised by ukrainian translator Yuri Chornoivan
	https://fedora.transifex.com/projects/p/libvirt/translate/#uk/strings/25483059

2014-05-26  Ján Tomko  <jtomko@redhat.com>

	Clean up chardev sockets on QEMU shutdown
	https://bugzilla.redhat.com/show_bug.cgi?id=1088787

	Clean up unix socket files for chardevs using mode='bind',
	like we clean up the monitor socket.
	They are created by QEMU on startup and not really useful
	after shutting it down.

2014-05-26  Laine Stump  <laine@laine.org>

	qemu: fix <clock offset='variable' basis='localtime'/>
	For a clock element as above, libvirt simply converts current system
	time with localtime_r(), then starts qemu with a time string that
	doesn't contain any timezone information. So, from qemu's point of
	view, the -rtc string it gets for:

	   <clock offset='variable' basis='utc' adjustment='10800'/>

	is identical to the -rtc string it gets for:

	   <clock offset='variable' basis='localtime' adjustment='0'/>

	(assuming the host is in a timezone that is 10800 seconds ahead of
	UTC, as is the case on the machine where this message is being
	written).

	Since the commandlines are identical, qemu will behave identically
	after this point in either case.

	There are two problems in the case of basis='localtime' though:

	Problem 1) If the guest modifies its RTC, for example to add 20
	seconds, the RTC_CHANGE event from qemu will then contain offset:20 in
	both cases. But libvirt will have saved the original adjustment into
	adjustment0, and will add that value onto the offset in the
	event. This means that in the case of basis=;utc', it will properly
	emit an event with offset:10820, but in the case of basis='localtime'
	the event will contain offset:20, which is *not* the new offset of the
	RTC from UTC (as the event it documented to provide).

	Problem 2) If the guest is migrated to another host that is in a
	different timezone, or if it is migrated or saved/restored after the
	DST status has changed from what it was when the guest was originally
	started, the newly restarted guest will have a different RTC (since it
	will be based on the new localtime, which could have shifted by
	several hours).

	The solution to both of these problems is simple - rather than
	maintaining the original adjustment value along with
	"basis='localtime'" in the domain status, when the domain is started
	we convert the adjustment offset to one relative to UTC, and set the
	status to "basis='utc'". Thus, whatever the RTC offset was from UTC
	when it was initially started, that offset will be maintained when
	migrating across timezones and DST settings, and the RTC_CHANGE events
	will automatically contain the proper offset (which should by
	definition always be relative to UTC).

	This fixes a problem that was implied but not openly stated in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=964177

2014-05-26  Laine Stump  <laine@laine.org>

	qemu: fix RTC_CHANGE event for <clock offset='variable' basis='utc'/>
	commit e31b5cf393857 attempted to fix libvirt's
	VIR_DOMAIN_EVENT_ID_RTC_CHANGE, which is documentated to always
	provide the new offset of the domain's real time clock from UTC. The
	problem was that, in the case that qemu is provided with an "-rtc
	base=x" where x is an absolute time (rather than "utc" or
	"localtime"), the offset sent by qemu's RTC_CHANGE event is *not* the
	new offset from UTC, but rather is the sum of all changes to the
	domain's RTC since it was started with base=x.

	So, despite what was said in commit e31b5cf393857, if we assume that
	the original value stored in "adjustment" was the offset from UTC at
	the time the domain was started, we can always determine the current
	offset from UTC by simply adding the most recent (i.e. current) offset
	from qemu to that original adjustment.

	This patch accomplishes that by storing the initial adjustment in the
	domain's status as "adjustment0". Each time a new RTC_CHANGE event is
	received from qemu, we simply add adjustment0 to the value sent by
	qemu, store that as the new adjustment, and forward that value on to
	any event handler.

	This patch (*not* e31b5cf393857, which should be reverted prior to
	applying this patch) fixes:

	https://bugzilla.redhat.com/show_bug.cgi?id=964177

	(for the case where basis='utc'. It does not fix basis='localtime')

2014-05-26  Laine Stump  <laine@laine.org>

	Revert "qemu: Report the offset from host UTC for RTC_CHANGE event"
	This reverts commit e31b5cf393857a6ca78d148c19393e28dfb39de1.

	This commit attempted to work around a bug in the offset value
	reported by qemu's RTC_CHANGE event in the case that a variable base
	date was given on the qemu commandline. The patch mixed up the math
	involved in arriving at the corrected offset to report, and in the
	process added an unnecessary private attribute to the clock
	element. Since that element is private/internal and not used by anyone
	else, it makes sense to simplify things by removing it.

2014-05-26  Laine Stump  <laine@laine.org>

	util: new function virTimeLocalOffsetFromUTC
	Since there isn't a single libc API to get this value, this patch
	supplies one which gets the value by grabbing current time, then
	converting that into a struct tm with gmtime_r(), then back to a
	time_t using mktime.

	The returned value is the difference between UTC and localtime in
	seconds. If localtime is ahead of UTC (east) the offset will be a
	positive number, and if localtime is behind UTC (west) the offset will
	be negative.

	This function should be POSIX-compliant, and is threadsafe, but not
	async signal safe. If it was ever necessary to know this value in a
	child process, we could cache it with a one-time init function when
	libvirtd starts, then just supply the cached value, but that
	complexity isn't needed for current usage; that would also have the
	problem that it might not be accurate after a local daylight savings
	boundary.

	(If it weren't for DST, we could simply replace this entire function
	with "-timezone"; timezone contains the offset of the current timezone
	(negated from what we want) but doesn't account for DST. And in spite
	of being guaranteed by POSIX, it isn't available on older versions of
	mingw.)

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Add storage file API to read file headers
	Add storage driver based functions to access headers of storage files
	for metadata extraction. Along with this patch a local filesystem and
	gluster via libgfapi implementation is provided. The gluster
	implementation is based on code of the saferead_lim function.

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Add support for access to files using provided uid/gid
	To allow using the storage driver APIs to access files on various
	storage sources in a universal fashion possibly on storage such as nfs
	with root squash we'll need to store the desired uid/gid in the
	metadata.

	Add new initialisation API that will store the desired uid/gid and a
	wrapper for the current use. Additionally add docs for the two APIs.

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Add NONE protocol type for network disks
	Currently the protocol type with index 0 was NBD which made it hard to
	distinguish whether the protocol type was actually assigned. Add a new
	protocol type with index 0 to distinguish it explicitly.

	conf: Fix domain disk path iterator to work with networked storage
	Skip networked storage but continue iteration through backing chain to
	iterate through all the local paths in the backing chain.

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Rework debugging of storage file access through storage driver
	Print the debug statements of individual file access functions from the
	main API functions instead of the individual backend functions.

	Also enhance initialization debug messages on a per-backend basis.

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Store gluster volume name separately
	The gluster volume name was previously stored as part of the source path
	string. This is unfortunate when we want to do operations on the path as
	the volume is used separately.

	Parse and store the volume name separately for gluster storage volumes
	and use the newly stored variable appropriately.

2014-05-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Make qemuDomainPrepareDiskChainElement aware of remote storage
	Refactor the function to accept a virStorageSourcePtr instead of just
	the path, add a check to run it only on local storage and fix callers
	(possibly by using a newly introduced wrapper that wraps a path in the
	 virStorageSource struct for legacy code)

	qemu: process: Refresh backing chain info when reconnecting to qemu
	Refresh the disk backing chains when reconnecting to a qemu process
	after daemon restart. There are a few internal fields that don't get
	refreshed from the XML. Until we are able to do that, let's reload all
	the metadata by the backing chain crawler.

2014-05-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly abort migration to a file
	This is similar to the previous commit in that we need to explicitly
	send migrate_cancel when libvirt detects an error other than those
	reported by query-migrate. However, the possibility to hit such error is
	pretty small.

2014-05-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Send migrate_cancel when aborting migration
	When QEMU reports failed or cancelled migration, we don't need to send
	it migrate_cancel QMP command. But in all other error paths, such as if
	we detect broken connection to a destination daemon or something else
	happens inside libvirt, we need to explicitly send migrate_cancel
	command instead of relying on the migration to be implicitly cancelled
	when destination QEMU is killed.

	Because we were not doing so, one could end up with a paused domain
	after failed migration.

	https://bugzilla.redhat.com/show_bug.cgi?id=1098833

2014-05-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix error message when TUNNELLED flag is used in non-p2p migration
	The current error message is

	    error: use virDomainMigrateToURI3 for peer-to-peer migration

	which is correct but a bit misleading because the client did not specify
	VIR_MIGRATE_PEER2PEER flag. This patch changes the error message to

	    error: cannot perform tunnelled migration without using peer2peer
	    flag

	which is consistent with the error reported by older migration APIs.

	Reported by Rich Jones in
	https://bugzilla.redhat.com/show_bug.cgi?id=1095924

2014-05-22  Eric Blake  <eblake@redhat.com>

	conf: fix backing store parse off-by-one
	Commit 546154e parses the type attribute from a <backingStore>
	element, but forgot that the earlier commit 9673418 added a
	placeholder element in the same 1.2.3 release; as a result,
	the C code was mistakenly allowing "none" as a type.

	Similarly, the same commit allows "none" as the <format>
	sub-element type, even though that has been a placeholder
	since the 0.10.2 release with commit f772b3d.

	* src/conf/domain_conf.c (virDomainDiskBackingStoreParse): Require
	non-zero types.

2014-05-22  Ján Tomko  <jtomko@redhat.com>

	Don't log an internal error when the guest hasn't updated balloon stats
	If virDomainMemoryStats is called too soon after domain startup,
	QEMU returns:
	"error":{"class":"GenericError","desc":"guest hasn't updated any stats yet"}
	when we try to query balloon stats.

	Check for this reply and log it as OPERATION_INVALID instead of
	INTERNAL_ERROR. This means the daemon only logs it at the debug level,
	without polluting system logs.

	Reported by Laszlo Pal:
	https://www.redhat.com/archives/libvirt-users/2014-May/msg00023.html

2014-05-22  Michal Privoznik  <mprivozn@redhat.com>

	qemuSetupCgroupForVcpu: s/virProcessInfoSetAffinity/virProcessSetAffinity/
	In the f56c773bf we've made the substitution but forgot to fix one
	comment which is still referring to the old name. This may be
	potentially misleading.

2014-05-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix virObjectUnlock() usage
	In a number of places in the bhyve driver, virObjectUnlock()
	is called with an arg without check if the arg is non-NULL, which
	could result in passing NULL value and a warning like:

	virObjectUnlock:340 : Object 0x0 ((unknown)) is not a virObjectLockable instance

	* src/bhyve/bhyve_driver.c (bhyveDomainGetInfo)
	(bhyveDomainGetState, bhyveDomainGetAutostart)
	(bhyveDomainSetAutostart, bhyveDomainIsActive)
	(bhyveDomainIsPersistent, bhyveDomainGetXMLDesc)
	(bhyveDomainUndefine, bhyveDomainLookupByUUID)
	(bhyveDomainLookupByName, bhyveDomainLookupByID)
	(bhyveDomainCreateWithFlags, bhyveDomainOpenConsole):
	Check if arg is not NULL before calling virObjectUnlock on it.

2014-05-21  Cole Robinson  <crobinso@redhat.com>

	virdbus: Show method name in error message
	If you trigger bug 1033369, we get the error message:

	  error from service: Invalid argument

	Which is a bit too generic to pinpoint what is actually failing. This
	changes it to:

	  error from service: CreateMachine: Invalid argument

	Acked-by: Eric Blake <eblake@redhat.com>

2014-05-21  Cole Robinson  <crobinso@redhat.com>

	virdbus: Remove redundant error macro
	This is the only callsite.

	We drop use of localerror.name here, because it's not actually useful
	to us: rather than the parameter name which received an invalid value
	(which was assumed), it's actually the the dbus errno equivalent.
	Just use the error string.

	Acked-by: Eric Blake <eblake@redhat.com>

2014-05-20  Eric Blake  <eblake@redhat.com>

	tests: avoid dlsym mocking on mingw
	I got a build failure when cross-compiling to mingw with the
	mingw64-dbus package installed:

	  CC       virmockdbus_la-virmockdbus.lo
	../../tests/virmockdbus.c:29:6: error: 'dbus_connection_set_change_sigpipe' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 VIR_MOCK_STUB_VOID_ARGS(dbus_connection_set_change_sigpipe,
	      ^
	../../tests/virmockdbus.c:33:18: error: 'dbus_bus_get' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 VIR_MOCK_STUB_RET_ARGS(dbus_bus_get,
	...

	Well duh - mingw lacks dlopen and friends, even if it can support
	dbus.  A similar failure occured in virsystemdtest.c; but in that
	file, we know that systemd is a Linux-only concept.

	* tests/virmockdbus.c: Cripple on mingw.
	* tests/virsystemdtest.c: Cripple on non-Linux.

2014-05-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Fix return value of external checkpoint with no disks
	When doing an external checkpoint of a VM with no disk selected we'd
	return failure but not set error code. This was a result of ret not
	being set to 0 during walking of the disk array.

	Rework early failure checking and set the error code to success before
	iterating the array of disks so that we return success if no disks are
	snapshotted.

	Fixes the following symptom (or without --diskspec for diskless VMs)

	 $ virsh snapshot-create-as snapshot-test  --memspec /tmp/asdf --diskspec hda,snapshot=no
	 error: An error occurred, but the cause is unknown

2014-05-20  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid empty snapshots
	If neither disks nor memory are selected for snapshot we'd record
	metadata in case of external snapshot and do a disk snapshot in case of
	external disk snapshot. Forbid this as it doesn't make much sense.

	qemu: snapshot: Forbid partial internal snapshots
	qemu's savevm command does a snapshot of all non readonly disks of a VM.
	Libvirt though allowed disabling snapshot for certain disk of a VM.

	qemu: snapshot: Use typecasted switch in qemuDomainSnapshotPrepare()
	Convert the switch to a typecasted value so that the compiler tracks
	additions for us.

2014-05-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: domain events support
	Support events for these functions:

	 - domainDefineXML
	 - domainUndefine
	 - domainCreate{WithFlags,XML}
	 - domainDestroy

2014-05-20  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	migration: add support for migrateURI configuration
	For now, we set the migration URI via command line '--migrate_uri' or
	construct the URI by looking up the dest host's hostname which could be
	solved by DNS automatically.

	But in cases the dest host have two or more NICs to reach, we may need to
	send the migration data over a specific NIC which is different from the
	automatically resolved one for some reason like performance, security, etc.
	Thus we must explicitly specify the migrateuri in command line everytime,
	but it is too troublesome if there are many such hosts (and don't forget
	virt-manager).

	This patch adds a configuration file option on dest host to save the
	default value set which can be specified to a migration hostname or
	one of this host's addresses used for transferring data, thus user doesn't
	have to specify it in command line everytime.

2014-05-20  Laine Stump  <laine@laine.org>

	util: refactor virNetlinkCommand to fix several bugs / style problems
	Inspired by a simpler patch from "Wangrui (K) <moon.wangrui@huawei.com>".

	A submitted patch pointed out that virNetlinkCommand() was doing an
	improper typecast of the return value from nl_recv() (int to
	unsigned), causing it to miss error returns, and that even after
	remedying that problem, virNetlinkCommand() was calling VIR_FREE() on
	the pointer returned from nl_recv() (*resp) even if nl_recv() had
	returned an error, and that in this case the pointer was verifiably
	invalid, as it was pointing to memory that had been allocated by
	libnl, but then freed prior to returning the error.

	While reviewing this patch, I noticed several other problems with this
	seemingly simple function (at least one of them as serious as the
	problem being reported/fixed by the aforementioned patch), and decided
	they all deserved to be fixed. Here is the list:

	1) The return value from nl_recv() must be assigned to an int (rather
	   than unsigned int) in order to detect failure.

	2) When nl_recv() returns an error or 0, the contents of *resp is
	   invalid, and should be simply set to 0, *not* VIR_FREE()'d.

	3) When nl_recv() returns 0, errno is not set, so the logged error
	   message should not reference errno (it *is* an error though).

	4) The first error return from virNetlinkCommand returns -EINVAL,
	   incorrectly implying that the caller can expect the return value to
	   be of the "-errno" variety, which is not true in any other case.

	5) The 2nd error return returns directly with garbage in *resp. While
	   the caller should never use *resp in this case, it's still good
	   practice to set it to NULL.

	6) For the next 5 (!!) error conditions, *resp will contain garbage,
	   and virNetlinkCommand() will goto it's cleanup code which will
	   VIR_FREE(*resp), almost surely leading to a segfault.

	In addition to fixing these 6 problems, this patch also makes the
	following two changes to make the function conform more closely to the
	style of other libvirt code:

	1) Change the handling of return code from "named rc and defaulted to
	0, but changed to -1 on error" to the more common "named ret and
	defaulted to -1, but changed to 0 on success".

	2) Rename the "error" label to "cleanup", since the code that follows
	is executed in success cases as well as failure.

2014-05-20  Eric Blake  <eblake@redhat.com>

	build: nuke more uses of 'sync'
	Commit d5c86278 was incomplete; other functions also triggered
	compiler warnings about collisions in the use of 'sync'.

	* src/qemu/qemu_driver.c (qemuDomainSetTime): Fix another client.
	* tools/virsh-domain-monitor.c (cmdDomTime): Likewise.

2014-05-19  Pavel Hrdina  <phrdina@redhat.com>

	avoid 'sync' as variable name
	Old gcc complains about shadowing 'sync' variable:

	../../src/qemu/qemu_agent.c: In function 'qemuAgentSetTime':
	../../src/qemu/qemu_agent.c:1737: warning: declaration of 'sync'
	  shadows a global declaration [-Wshadow]
	/usr/include/unistd.h:464: warning: shadowed declaration is here
	  [-Wshadow]

2014-05-19  Pavel Hrdina  <phrdina@redhat.com>

	Return error when updating cdrom device
	The commit 84c59ffa improved the way we change ejectable media.
	If for any reason the first "eject" didn't open the tray we
	should return with error.

2014-05-19  Eric Blake  <eblake@redhat.com>

	Revert "maint: prefer enum over int for virstoragefile structs"
	This partially reverts commits b279e52f7 and ea18f8b2.

	It turns out our code base is full of:

	if ((struct.member = virBlahFromString(str)) < 0)
	    goto error;

	Meanwhile, the C standard says it is up to the compiler whether
	an enum is signed or unsigned when all of its declared values
	happen to be positive.  In my testing (Fedora 20, gcc 4.8.2),
	the compiler picked signed, and nothing changed.  But others
	testing with gcc 4.7 got compiler warnings, because it picked
	the enum to be unsigned, but no unsigned value is less than 0.
	Even worse:

	if ((struct.member = virBlahFromString(str)) <= 0)
	    goto error;

	is silently compiled without warning, but incorrectly treats -1
	from a bad parse as a large positive number with no warning; and
	without the compiler's help to find these instances, it is a
	nightmare to maintain correctly.  We could force signed enums
	with a dummy negative declaration in each enum, or cast the
	result of virBlahFromString back to int after assigning to an
	enum value, or use a temporary int for collecting results from
	virBlahFromString, but those actions are all uglier than what we
	were trying to cure by directly using enum types for struct
	values in the first place.  It's better off to just live with int
	members, and use 'switch ((virFoo) struct.member)' where we want
	the compiler to help, than to track down all the conversions from
	string to enum and ensure they don't suffer from type problems.

	* src/util/virstorageencryption.h: Revert back to int declarations
	with comment about enum usage.
	* src/util/virstoragefile.h: Likewise.
	* src/conf/domain_conf.c: Restore back to casts in switches.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_command.c: Add cast rather than revert.

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	Fix crash in DAC driver with no seclabels
	With dynamic_ownership = 1 but no seclabels, RestoreChardevLabel
	dereferences the NULL seclabel when checking if norelabel is set.

	Remove this check, since it is already done in RestoreSecurityAllLabel
	and if norelabel is set, RestoreChardevLabel is never called.

2014-05-19  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create VMs in the default place
	Each VM consists of a set of files in PCS: config, hard
	disk images, log file, memory dump. All these files are stored
	in a per-vm directory. When we create a new VM, we can ether specify
	path to the VM or create the VM in a default path
	(<default path>/<vm name>.pvm). This default path can be configured
	with command
	prlsrvctl user set --def-vm-home <path> command.

	Currenty parallels driver creates VM in the same place, where first
	hard disk is located. Let's change this logic and create VMs in
	the default path. It will be much clearer and allow us to create
	VMs without hard disks.

2014-05-19  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add disks correctly
	Disks support in this driver was implemented with an assumption,
	that disk images can't be created by hand, without VM. So
	complex storage driver was implemented with workaround.

	This is not true, we can create new disks using ploop tool.
	So the first step to reimplement disks support in parallels
	driver is to do not use information from the storage driver,
	until we will implement VIR_STORAGE_TYPE_VOLUME disks.

	So after this patch disks can be added in the same way as
	in any other driver: you create a disk image and then add
	an entry to the XML definition of the domain with path to that
	image file, for example:

	<disk type='file' device='disk'>
	  <driver type='ploop'/>
	  <source file='/storage/harddisk1.hdd'/>
	  <target dev='sda' bus='sata'/>
	  <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	</disk>

	This patch makes parallels storage driver useless, but I'll fix it
	later. Now you can create an image by hand, using ploop tool,
	and then add it to some domain.

2014-05-19  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: set file format in virDomainDef
	Set file format in virDomainDef structure to produce correct
	XML in virDomainGetXMLDesc function.

2014-05-19  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add VIR_STORAGE_FILE_PLOOP format
	Add VIR_STORAGE_FILE_PLOOP format. This format is used
	to store disk images for virtual machines in PCS and containers
	in PCS, OpenVZ and also in Parallels Desktop for Mac.

	This format is described on OpenVZ site -
	https://openvz.org/Ploop (together with ploop devices). It
	consists of XML descriptor and one or more image files: base
	image and deltas. Format of the image files described here:
	https://openvz.org/Ploop/format.

	This patch only adds VIR_STORAGE_FILE_PLOOP constant, consequent
	patches will use it in parallels driver.

2014-05-19  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityDACRestoreSecurityHostdevLabel: Unmark @def as unused
	The domain definition is clearly used a few lines
	below so there's no need to mark @def as unused.

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	docs: add a serial device with a seclabel example

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	conf: fix seclabels for chardevs
	We allow a seclabel to be specified in the <source> element
	of a chardev:

	<serial type='file'>
	  <source path='/tmp/serial.file'>
	    <seclabel model='dac' relabel='no'/>
	  </source>
	</serial>

	But we format it outside the source:

	<serial type='file'>
	  <source path='/tmp/serial.file'/>
	  <target port='0'/>
	    <seclabel model='dac' relabel='no'/>
	</serial>

	Move the formatting inside the source to fix this to make the
	seclabel persistent across XML format->parse.

	Introduced by commit f8b08d0 'Add <seclabel> to character devices.'

2014-05-19  Ján Tomko  <jtomko@redhat.com>

	Rename virDomainDiskSourceDefFormatSeclabel
	Drop the 'Disk' from the name, as there is nothing disk-specific
	about the function.

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: honor relabel='no' in chardev config
	The DAC driver ignores the relabel='no' attribute in chardev config

	  <serial type='file'>
	    <source path='/tmp/jim/test.file'>
	      <seclabel model='dac' relabel='no'/>
	    </source>
	    <target port='0'/>
	  </serial>

	This patch avoids labeling chardevs when relabel='no' is specified.

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: avoid relabeling hostdevs when relabel='no'
	When relabel='no' at the domain level, there is no need to call
	the hostdev relabeling functions.

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: honor relabel='no' in disk config
	https://bugzilla.redhat.com/show_bug.cgi?id=999301

	The DAC driver ignores the relabel='no' attribute in disk config

	  <disk type='file' device='floppy'>
	    <driver name='qemu' type='raw'/>
	    <source file='/some/path/floppy.img'>
	      <seclabel model='dac' relabel='no'/>
	    </source>
	    <target dev='fda' bus='fdc'/>
	    <readonly/>
	  </disk>

	This patch avoid labeling disks when relabel='no' is specified.

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: avoid relabeling when relabel='no'
	If relabel='no' at the domain level, no need to attempt relabeling
	in virSecurityDAC{Set,Restore}SecurityAllLabel().

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: rework callback parameter passing
	Currently, the DAC security driver passes callback data as

	    void params[2];
	    params[0] = mgr;
	    params[1] = def;

	Clean this up by defining a structure for passing the callback
	data.  Moreover, there's no need to pass the whole virDomainDef
	in the callback as the only thing needed in the callbacks is
	virSecurityLabelDefPtr.

2014-05-16  Jim Fehlig  <jfehlig@suse.com>

	security_dac: cleanup use of enum types
	In switch statements, use enum types since it is safer when
	adding new items to the enum.

	security_dac: annotate some functions with ATTRIBUTE_NONNULL
	Annotate some static function parameters with ATTRIBUTE_NONNULL
	and remove checks for NULL inputs.

2014-05-16  Eric Blake  <eblake@redhat.com>

	maint: fix typos related to disk name resolution
	In a number of APIs, the text implied that a user might have
	<target dev='xvda'/> - but common convention is to use "vda",
	not "xvda".  For example, virDomainGetDiskErrors was correct,
	while virDomainBlockStats was confusing.

	* src/libvirt.c: Make examples consistent.

2014-05-16  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	util: fix memory leak in failure path of virCgroupKillRecursiveInternal
	Don't leak keypath when we fail to kill a process

2014-05-16  Eric Blake  <eblake@redhat.com>

	maint: prefer enum over int for virstoragefile structs
	For internal structs, we might as well be type-safe and let the
	compiler help us with less typing required on our part (getting
	rid of casts is always nice).  In trying to use enums directly,
	I noticed two problems in virstoragefile.h that can't be fixed
	without more invasive refactoring: virStorageSource.format is
	used as more of a union of multiple enums in storage volume
	code (so it has to remain an int), and virStorageSourcePoolDef
	refers to pooltype whose enum is declared in src/conf, but where
	src/util can't pull in headers from src/conf.

	* src/util/virstoragefile.h (virStorageNetHostDef)
	(virStorageSourcePoolDef, virStorageSource): Use enums instead of
	int for fields of internal types.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Cover all values.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskSourceFormat): Simplify clients.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskInternal): Likewise.

2014-05-16  Eric Blake  <eblake@redhat.com>

	maint: shorten 'TypeType' function names
	The VIR_ENUM_DECL/VIR_ENUM_IMPL helper macros already append 'Type'
	to the enum name being converted; it looks silly to have functions
	with 'TypeType' in their name.  Even though some of our enums have
	to have a 'Type' suffix, the corresponding string conversion
	functions do not.

	* src/conf/secret_conf.h (VIR_ENUM_DECL): Rename virSecretUsageType.
	* src/conf/storage_conf.h (VIR_ENUM_DECL): Rename
	virStoragePoolAuthType, virStoragePoolSourceAdapterType,
	virStoragePartedFsType.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainFSDefParseXML, virDomainFSDefFormat): Update callers.
	* src/conf/secret_conf.c (virSecretDefParseUsage)
	(virSecretDefFormatUsage): Likewise.
	* src/conf/storage_conf.c (virStoragePoolDefParseAuth)
	(virStoragePoolDefParseSource, virStoragePoolSourceFormat):
	Likewise.
	* src/lxc/lxc_controller.c (virLXCControllerSetupLoopDevices):
	Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartFormat): Likewise.
	* src/util/virstorageencryption.c (virStorageEncryptionSecretParse)
	(virStorageEncryptionSecretFormat): Likewise.
	* tools/virsh-secret.c (cmdSecretList): Likewise.
	* src/libvirt_private.syms (secret_conf.h, storage_conf.h): Export
	corrected names.

2014-05-16  Eric Blake  <eblake@redhat.com>

	maint: use enum typedef for virstorageencryption.h
	Continuing the work of consistent enum cleanups; this time in
	virstorageencryption.h.

	* src/util/virstorageencryption.h (virStorageEncryptionFormat):
	Convert to typedef, renaming to avoid collision with function.
	(virStorageEncryptionSecret, virStorageEncryption): Directly use
	enums.

2014-05-16  Eric Blake  <eblake@redhat.com>

	vbox: fix stale comment about vdi storage type
	The code had some todo's about adding 'vdi' to the list of
	virStorageType, but we've already done that.

	* src/vbox/vbox_tmpl.c (vboxStorageVolCreateXML)
	(vboxStorageVolGetXMLDesc): Use enum value for vdi type.

2014-05-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virDomain{Get,Set}Time
	One caveat though, qemu-ga is expecting time and returning time
	in nanoseconds. With all the buffering and propagation delay, the
	time is already wrong once it gets to the qemu-ga, but there's
	nothing we can do about it.

	virsh: Expose virDomain{Get,Set}Time
	These APIs are exposed under new virsh command 'domtime' which both gets
	and sets (not at the same time of course :)).

2014-05-15  Michal Privoznik  <mprivozn@redhat.com>

	Introduce virDomain{Get,Set}Time APIs
	These APIs allow users to get or set time in a domain, which may come
	handy if the domain has been resumed just recently and NTP is not
	configured or hasn't kicked in yet and the guest is running
	something time critical. In addition, NTP may refuse to re-set the clock
	if the skew is too big.

	In addition, new ACL attribute is introduced 'set_time'.

2014-05-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid leak in qemuDomainCheckRemoveOptionalDisk
	Coverity complains about event being leaked in
	qemuDomainCheckRemoveOptionalDisk. The best fix for it is to remove the
	disk directly since we already know its index.

2014-05-14  Jim Fehlig  <jfehlig@suse.com>

	security_dac: Fix indentation

	security_dac: Remove unnecessary curly braces

	security_dac: Remove unnecessary ATTRIBUTE_UNUSED
	Remove ATTRIBUTE_UNUSED on several function parameters that are
	actually used.

2014-05-14  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: reject undefine --wipe-storage without also naming storage
	For now, if only '--wipe-storage' is assigned, user can undefine a
	domain normally. But actually '--wipe-storage' doesn't do anything,
	and this may confuse user. Better is to require that '--wipe-storage'
	only works if the user specifies volumes to be removed.

	Before:
	$ virsh undefine virt-tests-vm1 --wipe-storage
	Domain virt-tests-vm1 has been undefined

	After:
	$ virsh undefine virt-tests-vm1 --wipe-storage
	error: '--wipe-storage' requires '--storage <string>' or '--remove-all-storage'

2014-05-14  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/snapshot_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this
	commit are related to snapshot (snapshot_conf) enums.

	conf: use typedefs for enums in "src/conf/storage_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this
	commit are related to storage (storage_conf) enums.

	conf: use typedefs for enums in "src/conf/nwfilter_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's better
	to use a typedef for variable types, function types and other
	usages. Other enumeration and folders will be changed to typedef's
	in the future. Most of the files changed in this commit are related
	to network filter (nwfilter_conf) enums.

2014-05-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore temporary job errors when checking migration status
	When qemu driver is polling for migration to finish (in
	qemuMigrationWaitForCompletion), it may happen that another job allowed
	during migration is running and if it does not finish within 30 seconds,
	migration would be cancelled because of that. However, we can just
	ignore the timeout and let the waiting loop try again later.

	If an event fired at the end of migration is ever implemented in QEMU,
	we can just wait for the event instead of polling for migration status
	and libvirt will behave consistently, i.e., migration won't be cancelled
	in case another job started during migration takes long time to finish.

	For bug https://bugzilla.redhat.com/show_bug.cgi?id=1083238

2014-05-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make qemuProcess{Start,Stop}CPUs easier to follow
	As a side effect, the return value of qemuDomainObjEnterMonitorAsync is
	not directly used as the return value of qemuProcess{Start,Stop}CPUs.

2014-05-14  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainObjBeginNestedJob: Return -2 for temporary failures
	If job queue is full or waiting for a job times out, the function
	returns -2 so that it can be handled in a different way by callers.

	The change is safe since all existing callers of
	qemuDomainObjBeginNestedJob check the return value to be less than zero.

2014-05-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make qemuDomainObjBeginNestedJob static
	It's only used within qemu_domain.c.

2014-05-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Terminate job when memory compression program isn't found
	If the compression program for external snapshot memory image isn't
	found we exitted the function without terminating the domain job. This
	caused the domain to be unusable.

	The problem was introduced in commit 7df5093f.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1097503

2014-05-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: extract common PCI handling functions
	Move sharable PCI handling functions to domain_addr.[ch], and
	change theirs prefix from 'qemu' to 'vir':

	 - virDomainPCIAddressAsString;
	 - virDomainPCIAddressBusSetModel;
	 - virDomainPCIAddressEnsureAddr;
	 - virDomainPCIAddressFlagsCompatible;
	 - virDomainPCIAddressGetNextSlot;
	 - virDomainPCIAddressReleaseSlot;
	 - virDomainPCIAddressReserveAddr;
	 - virDomainPCIAddressReserveNextSlot;
	 - virDomainPCIAddressReserveSlot;
	 - virDomainPCIAddressSetFree;
	 - virDomainPCIAddressSetGrow;
	 - virDomainPCIAddressSlotInUse;
	 - virDomainPCIAddressValidate;

	The only change here is function names, the implementation itself
	stays untouched.

	Extract common allocation code from DomainPCIAddressSetCreate
	into virDomainPCIAddressSetAlloc.

2014-05-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: extract PCI handling structs
	Introduce new files (domain_addr.[ch]) to provide
	an API for domain device handling that could be
	shared across the drivers.

	A list of data types were extracted and moved there:

	 qemuDomainPCIAddressBus -> virDomainPCIAddressBus
	 qemuDomainPCIAddressBusPtr -> virDomainPCIAddressBusPtr
	 _qemuDomainPCIAddressSet -> virDomainPCIAddressSet
	 qemuDomainPCIAddressSetPtr -> virDomainPCIAddressSetPtr
	 qemuDomainPCIConnectFlags -> virDomainPCIConnectFlags

	Also, move the related definitions and macros.

2014-05-13  Martin Kletzander  <mkletzan@redhat.com>

	sanlock: avoid leak in acquire()

2014-05-13  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust size for qcow2/qed if not on sector boundary
	https://bugzilla.redhat.com/show_bug.cgi?id=1002813

	If qemuDomainBlockResize() is passed a size not on a KiB boundary - that
	is passed a size based in bytes (VIR_DOMAIN_BLOCK_RESIZE_BYTES), then
	depending on the source format (qcow2 or qed), the value passed must
	be on a sector (or 512 byte) boundary. Since other libvirt code quietly
	adjusts the capacity values, then do so here as well.

2014-05-13  John Ferlan  <jferlan@redhat.com>

	Revert "qemu: Adjust size for qcow2/qed if not on sector boundary"
	This reverts commit e3d66229a1026cd33319714c0ededf650cd261c2.

2014-05-13  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Fix output of the VNC display number for domdisplay
	Commit 9976c4b9a665f10ab0d2071954efb7f432d194eb broke the output for VNC
	displays as the port number is converted to VNC display number by
	subtracting 5900. This yields port 0 for the first display and thus the
	output would be skipped.

	Before:
	 $ virsh domdisplay VM
	 vnc://localhost

	After:
	 $ tools/virsh domdisplay VM
	 vnc://localhost:0

2014-05-13  Martin Kletzander  <mkletzan@redhat.com>

	sanlock: don't fail with unregistered domains
	When a domain was started without registration in sanlock, but libvirt
	was restarted after that, most of the operations failed due to
	contacting sanlock about that process.  E.g. migration could not be
	performed because the locks couldn't be released (or inquired before a
	release).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1088034

2014-05-13  Martin Kletzander  <mkletzan@redhat.com>

	sanlock: code movement in virLockManagerSanlockAcquire
	Just move some code around for future patches to ease the review.
	With this patch there is no need for drastic cleanup path later.

2014-05-13  Michal Privoznik  <mprivozn@redhat.com>

	apibuild: Disallow 'returns' return description
	Our documentation generator is a bit messy, to say the least. For
	instance, the description to return values of a function is
	searched within C comment. Currently, all lines that start with
	'returns' or 'Returns' are viewed as return value description.
	However, there are some valid uses where the 'returns' word is in
	the middle of a sentence describing function behavior not the
	return value. And there are no places where 'returns' is used to
	describe return values.  For instance:
	virDomainDetachDeviceFlags, virConnectNetworkEventRegisterAny and
	virDomainGetDiskErrors. This leads to HTML documemtation being
	generated incorrectly.

2014-05-13  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: Support mountpoints option of guest-fsfreeze-freeze
	With this patch, virDomainFSFreeze will pass the mountpoints argument
	to qemu guest agent. For example,

	  virDomainFSFreeze(dom, {"/mnt/vol1", "/mnt/vol2"}, 2, 0)

	will issue qemu guest agent command:

	  {"execute":"guest-fsfreeze-freeze",
	   "arguments":{"mountpoints":["/mnt/vol1","/mnt/vol2"]}}

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2014-05-13  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	virsh: Expose new virDomainFSFreeze and virDomainFSThaw API
	These are exposed under domfsfreeze command and domfsthaw command.

	qemu: Implement virDomainFSFreeze and virDomainFSThaw
	Use qemuDomainSnapshotFSFreeze() and qemuDomainSnapshotFSFThaw() which are
	already implemented for snapshot quiescing.

2014-05-13  Eric Blake  <eblake@redhat.com>

	maint: fix typos related to 'frozen'
	"Freezed" is not an English word.

	* src/lxc/lxc_driver.c (lxcFreezeContainer): Fix typo.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotFSFreeze): Likewise.

2014-05-13  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in node_device_conf, nwfilter_params
	In "src/conf/" there are many enumeration (enum) declarations. Similar
	to the recent cleanup to "src/util" directory, it's better to use a
	typedef for variable types, function types and other usages. Other
	enumeration and folders will be changed to typedef's in the future.
	Most of the files changed in this commit are reltaed to Node and
	Network (node_device_conf.h and nwfilter_params.*) enums.

2014-05-12  James Shubin  <james@shubin.ca>

	docs: mention vagrant-libvirt in apps.html
	Doc patch for apps.html as per: http://libvirt.org/apps.html#add

	Disclaimer: I've contributed patches to the project that this commit
	adds.

	Vagrant-Libvirt is an excellent way to use vagrant with libvirt. This
	way you can benefit from the vagrant features, while not loosing access
	to the familiar (and useful) tools such as virsh and virt-manager.

	Development currently at:

	https://github.com/pradels/vagrant-libvirt/

	although recent contributors include:

	https://github.com/sciurus/vagrant-libvirt/

	and:

	https://github.com/purpleidea/vagrant-libvirt/

	see git log for more details.

2014-05-12  Chunyan Liu  <cyliu@suse.com>

	update documentation of <interface type='hostdev'>
	<interface type='hostdev' managed='yes'> is supported, but
	nowhere mentions 'managed' in <interface type='hostdev'> syntax.
	Update documentation to cover it.

	libxl: fix support for <interface type="hostdev"> syntax
	A VIR_DOMAIN_NET_TYPE_HOSTDEV interface device is really a hostdev
	device, which is created by the libxl driver in libxlMakePCIList().
	There is no need to create a libxl_device_nic for such hostdev
	devices, so skip interfaces of type VIR_DOMAIN_NET_TYPE_HOSTDEV in
	libxlMakeNicList().

2014-05-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: use $(SED) instead of sed for syntax-check
	Some syntax-check rules use GNU sed specific regexps, so make
	sure we're using $(SED) instead of sed, which might not be a
	GNU sed.

	bhyve: implement connectGetSysinfo

2014-05-12  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.compare() handler for arm and aarch64
	Libvirt calls cpuArchDriver.compare() while doing guest migration.
	We don't have any logic to distinguish between different arm and
	aarch64 models that's why this patch allows migration to any host.

2014-05-10  Dawid Zamirski  <dzamirski@dattobackup.com>

	ESX: add virStorageVolGetInfo in iSCSI backend.
	Since the ESX storage implements VMFS and iSCSI storage backends and
	chooses relevant backend dynamically at runtime, there was a segfault
	when issuing vol-info on iSCSI volume due to unimplemented
	virStorageGetInfo function. This patch implements that function that was
	missing in iSCSI backend and returns expected result without a segfault.

2014-05-07  John Ferlan  <jferlan@redhat.com>

	storage: Resolve issues in failure path
	https://bugzilla.redhat.com/show_bug.cgi?id=1092882

	Refactoring in commit id '0c2305b3' resulted in the wrong storage
	volume object being passed to the new storageVolDeleteInternal().
	It should have passed 'voldef' which is the address found in the
	pool->volumes.objs[i] array.  By passing 'voldef', the DeleteInternal
	code will find and remove the voldef from the volumes.objs[] list.

2014-05-07  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add a set of trivial functions
	Add functions parallelsIsAlive, parallelsIsEncrypted,
	parallelsIsSecure which are very simple to implement, but
	may be required by some libvirt users. Almost all other
	drivers have these functions.

2014-05-07  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: don't add domain to the list twice
	There is a problem with function parallelsDomainDefineXML. If we
	are defining a new domain, then we need to do 2 things: aclually
	create a VM in PCS and add new domain to the cached list of domains
	_parallelsConn.domains.

	This is done in the function parallelsLoadDomains. So call to
	virDomainObjListAdd will return a error, because a domain
	with the same name and id will already be in the list.

2014-05-07  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: don't enable VNC when we define a new domain
	I added this code year ago, instead of implementing ability
	to change VNC configuration, which was not trivial, I added
	extra call to prlctl, which sets up VNC with auto port, despite
	VNC configuration given by a user.

	Let's remove this hack, because, first, it doesn't work on the
	latest Parallels Cloud Server release (you have to either specify
	--vnc-nopasswd option or password). And also has problem with
	error handling. If second call to prlctl fails, VM, created by
	first call to prlctl, will not be removed.

2014-05-07  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix virDomainDef.features comparison
	virDomainDef.features became an array, so now we can't simply
	compare one features variable to another. We need to compare
	each each element from the array.

2014-05-07  John Ferlan  <jferlan@redhat.com>

	qemu: Adjust size for qcow2/qed if not on sector boundary
	https://bugzilla.redhat.com/show_bug.cgi?id=1002813

	If qemuDomainBlockResize() is passed a size not on a KiB boundary - that
	is passed a size based in bytes (VIR_DOMAIN_BLOCK_RESIZE_BYTES), then
	depending on the source format (qcow2 or qed), the value passed must
	be on a sector (or 512 byte) boundary. Since other libvirt code quietly
	adjusts the capacity values, then do so here as well - of course ensuring
	that adjustment still fits.

2014-05-07  Ján Tomko  <jtomko@redhat.com>

	Add support for timestamping QEMU logs
	QEMU commit 5e2ac51 added a boolean '-msg timestamp=[on|off]'
	option, which can enable timestamps on errors:
	$ qemu-system-x86_64 -msg timestamp=on zghhdorf
	2014-04-09T13:25:46.779484Z qemu-system-x86_64: -msg timestamp=on: could
	not open disk image zghhdorf: Could not open 'zghhdorf': No such file or
	directory

	Enable this timestamp if the QEMU binary supports it.

	Add a 'log_timestamp' option to qemu.conf for disabling this behavior.

2014-05-07  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: track quiesced status in qemuDomainSnapshotFSFreeze
	Adds 'quiesced' status into qemuDomainObjPrivate that tracks whether
	FSFreeze is requested in the domain.

	It modifies error code from qemuDomainSnapshotFSFreeze and
	qemuDomainSnapshotFSThaw, so that a caller can know whether the command is
	actually sent to the guest agent. If the error is caused before sending a
	freeze command, a counterpart thaw command shouldn't be sent either, not to
	confuse fsfreeze status tracking.

2014-05-07  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	remote: Implement virDomainFSFreeze and virDomainFSThaw
	New rules are added in fixup_name in gendispatch.pl to keep the name
	FSFreeze and FSThaw. This adds a new ACL permission 'fs_freeze',
	which is also applied to VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag.

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2014-05-07  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	Introduce virDomainFSFreeze() and virDomainFSThaw() public API
	These will freeze and thaw filesystems within guest specified by
	@mountpoints parameters. The parameters can be NULL and 0, then all
	mounted filesystems are frozen or thawed. @flags parameter, which are
	currently not used, is for future extensions.

2014-05-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	udev: consider the device a CDROM when ID_CDROM=1
	Some CDROM devices are reported by udev to have an ID_TYPE="generic"
	thus it is necessary to check if ID_CDROM is present.

	As a side effect, treating ID_TYPE="generic" as a missing ID_TYPE will
	enable checks for ID_DRIVE_FLASH_SD and ID_DRIVE_FLOPPY and the
	udevKludgeStorageType heuristic.

2014-05-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: update README-hacking
	We don't have a "README-valgrind" file.
	So remove related description.

2014-05-06  Cole Robinson  <crobinso@redhat.com>

	virdbus: Make virDBusCall static

	virerror: Fix an error message typo

2014-05-06  Daniel P. Berrange  <berrange@redhat.com>

	LSN-2014-0003: Don't expand entities when parsing XML
	If the XML_PARSE_NOENT flag is passed to libxml2, then any
	entities in the input document will be fully expanded. This
	allows the user to read arbitrary files on the host machine
	by creating an entity pointing to a local file. Removing
	the XML_PARSE_NOENT flag means that any entities are left
	unchanged by the parser, or expanded to "" by the XPath
	APIs.

2014-05-06  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't install nonexistent test_libvirt_lockd.aug
	test_libvirt_lockd.aug is only generated when qemu driver is enabled.

	spec: sanlock is x86_64 only on RHEL

2014-05-06  Laine Stump  <laine@laine.org>

	qemu: specify domain in host-side PCI addresses when needed/supported
	This uses the new QEMU_CAPS_HOST_PCI_MULTIDOMAIN capability when
	present, for -devivce pci-assign, -device vfio-pci, and -pcidevice.

	While creating tests for this new functionality, I noticed that the
	xmls for two existing tests had erroneously specified an
	until-now-ignored domain="0x0002", so I corrected those two tests, and
	also added two failure tests to be sure that we alert users who
	attempt to use a non-zero domain with a qemu that doesn't support it.

2014-05-06  Laine Stump  <laine@laine.org>

	qemu: add host-pci-multidomain capability
	Quite a long time ago, (apparently between qemu 0.12 and 0.13) qemu
	quietly began supporting the optional specification of a domain in the
	host-side address of all pci passthrough commands (by simply
	prepending it to the bus:slot.function format, as
	"dddd:bb:ss.f"). Since machines with multiple PCI domains are very
	rare, this never came up in practice, so libvirt was never updated to
	support it.

	This patch takes the first step to supporting specification of a non-0
	domain in the host-side address of PCI devices being assigned to a
	domain, by adding a capability bit to indicate support
	"QEMU_CAPS_HOST_PCI_MULTIDOMAIN", and detect it. Since this support
	was added in a version prior to the minimum version required for
	QMP-style capabilities detection, the capability is always enabled for
	any qemu that uses QMP for capabilities detection. For older qemus,
	the only clue that a domain can be specified in the host pci address
	is the presence of the string "[seg:]" in the help string for
	-pcidevice. (Ironically, libvirt will not be modified to support
	specification of domain for -pcidevice, since any qemu new enough for
	us to care about also supports "-device pci-assign" or "-device
	vfio-pci", which are greatly preferred).

2014-05-06  Michal Privoznik  <mprivozn@redhat.com>

	storageVolCreateXMLFrom: Allow multiple accesses to origvol
	When creating a new volume, it is possible to copy data into it from
	another already existing volume (referred to as @origvol). Obviously,
	the read-only access to @origvol is required, which is thread safe
	(probably not performance-wise though). However, with current code
	both @newvol and @origvol are marked as building for the time of
	copying data from the @origvol to @newvol. The rationale behind
	is to disallow some operations on both @origvol and @newvol, e.g.
	vol-wipe, vol-delete, vol-download. While it makes sense to not allow
	such operations on partly copied mirror, but it doesn't make sense to
	disallow vol-create or vol-download on the source (@origvol).

2014-05-06  Ján Tomko  <jtomko@redhat.com>

	Fix build wihout macvtap or virtualport
	Commit 1b14c44 broke the build on FreeBSD by changing
	the signature of a few functions without updating the
	corresponding stubs that are used when WITH_MACVTAP
	or WITH_VIRTUALPORT is not defined.

2014-05-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatdomain
	s/virual/virtual

2014-05-06  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/{network,interface}_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this commit
	are reltaed to Network (network_conf.* and interface_conf.*) enums.

2014-05-05  Julio Faracco  <jcfaracco@gmail.com>

	conf: use typedefs for enums in "src/conf/cpu_conf.h"
	In "src/conf/" there are many enumeration (enum) declarations.
	Similar to the recent cleanup to "src/util" directory, it's
	better to use a typedef for variable types, function types and
	other usages. Other enumeration and folders will be changed to
	typedef's in the future. Most of the files changed in this commit
	are related to CPU (cpu_conf) enums.

	util: use typedefs for enums in "src/util/" directory
	In "src/util/" there are many enumeration (enum) declarations.
	Sometimes, it's better using a typedef for variable types,
	function types and other usages. Other enumeration will be
	changed to typedef's in the future.

2014-05-05  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Replace list element to defined variable

2014-05-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: support PARAVIRT reboot flag
	Add support for the VIR_DOMAIN_REBOOT_PARAVIRT flag in
	libxlDomainReboot().

	libxl: support PARAVIRT and ACPI shutdown flags
	Add support for VIR_DOMAIN_SHUTDOWN_PARAVIRT and
	VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN flags in
	libxlDomainShutdownFlags().

	Introduce a new flag for controlling shutdown/reboot
	Add a new flag to virDomain{Reboot,Shutdown}FlagValues to allow
	shutting down and rebooting a domain via the Xen paravirt control
	interface.

2014-05-05  Eric Blake  <eblake@redhat.com>

	conf: drop extra storage probe
	All callers of virStorageFileGetMetadataFromBuf were first calling
	virStorageFileProbeFormatFromBuf, to learn what format to pass in.
	But this function is already wired to do the exact same probe if
	the incoming format is VIR_STORAGE_FILE_AUTO, so it's simpler to
	just refactor the probing into the central function.

	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	Drop parameter.
	(virStorageFileProbeFormatFromBuf): Drop declaration.
	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Do probe here instead of in callers.
	(virStorageFileProbeFormatFromBuf): Make static.
	* src/libvirt_private.syms (virstoragefile.h): Drop function.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Update caller.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.

2014-05-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: report cpuTime in bhyveDomainGetInfo
	Add a helper function virBhyveGetDomainTotalCpuStats() to
	obtain process CPU time using kvm (kernel memory interface)
	and use it to set cpuTime field of the virDomainInfo struct in
	bhyveDomainGetInfo().

2014-05-05  Martin Kletzander  <mkletzan@redhat.com>

	typos: fix s/it/is/ where applicable

2014-05-05  Li Yang  <liyang.fnst@cn.fujitsu.com>

	datatypes: Fix comment of secret uuid

2014-05-04  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement connectDomainXMLToNative
	The only accepted format for now is 'bhyve-argv' which
	prints out a bhyve command corresponding to the given
	domain definition.

	bhyve: improve bhyve_command.c testability
	* bhyve_command.c (bhyveBuildNetArgStr, virBhyveProcessBuildBhyveCmd):
	  add dryRun mode which doesn't create any devices when enabled
	* bhyve_command.c (virBhyveProcessBuildBhyveCmd,
	  virBhyveProcessBuildDestroyCmd, virBhyveProcessBuildLoadCmd): accept
	  virDomainDefPtr instead of virDomainObjPtr.

2014-05-04  Ján Tomko  <jtomko@redhat.com>

	Fix vlan ID detection in udev interface driver
	Instead of guessing it from the interface name, look into
	/proc/net/vlan/<interface>.

	This works for devices not named <real_device>.<vlan ID>,
	avoiding an error flood when virt-manager keeps asking about
	them every second:

	https://bugzilla.redhat.com/show_bug.cgi?id=966329

2014-05-04  John Ferlan  <jferlan@redhat.com>

	Bump version to 1.2.5 for new dev cycle

2014-05-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.4
	* docs/news.html.in libvirt.spec.in: updates for release
	* po/*.po*: fetched new localization and regenerated

2014-05-03  Guido Günther  <agx@sigxcpu.org>

	Explicitly link virfirewalltest and virsystemdtest against dbus
	This fixes link failures like:

	  CCLD     virfirewalltest
	  /usr/bin/ld: virfirewalltest-virfirewalltest.o: undefined reference to
	  symbol 'dbus_message_iter_init_append'

2014-05-03  Guido Günther  <agx@sigxcpu.org>

	qemuxml2argvtest: Don't use privileged mode upfront
	When building packages in a clean chroot the QEMU_USER and QEMU_GROUP
	don't exist making VirQemuDriverConfigNew fail with privileged=true.

	Avoid that by not requiring privileged mode upfront but setting it later
	so we skip the user/group existence check.

	This solution was suggested by Daniel P. Berrange and tested by Martin
	Kletzander.

2014-05-02  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: skip virfirewalltest on non-Linux systems
	Currently firewalling is supported on Linux only, so skip the
	virfirewalltest on other platforms.

2014-05-02  John Ferlan  <jferlan@redhat.com>

	Restore skipping of setting capacity
	Commit id 'ac9a0963' refactored out the 'withCapacity' for the
	virStorageBackendUpdateVolInfo() API.  See:

	http://www.redhat.com/archives/libvir-list/2014-April/msg00043.html

	This resulted in a difference in how 'virsh vol-info --pool <poolName>
	<volume>' or 'virsh vol-list vol-list --pool <poolName> --details' outputs
	the capacity information for a directory pool with a qcow2 sparse file.

	For example, using the following XML

	mkdir /home/TestPool
	cat testpool.xml
	<pool type='dir'>
	  <name>TestPool</name>
	  <uuid>6bf80895-10b6-75a6-6059-89fdea2aefb7</uuid>
	  <source>
	  </source>
	  <target>
	    <path>/home/TestPool</path>
	    <permissions>
	      <mode>0755</mode>
	      <owner>0</owner>
	      <group>0</group>
	    </permissions>
	  </target>
	</pool>

	virsh pool-create testpool.xml
	virsh vol-create-as --pool TestPool temp_vol_1 \
	      --capacity 1048576 --allocation 1048576 --format qcow2
	virsh vol-info --pool TestPool temp_vol_1

	Results in listing a Capacity value.  Prior to the commit, the value would
	be '1.0 MiB' (1048576 bytes). However, after the commit the output would be
	(for example) '192.50 KiB', which for my system was the size of the volume
	in my file system (eg 'ls -l TestPool/temp_vol_1' results in '197120' bytes
	or 192.50 KiB). While perhaps technically correct, it's not necessarily
	what the user expected (certainly virt-test didn't expect it).

	This patch restores the code to not update the target capacity for this path

2014-05-02  Martin Kletzander  <mkletzan@redhat.com>

	tests: don't fail with newer gnutls
	gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards
	compatible when it comes to chrooted binaries [1].  Linking
	commandhelper with gnutls then leaves these two FDs open and
	commandtest fails thanks to that.  This patch does not link
	commandhelper with libvirt.la, but rather only the utilities making
	the test pass.

	Based on suggestion from Daniel [2].

	[1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html
	[2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.html

2014-05-02  Ján Tomko  <jtomko@redhat.com>

	fix build with older gcc
	Older gcc (4.1.2-55.el5, 4.2.1 on FreeBSD) reports bogus warnings:
	../../src/conf/nwfilter_conf.c:2111: warning: 'protocol' may be used
	uninitialized in this function
	../../src/conf/nwfilter_conf.c:2110: warning: 'dataProtocolID' may be
	used uninitialized in this function

	Initialize them to NULL to make the compiler happy.

2014-05-01  Eric Blake  <eblake@redhat.com>

	storage: reject negative indices
	Commit f22b7899 stumbled across a difference between 32-bit and
	64-bit platforms when parsing "-1" as an int.  Now that we've
	fixed that difference, it's time to fix the testsuite.

	* src/util/virstoragefile.c (virStorageFileParseChainIndex):
	Require a positive index.

2014-05-01  Eric Blake  <eblake@redhat.com>

	util: new stricter unsigned int parsing
	strtoul() is required to parse negative numbers as their
	twos-complement positive counterpart.  But sometimes we want
	to reject negative numbers.  Add new functions to do this.
	The 'p' suffix is a mnemonic for 'positive' (technically it
	also parses 0, but 'non-negative' doesn't lend itself to a
	nice one-letter suffix).

	* src/util/virstring.h (virStrToLong_uip, virStrToLong_ulp)
	(virStrToLong_ullp): New prototypes.
	* src/util/virstring.c (virStrToLong_uip, virStrToLong_ulp)
	(virStrToLong_ullp): New functions.
	* src/libvirt_private.syms (virstring.h): Export them.
	* tests/virstringtest.c (testStringToLong): Test them.

2014-05-01  Eric Blake  <eblake@redhat.com>

	util: fix uint parsing on 64-bit platforms
	Commit f22b7899 called to light a long-standing latent bug: the
	behavior of virStrToLong_ui was different on 32-bit platforms
	than on 64-bit platforms.  Curse you, C type promotion and
	narrowing rules, and strtoul specification.  POSIX says that for
	a 32-bit long, strtol handles only 2^32 values [LONG_MIN to
	LONG_MAX] while strtoul handles 2^33 - 1 values [-ULONG_MAX to
	ULONG_MAX] with twos-complement wraparound for negatives.  Thus,
	parsing -1 as unsigned long produces ULONG_MAX, rather than a
	range error.  We WANT[1] this same shortcut for turning -1 into
	UINT_MAX when parsing to int; and get it for free with 32-bit
	long.  But with 64-bit long, ULONG_MAX is outside the range
	of int and we were rejecting it as invalid; meanwhile, we were
	silently treating -18446744073709551615 as 1 even though it
	textually exceeds INT_MIN.  Too bad there's not a strtoui() in
	libc that does guaranteed parsing to int, regardless of the size
	of long.

	The bug has been latent since 2007, introduced by Jim Meyering
	in commit 5d25419 in the attempt to eradicate unsafe use of
	strto[u]l when parsing ints and longs.  How embarrassing that we
	are only discovering it now - so I'm adding a testsuite to ensure
	that it covers all the corner cases we care about.

	[1] Ideally, we really want the caller to be able to choose whether
	to allow negative numbers to wrap around to their 2s-complement
	counterpart, as in strtoul, or to force a stricter input range
	of [0 to UINT_MAX] by rejecting negative signs; this will be added
	in a later patch for all three int types.

	This patch is tested on both 32- and 64-bit; the enhanced
	virstringtest passes on both platforms, while virstoragetest now
	reliably fails on both platforms instead of just 32-bit platforms.
	That test will be fixed later.

	* src/util/virstring.c (virStrToLong_ui): Ensure same behavior
	regardless of platform long size.
	* tests/virstringtest.c (testStringToLong): New function.
	(mymain): Comprehensively test string to long parsing.

2014-05-01  Daniel P. Berrange  <berrange@redhat.com>

	Misc error reporting bugs in QEMU cli builder
	A couple of places in the QEMU XML -> ARGV conversion code
	raised an error but then forgot to return an error status
	due to missing gotos. While fixing this also tweak style
	of a couple of other error reports

2014-05-01  Laine Stump  <laine@laine.org>

	qemu: fix crash when removing <filterref> from interface with update-device
	If a domain network interface that contains a <filterref> is modified
	"live" using "virsh update-device --live", libvirtd would crash. This
	was because the code supporting live update of an interface's
	filterref was assuming that a filterref might be added or modified,
	but didn't account for removing the filterref, resulting in a null
	dereference of the filter name.

	Introduced with commit 258fb278, which was first in libvirt v1.0.1.

	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301

2014-04-30  Peter Krempa  <pkrempa@redhat.com>

	storage: Clear all data allocated about backing store before reparsing
	To avoid memory leak of the "backingStoreRaw" field when reparsing
	backing chains a new function is being introduced by this patch that
	shall be used to clear backing store information.

	The memory leak was introduced in commit 8823272d41a259c1246c05d.

2014-04-30  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Tear down temp. filters when tearing all filters
	Refactor the ebiptablesTearNewRules function so that the teardown of temporary
	filters can also be called by the ebiptablesAllTeardown function.

	This fixes a problem that leaves temporary filters behind when a VM shuts down
	while its filters are modified.


	v1->v2:
	  - test cases adjusted to expect more commands

2014-04-30  Michal Privoznik  <mprivozn@redhat.com>

	Device{Attach,Detach}: Document S4 limitations
	https://bugzilla.redhat.com/show_bug.cgi?id=808463

	Well, libvirt doesn't distinguish between domain poweroff and
	hibernation (S4). It's hard to differentiate these two on a real
	machine anyway. As a result, any device that is hot(un-)plugged is
	lost (appears again) when domain is started again as from our POV
	it is a fresh cold boot. Instead of doing anything wise here, we
	should just document this as known limitation.

2014-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Set mknod permission in device ACL for LXC USB devices
	The LXC controller itself needs to mknod the USB device
	node in /dev/bus/usb, so we can't block mknod permission
	from the cgroup.

2014-04-30  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Validate rule after parsing
	An IP or IPv6 rule with port specification but without protocol
	specification cannot be instantiated by ebtables. The documentation
	points to 'protocol' being required but implementation does not
	enforce it to be given.

	Implement a rule validation function that checks whether the rule is
	valid when it is defined. This for example prevents the definition
	of rules like:

	<ip dstportstart='53'>

	where a protocol attribute would be required for it to be valid and for
	ebtables to be able to instantiate it. A valid rule then is:

	<ip protocol='udp' dstportstart='53'>

2014-04-30  Sahid Orentino Ferdjaoui  <sahid.ferdjaoui@cloudwatt.com>

	Add a new example to illustrate domain migration
	This commit adds a new example to illustrate peer to
	peer domain migration with virDomainMigrateToURI.

	Add support for QEMU migration to use SASL authentication
	This commit provides the ability to virDomainMigrateToURI to
	check for SASL credentials when attempts to migrate a domain
	with the driver QEMU.

2014-04-30  Pavel Hrdina  <phrdina@redhat.com>

	networkxml2firewalltest: fix build failure on freebsd
	We need to include the testutils.h also for freebsd.

	virfirewall: fix build on freebsd
	Freebsd doesn't know ENODATA so we have to use different EINVAL
	error code.

2014-04-29  Eric Blake  <eblake@redhat.com>

	conf: avoid null deref during storage probe
	Commit 5c43e2e introduced a NULL deref if there is a failure
	in virStorageFileGetMetadataInternal.

	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Fix error handling.

2014-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Disable libvirtd by default when building on Win32
	We don't support building libvirtd on Win32 since we lack the
	fork/exec feature needed for the stateful drivers. Disable this
	by default, so users can just do 'mingw32-configure' with no
	special args required.

2014-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Don't use SO_REUSEADDR on Win32 platforms
	SO_REUSEADDR on Windows is actually akin to SO_REUSEPORT
	on Linux/BSD. ie it allows 2 apps to listen to the same
	port at once. Thus we must not set it on Win32 platforms

	See http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspx

2014-04-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: properly quit migration with abort_on_error
	When EIO comes to qemu while it's replying to
	qemuMigrationUpdateJobStatus(), qemu blocks, the migration of RAM can
	complete in the meantime, and when qemu unblocks, it sends us
	BLOCK_IO_ERROR plus migrations "status": "complete".  Even though we
	act upon the BLOCK_IO_ERROR by setting the proper state of the domain,
	the call still waits for the proper reply on monitor for query_migrate
	and after it gets it, it checks that migration is completed and the
	migration is finished.  This is what abort_on_error flag was meant for
	(we can migrate with these errors, but this flag must inhibit such
	behaviour).  Changing the order of the steps guarantees the flag works
	properly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1045833

2014-04-29  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't call virFileExists() for network type disks
	Based on suggestion from Eric [1], because it might not get cleaned up
	before the release, so to avoid potential errors.

	[1] https://www.redhat.com/archives/libvir-list/2014-April/msg00929.html

2014-04-29  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: update docs for setting the QEMU BIOS path
	commit ddf2dfa1f79af0405df5ca10583764a497c7a0db
	provided a way to determine which bios files to use.
	But we need to update related docs.

	disccussed at:
	http://www.redhat.com/archives/libvir-list/2012-June/msg01286.html

2014-04-29  Steven McDonald  <steven.mcdonald@anchor.net.au>

	storage_backend_rbd: Correct argument order to rbd_create3
	The stripe_unit and stripe_count arguments are passed to rbd_create3 in
	the wrong order, resulting in a stripe size of 1 byte with 4194304
	stripes on newly created RBD volumes.

	https://bugzilla.redhat.com/show_bug.cgi?id=1092208

2014-04-29  Eric Blake  <eblake@redhat.com>

	enforce sane readdir usage
	Now that all clients have been adjusted, ensure that no future
	misuse of readdir is introduced into the code base.

	* cfg.mk (sc_prohibit_readdir): New rule.
	* src/util/virfile.c (virDirRead): Exempt the wrapper.

2014-04-29  Laine Stump  <laine@laine.org>

	network: use virDirRead in networkMigrateStateFiles
	This attempts to follow the same variable name and usage patterns as
	the other conversions to virDirRead().

2014-04-29  Eric Blake  <eblake@redhat.com>

	storage: use virDirRead API
	More instances of failure to report (unlikely) readdir errors.
	In one case, I chose to ignore them, given that a readdir error
	would be no different than timing out on the loop, where the
	fallback path behaves correctly either way.

	* src/storage/storage_backend.c (virStorageBackendStablePath):
	Ignore readdir errors.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemRefresh): Report readdir errors.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIGetHostNumber): Likewise.
	* src/storage/storage_backend_scsi.c (getNewStyleBlockDevice)
	(getBlockDevice, virStorageBackendSCSIFindLUs): Likewise.

2014-04-29  Eric Blake  <eblake@redhat.com>

	drivers: use virDirRead API
	Convert all remaining clients of readdir to use the new
	interface, so that we can ensure (unlikely) errors while
	reading a directory are reported.

	* src/openvz/openvz_conf.c (openvzAssignUUIDs): Use new
	interface.
	* src/parallels/parallels_storage.c (parallelsFindVolumes)
	(parallelsFindVmVolumes): Report readdir failures.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Ignore readdir
	failures.
	* src/secret/secret_driver.c (loadSecrets): Likewise.
	* src/qemu/qemu_hostdev.c
	(qemuHostdevHostSupportsPassthroughVFIO): Report readdir failures.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xm_internal.c (xenXMConfigCacheRefresh): Likewise.

2014-04-29  Eric Blake  <eblake@redhat.com>

	util: use virDirRead API
	In making the conversion to the new API, I fixed a couple bugs:
	virSCSIDeviceGetSgName would leak memory if a directory
	unexpectedly contained multiple entries;
	virNetDevTapGetRealDeviceName could report a spurious error
	from a stale errno inherited before starting the readdir search.

	The decision on whether to store the result of virDirRead into
	a variable is based on whether the end of the loop falls through
	to cleanup code automatically.  In some cases, we have loops that
	are documented to return NULL on failure, and which raise an
	error on most failure paths but not in the case where the directory
	was unexpectedly empty; it may be worth a followup patch to
	explicitly report an error if readdir was successful but the
	directory was empty, so that a NULL return always has an error set.

	* src/util/vircgroup.c (virCgroupRemoveRecursively): Use new
	interface.
	(virCgroupKillRecursiveInternal, virCgroupSetOwner): Report
	readdir failures.
	* src/util/virfile.c (virFileLoopDeviceOpenSearch)
	(virFileNBDDeviceFindUnused, virFileDeleteTree): Use new
	interface.
	* src/util/virnetdevtap.c (virNetDevTapGetRealDeviceName):
	Properly check readdir errors.
	* src/util/virpci.c (virPCIDeviceIterDevices)
	(virPCIDeviceFileIterate, virPCIGetNetName): Report readdir
	failures.
	(virPCIDeviceAddressIOMMUGroupIterate): Use new interface.
	* src/util/virscsi.c (virSCSIDeviceGetSgName): Report readdir
	failures, and avoid memory leak.
	(virSCSIDeviceGetDevName): Report readdir failures.
	* src/util/virusb.c (virUSBDeviceSearch): Report readdir
	failures.
	* src/util/virutil.c (virGetFCHostNameByWWN)
	(virFindFCHostCapableVport): Report readdir failures.

2014-04-29  Eric Blake  <eblake@redhat.com>

	conf: use virDirRead API
	When reading configuration files, we were silently ignoring
	directory read failures.  While unlikely, we might as well
	report them.

	* src/conf/domain_conf.c (virDomainObjListLoadAllConfigs): Report
	readdir errors.
	* src/conf/network_conf.c (virNetworkLoadAllState)
	(virNetworkLoadAllConfigs): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterLoadAllConfigs): Likewise.
	* src/conf/storage_conf.c (virStoragePoolLoadAllConfigs):
	Likewise.

2014-04-29  Natanael Copa  <ncopa@alpinelinux.org>

	nodeinfo: use virDirRead API
	This makes sure that errno is reset before readdir is called, even if
	the loop does a 'continue'.

	This fixes issue with musl libc which sets errno on sscanf. The
	following 'continue' makes the errno be set before calling readdir.

2014-04-29  Natanael Copa  <ncopa@alpinelinux.org>

	util: introduce virDirRead wrapper for readdir
	Introduce a wrapper for readdir. This helps us make sure that we always
	set errno before calling readdir and it will make sure errors are
	properly logged.

2014-04-28  Martin Kletzander  <mkletzan@redhat.com>

	tests: remove hostdevmgr directory on cleanup

2014-04-28  Jim Fehlig  <jfehlig@suse.com>

	xen: ensure /usr/sbin/xend exists before checking status
	With xend on the way out, installations may not even have
	/usr/sbin/xend, which results in the following error when the
	drivers are probed

	2014-04-28 18:21:19.271+0000: 22129: error : virCommandWait:2426 :
	internal error: Child process (/usr/sbin/xend status) unexpected exit
	status 127: libvirt:  error : cannot execute binary /usr/sbin/xend:
	No such file or directory

	Check for existence of /usr/sbin/xend before trying to run it with
	the 'status' option.

2014-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus ATTRIBUTE_NONNULL from virFirewallAddRuleFull
	The virFirewallAddRuleFull method originally had a single
	compulsory virFirewallQueryCallback parameter. During dev
	work though the ignoreErrors parameter was added and the
	callback parameter made optional. The ATTRIBUTE_NONNULL
	annotation was never removed though.

	Make autostart of virtlockd actually work
	The virnetsocket.c API is hardcoded to pass --timeout=30 to
	any daemon it auto-starts. For inexplicable reasons the virtlockd
	daemon did not implement the --timeout option, so it would
	immediately exit on autostart with an error.

	Use virFileFindResource to locate virtlockd daemon
	Make the lock plugin use virFileFindResource to find the
	virtlockd daemon path, so that it executes the in-builddir
	daemon if run from source tree.

	Use virFileFindResource to locate libvirtd daemon
	Make the remote driver use virFileFindResource to find the
	libvirt daemon path, so that it executes the in-builddir
	daemon if run from source tree.

2014-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Recheck disk backing chains after snapshot
	When a snapshot operation finishes we have to recheck the backing chain
	of all disks involved in the snapshot. And we need to do that even if
	the operation failed because some of the disks might have changed if
	QEMU did not support transactions.

2014-04-27  Laine Stump  <laine@laine.org>

	network: centralize check for active network during interface attach
	The check for a network being active during interface attach was being
	done individually in several places (by both the lxc driver and the
	qemu driver), but those places were too specific, leading to it *not*
	being checked when allocating a connection/device from a macvtap or
	hostdev network.

	This patch puts a single check in networkAllocateActualDevice(), which
	is always called before the any network interface is attached to any
	type of domain. It also removes all the other now-redundant checks
	from the lxc and qemu drivers.

	NB: the following patches are prerequisites for this patch, in the
	case that it is backported to any branch:

	  440beeb network: fix virNetworkObjAssignDef and persistence
	  8aaa5b6 network: create statedir during driver initialization
	  b9e9549 network: change location of network state xml files
	  411c548 network: set macvtap/hostdev networks active if their state
	          file exists

	This fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=880483

2014-04-27  Laine Stump  <laine@laine.org>

	network: set macvtap/hostdev networks active if their state file exists
	libvirt attempts to determine at startup time which networks are
	already active, and set their active flags. Previously it has done
	this by assuming that all networks are inactive, then setting the
	active flag if the network has a bridge device associated with it and
	that bridge device exists. This is not useful for macvtap and hostdev
	based networks, since they do not use a bridge device.

	Of course the reason that such a check had to be done was that the
	presence of a status file in the network "stateDir" couldn't be
	trusted as an indicator of whether or not a network was active. This
	was due to the network driver mistakenly using
	/var/lib/libvirt/network to store the status files, rather than
	/var/run/libvirt/network (similar to what is done by every other
	libvirt driver that stores status xml for its objects). The difference
	is that /var/run is cleared out when the host reboots, so you can be
	assured that the state file you are seeing isn't just left over from a
	previous boot of the host.

	Now that the network driver has been switched to using
	/var/run/libvirt/network for status, we can also modify it to assume
	that any network with an existing status file is by definition active
	- we do this when reading the status file. To fine tune the results,
	networkFindActiveConfigs() is changed to networkUpdateAllState(),
	and only sets active = 0 if the conditions for particular network
	types are *not* met.

	The result is that during the first run of libvirtd after the host
	boots, there are no status files, so no networks are active. Any time
	libvirtd is restarted, any network with a status file will be marked
	as active (unless the network uses a bridge device and that device for
	some reason doesn't exist).

2014-04-27  Laine Stump  <laine@laine.org>

	network: change location of network state xml files
	For some reason these have been stored in /var/lib, although other
	drivers (e.g. qemu and lxc) store their state files in /var/run.

	It's much nicer to store state files in /var/run because it is
	automatically cleared out when the system reboots. We can then use
	existence of the state file as a convenient indicator of whether or
	not a particular network is active.

	Since changing the location of the state files by itself will cause
	problems in the case of a *live* upgrade from an older libvirt that
	uses /var/lib (because current status of active networks will be
	lost), the network driver initialization has been modified to migrate
	any network state files from /var/lib to /var/run.

	This will not help those trying to *downgrade*, but in practice this
	will only be problematic in two cases

	1) If there are networks with network-wide bandwidth limits configured
	   *and in use* by a guest during a downgrade to "old" libvirt. In this
	   case, the class ID's used for that network's tc rules, as well as
	   the currently in-use bandwidth "floor" will be forgotten.

	2) If someone does this: 1) upgrade libvirt, 2) downgrade libvirt, 3)
	   modify running state of network (e.g. add a static dhcp host, etc),
	   4) upgrade. In this case, the modifications to the running network
	   will be lost (but not any persistent changes to the network's
	   config).

2014-04-27  Laine Stump  <laine@laine.org>

	network: create statedir during driver initialization
	This directory should be created when the network driver is first
	started up, not just when a dhcp daemon is run. This hasn't posed a
	problem in the past, because the directory has always been
	pre-existing.

2014-04-27  Laine Stump  <laine@laine.org>

	network: fix virNetworkObjAssignDef and persistence
	Experimentation showed that if virNetworkCreateXML() was called for a
	network that was already defined, and then the network was
	subsequently shutdown, the network would continue to be persistent
	after the shutdown (expected/desired), but the original config would
	be lost in favor of the transient config sent in with
	virNetworkCreateXML() (which would then be the new persistent config)
	(obviously unexpected/not desired).

	To fix this, virNetworkObjAssignDef() has been changed to

	1) properly save/free network->def and network->newDef for all the
	various combinations of live/active/persistent, including some
	combinations that were previously considered to be an error but didn't
	need to be (e.g. setting a "live" config for a network that isn't yet
	active but soon will be - that was previously considered an error,
	even though in practice it can be very useful).

	2) automatically set the persistent flag whenever a new non-live
	config is assigned to the network (and clear it when the non-live
	config is set to NULL). the libvirt network driver no longer directly
	manipulates network->persistent, but instead relies entirely on
	virNetworkObjAssignDef() to do the right thing automatically.

	After this patch, the following sequence will behave as expected:

	virNetworkDefineXML(X)
	virNetworkCreateXML(X') (same name but some config different)
	virNetworkDestroy(X)

	At the end of these calls, the network config will remain as it was
	after the initial virNetworkDefine(), whereas previously it would take
	on the changes given during virNetworkCreateXML().

	Another effect of this tighter coupling between a) setting a !live def
	and b) setting/clearing the "persistent" flag, is that future patches
	which change the details of network lifecycle management
	(e.g. upcoming patches to fix detection of "active" networks when
	libvirtd is restarted) will find it much more difficult to break
	persistence functionality.

2014-04-27  Dwight Engen  <dwight.engen@oracle.com>

	build: -avoid-version on libvirt_driver_nwfilter
	This fixes the following make rpm warning:

	warning: Installed (but unpackaged) file(s) found:
	   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0
	   /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so.0.0.0

	introduced in comit 8d559864

2014-04-25  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Support PV consoles
	Currently the driver only exposes the ability to connect to the serial console
	of a Xen guest, which doesn't work for a PV guest. Since for an HVM guest the
	serial devices are duplicated as consoles it is sufficient to just use the
	console devices unconditionally.

	Tested with the following bit of config XML:

	<domain type='xen'>
	  ...
	  <devices>
	    <console type='pty'>
	      <target type='xen'/>
	    </console>
	  </devices>
	</domain>

	I have observed and tested this on ARM but I believe it also applies to x86 PV
	guests.

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Dario Faggioli <dario.faggioli@citrix.com>
	Cc: Clark Laughlin <clark.laughlin@linaro.org>

2014-04-25  Dwight Engen  <dwight.engen@oracle.com>

	build: add nwfilterxml2firewalldata to dist

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize include of dlfcn.h in virmock.h
	dlfcn.h does not exist on Win32 so must only be used
	conditionally

	Add a test suite for nwfilter ebiptables tech driver
	Create a nwfilterxml2firewalltest to exercise the
	ebiptables_driver.applyNewRules method with a variety of
	different XML input files. The XML input files are taken
	from the libvirt-tck nwfilter tests. While the nwfilter
	tests verify the final state of the iptables chains, this
	test verifies the set of commands invoked to create the
	chains.

	Remove last trace of direct firewall command exection
	Remove all the left over code related to the direct invocation
	of firewall-cmd/iptables/ip6tables/ebtables. This is all handled
	by the virFirewallPtr APIs now.

	Convert ebiptablesDriverProbeStateMatch to virFirewall
	Conver the ebiptablesDriverProbeStateMatch initialization
	check to use the virFirewall APIs for querying iptables
	version.

	Convert nwfilter ebiptablesApplyNewRules to virFirewall
	Convert the nwfilter ebtablesApplyNewRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyDropAllRules to virFirewall
	Convert the nwfilter ebtablesApplyDropAllRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyDHCPOnlyRules to virFirewall
	Convert the nwfilter ebtablesApplyDHCPOnlyRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesApplyBasicRules to virFirewall
	Convert the nwfilter ebtablesApplyBasicRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesTearNewRules to virFirewall
	Convert the nwfilter ebiptablesTearNewRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebtablesRemoveBasicRules to virFirewall
	Convert the nwfilter ebtablesRemoveBasicRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesTearOldRules to virFirewall
	Convert the nwfilter ebiptablesTearOldRules method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert nwfilter ebiptablesAllTeardown to virFirewall
	Convert the nwfilter ebiptablesAllTeardown method to use the
	virFirewall object APIs instead of creating shell scripts
	using virBuffer APIs. This provides a performance improvement
	through allowing direct use of firewalld dbus APIs and will
	facilitate automated testing.

	Convert ebtables code over to use firewall APIs
	Convert the virebtables.{c,h} files to use the new virFirewall
	APIs for changing ebtables rules.

	Add test for converting network XML to iptables rules
	Using the virCommand dry run capability, capture iptables rules
	created by various network XML documents.

	Replace virNetworkObjPtr with virNetworkDefPtr in network platform APIs
	The networkCheckRouteCollision, networkAddFirewallRules and
	networkRemoveFirewallRules APIs all take a virNetworkObjPtr
	instance, but only ever access the 'def' member. It thus
	simplifies testing if the APIs are changed to just take a
	virNetworkDefPtr instead

	Convert bridge driver over to use new firewall APIs
	Update the iptablesXXXX methods so that instead of directly
	executing iptables commands, they populate rules in an
	instance of virFirewallPtr. The bridge driver can thus
	construct the ruleset and then invoke it in one operation
	having rollback handled automatically.

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Introduce an object for managing firewall rulesets
	The network and nwfilter drivers both have a need to update
	firewall rules. The currently share no code for interacting
	with iptables / firewalld. The nwfilter driver is fairly
	tied to the concept of creating shell scripts to execute
	which makes it very hard to port to talk to firewalld via
	DBus APIs.

	This patch introduces a virFirewallPtr object which is able
	to represent a complete sequence of rule changes, with the
	ability to have multiple transactional checkpoints with
	rollbacks. By formally separating the definition of the rules
	to be applied from the mechanism used to apply them, it is
	also possible to write a firewall engine that uses firewalld
	DBus APIs natively instead of via the slow firewalld-cmd.

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Preserve error when tearing down nwfilter rules
	When a VM fails to launch due to error creating nwfilter
	rules, we must avoid overwriting the original error when
	tearing down the partially created rules.

	Remove two-stage construction of commands in nwfilter
	The nwfilter ebiptables driver will build up commands to run in
	two phases. The first phase contains all of the command, except
	for the '-A' part. Instead it has a '%c' placeholder, along with
	a '%s' placeholder for a position arg. The second phase than
	substitutes these placeholders. The only values ever used for
	these substitutions though is '-A' and '', so it is entirely
	pointless. Remove the second phase entirely, since it will make
	it harder to convert to the new firewall APIs

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Merge nwfilter createRuleInstance driver into applyNewRules
	The current nwfilter tech driver API has a 'createRuleInstance' method
	which populates virNWFilterRuleInstPtr with a command line string
	containing variable placeholders. The 'applyNewRules' method then
	expands the variables and executes the commands. This split of
	responsibility won't work when switching to the virFirewallPtr
	APIs, since we can't just build up command line strings. This patch
	this merges the functionality of 'createRuleInstance' into the
	applyNewRules method.

	The virNWFilterRuleInstPtr struct is changed from holding an array
	of opaque pointers, into holding generic metadata about the rules
	to be processed. In essence this is the result of taking a linked
	set of virNWFilterDefPtr's and flattening the tree to get a list
	of virNWFilterRuleDefPtr's. At the same time we must keep track of
	any nested virNWFilterObjPtr instances, so that the locks are held
	for the duration of the 'applyNewRules' method.

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Push virNWFilterRuleInstPtr out of (eb|ip)tablesCreateRuleInstance
	Later refactoring will change use of the virNWFilterRuleInstPtr struct.
	Prepare for this by pushing use of the virNWFilterRuleInstPtr parameter
	out of the ebtablesCreateRuleInstance and iptablesCreateRuleInstance
	methods. Instead they simply string(s) with the constructed rule data.
	The ebiptablesCreateRuleInstance method will make use of the
	virNWFilterRuleInstPtr struct instead.

	Add helper methods for determining what protocol layer is used
	Add virNWFilterRuleIsProtocol{Ethernet,IPv4,IPv6} helper methods
	to avoid having to write a giant switch statements with many cases.

	Remove nwfilter tech driver 'displayRuleInstance' callback
	The 'displayRuleInstance' callback in the nwfilter tech driver
	is never invoked, so can be deleted.

	Remove nwfilter tech driver 'removeRules' callback
	The 'removeRules' callback in the nwfilter tech driver is never
	invoked, so can be deleted.

	Remove pointless storage of var names in virNWFilterHashTable
	The virNWFilterHashTable struct contains a virHashTable and
	then a 'char **names' field which keeps a copy of all the
	hash keys. Presumably this was intended to record the ordering
	of the hash keys. No code ever uses this and the ordering is
	mangled whenever a variable is removed from the hash, because
	the last element in the list is copied into the middle of the
	list when shrinking the array.

	Remove virDomainNetType parameter from nwfilter drivers
	The 'virDomainNetType' is unused in every impl of the
	virNWFilterRuleCreateInstance driver method. Remove it
	from the code to avoid the dependancy on the external
	enum.

	Move virNWFilterTechDriver struct out of nwfilter_conf.h
	The virNWFilterTechDriver struct is nothing to do with the nwfilter
	XML configuration. It stores data specific to the driver implementation
	so should be in a header in the driver directory instead.

	Fix leak on OOM in virNWFilterVarValueCreateSimpleCopyValue
	If virNWFilterVarValueCreateSimple fails with OOM, then
	'val' will be leaked by virNWFilterVarValueCreateSimpleCopyValue

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overflow when setting migration speed on inactive domains
	Commit c4206d7 fixed the overflow for running domains. However, we need
	a similar check when setting migration speed on inactive domains.

	At first look, it may seem the check in c4206d7 is now redundant but
	qemuDomainMigrateSetMaxSpeed is not the only caller of
	qemuMonitorSetMigrationSpeed so we need to check the bandwidth in both
	places.

	https://bugzilla.redhat.com/show_bug.cgi?id=1083483

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Use virFileFindResource to locate CPU map XML
	Replace use of cpuMapOverride with virFileFindResource
	to locate CPU map from build dir.

	Use virFileFindResource to locate driver plugins
	Replace virDriverModuleInitialize with virFileFindResource
	usage.

	Use virFileFindResource to locate lock manager plugins
	Replace virLockManagerSetPluginDir with virFileFindResource
	usage.

2014-04-25  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Use virFileFindResource to locate iohelper for fdstream
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

	Use virFileFindResource to locate parthelper for storage backend
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_parthelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

	Use virFileFindResource to locate libvirt_lxc for capabilities
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_lxc
	binary set in the LXC driver capabilities, use virFileFindResource
	to optionally find it in the current build directory.

	Use virFileFindResource to locate iohelper for virFileWrapperFdNew
	Instead of hardcoding LIBEXECDIR as the location of the libvirt_iohelper
	binary, use virFileFindResource to optionally find it in the current
	build directory.

2014-04-25  Daniel P. Berrange  <berrange@redhat.com>

	Activate build dir overrides in libvirtd, virtlockd, virsh & tests
	Add calls to virFileActivateDirOverride so that the build dir
	overrides are activated.

	Add helpers for resolving path to resources in build tree
	Add virFileFindResource which will try to locate files
	in the local build tree if the calling binary (eg libvirtd or
	test suite) is being run from the build tree. The corresponding
	virFileActivateDirOverride should be called at startup passing
	in argv[0]. This will be examined for evidence of libtool magic
	binary prefix / sub-directory in order to activate the override.

	Add test suite for viralloc APIs
	In debugging a crash on OOM, I thought that the virInsert APIs
	might be at fault, but couldn't isolate them as a cause. While
	the viralloc APIs are used in many test suites, this is as a
	side-effect, they are not directly tested :-)

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	Add support for addressing backing stores by index
	Each backing store of a given disk is associated with a unique index
	(which is also formatted in domain XML) for easier addressing of any
	particular backing store. With this patch, any backing store can be
	addressed by its disk target and the index. For example, "vdc[4]"
	addresses the backing store with index equal to 4 of the disk identified
	by "vdc" target. Such shorthand can be used in any API in place for a
	backing file path:

	    virsh blockcommit domain vda --base vda[3] --top vda[2]

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	virStorageFileChainLookup: Return virStorageSourcePtr
	Returning both virStorageSourcePtr and its path member does not make a
	lot of sense.

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainBlockCommit: Track virStorageSourcePtr for base
	virStorageFileChainLookup is able to give use virStorageSourcePtr which
	contains the pointer to its canonical path. Let's use a more general
	virStorageSourcePtr instead of just canonical path.

	Former base_canon maps to baseSource->path.

2014-04-25  Jiri Denemark  <jdenemar@redhat.com>

	qemuDomainBlockCommit: Don't track top_canon path separately
	virStorageFileChainLookup is able to give use virStorageSourcePtr which
	contains the pointer to its canonical path. There's no need for the
	caller to store both of them.

	Former top_meta maps to topSource and top_canon maps to topSource->path.

2014-04-24  Eric Blake  <eblake@redhat.com>

	build: avoid 'index' as variable name
	Once again, gcc 4.4.7 (hello RHEL) rears its ugly head:

	conf/domain_conf.c: In function 'virDomainDiskBackingStoreFormat':
	conf/domain_conf.c:14940: error: declaration of 'index' shadows a global declaration [-Wshadow]
	/usr/include/string.h:489: error: shadowed declaration is here [-Wshadow]

	* src/conf/domain_conf.c (virDomainDiskBackingStoreFormat): Pacify
	older gcc.

2014-04-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: document nmdm type console
	* Add nmdm type device to domain format documnetation
	* Add a section about nmdm console usage to the bhyve driver
	  documentation

2014-04-24  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't check for backing chains for formats w/o snapshot support
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1019926
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868673

2014-04-24  Jiri Denemark  <jdenemar@redhat.com>

	tests: Test backing store XML formatting and parsing

	tests: More output options for xml2xml tests
	So far, qemuxml2xml test was only able to check if the result matches
	the original or the appropriate XML in qemuxml2xmloutdata regardless on
	flags used to format the XML. Since the result can be different
	depending on VIR_DOMAIN_XML_INACTIVE flag being used or not, this patch
	adds support for qemuxml2xmlout-%s-active.xml and
	qemuxml2xmlout-%s-inactive.xml output files. If the file specific to the
	flag used exists, it is used in preference to the generic
	qemuxml2xmlout-%s.xml file when reading the expected output.

2014-04-24  Jiri Denemark  <jdenemar@redhat.com>

	conf: Format and parse backing chains in domain XML
	This patch implements formating and parsing code for the backing store
	schema defined and documented by the previous patch.

	This patch does not aim at providing full persistent storage of disk
	backing chains yet. The formatter is supposed to provide the backing
	chain detected when starting a domain and thus it is not formatted into
	an inactive domain XML. The parser is implemented mainly for the purpose
	of testing the XML generated by the formatter and thus it does not
	distinguish between no backingStore element and an empty backingStore
	element. This will have to change once we fully implement support for
	user-supplied backing chains.

2014-04-24  Jiri Denemark  <jdenemar@redhat.com>

	conf: Output disk backing store details in domain XML
	The XML for quite a longish backing chain is shown below:

	  <disk type='network' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source protocol='nbd' name='bar'>
	      <host transport='unix' socket='/var/run/nbdsock'/>
	    </source>
	    <backingStore type='block' index='1'>
	      <format type='qcow2'/>
	      <source dev='/dev/HostVG/QEMUGuest1'/>
	      <backingStore type='file' index='2'>
	        <format type='qcow2'/>
	        <source file='/tmp/image2.qcow'/>
	        <backingStore type='file' index='3'>
	          <format type='qcow2'/>
	          <source file='/tmp/image3.qcow'/>
	          <backingStore type='file' index='4'>
	            <format type='qcow2'/>
	            <source file='/tmp/image4.qcow'/>
	            <backingStore type='file' index='5'>
	              <format type='qcow2'/>
	              <source file='/tmp/image5.qcow'/>
	              <backingStore type='file' index='6'>
	                <format type='raw'/>
	                <source file='/tmp/Fedora-17-x86_64-Live-KDE.iso'/>
	                <backingStore/>
	              </backingStore>
	            </backingStore>
	          </backingStore>
	        </backingStore>
	      </backingStore>
	    </backingStore>
	    <target dev='vdb' bus='virtio'/>
	  </disk>

	Various disk types and formats can be mixed in one chain. The
	<backingStore/> empty element marks the end of the backing chain and it
	is there mostly for future support of parsing the chain provided by a
	user. If it's missing, we are supposed to probe for the rest of the
	chain ourselves, otherwise complete chain was provided by the user. The
	index attributes of backingStore elements can be used to unambiguously
	identify a specific part of the image chain.

2014-04-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix pci bus naming for PPC
	Recent discussions around naming of 'pci' vs 'pci.0' for PPC
	made me go back and look at the PPC emulator in every historical
	version of QEMU since 1.0. The results were worse than I imagined.
	This patch adds the logic required to make libvirt work with PPC
	correctly with naming variations across all versions & machine
	types.

2014-04-24  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Invert the way recursive metadata retrieval works
	To avoid having the root of a backing chain present twice in the list we
	need to invert the working of virStorageFileGetMetadataRecurse.

	Until now the recursive worker created a new backing chain element from
	the name and other information passed as arguments. This required us to
	pass the data of the parent in a deconstructed way and the worker
	created a new entry for the parent.

	This patch converts this function so that it just fills in metadata
	about the parent and creates a backing chain element from those. This
	removes the duplication of the first element.

	To avoid breaking the test suite, virstoragetest now calls a wrapper
	that creates the parent structure explicitly and pre-fills it with the
	test data with same function signature as previously used.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: virstoragefile: Don't mangle data stored about directories
	Don't remove detected metadata about directory based storage volumes.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	storage: Move disk->backingChain to the recursive disk->src.backingStore
	Switch over to storing of the backing chain as a recursive
	virStorageSource structure.

	This is a string based move. Currently the first element will be present
	twice in the backing chain as currently the retrieval function stores
	the parent in the newly detected chain. This will be fixed later.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: virstoragefile: Rename backingMeta to backingStore
	To conform with the naming of the planned XML output rename the metadata
	variable name.

	s/backingMeta/backingStore/g

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: virstorage: Kill struct virStorageFileMetadata
	Remove the now unused pieces of the structure.

	maint: Switch over from struct virStorageFileMetadata to virStorageSource
	Replace the old structure with the new one. This change is a trivial
	name change operation (along with change of the freeing function).

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Add fields from virStorageMetadata to virStorageSource
	Add the required fields that are missing from the new structure that
	will allow us to switch the storage file metadata code entirely to the
	new structure.

	Add "relPath" and "relDir" and the raw backing store name. Also allow
	creating linked lists of virStorageSourcePtrs to express backing chains.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Add function to free a virStorageSourcePtr
	Add a free function as some parts of the code will allocate the
	structure.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	virstoragefile: Kill "backingStore" field from virStorageFileMetadata
	Remove the obsolete field replaced by data in "path".

	The testsuite requires tweaking as the name of the backing file is now
	stored one layer deeper in the backing chain linked list.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: virstoragefile: Don't use "backingStore" directly
	As a temporary step to allow killing of the "backingStore" field of
	struct virStorageFileMetadata the recursive metadata retrieval function
	will be converted not to use the field in the lookup process.

	util: storagefile: Rename "canonPath" to "path" in virStorageFileMetadata
	As for the previous patch, this change is needed to achieve
	compatibility with all the existing code, where we expect a fully
	qualified path of local files to be present.

	util: storage: Rename "path" to "relPath" in virStorageFileMetadata
	To allow future change of virStorageFileMetadata to virStorageSource we
	need to store a full path in the "path" variable as rest of the code
	expects it to be a full path. Rename the "path" field to "relPath" to
	keep tracking the info but allowing a real "path" field.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	storage: util: Clean up arguments of virStorageFileGetMetadataInternal
	Avoid passing lot of arguments into guts of metadata retrieval to fill
	the actual structure. Temporarily fill the structure before passing it
	down to the actual metadata extractor.

	This will later help the inversion of the steps taken to extract the
	metadata so that this function can be fully converted to
	virStorageSource as the data struct.

	This patch also fixes regression when starting a gluster storage pool
	where the volumes don't have local representation so that the
	canonicalization of the volume's file name failed. Broken by commit
	79f11b35

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Move checking of the actual backing image to the worker
	Move the code checking the presence of the backing file to the recursive
	worker function instead of the metadata parser. The recursive worker
	will later be changed to parse more than just local files and this
	change will help the separation.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: storage: Remove obsolete argument virStorageFileGetMetadataInternal
	As we already pass the whole structure down the call path there's no
	need to return some stuff in a separate argument. Remove the argument
	and tweak callers to avoid breaking semantics.

	virStorageFileGetMetadataFromBuf will be refactored later along with the
	storage driver.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Always store raw backing name in the metadata
	Don't use the backingStoreRaw as a indication of broken chains. Fill it
	always and tweak the broken image chain detector to avoid changing the
	semantics.

	The new semantics to detect a broken chain is the presence of string in
	backingStoreRaw but the lack of the backing chain metadata structure in
	the chain.

	Now that the raw backing store name is always filled there's no need to
	pass the raw name variable separately to fill in case the backing is not
	a file. Tweak the function so that it can handle a NULL in that case.

2014-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: unexport qemuDiskChainCheckBroken
	The function isn't used in any other source file. Move it so that it
	doesn't need a declaration.

2014-04-23  Ján Tomko  <jtomko@redhat.com>

	Document behavior of setvcpus during guest boot
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1088748

	The hotplugged vcpus could fail to show up in the guest if
	they were added during boot, see:
	https://bugzilla.redhat.com/show_bug.cgi?id=807508

	Also change arbitrary to arbitrarily.

2014-04-23  Ján Tomko  <jtomko@redhat.com>

	Save domain status after cpu hotplug
	The live change of vcpus was not reflected in the domain status
	xml and it got lost during libvirtd restart.

	https://bugzilla.redhat.com/show_bug.cgi?id=1088703

2014-04-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: bhyveDomainDefineXML fixes
	- do not lose new definition for an active domain
	- do not leak oldDef
	- do not set dom->id if virDomainSaveConfig() fails
	- do not call virObjectUnlock(vm) if vm is NULL

2014-04-23  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	PPC64 prefers to set pci-ohci controller as default USB controller. Currently, libvirt is using legacy USB controller as default. There are problems with VGA which can't work correctly with USB Keyboard and USB Mouse.
	While providing -nodefaults, ppc64 should be specifying the usb
	controller explicitly in place of using the legacy
	controller(-usb). Qemu spapr initialization code when sees "-usb" adds a
	USB Keyboard and USB Mouse by default. And libvirt has added a USB
	keyboard and USB mouse.

	A recent fix in the in qemu VGA code uncoverd this problem, which
	resulted in addition of extra keyboard and mouse to the qemu machine.

	This patch is to set pci-ohci as USB default controller.

2014-04-22  Ján Tomko  <jtomko@redhat.com>

	Fix error for out of range vcpu in qemuDomainPinVcpuFlags
	Changes:
	error: invalid argument: vcpu number out of range 2 > 2
	to slightly less confusing:
	error: invalid argument: vcpu number out of range 2 > 1

	Make virDomainVcpuPinDel return void
	Before, it only returned -1 on failure to shrink the array.
	Since the switch to VIR_DELETE_ELEMENT in commit 2133441,
	it returns either 0 or 0.

2014-04-22  Ján Tomko  <jtomko@redhat.com>

	Properly free vcpupin info for unplugged CPUs
	Remove the pointer from def->cputune.vcpupin after unplugging
	the CPU and also free the bitmap contained in the structure
	by calling virDomainVcpuPinDel instead of VIR_FREE.

	Introduced by commit 0df1a79.

	This makes virDomainLookupVcpuPin redundant.

	https://bugzilla.redhat.com/show_bug.cgi?id=1088165

2014-04-22  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix typos in src/*
	Fix minor typos in source comments

2014-04-21  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among other patches, Natanael Copa contributed a fix for
	pyshmem_available when using musl libc that directly affects
	libvirt.

	* .gnulib: Update to latest, in part for musl libc compat.

2014-04-20  Wojciech Macek  <wma@semihalf.com>

	bhyve: domainCreateXML
	Implement bhyveDomainCreateXML function.

2014-04-18  Laine Stump  <laine@laine.org>

	docs: document that vfio is default for hostdev networks too
	When the default was changed from kvm to vfio, the documentation for
	hostdev and interface was changed, but the documentation in <network>
	was forgotten.

	Also document when the default was changed from "always kvm" to "vfio
	if available, else kvm" (1.0.5).

2014-04-18  Ján Tomko  <jtomko@redhat.com>

	Remove QEMU_CAPS_MACHINE_USB_OPT from ComputeCmdFlags
	The version check is for >=1.3.0, but ComputeCmdFlags
	is only called for QEMU <1.2.0.

2014-04-18  Ján Tomko  <jtomko@redhat.com>

	Only set QEMU_CAPS_NO_HPET on x86
	QEMU only supports it on x86, but we've been assuming it for
	all QEMUs when doing QMP capability detection.

	https://bugzilla.redhat.com/show_bug.cgi?id=1066145

2014-04-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in virStorageFileGetMetadataRecurse()
	While running virstoragetest, valgrind pointed out the following
	memory leak:

	==8142== 2 bytes in 1 blocks are definitely lost in loss record 1 of 92
	==8142==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==8142==    by 0x4E7B53E: mdir_name (dirname-lgpl.c:78)
	==8142==    by 0x4CBE2B0: virStorageFileGetMetadataInternal (virstoragefile.c:595)
	==8142==    by 0x4CBE651: virStorageFileGetMetadataFromFDInternal (virstoragefile.c:1086)
	==8142==    by 0x4CBEEB4: virStorageFileGetMetadataRecurse (virstoragefile.c:1175)
	==8142==    by 0x4CBF1DE: virStorageFileGetMetadata (virstoragefile.c:1270)
	==8142==    by 0x4028AD: testStorageChain (virstoragetest.c:275)
	==8142==    by 0x407B91: virtTestRun (testutils.c:201)
	==8142==    by 0x4039D7: mymain (virstoragetest.c:534)
	==8142==    by 0x40830D: virtTestMain (testutils.c:789)
	==8142==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)

	...62 times

2014-04-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	qemu: Unlock the NWFilter update lock by leaving via the cleanup label
	Fix a locking problem by leaving the function via the cleanup label.

2014-04-16  John Ferlan  <jferlan@redhat.com>

	storage: netfs: Handle backend errors
	Commit id '18642d10' caused a virt-test regression for NFS backend
	storage error path checks when running the command:

	    'virsh find-storage-pool-sources-as netfs Unknown  '

	when the host did not have Gluster installed. Prior to the commit,
	the test would fail with the error:

	    error: internal error: Child process (/usr/sbin/showmount --no-headers
	    --exports Unknown) unexpected exit status 1: clnt_create: RPC: Unknown host

	After the commit, the error would be ignored, the call would succeed,
	and an empty list of pool sources returned. This was tucked into the
	commit message as an expected outcome.

	When the target host does not have a GLUSTER_CLI this is a regression
	over the previous release. Furthermore, even if Gluster CLI was present,
	but had a failure to get devices, the API would return a failure even if
	the NFS backend had found devices.

	Modify the logic to return failure when the NFS backend check fails and
	there's no GLUSTER_CLI or when both backend checks fail.

	If either returns success and GLUSTER_CLI is defined, then fetch and return
	a list of source devices even if it's empty

2014-04-16  Eric Blake  <eblake@redhat.com>

	conf: fix omission of <driver> in domain dumpxml
	I noticed that depending on the <driver> attributes the user passed
	in, the output may omit the <driver> element altogether.  For example,
	the rerror_policy has had this problem since commit 4bb4109 in Oct
	2011.  But in adding testsuite coverage to expose it, I found another
	problem: the C code is just fine without a driver name, but the
	XML validator required either a name or a cache mode.

	* src/conf/domain_conf.c (virDomainDiskDefFormat): Update
	conditional.
	* docs/schemas/domaincommon.rng (diskDriver): Simplify.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-copy-on-read.args:
	New files.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
	Enhance test.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
	Likewise.
	* tests/qemuxml2argvtest.c (mymain): New test.
	* tests/qemuxml2xmltest.c (mymain): Likewise.

2014-04-16  Eric Blake  <eblake@redhat.com>

	conf: split <disk> schema into more pieces
	To make <disk> schema more maintainable and to allow for moving the
	pieces to a common file in the future. It relies on the ability to
	override definitions as part of an include, set up in the previous
	patch.

	The diff is a bit hard to read, because it mixes reindentation
	with refactoring; 'git diff -b --patience' may help.

	* docs/schemas/domaincommon.rng (disk): Refactor into pieces.
	(diskSource, diskSourceFile, diskSourceBlock, diskSourceDir)
	(diskSourceVolume: New defines.
	(diskSourceNetwork): Revise scope.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Adjust.
	* tests/domainsnapshotxml2xmlin/disk-seclabel-invalid.xml,
	tests/domainsnapshotxml2xmlin/disk-network-seclabel-invalid.xml: New
	tests to check seclabel is forbidden in domain snapshot by schema.

2014-04-15  Eric Blake  <eblake@redhat.com>

	conf: set up for per-grammar overrides in schemas
	This patch is my first experience playing with nested grammars,
	as documented in http://relaxng.org/tutorial-20011203.html#IDA3PZR.
	I plan on doing more overrides in order to make the RelaxNG
	grammar mirror the C code refactoring into a common
	virStorageSource, but where different clients of that source do
	not support the same subset of functionality.  By starting with
	something fairly easy to validate, I can make sure my later
	patches will be possible.

	This patch adds a use of the no-op <ref
	name='sourceStartupPolicy'/> to the disksnapshot definition, so
	that the snapshot version of a type='file' <source> more closely
	resembles the version in domaincommon.  A future patch will merge
	the two files into using a common define, but this patch is
	sufficient for testing that adding <source
	startupPolicy='optional'/> in any of the
	tests/domainsnapshotxml2xmlin/*.xml files still gets rejected
	unless it occurs within the <domain> subelement, because the
	definition of startupPolicy is empty outside of domain.rng.

	* docs/schemas/storagecommon.rng (storageStartupPolicy)
	(storageSourceExtra): Create no-op defaults.
	* docs/schemas/domainsnapshot.rng (domain): Use nested grammar
	to avoid restricting <domain>.
	(storageSourceExtra): Create new override.
	(disksnapshot): Access overrides through common names.
	* docs/schemas/domaincommon.rng (disk): Access overrides through
	common names.
	* docs/schemas/domain.rng (storageStartupPolicy)
	(storageSourceExtra): Create new overrides.

2014-04-15  Eric Blake  <eblake@redhat.com>

	conf: restrict external snapshots to backing store formats
	Domain snapshots should only permit an external snapshot into
	a storage format that permits a backing chain, since the new
	snapshot file necessarily must be backed by the existing file.
	The C code for the qemu driver is a little bit stricter in
	currently enforcing only qcow2 or qed, but at the XML parser
	level, including virt-xml-validate, it is fairly easy to
	enforce that a user can't request a 'raw' external snapshot.

	* docs/schemas/storagecommon.rng (storageFormat): Split out...
	(storageFormatBacking): ...new sublist.
	* docs/schemas/domainsnapshot.rng (disksnapshotdriver): Use new
	type.
	* src/util/virstoragefile.h (virStorageFileFormat): Rearrange for
	easier code management.
	* src/util/virstoragefile.c (virStorageFileFormat, fileTypeInfo):
	Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML): Use
	new marker to limit selection of formats.

2014-04-15  Eric Blake  <eblake@redhat.com>

	conf: move storage formats to common RNG file
	We had incomplete RelaxNG support for storage formats listed
	in virstoragefile.h: commit 027bf2e added 'vdi' but forgot
	to update the <volume> and <domain> xml lists; the <volume>
	list was also missing 'fat' and 'vhd'.  Maintaining two lists
	is a recipe for them getting out of sync, so make the list
	common so that both contexts benefit the next time we add a
	format in a single location.

	* docs/schemas/domaincommon.rng (storageFormat): Move...
	* docs/schemas/storagecommon.rng: ...here, and add vdi.
	* docs/schemas/storagevol.rng (formatfile): Use common list.

2014-04-15  Eric Blake  <eblake@redhat.com>

	conf: better <disk> interleaving in schema
	In general, we try to make virt-xml-validate tolerant of input
	elements in any order when possible.  However, as written, the
	RNG grammar did not permit <source> unless there was an explicit
	type= attribute (even though the C code manages just fine by
	defaulting to type='file').  After making the attribute optional
	on the 'file' branch, I noticed that the use of diskspec was now
	redundant with the branch when no <source> was supplied.

	View this patch with 'git diff -b' for a better picture of the
	schema change.

	* docs/schemas/domaincommon.rng (disk): Hoist 'diskspec' out of
	choice, make type='file' default, and still preserve interleave.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool.xml:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-discard.xml:
	New files.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-discard.xml:
	Reorder XML.
	* tests/qemuxml2xmltest.c (mymain): Cover new files.

2014-04-14  Ján Tomko  <jtomko@redhat.com>

	Fix virsystemdtest without SYSTEMD_DAEMON
	Commit 4897698 fixed the build without dbus by only building
	the virSystemdPMSupportTarget with SYSTEMD_DAEMON.

	Introduce a virDBusMessageUnref wrapper for dbus_message_unref
	to let virsystemd.c build without dbus, while still allowing
	virsystemdtest to run without SYSTEM_DAEMON.

2014-04-14  Martin Kletzander  <mkletzan@redhat.com>

	build: Don't use code with dbus_message_unref when built without dbus
	In order to do that, virNodeSuspendSupportsTargetPMUtils() and
	virSystemdPMSupportTarget() are created even when pm-utils and dbus
	are compiled out, respectively, but in that case returning -2 meaning
	"unavailable" (this return code was already used for unavailability
	before).  Error is reported in virNodeSuspendSupportsTarget() only if
	both functions returned -2, otherwise the error (or success) is properly
	propagated up the stack.

2014-04-14  Eric Blake  <eblake@redhat.com>

	conf: create common storage RNG grammar file
	Having two tiny files with a couple definitions didn't make
	as much sense as one common file, especially since I plan to
	add more definitions and use it in more places.

	* docs/schemas/storageencryption.rng: Merge this...
	* docs/schemas/storagefilefeatures.rng: ...and this, into...
	* docs/schemas/storagecommon.rng: ...this new file.
	* docs/schemas/Makefile.am (schema_DATA): Reflect renames.
	* docs/schemas/storagevol.rng: Likewise.
	* docs/schemas/domaincommon.rng: Likewise.
	* libvirt.spec.in: Likewise.
	* mingw-libvirt.spec.in: Likewise.

2014-04-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overflow when setting migration speed
	When passing migration bandwidth to QEMU, we multiply it by 1024 * 1024
	to convert the speed to B/s and the result still needs to fit in
	int64_t.

	https://bugzilla.redhat.com/show_bug.cgi?id=1083483

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: delete internal directory field
	Another field no longer needed, getting us one step closer to
	merging virStorageFileMetadata and virStorageSource.

	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Alter signature.
	(virStorageFileFreeMetadata, virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFD): Adjust clients.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: tweak chain lookup internals
	Thanks to the testsuite, I feel quite confident that this rewrite
	is correct; it gives the same results for all cases except for one.
	I can make the argument that _that_ case was a pre-existing bug:
	when looking up relative names, the lookup is supposed to be
	pegged to the directory that contains the parent qcow2 file.  Thus,
	this resolves the fixme first mentioned in commit 367cd69 (even
	though I accidentally removed the fixme comment early in 74430fe).

	* src/util/virstoragefile.c (virStorageFileChainLookup): Depend on
	new rather than old fields.
	* tests/virstoragetest.c (mymain): Adjust test to match fix.

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: drop redundant parameter to chain lookup
	The original chain lookup code had to pass in the starting name,
	because it was not available in the chain.  But now that we have
	added fields to the struct, this parameter is redundant.

	* src/util/virstoragefile.h (virStorageFileChainLookup): Alter
	signature.
	* src/util/virstoragefile.c (virStorageFileChainLookup): Adjust
	handling of top of chain.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Adjust caller.
	* tests/virstoragetest.c (testStorageLookup, mymain): Likewise.

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: report error on chain lookup failure
	The chain lookup function was inconsistent on whether it left
	a message in the log when looking up a name that is not found
	on the chain (leaving a message for OOM or if name was
	relative but not part of the chain), and could litter the log
	even when successful (when name was relative but deep in the
	chain, use of virFindBackingFile early in the chain would complain
	about a file not found).  It's easier to make the function
	consistently emit a message exactly once on failure, and to let
	all callers rely on the clean semantics.

	* src/util/virstoragefile.c (virStorageFileChainLookup): Always
	report error on failure.  Simplify relative lookups.
	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Avoid
	overwriting error.

2014-04-12  Eric Blake  <eblake@redhat.com>

	util: new virFileRelLinkPointsTo function
	When checking if two filenames point to the same inode (whether
	by hardlink or symlink), sometimes one of the names might be
	relative.  This convenience function makes it easier to check.

	* src/util/virfile.h (virFileRelLinkPointsTo): New prototype.
	* src/util/virfile.c (virFileRelLinkPointsTo): New function.
	* src/libvirt_private.syms (virfile.h): Export it.
	* src/xen/xm_internal.c (xenXMDomainGetAutostart): Use it.

2014-04-12  Eric Blake  <eblake@redhat.com>

	conf: test backing chain lookup
	I realized that we had no good test coverage of looking up a
	name from within a backing chain, even though code like
	block-commit is relying on it.

	* tests/virstoragetest.c (testStorageLookup): New function.
	(mymain): New tests.

2014-04-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Introduce --without-pm-utils to get rid of pm-is-supported dependency
	This uses the dbus api of systemd to check the power management
	capabilities of the node.

2014-04-11  Eric Blake  <eblake@redhat.com>

	tests: drop dead code from argv2xml and xml2xml
	Noticed while tweaking the RelaxNG grammar for <disk> elements.

	* tests/qemuxml2xmloutdata/qemuxml2xmlout-numad-static-vcpu-no-numatune.xml:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-cdrom-empty.xml:
	Drop unused files.
	* tests/qemuargv2xmltest.c (testInfo, DO_TEST_FULL): Drop unused
	field.

2014-04-11  Wojciech Macek  <wma@semihalf.com>

	bhyve: fix domain management
	When domain is not persistent, it should be forgotten upon destroying.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: delete useless backingStoreFormat field
	Drop another redundant field from virStorageFileMetadata.

	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c
	(virStorageFileGetMetadataFromFDInternal)
	(virStorageFileGetMetadataFromFD)
	(virStorageFileGetMetadataRecurse): Adjust callers.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: return backing information separately from metadata
	A couple pieces of virStorageFileMetadata are used only while
	collecting information about the chain, and don't need to
	live permanently in the struct.  This patch refactors external
	callers to collect the information separately, so that the
	next patch can remove the fields.

	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	Alter signature.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Likewise.
	(virStorageFileGetMetadataFromFDInternal): Adjust callers.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: delete useless backingStoreIsFile field
	Finally starting to prune away some of the old fields that have
	been made redundant by the new fields, on my way towards directly
	reusing virStorageSource.

	* src/util/virstoragefile.h (_virStorageFileMetadata): Drop
	field.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileChainLookup): Adjust callers.
	* tests/virstoragetest.c (_testFileData, testStorageChain)
	(mymain): Simplify test.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: expose probe for non-local storage
	Deciding if a user string represents a local file instead of a
	network path is an operation worth exposing directly, particularly
	since the next patch will be removing a redundant variable that
	was caching the information.

	* src/util/virstoragefile.h (virStorageIsFile): New declaration.
	* src/util/virstoragefile.c (virBackingStoreIsFile): Rename...
	(virStorageIsFile): ...export, and allow NULL input.
	(virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataRecurse, virStorageFileGetMetadata):
	Update callers.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Use it.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/libvirt_private.syms (virstoragefile.h): Export function.

2014-04-11  Eric Blake  <eblake@redhat.com>

	conf: provide details on network backing store
	So far, my work has been merely preserving the status quo of
	backing file analysis.  But this patch starts to tread in the
	territory of making the backing chain code more powerful - we
	will eventually support network storage containing non-raw
	formats.  Here, we expose metadata information about a network
	backing store, even if that information is still hardcoded to
	a raw format for now.

	* src/util/virstoragefile.c (virStorageFileGetMetadataRecurse):
	Also populate struct for non-file backing.
	(virStorageFileGetMetadata, virStorageFileGetMetadatainternal):
	Recognize non-file top image.
	(virFindBackingFile): Add comment.
	(virStorageFileChainGetBroken): Adjust comment, ensure output
	is set.
	* tests/virstoragetest.c (mymain): Update test to reflect it.

2014-04-10  Eric Blake  <eblake@redhat.com>

	conf: make virstoragetest debug easier
	I'm tired of alternating between test failures due to bugs in
	my refactoring work, vs. test failures due to leftovers in
	the file system from the previous test.  This patch has no
	impact when the testsuite is successful, but doeesn't hurt either.

	* tests/virstoragetest.c (testPrepImages): Clean up from prior
	failed test.

2014-04-10  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Properly check input parameters
	Most of the APIs in CPU driver do not expect to get NULL for input
	parameters. Let's mark them with ATTRIBUTE_NONNULL and also check for
	some members of virCPUDef when the APIs expect them have some specific
	values.

	cpu: Add documentation for CPU driver APIs

2014-04-10  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix systemd test with --without-driver-modules
	Every test that makes use of virmock.h (only virsystemdtest as of now)
	needs to be linked with -export-dynamic to make sure the LD_PRELOADed
	mock library can access its wrap_* symbols. Normally,
	DRIVER_MODULE_LDFLAGS variable contains -export-dynamic but when
	--without-driver-modules configure option is used, DRIVER_MODULE_LDFLAGS
	is empty.

	This patch turns on -export-dynamic for all tests unconditionally
	regardless on --without-driver-modules. This fixes virsystemdtest and
	all future users of virmock.h.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Fix build on mingw32
	My commit 897808e added a parameter to virCgroupGetPercpuStats,
	but didn't change the stub for systems where cgroups are not supported.

2014-04-09  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Fix comment of vshCmdInfo
	The original comment of vshCmdInfo:
	"name" - command name

	Actually it's 'help' and the short description
	of command, not the command name.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Clean up virCgroupGetPercpuStats
	The iterator is checked for being less than or equal to need_cpus.
	The 'n' variable is incremented need_cpus + 1 times.

	Simplify the computation of need_cpus and make its value one larger,
	to let it be used instead of 'n' and compared without the equal sign
	in loop conditions.

	Just index the sum_cpu_time array instead of using a helper variable.

	Start the loop at start_cpu instead of continuing for all lower values.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Check maximum startcpu value correctly
	The cpus are indexed from 0, so a startcpu value equal
	to the number of CPUs is invalid.

	https://bugzilla.redhat.com/show_bug.cgi?id=1070680

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Rename id, max_id to need_cpus, total_cpus
	total_cpus is the total number of CPUs on the host
	need_cpus is the number of CPUs we need to look at

	(need_cpus can be larger than ncpus, because we need to look
	 at CPUs before the startcpu too, even if we aren't reporting
	 their stats)

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Extend virCgroupGetPercpuStats to fill in vcputime too
	Currently, virCgroupGetPercpuStats is only used by the LXC driver,
	filling out the CPUTIME stats. qemuDomainGetPercpuStats does this
	and also filles out VCPUTIME stats.

	Extend virCgroupGetPercpuStats to also report VCPUTIME stats if
	nvcpupids is non-zero. In the LXC driver, we don't have cpupids.
	In the QEMU driver, there is at least one cpupid for a running domain,
	so the behavior shouldn't change for QEMU either.

	Also rename getSumVcpuPercpuStats to virCgroupGetPercpuVcpuSum.

2014-04-09  Ján Tomko  <jtomko@redhat.com>

	Fix return value of virCgroupGetPercpuStats
	We need to return the number of successfully populated stats,
	not the nparams supplied by the user.

	Don't require domain obj in qemuDomainGetPercpuStats
	All we need is the virCgroupPtr and number of vcpupids.
	This will allow the function to be moved to util/vircgroup.c.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: test for more fields
	Validate that all the new fields are getting set to desired values.

	* tests/virstoragetest.c (_testFileData, testStorageChain): Check
	for more fields.
	(mymain): Populate additional fields.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: start testing contents of the new backing chain fields
	The testsuite is absolutely essential to feeling comfortable
	about swapping the backing chain structure over to a new format.
	This patch tests the path settings, and demonstrates that the
	correct short name is being passed to the child.

	* tests/virstoragetest.c (testStorageChain): Test path.
	(mymain): Update expected data.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: track more fields in backing chain metadata
	The current use of virStorageFileMetadata is awkward; to learn
	some of the information about a child node, you have to read
	fields in the parent node.  This does not lend itself well to
	modifying backing chains (whether inserting a new node in the
	chain, or consolidating existing nodes); better would be to
	learn about a child node directly in that node.  This patch
	sets up some new fields which contain redundant information,
	although not necessarily in the final desired state for the
	new fields (see the next patch for actual tests of what is there
	now).  Then later patches will do any refactoring necessary to
	get the fields to their desired states, and update clients to
	get the information from the new fields, so we can finally
	delete the fields that are tracking information about the wrong
	node.

	More concretely, compare these three example backing chains:

	good <- one
	missing <- two
	gluster://server/vol/img <- three

	Pre-patch, querying the chains gives:
	{ .backingStore = "/path/to/good",
	  .backingStoreRaw = "good",
	  .backingStoreIsFile = true,
	  .backingStoreFormat = VIR_STORAGE_FILE_RAW,
	  .backingMeta = {
	    .backingStore = NULL,
	    .backingStoreRaw = NULL,
	    .backingStoreIsFile = false,
	    .backingMeta = NULL,
	  }
	}
	{ .backingStore = NULL,
	  .backingStoreRaw = "missing",
	  .backingStoreIsFile = false,
	  .backingStoreFormat = VIR_STORAGE_FILE_NONE,
	  .backingMeta = NULL,
	}
	{ .backingStore = "gluster://server/vol/img",
	  .backingStoreRaw = NULL,
	  .backingStoreIsFile = false,
	  .backingStoreFormat = VIR_STORAGE_FILE_RAW,
	  .backingMeta = NULL,
	}

	Deciding whether to ignore a missing backing file (as in virsh
	vol-dumpxml) or report an error (as in security manager sVirt
	labeling) requires reading multiple fields.  Plus, the format
	is hard-coded to treat all network protocols as end-of-the-chain,
	as if they were raw.  By the end of this patch series, the goal
	is to instead represent these three situations as:

	{ .path = "one",
	  .canonPath = "/path/to/one",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "good",
	  .backingMeta = {
	    .path = "good",
	    .canonPath = "/path/to/good",
	    .type = VIR_STORAGE_TYPE_FILE,
	    .format = VIR_STORAGE_FILE_RAW,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}
	{ .path = "two",
	  .canonPath = "/path/to/two",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "missing",
	  .backingMeta = NULL,
	}
	{ .path = "three",
	  .canonPath = "/path/to/three",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "gluster://server/vol/img",
	  .backingMeta = {
	    .path = "gluster://server/vol/img",
	    .canonPath = "gluster://server/vol/img",
	    .type = VIR_STORAGE_TYPE_NETWORK,
	    .format = VIR_STORAGE_FILE_RAW,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}

	or, for the second file, maybe also allowing:
	{ .path = "two",
	  .canonPath = "/path/to/two",
	  .type = VIR_STORAGE_TYPE_FILE,
	  .format = VIR_STORAGE_FILE_QCOW2,
	  .backingStoreRaw = "missing",
	  .backingMeta = {
	    .path = "missing",
	    .canonPath = NULL,
	    .type = VIR_STORAGE_TYPE_NONE,
	    .format = VIR_STORAGE_FILE_NONE,
	    .backingStoreRaw = NULL,
	    .backingMeta = NULL,
	  }
	}

	* src/util/virstoragefile.h (_virStorageFileMetadata): Add
	path, canonPath, relDir, type, and format fields.  Reorder
	existing fields, and add lots of comments.
	* src/util/virstoragefile.c (virStorageFileFreeMetadata): Clean
	new fields.
	(virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Start populating new
	fields.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: rename some test fields
	A later patch will be adding some new fields to
	virStorageFileMetadata; to minimize confusion, renaming the
	test fields now will make it more obvious which fields are
	being tested later.

	* tests/virstoragetest.c (_testFileData): Alter names.
	(testStorageChain, mymain): Adjust clients.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: earlier allocation during backing chain crawl
	Right now, we are allocating virStorageFileMetadata near the bottom
	of the callchain, only after we have identified that we are visiting
	a file (and not a network resource).  I'm hoping to eventually
	support parsing the backing chain from XML, where the backing chain
	crawl then validates what was parsed rather than allocating a fresh
	structure.  Likewise, I'm working towards a setup where we have a
	backing element even for networks.  Both of these use cases are
	easier to code if the allocation is hoisted earlier.

	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileGetMetadataFromFDInternal): Change signature.
	(virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataRecurse, virStorageFileGetMetadata):
	Update callers.

2014-04-09  Eric Blake  <eblake@redhat.com>

	conf: track user vs. canonical name through full chain lookup
	The previous patch started a separation of error messages
	reported against the user-specified name, vs. tracking the
	canonical path that was actually opened.  This patch extends
	that notion, by hoisting directory detection up front, passing
	the canonical path through the entire call chain, and
	simplifying lower-level functions that can now assume that
	a canonical path and directory have been supplied.

	* src/util/virstoragefile.c
	(virStorageFileGetMetadataFromFDInternal)
	(virStorageFileGetMetadataInternal): Add parameter, require
	directory.
	(virFindBackingFile): Require directory.
	(virStorageFileGetMetadataFromFD): Pass canonical path.
	(virStorageFileGetMetadataFromBuf): Likewise.
	(virStorageFileGetMetadata): Determine initial directory.

2014-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Unexport qemuBuildNetworkDriveURI()
	The function isn't used in any other file. Convert it to static.

2014-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuGetDriveSourceString to take virStorageSourcePtr
	Refactor the function to avoid multiple wrappers splitting identical
	fields from the now common metadata struct.

	The refactor is done by folding in the wrapper used for disk sources
	which allows us to lookup secrets via the secret driver. This may allow
	using stored secrets for snapshot disk images too in the future.

2014-04-09  Peter Krempa  <pkrempa@redhat.com>

	storage: Refactor location of metadata for storage drive access to files
	Now that we store all metadata about a storage image in a
	virStorageSource struct let's use it also to store information needed by
	the storage driver to access and do operations on the files.

	storage: Refactor storage file initialization to use virStorageSourcePtr
	Now that storage source metadata is stored in a single struct we don't
	need two initialization functions for different structs.

	conf: Refactor helpers to retrieve actual storage type
	Now that the storage source definition is uniform convert the helpers to
	retrieve the actual storage type to a single one.

2014-04-09  John Ferlan  <jferlan@redhat.com>

	storage: Don't update pool available/allocation if buildVol fails
	https://bugzilla.redhat.com/show_bug.cgi?id=1024159

	If adding a volume to a storage pool fails during the CreateXML or
	CreateXMLFrom API's, we don't want to adjust the available and
	allocation values for the storage pool during storageVolDelete
	since we haven't adjusted the values for the create.

	Refactor storageVolDelete() a bit to create a storageVolDeleteInternal()
	which will handle the primary deletion activities.  Add a parameter
	updateMeta which will signify whether to update the values or not.

	Adjust the calls from CreateXML and CreateXMLFrom to directly call the
	DeleteInternal with the pool lock held.  This does bypass the call
	to virStorageVolDeleteEnsureACL().

2014-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	build: avoid compiler warning on shadowed name
	Introduced in commit d1e55de3.
	virstoragetest.c: In function ‘testStorageChain’:
	virstoragetest.c:249:10: warning: declaration of ‘abs’ shadows a global
	declaration [-Wshadow]

2014-04-09  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: use virBhyveCapsBuild in bhyvexml2argv test
	As we can use virBhyveCapsBuild() now, replace
	testBhyveBuildCapabilities() with it.

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: another refactor of virstoragetest
	Another reduction in the number of structs I have to modify
	when I start tracking new fields in virStorageFileMetadata.

	* tests/virstoragetest.c (_testFileData): Add fields.
	(testStorageChain): Select between fields based on flag.
	(mymain): Record both absolute and relative expectations in one
	struct.

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: interleave virstoragetest structs
	As I add more tests, it's getting harder to follow the split between
	a struct in one place and a test using the struct in another.
	Interleaving the tests makes changes more localized, and also makes
	debugging easier when a test goes wrong during my refactoring work.

	* tests/virstoragetest.c (mymain): Modify structs as we go, rather
	than up-front.
	(testStorageChain): Make failure debugging easier.

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: test for more scenarios
	Part of the upcoming refactoring will change how broken chains
	are detected; it makes sense to test that this works.  In
	particular, test the just-fixed infinite loop detection bug.
	Also, make sure that detection of directories is sane.

	* tests/virstoragetest.c (testStorageChain): Enhance test.
	(mymain): Add more tests.
	(testCleanupImages, testPrepImages): Populate a directory.

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: fix detection of infinite backing loop
	While trying to refactor the backing file chain, I noticed that
	if you have a self-referential qcow2 file via a relative name:

	qemu-img create -f qcow2 loop 10M
	qemu-img rebase -u -f qcow2 -F qcow2 -b loop loop

	then libvirt was creating a chain 2 deep before realizing it
	had hit a loop; furthermore, virStorageFileChainCheckBroken
	was not identifying the chain as broken.  With this patch,
	the loop is detected when the chain is only 1 deep; still
	enough for storage volume XML to display the file, but now
	with a proper error report about where the loop was found.

	This patch adds a parameter to virStorageFileGetMetadataRecurse,
	so that errors at the top of the chain remain unchanged; messages
	issued for backing files now use the name provided by the user
	instead of the canonical name (for VDSM, which uses relative
	symlinks to device mapper block devices, this is actually more
	useful).

	* src/util/virstoragefile.c (virStorageFileGetMetadataRecurse):
	Add parameter, require canonical path up front.  Mark chain
	broken on OOM or loop detection.
	(virStorageFileGetMetadata): Pass in canonical name.

2014-04-08  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: set the driver version
	Since commit 7457cbe8 the vmware driver version isn't set anymore.

2014-04-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	tests: add bhyve xml2xml test
	The only implemented test for now is domain metadata test.

	bhyve: add domain metadata support
	Implement domainSetMetadata and domainGetMetadata driver calls.

2014-04-08  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix ATTRIBUTE_NONNULL usage
	Fix incorrect ATTRIBUTE_NONNULL usage introduced in 17b17565
	which caused build failure:

	bhyve/bhyve_driver.c:127:48: error: expected ')'
	bhyveDriverGetCapabilities(bhyveConnPtr driver ATTRIBUTE_NONNULL)
	                                               ^
	bhyve/bhyve_driver.c:127:27: note: to match this '('
	bhyveDriverGetCapabilities(bhyveConnPtr driver ATTRIBUTE_NONNULL)

	Pushed under the build breaker rule.

2014-04-08  Richard Weinberger  <richard@nod.at>

	LXC: Fix return code evaulation in lxcCheckNetNsSupport()
	Commit b9dd878f (util: make it easier to grab only regular command exit)
	changed the call semantics of virCommandRun() and therefore of virRun()
	too. But lxcCheckNetNsSupport() was not updated.
	As consequence of this lxcCheckNetNsSupport always failed and broke LXC.

2014-04-08  Ján Tomko  <jtomko@redhat.com>

	Fix incorrect values in redirdev ABI check error
	My commit c9123fb introduced this copy-and-paste error.

2014-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Use a static initializer for static mutexes
	Now that we ditched our custom pthread impl for Win32, we can
	use PTHREAD_MUTEX_INITIALIZER for static mutexes. This avoids
	the need to use a virOnce one-time global initializer in a
	number of places.

	Add syntax check to validate capitalization of abbreviations
	Use a syntax-check rule to force PCI, USB and SCSI instead
	of Pci, Usb and Scsi.

	Replace Pci with PCI throughout
	Since it is an abbreviation, PCI should always be fully
	capitalized or full lower case, never Pci.

	Replace Usb with USB throughout
	Since it is an abbreviation, USB should always be fully
	capitalized or full lower case, never Usb.

	Replace Scsi with SCSI throughout
	Since it is an abbreviation, SCSI should always be fully
	capitalized or full lower case, never Scsi.

	Switch systemd test to use generic dbus mock
	Remove the virsystemdmock.la library and instead make use
	of the shared virmockdbus.la library

	Create a re-usable DBus LD_PRELOAD mock library
	A number of test suites want to mock the DBus APIs. To avoid
	re-inventing the wheel create a re-usable virmockdbus.la
	library for LD_PRELOAD usage.

	Introduce a new set of helper macros for mocking symbols
	Introduce virmock.h which provides some macros to assist in
	creation of LD_PRELOAD overrides. When these are used, the
	LD_PRELOAD code simply has some stubs which forward to a
	wrapper function inside the main test case. This means that
	logic for the test no longer has to be split between the
	virXXXtest.c and virXXXmock.c files. It will also make it
	possible to provide some common reusable modules for mocking
	code like DBus.

2014-04-08  Wangrui (K)  <moon.wangrui@huawei.com>

	virNetDev{Replace,Restore}MacAddress: Fix memory leak
	Functions virNetDevRestoreMacAddress() and virNetDevRestoreMacAddress()
	allocate memory for variable @path using virAsprintf(), but they
	haven't freed that memory before returning out.

2014-04-08  Michal Privoznik  <mprivozn@redhat.com>

	bhyveConnectGetCapabilities: Fix double caps unref
	At the beginning of the function we gain a reference to the driver
	capabilities. Then, we call format function (*) which if failed, unref
	over caps is called. Then, at the end another unref occurs.

	* - Moreover, the format was not called over gained caps, but over
	privconn->caps directly which is not allowed anymore.

2014-04-08  Michal Privoznik  <mprivozn@redhat.com>

	Simplify bhyveDriverGetCapabilities()
	The driver passed as the only argument to the function should never be
	NULL so there's no need to check it. After removing it, the whole
	function collapses to a single line doing ref over driver
	capabilities.

	bhyve_capabilities: Add Semihalf to Copyright
	Since b15a2bbd we have the new bhyve_capabilities.[ch] files.
	However, the copyright is held by both Roman and Semihalf.

2014-04-08  Guido Günther  <agx@sigxcpu.org>

	tests: Don't crash when creating the config object fails
	As observed when building in a chroot and QEMU_USER doesn't exist

2014-04-08  Guido Günther  <agx@sigxcpu.org>

	tests: link against libxml2
	to avoid

	CCLD     storagevolxml2argvtest
	/usr/bin/ld: ../src/.libs/libvirt_driver_storage_impl.a(libvirt_driver_storage_impl_la-storage_backend.o): undefined reference to symbol 'xmlFreeDoc@@LIBXML2_2.4.30'
	//usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line

2014-04-08  Eric Blake  <eblake@redhat.com>

	conf: avoid memleak on NULL path
	I noticed that the apparmor code could request metadata even
	for a cdrom with no media, which would cause a memory leak of
	the hash table used to look for loops in the backing chain.
	But even before that, we blindly dereferenced the path for
	printing a debug statement, so it is just better to enforce
	that this is only used on non-NULL names.

	* src/util/virstoragefile.c (virStorageFileGetMetadata): Assume
	non-NULL path.
	* src/util/virstoragefile.h: Annotate this.
	* src/security/virt-aa-helper.c (get_files): Fix caller.

2014-04-07  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc conf2xml: don't let current vcpus at 0: define won't like it

2014-04-07  Wojciech Macek  <wma@semihalf.com>

	bhyve: connectCompareCPU support
	Implement support for connectCompareCPU.

	bhyve: create capabilities submodule
	- Move all capabilities functions to separate file
	- Add initCPU

	bhyve: support for connectBaselineCPU
	Implement bhyveConnectBaselineCPU to support OpenStack/Nova

2014-04-07  Laine Stump  <laine@laine.org>

	interface: dump inactive xml when interface isn't active
	Other drivers in libvirt (e.g. network, qemu) will automatically
	return the "inactive" (persistent configuration) XML of an object when
	that object is inactive. The netcf backend of the interface driver
	would always try to return the live status XML of the interface, even
	when it was down. Although netcf does return valid XML in that case,
	for bond interfaces it is missing almost all of its content, including
	the <bond> subelement itself, leading to this error message from
	"virsh iface-dumpxml" of a bond interface that is inactive:

	  error: XML error: bond interface misses the bond element

	(this is because libvirt's validation of the XML returned by netcf
	always requires a <bond> element be present).

	This patch modifies the interface driver netcf backend to check if the
	interface is inactive, and in that case always return the inactive XML
	(which will always have a <bond> element, thus eliminating the error
	message, as well as making operation more in line with other drivers.

	This fixes the following bug:

	  https://bugzilla.redhat.com/show_bug.cgi?id=878394

2014-04-07  Eric Blake  <eblake@redhat.com>

	hash: add common utility functions
	I almost wrote a hash value free function that just called
	VIR_FREE, then realized I couldn't be the first person to
	do that.  Sure enough, it was worth factoring into a common
	helper routine.

	* src/util/virhash.h (virHashValueFree): New function.
	* src/util/virhash.c (virHashValueFree): Implement it.
	* src/util/virobject.h (virObjectFreeHashData): New function.
	* src/libvirt_private.syms (virhash.h, virobject.h): Export them.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit): Use
	common function.
	* src/qemu/qemu_capabilities.c (virQEMUCapsCacheNew): Likewise.
	* src/qemu/qemu_command.c (qemuDomainCCWAddressSetCreate):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorGetBlockInfo): Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
	* src/util/virclosecallbacks.c (virCloseCallbacksNew): Likewise.
	* src/util/virkeyfile.c (virKeyFileParseGroup): Likewise.
	* tests/qemumonitorjsontest.c
	(testQemuMonitorJSONqemuMonitorJSONGetBlockInfo): Likewise.

2014-04-07  Jincheng Miao  <jmiao@redhat.com>

	tests: build viridentitytest only WITH_ATTR.
	Commit d7c4e0036 assumed all SELinux tests depended upon
	securityselinuxhelper need xattr support, but forgot to
	move viridentitytest under WITH_ATTR.

	Reported-by: Nehal J Wani <nehaljw.kkd1@gmail.com>

2014-04-07  Peter Krempa  <pkrempa@redhat.com>

	maint: Correctly detect wether "gluster" cli tool is accessible
	The configure definition previously always defined the GLUSTER_CLI macro
	and thus the code needing it wasn't compiled out if the tool wasn't
	accessible.

2014-04-07  Guido Günther  <agx@sigxcpu.org>

	libvirt-guests: avoid bashism
	At least Debian uses dash to run the init scripts

2014-04-07  Antoni S. Puimedon  <asegurap@redhat.com>

	QoS: make tc filters match all traffic
	Up until now the traffic control filters for the vNIC QoS were
	matching only ip traffic. For egress traffic that was unnoticed
	because the unmatched traffic would just go to the default htb class
	and be shaped anyway. For ingress, though, since the policing of the
	rate is done by the filter itself.

	The problem is solved by changing protocol to all and making anything
	match the filter.

	Bug-Url: https://bugzilla.redhat.com/1084444

2014-04-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add xml2argv tests for console

2014-04-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add console support through nmdm device
	nmdm is a FreeBSD driver which allows to create a pair of tty
	devices one of which is passed to the guest and second is used
	by the client.

	This patch adds new 'nmdm' character device type. Its definition
	looks this way:

	<serial type='nmdm'>
	  <source master='/dev/nmdm0A' slave='/dev/nmdm0B'/>
	</serial>

	Master is passed to the hypervisior and slave is used for client
	connection.

	Also implement domainOpenConsole() for bhyve driver based on that.

2014-04-05  David Shane Holden  <dpejesh@yahoo.com>

	bhyve: domain autostart support

2014-04-04  Eric Blake  <eblake@redhat.com>

	conf: track when storage type is still undetermined
	Right now, virStorageFileMetadata tracks bool backingStoreIsFile
	for whether the backing string specified in metadata can be
	resolved as a file (covering both block and regular file
	resources) or is treated as a network protocol.  But when
	merging this struct with virStorageSource, it will be easier
	to just actually track which type of resource it is, as well
	as have a reserved value for the case where the resource type
	is unknown (or had an error during probing).

	* src/util/virstoragefile.h (virStorageType): Add a placeholder
	value, swap order to match similar public enum.
	* src/util/virstoragefile.c (virStorage): Update string mapping.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskDefParseXML, virDomainDiskDefFormat)
	(virDomainDiskSourceFormat): Adjust clients.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML):
	Likewise.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/qemu/qemu_command.c (qemuGetDriveSourceString): Likewise.

2014-04-04  Eric Blake  <eblake@redhat.com>

	tests: refactor virstoragetest for less stack space
	I'm about to add fields to virStorageFileMetadata, which means
	also adding fields to the testFileData struct in virstoragetest.
	Alas, adding even one pointer on an x86_64 machine gave me a
	dreaded compiler error:

	virstoragetest.c:712:1: error: the frame size of 4208 bytes is larger than 4096 bytes [-Werror=frame-larger-than=]

	After some experimentation, I realized that each test was creating
	yet another testChainData (which contains testFileData) on the stack;
	forcing the reuse of one of these structures instead of creating a
	fresh one each time drastically reduces the size requirements.  While
	at it, I also got rid of a lot of intermediate structs, with some
	macro magic that lets me directly build up the destination chains
	inline.

	For a bit more insight into what this patch does:
	The old code uses an intermediate variable as a fixed-size array
	of structs:
	testFileData chain[] = { a, b };
	data.files = chain;

	In the new code, the use of VIR_FLATTEN_* allows the TEST_CHAIN()
	macro to still take a single argument for each chain, but now of
	the form '(a, b)', where it is turned into the var-args 'a, b'
	multiple arguments understood by TEST_ONE_CHAIN().  Thus, the
	new code avoids an intermediate variable, and directly provides
	the list of pointers to be assigned into array elements:
	data.files = { &a, &b };

	* tests/virstoragetest.c (mymain): Rewrite TEST_ONE_CHAIN to
	reuse the same struct for each test, and to take the data
	inline rather than via intermediate variables.
	(testChainData): Use bounded array of pointers instead of
	unlimited array of struct.
	(testStorageChain): Reflect struct change.

2014-04-04  Eric Blake  <eblake@redhat.com>

	tests: use C99 initialization for storage test
	Writing this test with C99 initializers will make it easier to test
	additions and deletions to struct members as I refactor the code.

	* tests/virstoragetest.c (mymain): Rewrite initializers.

2014-04-04  John Ferlan  <jferlan@redhat.com>

	NFS storage pool: Fix libvirtd crash due to refactor edit
	Commit id '18642d10' refactored the call to virCommandRunRegex()
	inside a new function virStorageBackendFileSystemNetFindNFSPoolSources(),
	but the cut-n-paste didn't remove the "&state".  Now that state is passed
	by reference, it results in a libvirtd core with a messages entry:

	"...internal error: unknown storage pool type Unknow"

2014-04-04  Olivia Yin  <Hong-Hua.Yin@freescale.com>

	Define CPUINFO_FILE_LEN and fix maxlen of cpuinfo file for all uses
	For example, the file /proc/cpuinfo for 24 cores PowerPC platform is larger than
	the previous maximum size 2KB.
	It will fail to start libvirtd with the error message as below:
	virFileReadAll: Failed to read file '/proc/cpuinfo': Value too large for defined
	data type
	virSysinfoRead: internal error Failed to open /proc/cpuinfo

	This patch defines CPUINFO_FILE_LEN as 10KB which is enough for most architectures.

2014-04-04  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in daemon/libvirtd.c
	Fixes leak introduced by e562e82f

	==4937== 64 bytes in 1 blocks are definitely lost in loss record 270 of 405
	==4937==    at 0x4A06BE0: realloc (vg_replace_malloc.c:662)
	==4937==    by 0x6FA41C4: __vasprintf_chk (vasprintf_chk.c:90)
	==4937==    by 0x50C8D29: virVasprintfInternal (stdio2.h:199)
	==4937==    by 0x50C8E3A: virAsprintfInternal (virstring.c:362)
	==4937==    by 0x11D01A: main (libvirtd.c:1170)

2014-04-03  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Set disk format for empty cdrom device
	The XML config for a CDROM device can be without a source path,
	indicating that there is no media present. Without this change
	the libxl driver fails to start a guest in that case because
	the libxl library checks for the LIBXL_DISK_FORMAT_EMPTY format
	type and tries to stat the NULL pointer that gets passed on.

	> libxl: error: libxl_device.c:265:libxl__device_disk_set_backend:
	> Disk vdev=hdc failed to stat: (null): Bad address

2014-04-03  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Use id from virDomainObj inside the driver
	There is a domain id in the virDomain structure as well as in the
	virDomainObj structure. While the former can become stale the latter
	is kept up to date. So it is safer to always (virDomainObjPtr)->def->id
	internally.

	This will fix issues seen when managing Xen guests through libvirt from
	virt-manager (not being able to get domain info after define or reboot).
	This was caused both though libxlDomainGetInfo() only but there were
	a lot of places that might potentially cause issues, too.

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Add redirdevs to ABI stability check
	Check the bus, type of the source device (tcp vs. spicevmc)
	and the device address visible in the guest.

	https://bugzilla.redhat.com/show_bug.cgi?id=1035128

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Use the force flag for mkfs -t xfs
	Without this, building an XFS pool on a formatted partition
	fails with --overwrite.

	https://bugzilla.redhat.com/show_bug.cgi?id=927172

2014-04-03  Li Yang  <liyang.fnst@cn.fujitsu.com>

	virsh: Make 'exit' action same as 'quit'
	For now 'virsh quit' action like this:
	--------------------------------
	[root@localhost /]# virsh quit
	[root@localhost /]#
	--------------------------------
	And 'virsh exit' action:
	--------------------------------
	[root@localhost /]# virsh exit

	[root@localhost /]#
	--------------------------------
	There is a small difference('/n') between them.
	According to manual said:
	       quit, exit
	           quit this interactive terminal

	And in the code they all called cmdQuit func,
	They should get same actions.

2014-04-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: make sure agent returns error when required data are missing
	Commit 5b3492fa aimed to fix this and caught one error but exposed
	another one.  When agent command is being executed and the thread
	waiting for the reply is woken up by an event (e.g. EOF in case of
	shutdown), the command finishes with no data (rxObject == NULL), but
	no error is reported, since this might be desired by the caller
	(e.g. suspend through agent).  However, in other situations, when the
	data are required (e.g. getting vCPUs), we proceed to getting desired
	data out of the reply, but none of the virJSON*() functions works well
	with NULLs.  I chose the way of a new parameter for qemuAgentCommand()
	function that specifies whether reply is required and behaves
	according to that.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1058149

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Include PCI address in the error in virDomainNetFindIdx
	When looking up a net device by a MAC and PCI address, it is possible
	that we've got a match on the MAC address but failed to match the
	PCI address.

	In that case, outputting just the MAC address can be confusing.

	Partially resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=872028

2014-04-03  Ján Tomko  <jtomko@redhat.com>

	Move error reporting into virDomainNetFindIdx
	Every caller checked the return value and logged an error
	- one if no device with the specified MAC was found,
	other if there were multiple devices matching the MAC address
	(except for qemuDomainUpdateDeviceConfig which logged the same
	 message in both cases).

	Move the error reporting into virDomainNetFindIdx, since in both cases,
	we couldn't find one single match - it's just the error messages that
	differ.

2014-04-03  Eric Blake  <eblake@redhat.com>

	tests: simplify storage test cleanup
	No need to spawn a child 'rm' process when we can do it ourselves.

	* tests/virstoragetest.c (testCleanupImages): Use dedicated
	helper.

2014-04-02  Cole Robinson  <crobinso@redhat.com>

	storage: Report error from VolOpen by default
	Currently VolOpen notifies the user of a potentially non-fatal failure by
	returning -2 and logging a VIR_WARN or VIR_INFO. Unfortunately most
	callers treat -2 as fatal but don't actually report any message with
	the error APIs.

	Rename the VOL_OPEN_ERROR flag to VOL_OPEN_NOERROR. If NOERROR is specified,
	we preserve the current behavior of returning -2 (there's only one caller
	that wants this).

	However in the default case, only return -1, and actually use the error
	APIs. Fix up a couple callers as a result.

2014-04-02  Ján Tomko  <jtomko@redhat.com>

	Fix coverity-reported leak in virSecurityManagerGenLabel
	Coverity complains about a possible leak of seclabel if
	!sec_managers[i]->drv->domainGenSecurityLabel is true
	and the seclabel might be overwritten by the next iteration
	of the loop.

	This leak should never happen, because every security driver
	has domainGenSecurityLabel defined.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: modify tracking of encrypted images
	A future patch will merge virStorageFileMetadata and virStorageSource,
	but I found it easier to do if both structs use the same information
	for tracking whether a source file needs encryption keys.

	* src/util/virstoragefile.h (_virStorageFileMetadata): Prepare
	full encryption struct instead of just a bool.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Use transfer semantics.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal):
	Populate struct.
	(virStorageFileFreeMetadata): Adjust clients.
	* tests/virstoragetest.c (testStorageChain): Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: drop redundant parameters during probe
	Now that each virStorageSource can track allocation information,
	and given that we already have the information without extra
	syscalls, it's easier to just always populate the information
	directly into the struct than it is to sometimes pass the address
	of the struct members down the call chain.

	* src/storage/storage_backend.h (virStorageBackendUpdateVolInfo)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Update signature.
	* src/storage/storage_backend.c (virStorageBackendUpdateVolInfo)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Always populate struct
	members instead.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol): Update client.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget)
	(virStorageBackendFileSystemRefresh)
	(virStorageBackendFileSystemVolRefresh): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathNewVol): Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSINewLun): Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: track sizes directly in source struct
	One of the features of qcow2 is that a wrapper file can have
	more capacity than its backing file from the guest's perspective;
	what's more, sparse files make tracking allocation of both
	the active and backing file worthwhile.  As such, it makes
	more sense to show allocation numbers for each file in a chain,
	and not just the top-level file.  This sets up the fields for
	the tracking, although it does not modify XML to display any
	new information.

	* src/util/virstoragefile.h (_virStorageSource): Add fields.
	* src/conf/storage_conf.h (_virStorageVolDef): Drop redundant
	fields.
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(createRawFile, virStorageBackendCreateQemuImgCmd)
	(virStorageBackendCreateQcowCreate): Update clients.
	* src/storage/storage_driver.c (storageVolDelete)
	(storageVolCreateXML, storageVolCreateXMLFrom, storageVolResize)
	(storageVolWipeInternal, storageVolGetInfo): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget)
	(virStorageBackendFileSystemRefresh)
	(virStorageBackendFileSystemVolResize)
	(virStorageBackendFileSystemVolRefresh): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol)
	(virStorageBackendLogicalCreateVol): Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSINewLun): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathNewVol): Likewise.
	* src/storage/storage_backend_rbd.c
	(volStorageBackendRBDRefreshVolInfo)
	(virStorageBackendRBDCreateImage): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol)
	(virStorageBackendDiskCreateVol): Likewise.
	* src/storage/storage_backend_sheepdog.c
	(virStorageBackendSheepdogBuildVol)
	(virStorageBackendSheepdogParseVdiList): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Likewise.
	* src/conf/storage_conf.c (virStorageVolDefFormat)
	(virStorageVolDefParseXML): Likewise.
	* src/test/test_driver.c (testOpenVolumesForPool)
	(testStorageVolCreateXML, testStorageVolCreateXMLFrom)
	(testStorageVolDelete, testStorageVolGetInfo): Likewise.
	* src/esx/esx_storage_backend_iscsi.c (esxStorageVolGetXMLDesc):
	Likewise.
	* src/esx/esx_storage_backend_vmfs.c (esxStorageVolGetXMLDesc)
	(esxStorageVolCreateXML): Likewise.
	* src/parallels/parallels_driver.c (parallelsAddHddByVolume):
	Likewise.
	* src/parallels/parallels_storage.c (parallelsDiskDescParseNode)
	(parallelsStorageVolDefineXML, parallelsStorageVolCreateXMLFrom)
	(parallelsStorageVolDefRemove, parallelsStorageVolGetInfo):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxStorageVolCreateXML)
	(vboxStorageVolGetXMLDesc): Likewise.
	* tests/storagebackendsheepdogtest.c (test_vdi_list_parser):
	Likewise.
	* src/phyp/phyp_driver.c (phypStorageVolCreateXML): Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: use common struct in storage volumes
	A fairly smooth transition.  And now that domain disks and
	storage volumes share a common struct, it opens the doors for
	a future patch to expose more details in the XML for both
	objects.

	* src/conf/storage_conf.h (_virStorageVolTarget): Delete.
	(_virStorageVolDef): Use common type.
	* src/conf/storage_conf.c (virStorageVolDefFree)
	(virStorageVolTargetDefFormat): Update clients.
	* src/storage/storage_backend.h: Likewise.
	* src/storage/storage_backend.c
	(virStorageBackendDetectBlockVolFormatFD)
	(virStorageBackendUpdateVolTargetInfo)
	(virStorageBackendUpdateVolTargetInfoFD): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: move volume structs to util/
	Another step towards unification of structures.  While we might
	not expose everything in XML via domain disk as we do for
	storage volume pointer, both places want to deal with (at least
	part of) the backing chain; therefore, moving towards a single
	struct usable from both contexts will make the backing chain
	code more reusable.

	* src/conf/storage_conf.h (_virStoragePerms)
	(virStorageTimestamps): Move...
	* src/util/virstoragefile.h: ...here.
	(_virStorageSource): Add more fields.
	* src/util/virstoragefile.c (virStorageSourceClear): Clean
	additional fields.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: tweak volume target struct details
	Some preparatory work before consolidating storage volume
	structs with the rest of virstoragefile.  Making these
	changes allows a volume target to be much closer to (a
	subset of) the virStorageSource struct.

	Making perms be a pointer allows it to be optional if we
	have a storage pool that doesn't expose permissions in a
	way we can access.  It also allows future patches to
	optionally expose permissions details learned about a disk
	image via domain <disk> listings, rather than just
	limiting it to storage volume listings.

	Disk partition types was only used by internal code to
	control what type of partition to create when carving up
	an MS-DOS partition table storage pool (and is not used
	for GPT partition tables or other storage pools).  It was
	not exposed in volume XML, and as it is more closely
	related to extent information of the overall block device
	than it is to the <target> information describing the host
	file.  Besides, if we ever decide to expose it in XML down
	the road, we can move it back as needed.

	* src/conf/storage_conf.h (_virStorageVolTarget): Change perms to
	pointer, enhance comments.  Move partition type...
	(_virStorageVolSource): ...here.
	* src/conf/storage_conf.c (virStorageVolDefFree)
	(virStorageVolDefParseXML, virStorageVolTargetDefFormat): Update
	clients.
	* src/storage/storage_backend_fs.c (createFileDir): Likewise.
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateRaw, virStorageBackendCreateExecCommand)
	(virStorageBackendUpdateVolTargetInfoFD): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalCreateVol): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskMakeDataVol)
	(virStorageBackendDiskPartTypeToCreate): Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	conf: manage disk source by struct instead of pieces
	Now that we have a dedicated type for representing a disk source,
	we might as well parse and format directly into that type instead
	of piecemeal into pointers to members of the type.

	* src/conf/domain_conf.h (virDomainDiskSourceDefFormatInternal)
	(virDomainDiskSourceDefParse): Rename...
	(virDomainDiskSourceFormat, virDomainDiskSourceParse): ...and
	compress signatures.
	* src/conf/domain_conf.c (virDomainDiskSourceParse)
	(virDomainDiskSourceFormat): Rewrite to use common struct.
	(virDomainDiskSourceDefFormat): Delete.
	(virDomainDiskDefParseXML, virDomainDiskDefFormat): Update
	callers.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotDiskDefFormat): Likewise.

2014-04-02  Eric Blake  <eblake@redhat.com>

	phyp: fix logic error on volume creation
	The phyp code claims that it wants a non-zero value, but actually
	enforces a capacity of zero.  It has been this way since commit
	ebc46fe in June 2010.  Bummer that it has my name as the committer
	- I guess I should have been much more stubborn about not blindly
	taking someone else's 1600-line patch.

	* src/phyp/phyp_driver.c (phypStorageVolCreateXML): Use correct
	logic.

2014-04-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: remove unneeded forward declaration
	by moving qemuAgentCommand() after qemuAgentCheckError().

2014-04-02  Shanzhi Yu  <shyu@redhat.com>

	virsh: man: delete the unexpected character in snapshot-list

2014-04-02  Martin Kletzander  <mkletzan@redhat.com>

	qemu: cleanup error checking on agent replies
	On all the places where qemuAgentComand() was called, we did a check
	for errors in the reply.  Unfortunately, some of the places called
	qemuAgentCheckError() without checking for non-null reply which might
	have resulted in a crash.

	So this patch makes the error-checking part of qemuAgentCommand()
	itself, which:

	 a) makes it look better,

	 b) makes the check mandatory and, most importantly,

	 c) checks for the errors if and only if it is appropriate.

	This actually fixes a potential crashers when qemuAgentComand()
	returned 0, but reply was NULL.  Having said that, it *should* fix the
	following bug:

	https://bugzilla.redhat.com/show_bug.cgi?id=1058149

2014-04-02  Eric Blake  <eblake@redhat.com>

	maint: fix spelling errors in disk pools
	Noticed during my work on storage struct cleanups.

	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartBoundaries): Fix spelling errors.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: let snapshots share disk source struct
	Now that we have a common struct, it's time to start using it!
	Since external snapshots make a longer backing chain, it is
	only natural to use the same struct for the file created by
	the snapshot as what we use for <domain> disks.

	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Use common
	struct instead of open-coded duplicate fields.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, virDomainSnapshotAlignDisks)
	(virDomainSnapshotDiskDefFormat)
	(virDomainSnapshotDiskGetActualType): Adjust clients.
	* src/qemu/qemu_conf.c (qemuTranslateSnapshotDiskSourcePool):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskGetSourceString)
	(qemuDomainSnapshotCreateInactiveExternal)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/storage/storage_driver.c
	(virStorageFileInitFromSnapshotDef): Likewise.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move common disk source functions
	Move some functions out of domain_conf for use in the next
	patch where snapshot starts to directly use structs in
	virstoragefile.

	* src/conf/domain_conf.c (virDomainDiskDefFree)
	(virDomainDiskSourcePoolDefParse): Adjust callers.
	(virDomainDiskSourceDefClear, virDomainDiskSourcePoolDefFree)
	(virDomainDiskAuthClear): Move...
	* src/util/virstoragefile.c (virStorageSourceClear)
	(virStorageSourcePoolDefFree, virStorageSourceAuthClear): ...and
	rename.
	* src/conf/domain_conf.h (virDomainDiskAuthClear): Drop
	declaration.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Adjust
	caller.
	* src/util/virstoragefile.h: Declare them.
	* src/libvirt_private.syms (virstoragefile.h): Export them.

2014-04-01  Eric Blake  <eblake@redhat.com>

	util: don't support loopback and nbd when setuid
	The only remaining reason that virt-login-shell was trying to
	link against virstoragefile was because of a call to
	virStorageFileFormatTypeToString when spawning a qemu-nbd
	process - but setuid processes shouldn't be spawning qemu-nbd.

	* src/util/virfile.c (virFileLoopDeviceAssociate)
	(virFileNBDDeviceAssociate): Cripple in setuid builds.
	* src/Makefile.am (libvirt_setuid_rpc_client_la_SOURCES):
	Drop virstoragefile from the list.

2014-04-01  Eric Blake  <eblake@redhat.com>

	util: move detection of shared filesystems
	The code in virstoragefile.c is getting more complex as I
	consolidate backing chain handling code.  But for the setuid
	virt-login-shell, we don't need to crawl backing chains.  It's
	easier to audit things for setuid security if there are fewer
	files involved, so this patch moves the one function that
	virFileOpen() was actually relying on to also live in virfile.c.

	* src/util/virstoragefile.c (virStorageFileIsSharedFS)
	(virStorageFileIsSharedFSType): Move...
	* src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType):
	...to here, and rename.
	(virFileOpenAs): Update caller.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetFileconHelper)
	(virSecuritySELinuxSetSecurityAllLabel)
	(virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise.
	* src/security/security_dac.c
	(virSecurityDACRestoreSecurityImageLabelInt): Likewise.
	* src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/util/virstoragefile.h: Adjust declarations.
	* src/util/virfile.h: Likewise.
	* src/libvirt_private.syms (virfile.h, virstoragefile.h): Move
	symbols as appropriate.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move storage source type to util/
	With this patch, all information related to a host resource in
	a storage file backing chain now lives in util/virstoragefile.h.
	The next step will be to consolidate various places that have
	been tracking backing chain details to all use a common struct.

	The changes to tools/Makefile.am were made necessary by the
	fact that virstorageencryption includes uses of libxml, and is
	now pulled in by inclusion from virstoragefile.h.  No
	additional libraries are linked into the final image, and in
	comparison, the build of the setuid library in src/Makefile.am
	already was using LIBXML_CFLAGS via AM_CFLAGS.

	* src/conf/domain_conf.h (virDomainDiskSourceDef): Move...
	* src/util/virstoragefile.h (virStorageSource): ...and rename.
	* src/conf/domain_conf.c (virDomainDiskSourceDefClear)
	(virDomainDiskAuthClear): Adjust clients.
	* tools/Makefile.am (virt_login_shell_CFLAGS)
	(virt_host_validate_CFLAGS): Add libxml headers.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move storage secret type to util/
	This one is a relatively easy move.  We don't ever convert the
	enum to or from strings (it is inferred from other elements in
	the xml, rather than directly represented).

	* src/conf/domain_conf.h (virDomainDiskSecretType): Move...
	* src/util/virstoragefile.h (virStorageSecreteType): ...and
	rename.
	* src/conf/domain_conf.c (virDomainDiskSecretType): Drop unused
	enum conversion.
	(virDomainDiskAuthClear, virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Adjust clients.
	* src/qemu/qemu_command.c (qemuGetSecretString): Likewise.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePoolAuth):
	Likewise.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move source pool type to util/
	Another struct being moved to util.  This one doesn't have as
	much use yet, thankfully.

	* src/conf/domain_conf.h (virDomainDiskSourcePoolMode)
	(virDomainDiskSourcePoolDef): Move...
	* src/util/virstoragefile.h (virStorageSourcePoolMode)
	(virStorageSourcePoolDef): ...and rename.
	* src/conf/domain_conf.c (virDomainDiskSourcePoolDefFree)
	(virDomainDiskSourceDefClear, virDomainDiskSourcePoolDefParse)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefParse)
	(virDomainDiskSourceDefFormatInternal)
	(virDomainDiskDefForeachPath, virDomainDiskSourceIsBlockType):
	Adjust clients.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move storage encryption type to util/
	Encryption keys can be associated with each source file in a
	backing chain; as such, this file belongs more in util/ where
	it can be used by virstoragefile.h.

	* src/conf/storage_encryption_conf.h: Rename...
	* src/util/virstorageencryption.h: ...to this.
	* src/conf/storage_encryption_conf.c: Rename...
	* src/util/virstorageencryption.c: ...to this.
	* src/Makefile.am (ENCRYPTION_CONF_SOURCES, CONF_SOURCES)
	(UTIL_SOURCES): Update to new file names.
	* src/libvirt_private.syms: Likewise.
	* src/conf/domain_conf.h: Update client.
	* src/conf/storage_conf.h: Likewise.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move network disk protocol type to util/
	Another enum moved to util/, this time the fallout from renaming
	is not quite as large.

	* src/conf/domain_conf.h (virDomainDiskProtocol): Move...
	* src/util/virstoragefile.h (virStorageNetProtocol): ...and
	rename.
	* src/conf/domain_conf.c: Update clients.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/storage/storage_backend.c: Likewise.
	* src/storage/storage_backend_gluster.c: Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: move host disk type to util/
	A continuation of the migration of disk details to virstoragefile.
	This patch moves a single enum, but converting the name has quite
	a bit of fallout.

	* src/conf/domain_conf.h (virDomainDiskType): Move...
	* src/util/virstoragefile.h (virStorageType): ...and rename.
	* src/bhyve/bhyve_command.c (bhyveBuildDiskArgStr)
	(virBhyveProcessBuildLoadCmd): Update clients.
	* src/conf/domain_conf.c (virDomainDiskSourceDefParse)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefFormatInternal)
	(virDomainDiskDefFormat, virDomainDiskGetActualType)
	(virDomainDiskDefForeachPath, virDomainDiskSourceIsBlockType):
	Likewise.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotAlignDisks, virDomainSnapshotDiskDefFormat):
	Likewise.
	* src/esx/esx_driver.c (esxAutodetectSCSIControllerModel)
	(esxDomainDefineXML): Likewise.
	* src/locking/domain_lock.c (virDomainLockManagerAddDisk):
	Likewise.
	* src/lxc/lxc_controller.c
	(virLXCControllerSetupLoopDeviceDisk)
	(virLXCControllerSetupNBDDeviceDisk)
	(virLXCControllerSetupLoopDevices, virLXCControllerSetupDisk):
	Likewise.
	* src/parallels/parallels_driver.c (parallelsGetHddInfo):
	Likewise.
	* src/phyp/phyp_driver.c (phypDiskType): Likewise.
	* src/qemu/qemu_command.c (qemuGetDriveSourceString)
	(qemuDomainDiskGetSourceString, qemuBuildDriveStr)
	(qemuBuildCommandLine, qemuParseCommandLineDisk)
	(qemuParseCommandLine): Likewise.
	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuTranslateDiskSourcePool)
	(qemuTranslateSnapshotDiskSourcePool): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainDetermineDiskChain): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskExternalBackingActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayActive)
	(qemuDomainSnapshotPrepareDiskExternalOverlayInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
	Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/security/security_apparmor.c
	(AppArmorRestoreSecurityImageLabel)
	(AppArmorSetSecurityImageLabel): Likewise.
	* src/security/security_dac.c (virSecurityDACSetSecurityImageLabel)
	(virSecurityDACRestoreSecurityImageLabelInt)
	(virSecurityDACSetSecurityAllLabel): Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt)
	(virSecuritySELinuxSetSecurityImageLabel)
	(virSecuritySELinuxSetSecurityAllLabel): Likewise.
	* src/storage/storage_backend.c (virStorageFileBackendForType):
	Likewise.
	* src/storage/storage_backend_fs.c (virStorageFileBackendFile)
	(virStorageFileBackendBlock): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageFileBackendGluster): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives)
	(vboxDomainAttachDeviceImpl, vboxDomainDetachDevice): Likewise.
	* src/vmware/vmware_conf.c (vmwareVmxPath): Likewise.
	* src/vmx/vmx.c (virVMXParseDisk, virVMXFormatDisk)
	(virVMXFormatFloppy): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr)
	(xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* tests/securityselinuxlabeltest.c (testSELinuxLoadDef):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: split network host structs to util/
	Continuing the refactoring of host-side storage descriptions out
	of conf/domain_conf and into util/virstoragefile, this patch
	focuses on details about a host name/port/transport as used by
	a network storage volume.

	* src/conf/domain_conf.h (virDomainDiskProtocolTransport)
	(virDomainDiskHostDef, virDomainDiskHostDefClear)
	(virDomainDiskHostDefFree, virDomainDiskHostDefCopy): Move...
	* src/util/virstoragefile.h (virStorageNetHostTransport)
	(virStorageNetHostDef, virStorageNetHostDefClear)
	(virStorageNetHostDefFree, virStorageNetHostDefCopy): ...here,
	with better names.
	* src/util/virstoragefile.c (virStorageNetHostDefClear)
	(virStorageNetHostDefFree, virStorageNetHostDefCopy): Moved from...
	* src/conf/domain_conf.c (virDomainDiskHostDefClear)
	(virDomainDiskHostDefFree, virDomainDiskHostDefCopy): ...here.
	(virDomainDiskSourceDefClear, virDomainDiskSourceDefParse)
	(virDomainDiskSourceDefFormatInternal): Adjust callers.
	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear):
	Likewise.
	* src/qemu/qemu_command.c (qemuAddRBDHost)
	(qemuParseDriveURIString, qemuParseNBDString)
	(qemuBuildNetworkDriveURI, qemuParseCommandLineDisk)
	(qemuParseCommandLine, qemuGetDriveSourceString): Likewise.
	* src/qemu/qemu_command.h: Likewise.
	* src/qemu/qemu_conf.c (qemuAddISCSIPoolSourceHost)
	(qemuTranslateDiskSourcePool): Likewise.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Likewise.
	* src/storage/storage_backend_gluster.c
	(virStorageFileBackendGlusterInit): Likewise.
	* src/storage/storage_driver.c (virStorageFileFree)
	(virStorageFileInitInternal): Likewise.
	* src/storage/storage_driver.h (_virStorageFile): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virstoragefile.h): ...as appropriate.

2014-04-01  Eric Blake  <eblake@redhat.com>

	conf: split security label structs to util/
	In order to reuse the newly-created host-side disk struct in
	the virstoragefile backing chain code, I first have to move
	it to util/.  This starts the process, by first moving the
	security label structures.

	* src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef)
	(virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree)
	(virSecurityDeviceLabelDefFree, virSecurityLabelDef)
	(virSecurityDeviceLabelDef): Move...
	* src/util/virseclabel.h: ...to new file.
	(virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the
	GenSecurity functions.
	* src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers.
	* src/security/security_manager.c (virSecurityManagerGenLabel):
	Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.
	* src/util/virseclabel.c: New file.
	* src/conf/domain_conf.c: Move security code, and fix fallout.
	* src/Makefile.am (UTIL_SOURCES): Build new file.
	* src/libvirt_private.syms (domain_conf.h): Move symbols...
	(virseclabel.h): ...to new section.

2014-04-01  Eric Blake  <eblake@redhat.com>

	maint: ensure src/ directory includes are clean
	In 'make syntax-check', we have a rule that prevents layering
	violations between the various files in src.  However, we
	forgot to treat conf/ and the more recently-added access/ as
	lower-level directories, and were not detecting cases where
	they might have used a driver file.  Also, it's not nice that
	qemu can use storage/ but none of the other drivers could do so.

	* cfg.mk (sc_prohibit_cross_inclusion): Tighten rules for conf/
	and access/, let all other drivers use storage/.

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Implement storage pool lookup
	Use the previously implemented function to lookup glusterfs source pools
	for the netfs pool to lookup native gluster pools too.

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	storage: netfs: Support lookup of glusterfs pool sources
	https://bugzilla.redhat.com/show_bug.cgi?id=1072714

	Use the "gluster" command line tool to retrieve information about remote
	volumes on a gluster server to allow storage pool source lookup.

	Unfortunately gluster doesn't provide a management library so that we
	could use that directly, instead the RPC calls are hardcoded in the
	command line tool.

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	storage: netfs: Split up and tidy up NFS storage pool source function
	Extract the NFS related stuff into a separate function and tidy up the
	rest of the code so we can reuse it to add gluster backend detection.

	Additionally avoid reporting of errors from "showmount" and return an
	empty source list instead. This will help when adding other detection
	backends.

2014-04-01  Michal Privoznik  <mprivozn@redhat.com>

	Bump version to 1.2.4 for new dev cycle

2014-04-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.3
	* docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: pull updated translations and regenerate

2014-04-01  Martin Kletzander  <mkletzan@redhat.com>

	build: fix syntax-check for storage_backend

2014-04-01  Peter Krempa  <pkrempa@redhat.com>

	gluster: Fix "key" attribute for gluster volumes
	According to our documentation the "key" value has the following
	meaning: "Providing an identifier for the volume which identifies a
	single volume." The currently used keys for gluster volumes consist of
	the gluster volume name and file path. This can't be considered unique
	as a different storage server can serve a volume with the same name.

	Unfortunately I wasn't able to figure out a way to retrieve the gluster
	volume UUID which would avoid the possibility of having two distinct
	keys identifying a single volume.

	Use the full URI as the key for the volume to avoid the more critical
	ambiguity problem and document the possible change to UUID.

2014-04-01  Cole Robinson  <crobinso@redhat.com>

	storage: Rename VolOpenCheckMode to VolOpen
	Remove the original VolOpen implementation, which is now only used in
	one spot.

	storage: move block format lookup to shared UpdateVolInfo

2014-04-01  Cole Robinson  <crobinso@redhat.com>

	storage: Rename UpdateVolInfoFlags to UpdateVolInfo
	And drop the original UpdateVolInfo. Makes it a bit easier to follow
	the function usage.

	And change the int parameter to an explicit bool.

2014-03-31  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in testMessageArrayRef()
	While running virdbustest, it was found that valgrind pointed out
	the following memory leaks:

	==9996== 17 (8 direct, 9 indirect) bytes in 1 blocks are definitely lost in loss record 9 of 36
	==9996==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==9996==    by 0x4A06B62: realloc (vg_replace_malloc.c:662)
	==9996==    by 0x4C6B587: virReallocN (viralloc.c:245)
	==9996==    by 0x4C6B6AE: virExpandN (viralloc.c:294)
	==9996==    by 0x4C82B54: virDBusMessageDecodeArgs (virdbus.c:907)
	==9996==    by 0x4C83463: virDBusMessageDecode (virdbus.c:1141)
	==9996==    by 0x402C45: testMessageArrayRef (virdbustest.c:273)
	==9996==    by 0x404E71: virtTestRun (testutils.c:201)
	==9996==    by 0x401C2D: mymain (virdbustest.c:479)
	==9996==    by 0x4055ED: virtTestMain (testutils.c:789)
	==9996==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==9996==
	==9996== 28 (16 direct, 12 indirect) bytes in 1 blocks are definitely lost in loss record 12 of 36
	==9996==    at 0x4A06BE0: realloc (vg_replace_malloc.c:662)
	==9996==    by 0x4C6B587: virReallocN (viralloc.c:245)
	==9996==    by 0x4C6B6AE: virExpandN (viralloc.c:294)
	==9996==    by 0x4C82B54: virDBusMessageDecodeArgs (virdbus.c:907)
	==9996==    by 0x4C83463: virDBusMessageDecode (virdbus.c:1141)
	==9996==    by 0x402C45: testMessageArrayRef (virdbustest.c:273)
	==9996==    by 0x404E71: virtTestRun (testutils.c:201)
	==9996==    by 0x401C2D: mymain (virdbustest.c:479)
	==9996==    by 0x4055ED: virtTestMain (testutils.c:789)
	==9996==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==9996==

2014-03-31  Eric Blake  <eblake@redhat.com>

	virsh: fix 'help event'
	'virsh help event' included a summary line "event - (null)"
	due to a misnamed info field.

	* tools/virsh-domain.c (info_event): Use correct name.
	* tools/virsh-network.c (info_network_event): Likewise.

2014-03-31  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: don't leak tap devices on failures
	On failures, virBhyveProcessStart() does not cleanup network
	interfaces that could be created by virBhyveProcessBuildBhyveCmd(),
	which results in a leaked tap device.

	To fix that, extract network cleanup code to bhyveNetCleanup()
	and use it in cleanup stage of virBhyveProcessStart().

2014-03-31  Hongwei Bi  <hwbi2008@gmail.com>

	util: remove useless comment for virCgroupMoveTask in vircgroup.c

2014-03-31  Shanzhi Yu  <shyu@redhat.com>

	virsh: man: Fix spelling of parameters for --memspec in snapshot-create-as
	https://bugzilla.redhat.com/show_bug.cgi?id=1080859

	Snapshot type should be no, internal, or external.

2014-03-31  Peter Krempa  <pkrempa@redhat.com>

	util: storagefile: Don't pursue backing chain of NULL image
	When virStorageFileGetMetadata is called with NULL path argument, the
	invalid pointer boils down through the recursive worker and is caught by
	virHashAddEntry which is thankfully resistant to NULL arguments. As it
	doesn't make sense to pursue backing chains of NULL volumes, exit
	earlier.

	This was noticed in the virt-aahelper-test with a slightly modified
	codebase.

2014-03-31  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Fix crash when initialization of storage backend fails
	The libgfapi function glfs_fini doesn't tolerate NULL pointers. Add a
	check on the error paths as it's possible to crash libvirtd if the
	gluster volume can't be initialized.

	storage: pool: Fix XML indentation in pool source lookup
	The <source> elements need to be indented from <sources> elements.

2014-03-30  Dawid Zamirski  <dzamirski@dattobackup.com>

	ESX: Add support for virtualHW version 10
	This follows the same pattern when v8 and v9 were added. I've tested
	this with my ESX 5.5 and seems to work fine.

2014-03-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Prohibit Windows special chars in filenames
	Using any of these chars [:*?"<>|] in a filename is forbidden on
	Windows and breaks git operations on Windows as git is not able
	to create those files/directories on clone or pull.

	Because some of them can be used in UNIX filenames they tend to
	creep into filenames; especially : in PCI/SCSI device names that
	are used as filenames in test cases.

2014-03-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Fix SCSI test data filenames for Windows
	Windows doesn't allow : in filenames.

	Commit 6fdece9a332fc668a89bde96af94e7b7cbf6750d added files with a : in
	their names. This broke git operations on Windows as git is not able to
	create those files on clone or pull.

	Replace : with - in the offending filenames and adapt the test case.
	As the tested Linux specific code expects the files to exist with : in
	their path use symlinks to provide the name that way.

2014-03-29  Jincheng Miao  <jmiao@redhat.com>

	Fix virNodeDeviceListCaps always returns empty
	virNodeDeviceListCaps will always return empty for a pci nodedevice,
	actually it should return 'pci'.

	It is because the loop variable ncaps isn't increased.

	Introduced by commit be2636f.

	https://bugzilla.redhat.com/show_bug.cgi?id=1081932

2014-03-28  Ján Tomko  <jtomko@redhat.com>

	Create hostdevmgr in UserRuntimeDirectory for session libvirt
	Without this, session libvirt won't start if it fails to create
	the directory.

	Remove double free in virHostdevManagerDispose
	The object itself is freed by virObjectUnref.

2014-03-27  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix apparmor profile to make vfio pci passthrough work
	See lp#1276719 for the bug description. As virt-aa-helper doesn't know
	the VFIO groups to use for the guest, allow access to all
	/dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need
	for vfio

	Fixed regression in apparmor profiles for qemu brought by 43c030f

2014-03-27  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix Memory Leak in virQEMUCapsInitGuestFromBinary()
	While running qemucaps2xmltest, it was found that valgrind pointed out
	the following memory leaks:

	==29896== 0 bytes in 1 blocks are definitely lost in loss record 1 of 65
	==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
	==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
	==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
	==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
	==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==29896==    by 0x41EE7A: mymain (qemucaps2xmltest.c:203)
	==29896==    by 0x42074D: virtTestMain (testutils.c:789)
	==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==29896==
	==29896== 0 bytes in 1 blocks are definitely lost in loss record 2 of 65
	==29896==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==29896==    by 0x4C6B45E: virAllocN (viralloc.c:191)
	==29896==    by 0x4232A9: virQEMUCapsGetMachineTypesCaps (qemu_capabilities.c:1999)
	==29896==    by 0x4234E7: virQEMUCapsInitGuestFromBinary (qemu_capabilities.c:789)
	==29896==    by 0x41F10B: testQemuCapsXML (qemucaps2xmltest.c:118)
	==29896==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==29896==    by 0x41EEA3: mymain (qemucaps2xmltest.c:204)
	==29896==    by 0x42074D: virtTestMain (testutils.c:789)
	==29896==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)

2014-03-27  Hongwei Bi  <hwbi2008@gmail.com>

	util: fix a typo in virprocess.c and docs
	s/forcably/forcibly

2014-03-27  Li Yang  <liyang.fnst@cn.fujitsu.com>

	Modify help information of virsh list command
	Use 'virsh list domain --title' option can get domain's title,
	not description, the original help information 'show short
	domain description' will confuse users, so modify it to
	'show domain title'

2014-03-27  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	docs: cgroups: fix typo about LXC cgroups

2014-03-27  Wojciech Macek  <wma@semihalf.com>

	bhyve: add domainLookupByID
	Implement domain lookup by its ID.

2014-03-27  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in testGetCaps()
	While running qemucaps2xmltest, it was found that valgrind pointed out
	the following memory leaks:

	==27045== 160 (112 direct, 48 indirect) bytes in 1 blocks are definitely lost in loss record 51 of 65
	==27045==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27045==    by 0x4C6BACD: virAllocVar (viralloc.c:560)
	==27045==    by 0x4CAF095: virObjectNew (virobject.c:193)
	==27045==    by 0x421453: virQEMUCapsNew (qemu_capabilities.c:1805)
	==27045==    by 0x41F04F: testQemuCapsXML (qemucaps2xmltest.c:72)
	==27045==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==27045==    by 0x41EE7A: mymain (qemucaps2xmltest.c:203)
	==27045==    by 0x42074D: virtTestMain (testutils.c:789)
	==27045==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27045==
	==27045== 160 (112 direct, 48 indirect) bytes in 1 blocks are definitely lost in loss record 52 of 65
	==27045==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27045==    by 0x4C6BACD: virAllocVar (viralloc.c:560)
	==27045==    by 0x4CAF095: virObjectNew (virobject.c:193)
	==27045==    by 0x421453: virQEMUCapsNew (qemu_capabilities.c:1805)
	==27045==    by 0x41F04F: testQemuCapsXML (qemucaps2xmltest.c:72)
	==27045==    by 0x41FFD1: virtTestRun (testutils.c:201)
	==27045==    by 0x41EEA3: mymain (qemucaps2xmltest.c:204)
	==27045==    by 0x42074D: virtTestMain (testutils.c:789)
	==27045==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)

2014-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add xml2args unittest
	At this point unittest covers 4 basic cases:

	 - minimal working XML for bhyve
	 - same as above, but with virtio disk
	 - ACPI and APIC args test
	 - MAC address test

2014-03-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Move virBhyveTapGetRealDeviceName to virnetdevtap
	To ease mocking for bhyve unit tests move virBhyveTapGetRealDeviceName()
	out of bhyve_command.c to virnetdevtap and rename it to
	virNetDevTapGetRealDeviceName().

2014-03-26  Laine Stump  <laine@laine.org>

	network: fix problems with SRV records
	A patch submitted by Steven Malin last week pointed out a problem with
	libvirt's DNS SRV record configuration:

	  https://www.redhat.com/archives/libvir-list/2014-March/msg00536.html

	When searching for that message later, I found another series that had
	been posted by Guannan Ren back in 2012 that somehow slipped between
	the cracks:

	  https://www.redhat.com/archives/libvir-list/2012-July/msg00236.html

	That patch was very much out of date, but also pointed out some real
	problems.

	This patch fixes all the noted problems by refactoring
	virNetworkDNSSrvDefParseXML() and networkDnsmasqConfContents(), then
	verifies those fixes by added several new records to the test case.

	Problems fixed:

	* both service and protocol now have an underscore ("_") prepended on
	  the commandline, as required by RFC2782.

	  <srv service='sip' protocol='udp' domain='example.com'
	       target='tests.example.com' port='5060' priority='10'
	       weight='150'/>

	  before: srv-host=sip.udp.example.com,tests.example.com,5060,10,150
	  after:  srv-host=_sip._udp.example.com,tests.example.com,5060,10,150

	* if "domain" wasn't specified in the <srv> element, the extra
	  trailing "." will no longer be added to the dnsmasq commandline.

	  <srv service='sip' protocol='udp' target='tests.example.com'
	       port='5060' priority='10' weight='150'/>

	  before: srv-host=sip.udp.,tests.example.com,5060,10,150
	  after:  srv-host=_sip._udp,tests.example.com,5060,10,150

	* when optional attributes aren't specified, the separating comma is
	  also now not placed on the dnsmasq commandline. If optional
	  attributes in the middle of the line are not specified, they are
	  replaced with a default value in the commandline (1 for port, 0 for
	  priority and weight).

	  <srv service='sip' protocol='udp' target='tests.example.com'
	       port='5060'/>

	  before: srv-host=sip.udp.,tests.example.com,5060,,
	  after:  srv-host=_sip._udp,tests.example.com,5060

	  (actually the would have generated an error, because "optional"
	  attributes weren't really optional.)

	* The allowed characters for both service and protocol are now limited
	  to alphanumerics, plus a few special characters that are found in
	  existing names in /etc/services and /etc/protocols. (One exception
	  is that both of these files contain names with an embedded ".", but
	  "."  can't be used in these fields of an SRV record because it is
	  used as a field separator and there is no method to escape a "."
	  into a field.) (Previously only the strings "tcp" and "udp" were
	  allowed for protocol, but this restriction has been removed, since
	  RFC2782 specifically says that it isn't limited to those, and that
	  anyway it is case insensitive.)

	* the "domain" attribute is no longer required in order to recognize
	  the port, priority, and weight attributes during parsing. Only
	  "target" is required for this.

	* if "target" isn't specified, port, priority, and weight are not
	  allowed (since they are meaningless - an empty target means "this
	  service is *not available* for this domain").

	* port, priority, and weight are now truly optional, as the comments
	  originally suggested, but which was not actually true.

2014-03-26  Ján Tomko  <jtomko@redhat.com>

	Shift the for loop over matched vars by one
	Instead of adding one to the iterator on every use.

	Use VIR_STRNDUP instead of modifying the matched string

	Free groups in case of a partial match
	If there are more than two regexes, but only one of them matches,
	the matched groups would be leaked.

	Simplify the loop in virCommandRunRegex
	Do not check for border iterator values inside the loop,
	move the code before/after the loop instead.

	Remove useless 'maxReg' variable
	It is used to break out of the loop early if one regex does not match.
	Use the 'break' statement instead.

2014-03-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachDeviceFlags: Parse device xml as inactive
	In all other drivers we are doing so. Moreover, we don't want to parse
	runtime information in attach (even if the attach is meant as live)
	because we are generating the runtime info ourselves. We can't trust
	users they supply sane values anyway.

	==1140== 9 bytes in 1 blocks are definitely lost in loss record 72 of 1,151
	==1140==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==1140==    by 0x623C758: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1)
	==1140==    by 0x50FD763: virXMLPropString (virxml.c:483)
	==1140==    by 0x510F8B7: virDomainDeviceInfoParseXML (domain_conf.c:3685)
	==1140==    by 0x511ACFD: virDomainChrDefParseXML (domain_conf.c:7535)
	==1140==    by 0x5121D13: virDomainDeviceDefParse (domain_conf.c:9918)
	==1140==    by 0x13AE6313: qemuDomainAttachDeviceFlags (qemu_driver.c:6926)
	==1140==    by 0x13AE65FA: qemuDomainAttachDevice (qemu_driver.c:7005)
	==1140==    by 0x51C77DA: virDomainAttachDevice (libvirt.c:10231)
	==1140==    by 0x127FDD: remoteDispatchDomainAttachDevice (remote_dispatch.h:2404)
	==1140==    by 0x127EC5: remoteDispatchDomainAttachDeviceHelper (remote_dispatch.h:2382)
	==1140==    by 0x5241F81: virNetServerProgramDispatchCall (virnetserverprogram.c:437)

	When doing live attach, we are passing the inactive definition anyway
	since we are passing the result of virDomainDeviceDefCopy() which does
	inactive copy by default.

	Moreover, we are doing the same mistake in qemuhotplugtest.

	Just a side note - it makes perfect sense to parse the runtime info
	like alias in qemuDomainDetachDevice and qemuDomainUpdateDeviceFlags()
	as in some cases the only difference to distinguish two devices can be
	just their alias.

2014-03-26  Francesco Romani  <fromani@redhat.com>

	qemu: add unit tests for the capabilities xml
	The test is loosely inspired from qemucapabilitiestest
	and qemuxml2xmltest.

	Added a new test instead of extending an existing one because
	the feature being tested don't really fits nicely in any
	existing place.

2014-03-26  Francesco Romani  <fromani@redhat.com>

	qemu: extract guest capabilities initialization
	This patch decouples the binary and the capabilities detection
	from the guest initialization.

	The purpose is to make testing easier.

2014-03-26  Francesco Romani  <fromani@redhat.com>

	qemu: export disk snapshot support in capabilities
	This patch adds an element to QEMU's capability XML, to
	show if the underlying QEMU binary supports the live disk
	snapshotting or not.
	This allows any client to know ahead of time if the feature
	is available.

	Without this information available, the only way to check
	for the snapshot support is to request one and check for
	errors.

2014-03-26  Ján Tomko  <jtomko@redhat.com>

	Show the real cpu shares value in live XML
	Currently, the Linux kernel treats values of '0' and '1' as
	the minimum of 2. Values larger than the maximum are changed
	to the maximum.

	Re-reading the shares value after setting it reflects this in
	the live domain XML.

2014-03-26  Ján Tomko  <jtomko@redhat.com>

	Treat zero cpu shares as a valid value
	Currently, <cputune><shares>0</shares></cputune> is treated
	as if it were not specified.

	Treat is as a valid value if it was explicitly specified
	and write it to the cgroups.

2014-03-25  John Ferlan  <jferlan@redhat.com>

	Coverity: Resolve a RESOURCE_LEAK
	On error the lofd would have been leaked.

2014-03-25  John Ferlan  <jferlan@redhat.com>

	Coverity: Resolve a FORWARD_NULL
	Recent changes in the module seemed to have caused Coverity to reanalyze
	certain parts of the code. Previously the code was modified via commit
	id '11a11812' to resolve a different error (perhaps DEADCODE).  Up through
	commit id '7b3f1f8c' there were no issues.

	The new error indicats the 'outbuf' was checked for NULL and then complains
	because of the dereference. Adding checks for non-NULL prior to the deref
	resulted in a DEADCODE message.

	So, resolve using an sa_assert() to keep Coverity quiet especially since
	it doesn't understand that outbuf will change as a result of a successful
	virCommandRun() call.

2014-03-25  John Ferlan  <jferlan@redhat.com>

	Coverity: Resolve a CHECKED_RETURN message
	Recent changes to the module seemed to have caused Coverity to find a new
	issue regarding the failure to check the return from a sendmsg. The code
	doesn't seem to care about the return status, so just added an ignore_value
	to keep Coverity quiet.

2014-03-25  Tomoki Sekiyama  <tomoki.sekiyama@hds.com>

	qemu: remove redundant virQEMUDriverGetConfig
	qemuDomainSetSchedulerParametersFlags() calls virQEMUDriverGetConfig() twice
	and makes the reference counter leak. This removes redundant call.

	Problem introduced in commit 45ad1ad

2014-03-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: don't fail on busy tap devices
	We use virBhyveTapGetRealDeviceName() to map network interface name
	to a real device path, trying to open possible devices and getting
	names by ioctl.

	Make it skip devices that fail to open with EBUSY because they're
	most likely already used by other VMs.

2014-03-25  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Create log directory earlier
	Commit d9f19c30d054c86b15a304f4118baa4fa75af9d2 moved a lot of the
	configuration setup into libxlDriverConfigNew().
	However that tries to create the libxl/libxl-driver.log before the
	libxl directory gets created in libxlStateInitialize().

	This causes the daemon to fail on systems that have not had the directory
	created before.

	Move the code to create the libxl directory into libxlDriverConfigNew().

2014-03-25  Ján Tomko  <jtomko@redhat.com>

	Add a rule for indenting labels
	Indent top-level labels by one space.

	Add the rule to HACKING and enforce it by syntax-check.

2014-03-25  Ján Tomko  <jtomko@redhat.com>

	Indent top-level labels by one space in tools/

	Indent top-level labels by one space in tests/

	Indent top-level labels by one space in the rest of src/

	Indent top-level labels by one space in src/xen/

	Indent top-level labels by one space in src/vbox/

	Indent top-level labels by one space in src/util/

	Indent top-level labels by one space in src/test/

	Indent top-level labels by one space in src/storage/

	Indent top-level labels by one space in src/rpc/

	Indent top-level labels by one space in src/remote/

	Indent top-level labels by one space in src/qemu/

	Indent top-level labels by one space in src/parallels/

	Indent top-level labels by one space in src/nwfilter/

	Indent top-level labels by one space in src/network/

	Indent top-level labels by one space in src/lxc/

	Indent top-level labels by one space in src/locking/

	Indent top-level labels by one space in libvirt.c

	Indent top-level labels by one space in src/libxl/

	Indent top-level labels by one space in src/esx/

	Indent top-level labels by one space in src/cpu/

	Indent top-level labels by one space in src/conf/

	Indent top-level labels by one space in examples/

	Indent top-level labels by one space in daemon/

2014-03-25  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_RESTART
	https://bugzilla.redhat.com/show_bug.cgi?id=905282
	https://bugzilla.redhat.com/show_bug.cgi?id=967494

	When lock failure is detected by sanlock, our sanlock_helper kill script
	will try to restart (shutdown followed by start) the affected domain
	when RESTART action is configured for it. While shutting down kills QEMU
	and removes all its leases (which is what sanlock wants to happen),
	trying to start it again just hangs because libvirt tries reacquire the
	locks in the failed lock space. Hence, this action cannot be supported
	by sanlock driver.

2014-03-25  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_IGNORE
	https://bugzilla.redhat.com/show_bug.cgi?id=905280
	https://bugzilla.redhat.com/show_bug.cgi?id=967493

	Sanlock expects that the configured kill script either kills the PID on
	lock failure or removes all locks the PID owns. If none of the two
	options happen, sanlock will reboot the host. Although IGNORE action is
	supposed to ignore the request to kill the PID or remove all leases,
	it's certainly not designed to cause the host to be rebooted. That said,
	IGNORE action is incompatible with sanlock and should be forbidden by
	libvirt.

2014-03-25  Peter Krempa  <pkrempa@redhat.com>

	util: Sanitize ATTRIBUTE_NONNULL use in viriscsi.h
	Some of the function attributes marked as nonnull actually explicitly
	handle the arguments for NULL. All changed functions handle missing
	"initiatoriqn" argument well and virISCSIScanTargets also handles well
	if the return pointers are missing. Remove some of the liberaly used
	ATTRIBUTE_NONNULLs as coverity and possibly other compilers that honor
	the attribute fail to compile the code.

	Flaw introduced in commit 5e1d5dde

2014-03-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	While we aren't impacted by most of upstream's changes this
	month, at least the regex improvement looks useful.

	* gnulib: Synchronize to upstream.

2014-03-24  Qiao Nuohan  <qiaonuohan@cn.fujitsu.com>

	allow "virsh dump --memory-only" specify dump format
	This patch adds "[--format] <string>" to "virsh dump --memory-only", which is
	changed to use the new virDomainCoreDumpWithFormat API.

	qemu: add support for virDomainCoreDumpWithFormat API
	This patch makes qemu driver support virDomainCoreDumpWithFormat API.

	qemu: add qemuMonitorGetDumpGuestMemoryCapability
	This patch adds qemuMonitorGetDumpGuestMemoryCapability, which is used to check
	whether the specified dump-guest-memory format is supported by qemu.

	add new virDomainCoreDumpWithFormat API
	--memory-only option is introduced without compression supported. Now qemu
	has support for dumping domain's memory in kdump-compressed format. This
	patch adds a new virDomainCoreDumpWithFormat API, so that the format in
	which qemu dumps domain's memory can be specified.

2014-03-24  Peter Krempa  <pkrempa@redhat.com>

	apparmor: Fix build after split of disk source metadata
	Commit 4f20226664b2d4d9e9496ec1e05c9280581a1ca0 breaks build with
	AppArmor enabled as it missed the refactor to the new accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: prepare to track multiple host source files per <disk>
	It's finally time to start tracking disk backing chains in
	<domain> XML.  The first step is to start refactoring code
	so that we have an object more convenient for representing
	each host source resource in the context of a single guest
	<disk>.  Ultimately, I plan to move the new type into src/util
	where it can be reused by virStorageFile, but to make the
	transition easier to review, this patch just creates the
	new type then fixes everything until it compiles again.

	* src/conf/domain_conf.h (_virDomainDiskDef): Split...
	(_virDomainDiskSourceDef): ...to new struct.
	(virDomainDiskAuthClear): Use new type.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Split...
	(virDomainDiskSourceDefClear): ...to new function.
	(virDomainDiskGetType, virDomainDiskSetType)
	(virDomainDiskGetSource, virDomainDiskSetSource)
	(virDomainDiskGetDriver, virDomainDiskSetDriver)
	(virDomainDiskGetFormat, virDomainDiskSetFormat)
	(virDomainDiskAuthClear, virDomainDiskGetActualType)
	(virDomainDiskDefParseXML, virDomainDiskSourceDefFormat)
	(virDomainDiskDefFormat, virDomainDiskDefForeachPath)
	(virDomainDiskDefGetSecurityLabelDef)
	(virDomainDiskSourceIsBlockType): Adjust all users.
	* src/lxc/lxc_controller.c (virLXCControllerSetupDisk):
	Likewise.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceMknodHelper):
	Likewise.
	* src/qemu/qemu_command.c (qemuAddRBDHost, qemuParseRBDString)
	(qemuParseDriveURIString, qemuParseGlusterString)
	(qemuParseISCSIString, qemuParseNBDString)
	(qemuDomainDiskGetSourceString, qemuBuildDriveStr)
	(qemuBuildCommandLine, qemuParseCommandLineDisk)
	(qemuParseCommandLine): Likewise.
	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuAddISCSIPoolSourceHost, qemuTranslateDiskSourcePool):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUpdateDeviceConfig)
	(qemuDomainPrepareDiskChainElement)
	(qemuDomainSnapshotCreateInactiveExternal)
	(qemuDomainSnapshotPrepareDiskExternalBackingInactive)
	(qemuDomainSnapshotPrepareDiskInternal)
	(qemuDomainSnapshotPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive)
	(qemuDomainBlockPivot, qemuDomainBlockJobImpl)
	(qemuDomainBlockCopy, qemuDomainBlockCommit): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase)
	(qemuProcessInitPasswords): Likewise.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.
	* src/storage/storage_driver.c (virStorageFileInitFromDiskDef):
	Likewise.
	* tests/securityselinuxlabeltest.c (testSELinuxLoadDef):
	Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in xenxs/
	Part of a series of cleanups to use new accessor methods.

	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr)
	(xenFormatSxprDisk, xenFormatSxpr): Use accessors.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk, xenFormatXM):
	Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in xen/
	Part of a series of cleanups to use new accessor methods.

	* src/xen/xend_internal.c (virDomainXMLDevID): Use accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in vmx/
	Part of a series of cleanups to use new accessor methods.

	* src/vmx/vmx.c (virVMXHandleLegacySCSIDiskDriverName)
	(virVMXParseDisk, virVMXFormatDisk, virVMXFormatFloppy): Use
	accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in vmware/
	Part of a series of cleanups to use new accessor methods.

	* src/vmware/vmware_conf.c (vmwareVmxPath): Use accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in vbox/
	Part of a series of cleanups to use new accessor methods.

	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives)
	(vboxDomainAttachDeviceImpl, vboxDomainDetachDevice): Use
	accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in uml/
	Part of a series of cleanups to use new accessor methods.

	* src/uml/uml_conf.c (umlBuildCommandLine): Use accessors.
	* src/uml/uml_driver.c (umlDomainAttachUmlDisk): Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in security/
	Part of a series of cleanups to use new accessor methods.

	* src/security/security_dac.c (virSecurityDACSetSecurityImageLabel)
	(virSecurityDACRestoreSecurityImageLabelInt)
	(virSecurityDACSetSecurityAllLabel): Use accessors.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt)
	(virSecuritySELinuxSetSecurityImageLabel)
	(virSecuritySELinuxSetSecurityAllLabel): Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in qemu/
	Part of a series of cleanups to use new accessor methods.

	* src/qemu/qemu_conf.c (qemuCheckSharedDevice)
	(qemuAddSharedDevice, qemuRemoveSharedDevice, qemuSetUnprivSGIO):
	Use accessors.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainObjCheckDiskTaint, qemuDomainSnapshotForEachQcow2Raw)
	(qemuDomainCheckRemoveOptionalDisk, qemuDomainCheckDiskPresence)
	(qemuDiskChainCheckBroken, qemuDomainDetermineDiskChain):
	Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainCheckEjectableMedia)
	(qemuDomainAttachVirtioDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUSBMassstorageDevice)
	(qemuDomainAttachDeviceDiskLive, qemuDomainRemoveDiskDevice)
	(qemuDomainDetachVirtioDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationStartNBDServer)
	(qemuMigrationDriveMirror, qemuMigrationCancelDriveMirror)
	(qemuMigrationIsSafe): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase)
	(qemuProcessHandleIOError, qemuProcessHandleBlockJob)
	(qemuProcessInitPasswords): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainChangeDiskMediaLive)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in phyp/
	Part of a series of cleanups to use new accessor methods.

	* src/phyp/phyp_driver.c (phypDomainAttachDevice, phypBuildLpar):
	Use accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in parallels/
	Part of a series of cleanups to use new accessor methods.

	* src/parallels/parallels_driver.c (parallelsGetHddInfo)
	(parallelsAddHdd, parallelsApplyDisksParams, parallelsCreateVm):
	Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in lxc/
	Part of a series of cleanups to use new accessor methods.

	* src/lxc/lxc_cgroup.c (virLXCCgroupSetupDeviceACL): Use
	accessors.
	* src/lxc/lxc_controller.c (virLXCControllerSetupLoopDeviceDisk)
	(virLXCControllerSetupNBDDeviceDisk)
	(virLXCControllerSetupLoopDevices, virLXCControllerSetupDisk):
	Likewise.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive)
	(lxcDomainDetachDeviceDiskLive): Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in locking/
	Part of a series of cleanups to use new accessor methods.

	* src/locking/domain_lock.c (virDomainLockManagerAddDisk): Use
	accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in libxl/
	Part of a series of cleanups to use new accessor methods.

	* src/libxl/libxl_conf.c (libxlMakeDisk): Use accessors.
	* src/libxl/libxl_driver.c (libxlDomainChangeEjectableMedia)
	(libxlDomainAttachDeviceDiskLive): Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in esx/
	Part of a series of cleanups to use new accessor methods.

	* src/esx/esx_driver.c (esxAutodetectSCSIControllerModel)
	(esxDomainDefineXML): Use accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in bhyve/
	Part of a series of cleanups to use new accessor methods.

	* src/bhyve/bhyve_command.c (bhyveBuildDiskArgStr)
	(virBhyveProcessBuildLoadCmd): Use accessors.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: use disk source accessors in conf/
	Part of a series of cleanups to use new accessor methods.

	Several places in domain_conf.c still open-code raw field access,
	but that code will be touched later with the diskDef struct split
	so I'm avoiding churn here.

	* src/conf/domain_audit.c (virDomainAuditStart): Use accessors.
	* src/conf/domain_conf.c (virDomainDiskIndexByName)
	(virDomainDiskPathByName, virDomainDiskDefForeachPath)
	(virDomainDiskSourceIsBlockType): Likewise.
	* src/conf/snapshot_conf.c (virDomainSnapshotAlignDisks):
	Likewise.

2014-03-24  Eric Blake  <eblake@redhat.com>

	conf: accessors for common source information
	A future patch will split virDomainDiskDef, in order to track
	multiple host resources per guest <disk>.  To reduce the size
	of that patch, I've factored out the four most common accesses
	into functions, so that I can incrementally upgrade the code
	base to use the accessors, and so that code that doesn't care
	about the distinction of per-file details won't have to be
	changed when the struct changes.

	* src/conf/domain_conf.h (virDomainDiskGetType)
	(virDomainDiskSetType, virDomainDiskGetSource)
	(virDomainDiskSetSource, virDomainDiskGetDriver)
	(virDomainDiskSetDriver, virDomainDiskGetFormat)
	(virDomainDiskSetFormat): New prototypes.
	* src/conf/domain_conf.c (virDomainDiskGetType)
	(virDomainDiskSetType, virDomainDiskGetSource)
	(virDomainDiskSetSource, virDomainDiskGetDriver)
	(virDomainDiskSetDriver, virDomainDiskGetFormat)
	(virDomainDiskSetFormat): Implement them.
	* src/libvirt_private.syms (domain_conf.h): Export them.

2014-03-24  Eric Blake  <eblake@redhat.com>

	vmware: fix parse of disk source
	While writing disk source refactoring, I discovered that conversion
	from XML to vmware modified the disk source in place; if the same
	code is reached twice, the second call behaves differently because
	the first call didn't clean up its mess.

	* src/vmware/vmware_conf.c (vmwareParsePath): Avoid munging input
	string.
	* src/vmware/vmware_conf.h (vmwareParsePath): Make static.

2014-03-24  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetImageIds: Skip <seclabel/> without label
	It's easy to shed the daemon these days. With this XML snippet:

	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/some/dummy/path/test.bin'>
	        <seclabel model='dac' relabel='no'/>
	      </source>
	      <target dev='vdb' bus='virtio'/>
	      <readonly/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
	    </disk>

	I get the SIGSEGV when starting the domain. The thing is, when
	starting a domain, we check for its disk presence. For some reason,
	when determining the disk chain, we parse the <seclabel/> (don't ask
	me why). However, there's no label attribute in the XML, so we end up
	calling virParseOwnershipIds() over NULL string:

	 [Switching to Thread 0x7ffff10c4700 (LWP 30956)]
	 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
	 136     ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.
	 (gdb) bt
	 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:136
	 #1  0x00007ffff749f800 in virParseOwnershipIds (label=0x0, uidPtr=uidPtr@entry=0x7ffff10c2df0, gidPtr=gidPtr@entry=0x7ffff10c2df4) at util/virutil.c:2115
	 #2  0x00007fffe929f006 in qemuDomainGetImageIds (gid=0x7ffff10c2df4, uid=0x7ffff10c2df0, disk=0x7fffe40cb000, vm=0x7fffe40a6410, cfg=0x7fffe409ae00) at qemu/qemu_domain.c:2385
	 #3  qemuDomainDetermineDiskChain (driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, disk=disk@entry=0x7fffe40cb000, force=force@entry=false) at qemu/qemu_domain.c:2414
	 #4  0x00007fffe929f128 in qemuDomainCheckDiskPresence (driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, cold_boot=cold_boot@entry=true) at qemu/qemu_domain.c:2250
	 #5  0x00007fffe92b6fc8 in qemuProcessStart (conn=conn@entry=0x7fffd4000b60, driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, migrateFrom=migrateFrom@entry=0x0, stdin_fd=stdin_fd@entry=-1, stdin_path=stdin_path@entry=0x0, snapshot=snapshot@entry=0x0,
	     vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=flags@entry=1) at qemu/qemu_process.c:3813
	 #6  0x00007fffe93087e8 in qemuDomainObjStart (conn=0x7fffd4000b60, driver=driver@entry=0x7fffe40120e0, vm=vm@entry=0x7fffe40a6410, flags=flags@entry=0) at qemu/qemu_driver.c:6051
	 #7  0x00007fffe9308e32 in qemuDomainCreateWithFlags (dom=0x7fffcc000d50, flags=0) at qemu/qemu_driver.c:6105
	 #8  0x00007ffff753c5cc in virDomainCreate (domain=domain@entry=0x7fffcc000d50) at libvirt.c:8861

2014-03-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add domainCreateWithFlags support
	The only supported flag for now is 'autodestroy'. In order to
	support 'autodestroy', add support for close callbacks.

2014-03-23  Wojciech Macek  <wma@semihalf.com>

	bhyve: MAC address configuration
	Add support for MAC address configuration on network bridge
	interface.

2014-03-21  Chunyan Liu  <cyliu@suse.com>

	libxl_driver.c: cleanup code
	Following Jim's comments about "add pci passthrough to libxl" patch:

	https://www.redhat.com/archives/libvir-list/2014-March/msg00170.html

2014-03-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Introduce virFDStreamOpenPTY
	Add virFDStreamOpenPTY() function which is a wrapper around
	virFDStreamOpenFileInternal() with putting the device it opens into a
	raw mode.

	Make virChrdevOpen() use virFDStreamOpenPTY() for
	VIR_DOMAIN_CHR_TYPE_PTY devices.

	This fixes mangled console output when libvirt runs on FreeBSD as it
	requires device it opens to be placed into a raw mode explicitly.

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Add stubs for virDBusCreateReply{,V}
	Fix the build without dbus.

	Fix build on mingw32
	tests/viriscsitest.c:27:12: error: 'EXIT_AM_SKIP' undeclared
	(first use in this function)

2014-03-21  Chegu Vinod  <chegu_vinod@hp.com>

	libvirt support to force convergence of live guest migration
	Busy enterprise workloads hosted on large sized VM's tend to dirty
	memory faster than the transfer rate achieved via live guest migration.
	Despite some good recent improvements (& using dedicated 10Gig NICs
	between hosts) the live migration may NOT converge.

	Recently support was added in qemu (version 1.6) to allow a user to
	choose if they wish to force convergence of their migration via a
	new migration capability : "auto-converge". This feature allows for qemu
	to auto-detect lack of convergence and trigger a throttle-down of the
	VCPUs.

	This patch includes the libvirt support needed to trigger this
	feature. (Testing is in progress)

2014-03-21  Wang Yufei  <james.wangyufei@huawei.com>

	cgroup: Fix start VMs coincidently failed
	When I start multi VMs coincidently and any of the cgroup directories
	named machine doesn't exist. There's a chance that VM start failed because
	of creating directory failed:
	Unable to initialize /machine cgroup: File exists
	When the errno returned by mkdir in virCgroupMakeGroup is EEXIST,
	we should pass it through and continue to start the VM.

2014-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Allow caller to handle DBus error messages
	The caller may not want all DBus error conditions to be turned
	into libvirt errors, so provide a way for the caller to get
	back the full DBusError object. They can then check the errors
	and only report those that they consider to be fatal.

	Introduce alternate way to encode/decode arrays in DBus messages
	Currently the DBus helper APIs require the values for an array
	to be passed inline in the variadic argument list. This change
	introduces support for passing arrays using a pointer to a plain
	C array of the basic type. This is of particular benefit for
	decoding messages when you don't know how many array elements
	are being received.

	Remove bogus call to dbus_set_error_from_message
	The dbus_connection_send_with_reply_and_block method will
	automatically call dbus_set_error_from_message for us. We
	mistakenly thought we had todo it because of a flaw in the
	systemd unit test mock impl. The latter should have directly
	set the error object, instead of creating an error message
	object.

	Remove bogus unref in virDBusMessageRead
	The virDBusMessageRead method should not have side-effects on
	the message parameter passed in, so unref'ing it is wrong.
	The caller should unref only when they decided they are done
	with it.

	Add DBus helper methods for creating reply messages
	The test suites often have to create DBus method reply messages
	with payloads. Create two helpers for simplifying the process
	of creating replies with payloads.

	Refactor dbus helper methods for method calls
	Split the virDBusMethodCall method into a couple of new methods
	virDBusCall, virDBusCreateMethod and virDBusCreateMethodV.

2014-03-21  Zhou Yimin  <zhouyimin@huawei.com>

	virlog: Modify virLogParseDefaultPriority's comment of return value
	virLogParseDefaultPriority's successful return value is the same as
	virLogSetDefaultPriority's successful return value. So it should be 0
	rather than the parsed log level.

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Fix typo in configure.ac
	s/profram/program/

2014-03-21  Ján Tomko  <jtomko@redhat.com>

	Define ISCSIADM unconditionally
	Commit 5e1d5dd moved the functions using isciadm to util/viriscsi.c,
	but ISCSIADM was only defined when the iscsi backend was compiled in.

	Define it unconditionally to fix the build (and allow testing
	of viriscsi.c) even if iscsi backend is disabled.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	Check boot order on device attach
	https://bugzilla.redhat.com/show_bug.cgi?id=1007754

	When attaching a new device, we need to check if its boot order
	configuration is compatible with current domain definition.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	conf: Introduce virDomainDeviceGetInfo API
	The offset of virDomainDeviceInfo structure within a device definition
	varies with device type and some types do not contain the info structure
	at all. This new API makes it easier to access the info structure from a
	generic virDomainDeviceDef structure.

	Pass action to virDomainDefCompatibleDevice
	When checking compatibility of a device with a domain definition, we
	should know what we're going to do with the device. Because we may need
	to check for different things when we're attaching a new device versus
	detaching an existing device.

	Fix usage of virDomainDefCompatibleDevice
	A device needs to be checked for compatibility with the domain
	definition it corresponds to. Specifically, for VIR_DOMAIN_AFFECT_CONFIG
	case we should check against persistent def rather than active def.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return meaningful error when qemu dies early
	https://bugzilla.redhat.com/show_bug.cgi?id=844378

	When qemu dies early after connecting to its monitor but before we
	actually try to read something from the monitor, we would just fail
	domain start with useless message:

	    "An error occurred, but the cause is unknown"

	This is because the real error gets reported in a monitor EOF handler
	executing within libvirt's event loop.

	The fix is to take any error set in qemuMonitor structure and propagate
	it into the thread-local error when qemuMonitorClose is called and no
	thread-local error is set.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	tests: Set abs_*dir in a consistent way
	Use $(shell cd $(...) && pwd) to set abs_*dir variables similarly to
	what src/Makefile.am does.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: allow filtering events by regex
	When listening for a subset of monitor events, it can be tedious
	to register for each event name in series; nicer is to register
	for multiple events in one go.  Implement a flag to use regex
	interpretation of the event filter.

	While at it, prove how much I hate the shift key, by adding a
	way to filter for 'shutdown' instead of 'SHUTDOWN'. :)

	* include/libvirt/libvirt-qemu.h
	(virConnectDomainQemuMonitorEventRegisterFlags): New enum.
	* src/libvirt-qemu.c (virConnectDomainQemuMonitorEventRegister):
	Document flags.
	* tools/virsh-domain.c (cmdQemuMonitorEvent): Expose them.
	* tools/virsh.pod (qemu-monitor-event): Document this.
	* src/conf/domain_event.c
	(virDomainQemuMonitorEventStateRegisterID): Add flags.
	(virDomainQemuMonitorEventFilter): Handle regex, and optimize
	client side.
	(virDomainQemuMonitorEventCleanup): Clean up regex.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: enable monitor event filtering by name
	Filtering monitor events by name requires tracking the name for
	the duration of the filtering.  In order to free the name, I
	found it easiest to just piggyback on the user's freecb function,
	which gets called when the event is deregistered.

	For events without a name filter, we have the design of multiple
	client registrations sharing a common server registration, because
	the server side uses the same callback function and we reject
	duplicate use of the same function.  But with events in the mix,
	we want to be able to allow the same function pointer to be used
	with more than one event name.  The solution is to tweak the
	duplicate detection code to only act when there is no additional
	filtering; if name filtering is in use, there is exactly one
	client registration per server registration.  Yes, this means
	that there is no longer a bound on the number of server
	registrations possible, so a malicious client could repeatedly
	register for the same name event to exhaust server memory.  On
	the other hand, we already restricted monitor events to require
	write access (compared to normal events only needing read access),
	and separated it into the intentionally unsupported
	libvirt-qemu.so, with documentation that using this function is
	for debug purposes only; so it is not a security risk worth
	worrying about a client trying to abuse multiple registrations.

	* src/conf/domain_event.c (virDomainQemuMonitorEventData): New
	struct.
	(virDomainQemuMonitorEventFilter)
	(virDomainQemuMonitorEventCleanup): New functions.
	(virDomainQemuMonitorEventDispatchFunc)
	(virDomainQemuMonitorEventStateRegisterID): Use new struct.
	* src/conf/object_event.c (virObjectEventCallbackListCount)
	(virObjectEventCallbackListAddID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Drop duplicate detection
	when filtering is in effect.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: enable monitor event reporting
	Wire up all the pieces to send arbitrary qemu events to a
	client using libvirt-qemu.so.  If the extra bookkeeping of
	generating event objects even when no one is listening turns
	out to be noticeable, we can try to further optimize things
	by adding a counter for how many connections are using events,
	and only dump events when the counter is non-zero; but for
	now, I didn't think it was worth the code complexity.

	* src/qemu/qemu_driver.c
	(qemuConnectDomainQemuMonitorEventRegister)
	(qemuConnectDomainQemuMonitorEventDeregister): New functions.
	* src/qemu/qemu_monitor.h (qemuMonitorEmitEvent): New prototype.
	(qemuMonitorDomainEventCallback): New typedef.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONIOProcessEvent):
	Report events.
	* src/qemu/qemu_monitor.c (qemuMonitorEmitEvent): New function, to
	pass events through.
	* src/qemu/qemu_process.c (qemuProcessHandleEvent): Likewise.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: wire up RPC for qemu monitor events
	These are the first async events in the qemu protocol, so this
	patch looks rather big compared to most RPC additions.  However,
	a large majority of this patch is just mechanical copy-and-paste
	from recently-added network events.  It didn't help that this
	is also the first virConnect rather than virDomain prefix
	associated with a qemu-specific API.

	* src/remote/qemu_protocol.x (qemu_*_domain_monitor_event_*): New
	structs and RPC messages.
	* src/rpc/gendispatch.pl: Adjust naming conventions.
	* daemon/libvirtd.h (daemonClientPrivate): Track qemu events.
	* daemon/remote.c (remoteClientFreeFunc): Likewise.
	(remoteRelayDomainQemuMonitorEvent)
	(qemuDispatchConnectDomainMonitorEventRegister)
	(qemuDispatchConnectDomainMonitorEventDeregister): New functions.
	* src/remote/remote_driver.c (qemuEvents): Handle qemu events.
	(doRemoteOpen): Register for events.
	(remoteNetworkBuildEventLifecycle)
	(remoteConnectDomainQemuMonitorEventRegister)
	(remoteConnectDomainQemuMonitorEventDeregister): New functions.
	* src/qemu_protocol-structs: Regenerate.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: create object for qemu monitor events
	Create qemu monitor events as a distinct class to normal domain
	events, because they will be filtered differently.  For ease of
	review, the logic for filtering by event name is saved for a later
	patch.

	* src/conf/domain_event.c (virDomainQemuMonitorEventClass): New
	class.
	(virDomainEventsOnceInit): Register it.
	(virDomainQemuMonitorEventDispose, virDomainQemuMonitorEventNew)
	(virDomainQemuMonitorEventDispatchFunc)
	(virDomainQemuMonitorEventStateRegisterID): New functions.
	* src/conf/domain_event.h (virDomainQemuMonitorEventNew)
	(virDomainQemuMonitorEventStateRegisterID): New prototypes.
	* src/libvirt_private.syms (conf/domain_conf.h): Export them.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: virsh wrapper for qemu events
	Any new API deserves a good virsh wrapper :)

	    qemu-monitor-event [<domain>] [<event>] [--pretty] [--loop] [--timeout <number>]

	Very similar to the previous work on 'virsh event'.  For an
	example session:

	$ virsh -c qemu:///system qemu-monitor-event --event SHUTDOWN&
	$ virsh -c qemu:///system start f18-live
	Domain f18-live started

	$ virsh -c qemu:///system destroy f18-live
	Domain f18-live destroyed

	event SHUTDOWN at 1391212552.026544 for domain f18-live: (null)
	events received: 1

	[1]+  Done                    virsh -c qemu:///system qemu-monitor-event --event SHUTDOWN
	$

	* tools/virsh-domain.c (cmdQemuMonitorEvent): New command.
	* tools/virsh.pod (qemu-monitor-event): Document it.

2014-03-20  Eric Blake  <eblake@redhat.com>

	qemu: new API for tracking arbitrary monitor events
	Several times in the past, qemu has implemented a new event,
	but libvirt has not yet caught up to reporting that event to
	the user applications.  While it is possible to track libvirt
	logs to see that an unknown event was received and ignored,
	it would be nicer to copy what 'virsh qemu-monitor-command'
	does, and expose this information to the end developer as
	one of our unsupported qemu-specific commands.

	If you find yourself needing to use this API for more than
	just development purposes, please ask on the libvirt list
	for a supported counterpart event to be added in libvirt.so.

	While the supported virConnectDomainEventRegisterAny() API
	takes an id which determines the signature of the callback,
	this version takes a string filter and always uses the same
	signature.  Furthermore, I chose to expose this as a new API
	instead of trying to add a new eventID at the top level, in
	part because the generic option lacks event name filtering,
	and in part because the normal domain event namespace should
	not be polluted by a qemu-only event.  I also added a flags
	argument; unused for now, but we might decide to use it to
	allow a user to request event names by glob or regex instead
	of literal match.

	This API intentionally requires full write access (while
	normal event registration is allowed on read-only clients);
	this is in part due to the fact that it should only be used
	by debugging situations, and in part because the design of
	per-event filtering in later patches ended up allowing for
	duplicate registrations that could potentially be abused to
	exhaust server memory - requiring write privileges means
	that such abuse will not serve as a denial of service attack
	against users with higher privileges.

	* include/libvirt/libvirt-qemu.h
	(virConnectDomainQemuMonitorEventCallback)
	(virConnectDomainQemuMonitorEventRegister)
	(virConnectDomainQemuMonitorEventDeregister): New prototypes.
	* src/libvirt-qemu.c (virConnectDomainQemuMonitorEventRegister)
	(virConnectDomainQemuMonitorEventDeregister): New functions.
	* src/libvirt_qemu.syms (LIBVIRT_QEMU_1.2.1): Export them.
	* src/driver.h (virDrvConnectDomainQemuMonitorEventRegister)
	(virDrvConnectDomainQemuMonitorEventDeregister): New callbacks.

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in iscsi storage backend

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Ignore missing files on pool refresh
	If we cannot stat/open a file on pool refresh, returning -1 aborts
	the refresh and the pool is undefined.

	Only treat missing files as fatal unless VolOpenCheckMode is called
	with the VIR_STORAGE_VOL_OPEN_ERROR flag. If this flag is missing
	(when it's called from virStorageBackendProbeTarget in
	virStorageBackendFileSystemRefresh), only emit a warning and return
	-2 to let the caller skip over the file.

	https://bugzilla.redhat.com/show_bug.cgi?id=977706

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Ignore char devices in storage pools by default
	Without this, using /dev/mapper as a directory pool
	fails in virStorageBackendUpdateVolTargetInfoFD:
	cannot seek to end of file '/dev/mapper/control': Illegal seek

	Skip over character devices by default.

	https://bugzilla.redhat.com/show_bug.cgi?id=710866

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Add test for virISCSIScanTargets

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Add test for virISCSIGetSession
	Parse iscsiadm output with and without the recently introduced
	flashnode info. [1]

	This should check that commits like 57e17a7 (fixing [2]) do
	not break iscsiadm output parsing.

	[1] https://github.com/mikechristie/open-iscsi/commit/181af9a
	[2] https://bugzilla.redhat.com/show_bug.cgi?id=1067173

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Move functions using iscsiadm to viriscsi.c
	Remove the 'StorageBackend' from names of the functions and fix
	indentation.

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Remove storage pool from the arguments of a few functions
	virStorageBackendISCSISession only needs the path of the source
	device and virStorageBackendISCSIRescanLUNs doesn't need the pool
	at all.

	This will allow the functions to be moved to src/util.

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Don't create iscsiadm command line in ISCSIPool{Start,Stop}
	Create ISCSIConnection{Login,Logout} wrappers for that.

	Switch virCommandRunRegex to use virStringSplit
	Instead of running the command asynchronously and reading the output
	via fgets, let virCommand collect the output and split it with
	virStringSplit.

	Move virStorageBackendRun to vircommand
	The only storage-specific parameter is the pool object, which
	is only used for passing to the callback function.

	Sort includes in storage_backend_iscsi.c

2014-03-20  Martin Kletzander  <mkletzan@redhat.com>

	Require K&R styled curly braces around function bodies
	Although not explicitly requested, we are using K&R (or Kernel)
	indentation for curly braces around functions in HACKING file and most
	of the code.  Using grep -P, this patch add the syntax-check rule for
	it (while skipping all the false positives with foreach constructs).

	Use K&R style for curly braces in remaining files

	Use K&R style for curly braces in src/vbox/

	Use K&R style for curly braces in src/network/bridge_driver.c

	Use K&R style for curly braces in src/lxc/lxc_driver.c

	Use K&R style for curly braces in src/uml/

	Use K&R style for curly braces in src/test/test_driver.c

	Use K&R style for curly braces in src/nwfilter/

	Use K&R style for curly braces in src/openvz/

	Use K&R style for curly braces in src/storage/

	Use K&R style for curly braces in src/qemu/

	Use K&R style for curly braces in src/conf/

	Use K&R style for curly braces in src/rpc/

	Use K&R style for curly braces in src/util/

	Use K&R style for curly braces in src/xen*/

	Use K&R style for curly braces in tests/

2014-03-20  Scott Sullivan  <ssullivan@liquidweb.com>

	is_selinux_enabled() returns -1 on error, account for this.
	Per the documentation, is_selinux_enabled() returns -1 on error.
	Account for this. Previously when -1 was being returned the condition
	would still be true. I was noticing this because on my system that has
	selinux disabled I was getting this in the libvirt.log every 5
	seconds:

	error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument

	With this patch applied, I no longer get these messages every 5
	seconds. I am submitting this in case its deemed useful for inclusion.
	Anyone have any comments on this change? This is a patch off current
	master.

2014-03-20  Wojciech Macek  <wma@semihalf.com>

	bhyve: host API support
	New functionalities:
	- connectGetMaxVcpus - on bhyve hardcode this value to 16
	- nodeGetFreeMemory - do not use physmem_get on FreeBSD, since
	                      it might get wrong value on systems with
	                      more than 100GB of RAM
	- nodeGetCPUMap - wrapper only for mapping function, currently not
	                  supported by FreeBSD
	- nodeSet/GetMemoryParameters - wrapper only for future improvements,
	                                currently not supported by FreeBSD

2014-03-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix unitialized data in virSocketAddrMask
	The virSocketAddrMask method did not initialize all fields
	in the sockaddr_in6 struct. In paticular the 'sin6_scope_id'
	field could contain random garbage, which would in turn
	affect the result of any later virSocketAddrFormat calls.
	This led to ip6tables rules in the FORWARD chain which
	matched on random garbage sin6_scope_id. Fortunately these
	were ACCEPT rules, so the impact was merely that desired
	traffic was blocked, rather than undesired traffic allowed.

2014-03-20  Ján Tomko  <jtomko@redhat.com>

	Fix virQEMUCapsLoadCache leaks
	Valgrind reported leaking of maxCpus and arch strings from
	virXPathString, as well as the leak of the machineMaxCpus array.

	Don't use 'str' for the strings we don't want to free, to allow
	freeing of 'str' in the cleanup label and free machineMaxCpus
	in virCapsReset too.

2014-03-20  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Enhance documentation for changing NOFILE limit

2014-03-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: move domain event handler to libxl_domain
	Move the domain event handler and shutdown thread out of the main
	driver module and into libxl_domain module

	libxl: include a pointer to the driver in libxlDomainObjPrivate
	Include a pointer to the libxl driver in libxlDomainObjPrivate
	object so it can be used in the domain event handler and
	shutdown thread.

	libxl: move libxlVmStart to libxl_domain
	Move libxlVmStart from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainStart.

	libxl: move libxlFreeMem to libxl_domain
	Move libxlFreeMem from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainFreeMem.

	libxl: move libxlDomainSetVcpuAffinities to libxl_domain
	Move libxlDomainSetVcpuAffinities from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDoNodeGetInfo to libxl_conf
	Move libxlDoNodeGetInfo from libxl_driver to libxl_conf
	for use by other libxl modules.  For consistency, rename to
	libxlDriverNodeGetInfo.

	libxl: move libxlDomainAutoCoreDump to libxl_domain
	Move libxlDomainAutoCoreDump from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDomEventsRegister to libxl_domain
	Move libxlDomEventsRegister from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainEventsRegister.

	libxl: move libxlVmCleanup{,Job} to libxl_domain
	Move libxlVmCleanup and libxlVmCleanupJob from libxl_driver to
	libxl_domain for use by other libxl modules.  For consistency,
	rename to libxlDomainCleanup and libxlDomainCleanupJob.

	libxl: move libxlSaveImageOpen to libxl_domain
	Move libxlSaveImageOpen from libxl_driver to libxl_domain for
	use by other libxl modules.  For consistency, rename to
	libxlDomainSaveImageOpen.

	libxl: move libxlDomainManagedSavePath to libxl_domain
	Move libxlDomainManagedSavePath from libxl_driver to libxl_domain
	for use by other libxl modules.

	libxl: move libxlDomainEventQueue to libxl_domain
	Move libxlDomainEventQueue from libxl_driver to libxl_domain for
	use by other libxl modules.

2014-03-19  Michal Privoznik  <mprivozn@redhat.com>

	virNetClientSetTLSSession: Restore original signal mask
	Currently, we use pthread_sigmask(SIG_BLOCK, ...) prior to calling
	poll(). This is okay, as we don't want poll() to be interrupted.
	However, then - immediately as we fall out from the poll() - we try to
	restore the original sigmask - again using SIG_BLOCK. But as the man
	page says, SIG_BLOCK adds signals to the signal mask:

	SIG_BLOCK
	      The set of blocked signals is the union of the current set and the set argument.

	Therefore, when restoring the original mask, we need to completely
	overwrite the one we set earlier and hence we should be using:

	SIG_SETMASK
	      The set of blocked signals is set to the argument set.

2014-03-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix double free of pointer
	https://bugzilla.redhat.com/show_bug.cgi?id=1071181

	Commit 49b59a15 fixed one problem but masks another one related to pointer
	freeing.

	Avoid putting of the virNWFilterSnoopReq once the thread has been started.
	It belongs to the thread and the thread will call virNWFilterSnoopReqPut() on it.

2014-03-19  Michal Privoznik  <mprivozn@redhat.com>

	domiftune: Reword bandwidth clearing paragraph
	s/of value/value of/

2014-03-19  Eric Blake  <eblake@redhat.com>

	conf: consistent comments about disk enum usage
	Before refactoring this struct, I found it helpful to track which
	'int' fields really contain an enum value.

	* src/conf/domain_conf.h (_virDomainDiskDef): Add comments.

2014-03-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Make sure src/util/virprobe.h is distributed

2014-03-19  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	qemuhotplugtest: Fix mem-leaking testcases
	While running qemuhotplugtest, it was found that valgrind pointed out
	the following memory leak:

	==7906== 5 bytes in 1 blocks are definitely lost in loss record 7 of 121
	==7906==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==7906==    by 0x3E782A754D: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==7906==    by 0x4CDAE03: virDomainDeviceInfoParseXML.isra.32 (domain_conf.c:3685)
	==7906==    by 0x4CE3BB9: virDomainNetDefParseXML (domain_conf.c:6707)
	==7906==    by 0x4CFBA08: virDomainDefParseXML (domain_conf.c:12235)
	==7906==    by 0x4CFBC1E: virDomainDefParseNode (domain_conf.c:13039)
	==7906==    by 0x4CFBD95: virDomainDefParse (domain_conf.c:12981)
	==7906==    by 0x41FEB4: testQemuHotplug (qemuhotplugtest.c:66)
	==7906==    by 0x420F41: virtTestRun (testutils.c:201)
	==7906==    by 0x41F287: mymain (qemuhotplugtest.c:422)
	==7906==    by 0x4216BD: virtTestMain (testutils.c:784)
	==7906==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	...and 10 more.

	Problem is, since 20745748 we do both, parse <alias/> elements from
	XML files and call qemuAssignDeviceAliases(). While generating runtime
	info for domain at runtime is just fine in the test, we can parse just
	inactive XML and remove all <alias/>-es from the XML files.

2014-03-19  Martin Kletzander  <mkletzan@redhat.com>

	build: Fix make distcheck
	I forgot to delete the underscore in object_locking_SOURCES when
	changing the name in one of previous cleanups.

2014-03-19  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix build with old automake
	Ancient automake (such as from RHEL5) does not provide abs_srcdir and
	abs_builddir variables which are used by a recent commit of mine
	(e562e82).

2014-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Add ability to register callback for virCommand dry run
	To allow for fault injection of the virCommand dry run,
	add the ability to register a callback. The callback will
	be passed the argv, env and stdin buffer and is expected
	to return the exit status and optionally fill stdout and
	stderr buffers.

	Change CMD_STOPONERR(1) to use true
	The CMD_STOPONERR macro uses its parameter as a boolean, so should
	be passed true rather than 1.

	Change 'int isTempChain' to bool in nwfilter
	The 'int isTempChain' parameter to various nwfilter methods
	only takes two values so should be a bool type.

	Remove pointless return values in nwfilter methods
	Many nwfilter methods have an int return value but only ever
	return 0 and their callers never check the return value either.
	These methods can all be void.

	Remove 'int stopOnError' parameters in nwfilter methods
	Many nwfilter methods have an 'int stopOnError' parameter but
	with 1 exception, the callers always pass '1'. The parameter
	can therefore be removed from all except one method. That method
	will be changed to 'bool stopOnError'

	Remove pointless brackets around boolean
	A lot of methods have a 'bool incoming' parameter but then
	do  (incoming) ? ... : .... The round brackets here add nothing
	to the code so can be removed.

	Change 'int incoming' to 'bool incoming' in nwfilter code
	Many methods in the nwfilter code have an 'int incoming' parameter
	that only takes 0 or 1, so should use a bool instead.

2014-03-19  Chunyan Liu  <cyliu@suse.com>

	virhostdev.h: remove ATTRIBUTE_NONNULL from oldStateDir
	In libxl driver oldStateDir is NULL when calling
	virHostdevReAttachDomainHostdevs. This is allowed.
	Remove ATTRIBUTE_NONNULL setting from oldStateDir.

	Introduced by commit 6225cb3.

2014-03-18  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix framebuffer port setting for HVM domains
	libxl uses the libxl_vnc_info and libxl_sdl_info fields from the
	hvm union in libxl_domain_build_info struct when generating QEMU
	args for VNC or SDL.  These fields were left unset by the libxl
	driver, causing libxl to ignore any user settings.  E.g. with

	  <graphics type='vnc' port='5950'/>

	port would be ignored and QEMU would instead be invoked with

	  -vnc 127.0.0.1:0,to=99

	Unlike the libxl_domain_config struct, the libxl_domain_build_info
	contains only a single libxl_vnc_info and libxl_sdl_info, so
	populate these fields from the first vfb in
	libxl_domain_config->vfbs.

2014-03-18  Eric Blake  <eblake@redhat.com>

	maint: avoid unbalanced {} across vbox #ifdef
	Emacs is fairly good about navigating across function and scope
	boundaries, provided that the code has balanced {}.  The vbox
	code, however, violated that premise, by splitting 'if () {'
	across several #ifdef branches, but sharing the '} else {...}'
	outside of the branches.  The extra lines of code is worth my
	sanity, in a function that is already a horrendous 1100+ lines
	long.

	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc) Duplicate code
	rather than trying to share else branch across #ifdef.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove global log buffer feature entirely
	A earlier commit changed the global log buffer so that it only
	records messages that are explicitly requested via the log
	filters setting. This removes the performance burden, and
	improves the signal/noise ratio for messages in the global
	buffer. At the same time though, it is somewhat pointless, since
	all the recorded log messages are already going to be sent to an
	explicit log output like syslog, stderr or the journal. The
	global log buffer is thus just duplicating this data on stderr
	upon crash.

	The log_buffer_size config parameter is left in the augeas
	lens to prevent breakage for users on upgrade. It is however
	completely ignored hereafter.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Switch to filtering based on log source name instead of filename
	Currently the log filter strings are used in a string comparison
	against the source filename each time log message is emitted.
	If no log filters at all are set, there's obviously no string
	comparison to be done. If any single log filter is set though,
	this imposes a compute burden on every logging call even if logs
	from the file in question are disabled. This string comparison
	must also be done while the logging mutex is held, which has
	implications for concurrency when multiple threads are emitting
	log messages.

	This changes the log filtering to be done based on the virLogSource
	object name. The virLogSource struct is extended to contain
	'serial' and 'priority' fields. Any time the global log filter
	rules are changed a global serial number is incremented. When a
	log message is emitted, the serial in the virLogSource instance
	is compared with the global serial number. If out of date, then
	the 'priority' field in the virLogSource instance is updated based
	on the new filter rules. The 'priority' field is checked to see
	whether the log message should be sent to the log outputs.

	The comparisons of the 'serial' and 'priority' fields are done
	with no locks held. So in the common case each logging call has
	an overhead of 2 integer comparisons, with no locks held. Only
	if the decision is made to forward the message to the log output,
	or if the 'serial' value is out of date do locks need to be
	acquired.

	Technically the comparisons of the 'serial' and 'priority' fields
	should be done with locks held, or using atomic operations. Both
	of these options have a notable performance impact, however, and
	since all writes a protected by a global mutex, it is believed
	that worst case behaviour where the fields are read concurrently
	with being written would merely result in an mistaken emission
	or dropping of the log message in question. This is an acceptable
	tradeoff for the performance benefit of avoiding locking.

	As a quick benchmark, a demo program that registers 500 file
	descriptors with the event loop (eg equiv of 500 QEMU monitor
	commands), creates pending read I/O on every FD, and then runs
	virEventRunDefaultImpl() took 4.6 seconds to do 51200 iterations.
	After this optimization it only takes 3.3 seconds, with the log
	APIs no longer being a relevant factor in the running time.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Add virLogSource variables to all source files
	Any source file which calls the logging APIs now needs
	to have a VIR_LOG_INIT("source.name") declaration at
	the start of the file. This provides a static variable
	of the virLogSource type.

	Turn virLogSource into a struct instead of an enum
	As part of the goal to get away from doing string matching on
	filenames when deciding whether to emit a log message, turn
	the virLogSource enum into a struct which contains a log
	"name". There will eventually be one virLogSource instance
	statically declared per source file. To minimise churn in this
	commit though, a single global instance is used.

	Move dtrace probe macros into separate header file
	The dtrace probe macros rely on the logging API. We can't make
	the internal.h header include the virlog.h header though since
	that'd be a circular include. Instead simply split the dtrace
	probes into their own header file, since there's no compelling
	reason for them to be in the main internal.h header.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Refactor code that skips logging of error messages
	The error reporting code will invoke a callback when any error
	is raised and the default callback will print to stderr. The
	virRaiseErrorFull method also sends all error messages on to the
	logging code, which also prints to stderr by default. To avoid
	duplicated data on stderr, the logging code has some logic to
	skip emission when no log outputs are configured, which checks
	whether the virLogSource == VIR_LOG_FROM_ERROR.

	Meanwhile the libvirtd daemon can register another callback which
	is used to reduce log message priority from error to a lower level.
	When this is used we do want messages to end up on stderr, so the
	error code will conditionally use either VIR_LOG_FROM_FILE or
	VIR_LOG_FROM_ERROR depending on whether such a callback is provided.

	This will all complicate later refactoring. By pushing the checks
	for whether a log output is present up a level into the error code,
	the special cases can be isolated in one place.

2014-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Reduce performance overhead of the global log buffer
	With the vast number of log debug statements in the code, the
	logging framework has a measurable performance impact on libvirt
	code, particularly in the daemon event loop.

	The global log buffer records every single log message triggered
	whether anyone cares to see them or not. This makes it impossible
	to eliminate the overhead of printf format expansions in any of
	the logging code. It is possible to disable the global log buffer
	in libvirtd itself, but this doesn't help client side library
	code. Also even if disabled by the config file, the existence of
	the feature makes other performance improvements in the logging
	layer impossible.

	Instead of logging every single message to the global buffer, only
	log messages that pass the log filters. This if libvirtd is set
	to have log_filters="1:libvirt 1:qemu" the global log buffer will
	only get filled with those messages instead of everything. This
	reduces the performance burden, as well as improving the signal
	to noise ratio of the log buffer.

	As a quick benchmark, a demo program that registers 500 file
	descriptors with the event loop (eg equiv of 500 QEMU monitor
	commands), creates pending read I/O on every FD, and then runs
	virEventRunDefaultImpl() took 1 minute 40 seconds to do 51200
	iterations with nearly all the time shown against the logging
	code. After this optimization it only takes 4.6 seconds.

2014-03-18  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerNewPostExecRestart: Initialize @max_anonymous_clients
	Coverity spotted a use of possibly undefined variable. If a server is
	restarting as an result of update, the JSON file that keeps current
	value of some variables will not contain the new variables. This is
	the case of @max_anonymous_clients too. We are correctly querying if
	there's "max_anonymous_clients" in the JSON, however, we are not
	setting a sane default if there's none.

	qemuDomainSetInterfaceParameters: Allow bandwidth clear out
	We allow translation from no_bandwidth to has_bandwidth for a vnic.
	However, going in the opposite direction is not implemented. It's not
	limitation of the API rather than internal implementation. The problem
	is, we correctly detect that user hasn't specified any outbound (say
	he wants to clear out outbound). However, this gets overwritten by
	current vnic outbound settings. Then, virNetDevBandwidthSet doesn't
	change anything. We need to stop overwriting the outbound if users
	don't want us to. Same applies for inbound.

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	cfg.mk: Fix whitespaces
	Just to align the backslashes with most of the file.

2014-03-18  Ján Tomko  <jtomko@redhat.com>

	Remove double space in file name comment check
	Reported by Martin Kletzander

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	Don't leave empty first line in C source files
	If there should be some sort of separator it is better to use comment
	with the filename, copyright, description, license information and
	authors.

	Found by:

	git grep -nH '^$' | grep '\.[ch]:1:'

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	Explicitly cast some switch parameters to enum
	This patch is not trying to fix every switch, just the ones I worked
	with last time, because some of these were especially unreadable.
	Covers enums virDomainGraphicsType and virDomainChrType (where
	applicable).

	Also sort its cases by their value.

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	Require spaces around equality comparisons
	Commit a1cbe4b5 added a check for spaces around assignments and this
	patch extends it to checks for spaces around '=='.  One exception is
	virAssertCmpInt where comma after '==' is acceptable (since it is a
	macro and '==' is its argument).

	Remove duplicate network model characters

	tests: cleanup object-locking test
	When ran, cil is throwing out some errors and warnings for obsolete
	'or' unused variables and wrong module name (it should not contain a
	hyphen; hence the rename).

	qemu: agent availability cleanup
	Eliminate all the code re-use which checks for priv->agentError or
	priv->agent.

2014-03-18  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virDomainChrSourceDefClear()
	While running qemuxml2xmltest, it was found that valgrind pointed out
	the following memory leak:

	==21905== 26 bytes in 1 blocks are definitely lost in loss record 23 of 69
	==21905==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==21905==    by 0x3E782A754D: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==21905==    by 0x4CD986D: virDomainChrSourceDefParseXML (domain_conf.c:7233)
	==21905==    by 0x4CE4199: virDomainChrDefParseXML (domain_conf.c:7512)
	==21905==    by 0x4CFAF3F: virDomainDefParseXML (domain_conf.c:12303)
	==21905==    by 0x4CFB46E: virDomainDefParseNode (domain_conf.c:13031)
	==21905==    by 0x4CFB5E9: virDomainDefParse (domain_conf.c:12973)
	==21905==    by 0x41E9D8: testCompareXMLToXMLFiles (qemuxml2xmltest.c:40)
	==21905==    by 0x41EBAA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:93)
	==21905==    by 0x421D21: virtTestRun (testutils.c:199)
	==21905==    by 0x41FCE9: mymain.part.0 (qemuxml2xmltest.c:244)
	==21905==    by 0x42249D: virtTestMain (testutils.c:782)
	==21905==
	... and 7 more

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Prohibit virConnectOpen* functions in virsh
	Addition of vshConnect() makes virConnectOpen() functions obsolete in
	virsh.  Thus all virsh-*.[ch] files should be left only with
	vshConnect() in the case of need.

2014-03-18  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Add keepalive in new vshConnect function
	Introducing keepalive similarly to Guannan around 2 years ago.  Since
	we want to introduce keepalive for every connection, it makes sense to
	wrap the connecting function into new virsh one that can deal
	keepalive as well.

	Function vshConnect() is now used for connecting and keepalive added
	in that function (if possible) helps preventing long waits e.g. while
	nework goes down during migration.

	This patch also adds the options for keepalive tuning into virsh and
	fails connecting only when keepalives are explicitly requested and
	cannot be set (whether it is due to missing support in connected
	driver or remote server).  If not explicitely requested, a debug
	message is printed (hence the addition to virsh-optparse test).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1073506
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=822839

2014-03-17  Felix Geyer  <debfx@fobos.de>

	virt-aa-helper: handle 9pfs
	Make virt-aa-helper create rules to allow VMs access to filesystem
	mounts from the host.

2014-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virDomainSnapshotDiskDefClear()
	While running domainsnapshotxml2xmltest, it was found that valgrind pointed out
	the following memory leak:

	==32176== 42 (32 direct, 10 indirect) bytes in 1 blocks are definitely lost in loss record 42 of 66
	==32176==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==32176==    by 0x4A06B62: realloc (vg_replace_malloc.c:662)
	==32176==    by 0x4C65A07: virReallocN (viralloc.c:243)
	==32176==    by 0x4C65B2E: virExpandN (viralloc.c:292)
	==32176==    by 0x4C65E30: virInsertElementsN (viralloc.c:434)
	==32176==    by 0x4CD71F3: virDomainDiskSourceDefParse (domain_conf.c:5078)
	==32176==    by 0x4CF6EF4: virDomainSnapshotDefParseNode (snapshot_conf.c:151)
	==32176==    by 0x4CF7314: virDomainSnapshotDefParseString (snapshot_conf.c:410)
	==32176==    by 0x41FB8D: testCompareXMLToXMLHelper (domainsnapshotxml2xmltest.c:100)
	==32176==    by 0x420FD1: virtTestRun (testutils.c:199)
	==32176==    by 0x41F859: mymain (domainsnapshotxml2xmltest.c:222)
	==32176==    by 0x42174D: virtTestMain (testutils.c:782)
	==32176==
	... and one more.

2014-03-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: allow to destroy only active domains
	Add a check that domain is active before attempting to destroy it.

2014-03-17  Daniel P. Berrange  <berrange@redhat.com>

	Give virNWFilterVarCombIterNext saner semantics
	The virNWFilterVarCombIterNext method will free its
	parameter when it gets to the end of the iterator.
	This is somewhat misleading design, making it appear
	as if the caller has a memory leak. Remove the free'ing
	of the parameter and ensure that the calling method
	ebiptablesCreateRuleInstanceIterate free's it instead.

	Fix leak on OOM when creating nwfilter rule instances
	The ebiptablesAddRuleInst method would leak an instance
	of ebiptablesRuleInstPtr if it hit OOM when adding it
	to the list of instances. Remove the pointless helper
	method virNWFilterRuleInstAddData and just inline the
	call to VIR_APPEND_ELEMENT and free the instance on
	failure.

	Avoid warning message from libxl driver on non-Xen kernels
	The libxl driver reads /proc/xen/capabilities to see if it
	is on a Dom0 kernel. If that file does not even exist though,
	an error is logged. Check for the file existance before trying
	to read its contents to avoid the log message.

2014-03-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: fix hostbridge device command generation
	Addition of the hostbridge device was mistakenly placed to
	bhyveBuildNetArgStr(). This could result in hostbridge device not being
	added to the commandline if there are no network devices specified, but
	hostbridge device should be added unconditionally.

	Fix by placing it to virBhyveProcessBuildBhyveCmd().

2014-03-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add support for virtio block devices

2014-03-17  Pavel Hrdina  <phrdina@redhat.com>

	Enforce attribute check of the virRegister functions

2014-03-17  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Introduce max_anonymous_clients
	https://bugzilla.redhat.com/show_bug.cgi?id=992980

	This config tunable allows users to determine the maximum number of
	accepted but yet not authenticated users.

2014-03-17  Michal Privoznik  <mprivozn@redhat.com>

	virNetServer: Introduce unauth clients counter
	The counter gets incremented on each unauthenticated client added to the
	server and decremented whenever the client authenticates.

2014-03-17  Michael Chapman  <mike@very.puzzling.org>

	datatypes: Fix comments
	- As of commit 2ff4c137, all virGet*() functions in datatypes.c always
	  return pointers to new objects. Objects are not cached in a
	  per-connection hashtable.

	- Fix variable names in comments for all vir*Dispose() functions in
	  datatypes.c.

	- Add comments for virGetStream(), virStreamDispose(),
	  virGetDomainSnapshot(), virDomainSnapshotDispose().

2014-03-17  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement nodeGetInfo()
	Add bhyveNodeGetInfo() which is a simple wrapper around nodeGetInfo()
	from src/nodeinfo.c.

2014-03-17  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Add parameter to wait for lock in file locking APIs
	Our current pidfile acquire APis (virPidFileAcquire) simply return -1 upon
	failure to acquire a lock. This patch adds a parameter 'bool waitForLock'
	which instructs the APIs if we want to make it block and wait for the lock
	or not.

2014-03-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix mistakes in checking return values
	Thre was a syntax error in checking virRegisterStateDriver in
	the remote driver, and bogus checking of a void return type
	of virDomainConfNWFilterRegister in nwfilter.

2014-03-17  Michael Chapman  <mike@very.puzzling.org>

	spec: move some dirs into appropriate subpackages
	This commit moves a few directories into more appropriate subpackages.
	In a few cases a directory is owned by two subpackages, however this is
	OK as long as the permissions and ownership for the directory are
	consistent between them.

	- %{_sysconfdir}/libvirt/qemu/

	  Used by the qemu and network drivers.

	  When building with separate driver modules, this directory is only
	  owned by l-d-d-network. l-d-d-qemu has a hard dependency on
	  l-d-d-network, which means this directory is created with the
	  correct permissions and ownership, however it's clearer if both
	  subpackages own the directory independently.

	- %{_sysconfdir}/libvirt/nwfilter/

	  Used by the nwfilter driver only.

	  This directory is currently always owned by libvirt-daemon. This
	  commit moves it into l-d-d-nwfilter when building with separate
	  driver modules.

	- %{_localstatedir}/run/libvirt/network/

	  Used by the network and nwfilter drivers.

	  When building without separate driver modules, this directory is
	  should be owned by libvirt-daemon only if either of these drivers
	  are enabled. When building with separate driver modules, this
	  directory should be owned by l-d-d-nwfilter in addition to
	  l-d-d-network.

	- %{_datadir}/libvirt/networks/ and
	  %{_datadir}/libvirt/networks/default.xml

	  Used only by the %post scriptlet in libvirt-daemon-config-network.

2014-03-17  Pavel Hrdina  <phrdina@redhat.com>

	Fix issue found by coverity and cleanup
	Coverity found an issue in lxc_driver and uml_driver that we don't
	check the return value of register functions.

	I've also updated all other places and unify the way we check the
	return value.

2014-03-14  Cole Robinson  <crobinso@redhat.com>

	XMLToNative: Parse XML as INACTIVE
	Right now we are parsing the XML as though it's live, which for example
	will choke on hardcoded XML like:

	  <seclabel type='dynamic' model='selinux' relabel='yes'/>

	Erroring with:

	  $ sudo virsh domxml-to-native qemu-argv f
	  error: XML error: security label is missing

	All drivers are fixed, but only qemu was tested.

2014-03-14  Cole Robinson  <crobinso@redhat.com>

	qemu: XMLToNative: Don't open vhostfd
	Just skip the vhost command line generation, since this won't work if
	attempting to run manually.

	qemu: XMLToNative: Don't show -S
	-S causes qemu to start in the paused state. Since XML2Native is intended
	to generate something that users can run directly, this will trip them up.

2014-03-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	qemu: cleanup tap devices on FreeBSD
	We have to explicitly destroy TAP devices on FreeBSD because
	they're not freed after being closed, otherwise we end up with
	orphaned TAP devices after destroying a domain.

2014-03-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix build with qemu driver disabled
	Do not include test_libvirt_lockd.aug when configured without qemu
	driver.

	https://bugzilla.redhat.com/show_bug.cgi?id=1071777

2014-03-14  John Ferlan  <jferlan@redhat.com>

	openvzRegister: Check for error return
	A recent change to openvz_driver.c caused Coverity to make additional
	comparisons and find that the openvzRegister() was not checking the
	status of virRegisterDriver() call like other callers and thus generated
	a CHECKED_RETURN condition

2014-03-14  Laine Stump  <laine@laine.org>

	build: detect/prohibit hardcoded XML indent in syntax-check
	This rule wouldn't be able to find any case of a hardcoded indent that
	was in the middle of a string, but then virBuffer doesn't add
	indentation in the middle of a string either.

	conf: eliminate hardcoded indentation in all remaining xml
	These last files had such a small change count I just put them into a
	single patch.

	qemu: elminate hardcoded indent in capabilities cache XML

	util: eliminate hardcoded indent in virConnectSysInfo formatting
	This same set of functions is used by the qemu, xen, and lxc drivers'
	connectSysInfo function.

	qemu: eliminate hardcoded indent from migration cookie xml
	This is also never seen by a human.

	virsh: eliminate hardcoded indentation in xml generated for commands
	These are never seen externally, only passed into libvirt APIs, so in
	practice this makes no real difference, but it's good to be
	consistent.

	conf: eliminate hardcoded indent in volume/pool xml
	Again completely mechanical, but a lot of lines.

	conf: eliminate hardcoded indentation in node device xml
	Completely mechanical changes, but there were a lot of lines so I made
	it a separate patch.

	conf: eliminate hardcoded indentation in capabilities xml
	There were a lot of changes here, but all very mechanical. For some
	reason, the virBufferPtr had been named "xml" instead of "buf" in this
	file, so since the indentation changing touched almost every line
	using the buffer, I took this chance to change its name for "buf" for
	consistency with every other file.

	conf: eliminate hardcoded indentation in nwfilter xml
	This file was using multiple virBuffers, inserting the contents of
	buf3 into buf2, then inserting the contents of buf2 into buf1, rather
	than the more conventional method of just passing around a single
	virBufferPtr and streaming everything into that single buffer. This
	was unnecessary, and also made it more difficult to make indentation
	relative, because when you insert a string into a buffer, the
	indentation of the buffer is only applied once at the beginning of the
	string, *not* each time a newline is encountered in the string.

2014-03-14  Laine Stump  <laine@laine.org>

	conf: eliminate outmoded/odd indent method from interface xml
	These format functions needed the ability to be indented by an
	arbitrary amount, but were written before the introduction of
	virBufferAdjustIndent(). They instead used the much more clunky method
	of adding a "level" arg to every format function, and padding with
	spaces using the "%*s" printf format specifier (giving it the level,
	and "", which has the effect of adding level spaces to the output).

	While eliminating the hardcoded indentation in other xml, I decided it
	was finally time to also modernize the interface formatter code to
	make it more consistent.

2014-03-14  Laine Stump  <laine@laine.org>

	conf: eliminate hardcoded indent from network xml
	This was very simple, since the only place that had hardcoded
	indentation was a few items in the network status xml.

	conf: eliminate hardcoded indent from domain snapshot xml
	All leading spaces in domain snapshot xml format functions have been
	replaced with appropriate calls to virBufferAdjustIndent(). This will
	make it easier to call other similarly fixed format functions
	(e.g. domain device format functions).

2014-03-14  Laine Stump  <laine@laine.org>

	conf: eliminate hardcoded indent from domain xml
	Many of the domain xml format functions (including all of the device
	format functions) had hard-coded spaces, which made for incorrect
	indentation when those functions were called in a different context
	(for example, commit 2122cf39 added <interface> XML into the document
	provided to a network hook script, and in this case it should have
	been indented by 2 spaces, but was instead indented by 6 spaces).

	To make it possible to insert a properly indented device anywhere into
	an XML document, this patch removes hardcoded spaces from the
	formatting functions, and calls virBufferAdjustIndent() at appropriate
	places instead. (a regex search of domain_conf.c was done to assure
	that all occurrences of hardcoded spaces were removed).

	virDomainDiskSourceDefFormatInternal() is also called from
	snapshot_conf.c, so two virBufferAdjustIndent() calls were temporarily
	added around that call - those functions will have hardcoded spaces
	removed in a separate patch.

	This could cause some conflicts when backporting future changes to the
	formatting functions to older branches, but fortunately the changes
	are almost all trivial, so conflict resolution will be obvious.

2014-03-13  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add ARP src/dst IP mask for ebtables ARP
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=862887

	Add a netmask for the source and destination IP address for the
	ebtables --arp-ip-src and --arp-ip-dst options. Extend the XML
	parser with support for XML attributes for these netmasks similar
	to already supported netmasks. Extend the documentation.

2014-03-13  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix rule priority problem
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1072292

	Fix a problem related to rule priorities that did not allow to
	have rules applied that had a higher priority than the chain they
	were in. In this case the chain did not exist yet when the rule
	was instantiated. The solution is to adjust the priority of rules
	if the priority of the chain is of higher value. That way the chain
	will be created before the rule.

2014-03-13  Jim Fehlig  <jfehlig@suse.com>

	hostdev: add virObject field to virHostdevManager struct
	Commit 6b306d66 converted virHostdevManager to a virObject, but
	missed adding a virObject field to the virHostdevManager struct.
	Result is memory corruption when taking a reference on an instance
	of the object, where atomic inc is done on the stateDir field.
	Later use of stateDir crashes libvirtd.

2014-03-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu.conf: Mention virtlockd in @lock_manager description
	When I played with virtlockd I was stunned by lacking
	documentation. My frustration got bigger when I had to
	read the patches to get the correct value to set in
	qemu.conf.

	Moreover, from pure libvirt-pride  I'm changing commented
	value from sanlock to lockd. We want to favor our own
	implementation after all.

2014-03-13  Wang Rui  <moon.wangrui@huawei.com>

	hotplug:Fix log mistake in qemuMonitorAddNetdev
	VIR_DEBUG  in qemuMonitorAddNetdev should print vhostfdSize

2014-03-13  Jiri Denemark  <jdenemar@redhat.com>

	Make ABI stability issue easier to debug
	When ABI stability check fails, we only log the error message describing
	the incompatibility. Let's log both XMLs in case of an error to make it
	easier to analyze where and why the stability check failed.

2014-03-13  Osier Yang  <jyang@redhat.com>

	qemu: Forbid "sgio" support for SCSI generic host device
	The kernel didn't support the unprivileged SGIO for SCSI generic
	device finally, and since it's unknow whether the way to support
	unprivileged SGIO for SCSI generic device will be similar as for
	SCSI block device or not, even it's simliar (I.e. via sysfs, for
	SCSI block device, it's /sys/dev/block/8\:0/queue/unpriv_sgio,
	for example), the file name might be different, So it's better not
	guess what it should be like currently.

	This patch removes the related code (mainly about the "shareable"
	checking on the "sgio" setting, it's not supported at all, why
	we leave checking code there? :-), and error out if "sgio" is
	specified in the domain config.

2014-03-13  Martin Kletzander  <mkletzan@redhat.com>

	docs: add VMmanager to web apps
	This is a request for adding a VMmanager application as requested and
	described by Ksenya Phil.

2014-03-13  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Check for control_d string to decide about dom0
	As soon as any guest mounts xenfs to /proc/xen, there is a capabilities
	file in that directory. However it returns nothing when reading from it.
	Change the test to actually check the contents of the file.

	BugLink: http://bugs.launchpad.net/bugs/1248025

2014-03-12  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	vircrypto: fix Invalid write in virCryptoHashString()
	While running vircryptotest, it was found that valgrind pointed out the
	following error:

	==27453== Invalid write of size 1
	==27453==    at 0x4C7D7C9: virCryptoHashString (vircrypto.c:76)
	==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
	==27453==    by 0x402A11: virtTestRun (testutils.c:199)
	==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
	==27453==    by 0x40318D: virtTestMain (testutils.c:782)
	==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27453==  Address 0x51f0541 is 0 bytes after a block of size 65 alloc'd
	==27453==    at 0x4A0577B: calloc (vg_replace_malloc.c:593)
	==27453==    by 0x4C69F2E: virAllocN (viralloc.c:189)
	==27453==    by 0x4C7D76B: virCryptoHashString (vircrypto.c:69)
	==27453==    by 0x401C4E: testCryptoHash (vircryptotest.c:41)
	==27453==    by 0x402A11: virtTestRun (testutils.c:199)
	==27453==    by 0x401AD5: mymain (vircryptotest.c:76)
	==27453==    by 0x40318D: virtTestMain (testutils.c:782)
	==27453==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==27453==

	...and many more.  Two observations: hashstrlen was already set
	to include the trailing NUL byte (so writing to hashstrlen as
	the array offset was indeed writing one byte beyond bounds), and
	VIR_ALLOC_N already guarantees zero-initialization (so we already
	have a trailing NUL without needing to explicitly write one).

2014-03-12  Ján Tomko  <jtomko@redhat.com>

	Fix type mismatch of virNetDev*NetConfig on non-Linux
	Commit b4bbaee changed char* to const char*, but omitted
	the non-Linux version.

2014-03-12  Chunyan Liu  <cyliu@suse.com>

	add pci passthrough to libxl driver
	Add pci passthrough to libxl driver, support attach-device, detach-device and
	start a vm with pci hostdev specified.

	add hostdev pci backend type for xen
	Add VIR_DOMAIN_HOSTDEV_PCI_BACKEND_XEN. For legacy xen, it will use "pciback" as
	stub driver.

	change lxc_hostdev.c to use virhostdev common library APIs

	add unit test for new virhostdev common library
	Add unit test for hostdev common library. Current tests are based on virpcimock.

	Add parameter checks/annotations to hostdev APIs
	Mark many parameters as NONNULL and check for empty list of
	hostdevs.

	add 3 wrapper functions for prepare/reattach/update domain hostdevs

	improve virHostdevUpdate* parameters to make it more widely used
	Changes parameter from vm def to specific hostdevs info and name info, so that
	it could be used more widely, e.g, could be used without full vm def info.

2014-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Capitalize USB, PCI and SCSI in hostdev variables
	Change any variable names with Usb, Pci or Scsi to use
	USB, PCI and SCSI since they are abbreviations.

	Remove redundant duplicated 'Hostdev' string method names
	Some virHostdevXXXX methods included the string Hostdev again
	as a suffix. Change the latter to Device instead.

2014-03-12  Chunyan Liu  <cyliu@suse.com>

	Capitalize USB, PCI and SCSI in hostdev methods
	Change any method names with Usb, Pci or Scsi to use
	USB, PCI and SCSI since they are abbreviations.

2014-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Fixed const-ness of parameters in netdev/hostdev code
	Various methods in virnetdev.c and virhostdev.c were missing
	const-ness for several char * parameters.

2014-03-12  Chunyan Liu  <cyliu@suse.com>

	improve parameter name to let it more meaningful

	move virHostdevNodeDevice* to virhostdev.c

	extract general code of NodeDeviceReset

	extract general code of NodeDeviceReAttach

	extract general code of NodeDeviceDetach

	move virHostdevReAttachHostScsiDevices to virhostdev.c

	pass driver name as parameter to virHostdevReAttachScciHostdevs

	extract general code from qemuDomainReAttachHostScsiDevices
	Extract general code from qemuDomainReAttachHostScsiDevices to
	virHostdevDomainReAttachHostScsiDevices.

	move virHostdevReAttachUsbHostdevs to virhostdev.c

	pass driver name as paramter to virHostdevReAttachUsbHostdevs

	extract general code from qemuDomainReAttachHostUsbDevices
	Extract general code from qemuDomainReAttachHostUsbDevices to
	virHostdevDomainReAttachHostUsbDevices.

	move virHostdevPrepareHostSCSIDevices to virhostdev.c

	pass driver name as parameter to virHostdevPrepareSCSIDevices

	extract general code from qemuPrepareHostSCSIDevices
	Extract general code from qemuPrepareHostSCSIDevices to
	virHostdevPrepareHostSCSIDevices.

	move virHostdevPrepareHostUSBDevices to virhostdev.c

	pass driver name to virHostdevPrepareUSBDevices

	rename qemu*USBDevices to virHostdev*USBDevices

	extract general code from qemuPrepareHostUSBDevices
	Extract general code from qemuPrepareHostUSBDevices to
	virHostdevPrepareHostUSBDevices.

	move virHostdevUpdate* functions to virhostdev.c

	pass driver_name as parameter of virHostdevUpdate*Hostdevs functions

	extract general code from qemuUpdateActiveScsiHostdevs
	Extract general code from qemuUpdateActiveScsiHostdevs to
	virHostdevUpdateActiveScsiHostdevs

	extract general code from qemuUpdateActiveUsbHostdevs
	Extract general code from qemuUpdateActiveUsbHostdevs to
	virHostdevUpdateActiveUsbHostdevs.

	extract general code from qemuUpdateActivePciHostdevs
	Extract general code from qemuUpdateActivePciHostdevs to
	virHostdevUpdateActivePciHostdevs.

	move virHostdevPrepare(ReAttach)PCIDevices to virhostdev.c

2014-03-12  Daniel P. Berrange  <berrange@redhat.com>

	rename qemuReAttachPciDevice to virHostdevReAttachPciDevice

2014-03-12  Chunyan Liu  <cyliu@suse.com>

	Conditionally wait for kvm_assigned_device cleanup
	Only wait for kvm device cleanup if the driver is pci-stub

	pass driver name as a parameter to virHostdevReAttachPCIDevices

	extract general code from qemuDomainReAttachHostdevDevices

	pass driver name as a parameter to virHostdevPrepareHostdevPCIDevices

	rename qemuGet*PciHostDeviceList to virHostdevGet*PciHostDeviceList

	rename qemu*NetConfigRestore/Replace to virHostdevNetConfigRestore/Replace

	extract general code from qemuPrepareHostdevPCIDevices
	Extract general code from qemuPrepareHostdevPCIDevices to
	virHostdevPrepareHostdevPCIDevices.

	qemu_hostdev: move netconfig file location to virhostdev stateDir

	qemu_hostdev: move ColdBoot as a flag
	For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
	specific COLD_BOOT handling to be a flag, and pass it to hostdev functions.

	qemu_hostdev: move cfg->relaxedACS as a flag
	For extracting hostdev codes from qemu_hostdev.c to common library, change qemu
	specific cfg->relaxedACS handling to be a flag, and pass it to hostdev
	functions.

	lxc: use general virhostdev lists instead of its own

	qemu: use general virhostdev lists instead of its own

	qemu: remove functions used internally only from qemu_hostdev.h

	qemu: reuse hostdev interfaces to avoid duplicate
	Same logic of preparing/reattaching hostdevs could be used in attach/detach
	hotplug places, so reuse hostdev interfaces to avoid duplicate, also for later
	extracting general code to common library.

	update qemuPrepareHostUSBDevices parameters to keep consistency
	Update parameters from vm->def to specific name, hostdevs, nhostdevs to keep
	consistentcy with PreparePCIDevices and PrepareSCSIDevices. And, at the same
	time, make it reusable in later patch.

	virhostdev: use virObject to virHostdevManager to keep reference
	Use virObject to virHostdevManager, so that each driver using virHostdevManager
	can keep a reference to it, and through counting refs to make virHostdevManager
	get freed.

2014-03-12  Jiri Denemark  <jdenemar@redhat.com>

	Load CPU map from builddir when run uninstalled
	When libvirtd is run from a build directory without being installed, it
	should not depend on files from a libvirt package installed in the
	system. Not only because there may not be any libvirt installed at all.
	We already do a good job for plugins but cpu_map.xml was still loaded
	from the system.

	The Makefile.am change is necessary to make this all work from VPATH
	builds since libvirtd has no idea where to find libvirt sources. It only
	knows the path from which it was started, i.e, a builddir.

	https://bugzilla.redhat.com/show_bug.cgi?id=1074327

2014-03-12  Ján Tomko  <jtomko@redhat.com>

	Introduce vircommandpriv.h for functions used by tests
	So far it's just virCommandSetDryRun.

2014-03-12  Ján Tomko  <jtomko@redhat.com>

	Use size_t for ndevice in pool source definition
	This allows it to be used by the VIR_*_ELEMENT macros.

	Also use them for parsing the definiton and remove the redundant
	freeing of 'nodeset' before jumping to the cleanup label.

2014-03-12  Ján Tomko  <jtomko@redhat.com>

	Introduce virStoragePoolSourceDeviceClear
	Open-coding one VIR_FREE in the test suite just doesn't seem right.

	Change virStorageBackendISCSISession 'probe' arg to bool
	It quacks like a bool.

2014-03-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add missing goto err_exit in error path
	https://bugzilla.redhat.com/show_bug.cgi?id=1071095

	Add a missing goto err_exit in the error path where an unsupported
	value is assigned to the CTRL_IP_LEARNING key.

2014-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix sec label setup when attaching to QEMU processes
	When attaching to a QEMU process, the def->seclabels array is
	going to be empty. The qemuProcessAttach method must thus
	populate it with data for the security drivers.

2014-03-12  Eric Blake  <eblake@redhat.com>

	qemu: don't munge user input during block commit
	While investigating https://bugzilla.redhat.com/show_bug.cgi?id=1061827
	I noticed that we pass user input unscathed for block-pull, but
	always pass a canonical absolute name through for block-commit.
	[Note that we probably _ought_ to validate that the user's request
	for block-pull actually matches the backing chain, the way we already
	do for block-commit - but that's a separate issue.  Further note that
	the ability to pass user input through unscathed allows backdoors
	such as specifying a backing image that is a network URI such as
	a gluster disk, instead of forcing things to the local file system;
	which is an area still under active investigation on whether libvirt
	needs to behave differently for network disks.]

	Since qemu may write the name that the user passed in as the backing
	file, a user may have a reason to want a relative file name passed
	through to qemu, and always munging things to absolute prevents that.

	Put another way, if you have the backing chain:

	[A] <- [B(back=./A)] <- [C(back=./B)]

	and commit B into A (virsh blockcommit $dom vda --base A --top B),
	the metadata of C will have to be re-written. But should it be
	rewritten as [C(back=./A)] or as [C(back=/path/to/A)]?  Still up in
	the air is whether qemu's decision should be based on whether B
	and/or C had relative paths, or on whether the --base and/or
	--top arguments to the command were relative paths; but if we always
	pass a canonical name, we've prevented the spelling of the command
	arguments from being part of the hueristics that qemu uses.

	I also audited the code, and verified that we never call
	qemuMonitorBlockCommit() with a NULL base, either before or after
	the change to qemu_driver.c.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Preserve user's
	spelling, since absolute vs. relative matters to qemu.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): Base is never
	null.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise.

2014-03-12  Eric Blake  <eblake@redhat.com>

	iptables: don't log command probe failures
	Commit b9dd878f caused a regression in iptables interaction by
	logging non-zero status at a higher level than VIR_INFO.  Revert
	that portion of the commit, as well as adding a comment explaining
	why we check the status ourselves.

	Reported by Nehal J Wani.

	* src/util/viriptables.c (virIpTablesOnceInit): Undo log regression.

2014-03-11  Jim Fehlig  <jfehlig@suse.com>

	libxl: support sexpr in native to XML conversion
	Supporting sexpr in connectDomainXMLFromNative in the libxl driver
	adds flexibility for users importing legacy Xen configuration into
	libvirt.  E.g. this patch allows importing previous xend-managed
	domains from /var/lib/xend/domains/<dom-uuid>/config.sxp into the
	libvirt libxl driver.

2014-03-11  John Ferlan  <jferlan@redhat.com>

	storage: Fix bugs in VIR_APPEND_ELEMENT series
	From commit id 'd53bbfd1'

	Found one core and one possible memory leak. Core seen during local
	virt-test/tp_libvirt run for the vol_create_from test. The memory leak
	was seen by inspection during a review of all VIR_APPEND_ELEMENT changes

	In storage_backend_disk/virStorageBackendDiskMakeDataVol(), the 'vol'
	needs to be kept around since it's used later, so use the _COPY macro.
	This caused a segv in libvirtd:

	Program received signal SIGSEGV, Segmentation fault.
	[Switching to Thread 0x7fffe87c3700 (LWP 6919)]
	virStorageBackendDiskMakeDataVol (vol=0x0, groups=0x7fffc8000d70, pool=0x7fffc8002460) at storage/storage_backend_disk.c:66
	66          if (vol->target.path == NULL) {

	In storage_backend_rbd/virStorageBackendRBDRefreshPool() there's a failure
	path where the 'vol' needs to go through virStorageVolDefFree() since it
	wouldn't be appended.

2014-03-11  Daniel P. Berrange  <berrange@redhat.com>

	Remove broken error reporting in QEMU mac filtering
	The qemu_bridge_filter.c file had some helpers for calling
	the ebtablesXXX functions todo bridge filtering. The only
	thing these helpers did was to overwrite the original error
	message from the ebtables code. For added fun, the callers
	of these helpers overwrote the errors yet again. For even
	more fun, one of the helpers called another helper and
	overwrite its errors too.

	Remove unused ebtablesRemoveForwardPolicyReject method
	The ebtablesRemoveForwardPolicyReject method was unused and
	would not do anything useful even if called.

	Remove worthless ebtRules data structure
	The ebtRules data structure serves no useful purpose as
	the table name is never used and only 1 single chain name
	needs to be stored. Just store the chain name directly
	in the ebtablesContext instead.

	Remove data structure holding list of ebtables rules
	When adding/removing ebtables rules, the code would keep
	an array of all rules in memory. This list of rules was
	never used for any purpose and would be lost if libvirtd
	restarted. Delete all the unused code.

	Remove unused variables from ebtablesContext
	The input_filter and nat_postrouting variables were never
	used to create any firewall rules.

	Make ebtablesForwardPolicyReject static
	The ebtablesForwardPolicyReject method is only used internally
	to the ebtables code and thus should have been static.

	Remove decl of method which doesn't exist in virebtables.h
	There is no impl of the ebtablesSaveRules method and nothing
	attempts to use it.

	Remove many decls from bridge driver platform header
	The bridge_driver_platform.h defines many functions that
	a platform driver must implement. Only two of these
	functions are actually called from the main bridge driver
	code. The remainder can be made internal to the linux
	driver only.

2014-03-11  Daniel P. Berrange  <berrange@redhat.com>

	Cache result of QEMU capabilities extraction
	Extracting capabilities from QEMU takes a notable amount of time
	when all QEMU binaries are installed. Each system emulator
	needs about 200-300ms multiplied by 26 binaries == ~5-8 seconds.

	This change causes the QEMU driver to save an XML file containing
	the content of the virQEMUCaps object instance in the cache
	dir eg /var/cache/libvirt/qemu/capabilities/$SHA256(binarypath).xml
	or $HOME/.cache/libvirt/qemu/cache/capabilities/$SHA256(binarypath).xml

	We attempt to load this and only if it fails, do we fallback to
	probing the QEMU binary. The ctime of the QEMU binary and libvirtd
	are stored in the cached file and its data discarded if either
	of them change.

2014-03-11  Daniel P. Berrange  <berrange@redhat.com>

	Change QEMU capabilities cache to check ctime instead of mtime
	Debian's package manager will preserve mtime timestamp on binaries
	from the time they are built, rather than installed. So if a
	user downgrades their QEMU dpkg, the libvirt capabilities
	cache will not refresh. The fix is to use ctime instead of mtime
	since it cannot be faked.

	Add helper APIs to track if libvirtd or loadable modules have changed
	The future QEMU capabilities cache needs to be able to invalidate
	itself if the libvirtd binary or any loadable modules are changed
	on disk. Record the 'ctime' value for these binaries and provide
	helper APIs to query it. This approach assumes that if libvirt.so
	is changed, then libvirtd will also change, which should usually
	be the case with libtool's wrapper scripts that cause libvirtd to
	get re-linked

2014-03-11  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityDACSetSecurityImageLabel: Unmark @def as unused
	The @def is clearly used just a few lines below. There's no need to use
	ATTRIBUTE_UNUSED for it.

2014-03-11  Jiri Denemark  <jdenemar@redhat.com>

	tests: Distribute securityselinuxhelperdata

2014-03-10  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	BZ1072677: Avoid freeing of 0 file descriptor
	Avoid the freeing of an array of zero file descriptors in case
	of error. Initialize the array to -1 using memset.

2014-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Convert lock driver plugins to use new crypto APIs
	Convert the sanlock and lockd lock driver plugins over to use
	the new virCryptoHashString APIs instead of having their own
	duplicated code.

	Add helper APIs for generating cryptographic hashes
	GNULIB provides APIs for calculating md5 and sha256 hashes,
	but these APIs only return you raw byte arrays. Most users
	in libvirt want the hash in printable string format. Add
	some helper APIs in util/vircrypto.{c,h} for doing this.

2014-03-10  Ján Tomko  <jtomko@redhat.com>

	Change file names in comments to match the files they are in
	Some of these are leftovers from renaming the files, others
	are just typos.

	Also introduce an ugly awk script to enforce this.

2014-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Wildcard ignore tests/*test instead of listing every one
	There is a forever growing list of test cases. It is just
	not worth listing each one individually when a wildcard
	can do the job.

2014-03-10  Michal Privoznik  <mprivozn@redhat.com>

	src/xenxs: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/xen: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/util: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/test: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/storage: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/rpc: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/qemu: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/phyp: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/parallels: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/openvz: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/nwfilter: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

	src/lxc/: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT

2014-03-10  Michal Privoznik  <mprivozn@redhat.com>

	conf: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT
	This fixes a possible double free. In virNetworkAssignDef() if
	virBitmapNew() fails, then virNetworkObjFree(network) is called.
	However, with network->def pointing to actual @def. So if caller
	frees @def again, ...

	Moreover, this fixes one possible memory leak too. In
	virInterfaceAssignDef() if appending to the list of interfaces
	fails, we ought to call virInterfaceObjFree() instead of bare
	VIR_FREE().

	Although, in order to do that some array size variables needs
	to be turned into size_t rather than int.

2014-03-10  Daniel P. Berrange  <berrange@redhat.com>

	Add a mutex to serialize updates to firewall
	The nwfilter conf update mutex previously serialized
	updates to the internal data structures for firewall
	rules, and updates to the firewall itself. The latter
	was recently turned into a read/write lock, and filter
	instantiation allowed to proceed in parallel. It was
	believed that this was ok, since each filter is created
	on a separate iptables/ebtables chain.

	It turns out that there is a subtle lock ordering problem
	on virNWFilterObjPtr instances. __virNWFilterInstantiateFilter
	will hold a lock on the virNWFilterObjPtr it is instantiating.
	This in turn invokes virNWFilterInstantiate which then invokes
	virNWFilterDetermineMissingVarsRec which then invokes
	virNWFilterObjFindByName. This iterates over every single
	virNWFilterObjPtr in the list, locking them and checking their
	name. So if 2 or more threads try to instantiate a filter in
	parallel, they'll all hold 1 lock at the top level in the
	__virNWFilterInstantiateFilter method which will cause the
	other thread to deadlock in virNWFilterObjFindByName.

	The fix is to add an exclusive mutex to serialize the
	execution of __virNWFilterInstantiateFilter.

2014-03-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix locking in virsh console
	vshRunConsole() uses virCondWait() which is a wrapper around
	pthread_cond_wait(). On FreeBSD, pthread_cond_wait needs mutex to be
	locked, otherwise it immediately fails with EPERM. On Linux, the
	behaviour in this case is undefined.

	So lock the mutex before calling virCondWait().

2014-03-10  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Sort options alphabetically
	Man page, help output and also parsing is sorted in order to find
	options smoothly.

2014-03-10  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix SELinux tests in VPATH build

2014-03-07  John Ferlan  <jferlan@redhat.com>

	virscsi: Introduce virSCSIDeviceUsedByInfoFree
	This resolves a Coverity RESOURCE_LEAK issue introduced by commit
	id 'de6fa535' where the virSCSIDeviceSetUsedBy() didn't VIR_FREE
	the 'copy' or possibly VIR_STRDUP()'d values.  It also ensures that
	the VIR_APPEND_ELEMENT is successful...

2014-03-07  Michael Chapman  <mike@very.puzzling.org>

	tests: Test virIdentityGetSystem
	Test it once with SELinux enabled and once with it disabled.

2014-03-07  Michael Chapman  <mike@very.puzzling.org>

	virIdentityGetSystem: don't fail if SELinux is disabled
	If SELinux is compiled into libvirt but it is disabled on the host,
	libvirtd logs:

	  error : virIdentityGetSystem:173 : Unable to lookup SELinux process
	  context: Invalid argument

	on each and every client connection.

	Use is_selinux_enabled() to skip retrieval of the process's SELinux
	context if SELinux is disabled.

2014-03-07  Michael Chapman  <mike@very.puzzling.org>

	tests: SELinux tests do not need to be skipped
	With the previous commit's securityselinuxhelper enhancements, the
	SELinux security manager can be tested even without SELinux enabled on
	the test system.

2014-03-07  Michael Chapman  <mike@very.puzzling.org>

	tests: Flesh out securityselinuxhelper
	Add fake implementations of:

	- is_selinux_enabled
	- security_disable
	- selinux_virtual_domain_context_path
	- selinux_virtual_image_context_path
	- selinux_lxc_contexts_path
	- selabel_open
	- selabel_close
	- selabel_lookup_raw

	The selabel_* functions back onto the real implementations if SELinux is
	enabled on the test system, otherwise we just implement a fake selabel
	handle which errors out on all labelling lookups.

	With these changes in place, securityselinuxtest and
	securityselinuxlabeltest don't need to skip all tests if SELinux isn't
	available; they can exercise much of the security manager code.

2014-03-06  Jiri Denemark  <jdenemar@redhat.com>

	spec: Let translations be properly updated
	Libvirt tarball contains po/stamp-po file which prevents any po/*.gmo
	file to be regenerated even if a corresponding po/*.po file is newer. By
	removing the stamp-po file, all *.gmo files are properly updated if
	required. This allows downstreams to provide patches that update
	translations.

2014-03-06  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Reject unsupported tuning in session mode
	When domain is started with setting that cannot be done, i.e. those
	that require cgroups, there is no error reported and it succeeds
	without any message whatsoever.

	When setting with API, virsh, an error is reported, but only due to
	the fact that no cgroups are mounted (priv->cgroup == NULL).

	Given the above it seems reasonable to reject such unsupported
	settings.

	This patch effectively changes the error message from:

	$ virsh -c qemu:///session schedinfo dummy
	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted

	to:

	$ virsh -c qemu:///session schedinfo dummy
	Scheduler      : Unknown
	error: Operation not supported: CPU tuning is not available in session mode

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1023366

2014-03-06  Michael Chapman  <mike@very.puzzling.org>

	datatypes: update comments of Dispose functions
	As of commit 46ec5f85, the conn.lock mutex does not need to be held
	when calling any vir*Dispose() function in datatypes.c (via virObjectUnref()).

2014-03-05  Eric Blake  <eblake@redhat.com>

	virt-login-shell: silence coverity warning
	Coverity spotted that 'nfdlist' (ssize_t) could be -1, but that we
	were using 'i' (size_t) to iterate over the list at cleanup, with
	crashing results because it promotes to a really big unsigned number.

	* tools/virt-login-shell.c (main): Avoid treating -1 as unsigned.

2014-03-05  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix missing char dev lock path case in configure
	configure check for character devices lock path calls
	AC_DEFINE_UNQUOTED for VIR_CHRDEV_LOCK_FILE_PATH even if
	$with_chrdev_lock_files = "no".

	So the locking code in conf/virchrdev.c:

	 #ifdef VIR_CHRDEV_LOCK_FILE_PATH

	is compiled in even if it shouldn't, because VIR_CHRDEV_LOCK_FILE_PATH
	is defined as "no", so it tries to create lock files with strange
	lock path like 'no/LCK..'.

	Fix that by calling AC_DEFINE_UNQUOTED only if $with_chrdev_lock_files
	is not 'no'.

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Provide more information in generic block job error
	The qemuMonitorJSONBlockJob handles a few errors internally. If qemu
	returns a different error we would report a rather unhelpful message:

	 $ virsh blockpull gluster-job vda --base /dev/null
	 error: internal error: Unexpected error

	As the actual message from qemu contains a bit more info, let's use it
	to report something a little more useful:

	 $ virsh blockpull gluster-job vda --base /dev/null
	 error: internal error: Unexpected error: (GenericError) 'Base '/dev/null' not found'

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	doc: storage: Explicitly state that it's possible to have non-unique key
	With most of our storage backends it's possible to have two separate
	volume keys to point to a single volume. (By creating sym/hard-links to
	local files or by mounting remote filesystems to two different locations
	and creating pools on top of them) Document this possibility.

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Don't lie about path used to look up in error message
	In storageVolLookupByPath the provided path is "sanitized" at first.
	This removes some extra slashes and stuff. When the lookup of the volume
	fails the original path is used which makes it hard to trace errors in
	some cases.

	Improve the error message to print the sanitized path along with the
	user provided path if they are not equal.

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Avoid mangling paths of non-local filesystems when looking up
	When looking up a volume by path on a non-local filesystem don't use the
	"cleaned" path that might be mangled in such a way that it will differ
	from a path provided by a storage backend.

	Skip the cleanup step for gluster, sheepdog and RBD.

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Error out when attempting to vol-upload into a remote pool
	Pools that are not backed by files in the filesystem cause problems with
	some APIs. Error out when attempting to upload a volume in such a pool
	as currently we expect a local file representation for it.

	storage: Use cleanup label instead of out

2014-03-05  Peter Krempa  <pkrempa@redhat.com>

	virsh: volume: Fix lookup of volumes to provide better error messages
	If a user specifies the pool explicitly, we should make sure to point
	out that it's inactive instead of falling back to lookup by key/path and
	failing at the end. Also if the pool isn't found there's no use in
	continuing the lookup.

	This changes the error in case the user-selected pool is inactive from:

	 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
	 error: failed to get vol 'somevolname'
	 error: Storage volume not found: no storage vol with matching path
	 somevolname

	To a more descriptive:

	 $ virsh vol-upload --pool inactivepool --vol somevolname volcontents
	 error: pool 'inactivepool' is not active

	And in case a user specifies an invalid pool from:

	 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
	 error: failed to get pool 'invalidpool'
	 error: failed to get vol 'somevolname', specifying --pool might help
	 error: Storage volume not found: no storage vol with matching path somevolname

	To something less confusing:

	 $ virsh vol-upload --pool invalidpool --vol somevolname volcontents
	 error: failed to get pool 'invalidpool'
	 error: Storage pool not found: no storage pool with matching name 'invalidpool'

2014-03-04  Chunyan Liu  <cyliu@suse.com>

	add virhostdev files to maintain global state of host devices

	add 'driver' info to used_by
	Specify which driver and which domain in used_by area to avoid conflict among
	different drivers.

2014-03-04  Cédric Bosdonnat  <cbosdonnat@suse.com>

	apparmor: handle "none" type

	add support for apparmor in lxc-enter-namespace

	apparmor: add debug traces when changing profile.
	The reason for these is that aa-status doesn't show the process using
	the profile as they are in another namespace.

	Make sure apparmor is started before libvirtd
	If apparmor security driver is enabled in either qemu or lxc
	driver configuration and libvirtd starts before AppArmor, it will fail.

2014-03-04  Cédric Bosdonnat  <cedric.bosdonnat@free.fr>

	LXC driver: generate apparmor profiles for guests
	use_apparmor() was first designed to be called from withing libvirtd,
	but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check
	whether to use apparmor or not: just use it if possible.

2014-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Fix error message and comment when getting cpu info
	In qemuMonitorJSONExtractCPUInfo an error message hinted on missing
	character device data which is wrong.

	Also a comment states that only qemu-kvm tree includes the thread_id
	field. This is no longer true.

2014-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Use better check when reverting external snapshots
	https://bugzilla.redhat.com/show_bug.cgi?id=1071264

	Reverting of external snapshots is not supported currently. The check
	that is present doesn't properly check for all aspects that make a
	snapshot external. Use virDomainSnapshotIsExternal() to do the check.

2014-03-04  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Adapt to new advisory on multiqueue
	As I did previously in 4f588a1b46, libvirt needs to set virtio vectors.
	Previously, we were advised to use vectors=N, where

	N = 2 * (number of queues) + 1

	However, just recently this advisory has changed on the Multiquue wiki
	page [1] to:

	N = 2 * (number of queues) + 2

	1: http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	Check if systemd is running before creating machines
	If systemd is installed, but is not the init system,
	systemd-machined fails with an unhelpful error message:
	Launch helper exited with unknown return code 1

	Currently we only check if the "machine1" service is
	available (in ListActivatableNames).
	Also check if "systemd1" service is registered with DBus
	(ListNames).

	This fixes https://bugs.gentoo.org/show_bug.cgi?id=493246#c22

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	Split out most of virDBusIsServiceEnabled
	Introduce virDBusIsServiceInList which can be used to call other
	methods for listing services (ListNames), not just ListActivatableNames.

	No functional change, fixed the 'Retruns' typo.

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	Don't always skip virportallocatortest
	Include dlfcn.h before checking if RTLD_NEXT is defined

2014-03-04  Martin Kletzander  <mkletzan@redhat.com>

	tests: Create privileged driver config in qemuxml2argvtest
	This is actually a proper setting since we're not checking
	session-mode related XMLs.

2014-03-04  Ján Tomko  <jtomko@redhat.com>

	build: Include sys/wait.h in commandtest.c
	Commit 631923e used a few macros from sys/wait.h without including
	it. On Linux, they were also defined in stdlib.h, but on FreeBSD
	the build failed:

	../../tests/commandtest.c: In function 'test1':
	warning: implicit declaration of function 'WIFEXITED'
	warning: nested extern declaration of 'WIFEXITED' [-Wnested-externs]

2014-03-03  Eric Blake  <eblake@redhat.com>

	build: fix cppi warning
	Jenkins pointed out that the previous commit violates syntax
	check when cppi is installed.

	* src/nwfilter/nwfilter_dhcpsnoop.c (SNOOP_POLL_MAX_TIMEOUT_MS):
	Update indentation.

2014-03-03  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Increase buffer size for libpcap
	Libpcap 1.5 requires a larger buffer than previous pcap versions.
	Adjust the size of the buffer to 128kb.

	This patch should address symptoms in BZ 1071181 and BZ 731059

2014-03-03  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Display the pcap errror message
	Display the pcap error message in the log.

	nwfilter: Cap the poll timeout in the DHCP Snooping code
	Cap the poll timeout in the DHCP Snooping code to a max. of 10 seconds
	to not hold up the libvirt shutdown longer than this.

2014-03-03  Eric Blake  <eblake@redhat.com>

	virsh: report exit status of failed lxc-enter-namespace
	'virsh lxc-enter-namespace' does not have a way to reflect exit
	status to the caller in single-command mode, but we might as well
	at least report the exit status.  Prior to this patch,

	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh 'exit 3'; echo $?
	1

	now it gives some details:

	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh -c 'exit 3'; echo $?
	error: internal error: Child process (31557) unexpected exit status 3
	1

	Also useful:

	$ virsh -c lxc:/// lxc-enter-namespace shell /bin/sh -c 'kill $$'; echo $?
	error: internal error: Child process (31585) unexpected fatal signal 15
	1

	* tools/virsh-domain.c (cmdLxcEnterNamespace): Avoid magic numbers.
	Dispatch any error.
	* tools/virsh.pod: Document that non-zero exit status is collapsed.

2014-03-03  Eric Blake  <eblake@redhat.com>

	virt-login-shell: saner exit value
	virt-login-shell was exiting with status 0, regardless of what the
	wrapped shell returned.  This is unkind to users; we should behave
	more like env(1), nice(1), su(1), and other wrapper programs, by
	preserving the invoked application's status (which includes the
	distinction between death due to signal vs. normal death).

	* tools/virt-login-shell.c (main): Pass through child exit status.
	* tools/virt-login-shell.pod: Document exit status.

2014-03-03  Eric Blake  <eblake@redhat.com>

	virt-login-shell: use single instead of double fork
	Note that 'virsh lxc-enter-namespace' must double-fork, for two
	reasons: some namespaces can only be done from a single thread,
	while virsh is multithreaded; and because virsh can be run in
	batch mode where we must not corrupt the namespace of that
	execution upon return from the subsidiary command.

	When virt-login-shell was first written, it blindly copied from
	'virsh lxc-enter-namespace', including the double-fork.  But
	neither of the reasons for double forking apply to
	virt-login-shell (we are single-threaded, and we have nothing to
	do after the child completes that would require us to preserve a
	namespace), so we can simplify life by using a single fork.
	In turn, this will make it easier for a future patch to pass the
	child's exit status on to the invoking shell.

	In flattening to a single fork, note that closing the fds must
	be done after fork, because the parent process still needs to
	use fds to control the virConnectPtr; meanwhile, chdir can be
	done prior to forking (in fact, it's easier to report errors
	on anything attempted before forking).

	* tools/virt-login-shell.c (main): Single rather than double fork.
	(virLoginShellFini): Delete, by inlining actions instead.

2014-03-03  Eric Blake  <eblake@redhat.com>

	virFork: simplify semantics
	The old semantics of virFork() violates the priciple of good
	usability: it requires the caller to check the pid argument
	after use, *even when virFork returned -1*, in order to properly
	abort a child process that failed setup done immediately after
	fork() - that is, the caller must call _exit() in the child.
	While uses in virfile.c did this correctly, uses in 'virsh
	lxc-enter-namespace' and 'virt-login-shell' would happily return
	from the calling function in both the child and the parent,
	leading to very confusing results. [Thankfully, I found the
	problem by inspection, and can't actually trigger the double
	return on error without an LD_PRELOAD library.]

	It is much better if the semantics of virFork are impossible
	to abuse.  Looking at virFork(), the parent could only ever
	return -1 with a non-negative pid if it misused pthread_sigmask,
	but this never happens.  Up until this patch series, the child
	could return -1 with non-negative pid if it fails to set up
	signals correctly, but we recently fixed that to make the child
	call _exit() at that point instead of forcing the caller to do
	it.  Thus, the return value and contents of the pid argument are
	now redundant (a -1 return now happens only for failure to fork,
	a child 0 return only happens for a successful 0 pid, and a
	parent 0 return only happens for a successful non-zero pid),
	so we might as well return the pid directly rather than an
	integer of whether it succeeded or failed; this is also good
	from the interface design perspective as users are already
	familiar with fork() semantics.

	One last change in this patch: before returning the pid directly,
	I found cases where using virProcessWait unconditionally on a
	cleanup path of a virFork's -1 pid return would be nicer if there
	were a way to avoid it overwriting an earlier message.  While
	such paths are a bit harder to come by with my change to a direct
	pid return, I decided to keep the virProcessWait change in this
	patch.

	* src/util/vircommand.h (virFork): Change signature.
	* src/util/vircommand.c (virFork): Guarantee that child will only
	return on success, to simplify callers.  Return pid rather than
	status, now that the situations are always the same.
	(virExec): Adjust caller, also avoid open-coding process death.
	* src/util/virprocess.c (virProcessWait): Tweak semantics when pid
	is -1.
	(virProcessRunInMountNamespace): Adjust caller.
	* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
	(virDirCreate): Likewise.
	* tools/virt-login-shell.c (main): Likewise.
	* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
	* tests/commandtest.c (test23): Likewise.

2014-03-03  Eric Blake  <eblake@redhat.com>

	util: make it easier to grab only regular command exit
	Auditing all callers of virCommandRun and virCommandWait that
	passed a non-NULL pointer for exit status turned up some
	interesting observations.  Many callers were merely passing
	a pointer to avoid the overall command dying, but without
	caring what the exit status was - but these callers would
	be better off treating a child death by signal as an abnormal
	exit.  Other callers were actually acting on the status, but
	not all of them remembered to filter by WIFEXITED and convert
	with WEXITSTATUS; depending on the platform, this can result
	in a status being reported as 256 times too big.  And among
	those that correctly parse the output, it gets rather verbose.
	Finally, there were the callers that explicitly checked that
	the status was 0, and gave their own message, but with fewer
	details than what virCommand gives for free.

	So the best idea is to move the complexity out of callers and
	into virCommand - by default, we return the actual exit status
	already cleaned through WEXITSTATUS and treat signals as a
	failed command; but the few callers that care can ask for raw
	status and act on it themselves.

	* src/util/vircommand.h (virCommandRawStatus): New prototype.
	* src/libvirt_private.syms (util/command.h): Export it.
	* docs/internals/command.html.in: Document it.
	* src/util/vircommand.c (virCommandRawStatus): New function.
	(virCommandWait): Adjust semantics.
	* tests/commandtest.c (test1): Test it.
	* daemon/remote.c (remoteDispatchAuthPolkit): Adjust callers.
	* src/access/viraccessdriverpolkit.c (virAccessDriverPolkitCheck):
	Likewise.
	* src/fdstream.c (virFDStreamCloseInt): Likewise.
	* src/lxc/lxc_process.c (virLXCProcessStart): Likewise.
	* src/qemu/qemu_command.c (qemuCreateInBridgePortWithHelper):
	Likewise.
	* src/xen/xen_driver.c (xenUnifiedXendProbe): Simplify.
	* tests/reconnect.c (mymain): Likewise.
	* tests/statstest.c (mymain): Likewise.
	* src/bhyve/bhyve_process.c (virBhyveProcessStart)
	(virBhyveProcessStop): Don't overwrite virCommand error.
	* src/libvirt.c (virConnectAuthGainPolkit): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetBarrierLimit)
	(openvzDomainSetBarrierLimit): Likewise.
	* src/util/virebtables.c (virEbTablesOnceInit): Likewise.
	* src/util/viriptables.c (virIpTablesOnceInit): Likewise.
	* src/util/virnetdevveth.c (virNetDevVethCreate): Fix debug
	message.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Add comment.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSINodeUpdate): Likewise.

2014-03-03  Eric Blake  <eblake@redhat.com>

	util: make it easier to grab only regular process exit
	Right now, a caller waiting for a child process either requires
	the child to have status 0, or must use WIFEXITED() and friends
	itself.  But in many cases, we want the middle ground of treating
	fatal signals as an error, and directly accessing the normal exit
	value without having to use WEXITSTATUS(), in order to easily
	detect an expected non-zero exit status.  This adds the middle
	ground to the low-level virProcessWait; the next patch will add
	it to virCommand.

	* src/util/virprocess.h (virProcessWait): Alter signature.
	* src/util/virprocess.c (virProcessWait): Add parameter.
	(virProcessRunInMountNamespace): Adjust caller.
	* src/util/vircommand.c (virCommandWait): Likewise.
	* src/util/virfile.c (virFileAccessibleAs): Likewise.
	* src/lxc/lxc_container.c (lxcContainerHasReboot)
	(lxcContainerAvailable): Likewise.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tools/virt-login-shell.c (main): Likewise.
	* tools/virsh-domain.c (cmdLxcEnterNamespace): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
	* tests/commandtest.c (test23): Likewise.

2014-03-03  Eric Blake  <eblake@redhat.com>

	util: preserve exit status from mount namespace callback
	The documentation of namespace callbacks was inconsistent on whether
	it preserved positive return values.  Now that we have a dedicated
	EXIT_CANCELED to flag all errors before getting to the callback,
	it is possible to use positive return values (not that any of the
	current callers do, but it is better to match the docs).

	Also, while vircommand.c is careful to close fds that a child should
	not have, it's still better to be in the practice of setting
	FD_CLOEXEC up front.

	* src/util/virprocess.c (virProcessRunInMountNamespace): Tweak
	return value to pass back non-zero status.  Avoid leaking pipe fds
	to other threads.
	* src/util/virprocess.h: Fix comment.

2014-03-03  Eric Blake  <eblake@redhat.com>

	util: make it easier to reflect child exit status
	Thanks to namespaces, we have a couple of places in the code
	base that want to reflect a child exit status, including the
	ability to detect death by a signal, back to a grandparent.
	Best to make it a reusable function.

	* src/util/virprocess.h (virProcessExitWithStatus): New prototype.
	* src/libvirt_private.syms (util/virprocess.h): Export it.
	* src/util/virprocess.c (virProcessExitWithStatus): New function.
	* tests/commandtest.c (test23): Test it.

2014-03-03  Eric Blake  <eblake@redhat.com>

	virFork: give specific status on failure prior to exec
	When a child fails without exec'ing, we want a well-known status;
	best is to match what env(1), nice(1), su(1), and other wrapper
	programs do.  This patch adds enum values that later patches will
	use, and sets up virFork as the first client of EXIT_CANCELED
	for errors detected prior to even attempting exec, as well as
	virExec to distinguish between a missing executable vs. a binary
	that cannot be executed.

	This is a slight semantic change in the unlikely case of a child
	process failing to restore its signal mask - we now kill the
	child with a known status instead of relying on the caller to
	notice and do an appropriate _exit().  A subsequent patch will
	make further cleanups based on an audit of all callers.

	* src/internal.h (EXIT_CANCELED, EXIT_CANNOT_INVOKE)
	(EXIT_ENOENT): New enum.
	* src/util/vircommand.c (virFork): Document specific exit value if
	child aborts early.
	(virExec): Distinguish between various exec failures.
	* tests/commandtest.c (test1): Enhance test.
	(test22): New test.

2014-03-03  Eric Blake  <eblake@redhat.com>

	nwfilter: make ignoring non-zero status easier to follow
	While auditing all callers of virCommandRun, I noticed that nwfilter
	code never paid attention to commands with a non-zero status; they
	were merely passing a pointer to avoid spamming the logs with a
	message about commands that might indeed fail.  But proving this
	required chasing through a lot of code; refactoring things to
	localize the decision of whether to ignore non-zero status makes
	it easier to prove that later changes to virFork don't negatively
	affect this code.

	While at it, I also noticed that ebiptablesRemoveRules would
	actually report success if the child process failed for a
	reason other than non-zero status, such as OOM.

	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Change parameter from pointer to bool.
	(ebtablesApplyBasicRules, ebtablesApplyDHCPOnlyRules)
	(ebtablesApplyDropAllRules, ebtablesCleanAll)
	(ebiptablesApplyNewRules, ebiptablesTearNewRules)
	(ebiptablesTearOldRules, ebiptablesAllTeardown)
	(ebiptablesDriverInitWithFirewallD)
	(ebiptablesDriverTestCLITools, ebiptablesDriverProbeStateMatch):
	Adjust all clients.
	(ebiptablesRemoveRules): Likewise, and fix return value on failure.

2014-03-03  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.baseline() handler for arm
	Openstack Nova calls virConnectBaselineCPU() during initialization
	of the instance to get a full list of CPU features.
	This patch adds a stub to arm-specific code to handle
	this request (no actual work is done).

2014-03-03  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	docs: typo fix
	 * drvuml.html.in: (connected) s/toa PTY/to a PTY/

2014-03-03  Ján Tomko  <jtomko@redhat.com>

	Fix indentation in virsystemdmock

	Replace space with a tab in the Makefile
	All the other test_programs in the section use tabs
	and virportallocatortest sticks out with tab width
	other than 8.

	Add a test for virUSBDeviceList functions
	Most of them are already tested in a limited way
	by testing virUSBDeviceFind.

	Add tests for virUSBDeviceFind functions
	Mock the /sys/bus/usb directory and test the finding
	(and not finding) of some USB devices.

2014-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Generate a unique journald log for QEMU capabilities failure
	When probing QEMU capabilities fails for a binary generate a
	log message with MESSAGE_ID==8ae2f3fb-2dbe-498e-8fbd-012d40afa361.

	This can be directly queried from journald based on the UUID
	instead of needing string grep. This lets tools like libguestfs'
	bug reporting tool trivially do automated sanity tests on the
	host they're running on.

	 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361
	 Feb 21 17:11:01 localhost.localdomain lt-libvirtd[9196]:
	 Failed to probe capabilities for /bin/qemu-system-alpha:
	 internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=
	 /home/berrange/src/virt/libvirt/src/.libs PATH=/usr/lib64/
	 ccache:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:
	 /usr/bin:/root/bin HOME=/root USER=root LOGNAME=root
	 /bin/qemu-system-alpha -help) unexpected exit status 127:
	 /bin/qemu-system-alpha: error while loading shared libraries:
	 libglapi.so.0: cannot open shared object file: No such file
	 or directory

	 $ journalctl MESSAGE_ID=8ae2f3fb-2dbe-498e-8fbd-012d40afa361 --output=json
	 { ...snip...
	  "LIBVIRT_SOURCE" : "file",
	  "PRIORITY" : "3",
	  "CODE_FILE" : "qemu/qemu_capabilities.c",
	  "CODE_LINE" : "2770",
	  "CODE_FUNC" : "virQEMUCapsLogProbeFailure",
	  "MESSAGE_ID" : "8ae2f3fb-2dbe-498e-8fbd-012d40afa361",
	  "LIBVIRT_QEMU_BINARY" : "/bin/qemu-system-xtensa",
	  "MESSAGE" : "Failed to probe capabilities for /bin/qemu-system-xtensa:
	   internal error: Child process (LC_ALL=C LD_LIBRARY_PATH=/home/berrange
	   /src/virt/libvirt/src/.libs PATH=/usr/lib64/ccache:/usr/local/sbin:
	   /usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin HOME=/root
	   USER=root LOGNAME=root /bin/qemu-system-xtensa -help) unexpected
	   exit status 127: /bin/qemu-system-xtensa: error while loading shared
	   libraries: libglapi.so.0: cannot open shared object file: No such
	    file or directory\n" }

2014-03-03  Michal Privoznik  <mprivozn@redhat.com>

	Bump version to 1.2.3 for new dev cycle

2014-03-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.2
	- docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localization and merge

2014-03-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add basic documentation

	bhyve: defined domains should be persistent

2014-02-28  Eric Blake  <eblake@redhat.com>

	virsh: add --all flag to 'event' command
	Similar to our event-test demo program, it's nice to be able to
	have a mode where we can sniff all events at once, rather than
	having to spawn multiple virsh in parallel with one for each
	event type.

	(Can I just say our RegisterAny design is lousy?  The fact that
	the majority of our callback pointers have a function signature
	with the opaque data in a different position, and that we have
	to cast the function signature before registering it, makes it
	hard to write a generic callback function; we have to write one
	for every type of event id.  Life would have been easier if we
	had designed the callback as a fixed signature with a void*
	and size parameter, and then allowed the caller to downcast
	the void* to a particular struct for data specific to their
	callback id, where we could have then had a single function
	with a switch statement for each event id, and register that
	one function for all types of events.  It would also be nicer
	if the callback functions knew which callbackID was being used
	when invoking that callback, so that I could use a common data
	structure among all registrations instead of having to create
	an array of one data per callback.  But I really don't want to
	go add yet another event API design.)

	* tools/virsh-domain.c (cmdEvent): Add --all parameter; convert
	all callbacks to support shared counter.
	* tools/virsh.pod (event): Document it.

2014-02-28  Eric Blake  <eblake@redhat.com>

	virsh: support remaining domain events
	Earlier, I added 'virsh event' for lifecycle events, to get the
	concept approved; this patch finishes the support for all other
	events, although the user still has to register for one event
	type at a time.  A future patch may add an --all parameter to
	make it possible to register for all events through a single
	call.

	* tools/virsh-domain.c (vshDomainEventWatchdogToString)
	(vshDomainEventIOErrorToString, vshGraphicsPhaseToString)
	(vshGraphicsAddressToString, vshDomainBlockJobStatusToString)
	(vshDomainEventDiskChangeToString)
	(vshDomainEventTrayChangeToString, vshEventGenericPrint)
	(vshEventRTCChangePrint, vshEventWatchdogPrint)
	(vshEventIOErrorPrint, vshEventGraphicsPrint)
	(vshEventIOErrorReasonPrint, vshEventBlockJobPrint)
	(vshEventDiskChangePrint, vshEventTrayChangePrint)
	(vshEventPMChangePrint, vshEventBalloonChangePrint)
	(vshEventDeviceRemovedPrint): New helper routines.
	(cmdEvent): Support full array of event callbacks.

2014-02-28  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: support domain undefine
	Implement domainUndefine and required helper functions:
	 - domainIsActive
	 - domainIsPersistent

2014-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Add comments describing the different log sources

2014-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Include error domain and code in log messages from errors
	When a virError is raised, pass the error domain and code
	onto the systemd journald using metadata fields.

	This allows error messages to be queried by code eg

	  $ journalctl LIBVIRT_CODE=43

2014-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about use of systemd journal for logging
	Document the various fields that libvirt will emit for
	journal log records.

	Auto-generate the table of contents in logging doc
	The logging doc had a hand-written table of contents
	instead of using the automatic XSL generated one.

	Fix heading level in logging docs
	The logging docs went straight from <h1> to <h3> header level,
	skipping out <h2>.

	Fix journald PRIORITY values
	The systemd journal expects log record PRIORITY values to
	be encoded using the syslog compatible numbering scheme,
	not libvirt's own native numbering scheme. We must therefore
	apply a conversion.

	Send virLogMetadata fields onto the journal
	The systemd journal accepts arbitrary user specified log
	fields. These can be passed into virLogMessage via the
	virLogMetadata structure. Allow up to 5 custom fields to
	be reported by libvirt callers.

2014-02-28  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Enable 'host-passthrough' cpu mode for arm
	This patch allows libvirt user to specify 'host-passthrough'
	cpu mode while using qemu/kvm backend on arm (arm32).
	It uses 'host' as a CPU model name instead of some other stub
	(correct CPU detection is not implemented yet) to allow libvirt
	user to specify 'host-model' cpu mode as well.

2014-02-28  Michal Privoznik  <mprivozn@redhat.com>

	domblkstat: Produce error message that at least sounds like English
	Compare:

	  # virsh domblkstat freebsd hdd
	  error: Failed to get block stats freebsd hdd
	  error: invalid argument: invalid path: hdd

	with:

	  # virsh domblkstat freebsd hdd
	  error: Failed to get block stats for domain 'freebsd' device 'hdd'
	  error: invalid argument: invalid path: hdd

2014-02-28  Michal Privoznik  <mprivozn@redhat.com>

	virDomainBlockStats(Flags): Produce saner error message on empty disk path
	As of 0bd2ccdec an empty disk path for virDomainBlockStats (or the one
	with Flags) is allowed meaning "get me overall summarized statistics".
	However, running 'virsh domblkstat $dom' throws a misleading error:

	  # ./tools/virsh domblkstat dom
	  error: Failed to get block stats dom
	  error: invalid argument: invalid path:

	while after this commit

	  # virsh domblkstat dom
	  error: Operation not supported: summary statistics are not supported yet

2014-02-28  Eric Blake  <eblake@redhat.com>

	tests: avoid littering /tmp
	Running 'make -C tests check TESTS=qemuagenttest' left a directory
	/tmp/libvirt_XXXXXX/ behind.  The culprit was failure to cleanup
	when short-circuiting an expensive test.

	* tests/qemuagenttest.c (testQemuAgentTimeout): Free resources
	when skipping expensive test.

2014-02-27  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Truncate domain names longer than SANLK_NAME_LEN
	Libvirt uses a domain name to fill in owner_name in sanlock_options in
	virLockManagerSanlockAcquire. Unfortunately, owner_name is limited to
	SANLK_NAME_LEN characters (including trailing '\0'), which means domains
	with longer names fail to start when sanlock is enabled. However, we can
	truncate the name when setting owner_name as explained by sanlock's
	author:

	Setting sanlk_options or the owner_name is unnecessary, and has very
	little to no benefit.  If you do provide something in owner_name, it can
	be anything, sanlock doesn't care or use it.

	If you run the command "sanlock status", the output will display a list
	of clients connected to the sanlock daemon.  This client list is
	displayed as "pid owner_name" if the client has provided an owner_name
	via sanlk_options. This debugging output is the only usage of
	owner_name, so its only benefit is to potentially provide a more human
	friendly output for debugging purposes.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: skip virportallocatortest on cygwin
	Cygwin supports <dlfcn.h> and even has limited LD_PRELOAD
	capabilities; but because it does not use ELF binaries it
	cannot support RTLD_NEXT lookups.

	  CC       libvirportallocatormock_la-virportallocatortest.lo
	virportallocatortest.c: In function 'init_syms':
	virportallocatortest.c:47:24: error: 'RTLD_NEXT' undeclared (first use in this function)
	     realsocket = dlsym(RTLD_NEXT, "socket");

	* tests/virportallocatortest.c: Also require RTLD_NEXT.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: ignore cygwin toolchain droppings
	The cygwin compiler automatically creates a '*.exe.manifest'
	companion file for any .exe file that contains a substring
	that would otherwise cause newer Windows to pester users about
	needing admin rights (such as "update", "instal", "setup"...).
	This means that compilation on cygwin left behind
	tests/networkxml2xmlupdatetest.exe.manifest.

	* .gitignore: Ignore manifest files.

2014-02-26  Yuri Chornoivan  <yurchor@ukr.net>

	maint: Fix minor typo (unkown)

2014-02-26  Ian Campbell  <ian.campbell@citrix.com>

	libxl: Recognise ARM architectures
	Only tested on v7 but the v8 equivalent seems pretty obvious.

	XEN_CAP_REGEX already accepts more than it should (e.g. x86_64p or x86_32be)
	but I have stuck with the existing pattern.

	With this I can create a guest from:
	  <domain type='xen'>
	    <name>libvirt-test</name>
	    <uuid>6343998e-9eda-11e3-98f6-77252a7d02f3</uuid>
	    <memory>393216</memory>
	    <currentMemory>393216</currentMemory>
	    <vcpu>1</vcpu>
	    <os>
	      <type arch='armv7l' machine='xenpv'>linux</type>
	      <kernel>/boot/vmlinuz-arm-native</kernel>
	      <cmdline>console=hvc0 earlyprintk debug root=/dev/xvda1</cmdline>
	    </os>
	    <clock offset='utc'/>
	    <on_poweroff>destroy</on_poweroff>
	    <on_reboot>restart</on_reboot>
	    <on_crash>destroy</on_crash>
	    <devices>
	      <disk type='block' device='disk'>
	        <source dev='/dev/marilith-n0/debian-disk'/>
	        <target dev='xvda1'/>
	      </disk>
	      <interface type='bridge'>
	        <mac address='8e:a7:8e:3c:f4:f6'/>
	        <source bridge='xenbr0'/>
	      </interface>
	    </devices>
	  </domain>

	Using virsh create and I can destroy it too.

	Currently virsh console fails with:
	  Connected to domain libvirt-test
	  Escape character is ^]
	  error: internal error: cannot find character device <null>

	I haven't investigated yet.

2014-02-26  Peter Krempa  <pkrempa@redhat.com>

	spec: Fix braces around macros
	In commit 72f7658ba24491672e6b81118f892400916e9404 I've added a few
	macros with bad bracing. Although they work as expected fix them so that
	we use uniform syntax.

2014-02-26  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Honour -q in domblklist, vcpupin and emulatorpin
	If user wants to grep some info from domain, e.g. disk paths:

	    # virsh -q domblklist win7 | awk '{print $2}'
	    Source

	    /var/lib/libvirt/images/windows.qcow2
	    /home/zippy/work/tmp/en_windows_7_professional_x64_dvd_X15-65805.iso

	while with my change:

	    # virsh -q domblklist win7 | awk '{print $2}'
	    /var/lib/libvirt/images/windows.qcow2
	    /home/zippy/work/tmp/en_windows_7_professional_x64_dvd_X15-65805.iso

	We don't print table header in other commands, like list.

2014-02-26  Eric Blake  <eblake@redhat.com>

	spec: make systemd_daemon usage configurable
	On Fedora 20, I added this to my '~/.rpmmacros':

	%_without_udev 1
	%_without_storage_mpath 1
	%_without_storage_disk 1

	and uninstalled systemd-devel (which also removed device-mapper-devel).
	Then I ran 'make rpm', and inspected the results:

	$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
	$

	Then I reinstalled systemd-devel, where I now see:

	$ ldd ~/rpmbuild/BUILD/libvirt-1.2.2/daemon/.libs/libvirtd | grep syst
	  libsystemd-daemon.so.0 => /lib64/libsystemd-daemon.so.0 (0x00007ffb858ba000)
	$

	Oops - the build is non-deterministic, where the final binary
	depends on my build environment.  The fix is to require
	systemd-devel in all situations where the code base uses it.
	Now ~/.rpmmacros can contain "%define _without_systemd_daemon 1"
	to explicitly disable use of the library, but the library is now
	a strict build requirement for normal builds; if systemd-devel
	is not installed, the user now gets an up-front warning:

	$ rpmbuild -ta libvirt-1.2.2.tar.gz
	error: Failed build dependencies:
	       systemd-devel is needed by libvirt-1.2.2-1.fc20.x86_64

	* libvirt.spec.in (with_systemd_daemon): New variable.
	(BuildRequires): Require systemd-devel for more than just udev.
	(%configure): Make choice of systemd_daemon explicit.

2014-02-26  Eric Blake  <eblake@redhat.com>

	spec: require device-mapper-devel for storage-disk
	On Fedora 20, with the following in my ~/.rpmmacros:

	%_without_udev 1
	%_without_storage_mpath 1

	and with device-mapper-devel uninstalled, 'make rpm' fails with:

	checking for libdevmapper.h... no
	configure: error: You must install device-mapper-devel/libdevmapper >= 1.0.0 to compile libvirt
	error: Bad exit status from /var/tmp/rpm-tmp.Wo9pOG (%build)

	This is a rather late point to be issuing an error; better is
	to flag missing packages up front.  The fix is to match the logic
	in configure.ac on when devmapper is required (for both mpath and
	storage).  While at it, rbd storage is not dependent on mpath.
	With this patch applied, I now get:

	$ rpmbuild -ta libvirt-1.2.2.tar.gz
	error: Failed build dependencies:
	       device-mapper-devel is needed by libvirt-1.2.2-1.fc20.x86_64

	until either installing the package or further modifying
	~/.rpmmacros to add "%_without_storage_disk 1".

	* libvirt.spec.in (BuildRequires): Fix build when mpath is
	disabled.

2014-02-26  Eric Blake  <eblake@redhat.com>

	spec: explicitly avoid bhyve on Linux
	Generally, we try to make the spec file tweakable via user
	variables, so that they can select a different subset of sub-rpms
	to build.  We also try to explicitly list all driver config
	options, rather than leaving the chance that the rpm build may be
	non-deterministic based on what the user had installed locally.
	But in the case of the recent bhyve hypervisor driver, there is
	no port of bhyve to Linux, so it is easier to just blindly
	disable it for now.  If someone ever does try to port bhyve to
	Fedora, we can make the spec file conditional at that point.

	* libvirt.spec.in (%configure): Don't try to build bhyve.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: use --with-systemd-daemon as configure option
	Commit 68954fb added a configure option --with-systemd_daemon,
	which violates the conventions of configure files preferring
	dash in all option names.  This fixes it, before we hit a
	release where the tarball is baked with an awkward name.

	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
	(LIBVIRT_CHECK_PKG): Favor - over _ in configure option names.

2014-02-26  Peter Krempa  <pkrempa@redhat.com>

	spec: Use correct versions of libgfapi in RHEL builds
	RHEL still uses the 3.4.0 package of libgfapi and the package is built
	only for x86_64.

2014-02-26  Laine Stump  <laine@laine.org>

	network: unplug bandwidth and call networkRunHook only when appropriate
	According to commit b4e0299d if networkAllocateActualDevice() was
	successful, it will *always* allocate an iface->data.network.actual,
	so we can use this during networkReleaseActualDevice() to know if
	there is really anything to undo. We were properly using this
	information to only decrement the network connections counter if it
	had previously been incremented, but we were unconditionally
	unplugging bandwidth and calling the "unplugged" network hook for
	*all* interfaces (during qemuProcessStop()) whether they had been
	previously plugged or not. This caused problems if a domain failed to
	start at some time prior to all interfaces being allocated. (I
	encountered this when an interface had a bandwidth floor set but no
	inbound QoS).

	This patch changes both the call to networkUnplugBandwidth() and the
	call to networkRunHook() to only be called if there was a previous
	call to "plug" for the same interface.

2014-02-26  Laine Stump  <laine@laine.org>

	network: don't even call networkRunHook if there is no network
	networkAllocateActualDevice() is called for *all* interfaces, not just
	those with type='network'. In that case, it will jump down to its
	validate: label immediately, without allocating anything. After
	validation is done, two counters are potentially updated (one for the
	network, and one for any particular physical device that is chosen),
	and then networkRunHook() is called.

	This patch refactors that code a slight bit so that networkRunHook()
	doesn't get called if netdef is NULL (i.e. type != network) and to
	place the conditional increment of dev->connections inside the "if
	(netdef)" as well - dev can never be non-null if netdef is null
	(because "dev" is the pointer to a device in a network's pool of
	devices), so this doesn't have any functional effect, it just makes
	the code clearer.

2014-02-26  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virSCSIDeviceListDel()
	While running virscsitest, it was found that valgrind pointed out the following
	memory leak:

	==320== 5 bytes in 1 blocks are definitely lost in loss record 4 of 37
	==320==    at 0x4A069EE: malloc (vg_replace_malloc.c:270)
	==320==    by 0x3E6CE81171: strdup (strdup.c:43)
	==320==    by 0x4CB28DF: virStrdup (virstring.c:554)
	==320==    by 0x4CAC987: virSCSIDeviceSetUsedBy (virscsi.c:289)
	==320==    by 0x402321: test2 (virscsitest.c:100)
	==320==    by 0x403231: virtTestRun (testutils.c:199)
	==320==    by 0x402121: mymain (virscsitest.c:180)
	==320==    by 0x4039AD: virtTestMain (testutils.c:782)
	==320==    by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
	==320==

	Introduced by commit fd243fc.

2014-02-26  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevVethCreate: Serialize callers
	Consider dozen of LXC domains, each of them having this type of interface:

	    <interface type='network'>
	      <mac address='52:54:00:a7:05:4b'/>
	      <source network='default'/>
	    </interface>

	When starting these domain in parallel, all workers may meet in
	virNetDevVethCreate() where a race starts. Race over allocating veth
	pairs because allocation requires two steps:

	  1) find first nonexistent '/sys/class/net/vnet%d/'
	  2) run 'ip link add ...' command

	Now consider two threads. Both of them find N as the first unused veth
	index but only one of them succeeds allocating it. The other one fails.
	For such cases, we are running the allocation in a loop with 10 rounds.
	However this is very flaky synchronization. It should be rather used
	when libvirt is competing with other process than when libvirt threads
	fight each other. Therefore, internally we should use mutex to serialize
	callers, and do the allocation in loop (just in case we are competing
	with a different process). By the way we have something similar already
	since 1cf97c87.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: avoid ld_preload tests on mingw
	Running ./autobuild.sh complained during the mingw cross-compile:

	  CC       libvirportallocatormock_la-virportallocatortest.lo
	../../tests/virportallocatortest.c:32:20: fatal error: dlfcn.h: No such file or directory
	 # include <dlfcn.h>
	                    ^
	compilation terminated.  With that fixed, the next failure was:

	  CCLD     qemuxml2argvmock.la
	libtool: link: libtool library `qemuxml2argvmock.la' must begin with `lib'
	libtool: link: Try `libtool --help --mode=link' for more information.

	While we don't need to limit all LD_PRELOAD tests to just Linux, we
	do need to limit them to platforms that actually support loading;
	we also need to avoid building qemu tests when qemu is not enabled.

	* tests/virportallocatortest.c: Make conditional on <dlfcn.h>.
	* tests/Makefile.am (test_libraries): Only build qemu mock library
	when building qemu tests.

2014-02-26  Eric Blake  <eblake@redhat.com>

	build: fix cgroups on non-Linux
	Running ./autobuild.sh detected a mingw failure:

	  CCLD     libvirt.la
	Cannot export virCgroupGetPercpuStats: symbol not defined
	Cannot export virCgroupSetOwner: symbol not defined

	* src/util/vircgroup.c (virCgroupGetPercpuStats)
	(virCgroupSetOwner): Implement stubs.

2014-02-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: queue domain event earlier in shutdown handler
	The shutdown handler may restart a domain when handling a reboot
	event or when <on_*> is set to 'restart'.  Restarting consists of
	calling libxlVmCleanup followed by libxlVmStart.  libxlVmStart will
	emit a VIR_DOMAIN_EVENT_STARTED event, but the SHUTDOWN event is
	not emitted until exiting the shutdown handler, after the STARTED
	event.

	This patch changes the logic a bit to queue the event at the start
	of the shutdown action, ensuring it is queued before any subsequent
	events that may be generated while executing the shutdown action.

2014-02-25  Laine Stump  <laine@laine.org>

	network: include plugged interface XML in "plugged" network hook
	The network hook script gets called whenever an interface is plugged
	into or unplugged from a network, but even though the full XML of both
	the network and the domain is included, there is no reasonable way to
	determine what exact resources the plugged interface is using:

	1) Prior to a recent patch which modified the status XML of interfaces
	to include the information about actual hardware resources used, it
	would be possible to scan through the domain XML output sent to the
	hook, and from there find the correct interface, but that interface
	definition would not include any runtime info (e.g. bandwidth or vlan
	taken from a portgroup, or which physdev was used in case of a macvtap
	network).

	2) After the patch modifying the status XML of interfaces, the network
	name would no longer be included in the domain XML, so it would be
	completely impossible to determine which interface was the one being
	plugged.

	To solve that problem, this patch includes a single <interface>
	element at the beginning of the XML sent to the network hook for
	"plugged" and "unplugged" (just inside <hookData>) that is the status
	XML of the interface being plugged. This XML will include all info
	gathered from the chosen network and portgroup.

	NB: due to hardcoded spaces in all of the device *Format() functions,
	the <interface> element inside the <hookData> will be indented by 6
	spaces rather than 2. I had intended to fix this, but it turns out
	that to make virDomainNetDefFormat() indentation relative, I would
	have to do the same to virDomainDeviceInfoFormat(), and that function
	is called from 19 places - making that a prerequisite of this patch
	would cause too many merge difficulties if we needed to backport
	network hooks, so I chose to ignore the problem here and fix the
	problem for *all* devices in a followup later.

2014-02-25  Laine Stump  <laine@laine.org>

	conf: output actual netdev status in <interface> XML
	Until now, the "live" XML status of an <interface type='network'>
	device would always show the network information, rather than the
	exact hardware device that was used. It would also show the name of
	any portgroup the interface belonged to, rather than providing the
	configuration that was derived from that portgroup. As an example,
	given the following network definition:

	[A]
	  <network>
	    <name>testnet</name>
	    <forward type='bridge' dev='p4p1_0'>
	      <interface dev='p4p1_0'/>
	      <interface dev='p4p1_1'/>
	      <interface dev='p4p1_2'/>
	      <interface dev='p4p1_3'/>
	    </forward>
	    <portgroup name='admin'>
	      <bandwidth>
	          <inbound average='1000' peak='5000' burst='1024'/>
	          <outbound average='128' peak='256' burst='256'/>
	      </bandwidth>
	    </portgroup>
	  </network>

	and the following domain <interface>:

	[B]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	  </interface>

	the output of "virsh dumpxml $domain" while the domain was running
	would yield something like this:

	[C]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>

	In order to learn the exact bandwidth information of the interface, a
	management application would need to retrieve the XML for testnet,
	then search for the portgroup named "admin". Even worse, there was no
	simple and standard way to learn which host physdev the macvtap0
	device is attached to.

	Internally, libvirt has always kept this information in the
	virDomainDef that is held in memory, as well as storing it in the
	(libvirt-internal-only) domain status XML (in
	/var/run/libvirt/qemu/$domain.xml). In order to not confuse the runtime
	"actual state" with the config of the device, it's internally stored
	like this:

	[D]
	  <interface type='network'>
	    <source network='testnet' portgroup='admin'/>
	    <actual type='direct'>
	      <source dev='p4p1_0' mode='bridge'/>
	      <bandwidth>
	          <inbound average='1000' peak='5000' burst='1024'/>
	          <outbound average='128' peak='256' burst='256'/>
	      </bandwidth>
	    </actual>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>

	This was never exposed outside of libvirt though, because I thought it
	would be too awkward for a management application to need to look in
	two places for the same information, but I also wasn't sure that it
	would be okay to overwrite the config info (in this case "<source
	network='testnet' portgroup='admin'/>") with the actual runtime info
	(everything inside <actual> above).

	Now we have a need for this information to be made available to
	management applications (in particular, so that a network "plugged"
	hook will have full information about the device that is being plugged
	in), so it's time to take the leap and decide that it is acceptable
	for the config info to be replaced with actual runtime state (but
	*only* when reporting domain live status, *not* when saving state in
	/var/run/libvirt/qemu/$domain.xml - that remains the same so that
	there is no loss of information). That is what this patch does - once
	applied, the output of "virsh dumpxml $domain" when the domain is
	running will contain something like this:

	[E]
	  <interface type='direct'>
	    <source dev='p4p1_0' mode='bridge'/>
	    <bandwidth>
	        <inbound average='1000' peak='5000' burst='1024'/>
	        <outbound average='128' peak='256' burst='256'/>
	    </bandwidth>
	    <target dev='macvtap0'/>
	    <alias name='net0'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </interface>

	In effect, everything that is internally stored within <actual> is
	moved up a level to where a management application will expect
	it. This means that the management application will only look in a
	single place to learn - the type of interface in use, the name of the
	physdev (if relevant), the <bandwidth>, <vlan>, and <virtualport>
	settings in use.

	The potential downside is that a management app looking at this output
	will not see that the physdev 'p4p1_0' was actually allocated from the
	network named 'testnet', or that the bandwidth numbers were taken from
	the portgroup 'admin'. However, if they are interested in that info,
	they can always get the "inactive" XML for the domain.

	An example of where this could cause problems is in virt-manager's
	network device display, which shows the status of the device, but
	allows you to edit that status info and save it as the new
	config. Previously virt-manager would always display the information
	in example [C] above, and allow editing that. With this patch, it will
	instead display what is in [E] and allow editing it directly, which
	could lead to some confusion. I would suggest that virt-manager have
	an "edit" button which would change the display from the "live" xml to
	the "inactive" xml, so that editing would be done on that; such a
	change would both handle the new situation, and also be compatible
	with older releases.

2014-02-25  Laine Stump  <laine@laine.org>

	conf: new function virDomainActualNetDefContentsFormat
	This function is currently only called from one place, but in a
	subsequent patch will be called from a 2nd place.

	The new function exactly replicates the original behavior of the part
	of virDomainActualNetDefFormat() that it replaces, but takes a
	virDomainNetDefPtr instead of virDomainActualNetDefPtr, and uses the
	virDomainNetGetActual*() functions whenever possible, rather than
	reaching into def->data.network.actual - this is to be sure that we
	are reporting exactly what is being used internally, just in case
	there are any discrepancies (there shouldn't be).

2014-02-25  Laine Stump  <laine@laine.org>

	conf: re-situate <bandwidth> element in <interface>
	This moves the call to virNetDevBandwidthFormat() in
	virDomainNetDefFormat() to be called right after the call to
	virNetDevVPortProfileFormat(), so that a single chunk of that function
	can be placed inside an if that conditionally calls
	virDomainActualNetDefContentsFormat() instead (next patch). The
	re-ordering necessitates modifying a couple of test data files.

	conf: make virDomainNetDefFormat a public function
	We will need to call virDomainNetDefFormat() from the network hook (in
	the network driver).

	conf: handle null pointer in virNetDevVlanFormat
	Other *Format() functions (e.g. virNetDevBandwidthFormat()) return
	with no action when called with a NULL *Def pointer. This makes
	virNetDevVlanFormat() consistent with that behavior.

2014-02-25  Laine Stump  <laine@laine.org>

	conf: clarify what is returned for actual bandwidth and vlan
	In practice, if a virDomainNetDef has a virDomainActualNetDef
	allocated, the ActualNetDef will *always* contain the bandwidth and
	vlan data from the NetDef (unless there was also a portgroup involved
	- see networkAllocateActualDevice()).

	However, virDomainNetGetActual(Bandwidth|Vlan)() were coded to make it
	appear as if it might be possible to have a valid bandwidth/vlan in
	the NetDef, but a NULL in the ActualNetDef. Believing this un-truth
	could lead to writing unnecessarily defensive code when dealing with
	the virDomainGetActual*() functions, so this patch makes it more
	obvious:

	   If there is an ActualNetDef, it will always have a copy of the
	   various appropriate bits from its parent NetDef, and the
	   virDomainGetActual* function will *always* return the data from the
	   ActualNetDef, not from the NetDef.

	The reason for this effective-NOP patch is that a subsequent patch to
	change virDomainNetDefFormat will rely on the above rule.

2014-02-25  Wido den Hollander  <wido@widodh.nl>

	rbd: Set timeout options for librados
	These timeout values make librados/librbd return -ETIMEDOUT when a
	operation is blocking due to a failing/unreachable Ceph cluster.

	By having the operations time out libvirt will not block.

2014-02-25  Wido den Hollander  <wido@widodh.nl>

	rbd: Include return statuses from librados/librbd in logging
	With this information it's easier for the user to debug what is
	going wrong.

2014-02-25  Ján Tomko  <jtomko@redhat.com>

	virsh: mark CPU usage field names as translatable
	My commit ac75801 removed the translation markers when
	moving the field names into an array.

2014-02-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: initialize str to NULL to solve a build issue
	Fix a -Werror=maybe-uninitialized issue.

2014-02-24  Eric Blake  <eblake@redhat.com>

	virsh: kill over-engineered asprintf failure recovery
	I noticed this while shortening switch statements via VIR_ENUM.
	Basically, the only ways virAsprintf can fail are if we pass a
	bogus format string (but we're not THAT bad) or if we run out
	of memory (but it already warns on our behalf in that case).
	Throw away the cruft that tries too hard to diagnose a printf
	failure.

	* tools/virsh-volume.c (cmdVolList): Simplify.
	* tools/virsh-pool.c (cmdPoolList): Likewise.

2014-02-24  Eric Blake  <eblake@redhat.com>

	virsh: use more compact VIR_ENUM_IMPL
	Dan Berrange suggested that using VIR_ENUM_IMPL is more compact
	than open-coding switch statements, and still just as forceful
	at making us remember to update lists if we add enum values
	in the future.  Make this change throughout virsh.

	Sure enough, doing this change caught that we missed at least
	VIR_STORAGE_VOL_NETDIR.

	* tools/virsh-domain-monitor.c (vshDomainIOErrorToString)
	(vshDomainControlStateToString, vshDomainStateToString)
	(vshDomainStateReasonToString): Change switch to enum lookup.
	(cmdDomControl, cmdDominfo): Update caller.
	* tools/virsh-domain.c (vshDomainVcpuStateToString)
	(vshDomainEventToString, vshDomainEventDetailToString): Change
	switch to enum lookup.
	(vshDomainBlockJobToString, vshDomainJobToString): New functions.
	(cmdVcpuinfo, cmdBlockJob, cmdDomjobinfo, cmdEvent): Update
	callers.
	* tools/virsh-network.c (vshNetworkEventToString): Change switch
	to enum lookup.
	* tools/virsh-pool.c (vshStoragePoolStateToString): New function.
	(cmdPoolList, cmdPoolInfo): Update callers.
	* tools/virsh-volume.c (vshVolumeTypeToString): Change switch to
	enum lookup.
	(cmdVolInfo, cmdVolList): Update callers.

2014-02-24  Ján Tomko  <jtomko@redhat.com>

	Document the keyboard as a valid input type
	Commit bc18373 added a new input type, but didn't change the
	documentation.

2014-02-24  Ján Tomko  <jtomko@redhat.com>

	virsh: Don't leak buffer if GetFDs fails in cmdCreate
	Change the logic of the function to return false by default
	and move the freeing of the buffer to the cleanup section.

	https://bugzilla.redhat.com/show_bug.cgi?id=1067338

2014-02-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: handle on_crash coredump actions
	Add support for coredump-{destroy,restart} actions of <on_crash> event.

	libxl: add dump dir to libxlDriverConfig object

2014-02-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: honor domain lifecycle event configuration
	The libxl driver was ignoring the <on_*> domain event configuration,
	causing e.g. a domain to be rebooted even when on_reboot is set to
	destroy.

	This patch honors the <on_*> configuration in the shutdown event
	handler.

2014-02-24  Richard Weinberger  <richard@nod.at>

	Ensure systemd cgroup ownership is delegated to container with userns
	This function is needed for user namespaces, where we need to chmod()
	the cgroup to the initial uid/gid such that systemd is allowed to
	use the cgroup.

2014-02-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: implement node information reporting
	- Implement nodeGetCPUStats using nodeGetCPUStats()
	- Implement nodeGetMemoryStats using nodeGetMemoryStats()

2014-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Add virStringReplace method for substring replacement
	Add a virStringReplace method to virstring.{h,c} to perform
	substring matching and replacement

2014-02-24  Manuel VIVES  <manuel.vives@diateam.net>

	Add virStringSearch method for regex matching
	Add a virStringSearch method to virstring.{c,h} which performs
	a regex match against a string and returns the matching substrings.

2014-02-24  Michal Privoznik  <mprivozn@redhat.com>

	virNetServerRun: Notify systemd that we're accepting clients
	Systemd does not forget about the cases, where client service needs to
	wait for daemon service to initialize and start accepting new clients.
	Setting a dependency in client is not enough as systemd doesn't know
	when the daemon has initialized itself and started accepting new
	clients. However, it offers a mechanism to solve this. The daemon needs
	to call a special systemd function by which the daemon tells "I'm ready
	to accept new clients". This is exactly what we need with
	libvirtd-guests (client) and libvirtd (daemon). So now, with this
	change, libvirt-guests.service is invoked not any sooner than
	libvirtd.service calls the systemd notify function.

	libvirt-guests: Wait for libvirtd to initialize
	I've noticed that in some cases systemd was quick enough and even
	if libvirt-guests.service is marked to be started after the
	libvirtd.service my guests were not resumed as
	libvirt-guests.sh failed to connect. This is because of a
	simple fact: systemd correctly starts libvirt-guests after it
	execs libvirtd. However, the daemon is not able to accept
	connections right from the start. It's doing some
	initialization which may take ages. This problem is not limited
	to systemd only, indeed. Any init system that is able to startup
	services in parallel (e.g. OpenRC) may run into this situation.
	The fix is to try connecting not only once, but continuously a few
	times with a small sleep in between tries.

2014-02-24  Michal Privoznik  <mprivozn@redhat.com>

	virSystemdCreateMachine: Set dependencies for slices
	https://bugzilla.redhat.com/show_bug.cgi?id=1031696

	When creating a new domain, we let systemd know about it by calling
	CreateMachine() function via dbus. Systemd then creates a scope and
	places domain into it. However, later when the host is shutting
	down, systemd computes the shutdown order to see what processes can
	be shut down in parallel. And since we were not setting
	dependencies at all, the slices (and thus domains) were most likely
	killed before libvirt-guests.service. So user domains that had to
	be saved, shut off, whatever were in fact killed.  This problem can
	be solved by letting systemd know that scopes we're creating must
	not be killed before libvirt-guests.service.

2014-02-22  Eric Blake  <eblake@redhat.com>

	build: fix build on 32-bit hosts
	vircgrouptest.c: In function 'testCgroupGetPercpuStats':
	vircgrouptest.c:543: warning: integer constatnt is too large for 'long' type

2014-02-22  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib, for older autoconf
	Based on a report from Pavel Hrdina, gnulib was fixed to support
	AC_PROG_SED even when using ancient autoconf 2.59 of RHEL 5.

	* .gnulib: Update to latest, to fix build on RHEL 5.

2014-02-21  Ján Tomko  <jtomko@redhat.com>

	Ignore additional fields in iscsiadm output
	There has been a new field introduced in iscsiadm --mode session
	output [1], but our regex only expects four fields. This breaks
	startup of iscsi pools:
	error: Failed to start pool iscsi
	error: internal error: cannot find session

	Fix this by ignoring anything after the fourth field.

	https://bugzilla.redhat.com/show_bug.cgi?id=1067173

	[1] https://github.com/mikechristie/open-iscsi/commit/181af9a

2014-02-21  Ján Tomko  <jtomko@redhat.com>

	Add a stub for virCgroupGetDomainTotalCpuStats
	Commit 6515889 broke the build on FreeBSD:
	In function `qemuDomainGetCPUStats':
	/../../src/qemu/qemu_driver.c:16102:
	undefined reference to `virCgroupGetDomainTotalCpuStats'

2014-02-21  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among other things, gnulib now allows overriding of sed during
	'make syntax-check'.

	* .gnulib: Update to latest, for maint.mk improvements.

2014-02-21  Eric Blake  <eblake@redhat.com>

	virsh: add net-event command
	Add 'virsh net-event --list' and 'virsh net-event [net] --event=name
	[--loop] [--timeout]'.  Very similar to 'virsh event'.

	* tools/virsh.pod (net-event): Document new command.
	* tools/virsh-network.c (vshNetworkEventToString, vshNetEventData)
	(vshEventLifecyclePrint, cmdNetworkEvent): New struct and
	functions.

2014-02-21  Eric Blake  <eblake@redhat.com>

	virsh: add event command, for lifecycle events
	Add 'virsh event --list' and 'virsh event [dom] --event=name
	[--loop] [--timeout]'.  Borrows somewhat from event-test.c,
	but defaults to a one-shot notification, and takes advantage
	of the event loop integration to allow Ctrl-C to interrupt the
	wait for an event.  For now, this just does lifecycle events.

	* tools/virsh.pod (event): Document new command.
	* tools/virsh-domain.c (vshDomainEventToString)
	(vshDomainEventDetailToString, vshDomEventData)
	(vshEventLifecyclePrint, cmdEvent): New struct and functions.

2014-02-21  Eric Blake  <eblake@redhat.com>

	virsh: common code for waiting for an event
	I plan to add 'virsh event' to virsh-domain.c and 'virsh
	net-event' to virsh-network.c; but as they will share quite
	a bit of common boilerplate, it's better to set that up now
	in virsh.c.

	* tools/virsh.h (_vshControl): Add fields.
	(vshEventStart, vshEventWait, vshEventDone, vshEventCleanup): New
	prototypes.
	* tools/virsh.c (vshEventFd, vshEventOldAction, vshEventInt)
	(vshEventTimeout): New helper variables and functions.
	(vshEventStart, vshEventWait, vshEventDone, vshEventCleanup):
	Implement new functions.
	(vshInit, vshDeinit, main): Manage event timeout.

2014-02-21  Eric Blake  <eblake@redhat.com>

	virsh: common code for parsing --seconds
	Several virsh commands ask for a --timeout parameter in
	seconds, then use it to control interfaces that operate on
	millisecond limits; I also plan on adding a 'virsh event'
	command that also does this.  Factor this into a common
	function.

	* tools/virsh.h (vshCommandOptTimeoutToMs): New prototype.
	* tools/virsh.c (vshCommandOptTimeoutToMs): New function.
	* tools/virsh-domain.c (cmdBlockCommit, cmdBlockCopy)
	(cmdBlockPull, cmdMigrate): Use it.
	(vshWatchJob): Adjust timeout scale.

2014-02-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: queue shutdown event on domain shutdown
	Emit libvirt shutdown event when receiving LIBXL_SHUTDOWN_REASON_POWEROFF
	event from libxl.

2014-02-20  John Ferlan  <jferlan@redhat.com>

	bandwidth: Adjust documentation
	Recent autotest/virt-test testing on f20 discovered an anomaly in how
	the bandwidth options are documented and used. This was discovered due
	to a bug fix in the /sbin/tc utility found in iproute-3.11.0.1 (on f20)
	in which overflow was actually caught and returned as an error. The fix
	was first introduced in iproute-3.10 (search on iproute2 commit 'a303853e').

	The autotest/virt-test test for virsh domiftune was attempting to send
	the largest unsigned integer value (4294967295) for maximum value
	testing. The libvirt xml implementation was designed to manage values
	in kilobytes thus when this value was passed to /sbin/tc, it (now)
	properly rejected the 4294967295kbps value.

	Investigation of the problem discovered that formatdomain.html.in and
	formatnetwork.html.in described the elements and property types slightly
	differently, although they use the same code - virNetDevBandwidthParseRate()
	(shared by portgroups, domains, and networks xml parsers). Rather than
	have the descriptions in two places, this patch will combine and reword
	the description under formatnetwork.html.in and have formatdomain.html.in
	link to that description.

	This documentation faux pas was continued into the virsh man page where
	the bandwidth description for both 'attach-interface' and 'domiftune'
	did not indicate the format of each value, thus leading to the test using
	largest unsigned integer value assuming "bps" rather than "kbps", which
	ultimately was wrong.

2014-02-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: always use libxlVmCleanupJob in shutdown thread
	Commit e4a0e900 missed calling libxlVmCleanupJob in the shutdown
	handler when processing a reboot event.

2014-02-20  Eric Blake  <eblake@redhat.com>

	qemu: adjust maxmem/maxvcpu computation
	https://bugzilla.redhat.com/show_bug.cgi?id=1038363

	If a domain has a different maximum for persistent and live maxmem
	or max vcpus, then it is possible to hit cases where libvirt
	refuses to adjust the current values or gets halfway through
	the adjustment before failing.  Better is to determine up front
	if the change is possible for all requested flags.

	Based on an idea by Geoff Franks.

	* src/qemu/qemu_driver.c (qemuDomainSetMemoryFlags): Compute
	correct maximum if both live and config are being set.
	(qemuDomainSetVcpusFlags): Likewise.

2014-02-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Add Roman Bogorodskiy to the committers list

2014-02-20  Daniel P. Berrange  <berrange@redhat.com>

	Rename virDomainGetRootFilesystem to virDomainGetFilesystemForTarget
	The virDomainGetRootFilesystem method can be generalized to allow
	any filesystem path to be obtained.

	While doing this, start a new test case for purpose of testing various
	helper methods in the domain_conf.{c,h} files, such as this one.

2014-02-20  Daniel P. Berrange  <berrange@redhat.com>

	Introduce new OOM testing support
	The previous OOM testing support would re-run the entire "main"
	method each iteration, failing a different malloc each time.
	When a test suite has 'n' allocations, the number of repeats
	requires is  (n * (n + 1) ) / 2.  This gets very large, very
	quickly.

	This new OOM testing support instead integrates at the
	virtTestRun level, so each individual test case gets repeated,
	instead of the entire test suite. This means the values of
	'n' are orders of magnitude smaller.

	The simple usage is

	   $ VIR_TEST_OOM=1 ./qemuxml2argvtest
	   ...
	   29) QEMU XML-2-ARGV clock-utc                                         ... OK
	       Test OOM for nalloc=36 .................................... OK
	   30) QEMU XML-2-ARGV clock-localtime                                   ... OK
	       Test OOM for nalloc=36 .................................... OK
	   31) QEMU XML-2-ARGV clock-france                                      ... OK
	       Test OOM for nalloc=38 ...................................... OK
	   ...

	the second lines reports how many mallocs have to be failed, and thus
	how many repeats of the test will be run.

	If it crashes, then running under valgrind will often show the problem

	  $ VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest

	When debugging problems it is also helpful to select an individual
	test case

	  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1 ../run valgrind ./qemuxml2argvtest

	When things get really tricky, it is possible to request that just
	specific allocs are failed. eg to fail allocs 5 -> 12, use

	  $ VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-12 ../run valgrind ./qemuxml2argvtest

	In the worse case, you might want to know the stack trace of the
	alloc which was failed then VIR_TEST_OOM_TRACE can be set. If it
	is set to 1 then it will only print if it thinks a mistake happened.
	This is often not reliable, so setting it to 2 will make it print
	the stack trace for every alloc that is failed.

	  $ VIR_TEST_OOM_TRACE=2 VIR_TEST_RANGE=30 VIR_TEST_OOM=1:5-5 ../run valgrind ./qemuxml2argvtest
	  30) QEMU XML-2-ARGV clock-localtime                                   ... OK
	      Test OOM for nalloc=36 !virAllocN
	  /home/berrange/src/virt/libvirt/src/util/viralloc.c:180
	  virHashCreateFull
	  /home/berrange/src/virt/libvirt/src/util/virhash.c:144
	  virDomainDefParseXML
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:11745
	  virDomainDefParseNode
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12646
	  virDomainDefParse
	  /home/berrange/src/virt/libvirt/src/conf/domain_conf.c:12590
	  testCompareXMLToArgvFiles
	  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:106
	  virtTestRun
	  /home/berrange/src/virt/libvirt/tests/testutils.c:250
	  mymain
	  /home/berrange/src/virt/libvirt/tests/qemuxml2argvtest.c:418 (discriminator 2)
	  virtTestMain
	  /home/berrange/src/virt/libvirt/tests/testutils.c:750
	  ??
	  ??:0
	  _start
	  ??:?
	   FAILED

2014-02-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix multiple bugs in LXC domainMemoryStats driver
	The virCgroupXXX APIs' return value must be checked for
	being less than 0, not equal to 0.

	An VIR_ERR_OPERATION_INVALID error must also be raised
	when the VM is not running to prevent a crash on NULL
	priv->cgroup field.

2014-02-20  Thorsten Behrens  <tbehrens@suse.com>

	Add unit test for virCgroupGetPercpuStats.

	Fix misspelled cpuacct.usage_percpu in cgroup mock.

	Add unit test for virCgroupGetMemoryUsage.

	Add unit test for virCgroupGetBlkioIo*Serviced

	Widening API change - accept empty path for virDomainBlockStats
	And provide domain summary stat in that case, for lxc backend.
	Use case is a container inheriting all devices from the host,
	e.g. when doing application containerization.

	Implement lxcDomainBlockStats* for lxc driver
	Adds lxcDomainBlockStatsFlags and lxcDomainBlockStats functions.

	Implement domainGetCPUStats for lxc driver.

	Make qemuGetDomainTotalCPUStats a virCgroup function.
	To reuse this from other drivers, like lxc.

	Implement domainMemoryStats API slot for LXC driver.

	Add util virCgroupGetBlkioIo*Serviced methods.
	This reads blkio stats from blkio.throttle.io_service_bytes and
	blkio.throttle.io_serviced.

2014-02-20  Jincheng Miao  <jmiao@redhat.com>

	virsh: fix memleak when starting a guest with invalid fd
	When start a guest with --pass-fd, if the argument of --pass-fd is invalid,
	virsh will exit, but doesn't free the variable 'dom'.

	The valgrind said:
	...
	==24569== 63 (56 direct, 7 indirect) bytes in 1 blocks are definitely lost in loss record 130 of 234
	==24569==    at 0x4C2A1D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==24569==    by 0x4E879A4: virAllocVar (viralloc.c:544)
	==24569==    by 0x4EBD625: virObjectNew (virobject.c:190)
	==24569==    by 0x4F3A18A: virGetDomain (datatypes.c:226)
	==24569==    by 0x4F9311F: remoteDomainLookupByName (remote_driver.c:6636)
	==24569==    by 0x4F44F20: virDomainLookupByName (libvirt.c:2277)
	==24569==    by 0x12F616: vshCommandOptDomainBy (virsh-domain.c:105)
	==24569==    by 0x131C79: cmdStart (virsh-domain.c:3330)
	==24569==    by 0x12C4AB: vshCommandRun (virsh.c:1752)
	==24569==    by 0x127001: main (virsh.c:3218)

	https://bugzilla.redhat.com/show_bug.cgi?id=1067338

2014-02-20  Richard Weinberger  <richard@nod.at>

	lxc: Add destroy support for suspended domains
	Destroying a suspended domain needs special action.
	We cannot simply terminate all process because they are frozen.
	Do deal with that we send them SIGKILL and thaw them.
	Upon wakeup the process sees the pending signal and dies immediately.

2014-02-20  Ján Tomko  <jtomko@redhat.com>

	Fix build of portallocator on mingw
	IN6ADDR_ANY_INIT does not seem to be working as expected on MinGW:
	error: missing braces around initializer [-Werror=missing-braces]
	         .sin6_addr = IN6ADDR_ANY_INIT,

	Use the in6addr_any variable instead.

	Reported by Daniel P. Berrange.

2014-02-20  Michal Privoznik  <mprivozn@redhat.com>

	networkRunHook: Run hook only if possible
	Currently, networkRunHook() is called in networkAllocateActualDevice and
	friends. These functions, however, doesn't necessarily work on networks,
	For example, if domain's interface is defined in this fashion:

	    <interface type='bridge'>
	      <mac address='52:54:00:0b:3b:16'/>
	      <source bridge='virbr1'/>
	      <model type='rtl8139'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
	    </interface>

	The networkAllocateActualDevice jumps directly onto 'validate' label as
	the interface is not type of 'network'. Hence, @network is left
	initialized to NULL and networkRunHook(network, ...) is called. One of
	the things that the hook function does is dereference @network. Soupir.

2014-02-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: use job functions in libxlDomainSetSchedulerParametersFlags
	Modify operation that needs to wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainSetAutostart
	Setting autostart is a modify operation that needs to wait in the
	queue of modify jobs.

	libxl: use job functions in device attach and detach functions
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in vcpu set and pin functions
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainCoreDump
	Dumping a domain's core can take considerable time.  Use the
	recently added job functions and unlock the virDomainObj while
	dumping core.

	libxl: use job functions in domain save operations
	Saving domain memory and cpu state can take considerable time.
	Use the recently added job functions and unlock the virDomainObj
	while saving the domain.

	libxl: use job functions when cleaning up a domain
	When explicitly destroying a domain (libxlDomainDestroyFlags), or
	handling an out-of-band domain shutdown event, cleanup the domain
	in the context of a job.  Introduce libxlVmCleanupJob to wrap
	libxlVmCleanup in a job block.

	libxl: use job functions in libxlDomain{Suspend,Resume}
	These operations aren't necessarily time consuming, but need to
	wait in the queue of modify jobs.

	libxl: use job functions in libxlDomainSetMemoryFlags
	Large balloon operation can be time consuming.  Use the recently
	added job functions and unlock the virDomainObj while ballooning.

	libxl: use job functions in libxlVmStart
	Creating a large domain could potentially be time consuming.  Use the
	recently added job functions and unlock the virDomainObj while
	the create operation is in progress.

	libxl: Add job support to libxl driver
	Follows the pattern used in the QEMU driver for managing multiple,
	simultaneous jobs within the driver.

	libxl: remove libxlVmReap function
	This function, which only has five call sites, simply calls
	libxl_domain_destroy and libxlVmCleanup.  Call those functions
	directly at the call sites, allowing more control over how a
	domain is destroyed and cleaned up.  This patch maintains the
	existing semantic, leaving changes to a subsequent patch.

	libxl: always set vm id to -1 on shutdown
	Once a domain has reached the shutdown state, set its ID to -1.

2014-02-19  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Use virtio network device for aarch64/virt
	This patch changes network device type used by default from rtl8139
	to virtio when architecture type is aarch64 and machine type is virt.
	Qemu doesn't support any other machine types for aarch64 right now and
	we can't make any other aarch64-specific tuning in this function yet.

2014-02-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bhyve: add a basic driver
	At this point it has a limited functionality and is highly
	experimental. Supported domain operations are:

	  * define
	  * start
	  * destroy
	  * dumpxml
	  * dominfo

	It's only possible to have only one disk device and only one
	network, which should be of type bridge.

2014-02-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add a default USB keyboard and USB mouse for PPC64
	There is no keyboard working on PPC64 and PS2 mouse is only for X86
	when graphics are enabled.

	Add a USB keyboard and USB mouse for PPC64 when graphics are enabled.

2014-02-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	xen: format xen config for USB keyboard

	qemu: format qemu command line for USB keyboard
	Format qemu command line for USB keyboard
	and add test cases for it.

	qemu: Add USB keyboard capability
	Add USB keyboard capability probing and test cases.

	conf: Remove the implicit PS2 devices for non-X86 platforms
	PS2 devices only work on X86 platform, other platforms may need
	USB devices instead. Athough it doesn't influence the QEMU command line,
	it's not right to add PS2 mouse/keyboard for non-X86 platform.

2014-02-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	conf: Add keyboard input device type
	There is no keyboard support currently in libvirt.

	For some platforms (PPC64 QEMU) this makes graphics unusable,
	since the keyboard is not implicit and it can't be added via libvirt.

2014-02-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	conf: Add one interface to add default input devices
	Use it for the default mouse.

2014-02-18  Michal Privoznik  <mprivozn@redhat.com>

	bridge_driver.h: Fix build --without-network
	The networkNotifyActualDevice function is accepting two arguments, not
	one:

	qemu/qemu_process.c: In function 'qemuProcessNotifyNets':
	qemu/qemu_process.c:2776:47: error: macro "networkNotifyActualDevice" passed 2 arguments, but takes just 1
	         if (networkNotifyActualDevice(def, net) < 0)
	                                               ^

2014-02-18  Ján Tomko  <jtomko@redhat.com>

	Fix conflicting types of virInitctlSetRunLevel
	aebbcdd didn't change the non-linux definition of the function,
	breaking the build on FreeBSD:

	../../src/util/virinitctl.c:164: error: conflicting types for
	'virInitctlSetRunLevel'
	../../src/util/virinitctl.h:40: error: previous declaration of
	'virInitctlSetRunLevel' was here

2014-02-18  Michal Privoznik  <mprivozn@redhat.com>

	network: Taint networks that are using hook script
	Basically, the idea is copied from domain code, where tainting
	exists for a while. Currently, only one taint reason exists -
	VIR_NETWORK_TAINT_HOOK to mark those networks which caused invoking
	of hook script.

	network: Introduce network hooks
	There might be some use cases, where user wants to prepare the host or
	its environment prior to starting a network and do some cleanup after
	the network has been shut down. Consider all the functionality that
	libvirt doesn't currently have as an example what a hook script can
	possibly do.

	network_conf: Expose virNetworkDefFormatInternal
	In the next patch I'm going to need the network format function that
	takes virBuffer as argument. However, slightly change of name is more
	appropriate then: virNetworkDefFormatBuf to match the rest of functions
	that format an object to buffer.

2014-02-18  Daniel P. Berrange  <berrange@redhat.com>

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code
	Rewrite multiple hotunplug functions to to use the
	virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with an absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug
	Rewrite lxcDomainAttachDeviceHostdevMiscLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug
	Rewrite lxcDomainAttachDeviceHostdevStorageLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug
	Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
	to use the virProcessRunInMountNamespace helper. This avoids
	risk of a malicious guest replacing /dev with a absolute
	symlink, tricking the driver into changing the host OS
	filesystem.

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
	Rewrite lxcDomainAttachDeviceDiskLive function to use the
	virProcessRunInMountNamespace helper. This avoids risk of
	a malicious guest replacing /dev with a absolute symlink,
	tricking the driver into changing the host OS filesystem.

2014-02-18  Eric Blake  <eblake@redhat.com>

	CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code
	Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
	lxcDomainReboot.  Otherwise, a malicious guest could use symlinks
	to force the host to manipulate the wrong file in the host's namespace.

	Idea by Dan Berrange, based on an initial report by Reco
	<recoverym4n@gmail.com> at
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

2014-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Add helper for running code in separate namespaces
	Implement virProcessRunInMountNamespace, which runs callback of type
	virProcessNamespaceCallback in a container namespace. This uses a
	child process to run the callback, since you can't change the mount
	namespace of a thread. This implies that callbacks have to be careful
	about what code they run due to async safety rules.

	Idea by Dan Berrange, based on an initial report by Reco
	<recoverym4n@gmail.com> at
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

2014-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Add virFileMakeParentPath helper function
	Add a helper function which takes a file path and ensures
	that all directory components leading up to the file exist.
	IOW, it strips the filename part of the path and passes
	the result to virFileMakePath.

2014-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Move check for cgroup devices ACL upfront in LXC hotplug
	The check for whether the cgroup devices ACL is available is
	done quite late during LXC hotplug - in fact after the device
	node is already created in the container in some cases. Better
	to do it upfront so we fail immediately.

	Disks are always block devices, never character devices
	The LXC disk hotplug code was allowing block or character devices
	to be given as disk. A disk is always a block device.

	Fix reset of cgroup when detaching USB device from LXC guests
	When detaching a USB device from an LXC guest we must remove
	the device from the cgroup ACL. Unfortunately we were telling
	the cgroup code to use the guest /dev path, not the host /dev
	path, and the guest device node had already been unlinked.
	This was, however, fortunate since the code passed &priv->cgroup
	instead of priv->cgroup, so would have crash if the device node
	were accessible.

	Record hotplugged USB device in LXC live guest config
	After hotplugging a USB device, the LXC driver forgot
	to add the device def to the virDomainDefPtr.

	Fix path used for USB device attach with LXC
	The LXC code missed the 'usb' component out of the path
	/dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually
	setup cgroups for the device. This was in fact lucky
	because the call to virLXCSetupHostUsbDeviceCgroup
	was also mistakenly passing '&priv->cgroup' instead of
	just 'priv->cgroup'. So once the path is fixed, libvirtd
	would then crash trying to access the bogus virCgroupPtr
	pointer. This would have been a security issue, were it
	not for the bogus path preventing the pointer reference
	being reached.

	Don't block use of USB with containers
	virDomainDefCompatibleDevice blocks use of USB if no USB
	controller is present. This is not correct for containers
	since devices can be assigned directly regardless of any
	controllers.

2014-02-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement VIR_DOMAIN_TAINT_HOOK
	Currently, there's just one place where we care if hook script is
	changing the domain XML: migration hook for incoming migration. In
	all other places where a hook script is executed, we don't read the
	XML back from the script.

	Anyway, the hook script can alter domain XML and hence we should taint
	it if the script did.

2014-02-17  Michal Privoznik  <mprivozn@redhat.com>

	virDomainTaintFlags: Introduce VIR_DOMAIN_TAINT_HOOK
	This new flag is to be used for tainting domains which
	XML definition was altered at runtime by a hook script.

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	Revert "storage: Introduce internal pool support"
	The internal pools were an idea in one of the first iterations of the
	gluster series, which we decided not to use. Somehow the patch still
	got pushed. Remove it as the internal flag isn't needed.

	This reverts commit 362da8209d760fc1acd3a1c8df5b04aa676492eb.

2014-02-14  Ján Tomko  <jtomko@redhat.com>

	Add tests for secret XML parsing
	also validate it against the RNG schema.

	docs: remove <auth> from secret XML format
	This belongs to the pool definition.

2014-02-14  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Forgot to add lxcconf2xmldata to dist.

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	lxc: Don't shadow global symbol "link"
	Yet another variable name frowned upon by older compilers. Introduced in
	commit b73c029d.

2014-02-14  Ján Tomko  <jtomko@redhat.com>

	Support IPv6 in port allocator
	Also try to bind on IPv6 to check if the port is occupied.

	Change the mocked bind in the test to return EADDRINUSE
	for some ports only for the IPv4/IPv6 socket if we're testing
	on a host with IPv6 compiled in.

	Also mock socket() to make it fail with EAFNOTSUPPORTED
	if LIBVIRT_TEST_IPV4ONLY is set in the environment, to
	simulate a host without IPv6 support in the kernel. The
	tests are repeated again with this variable set.

	https://bugzilla.redhat.com/show_bug.cgi?id=1025407

2014-02-14  Ján Tomko  <jtomko@redhat.com>

	Split out bind() from virPortAllocatorAcquire

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Don't leak private data when storage file init fails
	In a44b7b87bcc6681e2939f65a3552fc96f68bc7b6 I've introduced a function
	that initializes a storage file wrapper object on gluster based volumes.

	The initialization function leaks the private data pointer in case of
	failure. This patch fixes it.

	Reported by John Ferlan.

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	storage: Fix build with older compilers afeter gluster snapshot series
	In commit e32268184b4fd1611ed5ffd3c758b8f6a34152e6 I accidentally added
	twice a typedef for virStorageFileBackend when I moved it between files
	across patch iterations. The double declaration breaks build on older
	compilers in RHEL5 and FreeBSD.

	Remove the spurious definition.

2014-02-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Add support for external active snapshots on gluster
	Add support for gluster backed images as sources for snapshots in the
	qemu driver. This will also simplify adding further network backed
	volumes as sources for snapshot in case qemu will support them.

	qemu: snapshot: Use new APIs to detect presence of existing storage files
	Use the new storage driver based "stat" api to detect exiting files just
	as we did with local files.

	qemu: Switch snapshot deletion to the new API functions
	Use the new storage driver APIs to delete snapshot backing files in case
	of failure instead of directly relying on "unlink". This will help us in
	the future when we will be adding network based storage without local
	representation in the host.

	storage: Add storage file backends for gluster
	Implement storage backend functions to deal with gluster volumes and
	implement the "stat" and "unlink" backend APIs.

	storage: add file functions for local and block files
	Implement the "stat" and "unlink" function for "file" volumes and "stat"
	for "block" volumes using the regular system calls.

	storage: Add file storage APIs in the default storage driver
	Add APIs that will allow to use the storage driver to assist in
	operations on files even for remote filesystems without native
	representation as files in the host.

	conf: Move qemuSnapshotDiskGetActualType to virDomainSnapshotDiskGetActualType
	All the data for getting the actual type is present in the snapshot
	config. There is no need to have this function private to the qemu
	driver and it will be re-used later in other parts of libvirt

	conf: Move qemuDiskGetActualType to virDomainDiskGetActualType
	All the data for getting the actual type is present in the domain
	config. There is no need to have this function private to the qemu
	driver and it will be re-used later in other parts of libvirt

2014-02-13  Eric Blake  <eblake@redhat.com>

	spec: add missing dep of libvirt-daemon-config-nwfilter
	Similar to cf76c4b, if modules are used, then nwfilter configuration
	requires the nwfilter driver module.

2014-02-13  Eric Blake  <eblake@redhat.com>

	Revert "spec: require libvirt-wireshark from libvirt metapackage"
	This reverts commit 8d6c3659b8c9b861b00a19b26079d11d56dce680.

	After further list discussion, it was decided that pulling in
	wireshark as a dependency is a bit too much for the base 'libvirt'
	package.  Remember also that 'libvirt-devel' is also not pulled in
	by the base 'libvirt' - the metapackage exists for full
	functionality of libvirtd, rather than to pull in all subpackages.

2014-02-13  Cédric Bosdonnat  <cbosdonnat@suse.com>

	lxc from native: removed now remaining useless line

2014-02-13  Philipp Hahn  <hahn@univention.de>

	Fix stream related spelling mistakes
	Remove double "is".
	Consistent spelling of all-uppercase I/O.

2014-02-12  Eric Blake  <eblake@redhat.com>

	spec: require libvirt-wireshark from libvirt metapackage
	In general, the 'libvirt' metapackage should pull in all subpackages.
	Fix this for the wireshark subpackage created in commit f9ada9f.

	* libvirt.spec.in (Requires): Add dependency.

2014-02-12  Thierry Parmentelat  <thierry.parmentelat@inria.fr>

	spec: add missing dep of libvirt-daemon-config-network
	When building modules, libvirt-daemon-config-network requires
	libvirt-daemon-driver-network to ensure the 'default' network
	is setup properly

	spec: require libvirt-daemon-driver-interface only when built

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC from native: convert blkio throttle config

	LXC: added some doc on domxml-from-native with mention of limitations

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC from native: map vlan network type
	The problem with VLAN is that the user still has to manually create the
	vlan interface on the host. Then the generated configuration will use
	it as a nerwork hostdev device. So the generated configurations of the
	following two fragments are equivalent (see rhbz#1059637).

	lxc.network.type = phys
	lxc.network.link = eth0.5

	lxc.network.type = vlan
	lxc.network.link = eth0
	lxc.network.vlan.id = 5

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC from native: map block filesystems

	LXC from native: map lxc.arch to /domain/os/type@arch

	LXC from native: add lxc.cgroup.blkio.* mapping

	LXC from native: map lxc.cgroup.cpuset.*

	LXC from native: map lxc.cgroup.cpu.*

	LXC from native: migrate memory tuning

	LXC from native: convert lxc.id_map into <idmap>

	LXC from native: convert macvlan network configuration

	LXC from native: convert lxc.tty to console devices

	LXC from native: convert phys network types to net hostdev devices

	LXC from native: migrate veth network configuration
	Some of the LXC configuration properties aren't migrated since they
	would only cause problems in libvirt-lxc:
	  * lxc.network.ipv[46]: LXC driver doesn't setup IP address of guests,
	    see rhbz#1059624
	  * lxc.network.name, see rhbz#1059630

	LXC from native: implement no network conversion
	If no network configuration is provided, LXC only provides the loopback
	interface. To match this, we need to use the privnet feature. LXC will
	also define a 'none' network type in its 1.0.0 version that fits
	libvirt LXC driver's default.

	LXC from native: migrate fstab and lxc.mount.entry
	Tmpfs relative size and default 50% size values aren't supported as
	we have no idea of the available memory at the conversion time.

	LXC from native: import rootfs
	LXC rootfs can be either a directory or a block device or an image
	file. The first two types have been implemented, but the image file is
	still to be done since LXC auto-guesses the file format at mount time
	and the LXC driver doesn't support the 'auto' format.

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC driver: started implementing connectDomainXMLFromNative
	This function aims at converting LXC configuration into a libvirt
	domain XML description to help users migrate from LXC to libvirt.

	Here is an example of how the lxc configuration works:
	virsh -c lxc:/// domxml-from-native lxc-tools /var/lib/lxc/migrate_test/config

	It is possible that some parts couldn't be properly mapped into a
	domain XML fragment, so users should carefully review the result
	before creating the domain.

	fstab files in lxc.mount lines will need to be merged into the
	configuration file as lxc.mount.entry.

	As we can't know the amount of memory of the host, we have to set a
	default value for max_balloon that users will probably want to adjust.

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Improve virConf parse to handle LXC config format
	virConf now honours a VIR_CONF_FLAG_LXC_FORMAT flag to handle LXC
	configuration files. The differences are that property names can
	contain '.' character and values are all strings without any bounding
	quotes.

	Provide a new virConfWalk function calling a handler on all non-comment
	values. This function will be used by the LXC conversion code to loop
	over LXC configuration lines.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: pass reason for PM events
	Commit 57ddcc23 (v0.9.11) introduced the pmwakeup event, with
	an optional 'reason' field reserved for possible future expansion.
	But it failed to wire the field through RPC, so even if we do
	add a reason in the future, we will be unable to get it back
	to the user.

	Worse, commit 7ba5defb (v1.0.0) repeated the same mistake with
	the pmsuspend_disk event.

	As long as we are adding new RPC calls, we might as well fix
	the events to actually match the signature so that we don't have
	to add yet another RPC in the future if we do decide to start
	using the reason field.

	* src/remote/remote_protocol.x
	(remote_domain_event_callback_pmwakeup_msg)
	(remote_domain_event_callback_pmsuspend_msg)
	(remote_domain_event_callback_pmsuspend_disk_msg): Add reason
	field.
	* daemon/remote.c (remoteRelayDomainEventPMWakeup)
	(remoteRelayDomainEventPMSuspend)
	(remoteRelayDomainEventPMSuspendDisk): Pass reason to client.
	* src/conf/domain_event.h (virDomainEventPMWakeupNewFromDom)
	(virDomainEventPMSuspendNewFromDom)
	(virDomainEventPMSuspendDiskNewFromDom): Require additional
	parameter.
	* src/conf/domain_event.c (virDomainEventPMClass): New class.
	(virDomainEventPMDispose): New function.
	(virDomainEventPMWakeupNew*, virDomainEventPMSuspendNew*)
	(virDomainEventPMSuspendDiskNew*)
	(virDomainEventDispatchDefaultFunc): Use new class.
	* src/remote/remote_driver.c (remoteDomainBuildEvent*PM*): Pass
	reason through.
	* src/remote_protocol-structs: Regenerate.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: convert remaining domain events to new style
	Following the patterns established by lifecycle events, this
	creates all the new RPC calls needed to pass callback IDs
	for every domain event, and changes the limits in client and
	server codes to use modern style when possible.

	I've tested all combinations: both 'old client and new server'
	and 'new client and old server' continue to work with the old
	RPCs, and 'new client and new server' benefit from server-side
	filtering with the new RPCs.

	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_EVENT_*): Add
	REMOTE_PROC_DOMAIN_EVENT_CALLBACK_* counterparts.
	* daemon/remote.c (remoteRelayDomainEvent*): Send callbackID via
	newer RPC when used with new-style registration.
	(remoteDispatchConnectDomainEventCallbackRegisterAny): Extend to
	cover all domain events.
	* src/remote/remote_driver.c (remoteDomainBuildEvent*): Add new
	Callback and Helper functions.
	(remoteEvents): Match order of RPC numbers, register new handlers.
	(remoteConnectDomainEventRegisterAny)
	(remoteConnectDomainEventDeregisterAny): Extend to cover all
	domain events.
	* src/remote_protocol-structs: Regenerate.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: client RPC protocol tweaks for domain lifecycle events
	The counterpart to the server RPC additions; here, a single
	function can serve both old and new calls, while incoming
	events must be serviced by two different functions.  Again,
	some wise choices in our XDR made it easier to share code
	managing similar events.

	While this only supports lifecycle events, it covers the
	harder part of how Register and RegisterAny interact; the
	remaining 15 events will be a mechanical change in a later
	patch.  For Register, we now have a callbackID locally for
	more efficient cleanup if the RPC fails; we also prefer to
	use the newer RPC where we know it is supported (the older
	RPC must be used if we don't know if RegisterAny is
	supported).

	* src/remote/remote_driver.c (remoteEvents): Register new RPC
	event handler.
	(remoteDomainBuildEventLifecycle): Move guts...
	(remoteDomainBuildEventLifecycleHelper): ...here.
	(remoteDomainBuildEventCallbackLifecycle): New function.
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventDeregister)
	(remoteConnectDomainEventRegisterAny)
	(remoteConnectDomainEventDeregisterAny): Use new RPC when supported.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: prepare client to track domain callbackID
	We want to convert over to server-side events, even for older
	APIs.  To do that, the client side of the remote driver wants
	to distinguish between legacy virConnectDomainEventRegister and
	normal virConnectDomainEventRegisterAny, while knowing the
	client callbackID and the server's serverID for both types of
	registration.  The client also needs to probe whether the
	server supports server-side filtering.  However, for ease of
	review, we don't actually use the new RPCs until a later patch.

	* src/conf/object_event_private.h (virObjectEventStateCallbackID):
	Add parameter.
	* src/conf/object_event.c (virObjectEventCallbackListAddID)
	(virObjectEventStateRegisterID): Separate legacy from callbackID.
	(virObjectEventStateCallbackID): Pass through parameter.
	(virObjectEventCallbackLookup): Let legacy and global domain
	lifecycle events share a common remoteID.
	* src/conf/network_event.c (virNetworkEventStateRegisterID):
	Update caller.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateRegisterID, virDomainEventStateDeregister):
	Likewise.
	(virDomainEventStateRegisterClient)
	(virDomainEventStateCallbackID): Implement new functions.
	* src/conf/domain_event.h (virDomainEventStateRegisterClient)
	(virDomainEventStateCallbackID): New prototypes.
	* src/remote/remote_driver.c (private_data): Add field.
	(doRemoteOpen): Probe server feature.
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Use new function.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: server RPC protocol tweaks for domain lifecycle events
	This patch adds some new RPC call numbers, but for ease of review,
	they sit idle until a later patch adds the client counterpart to
	drive the new RPCs.  Also for ease of review, I limited this patch
	to just the lifecycle event; although converting the remaining
	15 domain events will be quite mechanical.  On the server side,
	we have to have a function per RPC call, largely with duplicated
	bodies (the key difference being that we store in our callback
	opaque pointer whether events should be fired with old or new
	style); meanwhile, a single function can drive multiple RPC
	messages.  With a strategic choice of XDR struct layout, we can
	make the event generation code for both styles fairly compact.

	I debated about adding a tri-state witness variable per
	connection (values 'unknown', 'legacy', 'modern').  It would start
	as 'unknown', move to 'legacy' if any RPC call is made to a legacy
	event call, and move to 'modern' if the feature probe is made;
	then the event code could issue an error if the witness state is
	incorrect (a legacy RPC call while in 'modern', a modern RPC call
	while in 'unknown' or 'legacy', and a feature probe while in
	'legacy' or 'modern').  But while it might prevent odd behavior
	caused by protocol fuzzing, I don't see that it would prevent
	any security holes, so I considered it bloat.

	Note that sticking @acl markers on the new RPCs generates unused
	functions in access/viraccessapicheck.c, because there is no new
	API call that needs to use the new checks; however, having a
	consistent .x file is worth the dead code.

	* src/libvirt_internal.h (VIR_DRV_FEATURE_REMOTE_EVENT_CALLBACK):
	New feature.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_REGISTER_ANY)
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_CALLBACK_DEREGISTER_ANY)
	(REMOTE_PROC_DOMAIN_EVENT_CALLBACK_LIFECYCLE): New RPCs.
	* daemon/remote.c (daemonClientCallback): Add field.
	(remoteDispatchConnectDomainEventCallbackRegisterAny)
	(remoteDispatchConnectDomainEventCallbackDeregisterAny): New
	functions.
	(remoteDispatchConnectDomainEventRegisterAny)
	(remoteDispatchConnectDomainEventDeregisterAny): Mark legacy use.
	(remoteRelayDomainEventLifecycle): Change message based on legacy
	or new use.
	(remoteDispatchConnectSupportsFeature): Advertise new feature.
	* src/remote_protocol-structs: Regenerate.

2014-02-12  Eric Blake  <eblake@redhat.com>

	event: dynamically manage server-side RPC domain events
	This patch continues the earlier conversion made for network
	events, with a goal of introducing server-side event filtering
	in a later patch.  Actual behavior is unchanged without
	further RPC changes.

	* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
	domain events.
	* daemon/remote.c (remoteClientInitHook, remoteClientFreeFunc)
	(remoteRelayDomainEvent*)
	(remoteDispatchConnectDomainEventRegister)
	(remoteDispatchConnectDomainEventRegisterAny): Track domain
	callbacks dynamically.

2014-02-12  Michael Chapman  <mike@very.puzzling.org>

	storage: handle NULL return from virGetStorageVol
	virGetStorageVol can return NULL on out-of-memory. If it does, cleanly
	abort the volume clone operation.

2014-02-12  Ján Tomko  <jtomko@redhat.com>

	Revert "storage: disk: Separate creating of the volume from building"
	This reverts commit 67ccf91bf29488783bd1fda46b362450f71a2078.
	We only generate the volume key after we've built it, but the storage
	driver expects it to be filled after createVol finishes.
	Squash the volume building back with creating to fulfill this
	expectation.

2014-02-12  Ján Tomko  <jtomko@redhat.com>

	Revert "storage: lvm: Separate creating of the volume from building"
	This reverts commit af1fb38f55d4fb87e0fcaee1e973fa9c6713b1e6.
	With it, creating new logical volumes fails:
	https://www.redhat.com/archives/libvir-list/2014-February/msg00658.html

	In the storage driver, we expect CreateVol to fill out the volume key,
	but the LVM backend fills the key with the uuid reported by lvs after the
	logical volume is created.

2014-02-12  Ján Tomko  <jtomko@redhat.com>

	Fix leaks in vircapstest
	Coverity complains about cell_cpus being leaked on error
	and valgrind shows 'caps' is leaked on success.

	Introduced in eb64e87.

2014-02-12  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fixed build with clang.
	Two unused global variables, and DBUS_TYPE_INVALID used as a const
	char*.

	AppArmor: Fix the place where the template should be installed
	The security driver expects /etc/apparmor.d/libvirt/TEMPLATE but we
	installed it to /etc/apparmor.d/libvirtd/TEMPLATE. Move the template to
	the expected place since that code was here long before.

2014-02-11  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Implement a stub cpuArchDriver.baseline() handler for aarch64
	Openstack Nova calls virConnectBaselineCPU() during initialization
	of the instance to get a full list of CPU features.
	This patch adds a stub to aarch64-specific code to handle
	this request (no actual work is done). That's enough to have
	this stub with limited functionality because qemu/kvm backend
	supports only 'host-passthrough' cpu mode on aarch64.

2014-02-11  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libxlDoDomainSave documentation
	Update the function's comment, which was missed when removing use of
	the driver lock everywhere.

	libxl: register for domain events immediately after creation
	A small fix for the possiblitiy of jumping to an error path before
	registering for domain events, preventing receiving important ones
	like shutdown and death.

	libxl: rename libxlCreateDomEvents to libxlDomEventsRegister
	libxlDomEventsRegister better reflects its purpose: register for
	domain events from libxl.

2014-02-11  Ján Tomko  <jtomko@redhat.com>

	Rename 'index' in virCapabilitiesGetCpusForNode
	This shadows the index function on some systems (RHEL-6.4, FreeBSD 9):
	../../src/conf/capabilities.c: In function 'virCapabilitiesGetCpusForNode':
	../../src/conf/capabilities.c:1005: warning: declaration of'index'
	      shadows a global declaration [-Wshadow]
	/usr/include/strings.h:57: warning: shadowed declaration is here [-Wshadow]

2014-02-11  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	vircapstest: Introduce virCapabilitiesGetCpusForNodemask test
	This test creates a Fake NUMA topology with non-sequential cell ids
	to check if libvirt properly handles the same

2014-02-11  Pradipta Kr. Banerjee  <pradipta.banerjee@gmail.com>

	Handle non-sequential NUMA node numbers
	On some platforms like IBM PowerNV the NUMA node numbers can be
	non-sequential. For eg. numactl --hardware o/p from such a machine looks
	as given below

	node distances:
	   node   0   1  16  17
	     0:  10  40  40  40
	     1:  40  10  40  40
	    16:  40  40  10  40
	    17:  40  40  40  10

	The NUMA nodes are 0,1,16,17

	Libvirt uses sequential index as NUMA node numbers and this can
	result in crash or incorrect results.

2014-02-11  Peter Krempa  <pkrempa@redhat.com>

	storage: gluster: Set volume metadata in a separate function
	Extract the metadata setting code into a separate function for future
	use.

2014-02-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: introduce spiceport chardev backend
	Add a new backend for any character device.  This backend uses channel
	in spice connection.  This channel is similar to spicevmc, but
	all-purpose in contrast to spicevmc.

	Apart from spicevmc, spiceport-backed chardev will not be formatted
	into the command-line if there is no spice to use (with test for that
	as well).  For this I moved the def->graphics counting to the start
	of the function so its results can be used in rest of the code even in
	the future.

2014-02-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: remove pointless condition
	This patch is here just to ease the code review and make related
	changes look more sensible.  Apart from removing the condition this is
	merely a whitespace (indentation) change.

2014-02-11  Martin Kletzander  <mkletzan@redhat.com>

	qemu: rework '-serial none'
	Limiting ourselves to qemu without QEMU_CAPS_DEVICE capability, we
	used '-serial none' only if there was no serial device defined in the
	domain XML.  This means that if we want to have a possibility of the
	device being defined in XML, but not used in the command-line
	(e.g. when it's pointless), we'll fail to attach '-serial none' to the
	command-line (when skipping the device's command-line building and the
	device being the only one).

	Since there is no such device, this patch doesn't actually do
	anything, but enables easier future additions in this manner.

2014-02-11  Martin Kletzander  <mkletzan@redhat.com>

	conf: introduce spiceport chardev backend
	Add a new character device backend called 'spiceport' that uses
	spice's channel for communications and apart from spicevmc can be used
	as a backend for any character device from libvirt's point of view.

2014-02-11  Wido den Hollander  <wido@widodh.nl>

	rbd: Use rbd_create3 to create RBD format 2 images by default
	This new RBD format supports snapshotting and cloning. By having
	libvirt create images in format 2 end-users of the created images
	can benefit from the new RBD format.

	Older versions of libvirt can work with this new RBD format as long
	as librbd supports format 2. RBD format is supported by librbd since
	version 0.56 (Ceph Bobtail).

2014-02-11  Joel SIMOES  <joel.simoes@laposte.net>

	Libvirt lose sheepdogs volumes on pool refresh or restart. When restarting sheepdog pool, all volumes are missing. This patch add automatically all volume from the added pool.
	Adding last Daniel P. Berrange's syntaxes correction.
	Adding vol on separeted function 'inspired' from parallels_storage :
	parallelsAddDiskVolume

2014-02-11  Laine Stump  <laine@laine.org>

	build: correctly check for SOICGIFVLAN GET_VLAN_VID_CMD command
	In order to make a client-only build successful on RHEL4 (yes, you
	read that correctly!), commit 3ed2e54 modified src/util/virnetdev.c so
	that the functional version of virNetDevGetVLanID() was only compiled
	if GET_VLAN_VID_CMD was defined. However, it is *never* defined, but
	is only an enum value, so the proper version was no longer compiled
	even on platforms that support it. This resulted in the vlan tag not
	being properly set for guest traffic on VEPA mode guest macvtap
	interfaces that were bound to a vlan interface (that's the only place
	that libvirt currently uses virNetDevGetVLanID)

	Since there is no way to compile conditionally based on the presence
	of an enum value, this patch modifies configure.ac to check for said
	enum value with AC_CHECK_DECLS(), which #defines
	HAVE_DECL_GET_VLAN_VID_CMD to 1 if it's successful compiling a test
	program that uses GET_VLAN_VID_CMD (and still #defines it, but to 0,
	if it's not successful).  We can then make the compilation of
	virNetDevGetVLanID() conditional on the value of
	HAVE_DECL_GET_VLAN_VID_CMD.

2014-02-10  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: grammar fixes in formatdomain
	Some grammar fixes.

	s/namespace,set/namespace, set
	s/container being allowed/container are allowed
	s/the <code>uid/The <code>uid

2014-02-10  Yuri Myasoedov  <ymyasoedov@yandex.ru>

	maint: fix line numbers in check-aclrules reports
	Reset line numbering on each input file in check-aclrules.pl. Otherwise
	it reports wrong line numbers in its error messages.

2014-02-10  Michal Privoznik  <mprivozn@redhat.com>

	virNetworkLoadState: Disallow mangled 'floor' element
	In the network status XML we may have the <floor/> element with the
	'sum' attribute. The attribute represents sum of all 'floor'-s of
	computed over each interface connected to the network (this is needed to
	guarantee certain bandwidth for certain domain). The sum is therefore a
	number. However, if the number was mangled (e.g. by an user's
	interference to network status file), we've just ignored it without
	refusing to parse such file. This was all due to 'goto error' missing.

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use correct permissions when determining the image chain
	The code took into account only the global permissions. The domains now
	support per-vm DAC labels and per-image DAC labels. Use the most
	specific label available.

2014-02-10  Michal Privoznik  <mprivozn@redhat.com>

	networkStartNetwork: Be more verbose
	The lack of debug printings might be frustrating in the future.
	Moreover, this function doesn't follow the usual pattern we have in the
	rest of the code:

	  int ret = -1;
	  /* do some work */
	  ret = 0;
	cleanup:
	  /* some cleanup work */
	  return ret;

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hyperv: Add support for timer enlightenments
	Add a new <timer> for the HyperV reference time counter enlightenment
	and the iTSC reference page for Windows guests.

	This feature provides a paravirtual approach to track timer events for
	the guest (similar to kvmclock) with the option to use real hardware
	clock on systems with a iTSC with compensation across various hosts.

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Enforce supported options for certain timers
	According to the documentation various timer options are only supported
	by certain timer types. Add a post parse check to verify that the user
	didn't specify invalid options.

	Also fix the qemu command line parsing function to set correct default
	values for the kvmclock timer so that it passes the new check.

2014-02-10  Peter Krempa  <pkrempa@redhat.com>

	schema: Fix guest timer specification schema according to the docs
	According to the documentation describing various tunables for domain
	timers not all the fields are supported by all the driver types. Express
	these in the RNG:

	- rtc, platform: Only these support the "track" attribute.
	- tsc: only one to support "frequency" and "mode" attributes
	- hpet, pit: tickpolicy/catchup attribute/element
	- kvmclock: no extra attributes are supported

	Additionally the attributes of the <catchup> element for
	tickpolicy='catchup' are optional according to the parsing code. Express
	this in the XML and fix a spurious space added while formatting the
	<catchup> element and add tests for it.

2014-02-07  Felix Geyer  <debfx@fobos.de>

	apparmor: Improve profiles
	Tested on Debian unstable.
	The profile updates are partly taken from the Ubuntu trusty libvirt package.

2014-02-07  John Ferlan  <jferlan@redhat.com>

	virpci: Resolve coverity issues
	Coverity complains about "USE_AFTER_FREE" due to how virPCIDeviceSetStubDriver
	"could" return either -1, 0, or 1 from the VIR_STRDUP() and then possibly makes
	a call to virPCIDeviceDetach().

	The only way this could happen is if NULL were passed as the "driver" name
	and virStrdup() returned 0.  Since the calling functions check < 0 on the
	initial function call, the 0 possibility causes Coverity to complain.

	To fix this - enforce that the second parameter is not NULL using
	ATTRIBUTE_NONNULL(2) for the function prototype, then in virPCIDeviceDetach
	add an sa_assert(dev->stubDriver). This will result in Coverity not complaining
	any more.

2014-02-07  Christophe Fergeau  <cfergeau@redhat.com>

	Add glusterfs to VIR_CONNECT_LIST_STORAGE_POOLS_FILTERS_POOL_TYPE
	If it's not present in this list, we won't be able to get only
	glusterfs pools when using virConnectListAllStoragePools.

	build-sys: Removed unused variable from configure.ac
	LIBGLUSTER_LIBS is emptied before gluster is enabled/disabled, but nothing
	else sets/uses this variable, so it can be removed.

2014-02-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: keep pre-migration domain state after failed migration
	Couple of codepaths shared the same code which can be moved out to a
	function and on one of such places, qemuMigrationConfirmPhase(), the
	domain was resumed even if it wasn't running before the migration
	started.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1057407

2014-02-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unneeded locking of driver when restoring
	libxlDomainRestoreFlags acquires the driver lock while reading the
	domain config from the save file and adding it to
	libxlDriverPrivatePtr->domains.  But virDomainObjList provides
	self-locking APIs, so remove the needless driver locking.

2014-02-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: improve subprocess handling
	If available, let libxl handle reaping any children it creates by
	specifying libxl_sigchld_owner_libxl_always_selective_reap.  This
	feature was added to improve subprocess handling in libxl when used
	in an application that does not install a SIGCHLD handler like
	libvirt

	http://lists.xen.org/archives/html/xen-devel/2014-01/msg01555.html

	Prior to this patch, it is possible to hit asserts in libxl when
	reaping subprocesses, particularly during simultaneous operations
	on multiple domains.  With this patch, and the corresponding changes
	to libxl, I no longer see the asserts.  Note that the libxl changes
	will be included in Xen 4.4.0.  Previous Xen versions will be
	susceptible to hitting the asserts even with this patch applied to
	the libvirt libxl driver.

2014-02-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: handle domain shutdown events in a thread
	Handling the domain shutdown event within the event handler seems
	a bit unfair to libxl's event machinery.  Domain "shutdown" could
	take considerable time.  E.g. if the shutdown reason is reboot,
	the domain must be reaped and then started again.

	Spawn a shutdown handler thread to do this work, allowing libxl's
	event machinery to go about its business.

2014-02-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove list of timer registrations from libxlDomainObjPrivate
	Due to some misunderstanding of requirements libxl places on timer
	handling, I introduced the half-brained idea of maintaining a list
	of timeouts that the driver could force to expire before freeing a
	libxlDomainObjPrivate (and hence libxl_ctx).  But testing all
	the latest versions of Xen supported by the libxl driver (4.2.3,
	4.3.1, 4.4.0 RC3), I see that libxl will handle this just fine and
	there is no need to force expiration behind libxl's back.  Indeed it
	may be harmful to do so.

	This patch removes the timer list, allowing libxl to handle cleanup
	of its timer registrations.

2014-02-06  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix leaking libxlDomainObjPrivate
	When libxl registers an FD with the libxl driver, the refcnt of the
	associated libxlDomainObjPrivate object is incremented. The refcnt
	is decremented when libxl deregisters the FD.  But some FDs are only
	deregistered when their libxl ctx is freed, which unfortunately is
	done in the libxlDomainObjPrivate dispose function.  With references
	held by the FDs, libxlDomainObjPrivate is never disposed.

	I added the ref/unref in FD registration/deregistration when adding
	the same in timer registration/deregistration.  For timers, this
	is a simple approach to ensuring the libxlDomainObjPrivate is not
	disposed prior to their expirtation, which libxl guarantees will
	occur.  It is not needed for FDs, and only causes
	libxlDomainObjPrivate to leak.

	This patch removes the reference on libxlDomainObjPrivate for FD
	registrations, but retains them for timer registrations.  Tested on
	the latest releases of Xen supported by the libxl driver:  4.2.3,
	4.3.1, and 4.4.0 RC3.

2014-02-06  Matthieu Coudron  <mattator@gmail.com>

	qemu_driver: Introduce <filesystem/> support in device attach/detach
	This commit allows to attach/detach a <filesystem> device in qemu. For
	this purpose I'm introducing two new functions: virDomainFSInsert() and
	virDomainFSRemove() and adding necessary code in the qemu driver.  It
	compares filesystems based on their "destination" folder. So if two
	filesystems share the same destination, they are considered equal and
	the qemu driver would reject the insertion.

	virDomainHostdev{Insert,Delete}: Replace VIR_REALLOC_N by VIR_{APPEND,DELETE}_ELEMENT
	With this change the code gets shorter and more readable.

2014-02-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Set timezone
	With my recent work on the test, both time() and localtime() are used.
	While mocking the former one, we get predictable result for UTC. But
	since the latter function uses timezone to get local time, the result of
	localtime() is not so predictive. Therefore, we must set the TZ variable
	at the beginning of the test. To be able to catch some things that work
	just by a blind chance, I'm choosing a virtual timezone that (hopefully)
	no libvirt developer resides in.

	qemuxml2argvmock: Mock time() on non-linux platforms too
	The qemuxml2argvtest is run on more platforms than linux. For instance
	FreeBSD. On these platforms we are, however, not mocking time() which
	results in current time being fetched from system and hence tests number
	32 and 33 failing.

2014-02-06  Ján Tomko  <jtomko@redhat.com>

	virsh: only report filled values in nodecpustats
	Rewrite the function to use an array instead of a struct,
	translating the field names to int via an enum.

2014-02-06  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement nodeGetCPUStats
	Implementation obtains CPU usage information using
	kern.cp_time and kern.cp_times sysctl(8)s and reports
	CPU utilization.

2014-02-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix crash in virDomainMemoryStats with old qemu
	If virDomainMemoryStats was run on a domain with virtio balloon driver
	running on an old qemu which supports QMP but does not support qom-list
	QMP command, libvirtd would crash. The reason is we did not check if
	qemuMonitorJSONGetObjectListPaths failed and moreover we even stored its
	result in an unsigned integer type.

2014-02-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: blockjob: Print correct file name in error message
	When attempting a blockcommit from the top layer, the base argument
	passed is NULL. This will be dereferenced when attempting a commit with
	an empty image chain. Output the real volume path instead:

	virsh blockcommit --verbose --path vda --domain DOMNAME --wait
	error: invalid argument: top '/path/somefile' in chain for 'vda' has no backing file

	instead of:

	error: invalid argument: top '(null)' in chain for 'vda' has no backing file

2014-02-06  Peter Krempa  <pkrempa@redhat.com>

	maint: Change the text of the NULLSTR() macro to "<null>"
	Eric Blake suggested to change this message to be different from the
	glibc's NULL deref protection message in printf to be able to
	differentiate errors.

2014-02-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Test localtime clock basis
	When trying to introduce a test for previous patch, I've
	noticed that the command line is constructed using current
	time. This won't work in our test suite (unless you guys
	wants to set a specific time prior to each test run :) ).
	Therefore we need to mock calls to time(2) to return the
	same value every time it's called.

2014-02-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildClockArgStr: Allow localtime clock basis
	https://bugzilla.redhat.com/show_bug.cgi?id=1046192

	Commit b8bf79a, which adds clock='variable', forgets to check
	localtime basis in qemuBuildClockArgStr(). So that localtime
	basis could not be used.

	Reported-by: Jincheng Miao <jmiao@redhat.com>

2014-02-05  Ján Tomko  <jtomko@redhat.com>

	Generate a valid imagelabel even for type 'none'
	Commit 2ce63c1 added imagelabel generation when relabeling is turned
	off. But we weren't filling out the sensitivity for type 'none' labels,
	resulting in an invalid label:

	$ virsh managedsave domain
	error: unable to set security context 'system_u:object_r:svirt_image_t'
	on fd 28: Invalid argument

2014-02-05  Eric Blake  <eblake@redhat.com>

	maint: fix grammar in conf file
	Noticed a misuse of 'to' while testing my event regression under
	polkit ACLs, and decided to review the entire conf files for
	other legibility bugs.

	* daemon/libvirtd.conf: Use correct grammar.
	* src/qemu/qemu.conf: Likewise.

2014-02-05  Eric Blake  <eblake@redhat.com>

	event: move event filtering to daemon (regression fix)
	https://bugzilla.redhat.com/show_bug.cgi?id=1058839

	Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
	need to check the ACL rules to filter which events to send.  But
	it overlooked one thing: the event dispatch queue is running in
	the main loop thread, and therefore does not normally have a
	current virIdentityPtr.  But filter checks can be based on current
	identity, so when libvirtd.conf contains access_drivers=["polkit"],
	we ended up rejecting access for EVERY event due to failure to
	look up the current identity, even if it should have been allowed.

	Furthermore, even for events that are triggered by API calls, it
	is important to remember that the point of events is that they can
	be copied across multiple connections, which may have separate
	identities and permissions.  So even if events were dispatched
	from a context where we have an identity, we must change to the
	correct identity of the connection that will be receiving the
	event, rather than basing a decision on the context that triggered
	the event, when deciding whether to filter an event to a
	particular connection.

	If there were an easy way to get from virConnectPtr to the
	appropriate virIdentityPtr, then object_event.c could adjust the
	identity prior to checking whether to dispatch an event.  But
	setting up that back-reference is a bit invasive.  Instead, it
	is easier to delay the filtering check until lower down the
	stack, at the point where we have direct access to the RPC
	client object that owns an identity.  As such, this patch ends
	up reverting a large portion of the framework of commit f9f56340.
	We also have to teach 'make check' to special-case the fact that
	the event registration filtering is done at the point of dispatch,
	rather than the point of registration.  Note that even though we
	don't actually use virConnectDomainEventRegisterCheckACL (because
	the RegisterAny variant is sufficient), we still generate the
	function for the purposes of documenting that the filtering
	takes place.

	Also note that I did not entirely delete the notion of a filter
	from object_event.c; I still plan on using that for my upcoming
	patch series for qemu monitor events in libvirt-qemu.so.  In
	other words, while this patch changes ACL filtering to live in
	remote.c and therefore we have no current client of the filtering
	in object_event.c, the notion of filtering in object_event.c is
	still useful down the road.

	* src/check-aclrules.pl: Exempt event registration from having to
	pass checkACL filter down call stack.
	* daemon/remote.c (remoteRelayDomainEventCheckACL)
	(remoteRelayNetworkEventCheckACL): New functions.
	(remoteRelay*Event*): Use new functions.
	* src/conf/domain_event.h (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Drop unused parameter.
	* src/conf/network_event.h (virNetworkEventStateRegisterID):
	Likewise.
	* src/conf/domain_event.c (virDomainEventFilter): Delete unused
	function.
	* src/conf/network_event.c (virNetworkEventFilter): Likewise.
	* src/libxl/libxl_driver.c: Adjust caller.
	* src/lxc/lxc_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_driver.c: Likewise.

2014-02-05  Eric Blake  <eblake@redhat.com>

	rpm: create libvirt-wireshark sub-package
	On Fedora 20, with wireshark-devel installed, 'make rpm' failed
	due to installed but unpackaged files related to wireshark.  As
	F20 is already released without wireshark, I chose to add a new
	sub-package that is enabled only for F21 and later.  Furthermore,
	all existing wireshark plugins belong to the wireshark package,
	so I got to invent behavior of how the first third-party wireshark
	module will behave.

	* libvirt.spec.in (with_wireshark): Add new conditional.
	* configure.ac (ws-plugindir): Improve wording.

2014-02-05  Laine Stump  <laine@laine.org>

	network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks
	https://bugzilla.redhat.com/show_bug.cgi?id=1057321

	pointed out that we weren't honoring the <bandwidth> element in
	libvirt networks using <forward mode='bridge'/>. In fact, these
	networks are just a method of giving a libvirt network name to an
	existing Linux host bridge on the system, and libvirt doesn't have
	enough information to know where to set such limits. We are working on
	a method of supporting network bandwidths for some specific cases of
	<forward mode='bridge'/>, but currently libvirt doesn't support it. So
	the proper thing to do now is just log an error when someone tries to
	put a <bandwidth> element in that type of network. (It's unclear if we
	will be able to do proper bandwidth limiting for macvtap networks, and
	most definitely we will not be able to support it for hostdev
	networks).

	While looking through the network XML documentation and comparing it
	to the networkValidate function, I noticed that we also ignore the
	presence of a mac address in the config in the same cases, rather than
	failing so that the user will understand that their desired action has
	not been taken.

	This patch updates networkValidate() (which is called any time a
	persistent network is defined, or a transient network created) to log
	an error and fail if it finds either a <bandwidth> or <mac> element
	and the network forward mode is anything except 'route'. 'nat', or
	nothing. (Yes, neither of those elements is acceptable for any macvtap
	mode, nor for a hostdev network).

	NB: This does *not* cause failure to start any existing network that
	contains one of those elements, so someone might have erroneously
	defined such a network in the past, and that network will continue to
	function unmodified. I considered it too disruptive to suddenly break
	working configs on the next reboot after a libvirt upgrade.

2014-02-04  Justin Clift  <jclift@redhat.com>

	Fix minor typo in governance doc
	While at it, also relinquish active commit rights:
	[x years between commits] is probably a poster child example of inactivity :)

2014-02-04  John Ferlan  <jferlan@redhat.com>

	Honor blacklist for modprobe command
	https://bugzilla.redhat.com/show_bug.cgi?id=1045124

	When loading modules, libvirt does not honor the modprobe blacklist.
	Use the new virKModLoad() API in order to attempt load with blacklist check.
	Use the new virKModIsBlacklisted() API to check if the failure to load
	was due to the blacklist

2014-02-04  John Ferlan  <jferlan@redhat.com>

	tests: Add test for new virkmod functions
	Adding tests for new virKMod{Config|Load|Unload}() API's.

	A test for virKModIsBlacklisted() would require some setup which cannot
	be assumed.

2014-02-04  John Ferlan  <jferlan@redhat.com>

	utils: Introduce functions for kernel module manipulation
	virKModConfig()        - Return a buffer containing kernel module configuration
	virKModLoad()          - Load a specific module into the kernel configuration
	virKModUnload()        - Unload a specific module from the kernel configuration
	virKModIsBlacklisted() - Determine whether a module is blacklisted within
	                         the kernel configuration

2014-02-04  Laine Stump  <laine@laine.org>

	qemu: be sure we're using the updated value of backend during hotplug
	commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
	may modify the "backend" (vfio vs. legacy kvm) setting in the
	virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
	hotplug) copies the backend setting into a local *before* calling
	qemuPrepareHostdevPCIDevices(), and then later makes a decision based
	on that pre-change value.

	The result is that, if the backend had been set to "default" (i.e. not
	specified in the config) and was later updated to "VFIO" by
	qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
	increased (as is required for VFIO device assignment).

	This patch delays making the local copy of backend until after its
	potential modification.

2014-02-04  Daniel P. Berrange  <berrange@redhat.com>

	Write up the project governance process
	The project has historically operated as a meritocratic
	consensus based community. Formally document what has
	always been an unwritten assumption amongst the community
	participants. Also include an explicit code of conduct
	to preempt any potential, but unlikely, future problems.

2014-02-04  Laine Stump  <laine@laine.org>

	network: change default of forwardPlainNames to 'yes'
	The previous patch fixed "forwardPlainNames" so that it really is
	doing only what is intended, but left the default to be
	"forwardPlainNames='no'". Discussion around the initial version of
	that patch led to the decision that the default should instead be
	"forwardPlainNames='yes'" (i.e. the original behavior before commit
	f3886825). This patch makes that change to the default.

2014-02-04  Laine Stump  <laine@laine.org>

	network: only prevent forwarding of DNS requests for unqualified names
	In commit f386825 we began adding the options

	  --domain-needed
	  --local=/$mydomain/

	to all dnsmasq commandlines with the stated reason of preventing
	forwarding of DNS queries for names that weren't fully qualified
	domain names ("FQDN", i.e. a name that included some "."s and a domain
	name). This was later changed to

	  domain-needed
	  local=/$mydomain/

	when we moved the options from the dnsmasq commandline to a conf file.

	The original patch on the list, and discussion about it, is here:

	  https://www.redhat.com/archives/libvir-list/2012-August/msg01594.html

	When a domain name isn't specified (mydomain == ""), the addition of
	"domain-needed local=//" will prevent forwarding of domain-less
	requests to the virtualization host's DNS resolver, but if a domain
	*is* specified, the addition of "local=/domain/" will prevent
	forwarding of any requests for *qualified* names within that domain
	that aren't resolvable by libvirt's dnsmasq itself.

	An example of the problems this causes - let's say a network is
	defined with:

	   <domain name='example.com'/>
	   <dhcp>
	      ..
	      <host mac='52:54:00:11:22:33' ip='1.2.3.4' name='myguest'/>
	   </dhcp>

	This results in "local=/example.com/" being added to the dnsmasq options.

	If a guest requests "myguest" or "myguest.example.com", that will be
	resolved by dnsmasq. If the guest asks for "www.example.com", dnsmasq
	will not know the answer, but instead of forwarding it to the host, it
	will return NOT FOUND to the guest. In most cases that isn't the
	behavior an admin is looking for.

	A later patch (commit 4f595ba) attempted to remedy this by adding a
	"forwardPlainNames" attribute to the <dns> element. The idea was that
	if forwardPlainNames='yes' (default is 'no'), we would allow
	unresolved names to be forwarded. However, that patch was botched, in
	that it only removed the "domain-needed" option when
	forwardPlainNames='yes', and left the "local=/mydomain/".

	Really we should have been just including the option "--domain-needed
	--local=//" (note the lack of domain name) regardless of the
	configured domain of the network, so that requests for names without a
	domain would be treated as "local to dnsmasq" and not forwarded, but
	all others (including those in the network's configured domain) would
	be forwarded. We also shouldn't include *either* of those options if
	forwardPlainNames='yes'. This patch makes those corrections.

	This patch doesn't remedy the fact that default behavior was changed
	by the addition of this feature. That will be handled in a subsequent
	patch.

2014-02-04  Martin Kletzander  <mkletzan@redhat.com>

	build: Fix 'make rpm' in VPATH with wireshark

2014-02-04  Ján Tomko  <jtomko@redhat.com>

	man: shm-merge-across-nodes is optional
	Mark the shm-merge-across-nodes parameter of node-memory-tune command
	as optional in the virsh man page.

2014-02-03  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidthtest: Link with libxml2
	I've received a notice over IRC that on some systems, the
	virnetdevbandwidthtest is not linked with libxml:

	  /usr/bin/ld: virnetdevbandwidthtest.o: undefined reference to symbol 'xmlStrEqual@@LIBXML2_2.4.30'
	  /usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line

	Trivial way avoiding this is to add LIBXML_LIBS to
	virnetdevbandwidthtest_LDADD.

2014-02-03  Martin Kletzander  <mkletzan@redhat.com>

	spice: don't force user to specify spicevmc channel
	We support only one spicevmc channel name anyway and the code is
	prepared to use the default one, there's only one check missing.  It
	is also mentioned in the documentation already and helps defining
	domains with spice vdagent for people using virsh.

2014-01-31  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity dead_error_begin
	Coverity complains about default: label in libxl_driver.c not be able
	to be reached. It's by design for the code and since it's not necessary
	in the code nor does it elicit any compiler/make check warnings - just
	remove it rather than adding a coverity[dead_error_begin] tag.

	While I'm at it, lxc_driver.c and nodeinfo.c have the same design, so I
	removed the default labels and the existing coverity tags.

2014-01-31  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidthtest: Introduce some more tests
	And while doing this, fix one error raised by coverity. With
	current code, @actual_cmd is allowed to be NULL for the whole
	run of testVirNetDevBandwidthSet. However, if something else
	was expected, the @actal_cmd is passed to virtTestDifference
	which dereference it immediately.

2014-01-31  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virnetdevbandwidthtest: fix hard coded /sbin/tc
	On openSuse, (and possibly other distros), tc isn't located in
	/sbin/tc. To get rid of that problem, use TC constant instead of hard
	coded /sbin/tc in the expected string

2014-01-30  Daniel P. Berrange  <berrange@redhat.com>

	Push nwfilter update locking up to top level
	The NWFilter code has as a deadlock race condition between
	the virNWFilter{Define,Undefine} APIs and starting of guest
	VMs due to mis-matched lock ordering.

	In the virNWFilter{Define,Undefine} codepaths the lock ordering
	is

	  1. nwfilter driver lock
	  2. virt driver lock
	  3. nwfilter update lock
	  4. domain object lock

	In the VM guest startup paths the lock ordering is

	  1. virt driver lock
	  2. domain object lock
	  3. nwfilter update lock

	As can be seen the domain object and nwfilter update locks are
	not acquired in a consistent order.

	The fix used is to push the nwfilter update lock upto the top
	level resulting in a lock ordering for virNWFilter{Define,Undefine}
	of

	  1. nwfilter driver lock
	  2. nwfilter update lock
	  3. virt driver lock
	  4. domain object lock

	and VM start using

	  1. nwfilter update lock
	  2. virt driver lock
	  3. domain object lock

	This has the effect of serializing VM startup once again, even if
	no nwfilters are applied to the guest. There is also the possibility
	of deadlock due to a call graph loop via virNWFilterInstantiate
	and virNWFilterInstantiateFilterLate.

	These two problems mean the lock must be turned into a read/write
	lock instead of a plain mutex at the same time. The lock is used to
	serialize changes to the "driver->nwfilters" hash, so the write lock
	only needs to be held by the define/undefine methods. All other
	methods can rely on a read lock which allows good concurrency.

2014-01-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove windows thread implementation in favour of pthreads
	There are a number of pthreads impls available on Win32
	these days, in particular the mingw64 project has a good
	impl. Delete the native windows thread implementation and
	rely on using pthreads everywhere.

	Fix pthread_sigmask check for mingw32 without winpthreads
	On Fedora 19 and older the pthreads impl provided with
	mingw does not have any pthread_sigmask impl at all. The
	configure.ac check was not distinguishing this scenario
	from that of a broken pthread_sigmask impl, so was
	mistakenly enabling the libvirt workaround even when it
	was not needed. This in turn conflicted with the gnulib
	provided pthread_sigmask impl.

	Add a read/write lock implementation
	Add virRWLock backed up by a POSIX rwlock primitive

	Skip check-augeas-lockd when QEMU is disabled
	The check-augeas-lockd test depends on the file
	locking/qemu-lockd.conf, so must be skipped when QEMU
	is disabled.

2014-01-30  Osier Yang  <jyang@redhat.com>

	tests: Modify the scsi util tests
	Add tests/virscsidata/sg0 and tests/virscsidata/sg8 as the test
	input for constructing scsi->sg_path. And change the scsi generic
	number of "1:0:0:0", because it's easy to hide the problem (assuming
	most machines have a CDROM drive).

2014-01-30  Osier Yang  <jyang@redhat.com>

	util: Accept test data path for scsi device's sg_path
	Commit 10c9ceff6d intended to introduce new argument for the
	testing purpose, but it missed the similar changing of the
	device's sg_path. The problem was hidden since my laptop has
	the /dev/sg0 and /dev/sg1.  A later patch will modify the tests
	accordingly.

	Reported-by: Pavel Hrdina <phrdina@redhat.com>

2014-01-30  Pavel Hrdina  <phrdina@redhat.com>

	docs/page.xls: remove unnecessary namespace attribute
	It breaks the build on RHEL-5.10 and because it's only optional we
	could remove it from the code. The default namespace will be used.
	This hunk was introduced by commit 237a088ba44633b08e0528fe5103d99b1e213b71.

2014-01-30  Osier Yang  <jyang@redhat.com>

	qemu: Fix the error message for scsi host device's shareable checking
	This fixes the wrong argument order.

	tests: Add tests for scsi utils
	This creates the basic unit tests for the scsi utils.

2014-01-30  Osier Yang  <jyang@redhat.com>

	util: Add one argument for several scsi utils
	To support passing the path of the test data to the utils, one
	more argument is added to virSCSIDeviceGetSgName,
	virSCSIDeviceGetDevName, and virSCSIDeviceNew, and the related
	code is changed accordingly.

	Later tests for the scsi utils will be based on this patch.

2014-01-30  Osier Yang  <jyang@redhat.com>

	qemu: Don't fail if the SCSI host device is shareable between domains
	It doesn't make sense to fail if the SCSI host device is specified
	as "shareable" explicitly between domains (NB, it works if and only
	if the device is specified as "shareable" for *all* domains,
	otherwise it fails).

	To fix the problem, this patch introduces an array for virSCSIDevice
	struct, which records all the names of domain which are using the
	device (note that the recorded domains must specify the device as
	shareable).  And the change on the data struct brings on many
	subsequent changes in the code.

	Prior to this patch, the "shareable" tag didn't work as expected,
	it actually work like "non-shareable".  So this patch also added notes
	in formatdomain.html to declare the fact.

	* src/util/virscsi.h:
	  - Remove virSCSIDeviceGetUsedBy
	  - Change definition of virSCSIDeviceGetUsedBy and virSCSIDeviceListDel
	  - Add virSCSIDeviceIsAvailable

	* src/util/virscsi.c:
	  - struct virSCSIDevice: Change "used_by" to be an array; Add
	    "n_used_by" as the array count
	  - virSCSIDeviceGetUsedBy: Removed
	  - virSCSIDeviceFree: frees the "used_by" array
	  - virSCSIDeviceSetUsedBy: Copy the domain name to avoid potential
	    memory corruption
	  - virSCSIDeviceIsAvailable: New
	  - virSCSIDeviceListDel: Change the logic, for device which is already
	    in the list, just remove the corresponding entry in "used_by". And
	    since it's only used in one place, we can safely removing the code
	    to find out the dev in the list first.
	  - Copyright updating

	* src/libvirt_private.sys:
	  - virSCSIDeviceGetUsedBy: Remove
	  - virSCSIDeviceIsAvailable: New

	* src/qemu/qemu_hostdev.c:
	  - qemuUpdateActiveScsiHostdevs: Check if the device existing before
	    adding it to the list;
	  - qemuPrepareHostdevSCSIDevices: Error out if the not all domains
	    use the device as "shareable"; Also don't try to add the device
	    to the activeScsiHostdevs list if it already there; And make
	    more sensible error w.r.t the current "shareable" value in
	    driver->activeScsiHostdevs.
	  - qemuDomainReAttachHostScsiDevices: Change the logic according
	    to the changes on helpers.

2014-01-29  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	maint: add configure checks for BSD CPU affinity
	Check for presence of sys/cpuset.h header and cpuset_getaffinity()
	in configure instead of just using #ifdef __FreeBSD__ for that code.

2014-01-29  Michal Privoznik  <mprivozn@redhat.com>

	Revert "networkAllocateActualDevice: Set QoS for bridgeless networks too"
	This reverts commit 2996e6be19a13199ded7c2aa21039cca97318e01
	and some parts of 2636dc8c4de83cd37bc0680a6fbc3f6d25023bd7.

	The former one tried to implement QoS setting on bridgeless networks.
	However, as discussed upstream [1], the patch is far away from being
	useful in even a single case. The whole idea of network QoS is to have
	aggregated limits over several interfaces. This patch is doing
	completely the opposite when merging two QoS settings (from the network
	and the domain interface) into one which is then set at the domain
	interface itself, not the network.

	The latter one is the test for the previous one. Now none of them makes
	sense.

	1: https://www.redhat.com/archives/libvir-list/2014-January/msg01441.html

	Conflicts:
		tests/virnetdevbandwidthtest.c: New test has been introduced since
	    then.

2014-01-29  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevbandwidthtest: Introduce testVirNetDevBandwidthSet
	The test tries to set some QoS limits and check if the commands
	that are actually executed are the expected ones.

	virCommand: Introduce virCommandSetDryRun
	There are some units within libvirt that utilize virCommand API to run
	some commands and deserve own unit testing. These units are, however,
	not desired to be rewritten to dig virCommand API usage out. As a great
	example virNetDevBandwidth could be used. The problem with the bandwidth
	unit is: it uses virCommand API heavily. Therefore we need a mechanism
	to not really run a command, but rather see its string representation
	after which we can decide if the unit construct the correct sequence of
	commands or not.

2014-01-29  Peter Krempa  <pkrempa@redhat.com>

	snapshot: Add support for specifying snapshot disk backing type
	Add support for specifying various types when doing snapshots. This will
	later allow to do snapshots on network backed volumes. Disks of type
	'volume' are not supported by snapshots (yet).

	Also amend the test suite to check parsing of the various new disk
	types that can now be specified.

2014-01-29  Jim Fehlig  <jfehlig@suse.com>

	xen: fix parsing xend http response
	Commit df36af58 broke parsing of http response from xend.  The prior
	use of atoi() would happily parse e.g. a string containing "200 OK\r\n",
	whereas virStrToLong_i() will fail when called with a NULL end_ptr.
	Change the calls to virStrToLong_i() to provide a non-NULL end_ptr.

2014-01-28  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add more tests for virConnectBaselineCPU
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391

	The new tests would fail in various ways without the two previous
	commits.

2014-01-28  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Try to use source CPU model in virConnectBaselineCPU
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391

	When all source CPU XMLs contain just a single CPU model (with a
	possibly varying set of additional feature elements),
	virConnectBaselineCPU will try to use this CPU model in the computed
	guest CPU. Thus, when used on just a single CPU (useful with
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES), the result will not use a
	different CPU model.

	If the computed CPU uses the source model, set fallback mode to 'forbid'
	to make sure the guest CPU will always be as close as possible to the
	source CPUs.

2014-01-28  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391

	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES flag for virConnectBaselineCPU
	did not work if the resulting guest CPU would disable some features
	present in its base model. This patch makes sure we won't try to add
	such features twice.

2014-01-28  Jiri Denemark  <jdenemar@redhat.com>

	tests: Better support for VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
	https://bugzilla.redhat.com/show_bug.cgi?id=1049391

	virConnectBaselineCPU test results are now stored in different files
	depending on VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES.

2014-01-28  Ján Tomko  <jtomko@redhat.com>

	Reword error message for oversized cpu time fields

	Simplify linuxNodeGetCPUStats
	Split out the repetitive code.

2014-01-27  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement virProcess{Get,Set}Affinity
	Implement virProcess{Get,Set}Affinity() using cpuset_getaffinity()
	and cpuset_setaffinity() calls. Quick search showed that they are
	only available on FreeBSD, so placed it inside existing #ifdef
	blocks for FreeBSD instead of adding configure checks.

2014-01-27  Pradipta Kr. Banerjee  <bpradip@in.ibm.com>

	Add hw random number generator (/dev/hwrng) to cgroup ACL
	Creating a qemu VM with /dev/hwrng as backend RNG device throws the
	following error - "Could not open '/dev/hwrng': Permission denied"
	This patch fixes the issue

2014-01-27  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce virnetdevbandwidthtest
	The only API tested so far would be virNetDevBandwidthMinimal.
	But there's more to come!

2014-01-27  Michal Privoznik  <mprivozn@redhat.com>

	networkAllocateActualDevice: Set QoS for bridgeless networks too
	https://bugzilla.redhat.com/show_bug.cgi?id=1055484

	Currently, libvirt's XML schema of network allows QoS to be defined for
	every network even though it has no bridge. For instance:

	<network>
	    <name>vdsm-no-bridge</name>
	    <forward mode='passthrough'>
	      <interface dev='em1.10'/>
	    </forward>
	    <bandwidth>
	        <inbound average='1000' peak='5000' burst='1024'/>
	        <outbound average='1000' burst='1024'/>
	    </bandwidth>
	</network>

	The bandwidth limitations can be, however, applied even on such
	networks. In fact, they are going to be applied on the interface that
	will be connected to the network on a domain startup. This approach,
	however, has one limitation. With bridged networks, there are two points
	where QoS can be set: bridge and domain interface. The lower limit of
	the two is enforced then. For instance, if the interface has 10Mbps
	average, but the network only 1Mbps, there's no way for interface to
	transmit packets faster than the 1Mbps limit. With two points this is
	enforced by kernel.  With only one point, we must combine both QoS
	settings into one which is set afterwards. Look at
	virNetDevBandwidthMinimal() and you'll understand immediately what I
	mean.

2014-01-27  Ján Tomko  <jtomko@redhat.com>

	Add test for linuxNodeGetCPUStats
	Check if cpu stats are read correctly from a sample
	/proc/stat collected from a 24 CPU machine.

	Move test-local declarations to nodeinfopriv.h
	linuxNodeInfoCPUPopulate is only used in the nodeinfo.c file
	and in the test suite.

2014-01-27  Dan Kenigsberg  <danken@redhat.com>

	docs: add a permalink to html headers
	Quite often, I need to cite URLs like
	    http://libvirt.org/formatnetwork.html#elementQoS
	but it is annoying to copy them from the table of contents or the html
	source.

	This patch borrows from the Python documentation in order to make it
	easier to cite headers on libvirt's oneline documentation.

2014-01-25  Oleg Strikov  <oleg.strikov@canonical.com>

	qemu: Enable 'host-passthrough' cpu mode for aarch64
	This patch allows libvirt user to specify 'host-passthrough'
	cpu mode while using qemu/kvm backend on aarch64.
	It uses 'host' as a CPU model name instead of some other stub
	(correct CPU detection is not implemented yet) to allow libvirt
	user to specify 'host-model' cpu mode as well.


	(crobinso: fix some indentation)

2014-01-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Fix PCI test data filenames for Windows
	Windows doesn't allow : in filenames.

	Commit 21685c955e546676a5b2a01f7b788d222e0ee0f5 added files with a : in
	their names. This broke git operations on Windows as git is not able to
	create those files on clone or pull.

	Replace : with - in the offending filenames and adapt the test case.

2014-01-24  John Ferlan  <jferlan@redhat.com>

	Block info query: Add check for transient domain
	Currently the qemuDomainGetBlockInfo will return allocation == physical
	for most backing stores. For a qcow2 block backed device it's possible
	to return the highest lv extent allocated from qemu for an active guest.
	That is a value where allocation != physical and one would hope be less.
	However, if the guest is not running, then the code falls back to returning
	allocation == physical. This turns out to be problematic for rhev which
	monitors the size of the backing store. During a migration, before the
	VM has been started on the target and while it is deemed inactive on the
	source, there's a small window of time where the allocation is returned
	as physical triggering the code to extend the file unnecessarily.

	Since rhev uses transient domains and this is edge condition for a transient
	domain, rather than returning good status and allocation == physical when
	this "window of opportunity" exists, this patch will check for a transient
	(or non persistent) domain and return a failure to the caller rather than
	returning the defaults. For a persistent domain, the defaults will be
	returned. The description for the virDomainGetBlockInfo has been updated
	to describe the phenomena.

2014-01-24  Jiri Denemark  <jdenemar@redhat.com>

	wireshark: Fix VPATH build
	config-post.h included indirectly from packet-libvirt.c stays in
	$(top_srcdir) rather than $(top_builddir) which is added automatically.

2014-01-24  Gao feng  <gaofeng@cn.fujitsu.com>

	qemu: remove memset params array to zero in qemuDomainGetPercpuStats
	the array params is allocated by VIR_ALLOC_N in
	remoteDispatchDomainGetCPUStats. it had been set
	to zero. No need to reset it to zero again, and
	this reset here is incorrect too, nparams * ncpus
	is the array length not the size of params array.

2014-01-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib, for mingw improvements
	On Fedora 20, mingw-headers has switched over to winpthreads as
	the provider for its <pthread.h>.  winpthreads is notorious for
	providing a less-than-stellar header, and needs several workarounds
	before it can be used in a project assuming POSIX semantics.  While
	we still use Windows primitives rather than pthread when compiling
	for mingw, this update will make it possible to switch to mingw
	pthreads.

	* .gnulib: Update to latest, for mingw fixes.

2014-01-23  Osier Yang  <jyang@redhat.com>

	storage: Fix the memory leak
	The return value of virGetFCHostNameByWWN is a strdup'ed string.
	Also add comments to declare that the caller should take care of
	freeing it.

	util: Fix the indention
	Left in the git cache without commit before pushing. Pushed under
	build breaker and trivial rule.

	util: Add "shareable" field for virSCSIDevice struct
	Unlike the host devices of other types, SCSI host device XML supports
	"shareable" tag. This patch introduces it for the virSCSIDevice struct
	for a later patch use (to detect if the SCSI device is shareable when
	preparing the SCSI host device in QEMU driver).

2014-01-23  Osier Yang  <jyang@redhat.com>

	storage: Fix autostart of pool with "fc_host" type adapter
	The "checkPool" is a bit different for pool with "fc_host"
	type source adapter, since the vHBA it's based on might be
	not created yet (it's created by "startPool", which is
	involked after "checkPool" in storageDriverAutostart). So it
	should not fail, otherwise the "autostart" of the pool will
	fail either.

	The problem is easy to reproduce:
	    * Enable "autostart" for the pool
	    * Restart libvirtd service
	    * Check the pool's state

2014-01-23  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	Fix buffer size in linuxNodeGetCPUstats
	94f8205 added a space to the string but didn't change the buffer size.

2014-01-23  Osier Yang  <jyang@redhat.com>

	storage: Add document for possible problem on volume detection
	For pool which relies on remote resources, such as a "iscsi" type
	pool, since how long it takes to export the corresponding devices
	to host's sysfs is really depended, it could depend on the network
	connection, it also could depend on the host's udev procedures. So
	it's likely that the volumes are not able to be detected during pool
	starting process, polling the sysfs doesn't work, since we don't
	know how much time is best for the polling, and even worse, the
	volumes could still be not detected or partly not detected even after
	the polling.  So we end up with a documentation to prompt the fact,
	in virsh manual.

	And as a small improvement, let's explicitly say no LUNs found in
	the debug log in that case.

2014-01-23  Osier Yang  <jyang@redhat.com>

	util: Correct the NUMA node range checking
	There are 2 issues here: First we shouldn't add "1" to the return
	value of numa_max_node(), since the semanteme of the error message
	was changed, it's not saying about the number of total NUMA nodes
	anymore.  Second, the value of "bit" is the position of the first
	bit which exceeds either numa_max_node() or NUMA_NUM_NODES, it can
	be any number in the range, so saying "bigger than $bit" is quite
	confused now. For example, assuming there is a NUMA machine which
	has 10 NUMA nodes, and one specifies the "nodeset" as "0,5,88",
	the error message will be like:

	Nodeset is out of range, host cannot support NUMA node bigger than 88

	It sounds like all NUMA node number less than 88 is fine, but
	actually the maximum NUMA node number the machine supports is 9.

	This patch fixes the issues by removing the addition with "1" and
	simplifies the error message as "NUMA node $bit is out of range".
	Also simplifies the comparision in the while loop by getting the
	smaller one of numa_max_node() and NUMA_NUM_NODES up front.

2014-01-23  Eric Blake  <eblake@redhat.com>

	api: require write permission for guest agent interaction
	I noticed that we allow virDomainGetVcpusFlags even for read-only
	connections, but that with a flag, it can require guest agent
	interaction.  It is feasible that a malicious guest could
	intentionally abuse the replies it sends over the guest agent
	connection to possibly trigger a bug in libvirt's JSON parser,
	or withhold an answer so as to prevent the use of the agent
	in a later command such as a shutdown request.  Although we
	don't know of any such exploits now (and therefore don't mind
	posting this patch publicly without trying to get a CVE assigned),
	it is better to err on the side of caution and explicitly require
	full access to any domain where the API requires guest interaction
	to operate correctly.

	I audited all commands that are marked as conditionally using a
	guest agent.  Note that at least virDomainFSTrim is documented
	as needing a guest agent, but that such use is unconditional
	depending on the hypervisor (so the existing domain:fs_trim ACL
	should be sufficient there, rather than also requirng domain:write).
	But when designing future APIs, such as the plans for obtaining
	a domain's IP addresses, we should copy the approach of this patch
	in making interaction with the guest be specified via a flag, and
	use that flag to also require stricter access checks.

	* src/libvirt.c (virDomainGetVcpusFlags): Forbid guest interaction
	on read-only connection.
	(virDomainShutdownFlags, virDomainReboot): Improve docs on agent
	interaction.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_CREATE_XML)
	(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
	(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS, REMOTE_PROC_DOMAIN_REBOOT)
	(REMOTE_PROC_DOMAIN_SHUTDOWN_FLAGS): Require domain:write for any
	conditional use of a guest agent.
	* src/xen/xen_driver.c: Fix clients.
	* src/libxl/libxl_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.

2014-01-22  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vbox: add support for v4.2.20+ and v4.3.4+
	Bugs have been found in the VirtualBox API C bindings. These bugs have
	been fixed in versions 4.2.20 and 4.3.4. However, the changes in the
	C bindings are incompatible with the vbox_CAPI_v4_2.h and vbox_CAPI_v4_3.h
	files which are bundled in libvirt source code.
	This is why the following patch adds vbox_CAPI_v4_2_20.h and
	vbox_CAPI_v4_3_4.h.

	The actual underlying problem here is that until now,
	libvirt assumed that VirtualBox API can only change between minor
	versions (4.2 -> 4.3), but we have a case here where it changed
	(or got fixed) between patch versions (4.2.18 -> 4.2.20).

	This patch makes the VBOX_API_VERSION represent the full API
	version number (i.e 4002 => 4002000) so there are specific version
	numbers for Vbox 4.2.20 (4002020) and 4.3.4 (4003004)

2014-01-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid crash in qemuDiskGetActualType
	Libvirtd would crash if a domain contained an empty cdrom drive of
	type='volume' as the disk def->srcpool member would be dereferenced. Fix
	it by checking if the source pool is present before dereferencing it.

	Also alter tests to catch this issue in the future.

	Reported by: Kevin Shanahan
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328

2014-01-22  Osier Yang  <jyang@redhat.com>

	Doc: Add "note" for node-memory-tune
	To let the user know the command onlys work for KSM under Linux.

	Doc: Improve the document for nodesuspend
	Explicitly lists the possible values for "--target" option;
	Gets rid of the confused strings like "Suspend-to-RAM";
	Emphasises the node *has to* be suspended in the time duration
	specified by "--duration". And rewords the entire document a
	bit according to the API's implementation and document.

2014-01-22  Michael Chapman  <mike@very.puzzling.org>

	virtlockd: make re-exec more robust
	- Use $XDG_RUNTIME_DIR for re-exec state file when running unprivileged.

	- argv[0] may not contain a full path to the binary, however it should
	  contain something that can be looked up in the PATH. Use execvp() to
	  do path lookup on re-exec.

	- As per list discussion [1], ignore --daemon on re-exec.

	[1] https://www.redhat.com/archives/libvir-list/2013-December/msg00514.html

2014-01-22  Claudio Bley  <cbley@av-test.de>

	docs: refer to the correct event ID for DomainEventIOErrorReasonCallback
	s/_ID_IO_ERROR/_ID_IO_ERROR_REASON/

2014-01-22  Osier Yang  <jyang@redhat.com>

	virsh: Fix the string breaking style

2014-01-21  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	linuxNodeGetCPUStats: Correctly handle cpu prefix
	To retrieve node cpu statistics on Linux system, the
	linuxNodeGetCPUstats function simply uses STRPREFIX() to match the cpuid
	with the one read from /proc/stat. However, as the file is read line by
	line it may happen, that some CPUs share the same prefix. So if user
	requested stats for the first CPU, which is offline, then there's no
	cpu1 in the stats file so the one that we match is cpu10. Which is
	obviously wrong. Fortunately, the IDs are terminated by a space, so we
	can utilize that.

2014-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Honour prefix in wireshark install dir
	Trying to run

	  $ ./configure --prefix=$HOME/usr/libvirt-git
	  $ make install

	results in libvirt trying to install in /usr/lib/wireshark/plugins/....
	with predictable amounts of fail. The configure script should not be
	hardcoding /usr/lib by default but rather honour $libdir

2014-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Forbid snapshots when backing is a scsi passthrough disk
	https://bugzilla.redhat.com/show_bug.cgi?id=1034993

	SCSI passthrough disks (<disk .. device="lun">) can't be used as backing
	for snapshots. Currently with upstream qemu the vm crashes on such
	attempt.

	This patch adds a early check to catch an attempt to do such a snapshot
	and rejects it right away. qemu will fix the issue but this will let us
	control the error message.

2014-01-21  Laine Stump  <laine@laine.org>

	build: add $(prefix) to SYSTEMD_UNIT_DIR
	I noticed this problem when adding systemd support to netcf, because I
	setup the configure.ac to automatically prefer using systemd over
	initscripts when possible - although I had copied the
	install-data-local target from the example of libvirt's
	"libvirt-guests" service more or less verbatim, "make distcheck" would
	fail because it was trying to install the service file directly into
	/lib/systemd/system rather than into
	/home/user/some/unimportant/name/lib/systemd/system.

	This is caused by the install/uninstall rules for the systemd unit
	files relying on $(DESTDIR) pointing the installed files to the right
	place, but in reality $(DESTDIR) is empty during this part of make
	distcheck - it instead sets $(prefix) with the toplevel directory used
	for its test build/install/uninstall cycle.

	(This problem hasn't been seen when running "make distcheck" in
	libvirt because libvirt will never build/install systemd support
	unless explicitly told to do so on the configure commandline, and
	"make distcheck" doesn't put the "--with-initscript=..." option on the
	configure commandline.)

	I verified that the same problem does exist in libvirt by modifying
	libvirt's configure.ac to set:

	  init_systemd=yes
	  with_init_script=systemd+redhat

	This forces a build/install of the systemd unit files during
	distcheck, which yields an error like this:

	/usr/bin/install -c -m 644 virtlockd.service \
	  /lib/systemd/system/
	libtool: install: warning: relinking `libvirt-qemu.la'
	/usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied
	make[4]: *** [install-systemd] Error 1

	After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR,
	make distcheck now completes successfully with the modified
	configure.ac, and the above lines change to something like this:

	/usr/bin/install -c -m 644 virtlockd.service \
	  /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/

2014-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Avoid libvirtd crash when qemu crashes while snapshotting
	We shouldn't access the domain definition while we are in the monitor
	section as the domain is unlocked. Additionally after we exit from the
	monitor we need to check if the VM is still alive. Not doing so resulted
	in a crash if qemu exits while attempting to do an external VM snapshot.

2014-01-21  Francesco Romani  <fromani@redhat.com>

	spice: expose the QEMU disable file transfer option
	spice-server offers an API to disable file transfer messages
	on the agent channel between the client and the guest.
	This is supported in qemu through the disable-agent-file-xfer option.

	This patch exposes this option to libvirt.
	Adds a new element 'filetransfer', with one property,
	'enable', which accepts a boolean.
	Default is enabled, for backward compatibility.

	Depends on the capability exported in the first patch of the series.

2014-01-21  Francesco Romani  <fromani@redhat.com>

	spice: detect if qemu can disable file transfer
	spice-server offers an API to disable file transfer messages
	on the agent channel between the client and the guest.
	This is supported in qemu through the disable-agent-file-xfer option.

	This patch detects if QEMU supports this option, and add
	a capability if does.

2014-01-21  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Fix coverity
	Commit 399394ab74ebf3f6e60771044fda0ee69a2acf67 removed some coverity
	comments which skipped the dead code, so add them back.

2014-01-21  Gao feng  <gaofeng@cn.fujitsu.com>

	lxc: allow to setup throttle blkio cgroup through virsh
	With this patch,user can set throttle blkio cgroup for
	lxc domain through virsh tool.

2014-01-20  Wout Mertens  <wout.mertens@gmail.com>

	Add test for transient disk support in VMX files
	--001a11c3e84c4130bc04f03cda95
	Content-Type: text/plain; charset=ISO-8859-1

	From: Wout Mertens <Wout.Mertens@gmail.com>

	Adds test for transient disk translation in vmx files

2014-01-20  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Use AC_PATH_PROG to search for dmidecode
	This is useful in certain circumstances, for example when
	libvirtd is being executed by FreeBSD rc script, it cannot find
	dmidecode installed from FreeBSD ports because it doesn't have
	/usr/local (default prefix for ports) in PATH.

2014-01-20  Yuto KAWAMURA(kawamuray)  <kawamuray.dadada@gmail.com>

	Add sample output of Wireshark dissector
	Add directory tools/wireshark/samples/ and
	libvirt-sample.pdml which is sample output of dissector.

2014-01-20  Yuto KAWAMURA(kawamuray)  <kawamuray.dadada@gmail.com>

	Introduce Libvirt Wireshark dissector
	Introduce Wireshark dissector plugin which adds support to Wireshark
	for dissecting libvirt RPC protocol.
	Added following files to build Wireshark dissector from libvirt source
	tree.
	* tools/wireshark/*: Source tree of Wireshark dissector plugin.

	Added followings to configure.ac or Makefile.am.
	configure.ac
	* --with-wireshark-dissector: Enable support for building Wireshark
	  dissector.
	* --with-ws-plugindir: Specify wireshark plugin directory that dissector
	  will installed.
	* Added tools/wireshark/{Makefile,src/Makefile} to  AC_CONFIG_FILES.
	Makefile.am
	* Added tools/wireshark/ to SUBDIR.

2014-01-20  Thorsten Behrens  <tbehrens@suse.com>

	Make syntax check notice assignments w/o surrounding spaces.

	maint: align whitespaces with project conventions.

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	virpcitest: Test virPCIDeviceDetach failure

	virpcimock: Add PCI driver which always fails
	Such driver can be used to make sure PCI APIs fail properly.

	virpcitest: More tests for device detach and reattach
	Especially for devices that are not bound to any driver.

	virpcimock: Mock /sys/bus/pci/drivers_probe
	This file is used by PCI detach and reattach APIs to probe for a driver
	that handles a specific device.

	pci: Publish some internal code for virpcitest

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	virpcitest: Show PCI device tested by each test
	For example:

	 ...
	 5) testVirPCIDeviceIsAssignable(0005:90:01.0)      ... OK
	 6) testVirPCIDeviceIsAssignable(0001:01:00.0)      ... OK

2014-01-20  Jincheng Miao  <jmiao@redhat.com>

	qemu: Don't detach devices if passthrough doesn't work
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919

	If none (KVM, VFIO) of the supported PCI passthrough methods is known to
	work on a host, it's better to fail right away with a nice error message
	rather than letting attachment fail with a more cryptic message such as

	    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	pci: Fix failure paths in detach
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919

	Since commit v0.9.0-47-g4e8969e (released in 0.9.1) some failures during
	device detach were reported to callers of virPCIDeviceBindToStub as
	success. For example, even though a device seemed to be detached

	    virsh # nodedev-detach pci_0000_07_05_0 --driver vfio
	    Device pci_0000_07_05_0 detached

	one could find similar message in libvirt logs:

	    Failed to bind PCI device '0000:07:05.0' to vfio-pci: No such device

	This patch fixes these paths and also avoids overwriting real errors
	with errors encountered during a cleanup phase.

2014-01-20  Jiri Denemark  <jdenemar@redhat.com>

	pci: Make reattach work for unbound devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1046919

	When a PCI device is not bound to any driver, reattach should just
	trigger driver probe rather than failing with

	    Invalid device 0000:00:19.0 driver file
	    /sys/bus/pci/devices/0000:00:19.0/driver is not a symlink

	While virPCIDeviceGetDriverPathAndName was documented to return success
	and NULL driver and path when a device is not attached to any driver but
	didn't do so. Thus callers could not distinguish unbound devices from
	failures.

2014-01-20  Gao feng  <gaofeng@cn.fujitsu.com>

	qemu: allow to setup throttle blkio cgroup through virsh
	With this patch, user can setup throttle blkio cgroup
	through virsh for qemu domain.

2014-01-20  Gao feng  <gaofeng@cn.fujitsu.com>

	virsh: add setting throttle blkio cgroup option to blkiotune
	With this patch, user can setup the throttle blkio cgorup
	for domain through the virsh cmd, such as:

	virsh blkiotune domain1 --device-read-bytes-sec /dev/sda1,1000000,/dev/sda2,2000000
	--device-write-bytes-sec /dev/sda1,1000000 --device-read-iops-sec /dev/sda1,10000
	--device-write-iops-sec /dev/sda1,10000,/dev/sda2,0

	This patch also add manpage for these new options.

2014-01-20  Gao feng  <gaofeng@cn.fujitsu.com>

	blkio: Setting throttle blkio cgroup for domain
	This patch introduces virCgroupSetBlkioDeviceReadIops,
	virCgroupSetBlkioDeviceWriteIops,
	virCgroupSetBlkioDeviceReadBps and
	virCgroupSetBlkioDeviceWriteBps,

	we can use these interfaces to set up throttle
	blkio cgroup for domain.

	This patch also adds the new throttle blkio cgroup
	elements to the test xml.

2014-01-20  Gao feng  <gaofeng@cn.fujitsu.com>

	domain: introduce xml elements for throttle blkio cgroup
	This patch introduces new xml elements under <blkiotune>,
	we use these new elements to setup the throttle blkio
	cgroup for domain. The new blkiotune node looks like this:

	<blkiotune>
	  <device>
	    <path>/path/to/block</path>
	    <weight>1000</weight>
	    <read_iops_sec>10000</read_iops_sec>
	    <write_iops_sec>10000</write_iops_sec>
	    <read_bytes_sec>1000000</read_bytes_sec>
	    <write_bytes_sec>1000000</write_bytes_sec>
	  </device>
	</blkiotune>

2014-01-17  Christophe Fergeau  <cfergeau@redhat.com>

	doc: Add missing space in <clock> documentation

2014-01-17  Michal Privoznik  <mprivozn@redhat.com>

	virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS
	https://bugzilla.redhat.com/show_bug.cgi?id=996543

	When starting up a domain, the SELinux labeling is done depending on
	current configuration. If the labeling fails we check for possible
	causes, as not all labeling failures are fatal. For example, if the
	labeled file is on NFS which lacks SELinux support, the file can still
	be readable to qemu process. These cases are distinguished by the errno
	code: NFS without SELinux support returns EOPNOTSUPP. However, we were
	missing one scenario. In case there's a read-only disk on a read-only
	NFS (and possibly any FS) and the labeling is just optional (not
	explicitly requested in the XML) there's no need to make the labeling
	error fatal. In other words, read-only file on read-only NFS can fail to
	be labeled, but be readable at the same time.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: replace remaining virLib*Error with better names
	Finish the cleanup of libvirt.c; all uses of virLib*Error have
	now been converted to more canonical conventions.

	* src/libvirt.c: Use virReportError in remaining errors.
	(virLibConnError, virLibDomainError): Delete unused macros.
	* cfg.mk (msg_gen_function): Drop unused names.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: simplify driver registration at startup
	We had a lot of repetition of errors that would occur if we
	ever register too many drivers; this is unlikely to occur
	unless we start adding a lot of new hypervisor modules, but
	if it does occur, it's better to have uniform handling of the
	situation, so that a one-line change is all that would be
	needed if we decide that an internal error is not the best.

	* src/libvirt.c (virDriverCheckTabMaxReturn): New define.
	(virRegister*Driver): Use it for less code duplication.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: clean up error reporting in migration
	The choice of error message and category was not consistent
	in the migration code; furthermore, the use of virLibConnError
	is no longer necessary now that we have a generic virReportError.

	* src/qemu/qemu_migration.c (virDomainMigrate*): Prefer
	virReportError over virLibConnError.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: don't lose error on canceled migration
	While auditing the error reporting, I noticed that migration
	had some issues.  Some of the static helper functions tried
	to call virDispatchError(), even though their caller will also
	report the error.  Also, if a migration is cancelled early
	because a uri was not set, we did not guarantee that the finish
	stage would not overwrite the first error message.

	* src/qemu/qemu_migration.c (doPeer2PeerMigrate2)
	(doPeer2PeerMigrate3): Preserve first error when cancelling.
	* src/libvirt.c (virDomainMigrateVersion3Full): Likewise.
	(virDomainMigrateVersion1, virDomainMigrateVersion2)
	(virDomainMigrateDirect): Avoid redundant error dispatch.
	(virDomainMigrateFinish2, virDomainMigrateFinish3)
	(virDomainMigrateFinish3Params): Don't report error on cleanup
	path.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: avoid nested use of virConnect{Ref,Close}
	The public virConnectRef and virConnectClose API are just thin
	wrappers around virObjectRef/virObjectRef, with added object
	validation and an error reset.  Within our backend drivers, use
	of the object validation is just an inefficiency since we always
	pass valid objects.  More important to think about is what
	happens with the error reset; our uses of virConnectRef happened
	to be safe (since we hadn't encountered any earlier errors), but
	in several cases the use of virConnectClose could lose a real
	error.

	Ideally, we should also avoid calling virConnectOpen() from
	within backend drivers - but that is a known situation that
	needs much more design work.

	* src/qemu/qemu_process.c (qemuProcessReconnectHelper)
	(qemuProcessReconnect): Avoid nested public API call.
	* src/qemu/qemu_driver.c (qemuAutostartDomains)
	(qemuStateInitialize, qemuStateStop): Likewise.
	* src/qemu/qemu_migration.c (doPeer2PeerMigrate): Likewise.
	* src/storage/storage_driver.c (storageDriverAutostart):
	Likewise.
	* src/uml/uml_driver.c (umlAutostartConfigs): Likewise.
	* src/lxc/lxc_process.c (virLXCProcessAutostartAll): Likewise.
	(virLXCProcessReboot): Likewise, and avoid leaking conn on error.

2014-01-16  Eric Blake  <eblake@redhat.com>

	maint: don't leave garbage on early API exit
	Several APIs clear out a user input buffer before attempting to
	populate it; but in a few cases we missed this memset if we
	detect a reason for an early exit.  Note that these APIs
	check for non-NULL arguments, and exit early with an error
	message when NULL is passed in; which means that we must be
	careful to avoid a NULL deref in order to get to that error
	message.  Also, we were inconsistent on the use of
	sizeof(virType) vs. sizeof(expression); the latter is more
	robust if we ever change the type of the expression (although
	such action is unlikely since these types are part of our
	public API).

	* src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo)
	(virStoragePoolGetInfo, virStorageVolGetInfo)
	(virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset
	before any returns.

2014-01-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Change the default unix monitor timeout
	There is a number of reported issues when we fail starting a domain.
	Turns out that, in some scenarios like high load, 3 second timeout is
	not enough for qemu to start up to the phase where the socket is
	created.  Since there is no downside of waiting longer, raise the
	timeout right to 30 seconds.

2014-01-16  Pavel Hrdina  <phrdina@redhat.com>

	Add Pavel Hrdina to the committers list

2014-01-16  Pavel Hrdina  <phrdina@redhat.com>

	Fix possible memory leak in virsh-domain-monitor.c in cmdDomblklist
	In a "for" loop there are created two new strings and they may not
	be freed if a "target" string cannot be obtained. We have to free
	the two created strings to prevent the memory leak.

	This has been found by coverity.

	John also pointed out that we should somehow care about the "type"
	and "device" and Osier agreed to exit with error message if one of
	them is set to NULL.

2014-01-16  Peter Krempa  <pkrempa@redhat.com>

	storage: Introduce internal pool support
	To allow using the storage driver APIs to do operation on generic domain
	disks we will need to introduce internal storage pools that will give is
	a base to support this stuff even on files that weren't originally
	defined as a part of the pool.

	This patch introduces the 'internal' flag for a storage pool that will
	prevent it from being listed along with the user defined storage pools.

2014-01-16  Peter Krempa  <pkrempa@redhat.com>

	storage: Sheepdog: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: RBD: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: disk: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process.

	storage: lvm: Separate creating of the volume from building
	Separate the steps to create libvirt's volume metadata from the actual
	volume building process. This is already done for regular file based
	pools to allow job support for storage APIs.

	storage: Support deletion of volumes on gluster pools
	Implement the "deleteVol" storage backend function for gluster volumes.

2014-01-16  Christophe Fergeau  <cfergeau@redhat.com>

	conf: Always use VIR_ERR_CONFIG_UNSUPPORTED on enumFromString() failures
	Currently, during XML parsing, when a call to a FromString() function to
	get an enum value fails, the error which is reported is either
	VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR.

	This commit makes such conversion failures consistently return
	VIR_ERR_CONFIG_UNSUPPORTED.

2014-01-16  Christophe Fergeau  <cfergeau@redhat.com>

	Bump version to 1.2.2 for new dev cycle

2014-01-16  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.1
	* docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: updated localization from transifex and regenerated

2014-01-15  Eric Blake  <eblake@redhat.com>

	event: filter global events by domain:getattr ACL [CVE-2014-0028]
	Ever since ACL filtering was added in commit 7639736 (v1.1.1), a
	user could still use event registration to obtain access to a
	domain that they could not normally access via virDomainLookup*
	or virConnectListAllDomains and friends.  We already have the
	framework in the RPC generator for creating the filter, and
	previous cleanup patches got us to the point that we can now
	wire the filter through the entire object event stack.

	Furthermore, whether or not domain:getattr is honored, use of
	global events is a form of obtaining a list of networks, which
	is covered by connect:search_domains added in a93cd08 (v1.1.0).
	Ideally, we'd have a way to enforce connect:search_domains when
	doing global registrations while omitting that check on a
	per-domain registration.  But this patch just unconditionally
	requires connect:search_domains, even when no list could be
	obtained, based on the following observations:
	1. Administrators are unlikely to grant domain:getattr for one
	or all domains while still denying connect:search_domains - a
	user that is able to manage domains will want to be able to
	manage them efficiently, but efficient management includes being
	able to list the domains they can access.  The idea of denying
	connect:search_domains while still granting access to individual
	domains is therefore not adding any real security, but just
	serves as a layer of obscurity to annoy the end user.
	2. In the current implementation, domain events are filtered
	on the client; the server has no idea if a domain filter was
	requested, and must therefore assume that all domain event
	requests are global.  Even if we fix the RPC protocol to
	allow for server-side filtering for newer client/server combos,
	making the connect:serach_domains ACL check conditional on
	whether the domain argument was NULL won't benefit older clients.
	Therefore, we choose to document that connect:search_domains
	is a pre-requisite to any domain event management.

	Network events need the same treatment, with the obvious
	change of using connect:search_networks and network:getattr.

	* src/access/viraccessperm.h
	(VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
	(VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
	effect of the permission.
	* src/conf/domain_event.h (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Add new parameter.
	* src/conf/network_event.h (virNetworkEventStateRegisterID):
	Likewise.
	* src/conf/object_event_private.h (virObjectEventStateRegisterID):
	Likewise.
	* src/conf/object_event.c (_virObjectEventCallback): Track a filter.
	(virObjectEventDispatchMatchCallback): Use filter.
	(virObjectEventCallbackListAddID): Register filter.
	* src/conf/domain_event.c (virDomainEventFilter): New function.
	(virDomainEventStateRegister, virDomainEventStateRegisterID):
	Adjust callers.
	* src/conf/network_event.c (virNetworkEventFilter): New function.
	(virNetworkEventStateRegisterID): Adjust caller.
	* src/remote/remote_protocol.x
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
	(REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
	(REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
	filter, and require connect:search_domains instead of weaker
	connect:read.
	* src/test/test_driver.c (testConnectDomainEventRegister)
	(testConnectDomainEventRegisterAny)
	(testConnectNetworkEventRegisterAny): Update callers.
	* src/remote/remote_driver.c (remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
	(xenUnifiedConnectDomainEventRegisterAny): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
	* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
	(libxlConnectDomainEventRegisterAny): Likewise.
	* src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
	(qemuConnectDomainEventRegisterAny): Likewise.
	* src/uml/uml_driver.c (umlConnectDomainEventRegister)
	(umlConnectDomainEventRegisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventRegisterAny): Likewise.
	* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
	(lxcConnectDomainEventRegisterAny): Likewise.

2014-01-15  Eric Blake  <eblake@redhat.com>

	event: wire up RPC for server-side network event filtering
	We haven't had a release with network events yet, so we are free
	to fix the RPC so that it actually does what we want.  Doing
	client-side filtering of per-network events is inefficient if a
	connection is only interested in events on a single network out
	of hundreds available on the server.  But to do server-side
	per-network filtering, the server needs to know which network
	to filter on - so we need to pass an optional network over on
	registration.  Furthermore, it is possible to have a client with
	both a global and per-network filter; in the existing code, the
	server sends only one event and the client replicates to both
	callbacks.  But with server-side filtering, the server will send
	the event twice, so we need a way for the client to know which
	callbackID is sending an event, to ensure that the client can
	filter out events from a registration that does not match the
	callbackID from the server.  Likewise, the existing style of
	deregistering by eventID alone is fine; but in the new style,
	we have to remember which callbackID to delete.

	This patch fixes the RPC wire definition to contain all the
	needed pieces of information, and hooks into the server and
	client side improvements of the previous patches, in order to
	switch over to full server-side filtering of network events.
	Also, since we fixed this in time, all released versions of
	libvirtd that support network events also support per-network
	filtering, so we can hard-code that assumption into
	network_event.c.

	Converting domain events to server-side filtering will require
	the introduction of new RPC numbers, as well as a server
	feature bit that the client can use to tell whether to use
	old-style (server only supports global events) or new-style
	(server supports filtered events), so that is deferred to a
	later set of patches.

	* src/conf/network_event.c (virNetworkEventStateRegisterClient):
	Assume server-side filtering.
	* src/remote/remote_protocol.x
	(remote_connect_network_event_register_any_args): Add network
	argument.
	(remote_connect_network_event_register_any_ret): Return callbackID
	instead of count.
	(remote_connect_network_event_deregister_any_args): Pass
	callbackID instead of eventID.
	(remote_connect_network_event_deregister_any_ret): Drop unused
	type.
	(remote_network_event_lifecycle_msg): Add callbackID.
	* daemon/remote.c
	(remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg,
	and deal with callbackID from client.
	(remoteRelayNetworkEventLifecycle): Pass callbackID.
	(remoteDispatchConnectNetworkEventRegisterAny): Likewise, and
	recognize non-NULL network.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny): Pass network, and track
	server side id.
	(remoteConnectNetworkEventDeregisterAny): Deregister by callback id.
	(remoteNetworkBuildEventLifecycle): Pass remote id to event queue.
	* src/remote_protocol-structs: Regenerate.

2014-01-15  Eric Blake  <eblake@redhat.com>

	event: add notion of remoteID for filtering client network events
	In order to mirror a server with per-object filtering, the client
	needs to track which server callbackID is servicing the client
	callback.  This patch introduces the notion of a serverID, as
	well as the plumbing to use it for network events, although the
	actual complexity of using per-object filtering in the remote
	driver is deferred to a later patch.

	* src/conf/object_event.h (virObjectEventStateEventID): Add parameter.
	(virObjectEventStateQueueRemote, virObjectEventStateSetRemote):
	New prototypes.
	(virObjectEventStateRegisterID): Move...
	* src/conf/object_event_private.h: ...here, and add parameter.
	(_virObjectEvent): Add field.
	* src/conf/network_event.h (virNetworkEventStateRegisterClient): New
	prototype.
	* src/conf/object_event.c (_virObjectEventCallback): Add field.
	(virObjectEventStateSetRemote): New function.
	(virObjectEventStateQueue): Make wrapper around...
	(virObjectEventStateQueueRemote): New function.
	(virObjectEventCallbackListCount): Tweak return count when remote
	id matching is used.
	(virObjectEventCallbackLookup, virObjectEventStateRegisterID):
	Tweak registration when remote id matching will be used.
	(virObjectEventNew): Default to no remote id.
	(virObjectEventCallbackListAddID): Likewise, but set remote id
	when one is available.
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Adjust return value when
	remote id was set.
	(virObjectEventStateEventID): Query existing id.
	(virObjectEventDispatchMatchCallback): Require matching event id.
	(virObjectEventStateCallbackID): Adjust caller.
	* src/conf/network_event.c (virNetworkEventStateRegisterClient): New
	function.
	(virNetworkEventStateRegisterID): Update caller.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateRegisterID): Update callers.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny)
	(remoteConnectNetworkEventDeregisterAny)
	(remoteConnectDomainEventDeregisterAny): Likewise.
	(remoteEventQueue): Hoist earlier to avoid forward declaration,
	and add parameter.  Adjust all callers.
	* src/libvirt_private.syms (conf/object_event.h): Drop function.

2014-01-15  Eric Blake  <eblake@redhat.com>

	event: track callbackID on daemon side of RPC
	Right now, the daemon side of RPC events is hard-coded to at most
	one callback per eventID.  But when there are hundreds of domains
	or networks coupled and multiple conections, then sending every
	event to every connection that wants an event, even for the
	connections that only care about events for a particular object,
	is inefficient.  In order to track more than one callback in the
	server, we need to store callbacks by more than just their
	eventID.  This patch rearranges the daemon side to store network
	callbacks in a dynamic array, which can eventually be used for
	multiple callbacks of the same eventID, although actual behavior
	is unchanged without further patches to the RPC protocol.  For
	ease of review, domain events are saved for a later patch, as
	they touch more code.

	While at it, fix a bug where a malicious client could send a
	negative eventID to cause network event registration to access
	outside of array bounds (thankfully not a CVE, since domain
	events were already doing the bounds check, and since network
	events have not been released).

	* daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of
	network events.
	* daemon/remote.c (daemonClientEventCallback): New struct.
	(remoteEventCallbackFree): New function.
	(remoteClientInitHook, remoteRelayNetworkEventLifecycle)
	(remoteClientFreeFunc)
	(remoteDispatchConnectNetworkEventRegisterAny): Track network
	callbacks differently.
	(remoteDispatchConnectNetworkEventDeregisterAny): Enforce bounds.

2014-01-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid operations on NULL monitor if VM fails early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047659

	If a VM dies very early during an attempted connect to the guest agent
	while the locks are down the domain monitor object will be freed. The
	object is then accessed later as any failure during guest agent startup
	isn't considered fatal.

	In the current upstream version this doesn't lead to a crash as
	virObjectLock called when entering the monitor in
	qemuProcessDetectVcpuPIDs checks the pointer before attempting to
	dereference (lock) it. The NULL pointer is then caught in the monitor
	helper code.

	Before the introduction of virObjectLockable - observed on 0.10.2 - the
	pointer is locked directly via virMutexLock leading to a crash.

	To avoid this problem we need to differentiate between the guest agent
	not being present and the VM quitting when the locks were down. The fix
	reorganizes the code in qemuConnectAgent to add the check and then adds
	special handling to the callers.

2014-01-15  Eric Blake  <eblake@redhat.com>

	tests: be more explicit on qcow2 versions in virstoragetest
	While working on v1.0.5-maint (the branch in use on Fedora 19)
	with the host at Fedora 20, I got a failure in virstoragetest.
	I traced it to the fact that we were using qemu-img to create a
	qcow2 file, but qemu-img changed from creating v2 files by
	default in F19 to creating v3 files in F20.  Rather than leaving
	it up to qemu-img, it is better to write the test to force
	testing of BOTH file formats (better code coverage and all).

	This patch alone does not fix all the failures in v1.0.5-maint;
	for that, we must decide to either teach the older branch to
	understand v3 files, or to reject them outright as unsupported.
	But for upstream, making the test less dependent on changing
	qemu-img defaults is always a good thing.

	* tests/virstoragetest.c (testPrepImages): Simplify creation of
	raw file; check if qemu supports compat and if so use it.

2014-01-15  Eric Blake  <eblake@redhat.com>

	docs: mention maintenance branches
	Mitre tried to assign us two separate CVEs for the fix for
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the
	grounds that the fixes were separated by more than an hour
	and thus triggered different hourly snapshots.  But we
	explicitly do NOT want to treat transient security bugs as
	CVEs if they can only be triggered by patches in libvirt.git
	but where the problem is cleaned up before a formal release.

	Meanwhile, I noticed that while our wiki mentioned maintenance
	branches and releases, our formal documentation did not.

	* docs/downloads.html.in: Contrast hourly snapshots with
	maintenance branches.

2014-01-15  Claudio Bley  <cbley@av-test.de>

	Fix docs for PMWakeup/PMSuspend callback types
	s/is waken up/is woken up/

	A registered PMSuspendCallback is called when the domain is suspended, not
	when it is woken up.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix coverity complain in commandtest.c
	For a "newfd1" the coverity tools thinks that the fd is closed in
	a "virCommandPassFD", but with "flags == 0" it cannot be closed.

	The code itself is ok, but coverity tool thinks that there is
	"double_close" of the "newfd1" and to prevent showing this error
	we simply add a comment before the proper close.

	This has been found by coverity.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix memory leak in securityselinuxlabeltest.c
	Strings "file" and "context" may not be freed if "VIR_EXPAND_N" fails
	and it leads into memory leak.

	This has been found by coverity.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix possible memory leak in util/virxml.c
	A "xmlstr" string may not be assigned into a "doc" pointer and it
	could cause memory leak. To fix it if the "doc" pointer is NULL and
	the "xmlstr" string is not assigned we should free it.

	This has been found by coverity.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix possible memory leak in phyp_driver.c
	There could be a memory leak caused by "managed_system" string, if any
	error occurs before "managed_system" is assigned into
	"phyp_driver->managed_system". The "managed_system" string wouldn't be
	freed at all. The better way is to free the "managed_system" instead
	of the one assigned in the "phyp_driver".

	This has been found by coverity.

	Pointed out by John, that the "phyp_driver->xmlopt" needs to be
	unreferenced as well.

2014-01-15  Pavel Hrdina  <phrdina@redhat.com>

	Fix memory leak in openvz_conf.c
	If there is no error while executing a function "openvzParseBarrierLimit"
	a "str" string where is duplicate of a "value" string isn't freed and it
	leads into memory leak.

	This has been found by coverity.

2014-01-15  Gao feng  <gaofeng@cn.fujitsu.com>

	Add Gao feng to the committers list

2014-01-14  Eric Blake  <eblake@redhat.com>

	maint: ignore transient files during tests
	I ran 'git add .' for a patch in progress, while in the middle
	of running 'make check' to test my work, and was surprised when
	it picked up some files I wasn't expecting.

	* .gitignore: Ignore *.pem.

2014-01-14  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in testDomainCreateXMLMixed()
	While running objecteventtest, it was found that valgrind pointed out the
	following memory leak:

	==125== 538 (56 direct, 482 indirect) bytes in 1 blocks are definitely lost in loss record 216 of 226
	==125==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==125==    by 0x4C65D8D: virAllocVar (viralloc.c:558)
	==125==    by 0x4C9F055: virObjectNew (virobject.c:190)
	==125==    by 0x4D2B2E8: virGetDomain (datatypes.c:220)
	==125==    by 0x4D79180: testDomainDefineXML (test_driver.c:2962)
	==125==    by 0x4D4977D: virDomainDefineXML (libvirt.c:8512)
	==125==    by 0x4029C2: testDomainCreateXMLMixed (objecteventtest.c:226)
	==125==    by 0x403A21: virtTestRun (testutils.c:138)
	==125==    by 0x4021C2: mymain (objecteventtest.c:549)
	==125==    by 0x4040C2: virtTestMain (testutils.c:593)
	==125==    by 0x341F421A04: (below main) (libc-start.c:225)

2014-01-13  Jiri Denemark  <jdenemar@redhat.com>

	Really don't crash if a connection closes early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577

	When writing commit 173c291, I missed the fact virNetServerClientClose
	unlocks the client object before actually clearing client->sock and thus
	it is possible to hit a window when client->keepalive is NULL while
	client->sock is not NULL. I was thinking client->sock == NULL was a
	better check for a closed connection but apparently we have to go with
	client->keepalive == NULL to actually fix the crash.

2014-01-13  Peter Krempa  <pkrempa@redhat.com>

	storage: FS: Tweak some comments and fix typos

2014-01-13  Eric Blake  <eblake@redhat.com>

	build: fix build on mingw with winpthreads
	On my Fedora 20 box with mingw cross-compiler, the build failed with:

	../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession':
	../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable]
	     sigset_t oldmask, blockedsigs;
	              ^

	I traced it to the fact that mingw64-winpthreads installs a header
	that does #define pthread_sigmask(...) 0, which means any argument
	only ever passed to pthread_sigmask is reported as unused.  This
	patch works around the compilation failure, with behavior no worse
	than what mingw already gives us regarding the function being a
	no-op.

	* configure.ac (pthread_sigmask): Probe for broken mingw macro.
	* src/util/virutil.h (pthread_sigmask): Rewrite to something that
	avoids unused variables.

2014-01-13  Peter Krempa  <pkrempa@redhat.com>

	storage: Break long lines and clean up spaces in storage backend header

2014-01-13  Jiri Denemark  <jdenemar@redhat.com>

	Don't crash if a connection closes early
	https://bugzilla.redhat.com/show_bug.cgi?id=1047577

	When a client closes its connection to libvirtd early during
	virConnectOpen, more specifically just after making
	REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
	VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
	the result, libvirtd may crash due to a race in keep-alive
	initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
	call, the daemon's event loop delegates it to a worker thread. In case
	the event loop detects EOF on the connection and calls
	virNetServerClientClose before the worker thread starts to handle
	REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
	disposed by the time virNetServerClientStartKeepAlive gets called from
	remoteDispatchConnectSupportsFeature. Because the flow is common for
	both authenticated and read-only connections, even unprivileged clients
	may cause the daemon to crash.

	To avoid the crash, virNetServerClientStartKeepAlive needs to check if
	the connection is still open before starting keep-alive protocol.

	Every libvirt release since 0.9.8 is affected by this bug.

2014-01-10  Daniel P. Berrange  <berrange@redhat.com>

	Exercise the ABI stability check code in test suite
	Any test suite which involves a virDomainDefPtr should
	call virDomainDefCheckABIStability with itself just as
	a basic sanity check that the identity-comparison always
	succeeds. This would have caught the recent NULL pointer
	access crash.

	Make sure we cope with def->name being NULL since the
	VMWare config parser produces NULL names.

2014-01-10  Eric Blake  <eblake@redhat.com>

	schema: fix idmap validation
	When idmap was added to LXC, we forgot to cover it in the testsuite.
	The schema was missing an <element> layer, and as a result,
	virt-xml-validate was failing on valid dumpxml output.

	Reported by Eduard - Gabriel Munteanu on IRC.

	* docs/schemas/domaincommon.rng (idmap): Include <idmap> element,
	and support interleaves.
	* tests/lxcxml2xmldata/lxc-idmap.xml: New file.
	* tests/lxcxml2xmltest.c (mymain): Test it.

2014-01-10  Peter Krempa  <pkrempa@redhat.com>

	storage: Improve error message when a storage backend is missing
	Include the name of the storage backend in the error message instead of
	just the number.

	storage: lvm: Avoid forward decl of virStorageBackendLogicalDeleteVol
	Change code ordering to avoid the need for a forward declaration.

	storage: fs: Fix comment for virStorageBackendFileSystemDelete
	The comment was talking about creating the pool while the function is
	deleting it. Fix the mismatch.

2014-01-10  Claudio Bley  <cbley@av-test.de>

	Clarify documentation on possible return values in case of errors

2014-01-10  Eric Blake  <eblake@redhat.com>

	event: don't queue NULL event on OOM
	Ever since commit 61ac8ce, Coverity complained about
	remoteNetworkBuildEventLifecycle not checking for NULL failure
	to build an event, compared to other calls in the code base.
	But the problem is latent from copy and paste; all 17 of our
	remote*BuildEvent* functions in remote_driver.c have the same
	issue - if an OOM causes an event to not be built, we happily
	pass NULL to remoteEventQueue(), but that function has marked
	event as a nonnull parameter.  We were getting lucky (the
	event queue's first use of the event happened to be a call to
	virIsObjectClass(), which acts gracefully on NULL, so there
	was no way to crash); but this is a latent bug waiting to bite
	us due to the disregard for the nonnull attribute, as well as
	a waste of resources in the event queue.  Better is to just
	refuse to queue NULL.  The discard is silent, since the problem
	only happens on OOM, and since events are already best effort -
	if we fail to get an event, it's not like we have any memory
	left to report the issue, nor any idea of who would benefit
	from knowing we couldn't create or queue the event.

	* src/remote/remote_driver.c (remoteEventQueue): Ignore NULL event.

2014-01-09  Eric Blake  <eblake@redhat.com>

	virt-login-shell: fix regressions in behavior
	Our fixes for CVE-2013-4400 were so effective at "fixing" bugs
	in virt-login-shell that we ended up fixing it into a useless
	do-nothing program.

	Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for
	the witness macro when we are doing secure compilation.  But
	commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL,
	from an earlier version of the patch series, was defined; with
	the net result that virt-login-shell invariably detected that
	it was setuid and failed virInitialize.

	Commit b7fcc799 closed all fds larger than stderr, but in the
	wrong place.  Looking at the larger context, we mistakenly did
	the close in between obtaining the set of namespace fds, then
	actually using those fds to switch namespace, which means that
	virt-login-shell will ALWAYS fail.

	This is the minimal patch to fix the regressions, although
	further patches are also worth having to clean up poor
	semantics of the resulting program (for example, it is rude to
	not pass on the exit status of the wrapped program back to the
	invoking shell).

	* tools/virt-login-shell.c (main): Don't close fds until after
	namespace swap.
	* src/libvirt.c (virGlobalInit): Use correct macro.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_DOMAIN_SNAPSHOT usage
	The existing check of domain snapshots validated that they
	point to a domain, but did not validate that the domain
	points to a connection, even though any errors blindly assume
	the connection is valid.  On the other hand, as mentioned in
	commit 6e130ddc, any valid domain is already tied to a valid
	connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT
	makes no real difference; it's best to just validate the chain
	of all three.  For consistency with previous patches, continue
	the trend of using a common macro.  For now, we don't need
	virCheckDomainSnapshotGoto().

	* src/datatypes.h (virCheckDomainSnapshotReturn): New macro.
	(VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT):
	Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibDomainSnapshotError): Drop unused macro.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_NWFILTER usage
	While all errors related to invalid nwfilters appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  As in commit 6e130ddc, the difference between
	VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since
	reference counting means any valid nwfilter is also tied to
	a valid connection.  For now, we don't need virCheckNWFilterGoto().

	* src/datatypes.h (virCheckNWFilterReturn): New macro.
	(VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNWFilterError): Drop unused macro.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_STREAM usage
	For streams validation, we weren't consistent on whether to
	use VIR_FROM_NONE or VIR_FROM_STREAMS.  Furthermore, in many
	API, we want to ensure that a stream is tied to the same
	connection as the other object we are operating on; while
	other API failed to validate the stream at all.  And the
	difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM
	is moot; as in commit 6e130ddc, we know that reference
	counting means a valid stream will always be tied to a valid
	connection.  Similar to previous patches, use a common macro
	to make it nicer.

	* src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto):
	New macros.
	(VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStreamError): Drop unused macro.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_SECRET usage
	While all errors related to invalid secrets appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  Just as in commit 6e130ddc, the difference
	between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot
	(due to reference counting, any valid secret must be tied to
	a valid domain).  For now, we don't need virCheckSecretGoto().

	* src/datatypes.h (virCheckSecretReturn): New macro.
	(VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibSecretError): Drop unused macro.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_NODE_DEVICE usage
	While all errors related to invalid node device appeared to be
	consistent, we might as well continue the trend of using a
	common macro.  For now, we don't need virCheckNodeDeviceGoto().

	* src/datatypes.h (virCheckNodeDeviceReturn): New macro.
	(VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNodeDeviceError): Drop unused macro.

2014-01-09  Martin Kletzander  <mkletzan@redhat.com>

	storage: fix crash when listing volumes or undefining a pool
	The commit cad3cf9a951d26da9d2ee0f5b52fb1a2dbb74af1 introduced a crash
	due to wrong order of parameters being passed to the function.  When
	deleting an element, the function decreased the iterator instead of
	count and if listing volumes after that (or undefining the pool, NULL
	was being dereferenced.

2014-01-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Set vectors= on Multiqueue
	Yet another advice appeared on the Multiqueue wiki page:

	http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

	We should add vectors=N onto the qemu command line, where
	N = 2 * (number of queues) + 1.

2014-01-09  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_STORAGE_VOL usage
	For storage volume validation, we weren't consistent on
	whether to use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar
	to previous patches, use a common macro to make it nicer.
	Furthermore, just as in commit 6e130ddc, the difference
	between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL
	is moot (due to reference counting, any valid volume must
	be tied to a valid connection).

	virStorageVolCreateXMLFrom allows cross-connection cloning,
	where the error is reported against the connection of the
	destination pool.

	* src/datatypes.h (virCheckStorageVolReturn)
	(virCheckStorageVolGoto): New macros.
	(VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStorageVolError): Drop unused macro.

2014-01-09  Guido Günther  <agx@sigxcpu.org>

	Add Documentation fields to systemd service files
	We point to the manpages where available and redirect to libvirt's
	homepage as a last resort.

2014-01-09  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Fix devid init in libxlMakeNicList
	This basically reverts commit ba64b97134a6129a48684f22f31be92c3b6eef96
	"libxl: Allow libxl to set NIC devid". However assigning devid's
	before calling libxlMakeNic does not work as that is calling
	libxl_device_nic_init which sets it back to -1.
	Right now auto-assignment only works in the hotplug case. But even if
	that would be fixed at some point (if that is possible at all), this
	would add a weird dependency between Xen and libvirt versions.
	The change here should accept any auto-assignment that makes it into
	libxl_device_nic_init. My understanding is that a caller always is
	allowed to make the devid choice itself. And assuming libxlMakeNicList
	is only used on domain creation, a sequential numbering should be ok.

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_STORAGE_POOL usage
	virStoragePoolBuild reported an invalid pool as if it were an
	invalid network.  Likewise, we weren't consistent on whether to
	use VIR_FROM_NONE or VIR_FROM_STORAGE.  Similar to previous
	patches, use a common macro to make it nicer.  Furthermore, just
	as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL
	and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference
	counting, any valid pool must be tied to a valid connection).
	For now, we don't need virCheckStoragePoolGoto().

	* src/datatypes.h (virCheckStoragePoolReturn): New macro.
	(VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop
	unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibStoragePoolError): Drop unused macro.

2014-01-08  Richard W.M. Jones  <rjones@redhat.com>

	test driver: Add authentication to test driver.
	There is no easy way to test authentication against libvirt.  This
	commit modifies the test driver to allow simple username/password
	authentication.

	You modify the test XML by adding:

	 <node>
	   ...
	   <auth>
	     <user password="123456">rich</user>
	     <user>jane</user>
	   </auth>
	 </node>

	If there are any /node/auth/user elements, then authentication is
	required by the test driver (if none are present, then the test driver
	will work as before and not require authentication).

	In the example above, two phony users are added:

	 rich  password: 123456
	 jane  no password required

	The test driver will demand a username.  If the password attribute is
	present (or if the username entered is wrong), then the password is
	also asked for and checked:

	 $ virsh -c test://$(pwd)/testnode.xml list
	 Enter username for localhost: rich
	 Enter rich's password for localhost: ***
	  Id    Name                           State
	 ----------------------------------------------------
	  1     fv0                            running
	  2     fc4                            running

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_INTERFACE usage
	When checking for a valid interface, we weren't consistent on
	whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE.
	Similar to previous patches, use a common macro to make it nicer.
	Furthermore, just as in commit 6e130ddc, the difference between
	VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to
	reference counting, any valid interface must be tied to a valid
	connection).  For now, we don't need virCheckInterfaceGoto().

	* src/datatypes.h (virCheckInterfaceReturn): New macro.
	(VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused
	macros.
	* src/libvirt.c: Use macro throughout.
	(virLibInterfaceError): Drop unused macro.

2014-01-08  Eric Blake  <eblake@redhat.com>

	event: clean up client side RPC code
	Commit cfd62c1 was incomplete; I found more cases where error
	messages were being overwritten, and where the code between
	the three registration/deregistration APIs was not consistent.

	Since it is fairly easy to trigger an attempt to deregister an
	unregistered object through public API, I also changed the error
	message from VIR_ERR_INTERNAL_ERROR to VIR_ERR_INVALID_ARG.

	* src/conf/object_event.c (virObjectEventCallbackListEventID):
	Inline...
	(virObjectEventStateEventID): ...into lone caller, and report
	error on failure.
	(virObjectEventCallbackListAddID, virObjectEventStateCallbackID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Tweak error category.
	* src/remote/remote_driver.c (remoteConnectDomainEventRegister):
	Don't leak registration on failure.
	(remoteConnectDomainEventDeregisterAny)
	(remoteConnectNetworkEventDeregisterAny): Don't overwrite error.

2014-01-08  Guido Günther  <agx@sigxcpu.org>

	Make sure AC_ARG_WITH is always executed

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_NETWORK usage
	When checking for a valid network, we weren't consistent on
	whether we reported an invalid network or a connection.  Similar
	to previous patches such as commit 6e130ddc, the difference
	between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due
	to reference counting, any valid network must be tied to a valid
	connection).  Use a common macro to make the error reporting
	for invalid networks nicer.

	* src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New
	macros.
	(VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros.
	* src/libvirt.c: Use macro throughout.
	(virLibNetworkError): Drop unused macro.

2014-01-08  Osier Yang  <jyang@redhat.com>

	util: Use new array management macros
	Like commit 94a26c7e from Eric Blake, the old fuzzy code should
	be replaced by the new array management macros now.

	And the type of scsi->count should be changed into "size_t", and
	thus virSCSIDeviceListCount should return size_t instead, similar
	for vir{PCI,USB}DeviceListCount.

2014-01-08  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: add LXC multi console command docs and a example

2014-01-08  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: create monitor socket under selinux context of domain
	the unix socket /var/run/libvirt/lxc/domain.sock is not created
	under the selinux context which configured by <seclabel>.

	If we try to connect the domain.sock under the selinux context
	of domain in virtLXCProcessConnectMonitor,selinux will deny
	this connect operation.

	type=AVC msg=audit(1387953696.067:662): avc:  denied  { connectto } for  pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

	fix this problem by creating socket under selinux context of domain.

2014-01-08  Martin Kletzander  <mkletzan@redhat.com>

	conf: trivial typo fix

2014-01-08  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use inactive definition when removing disk from config
	https://bugzilla.redhat.com/show_bug.cgi?id=1049529

	The 'detach-disk' command in virsh used the active XML definition of a
	domain even when attempting to remove a disk from the config only. If
	the disk was only in the inactive definition the operation failed. Fix
	this by using the inactive XML in case that only the config is affected.

2014-01-08  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't use legacy API if --current is used on device hot(un)plug
	https://bugzilla.redhat.com/show_bug.cgi?id=1049529

	The legacy virDomainAttachDevice and virDomainDetachDevice operate only
	on active domains. When a user specified --current flag with an inactive
	domain the old API was used and reported an error. Fix it by calling the
	new API if --current is specified explicitly.

2014-01-08  Michal Privoznik  <mprivozn@redhat.com>

	virConnect(Un)registerCloseCallback: Unlock @conn prior to error dispatch
	The function checks for @conn to be valid and locks its mutex. Then, it
	checks if callee is unregistering the same callback that he registered
	previously. If this fails an error is reported and  the control jumps to
	'error' label. Here, if @conn has some errors (and it certainly does -
	the one that's been just reported) the conn->mutex is locked again -
	without any previous unlock:

	  Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)):
	  #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
	  #1  0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0
	  #2  0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64
	  #3  0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85
	  #4  0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594
	  #5  0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025
	  #6  0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328
	  #7  0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755
	  #8  0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393

	And since the conn's mutex is not recursive, the virDispatchError will
	never ever lock it successfully.

2014-01-08  Eric Blake  <eblake@redhat.com>

	maint: inline VIR_IS*_DOMAIN macro
	Cleanup after a previous patch, commit 6e130dd.  In particular,
	note that xenDomainUsedCpus can only be reached from
	xenUnifiedDomainGetXMLDesc, which in turn is only reached from
	public API that already validated the domain.

	* src/xen/xen_driver.c (xenDomainUsedCpus): Drop redundant check.
	* src/datatypes.h (VIR_IS_DOMAIN, VIR_IS_CONNECTED_DOMAIN):
	Delete, and inline into all callers, since no other file uses it
	any more.

2014-01-07  Guido Günther  <agx@sigxcpu.org>

	Allow to install apparmor profiles
	Make it easy to install the shipped examples. The aim is to have
	reasonably working templates so that distros only need to minimally
	patch these and can feed things upstream more easily.

	This was prompted by http://bugs.debian.org/725144

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_DOMAIN usage
	In datatype.c, virGetDomainSnapshot could result in the message:

	error: invalid domain pointer in bad domain

	Furthermore, while there are a few functions in libvirt.c that
	only care about a virDomainPtr without regards to the connection
	(such as virDomainGetName), most functions also require a valid
	connection.  Yet several functions were blindly dereferencing
	the conn member without checking it for validity first (such as
	virDomainOpenConsole).  Rather than try and correct all usage
	of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to
	just blindly require that a valid domain object always has a
	valid connection object (which should be true anyways, since
	every domain object holds a reference to its connection, so the
	connection will not be closed until all domain objects have
	also been closed to release their reference).

	After this patch, all places that validate a domain consistently
	report:

	error: invalid domain pointer in someFunc

	* src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New
	macros.
	* src/datatypes.c (virGetDomainSnapshot): Use new macro.
	(virLibConnError): Delete unused macro.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: make network events easier to use without casts
	While comparing network and domain events, I noticed that the
	test driver had to do a cast in one place and not the other.
	For consistency, we should hide the necessary casting as low
	as possible in the stack, with everything else using saner
	types.

	* src/conf/network_event.h (virNetworkEventStateRegisterID): Alter
	type.
	* src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist
	cast here.
	* src/test/test_driver.c (testConnectNetworkEventRegisterAny):
	Simplify callers.
	* src/remote/remote_driver.c
	(remoteConnectNetworkEventRegisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventRegisterAny): Likewise.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: don't turn offline domain into global event
	If a user registers for a domain event filtered to a particular
	domain, but the persistent domain is offline at the time, then
	the code silently failed to set up the filter.  As a result,
	the event fires for all domains, rather than being filtered.
	Network events were immune, since they always passed an id
	0 argument.

	The key to this patch is realizing that
	virObjectEventDispatchMatchCallback() only cared about uuid;
	so refusing to create a meta for a negative id is pointless,
	and in fact, malloc'ing meta at all was overkill; instead,
	just directly store a uuid and a flag of whether to filter.

	Note that virObjectEventPtr still needs all fields of meta,
	because this is how we reconstruct a virDomainPtr inside the
	dispatch handler before calling the end user's callback
	pointer with the correct object, even though only the uuid
	portion of meta is used in deciding whether a callback
	matches the given event.  So while uuid is optional for
	callbacks, it is mandatory for events.

	The change to testDomainCreateXMLMixed is merely on the setup
	scenario (as you can't register for a domain unless it is either
	running or persistent).  I actually first wrote that test for
	this patch, then rebased it to also cover a prior patch (commit
	4221d64), but had to adjust it for that patch to use Create
	instead of Define for setting up the domain long enough to
	register the event in order to work around this bug.  But while
	the setup is changed, the main body of the test is still about
	whether creation events fire as expected.

	* src/conf/object_event_private.h (_virObjectEventCallback):
	Replace meta with uuid and flag.
	(virObjectEventCallbackListAddID): Update signature.
	* src/conf/object_event.h (virObjectEventStateRegisterID):
	Likewise.
	* src/conf/object_event_private.h (virObjectEventNew): Document
	use of name and uuid in events.
	* src/conf/object_event.c (virObjectEventCallbackListAddID): Drop
	arguments that don't affect filtering.
	(virObjectEventCallbackListRemoveID)
	(virObjectEventDispatchMatchCallback)
	(virObjectEventStateRegisterID): Update clients.
	* src/conf/domain_event.c (virDomainEventCallbackListAdd)
	(virDomainEventStateRegisterID): Likewise.
	* src/conf/network_event.c (virNetworkEventStateRegisterID):
	Likewise.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: don't allow mix of old- and new-style registration
	Consider these two calls, in either order:

	id1 = virConnectDomainEventRegisterAny(conn, NULL,
	   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
	virConnectDomainEventRegister(conn, callback, NULL, NULL);

	Right now, the second call fails, because under the hood, the
	old-style function registration is tightly coupled to the
	new style lifecycle eventID, and the two calls both try
	to register the same global eventID callback representation.

	We've alreay documented that users should avoid old-style
	registration and deregistration, so anyone heeding the advice
	won't run into this situation.  But it would be even nicer if
	we pretend the two interfaces are completely separate, and
	disallow any cross-linking.  That is, a call to old-style
	deregister should never remove a new-style callback even if it
	is the same function pointer, and a call to new-style callback
	using only callbackIDs obtained legitimately should never
	remove an old-style callback (of course, since our callback
	IDs are sequential, and there is still coupling under the
	hood, you can easily guess the callbackID of an old style
	registration and use new-style deregistration to nuke it - but
	that starts to be blatantly bad coding on your part rather
	than a surprising result on what looks like reasonable
	stand-alone API).

	With this patch, you can now register a global lifecycle event
	handler twice, by using both old and new APIs; if such an event
	occurs, your callback will be entered twice.  But that is not a
	problem in practice, since it is already possible to use the
	new API to register both a global and per-domain event handler
	using the same function, which will likewise fire your callback
	twice for that domain.  Duplicates are still prevented when
	using the same API with same parameters twice (old-style twice,
	new-style global twice, or new-style per-domain with same domain
	twice), and things are still bounded (it is not possible to
	register a single function pointer more than N+2 times per event
	id, where N is the number of domains available on the connection).
	Besides, it has always been possible to register as many
	separate function pointers on the same event id as desired,
	through either old or new style API, where the bound there is
	the physical limitation of writing a program with enough
	distinct function pointers.

	Adding another event registration in the testsuite is sufficient
	to cover this, where the test fails without the rest of the patch.

	* src/conf/object_event.c (_virObjectEventCallback): Add field.
	(virObjectEventCallbackLookup): Add argument.
	(virObjectEventCallbackListAddID, virObjectEventStateCallbackID):
	Adjust callers.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): Enhance test.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: properly filter count of remaining events
	On the surface, this sequence of API calls should succeed:

	id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);
	id2 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_RTC_CHANGE,...);
	virConnectDomainEventDeregisterAny(id1);
	id1 = virConnectDomainEventRegisterAny(..., VIR_DOMAIN_EVENT_ID_LIFECYCLE,...);

	And for test:///default, it does.  But for qemu:///system, it fails:
	libvirt: XML-RPC error : internal error: domain event 0 already registered

	Looking closer, the bug is caused by miscommunication between
	the object event engine and the client side of the remote driver.
	In our implementation, we set up a single server-side event per
	eventID, then the client side replicates that one event to all
	callbacks that have been registered client side.  To know when
	to turn the server side eventID on or off, the client side must
	track how many events for the same eventID have been registered.
	But while our code was filtering by eventID on event registration,
	it did not filter on event deregistration.  So the above API calls
	resulted in the deregister returning 1 instead of 0, so no RPC
	deregister was issued, and the final register detects on the
	server side that the server is already handling eventID 0.

	Unfortunately, since the problem is only observable on remote
	connections, it's not possible to enhance objecteventtest to
	expose the semantics using only public API entry points.

	* src/conf/object_event.c (virObjectEventCallbackListCount): New
	function.
	(virObjectEventCallbackListAddID)
	(virObjectEventCallbackListRemoveID)
	(virObjectEventCallbackListMarkDeleteID): Use it.

2014-01-07  Lénaïc Huard  <lenaic@lhuard.fr.eu.org>

	Fix bridge configuration when OUTPUT policy is DROP on the host
	When the host is configured with very restrictive firewall (default policy
	is DROP for all chains, including OUTPUT), the bridge driver for Linux
	adds netfilter entries to allow DHCP and DNS requests to go from the VM
	to the dnsmasq of the host.

	The issue that this commit fixes is the fact that a DROP policy on the OUTPUT
	chain blocks the DHCP replies from the host’s dnsmasq to the VM.
	As DHCP replies are sent in UDP, they are not caught by any --ctstate ESTABLISHED
	rule and so, need to be explicitly allowed.

2014-01-07  Thadeu Lima de Souza Cascardo  <cascardo@linux.vnet.ibm.com>

	Read PCI class from sysfs class file instead of config space.
	When determining if a device is behind a PCI bridge, the PCI device
	class is checked by reading the config space. However, there are some
	devices which have the wrong class on the config space, but the class is
	initialized by Linux correctly as a PCI BRIDGE. This class can be read
	by the sysfs file '/sys/bus/pci/devices/xxxx:xx:xx.x/class'.

	One example of such bridge is IBM PCI Bridge 1014:03b9, which is
	identified as a Host Bridge when reading the config space.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: fix typo in previous patch
	Bah, serves me right for merging patches without one last
	compile test.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: tighten scope of object_event
	Tighten up scope after the previous patch avoided using
	internals.  This will also make it easier to change
	internal implementation without having to chase down quite
	as many impacted callers or worrying about two files getting
	implementations out of sync.

	* src/conf/object_event_private.h
	(virObjectEventCallbackListAddID, virObjectEventQueueClear)
	(virObjectEventStateLock, virObjectEventStateUnlock)
	(virObjectEventTimer): Drop prototype.
	(_virObjectEventCallbackList, _virObjectEventState)
	(_virObjectEventCallback): Move...
	* src/conf/object_event.c: ...here.
	(virObjectEventCallbackListAddID, virObjectEventQueueClear)
	(virObjectEventStateLock, virObjectEventStateUnlock)
	(virObjectEventTimer): Mark private.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: don't let old-style events clobber per-domain events
	Right now, the older virConnectDomainEventRegister (takes a
	function pointer, returns 0 on success) and the newer
	virConnectDomainEventRegisterID (takes an eventID, returns a
	callbackID) share the underlying implementation (the older
	API ends up consuming a callbackID for eventID 0 under the
	hood).  We implemented that by a lot of copy and pasted
	code between object_event.c and domain_event.c, according to
	whether we are dealing with a function pointer or an eventID.
	However, our copy and paste is not symmetric.  Consider this
	sequence:

	id1 = virConnectDomainEventRegisterAny(conn, dom,
	   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	   VIR_DOMAIN_EVENT_CALLBACK(callback), NULL, NULL);
	virConnectDomainEventRegister(conn, callback, NULL, NULL);
	virConnectDomainEventDeregister(conn, callback);
	virConnectDomainEventDeregsiterAny(conn, id1);

	the first three calls would succeed, but the third call ended
	up nuking the id1 callbackID (the per-domain new-style handler),
	then the fourth call failed with an error about an unknown
	callbackID, leaving us with the global handler (old-style) still
	live and receiving events.  It required another old-style
	deregister to clean up the mess.  Root cause was that
	virDomainEventCallbackList{Remove,MarkDelete} were only
	checking for function pointer match, rather than also checking
	for whether the registration was global.

	Rather than playing with the guts of object_event ourselves
	in domain_event, it is nicer to add a mapping function for the
	internal callback id, then share common code for event removal.
	For now, the function-to-id mapping is used only internally;
	I thought about whether a new public API to let a user learn
	the callback would be useful, but decided exposing this to the
	user is probably a disservice, since we already publicly
	document that they should avoid the old style, and since this
	patch already demonstrates that older libvirt versions have
	weird behavior when mixing old and new styles.

	And like all good bug fix patches, I enhanced the testsuite,
	validating that the changes in tests/ expose the failure
	without the rest of the patch.

	* src/conf/object_event.c (virObjectEventCallbackLookup)
	(virObjectEventStateCallbackID): New functions.
	(virObjectEventCallbackLookup): Use helper function.
	* src/conf/object_event_private.h (virObjectEventStateCallbackID):
	Declare new function.
	* src/conf/domain_event.c (virDomainEventStateRegister)
	(virDomainEventStateDeregister): Let common code handle the
	complexity.
	(virDomainEventCallbackListRemove)
	(virDomainEventCallbackListMarkDelete)
	(virDomainEventCallbackListAdd): Drop unused functions.
	* tests/objecteventtest.c (testDomainCreateXMLMixed): New test.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: rename confusing variable in test, remote drivers
	Since the introduction of network events, any driver that uses
	a single event state object to track both domain and network
	events should not include 'domain' in the name of that object.

	* src/test/test_driver.c (_testConn):
	s/domainEventState/eventState/, and fix all callers.
	* src/remote/remote_driver.c (private_data): Likewise.
	(remoteDomainEventQueue): Rename to remoteEventQueue.
	(remoteDomainEvents): Rename to remoteEvents.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: share state driver between test:///default connections
	Prior to this patch, every test:/// URI has its own event manager,
	which means that registering for an event can only ever receive
	events from the connection where it issued the API that triggered
	the event.  But the whole idea of events is to be able to learn
	about something where an API call did NOT trigger the action.

	In order to actually test asynchronous events, I wanted to be able
	to tie multiple test connections to the same state.  Use of a file
	in a test URI is still per-connection state, but now parallel
	connections to test:///default (from the same binary, of course)
	now share common state and can affect one another.

	The updated testsuite fails without the rest of this patch.
	Valgrind didn't report any leaks.

	* src/test/test_driver.c (testConnectOpen): Move per-connection
	state initialization...
	(testOpenFromFile): ...here.
	(defaultConn, defaultConnections, defaultLock, testOnceInit): New
	shared state.
	(testOpenDefault): Only initialize on first connection.
	(testConnectClose): Don't clobber state if still shared.
	* tests/objecteventtest.c (testDomainStartStopEvent): Enhance to
	cover this.
	(timeout, mymain): Ensure test fails rather than blocks.

2014-01-07  Michal Privoznik  <mprivozn@redhat.com>

	lxc_controller: Fix error message on missing --handshakefd
	The argument is --handshakefd not --handshake.

	lxc_controller: Don't leak @name
	The @name variable is VIR_STRDUP()-ed into, but never freed. In fact,
	there's no need to duplicate a command line argument since all places
	where @name is used expect const char.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix job usage in virDomainGetBlockIoTune
	CVE-2013-6458

	Every API that is going to begin a job should do that before fetching
	data from vm->def.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix job usage in qemuDomainBlockCopy
	Every API that is going to begin a job should do that before fetching
	data from vm->def.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix job usage in qemuDomainBlockJobImpl
	CVE-2013-6458

	Every API that is going to begin a job should do that before fetching
	data from vm->def.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid using stale data in virDomainGetBlockInfo
	CVE-2013-6458

	Generally, every API that is going to begin a job should do that before
	fetching data from vm->def. However, qemuDomainGetBlockInfo does not
	know whether it will have to start a job or not before checking vm->def.
	To avoid using disk alias that might have been freed while we were
	waiting for a job, we use its copy. In case the disk was removed in the
	meantime, we will fail with "cannot find statistics for device '...'"
	error message.

2014-01-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not access stale data in virDomainBlockStats
	CVE-2013-6458
	https://bugzilla.redhat.com/show_bug.cgi?id=1043069

	When virDomainDetachDeviceFlags is called concurrently to
	virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
	finds a disk in vm->def before getting a job on a domain and uses the
	disk pointer after getting the job. However, the domain in unlocked
	while waiting on a job condition and thus data behind the disk pointer
	may disappear. This happens when thread 1 runs
	virDomainDetachDeviceFlags and enters monitor to actually remove the
	disk. Then another thread starts running virDomainBlockStats, finds the
	disk in vm->def, and while it's waiting on the job condition (owned by
	the first thread), the first thread finishes the disk removal. When the
	second thread gets the job, the memory pointed to be the disk pointer is
	already gone.

	That said, every API that is going to begin a job should do that before
	fetching data from vm->def.

2014-01-07  Yudai Yamagish  <yummy@sfc.wide.ad.jp>

	Fix segmentation fault when accessing default qemu machine type
	This patch fixes a segmentation fault when creating new virtual machines using QEMU.
	The segmentation fault is caused by commit f41830680e40d3ec845cefd25419bd87414b9ccf
	and commit cbb6ec42e2447d7920b30d66923b2a2b2670133b.

	In virQEMUCapsProbeQMPMachineTypes, when copying machines to qemuCaps, "none" is skipped.
	Therefore, the value of i and "qemuCaps->nmachineTypes - 1" do not always match.
	However, defIdx value (used to call virQEMUCapsSetDefaultMachine) is set using the value in i
	when the array elements are in qemuCaps->nmachineTypes - 1.
	So, when libvirt tries to create virtual machines using the default machine type,
	qemuCaps->machineTypes[defIdx] is accessed and since the defIdx is NULL, it results in segmentation fault.

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: inline VIR_IS_CONNECT macro
	Cleanup after commit db3dd08 removed all clients outside of
	the .h file.

	* src/datatypes.h (VIR_IS_CONNECT): Delete, and inline into all
	callers, since no other file uses it any more.

2014-01-07  Eric Blake  <eblake@redhat.com>

	event: make deregister return value match docs
	Ever since their introduction (commit 1509b80 in v0.5.0 for
	virConnectDomainEventRegister, commit 4445723 in v0.8.0 for
	virConnectDomainEventDeregisterAny), the event deregistration
	functions have been documented as returning 0 on success;
	likewise for older registration (only the newer RegisterAny
	must return a non-zero callbackID).  And now that we are
	adding virConnectNetworkEventDeregisterAny for v1.2.1, it
	should have the same semantics.

	Fortunately, all of the stateful drivers have been obeying
	the docs and returning 0, thanks to the way the remote_driver
	tracks things (in fact, the RPC wire protocol is unable to
	send a return value for DomainEventRegisterAny, at least not
	without adding a new RPC number).  Well, except for vbox,
	which was always failing deregistration, due to failure to
	set the return value to anything besides its initial -1.

	But for local drivers, such as test:///default, we've been
	returning non-zero numbers; worse, the non-zero numbers have
	differed over time.  For example, in Fedora 12 (libvirt 0.8.2),
	calling Register twice would return 0 and 1 [the callbackID
	generated under the hood]; while in Fedora 20 (libvirt 1.1.3),
	it returns 1 and 2 [the number of callbacks registered for
	that event type].  Since we have changed the behavior over
	time, and since it differs by local vs. remote, we can safely
	argue that no one could have been reasonably relying on any
	particular behavior, so we might as well obey the docs, as well
	as prepare callers that might deal with older clients to not be
	surprised if the docs are not strictly followed.

	For consistency, this patch fixes the code for all drivers,
	even though it only makes an impact for vbox and for local
	drivers.  By fixing all drivers, future copy and paste from
	a remote driver to a local driver is less likely to
	reintroduce the bug.

	Finally, update the testsuite to gain some coverage of the
	issue for local drivers, including the first test of old-style
	domain event registration via function pointer instead of
	event id.

	* src/libvirt.c (virConnectDomainEventRegister)
	(virConnectDomainEventDeregister)
	(virConnectDomainEventDeregisterAny): Clarify docs.
	* src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
	(libxlConnectDomainEventDeregister)
	(libxlConnectDomainEventDeregisterAny): Match documentation.
	* src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
	(lxcConnectDomainEventDeregister)
	(lxcConnectDomainEventDeregisterAny): Likewise.
	* src/test/test_driver.c (testConnectDomainEventRegister)
	(testConnectDomainEventDeregister)
	(testConnectDomainEventDeregisterAny)
	(testConnectNetworkEventDeregisterAny): Likewise.
	* src/uml/uml_driver.c (umlConnectDomainEventRegister)
	(umlConnectDomainEventDeregister)
	(umlConnectDomainEventDeregisterAny): Likewise.
	* src/vbox/vbox_tmpl.c (vboxConnectDomainEventRegister)
	(vboxConnectDomainEventDeregister)
	(vboxConnectDomainEventDeregisterAny): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
	(xenUnifiedConnectDomainEventDeregister)
	(xenUnifiedConnectDomainEventDeregisterAny): Likewise.
	* src/network/bridge_driver.c
	(networkConnectNetworkEventDeregisterAny): Likewise.
	* tests/objecteventtest.c (testDomainCreateXMLOld): New test.
	(mymain): Run it.
	(testDomainCreateXML): Check return values.

2014-01-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessStop: Don't overwrite any errors
	Currently, the qemuProcessStop tries to open the domain log file
	and saves the original error afterwards. Then all the cleanup is
	done after which the error is restored back. This has however one
	flaw: if opening of the log file fails an error is reported,
	which results in previous error being overwritten (the useful
	one, e.g. "PCI device XXXX:XXXX could not be found"). Hence, user
	sees something like:

	  error: failed to create logfile /var/log/libvirt/qemu/ovirt_usb.log: No such file or directory

	instead of:

	  error: internal error: Did not find USB device 8644:8003

	Reported-by: Zhou Yimin <zhouyimin@huawei.com>

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos in qemu numa code
	Introduced in commit 81fae6b9.

	* src/qemu/qemu_driver.c (qemuDomainSetNumaParamsLive): Fix typos.

2014-01-07  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement nodeGetMemoryStats
	Add a BSD implementation of nodeGetMemoryStats based
	on sysctl(3).

2014-01-07  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Fix argument order of qemuMigrationPerformJob().
	@listenAddress and @cookiein arguments, should be exchanged,
	because the order of the caller and the callee does not match.

	This results in the listen address being ignored for peer-to-peer
	migration and the cookie being ignored for v2 migration.

	Introduced by c4ac7ef (v1.1.4-rc1~141).

	https://bugzilla.redhat.com/show_bug.cgi?id=1049338

2014-01-07  Peter Krempa  <pkrempa@redhat.com>

	maint: Fix messy include of libvirt_internal.h
	The libvirt_internal.h header was included by the internal.h header.
	This made it painful to add new stuff to the header file that would
	require some more specific types. Remove inclusion by internal.h and add
	it to appropriate places manually.

2014-01-07  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_INVALID_CONN usage
	The datatype.c object checks could result in a message like:

	error: invalid connection pointer in no connection

	This consolidates all clients of this message to have uniform contents:

	error: invalid connection pointer in someFunc

	Note that virCheckConnectReturn raises an error immediately; in
	datatypes.c, where we don't need to raise the error (but instead
	just leave it in the thread-local setting), we use
	virCheckConnectGoto and the cleanup label instead.  Then, for
	consistency in that file, all subsequent error messages are
	touched to also use the cleanup error label.

	* src/datatypes.h (virCheckConnectReturn)
	(virCheckConnectGoto): New macros.
	* src/datatypes.c: Use new macro.
	* src/libvirt-qemu.c (virDomainQemuAttach): Likewise.
	(virLibConnError): Delete unused macro.
	* src/libvirt-lxc.c (virLibConnError): Likewise.
	* src/libvirt.c: Use new macro throughout.
	* docs/api_extension.html.in: Modernize documentation.

2014-01-07  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix initialization of nictype in libxl_device_nic
	As pointed out by the Xen folks [1], HVM nics should always be set
	to type LIBXL_NIC_TYPE_VIF_IOEMU unless the user explicity requests
	LIBXL_NIC_TYPE_VIF via model='netfront'.  The current logic in
	libxlMakeNic() only sets the nictype to LIBXL_NIC_TYPE_VIF_IOEMU if
	a model is specified that is not 'netfront', which breaks PXE booting
	configurations where no model is specified (i.e. use the hypervisor
	default).

	  Reported-by: Stefan Bader <stefan.bader@canonical.com>

	[1] https://www.redhat.com/archives/libvir-list/2013-December/msg01156.html

2014-01-06  Eric Blake  <eblake@redhat.com>

	Revert "lxcDomainShutdownFlags: Cleanup @flags usage"
	This reverts commit aa4619337ccc0b171a3a4d17540da89429243c36.

	This patch was accidentally pushed prematurely, and has incorrect
	logic for which shutdown methods to attempt.

2014-01-06  Eric Blake  <eblake@redhat.com>

	build: fix bootstrap with older autoconf
	Pavel Hrdina reported to me off-list that my gnulib update on
	Jan 1 broke the build on RHEL 6.4 (autoconf 2.63) and older:

	    executing aclocal -I glm4
	    glm4/gl-openssl.m4:11: error: m4_defn: undefined macro: _m4_divert_diversion
	    glm4/gl-openssl.m4:11: the top level
	    autom4te: /usr/bin/m4 failed with exit status: 1
	    aclocal: autom4te failed with exit status: 1

	It took me a while, but I fixed the regression in gnulib.

	* gnulib: Update to latest, for build fixes.

2014-01-06  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Porting of armv7l conditons to run qemu for aarch64.
	AArch64 qemu has similar behavior as armv7l, like use of mmio etc.
	This patch adds similar bypass checks what we have for armv7l to aarch64.
	E.g. we are enabling mmio transport for Nicdev.
	Making addDefaultUSB and addDefaultMemballoon to false etc.

	V3:
	- Adding missing domain rng schema for aarcg64 and test case in
	  testutilsqemu.c which was causing test suite failure
	  while running make check.

	V2:
	- Added testcase to qemuxml2argvtest as suggested
	  during review comments of V1.

	V1:
	- Initial patch.

2014-01-06  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_OPERATION_DENIED usage
	Some of our operation denied messages are outright stupid; for
	example, if virIdentitySetAttr fails:

	error: operation Identity attribute is already set forbidden for read only access

	This patch fixes things to a saner:

	error: operation forbidden: Identity attribute is already set

	It also consolidates the most common usage pattern for operation
	denied errors: read-only connections preventing a public API.  In
	this case, 'virsh -r -c test:///default destroy test' changes from:

	error: operation virDomainDestroy forbidden for read only access

	to:

	error: operation forbidden: read only access prevents virDomainDestroy

	Note that we were previously inconsistent on which APIs used
	VIR_FROM_DOM (such as virDomainDestroy) vs. VIR_FROM_NONE (such as
	virDomainPMSuspendForDuration).  After this patch, all uses
	consistently use VIR_FROM_NONE, on the grounds that it is unlikely
	that a caller learning that a call is denied can do anything in
	particular with extra knowledge which error domain the call belongs
	to (similar to what we did in commit baa7244).

	* src/util/virerror.c (virErrorMsg): Rework OPERATION_DENIED error
	message.
	* src/internal.h (virCheckReadOnlyGoto): New macro.
	* src/util/virerror.h (virReportRestrictedError): New macro.
	* src/libvirt-lxc.c: Use new macros.
	* src/libvirt-qemu.c: Likewise.
	* src/libvirt.c: Likewise.
	* src/locking/lock_daemon.c (virLockDaemonClientNew): Likewise.

2014-01-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: range check numa memory placement mode
	https://bugzilla.redhat.com/show_bug.cgi?id=1047234

	Add a range check for supported numa memory placement modes provided by
	the user before setting them in the domain definition. Without the check
	the user is able to provide a (yet) unknown mode which is then stored in
	the domain definition. This potentially causes a NULL dereference when
	the defintion is formatted into the XML.

	To reproduce run:
	 virsh numatune DOMNAME --mode 6 --nodeset 0

	The XML will then contain:
	  <numatune>
	      <memory mode='(null)' nodeset='0'/>
	  </numatune>

	With this fix, the command fails:
	 error: Unable to change numa parameters
	 error: invalid argument: unsupported numa_mode: '6'

2014-01-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Clean up qemuDomainSetNumaParameters
	Add whitespace to separate logical code blocks, reformat error messages
	and clean up code flow.

	This patch changes error handling in some cases where the the loop would
	be continued to jump to cleanup instead and error out rather than modify
	the domain any further.

2014-01-06  Peter Krempa  <pkrempa@redhat.com>

	storage: Use VIR_DELETE_ELEMENT instead of open coding
	Replace the open coded array element deletion by our new helper.

2014-01-06  Eric Blake  <eblake@redhat.com>

	event: use newer array management macros
	We might as well take advantage of viralloc.h instead of open-coding
	array management ourselves.  While at it, I simplified several
	places that were doing repetitive pointer chasing to use an
	intermediate variable for legibility (some other places remain,
	but they will disapper in later refactoring patches).

	* src/conf/object_event_private.h (_virObjectEventCallbackList):
	Use size_t for count.
	* src/conf/object_event.c (_virObjectEventQueue): Likewise.
	(virObjectEventCallbackListRemoveID): Use VIR_DELETE_ELEMENT.
	(virObjectEventQueuePush, virObjectEventCallbackListAddID): Use
	VIR_APPEND_ELEMENT.
	(virObjectEventCallbackListEventID)
	(virObjectEventStateDispatchCallbacks): Simplify code.

2014-01-06  Eric Blake  <eblake@redhat.com>

	event: use bool in more places
	No need to use an int that only ever stores 0 and 1.

	* src/conf/object_event_private.h (_virObjectEventCallback):
	Change deleted to bool.
	* src/conf/object_event.c (virObjectEventDispatchMatchCallback):
	Switch return type to bool.
	(virObjectEventCallbackListMarkDeleteID): Update client.
	* src/conf/domain_event.c (virDomainEventCallbackListMarkDelete):
	Likewise.

2014-01-06  Ján Tomko  <jtomko@redhat.com>

	Fix explicit usage of default video PCI slots
	Do not leave the PCI address of the primary video card set
	to the legacy default (0000:00:02.0) if we're doing two-pass
	allocation.

	Since QEMU 1.6 (QEMU_CAPS_VIDEO_PRIMARY) we allow the primary
	video card to be on other slots than 0000:00:02.0 (as we use
	-device instead of -vga).

	However we fail to assign it an address if:
	* another device explicitly uses 0000:00:02.0 and
	* the primary video device has no address specified

	On the first pass, we have set the address to default, then checked
	if it's available, leaving it set even if it wasn't. This address
	got picked up by the second pass, resulting in a conflict:

	XML error: Attempted double use of PCI slot 0000:00:02.0
	(may need "multifunction='on'" for device on function 0)

	Also fix the test that was supposed to catch this.

2014-01-04  Eric Blake  <eblake@redhat.com>

	maint: improve VIR_ERR_NO_SUPPORT usage
	We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many
	users just passed __FUNCTION__ on, while others passed "%s" to
	silence over-eager compilers that warn about __FUNCTION__ not
	containing any %.  It's nicer to route all these uses through
	a single macro, so that if we ever need to change the reporting,
	we can do it in one place.

	I verified that 'virsh -c test:///default qemu-monitor-command test foo'
	gives the same error message before and after this patch:
	error: this function is not supported by the connection driver: virDomainQemuMonitorCommand

	Note that in libvirt.c, we were inconsistent on whether virDomain*
	API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError()
	(with VIR_FROM_DOMAIN); this patch unifies these errors to all use
	VIR_FROM_NONE, on the grounds that it is unlikely that a caller
	learning that a call is unimplemented can do anything in particular
	with extra knowledge of which error domain it belongs to.

	One particular change to note is virDomainOpenGraphics which was
	trying to fail with VIR_ERR_NO_SUPPORT after a failed
	VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a
	feature check report VIR_ERR_ARGUMENT_UNSUPPORTED.

	* src/util/virerror.h (virReportUnsupportedError): New macro.
	* src/libvirt-qemu.c: Use new macro.
	* src/libvirt-lxc.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/security/security_manager.c: Likewise.
	* src/util/virinitctl.c: Likewise.
	* src/libvirt.c: Likewise.
	(virDomainOpenGraphics): Use correct error for unsupported feature.

2014-01-04  Eric Blake  <eblake@redhat.com>

	maint: avoid nested public calls
	Having one API call into another is generally not good; among
	other issues, it gives confusing logs, and is not quite as
	efficient.

	This fixes several instances, but not all: we still have instances
	in both libvirt.c and in backend hypervisors (lxc and qemu) calling
	the public virTypedParamsGetString and friends, which dispatch
	errors immediately.  I'm not sure if it is worth trying to clean
	that up in a separate patch (such a cleanup may be easiest by
	separating the public function into a wrapper around the internal,
	then tweaking internal.h so that internal users directly use the
	internal function).

	* src/libvirt.c (virDomainGetUUIDString, virNetworkGetUUIDString)
	(virStoragePoolGetUUIDString, virSecretGetUUIDString)
	(virNWFilterGetUUIDString): Avoid nested public API call.
	* src/util/virtypedparam.c (virTypedParamsReplaceString): Don't
	dispatch errors here.
	(virTypedParamsGet): No need to reset errors.
	(virTypedParamsGetBoolean): Use consistent ordering.

2014-01-03  Denis Kondratenko  <denis.kondratenko@gmail.com>

	vmware: os x support is broken
	https://bugzilla.redhat.com/show_bug.cgi?id=1036248

	Incorrect usage of virAsprintf.  vmware-vmx reports version
	information to stderr, at least for OS X 10.9.1.

2014-01-03  Eric Blake  <eblake@redhat.com>

	event: remove unneeded virObjectEventGetEventID
	Any file with access to object_event_private.h also has access to
	the internals of virObjectEvent, without needing an accessor
	function.  Not to mention the accessor function was doing type
	checks that would always succeed.

	* src/conf/object_event_private.h (virObjectEventGetEventID): Drop.
	* src/conf/object_event.c (virObjectEventGetEventID): Drop.
	(virObjectEventDispatchMatchCallback): Simplify caller.
	* src/conf/domain_event.c (virDomainEventDispatchDefaultFunc):
	Likewise.

2014-01-03  Eric Blake  <eblake@redhat.com>

	event: fix doc typos, and doc more public methods
	While working on events, I found a number of minor issues; I'm
	hoisting these to the front rather than doing it piecemeal in
	the patches where I first noticed bad or missing documentation.

	* src/conf/object_event.c: Fix grammar, document all parameters
	of public functions, wrap some long lines.
	* src/conf/object_event.h: Likewise.
	* src/conf/network_event.c: Likewise.
	* src/conf/domain_event.c: Likewise (except for the large number
	of event creation functions).
	* src/libvirt_private.cyms (conf/object_event.h): Split...
	(conf/network_event.h): ...to account for new file.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: reset error on entrance to public API
	We document that calling any public API wipes out all prior
	libvirt errors in the same thread; but weren't obeying this
	style in a few functions.

	There are a couple of nested uses of virConnectRef (in lxc
	and qemu reboot paths), but they should not be affected by
	this change in semantics since there should not be any
	previous error getting nuked (a later patch will clean up
	the nested calls, along with abuse of virConnectClose on
	cleanup paths which DOES nuke errors).

	* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
	(virDomainGetSecurityLabel, virDomainGetSecurityLabelList)
	(virDomainSetMetadata, virDomainGetMetadata)
	(virNodeGetSecurityModel, virNetworkRef, virInterfaceRef)
	(virStoragePoolRef, virStorageVolRef, virNodeDeviceGetName)
	(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
	(virDomainSnapshotRef): Reset error on entrance.
	(do_open): Drop redundant error reset.
	* src/libvirt-qemu.c (virDomainQemuAgentCommand): Likewise.
	* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
	(virDomainLxcEnterSecurityLabel): Likewise.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: improve error condition style in public API
	While auditing error messages in libvirt.c, I found a couple
	instances that had not been converted to modern error styles,
	and a few places that failed to dispatch the error through
	the known-good connection.

	* src/libvirt.c (virDomainPinEmulator, virDomainGetDiskErrors)
	(virDomainSendKey, virDomainGetSecurityLabelList)
	(virDomainGetEmulatorPinInfo): Use typical error reporting.
	(virConnectGetCPUModelNames, virConnectRegisterCloseCallback)
	(virConnectUnregisterCloseCallback, virDomainGetUUID): Report
	error through connection.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: split long lines in invalidArg errors
	Style only.  In particular, the message on "flags 'affect live'
	and 'affect config'" being mutually exclusive was already split
	in some instances.

	* src/libvirt.c: Wrap some long error messages to fit in 80 columns.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: move debug statements first in public API
	Most of our public APIs emit a debug log on entry, prior to anything
	else.  There were a few exceptions where obvious failures were not
	logged, so fix those.  When moving a debug earlier, this patch also
	makes sure to avoid any NULL dereference during the log (the APIs
	are supposed to gracefully fail if the user passes NULL for the object).

	However, do NOT use VIR_DEBUG prior to virInitialize, since setting
	up the error reporting can change where VIR_DEBUG output would be
	routed.  Instead add documentation to virGlobalInit, virInitialize,
	and virGetVersion that better explains initialization.

	* src/libvirt.c (virGetVersion, virConnectRef, virDomainRef)
	(virNetworkRef, virInterfaceRef, virStoragePoolRef)
	(virStorageVolRef, virNodeDeviceRef, virSecretRef, virStreamRef)
	(virNWFilterRef, virDomainSnapshotRef): Debug on function entry.
	* src/libvirt-lxc.c (virDomainLxcEnterNamespace)
	(virDomainLxcEnterSecurityLabel): Likewise.

2014-01-03  Eric Blake  <eblake@redhat.com>

	maint: improve debug of libvirt-{qemu,lxc} apis
	I noticed that the virDomainQemuMonitorCommand debug output wasn't
	telling me the name of the domain it was working on.  While it was
	easy enough to determine which pointer matches the domain based on
	other log messages, it is nicer to be consistent.

	* src/util/viruuid.h (VIR_UUID_DEBUG): Moved here from...
	* src/libvirt.c (VIR_UUID_DEBUG): ...here.
	(VIR_ARG15, VIR_HAS_COMMA, VIR_DOMAIN_DEBUG_EXPAND)
	(VIR_DOMAIN_DEBUG_PASTE, VIR_DOMAIN_DEBUG_0, VIR_DOMAIN_DEBUG_1)
	(VIR_DOMAIN_DEBUG_2, VIR_DOMAIN_DEBUG): Move...
	* src/datatypes.h: ...here.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAgentCommand): Better debug messages.
	* src/libvirt-lxc.c (virDomainLxcOpenNamespace): Likewise.

2014-01-02  Eric Blake  <eblake@redhat.com>

	maint: consistent formatting in libvirt.c
	Preliminary cleanups to make search-and-replace easier in later
	patches.  Many of these were done by grepping for (multiline)
	pattern violations, then bundled all into one patch.

	* src/libvirt.c: Uniform two spaces between functions, return
	type and open brace on separate line, avoid blank lines around
	open brace, label in column 1, drop redundant (), consistent
	indentation for function headers split across lines.

2014-01-02  Eric Blake  <eblake@redhat.com>

	event: improve public API docs
	Since libvirt 0.9.3, the entire virevent.c file has been a public
	API, so improve the documentation in this file.  Also, fix a
	potential core dump - it could only be triggered by bogus use of
	the API and would only affect the caller (not libvirtd), but we
	might as well be nice.

	* src/libvirt.c (virConnectSetKeepAlive)
	(virConnectDomainEventRegister, virConnectDomainEventRegisterAny)
	(virConnectNetworkEventRegisterAny): Document event loop requirement.
	* src/util/virevent.c (virEventAddHandle, virEventRemoveHandle)
	(virEventAddTimeout, virEventRemoveTimeout): Likewise.
	(virEventUpdateHandle, virEventUpdateTimeout): Likewise, and avoid
	core dump if caller didn't register handler.
	(virEventRunDefaultImpl): Expand example, and set up code block in
	html docs.
	(virEventRegisterImpl, virEventRegisterDefaultImpl): Document more
	on the use of the event loop.

2014-01-02  Eric Blake  <eblake@redhat.com>

	event: don't overwrite registration error message
	Prior to this patch, an attempt to register an event without an
	event loop started results in the vague:

	libvirt: Remote Driver error : adding cb to list

	Now it gives the much nicer:

	libvirt:  error : internal error: could not initialize domain event timer

	This also avoids hiding other reasonable error messages, such as
	attempts to register a duplicate callback or OOM errors.

	* src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny)
	(remoteConnectDomainEventRegister)
	(remoteConnectDomainEventRegisterAny): Preserve more detailed error.

2014-01-01  Eric Blake  <eblake@redhat.com>

	tests: fix syntax in previous patch
	'make syntax-check' wasn't happy with commit fb00420.

	* tests/virnetsockettest.c (checkProtocols): Typo fix.

2014-01-01  Richard W.M. Jones  <rjones@redhat.com>

	aarch64: Fix sysinfo test.
	On AArch64 the kernel prints one "processor" (lower case 'p') line per
	core.  As this was missing from the test data, virSysinfo was not
	parsing any processors at all.

	Fix the test data so the test now passes.

2014-01-01  Richard W.M. Jones  <rjones@redhat.com>

	tests: sysinfotest: Actual/expected were swapped in error message.

	tests: virnetsockettest: Print the error if getifaddrs fails.

	aarch64: Disable -fstack-protector.
	I'm using gcc-4.8.2-7.fc21.aarch64 which does not appear to support
	this option.

2014-01-01  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	'make syntax-check' wants a newer gnulib for 2014 copyright.

	Also, a couple of fixes for bootstrap issues reported on IRC:
	- on some older glibc systems, ./configure could deadlock due to
	a glibc malloc bug
	- on FreeBSD systems, a broken autom4te coupled with gettext
	0.18.3 prevents bootstrap; we can't work around it, but can at
	least inform the user why they have a problem

	And as always, portability fixes in other modules, some of which
	are used by libvirt.

	* .gnulib: Update to latest, in part for bootstrap improvements,
	and for the new year.
	* bootstrap: Resync to gnulib.
	* gnulib/local/m4/ssize_t.m4.diff: Regenerate.

2014-01-01  Eric Blake  <eblake@redhat.com>

	docs: return paragraph must be last
	Commit eb70ceb tried to create a code block for
	libvirt-libvirt.html#virConnectGetType, but failed to note
	that our doc generator treats everything after "Returns" as
	part of the return description rather than looking for
	paragraph and code layout.  Fix some other API that also had
	generic details crammed into the return type paragraph.

	* src/libvirt.c (virConnectOpen, virConnectOpenReadOnly)
	(virConnectOpenAuth, virConnectListAllDomains): Fit doc pattern.

2013-12-31  Laine Stump  <laine@laine.org>

	domain: don't try to interpret <driver> as virtio config for hostdev interfaces
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1046337

	The <driver> name attribute of an interface is interpreted in two
	different ways depending on the <interface> type - if the interface is
	type='hostdev', then the driver name describes which backend to use
	for the hostdev device assignment (vfio or kvm), but if the interface
	is any emulated type *and* the model type is "virtio", then the driver
	name can be "vhost" or "qemu", telling which backend qemu should use
	to communicate with the emulated device.

	The problem comes when someone has defined a an interface like this
	(which is accepted by the parser as long as no <driver name='xxx'/> is
	specified):

	    <interface type='hostdev'>
	       ...
	       <model type='virtio'/>
	       ...
	    </interface>

	As libvirt storing this definition in the domain's status, the driver
	name is automatically filled in with the backend that was
	automatically decided by libvirt, so it stores this in the status:

	    <interface type='hostdev'>
	       ...
	       <driver name='vfio'/>
	       ...
	       <model type='virtio'/>
	       ...
	    </interface>

	This isn't noticed until the next time libvirtd is restarted - as it
	is reading the status of all domains, it encounters the above
	interface definition, logs an error:

	  internal error: Unknown interface <driver name='vfio'> has been specified

	and fails to reload the domain status, so the domain is marked as
	inactive.

	The solution is to stop the parser from interpreting <driver>
	attributes as if the device was an emulated virtio device, when it is
	actually a hostdev.

	(Although the bug has existed since vfio support was added, it has
	just recently become more apparent because libvirt previously didn't
	automatically set the driver name for hostdev interfaces in the domain
	status to vfio/kvm as it does since commit f094aa, first appearing in
	v1.1.4.)

2013-12-28  Eric Blake  <eblake@redhat.com>

	docs: fix layout of code snippets
	Similar to commit 52dbeac, we should indent code snippets in
	other places to ensure they appear correctly in html.  See
	http://libvirt.org/html/libvirt-libvirt.html#virNodeGetCPUStats
	for an example improved by this patch.  Also fix some missing
	semicolons in the examples.

	* src/libvirt.c: Indent code samples in comments.

2013-12-27  Eric Blake  <eblake@redhat.com>

	maint: fix typo in error message
	* src/util/virerror.h (virReportInvalidZeroArg): Fix double space.

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	virkeycode: Allow ANSI_A
	https://bugzilla.redhat.com/show_bug.cgi?id=1044806

	Currently, sending the ANSI_A keycode from os_x codepage doesn't work as
	it has a special value of 0x0. Our internal code handles that no
	different to other not defined keycodes. Hence, in order to allow it we
	must change all the undefined keycodes from 0 to -1 and adapt some code
	too.

	  # virsh send-key guestname --codeset os_x ANSI_A
	  error: invalid keycode: 'ANSI_A'

	  # virsh send-key guestname --codeset os_x ANSI_B
	  # virsh send-key guestname --codeset os_x ANSI_C

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	lxcDomainShutdownFlags: Cleanup @flags usage
	Currently, the @flags usage is a bit unclear at first sight to say the
	least. There's no need for such unclear code especially when we can
	borrow the working code from qemuDomainShutdownFlags().

	In addition, this fixes one bug too. If user requested both
	VIR_DOMAIN_SHUTDOWN_INITCTL and VIR_DOMAIN_SHUTDOWN_SIGNAL at the same
	time, he is basically saying: 'Use the force Luke! If initctl fails try
	sending a signal.' But with the current code we don't do that. If
	initctl fails for some reason (e.g. inability to write to /dev/initctl)
	we don't try sending any signal but fail immediately. To make things
	worse, making a domain shutdown with bare _SIGNAL was working by blind
	chance of a @rc variable being placed at correct place on the stack so
	its initial value was zero.

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	interface: Take interface status into account when starting and destroying
	https://bugzilla.redhat.com/show_bug.cgi?id=956994

	Currently, it is possible to start an interface that is already running:

	 # virsh iface-start eth2
	 Interface eth2 started

	 # echo $?
	 0

	 # virsh iface-start eth2
	 Interface eth2 started

	 # echo $?
	 0

	 # virsh iface-start eth2
	 Interface eth2 started

	 # echo $?
	 0

	Same applies for destroying a dead interface. We should not allow such
	state transitions.

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	interface: Introduce netcfInterfaceObjIsActive
	This function barely wraps ncf_if_status() and error handling code.

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	event-test: Unregister close callback
	When registering a close callback, the connection refcount is increased
	as the connection object is passed to the callback and hence we must
	prevent deleting it too soon. However, when closing the connection, the
	connection object is just unrefed. So whenever a connection with a close
	callback is closed, we end up with the connection object which has
	exactly one reference. Leaving the code as-is doesn't mean the end of
	the world as we know it, but why give a bad example?

	==14531== 288 bytes in 1 blocks are still reachable in loss record 695 of 762
	==14531==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==14531==    by 0x4E9FE09: virAllocVar (viralloc.c:558)
	==14531==    by 0x4EDBE45: virObjectNew (virobject.c:190)
	==14531==    by 0x4F71AAC: virGetConnect (datatypes.c:116)
	==14531==    by 0x4F78511: do_open (libvirt.c:1136)
	==14531==    by 0x4F7B3AC: virConnectOpenAuth (libvirt.c:1481)
	==14531==    by 0x4011D2: main (event-test.c:499)

	(and other leaks tied to virGetConnect())

2013-12-24  Michal Privoznik  <mprivozn@redhat.com>

	examples: Resurrect domsuspend example
	This partially reverts 5eb4b04211 and 62774afb6ba8.

	Rewrite the domsuspend example from scratch. This time do it right.

2013-12-24  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: correctly handle affinity reset in virDomainPinVcpu[Flags]
	By actually removing the <vcpupin> element (from within the
	<cputune> section) from the XML, rather than jus update it with
	a fully set vcpu affinity mask.

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-24  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement virDomainPinVcpuFlags
	And use it to implement libxlDomainPinVcpu(), similarly to what
	happens in the QEMU driver. This way, it is possible to both
	query and change the vcpu affinity of a persistent but not
	running domain.

	In face, before this patch, we have:
	 # virsh list --all
	  Id    Name                           State
	 ----------------------------------------------------
	  5     debian_32                      running
	  -     fedora20_64                    shut off
	 # virsh vcpupin fedora20_64 0 2-4 --current
	 error: this function is not supported by the connection driver: virDomainPinVcpuFlags

	After (same situation as above):
	 # virsh vcpupin  fedora20_64 0 2-4 --current
	 # virsh vcpupin  fedora20_64 0
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 2-4

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-24  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement virDomainGetVcpuPinInfo
	So that it is possible to query vcpu related information of
	a persistent but not running domain, like it is for the QEMU
	driver.

	In fact, before this patch, we have:
	 # virsh list --all
	  Id    Name                           State
	 ----------------------------------------------------
	  5     debian_32                      running
	  -     fedora20_64                    shut off
	 # virsh vcpuinfo fedora20_64
	 error: this function is not supported by the connection driver: virDomainGetVcpuPinInfo

	After (same situation as above, i.e., fedora20_64 not running):
	 # virsh vcpuinfo fedora20_64
	 VCPU:           0
	 CPU:            N/A
	 State:          N/A
	 CPU time        N/A
	 CPU Affinity:   yyyyyyyy

	 VCPU:           1
	 CPU:            N/A
	 State:          N/A
	 CPU time        N/A
	 CPU Affinity:   yyyyyyyy

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-24  Eric Blake  <eblake@redhat.com>

	virt-login-shell: clean up usage
	I noticed a few odd things in 'virt-login-shell --help' output.

	* tools/virt-login-shell.c (usage): At most one option accepted,
	drop trailing colon.

2013-12-23  Cédric Bosdonnat  <cbosdonnat@suse.com>

	virnettlscontexttest fails with GNUTLS 3.0.28
	On openSUSE 12.x with GNUTLS 3.0.28, virnettlscontexttest fails. It has
	been reported to work from GNUTLS 3.1.11 on Fedora 19. Changed the
	constraints on gnutls to 3.1+ for unit test cacert4req.

2013-12-23  Laine Stump  <laine@laine.org>

	qemu: re-add hostdev interfaces to hostdev array on libvirtd restart
	This resolves:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1045002

	If a domain has an <interface type='hostdev'> or an <interface
	type='network'> where the network itself is a pool of hostdev devices,
	then libvirt will internally keep that device on both the interface
	list *and* the hostdev list for the domain. One of the places this
	comes in handy is when a new device is being added and libvirt wants
	to find a unique "alias" name for it - it just scans through the
	hostdev array and makes sure it picks a name that doesn't match the
	alias of any device in that array.

	However, when libvirtd was restarted, if there was an <interface
	type='network'> with the network being a hostdev pool, the device
	would not be added to the reconstructed internal hostdev array, so its
	alias would not be found during a scan of the hostdev array, thus
	attempts to add a new hostdev (or <interface type='hostdev'> or
	<interface type='network'>) would result in a message like this:

	internal error: unable to execute QEMU command 'device_add':
	                Duplicate ID 'hostdev0' for device

	This patch simply fixes the existing code in the domain XML parser
	that fixes up the hostdev array in the case of <interface
	type='hostdev'> to do the same thing in the case of <interface
	type='network'> with a hostdev network.

	This bug has existed since the very first addition of hostdev networks
	to libvirt (0.10.0).

2013-12-23  Laine Stump  <laine@laine.org>

	qemu: avoid duplicate security label restore on hostdev attach failure
	This eliminates the misleading error message that was being logged
	when a vfio hostdev hotplug failed:

	  error: unable to set user and group to '107:107' on '/dev/vfio/22':
	         No such file or directory

	as documented in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

	Commit ee414b5d (pushed as a fix for Bug 1016511 and part of Bug
	1025108) replaced the single call to
	virSecurityManagerSetHostdevLabel() in qemuDomainAttachHostDevice()
	with individual calls to that same function in each
	device-type-specific attach function (for PCI, USB, and SCSI). It also
	added a corresponding call to virSecurityManagerRestoreHostdevLabel()
	in the error handling of the device-type-specific functions, but
	forgot to remove the common call to that from
	qemuDomainAttachHostDevice() - this resulted in a duplicate call to
	virSecurityManagerRestoreHostdevLabel(), with the second occurrence
	being after (e.g.) a PCI device has already been re-attached to the
	host driver, thus destroying some of the device nodes / links that we
	then attempted to re-label (e.f. /dev/vfio/22) and generating an error
	log that obscured the original error.

2013-12-23  Laine Stump  <laine@laine.org>

	qemu: properly set MaxMemLock when hotplugging with VFIO
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1035490

	virProcessSetMaxMemLock() (which is a wrapper over prlimit(3)) expects
	the memory size in bytes, but libvirt's domain definition (which was
	being used by qemuDomainAttachHostPciDevice()) stores all memory
	tuning parameters in KiB. This was being accounted for when setting
	MaxMemLock at domain startup time (so cold-plugged devices would
	work), but not for hotplug.

	This patch simplifies the few lines that call
	virProcessSetMemMaxLock(), and multiply the amount * 1024 so that
	we're locking the correct amount of memory.

	What remains a mystery to me is why hot-plug of a managed='no' device
	would succeed (at least on my system) while managed='yes' would
	fail. I guess in one case the memory was coincidentally already
	resident and in the other it wasn't.

2013-12-21  John Ferlan  <jferlan@redhat.com>

	PanicCheckABIStability: Need to check for existence
	Commit id '4313fead' added a call to virDomainPanicCheckABIStability()
	which did not check whether the panic device existed before making a call
	to virDomainDeviceInfoCheckABIStability() which ended up segfaulting:

	Thread 1 (Thread 0x7f5332837700 (LWP 10964)):
	    (src=<optimized out>, dst=<optimized out>)
	    at conf/domain_conf.c:13007
	    (dst=<optimized out>, src=<optimized out>)
	    at conf/domain_conf.c:13712
	    (src=<optimized out>, dst=<optimized out>)
	    at conf/domain_conf.c:14056
	    (domain=domain@entry=0x7f53000057c0, vm=vm@entry=0x7f53000036d0,
	     defptr=defptr@entry=0x7f5332836978, snap=snap@entry=0x7f5332836970,
	     update_current=update_current@entry=0x7f5332836962, flags=flags@entry=1)
	    at conf/snapshot_conf.c:1230
	    (domain=0x7f53000057c0, xmlDesc=<optimized out>, flags=1)
	    at qemu/qemu_driver.c:12719
	    (domain=domain@entry=0x7f53000057c0, xmlDesc=0x7f53000081d0
	     "<domainsnapshot>\n  <name>snap2</name>\n
	     <description>new-desc</description>\n  <state>running</state>\n
	     <parent>\n    <name>snap1</name>\n  </parent>\n
	     <creationTime>1387487268</creationTime>\n  <memory s"..., flags=1)
	    at libvirt.c:19695
	...

	(gdb) up 3
	(gdb) print *other->def->dom
	$2 = {virtType = 2, id = -1, ..
	...
	  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
	...
	(gdb) print *def->dom
	$3 = {virtType = 2, id = -1, ...
	...
	  rng = 0x0, panic = 0x0, namespaceData = 0x0,...
	...
	(gdb)

	Also seen using following sequence:

	virsh save $dom $file
	virsh save-image-edit $file
	  add (or remove) a <panic/> line
	  <devices>
	  ...
	    <panic>
	      <address type='isa' iobase='0x505'/>
	    </panic>
	  ...
	  </devices>

2013-12-20  Bamvor Jian Zhang  <bjzhang@suse.com>

	libxl: fix segfault when domain create fail
	there is a segfault in libxl logging in libxl_ctx_free when domain
	create fail. because the log output handler vmessage is freed by
	xtl_logger_destroy before libxl_ctx_free in virDomainObjListRemove.
	move xtl_logger_destroy after libxl_ctx_free could fix this bug.

2013-12-20  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: avoid crashing if calling `virsh numatune' on inactive domain
	by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
	possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
	happens, without having initialized the nodemap, and hence crashing after some
	invalid free()-s:

	 # ./daemon/libvirtd -v
	 *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
	 ======= Backtrace: =========
	 /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
	 /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
	 /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
	 /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
	 /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
	 /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
	 /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>

2013-12-20  Martin Kletzander  <mkletzan@redhat.com>

	Fix crash in lxcDomainSetMemoryParameters
	The function doesn't check whether the request is made for active or
	inactive domain.  Thus when the domain is not running it still tries
	accessing non-existing cgroups (priv->cgroup, which is NULL).

	I re-made the function in order for it to work the same way it's qemu
	counterpart does.

	Reproducer:
	 1) Define an LXC domain
	 2) Do 'virsh memtune <domain> --hard-limit 133T'

	Backtrace:
	 Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
	 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
	 #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
	     at util/vircgroup.c:669
	 #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
	 #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
	 #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
	     at util/vircgroup.c:1944
	 #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
	     params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
	 #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
	     params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
	 #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
	     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
	     at remote_dispatch.h:7621
	 #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
	     client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
	     ret=0x7fffe40b84f0) at remote_dispatch.h:7591
	 #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
	     at rpc/virnetserverprogram.c:435
	 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
	     at rpc/virnetserverprogram.c:305
	 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
	     prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
	 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
	     at rpc/virnetserver.c:186
	 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
	 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
	 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
	 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

2013-12-20  Martin Kletzander  <mkletzan@redhat.com>

	CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters
	The function doesn't check whether the request is made for active or
	inactive domain.  Thus when the domain is not running it still tries
	accessing non-existing cgroups (priv->cgroup, which is NULL).

	I re-made the function in order for it to work the same way it's qemu
	counterpart does.

	Reproducer:
	 1) Define an LXC domain
	 2) Do 'virsh memtune <domain>'

	Backtrace:
	 Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
	 #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
	 #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
	 #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
	     key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
	 #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
	     at util/vircgroup.c:1962
	 #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
	     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
	 #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
	     params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
	 #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
	     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
	     ret=0x7fffd4002420) at remote.c:1895
	 #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
	     client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
	     ret=0x7fffd4002420) at remote_dispatch.h:4050
	 #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
	     at rpc/virnetserverprogram.c:435
	 #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
	     server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
	     at rpc/virnetserverprogram.c:305
	 #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
	     prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
	 #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
	     at rpc/virnetserver.c:186
	 #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
	 #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
	 #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
	 #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

2013-12-19  Eric Blake  <eblake@redhat.com>

	docs: improve event-related documentation
	While looking at event code, I noticed that the documentation was
	trying to refer me to functions that don't exist.  Also fix some
	typos and poor formatting.

	* src/libvirt.c (virConnectDomainEventDeregister)
	(virConnectDomainEventRegisterAny)
	(virConnectDomainEventDeregisterAny)
	(virConnectNetworkEventRegisterAny)
	(virConnectNetworkEventDeregisterAny): Link to correct function.
	* include/libvirt.h.in (VIR_DOMAIN_EVENT_CALLBACK)
	(VIR_NETWORK_EVENT_CALLBACK): Likewise.
	(virDomainEventID, virConnectDomainEventGenericCallback)
	(virNetworkEventID, virConnectNetworkEventGenericCallback):
	Improve docs.

2013-12-19  Eric Blake  <eblake@redhat.com>

	storage: fix bogus target in gluster volume xml
	Commit 6cd60b6 was flat out broken - it tried to print into the
	wrong variable.  My testing was obviously too cursory (did the
	name get a slash added?); valgrind would have caught the error.
	Thankfully it didn't hit any release.

	Reported by Peter Krempa.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Fix bogus code.

2013-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove stray semicolon after pragma macros
	The VIR_WARNINGS_NO_CAST_ALIGN / VIR_WARNINGS_RESET should
	not have any trailing ';' since they are pragmas. The use
	of a ';' results in an empty statement which confuses CIL.

2013-12-19  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Fix crash in virsystemdtest with dbus 1.7.6
	D-bus introduced some changes in its locking code. Overriding the init
	function skips the new locking init and thus crashes later in libvirt
	test. Removing the function makes the test pass again.

2013-12-19  Peter Krempa  <pkrempa@redhat.com>

	storage: Avoid forward declaration of virStorageVolDelete
	Move the code around so that the forward declaration isn't needed. Also
	fix code style of the opening brace of the function by moving it to a
	separate line.

2013-12-19  Peter Krempa  <pkrempa@redhat.com>

	storage: Add gluster pool filter and fix virsh pool listing
	Recent addition of the gluster pool type omitted fixing the virsh and
	virConnectListAllStoragePool filters. A typecast of the converting
	function in virsh showed that also the sheepdog pool was omitted in the
	command parser.

	This patch adds gluster pool filtering support and fixes virsh to
	properly convert all supported storage pool types. The added typecast
	should avoid doing such mistakes in the future.

2013-12-19  Peter Krempa  <pkrempa@redhat.com>

	snapshot: schema: Split out snapshot disk driver definition
	Extract the definition to a new type to allow avoiding of duplication.

2013-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove redefinition of bool type when --enable-test-locking
	Old versions of CIL did not understand the 'bool' data type,
	but at least 1.7.3 does now cope. We can remove the old hack
	which redefined bool and no longer compiles successfully.

2013-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix race leading to crash when setting up dbus watches
	Currently the virDBusAddWatch does

	  virEventAddHandle(fd, flags,
	                    virDBusWatchCallback,
	                    watch, NULL);
	  dbus_watch_set_data(watch, info, virDBusWatchFree);

	Unfortunately this is racy - since the event loop is in a
	different thread, the virDBusWatchCallback method may be
	run before we get to calling dbus_watch_set_data. We must
	reverse the order of these calls

	See https://bugzilla.redhat.com/show_bug.cgi?id=885445

2013-12-18  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: libxl_get_max_cpus returning a libxl error from 4.4 onward
	Starting from commit 2e82c18c in Xen (will be included in Xen 4.4)
	both libxl_get_max_cpus() and libxl_get_max_nodes() start returning
	a proper libxl error code, in case of failure. This patch fixes
	this in the libxl driver.

	Note that, although it is now basically impossible for them to return
	0, that would, theoretically, still be wrong. Also, checking that the
	returned value is '<= 0' makes the code correct for both Xen 4.4 and
	Xen 4.3 (and 4.2), and that is why we go for it (rather than
	just '< 0').

	Cc: Jim Fehlig <jfehlig@suse.com>
	Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
	Cc: Martin Kletzander <mkletzan@redhat.com>

2013-12-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: domain: Fix undefine with storage of 'volume' disks
	The undefine code that removes the storage along with the VM didn't take
	into account the existence of 'volume' type disks. Add the functionality.

2013-12-18  Peter Krempa  <pkrempa@redhat.com>

	virsh: man: Mention that volumes need to be in storage pool for undefine
	https://bugzilla.redhat.com/show_bug.cgi?id=1044445

	When undefining a VM with storage the man page doesn't explicitly
	mention that the volumes need to be a part of the storage pool otherwise
	it won't work.

2013-12-18  Eric Blake  <eblake@redhat.com>

	qemu: ask for -enable-fips when FIPS is required
	On a system that is enforcing FIPS, most libraries honor the
	current mode by default.  Qemu, on the other hand, refused to
	honor FIPS mode unless you add the '-enable-fips' command
	line option; worse, this option is not discoverable via QMP,
	and is only present on binaries built for Linux.  So, if we
	detect FIPS mode, then we unconditionally ask for FIPS; either
	qemu is new enough to have the option and then correctly
	cripple insecure VNC passwords, or it is so old that we are
	correctly avoiding a FIPS violation by preventing qemu from
	starting.  Meanwhile, if we don't detect FIPS mode, then
	omitting the argument is safe whether the qemu has the option
	(but it would do nothing because FIPS is disabled) or whether
	qemu lacks the option (including in the case where we are not
	running on Linux).

	The testsuite was a bit interesting: we don't want our test
	to depend on whether it is being run in FIPS mode, so I had
	to tweak things to set the capability bit outside of our
	normal interaction with capability parsing.

	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1035474

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_ENABLE_FIPS): New bit.
	* src/qemu/qemu_capabilities.c (virQEMUCapsInitQMP): Conditionally
	set capability according to detection of FIPS mode.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Use it.
	* tests/qemucapabilitiestest.c (testQemuCaps): Conditionally set
	capability to test expected output.
	* tests/qemucapabilitiesdata/caps_1.2.2-1.caps: Update list.
	* tests/qemucapabilitiesdata/caps_1.6.0-1.caps: Likewise.

2013-12-18  Martin Kletzander  <mkletzan@redhat.com>

	configure: make --with-test-suite work
	Our option '--with-test-suite' could have never worked since it was
	defined as AC_ARG_ENABLE([with-test-suite], ...), thus working only as
	'--enable-with-test-suite', but documented in configure.ac as
	AC_HELP_STRING([--with-test-suite], ...).
	In my opinion, the help string is as it should be, but the option is
	wrong.

	The option has been broken since the introduction in commit 3a2fc27.

2013-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Set the 'container_ttys' env variable for LXC consoles
	Systemd specified that any /dev/pts/NNN device on which it
	is expected to spawn a agetty login, should be listed in
	the 'container_ttys' env variable. It should just contain
	the relative paths, eg 'pts/0' not '/dev/pts/0' and should
	be space separated.

	http://cgit.freedesktop.org/systemd/systemd/commit/?id=1d97ff7dd71902a5604c2fed8964925d54e09de9

2013-12-18  Michal Privoznik  <mprivozn@redhat.com>

	storage: resize vol against real allocated size
	Currently, 'vol-resize --allocate' allocates new space at the
	vol->capacity offset. But the vol->capacity is not necessarily the same
	as vol->allocation. For instance:.

		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  1.00 GiB  1.00 GiB

		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 2G

		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  2.00 GiB  1.00 GiB

	So, if we want to allocate more bytes, so the file is say 3G big, the
	real allocated size is 2G actually:

		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  2.00 GiB

	This commit uses the correct vol->allocation instead of incorrect
	vol->capacity, so the output of the commands above looks like this:

		[root@localhost ~]# virsh vol-resize tmp-vol --pool tmp-pool 3G --allocate

		[root@localhost ~]# virsh vol-list --pool tmp-pool --details
		 Name      Path                   Type  Capacity  Allocation
		-------------------------------------------------------------
		 tmp-vol  /root/tmp-pool/tmp-vol  file  3.00 GiB  3.00 GiB

	Moreover, if the '--alocate' flag was used, we must update the
	vol->allocation member in storageVolResize API too, not just
	vol->capacity.

	Reported-by: Wang Sen <wangsen@linux.vnet.ibm.com>

2013-12-17  Wout Mertens  <Wout.Mertens@gmail.com>

	Support transient attribute on vmware disks
	vmx/vmx.c ignores the transient attribute on the disk xml format. This patch
	adds a 1-1 relationship between it and [disk].mode = "independent-nonpersistent".

	The other modes are ignored as before. It works in my testing.

	https://bugzilla.redhat.com/show_bug.cgi?id=1044023

2013-12-17  Lénaïc Huard  <lenaic@lhuard.fr.eu.org>

	Fix build when default python is python3
	As the python generator scripts are written in python2,
	the ./configure script must check for python2 before checking for python
	otherwise, on platforms where both python2 and python3 are available and
	on which the default python points to python3, ./configure will try to use
	the wrong one.

2013-12-17  Laine Stump  <laine@laine.org>

	specfile: fix make rpm when with_driver_modules is 1
	Commit ff76566 moved around things in the specfiles to put
	driver-specific files into their appropriate sub-packages (when
	with_driver_modules == 1), but accidentally changed things so that the
	deamon-driver-network and daemon-config-network files were only
	included in a package when with_driver_modules == 0. This broke "make
	rpm" on fedora (where with_driver_modules == 1).

	This patch follows the pattern (already used for the files in other
	sub-modules) of duplicating the files for the main package
	(!with_driver_modules) and the sub-package (with_driver_modules).

2013-12-17  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix address type for disks
	Disks have type='drive', not type='disk'.

2013-12-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix typo PCi => PCI

2013-12-16  Jiri Denemark  <jdenemar@redhat.com>

	tools: Fix virsh connect man page
	The URI parameter is optional and xen:/// is not the default connection
	URI.

2013-12-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Change incorrect error report in lxcContainerPivotRoot
	The newroot is not mounted as tmpfs, we bind root->src to it.

2013-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Add debug output when registering event handlers

	Remove the event namespace concept
	The event namespace concept is mostly redundant information.
	With the re-written dispatcher, the namespace is only used
	for equality comparisons between event IDs. This can be solved
	by just comparing virClassPtr instances instead.

	Associate a dispatch function with the event objects
	Instead of having the object event code have to know about each
	type of event and their dispatch functions, associate a dispatch
	function with the object instance. The dispatch code can thus be
	significantly simplified.

	Introduce abstract virNetworkEvent class
	Inject a virNetworkEvent class between virObjectEvent
	and virNetworkEventLifecycle to mirror virDomainEvent.

	Add 'detail' arg to network lifecycle event internals
	While the public API & wire protocol included the 'detail'
	arg for network lifecycle events, the internal event handling
	code did not process it. This meant that if a future libvirtd
	server starts sending non-0 'detail' args, the current libvirt
	client will not process them.

	Update event demo program to support network events too

	Move examples/domain-events/event-c to examples/object-events
	The domain events demo program isn't really tied to domain
	events anymore, so rename it to object events.

2013-12-13  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virObjectEventCallbackListRemoveID()
	While running objecteventtest, it was found that valgrind pointed out the
	following memory leak:

	==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
	==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==13464==    by 0x341F485E21: strdup (strdup.c:42)
	==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
	==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
	==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
	==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
	==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
	==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
	==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
	==13464==    by 0x403451: virtTestRun (testutils.c:138)
	==13464==    by 0x402012: mymain (objecteventtest.c:395)
	==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
	==13464==

2013-12-13  Martin Kletzander  <mkletzan@redhat.com>

	qemu: check for reboot-timeout on monitor
	The support for <boot rebootTimeout="12345"/> was added before we were
	checking for qemu command line options in QMP, so we haven't properly
	adapted virQEMUCaps when using it and thus we report unsupported
	option with new enough qemu.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1042690

2013-12-13  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: return -1 if failed to kill lxc process
	We missed a return when virProcessKillPainfully
	failed to kill lxc process

2013-12-13  Eric Blake  <eblake@redhat.com>

	object: require maximal alignment in base class
	Recent changes to events (commit 8a29ffcf) resulted in new compile
	failures on some targets (such as ARM OMAP5):
	conf/domain_event.c: In function 'virDomainEventDispatchDefaultFunc':
	conf/domain_event.c:1198:30: error: cast increases required alignment of
	target type [-Werror=cast-align]
	conf/domain_event.c:1314:34: error: cast increases required alignment of
	target type [-Werror=cast-align]
	cc1: all warnings being treated as errors

	The error is due to alignment; the base class is merely aligned
	to the worst of 'int' and 'void*', while the child class must
	be aligned to a 'long long'.  The solution is to include a
	'long long' (and for good measure, a function pointer) in the
	base class to ensure correct alignment regardless of what a
	child class may add, but to wrap the inclusion in a union so
	as to not incur any wasted space.  On a typical x86_64 platform,
	the base class remains 16 bytes; on i686, the base class remains
	12 bytes; and on the impacted ARM platform, the base class grows
	from 12 bytes to 16 bytes due to the increase of alignment from
	4 to 8 bytes.

	Reported by Michele Paolino and others.

	* src/util/virobject.h (_virObject): Use a union to ensure that
	subclasses never have stricter alignment than the parent.
	* src/util/virobject.c (virObjectNew, virObjectUnref)
	(virObjectRef): Adjust clients.
	* src/libvirt.c (virConnectRef, virDomainRef, virNetworkRef)
	(virInterfaceRef, virStoragePoolRef, virStorageVolRef)
	(virNodeDeviceRef, virSecretRef, virStreamRef, virNWFilterRef)
	(virDomainSnapshotRef): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal)
	(qemuMonitorClose): Likewise.

2013-12-13  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: add support for -device pvpanic
	Map the new <panic> device in XML to the '-device pvpanic' command
	line of qemu.  Clients can then couple the <panic> device and the
	<on_crash> directive to control behavior when the guest reports
	a panic to qemu.

	conf: add support for panic device
	panic device is a device that enables libvirt to receive notification
	of guest panic event.

	conf: introduce generic ISA address
	For example:
	<address type='isa' iobase='0x505' irq='0x1'/>

2013-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Bump version to 1.2.1 for new dev cycle

2013-12-12  Laine Stump  <laine@laine.org>

	Add another missing % on %{_libdir} macro

2013-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Add missing % on %{_libdir} macro in RPM

2013-12-12  Gao feng  <gaofeng@cn.fujitsu.com>

	rename virBlkioDeviceWeightPtr to virBlkioDevicePtr
	The throttle blkio cgroup will reuse this struct.

	rename virBlkioDeviceWeightArrayClear to virBlkioDeviceArrayClear

	rename virDomainBlkioDeviceWeightParseXML to virDomainBlkioDeviceParseXML
	virDomainBlkioDeviceWeightParseXML will be used to parse
	the xml element read_bps, write_bps, read_iops, write_iops.

2013-12-12  Eric Blake  <eblake@redhat.com>

	storage: show gluster option in virsh --version=long
	Adding output to 'virsh --version=long' makes it easier to
	tell if a distro built with particular libraries (it doesn't
	tell you what a remote libvirtd is built with, but is still
	better than nothing).  But we forgot to mention gluster.

	* tools/virsh.c (vshShowVersion): Add gluster witness.

2013-12-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added default case with error for object event dispatching
	Hitting this should be pretty rare, but at least developers will know
	that they are providing a weird event ID. Otherwise for namespace that
	are added in the normal way, gcc will raise a warning about unhandled
	case in the switch.

	Fixed indentation in src/conf/*_event*

	Added network events to the bridged network driver

	Add network events to the remote driver

	Add network events unit tests

	test driver: implemented network events

2013-12-11  Cédric Bosdonnat  <cbosdonnat@suse.com>

	Added Network events API and virNetworkEventLifecycle.
	Define the public API for (de-)registering network events
	and the callbacks for receiving lifecycle events. The lifecycle
	event includes a 'detail' parameter to match the domain lifecycle
	event data, but this is currently unused.

	The network events related code goes into its own set of internal
	files src/conf/network_event.[ch]

2013-12-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in libvirt.h
	s/pausde/paused

2013-12-11  Michael Chapman  <mike@very.puzzling.org>

	storage_backend_rbd: rename "stat" variable
	This variable shadows the stat(2) function, which only became visible in
	this scope as of commit 9cac8639. Rename the variable so it doesn't
	conflict.

2013-12-10  Eric Blake  <eblake@redhat.com>

	storage: fix omitted slash in gluster volume URI
	When doing 'virsh vol-dumpxml' on a gluster pool's volume, the
	resulting URI incorrectly omitted a slash between hostname and
	path:  gluster://192.168.122.206rhsvol1/fedora-19.img

	This is fallout from me rebasing earlier versions of my patch
	that ended up as commit efee1af; I had originally played with
	always requiring the gluster volume to have a leading slash,
	but it was easier to use the gluster API if the gluster volume
	name was guaranteed to have no slash.  While I got the URI of
	the pool correct, I forgot to fix the URI of a libvirt volume.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Use correct starting point
	since uri construction requires leading slash.

2013-12-10  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	If we do not specify a readonly mount, we don't need to re-mount it again.

2013-12-10  Michal Privoznik  <mprivozn@redhat.com>

	Revert "virtlockd: treat SIGHUP like SIGUSR1"
	This reverts commit 8355d42dd3df514c8584e0e5082b945b79671fc5.

	After some discussion upstream [1] this patch turns out to be spurious.
	It better gets reverted prior to a release.

	1: https://www.redhat.com/archives/libvir-list/2013-December/msg00563.html

2013-12-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu_process: Read errors from child
	https://bugzilla.redhat.com/show_bug.cgi?id=1035955

	There's a window when starting a qemu process between fork() and exec()
	during which we are doing things that may fail but not tunnelling the
	error to the daemon. This is basically all within qemuProcessHook().
	So whenever we fail in something, e.g. placing a process onto numa node,
	users are left with:

	    error: Child quit during startup handshake: Input/output error

	while the original error is thrown into the domain log:

	    libvirt:  error : internal error: NUMA memory tuning in 'preferred'
	    mode only supports single node

	Hence, we should read the log file and search for the error message and
	report it to users.

2013-12-10  Eric Blake  <eblake@redhat.com>

	docs: fix recent typo
	Introduced in commit 24fbbb82.

	* docs/formatdomain.html.in: s/tunning/tuning/

2013-12-10  Cédric Bosdonnat  <cbosdonnat@suse.com>

	daemon/remote.c: renamed remoteDispatchDomainEventSend
	into remoteDispatchObjectEventSend as it will later be used for both
	the domain and network events.

	test driver: renamed testDomainEventQueue into testObjectEventQueue

	Extracted common parts of domain_event.[ch] to object_event.[ch]

	Split the virObjectEvent and virDomainEvent* to separate them after

	Renamed virDomainEventTimer to virObjectEventTimer

	Add object event namespaces for the event IDs
	Each unique event ID will thus be composed by 1 byte for the namespace
	and 1 byte for a namespace-specific ID. The namespace for domain event
	needs to be 0 for compatibility reasons.

	Use virObjectEventPtr instead of virDomainEventPtr
	The virDomainEvent class is kept as it indicates what meta informations
	are valid for the children classes. This may be useful in the future.

	Create virDomainEventDeviceRemoved and remove the huge union
	RIP virDomainEvent union. All data are now stored in each
	virObjectEvent subclass.

	Create virDomainEventBalloonChange to get rid of the huge union

	Create virDomainEventTrayChange to get rid of the huge union

	Create virDomainEventDiskChange to get rid of the huge union

	Create virDomainEventBlockJob to get rid of the huge union

	Create virDomainEventGraphics to get rid of the huge union

	Create virDomainEventIOError to get rid of the huge union

	Create virDomainEventWatchdog to get rid of the huge union

	Create virDomainEventRTCChange to get rid of the huge union

	Renamed virDomainEventNewInternal to virDomainEventNew
	This change may be confusing at first, but provides a much more
	consistent naming scheme for the virObjectEvent children construction
	functions.

	Renamed virDomainEventNew* to virDomainEventLifecycleNew*
	This aims at providing some consistency with other domain events

	Create virDomainEventLifecycle to start removing the huge union

	virObject-ified virDomainEvent
	Added a parent class virObjectEvent for future event types

	Created virObjectEventStateRegisterID
	Keep virDomainEventStateRegisterID as a convenience wrapper around
	this new function.

	Renamed virDomainEventCallbackList* to virObjectEventCallbackList*
	Keep the legacy Domain lifecycle event functions as is.

	Renamed virDomainEventState to virObjectEventState
	Leave virDomainEventRegister and its Deregister brother as these are
	legacy functions only for domain lifecycle events.

	Renamed virDomainEventQueue to virObjectEventQueue
	The event queue will be generalized to hold events related
	to any object type.

	Renamed virDomainMeta to virObjectMeta
	The metadata struct will hold the unique identifiers for
	any type of object, though not all fields will be used
	for all types.

	Rename virDomainEventCallback to virObjectEventCallback
	The event callbacks will be generalized to handle events
	for any object type.

	Added domain start/stop/define/undefine event unit tests
	These unit tests are aiming at providing some help during the domain
	events refactoring.

2013-12-10  Michael Chapman  <mike@very.puzzling.org>

	spec: clean up libvirtd and virtlockd service mgmt
	- systemctl and the %systemd_* RPM macros can take multiple unit names
	  in the one invocation. Make use of this to avoid repeated systemd
	  daemon reloads.

	- virtlockd was only properly enabled and disabled when using systemd,
	  but when systemd RPM macros were not available (e.g. on Fedora < 18).
	  Make sure it's enabled when systemd RPM macros are present, or when
	  using initscripts.

	- Always use "reload" on virtlockd, not "condrestart". This allows it to
	  cleanly re-execute itself without losing running state. Ignore any
	  error should the reload fail.

	- Move the reloading of virtlockd and libvirtd via their initscripts
	  into the daemon package's %postun scriptlet. These services must be
	  restarted after all of the libvirt-daemon-driver-* packages have
	  been upgraded during the same RPM transaction.

	- Add a %triggerpostun executed only when upgrading an older
	  libvirt-daemon. As an older package would only reload libvirtd during
	  %post, and the newer package would only reload libvirtd during
	  %postun, such an upgrade would not reload libvirtd at all without the
	  trigger.

2013-12-10  Michael Chapman  <mike@very.puzzling.org>

	virtlockd: use common exit path when out-of-memory
	Also use a distinct, valid exit status for daemon re-execution failure.

	virtlockd: treat SIGHUP like SIGUSR1
	SIGHUP is commonly used to instruct a daemon to reload its config. For
	now we should handle it in virtlockd just like SIGUSR1, rather than
	having it kill the process.

2013-12-10  Michael Chapman  <mike@very.puzzling.org>

	virtlockd: improve initscripts
	- Use SIGUSR1, not SIGHUP, on reload. At present, virtlockd only
	  responds to the former.

	- Fix PID file for virtlockd.

	- Do not start virtlockd in any runlevels by default. It needs to be
	  explicitly selected in libvirt's qemu.conf anyway, so there is no
	  need to have it running on all systems regardless.

	- Fix chkconfig priorities to ensure virtlockd is started before
	  libvirtd is started, and stopped after libvirtd is stopped.

	- Add "Should-Start: virtlockd" to the libvirtd initscript's LSB header,
	  for the same reason.

	- Add "Default-Stop" to both libvirtd and virtlockd initscripts. LSB
	  does not guarantee that this defaults to the inverse of
	  "Default-Start".

2013-12-10  Michael Chapman  <mike@very.puzzling.org>

	virtlockd: improve systemd units
	- Pass VIRTLOCKD_ARGS through to virtlockd.

	- Use SIGUSR1, not SIGHUP, in ExecReload. At present, virtlockd only
	  responds to the former.

	- Have "systemctl enable virtlockd.service" enable virtlockd.socket,
	  rather than throw an error.

	- Make virtlockd.socket wanted by sockets.target, rather than
	  multi-user.target. This is consistent with other socket units in
	  Fedora, and it ensures that the socket is available before libvirtd is
	  started.

2013-12-10  Martin Kletzander  <mkletzan@redhat.com>

	conf: don't format memtune with unlimited values
	When changing memtune limits to unlimited with AFFECT_CONFIG, the
	values in virDomainDef are set to PARAM_UNLIMITED, which causes the
	whole <memtune> to be formatted.  This can be changed in all drivers,
	but it also makes sense to use the default (0) as another value for
	"unlimited", since zero memory limit makes no sense.

	qemu: Fix minor inconsistency in error message

	qemu: Report VIR_DOMAIN_MEMORY_PARAM_UNLIMITED properly
	For dead domains that have no memtune limits, we return 0 instead of
	"unlimited", this patch fixes it to return PARAM_UNLIMITED.

2013-12-10  Martin Kletzander  <mkletzan@redhat.com>

	cgroups: Redefine what "unlimited" means wrt memory limits
	Since kernel 3.12 (commit 34ff8dc08956098563989d8599840b130be81252 in
	linux-stable.git in particular) the value for 'unlimited' in cgroup
	memory limits changed from LLONG_MAX to ULLONG_MAX.  Due to rather
	unfortunate choice of our VIR_DOMAIN_MEMORY_PARAM_UNLIMITED constant
	(which we transfer as an unsigned long long in Kibibytes), we ended up
	with the situation described below (applies to x86_64):

	 - 2^64-1 (ULLONG_MAX) -- "unlimited" in kernel = 3.12

	 - 2^63-1 (LLONG_MAX) -- "unlimited" in kernel < 3.12
	 - 2^63-1024 -- our PARAM_UNLIMITED scaled to Bytes

	 - 2^53-1 -- our PARAM_UNLIMITED unscaled (in Kibibytes)

	This means that when any number within (2^63-1, 2^64-1] is read from
	memory cgroup, we are transferring that number instead of "unlimited".
	Unfortunately, changing VIR_DOMAIN_MEMORY_PARAM_UNLIMITED would break
	ABI compatibility and thus we have to resort to a different solution.

	With this patch every value greater than PARAM_UNLIMITED means
	"unlimited".  Even though this may seem misleading, we are already in
	such unclear situation when running 3.12 kernel with memory limits set
	to 2^63.

	One example showing most of the problems at once (with kernel 3.12.2):
	 # virsh memtune asdf --hard-limit 9007199254740991 --swap-hard-limit -1
	 # echo 12345678901234567890 >\
	/sys/fs/cgroup/memory/machine/asdf.libvirt-qemu/memory.soft_limit_in_bytes
	 # virsh memtune asdf
	 hard_limit     : 18014398509481983
	 soft_limit     : 12056327051986884
	 swap_hard_limit: 18014398509481983

2013-12-09  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Fix adding USB devices to the driver list
	We were unconditionally removing the device from the host list, when it
	should only be done on error.

	This fixes USB collision detection when hotplugging the same device to
	two guests.

2013-12-09  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Fix double free on USB collision
	If we hit a collision, we free the USB device while it is still part
	of our temporary USBDeviceList. When the list is unref'd, the device
	is free'd again.

	Make the initial device freeing dependent on whether it is present
	in the temporary list or not.

2013-12-09  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Only label hostdev after checking device conflicts
	Similar to what Jiri did for cgroup setup/teardown in 05e149f94, push
	it all into the device handler functions so we can do the necessary prep
	work before claiming the device.

	This also fixes hotplugging USB devices by product/vendor (virt-manager's
	default behavior):

	https://bugzilla.redhat.com/show_bug.cgi?id=1016511

2013-12-09  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance memoryBacking/locked documentation
	Mention the need to set memtune/hard_limit.

	https://bugzilla.redhat.com/show_bug.cgi?id=1035954

2013-12-06  Jim Fehlig  <jfehlig@suse.com>

	spec: move driver-specific files to driver subpackages
	The libvirt-daemon package contains several driver-specific files,
	directories, and script, which can be problematic when building the
	package with multiple hypervisor support, e.g. both QEMU and Xen.

	E.g. installing a QEMU+Xen enabled libvirt-daemon on a Xen-only system
	will result in the creation of qemu and kvm groups and a qemu user.

	Move the driver-specific files, directories, and script to the
	respective driver subpackages.

2013-12-06  Jim Fehlig  <jfehlig@suse.com>

	spec: Define hypervisor-specific files together
	Collapse the various {with_<hypervisor>} conditionals in the
	libvirt-daemon package files section into a single {with_<hypervisor>}
	conditional

	spec: Conditionally specify some hypervisor-specific files
	Move some hypervisor-specific files in the libvirt-daemon subpackage
	within conditionals for those hypervisors.

	spec: Fix files list when building without driver modules
	The daemon-config-{network,nwfilter} subpackages are built regardless
	of whether or not with_driver_modules is defined, therefore don't
	conditionally define their files list.

	spec: Only add libvirt-daemon pre install script if building with qemu
	The %pre script in libvirt-daemon is specific to qemu, so only include
	it if building with qemu support.

	spec: Fix unconditional references of nwfilter
	Ensure nwfilter files lists and dependencies are conditional upon
	with_nwfilter being defined.

2013-12-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxcContainerMountFSDevPTS: Unify @ret usage pattern
	Currently, if virFileMakePath() fails, the @ret is left initialized from
	virAsprintf() just a few lines above leading to a wrong return value of
	zero whereas -1 should be returned.

2013-12-06  Zhou Yimin  <zhouyimin@huawei.com>

	Cgroup: Replace 'newpath' with 'newPath'
	Unifying codding style, replace 'newpath' with 'newPath'.

	From: Zhou Yimin <zhouyimin@huawei.com>

2013-12-06  Ján Tomko  <jtomko@redhat.com>

	Add qxl ram size to ABI stability check
	55bfd02 added a 'ram' attribute for qxl video devices
	but didn't update the ABI check.

	https://bugzilla.redhat.com/show_bug.cgi?id=1035123

2013-12-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve error when setting invalid count of vcpus via agent
	https://bugzilla.redhat.com/show_bug.cgi?id=1035108

	When attempting to enable more vCPUs in the guest than is currently
	enabled in the guest but less than the maximum count for the VM we
	currently reported an unhelpful message:

	 error: internal error: guest agent reports less cpu than requested

	This patch changes it to:

	 error: invalid argument: requested vcpu count is greater than the count
	 of enabled vcpus in the domain: 3 > 2

2013-12-06  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix XML formatting of RNG device info
	https://bugzilla.redhat.com/show_bug.cgi?id=1035118

	When outputting the XML for the RNG device, the code didn't format the
	PCI address info. Additionally the schema wasn't expecting the info
	although it was being parsed and used internally. Fix those mistakes and
	add test for the PCI info section.

2013-12-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Fix incorrect disk type for auto-generated disks
	When changing the parsing and formatting functions in commit
	43f2ccdc73090bd03f64de4d58d46ffa0134d705 I forgot to update the qemu
	disk alignment function for snapshots that automatically adds snapshot
	configs for disks that were not mentioned in the XML. The function
	allocated a new disk snapshot definition but did not correctly
	initialize the snapshot disk source type variable. This resulted into
	the disks considered as block devices and invalid XML was generated.

	Reported by John Ferlan.

2013-12-05  Cole Robinson  <crobinso@redhat.com>

	qemu: hotplug: Mark 2 private functions as static
	They aren't used outside of qemu_hotplug.c

2013-12-05  Wang Yufei  <james.wangyufei@huawei.com>

	docs: fix double articles bug
	Delete the extra article 'the'.

2013-12-05  Michal Privoznik  <mprivozn@redhat.com>

	virThreadPoolFree: Set n(Prio)Workers after the pool is locked
	In 78839da I am trying to join the worker threads. However, I can't
	sipmly reuse pool->nWorkers (same applies for pool->nPrioWorkers),
	because of the following flow that is currently implemented:

	1) the main thread executing virThreadPoolFree sets pool->quit = true,
	wakes up all the workers and wait on pool->quit_cond.

	2) A worker is woken up and see quit request. It immediately jumps of
	the while() loop and decrements pool->nWorkers (or pool->nPrioWorkers in
	case of priority worker). The last thread signalizes pool->quit_cond.

	3) Main thread is woken up, with both pool->nWorkers and
	pool->nPrioWorkers being zero.

	So there's a need to copy the original value of worker thread counts
	into local variables. However, these need to set *after* the check for
	pool being NULL (dereferencing a NULL is no no). And for safety they can
	be set right after the pool is locked.

	Reported-by: John Ferlan <jferlan@redhat.com>

2013-12-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix indentation in qemuTranslateDiskSourcePool
	Commit e1a4d08baf9a8cc86c8b5ca27da9aeedb34b5908 was pushed with bad
	indentation the iSCSI pool translation code.

	domainsnapshotxml2xmltest: Add test case for empty driver element
	Commit 5a66c667ff5cae61c2ad2e646c8eb3eedc67f925 fixed a NULL dereference
	if the disk driver element was empty. Add a test for this case.

	domainsnapshotxml2xmltest: Add existing files as new tests
	There were plenty snapshot XMLs in the tests/domainsnapshotxml2xmlin
	directory that actually weren't used in XML testing. The upgraded
	domainsnapshotxml2xml test now allows us to use them.

	domainsnapshotxml2xml: Move files with conflicting names
	The new tests that will be added later would collide with files of
	existing tests. Move and rename those files.

	domainsnapshotxml2xmltest: Allow for better testing of snapshots
	Until now the test was only testing redefinition of snapshot XMLs stored
	in tests/domainsnapshotxml2xmlout. This patch adds new infrastructure to
	allow testing of files that may differ and will allow to utilize files
	in tests/domainsnapshotxml2xmlin as new tests too.

	domainsnapshotxml2xmltest: Clean up labels and use bool instead of int
	The 'internal' variable holds only two states; convert it to a boolean
	and the 'fail' label should be called 'cleanup'. This patch also fixes a
	minor memory leak of driver capabilities in case the XML config object
	can't be allocated.

2013-12-05  Adam Walters  <adam@pandorasboxen.com>

	configure: Resolve compile issue in configure.ac
	This patch resolves a compile issue caused by the
	removal of examples/domsuspend code in commit
	5eb4b04211ea379c58f735dee6c2852c8b80da89. This issue
	is only seen in a fresh checkout, but causes the build
	and configure to fail.

2013-12-04  Wangyufei (James)  <james.wangyufei@huawei.com>

	qemuAgentDispose: Reset lastError
	When an error occurred in qemuAgentIO, it will be saved in mon->lastError,
	but it will not be freed at the end.  Present since commit c160ce33;
	and compare to commit 9cc8a5af fixing the same problem in qemu_monitor.c.

	==22219== 54 bytes in 1 blocks are definitely lost in loss record 982 of 1,379
	==22219==    at 0x4C26B9B: malloc (vg_replace_malloc.c:263)
	==22219==    by 0x8520521: strdup (in /lib64/libc-2.11.3.so)
	==22219==    by 0x52E99CB: virStrdup (virstring.c:554)
	==22219==    by 0x52B44C4: virCopyError (virerror.c:195)
	==22219==    by 0x52B5123: virCopyLastError (virerror.c:312)
	==22219==    by 0x10905877: qemuAgentIO (qemu_agent.c:660)
	==22219==    by 0x52B6122: virEventPollDispatchHandles (vireventpoll.c:501)
	==22219==    by 0x52B7AEA: virEventPollRunOnce (vireventpoll.c:647)
	==22219==    by 0x52B5C1B: virEventRunDefaultImpl (virevent.c:274)
	==22219==    by 0x54181FD: virNetServerRun (virnetserver.c:1112)
	==22219==    by 0x11EF4D: main (libvirtd.c:1513)

2013-12-04  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in qemuBuildDriveStr()
	This patch fixes memory leaks reported by valgrind on running
	qemuxml2argvtest; introduced in commit 0df53f04.

	Most of them are of the form:

	==24777== 15 bytes in 1 blocks are definitely lost in loss record 39 of 129
	==24777==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==24777==    by 0x341F485E21: strdup (strdup.c:42)
	==24777==    by 0x4CADE5F: virStrdup (virstring.c:554)
	==24777==    by 0x4362B6: qemuBuildDriveStr (qemu_command.c:3848)
	==24777==    by 0x43EF73: qemuBuildCommandLine (qemu_command.c:8500)
	==24777==    by 0x426670: testCompareXMLToArgvHelper (qemuxml2argvtest.c:350)
	==24777==    by 0x427C01: virtTestRun (testutils.c:138)
	==24777==    by 0x41DDB5: mymain (qemuxml2argvtest.c:658)
	==24777==    by 0x4282A2: virtTestMain (testutils.c:593)
	==24777==    by 0x341F421A04: (below main) (libc-start.c:225)
	==24777==

2013-12-04  Peter Krempa  <pkrempa@redhat.com>

	maint: Kill usage of atoi()
	Kill the use of atoi() and introduce syntax check to forbid it and it's
	friends (atol, atoll, atof, atoq).

	Also fix a typo in variable name holding the cylinders count of a disk
	pool (apparently unused).

	examples/domsuspend/suspend.c will need a larger scale refactor as the
	whole example file is broken thus it will be exempted from the syntax
	check for now.

2013-12-04  Peter Krempa  <pkrempa@redhat.com>

	examples: Remove broken bad example
	The domsuspend example code is a really old and bad exmample of (how not
	to use) the libvirt API. Remove it as it's apparent that nobody tried to
	use it. It was broken and nobody complained.

2013-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite errors from virConfReadFile
	The SELinux security driver would overwrite errors from the
	virConfReadFile function.

2013-12-04  Michal Privoznik  <mprivozn@redhat.com>

	virThreadPoolFree: Join worker threads
	Even though currently we are freeing the pool of worker threads at the
	daemon very end, nothing holds us back in joining the worker threads.
	Moreover, we avoid leaks like this:

	==26697== 1,680 bytes in 5 blocks are possibly lost in loss record 913 of 942
	==26697==    at 0x4C2BDE4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==26697==    by 0x4011131: allocate_dtv (in /lib64/ld-2.16.so)
	==26697==    by 0x401176D: _dl_allocate_tls (in /lib64/ld-2.16.so)
	==26697==    by 0x8499602: pthread_create@@GLIBC_2.2.5 (in /lib64/libpthread-2.16.so)
	==26697==    by 0x52F53E9: virThreadCreate (virthreadpthread.c:188)
	==26697==    by 0x52F5D4F: virThreadPoolNew (virthreadpool.c:221)
	==26697==    by 0x53F30DB: virNetServerNew (virnetserver.c:377)
	==26697==    by 0x11C6ED: main (libvirtd.c:1366)

2013-12-04  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	qemu: fix live pinning to memory node on NUMA system
	Ever since the subcpusets(vcpu,emulator) were introduced, the parent
	cpuset cannot be modified to remove the nodes that are in use by the
	subcpusets.
	The fix is to break the memory node modification into three steps:
	 1. assign new nodes into the parent,
	 2. change the nodes in the child nodes,
	 3. remove the old nodes on the parent node.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009880

2013-12-04  John Ferlan  <jferlan@redhat.com>

	storage_driver: Resolve Coverity CHECKED_RETURN warning
	The storageRegister() didn't check the return from the
	virRegisterStorageDriver() like other callers did, so Coverity
	flagged it.  Just check the return and handle.

	bridge_driver: Resolve Coverity CHECKED_RETURN warning
	The networkRegister() didn't check the return status of the
	virRegisterNetworkDriver() call like other callers, so just
	check and handle here as well.

	virnetserverclient: Fix conditional change HAVE_SASL to WITH_SASL

	virnetserverclient: Remove Coverity DEADCODE warning
	The x509dname is only set inside a WITH_GNUTLS conditional, so
	when used/check later on for NULL, Coverity detects this is not
	possible.  Added WITH_GNUTLS around uses to remove message

2013-12-04  John Ferlan  <jferlan@redhat.com>

	nwfilter: Remove Coverity DEADCODE warning
	The nwfilterStateInitialize() would only assign sysbus inside
	a WITH_DBUS conditional, thus leaving a subsequent check for sysbus
	and nwfilterDriverInstallDBusMatches() as a no-op

	Rather than try to add WITH_DBUS conditions which ended up conflicting
	with the usage of HAVE_FIREWALLD conditionals, just remove the WITH_DBUS
	since virdbus.c has entry points for with and without conditions.

2013-12-04  Michal Privoznik  <mprivozn@redhat.com>

	src: Align make output
	The make inserts six spaces instead of four:

	  GEN      access/viraccessapichecklxc.h
	  GEN    hyperv/hyperv_wmi.generated.h
	  GEN      access/viraccessapichecklxc.c
	  GEN    hyperv/hyperv_wmi.generated.c
	  GEN    hyperv/hyperv_wmi_classes.generated.typedef
	  GEN    hyperv/hyperv_wmi_classes.generated.h
	  GEN    hyperv/hyperv_wmi_classes.generated.c
	  GEN      libvirt_access_qemu.xml
	  GEN      libvirt_access.syms
	  GEN      libvirt_access_lxc.xml
	  GEN      libvirt_access_qemu.syms
	  GEN      libvirt_access_lxc.syms
	  GEN      libvirt_qemu.def
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi.generated.h
	  GEN    esx/esx_vi.generated.c
	  GEN      libvirt_lxc.def

2013-12-03  Laine Stump  <laine@laine.org>

	qemu: report error on attempt to live change virtio-net queues
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1029732

	The BZ asked for the capability to change the number of queues used by
	a virtio-net device while the device is in use. Because the number of
	queues can only be set at the time the device is created, that isn't
	possible. However, libvirt also shouldn't be silently reporting
	success when someone tries to change the number of queues. So this
	patch flags that as an error (just as attempts to change any of the
	other virtio-specific parameters already do).

2013-12-03  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Run virStateCleanup conditionally
	https://bugzilla.redhat.com/show_bug.cgi?id=1033061

	Currently, initialization of drivers is done in a separate thread. This
	is done for several reasons: a driver that is initialized may require
	running event loop, it may take ages to initialize driver (e.g. due to
	autostarting domains). While the thread is spawn and run, the main()
	continues its execution. However, if something goes bad, or the event
	loop is just exited (e.g. due to a --timeout or SIGINT) we try to
	cleanup all the drivers. So we have two threads running Initialize() and
	Cleanup() concurrently. This may result in accessing stale pointers -
	e.g. netcf driver will free() itself in stateCleanup callback, while the
	init thread may come, open a dummy connection in order to autostart some
	domains and voilà: do_open() iterates over interface drivers and
	accesses stale netcf driver.

	The fix consists in not running stateCleanup if the init thread is still
	running.

2013-12-03  Laine Stump  <laine@laine.org>

	tests: add forgotten boot-strict test files
	These *should* have been pushed in commit
	96fddee322c7d39a57cfdc5e7be71326d597d30a.

2013-12-03  Laine Stump  <laine@laine.org>

	qemu: add "-boot strict" to commandline whenever possible
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=888635

	(which was already closed as CANTFIX because the qemu "-boot strict"
	commandline option wasn't available at the time).

	Problem: you couldn't have a domain that used PXE to boot, but also
	had an un-bootable disk device *even if that disk wasn't listed in the
	boot order*, because if PXE timed out (e.g. due to the bridge
	forwarding delay), the BIOS would move on to the next target, which
	would be the unbootable disk device (again - even though it wasn't
	given a boot order), and get stuck at a "BOOT DISK FAILURE, PRESS ANY
	KEY" message until a user intervened.

	The solution available since sometime around QEMU 1.5, is to add
	"-boot strict=on" to *every* qemu command. When this is done, if any
	devices have a boot order specified, then QEMU will *only* attempt to
	boot from those devices that have an explicit boot order, ignoring the
	rest.

2013-12-03  Laine Stump  <laine@laine.org>

	qemu: default to vfio for nodedev-detach
	This patch resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1035188

	Commit f094aaac48a6 changed the PCI device assignment in qemu domains
	to default to using VFIO rather than legacy KVM device assignment
	(when VFIO is available). It didn't change which driver was used by
	default for virNodeDeviceDetachFlags(), though, so that API (and the
	virsh nodedev-detach command) was still binding to the pci-stub
	driver, used by legacy KVM assignment, by default.

	This patch publicizes (only within the qemu module, though, so no
	additions to the symbol exports are needed) the functions that check
	for presence of KVM and VFIO device assignment, then uses those
	functions to decide what to do when no driver is specified for
	virNodeDeviceDetachFlags(); if the vfio driver is loaded, the device
	will be bound to vfio-pci, or if legacy KVM assignment is supported on
	this system, the device will be bound to pci-stub; if neither method
	is available, the detach will fail.

2013-12-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshots: Declare supported and unsupported snapshot configs
	Currently the snapshot code did not check if it actually supports
	snapshots on various disk backends for domains. To avoid future problems
	add checkers that whitelist the supported configurations.

	qemu: Clear old translated pool source
	Clear the old data to avoid leaking it when attempting to re-translate a
	pool on the same domain object.

	qemu: Refactor disk source string formatting
	This patch adds function qemuGetDriveSourceString to produce
	qemu-compatible disk source strings that will enable to reuse the code
	and refactors building of the qemu commandline of disks to use this new
	helper.

	qemu: Unify formatting of RBD sources

	qemu: Split out NBD command generation

	qemu: Migrate sheepdog source generation into common function

	qemu: Use qemuBuildNetworkDriveURI to handle http/ftp and friends
	Prepare the function to integrate other protocols and start folding
	other network protocols into a common place.

	qemu: Simplify call pattern of qemuBuildDriveURIString
	Automatically assign secret type from the disk source definition and
	pull in adding of the comma. Then update callers to keep generated
	output the same.

	qemu: Split out formatting of network disk source URI
	The snapshot code will need to use qemu-style formatted URIs of network
	disks. Split out the code to avoid duplication.

2013-12-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuTranslateDiskSourcePool
	Before this patch, the translation function still needs a second ugly
	helper function to actually format the command line for qemu. But if we
	do the right stuff in the translation function, we don't have to bother
	with the second function any more.

	This patch removes the messy qemuBuildVolumeString function and changes
	qemuTranslateDiskSourcePool to set stuff up correctly so that the
	regular code paths meant for volumes can be used to format the command
	line correctly.

	For this purpose a new helper "qemuDiskGetActualType()" is introduced to
	return the type of the volume in a pool.

	As a part of the refactor the qemuTranslateDiskSourcePool function is
	fixed to do decisions based on the pool type instead of the volume type.
	This allows to separate pool-type-specific stuff more clearly and will
	ease addition of other pool types that will require certain other
	operations to get the correct pool source.

	The previously fixed tests should make sure that we don't break stuff
	that was working before.

2013-12-03  Osier Yang  <jyang@redhat.com>

	Doc: Explicitly declaring that nodedev-destroy only works for vHBA
	Though trying to destroy a physical HBA doesn't make sense at all,
	it's still a bit misleading with saying "only works for HBA".

2013-12-02  Eric Blake  <eblake@redhat.com>

	virsh: improve grammar in error message
	Based on a suggestion from Mauricio Tavares.

	* tools/virsh-domain.c (cmdDetachInterface, vshFindDisk): Improve
	wording.

2013-12-02  Eric Blake  <eblake@redhat.com>

	docs: fix some typos
	* docs/auditlog.html.in: Spelling fixes.

2013-12-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo in previous patch
	Avoid a nested comment compilation error, caused by me editing
	Chen's patch.

	* include/libvirt/libvirt.h.in: Fix typo.

2013-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Ensure to zero out the virDomainBlockJobInfo arg
	The virDomainGetBlockJobInfo method did not zero out the
	virDomainBlockJobInfo pointer arg, so when block jobs were
	not active it would return garbage for the bandwidth/cur/end
	fields.

2013-12-02  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/causes/cause/

	Each event callback has a single detail parameter, and can
	thus only report a single cause.  Also, make all the sub-event
	documentation use similar wording.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Add functions similar to disk source pool translation
	To avoid future pain, add placeholder functions to get the actual
	snapshot disk type.

	qemu: snapshot: Touch up error message

	conf: Add helper do clear disk source authentication struct
	Add virDomainDiskAuthClear to help cleaning out the struct in other
	places too.

	qemu: snapshot: Detect internal snapshots also for sheepdog and RBD
	When doing an internal snapshot on a VM with sheepdog or RBD disks we
	would not set a flag to mark the domain is using internal snapshots and
	might end up creating a mixed snapshot. Move the setting of the variable
	to avoid this problem.

	conf: Add functions to copy and free network disk source definitions
	To simplify operations on virDomainDiskHostDef arrays we will need deep
	copy and freeing functions. Add and properly export them.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	snapshot: conf: Fix NULL dereference when <driver> element is empty
	Consider the following valid snapshot XML as the <driver> element is
	allowed to be empty in the domainsnapshot.rng schema:

	$ cat snap.xml
	<domainsnapshot>
	  <disks>
	    <disk name='vda' snapshot='external'>
	      <source file='/tmp/foo'/>
	      <driver/>
	    </disk>
	  </disks>
	</domainsnapshot>

	produces the following error:

	$ virsh snapshot-create domain snap.xml
	error: internal error: unknown disk snapshot driver '(null)'

	The driver type is parsed as NULL from the XML as the attribute is not
	present and then directly used to produce the error message.

	With this patch the attempt to parse the driver type is skipped if not
	present to avoid changing the schema to forbid the empty driver element.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	snapshot: conf: Use common parsing and formatting functions for source
	Disk source elements for snapshots were using separate code from our
	config parser. As snapshots can be stored on more than just regular
	files, we will need the universal parser to allow us to expose a variety
	of snapshot disk targets. This patch reuses the config parsers and
	formatters to do the job.

	This initial support only changes the code without any visible XML
	change.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	conf: Export disk source formatter and parser
	This code will be reused in the snapshot disk definition parser.

	conf: Split out seclabel formating code for disk source
	The code is common for all the various disk types. Split it out to a
	common function.

	conf: Clean up virDomainDiskSourceDefFormatInternal
	Avoid if statements when used with virBufferEscapeString which
	automaticaly omits the whole string. Also add some line breaks to
	visualy separate the code.

	conf: Support disk source formatting without needing a virDomainDiskDefPtr
	The <source> element formatting function was expecting a
	virDomainDiskDefPtr to store the data. As snapshots are not using this
	data structure to hold the data, we need to add an internal function
	which splits out individual fields separately.

	tests: Fix comment for fake storage pool driver
	Commit bae124e40ff2b9d4de75d44510619db2c08d548a was accidentaly pushed
	without review feedback worked in. Fix it up.

	qemuxml2argv: Add test for disk type='volume' with iSCSI pools
	Tweak the existing file so that it can be tested for command line
	corectness.

	qemuxml2argv: Add test to verify correct usage of disk type="volume"
	Tweak the existing file to test command line generator too.

2013-12-02  Peter Krempa  <pkrempa@redhat.com>

	test: Implement fake storage pool driver in qemuxml2argv test
	To support testing of "volume" disk backing, we need to implement a few
	disk driver backend functions.

	The fake storage driver uses files in storagepoolxml2xmlout/POOLNAME.xml
	as XML files for pool definitions and volume names are in format
	"VOL_TYPE+VOL_PATH". By default type "block" is assumed (for iSCSI test
	compatibility).

	The choice of this approach along with implemented functions was made so
	that <disk type='volume'> can be tested in the xml2argv test.

2013-12-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.2.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update and merge localizations from transifex

2013-12-02  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: handle errors of virDomainHostdevDefAlloc correctly
	The original code ignored errors of virDomainHostdevDefAlloc,
	however, we should properly do error return from the function
	if it occurs.

	The fix pulls out virDomainHostdevDefAlloc from the loop and
	executes it all together before the loop. So we can easily
	return on errors without the notion of other memory allocations
	in the loop.

	The deallocation code is separated from the allocation code
	because it will be used by a further patch for fixing other error
	handlings.

	Reported-by: Laine Stump <laine@laine.org>

2013-12-02  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc
	The fixed loop used logical OR to combine two conditions, however,
	it is apparently incorrect and logical AND is correct.

	We can fix it by replacing OR with AND, but this patch instead
	fixes the problem by getting rid of the first conditional
	statement: USBFilterCount < def->nhostdevs. It isn't needed
	because USBFilterCount will never be greater than or equal to
	def->nhostdevs.

	def->nhostdevs is calculated in the following code
	above the loop in question like this:

	    for (i = 0; i < deviceFilters.count; i++) {
	        PRBool active = PR_FALSE;
	        IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];

	        deviceFilter->vtbl->GetActive(deviceFilter, &active);
	        if (active) {
	            def->nhostdevs++;
	        }
	    }

	And the loop is constructed as like this:

	    for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
	        PRBool active                  = PR_FALSE;
	(snip)
	        deviceFilter->vtbl->GetActive(deviceFilter, &active);
	        if (!active)
	            continue;
	(snip)
	        USBFilterCount++;
	    }

	So def->nhostdevs is the number of active device filters and
	USBFilterCount is counted up only when a device filter is active.
	Thus, we can remove USBFilterCount < def->nhostdevs safely.

	Reported-by: Laine Stump <laine@laine.org>

2013-12-02  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/caused/causes

2013-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Link libvirt-sandbox from apps page
	Add a link to the http://sandbox.libvirt.org sub-site from the
	list of libraries related to libvirt. Also fix formatting for
	the ruby libvirt binding.

	Add docs about audit subsystem logging
	Adds a new page to the website "Deployment" section describing
	what data is sent to the audit logs and how to configure libvirtd
	audit settings.

2013-12-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virNWFilterDefParseXML()
	While running nwfilterxml2xmltest, it was found that valgrind pointed out the
	following error...

	==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
	==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	    ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
	    ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
	    ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
	    ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
	    ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
	    ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
	    ==7466==    by 0x403482: virtTestMain (testutils.c:593)
	    ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)

	...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
	EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
	when the variable 'entry' was malloc'ed, but not freed.

2013-12-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix memory leak in virDomainDefParseXML()
	This patch fixes the memory leaks found while running qemuxml2argvtest

	==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
	129
	==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==8260==    by 0x341F485E21: strdup (strdup.c:42)
	==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
	==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
	==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
	==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
	==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
	==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
	==8260==    by 0x427111: virtTestRun (testutils.c:138)
	==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
	==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
	==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
	==8260==
	==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
	129
	==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==8260==    by 0x341F485E21: strdup (strdup.c:42)
	==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
	==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
	==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
	==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
	==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
	==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
	==8260==    by 0x427111: virtTestRun (testutils.c:138)
	==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
	==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
	==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
	==8260==

2013-12-02  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	virsh: fix doc typos
	Fix 6 minor spelling errors in virsh doc

	Fix typos in various docs
	Fix 8 minor spelling errors in docs/*.html.in

2013-11-29  Daniel P. Berrange  <berrange@redhat.com>

	LXC: Ensure security context is set when mounting images
	When setting up filesystems backed by block devices or file
	images, the SELinux mount options must be used to ensure the
	correct context is set

2013-11-28  Laine Stump  <laine@laine.org>

	network: properly update iptables rules during net-update
	This patch resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1035336

	The basic problem is that during a network update, the required
	iptables rules sometimes change, and this was being handled by simply
	removing and re-adding the rules. However, the removal of the old
	rules was done based on the *new* state of the network, which would
	mean that some of the rules would not match those currently in the
	system, so the old rules wouldn't be removed.

	This patch removes the old rules prior to updating the network
	definition then adds the new rules as soon as the definition is
	updated. Note that this could lead to a stray packet or two during the
	interim, but that was already a problem before (the period of limbo is
	now just slightly longer).

	While moving the location for the rules, I added a few more sections
	that should result in the iptables rules being redone:

	DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
	host entry could lead to the dhcp service being started/stopped, which
	would require that the mangle rule that fixes up dhcp response
	checksums sould need to be added/removed, and this wasn't being done.

2013-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix bug in identifying sub-mounts
	The code for extracting sub-mounts would just do a STRPREFIX
	check on the mount. This was flawed because if there were
	the following mounts

	 /etc/aliases
	 /etc/aliases.db

	and '/etc/aliases' was asked for, it would return both even
	though the latter isn't a sub-mount.

2013-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Pull lxcContainerGetSubtree out into shared virfile module
	Move the code for lxcContainerGetSubtree into the virfile
	module creating 2 new functions

	  int virFileGetMountSubtree(const char *mtabpath,
	                             const char *prefix,
	                             char ***mountsret,
	                             size_t *nmountsret);
	  int virFileGetMountReverseSubtree(const char *mtabpath,
	                                    const char *prefix,
	                                    char ***mountsret,
	                                    size_t *nmountsret);

	Add a new virfiletest.c test case to validate the new code.

2013-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Introduce standard methods for sorting strings with qsort
	Add virStringSortCompare and virStringSortRevCompare as
	standard functions to use with qsort.

2013-11-27  Eric Blake  <eblake@redhat.com>

	tests: fix virpcitest with read-only srcdir
	'make distcheck' has been broken since commit 21685c9; basically,
	it emulates the case of a read-only $(srcdir) (such as building
	from a tarball exploded onto a CD-ROM), but we were creating our
	fake pci device as a symlink into $(srcdir) and failing when that
	requires opening the config file for writing:

	 3) testVirPCIDeviceReset                                             ... libvirt:  error : Failed to open config space file '/sys/bus/pci/devices/0000:00:01.0/config': Permission denied

	Fix it by copying rather than symlinking.

	* tests/virpcimock.c (make_file): Add parameter to allow binary
	creation; adjust all callers.
	(pci_device_new_from_stub): Copy rather than symlink.

2013-11-27  Eric Blake  <eblake@redhat.com>

	tests: guarantee abs_srcdir in all C tests
	While trying to debug a failure of virpcitest during 'make distcheck',
	I noticed that with a VPATH build, 'cd tests; ./virpcitest' fails for
	an entirely different reason.  To reproduce the distcheck failure, I
	had to run 'cd tests; abs_srcdir=/path/to/src ./virpcitest'.  But we
	document in HACKING that all of our tests are supposed to be runnable
	without requiring extra environment variables.

	The solution: hardcode the location of srcdir into the just-built
	binaries, rather than requiring make to prepopulate environment
	variables.  With this, './virpcitest' passes even in a VPATH build
	(provided that $(srcdir) is writable; a followup patch will fix the
	conditions required by 'make distcheck').  [Note: the makefile must
	still pass on directory variables to the test environment of shell
	scripts, since those aren't compiled.  So while this solves the case
	of a compiled test, it still requires environment variables to pass
	a VPATH build of any shell script test case that relies on srcdir.]

	* tests/Makefile.am (AM_CFLAGS): Define abs_srcdir in all compiled
	tests.
	* tests/testutils.h (abs_srcdir): Quit declaring.
	* tests/testutils.c (virtTestMain): Rely on define rather than
	environment variable.
	* tests/virpcimock.c (pci_device_new_from_stub): Rely on define.
	* tests/cputest.c (mymain): Adjust abs_top_srcdir default.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxmlnstest.c (mymain): Likewise.

2013-11-27  Peter Krempa  <pkrempa@redhat.com>

	conf: Export virStorageVolType enum helper functions
	Export string conversion from and to the virStorageVolType enum.

2013-11-27  Eric Blake  <eblake@redhat.com>

	storage: skip selinux cleanup when fd not available
	When attempting to backport gluster pools to an older versoin
	where there is no VIR_STRDUP, I got a crash from calling
	strdup(,NULL). Rather than relying on the current else branch
	safely doing nothing when there is no fd, it is easier to just
	skip it. While at it, there's no need to explicitly set
	perms.label to NULL after a VIR_FREE().

	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Minor optimization.

2013-11-27  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	qemu: preserve netdev MAC address during 'domxml-to-native'
	The virsh command 'domxml-to-native' (virConnectDomainXMLToNative())
	converts all network devices to "type='ethernet'" in order to make it
	more likely that the generated command could be run directly from a
	shell (other libvirt network device types end up referencing file
	descriptors for tap devices assumed to have been created by libvirt,
	which can't be done in this case).

	During this conversion, all of the netdev parameters are cleared out,
	then specific items are filled in after changing the type. The MAC
	address was not one of these preserved items, and the result was that
	mac addresses in the generated commandlines were always
	00:00:00:00:00:00.

	This patch saves the mac address before the conversion, then
	repopulates it afterwards, so the proper mac addresses show up in the
	commandline.

2013-11-27  Jim Fehlig  <jfehlig@suse.com>

	look for numad in /usr/sbin
	When looking for numad with AC_PATH_PROG, include /usr/sbin in
	the search path.

2013-11-26  Eric Blake  <eblake@redhat.com>

	storage: don't read storage volumes in nonblock mode
	Commit 348b4e2 introduced a potential problem (thankfully not
	in any release): we are attempting to use virFileReadHeaderFD()
	on a file that was opened with O_NONBLOCK.  While this
	shouldn't be a problem in practice (because O_NONBLOCK
	typically doesn't affect regular or block files, and fifos and
	sockets cannot be storage volumes), it's better to play it safe
	to avoid races from opening an unexpected file type while also
	avoiding problems with having to handle EAGAIN while read()ing.

	Based on a report by Dan Berrange.

	* src/storage/storage_backend.c
	(virStorageBackendVolOpenCheckMode): Fix up fd after avoiding race.

2013-11-26  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: add securetty related note in Device nodes
	Tell user how to resolve the problem that fail to log in
	the container.

2013-11-26  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't unmount mounts for shared root
	Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
	vfs: Lock in place mounts from more privileged users,

	unprivileged user has no rights to umount the mounts that
	inherited from parent mountns.

	right now, I have no good idea to fix this problem, we need
	to do more research. this patch just skip unmounting these
	mounts for shared root.

	BTW, I think when libvirt lxc enables user namespace, the
	configuation that shares root with host is very rara.

2013-11-26  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix the problem that libvirt lxc fail to start on latest kernel
	After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
	vfs: Lock in place mounts from more privileged users,

	unprivileged user has no rights to move the mounts that
	inherited from parent mountns. we use this feature to move
	the /stateDir/domain-name.{dev, devpts} to the /dev/ and
	/dev/pts directroy of container. this commit breaks libvirt lxc.

	this patch changes the behavior to bind these mounts when
	user namespace is enabled and move these mounts when user
	namespace is disabled.

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	sasl: Replace 'restep' label with 'continue'
	Since the label is at the beginning of the loop, this has the same effect.

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	sasl: Fix authentication when using PLAIN mechanism
	With some authentication mechanism (PLAIN for example), sasl_client_start()
	can return SASL_OK, which translates to virNetSASLSessionClientStart()
	returning VIR_NET_SASL_COMPLETE.
	cyrus-sasl documentation is a bit vague as to what to do in such situation,
	but upstream clarified this a bit in
	http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=10104

	When we got VIR_NET_SASL_COMPLETE after virNetSASLSessionClientStart() and
	if the remote also tells us that authentication is complete, then we should
	end the authentication procedure rather than forcing a call to
	virNetSASLSessionClientStep(). Without this patch, when trying to use SASL
	PLAIN, I get:
	error :authentication failed : Failed to step SASL negotiation: -1
	(SASL(-1): generic failure: Unable to find a callback: 32775)

	This patch is based on a spice-gtk patch by Dietmar Maurer.

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	Fix invalid read in virNetSASLSessionClientStep debug log
	virNetSASLSessionClientStep logs the data that is going to be passed to
	sasl_client_step as input data. However, it tries to log it as a string,
	while there is no guarantee that this data is going to be nul-terminated.
	This leads to this valgrind log:

	==20938== Invalid read of size 1
	==20938==    at 0x8BDB08F: vfprintf (vfprintf.c:1635)
	==20938==    by 0x8C06DF2: vasprintf (vasprintf.c:62)
	==20938==    by 0x4CCEDF9: virVasprintfInternal (virstring.c:337)
	==20938==    by 0x4CA9516: virLogVMessage (virlog.c:842)
	==20938==    by 0x4CA939A: virLogMessage (virlog.c:778)
	==20938==    by 0x4E21E0D: virNetSASLSessionClientStep (virnetsaslcontext.c:458)
	==20938==    by 0x4DE47B8: remoteAuthSASL (remote_driver.c:4136)
	==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
	==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
	==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
	==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==20938==    by 0x12762B: vshReconnect (virsh.c:337)
	==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
	==20938==    by 0x12E9A5: main (virsh.c:3338)
	==20938==  Address 0xe329ccd is 0 bytes after a block of size 141 alloc'd
	==20938==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==20938==    by 0x8CB91B4: xdr_array (xdr_array.c:94)
	==20938==    by 0x4E039C2: xdr_remote_auth_sasl_start_ret (remote_protocol.c:3134)
	==20938==    by 0x4E1F8AA: virNetMessageDecodePayload (virnetmessage.c:405)
	==20938==    by 0x4E119F5: virNetClientProgramCall (virnetclientprogram.c:377)
	==20938==    by 0x4DF8141: callFull (remote_driver.c:5794)
	==20938==    by 0x4DF821A: call (remote_driver.c:5816)
	==20938==    by 0x4DE46CF: remoteAuthSASL (remote_driver.c:4112)
	==20938==    by 0x4DE33AE: remoteAuthenticate (remote_driver.c:3635)
	==20938==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==20938==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1027)
	==20938==    by 0x4D8595F: do_open (libvirt.c:1239)
	==20938==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==20938==    by 0x12762B: vshReconnect (virsh.c:337)
	==20938==    by 0x12C9B0: vshInit (virsh.c:2470)
	==20938==    by 0x12E9A5: main (virsh.c:3338)

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	Tie SASL callbacks lifecycle to virNetSessionSASLContext
	The array of sasl_callback_t callbacks which is passed to sasl_client_new()
	must be kept alive as long as the created sasl_conn_t object is alive as
	cyrus-sasl uses this structure internally for things like logging, so
	the memory used for callbacks must only be freed after sasl_dispose() has
	been called.

	During testing of successful SASL logins with
	virsh -c qemu+tls:///system list --all
	I've been getting invalid read reports from valgrind

	==9237== Invalid read of size 8
	==9237==    at 0x6E93B6F: _sasl_getcallback (common.c:1745)
	==9237==    by 0x6E95430: _sasl_log (common.c:1850)
	==9237==    by 0x16593D87: digestmd5_client_mech_dispose (digestmd5.c:4580)
	==9237==    by 0x6E91653: client_dispose (client.c:332)
	==9237==    by 0x6E9476A: sasl_dispose (common.c:851)
	==9237==    by 0x4E225A1: virNetSASLSessionDispose (virnetsaslcontext.c:678)
	==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
	==9237==    by 0x4E254D1: virNetSocketDispose (virnetsocket.c:1042)
	==9237==    by 0x4CBC551: virObjectUnref (virobject.c:262)
	==9237==    by 0x4E2701C: virNetSocketEventFree (virnetsocket.c:1794)
	==9237==    by 0x4C965D3: virEventPollCleanupHandles (vireventpoll.c:583)
	==9237==    by 0x4C96987: virEventPollRunOnce (vireventpoll.c:652)
	==9237==    by 0x4C94730: virEventRunDefaultImpl (virevent.c:274)
	==9237==    by 0x12C7BA: vshEventLoop (virsh.c:2407)
	==9237==    by 0x4CD3D04: virThreadHelper (virthreadpthread.c:161)
	==9237==    by 0x7DAEF32: start_thread (pthread_create.c:309)
	==9237==    by 0x8C86EAC: clone (clone.S:111)
	==9237==  Address 0xe2d61b0 is 0 bytes inside a block of size 168 free'd
	==9237==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==9237==    by 0x4C73827: virFree (viralloc.c:580)
	==9237==    by 0x4DE4BC7: remoteAuthSASL (remote_driver.c:4219)
	==9237==    by 0x4DE33D0: remoteAuthenticate (remote_driver.c:3639)
	==9237==    by 0x4DDBFAA: doRemoteOpen (remote_driver.c:832)
	==9237==    by 0x4DDC8DC: remoteConnectOpen (remote_driver.c:1031)
	==9237==    by 0x4D8595F: do_open (libvirt.c:1239)
	==9237==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==9237==    by 0x12762B: vshReconnect (virsh.c:337)
	==9237==    by 0x12C9B0: vshInit (virsh.c:2470)
	==9237==    by 0x12E9A5: main (virsh.c:3338)

	This commit changes virNetSASLSessionNewClient() to take ownership of the SASL
	callbacks. Then we can free them in virNetSASLSessionDispose() after the corresponding
	sasl_conn_t has been freed.

2013-11-26  Christophe Fergeau  <cfergeau@redhat.com>

	remote: Don't leak priv->tls object on connection failure
	When testing SASL authentication over TLS with
	virsh -c qemu+tls:///system list --all
	I got this valgrind trace after entering wrong credentials:

	==30540== 26,903 (88 direct, 26,815 indirect) bytes in 1 blocks are definitely lost in loss record 289 of 293
	==30540==    at 0x4A081D4: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==30540==    by 0x4C7379A: virAllocVar (viralloc.c:558)
	==30540==    by 0x4CBC178: virObjectNew (virobject.c:190)
	==30540==    by 0x4CBC329: virObjectLockableNew (virobject.c:216)
	==30540==    by 0x4E2D003: virNetTLSContextNew (virnettlscontext.c:719)
	==30540==    by 0x4E2DC3F: virNetTLSContextNewPath (virnettlscontext.c:930)
	==30540==    by 0x4E2DD5B: virNetTLSContextNewClientPath (virnettlscontext.c:957)
	==30540==    by 0x4DDB618: doRemoteOpen (remote_driver.c:627)
	==30540==    by 0x4DDC8BA: remoteConnectOpen (remote_driver.c:1031)
	==30540==    by 0x4D8595F: do_open (libvirt.c:1239)
	==30540==    by 0x4D863F3: virConnectOpenAuth (libvirt.c:1481)
	==30540==    by 0x12762B: vshReconnect (virsh.c:337)
	==30540==    by 0x12C9B0: vshInit (virsh.c:2470)
	==30540==    by 0x12E9A5: main (virsh.c:3338)

2013-11-26  Yuri Chornoivan  <yurchor@ukr.net>

	Fix three minor typos

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: fix typo in previous patch
	You'd think I'd learn to actually COMMIT my working tree
	between testing that a last-minute fix compiles and pushing.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Typo fix.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: probe qcow2 volumes in gluster pool
	Putting together pieces from previous patches, it is now possible
	for 'virsh vol-dumpxml --pool gluster volname' to report metadata
	about a qcow2 file stored on gluster.  The backing file is still
	treated as raw; to fix that, more patches are needed to make the
	storage backing chain analysis recursive rather than halting at
	a network protocol name, but that work will not need any further
	calls into libgfapi so much as just reusing this code, and that
	should be the only code outside of the storage driver that needs
	any help from libgfapi.  Any additional use of libgfapi within
	libvirt should only be needed for implementing storage pool APIs
	such as volume creation or resizing, where backing chain analysis
	should be unaffected.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterReadHeader): New helper function.
	(virStorageBackendGlusterRefreshVol): Probe non-raw files.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: improve handling of symlinks in gluster
	With this patch, dangling and looping symlinks are silently
	ignored, while links to files and directories are treated the
	same as the underlying file or directory.  This is the same
	behavior as both 'directory' and 'netfs' pools.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Treat symlinks similar to
	directory and netfs pools.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: improve allocation stats reported on gluster files
	We already had code for handling allocation different than
	capacity for sparse files; we just had to wire it up to be
	used when inspecting gluster images.

	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Handle no fd.
	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Handle sparse files.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: improve directory support in gluster pool
	Take advantage of the previous patch's addition of 'netdir' as
	a distinct volume type, to expose rather than silently skip
	directories embedded in a gluster pool.  Also serves as an XML
	validation for the previous patch.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshVol): Don't skip directories.
	* tests/storagevolxml2xmltest.c (mymain): Add test.
	* tests/storagevolxml2xmlin/vol-gluster-dir.xml: New file.
	* tests/storagevolxml2xmlout/vol-gluster-dir.xml: Likewise.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: add network-dir as new storage volume type
	In the 'directory' and 'netfs' storage pools, a user can see
	both 'file' and 'dir' storage volume types, to know when they
	can descend into a subdirectory.  But in a network-based storage
	pool, such as the upcoming 'gluster' pool, we use 'network'
	instead of 'file', and did not have any counterpart for a
	directory until this patch.  Adding a new volume type
	'network-dir' is better than reusing 'dir', because it makes
	it clear that the only way to access 'network' volumes within
	that container is through the network mounting (leaving 'dir'
	for something accessible in the local file system).

	* include/libvirt/libvirt.h.in (virStorageVolType): Expand enum.
	* docs/formatstorage.html.in: Document it.
	* docs/schemasa/storagevol.rng (vol): Allow new value.
	* src/conf/storage_conf.c (virStorageVol): Use new value.
	* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix client.
	* src/qemu/qemu_conf.c (qemuTranslateDiskSourcePool): Likewise.
	* tools/virsh-volume.c (vshVolumeTypeToString): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemVolDelete): Likewise.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: implement rudimentary glusterfs pool refresh
	Actually put gfapi to use, by allowing the creation of a gluster
	pool.  Right now, all volumes are treated as raw and directories
	are skipped; further patches will allow peering into files to
	allow for qcow2 files and backing chains, and reporting proper
	volume allocation.  This implementation was tested against Fedora
	19's glusterfs 3.4.1; it might be made simpler by requiring a
	higher minimum, and/or require more hacks to work with a lower
	minimum.

	* src/storage/storage_backend_gluster.c
	(virStorageBackendGlusterRefreshPool): Initial implementation.
	(virStorageBackendGlusterOpen, virStorageBackendGlusterClose)
	(virStorageBackendGlusterRefreshVol): New helper functions.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: document gluster pool
	Add support for a new <pool type='gluster'>, similar to
	RBD and Sheepdog.  Terminology wise, a gluster volume
	forms a libvirt storage pool, within the gluster volume,
	individual files are treated as libvirt storage volumes.

	* docs/schemas/storagepool.rng (poolgluster): New pool type.
	* docs/formatstorage.html.in: Document gluster.
	* docs/storage.html.in: Likewise, and contrast it with netfs.
	* tests/storagepoolxml2xmlin/pool-gluster.xml: New test.
	* tests/storagepoolxml2xmlout/pool-gluster.xml: Likewise.
	* tests/storagepoolxml2xmltest.c (mymain): Likewise.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: initial support for linking with libgfapi
	We support gluster volumes in domain XML, so we also ought to
	support them as a storage pool.  Besides, a future patch will
	want to take advantage of libgfapi to handle the case of a
	gluster device holding qcow2 rather than raw storage, and for
	that to work, we need a storage backend that can read gluster
	storage volume contents.  This sets up the framework.

	Note that the new pool is named 'gluster' to match a
	<disk type='network'><source protocol='gluster'> image source
	already supported in a <domain>; it does NOT match the
	<pool type='netfs'><source><target type='glusterfs'>,
	since that uses a FUSE mount to a local file name rather than
	a network name.

	This and subsequent patches have been tested against glusterfs
	3.4.1 (available on Fedora 19); there are likely bugs in older
	versions that may prevent decent use of gfapi, so this patch
	enforces the minimum version tested.  A future patch may lower
	the minimum.  On the other hand, I hit at least two bugs in
	3.4.1 that will be fixed in 3.5/3.4.2, where it might be worth
	raising the minimum: glfs_readdir is nicer to use than
	glfs_readdir_r [1], and glfs_fini should only return failure on
	an actual failure [2].

	[1] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00085.html
	[2] http://lists.gnu.org/archive/html/gluster-devel/2013-10/msg00086.html

	* configure.ac (WITH_STORAGE_GLUSTER): New conditional.
	* m4/virt-gluster.m4: new file.
	* libvirt.spec.in (BuildRequires): Support gluster in spec file.
	* src/conf/storage_conf.h (VIR_STORAGE_POOL_GLUSTER): New pool
	type.
	* src/conf/storage_conf.c (poolTypeInfo): Treat similar to
	sheepdog and rbd.
	(virStoragePoolDefFormat): Don't output target for gluster.
	* src/storage/storage_backend_gluster.h: New file.
	* src/storage/storage_backend_gluster.c: Likewise.
	* po/POTFILES.in: Add new file.
	* src/storage/storage_backend.c (backends): Register new type.
	* src/Makefile.am (STORAGE_DRIVER_GLUSTER_SOURCES): Build new files.
	* src/storage/storage_backend.h (_virStorageBackend): Documet
	assumption.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: expose volume meta-type in XML
	I got annoyed at having to use both 'virsh vol-list $pool --details'
	AND 'virsh vol-dumpxml $vol $pool' to learn if I had populated
	the volume correctly.  Since two-thirds of the data present in
	virStorageVolGetInfo() already appears in virStorageVolGetXMLDesc(),
	this just adds the remaining piece of information, as:

	<volume type='...'>
	  ...
	</volume>

	* docs/formatstorage.html.in: Document new <volume type=...>.
	* docs/schemas/storagevol.rng (vol): Add it to RelaxNG.
	* src/conf/storage_conf.h (virStorageVolTypeToString): Declare.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Output
	the metatype.
	(virStorageVolDefParseXML): Parse it, for unit tests.
	* tests/storagevolxml2xmlout/vol-*.xml: Update tests to match.

2013-11-25  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete 'tests' makefile target
	The 'docs/examples' code was long ago removed and now the
	python code was gone too, the custom 'tests' makefile target
	serves no purpose

2013-11-25  Daniel P. Berrange  <berrange@redhat.com>

	Remove python binding
	The python binding now lives in

	  http://libvirt.org/git/?p=libvirt-python.git

	that repo also provides an RPM which is upgrade compatible
	with the old libvirt-python sub-RPM.

2013-11-25  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't save/restore running VMs on libvirt-client update
	The previous attempt (commit d65e0e1) removed just one of two
	libvirt-guests restarts that happened on libvirt-client update. Let's
	remove the last one too :-)

	https://bugzilla.redhat.com/show_bug.cgi?id=962225

2013-11-25  Shivaprasad G Bhat  <shivaprasadbhat@gmail.com>

	virsh domxml-from-native to treat SCSI as the bus type for pseries by default
	The bus type IDE being enum Zero, the bus type on pseries system appears as IDE for all the -hda/-cdrom and for disk drives with if="none" type. Pseries platform needs this to appear as SCSI instead of IDE. The ide being not supported, the explicit requests for ide devices will return an error.

2013-11-25  Eric Blake  <eblake@redhat.com>

	storage: allow interleave in volume XML
	The RNG grammar did not allow arbitrary interleaving, which makes
	it harder than necessary to create a new volume from handwritten XML.
	(Compare also to commit caf516db for pools).

	* docs/schemas/storagevol.rng: Support interleaving.
	* tests/storagevolxml2xmlin/vol-file-backing.xml: Test it.

2013-11-25  Eric Blake  <eblake@redhat.com>

	maint: next release is 1.2.0
	I didn't find any other instances with:
	git grep '1\.1\.5'

	* src/test/test_driver.c (testDriver): Tweak version info.

2013-11-25  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: add support for 4.3 APIs
	Makefile.am, vbox_V4_3.c and vbox_driver.c do regular
	modifitions to support a new version of APIs.

	vbox_tmpl.c basically fixes incompatibilities since 4.2.

	The affected incompatibilities of 4.3 are:
	* IMachine::Delete() has been renamed to IMachine::deleteConfig()
	* IMedium::CreateBaseStorage() now accepts multiple variant values
	* IDisplay::GetScreenResolution() now returns the display position
	  in the guest
	* IMachine now has multiple IUSBControllers and IUSBDeviceFilters
	  handles USB device filters instead of (obsolete) IUSBController

	This patch is tested on Mac OS X 10.8.5 and Fedora 19.

2013-11-25  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: import vbox_CAPI_v4_3.h from SDK
	vbox_CAPI_v4_3.h is almost same as
	sdk/bindings/xpcom/include/VBoxCAPI_v4_3.h of
	http://download.virtualbox.org/virtualbox/4.3.2/VirtualBoxSDK-4.3.2-90405.zip,
	but modified to fix preprocessor indentations by using cppi.

	vbox: pull vboxHostDeviceGetXMLDesc out from vboxDomainGetXMLDesc
	The USB-related code in vboxDomainGetXMLDesc is deeply nested and
	difficult to add new code. So flatten it. To do so, the code is
	pulled out from vboxDomainGetXMLDesc to make the function short
	and to leaverage early return and goto for error handling.

	vbox: cleanup vboxAttachUSB
	This cleanup flattens deeply nested code.

2013-11-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: don't do duplicate work when getting pagesize
	Don't do duplicate work when getting pagesize.

2013-11-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among others, this fixes getgroups for MacOS and fpending for
	DragonFly BSD.

	* .gnulib: Update to latest.

2013-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Mostly revert "python: remove virConnectGetCPUModelNames from globals"
	This reverts commit 6b90d7428d72e92db292a9228c44701bfd5003c9.

	The original problem was that libvirt_virConnectGetCPUModelNames
	was listed twice in the exports table, once automatically from
	the generator and once from the manual override. We merely needed
	to list it in the skip_impl list, and not delete the manually
	written code entirely.

2013-11-22  Ján Tomko  <jtomko@redhat.com>

	Don't start a nested job in qemuMigrationPrepareAny
	This nested job is canceled by the first ExitMonitor call (even though
	it was not created by the corresponding EnterMonitor call), and
	again in qemuMigrationPrepareAny if qemuProcessStart failed.
	This can lead to a crash if the vm object was disposed of before calling
	qemuDomainRemoveInactive:
	0  ..62bc in virClassIsDerivedFrom (klass=0xdeadbeef,
	   parent=0x7ffce4cdd270) at util/virobject.c:166
	1 ..6666 in virObjectIsClass at util/virobject.c:362
	2 ..66b4 in virObjectLock at util/virobject.c:314
	3 ..477e in virDomainObjListRemove at conf/domain_conf.c:2359
	4 ..7a64 in qemuDomainRemoveInactive at qemu/qemu_domain.c:2087
	5 ..956c in qemuMigrationPrepareAny at qemu/qemu_migration.c:2469

	This was added by commit e4e2822, exposed by 5a4c237 and c7ac251.

	https://bugzilla.redhat.com/show_bug.cgi?id=1018267

2013-11-22  Cole Robinson  <crobinso@redhat.com>

	spec: Don't save/restore running VMs on libvirt-client update
	Restarting an active libvirt-guests.service is the equivalent of
	doing:

	/usr/libexec/libvirt-guests.sh stop
	/usr/libexec/libvirt-guests.sh start

	Which in a default configuration will managedsave every running VM,
	and then restore them. Certainly not something we should do every
	time the libvirt-client RPM is updated.

	Just drop the try-restart attempt, I don't know what purpose it
	serves anyways.

	https://bugzilla.redhat.com/show_bug.cgi?id=962225

2013-11-22  Jiri Denemark  <jdenemar@redhat.com>

	spec: Restrict virt-login-shell usage
	https://bugzilla.redhat.com/show_bug.cgi?id=1033614

	As virt-login-shell is an SUID binary, we should restrict its usage to
	just the users chosen by an administrator to use virt-login-shell as
	their login shell. This can easily be done by making the binary
	executable only by users from a new virtlogin group.

2013-11-22  Michal Privoznik  <mprivozn@redhat.com>

	virDomainReboot: Document that migration might be unsafe
	https://bugzilla.redhat.com/show_bug.cgi?id=744967

	If a domain is rebooting and a migrate API is called meanwhile we would
	have to transfer the fakeReboot attribute to the destination in order to
	prevent domain doing plain shutdown over there. We shouldn't try to do
	anything clever about it other than documenting this as a known
	limitation.

2013-11-22  Martin Kletzander  <mkletzan@redhat.com>

	build: Don't fail on '&lt;' or '&gt;' with old xmllint
	Older xmllint version don't allow such characters in datatype anyURI.
	In order not to change too much, I'm suggesting making a choice of
	anyURI or 'absPathName' which should be fine (checked with upstream
	and that old xmllint, both work fine).

2013-11-22  Eric Blake  <eblake@redhat.com>

	storage: use valid XML for awkward volume names
	$ touch /var/lib/libvirt/images/'a<b>c'
	$ virsh pool-refresh default
	$ virsh vol-dumpxml 'a<b>c' default | head -n2
	<volume>
	  <name>a<b>c</name>

	Oops.  That's not valid XML.  And when we fix the XML
	generation, it fails RelaxNG validation.

	I'm also tired of seeing <key>(null)</key> in the example
	output for volume xml; while we used NULLSTR() to avoid
	a NULL deref rather than relying on glibc's printf
	extension behavior, it's even better if we avoid the issue
	in the first place.  But this requires being careful that
	we don't invalidate any storage backends that were relying
	on key being unassigned during virStoragVolCreateXML[From].

	I would have split this into two patches (one for escaping,
	one for avoiding <key>(null)</key>), but since they both
	end up touching a lot of the same test files, I ended up
	merging it into one.

	Note that this patch allows pretty much any volume name
	that can appear in a directory (excluding . and .. because
	those are special), but does nothing to change the current
	(unenforced) RelaxNG claim that pool names will consist
	only of letters, numbers, _, -, and +.  Tightening the C
	code to match RelaxNG patterns and/or relaxing the grammar
	to match the C code for pool names is a task for another
	day (but remember, we DID recently tighten C code for
	domain names to exclude a leading '.').

	* src/conf/storage_conf.c (virStoragePoolSourceFormat)
	(virStoragePoolDefFormat, virStorageVolTargetDefFormat)
	(virStorageVolDefFormat): Escape user-controlled strings.
	(virStorageVolDefParseXML): Parse key, for use in unit tests.
	* src/storage/storage_driver.c (storageVolCreateXML)
	(storageVolCreateXMLFrom): Ensure parsed key doesn't confuse
	volume creation.
	* docs/schemas/basictypes.rng (volName): Relax definition.
	* tests/storagepoolxml2xmltest.c (mymain): Test it.
	* tests/storagevolxml2xmltest.c (mymain): Likewise.
	* tests/storagepoolxml2xmlin/pool-dir-naming.xml: New file.
	* tests/storagepoolxml2xmlout/pool-dir-naming.xml: Likewise.
	* tests/storagevolxml2xmlin/vol-file-naming.xml: Likewise.
	* tests/storagevolxml2xmlout/vol-file-naming.xml: Likewise.
	* tests/storagevolxml2xmlout/vol-*.xml: Fix fallout.

2013-11-21  Doug Goldstein  <cardoe@cardoe.com>

	python: remove virConnectGetCPUModelNames from globals
	Commit de51dc9c9aed0e615c8b301cccb89f4859324eb0 primarily added
	virConnectGetCPUModelNames as libvirt.getCPUModelNames(conn, arch)
	instead of libvirt.virConnect.getCPUModelNames(arch) so revert the code
	that does the former while leaving the code that does the later.

	This is the rest of the patch that was ACK'd by Dan but I committed only
	the partial patch in 6a8b8ae.

2013-11-21  Doug Goldstein  <cardoe@cardoe.com>

	python: remove virConnectGetCPUModelNames from globals
	Commit de51dc9c9aed0e615c8b301cccb89f4859324eb0 primarily added
	virConnectGetCPUModelNames as libvirt.getCPUModelNames(conn, arch)
	instead of libvirt.virConnect.getCPUModelNames(arch) so revert the code
	that does the former while leaving the code that does the later.

2013-11-21  Wangyufei (A)  <james.wangyufei@huawei.com>

	docs: delete extra character
	delete extra character 'p' from the comment of virInterfaceCreate

2013-11-21  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Auto-generate controller for hotplugged hostdev
	If a SCSI hostdev is included in an initial domain XML, without a
	corresponding controller statement, one is created silently when the
	guest is booted.

	When hotplugging a SCSI hostdev, a presumption is that the controller
	is already present in the domain either from the original XML, or via
	an earlier hotplug.

	  [root@xxxxxxxx ~]# cat disk.xml
	  <hostdev mode='subsystem' type='scsi'>
	    <source>
	      <adapter name='scsi_host0'/>
	      <address bus='0' target='3' unit='1088438288'/>
	    </source>
	  </hostdev>
	  [root@xxxxxxxx ~]# virsh attach-device guest01 disk.xml
	  error: Failed to attach device from disk.xml
	  error: internal error: unable to execute QEMU command 'device_add': Bus 'scsi0.0' not found

	Since the infrastructure is in place, we can also create a controller
	silently for use by the hotplugged hostdev device.

2013-11-21  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Separate calls based on controller bus type
	For systems without a PCI bus, attaching a SCSI controller fails:

	  [root@xxxxxxxx ~]# cat controller.xml
	  <controller type='scsi' model='virtio-scsi' index='0' />
	  [root@xxxxxxxx ~]# virsh attach-device guest01 controller.xml
	  error: Failed to attach device from controller.xml
	  error: XML error: No PCI buses available

	A similar problem occurs with the detach of a controller:

	  [root@xxxxxxxx ~]# virsh detach-device guest01 controller.xml
	  error: Failed to detach device from controller.xml
	  error: operation failed: controller scsi:0 not found

	The qemuDomainXXtachPciControllerDevice routines made assumptions
	that any caller had a PCI bus.  These routines now selectively calls
	PCI functions where necessary, and assigns the device information
	type to one appropriate for the bus in use.

2013-11-21  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Rename controller hotplug functions to not be PCI-specific
	For attach/detach of controller devices, we rename the functions to
	remove 'PCI' from their title.  The actual separation of PCI-specific
	operations will be handled in the next patch.

2013-11-21  Osier Yang  <jyang@redhat.com>

	storage: Returns earlier if source adapter of the scsi pool is a HBA
	It makes no sense to go forward to get the parent host number of a
	HBA, and treat the HBA as a vHBA with trying to delete it.

2013-11-20  Clark Laughlin  <clark.laughlin@linaro.org>

	qemu: Add support for virt machine type with virtio-mmio devices on armv7
	These changes allow the correct virtio-blk-device and virtio-net-device
	devices to be used for the 'virt' machine type for armv7 rather than the
	PCI virtio devices.

	A test case was added to qemuxml2argvtest for this change.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: enforce comma style usage
	Enforce and document the style set up by the previous patches.

	* build-aux/bracket-spacing.pl: Add comma checks.
	* docs/hacking.html.in: Document the rules.
	* HACKING: Regenerate.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: remaining code
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/network/bridge_driver.c: Consistently use commas.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/storage/storage_backend_rbd.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: remaining drivers
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/lxc/lxc_container.c: Consistently use commas.
	* src/openvz/openvz_driver.c: Likewise.
	* src/openvz/openvz_util.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: vbox
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/vbox/vbox_tmpl.c: Consistently use commas.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: python
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* python/libvirt-override.c: Consistently use commas.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: util
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/util/vircommand.c: Consistently use commas.
	* src/util/virlog.c: Likewise.
	* src/util/virnetdevbandwidth.c: Likewise.
	* src/util/virnetdevmacvlan.c: Likewise.
	* src/util/virnetdevvportprofile.c: Likewise.
	* src/util/virnetlink.c: Likewise.
	* src/util/virpci.c: Likewise.
	* src/util/virsysinfo.c: Likewise.
	* src/util/virusb.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: tests, tools
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* tests/sysinfotest.c: Consistently use commas.
	* tests/viratomictest.c: Likewise.
	* tests/vircgroupmock.c: Likewise.
	* tools/virsh-domain.c: Likewise.
	* tools/virsh-volume.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: qemu
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/qemu/qemu_cgroup.c: Consistently use commas.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: xen
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/libxl/libxl_driver.c: Consistently use commas.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/xenapi/xenapi_utils.c: Likewise.
	* src/xenxs/xen_sxpr.c: Likewise.
	* src/xenxs/xen_xm.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: conf
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/conf/capabilities.c: Consistently use commas.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/network_conf.c: Likewise.
	* src/conf/storage_conf.c: Likewise.

2013-11-20  Eric Blake  <eblake@redhat.com>

	maint: fix comma style issues: nwfilter
	Most of our code base uses space after comma but not before;
	fix the remaining uses before adding a syntax check.

	* src/nwfilter/nwfilter_ebiptables_driver.c: Consistently use
	commas.
	* src/nwfilter/nwfilter_gentech_driver.c: Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c: Likewise.
	* src/conf/nwfilter_conf.c: Likewise.

2013-11-20  Cole Robinson  <crobinso@redhat.com>

	libvirt-guests: Run only after libvirtd
	Possible fix for occasional libvirt-guests failure at boot time:

	https://bugzilla.redhat.com/show_bug.cgi?id=906009

2013-11-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in default SELinux MCS range
	For a while we're have random failures of 'securityselinuxtest'
	which were not at all reproducible. Fortunately we finally
	caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed

	TEST: securityselinuxtest
	 1) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 2) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 3) GenLabel "dynamic unconfined, s0, c0.c1023"                       ... OK
	 4) GenLabel "dynamic virtd, s0, c0.c1023"                            ... OK
	 5) GenLabel "dynamic virtd, s0, c0.c10"                              ... OK
	 6) GenLabel "dynamic virtd, s2-s3, c0.c1023"                         ... OK
	 7) GenLabel "dynamic virtd, missing range"                           ... Category two 1024 is out of range 0-1023
	FAILED
	FAIL: securityselinuxtest

	And sure enough we had an off-by-1 in the MCS range code when
	the current process has no range set. The test suite randomly
	allocates 2 categories from 0->1024 so the chances of hitting
	this in the test suite were slim indeed :-)

2013-11-20  Michael Chapman  <mike@very.puzzling.org>

	spec: fix libvirt-docs subpackage on RHEL-6
	RHEL-6's rpmbuild wipes the docdir for a (sub-)package if any %doc
	directives are present, prior to copying in the marked documentation.
	This means we can't prepopulate this directory with the HTML
	documentation during the %install phase.

	Instead, move the HTML documentation to a temporary directory during
	%install and mark the contents of this temporary directory with %doc.

	This fixes a build regression introduced in

	  commit e23216da9a9318df920abb11b02582b81515c862
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Wed Sep 25 13:20:40 2013 -0400

	    spec: Clean up distribution of ChangeLog (and others)

	where the libvirt-docs sub-RPM gained a %doc directive, thus
	triggering the RPM bug.

2013-11-20  Ján Tomko  <jtomko@redhat.com>

	Remove redundant braces

	Error out on unterminated arrays and objects in JSON parser

	Test if JSON parser fails on invalid input

2013-11-19  Eric Blake  <eblake@redhat.com>

	maint: ship .pl scripts as executables
	All our .pl scripts had the executable bit set, except for one.
	Make it consistent (even if we invoke the scripts as an argument
	to $(PERL) rather than directly).

	* src/check-aclrules.pl: Make executable.

2013-11-19  Guido Günther  <agx@sigxcpu.org>

	Don't depend on syslog.service
	Syslog is socket activated since at least systemd v35 so we can drop
	this dependency. Debian's linitian otherwise complains about it.

	References:

	    http://www.freedesktop.org/wiki/Software/systemd/syslog/
	    http://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html

2013-11-19  Hao Liu  <hliu@redhat.com>

	Fix virsh net-info output for consistency
	All *-info virsh commands output a list of colon-seperated key-val pairs.
	But virsh net-info command misses this colon for key "Name" and "UUID".

2013-11-19  Doug Goldstein  <cardoe@cardoe.com>

	Add missing break to switch-case block
	The case label for VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED did not have its
	own break statement but relied on falling through which we probably
	don't want.

2013-11-19  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Introduce GetNonExistingCPUData test
	In the 730af8f2cd commit we are fixing broken qemu startup on systems
	with ancient qemu. This commit introduces the regression test for that
	specific case to make sure we don't break it again.

	qemuMonitorJSONGetCPUx86Data: Don't fail on ancient qemus
	On the domain startup, this function is called to dump some info about
	the CPUs. At the beginning of the function we check if we aren't running
	older qemu which is not exposing the CPUs via 'qom-list'. However, we
	are not checking for even older qemus, which throw 'CommandNotFound'
	error.

2013-11-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: fix segfault on virsh dumpxml with the existence of USB filters
	A USB filter is stored in a hostdev. The original code doesn't
	allocate hostdev->info that is expected to be allocated with hostdev.
	So use virDomainHostdevDefAlloc() to allocate both as we expect.

2013-11-19  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos.
	* src/qemu/qemu_command.c (qemuBuildVolumeString): Fix typo.
	* src/qemu/qemu_monitor.c (qemuMonitorSend): Likewise.

2013-11-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	build: work around super-old readline.h
	This patch shuts up the following warning of clang
	on Mac OS X:

	  virsh.c:2761:22: error: assigning to 'char *' from 'const char [6]' discards qualifiers
	      [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
	      rl_readline_name = "virsh";
	                       ^ ~~~~~~~

	The warning happens because rl_readline_name on Mac OS X comes
	from an old readline header that still uses 'char *', while it
	is 'const char *' in readline 4.2 (April 2001) and newer.

	Tested on Mac OS X 10.8.5 (clang-500.2.75) and Fedora 19 (gcc 4.8.1).

2013-11-18  Doug Goldstein  <cardoe@cardoe.com>

	Macro for testing the version you are compiling with
	Added a macro similar to the GLib's GLIB_CHECK_VERSION so that one can
	simply do something like:

	 #if LIBVIR_CHECK_VERSION(1,1,3)
	   /* Call function here that appeared in 1.1.3 and newer */
	   virSomeNewFunction();
	 #endif

2013-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'return 0;' in stub lxcStartFuse() method impl.
	Without a 'return 0' in the stub lxcStartFuse() method, the
	compiler warns:

	lxc/lxc_fuse.c:374: error: control reaches end of non-void function
	[-Wreturn-type]

2013-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Avoid async signal safety problem in glibc's setxid
	The glibc setxid is supposed to be async signal safe, but
	libc developers confirm that it is not. This causes a problem
	when libvirt_lxc starts the FUSE thread and then runs clone()
	to start the container. If the clone() was done before the
	FUSE thread has completely started up, then the container
	will hang in setxid after clone().

	The fix is to avoid creating any threads until after the
	container has been clone()'d. By avoiding any threads in
	the parent, the child is no longer required to run in an
	async signal safe context, and we thus avoid the glibc
	bug.

2013-11-18  Ján Tomko  <jtomko@redhat.com>

	Return -1 in virPortAllocatorAcquire if all ports are used
	Report the error in virPortAllocatorAcquire instead
	of doing it in every caller.

	The error contains the port range name instead of the intended
	use for the port, e.g.:
	Unable to find an unused port in range 'display' (65534-65535)
	instead of:
	Unable to find an unused port for SPICE

	This also adds error reporting when the QEMU driver could not
	find an unused port for VNC, VNC WebSockets or NBD migration.

2013-11-18  Ján Tomko  <jtomko@redhat.com>

	Add a name to virPortAllocator
	This allows its error messages to be more specific.

	Don't release spice port twice when no TLS port is available
	Introduced by 7b4a630.

2013-11-18  Ján Tomko  <jtomko@redhat.com>

	Properly unref a connection with a close callback
	The connection pointer in the closeCallback data was never
	initialized, making the unref in remoteClientCloseFunc a no-op.

	This fixes the following leak in virsh when the daemon closes
	the connection unexpectedly:

	1,179 (288 direct, 891 indirect) bytes in 1 blocks are
	   definitely lost in loss record 745 of 792
	  at 0x4C2A6D0: calloc (in vgpreload_memcheck-amd64-linux.so)
	  by 0x4E9643D: virAllocVar (viralloc.c:558)
	  by 0x4ED2425: virObjectNew (virobject.c:190)
	  by 0x4F675AC: virGetConnect (datatypes.c:116)
	  by 0x4F6EA06: do_open (libvirt.c:1136)
	  by 0x4F71017: virConnectOpenAuth (libvirt.c:1481)
	  by 0x129FFA: vshReconnect (virsh.c:337)
	  by 0x128310: main (virsh.c:2470)

2013-11-15  Eric Blake  <eblake@redhat.com>

	docs: improve job info details
	Noticed while revieweing the patches for qemu's new migration state.

	* include/libvirt/libvirt.h.in (_virDomainJobInfo): Fix typo,
	grammar.
	* src/libvirt.c (virDomainGetJobInfo): Add cross reference.

2013-11-15  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatnwfilter.html.in
	s/insallations/installations/

2013-11-15  Michael Avdienko  <whitearchey@gmail.com>

	Fix migration with QEMU 1.6
	QEMU 1.6.0 introduced new migration status: setup
	Libvirt does not expect such string in QMP and refuses to migrate with error
	"unexpected migration status in setup"

	This patch fixes it.

2013-11-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Call qemuSetupHostdevCGroup later during hotplug
	https://bugzilla.redhat.com/show_bug.cgi?id=1025108

	So far qemuSetupHostdevCGroup was called very early during hotplug, even
	before we knew the device we were about to hotplug was actually
	available. By calling the function later, we make sure QEMU won't be
	allowed to access devices used by other domains.

	Another important effect of this change is that hopluging USB devices
	specified by vendor and product (but not by their USB address) works
	again. This was broken since v1.0.5-171-g7d763ac, when the call to
	qemuFindHostdevUSBDevice was moved after the call to
	qemuSetupHostdevCGroup, which then used an uninitialized USB address.

2013-11-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorIO: Don't use @mon after it's unrefed
	https://bugzilla.redhat.com/show_bug.cgi?id=1018267

	The aim of virObject refing and urefing is to tell where the object is
	to be used and when is no longer needed. Hence any object shouldn't be
	used after it has been unrefed, as we might be the last to hold the
	reference. The better way is to call virObjectUnref() *after* the last
	object usage. In this specific case, the monitor EOF handler was called
	after the qemuMonitorIO called virObjectUnref. Not only that @mon was
	disposed (which is not used in the handler anyway) but the @mon->vm
	which is causing a SIGSEGV:

	2013-11-15 10:17:54.425+0000: 20110: error : qemuMonitorIO:688 : internal error: early end of file from monitor: possible problem:
	qemu-kvm: -incoming tcp:01.01.01.0:49152: Failed to bind socket: Cannot assign requested address

	Program received signal SIGSEGV, Segmentation fault.
	qemuProcessHandleMonitorEOF (mon=<optimized out>, vm=0x7fb728004170) at qemu/qemu_process.c:299
	299         if (priv->beingDestroyed) {
	(gdb) p *priv
	Cannot access memory at address 0x0
	(gdb) p vm
	$1 = (virDomainObj *) 0x7fb728004170
	(gdb) p *vm
	$2 = {parent = {parent = {magic = 3735928559, refs = 0, klass = 0xdeadbeef}, lock = {lock = {__data = {__lock = 2, __count = 0, __owner = 20110, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0,
	            __next = 0x0}}, __size = "\002\000\000\000\000\000\000\000\216N\000\000\001", '\000' <repeats 26 times>, __align = 2}}}, pid = 0, state = {state = 0, reason = 0}, autostart = 0, persistent = 0,
	  updated = 0, def = 0x0, newDef = 0x0, snapshots = 0x0, current_snapshot = 0x0, hasManagedSave = false, privateData = 0x0, privateDataFreeFunc = 0x0, taint = 304}

2013-11-14  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessReconnectHelper: Don't create joinable thread
	In the qemuProcessReconnectHelper() a new thread that does all the
	interesting work is spawned. The rationale is to not block the daemon
	startup process in case of unresponsive qemu. However, the thread
	handler is a local variable which gets lost once the control goes out of
	scope. Hence the thread gets leaked. We can avoid this if the thread
	isn't made joinable.

	virDomainEventCallbackListFree: Don't leak @list->callbacks
	The @list->callbacks is an array that is inflated whenever a new event
	is added, e.g. via virDomainEventCallbackListAddID(). However, when we
	are freeing the array, we free the items within it but forgot to
	actually free it.

	virPCIDeviceBindToStub: Remove unused @oldDriverPath and @oldDriverName
	These two chunks had to be part of df4283a55bf. But for some unclear
	reason, the weren't. Anyway, these two variables are not used anywhere
	within function. They're initialized to NULL and then VIR_FREE()-d. And
	there's no reason do do two NOPs, right?

	networkBuildDhcpDaemonCommandLine: Don't leak @configstr and @configfile

2013-11-13  Eric Blake  <eblake@redhat.com>

	storage: fix RNG validation of gluster via netfs
	While trying to compare netfs against my new gluster pool, I
	discovered two things:

	virt-xml-validate chokes on valid xml produced by 'virsh pool-dumpxml'
	[yet another reason that ALL patches that add new xml should be adding
	corresponding tests]

	When using glusterfs FUSE mounts, you cannot access a subdirectory
	of a gluster volume.  The recommended workaround in the gluster
	community is to mount the volume to an intermediate location, then
	bind-mount the desired subdirectory to the final location.  Maybe
	we should teach libvirt to do bind-mounting, but for now I chose to
	just document the limitation.

	* docs/storage.html.in: Improve documentation.
	* docs/schemas/storagepool.rng (sourcefmtnetfs): Allow all
	formats, and drop redundant info-vendor.
	* tests/storagepoolxml2xmltest.c (mymain): New test.
	* tests/storagepoolxml2xmlin/pool-netfs-gluster.xml: New file.
	* tests/storagepoolxml2xmlout/pool-netfs-gluster.xml: Likewise.

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-secret: Unify list column alignment
	Before:

	$ virsh secret-list
	UUID                                 Usage
	-----------------------------------------------------------
	0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f volume /var/lib/libvirt/images/puppyname.img
	0a81f5b2-8403-7b23-c8d6-2deadbeefd6f Unused

	After:

	$ virsh secret-list
	 UUID                                  Usage
	--------------------------------------------------------------------------------
	 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f  volume /var/lib/libvirt/images/puppyname.img
	 0a81f5b2-8403-7b23-c8d6-2deadbeefd6f  Unused

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-interface: Unify list column alignment
	Before:

	$ virsh iface-list
	Name                 State      MAC Address
	--------------------------------------------
	br0                  active     f0:de:f1:dc:b8:b0
	virbr2               active     52:54:00:61:78:0c

	After:

	$ virsh iface-list
	 Name                 State      MAC Address
	---------------------------------------------------
	 br0                  active     f0:de:f1:dc:b8:b0
	 virbr2               active     52:54:00:61:78:0c

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-nwfilter: Unify list command column alignment
	Before:
	$ virsh nwfilter-list
	UUID                                  Name
	----------------------------------------------------------------
	651d902c-165c-4bcc-8d73-41319af1e6bc  allow-arp
	9ae11362-df6b-407f-8864-3bdf5125bf77  allow-dhcp
	53b5a9ed-7d46-480f-a201-6d8a503d6533  allow-dhcp-server

	After:
	$ virsh nwfilter-list
	 UUID                                  Name
	------------------------------------------------------------------
	 651d902c-165c-4bcc-8d73-41319af1e6bc  allow-arp
	 9ae11362-df6b-407f-8864-3bdf5125bf77  allow-dhcp
	 53b5a9ed-7d46-480f-a201-6d8a503d6533  allow-dhcp-server

2013-11-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-pool: Unify spacing of listing function
	Change the alignment to match the domain listing function.

	Before:

	$ virsh pool-list
	Name                 State      Autostart
	-----------------------------------------
	boot-scratch         active     no
	default              active     no
	glusterpool          active     no

	$ virsh pool-list --details
	Name          State    Autostart  Persistent    Capacity  Allocation  Available
	-------------------------------------------------------------------------------
	boot-scratch  running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	default       running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	glusterpool   running  no         yes          29.40 GiB   44.23 MiB  29.36 GiB

	After:

	$ virsh pool-list
	 Name                 State      Autostart
	-------------------------------------------
	 boot-scratch         active     no
	 default              active     no
	 glusterpool          active     no

	$ virsh pool-list --details
	 Name          State    Autostart  Persistent    Capacity  Allocation  Available
	---------------------------------------------------------------------------------
	 boot-scratch  running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	 default       running  no         yes         117.99 GiB  101.40 GiB  16.60 GiB
	 glusterpool   running  no         yes          29.40 GiB   44.23 MiB  29.36 GiB

2013-11-13  Ján Tomko  <jtomko@redhat.com>

	Disable nwfilter driver when running unprivileged
	When opening a new connection to the driver, nwfilterOpen
	only succeeds if the driverState has been allocated.

	Move the privilege check in driver initialization before
	the state allocation to disable the driver.

	This changes the nwfilter-define error from:
	error: cannot create config directory (null): Bad address
	To:
	this function is not supported by the connection driver:
	virNWFilterDefineXML

	https://bugzilla.redhat.com/show_bug.cgi?id=1029266

2013-11-12  Jason Andryuk  <andryuk@aero.org>

	libxl: Fix Xen 4.4 libxlVmStart logic
	ifdef LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS hides a multi-line body
	for a brace-less else.  Add braces to ensure proper logic is applied.

	Without this fix, new domains cannot be started.  Both
	libxl_domain_create_new and libxl_domain_create_restore are called when
	starting a new domain leading to this error:
	libxl: error: libxl.c:324:libxl__domain_rename: domain with name "guest" already exists.
	libxl: error: libxl_create.c:800:initiate_domain_create: cannot make domain: -6

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Check for presence of device and properities when getting CPUID
	The QOM path in qemu that contains the CPUID registers of a running VM
	may not be present (introduced in QEMU 1.5).

	Since commit d94b7817719 we have a regression with QEMU that don't
	support reporting of the CPUID register state via the monitor as the
	process startup code expects the path to exist.

	This patch adds code that checks with the monitor if the requested path
	already exists and uses it only in this case.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Change return type of qemuMonitorGetGuestCPU()
	To allow returning more granular errors, change the error type to an
	integer.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	virsh-volume: Unify strigification of volume type
	There were two separate places with that were stringifying type of a
	volume. One of the places was out of sync with types implemented
	upstream.

	To avoid such problems in the future, this patch adds a common function
	to convert the type to string and reuses it across the two said places.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	virsh-volume: Unify alignment of vol-list output columns
	Add an extra space before the first column as we have when listing
	domains.

	Previous output:

	$ virsh vol-list glusterpool
	Name                 Path
	-----------------------------------------
	asdf                 gluster://gluster-node-1/gv0/asdf
	c                    gluster://gluster-node-1/gv0/c
	cd                   gluster://gluster-node-1/gv0/cd

	$ virsh vol-list glusterpool --details
	Name  Path                               Type     Capacity  Allocation
	----------------------------------------------------------------------
	asdf  gluster://gluster-node-1/gv0/asdf  unknown    0.00 B      0.00 B
	c     gluster://gluster-node-1/gv0/c     unknown   16.00 B     16.00 B
	cd    gluster://gluster-node-1/gv0/cd    unknown    0.00 B      0.00 B

	New output:

	$ virsh vol-list glusterpool
	 Name                 Path
	------------------------------------------------------------------------------
	 asdf                 gluster://gluster-node-1/gv0/asdf
	 c                    gluster://gluster-node-1/gv0/c
	 cd                   gluster://gluster-node-1/gv0/cd

	$ virsh vol-list glusterpool --details
	 Name  Path                               Type     Capacity  Allocation
	------------------------------------------------------------------------
	 asdf  gluster://gluster-node-1/gv0/asdf  unknown    0.00 B      0.00 B
	 c     gluster://gluster-node-1/gv0/c     unknown   16.00 B     16.00 B
	 cd    gluster://gluster-node-1/gv0/cd    unknown    0.00 B      0.00 B

2013-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Improve cgroups docs to cover systemd integration
	As of libvirt 1.1.1 and systemd 205, the cgroups layout used by
	libvirt has some changes. Update the 'cgroups.html' file from
	the website to describe how it works in a systemd world.

2013-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix busy wait loop in LXC container I/O handling
	If the host side of an LXC container console disconnected
	and the guest side continued to write data, until the PTY
	buffer filled up, the LXC controller would busy wait. It
	would repeatedly see POLLHUP from poll() and not disable
	the watch.

	This was due to some bogus logic detecting blocking
	conditions. Upon seeing a POLLHUP we must disable all
	reading & writing from the PTY, and setup the epoll to
	wake us up again when the connection comes back.

2013-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Don't expose 'none' machine type to capabilities
	The 'none' machine type is something only intended for use
	by libvirt probing capabilities. It isn't something that
	is useful for running real VM instances. As such it should
	not be exposed to users in the capabilities.

	Fix mem leak in virQEMUCapsProbeQMPMachineTypes on OOM
	The virQEMUCapsProbeQMPMachineTypes method iterates over machine
	types copying them into the qemuCapsPtr object. It only updates
	the qemuCaps->nmachinetypes value at the end though. So if OOM
	occurs in the middle, the destructor of qemuCapsPtr will not
	free the partially initialized machine types.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainDiskSourceDefParse
	Now that the function is separate clean out a few ugly places and fix up
	error messages.

	conf: Rename virDomainDiskHostDefFree to virDomainDiskHostDefClear
	The function destroys only the contents not the object itself thus it
	should be called Clear.

2013-11-12  Peter Krempa  <pkrempa@redhat.com>

	conf: Split out code to parse the source of a disk definition
	To avoid code duplication between snapshot configuration code that
	parses the disk source too we need to split out this code that will be
	reused later on.

	This patch tries to be code movement, some aspects of this function will
	be refactored later.

2013-11-11  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainObjStart: Warn on corrupted image
	If the managedsave image is corrupted, e.g. the XML part is, we fail to
	parse it and throw an error, e.g.:

	error: Failed to start domain jms8
	error: XML error: missing security model when using multiple labels

	This is okay, as we can't really start the machine and avoid undefined
	qemu behaviour. On the other hand, the error message doesn't give a
	clue to users what should they do. The consensus here would be to thrown
	a warning to logs saying "Hey, you've got a corrupted file".

2013-11-11  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in libvirt.h.in
	s/repersents/represents

2013-11-11  Michal Privoznik  <mprivozn@redhat.com>

	virSecurityLabelDefParseXML: Don't parse label on model='none'
	https://bugzilla.redhat.com/show_bug.cgi?id=1027096

	If there's the following snippet in the domain XML, the domain will be
	lost upon the daemon restart (if the domain is started prior restart):

	    <seclabel type='dynamic' relabel='yes'/>

	The problem is, the 'label', 'imagelabel' and 'baselabel' are parsed
	whenever the VIR_DOMAIN_XML_INACTIVE is *not* present or the label is
	static. The latter is not our case, obviously. So, when libvirtd starts
	up, it finds domain state xml and parse it. During parsing, many XML
	flags are enabled but VIR_DOMAIN_XML_INACTIVE. Hence, our parser tries
	to extract 'label', 'imagelabel' and 'baselabel' from the XML which
	fails for model='none'. Err, this model - even though not specified in
	XML - can be taken from qemu wide config file: /etc/libvirtd/qemu.conf.

	However, in order to know we are dealing with model='none' the code in
	question must be moved forward a bit. Then a new check must be
	introduced. This is what the first two chunks are doing.

	But this alone is not sufficient. The domain state XML won't contain the
	model attribute without slight modification. The model should be
	inserted into the XML even if equal to 'none' and the state XML is being
	generated - what if the origin (the @security_driver variable in
	qemu.conf) changes during libvirtd restarts?

	At the end, a test to catch this scenario is introduced.

2013-11-11  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Mark --live and --config mutually exclusive in vcpucount
	The 'vcpucount' command is a getter command for the vCPUu count. When
	one or more of the filtering flags are specified the command returns the
	value only for the selected combination. In this case the --live and
	--config combination isn't valid. This however didn't cause errors as
	the combination of flags was rejected by the libvirt API but then the
	fallback code kicked in and requested the count in a way where the clash
	of the flags didn't matter.

	Mark the flag combination mutually exclusive so that users aren't
	confused.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1024245

2013-11-08  Wang Yufei  <james.wangyufei@huawei.com>

	docs: fix virDomainRestoreFlags description bug
	In virDomainRestoreFlags with VIR_DOMAIN_SAVE_BYPASS_CACHE, it risks
	slowing restores from NFS, but not saves to NFS.

2013-11-08  Eric Blake  <eblake@redhat.com>

	docs: grammar fixes
	Fix some user-visible wording from commits 72aafe9 and 1606d89.

	* src/qemu/qemu.conf (migration_address): Better wording.
	* include/libvirt/libvirt.h.in (VIR_MIGRATE_PARAM_LISTEN_ADDRESS):
	Likewise.

2013-11-08  Vitor de Lima  <vitor.lima@eldorado.org.br>

	qemu: Fix SCSI hotplug on pseries guests
	This patch moves some code in the qemuDomainAttachSCSIDisk
	function. The check for the existence of a PCI address assigned
	to the SCSI controller was moved in order to be executed only
	when needed. The PCI address of a controller is not necessary
	if QEMU_CAPS_DEVICE is supported.

	This fixes issues with the hotplug of SCSI disks on pseries guests.

2013-11-08  Laine Stump  <laine@laine.org>

	pci: properly handle out-of-order SRIOV virtual functions
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

	When virPCIGetVirtualFunctions created the list of an SRIOV Physical
	Function's (PF) Virtual Functions (VF), it had assumed that the order
	of "virtfn*" links returned by readdir() from the PF's sysfs directory
	was already in the correct order. Experience has shown that this is
	not always the case - it can be in alphabetical order (which would
	e.g. place virtfn11 before virtfn2) or even some seemingly random
	order (see the example in the bugzilla report)

	This results in 1) incorrect assumptions made by consumers of the
	output of the virt_functions list of virsh nodedev-dumpxml, and 2)
	setting MAC address and vlan tag on the wrong VF (since libvirt uses
	netlink to set mac address and vlan tag, netlink requires the VF#, and
	the function virPCIGetVirtualFunctionIndex() returns the wrong index
	due to the improperly ordered VF list).

	The solution provided by this patch is for virPCIGetVirtualFunctions
	to no longer scan the entire device directory in its natural order,
	but instead to check for links individually by name "virtfn%d" where
	%d starts at 0 and increases with each success. Since VFs are created
	contiguously by the kernel, this will guarantee that all VFs are
	found, and placed in the arry in the correct order.

	One note of use to the uninitiated is that VIR_APPEND_ELEMENT always
	either increments *num_virtual_functions or fails, so no this isn't an
	endless loop.

	(NB: the SRIOV_* defines at the top of virpci.c were removed
	because they are unnecessary and/or not used.)

2013-11-08  Laine Stump  <laine@laine.org>

	util: use size_t instead of unsigned int for num_virtual_functions
	This is a prerequisite to the fix for the fix to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1025397

	num_virtual_functions needs to be size_t in order to use the
	VIR_APPEND_ELEMENT macro.

2013-11-08  Vitor de Lima  <vitor.lima@eldorado.org.br>

	qemu: assign PCI address to primary video card
	When adding support for Q35 guests, the code to assign a PCI address
	to the primary video card was moved into Q35 and i440fx(PIIX3)
	specific functions, but no fallback was kept for other machine types
	that might have a video card.

	This patch remedies that by assigning a PCI address to the primary
	video card if it does not have any kind of address.  In particular,
	this fixes issues with pseries guests.

2013-11-08  Serge Hallyn  <serge.hallyn@ubuntu.com>

	util: use -w flag when calling iptables
	When supported, ask iptables to wait rather than fail if it is in use
	by another caller (like ufw).

	(See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1245322)

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Validate specific CPUID flags of a guest
	When starting a VM the qemu process may filter out some requested
	features of a domain as it's not supported either by the host or by
	qemu. Libvirt didn't check if this happened which might end up in
	changing of the guest ABI when migrating.

	The proof of concept implementation adds the check for the recently
	introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
	qemu and host kernel support and thus increase the possibility of guest
	ABI breakage.

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for paravirtual spinlocks in the guest
	The linux kernel recently added support for paravirtual spinlock
	handling to avoid performance regressions on overcomitted hosts. This
	feature needs to be turned in the hypervisor so that the guest OS is
	notified about the possible support.

	This patch adds a new feature "paravirt-spinlock" to the XML and
	supporting code to enable the "kvm_pv_unhalt" pseudo CPU feature in
	qemu.

	https://bugzilla.redhat.com/show_bug.cgi?id=1008989

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor storing and usage of feature flags
	Currently we were storing domain feature flags in a bit field as the
	they were either enabled or disabled. New features such as paravirtual
	spinlocks however can be tri-state as the default option may depend on
	hypervisor version.

	To allow storing tri-state feature state in the same place instead of
	having to declare dedicated variables for each feature this patch
	refactors the bit field to an array.

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	cpu: x86: Add internal CPUID features support and KVM feature bits
	Some of the emulator features are presented in the <features> element in
	the domain XML although they are virtual CPUID feature bits when
	presented to the guest. To avoid confusing the users with these
	features, as they are not configurable via the <cpu> element, this patch
	adds an internal array where those can be stored privately instead of
	exposing them in the XML.

	Additionaly KVM feature bits are added as example usage of this code.

2013-11-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add monitor APIs to fetch CPUID data from QEMU
	The qemu monitor supports retrieval of actual CPUID bits presented to
	the guest using QMP monitor. Add APIs to extract these information and
	tests for them.

2013-11-08  Peter Krempa  <pkrempa@redhat.com>

	cpu_x86: Refactor storage of CPUID data to add support for KVM features
	The CPUID functions were stored in multiple arrays according to a
	specified prefix of those. This made it very hard to add another prefix
	to store KVM CPUID features (0x40000000). Instead of hardcoding a third
	array this patch changes the approach used:

	The code is refactored to use a single array where the CPUID functions
	are stored ordered by the cpuid function so that they don't depend on
	the specific prefix and don't waste memory. The code is also less
	complex using this approach. A trateoff to this is the change from O(N)
	complexity to O(N^2) in x86DataAdd and x86DataSubtract. The rest of the
	functions were already using O(N^2) algorithms.

2013-11-08  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	storage: Fix a vol-clone bug on ppc64
	vol-clone reports out of memory error with disk type on ppc64.

	Currently, wbytes is defined as size_t type (8 bytes), but
	args's value in ioctl(fd, args..) in kernel is int (4 bytes).
	This makes wbytes 2^32 times larger, causing an out of memory error.

	This patch changes size_t to int to synchronize with kernel.

	[1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/block/ioctl.c?id=5e01dc7b#n363
	[2] https://lkml.org/lkml/2013/11/1/620

2013-11-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't access vm->priv on unlocked domain
	Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
	migration. However, on error recovery path we got the steps reversed.
	The correct order is: return NBD port to the virPortAllocator and then
	either unlock the vm or remove it from the driver. Not vice versa.

	==11192== Invalid write of size 4
	==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
	==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
	==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
	==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
	==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
	==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
	==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
	==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
	==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
	==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
	==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
	==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
	==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
	==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11192==    by 0x5079A2F: virFree (viralloc.c:580)
	==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
	==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
	==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
	==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
	==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
	==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
	==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
	==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
	==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)

2013-11-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Avoid double free of VM
	One of my previous patches (c7ac2519b7f) did try to fix the issue when
	domain dies too soon during migration. However, this clumsy approach was
	missing removal of qemuProcessHandleMonitorDestroy resulting in double
	unrefing of mon->vm and hence producing the daemon crash:

	==11843== Invalid read of size 4
	==11843==    at 0x50C28C5: virObjectUnref (virobject.c:255)
	==11843==    by 0x1148F7DB: qemuMonitorDispose (qemu_monitor.c:258)
	==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
	==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
	==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
	==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==11843==    by 0x11F368: main (libvirtd.c:1513)
	==11843==  Address 0x13b88864 is 4 bytes inside a block of size 136 free'd
	==11843==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==11843==    by 0x5079A2F: virFree (viralloc.c:580)
	==11843==    by 0x50C29E3: virObjectUnref (virobject.c:270)
	==11843==    by 0x114770E4: qemuProcessHandleMonitorDestroy (qemu_process.c:1103)
	==11843==    by 0x1148F7CB: qemuMonitorDispose (qemu_monitor.c:257)
	==11843==    by 0x50C2991: virObjectUnref (virobject.c:262)
	==11843==    by 0x50C2D13: virObjectFreeCallback (virobject.c:388)
	==11843==    by 0x509C37B: virEventPollCleanupHandles (vireventpoll.c:583)
	==11843==    by 0x509C711: virEventPollRunOnce (vireventpoll.c:652)
	==11843==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==11843==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==11843==    by 0x11F368: main (libvirtd.c:1513)

2013-11-07  Ján Tomko  <jtomko@redhat.com>

	Allow root directory in filesystem source dir schema
	Use absDirPath instead of absFilePath.

	https://bugzilla.redhat.com/show_bug.cgi?id=1028107

2013-11-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuMigrationBeginPhase: Check for 'drive-mirror' for NBD
	So far we are checking if qemu supports 'nbd-server-start'. This,
	however, makes no sense on the source as nbd-server-* is used on the
	destination. On the source the 'drive-mirror' is used instead.

2013-11-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	conf: fix incorrect error log in virCPUDefIsEqual
	A copy-paste error.
	s/model/vendor id

2013-11-07  Michal Privoznik  <mprivozn@redhat.com>

	tests: Distribute virpcitestdata
	Since 21685c955e5466 we have tests/virpcitestdata dir containing the PCI
	config files for some dummy PCI devices that are used int virpcitest.
	However, the directory containing the config files is not distributed
	making 'make rpm' fail.

2013-11-07  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix virtpcitest in VPATH

2013-11-07  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor virDomainDiskSourcePoolDefParse
	For some strange reason virDomainDiskSourcePoolDefParse accessed def of
	the disk and allocated the pool object in it. To avoid the need to carry
	over the disk definition object, refactor this function to return the
	allocated object instead.

2013-11-07  Eric Blake  <eblake@redhat.com>

	nodeinfo: fix build on non-Linux
	Commit b0f8546 broke the build on mingw, by exposing code that
	had Linux-specific dependencies but which was previously protected
	by libnuma ifdef guards:

	make[3]: Entering directory `/home/eblake/libvirt-tmp/build/src'
	  CC       libvirt_driver_la-nodeinfo.lo
	../../src/nodeinfo.c: In function 'virNodeGetSiblingsList':
	../../src/nodeinfo.c:1543:30: error: 'SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX' undeclared (first use in this function)
	     if (virFileReadAll(path, SYSFS_THREAD_SIBLINGS_LIST_LENGTH_MAX, &buf) < 0)
	                              ^
	../../src/nodeinfo.c:1543:30: note: each undeclared identifier is reported only once for each function it appears in
	../../src/nodeinfo.c: In function 'virNodeCapsFillCPUInfo':
	../../src/nodeinfo.c:1562:5: error: implicit declaration of function 'virNodeGetCpuValue' [-Werror=implicit-function-declaration]
	     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
	     ^
	../../src/nodeinfo.c:1562:5: error: nested extern declaration of 'virNodeGetCpuValue' [-Werror=nested-externs]
	../../src/nodeinfo.c:1562:35: error: 'SYSFS_CPU_PATH' undeclared (first use in this function)
	     if ((tmp = virNodeGetCpuValue(SYSFS_CPU_PATH, cpu_id,
	                                   ^
	cc1: all warnings being treated as errors

	* src/nodeinfo.c (virNodeCapsFillCPUInfo): Make conditional.
	(virNodeGetSiblingsList): Move into #ifdef linux block.

2013-11-07  Eric Blake  <eblake@redhat.com>

	storage: always probe type with buffer
	This gets rid of another stat() per volume, as well as cutting
	bytes read in half, when populating the volumes of a directory
	pool during a pool refresh.  Not to mention that it provides an
	interface that can let gluster pools also probe file types.

	* src/util/virstoragefile.h (virStorageFileProbeFormatFromFD):
	Delete.
	(virStorageFileProbeFormatFromBuf): New prototype.
	(VIR_STORAGE_MAX_HEADER): New constant, based on...
	* src/util/virstoragefile.c (STORAGE_MAX_HEAD): ...old name.
	(vmdk4GetBackingStore, virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormat): Adjust clients.
	(virStorageFileProbeFormatFromFD): Delete.
	(virStorageFileProbeFormatFromBuf): Export.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Adjust client.
	* src/libvirt_private.syms (virstoragefile.h): Adjust exports.

2013-11-07  Eric Blake  <eblake@redhat.com>

	storage: refactor backing chain division of labor
	Future patches will want to learn metadata about a file using
	a buffer that was already parsed in order to probe the file's
	format.  Rather than reopening and re-reading the file, it makes
	sense to separate getting file contents from actually parsing
	those contents.

	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFDInternal): New functions.
	(virStorageFileGetMetadataInternal): Hoist fstat() and read() into
	callers.
	(virStorageFileGetMetadataFromFD)
	(virStorageFileGetMetadataRecurse): Rework clients.
	* src/util/virstoragefile.h (virStorageFileGetMetadataFromBuf):
	New prototype.
	* src/libvirt_private.syms (virstoragefile.h): Export it.

2013-11-07  Eric Blake  <eblake@redhat.com>

	storage: reduce number of stat calls
	We are calling fstat() at least twice per storage volume in
	a directory storage pool; this is rather wasteful.  Refactoring
	this is also a step towards making code reusable for gluster,
	where gluster can provide struct stat but cannot use fstat().

	* src/storage/storage_backend.h
	(virStorageBackendVolOpenCheckMode)
	(virStorageBackendUpdateVolTargetInfoFD): Update signature.
	* src/storage/storage_backend.c
	(virStorageBackendVolOpenCheckMode): Pass stat results back.
	(virStorageBackendUpdateVolTargetInfoFD): Use existing stats.
	(virStorageBackendVolOpen, virStorageBackendUpdateVolTargetInfo):
	Update callers.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/storage/storage_backend_scsi.c
	(virStorageBackendSCSIUpdateVolTargetInfo): Likewise.
	* src/storage/storage_backend_mpath.c
	(virStorageBackendMpathUpdateVolTargetInfo): Likewise.

2013-11-07  Eric Blake  <eblake@redhat.com>

	storage: avoid short reads while chasing backing chain
	Our backing file chain code was not very robust to an ill-timed
	EINTR, which could lead to a short read causing us to randomly
	treat metadata differently than usual.  But the existing
	virFileReadLimFD forces an error if we don't read the entire
	file, even though we only care about the header of the file.
	So add a new virFile function that does what we want.

	* src/util/virfile.h (virFileReadHeaderFD): New prototype.
	* src/util/virfile.c (virFileReadHeaderFD): New function.
	* src/libvirt_private.syms (virfile.h): Export it.
	* src/util/virstoragefile.c (virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormatFromFD): Use it.

2013-11-06  Eric Blake  <eblake@redhat.com>

	storage: use simpler 'char *'
	'unsigned char *' makes sense if you are doing math on bytes and
	don't want to worry about wraparound from a signed 'char'; but
	since all we are doing is memcmp() or virReadBufInt*[LB]E(), which
	are both safe on either type of char, and since read() prefers to
	operate on 'char *', it's simpler to avoid casts by just typing
	things as 'char *' from the get-go.  [Technically, read can
	operate on an 'unsigned char *' thanks to the C rule that any
	pointer can be implicitly converted to 'char *' for legacy K&R
	compatibility; but where this patch saves us is if we try to use
	virfile.h functions that take 'char **' in order to allocate the
	buffer, where the compiler would barf on type mismatch.]

	* src/util/virstoragefile.c (FileTypeInfo): Avoid unsigned char.
	(cowGetBackingStore, qcow2GetBackingStoreFormat)
	(qcowXGetBackingStore, qcow1GetBackingStore)
	(qcow2GetBackingStore, vmdk4GetBackingStore, qedGetBackingStore)
	(virStorageFileMatchesMagic, virStorageFileMatchesVersion)
	(virStorageFileProbeFormatFromBuf, qcow2GetFeatures)
	(virStorageFileGetMetadataInternal)
	(virStorageFileProbeFormatFromFD): Simplify clients.

2013-11-06  Jonathan Lebon  <jlebon@redhat.com>

	add SystemTap to apps using libvirt
	Starting from v2.4 (released today!), SystemTap can use libvirt to
	execute scripts inside virtual machines.

2013-11-06  Giuseppe Scrivano  <gscrivan@redhat.com>

	test driver: add support for .connectBaselineCPU
	It uses the same functionalities of the qemu driver.

2013-11-06  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorDispose: Reset lastError
	Since the 90139a62 commit the error is copied into mon->lastError but
	it's never freed from there.

	==31989== 395 bytes in 1 blocks are definitely lost in loss record 877 of 978
	==31989==    at 0x4A06C2B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==31989==    by 0x7EAF129: strdup (in /lib64/libc-2.15.so)
	==31989==    by 0x50D586C: virStrdup (virstring.c:554)
	==31989==    by 0x50976C1: virCopyError (virerror.c:191)
	==31989==    by 0x5097A35: virCopyLastError (virerror.c:312)
	==31989==    by 0x114909A9: qemuMonitorIO (qemu_monitor.c:690)
	==31989==    by 0x509BEDE: virEventPollDispatchHandles (vireventpoll.c:501)
	==31989==    by 0x509C701: virEventPollRunOnce (vireventpoll.c:648)
	==31989==    by 0x509A620: virEventRunDefaultImpl (virevent.c:274)
	==31989==    by 0x520D21C: virNetServerRun (virnetserver.c:1112)
	==31989==    by 0x11F368: main (libvirtd.c:1513)

2013-11-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatnwfilter
	s/fragement/fragment

2013-11-06  Zeng Junliang  <zengjunliang@huawei.com>

	qemu: clean up migration ports when migration cancelled
	If there's a migration cancelled, the bitmap of migration port should be
	cleaned up too.

2013-11-06  Laine Stump  <laine@laine.org>

	network: fix connections count in case of allocate failure
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1020135

	If networkAllocateActualDevice() had failed due to a pool of hostdev
	or direct devices being depleted, the calling function could still
	call networkReleaseActualDevice() as part of its cleanup, and that
	function would then unconditionally decrement the connections count
	for the network, even though it hadn't been incremented (due to
	failure of allocate). This *was* necessary because the .actual member
	of the netdef was allocated with a "lazy" algorithm, only being
	created if there was a need to store data there (e.g. if a device was
	allocated from a pool, or bandwidth was allocated for the device), so
	there was no simple way for networkReleaseActualDevice() to tell if
	something really had been allocated (i.e. if "connections++" had been
	executed).

	This patch changes networkAllocateDevice() to *always* allocate an
	actual device for any netdef of type='network', even if it isn't
	needed for any other reason. This has no ill effects anywhere else in
	the code (except for using a small amount of memory), and
	networkReleaseActualDevice() can then determine if there was a
	previous successful allocate by checking for .actual != NULL (if not,
	it skips the "connections--").

2013-11-06  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Introduce testVirPCIDeviceReset
	This addition, however, requires some refactoring to be done.  First of
	all, to match the best practice we should detach the device prior
	resetting it. That's why testVirPCIDeviceDetach is detaching all devices
	within 0000:00:01.0 and 0000:00:03.0 range. Then, the brand new test
	will reset the 0000:00:02.0 device, so the last testVirPCIDeviceReattach
	can reattach all the devices back.

	In order to perform a PCI device reset, the dummy config file is not
	sufficient anymore and must be replaced with real PCI config (binary
	mess). Such config files are to be stored under tests/virpcitestdata/
	and ought to have '.config' suffix.

2013-11-05  Guido Günther  <agx@sigxcpu.org>

	virt-login-shell: also build virAtomic.h
	Needed for architectures that don't use gcc atomic ops but pthread. This
	fixes the armel build that otherwise breaks like:

	 CCLD     virt-login-shell
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virClassNew':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:150: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectNew':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:202: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectUnref':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:274: undefined reference to `virAtomicLock'
	 ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-virobject.o): In function `virObjectRef':
	 /«PKGBUILDDIR»/debian/build/src/../../../src/util/virobject.c:295: undefined reference to `virAtomicLock'
	 collect2: error: ld returned 1 exit status

	See https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=armel&ver=1.1.4-1&stamp=1383588268

2013-11-05  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Fix variable arguments using in pci_driver_new
	In the pci_driver_new function it is possible to set a list of
	<vendor:device> IDs that the driver knows. These IDs are passed as
	variable arguments and are processed  the usual way using va_start() and
	va_arg(). However, after all arguments has been processed, we should
	call va_end() what we aren't currently doing.

2013-11-05  Eric Blake  <eblake@redhat.com>

	storage: recognize gluster as networked file
	A qcow2 file with a backing file of 'gluster://host/vol/file' should
	not try to look for a directory named './gluster:/' in the file system.

	* src/util/virstoragefile.c (virBackingStoreIsFile): Broaden check
	to include all protocols.

2013-11-05  Ján Tomko  <jtomko@redhat.com>

	qemu: don't use deprecated -no-kvm-pit-reinjection
	Since qemu-kvm 1.1 [1] (since 1.3. in upstream QEMU [2])
	'-no-kvm-pit-reinjection' has been deprecated.
	Use -global kvm-pit.lost_tick_policy=discard instead.

	https://bugzilla.redhat.com/show_bug.cgi?id=978719

	[1] http://git.kernel.org/cgit/virt/kvm/qemu-kvm.git/commit/?id=4e4fa39
	[2] http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c21fb4f

2013-11-05  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity issue regarding not checking return value
	Coverity complains that the call to virPCIDeviceDetach() in
	qemuPrepareHostdevPCIDevices() doesn't check status return like
	other calls.  Seems this just was lurking until a recent change
	to this module resulted in Coverity looking harder and finding
	the issue.  Introduced by 'a4efb2e33' when function was called
	'pciReAttachDevice()'

	Just added a ignore_value() since it doesn't appear to matter
	if the call fails since we're on a failure path already.

2013-11-05  Daniel P. Berrange  <berrange@redhat.com>

	Skip any files which are not mounted on the host
	Currently the LXC container tries to skip selinux/securityfs
	mounts if the directory does not exist in the filesystem,
	or if SELinux is disabled.

	The former check is flawed because the /sys/fs/selinux
	or /sys/kernel/securityfs directories may exist in sysfs
	even if the mount type is disabled. Instead of just doing
	an access() check, use an virFileIsMounted() to see if
	the FS is actually present in the host OS. This also
	avoids the need to check is_selinux_enabled().

2013-11-05  Daniel P. Berrange  <berrange@redhat.com>

	Add flag to lxcBasicMounts to control use in user namespaces
	Some mounts must be skipped if running inside a user namespace,
	since the kernel forbids their use. Instead of strcmp'ing the
	filesystem type in the body of the loop, set an explicit flag
	in the lxcBasicMounts table.

	Remove duplicate entries in lxcBasicMounts array
	Currently the lxcBasicMounts array has separate entries for
	most mounts, to reflect that we must do a separate mount
	operation to make mounts read-only. Remove the duplicate
	entries and instead set the MS_RDONLY flag against the main
	entry. Then change lxcContainerMountBasicFS to look for the
	MS_RDONLY flag, mask it out & do a separate bind mount.

	Remove pointless 'srcpath' variable in lxcContainerMountBasicFS
	The 'srcpath' variable is initialized from 'mnt->src' and never
	changed thereafter. Some places continue to use 'mnt->src' and
	others use 'srcpath'. Remove the pointless 'srcpath' variable
	and use 'mnt->src' everywhere.

	Remove unused 'opts' field from LXC basic mounts struct
	The virLXCBasicMountInfo struct contains a 'char *opts'
	field passed onto the mount() syscall. Every entry in the
	list sets this to NULL though, so it can be removed to
	simplify life.

2013-11-05  Daniel P. Berrange  <berrange@redhat.com>

	Add virFileIsMountPoint function
	Add a function for efficiently checking if a path is a filesystem
	mount point.

	NB will not work for bind mounts, only true filesystem mounts.

2013-11-04  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Introduce check for unbinded devices
	This just introduces the test for bug fixed in df4283a55bf.

2013-11-04  Michal Privoznik  <mprivozn@redhat.com>

	virpci: Don't error on unbinded devices
	https://bugzilla.redhat.com/show_bug.cgi?id=1018897

	If a PCI deivce is not binded to any driver (e.g. there's yet no PCI
	driver in the linux kernel) but still users want to passthru the device
	we fail the whole operation as we fail to resolve the 'driver' link
	under the PCI device sysfs tree. Obviously, this is not a fatal error
	and it shouldn't be error at all.

2013-11-04  Michal Privoznik  <mprivozn@redhat.com>

	virpcitest: Introduce testVirPCIDeviceReattach
	This test will reattach the PCI device detached in the previous test.

	virpcitest: Test virPCIDeviceDetach
	This commit introduces yet another test under virpcitest:
	virPCIDeviceDetach. However, in order to be able to do this, the
	virpcimock needs to be extended to model the kernel behavior on PCI
	device binding and unbinding (create 'driver' symlinks under the device
	tree, check for device ID in driver's ID table, etc.)

	tests: Introduce virpcitest
	Among with this test introduce virpcimock as we need to mock some
	syscalls, e.g. redirect open() of a file under /sys/bus/pci to a
	stub sysfs tree.

2013-11-04  Peter Krempa  <pkrempa@redhat.com>

	cpu: x86: Parse the CPU feature map only once
	Until now the map was loaded from the XML definition file every time a
	operation on the flags was requested. With the introduciton of one shot
	initializers we can store the definition forever (as it will never
	change) instead of parsing it over and over again.

2013-11-04  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Export few x86-specific APIs
	This makes virCPUx86DataAddCPUID, virCPUx86DataFree, and
	virCPUx86MakeData available for direct usage outside of cpu driver in
	tests and the new qemu monitor that will request the actual CPU
	definition from a running qemu instance.

2013-11-04  Peter Krempa  <pkrempa@redhat.com>

	nodeinfo: Remove libnuma include
	Now that all libnuma functions used by libvirt are wrapped in virNuma we
	can remove the dependancy from nodeinfo.

	numa: Add wrapper of numa_node_to_cpus and use it

	caps: Fix function docs for virCapabilitiesAddHostNUMACell

	numa: Replace NUMA_MAX_N_CPUS macro with virNumaGetMaxCPUs()

	nodeinfo: Get rid of nodeGetCellMemory
	The function was called in a single place only and was reporting errors
	that were later ignored. Use the virNumaGetNodeMemory helper to get the
	size of the memory in the NUMA node and remove the helper

	numa: Introduce virNumaGetNodeMemory and use it instead of numa_node_size64

	numa: Introduce virNumaGetMaxNode and use it instead of numa_max_node
	Avoid necessary checks for the numa library with this helper.

	nodeinfo: Avoid forward declarations of static functions
	linuxNodeGetCPUStats() and linuxNodeGetMemoryStats() are static and
	don't need a forward declaration.

	numa: Introduce virNumaIsAvailable and use it instead of numa_available
	All functions from libnuma must be protected with ifdefs. Avoid this by
	using our own wrapper.

2013-11-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.4
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update localizations from transifex and regenerate

2013-11-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virnetsocket: fix getsockopt on FreeBSD
	aa0f099 introduced a strict error checking for getsockopt and it
	revealed that getting a peer credential of a socket on FreeBSD
	didn't work. Libvirtd hits the error:
	  error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
	  client socket identity groups

	SOL_SOCKET (0xffff) was used as a level of getsockopt for
	LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
	Mac OS X.

	So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
	0 on Mac OS X and FreeBSD. According to the fact, the patch
	simplifies the code by removing ifdef __APPLE__.

	I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.

2013-11-03  Doug Goldstein  <cardoe@cardoe.com>

	MacOS: Handle changes to xdrproc_t definition
	With Mac OS X 10.9, xdrproc_t is no longer defined as:

	typedef bool_t (*xdrproc_t)(XDR *, ...);

	but instead as:

	typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);

	For reference, Linux systems typically define it as:

	typedef bool_t (*xdrproc_t)(XDR *, void *, ...);

	The rationale explained in the header is that using a vararg is
	incorrect and has a potential to change the ABI slightly do to compiler
	optimizations taken and the undefined behavior. They decided
	to specify the exact number of parameters and for compatibility with old
	code decided to make the signature require 3 arguments. The third
	argument is ignored for cases that its not used and its recommended to
	supply a 0.

2013-11-01  Jeremy Fitzhardinge  <jeremy@goop.org>

	libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities
	Rather than casting the virBitmap pointer to uint8_t* and then using
	the structure contents as a byte array, use the virBitmap API to determine
	the bitmap size and test each bit.

2013-11-01  Jim Fehlig  <jfehlig@suse.com>

	Revert "libxl: Fix possible invalid read"
	This reverts commit 394d6e0a95ac91facba06ab43d67ae8600b14b0e.
	The real problem is accessing the virtBitmap structure as a byte
	array, which was correctly identified and fixed by Jeremy Fitzhardinge

	https://www.redhat.com/archives/libvir-list/2013-October/msg01257.html

2013-11-01  Bamvor Jian Zhang  <bjzhang@suse.com>

	fix api changes in xen restore
	in recently xen commit: 7051d5c8, there is a api changes in
	libxl_domain_create_restore.
	Author: Andrew Cooper <andrew.cooper3@citrix.com>
	Date:   Thu Oct 10 12:23:10 2013 +0100

	    tools/migrate: Fix regression when migrating from older version of Xen

	use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h
	in order to make libvirt could compile with old and new xen.

	the params checkpointed_stream is useful if libvirt libxl driver
	support migration. for new, set it as zero.

2013-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix race in starting transient VMs
	When starting a transient VM the first thing done is to check
	for duplicates. The check looks if there are any running VMs
	with the matching name/uuid. It explicitly allows there to
	be inactive VMs, so that a persistent VM can be temporarily
	booted with a different config.

	There is a race condition, however, where 2 or more clients
	try to create the same transient VM. The first client will
	cause a virDomainObjPtr to be added to the domain list, and
	it is inactive at this stage. The second client may then
	come along and see this inactive VM, and mistake it for a
	persistent VM.

	If the first VM fails to start its transient guest for any
	reason, then it'll remove the virDomainObjPtr from the list.
	The second client now has a virDomainObjPtr that it can try
	to boot, which libvirt no longer has a record of. The result
	can be a running QEMU process that is orphaned.

	It was also, however, possible for the virDomainObjPtr to be
	completely free'd which will cause libvirtd to crash in some
	scenarios.

	The fix is to only allow an existing inactive VM if it is
	marked as persistent.

2013-11-01  Ján Tomko  <jtomko@redhat.com>

	Use a port from the migration range for NBD as well
	Instead of using a port from the remote display range.

	https://bugzilla.redhat.com/show_bug.cgi?id=1025699

2013-10-31  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodedev_hal: fix segfault when virDBusGetSystemBus fails
	Thie patch fixes the segfault:
	    error : nodeStateInitialize:658 : DBus not available,
	      disabling HAL driver: internal error: Unable to get DBus
	      system bus connection: Failed to connect to socket
	      /var/run/dbus/system_bus_socket: No such file or directory
	    error : nodeStateInitialize:719 :  ?:
	    Caught Segmentation violation dumping internal log buffer:

	This segfault occurs at the below VIR_ERROR:
	  failure:
	      if (dbus_error_is_set(&err)) {
	          VIR_ERROR(_("%s: %s"), err.name, err.message);

	When virDBusGetSystemBus fails, the code jumps to the above failure
	path. However, the err variable is not correctly initialized
	before calling virDBusGetSystemBus. As a result, dbus_error_is_set
	may pass over the uninitialized err variable whose name or
	message may point to somewhere unknown memory region, which
	causes a segfault on VIR_ERROR.

	The new code initializes the err variable before calling
	virDBusGetSystemBus.

2013-10-31  Daniel P. Berrange  <berrange@redhat.com>

	Improve debugging of QEMU start/stop
	Include reference of the VM object pointer and name in debug
	logs for QEMU start/stop functions. Also make sure we log the
	PID that we started, since it isn't available elsewhere in the
	logs.

	Improve debugging of job enter/exit code
	In debugging a recent oVirt/libvirt race condition, I was very
	frustrated by lack of logging in the job enter/exit code. This
	patch adds some key data which would have been useful in by
	debugging attempts.

2013-10-31  Hongwei Bi  <hwbi2008@gmail.com>

	xenapi: fix coding style in xenapi_driver.c
	Fix the if statement coding style.

2013-10-31  Eric Blake  <eblake@redhat.com>

	storage: use correct type for array count
	Using size_t counts will let us use VIR_APPEND_ELEMENT and friends.

	* src/conf/storage_conf.h (_virStoragePoolObjList)
	(_virStorageVolDefList): Track list sizes with size_t.
	* src/storage/storage_backend_rbd.c
	(virStorageBackendRBDRefreshPool): Fix type fallout.

2013-10-31  Eric Blake  <eblake@redhat.com>

	maint: avoid further typedef accidents
	To make it easier to forbid future attempts at a confusing typedef
	name ending in Ptr that isn't actually a pointer, insist that we
	follow our preferred style of 'typedef foo *fooPtr'.

	* cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent
	style, to prevent issue fixed in previous storage patch.
	* src/conf/capabilities.h (virCapsPtr): Fix offender.
	* src/security/security_stack.c (virSecurityStackItemPtr):
	Likewise.
	* tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise.

2013-10-30  Claudio Bley  <cbley@av-test.de>

	docs: generate links from plain text documentation
	There are two forms used throughout libvirt code comments, which
	are both supported by this patch.

	* plain links like e.g. http://www.libvirt.org/
	* links enclosed in <> characters, e.g. <http://www.libvirt.org/>

2013-10-30  Claudio Bley  <cbley@av-test.de>

	libvirt.c: indent code of virDomainGetMemoryParameters's documentation
	By indenting code inside of comments, it gets recognized as a
	code block when generating the HTML documentation.

	libvirt.c: add 2 spaces of indentation to example code of virStreamSend
	See libvirt-libvirt.html#virStreamSend for the effect.

	docs: define style of code blocks inside descriptions

	docs: add class "description" to div's containing descriptions

2013-10-30  Claudio Bley  <cbley@av-test.de>

	docs: process code blocks similar to Markdown
	Wrap pre-formatted example code in <code> elements. This works
	similar to Markdown[1] code blocks[2]:

	Every line indented with at least 2 spaces is considered a code
	block and gets wrapped in <pre> and <code> tags.

	Look at the documentation for e.g. virStreamSend for before-and-after
	effects.

	[1] http://daringfireball.net/projects/markdown/
	[2] http://daringfireball.net/projects/markdown/syntax#precode

2013-10-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition reconnecting to vms & loading configs
	The following sequence

	 1. Define a persistent QMEU guest
	 2. Start the QEMU guest
	 3. Stop libvirtd
	 4. Kill the QEMU process
	 5. Start libvirtd
	 6. List persistent guests

	At the last step, the previously running persistent guest
	will be missing. This is because of a race condition in the
	QEMU driver startup code. It does

	 1. Load all VM state files
	 2. Spawn thread to reconnect to each VM
	 3. Load all VM config files

	Only at the end of step 3, does the 'virDomainObjPtr' get
	marked as "persistent". There is therefore a window where
	the thread reconnecting to the VM will remove the persistent
	VM from the list.

	The easy fix is to simply switch the order of steps 2 & 3.

	In addition to this though, we must only attempt to reconnect
	to a VM which had a non-zero PID loaded from its state file.

2013-10-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of objects when reconnecting to QEMU instances
	The 'error' cleanup block in qemuProcessReconnect() had a
	'return' statement in the middle of it. This caused a leak
	of virConnectPtr & virQEMUDriverConfigPtr instances. This
	was identified because netcf recently started checking its
	refcount in libvirtd shutdown:

	netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections

2013-10-30  Daniel P. Berrange  <berrange@redhat.com>

	Don't update dom->persistent without lock held
	virDomainObjListLoadAllConfigs sets dom->persistent after
	having released its lock on the domain object. This exposes
	a possible race condition.

2013-10-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix typos in formatnwfilter
	s/initated/initiated

2013-10-30  Doug Goldstein  <cardoe@cardoe.com>

	MacOS: Re-add support for QEMU backend
	The QEMU backend was disabled on Mac OS X without a reason in the code
	and due to refactors its difficult to understand when/why it was
	disabled. With QEMU being supported on Mac OS X there is no reason to
	disable QEMU on this platform.

2013-10-29  John Ferlan  <jferlan@redhat.com>

	Add '+' to uid/gid printing for label processing
	To ensure proper processing by virGetUserID() and virGetGroupID()
	of a uid/gid add a "+" prior to the uid/gid to denote it's really
	a uid/gid for the label.

2013-10-29  Eric Blake  <eblake@redhat.com>

	storage: fix incorrect typedef
	The rbd code had a confusing typedef ending in Ptr that was not
	actually a pointer, which made the rest of the code harder to
	read.  This fixes things to actually pass by pointer rather than
	by copy.

	* src/storage/storage_backend_rbd.c (virStorageBackendStatePtr):
	Fix typedef.
	(virStorageBackendRBDOpenRADOSConn)
	(virStorageBackendRBDCloseRADOSConn)
	(volStorageBackendRBDRefreshVolInfo)
	(virStorageBackendRBDRefreshPool, virStorageBackendRBDDeleteVol)
	(virStorageBackendRBDCreateVol, virStorageBackendRBDRefreshVol)
	(virStorageBackendRBDResizeVol): Fix fallout.

2013-10-29  Peter Krempa  <pkrempa@redhat.com>

	apparmor: Fix typo in function name in driver struct initialization
	Commit 64a68a4a introduced a typo in the initialization of the apparmor
	driver structure breaking the build with apparmor enabled.

2013-10-29  Michael Chapman  <mike@very.puzzling.org>

	qemu: fix well-formed migration URI formatting
	When adding an automatically allocated port to a well-formed migration
	URI, keep it well-formed:

	  tcp://1.2.3.4/  ->  tcp://1.2.3.4/:12345   # wrong
	  tcp://1.2.3.4/  ->  tcp://1.2.3.4:12345/   # fixed
	  tcp://1.2.3.4   ->  tcp://1.2.3.4:12345    # still works
	  tcp:1.2.3.4     ->  tcp:1.2.3.4:12345      # still works (old syntax)

2013-10-29  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't free tty before using it in lxcContainerSetupDevices
	Introduced by commit 0f31f7b.

2013-10-29  Daniel P. Berrange  <berrange@redhat.com>

	Push RPM deps down into libvirt-daemon-driver-XXXX sub-RPMs
	For inexplicable reasons, many of the 3rd party package deps
	were left against the 'libvirt-daemon' RPM when the drivers
	were split out. This makes a minimal install heavier that
	it should be. Push them all down into libvirt-daemon-driver-XXX
	so they're only pulled in when truly needed

	With this change applied, a minimal install of just the
	libvirt-daemon-driver-lxc RPM is reduced by 41 MB on a
	Fedora 19 host.

2013-10-29  Giuseppe Scrivano  <gscrivan@redhat.com>

	capabilities: add baselabel per sec driver/virt type to secmodel
	Expand the "secmodel" XML fragment of "host" with a sequence of
	baselabel's which describe the default security context used by
	libvirt with a specific security model and virtualization type:

	<secmodel>
	  <model>selinux</model>
	  <doi>0</doi>
	  <baselabel type='kvm'>system_u:system_r:svirt_t:s0</baselabel>
	  <baselabel type='qemu'>system_u:system_r:svirt_tcg_t:s0</baselabel>
	</secmodel>
	<secmodel>
	  <model>dac</model>
	  <doi>0</doi>
	  <baselabel type='kvm'>107:107</baselabel>
	  <baselabel type='qemu'>107:107</baselabel>
	</secmodel>

	"baselabel" is driver-specific information, e.g. in the DAC security
	model, it indicates USER_ID:GROUP_ID.

2013-10-29  Giuseppe Scrivano  <gscrivan@redhat.com>

	security: add new internal function "virSecurityManagerGetBaseLabel"
	virSecurityManagerGetBaseLabel queries the default settings used by
	a security model.

	security: use a single function to set DAC user and group
	Merge the functions 'virSecurityDACSetUser' and
	'virSecurityDACSetGroup' into 'virSecurityDACSetUserAndGroup'.

2013-10-29  Pavel Raiskup  <praiskup@redhat.com>

	virsh: new environment variable VIRSH_HISTSIZE
	Allow adjust the number of commands to remember in the command
	history.

	* tools/virsh.c (vshReadlineInit): Read and sanity the
	VIRSH_HISTSIZE variable.
	(VIRSH_HISTSIZE_MAX): New constant.
	* tools/virsh.pod: Document VIRSH_HISTSIZE variable.

2013-10-28  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Since we haven't quite frozen yet, it's time to pick up some
	gnulib fixes.  I know at least cygwin benefits from this update.

	* .gnulib: Update to latest, in part for cygwin compilation.

2013-10-28  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	Skip debug message in lxcContainerSetID if no map is set.
	The lxcContainerSetID() method prints a misleading log
	message about setting the uid/gid when no ID map is
	present in the XML config. Skip the debug message in
	this case.

2013-10-25  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	doc: fix a typo in formatdomain
	s/no/not

2013-10-24  John Ferlan  <jferlan@redhat.com>

	Avoid Coverity DEADCODE warning
	Commit '922b7fda' resulted in two DEADCODE warnings from Coverity in
	remoteDispatchAuthPolkit and virAccessDriverPolkitFormatProcess.
	Commit '604ae657' modified the daemon.c code to remove the deadcode
	issue, but did not do so for viracessdriverpolkit.c. This just mimics
	the same changes

2013-10-24  Eric Blake  <eblake@redhat.com>

	virsh: undocument --shareable (--mode already covers it)
	Commit e962a57 added 'attach-disk --shareable', even though we
	already had 'attach-disk --mode=shareable'.  Worse, if the user
	types 'attach-disk --mode=readonly --shareable', we create
	non-sensical XML.  The best solution is just to undocument the
	duplicate spelling, by having it fall back to the preferred
	spelling.

	* tools/virsh-domain.c (cmdAttachDisk): Let alias handling fix our
	mistake in exposing a second spelling for an existing option.
	* tools/virsh.pod: Fix documentation.

2013-10-24  Eric Blake  <eblake@redhat.com>

	virsh: allow alias to expand to opt=value pair
	We want to treat 'attach-disk --shareable' as an undocumented
	alias for 'attach-disk --mode=shareable'.  By improving our
	alias handling, we can allow all such --bool -> --opt=value
	replacements, and guarantee up front that the alias is not
	mixed with its replacement.

	* tools/virsh.c (vshCmddefOptParse, vshCmddefGetOption): Add
	support for expanding bool alias to --opt=value.
	(opts_echo): Add another alias to test it.
	* tests/virshtest.c (mymain): Test it.

2013-10-24  Martin Kletzander  <mkletzan@redhat.com>

	libxl: Fix possible invalid read
	According to the following valgrind output, there seems to be a
	invalid limit for the iterator (captured on Fedora 19):

	==3945== Invalid read of size 1
	==3945==    at 0x1E1FA410: libxlVmStart (libxl_driver.c:475)
	==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
	==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
	==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
	==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
	==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
	==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
	==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
	==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
	==3945==    by 0x8758E1C: clone (clone.S:113)
	==3945==  Address 0x23424d81 is 0 bytes after a block of size 1 alloc'd
	==3945==    at 0x4A08121: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==3945==    by 0x50B1F8C: virAllocN (viralloc.c:189)
	==3945==    by 0x1E1FA3CA: libxlVmStart (libxl_driver.c:468)
	==3945==    by 0x1E1FAD9A: libxlDomainCreateWithFlags (libxl_driver.c:2633)
	==3945==    by 0x5187D46: virDomainCreate (libvirt.c:9439)
	==3945==    by 0x13BAA6: remoteDispatchDomainCreateHelper (remote_dispatch.h:2910)
	==3945==    by 0x51DE5B9: virNetServerProgramDispatch (virnetserverprogram.c:435)
	==3945==    by 0x51D93E7: virNetServerHandleJob (virnetserver.c:165)
	==3945==    by 0x50F5BF4: virThreadPoolWorker (virthreadpool.c:144)
	==3945==    by 0x50F5670: virThreadHelper (virthreadpthread.c:161)
	==3945==    by 0x8046C52: start_thread (pthread_create.c:308)
	==3945==    by 0x8758E1C: clone (clone.S:113)
	==3945==

	Related: https://bugzilla.redhat.com/show_bug.cgi?id=1013045

2013-10-24  Eric Blake  <eblake@redhat.com>

	virsh: fix doc typos
	Reported in https://bugzilla.redhat.com/show_bug.cgi?id=1022872

	* tools/virsh.pod: s/COMMMANDS/COMMANDS/

2013-10-23  Martin Kletzander  <mkletzan@redhat.com>

	Ignore GNU Global tag files
	... the same way we ignore other TAGS

	build: Fix prohibit_int_ijk (and iijjkk) on RHEL 5
	On RHEL 5, make syntax-check was failing because even strings like
	'int isTempChain' matched the 'int i' rule.  To be honest, I haven't
	found the root cause, but the change added makes it work as expected
	and keeps the proper behavior on newer systems as well.

2013-10-23  Marian Neagul  <marian@info.uvt.ro>

	python: Fix Create*WithFiles filefd passing
	Commit d76227be added functions virDomainCreateWithFiles and
	virDomainCreateXMLWithFiles, but there was a little piece missing in
	python bindings.  This patch fixes proper passing of file descriptors
	in the overwrites of these functions.

2013-10-22  Hongwei Bi  <hwbi2008@gmail.com>

	networkStartDhcpDaemon: Check for dnsmasqCapsRefresh failure
	Currently, we ignore whether dnsmasqCapsRefresh succeeds or fails. We
	shouldn't do that as we may generate wrong dnsmasq command line (what
	is done just a few lines below).

2013-10-22  Doug Goldstein  <cardoe@cardoe.com>

	rpc: Retrieve peer PID via new getsockopt() for Mac
	While LOCAL_PEERCRED on the BSDs does not return the pid information of
	the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we
	should use that when its available to get that information.

2013-10-22  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	* ChangeLog-old: s/guarentee/guarantee/

2013-10-22  Jim Fehlig  <jfehlig@suse.com>

	build: fix build of virt-login-shell on systems with older gnutls
	On systems where gnutls uses libgcrypt, I'm seeing the following
	build failure

	libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
	libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
	...

	Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h

2013-10-22  Michal Privoznik  <mprivozn@redhat.com>

	Get rid of shadowed booleans
	There are still two places where we are using 1bit width unsigned
	integer to store a boolean. There's no real need for this and these
	occurrences can be replaced with 'bool'.

2013-10-22  Jim Fehlig  <jfehlig@suse.com>

	build: fix linking virt-login-shell
	After commit 3e2f27e1, I've noticed build failures of virt-login-shell
	when libapparmor-devel is installed on the build host

	CCLD     virt-login-shell
	../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
	In function `virExec':
	/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
	reference to `aa_change_profile'
	collect2: error: ld returned 1 exit status

	I was about to commit an easy fix under the build-breaker rule
	(build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
	to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
	makes sense (build-fix-2.patch).

	Should I just stick with the simple fix, or is something along the lines
	of patch 2 preferred?

	Regards,
	Jim

	>From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
	From: Jim Fehlig <jfehlig@suse.com>
	Date: Mon, 21 Oct 2013 15:30:02 -0600
	Subject: [PATCH] build: fix virt-login-shell build with apparmor

	With libapparmor-devel installed, virt-login-shell fails to link

	CCLD     virt-login-shell
	../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
	/home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
	collect2: error: ld returned 1 exit status

	Fix by linking libvirt_setuid_rpc_client with previously determined
	SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
	and use both throughout src/Makefile.am where it makes sense.

2013-10-22  Michal Privoznik  <mprivozn@redhat.com>

	vircgroupmock: Mock access() to some more files
	Currently, if access(path, mode) is invoked, we check if @path has this
	special prefix SYSFS_PREFIX. If it does, we modify the path a bit and
	call realaccess. If it doesn't we act just like a wrapper and call
	realaccess directly. However, we are mocking fopen() as well. And as one
	can clearly see there, fopen("/proc/cgroups") will succeed. Hence, we
	have an error in our mocked access(): We need to check whether @path is
	not equal to /proc/cgroups as it may not exists on real system we're
	running however we definitely know how to fopen() it.

2013-10-22  Michal Privoznik  <mprivozn@redhat.com>

	tests: Use lv_abs_top_builddir instead of bare abs_top_builddir
	As stated in the comment above introduction of the lv_abs_top_builddir
	variable, older automake doesn't provide abs_top_builddir variable.
	Hence, we are creating our own one with lv_ prefix. However, when
	exporting env variables to the tests, the variables are not evaluated
	but only substituted. Hence:

	  LIBVIRT_DRIVER_DIR="$(abs_top_builddir)/src/.libs"

	is set to "/src/.libs" with old automake (even though we *think* we've
	set the $abs_top_builddir variable just a few line above).

2013-10-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix job watching when STDIN is not a tty
	In commit b46c4787dde79b015dad67dedda4ccf6ff1a3082 I changed the code to
	watch long running jobs in virsh. Unfortunately I didn't take into
	account that poll may get a hangup if the terminal is not a TTY and will
	be closed.

	This patch avoids polling the STDIN fd when there's no TTY.

2013-10-22  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix some typos about 'informations'
	s/informations/information

2013-10-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodeinfo: fix physical memory size on Mac OS X
	HW_PHYSMEM is available on Mac OS X as well as FreeBSD, however,
	its resulting value for Mac OS X is 32 bits. Mac OS X provides
	HW_MEMSIZE that is 64 bits version of HW_PHYSMEM. We have to use it.

	I tested the patch on Mac OS X 10.6.8, 10.7.4, 10.8.5 and FreeBSD 9.2.

2013-10-21  Laine Stump  <laine@laine.org>

	qemu: fix removal of <interface type='hostdev'>
	This patch (and the two patches that precede it) resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1005682

	When libvirt was changed to delay the final cleanup of device removal
	until the qemu process had signaled it with a DEVICE_DELETED event for
	that device, the hostdev removal function
	(qemuDomainRemoveHostDevice()) was written to properly handle the
	removal of a hostdev that was actually an SRIOV virtual function
	(defined with <interface type='hostdev'>). However, the function used
	to search for a device matching the alias name provided in the
	DEVICE_DELETED message (virDomainDefFindDevice()) would search through
	the list of netdevs before hostdevs, so qemuDomainRemoveHostDevice()
	was never called; instead the netdev function,
	qemuDomainRemoveNetDevice() (which *doesn't* properly cleanup after
	removal of <interface type='hostdev'>), was called.

	(As a reminder - each <interface type='hostdev'> results in a
	virDomainNetDef which contains a virDomainHostdevDef having a parent
	type of VIR_DOMAIN_DEVICE_NET, and parent.data.net pointing back to
	the virDomainNetDef; both Defs point to the same device info object
	(and the info contains the device's "alias", which is used by qemu to
	identify the device). The virDomainHostdevDef is added to the domain's
	hostdevs list *and* the virDomainNetDef is added to the domain's nets
	list, so searching either list for a particular alias will yield a
	positive result.)

	This function modifies the qemuDomainRemoveNetDevice() to short
	circuit itself and call qemu DomainRemoveHostDevice() instead when the
	actual device is a VIR_DOMAIN_NET_TYPE_HOSTDEV (similar logic to what
	is done in the higher level qemuDomainDetachNetDevice())

	Note that even if virDomainDefFindDevice() changes in the future so
	that it finds the hostdev entry first, the current code will continue
	to work properly.

2013-10-21  Laine Stump  <laine@laine.org>

	qemu: move qemuDomainRemoveNetDevice to avoid forward reference
	pure code movement to setup for next patch.

2013-10-21  Laine Stump  <laine@laine.org>

	qemu: simplify calling qemuDomainHostdevNetConfigRestore
	This function was called in three places, and in each the call was
	qualified by a slightly different conditional. In reality, this
	function should only be called for a hostdev if all of the following
	are true:

	  1) mode='subsystem'
	  2) type='pci'
	  3) there is a parent device definition which is an <interface>
	     (VIR_DOMAIN_DEVICE_NET)

	We can simplify the callers and make them more consistent by checking
	these conditions at the top ov qemuDomainHostdevNetConfigRestore and
	returning 0 if one of them isn't satisfied.

	The location of the call to qemuDomainHostdevNetConfigRestore() has
	also been changed in the hot-plug case - it is moved into the caller
	of its previous location (i.e. from qemuDomainRemovePCIHostDevice() to
	qemuDomainRemoveHostDevice()). This was done to be more consistent
	about which functions pay attention to whether or not this is one of
	the special <interface> hostdevs or just a normal hostdev -
	qemuDomainRemoveHostDevice() already contained a call to
	networkReleaseActualDevice() and virDomainNetDefFree(), so it makes
	sense for it to also handle the resetting of the device's MAC address
	and vlan tag (which is what's done by
	qemuDomainHostdevNetConfigRestore()).

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Move virt-login-shell into libvirt-login-shell sub-RPM
	Many people will not want the setuid virt-login-shell binary
	installed by default, so move it into a separate sub-RPM
	named libvirt-login-shell. This RPM is only generated if
	LXC is enabled

	Block all use of libvirt.so in setuid programs
	Avoid people introducing security flaws in their apps by
	forbidding the use of libvirt.so in setuid programs, with
	a check in virInitialize.

	Remove (nearly) all use of getuid()/getgid()
	Most of the usage of getuid()/getgid() is in cases where we are
	considering what privileges we have. As such the code should be
	using the effective IDs, not real IDs.

	Add stub getegid impl for platforms lacking it
	We already have stubs for getuid, geteuid, getgid but
	not for getegid. Something in gnulib already does a
	check for it during configure, so we already have the
	HAVE_GETEGID macro defined.

	Don't allow remote driver daemon autostart when running setuid
	We don't want setuid programs automatically spawning libvirtd,
	so disable any use of autostart when setuid.

	Only allow the UNIX transport in remote driver when setuid
	We don't know enough about quality of external libraries used
	for non-UNIX transports, nor do we want to spawn external
	commands when setuid. Restrict to the bare minimum which is
	UNIX transport for local usage. Users shouldn't need to be
	running setuid if connecting to remote hypervisors in any
	case.

	Block all use of getenv with syntax-check
	The use of getenv is typically insecure, and we want people
	to use our wrappers, to force them to think about setuid
	needs.

	Remove all direct use of getenv
	Unconditional use of getenv is not secure in setuid env.
	While not all libvirt code runs in a setuid env (since
	much of it only exists inside libvirtd) this is not always
	clear to developers. So make all the code paranoid, even
	if it only ever runs inside libvirtd.

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Make virCommand env handling robust in setuid env
	When running setuid, we must be careful about what env vars
	we allow commands to inherit from us. Replace the
	virCommandAddEnvPass function with two new ones which do
	filtering

	  virCommandAddEnvPassAllowSUID
	  virCommandAddEnvPassBlockSUID

	And make virCommandAddEnvPassCommon use the appropriate
	ones

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Set a sane $PATH for virt-login-shell
	The virt-login-shell binary shouldn't need to execute programs
	relying on $PATH, but just in case set a fixed $PATH value
	of /bin:/usr/bin

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Don't link virt-login-shell against libvirt.so (CVE-2013-4400)
	The libvirt.so library has far too many library deps to allow
	linking against it from setuid programs. Those libraries can
	do stuff in __attribute__((constructor) functions which is
	not setuid safe.

	The virt-login-shell needs to link directly against individual
	files that it uses, with all library deps turned off except
	for libxml2 and libselinux.

	Create a libvirt-setuid-rpc-client.la library which is linked
	to by virt-login-shell. A config-post.h file allows this library
	to disable all external deps except libselinux and libxml2.

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Close all non-stdio FDs in virt-login-shell (CVE-2013-4400)
	We don't want to inherit any FDs in the new namespace
	except for the stdio FDs. Explicitly close them all,
	just in case some do not have the close-on-exec flag
	set.

	Only allow 'stderr' log output when running setuid (CVE-2013-4400)
	We must not allow file/syslog/journald log outputs when running
	setuid since they can be abused to do bad things. In particular
	the 'file' output can be used to overwrite files.

	Add helpers for getting env vars in a setuid environment
	Care must be taken accessing env variables when running
	setuid. Introduce a virGetEnvAllowSUID for env vars which
	are safe to use in a setuid environment, and another
	virGetEnvBlockSUID for vars which are not safe. Also add
	a virIsSUID helper method for any other non-env var code
	to use.

2013-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix perms for virConnectDomainXML{To,From}Native (CVE-2013-4401)
	The virConnectDomainXMLToNative API should require 'connect:write'
	not 'connect:read', since it will trigger execution of the QEMU
	binaries listed in the XML.

	Also make virConnectDomainXMLFromNative API require a full
	read-write connection and 'connect:write' permission. Although the
	current impl doesn't trigger execution of QEMU, we should not
	rely on that impl detail from an API permissioning POV.

2013-10-21  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	docs: fix a typo in formatdomain
	s/effect/affect

2013-10-18  Geoff Hickey  <ghickey@datagravity.com>

	Fix a problem introduced by commit 99889012
	The meaning of one line of code was accidentally inverted.

2013-10-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix augeas support for migration ports
	Commit e3ef20d7 allows user to configure migration ports range via
	qemu.conf. However, it forgot to update augeas definition file and
	even the test data was malicious.

2013-10-18  Jiri Denemark  <jdenemar@redhat.com>

	docs: Expand description of host-model CPU mode
	host-model is a nice idea but it's current implementation make it
	useless on some hosts so it should be used with care.

	qemu: Make migration port range configurable
	https://bugzilla.redhat.com/show_bug.cgi?id=1019053

2013-10-18  Wang Yufei  <james.wangyufei@huawei.com>

	qemu: Avoid assigning unavailable migration ports
	https://bugzilla.redhat.com/show_bug.cgi?id=1019053

	When we migrate vms concurrently, there's a chance that libvirtd on
	destination assigns the same port for different migrations, which will
	lead to migration failure during prepare phase on destination. So we use
	virPortAllocator here to solve the problem.

2013-10-18  Michal Privoznik  <mprivozn@redhat.com>

	viralloc.h: Fix typo in VIR_APPEND_ELEMENT_COPY_QUIT
	In fact, the suffix should be _QUIET not _QUIT to stress the
	fact, that no OOM error is reported on error.

2013-10-18  Christophe Fergeau  <cfergeau@redhat.com>

	netcf: Don't complain when cleanup is called before init
	netcfStateInitialize() initializes the driverState variable,
	and when netcfStateCleanup is called, it will call virReportError()
	if driverState is NULL.
	This is not consistent with what other state objects are doing,
	they return -1 without reporting an error in such cases.

	See also
	https://www.redhat.com/archives/libvir-list/2013-October/msg00809.html:

	On Thu, Oct 17, 2013 at 01:40:19PM +0100, Daniel P. Berrange wrote:
	> We don't want virStateCleanup to skip execution if virStateInitialize
	> has failed though - every callback in virStateCleanup should be written
	> to be safe if its corresponding init function hasn't run.

2013-10-18  Zhou Yimin  <zhouyimin@huawei.com>

	remote: fix regression in event deregistration
	Introduced by 7b87a3
	When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
	I got error like:
	"libvirt: XML-RPC error : internal error: domain event 0 not registered".
	Then I add the following code, it fixed.

2013-10-18  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	daemon: don't free domain if it's null
	If we fail to get domain, we had to judge whether
	it's null or not when doing 'cleanup'.

2013-10-18  John Ferlan  <jferlan@redhat.com>

	Remove ATTRIBUTE_NONNULL(3) from qemuMonitorJSONDrivePivot
	The header definition didn't match the function declaration, so adjusted
	header to reflect the definition.

	Found during a Coverity build where STATIC_ANALYSIS is enabled resulting
	in the internal.h adding __nonnull__ handling to arguments.

	Commit '6d264c91' added support for the qemuMonitorJSONDrivePivot() and
	commit 'fbc3adc9' added a corresponding test which ended up triggering
	the build failure which I didn't notice until today!

2013-10-17  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: improve usability of '--print-xml' flag for attach-disk command
	'--print-xml' option is very useful for doing some test.
	But we had to specify a real domain for it.
	This patch could enable us to specify a fake domain
	when using --print-xml option.

2013-10-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Remove unnecessary NULL comparisons (3/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.

	Part three of three.

2013-10-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Remove unnecessary NULL comparisons (2/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.

	Part two of three.

2013-10-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Remove unnecessary NULL comparisons (1/3)
	Code cleanup: remove explicit NULL comparisons like ptr == NULL and
	ptr != NULL from the ESX code, replacing them with the simpler ptr
	and !ptr.

	Part one of three.

2013-10-17  Daniel P. Berrange  <berrange@redhat.com>

	Add support for enabling SASL for SPICE guests
	QEMU has support for SASL auth for SPICE guests, but libvirt
	has no way to enable it. Following the example from VNC where
	it is globally enabled via qemu.conf

2013-10-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainCleanupRemove: s/memmove/VIR_DELETE_ELEMENT_INPLACE/
	The last argument of memmove is the amount of bytes to be moved. The
	amount is in Bytes. We are moving some void pointers around. However,
	since sizeof(void *) is not Byte on any architecture, we've got the
	arithmetic wrong.

2013-10-17  Brian Candler  <b.candler@pobox.com>

	better error checking for LOCAL_PEERCRED
	This patch improves the error checking in the LOCAL_PEERCRED version
	of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX.

	1. The error return paths now correctly unlock the socket. This is
	implemented in exactly the same way as the SO_PEERCRED version,
	using "goto cleanup"

	2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked
	for negative and overlarge values.

	This means that if the getsockopt() call returns success but doesn't
	actually update the xucred structure, this is now caught. This
	happened previously when getsockopt was called with SOL_SOCKET
	instead of SOL_LOCAL, prior to commit 5a468b3, and resulted in
	random uids being accepted.

2013-10-17  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	virsh: fix a typo in virsh-domain
	s/it's/its

2013-10-16  Giuseppe Scrivano  <gscrivan@redhat.com>

	build: use the gnulib version of the .m4 files when present
	prevent aclocal from preferring .m4 files under m4/ over the version
	provided by gnulib, by using only one directory.

	I have noticed this after './configure --help' gave me two different
	versions of "--enable-threads".  This was caused by aclocal that
	preferred the version of lock.m4 provided by autopoint instead of
	using the newer version distributed with gnulib.

	Having two different directories made sense back when we checked
	gnulib files into libvirt.git, but that was ages ago.

2013-10-16  Eric Blake  <eblake@redhat.com>

	storage: allow interleave in pool XML
	The RNG grammar did not allow arbitrary interleaving, which makes
	it harder than necessary to create a new pool from handwritten XML.

	* docs/schemas/storagepool.rng: Allow interleaving.
	* tests/storagepoolxml2xmlin/pool-sheepdog.xml: Test interleave.
	* tests/storagepoolxml2xmlin/pool-iscsi-auth.xml: Likewise.

2013-10-16  Eric Blake  <eblake@redhat.com>

	storage: document existing pools
	We forgot to document several pool types.

	* docs/formatstorage.html.in: Add docs for scsi, mpath, rbd, and
	sheepdog.

2013-10-16  Christophe Fergeau  <cfergeau@redhat.com>

	remote-driver: Fix 'leav' typo in comment

2013-10-16  Osier Yang  <jyang@redhat.com>

	rpc: Correct the wrong payload size checking
	<...>
	/* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
	 * and VIR_NET_MESSAGE_INITIAL.
	 */
	const VIR_NET_MESSAGE_LEN_MAX = 4;
	</...>

	However, msg->bufferLength includes the length word. The wrong checking
	was introduced by commit e914dcfd.

	* src/rpc/virnetmessage.c:
	  - Correct the checking in virNetMessageEncodePayloadRaw
	  - Use a new variable to track the new payload length in
	    virNetMessageEncodePayloadRaw

2013-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add support for detecting PPC little endian arches
	The recent patch series proposing the addition of PPC little endian
	arch support to Linux defines new arch names 'ppcle' and 'ppc64le':

	https://lists.ozlabs.org/pipermail/linuxppc-dev/2013-August/109908.html

	This just makes libvirt know about these arch names, so it doesn't
	immediately trip up if it seems these new names from uname.

2013-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo breaking cgroups for NBD backed filesystems
	A typo in the setup of NBD backed filesystems meant the
	/dev/nbdN device would not be added to the cgroups device
	ACL.

	Add some logging to LXC disk/fs nbd/loop setup

	Add logging to LXC cgroup devices setup
	To facilitate debugging, add some more logging to LXC cgroup
	devices ACL setup.

	Add log statement when NBD device is setup

2013-10-15  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Add qemu capabilities schemeta for test.
	Add qemu AArch64 capabilities schemeta in caps-qemu-kvm.xml.


	(crobinso: add aarch64 to schema arch list)

2013-10-15  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	Implement minimal sysinfo for AArch64 platforms.
	Implement the bare minimal sysinfo for AArch64 platforms by
	reading the CPU models from /proc/cpuinfo.

2013-10-15  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Parse cputopology from /proc/cpuinfo.
	CPU "parser" for AArch64.
	Showing cputopology in arm64 linux is work-in-progress so for now
	all AArch64 cpus belong to same socket (like PPC).

	Also we parse BogoMIPS same like arm 32bit.

2013-10-15  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: CPU Support for AArch64 (ARMv8 64bit).
	Adding CPU encoder/decoder for AArch64.


	(crobinso: fix for recent libvirt Ptr refactoring)

2013-10-15  Pranavkumar Sawargaonkar  <pranavkumar@linaro.org>

	AArch64: Add AArch64 architecture to list of valid arches.
	Adding AArch64(ARMv8 64bit) to the current list of valid architectures.

	For now, AArch64 name would imply AArch64 LE mode only. In future,
	we might have separate names for AArch64 LE and BE.

2013-10-15  Dusty Mabe  <dustymabe@gmail.com>

	Ignore thin pool LVM devices.
	This should resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=924672

	For BZ 924672 the problem stems from the fact that thin pool logical
	volume devices show up in /sbin/lvs output just like normal logical
	volumes do. Libvirt incorrectly assumes they are just normal logical
	volumes and that they will have a corresponding /dev/vgname/lvname
	device that has been created by udev and tries to use this device.

	To illustrate here is an example of the /dev/vgname/ directory and
	the lvs output for a normal lv, thin lv, and thin pool:

	    LV     VG       Attr      LSize  Pool Origin Data%  Move Log Copy%  Convert
	    lv     vgguests -wi-a----  1.00g
	    pool   vgguests twi-a-tz- 11.00g               0.00
	    thinlv vgguests Vwi-a-tz-  1.00g pool          0.00
	total 0
	lrwxrwxrwx. 1 root root 7 Oct  8 19:35 lv -> ../dm-7
	lrwxrwxrwx. 1 root root 7 Oct  8 19:37 thinlv -> ../dm-6

	This patch modifies virStorageBackendLogicalMakeVol() to ignore thin pool
	devices.

2013-10-15  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf.c: Initialize arrVar and cntVar
	Some ancient gcc fails to see the variables are initialized in a
	separate function and a false positive is produced:

	cc1: warnings being treated as errors
	conf/domain_conf.c: In function 'virDomainChrGetDomainPtrs':
	conf/domain_conf.c:10342: error: 'arrVar' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10343: error: 'cntVar' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c: In function 'virDomainChrInsert':
	conf/domain_conf.c:10362: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10363: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c: In function 'virDomainChrRemove':
	conf/domain_conf.c:10374: error: 'arrPtr' may be used uninitialized in this function [-Wuninitialized]
	conf/domain_conf.c:10375: error: 'cntPtr' may be used uninitialized in this function [-Wuninitialized]

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	cpu: x86: Clean up error messages in x86VendorLoad()
	Avoid a line exceeding 80 characters and change argument alignment in
	two error messages.

	cpu: x86: Use whitespace to clarify context and use consistent labels

	cpu: x86: Fix function header formatting and whitespace

	cpu: x86: Fix return types of x86cpuidMatch and x86cpuidMatchMasked
	These return boolean results.

	cpu: x86: Rename data_iterator and DATA_ITERATOR_INIT
	Use virCPUx86DataIterator and virCPUx86DataIteratorInit.

2013-10-15  Jiri Denemark  <jdenemar@redhat.com>

	cpu: x86: Rename x86DataAddCpuid as virCPUx86DataAddCPUID

	cpu: x86: Rename x86MakeCPUData as virCPUx86MakeData

	cpu: x86: Rename x86DataFree() as virCPUx86DataFree()

	cpu: x86: Rename struct cpuX86Data as virCPUx86Data

	cpu: x86: Rename struct cpuX86cpuid as virCPUx86CPUID

	cpu: Add support for loading and storing CPU data
	This patch adds cpuDataFormat and cpuDataParse APIs to be used in unit
	tests for testing APIs that deal with virCPUData. In the x86 world, this
	means we can now store/load arbitrary CPUID data in the test suite to
	check correctness of CPU related APIs that could not be tested before.

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: command: Fix macro indentation

	conf: Mark user provided strings in error messages when parsing XML
	Use apostrophes to denote user provided option names when parsing the
	domain XML.

	schema: Rename option 'hypervtristate' to 'featurestate'
	Change the RelaxNG schema option name so that it can be reused for
	non-hyperv feature flags.

2013-10-15  Hongwei Bi  <hwbi2008@gmail.com>

	fix typo in lxc_driver.c and virsh-nodedev.c

2013-10-15  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	build: Add lxc testcase to dist list
	Introduced by commit 3f029fb5319b9dc9cc2fbf8d1ba4505ee9e4b1e3 the RPM build
	was broken due to a missing LXC textcase.

2013-10-15  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	cgroup: leave blkio cgroup value checking to kernel
	The range of valid values for cgroup tunables has
	changed in the past and may change again in future
	kernels. Avoid hardcoding range checks in libvirt
	code, delegating range checking to the kernel itself.

	cgroup: show error when EINVAL is returned
	When EINVAL is returned while changing a cgroups value, tell
	user that what values are invalid for the field.

	docs: change the minimum weight description for blkio
	Since 2.6.39, kernel changed the minimum weight of device blkio.
	Update related docs.

2013-10-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: handle 'saved' state of VMs
	VirtualBox has 'saved' state for VMs saved by the hypervisor.
	However, the state is treated as VIR_DOMAIN_NOSTATE by the vbox
	driver, resulting that virsh shows 'no state' for saved VMs.

	The fix treats the state as VIR_DOMAIN_SHUTOFF as same as
	other domains such as qemu.

2013-10-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	vbox: merge duplicate state conversions
	The code for converting between virtualbox API states
	and libvirt states was duplicated in two places. Pull
	the code out into a shared helper method.

2013-10-15  Geoff Hickey  <ghickey@datagravity.com>

	esx: Fix floppy.fileName handling in the vmx file parser
	The vmx file parsing code was reporting errors when parsing floppy.fileName
	entries if the filename didn't end in .flp. There is no such restriction in
	ESX; even using the GUI to configure floppy filenames you can specify any
	arbitrary file with any extension.

	Fix by changing the vmx parsing code so that it uses the floppy.fileType
	value to determine whether floppy.fileName refers to a block device or a
	regular file.

	Also remove code that would have generated an error if no floppy.fileName
	was specified. This is not an error either.

	Updated the floppy tests in vmx2xmltest.c and xml2vmxtest.c.

2013-10-15  Daniel P. Berrange  <berrange@redhat.com>

	Add some notes about secure usage of libvirt
	Start a page describing some of the things that applications
	using libvirt need to bear in mind to ensure security of their
	systems.

2013-10-15  Ján Tomko  <jtomko@redhat.com>

	Convert uuid to a string before printing it
	Introduced by 1fa7946.

	https://bugzilla.redhat.com/show_bug.cgi?id=1019023

2013-10-15  Peter Krempa  <pkrempa@redhat.com>

	xenapi: Fix build after const correctnes changes
	In commit d24677090f1c0596ac1585cc233d6e130b9bb75f the header of one of
	the post parse callbacks was changed, but the function used as the
	callback in the xenapi driver wasn't adapted. This resulted into:

	  CC       xenapi/libvirt_driver_xenapi_la-xenapi_utils.lo
	 xenapi/xenapi_driver.c:63:5: error: initialization from incompatible pointer type [-Werror]
	 xenapi/xenapi_driver.c:63:5: error: (near initialization for 'xenapiDomainDefParserConfig.devicesPostParseCallback') [-Werror]

2013-10-14  Eric Blake  <eblake@redhat.com>

	build: syntax check to avoid 'const fooPtr'
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Now that the code base has been cleaned, enforce it with a syntax
	checker.

	* cfg.mk (sc_forbid_const_pointer_typedef): New rule.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in all remaining places
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up all remaining offenders.

	* src/lxc/lxc_process.c (virLXCProcessSetupInterfaceBridged): Drop
	needless const.
	* src/uml/uml_driver.c (umlMonitorCommand): Use intended type.
	(umlMonitorAddress): Fix fallout.
	* src/xen/xm_internal.c (xenXMDomainSearchForUUID): Use intended type.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in qemu
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in src/qemu.

	* src/qemu/qemu_bridge_filter.h (networkAllowMacOnPort)
	(networkDisallowMacOnPort): Use intended type.
	* src/qemu/qemu_bridge_filter.c (networkAllowMacOnPort)
	(networkDisallowMacOnPort): Likewise.
	* src/qemu/qemu_command.c (qemuBuildTPMBackendStr)
	(qemuBuildTPMDevStr, qemuBuildCpuArgStr)
	(qemuBuildObsoleteAccelArg, qemuBuildMachineArgStr)
	(qemuBuildSmpArgStr, qemuBuildNumaArgStr): Likewise.
	* src/qemu/qemu_conf.c (qemuSharedDeviceEntryCopy): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSaveImageStartVM): Likewise.
	* src/qemu/qemu_hostdev.c
	(qemuDomainHostdevNetConfigVirtPortProfile): Likewise.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONAttachCharDevCommand): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in security
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in src/security.

	* src/security/security_apparmor.c (reload_profile)
	(AppArmorSetSecurityHostdevLabelHelper)
	(AppArmorReleaseSecurityLabel, AppArmorRestoreSecurityAllLabel)
	(AppArmorSetSecurityProcessLabel)
	(AppArmorSetSecurityChildProcessLabel)
	(AppArmorSetSecurityImageLabel, AppArmorSecurityVerify)
	(AppArmorSetSecurityHostdevLabel)
	(AppArmorRestoreSecurityHostdevLabel, AppArmorSetFDLabel): Drop
	needless const.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityFileLabel): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in conf
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up remaining offenders in src/conf, and their fallout.

	* src/conf/snapshot_conf.h (virDomainSnapshotAssignDef)
	(virDomainSnapshotFindByName): Drop attempt at const.
	* src/conf/interface_conf.h (virInterfaceObjIsActive)
	(virInterfaceDefFormat): Use intended type.
	(virInterfaceFindByMACString, virInterfaceFindByName)
	(virInterfaceAssignDef, virInterfaceRemove): Drop attempt at
	const.
	* src/conf/network_conf.h (virNetworkObjIsActive)
	(virNetworkDefFormat, virNetworkDefForwardIf)
	(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
	(virNetworkIpDefNetmask): Use intended type.
	(virNetworkFindByUUID, virNetworkFindByName, virNetworkAssignDef)
	(virNetworkObjAssignDef, virNetworkRemoveInactive)
	(virNetworkBridgeInUse, virNetworkSetBridgeName)
	(virNetworkAllocateBridge): Drop attempt at const.
	* src/conf/netdev_vlan_conf.h (virNetDevVlanFormat): Make
	const-correct.
	* src/conf/node_device_conf.h (virNodeDeviceHasCap)
	(virNodeDeviceDefFormat): Use intended type.
	(virNodeDeviceFindByName, virNodeDeviceFindBySysfsPath)
	(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
	(virNodeDeviceGetParentHost): Drop attempt at const.
	* src/conf/secret_conf.h (virSecretDefFormat): Use intended type.
	* src/conf/snapshot_conf.c (virDomainSnapshotAssignDef)
	(virDomainSnapshotFindByName): Fix fallout.
	* src/conf/interface_conf.c (virInterfaceBridgeDefFormat)
	(virInterfaceBondDefFormat, virInterfaceVlanDefFormat)
	(virInterfaceProtocolDefFormat, virInterfaceDefDevFormat)
	(virInterfaceDefFormat, virInterfaceFindByMACString)
	(virInterfaceFindByName, virInterfaceAssignDef)
	(virInterfaceRemove): Likewise.
	* src/conf/network_conf.c
	(VIR_ENUM_IMPL, virNetworkFindByName, virNetworkObjAssignDef)
	(virNetworkAssignDef, virNetworkRemoveInactive)
	(virNetworkDefGetIpByIndex, virNetworkIpDefPrefix)
	(virNetworkIpDefNetmask, virNetworkDHCPHostDefParseXML)
	(virNetworkIpDefFormat, virNetworkRouteDefFormat)
	(virPortGroupDefFormat, virNetworkForwardNatDefFormat)
	(virNetworkDefFormatInternal, virNetworkBridgeInUse)
	(virNetworkAllocateBridge, virNetworkSetBridgeName)
	(virNetworkDNSDefFormat, virNetworkDefFormat): Likewise.
	* src/conf/netdev_vlan_conf.c (virNetDevVlanFormat): Likewise.
	* src/conf/node_device_conf.c (virNodeDeviceHasCap)
	(virNodeDeviceFindBySysfsPath, virNodeDeviceFindByName)
	(virNodeDeviceAssignDef, virNodeDeviceObjRemove)
	(virNodeDeviceDefFormat, virNodeDeviceGetParentHost): Likewise.
	* src/conf/secret_conf.c (virSecretDefFormatUsage)
	(virSecretDefFormat): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in domain_conf
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in src/conf/domain_conf, and their fallout.

	Several things to note: virObjectLock() requires a non-const
	argument; if this were C++, we could treat the locking field
	as 'mutable' and allow locking an otherwise 'const' object, but
	that is a more invasive change, so I instead dropped attempts
	to be const-correct on domain lookup.  virXMLPropString and
	friends require a non-const xmlNodePtr - this is because libxml2
	is not a const-correct library.  We could make the src/util/virxml
	wrappers cast away const, but I figured it was easier to not
	try to mark xmlNodePtr as const.  Finally, virDomainDeviceDefCopy
	was a rather hard conversion - it calls virDomainDeviceDefPostParse,
	which in turn in the xen driver was actually modifying the domain
	outside of the current device being visited.  We should not be
	adding a device on the first per-device callback, but waiting until
	after all per-device callbacks are complete.

	* src/conf/domain_conf.h (virDomainObjListFindByID)
	(virDomainObjListFindByUUID, virDomainObjListFindByName)
	(virDomainObjAssignDef, virDomainObjListAdd): Drop attempt at
	const.
	(virDomainDeviceDefCopy): Use intended type.
	(virDomainDeviceDefParse, virDomainDeviceDefPostParseCallback)
	(virDomainVideoDefaultType, virDomainVideoDefaultRAM)
	(virDomainChrGetDomainPtrs): Make const-correct.
	* src/conf/domain_conf.c (virDomainObjListFindByID)
	(virDomainObjListFindByUUID, virDomainObjListFindByName)
	(virDomainDeviceDefCopy, virDomainObjListAdd)
	(virDomainObjAssignDef, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciOrigStatesDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevSubsysScsiDefParseXML)
	(virDomainControllerModelTypeFromString)
	(virDomainTPMDefParseXML, virDomainTimerDefParseXML)
	(virDomainSoundCodecDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainRNGDefParseXML)
	(virDomainMemballoonDefParseXML, virDomainNVRAMDefParseXML)
	(virSysinfoParseXML, virDomainVideoAccelDefParseXML)
	(virDomainVideoDefParseXML, virDomainHostdevDefParseXML)
	(virDomainRedirdevDefParseXML)
	(virDomainRedirFilterUsbDevDefParseXML)
	(virDomainRedirFilterDefParseXML, virDomainIdMapEntrySort)
	(virDomainIdmapDefParseXML, virDomainVcpuPinDefParseXML)
	(virDiskNameToBusDeviceIndex, virDomainDeviceDefCopy)
	(virDomainVideoDefaultType, virDomainHostdevAssignAddress)
	(virDomainDeviceDefPostParseInternal, virDomainDeviceDefPostParse)
	(virDomainChrGetDomainPtrs, virDomainControllerSCSINextUnit)
	(virDomainSCSIDriveAddressIsUsed)
	(virDomainDriveAddressIsUsedByDisk)
	(virDomainDriveAddressIsUsedByHostdev): Fix fallout.
	* src/openvz/openvz_driver.c (openvzDomainDeviceDefPostParse):
	Likewise.
	* src/libxl/libxl_domain.c (libxlDomainDeviceDefPostParse):
	Likewise.
	* src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse)
	(qemuDomainDefaultNetModel): Likewise.
	* src/lxc/lxc_domain.c (virLXCDomainDeviceDefPostParse):
	Likewise.
	* src/uml/uml_driver.c (umlDomainDeviceDefPostParse): Likewise.
	* src/xen/xen_driver.c (xenDomainDeviceDefPostParse): Split...
	(xenDomainDefPostParse): ...since per-device callback is not the
	time to be adding a device.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: fix awkward typing of virDomainChrGetDomainPtrs
	virDomainChrGetDomainPtrs() required 4 levels of pointers (taking
	a parameter that will be used as an output variable to return the
	address of another variable that contains an array of pointers).
	This is rather complex to reason about, especially when outside
	of the domain_conf file, no other caller should be modifying
	the resulting array of pointers directly.  Changing the public
	signature gives something is easier to reason with, and actually
	make const-correct; which is important as it was the only function
	that was blocking virDomainDeviceDefCopy from treating its source
	as const.

	* src/conf/domain_conf.h (virDomainChrGetDomainPtrs): Use simpler
	types, and make const-correct for external users.
	* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Split...
	(virDomainChrGetDomainPtrsInternal): ...into an internal version
	that lets us modify terms, vs. external form that is read-only.
	(virDomainDeviceDefPostParseInternal, virDomainChrFind)
	(virDomainChrInsert): Adjust callers.
	* src/qemu/qemu_command.c (qemuGetNextChrDevIndex): Adjust caller.
	(qemuDomainDeviceAliasIndex): Make const-correct.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in python bindings
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in the python bindings.

	* python/generator.py (py_types): Drop useless conversions.
	* python/libvirt-override.c (getPyVirTypedParameter)
	(setPyVirTypedParameter): Use intended type.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in tests
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in the testsuite.

	* tests/cputest.c (cpuTestCompareXML): Use intended type.
	* tests/qemucapabilitiestest.c (testQemuCaps): Likewise.
	* tests/qemumonitorjsontest.c: Drop const.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in nwfilter files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in nwfilter code.

	This patch does nothing about the stupidity evident in having
	__virNWFilterInstantiateFilter, _virNWFilterInstantiateFilter,
	and virNWFilterInstantiateFilter, which differ only by leading
	underscores, and which infringes on the namespace reserved to
	the implementation - that would need to be a separate cleanup.

	* src/nwfilter/nwfilter_dhcpsnoop.h (virNWFilterDHCPSnoopReq): Use
	intended type.
	* src/nwfilter/nwfilter_gentech_driver.h
	(virNWFilterInstantiateFilter)
	(virNWFilterUpdateInstantiateFilter)
	(virNWFilterInstantiataeFilterLate, virNWFilterTeardownFilter)
	(virNWFilterCreateVarHashmap): Likewise.
	* src/nwfilter/nwfilter_learnipaddr.h (virNWFilterLearnIPAddress):
	Likewise.
	* src/conf/nwfilter_conf.h (virNWFilterApplyBasicRules)
	(virNWFilterApplyDHCPOnlyRules): Likewise.
	(virNWFilterDefFormat): Make const-correct.
	* src/conf/nwfilter_params.h (virNWFilterVarValueCopy)
	(virNWFilterVarValueGetSimple, virNWFilterVarValueGetCardinality)
	(virNWFilterVarValueEqual, virNWFilterVarAccessEqual)
	(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
	(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
	(virNWFilterVarAccessIsAvailable)
	(virNWFilterVarCombIterGetVarValue): Use intended type.
	(virNWFilterVarValueGetNthValue): Make const-correct.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
	(virNWFilterSnoopIFKeyFMT, virNWFilterDHCPSnoopReq)
	(virNWFilterSnoopPruneIter, virNWFilterSnoopRemAllReqIter)
	(virNWFilterDHCPSnoopReq): Fix fallout.
	* src/nwfilter/nwfilter_gentech_driver.c
	(virNWFilterVarHashmapAddStdValues, virNWFilterCreateVarHashmap)
	(virNWFilterInstantiate, __virNWFilterInstantiateFilter)
	(_virNWFilterInstantiateFilter, virNWFilterInstantiateFilterLate)
	(virNWFilterInstantiateFilter)
	(virNWFilterUpdateInstantiateFilter)
	(virNWFilterRollbackUpdateFilter, virNWFilterTeardownFilter):
	Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnIPAddress):
	Likewise.
	* src/conf/nwfilter_params.c (virNWFilterVarValueCopy)
	(virNWFilterVarValueGetSimple)
	(virNWFilterVarValueGetCardinality, virNWFilterVarValueEqual)
	(virNWFilterVarCombIterAddVariable)
	(virNWFilterVarCombIterGetVarValue, virNWFilterVarValueCompare)
	(virNWFilterFormatParamAttributes, virNWFilterVarAccessEqual)
	(virNWFilterVarAccessGetVarName, virNWFilterVarAccessGetType)
	(virNWFilterVarAccessGetIterId, virNWFilterVarAccessGetIndex)
	(virNWFilterVarAccessGetIntIterId)
	(virNWFilterVarAccessIsAvailable)
	(virNWFilterVarValueGetNthValue): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebtablesApplyBasicRules)
	(ebtablesApplyDHCPOnlyRules, ebiptablesRuleOrderSort)
	(ebiptablesRuleOrderSortPtr): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterDefEqual)
	(virNWFilterDefFormat): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in cpu files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in src/cpu.

	* src/cpu/cpu.h (cpuArchDecode, cpuArchEncode, cpuArchUpdate)
	(cpuArchHasFeature, cpuDecode, cpuEncode, cpuUpdate)
	(cpuHasFeature): Use intended type.
	* src/conf/cpu_conf.h (virCPUDefCopyModel, virCPUDefCopy):
	Likewise.
	(virCPUDefParseXML): Drop const.
	* src/cpu/cpu.c (cpuDecode, cpuEncode, cpuUpdate, cpuHasFeature):
	Fix fallout.
	* src/cpu/cpu_x86.c (x86ModelFromCPU, x86ModelSubtractCPU)
	(x86DecodeCPUData, x86EncodePolicy, x86Encode, x86UpdateCustom)
	(x86UpdateHostModel, x86Update, x86HasFeature): Likewise.
	* src/cpu/cpu_s390.c (s390Decode): Likewise.
	* src/cpu/cpu_arm.c (ArmDecode): Likewise.
	* src/cpu/cpu_powerpc.c (ppcModelFromCPU, ppcCompute, ppcDecode)
	(ppcUpdate): Likewise.
	* src/conf/cpu_conf.c (virCPUDefCopyModel, virCPUDefCopy)
	(virCPUDefParseXML): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in virnet files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up remaining offenders in src/util.

	* src/util/virnetdev.h (virNetDevSetMAC)
	(virNetDevReplaceMacAddress, virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Use intended type.
	* src/util/virnetdevbandwidth.h (virNetDevBandwidthCopy)
	(virNetDevBandwidthPlug): Likewise.
	* src/util/virnetdevmacvlan.h (virNetDevMacVLanCreate)
	(virNetDevMacVLanCreateWithVPortProfile)
	(virNetDevMacVLanDeleteWithVPortProfile)
	(virNetDevMacVLanRestartWithVPortProfile)
	(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
	* src/util/virnetdevopenvswitch.h (virNetDevOpenvswitchAddPort):
	Likewise.
	* src/util/virnetdevtap.h (virNetDevTapCreateInBridgePort):
	Likewise.
	* src/util/virnetdevvlan.h (virNetDevVlanEqual)
	(virNetDevVlanCopy): Likewise.
	* src/util/virnetdevvportprofile.h
	(virNetDevVPortProfileAssociate)
	(virNetDevVPortProfileDisassociate): Likewise.
	* src/util/virnetlink.h (virNetlinkEventRemoveCallback)
	(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
	Likewise.
	* src/util/virnetdev.c (virNetDevSetMAC)
	(virNetDevReplaceMacAddress, virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Fix fallout.
	* src/util/virnetdevbandwidth.c (virNetDevBandwidthCopy)
	(virNetDevBandwidthPlug): Likewise.
	* src/util/virnetdevmacvlan.c (virNetDevMacVLanCreate)
	(virNetDevMacVLanCreateWithVPortProfile)
	(virNetDevMacVLanDeleteWithVPortProfile)
	(virNetDevMacVLanRestartWithVPortProfile)
	(virNetDevMacVLanVPortProfileRegisterCallback): Likewise.
	* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort):
	Likewise.
	* src/util/virnetdevtap.c (virNetDevTapCreateInBridgePort):
	Likewise.
	* src/util/virnetdevvlan.c (virNetDevVlanEqual)
	(virNetDevVlanCopy): Likewise.
	* src/util/virnetdevvportprofile.c
	(virNetDevVPortProfileAssociate)
	(virNetDevVPortProfileDisassociate)
	(virNetDevVPortProfileOpSetLink, virNetDevVPortProfileOpCommon)
	(virNetDevVPortProfileOp8021Qbg, virNetDevVPortProfileOp8021Qbh):
	Likewise.
	* src/util/virnetlink.c (virNetlinkEventRemoveCallback)
	(virNetlinkEventAddClient, virNetlinkEventRemoveClient):
	Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in several util files
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in src/util outside of the virnet namespace.

	Also, make a few virSocketAddr functions const-correct, for easier
	conversions in future patches.

	* src/util/virbuffer.h (virBufferError, virBufferUse)
	(virBufferGetIndent): Use intended type.
	* src/util/virmacaddr.h (virMacAddrCmp, virMacAddrCmpRaw)
	(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
	(virMacAddrIsMulticast): Likewise.
	* src/util/virebtables.h (ebtablesAddForwardAllowIn)
	(ebtablesRemoveForwardAllowIn): Likewise.
	* src/util/virsocketaddr.h (virSocketAddrSetIPv4Addr): Drop
	incorrect const.
	(virMacAddrGetRaw, virSocketAddrFormat, virSocketAddrFormatFull):
	Make const-correct.
	(virSocketAddrMask, virSocketAddrMaskByPrefix)
	(virSocketAddrBroadcast, virSocketAddrBroadcastByPrefix)
	(virSocketAddrGetNumNetmaskBits, virSocketAddrGetIpPrefix)
	(virSocketAddrEqual, virSocketAddrIsPrivate)
	(virSocketAddrIsWildcard): Use intended type.
	* src/util/virbuffer.c (virBufferError, virBufferUse)
	(virBufferGetIndent): Fix fallout.
	* src/util/virmacaddr.c (virMacAddrCmp, virMacAddrCmpRaw)
	(virMacAddrSet, virMcAddrFormat, virMacAddrIsUnicast)
	(virMacAddrIsMulticast): Likewise.
	* src/util/virebtables.c (ebtablesAddForwardAllowIn)
	(ebtablesRemoveForwardAllowIn): Likewise.
	* src/util/virsocketaddr.c (virSocketAddrMask, virMacAddrGetRaw)
	(virSocketAddrMaskByPrefix, virSocketAddrBroadcast)
	(virSocketAddrBroadcastByPrefix, virSocketAddrGetNumNetmaskBits)
	(virSocketAddrGetIpPrefix, virSocketAddrEqual)
	(virSocketAddrIsPrivate, virSocketAddrIsWildcard)
	(virSocketAddrGetIPv4Addr, virSocketAddrGetIPv6Addr)
	(virSocketAddrFormat, virSocketAddrFormatFull): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in hashes
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up virhash to provide a const-correct interface: all actions
	that don't modify the table take a const table.  Note that in
	one case (virHashSearch), we actually strip const away - we aren't
	modifying the contents of the table, so much as associated data
	for ensuring that the code uses the table correctly (if this were
	C++, it would be a case for the 'mutable' keyword).

	* src/util/virhash.h (virHashKeyComparator, virHashEqual): Use
	intended type.
	(virHashSize, virHashTableSize, virHashLookup, virHashSearch):
	Make const-correct.
	* src/util/virhash.c (virHashEqualData, virHashEqual)
	(virHashLookup, virHashSize, virHashTableSize, virHashSearch)
	(virHashComputeKey): Fix fallout.
	* src/conf/nwfilter_params.c
	(virNWFilterFormatParameterNameSorter): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesFilterOrderSort): Likewise.
	* tests/virhashtest.c (testHashGetItemsCompKey)
	(testHashGetItemsCompValue): Likewise.

2013-10-14  Eric Blake  <eblake@redhat.com>

	maint: avoid 'const fooPtr' in public API
	'const fooPtr' is the same as 'foo * const' (the pointer won't
	change, but it's contents can).  But in general, if an interface
	is trying to be const-correct, it should be using 'const foo *'
	(the pointer is to data that can't be changed).

	Fix up offenders in the public API.  Note that this is an API change;
	but see commit 6ac6f59, where we first argued that this change is
	harmless (but with that commit not actually making the change that it
	claimed to be making):

	    Although this is an API change (not ABI though), real callers won't be
	    impacted. Why?
	     1. these callback members are read-only, so it is less likely that
	    someone is trying to assign into the struct members.
	     2. The only way to register a virConnectDomainEventGraphicsCallback is
	    to cast it through a call to virConnectDomainEventRegisterAny.  That is,
	    even if the user's callback function leaves out the const, we never use
	    the typedef as the direct type of any API parameter.  Since they are
	    already casting their function pointer into a munged type before
	    registering it, their code will continue to compile.

	* include/libvirt/libvirt.h.in
	(virConnectDomainEventGraphicsCallback): Use intended type.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Improve log filtering in virLXCProcessReadLogOutputData
	Make the virLXCProcessReadLogOutputData method ignore the log
	lines about the container startup argv, ignore the generic
	error message from libvirt_lxc when lxcContainerMain fails
	and skip over blank lines.

	Ensure lxcContainerResolveSymlinks reports errors
	The lxcContainerResolveSymlinks method merely logged some errors
	as debug messages, rather than reporting them as proper errors.
	This meant startup failures were not diagnosed at all.

	Ensure lxcContainerMain reports errors on stderr
	Ensure the lxcContainerMain method reports any errors that
	occur during setup to stderr, where libvirtd will pick them
	up.

2013-10-14  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Serial devices don't have to be attached
	Serial devices don't necessarily have to be attached to an output to be
	shown to the guest.

	Revert "VMX: Some serial ports are not actually connected"
	This reverts commit dba04e7fa070a79415ea16141ad2e2ebd4f23033.
	This change was unfortunately not correct. We should have been
	changing the boolean argument supplied.

2013-10-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Add support for compressing external snapshot memory
	The regular save image code has the support to compress images using a
	specified algorithm. This was not implemented for external checkpoints
	although it shares most of the backend code.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1017227

2013-10-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: managedsave: Add support for compressing managed save images
	The regular save image code has the support to compress images using a
	specified algorithm. This was not implemented for managed save although
	it shares most of the backend code.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Initialize threading & error layer in LXC controller
	In Fedora 20, libvirt_lxc crashes immediately at startup with a
	trace

	 #0  0x00007f0cddb653ec in free () from /lib64/libc.so.6
	 #1  0x00007f0ce0e16f4a in virFree (ptrptr=ptrptr@entry=0x7f0ce1830058) at util/viralloc.c:580
	 #2  0x00007f0ce0e2764b in virResetError (err=0x7f0ce1830030) at util/virerror.c:354
	 #3  0x00007f0ce0e27a5a in virResetLastError () at util/virerror.c:387
	 #4  0x00007f0ce0e28858 in virEventRegisterDefaultImpl () at util/virevent.c:233
	 #5  0x00007f0ce0db47c6 in main (argc=11, argv=0x7fff4596c328) at lxc/lxc_controller.c:2352

	Normally virInitialize calls virErrorInitialize and
	virThreadInitialize, but we don't link to libvirt.so
	in libvirt_lxc, and nor did we ever call the error
	or thread initializers.

	I have absolutely no idea how this has ever worked, let alone
	what caused it to stop working in Fedora 20.

	In addition not all code paths from virLogSetFromEnv will
	ensure virLogInitialize is called correctly, which is another
	possible crash scenario.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Don't ignore all dbus connection errors
	Previous commit

	  commit 7ada155cdf2bbfac16ce08f64abb455a940e2cf7
	  Author: Gao feng <gaofeng@cn.fujitsu.com>
	  Date:   Wed Sep 11 11:15:02 2013 +0800

	    DBus: introduce virDBusIsServiceEnabled

	Made the cgroups code fallback to non-systemd based setup
	when dbus is not running. It was too big a hammer though,
	as it did not check what error code was received when the
	dbus connection failed. Thus it silently ignored serious
	errors from dbus such as "too many client connections",
	which should always be treated as fatal.

	We only want to ignore errors if the dbus unix socket does
	not exist, or if nothing is listening on it.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Improve error reporting with LXC controller
	The LXC code would read the log file if an LXC guest failed to
	startup. There were a number of failure cases where the guest
	will not start and libvirtd never gets as far as looking at the
	log file.

	Fix this by replacing some earlier generic errors with messages
	from the log.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix exit status of lxc controller
	The LXC controller main() method initialized 'rc' to 1
	rather than '-1'. In the cleanup path it will print any
	error to stderr, if-and-only-if rc < 0. Hence the incorrect
	initialization caused errors to be lost.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix flaw in detecting log format
	The log message regex has been

	[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug|info|warning|error :

	The precedence of '|' is high though, so this is equivalent to matching

	   [0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}\+[0-9]{4}: [0-9]+: debug

	Or

	   info

	Or

	   warning

	Or

	   error :

	Which is clearly not what it should have done. This caused the code to
	skip over things which are not log messages. The solution is to simply
	add brackets.

	A test case is also added to validate correctness.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC controller use a private dbus connection & close it
	The LXC controller uses dbus to talk to systemd to create
	cgroups. This means that each LXC controller instance has
	a dbus connection. The DBus daemon is limited to 256
	connections by default and we want to be able to run many
	1000 of containers.

	While the dbus limit could be raised in the config files,
	it is simpler to make libvirt LXC controller close its
	dbus connection once everything is configured.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Add a method for closing the dbus system bus connection
	If the dbus system bus connection is marked as private, then
	allow it to be closed.

2013-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Allow use of a private dbus bus connection
	The dbus_bus_get() function returns a shared bus connection that
	all libraries in a process can use. You are forbidden from calling
	close on this connection though, since you can never know if any
	other code might be using it.

	Add an option to use private dbus bus connections, if the app
	wants to be able to close the connection.

2013-10-14  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: Fix an improper comment in lxc_process.c
	Fix the improper comment for the "release" hook.

2013-10-11  Hongwei Bi  <hwbi2008@gmail.com>

	nwfilter: fix a typo in nwfilter_gentech_driver.c
	s/occcurred/occurred

2013-10-11  Doug Goldstein  <cardoe@cardoe.com>

	rpc: Fix getsockopt on Snow Leopard and lower
	Since 5a468b38b6 we use SOL_LOCAL for the 2nd argument of getsockopt()
	however Lion added the define SOL_LOCAL set to 0, which is the value to
	the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So
	instead of using the define just pass 0 so we restore compatibility
	with Snow Leopard and Leopard.

	Reported at https://github.com/mxcl/homebrew/pull/23141

2013-10-11  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Do version detection earlier
	Do VMware version detection earlier as future patches will need the
	version information to populate capabilities correctly.

	VMware: Simplify array walk for driver type
	Rather than walking the possible driver backends by handle, use a helper
	function. Additionally I've done a bit of refactoring in the code over
	the past few commits so add myself to the copyright line.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Include listenAddress in debug prints
	After my patches, some functions gained one more argument
	(@listenAddress) which wasn't included in debug printing of
	arguments they were called with. Functions in question are:
	qemuMigrationPrepareDirect and qemuMigrationPerform.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Avoid crashing if domain dies too quickly
	I've noticed a SIGSEGV-ing libvirtd on the destination when the qemu
	died too quickly = in Prepare phase. What is happening here is:

	1) [Thread 3493] We are in qemuMigrationPrepareAny() and calling
	qemuProcessStart() which subsequently calls qemuProcessWaitForMonitor()
	and qemuConnectMonitor(). So far so good. The qemuMonitorOpen()
	succeeds, however switching monitor to QMP mode fails as qemu died
	meanwhile. That is qemuMonitorSetCapabilities() returns -1.

	2013-10-08 15:54:10.629+0000: 3493: debug : qemuMonitorSetCapabilities:1356 : mon=0x14a53da0
	2013-10-08 15:54:10.630+0000: 3493: debug : qemuMonitorJSONCommandWithFd:262 : Send command '{"execute":"qmp_capabilities","id":"libvirt-1"}' for write with FD -1
	2013-10-08 15:54:10.630+0000: 3493: debug : virEventPollUpdateHandle:147 : EVENT_POLL_UPDATE_HANDLE: watch=17 events=13
	...
	2013-10-08 15:54:10.631+0000: 3493: debug : qemuMonitorSend:956 : QEMU_MONITOR_SEND_MSG: mon=0x14a53da0 msg={"execute":"qmp_capabilities","id":"libvirt-1"}
	 fd=-1
	2013-10-08 15:54:10.631+0000: 3262: debug : virEventPollRunOnce:641 : Poll got 1 event(s)

	2) [Thread 3262] The event loop is trying to do the talking to monitor.
	However, qemu is dead already, remember?

	2013-10-08 15:54:13.436+0000: 3262: error : qemuMonitorIORead:551 : Unable to read from monitor: Connection reset by peer
	2013-10-08 15:54:13.516+0000: 3262: debug : virFileClose:90 : Closed fd 25
	...
	2013-10-08 15:54:13.533+0000: 3493: debug : qemuMonitorSend:968 : Send command resulted in error internal error: early end of file from monitor: possible problem:

	3) [Thread 3493] qemuProcessStart() failed. No big deal. Go to the
	'endjob' label and subsequently to the 'cleanup'. Since the domain is
	not persistent and ret is -1, the qemuDomainRemoveInactive() is called.
	This has an (unpleasant) effect of virObjectUnref()-in the @vm object.
	Unpleasant because the event loop which is about to trigger EOF callback
	still holds a pointer to the @vm (not the reference). See the valgrind
	output below.

	4) [Thread 3262] So the event loop starts triggering EOF:

	2013-10-08 15:54:13.542+0000: 3262: debug : qemuMonitorIO:729 : Triggering EOF callback
	2013-10-08 15:54:13.543+0000: 3262: debug : qemuProcessHandleMonitorEOF:294 : Received EOF on 0x14549110 'migt10'

	And the monitor is cleaned up. This results in calling
	qemuProcessHandleMonitorEOF with the @vm pointer passed. The pointer is
	kept in qemuMonitor struct.

	==3262== Thread 1:
	==3262== Invalid read of size 4
	==3262==    at 0x77ECCAA: pthread_mutex_lock (in /lib64/libpthread-2.15.so)
	==3262==    by 0x52FAA06: virMutexLock (virthreadpthread.c:85)
	==3262==    by 0x52E3891: virObjectLock (virobject.c:320)
	==3262==    by 0x11626743: qemuProcessHandleMonitorEOF (qemu_process.c:296)
	==3262==    by 0x11642593: qemuMonitorIO (qemu_monitor.c:730)
	==3262==    by 0x52BD526: virEventPollDispatchHandles (vireventpoll.c:501)
	==3262==    by 0x52BDD49: virEventPollRunOnce (vireventpoll.c:648)
	==3262==    by 0x52BBC68: virEventRunDefaultImpl (virevent.c:274)
	==3262==    by 0x542D3D9: virNetServerRun (virnetserver.c:1112)
	==3262==    by 0x11F368: main (libvirtd.c:1513)
	==3262==  Address 0x14549128 is 24 bytes inside a block of size 136 free'd
	==3262==    at 0x4C2AF5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==3262==    by 0x529B1FF: virFree (viralloc.c:580)
	==3262==    by 0x52E3703: virObjectUnref (virobject.c:270)
	==3262==    by 0x531557E: virDomainObjListRemove (domain_conf.c:2355)
	==3262==    by 0x1160E899: qemuDomainRemoveInactive (qemu_domain.c:2061)
	==3262==    by 0x1163A0C6: qemuMigrationPrepareAny (qemu_migration.c:2450)
	==3262==    by 0x1163A923: qemuMigrationPrepareDirect (qemu_migration.c:2626)
	==3262==    by 0x11682D71: qemuDomainMigratePrepare3Params (qemu_driver.c:10309)
	==3262==    by 0x53B0976: virDomainMigratePrepare3Params (libvirt.c:7266)
	==3262==    by 0x1502D3: remoteDispatchDomainMigratePrepare3Params (remote.c:4797)
	==3262==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
	==3262==    by 0x54322EB: virNetServerProgramDispatchCall (virnetserverprogram.c:435)

	The mon->vm is set in qemuMonitorOpenInternal() which is the correct
	place to increase @vm ref counter. The correct place to decrease the ref
	counter is then qemuMonitorDispose().

2013-10-11  Bing Bu Cao  <mars@linux.vnet.ibm.com>

	util: fix two virCompareLimitUlong bugs
	The helper function virCompareLimitUlong compares limit values,
	where value of 0 is equal to unlimited. If the latter parameter is 0,
	it should return -1 instead of 1, hence the user can only set hard_limit when
	swap_hard_limit currently is unlimited.

	Worse, all callers pass 2 64-bit values, but on 32-bit platforms,
	the second argument was silently truncated to 32 bits, which
	could lead to incorrect computations.

2013-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Move virNetDevVPort enum impl into virnetdevvportprofile.c
	The enum for virNetDevVPort is declared in the header file
	virnetdevvportprofile.h, but for some reason the impl is
	in netdev_vport_profile_conf.c.

	This causes a dep from src/util onto src/conf which is not
	allowed. Move the enum impl into virnetdevvportprofile.c
	to break the circle.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Introduce "migration_address"
	This configuration knob is there to override default listen address for
	-incoming for all qemu domains.

	qemu: Implement support for VIR_MIGRATE_PARAM_LISTEN_ADDRESS

	virsocket: Introduce virSocketAddrIsWildcard
	This function takes exactly one argument: an address to check.
	It returns true, if the address is an IPv4 or IPv6 address in numeric
	format, false otherwise (e.g. for "examplehost").

	Migration: Introduce VIR_MIGRATE_PARAM_LISTEN_ADDRESS
	The parameter allows overriding default listen address for '-incoming'
	cmd line argument on destination.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce qemuDomainDefCheckABIStability
	https://bugzilla.redhat.com/show_bug.cgi?id=994364

	Whenever we check for ABI stability, we have new xml (e.g. provided by
	user, or obtained from snapshot, whatever) which we compare to old xml
	and see if ABI won't break. However, if the new xml was produced via
	virDomainGetXMLDesc(..., VIR_DOMAIN_XML_MIGRATABLE) it lacks some
	devices, e.g. 'pci-root' controller. Hence, the ABI stability check
	fails even though it is stable. Moreover, we can't simply fix
	virDomainDefCheckABIStability because removing the correct devices is
	task for the driver. For instance, qemu driver wants to remove the usb
	controller too, while LXC driver doesn't. That's why we need special
	qemu wrapper over virDomainDefCheckABIStability which removes the
	correct devices from domain XML, produces MIGRATABLE xml and calls the
	check ABI stability function.

2013-10-11  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Test qemuMonitorJSONSendKey

	qemumonitorjsontest: Test qemuMonitorJSONGetVirtType

	qemumonitorjsontest: Test qemuMonitorJSONGetCPUInfo

	qemumonitorjsontest: Extend the test for yet another monitor commands
	So far, we're unit testing some basic functions and some (so called)
	simple functions (e.g. "qmp_capabilities", "system_powerdown"). However,
	there are more functions which expect simple "{'return': {}}" reply, but
	takes more args to construct the command (for instance "set_link"). This
	patch aims on such functions.

2013-10-10  John Ferlan  <jferlan@redhat.com>

	storage_backend: Fix issue with allocation of 0 length volume
	Commit id '532fef36' added a call to fallocate() and some error
	handling based on whether or not the function existed. This new
	call resulted in libvirt-cim/cimtest failures when attempting to
	create a volume with "0" (zero) allocation value. The failure is
	logged as:

	Oct  9 07:51:33 localhost libvirtd[8030]: cannot allocate 0 bytes in
	file '/var/lib/libvirt/images/cimtest-vol.img': Invalid argument

	This can also be seen with virsh vol-create-as:

	error: Failed to create vol test
	error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
	argument

	error: Failed to create vol test
	error: cannot allocate 0 bytes in file '/home/vm-images/test': Invalid
	argument

	It turns out fallocate() will return EINVAL when the incoming 'len'
	(or allocation) value is 0 (or less).

2013-10-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Init @pcidevs in qemuPrepareHostdevPCIDevices
	At the beginning of the function qemuPrepareHostdevPCICheckSupport() is
	called. After that @pcidevs is initialized. However, if the very first
	command fails, we go to 'cleanup' label where virObjectUnref(pcidevs) is
	called. Obviously, it is called before @pcidevs was able to get
	initialized. Compiler warns about it:

	  CC       qemu/libvirt_driver_qemu_impl_la-qemu_hostdev.lo
	qemu/qemu_hostdev.c: In function 'qemuPrepareHostdevPCIDevices':
	qemu/qemu_hostdev.c:824:19: error: 'pcidevs' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     virObjectUnref(pcidevs);
	                   ^
	cc1: all warnings being treated as errors

2013-10-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: Prefer VFIO for PCI device passthrough
	Prefer using VFIO (if available) to the legacy KVM device passthrough.

	With this patch a PCI passthrough device without the driver configured
	will be started with VFIO if it's available on the host. If not legacy
	KVM passthrough is checked and error is reported if it's not available.

2013-10-10  Peter Krempa  <pkrempa@redhat.com>

	qemu: hostdev: Add checks if PCI passthrough is available in the host
	Add code to check availability of PCI passhthrough using VFIO and the
	legacy KVM passthrough and use it when starting VMs and hotplugging
	devices to live machine.

	qemu: hostdev: Fix function spacing and header formatting

2013-10-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: refactor qemuCompressProgramAvailable()

	qemu: Fix coding style in qemuDomainSaveFlags()
	Avoid mixed brace style in an if statement and fix formatting of error
	messages.

2013-10-09  Ján Tomko  <jtomko@redhat.com>

	LXC: Fix handling of RAM filesystem size units
	Since 76b644c when the support for RAM filesystems was introduced,
	libvirt accepted the following XML:
	<source usage='1024' unit='KiB'/>

	This was parsed correctly and internally stored in bytes, but it
	was formatted as (with an extra 's'):
	<source usage='1024' units='KiB'/>
	When read again, this was treated as if the units were missing,
	meaning libvirt was unable to parse its own XML correctly.

	The usage attribute was documented as being in KiB, but it was not
	scaled if the unit was missing. Transient domains still worked,
	because this was balanced by an extra 'k' in the mount options.

	This patch:
	Changes the parser to use 'units' instead of 'unit', as the latter
	was never documented (fixing persistent domains) and some programs
	(libvirt-glib, libvirt-sandbox) already parse the 'units' attribute.

	Removes the extra 'k' from the tmpfs mount options, which is needed
	because now we parse our own XML correctly.

	Changes the default input unit to KiB to match documentation, fixing:
	https://bugzilla.redhat.com/show_bug.cgi?id=1015689

2013-10-09  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	cgroup: fix a comment typo in vircgroup.c
	s/shoule/should

2013-10-09  Ján Tomko  <jtomko@redhat.com>

	storage: Use bool instead of int
	Commit 532fef3 added two-state 'need_alloc' and exposed
	'want_sparse' which also only has two states.

	Change their type from int to bool.

2013-10-08  Cole Robinson  <crobinso@redhat.com>

	tests: Add qemu test for multiple timers
	The following XML is the recommended default clock configuration for
	qemu:

	  <clock offset='utc'>
	    <timer name='rtc' tickpolicy='catchup'/>
	    <timer name='pit' tickpolicy='delay'/>
	    <timer name='hpet' present='no'/>
	  </clock>

	However we weren't testing any of those timer elements.

2013-10-08  Giuseppe Scrivano  <gscrivan@redhat.com>

	build: fix linker error on FreeBSD
	Commit 2d74822a9eb4856c7f5216bb92bcb76630660f72 renamed
	"freebsdNodeGetCPUCount" to "appleFreebsdNodeGetCPUCount", leaving one
	call to "freebsdNodeGetCPUCount".  Fix this other case.

2013-10-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: hostdev: Refactor PCI passhrough handling
	To simplify future patches dealing with this code, simplify and refactor
	some conditions to switch statements.

2013-10-08  Daniel P. Berrange  <berrange@redhat.com>

	Remove test case average timing
	The test case average timing code has not been used by any test
	case ever. Delete it to remove complexity.

	Remove existing OOM test impl
	The current OOM test impl is too inefficient to be used on the
	large test suites. It loops running 'main' multiple times, once
	for each alloc in the 'main' method. This has complexity
	'n * (n + 1) / 2' in terms of total alloc count. It will be
	replaced by a more efficient impl whicih runs individual test
	cases instead. This will have same complexity but the values
	of 'n' will be much smaller, so a net win.

	Don't clobber 'ret' variable in testCompareXMLToXMLHelper
	The qemuxml2xmltest.c function testCompareXMLToXMLHelper would
	clobber the 'ret' variable causing it to mis-diagnose OOM
	errors.

2013-10-07  Michal Privoznik  <mprivozn@redhat.com>

	virerror: s/VIR_ERR_STORAGE_VOL_EXISTS/VIR_ERR_STORAGE_VOL_EXISTS/
	We currently have other error codes in singular form, e.g.
	VIR_ERR_NETWORK_EXIST. Cleanup the previous patch to match the form.

2013-10-07  Hongwei Bi  <hwbi2008@gmail.com>

	fix a ambiguous output of the command:'virsh vol-create-as'
	I created a storage volume(eg: test) from a storage pool(eg:vg10) using
	the following command:"virsh vol-create-as --pool vg10 --name test --capacity 300M."
	When I re-executed the above command, the output was as the following:
	"error: Failed to create vol test
	 error: Storage volume not found: storage vol 'test' already exists"

	I think the output "Storage volume not found" is not appropriate. Because in fact storage
	vol test has been found at this time. And then I think virErrorNumber should includes
	VIR_ERR_STORAGE_EXIST which can also be used elsewhere. So I make this patch. The result
	is as following:
	"error: Failed to create vol test
	 error: storage volume 'test' exists already"

2013-10-07  Giuseppe Scrivano  <gscrivan@redhat.com>

	tests: avoid compile failure on linux kernels older than 2.6.19

2013-10-07  Eric Blake  <eblake@redhat.com>

	build: add configure --without-readline
	Make it much easier to test a configuration built without readline
	support, by reusing our existing library probe machinery.  It gets
	a bit tricky with readline, which does not provide a pkg-config
	snippet, and which on some platforms requires one of several
	terminal libraries as a prerequiste, but the end result should be
	the same default behavior but now with the option to disable things.

	* m4/virt-readline.m4 (LIBVIRT_CHECK_READLINE): Simplify by using
	LIBVIRT_CHECK_LIB.
	* tools/virsh.c: Convert USE_READLINE to WITH_READLINE.

2013-10-07  Eric Blake  <eblake@redhat.com>

	build: move readline check into its own macro
	A future patch will allow disabling readline; doing this in an
	isolated file instead of configure.ac will make the task easier.

	* configure.ac: Move readline code...
	* m4/virt-readline.m4: ...here.

2013-10-07  Eric Blake  <eblake@redhat.com>

	build: kill maintainer mode, always rebuild by default
	The automake manual recommends against the use of disabling
	maintainer mode by default:

	https://www.gnu.org/software/automake/manual/automake.html#maintainer_002dmode

	because when it is disabled, the user gets no indication if they
	touch a file that would normally require a rebuild.  Automake
	1.11 changed things so that AM_MAINTAINER_MODE([enable]) will set
	the mode to enabled by default; but RHEL 5 still uses automake 1.9,
	where AM_MAINTAINER_MODE did not recognize an argument, and
	therefore disables maintainer mode by default.  Having the default
	be different according to which version of automake built the
	project is annoying, and I _have_ been bitten on RHEL 5 rebuilds
	where the default disabled mode led to silently incorrect builds.

	The automake manual admits that being able to disable maintainer
	mode still makes sense for projects that still store generated
	files from the autotools in version control; but we have dropped
	that for several years now.  As such, it's finally time to just
	ditch the whole idea of maintainer mode, and unconditionally
	rebuild autotools files if a dependency changes, without offering
	a configure option to disable that mode.

	* configure.ac (AM_MAINTAINER_MODE): Drop.

2013-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of virConnectPtr from all remaining nwfilter code
	The virConnectPtr is passed around loads of nwfilter code in
	order to provide it as a parameter to the callback registered
	by the virt drivers. None of the virt drivers use this param
	though, so it serves no purpose.

	Avoiding the need to pass a virConnectPtr means that the
	nwfilterStateReload method no longer needs to open a bogus
	QEMU driver connection. This addresses a race condition that
	can lead to a crash on startup.

	The nwfilter driver starts before the QEMU driver and registers
	some callbacks with DBus to detect firewalld reload. If the
	firewalld reload happens while the QEMU driver is still starting
	up though, the nwfilterStateReload method will open a connection
	to the partially initialized QEMU driver and cause a crash.

2013-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Don't pass virConnectPtr in nwfilter 'struct domUpdateCBStruct'
	The nwfilter driver only needs a reference to its private
	state object, not a full virConnectPtr. Update the domUpdateCBStruct
	struct to have a 'void *opaque' field instead of a virConnectPtr.

	Remove virConnectPtr arg from virNWFilterDefParse*
	None of the virNWFilterDefParse* methods require a virConnectPtr
	arg, so just drop it

2013-10-07  Claudio Bley  <cbley@av-test.de>

	Adjust legacy max payload size to account for header information
	Commit 27e81517a87 set the payload size to 256 KB, which is
	actually the max packet size, including the size of the header.

	Reduce this by VIR_NET_MESSAGE_HEADER_MAX (24) and set
	VIR_NET_MESSAGE_LEGACY_PAYLOAD_MAX to 262120, which was the original
	value before increasing the limit in commit eb635de1fed.

2013-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	nodeinfo: make freebsdNodeGetCPUCount work on Mac OS X
	This fixes the following error:
	  error : nodeGetInfo:933 : this function is not supported
	  by the connection driver: node info not implemented on this platform

	The freebsdNodeGetCPUCount was renamed to appleFreebsdNodeGetCPUCount
	in order to make more visible the fact, that it works on Mac OS X too.

	Mac OS X can use sysctlbyname as same as FreeBSD to get the CPU
	frequency. However, the MIB style name is different from FreeBSD's.
	And the unit of the return frequency is also different.

2013-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	rpc: fix getsockopt for LOCAL_PEERCRED on Mac OS X
	This fixes the following error:
	  error : virGetUserEnt:703 : Failed to find user record for uid '32654'

	'32654' (it's random and varies) comes from getsockopt with
	LOCAL_PEERCRED option. getsockopt returns w/o error but seems
	to not set any value to the buffer for uid.

	For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level.
	With SOL_LOCAL, getsockopt returns a correct uid.

	Note that SOL_LOCAL can be found in
	/System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h.

2013-10-07  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	doc: fix typo in HACKING
	s/installion/installation

2013-10-05  Eric Blake  <eblake@redhat.com>

	build: fix build on 32-bit platforms
	qemumonitorjsontest.c: In function 'testQemuMonitorJSONqemuMonitorJSONGetBalloonInfo':
	qemumonitorjsontest.c:1134: warning: integer constant is too large for 'long' type

	* tests/qemumonitorjsontest.c
	(testQemuMonitorJSONqemuMonitorJSONGetBalloonInfo)
	(testQemuMonitorJSONqemuMonitorJSONGetBlockStatsInfo): Use correct
	type.

2013-10-05  Eric Blake  <eblake@redhat.com>

	build: fix build on RHEL 5
	On RHEL 5, compilation fails with:

	storage/storage_backend.c: In function 'createRawFile':
	storage/storage_backend.c:339: warning: implicit declaration of function 'fallocate'
	storage/storage_backend.c:339: warning: nested extern declaration of 'fallocate' [-Wnested-externs]

	But:

	$ grep HAVE_FALLOCATE config.h
	/* #undef HAVE_FALLOCATE */

	Huh? It turns out that in kernels that old, fallocate() is not
	implemented (config.h is correct), but <linux/fs.h> defines
	HAVE_FALLOCATE as an empty witness macro for a completely
	different purpose.  Since storage_backend.c is including
	<linux/fs.h> on RHEL 5, we are hosed by the kernel definition.
	Newer kernels no longer pollute the namespace, and it's fairly
	easy to convert to an expression that works with both the old
	kernel witness and the new-style config.h (undefined or 1).

	Problem introduced in commit 532fef3.

	* src/storage/storage_backend.c (createRawFile): Avoid namespace
	pollution from kernel, by checking HAVE_FALLOCATE for a value.

2013-10-05  Eric Blake  <eblake@redhat.com>

	build: fix build --without-remote
	I tried to test ./configure --without-lxc --without-remote.
	First, the build failed with some odd errors, such as an
	inability to build xen, or link failures for virNetTLSInit.
	But when you think about it, once there is no remote code,
	all of libvirtd is useless, any stateful driver that depends
	on libvirtd is also not worth compiling, and any libraries
	used only by RPC code are not needed.  So I patched
	configure.ac to make for some saner defaults when an
	explicit disable is attempted.  Similarly, since we have
	migrated virnetdevbridge into generic code, the workaround
	for Linux kernel stupidity must not depend on stateful
	drivers being in use.

	Then there's 'make check' that needs segregation.

	Wow - quite a bit of cleanup to make --without-remote useful :)

	* configure.ac: Let --without-remote toggle defaults on stateful
	drivers and other libraries.  Pick up Linux kernel workarounds
	even when qemu and lxc are not being compiled.
	* tests/Makefile.am (test_programs): Factor out programs that
	require remote.
	* src/libvirt_private.syms (rpc/virnet*.h): Move...
	* src/libvirt_remote.syms: ...into new file.
	* src/Makefile.am (SYM_FILES): Ship new syms file.

2013-10-04  Cole Robinson  <crobinso@redhat.com>

	docs: aclpolkit: Fix a heading typo

2013-10-04  Oskari Saarenmaa  <os@ohmu.fi>

	storage: fix file allocation behavior in file cloning
	Fixed the safezero call for allocating the rest of the file after cloning
	an existing volume; it used to always use a zero offset, causing it to
	only allocate the beginning of the file.

	Also modified file creation to try to use fallocate(2) to pre-allocate
	disk space before copying any data to make sure it fails early on if disk
	is full and makes sure we can skip zero blocks when copying file contents.

	If fallocate isn't available we will zero out the rest of the file after
	cloning and only use sparse cloning if client requested a lower allocation
	than the input volume's capacity.

2013-10-04  Oskari Saarenmaa  <os@ohmu.fi>

	virfile: safezero: fix buffer allocation max size
	My previous commit 7dc1d4ab was supposed to change safezero to allocate
	1 megabyte at maximum, but had the logic reversed and will allocate 1
	megabyte at minimum (and a lot more at maximum.)

2013-10-04  Cole Robinson  <crobinso@redhat.com>

	test: Fix coverity warnings

2013-10-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use maximum guest memory size when getting NUMA placement advice
	When starting the VM the guest balloon driver is not loaded at that
	time. We need to ask numad for placement of the complete VM.

2013-10-04  John Ferlan  <jferlan@redhat.com>

	nodedev: Resolve Relax-NG validity error
	Commit id 'c4a4603de' added an output <path> to the nodedev xml, but
	did not update the schema.

	This resulted in the failure of the 'virt-xml-validate' on a file
	generated by 'virsh nodedev-dumpxml pci_0000_00_00_0' (for example).

	This was found/seen by running autotest on my host.

2013-10-04  Gao feng  <gaofeng@cn.fujitsu.com>

	Free cmd in virNetDevVethCreate

	Free cmd in virNetDevVethDelete

2013-10-04  Oskari Saarenmaa  <os@ohmu.fi>

	virfile: safezero: fall back to writing block by block if mmap fails
	mmap can fail on 32-bit systems if we're trying to zero out a lot of data.
	Fall back to using block-by-block writing in that case.  While we could map
	smaller blocks it's unlikely that this code is used a lot and its easier to
	just fall back to one of the existing methods.

	Also modified the block-by-block zeroing to not allocate a megabyte of
	zeroes if we're writing less than that.

2013-10-03  Cole Robinson  <crobinso@redhat.com>

	test: snapshot: Add REDEFINE support

	qemu: snapshot: Break out redefine preparation to shared function

2013-10-03  Cole Robinson  <crobinso@redhat.com>

	test: Implement snapshot create/delete/revert APIs
	Again stolen from qemu_driver.c, but dropping all the unneeded bits.
	This aims to copy all the current qemu validation checks since that's
	the most commonly used real driver, but some of the checks are
	completely artificial in the test driver.

	This only supports creation of internal snapshots for initial
	simplicity.

2013-10-03  Cole Robinson  <crobinso@redhat.com>

	test: Allow specifying domainsnapshot XML
	The user can pass it as a <test:domainsnapshot> subelement of a <domain>.

	qemu: snapshots: Simplify REDEFINE flag check
	Makes things more readable IMO

2013-10-03  Laine Stump  <laine@laine.org>

	qemu: check actual netdev type rather than config netdev type during init
	This resolves:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1012824
	   https://bugzilla.redhat.com/show_bug.cgi?id=1012834

	Note that a similar problem was reported in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=827519

	but the fix only worked for <interface type='hostdev'>, *not* for
	<interface type='network'> where the network itself was a pool of
	hostdevs.

	The symptom in both cases was this error message:

	   internal error: Unable to determine device index for network device

	In both cases the cause was lack of proper handling for netdevs
	(<interface>) of type='hostdev' when scanning the netdev list looking
	for alias names in qemuAssignDeviceNetAlias() - those that aren't
	type='hostdev' have an alias of the form "net%d", while those that are
	hostdev use "hostdev%d". This special handling was completely lacking
	prior to the fix for Bug 827519 which was:

	When searching for the highest alias index, libvirt looks at the alias
	for each netdev and if it is type='hostdev' it ignores the entry. If
	the type is not hostdev, then it expects the "net%d" form; if it
	doesn't find that, it fails and logs the above error message.

	That fix works except in the case of <interface type='network'> where
	the network uses hostdev (i.e. the network is a pool of VFs to be
	assigned to the guests via PCI passthrough). In this case, the check
	for type='hostdev' would fail because it was done as:

	     def->net[i]->type == VIR_DOMAIN_NET_TYPE_HOSTDEV

	(which compares what was written in the config) when it actually
	should have been:

	    virDomainNetGetActualType(def->net[i]) == VIR_DOMAIN_NET_TYPE_HOSTDEV

	(which compares the type of netdev that was actually allocated from
	the network at runtime).

	Of course the latter wouldn't be of any use if the netdevs of
	type='network' hadn't already acquired their actual network connection
	yet, but manual examination of the code showed that this is never the
	case.

	While looking through qemu_command.c, two other places were found to
	directly compare the net[i]->type field rather than getting actualType:

	* qemuAssignDeviceAliases() - in this case, the incorrect comparison
	  would cause us to create a "net%d" alias for a netdev with
	  type='network' but actualType='hostdev'. This alias would be
	  subsequently overwritten by the proper "hostdev%d" form, so
	  everything would operate properly, but a string would be
	  leaked. This patch also fixes this problem.

	* qemuAssignDevicePCISlots() - would defer assigning a PCI address to
	  a netdev if it was type='hostdev', but not for type='network +
	  actualType='hostdev'. In this case, the actual device usually hasn't
	  been acquired yet anyway, and even in the case that it has, there is
	  no practical difference between assigning a PCI address while
	  traversing the netdev list or while traversing the hostdev
	  list. Because changing it would be an effective NOP (but potentially
	  cause some unexpected regression), this usage was left unchanged.

2013-10-03  Michal Privoznik  <mprivozn@redhat.com>

	qemucapabilitiesdata: Add qemu-1.6.50 data

	qemucapabilitiesdata: Add qemu-1.6.0 data

	qemucapabilitiesdata: Add qemu-1.4.2 data

	qemucapabilitiesdata: Add qemu-1.3.1 data

	qemucapabilitiesdata: Add qemu-1.2.2 data

	qemuMonitorTestFree: Join worker thread
	Join the worker thread no matter if it is running or zombie already.
	With current implementation the thread is joined iff @running is true.
	However, when worker executes the last line, @running is set to false.
	Hence qemuMonitorTestFree() won't join it (and free resources) even
	though we can clearly see worker has run (nobody else sets @running =
	false).

	qemumonitorjsontest: Test qemuMonitorJSONSystemPowerdown
	Right now, we are testing qemuMonitorSystemPowerdown instead of
	qemuMonitorJSONSystemPowerdown. It makes no harm, as both functions have
	the same header and the former is just a wrapper over the latter. But we
	should be consistent as we're testing the JSON functions only in here.

2013-10-03  Daniel P. Berrange  <berrange@redhat.com>

	Use 'vnet' as prefix for veth devices
	The XML parser reserves 'vnet' as a prefix for automatically
	generated NIC device names. Switch the veth device creation
	to use this prefix, so it does not have to worry about clashes
	with user specified names in the XML.

2013-10-03  Daniel P. Berrange  <berrange@redhat.com>

	Retry veth device creation on failure
	The veth device creation code run in two steps, first it looks
	for two free veth device names, then it runs ip link to create
	the veth pair. There is an obvious race between finding free
	names and creating them, when guests are started in parallel.

	Rewrite the code to loop and re-try creation if it fails, to
	deal with the race condition.

2013-10-03  Daniel P. Berrange  <berrange@redhat.com>

	Avoid deleting NULL veth device name
	If veth device allocation has a fatal error, the veths
	array may contain NULL device names. Avoid calling the
	virNetDevVethDelete function on such names.

	Avoid reporting an error if veth device is already deleted
	The kernel automatically destroys veth devices when cleaning
	up the container network namespace. During normal shutdown, it
	is thus likely that the attempt to run 'ip link del vethN'
	will fail. If it fails, check if the device exists, and avoid
	reporting an error if it has gone. This switches to use the
	virCommand APIs instead of virRun too.

	Don't set netdev offline in container cleanup
	During container cleanup there is a race where the kernel may
	have destroyed the veth device before we try to set it offline.
	This causes log error messages. Given that we're about to
	delete the device entirely, setting it offline is pointless.

2013-10-03  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCapability
	And so do qemuMonitorJSONSetMigrationCapability.

	qemumonitorjsontest: Test qemuMonitorJSONGetTargetArch

	qemumonitorjsontest: Test qemuMonitorJSONSetBlockIoThrottle
	Also do qemuMonitorJSONGetBlockIoThrottle.

	qemumonitorjsontest: Test qemuMonitorJSONGetPtyPaths

	qemumonitorjsontest: Test qemuMonitorJSONGetSpiceMigrationStatus

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationStatus

	qemumonitorjsontest: Test qemuMonitorJSONGetMigrationCacheSize

	qemumonitorjsontest: Test qemuMonitorJSONGetBlockStatsInfo
	While the reply can be reused test qemuMonitorJSONGetBlockExtent and
	qemuMonitorJSONGetBlockExtent too.

	qemumonitorjsontest: Test qemuMonitorJSONGetBlockInfo

	qemumonitorjsontest: Test qemuMonitorJSONGetBalloonInfo

	qemuMonitorJSONSendKey: Avoid double free
	After successful @cmd construction the memory where @keys points to is
	part of @cmd. Avoid double freeing it.

	qemuMonitorJSONGetVirtType: Fix error message
	When querying for kvm, we try to find 'enabled' field. Hence the error
	message should report we haven't found 'enabled' and not 'running'
	(which is not even in the reply). Probably a typo or copy-paste error.

2013-10-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Allow QoS update in qemuDomainChangeNet
	The qemuDomainChangeNet() is called when 'virsh update-device' is
	invoked on a NIC. Currently, we fail to update the QoS even though
	we have routines for that.

	virNetDevBandwidthEqual: Make it more robust
	So far the virNetDevBandwidthEqual() expected both ->in and ->out items
	to be allocated for both @a and @b compared. This is not necessary true
	for all our code. For instance, running 'update-device' twice over a NIC
	with the very same XML results in SIGSEGV-ing in this function.

2013-10-01  Cole Robinson  <crobinso@redhat.com>

	test: Implement readonly snapshot APIs
	This is just stolen from qemu_driver.c with tweaks to fit the
	test driver.

	test: Wire up managed save APIs
	Also add a <test:hasmanagedsave> element to set this data when starting
	the connection.

	test: Allow specifying object transient state in driver XML
	Similar to the runstate commit, allow a boolean <test:transient/>
	element for setting domain persistence at driver startup.

2013-10-01  Cole Robinson  <crobinso@redhat.com>

	qemu: cgroup: Fix crash if starting nographics guest
	We can dereference graphics[0] even if guest has no graphics device
	configured. I screwed this up in a216e6487255d3b65d97c7ec1fa5da63dbced902

	https://bugzilla.redhat.com/show_bug.cgi?id=1014088

2013-10-01  Ján Tomko  <jtomko@redhat.com>

	selinux: Only close the selabel_handle once
	On selinux driver initialization failure (missing/incorrectly
	formatted contexts file), selabel_handle was closed twice.

	Introduced by 6159710.

2013-10-01  Ján Tomko  <jtomko@redhat.com>

	Fix handling of IPv6 listen addresses in cmdDomDisplay
	Use virSocketAddrIsWildcard instead of STREQ to check for the ANY
	address and put brackets around the address if it contains ':'.

2013-10-01  Laine Stump  <laine@laine.org>

	util: recognize SMB/CIFS filesystems as shared
	This should resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=1012085

	libvirt previously recognized NFS, GFS2, OCFS2, and AFS filesystems as
	"shared", and thus eligible for exceptions to certain rules/actions
	about chowning image files before handing them off to a guest. This
	patch widens the definition of "shared filesystem" to include SMB and
	CIFS filesystems (aka "Windows file sharing"); both of these use the
	same protocol, but different drivers so there are different magic
	numbers for each.

2013-10-01  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce qemucapabilitiestest
	This test is there to ensure that our capabilities detection code isn't
	broken somehow.

	How to gather test data:

	Firstly, the data is split into two separate files. The former (with
	suffix .replies) contains all the qemu replies. This is very fragile as
	introducing a new device can mean yet another monitor command and hence
	edit of this file in the future. But there's no better way of doing
	this. To get this data simply turn on debug logs and copy all the
	QEMU_MONITOR_IO_PROCESS lines. But be careful to not copy incomplete
	ones (yeah, we report some incomplete lines too). Long story short, at
	the libvirtd startup, a dummy qemu is spawn to get all the capabilities.

	The latter (with suffix .caps) contains capabilities XML. Just start a
	domain and copy the corresponding part from its state XML file.
	Including <qemuCaps> tag.

2013-10-01  Michal Privoznik  <mprivozn@redhat.com>

	qemuMonitorTest: Make check for monitor command match optional
	In a few cases we might want to not care if monitor command executed on
	the mocked monitor matches the one we have reply for. Sounds crazy, but
	if we just want monitor to return certain values (e.g. read from a file)
	there is no need to care about command match.

	tests: Learn qemuMonitorTestNew optional greeting
	Currently, when creating a new mocked monitor, the greeting can't be
	chosen. This is crucial for next patches, because some info as qemu
	version is obtained in the greeting message.

	qemu_capabilities: Introduce virQEMUCapsInitQMPMonitor
	This basically covers the talking-to-monitor part of
	virQEMUCapsInitQMP.  The patch itself has no real value,
	but it creates an entity to be tested in the next patches.

2013-10-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.3
	- configure.ac docs/news.html.in libvirt.spec.in: update for release
	- po/*.po*: updated localization and regenerated

2013-09-30  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Add Fusion version test
	This adds a test for the version string of VMware Fusion.

2013-09-30  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: do cleanup when failed to bind fs as read-only
	We forgot to do cleanup when lxcContainerMountFSTmpfs
	failed to bind fs as read-only.

2013-09-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix max stream packet size for old clients
	The libvirtd server pushes data out to clients. It does not
	know what protocol version the client might have, so must be
	conservative and use the old payload limits. ie send no more
	than 256kb of data per packet.

2013-09-30  Cédric Bosdonnat  <cbosdonnat@suse.com>

	LXC: workaround machined uncleaned data with containers running systemd.
	The problem is described by [0] but its effect on libvirt is that
	starting a container with a full distro running systemd after having
	stopped it simply fails.

	The container cleanup now calls the machined Terminate function to make
	sure that everything is in order for the next run.

	 [0]: https://bugs.freedesktop.org/show_bug.cgi?id=68370

2013-09-30  Oskari Saarenmaa  <os@ohmu.fi>

	virfile: safezero: align mmap offset to page size
	mmap's offset must be aligned to page size or mapping will fail.
	mmap-based safezero is only used if posix_fallocate isn't available.

2013-09-30  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	virscsi: hostdev SCSI AdapterId retrieval fix
	Fixed the retrieval of the AdapterId from the AdapterName of the
	hostdev source so it does return an error instead of leaving the
	adapter_id uninitialized.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-09-30  Hongwei Bi  <hwbi2008@gmail.com>

	virsh-volume: Add missing check when calling virStreamNew
	Check return value of virStreamNew when called by cmdVolUpload and
	cmdVolDownload.

	virsh-domain: Free dom before return false in cmdDump

2013-09-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: process: Silence coverity warning when rewinding log file
	The change in ef29de14c37d14abc546e90555a0093797facfdd that introduced
	better error logging from qemu introduced a warning from coverity about
	unused return value from lseek. Silence this warning and fix typo in the
	corresponding error message.

	Reported by: John Ferlan

2013-09-30  Michal Privoznik  <mprivozn@redhat.com>

	python: Document virNodeGetInfo bug
	The memory size in virNodeGetInfo python API binding is reported in MiB
	instead of KiB (like we have in C struct). However, there already might
	be applications out there relying on this inconsistence so we can't
	simply fix it. Document this sad fact as known bug.

2013-09-29  Daniel Veillard  <veillard@redhat.com>

	Remove tab from previous commit

2013-09-29  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Initial VMware Fusion support
	Add support for VMware Fusion in the existing VMware driver.  Connect
	via the URI vmwarefusion:///session

	VMware: Support more than 2 driver backends
	Currently the VMware version check code only supports two types of
	VMware backends, Workstation and Player. But in the near future we will
	have an additional one so we need to support more. Additionally, we
	discover and cache the path to the vmrun binary so we should use that
	path when using the corresponding binary from the VMware VIX SDK.

2013-09-28  Eric Blake  <eblake@redhat.com>

	build: fix build --without-lxc
	'make distcheck' fails from a directory configured --without-lxc:

	  GEN      virt-login-shell.1
	Can't write-open ../../tools/virt-login-shell.1: Permission denied at /usr/bin/pod2man line 69.

	* tools/Makefile.am (EXTRA_DIST): Ship pre-built man page.

2013-09-28  Eric Blake  <eblake@redhat.com>

	build: tweak vpath builds of net_rpc
	Another case missed by commits 716c7bb and 6973e02.

	* src/Makefile.am (VIR_NET_RPC_GENERATED): Drop $(srcdir).
	(libvirt_net_rpc_la_SOURCES): List generated files more compactly.

2013-09-27  Michal Privoznik  <mprivozn@redhat.com>

	Makefile.am: Always include rule to make org.libvirt.api.policy
	When running 'make dist' on a system without policykit, we currently
	fail. This is because $(srcdir)/access/org.libvirt.api.policy is in
	EXTRA_DIST, however, the rule to generate the file is conditional
	whether we build with polkit or not.

	fchosttest: Run the test only under linux
	Currently, we have functions to handle fc_host implemented just
	for linux. On all other platforms an error is thrown. It makes no
	sense to run the test on those platforms then.

2013-09-27  Michal Privoznik  <mprivozn@redhat.com>

	genprotocol.pl: Fix code on FreeBSD too
	On some systems (linux, cygwin and gnukfreebsd) rpcgen generates files
	which when compiling produces this warning:

	remote/remote_protocol.c: In function 'xdr_remote_node_get_cpu_stats_ret':
	remote/remote_protocol.c:530: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	Hence, on those systems we need to post-process the files by the
	rpc/genprotocol.pl perl script. At the beginning of the script the OS is
	detected via $^O perl variable. From my latest build on FreeBSD I see we
	need to fix the code there too. On FreeBSD the variable contains
	'freebsd' string:

	http://perldoc.perl.org/perlport.html#PLATFORMS

2013-09-27  Doug Goldstein  <cardoe@cardoe.com>

	event: Make debug message match function comments
	The debug message said there was a timeout of 0 pending for -1 ms which
	made me think this is where a hang was coming from but according to the
	function comments this case means that there is no timeout pending so
	make the debug message say that instead of saying there's a -1 ms
	timeout.

	BSD: Ensure process creation timestamp is init'd
	While BSDs don't support process creation timestamp information via
	PEERCRED for Unix sockets, we need to actually initialize the value
	because it is used by the libvirt code.

	BSD: Ensure UNIX socket credentials are valid
	Ensure that the socket credentials we got back on BSD are valid before
	using them.

2013-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in libvirtd when events are registered & ACLs active
	When a client disconnects from libvirtd, all event callbacks
	must be removed. This involves running the public API

	  virConnectDomainEventDeregisterAny

	This code does not run in normal API dispatch context, so no
	identity was set. The result was that the access control drivers
	denied the attempt to deregister callbacks. The callbacks thus
	continued to trigger after the client was free'd causing fairly
	predictable use of free memory & a crash.

	This can be triggered by any client with readonly access when
	the ACL drivers are active.

2013-09-27  Christophe Fergeau  <cfergeau@redhat.com>

	virsh: Fix domdisplay when domain only uses TLS
	It's possible to create a domain which will only use a TLS port
	and will not have a non-TLS port set by using:
	<graphics type='spice' autoport='yes' defaultMode='secure'/>
	In such a setup, the 'graphics' node for the running domain will be:
	<graphics type='spice' tlsPort='5900'
	          autoport='yes' listen='127.0.0.1'
	          defaultMode='secure'>

	However, cmdDomDisplay loops over all the 'graphics' node, and it
	ignores nodes which don't have a 'port' attribute. This means
	'virsh domdisplay' will only return an empty string for domains
	as the one above.

	This commit looks for both 'port' and 'tlsPort' before deciding
	to ignore a graphics node. It also makes sure 'port' is not printed
	when it's not set.
	This makes 'virsh domdisplay' return
	'spice://127.0.0.1?tls-port=5900' for domains using only a TLS
	port.

2013-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Free all driver data in qemuStateCleanup
	https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case A)

	While activeScsiHostdevs and webSocketPorts were allocated in
	qemuStateInitialize, they were not freed in qemuStateCleanup.

2013-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't leak reference to virQEMUDriverConfigPtr
	https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case D)

	qemuProcessStart created two references to virQEMUDriverConfigPtr before
	calling fork():

	    cfg = virQEMUDriverGetConfig(driver);
	    ...
	    hookData.cfg = virObjectRef(cfg);

	However, the child only unreferenced hookData.cfg and the parent only
	removed the cfg reference. That said, we don't need to increment the
	reference counter when assigning cfg to hookData. Both the child and the
	parent will correctly remove the reference on cfg (the child will do
	that through hookData).

2013-09-27  Eric Blake  <eblake@redhat.com>

	build: fix testsuite building under cygwin
	Similar to commit 8f34f19.

	* tests/Makefile.am (virnetserverclienttest_CFLAGS): Add XDR_CFLAGS.

2013-09-27  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix VPATH build error for locking daemon
	Removed superfluous/wrong srcdir prefix.

2013-09-27  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Increase bound limit for virDomainGetJobStats
	https://bugzilla.redhat.com/show_bug.cgi?id=1012818

	Commit 6d7d0b1869ed293e3208d11f375cecea0129dfc5 (in 1.1.2) added bounds
	checking to virDomainGetJobStats. But even at that time the API was able
	to return 20 parameters while the limit was set to 16.

2013-09-27  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	lxc: fix a warning typo in virLXCControllerEventSend
	s/becuase/because/

2013-09-26  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo.
	* src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise.

2013-09-26  Eric Blake  <eblake@redhat.com>

	build: fix use of rpc.h on cygwin
	Caused by commit 012c25e8 splitting out a convenience library.

	  CC       libvirtd_conf_la-libvirtd-config.lo
	In file included from ../src/rpc/virnetmessage.h:24:0,
	                 from ../src/rpc/virnetserverprogram.h:27,
	                 from ../src/rpc/virnetserver.h:32,
	                 from libvirtd-config.c:31:
	../src/rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file
	or directory

	* daemon/Makefile.am (libvirtd_conf_la_CFLAGS): Add XDR_CFLAGS.

2013-09-26  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: free dst before lxcDomainAttachDeviceDiskLive returns
	Free dst before lxcDomainAttachDeviceDiskLive returns

	qemu: virDomainControllerFind may return 0 if controller found
	The return value of virDomainControllerFind >=0 means that
	the specific controller was found.
	But some functions invoke it and treat 0 as not found.
	This patch fix these incorrect invocation.

2013-09-26  Guido Günther  <agx@sigxcpu.org>

	Distribute check-aclperms.pl
	so "make check" can work for the distributed tarballs too.

2013-09-26  Peter Krempa  <pkrempa@redhat.com>

	conf: clean up virDomainChrSourceDefParseXML
	Tweak some conditions and use correct typecasts in enums.

2013-09-26  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't crash on invalid chardev source definition of RNGs and other
	Since commit 297c99a5 an invalid source definition XML of a character
	device that is used as backend for RNG devices, smartcards and redirdevs
	causes crash of the daemon when parsing such a definition.

	The device types mentioned above are not a part of a regular character
	device but are backends for other types. Thus when parsing such device
	NULL is passed as the argument @chr_def. Later when checking the
	validity of the definition @chr_def was dereferenced when parsing a UNIX
	socket backend with missing path of the socket and crashed the daemon.

	Sample offending configuration:
	  <devices>
	  ...
	    <rng model='virtio'>
	      <backend model='egd' type='unix'>
	        <source mode='bind' service='1024'/>
	      </backend>
	    </rng>
	  </devices>

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1012196

2013-09-25  Cole Robinson  <crobinso@redhat.com>

	spec: Clean up distribution of ChangeLog (and others)
	- Move COPYING* to libvirt-client, so every package pulls them in
	- Move AUTHORS ChangeLog.gz NEWS README TODO from -daemon to -docs
	- Drop duplicate distribution of docs in -python

	https://bugzilla.redhat.com/show_bug.cgi?id=977099

2013-09-25  Cole Robinson  <crobinso@redhat.com>

	test: Allow specifying object runstate in driver XML
	When passing in custom driver XML, allow a block like

	<domain xmlns:test='http://libvirt.org/schemas/domain/test/1.0'>
	  ...
	  <test:runstate>5</test:runstate>
	</domain>

	This is only read at initial driver start time, and sets the initial
	run state of the object. This is handy for UI testing.

	It's only wired up for domains, since that's the only conf/
	infrastructure that supports namespaces at the moment.

2013-09-25  Daniel P. Berrange  <berrange@redhat.com>

	Avoid use of uninitialized data in virnetmessagetest
	If an error occurs in virnetmessagetest it was possible it
	would free uninitialized data.

	Avoid crash on OOM in virnetmessagetest
	The virnetmessagetest code did not check for failure to
	allocate the message object. This lead to a crash on OOM
	in the test suite.

	Avoid crash on OOM in virportallocatortest
	The virportallocatortest did not check if the object
	allocation failed in all cases. This lead to a crash
	on OOM in the testsuite

	Avoid crash on OOM in virlockspacetest
	The virlockspacetest.c did not check for failure to create
	a lockspace, causing a crash on OOM

	Avoid crash on OOM in virbuftest
	The virbuftest code did not check virBufferError before
	accessing the buffer contents, resulting in a crash on
	OOM conditions.

	Avoid uninitialized data in qemuMonitorTestNew
	The virDomainChrSourceDef variable should be memset to
	0, so that the cleanup block does not free uninitialized
	data on OOM.

	Avoid double free in qemuMonitorCommonTestInit on OOM
	The qemuMonitorCommonTestInit method did not allocate the
	test object, so it should not free it upon failure. Doing
	so causes a double free with the caller.

	Fix leak on OOM in qemuMonitorCommonTestNew
	Don't leak the path string in qemuMonitorCommonTestNew if
	an OOM occurs.

	Don't ignore errors parsing nwfilter rules
	For inexplicable reasons, the nwfilter XML parser is intentionally
	ignoring errors that arise during parsing. As well as meaning that
	users don't get any feedback on their XML mistakes, this will lead
	it to silently drop data in OOM conditions.

	Fix leak in virLockSpaceResourceFree
	Normally a lockspace resource is not freed while there are
	active owners. During initial resource creation though, an
	OOM error will trigger this scenario. virLockSpaceResourceFree
	was not freeing the 'owners' field in this case.

	Fix leak of parser state in virJSONValueFromString
	If OOM or another error occurs in virJSONValueFromString the
	parser state object will be leaked.

	Fix double-free in virJSONParserHandleStartMap on OOM
	If OOM occurs in virJSONParserHandleStartMap it will free
	a variable that is owned by another object. This leads to
	a later double-free.

	Fix leak of iterators in virDBusMessageIterEncode
	If virDBusMessageIterEncode hits an OOM condition it often
	leaks the memory associated with the dbus iterator object

	Don't print all test suite errors to stderr in vmx2xmltest
	The vmx2xmltest test would print all errors to stderr, which
	is not helpful when running OOM tests, and differs from the
	behaviour of other tests.

	Fix leak of comment string if virConfAddEntry fails on OOM
	The code parsing comments in config files called virConfAddEntry
	but did not check for failure. This caused the comment string to
	leak on OOM.

	Add missing check for OOM with virVMXEscapeHexPipe
	The virVMXFormatConfig called virVMXEscapeHexPipe but
	forgot to check for OOM. This caused data to silently
	be lost.

	Fix crash on OOM parsing storage pool XML
	The virStoragePoolDefParseSource method would set def->nhosts
	before allocating def->hosts. If the allocation failed due to
	OOM, the cleanup code would crash accessing out of bounds.

	Fix double free of hostdev on OOM in xenParseSxprPCI
	If xenParseSxprPCI failed to expand the def->hostdevs array
	due to OOM, it would free the hostdev instance twice.

	Don't clobber 'ret' in LXC XML test case
	The testCompareXMLToXMLHelper method clobbered the 'ret' variable
	in several places leading to a failure to report OOM errors from
	the test suite.

	Fix crash on OOM in virDomainSnapshotDefParse
	The virDomainSnapshotDefParse method assigned to def->ndisks
	before allocating def->disks. Thus if an OOM occurred, the
	cleanup code would access out of bounds.

	Don't clobber return value in virInterfaceDefParseProtoIPv6
	Several places in virInterfaceDefParseProtoIPv6 clobber the
	default 'ret' return value. So when jumping to cleanup on
	error, 'ret' may mistakenly be set to 0 instead of -1. This
	caused failure to report OOM errors, meaning data was silently
	lost during parsing.

	Fix handling of OOM when getting Xen dom ID
	The methods for obtaining the Xen dom ID cannot distinguish
	between returning -1 due to an error and returning -1 due to
	the domain being shutoff. Change them to return the dom ID
	via an output parameter.

	Fix crash on OOM in xenParseSxpr
	The xenParseSxpr method sets def->nconsoles to 1 before allocating
	the def->consoles array. If the allocation fails due to OOM the
	cleanup code will thus crash accessing out of bounds.

2013-09-25  Hongwei Bi  <hwbi2008@gmail.com>

	virsh-domain: Add a missing check and fix leak in cmdScreenshot

2013-09-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of serial value in xenFormatXM on OOM
	If an OOM occurs in xenFormatXM when formatting to the
	serial device value, the value is leaked.

	Fix broken formatting on OOM in xenFormatXM
	If an OOM occurs when xenFormatXM is setting the 'hpet'
	variable it is silently ignored. Fix it to propagate
	to the callers.

	Fix crash on OOM in xenParseXM handling consoles
	The xenParseXM sets def->nconsoles to 1 before claling
	VIR_REALLOC_N on def->consoles. So if the alloc fails
	due to OOM, the cleanup code will crash accessing a
	console that does not exist.

	Fix leak of char device in xenParseXM
	If an OOM occurs in xenParseXM, a virDomainChrDef may be
	leaked.

	Fix leak of command line args in qemuParseCommandLine
	If qemuParseCommandLine finds an arg it does not understand
	it adds it to the QEMU passthrough custom arg list. If the
	qemuParseCommandLine method hits an error for any reason
	though, it just does 'VIR_FREE(cmd)' on the custom arg list.
	This means all actual args / env vars are leaked. Introduce
	a qemuDomainCmdlineDefFree method to be used for cleanup.

	Fix leak in qemuParseCommandLine on OOM
	If the call to virDomainControllerInsert fails in
	qemuParseCommandLine, the controller struct is leaked.

2013-09-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak in qemuStringToArgvEnv upon OOM
	The 'qemuStringToArgvEnv' method splits up a string of command
	line env/args to an 'arglist' array. It then copies env vars
	to a 'progenv' array and args to a 'progargv' array. When
	copyin the env vars, it NULL-ifies the element in 'arglist'
	that is copied.

	Upon OOM the 'virStringListFree' is called on progenv and
	arglist. Unfortunately, because the elements in 'arglist'
	related to env vars have been set to NULL, the call to
	virStringListFree(arglist) doesn't free anything, even
	though some non-NULL args vars still exist later in the
	array.

	To fix this leak, stop NULL-ifying the 'arglist' elements,
	and change the cleanup code to only free elements in the
	'arglist' array, not 'progenv'.

2013-09-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix missing jump to error cleanup in qemuParseCommandLineDisk
	In a number of places in qemuParseCommandLineDisk, an error
	is reported, but no 'goto error' jump is used. This causes
	failure to report OOM conditions to the caller.

	Fix leak in qemuParseCommandLineDisk on OOM
	If OOM occurs in qemuParseCommandLineDisk some intermediate
	variables will be leaked when parsing Sheepdog or RBD disks.

	Fix leak on OOM in qemuBuildCommandLine dealing with sound card
	The qemuBuildCommandLine code for parsing sound cards will leak
	an intermediate variable if an OOM occurs. Move the free'ing of
	the variable earlier to avoid the leak.

	Fix failure to honour OOM status in qemuParseNBDString
	In qemuParseNBDString, if the virURIParse fails, the
	error is not reported to the caller. Instead execution
	falls through to the non-URI codepath causing memory
	leaks later on.

	Avoid leak in qemuParseRBDString on failure of qemuAddRBDHost
	If qemuAddRBDHost fails due to parsing problems or OOM, then
	qemuParseRBDString cleanup is skipped causing a memory leak.

	Fix leak of address string in qemuDomainPCIAddressGetNextSlot
	qemuDomainPCIAddressGetNextSlot has a loop for finding
	compatible PCI buses. In the loop body it creates a
	PCI address string, but never frees this. This causes
	a leak if the loop executes more than one iteration,
	or if a call in the loop body fails.

	Fix leak in virDomainDefParseXML parsing vcpupin
	If virBitmapNew fails due to OOM, the 'vcpupin' variable
	is leaked.

	Fix leak in virDomainVcpuPinDefParseXML parsing cpumask
	If the virBitmapParse method fails due to OOM, we leak
	the 'tmp' variable string.

	Avoid leak if virDomainSoundCodecDefParseXML return error
	If virDomainSoundCodecDefParseXML returns an error (eg due
	to OOM), then the xml nodeset codecNodes is leaked.

	Fix leak in virDomainVcpuPinDefArrayFree
	If virDomainVcpuPinDefArrayFree is called with def != NULL,
	but nvcpupin == 0, then it leaks memory for 'def'. This is
	an unusual scenario, but it hits when cleaning up after an
	OOM during parsing of XML.

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: prefer to put a Q35 machine's dmi-to-pci-bridge at 00:1E.0
	This resolves one of the issues listed in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

	00:1E.0 is the location of this controller on at least some actual Q35
	hardware, so we try to replicate the placement. The bridge should work
	just as well in any other location though, so if 00:1E.0 isn't
	available, just allow it to be auto-assigned anywhere appropriate.

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: turn if into switch in qemuDomainValidateDevicePCISlotsQ35
	This will make it simpler to add checks for other types of
	controllers.

	This is a prerequisite for patches to resolve:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: support ich9-intel-hda audio device
	This resolves one of the issues in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

	This device is identical to qemu's "intel-hda" device (known as "ich6"
	in libvirt), but has a different PCI device ID (which matches the ID
	of the hda audio built into the ich9 chipset, of course). It's not
	supported in earlier versions of qemu, so it requires a capability
	bit.

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: replace multiple strcmps with a switch on an enum
	I'm not sure why this code was written to compare the strings that it
	had just retrieved from an enum->string conversion, rather than just
	look at the original enum values, but this yields the same results,
	and is much more efficient (especially as you add more devices).

	This is a prerequisite for patches to resolve:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: allow some PCI devices to be attached to PCIe slots
	Part of the resolution to:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

	Although most devices available in qemu area defined as PCI devices,
	and strictly speaking should only be attached via a PCI slot, in
	practice qemu allows them to be attached to a PCIe slot and sometimes
	this makes sense.

	For example, The UHCI and EHCI USB controllers are usually attached
	directly to the PCIe "root complex" (i.e. PCIe slots) on real
	hardware, so that should be possible for a Q35-based qemu virtual
	machine as well.

	We still want to prefer a standard PCI slot when auto-assigning
	addresses, though, and in general to disallow attaching PCI devices
	via PCIe slots.

	This patch makes that possible by adding a new
	QEMU_PCI_CONNECT_TYPE_EITHER_IF_CONFIG flag. Three things are done
	with this flag:

	1) It is set for the "pcie-root" controller

	2) qemuCollectPCIAddress() now has a set of nested switches that set
	this "EITHER" flag for devices that we want to allow connecting to
	pcie-root when specifically requested in the config.

	3) qemuDomainPCIAddressFlagsCompatible() adds this new flag to the
	"flagsMatchMask" if the address being checked came from config rather
	than being newly auto-allocated by libvirt (this knowledge is
	conveniently already available in the "fromConfig" arg).

	Now any device having the EITHER flag set can be connected to
	pcie-root if explicitly requested, but auto-allocated addresses for
	those devices will still be standard PCI slots instead.

	This patch only loosens the restrictions on devices that have been
	specifically requested, but the setup is such that it should be fairly
	easy to add new devices.

2013-09-25  Laine Stump  <laine@laine.org>

	qemu: eliminate redundant if clauses in qemuCollectPCIAddress
	Replace them with switch cases. This will make it more efficient when
	we add exceptions for more controller types, and other device types.

	This is a prerequisite for patches to resolve:

	   https://bugzilla.redhat.com/show_bug.cgi?id=1003983

2013-09-25  Laszlo Ersek  <lersek@redhat.com>

	bridge driver: don't masquerade local subnet broadcast/multicast packets
	Packets sent by guests on virbrN, *or* by dnsmasq on the same, to
	- 255.255.255.255/32 (netmask-independent local network broadcast
	  address), or to
	- 224.0.0.0/24 (local subnetwork multicast range)
	are never forwarded, hence it is not necessary to masquerade them.

	In fact we must not masquerade them: translating their source addresses or
	source ports (where applicable) may confuse receivers on virbrN.

	One example is the DHCP client in OVMF (= UEFI firmware for virtual
	machines):

	  http://thread.gmane.org/gmane.comp.bios.tianocore.devel/1506/focus=2640

	It expects DHCP replies to arrive from remote source port 67. Even though
	dnsmasq conforms to that, the destination address (255.255.255.255) and
	the source address (eg. 192.168.122.1) in the reply allow the UDP
	masquerading rule to match, which rewrites the source port to or above
	1024. This prevents the DHCP client in OVMF from accepting the packet.

	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=709418

2013-09-25  Laszlo Ersek  <lersek@redhat.com>

	util/viriptables: add/remove rules that short-circuit masquerading
	The functions
	- iptablesAddForwardDontMasquerade(),
	- iptablesRemoveForwardDontMasquerade
	handle exceptions in the masquerading implemented in the POSTROUTING chain
	of the "nat" table. Such exceptions should be added as chronologically
	latest, logically top-most rules.

	The bridge driver will call these functions beginning with the next patch:
	some special destination IP addresses always refer to the local
	subnetwork, even though they don't match any practical subnetwork's
	netmask. Packets from virbrN targeting such IP addresses are never routed
	outwards, but the current rules treat them as non-virbrN-destined packets
	and masquerade them. This causes problems for some receivers on virbrN.

2013-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Wire up better early error reporting
	The previous patches added infrastructure to report better errors from
	monitor in some cases. This patch finalizes this "feature" by enabling
	this enhanced error reporting on early phases of VM startup. In these
	phases the possibility of qemu producing a useful error message is
	really high compared to running it during the whole life cycle. After
	the start up is complete, the feature is disabled to provide the usual
	error messages so that users are not confused by possibly irrelevant
	messages that may be in the domain log.

	The original motivation to do this enhancement is to capture errors when
	using VFIO device passthrough, where qemu reports errors after the
	monitor is initialized and the existing error catching code couldn't
	catch this producing a unhelpful message:

	 # virsh start test
	 error: Failed to start domain test
	 error: Unable to read from monitor: Connection reset by peer

	With this change, the message is changed to:

	 # virsh start test
	 error: Failed to start domain test
	 error: internal error: early end of file from monitor: possible problem:
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: error, group 8 is not viable, please ensure all devices within the iommu_group are bound to their vfio bus driver.
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: vfio: failed to get group 8
	 qemu-system-x86_64: -device vfio-pci,host=00:1a.0,id=hostdev0,bus=pci.0,addr=0x5: Device 'vfio-pci' could not be initialized

2013-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Produce better errors on monitor hangup
	Change the monitor error code to add the ability to access the qemu log
	file using a file descriptor so that we can dig in it for a more useful
	error message. The error is now logged on monitor hangups and overwrites
	a possible lesser error. A hangup on the monitor usualy means that qemu
	has crashed and there's a significant chance it produced a useful error
	message.

	The functionality will be latent until the next patch.

2013-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: monitor: Add infrastructure to access VM logs for better err msgs
	Early VM startup errors usually produce a better error message in the
	machine log file. Currently we were accessing it only when the process
	exited during certain phases of startup. This will help adding a more
	comprehensive error extraction for early qemu startup phases.

	This patch adds infrastructure to keep a file descriptor for the machine
	log file that will be used in case an error happens.

2013-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu_process: Make qemuProcessReadLog() more versatile and reusable
	Teach the function to skip character device definitions printed by qemu
	at startup in addition to libvirt log messages and make it usable from
	outside of qemu_process.c. Also add documentation about the func.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Check return value of virDomainControllerInsert when parsing QEMU args
	The parsing of '-usb' did not check for failure of the
	virDomainControllerInsert method. As a result on OOM, the
	parser mistakenly attached USB disks to the IDE controller.

	Honour error returned by virBitmapFormat
	The code formatting NUMA args was ignoring the return value
	of virBitmapFormat, so on OOM, it would silently drop the
	NUMA cpumask arg.

	Add missing check for OOM when building boot menu args
	When building boot menu args, if OOM occurred the CLI args
	would end up containing  'order=(null)' due to a missing
	call to 'virBufferError'.

	Fix format specifier for OOM test fprintfs
	The testutils.c file had some fprintfs which had not been
	converted from %d to %zu, when 'testCounter' change to be
	a size_t. This was a build breaker if --enable-test-oom
	was enabled

2013-09-24  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Since we're about to freeze, it's time to pick up the latest
	upstream gnulib.  Among other changes, gnulib now guarantees the
	use of some -f flags that we were previously manually adding.

	* .gnulib: Update to latest, in part for warning improvements.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Drop
	flags that are now guaranteed by gnulib.
	* bootstrap: Resync to gnulib.

2013-09-24  Claudio Bley  <cbley@av-test.de>

	Always open files in binary mode in virFDStreamOpenFileInternal
	On win32, using text mode for binary files might result in short
	reads since ASCII character 0x1A is interpreted as EOF. Also, it
	could lead to problems using the seek functions because of the \r
	handling.

	test: fix call to virFDStreamOpenFile in testDomainScreenshot
	N.B.  This had no ill effects as long as O_RDONLY is defined to
	      to be 0, such that the expression (O_RDONLY < 0) yielded 0
	      again.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Don't ignore allocation failure in virCommandAddEnvPassCommon
	The virCommandAddEnvPassCommon method ignored the failure to
	pre-allocate the env variable array with VIR_RESIZE_N. While
	this is harmless, it confuses the test harness which is trying
	to validate OOM handling of every individual allocation call.

	Fix reporting of errors in OOM injection code
	When the various viralloc.c functions were changed to use the
	normal error reporting code, the OOM injection code paths
	were not updated to report errors.

	Fix missing OOM check in qemuParseCommandLine when splitting strings
	The qemuParseCommandLine method did not check the return value of
	virStringSplit to see if OOM had occurred. This lead to dereference
	of a NULL pointer on OOM.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix error checking of qemuParseKeywords return status
	Most callers of qemuParseKeywords were assigning its return
	value to a 'size_t' variable. Then then also checked '< 0'
	for error condition, but this will never be true with the
	unsigned size_t variable. Rather than using 'ssize_t', change
	qemuParseKeywords so that the element count is returned via
	an output parameter, leaving the return value solely as an
	error indicator.

	This avoids a crash accessing beyond the end of an error
	upon OOM.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix allocation of arglist in qemuStringToArgvEnv
	In

	  commit 41b550567918790cb304378f39c3ba369bcca28e
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Wed Aug 28 15:01:23 2013 -0600

	    qemu: simplify list cleanup

	The qemuStringToArgvEnv method was changed to use virStringFreeList
	to free the 'arglist' array. This method assumes the string list
	array is NULL terminated, however, qemuStringToArgvEnv was not
	ensuring this when populating 'arglist'. This caused an out of
	bounds access by virStringFreeList when OOM occured in the initial
	loop of qemuStringToArgvEnv

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash on OOM in qemuAddRBDHost
	When parsing the RBD hosts, it increments the 'nhosts' counter
	before increasing the 'hosts' array allocation. If an OOM then
	occurs when increasing the array allocation, the cleanup block
	will attempt to access beyond the end of the array. Switch
	to using VIR_EXPAND_N instead of VIR_REALLOC_N to protect against
	this mistake

	Fix crash on OOM in qemuDomainCCWAddressSetCreate()
	If OOM occurs in qemuDomainCCWAddressSetCreate, it jumps to
	a cleanup block and frees the partially initialized object.
	It then mistakenly returns the address of the just free'd
	pointer instead of NULL.

	Fix crash if OOM occurs when creating virConnectPtr
	If a OOM error occurs in virGetConnect, this may cause the
	virConnectDispose method to de-reference a NULL pointer,
	since the close callback will not have been initialized.

	Fix crash on OOM in parsing CPU mask in domain XML
	The virDomainDefParseXML method did not check the return value
	of the virBitmapNew API call for NULL. This lead to a crash on
	OOM

	Fix crash on OOM when parsing disk security label
	If an OOM error occurs in virSecurityDeviceLabelDefParseXML the
	cleanup code may free an uninitialized pointer, causing a crash

2013-09-24  lawrancejing  <lawrancejing@gmail.com>

	conf: Fix virNetworkAssignDef's comment.

2013-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for virNetServerClient object identity code
	Start a test case for the virNetServerClient object, which
	initially checks the creation of a virIdentityPtr object.

	Add a virNetSocketNewConnectSockFD method
	To allow creation of a virNetSocketPtr instance from a pre-opened
	socketpair FD, add a virNetSocketNewConnectSockFD method.

2013-09-24  Giuseppe Scrivano  <gscrivan@redhat.com>

	python: add bindings for virConnectGetCPUModelNames

	virsh: add function to get the CPU models for an arch

	virConnectGetCPUModelNames: add the support for the test protocol

2013-09-23  Giuseppe Scrivano  <gscrivan@redhat.com>

	virConnectGetCPUModelNames: add the support for qemu

	virConnectGetCPUModelNames: implement the remote protocol

	cpu: add function to get the models for an arch

	libvirt: add new public API virConnectGetCPUModelNames
	The new function virConnectGetCPUModelNames allows to retrieve the list
	of CPU models known by the hypervisor for a specific architecture.

2013-09-23  Eric Blake  <eblake@redhat.com>

	build: ensure 'make check' sees up-to-date config.h
	Nehal J. Wani reported on IRC a rather interesting build failure:

	In file included from util/virnetdevbridge.c:53:0:
	/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
	 struct in6_addr {
	        ^

	I traced it to the fact that he ran 'git pull; make check' across
	commit e62e0094.  What happened is that the configure changes
	result in a new variable that was set to be defined on his system,
	but config.h was not regenerated to contain the value of that
	variable.  Running 'make' instead of 'make check' cleaned up the
	problem.  A bit more investigation, and I see that in Makefile.am,
	automake sticks rules that rebuild config.h as part of 'make all',
	and that we also had a dependency 'check-local: all'; BUT the
	rule for check-local is run only at the point when the top-level
	directory is visited.  Automake documents that SUBDIRS should
	contain an explicit '.' at the point the top-level should be
	visited (defaulting to last, if it doesn't appear).  Sure enough,
	with this patch, 'make check' now does the top-level 'all' rules,
	which regenerates 'config.h' BEFORE compiling any code that might
	depend on changed content of that file.

	* Makefile.am (SUBDIRS): Put '.' first, not last.

2013-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in identity code which is pre-requisite for CVE-2013-4311
	The fix for CVE-2013-4311 had a pre-requisite enhancement
	to the identity code

	  commit db7a5688c05f3fd60d9d2b74c72427eb9ee9c176
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Thu Aug 22 16:00:01 2013 +0100

	    Also store user & group ID values in virIdentity

	This had a typo which caused the group ID to overwrite the
	user ID string. This meant any checks using this would have
	the wrong ID value. This only affected the ACL code, not the
	initial polkit auth. It also leaked memory.

2013-09-23  Jiri Denemark  <jdenemar@redhat.com>

	docs: Load libvirt_access*.xml from build dir
	The xml files are generated in build directory and thus docs/newapi.xsl
	was not able to find them in a VPATH build.

2013-09-23  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: Check the existence of dir before resolving symlinks
	If a dir does not exist, raise an immediate error in logs
	rather than letting virFileResolveAllLinks fail, since this
	gives better error reporting to the user.

	LXC: follow the unit style of /proc/meminfo
	When FUSE is enabled, the LXC container is setup with
	a custom /proc/meminfo file. This file uses "KB" as a
	suffix, rather than "kB" which is the kernel's style.
	Fix this inconsistency to avoid confusing apps.

2013-09-22  Peter Krempa  <pkrempa@redhat.com>

	conf: Do better job when comparing features ABI compatibility
	The ABI compatibility check for domain features didn't check the
	expanded HyperV and APIC EOI values, thus possibly allowing change in
	guest ABI.

	Add the check and use typecasted switch statement to warn developers
	when adding a new HyperV feature.

2013-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential use of uninitialized value in virDomainGetVcpuPinInfo
	The virDomainGetVcpuPinInfo python wrapper had a potential use of
	uninitialized values

2013-09-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix seamless SPICE migration
	Since the wait is done during migration (still inside
	QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
	in order to prohibit all other jobs from interfering in the meantime.
	This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
	waiting on the monitor condition and after GetSpiceMigrationStatus
	mangled its internal data, the daemon crashed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886

2013-09-20  Doug Goldstein  <cardoe@cardoe.com>

	VMware: Make version parsing testable and add tests
	This splits up the version parsing code into a callable API like QEMU
	help/version string parsing so that we can test it as we need to add
	additional patterns for newer versions/products.

	VMware: Store vmrun binary's path in the driver
	Rather than looking up the path to vmrun each time we call it, look it
	up once and save it. This sets up the ability for us to detect where the
	path is on Mac OS X and not have to look it up each time we execute it.

	VMware: Convert driver type defines to enum
	The VMware driver supports multiple backends for the VMware Player and
	VMware Workstation, convert this logic into enum and use VIR_ENUM_IMPL()
	to provide conversions to and from strings.

2013-09-20  Ján Tomko  <jtomko@redhat.com>

	Don't dereference NULL in qemumonitorjsontest
	In case of an error, qemuMonitorTestNewSimple returns NULL.
	Error out instead of dereferencing it.

	Found by Coverity, reported by John Ferlan.

2013-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Add checking of dbus_message_iter_append_basic return value
	Coverity complains that the test suite did not check the
	return value of dbus_message_iter_append_basic() as we did
	in most other places.

2013-09-20  Laine Stump  <laine@laine.org>

	qemu: use "ide" as device name for implicit SATA controller on Q35
	This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1008903

	The Q35 machinetype has an implicit SATA controller at 00:1F.2 which
	isn't given the "expected" id of ahci0 by qemu when it's created. The
	original suggested solution to this problem was to not specify any
	controller for the disks that use the default controller and just
	specify "unit=n" instead; qemu should then use the first IDE or SATA
	controller for the disk.

	Unfortunately, this "solution" is ignorant of the fact that in the
	case of SATA disks, the "unit" attribute in the disk XML is actually
	*not* being used for the unit, but is instead used to specify the
	"bus" number; each SATA controller has 6 buses, and each bus only
	allows a single unit. This makes it nonsensical to specify unit='n'
	where n is anything other than 0. It also means that the only way to
	connect more than a single device to the implicit SATA controller is
	to explicitly give the bus names, which happen to be "ide.$n", where
	$n can be replaced by the disk's "unit" number.

2013-09-20  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Avoid dead code in polkit auth

2013-09-19  Simone Gotti  <simone.gotti@gmail.com>

	virsh: add missing "async" option in opts_block_commit
	After commit 8aecd351266a66efa59b7f7be77bf66693d99ce0 it'll detect
	that a required option is not defined and it will assert and exit with:

	virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.

	Problem has been latent since commit ed23b106.

2013-09-19  Michal Privoznik  <mprivozn@redhat.com>

	qemumonitorjsontest: Introduce DO_TEST_SIMPLE
	This macro is there to test the simplest monitor functions we have,
	those in the form of: int ( *func) (qemuMonitorPtr). So far, we have
	seven such functions.

	qemumonitorjsontest: Test CPU state handling code

2013-09-19  Christophe Fergeau  <cfergeau@redhat.com>

	daemon: Remove more hardcoded paths from help output
	A previous patch used existing #define for the various files in /etc/pki
	instead of hardcoding them in the help output. However I missed that
	remote_driver.h contains #define for more paths that are present
	in the daemon help output.
	This commit uses the existing constants for the path to the
	configuration file and to the libvirt sockets.

	Fix LIBVIRTD_CONFIGURATION_FILE constant
	It's not used anywhere, but should be pointing to
	$sysconfdir/libvirt/libvirtd.conf, not $sysconfdir/libvirtd.conf

2013-09-18  Jonathan Lebon  <jlebon@redhat.com>

	docs: fix virEventAddHandle return details
	In commit 6d41cb8, the interface for virEventAddHandleFunc was changed.
	This patch updates the documentation for virEventAddHandle to reflect
	the new significance of the return value. Also, both functions now
	mention -1 for failure.

2013-09-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
	The 'stats' variable was not initialized to NULL, so if some
	early validation of the RPC call fails, it is possible to jump
	to the 'cleanup' label and VIR_FREE an uninitialized pointer.
	This is a security flaw, since the API can be called from a
	readonly connection which can trigger the validation checks.

	This was introduced in release v0.9.1 onwards by

	  commit 158ba8730e44b7dd07a21ab90499996c5dec080a
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Apr 13 16:21:35 2011 +0100

	    Merge all returns paths from dispatcher into single path

2013-09-18  Giuseppe Scrivano  <gscrivan@redhat.com>

	doc: fix XML for the RNG device example
	Add a missing '/' to close the "source" element.

2013-09-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
	With the existing pkcheck (pid, start time) tuple for identifying
	the process, there is a race condition, where a process can make
	a libvirt RPC call and in another thread exec a setuid application,
	causing it to change to effective UID 0. This in turn causes polkit
	to do its permission check based on the wrong UID.

	To address this, libvirt must get the UID the caller had at time
	of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
	triple to the pkcheck program.

	This fix requires that libvirt is re-built against a version of
	polkit that has the fix for its CVE-2013-4288, so that libvirt
	can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

2013-09-18  Daniel P. Berrange  <berrange@redhat.com>

	Ensure system identity includes process start time
	The polkit access driver will want to use the process start
	time field. This was already set for network identities, but
	not for the system identity.

	Also store user & group ID values in virIdentity
	Future improvements to the polkit code will require access to
	the numeric user ID, not merely user name.

2013-09-18  Christophe Fergeau  <cfergeau@redhat.com>

	daemon: Don't hardcode pki paths in help output
	There are constants for these paths in remote_driver.h so we can
	use these rather than duplicating them in the help output.

	daemon: Fix 'caert.pem' typo in privileged help output
	The help message indicates that the CA certificate is
	$sysconfdir/pki/CA/caert.pem while the actual path is
	$sysconfdir/pki/CA/cacert.pem

2013-09-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid dangling job in qemuDomainSetBlockIoTune
	virDomainSetBlockIoTuneEnsureACL was incorrectly called after we already
	started a job. As a result of this, the job was not cleaned up when an
	access driver had forbidden the action.

2013-09-18  Tomas Meszaros  <exo@tty.sk>

	virsh: Add vshCompleter to each option
	completer and completer_flags added to the _vshCmdOptDef
	structure so it will be possible for completion generators to
	conveniently call option completer functions with desired flags.

2013-09-18  Diego Woitasen  <diego.woitasen@vhgroup.net>

	Add forwarder attribute to <dns/> element
	Useful to set custom forwarders instead of using the contents of
	/etc/resolv.conf. It helps me to setup dnsmasq as local nameserver to
	resolve VM domain names from domain 0, when domain option is used.

2013-09-17  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Add a VMWare Fusion 5 configuration for tests
	A user was having an issue with this specific VMWare Fusion config and
	he gave me permission to add it as part of our test suite to further
	expand our VMX test coverage. Unfortunately our VMX parser and
	generator does not support many features contained within and just
	silently ignores fields it does not understand so they had to
	be removed out in the xml2vmx test. The original unmodified version
	exists in the vmx2xml test.

2013-09-17  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Add support for 'auto detect' fileNames
	VMWare Fusion 5 can set the CD-ROM's device name to be 'auto detect' when
	using the physical drive via 'cdrom-raw' device type. VMWare will then
	connect to first available host CD-ROM to the virtual machine upon start
	up according to VMWare documentation. If no device is available, it
	appears that the device will remain disconnected.

	To better model this a CD-ROM that is marked as "auto detect" when in
	the off state would be modeled as the following with this patch:
	  <disk type='block' device='lun'>
	    <source startupPolicy='optional'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>

	Once the domain transitions to the powered on state, libvirt can
	populate the remaining source data with what is connected, if anything.
	However future power cycles, the domain may not always start with that
	device attached.

2013-09-17  Doug Goldstein  <cardoe@cardoe.com>

	Allow <source> for type=block to have no dev
	Currently the XML parser already allows the following syntax:
	  <disk type='block' device='cdrom'>
	    <source startupPolicy='optional'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>

	But it if the dev value is NULL then it would not have the leading
	"<source ", resulting in invalid XML.

2013-09-17  Eric Blake  <eblake@redhat.com>

	build: skip ld_preload tests on non-Linux systems
	A cross build to mingw fails with:

	  CC       virsystemdtest-virsystemdtest.o
	../../tests/virsystemdtest.c: In function 'testCreateNoSystemd':
	../../tests/virsystemdtest.c:97:9: error: implicit declaration of function 'unsetenv' [-Werror=implicit-function-declaration]
	         unsetenv("FAIL_NO_SERVICE");
	         ^
	../../tests/virsystemdtest.c:97:9: error: nested extern declaration of 'unsetenv' [-Werror=nested-externs]

	We could cop out and pull in the gnulib unsetenv module.  But when
	you stop and think about it, this test requires LD_PRELOAD to work,
	and systemd is a Linux-only concept anyways, both of which mean
	the test could never work on mingw in the first place.  Simpler is
	to just fix the test to behave like our other LD_PRELOAD tests.

	* tests/virsystemdtest.c: Provide non-Linux implementation.

2013-09-17  Eric Blake  <eblake@redhat.com>

	build: hoist system-specific checks before library checks
	Commit f92c7e3 fixed a regression for native builds, but introduced
	a regression for cross-compilation builds; in particular,
	./autobuild.sh on a Fedora system with mingw cross-compiler fails
	with:

	checking for qemu-kvm... /usr/bin/qemu-kvm
	checking for yajl_parse_complete in -lyajl... no
	checking for yajl_tree_parse in -lyajl... no
	configure: error: You must install the libyajl library & headers to compile libvirt

	Since we default $with_qemu to 'yes' rather than 'check', and then
	flip that default based on platform-specific checks, those platform
	specifics need to come prior to any library checks that depend on
	the value of $with_qemu.

	* configure.ac: Ensure system defaults are sane before checking
	for things that make decisions based on system default.

2013-09-17  Eric Blake  <eblake@redhat.com>

	maint: ignore recently-added test
	* .gitignore: Ignore metadatatest.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	tests: metadatatest: Quiesce errors on expected paths
	Use the helper added in previous patch to quiesce errors from this test
	that was spamming logs on normal test runs.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	test: Refactor setting of dummy error handlers
	Multiple tests need to register a function to quiesce errors from
	libvirt when using a connection and doing negative tests. Each of those
	tests had a static function to do so. This can be replaced by a utility
	function that enables the errors when debug is enabled.

	This patch adds virtTestQuiesceLibvirtErrors() and refactors test that
	use private handlers.

2013-09-17  Aline Manera  <alinefm@br.ibm.com>

	Add tftp protocol support for cdrom disk
	qemu/KVM also supports a tftp URL while specifying the cdrom ISO image.

	The xml should be as following:

	    <disk type='network' device='cdrom'>
	      <source protocol='tftp' name='/url/path'>
	        <host name='host.name' port='69'/>
	      </source>
	    </disk>

2013-09-17  Aline Manera  <alinefm@br.ibm.com>

	Add ftps protocol support for cdrom disk
	The ftps protocol is another protocol supported by qemu/KVM while specifying
	the cdrom ISO image.

	The xml should be as following:

	    <disk type='network' device='cdrom'>
	      <source protocol='ftps' name='/url/path'>
	        <host name='host.name' port='990'/>
	      </source>
	    </disk>

2013-09-17  Aline Manera  <alinefm@br.ibm.com>

	Add https protocol support for cdrom disk
	The https protocol is also accepted by qemu/KVM when specifying the cdrom ISO
	image.

	The xml should be as following:

	    <disk type='network' device='cdrom'>
	      <source protocol='https' name='/url/path'>
	        <host name='host.name' port='443'/>
	      </source>
	    </disk>

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't shadow global variable "remove" in cmdMetadata
	Some systems apparently have a global variable/function called remove
	and thus break compilation of virsh-domain.c. Rename the variable to
	avoid this.

	Reported by GuanQiang.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Avoid false positive of uninitialized variable use
	GCC 4.8.0+ whines about variable "new" being uninitialized since
	commit 73bfac0e7182a3abd. This is a false positive as the
	xmlFreeNode(new) statement can be only reached if new was actually
	allocated successfully.

	  CC       conf/libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c: In function 'virDomainDefSetMetadata':
	  conf/domain_conf.c:18650:24: error: 'new' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	               xmlFreeNode(new);

	Reported independently by John Ferlan and Michal Privoznik.

2013-09-17  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build of remote driver
	Commit 073e1575 tried to set things up so that 1) generated files
	to be shipped in the tarball always live in srcdir, and 2) we have
	no files in SOURCES that depend on any other files with a literal
	$(srcdir) in the name, because that situation can cause confusing
	results for the make expansion of $@ depending on whether the file
	is found locally or via VPATH.  But all my testing for that patch
	was done incrementally, where all the protocol.[ch] files had
	already been generated prior to the patch and were up-to-date in
	the srcdir, and thus I missed one case where $@ causes grief in a
	VPATH build from a fresh checkout:

	We have a pattern rule for generating remote_protocol.[ch], and
	what's more, the rule for protocol.c depends on protocol.h AND
	on the protocol.x file.  The pattern for protocol.c is only
	satisfied via the VPATH lookup for protocol.x, and if protocol.h
	doesn't yet exist, the VPATH rule kicks in and we end up with a
	dependency on a file with $(srcdir) in the name.  Based on make's
	rules for $@, this resulted in make building remote_protocol.h
	into srcdir (where we want it), then remote_protocol.c into
	builddir (oops, not so good for the tarball), and also causes
	the build to fail (the compiler can't find the .h if it lives
	in a different directory than the .c):

	  CC       remote/libvirt_driver_remote_la-remote_protocol.lo
	remote/remote_protocol.c:7:29: fatal error: remote_protocol.h: No such file or directory
	 #include "remote_protocol.h"
	                             ^
	compilation terminated.

	As before, the fix is to hard-code the output file to go into
	srcdir in spite of $@; but since this is in a pattern rule, we
	are forced to use $@ in the recipe, so the patch is a bit
	trickier than what was done in commit 073e1575.

	* src/Makefile.am (%protocol.c, %protocol.h): Force output to srcdir.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't corrupt metadata on OOM
	Eric Blake suggested that we could do a little better in case copying of
	the metadata to be set fails. With this patch, the old metadata is
	discarded after the new string is copied successfuly.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix memleak after commit 59898a88ce8431bd3ea249b8789edc2ef9985827
	If the ABI compatibility check with the "migratable" user XML is
	successful, we would leak the originally parsed XML from the user that
	would not be used in this case.

	Reported by Ján Tomko.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	tests: Add metadata tests
	This test exercises the virDomain[Get|Set]Metadata API and tests it for
	regressions

	test: Add <metadata> support into the test driver

	lxc: Add metadata modification APIs

	lib: Don't force the key argument when deleting metadata
	virDomainSetMetadata when operating on the metadata element was
	requesting the @key argument to be passed even if @metadata was NULL
	used to delete the corresponding metadata element. This is not needed as
	the key is only used when adding the element and matching is done via
	the XML namespace.

	conf: allow to add XML metadata using the virDomainSetMetadata api
	The functionality wasn't originally implemented. This patch adds the
	ability to modify domain's XML metadata using the API.

	conf: Add support for requesting of XML metadata via the API
	The virDomainGetMetadata function was designed to support also retrieval
	of app specific metadata from the <metadata> element. This functionality
	was never implemented originally.

	virsh-domain: Add command to allow modifications of XML metadata
	The metadata modification functions will support modification of the XML
	metadata. Add a virsh command to allow using this approach.

	virsh-domain: use virXMLNodeToString instead of xmlNodeDump

	util: Add helper to convert libxml2 nodes to a string

	conf: Factor out setting of metadata to simplify code
	The code to set the metadata in a domain definition is common to live
	and inactive domains. Factor it out into a common func.

	qemu: Factor out body of qemuDomainSetMetadata for universal use
	The function implemented common behavior that can be reused for other
	hypervisor drivers that use the virDomainObj data structures. Factor out
	the core into a separate helper func.

	qemu: Factor out body of qemuDomainGetMetadata for universal use
	The function implemented common behavior that can be reused for other
	hypervisor drivers that use the virDomainObj data structures. Factor out
	the core into a separate helper func.

	virsh-domain: Line up signal names array
	Line up the array so that the grid is visible.

	virsh-domain: Remove spurious ATTRIBUTE_UNUSED from cmdDesc
	The "cmd" variable is actually used so remove the attribute.

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use "migratable" XML definition when doing external checkpoints
	In the original implementation of external checkpoints I've mistakenly
	used the live definition to be stored in the save image. The normal
	approach is to use the "migratable" definition. This was discovered when
	commit 07966f6a8b5ccb5bb4c716b25deb8ba2e572cc67 changed the behavior to
	use a converted XML from the user to do the compatibility check to fix
	problem when using the regular machine saving.

	As the previous patch added a compatibility layer, we can now change the
	type of the XML in the image.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1008340

2013-09-17  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix checking of ABI stability when restoring external checkpoints
	External checkpoints have a bug in the implementation where they use the
	normal definition instead of the "migratable" one. This causes errors
	when the snapshot is being reverted using the workaround method via
	qemuDomainRestoreFlags() with a custom XML. This issue was introduced
	when commit 07966f6a8b5ccb5bb4c716b25deb8ba2e572cc67 changed the code to
	compare "migratable" XMLs from the user as we should have used
	migratable in the image too.

	This patch adds a compatibility layer, so that fixing the snapshot code
	won't make existing snapshots fail to load.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1008340

2013-09-17  Hongwei Bi  <hwbi2008@gmail.com>

	virsh: Fix a wrong check in cmdEcho()
	What should be checked here is xmlbuf rather than buf.

2013-09-16  Doug Goldstein  <cardoe@cardoe.com>

	Allow LUN type disks to have no source
	CD-ROMs and Floppies are allowed to have no source to imply they are
	empty or disconnected. Since the LUN type is used for raw CD-ROM access
	with QEMU (and VMWare in the future), it also needs to allow an empty
	source when the raw CD-ROM device is disconnected from the domain.

2013-09-16  Ján Tomko  <jtomko@redhat.com>

	Always free network and graphics cookies
	qemuMigrationEatCookie has flags to control if these should
	be parsed, but it does not fill mig->flags. These cookies might
	get leaked if these flags are not set by qemuMigrationBakeCookie.

	42 (32 direct, 10 indirect) bytes in 1 blocks are definitely lost in
	loss record 361 of 662
	==123== by 0x1BA33FCA: qemuMigrationEatCookie (qemu_migration.c:678)
	==123== by 0x1BA34A1E: qemuMigrationRun (qemu_migration.c:3108)
	==123== by 0x1BA3622B: doNativeMigrate (qemu_migration.c:3343)
	==123== by 0x1BA3B408: qemuMigrationPerform (qemu_migration.c:4138)

2013-09-16  Ján Tomko  <jtomko@redhat.com>

	Free slicename in virSystemdCreateMachine
	https://bugzilla.redhat.com/show_bug.cgi?id=1008619

	1,003 bytes in 1 blocks are definitely lost in loss record 599 of 635
	==404== by 0x50728A7: virBufferAddChar (virbuffer.c:185)
	==404== by 0x50BC466: virSystemdEscapeName (virsystemd.c:67)
	==404== by 0x50BC6B2: virSystemdMakeSliceName (virsystemd.c:108)
	==404== by 0x50BC870: virSystemdCreateMachine (virsystemd.c:169)
	==404== by 0x5078267: virCgroupNewMachine (vircgroup.c:1498)

2013-09-16  Eric Blake  <eblake@redhat.com>

	build: make autobuild require rpm build deps
	I spent far too long on a new machine trying to figure out why
	./autobuild.sh failed due to an rpm build failure (complaining
	that libvirt_parthelper was supposed to be packaged but was not
	built), and finally traced it to a missing parted-devel
	installation.  I learned that --nodeps is in place for
	autobuilder setups, but for developers, removing it would make
	rpmbuild error out much sooner for a less cryptic failure.

	* autobuild.sh: Conditionally drop --nodeps from rpmbuild lines.

2013-09-16  Eric Blake  <eblake@redhat.com>

	build: fix build with latest rawhide kernel headers
	Bother those kernel developers.  In the latest rawhide, kernel
	and glibc have now been unified so that <netinet/in.h> and
	<linux/in6.h> no longer clash; but <linux/if_bridge.h> is still
	not self-contained.  Because of the latest header change, the
	build is failing with:

	checking for linux/param.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

	with details:

	In file included from conftest.c:561:0:
	/usr/include/linux/in6.h:71:18: error: field 'flr_dst' has incomplete type
	  struct in6_addr flr_dst;

	We need a workaround to avoid our workaround :)

	* configure.ac (NETINET_LINUX_WORKAROUND): New test.
	* src/util/virnetdevbridge.c (includes): Use it.

2013-09-16  Peter Krempa  <pkrempa@redhat.com>

	cgroup: Move [qemu|lxc]GetCpuBWStatus to vicgroup.c and refactor it
	The function existed in two identical instances in lxc and qemu. Move it
	to vircgroup.c and simplify it. Refactor the callers too.

	cleanup: Kill usage of access(PATH, F_OK) in favor of virFileExists()
	Semantics of the libvirt helper are more clear. This change also allows
	to clean up some pieces of code.

	util: Declare that virFileExists shall honor errno
	Explicitly state that some parts of the code may require virFileExists
	to set or preserve a correct errno so that future modifications don't
	break.

2013-09-16  yangdongsheng  <yangds.fnst@cn.fujitsu.com>

	virsh: move command maxvcpus from domain group to host group.
	Since the maxvcpus command query the maximum number of virtual
	CPUs supported for a guest VM on this connection, it should be
	in virsh-host.c but not virsh-domain.c.

2013-09-14  Guido Günther  <agx@sigxcpu.org>

	Explicitly link libvirt_net_rpc against SELINUX_LIBS
	Since virnetsocket conditionally uses selinux we need to link against it
	otherwise the build fails with:

	CCLD     libvirtd
	/usr/bin/ld: ../src/.libs/libvirt-lxc.so: undefined reference to symbol 'freecon'
	/lib/i386-linux-gnu/libselinux.so.1: error adding symbols: DSO missing from command line
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

2013-09-13  Eric Blake  <eblake@redhat.com>

	docs: mention hostname subtlety
	An off-list bug report mentioned some confusion where the public
	documentation of libvirt.c:virConnectGetHostname did not match
	the private documentation of util/virutil.c:virGetHostname.

	* src/libvirt.c (virConnectGetHostname): Tweak docs.

2013-09-13  Alex Jia  <ajia@redhat.com>

	tools: add missing 'interface' type and update man page

2013-09-13  Martin Kletzander  <mkletzan@redhat.com>

	tests: Don't test user config file if ran as root

	test-lib: Make case skipping possible

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix naming of permission for detecting storage pools
	The VIR_ACCESS_PERM_CONNECT_DETECT_STORAGE_POOLS enum
	constant had its string format be 'detect_storage_pool',
	note the missing trailing 's'. This prevent the ACL
	check from ever succeeding. Fix this and add a simple
	test script to validate this problem of matching names.

2013-09-12  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: don't try to mount selinux filesystem when user namespace enabled
	Right now we mount selinuxfs even user namespace is enabled and
	ignore the error. But we shouldn't ignore these errors when user
	namespace is not enabled.

	This patch skips mounting selinuxfs when user namespace enabled.

2013-09-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix checking of guest ABI compatibility when reverting snapshots
	When reverting a live internal snapshot with a live guest the ABI
	compatiblity check was comparing a "migratable" definition with a normal
	one. This resulted in the check failing with:

	revert requires force: Target device address type none does not match source pci

	This patch generates a "migratable" definition from the actual one to
	check against the definition from the snapshot to avoid this problem.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1006886

2013-09-12  Laine Stump  <laine@laine.org>

	netcf driver: use a single netcf handle for all connections
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=983026

	The netcf interface driver previously had no state driver associated
	with it - as a connection was opened, it would create a new netcf
	instance just for that connection, and close it when it was
	finished. the problem with this is that each connection to libvirt
	used up a netlink socket, and there is a per process maximum of ~1000
	netlink sockets.

	The solution is to create a state driver to go along with the netcf
	driver. The state driver will opens a netcf instance, then all
	connections share that same netcf instance, thus only a single
	netlink socket will be used no matter how many connections are mde to
	libvirtd.

	This was rather simple to do - a new virObjectLockable class is
	created for the single driverState object, which is created in
	netcfStateInitialize and contains the single netcf handle; instead of
	creating a new object for each client connection, netcfInterfaceOpen
	now just increments the driverState object's reference count and puts
	a pointer to it into the connection's privateData. Similarly,
	netcfInterfaceClose() just un-refs the driverState object (as does
	netcfStateCleanup()), and virNetcfInterfaceDriverStateDispose()
	handles closing the netcf instance. Since all the functions already
	have locking around them, the static lock functions used by all
	functions just needed to be changed to call virObjectLock() and
	virObjectUnlock() instead of directly calling the virMutex* functions.

2013-09-12  Laine Stump  <laine@laine.org>

	rename "struct interface_driver" to virNetcfDriverState
	This better fits the modern naming scheme in libvirt, and anticipates
	an upcoming change where a single instance of this state will be
	maintained by a separate state driver, and every instance of the netcf
	driver will share the same state.

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure root filesystem is recursively mounted readonly
	If the guest is configured with

	    <filesystem type='mount'>
	      <source dir='/'/>
	      <target dir='/'/>
	      <readonly/>
	    </filesystem>

	Then any submounts under / should also end up readonly, except
	for those setup as basic mounts. eg if the user has /home on a
	separate volume, they'd expect /home to be readonly, but we
	should not touch the /sys, /proc, etc dirs we setup ourselves.

	Users can selectively make sub-mounts read-write again by
	simply listing them as new mounts without the <readonly>
	flag set

	    <filesystem type='mount'>
	      <source dir='/home'/>
	      <target dir='/home'/>
	    </filesystem>

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Move array of mounts out of lxcContainerMountBasicFS
	Move the array of basic mounts out of the lxcContainerMountBasicFS
	function, to a global variable. This is to allow it to be referenced
	by other methods wanting to know what the basic mount paths are.

	Add some notes about security considerations when using LXC
	Describe some of the issues to be aware of when configuring LXC
	guests with security isolation as a goal.

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix launching of VMs on when only logind part of systemd is present
	Debian systems may run the 'systemd-logind' daemon, which causes the
	/sys/fs/cgroup/systemd  mount to be setup, but no other cgroup
	controllers are created. While the LXC driver considers cgroups to
	be mandatory, the QEMU driver is supposed to accept them as optional.

	We detect whether they are present by looking in /proc/mounts for
	any mounts of type 'cgroups', but this is not sufficient. We need to
	skip any named mounts (as seen by a name=XXX string in the mount
	options), so that we only detect actual resource controllers.

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721979

2013-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix polkit permission names for storage pools, vols & node devices
	The polkit access driver used the wrong permission names for checks
	on storage pools, volumes and node devices. This led to them always
	being denied access.

	The 'dettach' permission was also mis-spelt and should have been
	'detach'. While permission names are ABI sensitive, the fact that
	the code used the wrong object name for checking node device
	permissions, means that no one could have used the mis-spelt
	'dettach' permission.

2013-09-12  Jiri Denemark  <jdenemar@redhat.com>

	virsh domjobinfo: Do not return 1 if job is NONE
	https://bugzilla.redhat.com/show_bug.cgi?id=1006864

	Commit 38ab1225 changed the default value of ret from true to false but
	forgot to set ret = true when job is NONE. Thus, virsh domjobinfo
	returned 1 when there was no job running for a domain but it used to
	(and should) return 0 in this case.

2013-09-12  Daniel Veillard  <veillard@redhat.com>

	Repair the search on libvirt.org
	First make sure that the input is xhtml as the stylesheets expect
	namespaced element, then use a span element instead of a as a
	is treated specially, finally adjust the makefile to check for
	the new span element and replace it with the PHP code

2013-09-12  Michal Novotny  <minovotn@redhat.com>

	api-docs: Fix description of virConnectGetType() API function
	This fixes the description of virConnectGetType() API function in
	API documentation to match the real functionality that it can be
	used to get driver name, and provide a hint on how to learn about
	full capabilities.

2013-09-11  Eric Blake  <eblake@redhat.com>

	build: require libnl-3 if netcf uses it
	Commits 9298bfb and f6c2951 both tried to make it possible to
	select the correct libnl (1 vs. 3) according to what netcf
	used, when both libraries are installed.  This works to avoid
	libnl-3 when netcf used libnl-1.  But on the converse side, if
	only libnl-1 development code is installed, while netcf uses
	libnl-3, then configure happily uses libnl-1 anyways, leading
	to a test failure:

	$ VIR_TEST_DEBUG=1 ./virdrivermoduletest
	TEST: virdrivermoduletest
	 1) Test driver "network"                                             ... OK
	 2) Test driver "storage"                                             ... OK
	 3) Test driver "nodedev"                                             ... OK
	 4) Test driver "secret"                                              ... OK
	 5) Test driver "nwfilter"                                            ... OK
	 6) Test driver "interface"
	... lt-virdrivermoduletest: route/tc.c:973: rtnl_tc_register: Assertion
	`0' failed.
	Aborted

	It's much nicer to prevent this at configure time, by requiring that
	if we know what netcf used, then we want the same libnl version.  As
	before, this can be bypassed by someone who knows what they are doing
	by setting LIBNL_CFLAGS (perhaps useful to the rare person where the
	build box has a different version of netcf than the installation box).

	* configure.ac (LIBNL): If we can prove netcf used libnl-3, then
	don't let configure succeed with libnl-1.

2013-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix virsystemdtest for previous commit
	The change to query org.freedesktop.DBus.ListActivatableNames
	to detect systemd broke the test suite, since we did not have
	stubs to respond to this dbus call.

2013-09-11  Gao feng  <gaofeng@cn.fujitsu.com>

	DBus: introduce virDBusIsServiceEnabled
	This patch introduces virDBusIsServiceEnabled, we can use
	this method to get if the service is supported.

	In one case, if org.freedesktop.machine1 is unavailable on
	host, we should skip creating machine through systemd.

2013-09-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: introduce lxcContainerUnmountForSharedRoot
	Move the unmounting private or useless filesystems for
	container to this function.

	LXC: umount the temporary filesystem created by libvirt
	The devpts, dev and fuse filesystems are mounted temporarily.
	there is no need to export them to container if container shares
	the root directory with host.

2013-09-11  Ján Tomko  <jtomko@redhat.com>

	Add test for the nodemask double free crash
	Commit ef5d51d fixed a crash for numatune with auto placement and
	nodeset specified:
	<numatune>
	    <memory mode='preferred' placement='auto' nodeset='0'/>
	</numatune>

2013-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Update docs about user namespace for LXC
	Mention that user namespace can be enabled using the UID/GID
	mapping schema.

	Fix typo in link anchor for container args in domain XML docs.

2013-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroups when all are mounted on /sys/fs/cgroup
	Some users in Ubuntu/Debian seem to have a setup where all the
	cgroup controllers are mounted on /sys/fs/cgroup rather than
	any /sys/fs/cgroup/<controller> name. In the loop which detects
	which controllers are present for a mount point we were modifying
	'mnt_dir' field in the 'struct mntent' var, but not always restoring
	the original value. This caused detection to break in the all-in-one
	mount setup.

	Fix that logic bug and add test case coverage for this mount
	setup.

2013-09-11  Liuji (Jeremy)  <jeremy.liu@huawei.com>

	virDomainDefParseXML: set the argument of virBitmapFree to NULL after calling virBitmapFree
	After freeing the bitmap pointer, it must set the pointer to NULL.
	This will avoid any other use of the freed memory of the bitmap pointer.

	https://bugzilla.redhat.com/show_bug.cgi?id=1006710

2013-09-11  Oskari Saarenmaa  <os@ohmu.fi>

	docs, comments: minor typo fixes

2013-09-10  Eric Blake  <eblake@redhat.com>

	build: fix regression in requiring yajl for new enough qemu
	Jonathan Lebon reported an issue to me off-list about his build
	failing to use qemu because he failed to install yajl-devel.  But
	I recalled specifically tweaking configure.ac to die in that
	situation (commits 350583c, ba9c38b).  After a bit more
	head-scratching, we found the cause of the regression: commit
	654c709 rearranged things so that the qemu version check now
	occurs before AC_ARG_WITH has had a chance to set either
	$with_qemu or $with_yajl.

	Coincidentally, this fix aligns with a documentation patch that
	was just posted to the autoconf mailing list :)
	http://thread.gmane.org/gmane.comp.sysutils.autoconf.patches/8324

	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_LIB_ALT)
	(LIBVIRT_CHECK_PKG): Populate defaults earlier.
	* configure.ac (AC_ARG_WITH): Likewise for drivers.

2013-09-09  Eric Blake  <eblake@redhat.com>

	build: avoid obsolete AC_HELP_STRING
	Autoconf states that AC_HELP_STRING is obsolete, and that new
	programs should use AS_HELP_STRING.  We also had instances of
	not properly quoting the macro usage, and not relying on autoconf's
	word-wrapping abilities to avoid long lines.  I validated that this
	commit has no impact to the generated configure file.

	* configure.ac (AC_ARG_WITH, AC_ARG_ENABLE): Autoconf recommends
	the use of AS_HELP_STRING.  Also, use proper quoting and wrap long
	lines.
	* m4/virt-apparmor.m4 (LIBVIRT_CHECK_APPARMOR): Likewise.
	* m4/virt-selinux.m4 (LIBVIRT_CHECK_SELINUX): Likewise.

2013-09-09  Eric Blake  <eblake@redhat.com>

	qemu: endjob returns a bool
	Osier Yang pointed out that ever since commit 31cb030, the
	signature of qemuDomainObjEndJob was changed to return a bool.
	While comparison against 0 or > 0 still gives the right results,
	it looks fishy; we also had one place that was comparing < 0
	which is effectively dead code.

	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Fix dead
	code bug.
	(qemuMigrationBegin): Use more canonical form of bool check.
	* src/qemu/qemu_driver.c (qemuAutostartDomain)
	(qemuDomainCreateXML, qemuDomainSuspend, qemuDomainResume)
	(qemuDomainShutdownFlags, qemuDomainReboot, qemuDomainReset)
	(qemuDomainDestroyFlags, qemuDomainSetMemoryFlags)
	(qemuDomainSetMemoryStatsPeriod, qemuDomainInjectNMI)
	(qemuDomainSendKey, qemuDomainGetInfo, qemuDomainScreenshot)
	(qemuDomainSetVcpusFlags, qemuDomainGetVcpusFlags)
	(qemuDomainRestoreFlags, qemuDomainGetXMLDesc)
	(qemuDomainCreateWithFlags, qemuDomainAttachDeviceFlags)
	(qemuDomainUpdateDeviceFlags, qemuDomainDetachDeviceFlags)
	(qemuDomainBlockResize, qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags, qemuDomainMemoryStats)
	(qemuDomainMemoryPeek, qemuDomainGetBlockInfo)
	(qemuDomainAbortJob, qemuDomainMigrateSetMaxDowntime)
	(qemuDomainMigrateGetCompressionCache)
	(qemuDomainMigrateSetCompressionCache)
	(qemuDomainMigrateSetMaxSpeed)
	(qemuDomainSnapshotCreateActiveInternal)
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotDelete)
	(qemuDomainQemuMonitorCommand, qemuDomainQemuAttach)
	(qemuDomainBlockJobImpl, qemuDomainBlockCopy)
	(qemuDomainBlockCommit, qemuDomainOpenGraphics)
	(qemuDomainGetBlockIoTune, qemuDomainGetDiskErrors)
	(qemuDomainPMSuspendForDuration, qemuDomainPMWakeup)
	(qemuDomainQemuAgentCommand, qemuDomainFSTrim): Likewise.

2013-09-09  Eric Blake  <eblake@redhat.com>

	build: use automake subdir-objects
	Automake 2.0 will enable subdir-objects by default; in preparation
	for that change, automake 1.14 outputs LOADS of warnings:

	daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
	daemon/Makefile.am:38: but option 'subdir-objects' is disabled
	automake-1.14: warning: possible forward-incompatibility.
	automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
	automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
	automake-1.14: object file(s) will be placed in the top-level directory.  However,
	automake-1.14: this behaviour will change in future Automake versions: they will
	automake-1.14: unconditionally cause object files to be placed in the same subdirectory
	automake-1.14: of the corresponding sources.
	automake-1.14: You are advised to start using 'subdir-objects' option throughout your
	automake-1.14: project, to avoid future incompatibilities.
	daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
	daemon/Makefile.am:38: but option 'subdir-objects' is disabled
	...

	As automake 1.9 also supported this option, and the previous patches
	fixed up the code base to work with it, it is safe to now turn it on
	unconditionally.

	* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
	* .gitignore: Ignore .dirstamp directories.
	* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
	new subdir-object location of .lo files.

2013-09-09  Eric Blake  <eblake@redhat.com>

	tests: check remaining .x files
	We have been adding new .x files without keeping the list of
	*-structs files up-to-date.  This adds the support for the
	recent additions.

	In the process of testing this, I also noticed that Fedora 19's
	use of dwarves-1.10 (providing pdwtags version 1.9) was producing
	a single line on stderr but still giving enough useful info on
	stdout that we could check structs; the real goal of checking
	stderr separately from stdout was to avoid the bug in dwarves-1.9
	where stdout was empty (see bug http://bugzilla.redhat.com/772358).

	* src/Makefile.am (struct_prefix, PROTOCOL_STRUCTS): Add missing
	struct tests.
	(PDWTAGS): Work with Fedora 19 pdwtags.
	(lxc_monitor_protocol-struct, lock_protocol-struct): New rules.
	* src/lxc_monitor_protocol-structs: New file.
	* src/lock_protocol-structs): Likewise.
	* cfg.mk (generated_files): Enlarge list.

2013-09-09  Eric Blake  <eblake@redhat.com>

	build: use library rather than cross-directory compilation
	If we use subdir-objects with automake, any reference to a
	cross-directory .c file will result in automake creating
	rules that track dependency in the cross directory.  But this
	presents a problem during 'make distclean' - if the cross
	directory is cleaned up first, then the daemon directory will
	be left with dangling references to .Po dependency files that
	no longer exist.

	Meanwhile, referring to the cross-directory .c file means
	that we are compiling the file twice - once in src, and once
	in daemon.  Better is to compile just once in src into a
	convenience library, and then use that library from daemon.

	The tests directory had a similar situation of a cross-directory
	.c file; to solve that, we actually need a convenience library.

	* daemon/Makefile.am (DAEMON_SOURCES): Drop .c files...
	(libvirtd_LDADD): ...and instead use library.
	(libvirtd_conf_la_SOURCES): Declare a new convenience library.
	(libvirtd_LDFLAGS): Drop duplicate flag.
	* tests/Makefile.am (libvirtdconftest_SOURCES): Drop .c file...
	(libvirtdconftest_LDADD): ..and instead use library.

2013-09-09  Eric Blake  <eblake@redhat.com>

	build: avoid $(srcdir) in *_SOURCES
	Trying to enable automake's subdir-objects option resulted in
	the creation of literal directories such as src/$(srcdir)/remote/.
	I traced this to the fact that we had used a literal $(srcdir)
	in a location that later fed an automake *_SOURCES variable.
	This has also been reported as an automake bug:
	http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13928
	but it's better to fix our code than to wait for an automake fix.

	Some things to remember that affect VPATH builds, and where an
	in-tree build is blissfully unaware of the issues: if a VPATH
	build fails to find a file that was used as a prereq of any
	other target, then the rule for that file will expand $@ to
	prefer the current build dir (bad because a VPATH build on a
	fresh checkout will then stick $@ in the current directory
	instead of the desired srcdir); conversely, if a VPATH build
	finds the file in srcdir but decides it needs to be rebuilt,
	then the rule for that file will expand $@ to include the
	directory where it was found out-of-date (bad for an explicit
	listing of $(srcdir)/$@ because an incremental VPATH build will
	then expand srcdir twice).  As we want these files to go into
	srcdir unconditionally, we have to massage or avoid $@ for any
	recipe that involves one of these files.

	Therefore, this patch removes all uses of $(srcdir) from any
	generated file name that later feeds a *_SOURCES variable, and
	then rewrites all the recipes to generate those files to
	hard-code their creation into srcdir without the use of $@.

	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Drop $(srcdir); VPATH
	builds know how to find the files, and automake subdir-objects
	fails with it in place.
	(LXC_MONITOR_PROTOCOL_GENERATED, (LXC_MONITOR_GENERATED)
	(ACCESS_DRIVER_GENERATED, LOCK_PROTOCOL_GENERATED): Likewise.
	(*_client_bodies.h): Hard-code rules to write into srcdir, as
	VPATH tries to build $@ locally if missing.
	(util/virkeymaps.h): Likewise.
	(lxc/lxc_monitor_dispatch.h): Likewise.
	(access/viraccessapi*): Likewise.
	(locking/lock_daemon_dispatch_stubs.h): Likewise.
	* daemon/Makeflie.am (DAEMON_GENERATED, remote_dispatch.h):
	Likewise.


	fixup DAEMON_GENERATED

2013-09-09  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Cleanup ppcCompute to avoid memory leak
	This patch is to Cleanup ppcCompute to avoid memory leak to make
	the code better.

2013-09-09  Eric Blake  <eblake@redhat.com>

	qemu: don't leak vm on failure
	Failure to attach to a domain during 'virsh qemu-attach' left
	the list of domains in an odd state:

	$ virsh qemu-attach 4176
	error: An error occurred, but the cause is unknown

	$ virsh list --all
	 Id    Name                           State
	----------------------------------------------------
	 2     foo                            shut off

	$ virsh qemu-attach 4176
	error: Requested operation is not valid: domain is already active as 'foo'

	$ virsh undefine foo
	error: Failed to undefine domain foo
	error: Requested operation is not valid: cannot undefine transient domain

	$ virsh shutdown foo
	error: Failed to shutdown domain foo
	error: invalid argument: monitor must not be NULL

	It all stems from leaving the list of domains unmodified on
	the initial failure; we should follow the lead of createXML
	which removes vm on failure (the actual initial failure still
	needs to be fixed in a later patch, but at least this patch
	gets us to the point where we aren't getting stuck with an
	unremovable "shut off" transient domain).

	While investigating, I also found a leak in qemuDomainCreateXML;
	the two functions should behave similarly.  Note that there are
	still two unusual paths: if dom is not allocated, the user will
	see an OOM error even though the vm remains registered (but oom
	errors already indicate tricky cleanup); and if the vm starts
	and then quits again all before the job ends, it is possible
	to return a non-NULL dom even though the dom will no longer be
	useful for anything (but this at least lets the user know their
	short-lived vm ran).

	* src/qemu/qemu_driver.c (qemuDomainCreateXML): Don't leak vm on
	failure to obtain job.
	(qemuDomainQemuAttach): Match cleanup of qemuDomainCreateXML.

2013-09-09  Yogesh Tillu  <tillu.yogesh@gmail.com>

	Add ARM v7 big-endian architecture (armv7b)
	ARM v7 can operate in either little or big endian modes. Add
	support for the big-endian version known as armv7b from uname.

2013-09-09  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	qemu: avoid users specifying CPU features for non-x86 plaftorm.
	Currently, only X86 provides users CPU features with CPUID instruction.
	If users specify the features for non-x86, it should tell users to
	remove them.

	This patch is to report one error if features are specified by
	users for non-x86 platform.

2013-09-09  Hongwei Bi  <hwbi2008@gmail.com>

	LXC: Free variable vroot in lxcDomainDetachDeviceHostdevUSBLive()
	The variable vroot should be freed in label cleanup.

2013-09-06  Eric Blake  <eblake@redhat.com>

	qemu: don't leave shutdown inhibited on attach failure
	While debugging a failure of 'virsh qemu-attach', I noticed that
	we were leaking the count of active domains on failure.  This
	means that a libvirtd session that is supposed to quit after
	active domains disappear will hang around forever.

	* src/qemu/qemu_process.c (qemuProcessAttach): Undo count of
	active domains on failure.

2013-09-06  Eric Blake  <eblake@redhat.com>

	qemu: recognize -machine accel=kvm when parsing native
	In Fedora 19, 'qemu-kvm' is a simple wrapper that calls
	'qemu-system-x86_64 -machine accel=kvm'.  Attempting
	to use 'virsh qemu-attach $pid' to a machine started as:

	qemu-kvm -cdrom /var/lib/libvirt/images/foo.img \
	 -monitor unix:/tmp/demo,server,nowait -name foo \
	 --uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea

	was failing with:
	error: XML error: No PCI buses available

	because we did not see 'kvm' in the executable name read from
	/proc/$pid/cmdline, and tried to assign os.machine as
	"accel=kvm" instead of "pc"; this in turn led to refusal to
	recognize the pci bus.

	Noticed while investigating https://bugzilla.redhat.com/995312
	although there are still other issues to fix before that bug
	will be completely solved.

	I've concluded that the existing parser code for native-to-xml
	is a horrendous hodge-podge of ad-hoc approaches; I basically
	rewrote the -machine section to be a bit saner.

	* src/qemu/qemu_command.c (qemuParseCommandLine): Don't assume
	-machine argument is always appropriate for os.machine; set
	virtType if accel is present.

2013-09-06  Eric Blake  <eblake@redhat.com>

	qemu: only parse basename when determining emulator properties
	'virsh domxml-from-native' and 'virsh qemu-attach' could misbehave
	for an emulator installed in (a somewhat unlikely) location
	such as /usr/local/qemu-1.6/qemu-system-x86_64 or (an even less
	likely) /opt/notxen/qemu-system-x86_64.  Limit the strstr seach
	to just the basename of the file where we are assuming details
	about the binary based on its name.

	While testing, I accidentally triggered a core dump during strcmp
	when I forgot to set os.type on one of my code paths; this patch
	changes such a coding error to raise a nicer internal error instead.

	* src/qemu/qemu_command.c (qemuParseCommandLine): Compute basename
	earlier.
	* src/conf/domain_conf.c (virDomainDefPostParseInternal): Avoid
	NULL deref.

2013-09-06  Chen Hanxiao  <chenhanxiao@cn.fujitsu.com>

	LXC: fix typos in lxc_container.c
	Fix docs and error message typos in lxc_container.c

2013-09-06  Alex Jia  <ajia@redhat.com>

	Docs: fix a typo in virt-login-shell.pod

2013-09-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: Compile regular expression where it is used
	The regular expression used to determine guest capabilities
	was compiled in libxlCapsInitHost() but used in libxlCapsInitGuests().
	Move compilation to libxlCapsInitGuests() where it is used, and free
	the compiled regex after use.  Ensure not to free the regex if
	compilation fails.

2013-09-05  Jim Fehlig  <jfehlig@suse.com>

	Don't call regfree() if regcomp() fails
	POSIX states that the preg parameter to regcomp() is undefined on
	failure, so no need to call regfree() in these cases.

	http://pubs.opengroup.org/onlinepubs/009695399/functions/regcomp.html

	See also a discussion on the libvirt dev list

	https://www.redhat.com/archives/libvir-list/2013-September/msg00262.html

2013-09-05  Eric Blake  <eblake@redhat.com>

	spec: make client-only testing easier
	Several recent patches cleaned up 'make rpm' for the situation
	when client_only is true; these were done by manual spec file
	editing (since it's relatively hard to come by a RHEL 5 s390
	box).  Make it easier to do in the future via a simpler command
	line override.

	* libvirt.spec.in (client_only): Allow for override.

2013-09-05  Eric Blake  <eblake@redhat.com>

	build: shut up automake warnings
	I'm tired of seeing screenfuls of messages like these when using
	automake 1.13 (Fedora 19):

	configure.ac:2121: warning: The 'AM_PROG_MKDIR_P' macro is deprecated, and its use is discouraged.
	configure.ac:2121: You should use the Autoconf-provided 'AC_PROG_MKDIR_P' macro instead,
	configure.ac:2121: and use '$(MKDIR_P)' instead of '$(mkdir_p)'in your Makefile.am files.
	daemon/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')

	seeing as how we MUST use those constructs for the benefit of
	automake 1.9 (RHEL 5).  Conversely, RHEL 5 automake complained:

	aclocal:configure.ac:36: warning: macro `AM_SILENT_RULES' not found in library

	Obviously, I tested this patch on both Fedora 19 and RHEL 5.

	* configure.ac (AM_INIT_AUTOMAKE): Avoid obsoletion warnings.
	(AM_SILENT_RULES): Avoid unknown macro warning.

2013-09-05  Ján Tomko  <jtomko@redhat.com>

	Fix a typo in network XML docs

	Change 'shortforward' to bool.

2013-09-05  Ján Tomko  <jtomko@redhat.com>

	Add '<nat>' element to '<forward>' network schemas
	Commits 905629f4 and 1716e7a6 have added support for specifying
	an IPv4 range and a port range to be used by NAT:
	<forward mode='nat'>
	  <nat>
	    <address start='10.20.30.40' end='10.20.30.44'/>
	    <port start='60000' end='65432'/>
	  </nat>
	</forward>

	https://bugzilla.redhat.com/show_bug.cgi?id=1004364

2013-09-05  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Add cpu test cases for PPC CPU driver.
	This patch is to add cpu test casses for PPC CPU driver.

2013-09-05  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Implement guestData and update for PPC
	On Power platform, Power7+ can support Power7 guest.
	It needs to define XML configuration to specify guest's CPU model.

	For exmaple:
	  <cpu match='exact'>
	    <model>POWER7_v2.1</model>
	    <vendor>IBM</vendor>
	  </cpu>

2013-09-05  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	qemu: Remove CPU features functions calling for non-x86 platform.
	CPU features are not supported on non-x86 and hasFeatures will be NULL.

	This patch is to remove CPU features functions calling to avoid errors.

2013-09-05  Ian Main  <imain@redhat.com>

	Use loop-control to allocate loop device.
	This patch changes virFileLoopDeviceOpen() to use the new loop-control
	device to allocate a new loop device.  If this behavior is unsupported
	we fall back to the previous method of searching /dev for a free device.

	With this patch you can start as many image based LXC domains as you
	like (well almost).

	Fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=995543

2013-09-05  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Don't mount securityfs when user namespace enabled
	Right now, securityfs is disallowed to be mounted in non-initial
	user namespace, so we must avoid trying to mount securityfs in
	a container which has user namespace enabled.

2013-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Stop calling virAllocN directly from ESX code
	The ESX code has a method esxVI_Alloc which would call
	virAllocN directly, instead of using the VIR_ALLOC_N
	macro. Remove this method and make the callers just
	use VIR_ALLOC as is normal practice.

2013-09-05  Liuji (Jeremy)  <jeremy.liu@huawei.com>

	virDomainDeviceIsUSB: Drop check for USB controller
	Delete the USB controller check from the USB Device checklist in
	virDomainDeviceIsUSB as USB controller is a PCI device rather than
	a USB one.

2013-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Ensure 'arch' is always set in cpuArchNodeData
	The s390, ppc and arm CPU drivers never set the 'arch' field
	in their impl of cpuArchNodeData. This leads to error messages
	being reported from cpuDataFree later, due to trying to use
	VIR_ARCH_NONE.

	 #0  virRaiseErrorFull (filename=filename@entry=0x76f94434 "cpu/cpu.c", funcname=funcname@entry=0x76f942dc <__FUNCTION__.18096> "cpuGetSubDriver", linenr=linenr@entry=58,
	     domain=domain@entry=31, code=code@entry=1, level=level@entry=VIR_ERR_ERROR, str1=0x76f70e18 "internal error: %s",
	     str2=str2@entry=0x7155f2ec "undefined hardware architecture", str3=str3@entry=0x0, int1=int1@entry=-1, int2=int2@entry=-1, fmt=0x76f70e18 "internal error: %s")
	     at util/virerror.c:646
	 #1  0x76e682ea in virReportErrorHelper (domcode=domcode@entry=31, errorcode=errorcode@entry=1, filename=0x76f94434 "cpu/cpu.c",
	     funcname=0x76f942dc <__FUNCTION__.18096> "cpuGetSubDriver", linenr=linenr@entry=58, fmt=0x76f7e7e4 "%s") at util/virerror.c:1292
	 #2  0x76ed82d4 in cpuGetSubDriver (arch=<optimized out>) at cpu/cpu.c:57
	 #3  cpuGetSubDriver (arch=VIR_ARCH_NONE) at cpu/cpu.c:51
	 #4  0x76ed8818 in cpuDataFree (data=data@entry=0x70c22d78) at cpu/cpu.c:216
	 #5  0x716aaec0 in virQEMUCapsInitCPU (arch=VIR_ARCH_ARMV7L, caps=0x70c29a08) at qemu/qemu_capabilities.c:867

2013-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Stop free'ing 'const char *' strings
	The VIR_FREE() macro will cast away any const-ness. This masked a
	number of places where we passed a 'const char *' string to
	VIR_FREE. Fortunately in all of these cases, the variable was not
	in fact const data, but a heap allocated string. Fix all the
	variable declarations to reflect this.

2013-09-05  Eric Blake  <eblake@redhat.com>

	qemu: simplify list cleanup
	No need to open code now that we have a nice function.

	Interestingly, our virStringFreeList function is typed correctly
	(a malloc'd list of malloc'd strings is NOT const, whether at the
	point where it is created, or at the point where it is cleand up),
	so using it with a 'const char **' argument would require a cast
	to keep the compiler.  I chose instead to remove const from code
	even where we don't modify the argument, just to avoid the need
	to cast.

	* src/qemu/qemu_command.h (qemuParseCommandLine): Drop declaration.
	* src/qemu/qemu_command.c (qemuParseProcFileStrings)
	(qemuStringToArgvEnv): Don't force malloc'd result to be const.
	(qemuParseCommandLinePid, qemuParseCommandLineString): Simplify
	cleanup.
	(qemuParseCommandLine, qemuFindEnv): Drop const-correctness to
	avoid the need to cast in callers.

2013-09-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't deref NULL actual network in virDomainNetGetActualHostdev()
	In commit 991270db99690 I've used virDomainNetGetActualHostdev() to get
	the actual hostdev from a network when removing the network from the
	list to avoid leaving the hostdev in the list. I didn't notice that this
	function doesn't check if the actual network is allocated and
	dereferences it. This crashes the daemon when cleaning up a domain
	object in early startup phases when the actual network definition isn't
	allocated. When the actual definition isn't present, the hostdev that
	might correspond to it won't be present anyways so it's safe to return
	NULL.

	Thanks to Cole Robinson for noticing this problem.

2013-09-05  Jim Fehlig  <jfehlig@suse.com>

	libxl: Unconditionally call virSysinfoRead() on driver init
	No need to check if privileged when reading hostsysinfo, since
	that check was already done in libxlDriverShouldLoad().  The
	libxl driver fails to load if not privileged.

	libxl: Check for regcomp failure
	Change libxlGetAutoballoonConf() function to return an int
	for success/failure, and fail if regcomp fails.

2013-09-05  Eric Blake  <eblake@redhat.com>

	virsh: fix build on mingw, which lacks termios stuff
	Recent patches to fix handling of Ctrl-C when interacting with
	ssh are not portable to mingw, which lacks termios handling.
	The simplest solution is to just compile that code out, and
	if someone ever appears that has a serious interest in getting
	virsh fully functional even with ssh connections, they can
	provide patches at that time.

	* tools/virsh.h (_vshControl): Make termattr conditional.
	* tools/virsh.c (vshTTYIsInterruptCharacter)
	(vshTTYDisableInterrupt, vshTTYRestore, cfmakeraw, vshTTYMakeRaw)
	(main): Likewise.

2013-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix Coverity warning
	John Ferlan reported the following Coverity warning:

	In libxlDomainCoreDump() Coverity has noted a FORWARD_NULL reference:

	2004 	    if ((flags & VIR_DUMP_CRASH) && !vm->persistent) {
	2005 	        virDomainObjListRemove(driver->domains, vm);

	(20) Event assign_zero: 	Assigning: "vm" = "NULL".
	Also see events: 	[var_deref_model]

	2006 	        vm = NULL;
	2007 	    }
	2008
	2009 	    ret = 0;
	2010
	2011 	cleanup_unpause:

	(21) Event var_deref_model: 	Passing null pointer "vm" to function
	     "virDomainObjIsActive(virDomainObjPtr)", which dereferences it. [details]
	Also see events: 	[assign_zero]

	2012 	    if (virDomainObjIsActive(vm) && paused) {
	2013 	        if (libxl_domain_unpause(priv->ctx, dom->id) != 0) {
	2014 	            virReportError(VIR_ERR_INTERNAL_ERROR,

	Removing the vm from domain obj list and setting it to NULL can be
	done in the previous 'if (flags & VIR_DUMP_CRASH)' conditional.  Fix
	the Coverity warning by ensuring vm is not NULL before testing if it
	is still active.

2013-09-04  Eric Blake  <eblake@redhat.com>

	spec: default vbox according to libvirtd build
	Commit ba5f3c7 moved virtualBox support into libvirtd, but the spec
	file was still unconditionally requesting it even when not building
	the server side.  Thankfully there were no ill effects for a
	client_only build, as most uses of %{with_vbox} were guarded by
	%{with_libvirtd}; but we might as well avoid confusion by more
	closely matching the makefile.

	* libvirt.spec.in (with_vbox): Hoist to server conditionals.

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: avoid stranded polkit file in client-only build
	daemon/Makefile.am installs a .policy file if WITH_LIBVIRTD and
	WITH_POLKIT are both set.  src/Makefile.am, on the other hand,
	installs a .policy file if WITH_POLKIT1 is set, but without checking
	WITH_LIBVIRTD.  When running 'make rpm' with client_only manually
	set, on a Fedora 19 box, that leads to a failure:

	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/share/polkit-1/actions/org.libvirt.api.policy

	Fix it by adding another conditional.

	* src/Makefile.am (polkitaction_DATA): Make conditional.

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: only install nwfilter examples when building nwfilter
	'make rpm' with client_local set to 1 (by manual modification,
	or with RHEL 5 on s390) warns:

	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /etc/libvirt/nwfilter/allow-arp.xml
	   /etc/libvirt/nwfilter/allow-dhcp-server.xml
	   /etc/libvirt/nwfilter/allow-dhcp.xml
	   /etc/libvirt/nwfilter/allow-incoming-ipv4.xml
	   /etc/libvirt/nwfilter/allow-ipv4.xml
	   /etc/libvirt/nwfilter/clean-traffic.xml
	   /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml
	   /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml
	   /etc/libvirt/nwfilter/no-arp-spoofing.xml
	   /etc/libvirt/nwfilter/no-ip-multicast.xml
	   /etc/libvirt/nwfilter/no-ip-spoofing.xml
	   /etc/libvirt/nwfilter/no-mac-broadcast.xml
	   /etc/libvirt/nwfilter/no-mac-spoofing.xml
	   /etc/libvirt/nwfilter/no-other-l2-traffic.xml
	   /etc/libvirt/nwfilter/no-other-rarp-traffic.xml
	   /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml
	   /etc/libvirt/nwfilter/qemu-announce-self.xml
	   /usr/share/polkit-1/actions/org.libvirt.api.policy

	The bulk of these are fixed with this patch.

	* examples/xml/nwfilter/Makefile.am (install-data-local)
	(uninstall-local): Make conditional.

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: only run fdstreamtest when libvirtd is built
	An rpm build with client_only set to 1 (for example, RHEL 5 on
	s390, or by modifying libvirt.spec.in) failed with

	TEST: fdstreamtest
	 1) Stream read blocking                                              ... OK
	 2) Stream read non-blocking                                          ... Unexpected EOF block 0 want 128
	FAILED
	 3) Stream write blocking                                             ... OK
	 4) Stream write non-blocking                                         ... Failed to finish stream: internal error: libvirt:  error : cannot execute binary /home/eblake/rpmbuild/BUILD/libvirt-1.1.1/tests/../src/libvirt_iohelper: No such file or directory

	Since the test depends on something that was only built for
	WITH_LIBVIRTD (see src/Makefile.am), we must do the same for
	the test.

	* tests/Makefile.am (test_programs): Make fdstreamtest conditional.

2013-09-04  Eric Blake  <eblake@redhat.com>

	spec: fix rpm build when lxc disabled
	'make rpm' failed if ~/.rpmmacros contains '%_without_lxc 1',
	which simulates the case of not having lxc available.

	RPM build errors:
	    File not found: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/etc/libvirt/virt-login-shell.conf
	    File not found by glob: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/usr/share/man/man1/virt-login-shell.1*
	    File not found: /home/eblake/rpmbuild/BUILDROOT/libvirt-1.1.1-1.fc19.x86_64/usr/bin/virt-login-shell
	make: *** [rpm] Error 1

	Reported by Dan Berrange.

	* libvirt.spec.in: Mark virt-login-shell as conditional on lxc.

2013-09-04  Doug Goldstein  <cardoe@cardoe.com>

	virGet{User,Group}Ent() don't say success on fail
	When virGetUserEnt() and virGetGroupEnt() fail due to the uid or gid not
	existing on the machine they'll print a message like:

	$ virsh -c vbox:///session list
	error: failed to connect to the hypervisor
	error: Failed to find user record for uid '32655': Success

	The success at the end is a bit confusing. This changes it to:

	$ virsh -c vbox:///session list
	error: failed to connect to the hypervisor
	error: Failed to find user record for uid '32655'

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: enforce makefile conditional style
	Automake has builtin support to prevent botched conditional nesting,
	but only if you use:
	if FOO
	else !FOO
	endif !FOO

	An example error message when using the wrong name:

	daemon/Makefile.am:378: error: else reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE
	daemon/Makefile.am:381: error: endif reminder (LIBVIRT_INIT_SCRIPT_SYSTEMD_TRUE) incompatible with current conditional: LIBVIRT_INIT_SCRIPT_SYSTEMD_FALSE

	As our makefiles tend to have quite a bit of nested conditionals,
	it's better to take advantage of the benefits of the build system
	double-checking that our conditionals are well-nested, but that
	requires a syntax check to enforce our usage style.

	Alas, unlike C preprocessor and spec files, we can't use indentation
	to make it easier to see how deeply nesting goes.

	* cfg.mk (sc_makefile_conditionals): New rule.
	* daemon/Makefile.am: Enforce the style.
	* gnulib/tests/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.

2013-09-04  Martin Kletzander  <mkletzan@redhat.com>

	docs: Add OpenStack into references

2013-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't call VIR_ALLOC on def->uuid in parallels storage driver
	The 'uuid' field in virDomainDefPtr is not a pointer, it is a
	fixed length array. Calling VIR_ALLOC on it is thus wrong and
	leaks memory.

	Add missing 'libvirt_lxc_api' variable in pkg-config file
	The 'libvirt_lxc_api' variable is intended to allow apps to
	query the location of the API XML file for libvirt_lxc.so

2013-09-04  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	Fix coding style issues in daemon/remote.c
	Fixes for argument layouts of various functions in daemon/remote.c

2013-09-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove the actual hostdev when removing a network
	Commit 50348e6edfa reused the code to remove the hostdev portion of a
	network definition on multiple places but forgot to take into account
	that sometimes the "actual" network is passed and in some cases the
	parent of that.

	This patch uses the virDomainNetGetActualHostdev() helper to acquire the
	correct pointer all the time while removing the hostdev portion from the
	list.

2013-09-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make domain renaming work during migration
	https://bugzilla.redhat.com/show_bug.cgi?id=999352

	Since commit v1.0.5-56-g449e6b1 (Pull parsing of migration xml up into
	QEMU driver APIs) any attempt to rename a domain during migration fails
	with the following error message:

	    internal error Incoming cookie data had unexpected name DOM vs DOM2

	This is because migration cookies always use the original domain name
	and the mentioned commit failed to propagate the name back to
	qemuMigrationPrepareAny.

2013-09-04  Michal Privoznik  <mprivozn@redhat.com>

	virFileNBDDeviceAssociate: Avoid use of uninitialized variable
	The @qemunbd variable can be used uninitialized.

	AppArmorSetSecurityImageLabel: Avoid use of uninitialized variable
	The @profile_name variable can be used uninitialized.

2013-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Use standard format for source file copyright notice
	Change source file copyright notice to prevailing libvirt style.

	libxl: Add libxlDomObjFromDomain
	Similar to the QEMU and LXC drivers, add a helper function to
	lookup a domain, and use it instead of much copy and paste.

	libxl: Remove unnecessary driver locking
	Now that most fields of libxlDriverPrivate struct are immutable
	or self-locking, there is no need to acquire the driver lock in
	much of the libxl driver.

	libxl: Move driver lock/unlock to libxl_conf
	Move the libxl driver lock/unlock functions from libxl_driver.c
	to libxl_conf.h so they can be used by other source files.

	libxl: Add comments to libxlDriverPrivate fields
	Similar to the QEMU and LXC drivers, annotate the fields of
	libxlDriverPrivate struct to indicate the locking rules for
	their use.

	libxl: Use atomic ops for driver->nactive

	libxl: Introduce libxlDriverConfig object
	The libxlDriverPrivate struct contains an variety of data with
	varying access needs. Similar to the QEMU and LXC drivers,
	move all the static config data into a dedicated libxlDriverConfig
	object. The only locking requirement is to hold the driver lock
	while obtaining an instance of libxlDriverConfig. Once a reference
	is held on the config object, it can be used completely lockless
	since it is immutable.

	libxl: User per-domain ctx in libxlDomainGetInfo
	libxlDomainGetInfo() uses the driver-wide libxl ctx when
	it would be more appropriate to use the per-domain ctx
	associated with the domain.  Switch to using the per-domain
	libxl ctx.

	libxl: libxl: Use per-domain ctx in libxlMakeDomCreateInfo
	libxlMakeDomCreateInfo() uses the driver-wide libxl ctx when
	it would be more appropriate to use the per-domain ctx
	associated with the domain.  Switch to using the per-domain
	libxl ctx.

	libxl: Add libxl_version_info to libxlDriverPrivate
	libxl version info is static data as far as the libxl driver
	is concerned, so retrieve this info when the driver is initialized
	and stash it in the libxlDriverPrivate object.  Subsequently use
	the stashed info instead of repeatedly calling libxl_get_version_info().

2013-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Earlier detection of not running on Xen
	Detect early on in libxl driver initialization if the driver
	should be loaded at all, avoiding needless initialization steps
	that only have to be undone later.  While at it, move the
	detection to a helper function to improve readability.

	After detecting that the driver should be loaded, subsequent
	failures such as initializing the log stream, allocating libxl
	ctx, etc. should be treated as failure to initialize the driver.

2013-09-04  Jim Fehlig  <jfehlig@suse.com>

	libxl: Introduce libxl_domain.[ch]
	Create libxl_domain.[ch] and move all functions operating on
	libxlDomainObjPrivate to these files.  This will be useful for
	future patches that e.g. add job support for libxlDomainObjPrivate.

	libxl: Move detection of autoballoon to libxl_conf
	Detecting whether or not to autoballoon is configuration related,
	so move the code to libxl_conf.

2013-09-04  Eric Blake  <eblake@redhat.com>

	build: fix typo that broke 'make dist'
	Bug introduced in commit 5c6ff42; 'make dist' fails:

	make[3]: Entering directory `/home/eblake/libvirt-tmp/build3/examples/python'
	make[3]: *** No rule to make target `topoology.py', needed by `distdir'.  Stop.
	make[3]: Leaving directory `/home/eblake/libvirt-tmp/build3/examples/python'

	* examples/python/Makefile.am (EXTRA_DIST): Spell topology right.

2013-09-03  John Ferlan  <jferlan@redhat.com>

	esx_driver: Resolve Coverity RESOURCE_LEAK on error paths
	New Coverity release found a couple of error paths where memory would be
	leaked in an error/goto path before being properly handled.

	esx_vi: Resolve Coverity RESOURCE_LEAK in error path
	New coverity installation determined that the muliple if condition for
	"*Alloc" and "*AppendToList" could fail during AppendToList thus leaking
	memory.

2013-09-03  Michal Privoznik  <mprivozn@redhat.com>

	test_virtlockd.aug.in: Use the correct file
	The test should refer to Virtlockd.lns, which is the name of
	the module + lens in virtlockd.aug.

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	examples: Add script to parse topology from capabilities output
	Add a demo script originally written by Amador Pahim to parse topology
	of the host from data provided in the capabilities XML.

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	virsh-console: Avoid using signal() in multithreaded application
	Man page for signal states:

	 "The effects of signal() in a multithreaded process are unspecified."

	Switch signal() to sigaction in virsh console code.

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Rename vshMakeStdinRaw to vshTTYMakeRaw and move it to virsh.c
	Move the function to virsh.c to the rest of the TTY managing functions
	and change the code so that it mirrors the rest.

	tools: rename console.[ch] to virsh-console.[ch] and fix coding style

2013-09-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Handle huge number of queues correctly
	Currently, kernel supports up to 8 queues for a multiqueue tap device.
	However, if user tries to enter a huge number (e.g. one million) the tap
	allocation fails, as expected. But what is not expected is the log full
	of warnings:

	    warning : virFileClose:83 : Tried to close invalid fd 0

	The problem is, upon error we iterate over an array of FDs (handlers to
	queues) and VIR_FORCE_CLOSE() over each item. However, the array is
	pre-filled with zeros. Hence, we repeatedly close stdin. Ouch.
	But there's more. The queues allocation is done in virNetDevTapCreate()
	which cleans up the FDs in case of error. Then, its caller, the
	virNetDevTapCreateInBridgePort() iterates over the FD array and tries to
	close them too. And so does qemuNetworkIfaceConnect() and
	qemuBuildInterfaceCommandLine().

2013-09-03  Ján Tomko  <jtomko@redhat.com>

	Fix leaks in python bindings
	https://bugzilla.redhat.com/show_bug.cgi?id=1003828

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Avoid killing ssh transport tunnels when cancelling job
	The vshWatchJob function registers a SIGINT handler that is used to
	abort the active job and does not terminate virsh. Unfortunately, this
	breaks when using the ssh transport as SIGINT is sent to the foreground
	process group including the ssh transport processes which terminate.
	This breaks the connection and migration is left in a insane state.

	With this patch the terminal is modified to ignore key binding that
	sends SIGINT and does the handling manually.

	Resoves: https://bugzilla.redhat.com/show_bug.cgi?id=983348

2013-09-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Remember terminal state when starting and add helpers
	This patch adds instrumentation to allow modification of config of the
	terminal in virsh and successful reset of the state afterwards.

	The added helpers allow to disable receiving of SIGINT when pressing the
	key sequence (Ctrl+C usualy). This normally sends SIGINT to the
	foreground process group which kills ssh processes used for transport of
	the data.

2013-09-03  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Add cdrom-raw dev type from VMWare Fusion
	According to VMWare's documentation 'cdrom-raw' is an acceptable value
	for deviceType for a CD-ROM drive. The documentation states that the VMX
	configuration for a CD-ROM deviceType is as follows:

	ide|scsi(n):(n).deviceType = "cdrom-raw|atapi-cdrom|cdrom-image"

	From the documentation it appears the following is true:
	- cdrom-image = Provides the ISO to the VM
	- atapi-cdrom = Provides a NEC emulated ATAPI CD-ROM on top of the host
	  CD-ROM
	- cdrom-raw = Passthru for a host CD-ROM drive. Allows CD-R burning from
	  within the guest.

	A CD-ROM prior to this patch would always provide an 'atapi-cdrom' is
	modeled as:
	  <disk type='block' device='cdrom'>
	    <source dev='/dev/scd0'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>

	This patch allows the 'device' attribute to be set to 'lun' for a raw
	acccess CD-ROM such as:
	  <disk type='block' device='lun'>
	    <source dev='/dev/scd0'/>
	    <target dev='hda' bus='ide'/>
	    <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	  </disk>

2013-09-03  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Some serial ports are not actually connected
	Sometimes a serial port might not be actually wired to a device when the
	user does not have the VM powered on and we should not consider this a
	fatal error.

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Support virtio-mmio transport for virtio on ARM
	Starting with qemu 1.6, the qemu-system-arm vexpress-a9 model has a
	hardcoded virtio-mmio transport which enables attaching all virtio
	devices.

	On the command line, we have to use virtio-XXX-device rather than
	virtio-XXX-pci, thankfully s390 already set the precedent here so
	it's fairly straight forward.

	At the XML level, this adds a new device address type virtio-mmio.
	The controller and addressing don't have any subelements at the
	moment because we they aren't needed for this usecase, but could
	be added later if needed.

	Add a test case for an ARM guest with one of every virtio device
	enabled.

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix networking for ARM guests
	Similar to the chardev bit, ARM boards depend on the old style '-net nic'
	for actually instantiating net devices. But we can't block out
	-netdev altogether since it's needed for upcoming virtio support.

	And add tests for working ARM XML with console, disk, and networking.

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	domain_conf: Add disk bus=sd, wire it up for qemu
	This corresponds to '-sd' and '-drive if=sd' on the qemu command line.
	Needed for many ARM boards which don't provide any other way to
	pass in storage.

	qemu: Don't try to allocate PCI addresses for ARM

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix specifying char devs for ARM
	QEMU ARM boards don't give us any way to explicitly wire in
	a -chardev, so use the old style -serial options.

	Unfortunately this isn't as simple as just turning off the CHARDEV flag
	for qemu-system-arm, as upcoming virtio support _will_ use device/chardev.

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't add default memballoon device on ARM
	And add test cases for a basic working ARM guest.

	domain_conf: Add default memballoon in PostParse callbacks
	This should be a no-op change for now.

2013-09-02  Cole Robinson  <crobinso@redhat.com>

	qemu: Set QEMU_AUDIO_DRV=none with -nographic
	On my machine, a guest fails to boot if it has a sound card, but not
	graphical device/display is configured, because pulseaudio fails to
	initialize since it can't access $HOME.

	A workaround is removing the audio device, however on ARM boards there
	isn't any option to do that, so -nographic always fails.

	Set QEMU_AUDIO_DRV=none if no <graphics> are configured. Unfortunately
	this has massive test suite fallout.

	Add a qemu.conf parameter nographics_allow_host_audio, that if enabled
	will pass through QEMU_AUDIO_DRV from sysconfig (similar to
	vnc_allow_host_audio)

2013-09-02  Guido Günther  <agx@sigxcpu.org>

	Pass AM_LDFLAGS to driver modules too
	This gives us a RO got, otherwise Debian's lintian complains:

	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_qemu.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_vbox.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_xen.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_nwfilter.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
	W: libvirt-bin: hardening-no-relro usr/lib/libvirt/connection-driver/libvirt_driver_uml.so
	W: libvirt-sanlock: hardening-no-relro usr/lib/libvirt/lock-driver/sanlock.so

2013-09-02  Guido Günther  <agx@sigxcpu.org>

	Fix AM_LDFLAGS typo

2013-09-02  Fred A. Kemp  <anonym@riseup.net>

	qemu: Support setting the 'removable' flag for USB disks
	Add an attribute named 'removable' to the 'target' element of disks,
	which controls the removable flag. For instance, on a Linux guest it
	controls the value of /sys/block/$dev/removable. This option is only
	valid for USB disks (i.e. bus='usb'), and its default value is 'off',
	which is the same behaviour as before.

	To achieve this, 'removable=on' (or 'off') is appended to the '-device
	usb-storage' parameter sent to qemu when adding a USB disk via
	'-disk'. A capability flag QEMU_CAPS_USB_STORAGE_REMOVABLE was added
	to keep track if this option is supported by the qemu version used.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=922495

2013-09-02  Fred A. Kemp  <anonym@riseup.net>

	qemu: Add capability flag for usb-storage
	Allow use of the usb-storage device only if the new capability flag
	QEMU_CAPS_DEVICE_USB_STORAGE is set, which it is for qemu(-kvm)
	versions >= 0.12.1.2-rhel62-beta.

2013-09-02  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Create virVMXFormatDisk() from HD and CD-ROM
	virVMXFormatHardDisk() and virVMXFormatCDROM() duplicated a lot of code
	from each other and made a lot of nested if checks to build each part of
	the VMX file. This hopefully simplifies the code path while combining
	the two functions with no net difference.

2013-09-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: merged new localizations and regenerated

2013-09-02  John Ferlan  <jferlan@redhat.com>

	qemu_hotplug: Resolve DEADCODE coverity error
	Remove unused 'cgroup' variable in qemuDomainAttachDeviceDiskLive() to
	resolve coverity DEADCODE complaint

2013-08-31  Hongwei Bi  <hwbi2008@gmail.com>

	Fix memory leak in cmdAttachDisk
	When virBufferError is ok in cmdAttachDisk, the latter
	should 'goto cleanup', instead of returning a false to
	prevent memory leaking.

2013-08-31  Eric Blake  <eblake@redhat.com>

	build: fix virtlockd file distribution
	Since virtlockd is only built when libvirtd is built, we should
	not install its auxiliary files unconditionally.  This solves
	two failures.  1. 'make distcheck' complains:

	rm -f Makefile
	ERROR: files left in build directory after distclean:
	./src/virtlockd.8

	2. './autobuild.sh' complains:

	Checking for unpackaged file(s): /usr/lib/rpm/check-files
	/home/eblake/rpmbuild/BUILDROOT/mingw-libvirt-1.1.1-1.fc19.eblake1377879911.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/i686-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf

	/usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
	   /usr/i686-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
	   /usr/i686-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8
	   /usr/x86_64-w64-mingw32/sys-root/mingw/etc/libvirt/virtlockd.conf

	/usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/tests/test_virtlockd.aug
	   /usr/x86_64-w64-mingw32/sys-root/mingw/share/augeas/lenses/virtlockd.aug
	   /usr/x86_64-w64-mingw32/sys-root/mingw/share/man/man8/virtlockd.8

	* src/Makefile.am (CLEANFILES): Add virtlockd.8.
	(man8_MANS, conf_DATA, augeas_DATA, augeastest_DATA): Only install
	virtlockd files when daemon is built.

2013-08-31  Eric Blake  <eblake@redhat.com>

	build: shipped files must not depend on BUILT_SOURCES
	'make distcheck' was failing with:
	make[3]: Entering directory `/home/eblake/libvirt-tmp2/libvirt-1.1.1/_build/docs'
	perl ../../docs/genaclperms.pl ../../src/access/viraccessperm.h > ../../docs/aclperms.htmlinc
	/bin/sh: ../../docs/aclperms.htmlinc: Permission denied

	when simulating the case of a user doing a VPATH build from a
	read-only source tree.  The culprit?  BUILT_SOURCES are _always_
	built, and so must NOT be built into srcdir and need not be part
	of the tarball.  On the other hand, shipped files must never
	depend on files in the builddir.  While it would be possible to
	fix the problem by generating aclperms.htmlinc into builddir,
	we then have the problem that we ship acl.html - we'd have to
	rejigger a lot of things to not ship pre-built html.  So this
	patch goes the other direction - we don't need BUILT_SOURCES,
	but instead ensure that we have proper dependencies so that
	all files in srcdir are up-to-date at the time the tarball is
	created.  And because we ship html files in the tarball, that
	implies we don't expect users to be able to rebuild them, so
	we must not clean any files that would trigger a rebuild except
	under the maintainer rules.

	* docs/Makefile.am (BUILT_SOURCES): Delete.
	(CLEANFILES): Downgrade aclperms.htmlinc cleanup...
	(maintainer-clean-local): ...and move hvsupport.html.in...
	(MAINTAINERCLEANFILES): ...to a maintainer action.
	(hvsupport.html.in): Write into srcdir.
	(hvsupport.html): Ensure files are built in order.
	(aclperms.htmlinc): Honor silent make.
	(EXTRA_DIST): Ship aclperms.htmlinc.

2013-08-31  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' out of the box
	With the 1.1.1 tarball, if a user does 'make && make distcheck',
	things pass, but if they do 'make distcheck' after 'make clean',
	there is an odd failure:

	  GEN      ../../docs/devhelp/index.html
	I/O error : Permission denied
	I/O error : Permission denied
	runtime error: file ../../docs/devhelp/devhelp.xsl line 43 element document
	xsltDocumentElem: unable to save to ../../docs/devhelp/libvirt-virterror.html
	I/O error : Permission denied
	I/O error : Permission denied

	This implies that the rules for 'make dist' are missing a
	dependency - the generated documentation needs to be up-to-date
	before creating the tarball, or else the tarball will be missing
	files, where the end user will end up trying to rebuild files in
	srcdir, and that fails when srcdir is read-only.

	1.1.1 plus this patch now works without issues (other issues have
	crept in to 1.1.2-rc1 that prevent 'make distcheck' from working,
	but those will be cleaned up in later patches).

	* docs/Makefile.am (dist-local): New dependency.

2013-08-30  Eric Blake  <eblake@redhat.com>

	build: only create virt-login-shell for lxc builds
	I noticed from an ./autobuild.sh run that we were installing a
	virt-login-shell.exe binary when cross-building for mingw,
	even though such a binary is necessarily worthless since the
	code depends on lxc which is a Linux-only concept.

	* tools/Makefile.am (conf_DATA, bin_PROGRAMS, dist_man1_MANS):
	Make virt-login-shell installation conditional.

2013-08-30  Cole Robinson  <crobinso@redhat.com>

	qemu: Only setup vhost if virtType == "kvm"
	vhost only works in KVM mode at the moment, and is infact compiled
	out if the emulator is built for non-native architecture. While it
	may work at some point in the future for plain qemu, for now it's
	just noise on the command line (and which contributes to arm cli
	breakage).

2013-08-30  Guido Günther  <agx@sigxcpu.org>

	Process virtlockd.conf instead of libvirtd.conf

2013-08-30  Daniel P. Berrange  <berrange@redhat.com>

	Change way we fake dbus method calls
	Ubuntu libdbus.so links with -Bsymbolic-functions, which means
	that we can only LD_PRELOAD functions that we directly call.
	Functions which libdbus.so calls internally can not be replaced.
	Thus we cannot use dbus_message_new_error or dbus_message_new_method_return

2013-08-30  Eric Blake  <eblake@redhat.com>

	random: don't mix RAND_MAX with random_r
	FreeBSD 10 recently changed their definition of RAND_MAX, to try
	and cover the fact that their evenly distributed results of rand()
	really are a smaller range than a full power of 2.  As a result,
	I did some investigation, and learned:

	1. POSIX requires random() to be evenly distributed across exactly
	31 bits.  glibc also guarantees this for rand(), but the two are
	unrelated, and POSIX only associates RAND_MAX with rand().
	Avoiding RAND_MAX altogether thus avoids a build failure on
	FreeBSD 10.

	2. Concatenating random bits from a PRNG will NOT provide uniform
	coverage over the larger value UNLESS the period of the original
	PRNG is at least as large as the number of bits being concatenated.
	Simple example: suppose that RAND_MAX were 1 with a period of 2**1
	(which means that the PRNG merely alternates between 0 and 1).
	Concatenating two successive rand() calls would then invariably
	result in 01 or 10, which is a rather non-uniform distribution
	(00 and 11 are impossible) and an even worse period (2**0, since
	our second attempt will get the same number as our first attempt).
	But a RAND_MAX of 1 with a period of 2**2 (alternating between
	0, 1, 1, 0) provides sane coverage of all four values, if properly
	tempered.  (Back-to-back calls would still only see half the values
	if we don't do some tempering).  We therefore want to guarantee a
	period of at least 2**64, preferably larger (as a tempering factor);
	POSIX only makes this guarantee for random() with 256 bytes of info.

	* src/util/virrandom.c (virRandomBits): Use constants that are
	accurate for the PRNG we are using, not an unrelated PRNG.
	(randomState): Ensure the period of our PRNG exceeds our usage.

2013-08-30  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: rename print_job_progress to vshPrintJobProgress

2013-08-29  Eric Blake  <eblake@redhat.com>

	security: provide supplemental groups even when parsing label (CVE-2013-4291)
	Commit 29fe5d7 (released in 1.1.1) introduced a latent problem
	for any caller of virSecurityManagerSetProcessLabel and where
	the domain already had a uid:gid label to be parsed.  Such a
	setup would collect the list of supplementary groups during
	virSecurityManagerPreFork, but then ignores that information,
	and thus fails to call setgroups() to adjust the supplementary
	groups of the process.

	Upstream does not use virSecurityManagerSetProcessLabel for
	qemu (it uses virSecurityManagerSetChildProcessLabel instead),
	so this problem remained latent until backporting the initial
	commit into v0.10.2-maint (commit c061ff5, released in 0.10.2.7),
	where virSecurityManagerSetChildProcessLabel has not been
	backported.  As a result of using a different code path in the
	backport, attempts to start a qemu domain that runs as qemu:qemu
	will end up with supplementary groups unchanged from the libvirtd
	parent process, rather than the desired supplementary groups of
	the qemu user.  This can lead to failure to start a domain
	(typical Fedora setup assigns user 107 'qemu' to both group 107
	'qemu' and group 36 'kvm', so a disk image that is only readable
	under kvm group rights is locked out).  Worse, it is a security
	hole (the qemu process will inherit supplemental group rights
	from the parent libvirtd process, which means it has access
	rights to files owned by group 0 even when such files should
	not normally be visible to user qemu).

	LXC does not use the DAC security driver, so it is not vulnerable
	at this time.  Still, it is better to plug the latent hole on
	the master branch first, before cherry-picking it to the only
	vulnerable branch v0.10.2-maint.

	* src/security/security_dac.c (virSecurityDACGetIds): Always populate
	groups and ngroups, rather than only when no label is parsed.

2013-08-29  Daniel P. Berrange  <berrange@redhat.com>

	Prohibit unbounded arrays in XDR protocols
	The use of <> is a security issue for RPC parameters, since a
	malicious client can set a huge array length causing arbitrary
	memory allocation in the daemon.

	It is also a robustness issue for RPC return values, because if
	the stream is corrupted, it can cause the client to also allocate
	arbitrary memory.

	Use a syntax-check rule to prohibit any use of <>

2013-08-29  Daniel P. Berrange  <berrange@redhat.com>

	Add bounds checking on virConnectListAllSecrets RPC call
	The return values for the virConnectListAllSecrets call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNWFilters RPC call
	The return values for the virConnectListAllNWFilters call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNodeDevices RPC call
	The return values for the virConnectListAllNodeDevices call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllInterfaces RPC call
	The return values for the virConnectListAllInterfaces call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllNetworks RPC call
	The return values for the virConnectListAllNetworks call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virStoragePoolListAllVolumes RPC call
	The return values for the virStoragePoolListAllVolumes call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllStoragePools RPC call
	The return values for the virConnectListAllStoragePools call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virConnectListAllDomains RPC call
	The return values for the virConnectListAllDomains call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virDomain{SnapshotListAllChildren,ListAllSnapshots} RPC calls
	The return values for the virDomain{SnapshotListAllChildren,ListAllSnapshots}
	calls were not bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

	Add bounds checking on virDomainGetJobStats RPC call
	The return values for the virDomainGetJobStats call were not
	bounds checked. This is a robustness issue for clients if
	something where to cause corruption of the RPC stream data.

2013-08-29  Daniel P. Berrange  <berrange@redhat.com>

	Add bounds checking on virDomainMigrate*Params RPC calls (CVE-2013-4292)
	The parameters for the virDomainMigrate*Params RPC calls were
	not bounds checks, meaning a malicious client can cause libvirtd
	to consume arbitrary memory

	This issue was introduced in the 1.1.0 release of libvirt

2013-08-29  Guan Qiang  <hzguanqiang@corp.netease.com>

	python: Fix a PyList usage mistake
	Fix PyList usage mistake in Function libvirt_lxc_virDomainLxcOpenNamespace.

	https://bugzilla.redhat.com/show_bug.cgi?id=1002383

2013-08-29  Michal Privoznik  <mprivozn@redhat.com>

	autogen.sh: Correctly detect .git as a file
	One of my previous patches 5cfe0d37cd0be tried to handle the case when
	libvirt is a submodule of another project. In that case, the .git is
	just a link to the parent .git directory (which the autogen.sh script
	didn't count on). The fix was missing 'test' though.

	bridge_driver: Introduce networkObjFromNetwork
	Similarly to qemu_driver.c, we can join often repeating code of looking
	up network into one function: networkObjFromNetwork.

2013-08-29  Peter Krempa  <pkrempa@redhat.com>

	qemu_hotplug: Fix whitespace around addition in argument

2013-08-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove hostdev entry when freeing the depending network entry
	When using a <interface type="network"> that points to a network with
	hostdev forwarding mode a hostdev alias is created for the network. This
	allias is inserted into the hostdev list, but is backed with a part of
	the network object that it is connected to.

	When a VM is being stopped qemuProcessStop() calls
	networkReleaseActualDevice() which eventually frees the memory for the
	hostdev object. Afterwards when the domain definition is being freed by
	virDomainDefFree() an invalid pointer is accessed by
	virDomainHostdevDefFree() and may cause a crash of the daemon.

	This patch removes the entry in the hostdev list before freeing the
	depending memory to avoid this issue.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1000973

2013-08-28  Eric Blake  <eblake@redhat.com>

	virsh: detect programming errors with option parsing
	Noticed while reviewing another patch that had an accidental
	mismatch due to refactoring.  An audit of the code showed that
	very few callers of vshCommandOpt were expecting a return of
	-2, indicating programmer error, and of those that DID check,
	they just propagated that status to yet another caller that
	did not check.  Fix this by making the code blatantly warn
	the programmer, rather than silently ignoring it and possibly
	doing the wrong thing downstream.

	I know that we frown on assert()/abort() inside libvirtd
	(libraries should NEVER kill the program that linked them),
	but as virsh is an app rather than the library, and as this
	is not the first use of assert() in virsh, I think this
	approach is okay.

	* tools/virsh.h (vshCommandOpt): Drop declaration.
	* tools/virsh.c (vshCommandOpt): Make static, and add a
	parameter.  Abort on programmer errors rather than making callers
	repeat that logic.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptStringReq)
	(vshCommandOptLongLong, vshCommandOptULongLong)
	(vshCommandOptBool): Adjust callers.

2013-08-28  Jiri Denemark  <jdenemar@redhat.com>

	virt-sanlock-cleanup; Fix augtool usage
	Surprisingly, augtool get (or print) returns "path = value" while we are
	only interested in the value. We need to remove the "path = " part from
	the augtool's output. The following is an example of the augtool command
	as used in virt-sanlock-cleanup script:

	$ augtool get /files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir
	/files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir = /var/lib/libvirt/sanlock

2013-08-28  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Fix debugging
	Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
	there was still one more thing missing to fix.  When using virsh
	parameters to setup debugging, those weren't honored, because at the
	time debugging was initializing, arguments weren't parsed yet.  To
	make ewerything work as expected, we need to initialize the debugging
	twice, once before debugging (so we can debug option parsing properly)
	and then again after these options are parsed.

	As a side effect, this patch also fixes a leak when virsh is ran with
	multiple '-l' parameters.

2013-08-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh-pool.c: Don't jump over variable declaration
	Since 785ff34bf8 we are using the outputStr variable in cleanup label.
	However, there is a possibility to jump to the label before the variable
	has been declared:

	virsh-pool.c: In function 'cmdPoolList':
	virsh-pool.c:1121:25: error: jump skips variable initialization [-Werror=jump-misses-init]
	                         goto asprintf_failure;
	                         ^
	virsh-pool.c:1308:1: note: label 'asprintf_failure' defined here
	 asprintf_failure:
	 ^
	virsh-pool.c:1267:11: note: 'outputStr' declared here
	     char *outputStr = NULL;

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	virsh: free the caps list properly if one of them is invalid
	VIR_FREE(caps) is not enough to free an array allocated
	by vshStringToArray.

	==17== 4 bytes in 1 blocks are definitely lost in loss record 4 of 728
	==17==    by 0x4EFFC44: virStrdup (virstring.c:554)
	==17==    by 0x128B10: _vshStrdup (virsh.c:125)
	==17==    by 0x129164: vshStringToArray (virsh.c:218)
	==17==    by 0x157BB3: cmdNodeListDevices (virsh-nodedev.c:409)

	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	virsh: free the formatting string when listing pool details
	==23== 41 bytes in 1 blocks are definitely lost in loss record 626 of 727
	==23==    by 0x4F0099F: virAsprintfInternal (virstring.c:358)
	==23==    by 0x15D2C9: cmdPoolList (virsh-pool.c:1268)

	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	virsh: free the list from ListAll APIs even for 0 items
	virsh secret-list leak when no secrets are defined:

	==27== 8 bytes in 1 blocks are definitely lost in loss record 6 of 726
	==27==    by 0x4E941DD: virAllocN (viralloc.c:183)
	==27==    by 0x5037F1A: remoteConnectListAllSecrets (remote_driver.c:3076)
	==27==    by 0x5004EC6: virConnectListAllSecrets (libvirt.c:16298)
	==27==    by 0x15F813: vshSecretListCollect (virsh-secret.c:397)
	==27==    by 0x15F0E1: cmdSecretList (virsh-secret.c:532)

	And so do some other *-list commands.

	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	virsh: free messages after logging them to a file
	The messages were only freed on error.

	==12== 1,100 bytes in 1 blocks are definitely lost in loss record 698 of 729
	==12==    by 0x4E98C22: virBufferAsprintf (virbuffer.c:294)
	==12==    by 0x12C950: vshOutputLogFile (virsh.c:2440)
	==12==    by 0x12880B: vshError (virsh.c:2254)
	==12==    by 0x131957: vshCommandOptDomainBy (virsh-domain.c:109)
	==12==    by 0x14253E: cmdStart (virsh-domain.c:3333)

	https://bugzilla.redhat.com/show_bug.cgi?id=1001536

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	Test network update XML parsing
	Add checks for updating sections of network definition via
	virNetworkDefUpdateSection.

	https://bugzilla.redhat.com/show_bug.cgi?id=989569

2013-08-28  Ján Tomko  <jtomko@redhat.com>

	Remove the space before the slash in network XML
	This matches the style we use elsewhere and allows
	nat-network-dns-srv-record{,-minimal}.xml to be tested in
	network XML -> XML test.

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Build QEMU command line for pcihole64
	QEMU commit 3984890 introduced the "pci-hole64-size" property,
	to i440FX-pcihost and q35-pcihost with a default setting of 2 GB.

	Translate <pcihole64>x<pcihole64/> to:
	-global q35-pcihost.pci-hole64-size=x for q35 machines and
	-global i440FX-pcihost.pci-hole64-size=x for i440FX-based machines.

	Error out on other machine types or if the size was specified
	but the pcihost device lacks 'pci-hole64-size' property.

	https://bugzilla.redhat.com/show_bug.cgi?id=990418

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Add pcihole64 element to root PCI controllers
	<controller type='pci' index='0' model='pci-root'>
	  <pcihole64 unit='KiB'>1048576</pcihole64>
	</controller>

	It can be used to adjust (or disable) the size of the 64-bit
	PCI hole. The size attribute is in kilobytes (different unit
	can be specified on input), but it gets rounded up to
	the nearest GB by QEMU.

	Disabling it will be needed for guests that crash with the
	64-bit PCI hole (like Windows XP), see:
	https://bugzilla.redhat.com/show_bug.cgi?id=990418

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Allow controller XML parsing to use XPath context
	virDomainParseScaledValue requires it.

	Move virDomainParseScaledValue earlier
	Let virDomainControllerDefParseXML use it without
	a forward declaration.

2013-08-27  Aline Manera  <alinefm@br.ibm.com>

	Add ftp protocol support for cdrom disk
	The ftp protocol is already recognized by qemu/KVM so add this support to
	libvirt as well.
	The xml should be as following:

	     <disk type='network' device='cdrom'>
	       <source protocol='ftp' name='/url/path'>
	         <host name='host.name' port='21'/>
	       </source>
	     </disk>

2013-08-27  Aline Manera  <alinefm@br.ibm.com>

	Add http protocol support for cdrom disk
	QEMU/KVM already allows a HTTP URL for the cdrom ISO image so add this support
	to libvirt as well.
	The xml should be as following:

	    <disk type='network' device='cdrom'>
	      <source protocol='http' name='/url/path'>
	        <host name='host.name' port='80'/>
	      </source>
	    </disk>

2013-08-27  Ján Tomko  <jtomko@redhat.com>

	Always specify qcow2 compat level on qemu-img command line
	qemu-img is going to switch the default for QCOW2
	to QCOW2v3 (compat=1.1)

	Extend the probing for qemu-img command line options to check
	if -o compat is supported. If the volume definition specifies
	the qcow2 format but no compat level and -o compat is supported,
	specify -o compat=0.10 to create a QCOW2v2 image.

	https://bugzilla.redhat.com/show_bug.cgi?id=997977

2013-08-27  Guannan Ren  <gren@redhat.com>

	virsh: fix return value error of cpu-stats
	virsh cpu-stats guest --start 0 --count 3
	It outputs right but the return value is 1 rather than 0
	echo $?
	1

	Found by running libvirt-autotest
	./run -t libvirt --tests virsh_cpu_stats

2013-08-26  Tomas Meszaros  <exo@tty.sk>

	virsh: C99 style for info_domfstrim and opts_lxc_enter_namespace
	Change info_domfstrim and opts_lxc_enter_namespace initialization style
	to C99.

2013-08-26  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttachHostPciDevice: Fall back to mem balloon if there's no hard_limit
	If there's no hard_limit set and domain uses VFIO we still must lock
	the guest memory (prerequisite from qemu). Hence, we should compute
	the amount to be locked from max_balloon.

2013-08-26  Jiri Denemark  <jdenemar@redhat.com>

	qemuhotplugtest: Add tests for virtio SCSI disk hotplug

	qemuhotplugtest: Add tests for USB disk hotplug

	qemuhotplugtest: Add tests for async virtio disk detach

	qemuhotplugtest: Add support for DEVICE_DELETED event

	qemu: Let tests override waiting time for device unplug
	We don't want tests to wait 5 seconds for an event which we know will
	never come.

	qemu: Export qemuProcessHandleDeviceDeleted for tests

	tests: Add support for passing driver to qemu monitor
	The driver is then passed to monitor event handlers.

	tests: Add support for passing vm to qemu monitor
	Some tests need the monitor to operate on an already existing VM object
	rather than on a new mock-up the monitor test normally creates.

	qemuhotplugtest: Add tests for virtio disk hotplug

	qemuxml2argvtest: Add XML for testing device hotplug
	This is a generic XML usable for hotplugging various types of devices.

	qemuhotplugtest: Define QMP_OK for the most common reply

	qemuhotplugtest: Compare domain XML after device hotplug
	We need to make sure a device is properly added/removed (or not) to a
	domain definition to check that a hotplug API did not lie to us.

	qemuhotplugtest: Generate better output
	Each test case label now contains more data useful to identify the test.

	qemu: Move qemuDomainDetachDeviceDiskLive to qemu_hotplug.c

	qemu: Move qemuDomainAttachDeviceDiskLive to qemu_hotplug.c

	qemu: Avoid using global qemu_driver in event handlers
	We will have to pass a mock-up of the driver when testing monitor
	events.

	qemu: Typedef monitor callbacks
	Otherwise defining variables that hold callbacks pointers is ugly and
	several places have to be changed when new parameters are added.

2013-08-26  Ján Tomko  <jtomko@redhat.com>

	Don't free NULL network in cmdNetworkUpdate
	If the network has not been found, virNetworkFree(NULL)
	was called, resulting in an extra error:
	error: invalid network pointer in virNetworkFree

	https://bugzilla.redhat.com/show_bug.cgi?id=1001094

2013-08-26  Jiri Denemark  <jdenemar@redhat.com>

	schema: Allow dots in device aliases
	Commit 01b88127 changed aliases for PCI controller devices to "pcie.0" or
	"pci.%u". Thus device aliases may now contain dots.

2013-08-26  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update count of vCPUs if hot-plug fails silently
	When cpu hotplug fails without reporting an error, we would fail the
	command but update the count of vCPUs anyways.

	Commit 761fc481365703b861429d73a341bde352ba8d41 fixed the case when CPU
	hot-unplug failed silently, but forgot to fix up the value in this case.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1000357

2013-08-23  Eric Blake  <eblake@redhat.com>

	tests: skip schema validation tests if xmllint is missing
	On IRC, someone complained that a system without xmllint installed
	failed a number of tests.

	* tests/schematestutils.sh: Probe for xmllint.

2013-08-23  Claudio Bley  <cbley@av-test.de>

	python: simplify complicated conditional assignment

2013-08-23  Claudio Bley  <cbley@av-test.de>

	Test for object identity when checking for None in Python
	Consistently use "is" or "is not" to compare variables to None,
	because doing so is preferrable, as per PEP 8
	(http://www.python.org/dev/peps/pep-0008/#programming-recommendations):

	> Comparisons to singletons like None should always be done with is or
	> is not, never the equality operators.

2013-08-22  Nehal J Wani  <nehaljw.kkd1@gmail.com>

	qemuagenttest.c: Missing documentation (Timeout)
	In tests/qemuagenttest.c, the Timeout test should always be
	called last. Any additional tests should come before this.

2013-08-22  Guido Günther  <agx@sigxcpu.org>

	python: Use RELRO_LDFLAGS and NO_INDIRECT_LDFLAGS
	A readonly GOT and detecting indirect linkage is useful here too.

	Check for --no-copy-dt-needed linker flag
	and use it when available

	Simplify RELRO_LDFLAGS
	by adding it to AM_LDFLAGS instead of every linking rule and
	by avoiding a forked grep.

2013-08-22  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add URI precedence checking
	Commit a0b6a36f is fixing what commit abfff210 broke, so to avoid having
	to deal with this issue again, herec comes "virsh-uriprecedence".

2013-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Set security label on FD for virDomainOpenGraphics
	The virDomainOpenGraphics method accepts a UNIX socket FD from
	the client app. It must set the label on this FD otherwise QEMU
	will be prevented from receiving it with recvmsg.

2013-08-22  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildNicDevStr: Add mq=on for multiqueue networking
	If user requested multiqueue networking, beside multiple /dev/tap and
	/dev/vhost-net openings, we forgot to pass mq=on onto the -device
	virtio-net-pci command line. This is advised at:

	  http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature

2013-08-22  John Ferlan  <jferlan@redhat.com>

	docs: Reformat <disk> attribute description in formatdomain
	Reformat the description to more cleanly delineate the attributes
	for a <disk> element.

2013-08-22  Peter Krempa  <pkrempa@redhat.com>

	virBitmapParse: Fix behavior in case of error and fix up callers
	Re-arrange the code so that the returned bitmap is always initialized to
	NULL even on early failures and return an error message as some callers
	are already expecting it. Fix up the rest not to shadow the error.

2013-08-22  Martin Kletzander  <mkletzan@redhat.com>

	Fix URI connect precedence
	Commit abfff210 changed the order of vshParseArgv() and vshInit() in
	order to make fix debugging of parameter parsing.  However, vshInit()
	did a vshReconnect() even though ctl->name wasn't set according to the
	'-c' parameter yet.  In order to keep both issues fixed, I've split
	the vshInit() into vshInitDebug() and vshInit().

	One simple memleak of ctl->name is fixed as a part of this patch,
	since it is related to the issue it's fixing.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=999323

2013-08-22  Doug Goldstein  <cardoe@cardoe.com>

	VMX: Improve disk parse error for unknown values
	Previously the error message showed the following:

	error: internal error: Invalid or not yet handled value 'auto detect'
	for VMX entry 'ide0:0.fileName'

	This left the user unsure if it was a CD-ROM or a disk device that they
	needed to fix. Now the error shows:

	error: internal error: Invalid or not yet handled value 'auto detect'
	for VMX entry 'ide0:0.fileName' for device type 'cdrom-raw'

	Which should hopefully make it easier to see the issue with the VMX
	configuration.

2013-08-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: implement networkEnableIpForwarding for BSD
	Implement networkEnableIpForwarding() using BSD style sysctl.

2013-08-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement virNetDev(Set|Clear)IPv4Address
	Provide an implementation of virNetDev(Set|Clear)IPv4Address based on
	BSD ifconfig tool in addition to 'ip' from Linux iproute2 package.

2013-08-21  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libvirtd crash when reconnecting domains
	More fallout from commit d72ef888.  When reconnecting to running
	domains, the libxl_ctx in libxlDomainObjPrivate was used before
	initializing it, causing a segfault in libxl and consequently
	crashing libvirtd.

	Initialize the libxlDomainObjPrivate libxl_ctx in libxlReconnectDomain,
	and while at it use this ctx in libxlReconnectDomain instead of the
	driver-wide ctx.

2013-08-21  Eric Blake  <eblake@redhat.com>

	migration: do not restore labels on failed migration
	https://bugzilla.redhat.com/show_bug.cgi?id=822052

	When doing a live migration, if the destination fails for any
	reason after the point in which files should be labeled, then
	the cleanup of the destination would restore the labels to their
	defaults, even though the source is still trying to continue
	running with the image open.  Bug 822052 mentioned one source
	of live migration failure - a mismatch in SELinux virt_use_nfs
	settings (on for source, off for destination); but I found other
	situations that would also trigger it (for example, having a
	graphics device tied to port 5999 on the source, and a different
	domain on the destination already using that port, so that the
	destination cannot reuse the port).

	In short, just as cleanup of the source on a successful migration
	must not relabel files (because the destination would be crippled
	by the relabel), cleanup of the destination on a failed migration
	must not relabel files (because the source would be crippled).

	* src/qemu/qemu_process.c (qemuProcessStart): Set flag to avoid
	label restoration when cleaning up on failed migration.

2013-08-21  Claudio Bley  <cbley@av-test.de>

	tests: fix building without xattr support
	Only compile securityselinuxhelper.c if xattr support was detected to
	avoid this error:

	securityselinuxhelper.c:34:24: fatal error: attr/xattr.h: No such file
	or directory compilation terminated.

	Since all SELinux tests depend upon the securityselinuxhelper library,
	these test programs are now only build when xattr support is
	available.

2013-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Test handling of non-existent x509 certs
	In commit f905cc998449c89339d0e2894a71d9a9e45293e5 a use of
	uninitialized data was fixed based on a coverity report. It
	turns out it was possible to trigger this issue by pointing
	libvirt at non-existent certificate files, typically causing
	a crash.

	This adds a test case for that scenario. With the above
	commit reverted, this new test case will crash with a SEGV.
	With the fix applied, it passes, reporting a normal libvirt
	error to the caller.

2013-08-21  Osier Yang  <jyang@redhat.com>

	storage: Fix the use-after-free memory bug
	Introduced by commit e0139e30444. virStorageVolDefFree free'ed the
	pointers that are still used by the added volume object, this changes
	it back to VIR_FREE.

2013-08-21  Osier Yang  <jyang@redhat.com>

	storage: Fix coverity warning
	Introduced by commit e0139e30444:

	1777 	    /* Updating pool metadata */

	(40) Event var_deref_op: Dereferencing null pointer "newvol".
	     Also see events: [assign_zero]

	1778 	    pool->def->allocation += newvol->allocation;
	1779 	    pool->def->available -= newvol->allocation;

2013-08-20  John Ferlan  <jferlan@redhat.com>

	docs: Update iSCSI storage pool example
	Update the iSCSI storage pool example to include the secret

	docs: Update formatsecrets to include more examples of each type
	Update formatsecret docs to describe the various options and provide examples
	in order to set up secrets for each type of secret.

	docs: Update the formatdomain disk examples
	Add more iSCSI examples including having a secret attached. There are 4 new
	examples; one for each way to have an iSCSI - a network disk using virtio,
	a passthrough network lun using scsi, a volume disk using "mode='host'",
	and a volume disk using "mode='direct'"

	Report secret usage error message similarly
	Each of the modules handled reporting error messages from the secret fetching
	slightly differently with respect to the error. Provide a similar message
	for each error case and provide as much data as possible.

2013-08-20  Osier Yang  <jyang@redhat.com>

	qemu_conf: Fix broken logic for adding passthrough iscsi lun
	Following XML would fail :

	    <disk type='network' device='lun'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='iscsi' name='iqn.2013-07.com.example:iscsi/1'>
	        <host name='example.com' port='3260'/>
	      </source>
	      <target dev='sda' bus='scsi'/>
	    </disk>

	With the message:

	error: Failed to start domain iscsilun
	error: Unable to get device ID 'iqn.2013-07.com.example:iscsi/1': No such fi

	Cause was commit id '1f49b05a' which added 'virDomainDiskSourceIsBlockType'

2013-08-20  John Ferlan  <jferlan@redhat.com>

	virsh: Print cephx and iscsi usage
	When using virsh secret-list - if the secret types are cephx or iscsi,
	then allow fetch/print of the usage information. Prior to the change
	the following would print:

	UUID                                 Usage
	-----------------------------------------------------------
	1b40a534-8301-45d5-b1aa-11894ebb1735 Unused
	a5ba3efe-6adf-4a6a-b243-f010a043e314 Unused

	Afterwards:

	UUID                                 Usage
	-----------------------------------------------------------
	1b40a534-8301-45d5-b1aa-11894ebb1735 ceph ceph_example
	a5ba3efe-6adf-4a6a-b243-f010a043e314 iscsi libvirtiscsi

2013-08-20  John Ferlan  <jferlan@redhat.com>

	libxl: Resolve possible NULL dereference
	If we reached cleanup: prior to allocating cpus, it was possible that
	'nr_nodes' had a value, but cpus was NULL leading to a possible NULL
	deref. Add a 'cpus' as an end condition to for loop

2013-08-20  Eric Blake  <eblake@redhat.com>

	selinux: enhance test to cover nfs label failure
	Daniel Berrange (correctly) pointed out that we should do a better
	job of testing selinux labeling fallbacks on NFS disks that lack
	labeling support.

	* tests/securityselinuxhelper.c (includes): Makefile already
	guaranteed xattr support.  Add additional headers.
	(init_syms): New function, borrowing from vircgroupmock.c.
	(setfilecon_raw, getfilecon_raw): Fake NFS failure.
	(statfs): Fake an NFS mount point.
	(security_getenforce, security_get_boolean_active): Don't let host
	environment affect test.
	* tests/securityselinuxlabeldata/nfs.data: New file.
	* tests/securityselinuxlabeldata/nfs.xml: New file.
	* tests/securityselinuxlabeltest.c (testSELinuxCreateDisks)
	(testSELinuxDeleteDisks): Setup and cleanup for fake NFS mount.
	(testSELinuxCheckLabels): Test handling of SELinux NFS denial.
	Fix memory leak.
	(testSELinuxLabeling): Avoid infinite loop on dirty tree.
	(mymain): Add new test.

2013-08-20  Eric Blake  <eblake@redhat.com>

	selinux: distinguish failure to label from request to avoid label
	https://bugzilla.redhat.com/show_bug.cgi?id=924153

	Commit 904e05a2 (v0.9.9) added a per-<disk> seclabel element with
	an attribute relabel='no' in order to try and minimize the
	impact of shutdown delays when an NFS server disappears.  The idea
	was that if a disk is on NFS and can't be labeled in the first
	place, there is no need to attempt the (no-op) relabel on domain
	shutdown.  Unfortunately, the way this was implemented was by
	modifying the domain XML so that the optimization would survive
	libvirtd restart, but in a way that is indistinguishable from an
	explicit user setting.  Furthermore, once the setting is turned
	on, libvirt avoids attempts at labeling, even for operations like
	snapshot or blockcopy where the chain is being extended or pivoted
	onto non-NFS, where SELinux labeling is once again possible.  As
	a result, it was impossible to do a blockcopy to pivot from an
	NFS image file onto a local file.

	The solution is to separate the semantics of a chain that must
	not be labeled (which the user can set even on persistent domains)
	vs. the optimization of not attempting a relabel on cleanup (a
	live-only annotation), and using only the user's explicit notation
	rather than the optimization as the decision on whether to skip
	a label attempt in the first place.  When upgrading an older
	libvirtd to a newer, an NFS volume will still attempt the relabel;
	but as the avoidance of a relabel was only an optimization, this
	shouldn't cause any problems.

	In the ideal future, libvirt will eventually have XML describing
	EVERY file in the backing chain, with each file having a separate
	<seclabel> element.  At that point, libvirt will be able to track
	more closely which files need a relabel attempt at shutdown.  But
	until we reach that point, the single <seclabel> for the entire
	<disk> chain is treated as a hint - when a chain has only one
	file, then we know it is accurate; but if the chain has more than
	one file, we have to attempt relabel in spite of the attribute,
	in case part of the chain is local and SELinux mattered for that
	portion of the chain.

	* src/conf/domain_conf.h (_virSecurityDeviceLabelDef): Add new
	member.
	* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML):
	Parse it, for live images only.
	(virSecurityDeviceLabelDefFormat): Output it.
	(virDomainDiskDefParseXML, virDomainChrSourceDefParseXML)
	(virDomainDiskSourceDefFormat, virDomainChrDefFormat)
	(virDomainDiskDefFormat): Pass flags on through.
	* src/security/security_selinux.c
	(virSecuritySELinuxRestoreSecurityImageLabelInt): Honor labelskip
	when possible.
	(virSecuritySELinuxSetSecurityFileLabel): Set labelskip, not
	norelabel, if labeling fails.
	(virSecuritySELinuxSetFileconHelper): Fix indentation.
	* docs/formatdomain.html.in (seclabel): Document new xml.
	* docs/schemas/domaincommon.rng (devSeclabel): Allow it in RNG.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.xml:
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*-labelskip.args:
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-seclabel-*-labelskip.xml:
	New test files.
	* tests/qemuxml2argvtest.c (mymain): Run the new tests.
	* tests/qemuxml2xmltest.c (mymain): Likewise.

2013-08-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't leak list of volumes when undefining domain with storage
	Use the new semantics of vshStringToArray to avoid leaking the array of
	volumes to be deleted. The array would be leaked in case the first
	volume was found in the domain definition. Also refactor the code a bit
	to sanitize naming of variables hoding arrays and dimensions of the
	arrays.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050

2013-08-20  Peter Krempa  <pkrempa@redhat.com>

	virsh-pool: Improve error message in cmdPoolList
	Explicitly let the user know about the unknown pool type.

2013-08-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: modify vshStringToArray to duplicate the elements too
	At a slightly larger memory expense allow stealing of items from the
	string array returned from vshStringToArray and turn the result into a
	string list compatible with virStringSplit. This will allow to use the
	common dealloc function.

	This patch also fixes a few forgotten checks of return from
	vshStringToArray and one memory leak.

2013-08-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCommandLine: Fall back to mem balloon if there's no hard_limit
	If there's no hard_limit set and domain uses VFIO we still must lock the
	guest memory (prerequisite from qemu). Hence, we should compute the
	amount to be locked from max_balloon.

	qemuSetupMemoryCgroup: Handle hard_limit properly
	Since 16bcb3 we have a regression. The hard_limit is set
	unconditionally. By default the limit is zero. Hence, if user hasn't
	configured any, we set the zero in cgroup subsystem making the kernel
	kill the corresponding qemu process immediately. The proper fix is to
	set hard_limit iff user has configured any.

	docs: Clean 09adfdc62de2b up

2013-08-20  Eric Blake  <eblake@redhat.com>

	virt-pki-validate: add --help/--version option
	Another program gains --help/--version :)

	* tools/virt-pki-validate.in: Add option parsing.  Update
	documentation to match.
	* tools/Makefile.am (virt-pki-validate): Substitute version.

2013-08-20  Eric Blake  <eblake@redhat.com>

	virt-xml-validate: add missing schemas
	We were failing to autoprobe which schema to use for several
	top-level XML elements.

	* tools/virt-xml-validate.in (TYPE): Recognize <domainsnapshot>,
	<filter>, and <secret>.

2013-08-20  Eric Blake  <eblake@redhat.com>

	virt-xml-validate: add --help/--version option
	All good tools should have --help and --version output :)

	Furthermore, we want to ensure a failed exit if xmllint fails,
	or even for 'virt-xml-validate > /dev/full'.

	* tools/virt-xml-validate.in: Add option parsing.  Output errors
	to stderr.  Update documentation to match.
	* tools/Makefile.am (virt-xml-validate): Substitute version.

2013-08-19  Jim Fehlig  <jfehlig@suse.com>

	libxl: implement NUMA capabilities reporting
	From: Dario Faggioli <dario.faggioli@citrix.com>

	Starting from Xen 4.2, libxl has all the bits and pieces in place
	for retrieving an adequate amount of information about the host
	NUMA topology. It is therefore possible, after a bit of shuffling,
	to arrange those information in the way libvirt wants to present
	them to the outside world.

	Therefore, with this patch, the <topology> section of the host
	capabilities is properly populated, when running on Xen, so that
	we can figure out whether or not we're running on a NUMA host,
	and what its characteristics are.

	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// capabilities
	<capabilities>
	  <host>
	    <cpu>
	    ....
	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>6291456</memory>
	          <cpus num='8'>
	            <cpu id='0' socket_id='1' core_id='0' siblings='0-1'/>
	            <cpu id='1' socket_id='1' core_id='0' siblings='0-1'/>
	            <cpu id='2' socket_id='1' core_id='1' siblings='2-3'/>
	            <cpu id='3' socket_id='1' core_id='1' siblings='2-3'/>
	            <cpu id='4' socket_id='1' core_id='9' siblings='4-5'/>
	            <cpu id='5' socket_id='1' core_id='9' siblings='4-5'/>
	            <cpu id='6' socket_id='1' core_id='10' siblings='6-7'/>
	            <cpu id='7' socket_id='1' core_id='10' siblings='6-7'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <memory unit='KiB'>6881280</memory>
	          <cpus num='8'>
	            <cpu id='8' socket_id='0' core_id='0' siblings='8-9'/>
	            <cpu id='9' socket_id='0' core_id='0' siblings='8-9'/>
	            <cpu id='10' socket_id='0' core_id='1' siblings='10-11'/>
	            <cpu id='11' socket_id='0' core_id='1' siblings='10-11'/>
	            <cpu id='12' socket_id='0' core_id='9' siblings='12-13'/>
	            <cpu id='13' socket_id='0' core_id='9' siblings='12-13'/>
	            <cpu id='14' socket_id='0' core_id='10' siblings='14-15'/>
	            <cpu id='15' socket_id='0' core_id='10' siblings='14-15'/>
	          </cpus>
	        </cell>
	      </cells>
	    </topology>
	  </host>
	  ....

2013-08-19  Peter Krempa  <pkrempa@redhat.com>

	nwfilter: Don't fail to start if DBus isn't available
	When the daemon is compiled with firewalld support but the DBus message
	bus isn't started in the system, the initialization of the nwfilter
	driver fails even if there are fallback options.

2013-08-19  Peter Krempa  <pkrempa@redhat.com>

	virsystemd: Don't fail to start VM if DBus isn't available or compiled in
	On hosts that don't have the DBus service running or installed the new
	systemd cgroups code failed with hard error instead of falling back to
	"manual" cgroup creation.

	Use the new helper to check for the system bus and use the fallback code
	in case it isn't available.

2013-08-19  Peter Krempa  <pkrempa@redhat.com>

	virdbus: Add virDBusHasSystemBus()
	Some systems may not use DBus in their system. Add a method to check if
	the system bus is available that doesn't print error messages so that
	code can later check for this condition and use an alternative approach.

	virbitmaptest: Shut coverity up in case of broken test
	Coverity reported a memleak in the test added in 7efd5fd1b02. In case
	the code will be broken and the code will actually parse a faulty bitmap
	the resulting pointer would be leaked. Free it although that shouldn't
	ever happen.

2013-08-19  David Weber  <wb@munzinger.de>

	Make max_clients in virtlockd configurable
	Each new VM requires a new connection from libvirtd to virtlockd.
	The default max clients limit in virtlockd of 20 is thus woefully
	insufficient. virtlockd sockets are only accessible to matching
	users, so there is no security need for such a tight limit. Make
	it configurable and default to 1024.

2013-08-19  Michal Privoznik  <mprivozn@redhat.com>

	docs: Discourage users to set hard_limit
	In one of my previous patches I am removing the hard_limit heuristic to
	guess the correct value if none set. However, it turned out, this limit
	is hard to guess even for users. We should advise them to not set the
	limit as their domains may be OOM killed. Sigh.

	qemu: Drop qemuDomainMemoryLimit
	This function is to guess the correct limit for maximal memory
	usage by qemu for given domain. This can never be guessed
	correctly, not to mention all the pains and sleepless nights this
	code has caused. Once somebody discovers algorithm to solve the
	Halting Problem, we can compute the limit algorithmically. But
	till then, this code should never see the light of the release
	again.

2013-08-19  Osier Yang  <jyang@redhat.com>

	storage: Update pool metadata after adding/removing/resizing volume
	One has to refresh the pool to get the correct pool info after
	adding/removing/resizing a volume, this updates the pool metadata
	(allocation, available) after those operation are done.

2013-08-17  Cole Robinson  <crobinso@redhat.com>

	tools: Make sure to distribute conf_DATA, fix RPM build

	snapshot_conf: Allow parsing an XML node
	Similar to how other objects arrange their parse APIs. This will be
	used by the test driver.

	test: Unify object XML parsing
	Right now things are split a bit between parsing from a relative file
	path or parsing from inline XML. Unify it. This will simplify upcoming
	bits.

	test: Simplify args passed to testDomainStartState
	Passing virConnectPtr is redundant, just pass testConnPtr and simplify
	certain callers.

	test: Split object parsing into their own functions
	The function that parses custom driver XML was getting pretty unruly,
	split the object parsing into their own functions. Rename some variables
	to be consistent across each function. This should be functionally
	identical.

2013-08-16  Don Dugger  <n0ano@n0ano.com>

	Add flag to BaselineCPU API to return detailed CPU features
	Currently the virConnectBaselineCPU API does not expose the CPU features
	that are part of the CPU's model.  This patch adds a new flag,
	VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, that causes the API to explicitly
	list all features that are part of that model.

2013-08-16  Eric Blake  <eblake@redhat.com>

	maint: slightly reduce configure size
	Rather than inlining gl_WARN_ADD loads of time, we can shave about
	17k size off of the configure script by delaying it to a cleanup
	shell loop.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Track a
	list of things to check, rather than inlining multiple checks.

2013-08-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: refactor capabilities code
	Cleanup the libxl capabilities code to be a bit more extensible,
	splitting out the creation of host and guest capabilities.  This
	should make it easier to implement additional capabilities in the
	future, such as NUMA topology reporting.

2013-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Update polkit examples to use 'lookup' method
	Feedback from the polkit developers indicates that the
	"_detail_XXXX" attributes are a private implementation
	detail. Our examples should be recommending use of the
	"action.lookup('XXX')" method instead.

2013-08-16  Peter Krempa  <pkrempa@redhat.com>

	virbitmaptest: Add test for out of bounds condition
	Previous patch fixed an issue where, when parsing a bitmap from the
	string, the bounds of the bitmap weren't checked. That flaw resulted into
	crashes. This test tests that case to avoid it in the future.

	virbitmaptest: Fix function header formatting

2013-08-16  Peter Krempa  <pkrempa@redhat.com>

	virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array
	The virBitmapParse function was calling virBitmapIsSet() function that
	requires the caller to check the bounds of the bitmap without checking
	them. This resulted into crashes when parsing a bitmap string that was
	exceeding the bounds used as argument.

	This patch refactors the function to use virBitmapSetBit without
	checking if the bit is set (this function does the checks internally)
	and then counts the bits in the bitmap afterwards (instead of keeping
	track while parsing the string).

	This patch also changes the "parse_error" label to a more common
	"error".

	The refactor should also get rid of the need to call sa_assert on the
	returned variable as the callpath should allow coverity to infer the
	possible return values.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367

	Thanks to Alex Jia for tracking down the issue. This issue is introduced
	by commit 0fc8909.

2013-08-16  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Fix memleak in cmdCPUBaseline
	https://bugzilla.redhat.com/show_bug.cgi?id=997765

	==1349431== 8 bytes in 1 blocks are definitely lost in loss record 11 of 760
	==1349431==    at 0x4C2A554: calloc (vg_replace_malloc.c:593)
	==1349431==    by 0x4E9AA3E: virAllocN (in /usr/lib64/libvirt.so.0.1001.1)
	==1349431==    by 0x4EF28C4: virXPathNodeSet (in /usr/lib64/libvirt.so.0.1001.1)
	==1349431==    by 0x130B83: cmdCPUBaseline (in /usr/bin/virsh)
	==1349431==    by 0x12C608: vshCommandRun (in /usr/bin/virsh)
	==1349431==    by 0x12889A: main (in /usr/bin/virsh)

2013-08-16  Eric Blake  <eblake@redhat.com>

	maint: update gnulib submodule
	Gnulib recently patched gcc warning detection so that it does
	not treat things like -Wno-unused-command-line-argument as
	supported in gcc (treating it as supported merely resulted in
	extra verbosity when an actual compile error occurred).  It
	has also improved bootstrap to work with less hassle on OpenBSD.

	* .gnulib: Update to latest, in part for bootstrap and warnings
	improvements.
	* bootstrap: Resync from gnulib.

2013-08-16  Eric Blake  <eblake@redhat.com>

	maint: avoid bootstrap warning
	I noticed that in a fresh checkout, autogen.sh generated the
	following output, but continued on with execution:

	autoreconf: running: automake --add-missing --copy --force-missing
	gnulib/tests/Makefile.am:28: TESTS was already defined in condition TRUE, which includes condition WITH_EXPENSIVE_TESTS ...
	gnulib/tests/gnulib.mk:28: ... `TESTS' previously defined here
	gnulib/tests/Makefile.am:19:   `gnulib/tests/gnulib.mk' included from here

	and after the run, line 28 of gnulib.mk lists GNULIB_TESTS, not TESTS.
	After more investigation, I found that it is because gnulib bootstrap
	provides two hooks, one before automake, and the other after; we used
	the one that ran after, and were then rerunning automake ourselves;
	and the warning was from the first run.  But a manual second run is
	pointless if we use the right hook in the first place.

	The wrong function name has been latent since commit 38c9440, and we
	tried to work around it in commit 6cbab7c, but it took commit 70363ea
	to finally change output enough for me to realize the root cause.

	* bootstrap.conf (bootstrap_epilogue): Rename...
	(bootstrap_post_import_hook): ...so that it gets run before automake.

2013-08-16  Eric Blake  <eblake@redhat.com>

	maint: fix typo for 'switch'
	* src/util/virnetdevvportprofile.c: Fix typo.
	* src/conf/domain_conf.c: Likewise.

2013-08-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: unref DomainObjPrivate on error path
	There is a potential leak of a newly created libxlDomainObjPrivate
	when subsequent allocation of the object's chrdev field fails.
	Unref the object on such an error so that it is properly disposed.

2013-08-15  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Fix memleak in cmdUndefine with storage
	When undefining a domain with storage when the volume isn't managed by
	libvirt the name and path strings weren't freed properly.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=996050

2013-08-15  Ján Tomko  <jtomko@redhat.com>

	Fix qemuProcessReadLog with non-zero offset
	This restores the error message when QMP probing is not used.

	https://bugzilla.redhat.com/show_bug.cgi?id=991334

2013-08-15  Xuesong Zhang  <xuzhang@redhat.com>

	docs: fix usb node device sub-element names

2013-08-15  Jim Fehlig  <jfehlig@suse.com>

	libxl: remove unnecessary curly braces
	As per HACKING, remove some unneeded curly braces in the
	libxl driver.

2013-08-14  Giuseppe Scrivano  <gscrivan@redhat.com>

	examples: support crash events in event-test.py
	commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d adds the support for
	crash events.

	Solves: https://bugzilla.redhat.com/show_bug.cgi?id=994317

2013-08-14  Peter Krempa  <pkrempa@redhat.com>

	virtio-rng: Remove double space in error message

2013-08-14  Laine Stump  <laine@laine.org>

	network: permit upstream forwarding of unqualified DNS names
	This resolves the issue that prompted the filing of

	  https://bugzilla.redhat.com/show_bug.cgi?id=928638

	(although the request there is for something much larger and more
	general than this patch).

	commit f3868259ca0517212e439a65c9060868f673b6c9 disabled the
	forwarding to upstream DNS servers of unresolved DNS requests for
	names that had no domain, but were just simple host names (no "."
	character anywhere in the name). While this behavior is frowned upon
	by DNS root servers (that's why it was changed in libvirt), it is
	convenient in some cases, and since dnsmasq can be configured to allow
	it, it must not be strictly forbidden.

	This patch restores the old behavior, but since it is usually
	undesirable, restoring it requires specification of a new option in
	the network config. Adding the attribute "forwardPlainNames='yes'" to
	the <dns> elemnt does the trick - when that attribute is added to a
	network config, any simple hostnames that can't be resolved by the
	network's dnsmasq instance will be forwarded to the DNS servers listed
	in the host's /etc/resolv.conf for an attempt at resolution (just as
	any FQDN would be forwarded).

	When that attribute *isn't* specified, unresolved simple names will
	*not* be forwarded to the upstream DNS server - this is the default
	behavior.

2013-08-14  Ruben Kerkhof  <ruben@rubenkerkhof.com>

	virt-login-shell: improve error message grammar
	and wrap some long lines

2013-08-13  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Add Power7+ and Power8 CPU definition in map.xml
	Power7+ and Power8 are supported in QEMU, so it needs to define CPUs
	in libvirt to support them.

2013-08-13  Philipp Hahn  <hahn@univention.de>

	doc: storage pool permission copy-paste fix
	The description for <permissions> was copied from the storage volume
	section to the storage pool section, but the semantics are different:
	1. Currently only the "dir", "fs" and "netfs" storage pools use it.
	2. They use it only to build the final directory.
	3. A default for the storage volumes can't be set.

2013-08-13  Guido Günther  <agx@sigxcpu.org>

	Directly link against needed libraries
	The Linux build revealed another missing direct link target, this time
	against selinux libs:

	    http://honk.sigxcpu.org:8001/view/libvirt/job/libvirt-build-debian-sid-amd64/9/console

2013-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that /dev exists in the container root filesystem
	If booting a container with a root FS that isn't the host's
	root, we must ensure that the /dev mount point exists.

2013-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Properly handle -h / -V for --help/--version aliases in virtlockd/libvirtd
	The virtlockd/libvirtd daemons had listed '?' as the short option
	for --help. getopt_long uses '?' for any unknown option. We want
	to be able to distinguish unknown options (which use EXIT_FAILURE)
	from correct usage of help (which should use EXIT_SUCCESS). Thus
	we should use 'h' as a short option for --help. Also add this to
	the man page docs

	The virtlockd/libvirtd daemons did not list any short option
	for the --version arg. Add -V as a valid short option, since
	-v is already used for --verbose.

2013-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Address missed feedback from review of virt-login-shell
	Address a number of code, style and docs issues identified
	in review of virt-login-shell after it was merged.

	Honour root prefix in lxcContainerMountFSBlockAuto
	The lxcContainerMountFSBlockAuto method can be used to mount the
	initial root filesystem, so it cannot assume a prefix of /.oldroot.

2013-08-13  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Flip logic in cmdSetvcpus
	To avoid having to assign a failure code to the returned variable switch
	this function to negative logic. This will fix issue with invalid number
	of cpus returning success return code.

	https://bugzilla.redhat.com/show_bug.cgi?id=996466

2013-08-13  Eric Blake  <eblake@redhat.com>

	docs: mention VIR_TEST_RANGE
	Commit ab92ae333 added a cool feature, but didn't document it.

	* docs/hacking.html.in: Document debugging a subset of tests.
	* HACKING: Regenerate.

2013-08-13  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix parallel runs of TLS test suites
	I noticed this yesterday and fixed it in a different way, but ended up
	with one more problem.  It was probably the way I fixed it combined
	with one more filename changed.

	Anyway, why I'm saying this is that one more filename should be renamed
	in order to avoid a race (which I was unable to reproduce, though).

	I checked this is the last file those two tests have in common by going
	through the code and the re-checked by this "script":

	strace -o session.trace -e open ./virnettlssessiontest
	strace -o context.trace -e open ./virnettlscontexttest
	sort \
	 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' context.trace | sort -u)\
	 <(sed -n '/^open/s/open("\([^"]*\)",.*$/\1/p' session.trace | sort -u)\
	 | uniq -d| grep '.pem$'

	So it should be enough to make these tests independent of each other.

2013-08-13  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	cgroup macros refactoring, part 5
	Complete the refactoring by adding missing stubs so it compiles on
	platform without cgroup support.

	cgroup macros refactoring, part 4
	Complete moving to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 3
	Continue converting to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 2
	- Convert virCgroupGet* to VIR_CGROUP_SUPPORTED
	- Convert virCgroup(Get|Set)FreezerState to VIR_CGROUP_SUPPORTED

	cgroup macros refactoring, part 1
	- Introduce VIR_CGROUP_SUPPORTED conditional
	- Convert virCgroupKill* to use it
	- Convert virCgroupIsolateMount() to use it
	- Convert virCgroupRemoveRecursively to VIR_CGROUP_SUPPORTED

2013-08-13  Eric Blake  <eblake@redhat.com>

	cgroup: functional sort
	Make future patches smaller by matching a sane header listing in
	the first place.  No semantic change.

	* src/util/vircgroup.h: Move free next to new, and controller
	functions next to each other.
	* src/util/vircgroup.c (virCgroupFree, virCgroupHasController)
	(virCgroupPathOfController, virCgroupRemoveRecursively)
	(virCgroupRemove): Sort implementation to be closer to header.

2013-08-12  Eric Blake  <eblake@redhat.com>

	cgroup: topological sort
	Avoid a forward declaration of a static function.

	* src/util/vircgroup.c (virCgroupPartitionNeedsEscaping)
	(virCgroupParticionEscape): Move up.

2013-08-12  Eric Blake  <eblake@redhat.com>

	cgroup: use consistent formatting
	Format all functions with two blank lines between, and return type
	on separate line from function name.  Also break some lines longer
	than 80 columns.  This makes the subsequent macro refactoring
	less noisy.

	* src/util/vircgroup.c: Match prevailing style.

2013-08-12  Guido Günther  <agx@sigxcpu.org>

	Directly link against needed libraries
	otherwise having a strict --no-copy-dt-needed-entries fails in several
	places like:

	    CCLD     virdbustest
	    /usr/bin/ld: virdbustest-virdbustest.o: undefined reference to symbol 'dbus_message_unref'
	    /lib/x86_64-linux-gnu/libdbus-1.so.3: error adding symbols: DSO missing from command line
	    collect2: error: ld returned 1 exit status

2013-08-12  Guido Günther  <agx@sigxcpu.org>

	Add missing ATTRIBUTE_UNUSED
	to fix the kFreeBSD build.

	The network parameter is unused in networkCheckRouteCollision:

	    http://honk.sigxcpu.org:8001/job/libvirt-build-debian-jessie-kfreebsd64/

2013-08-12  Guido Günther  <agx@sigxcpu.org>

	Don't crash in qemuBuildDeviceAddressStr
	qemuDomainAttachVirtioDiskDevice passes NULL as domainDef which is later
	referenced in qemuDomainAttachVirtioDiskDevice:

	 Program terminated with signal 11, Segmentation fault.
	 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869
	 2869            for (i = 0; i < domainDef->ncontrollers; i++) {
	 (gdb) bt
	 #0  qemuBuildDeviceAddressStr (buf=buf@entry=0xb646de78, info=info@entry=0xb0a02360, qemuCaps=qemuCaps@entry=0xb8fdfdc8,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>,
	     domainDef=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at qemu/qemu_command.c:2869
	 #1  0xb18ad6f8 in qemuBuildDriveDevStr (def=def@entry=0x0, disk=disk@entry=0xb0a02288, bootindex=bootindex@entry=0, qemuCaps=0xb8fdfdc8)
	     at qemu/qemu_command.c:4316
	 #2  0xb18d097f in qemuDomainAttachVirtioDiskDevice (conn=conn@entry=0xb90129a8, driver=driver@entry=0xb8fe29b8, vm=vm@entry=0xb8fe0c40,
	     disk=disk@entry=0xb0a02288) at qemu/qemu_hotplug.c:278
	 #3  0xb193f7ba in qemuDomainAttachDeviceDiskLive (dev=0xb0a35308, vm=0xb8fe0c40, driver=0xb8fe29b8, conn=0xb90129a8) at qemu/qemu_driver.c:6356
	 #4  qemuDomainAttachDeviceLive (dev=0xb0a35308, vm=0xb8fe0c40, dom=<optimized out>) at qemu/qemu_driver.c:6418
	 #5  qemuDomainAttachDeviceFlags (dom=dom@entry=0xb0a020b8,
	     xml=xml@entry=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n", flags=3103664568, flags@entry=1) at qemu/qemu_driver.c:7079
	 #6  0xb193f9cb in qemuDomainAttachDevice (dom=0xb0a020b8,
	     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at qemu/qemu_driver.c:7120
	 #7  0xb7244827 in virDomainAttachDevice (domain=domain@entry=0xb0a020b8,
	     xml=0xb90953f0 "<disk type='file' device='disk'>\n  <source file='/var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img'/>\n  <target dev='vdb' bus='virtio'/>\n</disk>\n") at libvirt.c:10912
	 #8  0xb7765ddb in remoteDispatchDomainAttachDevice (args=0xb9094ef0, rerr=0xb646e1f0, client=<optimized out>, server=<optimized out>,
	     msg=<optimized out>) at remote_dispatch.h:2296
	 #9  remoteDispatchDomainAttachDeviceHelper (server=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8, rerr=0xb646e1f0, args=0xb9094ef0, ret=0xb9094dc8)
	     at remote_dispatch.h:2274
	 #10 0xb72b1013 in virNetServerProgramDispatchCall (msg=0xb0a350b8, client=0xb0a00730, server=0xb8fba0e8, prog=0xb8fc21c8)
	     at rpc/virnetserverprogram.c:435
	 #11 virNetServerProgramDispatch (prog=0xb8fc21c8, server=server@entry=0xb8fba0e8, client=0xb0a00730, msg=0xb0a350b8) at rpc/virnetserverprogram.c:305
	 #12 0xb72aa167 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8fba0e8)
	     at rpc/virnetserver.c:165
	 #13 virNetServerHandleJob (jobOpaque=0xb0a0a850, opaque=0xb8fba0e8) at rpc/virnetserver.c:186
	 #14 0xb7189108 in virThreadPoolWorker (opaque=opaque@entry=0xb8fa3250) at util/virthreadpool.c:144
	 #15 0xb71885e5 in virThreadHelper (data=0xb8fa32a8) at util/virthreadpthread.c:161
	 #16 0xb70d6954 in start_thread (arg=0xb646eb70) at pthread_create.c:304
	 #17 0xb704e95e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

	This was found by libvirtt-tck:

	     http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/1311/console

2013-08-12  Eric Blake  <eblake@redhat.com>

	virsh: nicer abort of blockcopy
	I attempted 'virsh blockcopy $dom vda $path --wait --verbose', then
	hit Ctrl-C; I was a bit surprised to see this error message:

	Block Copy: [  3 %]error: failed to query job for disk vda

	when I had been expecting:

	Block Copy: [  3 %]
	Copy aborted

	* tools/virsh-domain.c (cmdBlockCopy): Print graceful exit message
	rather than error when ctrl-c interrupts job.

2013-08-12  Peter Krempa  <pkrempa@redhat.com>

	tests: Skip virsh-all test as expensive
	Don't run the blind test of all virsh commands always. It usualy just
	wastes time.

	qemuagenttest: Test timeout of agent commands
	If VIR_TEST_EXPENSIVE is enabled, test timeout of agent commands. This
	test takes 6 seconds to finish.

2013-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Document use of systemd socket activation
	Add to the docs/drvlxc.html.in documentation to describe how to
	configure systemd to auto-activate a container when a client
	connects to a socket

2013-08-12  Eric Blake  <eblake@redhat.com>

	tests: add helper to determine when to skip expensive tests
	The logic set up in previous patch for exposing VIR_TEST_EXPENSIVE
	to individual tests is as follows:

	make check VIR_TEST_EXPENSIVE=0   => getenv("VIR_TEST_EXPENSIVE") sees "0"
	make check VIR_TEST_EXPENSIVE=1   => getenv("VIR_TEST_EXPENSIVE") sees "1"
	make check                        => getenv("VIR_TEST_EXPENSIVE") sees
	either "0" or "1", based on configure options
	cd tests; ./FOOtest               => getenv("VIR_TEST_EXPENSIVE") sees
	whatever is in your environment (usually NULL, but possibly garbage)

	Merely checking if VIR_TEST_EXPENSIVE is set in the environment
	does the wrong thing; likewise, it is unsafe to assume the
	variable will always contain a valid number.

	As such, it helps to have helper functions, instead of making each
	expensive test repeat the probe of the environment.

	* tests/testutils.h (virTestGetExpensive): New prototype.
	* tests/testutils.c (virTestGetExpensive): Implement it.
	* tests/test-lib.sh (very_expensive_): Rename...
	(test_expensive): ...and tweak to use VIR_TEST_EXPENSIVE.

2013-08-12  Eric Blake  <eblake@redhat.com>

	build: add configure option to disable gnulib tests
	The gnulib testsuite is relatively stable - the only times it is
	likely to have a test change from pass to fail is on a gnulib
	submodule update or a major system change (such as moving from
	Fedora 18 to 19, or other large change to libc).  While it is an
	important test for end users on arbitrary machines (to make sure
	that the portability glue works for their machine), it mostly
	wastes time for development testing (as most developers aren't
	making any of the major changes that would cause gnulib tests
	to alter behavior).  Thus, it pays to make the tests optional
	at configure time, defaulting to off for development, on for
	tarballs, with autobuilders requesting it to be on.  It also
	helps to allow a make-time override, via VIR_TEST_EXPENSIVE=[01]
	(much the way automake sets up V=[01] for overriding the configure
	time default of how verbose to be).

	Automake has some pretty hard-coded magic with regards to the
	TESTS variable; I had quite a job figuring out how to keep
	'make distcheck' passing regardless of the configure option
	setting in use, while still disabling the tests at runtime
	when I did not configure them on and did not use the override
	variable.  Thankfully, we require GNU make, which lets me
	hide some information from Automake's magic handling of TESTS.

	* bootstrap.conf (bootstrap_epilogue): Munge gnulib test variable.
	* configure.ac (--enable-expensive-tests): Add new enable switch.
	(VIR_TEST_EXPENSIVE_DEFAULT, WITH_EXPENSIVE_TESTS): Set new
	witnesses.
	* gnulib/tests/Makefile.am (TESTS): Make tests conditional on
	configure settings and the VIR_TEST_EXPENSIVE variable.
	* tests/Makefile.am (TESTS_ENVIRONMENT): Expose VIR_TEST_EXPENSIVE
	to all tests.
	* autobuild.sh: Enable all tests during autobuilds.
	* libvirt.spec.in (%configure): Likewise.
	* mingw-libvirt.spec.in (%mingw_configure): Likewise.
	* docs/hacking.html.in: Document the option.
	* HACKING: Regenerate.

2013-08-12  Eric Blake  <eblake@redhat.com>

	build: avoid -lgcrypt with newer gnutls
	https://bugzilla.redhat.com/show_bug.cgi?id=951637

	Newer gnutls uses nettle, rather than gcrypt, which is a lot nicer
	regarding initialization.  Yet we were unconditionally initializing
	gcrypt even when gnutls wouldn't be using it, and having two crypto
	libraries linked into libvirt.so is pointless, but mostly harmless
	(it doesn't crash, but does interfere with certification efforts).

	There are three distinct version ranges to worry about when
	determining which crypto lib gnutls uses, per these gnutls mails:
	2.12: http://lists.gnu.org/archive/html/gnutls-devel/2011-03/msg00034.html
	3.0: http://lists.gnu.org/archive/html/gnutls-devel/2011-07/msg00035.html

	If pkg-config can prove version numbers and/or list the crypto
	library used for static linking, we have our proof; if not, it
	is safer (even if pointless) to continue to use gcrypt ourselves.

	* configure.ac (WITH_GNUTLS): Probe whether to add -lgcrypt, and
	define a witness WITH_GNUTLS_GCRYPT.
	* src/libvirt.c (virTLSMutexInit, virTLSMutexDestroy)
	(virTLSMutexLock, virTLSMutexUnlock, virTLSThreadImpl)
	(virGlobalInit): Honor the witness.
	* libvirt.spec.in (BuildRequires): Make gcrypt usage conditional,
	no longer needed in Fedora 19.

2013-08-12  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Test arbitrary command passthrough
	Exercise the arbitrary command passthrough API.

2013-08-12  Ján Tomko  <jtomko@redhat.com>

	Remove leftovers from hyperv spinlocks documentation
	Somehow I managed to leave this monstrosity in.
	Introduced by 800b51d.

2013-08-10  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix libvirtd segfault
	Commit d72ef888 introduced a bug in the libxl driver that will
	segfault libvirtd if libxl reports an error message, e.g. when
	attempting to initialize the driver on a non-Xen system.  I
	assumed it was valid to pass a NULL logger to libxl_ctx_alloc(),
	but that is not the case since any errors associated with the ctx
	that are emitted by libxl will dereference the logger and crash
	libvirtd.

	Errors associated with the libxl driver-wide ctx could be useful
	for debugging anyway, so create a 'libxl-driver.log' to capture
	these errors.

2013-08-09  Daniel P. Berrange  <dan@berrange.com>

	Fix typo in domain name in polkit acl example

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Make check for /dev/loop device names stricter to avoid /dev/loop-control
	Recentish (2011) kernels introduced a new device called /dev/loop-control,
	which causes libvirt's detection of loop devices to get confused
	since it only checks for a prefix of 'loop'. Also check that the
	next character is a digit

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for access control system
	This adds two new pages to the website, acl.html describing
	the general access control framework and permissions models,
	and aclpolkit.html describing the use of polkit as an
	access control driver.

	page.xsl is modified to support a new syntax

	  <div id="include" filename="somefile.htmlinc"/>

	which will cause the XSL transform to replace that <div>
	with the contents of 'somefile.htmlinc'. We use this in
	the acl.html.in file, to pull the table of permissions
	for each libvirt object. This table is autogenerated
	from the enums in src/access/viraccessperms.h by the
	genaclperms.pl script.

	newapi.xsl is modified so that the list of permissions
	checks shown against each API will link to the description
	of the permissions in acl.html

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Record the where the auto-generated data comes from
	The gendispatch.pl script puts comments at the top of files
	it creates, saying that it auto-generated them. Also include
	the name of the source data file which it reads when doing
	the auto-generation.

2013-08-09  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: fix node ranges in libxlNodeGetCellsFreeMemory()
	introduced by cs 4b9eec50fe2c23343 ("libxl: implement per
	NUMA node free memory reporting"). What was wrong was that
	libxl_get_numainfo() put in nr_nodes the actual number of
	host NUMA nodes, not the highest node ID (like libnuma's
	numa_max_node() does instead).

	While at it, turn the failure of libxl_get_numainfo() from
	a simple warning to a proper error, as requested during the
	review of another patch of the original series.

	Cc: Daniel P. Berrange <berrange@redhat.com>

2013-08-09  Eric Blake  <eblake@redhat.com>

	build: more workarounds for if_bridge.h
	This is a second attempt at fixing the problem first attempted
	in commit 2df8d99; basically undoing the fact that it was
	reverted in commit 43cee32f, plus fixing two more issues: the
	code in configure.ac has to EXACTLY match virnetdevbridge.c
	with regards to declaring in6 types before using if_bridge.h,
	and the fact that RHEL 5 has even more conflicts:

	In file included from util/virnetdevbridge.c:49:
	/usr/include/linux/in6.h:47: error: conflicting types for 'in6addr_any'
	/usr/include/netinet/in.h:206: error: previous declaration of 'in6addr_any' was here
	/usr/include/linux/in6.h:49: error: conflicting types for 'in6addr_loopback'
	/usr/include/netinet/in.h:207: error: previous declaration of 'in6addr_loopback' was here

	The rest of this commit message borrows from the original try
	of 2df8d99:

	A fresh checkout on a RHEL 6 machine with these packages:
	kernel-headers-2.6.32-405.el6.x86_64
	glibc-2.12-1.128.el6.x86_64
	failed to configure with this message:
	checking for linux/if_bridge.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

	Digging in config.log, we see that the problem is identical to
	what we fixed earlier in commit d12c2811:

	configure:98831: checking for linux/if_bridge.h
	configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
	In file included from /usr/include/linux/if_bridge.h:17,
	                 from conftest.c:559:
	/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
	/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
	/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
	configure:98860: $? = 1

	I had not hit it earlier because I was using incremental builds,
	where config.cache had shielded me from the kernel-headers breakage.

	* configure.ac (if_bridge.h): Avoid conflicting type definitions.
	* src/util/virnetdevbridge.c (includes): Also sanitize for RHEL 5.

2013-08-09  Eric Blake  <eblake@redhat.com>

	tests: test negative number through dbus
	Commit f1088c8 weakened a test, by not passing a value larger
	than INT_MAX through an int slot.  Make the fix in a different
	way, using an explicit negative value.  Suggested by Dan Berrange.

	* tests/virdbustest.c (testMessageArray): Adjust previous fix.
	(testMessageStruct): Use a negative number.

2013-08-09  Jim Fehlig  <jfehlig@suse.com>

	libxl: Create per-domain log file
	Currently, only one log file is created by the libxl driver, with
	all output from libxl for all domains going to this one file.

	Create a per-domain log file based on domain name, making sifting
	through the logs a bit easier.  This required deferring libxl_ctx
	allocation until starting the domain, which is fine since the
	ctx is not used when the domain is inactive.

	    Tested-by: Dario Faggioli <dario.faggioli@citrix.com>

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add an example config file for virtlockd
	The virtlockd daemon supports an /etc/libvirt/virtlockd.conf
	config file, but we never installed a default config, nor
	created any augeas scripts. This change addresses that omission.

2013-08-09  Eric Blake  <eblake@redhat.com>

	tests: avoid too-large constants
	Compiling with gcc 4.1.2 (RHEL 5) on a 32-bit platform complains:

	virdbustest.c: In function 'testMessageSimple':
	virdbustest.c:61: warning: integer constant is too large for 'long' type
	virdbustest.c:62: warning: integer constant is too large for 'long' type
	virdbustest.c: In function 'testMessageArray':
	virdbustest.c:183: warning: this decimal constant is unsigned only in ISO C90
	virdbustest.c: In function 'testMessageStruct':
	virdbustest.c:239: warning: integer constant is too large for 'long' type
	virdbustest.c:240: warning: integer constant is too large for 'long' type

	* tests/virdbustest.c (testMessageSiple, testMessageArray)
	(testMessageStruct): Don't violate C89 constant constraints.

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix double-free and broken logic in virt-login-shell
	The virLoginShellAllowedUser method must not free the 'groups'
	parameter it is given, as that is owned by the caller.

	The virLoginShellAllowedUser method should be checking
	'!*ptr' (ie empty string) rather than '!ptr' (NULL string)
	since the latter cannot be true.

2013-08-09  John Ferlan  <jferlan@redhat.com>

	virnettlscontext: Resolve Coverity warnings (UNINIT)
	Coverity complained about the usage of the uninitialized cacerts in the
	event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
	fail the for loop used to fill in the certs will have indeterminate data
	as well as the possibility that both failures would result in the
	gnutls_x509_crt_deinit() call having a similar fate.

	Initializing cacerts only would resolve the issue; however, it still
	would leave the indeterminate action, so rather add a parameter to
	the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
	then overloading the returned count parameter. If the the call is never
	made, then we won't go through the for loops referencing the empty
	cacerts

2013-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add a man page for virtlockd daemon
	Create a virtlockd.pod.in file containing the man page
	content for virtlockd.

	Fix parallel runs of TLS test suites
	Use a separate keyfile name for the two TLS test suites so that
	they don't clash when running tests in parallel

2013-08-09  Alex Jia  <ajia@redhat.com>

	remote: Fix a segfault in remoteDomainCreateWithFlags
	Valgrind defects memory error:

	==16759== 1 errors in context 1 of 8:
	==16759== Invalid free() / delete / delete[] / realloc()
	==16759==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
	==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
	==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
	==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
	==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
	==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
	==16759==    by 0x126FFB: main (virsh.c:3205)
	==16759==  Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd

	==16759== 1 errors in context 2 of 8:
	==16759== Conditional jump or move depends on uninitialised value(s)
	==16759==    at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
	==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
	==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
	==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
	==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
	==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
	==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
	==16759==    by 0x126FFB: main (virsh.c:3205)
	==16759==  Uninitialised value was created by a stack allocation
	==16759==    at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)

	How to reproduce?

	# virsh start <domain> --paused

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855

2013-08-09  Eric Blake  <eblake@redhat.com>

	tests: work with older dbus
	On RHEL 5, with dbus 1.1.2, compilation failed with:

	virsystemdmock.c: In function 'dbus_connection_send_with_reply_and_block':
	virsystemdmock.c:68: warning: implicit declaration of function 'dbus_message_set_serial'

	Fix this by instead bypassing all attempts to use a dbus serial.

	* tests/virsystemdmock.c (dbus_message_set_reply_serial): Add new
	override.
	(dbus_connection_send_with_reply_and_block): No longer bother with
	the serial.

2013-08-08  Jim Fehlig  <jfehlig@suse.com>

	build: fix compilation of virt-login-shell.c
	virt-login-shell.c was failing to compile with

	CC       virt_login_shell-virt-login-shell.o
	virt-login-shell.c: In function 'main':
	virt-login-shell.c:205:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration]
	virt-login-shell.c:205:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs]
	virt-login-shell.c:205:20: error: 'LC_ALL' undeclared (first use in this function)

2013-08-08  Giuseppe Scrivano  <gscrivan@redhat.com>

	configure: fix formatting of missing pkg-config modules error
	It adds an empty space after the package version.  Previously the error
	message looked like:

	"You must install the dbus-1 >= 1.0.0pkg-config module to compile libvirt"

2013-08-08  Dan Walsh  <dwalsh@redhat.com>

	Introduce a virt-login-shell binary
	Add a virt-login-shell binary that can be set as a user's
	shell, such that when they login, it causes them to enter
	the LXC container with a name matching their user name.

	Ensure securityfs is mounted readonly in container
	If securityfs is available on the host, we should ensure to
	mount it read-only in the container. This will avoid systemd
	trying to mount it during startup causing SELinux AVCs.

2013-08-08  Eric Farman  <farman@linux.vnet.ibm.com>

	qemu: Allow hotplug of multiple SCSI devices
	Hotplugging a single SCSI device works, but adding additional ones
	result in an error from QEMU:

	[root@gpok197 ~]# virsh attach-device guest01 blah.xml
	Device attached successfully
	[root@gpok197 ~]# virsh attach-device guest01 blah2.xml
	error: Failed to attach device from blah2.xml
	error: internal error unable to execute QEMU command 'device_add': Duplicate ID 'hostdev0' for device

	The hostdev ID that is created is always set to zero, regardless
	of the contents of the XML.  Changing the index in the hotplug case
	to a negative one so the next available index is used.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Add info about access control checks into API reference
	So that app developers / admins know what access control checks
	are performed for each API, this patch extends the API docs
	generator to include details of the ACLs for each.

	The gendispatch.pl script is extended so that it generates
	a simple XML describing ACL rules, eg.

	  <aclinfo>
	    ...
	    <api name='virConnectNumOfDomains'>
	      <check object='connect' perm='search_domains'/>
	      <filter object='domain' perm='getattr'/>
	    </api>
	    <api name='virDomainAttachDeviceFlags'>
	      <check object='domain' perm='write'/>
	      <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
	      <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
	    </api>
	    ...
	  </aclinfo>

	The newapi.xsl template loads the XML files containing the ACL
	rules and generates a short block of HTML for each API describing
	the parameter checks and return value filters (if any).

2013-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix validation of CA certificate chains
	The code added to validate CA certificates did not take into
	account the possibility that the cacert.pem file can contain
	multiple (concatenated) cert data blocks. Extend the code for
	loading CA certs to use the gnutls APIs for loading cert lists.
	Add test cases to check that multi-level trees of certs will
	validate correctly.

	Change data passed into TLS test cases
	Currently a 'struct testTLSCertReq' instance is passed into
	the TLS test cases. This is not flexible enough to cope with
	certificate chains, where one file now corresponds to multiple
	certificates. Change the test cases so that we pass in filenames
	instead.

	Avoid re-generating certs every time
	Currently every test case in the TLS test suite generates the
	certs fresh. This is a waste of time, since its parameters
	don't change across test cases. Create certs once in main
	method.

	Split TLS test into two separate tests
	The virnettlscontexttest.c tests both virNetTLSContext
	and virNetTLSSession functionality. Split into two
	separate tests, to make the code size more manageable

2013-08-08  Eric Blake  <eblake@redhat.com>

	maint: avoid C99 loop declaration
	Commit 3d0e3c1 reintroduced a problem previously squelched in
	commit 7e5aa78.  Add a syntax check this time around.

	util/virutil.c: In function 'virGetGroupList':
	util/virutil.c:1015: error: 'for' loop initial declaration used outside C99 mode

	* cfg.mk (sc_prohibit_loop_var_decl): New rule.
	* src/util/virutil.c (virGetGroupList): Fix offender.

2013-08-07  Eric Blake  <eblake@redhat.com>

	maint: the compiler is not always named gcc
	https://bugzilla.redhat.com/show_bug.cgi?id=994589 complained that
	even when using a cross-compiler not named 'gcc', the configure
	output confusingly referred to gcc.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Use a
	more generic statement in configure output.

2013-08-07  Ján Tomko  <jtomko@redhat.com>

	Reverse logic allowing partial DHCP host XML
	Before, missing attributes were only OK when adding entries;
	modification and deletion required all of them.

	Now, only deletion works with missing attributes, as long as
	the host is uniquely identified.

2013-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Revert "build: fix configure detection of if_bridge.h on RHEL 6"
	This reverts commit 2df8d99138dc8396c7d46c3cceca8ce2e93b605a.

	The change breaks configure on any recent Fedora platform

2013-08-07  Guannan Ren  <gren@redhat.com>

	qemu: support to drop disk with 'optional' startupPolicy
	Go through disks of guest, if one disk doesn't exist or its backing
	chain is broken, with 'optional' startupPolicy, for CDROM and Floppy
	we only discard its source path definition in xml, for disks we drop
	it from disk list and free it.

	conf: add startupPolicy attribute for harddisk
	Add startupPolicy attribute for harddisk with type "file",
	"block" and "dir". 'requisite' is not supported currently for
	harddisk.

2013-08-07  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Use -m conntrack rather than -m state
	Since iptables version 1.4.16 '-m state --state NEW' is converted to
	'-m conntrack --ctstate NEW'. Therefore, when encountering this or later
	versions of iptables use '-m conntrack --ctstate'.

2013-08-06  Guido Günther  <agx@sigxcpu.org>

	virGetGroupList: always include the primary group
	The change from initgroups to virGetGroupList/setgroups in
	cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
	processes group list iff the passed in group to virGetGroupList differs
	from the user's primary group.

	So always include the primary group to bring back the old behaviour.

	Debian has the kvm group as primary group but uses
	libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
	without this change the /dev/kvm is inaccessible.

2013-08-06  Eric Blake  <eblake@redhat.com>

	build: fix configure detection of if_bridge.h on RHEL 6
	A fresh checkout on a RHEL 6 machine with these packages:
	kernel-headers-2.6.32-405.el6.x86_64
	glibc-2.12-1.128.el6.x86_64
	failed to configure with this message:
	checking for linux/if_bridge.h... no
	configure: error: You must install kernel-headers in order to compile libvirt with QEMU or LXC support

	Digging in config.log, we see that the problem is identical to
	what we fixed earlier in commit d12c2811:

	configure:98831: checking for linux/if_bridge.h
	configure:98853: gcc -std=gnu99 -c -g -O2  conftest.c >&5
	In file included from /usr/include/linux/if_bridge.h:17,
	                 from conftest.c:559:
	/usr/include/linux/in6.h:31: error: redefinition of 'struct in6_addr'
	/usr/include/linux/in6.h:48: error: redefinition of 'struct sockaddr_in6'
	/usr/include/linux/in6.h:56: error: redefinition of 'struct ipv6_mreq'
	configure:98860: $? = 1

	I had not hit it earlier because I was using incremental builds,
	where config.cache had shielded me from the kernel-headers breakage.

	* configure.ac (if_bridge.h): Avoid conflicting type definitions.

2013-08-06  Stefan Bader  <stefan.bader@canonical.com>

	xen: Use internal interfaces in xenDomainUsedCpus
	Since commit 95e18efd most public interfaces (xenUnified...) obtain
	a virDomainDefPtr via xenGetDomainDefFor...() which take the unified
	lock.
	This is already taken before calling xenDomainUsedCpus(), so we get
	a deadlock for active guests. Avoid this by splitting up
	xenUnifiedDomainGetVcpusFlags() and xenUnifiedDomainGetVcpus() into
	public and private function calls (which get the virDomainDefPtr passed)
	and use those in xenDomainUsedCpus().

	    xenDomainUsedCpus
	      ...
	      nb_vcpu = xenUnifiedDomainGetMaxVcpus(dom);
	        return xenUnifiedDomainGetVcpusFlags(...)
	          ...
	          if (!(def = xenGetDomainDefForDom(dom)))
	            return xenGetDomainDefForUUID(dom->conn, dom->uuid);
	              ...
	              ret = xenHypervisorLookupDomainByUUID(conn, uuid);
	                ...
	                xenUnifiedLock(priv);
	                name = xenStoreDomainGetName(conn, id);
	                xenUnifiedUnlock(priv);
	      ...
	      if ((ncpus = xenUnifiedDomainGetVcpus(dom, cpuinfo, nb_vcpu,
	        ...
	        if (!(def = xenGetDomainDefForDom(dom)))
	          [again like above]

2013-08-06  Laine Stump  <laine@laine.org>

	qemu: improve error reporting during PCI address validation
	This patch addresses two concerns with the error reporting when an
	incompatible PCI address is specified for a device:

	1) It wasn't always apparent which device had the problem. With this
	patch applied, any error about an incompatible address will always
	contain the full address as given in the config, so it will be easier
	to determine which device's config aused the problem.

	2) In some cases when the problem came from bad config, the error
	message was erroneously classified as VIR_ERR_INTERNAL_ERROR. With
	this patch applied, the same error message will be changed to indicate
	either "internal" or "xml" error depending on whether the address came
	from the config, or was automatically generated by libvirt.

	Note that in the case of "internal" (due to bad auto-generation)
	errors, the PCI address won't be of much use in finding the location
	in config to change (because it was automatically generated). Of
	course that makes perfect sense, but still the address could provide a
	clue about a bug in libvirt attempting to use a type of pci bus that
	doesn't have its flags set correctly (or something similar). In other
	words, it's not perfect, but it is definitely better.

2013-08-06  Laine Stump  <laine@laine.org>

	qemu: enable using implicit sata controller in q35 machines
	q35 machines have an implicit ahci (sata) controller at 00:1F.2 which
	has no "id" associated with it. For this reason, we can't refer to it
	as "ahci0". Instead, we don't give an id on the commandline, which
	qemu interprets as "use the first ahci controller". We then need to
	specify the unit with "unit=%d" rather than adding it onto the bus
	arg.

2013-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Don't error on tunelled migration with --copy-storage
	https://bugzilla.redhat.com/show_bug.cgi?id=979477

	Since 1.0.3 we are using the new way to copy non shared storage during
	migration (the NBD way). However, whether the new or old way is used is
	not controllable by user but unconditionally turned on if both sides of
	migration support it. Moreover, the implementation is not complete: the
	combination for VIR_MIGRATE_TUNNELLED flag is missing (as we need to
	open new port on the destination) in which case we just error out. This
	is a deadly combination: not letting users choose their destiny and
	erroring out. We should not do that but VIR_WARN and turn the NBD off
	instead.

2013-08-05  Laine Stump  <laine@laine.org>

	qemu: properly set/use device alias for pci controllers
	We had been setting the device alias in the devinceinfo for pci
	controllers to "pci%u", but then hardcoding "pci.%u" when creating the
	device address for other devices using that pci bus. This all worked
	just fine until we encountered the built-in "pcie.0" bus (the PCIe
	root complex) in Q35 machines.

	In order to create the correct commandline for this one case, this
	patch:

	1) sets the alias for PCI controllers correctly, to "pci.%u" (or
	"pcie.%u" for the pcie-root controller)

	2) eliminates the hardcoded "pci.%u" for pci controllers when
	generatuing device address strings, and instead uses the controller's
	alias.

	3) plumbs a pointer to the virDomainDef all the way down to
	qemuBuildDeviceAddressStr. This was necessary in order to make the
	aliase of the controller *used by a device* available (previously
	qemuBuildDeviceAddressStr only had the deviceinfo of the device
	itself, *not* of the controller it was connecting to). This made for a
	larger than desired diff, but at least in the future we won't have to
	do it again, since all the information we could possibly ever need for
	future enhancements is in the virDomainDef. (right?)

	This should be done for *all* controllers, but for now we just do it
	in the case of PCI controllers, to reduce the likelyhood of
	regression.

2013-08-05  Laine Stump  <laine@laine.org>

	qemu: fix handling of default/implicit devices for q35
	This patch adds in special handling for a few devices that need to be
	treated differently for q35 domains:

	usb - there is no implicit/default usb controller for the q35
	machinetype. This is done because normally the default usb controller
	is added to a domain by just adding "-usb" to the qemu commandline,
	and it's assumed that this will add a single piix3 usb1 controller at
	slot 1 function 2. That's not what happens when the machinetype is
	q35, though. Instead, adding -usb to the commandline adds 3 usb
	(version 2) controllers to the domain at slot 0x1D.{1,2,7}. Rather
	than having

	  <controller type='usb' index='0'/>

	translate into 3 separate devices on the PCI bus, it's cleaner to not
	automatically add a default usb device; one can always be added
	explicitly if desired. Or we may decide that on q35 machines, 3 usb
	controllers will be automatically added when none is given. But for
	this initial commit, at least we aren't locking ourselves into
	something we later won't want.

	video - qemu always initializes the primary video device immediately
	after any integrated devices for the machinetype. Unless instructed
	otherwise (by using "-device vga..." instead of "-vga" which libvirt
	uses in many cases to work around deficiencies and bugs in various
	qemu versions) qemu will always pick the first unused slot. In the
	case of the "pc" machinetype and its derivatives, this is always slot
	2, but on q35 machinetypes, the first free slot is slot 1 (since the
	q35's integrated peripheral devices are placed in other slots,
	e.g. slot 0x1f). In order to make the PCI address of the video device
	predictable, that slot (1 or 2, depending on machinetype) is reserved
	even when no video device has been specified.

	sata - a q35 machine always has a sata controller implicitly added at
	slot 0x1F, function 2. There is no way to avoid this controller, so we
	always add it. Note that the xml2xml tests for the pcie-root and q35
	cases were changed to use DO_TEST_DIFFERENT() so that we can check for
	the sata controller being automatically added. This is especially
	important because we can't check for it in the xml2argv output (it has
	no effect on that output since it's an implicit device).

	ide - q35 has no ide controllers.

	isa and smbus controllers - these two are always present in a q35 (at
	slot 0x1F functions 0 and 3) but we have no way of modelling them in
	our config. We do need to reserve those functions so that the user
	doesn't attempt to put anything else there though. (note that the "pc"
	machine type also has an ISA controller, which we also ignore).

2013-08-05  Laine Stump  <laine@laine.org>

	qemu: add dmi-to-pci-bridge controller
	This PCI controller, named "dmi-to-pci-bridge" in the libvirt config,
	and implemented with qemu's "i82801b11-bridge" device, connects to a
	PCI Express slot (e.g. one of the slots provided by the pcie-root
	controller, aka "pcie.0" on the qemu commandline), and provides 31
	*non-hot-pluggable* PCI (*not* PCIe) slots, numbered 1-31.

	Any time a machine is defined which has a pcie-root controller
	(i.e. any q35-based machinetype), libvirt will automatically add a
	dmi-to-pci-bridge controller if one doesn't exist, and also add a
	pci-bridge controller. The reasoning here is that any useful domain
	will have either an immediate (startup time) or eventual (subsequent
	hot-plug) need for a standard PCI slot; since the pcie-root controller
	only provides PCIe slots, we need to connect a dmi-to-pci-bridge
	controller to it in order to get a non-hot-plug PCI slot that we can
	then use to connect a pci-bridge - the slots provided by the
	pci-bridge will be both standard PCI and hot-pluggable.

	Since pci-bridge devices themselves can not be hot-plugged into a
	running system (although you can hot-plug other devices into a
	pci-bridge's slots), any new pci-bridge controller that is added can
	(and will) be plugged into the dmi-to-pci-bridge as long as it has
	empty slots available.

	This patch is also changing the qemuxml2xml-pcie test from a "DO_TEST"
	to a "DO_DIFFERENT_TEST". This is so that the "before" xml can omit
	the automatically added dmi-to-pci-bridge and pci-bridge devices, and
	the "after" xml can include it - this way we are testing if libvirt is
	properly adding these devices.

2013-08-05  Laine Stump  <laine@laine.org>

	qemu: add pcie-root controller
	This controller is implicit on q35 machinetypes. It provides 31 PCIe
	(*not* PCI) slots as controller 0.

	Currently there are no devices that can connect to pcie-root, and no
	implicit pci controller on a q35 machine, so q35 is still
	unusable. For a usable q35 system, we need to add a
	"dmi-to-pci-bridge" pci controller, which can connect to pcie-root,
	and provides standard pci slots that can be used to connect other
	devices.

2013-08-05  Laine Stump  <laine@laine.org>

	qemu: enable auto-allocate of all PCI addresses
	Previous refactoring of the guest PCI address reservation/allocation
	code allowed for slot types other than basic PCI (e.g. PCI express,
	non-hotpluggable slots, etc) but would not auto-allocate a slot for a
	device that required any type other than a basic hot-pluggable
	PCI slot.

	This patch refactors the code to be aware of different slot types
	during auto-allocation of addresses as well - as long as there is an
	empty slot of the required type, it will be found and used.

	The piece that *wasn't* added is that we don't auto-create a new PCI
	bus when needed for anything except basic PCI devices. This is because
	there are multiple different types of controllers that can provide,
	for example, a PCI express slot (in addition to the pcie-root
	controller, these can also be found on a "root-port" or on a
	"downstream-switch-port"). Since we currently don't support any PCIe
	devices (except pending support for dmi-to-pci-bridge), we can defer
	any decision on what to do about this.

2013-08-05  Laine Stump  <laine@laine.org>

	build: fix missing max_queued_clients in augeas test file for libvirtd.conf
	Broken in commit 1199edb1d4e3ebbc691bd32d3519a3b662225420

2013-08-05  Jim Fehlig  <jfehlig@suse.com>

	xen: fix memory corruption in legacy driver
	Commit 632180d1 introduced memory corruption in xenDaemonListDefinedDomains
	by starting to populate the names array at index -1, causing all sorts
	of havoc in libvirtd such as aborts like the following

	*** Error in `/usr/sbin/libvirtd': double free or corruption (out): 0x00007fffe00ccf20 ***
	======= Backtrace: =========
	/lib64/libc.so.6(+0x7abf6)[0x7ffff3fa0bf6]
	/lib64/libc.so.6(+0x7b973)[0x7ffff3fa1973]
	/lib64/libc.so.6(xdr_array+0xde)[0x7ffff403cbae]
	/usr/sbin/libvirtd(+0x50251)[0x5555555a4251]
	/lib64/libc.so.6(xdr_free+0x15)[0x7ffff403ccd5]
	/usr/lib64/libvirt.so.0(+0x1fad34)[0x7ffff76b1d34]
	/usr/lib64/libvirt.so.0(virNetServerProgramDispatch+0x1fc)[0x7ffff76b16f1]
	/usr/lib64/libvirt.so.0(+0x1f214a)[0x7ffff76a914a]
	/usr/lib64/libvirt.so.0(+0x1f222d)[0x7ffff76a922d]
	/usr/lib64/libvirt.so.0(+0xbcc4f)[0x7ffff7573c4f]
	/usr/lib64/libvirt.so.0(+0xbc5e5)[0x7ffff75735e5]
	/lib64/libpthread.so.0(+0x7e0f)[0x7ffff48f7e0f]
	/lib64/libc.so.6(clone+0x6d)[0x7ffff400e7dd]

	Fix by initializing ret to 0 and only setting to error on failure path.

2013-08-05  Michal Privoznik  <mprivozn@redhat.com>

	Introduce max_queued_clients
	This configuration knob lets user to set the length of queue of
	connection requests waiting to be accept()-ed by the daemon. IOW, it
	just controls the @backlog passed to listen:

	  int listen(int sockfd, int backlog);

2013-08-05  Michal Privoznik  <mprivozn@redhat.com>

	RPC: Don't accept client if it would overcommit max_clients
	Currently, even if max_client limit is hit, we accept() incoming
	connection request, but close it immediately. This has disadvantage of
	not using listen() queue. We should accept() only those clients we
	know we can serve and let all other wait in the (limited) queue.

2013-08-03  Laine Stump  <laine@laine.org>

	qemu: eliminate almost-duplicate code in qemu_command.c
	* The functions qemuDomainPCIAddressReserveAddr and
	qemuDomainPCIAddressReserveSlot were very similar (and should have
	been more similar) and were about to get more code added to them which
	would create even more duplicated code, so this patch gives
	qemuDomainPCIAddressReserveAddr a "reserveEntireSlot" arg, then
	replaces the body of qemuDomainPCIAddressReserveSlot with a call to
	qemuDomainPCIAddressReserveAddr.

	You will notice that addrs->lastaddr was previously set in
	qemuDomainPCIAddressReserveAddr (but *not* set in
	qemuDomainPCIAddressReserveSlot). For consistency and cleanliness of
	code, that bit was removed and put into the one caller of
	qemuDomainPCIAddressReserveAddr (there is a similar place where the
	caller of qemuDomainPCIAddressReserveSlot sets lastaddr). This does
	guarantee identical functionality to pre-patch code, but in practice
	isn't really critical, because lastaddr is just keeping track of where
	to start when looking for a free slot - if it isn't updated, we will
	just start looking on a slot that's already occupied, then skip up to
	one that isn't.

	* qemuCollectPCIAddress was essentially doing the same thing as
	qemuDomainPCIAddressReserveAddr, but with some extra special case
	checking at the beginning. The duplicate code has been replaced with
	a call to qemuDomainPCIAddressReserveAddr. This required adding a
	"fromConfig" boolean, which is only used to change the log error
	code from VIR_ERR_INTERNAL_ERROR (when the address was
	auto-generated by libvirt) to VIR_ERR_XML_ERROR (when the address is
	coming from the config); without this differentiation, it would be
	difficult to tell if an error was caused by something wrong in
	libvirt's auto-allocate code or just bad config.

	* the bit of code in qemuDomainPCIAddressValidate that checks the
	connect type flags is going to be used in a couple more places where
	we don't need to also check the slot limits (because we're generating
	the slot number ourselves), so that has been pulled out into a
	separate qemuDomainPCIAddressFlagsCompatible function.

2013-08-03  Laine Stump  <laine@laine.org>

	qemu: rename some functions in qemu_command.c
	* qemuDomainPCIAddressSetNextAddr

	The name of this function was confusing because 1) other functions in
	the file that end in "Addr" are only operating on a single function of
	one PCI slot, not the entire slot, while functions that do something
	with the entire slot end in "Slot", and 2) it didn't contain a verb
	describing what it is doing (the "Set" refers to the set that contains
	all PCI buses in the system, used to keep track of which slots in
	which buses are already reserved for use).

	It is now renamed to qemuDomainPCIAddressReserveNextSlot, which more
	clearly describes what it is doing. Arguably, it could have been
	changed to qemuDomainPCIAddressSetReserveNextSlot, but 1) the word
	"set" is confusing in this context because it could be intended as a
	verb or as a noun, and 2) most other functions that operate on a
	single slot or address within this set are also named
	qemuDomainPCIAddress... rather than qemuDomainPCIAddressSet... Only
	the Create, Free, and Grow functions for an address set (which modify the
	entire set, not just one element) use "Set" in their name.

	* qemuPCIAddressAsString, qemuPCIAddressValidate

	All the other functions in this set are named
	qemuDomainPCIAddressxxxxx, so I renamed these to be consistent.

2013-08-03  Laine Stump  <laine@laine.org>

	conf: add default USB controller in qemu post-parse callback
	The parser shouldn't be doing arch-specific things like adding in
	implicit controllers to the config. This should instead be done in the
	hypervisor's post-parse callback.

	This patch removes the auto-add of a usb controller from the domain
	parser, and puts it into the qemu driver's post-parse callback (just
	as is already done with the auto-add of the pci-root controller). In
	the future, any machine/arch that shouldn't have a default usb
	controller added should just set addDefaultUSB = false in this
	function.

	We've recently seen that q35 and ARMV7L domains shouldn't get a default USB
	controller, so I've set addDefaultUSB to false for both of those.

2013-08-02  Jiri Denemark  <jdenemar@redhat.com>

	spec: Explicitly claim ownership of channel subdir
	As both /var/lib/libvirt/qemu and /var/lib/libvirt/qemu/channel/target
	are owned by us, the intermediate /var/lib/libvirt/qemu/channel should
	be owned by us too.

2013-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix crashing upgrading from older libvirts with running guests
	If upgrading from a libvirt that is older than 1.0.5, we can
	not assume that vm->def->resource is non-NULL. This bogus
	assumption caused libvirtd to crash

	Avoid crash if NULL is passed for filename/funcname in logging
	The journald code would crash if a NULL was passed for the
	filename / funcname in the logging code. This shouldn't
	happen in general, but it is better to be safe, since there
	have been bugs triggering this.

	Ensure LXC/QEMU APIs set the filename for errors
	The virLibConnError macros in libvirt-lxc.c and
	libvirt-qemu.c were passing NULL for the filename.
	This causes a crash if the logging code is configured
	to use journald.

	Remove reference to python/tests from RPM %doc
	The python/tests files were recently deleted, but a reference was
	left in the RPM %doc entry

2013-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemumonitortestutils: Don't skip va_end() on error path
	When allocation of memory failed the error path didn't call va_end()
	causing a coverity failure.

	Reported by John Ferlan.

2013-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Check invalid response in shutdown test
	The shutdown test utilizes waiting for condition to exit the test. This
	addition will return an error for the shutdown command to see if the
	condition waiting code will not hang.

2013-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Fix checking of shutdown mode
	Coverity complained about unused variable that contains the shutdown
	mode. The original intention was to check it against the requested mode.

	Also the fixed check revealed a mistake in the expected shutdown mode.

	Reported by John Ferlan.

2013-08-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: extract platform specifics
	* Move platform specific things (e.g. firewalling and route
	  collision checks) into bridge_driver_platform
	* Create two platform specific implementations:
	    - bridge_driver_linux: Linux implementation using iptables,
	      it's actually the code moved from bridge_driver.c
	    - bridge_driver_nop: dumb implementation that does nothing

2013-08-01  John Ferlan  <jferlan@redhat.com>

	valgrind: Adjust filter for _dl_allocate_tls
	More tests are now using the path - adjust the filter to include any
	path from a test through pthread_create to _dl_allocate_tls

	tests: Coverity found new NULL_RETURNS
	Coverity reported the existing missing check of the return value and
	subsequent use from a call to virJSONValueFromString() in testJSONAddRemove().

2013-08-01  Jincheng Miao  <jmiao@redhat.com>

	build: fix qemuagenttest build with -O0 in fedora 19.
	When building libvirt with -O0 flag in fedora 19, it will fail to
	generate qemuagenttest, a link error occurs like:

	./.libs/libqemumonitortestutils.a(qemumonitortestutils.o): In function `qemuMonitorTestFree':
	libvirt/tests/qemumonitortestutils.c:346: undefined reference to `qemuMonitorClose'
	./.libs/libqemumonitortestutils.a(qemumonitortestutils.o): In function `qemuMonitorTestNew':
	libvirt/tests/qemumonitortestutils.c:870: undefined reference to `qemuMonitorOpen'
	collect2: error: ld returned 1 exit status

	Fix it by listing libraries in the correct order to avoid lazy linkage.

2013-08-01  Eric Blake  <eblake@redhat.com>

	maint: use modern autoconf idioms
	Autoconf 2.59 says that AC_OUTPUT with arguments is obsolete,
	and we are already using the replacement for some, but not all,
	of our output files.

	* configure.ac (AC_OUTPUT): Rewrite to use AC_CONFIG_FILES.

2013-08-01  Guannan Ren  <gren@redhat.com>

	qemu: check presence of each disk and its backing file as well
	For disk with startupPolicy support, such as cdrom and floppy
	when its chain is broken, the startup policy will apply,
	otherwise, report an error.

	qemu: add helper functions for diskchain checking
	*src/util/virstoragefile.c: Add a helper function to get
	the first name of missing backing files, if the name is NULL,
	it means the diskchain is not broken.
	*src/qemu/qemu_domain.c: qemuDiskChainCheckBroken(disk) to
	check if its chain is broken

	qemu: refactor qemuDomainCheckDiskPresence for only disk presence check
	Refactor this function to make it focus on disk presence checking,
	including diskchain checking, and not only for CDROM and Floppy.
	This change is good for the following patches.

2013-08-01  Mooli Tayer  <mtayer@redhat.com>

	Configuring systemd to restart libvirt on failure
	This will create a respawn behaviour in case libvirt
	process exits due to nonzero exit code, is terminated
	by a signal, an operation times out or the configured
	watchdog timeout is triggered.
	see http://www.freedesktop.org/software/systemd/man/systemd.service.html
	and https://bugzilla.redhat.com/show_bug.cgi?id=981974

2013-08-01  Stefan Bader  <stefan.bader@canonical.com>

	xen: Avoid double free of virDomainDef in xenDaemonCreateXML
	The virDomainDef is allocated by the caller and also used after
	calling to xenDaemonCreateXML. So it must not get freed by the
	callee.

2013-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Enable support for systemd-machined in cgroups creation
	Make the virCgroupNewMachine method try to use systemd-machined
	first. If that fails, then fallback to using the traditional
	cgroup setup code path.

	Cope with races while killing processes
	When systemd is involved in managing processes, it may start
	killing off & tearing down croups associated with the process
	while we're still doing virCgroupKillPainfully. We must
	explicitly check for ENOENT and treat it as if we had finished
	killing processes

2013-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Add support for systemd cgroup mount
	Systemd uses a named cgroup mount for tracking processes. Add
	it as another type of controller, albeit one which we have to
	special case in a number of places. In particular we must
	never create/delete directories there, nor add tasks. Essentially
	the systemd mount is to be considered read-only for libvirt.

	With this change both the virCgroupDetectPlacement and
	virCgroupCopyPlacement methods must be invoked. The copy
	placement method will copy setup for resource controllers
	only. The detect placement method will probe for any
	named controllers, or resource controllers not already
	setup.

2013-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for formatting systemd slice/scope names
	There are some interesting escaping rules to consider when dealing
	with systemd slice/scope names. Thus it is helpful to have APIs
	for formatting names

2013-07-31  Peter Krempa  <pkrempa@redhat.com>

	qemuagenttest: Add tests for CPU plug functions and helpers

	qemuagenttest: Introduce testing of shutdown commands
	This patch exports a few utility functions and adds testing of shutdown
	commands of the guest agent.

	qemuagenttest: Add testing of agent suspend modes

	qemuagenttest: Test the filesystem trimming

	tests: Add qemuagenttest
	Add a basic test framework with two simple tests to test guest agent
	interaction.

	qemumonitortestutils: Add the ability to check arguments of commands
	This patch adds helpers that allow to check for argument values in
	commands sent to the monitor.

	qemumonitortestutils: Improve error reporting from mock qemu monitor
	Use the JSON error messages to report errors back to the caller in
	addition to erroring out. The error reported from the event loop from
	the mock function of the monitor was later overwritten by the call to
	the monitor/agent interaction API. This will also allow testing of error
	reporting.

	qemumonitortestutils: Add instrumentation for guest agent testing
	Add helper functions to open guest agent connections and a handler for
	replying to the "guest-sync" command.

	qemumonitortestutils: Split lines on \n instead of \r\n
	The normal monitor uses windows line endings, where the agent monitor
	uses only newlines. Change this to tolerate both approaches and allow to
	use the utilities for guest agent tests.

	qemumonitortestutils: Refactor the test helpers to allow reuse
	Refactor the test helpers to allow adding callbacks to verify the
	monitor responses instead of simple command name checking and clean up
	various parts to prepare for adding guest agent tests.

	qemumonitortestutils: Split up creation of the test to allow reuse
	The instrumentation for the monitor test can be hacked for qemu agent
	testing. Split out the monitor specific stuff to allow using the code in
	guest agent tests in the future.

	qemumonitortestutils: Don't crash on non fully initialized test
	The qemumonitorjsontest crashed when one of the initialization steps
	done before starting the worker thread failed. This patch fixes this by
	trying to pthread_join() the thread only after it was created.

	qemumonitortestutils: remove multiline function calls

	qemumonitortestutils: Use VIR_DELETE_ELEMENT and VIR_APPEND_ELEMENT
	Simplify the code using the existing helpers instead of open coding the
	same functionality.

	qemumonitortestutils: Use consistent header style and line spacing

	qemu_agent: Remove obvious comments
	Most APIs in libvirt report errors, thus no need to state that
	explicitly.

	qemu_agent: Move updater function for VCPU hotplug into qemu_agent.c
	To allow testing of the cpu updater function, this function needs to be
	available separately. Export it from qemu_agent.c where it should
	belong.

	qemu_agent: Output newline at the end of the sync JSON message
	Although this isn't apparently needed for the guest agent itself, the
	test I will be adding later depends on the newline as a separator of
	messages to process.

	conf: Export virDomainChrSourceDefClear()

2013-07-31  Ján Tomko  <jtomko@redhat.com>

	Don't mark parentIndex with ATTRIBUTE_UNUSED
	parentIndex is used in virNetworkDefUpdateIPDHCPRange

2013-07-30  Bamvor Jian Zhang  <bjzhang@suse.com>

	add console support in libxl
	this patch introduce the console api in libxl driver for both pv and
	hvm guest.  and import and update the libxlMakeChrdevStr function
	which was deleted in commit dfa1e1dd.

2013-07-30  Dan Walsh  <dwalsh@redhat.com>

	util: add virGetUserDirectoryByUID
	This function is needed for virt-login-shell.  Also modify virGirUserDirectory
	to use the new function, to simplify the code.

2013-07-30  Eric Blake  <eblake@redhat.com>

	maint: fix typo for SENTINEL
	* src/openvz/openvz_driver.c: Use correct spelling.
	* src/vmware/vmware_conf.c: Likewise.
	* src/vmware/vmware_conf.h: Likewise.
	* src/vmware/vmware_driver.c: Likewise.

2013-07-30  Jiri Denemark  <jdenemar@redhat.com>

	spec: Don't mix commands with macro definitions
	%build section should first define all required macros and then run
	commands. Interleaving them makes it harder to spot what commands are
	run.

	spec: Use --enable-werror on RHEL
	As RHEL provides a stable tool chain, we don't have to worry about
	frequent changes in reported compiler warnings (which prevents us from
	enabling -Werror unconditionally).

	spec: RHEL-7 does not have sanlock on i686

2013-07-30  Peter Krempa  <pkrempa@redhat.com>

	spec: Disable libssh2 support for RHEL
	https://bugzilla.redhat.com/show_bug.cgi?id=905513

	Libssh2 isn't reliable enough to support the libvirt transport using it.
	The problems include mishandling of "known_hosts" files that may confuse
	users.

2013-07-30  Jiri Denemark  <jdenemar@redhat.com>

	tests: Put a mock library at the start of LD_PRELOAD
	This fixes vircgrouptest when run in a sandbox which already overrides
	open() and others.

2013-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Support apparmor in RPM spec
	If libapparmor-devel happens to be installed when building the
	RPM, it will failed due to unlisted virt-aa-helper in %files.
	Add support for apparmor in the spec, so that we can explicitly
	turn it on/off, defaulting to off in all distros. This causes
	--without-apparmor to be given to configure, preventing the
	build failures if the user happens to have libapparmor-devel
	present.

2013-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Delete obsolete / unused python test files
	The python/tests directory contains a number of so called
	"tests" for the python API. These are all hardcoded to
	look for Xen and cannot be run in any automated fashion,
	and no one is ever manually running them. Given that they
	don't meaningully contribute to the test coverage, delete
	them.

	For some reason these tests were also copied into the
	filesystem as part of 'make install'. The change to the
	RPM in commit 3347a4203278ec93d7b0ceb88b5ed10e4f14765c
	caused a build failure, since it removed the code which
	deleted these installed tests.

2013-07-30  Yuri Chornoivan  <yurchor@ukr.net>

	Fix minor typos in messages and docs

2013-07-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.1
	* configure.ac docs/news.html.in: update for the release
	* po/*.po*: update localizations and regenerate

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix shunloadtest breakage
	Commit 93ec384 was tested on mingw, but broke the build on Linux:

	  CCLD     shunloadtest
	shunloadtest.o: In function `main':
	/home/eblake/libvirt/tests/shunloadtest.c:106: undefined reference to `virFilePrintf'
	...
	ssh.o: In function `main':
	/home/eblake/libvirt/tests/ssh.c:43: undefined reference to `virFilePrintf'
	/home/eblake/libvirt/tests/ssh.c:49: undefined reference to `virFilePrintf'

	* tests/testutils.h (fprintf): Provide escape hatch.
	* tests/shunloadtest.c: Use it.
	* tests/ssh.c: Likewise.

2013-07-29  Eric Blake  <eblake@redhat.com>

	examples: fix mingw build vs. printf
	Mingw *printf is a moving target; newer mingw now provides a version
	of asprintf() that fails to understand %lld:

	  CC       event_test-event-test.o
	../../../../examples/domain-events/events-c/event-test.c: In function 'myDomainEventRTCChangeCallback':
	../../../../examples/domain-events/events-c/event-test.c:270:18: error: unknown conversion type character 'l' in format [-Werror=format=]
	                  virDomainGetID(dom), offset) < 0)
	                  ^

	But since our examples already admitted that they were hacking around
	a mingw deficiency, it is easier to just use printf() directly, coupled
	with <inttypes.h> macros, for a more portable work-around.

	* examples/domain-events/events-c/event-test.c
	(myDomainEventRTCChangeCallback): Use PRIdMAX instead of asprintf.

2013-07-29  Eric Blake  <eblake@redhat.com>

	tests: consistently use virFilePrintf
	Commit a2619962 introduced virFilePrintf to work around the fact
	that gnulib doesn't (yet) provide guarantees about fprintf() vs.
	%z, which in turn causes all sorts of mingw compilation errors:

	../../tests/testutils.c: In function 'virtTestResult':
	../../tests/testutils.c:101:9: error: unknown conversion type character 'z' in format [-Werror=format=]
	         fprintf(stderr, "%3zu) %-60s ", testCounter, name);
	         ^

	Rather than s/fprintf/virFilePrintf/ (and reformatting loads of
	lines) across multiple files, it's easier to just hack the entire
	testsuite to take advantage of our helper function.

	* tests/testutils.c: s/fprintf/virFilePrintf/ for mingw.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: skip systemd mock on non-Linux
	A cross-compile to mingw failed:

	  CC       virsystemdmock_la-virsystemdmock.lo
	../../tests/virsystemdmock.c:29:6: error: 'dbus_connection_set_change_sigpipe' redeclared without dllimport attribute: previous dllimport ignored [-Werror=attributes]
	 void dbus_connection_set_change_sigpipe(dbus_bool_t will_modify_sigpipe ATTRIBUTE_UNUSED)
	      ^

	But when you think about it, systemd is Linux-only, and even our
	use of LD_PRELOAD to provide mock syscalls is Linux-only.

	* tests/virsystemdmock.c: Avoid compilation outside Linux.

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Rename VIR_DOMAIN_PAUSED_GUEST_PANICKED to VIR_DOMAIN_PAUSED_CRASHED
	The VIR_DOMAIN_PAUSED_GUEST_PANICKED constant is badly named,
	leaking the QEMU event name. Elsewhere in the API we use
	'CRASHED' rather than 'PANICKED', and the addition of 'GUEST'
	is redundant since all events are guest related.

	Thus rename it to VIR_DOMAIN_PAUSED_CRASHED, which matches
	with VIR_DOMAIN_RUNNING_CRASHED and VIR_DOMAIN_EVENT_CRASHED.

	It was added in commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d
	which post-dates v1.1.0, so is safe to rename before 1.1.1

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove VIR_DOMAIN_SHUTDOWN_CRASHED from public API
	The VIR_DOMAIN_SHUTDOWN_CRASHED state constant does not appear
	to be used in the QEMU code anyway. It also doesn't make much
	(any) sense, since the 'shutdown' state is a transient state
	between 'running' and 'shutoff' and when a guest crashes, it
	does not end up in a 'shutdown' state, only 'shutoff'.

	It was added in commit 14e7e0ae8db9843aea80245a3d9e6cf5f2ef720d
	which post-dates v1.1.0, so is safe to remove before 1.1.1

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix dbus message reading code on big endian hosts
	The way we were casting small (<32bit) integers was broken
	on big endian hosts, causing stack smashing. This was detected
	in the test suite either by test failures due to incorrect
	results, or by libc/gcc abort'ing with its stack canary
	triggered.

2013-07-29  Jiri Denemark  <jdenemar@redhat.com>

	spec: Cat test-suite.log if make check fails
	Current automake enables parallel test by default, which means test
	details are only logged in test-suite.log and not printed to stderr.
	This patch makes test failures directly visible in RPM build logs even
	when parallel tests are turned on.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix another virdbus issue on mingw
	Depending on the set of mingw packages installed, it is possible
	that other .c files hit the mingw header pollution from the
	virdbus.h file.

	In file included from ../../src/rpc/virnetserver.c:39:0:
	../../src/util/virdbus.h:41:35: error: expected ';', ',' or ')' before 'struct'
	                       const char *interface,
	                                   ^

	* src/util/virdbus.h (virDBusCallMethod): Match .c file change.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix virutil build on mingw
	On platforms without decent group support, the build failed:

	Cannot export virGetGroupList: symbol not defined
	./.libs/libvirt_security_manager.a(libvirt_security_manager_la-security_dac.o): In function `virSecurityDACPreFork':
	/home/eblake/libvirt-tmp/build/src/../../src/security/security_dac.c:248: undefined reference to `virGetGroupList'
	collect2: error: ld returned 1 exit status

	* src/util/virutil.c (virGetGroupList): Provide dummy implementation.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix virthread build on mingw
	Our recent conversion to make VIR_ALLOC report oom wasn't
	tested on mingw:

	In file included from ../../src/util/virthread.c:29:0:
	../../src/util/virthreadwin32.c: In function 'virCondWait':
	../../src/util/virthreadwin32.c:166:81: error: 'VIR_FROM_THIS' undeclared (first use in this function)
	     if (VIR_REALLOC_N(c->waiters, c->nwaiters + 1) < 0) {
	                                                                                 ^

	* src/util/virthreadwin32.c (VIR_FROM_THIS): Define.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix virdbus build on mingw
	Mingw headers pollute the namespace.

	  CC       libvirt_util_la-virdbus.lo
	../../src/util/virdbus.c:1102:35: error: expected ';', ',' or ')' before 'struct'
	                       const char *interface,
	                                   ^

	* src/util/virdbus.c (virDBusCallMethod): Avoid 'interface'.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix vircgroup build on mingw
	The previous patch was incomplete.

	  CC       libvirt_util_la-vircgroup.lo
	../../src/util/vircgroup.c:70:12: error: 'virCgroupPartitionEscape' declared 'static' but never defined [-Werror=unused-function]
	 static int virCgroupPartitionEscape(char **path);
	            ^

	* src/util/vircgroup.c (virCgroupPartitionEscape): Move forward
	declaration inside conditional.

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize build of virCgroupValidateMachineGroup
	The virCgroupValidateMachineGroup method calls some functions
	which are only conditionally compiled, thus it too must be
	made conditional. This fixes the build on non-Linux hosts.

2013-07-29  Eric Blake  <eblake@redhat.com>

	build: fix VPATH 'make check'
	A VPATH build 'make check' was failing with:

	  GEN      check-driverimpls
	Can't open ../../src/../../src/lxc/lxc_monitor_protocol.h: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
	Can't open ../../src/../../src/lxc/lxc_monitor_protocol.c: No such file or directory at ../../src/check-driverimpls.pl line 29, <> line 27153.
	...
	  GEN      check-aclrules
	cannot read ../../src/../../src/remote/remote_protocol.x at ../../src/check-aclrules.pl line 128.

	because $(srcdir) was being prepended to file names that already
	included it.

	* src/Makefile.am (check-driverimpls): Don't add srcdir twice.

2013-07-29  Cole Robinson  <crobinso@redhat.com>

	python: Drop TODO
	File hasn't been really touched for 7 years. And with recent rawhide
	changes it contributed to an RPM build failure. Let's drop it.

	This also removes installation of a libvirt-python doc dir, so drop
	handling of it from the RPM spec.

2013-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing of legacy Xen driver to not leave URI set
	When the legacy Xen driver probes with a NULL URI, and
	finds itself running on Xen, it will set conn->uri. A
	little bit later though it checks to see if libxl support
	exists, and if so declines the driver. This leaves the
	conn->uri set to 'xen:///', so if libxl also declines
	it, it prevents probing of the QEMU driver.

	Once a driver has set the conn->uri, it must *never*
	decline an open request. So we must move the libxl
	check earlier

2013-07-29  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	cpu: Fix one compile error for PPC.
	CPU data structure is refined, which causes one compile error for PPC.

2013-07-29  Guannan Ren  <gren@redhat.com>

	caps: use -device for primary video when qemu >=1.6
	https://bugzilla.redhat.com/show_bug.cgi?id=981094
	The commit 0ad9025ef introduce qemu flag QEMU_CAPS_DEVICE_VIDEO_PRIMARY
	for using -device VGA, -device cirrus-vga, -device vmware-svga and
	-device qxl-vga. In use, for -device qxl-vga, mouse doesn't display
	in guest window like the desciption in above bug.
	This patch try to use -device for primary video when qemu >=1.6 which
	contains the bug fix patch

2013-07-27  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized use warning
	Otherwise, with new enough gcc compiling at -O2, the build fails with:
	../../src/conf/domain_conf.c: In function ‘virDomainDeviceDefPostParse’:
	../../src/conf/domain_conf.c:2821:29: error: ‘cnt’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	             for (i = 0; i < *cnt; i++) {
	                             ^
	../../src/conf/domain_conf.c:2795:20: note: ‘cnt’ was declared here
	         size_t i, *cnt;
	                    ^
	../../src/conf/domain_conf.c:2794:30: error: ‘arrPtr’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	         virDomainChrDefPtr **arrPtr;
	                              ^

	* src/conf/domain_conf.c (virDomainChrGetDomainPtrs): Always
	assign into output parameters.

2013-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Set default partition in libvirtd instead of libvirt_lxc
	By setting the default partition in libvirt_lxc it is not
	visible when querying the live XML. Move setting of the
	default partition into libvirtd virLXCProcessStart

2013-07-26  John Ferlan  <jferlan@redhat.com>

	virStateDriver - Separate AutoStart from Initialize
	Adjust these drivers to handle their Autostart functionality after each
	of the drivers has gone through their Initialization functions

	Separate out StateAutoStart from StateInitialize
	Separation allows for dependent drivers to be make a connection during
	the AutoStart phase of state initialization.

2013-07-26  Ján Tomko  <jtomko@redhat.com>

	Resolve Coverity complaint in storagevolxml2argvtest
	Ignore NULL pool in testSetVolumeType to silence Coverity,
	even though we only call it with NULL pool when vol is also NULL.

	(13) Event var_deref_model:	Passing null pointer "inputpool" to
	function "testSetVolumeType(virStorageVolDefPtr, virStoragePoolDefPtr)",
	which dereferences it. [details]
	Also see events: [assign_zero]

	95    testSetVolumeType(inputvol, inputpool);

2013-07-26  Ján Tomko  <jtomko@redhat.com>

	Remove redundant free in virNetworkDNSHostDefParseXML
	ip has to be NULL at this point.

	Remove double space in error messages

2013-07-26  Ján Tomko  <jtomko@redhat.com>

	Don't check validity of missing attributes in DNS SRV XML
	This fixes a crash if one of them is missing.

	https://bugzilla.redhat.com/show_bug.cgi?id=988718

2013-07-26  Ján Tomko  <jtomko@redhat.com>

	Set the number of elements 0 in virNetwork*Clear
	Decrementing it when it was already 0 causes an invalid free
	in virNetworkDefUpdateDNSHost if virNetworkDNSHostDefParseXML
	fails and virNetworkDNSHostDefClear gets called twice.

	virNetworkForwardDefClear left the number untouched even if it
	freed all the elements.

2013-07-26  Michal Privoznik  <mprivozn@redhat.com>

	formatdomain.html.in: Document implementation limitation of QoS
	The outbound/@peak is ignored (since QoS was introduced). This is due to
	kernel limitation of know allowing ingress filters to have peak just
	average rate. However, we should document this limitation to not confuse
	users.

	formatdomain.html.in: Correctly use <code/> in #elementQoS
	Interestingly, we had <code>floor<code> ... </code>outbound</code> which
	results in much larger block of text to be written in code style that
	intended.

2013-07-26  Alex Jia  <ajia@redhat.com>

	conf:Fix a copy paste error

2013-07-25  Jim Fehlig  <jfehlig@suse.com>

	Fix virsh snapshot-list error reporting
	Noticed that the expected "not supported" error is dropped when
	invoking 'virsh snapshot-list dom' on a Xen installation running
	the libxl driver

	 virsh snapshot-list test
	 error: Invalid snapshot: virDomainSnapshotFree

	The error is overwritten by a call to virDomainSnapshotFree
	in cleanup code within cmdSnapshotList.  Prevent overwritting
	the real error by not calling virDomainSnapshotFree with a NULL
	virDomainSnapshotPtr.

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Skip detecting placement if controller is disabled
	If the app has provided a whitelist of controllers to be used,
	we skip detecting its mount point. We still, however, fill in
	the placement info which later confuses the machine name
	validation code. Skip detecting placement if the controller
	mount point is not set

	Add 'controllers' arg to virCgroupNewDetect
	When detecting cgroups we must honour any controllers
	whitelist the driver may have.

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of 'emulator' cgroup
	When a VM has an 'emulator' child cgroup present, we must
	strip off that suffix when detecting the cgroup for a
	machine

	Rename the virCgroupIsValidMachineGroup method to
	virCgroupValidateMachineGroup to make a bit clearer
	that this isn't simply a boolean check, it will make
	changes to the object.

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Make virCgroupIsValidMachine static
	The virCgroupIsValidMachine does not need to be called from
	outside the cgroups file now, so make it static.

	Introduce a more convenient virCgroupNewDetectMachine
	Instead of requiring drivers to use a combination of calls
	to virCgroupNewDetect and virCgroupIsValidMachine, combine
	the two into virCgroupNewDetectMachine

2013-07-25  Guido Günther  <agx@sigxcpu.org>

	virdbustest: Don't pass number of arguments as long long
	since sizeof(int) != sizeof(long long) on 32bit archs.

	This unbreaks virdbustest which otherwise fails like:

	 (gdb) bt
	 #0  __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:50
	 #1  0x405907d2 in ?? () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #2  0x4057c140 in ?? () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #3  0x4057e7ec in dbus_message_iter_append_basic () from /lib/i386-linux-gnu/libdbus-1.so.3
	 #4  0x400742ec in virDBusMessageIterEncode (args=0xbfd4b8f0 "k\321\004\b.", types=0x804d260 "",
	     rootiter=0xbfd4b844) at util/virdbus.c:560
	 #5  virDBusMessageEncodeArgs (msg=msg@entry=0x893c278, types=types@entry=0x804d25c "sais",
	     args=args@entry=0xbfd4b8d8 "r\320\004\b\003") at util/virdbus.c:921
	 #6  0x40075917 in virDBusMessageEncode (msg=0x893c278, types=0x804d25c "sais") at util/virdbus.c:959
	 #7  0x0804a4a1 in testMessageArray (args=0x0) at virdbustest.c:195
	 #8  0x0804c404 in virtTestRun (title=title@entry=0x804cfcb "Test message array ",
	     nloops=nloops@entry=1, body=body@entry=0x804a3f0 <testMessageArray>, data=data@entry=0x0)
	     at testutils.c:168
	 #9  0x08049346 in mymain () at virdbustest.c:384
	 #10 0x0804cb2e in virtTestMain (argc=argc@entry=1, argv=argv@entry=0xbfd4bb24,
	     func=func@entry=0x80492c0 <mymain>) at testutils.c:764
	 #11 0x080491af in main (argc=1, argv=0xbfd4bb24) at virdbustest.c:393

2013-07-25  Ján Tomko  <jtomko@redhat.com>

	Add inputpool to storagevolxml2argvtest
	This allows testing the command line for cloning file-based
	volumes into logical volumes and vice versa.

2013-07-25  Ján Tomko  <jtomko@redhat.com>

	Move volume XMLs out of storagevolxml2argvdata
	Reuse the XML files in storagevolxml2xmlin.

	(This requires changing a few backing files to /dev/null,
	since virStorageBackendCreateQemuImgCmd checks for its
	presence)

2013-07-25  Ján Tomko  <jtomko@redhat.com>

	Move pool XML out of storagevolxml2argvdata
	Reuse the pool definition from storagepoolxml2xmlin.

	Use separate macros for failure/success in vol-to-argv test
	Reindent them to put the input volume on a separate line.

	tests: PCI controller checks
	Check if PCI bridges with duplicate indexes are rejected.
	PCI root controllers with non-zero indexes or addresses should
	also be rejected.

2013-07-25  Ján Tomko  <jtomko@redhat.com>

	Don't overwrite errors in qemuTranslateDiskSourcePool
	Both virStoragePoolFree and virStorageVolFree reset the last error,
	which might lead to the cryptic message:
	An error occurred, but the cause is unknown

	When the volume wasn't found, virStorageVolFree was called with NULL,
	leading to an error:
	invalid storage volume pointer in virStorageVolFree

	This patch changes it to:
	Storage volume not found: no storage vol with matching name 'tomato'

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Protection against doing bad stuff to the root group
	Add protection such that the virCgroupRemove and
	virCgroupKill* do not do anything to the root cgroup.

	Killing all PIDs in the root cgroup does not end well.

2013-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Convert LXC driver to use virCgroupNewMachine
	Convert the LXC driver code to use the new atomic API
	for setup of cgroups

	Convert QEMU driver to use virCgroupNewMachine
	Convert the QEMU driver code to use the new atomic API
	for setup of cgroups

	New cgroups API for atomically creating machine cgroups
	Instead of requiring one API call to create a cgroup and
	another to add a task to it, introduce a new API
	virCgroupNewMachine which does both jobs at once. This
	will facilitate the later code to talk to systemd to
	achieve this job which is also atomic.

2013-07-24  Michal Privoznik  <mprivozn@redhat.com>

	virLXCMonitorClose: Unlock domain while closing monitor
	There's a race in lxc driver causing a deadlock. If a domain is
	destroyed immediately after started, the deadlock can occur. When domain
	is started, the even loop tries to connect to the monitor. If the
	connecting succeeds, virLXCProcessMonitorInitNotify() is called with
	@mon->client locked. The first thing that callee does, is
	virObjectLock(vm). So the order of locking is: 1) @mon->client, 2) @vm.

	However, if there's another thread executing virDomainDestroy on the
	very same domain, the first thing done here is locking the @vm. Then,
	the corresponding libvirt_lxc process is killed and monitor is closed
	via calling virLXCMonitorClose(). This callee tries to lock @mon->client
	too. So the order is reversed to the first case. This situation results
	in deadlock and unresponsive libvirtd (since the eventloop is involved).

	The proper solution is to unlock the @vm in virLXCMonitorClose prior
	entering virNetClientClose(). See the backtrace as follows:

	Thread 25 (Thread 0x7f1b7c9b8700 (LWP 16312)):
	0  0x00007f1b80539714 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f1b8053516c in _L_lock_516 () from /lib64/libpthread.so.0
	2  0x00007f1b80534fbb in pthread_mutex_lock () from /lib64/libpthread.so.0
	3  0x00007f1b82a637cf in virMutexLock (m=0x7f1b3c0038d0) at util/virthreadpthread.c:85
	4  0x00007f1b82a4ccf2 in virObjectLock (anyobj=0x7f1b3c0038c0) at util/virobject.c:320
	5  0x00007f1b82b861f6 in virNetClientCloseInternal (client=0x7f1b3c0038c0, reason=3) at rpc/virnetclient.c:696
	6  0x00007f1b82b862f5 in virNetClientClose (client=0x7f1b3c0038c0) at rpc/virnetclient.c:721
	7  0x00007f1b6ee12500 in virLXCMonitorClose (mon=0x7f1b3c007210) at lxc/lxc_monitor.c:216
	8  0x00007f1b6ee129f0 in virLXCProcessCleanup (driver=0x7f1b68100240, vm=0x7f1b680ceb70, reason=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:174
	9  0x00007f1b6ee14106 in virLXCProcessStop (driver=0x7f1b68100240, vm=0x7f1b680ceb70, reason=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:710
	10 0x00007f1b6ee1aa36 in lxcDomainDestroyFlags (dom=0x7f1b5c002560, flags=0) at lxc/lxc_driver.c:1291
	11 0x00007f1b6ee1ab1a in lxcDomainDestroy (dom=0x7f1b5c002560) at lxc/lxc_driver.c:1321
	12 0x00007f1b82b05be5 in virDomainDestroy (domain=0x7f1b5c002560) at libvirt.c:2303
	13 0x00007f1b835a7e85 in remoteDispatchDomainDestroy (server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0, rerr=0x7f1b7c9b7c30, args=0x7f1b5c004a50) at remote_dispatch.h:3143
	14 0x00007f1b835a7d78 in remoteDispatchDomainDestroyHelper (server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0, rerr=0x7f1b7c9b7c30, args=0x7f1b5c004a50, ret=0x7f1b5c0029e0) at remote_dispatch.h:3121
	15 0x00007f1b82b93704 in virNetServerProgramDispatchCall (prog=0x7f1b8573af90, server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0) at rpc/virnetserverprogram.c:435
	16 0x00007f1b82b93263 in virNetServerProgramDispatch (prog=0x7f1b8573af90, server=0x7f1b857419d0, client=0x7f1b8574ae40, msg=0x7f1b8574acf0) at rpc/virnetserverprogram.c:305
	17 0x00007f1b82b8c0f6 in virNetServerProcessMsg (srv=0x7f1b857419d0, client=0x7f1b8574ae40, prog=0x7f1b8573af90, msg=0x7f1b8574acf0) at rpc/virnetserver.c:163
	18 0x00007f1b82b8c1da in virNetServerHandleJob (jobOpaque=0x7f1b8574dca0, opaque=0x7f1b857419d0) at rpc/virnetserver.c:184
	19 0x00007f1b82a64158 in virThreadPoolWorker (opaque=0x7f1b8573cb10) at util/virthreadpool.c:144
	20 0x00007f1b82a63ae5 in virThreadHelper (data=0x7f1b8574b9f0) at util/virthreadpthread.c:161
	21 0x00007f1b80532f4a in start_thread () from /lib64/libpthread.so.0
	22 0x00007f1b7fc4f20d in clone () from /lib64/libc.so.6

	Thread 1 (Thread 0x7f1b83546740 (LWP 16297)):
	0  0x00007f1b80539714 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f1b8053516c in _L_lock_516 () from /lib64/libpthread.so.0
	2  0x00007f1b80534fbb in pthread_mutex_lock () from /lib64/libpthread.so.0
	3  0x00007f1b82a637cf in virMutexLock (m=0x7f1b680ceb80) at util/virthreadpthread.c:85
	4  0x00007f1b82a4ccf2 in virObjectLock (anyobj=0x7f1b680ceb70) at util/virobject.c:320
	5  0x00007f1b6ee13bd7 in virLXCProcessMonitorInitNotify (mon=0x7f1b3c007210, initpid=4832, vm=0x7f1b680ceb70) at lxc/lxc_process.c:601
	6  0x00007f1b6ee11fd3 in virLXCMonitorHandleEventInit (prog=0x7f1b3c001f10, client=0x7f1b3c0038c0, evdata=0x7f1b8574a7d0, opaque=0x7f1b3c007210) at lxc/lxc_monitor.c:109
	7  0x00007f1b82b8a196 in virNetClientProgramDispatch (prog=0x7f1b3c001f10, client=0x7f1b3c0038c0, msg=0x7f1b3c003928) at rpc/virnetclientprogram.c:259
	8  0x00007f1b82b87030 in virNetClientCallDispatchMessage (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1019
	9  0x00007f1b82b876bb in virNetClientCallDispatch (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1140
	10 0x00007f1b82b87d41 in virNetClientIOHandleInput (client=0x7f1b3c0038c0) at rpc/virnetclient.c:1312
	11 0x00007f1b82b88f51 in virNetClientIncomingEvent (sock=0x7f1b3c0044e0, events=1, opaque=0x7f1b3c0038c0) at rpc/virnetclient.c:1832
	12 0x00007f1b82b9e1c8 in virNetSocketEventHandle (watch=3321, fd=54, events=1, opaque=0x7f1b3c0044e0) at rpc/virnetsocket.c:1695
	13 0x00007f1b82a272cf in virEventPollDispatchHandles (nfds=21, fds=0x7f1b8574ded0) at util/vireventpoll.c:498
	14 0x00007f1b82a27af2 in virEventPollRunOnce () at util/vireventpoll.c:645
	15 0x00007f1b82a25a61 in virEventRunDefaultImpl () at util/virevent.c:273
	16 0x00007f1b82b8e97e in virNetServerRun (srv=0x7f1b857419d0) at rpc/virnetserver.c:1097
	17 0x00007f1b8359db6b in main (argc=2, argv=0x7ffff98dbaa8) at libvirtd.c:1512

2013-07-24  Stefan Bader  <stefan.bader@canonical.com>

	libxl: Correctly initialize vcpu bitmap
	The avail_vcpu bitmap has to be allocated before it can be used (using
	the maximum allowed value for that). Then for each available VCPU the
	bit in the mask has to be set (libxl_bitmap_set takes a bit position
	as an argument, not the number of bits to set).

	Without this, I would always only get one VCPU for guests created
	through libvirt/libxl.

2013-07-24  Ján Tomko  <jtomko@redhat.com>

	Add a colon after 'internal error'
	As we do for other errors with an extra string.

	Add new virAuth symbols to private.syms
	Otherwise libvirtd fails to load the lockd plugin.

2013-07-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix virCgroupAvailable() w/o HAVE_GETMNTENT_R defined
	virCgroupAvailable() implementation calls getmntent_r
	without checking if HAVE_GETMNTENT_R is defined, so it fails
	to build on platforms without getmntent_r support.

	Make virCgroupAvailable() just return false without
	HAVE_GETMNTENT_R.

2013-07-24  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix link_addr detection
	link_addr detection in configure always reports that
	link_addr is missing because it uses link_addr(NULL, NULL) in
	AC_LINK_IFELSE check with limited set of headers that doesn't
	define NULL.

	Fix by replacing 'NULL' with just '0'.

2013-07-24  Martin Kletzander  <mkletzan@redhat.com>

	Use qemuOpenFile in qemu_driver.c
	On two places, the usage of open() is replaced with qemuOpenFile as
	that is the preferred method in those cases.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963881

2013-07-24  Martin Kletzander  <mkletzan@redhat.com>

	Make qemuOpenFile aware of per-VM DAC seclabel.
	Function qemuOpenFile() haven't had any idea about seclabels applied
	to VMs only, so in case the seclabel differed from the "user:group"
	from configuration, there might have been issues with opening files.

	Make qemuOpenFile() VM-aware, but only optionally, passing NULL
	argument means skipping VM seclabel info completely.

	However, all current qemuOpenFile() calls look like they should use VM
	seclabel info in case there is any, so convert these calls as well.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=869053

2013-07-24  Martin Kletzander  <mkletzan@redhat.com>

	Expose ownership ID parsing
	Parsing 'user:group' is useful even outside the DAC security driver,
	so expose the most abstract function which has no DAC security driver
	bits in itself.

2013-07-24  Laine Stump  <laine@laine.org>

	qemu: set/validate slot/connection type when assigning slots for PCI devices
	Since PCI bridges, PCIe bridges, PCIe switches, and PCIe root ports
	all share the same namespace, they are all defined as controllers of
	type='pci' in libvirt (but with a differing model attribute). Each of
	these controllers has a certain connection type upstream, allows
	certain connection types downstream, and each can either allow a
	single downstream connection at slot 0, or connections from slot 1 -
	31.

	Right now, we only support the pci-root and pci-bridge devices, both
	of which only allow PCI devices to connect, and both which have usable
	slots 1 - 31. In preparation for adding other types of controllers
	that have different capabilities, this patch 1) adds info to the
	qemuDomainPCIAddressBus object to indicate the capabilities, 2) sets
	those capabilities appropriately for pci-root and pci-bridge devices,
	and 3) validates that the controller being connected to is the proper
	type when allocating slots or validating that a user-selected slot is
	appropriate for a device..

	Having this infrastructure in place will make it much easier to add
	support for the other PCI controller types.

	While it would be possible to do all the necessary checking by just
	storing the controller model in the qemyuDomainPCIAddressBus, it
	greatly simplifies all the validation code to also keep a "flags",
	"minSlot" and "maxSlot" for each - that way we can just check those
	attributes rather than requiring a nearly identical switch statement
	everywhere we need to validate compatibility.

	You may notice many places where the flags are seemingly hard-coded to

	  QEMU_PCI_CONNECT_HOTPLUGGABLE | QEMU_PCI_CONNECT_TYPE_PCI

	This is currently the correct value for all PCI devices, and in the
	future will be the default, with small bits of code added to change to
	the flags for the few devices which are the exceptions to this rule.

	Finally, there are a few places with "FIXME" comments. Note that these
	aren't indicating places that are broken according to the currently
	supported devices, they are places that will need fixing when support
	for new PCI controller models is added.

	To assure that there was no regression in the auto-allocation of PCI
	addresses or auto-creation of integrated pci-root, ide, and usb
	controllers, a new test case (pci-bridge-many-disks) has been added to
	both the qemuxml2argv and qemuxml2xml tests. This new test defines a
	domain with several dozen virtio disks but no pci-root or
	pci-bridges. The .args file of the new test case was created using
	libvirt sources from before this patch, and the test still passes
	after this patch has been applied.

2013-07-24  Laine Stump  <laine@laine.org>

	qemu: make QEMU_PCI_ADDRESS_(SLOT|FUNCTION)_LAST less misleading
	Although these two enums are named ..._LAST, they really had the value
	of ..._SIZE. This patch changes their values so that, e.g.,
	QEMU_PCI_ADDRESS_SLOT_LAST really is the slot number of the last slot
	on a PCI bus.

2013-07-24  Laine Stump  <laine@laine.org>

	qemu: only check for PIIX3-specific device addrs on pc-* machinetypes
	The implicit IDE, USB, and video controllers provided by the PIIX3
	chipset in the pc-* machinetypes are not present on other
	machinetypes, so we shouldn't be doing the special checking for
	them. This patch places those validation checks into a separate
	function that is only called for machine types that have a PIIX3 chip
	(which happens to be the i440fx-based pc-* machine types).

	One qemuxml2argv test data file had to be changed - the
	pseries-usb-multi test had included a piix3-usb-uhci device, which was
	being placed at a specific address, and also had slot 2 auto reserved
	for a video device, but the pseries virtual machine doesn't actually
	have a PIIX3 chip, so even if there was a piix3-usb-uhci driver for
	it, the device wouldn't need to reside at slot 1 function 2. I just
	changed the .argv file to have the generic slot info for the two
	devices that results when the special PIIX3 code isn't executed.

2013-07-24  Laine Stump  <laine@laine.org>

	qemu: turn qemuDomainPCIAddressBus into a struct
	qemuDomainPCIAddressBus was an array of QEMU_PCI_ADDRESS_SLOT_LAST
	uint8_t's, which worked fine as long as every PCI bus was
	identical. In the future, some PCI busses will allow connecting PCI
	devices, and some will allow PCIe devices; also some will only allow
	connection of a single device, while others will allow connecting 31
	devices.

	In order to keep track of that information for each bus, we need to
	turn qemuDomainPCIAddressBus into a struct, for now with just one
	member:

	   uint8_t slots[QEMU_PCI_ADDRESS_SLOT_LAST];

	Additional members will come in later patches.

	The item in qemuDomainPCIAddresSet that contains the array of
	qemuDomainPCIAddressBus is now called "buses" to be more consistent
	with the already existing "nbuses" (and with the new "slots" array).

2013-07-24  Eric Blake  <eblake@redhat.com>

	build: work around broken kernel headers
	Thanks to a lack of coordination between kernel and glibc folks,
	it has been impossible to mix code using <linux/in.h> and
	<net/in.h> for some time now (see for example commit c308a9a).
	On at least RHEL 6, <linux/if_bridge.h> tries to use the kernel
	side, and fails due to our desire to use the glibc side elsewhere:

	In file included from /usr/include/linux/if_bridge.h:17,
	                 from util/virnetdevbridge.c:42:
	/usr/include/linux/in6.h:31: error: redefinition of ‘struct in6_addr’
	/usr/include/linux/in6.h:48: error: redefinition of ‘struct sockaddr_in6’
	/usr/include/linux/in6.h:56: error: redefinition of ‘struct ipv6_mreq’

	Thankfully, the kernel layout of these structs is ABI-compatible,
	they only differ in the type system presented to the C compiler.
	While there are other versions of kernel headers that avoid the
	problem, it is easier to just work around the issue than to expect
	all developers to upgrade to working kernel headers.

	* src/util/virnetdevbridge.c (includes): Coerce the kernel version
	of in.h to not collide with the normal version.

2013-07-24  Eric Blake  <eblake@redhat.com>

	dbus: work with older dbus
	dbus 1.2.24 (on RHEL 6) lacks DBUS_TYPE_UNIX_FD; but as we aren't
	trying to pass one of those anyways, we can just drop support for
	it in our wrapper.  Solves this build error introduced in commit
	834c9c94:

	  CC     libvirt_util_la-virdbus.lo
	util/virdbus.c:242: error: 'DBUS_TYPE_UNIX_FD' undeclared here (not in a function)

	* src/util/virdbus.c (virDBusBasicTypes): Drop support for unix fds.

2013-07-24  John Ferlan  <jferlan@redhat.com>

	valgrind.supp: Add more valgrind suppression paths
	Update based on recent run/failures seen

2013-07-24  John Ferlan  <jferlan@redhat.com>

	domain_event: Resolve memory leak found by Valgrind
	Commit id '4421e257' strdup'd devAlias, but didn't free

	Running qemuhotplugtest under valgrind resulted in the following:

	==7375== 9 bytes in 1 blocks are definitely lost in loss record 11 of 70
	==7375==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==7375==    by 0x37C1085D71: strdup (strdup.c:42)
	==7375==    by 0x4CBBD5F: virStrdup (virstring.c:554)
	==7375==    by 0x4CFF9CB: virDomainEventDeviceRemovedNew (domain_event.c:1174)
	==7375==    by 0x427791: qemuDomainRemoveChrDevice (qemu_hotplug.c:2508)
	==7375==    by 0x42C65D: qemuDomainDetachChrDevice (qemu_hotplug.c:3357)
	==7375==    by 0x41C94F: testQemuHotplug (qemuhotplugtest.c:115)
	==7375==    by 0x41D817: virtTestRun (testutils.c:168)
	==7375==    by 0x41C400: mymain (qemuhotplugtest.c:322)
	==7375==    by 0x41DF3A: virtTestMain (testutils.c:764)
	==7375==    by 0x37C1021A04: (below main) (libc-start.c:225)

2013-07-24  John Ferlan  <jferlan@redhat.com>

	lxc: Resolve Coverity warning
	Commit 'c8695053' resulted in the following:

	Coverity error seen in the output:
	    ERROR: REVERSE_INULL
	    FUNCTION: lxcProcessAutoDestroy

	Due to the 'dom' being checked before 'dom->persistent' since 'dom'
	is already dereferenced prior to that.

2013-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Create + setup cgroups atomically for LXC process
	Currently the LXC driver creates the VM's cgroup prior to
	forking, and then libvirt_lxc moves the child process
	into the cgroup. This won't work with systemd whose APIs
	do the creation of cgroups + attachment of processes atomically.

	Fortunately we simply move the entire cgroups setup into
	the libvirt_lxc child process. We make it take place before
	fork'ing into the background, so by the time virCommandRun
	returns in the LXC driver, the cgroup is guaranteed to be
	present.

2013-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Create + setup cgroups atomically for QEMU process
	Currently the QEMU driver creates the VM's cgroup prior to
	forking, and then uses a virCommand hook to move the child
	into the cgroup. This won't work with systemd whose APIs
	do the creation of cgroups + attachment of processes atomically.

	Fortunately we have a handshake taking place between the
	QEMU driver and the child process prior to QEMU being exec()d,
	which was introduced to allow setup of disk locking. By good
	fortune this synchronization point can be used to enable the
	QEMU driver to do atomic setup of cgroups removing the use
	of the hook script.

2013-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete cgroups creation apis
	The virCgroupNewDomainDriver and virCgroupNewDriver methods
	are obsolete now that we can auto-detect existing cgroup
	placement. Delete them to reduce code bloat.

	Auto-detect existing cgroup placement
	Use the new virCgroupNewDetect function to determine cgroup
	placement of existing running VMs. This will allow the legacy
	cgroups creation APIs to be removed entirely

	Add API for checking if a cgroup is valid for a domain
	Add virCgroupIsValidMachine API to check whether an auto
	detected cgroup is valid for a machine. This lets us
	check if a VM has just been placed into some generic
	shared cgroup, or worse, the root cgroup

	Add a virCgroupNewDetect API for finding cgroup placement
	Add a virCgroupNewDetect API which is used to initialize a
	cgroup object with the placement of an arbitrary process.

	Add logic for handling systemd-machined non-existance
	If systemd machine does not exist, return -2 instead of -1,
	so that applications don't need to repeat the tedious error
	checking code

	Fix handling of DBus errors emitted by the bus itself
	Current code for handling dbus errors only works for errors
	received from the remote application itself. We must also
	handle errors emitted by the bus itself, for example, when
	it fails to spawn the target service.

2013-07-23  John Ferlan  <jferlan@redhat.com>

	storage: Add connection for autostart storage pool
	Add a privileged field to storageDriverState

	Use the privileged value in order to generate a connection which could
	be passed to the various storage backend drivers.

	In particular, the iSCSI driver will need a connect in order to perform
	pool authentication using the 'chap' secrets and the RBD driver utilizes
	the connection during pool refresh for pools using 'ceph' secrets.

	For now that connection will be to be to qemu driver until a mechanism
	is devised to get a connection to just the secret driver without qemu.

2013-07-23  John Ferlan  <jferlan@redhat.com>

	Adjust 'ceph' authentication secret usage for rbd pool.
	Update virStorageBackendRBDOpenRADOSConn() to use the internal API to the
	secret driver in order to get the secret value instead of the external
	virSecretGetValue() path. Without the flag VIR_SECRET_GET_VALUE_INTERNAL_CALL
	there is no way to get the value of private secret.

	This also requires ensuring there is a connection which wasn't true for
	for the refreshPool() path calls from storageDriverAutostart() prior to
	adding support for the connection to a qemu driver. It seems calls to
	virSecretLookupByUUIDString() and virSecretLookupByUsage() from the
	refreshPool() path would have failed with no way to find the secret - that is
	theoretically speaking since the 'conn' was NULL the failure would have been
	"failed to find the secret".

2013-07-23  John Ferlan  <jferlan@redhat.com>

	storage: Support "chap" authentication for iscsi pool
	Although the XML for CHAP authentication with plain "password"
	was introduced long ago, the function was never implemented. This
	patch replaces the login/password mechanism by following the
	'ceph' (or RBD) model of using a 'username' with a 'secret' which
	has the authentication information.

	This patch performs the authentication during startPool() processing
	of pools with an authType of VIR_STORAGE_POOL_AUTH_CHAP specified
	for iSCSI pools.

	There are two types of CHAP configurations supported for iSCSI
	authentication:

	  * Initiator Authentication
	      Forward, one-way; The initiator is authenticated by the target.

	  * Target Authentication
	      Reverse, Bi-directional, mutual, two-way; The target is authenticated
	      by the initiator; This method also requires Initiator Authentication

	This only supports the "Initiator Authentication". (I don't have any
	enterprise iSCSI env for testing, only have a iSCSI target setup with
	tgtd, which doesn't support "Target Authentication").

	"Discovery authentication" is not supported by tgt yet too. So this only
	setup the session authentication by executing 3 iscsiadm commands, E.g:

	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.authmethod" -v "CHAP" --op update

	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.username" -v "Jim" --op update

	% iscsiadm -m node --target "iqn.2013-05.test:iscsi.foo" --name \
	  "node.session.auth.password" -v "Jimsecret" --op update

2013-07-23  John Ferlan  <jferlan@redhat.com>

	qemu_common: Create qemuBuildVolumeString() to process storage pool
	Split out into its own separate routine

	qemu: Create a common qemuGetSecretString
	Make the secret fetching code common for qemuBuildRBDString() and
	qemuBuildDriveURIString() using the virDomainDiskDef.

	qemu: Add source pool auth info to virDomainDiskDef for iSCSI
	During qemuTranslateDiskSourcePool() execution, if the srcpool has been
	defined with authentication information, then for iSCSI pools copy the
	authentication and host information to virDomainDiskDef.

2013-07-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Take error path if acquiring of job fails in qemuDomainSaveInternal
	Due to a goto statement missed when refactoring in 2771f8b74c1bf50d1fa
	when acquiring of a domain job failed the error path was not taken. This
	resulted into a crash afterwards as an extra reference was removed from a
	domain object leading to it being freed. An attempt to list the domains
	leaded to a crash of the daemon afterwards.

	https://bugzilla.redhat.com/show_bug.cgi?id=928672

2013-07-23  Laine Stump  <laine@laine.org>

	build: fix make rpm failure
	util/virdbuspriv.h needed to be added to UTIL_SOURCES in the makefile.

2013-07-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: use more general function names
	Continue preparation for extracting platform-specific
	parts from bridge_driver: s/Iptables/Firewall/ for
	firewall related function names.

2013-07-23  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Add virDBusMessage(Encode,Decode) stubs
	Commit 834c9c94 introduced virDBusMessageEncode and
	virDBusMessageDecode functions, however corresponding stubs
	were not added to !WITH_DBUS section, therefore 'make check'
	started to fail when compiled w/out dbus support like that:

	Expected symbol virDBusMessageDecode is not in ELF library

2013-07-23  Guannan Ren  <gren@redhat.com>

	virsh: fix change-media bug on disk block type
	Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=923053
	When cdrom is block type, the virsh change-media failed to insert
	source info because virsh uses "<source block='/dev/sdb'/>" while
	the correct name of the attribute for block disks is "dev".

2013-07-22  Osier Yang  <jyang@redhat.com>

	qemu: Translate the volume type disk source before cgroup setting
	The translation must be done before both of cgroup and security
	setting, otherwise since the disk source is not translated yet,
	it might be skipped on cgroup and security setting.

	conf: Ignore the volume type disk if its mode is "direct"
	virDomainDiskDefForeachPath is not only used by the security
	setting helpers, also used by cgroup setting helpers, so this
	is to ignore the volume type disk with mode="direct" for cgroup
	setting.

2013-07-22  John Ferlan  <jferlan@redhat.com>

	qemu: Translate the iscsi pool/volume disk source
	The difference with already supported pool types (dir, fs, block)
	is: there are two modes for iscsi pool (or network pools in future),
	one can specify it either to use the volume target path (the path
	showed up on host) with mode='host', or to use the remote URI qemu
	supports (e.g. file=iscsi://example.org:6000/iqn.1992-01.com.example/1)
	with mode='direct'.

	For 'host' mode, it copies the volume target path into disk->src. For
	'direct' mode, the corresponding info in the *one* pool source host def
	is copied to disk->hosts[0].

2013-07-22  John Ferlan  <jferlan@redhat.com>

	conf: Introduce virDomainDiskSourceIsBlockType
	Introduce a new helper to check if the disk source is of block type

2013-07-22  John Ferlan  <jferlan@redhat.com>

	conf: Introduce new XML tag "mode" for disk source
	There are two ways to use a iSCSI LUN as disk source for qemu.

	 * The LUN's path as it shows up on host, e.g.
	   /dev/disk/by-path/ip-$ip:3260-iscsi-$iqn-fc18:iscsi.iscsi0-lun-1

	 * The libiscsi URI from the storage pool source element host attribute, e.g.
	   iscsi://demo.org:6000/iqn.1992-01.com.example/1

	For a "volume" type disk, if the specified "pool" is of iscsi
	type, we should support to use the LUN in either of above 2 ways.
	That's why to introduce a new XML tag "mode" for the disk source
	(libvirt should support iscsi pool with libiscsi, but it's another
	new feature, which should be done later).

	The "mode" can be either of "host" or "direct". Use "host" to indicate
	use of the LUN with the path as it shows up on host. Use "direct" to
	indicate to use it with the source pool host URI (future patches may support
	to use network type libvirt storage too, e.g. Ceph)

2013-07-22  John Ferlan  <jferlan@redhat.com>

	storage_iscsi: Reflect the default target port
	Make sure default iSCSI target is 3260.

2013-07-22  Jiri Denemark  <jdenemar@redhat.com>

	tests: Free test at the end of GetDeviceAliases JSON test
	Commit 58b147ad07c9432b53e66ca20aff74d812647c57 added a test for
	qemuMonitorGetDeviceAliases but forgot to free the test object at the
	end which causes all sort of weird errors and failures when new tests
	are added after the GetDeviceAliases.

2013-07-22  Philipp Hahn  <hahn@univention.de>

	doc: Fix copy-paste-error in virNodeGetMemoryStats
	The description seems to be copied from virNodeGetCpuState.
	Change wrong 'cpu' to 'memory'.

2013-07-22  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	bridge driver: s/network_driver/virNetworkDriverState/
	This is another cleanup before extracting platform-specific
	parts from bridge_driver.

	Rename struct network_driver to _virNetworkDriverState and
	add appropriate typedefs: virNetworkDriverState and
	virNetworkDriverStatePtr.

	This will help us to avoid potential problems when moving
	this struct to the .h file.

2013-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Convert remainder of cgroups code to report errors
	Convert the remaining methods in vircgroup.c to report errors
	instead of returning errno values.

	Convert the virCgroupKill* APIs to report errors
	Instead of returning errno values, change the virCgroupKill*
	APIs to fully report errors.

	Report full errors from virCgroupNew*
	Instead of returning raw errno values, report full libvirt
	errors in virCgroupNew* functions.

	Add helpers for dealing with system errors
	Add virErrorSetErrnoFromLastError and virLastErrorIsSystemErrno
	to simplify code which wants to handle system errors in a more
	graceful fashion.

	Add API for calling systemd-machined's DBus API
	To register virtual machines and containers with systemd-machined,
	and thus have cgroups auto-created, we need to talk over DBus.
	This is somewhat tedious code, so introduce a dedicated function
	to isolate the DBus call in one place.

2013-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Introduce virDBusCallMethod & virDBusMessageRead methods
	Doing DBus method calls using libdbus.so is tedious in the
	extreme. systemd developers came up with a nice high level
	API for DBus method calls (sd_bus_call_method). While
	systemd doesn't use libdbus.so, their API design can easily
	be ported to libdbus.so.

	This patch thus introduces methods virDBusCallMethod &
	virDBusMessageRead, which are based on the code used for
	sd_bus_call_method and sd_bus_message_read. This code in
	systemd is under the LGPLv2+, so we're license compatible.

	This code is probably pretty unintelligible unless you are
	familiar with the DBus type system. So I added some API
	docs trying to explain how to use them, as well as test
	cases to validate that I didn't screw up the adaptation
	from the original systemd code.

2013-07-22  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Let explicit features override model features
	Until now CPU features inherited from a specified CPU model could only
	be overridden with 'disable' policy. With this patch, any explicitly
	specified feature always overrides the same feature inherited from a CPU
	model regardless on the specified policy.

	The CPU in x86-exact-force-Haswell.xml would previously be incompatible
	with x86-host-SandyBridge.xml CPU even though x86-host-SandyBridge.xml
	provides all features required by x86-exact-force-Haswell.xml.

2013-07-22  Jiri Denemark  <jdenemar@redhat.com>

	vmware: Fix bogus CPU arch copy

	cpu: Store arch in virCPUData

	Replace union cpuData with virCPUData

	cpu_x86: Use x86-specific CPU data structure

2013-07-22  Daniel P. Berrange  <berrange@redhat.com>

	LXC: Set default driver for image backed filesystems
	If no explicit driver is set for an image backed filesystem,
	set it to use the loop driver (if raw) or nbd driver (if
	non-raw)

	LXC: Fix some error reporting in filesystem setup
	A couple of places in LXC setup for filesystems did not do
	a "goto cleanup" after reporting errors. While fixing this,
	also add in many more debug statements to aid troubleshooting

2013-07-22  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Shorten SCSI hostdev alias to avoid QEMU failure
	The alias for hostdevs of type SCSI can be too long for QEMU if
	larger LUNs are encountered. Here's a real life example:

	    <hostdev mode='subsystem' type='scsi' managed='no'>
	      <source>
	        <adapter name='scsi_host0'/>
	        <address bus='0' target='19' unit='1088634913'/>
	      </source>
	      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
	    </hostdev>

	this results in a too long drive id, resulting in QEMU yelling

	Property 'scsi-generic.drive' can't find value 'drive-hostdev-scsi_host0-0-19-1088634913'

	This commit changes the alias back to the default hostdev$(index)
	scheme.

2013-07-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unplug devices that disappeared when libvirtd was down
	In case libvirtd is asked to unplug a device but the device is actually
	unplugged later when libvirtd is not running, we need to detect that and
	remove such device when libvirtd starts again and reconnects to running
	domains.

	qemu: Introduce qemuMonitorGetDeviceAliases
	This API provides a NULL-terminated list of devices which are currently
	attached to a QEMU domain.

	conf: Make error reporting in virDomainDefFindDevice optional

	util: Non-existent string array does not contain any string
	Make virStringArrayHasString return false when called on a non-existent
	string array.

2013-07-19  Eric Blake  <eblake@redhat.com>

	security: fix deadlock with prefork
	Attempts to start a domain with both SELinux and DAC security
	modules loaded will deadlock; latent problem introduced in commit
	fdb3bde and exposed in commit 29fe5d7.  Basically, when recursing
	into the security manager for other driver's prefork, we have to
	undo the asymmetric lock taken at the manager level.

	Reported by Jiri Denemark, with diagnosis help from Dan Berrange.

	* src/security/security_stack.c (virSecurityStackPreFork): Undo
	extra lock grabbed during recursion.

2013-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Change s/i/iv/ in test code to avoid syntax-check
	The code parsing VIR_TEST_RANGE mistakenly used 'unsigned int i'
	which violated syntax-check rules

2013-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Allow test cases to be run selectively
	When debugging a failing test with many test cases, it is useful
	to be able to skip most tests. Introducing a new environment
	variable VIR_TEST_RANGE=N-M enables execution of only the test
	cases numbered N-M inclusive, starting from 1.

	For example, to skip all the cgroup tests except 2

	$ VIR_TEST_RANGE=2-3 VIR_TEST_DEBUG=1 ./vircgrouptest
	TEST: vircgrouptest
	 2) New cgroup for driver                                             ... Unexpected found LXC cgroup: 1
	libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
	FAILED
	 3) New cgroup for domain driver                                      ... Cannot find LXC cgroup: 1
	libvirt: Cgroup error : Failed to create controller cpu for group: No such file or directory
	FAILED

2013-07-19  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Upstream gnulib recently patched a bug in bootstrap, for projects
	that use a different name than build-aux for a subdirectory.  We
	don't, but it doesn't hurt to update.

	* .gnulib: Update, for bootstrap fix.
	* bootstrap: Sync to upstream.
	* bootstrap.conf: Match upstream bug fix.

2013-07-19  Michal Privoznik  <mprivozn@redhat.com>

	autogen: Handle case when libvirt's submodule
	Currently, in the autogen.sh script we check whether .git is an existing
	directory in which case bootstrap is run. However, if libvirt is a
	submodule, then the .git is just a file (with reference to the topmost
	.git directory). However, our submodule routines work well. So there's
	no real reason why we should prohibit users to build libvirt from
	submodule.

2013-07-19  Eric Blake  <eblake@redhat.com>

	maint: split long lines in Makefiles
	Makefiles are another easy file to enforce line limits.

	Mostly straightforward; interesting tricks worth noting:
	src/Makefile.am: $(confdir) was already defined, use it in more places
	tests/Makefile.am: path_add and VG required some interesting compression

	* cfg.mk (sc_prohibit_long_lines): Add another test.
	* Makefile.am: Fix offenders.
	* daemon/Makefile.am: Likewise.
	* docs/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.

2013-07-18  Eric Blake  <eblake@redhat.com>

	security_dac: compute supplemental groups before fork
	Commit 75c1256 states that virGetGroupList must not be called
	between fork and exec, then commit ee777e99 promptly violated
	that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
	the supplemental group detection to the time that the security
	manager needs to fork.  Qemu is safe, as it uses
	virSecurityManagerSetChildProcessLabel which in turn uses
	virCommand to determine supplemental groups.

	This does not fix the fact that virSecurityManagerSetProcessLabel
	calls virSecurityDACParseIds calls parseIds which eventually
	calls getpwnam_r, which also violates fork/exec async-signal-safe
	safety rules, but so far no one has complained of hitting
	deadlock in that case.

	* src/security/security_dac.c (_virSecurityDACData): Track groups
	in private data.
	(virSecurityDACPreFork): New function, to set them.
	(virSecurityDACClose): Clean up new fields.
	(virSecurityDACGetIds): Alter signature.
	(virSecurityDACSetSecurityHostdevLabelHelper)
	(virSecurityDACSetChardevLabel, virSecurityDACSetProcessLabel)
	(virSecurityDACSetChildProcessLabel): Update callers.

2013-07-18  Eric Blake  <eblake@redhat.com>

	security: framework for driver PreFork handler
	A future patch wants the DAC security manager to be able to safely
	get the supplemental group list for a given uid, but at the time
	of a fork rather than during initialization so as to pick up on
	live changes to the system's group database.  This patch adds the
	framework, including the possibility of a pre-fork callback
	failing.

	For now, any driver that implements a prefork callback must be
	robust against the possibility of being part of a security stack
	where a later element in the chain fails prefork.  This means
	that drivers cannot do any action that requires a call to postfork
	for proper cleanup (no grabbing a mutex, for example).  If this
	is too prohibitive in the future, we would have to switch to a
	transactioning sequence, where each driver has (up to) 3 callbacks:
	PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean
	up or commit changes made during prepare.

	* src/security/security_driver.h (virSecurityDriverPreFork): New
	callback.
	* src/security/security_manager.h (virSecurityManagerPreFork):
	Change signature.
	* src/security/security_manager.c (virSecurityManagerPreFork):
	Optionally call into driver, and allow returning failure.
	* src/security/security_stack.c (virSecurityDriverStack):
	Wrap the handler for the stack driver.
	* src/qemu/qemu_process.c (qemuProcessStart): Adjust caller.

2013-07-18  Guido Günther  <agx@sigxcpu.org>

	Use AC_LINK_IFELSE
	instead of the deprecated AC_TRY_LINK

2013-07-18  Eric Blake  <eblake@redhat.com>

	tests: split long lines
	Long lines are harder to read and harder to diff; in fact, if lines get
	too long (> 1000 bytes), it starts causing issues where git send-email
	refuses to send patches for the file.  I've cleaned up the tests
	directory in the past (see commits bd6c46f, 3b750d1), but new long
	lines have been introduced in the meantime.

	Why 90 instead of 80? Because there were too many tests on the fringe
	edge, and I didn't want to edit that many files.

	Add a syntax check to prevent future long lines.

	* cfg.mk (sc_prohibit_long_lines): New rule.
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Split lines of any
	file with content longer than 90 columns.
	* tests/storagevolxml2argvdata/*.argv: Likewise.

2013-07-18  Guido Günther  <agx@sigxcpu.org>

	Check for link_addr more thoroughly
	Some versions of kFreeBSD (like 9.0) declare link_addr in a header
	but lack an implementation. This makes ./configure pass but breaks
	compilation later with a

	     undefined reference to `link_addr'

	Althought that's a bug in the OS header we can detect it easily by also
	trying to link.

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715320

2013-07-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED events

	qemu: Remove devices only after DEVICE_DELETED event

	qemu: Add support for DEVICE_DELETED event

	Add virDomainDefFindDevice for looking up a device by its alias

	Clarify virDomainDetachDeviceFlags documentation

	examples: Handle VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event

	Add VIR_DOMAIN_EVENT_ID_DEVICE_REMOVED event

	qemu: Separate char device removal into a standalone function

2013-07-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Cleanup coding style nits in qemu_cgroup.c

2013-07-18  Osier Yang  <jyang@redhat.com>

	qemu: Set cpuset.cpus for domain process
	When either "cpuset" of <vcpu> is specified, or the "placement" of
	<vcpu> is "auto", only setting the cpuset.mems might cause the guest
	starting to fail. E.g. ("placement" of both <vcpu> and <numatune> is
	"auto"):

	1) Related XMLs
	  <vcpu placement='auto'>4</vcpu>
	  <numatune>
	    <memory mode='strict' placement='auto'/>
	  </numatune>

	2) Host NUMA topology
	  % numactl --hardware
	  available: 8 nodes (0-7)
	  node 0 cpus: 0 4 8 12 16 20 24 28
	  node 0 size: 16374 MB
	  node 0 free: 11899 MB
	  node 1 cpus: 32 36 40 44 48 52 56 60
	  node 1 size: 16384 MB
	  node 1 free: 15318 MB
	  node 2 cpus: 2 6 10 14 18 22 26 30
	  node 2 size: 16384 MB
	  node 2 free: 15766 MB
	  node 3 cpus: 34 38 42 46 50 54 58 62
	  node 3 size: 16384 MB
	  node 3 free: 15347 MB
	  node 4 cpus: 3 7 11 15 19 23 27 31
	  node 4 size: 16384 MB
	  node 4 free: 15041 MB
	  node 5 cpus: 35 39 43 47 51 55 59 63
	  node 5 size: 16384 MB
	  node 5 free: 15202 MB
	  node 6 cpus: 1 5 9 13 17 21 25 29
	  node 6 size: 16384 MB
	  node 6 free: 15197 MB
	  node 7 cpus: 33 37 41 45 49 53 57 61
	  node 7 size: 16368 MB
	  node 7 free: 15669 MB

	4) cpuset.cpus will be set as: (from debug log)

	2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
	Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.cpus'
	to '0-63'

	5) The advisory nodeset got from querying numad (from debug log)

	2013-05-09 16:50:17.295+0000: 417: debug : qemuProcessStart:3614 :
	Nodeset returned from numad: 1

	6) cpuset.mems will be set as: (from debug log)

	2013-05-09 16:50:17.296+0000: 417: debug : virCgroupSetValueStr:331 :
	Set value '/sys/fs/cgroup/cpuset/libvirt/qemu/toy/cpuset.mems'
	to '0-7'

	I.E, the domain process's memory is restricted on the first NUMA node,
	however, it can use all of the CPUs, which will likely cause the domain
	process to fail to start because of the kernel fails to allocate
	memory with the the memory policy as "strict".

	% tail -n 20 /var/log/libvirt/qemu/toy.log
	...
	2013-05-09 05:53:32.972+0000: 7318: debug : virCommandHandshakeChild:377 :
	Handshake with parent is done
	char device redirected to /dev/pts/2 (label charserial0)
	kvm_init_vcpu failed: Cannot allocate memory
	...

2013-07-18  Peter Krempa  <pkrempa@redhat.com>

	caps: Add helpers to convert NUMA nodes to corresponding CPUs
	These helpers use the remembered host capabilities to retrieve the cpu
	map rather than query the host again. The intended usage for this
	helpers is to fix automatic NUMA placement with strict memory alloc. The
	code doing the prepare needs to pin the emulator process only to cpus
	belonging to a subset of NUMA nodes of the host.

2013-07-18  Martin Kletzander  <mkletzan@redhat.com>

	Add virtio-scsi to fallback models of scsi controller
	When user does not specify any model for scsi controller, or worse, no
	controller at all, but libvirt automatically adds scsi controller with
	no model, we are not searching for virtio-scsi and thus this can fail
	for example on qemu which doesn't support lsi logic adapter.

	This means that when qemu on x86 doesn't support lsi53c895a and the
	user adds the following to an XML without any scsi controller:

	<disk ...>
	  ...
	  <target dev='sda'>
	</disk>

	libvirt fails like this:
	 # virsh define asdf.xml
	 error: Failed to define domain from asdf.xml
	 error: internal error Unable to determine model for scsi controller

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=974943

2013-07-18  Michal Privoznik  <mprivozn@redhat.com>

	Introduce lxcDomObjFromDomain
	Similarly to qemu driver, we can use a helper function to
	lookup a domain instead of copying multiple lines around.

	Remove lxcDriverLock from almost everywhere
	With the majority of fields in the virLXCDriverPtr struct
	now immutable or self-locking, there is no need for practically
	any methods to be using the LXC driver lock. Only a handful
	of helper APIs now need it.

	lxc: Make activeUsbHostdevs use locks
	The activeUsbHostdevs item in LXCDriver are lockable, but the lock has
	to be called explicitly. Call the virObject(Un)Lock() in order to
	achieve mutual exclusion once lxcDriverLock is removed.

	Stop accessing driver->caps directly in LXC driver
	The 'driver->caps' pointer can be changed on the fly. Accessing
	it currently requires the global driver lock. Isolate this
	access in a single helper, so a future patch can relax the
	locking constraints.

	lxc: switch to virCloseCallbacks API

	Introduce annotations for virLXCDriverPtr fields
	Annotate the fields in virLXCDriverPtr to indicate the locking
	rules for their use.

	lxc: Use atomic ops for driver->nactive

2013-07-18  Michal Privoznik  <mprivozn@redhat.com>

	Introduce a virLXCDriverConfigPtr object
	Currently the virLXCDriverPtr struct contains an wide variety
	of data with varying access needs. Move all the static config
	data into a dedicated virLXCDriverConfigPtr object. The only
	locking requirement is to hold the driver lock, while obtaining
	an instance of virLXCDriverConfigPtr. Once a reference is held
	on the config object, it can be used completely lockless since
	it is immutable.

	NB, not all APIs correctly hold the driver lock while getting
	a reference to the config object in this patch. This is safe
	for now since the config is never updated on the fly. Later
	patches will address this fully.

2013-07-18  Michal Privoznik  <mprivozn@redhat.com>

	virLXCDriver: Drop unused @cgroup
	It is not used anywhere, so it makes no sense to have it there.

	qemu: Move close callbacks handling into util/virclosecallbacks.c

	qemuhotplugtest: Resolve some memleaks
	If testQemuHotplugAttach succeeds, the vm->def steals the dev pointer.
	However, not the envelope, which needs to be freed. In addition,
	driver.config is allocated, but never freed.

	qemuDomainDetachChrDevice: Don't leak @charAlias
	Moreover, since virAsprintf now does report OOM error, there's no need
	to call virReportOOMError in error path.

2013-07-18  Ján Tomko  <jtomko@redhat.com>

	virAsprintf: correctly check return value
	When virAsprintf was changed from a function to a macro
	reporting OOM error in dc6f2da, it was documented as returning
	0 on success. This is incorrect, it returns the number of bytes
	written as asprintf does.

	Some of the functions were converted to use virAsprintf's return
	value directly, changing the return value on success from 0 to >= 0.

	For most of these, this is not a problem, but the change in
	virPCIDriverDir breaks PCI passthrough.

	The return value check in virhashtest pre-dates virAsprintf OOM
	conversion.

	vmwareMakePath seems to be unused.

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Merge virCommandPreserveFD / virCommandTransferFD
	Merge the virCommandPreserveFD / virCommandTransferFD methods
	into a single virCommandPasFD method, and use a new
	VIR_COMMAND_PASS_FD_CLOSE_PARENT to indicate their difference
	in behaviour

	Enable FD passing when starting guests with virsh
	Add a "--pass-fds N,M,..." arg to the virsh start/create
	methods. This allows pre-opened file descriptors from the
	shell to be passed on into the guest

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	LXC: Wire up the virDomainCreate{XML}WithFiles methods
	Wire up the new virDomainCreate{XML}WithFiles methods in the
	LXC driver, so that FDs get passed down to the init process.

	The lxc_container code needs to do a little dance in order
	to renumber the file descriptors it receives into linear
	order, starting from STDERR_FILENO + 1.

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix impl of virDomainCreateWithFlags remote client helper
	In the following commit:

	  commit 03d813bbcd7b4a18360105500672b84d985dd889
	  Author: Marek Marczykowski <marmarek@invisiblethingslab.com>
	  Date:   Thu May 23 02:01:30 2013 +0200

	    remote: fix dom->id after virDomainCreateWithFlags

	The virDomainCreateWithFlags remote client helper was made to
	invoke REMOTE_PROC_DOMAIN_LOOKUP_BY_UUID to refresh the 'id'
	of the domain, following the pattern used in the previous
	virDomainCreate method impl.

	The remote protocol for virDomainCreateWithFlags though did
	actually fix the design flaw in virDomainCreate, by directly
	returning the new domain info. For some reason, this data was
	never used. So we can just use that data now instead.

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Introduce remote protocol support for virDomainCreate{XML}WithFiles
	Since they make use of file descriptor passing, the remote protocol
	methods for virDomainCreate{XML}WithFiles must be written by hand.

2013-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Introduce new domain create APIs to pass pre-opened FDs to LXC
	With container based virt, it is useful to be able to pass
	pre-opened file descriptors to the container init process.
	This allows for containers to be auto-activated from incoming
	socket connections, passing the active socket into the container.

	To do this, introduce a pair of new APIs, virDomainCreateXMLWithFiles
	and virDomainCreateWithFiles, which accept an array of file
	descriptors. For the LXC driver, UNIX file descriptor passing
	will be used to send them to libvirtd, which will them pass
	them down to libvirt_lxc, which will then pass them to the container
	init process.

	This will only be implemented for LXC right now, but the design
	is generic enough it could work with other hypervisors, hence
	I suggest adding this to libvirt.so, rather than libvirt-lxc.so

2013-07-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Make ctags work out of the box
	The .ctags file specifies default options for ctags so that it does not
	ignore libvirt.h.in and ignores uninteresting files. As a result, you
	can just run "ctags" and navigating to a public API won't get you to a
	useless entry in api.html.

2013-07-17  Geoff Hickey  <ghickey@datagravity.com>

	esx: Support for disk-only and quiescing snapshots.
	Add support for creating disk-only (no memory) snapshots in esx, and
	for quiescing the VM before taking the snapshot. The VMware API
	supports these operations directly, so adding support to libvirt is
	just a matter of setting the flags correctly when calling
	VMware. VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY and
	VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE are now valid flags for esx.

2013-07-17  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement virDomainGetNumaParameters
	Although, having it depending on Xen >= 4.3 (by using the proper
	libxl feature flag).

	Xen currently implements a NUMA placement policy which is basically
	the same as the 'interleaved' policy of `numactl', although it can
	be applied on a subset of the available nodes. We therefore hardcode
	"interleave" as 'numa_mode', and we use the newly introduced libxl
	interface to figure out what nodes a domain spans ('numa_nodeset').

	With this change, it is now possible to query the NUMA node
	affinity of a running domain:

	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// list
	 Id    Name                           State
	----------------------------------------------------
	 23    F18_x64                        running

	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// numatune 23
	numa_mode      : interleave
	numa_nodeset   : 1

2013-07-17  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: advertise the support for VIR_TYPED_PARAM_STRING
	domainGetNumaParameters has a string typed parameter, hence it
	is necessary for the libxl driver to support this.

	This change implements the connectSupportsFeature hook for the
	libxl driver, advertising that VIR_DRV_FEATURE_TYPED_PARAM_STRING
	is supported.

	Cc: Eric Blake <eblake@redhat.com>

2013-07-17  Stefan Bader  <stefan.bader@canonical.com>

	xen: Add interface versions for Xen 4.3
	Xen 4.3 changes sysctl version to 10 and domctl version to 9. Update
	the hypervisor driver to work with those.

2013-07-17  Michal Privoznik  <mprivozn@redhat.com>

	lxc_container: Don't call virGetGroupList during exec
	Commit 75c1256 states that virGetGroupList must not be called
	between fork and exec, then commit ee777e99 promptly violated
	that for lxc.

	Patch originally posted by Eric Blake <eblake@redhat.com>.

2013-07-17  Ján Tomko  <jtomko@redhat.com>

	cgroup: reuse buffer for getline
	Reuse the buffer for getline and track buffer allocation
	separately from the string length to prevent unlikely
	out-of-bounds memory access.

	This fixes the following leak that happened when zero bytes were read:

	==404== 120 bytes in 1 blocks are definitely lost in loss record 1,344 of 1,671
	==404==    at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
	==404==    by 0x906F862: getdelim (iogetdelim.c:68)
	==404==    by 0x52A48FB: virCgroupPartitionNeedsEscaping (vircgroup.c:1136)
	==404==    by 0x52A0FB4: virCgroupPartitionEscape (vircgroup.c:1171)
	==404==    by 0x52A0EA4: virCgroupNewDomainPartition (vircgroup.c:1450)

2013-07-17  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetSchedulerType: Prefer qemuDomObjFromDomain
	In all qemu APIs we tend to prefer qemuDomObjFromDomain over
	virDomainObjListFindByUUID. But somehow the
	qemuDomainGetSchedulerType left unattended.

	virSecurityManagerGenLabel: Skip seclabels without model
	While generating seclabels, we check the seclabel stack if required
	driver is in the stack. If not, an error is returned. However, it is
	possible for a seclabel to not have any model set (happens with LXC
	domains that have just <seclabel type='none'>). If that's the case,
	we should just skip the iteration instead of calling STREQ(NULL, ...)
	and SIGSEGV-ing subsequently.

	lxcCapsInit: Allocate primary security driver unconditionally
	Currently, if the primary security driver is 'none', we skip
	initializing caps->host.secModels. This means, later, when LXC domain
	XML is parsed and <seclabel type='none'/> is found (see
	virSecurityLabelDefsParseXML), the model name is not copied to the
	seclabel. This leads to subsequent crash in virSecurityManagerGenLabel
	where we call STREQ() over the model (note, that we are expecting model
	to be !NULL).

2013-07-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Separate host device removal into a standalone function

	qemu: Separate net device removal into a standalone function

	qemu: Separate controller removal into a standalone function

	qemu: Separate disk device removal into a standalone function

	qemu: Add qemuDomainReleaseDeviceAddress to remove any address

2013-07-16  Guido Günther  <agx@sigxcpu.org>

	Create directory for lease files if it's missing
	If we don't autostart a network it's not being created.

	Debian Bug http://bugs.debian.org/715200

2013-07-16  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on shadowed name
	Introduced in commit 24b08219; compilation on RHEL 6.4 complained:
	qemu/qemu_hotplug.c: In function 'qemuDomainAttachChrDevice':
	qemu/qemu_hotplug.c:1257: error: declaration of 'remove' shadows a global declaration [-Wshadow]
	/usr/include/stdio.h:177: error: shadowed declaration is here [-Wshadow]

	* src/qemu/qemu_hotplug.c (qemuDomainAttachChrDevice): Avoid the
	name 'remove'.

2013-07-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Change the owner of live attached host devices
	The owner of this host devices should be the root user of container.

	LXC: Change the owner of host devices to the root of container
	These host devices are created for container,
	the owner should be the root user of container.

	LXC: Create host devices for container on host side
	Otherwise the container will fail to start if we
	enable user namespace, since there is no rights to
	do mknod in uninit user namespace.

	LXC: Change the owner of live attached disk device
	The owner of this disk device should be the root user of container.

2013-07-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Move virLXCControllerChown to lxc_container.c
	lxc driver will use this function to change the owner
	of hot added devices.

	Move virLXCControllerChown to lxc_container.c and Rename
	it to lxcContainerChown.

2013-07-16  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: controller: change the owner of disk to the root of container
	These disk devices are created for container,
	the owner should be the root user of container.

	LXC: Setup disks for container on host side
	Since mknod in container is forbidden, we should setup disks
	on host side.

2013-07-16  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()
	A part of the returned monitor response was freed twice and caused
	crashes of the daemon when using guest agent cpu count retrieval.

	 # virsh vcpucount dom --guest

	Introduced in v1.0.6-48-gc6afcb0

2013-07-16  Wido den Hollander  <wido@widodh.nl>

	rbd: Do not free the secret if it is not set
	Not all RBD (Ceph) storage pools have cephx authentication turned on,
	so "secret" might not be initialized.

	It could also be that the secret couldn't be located.

	Only call virSecretFree() if "secret" is initialized earlier.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Allow balloon driver collection to be adjusted dynamically
	Use the virDomainSetMemoryStatsPeriodFlags() to pass a period defined by
	usage of a new --period option in order to set the collection period for the
	balloon driver. This may enable or disable the collection based on the value.

	Add the --current, --live, & --config options to dommemstat.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Implement the virDomainSetMemoryStatsPeriod for QEMU driver
	Implement the new API that will handle setting the balloon driver statistics
	collection period in order to enable or disable the collection dynamically.

	Specify remote protocol for virDomainSetMemoryStatsPeriod
	Wire up the remote protocol

	Add new public API virDomainSetMemoryStatsPeriod
	Add new API in order to set the balloon memory driver statistics collection
	period in order to allow dynamic period adjustment for the virsh dommemstats to
	display balloon stats data

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Add capability to fetch balloon stats
	This patch will add the qemuMonitorJSONGetMemoryStats() to execute a
	"guest-stats" on the balloonpath using "get-qom" replacing the former
	mechanism which looked through the "query-ballon" returned data for
	the fields.  The "query-balloon" code only returns 'actual' memory.
	Rather than duplicating the existing code, have the JSON API use the
	GetBalloonInfo API.

	A check in the qemuMonitorGetMemoryStats() will be made to ensure the
	balloon driver path has been set.  Since the underlying JSON code can
	return data not associated with the balloon driver, we don't fail on
	a failure to get the balloonpath.  Of course since we've made the check,
	we can then set the ballooninit flag.  Getting the path here is primarily
	due to the process reconnect path which doesn't attempt to set the
	collection period.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Determine whether to start balloon memory stats gathering.
	At vm startup and attach attempt to set the balloon driver statistics
	collection period based on the value found in the domain xml file. This
	is not done at reconnect since it's possible that a collection period
	was set on the live guest and making the set period call would reset to
	whatever value is stored in the config file.

	Setting the stats collection period has a side effect of searching through
	the qom-list output for the virtio balloon driver and making sure that it
	has the right properties in order to allow setting of a collection period
	and eventually fetching of statistics.

	The walk through the qom-list is expensive and thus the balloonpath will
	be saved in the monitor private structure as well as a flag indicating
	that the initialization has already been attempted (in the event that a
	path is not found, no sense to keep checking).

	This processing model conforms to the qom object model model which
	requires setting object properties after device startup. That is, it's
	not possible to pass the period along via the startup code as it won't
	be recognized.

2013-07-16  John Ferlan  <jferlan@redhat.com>

	Add 'period' for Memballoon statistics gathering capability
	Add a period in seconds to allow/enable statistics gathering from the
	Balloon driver for 'virsh dommemstat <domain>'.

2013-07-16  Alex Jia  <ajia@redhat.com>

	qemu: Prevent crash of libvirtd without guest agent configuration
	If users haven't configured guest agent then qemuAgentCommand() will
	dereference a NULL 'mon' pointer, which causes crash of libvirtd when
	using agent based cpu (un)plug.

	With the patch, when the qemu-ga service isn't running in the guest,
	a expected error "error: Guest agent is not responding: Guest agent
	not available for now" will be raised, and the error "error: argument
	unsupported: QEMU guest agent is not configured" is raised when the
	guest hasn't configured guest agent.

	GDB backtrace:

	 (gdb) bt
	 #0  virNetServerFatalSignal (sig=11, siginfo=<value optimized out>, context=<value optimized out>) at rpc/virnetserver.c:326
	 #1  <signal handler called>
	 #2  qemuAgentCommand (mon=0x0, cmd=0x7f39300017b0, reply=0x7f394b090910, seconds=-2) at qemu/qemu_agent.c:975
	 #3  0x00007f39429507f6 in qemuAgentGetVCPUs (mon=0x0, info=0x7f394b0909b8) at qemu/qemu_agent.c:1475
	 #4  0x00007f39429d9857 in qemuDomainGetVcpusFlags (dom=<value optimized out>, flags=9) at qemu/qemu_driver.c:4849
	 #5  0x00007f3957dffd8d in virDomainGetVcpusFlags (domain=0x7f39300009c0, flags=8) at libvirt.c:9843

	How to reproduce?

	 # To start a guest without guest agent configuration
	 # then run the following cmdline

	 # virsh vcpucount foobar --guest
	 error: End of file while reading data: Input/output error
	 error: One or more references were leaked after disconnect from the hypervisor
	 error: Failed to reconnect to the hypervisor

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=984821

2013-07-16  Martin Kletzander  <mkletzan@redhat.com>

	Make logical pools independent on target path
	When using logical pools, we had to trust the target->path provided.
	This parameter, however, can be completely ommited and we can use
	'/dev/<source.name>' safely and populate it to target.path.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=952973

2013-07-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuhotplugtest: Introduce test for chardev hotplug
	The test is currently testing just device update function. However,
	chardev hotplug is implemented just for device attach and detach. This
	fact means, the test needs to be rewritten (the majority of the code is
	still shared). Moreover, we are now able to pass VM among multiple test
	runs. So for instance, while we add a device in the first run, we can
	remove it in the second run.

	qemu: Implement chardev hotplug on live level
	Since previous patches has prepared everything for us, we may now
	implement live hotplug of a character device.

	qemu: Implement chardev hotplug on config level
	There are two levels on which a device may be hotplugged: config
	and live. The config level requires just an insert or remove from
	internal domain definition structure, which is exactly what this
	patch does. There is currently no implementation for a chardev
	update action, as there's not much to be updated. But more
	importantly, the only thing that can be updated is path or socket
	address by which chardevs are distinguished. So the update action
	is currently not supported.

	domain_conf: Auto fill chardev port
	Now that we have callbacks, we should auto fill in omitted pieces of
	information. It's important for chardev hotplug to fill in the correct
	/{serial,parallel,console,channel}/target/@port if no value has been
	provided by user.

2013-07-16  Peter Krempa  <pkrempa@redhat.com>

	cpu: Allow fine tuning of "host-model" cpu
	https://bugzilla.redhat.com/show_bug.cgi?id=799354

	Until now, the "host-model" cpu mode couldn't be influenced. This patch
	allows to use the <feature> elements to either enable or disable
	specific CPU flags. This can be used to force flags that can be emulated
	even if the host CPU doesn't support them.

2013-07-16  Peter Krempa  <pkrempa@redhat.com>

	cpu: Clean up code style

	cpu: Add virCPUDefUpdateFeature()
	This new function updates or adds a feature to a existing cpu model
	definition. This function will be helpful to allow tuning of
	"host-model" features in later patches.

	conf: Clean up error reporting in cpu definition parsing
	Use VIR_ERR_XML_ERROR instead of VIR_ERR_INTERNAL_ERROR in XML parsing
	code and move "%s" formating strings right after the error code.

2013-07-15  John Ferlan  <jferlan@redhat.com>

	storage_conf: Merge AuthChap and AuthCephx into AuthSecret
	Merge virStoragePoolDefParseAuthChap and virStoragePoolDefParseAuthCephx
	into a common virStoragePoolDefParseAuthSecret.  Change the output to be
	common for both by putting 'type' first followed by 'username'.

	storage_conf: Move username processing into common function
	Move the auth->username processing into virStoragePoolDefParseAuth
	save the resulting username into chap/cephx specific data

2013-07-15  John Ferlan  <jferlan@redhat.com>

	storage_pool: Rework chap XML to mimic ceph
	The existing 'chap' XML logic was never used - just defined.  Rather than
	try to insert a square peg into a round hole, blow it up and rewrite the
	logic to follow the 'ceph' format.

	Remove the former "chap.login" and "chap.passwd" fields and replace
	with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
	Adjust the virStoragePoolDefParseAuthChap() to process.

	Change the rng file to describe the new layout

	Update the formatstorage.html to describe the usage of the secret element
	to mention that the secret type "iscsi" and "ceph" can be used
	to storage pool too.

	Update the formatsecret.html to include a reference to the storage pool

	Update tests to handle the changes from 'login' and 'passwd' to 'username'
	and '<secret>' format

2013-07-15  John Ferlan  <jferlan@redhat.com>

	storage_conf: Move auth processing into virStoragePoolDefParseAuth
	Split processing of "<auth" into its own function

	storage_conf: Introduce virStoragePoolAuthSecretPtr
	Split out the _virStoragePoolAuthSecret data from _virStoragePoolAuthCephx
	into its own structure

	storage_conf: Adjust virStoragePoolAuthType enum
	Generate and use the virStoragePoolAuthTypeType{To|From}String helpers

2013-07-15  John Ferlan  <jferlan@redhat.com>

	Add qemuMonitorJSONSetObjectProperty() method for QMP qom-set command
	Add a new qemuMonitorJSONSetObjectProperty() method to support invocation
	of the 'qom-set' JSON monitor command with a provided path, property, and
	expected data type to set.

	NOTE: The set API was added only for the purpose of the qemumonitorjsontest

	The test code uses the same "/machine/i440fx" property as the get test and
	attempts to set the "realized" property to "true" (which it should be set
	at anyway).

2013-07-15  John Ferlan  <jferlan@redhat.com>

	Add qemuMonitorJSONGetObjectProperty() method for QMP qom-get command
	Add a new qemuMonitorJSONGetObjectProperty() method to support invocation
	of the 'qom-get' JSON monitor command with a provided path, property, and
	expected data type return. The qemuMonitorJSONObjectProperty is similar to
	virTypedParameter; however, a future patch will extend it a bit to include
	a void pointer to balloon driver statistic data.

	NOTE: The ObjectProperty structures and API are added only for the
	      purpose of the qemumonitorjsontest

	The provided test will execute a qom-get on "/machine/i440fx" which will
	return a property "realized".

2013-07-15  John Ferlan  <jferlan@redhat.com>

	Add qemuMonitorJSONGetObjectListPaths() method for QMP qom-list command
	Add a new qemuMonitorJSONGetObjectListPaths() method to support invocation
	of the 'qom-list' JSON monitor command with a provided path.

	NOTE: The ListPath structures and API's are added only for the
	      purpose of the qemumonitorjsontest

	The returned list of paired data fields of "name" and "type" that can
	be used to peruse QOM configuration data and eventually utilize for the
	balloon statistics.

	The test does a "{"execute":"qom-list", "arguments": { "path": "/"}}" which
	returns "{"return": [{"name": "machine", "type": "child<container>"},
	{"name": "type", "type": "string"}]}" resulting in a return of an array
	of 2 elements with [0].name="machine", [0].type="child<container>".  The [1]
	entry appears to be a header that could be used some day via a command such
	as "virsh qemuobject --list" to format output.

2013-07-15  Matthew Rosato  <mjrosato@linux.vnet.ibm.com>

	qemu: add macvlan delete to qemuDomainAttachNetDevice cleanup
	If an error occurs during qemuDomainAttachNetDevice after the macvtap
	was created in qemuPhysIfaceConnect, the macvtap device gets left behind.
	This patch adds code to the cleanup routine to delete the macvtap.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2013-07-15  Laine Stump  <laine@laine.org>

	pci: make virPCIDeviceReset more autonomous
	I recently patches the callers to virPCIDeviceReset() to not call it
	if the current driver for a device was vfio-pci (since that driver
	will always reset the device itself when appropriate. At the time, Dan
	Berrange suggested that I could instead modify virPCIDeviceReset
	to check the currently bound driver for the device, and decide
	for itself whether or not to go ahead with the reset.

	This patch removes the previously added checks, and replaces them with
	a check down in virPCIDeviceReset(), as suggested.

	The functional difference here is that previously we were deciding
	based on either the hostdev configuration or the value of
	stubDriverName in the virPCIDevice object, but now we are actually
	comparing to the "driver" link in the device's sysfs entry
	directly. In practice, both should be the same.

2013-07-15  Laine Stump  <laine@laine.org>

	pci: reorder static functions
	virPCIDeviceGetDriverPathAndName is a static function that will need
	to be called by another function that occurs above it in the
	file. This patch reorders the static functions so that a forward
	declaration isn't needed.

2013-07-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildChrDeviceCommandLine: Don't leak devstr
	It's caller's responsibility to free return value of
	qemuBuildChrDeviceStr().

2013-07-15  Guannan Ren  <gren@redhat.com>

	python: return dictionary without value in case of no blockjob
	Currently, when there is no blockjob, dom.blockJobInfo('vda')
	still reports error because it doesn't distinguish return value 0 from -1.
	libvirt.libvirtError: virDomainGetBlockJobInfo() failed

	virDomainGetBlockJobInfo() API return value:
	 -1 in case of failure, 0 when nothing found, 1 found.

	And use PyDict_SetItemString instead of PyDict_SetItem when key is
	of string type. PyDict_SetItemString increments key/value reference
	count, so call Py_DECREF() for value. For key, we don't need to
	do this, because PyDict_SetItemString will handle it internally.

2013-07-12  Ján Tomko  <jtomko@redhat.com>

	conf: reject pci-root controllers with non-zero indexes
	https://bugzilla.redhat.com/show_bug.cgi?id=981261

2013-07-12  Jincheng Miao  <jmiao@redhat.com>

	Change domain controller index type to unsigned
	Error out on negative index values.

	https://bugzilla.redhat.com/show_bug.cgi?id=981261

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	virsh: Mention --driver in man page for nodedev-detach
	https://bugzilla.redhat.com/show_bug.cgi?id=982987

	Commit d923f6c8 introduced the --driver option but didn't document it in
	the man page. The docs are borrowed from the public API documentation.

2013-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add a couple of debug statements to LXC driver
	When failing to start a container due to inaccessible root
	filesystem path, we did not log any meaningful error. Add a
	few debug statements to assist diagnosis

2013-07-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Introduce qemuBuildChrDeviceStr
	The function being introduced is responsible for creating command
	line argument for '-device' for given character device. Based on
	the chardev type, it calls appropriate qemuBuild.*ChrDeviceStr(),
	e.g.  qemuBuildSerialChrDeviceStr() for serial chardev and so on.

	qemu_command: Honour chardev alias assignment with a function
	The chardev alias assignment is going to be needed in a separate
	places, so it should be moved into a separate function rather
	than copying code randomly around.

	qemu_monitor: Introduce qemuMonitorDetachCharDev
	This function wraps 'chardev-remove' qemu monitor command around.
	It takes chardev alias as its single argument besides qemu monitor
	pointer.

	qemu_monitor: Introduce qemuMonitorAttachCharDev
	The function being introduced is responsible for preparing and
	executing 'chardev-add' qemu monitor command. Moreover, in case
	of PTY chardev, the corresponding pty path is updated.

	qemu_monitor_json: Move InetSocketAddress build to a separate function
	Currently, we are building InetSocketAddress qemu json type
	within the qemuMonitorJSONNBDServerStart function. However, other
	future functions may profit from the code as well. So it should
	be moved into a static function.

2013-07-12  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Introduce chardev hotplug helpers
	For now, only these three helpers are needed:
	virDomainChrFind - to find a duplicate chardev within VM def
	virDomainChrInsert - wrapper for inserting a new chardev into VM def
	virDomainChrRemove - wrapper for removing chardev from VM def

	There is, however, one internal helper as well:
	virDomainChrGetDomainPtrs which sets given pointers to one of
	vmdef->{parallels,serials,consoles,channels} based on passed
	chardev type.

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	remote: Improve libssh2 password authentication
	This patch enables the password authentication in the libssh2 connection
	driver. There are a few benefits to this step:

	1) Hosts with challenge response authentication will now be supported
	with the libssh2 connection driver.

	2) Credential for hosts can now be stored in the authentication
	credential config file

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	libssh2: Improve password based authentication
	The password authentication method wasn't used as there wasn't a
	pleasant way to pass the password. This patch adds the option to use
	virAuth util functions to request the password either from a config file
	or uses the conf callback to request it from the user.

2013-07-12  Peter Krempa  <pkrempa@redhat.com>

	virAuth: Don't require virConnectPtr to retrieve authentication creds
	Previously a connection object was required to retrieve the auth
	credentials. This patch adds the option to call the retrieval functions
	only using the connection URI or path to the configuration file. This
	will allow to use this toolkit to request passwords for ssh
	authentication in the libssh2 connection driver.

	Changes:
	*virAuthGetConfigFilePathURI(): use URI to retrieve the config file path
	*virAuthGetCredential(): Remove the need to propagate conn object

	virAuthGetPasswordPath():
	*virAuthGetUsernamePath(): New functions, that use config file path
	                           instead of conn object

2013-07-12  hejia hejia  <jiakernel@gmail.com>

	nodeinfo: Don't fail on non-contiguous NUMA topologies
	nodeGetFreeMemory and nodeGetCellsFreeMemory assumed that the NUMA nodes
	are contiguous and starting from 0. Unfortunately there are machines
	that don't match this assumption:

	available: 1 nodes (1)
	node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
	node 1 size: 16340 MB
	node 1 free: 11065 MB

	Before this patch:
	error: internal error Failed to query NUMA free memory
	error: internal error Failed to query NUMA free memory for node: 0

	After this patch:
	Total: 15772580 KiB
	0: 0 KiB

2013-07-11  Eric Blake  <eblake@redhat.com>

	util: make virSetUIDGID async-signal-safe
	https://bugzilla.redhat.com/show_bug.cgi?id=964358

	POSIX states that multi-threaded apps should not use functions
	that are not async-signal-safe between fork and exec, yet we
	were using getpwuid_r and initgroups.  Although rare, it is
	possible to hit deadlock in the child, when it tries to grab
	a mutex that was already held by another thread in the parent.
	I actually hit this deadlock when testing multiple domains
	being started in parallel with a command hook, with the following
	backtrace in the child:

	 Thread 1 (Thread 0x7fd56bbf2700 (LWP 3212)):
	 #0  __lll_lock_wait ()
	     at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
	 #1  0x00007fd5761e7388 in _L_lock_854 () from /lib64/libpthread.so.0
	 #2  0x00007fd5761e7257 in __pthread_mutex_lock (mutex=0x7fd56be00360)
	     at pthread_mutex_lock.c:61
	 #3  0x00007fd56bbf9fc5 in _nss_files_getpwuid_r (uid=0, result=0x7fd56bbf0c70,
	     buffer=0x7fd55c2a65f0 "", buflen=1024, errnop=0x7fd56bbf25b8)
	     at nss_files/files-pwd.c:40
	 #4  0x00007fd575aeff1d in __getpwuid_r (uid=0, resbuf=0x7fd56bbf0c70,
	     buffer=0x7fd55c2a65f0 "", buflen=1024, result=0x7fd56bbf0cb0)
	     at ../nss/getXXbyYY_r.c:253
	 #5  0x00007fd578aebafc in virSetUIDGID (uid=0, gid=0) at util/virutil.c:1031
	 #6  0x00007fd578aebf43 in virSetUIDGIDWithCaps (uid=0, gid=0, capBits=0,
	     clearExistingCaps=true) at util/virutil.c:1388
	 #7  0x00007fd578a9a20b in virExec (cmd=0x7fd55c231f10) at util/vircommand.c:654
	 #8  0x00007fd578a9dfa2 in virCommandRunAsync (cmd=0x7fd55c231f10, pid=0x0)
	     at util/vircommand.c:2247
	 #9  0x00007fd578a9d74e in virCommandRun (cmd=0x7fd55c231f10, exitstatus=0x0)
	     at util/vircommand.c:2100
	 #10 0x00007fd56326fde5 in qemuProcessStart (conn=0x7fd53c000df0,
	     driver=0x7fd55c0dc4f0, vm=0x7fd54800b100, migrateFrom=0x0, stdin_fd=-1,
	     stdin_path=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
	     flags=1) at qemu/qemu_process.c:3694
	 ...

	The solution is to split the work of getpwuid_r/initgroups into the
	unsafe portions (getgrouplist, called pre-fork) and safe portions
	(setgroups, called post-fork).

	* src/util/virutil.h (virSetUIDGID, virSetUIDGIDWithCaps): Adjust
	signature.
	* src/util/virutil.c (virSetUIDGID): Add parameters.
	(virSetUIDGIDWithCaps): Adjust clients.
	* src/util/vircommand.c (virExec): Likewise.
	* src/util/virfile.c (virFileAccessibleAs, virFileOpenForked)
	(virDirCreate): Likewise.
	* src/security/security_dac.c (virSecurityDACSetProcessLabel):
	Likewise.
	* src/lxc/lxc_container.c (lxcContainerSetID): Likewise.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for setgroups, not
	initgroups.

2013-07-11  Eric Blake  <eblake@redhat.com>

	util: add virGetGroupList
	Since neither getpwuid_r() nor initgroups() are safe to call in
	between fork and exec (they obtain a mutex, but if some other
	thread in the parent also held the mutex at the time of the fork,
	the child will deadlock), we have to split out the functionality
	that is unsafe.  At least glibc's initgroups() uses getgrouplist
	under the hood, so the ideal split is to expose getgrouplist for
	use before a fork.  Gnulib already gives us a nice wrapper via
	mgetgroups; we wrap it once more to look up by uid instead of name.

	* bootstrap.conf (gnulib_modules): Add mgetgroups.
	* src/util/virutil.h (virGetGroupList): New declaration.
	* src/util/virutil.c (virGetGroupList): New function.
	* src/libvirt_private.syms (virutil.h): Export it.

2013-07-11  Eric Blake  <eblake@redhat.com>

	util: improve user lookup helper
	A future patch needs to look up pw_gid; but it is wasteful
	to crawl through getpwuid_r twice for two separate pieces
	of information, and annoying to copy that much boilerplate
	code for doing the crawl.  The current internal-only
	virGetUserEnt is also a rather awkward interface; it's easier
	to just design it to let callers request multiple pieces of
	data as needed from one traversal.

	And while at it, I noticed that virGetXDGDirectory could deref
	NULL if the getpwuid_r lookup fails.

	* src/util/virutil.c (virGetUserEnt): Alter signature.
	(virGetUserDirectory, virGetXDGDirectory, virGetUserName): Adjust
	callers.

2013-07-11  John Ferlan  <jferlan@redhat.com>

	qemu_hostdev: Resolve Coverity issue
	Recent changes uncovered a possibility that 'last_processed_hostdev_vf'
	was set to -1 in 'qemuPrepareHostdevPCIDevices' and would cause problems
	in for loop end condition in the 'resetvfnetconfig' label if the
	variable was never set to 'i' due to 'qemuDomainHostdevNetConfigReplace'
	failure.

	storage_backend: Resolve Coverity issue
	The switch statement in 'virStorageBackendCreateQemuImgOpts' used the
	for loop end condition 'VIR_STORAGE_FILE_FEATURE_LAST' as a possible value,
	but since that cannot happen Coverity spits out a DEADCODE message. Adding
	the Coverity tag just removes the Coverity message

	virsh-nodedev: Resolve Coverity issues
	Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
	the processing of the 'ndevices' and its associated allocated arrays in
	'vshNodeDeviceListCollect' due to the possibility of returning -1 in a
	call and using the returned value as a for loop index end condition.

	virsh-interface: Resolve Coverity issues
	Recent changes uncovered FORWARD_NULL and NEGATIVE_RETURNS problems with
	the processing of the 'nActiveIfaces' and 'nInactiveIfaces' and their
	associated allocated arrays in 'vshInterfaceListCollect' due to the
	possibility of returning -1 in a call and using the return value as a
	for loop index end condition.

	virsh-domain-monitor: Resolve Coverity issues
	Recent changes uncovered a pair of NEGATIVE_RETURNS when processing the
	'nnames' in 'vshDomainListCollect' in the for loop due to possible -1 value.

2013-07-11  John Ferlan  <jferlan@redhat.com>

	testutils: Resolve Coverity issues
	Recent changes uncovered a NEGATIVE_RETURNS in the return from sysconf()
	when processing a for loop in virtTestCaptureProgramExecChild() in
	testutils.c

	Code review uncovered 3 other code paths with the same condition that
	weren't found by Covirity, so fixed those as well.

2013-07-11  John Ferlan  <jferlan@redhat.com>

	hellolibvirt: Resolve Coverity issues
	Recent changes uncovered a NEGATIVE_RETURNS when processing 'numNames'
	in 'showDomains' in the for loop after a possible -1 return.

2013-07-11  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Future patches need LGPLv2+ versions of some modules that had
	recent license changes; but separating the gnulib update from
	the actual use of the modules makes it easier to backport to
	an older version while avoiding a submodule update (assuming,
	of course, that the backport is to a system where glibc provides
	adequate functionaliy without needing the gnulib module).

	* .gnulib: Update to latest, for modules needed in later patches.

2013-07-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix hot (un-)plug error codes and messages
	With current code, error reporting for unsupported devices for hot plug,
	unplug and update is total mess. The VIR_ERR_CONFIG_UNSUPPORTED error
	code is reported instead of VIR_ERR_OPERATION_UNSUPPORTED. Moreover, the
	error messages are not helping to find the root cause (lack of
	implementation).

	conf: Rework virDomainDeviceDefParse
	When adding a new domain device, it is fairly easy to forget to add
	corresponding piece into virDomainDeviceDefParse. However, if the
	internal structure is changed to one bit switch() the compiler will warn
	about not handled enum item.

	conf: Extend device types handled by virDomainDeviceDefParse
	Not all device types are currently parsed in virDomainDeviceDefParse,
	Since all needed functions do exist, nothing holds us back to make the
	implementation complete. Similarly, the virDomainDeviceDefFree needs to
	be updated as well.

2013-07-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: remove some incorrect setting ATTRIBUTE_UNUSED
	these parameters shouldn't be marked as ATTRIBUTE_UNUSED.

2013-07-11  Ján Tomko  <jtomko@redhat.com>

	storage: return -1 when fs pool can't be mounted
	Don't reuse the return value of virStorageBackendFileSystemIsMounted.
	If it's 0, we'd return it even if the mount command failed.

	Also, don't report another error if it's -1, since one has already
	been reported.

	Introduced by 258e06c.

	https://bugzilla.redhat.com/show_bug.cgi?id=981251

2013-07-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Slightly increase memory limit
	For low-memory domains (roughly under 400MB) our automatic memory limit
	computation comes up with a limit that's too low. This is because the
	0.5 multiplication does not add enough for such small values. Let's
	increase the constant part of the computation to fix this.

2013-07-11  Laine Stump  <laine@laine.org>

	util: add rebase fix that was accidentally omitted from previous patch
	I had made the change locally, so make check and make syntax-check
	were successful, but forgot to add/commit. Unfortunately, git allows a
	push when the local directory is dirty, so it didn't catch my mistake.

2013-07-11  Laine Stump  <laine@laine.org>

	util: use VIR_(APPEND|DELETE)_ELEMENT for pci/usb device lists
	Eliminate memmove() by using VIR_*_ELEMENT API instead.

	In both pci and usb cases, the count that held the size of the list
	was unsigned int so it had to be changed to size_t.

2013-07-10  Daniel P. Berrange  <berrange@redhat.com>

	Prevent use of 'int' data type & 'ii', 'jj', 'kk' var names for loops
	Add two syntax-check rules

	 - sc_prohibit_int_ijk - block use of 'int' as a data type
	   for any variables named 'i', 'j', 'k'
	 - sc_prohibit_int_iijjkk - block use of 'ii', 'jj', 'kk'
	   for any variable names

2013-07-10  Daniel P. Berrange  <berrange@redhat.com>

	Convert 'int i' to 'size_t i' in examples/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in python/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/cpu/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/hyperv/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/interface/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/network/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/libxl/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/locking/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/lxc/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/node_device/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/nwfilter/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/openvz/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/parallels/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/phyp/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/qemu files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/remote/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/rpc/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/secret/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/security files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/test/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/uml/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/vbox/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/storage/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/{esx,vmx,vmware} files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/{xen,xenapi,xenxs} files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in tools/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in tests/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/util/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

	Convert 'int i' to 'size_t i' in src/conf/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

2013-07-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix bridge routines detection on kFreeBSD
	In order to properly detect bridge related definitions such as
	BRDGSFD, BRDGADD and BRDGDEL on kFreeBSD we need to include
	<stdint.h>.

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715321

	Reported by Laurent Bigonville.

2013-07-10  Ján Tomko  <jtomko@redhat.com>

	Fix crash when multiple event callbacks were registered
	CVE-2013-2230

	Don't overwrite the callback ID returned by
	virDomainEventStateRegisterID in ret by 0.

	Introduced by abf75aea.

2013-07-10  Ján Tomko  <jtomko@redhat.com>

	qemu: fix double free in qemuMigrationPrepareDirect
	Remove assignment of the string freed by virURIFree
	to hostname, since it's not used anywhere.

	Double free introduced by ddf8ad8, useless code
	introduced by f03dcc5.

	https://bugzilla.redhat.com/show_bug.cgi?id=977961

2013-07-10  Daniel P. Berrange  <berrange@redhat.com>

	Convert 'int i' to 'size_t i' in daemon/ files
	Convert the type of loop iterators named 'i', 'j', k',
	'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or
	'unsigned int', also santizing 'ii', 'jj', 'kk' to use
	the normal 'i', 'j', 'k' naming

2013-07-10  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_ALLOC and virAsprintf in tools/*

	Adapt to VIR_ALLOC and virAsprintf in tests/*

	Adapt to VIR_ALLOC and virAsprintf in src/*

	Adapt to VIR_ALLOC and virAsprintf in src/xenxs/*

	Adapt to VIR_ALLOC and virAsprintf in src/xenapi/*

	Adapt to VIR_ALLOC and virAsprintf in src/xen/*

	Adapt to VIR_ALLOC and virAsprintf in src/vmx/*

	Adapt to VIR_ALLOC and virAsprintf in src/vmware/*

	Adapt to VIR_ALLOC and virAsprintf in src/vbox/*

	Adapt to VIR_ALLOC and virAsprintf in src/util/*

	Adapt to VIR_ALLOC and virAsprintf in src/uml/*

	Adapt to VIR_ALLOC and virAsprintf in src/test/*

	Adapt to VIR_ALLOC and virAsprintf in src/storage/*

	Adapt to VIR_ALLOC and virAsprintf in src/security/*

	Adapt to VIR_ALLOC and virAsprintf in src/secret/*

	Adapt to VIR_ALLOC and virAsprintf in src/rpc/*

	Adapt to VIR_ALLOC and virAsprintf in src/remote/*

	Adapt to VIR_ALLOC and virAsprintf in src/qemu/*

	Adapt to VIR_ALLOC and virAsprintf in src/phyp/*

	Adapt to VIR_ALLOC and virAsprintf in src/parallels/*

	Adapt to VIR_ALLOC and virAsprintf in src/openvz/*

	Adapt to VIR_ALLOC and virAsprintf in src/nwfilter/*

	Adapt to VIR_ALLOC and virAsprintf in src/network/*

	Adapt to VIR_ALLOC and virAsprintf in src/node_device/*

	Adapt to VIR_ALLOC and virAsprintf in src/lxc/*

	Adapt to VIR_ALLOC and virAsprintf in src/locking/*

	Adapt to VIR_ALLOC and virAsprintf in src/libxl/*

	Adapt to VIR_ALLOC and virAsprintf in src/interface/*

	Adapt to VIR_ALLOC and virAsprintf in src/hyperv/*

	Adapt to VIR_ALLOC and virAsprintf in src/esx/*

	Adapt to VIR_ALLOC and virAsprintf in src/cpu/*

	Adapt to VIR_ALLOC and virAsprintf in src/conf/*

	Adapt to VIR_ALLOC and virAsprintf in src/access/*

	Adapt to VIR_ALLOC and virAsprintf in daemon/*

	Adapt to VIR_ALLOC and virAsprintf in docs/

	Introduce OOM reporting to virAsprintf
	Actually, I'm turning this function into a macro as filename,
	function name and line number needs to be passed. The new
	function virAsprintfInternal is introduced with the extended set
	of arguments.

	viralloc: Report OOM error on failure
	Similarly to VIR_STRDUP, we want the OOM error to be reported in
	VIR_ALLOC and friends.

2013-07-10  Martin Kletzander  <mkletzan@redhat.com>

	Properly detect VMDK with internal version 2
	Initially proposed as [1], but then changed to comment fix only.  VMDK
	can have internal version set to 2 when there are few features added
	which do not affect us.  Thanks to Jan's commit a1ee8e18 this can be
	easily fixed by adding it to list of supported versions.

	[1] http://www.redhat.com/archives/libvir-list/2013-June/msg00419.html

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=836676

2013-07-10  Eric Blake  <eblake@redhat.com>

	build: honor autogen.sh --no-git
	Based on a report by Chandrashekar Shastri, at
	https://bugzilla.redhat.com/show_bug.cgi?id=979360

	On systems where git cannot access the outside world, a developer
	can instead arrange to get a copy of gnulib at the right commit
	via side channels (such as NFS share drives), set GNULIB_SRCDIR,
	then use ./autogen.sh --no-git.  In this setup, we will now
	avoid direct use of git.  Of course, this means no automatic
	gnulib updates when libvirt.git updates its submodule, but it
	is expected that any developer in such a situation is already
	prepared to deal with the fallout.

	* .gnulib: Update to latest, for bootstrap.
	* bootstrap: Synchronize from gnulib.
	* autogen.sh (no_git): Avoid git when requested.
	* cfg.mk (_update_required): Skip automatic rerun of bootstrap if
	we can't use git.
	* docs/compiling.html.in: Document this setup.
	* docs/hacking.html.in: Mention this.
	* HACKING: Regenerate.

2013-07-09  Eric Blake  <eblake@redhat.com>

	maint: tweak use of <a> in HACKING
	The previous handling of <a> tags led to some less-than-ideal
	layout in HACKING (most noticeable on a mid-sentence reference
	to the valgrind home page).

	* docs/hacking.html.in: Slight tweaks to <a> tags.
	* docs/hacking1.xsl: Move <a> handling...
	* docs/hacking2.xsl: ...here.
	* HACKING: Regenerate.

2013-07-09  Eric Blake  <eblake@redhat.com>

	maint: fix typo in qemu error message
	Introduced in commit d47eff88.

	* src/qemu/qemu_driver.c (qemuDomainSetVcpusFlags): Fix spelling.

2013-07-09  Cole Robinson  <crobinso@redhat.com>

	daemon: Fix command example in libvirtd.sasl
	sasldblistusers2 doesn't have a '-a' option

2013-07-09  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: hostdev: create parent directory for hostdev
	Create parent directroy for hostdev automatically when we
	start a lxc domain or attach a hostdev to a lxc domain.

	LXC: hostdev: introduce lxcContainerSetupHostdevCapsMakePath
	This helper function is used to create parent directory for
	the hostdev which will be added to the container. If the
	parent directory of this hostdev doesn't exist, the mknod of
	the hostdev will fail. eg with /dev/net/tun

2013-07-09  Richard Weinberger  <richard@nod.at>

	LXC: Create /dev/tty within a container
	Many applications use /dev/tty to read from stdin.
	e.g. zypper on openSUSE.

	Let's create this device node to unbreak those applications.
	As /dev/tty is a synonym for the current controlling terminal
	it cannot harm the host or any other containers.

2013-07-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	scsi: Fix construction of sysfs device path
	The device bus value was used instead of the device target when
	building the sysfs device path. Trivial.

2013-07-08  Peter Krempa  <pkrempa@redhat.com>

	selinux: Always generate imagelabel
	The imagelabel SELinux label was only generated when relabeling was
	enabled. This prohibited labeling of files created by libvirt that need
	to be labeled even if relabeling is turned off.

	The only codepath this change has direct impact on is labeling of FDs
	passed to qemu which is always safe in current state.

2013-07-08  Peter Krempa  <pkrempa@redhat.com>

	selinux: Cleanup coding style

2013-07-08  John Ferlan  <jferlan@redhat.com>

	Resolve Coverity complaints in tests/securityselinuxlabeltest.c
	Two complaints of RESOURCE_FREE due to going to cleanup prior to a
	VIR_FREE(line).  Two complaints of FORWARD_NULL due to 'tmp' being
	accessed after a strchr() without first checking if the return was NULL.

	While looking at the code it seems that 'line' need only be allocated
	once as the while loop will keep reading into line until eof causing
	an unreported leak since line was never VIR_FREE()'d at the bottom of
	the loop.

2013-07-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Set RLIMIT_MEMLOCK when memoryBacking/locked is used
	If a domain is configured to have all its memory locked, we need to set
	RLIMIT_MEMLOCK so that QEMU is actually allowed to lock the memory.

	qemu: Use qemuDomainMemoryLimit when computing memory for VFIO

	qemu: Move memory limit computation to a reusable function

	Don't spam logs with "port 0 must be in range" errors
	Whenever virPortAllocatorRelease is called with port == 0, it complains
	that the port is not in an allowed range, which is expectable as the
	port was never allocated. Let's make virPortAllocatorRelease ignore 0
	ports in a similar way free() ignores NULL pointers.

	qemu: Release correct websocket port

2013-07-08  Jiri Denemark  <jdenemar@redhat.com>

	Paused domain should remain paused after migration
	https://bugzilla.redhat.com/show_bug.cgi?id=981139

	If a domain is paused before migration starts, we need to tell that to
	the destination libvirtd to prevent it from resuming the domain at the
	end of migration. This regression was introduced by commit 5379bb0.

2013-07-04  Ján Tomko  <jtomko@redhat.com>

	conf: don't check hyperv spinlock retries if disabled
	<hyperv>
	  <spinlocks state='off'/>
	</hyperv>

	results in:
	error: XML error: missing HyperV spinlock retry count

	Don't require retries when state is off and use virXPathUInt
	instead of virXPathString to simplify parsing.

	https://bugzilla.redhat.com/show_bug.cgi?id=784836#c19

2013-07-04  Jiri Denemark  <jdenemar@redhat.com>

	Fix NULL dereference caused by ACL filtering of domains
	Caused by 763973607ddace04562da1a1e545ab6692d5175f.

2013-07-04  Ján Tomko  <jtomko@redhat.com>

	Unlock the storage volume object after looking it up
	Introduced by c930410.

	https://bugzilla.redhat.com/show_bug.cgi?id=980676

2013-07-04  Ján Tomko  <jtomko@redhat.com>

	Fix build with clang
	Partially revert cdd703f's revert of c163410, as linking with clang
	with --param=ssp-buffer-size=4 still fails with:
	"argument unused during compilation".

2013-07-03  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: fix deadlock in libxlReconnectDomain
	Use virDomainObjListRemoveLocked instead of virDomainObjListRemove, as
	driver->domains is already taken by virDomainObjListForEach.

	Above deadlock can be triggered when libvirtd is started after some
	domain have been started by hand (in which case driver will not find
	libvirt-xml domain config).

2013-07-03  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	conf: virDomainObjListRemoveLocked function
	While iterating with virDomainObjListForEach it is safe to remove
	current element. But while iterating, 'doms' lock is already taken, so
	can't use standard virDomainObjListRemove. So introduce
	virDomainObjListRemoveLocked for this purpose.

2013-07-03  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	The latest mingw headers on Fedora 19 fail to build with gnulib
	without an update.

	Meanwhile, now that upstream gnulib has better handling of -W
	probing for clang, we can drop some of our own solutions in
	favor of upstream; thus this reverts commit c1634100, "Correctly
	detect warning flags with clang".

	* .gnulib: Update to latest, for mingw and clang.

2013-07-03  Daniel P. Berrange  <berrange@redhat.com>

	Extend the ACL test case to validate filter rule checks
	The 'check-aclrules' test case validates that there are ACL
	checks in each method. This extends it so that it can also
	validate that methods which return info about lists of objects,
	will filter their returned info throw an ACL check.

2013-07-03  Daniel P. Berrange  <berrange@redhat.com>

	Add access control filtering of interface objects
	Ensure that all APIs which list interface objects filter
	them against the access control system.

	This makes the APIs for listing names and counting devices
	slightly less efficient, since we can't use the direct
	netcf APIs for these tasks. Instead we have to ask netcf
	for the full list of objects & iterate over the list
	filtering them out.

2013-07-03  Daniel P. Berrange  <berrange@redhat.com>

	Add access control filtering of nwfilter objects
	Ensure that all APIs which list nwfilter objects filter
	them against the access control system.

	Add access control filtering of secret objects
	Ensure that all APIs which list secret objects filter
	them against the access control system.

	Add access control filtering of storage objects
	Ensure that all APIs which list storage objects filter
	them against the access control system.

	Add access control filtering of node device objects
	Ensure that all APIs which list node device objects filter
	them against the access control system.

	Add access control filtering of network objects
	Ensure that all APIs which list network objects filter
	them against the access control system.

	Change signature of ACL filter functions
	Change the ACL filter functions to use a 'bool' return
	type instead of a tri-state 'int' return type. The callers
	of these functions don't want to distinguish 'auth failed'
	from other errors.

	Add access control filtering of domain objects
	Ensure that all APIs which list domain objects filter
	them against the access control system.

2013-07-03  Guido Günther  <agx@sigxcpu.org>

	Put virt-sanlock-cleanup into section 8
	as indicated by the filename.

2013-07-03  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Allow seamless migration for domains with multiple graphics
	Since commit 23e8b5d8, the code is refactored in a way that supports
	domains with multiple graphics elements and commit 37b415200 allows
	starting such domains.  However none of those commits take migration
	into account.  Even though qemu doesn't support relocation for
	anything else than SPICE and for no more than one graphics, there is no
	reason to hardcode one graphics into this part of the code as well.

	qemu: Don't miss errors when changing graphics passwords
	Commit 23e8b5d8e7a92bac85b7fd2aca8992501bf680ee forgot to check the
	return value for all calls to qemuDomainChangeGraphicsPasswords().

2013-07-03  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: blkio: allow to setup weight_device
	libivrt lxc can only set generic weight for container,
	This patch allows user to setup per device blkio
	weigh for container.

	LXC: fix memory leak when userns configuration is incorrect
	We forgot to free the stack when Kernel doesn't
	support user namespace.

2013-07-03  Michal Privoznik  <mprivozn@redhat.com>

	virNetDevBandwidthUnplug: Don't leak @cmd
	When removing a TAP device, the associated bandwidth settings are
	removed. Currently, the /sbin/tc is used for that. It is spawned
	several times. Moreover, we use the same @cmd variable to
	construct the command and its arguments. That means we need to
	virCommandFree(cmd); prior to each virCommandNew(TC); which
	wasn't done.

	virCgroupNewPartition: Don't leak @newpath
	The @newpath variable is allocated in virCgroupSetPartitionSuffix(). But
	it's newer freed.

2013-07-02  Chen Fan  <chen.fan.fnst@cn.fujitsu.com>

	qemu: Implement 'oncrash' coredump events when guest panicked
	Add doDumpCoreToAutoPath to implement
	'coredump-destroy' and 'coredump-restart' events of the 'on_crash'
	in the XML when domain crashed.

	qemu: Implement 'oncrash' events when guest panicked
	Add monitor callback API domainGuestPanic, that implements
	'destroy', 'restart' and 'preserve' events of the 'on_crash'
	in the XML when domain crashed.

	qemu: expose qemuProcessShutdownOrReboot()
	Later code will need this outside of qemu_process.c

	qemu: refactor processWatchdogEvent
	Split the code to make the driver workpool more generalized

	libvirt: Define domain crash event types
	This patch introduces domain crashed types and crashed reasons which
	will be used while guest panicked.

2013-07-02  Eric Blake  <eblake@redhat.com>

	build: don't ship access syms files in tarball
	On a mingw VPATH build (such as done by ./autobuild.sh), the tarball
	created by 'make dist' was including generated files.  The VPATH
	rules were then seeing that the tarball files were up-to-date, and
	not regenerating files locally, leading to this failure:

	  GEN      libvirt.syms
	cat: libvirt_access.syms: No such file or directory
	cat: libvirt_access_qemu.syms: No such file or directory
	cat: libvirt_access_lxc.syms: No such file or directory
	make: *** [libvirt.syms] Error 1

	We already have a category for generated sym files, which are
	intentionally not part of the tarball; stick the access sym
	files in that category.  The rearrange the declarations a bit
	to make it harder to repeat the problem, dropping things that
	are now redundant (for example, BUILT_FILES already includes
	GENERATED_SYM_FILES, so it does not also need to call out
	ACCESS_DRIVER_SYM_FILES).

	* src/Makefile.am (USED_SYM_FILES): Don't include generated files.
	(GENERATED_SYM_FILES): Access syms files are generated.
	(libvirt.syms): Include access syms files here.
	(ACCESS_DRIVER_SYMFILES): Rename...
	(ACCESS_DRIVER_SYM_FILES): ...for consistency.

2013-07-02  Daniel P. Berrange  <berrange@redhat.com>

	Add some misc debugging to LXC startup
	Add some debug logging of LXC wait/continue messages
	and uid/gid map update code.

	Ignore failure to mount SELinux filesystem in container
	User namespaces will deny the ability to mount the SELinux
	filesystem. This is harmless for libvirt's LXC needs, so the
	error can be ignored.

2013-07-02  Eric Blake  <eblake@redhat.com>

	build: work around mingw header pollution
	On Fedora 18, when cross-compiling to mingw with the mingw*-dbus
	packages installed, compilation fails with:

	  CC       libvirt_net_rpc_server_la-virnetserver.lo
	In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-connection.h:32:0,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-bus.h:30,
	                 from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus.h:31,
	                 from ../../src/util/virdbus.h:26,
	                 from ../../src/rpc/virnetserver.c:39:
	/usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-message.h:74:58: error: expected ';', ',' or ')' before 'struct'

	I have reported this as a bug against two packages:
	- mingw-headers, for polluting the namespace
	https://bugzilla.redhat.com/show_bug.cgi?id=980270
	- dbus, for not dealing with the pollution
	https://bugzilla.redhat.com/show_bug.cgi?id=980278

	At least dbus has agreed that a future version of dbus headers will
	do s/interface/iface/, regardless of what happens in mingw. But it
	is also easy to workaround in libvirt in the meantime, without having
	to wait for either mingw or dbus to upgrade.

	* src/util/virdbus.h (includes): Undo mingw's pollution so that
	dbus doesn't fail.

2013-07-02  Michal Privoznik  <mprivozn@redhat.com>

	qemuNodeDeviceDetachFlags: Avoid use of uninitialized variables
	After abf75aea24 the compiler screams:

	qemu/qemu_driver.c: In function 'qemuNodeDeviceDetachFlags':
	qemu/qemu_driver.c:10693:9: error: 'domain' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	     pci = virPCIDeviceNew(domain, bus, slot, function);
	         ^
	qemu/qemu_driver.c:10693:9: error: 'bus' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	qemu/qemu_driver.c:10693:9: error: 'slot' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	qemu/qemu_driver.c:10693:9: error: 'function' may be used uninitialized in this function [-Werror=maybe-uninitialized]

	Since the other functions qemuNodeDeviceReAttach and qemuNodeDeviceReset
	looks exactly the same, I've initialized the variables there as well.
	However, I am still wondering why those functions don't matter to gcc
	while the first one does.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fuse: Change files owner to the root user of container
	The owner of the /proc/meminfo in container should
	be the root user of container.

	LXC: controller: change the owner of /dev/pts and ptmx to the root of container
	These files are created for container,
	the owner should be the root user of container.

	LXC: controller: change the owner of devices created on host
	Since these devices are created for the container.
	the owner should be the root user of the container.

	LXC: controller: change the owner of /dev to the root user of container
	container will create /dev/pts directory in /dev.
	the owner of /dev should be the root user of container.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: controller: change the owner of tty devices to the root user of container
	Since these tty devices will be used by container,
	the owner of them should be the root user of container.

	This patch also adds a new function virLXCControllerChown,
	we can use this general function to change the owner of
	files.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Creating devices for container on host side
	user namespace doesn't allow to create devices in
	uninit userns. We should create devices on host side.

	We first mount tmpfs on dev directroy under state dir
	of container. then create devices under this dev dir.

	Finally in container, mount the dev directroy created
	on host to the /dev/ directroy of container.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID
	This patch introduces new helper function
	virLXCControllerSetupUserns, in this function,
	we set the files uid_map and gid_map of the init
	task of container.

	lxcContainerSetID is used for creating cred for
	tasks running in container. Since after setuid/setgid,
	we may be a new user. This patch calls lxcContainerSetUserns
	at first to make sure the new created files belong to
	right user.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: sort the uidmap/gidmap of domain
	Make sure the mapping line contains the root user of container
	is the first element of idmap array. So we can get the real
	user id on host for the container easily.

	This patch also check the map information, User must map
	the root user of container to any user of host.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: enable user namespace only when user set the uidmap
	User namespace will be enabled only when the idmap exist
	in configuration.

	If you want disable user namespace,just remove these
	elements from XML.

	If kernel doesn't support user namespace and idmap exist
	in configuration file, libvirt lxc will start failed and
	return "Kernel doesn't support user namespace" message.

2013-07-02  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Introduce New XML element for user namespace
	This patch introduces new element <idmap> for
	user namespace. for example
	<idmap>
	    <uid start='0' target='1000' count='10'/>
	    <gid start='0' target='1000' count='10'/>
	</idmap>

	this new element is used for setting proc files
	/proc/<pid>/{uid_map,gid_map}.

	This patch also supports multiple uid/gid elements
	setting in XML configuration.

	We don't support the semi configuation, user has to
	configure uid and gid both.

2013-07-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve info message and remove a variable in qemuDomainManagedSave
	Mention the domain name that is being saved and remove the unneeded
	variable that only stores a constant.

	docs: Document hypervisor drivers that support certain timer models
	Not every timer model is supported with each hypervisor. Explicitly
	mention the driver supporting each timer model.

2013-07-02  Ján Tomko  <jtomko@redhat.com>

	qemu: fix return value of qemuDomainBlockPivot on errors
	If qemuMonitorBlockJob returned 0, qemuDomainBlockPivot
	might return 0 even if an error occured.

	https://bugzilla.redhat.com/show_bug.cgi?id=977678

2013-07-02  Dario Faggioli  <dario.faggioli@citrix.com>

	libxl: implement per NUMA node free memory reporting
	By providing the implementation of nodeGetCellsFreeMemory for
	the driver. This is all just a matter of properly formatting, in
	a way that libvirt like, what Xen provides via libxl_get_numainfo().

	[raistlin@Zhaman ~]$ sudo virsh --connect xen:/// freecell --all
	    0:      25004 KiB
	    1:     105848 KiB
	--------------------
	Total:     130852 KiB

2013-07-02  Eric Blake  <eblake@redhat.com>

	build: configure must not affect tarball contents
	On mingw, configure sets the name of the lxc symfile to
	libvirt_lxc.defs rather than libvirt_lxc.syms.  But tarballs
	must be arch-independent, regardless of the configure options
	used for the tree where we ran 'make dist'.  This led to the
	following failure in autobuild.sh:

	  CCLD     libvirt-lxc.la
	  CCLD     libvirt-qemu.la
	/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
	collect2: error: ld returned 1 exit status
	make[3]: *** [libvirt-lxc.la] Error 1
	make[3]: *** Waiting for unfinished jobs....

	We were already doing the right thing with libvirt_qemu.syms.

	* src/Makefile.am (EXTRA_DIST): Don't ship a built file which
	depends on configure for its final name.

2013-07-01  Eric Blake  <eblake@redhat.com>

	build: avoid build failure without gnutls
	Found while trying to cross-compile to mingw:

	  CC       libvirt_driver_remote_la-remote_driver.lo
	../../src/remote/remote_driver.c: In function 'doRemoteOpen':
	../../src/remote/remote_driver.c:487:23: error: variable 'verify' set but not used [-Werror=unused-but-set-variable]

	* src/remote/remote_driver.c (doRemoteOpen): Also ignore 'verify'.

2013-07-01  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Drop iptablesContext
	iptablesContext holds only 4 pairs of iptables
	(table, chain) and there's no need to pass
	it around.

	This is a first step towards separating bridge_driver.c
	in platform-specific parts.

2013-07-01  Ján Tomko  <jtomko@redhat.com>

	qemu: indentation fix

2013-07-01  Michal Novotny  <minovotn@redhat.com>

	qemu: Implement CPUs check against machine type's cpu-max
	Implement check whether (maximum) vCPUs doesn't exceed machine
	type's cpu-max settings.

	On older versions of QEMU the check is disabled.

2013-07-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.1.0
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: updated localizations and regenerated

2013-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Crash of libvirtd by unprivileged user in virConnectListAllInterfaces
	On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
	> Hi Security Team,
	>
	> I've discovered a way for an unprivileged user with a readonly connection
	> to libvirtd, to crash the daemon.

	Ok, the final patch for this is issue will be the simpler variant that
	Eric suggested

	The embargo can be considered to be lifted on Monday July 1st, at
	0900 UTC

	The following is the GIT change that DV or myself will apply to libvirt
	GIT master immediately before the 1.1.0 release:

	>From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
	From: "Daniel P. Berrange" <berrange@redhat.com>
	Date: Fri, 28 Jun 2013 10:48:37 +0100
	Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
	 filters

	The virConnectListAllInterfaces method has a double-free of the
	'struct netcf_if' object when any of the filtering flags cause
	an interface to be skipped over. For example when running the
	command 'virsh iface-list --inactive'

	This is a regression introduced in release 1.0.6 by

	  commit 7ac2c4fe624f30f2c8270116513fa2ddab07631f
	  Author: Guannan Ren <gren@redhat.com>
	  Date:   Tue May 21 21:29:38 2013 +0800

	    interface: list all interfaces with flags == 0

2013-07-01  Laine Stump  <laine@laine.org>

	pci: initialize virtual_functions array pointer to avoid segfault
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325

	The problem was that if virPCIGetVirtualFunctions was given the name
	of a non-existent interface, it would return to its caller without
	initializing the pointer to the array of virtual functions to NULL,
	and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE()
	the invalid pointer.

	The final error message before the crash would be:

	 virPCIGetVirtualFunctions:2088 :
	  Failed to open dir '/sys/class/net/eth2/device':
	  No such file or directory

	In this patch I move the initialization in virPCIGetVirtualFunctions()
	to the begining of the function, and also do an explicit
	initialization in virNetDevGetVirtualFunctions, just in case someone
	in the future adds code into that function prior to the call to
	virPCIGetVirtualFunctions.

2013-07-01  Laine Stump  <laine@laine.org>

	node device driver: update driver name during dumpxml
	This fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=979290
	  https://bugzilla.redhat.com/show_bug.cgi?id=979330

	The node device driver was written with the assumption that udev would
	use a "change" event to notify libvirt of any change to device status
	(including the name of the driver it was bound to). It turns out this
	is not the case (see Comment 4 of BZ 979290). That means that a
	dumpxml for a device would always show whatever driver happened to be
	bound at the time libvirt was started (when the node device cache was
	built).

	There was already code in the driver (for the benefit of the HAL
	backend) that updated the driver name from sysfs each time a device's
	info was retrieved from the cache. This patch just enables that manual
	update for the udev backend as well.

2013-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Document security reporting & handling process
	Historically security issues in libvirt have been primarily
	triaged & fixed by the Red Hat libvirt members & Red Hat
	security team, who then usually notify other vendors via
	appropriate channels. There have been a number of times
	when vendors have not been properly notified ahead of
	announcement. It has also disadvantaged community members
	who have to backport fixes to releases for which there are
	no current libvirt stable branches.

	To address this, we want to make the libvirt security process
	entirely community focused / driven. To this end I have setup
	a new email address "libvirt-security@redhat.com" for end
	users to report bugs which have (possible) security implications.

	This email addr is backed by an invitation only, private
	archive, mailing list. The intent is for the list membership
	to comprise a subset of the libvirt core team, along with any
	vendor security team engineers who wish to participate in a
	responsible disclosure process for libvirt. Members of the
	list will be responsible for analysing the problem to determine
	if a security issue exists and then issue fixes for all current
	official stable branches & git master.

	I am proposing the following libvirt core team people as
	members of the security team / list (all cc'd):

	   Daniel Berrange (Red Hat)
	   Eric Blake (Red Hat)
	   Jiri Denemar (Red Hat)
	   Daniel Veillard (Red Hat)
	   Jim Fehlig (SUSE)
	   Doug Goldstein (Gentoo)
	   Guido Günther (Debian)

	We don't have anyone from Ubuntu on the libvirt core team.
	Serge Hallyn is the most frequent submitter of patches from
	Ubuntu in recent history, so I'd like to invite him to join.
	Alternatively, Serge, feel free to suggest someone else to
	represent Ubuntu's interests.

	If any other vendors/distros have security people who are
	responsible for dealing with libvirt security issues, and
	want to join to get early disclosure of issues, they can
	suggest people. Existing security team members will vet /
	approve such requests to ensure they are genuine.

	Anyone on the team / list will be **required** to honour any
	embargo period agreed between members for non-public issues
	that are reported. The aim will be to have a maximum 2 week
	embargo period in the common case, extendable to 1 month if
	there is sufficient justification made. If anyone feels they
	are unable to follow such an embargo process for whatever
	reason, please decline membership of the security list/team.

	The patch which follows puts up some docs on the website
	about all of this....

	Document how to report security bugs and the process that
	will be used for addressing them.

2013-06-29  Eric Blake  <eblake@redhat.com>

	spec: require xen-devel for libxl driver
	When using 'rpmbuild --define "_without_xen 1"', but on a new enough
	Fedora where %{with_libxl} still gets set to 1 by default, the
	build dependencies were incomplete, which could result in 'make rpm'
	failing because ./configure failed to build the libxl driver.

	* libvirt.spec.in (BuildRequires): Fix xen-devel condition.

2013-06-29  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind errors for nodedev cap parsing
	There were two errors, one as a direct result of commit id '8807b285'
	and the other from cut-n-paste

	TEST: nodedevxml2xmltest
	      ..............                           14  OK
	==25735== 3 bytes in 1 blocks are definitely lost in loss record 1 of 24
	==25735==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==25735==    by 0x344D2AF275: xmlStrndup (in /usr/lib64/libxml2.so.2.9.1)
	==25735==    by 0x4D0C767: virNodeDeviceDefParseNode (node_device_conf.c:997)
	==25735==    by 0x4D0D3D2: virNodeDeviceDefParse (node_device_conf.c:1337)
	==25735==    by 0x401CA4: testCompareXMLToXMLHelper (nodedevxml2xmltest.c:28)
	==25735==    by 0x402B2F: virtTestRun (testutils.c:158)
	==25735==    by 0x401B27: mymain (nodedevxml2xmltest.c:81)
	==25735==    by 0x40316A: virtTestMain (testutils.c:722)
	==25735==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25735==
	==25735== 16 bytes in 1 blocks are definitely lost in loss record 10 of 24
	==25735==    at 0x4A08A6E: realloc (vg_replace_malloc.c:662)
	==25735==    by 0x4C7385E: virReallocN (viralloc.c:184)
	==25735==    by 0x4C73906: virExpandN (viralloc.c:214)
	==25735==    by 0x4C73B4A: virInsertElementsN (viralloc.c:324)
	==25735==    by 0x4D0C84C: virNodeDeviceDefParseNode (node_device_conf.c:1026)
	==25735==    by 0x4D0D3D2: virNodeDeviceDefParse (node_device_conf.c:1337)
	==25735==    by 0x401CA4: testCompareXMLToXMLHelper (nodedevxml2xmltest.c:28)
	==25735==    by 0x402B2F: virtTestRun (testutils.c:158)
	==25735==    by 0x401B27: mymain (nodedevxml2xmltest.c:81)
	==25735==    by 0x40316A: virtTestMain (testutils.c:722)
	==25735==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25735==
	PASS: nodedevxml2xmltest

	The first error was resolved by adding a missing VIR_FREE(numberStr); in
	the new function virNodeDevCapPciDevIommuGroupParseXML().

	The second error was a bit more opaque as the error was a result of copying
	the free methodolgy of the existing code in virNodeDevCapsDefFree(). The code
	would free each of the entries in the array, but not the memory for the
	array itself.  Added the necessary VIR_FREE(data->pci_dev.iommuGroupDevices)
	and while at it added the missing VIR_FREE(data->pci_dev.virtual_functions)
	although there wasn't a test that tripped across it (thus it's been lurking
	since commit id 'a010165d').

2013-06-29  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error in remoteConfigGetStringList()
	Commit id 'ed3bac71' introduced the following:

	TEST: libvirtdconftest
	      ........................................ 40  OK
	==25875== 690 (480 direct, 210 indirect) bytes in 30 blocks are definitely lost in loss record 18 of 24
	==25875==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25875==    by 0x4C737DF: virAllocN (viralloc.c:152)
	==25875==    by 0x403BC8: remoteConfigGetStringList (libvirtd-config.c:74)
	==25875==    by 0x4042CF: daemonConfigLoadOptions (libvirtd-config.c:382)
	==25875==    by 0x4052F5: daemonConfigLoadData (libvirtd-config.c:479)
	==25875==    by 0x40222C: testCorrupt (libvirtdconftest.c:112)
	==25875==    by 0x40321F: virtTestRun (testutils.c:158)
	==25875==    by 0x401FEE: mymain (libvirtdconftest.c:228)
	==25875==    by 0x40385A: virtTestMain (testutils.c:722)
	==25875==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25875==
	PASS: libvirtdconftest

2013-06-29  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error in virStorageBackendCreateQemuImgCmd()
	Commit id '53d5967c' introduced the following:

	TEST: storagevolxml2argvtest
	      ..............                           14  OK
	==25636== 358 (264 direct, 94 indirect) bytes in 1 blocks are definitely lost in loss record 67 of 75
	==25636==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25636==    by 0x4C95791: virAlloc (viralloc.c:124)
	==25636==    by 0x4CA0BB4: virCommandNewArgs (vircommand.c:805)
	==25636==    by 0x4CA0C88: virCommandNew (vircommand.c:789)
	==25636==    by 0x408602: virStorageBackendCreateQemuImgCmd (storage_backend.c:849)
	==25636==    by 0x405427: testCompareXMLToArgvHelper (storagevolxml2argvtest.c:61)
	==25636==    by 0x4064DF: virtTestRun (testutils.c:158)
	==25636==    by 0x40516F: mymain (storagevolxml2argvtest.c:195)
	==25636==    by 0x406B1A: virtTestMain (testutils.c:722)
	==25636==    by 0x37C1021A04: (below main) (libc-start.c:225)
	==25636==
	PASS: storagevolxml2argvtest

2013-06-29  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error in virNetDevVlanParse()
	Commit '861d4056' introduced the following:

	TEST: networkxml2xmltest
	      ..................                       18  OK
	==25504== 7 bytes in 1 blocks are definitely lost in loss record 5 of 23
	==25504==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==25504==    by 0x37C1085D71: strdup (strdup.c:42)
	==25504==    by 0x4CB835F: virStrdup (virstring.c:546)
	==25504==    by 0x4CC5179: virXPathString (virxml.c:90)
	==25504==    by 0x4CC75C2: virNetDevVlanParse (netdev_vlan_conf.c:78)
	==25504==    by 0x4CF928A: virNetworkPortGroupParseXML (network_conf.c:1555)
	==25504==    by 0x4CFE385: virNetworkDefParseXML (network_conf.c:2049)
	==25504==    by 0x4D0113B: virNetworkDefParseNode (network_conf.c:2273)
	==25504==    by 0x4D01254: virNetworkDefParse (network_conf.c:2234)
	==25504==    by 0x401E80: testCompareXMLToXMLHelper (networkxml2xmltest.c:32)
	==25504==    by 0x402D4F: virtTestRun (testutils.c:158)
	==25504==    by 0x401CE9: mymain (networkxml2xmltest.c:110)
	==25504==
	PASS: networkxml2xmltest

	Also changed the label from error to cleanup and adjusted code since it's
	all one exit path

2013-06-28  Philipp Hahn  <hahn@univention.de>

	doc: Fix reference to #elementsUSB
	aae0fc2a922b3e31dae7648c547fca2ac2587625 removed the #elementsUSB anchor
	but did not update the links to point to the new section #elementsHostDev.

2013-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize use of IF_MAXUNIT in virnetdevtap.c
	The IF_MAXUNIT macro is not present on all BSDs, so
	make its use conditional, to avoid breaking OS-X.

	Replace use of 'in_addr_t' with 'struct in_addr'
	The 'in_addr_t' typedef is not present in Mingw64 headers.
	Instead we can use the more portable 'struct in_addr' and
	then access its 's_addr' field.

2013-06-28  Doug Goldstein  <cardoe@cardoe.com>

	Allow RO connections to interface udev backend
	The udev based interface backend did not allow querying data over a
	read-only connection which is different than how the netcf backend
	operates. This brings the behavior inline with the default, netcf
	backend.

2013-06-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix VPATH build for access/*
	VPATH build failed for the generated access driver files.

2013-06-28  Dennis Chen  <xschen@tnsoft.com.cn>

	Fix vPort management: FC vHBA creation
	When creating a virtual FC HBA with virsh/libvirt API, an error message
	will be returned: "error: Node device not found",
	also the 'nodedev-dumpxml' shows wrong information of wwpn & wwnn
	for the new created device.

	Signed-off-by: xschen@tnsoft.com.cn

	This reverts f90af69 which switched wwpn & wwwn in the wrong place.

	https://www.kernel.org/doc/Documentation/scsi/scsi_fc_transport.txt

2013-06-28  Laine Stump  <laine@laine.org>

	util: fix build error on non-Linux systems
	Building on FreeBSD had this linker error:

	/work/a/ports/devel/libvirt/work/libvirt-1.1.0/src/.libs/libvirt.so:
	   undefined reference to `virPCIDeviceAddressParse'

	This was caused by the new use of virPCIDeviceAddressParse in a
	portion of virpci.c that wasn't linux-only (in commit 72c029d8). The
	problem was that virPCIDeviceAddressParse had originally been defined
	inside #ifdef _linux (because it was only used by another function
	that was inside the same ifdef).

	The solution is to move it out to the part of virpci.c that is
	compiled on all platforms.

	(Because the portion that was "moved" was 40-50 lines, but only moved
	up by 15 lines, the diff for the patch is less than non-informative -
	rather than showing that part that I moved, it shows the bit that was
	previously before the moved part, and now sits *after* it.)

2013-06-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	conf: Swap order of AddImplicitControllers and DomainDefPostParse
	Implicit controllers may be dependent on device definitions altered
	in a post-parse callback. Specifically, if a console device is
	defined without the target type, the type will be set in QEMU's
	callback. In the case of s390, this is virtio, which requires
	an implicit virtio-serial controller.

	S390: Testcase for console default target type (virtio)
	For s390 the default console target type is virtio. This also requires
	that an implicit virtio-serial controller is instantiated.
	This testcase verifies that the target type of virtio is correctly set
	in the generated XML if no target element was given and that the
	corresponding virtio-serial element is generated too.

2013-06-27  xuzhang  <xuzhang@redhat.com>

	virsh: Add parenthesis into virsh nodedev-detach help

2013-06-27  Ján Tomko  <jtomko@redhat.com>

	bridge: don't crash on bandwidth unplug with no bandwidth
	If networkUnplugBandwidth is called on a network which has
	no bandwidth defined, print a warning instead of crashing.

	This can happen when destroying a domain with bandwidth if
	bandwidth was removed from the network after the domain was
	started.

	https://bugzilla.redhat.com/show_bug.cgi?id=975359

2013-06-26  Laine Stump  <laine@laine.org>

	nodedev: add iommuGroup to node device object
	This includes adding it to the nodedev parser and formatter, docs, and
	test.

	An example of the new iommuGroup element that is a part of the output
	from "virsh nodedev-dumpxml" (virNodeDeviceGetXMLDesc()):

	  <device>
	    <name>pci_0000_02_00_1</name>
	    <capability type='pci'>
	    ...
	      <iommuGroup number='12'>
	        <address domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
	        <address domain='0x0000' bus='0x02' slot='0x00' function='0x1'/>
	      </iommuGroup>
	    </capability>
	  </device>

2013-06-26  Laine Stump  <laine@laine.org>

	pci: new iommu_group functions
	Any device which belongs to an "IOMMU group" (used by vfio) will
	have links to all devices of its group listed in
	/sys/bus/pci/$device/iommu_group/devices;
	/sys/bus/pci/$device/iommu_group is actually a link to
	/sys/kernel/iommu_groups/$n, where $n is the group number (there
	will be a corresponding device node at /dev/vfio/$n once the
	devices are bound to the vfio-pci driver)

	The following functions are added:

	virPCIDeviceGetIOMMUGroupList

	  Gets a virPCIDeviceList with one virPCIDeviceList for each device
	  in the same IOMMU group as the provided virPCIDevice (a copy of the
	  original device object is included in the list.

	virPCIDeviceAddressIOMMUGroupIterate

	  Calls the function @actor once for each device in the group that
	  contains the given virPCIDeviceAddress.

	virPCIDeviceAddressGetIOMMUGroupAddresses

	  Fills in a virPCIDeviceAddressPtr * with an array of
	  virPCIDeviceAddress, one for each device in the iommu group of the
	  provided virPCIDeviceAddress (including a copy of the original).

	virPCIDeviceAddressGetIOMMUGroupNum

	  Returns the group number as an int (a valid group number will always
	  be 0 or greater).  If there is no iommu_group link in the device's
	  directory (usually indicating that vfio isn't loaded), -2 will be
	  returned. On any real error, -1 will be returned.

2013-06-26  Ján Tomko  <jtomko@redhat.com>

	Plug leak in virCgroupMoveTask
	We only break out of the while loop if *content is an empty string.
	However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
	but it gets overwritten in the next for iteration.

	Move VIR_FREE right before we overwrite it to avoid the leak.

	==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
	==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
	==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
	==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
	==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
	==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)

	Introduced by 83e4c77.

	https://bugzilla.redhat.com/show_bug.cgi?id=978352

2013-06-26  Ján Tomko  <jtomko@redhat.com>

	Fix invalid read in virCgroupGetValueStr
	Don't check for '\n' at the end of file if zero bytes were read.

	Found by valgrind:
	==404== Invalid read of size 1
	==404==    at 0x529B09F: virCgroupGetValueStr (vircgroup.c:540)
	==404==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
	==404==    by 0x1EB475: qemuSetupCgroupForEmulator (qemu_cgroup.c:1061)
	==404==    by 0x1D9489: qemuProcessStart (qemu_process.c:3801)
	==404==    by 0x18557E: qemuDomainObjStart (qemu_driver.c:5787)
	==404==    by 0x190FA4: qemuDomainCreateWithFlags (qemu_driver.c:5839)

	Introduced by 0d0b409.

	https://bugzilla.redhat.com/show_bug.cgi?id=978356

2013-06-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix sample TPM XML
	Fix an error in the sample TPM XML.

2013-06-26  Laine Stump  <laine@laine.org>

	network: allow <vlan> in type='hostdev' networks
	Although SRIOV network cards support setting a vlan tag on their
	virtual functions, and although setting this vlan tag via a <vlan>
	element in a domain's <interface> works, setting a vlan tag for these
	devices in a <network> definition, or in a network <portgroup>
	definition is also supposed to work (and the comment that validates
	<vlan> usage even says that!). However, the check to allow it only
	checked for an openvswitch network, so attempts to add <vlan> to a
	network of type='hostdev' would fail.

2013-06-26  Laine Stump  <laine@laine.org>

	docs: correct and update network vlan example
	Somehow I put an example of a domain interface with a <vlan> element
	into the network documentation.

	This patch replaces that with an example of a network definition that
	has a vlan element with trunk='yes', multiple tags, and even the new
	nativeMode attribute. It also includes a <portgroup> that has a vlan
	defined.

2013-06-26  Laine Stump  <laine@laine.org>

	test: include qemuhotplugtest data files in source rpm
	commit 0fc12bca added a new test called qemuhotplugtest which has
	several data files in tests/qemuhotplugtestdata, but didn't add that
	directory to EXTRA_DIST in the tests Makefile.am, so the make check
	done during a make rpm was failing due to missing data files.

	qemu: fix infinite loop in OOM error path
	A loop in qemuPrepareHostdevPCIDevices() intended to cycle through all
	the objects on the list pcidevs was doing "while (listcount > 0)", but
	nothing in the body of the loop was reducing the size of the list - it
	was instead removing items from a *different* list. It has now been
	safely changed to a for() loop.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: fix dangling pointer in qemuDomainReAttachHostdevDevices
	(This isn't as bad as it sounds - it's only a problem in case of an
	OOM error.)

	qemuGetActivePciHostDeviceList() had been creating a list that
	contained pointers to objects that were also on the activePciHostdevs
	list. In case of an OOM error, this newly created list would be
	virObjectUnref'ed, which would cause everything on the list to be
	freed. But all of those objects would still be on the
	activePciHostdevs list, which could have very bad consequences if that
	list was ever again accessed.

	The solution used here is to populate the new list with *copies* of
	the objects from the original list. It turns out that on return from
	qemuGetActivePciHostDeviceList(), the caller would almost immediately
	go through all the device objects and "steal" them (i.e. remove the
	pointer from the list but not delete it) all from either one list or
	the other; we now instead just *delete* (remove from the list and
	free) each device from one list or the other, so in the end we have
	the same state.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: eliminate leak in OOM condition
	The "fix" I pushed a few commits ago would still leak a virPCIDevice
	in case of an OOM error. Although it's inconsequential in practice,
	this patch satisfies my OCD.

	pci: virPCIDeviceListAddCopy API
	Make a copy of the device and add the copy to the
	list. (virPCIDeviceListAdd() adds the original object to the list
	instead).

	pci: update stubDriver name in virPCIDeviceBindToStub
	If the device is bound to a stub driver different from what is saved
	in the virPCIDevice's stubDriver attribute, update it.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: eliminate repetitive path constructions in virPCIDeviceBindToStub
	The same strings were being re-created multiple times just to save
	declaring a new variable. In the meantime, the use of the generic
	variable names led to confusion when trying to follow the code. This
	patch creates strings for:

	 stubDriverName  (was called "driver" in original args)
	 stubDriverPath  ("/sys/bus/pci/drivers/${stubDriverName}")
	 driverLink      ("${device}/driver")
	 oldDriverName   (the final component of path linked to by
	                  "${device}/driver")
	 oldDriverPath   ("/sys/bus/pci/drivers/${oldDriverName}")

	then re-uses them as necessary.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: rename virPCIParseDeviceAddress and make it public
	This function has utility outside of virpci.c, so make it public.

	Also the name didn't fit convention, so change it to
	virPCIDeviceAddressParse.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: rename virPCIDeviceGetVFIOGroupDev to virPCIDeviceGetIOMMUGroupDev
	I realized after the fact that it's probably better in the long run to
	give this function a name that matches the name of the link used in
	sysfs to hold the group (iommu_group).

	I'm changing it now because I'm about to add several more functions
	that deal with iommu groups.

2013-06-26  Laine Stump  <laine@laine.org>

	pci: eliminate unused driver arg from virPCIDeviceDetach
	The driver arg to virPCIDeviceDetach is no longer used (the name of the stub driver is now set in the virPCIDevice object, and virPCIDeviceDetach retrieves it from there). Remove it.

2013-06-25  Laine Stump  <laine@laine.org>

	util: fix bug found by Coverity
	Commit 861d40565 added code (my personal change to "clean up" the
	submitter's code, *not* the fault of the submitter) that dereferenced
	virtVlan without first checking for NULL. This patch fixes that and,
	as part of the fix, cleans up some unnecessary obtuseness.

2013-06-25  Michal Privoznik  <mprivozn@redhat.com>

	tests: Introduce qemuhotplugtest
	As my punishment for the break in 7f15ebc7 (fixed in 752596b5dd) I'm
	introducing this test to make sure it won't happen again. Currently,
	only test for <graphics/> is supported.

2013-06-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement support for VIR_MIGRATE_PARAM_GRAPHICS_URI

	Implement extensible migration APIs in qemu driver

	qemu: Move internals of Confirm phase to qemu_migration.c

	qemu: Move common parts of Prepare phase to qemu_migration.c

	qemu: Move internals of Begin phase to qemu_migration.c

	Fix possible NULL dereference during migration

2013-06-25  Ján Tomko  <jtomko@redhat.com>

	Use 1.1.0 everywhere in the documentation
	Since we already have the v1.1.0-rc1 tag in git.

2013-06-25  Ján Tomko  <jtomko@redhat.com>

	virsh: edit: don't leak XML string on reedit or redefine
	Free the old XML strings before overwriting them if the user
	has chosen to reedit the file or force the redefinition.

	Found by Alex Jia trying to reproduce another bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=977430#c3

2013-06-25  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Fix units in virNetDevBridgeSetSTPDelay on BSD
	virNetDevBridgeSetSTPDelay accepts delay in milliseconds,
	but BSD implementation was expecting seconds. Therefore,
	it was working correctly only with delay == 0.

2013-06-25  Daniel Veillard  <veillard@redhat.com>

	Add polkit policy for API checks to rpm spec

2013-06-25  james robson  <jrobson@websense.com>

	Configure native vlan modes on Open vSwitch ports
	This patch adds functionality to allow libvirt to configure the
	'native-tagged' and 'native-untagged' modes on openvswitch networks.

2013-06-25  Laine Stump  <laine@laine.org>

	qemu: don't reset PCI devices being assigned with VFIO
	I just learned that VFIO resets PCI devices when they are assigned to
	guests / returned to the host, so it is redundant for libvirt to reset
	the devices. This patch inhibits calling virPCIDeviceReset to devices
	that will be/were assigned using VFIO.

2013-06-25  Jiri Denemark  <jdenemar@redhat.com>

	Introduce VIR_MIGRATE_PARAM_GRAPHICS_URI parameter
	The parameter specifies connection parameters to use for migrating
	client's connection to domain's graphical console.

	virsh: Use extensible migration APIs

	python: Add bindings for extensible migration APIs
	The patch implements wrappers for virDomainMigrate3 and
	virDomainMigrateToURI3.

	Extensible migration APIs
	This patch introduces two new APIs virDomainMigrate3 and
	virDomainMigrateToURI3 that may be used in place of their older
	variants. These new APIs take optional migration parameters (such as
	bandwidth, domain XML, ...) in an array of virTypedParameters, which
	makes adding new parameters easier as there's no need to introduce new
	APIs whenever a new migration parameter needs to be added. Both APIs are
	backward compatible and will automatically use older migration calls in
	case the new calls are not supported as long as the typed parameters
	array does not contain any parameter which was not supported by the
	older calls.

	Adapt virDomainMigratePeer2Peer for extensible migration APIs

	Adapt virDomainMigrateVersion3 for extensible migration APIs

	Implement extensible migration APIs in remote driver

	New internal migration APIs with extensible parameters
	This patch implements extensible variants of all internal migration APIs
	used for v3 migration.

	Introduce migration parameters
	To be used by new migration APIs with extensible set of parameters.

	Introduce virTypedParamsCopy internal API

	Log input type parameters in API entry points

	Introduce VIR_TYPED_PARAMS_DEBUG macro for dumping typed params
	All APIs that take typed parameters are only using params address in
	their entry point debug messages. With the new VIR_TYPED_PARAMS_DEBUG
	macro, all functions can easily log all individual typed parameters
	passed to them.

	Introduce virTypedParamsReplaceString internal API

	Introduce virTypedParamsCheck internal API
	This API is useful for checking whether only a specific subset of
	supported typed parameters were passed.

	util: Emit proper error code in virTypedParamsValidate
	When unsupported parameter is passed to virTypedParamsValidate,
	VIR_ERR_ARGUMENT_UNSUPPORTED should be returned rather than
	VIR_ERR_INVALID_ARG, which is more appropriate for supported parameters
	used incorrectly.

	Rename virTypedParameterArrayValidate as virTypedParamsValidate

	build: Fix check-aclrules in VPATH build

2013-06-24  Laine Stump  <laine@laine.org>

	pci: make virPCIDeviceDetach consistent in behavior
	virPCIDeviceDetach would previously sometimes consume the input device
	object (to put it on the inactive list) and sometimes not. Avoiding
	memory leaks required checking beforehand to see if the device was
	already on the list, and freeing the device object in the caller only
	if there wasn't already an identical object on the inactive list.

	This patch makes it consistent - virPCIDeviceDetach will *never*
	consume the input virPCIDevice object; if it needs to put one on the
	inactive list, it will create a copy and put *that* on the list. This
	way the caller knows that it is always their responsibility to free
	the device object they created.

2013-06-24  Laine Stump  <laine@laine.org>

	pci: eliminate memory leak in virPCIDeviceReattach
	virPCIDeviceReattach was making the assumption that the dev object
	given to it was one and the same with the dev object on the
	inactiveDevs list. If that had been the case, it would not need to
	free the dev object it removed from the inactive list, because the
	caller of virPCIDeviceReattach always frees the dev object that it
	passes in. Since the dev object passed in is *never* the same object
	that's on the list (it is a different object with the same name and
	attributes, created just for the purpose of searching for the actual
	object), simply doing a "ListSteal" to remove the object from the list
	results in one leaked object; we need to actually free the object
	after removing it from the list.

2013-06-24  Laine Stump  <laine@laine.org>

	pci: new utility functions
	* virPCIDeviceFindByIDs - find a device on a list w/o creating an object
	    This makes searching for an existing device on a list lighter weight.

	* virPCIDeviceCopy - make a copy of an existing virPCIDevice object.

	* virPCIDeviceGetDriverPathAndName - construct new strings containing
	    1) the name of the driver bound to this device.
	    2) the full path to the sysfs config for that driver.
	    (This code was lifted from virPCIDeviceUnbindFromStub, and replaced
	    there with a call to this new function).

2013-06-24  Laine Stump  <laine@laine.org>

	pci: change stubDriver from const char* to char*
	Previously stubDriver was always set from a string literal, so it was
	okay to use a const char * that wasn't freed when the virPCIDevice was
	freed. This will not be the case in the near future, so it is now a
	char* that is allocated in virPCIDeviceSetStubDriver() and freed
	during virPCIDeviceFree().

	syntax: virPCIDeviceFree is also a NOP for NULL args
	add it to the syntax-check list and fix the one offending caller.

2013-06-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: support qdisk backend
	libxl supports the LIBXL_DISK_BACKEND_QDISK disk backend, where qemu
	is used to provide the disk backend.  This patch simply maps the
	existing <driver name='qemu'/> to LIBXL_DISK_BACKEND_QDISK.

2013-06-24  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix disk format error message
	Specifying an unsupported disk format with the tap driver resulted in
	a less than helpful error message

	error: Failed to start domain test-hvm
	error: internal error libxenlight does not support disk driver qed

	Change the message to state that the qed format is not supported by
	the tap driver, e.g.

	error: Failed to start domain test-hvm
	error: internal error libxenlight does not support disk format qed
	with disk driver tap

	While at it, check for unsupported formats in the other driver
	backends.

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add validation that all APIs contain ACL checks
	Add a script which parses the driver API code and validates
	that every API registered in a virNNNDriverPtr table contains
	an ACL check matching the API name.

	NB this currently whitelists a few xen driver functions
	which are temporarily lacking in access control checks.
	The xen driver is considered insecure until these are
	fixed.

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Set process ID in system identity
	When creating a virIdentityPtr for the system identity, include
	the current process ID as an attribute.

	Add ACL checks into the secrets driver
	Insert calls to the ACL checking APIs in all secrets driver
	entrypoints.

	Add ACL checks into the nwfilter driver
	Insert calls to the ACL checking APIs in all nwfilter driver
	entrypoints.

	Add ACL checks into the node device driver
	Insert calls to the ACL checking APIs in all node device
	driver entrypoints.

	Add ACL checks into the interface driver
	Insert calls to the ACL checking APIs in all interface
	driver entrypoints.

	Add ACL checks into the network driver
	Insert calls to the ACL checking APIs in all network driver
	entrypoints.

	Add ACL checks into the storage driver
	Insert calls to the ACL checking APIs in all storage driver
	entrypoints.

	Add ACL checks into the libxl driver
	Insert calls to the ACL checking APIs in all libxl driver
	entrypoints.

	Add ACL checks into the Xen driver
	Insert calls to the ACL checking APIs in all Xen driver
	entrypoints.

	Add ACL checks into the UML driver
	Insert calls to the ACL checking APIs in all UML driver
	entrypoints.

	Add ACL checks into the LXC driver
	Insert calls to the ACL checking APIs in all LXC driver
	entrypoints.

	Add ACL checks into the QEMU driver
	Insert calls to the ACL checking APIs in all QEMU driver
	entrypoints.

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Auto-generate helpers for checking access control rules
	Extend the 'gendispatch.pl' script to be able to generate
	three new types of file.

	- 'aclheader' - defines signatures of helper APIs for
	  doing authorization checks. There is one helper API
	  for each API requiring an auth check. Any @acl
	  annotations result in a method being generated with
	  a suffix of 'EnsureACL'. If the ACL check requires
	  examination of flags, an extra 'flags' param will be
	  present. Some examples

	  extern int virConnectBaselineCPUEnsureACL(void);
	  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
	  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);

	  Any @aclfilter annotations resuilt in a method being
	  generated with a suffix of 'CheckACL'.

	  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);

	  These are used for filtering individual objects from APIs
	  which return a list of objects

	- 'aclbody' - defines the actual implementation of the
	  methods described above. This calls into the access
	  manager APIs. A complex example:

	    /* Returns: -1 on error (denied==error), 0 on allowed */
	    int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
	                                            virDomainDefPtr domain,
	                                            unsigned int flags)
	    {
	        virAccessManagerPtr mgr;
	        int rv;

	        if (!(mgr = virAccessManagerGetDefault()))
	            return -1;

	        if ((rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
	            (rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
	            (rv = virAccessManagerCheckDomain(mgr,
	                                              conn->driver->name,
	                                              domain,
	                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
	            virObjectUnref(mgr);
	            if (rv == 0)
	                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
	            return -1;
	        }
	        virObjectUnref(mgr);
	        return 0;
	    }

	- 'aclsyms' - generates a linker script to export the
	   APIs to drivers. Some examples

	  virConnectBaselineCPUEnsureACL;
	  virConnectCompareCPUEnsureACL;

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add ACL annotations to all RPC messages
	Introduce annotations to all RPC messages to declare what
	access control checks are required. There are two new
	annotations defined:

	 @acl: <object>:<permission>
	 @acl: <object>:<permission>:<flagname>

	  Declare the access control requirements for the API. May be repeated
	  multiple times, if multiple rules are required.

	    <object> is one of 'connect', 'domain', 'network', 'storagepool',
	             'interface', 'nodedev', 'secret'.
	    <permission> is one of the permissions in access/viraccessperm.h
	    <flagname> indicates the rule only applies if the named flag
	    is set in the API call

	 @aclfilter: <object>:<permission>

	  Declare an access control filter that will be applied to a list
	  of objects being returned by an API. This allows the returned
	  list to be filtered to only show those the user has permissions
	  against

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add a policy kit access control driver
	Add an access control driver that uses the pkcheck command
	to check authorization requests. This is fairly inefficient,
	particularly for cases where an API returns a list of objects
	and needs to check permission for each object.

	It would be desirable to use the polkit API but this links
	to glib with abort-on-OOM behaviour, so can't be used. The
	other alternative is to speak to dbus directly

2013-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Setup default access control manager in libvirtd
	Add a new 'access_drivers' config parameter to the libvirtd.conf
	configuration file. This allows admins to setup the default
	access control drivers to use for API authorization. The same
	driver is to be used by all internal drivers & APIs

	Set conn->driver before running driver connectOpen method
	The access control checks in the 'connectOpen' driver method
	will require 'conn->driver' to be non-NULL. Set this before
	running the 'connectOpen' method and NULL-ify it again on
	failure.

	Define basic internal API for access control
	This patch introduces the virAccessManagerPtr class as the
	interface between virtualization drivers and the access
	control drivers. The viraccessperm.h file defines the
	various permissions that will be used for each type of object
	libvirt manages

2013-06-24  Ján Tomko  <jtomko@redhat.com>

	qemu: check if block I/O limits fit into long long
	We can only pass values up to LLONG_MAX through JSON
	and QEMU checks if the int64_t number is not negative
	at startup since 1.5.0.

	https://bugzilla.redhat.com/show_bug.cgi?id=974010

2013-06-24  Ján Tomko  <jtomko@redhat.com>

	Get rid of useless VIR_STORAGE_FILE_FEATURE_NONE
	It's not used anywhere except for the switch in
	virStorageBackendCreateQemuImgOpts, where leaving it in causes
	a dead code coverity warning and omitting it breaks compilation
	because of unhandled enum value.

	Introduced by 6298f74.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	netdev: accept NULL in virNetDevSetupControl
	Commit b9c6b073 dropped the version of virNetDevSetupControl
	that didn't check for NULL arguments, but we call it like that
	in virNetDevBridgeDelete.

2013-06-21  Jim Fehlig  <jfehlig@suse.com>

	xen: Implement virConnectGetSysinfo
	virConnectGetSysinfo was never implemented in the legacy xen driver.
	This patch provides an implementation based on the qemu driver.

	libxl: Implement virConnectGetSysinfo
	virConnectGetSysinfo was never implemented in the libxl driver.
	This patch provides an implementation based on the qemu driver.

	libxl: Allow libxl to set NIC devid
	libxl contains logic to determine an appropriate devid for new devices
	that do not specify one in their configuration.  For all device types
	except NICs, the libxl driver allows libxl to determine devid.  Do the
	same for NICs.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	storage: add support for creating qcow2 images with extensions
	Add -o compat= and -o lazy_refcounts options for qemu-img.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	conf: add features to volume target XML
	Add <features> and <compat> elements to volume target XML.

	<compat> is a string which for qcow2 represents the QEMU version
	it should be compatible with. Valid values are 0.10 and 1.1.
	1.1 is implicit if the <features> element is present, otherwise
	qemu-img default is used. 0.10 can be specified to explicitly
	create older images after the qemu-img default changes.

	<features> contains optional features, so far
	<lazy_refcounts/> is available, which enables caching of reference
	counters, improving performance for snapshots.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	util: add support for qcow2v3 image detection
	Detect qcow2 images with version 3 in the image header as
	VIR_STORAGE_FILE_QCOW2.

	These images have a feature bitfield, with just one feature supported
	so far: lazy_refcounts.

	The header length changed too, moving the location of the backing
	format name.

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	qemu: add hv_vapic and hv_spinlocks support
	XML:
	<features>
	  <hyperv>
	    <vapic state='on'/>
	    <spinlocks state='on' retries='4096'/>
	  </hyperv>
	</features>

	results in the following QEMU command line:
	qemu -cpu <cpu_model>,hv_vapic,hv_spinlocks=0x1000

	https://bugzilla.redhat.com/show_bug.cgi?id=784836

2013-06-21  Ján Tomko  <jtomko@redhat.com>

	conf: add vapic and spinlocks to hyperv features
	Add new CPU features for HyperV:
	vapic for virtual APIC support
	spinlocks for setting spinlock support

	<features>
	  <hyperv>
	    <vapic state='on'/>
	    <spinlocks state='on' retries='4096'/>
	  </hyperv>
	</features>

	https://bugzilla.redhat.com/show_bug.cgi?id=784836

2013-06-21  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement bridge add/remove port and set STP

	BSD: implement virNetDevBridgeCreate() and virNetDevBridgeDelete()
	Implementation uses SIOCIFCREATE2 and SIOCIFDESTROY ioctls.
	Also, drop static virNetDevSetupControl() as we have
	public one avialable now.

2013-06-21  Osier Yang  <jyang@redhat.com>

	conf: Requires either uuid or usage of secret
	As the RNG schema for disk auth secret implies, it requires either
	"uuid" or "usage":

	  <define name='diskAuthSecret'>
	    <element name='secret'>
	      <attribute name='type'>
	        <choice>
	          <value>ceph</value>
	          <value>iscsi</value>
	        </choice>
	      </attribute>
	      <choice>
	        <attribute name='uuid'>
	          <ref name="UUID"/>
	        </attribute>
	        <attribute name='usage'>
	          <ref name='genericName'/>
	        </attribute>
	      </choice>
	    </element>
	  </define>

2013-06-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make probing for commands declarative

	qemu: Make probing for events declarative

2013-06-20  Jim Fehlig  <jfehlig@suse.com>

	build: Fix build with -Werror
	Commit 752596b5 broke the build with -Werror

	qemu/qemu_hotplug.c: In function 'qemuDomainChangeGraphics':
	qemu/qemu_hotplug.c:1980:39: error: declaration of 'listen' shadows a
	  global declaration [-Werror=shadow]

	Fix with s/listen/newlisten/

2013-06-20  Laine Stump  <laine@laine.org>

	network: increase max number of routes
	This fixes the problem reported in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=972690

	When checking for a collision of a new libvirt network's subnet with
	any existing routes, we read all of /proc/net/route into memory, then
	parse all the entries. The function that we use to read this file
	requires a "maximum length" parameter, which had previously been set
	to 64*1024. As each line in /proc/net/route is 128 bytes, this would
	allow for a maximum of 512 entries in the routing table.

	This patch increases that number to 128 * 100000, which allows for
	100,000 routing table entries. This means that it's possible that 12MB
	would be allocated, but that would only happen if there really were
	100,000 route table entries on the system, it's only held for a very
	short time.

	Since there is no method of specifying and unlimited max (and that
	would create a potential denial of service anyway) hopefully this
	limit is large enough to accomodate everyone.

2013-06-20  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: support paused domain restore in virDomainRestoreFlags

2013-06-20  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeGraphics: Check listen address change by listen type
	Currently, we have a bug when updating a graphics device. A graphics device can
	have a listen address set. This address is either defined by user (in which case
	it's type is VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS) or it can be inherited
	from a network (in which case it's type is
	VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_NETWORK). However, in both cases we have a
	listen address to process (e.g. during migration, as I've tried to fix in
	7f15ebc7).
	Later, when a user tries to update the graphics device (e.g. set a password),
	we check if listen addresses match the original as qemu doesn't know how to
	change listen address yet. Hence, users are required to not change the listen
	address. The implementation then just dumps listen addresses and compare them.
	Previously, while dumping the listen addresses, NULL was returned for NETWORK.
	After my patch, this is no longer true, and we get a listen address for olddev
	even if it is a type of NETWORK. So we have a real string on one side, the NULL
	from user's XML on the other side and hence we think user wants to change the
	listen address and we refuse it.

	Therefore, we must take the type of listen address into account as well.

2013-06-20  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: initialize device structures
	Do not leave uninitialized variables, not all parameters are set in
	libxlMake*.

	libxl: populate xenstore memory entries at startup, handle dom0_mem
	libxl uses some xenstore entries for hints in memory management
	(especially when starting new domain). This includes dom0 memory limit
	and Xen free memory margin, based on current system state. Entries are
	created at first function usage, so force such call at daemon startup,
	which most likely will be before any domain startup.
	Also prevent automatic memory management if dom0_mem= option passed to
	xen hypervisor - it is known to be incompatible with autoballoon.

2013-06-19  John Ferlan  <jferlan@redhat.com>

	lxc: Resolve issue with GetScheduler APIs for non running domain
	As a consequence of the cgroup layout changes from commit 'cfed9ad4', the
	lxcDomainGetSchedulerParameters[Flags]()' and lxcGetSchedulerType() APIs
	failed to return data for a non running domain.  This can be seen through
	a 'virsh schedinfo <domain>' command which returns:

	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted

	Prior to that change a non running domain would return:

	Scheduler      : posix
	cpu_shares     : 0
	vcpu_period    : 0
	vcpu_quota     : 0
	emulator_period: 0
	emulator_quota : 0

	This patch will restore the capability to return configuration only data
	for a non running domain regardless of whether cgroups are available.

2013-06-19  John Ferlan  <jferlan@redhat.com>

	qemu: Resolve issue with GetScheduler APIs for non running domain
	As a consequence of the cgroup layout changes from commit '632f78ca', the
	qemuDomainGetSchedulerParameters[Flags]()' and qemuGetSchedulerType() APIs
	failed to return data for a non running domain.  This can be seen through
	a 'virsh schedinfo <domain>' command which returns:

	Scheduler      : Unknown
	error: Requested operation is not valid: cgroup CPU controller is not mounted

	Prior to that change a non running domain would return:

	Scheduler      : posix
	cpu_shares     : 0
	vcpu_period    : 0
	vcpu_quota     : 0
	emulator_period: 0
	emulator_quota : 0

	This patch will restore the capability to return configuration only data
	for a non running domain regardless of whether cgroups are available.

2013-06-19  Ján Tomko  <jtomko@redhat.com>

	conf: split out snapshot disk XML formatting
	Just to reduce the indentation levels. Remove the unneeded
	NULL check for disk->file, as virBufferEscapeString doesn't
	print anything with NULL arguments.

	storage: rework qemu-img command line generation
	Split out option string generation to make adding new options easier
	and simplify the code.

2013-06-19  Ján Tomko  <jtomko@redhat.com>

	util: switch virBufferTrim to void
	We don't care whether the trim was succesful or not anywhere
	except the tests.

	Switch it to void and set the buffer error on wrong usage.

2013-06-18  Peter Krempa  <pkrempa@redhat.com>

	migration: Don't propagate VIR_MIGRATE_ABORT_ON_ERROR
	This flag is meant for errors happening on the source of the migration
	and isn't used on the destination. To allow better migration
	compatibility, don't propagate it to the destination.

2013-06-18  Peter Krempa  <pkrempa@redhat.com>

	migration: Make erroring out on I/O error controllable by flag
	Paolo Bonzini pointed out that it's actually possible to migrate a qemu
	instance that was paused due to I/O error and it will be able to work on
	the destination if the storage is accessible.

	This patch introduces flag VIR_MIGRATE_ABORT_ON_ERROR that cancels the
	migration in case an I/O error happens while it's being performed and
	allows migration without this flag. This flag can be possibly used for
	other error reasons that may be introduced in the future.

2013-06-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid leaking uri in qemuMigrationPrepareDirect

2013-06-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Move waiting for SPICE migration
	Currently, we wait for SPICE to migrate in the very same loop where we
	wait for qemu to migrate. This has a disadvantage of slowing seamless
	migration down. One one hand, we should not kill the domain until all
	SPICE data has been migrated.  On the other hand, there is no need to
	wait in the very same loop and hence slowing down 'cont' on the
	destination. For instance, if users are watching a movie, they can
	experience the movie to be stopped for a couple of seconds, as
	processors are not running nor on src nor on dst as libvirt waits for
	SPICE to migrate. We should move the waiting phase to migration CONFIRM
	phase.

2013-06-18  Cole Robinson  <crobinso@redhat.com>

	spec: Enable KVM support on ARM
	F20/rawhide has support for this.

	From: Peter Robinson <pbrobinson@gmail.com>

2013-06-18  Osier Yang  <jyang@redhat.com>

	virsh: Support SCSI_GENERIC cap flag for nodedev-list
	Document for nodedev-list is also updated.

	nodedev: Support SCSI_GENERIC cap flag for listAllNodeDevices

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev_hal: Enumerate scsi generic device
	The xml outputed by HAL backend for scsi generic device:

	<device>
	  <name>pci_8086_2922_scsi_host_scsi_device_lun0_scsi_generic</name>
	  <path>/sys/devices/pci0000:00/0000:00:1f.2/host0/target0:0:0/0:0:0:0/scsi_generic/sg0</path>
	  <parent>pci_8086_2922_scsi_host_scsi_device_lun0</parent>
	  <capability type='scsi_generic'>
	    <char>/dev/sg0</char>
	  </capability>
	</device>

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev_udev: Enumerate scsi generic device
	Since scsi generic device doesn't have DEVTYPE property set, the
	only way to know if it's a  scsi generic device or not is to read
	the "SUBSYSTEM" property.

	The XML of the scsi generic device will be like:

	<device>
	  <name>scsi_generic_sg0</name>
	  <path>/sys/devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/scsi_generic/sg0</path>
	  <parent>scsi_0_0_0_0</parent>
	  <capability type='scsi_generic'>
	    <char>/dev/sg0</char>
	  </capability>
	</device>

2013-06-18  Guannan Ren  <gren@redhat.com>

	qemu: set QEMU_CAPS_DEVICE_VIDEO_PRIMARY cap flag in QMP detection
	When qemu >= 1.20, it is safe to use -device for primary video
	device as described in 4c993d8ab.
	So, we are missing the cap flag in QMP capabilities detection, this
	flag can be initialized safely in virQEMUCapsInitQMPBasic.

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev_udev: changes missed by commit 1aa0ba3cef

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev_udev: Refactor udevGetDeviceType
	Checking if the "devtype" is NULL along with each "if" statements
	is bad. It wastes the performance, and also not good for reading.
	And also when the "devtype" is NULL, the logic is also not clear.

	This reorgnizes the logic of with "if...else" and a bunch of "else if".

	Other changes:
	   * Change the function style.
	   * Remove the useless debug statement.
	   * Get rid of the goto
	   * New helper udevDeviceHasProperty to simplify the logic for checking
	     if a property is existing for the device.
	   * Add comment to clarify "PCI devices don't set the DEVTYPE property"
	   * s/sysfs path/sysfs name/, as udev_device_get_sysname returns the
	     name instead of the full path. E.g. "sg0"
	   * Refactor the comment for setting VIR_NODE_DEV_CAP_NET cap type
	     a bit.

2013-06-18  Osier Yang  <jyang@redhat.com>

	nodedev: Expose sysfs path of device
	The name format is constructed by libvirt, it's not that clear to
	get what the device's sysfs path should be. This exposes the device's
	sysfs path by a new tag <path>.

	Since the sysfspath is filled during enumerating the devices by
	either udev or HAL. It's an output-only tag.

2013-06-16  Doug Goldstein  <cardoe@cardoe.com>

	Move virGetUserEnt() to where its needed
	In the first if case, virGetUserEnt() isn't necessary so don't bother
	calling it before determining we need it.

2013-06-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	BSD: implement virNetDevTapCreate() and virNetDevTapDelete()
	Implementation uses SIOCIFCREATE2 and SIOCIFDESTROY ioctls.

	Make virNetDevSetupControl() public.
	This method is useful not only in virnetdev.c.

	portability: use net/if.h instead of linux/if.h

2013-06-14  Ján Tomko  <jtomko@redhat.com>

	udev: fix crash in libudev logging
	Call virLogVMessage instead of virLogMessage, since libudev
	called us with a va_list object, not a list of arguments.

	Honor message priority and strip the trailing newline.

	https://bugzilla.redhat.com/show_bug.cgi?id=969152

2013-06-14  Richard Weinberger  <richard@nod.at>

	LXC: s/chroot/chdir in lxcContainerPivotRoot()
	...fixes a trivial copy&paste error.

2013-06-14  Peter Krempa  <pkrempa@redhat.com>

	remote: Fix client crash when URI path is empty when using ssh
	The parsed path in the URI may be NULL resulting into:

	  $ virsh -c qemu+ssh:// list
	  Segmentation fault (core dumped)

	Introduced by 22d81ceb46ea4b83ad817c29b2b04df27a09c671

2013-06-14  Peter Krempa  <pkrempa@redhat.com>

	remote: Forbid default "/session" connections when using ssh transport
	Without the socket path explicitly specified, the remote driver tried to
	connect to the "/system" instance socket even if "/session" was
	specified in the uri. With this patch this configuration now produces an
	error.

	It is still possible to initiate a session connection with specifying
	the path to the socket manually and also manually starting the session
	daemon. This was also possible prior to this patch,

	This is a minimal fix. We may decide to support remote session
	connections using ssh but this will require changes to the remote driver
	code so this fix shouldn't cause regressions in the case we decide to do
	that.

2013-06-14  Frediano Ziglio  <frediano.ziglio@citrix.com>

	Implement dispose method for libxlDomainObjPrivate
	When creating a timer/event handler reference counting is used. So it could
	be possible (in theory) that libxlDomainObjPrivateFree is called with
	reference counting >1. The problem is that libxlDomainObjPrivateFree leave
	the object in an invalid state with ctx freed (but still having dandling
	pointer). This can lead timer/event handler to core.

	This patch implements a dispose method for libxlDomainObjPrivate, and moves
	freeing the libxl ctx to the dispose method, ensuring the ctx is valid while
	the object's reference count is > 0.

2013-06-13  Marek Marczykowski-Górecki  <marmarek@invisiblethingslab.com>

	libxl: allow only 'ethernet' and 'bridge' interfaces, allow script there
	Actually only those interface types are handled correctly so reject
	others instead of ignoring settings (i.e. treating as bridge/ethernet
	anyway).
	Also allow <script/> in 'ethernet' (which should be the only
	script-allowing type). Keep <script/> allowed in bridge to be compatible
	with legacy 'xen' driver.

2013-06-13  Ján Tomko  <jtomko@redhat.com>

	qemu: allow restore with non-migratable XML input
	Convert input XML to migratable before using it in
	qemuDomainSaveImageOpen.

	XML in the save image is migratable, i.e. doesn't contain implicit
	controllers. If these controllers were in a non-default order in the
	input XML, the ABI check would fail. Removing and re-adding these
	controllers fixes it.

	https://bugzilla.redhat.com/show_bug.cgi?id=834196

2013-06-12  Cole Robinson  <crobinso@redhat.com>

	configure: Remove unused brctl check
	brctl isn't used anywhere AFAICT

2013-06-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: set bootloader for PV domains if not specified
	The legacy xen toolstack will set pygrub as the bootloader if not
	specified.  For compatibility, do the same in the libxl driver
	iff not using direct kernel boot.

2013-06-12  Jim Fehlig  <jfehlig@suse.com>

	libxl: Report connect type as Xen
	Currently, the libxl driver reports a connection type of "xenlight".
	To be compatible with the legacy Xen driver, it should return "Xen".

	Note: I noticed this while testing the libxl driver on OpenStack.
	After switching my Xen compute nodes to use the libxl stack, I
	could no longer launch instances on those nodes since
	hypervisor_type was reported as "xenlight" instead of "xen".

2013-06-12  Claudio Bley  <cbley@av-test.de>

	schema: simplify RNG pattern, remove superfluous <optional>

2013-06-12  Ján Tomko  <jtomko@redhat.com>

	nodedev: fix vport detection for FC HBA
	Use the host number as the host number when constructing the sysfs path
	instead of the variable we are trying to fill.

	https://bugzilla.redhat.com/show_bug.cgi?id=973543

2013-06-12  Ján Tomko  <jtomko@redhat.com>

	libvirt_private.syms: add virProcessGetStartTime
	https://bugzilla.redhat.com/show_bug.cgi?id=973543

2013-06-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid migration of machines with I/O errors
	Such machine can't be successuflly migrated unles the I/O error has
	recovered and might lead to data corruption. Forbid this kind of
	migration.

2013-06-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Cancel migration if guest encoutners I/O error while migrating
	During a live migration the guest may receive a disk access I/O error.
	In this state the guest is unable to continue running on a remote host
	after migration as some state may be present in the kernel and not
	migrated.

	With this patch, the migration is canceled in such case so it can either
	continue on the source if the I/O issues are recovered or has to be
	destroyed anyways.

2013-06-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migrate: Dispose listen address if set from config
	https://bugzilla.redhat.com/show_bug.cgi?id=971485

	As of d7f9d827531bc843b7c5aa9d3e8c08738a1de248 we copy the listen
	address from the qemu.conf config file in case none has been provided
	via XML. But later, when migrating, we should not include such listen
	address in the migratable XML as it is something autogenerated, not
	requested by user. Moreover, the binding to the listen address will
	likely fail, unless the address is '0.0.0.0' or its IPv6 equivalent.
	This patch introduces a new boolean attribute to virDomainGraphicsListenDef
	to distinguish autofilled listen addresses. However, we must keep the
	attribute over libvirtd restarts, so it must be kept within status XML.

2013-06-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak in Prepare phase
	Avoid leaking virDomainDef if Prepare phase fails before it gets to
	qemuMigrationPrepareAny.

2013-06-11  Ján Tomko  <jtomko@redhat.com>

	selinux: assume 's0' if the range is empty
	This fixes a crash:
	https://bugzilla.redhat.com/show_bug.cgi?id=969878

2013-06-10  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Drop unused code
	This has been disabled for years

2013-06-10  Michal Privoznik  <mprivozn@redhat.com>

	virSocketAddrIsWildcard: Use IN6_IS_ADDR_UNSPECIFIED correctly
	The IN6_IS_ADDR_UNSPECIFIED macro expects pointer to sin6_addr element
	instead of s6_addr element.

2013-06-10  Martin Kletzander  <mkletzan@redhat.com>

	storage: fix description of versionOffset

2013-06-10  Peter Krempa  <pkrempa@redhat.com>

	Fix commit 29c1e913e459058c12d02b3f4b767b3dd428a498
	This patch fixes changes done in commit 29c1e913e459058c12d02b3f4b767b3
	that was pushed without implementing review feedback.

	The flag introduced by the patch is changed to VIR_DOMAIN_VCPU_GUEST and
	documentation makes the difference between regular hotplug and this new
	functionality more explicit.

	The virsh options that enable the use of the new flag are changed to
	"--guest" and the documentation is fixed too.

2013-06-09  Cole Robinson  <crobinso@redhat.com>

	spec: Drop Requires: vbox
	Since this package isn't provided by any stock RH based distro. The
	upstream RPMs are called VirtualBox anyways.

2013-06-07  Richard Weinberger  <richard@nod.at>

	Fix ordering of file open in virProcessGetNamespaces
	virProcessGetNamespaces() opens files in /proc/XXX/ns/ which will
	later be passed to setns(). We have to make sure that the file
	descriptors in the array are in the correct order. In particular
	the 'user' namespace must be first otherwise setns() may fail
	for other namespaces.

	The order has been taken from util-linux's sys-utils/nsenter.c

	Also we must ignore EINVAL in setns() which occurs if the
	namespace associated with the fd, matches the calling process'
	current namespace.

2013-06-07  Michal Privoznik  <mprivozn@redhat.com>

	Prefer VIR_STRDUP over virAsprintf(&dst, "%s", str)
	There's no sense in using virAsprintf() just to duplicate a string.
	We should use VIR_STRDUP which is designed just for that.

2013-06-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainGetVcpusFlags: Initialize ncpuinfo
	Currently, there's a path to use the ncpuinfo variable uninitialized,
	which leads to a compiler warning:

	    qemu/qemu_driver.c: In function 'qemuDomainGetVcpusFlags':
	    qemu/qemu_driver.c:4573:9: error: 'ncpuinfo' may be used
	    uninitialized in this function [-Werror=maybe-uninitialized]
	             for (i = 0; i < ncpuinfo; i++) {
	             ^

2013-06-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement new QMP command for cpu hotplug
	This patch implements support for the "cpu-add" QMP command that plugs
	CPUs into a live guest. The "cpu-add" command was introduced in QEMU
	1.5. For the hotplug to work machine type "pc-i440fx-1.5" is required.

	qemu: Implement support for VIR_DOMAIN_VCPU_AGENT in qemuDomainSetVcpusFlags
	This patch adds support for agent-based cpu disabling and enabling to
	qemuDomainSetVcpusFlags() API.

	qemu: Implement request of vCPU state using the guest agent
	This patch implements the VIR_DOMAIN_VCPU_AGENT flag for the
	qemuDomainGetVcpusFlags() libvirt API implementation.

	API: Introduce VIR_DOMAIN_VCPU_AGENT, for agent based CPU hot(un)plug
	This flag will allow to use qemu guest agent commands to disable
	(offline) and enable (online) processors in a live guest that has the
	guest agent running.

	qemu_agent: Introduce helpers for agent based CPU hot(un)plug
	The qemu guest agent allows to online and offline CPUs from the
	perspective of the guest. This patch adds helpers that call
	'guest-get-vcpus' and 'guest-set-vcpus' guest agent functions and
	convert the data for internal libvirt usage.

	qemu: Use bool instead of int in qemuMonitorSetCPU APIs
	The 'online' parameter has only two possible values. Use a bool for it.

	virsh-domain-monitor: Remove ATTRIBUTE_UNUSED from a argument
	The "cmd" argument in cmdList is now used. Unmark it as unused.

2013-06-07  ryan woodsmall  <rwoodsmall@gmail.com>

	Add support for VirtualBox 4.2 APIs
	A few things have changed in the VirtualBox API - some small
	(capitalizations of things in function names like Ip to IP
	and Dhcp to DHCP) and some much larger (FindMedium is superceded
	by OpenMedium). The biggest change for the sake of this patch
	is the signature of CreateMachine is quite a bit different. Using
	the Oracle source as a guide, to spin up a VM with a given UUID,
	it looks like a text flag has to be passed in a new argument to
	CreateMachine. This flag is built in the VirtualBox 4.2 specific
	ifdefs and is kind of ugly but works. Additionally, there is now
	(unused) VM groups support in CreateMachine and the previous
	'osTypeId' arg is currently set to nsnull as in the Oracle code.

	The FindMedium to OpenMedium changes were more straightforward
	and are pretty clear. The rest of the vbox template changes are
	basically spelling/capitalization changes from the looks of things.

2013-06-07  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainMigrateGraphicsRelocate: Use then new virSocketAddrIsWildcard
	Since we have the new internal API to check for wildcard address,
	we can use it instead of parsing and formatting.

	virsocket: Introduce virSocketAddrIsWildcard
	This internal API checks, if passed address is a wildcard address.

2013-06-07  Ján Tomko  <jtomko@redhat.com>

	iscsi: pass hostnames to iscsiadm instead of resolving them
	iscsiadm now supports specifying hostnames in the portal argument [1]

	Instead of resolving the hostname to a single IPv4 address, pass the
	hostname to isciadm, allowing IPv6 targets to work.

	[1] https://bugzilla.redhat.com/show_bug.cgi?id=624437

2013-06-07  Osier Yang  <jyang@redhat.com>

	qemu: Report the offset from host UTC for RTC_CHANGE event
	https://bugzilla.redhat.com/show_bug.cgi?id=964177

	Though both libvirt and QEMU's document say RTC_CHANGE returns
	the offset from the host UTC, qemu actually returns the offset
	from the specified date instead when specific date is provided
	(-rtc base=$date).

	It's not safe for qemu to fix it in code, it worked like that
	for 3 years, changing it now may break other QEMU use cases.
	What qemu tries to do is to fix the document:

	http://lists.gnu.org/archive/html/qemu-devel/2013-05/msg04782.html

	And in libvirt side, instead of replying on the value from qemu,
	this converts the offset returned from qemu to the offset from
	host UTC, by:

	  /*
	   * a: the offset from qemu RTC_CHANGE event
	   * b: The specified date (-rtc base=$date)
	   * c: the host date when libvirt gets the RTC_CHANGE event
	   * offset: What libvirt will report
	   */

	  offset = a + (b - c);

	The specified date (-rtc base=$date) is recorded in clock's def as
	an internal only member (may be useful to exposed outside?).

	Internal only XML tag "basetime" is introduced to not lose the
	guest's basetime after libvirt restarting/reloading:

	<clock offset='variable' adjustment='304' basis='utc' basetime='1370423588'/>

2013-06-06  Ján Tomko  <jtomko@redhat.com>

	qemu: simplify CPU command line parsing
	Use virStringSplit. Change the 'error' label to 'cleanup' to prevent
	memory leaks on error.

	qemu: change two-state int parameters to bool

	nwfilter: change two-state int parameters to bool

	Remove redundant two-state integers

	Replace two-state local integers with bool
	Found with 'git grep "= 1"'.

2013-06-06  Peter Krempa  <pkrempa@redhat.com>

	storage: Avoid unnecessary ternary operators and refactor the code
	Setting of local variables in virStorageBackendCreateQemuImgCmd was
	unnecessarily cluttered with ternary operators and repeated testing of
	of conditions.

	This patch refactors the function to use if statements and improves
	error reporting in case inputvol is specified but does not contain
	target path. Previously we would complain about "unknown storage vol
	type 0" instead of the actual problem.

2013-06-06  Alvaro Polo  <apoloval@gmail.com>

	openvz: Fix code coverage issue in OpenVZ driver
	After fixing an invalid usage of virDomainNetDef in OpenVZ driver,
	a coverage issue appeared. This was caused by a still invalid usage
	of net->data.ethernet.dev for non ethernet networking.

2013-06-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Reformat listen address prior to checking
	Currently, a listen address for a SPICE server can be specified. Later,
	when the domain is migrated, we need to relocate the graphics which
	involves telling new destination to the SPICE server. However, we can't
	just assume the listen address is the new location, because the listen
	address can be ANYCAST (0.0.0.0 for IPv4, :: for IPv6). In which case,
	we want to pass the remote hostname. But there are some troubles with
	ANYCAST. In both IPv4 and IPv6 it has many ways for specifying such
	address. For instance, in IPv4: 0, 0.0, 0.0.0, 0.0.0.0.  The number of
	variations gets bigger in IPv6 world. Hence, in order to check for
	ANYCAST address sanely, we should take the provided listen address,
	parse it and format back in it's full form. Which is exactly what this
	patch does.

2013-06-06  Eric Blake  <eblake@redhat.com>

	build: fix build without posix_fallocate
	Such as on FreeBSD.  Broken in commit aa2a4cff7.

	* src/util/virstoragefile.c (virStorageFileResize): Add missing ';',
	mark conditionally unused variables.

2013-06-05  Daniel P. Berrange  <berrange@redhat.com>

	Ensure non-root can read /proc/meminfo file in LXC containers
	By default files in a FUSE mount can only be accessed by the
	user which created them, even if the file permissions would
	otherwise allow it. To allow other users to access the FUSE
	mount the 'allow_other' mount option must be used. This bug
	prevented non-root users in an LXC container from reading
	the /proc/meminfo file.

	https://bugzilla.redhat.com/show_bug.cgi?id=967977

2013-06-05  Daniel P. Berrange  <berrange@redhat.com>

	Remove legacy code for single-instance devpts filesystem
	Earlier commit f7e8653f dropped support for using LXC with
	kernels having single-instance devpts filesystem from the
	LXC controller. It forgot to remove the same code from the
	LXC container setup.

2013-06-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Provide better error message if metadata pre-alloc is unsupported
	Instead of a unknown flag error report that metadata pre-allocation is
	not supported with the requested volume creation method.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=969982

2013-06-05  Peter Krempa  <pkrempa@redhat.com>

	storage: Clean up function header and reflow error message
	Comply with the coding standard and save a few lines.

	storagevolxml2argvtest: Report better error messages on test failure
	If the creation of the commandline failed, libvirt always reported "out
	of memory" from the virCommandToString function rather than the proper
	error that happened in virStorageBackendCreateQemuImgCmd. Error out
	earlier.

2013-06-05  Eric Blake  <eblake@redhat.com>

	maint: don't use config.h in .h files
	Enforce the rule that .h files don't need to (redundantly)
	include <config.h>.

	* cfg.mk (sc_prohibit_config_h_in_headers): New rule.
	(_virsh_includes): Delete; instead, inline a smaller number of
	exclusions...
	(exclude_file_name_regexp--sc_require_config_h)
	(exclude_file_name_regexp--sc_require_config_h_first): ...here.
	* daemon/libvirtd.h (includes): Fix offenders.
	* src/driver.h (includes): Likewise.
	* src/gnutls_1_0_compat.h (includes): Likewise.
	* src/libxl/libxl_conf.h (includes): Likewise.
	* src/libxl/libxl_driver.h (includes): Likewise.
	* src/lxc/lxc_conf.h (includes): Likewise.
	* src/lxc/lxc_driver.h (includes): Likewise.
	* src/lxc/lxc_fuse.h (includes): Likewise.
	* src/network/bridge_driver.h (includes): Likewise.
	* src/phyp/phyp_driver.h (includes): Likewise.
	* src/qemu/qemu_conf.h (includes): Likewise.
	* src/util/virnetlink.h (includes): Likewise.

2013-06-05  Osier Yang  <jyang@redhat.com>

	qemu: Abstract code for the cpu controller setting into a helper

2013-06-05  Osier Yang  <jyang@redhat.com>

	storage: Forbid to shrink the vol's capacity if no --shrink is specified
	As the document for "virsh-resize" says:
	<...>
	Attempts to shrink the volume will fail unless I<--shrink> is present;
	</...>

	This makes sense as it at least prevent the user shrinking the important
	data of volume without a notice.

2013-06-05  Osier Yang  <jyang@redhat.com>

	storage: Support preallocate the new capacity for vol-resize
	The document for "vol-resize" says the new capacity will be sparse
	unless "--allocate" is specified, however, the "--allocate" flag
	is never implemented. This implements the "--allocate" flag for
	fs backend's raw type volume, based on posix_fallocate and the
	syscall SYS_fallocate.

2013-06-05  Ján Tomko  <jtomko@redhat.com>

	virtlockd: fix socket path
	Change the socket path to match the one used by lockd driver.

	https://bugzilla.redhat.com/show_bug.cgi?id=968128

2013-06-05  Guannan Ren  <gren@redhat.com>

	snapshot: remove mutually exclusive memory and disk-only duplicate check
	The work was done at the time of snapshot xmlstring parsing

	 if (offline && def->memory &&
	     def->memory != VIR_DOMAIN_SNAPSHOT_LOCATION_NONE) {
	     virReportError(...);
	 }

2013-06-04  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: grab driver lock earlier during init (bz96649)
	This patch is in relation to Bug 966449:

	https://bugzilla.redhat.com/show_bug.cgi?id=966449

	This is a patch addressing the coredump.

	Thread 1 must be calling  nwfilterDriverRemoveDBusMatches(). It does so with
	nwfilterDriverLock held. In the patch below I am now moving the
	nwfilterDriverLock(driverState) further up so that the initialization, which
	seems to either take a long time or is entirely stuck, occurs with the lock
	held and the shutdown cannot occur at the same time.

	Remove the lock in virNWFilterDriverIsWatchingFirewallD to avoid
	double-locking.

2013-06-04  Alvaro Polo  <apoloval@gmail.com>

	Fix a invalid usage of virDomainNetDef in OpenVZ driver
	OpenVZ was accessing ethernet data to obtain the guest iface name
	regardless the domain is configured to use ethernet or bridged
	networking. This prevented the guest network interface to be rightly
	named for bridged networking.

2013-06-04  Ján Tomko  <jtomko@redhat.com>

	docs: add spaces to formatstorage.html
	Let the pool types breathe.

2013-06-04  Osier Yang  <jyang@redhat.com>

	virsh: Allow attach-disk to specify disk wwn
	Commit 6e73850b01ee support to set wwn for disks, but it was not
	exposed to attach-disk.

2013-06-04  Ján Tomko  <jtomko@redhat.com>

	tests: fix typo in securityselinuxtest

2013-06-04  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Obey pool-or-uuid spec when creating volumes
	Our documentation says a pool may be referenced by its name or UUID
	anywhere if it makes sense (pool-name and pool-uuid are the only
	exceptions). However, vol-create and vol-create-as commands did not obey
	this.

2013-06-03  Peter Krempa  <pkrempa@redhat.com>

	libvirt-qemu: Dispatch errors from virDomainQemuAgentCommand()
	The original implementation didn't follow the established pattern and
	did not dispatch errors in case of failure.

	qemu: Properly report guest agent errors on command passthrough
	The code for arbitrary guest agent passthrough was horribly broken since
	introduction. Fix it to correctly report errors.

	virsh-domain: Report errors and don't deref NULL in qemu-agent-command
	Check the returned value for NULL and take the cleanup path
	appropriately if the API fails.

	RPC: Support up to 16384 cpus on the host and 4096 in the guest
	The RPC limits for cpu maps didn't allow to use libvirt on ultra big
	boxes. This patch increases size of the limits to support a maximum of
	16384 cpus on the host with a maximum of 4096 cpus per guest.
	The full cpu map of such a system takes 8 megabytes and the map for
	vcpu pinning is 2 kilobytes long.

2013-06-03  Jiri Denemark  <jdenemar@redhat.com>

	spec: Explicitly require libgcrypt-devel
	Our configure.ac says:

	    Not all versions of gnutls include -lgcrypt, and so we add
	    it explicitly for the calls to gcry_control/check_version

	Thus we cannot rely on gnutls-devel to bring grcypt-devel as a
	dependency.

2013-06-03  Jiri Denemark  <jdenemar@redhat.com>

	virsh iface-bridge: Ignore delay if stp is turned off
	Delay only makes sense with STP enabled.

	Fix warning about using an uninitialized next_unit value
	Using an uninitialized value and a bool saying if the value is valid may
	confuse compilators.

2013-06-03  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Add --live, --config, --current logic to cmdAttachInterface
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdAttachDisk
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdAttachDevice
	Use the approach established in commit
	69ce3ffa8d431e9810607c6e00b7cfcc481b491d to improve this function too.

2013-06-03  Ján Tomko  <jtomko@redhat.com>

	use virBitmapFree instead of VIR_FREE for cpumask
	Found by 'git grep FREE.*cpumask' after looking at 31f1f6b.

2013-06-03  Martin Kletzander  <mkletzan@redhat.com>

	usb: don't spoil decimal addresses
	For USB devices, dev->name gets formated as %.3o:%.3o even though the
	numbers are decimal.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=967712

2013-06-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 1.0.6
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: pull localization updates and regenerate the po

2013-06-03  Osier Yang  <jyang@redhat.com>

	Storage: Fix the indention of rbd test file

2013-06-03  Osier Yang  <jyang@redhat.com>

	nodedev_hal: Modernize the function's style
	Use style like:

	void
	foo (const char *name)
	{
	    printf("Hello, %s\n", name);
	}

	Later patches will clean up node_device_hal.c more.

2013-06-01  Osier Yang  <jyang@redhat.com>

	conf: Generate address for scsi host device automatically
	With unknown good reasons, the attribute "bus" of scsi device
	address is always set to 0, same for attribute "target". (See
	virDomainDiskDefAssignAddress).

	Though we might need to change the algorithm to honor "bus"
	and "target" too, that's a different issue. The address generator
	for scsi host device in this patch just follows the unknown
	good reasons, only considering the "controller" and "unit".
	It walks through all scsi controllers and their units, to see
	if the address $controller:0:0:$unit can be used (if not used
	by any disk or scsi host device yet), if found one, it sits on
	it, otherwise, it creates a new controller (actually the controller
	is implicitly created by someone else), and sits on
	$new_controller:0:0:0 instead.

2013-05-31  Laine Stump  <laine@laine.org>

	qemu: prevent termination of guests w/hostdev on driver reconnect
	This should resolve:

	  https://bugzilla.redhat.com/show_bug.cgi?id=959191

	The problem was that qemuUpdateActivePciHostdevs was returning 0
	(success) when no hostdevs were present, but would otherwise return -1
	(failure) even when it completed successfully. It is only called from
	qemuProcessReconnect(), and when qemuProcessReconnect got back an
	error, it would not only stop reconnecting, but would terminate the
	guest qemu process "to remove danger of it ending up running twice if
	user tries to start it again later".

	(This bug was introduced in commit 011cf7ad, which was pushed between
	v1.0.2 and v1.0.3, so all maintenance branches from v1.0.3 up to 1.0.5
	will need this one line patch applied.)

2013-05-31  Guido Günther  <agx@sigxcpu.org>

	vbox: define DYNLIB_NAME for kFreeBSD
	Similar to what Eric did for Cygwin it helps at least to compile
	without --without-vbox

2013-05-31  Eric Blake  <eblake@redhat.com>

	build: skip qemu in tests when !WITH_QEMU
	A mingw build (where the qemu driver is not built, so WITH_QEMU
	is undefined) failed with:

	In file included from ../../src/qemu/qemu_command.h:30:0,
	                 from ../../tests/testutilsqemu.h:4,
	                 from ../../tests/networkxml2xmltest.c:14:
	../../src/qemu/qemu_conf.h:53:4: error: #error "Port me"

	But since testutilsqemu.c is already conditional, the header
	should be likewise.

	* tests/testutilsqemu.h: Make content conditional.

2013-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Introduce virFilePrintf() as a portable fprintf()
	We can't use GNULIB's fprintf-posix due to licensing
	incompatibilities. We do already have a portable
	formatting via virAsprintf() which we got from GNULIB
	though. We can use to create a virFilePrintf() function.

	But really gnulib could just provide a 'fprintf'
	module, that depended on just its 'asprintf' module.

2013-05-31  Jiri Denemark  <jdenemar@redhat.com>

	Document that runtime changes may be lost after S4 suspend

2013-05-31  Ján Tomko  <jtomko@redhat.com>

	qemu: escape literal IPv6 address in NBD migration
	A literal IPv6 must be escaped, otherwise migration fails with:
	unable to execute QEMU command 'drive-mirror': address resolution failed
	for f0::0d:5901: Servname not supported for ai_socktype
	since QEMU treats everything after the first ':' as the port.

2013-05-31  John Ferlan  <jferlan@redhat.com>

	Check for existence of interface prior to setting terminate flag
	https://bugzilla.redhat.com/show_bug.cgi?id=903480

	During domain destruction it's possible that the learnIPAddressThread has
	already removed the interface prior to the teardown filter path being run.
	The teardown code would only be telling the thread to terminate.

2013-05-31  John Ferlan  <jferlan@redhat.com>

	Resolve memory leak found by valgrind
	Commit '6afdfc8e' adjusted the exit and error paths to go through the error
	and cleanup labels, but neglected to remove the return ret prior to cleanup.
	Also noted the 'type' xml string fetch was never checked for NULL which
	could lead to some interesting results.

2013-05-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Don't kill access to disk if snapshot creation fails
	If snapshot creation failed for example due to invalid use of the
	"REUSE_EXTERNAL" flag, libvirt killed access to the original image file
	instead of the new image file. On machines with selinux this kills the
	whole VM as the selinux context is enforced immediately.

	* qemu_driver.c:qemuDomainSnapshotUndoSingleDiskActive():
	    - Kill access to the new image file instead of the old one.

	Partially resolves: https://bugzilla.redhat.com/show_bug.cgi?id=906639

2013-05-31  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix damaged whitespace
	After deleting "WithDriver" from the async job function the code was
	unaligned.

2013-05-31  Martin Kletzander  <mkletzan@redhat.com>

	Properly indent function's opening bracket

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: use correct rpc.h for virtlockd
	Commit d671121d was incomplete; I hit another compile fail on
	cygwin not finding the correct rpc/rpc.h.

	* src/Makefile.am (virtlockd_CFLAGS): Add XDR_CFLAGS.

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: work around cygwin header bug
	A bug in Cygwin [1] and poor error messages from gcc [2] lead
	to this confusing compilation error:

	qemu/qemu_monitor.c:418:9: error: passing argument 2 of 'sendmsg' from incmpatible pointer type
	/usr/include/sys/socket.h:42:11: note: expected 'const struct msghdr *' but argument is of type 'struct msghdr *'

	[1] http://cygwin.com/ml/cygwin/2013-05/msg00451.html
	[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57475

	* src/qemu/qemu_monitor.c (includes): Include <sys/socket.h>
	before <sys/un.h>.

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: cast [ug]id_t when printing
	This is a recurring problem for cygwin :)
	For example, see commit 23a4df88.

	qemu/qemu_driver.c: In function 'qemuStateInitialize':
	qemu/qemu_driver.c:691:13: error: format '%d' expects type 'int', but argument 8 has type 'uid_t' [-Wformat]

	* src/qemu/qemu_driver.c (qemuStateInitialize): Add casts.
	* daemon/remote.c (remoteDispatchAuthList): Likewise.

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: port qemu to cygwin
	A cygwin build of the qemu driver fails with:

	qemu/qemu_process.c: In function 'qemuPrepareCpumap':
	qemu/qemu_process.c:1803:31: error: 'CPU_SETSIZE' undeclared (first use in this function)

	CPU_SETSIZE is a Linux extension in <sched.h>; a bit more portable
	is using sysconf if _SC_NPROCESSORS_CONF is defined (several platforms
	have it, including Cygwin).  Ultimately, I would have preferred to
	use gnulib's 'nproc' module, but it is currently under an incompatible
	license.

	* src/qemu/qemu_conf.h (QEMUD_CPUMASK_LEN): Provide definition on
	cygwin.

2013-05-30  Eric Blake  <eblake@redhat.com>

	build: use correct rpc.h for lockd
	On cygwin, the build failed with:

	In file included from ./rpc/virnetmessage.h:24:0,
	                 from ./rpc/virnetclient.h:29,
	                 from locking/lock_driver_lockd.c:31:
	./rpc/virnetprotocol.h:9:21: fatal error: rpc/rpc.h: No such file or directory

	* src/Makefile.am (lockd_la_CFLAGS): Add XDR_CFLAGS.

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: work around broken sasl header
	Compilation on cygwin failed due to a bug in the sasl headers
	present on that platform (libsasl2-devel 2.1.26):

	In file included from rpc/virnetserverclient.c:27:0:
	/usr/include/sasl/sasl.h:230:38: error: expected declaration specifiers or '...' before 'size_t'

	Upstream is aware of their bug:
	https://bugzilla.cyrusimap.org/show_bug.cgi?id=3759

	* src/rpc/virnetserverclient.c (includes): Ensure size_t is
	defined before using sasl.h.

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix typo in earlier commit
	Bummer, I committed, then fixed a typo, then tested, and forgot to
	amend the commit before pushing 7d21d6b6.

	* src/rpc/virnettlscontext.c (includes): Use correct spelling.

2013-05-29  Cole Robinson  <crobinso@redhat.com>

	virsh: migrate: Don't disallow --p2p and --migrateuri
	Because it's a valid combination. p2p still uses a separate channel
	for qemu migration, so there's value in letting the user specify a manual
	migrate URI for overriding auto-port, or libvirt's FQDN lookup.

	What _isn't_ allowed is --migrateuri and TUNNELLED, since there is
	no separate migration channel. Disallow that instead

2013-05-29  Cole Robinson  <crobinso@redhat.com>

	qemu: migration: error if tunnelled + storage specified
	Since as the code indicates it doesn't work yet, so let's be
	explicit about it.

	qemu: migration: Improve p2p error if we can't open conn
	By actually showing the Open() error to the user

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix build without libvirtd
	Building when configured --with-libvirtd=no fails with:

	In file included from ../src/qemu/qemu_command.h:30:0,
	                 from testutilsqemu.h:4,
	                 from networkxml2xmltest.c:14:
	../src/qemu/qemu_conf.h:175:5: error: expected specifier-qualifier-list before 'virStateInhibitCallback'

	* src/libvirt_internal.h (virStateInhibitCallback): Move outside
	of conditional.

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix build with newer gnutls
	Building with gnutls 3.2.0 (such as shipped with current cygwin) fails
	with:

	rpc/virnettlscontext.c: In function 'virNetTLSSessionGetKeySize':
	rpc/virnettlscontext.c:1358:5: error: implicit declaration of function 'gnutls_cipher_get_key_size' [-Wimplicit-function-declaration]

	Yeah, it's stupid that gnutls broke API by moving their declaration
	into a new header without including that header from the old one,
	but it's easy enough to work around, all without breaking on gnutls
	1.4.1 (hello RHEL 5) that lacked the new header.

	* configure.ac (gnutls): Check for <gnutls/crypto.h>.
	* src/rpc/virnettlscontext.c (includes): Include additional header.

2013-05-29  Osier Yang  <jyang@redhat.com>

	storage_conf: Use uid_t/gid_t instead of int to cast the value
	And error out if the casted value is not same with the original
	one, which prevents the bug on platform(s) where uid_t/gid_t
	has different size with long.

2013-05-29  Osier Yang  <jyang@redhat.com>

	storage_conf: Improve error messages
	virStoragePoolDefParseSource:
	  * Better error message

	virStoragePoolObjLoad:
	  * Break the line line

2013-05-29  Osier Yang  <jyang@redhat.com>

	storage_conf: Use NULLSTR instead

	storage_conf: Improve the memory deallocation of virStorageVolDefParseXML
	Changes:
	  * Add a new goto label "error"
	  * Free the strings at "cleanup"
	  * Remove the unnecessary frees

	storage_conf: Improve the memory deallocation of pool def parsing
	Changes:
	    * Free all the strings at "cleanup", instead of freeing them
	      in the middle
	    * Remove xmlFree
	    * s/tmppath/target_path/, to make it more sensible
	    * Add new goto label "error"

2013-05-29  Michal Privoznik  <mprivozn@redhat.com>

	qemuOpenVhostNet: Decrease vhostfdSize on open failure
	Currently, if there's an error opening /dev/vhost-net (e.g. because
	it doesn't exist) but it's not required we proceed with vhostfd array
	filled with -1 and vhostfdSize unchanged. Later, when constructing
	the qemu command line only non-negative items within vhostfd array
	are taken into account. This means, vhostfdSize may be greater than
	the actual count of non-negative items in vhostfd array. This results
	in improper command line arguments being generated, e.g.:

	-netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=(null)

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: fix build with older gcc
	gcc 4.1.2 (hello, RHEL 5!) fails to build on 32-bit platforms with:

	conf/domain_conf.c: In function 'virDomainDefParseXML':
	conf/domain_conf.c:10581: warning: integer constant is too large for 'long' type

	Problem introduced in commit f8e3221f9.

	* src/conf/domain_conf.c (virDomainDefParseXML): Mark large constants.

2013-05-29  Eric Blake  <eblake@redhat.com>

	build: drop unused variable
	Compilation for mingw failed:

	../../src/util/virutil.c: In function 'virGetWin32DirectoryRoot':
	../../src/util/virutil.c:1094:9: error: unused variable 'ret' [-Werror=unused-variable]

	* src/util/virutil.c (virGetWin32DirectoryRoot): Silence compiler
	warning.

2013-05-28  Eric Blake  <eblake@redhat.com>

	syntax: fix broken error message in previous patch
	Osier Yang pointed out that I introduced a syntax error in my
	syntax check (I really shouldn't make last-minute changes without
	testing them....).

	/bin/sh: -c: line 2: syntax error near unexpected token `;'
	/bin/sh: -c: line 2: `  { echo 'maint.mk: incorrect whitespace, see HACKING for rules' 2>&; \'
	make: *** [bracket-spacing-check] Error 1

	* cfg.mk (bracket-spacing-check): Fix copy-and-paste error.

2013-05-28  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't report error on successful media eject
	If we are just ejecting media, ret == -1 even after the retry loop
	determines that the tray is open, as requested. This means media
	disconnect always report's error.

	Fix it, and fix some other mini issues:

	- Don't overwrite the 'eject' error message if the retry loop fails
	- Move the retries decrement inside the loop, otherwise the final loop
	  might succeed, yet retries == 0 and we will raise error
	- Setting ret = -1 in the disk->src check is unneeded
	- Fix comment typos

	cc: mprivozn@redhat.com

2013-05-28  Eric Blake  <eblake@redhat.com>

	syntax-check: mandate space after mid-line semicolon
	Enforce the style cleanup in the previous patch.

	* build-aux/bracket-spacing.pl: Enforce trailing spacing.
	* cfg.mk (bracket-spacing-check): Tweak error wording.
	* docs/hacking.html.in: Document the rule.
	* HACKING: Regenerate.

2013-05-28  Eric Blake  <eblake@redhat.com>

	syntax: prefer space after semicolon in for loop
	I noticed several unusual spacings in for loops, and decided to
	fix them up.  See the next commit for the syntax check that found
	all of these.

	* examples/domsuspend/suspend.c (main): Fix spacing.
	* python/libvirt-override.c: Likewise.
	* src/conf/interface_conf.c: Likewise.
	* src/security/virt-aa-helper.c: Likewise.
	* src/util/virconf.c: Likewise.
	* src/util/virhook.c: Likewise.
	* src/util/virlog.c: Likewise.
	* src/util/virsocketaddr.c: Likewise.
	* src/util/virsysinfo.c: Likewise.
	* src/util/viruuid.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* tools/virsh-domain-monitor.c (vshDomainStateToString): Drop
	default case, to let compiler check us.
	* tools/virsh-domain.c (vshDomainVcpuStateToString): Likewise.

2013-05-28  yangdongsheng  <yangds.fnst@cn.fujitsu.com>

	util: fix the VIR_STRDUP when src is NULL
	When src is NULL, VIR_STRDUP will return 0 directly.
	This patch will set dest to NULL before VIR_STRDUP return.

	Example:
	[root@yds-pc libvirt]# virsh
	Welcome to virsh, the virtualization interactive terminal.

	Type: 'help' for help with commands
	'quit' to quit

	virsh # connect
	error: Failed to connect to the hypervisor
	error: internal error Unable to parse URI �N�*

2013-05-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix build without gnutls
	"error" label in qemuMigrationCookieGraphicsAlloc is now used
	unconditionally thanks to VIR_STRDUP.

2013-05-24  Sergey Fionov  <fionov@gmail.com>

	qemu: save domain state to XML after reboot
	Currently qemuDomainReboot() does reboot in two phases:
	qemuMonitorSystemPowerdown() and qemuProcessFakeReboot().

	qemuMonitorSystemPowerdown() shutdowns the domain and saves domain
	state/reason as VIR_DOMAIN_SHUTDOWN_UNKNOWN.

	qemuProcessFakeReboot() sets domain state/reason to
	VIR_DOMAIN_RESUMED_UNPAUSED but does not save domain state changes.

	Subsequent restart of libvirtd leads to restoring domain state/reason to
	saved that is VIR_DOMAIN_SHUTDOWN_UNKNOWN and to automatic shutdown of
	the domain. This commit adds virDomainSaveStatus() into
	qemuProcessFakeReboot() to avoid unexpected shutdowns.

2013-05-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic VI object type detection
	VI objects support inheritance with subtype polymorphism. For example the
	FileInfo object type is extended by FloppyImageFileInfo, FolderFileInfo
	etc. Then SearchDatastore_Task returns an array of FileInfo objects and
	depending on the represented file the FileInfo is actually a FolderFileInfo
	or FloppyImageFileInfo etc. The actual type information is stored as XML
	attribute that allows clients such as libvirt to distinguish between the
	actual types. esxVI_GetActualObjectType is used to extract the actual type.

	I assumed that this mechanism would be used for all VI object types that
	have subtypes. But this is not the case. It seems only to be used for types
	that are actually used as generic base type such as FileInfo. But it is not
	used for types that got extended later such as ElementDescription that was
	extended by ExtendedElementDescription (added in vSphere API 4.0) or that
	are not meant to be used with subtype polymorphism.

	This breaks the deserialization of types that contain ElementDescription
	properties such as PerfCounterInfo or ChoiceOption, because the code
	expects an ElementDescription object to have an XML attribute named type
	that is not present, since ExtendedElementDescription was added to the
	esx_vi_generator.input in commit 60f0f55ee4686fecbffc5fb32f90863427d02a14.
	This in turn break virtual machine question handling and auto answering.

	Fix this by using the base type if no XML type attribute is present.

2013-05-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	spec: Build vbox packages only for x86 architectures
	Commit 6ab6bc19f03513fd87d29ecfd405bb7f4a7de114 has introduced separate
	daemon/driver packages for vbox. These should only be built for x86
	architectures which is done hereby.

2013-05-24  Osier Yang  <jyang@redhat.com>

	security_dac: Fix the coding style
	Pushed under trivial rule.

2013-05-24  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to new VIR_STRNDUP behavior
	With previous patch, we accept negative value as length of string to
	duplicate. So there is no need to pass strlen(src) in case we want to do
	duplicate the whole string.

2013-05-24  Michal Privoznik  <mprivozn@redhat.com>

	virStrndup: Accept negative values as string length
	It may shorten the code a bit as the following pattern:

	  VIR_STRNDUP(dst, src, cond ? n : strlen(src))

	is used on several places among our code. However, we can
	move the strlen into virStrndup and thus write just:

	  VIR_STRNDUP(dst, src, cond ? n : -1)

2013-05-24  Osier Yang  <jyang@redhat.com>

	storage_conf: Fix the error type
	s/VIR_ERR_INTERNAL_ERROR/VIR_ERR_XML_ERROR/.

	storage_conf: Put "%s" at the same line with error type
	Trivial, but it allows the "error message" to have more spaces.

	storage_conf: Use xmlStrEqual instead of STREQ
	And improve the error message

	storage_conf: Remove the useless casting

	storage_conf: Don't leak "uuid" in virStoragePoolDefParseAuthCephx
	Any string returned from virXPathString should be freed.

	storage_conf: Fix the wrong error message
	It's for parsing "login" attribute of "auth".

2013-05-24  Ján Tomko  <jtomko@redhat.com>

	syntax-check: ignore all quoted strings in bracket-spacing
	Ignore strings with an escaped double quote too.

	This removes the need for special handling of quotes in the
	semicolon check.

2013-05-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Remove error report in virNWFilterDHCPSnoopEnd
	Remove error reporting when calling the virNWFilterDHCPSnoopEnd
	function with an interface for which no thread is snooping traffic.

	Document the usage of this function.

2013-05-24  Martin Kletzander  <mkletzan@redhat.com>

	Fix blkdeviotune for shutoff domain
	Function qemuDomainSetBlockIoTune() was checking QEMU capabilities
	even when !(flags & VIR_DOMAIN_AFFECT_LIVE) and the domain was
	shutoff, resulting in the following problem:

	 virsh # domstate asdf; blkdeviotune asdf vda --write-bytes-sec 100
	 shut off

	 error: Unable to change block I/O throttle
	 error: unsupported configuration: block I/O throttling not supported with this QEMU binary

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=965016

2013-05-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	cgroups: Do not enforce nonexistent controllers
	Currently, the controllers argument to virCgroupDetect acts both as
	a result filter and a required controller specification, which is
	a bit overloaded. If both functionalities are needed, it would be
	better to have them seperated into a filter and a requirement mask.
	The only situation where it is used today is to ensure that only
	CPU related controllers are used for the VCPU directories. But here
	we clearly do not want to enforce the existence of cpu, cpuacct and
	specifically not cpuset at the same time.
	This commit changes the semantics of controllers to "filter only".
	Should a required mask ever be needed, more work will have to be done.

2013-05-24  Osier Yang  <jyang@redhat.com>

	virsh: Fix regression of vol-resize
	Introduced by commit 1daa4ba33acf. vshCommandOptStringReq returns
	0 on *success* or the option is not required && not present, both
	are right result. Error out when returning 0 is not correct.
	the caller, it doesn't have to check wether it

2013-05-24  Michal Privoznik  <mprivozn@redhat.com>

	Introduce syntax-check rule to prefer VIR_STRDUP over strdup

	Adapt to VIR_STRDUP and VIR_STRNDUP in tools/virsh.c

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/util/vircgroup.c
	This commit is separate due to unusual paradigm compared to the
	most source files.

	virCgroupAddTaskStrController: s/-1/-ENOMEM/
	Within whole vircgroup.c we 'return -errno', e.g. 'return -ENOMEM'.
	However, in this specific function virCgroupAddTaskStrController
	we weren't returning -ENOMEM but -1 despite fact that later in
	the function we are returning one of errno values indeed.

2013-05-24  John Ferlan  <jferlan@redhat.com>

	xen: Resolve Coverity FORWARD_NULL issue
	Commit '18b14012' refactored the Xen code resulting in a Coverity
	warning about possible NULL reference if the path where the XM driver
	takes puts the def on it's list.  Moved/duplicated the virGetDomain()
	call to pacify the possible NULL deref.

2013-05-23  Cole Robinson  <crobinso@redhat.com>

	docs: domain: /dev/urandom isn't a valid rng patch
	Only /dev/random and /dev/hwrng are accepted, list them explicitly.

2013-05-23  Ján Tomko  <jtomko@redhat.com>

	conf: add missing OOM errors

	qemu: fix NBD migration to hosts with IPv6 enabled
	Since f03dcc5 we use [::] as the listening address both on qemu
	command line in -incoming and in nbd-server-start QMP command.
	However the latter requires just :: without the braces.

2013-05-23  Ján Tomko  <jtomko@redhat.com>

	conf: fix use after free in virChrdevOpen
	Don't free the stream on error if we've successfully added it
	to the hash table, since it will be freed by virChrdevHashEntryFree
	callback.

	Preserve the error message before calling virStreamFree, since it
	resets the error.

	Introduced by 4716138, crashing since 6921892.

	Reported by Sergey Fionov on libvir-list.

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenxs/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xenapi/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/xen/*

	virNetMessageSaveError: Fix copy and paste error
	Previously, we were freeing verr fields instead of rerr which we've
	allocated just a line above.

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	virNWFilterHashTablePut: Free the correct variable
	In bf1fe848 I've introduced 'newName' variable to substitute the old
	'const char *name' as previously we had an ugly code there:

	  name = strdup(name);

	However, some parts of the function were not updated, so they were still
	calling VIR_FREE(name) instead of VIR_FREE(newName).

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	umlConnectTapDevice: initialize tapfd variable
	There is possibility to jump to 'cleanup' label without tapfd variable
	being initialized. In the label, VIR_FORCE_CLOSE(tapfd) is called which
	can have fatal consequences.

2013-05-23  Marek Marczykowski  <marmarek@invisiblethingslab.com>

	remote: fix dom->id after virDomainCreateWithFlags
	The same issue as (already fixed) in virDomainCreate -
	REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS doesn't return new domain ID, only
	-1 on error or 0 on success.

	Besides this one fix it is more general problem - local domain object
	ID can desynchronize with the real one, for example in case of another
	client creates/destroys domain in the meantime. Perhaps virDomainGetID
	should be called remotely (with all performance implications...)? Or
	some event-based notification used?

2013-05-23  Osier Yang  <jyang@redhat.com>

	Fix the build failure
	Commit 16251193afdc forgot to include "virstring.h". Pushed under
	build-breaker rule.

2013-05-23  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Fix virDomainFree for NULL domain in blkdeviotune

2013-05-23  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/security/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/rpc/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/remote/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/qemu/*

2013-05-23  Zhang Xiaohe  <zhangxh@cn.fujitsu.com>

	virsh: omit OPTION section in 'virsh help' if no option exists
	Don't print 'OPTION' if there's no options. Just behaves as DESCRIPTION
	does.
	This mostly affects 'interface' command group.

	Reported-by: Li Yang <liyang.fnst@cn.fujitsu.com>

2013-05-22  Michal Privoznik  <mprivozn@redhat.com>

	Change virConnectDomainEventGraphicsCallback signature
	For future work we need _virDomainEventGraphicsAddress and
	_virDomainEventGraphicsSubjectIdentity members to be char * not const
	char *. We are strdup()-ing them anyway, so they should have been char *
	anyway (from const correctness POV). However, we don't want users to
	change passed values, so we need to make the callback's argument const.

	Although this is an API change (not ABI though), real callers won't be
	impacted. Why?
	 1. these callback members are read-only, so it is less likely that
	someone is trying to assign into the struct members.
	 2. The only way to register a virConnectDomainEventGraphicsCallback is
	to cast it through a call to virConnectDomainEventRegisterAny.  That is,
	even if the user's callback function leaves out the const, we never use
	the typedef as the direct type of any API parameter.  Since they are
	already casting their function pointer into a munged type before
	registering it, their code will continue to compile.

2013-05-22  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/openvz/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/conf/*

	virNetDevTapCreate: Fail on systems not supporting IFF_MULTI_QUEUE
	In my previous patches I enabled the IFF_MULTI_QUEUE flag every
	time the user requested multiqueue TAP device. However, this
	works only at runtime. During build time the flag may be
	undeclared.

	qemu: Enable multiqueue network

2013-05-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Adapt qemuBuildInterfaceCommandLine to to multiqueue net
	In order to learn libvirt multiqueue several things must be done:

	1) The '/dev/net/tun' device needs to be opened multiple times with
	IFF_MULTI_QUEUE flag passed to ioctl(fd, TUNSETIFF, &ifr);

	2) Similarly, '/dev/vhost-net' must be opened as many times as in 1)
	in order to keep 1:1 ratio recommended by qemu and kernel folks.

	3) The command line construction code needs to switch from 'fd=X' to
	'fds=X:Y:...:Z' and from 'vhostfd=X' to 'vhostfds=X:Y:...:Z'.

	4) The monitor handling code needs to learn to pass multiple FDs.

2013-05-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Move interface cmd line construction into a separate function
	Currently, we have one huge function to construct qemu command line.
	This is very ineffective esp. if there's a fault somewhere.

	Introduce /domain/devices/interface/driver/@queues attribute
	This attribute is going to represent number of queues for
	multique vhost network interface. This commit implements XML
	extension part of the feature and add one test as well. For now,
	we can only do xml2xml test as qemu command line generation code
	is not adapted yet.

2013-05-22  Guannan Ren  <gren@redhat.com>

	qemu: add ', share=<policy>' to qemu commandline
	example: qemu ${otherargs} \
	             -vnc 127.0.0.1:0,share=allow-exclusive

2013-05-22  Guannan Ren  <gren@redhat.com>

	conf: add 'sharePolicy' attribute to graphics element for vnc
	 -vnc :5900,share=allow-exclusive
	allows clients to ask for exclusive access which is
	implemented by dropping other connections Connecting
	multiple clients in parallel requires all clients asking
	for a shared session (vncviewer: -shared switch)

	 -vnc :5900,share=force-shared
	disables exclusive client access.  Useful for shared
	desktop sessions, where you don't want someone forgetting
	specify -shared disconnect everybody else.

	 -vnc :5900,share=ignore
	completely ignores the shared flag and allows everybody
	connect unconditionally

2013-05-22  Guannan Ren  <gren@redhat.com>

	qemu: new vnc display sharing policy caps flag
	QEMU_CAPS_VNC_SHARE_POLICY (qemu >= 1.1)

2013-05-22  Ján Tomko  <jtomko@redhat.com>

	vbox: fix VIR_STRDUP value check
	In my review of 31532ca I missed the fact that VIR_STRDUP
	now returns 1 on success, and 0 if the source was NULL.

	(This still doesn't add proper OOM error handling.)

2013-05-22  Osier Yang  <jyang@redhat.com>

	syntax-check: Add the rule to forbid whitespace before ";"
	Only a few cases are allowed:

	1) The expression is empty for "for" loop, E.g.

	  for (i = 0; ; i++)

	2) An empty statement

	  while (write(statuswrite, &status, 1) == -1 &&
	         errno == EINTR)
	      ; /* empty */

	3) ";" is inside double-quote, I.e, as part of const string. E.g.

	  vshPrint(ctl, "a ; b ; cd;\n");

	The "for" loop in src/rpc/virnettlscontext.c is the special case,
	1) applies for it, so change it together in this patch.

2013-05-22  Osier Yang  <jyang@redhat.com>

	nwfilter: Change the comment style
	The more common habit is to add the comment after the statements.

	Fix the syntax-check failure
	Introduced by commit 7ac2c4fe624, pushed under build-breaker rule.

2013-05-22  Guannan Ren  <gren@redhat.com>

	interface: list all interfaces with flags == 0
	virConnectListAllInterfaces should support to list all of
	interfaces when the value of flags is 0. The behaviour is
	consistent with other virConnectListAll* APIs

2013-05-21  Eric Blake  <eblake@redhat.com>

	cgroup: be robust against cgroup movement races
	https://bugzilla.redhat.com/show_bug.cgi?id=965169 documents a
	problem starting domains when cgroups are enabled; I was able
	to reliably reproduce the race about 5% of the time when I added
	hooks to domain startup by 3 seconds (as that seemed to be about
	the length of time that qemu created and then closed a temporary
	thread, probably related to aio handling of initially opening
	a disk image).  The problem has existed since we introduced
	virCgroupMoveTask in commit 9102829 (v0.10.0).

	There are some inherent TOCTTOU races when moving tasks between
	kernel cgroups, precisely because threads can be created or
	completed in the window between when we read a thread id from the
	source and when we write to the destination.  As the goal of
	virCgroupMoveTask is merely to move ALL tasks into the new
	cgroup, it is sufficient to iterate until no more threads are
	being created in the old group, and ignoring any threads that
	die before we can move them.

	It would be nicer to start the threads in the right cgroup to
	begin with, but by default, all child threads are created in
	the same cgroup as their parent, and we don't want vcpu child
	threads in the emulator cgroup, so I don't see any good way
	of avoiding the move.  It would also be nice if the kernel were
	to implement something like rename() as a way to atomically move
	a group of threads from one cgroup to another, instead of forcing
	a window where we have to read and parse the source, then format
	and write back into the destination.

	* src/util/vircgroup.c (virCgroupAddTaskStrController): Ignore
	ESRCH, because a thread ended between read and write attempts.
	(virCgroupMoveTask): Loop until all threads have moved.

2013-05-21  Osier Yang  <jyang@redhat.com>

	src/*.[ch]: Remove the whitespace before ";"

	src/locking: Remove the whitespace before ";"

	python: Remove the whitespace before ";"

	examples: Remove the whitespace before ';'

	src/lxc: Remove the whitespace before ";"

	src/remote: Remove the whitespace before ";"

	src/rpc: Remove the whitespace before ";"

	src/utils: Remove the whitespace before ";"

	tests/: Remove the whitespace before ";"

	daemon: Remove the whitespace before ";"

	tools: Remove the whitespace before ";"

	src/storage: Remove the whitespace before ';'

	src/security: Remove the whitespace before ';'

	src/xen: Remove the whitespace before ';'

	src/vmware: Remove the whitespace before ';'

	src/qemu: Remove the whitespace before ';'

	src/interface: Remove the whitespace before ';'

	src/parallels: Remove the whitespace before ';'

	src/uml: Remove the whitespace before ';'

	src/openvz: Remove the whitespace before ';'

	src/node_device: Remove the whitespace before ';'

	src/phyp: Remove the whitespace before ';'

	src/nwfilter: Remove the whitespace before ';'

	src/xenxs: Remove the whitespace before ';'

	src/vbox: Remove the whitespace before ';'

	src/test: Remove the whitespace before ';'

	src/conf: Remove the whitespace before ';'

	src/libxl: Remove the whitespace before ';'

	src/network: Remove the whitespace before ';'

2013-05-21  Daniel P. Berrange  <berrange@redhat.com>

	Convert Xen domain core dump driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain coredump
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain stats/peek driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain stats &
	peek APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain scheduler driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain scheduler
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain autostart driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain autostart
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain device hotplug driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain hotplug
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain VCPU driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain VCPU
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain create/define/getxml/migration APIs to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain create, migrate,
	getxml, & define APIs to simplify introduction of ACL security
	checks. The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain managed save driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain save
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain property driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain property
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain lifecycle driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain lifecycle
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

	Convert Xen domain lookup driver methods to use virDomainDefPtr
	Introduce use of a virDomainDefPtr in the domain lookup
	APIs to simplify introduction of ACL security checks.
	The virDomainPtr cannot be safely used, since the app
	may have supplied mis-matching name/uuid/id fields. eg
	the name points to domain X, while the uuid points to
	domain Y. Resolving the virDomainPtr to a virDomainDefPtr
	ensures a consistent name/uuid/id set.

2013-05-21  Osier Yang  <jyang@redhat.com>

	qemu: Don't remove the "return 0"
	Commit f60a50c7957 intended to remove the warning only, but not with
	the "return 0" together.

2013-05-21  John Ferlan  <jferlan@redhat.com>

	shunloadtest: Resolve Coverity CHECKED_RETURN error
	The shunloadStart function didn't check the status of virInitialize which
	was flagged by Coverity.  Adjust the function and shunloadtest in order
	to handle the situation.

	xencapstest: Resolve Coverity CHECKED_RETURN error
	The return from virInitialize() needs to be checked.

2013-05-21  Guannan Ren  <gren@redhat.com>

	qemu: fix a typo in qemuAddSharedDevice

2013-05-21  Ján Tomko  <jtomko@redhat.com>

	docs: formatdomain: fix links in the table of contents

2013-05-21  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainChangeEjectableMedia: Unlock domain while waiting for event
	In 84c59ffa I've tried to fix changing ejectable media process. The
	process should go like this:

	1) we need to call 'eject' on the monitor
	2) we should wait for 'DEVICE_TRAY_MOVED' event
	3) now we can issue 'change' command

	However, while waiting in step 2) the domain monitor was locked. So
	even if qemu reported the desired event, the proper callback was not
	called immediately. The monitor handling code needs to lock the
	monitor in order to read the event. So that's the first lock we must
	not hold while waiting. The second one is the domain lock. When
	monitor handling code reads an event, the appropriate callback is
	called then. The first thing that each callback does is locking the
	corresponding domain as a domain or its device is about to change
	state. So we need to unlock both monitor and VM lock. Well, holding
	any lock while sleep()-ing is not the best thing to do anyway.

2013-05-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Replace almost all esxVI_String_DeepCopyValue vith VIR_STRDUP

	vmware: Restore OOM error reporting in vmwareCopyVMXFileName
	Got lost in commit e6ab10098066dd04794ff2ee5d10bc9b1db93327.

2013-05-20  Eric Blake  <eblake@redhat.com>

	maint: enforce correct copyright usage
	To ensure we don't regress and cause the need for further
	cleanups, add a 'make syntax-check' rule that ensures new
	files have proper copyright contents.

	* cfg.mk (sc_copyright_address): Rename...
	(sc_copyright_usage): ...and enhance.

2013-05-20  Eric Blake  <eblake@redhat.com>

	maint: refer to correct license file
	Now that COPYING no longer contains the text of the LGPL,
	modify the LGPLv2-only files from vbox to call out the
	correct file.

	* src/vbox/vbox_CAPI_v2_2.h: Refer to correct file.
	* src/vbox/vbox_CAPI_v3_0.h: Likewise.
	* src/vbox/vbox_CAPI_v3_1.h: Likewise.
	* src/vbox/vbox_CAPI_v3_2.h: Likewise.
	* src/vbox/vbox_CAPI_v4_0.h: Likewise.
	* src/vbox/vbox_CAPI_v4_1.h: Likewise.
	* src/vbox/vbox_V2_2.c: Likewise.
	* src/vbox/vbox_V3_0.c: Likewise.
	* src/vbox/vbox_V3_1.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.c: Likewise.
	* src/vbox/vbox_XPCOMCGlue.h: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_driver.h: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/vbox/vbox_V3_2.c: Copy license notice from vbox_V3_1.c.
	* src/vbox/vbox_V4_0.c: Likewise.
	* src/vbox/vbox_V4_1.c: Likewise.
	* src/vbox/README: Mention copyright issues; this particular
	file contains no code and therefore does not need LGPL.

2013-05-20  Eric Blake  <eblake@redhat.com>

	maint: follow recommended practice for using LGPL
	https://www.gnu.org/licenses/gpl-howto.html states:

	You should also include a copy of the license itself somewhere in the
	distribution of your program. All programs, whether they are released
	under the GPL or LGPL, should include the text version of the GPL. In
	GNU programs the license is usually in a file called COPYING.

	If you are releasing your program under the LGPL, you should also
	include the text version of the LGPL, usually in a file called
	COPYING.LESSER. Please note that, since the LGPL is a set of
	additional permissions on top of the GPL, it's important to include
	both licenses so users have all the materials they need to understand
	their rights.

	* configure.ac (COPYING): No more games with non-git file.
	* COPYING: New file, copied from gnulib.
	* COPYING.LIB: Rename...
	* COPYING.LESSER: ...to this.
	* .gitignore: Track licenses in git.
	* cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
	rule.
	* libvirt.spec.in (daemon, client, python): Reflect rename.

2013-05-20  Eric Blake  <eblake@redhat.com>

	maint: use LGPL correctly
	Several files called out COPYING or COPYING.LIB instead of using
	the normal boilerplate.  It's especially important that we don't
	call out COPYING from an LGPL file, since COPYING is traditionally
	used for the GPL.  A few files were lacking copyright altogether.

	* src/rpc/gendispatch.pl: Add missing copyright.
	* Makefile.nonreentrant: Likewise.
	* src/check-symfile.pl: Likewise.
	* src/check-symsorting.pl: Likewise.
	* src/driver.h: Likewise.
	* src/internal.h: Likewise.
	* tools/libvirt-guests.sh.in: Likewise.
	* tools/virt-pki-validate.in: Mention copyright in comment, not just code.
	* tools/virt-sanlock-cleanup.in: Likewise.
	* src/rpc/genprotocol.pl: Spell out license terms.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* Makefile.am: Likewise.
	* daemon/Makefile.am: Likewise.
	* docs/Makefile.am: Likewise.
	* docs/schemas/Makefile.am: Likewise.
	* examples/apparmor/Makefile.am: Likewise.
	* examples/domain-events/events-c/Makefile.am: Likewise.
	* examples/dominfo/Makefile.am: Likewise.
	* examples/domsuspend/Makefile.am: Likewise.
	* examples/hellolibvirt/Makefile.am: Likewise.
	* examples/openauth/Makefile.am: Likewise.
	* examples/python/Makefile.am: Likewise.
	* examples/systemtap/Makefile.am: Likewise.
	* examples/xml/nwfilter/Makefile.am: Likewise.
	* gnulib/lib/Makefile.am: Likewise.
	* gnulib/tests/Makefile.am: Likewise.
	* include/Makefile.am: Likewise.
	* include/libvirt/Makefile.am: Likewise.
	* python/Makefile.am: Likewise.
	* python/tests/Makefile.am: Likewise.
	* src/Makefile.am: Likewise.
	* tests/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.
	* configure.ac: Likewise.

2013-05-20  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: move the comments to the proper place
	The comments is for virLXCControllerSetupPrivateNS.

	LXC: fix memory leak in virLXCControllerSetupDevPTS
	We forgot to free the mount_options.

	LXC: remove unnecessary check on root filesystem
	After commit c131525bec5af248e3843224bc5ce8d6435760f0
	"Auto-add a root <filesystem> element to LXC containers on startup"
	for libvirt lxc, root must be existent.

2013-05-20  Michal Privoznik  <mprivozn@redhat.com>

	openvzDomainSetNetwork: use virCommand
	Currently, the openvzDomainSetNetwork function constructs an
	array of strings representing a command line for VZCTL binary.
	This is a overkill since our virCommand APIs can cover all the
	functionality. Moreover, the function is not following our
	structure where return value is set to -1 initially, and after
	all operations succeeded then it is set to zero.

2013-05-20  Osier Yang  <jyang@redhat.com>

	qemu: Add callback struct for qemuBuildCommandLine
	Since 0d70656afded, it starts to access the sysfs files to build
	the qemu command line (by virSCSIDeviceGetSgName, which is to find
	out the scsi generic device name by adpater:bus:target:unit), there
	is no way to work around, qemu wants to see the scsi generic device
	like "/dev/sg6" anyway.

	And there might be other places which need to access sysfs files
	when building qemu command line in future.

	Instead of increasing the arguments of qemuBuildCommandLine, this
	introduces a new callback for qemuBuildCommandLine, and thus tests
	can register their own callbacks for sysfs test input files accessing.

	* src/qemu/qemu_command.h: (New callback struct
	                            qemuBuildCommandLineCallbacks;
	                            extern buildCommandLineCallbacks)
	* src/qemu/qemu_command.c: (wire up the callback struct)
	* src/qemu/qemu_driver.c: (Use the new syntax of qemuBuildCommandLine)
	* src/qemu/qemu_hotplug.c: Likewise
	* src/qemu/qemu_process.c: Likewise
	* tests/testutilsqemu.[ch]: (Helper testSCSIDeviceGetSgName;
	                             callback struct testCallbacks;)
	* tests/qemuxml2argvtest.c: (Use testCallbacks)
	* src/tests/qemuxmlnstest.c: (Like above)

2013-05-20  Osier Yang  <jyang@redhat.com>

	storage_conf: Improve the coding style in storage_conf.h
	Changes:
	  * Remove useless comments
	  * Remove useless blank lines
	  * If the struct member is a enum type, comment it like
	    /* enum fooBar */
	  * Break the long lines
	  * Prefer the common function style for the inline function

	storage_conf: Fix indentions in storage_conf.c
	Uses the 4 spaces for indention.

2013-05-20  Osier Yang  <jyang@redhat.com>

	storage_conf: Fix the coding stype in storage_conf.c
	Changes:
	  * Remove the useless space in "for" statement (e.g.
	    for (i = 0 ; i < something ; i++)

	  * Change the function's style to:
	    void
	    foo(bar)
	    {
	        printf("foo is not bar\n");
	    }

	  * Don't lose "{}" for "if...else" branches if one of the branch
	    has more than one line block. Example of the old ones:
	    if (a) {
	        printf("a is not funny");
	    } else
	        printf("a is funny");

	  * Remove the 1 space before "goto" label.

	  * Remove the useless blank line(s)

	  * Add blank line if it can make the code more clear to eyes.

2013-05-20  Osier Yang  <jyang@redhat.com>

	qemu: Abstract code for cpuset controller setting into a helper

	qemu: Abstract code for devices controller setting into a helper

	qemu: Abstract code for memory controller setting into a helper

	qemu: Abstract the code for blkio controller setting into a helper

2013-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix error reporting in esxVI_LookupManagedObjectHelper
	As the name parameter can be NULL the error message can only contain it
	conditionally.

2013-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Add missing c-ctype.h to virfile.c
	The virfile.c file uses c_isalpha on Win32 platforms, so must
	include c-ctype.h

	Add libvirt-daemon-vbox & libvirt-daemon-driver-vbox RPMs
	Now the VirtualBox driver is a loadable module, it needs
	to live in its own sub-RPM

	Include GNULIB mkdtemp module
	The mkdtemp function is missing on mingw platforms. It is
	used in various Linux specific places in libvirt, but
	recently became used in fdstreamtest.c which is cross
	platform. Thus the GNULIB mkdtemp module should be used
	to provide mkdtemp.

	Set PKG_CONFIG_LIBDIR in autobuild.sh
	If PKG_CONFIG_LIBDIR is not set when doing mingw32/64 builds,
	then pkg-config may silently fallback to native versions of
	libraries, with predictably bad results. Setting PKG_CONFIG_LIBDIR
	forces it to only consider the mingw32/64 libraries.

2013-05-17  Eric Blake  <eblake@redhat.com>

	docs: add another user
	Described here:
	https://www.redhat.com/archives/libvir-list/2013-May/msg01329.html

	* docs/apps.html.in: Mention Cracow Cloud One.

2013-05-17  Guannan Ren  <gren@redhat.com>

	qemu: report useful error failling to destroy domain gracefully
	Resolves:https://bugzilla.redhat.com/show_bug.cgi?id=927620

	 #kill -STOP `pidof qemu-kvm`
	 #virsh destroy $guest --graceful
	 error: Failed to destroy domain testVM
	 error: An error occurred, but the cause is unknown

	With --graceful, SIGTERM always is emitted to kill driver
	process, but it won't success till burning out waiting time
	in case of process being stopped.
	But domain destroy without --graceful can work, SIGKILL will
	be emitted to the stopped process after 10 secs which always
	kills a process even one that is currently stopped.
	So report an error after burning out waiting time in this case.

2013-05-17  Osier Yang  <jyang@redhat.com>

	qemu: Check conflicts for shared scsi host device
	Just like previous patches, this changes qemuCheckSharedDisk
	into qemuCheckSharedDevice, which takes a virDomainDeviceDefPtr
	argument instead.

2013-05-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	test: fix VPATH fchosttest failure
	Running make check in a VPATH configured build directory fails
	in fchosttest as the test data files are searched for relative to
	the current working directory.

2013-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Re-add selinux/selinux.h to lxc_container.c
	Re-add the selinux header to lxc_container.c since other
	functions now use it, beyond the patch that was just
	reverted.

	Fix failure to detect missing cgroup partitions
	Change bbe97ae968eba60b71e0066d49f9fc909966d9d6 caused the
	QEMU driver to ignore ENOENT errors from cgroups, in order
	to cope with missing /proc/cgroups. This is not good though
	because many other things can cause ENOENT and should not
	be ignored. The callers expect to see ENXIO when cgroups
	are not present, so adjust the code to report that errno
	when /proc/cgroups is missing

	Revert "Change label of fusefs mounted at /proc/meminfo in lxc containers"
	This reverts commit 940c6f1085c3aafced51152b17a044af8c42b16e.

2013-05-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix leaking libxl events
	libxl expects the event handler to free the event passed to it.  From
	libxl_event.h:

	   event becomes owned by the application and must be freed, either
	   by event_occurs or later

2013-05-17  Jim Fehlig  <jfehlig@suse.com>

	libxl: fix build with Xen4.3
	Xen 4.3 fixes a mistake in the libxl event handler signature where the
	event owned by the application was defined as const.  Detect this and
	define the libvirt libxl event handler signature appropriately.

2013-05-17  Ján Tomko  <jtomko@redhat.com>

	schema: make source optional in volume XML
	We don't parse it anyway.

	https://bugzilla.redhat.com/show_bug.cgi?id=893273

2013-05-17  Ján Tomko  <jtomko@redhat.com>

	schema: require target path in storage pool xml
	Make target path mandatory for pool types that require target,
	since we refuse to parse a target without a path.

	https://bugzilla.redhat.com/show_bug.cgi?id=893273

2013-05-17  Osier Yang  <jyang@redhat.com>

	qemu: Change values of disk discard
	QEMU might support more values for "-drive discard", so using Bi-state
	values (on/off) for it doesn't make sense.

	"on" maps to "unmap", "off" maps to "ignore":

	<...>
	@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
	controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
	requests are ignored or passed to the filesystem.  Some machine types
	may not support discard requests.
	</...>

2013-05-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement support for locking domain's memory pages

2013-05-16  Jiri Denemark  <jdenemar@redhat.com>

	Add support for locking domain's memory pages
	The following XML configuration can be used to request all domain's
	memory pages to be kept locked in host's memory (i.e., domain's memory
	pages will not be swapped out):

	      <memoryBacking>
	        <locked/>
	      </memoryBacking>

2013-05-16  Jiri Denemark  <jdenemar@redhat.com>

	Fix build with VirtualBox
	Commit ba5f3c7c moved vbox driver into libvirtd but forgot to adapt
	daemon's Makefile.am.

2013-05-16  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix cgroup handling when setting VCPU BW
	Commit 632f78c introduced a regression which causes schedinfo being
	unable to set some parameters.  When migrating to priv->cgroup there
	was missing variable left out and due to passed NULL to underlying
	function, the setting failed.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=963592

2013-05-16  Osier Yang  <jyang@redhat.com>

	qemu: Set unpriv_sgio for scsi host device

	qemu: Refactor qemuSetUnprivSGIO to support scsi host device
	Just like what previous patches do, it refactors qemuSetUnprivSGIO
	to take the virDomainDeviceDefPtr as argument instead.

	qemu: Move qemuSetUnprivSGIO into qemu_conf.c
	unpriv_sgio setting is tight with the shared device helpers, let's
	put them together in qemu_conf.c

	conf: Introduce sgio for hostdev
	"sgio" is only valid for scsi host device.

	Rename virDomainDiskSGIO to virDomainDeviceSGIO
	SCSI host device will also support "sgio", and perhaps we could
	use "sgio" in other places too in future, renaming the enum to
	reuse.

	qemu: Manage shared device entry for scsi host device
	This adds the shared device entry when starting domain (more
	exactly, when preparing host devices), and remove the entry
	when destroying domain (when reattaching host devices).

2013-05-16  Osier Yang  <jyang@redhat.com>

	qemu: Refactor the helpers to track shared scsi host device
	This changes the helpers qemu{Add,Remove}SharedDisk into
	qemu{Add,Remove}SharedDevice, as most of the code in the helpers
	can be reused for scsi host device.

	To track the shared scsi host device, first it finds out the
	device path (e.g. /dev/s[dr]*) which is mapped to the sg device,
	and use device ID of the found device path (/dev/s[dr]*) as the
	hash key. This is because of the device ID is not unique between
	between /dev/s[dr]* and /dev/sg*, e.g.

	% sg_map
	/dev/sg0  /dev/sda
	/dev/sg1  /dev/sr0

	% ls -l /dev/sda
	brw-rw----. 1 root disk 8, 0 May  2 19:26 /dev/sda

	%ls -l /dev/sg0
	crw-rw----. 1 root disk 21, 0 May  2 19:26 /dev/sg0

2013-05-16  Osier Yang  <jyang@redhat.com>

	utils: Add a helper to get the device name that sg device mapped to
	E.g.

	% sg_map
	/dev/sg0  /dev/sda
	/dev/sg1  /dev/sr0

	What the helper gets for /dev/sg0 is /dev/sda, it will be used by
	later patch.

2013-05-16  Osier Yang  <jyang@redhat.com>

	qemu: Rename qemu_driver->sharedDisks to qemu_driver->sharedDevices
	"Shared disk" is not only the thing we should care about after "scsi
	hostdev" is introduced. A same scsi device can be used as "disk" for
	one domain, and as "scsi hostdev" for another domain at the same time.
	That's why this patch renames qemu_driver->sharedDisks. Related functions
	and structs are also renamed.

	conf: Introduce <shareable> for hostdev
	Unlike disk device, the scsi-generic always writethrough the data,
	so no need to introduce a "cache" tag, and set "cache=off".

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't mount selinux fs in LXC if selinux is disabled
	Before trying to mount the selinux filesystem in a container
	use is_selinux_enabled() to check if the machine actually
	has selinux support (eg not booted with selinux=0)

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Move VirtualBox driver into libvirtd
	Change the build process & driver initialization so that the
	VirtualBox driver is built into libvirtd, instead of libvirt.so
	This change avoids the VirtualBox GPLv2-only license causing
	compatibility problems with libvirt.so which is under the
	GPLv2-or-later license.

	NB this change prevents use of the VirtualBox driver on the
	Windows platform, until such time as libvirtd can be made
	to work there.

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix LXC startup when /var/run is an absolute symlink
	During startup, the LXC driver uses paths such as

	  /.oldroot/var/run/libvirt/lxc/...

	to access directories from the previous root filesystem
	after doing a pivot_root(). Unfortunately if /var/run
	is an absolute symlink to /run, instead of a relative
	symlink to ../run, these paths break.

	At least one Linux distro is known to use an absolute
	symlink for /var/run, so workaround this, by resolving
	all symlinks before doing the pivot_root().

2013-05-16  Osier Yang  <jyang@redhat.com>

	conf: Fix the bug of disk->copy_on_read formating
	The reason for it's not exposed for such long time is that the
	enums for VirtioEventIdx and CopyOnReadType have same enum values
	and Correspondingstrings. This fixes the bug and adds test.

2013-05-16  Ján Tomko  <jtomko@redhat.com>

	datatypes: fix virGetStoragePool's comment

2013-05-16  Ján Tomko  <jtomko@redhat.com>

	daemon: fix leak after listing all volumes
	CVE-2013-1962

	remoteDispatchStoragePoolListAllVolumes wasn't freeing the pool.
	The pool also held a reference to the connection, preventing it from
	getting freed and closing the netcf interface driver, which held two
	sockets open.

2013-05-16  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fix crash in migration of graphics-less guests.
	Commit 7f15ebc7a2b599ab10dbc15bca6f823591213e67 introduced a bug
	happening when guests without a <graphics> element are migrated.
	The initialization of listenAddress happens unconditionally
	from the cookie even if the cookie->graphics pointer was NULL.
	Moved the initialization to where it is safe.

2013-05-16  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix check-driverimpls in VPATH
	DRIVER_SOURCE_FILES mixes files with absolute path (inherited from
	REMOTE_DRIVER_GENERATED) with file paths that are relative to srcdir but
	check-driverimpls.pl needs full paths.

	util: Fix build without devmapper
	stdlib.h header file needed for getenv was only transitively included
	through libdevmapper.h.

2013-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Expand documentation for LXC driver
	Update the LXC driver documentation to describe the way
	containers are setup by default. Also describe the common
	virsh commands for managing containers and a little about
	the security. Placeholders for docs about configuring
	containers still to be filled in.

2013-05-16  Osier Yang  <jyang@redhat.com>

	conf: Improve the coding style
	Add spaces around "<<", and remove the useless blank-line.

2013-05-16  Eric Blake  <eblake@redhat.com>

	string: test VIR_STRDUP
	The surest way to avoid regressions is to test documented behavior :)

	* tests/virstringtest.c (testStrdup): New test case.

2013-05-16  Guannan Ren  <gren@redhat.com>

	virsh: lookup interface by name or mac other than one by one
	Use virMacAddrParse() to distinguish interface name from interface
	mac address.

2013-05-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: check for inverted ctdir
	Linux netfilter at some point (Linux 2.6.39) inverted the meaning of the
	'--ctdir reply' and newer netfilter implementations now expect
	'--ctdir original' instead and vice-versa.
	We check for the kernel version and assume that all Linux kernels with version
	2.6.39 have the newer inverted logic.

	Any distro backporting the Linux kernel patch that inverts the --ctdir logic
	(Linux commit 96120d86f) must also backport this patch for Linux and
	adapt the kernel version being tested for.

2013-05-15  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	FreeBSD: disable buggy -fstack-protector-all
	FreeBSD ships an old gcc 4.2.1 which generates
	bogus code, e.g. getsockopt() call returns
	struct xucred with bogus values, which doesn't even
	allow to connect to libvirtd:

	error: Failed to find group record for gid '1284660778': No error: 0

	So roll back to just -fstack-protector on FreeBSD.

2013-05-15  John Ferlan  <jferlan@redhat.com>

	Adjust improperly formatted <sysinfo> uuid
	If the <sysinfo> system table 'uuid' field is improperly formatted,
	then qemu will fail to start the guest with the error:

	virsh start dom
	error: Failed to start domain dom
	error: internal error process exited while connecting to monitor: Invalid SMBIOS UUID string

	This was because the parsing rules were lax with respect to allowing extraneous
	spaces and dashes in the provided UUID.  As long as there were 32 hexavalues
	that matched the UUID for the domain the string was accepted. However startup
	failed because the string format wasn't correct. This patch will adjust the
	string format so that when it's presented to the driver it's in the expected
	format.

	Added a test for uuid comparison within sysinfo.

2013-05-15  John Ferlan  <jferlan@redhat.com>

	Validate the bios_date format for <sysinfo>
	Add incorrectly formatted bios_date validation test

	docs: Fix/update syntax in Sysinfo/SMBIOS description

2013-05-15  Dan Walsh  <dwalsh@redhat.com>

	Change label of fusefs mounted at /proc/meminfo in lxc containers
	We do not want to allow contained applications to be able to read fusefs_t.
	So we want /proc/meminfo label to match the system default proc_t.

	Fix checking of error codes

2013-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete skipRoot flag in LXC driver
	The lxcContainerMountAllFS method had a 'bool skipRoot'
	flag to control whether it mounts the / filesystem. Since
	removal of the non-pivot root container setup codepaths,
	this flag is obsolete as the only caller always passes
	'true'.

	Stop passing around old root directory prefix
	Many methods accept a string parameter specifying the
	old root directory prefix. Since removal of the non-pivot
	root container setup codepaths, this parameter is obsolete
	in many methods where the callers always pass "/.oldroot".

	Remove obsolete pivotRoot flag in LXC driver
	The lxcContainerMountBasicFS method had a 'bool pivotRoot'
	flag to control whether it mounted a private /dev. Since
	removal of the non-pivot root container setup codepaths,
	this flag is obsolete as the only caller always passes
	'true'.

2013-05-15  Christophe Fergeau  <cfergeau@redhat.com>

	storage: Ensure 'qemu-img resize' size arg is a 512 multiple
	qemu-img resize will fail with "The new size must be a multiple of 512"
	if libvirt doesn't round it first.
	This fixes rhbz#951495

2013-05-15  Osier Yang  <jyang@redhat.com>

	qemu: Support discard for disk
	QEMU introduced "discard" option for drive since commit a9384aff53,

	<...>
	@var{discard} is one of "ignore" (or "off") or "unmap" (or "on") and
	controls whether @dfn{discard} (also known as @dfn{trim} or @dfn{unmap})
	requests are ignored or passed to the filesystem.  Some machine types
	may not support discard requests.
	</...>

	This patch exposes the support in libvirt.

	QEMU supported "discard" for "-drive" since v1.5.0-rc0:

	% git tag --contains a9384aff53
	contains
	v1.5.0-rc0
	v1.5.0-rc1

	So this only detects the capability bit using virQEMUCapsProbeQMPCommandLine.

2013-05-15  John Ferlan  <jferlan@redhat.com>

	docs: Update formatdomain for lifecycle events

	Handle the domain event 'on_reboot' and 'on_poweroff' settings

	Adjust comments to describe on_poweroff and on_reboot action

2013-05-15  John Ferlan  <jferlan@redhat.com>

	Adjust usage of qemu -no-reboot and -no-shutdown options
	During building of the qemu command line determine whether to add/use the
	'-no-reboot' option only if each of the 'on' events want to to destroy
	the domain; otherwise, use the '-no-shutdown' option.

	Prior to this change both could be on the command line, which while allowed
	could be construed as a conflict.

2013-05-15  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add VNC WebSocket support
	Adding a VNC WebSocket support for QEMU driver.  This functionality is
	in upstream qemu from commit described as v1.3.0-982-g7536ee4, so the
	capability is being recognized based on QEMU version for now.

	Add VNC WebSocket support
	Adding support for new attribute 'websocket' in the '<graphics>'
	element, the attribute value is the port to listen on with '-1'
	meaning auto-allocation, '0' meaning no websockets.

2013-05-15  Osier Yang  <jyang@redhat.com>

	tests: Sort the EXTRA_DIST list
	Commit 1cc8259bfe17 fixes the build failure, but forgot to keep the
	list alphanumeric sorted.

2013-05-15  Osier Yang  <jyang@redhat.com>

	qemu: New XML to disable memory merge at guest startup
	QEMU introduced command line "-mem-merge=on|off" (defaults to on) to
	enable/disable the memory merge (KSM) at guest startup. This exposes
	it by new XML:
	  <memoryBacking>
	    <nosharepages/>
	  </memoryBacking>

	The XML tag is same with what we used internally for old RHEL.

2013-05-15  Eric Blake  <eblake@redhat.com>

	qemu: detect -machine mem-merge capability
	* src/qemu/qemu_capabilities.h: New capability bit.
	* src/qemu/qemu_capabilities.c (virQEMUCapsProbeQMPCommandLine): New
	function, based on qemuMonitorGetCommandLineOptionParameters, which was
	introduced by commit bd56d0d813; use it to set new capability bit.
	(virQEMUCapsInitQMP): Use new function.

2013-05-15  Eric Blake  <eblake@redhat.com>

	spec: fix outdated comment
	https://bugzilla.redhat.com/show_bug.cgi?id=963016 points out that
	we don't use initscripts by default on Fedora any more.

	* libvirt.spec.in (Requires): Better explanation of gettext.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Rename rbd-invalid.xml to rbd-no-colon.xml
	Files ending in -invalid.xml are expected to violate the
	XML schema check. The RBD file does not so must have a
	different filename.

2013-05-14  Osier Yang  <jyang@redhat.com>

	tests: Add fchostdata in EXTRA_DIST
	Pushed under build-breaker rule.

	virsh: Pretty the output of qemu-agent-command
	This adds a new option "--pretty" for qemu-agent-command, to
	pretty-format the returned JSON string.

	virsh: Use vshPrint instead of printf

2013-05-14  Martin Kletzander  <mkletzan@redhat.com>

	Fix invalid argument reference in virnetdev.h
	Commit ccff335f added ATTRIBUTE_NONNULL for an attribute which is not
	a pointer and made files including virnetdev.h not compilable, so fix
	that.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Forbid use of ':' in RBD pool names
	The QEMU command line syntax for RBD disks is

	   file=rbd:pool/image:opt1=val1:opt2=val2...

	There is no way to escape the ':' if it appears in the
	pool or image name. Thus it must be explicitly forbidden
	if it occurs in the libvirt XML. People are known to
	be abusing the lack of escaping in current libvirt to
	pass arbitrary args to QEMU.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Don't duplicate compiler warning flags when linking
	Automake already passes all CFLAGS to the linker too, so it
	is not necessary to set WARN_LDFLAGS in addition to the
	WARN_CFLAGS variable.

	Only pass -export-dynamic to linker, not compiler
	Clang does not like the -export-dynamic flag. The compiler does
	not need it in the first place, so we can avoid the problem by
	only setting it for the linker

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Correctly detect warning flags with clang
	Clang will happily claim to support any warning flags
	unless the -Werror and -Wunknown-warning-option flags
	are set. Thus we need to make sure these are set when
	testing for clags.

	We must also set the clang specific warning flags
	-Wno-unused-command-line-argument to avoid a warning
	from the ssp-buffer-size flag when linking .o files.

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Ignore cast alignment warnings in inotify code for Xen.
	The inotify Xen code causes a cast alignment warning, but this
	is harmless since the kernel inotify interface will ensure
	sufficient alignment of the inotify structs in the buffer being
	read

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Workaround issue with clang and inline functions with static vars
	Clang does not like it when you pass a static variable to an
	inline function

	 vircgroupmock.c:462:22: error: static variable 'fakesysfsdir' is
	  used in an inline function with external linkage [-Werror,-Wstatic-in-inline]

	Just make the var non-static to avoid this

2013-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Ensure consistent enablement of gcc 'diagnostic' pragma
	The virt-compile-warnings.m4 file would do an explicit
	check for whether the compile could use the 'diagnostic'
	pragma push/pop feature. The src/internal.h file would
	then only enable it for GCC >= 4.6

	This breaks with clang which supports the pragma but
	does not claim GCC 4.6 compat. Export a variable from
	the m4 check to the header file so they are consistent.

2013-05-14  Osier Yang  <jyang@redhat.com>

	docs: Fix the wrong links in secret documentation
	docs/formatsecret.html.in: (s/domain\.html/formatdomain\.html/g)

	docs: Add the missed usage type 'iscsi'
	Pushed under trivial rule.

2013-05-14  Eric Blake  <eblake@redhat.com>

	qemu: fix bad free
	Commit bd56d0d8 could lead to freeing an uninitialized pointer:

	qemu/qemu_monitor_json.c: In function 'qemuMonitorJSONGetCommandLineOptionParameters':
	qemu/qemu_monitor_json.c:4284: warning: 'cmd' may be used uninitialized in this function

	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetCommandLineOptionParameters): Initialize variable.

2013-05-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	build: avoid gcrypt deprecation warnings
	When combining old gcc (4.2.1) and new gcrypt (1.5.2), such as
	when using the Ports repository on FreeBSD, the build fails with:

	  CC       libvirt_driver_la-libvirt.lo
	cc1: warnings being treated as errors
	In file included from libvirt.c:58:
	/usr/local/include/gcrypt.h:1336: warning: 'gcry_ac_io_mode_t' is deprecated [-Wdeprecated-declarations]

	Relevant part of gcrypt.h:
	1333 typedef struct gcry_ac_io
	1334 {
	1335   /* This is an INTERNAL structure, do NOT use manually.  */
	1336   gcry_ac_io_mode_t mode _GCRY_ATTR_INTERNAL;
	1337   gcry_ac_io_type_t type _GCRY_ATTR_INTERNAL;
	1338   union

	The sad part is that we aren't even using the deprecated symbols - their
	mere inclusion in the installed header is provoking the problems.  It
	looks like newer gcc is a bit more tolerant (that is, this is a
	shortcoming of FreeBSD's use of an older compiler).

2013-05-13  Eric Blake  <eblake@redhat.com>

	qemu: query command line options in QMP
	Ever since the conversion to using only QMP for probing features
	of qemu 1.2 and newer, we have been unable to detect features
	that are added only by additional command line options.  For
	example, we'd like to know if '-machine mem-merge=on' (added
	in qemu 1.5) is present.  To do this, we will take advantage
	of qemu 1.5's query-command-line-parameters QMP call [1].

	This patch wires up the framework for probing the command results;
	if the QMP command is missing, or if a particular command line
	option does not output any parameters (for example, -net uses
	a polymorphic parser, which showed up as no parameters as of qemu
	1.5), we silently treat that command as having no results.

	[1] https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05180.html

	* src/qemu/qemu_monitor.h (qemuMonitorGetOptions)
	(qemuMonitorSetOptions)
	(qemuMonitorGetCommandLineOptionParameters): New functions.
	* src/qemu/qemu_monitor_json.h
	(qemuMonitorJSONGetCommandLineOptionParameters): Likewise.
	* src/qemu/qemu_monitor.c (_qemuMonitor): Add cache field.
	(qemuMonitorDispose): Clean it.
	(qemuMonitorGetCommandLineOptionParameters): Implement new function.
	* src/qemu/qemu_monitor_json.c
	(qemuMonitorJSONGetCommandLineOptionParameters): Likewise.
	(testQemuMonitorJSONGetCommandLineParameters): Test it.

2013-05-13  Eric Blake  <eblake@redhat.com>

	qemu: simplify string cleanup
	No need to open code a string list cleanup, if we are nice
	to the caller by guaranteeing a NULL-terminated result.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetCPUDefinitions)
	(qemuMonitorJSONGetCommands, qemuMonitorJSONGetEvents)
	(qemuMonitorJSONGetObjectTypes, qemuMonitorJSONGetObjectProps):
	Use simpler cleanup.

2013-05-13  Eric Blake  <eblake@redhat.com>

	qemu: use bool in monitor struct
	Follows on the heels of other bool cleanups, such as commit 93002b98.

	* src/qemu/qemu_monitor.h (qemuMonitorOpen, qemuMonitorOpenFD):
	Update json parameter type.
	* src/qemu/qemu_monitor.c (qemuMonitorOpen, qemuMonitorOpenFD):
	Likewise.
	(_qemuMonitor): Adjust field type.
	* src/qemu/qemu_domain.h (_qemuDomainObjPrivate): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLParse): Adjust
	client.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemumonitortestutils.c (qemuMonitorTestNew): Likewise.

2013-05-13  Eric Blake  <eblake@redhat.com>

	json: support removing a value from an object
	In an upcoming patch, I need the way to safely transfer a nested
	virJSON object out of its parent container for independent use,
	even after the parent is freed.

	* src/util/virjson.h (virJSONValueObjectRemoveKey): New function.
	(_virJSONObject, _virJSONArray): Use correct type.
	* src/util/virjson.c (virJSONValueObjectRemoveKey): Implement it.
	* src/libvirt_private.syms (virjson.h): Export it.
	* tests/jsontest.c (mymain): Test it.

2013-05-13  Gene Czarcinski  <gene@czarc.net>

	Support for static routes on a virtual bridge
	network: static route support for <network>

	This patch adds the <route> subelement of <network> to define a static
	route.  the address and prefix (or netmask) attribute identify the
	destination network, and the gateway attribute specifies the next hop
	address (which must be directly reachable from the containing
	<network>) which is to receive the packets destined for
	"address/(prefix|netmask)".

	These attributes are translated into an "ip route add" command that is
	executed when the network is started. The command used is of the
	following form:

	  ip route add <address>/<prefix> via <gateway> \
	               dev <virbr-bridge> proto static metric <metric>

	Tests are done to validate that the input data are correct.  For
	example, for a static route ip definition, the address must be a
	network address and not a host address.  Additional checks are added
	to ensure that the specified gateway is directly reachable via this
	network (i.e. that the gateway IP address is in the same subnet as one
	of the IP's defined for the network).

	prefix='0' is supported for both family='ipv4' address='0.0.0.0'
	netmask='0.0.0.0' or prefix='0', and for family='ipv6' address='::',
	prefix=0', although care should be taken to not override a desired
	system default route.

	Anytime an attempt is made to define a static route which *exactly*
	duplicates an existing static route (for example, address=::,
	prefix=0, metric=1), the following error message will be sent to
	syslog:

	    RTNETLINK answers: File exists

	This can be overridden by decreasing the metric value for the route
	that should be preferred, or increasing the metric for the route that
	shouldn't be preferred (and is thus in place only in anticipation that
	the preferred route may be removed in the future).  Caution should be
	used when manipulating route metrics, especially for a default route.

	Note: The use of the command-line interface should be replaced by
	direct use of libnl so that error conditions can be handled better.  But,
	that is being left as an exercise for another day.

2013-05-13  Eric Blake  <eblake@redhat.com>

	build: avoid shadowed variable in fdstreamtest
	On RHEL 6.4 (gcc 4.4.7), I got:

	fdstreamtest.c: In function 'testFDStreamReadCommon':
	fdstreamtest.c:44: error: declaration of 'tmpfile' shadows a global declaration [-Wshadow]

	* tests/fdstreamtest.c (testFDStreamReadCommon)
	(testFDStreamWriteCommon): Rename 'tmpfile' variable.

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite useful message when creating macvlan fails
	Currently we report a bogus error message when macvlan
	creation fails:

	error: Failed to start domain migtest
	error: operation failed: Unable to create macvlan device

	With this removed, we see the real error:

	error: Failed to start domain migtest
	error: Unable to get index for interface p31p1: No such device

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove & ban use of select() for waiting for I/O
	Use of the select() system call is inherantly dangerous since
	applications will hit a buffer overrun if any FD number exceeds
	the size of the select set size (typically 1024). Replace the
	two uses of select() with poll() and use cfg.mk to ban any
	future use of select().

	NB: This changes the phyp driver so that it uses an infinite
	timeout, instead of busy-waiting for 1ms at a time.

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Add hotplug support for scsi host device
	This adds both attachment and detachment support for scsi host
	device.

2013-05-13  Jim Fehlig  <jfehlig@suse.com>

	Fix starting domains when kernel has no cgroups support
	Found that I was unable to start existing domains after updating
	to a kernel with no cgroups support

	  # zgrep CGROUP /proc/config.gz
	  # CONFIG_CGROUPS is not set
	  # virsh start test
	  error: Failed to start domain test
	  error: Unable to initialize /machine cgroup: Cannot allocate memory

	virCgroupPartitionNeedsEscaping() correctly returns errno (ENOENT) when
	attempting to open /proc/cgroups on such a system, but it was being
	dropped in virCgroupSetPartitionSuffix().

	Change virCgroupSetPartitionSuffix() to propagate errors returned by
	its callees.  Also check for ENOENT in qemuInitCgroup() when determining
	if cgroups support is available.

2013-05-13  Ján Tomko  <jtomko@redhat.com>

	.gitignore: add fchosttest

2013-05-13  Osier Yang  <jyang@redhat.com>

	qemu: Refactor helpers for USB device attachment
	It's better to put the usb related codes into qemuDomainAttachHostUsbDevice
	instead of qemuDomainAttachHostDevice.

	And in the old qemuDomainAttachHostDevice, just stealing the "usb" from
	driver->activeUsbHostdevs leaks the memory.

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Escaping leading '.' in cgroup names
	Escaping a leading '.' with '_' in the cgroup names

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Introduce activeScsiHostdevs list for scsi host devices
	Although virtio-scsi supports SCSI PR (Persistent Reservations),
	the device on host may do not support it. To avoid losing data,
	Just like PCI and USB pass through devices, only one live guest
	is allowed per SCSI host pass through device."

2013-05-13  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vbox/*

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Support NBD backed disks/filesystems in LXC driver
	The LXC driver can already configure <disk> or <filesystem>
	devices to use the loop device. This extends it to also allow
	for use of the NBD device, to support non-raw formats.

	Add 'nbd' as a valid filesystem driver type
	The <filesystem> element can now accept a <driver type='nbd'/>
	as an alternative to 'loop'. The benefit of NBD is support
	for non-raw disk image formats.

	Add a helper API for setting up a NBD device with qemu-nbd
	Add a virFileNBDDeviceAssociate method, which given a filename
	will setup a NBD device, using qemu-nbd as the server.

	Fix error handling of readdir() in virFileLoopDeviceOpen
	To correctly handle errors from readdir() you must set 'errno'
	to zero before invoking it & check its value afterwards to
	distinguish error from EOF.

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Re-arrange code setting up ifs/disk loop devices for LXC
	The current code for setting up loop devices to LXC disks first
	does a switch() based on the disk format, then looks at the
	disk driver name. Reverse this so it first looks at the driver
	name, and then the disk format. This is more useful since the
	list of supported disk formats depends on what driver is used.

	The code for setting loop devices for LXC fs entries also needs
	to have the same logic added, now the XML schema supports this.

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Add support for storage format in FS <driver>
	Extend the <driver> element in filesystem devices to
	allow a storage format to be set. The new attribute
	uses 'format' to reflect the storage format. This is
	different from the <driver> element in disk devices
	which use 'type' to reflect the storage format. This
	is because the 'type' attribute on filesystem devices
	is already used for the driver backend, for which the
	disk devices use the 'name' attribute. Arggggh.

	Anyway for disks we have

	   <driver name="qemu" type="raw"/>

	And for filesystems this change means we now have

	   <driver type="loop" format="raw"/>

2013-05-13  Michal Privoznik  <mprivozn@redhat.com>

	security_apparmor.c: Include virscsi.h
	After introducing AppArmorSetSecuritySCSILabel() in 2691cd5f
	we are using virSCSIDevicePtr type without proper include.

2013-05-13  Osier Yang  <jyang@redhat.com>

	security: Manage the security label for scsi host device
	To not introduce more redundant code, helpers are added for
	both "selinux", "dac", and "apparmor" backends.


	v2.5 - v3:
	  * Splitted from 8/10 of v2.5
	  * Don't forget the other backends (DAC, and apparmor)

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Allow the scsi-generic device in cgroup
	This adds the scsi-generic device into the device controller's
	whitelist, so that it's allowed to used by the qemu process.

2013-05-13  Osier Yang  <jyang@redhat.com>

	qemu: Support bootindex for scsi host device

2013-05-13  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about cgroups layout and usage
	Describe the new cgroups layout, how to customize placement
	of guests and what virsh commands are used to access the
	parameters.

2013-05-13  Osier Yang  <jyang@redhat.com>

	Introduce <readonly> for hostdev
	Since it's generic enough to be used by other types in future, I
	put it in <hostdev> as sub-element, though now it's only used by
	scsi host device.

	rng: Interleave hostdev elements

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	qemu: Build qemu command line for scsi host device
	Except the scsi host device's controller is "lsilogic", mapping
	between the libvirt attributes and scsi-generic properties is:

	  libvirt     qemu
	-----------------------------------------
	  controller  bus ($libvirt_controller.0)
	  bus         channel
	  target      scsi-id
	  unit        lun

	For scsi host device with "lsilogic" controller, the mapping is:
	('target (libvirt)' must be 0, as it's not used; 'unit (libvirt)
	must <= 7).

	  libvirt            qemu
	----------------------------------------------------------
	  controller && bus  bus ($libvirt_controller.$libvirt_bus)
	  unit               scsi-id

	It's not good to hardcode/hard-check limits of these attributes,
	and even worse, these limits are not documented, one has to find
	out by either testing or reading the qemu code, I'm looking forward
	to qemu expose limits like these one day). For example, exposing
	"max_target", "max_lun" for megasas:

	static const struct SCSIBusInfo megasas_scsi_info = {
	    .tcq = true,
	    .max_target = MFI_MAX_LD,
	    .max_lun = 255,

	    .transfer_data = megasas_xfer_complete,
	    .get_sg_list = megasas_get_sg_list,
	    .complete = megasas_command_complete,
	    .cancel = megasas_command_cancel,
	};

	Example of the qemu command line (lsilogic controller):

	  -drive file=/dev/sg2,if=none,id=drive-hostdev-scsi_host7-0-0-0 \
	  -device scsi-generic,bus=scsi0.0,scsi-id=8,\
	  drive=drive-hostdev-scsi_host7-0-0-0,id=hostdev-scsi_host7-0-0-0

	Example of the qemu command line (virtio-scsi controller):

	  -drive file=/dev/sg2,if=none,id=drive-hostdev-scsi_host7-0-0-0 \
	  -device scsi-generic,bus=scsi0.0,channel=0,scsi-id=128,lun=128,\
	  drive=drive-hostdev-scsi_host7-0-0-0,id=hostdev-scsi_host7-0-0-0

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	utils: util functions for scsi hostdev
	This patch adds util functions for scsi hostdev.

	qemu: New cap flags for scsi-generic
	Adding two cap flags for scsi-generic:
	  QEMU_CAPS_SCSI_GENERIC
	  QEMU_CAPS_SCSI_GENERIC_BOOTINDEX

2013-05-13  Osier Yang  <jyang@redhat.com>

	node_device: Clean up unused macros
	All of these macros are now unused, so remove.

2013-05-13  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	conf: Generic XMLs for scsi hostdev
	An example of the scsi hostdev XML:

	    <hostdev mode='subsystem' type='scsi'>
	      <source>
	        <adapter name='scsi_host0'/>
	        <address bus='0' target='0' unit='0'/>
	      </source>
	      <address type='drive' controller='0' bus='0' target='4' unit='8'/>
	    </hostdev>

	Controller is implicitly added for scsi hostdev, though the scsi
	controller's model defaults to "lsilogic", which might be not what
	the user wants (same problem exists for virtio-scsi disk). It's
	the existing problem, will be addressed later.

	The device address must be specified manually. Later patch will let
	libvirt generate it automatically.

	This only introduces the generic XMLs for scsi hostdev, later patches
	will add other elements, e.g. <readonly>, <shareable>.

2013-05-13  Osier Yang  <jyang@redhat.com>

	tests: Add tests for fc_host
	Since the NPIV machine is not easy to get, it's very likely to
	introduce regressions when doing changes on the existing code.
	This patch dumps part of the sysfs files (the necessary ones)
	of fc_host as test input data, to test the related util functions.
	It could be extended for more fc_host related testing in future.

	util: Honor the passed sysfs_prefix
	The helper works for default sysfs_prefix, but for user specified
	prefix, it doesn't work. (Detected when writing test cases. A later
	patch will add the test cases for fc_host).

	util: Update the comment for virGetFCHostNameByWWN
	The returned result is something like "host5" acutally.

	util: Change virIsCapable* to return bool
	Function name with "aIsB" generally means its return value is
	in Bi-state (true/false).

	util: Don't miss the slash in constructed path
	In case of the caller can pass a "prefix" (or "sysfs_prefix")
	without the trailing slash, and Unix-Like system always eats
	up the redundant "slash" in the filepath, let's add it explicitly.

	util: Fix regression introduced by commit 4360a098441
	Which refactored the old code, and introduced new helper
	virIsCapableVport, but the path for checking with access() is not
	correctly constructed.

2013-05-13  Osier Yang  <jyang@redhat.com>

	util: Fix regression of wwn reading
	Introduced by commit 244ce462e29, which refactored the helper for wwn
	reading, however, it forgot to change the old "strndup" and "sizeof(buf)",
	"sizeof(buf)" operates on the fixed length array ("buf") in the old code,
	but now "buf" is a pointer.

	Before the fix:

	% virsh nodedev-dumpxml scsi_host5
	<device>
	  <name>scsi_host5</name>
	  <parent>pci_0000_04_00_1</parent>
	  <capability type='scsi_host'>
	    <host>5</host>
	    <capability type='fc_host'>
	      <wwnn>2001001b</wwnn>
	      <wwpn>2101001b</wwpn>
	      <fabric_wwn>2001000d</fabric_wwn>
	    </capability>
	  </capability>
	</device>

	With the fix:

	% virsh nodedev-dumpxml scsi_host5
	<device>
	  <name>scsi_host5</name>
	  <parent>pci_0000_04_00_1</parent>
	  <capability type='scsi_host'>
	    <host>5</host>
	    <capability type='fc_host'>
	      <wwnn>0x2001001b32a9da4e</wwnn>
	      <wwpn>0x2101001b32a9da4e</wwpn>
	      <fabric_wwn>0x2001000dec9877c1</fabric_wwn>
	    </capability>
	  </capability>
	</device>

2013-05-11  Eric Blake  <eblake@redhat.com>

	build: fix use of mmap
	Commit bfe7721d introduced a regression, but only on platforms
	like FreeBSD that lack posix_fallocate and where mmap serves as
	a nice fallback for safezero.

	util/virfile.c: In function 'safezero':
	util/virfile.c:837: error: 'PROT_READ' undeclared (first use in this function)

	* src/util/virutil.c (includes): Move use of <sys/mman.h>...
	* src/util/virfile.c (includes): ...to the file that uses mmap.

2013-05-11  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib, for syntax-check
	This picks up a fix for a syntax-check weakness mentioned here:
	https://www.redhat.com/archives/libvir-list/2013-May/msg00811.html

	* .gnulib: Update to latest, for maint.mk improvement.

2013-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Update hellolibvirt to demo virGetLastErrorMessage()
	Update the hellolibvirt example program to demonstrate use of
	the virGetLastErrorMessage() API for quick error reporting

	Add a test case for the fdstream file read/write code
	Add a test case which exercises the virFDStreamOpenFile
	and virFDStreamCreateFile methods. Ensure that both the
	synchronous and non-blocking iohelper code paths work.
	This validates the regression recently fixed which
	broke reading in non-blocking mode

	Allow the iohelper path to be customized by test programs
	Currently the fdstream function hardcodes the location
	of the iohelper to LIBEXECDIR "/libvirt_iohelper". This
	is not convenient when trying to write test cases which
	use this code. Add a virFDStreamSetIOHelper method to
	allow the test cases to point to the location of the
	un-installed iohelper binary.

2013-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Add a virGetLastErrorMessage() function
	Apps using libvirt will often have code like

	   if (virXXXX() < 0) {
	      virErrorPtr err = virGetLastError();
	      fprintf(stderr, "Something failed: %s\n",
	              err && err->message ? err->message :
	              "unknown error");
	      return -1;
	   }

	Checking for a NULL error object or message leads to very
	verbose code. A virGetLastErrorMessage() helper from libvirt
	can simplify this to

	   if (virXXXX() < 0) {
	      fprintf(stderr, "Something failed: %s\n",
	              virGetLastErrorMessage());
	      return -1;
	   }

2013-05-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix iohelper usage with streams opened for read
	In b2878ed860ceceec3cd6481424fed0b543b687cd we added the O_NOCTTY
	flag when opening files in the stream code. Unfortunately a later
	piece of code was comparing the flags == O_RDONLY, without masking
	out the non-access mode flags. This broke the iohelper when used
	with streams for read, since it caused us to attach the stream
	output pipe to the stream input FD instead of output FD :-(

	Cope with missing swap cgroup controls
	It is possible to build a kernel without swap cgroup controls
	present. This causes a fatal error when querying memory
	parameters. Treat missing swap controls as meaning "unlimited".
	The fatal error remains if the user tries to actually change
	the limit.

2013-05-10  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	portability: fix virNetDevSetMAC and virNetDevExists on BSD
	- provide virNetDevSetMAC() implementation based on SIOCSIFLLADDR
	  ioctl.
	- adjust virNetDevExists() to check for ENXIO error because
	  FreeBSD throws it when device doesn't exist

2013-05-10  Laine Stump  <laine@laine.org>

	util: move virFile* functions from virutil.c to virfile.c
	These all existed before virfile.c was created, and for some reason
	weren't moved.

	This is mostly straightfoward, although the syntax rule prohibiting
	write() had to be changed to have an exception for virfile.c instead
	of virutil.c.

	This movement pointed out that there is a function called
	virBuildPath(), and another almost identical function called
	virFileBuildPath(). They really should be a single function, which
	I'll take care of as soon as I figure out what the arglist should look
	like.

2013-05-10  Laine Stump  <laine@laine.org>

	util: fix virFileOpenAs return value and resulting error logs
	This resolves:

	     https://bugzilla.redhat.com/show_bug.cgi?id=851411
	     https://bugzilla.redhat.com/show_bug.cgi?id=955500

	The first problem was that virFileOpenAs was returning fd (-1) in one
	of the error cases rather than ret (-errno), so the caller thought
	that the error was EPERM rather than ENOENT.

	The second problem was that some log messages in the general purpose
	qemuOpenFile() function would always say "Failed to create" even if
	the caller hadn't included O_CREAT (i.e. they were trying to open an
	existing file).

	This fixes virFileOpenAs to jump down to the error return (which
	returns ret instead of fd) in the previously mentioned incorrect
	failure case of virFileOpenAs(), removes all error logging from
	virFileOpenAs() (since the callers report it), and modifies
	qemuOpenFile to appropriately use "open" or "create" in its log
	messages.

	NB: I seriously considered removing logging from all callers of
	virFileOpenAs(), but there is at least one case where the caller
	doesn't want virFileOpenAs() to log any errors, because it's just
	going to try again (qemuOpenFile()). We can't simply make a silent
	variation of virFileOpenAs() though, because qemuOpenFile() can't make
	the decision about whether or not it wants to retry until after
	virFileOpenAs() has already returned an error code.

	Likewise, I also considered changing virFileOpenAs() to return -1 with
	errno set on return, and may still do that, but only as a separate
	patch, as it obscures the intent of this patch too much.

2013-05-10  John Ferlan  <jferlan@redhat.com>

	Build breaker - requires VIR_FROM_THIS

2013-05-10  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/test/*

	virGetStorageVol: Don't ignore NULL pool name
	The function takes pool name as argument. However,
	it is not acceptable for it to be NULL. Hence, we
	should check it and report error in case it is.

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in tests/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/storage/*

2013-05-10  Jesse J. Cook  <jesse.j.cook@member.fsf.org>

	dom event example: Add error check to impl call
	Added error checking to virEventRegisterDefaultImpl call for consistency.

2013-05-10  Jesse J. Cook  <jesse.j.cook@member.fsf.org>

	dom event example: init before register event impl
	In the domain-events example C code virEventRegisterDefaultImpl was being
	called before virConnectOpen without first calling virInitialize. While this
	code worked, it is incorrect. Adding a call to g_string_new prior to the call
	to virEventRegisterDefaultImpl would cause the code to break. This fix will
	help avoid unintentional misue of the API.

	Relates to: Ret Hat Bugzilla - Bug 961155

2013-05-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix typo in error message in ABI stability check
	s/vpu/vCPU/

2013-05-09  Eric Blake  <eblake@redhat.com>

	tests: use portable shell code
	'make check' fails since commit 470d5c46 on any system with dash
	as /bin/sh, because '<<<' is a bash extension.  For example:

	nwfilterschematest: 23: /home/eblake/libvirt/tests/schematestutils.sh: Syntax error: redirection unexpected

	Also, there is no need to spawn a grep process when shell globbing
	can do the same.

	* tests/schematestutils.sh: Replace bashism and subprocess with a
	faster and portable construct.

2013-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Replace 'goto clean' with 'goto cleanup' in apparmor code
	Some of the apparmor code files did not follow the normal
	goto label naming pratices

	Replace list of driver source files with variables
	Update the DRIVER_SOURCE_FILES variable to reference the
	other various XXX_SOURCES variables, instead of duplicating
	the filename lists. This results in a bunch of extra files
	being processed, but the test scripts can easily skip those

	Fix naming of methods in ESX storage backends to follow public APIs
	The previous update of method naming missed the ESX storage
	backend files. Update them is that the driver impl methods
	follow the naming of the public API but with s/vir/esx/

	Skip virNWFilterTechDriver when validating API naming
	The virNWFilterTechDriver struct is an internal only driver
	API with no public API equivalent. It should be skipped by
	the 'check-driverimpls' test case

	Replace 'goto cleanup' with 'goto error' in udev interface driver
	Some methods in the udev interface driver used 'cleanup' as the
	label for separate error codepaths. Change these to use 'error'
	as required by coding standards

	Replace 'goto err' with 'goto cleanup' in udev interface driver
	The udev interface driver did not follow standard naming
	convention for goto labels.

	Disable some URI tests on older libxml2
	Older versions of libxml2 could not correctly parse certain
	URIs. This causes test failures. There's nothing libvirt can
	do about this, so disable the problem tests on old libxml2
	versions

	Fix build of python bindings on Python 2.4
	The PyDict_Next method on Python <= 2.4 used 'int' instead
	of "Py_ssize_t" for the 'pos' parameter

2013-05-09  Jim Fehlig  <jfehlig@suse.com>

	build: fix build with old polkit0
	Commit 979e9c56 missed one case of providing the timestamp
	parameter to virNetServerClientGetUNIXIdentity() when WITH_POLKIT0
	is defined.

2013-05-09  Ján Tomko  <jtomko@redhat.com>

	conf: don't crash on a tpm device with no backends
	Print an error instead of crashing when a TPM device without
	a backend is specified.

	Add a test for tpm device with no backend, which should fail
	with a parse error.

	https://bugzilla.redhat.com/show_bug.cgi?id=961252

2013-05-09  Ján Tomko  <jtomko@redhat.com>

	tests: files named '.*-invalid.xml' should fail validation
	Currently, using an invalid XML in tests fails, because
	the schema test expects all of them to be valid.

	Treat files with -invalid.xml suffix as invalid and expect
	them to fail validation.

2013-05-09  Ján Tomko  <jtomko@redhat.com>

	don't mention disk controllers in generic controller errors
	The controller element supports non-disk controller types too.

	https://bugzilla.redhat.com/show_bug.cgi?id=960958

2013-05-09  Ján Tomko  <jtomko@redhat.com>

	iscsi: don't leak portal string when starting a pool

2013-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Simplify the Xen domain stats/peek / node memory driver methods
	Make the Xen domain stats / peek and node memory driver
	methods unconditionally call the sub-drivers which are
	guaranteed to be open.

	Simplify the Xen domain autostart driver method
	Unconditionally call into the XenD or XM drivers for autostart
	handling, since they are guaranteed to be open

	Simplify the Xen domain scheduler parameter driver methods
	Make the Xen domain scheduler parameter methods directly
	call into XenD or Xen hypervisor drivers

	Simplify the Xen domain attach/dettach driver methods
	Make the domain attach/dettach driver methods directly call
	into either the XenD or XM drivers

	Simplify the Xen domain define/undefine driver methods
	Make the domain define/undefine driver methods directly call
	into either the XenD or XM drivers

	Simplify the Xen domain start driver method
	Directly call either the XenD or XM driver when starting
	a persistent domain

	Simplify the Xen driver define domain driver methods
	Directly call either XenD or the XM driver for handling
	domain define operations.

	Simplify the Xen domain migration driver methods
	All the migration code is done by the XenD subdriver which
	can be assumed to always be present

	Simplify the Xen domain get XML driver method
	The xenUnifiedDomainGetXMLDesc driver can assume that
	the XM and XenD drivers are always present

	Simplify the Xen domain VCPU driver methods

	Simplify the Xen domain save/restore driver methods
	Unconditionally call the XenD APIs for save/restore, since that
	driver will always be open.

	Simplify the Xen domain get info/state driver methods
	Make the xenUnifiedDomainGetInfo and xenUnifiedDomainGetState drivers
	call the correct sub-driver APIs directly.

	Simplify the Xen domain get/set (max) memory driver methods
	Simplify the Xen memory limit driver methods to directly call
	the most appropriate sub-driver

	Remove Xen get hostname driver method
	The xenGetHostname entry point in the xenUnifiedDriver table
	was unused.

	Simplify the Xen domain get OS type driver method
	Make xenUnifiedDomainGetOSType directly call either the
	xenHypervisorDomainGetOSType or xenDaemonDomainGetOSType
	method depending on whether the domain is active or not.

	Simplify the Xen domain destroy driver method
	Unconditionally call the xenDaemonDomainDestroyFlags API
	since the XenD driver is always available.

	Simplify the Xen domain shutdown/reboot driver methods
	Make the xenUnifiedDomainShutdownFlags and xenUnifiedDomainReboot
	driver methods unconditionally call the XenD APIs for shutdown
	and reboot. Delete the unreachable impls in the XenStore driver.

	Simplify the Xen domain suspend/resume driver methods
	Update xenUnifiedDomainSuspend and xenUnifiedDomainResume to
	unconditionally invoke the XenD APIs for suspend/resume. Delete
	the impls in the hypervisor driver which was unreachable.

	Simplify the Xen domain is persistent driver method
	Unconditionally call xenDaemonLookupByUUID, since the XenD
	driver must always be present.

	Simplify the Xen domain lookup driver methods
	Unconditionally invoke the xenHypervisorLookupDomainByID,
	xenHypervisorLookupDomainByUUID or xenDaemonLookupByName
	for looking up domains. Fallback to xenXMDomainLookupByUUID
	and xenXMDomainLookupByName for legacy XenD without inactive
	domain support

	Simplify the Xen domain create driver method
	Unconditionally call xenDaemonCreateXML in the
	xenUnifiedDomainCreateXML driver, since the XenD
	driver is always present.

	Simplify the Xen count/list domains driver methods
	The XenStore driver is mandatory, so it can be used unconditonally
	for the xenUnifiedConnectListDomains & xenUnifiedConnectNumOfDomains
	drivers. Delete the unused XenD and Hypervisor driver code for
	listing / counting domains

	Simplify the Xen get max vcpus / node get info driver methods
	Unconditionally call into xenHypervisorGetMaxVcpus and
	xenDaemonNodeGetInfo respectively, since those drivers
	are both mandatory

	Simplify the Xen get version driver method
	The hypervisor driver is mandatory, so the the call to
	xenHypervisorGetVersion must always succeed. Thus there
	is no need to ever run xenDaemonGetVersion

	Simplify the Xen get type driver method
	There is no point iterating over sub-drivers since the user
	would not have a virConnectPtr instance at all if opening
	the drivers failed. Just return 'Xen' immediately.

	Simplify opening of Xen drivers
	Since the Xen driver was changed to only execute inside libvirtd,
	there is no scenario in which it will be opened from a non-privileged
	context. Thus all the code dealing with opening the sub-drivers can
	be simplified to assume that they are always privileged.

	Remove pointless GET_PRIVATE macro from Xen driver
	The Xen driver uses a macro GET_PRIVATE as a supposed shorthand
	for 'xenUnifiedPrivatePtr priv = (xenUnifiedPrivatePtr) (conn)->privateData'.
	It does not in fact save any lines of code, and obscures what is
	happening. Remove it, since it adds no value.

	Remove VIR_CONNECT_RO checks from xen drivers
	Some of the Xen sub-drivers have checks against the
	VIR_CONNECT_RO flag. This is not required, since such
	checks are done at the top level before the driver
	methods are invoked

	Remove xen driver checks for priv->handle < 0
	The Xen hypervisor driver checks for 'priv->handle < 0' and
	returns -1, but without raising any error. Fortunately this
	code will never be executed, since the main Xen driver always
	checks 'priv->opened[XEN_UNIFIED_HYPERVISOR_OFFSET]' prior
	to invoking any hypervisor API. Just remove the redundant
	checks for priv->handle

2013-05-09  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmx/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/vmware/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/uml/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/secret/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/phyp/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/parallels/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/nwfilter/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/interface/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/node_device/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/network/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/lxc/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/locking/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/libxl/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/hyperv/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/esx/*

	Adapt to VIR_STRDUP and VIR_STRNDUP in src/cpu/*

2013-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Delete udevFreeIfaceDef function in udev interface driver
	The udevFreeIfaceDef function in the udev interface driver
	just duplicates code from virInterfaceDefFree. Delete it
	and call the standard API instead.

	Fix the udevGetIfaceDefVlan method so that it doesn't
	store pointers to the middle of a malloc'd memory
	area.

2013-05-09  Osier Yang  <jyang@redhat.com>

	libvirt.c: Fix the indention
	Pushed under trivial rule

	conf: Remove the unrelated comment
	Pushed under trivial rule.

2013-05-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Among others, this fixes a cosmetic bug where bootstrap stated:

	./bootstrap: Bootstrapping from checked-out http://libvirt.org sources...

	instead of the intended:

	./bootstrap: Bootstrapping from checked-out libvirt sources...

	* .gnulib: Update to latest, for bootstrap improvement.
	* bootstrap: Resync from gnulib.

2013-05-08  John Ferlan  <jferlan@redhat.com>

	virsh: Resolve Coverity 'MISSING_BREAK'
	Recent commit '53531e16' resulted in a new Coverity warning regarding
	a missing break in the ':' options processing. Adjust the commit to
	avoid the issue.

	lxc: Coverity false positive USE_AFTER_FREE

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Unmerge attach/update/modify device APIs in drivers
	The LXC, QEMU, and LibXL drivers have all merged their handling of
	the attach/update/modify device APIs into one large

	  'xxxxDomainModifyDeviceFlags'

	which then does a 'switch()' based on the actual API being invoked.
	While this saves some lines of code, it is not really all that
	significant in the context of the driver API impls as a whole.

	This merger of the handling of different APIs creates pain when
	wanting to automated analysis of the code and do things which
	are specific to individual APIs. The slight duplication of code
	from unmerged the API impls, is preferrable to allow for easier
	automated analysis.

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Pull parsing of migration xml up into QEMU driver APIs
	Currently the parsing of XML is pushed down into the various
	migration helper APIs. This makes it difficult to insert the
	correct access control checks, since one helper API services
	many public APIs. Pull the parsing of XML up to the top level
	of the QEMU driver APIs

	Don't allow renaming of domains by the backdoor
	Several APIs allow for custom XML to be passed in. This is
	checked for ABI stability, which will ensure the UUID is
	not being changed. There isn't validation that the name
	did not change though. This could allow renaming of guests
	via the backdoor, which in turn could allow for bypassing
	access control restrictions based on names.

	Fix naming of some node device APIs
	In renaming driver API implementations to match the
	public API naming scheme, a few cases in the node
	device driver were missed.

	Separate internal node suspend APIs from public API
	The individual hypervisor drivers were directly referencing
	APIs in virnodesuspend.c in their virDriverPtr struct. Separate
	these methods, so there is always a wrapper in the hypervisor
	driver. This allows the unused virConnectPtr args to be removed
	from the virnodesuspend.c file. Again this will ensure that
	ACL checks will only be performed on invocations that are
	directly associated with public API usage.

	Separate internal node device APIs from public API
	The individual hypervisor drivers were directly referencing
	APIs in src/nodeinfo.c in their virDriverPtr struct. Separate
	these methods, so there is always a wrapper in the hypervisor
	driver. This allows the unused virConnectPtr args to be
	removed from the nodeinfo.c file. Again this will ensure that
	ACL checks will only be performed on invocations that are
	directly associated with public API usage.

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Separate virGetHostname() API contract from driver APIs
	Currently the virGetHostname() API has a bogus virConnectPtr
	parameter. This is because virtualization drivers directly
	reference this API in their virDriverPtr tables, tieing its
	API design to the public virConnectGetHostname API design.

	This also causes problems for access control checks since
	these must only be done for invocations from the public
	API, not internal invocation.

	Remove the bogus virConnectPtr parameter, and make each
	hypervisor driver provide a dedicated function for the
	driver API impl. This will allow access control checks
	to be easily inserted later.

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Include process start time when doing polkit checks
	Since PIDs can be reused, polkit prefers to be given
	a (PID,start time) pair. If given a PID on its own,
	it will attempt to lookup the start time in /proc/pid/stat,
	though this is subject to races.

	It is safer if the client app resolves the PID start
	time itself, because as long as the app has the client
	socket open, the client PID won't be reused.

2013-05-08  Daniel P. Berrange  <berrange@redhat.com>

	Rename "security context" to "selinux context"
	There are various methods named "virXXXXSecurityContext",
	which are specific to SELinux. Rename them all to
	"virXXXXSELinuxContext". They will still raise errors at
	runtime if SELinux is not compiled in

	Fix possible undefined value in check-symsorting.pl
	It is possible for $line to be undefined at first used, if
	the symfile doesn't have a section prefix (which is the case
	for auto-generated symfiles).

2013-05-08  Osier Yang  <jyang@redhat.com>

	storage: Skip inactive lv volumes
	If the volume is of a clustered volume group, and not active, the
	related pool APIs fails on opening /dev/vg/lv. If the volume is
	suspended, it hangs on open(2) the volume.

	Though the best solution is to expose the volume status in volume
	XML, and even better to provide API to activate/deactivate the volume,
	but it's not the work I want to touch currently. Volume status in
	other status is just fine to skip.

	About the 5th field of lv_attr (from man lvs[8])
	<quote>
	 5 State: (a)ctive, (s)uspended, (I)nvalid snapshot, invalid
	   (S)uspended snapshot, snapshot (m)erge failed,suspended
	   snapshot (M)erge failed, mapped (d)evice present without
	   tables,  mapped device present with (i)nactive table
	</quote>

2013-05-07  Eric Blake  <eblake@redhat.com>

	string: make VIR_STRDUP easier to use
	While reviewing proposed VIR_STRDUP conversions, I've already noticed
	several places that do:

	if (str && VIR_STRDUP(dest, str) < 0)

	which can be simplified by allowing str to be NULL (something that
	strdup() doesn't allow).  Meanwhile, code that wants to ensure a
	non-NULL dest regardless of the source can check for <= 0.

	Also, make it part of the VIR_STRDUP contract that macro arguments
	are evaluated exactly once.

	* src/util/virstring.h (VIR_STRDUP, VIR_STRDUP_QUIET, VIR_STRNDUP)
	(VIR_STRNDUP_QUIET): Improve contract.
	* src/util/virstring.c (virStrdup, virStrndup): Change return
	conventions.
	* docs/hacking.html.in: Document this.
	* HACKING: Regenerate.

2013-05-07  Eric Blake  <eblake@redhat.com>

	alloc: make VIR_APPEND_ELEMENT safer
	VIR_APPEND_ELEMENT(array, size, elem) was not safe if the expression
	for 'size' had side effects.  While no one in the current code base
	was trying to pass side effects, we might as well be robust and
	explicitly document our intentions.

	* src/util/viralloc.c (virInsertElementsN): Add special case.
	* src/util/viralloc.h (VIR_APPEND_ELEMENT): Use it.
	(VIR_ALLOC, VIR_ALLOC_N, VIR_REALLOC_N, VIR_EXPAND_N)
	(VIR_RESIZE_N, VIR_SHRINK_N, VIR_INSERT_ELEMENT)
	(VIR_DELETE_ELEMENT, VIR_ALLOC_VAR, VIR_FREE): Document
	which macros are safe in the presence of side effects.
	* docs/hacking.html.in: Document this.
	* HACKING: Regenerate.

2013-05-07  Ján Tomko  <jtomko@redhat.com>

	syntax-check: forbid virBufferAsprintf with string literals

	get rid of virBufferAsprintf where possible
	Use virBufferAddLit or virBufferAddChar instead.

2013-05-07  Laine Stump  <laine@laine.org>

	qemu: allocate network connections sooner during domain startup
	VFIO device assignment requires a cgroup ACL to be setup for access to
	the /dev/vfio/nn "group" device for any devices that will be assigned
	to a guest. In the case of a host device that is allocated from a
	pool, it was being allocated during qemuBuildCommandLine(), which is
	called by qemuProcessStart() *after* the all-encompassing
	qemuSetupCgroup() was called, meaning that the standard Cgroup ACL
	setup wasn't creating ACLs for these devices allocated from pools.

	One possible solution was to manually add a single ACL down inside
	qemuBuildCommandLine() when networkAllocateActualDevice() is called,
	but that has two problems: 1) the function that adds the cgroup ACL
	requires a virDomainObjPtr, which isn't available in
	qemuBuildCommandLine(), and 2) we really shouldn't be doing network
	device setup inside qemuBuildCommandLine() anyway.

	Instead, I've created a new function called
	qemuNetworkPrepareDevices() which is called just before
	qemuPrepareHostDevices() during qemuProcessStart() (explanation of
	ordering in the comments), i.e. well before the call to
	qemuSetupCgroup(). To minimize code churn in a patch that will be
	backported to 1.0.5-maint, qemuNetworkPrepareDevices only does
	networkAllocateActualDevice() and the bare amount of setup required
	for type='hostdev network devices, but it eventually should do *all*
	device setup for guest network devices.

	Note that some of the code that was previously needed in
	qemuBuildCommandLine() is no longer required when
	networkAllocateActualDevice() is called earlier:

	 * qemuAssignDeviceHostdevAlias() is already done further down in
	   qemuProcessStart().

	 * qemuPrepareHostdevPCIDevices() is called by
	   qemuPrepareHostDevices() which is called after
	   qemuNetworkPrepareDevices() in qemuProcessStart().

	As hinted above, this new function should be moved into a separate
	qemu_network.c (or similarly named) file along with
	qemuPhysIfaceConnect(), qemuNetworkIfaceConnect(), and
	qemuOpenVhostNet(), and expanded to call those functions as well, then
	the nnets loop in qemuBuildCommandLine() should be reduced to only
	build the commandline string (which itself can be in a separate
	qemuInterfaceBuilldCommandLine() function as suggested by
	Michal). However, this will require storing away an array of tapfd and
	vhostfd that are needed for the commandline, so I would rather do that
	in a separate patch and leave this patch at the minimum to fix the
	bug.

2013-05-07  Daniel P. Berrange  <berrange@redhat.com>

	Ensure stub todo.html.in file is HTML5
	If no todo.cfg is present, make sure the stub is in HTML5
	format and clearly states that the config was not available

	Point users to Virt-Viewer MSI installers for Windows builds
	The Windows port page currently links to pre-built libvirt
	DLLs for release 0.8.8 which are 2 years old now. Until we
	can reliably produce official Windows installers, point
	people to the virt-viewer MSI installers instead which
	include the libvirt DLLs.

2013-05-07  Boris Fiuczynski  <fiuczy@linux.vnet.ibm.com>

	qemu: Enable the capability bit for -no-kvm-pit-reinjection on x86 only
	On architectures not supporting the Intel specific programmable interval
	timer, like e.g. S390, starting a domain with a clock definition containing
	a pit timer results in the error "Option no-kvm-pit-reinjection not supported
	for this target".

	By moving the capability enablement for -no-kvm-pit-reinjection from the
	InitQMPBasic section into the x86_64 and i686 only enablement section all
	other architectures are no longer automatically enabled. In addition
	architecture related capabilities enablements have refactored into a new
	architecture bound capabilities initialization function.

2013-05-07  Daniel Hansel  <daniel.hansel@linux.vnet.ibm.com>

	rpc: message related sizes enlarged
	We have seen an issue on s390x platform where domain XMLs larger than 1MB
	were used. The define command was finished successfully. The dumpxml command
	was not successful (i.e. could not encode message payload).

	Enlarged message related sizes (e.g. maximum string size, message size, etc.)
	to handle larger system configurations used on s390x platform.

	To improve handling of the RPC message size the allocation during encode process
	is changed to a dynamic one (i.e. starting with 64kB initial size and increasing
	that size in steps up to 16MB if the payload data is larger).

2013-05-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix namespace bugs in API docs, todo page & hv support page
	The XSL for generating the API docs was missing the HTML5
	namespace declarations. The todo and hvsupport scripts were
	also missing the HTML5 doctype / namespace declaration.

2013-05-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Do fake auto-allocation of ports when generating native command
	When attempting to generate the native command line from an XML file
	that uses graphics port auto allocation, the generated commandline
	wouldn't be valid.

	This patch adds fake autoallocation of ports as done when starting the
	actual machine.

2013-05-06  Eric Blake  <eblake@redhat.com>

	spec: proper soft static allocation of qemu uid
	https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a
	problem that occurs if uid 107 is already in use at the time
	libvirt is first installed.  In response that problem, Fedora
	packaging guidelines were recently updated.  This fixes the
	spec file to comply with the new guidelines:
	https://fedoraproject.org/wiki/Packaging:UsersAndGroups

	* libvirt.spec.in (daemon): Follow updated Fedora guidelines.

2013-05-06  Eric Blake  <eblake@redhat.com>

	build: clean up stray files found by 'make distcheck'
	'make distcheck' complained:

	ERROR: files left in build directory after distclean:
	./python/libvirt.pyc
	./tests/commandhelper.log

	Problems introduced in commits f015495 and 25ea8e4 (both v1.0.3).

	* tests/commandtest.c (test21): Check (and clean) log file.
	* tests/commanddata/test21.log: New file.
	* python/Makefile.am (CLEANFILES): Clean up compiled python files.

2013-05-06  Eric Blake  <eblake@redhat.com>

	build: always include libvirt_lxc.syms in tarball
	On a mingw build, 'make distcheck' fails with:

	  GEN      libvirt_qemu.def
	make[3]: *** No rule to make target `../../src/libvirt_lxc.syms', needed by `libvirt_lxc.def'.  Stop.

	I traced it to a missing entry in EXTRA_DIST.  But rather than keep
	the entire list in sync, it is easier to list the three syms files
	that drive .so files directly, and then reuse existing makefile
	variables for the remaining files (that is, I validated that all
	remaining files are added to SYM_FILES, possibly via USED_SYM_FILES,
	according to makefile conditionals).

	Problem introduced in commit 3d1596b (v1.0.2).

	* src/Makefile.am (EXTRA_DIST): Ensure all syms files are shipped.

2013-05-05  Michal Privoznik  <mprivozn@redhat.com>

	Adapt to VIR_STRDUP and VIR_STRNDUP in daemon/*

	virstring: Introduce VIR_STRDUP and VIR_STRNDUP
	The code adaptation is not done right now, but in subsequent patches.
	Hence I am not implementing syntax-check rule as it would break
	compilation. Developers are strongly advised to use these new macros.
	They are similar to VIR_ALLOC() logic: VIR_STRDUP(dst, src) returns zero
	on success, -1 otherwise. In case you don't want to report OOM error,
	use the _QUIET variant of a macro.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix a few more docs XSL bugs related to the TOC
	Add missing 'html:' namespace prefix to a few more XSL
	rules for generating the table of contents links

2013-05-03  Laine Stump  <laine@laine.org>

	qemu: fix stupid typos in VFIO cgroup setup/teardown
	I must have looked at this a couple dozen times before I noticed it
	had "!=" instead of "==". Not doing this setup prevented qemu from
	doing anything with the vfio group device.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix docs generator regression in previous commit
	The previous commit failed to update the XSL to take account
	of fact that in XHTML mode the elements need namespace
	prefixes. This caused every web page to be blank!

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix multiple formatting problems in HTML docs
	The rule generating the HTML docs passing the --html flag
	to xsltproc. This makes it use the legacy HTML parser, which
	either ignores or tries to fix all sorts of broken XML tags.
	There's no reason why we should be writing broken XML in
	the first place, so removing --html and adding the XHTML
	doctype to all files forces us to create good XML.

	This adds the XHTML doc type and fixes many, many XML tag
	problems it exposes.

2013-05-03  Guido Günther  <agx@sigxcpu.org>

	Make detect_scsi_host_caps a function on all architectures
	In the non linux case some callers like gather_scsi_host_caps needed the
	return code of -1 while others like update_caps needed an empty
	statement (to avoid a "statement without effect" warning). This is much
	simpler solved by using a function instead of a define.

	Fixup rpcgen code on kFreeBSD too
	since it uses glibc's rpcgen.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Ignore 'uri' parameter in lockd driver
	A 'uri' parameter was added for the benefit of sanlock. This
	causes a warning in the lockd driver though

	2013-05-03 13:20:35.347+0000: 28403: error : virLockManagerLockDaemonNew:482 : internal error Unexpected parameter uri for object

	Ignore this parameter, since lockd does not require it and it
	is harmless if not used.

2013-05-03  Laine Stump  <laine@laine.org>

	network: fix network driver startup for qemu:///session
	This should resolve https://bugzilla.redhat.com/show_bug.cgi?id=958907

	Recent new addition of code to read/write active network state to the
	NETWORK_STATE_DIR in the network driver broke startup for
	qemu:///session. The network driver had several state file paths
	hardcoded to /var, which could never possibly work in session mode.

	This patch modifies *all* state files to use a variable string that is
	set differently according to whether or not we're running
	privileged. (It turns out that logDir was never used, so it's been
	completely eliminated.)

	There are very definitely other problems preventing dnsmasq and radvd
	from running in non-privileged mode, but it's more consistent to have
	the directories used by them be determined in the same fashion.

	NB: I've noted before that the network driver is storing its state
	(including dnsmasq and radvd state) in /var/lib, while qemu stores its
	state in /var/run. It would probably have been better if the two
	matched, but it's been this way for a long time, and changing it would
	break running installations during an upgrade, so it's best to just
	leave it as it is.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix warning about unsupported cookie flags in QEMU driver
	The QEMU migration code unconditionally sets the 'persistent'
	cookie flag on the source host. The dest host, however, only
	allows it during parsing if VIR_MIGRATE_PERSIST_DEST was
	set. Make the source host only set it if this flag is
	present.

	Fix release of resources with lockd plugin
	The lockd plugin for the lock manager was not correctly
	handling the release of resource locks. This meant that
	during migration, or when pausing a VM, the locks would
	not get released. This in turn made it impossible to
	resume the domain, or finish migration

	Fix F_DUPFD_CLOEXEC operation args
	The F_DUPFD_CLOEXEC operation with fcntl() expects a single
	int argument, specifying the minimum FD number for the newly
	dup'd file descriptor. We were not specifying that causing
	random stack data to be accessed as the FD number. Sometimes
	that worked, sometimes it didn't.

2013-05-03  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable cast of pthread_t
	POSIX says pthread_t is opaque.  We can't guarantee if it is scaler
	or a pointer, nor what size it is; and BSD differs from Linux.
	We've also had reports of gcc complaining on attempts to cast it,
	if we use a cast to the wrong type (for example, pointers have to be
	cast to void* or intptr_t before being narrowed; while casting a
	function return of scalar pthread_t to void* triggers a different
	warning).

	Give up on casts, and use unions to get at decent bits instead.  And
	rather than futz around with figuring which 32 bits of a potentially
	64-bit pointer are most likely to be unique, convert the rest of
	the code base to use 64-bit values when using a debug id.

	Based on a report by Guido Günther against kFreeBSD, but with a
	fix that doesn't regress commit 4d970fd29 for FreeBSD.

	* src/util/virthreadpthread.c (virThreadSelfID, virThreadID): Use
	union to get at a decent bit representation of thread_t bits.
	* src/util/virthread.h (virThreadSelfID, virThreadID): Alter
	signature.
	* src/util/virthreadwin32.c (virThreadSelfID, virThreadID):
	Likewise.
	* src/qemu/qemu_domain.h (qemuDomainJobObj): Alter type of owner.
	* src/qemu/qemu_domain.c (qemuDomainObjTransferJob)
	(qemuDomainObjSetJobPhase, qemuDomainObjReleaseAsyncJob)
	(qemuDomainObjBeginNestedJob, qemuDomainObjBeginJobInternal): Fix
	clients.
	* src/util/virlog.c (virLogFormatString): Likewise.
	* src/util/vireventpoll.c (virEventPollInterruptLocked):
	Likewise.

2013-05-03  Laine Stump  <laine@laine.org>

	build: fix make rpm failure
	Commit 297c99a accidentally put a { where a ( belonged, causing make
	rpm to fail.

2013-05-03  Daniel P. Berrange  <berrange@redhat.com>

	More paranoid initialization of 'nparams' variable in dispatch code
	Since the 'nparams' variable passed to virTypedParametersFree is
	supposed to represent the size of the 'params' array, it is bad
	practice to initialize it to a non-zero value, until the array
	has been allocated.

	Fix potential use of undefined variable in remote dispatch code
	If an early dispatch check caused a jump to the 'cleanup' branch
	then virTypeParamsFree() would be called with an uninitialized
	'nparams' variable. Fortunately 'params' is initialized to NULL,
	so the uninitialized 'nparams' variable would not be used.

	Remove redundant () in expression
	The use of () in a simple boolean comparison was not
	required

	Fix format string handling in network driver
	The call to virReportError conditionally switched between
	two format strings, with different numbers of placeholders.
	This meant the format string with no placeholders was not
	protected by a "%s".

2013-05-03  Ján Tomko  <jtomko@redhat.com>

	docs: fix 'since' for socket path generation
	Commit 297c99a says it works from 1.0.5 but it only got pushed
	after the 1.0.5 release.

2013-05-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Reduce code duplication in generator

2013-05-03  Jim Fehlig  <jfehlig@suse.com>

	build: Fix build when WITH_HAL is defined
	Commit 7c9a2d88 missed inclusion of virstring.h in a few places
	when WITH_HAL is defined, causing build failures.

2013-05-02  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of vbox
	More fallout from commit 7c9a2d88 dropping too many headers.  Fixes:

	In file included from ../../src/vbox/vbox_glue.c:26:0:
	../../src/vbox/vbox_MSCOMGlue.c: In function 'vboxLookupVersionInRegistry':
	../../src/vbox/vbox_MSCOMGlue.c:435:5: error: implicit declaration of function 'virParseVersionString' [-Werror=implicit-function-declaration]
	...
	../../src/vbox/vbox_driver.c: In function 'vboxConnectOpen':
	../../src/vbox/vbox_driver.c:147:5: error: implicit declaration of function 'getuid' [-Werror=implicit-function-declaration]
	../../src/vbox/vbox_driver.c:147:5: error: nested extern declaration of 'getuid' [-Werror=nested-externs]

	* src/vbox/vbox_MSCOMGlue.c (includes): Add missing includes.
	* src/vbox/vbox_driver.c (includes): Likewise.

2013-05-02  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of virprocess.c
	Commit 776d49f4 added a static function that is only called
	conditionally; leading to this compile error on mingw:

	  CC       libvirt_util_la-virprocess.lo
	../../src/util/virprocess.c:624:26: error: 'struct rlimit' declared inside parameter list [-Werror]
	../../src/util/virprocess.c:624:26: error: its scope is only this definition or declaration, which is probably not what you want [-Werror]
	../../src/util/virprocess.c:622:1: error: 'virProcessPrLimit' defined but not used [-Werror=unused-function]

	* src/util/virprocess.c (virProcessPrLimit): Only declare
	virProcessPrLimit when used.

2013-05-02  Eric Blake  <eblake@redhat.com>

	build: fix FreeBSD build
	Commit 7c9a2d88 cleaned up too many headers; FreeBSD builds
	failed due to:

	util/virutil.c:556: warning: implicit declaration of function 'canonicalize_file_name'

	(Not sure which Linux header leaked this declaration, but gnulib
	only guarantees it in stdlib.h)

	libvirt.c:956: warning: implicit declaration of function 'virGetUserConfigDirectory'

	(Here, a build on Linux was picking up virutil.h indirectly via
	one of the conditional driver headers, where that driver was not
	being built on my FreeBSD setup)

	* src/util/virutil.c (includes): Need <stdlib.h> for
	canonicalize_file_name.
	* src/libvirt.c (includes): Use "virutil.h" unconditionally,
	rather than relying on conditional indirect inclusion.

2013-05-02  Eric Blake  <eblake@redhat.com>

	build: avoid useless virAsprintf
	virAsprintf(&foo, "%s", bar) is wasteful compared to
	foo = strdup(bar) (or eventually, VIR_STRDUP(foo, bar),
	but one thing at a time...).

	Noticed while reviewing Laine's attempt to clean up broken
	qemu:///session.

	* cfg.mk (sc_prohibit_asprintf): Enhance rule.
	* src/esx/esx_storage_backend_vmfs.c
	(esxStorageBackendVMFSVolumeLookupByKey): Fix offender.
	* src/network/bridge_driver.c (networkStateInitialize): Likewise.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopDHCPOpen):
	Likewise.
	* src/storage/storage_backend_sheepdog.c
	(virStorageBackendSheepdogRefreshVol): Likewise.
	* src/util/vircgroup.c (virCgroupAddTaskStrController): Likewise.
	* src/util/virdnsmasq.c (addnhostsAdd): Likewise.
	* src/xen/block_stats.c (xenLinuxDomainDeviceID): Likewise.
	* src/xen/xen_driver.c (xenUnifiedConnectOpen): Likewise.
	* tools/virsh.c (vshGetTypedParamValue): Likewise.

2013-05-02  Eric Blake  <eblake@redhat.com>

	build: always include sanitytest in tarball
	The libvirt 1.0.5 tarball is missing a file which renders 'make
	check' broken; first reported on list by Guido Günther.

	* python/Makefile.am (EXTRA_DIST): Hoist sanitytest.py out of
	HAVE_PYTHON conditional.

2013-05-02  Laine Stump  <laine@laine.org>

	util: fix compile errors caused by moving string functions
	commit 7c9a2d8 missed adding in a few #include "virstring.h"s, causing
	builds to fail.

2013-05-02  Michal Privoznik  <mprivozn@redhat.com>

	virutil: Move string related functions to virstring.c
	The source code base needs to be adapted as well. Some files
	include virutil.h just for the string related functions (here,
	the include is substituted to match the new file), some include
	virutil.h without any need (here, the include is removed), and
	some require both.

2013-05-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Generate agent socket path if missing
	It's not desired to force users imagine path for a socket they
	are not even supposed to connect to. On the other hand, we
	already have a release where the qemu agent socket path is
	exposed to XML, so we cannot silently drop it from there.
	The new path is generated in form:

	$LOCALSTATEDIR/lib/libvirt/qemu/channel/target/$domain.$name

	for qemu system mode, and

	$XDG_CONFIG_HOME/qemu/lib/channel/target/$domain.$name

	for qemu session mode.

2013-05-02  Guido Günther  <agx@sigxcpu.org>

	virInitctlRequest: unbreak make syntax check
	introduced by dcf97846d54b9ae20181f0f29c684b6ae4de89ee

	To trigger this cppi needs to be installed.

2013-05-02  Guido Günther  <agx@sigxcpu.org>

	virInitctlRequest: unbreak make syntax check
	introduced by dcf97846d54b9ae20181f0f29c684b6ae4de89ee

2013-05-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.5
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: pulled and merged a number of new localization updates

2013-05-02  Guido Günther  <agx@sigxcpu.org>

	virInitctlRequest: Don't hardcode 384 bytes size
	When MAXHOSTNAMELEN is set we have to take it's value into account.
	Otherwise the build fails on kFreeBSD (FreeBSD kernel and GNU userland)

2013-05-02  Laine Stump  <laine@laine.org>

	pci: autolearn name of stub driver, remove from arglist
	virPCIDeviceReattach and virPCIDeviceUnbindFromStub (called by
	virPCIDeviceReattach) had previously required the name of the stub
	driver as input. This is unnecessary, because the name of the driver
	the device is currently bound to can be found by looking at the link:

	  /sys/bus/pci/dddd:bb:ss.ff/driver

	Instead of requiring that the name of the expected stub driver name
	and only unbinding if that one name is matched, we no longer take a
	driver name in the arglist for either of these
	functions. virPCIDeviceUnbindFromStub just compares the name of the
	currently bound driver to a list of "well known" stubs (right now
	contains "pci-stub" and "vfio-pci" for qemu, and "pciback" for xen),
	and only performs the unbind if it's one of those devices.

	This allows virsh nodedevice-reattach to work properly across a
	libvirtd restart, and fixes a couple of cases where we were
	erroneously still hard-coding "pci-stub" as the drive name.

	For some unknown reason, virPCIDeviceReattach had been calling
	modprobe on the stub driver prior to unbinding the device. This was
	problematic because we no longer know the name of the stub driver in
	that function. However, it is pointless to probe for the stub driver
	at that time anyway - because the device is bound to the stub driver,
	we are guaranteed that it is already loaded, and so that call to
	modprobe has been removed.

2013-05-02  Eric Blake  <eblake@redhat.com>

	spec: collect all BuildRequires into one area
	Conditional BuildRequires: should be at the top level, rather
	than appearing in conditional sub-package sections.  This
	appears to be the only offender.

	* libvirt.spec.in (BuildRequires): Move libblkid-devel into
	correct area.

2013-05-01  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Fix closing tag in snapshot documentation
	Commit cc6d19f3 added text containing "<code>snapshot<code>" to
	formatsnapshot.html.in. The closing tag is missing '/' which causes
	the documentation to misrender.

2013-05-01  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Fix DISPATCH_FREE generation code to free all extended objects
	Python code generator "generate_source" section that handles
	code generation to "free" inherited objects needs to generate
	DISPATCH_FREE calls for all extended_by objects.

2013-05-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Do not generate a default USB controller
	For s390 we don't want to have a default USB device generated even
	if QEMU is silently tolerating -usb on the command line. This may change
	in the future.
	Another reason to avoid the USB controller is that it implies a PCI
	bus which might cause a regression at some later point in time.
	The following change will set the USB controller model to 'none'
	unless a model or address has been specified, which can be the case
	if a legacy definition is loaded or the XML writer knows what
	she/he's doing.
	Requiring the user to explicitly disable USB on systems not supporting
	it seems cumbersome.

	S390: Mention changed USB behavior
	Add a line saying that no USB controllers are generated by default
	on s390.

2013-05-01  Laine Stump  <laine@laine.org>

	qemu: fix failure to start with spice graphics and no tls
	Commit eca3fdf inadvertantly caused a failure to start for any domain
	with the following in its config:

	    <graphics type='spice' autoport='yes'/>

	The problem is that when tlsPort == 0 and defaultMode == "any" (which
	is the default for defaultMode), this would be flagged in the code as
	"needTLSPort", and if there was then no spice tls config, the new
	error+fail would happen.

	This patch checks for the case of defaultMode == "any", and in that
	case simply doesn't allocate a TLS port (since that's probably not
	what the user wanted, and it would have failed later anyway.). It does
	leave the error in place for cases when the user specifically asked to
	use tls in one way or another, though.

2013-04-30  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build in virnetdev
	On cygwin, compilation failed because SIOCSIFHWADDR is undefined.

	* src/util/virnetdev.c (virNetDevSetMAC): Cygwin can query but not
	set mac address.

2013-04-30  John Ferlan  <jferlan@redhat.com>

	Need to call virFreeError after virSaveLastError

2013-04-30  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error
	As a result of commit id '19c345f2', 'make -C tests valgrind' has the
	following for qemuxml2argvtest:

	==22482== 197 (80 direct, 117 indirect) bytes in 1 blocks are definitely lost in loss record 101 of 120
	==22482==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==22482==    by 0x4C6F301: virAlloc (viralloc.c:124)
	==22482==    by 0x4C840FC: virSaveLastError (virerror.c:308)
	==22482==    by 0x431882: qemuBuildCommandLine (qemu_command.c:8204)
	==22482==    by 0x41E8F0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:155)
	==22482==    by 0x41FE9F: virtTestRun (testutils.c:157)
	==22482==    by 0x419DEB: mymain (qemuxml2argvtest.c:654)
	==22482==    by 0x4204DA: virtTestMain (testutils.c:719)
	==22482==    by 0x39D0821A04: (below main) (libc-start.c:225)
	==22482==

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	libvirt-guests: status: return non-zero when stopped
	Return 3 when the service is stopped, whether there
	are saved guests or not, to conform with the LSB standards:

	http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html

2013-04-30  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	portability: handle ifreq differences in virnetdev
	FreeBSD (and maybe other BSDs) have different member
	names in struct ifreq when compared to Linux, such as:

	 - uses ifr_data instead of ifr_newname for setting
	   interface names
	 - uses ifr_index instead of ifr_ifindex for interface
	   index

	Also, add a check for SIOCGIFHWADDR for virNetDevValidateConfig().

	Use AF_LOCAL if AF_PACKET is not available.

2013-04-30  Laine Stump  <laine@laine.org>

	security driver: eliminate memory leaks in failure paths
	If virPCIDeviceGetVFIOGroupDev() failed,
	virSecurity*(Set|Restore)HostdevLabel() would fail to free a
	virPCIDevice that had been allocated.

	These leaks were all introduced (by me) very recently, in commit
	f0bd70a.

2013-04-30  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix double-dispose of libxl domain config
	libxlBuildDomainConfig() was disposing the libxl_domain_config object
	on error, only to have it disposed again by libxlBuildDomainConfig()'s
	caller, which resulted in a segfault.  Leave disposing of the config
	object to it's owner.

2013-04-30  Martin Kletzander  <mkletzan@redhat.com>

	esx: Support virtualHW version 9
	We already support ESX 5.1, but virtualHW version used by such
	hypervisor [1] wasn't taken into account.

	[1] http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1003746

2013-04-30  Martin Kletzander  <mkletzan@redhat.com>

	Fix typo in augeas comment

2013-04-30  Eric Blake  <eblake@redhat.com>

	build: mark conditionally unused variables
	These fixes solve a compilation failure on FreeBSD:

	util/virnetdevtap.c: In function 'virNetDevTapGetName':
	util/virnetdevtap.c:56: warning: unused parameter 'tapfd' [-Wunused-parameter]
	util/virnetdevtap.c:56: warning: unused parameter 'ifname' [-Wunused-parameter]

	* src/util/virnetdevtap.c (virNetDevTapGetName): Add attributes
	when TUNGETIFF is not present.

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	virsh: clarify vol-{down,up}load description
	Mention file/volume contents instead of just 'file'/'volume'.

	Also change Download->download in vol-download help,
	to be consistent with other volume commands.

	https://bugzilla.redhat.com/show_bug.cgi?id=955537

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	qemu: report an error if memballoon has wrong address type
	qemuBuildMemballoonDevStr returns NULL if memballoon doesn't have
	the right address type, but it doesn't report an error, leading to:
	error: An error occurred, but the cause is unknown

	Report a helpful error message instead, e.g.:
	error: XML error: memballoon unsupported with address type 'usb'

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	qemu: assign addresses when converting xml to native
	This adds addresses to domxml-to-native output and chooses
	the correct virtio devices for ccw and s390 machines.

	https://bugzilla.redhat.com/show_bug.cgi?id=957077

2013-04-30  Ján Tomko  <jtomko@redhat.com>

	virsh: fix incorrect argument errors for long options
	For long options, print:
	* the option as specified by the user if it's unknown
	* the canonical long option if its argument is not
	  a number (and should be)

	And for missing arguments, print both the short and
	the long option name.
	(Doing only one of those would require either parsing
	argv ourselves or let getopt print the errors, since
	we can't tell long and short options apart by optopt
	or longindex)

	https://bugzilla.redhat.com/show_bug.cgi?id=949373

	Unsupported long option:

	$ virsh --pm
	Before:
	error: unsupported option '-
	After:
	error: unsupported option '--pm'. See --help.

	Missing parameter:

	$ virsh --deb
	Before:
	error: option '-d' requires an argument
	After:
	error: option '-d'/'--debug' requires an argument

	$ virsh -rd
	Before:
	error: option '-d' requires an argument
	After:
	error: option '-d'/'--debug' requires an argument

	Non-numeric parameter:

	$ virsh --deb duck
	Before:
	error: option -d takes a numeric argument
	After:
	error: option --debug takes a numeric argument

2013-04-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Error out if spice port autoallocation is requested, but disabled
	When a user requests auto-allocation of the spice TLS port but spice TLS
	is disabled in qemu.conf, we start the machine and let qemu fail instead
	of erroring out sooner.

	Add an error message so that this doesn't happen.

2013-04-30  Peter Krempa  <pkrempa@redhat.com>

	network: Don't remove transient network if creating of config file fails
	On the off-chance that creation of persistent configuration file would
	fail when defining a network that is already started as transient, the
	code would remove the transient data structure and thus the network.

	This patch changes the code so that in such case, the network is again
	marked as transient and left behind.

2013-04-30  Laine Stump  <laine@laine.org>

	qemu: put usb cgroup setup in common function
	The USB-specific cgroup setup had been inserted inline in
	qemuDomainAttachHostUsbDevice and qemuSetupCgroup, but now there is a
	common cgroup setup function called for all hostdevs, so it makes sens
	to put the usb-specific setup there and just rely on that function
	being called.

	The one thing I'm uncertain of here (and a reason for not pushing
	until after release) is that previously hostdev->missing was checked
	only when starting a domain (and cgroup setup for the device skipped
	if missing was true), but with this consolidation, it is now checked
	in the case of hotplug as well. I don't know if this will have any
	practical effect (does it make sense to hotplug a "missing" usb
	device?)

2013-04-30  Laine Stump  <laine@laine.org>

	qemu: add vfio devices to cgroup ACL when appropriate
	PCIO device assignment using VFIO requires read/write access by the
	qemu process to /dev/vfio/vfio, and /dev/vfio/nn, where "nn" is the
	VFIO group number that the assigned device belongs to (and can be
	found with the function virPCIDeviceGetVFIOGroupDev)

	/dev/vfio/vfio can be accessible to any guest without danger
	(according to vfio developers), so it is added to the static ACL.

	The group device must be dynamically added to the cgroup ACL for each
	vfio hostdev in two places:

	1) for any devices in the persistent config when the domain is started
	   (done during qemuSetupCgroup())

	2) at device attach time for any hotplug devices (done in
	   qemuDomainAttachHostDevice)

	The group device must be removed from the ACL when a device it
	"hot-unplugged" (in qemuDomainDetachHostDevice())

	Note that USB devices are already doing their own cgroup setup and
	teardown in the hostdev-usb specific function. I chose to make the new
	functions generic and call them in a common location though. We can
	then move the USB-specific code (which is duplicated in two locations)
	to this single location. I'll be posting a followup patch to do that.

2013-04-29  Ján Tomko  <jtomko@redhat.com>

	qemu: honor allowDiskFormatProbing when parsing command line
	My commit 024e9af broke this.

2013-04-27  Ján Tomko  <jtomko@redhat.com>

	conf: add missing error on OOM
	I removed it in 5c3d5b2 by accident.

2013-04-27  Ján Tomko  <jtomko@redhat.com>

	qemu: prevent invalid reads in qemuAssignDevicePCISlots
	Don't reserve slot 2 for video if the machine has no PCI buses.
	Error out when the user specifies a video device without
	a PCI address when there are no PCI buses.

	(This wouldn't work on a machine with no PCI bus anyway since
	we do add PCI addresses for video devices to the command line)

2013-04-27  Ján Tomko  <jtomko@redhat.com>

	qemu: don't always reserve PCI addresses for implicit controllers
	In the past we automatically added a USB controller and assigned
	it a PCI address (0:0:1.2) even on machines without a PCI bus.
	This didn't break machines with no PCI bus  because the command
	line for it is just '-usb', with no mention of the PCI bus.

	The implicit IDE controller (reserved address 0:0:1.1) has
	no command line at all.

	Commit b33eb0dc removed the ability to reserve PCI addresses
	on machines without a PCI bus. This made them stop working,
	since there would always be the implicit USB controller.

	Skip the reservation of addresses for these controllers when
	there is no PCI bus, instead of failing.

2013-04-27  Laine Stump  <laine@laine.org>

	conf: remove extraneous _TYPE from driver backend enums
	This isn't strictly speaking a bugfix, but I realized I'd gotten a bit
	too verbose when I chose the names for
	VIR_DOMAIN_HOSTDEV_PCI_BACKEND_TYPE_*. This shortens them all a bit.

2013-04-27  Laine Stump  <laine@laine.org>

	network: support <driver name='vfio'/> in network definitions
	I remembered to document this bit, but somehow forgot to implement it.

	This adds <driver name='kvm|vfio'/> as a subelement to the <forward>
	element of a network (this puts it parallel to the match between
	mode='hostdev' attribute in a network and type='hostdev' in an
	<interface>).

	Since it's already documented, only the parser, formatter, backend
	driver recognition (it just translates/moves the flag into the
	<interface> at the appropriate time), and a test case were needed.

	(I used a separate enum for the values both because the original is
	defined in domain_conf.h, which is unavailable from network_conf.h,
	and because in the future it's possible that we may want to support
	other non-hostdev oriented driver names in the network parser; this
	makes sure that one can be expanded without the other).

2013-04-26  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: launch bridge helper from libvirtd
	<source type='bridge'> uses a helper application to do the necessary
	TUN/TAP setup to use an existing network bridge, thus letting
	unprivileged users use TUN/TAP interfaces.

	However, libvirt should be preventing QEMU from running any setuid
	programs at all, which would include this helper program.  From
	a security POV, any setuid helper needs to be run by libvirtd itself,
	not QEMU.

	This is what this patch does.  libvirt now invokes the setuid helper,
	gets the TAP fd and then passes it to QEMU in the normal manner.
	The path to the helper is specified in qemu.conf.

	As a small advantage, this adds a <target dev='tap0'/> element to the
	XML of an active domain using <interface type='bridge'>.

2013-04-26  Paolo Bonzini  <pbonzini@redhat.com>

	virnetdevtap: add virNetDevTapGetName
	This will be used on a tap file descriptor returned by the bridge helper
	to populate the <target> element, because the helper does not provide
	the interface name.

2013-04-26  Ján Tomko  <jtomko@redhat.com>

	qemu: don't assign a PCI address to 'none' USB controller
	Adjust the usb-none test, since it gives the memballoon a lower PCI slot now.
	Add a test for 'none' controller on s390, which doesn't have PCI buses.

2013-04-26  Bamvor Jian Zhang  <bjzhang@suse.com>

	fix segfault during virsh save in pv guest
	this patch fix the wrong sequence for fd and timeout register. the sequence
	was right in dfa1e1dd for fd register, but it changed in e0622ca2.
	in this patch, set priv, xl_priv in info and increase info->priv ref count
	before virEventAddHandle. if do this after virEventAddHandle, the fd
	callback or fd deregister maybe got the empty priv, xl_priv or wrong ref
	count.

	after apply this patch, test more than 100 rounds passed compare to fail
	within 3 rounds without this patch. each round includes define -> start ->
	destroy -> create -> suspend -> resume -> reboot -> shutdown -> save ->
	resotre -> dump -> destroy -> create -> setmem -> setvcpus -> destroy.

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: set qemu process' RLIMIT_MEMLOCK when VFIO is used
	VFIO requires all of the guest's memory and IO space to be lockable in
	RAM. The domain's max_balloon is the maximum amount of memory the
	domain can have (in KiB). We add a generous 1GiB to that for IO space
	(still much better than KVM device assignment, where the KVM module
	actually *ignores* the process limits and locks everything anyway),
	and convert from KiB to bytes.

	In the case of hotplug, we are changing the limit for the already
	existing qemu process (prlimit() is used under the hood), and for
	regular commandline additions of vfio devices, we schedule a call to
	setrlimit() that will happen after the qemu process is forked.

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: use new virCommandSetMax(Processes|Files)
	These were previously being set in a custom hook function, but now
	that virCommand directly supports setting them, we can eliminate that
	part of the hook and call the APIs directly.

2013-04-26  Laine Stump  <laine@laine.org>

	util: new virCommandSetMax(MemLock|Processes|Files)
	This patch adds two sets of functions:

	1) lower level virProcessSet*() functions that will immediately set
	the RLIMIT_MEMLOCK. RLIMIT_NPROC, or RLIMIT_NOFILE of either the
	current process (using setrlimit()) or any other process (using
	prlimit()). "current process" is indicated by passing a 0 for pid.

	2) functions for virCommand* that will setup a virCommand object to
	set those limits at a later time just after it has forked a new
	process, but before it execs the new program.

	configure.ac has prlimit and setrlimit added to the list of functions
	to check for, and the low level functions log an "unsupported" error)
	on platforms that don't support those functions.

2013-04-26  Daniel P. Berrange  <berrange@redhat.com>

	Do proper escaping of cgroup resource partitions
	If a user cgroup name begins with "cgroup.", "_" or with any of
	the controllers from /proc/cgroups followed by a dot, then they
	need to be prefixed with a single underscore. eg if there is
	an object "cpu.service", then this would end up as "_cpu.service"
	in the cgroup filesystem tree, however, "waldo.service" would
	stay "waldo.service", at least as long as nobody comes up with
	a cgroup controller called "waldo".

	Since we require a '.XXXX' suffix on all partitions, there is
	no scope for clashing with the kernel 'tasks' and 'release_agent'
	files.

2013-04-26  Daniel P. Berrange  <berrange@redhat.com>

	Ensure all cgroup partitions have a suffix of ".partition"
	If the partition named passed in the XML does not already have
	a suffix, ensure it gets a '.partition' added to each component.
	The exceptions are /machine, /user and /system which do not need
	to have a suffix, since they are fixed partitions at the top
	level.

	Change VM cgroup suffix from '{lxc,qemu}.libvirt' to 'libvirt-{lxc,qemu}'
	Recently we changed to create VM cgroups with the naming pattern
	$VMNAME.$DRIVER.libvirt. Following discussions with the systemd
	community it was decided that only having a single '.' in the
	names is preferrable. So this changes the naming scheme to be
	$VMNAME.libvirt-$DRIVER. eg for LXC 'mycontainer.libvirt-lxc' or
	for KVM 'myvm.libvirt-qemu'.

2013-04-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	test: Add JSON test for query-tpm-types
	Add a test case for query-tpm-models QMP command.

2013-04-26  Eric Blake  <eblake@redhat.com>

	virsh: suppress aliases in group help
	'virsh help | grep nodedev-det' shows only nodedev-detach, but
	'virsh help nodedev | grep nodedev-det' also shows the old alias
	nodedev-dettach that we intentionally hid in commit af3f9aab.

	See also commit 787f4fe and this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=956966

	* tools/virsh.c (vshCmdGrpHelp): Copy suppression of vshCmdHelp.

2013-04-26  Laine Stump  <laine@laine.org>

	security: update hostdev labelling functions for VFIO
	Legacy kvm style pci device assignment requires changes to the
	labelling of several sysfs files for each device, but for vfio device
	assignment, the only thing that needs to be relabelled/chowned is the
	"group" device for the group that contains the device to be assigned.

	util: new function virPCIDeviceGetVFIOGroupDev
	Given a virPCIDevice, this function returns the path for the device
	that controls the vfio group the device belongs to,
	e.g. "/dev/vfio/15".

	virsh: use new virNodeDeviceDetachFlags
	The virsh nodedev-detach command has a new --driver option. If it's
	given virsh will attempt to use the new virNodeDeviceDetachFlags API
	instead of virNodeDeviceDettach. Validation of the driver name string
	is left to the hypervisor (qemu accepts "kvm" or "vfio". The only
	other hypervisor that implements these functions is xen, and it only
	accepts NULL).

2013-04-26  Laine Stump  <laine@laine.org>

	xen: implement virNodeDeviceDetachFlags backend
	This was the only hypervisor driver other than qemu that implemented
	virNodeDeviceDettach. It doesn't currently support multiple pci device
	assignment driver backends, but it is simple to plug in this new API,
	which will make it easier for Xen people to fill it in later when they
	decide to support VFIO (or whatever other) device assignment. Also it
	means that management applications will have the same API available to
	them for both hypervisors on any given version of libvirt.

	The only acceptable value for driverName in this case is NULL, since
	there is no alternate, and I'm not willing to pick a name for the
	default driver used by Xen.

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: implement virNodeDeviceDetachFlags backend
	The differences from virNodeDeviceDettach are very minor:

	1) Check that the flags are 0.

	2) Set the virPCIDevice's stubDriver according to the driverName that
	   is passed in.

	3) Call virPCIDeviceDetach with a NULL stubDriver, indicating it
	   should get the name of the stub driver from the virPCIDevice
	   object.

2013-04-26  Laine Stump  <laine@laine.org>

	hypervisor api: implement RPC calls for virNodeDeviceDetachFlags
	This requires a custom function for remoteNodeDeviceDetachFlags,
	because it is named *NodeDevice, but it goes through the hypervisor
	driver rather than nodedevice driver, and so it uses privateData
	instead of nodeDevicePrivateData. (It has to go through the hypervisor
	driver, because that is the driver that knows about the backend drivers
	that will perform the pci device assignment).

	hypervisor api: new virNodeDeviceDetachFlags
	The existing virNodeDeviceDettach() assumes that there is only a
	single PCI device assignment backend driver appropriate for any
	hypervisor. This is no longer true, as the qemu driver is getting
	support for PCI device assignment via VFIO. The new API
	virNodeDeviceDetachFlags adds a driverName arg that should be set to
	the exact same string set in a domain <hostdev>'s <driver name='x'/>
	element (i.e. "vfio", "kvm", or NULL for default). It also adds a
	flags arg for good measure (and because it's possible we may need it
	when we start dealing with VFIO's "device groups").

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: bind/unbind stub driver according to config <driver name='x'/>
	If the config for a device has specified <driver name='vfio'/>,
	"backend" in the pci part of the hostdev object will be set to
	..._VFIO. In this case, when creating a virPCIDevice set the
	stubDriver to "vfio-pci", otherwise set it to "pci-stub". We will rely
	on the lower levels to report an error if the vfio driver isn't
	loaded.

	The detach/attach functions in virpci.c will pay attention to the
	stubDriver setting in the device, and bind/unbind the appropriate
	driver when preparing hostdevs for the domain.

	Note that we don't yet attempt to do anything to mark active any other
	devices in the same vfio "group" as a single device that is being
	marked active. We do need to do that, but in order to get basic VFIO
	functionality testing sooner rather than later, initially we'll just
	live with more cryptic errors when someone tries to do that.

2013-04-26  Laine Stump  <laine@laine.org>

	pci: keep a stubDriver in each virPCIDevice
	This can be set when the virPCIDevice is created and placed on a list,
	then used later when traversing the list to determine which stub
	driver to bind/unbind for managed devices.

	The existing Detach and Attach functions' signatures haven't been
	changed (they still accept a stub driver name in the arg list), but if
	the arg list has NULL for stub driver and one is available in the
	device's object, that will be used. (we may later deprecate and remove
	the arg from those functions).

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: use vfio-pci on commandline when appropriate
	The device option for vfio-pci is nearly identical to that for
	pci-assign - only the configfd parameter isn't supported (or needed).

	Checking for presence of the bootindex parameter is done separately
	from constructing the commandline, similar to how it is done for
	pci-assign.

	This patch contains tests to check for proper commandline
	construction. It also includes tests for parser-formatter-parser
	roundtrips (xml2xml), because those tests use the same data files, and
	would have failed had they been included before now.

	qemu: xml/args tests for VFIO hostdev and <interface type='hostdev'/>

	These should be squashed in with the patch that adds commandline
	handling of vfio (they would fail at any earlier time).

2013-04-26  Laine Stump  <laine@laine.org>

	conf: formatter/parser/RNG/docs for hostdev <driver name='kvm|vfio'/>
	A domain's <interface> or <hostdev>, as well as a <network>'s
	<forward>, can now have an optional <driver name='kvm|vfio'/>
	element. As of this patch, there is no functionality behind this new
	knob - this patch adds support to the domain and network
	formatter/parser, and to the RNG and documentation.

	When the backend is added, legacy KVM PCI device assignment will
	continue to be used when no driver name is specified (or if <driver
	name='kvm'/> is specified), but if driver name is 'vfio', the new UEFI
	Secure Boot compatible VFIO device assignment will be used.

	Note that the parser doesn't automatically insert the current default
	value of this setting. This is done on purpose because the two
	possibilities are functionally equivalent from the guest's point of
	view, and we want to be able to automatically start using vfio as the
	default (even for existing domains) at some time in the future. This
	is similar to what was done with the "vhost" driver option in
	<interface>.

2013-04-26  Laine Stump  <laine@laine.org>

	conf: put hostdev pci address in a struct
	There will soon be other items related to pci hostdevs that need to be
	in the same part of the hostdevsubsys union as the pci address (which
	is currently a single member called "pci". This patch replaces the
	single member named pci with a struct named pci that contains a single
	member named "addr".

2013-04-26  Laine Stump  <laine@laine.org>

	qemu: detect vfio-pci device and its bootindex parameter
	QEMU_CAPS_DEVICE_VFIO_PCI is set if the device named "vfio-pci" is
	supported in the qemu binary.

	QEMU_CAPS_VFIO_PCI_BOOTINDEX is set if the vfio-pci device supports
	the "bootindex" parameter;  for some reason, the bootindex parameter
	wasn't included in early versions of vfio support (qemu 1.4) so we
	have to check for it separately from vfio itself.

2013-04-25  Eric Blake  <eblake@redhat.com>

	build: avoid unsafe functions in libgen.h
	POSIX says that both basename() and dirname() may return static
	storage (aka they need not be thread-safe); and that they may but
	not must modify their input argument.  Furthermore, <libgen.h>
	is not available on all platforms.  For these reasons, you should
	never use these functions in a multi-threaded library.

	Gnulib instead recommends a way to avoid the portability nightmare:
	gnulib's "dirname.h" provides useful thread-safe counterparts.  The
	obvious dir_name() and base_name() are GPL (because they malloc(),
	but call exit() on failure) so we can't use them; but the LGPL
	variants mdir_name() (malloc's or returns NULL) and last_component
	(always points into the incoming string without modifying it,
	differing from basename semantics only on corner cases like the
	empty string that we shouldn't be hitting in the first place) are
	already in use in libvirt.  This finishes the swap over to the safe
	functions.

	* cfg.mk (sc_prohibit_libgen): New rule.
	* src/util/vircgroup.c: Fix offenders.
	* src/parallels/parallels_storage.c (parallelsPoolAddByDomain):
	Likewise.
	* src/parallels/parallels_network.c (parallelsGetBridgedNetInfo):
	Likewise.
	* src/node_device/node_device_udev.c (udevProcessSCSIHost)
	(udevProcessSCSIDevice): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/util/virpci.c (virPCIGetDeviceAddressFromSysfsLink):
	Likewise.
	* src/util/virstoragefile.h (_virStorageFileMetadata): Avoid false
	positive.

2013-04-25  Christophe Fergeau  <cfergeau@redhat.com>

	Fix VIR_DOMAIN_EVENT_ID_PMSUSPEND capitalization in API doc
	It was written VIR_DOMAIN_EVENT_ID_PMSuspend

	Improve /domainsnapshot/disks/disk@snapshot doc
	The previous description was a bit confusing.

2013-04-25  Eric Blake  <eblake@redhat.com>

	qemu: fix build error with older platforms
	Jim Fehlig reported on IRC that older gcc/glibc triggers this warning:

	cc1: warnings being treated as errors
	qemu/qemu_domain.c: In function 'qemuDomainDefFormatBuf':
	qemu/qemu_domain.c:1297: error: declaration of 'remove' shadows a global declaration [-Wshadow]
	/usr/include/stdio.h:157: error: shadowed declaration is here [-Wshadow]
	make[3]: *** [libvirt_driver_qemu_impl_la-qemu_domain.lo] Error 1

	Fix it like we have done in the past (such as commit 2e6322a).

	* src/qemu/qemu_domain.c (qemuDomainDefFormatBuf): Avoid shadowing
	a function name.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	docs: fix memballoon examples
	Use a pair of 'memballoon' tags instead of single 'watchdog' one.
	Add a few missing colons.

	conf: reject controllers with duplicate indexes
	Reject multiple controllers with the same index,
	except for USB controllers.
	Multi-function USB controllers can have the same index.

	qemu: auto-add pci-root to 'pc-i440*' machines too
	Commit b33eb0d missed this machine type.

2013-04-25  Bamvor Jian Zhang  <bamv2005@gmail.com>

	fix typo introduced by 90430791

2013-04-25  Martin Kletzander  <mkletzan@redhat.com>

	Fix usb master startport parsing
	When all usb controllers connected to the same bus have <master
	startport='x'/> specified, none of them have 'id=usb' assigned and
	thus qemu fails due to invalid masterport specification (we use 'usb'
	for that purpose).  Adding a check that at least one of the
	controllers is specified without <master startport='x'/> and in case
	this happens, error out due to invalid configuration.

2013-04-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu_command.c: Fix whitespacing within for()
	After 9d6e56db the syntax-check was unhappy due to wrong whitespacing:

	  src/qemu/qemu_command.c:1637: for ( ; a.slot < QEMU_PCI_ADDRESS_SLOT_LAST; a.slot++) {
	  maint.mk: incorrect whitespace around brackets, see HACKING for rules
	  make: *** [bracket-spacing-check] Error 1

2013-04-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu_conf: Don't discard strdup OOM error
	After 78d7c3c5 we are strdup()-ing path to qemu-bridge-helper.
	However, the check for its return value is missing. So it is
	possible we've ignored the OOM error silently.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	qemu: auto-add bridges and allow using them
	Add a "dry run" address allocation to figure out how many bridges
	will be needed for all the devices without explicit addresses.

	Auto-add just enough bridges to put all the devices on, or up to the
	bridge with the largest specified index.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	qemu: auto-add pci-root controller for pc machine types
	<controller type='pci' index='0' model='pci-root'/>
	is auto-added to pc* machine types.
	Without this controller PCI bus 0 is not available and
	no PCI addresses are assigned by default.

	Since older libvirt supported PCI bus 0 even without
	this controller, it is removed from the XML when migrating.

2013-04-25  liguang  <lig.fnst@cn.fujitsu.com>

	qemu: build command line for pci-bridge device

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	conf: add PCI controllers
	Add new controller type 'pci' with models 'pci-root' and 'pci-bridge'.

2013-04-25  Ján Tomko  <jtomko@redhat.com>

	qemu: call post-parse callbacks when parsing command line too
	Now we set the default disk driver name when parsing
	the qemu command line too, hence all the test changes.

	Assume format type is 'auto' when none is specified on
	qemu command line.

2013-04-25  Osier Yang  <jyang@redhat.com>

	qemu: Fix the indention
	Pushed under trivial rule.

2013-04-25  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	qemu: Add command line builder and parser for NVRAM.
	This patch is to add command line builder and parser
	for NVRAM device, and add test cases.

2013-04-25  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add NVRAM device
	For pSeries guest in QEMU, NVRAM is one kind of spapr-vio device.
	Users are allowed to specify spapr-vio devices'address.
	But NVRAM is not supported in libvirt. So this patch is to
	add NVRAM device to allow users to specify its address.

	In QEMU, NVRAM device's address is specified by
	 "-global spapr-nvram.reg=xxxxx".

	In libvirt, XML file is defined as the following:

	  <nvram>
	    <address type='spapr-vio' reg='0x3000'/>
	  </nvram>

2013-04-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuBuildCommandLine: Don't overwrite errors with NWFilter's one
	Currently, if there has been an error in building command line
	process after virtual interfaces has been created, the flow jumps
	to 'error' label, where virDomainConfNWFilterTeardown() is
	called. This may report an error as well, but should not
	overwrite the original cause why we jumped to 'error' label.

2013-04-25  Peter Krempa  <pkrempa@redhat.com>

	doc: Clarify usage of SELinux baselabel
	State what fields are used when generating SELinux labels from a
	baselabel.

2013-04-25  Osier Yang  <jyang@redhat.com>

	Introduce a sub-element <driver> for controller
	Like what we did for "disk", "filesystem" and "interface", this
	introduces sub-element <driver> for "controller", and put the "queues"
	into it.

2013-04-25  Wido den Hollander  <wido@widodh.nl>

	qemu: Don't require a block or file when looking for an alias
	This for example prohibits you to use iotune for Ceph or Sheepdog devices.

2013-04-24  Osier Yang  <jyang@redhat.com>

	Change the tag name "num_queues" into "queues"
	Instead of making a choice between the underscore and camelCase, this
	simply changes "num_queues" into "queues", which is also consistent
	with Michal's multiple queue support for interface.

	util: Error out if the numa nodeset is out of range
	Instead of a silent warning, it's better to error out if the
	numa nodeset is out of range. Just like for numa node larger
	than NUMA_NUM_NODES.

2013-04-24  Peter Krempa  <pkrempa@redhat.com>

	selinux: Don't mask errors of virSecuritySELinuxGenNewContext
	Since cbe67ff9b0a5a94911afd4d12388bf182bcca86c
	virSecuritySELinuxGenNewContext reports good error messages. Fix callers
	that mask the errors by generic error message.

2013-04-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve handling of channels when generating SPICE command line
	Improve error reporting and generating of SPICE command line arguments
	according to the need to enable TLS. If TLS is disabled, there's no need
	to pass the certificate dir to qemu.

	This patch resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=953126

2013-04-24  Peter Krempa  <pkrempa@redhat.com>

	qemu: Do sensible auto allocation of SPICE port numbers
	With this patch, if the autoport attribute is used, the code will
	sensibly auto allocate the ports only if needed.

2013-04-24  Daniel P. Berrange  <berrange@redhat.com>

	Make driver method names consistent with public APIs
	Ensure that all drivers implementing public APIs use a
	naming convention for their implementation that matches
	the public API name.

	eg for the public API   virDomainCreate make sure QEMU
	uses qemuDomainCreate and not qemuDomainStart

2013-04-24  Daniel P. Berrange  <berrange@redhat.com>

	Dedicated name for sub-driver open/close methods
	It will simplify later work if the sub-drivers have dedicated
	APIs / field names. ie virNetworkDriver should have
	virDrvNetworkOpen and virDrvNetworkClose methods

	Rename 'DeviceMonitor' to 'NodeDeviceDriver'
	The driver.h struct for node devices used an inconsistent
	naming scheme 'DeviceMonitor' instead of the more usual
	'NodeDeviceDriver'. Fix this everywhere it has leaked
	out to.

	Sanitize whitespace in driver.h
	The driver.h file has no consistent indentation usage across
	all the typedefs. Attempts to vertically align struct field
	members have also been inconsistently applied. Sanitize the
	whitespace used for typedefs & remove all vertical alignment
	from structs

	Extend previous check to validate driver struct field names
	Ensure that the driver struct field names match the public
	API names. For an API virXXXX we must have a driver struct
	field xXXXX. ie strip the leading 'vir' and lowercase any
	leading uppercase letters.

	Ensure driver method names match public API names
	Ensure that the virDrvXXX method names exactly match
	the public APIs virYYY method names. ie XXX == YYY.
	Add a test case to prevent any regressions.

	Make naming of remote procedures match API names exactly
	A number of the remote procedure names did not match the
	corresponding API names. For example, many lacked the
	word 'CONNECT', others re-arranged the names. Update the
	procedures so their names exactly match the API names.
	Then remove the special case handling of these APIs in
	the generator

	Cleanup command line options in gendispatch.pl
	There are many declared options in gendispatch.pl that were
	no longer used. Those which were used were obscure '-b', '-k'
	and '-d'. Switch to use --mode={debug|client|server}.

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out SPICE port allocation into a separate function
	Later on this function will be used to do more sophisticated checks and
	determination if port allocation is needed.

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use switch instead of ifs in qemuBuildGraphicsCommandLine
	Switch the function from a bunch of ifs to a switch statement with
	correct type and reflow some code.

	Also fix comment in enum describing possible graphics types

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out code to generate VNC command line
	Decrease size of qemuBuildGraphicsCommandLine() by splitting out
	spice-related code into qemuBuildGraphicsVNCCommandLine().

	This patch also fixes 2 possible memory leaks on error path in the code
	that was split-out. The buffer containing the already generated options
	and a listen address string could be leaked.

	Also break a few very long lines and reflow code that fits now.

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out code to generate SPICE command line
	Decrease size of qemuBuildGraphicsCommandLine() by splitting out
	spice-related code into qemuBuildGraphicsSPICECommandLine().

	This patch also fixes 2 possible memory leaks on error path in the code
	that was split-out. The buffer containing the already generated options
	and a listen address string could be leaked.

	Also break a few very long lines.

2013-04-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use -machine accel=tcg|kvm when available
	This is a better interface to choose accelerator than guessing whether
	we should enable or disable kvm to get the right one.

	qemu: Move -enable-kvm and friends earlier in the command line

2013-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Switch to a more extensible annotation system for RPC protocols
	Currently the RPC protocol files can contain annotations after
	the protocol enum eg

	   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247, /* autogen autogen priority:high */

	This is not very extensible as the number of annotations grows.
	Change it to use

	    /**
	     * @generate: both
	     * @priority: high
	     */
	   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247,

2013-04-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix setting of memory tunables
	Refactoring done in 19c6ad9ac7e7eb2fd3c8262bff5f087b508ad07f didn't
	correctly take into account the order cgroup limit modification needs to
	be done in. This resulted into errors when decreasing the limits.

	The operations need to take place in this order:

	decrease hard limit
	change swap hard limit

	or

	change swap hard limit
	increase hard limit

	This patch also fixes the check if the hard_limit is less than
	swap_hard_limit to print better error messages. For this purpose I
	introduced a helper function virCompareLimitUlong to compare limit
	values where value of 0 is equal to unlimited. Additionally the check is
	now applied also when the user does not provide all of the tunables
	through the API and in that case the currently set values are used.

	This patch resolves:
	https://bugzilla.redhat.com/show_bug.cgi?id=950478

2013-04-22  Jiri Denemark  <jdenemar@redhat.com>

	logging: Make log regexp more compact (and readable)

2013-04-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore libvirt logs when reading QEMU error output
	When QEMU fails to start, libvirt read its error output and reports it
	back in an error message. However, when libvirtd is configured to log
	debug messages, one would get the following unhelpful garbage:

	    virsh # start cd
	    error: Failed to start domain cd
	    error: internal error process exited while connecting to monitor: \
	      2013-04-22 14:24:54.214+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 21
	    2013-04-22 14:24:54.214+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 27
	    2013-04-22 14:24:54.215+0000: 2194219: debug : virFileClose:72 : \
	      Closed fd 3
	    2013-04-22 14:24:54.215+0000: 2194220: debug : virExec:602 : Run \
	      hook 0x7feb8f600bf0 0x7feb86ef9300
	    2013-04-22 14:24:54.215+0000: 2194220: debug : qemuProcessHook:2507 \
	      : Obtaining domain lock
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virDomainLockProcessStart:170 : plugin=0x7feb780261f0 \
	      dom=0x7feb7802a360 paused=1 fd=0x7feb86ef8ec4
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virDomainLockManagerNew:128 : plugin=0x7feb780261f0 \
	      dom=0x7feb7802a360 withResources=1
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virLockManagerPluginGetDriver:297 : plugin=0x7feb780261f0
	    2013-04-22 14:24:54.216+0000: 2194220: debug : \
	      virLockManagerNew:321 : driver=0x7feb8ef08640 type=0 nparams=5 \
	      params=0x7feb86ef8d60 flags=0
	    2013-04-22 14:24:54.216+000

	instead of (the output with this patch applied):

	    virsh # start cd
	    error: Reconnected to the hypervisor
	    error: Failed to start domain cd
	    error: internal error process exited while connecting to monitor: \
	      char device redirected to /dev/pts/33 (label charserial0)
	    qemu-system-x86_64: -drive file=/home/vm/systemrescuecd-x86-1.2.0.\
	      iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw,cache=none: \
	      could not open disk image /home/vm/systemrescuecd-x86-1.2.0.iso: \
	      Permission denied

2013-04-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Move QEMU log reading into a separate function

2013-04-22  Gene Czarcinski  <gene@czarc.net>

	update input ip processing
	1. Handle invalid ULong prefix specified.
	When parsing for @prefix as a ULong, a -2 can be returned
	if the specification is not a valid ULong.

	2.  Error out if address= is not specified.

	3.  Merge netmask process/tests under family tests.

	4. Max sure that prefix does not exceed maximum.
	.

2013-04-22  Gene Czarcinski  <gene@czarc.net>

	create virSocketAddrGetIpPrefix utility function
	Create the utility function virSocketAddrGetIpPrefix() to
	determine the prefix for this network.  The code in this
	function was adapted from virNetworkIpDefPrefix().

	Update virNetworkIpDefPrefix() in src/conf/network_conf.c
	to use the new utility function.

2013-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Replace more cases of /system with /machine
	The change in commit aed4986322fe77bdf718e31a0587d00f04f3d97a
	was incomplete, missing a couple of cases of /system. This
	caused failure to start VMs.

2013-04-22  Harry Wei  <harryxiyou@gmail.com>

	sheepdog: Omit braces with a single-line body
	libvirt/HACKING suggests omitting braces with a
	single-line body; this patch fixes the coding style
	problem for the Sheepdog storage backend driver.

2013-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Change default resource partition to /machine
	After discussions with systemd developers it was decided that
	a better default policy for resource partitions is to have
	3 default partitions at the top level

	   /system   - system services
	   /machine - virtual machines / containers
	   /user    - user login session

	This ensures that the default policy isolates guest from
	user login sessions & system services, so a mis-behaving
	guest can't consume 100% of CPU usage if other things are
	contending for it.

	Thus we change the default partition from /system to
	/machine

2013-04-22  Osier Yang  <jyang@redhat.com>

	qemu: Fix the wrong expression
	Wrong use of the parentheses causes "rc" always having a boolean value,
	either "1" or "0", and thus we can't get the detailed error message
	when it fails:

	Before (I only have 1 node):
	% virsh numatune f18 --nodeset 12
	error: Unable to change numa parameters
	error: unable to set numa tunable: Unknown error -1

	After:
	virsh numatune f18 --nodeset 12
	error: Unable to change numa parameters
	error: unable to set numa tunable: Invalid argument

2013-04-19  Eric Blake  <eblake@redhat.com>

	docs: fix usage of 'onto'
	http://www.uhv.edu/ac/newsletters/writing/grammartip2009.07.01.htm
	(and several other sites) give hints that 'onto' is best used if
	you can also add 'up' just before it and still make sense. In many
	cases in the code base, we really want the two-word form, or even
	a simplification to just 'on' or 'to'.

	* docs/hacking.html.in: Use correct 'on to'.
	* python/libvirt-override.c: Likewise.
	* src/lxc/lxc_controller.c: Likewise.
	* src/util/virpci.c: Likewise.
	* daemon/THREADS.txt: Use simpler 'on'.
	* docs/formatdomain.html.in: Better usage.
	* docs/internals/rpc.html.in: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* tests/qemumonitortestutils.c: Likewise.
	* HACKING: Regenerate.

2013-04-19  Eric Blake  <eblake@redhat.com>

	audit: properly encode device path in cgroup audit
	https://bugzilla.redhat.com/show_bug.cgi?id=922186

	Commit d04916fa introduced a regression in audit quality - even
	though the code was computing the proper escaped name for a
	path, it wasn't feeding that escaped name on to the audit message.
	As a result, /var/log/audit/audit.log would mention a pair of
	fields class=path path=/dev/hpet instead of the intended
	class=path path="/dev/hpet", which in turn caused ausearch to
	format the audit log with path=(null).

	* src/conf/domain_audit.c (virDomainAuditCgroupPath): Use
	constructed encoding.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: rename CheckSlot to SlotInUse
	Also change its return value from int to bool.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: switch PCI address set from hash table to an array
	Each bus is represented as an array of 32 8-bit integers
	where each bit represents a PCI function and each byte represents
	a PCI slot.

	Uses just one bus so far.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	conf: add model attribute to virDomainDefMaybeAddController

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: move PCI address check out of qemuPCIAddressAsString
	Create a new function qemuPCIAddressValidate and call it everywhere
	the user might supply an incorrect address:
	* qemuCollectPCIAddress for domain definition
	* qemuDomainPCIAddressEnsureAddr and ReleaseSlot for hotplug

	Slot and function shouldn't be wrong at this point, since values
	out of range should be rejected by the XML parser.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: QEMU_PCI constant consistency
	Change QEMU_PCI_ADDRESS_LAST_SLOT to the number of slots in the bus,
	not the maximum slot value, to match QEMU_PCI_ADDRESS_LAST_FUNCTION
	and rename them both to have _LAST at the end.

	qemu: print PCI address hexadecimally in errors
	Use the same formatting as we do for XML in error and debug outputs.

	qemu: make qemuComparePCIDevice aware of multiple buses
	Bus and domain need to be checked as well, otherwise we might
	get false positives when searching for multi-function devices.

2013-04-19  Peter Krempa  <pkrempa@redhat.com>

	conf: Reword error message to be more universal
	The error message reported when attempting to change/get persistent
	configuration of a transient domain suggests that changes are being
	made. Reword it to suit getter APIs too.

	Before:
	$ virsh vcpucount transient-domain --config
	error: Requested operation is not valid: cannot change persistent config of a transient domain

	After:
	$ virsh vcpucount transient-domain --config
	error: Requested operation is not valid: transient domains do not have any persistent config

2013-04-19  Peter Krempa  <pkrempa@redhat.com>

	network: bridge_driver: don't lose transient networks on daemon restart
	Until now tranisent networks weren't really useful as libvirtd wasn't
	able to remember them across restarts. This patch adds support for
	loading status files of transient networks (that already were generated)
	so that the status isn't lost.

	This patch chops up virNetworkObjUpdateParseFile and turns it into
	virNetworkLoadState and a few friends that will help us to load status
	XMLs and refactors the functions that are loading the configs to use
	them.

2013-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Rename PowerPCUpdate and PowerPCDataFree functions
	For consistency with other functions in PowerPC CPU driver, the two
	functions are renamed as ppcUpdate and ppcDataFree, respectively.

	cpu: Remove hardcoded list of PowerPC models
	The cpu_map.xml file is there to separate CPU model definitions from the
	code. Having the only interesting data for PowerPC models only in the
	source code. This patch moves this data to the XML file and removes the
	hardcoded list completely.

2013-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Reimplement PowerPCDecode
	PowerPC CPUs are either identical or incompatible and thus we just need
	to look up the right model for given PVR without pretending we have
	several candidates which we may choose from.

	The function is also renamed as ppcDecode to match other functions in
	PowerPC CPU driver.

2013-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Reimplement PowerPCBaseline
	Baseline API is supposed to return guest CPU definition that can be used
	on any of the provided host CPUs. Since PowerPC CPUs are either
	identical or incompatible, the API just needs to check that all provided
	CPUs are identical. Previous implementation was completely bogus.

	The function is also renamed as ppcBaseline to match other functions in
	PowerPC CPU driver.

2013-04-19  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Fix loading PowerPC vendor from cpu_map.xml
	When ppcVendorLoad fails to parse the vendor element for whatever
	reason, it is supposed to ignore it and return 0 rather than -1. The
	patch also removes PowerPC vendor string from the XML as it is not
	actually used for anything.

	cpu: Fix PowerPCNodeData
	Make getting node CPU data for PowerPC unsupported on other
	architectures. The function is also renamed as ppcNodeData to match
	other functions in PowerPC CPU driver.

	cpu: Make comparing PowerPC CPUs easier to read
	Revert the condition to make it easier to read. The function is also
	renamed as ppcCompare to match other functions in PowerPC CPU driver.

	cpu: Introduce cpuModelIsAllowed internal API
	The API can be used to check if the model is on the supported models
	list, which needs to be done in several places.

2013-04-19  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Refactor cmdVcpucount and fix output on inactive domains
	This patch factors out the vCPU count retrieval including fallback means
	into vshCPUCountCollect() and removes the duplicated code to retrieve
	individual counts.

	The --current flag (this flag is assumed by default) now works also with
	--maximum or --active without the need to explicitly specify the state
	of the domain that is requested.

	This patch also fixes the output of "virsh vcpucount domain" on inactive
	domains:

	Before:
	$ virsh vcpucount domain
	maximum      config         4
	error: Requested operation is not valid: domain is not running
	current      config         4
	error: Requested operation is not valid: domain is not running

	After:
	$virsh vcpucount domain
	maximum      config         4
	current      config         4

	.. and for transient domains too:

	Before:
	$ virsh vcpucount transient-domain
	error: Requested operation is not valid: cannot change persistent config of a transient domain
	maximum      live           3
	error: Requested operation is not valid: cannot change persistent config of a transient domain
	current      live           1

	After:
	$ virsh vcpucount transient-domain
	maximum      live           3
	current      live           1

2013-04-19  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Set legacy USB option with default for ppc64.
	Currently, -device xxx still doesn't work well for ppc64 platform.
	It's better use legacy USB option with default for ppc64.

2013-04-19  Ján Tomko  <jtomko@redhat.com>

	qemu: fix default spice password setting
	Set spice password even if default VNC password hasn't been set.

	https://bugzilla.redhat.com/show_bug.cgi?id=953720

2013-04-18  Paolo Bonzini  <pbonzini@redhat.com>

	qemu_conf: add new configuration key bridge_helper

2013-04-18  Paolo Bonzini  <pbonzini@redhat.com>

	util: allow using virCommandAllowCap with setuid helpers
	When running unprivileged, virSetUIDGIDWithCaps will fail because it
	tries to add the requested capabilities to the permitted and effective
	sets.

	Detect this case, and invoke the child with cleared permitted and
	effective sets.  If it is a setuid program, it will get them.

	Some care is needed also because you cannot drop capabilities from the
	bounding set without CAP_SETPCAP.  Because of that, ignore errors from
	setting the bounding set.

2013-04-18  Paolo Bonzini  <pbonzini@redhat.com>

	util: simplify virSetUIDGIDWithCaps
	The need_prctl variable is not really needed.  If it is false,
	capng_apply will be called twice with the same set, causing
	a little extra work but no problem.  This keeps the code a bit
	simpler.

	It is also clearer to invoke capng_apply(CAPNG_SELECT_BOUNDS)
	separately, to make sure it is done while we have CAP_SETPCAP.

2013-04-18  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Report errors on invalid --holdtime value for cmdSendKey
	Using of a incorrect value for the --holdtime option was silently
	ignored and 0 was used. In case a negative number was used, it
	overflowed as the API expects a unsigned int.

	Fix the data type and getter function type and report errors on
	incorrect values.

2013-04-18  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Clean up cmdSendKey
	Rename the get_integer_keycode helper to vshKeyCodeGetInt and get rid of
	a unneeded typecast.

2013-04-18  Tal Kain  <tal.kain@ravellosystems.com>

	qemu: simplify use of virArchFromHost
	Reusing the result of virArchFromHost instead of calling it multiple times

2013-04-18  Laine Stump  <laine@laine.org>

	rng: tighten up domain <controller> schema
	The rng schema for <controller> had been non-specific about which
	types of controllers allowed which models, and also allowed the
	num_queues attribute (since that hasn't been released yet, should we
	rename it to "numQueues"?) and <master> subelement to be included for
	any controller type. In reality, half of the models are allowed only
	for type='scsi', and the other half only for type='usb', num_queues is
	allowed only for type='scsi', and <master> only for type='usb'.

	This patch makes a separate <group> for type='scsi' and type='usb',
	with each group allowing only the appropriate model values, and
	allowing num_queue and <master> only when appropriate.

	<interleave> also hadn't been specified, forcing a specific order of
	subelements, which should never be done. (Note that the <interleave>
	had to surround the main element attributes that are in the <group>
	subelements, due to one of the <group>s containing a subelement).

2013-04-18  Peter Krempa  <pkrempa@redhat.com>

	network: remove autostart flag from network when undefining it
	When turning a started persistent network into a transient one we forgot
	to remove the autostart flag that is no longer valid at that point.

2013-04-18  Osier Yang  <jyang@redhat.com>

	docs: Update HACKING
	To tell libvirt-{qemu,lxc}.h shouldn't be included either.

	syntax-check: Only allows to include public headers in external tools
	With this patch, include public headers in "" form is only allowed
	for "internal.h". And only the external tools (examples|tools|python
	|include/libvirt) can include the public headers in <> form.

	syntax-check: Don't include public headers in internal source
	Directories python/tools/examples should include them in <> form,
	though this patch allows "" form in these directories by excluding
	them, a later patch will do the cleanup.

	syntax-check: Don't include duplicate header
	gnulib is excluded.

2013-04-17  Ján Tomko  <jtomko@redhat.com>

	conf: fix comment about parsing graphics listen address

2013-04-17  Osier Yang  <jyang@redhat.com>

	remote: Revert removing "libvirt/libvirt.h" in remote_protocol.x
	Commit 2d25fd4f410f removed the including of "libvirt/libvirt.h",
	which breaks the build. Pushed under build-breaker rule.

2013-04-17  Osier Yang  <jyang@redhat.com>

	qemu: Allow the disk wwn to have "0x" prefix
	The recent qemu requires "0x" prefix for the disk wwn, this patch
	changes virValidateWWN to allow the prefix, and prepend "0x" if
	it's not specified. E.g.

	qemu-kvm: -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
	drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,wwn=6000c60016ea71ad:
	Property 'scsi-hd.wwn' doesn't take value '6000c60016ea71ad'

	Though it's a qemu regression, but it's nice to allow the prefix,
	and doesn't hurt for us to always output "0x".

2013-04-17  Osier Yang  <jyang@redhat.com>

	cleanup: Don't include libvirt/virterror.h
	Which is already included in "internal.h", later patch will add
	syntax-check to avoid it.

	cleanup: Don't include libvirt/libvirt.h
	Which is already included by "internal.h", later patch will add
	syntax-check to avoid it.

2013-04-17  Osier Yang  <jyang@redhat.com>

	cleanup: Remove the duplicate header
	Detected by a simple Shell script:

	for i in $(git ls-files -- '*.[ch]'); do
	    awk 'BEGIN {
	        fail=0
	    }
	    /# *include.*\.h/{
	        match($0, /["<][^">]*[">]/)
	        arr[substr($0, RSTART+1, RLENGTH-2)]++
	    }
	    END {
	        for (key in arr) {
	            if (arr[key] > 1) {
	                fail=1
	                printf("%d %s\n", arr[key], key)
	            }
	        }
	        if (fail == 1)
	            exit 1
	    }' $i

	    if test $? != 0; then
	        echo "Duplicate header(s) in $i"
	    fi
	done;

	A later patch will add the syntax-check to avoid duplicate
	headers.

2013-04-17  Osier Yang  <jyang@redhat.com>

	cleanup: Only include testutils.h once
	No reason to include it in both "if" and "else" branches.

2013-04-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix compilation error in util/vircgroup.c
	Fix the error

	util/vircgroup.c: In function 'virCgroupNewDomainPartition':
	util/vircgroup.c:1299:11: error: declaration of 'dirname' shadows a global declaration [-Werror=shadow]

2013-04-16  John Ferlan  <jferlan@redhat.com>

	Fix build breaker with ATTRIBUTE_NONNULL defs
	Using "./autogen.sh --system lv_cv_static_analysis=yes" for my daily
	Coverity builds resulted in the following error when building:

	In file included from util/vircgrouppriv.h:32:0,
	                 from util/vircgroup.c:44:
	util/vircgroup.h:59:5: error: nonnull argument with out-of-range operand number (argument 1, operand 5)
	util/vircgroup.h:74:5: error: nonnull argument references non-pointer operand (argument 1, operand 4)
	make[3]: *** [libvirt_util_la-vircgroup.lo] Error 1
	make[3]: Leaving directory `/home/jferlan/libvirt.cov.curr/src'
	make[2]: *** [all] Error 2
	make[2]: Leaving directory `/home/jferlan/libvirt.cov.curr/src'
	make[1]: *** [all-recursive] Error 1
	make[1]: Leaving directory `/home/jferlan/libvirt.cov.curr'
	make: *** [all] Error 2

2013-04-16  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error
	Commit id '1acfc171' resulted in the following valgrind failure:

	==25317== 136 (24 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 4
	==25317==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==25317==    by 0x4C6F851: virAlloc (viralloc.c:124)
	==25317==    by 0x4C71493: virBitmapNew (virbitmap.c:74)
	==25317==    by 0x4C71B79: virBitmapNewData (virbitmap.c:434)
	==25317==    by 0x402EF2: test8 (virbitmaptest.c:436)
	==25317==    by 0x40499F: virtTestRun (testutils.c:157)
	==25317==    by 0x402E8D: mymain (virbitmaptest.c:474)
	==25317==    by 0x404FDA: virtTestMain (testutils.c:719)
	==25317==    by 0x39D0821A04: (below main) (in /usr/lib64/libc-2.16.so)

2013-04-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Check for unsupported QMP command
	Check for an unsupported QMP command when using the query-tpm-models
	and query-tpm-types commands before checking for general errors
	in order to avoid error messages in the log.

	Revert checking for QMP query-tpm-models
	Revert the patch checking for the QMP query-tpm-models
	command.

2013-04-16  Peter Krempa  <pkrempa@redhat.com>

	qemu_agent: Add support for appending arrays to commands
	Add support for array elements for agent commands just like 64d5e815 did for
	monitor commands

	lib: Fix docs about return value of virDomainGetVcpusFlags()
	The return value description stated that 0 is returned in case of success
	instead of the count of vCPUs.

2013-04-15  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Check for QMP query-tpm-models
	Check for QMP query-tpm-models and set a capability flag. Do not use
	this QMP command if it is not supported.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for perf_event and net_cls cgroup controllers

	Replace LXC cgroup mount code with call to virCgroupIsolateMount
	The LXC driver currently has code to detect cgroups mounts
	and then re-mount them inside the new root filesystem. Replace
	this fragile code with a call to virCgroupIsolateMount.

	Add an API for re-mounting cgroups, to isolate the process location
	Add a virCgroupIsolateMount method which looks at where the
	current process is place in the cgroups (eg /system/demo.lxc.libvirt)
	and then remounts the cgroups such that this sub-directory
	becomes the root directory from the current process' POV.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Track symlinks for co-mounted cgroup controllers
	If a cgroup controller is co-mounted with another, eg

	   /sys/fs/cgroup/cpu,cpuacct

	Then it is a requirement that there exist symlinks at

	   /sys/fs/cgroup/cpu
	   /sys/fs/cgroup/cpuacct

	pointing to the real mount point. Add support to virCgroupPtr
	to detect and track these symlinks

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove non-functional code for setting up non-root cgroups
	The virCgroupNewDriver method had a 'bool privileged' param.
	If a false value was ever passed in, it would simply not
	work, since non-root users don't have any privileges to create
	new cgroups. Just delete this broken code entirely and make
	the QEMU driver skip cgroup setup in non-privileged mode

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Change default cgroup layout for QEMU/LXC and honour XML config
	Historically QEMU/LXC guests have been placed in a cgroup layout
	that is

	   $LOCATION-OF-LIBVIRTD/libvirt/{qemu,lxc}/$VMNAME

	This is bad for a number of reasons

	 - The cgroup hierarchy gets very deep which seriously
	   impacts kernel performance due to cgroups scalability
	   limitations.

	 - It is hard to setup cgroup policies which apply across
	   services and virtual machines, since all VMs are underneath
	   the libvirtd service.

	To address this the default cgroup location is changed to
	be

	    /system/$VMNAME.{lxc,qemu}.libvirt

	This puts virtual machines at the same level in the hierarchy
	as system services, allowing consistent policy to be setup
	across all of them.

	This also honours the new resource partition location from the
	XML configuration, for example

	  <resource>
	    <partition>/virtualmachines/production</partitions>
	  </resource>

	will result in the VM being placed at

	    /virtualmachines/production/$VMNAME.{lxc,qemu}.libvirt

	NB, with the exception of the default, /system, path which
	is intended to always exist, libvirt will not attempt to
	auto-create the partitions in the XML. It is the responsibility
	of the admin/app to configure the partitions. Later libvirt
	APIs will provide a way todo this.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Add XML config for resource partitions
	Allow VMs to be placed into resource groups using the
	following syntax

	  <resource>
	    <partition>/virtualmachines/production</partition>
	  </resource>

	A resource cgroup will be backed by some hypervisor specific
	functionality, such as cgroups with KVM/LXC.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Add a new virCgroupNewPartition for setting up resource partitions
	A resource partition is an absolute cgroup path, ignoring the
	current process placement. Expose a virCgroupNewPartition API
	for constructing such cgroups

	Cleanup if creating cgroup directories fails
	Currently if virCgroupMakeGroup fails, we can get in a situation
	where some controllers have been setup, but others not. Ensure
	we call virCgroupRemove to remove what we've done upon failure

	Add misc extra debugging into cgroups code

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Refactor cgroups internal data structures
	Currently the virCgroupPtr struct contains 3 pieces of
	information

	 - path - path of the cgroup, relative to current process'
	   cgroup placement
	 - placement - current process' placement in each controller
	 - mounts - mount point of each controller

	When reading/writing cgroup settings, the path & placement
	strings are combined to form the file path. This approach
	only works if we assume all cgroups will be relative to
	the current process' cgroup placement.

	To allow support for managing cgroups at any place in the
	heirarchy a change is needed. The 'placement' data should
	reflect the absolute path to the cgroup, and the 'path'
	value should no longer be used to form the paths to the
	cgroup attribute files.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Add a test suite for cgroups functionality
	Some aspects of the cgroups setup / detection code are quite subtle
	and easy to break. It would greatly benefit from unit testing, but
	this is difficult because the test suite won't have privileges to
	play around with cgroups. The solution is to use monkey patching
	via LD_PRELOAD to override the fopen, open, mkdir, access functions
	to redirect access of cgroups files to some magic stubs in the
	test suite.

	Using this we provide custom content for the /proc/cgroup and
	/proc/self/mounts files which report a fixed cgroup setup. We
	then override open/mkdir/access so that access to the cgroups
	filesystem gets redirected into files in a temporary directory
	tree in the test suite build dir.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Rename virCgroupForXXX to virCgroupNewXXX
	Rename all the virCgroupForXXX methods to use the form
	virCgroupNewXXX since they are all constructors. Also
	make sure the output parameter is the last one in the
	list, and annotate all pointers as non-null. Fix up
	all callers, and make sure they use true/false not 0/1
	for the boolean parameters

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Pull definition of structs out of vircgroup.c to vircgrouppriv.h
	The definition of structs for cgroups are kept in vircgroup.c since
	they are intended to be private from users of the API. To enable
	effective testing, however, they need to be accessible. To address
	the latter issue, without compronmising the former, this introduces
	a new vircgrouppriv.h file to hold the struct definitions.

	To prevent other files including this private header, it requires
	that __VIR_CGROUP_ALLOW_INCLUDE_PRIV_H__ be defined before inclusion

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Store a virCgroupPtr instance in virLXCDomainObjPrivatePtr
	Instead of calling virCgroupForDomain every time we need
	the virCgrouPtr instance, just do it once at Vm startup
	and cache a reference to the object in virLXCDomainObjPrivatePtr
	until shutdown of the VM. Removing the virCgroupPtr from
	the LXC driver state also means we don't have stale mount
	info, if someone mounts the cgroups filesystem after libvirtd
	has been started

	Store a virCgroupPtr instance in qemuDomainObjPrivatePtr
	Instead of calling virCgroupForDomain every time we need
	the virCgrouPtr instance, just do it once at Vm startup
	and cache a reference to the object in qemuDomainObjPrivatePtr
	until shutdown of the VM. Removing the virCgroupPtr from
	the QEMU driver state also means we don't have stale mount
	info, if someone mounts the cgroups filesystem after libvirtd
	has been started

	Add missing param to virCgroupForDriver stub
	The virCgroupForDriver method recently gained an 'int controllers'
	parameter, but the stub impl did not

	Introduce a virFileDeleteTree method
	Introduce a method virFileDeleteTree for recursively deleting
	an entire directory tree

	Conditionally compile storagevolxml2argvtest
	Only compile storagevolxml2argvtest if WITH_STORAGE is
	set, because it links to that driver

	Conditionalize use of symlink() function in test suite
	On Win32 symlink() is not available, so virstoragetest.c
	must be conditionalized to avoid compile failures.

	Fix signature of dummy virNetlinkCommand stub
	The second param of virNetlinkCommand should be
	struct nlmsghdr, not unsigned char.

	Add empty stub for virThreadCancel on Win32
	Win32 does not like undefined symbols, so define an
	empty virThreadCancel impl.

	Don't enable -fPIE on Win32 platforms
	On win32, all code is position independent and adding -fPIE
	to the compiler flags results in warnings being printed

2013-04-15  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Upstream gnulib determined that we were needlessly compiling in
	gnulib's regex instead of glibc's when targetting new-enough glibc,
	because the m4 test was being too strict in requiring a particular
	answer to undefined behavior.
	https://lists.gnu.org/archive/html/bug-gnulib/2013-04/msg00032.html

	* .gnulib: Update to latest, for regex.

2013-04-15  Osier Yang  <jyang@redhat.com>

	Use unsigned int instead of unsigned
	Though they are the same thing, mixed use of them is uncomfortable.
	"unsigned" is used a lot in old codes, this just tries to change the
	ones in utils.

2013-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Do more complete initialization of libgcrypt
	If libvirt makes any gcry_control() calls, then this
	prevents gnutls for doing any initialization. As such
	we must take care to do full initialization of libcrypt
	on a par with what gnutls would have done. In particular
	we must disable "sec mem" for cases where the user does
	not have mlock() permission. We also skip our init of
	libgcrypt if something else (ie the app using libvirt)
	has beaten us to it.

	https://bugzilla.redhat.com/show_bug.cgi?id=951630

2013-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Report also domain name in error message when domain object wasn't found
	Report the errors as:
	Domain not found: no domain with matching uuid '41414141-4141-4141-4141-414141414141' (crashtest)
	instead of:
	Domain not found: no domain with matching uuid '41414141-4141-4141-4141-414141414141'

2013-04-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor lookup of domain object
	Use the helper to lookup the domain object in the remaining places.

	This patch also fixes error reporting when the domain was not found in several
	functions that were printing the raw UUID buffer instead of the formatted
	string. The offending functions were:

	qemuDomainGetInterfaceParameters
	qemuDomainSetInterfaceParameters
	qemuGetSchedulerParametersFlags
	qemuSetSchedulerParametersFlags
	qemuDomainGetNumaParameters
	qemuDomainSetNumaParameters
	qemuDomainGetMemoryParameters
	qemuDomainSetMemoryParameters
	qemuDomainGetBlkioParameters
	qemuDomainSetBlkioParameters
	qemuDomainGetCPUStats

2013-04-13  Osier Yang  <jyang@redhat.com>

	storage: Fix the indention
	Pushed under trivial rule

	cleanup: Change datatype of net->stp to boolean

	cleanup: Change datatype of usbdev->allow to boolean

	cleanup: Change datatype of graphic's members to boolean

	cleanup: Change datatype of accel's members to boolean

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test case for TPM passthrough
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	TPM support for QEMU command line
	For TPM passthrough device support create command line parameters like:

	-tpmdev passthrough,id=tpm-tpm0,path=/dev/tpm0,cancel-path=/sys/class/misc/tpm0/device/cancel -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	QEMU Cgroup support for TPM passthrough
	Some refactoring for virDomainChrSourceDef type of devices so
	we can use common code.

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Audit the starting of a guest using TPM passthrough
	When a VM with a TPM passthrough device is started, the audit daemon
	logs the following type of message:

	type=VIRT_RESOURCE msg=audit(1365170222.460:3378): pid=16382 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm resrc=dev reason=start vm="TPM-PT" uuid=a4d7cd22-da89-3094-6212-079a48a309a1 device="/dev/tpm0" exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add SELinux and DAC labeling support for TPM passthrough
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

	Convert QMP strings into QEMU capability bits
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Parse TPM passthrough XML in the domain XML
	Parse the domain XML with TPM passthrough support.
	The TPM passthrough XML may look like this:

	    <tpm model='tpm-tis'>
	      <backend type='passthrough'>
	        <device path='/dev/tpm0'/>
	      </backend>
	    </tpm>


	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Helper functions for host TPM support
	Implement helper function to create the TPM's sysfs cancel file.

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation and schema for TPM passthrough
	Supported TPM passthrough XML may look as follows:

	    <tpm model='tpm-tis'>
	      <backend type='passthrough'>
	        <device path='/dev/tpm0'/>
	      </backend>
	    </tpm>

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add function to find a needle in a string array
	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add QMP probing for TPM
	Probe for QEMU's QMP TPM support by querying the lists of
	supported TPM models (query-tpm-models) and backend types
	(query-tpm-types).

	The setting of the capability flags following the strings
	returned from the commands above is only provided in the
	patch where domain_conf.c gets TPM support due to dependencies
	on functions only introduced there.

	Reviewed-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
	Tested-by: Corey Bryant <coreyb@linux.vnet.ibm.com>

2013-04-12  Peter Krempa  <pkrempa@redhat.com>

	conf: Allow for non-contiguous device boot orders
	This patch adds the ability to configure non-contiguous boot orders on boot
	devices. This allows unplugging devices that have boot order specified without
	breaking migration.

	The new code now uses a slightly less memory efficient approach to store the
	boot order fields in a hashtable instead of a bitmap.

2013-04-12  Daniel P. Berrange  <berrange@redhat.com>

	Tweak EOF handling of streams
	Typically when you get EOF on a stream, poll will return
	POLLIN|POLLHUP at the same time. Thus when we deal with
	stream reads, if we see EOF during the read, we can then
	clear the VIR_STREAM_EVENT_HANGUP & VIR_STREAM_EVENT_ERROR
	event bits.

2013-04-12  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add USB option capability
	To avoid the collision for creating USB controllers in machine->init()
	and -device xx command line, it needs to set usb=off to avoid one USB
	controller created in machine->init(). So that libvirt can use -device
	or -usb to create USB controller sucessfully.
	So QEMU_CAPS_MACHINE_USB_OPT capability is added, and it is for QEMU
	v1.3.0 onwards which supports USB option.

2013-04-12  John Ferlan  <jferlan@redhat.com>

	Add error handling to optional arguments in cmdCPUStats

	Remove extraneous comma in info_cpu_stats and opts_cpu_stats

2013-04-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not report unsafe migration for local files
	When migrating a domain with disk images stored locally (and using
	storage migration), we should not complain about unsafe migration no
	matter what cache policy is used for that disk.

2013-04-11  Peter Krempa  <pkrempa@redhat.com>

	virsh: Document that using incomplete XML files may have unexpected results
	Explicitly state that using incomplete XML definition snippets for hot-management
	commands may have unexpected results due to autogenerating values for some of
	the fields if they aren't specified explicitly.

	qemu: Try to use QMP for send-key if supported
	Instead of always using HMP use the QMP send-key command introduced in qemu 1.3.

2013-04-11  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Update list of shutdown/reboot modes
	As of 76d9f65644 we are supporting two new modes: initctl and signal.
	However, these are missing in help listing.

2013-04-11  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set correct migrate host in client_migrate_info
	https://bugzilla.redhat.com/show_bug.cgi?id=920441

	Currently, we are discarding listen attribute from qemu cookie even though
	we strive to gather it. This result in not so cool bug: if user have
	different networks, one for management/migration, and one for VNC/SPICE we
	pass incorrect host to the qemu in client_migrate_info. What we actually
	pass is remote hostname, while we should be passing remote listen address.
	It doesn't matter as long as these two are the same, but they don't need
	necessary to be like that.

2013-04-11  Ján Tomko  <jtomko@redhat.com>

	qemu: fix crash in qemuOpen
	If the path part of connection URI is not present, cfg is used
	unitialized.

	https://bugzilla.redhat.com/show_bug.cgi?id=950855

2013-04-11  Ján Tomko  <jtomko@redhat.com>

	conf: fix error for parallel port mismatch

2013-04-11  Osier Yang  <jyang@redhat.com>

	cleanup: Change datatype of secret->private to boolean

	cleanup: Change datatype of secret->ephemeral to boolean

	cleanup: Change datatype of fs->readonly to boolean

	cleanup: Change datatype of disk->readonly to boolean

	cleanup: Change datatype of disk->transient to boolean

	cleanup: Change datatype of disk->shared to boolean

	cleanup: Change datatype of auth->expires to boolean

	cleanup: Change datatype of hostdev->missing to boolean

	Cleanup: Change datatype of origstate's members to boolean
	Members of struct virPCIDevice are changed together.

	Cleanup: Change datatype of hostdev->managed to boolean

2013-04-11  Guannan Ren  <gren@redhat.com>

	conf: fix a memory leak when parsing nat port XML nodes
	 ==5306== 8 bytes in 1 blocks are definitely lost in loss record 24 of 277
	 ==5306==    at 0x4C28B2F: calloc (vg_replace_malloc.c:593)
	 ==5306==    by 0x5293CAF: virAllocN (viralloc.c:152)
	 ==5306==    by 0x52DFEAE: virXPathNodeSet (virxml.c:611)
	 ==5306==    by 0x5313DD9: virNetworkDefParseXML (network_conf.c:1408)
	 ==5306==    by 0x53170F6: virNetworkObjUpdateParseFile (network_conf.c:2031)
	 ==5306==    by 0x131DA63C: networkStartup (bridge_driver.c:279)
	 ==5306==    by 0x53481DF: virStateInitialize (libvirt.c:822)
	 ==5306==    by 0x40DF44: daemonRunStateInit (libvirtd.c:877)
	 ==5306==    by 0x52D2FF5: virThreadHelper (virthreadpthread.c:161)
	 ==5306==    by 0x5D00C52: start_thread (in /usr/lib64/libpthread-2.17.so)
	 ==5306==    by 0x6410ECC: clone (in /usr/lib64/libc-2.17.so)

2013-04-10  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix race between looking up a domain object and freeing it
	This patch fixes crash of the daemon that happens due to the following race
	condition:

	Let's have two threads in the libvirtd daemon's qemu driver:
	A - thread executing undefine on the same domain
	B - thread executing a API call to get information about a domain

	Assume following serialization of operations done by the threads:
	1) A has the lock on the domain object and is executing some code prior to
	   virDomainObjListRemove()
	2) B takes the lock on the domain object list, looks up the domain object
	pointer and blocks in the attempt to lock the domain object as A is holding the
	lock
	3) A reaches virDomainObjListRemove() and unlocks the lock on the domain object
	4) A blocks on the attempt to get the domain list lock
	5) B is able to lock the domain object now and unlocks the domain list
	6) A is now able to lock the domain list, and sheds the last reference on the
	domain object, this triggers the freeing function.
	6) B starts executing the code on the pointer that is being freed
	7) The libvirtd daemon crashes while attempting to access invalid pointer in
	thread B.

	This patch fixes the race by acquiring a reference on the domain object before
	unlocking it in virDomainObjListRemove() and re-locks the object prior to
	removing and freeing it. This ensures that no thread holds a lock on the domain
	object at the time it is removed from the list, and that doing a list lookup
	will never find a domain that is about to vanish.

	This is a minimal fix of the problem, but a better solution will be to switch to
	full reference counting for domain objects.

2013-04-10  Eric Blake  <eblake@redhat.com>

	docs: fix typo when using Kerberos principals
	Kerberos uses 'primary' or 'key' files (principals), not 'abstract
	ideal' or 'rule' files (principles).  Reported by Jason Meinzer.

	Reflow a paragraph to fit in 80 columns in the process.

	* docs/auth.html.in: Fix spelling.

2013-04-09  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	While this update doesn't address any reported problems in libvirt,
	doing a post-release update to latest gnulib makes it easier to
	stay in sync with best upstream practices.

	* .gnulib: Update to latest.
	* bootstrap: Resynchronize.

2013-04-09  Laine Stump  <laine@laine.org>

	Fix crash in virNetDevGetVirtualFunctions
	Commit 9a3ff01d7f16cc280ce3176620c0714f55511a65 (which was ACKed at
	the end of January, but for some reason didn't get pushed until during
	the 1.0.4 freeze) fixed the logic in virPCIGetVirtualFunctions().
	Unfortunately, a typo in the fix (replacing VIR_REALLOC_N with
	VIR_ALLOC_N during code movement) caused not only a memory leak, but
	also resulted in most of the elements of the result array being
	replaced with NULL. virNetDevGetVirtualFunctions() assumed (and I think
	rightly so) that virPCIGetVirtualFunctions() wouldn't return any NULL
	elements in the array, so it ended up segfaulting.

	This was found when attempting to use a virtual network with an
	auto-created pool of SRIOV VFs, e.g.:

	    <forward mode='hostdev' managed='yes'>
	      <pf dev='eth4'/>
	    </forward>

	(the pool of PCI addresses is discovered by calling
	virNetDevGetVirtualFunctions() on the PF dev).

2013-04-09  Ján Tomko  <jtomko@redhat.com>

	docs: use MiB/s instead of Mbps for migration speed
	https://bugzilla.redhat.com/show_bug.cgi?id=948821

2013-04-09  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	schemas: Move PortNumber and sourceinfoadapter to basictypes.rng
	The definiton of scsi adapter in storagespool.rng (sourceinfoadapter)
	can be used by scsi hostdev in later patch. Move it to basictypes.rng.

	PortNumber is defined in both domaincommon.rng and storagespool.rng,
	simplify it by moving it to basictypes.rng.

2013-04-09  Osier Yang  <jyang@redhat.com>

	docs: Add the missed <pre> tag

2013-04-09  Han Cheng  <hanc.fnst@cn.fujitsu.com>

	conf: Change help function
	The helper function to look up disk controller model may be used by scsi
	hostdev. But it should be changed to use device info.

2013-04-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove now obsolete assignment of default network card model for s390 hosts
	This effectively reverts commit 539d73dbf64cb35558ffd3992f82e0b482cd0e70 as the
	changes aren't needed after introduction of the XML post parse callbacks.

	qemu: Clean up network device CLI generator
	With the default model assigned in the parse callback, this code is now obsolete.

2013-04-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Use correct default model on s390
	Commit a68d6726679323823ee5be47f0144e9ccffa0757 breaks networking on s390 as it
	changes the default network card model.

2013-04-09  Alex Jia  <ajia@redhat.com>

	sanlock: add missing test command in virt-sanlock-cleanup.in
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=949483

2013-04-08  Milos Vyletel  <milos.vyletel@sde.cz>

	Generate RFC4122 compliant UUIDs
	Even though http://libvirt.org/formatdomain.html#elementsMetadata
	states that it requires RFC4122 compliance UUIDs that are generated
	by virUUIDGenerate() are not. Following patch modifies generated
	UUIDs to conform to rules described in RFC.

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Unmount existing filesystems under user specified mounts in LXC
	If the user requests a mount for /run, this may hide any existing
	mounts that are lower down in /run. The result is that the
	container still sees the mounts in /proc/mounts, but cannot
	access them

	sh-4.2# df
	df: '/run/user/501/gvfs': No such file or directory
	df: '/run/media/berrange/LIVE': No such file or directory
	df: '/run/media/berrange/SecureDiskA1': No such file or directory
	df: '/run/libvirt/lxc/sandbox': No such file or directory
	Filesystem                      1K-blocks      Used Available Use% Mounted on
	/dev/mapper/vg_t500wlan-lv_root 151476396 135390200   8384900  95% /
	tmpfs                             1970888      3204   1967684   1% /run
	/dev/sda1                          194241    155940     28061  85% /boot
	devfs                                  64         0        64   0% /dev
	tmpfs                                  64         0        64   0% /sys/fs/cgroup
	tmpfs                             1970888      1200   1969688   1% /etc/libvirt-sandbox/scratch

	Before mounting any filesystem at a particular location, we
	must recursively unmount anything at or below the target mount
	point

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Move lxcContainerUnmountSubtree further up in file
	Ensure lxcContainerUnmountSubtree is at the top of the
	lxc_container.c file so it is easily referenced from
	any other method. No functional change

2013-04-08  Bogdan Purcareata  <bogdan.purcareata@freescale.com>

	Implement support for <hostdev caps=net>
	This allows a container-type domain to have exclusive access to one of
	the host's NICs.

	Wire <hostdev caps=net> with the lxc_controller - when moving the newly
	created veth devices into a new namespace, also look for any hostdev
	devices that should be moved. Note: once the container domain has been
	destroyed, there is no code that moves the interfaces back to the
	original namespace. This does happen, though, probably due to default
	cleanup on namespace destruction.

2013-04-08  Bogdan Purcareata  <bogdan.purcareata@freescale.com>

	Update structure & XML definitions to support <hostdev caps=net>
	This updates the definitions and supporting structures in the XML
	schema and domain configuration files.

2013-04-08  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require pod2man when running autoreconf
	Since commit b8a32e0e94d75702714167539310f0df4d268e0f, all man pages
	depend on configure.ac so that they are properly regenerated whenever
	libvirt version changes. Thus libvirt.spec needs to have a build
	dependency on pod2man when %{enable_autotools} is set.

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Rename virCgroupMounted to virCgroupHasController & make it more robust
	The virCgroupMounted method is badly named, since a controller can be
	mounted, but disabled in the current object. Rename the method to be
	virCgroupHasController. Also make it tolerant to a  NULL virCgroupPtr
	and out-of-range controller index, to avoid duplication of these
	checks in all callers

2013-04-08  Osier Yang  <jyang@redhat.com>

	qemu: Allow volume type disk for device 'lun'
	This allows one use block type volume as the disk source for device
	'lun'.

	qemu: Support sgio setting for volume type disk

	qemu: Support shareable volume type disk
	Since the source is already translated before. This just adds the
	checking. Move !disk->shared and !disk->src to improve the performance
	a bit.

2013-04-08  Osier Yang  <jyang@redhat.com>

	qemu: Translate the pool disk source earlier
	To support "shareable" for volume type disk, we have to translate
	the source before trying to add the shared disk entry. To achieve
	the goal, this moves the helper qemuTranslateDiskSourcePool into
	src/qemu/qemu_conf.c, and introduce an internal only member (voltype)
	for struct _virDomainDiskSourcePoolDef, to record the underlying
	volume type for use when building the drive string.

	Later patch will support "shareable" volume type disk.

2013-04-08  Osier Yang  <jyang@redhat.com>

	Support seclabels for volume type disk
	"seclabels" is only valid for 'file' or 'block' type storage volume.

	Support startupPolicy for 'volume' disk
	"startupPolicy" is only valid for file type storage volume, otherwise
	it fails on starting the domain.

	qemu: Translate the pool disk source when building drive string
	This adds a new helper qemuTranslateDiskSourcePool which uses the
	storage pool/vol APIs to translate the disk source before building
	the drive string. Network volume is not supported yet. Disk chain
	for volume type disk may be supported later, but before I'm confident
	it doesn't break anything, it's just disabled now.

2013-04-08  Osier Yang  <jyang@redhat.com>

	Introduce new XMLs to specify disk source using libvirt storage
	With this patch, one can specify the disk source using libvirt
	storage like:

	  <disk type='volume' device='disk'>
	    <driver name='qemu' type='raw' cache='none'/>
	    <source pool='default' volume='fc18.img'/>
	    <target dev='vdb' bus='virtio'/>
	  </disk>

	"seclabels" and "startupPolicy" are not supported for this new
	disk type ("volume"). They will be supported in later patches.

	docs/formatdomain.html.in:
	  * Add documents for new XMLs
	docs/schemas/domaincommon.rng:
	  * Add rng for new XMLs;
	src/conf/domain_conf.h:
	  * New struct for 'volume' type disk source (virDomainDiskSourcePoolDef)
	  * Add VIR_DOMAIN_DISK_TYPE_VOLUME for enum virDomainDiskType
	src/conf/domain_conf.c:
	  * New helper virDomainDiskSourcePoolDefParse to parse the 'volume'
	    type disk source.
	  * New helper virDomainDiskSourcePoolDefFree to free the source def
	    if 'volume' type disk.
	tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml:
	tests/qemuxml2xmltest.c:
	  * New test

2013-04-08  Osier Yang  <jyang@redhat.com>

	conf: New helper virDomainDiskSourceDefFormat to format the disk source
	The code to format disk source is long enough to have a helper.

	storage: Guess the parent if it's not specified for vHBA
	This finds the parent for vHBA by iterating over all the HBA
	which supports vport_ops capability on the host, and return
	the first one which is online, not saturated (vports in use
	is less than max_vports).

	storage: Add startPool and stopPool for scsi backend
	startPool creates the vHBA if it's not existed yet, stopPool destroys
	the vHBA. Also to support autostart, checkPool will creates the vHBA
	if it's not existed yet.

	util: Add helper to get the scsi host name by iterating over sysfs
	The helper iterates over sysfs, to find out the matched scsi host
	name by comparing the wwnn,wwpn pair. It will be used by checkPool
	and refreshPool of storage scsi backend. New helper getAdapterName
	is introduced in storage_backend_scsi.c, which uses the new util
	helper virGetFCHostNameByWWN to get the fc_host adapter name.

	phyp: Prohibit fc_host adapter for phyp driver
	It's possible to support fc_host adapter for phyp driver too, but
	at this stage I'd like to not allow it when I'm not that clear
	how it works.

	storage: Move virStorageBackendSCSIGetHostNumber into iscsi backend
	It's only used by iscsi backend.

	storage: Make the adapter name be consistent with node device driver
	node device driver names the HBA like "scsi_host5", but storage
	driver uses "host5", which could make the user confused. This
	changes them to be consistent. However, for back-compat reason,
	adapter name like "host5" is still supported.

2013-04-08  Osier Yang  <jyang@redhat.com>

	New XML attributes for storage pool source adapter
	This introduces 4 new attributes for storage pool source adapter.
	E.g.

	<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>

	Attribute 'type' can be either 'scsi_host' or 'fc_host', and defaults
	to 'scsi_host' if attribute 'name' is specified. I.e. It's optional
	for 'scsi_host' adapter, for back-compat reason. However, mandatory
	for 'fc_host' adapter and any new future adapter types. Attribute
	'parent' is to specify the parent for the fc_host adapter.

	* docs/formatstorage.html.in:
	  - Add documents for the 4 new attrs
	* docs/schemas/storagepool.rng:
	  - Add RNG schema
	* src/conf/storage_conf.c:
	  - Parse and format the new XMLs
	* src/conf/storage_conf.h:
	  - New struct virStoragePoolSourceAdapter, replace "char *adapter" with it;
	  - New enum virStoragePoolSourceAdapterType
	* src/libvirt_private.syms:
	  - Export TypeToString and TypeFromString
	* src/phyp/phyp_driver.c:
	  - Replace "adapter" with "adapter.data.name", which is member of the union
	    of the new struct virStoragePoolSourceAdapter now. Later patch will
	    add the checking, as "adapter.data.name" is only valid for "scsi_host"
	    adapter.
	* src/storage/storage_backend_scsi.c:
	  - Like above
	* tests/storagepoolxml2xmlin/pool-scsi-type-scsi-host.xml:
	* tests/storagepoolxml2xmlin/pool-scsi-type-fc-host.xml:
	  - New test for 'fc_host' and "scsi_host" adapter
	* tests/storagepoolxml2xmlout/pool-scsi.xml:
	  - Change the expected output, as the 'type' defaults to 'scsi_host' if 'name"
	    specified now
	* tests/storagepoolxml2xmlout/pool-scsi-type-scsi-host.xml:
	* tests/storagepoolxml2xmlout/pool-scsi-type-fc-host.xml:
	  - New test
	* tests/storagepoolxml2xmltest.c:
	  - Include the test

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Avoid cast alignment warnings in port allocator test
	To avoid

	virportallocatortest.c: In function 'bind':
	virportallocatortest.c:34:33: warning: cast increases required alignment of target type [-Wcast-align]
	     struct sockaddr_in *saddr = (struct sockaddr_in *)addr;
	                                 ^

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Disable cast-align warnings in various places
	There are a number of places which generate cast alignment
	warnings, which are difficult or impossible to address. Use
	pragmas to disable the warnings in these few places

	conf/nwfilter_conf.c: In function 'virNWFilterRuleDetailsParse':
	conf/nwfilter_conf.c:1806:16: warning: cast increases required alignment of target type [-Wcast-align]
	         item = (nwItemDesc *)((char *)nwf + att[idx].dataIdx);
	conf/nwfilter_conf.c: In function 'virNWFilterRuleDefDetailsFormat':
	conf/nwfilter_conf.c:3238:16: warning: cast increases required alignment of target type [-Wcast-align]
	         item = (nwItemDesc *)((char *)def + att[i].dataIdx);

	storage/storage_backend_mpath.c: In function 'virStorageBackendCreateVols':
	storage/storage_backend_mpath.c:247:17: warning: cast increases required alignment of target type [-Wcast-align]
	         names = (struct dm_names *)(((char *)names) + next);

	nwfilter/nwfilter_dhcpsnoop.c: In function 'virNWFilterSnoopDHCPDecode':
	nwfilter/nwfilter_dhcpsnoop.c:994:15: warning: cast increases required alignment of target type [-Wcast-align]
	         pip = (struct iphdr *) pep->eh_data;
	nwfilter/nwfilter_dhcpsnoop.c:1004:11: warning: cast increases required alignment of target type [-Wcast-align]
	     pup = (struct udphdr *) ((char *) pip + (pip->ihl << 2));

	nwfilter/nwfilter_learnipaddr.c: In function 'procDHCPOpts':
	nwfilter/nwfilter_learnipaddr.c:327:33: warning: cast increases required alignment of target type [-Wcast-align]
	                 uint32_t *tmp = (uint32_t *)&dhcpopt->value;
	nwfilter/nwfilter_learnipaddr.c: In function 'learnIPAddressThread':
	nwfilter/nwfilter_learnipaddr.c:501:43: warning: cast increases required alignment of target type [-Wcast-align]
	                     struct iphdr *iphdr = (struct iphdr*)(packet +
	nwfilter/nwfilter_learnipaddr.c:538:43: warning: cast increases required alignment of target type [-Wcast-align]
	                     struct iphdr *iphdr = (struct iphdr*)(packet +
	nwfilter/nwfilter_learnipaddr.c:544:48: warning: cast increases required alignment of target type [-Wcast-align]
	                         struct udphdr *udphdr= (struct udphdr *)

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Copy struct inotify_event entries to avoid alignment problems
	When reading the inotify FD, we get back a sequence of
	struct inotify_event, each with variable length data following.
	It is not safe to simply cast from the char *buf to the
	struct inotify_event struct since this may violate data
	alignment rules. Thus we must copy from the char *buf
	into the struct inotify_event instance before accessing
	the data.

	uml/uml_driver.c: In function 'umlInotifyEvent':
	uml/uml_driver.c:327:13: warning: cast increases required alignment of target type [-Wcast-align]
	         e = (struct inotify_event *)tmp;

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Use VIR_ALLOC_VAR instead of VIR_ALLOC_N for creating virObject
	The current way virObject instances are allocated using
	VIR_ALLOC_N causes alignment warnings

	util/virobject.c: In function 'virObjectNew':
	util/virobject.c:195:11: error: cast increases required alignment of target type [-Werror=cast-align]

	Changing to use VIR_ALLOC_VAR will avoid the need todo
	the casts entirely.

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Avoid casts between unsigned char * and struct nlmsghdr
	The virNetlinkCommand() method takes an 'unsigned char **'
	parameter to be filled with the received netlink message.
	The callers then immediately cast this to 'struct nlmsghdr',
	triggering (bogus) warnings about increasing alignment
	requirements

	util/virnetdev.c: In function 'virNetDevLinkDump':
	util/virnetdev.c:1300:12: warning: cast increases required alignment of target type [-Wcast-align]
	     resp = (struct nlmsghdr *)*recvbuf;
	            ^
	util/virnetdev.c: In function 'virNetDevSetVfConfig':
	util/virnetdev.c:1429:12: warning: cast increases required alignment of target type [-Wcast-align]
	     resp = (struct nlmsghdr *)recvbuf;

	Since all callers cast to 'struct nlmsghdr' we can avoid
	the warning problem entirely by simply changing the
	signature of virNetlinkCommand to return a 'struct nlmsghdr **'
	instead of 'unsigned char **'. The way we do the cast inside
	virNetlinkCommand does not have any alignment issues.

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite keycode map to avoid a struct
	Playing games with field offsets in a struct causes all sorts
	of alignment warnings on ARM platforms

	util/virkeycode.c: In function '__virKeycodeValueFromString':
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:91:28: note: in expansion of macro 'getfield'
	         const char *name = getfield(virKeycodes + i, const char *, name_offset);
	                            ^
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:94:20: note: in expansion of macro 'getfield'
	             return getfield(virKeycodes + i, unsigned short, code_offset);
	                    ^
	util/virkeycode.c: In function '__virKeycodeValueTranslate':
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:127:13: note: in expansion of macro 'getfield'
	         if (getfield(virKeycodes + i, unsigned short, from_offset) == key_value)
	             ^
	util/virkeycode.c:26:7: warning: cast increases required alignment of target type [-Wcast-align]
	     (*(typeof(field_type) *)((char *)(object) + field_offset))
	       ^
	util/virkeycode.c:128:20: note: in expansion of macro 'getfield'
	             return getfield(virKeycodes + i, unsigned short, to_offset);

	There is no compelling reason to use a struct for the keycode
	tables. It can easily just use an array of arrays instead,
	avoiding all alignment problems

2013-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Add a test suite for keycode mapping functions
	Validate that translations between different keycode sets
	are functioning.

2013-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Error out if the bitmap for pinning is all clear
	For both "live" and "config" changes of vcpupin and emulatorpin, an
	all clear bitmap doesn't make sense, and it can just cause corruptions.
	E.g (similar for emulatorpin).

	% virsh vcpupin hame 0 8,^8 --config

	% virsh vcpupin hame
	VCPU: CPU Affinity
	----------------------------------
	   0:
	   1: 0-63
	   2: 0-63
	   3: 0-63

	% virsh dumpxml hame | grep cpuset
	    <vcpupin vcpu='0' cpuset=''/>

	% virsh start hame
	error: Failed to start domain hame
	error: An error occurred, but the cause is unknown

2013-04-06  Osier Yang  <jyang@redhat.com>

	util: Add a helper to check if all bits of a bitmap are clear

2013-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Support multiple queue virtio-scsi
	This introduce a new attribute "num_queues" (same with the good name
	QEMU uses) for virtio-scsi controller. An example of the XML:

	<controller type='scsi' index='0' model='virtio-scsi' num_queues='8'/>

	The corresponding QEMU command line:

	-device virtio-scsi-pci,id=scsi0,num_queues=8,bus=pci.0,addr=0x3 \

2013-04-05  Eric Blake  <eblake@redhat.com>

	build: check correct protocol.o file
	By default, libtool builds two .o files for every .lo rule:
	src/foo.o - static builds
	src/.libs/foo.o - shared library builds

	But since commit ad42b34b disabled static builds, src/foo.o is
	no longer built by default.  On a fresh checkout, this means our
	protocol check rules using pdwtags were testing a missing file,
	and thanks to a lousy behavior of pdwtags happily giving no output
	and 0 exit status (http://bugzilla.redhat.com/949034), we were
	merely claiming that "dwarves is too old" and skipping the test.

	However, if you swap between branches and do incremental builds,
	such as building v0.10.2-maint and then switching back to master,
	you end up with src/foo.o being leftover from its 0.10.2 state,
	and then 'make check' fails because the .o file does not match
	the protocol-structs file due to API additions in the meantime.

	A simpler fix would be to always look in .libs for the .o to
	be parsed; but since it is possible to pass ./configure options
	to tell libtool to do a static-only build with no shared .o,
	I went with the approach of finding the newest of the two files,
	whenever both exist.

	* src/Makefile.am (PDWTAGS): Ensure we test just-built file.

2013-04-05  Eric Blake  <eblake@redhat.com>

	build: use proper pod for nested bulleted VIRSH_DEBUG list
	Newer pod (hello rawhide) complains if you attempt to mix bullets
	and non-bullets in the same list:

	virsh.pod around line 3177: Expected text after =item, not a bullet

	As our intent was to nest an inner list, we make that explicit to
	keep pod happy.

	* tools/virsh.pod (ENVIRONMENT): Use correct pod syntax.

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove maximum cpu limit when setting processor count using the API
	When setting processor count for a domain using the API libvirt enforced
	a maximum processor count, while it isn't enforced when taking the XML path.

	This patch removes the check to match the XML.

2013-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Don't create dirs in cgroup controllers we don't want to use
	Currently when getting an instance of virCgroupPtr we will
	create the path in all cgroup controllers. Only at the virt
	driver layer are we attempting to filter controllers. This
	is bad because the mere act of creating the dirs in the
	controllers can have a functional impact on the kernel,
	particularly for performance.

	Update the virCgroupForDriver() method to accept a bitmask
	of controllers to use. Only create dirs in the controllers
	that are requested. When creating cgroups for domains,
	respect the active controller list from the parent cgroup

2013-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Rename virCgroupGetAppRoot to virCgroupForSelf
	The virCgroupGetAppRoot is not clear in its meaning. Change
	to virCgroupForSelf to highlight that this returns the
	cgroup config for the caller's process

	Ensure LD_PRELOAD exists before running test case
	The linker will ignore LD_PRELOAD libraries which do not
	exist, just printing a warning message. This is not helpful
	for the test suite which will be utterly fubar without the
	preload library present. Add an explicit test for existence
	of the library to protect against this

	Refactor RNG schema for resource tuning
	Split the "resource" define out into multiple smaller
	defines, one for each type of resource tuning parameter.
	This makes the schema a bit clearer to read

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix connection close callback race condition and memory corruption/crash
	The last Viktor's effort to fix the race and memory corruption unfortunately
	wasn't complete in the case the close callback was not registered in an
	connection. At that time, the trail of event's that I'll describe later could
	still happen and corrupt the memory or cause a crash of the client (including
	the daemon in case of a p2p migration).

	Consider the following prerequisities and trail of events:
	Let's have a remote connection to a hypervisor that doesn't have a close
	callback registered and the client is using the event loop. The crash happens in
	cooperation of 2 threads. Thread E is the event loop and thread W is the worker
	that does some stuff. R denotes the remote client.

	1.) W - The client finishes everything and sheds the last reference on the client
	2.) W - The virObject stuff invokes virConnectDispose that invokes doRemoteClose
	3.) W - the remote close method invokes the REMOTE_PROC_CLOSE RPC method.
	4.) W - The thread is preempted at this point.
	5.) R - The remote side receives the close and closes the socket.
	6.) E - poll() wakes up due to the closed socket and invokes the close callback
	7.) E - The event loop is preempted right before remoteClientCloseFunc is called
	8.) W - The worker now finishes, and frees the conn object.
	9.) E - The remoteClientCloseFunc accesses the now-freed conn object in the
	        attempt to retrieve pointer for the real close callback.
	10.) Kaboom, corrupted memory/segfault.

	This patch tries to fix this by introducing a new object that survives the
	freeing of the connection object. We can't increase the reference count on the
	connection object itself or the connection would never be closed, as the
	connection is closed only when the reference count reaches zero.

	The new object - virConnectCloseCallbackData - is a lockable object that keeps
	the pointers to the real user registered callback and ensures that the
	connection callback is either not called if the connection was already freed or
	that the connection isn't freed while this is being called.

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	virsh: Register and unregister the close callback also in cmdConnect
	This patch improves the error message after disconnecting from the
	hypervisor and adds the close callback operations required not to leak
	the callback reference.

2013-04-05  Peter Krempa  <pkrempa@redhat.com>

	virsh: Move cmdConnect from virsh-host.c to virsh.c
	The function is used to establish connection so it should be in the main
	virsh file. This movement also enables further improvements done in next
	patches.

	Note that the "connect" command has moved from the host section of virsh to the
	main section. It is now listed by 'virsh help virsh' instead of 'virsh help
	host'.

2013-04-05  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: Unregister the connection close notifier upon termination
	Before closing the connection we unregister the close callback
	to prevent a reference leak.

	Further, the messages on virConnectClose != 0 are a bit more specific
	now.

2013-04-05  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	libvirt: Increase connection reference count for callbacks
	By adjusting the reference count of the connection object we
	prevent races between callback function and virConnectClose.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of defaultConsoleTargetType callback
	This patch refactors various places to allow removing of the
	defaultConsoleTargetType callback from the virCaps structure.

	A new console character device target type is introduced -
	VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was
	specified in the XML. This type is at the end converted to the standard
	VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are
	different from this default have to be processed separately in the
	device post parse callback.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of macPrefix field
	Use the virDomainXMLConf structure to hold this data and tweak the code
	to avoid semantic change.

	Without configuration the KVM mac prefix is used by default. I chose it
	as it's in the privately administered segment so it should be usable for
	any purposes.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of hasWideScsiBus
	Use the virDomainXMLConf structure to hold this data.

	virCaps: get rid of defaultDiskDriverType
	Use the qemu specific callback to fill this data in the qemu driver as
	it's the only place where it was used and fix tests as the qemu test
	capability object didn't configure the defaults for the tests.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of emulatorRequired
	This patch removes the emulatorRequired field and associated
	infrastructure from the virCaps object. Instead the driver specific
	callbacks are used as this field isn't enforced by all drivers.

	This patch implements the appropriate callbacks in the qemu and lxc
	driver and moves to check to that location.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of defaultDiskDriverName
	This patch removes the defaultDiskDriverName from the virCaps
	structure. This particular default value is used only in the qemu driver
	so this patch uses the recently added callback to fill the driver name
	if it's needed instead of propagating it through virCaps.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	virCaps: get rid of "defaultInitPath" value in the virCaps struct
	This gets rid of the parameter in favor of using the new callback
	infrastructure to do the same stuff.

	This patch implements the domain adjustment callback in the openVZ
	driver and moves the check from the parser to a new validation method in
	the callback infrastructure.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Record the default NIC model in the domain XML
	This patch implements the devices post parse callback and uses it to fill
	the default qemu network card model into the XML if none is specified.

	Libvirt assumes that the network card model for qemu is the "rtl8139".
	Record this in the XML using the new callback to avoid user
	confusion.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	conf callback: Rearrange function parameters
	Move the xmlopt and caps arguments to the end of the argument list.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	conf: Add post XML parse callbacks and prepare for cleaning of virCaps
	This patch adds instrumentation that will allow hypervisor drivers to
	fill and validate domain and device definitions after parsed by the XML
	parser.

	With this patch, after the XML is parsed, a callback to the driver is
	issued requesting to fill and validate driver specific details of the
	configuration. This allows to use sensible defaults and checks on a per
	driver basis at the time the XML is parsed.

	Two callback pointers are stored in the new virDomainXMLConf object:
	* virDomainDeviceDefPostParseCallback (devicesPostParseCallback)
	  - called for a single device parsed and for every single device in a
	    domain config. A virDomainDeviceDefPtr is passed along with the
	    domain definition and virCaps.

	* virDomainDefPostParseCallback, (domainPostParseCallback)
	  - A callback that is meant to process the domain config after it's
	  parsed.  A virDomainDefPtr is passed along with virCaps.

	Both types of callbacks support arbitrary opaque data passed for the
	callback functions.

	Errors may be reported in those callbacks resulting in a XML parsing
	failure.

2013-04-04  Peter Krempa  <pkrempa@redhat.com>

	maint: Rename xmlconf to xmlopt and virDomainXMLConfig to virDomainXMLOption
	This patch is the result of running:

	for i in $(git ls-files | grep -v html | grep -v \.po$ ); do
	  sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i
	done

	and a few manual tweaks.

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Create fake NUMA info if libnuma isn't available
	If libnuma is not compiled in, or numa_available() returns an
	error, stub out fake NUMA info consisting of one NUMA cell
	containing all CPUs and memory.

	Cope with missing /sys/devices/system/cpu/cpu0/topology files
	Not all kernel builds have any entries under the location
	/sys/devices/system/cpu/cpu0/topology. We already cope with
	that being missing in some cases, but not all. Update the
	code which looks for thread_siblings to cope with the missing
	file

	Add armv6l architecture to list of valid arches
	The Raspberry Pi runs the armv6l architecture and apparently
	people are trying to run libvirt LXC on it. So we should allow
	that as a valid arch

	Implement minimal sysinfo for ARM platforms
	Implement the bare minimal sysinfo for ARM platforms by
	reading the CPU models from /proc/cpuinfo

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Disable of unused sysinfotest functions
	Certain functions in the sysinfotest.c are not used unless
	a whitelisted architecture is being built. Disable those
	functions unless required to avoid warnings about unused
	functions.

	sysinfotest.c:93:1: warning: 'sysinfotest_run' defined but not used [-Wunused-function]
	 sysinfotest_run(const char *test,

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Wire up sysinfo for LXC driver
	The sysinfo code used by QEMU is trivially portable to the
	LXC driver

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Add support for SD cards in nodedev driver
	The nodedev driver currently only detects harddisk, cdrom
	and floppy devices. This adds support for SD cards, which
	are common storage for ARM devices, eg the Google ChromeBook

	<device>
	  <name>block_mmcblk0_0xb1c7c08b</name>
	  <parent>computer</parent>
	  <capability type='storage'>
	    <block>/dev/mmcblk0</block>
	    <drive_type>sd</drive_type>
	    <serial>0xb1c7c08b</serial>
	    <size>15758000128</size>
	    <logical_block_size>512</logical_block_size>
	    <num_blocks>30777344</num_blocks>
	  </capability>
	</device>

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Revert "lxc: Prevent shutting down the host"
	This reverts commit c9c87376f2b2197ad774533ad6a6dd2f631ca105.

	Now that we force all containers to have a root filesystem,
	there is no way the host's /dev is ever exposed

2013-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Auto-add a root <filesystem> element to LXC containers on startup
	Currently the LXC container code has two codepaths, depending on
	whether there is a <filesystem> element with a target path of '/'.
	If we automatically add a <filesystem> device with src=/ and dst=/,
	for any container which has not specified a root filesystem, then
	we only need one codepath for setting up the filesystem.

	Remove support for old kernels lacking private devpts
	Early on kernel support for private devpts was not widespread,
	so we had compatibiltiy codepaths. Such old kernels are not
	seriously used for LXC these days, so the compat code can go
	away

2013-04-04  Atsushi Kumagai  <kumagai-atsushi@mxc.nes.nec.co.jp>

	storage: Fix volume cloning for logical volume.
	When creating a logical volume with virStorageVolCreateXMLFrom,
	"qemu-img convert" is called internally if clonevol is a file volume.
	Then, vol->target.format is used as output_fmt parameter but the
	target.format of logical volumes is always 0 because logical volumes
	haven't the volume format type element.

	Fortunately, 0 was treated as RAW file format before commit f772b3d9,
	so there was no problem. But now, 0 is treated as the type of none,
	qemu-img fails with "Unknown file format 'none'".

	This patch fixes this issue by treating output block devices as RAW
	file format like for input block devices.

2013-04-03  Guido Günther  <agx@sigxcpu.org>

	security_manager: fix comparison
	otherwise we crash later on if we don't find a match like:

	 #0  0xb72c2b4f in virSecurityManagerGenLabel (mgr=0xb8e42d20, vm=0xb8ef40c0) at security/security_manager.c:424
	 #1  0xb18811f3 in qemuProcessStart (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=vm@entry=0xb8ef58f0,
	     migrateFrom=migrateFrom@entry=0xb18f6088 "stdio", stdin_fd=18,
	     stdin_path=stdin_path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", snapshot=snapshot@entry=0x0,
	     vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_RESTORE, flags=flags@entry=2) at qemu/qemu_process.c:3364
	 #2  0xb18d6cb2 in qemuDomainSaveImageStartVM (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=0xb8ef58f0, fd=fd@entry=0xb6bf3f98,
	     header=header@entry=0xb6bf3fa0, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img",
	     start_paused=start_paused@entry=false) at qemu/qemu_driver.c:4843
	 #3  0xb18d7eeb in qemuDomainRestoreFlags (conn=conn@entry=0xb8eed880,
	     path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", dxml=dxml@entry=0x0, flags=flags@entry=0)
	     at qemu/qemu_driver.c:4962
	 #4  0xb18d8123 in qemuDomainRestore (conn=0xb8eed880, path=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img")
	     at qemu/qemu_driver.c:4987
	 #5  0xb718d186 in virDomainRestore (conn=0xb8eed880, from=0xb8ea87d8 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at libvirt.c:2768
	 #6  0xb7736363 in remoteDispatchDomainRestore (args=<optimized out>, rerr=0xb6bf41f0, client=0xb8eedaf0, server=<optimized out>, msg=<optimized out>)
	     at remote_dispatch.h:4679
	 #7  remoteDispatchDomainRestoreHelper (server=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8, rerr=0xb6bf41f0, args=0xb8ea8968, ret=0xb8ef5330)
	     at remote_dispatch.h:4661
	 #8  0xb720db01 in virNetServerProgramDispatchCall (msg=0xb8ee72c8, client=0xb8eedaf0, server=0xb8e1a3e0, prog=0xb8e216b0)
	     at rpc/virnetserverprogram.c:439
	 #9  virNetServerProgramDispatch (prog=0xb8e216b0, server=server@entry=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8) at rpc/virnetserverprogram.c:305
	 #10 0xb7206e97 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8e1a3e0) at rpc/virnetserver.c:162
	 #11 virNetServerHandleJob (jobOpaque=0xb8ea7720, opaque=0xb8e1a3e0) at rpc/virnetserver.c:183
	 #12 0xb70f9f78 in virThreadPoolWorker (opaque=opaque@entry=0xb8e1a540) at util/virthreadpool.c:144
	 #13 0xb70f94a5 in virThreadHelper (data=0xb8e0e558) at util/virthreadpthread.c:161
	 #14 0xb705d954 in start_thread (arg=0xb6bf4b70) at pthread_create.c:304
	 #15 0xb6fd595e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

	This unbreaks libvirt-tck's domain/100-transient-save-restore.t with
	qemu:///session and selinux compiled in but disabled.

	Introduced by 8d68cbeaa8a64759323da1d64526e2a941eb93e1

2013-04-03  Eric Blake  <eblake@redhat.com>

	qemu: fix memory leak on -machine usage error
	Commit f84b92ea introduced a memory leak on error; John Ferlan reported
	that valgrind caught it during 'make check'.

	* src/qemu/qemu_command.c (qemuBuildMachineArgStr): Plug leak.

2013-04-03  Daniel P. Berrange  <berrange@redhat.com>

	Enable full RELRO mode
	By passing the flags -z relro -z now to the linker, we can force
	it to resolve all library symbols at startup, instead of on-demand.
	This allows it to then make the global offset table (GOT) read-only,
	which makes some security attacks harder.

	Build all binaries with PIE
	PIE (position independent executable) adds security to executables
	by composing them entirely of position-independent code (PIC. The
	.so libraries already build with -fPIC. This adds -fPIE which is
	the equivalent to -fPIC, but for executables. This for allows Exec
	Shield to use address space layout randomization to prevent attackers
	from knowing where existing executable code is during a security
	attack using exploits that rely on knowing the offset of the
	executable code in the binary, such as return-to-libc attacks.

2013-04-03  Peter Krempa  <pkrempa@redhat.com>

	qemu-blockjob: Fix limit of bandwidth for block jobs to supported value
	The JSON generator is able to represent only values less than LLONG_MAX, fix the
	bandwidth limit checks when converting to value to catch overflows before they
	reach the generator.

2013-04-03  Osier Yang  <jyang@redhat.com>

	rng: Add definition for network disk source
	It's long enough to have a independant definition.

2013-04-03  Daniel P. Berrange  <berrange@redhat.com>

	Disable static libraries by default
	Every source file is currently built twice by libtool, once for
	the shared library and once for the static library. Static libs
	are not commonly packaged by distros and slow down compilation
	time by more than 50% compared to a shared-only build time.

	Time for 'make -j 4':

	      shared only: 2 mins  9 secs
	  shared + static: 3 mins 26 secs

	Time for non-parallel make

	      shared only: 3 mins 32 secs
	  shared + static: 5 mins 41 secs

	Those few people who really want them, can pass --enable-static
	to configure

	Disabling them by default requires use of LT_INIT, but for
	compat with RHEL5 we can't rely on that. So we conditionally
	use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.

2013-04-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix typo in docs
	s/persitent/persistent/

2013-04-03  Michal Privoznik  <mprivozn@redhat.com>

	sec_manager: Refuse to start domain with unsupported seclabel
	https://bugzilla.redhat.com/show_bug.cgi?id=947387

	If a user configures a domain to use a seclabel of a specific type,
	but the appropriate driver is not accessible, we should refuse to
	start the domain. For instance, if user requires selinux, but it is
	either non present in the system, or is just disabled, we should not
	start the domain. Moreover, since we are touching only those labels we
	have a security driver for, the other labels may confuse libvirt when
	reconnecting to a domain on libvirtd restart. In our selinux example,
	when starting up a domain, missing security label is okay, as we
	auto-generate one. But later, when libvirt is re-connecting to a live
	qemu instance, we parse a state XML, where security label is required
	and it is an error if missing:

	  error : virSecurityLabelDefParseXML:3228 : XML error: security label
	  is missing

	This results in a qemu process left behind without any libvirt control.

2013-04-03  Martin Kletzander  <mkletzan@redhat.com>

	Allow multiple parameters for schedinfo
	virsh schedinfo was able to set only one parameter at a time (not
	counting the deprecated options), but it is useful to set more at
	once, so this patch adds the possibility to do stuff like this:

	virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
	emulator_period=0 emulator_quota=0

	Invalid scheduler options are reported as well.  These were previously
	reported only if the command hadn't updated any values (when
	cmdSchedInfoUpdate returned 0).

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix crash when updating media with shared device
	Mimic the fix done in 02b9097274d1330c2e1dca7f598880e09b5c2aa0 to fix crash by
	accessing an already freed structure. Also copy the explaining comment why the
	pointer can't be accessed any more.

2013-04-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Call virDomainFree in cmdDomFSTrim
	https://bugzilla.redhat.com/show_bug.cgi?id=928197

	The virsh domfstrim command was not freeing allocated domain,
	leaving leaked references behind.

2013-04-02  Martin Kletzander  <mkletzan@redhat.com>

	manual: Fix copy-paste errors
	Descriptions for vol-download and vol-upload didn't make much sense.

	Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=923613

2013-04-02  Martin Kletzander  <mkletzan@redhat.com>

	manual: Add info about migrateuri in virsh manual
	The virsh(1) man page wasn't saying anything about the 'migrateuri'
	parameter other than it can be usually omitted.  A patched version of
	docs/migrate.html.in is taken in this patch to fix that up in the man
	page.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Add --live, --config, --current logic to cmdDetachDisk
	Use the established approach to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdDetachDevice
	Use the established approach to improve this function too.

	virsh-domain: Add --live, --config, --current logic to cmdDetachInterface
	Use the established approach to improve this function too.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix semantics of --config for "update-device" command
	The man page states that with --config the next boot is affected. This
	can be understood as if _only_ the next boot was affected. This isn't
	true if the machine is running.

	This patch adds the full --live, --config, --current infrastructure and
	tweaks stuff to correctly support the obsolete --persistent flag.

	Note that this patch changes the the behavior of the --config flag to match the
	use of this flag in rest of libvirt. This flag was mistakenly renamed from
	--persistent that originaly had different semantics.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Fix declarations of flag variables in cmdChangeMedia
	The parameter options can be declared directly.

	Also use macros for mutual exclusion on some of the incompatible
	parameter variables.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Simplify usage of --current, --live and --config flags
	This patch uses the new helper to avoid the more complex check for
	domain state modification flags.

	virsh-domain-monitor: Refactor cmdDomIfGetLink
	The domif-getlink command did not terminate successfully when the
	interface state was found. As the code used old and too complex approach
	to do the job, this patch refactors it and fixes the bug.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	Use virMacAddrFormat instead of manual mac address formatting
	Format the address using the helper instead of having similar code in
	multiple places.

	This patch also fixes leak of the MAC address string in
	ebtablesRemoveForwardAllowIn() and ebtablesAddForwardAllowIn() in
	src/util/virebtables.c

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	util: Change virMacAddrFormat to lowercase hex characters
	The domain XML generator creates the mac addres strings with lowercase
	strings with a separate piece of code. This patch changes the formating
	helper to do the same stuff to allow using it to normalize a string
	provided by the user. After this change some of the tests that are
	outputing the mac address will need to be changed.

2013-04-02  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Optimize machine option to set more options with it
	Currently, -machine option is used only when dump-guest-core is set.

	To use options defined in machine option for newer version of QEMU,
	it needs to use -machine xxx, and to be compatible with older version
	-M, this patch adds QEMU_CAPS_MACHINE_OPT capability for newer
	version which supports -machine option.

2013-04-02  Peter Krempa  <pkrempa@redhat.com>

	conf: Enforce ranges on cputune variables
	The limits are documented at
	http://libvirt.org/formatdomain.html#elementsCPUTuning . Enforce them
	when going through XML parsing in addition to being enforced by the API.

2013-04-02  Michal Privoznik  <mprivozn@redhat.com>

	test: Return Libvirt logo as domain screenshot
	This is just a bare Easter Egg. Whenever a user runs virDomainScreenshot
	over a domain in test driver, he'll get the Libvirt PNG logo in return.

2013-04-02  Eric Blake  <eblake@redhat.com>

	smartcard: spell ccid-card-emulated qemu property correctly
	Reported by Anthony Messina in
	https://bugzilla.redhat.com/show_bug.cgi?id=904692
	Present since introduction of smartcard support in commit f5fd9baa

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Match qemu spelling.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
	Fix broken test.

2013-04-02  Ján Tomko  <jtomko@redhat.com>

	qemu: Allow migration over IPv6
	Allow migration over IPv6 by listening on [::] instead of 0.0.0.0
	when QEMU supports it (QEMU_CAPS_IPV6_MIGRATION) and there is
	at least one v6 address configured on the system.

	Use virURIParse in qemuMigrationPrepareDirect to allow parsing
	IPv6 addresses, which would cause an 'incorrect :port' error
	message before.

	Move setting of migrateFrom from qemuMigrationPrepare{Direct,Tunnel}
	after domain XML parsing, since we need the QEMU binary path from it
	to get its capabilities.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=846013

2013-04-02  Osier Yang  <jyang@redhat.com>

	virsh: Add a helper to parse cpulist
	The 'virsh vcpupin' and 'virsh emulatorpin' commands use the same
	code to parse the cpulist. This patch abstracts the same code as
	a helper. Along with various code style fixes, and error improvement
	(only error "Physical CPU %d doesn't exist" if the specified CPU
	exceed the range, no "cpulist: Invalid format", see the following
	for an example of the error prior to this patch).

	% virsh vcpupin 4 0 0-8
	error: Physical CPU 4 doesn't exist.
	error: cpulist: Invalid format.

2013-04-01  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind failure
	Code added by commit id '523207fe8'

	TEST: qemuxml2argvtest
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ........................................ 160
	      ........................................ 200
	      ........................................ 240
	      .................................        273 OK
	==30993== 39 bytes in 1 blocks are definitely lost in loss record 33 of 87
	==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==30993==    by 0x41E501: fakeSecretGetValue (qemuxml2argvtest.c:33)
	==30993==    by 0x427591: qemuBuildDriveURIString (qemu_command.c:2571)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
	==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==30993==
	==30993== 46 bytes in 1 blocks are definitely lost in loss record 64 of 87
	==30993==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
	==30993==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
	==30993==    by 0x4CB28E7: virVasprintf (stdio2.h:210)
	==30993==    by 0x4CB29A3: virAsprintf (virutil.c:2017)
	==30993==    by 0x4275B4: qemuBuildDriveURIString (qemu_command.c:2580)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==    by 0x4204CA: virtTestMain (testutils.c:719)
	==30993==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==30993==
	==30993== 385 (56 direct, 329 indirect) bytes in 1 blocks are definitely los
	==30993==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
	==30993==    by 0x4C6B2CF: virAllocN (viralloc.c:152)
	==30993==    by 0x4C9C7EB: virObjectNew (virobject.c:191)
	==30993==    by 0x4D21810: virGetSecret (datatypes.c:642)
	==30993==    by 0x41E5D5: fakeSecretLookupByUsage (qemuxml2argvtest.c:51)
	==30993==    by 0x4D4BEC5: virSecretLookupByUsage (libvirt.c:15295)
	==30993==    by 0x4276A9: qemuBuildDriveURIString (qemu_command.c:2565)
	==30993==    by 0x42C502: qemuBuildDriveStr (qemu_command.c:2627)
	==30993==    by 0x4335FC: qemuBuildCommandLine (qemu_command.c:6443)
	==30993==    by 0x41E8A0: testCompareXMLToArgvHelper (qemuxml2argvtest.c:154
	==30993==    by 0x41FE8F: virtTestRun (testutils.c:157)
	==30993==    by 0x418BE3: mymain (qemuxml2argvtest.c:506)
	==30993==
	PASS: qemuxml2argvtest

	Interesting side note is that running the test singularly via 'make -C tests
	check TESTS=qemuxml2argvtest' didn't trip the valgrind error; however,
	running during 'make -C tests valgrind' did cause the error to be seen.

2013-04-01  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.4
	- configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	- po/*.po*: fetch translation updates from Transifex and regenerate

2013-03-29  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Fix truncated sentence in RDP 'multiUser' attribute

2013-03-29  Ján Tomko  <jtomko@redhat.com>

	virsh: don't call virSecretFree on NULL
	Since the refactoring in fbe2d49 we call virSecretFree even if
	virSecretDefineXML fails, which leads to overwriting the error
	message with:
	error: Invalid secret: virSecretFree

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=929045

2013-03-29  Martin Kletzander  <mkletzan@redhat.com>

	storage: Avoid double virCommandFree in virStorageBackendLogicalDeletePool
	When logical pool has no PVs associated with itself (user-created),
	virCommandFree(cmd) is called twice with the same pointer and that
	causes a segfault in daemon.

2013-03-29  Ján Tomko  <jtomko@redhat.com>

	nodedev: invert virIsCapableFCHost return value
	Both virIsCapableFCHost and virIsCapableVport return 0 when the
	respective sysfs path is accessible.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	security_manager.c: Append seclabel iff generated
	With my previous patches, we unconditionally appended a seclabel,
	even if it wasn't generated but found in array of defined seclabels.
	This resulted in double free later when doing virDomainDefFree
	and iterating over the array of defined seclabels.

	Moreover, there was another possibility of double free, if the
	seclabel was generated in the last iteration of the process of
	walking trough security managers array.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	virutil: Fix compilation on non-linux platforms
	There has been a typo in virIsCapbleVport function name.

2013-03-28  Osier Yang  <jyang@redhat.com>

	util: Fix the conflict type for virIsCapableFCHost
	---
	Pushed under build-breaker rule.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	libvirt_private.syms: Correctly export seclabel APIs
	One of my previous patches manipulated virSecurityLabel* APIs,
	some were added to header files, and some were renamed. However,
	these changes were not reflected in libvirt_private.syms.

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	security: Don't add seclabel of type none if there's already a seclabel
	https://bugzilla.redhat.com/show_bug.cgi?id=923946

	The <seclabel type='none'/> should be added iff there is no other
	seclabel defined within a domain. This bug can be easily reproduced:
	1) configure selinux seclabel for a domain
	2) disable system's selinux and restart libvirtd
	3) observe <seclabel type='none'/> being appended to a domain on its
	   startup

2013-03-28  Michal Privoznik  <mprivozn@redhat.com>

	security_manager: Don't manipulate domain XML in virDomainDefGetSecurityLabelDef
	The virDomainDefGetSecurityLabelDef was modifying the domain XML.
	It tried to find a seclabel corresponding to given sec driver. If the
	label wasn't found, the function created one which is wrong. In fact
	it's security manager which should modify this part of domain XML.

2013-03-28  Guannan Ren  <gren@redhat.com>

	conf: fix memory leak of class_id bitmap
	When libvirtd loads active network configs from network state directory,
	it should release the class_id memory block which was allocated
	at the time of loading xml from network config directory.
	virBitmapParse will create a new memory block of bitmap class_id which
	causes a memory leak.

	This happens when at least one virtual network is active before.

	==12234== 8,216 (24 direct, 8,192 indirect) bytes in 1 blocks are definitely \
	              lost in loss record 702 of 709
	==12234==    at 0x4A06B2F: calloc (vg_replace_malloc.c:593)
	==12234==    by 0x37AB04D77D: virAlloc (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB04EF89: virBitmapNew (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFB37: virNetworkAssignDef (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFD31: ??? (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x37AB0BFE92: virNetworkLoadAllConfigs (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x10650E5A: ??? (in /usr/lib64/libvirt/connection-driver/libvirt_driver_network.so)
	==12234==    by 0x37AB0EB72F: virStateInitialize (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x40DE04: ??? (in /usr/sbin/libvirtd)
	==12234==    by 0x37AB0832E8: ??? (in /usr/lib64/libvirt.so.0.1000.3)
	==12234==    by 0x3796807D14: start_thread (in /usr/lib64/libpthread-2.16.so)
	==12234==    by 0x37960F246C: clone (in /usr/lib64/libc-2.16.so)

2013-03-28  Guannan Ren  <gren@redhat.com>

	uml:release config object when uml driver shutdown

	qemu:release qemu config object when qemu driver shutdown

2013-03-27  Stefan Seyfried  <seife@b1-systems.de>

	net: use newer iptables syntax
	iptables-1.4.18 removed the long deprecated "state" match.
	Use "conntrack" instead in forwarding rules.
	Fixes openSUSE bug https://bugzilla.novell.com/811251 #811251.

2013-03-27  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	remote: Don't call NULL closeFreeCallback
	Check function pointer before calling.

2013-03-27  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Fix client crash when server drops connection
	Despite the comment stating virNetClientIncomingEvent handler should
	never be called with either client->haveTheBuck or client->wantClose
	set, there is a sequence of events that may lead to both booleans being
	true when virNetClientIncomingEvent is called. However, when that
	happens, we must not immediately close the socket as there are other
	threads waiting for the buck and they would cause SIGSEGV once they are
	woken up after the socket was closed. Another thing is we should clear
	all remaining calls in the queue after closing the socket.

	The situation that can lead to the crash involves three threads, one of
	them running event loop and the other two calling libvirt APIs. The
	event loop thread detects an event on client->sock and calls
	virNetClientIncomingEvent handler. But before the handler gets a chance
	to lock client, the other two threads (T1 and T2) start calling some
	APIs. T1 gets the buck and detects EOF on client->sock while processing
	its RPC call. Since T2 is waiting for its own call, T1 passes the buck
	on to it and unlocks client. But before T2 gets the signal, the event
	loop thread wakes up, does its job and closes client->sock. The crash
	happens when T2 actually wakes up and tries to do its job using a closed
	client->sock.

2013-03-27  Jiri Denemark  <jdenemar@redhat.com>

	log: Separate thread ID from timestemp in ring buffer
	When we write a log message into a log, we separate thread ID from
	timestamp using ": ". However, when storing the message into the ring
	buffer, we omitted the separator, e.g.:

	    2013-02-27 11:49:11.852+00003745: ...

2013-03-27  Guannan Ren  <gren@redhat.com>

	conf: fix a failure when detaching a usb device
	 #virsh detach-device $guest usb.xml
	 error: Failed to detach device from usb2.xml
	 error: operation failed: host usb device vendor=0x0951 \
	 product=0x1625 not found

	This regresstion is due to a typo in matching function. The first
	argument is always the usb device that we are checking for. If the
	usb xml file provided by user contains bus and device info, we try
	to search it by them, otherwise, we use vendor and product info.

	The bug occurred only when detaching a usb device with no bus and
	device info provided in the usb xml file.

2013-03-26  Yanbing Du  <ydu@redhat.com>

	virsh: Correct DESCRIPTION for virsh help blockcopy

2013-03-26  Guido Günther  <agx@sigxcpu.org>

	qemu: Don't set address type too early during virtio disk hotplug
	f946462e14ac036357b7c11ce5c23f94a3ee4e49 changed behavior by settings
	VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI upfront. If we do so before invoking
	qemuDomainPCIAddressEnsureAddr we merely try to set the PCI slot via
	qemuDomainPCIAddressReserveSlot instead reserving a new address via
	qemuDomainPCIAddressSetNextAddr which fails with

	$ ~/run-tck-test domain/200-disk-hotplug.t
	./scripts/domain/200-disk-hotplug.t .. # Creating a new transient domain
	./scripts/domain/200-disk-hotplug.t .. 1/5 # Attaching the new disk /var/lib/jenkins/jobs/libvirt-tck-build/workspace/scratchdir/200-disk-hotplug/extra.img

	 #   Failed test 'disk has been attached'
	 #   at ./scripts/domain/200-disk-hotplug.t line 67.
	 # died: Sys::Virt::Error (libvirt error code: 1, message: internal error unable to reserve PCI address 0:0:0.0
	 # )

2013-03-26  Ján Tomko  <jtomko@redhat.com>

	virsh: error out on non-numeric timeout values
	Some block commands and migrate ignored incorrect values.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=927495

2013-03-26  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set migration FD blocking
	Since we switched from direct host migration scheme to the one,
	where we connect to the destination and then just pass a FD to a
	qemu, we have uncovered a qemu bug. Qemu expects migration FD to
	block. However, we are passing a nonblocking one which results in
	cryptic error messages like:

	  qemu: warning: error while loading state section id 2
	  load of migration failed

	The bug is already known to Qemu folks, but we should workaround
	already released Qemus. Patch has been originally proposed by Stefan
	Hajnoczi <stefanha@gmail.com>

2013-03-26  Martin Kletzander  <mkletzan@redhat.com>

	Fix virConnectOpen.*() name requirements
	virConnectOpenAuth didn't require 'name' to be specified (VIR_DEBUG
	used NULLSTR() for the output) and by default, if name == NULL, the
	default connection uri is used.  This was not indicated in the
	documentation and wasn't checked for in other API's VIR_DEBUG outputs.

2013-03-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: Let the compiler check usage of all fields in vshCmdOptType enum
	Get rid of the "default" labels to do so.

2013-03-26  Guannan Ren  <gren@redhat.com>

	python: set default value to optional arguments
	When prefixing with string (optional) or optional in the description
	of arguments to libvirt C APIs, in python, these arguments will be
	set as optional arugments, for example:

	 * virDomainSaveFlags:
	 * @domain: a domain object
	 * @to: path for the output file
	 * @dxml: (optional) XML config for adjusting guest xml used on restore
	 * @flags: bitwise-OR of virDomainSaveRestoreFlags

	 the corresponding python APIs is
	 restoreFlags(self, frm, dxml=None, flags=0)

	The following python APIs are changed to:
	 blockCommit(self, disk, base, top, bandwidth=0, flags=0)
	 blockPull(self, disk, bandwidth=0, flags=0)
	 blockRebase(self, disk, base, bandwidth=0, flags=0)
	 migrate(self, dconn, flags=0, dname=None, uri=None, bandwidth=0)
	 migrate2(self, dconn, dxml=None, flags=0, dname=None, uri=None, bandwidth=0)
	 migrateToURI(self, duri, flags=0, dname=None, bandwidth=0)
	 migrateToURI2(self, dconnuri=None, miguri=None, dxml=None, flags=0, \
	               dname=None, bandwidth=0)
	 saveFlags(self, to, dxml=None, flags=0)
	 migrate(self, domain, flags=0, dname=None, uri=None, bandwidth=0)
	 migrate2(self, domain, dxml=None, flags=0, dname=None, uri=None, bandwidth=0)
	 restoreFlags(self, frm, dxml=None, flags=0)

2013-03-26  Yanbing Du  <ydu@redhat.com>

	Remove the redundant parentheses in migrate help

2013-03-25  Eric Blake  <eblake@redhat.com>

	Revert "qemu: detect multi-head qxl via more than version check"
	This reverts commit 5ac846e42e5b7e0475f6aa9cc1e0b0c8dac84d44.

	After further discussions with Alon Levy, I learned the following:

	The use of '-vga qxl' vs. '-device qxl-vga' is completely orthogonal
	to whether ram_size can be exposed.  Downstream distros are interested
	in backporting support for multi-head qxl, but this can be done in
	one of two ways:
	1. Support one head per PCI device.  If you do this, then it makes
	sense to have full control over the PCI address of each device. For
	full control, you need '-device qxl-vga' instead of '-vga qxl'.
	2. Support multiple heads through a single PCI device.  If you do
	this, then you need to allocate more RAM to that PCI device (enough
	ram to cover the multiple screens).  Here, the device is hard-coded
	to 0:0:2.0, both in qemu and libvirt code.

	Apparently, backporting ram_size changes to allow multiple heads in
	a single device is much easier than backporting multiple device
	support.  Furthermore, the presence or absence of qxl-vga.surfaces
	is no different than the presence or absence of qxl-vga.ram_size;
	both properties can be applied regardless of whether you have one
	PCI device (-vga qxl) or multiple (-device qxl-vga), so this property
	is NOT a good witness of whether '-device qxl-vga' support has been
	backported.

	Downstream RHEL will NOT be using this patch; and worse, leaving this
	patch in risks doing the wrong thing if compiling upstream libvirt
	on RHEL, so the best course of action is to revert it.  That means
	that libvirt will go back to only using '-device qxl-vga' for qemu
	>= 1.2, but this is just fine because we know of no distros that plan
	on backporting multiple PCI address support to any older version of
	qemu.  Meanwhile, downstream can still use ram_size to pack multiple
	heads through a single PCI device.

2013-03-25  Eric Blake  <eblake@redhat.com>

	libvirt-guests: newline between output sentences
	Right now, libvirt-guests gives awkward output.  It's possible to
	force faster failure by setting /etc/sysconfig/libvirt-guests to use:

	ON_SHUTDOWN=shutdown
	PARALLEL_SHUTDOWN=0
	SHUTDOWN_TIMEOUT=1
	ON_BOOT=ignore

	at which point, we see:

	$ service libvirt-guests restart
	Running guests on default URI: a, b, d, c
	Shutting down guests on default URI...
	Starting shutdown on guest: a
	Shutdown of guest a failed to complete in time.Starting shutdown on guest: b
	Shutdown of guest b failed to complete in time.Starting shutdown on guest: d
	Shutdown of guest d failed to complete in time.Starting shutdown on guest: c
	Shutdown of guest c failed to complete in time.libvirt-guests is configured not to start any guests on boot

	* tools/libvirt-guests.sh.in (shutdown_guest): Add missing newline.
	Reported by Xuesong Zhang.

2013-03-25  Osier Yang  <jyang@redhat.com>

	util: Fix bug of managing vport
	The string written to "vport_create" or "vport_delete" should
	be "wwnn:wwpn", but not "wwpn:wwnn".

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Fix the improper logic when enumerating SRIOV VF
	virPCIGetVirtualFunctions returns 0 even if there is no "virtfn"
	entry under the device sysfs path.

	And virPCIGetVirtualFunctions returns -1 when it fails to get
	the PCI config space of one VF, however, with keeping the
	the VFs already detected.

	That's why udevProcessPCI and gather_pci_cap use logic like:

	if (!virPCIGetVirtualFunctions(syspath,
	                               &data->pci_dev.virtual_functions,
	                               &data->pci_dev.num_virtual_functions) ||
	    data->pci_dev.num_virtual_functions > 0)
	    data->pci_dev.flags |= VIR_NODE_DEV_CAP_FLAG_PCI_VIRTUAL_FUNCTION;

	to tag the PCI device with "virtual_function" cap.

	However, this results in a VF will aslo get "virtual_function" cap.

	This patch fixes it by:
	  * Ignoring the VF which has failure of getting PCI config space
	    (given that the successfully detected VFs are kept , it makes
	    sense to not give up on the failure of one VF too) with a warning,
	    so virPCIGetVirtualFunctions will not return -1 except out of memory.

	  * Free the allocated *virtual_functions when out of memory

	And thus the logic can be changed to:

	    /* Out of memory */
	    int ret = virPCIGetVirtualFunctions(syspath,
	                                        &data->pci_dev.virtual_functions,
	                                        &data->pci_dev.num_virtual_functions);

	    if (ret < 0 )
	        goto out;
	    if (data->pci_dev.num_virtual_functions > 0)
	        data->pci_dev.flags |= VIR_NODE_DEV_CAP_FLAG_PCI_VIRTUAL_FUNCTION;

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Abstract nodeDeviceVportCreateDelete as util function
	This abstracts nodeDeviceVportCreateDelete as an util function
	virManageVport, which can be further used by later storage patches
	(to support persistent vHBA, I don't want to create the vHBA
	using the public API, which is not good).

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Dump max vports and vports in use for HBA's XML
	This enrichs HBA's xml by dumping the number of max vports and
	vports in use. Format is like:

	  <capability type='vport_ops'>
	    <max_vports>164</max_vports>
	    <vports>5</vports>
	  </capability>

	* docs/formatnode.html.in: (Document the new XML)
	* docs/schemas/nodedev.rng: (Add the schema)
	* src/conf/node_device_conf.h: (New member for data.scsi_host)
	* src/node_device/node_device_linux_sysfs.c: (Collect the value of
	  max_vports and vports)

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Refactor the helpers
	This adds two util functions (virIsCapableFCHost and virIsCapableVport),
	and rename helper check_fc_host_linux as detect_scsi_host_caps,
	check_capable_vport_linux is removed, as it's abstracted to the util
	function virIsCapableVport. detect_scsi_host_caps nows detect both
	the fc_host and vport_ops capabilities. "stat(2)" is replaced with
	"access(2)" for saving.

	* src/util/virutil.h:
	  - Declare virIsCapableFCHost and virIsCapableVport
	* src/util/virutil.c:
	  - Implement virIsCapableFCHost and virIsCapableVport
	* src/node_device/node_device_linux_sysfs.c:
	  - Remove check_capable_vport_linux
	  - Rename check_fc_host_linux as detect_scsi_host_caps, and refactor
	    it a bit to detect both fc_host and vport_os capabilities
	* src/node_device/node_device_driver.h:
	  - Change/remove the related declarations
	* src/node_device/node_device_udev.c: (Use detect_scsi_host_caps)
	* src/node_device/node_device_hal.c: (Likewise)
	* src/node_device/node_device_driver.c (Likewise)

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Use access instead of stat
	The use of 'stat' in nodeDeviceVportCreateDelete is only to check
	if the file exists or not, it's a bit overkill, and safe to replace
	with the wrapper of access(2) (virFileExists).

2013-03-25  Osier Yang  <jyang@redhat.com>

	util: Add one helper virReadFCHost to read the value of fc_host entry
	"open_wwn_file" in node_device_linux_sysfs.c is redundant, on one
	hand it duplicates work of virFileReadAll, on the other hand, it's
	waste to use a function for it, as there is no other users of it.
	So I don't see why the file opening work cannot be done in
	"read_wwn_linux".

	"read_wwn_linux" can be abstracted as an util function. As what all
	it does is to read the sysfs entry.

	So this patch removes "open_wwn_file", and abstract "read_wwn_linux"
	as an util function "virReadFCHost" (a more general name, because
	after changes, it can read each of the fc_host entry now).

	* src/util/virutil.h: (Declare virReadFCHost)
	* src/util/virutil.c: (Implement virReadFCHost)
	* src/node_device/node_device_linux_sysfs.c: (Remove open_wwn_file,
	  and read_wwn_linux)
	src/node_device/node_device_driver.h: (Remove the declaration of
	  read_wwn_linux, and the related macros)
	src/libvirt_private.syms: (Export virReadFCHost)

2013-03-25  Osier Yang  <jyang@redhat.com>

	nodedev: Introduce two new flags for listAll API
	VIR_CONNECT_LIST_NODE_DEVICES_CAP_FC_HOST to filter the FC HBA,
	and VIR_CONNECT_LIST_NODE_DEVICES_CAP_VPORTS to filter the FC HBA
	which supports vport.

	nodedev: Remove the unused enum
	Guess it was created for the fc_host and vports_ops capabilities
	purpose, but there is enum virNodeDevScsiHostCapFlags for them,
	and enum virNodeDevHBACapType is unused, and actually both
	VIR_ENUM_DECL and VIR_ENUM_IMPL use the wrong enum name
	"virNodeDevHBACap".

2013-03-25  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix docs for "virsh setmaxmem"
	The docs assumed the command works always for QEMU and other
	hypervisors. As this is done using the balloon mechainism live increase
	of the maximum memory limit isn't supported. Fix the docs to mention
	this limitation.

2013-03-23  Martin Kletzander  <mkletzan@redhat.com>

	lxc: Prevent shutting down the host
	When the container has the same '/dev' mount as host (no chroot),
	calling domainShutdown(WithFlags) shouldn't shutdown the host it is
	running on.

2013-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Ensure root filesystem is mounted if a file/block mount.
	For a root filesystem with type=file or type=block, the LXC
	container was forgetting to actually mount it, before doing
	the pivot root step.

	Mount temporary devpts on /var/lib/libvirt/lxc/$NAME.devpts
	Currently the lxc controller sets up the devpts instance on
	$rootfsdef->src, but this only works if $rootfsdef is using
	type=mount. To support type=block or type=file for the root
	filesystem, we must use /var/lib/libvirt/lxc/$NAME.devpts
	for the temporary devpts mount in the controller

	Move FUSE mount to /var/lib/libvirt/lxc/$NAME.fuse
	Instead of using /var/lib/libvirt/lxc/$NAME for the FUSE
	filesystem, use /var/lib/libvirt/lxc/$NAME.fuse. This allows
	room for other temporary mounts in the same directory

2013-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix thread safety in LXC callback handling
	Some of the LXC callbacks did not lock the virDomainObjPtr
	instance. This caused transient errors like

	error: Failed to start domain busy-mount
	error: cannot rename file '/var/run/libvirt/lxc/busy-mount.xml.new' as '/var/run/libvirt/lxc/busy-mount.xml': No such file or directory

	as 2 threads tried to update the status file concurrently

2013-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus filtering from virDomainGetRootFilesystem
	The virDomainGetRootFilesystem was only returning filesystems
	with type=mount. This is bogus - any type of filesystem is
	valid as the root, if dst=/.

2013-03-22  Jim Fehlig  <jfehlig@suse.com>

	Fix parsing of bond interface XML
	Noticed that parsing bond interface XML containing the miimon element
	fails

	  <interface type="bond" name="bond0">
	    ...
	    <bond mode="active-backup">
	      <miimon freq="100" carrier="netif"/>
	      ...
	    </bond>
	  </interface>

	This configuration does not contain the optional updelay and downdelay
	attributes, but parsing will fail due to returning the result of
	virXPathULong (a -1 when the attribute doesn't exist) from
	virInterfaceDefParseBond after examining the updelay attribute.

	While fixing this bug, cleanup the function to use virXPathInt instead
	of virXPathULong, and store the result directly instead of using a tmp
	variable.  Using virXPathInt actually fixes a potential silent
	truncation bug noted by Eric Blake.

	Also, there is no cleanup in the error label.  Remove the label,
	returning failure where failure occurs and success if the end of the
	function is reached.

2013-03-22  Ján Tomko  <jtomko@redhat.com>

	util: fix virAllocVar's comment

2013-03-22  Ján Tomko  <jtomko@redhat.com>

	virsh: don't print --(null) in vol-name and vol-pool
	Don't print the pool option name if it's null.

	Before:
	virsh # vol-name vol
	error: failed to get vol 'vol', specifying --(null) might help
	error: Storage volume not found: no storage vol with matching path vol

	After:

	virsh # vol-name vol
	error: failed to get vol 'vol'
	error: Storage volume not found: no storage vol with matching path vol

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=924571

2013-03-22  Michal Privoznik  <mprivozn@redhat.com>

	viralloc: Export virAllocTest*
	If users build with --enable-test-oom configure option,
	they get this error saying, virAllocTest* functions are
	not defined within tests/testutils.c.

2013-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix free of uninitialized value in LXC numad setup
	The 'nodeset' variable was never initialized, causing a later
	VIR_FREE(nodeset) to free uninitialized memory.

2013-03-22  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add support for LSI MegaRAID SAS1078 (aka megasas) SCSI controller
	This does nothing more than adding the new device and capability.
	The device is present since QEMU 1.2.0.

2013-03-22  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: pass iscsi authorization credentials
	A better way to do this would be to use a configuration file like

	   [iscsi "target-name"]
	   user = name
	   password = pwd

	and pass it via -readconfig.  This would remove the username and password
	from the "ps" output.  For now, however, keep this solution.

2013-03-22  Paolo Bonzini  <pbonzini@redhat.com>

	domain: parse XML for iscsi authorization credentials

	secret: add iscsi to possible usage types

	domain: make port optional for network disks
	Only sheepdog actually required it in the code, and we can use 7000 as the
	default---the same value that QEMU uses for the simple "sheepdog:VOLUME"
	syntax.  With this change, the schema can be fixed to allow no port.

	qemu: support passthrough for iscsi disks
	This enables usage of commands like persistent reservations.

2013-03-22  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add support for libiscsi
	libiscsi provides a userspace iSCSI initiator.

	The main advantage over the kernel initiator is that it is very
	easy to provide different initiator names for VMs on the same host.
	Thus libiscsi supports usage of persistent reservations in the VM,
	which otherwise would only be possible with NPIV.

	libiscsi uses "iscsi" as the scheme, not "iscsi+tcp".  We can change
	this in the tests (while remaining backwards-compatible manner, because
	QEMU uses TCP as the default transport for both Gluster and NBD).

2013-03-22  Guannan Ren  <gren@redhat.com>

	python:remove semicolon in python code
	This breaked "make syntax-check" testing

	Pushed under trivial rule

2013-03-22  Guannan Ren  <gren@redhat.com>

	make: regenerate bindings when <classname>.py changes

2013-03-22  Guannan Ren  <gren@redhat.com>

	python: treat flags as default argument with value 0
	The following four functions have not changed because default arguments
	have to come after positional arguments. Changing them will break the
	the binding APIs.

	migrate(self, dconn, flags, dname, uri, bandwidth):
	migrate2(self, dconn, dxml, flags, dname, uri, bandwidth):
	migrateToURI(self, duri, flags, dname, bandwidth):
	migrateToURI2(self, dconnuri, miguri, dxml, flags, dname, bandwidth):

2013-03-21  Martin Kletzander  <mkletzan@redhat.com>

	Correct invalid RNG schemas
	The 'trang' utility, which is able to transform '.rng' files into
	'.rnc' files, reported some errors in our schemas that weren't caught
	by the tools we use in the build.  I haven't added a test for this,
	but the validity can be checked by the following command:

	trang -I rng -O rnc domain.rng domain.rnc

	There were unescaped minuses in regular expressions and we were
	constraining int (which is by default in the range of [-2^31;2^31-1]
	to maximum of 2^32.  But what we wanted was exactly an unsignedInt.

2013-03-21  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Simplify cleanup path in cmdSnapshotEdit

	virsh-snapshot: Use the mutually exclusive params macro in cmdSnapshotEdit

	virsh-snapshot: Refactor cmdSnapshotCurrent
	Use the exclusive parameter checker and touch up some parts to simplify
	code.

	virsh-domain: Fix flag name in error message to match the check
	The check is done on the "--paused" flag but the error message stated
	"--saved"

	virsh-host: Refactor cmdFreecell
	Use the new helpers to determine mutually exclusive options and touch up
	some parts to simplify the code.

	virsh-snapshot: Refactor virsh snapshot-list
	Simplify error handling and mutually exclusive option checking.

2013-03-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Introduce macros to reject mutually exclusive arguments
	This patch adds three macros to the virsh source tree that help to
	easily check for mutually exclusive parameters.

	VSH_EXCLUSIVE_OPTIONS_EXPR has four arguments, two expressions to check
	and two names of the parameters to print in the message.

	VSH_EXCLUSIVE_OPTIONS is more specific and check the command structure
	for the parameters using vshCommandOptBool.

	VSH_EXCLUSIVE_OPTIONS_VAR is meant to check boolean variables with the
	same name as the parameters.

2013-03-21  Peter Krempa  <pkrempa@redhat.com>

	python: Fix emulatorpin API bindings
	The addition of emulator pinning APIs didn't think of doing the right
	job with python APIs for them. The default generator produced unusable
	code for this.

	This patch switches to proper code as in the case of domain Vcpu pining.
	This change can be classified as a python API-breaker but in the state
	the code was before I doubt anyone was able to use it successfully.

2013-03-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Un-mark volume as mirrored/copied if blockjob copy fails
	When the blockjob fails for some reason an event is emitted but the disk
	wasn't unmarked as being part of a active block copy operation.

2013-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix initialization of virIdentityPtr thread locals
	Some code mistakenly called virIdentityOnceInit directly
	instead of virIdentityInitialize(). This meant that one-time
	initializer was run many times with predictably bad results.

2013-03-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_UNSUPPORTED
	The VIR_ERR_NO_SUPPORT error code is reserved for cases where an
	API is not implemented in a driver. It definitely should not be
	used when an API execution fails due to unsupported operation.

2013-03-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix linkage of virt-aa-helper with numa library
	The recent commit moved some of the use of libnuma out of the
	driver code, and into src/util/. It did not, however, update
	libvirt_util.la to link against libnuma. This caused linkage
	failure with virt-aa-helper, since nothing else caused libnuma
	to be pulled onto the linker command line.

	The fix removes all reference to NUMACTL_LIBS/CFLAGS from the
	various modules in src/Makefile.am and just adds them to the
	libvirt_util.la module, which everything else depends on.

	Technically a build-breaker fix, but wanted to wait for feedback
	on this

2013-03-21  Osier Yang  <jyang@redhat.com>

	qemu: Add the new disk src into shared disk table when updating disk
	We should record the new disk src in the shared disk table for
	updating disk (CD-ROM or Floppy) API. Fortunately, we only allow
	to update the disk source now, otherwise we might also want to
	set the unpriv_sgio setting.

2013-03-21  Guannan Ren  <gren@redhat.com>

	python: fix bindings that don't raise an exception
	For example:
	 >>> dom.memoryStats()
	 libvir: QEMU Driver error : Requested operation is not valid:\
	         domain is not running

	There are six such python API functions like so.
	The root reason is that generator.py script checks the type of return
	value of a python stub function defined in libvirt-api.xml or
	libvirt-override-api.xml to see whether to add the raise clause or not
	in python wrapper code in libvirt.py.

	The type of return value is supposed to be C types.
	For those stub functions which return python non-integer data type like
	string, list, tuple, dictionary, the existing type in functions varies
	from each other which leads problem like this.

	Currently, in generator.py, it maintains a buggy whitelist for stub functions
	returning a list type. I think it is easy to forget adding new function name
	in the whitelist.

	This patch makes the value of type consistent with C type "char *"
	in libvirt-override-api.xml. For python, any of types could be printed
	as string, so I choose "char *" in this case. And the comment in xml
	could explain it when adding new function definition.

	      <function name='virNodeGetCPUStats' file='python'>
	        ...
	 -      <return type='virNodeCPUStats' info='...'/>
	 +      <return type='char *' info='...'/>
	        ...
	      </function>

2013-03-21  Paolo Bonzini  <pbonzini@redhat.com>

	domain: add support for iscsi network disks
	This plumbs in the XML description of iSCSI shares.  The next patches
	will add support for the libiscsi userspace initiator.

2013-03-20  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Clean redundant code about VCPU string checking
	Now that VCPU number are removed from qemu_monitor_text.c
	(commit cc78d7ba), VCPU string checking also should be removed.

	Report-by: John Ferlan <jferlan@redhat.com>

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	cgroup: export virCgroupRemoveRecursively
	We will use virCgroupRemoveRecursively to remove cgroup
	directories in the coming patch.

2013-03-20  Guido Günther  <agx@sigxcpu.org>

	Don't fail if SELinux is diabled
	but libvirt is built with --with-selinux. In this case getpeercon
	returns ENOPROTOOPT so don't return an error in that case but simply
	don't set seccon.

2013-03-20  Gene Czarcinski  <gene@czarc.net>

	clarify virsh net commands
	Clarify that net-create deals with a transient virtual
	network whereas net-define defines a persistent virtual
	network definition and will create the network (xml)
	definition file.

	Clarify that net-destroy works with both transient and
	persistent virtual networks.

2013-03-20  Philipp Hahn  <hahn@univention.de>

	doc/schema: disk storage volume formats
	The storage volume formats supported by the disk storage pool are
	missing from the allowed values.

	Add partition types.

2013-03-20  Philipp Hahn  <hahn@univention.de>

	doc: storage: Fix grammar
	Remove 'are' before 'have'.

2013-03-20  Philipp Hahn  <hahn@univention.de>

	doc/schema: Support iqn for storage pools
	iSCSI qualified names (iqn) from RFC3721 may contain colons (':'), which
	neither matches the absFilePath nor genericName:

	 $ virsh pool-dumpxml myiscsipool
	 <pool type='iscsi'>
	 ...
	   <source>
	 ...
	     <device path='iqn.2003-01.org.linux-iscsi.phahn-sid93.x8664:sn.8a3daa0d4efd'/>
	   </source>
	 ...
	 </pool>

	Add IscsiQualifiedName type and allow its use in sourceiscsi.

2013-03-20  Philipp Hahn  <hahn@univention.de>

	doc/schema: add ocfs2 for disk vol
	Add ocfs2 for disk vol.

2013-03-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos s/HAVE_SELINUX/WITH_SELINUX/
	The virNetSocket & virIdentity classes accidentally got some
	conditionals using HAVE_SELINUX instead of WITH_SELINUX.

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: add cpuset cgroup support for lxc
	This patch adds cpuset cgroup support for LXC.

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	NUMA: cleanup for numa related codes
	Intend to reduce the redundant code,use virNumaSetupMemoryPolicy
	to replace virLXCControllerSetupNUMAPolicy and
	qemuProcessInitNumaMemoryPolicy.

	This patch also moves the numa related codes to the
	file virnuma.c and virnuma.h

2013-03-20  Olivia Yin  <hong-hua.yin@freescale.com>

	fix TLS error with virNetServerClientCreateIdentity
	Compilation error when WITH_GNUTLS is 0, introduced in commit d5e83ad.

2013-03-20  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: allow uses advisory nodeset from querying numad
	Allow lxc using the advisory nodeset from querying numad,
	this means if user doesn't specify the numa nodes that
	the lxc domain should assign to, libvirt will automatically
	bind the lxc domain to the advisory nodeset which queried from
	numad.

2013-03-19  Gao feng  <gaofeng@cn.fujitsu.com>

	rename qemuGetNumadAdvice to virNumaGetAutoPlacementAdvice
	qemuGetNumadAdvice will be used by LXC driver, rename
	it to virNumaGetAutoPlacementAdvice and move it to virnuma.c

2013-03-19  Olivia Yin  <hong-hua.yin@freescale.com>

	selinux: deal with dtb file

2013-03-19  Olivia Yin  <hong-hua.yin@freescale.com>

	qemu: add dtb option support
	The "dtb" option sets the filename for the device tree.
	If without this option support, "-dtb file" will be converted into
	<qemu:commandline> in domain XML file.
	For example, '-dtb /media/ram/test.dtb' will be converted into
	  <qemu:commandline>
	    <qemu:arg value='-dtb'/>
	    <qemu:arg value='/media/ram/test.dtb'/>
	  </qemu:commandline>

	This is not very friendly.
	This patchset add special <dtb> tag like <kernel> and <initrd>
	which is easier for user to write domain XML file.
	  <os>
	    <type arch='ppc' machine='ppce500v2'>hvm</type>
	    <kernel>/media/ram/uImage</kernel>
	    <initrd>/media/ram/ramdisk</initrd>
	    <dtb>/media/ram/test.dtb</dtb>
	    <cmdline>root=/dev/ram rw console=ttyS0,115200</cmdline>
	  </os>

2013-03-19  Olivia Yin  <hong-hua.yin@freescale.com>

	conf: support <dtb> tag in XML domain file

2013-03-19  Doug Goldstein  <cardoe@cardoe.com>

	Fix --without-libvirtd builds
	When building with --without-libvirtd and udev support is detected we
	will fail to build with the following error:
	    node_device/node_device_udev.c:1608:37: error: unknown type name
	        'virStateInhibitCallback'

2013-03-19  Gene Czarcinski  <gene@czarc.net>

	rename tests/conftest.c
	To prevent confusion with configure's popular name
	for a file, rename conftest.c to test_conf.c which
	is consistent with the invoking test_conf.sh

2013-03-19  Laine Stump  <laine@laine.org>

	storage: fix unlikely memory leak in rbd backend
	virStorageBackendRBDRefreshPool() first allocates an array big enough
	to hold 1024 names, then calls rbd_list(), which returns ERANGE if the
	array isn't big enough. When that happens, the VIR_ALLOC_N is called
	again with a larger size. Unfortunately, the original array isn't
	freed before allocating a new one.

2013-03-19  Christophe Fergeau  <cfergeau@redhat.com>

	Fix /pool/storage/name documentation
	There was a 2 word sentence 'remote server' which is a left-over
	from copy and paste.

	Fix /pool/storage/directory@path documentation
	Because of a wrong copy and paste, the documentation was saying that
	'path' is the path to a block device node while it's a path to a
	directory.

2013-03-19  Daniel P. Berrange  <berrange@redhat.com>

	Do not prematurely close loop devices in LXC controller
	The LXC controller is closing loop devices as soon as the
	container has started. This is fine if the loop device
	was setup as a mounted filesystem, but if we're just passing
	through the loop device as a disk, nothing else is keeping
	it open. Thus we must keep the loop device FDs open for as
	long the libvirt_lxc process is running.

	Setup LXC cgroups in two phases
	Currently the LXC controller creates the cgroup, configures the
	resources and adds the task all in one go. This is not sufficiently
	flexible for the forthcoming NBD integration. We need to make sure
	the NBD process gets into the right cgroup immediately, but we can
	not have limits (in particular the device ACL) applied at the point
	where we start qemu-nbd. So create a virLXCCgroupCreate method
	which creates the cgroup and adds the current task to be called
	early, and leave virLXCCgroupSetup to only do resource config.

	Set the current client identity during API call dispatch
	When dispatching an RPC API call, setup the current identity to
	hold the identity of the network client associated with the
	RPC message being dispatched. The setting is thread-local, so
	only affects the API call in this thread

	Add ability to get a virIdentity from a virNetServerClientPtr
	Add APIs which allow creation of a virIdentity from the info
	associated with a virNetServerClientPtr instance. This is done
	based on the results of client authentication processes like
	TLS, x509, SASL, SO_PEERCRED

	Add API to get the system identity
	If no user identity is available, some operations may wish to
	use the system identity. ie the identity of the current process
	itself. Add an API to get such an identity.

	Add APIs for associating a virIdentityPtr with the current thread
	To allow any internal API to get the current identity, add APIs
	to associate a virIdentityPtr with the current thread, via a
	thread local

	Define internal APIs for managing identities
	Introduce a local object virIdentity for managing security
	attributes used to form a client application's identity.
	Instances of this object are intended to be used as if they
	were immutable, once created & populated with attributes

	Add APIs to get at more client security data
	A socket object has various pieces of security data associated
	with it, such as the SELinux context, the SASL username and
	the x509 distinguished name. Add new APIs to virNetServerClient
	and related modules to access this data.

2013-03-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix startupPolicy regression
	Commit 82d5fe543720da6d83c1d6bfa1c347d7d9fda278

	    qemu: check backing chains even when cgroup is omitted

	added backing file checks just before the code that removes optional
	disks if they are not present. However, the backing chain code fails in
	case the disk file does not exist, which makes qemuProcessStart fail
	regardless on configured startupPolicy.

	Note that startupPolicy implementation is still wrong after this patch
	since it only check the first file in a possible chain. It should rather
	check the complete backing chain. But this is an existing limitation
	that can be solved later. After all, startupPolicy is most useful for
	CDROM images and they won't make use of backing files in most cases.

2013-03-15  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: support URI syntax for NBD
	QEMU 1.3 and newer support an alternative URI-based syntax to specify
	the location of an NBD server.  Libvirt can keep on using the old
	syntax in general, but only the URI syntax supports IPv6 addresses.

	The URI syntax also supports relative paths to Unix sockets.  These
	should never be used but aren't explicitly blocked either by the parser,
	so support it just in case.

	The URI syntax is intentionally compatible with Gluster's, and the
	code can be reused.

2013-03-15  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: support NBD with Unix sockets
	This reuses the XML format that was introduced for Gluster.

	qemu: support named nbd exports
	These are supported by nbd-server and by the NBD server that QEMU
	embeds for live image access.

	qemu: rewrite NBD command-line builder and parser
	Move the code to an external function, and structure it to prepare
	the addition of new features in the next few patches.

	qemu: test NBD command-line builder and parser
	Enable more testing of NBD parsing, to ensure rewrites work.

2013-03-15  Eric Blake  <eblake@redhat.com>

	util: portably check for unchanged uid
	We've already scrubbed for comparisons of 'uid_t == -1' (which fail
	on platforms where uid_t is a u16), but another one snuck in.

	* src/util/virutil.c (virSetUIDGIDWithCaps): Correct uid comparison.
	* cfg.mk (sc_prohibit_risky_id_promotion): New rule.

2013-03-15  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: do not support non-network disks without -drive
	QEMU added -drive in 2007, and NBD in 2008.  Both appeared first in
	release 0.10.0.  Thus the code to support network disks without -drive
	is dead, and in fact it incorrectly escapes commas.  Drop it.

2013-03-15  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup useless flags specifications
	After we switched to C99 initialization, I noticed there were many
	places where the specification of .flags parameter differed.  After
	going through many options and deciding whether to unify the
	initialization to be '.flags = 0' or '.flags = VSH_OFLAG_NONE', I
	realized both can be removed and it makes the code easier to go
	through.

2013-03-15  Martin Kletzander  <mkletzan@redhat.com>

	Fix snapshot-create-as syntax in help output
	According to the man page, the memspec parameter should have the
	'--memspec' option mandatory and this is as close as we can get to
	that.  What this change does is explained below.

	man virsh:

	snapshot-create-as ... [[--live] [--memspec memspec]]

	virsh help snapshot-create-as before this patch:

	  SYNOPSIS
	    snapshot-create-as ... [<memspec>] ...
	...
	  OPTIONS
	    [--memspec] <string> ...

	virsh help snapshot-create-as after this patch:

	  SYNOPSIS
	    snapshot-create-as ... [--memspec <string>] ...
	...
	  OPTIONS
	    --memspec <string> ...

2013-03-15  Martin Kletzander  <mkletzan@redhat.com>

	Make vshDebug work when parsing parameters
	The vshInit initializes ctl->debug by which vshDebug (which is also
	called in vshParseArgv) decides whether to print out the message or
	not.

2013-03-15  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Remove contiguous CPU indexes assumption
	When getting CPUs' information, it assumes that CPU indexes
	are not contiguous. But for ppc64 platform, CPU indexes are not
	contiguous because SMT is needed to be disabled, so CPU information
	is not right on ppc64 and vpuinfo, vcpupin can't work corretly.

	This patch is to remove the assumption to be compatible with ppc64.

	Test:
	   4 vcpus are assigned to one VM and execute vcpuinfo command.

	   Without patch: There is only one vcpu informaion can be listed.
	   With patch: All vcpus' information can be listed correctly.

2013-03-15  Christophe Fergeau  <cfergeau@redhat.com>

	Update to COPYING.LIB to latest LGPLv2.1 copy
	The text version
	of LGPLv2.1 available at
	http://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt is slightly
	different from COPYING.LIB:
	- several paragraphs were rewrapped
	- the FSF address has changed, so the license has been changed to
	  indicate the newer address

	I've checked that there are no changes in the license text apart from
	the updated address, which is what I want to fix with this commit.

2013-03-15  Yanbing Du  <ydu@redhat.com>

	Fix a copy & paste error for virsh dump help

2013-03-15  Peter Krempa  <pkrempa@redhat.com>

	audit: Audit resources used by VirtIO RNG
	This patch adds auditing of resources used by Virtio RNG devices. Only
	resources on the local filesystems are audited.

	The audit logs look like:

	For the 'random' backend:
	type=VIRT_RESOURCE msg=audit(1363099126.643:31): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/dev/random": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'

	For local character device source:
	type=VIRT_RESOURCE msg=audit(1363100164.240:96): pid=995252 uid=0 auid=4294967295 ses=4294967295 msg='virt=kvm resrc=rng reason=start vm="qcow-test" uuid=118733ed-b658-3e22-a2cb-4fe5cb3ddf79 old-rng="?" new-rng="/tmp/unix.sock": exe="/home/pipo/libvirt/daemon/.libs/libvirtd" hostname=? addr=? terminal=pts/0 res=success'

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Testcases for virtio-scsi and virtio-rng
	Adding test cases for virtio-scsi and virtio-rng. Since ccw is covering
	the superset of the s390 bus handling, these are deemed to be sufficient.

	S390: Enable virtio-scsi and virtio-rng
	Newer versions of QEMU support virtio-scsi and virtio-rng devices
	on the virtio-s390 and ccw buses. Adding capability detection,
	address assignment and command line generation for that.

	qemu: Rename virtio-scsi capability
	QEMU_CAPS_VIRTIO_SCSI_PCI implies that virtio-scsi is only supported
	for the PCI bus, which is not the case. Remove the _PCI suffix.

2013-03-14  Laine Stump  <laine@laine.org>

	util: fix clear_emulator_capabilities=0
	My commit 7a2e845a865dc7fa82d2393ea2a770cfc8cf00b4 (and its
	prerequisites) managed to effectively ignore the
	clear_emulator_capabilities setting in qemu.conf (visible in the code
	as the VIR_EXEC_CLEAR_CAPS flag when qemu is being exec'ed), with the
	result that the capabilities are always cleared regardless of the
	qemu.conf setting. This patch fixes it by passing the flag through to
	virSetUIDGIDWithCaps(), which uses it to decide whether or not to
	clear existing capabilities before adding in those that were
	requested.

	Note that the existing capabilities are *always* cleared if the new
	process is going to run as non-root, since the whole point of running
	non-root is to have the capabilities removed (it's still possible to
	maintain individual capabilities as needed using the capBits argument
	though).

2013-03-14  Eric Blake  <eblake@redhat.com>

	qemu: detect multi-head qxl via more than version check
	Multi-head QXL support is so useful that distros have started to
	backport it to qemu earlier than 1.2.  After discussion with
	Alon Levy, we determined that the existence of the qxl-vga.surfaces
	property is a reliable indicator of whether '-device qxl-vga' works,
	or whether we have to stick to the older '-vga qxl'.  I'm leaving
	in the existing check for QEMU_CAPS_DEVICE_VIDEO_PRIMARY tied to
	qemu 1.2 and newer (in case qemu is built without qxl support),
	but for those distros that backport qxl, this additional capability
	check will allow the correct command line for both RHEL 6.3 (which
	lacks the feature) and RHEL 6.4 (where qemu still claims to be
	version 0.12.2.x, but has backported multi-head qxl).

	* src/qemu/qemu_capabilities.c (virQEMUCapsObjectPropsQxlVga): New
	property test.
	(virQEMUCapsExtractDeviceStr): Probe for backport of new
	capability to qemu earlier than 1.2.
	* tests/qemuhelpdata/qemu-kvm-1.2.0-device: Update test.
	* tests/qemuhelpdata/qemu-1.2.0-device: Likewise.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device:
	Likewise.

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix deps for generating RPC dispatch code
	The src/lxc/lxc_*_dispatch.h files only had deps on the
	RPC generator script & the XDR definition file. So when
	the Makefile.am args passed to the generator were change,
	the disaptch code was not re-generated. This caused a
	build failure

	  CC       libvirt_lxc-lxc_controller.o
	lxc/lxc_controller.c: In function 'virLXCControllerSetupServer':
	lxc/lxc_controller.c:718:47: error: 'virLXCMonitorProcs' undeclared (first use in this function)
	lxc/lxc_controller.c:718:47: note: each undeclared identifier is reported only once for each function it appears in
	lxc/lxc_controller.c:719:47: error: 'virLXCMonitorNProcs' undeclared (first use in this function)
	make[3]: *** [libvirt_lxc-lxc_controller.o] Error 1

	For added fun, the generated files were not listed in
	CLEANFILES, so only a 'git clean -f' would fix the build

2013-03-14  Ján Tomko  <jtomko@redhat.com>

	Fix size probing for VDI images
	Commit 027bf2ea used the wrong offset: the text field at the start
	of the header has 64 bytes, not 68. [1]

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=921452

	[1] https://forums.virtualbox.org/viewtopic.php?p=29267#p29267

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix generation of systemtap probes for RPC protocols
	The naming used in the RPC protocols for the LXC monitor and
	lock daemon confused the script used to generate systemtap
	helper functions. Rename the LXC monitor protocol symbols to
	reduce confusion. Adapt the gensystemtap.pl script to cope
	with the LXC monitor / lock daemon naming conversions.

	This has no functional impact on RPC wire protocol, since
	names are only used in the C layer

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Re-add DTrace probes on 'dispose' functions
	When converting to virObject, the probes on the 'Free' functions
	were removed on the basis that there is a probe on virObjectFree
	that suffices. This puts a burden on people writing probe scripts
	to identify which object is being dispose. This adds back probes
	in the 'Dispose' functions and updates the rpc monitor systemtap
	example to use them

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix parsing of SELinux ranges without a category
	Normally libvirtd should run with a SELinux label

	  system_u:system_r:virtd_t:s0-s0:c0.c1023

	If a user manually runs libvirtd though, it is sometimes
	possible to get into a situation where it is running

	  system_u:system_r:init_t:s0

	The SELinux security driver isn't expecting this and can't
	parse the security label since it lacks the ':c0.c1023' part
	causing it to complain

	  internal error Cannot parse sensitivity level in s0

	This updates the parser to cope with this, so if no category
	is present, libvirtd will hardcode the equivalent of c0.c1023.

	Now this won't work if SELinux is in Enforcing mode, but that's
	not an issue, because the user can only get into this problem
	if in Permissive mode. This means they can now start VMs in
	Permissive mode without hitting that parsing error

2013-03-14  Daniel P. Berrange  <berrange@redhat.com>

	Separate MCS range parsing from MCS range checking
	Pull the code which parses the current process MCS range
	out of virSecuritySELinuxMCSFind and into a new method
	virSecuritySELinuxMCSGetProcessRange.

	Fix memory leak on OOM in virSecuritySELinuxMCSFind
	The body of the loop in virSecuritySELinuxMCSFind would
	directly 'return NULL' on OOM, instead of jumping to the
	cleanup label. This caused a leak of several local vars.

	Avoid closing uninitialized FDs when LXC startup fails
	If an LXC domain failed to start because of a bogus SELinux
	label, virLXCProcessStart would call VIR_CLOSE(0) by mistake.
	This is because the code which initializes the member of the
	ttyFDs array to -1 got moved too far away from the place where
	the array is first allocated.

	Prevent streams from becoming libvirtd controlling TTY
	When opening a stream to a device which is a TTY, that device
	may become the controlling TTY of libvirtd, if libvirtd was
	daemonized. This in turn means when the other end of the stream
	closes, libvirtd gets SIGHUP, causing it to reload its config.
	Prevent this by forcing O_NOCTTY on all streams that are opened

2013-03-14  Peter Krempa  <pkrempa@redhat.com>

	virtio-rng: Add rate limiting options for virtio-RNG
	Qemu's implementation of virtio RNG supports rate limiting of the
	entropy used. This patch exposes the option to tune this functionality.

	This patch is based on qemu commit 904d6f588063fb5ad2b61998acdf1e73fb4

	The rate limiting is exported in the XML as:
	<devices>
	  ...
	  <rng model='virtio'>
	    <rate bytes='123' period='1234'/>
	    <backend model='random'/>
	  </rng>
	  ...

2013-03-14  Guannan Ren  <gren@redhat.com>

	util: escapes special characters in VIR_LOG_REGEX
	In debug mode, the bug failed to start vm
	error: Failed to start domain rhel5u9
	error: internal error Out of space while reading console log output:
	...

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Testcases for virtio-ccw machines
	This adds and corrects testcases for virtio devices on s390
	guests.

2013-03-14  J.B. Joret  <jb@linux.vnet.ibm.com>

	S390: Add hotplug support for s390 virtio devices
	We didn't yet expose the virtio device attach and detach functionality
	for s390 domains as the device hotplug was very limited with the old
	virtio-s390 bus. With the CCW bus there's full hotplug support for
	virtio devices in QEMU, so we are adding this to libvirt too.

	Since the virtio hotplug isn't limited to PCI anymore, we change the
	function names from xxxPCIyyy to xxxVirtioyyy, where we handle all
	three virtio bus types.

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: QEMU driver support for CCW addresses
	This commit adds the QEMU driver support for CCW addresses. The
	current QEMU only allows virtio devices to be attached to the
	CCW bus. We named the new capability indicating that support
	QEMU_CAPS_VIRTIO_CCW accordingly.

	The fact that CCW devices can only be assigned to domains with a
	machine type of s390-ccw-virtio requires a few extra checks for
	machine type in qemu_command.c on top of querying
	QEMU_CAPS_VIRTIO_{CCW|S390}.

	The majority of the new functions deals with CCW address generation
	and management.

2013-03-14  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: domain_conf support for CCW
	Add necessary handling code for the new s390 CCW address type to
	virDomainDeviceInfo. Further, introduce  memory management, XML
	parsing, output formatting and range validation for the new
	virDomainDeviceCCWAddress type.

2013-03-13  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Documentation for CCW address type
	The native bus for s390 I/O is called CCW (channel command word).
	As QEMU has added basic support for the CCW bus, i.e. the
	ability to assign CCW devnos (bus addresses) to devices.
	Domains with the new machine type s390-ccw-virtio can use the
	CCW bus. Currently QEMU will only allow to define virtio
	devices on the CCW bus.
	Here we add the new machine type and the new device address to the
	schema definition and add a new paragraph to the domain XML
	documentation.

2013-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Daemonize fuse thread in libvirt_lxc
	In some startup failure modes, the fuse thread may get itself
	wedged. This will cause the entire libvirt_lxc process to
	hang trying to the join the thread. There is no compelling
	reason to wait for the thread to exit if the whole process
	is exiting, so just daemonize the fuse thread instead.

	Use separate symbol file for GNUTLS symbols
	A number of symbols are only present when GNUTLS is enabled.
	Thus we must use a separate libvirt_gnutls.syms file for them
	instead of libvirt_private.syms

	Fix missing error dispatch in virDomainLxcEnterNamespace
	The virDomainLxcEnterNamespace method mistakenly uses
	virCheckFlags, which returns immediately instead of
	virCheckFlagsGoto which jumps to the error cleanup
	patch where there is a virDispatchError call

2013-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix query of LXC security label
	The virDomainGetSecurityLabel method is currently (mistakenly)
	showing the label of the libvirt_lxc process:

	...snip...
	Security model: selinux
	Security DOI:   0
	Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive)

	when it should be showing the init process label

	...snip...
	Security model: selinux
	Security DOI:   0
	Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive)

2013-03-13  Daniel P. Berrange  <berrange@redhat.com>

	Apply security label when entering LXC namespaces
	Add a new virDomainLxcEnterSecurityLabel() function as a
	counterpart to virDomainLxcEnterNamespaces(), which can
	change the current calling process to have a new security
	context. This call runs client side, not in libvirtd
	so we can't use the security driver infrastructure.

	When entering a namespace, the process spawned from virsh
	will default to running with the security label of virsh.
	The actual desired behaviour is to run with the security
	label of the container most of the time. So this changes
	virsh lxc-enter-namespace command to invoke the
	virDomainLxcEnterSecurityLabel method.

	The current behaviour is:

	LABEL                             PID TTY          TIME CMD
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
	staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps

	Note the ps command is running as unconfined_t,  After this patch,

	The new behaviour is this:

	virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
	LABEL                             PID TTY          TIME CMD
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
	system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps

	The '--noseclabel' flag can be used to skip security labelling.

2013-03-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu_driver: Try KVM_CAP_MAX_VCPUS only if defined
	With our recent patch (1715c83b5f) we thrive to get the correct
	number of maximal VCPUs. However, we are using a constant from
	linux/kvm.h which may be not defined in every distro. Hence, we
	should guard usage of the constant with ifdef preprocessor
	directive. This was introduced in kernel:

	    commit 8c3ba334f8588e1d5099f8602cf01897720e0eca
	    Author: Sasha Levin <levinsasha928@gmail.com>
	    Date:   Mon Jul 18 17:17:15 2011 +0300

	    KVM: x86: Raise the hard VCPU count limit

	    The patch raises the hard limit of VCPU count to 254.

	    This will allow developers to easily work on scalability
	    and will allow users to test high VCPU setups easily without
	    patching the kernel.

	    To prevent possible issues with current setups, KVM_CAP_NR_VCPUS
	    now returns the recommended VCPU limit (which is still 64) - this
	    should be a safe value for everybody, while a new KVM_CAP_MAX_VCPUS
	    returns the hard limit which is now 254.

	$ git desc 8c3ba334f
	v3.1-rc7-48-g8c3ba33

2013-03-13  Peter Krempa  <pkrempa@redhat.com>

	virCaps: conf: start splitting out irrelevat data
	The virCaps structure gathered a ton of irrelevant data over time that.
	The original reason is that it was propagated to the XML parser
	functions.

	This patch aims to create a new data structure virDomainXMLConf that
	will contain immutable data that are used by the XML parser. This will
	allow two things we need:

	1) Get rid of the stuff from virCaps

	2) Allow us to add callbacks to check and add driver specific stuff
	after domain XML is parsed.

	This first attempt removes pointers to private data allocation functions
	to this new structure and update all callers and function that require
	them.

2013-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Remove hack using existance of an 'identity' string to disable auth
	Currently the server determines whether authentication of clients
	is complete, by checking whether an identity is set. This patch
	removes that lame hack and replaces it with an explicit method
	for changing the client auth code

	* daemon/remote.c: Update for new APis
	* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
	  and virNetServerClientSetIdentity, adding a new method
	  virNetServerClientSetAuth.

2013-03-12  Daniel P. Berrange  <berrange@redhat.com>

	Add API for thread cancellation
	Add a virThreadCancel function. This functional is inherently
	dangerous and not something we want to use in general, but
	integration with SELinux requires that we provide this stub.
	We leave out any Win32 impl to discourage further use and
	because obviously SELinux isn't enabled on Win32

	Add missing break in LXC loop device setup
	When setting up disks with loop devices for LXC, one of the
	switch cases was missing a 'break' causing it to fallthrough
	to an error condition.

2013-03-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid NULL dereference in qemuSharedDiskEntryFree
	At least one caller may call qemuSharedDiskEntryFree with NULL as the
	first argument. Let's make the function similar to other *Free functions
	and do nothing in such case.

	docs: Clarify semantics of sparse storage volumes
	Sparse LVM volumes do not behave in the way one would naively expect.
	The allocation does not automatically increase (which is different from
	how sparse files work).

2013-03-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix retrieval of maximum number of vCPUs on KVM hosts
	The detection of the maximum number of cpus used incorrect ioctl
	argument value. This flaw caused that on kvm hosts this returns always
	"160" as the maximum. This is just a recommended maximum value. The real
	value is higher than that.

	This patch tweaks the detection function to behave as described by the
	kernel docs:

	https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/virtual/kvm/api.txt?id=refs/tags/v3.9-rc2#n199

2013-03-11  Hu Tao  <hutao@cn.fujitsu.com>

	nodeinfo: don't define nodeGetCellMemory if it isn't ever used

2013-03-11  Ján Tomko  <jtomko@redhat.com>

	virsh: fix snapshot-create with no xmlfile
	Properly check the return value of vshCommandOptStringReq for xmlfile:
	* error out on incorrect input (--xmlfile '')
	* use default XML <domainsnapshot/> with no --xmlfile specified

	(Broken by commit b2e8585)

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=919826

2013-03-11  Guido Günther  <agx@sigxcpu.org>

	Convert HAVE_SELINUX to WITH_SELINUX
	these were missed by 63f18f378693cac6b6e33f4a8c15c20cb191c7c8

2013-03-11  Guido Günther  <agx@sigxcpu.org>

	lxc: Init activeUsbHostdevs
	otherwise we crash with

	 #0  virUSBDeviceListFind (list=0x0, dev=dev@entry=0x8193d70) at util/virusb.c:526
	 #1  0xb1a4995b in virLXCPrepareHostdevUSBDevices (driver=driver@entry=0x815d9a0, name=0x815dbf8 "debian-700267", list=list@entry=0x81d8f08) at lxc/lxc_hostdev.c:88
	 #2  0xb1a49fce in virLXCPrepareHostUSBDevices (def=0x8193af8, driver=0x815d9a0) at lxc/lxc_hostdev.c:261
	 #3  virLXCPrepareHostDevices (driver=driver@entry=0x815d9a0, def=0x8193af8) at lxc/lxc_hostdev.c:328
	 #4  0xb1a4c5b1 in virLXCProcessStart (conn=0x817d3f8, driver=driver@entry=0x815d9a0, vm=vm@entry=0x8190908, autoDestroy=autoDestroy@entry=false, reason=reason@entry=VIR_DOMAIN_RUNNING_BOOTED)
	     at lxc/lxc_process.c:1068
	 #5  0xb1a57e00 in lxcDomainStartWithFlags (dom=dom@entry=0x815e460, flags=flags@entry=0) at lxc/lxc_driver.c:1014
	 #6  0xb1a57fc3 in lxcDomainStart (dom=0x815e460) at lxc/lxc_driver.c:1046
	 #7  0xb79c8375 in virDomainCreate (domain=domain@entry=0x815e460) at libvirt.c:8450
	 #8  0x08078959 in remoteDispatchDomainCreate (args=0x81920a0, rerr=0xb65c21d0, client=0xb0d00490, server=<optimized out>, msg=<optimized out>) at remote_dispatch.h:1066
	 #9  remoteDispatchDomainCreateHelper (server=0x80c4928, client=0xb0d00490, msg=0xb0d005b0, rerr=0xb65c21d0, args=0x81920a0, ret=0x815d208) at remote_dispatch.h:1044
	 #10 0xb7a36901 in virNetServerProgramDispatchCall (msg=0xb0d005b0, client=0xb0d00490, server=0x80c4928, prog=0x80c6438) at rpc/virnetserverprogram.c:432
	 #11 virNetServerProgramDispatch (prog=0x80c6438, server=server@entry=0x80c4928, client=0xb0d00490, msg=0xb0d005b0) at rpc/virnetserverprogram.c:305
	 #12 0xb7a300a7 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x80c4928) at rpc/virnetserver.c:162
	 #13 virNetServerHandleJob (jobOpaque=0xb0d00510, opaque=0x80c4928) at rpc/virnetserver.c:183
	 #14 0xb7924f98 in virThreadPoolWorker (opaque=opaque@entry=0x80a94b0) at util/virthreadpool.c:144
	 #15 0xb7924515 in virThreadHelper (data=0x80a9440) at util/virthreadpthread.c:161
	 #16 0xb7887c39 in start_thread (arg=0xb65c2b70) at pthread_create.c:304
	 #17 0xb77eb78e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

	when adding a domain with a usb device. This is Debian bug

	    http://bugs.debian.org/700267

2013-03-11  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Require network QoS if interface uses 'floor'
	By current implementation, network inbound is required in order
	to use 'floor' for guaranteeing  minimal throughput. This is so,
	because we want user to tell us the maximal throughput of the
	network instead of finding out ourselves (and detect bogus values
	in case of virtual interfaces). However, we are nowadays
	requiring this only on documentation level. So if user starts a
	domain with 'floor' set on one its interfaces, we silently ignore
	the setting. We should error out instead.

2013-03-10  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Remove unused vshCompleteXMLFromDomain
	The function is marked as unused and breaks compilation on RHEL4. Remove
	it from the tree until a new use case can be found.

2013-03-10  Peter Krempa  <pkrempa@redhat.com>

	Revert "Ensure xmlSaveToBuffer is always defined"
	The commit originally fixed code that isn't being used. Revert
	it and remove the unused code as a real fix.

	This reverts commit a66b32d9295ed87698ffd98d82e9e5818ff799e5.

2013-03-08  Dusty Mabe  <dustymabe@gmail.com>

	capabilities: add NUMA memory information
	'virsh capabilities' will now include a new <memory> element
	per <cell> of the topology, as in:

	    <topology>
	      <cells num='2'>
	        <cell id='0'>
	          <memory unit='KiB'>12572412</memory>
	          <cpus num='12'>
	          ...
	        </cell>

2013-03-08  Guido Günther  <agx@sigxcpu.org>

	lxc: include sys/stat.h
	This fixes the build on Debian Wheezy which otherwise fails with:

	  CC     libvirt_driver_lxc_impl_la-lxc_process.lo
	  lxc/lxc_process.c: In function 'virLXCProcessGetNsInode':
	  lxc/lxc_process.c:648:5: error: implicit declaration of function 'stat' [-Werror=implicit-function-declaration]
	  lxc/lxc_process.c:648:5: error: nested extern declaration of 'stat' [-Werror=nested-externs]
	  cc1: all warnings being treated as errors

2013-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainBlockStatsFlags: Guard disk lookup with a domain job
	When there are two concurrent threads, we may dereference a NULL
	pointer, even though it has been checked before:

	1. Thread1: starts executing qemuDomainBlockStatsFlags() with nparams != 0.
	            It finds given disk and successfully pass check for disk->info.alias
	            not being NULL.
	2. Thread2: starts executing qemuDomainDetachDeviceFlags() on the very same
	            disk as Thread1 is working on.
	3. Thread1: gets to qemuDomainObjBeginJob() where it sets a job on a
	            domain.
	4. Thread2: also tries to set a job. However, we are not guaranteed which
	            thread wins. So assume it's Thread2 who can continue.
	5. Thread2: does the actual detach and frees disk->info.alias
	6. Thread2: quits the job
	7. Thread1: now successfully acquires the job, and accesses a NULL pointer.

2013-03-08  Guannan Ren  <gren@redhat.com>

	apparmor: use AppArmorSetFDLabel for both imageFD and tapFD
	Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could
	be used as a common function for *ALL* fd relabelling in Linux.

	In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773
	Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files
	The last line is for the tapfd relabelling.

	 # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
	  "/var/log/libvirt/**/rhel6qcow2.log" w,
	  "/var/lib/libvirt/**/rhel6qcow2.monitor" rw,
	  "/var/run/libvirt/**/rhel6qcow2.pid" rwk,
	  "/run/libvirt/**/rhel6qcow2.pid" rwk,
	  "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
	  "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw,
	  "/var/lib/libvirt/images/rhel6u3qcow2.img" rw,
	  "/dev/tap45" rw,

2013-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Include pid namespace inode in LXC audit messages
	To allow the efficient correlation of container audit messages
	with host hosts, include the pid namespace inode in audit
	messages.

	Add support for disks backed by plain files in LXC
	By using a loopback device, disks backed by plain files can
	be made available to LXC containers. We make no attempt to
	auto-detect format if <driver type="raw"/> is not set,
	instead we unconditionally treat that as meaning raw. This
	is to avoid the security issues inherent with format
	auto-detection

	Refactor loop device setup code in LXC
	Minor re-factoring of code for setting up loop devices in
	the LXC controller

	Convert QEMU driver to use virLogProbablyLogMessage
	The current QEMU code for skipping log messages only skips over
	'debug' message, switch to virLogProbablyLogMessage to make sure
	it skips over all of them

2013-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Improve LXC startup error reporting
	Currently we rely on a VIR_ERROR message being logged by the
	virRaiseError function to report LXC startup errors. This gives
	the right message, but is rather ugly and can be truncated
	if lots of log messages are written. Change the LXC controller
	to explicitly print any virErrorPtr message to stderr. Then
	change the driver to skip over anything that looks like a log
	message.

	The result is that this

	error: Failed to start domain busy
	error: internal error guest failed to start: 2013-03-04 19:46:42.846+0000: 1734: info : libvirt version: 1.0.2
	2013-03-04 19:46:42.846+0000: 1734: error : virFileLoopDeviceAssociate:600 : Unable to open /root/disk.raw: No such file or directory

	changes to

	error: Failed to start domain busy
	error: internal error guest failed to start: Unable to open /root/disk.raw: No such file or directory

2013-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Add method for checking if a string is (probably) a log message
	When reading log output from QEMU/LXC we need to skip over any
	libvirt log messages. Currently the QEMU driver checks for a
	fixed string, but this is better done with a regex. Add a method
	virLogProbablyLogMessage to do a regex check

	Use VIR_MASS_CLOSE in LXC container startup
	In the LXC container startup code when switching stdio
	streams, we call VIR_FORCE_CLOSE on all FDs. This triggers
	a huge number of warnings, but we don't see them because
	stdio is closed at this point. strace() however shows them
	which can confuse people debugging the code. Switch to
	VIR_MASS_CLOSE to avoid this

	Ensure xmlSaveToBuffer is always defined
	RHEL4 vintage libxml2 header files are missing xmlSaveToBuffer
	despite the symbol existing in the binary

	Fix conditional build of virNetDevSetupControlFull
	The virNetDevSetupControlFull function was protected by a
	conditional on SIOCBRADDBR, which is bogus since it does
	not use that symbol. Update the conditionals around all
	callers to do stricter checks to ensure we always build
	succesfully

	Ensure GET_VLAN_VID_CMD is always defined
	The RHEL4 vintage header files do not define GET_VLAN_VID_CMD.
	Conditionally define it in our source, since the kernel can
	raise a runtime error if it isn't supported

	Don't import loop.h unless HAVE_DECL_LO_FLAGS_AUTOCLEAR is defined
	The loop.h on RHEL4 is broken and cannot be imported. We already
	detect this in configure as a side-effect of looking for whether
	LO_FLAGS_AUTOCLEAR is available. We protected the impl with
	HAVE_DECL_LO_FLAGS_AUTOCLEAR, but not the header import

	Rename 'daemon' param to 'binary' in virNetClientNewUNIX
	To avoid a clash with daemon() libc API, rename the
	'daemon' param in the header file to 'binary'. The
	source file already uses the name 'binary'.

	Rename 'clone' to 'clonevol' to avoid name clash with clone() syscall
	On RHEL-4 vintage one of the header files is polluted causing a
	clash between the clone() syscall and the 'clone' parameter in
	a libvirt driver API

2013-03-07  Eric Blake  <eblake@redhat.com>

	viralloc: use consistent naming
	Commit 0df3e89 only touched the header, but the .c file had the
	same shadowing potential.

	* src/util/viralloc.c (virDeleteElementsN): s/remove/toremove/ to
	match the header.

2013-03-07  Eric Blake  <eblake@redhat.com>

	rng: allow default device in RNG grammar
	This matches the documentation of commit 4932ef4, and the
	C code changes of commit 75e656a.

	* docs/schemas/domaincommon.rng: Allow default entry.

2013-03-07  Eric Blake  <eblake@redhat.com>

	build: avoid shadowing a function name
	Make the same fix as in commit de53eff.

	* src/util/viralloc.h (virDeleteElementsN): Cater to old glibc.

2013-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash parsing RNG device specification
	Code that validates the whitelist for the RNG device filename
	didn't account for fact that filename may be NULL. This led
	to a NULL reference crash. This wasn't caught since the test
	suite was not covering this XML syntax

2013-03-06  John Ferlan  <jferlan@redhat.com>

	Resolve valgrind error
	Resolves the following valgrind error from qemuxml2argvtest:

	==20393== 5 bytes in 1 blocks are definitely lost in loss record 2 of 60
	==20393==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
	==20393==    by 0x38D690A167: __vasprintf_chk (in /usr/lib64/libc-2.16.so)
	==20393==    by 0x4CB0D97: virVasprintf (stdio2.h:210)
	==20393==    by 0x4CB0E53: virAsprintf (virutil.c:2017)
	==20393==    by 0x428DC5: qemuAssignDeviceAliases (qemu_command.c:791)
	==20393==    by 0x41DF93: testCompareXMLToArgvHelper (qemuxml2argvtest.c:151)
	==20393==    by 0x41F53F: virtTestRun (testutils.c:157)
	==20393==    by 0x41DA9B: mymain (qemuxml2argvtest.c:885)
	==20393==    by 0x41FB7A: virtTestMain (testutils.c:719)
	==20393==    by 0x38D6821A04: (below main) (in /usr/lib64/libc-2.16.so)
	==20393==

	From qemu_command.c/line 791:

	    if (def->rng) {
	        if (virAsprintf(&def->rng->info.alias, "rng%d", 0) < 0)
	            goto no_memory;
	    }

2013-03-06  Jiri Denemark  <jdenemar@redhat.com>

	storage: Cleanup logical volume creation code
	This patch plugs two memory leaks, removes some useless and confusing
	constructs and renames renames "cleanup" label as "error" since it is
	only used for error path rather then being common for both success and
	error paths.

2013-03-06  John Ferlan  <jferlan@redhat.com>

	sheepdog: Adjust logic to break while loop to avoid Coverity error
	Change the various "return -1" to "break".  Avoids Coverity error and
	perhaps other/future analyzer issues.

2013-03-06  John Ferlan  <jferlan@redhat.com>

	libxl_driver: Resolve Coverity errors
	1. The virObjectLock() call was unconditional, but Unlock was conditional
	   on vm being valid.  Removed the check

	2. A call to virDomainEventNewFromObj() isn't guaranteed to return an
	   event - that check needs to be made prior to libxlDomainEventQueue()
	   of the event. Did not add libxlDriverLock/Unlock around the call since
	   some callers already have lock taken

	3. Need to initialize fd = -1 in libxlDoDomainSave() since we can jump
	   to cleanup before it's set.

	4. Missing break;'s in libxlDomainModifyDeviceFlags() for case
	   LIBXL_DEVICE_UPDATE.  The default: case would report an error

2013-03-06  John Ferlan  <jferlan@redhat.com>

	libxl_conf: Resolve Coverity issue with call to regcomp()

2013-03-06  Guannan Ren  <gren@redhat.com>

	qemu: update domain live xml for virsh memtune with --live flag
	virsh subcommand memtune forgot updating domain live xml
	after setting cgroup value.

2013-03-06  Guannan Ren  <gren@redhat.com>

	util: fix a integer boundary error
	A value which is equal to a integer maximum such as LLONG_MAX is
	a valid integer value.

	The patch fix the following error:
	1, virsh memtune vm --swap-hard-limit -1
	2, virsh start vm
	In debug mode, it shows error like:
	virScaleInteger:1813 : numerical overflow:\
	                       value too large: 9007199254740991KiB

2013-03-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Report errors on cputune parameter parsing
	This patch adds proper error reporting if parsing of cputune parameters
	fails due to incorrect values provided by the user. Previously no errors
	were reported in such a case and the failure was silently ignored.

2013-03-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Make virDomainDeviceInfoIterate usable without os type
	Make the iterator function usable in the next patches. Also refactor
	some parts to avoid strcmp if not necessary.

	This commit tweaks and shadows the change that was done in commit
	babe7dada0f90bfde74a716e8fc963b049d76f96 and was needed after the
	support for multiple console devices was added. Historically the first
	<console> element is alias for the <serial> device.

2013-03-05  Peter Krempa  <pkrempa@redhat.com>

	conf: whitespace cleanups and refactors with no semantic impact
	This patch changes many unrelated places to simplify the code or update
	code style. This patch should not have any semantic impact on the code.

	virsh-snapshot: Add ability to print only snapshot names
	Help script creators by not having to parse the names from the table.

2013-03-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 1.0.3
	- configure.ac docs/news.html.in libvirt.spec.in: update for the release
	- po/*.po*: merged in transifex updates for fr,hi,pl,ja,uk,it and
	  regenerated

2013-03-05  Eric Blake  <eblake@redhat.com>

	rng: restrict passthrough names to known-good files
	There is some controversy[1] on the qemu list on whether qemu should
	have ever allowed arbitrary file name passthrough, or whether it
	should be restricted to JUST /dev/random and /dev/hwrng.  It is
	always easier to add support for additional filenames than it is
	to remove support for something once released, so this patch
	restricts libvirt 1.0.3 (where the virtio-random backend was first
	supported) to just the two uncontroversial names, letting us defer
	to a later date any decision on whether supporting arbitrary files
	makes sense. Additionally, since qemu 1.4 does NOT support
	/dev/fdset/nnn fd passthrough for the backend, limiting to just
	two known names means that we don't get tempted to try fd
	passthrough where it won't work.

	[1]https://lists.gnu.org/archive/html/qemu-devel/2013-03/threads.html#00023

	* src/conf/domain_conf.c (virDomainRNGDefParseXML): Only allow
	/dev/random and /dev/hwrng.
	* docs/schemas/domaincommon.rng: Flag invalid files.
	* docs/formatdomain.html.in (elementsRng): Document this.
	* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.args:
	Update test to match.
	* tests/qemuxml2argvdata/qemuxml2argv-virtio-rng-random.xml:
	Likewise.

2013-03-04  John Ferlan  <jferlan@redhat.com>

	internals: Update to include RPC and Lock links and add new data
	Added a picture and explanation describing the virConnectOpen processing
	at a "higher" level, but with some source code references.

	Add references for phyp and parallels

	api: Add text and references for daemon

	api: Add text and references for drivers section

	api: Complete list of function and naming conventions

	api: Reword and clean lists for object description

	api: Reword objects exposed section

2013-03-04  John Ferlan  <jferlan@redhat.com>

	hellolibvirt: Adjust code to use new APIs
	Change the order of some conditions and use the AllDomains API to get
	a list of all the active and defined domains, then use the Active and
	Name API's in order to print.

	This changes here adjust the output from:

	Attempting to connect to hypervisor
	Connected to hypervisor at "qemu:///system"
	Hypervisor: "QEMU" version: 0.32.656
	There are 0 active and 2 inactive domains
	Inactive domains:
	  foo
	  bar
	Disconnected from hypervisor

	to

	Attempting to connect to hypervisor
	Connected to hypervisor at "qemu:///system"
	Hypervisor: "QEMU" version: 0.32.656
	There are 0 active and 2 inactive domains
	       foo (non-active)
	       bar (non-active)
	Disconnected from hypervisor

2013-03-04  John Ferlan  <jferlan@redhat.com>

	libvirt: Update headers for doc
	Update the function prototypes to include a message about the client needing
	to free() returned name fields.  Fix the all domains example flags values.

2013-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS tests with gnutls 3
	When given a CA cert with basic constraints to set non-critical,
	and key usage of 'key signing', this should be rejected. Version
	of GNUTLS < 3 do not rejecte it though, so we never noticed the
	test case was broken

2013-03-04  Satoru Moriya  <satoru.moriya@hds.com>

	qemu: fix wrong evaluation in qemuDomainSetMemoryParameters
	19c6ad9a (qemu: Refactor qemuDomainSetMemoryParameters) introduced
	a new macro, VIR_GET_LIMIT_PARAMETER(PARAM, VALUE). But if statement
	in the macro is not correct and so set_XXXX flags are set to false
	in the wrong. As a result, libvirt ignores all memtune parameters.
	This patch fixes the conditional expression to work correctly.

2013-03-04  Guannan Ren  <gren@redhat.com>

	util: use string libvirt to prefix error message instead of libvir
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=912021
	Without error handler set, virDefaultErrorFunc will be called, the
	error message is prefixed with "libvir:". It become a little better
	by using prefix "libvirt:" when working with upper application.

	For example:
	1, stop libvirtd daemon
	2, run virt-top.
	libvir: XML-RPC error : Failed to connect \
	        socket to '/var/run/libvirt/libvirt-sock-ro': \
	        No such file or directory
	libvirt: VIR_ERR_SYSTEM_ERROR: VIR_FROM_RPC: \
	        Failed to connect socket to '/var/run/libvirt/libvirt-sock-ro': \
	        No such file or directory

2013-03-04  Fritz Elfert  <fritz@fritz-elfert.de>

	libvirt does not logout of iscsi targets, causing system hang on shutdown
	There's a quite old bug entry here:

	https://bugzilla.redhat.com/show_bug.cgi?id=700010

	I just stumbled over that very issue on F18. Doing a little bit
	debugging of the shutdown sequence, it turns out that - at least on my
	F18 installation - libvirtd is shutdown *after* iscsid, which makes it
	impossible for libvirt to perform the logout of the iscsi session properly.

	This patch simply adds another startup dependancy on iscsid.service
	which in turn delays iscsid shutdown until after libvirtd has stopped.
	Having that applied, the system shuts down properly again.

2013-03-04  Peter Krempa  <pkrempa@redhat.com>

	qemu: Remove managed save flag from VM when starting with --force-boot
	At the start of the guest after the image is unlinked the state wasn't
	touched up to match the state on disk.

2013-03-04  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: Use -1 as unpriviledged uid/gid
	Commit f506a4c1 changed virSetUIDGID() to be a noop
	when uid/gid are -1, while it used to be a noop when
	they are <= 0.

	The changes in this commit broke creating new VMs in GNOME Boxes
	as qemuDomainCheckDiskPresence gets called during domain creation/startup,
	which in turn calls virFileAccessibleAs which fails after calling
	virSetUIDGID(0, 0) (Boxes uses session libvirtd). virSetUIDGID is called with
	(0, 0) as these are the default user/group values in virQEMUDriverConfig
	for session libvirtd.

	This commit changes virQEMUDriverConfigNew to use -1 as the unpriviledged
	uid/gid. I've also looked at the various places where cfg->user is used,
	and they all seem to handle -1 correctly.

2013-03-01  Guido Günther  <agx@sigxcpu.org>

	hook: log the exit status of the hook not 256
	Adjust the docs accordingly. See http://bugs.debian.org/701570.

2013-03-01  Michal Privoznik  <mprivozn@redhat.com>

	virnetdevmacvlan.c: Introduce mutex for macvlan creation
	Currently, after we removed the qemu driver lock, it may happen
	that two or more threads will start up a machine with macvlan and
	race over virNetDevMacVLanCreateWithVPortProfile(). However,
	there's a racy section in which we are generating a sequence of
	possible device names and detecting if they exits. If we found
	one which doesn't we try to create a device with that name.
	However, the other thread is doing just the same. Assume it will
	succeed and we must therefore fail. If this happens more than 5
	times (which in massive parallel startup surely will) we return
	-1 without any error reported. This patch is a simple hack to
	both of these problems. It introduces a mutex, so only one thread
	will enter the section, and if it runs out of possibilities,
	error is reported. Moreover, the number of retries is raised to 20.

2013-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Revert hack for autodestroy in qemuProcessStop
	This reverts the hack done in

	commit 568a6cda277f04ab9baaeb97490e548b7b608aa6
	Author: Jiri Denemark <jdenemar@redhat.com>
	Date:   Fri Feb 15 15:11:47 2013 +0100

	    qemu: Avoid deadlock in autodestroy

	since we now have a fix which avoids the deadlock scenario
	entirely

2013-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock in QEMU close callback APIs
	There is a lock ordering problem in the QEMU close callback
	APIs.

	When starting a guest we have a lock on the VM. We then
	set a autodestroy callback, which acquires a lock on the
	close callbacks.

	When running auto-destroy, we obtain a lock on the close
	callbacks, then run each callbacks - which obtains a lock
	on the VM.

	This causes deadlock if anyone tries to start a VM, while
	autodestroy is taking place.

	The fix is to do autodestroy in 2 phases. First obtain
	all the callbacks and remove them from the list under
	the close callback lock. Then invoke each callback
	from outside the close callback lock.

2013-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in QEMU auto-destroy with transient guests
	When the auto-destroy callback runs it is supposed to return
	NULL if the virDomainObjPtr is no longer valid. It was not
	doing this for transient guests, so we tried to virObjectUnlock
	a mutex which had been freed. This often led to a crash.

2013-03-01  Guannan Ren  <gren@redhat.com>

	python: fix fd leak in generator.py

	python: fix typoes and repeated global vars references

2013-03-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make sure qemuProcessStart is run within a job
	qemuProcessStart expects to be run with a job already set and every
	caller except for qemuMigrationPrepareAny use it correctly. This bug can
	be observed in libvirtd logs during incoming migration as

	    warning : qemuDomainObjEnterMonitorInternal:979 : This thread seems
	    to be the async job owner; entering monitor without asking for a
	    nested job is dangerous

2013-03-01  Jim Fehlig  <jfehlig@suse.com>

	Fix starting qemu instances when apparmor driver is enabled
	With the apparmor security driver enabled, qemu instances fail
	to start

	# grep ^security_driver /etc/libvirt/qemu.conf
	security_driver = "apparmor"
	# virsh start test-kvm
	error: Failed to start domain test-kvm
	error: internal error security label already defined for VM

	The model field of virSecurityLabelDef object is always populated
	by virDomainDefGetSecurityLabelDef(), so remove the check for a
	NULL model when verifying if a label is already defined for the
	instance.

	Checking for a NULL model and populating it later in
	AppArmorGenSecurityLabel() has been left in the code to be
	consistent with virSecuritySELinuxGenSecurityLabel().

2013-02-28  Serge Hallyn  <serge.hallyn@ubuntu.com>

	Fix a message typo
	As pointed out in
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1034661
	The sentence

	"The function of PCI device addresses must less than 8"

	does not quite make sense.  Update that to read

	"The function of PCI device addresses must be less than 8"

2013-02-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't fail to shutdown domains with unresponsive agent
	Currently, qemuDomainShutdownFlags() chooses the agent method of
	shutdown whenever the agent is configured. However, this
	assumption is not enough as the guest agent may be unresponsive
	at the moment. So unless guest agent method has been explicitly
	requested, we should fall back to the ACPI method.

2013-02-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: virConnectGetVersion returns bogus value
	The unitialized local variable qemuVersion can cause an random value
	to be returned for the hypervisor version, observable with virsh version.
	Introduced by commit b46f7f4a0b96c2d2d01d64d960bd7bc90dc16b0c

2013-02-28  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: fix use-after-free when parsing NBD disk
	disk->src is still used for disks->hosts->name, do not free it.

2013-02-28  Eric Blake  <eblake@redhat.com>

	maint: fix typo in network docs
	* docs/formatnetwork.html.in: Spell variation correctly.

2013-02-27  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to add non-existant devices to ACL
	The QEMU driver has a list of devices nodes that are whitelisted
	for all guests. The kernel has recently started returning an
	error if you try to whitelist a device which does not exist.
	This causes a warning in libvirt logs and an audit error for
	any missing devices. eg

	2013-02-27 16:08:26.515+0000: 29625: warning : virDomainAuditCgroup:451 : success=no virt=kvm resrc=cgroup reason=allow vm="vm031714" uuid=9d8f1de0-44f4-a0b1-7d50-e41ee6cd897b cgroup="/sys/fs/cgroup/devices/libvirt/qemu/vm031714/" class=path path=/dev/kqemu rdev=? acl=rw

2013-02-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in internal VIR_QEMU_PROCESS_START_AUTODESROY constant
	s/VIR_QEMU_PROCESS_START_AUTODESROY/VIR_QEMU_PROCESS_START_AUTODESTROY/

2013-02-27  Daniel P. Berrange  <berrange@redhat.com>

	Avoid spamming logs with cgroups warnings
	The code for putting the emulator threads in a separate cgroup
	would spam the logs with warnings

	2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 3
	2013-02-27 16:08:26.731+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 4
	2013-02-27 16:08:26.732+0000: 29624: warning : virCgroupMoveTask:887 : no vm cgroup in controller 6

	This is because it has only created child cgroups for 3 of the
	controllers, but was trying to move the processes from all the
	controllers. The fix is to only try to move threads in the
	controllers we actually created. Also remove the warning and
	make it return a hard error to avoid such lazy callers in the
	future.

2013-02-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix autodestroy of QEMU guests
	The virQEMUCloseCallbacksRunOne method was passing a uuid string
	to virDomainObjListFindByUUID, when it actually expected to get
	a raw uuid buffer. This was not caught by the compiler because
	the method was using a 'void *uuid' instead of first casting
	it to the expected type.

	This regression was accidentally caused by refactoring in

	  commit 568a6cda277f04ab9baaeb97490e548b7b608aa6
	  Author: Jiri Denemark <jdenemar@redhat.com>
	  Date:   Fri Feb 15 15:11:47 2013 +0100

	    qemu: Avoid deadlock in autodestroy

2013-02-27  Eric Blake  <eblake@redhat.com>

	qemu: -numa doesn't (yet) support disjoint range
	https://bugzilla.redhat.com/show_bug.cgi?id=896092 mentions that
	qemu 1.4 and earlier only accept a simple start-stop range for
	the cpu=... argument of -numa.  Libvirt would attempt to use
	-numa cpu=1,3 for a disjoint range, which did not work as intended.

	Upstream qemu will be adding a new syntax for disjoint cpu ranges
	in 1.5; but the design for that syntax is still under discussion
	at the time of this patch.  So for libvirt 1.0.3, it is safest to
	just reject attempts to build an invalid qemu command line; in the
	future, we can add a capability bit and translate to the final
	accepted design for selecting a disjoint cpu range in numa.

	* src/qemu/qemu_command.c (qemuBuildNumaArgStr): Reject disjoint
	ranges.

2013-02-27  Laine Stump  <laine@laine.org>

	Revert "Add support for <option> tag in network config"
	This reverts commit 383ebc46947b0119123880c1ff9ae345fdb8d5f6.

	We decided the xml for this feature needed more thought to make sure
	we are doing it the best way, in particular wrt option values that
	have multiple items.

2013-02-27  Peter Krempa  <pkrempa@redhat.com>

	util: Add docs for virXMLProp string
	To avoid confusion about usage of this function explicitly document that
	this function returns copy of the attribute string.

	tests: Test XML entities in source path for RNG device
	Users may want to specify XML entities in paths to devices. Ensure they
	are parsed and used properly.

	docs: Fix attribute name for virtio-rng backend

2013-02-27  Ján Tomko  <jtomko@redhat.com>

	tests: fix leaks in storagevolxml2argvtest
	Reported by John Ferlan.

2013-02-27  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Make VIR_MIGRATE_NON_SHARED_{INC,DISK} mutually exclusive
	These two flags in fact are mutually exclusive. Requesting them both
	doesn't make any sense regardless of hypervisor driver. Hence, we have
	to make it within libvirt.c file instead of fixing it in each driver.

2013-02-27  Philipp Hahn  <hahn@univention.de>

	doc: document new storage volume/pool types
	Add qed for dirfs pool.
	Add ocfs2 for disk pool.
	Add lvm2 for disk and logical pool.
	Add cifs and glusterfs for netfs pool.

	Note: POOL_DISK_LVM2 can not be created by "parted mklabel", but is only
	returned from auto-detection on disk pools.

2013-02-27  Eric Blake  <eblake@redhat.com>

	build: don't use gcrypt.h without gnutls support
	Eugene Marcotte reported that if gcrypt-devel (a prereq of
	gnutls-devel) is not present, then compilation fails due to
	an unconditional use of <gcrypt.h>.

	* src/libvirt.c (includes): Properly guard use of gcrypt.h.

2013-02-27  Eric Blake  <eblake@redhat.com>

	Revert "S390: domain_conf support for CCW"
	This reverts commit 0bbbd42c30543d8251536c2fa11166834c886ada.

	The design for this feature is not complete, and may change the
	name of the 'schid' attribute.  Revert requested by Viktor Mihajlovski.

2013-02-27  Eric Blake  <eblake@redhat.com>

	Revert "S390: Documentation for CCW address type"
	This reverts commit 24aa7f8d11054b7b2e643cf3cd5c80a199764af0.

	The implementation to match the documentation is not complete yet,
	and the final design might change the name of the 'schid' attribute.

2013-02-27  Philipp Hahn  <hahn@univention.de>

	schema: Restrict mode to octal
	virStrToLong(..., 8, ...) already requires the mode to be octal.
	Change the relax-ng schema to check for octal as well.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: skip virstoragetest on RHEL 5
	virstoragetest was failing on RHEL 5, but with no good error message:

	TEST: virstoragetest
	                                        0   FAIL

	It turns out that qemu-img was so old, that it lacked support for
	-o backing_file.  It didn't help that the test was also using
	qemu-img from PATH, even after first probing for kvm-img.

	* tests/virstoragetest.c (testPrepImages): Consistently use
	discovered binary.  Skip instead of fail if qemu-img fails during
	setup.

2013-02-26  Doug Goldstein  <cardoe@cardoe.com>

	interface: udev backend coverity NULL deref
	This fixes a potential NULL deref identified by John Ferlan
	<jferlan@redhat.com> if scandir() didn't return an expected value.

2013-02-26  Daniel P. Berrange  <berrange@redhat.com>

	Remove some C99 variable decls in parallels driver
	The parallels storage driver declared some loop variables
	inside the for(;;). This is not allowed by libvirt coding
	standards

2013-02-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash changing CDROM media
	This change tried to fix a crash with changing CDROM media but
	failed to actually do so

	  commit d0172d2b1b5d865aaa042070d7c2d00effb2ff8c
	  Author: Osier Yang <jyang@redhat.com>
	  Date:   Tue Feb 19 20:27:45 2013 +0800

	    qemu: Remove the shared disk entry if the operation is ejecting or updating

	It was still accessing disk->src, when the entire 'disk' object
	has been free'd already. Even if it weren't free'd, accessing
	the 'src' value of virDomainDiskDef is not allowed without
	first validating disk->type is file or block. Just remove the
	broken code entirely.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: old automake lacks abs_builddir
	On RHEL 5, 'make check' included failures such as:

	TEST: virstoragetest
	unable to create directory /virstoragedata/sub
	unable to return to correct directory, refusing to clean up /virstoragedata

	It turns out that with automake 1.9.x, $(abs_builddir) is not
	automatically provided.  We have previously worked around this
	by using `pwd` before, but because we did not do it everywhere,
	we had a number of broken tests.

	This patch brings RHEL 5 from 8 failed tests down to 5 (the
	remaining failures may be due to bugs in the older libxml2 and
	RNG schema validation available in RHEL 5, so I'm not sure if
	they can be fixed in libvirt, but I'm still investigating).

	* tests/Makefile.am (AM_CFLAGS): Reliably set abs_builddir.
	(*_la_CFLAGS): Factor out common settings; delete when nothing
	remains to be added.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: consistent skip messages
	On RHEL 5, I noticed this test failure message:

	TEST: qemumonitorjsontest
	libvirt not compiled with yajl, skippingSKIP: qemumonitorjsontest

	* tests/virstoragetest.c (testPrepImages): Use simpler fputs.
	* tests/qemumonitorjsontest.c (mymain): Ensure trailing newline.

2013-02-26  Ján Tomko  <jtomko@redhat.com>

	libvirt: fix error message when connection can't be opened
	VIR_ERR_NO_CONNECT already contains "no connection driver available".

	This patch changes:
	no connection driver available for No connection for URI hello
	to:
	no connection driver available for hello

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=851413

2013-02-26  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: do not set unpriv_sgio if neither supported nor requested
	Currently we call virSetDeviceUnprivSGIO with val == 0 if a block device
	has an sgio attribute.  But for sgio='filtered', we know that a
	kernel with no unpriv_sgio support will always behave as the user
	wanted.  In this case, there is no need to call the function and
	report a (bogus) error.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: uniformly report test failures
	testutils.c likes to print summaries after a test completes,
	including if it failed.  But if the test outright exit()s,
	this summary is skipped.  Enforce that we return instead of exit.

	* cfg.mk (sc_prohibit_exit_in_tests): New syntax check.
	* tests/commandhelper.c (main): Fix offenders.
	* tests/qemumonitorjsontest.c (mymain): Likewise.
	* tests/seclabeltest.c (main): Likewise.
	* tests/securityselinuxlabeltest.c (mymain): Likewise.
	* tests/securityselinuxtest.c (mymain): Likewise.
	* tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise.
	* tests/testutils.c (virtTestMain): Likewise.
	(virtTestCaptureProgramOutput): Use symbolic name.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: don't test json when not compiled in
	Now that the segfault is solved, we can skip instead of fail
	the test when yajl is not present.

	* tests/qemumonitorjsontest.c (mymain): Skip if no yajl.

2013-02-26  Eric Blake  <eblake@redhat.com>

	tests: avoid segfault if json monitor not present
	On a machine without yajl headers, I was seeing random segfaults
	from qemumonitorjsontest (about 90% of the runs on my particular
	machine).  The segfault was inside virClassIsDerivedFrom, which
	points to a case of a race leading to unreferencing a stale
	pointer to an object that had already been freed.  I also noticed
	that if I got the segfault, I was seeing messages such as:

	2013-02-22 16:12:37.504+0000: 19833: error : virNetSocketWriteWire:1361 : Cannot write data: Bad file descriptor

	which is also evidence of deferencing a stale pointer.  I traced it
	to a race where qemuMonitorTestIO could execute late, after the
	main thread had already called qemuMonitorTestFree and called
	virNetSocketClose(test->client) but not clearing it out to NULL.
	Sure enough, after test->client has been closed, fd is -1, which
	causes an attempt to write to the socket to fail, which in turn
	triggers the error code of qemuMonitorTestIO that tries to re-close
	test->client.

	* tests/qemumonitortestutils.c (qemuMonitorTestIO): Don't attempt
	to free client again if test already quit.

2013-02-26  Eric Blake  <eblake@redhat.com>

	qemu: minor monitor lock cleanups
	If virCondInit fails (okay, so that's unlikely), then we end up
	attempting a virObjectUnlock() on the cleanup path, even though
	we don't hold a lock.  This is not guaranteed to be safe.  While
	at it, I noticed a couple places where we were referencing mon->fd
	outside locks.

	* src/qemu/qemu_monitor.c (qemuMonitorOpenInternal): Minimize lock
	duration.  mon->watch doesn't need clean up on error.
	(qemuMonitorGetBlockExtent, qemuMonitorBlockResize): Don't
	dereference fd outside of lock.

2013-02-26  Eric Blake  <eblake@redhat.com>

	qemu: don't override earlier json error
	I built without yajl support, and noticed a strange failure message
	in qemumonitorjsontest:

	2013-02-22 16:12:37.503+0000: 19812: error : virJSONValueToString:1119 : internal error No JSON parser implementation is available
	2013-02-22 16:12:37.503+0000: 19812: error : qemuMonitorJSONCommandWithFd:253 : out of memory

	While a later patch will fix the test to skip when json is not present,
	this patch avoids overriding the more useful error message from
	virJSONValueToString returning NULL.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCommandWithFd):
	Don't override message.
	(qemuMonitorJSONCheckError): Don't print NULL.
	* src/qemu/qemu_agent.c (qemuAgentCommand): Don't override message.
	(qemuAgentCheckError): Don't print NULL.
	(qemuAgentArbitraryCommand): Properly fail on OOM.

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	conf: Avoid leaking of RNG device definition

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainSetMemoryParameters
	The new TypedParam helper APIs allow to simplify this function
	significantly.

	This patch integrates the fix in 75e5bec97b3045e4f926248d5c742f8a50d0f9
	by correctly ordering the setting functions instead of reordering the
	parameters.

2013-02-25  Doug Goldstein  <cardoe@cardoe.com>

	interface: Fix udev backend bridge device display
	The bridge device was showing the vnet devices created for the domains
	as connected to the bridge. libvirt should only show host devices when
	trying to get the interface definition rather than the domain devices as
	well.

2013-02-25  Philipp Hahn  <hahn@univention.de>

	storage: cast -1 for uid_t|gid_t
	uid_t and gid_t are opaque types, ranging from s32 to u32 to u64.

	Explicitly cast the magic -1 to the appropriate type.

2013-02-25  Philipp Hahn  <hahn@univention.de>

	storage: Cast uid_t|gid_t to unsigned int
	uid_t and gid_t are opaque types, ranging from s32 to u32 to u64.

	Explicitly cast them to unsigned int for printing.

2013-02-25  Philipp Hahn  <hahn@univention.de>

	util: Fix printf format for uid_t|gid_t
	The uid_t|gid_t values are explicitly casted to "unsigned long", but the
	printf() still used "%d", which is for signed values.

	Change the format to "%u".

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	tests: Add tests for virtio-rng device handling
	Adds XML parsing and qemu commandline tests for the VirtIO RNG device
	support.

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement support for EGD backend for virtio-rng
	This patch adds a new capability bit QEMU_CAPS_OBJECT_RNG_EGD and code
	to support the egd backend for the VirtIO RNG device.

	The device is added by 3 qemu command line options:
	-chardev socket,id=charrng0,host=1.2.3.4,port=1234 (communication
	                                                    backend)
	-object rng-egd,chardev=charrng0,id=rng0 (RNG protocol client)
	-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4 (the RNG device)

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Implement support for default 'random' backend for virtio-rng
	This patch implements support for the virtio-rng-pci device and the
	rng-random backend in qemu.

	Two capabilities bits are added to track support for those:

	QEMU_CAPS_DEVICE_VIRTIO_RNG - for the device support and
	QEMU_CAPS_OBJECT_RNG_RANDOM - for the backend support.

	qemu is invoked with these additional parameters if the device is
	enabled:

	-object rng-random,id=rng0,filename=/test/phile (to add the backend)
	-device virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x4 (to add the device)

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	conf: Add RNG device ABI compatibility check

	conf: Add support for RNG device configuration in XML
	This patch adds basic configuration support for the RNG device
	supporting the virtio model with the "random" and "egd" backend types as
	described in the schema in the previous patch.

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	doc: schema: Add basic documentation for the virtual RNG device support
	This patch documents XML elements used for (basic) support of virtual
	RNG devices.

	In the devices section in the domain XML users may specify:

	For the default 'random' backend:
	  <devices>
	    <rng model='virtio'>
	      <backend model='random'>/dev/urandom</backend>
	    </rng>
	  </devices>

	For the slightly more advanced EGD backend:
	  <devices>
	    <rng model='virtio'>
	      <backend model='egd' type='udp'>
	        <!-- this is a definition of a character device -->
	        <source mode='bind' service='1234'/>
	        <source mode='connect' host='1.2.3.4' service='1234'/>
	        <!-- or other valid character device configuration -->
	      </backend>
	    </rng>
	  </devices>

	For the planned random daemon/pool:
	  <devices>
	    <rng model='virtio'>
	      <backend model='pool' pool='poolname'>class</backend>
	    </rng>
	  </devices>

	to enable the RNG device for guests.

2013-02-25  Peter Krempa  <pkrempa@redhat.com>

	conf: Add fake switch statement to warn for new device types
	This patch adds a fake switch statement to force the compiler to warn
	after a new device type was added. This should remind the contributor to
	add the new device also to this iterator function.

2013-02-25  Gene Czarcinski  <gene@czarc.net>

	use client id for IPv6 DHCP host definition
	Originally, only a host name was used to associate a
	DHCPv6 request with a specific IPv6 address.  Further testing
	demonstrates that this is an unreliable method and, instead,
	a client-id or DUID needs to be used.  According to DHCPv6
	standards, this id can be a duid-LLT, duid-LL, or duid-UUID
	even though dnsmasq will accept almost any text string.

	Although validity checking of a specified string makes sure it is
	hexadecimal notation with bytes separated by colons, there is no
	rigorous check to make sure it meets the standard.

	Documentation and schemas have been updated.

2013-02-25  Gene Czarcinski  <gene@czarc.net>

	Trivial fix: in dhcp-host the name is optional
	Although in IPv4 one must pick either mac or name, either
	can be omitted.  Similarly, for IPv6, the name
	can be optionally omitted.

2013-02-25  Laine Stump  <laine@laine.org>

	util: fix typo in comment

2013-02-24  Ján Tomko  <jtomko@redhat.com>

	storage: qemu-img: change INFO to DEBUG
	For really old qemu-img binaries which do not support specifying
	the format of the backing file, display a DEBUG message instead of
	INFO that this can't be done.

	storage: move qemu-img options before positional arguments
	Modify the expected output of storagevolxml2argv tests as well.

	storage: add test for qemu-img command line generation

	storage: separate qemu-img command generation and execution
	This allows us to create a test for the generated command line.

	storage: move flag setting after declarations

2013-02-23  Eric Blake  <eblake@redhat.com>

	run: license as LGPL
	It makes no sense to prohibit reuse of the wrapper in other LGPL
	projects, since most of libvirt is designed to be LGPL.  Of
	course, when using the wrapper to wrap a GPL program, the combined
	result is still effectively GPL, but that shouldn't force us to
	license the wrapper as GPL in isolation.

	* run.in: Relicense to LGPLv2+.

2013-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Cancel running jobs on failed migration
	If a migration fails, we need to stop all block jobs running so
	qemu doesn't try to send data to destination over and over again.

	qemu_migration: Stop NBD server at Finish phase
	At the end of migration, it is important to stop NBD
	server and thus release all allocated resources.

2013-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Introduce qemuMigrationDriveMirror
	This function does the source part of NBD magic. It
	invokes drive-mirror on each non shared and RW disk with
	a source and wait till the mirroring process completes.
	When it does we can proceed with migration.

	Currently, an active waiting is done: every 500ms libvirt
	asks qemu if block-job is finished or not.  However, once
	the job finishes, qemu doesn't report its progress so we
	can only assume if the job finished successfully or not.
	The better solution would be to listen to the event which
	is sent as soon as the job finishes. The event does
	contain the result of job.

2013-02-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_migration: Introduce qemuMigrationStartNBDServer()
	We need to start NBD server and feed it with all non-<shared/>,
	RW and source-full disks. Moreover, with new virPortAllocator we
	must ensure the borrowed port for NBD server will be returned if
	either migration completes or qemu process is torn down.

	qemu: Introduce nbd-server-stop command
	This will be used after all migration work is done
	to stop NBD server running on destination.  It
	doesn't take any arguments, just issues a command.

	qemu: Introduce nbd-server-add command
	This will be used with new migration scheme.
	This patch creates basically just monitor stub
	functions. Wiring them into something useful
	is done in later patches.

	qemu: Introduce nbd-server-start command
	This will be used with new migration scheme.
	This patch creates basically just monitor stub
	functions. Wiring them into something useful
	is done in later patches.

	Introduce NBD migration cookie
	This migration cookie is meant for two purposes. The first is to be sent
	in begin phase from source to destination to let it know we support new
	implementation of VIR_MIGRATE_NON_SHARED_{DISK,INC} so destination can
	start NBD server. Then, the second purpose is, destination can let us
	know, on which port the NBD server is running.

	qemu: Introduce NBD_SERVER capability
	This just keeps track whether qemu knows nbd-server-* commands
	so we can use it during migration or not.

2013-02-23  Pieter Hollants  <pieter@hollants.com>

	Add support for <option> tag in network config
	This patch adds support for a new <option>-Tag in the <dhcp> block of
	network configs, based on a subset of the fifth proposal by Laine
	Stump in the mailing list discussion at
	https://www.redhat.com/archives/libvir-list/2012-November/msg01054.html.
	Any such defined option will result in a dhcp-option=<number>,"<value>"
	statement in the generated dnsmasq configuration file.

	Currently, DHCP options can be specified by number only and there is
	no whitelisting or blacklisting of option numbers, which should
	probably be added.

2013-02-23  Eric Blake  <eblake@redhat.com>

	run: use portable shell
	Nothing in run required bash, except for the shebang.  On systems
	where /bin/bash doesn't exist (I hit it on FreeBSD), using /bin/sh
	instead fixes a 'make check' failure:
	gmake[3]: Entering directory `/usr/home/dummy/libvirt/python'
	  GEN    check-local
	/usr/local/bin/bash: ../run: /bin/bash: bad interpreter: No such file or directory

	* run.in: Use /bin/sh, not bash.

2013-02-23  Sage Weil  <sage@newdream.net>

	storage: use f_frsize, not f_bsize, for calculating available space
	The bfree and blocks fields are supposed to be in units of frsize.  We were
	calculating capacity correctly using those units, but the available
	calculation was using bsize instead.  Most file systems report these as the
	same value specifically because many programs are buggy, but that is no
	reason to rely on that behavior, or to behave inconsistently.

	This bug has been present since e266ded (2008) and aa296e6c, when the code
	was originally introduced (the latter via cut and paste).

2013-02-23  Eric Blake  <eblake@redhat.com>

	maint: check all symfiles for sorting
	On FreeBSD, I got a 'make check' failure:
	  GEN    check-symsorting
	Symbol block at ./libvirt_atomic.syms:4: viratomic.h not found

	* src/Makefile.am (SYM_FILES): New define.
	(check-symsorting): Check on all symfiles, even when not used.
	* src/libvirt_atomic.syms: Fix offender.

2013-02-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement virDomainMigrate*CompressionCache

	virsh: Add migrate-compcache command
	This is a command wrapping virDomainMigrateGetCompressionCache and
	virDomainMigrateSetCompressionCache.

	remote: Implement virDomainMigrate*CompressionCache

	python: Implement virDomainMigrateGetCompressionCache wrapper

	Introduce virDomainMigrate*CompressionCache APIs
	Introduce virDomainMigrateGetCompressionCache and
	virDomainMigrateSetCompressionCache APIs.

	qemu: Implement virDomainGetJobStats

	qemu: Parse more fields from query-migrate QMP command
	As a side effect, this also fixes reporting disk migration process.
	It was added to memory migration progress, which was wrong. Disk
	progress has dedicated fields in virDomainJobInfo structure.

	virsh: Use virDomainGetJobStats in domjobinfo if available

	remote: Implement virDomainGetJobStats

	remote: Auto-allocate params in remoteDeserializeTypedParameters
	remoteDeserializeTypedParameters can now be called with either
	preallocated params array (size of which is announced by nparams) or it
	can allocate params array according to the number of parameters received
	from the server.

	python: Implement virDomainGetJobStats wrapper

	Introduce virDomainGetJobStats API
	This is an extensible version of virDomainGetJobInfo.

	qemu: Add support for compressed migration

	Introduce VIR_MIGRATE_COMPRESSED flag
	This flag may be used with migration APIs to request compression of
	migration data.

2013-02-22  Daniel P. Berrange  <berrange@redhat.com>

	s/arm/armv7l/ in caps-qemu-kvm.xml
	Fix the caps-qemu-kvm.xml test data file to refer to correct
	arm arch name.

	Update arch names in RNG schema to match virarch.c
	When the virarch.c file was introduced to formalize the arch
	list, we forgot to update the RNG schema with the new arches.

2013-02-22  Christophe Fergeau  <cfergeau@redhat.com>

	conf: Don't leak 'ram' video property on error
	It's only freed on normal returns from virDomainVideoDefParseXML,
	but not when erroring out.

	conf: Don't leak 'primary' video property on error
	It's only freed on normal returns from virDomainVideoDefParseXML,
	but not when erroring out.

2013-02-22  Doug Goldstein  <cardoe@cardoe.com>

	interface: dev type support for bond interfaces
	Patch has been accepted into net-next's 3.9 queue to correctly expose
	bond interfaces with the 'bond' devtype.

	interface: add bond support to udev backend
	The udev backend now supports bond interfaces.

	interface: Improve udev backend device type id
	Refactored the interface device type identification to make it more
	clear about the operations. Add support for udev devtype to detect
	VLANs on Linux 3.7 and newer. Move VLAN detection based on device
	name to fallback case.

	interface: Refactor interface vlan to helper func
	Mechanical move to break up udevIfaceGetIfaceDef() into different
	helpers for each of the interface types to hopefully make the code
	easier to follow. This moves the vlan code to
	udevIfaceGetIfaceDefVlan().

	interface: udev bridge code error handling updates
	Based on feedback from Laine Stump, improve a number of the error
	handling cases to report the issue to the user instead of not generating
	data or giving vague errors. Added the bridge device name to every error
	message as well to make it clear which bridge failed.

	interface: Refactor udev bridge to helper func
	Mechanical move to break up udevIfaceGetIfaceDef() into different
	helpers for each of the interface types to hopefully make the code
	easier to follow. This moves the bridge code to
	udevIfaceGetIfaceDefBridge().

2013-02-21  Eric Blake  <eblake@redhat.com>

	qemu: check backing chains even when cgroup is omitted
	https://bugzilla.redhat.com/show_bug.cgi?id=896685 points out
	a regression caused by commit 38c4a9c - libvirt only labels
	the backing chain if the backing chain cache is populated, but
	the code to populate the cache was only conditionally performed
	if cgroup labeling was necessary.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Hoist cache setup...
	* src/qemu/qemu_process.c (qemuProcessStart): ...earlier into
	caller, where it is now unconditional.

2013-02-21  Christophe Fergeau  <cfergeau@redhat.com>

	docs: Add missing 'vram' in QXL video device doc

2013-02-21  Peter Krempa  <pkrempa@redhat.com>

	conf: Refactor ABI stability checking and break long lines
	Get rid of the "identical" variable in the ABI stability checks in favor
	of return statements and break or refactor very long lines where
	possible.

	conf: Refactor cpumask handling
	Declare local variables at the start of the block and fix trivial
	formatting issues.

	conf: Reformat many function headers in domain_conf.c
	Many of the headers were using the old style and even overflowing the 80
	column mark.

	conf: Fix label naming in virDomainDefFormatInternal
	The label named "cleanup" was used in error cases only. Change it to
	"error".

	conf: Ensure that new devices are added to conf copy function
	Use the correct type and get rid of "default" label in switch to make
	the compiler complain if a new device type is added.

	qemu: Refactor error paths in virQEMUDriverCreateCapabilities
	Change the error label to "error" and simplify some error paths.

	conf: Improve core dump config error message
	The message didn't seem to be much helpful

2013-02-21  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix HTML errors
	<pre> is forbidden inside <p>

	qemu: Avoid deadlock in autodestroy
	Since closeCallbacks were turned into virObjectLockable, we can no
	longer call virQEMUCloseCallbacks APIs from within a registered close
	callback.

	qemu: Turn closeCallbacks into virObjectLockable
	To avoid having to hold the qemu driver lock while iterating through
	close callbacks and calling them. This fixes a real deadlock when a
	domain which is being migrated from another host gets autodestoyed as a
	result of broken connection to the other host.

2013-02-21  Guannan Ren  <gren@redhat.com>

	qemu: fix an off-by-one error in qemuDomainGetPercpuStats
	The max value of number of cpus to compute(id) should not
	be equal or greater than max cpu number.
	The bug ocurrs when id value is equal to max cpu number which
	leads to the off-by-one error in the following for loop.

	 # virsh  cpu-stats guest --start 1
	 error: Failed to virDomainGetCPUStats()

	 error: internal error cpuacct parse error

2013-02-21  Osier Yang  <jyang@redhat.com>

	qemu: Fix the memory leak
	Found by John Ferlan (coverity script)

2013-02-20  John Ferlan  <jferlan@redhat.com>

	keepalive: Guard against integer overflow
	Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()

	Guard against possible overflow in virKeepAliveTimeout() by setting the
	timeout to be MAX_INT/1000 since the math following will multiply it by 1000.

2013-02-20  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix setting of disk backend
	The libxl driver was setting the backend field of libxl_device_disk
	structure to LIBXL_DISK_BACKEND_TAP when the driver element of disk
	configuration was not specified.  This needlessly forces the use of
	blktap driver, which may not be loaded in dom0

	https://bugzilla.redhat.com/show_bug.cgi?id=912488

	Ian Campbell suggested that LIBXL_DISK_BACKEND_UNKNOWN is a better
	default in this case

	https://www.redhat.com/archives/libvir-list/2013-February/msg01126.html

2013-02-20  John Ferlan  <jferlan@redhat.com>

	Remove a couple of misplaced VIR_FREE

2013-02-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Run lzop with '--ignore-warn'
	Currently, if lzop decompression binary produces a warning, it
	doesn't exit with zero status but 2 instead. Terrifying, but
	true. However, warnings may be ignored using '--ignore-warn'
	command line argument.  Moreover, in which case, the exit status
	will be zero.

2013-02-20  Sergey Fionov  <fionov@gmail.com>

	Fix memory leak in virNetClientIOWriteMessage
	Commit 18937c3ae0990b4417a43aa07a2c35aaf8cb6ec2 introduced the
	memory leak when client->msg.fds is copied to thecall->msg
	and then never freed.

2013-02-20  Osier Yang  <jyang@redhat.com>

	qemu: Remove the shared disk entry if the operation is ejecting or updating
	For both AttachDevice and UpdateDevice APIs, if the disk device
	is 'cdrom' or 'floppy', the operations could be ejecting, updating,
	and inserting. For either ejecting or updating, the shared disk
	entry of the original disk src has to be removed, because it's
	not useful anymore.

	And since the original disk def will be changed, new disk def passed
	as argument will be free'ed in qemuDomainChangeEjectableMedia, so
	we need to copy the orignal disk def before
	qemuDomainChangeEjectableMedia, to use it for qemuRemoveSharedDisk.

2013-02-20  Osier Yang  <jyang@redhat.com>

	qemu: Move the shared disk adding and sgio setting prior to attaching
	The disk def could be free'ed by qemuDomainChangeEjectableMedia,
	which can thus cause crash if we reference the disk pointer. On
	the other hand, we have to remove the added shared disk entry from
	the table on error codepath.

	qemu: Update shared disk table when reconnecting qemu process

	qemu: Record names of domain which uses the shared disk in hash table
	The hash entry is changed from "ref" to {ref, @domains}. With this, the
	caller can simply call qemuRemoveSharedDisk, without afraid of removing
	the entry belongs to other domains. qemuProcessStart will obviously
	benifit from it on error codepath (which calls qemuProcessStop to do
	the cleanup).

	qemu: Merge qemuCheckSharedDisk into qemuAddSharedDisk
	Based on moving various checking into qemuAddSharedDisk, this
	avoids the caller using it in wrong ways. Also this adds two
	new checking for qemuCheckSharedDisk (disk device not 'lun'
	and kernel doesn't support unpriv_sgio simply returns 0).

	qemu: Add checking in helpers for sgio setting
	This moves the various checking into the helpers, to avoid the
	callers missing the checking.

2013-02-20  Eric Blake  <eblake@redhat.com>

	maint: enforce private symbol section sorting
	Automating a sorting check is the only way to ensure we don't
	regress.  Suggested by Dan Berrange.

	* src/check-symsorting.pl (check_sorting): Add a parameter,
	validate that groups are in order, and that files exist.
	* src/Makefile.am (check-symsorting): Adjust caller.
	* src/libvirt_private.syms: Fix typo.
	* src/libvirt_linux.syms: Fix file name.
	* src/libvirt_vmx.syms: Likewise.
	* src/libvirt_xenxs.syms: Likewise.
	* src/libvirt_sasl.syms: Likewise.
	* src/libvirt_libssh2.syms: Likewise.
	* src/libvirt_esx.syms: Mention file name.
	* src/libvirt_openvz.syms: Likewise.

2013-02-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not ignore mandatory features in migration cookie
	Due to "feature"/"features" nasty typo, any features marked as mandatory
	by one side of a migration are silently considered optional by the other
	side. The following is the code that formats mandatory features in
	migration cookie:

	    for (i = 0 ; i < QEMU_MIGRATION_COOKIE_FLAG_LAST ; i++) {
	        if (mig->flagsMandatory & (1 << i))
	            virBufferAsprintf(buf, "  <feature name='%s'/>\n",
	                              qemuMigrationCookieFlagTypeToString(i));
	    }

2013-02-20  Ján Tomko  <jtomko@redhat.com>

	qemu: switch PCI address alocation to use virDevicePCIAddress
	Some functions were using virDomainDeviceInfo where virDevicePCIAddress
	would suffice. Some were only using integers for slots and functions,
	assuming the bus numbers are always 0.

	Switch from virDomainDeviceInfoPtr to virDevicePCIAddressPtr:
	qemuPCIAddressAsString
	qemuDomainPCIAddressCheckSlot
	qemuDomainPCIAddressReserveAddr
	qemuDomainPCIAddressReleaseAddr

	Switch from int slot to virDevicePCIAddressPtr:
	qemuDomainPCIAddressReserveSlot
	qemuDomainPCIAddressReleaseSlot
	qemuDomainPCIAddressGetNextSlot

	Deleted functions (they would take the same parameters
	as ReserveAddr/ReleaseAddr do now.)
	qemuDomainPCIAddressReserveFunction
	qemuDomainPCIAddressReleaseFunction

2013-02-20  Guannan Ren  <gren@redhat.com>

	virsh: distinguish errors between missing argument and wrong option
	Specifying ':' to suppress the error messages printed by getopt().
	Then, distinguish the two types of errors.

	Before:
	 # virsh -c
	   virsh: option requires an argument -- 'c'
	   error: unsupported option '-?'. See --help.

	After:
	 # virsh -c
	   error: option '-c' requires an argument

	 # virsh -x
	   error: unsupported option '-x'. See --help.

2013-02-19  Eric Blake  <eblake@redhat.com>

	maint: sort private syms to reflect recent header renames
	Purely mechanical (roughly, s/\n/~/; s/~~/\n/; sort by line;
	s/~/\n/)

	* src/libvirt_private.syms: Sort sections by header file name.

2013-02-19  Eric Blake  <eblake@redhat.com>

	maint: fix header file owners of private symbols
	Recent renames were not reflected into the comments of
	libvirt_private.syms; furthermore, since we mix private headers from
	several directories into this file, knowing where the file lives
	can be helpful.

	* src/libvirt_private.sym: Reflect recent names.

2013-02-19  Natanael Copa  <ncopa@alpinelinux.org>

	net: use structs for address and port ranges
	We pass over the address/port start/end values many times so we put
	them in structs.

2013-02-19  Natanael Copa  <ncopa@alpinelinux.org>

	net: add support for specifying port range for forward mode nat
	Let users set the port range to be used for forward mode NAT:

	...
	  <forward mode='nat'>
	    <nat>
	      <port start='1024' end='65535'/>
	    </nat>
	  </forward>
	...

2013-02-19  Natanael Copa  <ncopa@alpinelinux.org>

	net: support set public ip range for forward mode nat
	Support setting which public ip to use for NAT via attribute
	address in subelement <nat> in <forward>:

	...
	  <forward mode='nat'>
	      <address start='1.2.3.4' end='1.2.3.10'/>
	  </forward>
	...

	This will construct an iptables line using:

	  '-j SNAT --to-source <start>-<end>'

	instead of:

	  '-j MASQUERADE'

2013-02-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use atomic ops for driver->nactive

	rpc: Avoid deadlock when closing client connection
	We need to drop the server lock before calling virObjectUnlock(client)
	since in case we had the last reference to the client, its dispose
	callback would be called and that could possibly try to lock the server
	and cause a deadlock. This is exactly what happens when there is only
	one QEMU domain running and it is marked to be autodestroyed when the
	connection dies. This results in qemuProcessAutoDestroy ->
	qemuProcessStop -> virNetServerRemoveShutdownInhibition call sequence,
	where the last function locks the server.

	Avoid resetting errors in virTypedParamsFree
	The function does not report any errors so there should be no need too
	reset an existing error first. Moreover, virTypedParamsFree is mostly
	called in cleanup phase where it has the potential to reset any useful
	reported earlier.

	virsh: Always print capacity unit
	It doesn't make sense to print the unit (B) only with Ki, Mi, ...
	prefixes. Even those poor bytes under 1 KiB are still bytes :-)

2013-02-18  Eric Blake  <eblake@redhat.com>

	build: force correct gcc syntax for attribute_nonnull
	Gcc lets you do:

	int ATTRIBUTE_NONNULL(1) foo(void *param);
	int foo(void *param) ATTRIBUTE_NONNULL(1);
	int ATTRIBUTE_NONNULL(1) foo(void *param) { ... }

	but chokes on:

	int foo(void *param) ATTRIBUTE_NONNULL(1) { ... }

	However, since commit eefb881, we have intentionally been disabling
	ATTRIBUTE_NONNULL because of lame gcc handling of the attribute (that
	is, gcc doesn't do decent warning reporting, then compiles code that
	mysteriously fails if you break the contract of the attribute, which
	is surprisingly easy to do), leaving it on only for Coverity (which
	does a much better job of improved static analysis when the attribute
	is present).

	But completely eliding the macro makes it too easy to write code that
	uses the fourth syntax option, if you aren't using Coverity.  So this
	patch forces us to avoid syntax errors, even when not using the
	attribute under gcc.  It also documents WHY we disable the warning
	under gcc, rather than forcing you to find the commit log.

	* src/internal.h (ATTRIBUTE_NONNULL): Expand to empty attribute,
	rather than nothing, when on gcc.

2013-02-18  Guido Günther  <agx@sigxcpu.org>

	qemu: pass "-1" as uid/gid for unprivileged qemu
	so we don't try to change uid/git to 0 when probing capabilities.

2013-02-18  Doug Goldstein  <cardoe@cardoe.com>

	Add capabilities bit for -no-kvm-pit-reinjection
	The conversion to qemuCaps dropped the ability with qemu{,-kvm} 1.2 and
	newer to set the lost tick policy for the PIT. While the
	-no-kvm-pit-reinjection option is depreacated, it is still supported at
	least through 1.4, it is better to not lose the functionality.

	interface: fix udev backend use after free
	udevIfaceListAllInterface() used the udev_device after it had its ref
	count decremented which results in a use after free issue.

	Add autogenerated lxc_protocol.[ch] to gitignore
	/src/lxc/lxc_protocol.[ch] is autogenerated so add it to .gitignore

2013-02-16  John Ferlan  <jferlan@redhat.com>

	security: Remove unnecessary checks for mgr == NULL
	Coverity found the DACGenLabel was checking for mgr == NULL after a
	possible dereference; however, in order to get into the function the
	virSecurityManagerGenLabel would have already dereferenced sec_managers[i]
	so the check was unnecessary. Same check is made in SELinuxGenSecurityLabel.

	virsh: Resolve possible NULL dereference
	Coverity found that commit '41b5e845' had a possible NULL dereference on
	arg->data processing

	vircommand: Remove unnecessary sa_assert
	Changes from commit '3178df9a' removed the need for the sa_assert(infd).

	commandtest: Resolve some coverity resource leaks

	drivermodule: Ignore coverity warning about leaked_storage

2013-02-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix libvirt upgrade path when nwfilter is used
	Between revision 65fb9d49 and before this patch, an upgrade of libvirt while
	VMs are running and instantiating iptables filtering rules due to nwfilter
	rules, may leave stray iptables rules behind when shutting VMs down.
	Left-over iptables rules may look like this:

	Chain FP-vnet0 (1 references)
	target     prot opt source               destination
	DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:122
	ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

	[...]

	Chain libvirt-out (1 references)
	target     prot opt source               destination
	FO-vnet0   all  --  0.0.0.0/0            0.0.0.0/0           [goto]  PHYSDEV match --physdev-out vnet0



	The reason is that the recent nwfilter code only removed filtering rules in
	the libvirt-out chain that contain the --physdev-is-bridged parameter.
	Older rules didn't match and were not removed.

	Note that the user-defined chain FO-vnet0 could not be removed due to the
	reference from the rule in libvirt-out.

	Often the work around may be done through

	service iptables restart
	kill -SIGHUP $(pidof libvirtd)

	This patch now also removes older libvirt versions' iptables rules.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: test backing chain traversal
	Testing our backing chain handling will make it much easier to
	ensure that we avoid issues in the future.  If only I had written
	this test before I first caused several regressions...

	* tests/virstoragetest.c: New test.
	* tests/Makefile.am (test_programs): Build it.
	* .gitignore: Ignore new files.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: don't follow backing chain symlinks too eagerly
	If you have a qcow2 file /path1/to/file pointed to by symlink
	/path2/symlink, and pass qemu /path2/symlink, then qemu treats
	a relative backing file in the qcow2 metadata as being relative
	to /path2, not /path1/to.  Yes, this means that it is possible
	to create a qcow2 file where the choice of WHICH directory and
	symlink you access its contents from will then determine WHICH
	backing file (if any) you actually find; the results can be
	rather screwy, but we have to match what qemu does.

	Libvirt and qemu default to creating absolute backing file
	names, so most users don't hit this.  But at least VDSM uses
	symlinks and relative backing names alongside the
	--reuse-external flags to libvirt snapshot operations, with the
	result that libvirt was failing to follow the intended chain of
	backing files, and then backing files were not granted the
	necessary sVirt permissions to be opened by qemu.

	See https://bugzilla.redhat.com/show_bug.cgi?id=903248 for
	more gory details.  This fixes a regression introduced in
	commit 8250783.

	I tested this patch by creating the following chain:

	ls /home/eblake/Downloads/Fedora.iso # raw file for base
	cd /var/lib/libvirt/images
	qemu-img create -f qcow2 \
	  -obacking_file=/home/eblake/Downloads/Fedora.iso,backing_fmt=raw one
	mkdir sub
	cd sub
	ln -s ../one onelink
	qemu-img create -f qcow2 \
	  -obacking_file=../sub/onelink,backing_fmt=qcow2 two
	mv two ..
	ln -s ../two twolink
	qemu-img create -f qcow2 \
	  -obacking_file=../sub/twolink,backing_fmt=qcow2 three
	mv three ..
	ln -s ../three threelink

	then pointing my domain at /var/lib/libvirt/images/sub/threelink.
	Prior to this patch, I got complaints about missing backing
	files; afterwards, I was able to verify that the backing chain
	(and hence DAC and SELinux relabels) of the entire chain worked.

	* src/util/virstoragefile.h (_virStorageFileMetadata): Add
	directory member.
	* src/util/virstoragefile.c (absolutePathFromBaseFile): Drop,
	replaced by...
	(virFindBackingFile): ...better function.
	(virStorageFileGetMetadataInternal): Add an argument.
	(virStorageFileGetMetadataFromFD, virStorageFileChainLookup)
	(virStorageFileGetMetadata): Update callers.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: refactor metadata lookup
	Prior to this patch, we had the callchains:
	external users
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataFromBuf
	virStorageFileGetMetadataRecurse
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataFromBuf

	However, a future patch wants to add an additional parameter to
	the bottom of the chain, for use by virStorageFileGetMetadataRecurse,
	without affecting existing external callers.  Since there is only a
	single caller of the internal function, we can repurpose it to fit
	our needs, with this patch giving us:

	external users
	  \-> virStorageFileGetMetadataFromFD
	      \-> virStorageFileGetMetadataInternal
	virStorageFileGetMetadataRecurse /
	  \-> virStorageFileGetMetadataInternal

	* src/util/virstoragefile.c (virStorageFileGetMetadataFromFD):
	Move most of the guts...
	(virStorageFileGetMetadataFromBuf): ...here, and rename...
	(virStorageFileGetMetadataInternal): ...to this.
	(virStorageFileGetMetadataRecurse): Use internal helper.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: prepare for refactoring
	virStorageFileGetMetadataFromFD is the only caller of
	virStorageFileGetMetadataFromBuf; and it doesn't care about the
	difference between a return of 0 (total success) or 1
	(metadata was inconsistent, but pointer was populated as best
	as possible); only about a return of -1 (could not read metadata
	or out of memory).  Changing the return type, and normalizing
	the variable names used, will make merging the functions easier
	in the next commit.

	* src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf):
	Change return value, and rename some variables.
	(virStorageFileGetMetadataFromFD): Rename some variables.

2013-02-16  Eric Blake  <eblake@redhat.com>

	storage: rearrange functions
	No semantic change; done so the next patch doesn't need a forward
	declaration of a static function.

	* src/util/virstoragefile.c (virStorageFileProbeFormatFromBuf):
	Hoist earlier.

2013-02-15  Eric Blake  <eblake@redhat.com>

	build: more mingw fixes
	More mingw build failures:

	  CCLD     libvirt-lxc.la
	/usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory

	  CC       virportallocatortest-virportallocatortest.o
	../../tests/virportallocatortest.c: In function 'main':
	../../tests/virportallocatortest.c:195:1: error: implicit declaration of function 'setenv' [-Werror=implicit-function-declaration]

	* src/Makefile.am (GENERATED_SYM_FILES): Also generate
	libvirt_lxc.def.
	* bootstrap.conf (gnulib_modules): Import setenv.

2013-02-15  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	Commits 2025356 and ba72cb12 introduced typos.

	* src/util/virpci.c (virPCIIsVirtualFunction) [!__linux__]: Fix
	function name.
	* src/util/virutil.c (virGetDeviceID): Fix attribute spelling.

2013-02-15  Eric Blake  <eblake@redhat.com>

	build: fix vircommand build on mingw
	  CC       libvirt_util_la-vircommand.lo
	../../src/util/vircommand.c:2358:1: error: 'virCommandHandshakeChild' defined but not used [-Werror=unused-function]

	The function is only implemented inside #ifndef WIN32.

	* src/util/vircommand.c (virCommandHandshakeChild): Hoist earlier,
	so that win32 build doesn't hit an unused forward declaration.

2013-02-15  Eric Blake  <eblake@redhat.com>

	regex: gnulib guarantees that we have regex support
	No need to use HAVE_REGEX_H - our use of gnulib guarantees that
	the header exists and works, regardless of platform.  Similarly,
	we can unconditionally assume a compiling <sys/wait.h> (although
	the mingw version of this header is not full-featured).

	* src/storage/storage_backend.c: Drop useless conditional.
	* tests/testutils.c: Likewise.

2013-02-14  Jiri Denemark  <jdenemar@redhat.com>

	vbox: Don't overwrite errors returned by virDomainDeviceDefParse

2013-02-13  Laine Stump  <laine@laine.org>

	util: maintain caps when running command with uid != 0
	virCommand was previously calling virSetUIDGID() to change the uid and
	gid of the child process, then separately calling
	virSetCapabilities(). This did not work if the desired uid was != 0,
	since a setuid to anything other than 0 normally clears all
	capabilities bits.

	The solution is to use the new virSetUIDGIDWithCaps(), sending it the
	uid, gid, and capabilities bits. This will get the new process setup
	properly.

	Since the static functions virSetCapabilities() and
	virClearCapabilities are no longer called, they have been removed.

	NOTE: When combined with "filecap $path-to-qemu sys_rawio", this patch
	will make CAP_SYS_RAWIO (which is required for passthrough of generic
	scsi commands to a guest - see commits e8daeeb, 177db08, 397e6a7, and
	74e0349) be retained by qemu when necessary. Apparently that
	capability has been broken for non-root qemu ever since it was
	originally added.

2013-02-13  Laine Stump  <laine@laine.org>

	util: virSetUIDGIDWithCaps - change uid while keeping caps
	Normally when a process' uid is changed to non-0, all the capabilities
	bits are cleared, even those explicitly set with calls to
	capng_update()/capng_apply() made immediately before setuid. And
	*after* the process' uid has been changed, it no longer has the
	necessary privileges to add capabilities back to the process.

	In order to set a non-0 uid while still maintaining any capabilities
	bits, it is necessary to either call capng_change_id() (which
	unfortunately doesn't currently call initgroups to setup auxiliary
	group membership), or to perform the small amount of calisthenics
	contained in the new utility function virSetUIDGIDWithCaps().

	Another very important difference between the capabilities
	setting/clearing in virSetUIDGIDWithCaps() and virCommand's
	virSetCapabilities() (which it will replace in the next patch) is that
	the new function properly clears the capabilities bounding set, so it
	will not be possible for a child process to set any new
	capabilities.

	A short description of what is done by virSetUIDGIDWithCaps():

	1) clear all capabilities then set all those desired by the caller (in
	capBits) plus CAP_SETGID, CAP_SETUID, and CAP_SETPCAP (which is needed
	to change the capabilities bounding set).

	2) call prctl(), telling it that we want to maintain current
	capabilities across an upcoming setuid().

	3) switch to the new uid/gid

	4) again call prctl(), telling it we will no longer want capabilities
	maintained if this process does another setuid().

	5) clear the capabilities that we added to allow us to
	setuid/setgid/change the bounding set (unless they were also requested
	by the caller via the virCommand API).

	Because the modification/maintaining of capabilities is intermingled
	with setting the uid, this is necessarily done in a single function,
	rather than having two independent functions.

	Note that, due to the way that effective capabilities are computed (at
	time of execve) for a process that has uid != 0, the *file*
	capabilities of the binary being executed must also have the desired
	capabilities bit(s) set (see "man 7 capabilities"). This can be done
	with the "filecap" command. (e.g. "filecap /usr/bin/qemu-kvm sys_rawio").

2013-02-13  Laine Stump  <laine@laine.org>

	util: drop capabilities immediately after changing uid/gid of child
	This is an interim measure to make sure everything still works in this
	order. The next step will be to perform capabilities drop and
	setuid/gid as a single operation (which is the only way to keep any
	capabilities when switching to a non-root uid).

2013-02-13  Laine Stump  <laine@laine.org>

	qemu: let virCommand set child process security labels/uid/gid
	The qemu driver had been calling virSecurityManagerSetProcessLabel()
	from a "pre-exec hook" function that is run after the child is forked,
	but before exec'ing qemu. This is problematic because the uid and gid
	of the child are set by the security driver, but capabilities are
	dropped by virCommand - such separation doesn't work; the two
	operations must be done together or the capabilities do not transfer
	properly to the child process.

	This patch switches to using virSecurityManagerSetChildProcessLabel(),
	which is called prior to virCommandRun() (rather than being called
	*during* virCommandrun() by the hook function), and doesn't set the
	UID/GID/security label directly, but instead merely informs virCommand
	what it should set them all to when the time is appropriate.

	This lets virCommand choose to do the uid/gid and caps dropping all at
	the same time if it wants (it does *want* to, but isn't doing so yet;
	that's for an upcoming patch).

2013-02-13  Laine Stump  <laine@laine.org>

	security: add new virSecurityManagerSetChildProcessLabel API
	The existing virSecurityManagerSetProcessLabel() API is designed so
	that it must be called after forking the child process, but before
	exec'ing the child. Due to the way the virCommand API works, that
	means it needs to be put in a "hook" function that virCommand is told
	to call out to at that time.

	Setting the child process label is a basic enough need when executing
	any process that virCommand should have a method of doing that. But
	virCommand must be told what label to set, and only the security
	driver knows the answer to that question.

	The new virSecurityManagerSet*Child*ProcessLabel() API is the way to
	transfer the knowledge about what label to set from the security
	driver to the virCommand object. It is given a virCommandPtr, and each
	security driver calls the appropriate virCommand* API to tell
	virCommand what to do between fork and exec.

	1) in the case of the DAC security driver, it calls
	virCommandSetUID/GID() to set a uid and gid that must be set for the
	child process.

	2) for the SELinux security driver, it calls
	virCommandSetSELinuxLabel() to save a copy of the char* that will be
	sent to setexeccon_raw() *after forking the child process*.

	3) for the AppArmor security drivers, it calls
	virCommandSetAppArmorProfile() to save a copy of the char* that will
	be sent to aa_change_profile() *after forking the child process*.

	With this new API in place, we will be able to remove
	virSecurityManagerSetProcessLabel() from any virCommand pre-exec
	hooks.

	(Unfortunately, the LXC driver uses clone() rather than virCommand, so
	it can't take advantage of this new security driver API, meaning that
	we need to keep around the older virSecurityManagerSetProcessLabel(),
	at least for now.)

2013-02-13  Laine Stump  <laine@laine.org>

	util: add security label setting to virCommand
	virCommand gets two new APIs: virCommandSetSELinuxLabel() and
	virCommandSetAppArmorProfile(), which both save a copy of a
	null-terminated string in the virCommand. During virCommandRun, if the
	string is non-NULL and we've been compiled with AppArmor and/or
	SELinux security driver support, the appropriate security library
	function is called for the child process, using the string that was
	previously set. In the case of SELinux, setexeccon_raw() is called,
	and for AppArmor, aa_change_profile() is called.

	This functionality has been added so that users of virCommand can use
	the upcoming virSecurityManagerSetChildProcessLabel() prior to running
	a child process, rather than needing to setup a hook function to be
	called (and in turn call virSecurityManagerSetProcessLabel()) *during*
	the setup of the child process.

2013-02-13  Laine Stump  <laine@laine.org>

	build: define SECDRIVER_LIBS in Makefile.am
	This makes it simpler to include the necessary system security driver
	libraries for a particular system. For this patch, several existing
	conditional sections from the Makfile were replaced; I'll later be
	adding SECDRIVER_LIBS to libvirt_util_la_LIBADD, because vircommand.c
	will be calling a function from $securitylib.

	qemu: replace exec hook with virCommandSetUID/GID in storage_backend

	qemu: replace exec hook with virCommandSetUID/GID in qemuCaps*
	Setting the uid/gid of the child process was the only thing done by
	the hook function in this case, and that can now be done more simply
	with virCommandSetUID/GID.

	util: make virSetUIDGID a NOP only when uid or gid is -1
	Rather than treating uid:gid of 0:0 as a NOP, we blindly pass that
	through to the lower layers. However, we *do* check for a requested
	value of "-1" to mean "don't change this setting". setregid() and
	setreuid() already interpret -1 as a NOP, so this is just an
	optimization, but we are also calling getpwuid_r and initgroups, and
	it's unclear what the former would do with a uid of -1.

2013-02-13  Laine Stump  <laine@laine.org>

	util: add virCommandSetUID and virCommandSetGID
	If a uid and/or gid is specified for a command, it will be set just
	after the user-supplied post-fork "hook" function is called.

	The intent is that this can replace user hook functions that set
	uid/gid. This moves the setting of uid/gid and dropping of
	capabilities closer to each other, which is important since the two
	should really be done at the same time (libcapng provides a single
	function that does both, which we will be unable to use, but want to
	mimic as closely as possible).

2013-02-13  Laine Stump  <laine@laine.org>

	util: refactor virCommandHook into virExec and virCommandHandshakeChild

	util: eliminate extra args from virExec
	All args except "cmd" in the call to virExec are now redundant, since
	they can all be found in cmd, so remove the args and reference the
	data directly in cmd. One exception to this is that "infd" was being
	modified within virExec, and modifying the original in cmd caused make
	check failures, so cmd->infd is copied to a local, and the local is
	used during virExec().

2013-02-13  Laine Stump  <laine@laine.org>

	util: eliminate generic hook from virExecWithHook
	virExecWithHook is only called from one place, so it always has the
	same "hook" function (virHookCommand), and the data sent to that
	function is always a virCommandPtr, so eliminate the function and
	generic data from the arglist, and replace it with "virCommandPtr
	cmd". The call to (hook)(data) is replaced with
	"virHookCommand(cmd)". Finally, virExecWithHook is renamed to virExec.

	Indentation has been updated only for code that will remain after the
	next patch, which will remove all other args to virExec (since they
	are now redundant, as they're all members of virCommandPtr).

2013-02-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove qemuDriverLock from almost everywhere
	With the majority of fields in the virQEMUDriverPtr struct
	now immutable or self-locking, there is no need for practically
	any methods to be using the QEMU driver lock. Only a handful
	of helper APIs in qemu_conf.c now need it

2013-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Don't misuse the eventloop for async IO
	Currently, if a command wants to do asynchronous IO, a callback
	is registered in the libvirtd eventloop to handle writes and
	reads. However, there's a race in virCommandWait. The eventloop
	may already be executing the callback, while virCommandWait is
	mangling internal state of virCommand. To deal with it, we need
	to either introduce locking or spawn a separate thread where we
	poll() on stdio from child. The former, however, requires to
	unlock all mutexes held, as the event loop may execute other
	callbacks which tries to lock one of the mutexes, deadlock and
	thus never wake us up. So it's safer to spawn a separate thread.

2013-02-12  Michal Privoznik  <mprivozn@redhat.com>

	virsh-volume.c: Switch to c99 initialization of vshCmdInfo

	virsh-snapshot.c: Switch to c99 initialization of vshCmdInfo

	virsh-secret.c: Switch to c99 initialization of vshCmdInfo

	virsh-pool.c: Switch to c99 initialization of vshCmdInfo

	virsh-nwfilter.c: Switch to c99 initialization of vshCmdInfo

	virsh-nodedev.c: Switch to c99 initialization of vshCmdInfo

	virsh-network.c: Switch to c99 initialization of vshCmdInfo

	virsh-interface.c: Switch to c99 initialization of vshCmdInfo

	virsh-host.c: Switch to c99 initialization of vshCmdInfo

	virsh-domain.c: Switch to c99 initialization of vshCmdInfo

	virsh-domain-monitor.c: Switch to c99 initialization of vshCmdInfo

	virsh.c: Switch to c99 initialization of vshCmdInfo

	virsh: Switch to c99 initialization of vshCmdDef

2013-02-12  Eric Blake  <eblake@redhat.com>

	xen: clean up the mess with cpumap
	Commit 8b55992f added some Coverity comments to silence what was
	a real bug in the code.  Since then, we've had a miserable run
	of trying to fix the underlying problem (commits c059cde and
	ba5193c), and still have a problem on 32-bit machines.

	This fixes the problem for once and for all, by realizing that
	on older xen, cpumap_t is identical to uint64_t, and using the
	new virendian.h to do the transformation from the API (documented
	to be little-endian) to the host structure.

	* src/xen/xen_hypervisor.c (virXen_setvcpumap): Do the conversion
	correctly.  Finally.

2013-02-12  Eric Blake  <eblake@redhat.com>

	util: use new virendian.h macros
	This makes code easier to read, by avoiding lines longer than
	80 columns and removing the repetition from the callers.

	* src/util/virstoragefile.c (qedGetHeaderUL, qedGetHeaderULL):
	Delete in favor of more generic macros.
	(qcow2GetBackingStoreFormat, qcowXGetBackingStore)
	(qedGetBackingStore, virStorageFileMatchesVersion)
	(virStorageFileGetMetadataInternal): Use new macros.
	* src/cpu/cpu_x86.c (x86VendorLoad): Likewise.

2013-02-12  Eric Blake  <eblake@redhat.com>

	util: add virendian.h macros
	We have several cases where we need to read endian-dependent
	data regardless of host endianness; rather than open-coding
	these call sites, it will be nicer to funnel things through
	a macro.

	The virendian.h file can be expanded to add writer functions,
	and/or 16-bit access patterns, if needed.  Also, if we need
	to turn things into a function to avoid multiple evaluations
	of buf, that can be done later.  But for now, a macro worked.

	* src/util/virendian.h: New file.
	* src/Makefile.am (UTIL_SOURCES): Ship it.
	* tests/virendiantest.c: New test.
	* tests/Makefile.am (test_programs, virendiantest_SOURCES): Run
	the test.
	* .gitignore: Ignore built file.

2013-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Release VM lock before acquiring virDomainObjListPtr lock
	When removing a VM from the virDomainObjListPtr, we must not
	be holding the VM lock while acquiring the list lock. Re-order
	code to ensure that we can release the VM lock early.

2013-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential deadlock across fork() in QEMU driver
	The hook scripts used by virCommand must be careful wrt
	accessing any mutexes that may have been held by other
	threads in the parent process. With the recent refactoring
	there are 2 potential flaws lurking, which will become real
	deadlock bugs once the global QEMU driver lock is removed.

	Remove use of the QEMU driver lock from the hook function
	by passing in the 'virQEMUDriverConfigPtr' instance directly.

	Add functions to the virSecurityManager to be invoked before
	and after fork, to ensure the mutex is held by the current
	thread. This allows it to be safely used in the hook script
	in the child process.

2013-02-12  Eric Blake  <eblake@redhat.com>

	build: fix compilation of selinux on RHEL 5
	On RHEL 5, I got:

	security/security_selinux.c: In function 'getContext':
	security/security_selinux.c:971: warning: unused parameter 'mgr' [-Wunused-parameter]

	* src/security/security_selinux.c (getContext): Mark potentially
	unused parameter.

2013-02-12  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: domain_conf support for CCW
	Add necessary handling code for the new s390 CCW address type to
	virDomainDeviceInfo. Further, introduce  memory management, XML
	parsing, output formatting and range validation for the new
	virDomainDeviceCCWAddress type.

	S390: Documentation for CCW address type
	The native bus for s390 I/O is called CCW (channel command word).
	As QEMU has added basic support for the CCW bus, i.e. the
	ability to assign CCW devnos (bus addresses) to devices.
	Domains with the new machine type s390-ccw-virtio can use the
	CCW bus. Currently QEMU will only allow to define virtio
	devices on the CCW bus.
	Here we add the new machine type and the new device address to the
	schema definition and add a new paragraph to the domain XML
	documentation.

2013-02-11  Eric Blake  <eblake@redhat.com>

	build: fix VPATH testsuite
	'make check' has been failing on VPATH builds since commit
	907a39e7.  The tests already had magic for munging path names,
	but were munging to the wrong location, thus working only on
	an in-tree build.

	* tests/securityselinuxlabeltest.c (testSELinuxMungePath): Munge
	to correct path.

2013-02-11  Eric Blake  <eblake@redhat.com>

	docs: fix 1.0.2 release date
	* docs/news.html.in: Use correct release year.

2013-02-11  Laine Stump  <laine@laine.org>

	build: fix make check of remote_protocol-structs
	Broken by incorrect formatting / spelling of remote_nonnull in commit
	39758e7567b766f1df3948ea671d6ccb93daf7a9

2013-02-11  Guido Günther  <agx@sigxcpu.org>

	Check if classes are derived from object
	This makes sure we don't regress to old style classes

2013-02-11  John Ferlan  <jferlan@redhat.com>

	hypervisor: Restore pm initialization
	Adjustment for 'c059cdeaf' due to older compiler complaint about pm
	not being initialized even though the j&7 == 0 does the trick.

2013-02-11  Osier Yang  <jyang@redhat.com>

	virsh: Use virNodeDeviceLookupSCSIHostByWWN
	Only nodedev-destroy and nodedev-dumpxml can benifit from the
	new API, other commands like nodedev-detach only works for
	PCI devices, WWN makes no sense for them.

	nodedev: Implement virNodeDeviceLookupSCSIHostByWWN
	This just simply changes nodeDeviceLookupByWWN to be not static,
	and its name into nodeDeviceLookupSCSIHostByWWN. And use that for
	udev and HAL backends.

	remote: Wire up the remote protocol
	Like virNodeDeviceCreateXML, virNodeDeviceLookupSCSIHostByWWN
	has to be treated specially when generating the RPC codes. Also
	new rules are added in fixup_name to keep the name SCSIHostByWWN.

2013-02-11  Osier Yang  <jyang@redhat.com>

	Introduce API virNodeDeviceLookupSCSIHostByWWN
	Since the name (like scsi_host10) is not stable for vHBA, (it can
	be changed either after recreating or system rebooting), current
	API virNodeDeviceLookupByName is not nice to use for management app
	in this case. (E.g. one wants to destroy the vHBA whose name has
	been changed after system rebooting, he has to find out current
	name first).

	Later patches will support the persistent vHBA via storage pool,
	with which one can identify the vHBA stably by the wwnn && wwpn
	pair.

	So this new API comes.

2013-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Remove re-entrant API call in SELinux/AppArmor security managers
	The security manager drivers are not allowed to call back
	out to top level security manager APIs, since that results
	in recursive mutex acquisition and thus deadlock. Remove
	calls to virSecurityManagerGetModel from SELinux / AppArmor
	drivers

2013-02-11  John Ferlan  <jferlan@redhat.com>

	hypervisor: Revisit Coverity issues regarding cpumap
	Turns out the issue regarding ptr_arith and sign_exension weren't false
	positives. When shifting an 'unsigned char' as a target, it gets promoted
	to an 'int'; however, that 'int' cannot be shifted 32 bits which was how
	the algorithm was written. For the ptr_arith rather than index into the
	cpumap, change the to address as necessary and assign directly.

	hypervisor: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	xend: Fix a memory leak found by Coverity
	Commit id '87b4c10c' moved the VIR_ALLOC_N, but didn't check if 'cpuset'
	had been allocated on failure.

	xend: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	xm: Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent. Don't type caste the
	privateData.

	inotify: Clean up some function headers

	xs:  Remove redundant validity checks, clean up function headers
	Arguments for driver entry points are checked in libvirt.c, so no need to
	check again. Make function entry points consistent.

2013-02-11  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Reject --no-metadata together with --print-xml
	Manual for "virsh snapshot-create-as" states that --no-metadata and
	--print-xml are incompatible. Honor this detail in the code.

	virsh-snapshot: Refactor some details in virsh snapshot-create-as
	This patch simplifies the creation of XML, some error paths and adds
	correct approach to check for virBuffer errors.

2013-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Pass virQEMUDriverPtr into APIs managed shared disk list
	Currently the APIs for managing the shared disk list take
	a virHashTablePtr as the primary argument. This is bad
	because it requires the caller to deal with locking of
	the QEMU driver. Switch the APIs to take the full
	virQEMUDriverPtr instance

	Serialize execution of security manager APIs
	Add locking to virSecurityManagerXXX APIs, so that use of the
	security drivers is internally serialized. This avoids the need
	to rely on the global driver locks to achieve serialization

	Turn virSecurityManager into a virObjectLockable
	To enable locking to be introduced to the security manager
	objects later, turn virSecurityManager into a virObjectLockable
	class

2013-02-08  Harry Wei  <harryxiyou@gmail.com>

	sheepdog: skip refresh on creation failure
	Don't try to refresh Sheepdog volume if creating volume fails.

2013-02-08  Natanael Copa  <ncopa@alpinelinux.org>

	util: refactor iptables command construction into multiple steps
	Instead of creating an iptables command in one shot, do it in steps
	so we can add conditional options like physdev and protocol.

	This removes code duplication while keeping existing behaviour.

2013-02-08  Laine Stump  <laine@laine.org>

	qemu: support vhost-net for generic ethernet devices
	From qemu's point of view these are still just tap devices, so there's
	no reason they shouldn't work with vhost-net; as a matter of fact,
	Raja Sivaramakrishnan <srajag00@yahoo.com> verified on libvir-list
	that at least the qemu_command.c part of this patch works:

	  https://www.redhat.com/archives/libvir-list/2012-December/msg01314.html

	(the hotplug case is extrapolation on my part).

2013-02-08  Michal Privoznik  <mprivozn@redhat.com>

	network_conf.c: Free xmlDoc after use
	The virNetworkObjUpdateParseFile() function was not freeing the xml
	variable, leaving us with a memory leak.

2013-02-08  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Fix XPath query to determine snapshot state
	The query didn't match the external state correctly for offline internal
	snapshots.

2013-02-08  Daniel P. Berrange  <berrange@redhat.com>

	Stop accessing driver->caps directly in QEMU driver
	The 'driver->caps' pointer can be changed on the fly. Accessing
	it currently requires the global driver lock. Isolate this
	access in a single helper, so a future patch can relax the
	locking constraints.

	Rename 'qemuCapsXXX' to 'virQEMUCapsXXX'
	To avoid confusion between 'virCapsPtr' and 'qemuCapsPtr'
	do some renaming of various fucntions/variables. All
	instances of 'qemuCapsPtr' are renamed to 'qemuCaps'. To
	avoid that clashing with the 'qemuCaps' typedef though,
	rename the latter to virQEMUCaps.

	Turn virCapabilities into a virObject
	To enable virCapabilities instances to be reference counted,
	turn it into a virObject. All cases of virCapabilitiesFree
	turn into virObjectUnref

	Fix comment about virCgroupPtr locking rules in QEMU driver
	The virCgroupPtr instance APIs are safe to use without locking
	in the QEMU driver, since all internal state they rely on is
	immutable. Update the comment to reflect this.

	Fix PKI directory used for QEMU test suite
	The data files for testing QEMU command line generation are
	hardcoded to use /etc/pki, so we should explicitly set that
	in the test case, avoiding the dynamic SYSCONFDIR value.

2013-02-08  Michal Privoznik  <mprivozn@redhat.com>

	virCondDestroy: Lose attribute RETURN_CHECK
	We are wrapping it in ignore_value() anyway.

	Drop useless virFileWrapperFdCatchError
	We are requesting for stderr catching for all cases in
	virFileWrapperFdNew(). There is no need to have a separate
	function just to report an error, esp. when we can do it in
	virFileWrapperFdClose().

2013-02-07  John Ferlan  <jferlan@redhat.com>

	HACKING: Sync with docs/hacking.html.in

2013-02-07  John Ferlan  <jferlan@redhat.com>

	hacking: Add some details to handle Valgrind output
	hacking: Add some text around the running of Valgrind along with example
	output for "real" vs. "false positives".

	cfg.mk: Add hacking.in.html to sc_prohibit_raw_allocation

2013-02-07  John Ferlan  <jferlan@redhat.com>

	valgrind: Adjust the suppression file

	virnetttlcontext: Resolve issues found by Valgrind
	Need to initialize 'usage' and 'critical' since the VIR_DEBUG will
	attempt to use them.

2013-02-07  John Ferlan  <jferlan@redhat.com>

	qemumonitortestutils: Resolve resource leaks found by Valgrind
	When Valgrind runs the 'qemumonitorjsontest' it would claim that the
	thread created is leaked. That's because the virThreadJoin won't get
	called due to the 'running' flag being cleared.  In order to avoid that,
	call virThreadJoin unconditionally at cleanup time.  Also noted that the
	qemuMonitorTestWorker() didn't get the test mutex lock on the failure path.

	The incoming and outgoing buffers allocated by qemuMonitorTestIO() and
	qemuMonitorTestAddReponse() were never VIR_FREE()'d in qemuMonitorTestFree().

2013-02-07  John Ferlan  <jferlan@redhat.com>

	qemumonitorjsontest: Resolve resource leaks found by Valgrind
	The 'package' string returned by qemuMonitorGetVersion() needs to
	be VIR_FREE()'d.

	testQemuMonitorJSONGetMachines(), testQemuMonitorJSONGetCPUDefinitions(),
	and testQemuMonitorJSONGetCommands() did not VIR_FREE() the array and
	array elements allocated by their respective qemuMonitorGet* routines.

2013-02-07  John Ferlan  <jferlan@redhat.com>

	qemu_command: Resolve resource leaks found by Valgrind
	The qemuParseGlusterString() replaced dst->src without a VIR_FREE() of
	what was in there before.

	The qemuBuildCommandLine() did not properly free the boot_buf depending
	on various usages.

	The qemuParseCommandLineDisk() had numerous paths that didn't clean up
	the virDomainDiskDefPtr def properly. Adjust the logic to go through an
	error: label before cleanup in order to free the resource.

2013-02-07  John Ferlan  <jferlan@redhat.com>

	domain_conf: Resolve resource leaks found by Valgrind
	Fix various resource leaks discovered while parsing through Valgrind output

	vport_profile_conf: Resolve memory leak found by Valgrind
	The 'virtPortInterfaceID' was not VIR_FREE()'d

	netdev_vlan_conf: Resolve memory leak found by Valgrind.
	The 'trunk' is filled in with virXPathString() value, but was
	never VIR_FREE()'d.

2013-02-07  John Ferlan  <jferlan@redhat.com>

	qemuxml2argvtest: Resolve resource leaks found by Valgrind
	Valgrind deterimined that fakeSecretGetValue() was using the secret
	value without checking validity.  Returning NULL causes the caller
	to emit a message and results in failure.

	Additionally commit 'b090aa7d' changes leaked vncSASLdir and vncTLSx509certdir

2013-02-07  John Ferlan  <jferlan@redhat.com>

	virnettlscontexttest: Resolve memory leak found by Valgrind
	testTLSDerEncode() will allocate memory for der.data, it wasn't VIR_FREE()'d.
	also don't initialized der to use static buffer.

2013-02-07  Guido Günther  <agx@sigxcpu.org>

	Add syntax-check to make sure Python files don't contain trailing semicolon
	We allow for a trailing semicolon in full line comments since
	docs/index.py has some SQL statements in it.

	Remove more trailing semicolons in Python files

2013-02-07  Peter Krempa  <pkrempa@redhat.com>

	syntax-check: Don't check non-reentrant functions in docs
	Otherwise constructions like "random (used by default)" end up breaking
	syntax check by apparently using non-reentrant functions.

2013-02-07  Guido Günther  <agx@sigxcpu.org>

	Cosmetics: Remove semicolons
	It's Python, not C

2013-02-06  Eric Blake  <eblake@redhat.com>

	build: fix build of HAL node backend
	Commit 2025356 missed uses of PCI functions in the older HAL-related
	code, probably because hal-devel is no longer available in latest Fedora.

	* src/node_device/node_device_hal.c (gather_pci_cap): Reflect
	function rename.

2013-02-06  Eric Blake  <eblake@redhat.com>

	bitmap: add way to find next clear bit
	We had an easy way to iterate set bits, but not for iterating
	cleared bits.

	* src/util/virbitmap.h (virBitmapNextClearBit): New prototype.
	* src/util/virbitmap.c (virBitmapNextClearBit): Implement it.
	* src/libvirt_private.syms (bitmap.h): Export it.
	* tests/virbitmaptest.c (test4): Test it.

2013-02-05  John Ferlan  <jferlan@redhat.com>

	qemu_hotplug: Need to call virUSBDeviceFree()

	rpc: Need to virCommandFree on error path

	uml: Resolve leak if need to requery in umlIdentifyOneChrPTY()
	Coverity noted that in the retry logic loop if res had been set, then
	it could be leaked so add a VIR_FREE(res) prior to retry.

	openvz: Need to error check openvzDomainSetVcpusFlagsInternal()

	parallels: Need to free memory on error path

	network: Remove conditional settings to resolve resource leak
	The conditional setting of cmdout in networkBuildDhcpDaemonCommandLine()
	caused Coverity to complain that 'cmd' could be leaked if !cmdout.  Since
	the function is local and only called with cmdout being passed those checks
	have been removed.

	storage: Resolve resource leaks with cmd processing

	keepalive: Resolve Coverity complaint
	The Coverity analysis emitted a BAD_SIZEOF error when doing the math
	within the TRACE macro. Doing the math outside the macro keeps Coverity quiet.

	tlscontext: Make sure to get proper pointer to 'dname'
	Keep Coverity happy by passing a pointer to 'dname' rather than the
	array itself.  The PROBE expansion would cause a BAD_SIZEOF.

2013-02-05  Jiri Denemark  <jdenemar@redhat.com>

	sanitytest.py: Do not rely on system libvirt
	When running sanitytest.py we should not rely on libvirt library
	installed on the system. And since we generate a nice wrapper called
	"run" that sets both PYTHON_PATH and LD_LIBRARY_PATH, we should just use
	it rather than trying to duplicate it in the Makefile.

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Initialize qemuImageBinary path at startup

	Introduce annotations for virQEMUDriverPtr fields
	Annotate the fields in virQEMUDriverPtr to indicate the locking
	rules for their use

	Protect USB/PCI device list access in QEMU with dedicated locks
	Currently the activePciHostdevs, inactivePciHostdevsd and
	activeUsbHostdevs lists are all implicitly protected by the
	QEMU driver lock. Now that the lists all inherit from the
	virObjectLockable, we can make the locking explicit, removing
	the dependency on the QEMU driver lock for correctness.

	Convert virPCIDeviceList and virUSBDeviceList into virObjectLockable
	To allow modifications to the lists to be synchronized, convert
	virPCIDeviceList and virUSBDeviceList into virObjectLockable
	classes. The locking, however, will not be self-contained. The
	users of these classes will have to call virObjectLock/Unlock
	in the critical regions.

	Rename all USB device functions to have a standard name prefix
	Rename all the usbDeviceXXX and usbXXXDevice APIs to have a
	fixed virUSBDevice name prefix

	Fix leak of usbDevice struct when initializing cgroups
	When iterating over USB host devices to setup cgroups, the
	usbDevice object was leaked in both LXC and QEMU driers

	Rename all PCI device functions to have a standard name prefix
	Rename all the pciDeviceXXX and pciXXXDevice APIs to have a
	fixed virPCIDevice name prefix

	Remove pointless 'qemuVersion' field from virQEMUDriverPtr
	The QEMU driver struct has a 'qemuVersion' field that was previously
	used to cache the version lookup from capabilities. With the recent
	QEMU capabilities rewrite the caching happens at a lower level so
	this field is pointless. Removing it avoids worries about locking
	when updating it.

	Use atomic ops to increment nextvmid
	Use atomic ops to increment nextvmid and encapsulate it in a
	method to prevent accidental non-atomic access

	Make virDomainObjList self-locking via virObjectLockable
	Switch virDomainObjList to inherit from virObjectLockable and
	make all the APIs acquire/release the mutex when running. This
	makes virDomainObjList completely self-locking and no longer
	reliant on the hypervisor driver locks

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Merge virDomainObjListIsDuplicate into virDomainObjListAdd
	The duplicate VM checking should be done atomically with
	virDomainObjListAdd, so shoud not be a separate function.
	Instead just use flags to indicate what kind of checks are
	required.

	This pair, used in virDomainCreateXML:

	   if (virDomainObjListIsDuplicate(privconn->domains, def, 1) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, false)))
	     goto cleanup;

	Changes to

	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
	                                   NULL)))
	     goto cleanup;

	This pair, used in virDomainRestoreFlags:

	   if (virDomainObjListIsDuplicate(privconn->domains, def, 1) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, true)))
	     goto cleanup;

	Changes to

	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
	                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
	                                   NULL)))
	     goto cleanup;

	This pair, used in virDomainDefineXML:

	   if (virDomainObjListIsDuplicate(privconn->domains, def, 0) < 0)
	     goto cleanup;
	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def, false)))
	     goto cleanup;

	Changes to

	   if (!(dom = virDomainObjListAdd(privconn->domains,
	                                   privconn->caps,
	                                   def,
	                                   0, NULL)))
	     goto cleanup;

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in configure.ac causing $LIBS to gain a copy of $CFLAGS
	The virt-dbus.m4 check for DBus was preserving $LIBS before
	modifying it. Except it wasn't. It was preserving another
	copy of $CFLAGS. The result was that after the check completed,
	$LIBS got polluted with $CFLAGS

2013-02-05  Eric Blake  <eblake@redhat.com>

	tests: reserve more fds for commandtest
	Commit 39c77fe triggered random failures, depending on the platform
	and what other fds leak into the testsuite (for me, it passed on
	RHEL 6 but failed on Fedora 18).  The reason was that we were
	expecting an fd that fell outside of our reserved range.  By reserving
	a larger range, the test once again passes on all platforms.

	* tests/commandtest.c (mymain): Reserve enough fds.

2013-02-05  Eric Blake  <eblake@redhat.com>

	qemu: don't log failure during QMP add-fd probe
	Otherwise, we get a lot of scary (but harmless) noise in the logs:

	2013-02-05 15:35:48.555+0000: 8637: error : qemuMonitorJSONCheckError:353 : internal error unable to execute QEMU command 'add-fd': Parameter 'fdset-id' expects an existing fdset-id

	one for every qemu 1.2 binary that we probe.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAddFd): During
	probe, avoid logging failures.

2013-02-05  John Ferlan  <jferlan@redhat.com>

	Add John Ferlan to the committers list

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Turn virDomainObjList into an opaque virObject
	As a step towards making virDomainObjList thread-safe turn it
	into an opaque virObject, preventing any direct access to its
	internals.

	As part of this a new method virDomainObjListForEach is
	introduced to replace all existing usage of virHashForEach

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Rename all domain list APIs to have virDomainObjList prefix
	The APIs names for accessing the domain list object are
	very inconsistent. Rename them all to have a standard
	virDomainObjList prefix.

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a virQEMUDriverConfigPtr object
	Currently the virQEMUDriverPtr struct contains an wide variety
	of data with varying access needs. Move all the static config
	data into a dedicated virQEMUDriverConfigPtr object. The only
	locking requirement is to hold the driver lock, while obtaining
	an instance of virQEMUDriverConfigPtr. Once a reference is held
	on the config object, it can be used completely lockless since
	it is immutable.

	NB, not all APIs correctly hold the driver lock while getting
	a reference to the config object in this patch. This is safe
	for now since the config is never updated on the fly. Later
	patches will address this fully.

2013-02-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix missing error constants in libvirt python module
	The previous change to the generator, changed too much - only
	the functions are in 'virerror.c', the constants remained in
	'virerror.h' which could not be renamed for API compat reasons.

	Add a test case to sanity check the generated python bindings

2013-02-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Catch stderr of image compression binary
	If a compression binary prints something to stderr, currently
	it is discarded. However, it can contain useful data from
	debugging POV, so we should catch it.

	qemu: Catch stderr of image decompression binary
	If a decompression binary prints something to stderr, currently
	it is discarded. However, it can contain useful data from
	debugging POV, so we should catch it.

	virFileWrapperFd: Switch to new virCommandDoAsyncIO
	Commit 34e8f63a32f83 introduced support for catching errors from
	libvirt iohelper. However, at those times there wasn't such fancy
	API as virCommandDoAsyncIO(), so everything has to be implemented
	on our own. But since we do have the API now, we can use it and
	drop our implementation then.

	tests: Create test for virCommandDoAsyncIO
	This is just a basic test, so we don't break virCommand in the
	future. A "Hello world\n" string is written to commanhelper,
	which copies input to stdout and stderr where we read it from.
	Then the read strings are compared with expected values.

	Introduce event loop to commandtest
	This is just preparing environment for the next patch, which is
	going to need an event loop.

2013-02-05  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Introduce virCommandDoAsyncIO
	Currently, if we want to feed stdin, or catch stdout or stderr of a
	virCommand we have to use virCommandRun(). When using virCommandRunAsync()
	we have to register FD handles by hand. This may lead to code duplication.
	Hence, introduce an internal API, which does this automatically within
	virCommandRunAsync(). The intended usage looks like this:

	    virCommandPtr cmd = virCommandNew*(...);
	    char *buf = NULL;

	    ...

	    virCommandSetOutputBuffer(cmd, &buf);
	    virCommandDoAsyncIO(cmd);

	    if (virCommandRunAsync(cmd, NULL) < 0)
	        goto cleanup;

	    ...

	    if (virCommandWait(cmd, NULL) < 0)
	        goto cleanup;

	    /* @buf now contains @cmd's stdout */
	    VIR_DEBUG("STDOUT: %s", NULLSTR(buf));

	    ...

	cleanup:
	    VIR_FREE(buf);
	    virCommandFree(cmd);

	Note, that both stdout and stderr buffers may change until virCommandWait()
	returns.

2013-02-05  Peter Krempa  <pkrempa@redhat.com>

	conf: Use correct type for device type enum in virDomainDeviceDefFree
	With this change it's easy to spot a forgotten free if a new device
	class is added.

2013-02-05  Jiri Denemark  <jdenemar@redhat.com>

	build: Add libcurl dependency to libvirt_driver.la
	libvirt.c calls curl_global_init() if WITH_CURL is defined and thus it
	should be linked with libcurl. This fixes link failure in case neither
	xenapi nor esx driver is enabled (they are the only users of libcurl).

2013-02-05  Jiri Denemark  <jdenemar@redhat.com>

	spec: Fix minor changelog issues
	When a changelog entry references an RPM macro, % needs to be escaped so
	that it does not appear expanded in package changelog.

	Fri Mar  4 2009 is incorrect since Mar 4 was Wednesday. Since
	libvirt-0.6.1 was released on Mar 4 2009, we should change Fri to Wed.

2013-02-04  Martin Kletzander  <mkletzan@redhat.com>

	Add basic support for VDI images
	QEMU is fully capable of handling VDI images and we just refuse to
	work with them.  As qemu-img knows and supports this, there should be
	no problem with this addition.

	This is of course, just basic functionality, without searching for any
	backing files, etc.

2013-02-04  Martin Kletzander  <mkletzan@redhat.com>

	Support shifted magic in storage files
	Some files have the magic shifted to some offset other than 0, so we
	have to support that.  I also cleaned up some lines to be more
	readable and added missing magic for iso file format.

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh-secret: Refactor error paths
	This patch switches string option retrieval to vshCommandOptStringReq
	and refactors some error paths to avoid an unlikely memory leak of a
	secret object in cmdSecretSetValue.

	virsh-nwfilter: Update nwfilter commands to use vshCommandOptStringReq

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Update snapshot commands to use vshCommandOptStringReq
	also avoids potential NULL pointer dereference:

	$ virsh snapshot-current asdf ""
	error: invalid snapshotname argument '(null)'

	by removing the error message in favor of vshCommandOptStringReq

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh-snapshot: Refactor cmdSnapshotDumpXML
	This patch simplifies error paths and switches to use
	vshCommandOptStringReq for argument retrieval in cmdSnapshotDumpXML

	virsh-nodedev: Refactor error paths, error messages and whitespace
	This patch adds some empty lines to separate blocks of code, cleans up
	unnecessary error message constructs in cmdNodeDeviceDetach,
	cmdNodeDeviceReAttach, cmdNodeDeviceReset and refactors error paths in
	cmdNodeDeviceDumpXML.

	virsh-nodedev: Update node device commands to use vshCommandOptStringReq

	virsh-interface: Update interface commands to use vshCommandOptStringReq

	virsh-network: Update network commands to use vshCommandOptStringReq

	virsh-host: Update host commands to use vshCommandOptStringReq

	virsh-domain: Update domain commands to use vshCommandOptStringReq

	virsh-domain-monitor: Update domain commands to use vshCommandOptStringReq

	virsh-volume: Update volume commands to use vshCommandOptStringReq

	virsh-pool: Update pool commands to use vshCommandOptStringReq
	Rework most of option string retrievals to the new helper.

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add helper to request string arguments with error reporting
	This patch adds a helper function with similar semantics to
	vshCommandOptString that requests a string argument, but does some error
	reporting without the need to do it in the functions themselves.

	The error reporting also provides information about the parameter whose
	retrieval failed.

2013-02-04  Peter Krempa  <pkrempa@redhat.com>

	virsh-pool: Rename helper function buildPoolXML to vshBuildPoolXML

	virsh-volume: Rename helper function makeCloneXML to vshMakeCloneXML

	virsh-snapshot: Fix coding style and remove dead code
	buffer won't be NULL in any case when reaching the check and the first
	block of the if statement was lacking parentheses

2013-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Simplify hypervPrivate pointer handling in hypervOpen

2013-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify esxPrivate pointer handling in esxOpen
	Commit 4445e16bfa8056980ac643fabf17186f9e685925 changed the signature
	of esxConnectToHost and esxConnectToVCenter by replacing the esxPrivate
	pointer with virConnectPtr. The esxPrivate pointer was then retrieved
	again from virConnectPtr's privateData. This resulted in a NULL pointer
	dereference, because the privateData pointer was not yet initialized at
	the point where esxConnectToHost and esxConnectToVCenter are called.

	This was fixed in commit b126715a48cd0cbe32ec6468c267cd8cf2961c55 that
	moved the initialization of privateData before the problematic calls.

	Simplify the logic by making the call to esxFreePrivate unconditional and
	changing esxConnectToHost and esxConnectToVCenter back to take a esxPrivate
	pointer directly. This allows to assign esxPrivate to the virConnectPtr's
	privateData pointer as one of the last steps in esxOpen making it more
	obvious that it is not initialized during the earlier steps of esxOpen.

2013-02-02  Eric Blake  <eblake@redhat.com>

	docs: don't ignore virEvent API
	Commit 6094ad7b (0.9.3 release) promoted several functions from
	internal to public, but forgot to fix the documentation generator
	to provide details about those functions.

	For an example of what this fixes, look at:
	file:///path/to/libvirt/docs/html/libvirt-libvirt.html#virEventAddHandle
	before and after the patch.

	* docs/apibuild.py (ignored_functions): Don't ignore functions
	that were turned into official API.
	* src/util/virevent.c: Fix comments to pass through parser.

2013-02-01  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
	that runs a regex search on user input while in a multibyte locale.
	I'm not sure how hard it would be to trigger such a setup for
	libvirtd, but rather than risk things, we can avoid the issue:
	gnulib has worked around the problem, and by updating to the latest
	gnulib, we can avoid the bug even on platforms where glibc has yet
	to be patched.

	* .gnulib: Update to latest, for various fixes, including regex.
	* bootstrap: Resync from upstream.

2013-02-01  Claudio Bley  <cbley@av-test.de>

	docs: use div, not table, for notices on opaque types
	It's simpler to render and it prevents wrapping the line too early
	because of the table spacing, border et cetera.

	docs: abort when missing return or argument documentation
	When a function has no associated information to one of its
	arguments or its return type we report it and stop with an error.

	libvirt.h.in: document virConnectDomainEventCallback's return value

	libvirt.h.in: add missing return doc for virEventRemoveHandleFunc

2013-02-01  Claudio Bley  <cbley@av-test.de>

	libvirt.h.in: fix documentation for virConnectDomainEventBlockJobCallback
	In commit 3ac26e2645e6456389a918455213d7e3824f63f9 parameter "path" was
	renamed to "disk" but this change was not reflected in the documentation.

	Additionally, documentation of the "opaque" parameter was missing.

2013-02-01  Claudio Bley  <cbley@av-test.de>

	libvirt.h.in: add missing documentation for virConnectCloseFunc

2013-01-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add support for QEMU -add-fd support detection
	Add support for QEMU -add-fd command line parameter detection.
	This intentionally rejects qemu 1.2, where 'add-fd' QMP did
	not allow full control of set ids, and where there was no command
	line counterpart, but accepts qemu 1.3.

2013-01-31  Eric Blake  <eblake@redhat.com>

	qemu: expose qemu 1.3 add-fd monitor command
	Add entry points for calling the qemu 'add-fd' and 'remove-fd'
	monitor commands.  There is no entry point for 'query-fdsets';
	the assumption is that a developer can use
	 virsh qemu-monitor-command domain '{"execute":"query-fdsets"}'
	when debugging issues, and that meanwhile, libvirt is responsible
	enough to remember what fds it associated with what fdsets.
	Likewise, on the 'add-fd' command, it is assumed that libvirt
	will always pass a set id, rather than letting qemu autogenerate
	the next available id number.

	* src/qemu/qemu_monitor.c (qemuMonitorAddFd, qemuMonitorRemoveFd):
	New functions.
	* src/qemu/qemu_monitor.h (qemuMonitorAddFd, qemuMonitorRemoveFd):
	New prototypes.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAddFd)
	(qemuMonitorJSONRemoveFd): New functions.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddFd)
	(qemuMonitorJSONRemoveFd): New prototypes.

2013-01-31  Eric Blake  <eblake@redhat.com>

	tests: add a comment about our fake qmp
	While testing QMP, I used a simple qemu session of
	'qemu-kvm -M none -nodefaults -nographic -qmp stdio'
	for some experiments.  But it took me far too long to remember
	the magic invocation to unlock QMP into accepting normal commands.
	While I was able to grep libvirt sources and easily find where
	libvirt expects the normal "QMP" greeting, I could not find the
	proper reply to that greeting nearby.

	Reading the testsuite didn't help either, since there we don't
	emulate the mandatory handshake.  But since my grep hit the
	testsuite, adding a bit of documentation will make it much easier
	to jog my memory in the future.

	* tests/qemumonitortestutils.c (QEMU_JSON_GREETING): Mention that
	the normal counterpart reply is skipped.

2013-01-31  Jiri Denemark  <jdenemar@redhat.com>

	spec: Avoid using makeinstall relic
	The macro was made to help installing broken packages that did not use
	DESTDIR correctly by overriding individual path variables (prefix,
	sysconfdir, ...). Newer rpm provides fixed make_install macro that calls
	make install with just the correct DESTDIR, however it is not available
	everywhere (e.g., RHEL 5 does not have it). On the other hand the
	make_install macro is simple and straightforward enough for us to use
	its expansion directly.

2013-01-31  Serge Hallyn  <serge.hallyn@canonical.com>

	complete virterror->virerror name change
	Without these two string changes in generator.py, the
	virGetLastError wrapper does not get created in
	/usr/share/pyshared/libvirt.py.  Noticed when running
	tests with virt-install.

2013-01-31  Jiri Denemark  <jdenemar@redhat.com>

	tests: Don't build securityselinuxlabeltest without qemu
	Sources for securityselinuxlabeltest are only defined if qemu driver is
	enabled so we should not try to build the test if qemu driver is
	disabled.

2013-01-31  Claudio Bley  <cbley@av-test.de>

	apibuild.py: fix TypeError raised in except clause
	When an exception happened inside the try clause in serialize_function,
	a new exception was raised in the except clause subsequently:

	Traceback (most recent call last):
	  File "./apibuild.py", line 2529, in <module>
	    rebuild("libvirt")
	  File "./apibuild.py", line 2513, in rebuild
	    builder.serialize()
	  File "./apibuild.py", line 2467, in serialize
	    self.serialize_function(output, function)
	  File "./apibuild.py", line 2208, in serialize_function
	    self.warning("Failed to save function %s info: " % name, `id.info`)
	TypeError: warning() takes exactly 2 arguments (3 given)

	Use the correct number of arguments for self.warning and print the
	original exception to stderr.

2013-01-30  John Ferlan  <jferlan@redhat.com>

	Enforce return check on virAsprintf() calls
	Way back when I started making changes for Coverity messages my first set
	were to a bunch of CHECKED_RETURN errors.  In particular virAsprintf() had
	a few callers that Coverity noted didn't check their return (although some
	did check if the buffer being printed to was NULL or not).

	It was suggested at the time as a further patch an ATTRIBUTE_RETURN_CHECK
	should be added to virAsprintf(), see:

	https://www.redhat.com/archives/libvir-list/2013-January/msg00120.html

	This patch does that and fixes a few more instances not found by Coverity
	that failed the check.

2013-01-30  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix mask for 172.16.0.0 private address range
	https://bugzilla.redhat.com/show_bug.cgi?id=905708

	Only the first 12 bits should be set in the mask for this range. All
	addresses between 172.16.0.0 and 172.31.255.255 are private.

2013-01-30  Peter Krempa  <pkrempa@redhat.com>

	snapshot: Mention disk-only snapshots in error message
	When a disk-only snapshot is requested the domain is treated as if it
	was offline. This forbids to mix memory checkpoints with the DISK_ONLY
	flag.

	This patch improves the error message and mentions the restriction in
	the virsh man page.

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	Sync HACKING and hacking.html.in
	After one last-minute change, only HACKING was updated and not
	hacking.html.in, so this patch synchronizes that.

2013-01-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated localizations

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	Ignore '.trs' files
	When doing checks with automake, there are '<testname>.trs' files left
	behind, that might or might not be usable, however these show up in
	'git status' even though we definitely don't want them to be tracked
	in the repository'.  Automake adds the '--trs-files' option by default
	since commit 0c81b43f711fb861f04227ced8dba889596d9c43 [1], which
	consequently (from 1.13 in my case) started leaving these files behind
	along with '<testname>.log' files as well (which we already ignore).

	[1] http://git.savannah.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=0c81b43

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	docs: aesthetical cleanups
	Adding dots inside "exempli gratia" where missing.  While on that, I
	took the liberty of changing it where found with simple grep.

2013-01-30  Martin Kletzander  <mkletzan@redhat.com>

	conf: Don't format cputune element when not needed
	Commit 60b176c3d0f0d5037acfa5e27c7753f657833a0b introduced a bug that
	when editing an XML with cputune similar to this:

	...
	  <vcpu placement='static' current='1'>2</vcpu>
	  <cputune>
	    <vcpupin vcpu="1" cpuset="0"/>
	  </cputune>
	...

	results in formatted XML that looks like this:

	...
	  <vcpu placement='static' current='1'>2</vcpu>
	  <cputune>
	  </cputune>
	...

	That is caused by a condition depending on def->cputune.vcpupin being
	set rather than checking def->cputune.nvcpupin.  Notice that nvcpupin
	can be 0 and vcpupin can still be allocated since it's a pointer to an
	array, so no harm done there.

	I also changed it on other places in the code where it depended on the
	wrong variable.

2013-01-30  Claudio Bley  <cbley@av-test.de>

	docs: fix missed documentation for virterror functions
	Commit f24404a3244b50c1d6d3a735445b02450ac40981 renamed virterror.c to
	virerror.c but forgot to change the reference in this file.

2013-01-30  Doug Goldstein  <cardoe@cardoe.com>

	virlog: remove old code comment
	Setting the log output prefix to 0 is not supported and in fact results
	in the following message:
	warning : virLogParseOutputs:1021 : Ignoring invalid log output setting.

2013-01-29  Jiri Denemark  <jdenemar@redhat.com>

	build: Regenerate man pages on version bump
	Whenever libvirt version changes in configure.ac, we need to regenerate
	man pages so that they contain correct version info.

2013-01-29  Ján Tomko  <jtomko@redhat.com>

	conf: Fix cpumask leak in virDomainDefFree
	def->cpumask is a bitmap and needs to be freed by virBitmapFree.

2013-01-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Destroy domain on decompression binary error
	https://bugzilla.redhat.com/show_bug.cgi?id=894723

	Currently, if qemuProcessStart() succeeds, but it's decompression
	binary that returns nonzero status, we don't kill the qemu process,
	but remove it from internal domain list, leaving the qemu process
	hanging around totally uncontrolled.

2013-01-28  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix crash on error paths of message dispatching
	This patch resolves CVE-2013-0170:
	https://bugzilla.redhat.com/show_bug.cgi?id=893450

	When reading and dispatching of a message failed the message was freed
	but wasn't removed from the message queue.

	After that when the connection was about to be closed the pointer for
	the message was still present in the queue and it was passed to
	virNetMessageFree which tried to call the callback function from an
	uninitialized pointer.

	This patch removes the message from the queue before it's freed.

	* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
	    - avoid use after free of RPC messages

2013-01-28  Osier Yang  <jyang@redhat.com>

	rng: Change the datatype for volume name for common use
	The "volName" will be used by later patch.

	eng: Remove the duplicate definition
	The RE for data type "name" storagepool.rng uses is same with
	"genericName" in basictypes.rng.

2013-01-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu_hotplug: Rework media changing process
	https://bugzilla.redhat.com/show_bug.cgi?id=892289

	It seems like with new udev within guest OS, the tray is locked,
	so we need to:
	- 'eject'
	- wait for tray to open
	- 'change'

	Moreover, even when doing bare 'eject', we should check for
	'tray_open' as guest may have locked the tray. However, the
	waiting phase shouldn't be unbounded, so I've chosen 10 retries
	maximum, each per 500ms. This should give enough time for guest
	to eject a media and open the tray.

2013-01-26  Eric Blake  <eblake@redhat.com>

	maint: one missed syms file
	Commit f0aa493 missed a file.

	* src/libvirt_driver_modules.syms: Add editor hint.

2013-01-26  John Ferlan  <jferlan@redhat.com>

	vbox: Adjust the UTF FREE macros
	Adjust the macros to free memory allocated during various calls to
	perform the check if parameter is NULL prior to really freeing and to
	set the pointer to NULL after done freeing.

2013-01-25  John Ferlan  <jferlan@redhat.com>

	vbox: Address false positive for NULL dereference
	Resolve a false positive from 'vboxIIDFromUUID_v2_x()'. The code sets
	'iid->value = &iid->backing' unconditionally prior to calling 'nsIDFromChar()'.
	The 'vboxIIDUnalloc_v2_x()' checks iid->value to not be &iid->backing. The
	iid->backing is a static buffer within the initialized structure.

2013-01-25  Guido Günther  <agx@sigxcpu.org>

	Make sure we only abort without libcurl if $with_esx = yes

2013-01-25  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add --print-xml flag for attach-disk command
	The flag causes the XML of the disk that would be attached to be printed
	instead.

2013-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: Domain event handler improvements
	Since libxl provides the domain ID in the event handler callback,
	find the domain object based on the ID.  This approach prevents
	processing the callback on a domain that has already been reaped.

	Also, similar to the xl implementation, ignore the SUSPEND shutdown
	reason.  By calling libxl_domain_suspend(), we know a shutdown
	event with SUSPEND reason will be generated, but it can be safely
	ignored since any subsequent cleanup will be done by the callers.

2013-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix removing non-persistent domain after save
	libxlDoDomainSave() was removing non-persistent domains, but
	required callers to have the virDomainObj locked.  Callers could
	potentially unlock an already freed virDomainObj.  Move this
	logic to the callers of libxlDoDomainSave().

	libxl: Explicitly remove timeouts
	I've noticed that libxl can invoke timeout reregister/modify hooks
	after returning from libxl_ctx_free.  Explicitly remove the
	timeouts before freeing the libxl ctx to avoid executing hooks on
	stale objects.

2013-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix race between destruction of objects
	It is possible to destroy and cleanup a VM, resulting in freeing the
	libxlDomainObjPrivate object and associated libxl ctx, before all fds and
	timeouts have been deregistered and destroyed.

	Fix this race by incrementing the reference count on libxlDomainObjPrivate
	for each fd and timeout registration.  Only when all fds and timeouts are
	deregistered and destroyed will the libxlDomainObjPrivate be destroyed.

2013-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix races in libxl event code
	The libxl driver is racy in it's interactions with libxl and libvirt's
	event loop.  The event loop can invoke callbacks after libxl has
	deregistered the event, and possibly access freed data associated with
	the event.

	This patch fixes the race by converting libxlDomainObjPrivate to a
	virObjectLockable, and locking it while executing libxl upcalls and
	libvirt event loop callbacks.

	Note that using the virDomainObj lock is not satisfactory since it may
	be desirable to hold the virDomainObj lock even when libxl events such
	as reading and writing to xenstore need processed.

2013-01-25  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix handling of timeouts
	xen-unstable changeset 26469 makes changes wrt modifying and deregistering
	timeouts.

	First, timeout modify callbacks will only be invoked with an
	abs_t of {0,0}, i.e. make the timeout fire immediately.  Prior to this
	commit, timeout modify callbacks were never invoked.

	Second, timeout deregister hooks will no longer be called.

	This patch makes changes in the libvirt libxl driver that should be
	compatible before and after changeset 26469.

	While at it, fix a potential overflow in the timeout register callback.

2013-01-25  Eric Blake  <eblake@redhat.com>

	conf: avoid NULL deref for pmsuspended domain state
	While working with a pmsuspend vs. snapshot issue, I noticed that
	the state file in /var/run/libvirt/qemu/dom.xml contained a rather
	suspicious "(null)" string, which does not round-trip well through
	a libvirtd restart.  Had I been on a platform other than glibc
	where printf("%s",NULL) crashes instead of printing (null), we might
	have noticed the problem much sooner.

	And in fixing that problem, I also noticed that we had several
	missing states, because we were #defining several *_LAST names
	to a value _different_ than what they were already given as enums
	in libvirt.h.  Yuck.  I got rid of default: labels in the case
	statements, because they get in the way of gcc's -Wswitch helping
	us ensure we cover all enum values.

	* src/conf/domain_conf.c (virDomainStateReasonToString)
	(virDomainStateReasonFromString): Fill in missing domain states;
	rewrite case statement to let compiler enforce checking.
	(VIR_DOMAIN_NOSTATE_LAST, VIR_DOMAIN_RUNNING_LAST)
	(VIR_DOMAIN_BLOCKED_LAST, VIR_DOMAIN_PAUSED_LAST)
	(VIR_DOMAIN_SHUTDOWN_LAST, VIR_DOMAIN_SHUTOFF_LAST)
	(VIR_DOMAIN_CRASHED_LAST): Drop dead defines.
	(VIR_DOMAIN_PMSUSPENDED_LAST): Drop dead define.
	(virDomainPMSuspendedReason): Add missing enum function.
	(virDomainRunningReason, virDomainPausedReason): Add missing enum
	value.
	* src/conf/domain_conf.h (virDomainPMSuspendedReason): Declare
	missing functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.

2013-01-25  Eric Blake  <eblake@redhat.com>

	maint: make it easier to sort syms files
	I got bit by 'make check' complaining that the sort order I got
	by emacs' sort-lines function differed from expectations.

	* src/libvirt_private.syms: Add emacs trailer.
	* src/libvirt_atomic.syms: Likewise.
	* src/libvirt_daemon.syms: Likewise.
	* src/libvirt_esx.syms: Likewise.
	* src/libvirt_libssh2.syms: Likewise.
	* src/libvirt_linux.syms: Likewise.
	* src/libvirt_openvz.syms: Likewise.
	* src/libvirt_sasl.syms: Likewise.
	* src/libvirt_vmx.syms: Likewise.
	* src/libvirt_xenxs.syms: Likewise.

2013-01-25  Michal Privoznik  <mprivozn@redhat.com>

	qemu_monitor: Fix tray-open attribute in query-block
	With our code, we fail to query for tray-open attribute currently.
	That's because in HMP it is 'tray-open' and in QMP it's 'tray_open'.
	It always has been. However, we got it exactly the opposite.

2013-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix bogus reporting of KVM support for non-native emulators
	A logic bug meant we reported KVM was possible for every
	architecture, merely based on whether the query-kvm command
	exists. We should instead have been doing it based on whether
	the query-kvm command returns 'present: 1'

	Move QEMU capabilities initialization later in QEMU startup
	Currently QEMU capabilities are initialized before the QEMU driver
	sets ownership on its various directories. The upshot is that if
	you change the user/group in the qemu.conf file, libvirtd will fail
	to probe QEMU the first time it is run after the config change.
	Moving QEMU capabilities initialization to after the chown() calls
	fixes this

2013-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix performance & reliabilty of QMP probing
	This previous commit

	  commit 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9
	  Author: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
	  Date:   Mon Nov 26 15:17:13 2012 +0100

	    qemu: Fix QMP Capabability Probing Failure

	which attempted to make sure the QEMU process used for probing
	ran as the right user id, caused serious performance regression
	and unreliability in probing. The -daemonize switch in QEMU
	guarantees that the monitor socket is present before the parent
	process exits. This means libvirtd is guaranteed to be able to
	connect immediately. By switching from -daemonize to the
	virCommandDaemonize API libvirtd was no longer synchronized with
	QEMU's startup process. The result was that the QEMU monitor
	failed to open and went into its 200ms sleep loop. This happened
	for all 25 binaries resulting in 5 seconds worth of sleeping
	at libvirtd startup. In addition sometimes when libvirt connected,
	QEMU would be partially initialized and crash causing total
	failure to probe that binary.

	This commit reverts the previous change, ensuring we do use the
	-daemonize flag to QEMU. Startup delay is cut from 7 seconds
	to 2 seconds on my machine, which is on a par with what it was
	prior to the capabilities rewrite.

	To deal with the fact that QEMU needs to be able to create the
	pidfile, we switch pidfile location fron runDir to libDir, which
	QEMU is guaranteed to be able to write to.

2013-01-25  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainSendKey: Relax the qemu driver locking
	Currently, there is no reason to hold qemu driver locked
	throughout whole API execution. Moreover, we can use the
	new qemuDomObjFromDomain() internal API to lookup domain then.

2013-01-25  Satoru Moriya  <satoru.moriya@hds.com>

	node_memory: Add '\n' to help message
	Linefeed is missed in the help of node-memory-tune.
	This patch just adds '\n' to get a correct help message.

2013-01-25  Josh Durgin  <josh.durgin@inktank.com>

	qemu: escape ipv6 for rbd network disk hosts
	Hosts for rbd are ceph monitor daemons. These have fixed IP addresses,
	so they are often referenced by IP rather than hostname for
	convenience, or to avoid relying on DNS. Using IPv4 addresses as the
	host name works already, but IPv6 addresses require rbd-specific
	escaping because the colon is used as an option separator in the
	string passed to qemu.

	Escape these colons, and enclose the IPv6 address in square brackets
	so it is distinguished from the port, which is currently mandatory.

	Acked-by: Osier Yang <jyang@redhat.com>

2013-01-25  Eric Blake  <eblake@redhat.com>

	snapshot: fix state after external snapshot of S3 domain
	https://bugzilla.redhat.com/show_bug.cgi?id=876829 complains that
	if a guest is put into S3 state (such as via virsh dompmsuspend)
	and then an external snapshot is taken, qemu forcefully transitions
	the domain to paused, but libvirt doesn't reflect that change
	internally.  Thus, a user has to use 'virsh suspend' to get libvirt
	back in sync with qemu state, and if the user doesn't know this
	trick, then the guest appears hung.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateActiveExternal):
	Track fact that qemu wakes up a suspended domain on migration.

2013-01-24  John Ferlan  <jferlan@redhat.com>

	locking: use virStrcpyStatic instead of memcpy

2013-01-24  Jiri Denemark  <jdenemar@redhat.com>

	python: Fix bindings for virDomainSnapshotGet{Domain,Connect}
	https://bugzilla.redhat.com/show_bug.cgi?id=895882

	virDomainSnapshot.getDomain() and virDomainSnapshot.getConnect()
	wrappers around virDomainSnapshotGet{Domain,Connect} were not supposed
	to be ever implemented. The class should contain proper domain() and
	connect() accessors that fetch python objects stored internally within
	the class. While domain() was already provided, connect() was missing.

	This patch adds connect() method to virDomainSnapshot class and
	reimplements getDomain() and getConnect() methods as aliases to domain()
	and connect() for backward compatibility.

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash free'ing securityDriverNames in QEMU driver
	The previous fix to avoid leaking securityDriverNames forgot to
	handle the case of securityDriverNames being NULL, leading to
	a crash

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Make python objects inherit from 'object' base class
	As of python >= 2.2, it is recommended that all objects inherit
	from the 'object' base class. We already require python >= 2.3
	for libvirt for thread macro support, so we should follow this
	best practice.

	See also

	  http://stackoverflow.com/questions/4015417/python-class-inherits-object

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of securityDriverNames
	When shutting down, the QEMU driver forgot to free the
	securityDriverNames string list

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Avoid use of free'd memory in auto destroy callback
	The autodestroy callback code has the following function
	called from a hash iterator

	  qemuDriverCloseCallbackRun(void *payload,
	                             const void *name,
	                             void *opaque)
	  {
	    ...
	    char *uuidstr = name
	    ...

	    dom = closeDef->cb(data->driver, dom, data->conn);
	    if (dom)
	        virObjectUnlock(dom);

	    virHashRemoveEntry(data->driver->closeCallbacks, uuidstr);
	  }

	The closeDef->cb function may well cause the current callback
	to be removed, if it shuts down 'dom'. As such the use of
	'uuidstr' in virHashRemoveEntry is accessing free'd memory.
	We must make a copy of the uuid str before invoking the
	callback to be safe.

2013-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Ensure nodeinfo struct is initialized to zero
	When linuxNodeInfoCPUPopulate() method triggered use of an
	uninitialize value, since it did not initialize the 'sockets'
	field in the virNodeInfoPtr struct:

	==30020== Conditional jump or move depends on uninitialised value(s)
	==30020==    at 0x5125DBD: linuxNodeInfoCPUPopulate (nodeinfo.c:513)
	==30020==    by 0x51261A0: nodeGetInfo (nodeinfo.c:884)
	==30020==    by 0x149B9B10: qemuCapsInit (qemu_capabilities.c:846)
	==30020==    by 0x14A11B25: qemuCreateCapabilities (qemu_driver.c:424)
	==30020==    by 0x14A12426: qemuStartup (qemu_driver.c:874)
	==30020==    by 0x512A7AF: virStateInitialize (libvirt.c:822)
	==30020==    by 0x40DE04: daemonRunStateInit (libvirtd.c:877)
	==30020==    by 0x50ADCE5: virThreadHelper (virthreadpthread.c:161)
	==30020==    by 0x328CA07D14: start_thread (pthread_create.c:308)
	==30020==    by 0x328C6F246C: clone (clone.S:114)
	(happened twice)

	        if (socks > nodeinfo->sockets)    <--- here
	            nodeinfo->sockets = socks;

	Rather than doing this for each field, just make the caller memset
	the entire struct to zero.

2013-01-24  Jiri Denemark  <jdenemar@redhat.com>

	selinux: Properly indent preprocessor directives

	apparmor: Avoid freeing uninitialized pointer

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	xen: Actually fix the uninitialized variable
	0eedb1d9bff672b24d6957dfaa0a8b42d9e851a7 fixed the wrong variable

	xen: Initialize variable before using
	Commit 87b4c10c6cf02251dd8c29b5b895bebc6ec297f9 added code that may call
	the virCapabilitiesClearHostNUMACellCPUTopology function with
	uninitialized second argument. Although the value wouldn't be used some
	compilers whine about that.

2013-01-24  Richard W.M. Jones  <rjones@redhat.com>

	selinux: Only create the selabel_handle once.
	According to Eric Paris this is slightly more efficient because it
	only loads the regular expressions in libselinux once.

2013-01-24  John Ferlan  <jferlan@redhat.com>

	parallels_utils: Check return status properly from virCommandRun()

	util: Need to add virCommandFree()

	storage: Need to add virCommandFree()

	security: Need to add virCommandFree()

2013-01-24  John Ferlan  <jferlan@redhat.com>

	parallels: Resolve some resource leaks
	Be sure to VIR_FREE(accel) and moved virDomainVideoDefFree() within no_memory
	label to be consistent

	Resolve resource leak in parallelsApplyIfaceParams() when the 'oldnet' is
	allocated locally. Also virCommandFree(cmd) as necessary.

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	test: Add support for thread and core information for the test driver
	This patch adds demo processor topology information for the test driver.

	capabilities: Add additional data to the NUMA topology info
	This patch adds data gathering to the NUMA gathering files and adds
	support for outputting the data. The test driver and xend driver need to
	be adapted to fill sensible data to the structure in a future patch.

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	capabilities: Switch CPU data in NUMA topology to a struct
	This will allow storing additional topology data in the NUMA topology
	definition.

	This patch changes the storage type and fixes fallout of the change
	across the drivers using it.

	This patch also changes semantics of adding new NUMA cell information.
	Until now the data were re-allocated and copied to the topology
	definition. This patch changes the addition function to steal the
	pointer to a pre-allocated structure to simplify the code.

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	conf: Split out NUMA topology formatting to simplify access to data

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	schemas: Add schemas for more CPU topology information in the caps XML
	This patch adds RNG schemas for adding more information in the topology
	output of the NUMA section in the capabilities XML.

	The added elements are designed to provide more information about the
	placement and topology of the processors in the system to management
	applications.

	A demonstration of supported XML added by this patch:
	<capabilities>
	  <host>
	    <topology>
	      <cells num='3'>
	        <cell id='0'>
	          <cpus num='4'> <!-- this is node with Hyperthreading -->
	            <cpu id='0' socket_id='0' core_id='0' siblings='0-1'/>
	            <cpu id='1' socket_id='0' core_id='0' siblings='0-1'/>
	            <cpu id='2' socket_id='0' core_id='1' siblings='2-3'/>
	            <cpu id='3' socket_id='0' core_id='1' siblings='2-3'/>
	          </cpus>
	        </cell>
	        <cell id='1'>
	          <cpus num='4'> <!-- this is node with modules (Bulldozer) -->
	            <cpu id='4' socket_id='0' core_id='2' siblings='4-5'/>
	            <cpu id='5' socket_id='0' core_id='3' siblings='4-5'/>
	            <cpu id='6' socket_id='0' core_id='4' siblings='6-7'/>
	            <cpu id='7' socket_id='0' core_id='5' siblings='6-7'/>
	          </cpus>
	         </cell>
	        <cell id='2'>
	          <cpus num='4'> <!-- this is a normal multi-core node -->
	            <cpu id='8' socket_id='1' core_id='0' siblings='8'/>
	            <cpu id='9' socket_id='1' core_id='1' siblings='9'/>
	            <cpu id='10' socket_id='1' core_id='2' siblings='10'/>
	            <cpu id='11' socket_id='1' core_id='3' siblings='11'/>
	          </cpus>
	         </cell>
	      </cells>
	    </topology>
	  </host>
	</capabilities>

	The socket_id field represents identification of the physical socket the
	CPU is plugged in. This ID may not be identical to the physical socket
	ID reported by the kernel.

	The core_id identifies a core within a socket. Also this field may not
	accurately represent physical ID's.

	The core_id is guaranteed to be unique within a cell and a socket. There
	may be duplicates between sockets. Only cores sharing core_id within one
	cell and one socket can be considered as threads. Cores sharing core_id
	within sparate cells are distinct cores.

	The siblings field is a list of CPU id's the cpu id's the CPU is sibling
	with - thus a thread. The list is in the cpuset format.

2013-01-24  Peter Krempa  <pkrempa@redhat.com>

	schema: Make the cpuset type reusable across schema files

2013-01-23  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Enhance memballoon handling for virtio-s390
	The way in that memory balloon suppression was handled for S390
	is flawed for a number or reasons.
	1. Just preventing the default balloon to be created in the case
	   of VIR_ARCH_S390[X] is not sufficient. An explicit memballoon
	   element in the guest definition will still be honored, resulting
	   both in a -balloon option and the allocation of a PCI bus address,
	   neither being supported.
	2. Prohibiting balloon for S390 altogether at a domain_conf level
	   is no good solution either as there's work in progress on the QEMU
	   side to implement a virtio-balloon device, although in
	   conjunction with a new machine type. Suppressing the balloon
	   should therefore be done at the QEMU driver level depending
	   on the present capabilities.

	Therefore we remove the conditional suppression of the default
	balloon in domain_conf.c.
	Further, we are claiming the memballoon device for virtio-s390
	during device address assignment to prevent it from being considered
	as a PCI device.
	Finally, we suppress the generation of the balloon command line option
	if this is a virtio-s390 machine.

2013-01-23  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Re-add driver unlock to qemuDomainSendKey
	Should have been done in commit 56fd513 already, but was missed
	due to oversight: qemuDomainSendKey didn't release the driver lock
	in its cleanup section. This fixes an issue introduced by commit
	8c5d2ba.

2013-01-23  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix usage of virBitmapParse
	virNetworkObjUpdateParseFile used ',' as the termination character for
	virBitmapParse. This would break if an non-contiguous range would be
	parsed.

	util: Fix docs for virBitmapParse
	This patch changes the name of the @sep argument to @terminator and
	clarifies it's usage. This patch also explicitly documents that
	whitespace can't be used as @terminator as it is skipped multiple times
	in the implementation.

2013-01-23  Osier Yang  <jyang@redhat.com>

	rng: Have colorful *.rng with editor
	Just add the head line to let the editor know it's XML document.

2013-01-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Ignore expected EOFs
	https://bugzilla.redhat.com/show_bug.cgi?id=892079

	One of my previous patches (f2a4e5f176c408) tried to fix crashing
	libvirtd on domain detroy. However, we need to copy pattern from
	qemuProcessHandleMonitorEOF() instead of decrementing reference
	counter. The rationale for this is, if qemu process is dying due
	to domain being destroyed, we obtain EOF on both the monitor and
	agent sockets. However, if the exit is expected, qemuProcessStop
	is called, which cleans both agent and monitor sockets up. We
	want qemuAgentClose() to be called iff the EOF is not expected,
	so we don't leak an FD and memory. Moreover, there could be race
	with qemuProcessHandleMonitorEOF() which could have already
	closed the agent socket, in which case we don't want to do
	anything.

2013-01-23  John Ferlan  <jferlan@redhat.com>

	virbitmaptest: Resolve Coverity errors
	test1: Need to check for bitmap before using as well as free it properly
	test2: need to check for bitsString2 before using it.

	rpc: Revert Coverity tag message
	Turns out the fix for VIR_FREE made this particular Coverity tag
	unnecessary, so I'm removing it.

	lxc_process: Avoid passing NULL iface->iname
	A followon to commit id: 68dceb635 - if iface->iname is NULL, then
	neither virNetDevOpenvswitchRemovePort() nor virNetDevVethDelete()
	should be called.  Found by Coverity.

	lxc_driver: Need to check for vm before calling virDomainUnlock(vm)

	tests: Remove VIR_FREE() on static/stack buffer (der.data)

	nodeinfo: Use sa_assert() instead of Coverity error tag

2013-01-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix nwfilter driver reload/shutdown handling when unprivileged
	Although the nwfilter driver skips startup when running in a
	session libvirtd, it did not skip reload or shutdown. This
	caused errors to be reported when sending SIGHUP to libvirtd,
	and caused an abort() in libdbus on shutdown due to trying
	to remove a dbus filter that was never added

2013-01-22  Eric Blake  <eblake@redhat.com>

	build: allow virObject to have no parent
	When building with static analysis enabled, we turn on attribute
	nonnull checking.  However, this caused the build to fail with:

	../../src/util/virobject.c: In function 'virObjectOnceInit':
	../../src/util/virobject.c:55:40: error: null argument where non-null required (argument 1) [-Werror=nonnull]

	Creation of the virObject class is the one instance where the
	parent class is allowed to be NULL.  Making things conditional
	will let us keep static analysis checking for all other .c file
	callers, without breaking the build on this one exception.

	* src/util/virobject.c: Define witness.
	* src/util/virobject.h (virClassNew): Use it to force most callers
	to pass non-null parameter.

2013-01-22  Alon Levy  <alevy@redhat.com>

	qemu: Support ram bar size for qxl devices
	Adds a "ram" attribute globally to the video.model element, that changes
	the resulting qemu command line only if video.type == "qxl".

	<video>
	  <model type='qxl' ram='65536' vram='65536' heads='1'/>
	</video>

	That attribute gets a default value of 64*1024. The schema is unchanged
	for other video element types.

	The resulting qemu command line change is the addition of

	-global qxl-vga.ram_size=<ram>*1024

	or

	-global qxl.ram_size=<ram>*1024

	For the main and secondary qxl devices respectively.

	The default for the qxl ram bar is 64*1024 kilobytes (the same as the
	default qxl vram bar size).

2013-01-22  John Ferlan  <jferlan@redhat.com>

	viralloc: Adjust definition of VIR_FREE() for Coverity
	The Coverity static analyzer was generating many false positives for the
	unary operation inside the VIR_FREE() definition as it was trying to evaluate
	the else portion of the "?:" even though the if portion was (1).

2013-01-22  Peter Krempa  <pkrempa@redhat.com>

	conf: Improve error messages if parsing of vCPU count fails

	conf: Check if number of vCPUs fits in the storage variable
	The count of vCPUs for a domain is extracted as a usingned long variable
	but is stored in a unsigned short. If the actual number was too large,
	a faulty number was stored.

2013-01-22  Peter Krempa  <pkrempa@redhat.com>

	virsh-domain: Refactor error paths for cmdCPUStats
	This patch fixes the following issues in the cpu-stats virsh command:

	1) Renames label failed_params to no_memory to match coding style
	2) Uses proper typed parameter cleanup in error paths to avoid leaks
	3) Adds a ret variable and simplifies error labels
	4) Changes error message to a slightly more descriptive one and gets rid
	   of the newline at the end:

	Before:
	$ virsh cpu-stats tr
	error: Failed to virDomainGetCPUStats()

	error: Requested operation is not valid: domain is not running

	After:
	$ tools/virsh cpu-stats tr
	error: Failed to retrieve CPU statistics for domain 'tr'
	error: Requested operation is not valid: domain is not running

2013-01-22  John Ferlan  <jferlan@redhat.com>

	tests: Need to initialize 'test' properly on error path
	In the error path, the test buffer is free'd, but due to how the free
	routine is written the 'test' buffer pointer does not return to the caller
	as NULL and then the free'd buffer address is returned to the caller.

	virkeepalive: Remove erroneous VIR_FREE(msg)
	The 'msg' free is handled via virNetMessageFree() already.

	security: Need to initialize 'sens'
	It was possible to call VIR_FREE in cleanup prior to initialization

	interface: Need to initialize 'ifaces_list'
	It was possible to call VIR_FREE in cleanup prior to initialization

	storage: Need to initialize 'zerobuf'
	It was possible to call VIR_FREE in cleanup prior to initialization.

	virsh: Need to intialize 'str'
	It was possible to call VIR_FREE in error prior to initialization.

	lxc: Need to initialize 'dst'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virfile: Need to initialize 'looppath'
	It was possible to call VIR_FREE in cleanup prior to initialization.

	commandtest: Need to initialize 'errbuf'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetdev: Need to initialize 'pciConfigAddr'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetsockettest: Need to initialize 'path'
	It was possible to call VIR_FREE in cleanup prior to initialization

	virnetserver: Need to initialize 'sigdata'
	It was possible to call VIR_FREE in error prior to initialization

	conf: Need to initialize variables before VIR_FREE
	Resolve a couple of instances where variables were not initialized
	prior to potential VIR_FREE call in cleanup path.

	uml: Avoid resource leak of event in umlInofityEvent
	If there was more than one inotify_event found in the read/while loop,
	then only the last event found would have been queued.

2013-01-22  Claudio Bley  <cbley@av-test.de>

	fix typos in comments for VIR_DOMAIN_PROCESS_SIGNAL_{PWR,SYS}

2013-01-22  John Ferlan  <jferlan@redhat.com>

	storage: Add coverity[dead_error_condition] to avoid error
	The local redefinition of PED_PARTITION_PROTECTED results in the error
	but is not a problem especially if the built code doesn't have the latest
	definitions.

	network: Add coverity[leaked_handle] to ignore error
	On error, the 'tapfd' in networkStartNetworkVirtual() is synonymous
	with 'macTapIfName' and will be closed in the appropriate error path.

	remote: Avoid coverity[leaked_storage] message.
	Upon successful return of virNetClientStreamEventAddCallback() the
	allocated cbdata field will be freed by virNetClientStreamEventRemoveCallback()
	as cbOpaque using the free function remoteStreamCallbackFree().

	qemu: Add coverity[negative_returns] tag
	This avoids "Event negative_returns: A negative constant "-1" is passed as
	an argument to a parameter that cannot be negative.".  The called function
	uses -1 to determine whether it needs to traverse all the hostdevs.

	rpc: Add coverity[dead_error_begin] tag
	Coverity misses the nuance of VIR_FREE(privkey) setting privkey = NULL when
	if (!(virFileExists(privkey))) is true and thus declares the code dead.

	xen: Add coverity[ptr_arith] and [sign_extension] tags
	The old cpu bitmap setting algorithm causes a couple of complaints which
	have been tagged.

2013-01-22  John Ferlan  <jferlan@redhat.com>

	nodeinfo: Add coverity[dead_error_begin] and [returned_null] tags
	The use of switch statements inside a bounded for loop resulted in some
	false positives regarding the "default:" label which cannot be reached
	since each of the other case statements use the possible for loop values.
	A [dead_error_begin] was added before the default label.

	Commit id ebdbe25a adjusted the algorithm and the caller guarantees that
	the 'params' will have a '_' in the name being searched. Add the [returned_null]
	tag to the two instances.

2013-01-22  John Ferlan  <jferlan@redhat.com>

	lxc: Add coverity[dead_error_begin] tag in switch stmts
	The use of switch statements inside a bounded for loop resulted in some
	false positives regarding the "default:" label which cannot be reached
	since each of the other case statements use the possible for loop values.

	xend: Address some Coverity false positives
	The various _for_i loops with both u.s.car and u.s.cdr were being reported
	as COPY_PASTE errors by Coverity.  This just quiets those messages.

	selinux: Resolve resource leak using the default disk label
	Commit id a994ef2d1 changed the mechanism to store/update the default
	security label from using disk->seclabels[0] to allocating one on the
	fly. That change allocated the label, but never saved it.  This patch
	will save the label. The new virDomainDiskDefAddSecurityLabelDef() is
	a copy of the virDomainDefAddSecurityLabelDef().

	util: Need to check child JSON allocation before use

	parallels: Need to handle virJSONValueObjectGetString error

	rpc: Remove unnecessary calls
	The code is not reachable as of commit id: bb85f229. Removed
	virKeepAliveStop() and virObjectUnref() because 'ka' cannot be
	anything but NULL at the cleanup label.

	security: Use virStrcpy to move the label

2013-01-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Forbid snapshot names starting with '.'
	Forbid the names to match the loading procedure of snapshots.

2013-01-21  Michal Privoznik  <mprivozn@redhat.com>

	safe{read,write}: Document usage with nonblocking FD
	Currently, whenever somebody calls saferead() on nonblocking FD
	(safewrite() is totally interchangeable for purpose of this message)
	he might get wrong return value. For instance, in the first iteration
	some data is read. The number of bytes read is stored into local
	variable 'nread'. However, in next iterations we can get -1 from
	read() with errno == EAGAIN, in which case the -1 is returned despite
	fact some data has already been read. So the caller gets confused.
	Bare read() should be used for nonblocking FD.

2013-01-21  Jiri Denemark  <jdenemar@redhat.com>

	docs: Generate documentation for virTypedParams* APIs

	docs: event.c source file was renamed as virevent.c

2013-01-21  Eric Blake  <eblake@redhat.com>

	spec: indent %if to make it easier to see conditions
	Nested conditionals are hard to read if they are not indented.
	We can't add arbitrary whitespace to everything in spec files,
	but we CAN add spaces before %if and %define.  Use this trick,
	plus a fancy sed script that rewrites a spec file into a C
	file, so we can use cppi to keep our spec file nice.

	For reference, the sed script converts code like:

	|# RHEL-5 builds are client-only for s390, ppc
	|%if 0%{?rhel} == 5
	|    %ifnarch %{ix86} x86_64 ia64
	|        %define client_only        1
	|    %endif
	|%endif

	into the following for cppi:

	|// # RHEL-5 builds are client-only for s390, ppc
	|#if a // 0%{?rhel} == 5
	|# if a // %{ix86} x86_64 ia64
	|#  define client_only        1
	|# endif
	|#endif

	and errors from 'make syntax-check' look like:
	spec_indentation
	cppi: mingw-libvirt.spec.in: line 130: not properly indented
	maint.mk: incorrect preprocessor indentation

	* libvirt.spec.in: Add some indentation to make it easier to follow
	various conditionals.
	* mingw-libvirt-spec.in: Likewise.
	* cfg.mk (sc_spec_indentation): New syntax check to enforce it.

2013-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Reject attempts to create snapshots with names containig '/'
	The snapshot name is used to create path to the definition save file.
	When the name contains slashes the creation of the file fails. Reject
	such names.

2013-01-21  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't return success if creation of snapshot save file fails
	When the snapshot definition can't be saved, the
	qemuDomainSnapshotCreate function succeeded without filling some of the
	fields in the internal definition.

	This patch removes the snapshot and returns failure if the XML file
	cannot be written.

2013-01-18  Michal Privoznik  <mprivozn@redhat.com>

	Log flags passed to qemuMigrationPrepare{Tunnel,Direct} APIs
	We are already logging other arguments passed, however, @flags
	were missing there.

2013-01-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix RPM build errors related to libvirt-lxc API
	Added missing entries to makefile and spec.

2013-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition when destroying guests
	When running virDomainDestroy, we need to make sure that no other
	background thread cleans up the domain while we're doing our work.
	This can happen if we release the domain object while in the
	middle of work, because the monitor might detect EOF in this window.
	For this reason we have a 'beingDestroyed' flag to stop the monitor
	from doing its normal cleanup. Unfortunately this flag was only
	being used to protect qemuDomainBeginJob, and not qemuProcessKill

	This left open a race condition where either libvirtd could crash,
	or alternatively report bogus error messages about the domain already
	having been destroyed to the caller

2013-01-18  Claudio Bley  <cbley@av-test.de>

	docs: Add some style and color to the HTML documentation

2013-01-18  Claudio Bley  <cbley@av-test.de>

	docs: don't use <i> and <tt> HTML tags
	Use of <tt> is discouraged in HTML 4.x and has finally been obsoleted
	in HTML 5. Likewise for the <i> tag.

	Using tables for layout is (widely) considered bad style, too.

	Use defintion lists, definition term and defintion description
	elements instead.

2013-01-18  Claudio Bley  <cbley@av-test.de>

	docs: Assign classes to documentation elements
	In CSS the following class names are available:

	* keyword     (keywords like "typedef", "struct")
	* type        (types like "int", "void*")
	* comment     (comments after members of enums or structs)
	* directive   (preprocessor directives, #define)
	* undisclosed (text saying that the API is not public)

	Additionally, kill all of the left-over "programlisting" class
	assignments. There are no CSS rules for them.

2013-01-18  Jiri Denemark  <jdenemar@redhat.com>

	Introduce virTypedParamsClear public API
	The function is just a renamed public version of former
	virTypedParameterArrayClear.

	virsh: Use virTypedParams* APIs in cpu-stats

	virsh: Use virTypedParams* APIs in node-memory-tune

	virsh: Use virTypedParams* APIs in numatune

	virsh: Use virTypedParams* APIs in memtune

	virsh: Use virTypedParams* APIs in domblkstat

	virsh: Use virTypedParams* APIs in schedinfo

	virsh: Use virTypedParams* APIs in domiftune

	virsh: Use virTypedParams* APIs in blkiotune

	virsh: Use virTypedParams* APIs in blkdeviotune

	Add virTypedParams* APIs
	Working with virTypedParameters in clients written in C is ugly and
	requires all clients to duplicate the same code. This set of APIs makes
	this code for manipulating with virTypedParameters integral part of
	libvirt so that all clients may benefit from it.

2013-01-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Simplify condition with already extracted flag

2013-01-18  Atsushi Kumagai  <kumagai-atsushi@mxc.nes.nec.co.jp>

	storage: Fix lvcreate parameter for backingStore.
	When virStorageBackendLogicalCreateVol() creates a snapshot for a
	logical volume with backingStore element, it fails with the message
	below:

	  2013-01-17 03:10:18.869+0000: 1967: error : virCommandWait:2345 :
	  internal error Child process (/sbin/lvcreate --name lvm-snapshot -L 51200K
	  -s=/dev/lvm-pool/lvm-volume) unexpected exit status 3: /sbin/lvcreate:
	  invalid option -- '='  Error during parsing of command line.

	This is because virCommandAddArgPair() uses '=' to connect the two
	parameters, it's unsuitable for -s option of the lvcreate.

2013-01-18  Eric Blake  <eblake@redhat.com>

	build: fix build on BSD
	A build on FreeBSD failed with:
	util/virportallocator.c:108: error: storage size of 'addr' isn't known
	util/virportallocator.c:123: error: 'INADDR_ANY' undeclared (first use in this function)

	It turns out that while POSIX allows sockaddr_in to leak in through
	<arpa/inet.h> (the way Linux does it), it is not mandatory, and
	conforming applications are required to get it through <netinet/in.h>.

	* src/util/virportallocator.c: Include header for struct
	sockaddr_in.
	* tests/virportallocatortest.c: Likewise.

2013-01-17  John Ferlan  <jferlan@redhat.com>

	network: Remove dead code getting, but not using ipdef
	The fetch of 'ipdef' in networkRefreshDhcpDaemon() when the loop to fill
	in ipv4def fails to find an ipv4 address with dhcp defined. The filled in
	ipdef value was not used.  Code was made unnecessary with commit it 2d5cd1.

	virobject: Remove the bogus ! from call to virObjectInitialize()

	esx: No need to check for objectSpec
	Coverity complains that the objectSpec != NULL check was unnecessary because
	there was no way to get to the label with objectSpec = NULL.

	qemu: Check valid activeDev before calling pciDeviceSetUsedBy

2013-01-17  Daniel P. Berrange  <berrange@redhat.com>

	Followup fix for integer wraparound in port allocator
	Change iterator variable datatype to int

2013-01-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Double mutex unlock in qemuDomainModifyDeviceFlags
	The driver mutex was unlocked in qemuDomainModifyDeviceFlags before
	entering qemuDomainObjBeginJobWithDriver where it will be unlocked once
	more leaving it in an undefined state. The result was that two
	threads were simultaneously looking up the domain hash table during
	multiple parallel device attach/detach operations.
	Luckily this triggered a virHashIterationError.

2013-01-17  Reinier Schoof  <reinier@transip.nl>

	fixed xt_physdev warning when defining ip(6)tables rules
	When starting a VM, /var/log/messages was spammed with the following message:
	 xt_physdev: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore.

	With each extra VM I start, the messages get amplified
	exponentially. This results in longer starting times every new VM,
	relative the the previously started VM. When I ran a test with
	starting 100 equal VM's, the first VM started in about 2 seconds, the
	100th VM took 48 seconds to start. I'm running a vanilla 3.7.1 kernel,
	but I have the same issue on VM hosts with kernel 3.2.28 or 3.2.0,
	running libvirt 0.9.12 and 0.9.8 respectively.

	Looking into the warning, it seemed that iptables need an extra argument,
	--physdev-is-bridged, in commands like:
	 iptables -A libvirt-out -m physdev --physdev-is-bridged --physdev-out vnet99 -g FP-vnet99

	With that, the warnings in /var/log/messages are gone and running the
	test again proved the 100th VM started in 3.8 seconds.

2013-01-17  Laine Stump  <laine@laine.org>

	conf: don't fail to parse <boot> when parsing a single device
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=895294

	The symptom was that attempts to modify a network device using
	virDomainUpdateDeviceFlags() would fail if the original device had a
	<boot> element (e.g. "<boot order='1'/>"), even if the updated device
	had the same <boot> element. Instead, the following error would be logged:

	  cannot modify network device boot index setting

	It's true that it's not possible to change boot order (internally
	known as bootIndex) of a live device; qemuDomainChangeNet checks for
	that, but the problem was that the information it was checking was
	incorrect.

	Explanation:

	When a complete domain is parsed, a global (to the domain) "bootMap"
	is passed down to the parse for each device; the bootMap is used to
	make sure that devices don't have conflicting settings for their boot
	orders.

	When a single device is parsed by itself (as in the case of
	virDomainUpdateDeviceFlags), there is no global bootMap that would be
	appropriate to send, so NULL is sent instead. However, although the
	lowest level function that parses just the boot order *does* simply
	skip the sanity check in that case, the next higher level
	"virDomainDeviceInfoParseXML" function refuses to call down to the
	lower "virDomainDeviceBootParseXML" if bootMap is NULL. So, the boot
	order is never set in the "new" device object, and when it is compared
	to the original (which does have a boot order), they don't match.

	The fix is to patch virDomainDeviceInfoParseXML to not care about
	bootMap, and just always call virDomainDeviceInfoBootParseXML whenever
	there is a <boot> element. When we are only parsing a single device,
	we don't care whether or not any specified boot order is consistent
	with the rest of the domain; we will always do this check later (in
	the current case, we do it by verifying that the net bootIndex exactly
	matches the old bootIndex).

2013-01-17  Laine Stump  <laine@laine.org>

	network: use bandwidth from portgroup when appropriate
	The bandwidth plug and unplug functions were assuming that an
	interface's bandwidth setting was always specified directly in the
	domain's <interface> definition, but that's not necessarily true - it
	could have been obtained from a <portgroup> definition in the network
	definition. This patch fixes those functions to use
	virDomainNetGetActualBandwidth(), which gets the bandwidth pointer
	from iface->data.network.actual if it exists, otherwise returns
	iface->bandwidth.

2013-01-17  John Ferlan  <jferlan@redhat.com>

	network: Resolve some issues around vlan copying
	Remove extraneous check for 'netdef' when dereferencing for vlan.nTags.
	Prior code would already check if netdef was NULL.

	Coverity complained about a path where the 'vlan' was potentially valid,
	but a prior checks may not have allocated 'iface->data.network.actual',
	so like other paths it needs to be allocated on the fly.

	Move the copying of vlan up earlier in networkAllocateActualDevice, so
	that actual.type gets properly set.

	Since the first assignment to vlan is redundant except in the case of
	jumping immediately to validate from the start of the function,
	eliminate its initial setting at the top of the function in favor of
	calling the helper function virDomainNetGetActualVlan() (which doesn't
	depend on the local vlan pointer being initialized) down at validate:

2013-01-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix inheritance of virNetClient
	When creating the virClass object for virNetClient, we specified
	virObject as the parent instead of virObjectLockable

2013-01-17  Peter Krempa  <pkrempa@redhat.com>

	lock_daemon: Simplify error handling
	No need to check the run_dir variable twice for NULL.

2013-01-17  Daniel P. Berrange  <berrange@redhat.com>

	Avoid integer wrap on remotePortMax in QEMU driver
	The QEMU driver default max port is 65535, but it then increments
	this by 1 to 65536. This maps to 0 in an unsigned short :-( This
	was apparently done so that for() loops could use "< max" instead
	of "<= max". Remove this insanity and just make the loop do the
	right thing.

2013-01-17  Michal Privoznik  <mprivozn@redhat.com>

	virsh-volume.c: Switch to C99 initialization of vshCmdOptDef

	virsh-snapshot.c: Switch to C99 initialization of vshCmdOptDef

	virsh-secret.c: Switch to C99 initialization of vshCmdOptDef

	virsh-pool.c: Switch to C99 initialization of vshCmdOptDef

	virsh-nwfilter.c: Switch to C99 initialization of vshCmdOptDef

	virsh-nodedev.c: Switch to C99 initialization of vshCmdOptDef

	virsh-network.c: Switch to C99 initialization of vshCmdOptDef

	virsh-interface.c: Switch to C99 initialization of vshCmdOptDef

	virsh-host.c: Switch to C99 initialization of vshCmdOptDef

	virsh-domain-monitor.c: Switch to C99 initialization of vshCmdOptDef

	virsh-domain.c: Switch to C99 initialization of vshCmdOptDef

	virsh.c: Switch to C99 initialization of vshCmdOptDef

2013-01-17  Claudio Bley  <cbley@av-test.de>

	libvirt.c: fix typo in comment

2013-01-17  Claudio Bley  <cbley@av-test.de>

	Move comments after enum members
	The api builder always associates comments to the last member it read,
	not to the current member even if there was a comment for the previous
	member and a comma was already seen.

	This has the effect that the comment for the previous member gets
	overwritten and the current member has no comment at all.

2013-01-17  Jiri Denemark  <jdenemar@redhat.com>

	python: Avoid freeing uninitialized new_params pointer

2013-01-17  Hu Tao  <hutao@cn.fujitsu.com>

	include virterror_internal.h in threads.h
	required by VIR_ONCE_GLOBAL_INIT using virSetError.

	include util.h in cgroup.h
	required by VIR_ENUM_DECL.

	call virstateCleanup to do the cleanup before libvirtd exits

2013-01-16  Guido Günther  <agx@sigxcpu.org>

	Fix typo in variable name
	that broke the build like:

	  CC     libvirt_conf_la-domain_conf.lo
	  conf/domain_conf.c: In function 'virDomainVcpuPinAdd':
	  conf/domain_conf.c:11920:29: error: 'vpcupin' undeclared (first use in this function)
	  conf/domain_conf.c:11920:29: note: each undeclared identifier is reported only once for each function it appears in
	  make[3]: *** [libvirt_conf_la-domain_conf.lo] Error 1

2013-01-16  Jim Fehlig  <jfehlig@suse.com>

	libxl: Fix cleanup on domain start error
	If building the libxl domain config fails, cleanup before returning
	failure.

	libxl: Check for libxl_ctx_alloc failure

	libxl: Don't free domain death event
	Callers should not free death events provided by libxl_evdisable_FOO().

	libxl: Use consistent parameter naming scheme
	Use consistent parameter names throughout the libxl timeout and fd
	event functions.

	libxl: Use consistent style for function definitions
	Commit dfa1e1dd added functions whose definitions do not conform
	to the style used in the libxl driver.  Change these functions to
	be consistent throughout the driver.

2013-01-16  John Ferlan  <jferlan@redhat.com>

	locking: Resolve resource leaks on non error path
	Both 'dir' and 'path' were not free'd on successful return

2013-01-16  Ján Tomko  <jtomko@redhat.com>

	conf: fix leak in virDomainVcpuPinAdd
	Fix the leak of vcpupin on failure to allocate cpumask and the leak of
	cpumask if we fail to expand vcpupin_list.

	conf: fix class_id bitmap leak in virNetworkObj
	Commit '07d1b6b' added class_id bitmap to virNetworkObj but never freed
	it.

2013-01-16  Ján Tomko  <jtomko@redhat.com>

	qemu: fix QEMU_CAPS_NO_ACPI detection
	In commit c4bbaaf8, caps->arch was checked uninitialized, rendering the
	whole check useless.

	This patch moves the conditional setting of QEMU_CAPS_NO_ACPI to
	qemuCapsInitQMP, and removes the no longer needed exception for S390.

	It also clears the flag for all non-x86 archs instead of just S390 in
	qemuCapsInitHelp.

2013-01-16  Daniel P. Berrange  <berrange@redhat.com>

	Convert libxl driver over to use virPortAllocator APIs
	Replace the current libxl driver code for managing port
	reservations with the new virPortAllocator APIs.

	Convert QEMU driver over to use virPortAllocator APIs
	Replace the current QEMU driver code for managing port
	reservations with the new virPortAllocator APIs.

	Add a port allocator class
	Introduce a virPortAllocator for managing TCP port allocations.

	Convert all rpc classes over to virObjectLockable

	Convert virDomainObj, qemuAgent, qemuMonitor, lxcMonitor to virObjectLockable
	The  virDomainObj, qemuAgent, qemuMonitor, lxcMonitor classes
	all require a mutex, so can be switched to use virObjectLockable

2013-01-16  John Ferlan  <jferlan@redhat.com>

	util: Check for negative indent in virBufferAdd
	Since virBufferGetIndent() will check and fail on buf->error, I
	removed that check from virBufferAdd() and used the -1 return as the
	way to exit.

	tools: Check return status on virBufferTrim()

	rpc: Check and message setsockopt()
	Check status when attempting to set SO_REUSEADDR flag on outgoing connection
	On failure, VIR_WARN(), but continue to connect. This code path is on the
	sender side where the setting is just a hint and would only take effect if
	the sender is overflowed with TCP connections.  Inability to set doesn't mean
	failure to establish a connection.

2013-01-15  John Ferlan  <jferlan@redhat.com>

	parallels: Remove unused JSON fetch of "OS"
	Commit id ac1c77f0 removed the "os" field in "parallelsDomObj" that
	commit id aa296e6c had added and the data is not used by the function.

	virsh: Remove unused setting of 'br_node' and 'if_node'

	util: Remove the unused setting of 'res' for virHashLookup return

2013-01-15  John Ferlan  <jferlan@redhat.com>

	locking: Remove unnecessary setting of lockspace
	In virLockSpaceProtocolDispatchNew() the returned value of lockspace from
	virLockDaemonFindLockSpace() is overwritten by the virLockSpaceNew() return.
	Coverity complains that it's unused.

	In virLockSpaceProtocolDispatchCreateLockSpace() lockspace is also overwritten
	in a similar manner resulting in the same Coverity message.

2013-01-15  John Ferlan  <jferlan@redhat.com>

	openvz: Need to check 'vm' first before dereferencing 'def'

	interface: Need to check ifacedef->mac not just ifacedef after strdup()

2013-01-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update count of vCPUs if hot-unplug has failed
	After live change of cpu counts, the number of processor threads is
	verified. This patch makes use of this approach to check if qemu ignored
	the request for cpu hot-unplug and report an appropriate message.

2013-01-15  John Ferlan  <jferlan@redhat.com>

	xen: Ignore return status for TCP_NODELAY

2013-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add a virObjectLockable class holding a mutex
	A great many virObject instances require a mutex, so introduce
	a convenient class for this which provides a mutex. This avoids
	repeating the tedious init/destroy code

	Allow for multi-level inheritance of virObject classes
	Currently all classes must directly inherit from virObject.
	This allows for arbitrarily deep hierarchy. There's not much
	to this aside from chaining up the 'dispose' handlers from
	each class & providing APIs to check types.

2013-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add 'lxc-enter-namespace' command to virsh
	Add a 'lxc-enter-namespace' command which accepts a domain name
	and then a command + args to run, attached to the container

	eg

	  virsh -c lxc:/// lxc-enter-namespace demo -- /bin/ps -auxf

2013-01-15  Gao feng  <gaofeng@cn.fujitsu.com>

	libvirt: lxc: don't mkdir when selinux is disabled
	libvirt lxc will fail to start when selinux is disabled.
	error: Failed to start domain noroot
	error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=b9873916-3516-c199-8112-1592ff694a9e LIBVIRT_LXC_UUID=b9873916-3516-c199-8112-1592ff694a9e LIBVIRT_LXC_NAME=noroot /bin/sh
	2013-01-09 11:04:05.384+0000: 1: info : libvirt version: 1.0.1
	2013-01-09 11:04:05.384+0000: 1: error : lxcContainerMountBasicFS:546 : Failed to mkdir /sys/fs/selinux: No such file or directory
	2013-01-09 11:04:05.384+0000: 7536: info : libvirt version: 1.0.1
	2013-01-09 11:04:05.384+0000: 7536: error : virLXCControllerRun:1466 : error receiving signal from container: Input/output error
	2013-01-09 11:04:05.404+0000: 7536: error : virCommandWait:2287 : internal error Child process (ip link del veth1) unexpected exit status 1: Cannot find device "veth1"

	fix this problem by checking if selinuxfs is mounted
	in host before we try to create dir /sys/fs/selinux.

2013-01-15  Eric Blake  <eblake@redhat.com>

	build: add new file, for lxc_protocol checking
	Commit 509eb51 added lxc_protocol.x; but without the initial
	checkin of src/lxc_protocol-structs, 'make check' would fail for
	anyone with pdwtags installed:
	make[3]: *** No rule to make target `lxc_protocol-structs', needed by `check-protocol'.  Stop.

	* src/lxc_protocol-structs: New file.

2013-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add implementation of virDomainLxcOpenNamespace to LXC driver
	The virDomainLxcOpenNamespace method needs to open every file
	in /proc/$INITPID/ns and return the open file descriptor to the
	client application.

	Implement the RPC protocol for the libvirt-lxc.la library
	Add the infrastructure for the libvirt-lxc.la library to
	the remote protocol client and daemon

2013-01-15  John Ferlan  <jferlan@redhat.com>

	xen: Resolve resource leak with 'cpuset'
	Make cpuset local to the while loop and free it once done with it each
	time through the loop.  Add a sa_assert() to virBitmapParse() to keep Coverity
	from believing there could be a negative return and possible resource leak.

	interface: Resolve resource leak wth 'tmp_iface_objs'

	storage: Resource resource leak using 'tmp_vols'

	test: Resource resource leak with 'tmp_vols'

	rpc: Avoid resource leak of 'socks' if any object append fails

	util: Resolve resource leak for 'res' in virSetInherit error path.

2013-01-15  Michal Privoznik  <mprivozn@redhat.com>

	.gitignore: Sort alphabetically

2013-01-15  John Ferlan  <jferlan@redhat.com>

	interface: Need to initialize 'add_to_list'

	lxc: Initialize dst due to potential cleanup usage before setting

	openvz: Need to initialize 'ret' for kb_per_pages error path

	parallels: Resolve issues with uninitialized 'ret' value
	Added some messaging to indicate possible failure from virXPathULongLong()
	as well

	storage: Need to also VIR_FREE(reg)
	Commit-id 'afc4631b' added the regfree(reg) to free resources alloc'd
	during regcomp; however, reg still needed to be VIR_FREE()'d. The call
	to regfree() also didn't account for possible NULL value.  Reformatted
	the call to be closer to usage.

2013-01-15  Eric Blake  <eblake@redhat.com>

	build: further fixes for broken if_bridge.h
	Commit c308a9ae was incomplete; it resolved the configure failure,
	but not a later build failure.

	* src/util/virnetdevbridge.c: Include pre-req header.
	* configure.ac (AC_CHECK_HEADERS): Prefer standard in.h over
	non-standard ip6.h.

2013-01-15  Eric Blake  <eblake@redhat.com>

	docs: remove extra "
	* tools/virsh.pod: Fix typo.

2013-01-14  John Ferlan  <jferlan@redhat.com>

	securityselinuxhelper.c: Don't try to include xattr.h if not available
	Commit 907a39e7 missed adding the WITH_ATTR around #include <attr/xattr.h>
	resulting in a build failure:

	  CC     libsecurityselinuxhelper_la-securityselinuxhelper.lo
	  securityselinuxhelper.c:27:24: fatal error: attr/xattr.h: No such file or directory
	  compilation terminated.
	  make[2]: *** [libsecurityselinuxhelper_la-securityselinuxhelper.lo] Error 1
	  make[2]: Leaving directory `/home/jferlan/libvirt.work/tests'
	  make[1]: *** [all-recursive] Error 1
	  make[1]: Leaving directory `/home/jferlan/libvirt.work'
	  make: *** [all] Error 2

2013-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Add missing stubs to securityselinuxhelper.c
	Make sure we override both the raw and non-raw stubs in
	securityselinuxhelper.c. Also add diagnostics if
	securityselinuxlabeltest fails a test item

	Fix typo LIBCURL_{CFLAGS,LIBS} to CURL_{CFLAGS,LIBS}
	Some places missed the conversion from LIBCURL_{CFLAGS,LIBS} to
	CURL_{CFLAGS,LIBS}, and a part of curl check was left in
	configure.ac instead of m4/virt-curl.m4 by mistake

2013-01-14  Eric Blake  <eblake@redhat.com>

	build: work around broken kernel header
	I got this scary warning during ./configure on rawhide:

	checking linux/if_bridge.h usability... no
	checking linux/if_bridge.h presence... yes
	configure: WARNING: linux/if_bridge.h: present but cannot be compiled
	configure: WARNING: linux/if_bridge.h:     check for missing prerequisite headers?
	configure: WARNING: linux/if_bridge.h: see the Autoconf documentation
	configure: WARNING: linux/if_bridge.h:     section "Present But Cannot Be Compiled"
	configure: WARNING: linux/if_bridge.h: proceeding with the compiler's result
	configure: WARNING:     ## ------------------------------------- ##
	configure: WARNING:     ## Report this to libvir-list@redhat.com ##
	configure: WARNING:     ## ------------------------------------- ##
	checking for linux/if_bridge.h... no

	* configure.ac (AC_CHECK_HEADERS): Provide struct in6_addr, since
	linux/if_bridge.h uses it without declaring it.

2013-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix build due to previous LXC patch
	Mark virDomainLxcEnterNamespace as skipped in python binding
	and remove reference to lxcDomainOpenNamespace which doesn't
	arrive until a later patch

2013-01-14  Eric Blake  <eblake@redhat.com>

	maint: typo fix
	I noticed this typo while configuring on a freshly-installed machine.

	* m4/virt-udev.m4: Correct pciaccess name.

2013-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Introduce an LXC specific public API & library
	This patch introduces support for LXC specific public APIs. In
	common with what was done for QEMU, this creates a libvirt_lxc.so
	library and libvirt/libvirt-lxc.h header file.

	The actual APIs are

	  int virDomainLxcOpenNamespace(virDomainPtr domain,
	                                int **fdlist,
	                                unsigned int flags);

	  int virDomainLxcEnterNamespace(virDomainPtr domain,
	                                 unsigned int nfdlist,
	                                 int *fdlist,
	                                 unsigned int *noldfdlist,
	                                 int **oldfdlist,
	                                 unsigned int flags);

	which provide a way to use the setns() system call to move the
	calling process into the container's namespace. It is not
	practical to write in a generically applicable manner. The
	nearest that we could get to such an API would be an API which
	allows to pass a command + argv to be executed inside a
	container. Even if we had such a generic API, this LXC specific
	API is still useful, because it allows the caller to maintain
	the current process context, in particular any I/O streams they
	have open.

	NB the virDomainLxcEnterNamespace() API is special in that it
	runs client side, so does not involve the internal driver API.

2013-01-14  Daniel P. Berrange  <berrange@redhat.com>

	Add a test suite for validating SELinux labelling
	There are many aspects of the guest XML which result in the
	SELinux driver applying file labelling. With the increasing
	configuration options it is desirable to test this behaviour.
	It is not possible to assume that the test suite has the
	ability to set SELinux labels. Most filesystems though will
	support extended attributes. Thus for the purpose of testing,
	it is possible to extend the existing LD_PRELOAD hack to
	override setfilecon() and getfilecon() to simply use the
	'user.libvirt.selinux' attribute for the sake of testing.

	Rename HAVE_POLKIT to WITH_POLKIT

	Remove unused XMLRPC_REQUIRED var

	Convert openwsman check to use LIBVIRT_CHECK_PKG

	Convert ssh2 check to use LIBVIRT_CHECK_PKG
	This converts the libssh2 configure check to use LIBVIRT_CHECK_PKG.
	Previously it would check version 1.0 and 1.3, but this simplifies
	things to just require version 1.3

	Rename HAVE_LIBSSH2 to WITH_SSH2

	Convert curl check over to use LIBVIRT_CHECK_PKG

	Rename HAVE_LIBCURL to WITH_CURL

	Convert fuse check over to use LIBVIRT_CHECK_PKG

	Rename HAVE_FUSE to WITH_FUSE

	Rename HAVE_GNUTLS to WITH_GNUTLS

	Convert blkid check over to use LIBVIRT_CHECK_PKG

	Convert HAVE_LIBBLKID to WITH_BLKID

	Convert HAL check to use LIBVIRT_CHECK_PKG

	Convert HAVE_HAL to WITH_HAL

	Convert udev/pciaccess checks to use LIBVIRT_CHECK_PKG

	Convert HAVE_UDEV to WITH_UDEV

	Convert avahi check to use LIBVIRT_CHECK_PKG

	Convert HAVE_AVAHI to WITH_AVAHI

	Convert DBus check to use LIBVIRT_CHECK_PKG

	Convert HAVE_DBUS to WITH_DBUS

	Convert netcf check to use LIBVIRT_CHECK_PKG

	Convert cap-ng check to use LIBVIRT_CHECK_LIB

	Convert HAVE_CAPNG to WITH_CAPNG

	Convert numactl checks to use LIBVIRT_CHECK_LIB

	Convert HAVE_NUMACTL to WITH_NUMACTL

	Convert apparmor check to use LIBVIRT_CHECK_LIB

	Convert selinux check to use LIBVIRT_CHECK_LIB

	Convert HAVE_SELINUX to WITH_SELINUX

2013-01-14  Claudio Bley  <cbley@av-test.de>

	docs: restrict the set of characters for info keys
	When parsing the top level comment of a file, apibuild.py used
	to split on any ':' character of a line regarding the first part
	as a key for a setting, e.g. "Summary". The second part would then
	be assigned as the value for that key.

	This means you could not use a ':' character inside those comments
	without ill effects.

	Now, a key must consist solely of alphanumeric characters, '_' or '.'.

2013-01-14  Claudio Bley  <cbley@av-test.de>

	docs: simplify code

2013-01-11  Eric Blake  <eblake@redhat.com>

	build: avoid m4_expand for RHEL 5
	Problem introduced in commit cd699ed.

	* m4/virt-lib.m4 (LIBVIRT_CHECK_LIB, LIBVIRT_CHECK_PKG): Set up
	direct expansions, since autoconf 2.59 lacked m4_expand.

2013-01-11  Eric Blake  <eblake@redhat.com>

	docs: mention git rename detection
	I've noticed a number of people sending patches with file
	renames not compressed, so we might as well document how to
	set this up.  (Git won't do it by default, for back-compat
	reasons)

	* docs/hacking.html.in: Add git config tip.
	* HACKING: Regenerate.

2013-01-11  Eric Blake  <eblake@redhat.com>

	docs: add some more hacking tips
	Based on a suggestion by John Ferlan:
	https://www.redhat.com/archives/libvir-list/2013-January/msg00158.html

	* docs/hacking.html.in: Add some commit message instructions.
	Mention the ./run script.
	* HACKING: Regenerate.

2013-01-11  Eric Blake  <eblake@redhat.com>

	build: fix incomplete WITH_SASL conversion
	Commit 321a7d53 missed a spot.

	* src/rpc/virnetsocket.c (virNetSocketPreExecRestart): Use right
	conditional.

2013-01-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix grouping of capabilities strings
	Commit f8d478b6dfc46a0ad2459844b96937599dec06e1 broke the grouping by
	five items.

2013-01-11  Peter Krempa  <pkrempa@redhat.com>

	network: Report real error if addition of firewall rules fails
	If addition of rules in networkAddIptablesRules() failed the real error
	was masked by error reported when trying to clean up the remaining
	rules.

	With this patch the original error message is saved and set back after
	the removal is complete.

2013-01-11  Peter Krempa  <pkrempa@redhat.com>

	virsh: Reformat output of virsh net-list
	This patch changes whitespace and the length of the separation line from
	this format:

	$ virsh net-list --all
	Name                 State      Autostart     Persistent
	--------------------------------------------------
	default              inactive   yes           yes

	to

	$ virsh net-list --all
	 Name                 State      Autostart     Persistent
	----------------------------------------------------------
	 default              inactive   yes           yes

	to match the output of virsh list.

2013-01-11  Peter Krempa  <pkrempa@redhat.com>

	network: bridge: Fix regression when defining persistent networks
	Commit 0211fd6e04cdc402da20818df54299c6ded3d3cb introduced regression
	where newly defined networks were not made persistent.

	This patch makes the network persistent on each successful definition.

2013-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Convert audit check to use LIBVIRT_CHECK_LIB

	Convert HAVE_AUDIT to WITH_AUDIT

	Convert sasl check to use LIBVIRT_CHECK_LIB_ALT

	Convert HAVE_SASL to WITH_SASL

	Convert sanlock check to use LIBVIRT_CHECK_LIB

	Convert HAVE_SANLOCK to WITH_SANLOCK

	Convert yajl check to use LIBVIRT_CHECK_LIB_ALT

	Convert HAVE_YAJL into WITH_YAJL

2013-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Add some autoconf helper macros for checking for libraries
	Most checks for libraries take the same format

	  * --with-libFOO=yes|no|check|/some/path  argument
	  * check for a function NNN in libFOO.so
	  * check for a header file DDD/HHH.h
	  * Define a WITH_FOO config.h symbol
	  * Define a WITH_FOO make conditional
	  * Substitute FOO_CFLAGS and FOO_LIBS make variables
	  * Print CFLAGS & LIBS summary at the end

	Doing all this correctly is rather difficult, typically
	done by copy+paste of a previous usage. Further small
	improvements people make are not applied to all previous
	usages.

	Improve this by creating some helper macros to apply
	good practice. First, to perform the actual checks:

	  LIBVIRT_CHECK_LIB([SELINUX], [selinux],
	     [getfilecon], [selinux/selinux.h])

	This checks for 'getfilecon' in -lselinux, and the
	existence of 'selinux/selinux.h' header file. If successful
	it sets SELINUX_CFLAGS and SELINUX_LIBS. The WITH_SELINUX
	config.h macro and WITH_SELINUX make conditional are also
	defined.

	In some cases we need to check two variants of the same
	library

	  LIBVIRT_CHECK_LIB_ALT([SASL], [sasl2],
	                        [sasl_client_init], [sasl/sasl.h],
	                        [SASL1], [sasl],
	                        [sasl_client_init], [sasl/sasl.h])

	This checks for sasl_client_init in libsasl2, and if that
	is not found, checks sasl_client_init in libsasl. If the
	first check succeeds WITH_SASL is set, while if the second
	check succeeds *both* WITH_SASL and WITH_SASL1 are set.

	If the library supports pkg-config, then another variant
	is available

	  LIBVIRT_CHECK_PKG([AVAHI], [avahi-client], [0.6.0])

	This checks for avahi-client >= 0.6.0 via pkg-config
	and sets WITH_AVAHI if found.

	Finally to print a summary of CFLAGS & LIBs found (if any):

	  LIBVIRT_RESULT_LIB([SELINUX])

2013-01-11  Yufang Zhang  <yufang521247@gmail.com>

	build: require avahi instead of avahi-libs on rhel5.
	On rhel5, libs of avahi are packaged into avahi instead of avahi-libs.
	Actually, there is no avahi-libs package shipped with rhel5. This patch
	fixes this by requiring avahi on rhel5.

2013-01-11  John Ferlan  <jferlan@redhat.com>

	storage: Resolve resource leak using 'vol' buffer

2013-01-11  John Ferlan  <jferlan@redhat.com>

	phyp: Resolve some file descriptor leaks
	The phypUUIDTable_Push and phypUUIDTable_Pull leaked their file descriptors
	on normal return.  Each function had an unnecessary use of creating a buffer
	to print conn->uri->user and needed a bit better flow control. I also noted
	that the Read function had a cut-n-paste error from the write function on a
	couple of VIR_WARN's.

	The openSSHSession leaked the sock on the failure path.  Additionally that
	turns into the internal_socket in the phypOpen code.  That was neither saved
	nor closed on any path. So I used the connnection_data->sock field to save
	the socket for eventual close. Of interest here is that phypExec used the
	connection_data->sock field even though it had never been initialized.

2013-01-10  Eric Blake  <eblake@redhat.com>

	maint: don't distribute generated .def files
	I ran 'make dist' in the directory left over from ./autobuild.sh
	(which was configured for a mingw cross build); the resulting
	tarball had more files than 'make dist' on a normal Linux build.
	I traced it to the fact that we were distributing a generated
	file, but only when configure said the end user had to generate
	the file in the first place.  In the process, I noticed that
	we had some difference in symbol file names; I added a comment
	explaining why the difference exists (after first trying to
	normalize the names and hitting VPATH build failures).

	* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): Add some comments.
	* src/Makefile.am (EXTRA_DIST): No need to ship a generated file;
	particularly since which file is built depends on configure results.

2013-01-10  Eric Blake  <eblake@redhat.com>

	spec: remove redundant %if
	The daemon-driver-{qemu,lxc} packages are only built if
	%{with_driver_modules} is specified, so they do not need to
	further test this condition.  Likewise, the daemon package
	is only built if %{with_libvirtd} is specified, so it does
	not need to further test this condition.

	* libvirt.spec.in (daemon-driver-qemu, daemon-driver-lxc):
	Unconditionally require libvirt-daemon-driver-network.
	(daemon): Unconditionally include lock-driver files.

2013-01-10  Laine Stump  <laine@laine.org>

	docs: fix typo in isa-serial additions
	This was preventing make rpm from completing.

2013-01-10  Eric Blake  <eblake@redhat.com>

	util: reduce syscalls for virGetDeviceID
	There's no need to do lots of readlink() calls to canonicalize
	a name if we're only going to use stat() on it, since stat()
	already chases symlinks.

	* src/util/virutil.c (virGetDeviceID): Let stat() do the symlink
	chasing.

2013-01-10  Chunyan Liu  <cyliu@suse.com>

	pass stub driver name instead of pciFindStubDriver
	Pass stub driver name directly to pciDettachDevice and pciReAttachDevice to fit
	for different libvirt drivers. For example, qemu driver prefers pci-stub, but
	Xen prefers pciback.

2013-01-10  Guannan Ren  <gren@redhat.com>

	qemu: add usb-net caps flag
	QEMU_CAPS_DEVICE_USB_NET /* -device usb-net */

	network: fix typos and docs

2013-01-10  Guannan Ren  <gren@redhat.com>

	qemu: add usb-serial support
	Add an optional 'type' attribute to <target> element of serial port
	device. There are two choices for its value, 'isa-serial' and
	'usb-serial'. For backward compatibility, when attribute 'type' is
	missing the 'isa-serial' will be chosen as before.

	Libvirt XML sample

	    <serial type='pty'>
	      <target type='usb-serial' port='0'/>
	      <address type='usb' bus='0' port='1'/>
	    </serial>

	qemu commandline:

	qemu ${other_vm_args}              \
	    -chardev pty,id=charserial0    \
	    -device usb-serial,chardev=charserial0,id=serial0,bus=usb.0,port=1

2013-01-10  Guannan Ren  <gren@redhat.com>

	qemu: add usb-serial caps flag
	QEMU_CAPS_DEVICE_USB_SERIAL /* -device usb-serial */

2013-01-10  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.h.in: Fix indentation
	With the most recent patch from Claudio, I realized how many
	indentation flaws we have in the libvirt.h.in file. Even though
	they are harmless, it's still worth fixing them.

2013-01-10  Claudio Bley  <cbley@av-test.de>

	Fix wrong indentation for virDomainState

2013-01-10  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Remove agent reference only when disposing it
	https://bugzilla.redhat.com/show_bug.cgi?id=892079

	With current code, if user calls virDomainPMSuspendForDuration()
	followed by virDomainDestroy(), the former API checks for qemu agent
	presence, which will evaluate as true (if agent is configured). While
	talking to qemu agent, the qemu driver is unlocked, so the latter API
	starts executing.  However, if machine dies meanwhile, libvirtd gets
	EOF on the agent socket and qemuProcessHandleAgentEOF() is called. The
	handler clears reference to qemu agent while the destroy API already
	holding a reference to it. This leads to NULL dereferencing later in
	the code. Therefore, the agent pointer should be set to NULL only if
	we are the exclusive owner of it.

2013-01-10  Yufang Zhang  <yufang521247@gmail.com>

	build: move file deleting action from %files list to %install
	When building libvirt rpms on rhel5, I got the following error:

	    File must begin with "/": rm
	    File must begin with "/": -f
	    File must begin with "/": $RPM_BUILD_ROOT/etc/sysctl.d/libvirtd
	    Installed (but unpackaged) file(s) found:
	   /etc/sysctl.d/libvirtd

	It is triggerd by the %files list of libvirt daemon:

	    %if 0%{?fedora} >= 14 || 0%{?rhel} >= 6
	    %config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf
	    %else
	    rm -f $RPM_BUILD_ROOT%{_prefix}/lib/sysctl.d/libvirtd.conf
	    %endif

	After checking document of rpm spec file, I think it would be better
	to move the file deleting line from %files list to %install script.

	Bug introduced in commit a1fd56c.

2013-01-10  Eric Blake  <eblake@redhat.com>

	maint: fix comment typo
	While OOM can have knock-on effects that trash a system, generally
	the first symptom is one of memory thrashing.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Reword slightly.

2013-01-09  Eric Blake  <eblake@redhat.com>

	maint: distribute libvirtd.service.in
	I did a build --without-libvirtd, then ran 'make dist'.  The
	resulting tarball was broken, with a complaint that make did not
	know how to create libvirtd.service.in.  I traced it to a use
	of EXTRA_DIST inside a conditional.

	* daemon/Makefile.am (EXTRA_DIST): Hoist libvirtd.service.in
	outside of WITH_LIBVIRTD conditional.

2013-01-09  Gao feng  <gaofeng@cn.fujitsu.com>

	libvirt: lxc: fix incorrect parameter of lxcContainerMountProcFuse
	when we has no host's src mapped to container.
	there is no .oldroot dir,so libvirt lxc will fail
	to start when mouting meminfo.

	in this case,the parameter srcprefix of function
	lxcContainerMountProcFuse should be NULL.and make
	this method handle NULL correctly.

2013-01-09  Andres Lagar-Cavilla  <andres@lagarcavilla.org>

	Add RESUME event listener to qemu monitor.
	Perform all the appropriate plumbing.

	When qemu/KVM VMs are paused manually through a monitor not-owned by libvirt,
	libvirt will think of them as "paused" event after they are resumed and
	effectively running. With this patch the discrepancy goes away.

	This is meant to address bug 892791.

2013-01-09  Claudio Bley  <cbley@av-test.de>

	docs: break longer text into paragraphs in HTML
	Libvirt's HTML documentation is not as easy to the eyes as it could
	be since long text has no visual breaks.

	Take advantage of the formatting in documentation comments and wrap
	each part separated by two consecutive \n into a HTML <p> element.

2013-01-09  John Ferlan  <jferlan@redhat.com>

	tests: Remove remnants of removing the fake emulator output
	Coverity determined that 'emulator' could no longer be set and determined the
	code was dead.  Looking through the history, I discovered commit-id ed769e18
	removed code originally added by commit-id 9237e955 and further modified by
	commit-id 6a7e7c4f.

	nwfilter: Remove unprivileged code path to set base
	Commit id f8ab364c removed ability to run this driver unprivileged. Coverity
	detected the check and flagged it.

	phyp: Remove deadcode referencing exit_status
	Remove remnants from commit id '89144534'

2013-01-08  Daniel P. Berrange  <berrange@redhat.com>

	Make TLS support conditional
	Add checks for existence of GNUTLS and automatically disable
	it if not found.

2013-01-08  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: libvirt-guests files misplaced in specfile
	In a non-systemd environment the post and preun scripts of libvirt-client
	fail, since the required files are in libvirt-daemon. Moved them to client.
	Doing that I noticed %{_unitdir}/libvirt-guests.service was contained in
	both libvirt-client and libvirt-daemon, which I don't think was intended.
	Removed the extra copy from daemon.

2013-01-08  John Ferlan  <jferlan@redhat.com>

	util: Check for NULL 'dev' on input to usbFreeDevice
	Added 'usbFreeDevice' to the useless_free_options list in cfg.mk

2013-01-08  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	gcc 4.1.2 on RHEL 5 warned:
	conf/network_conf.c:3136: warning: 'foundIdx' may be used uninitialized in this function

	The warning is spurious, but initializing the variable doesn't hurt.

	* src/conf/network_conf.c (virNetworkDefUpdateDNSHost): Silence
	unused variable warning.

2013-01-08  Eric Blake  <eblake@redhat.com>

	maint: avoid potential promotion issues with [ug]id_t
	POSIX does not guarantee whether uid_t and gid_t are signed or
	unsigned, nor does it guarantee whether they are smaller, same
	size, or larger than int (or even the same size as one another).
	Therefore, it is possible to have platforms where '(uid_t)-1==-1'
	is false or where 'uid = gid = -1' sets uid to the wrong value,
	thanks to integer promotion rules.  The only portable way to use
	the placeholder value of these two types is to always use a cast.
	Thankfully, the issue is mostly theoretical - sanlock only
	compiles on Linux for now, and on Linux, these types do not
	suffer from strange promotion problems.

	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace, virLockManagerSanlockInit)
	(virLockManagerSanlockCreateLease): Cast -1 to proper type before
	comparing with uid_t or gid_t.

2013-01-08  Claudio Bley  <cbley@av-test.de>

	Add Claudio Bley to the committers list

2013-01-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Relax hard RSS limit
	Currently, if there's no hard memory limit defined for a domain,
	libvirt tries to calculate one, based on domain definition and magic
	equation and set it upon the domain startup. The rationale behind was,
	if there's a memory leak or exploit in qemu, we should prevent the
	host system trashing. However, the equation was too tightening, as it
	didn't reflect what the kernel counts into the memory used by a
	process. Since many hosts do have a swap, nobody hasn't noticed
	anything, because if hard memory limit is reached, process can
	continue allocating memory on a swap. However, if there is no swap on
	the host, the process gets killed by OOM killer. In our case, the qemu
	process it is.

	To prevent this, we need to relax the hard RSS limit. Moreover, we
	should reflect more precisely the kernel way of accounting the memory
	for process. That is, even the kernel caches are counted within the
	memory used by a process (within cgroups at least). Hence the magic
	equation has to be changed:

	  limit = 1.5 * (domain memory + total video memory) + (32MB for cache
	          per each disk) + 200MB

2013-01-08  John Ferlan  <jferlan@redhat.com>

	Resolve COPY_PASTE error found by Coverity
	Fix copy-paste error doing handshake.

	The clientShake was not set to true, thus we'd potentially never leave
	the handshake while loop.

2013-01-08  Ján Tomko  <jtomko@redhat.com>

	storage: fix leak in virStorageBackendLogicalMakeVol
	Use regfree instead of VIR_FREE.

2013-01-08  Claudio Bley  <cbley@av-test.de>

	docs: remove duplicate check in index.add

2013-01-08  J.B. Joret  <jb@linux.vnet.ibm.com>

	S390: Enable SCLP Console in QEMU driver
	This is the QEMU backend code for the SCLP console support.
	It includes SCLP capability detection, QEMU command line generation
	and a test case.

2013-01-08  J.B. Joret  <jb@linux.vnet.ibm.com>

	S390: Add SCLP console front end support
	The SCLP console is the native console type for s390 and is preferred
	over the virtio console as it doesn't require special drivers and
	is more efficient. Recent versions of QEMU come with SCLP support
	which is hereby enabled.

	The new target types 'sclp' and 'sclplm' can be used to specify a
	SCLP console. Adding documentation, domain schema and XML processing
	support.

2013-01-08  Daniel P. Berrange  <berrange@redhat.com>

	Rename lxc_protocol.x to lxc_monitor_protocol.x
	To avoid confusion between the LXC driver <-> controller
	monitor RPC protocol and the libvirt-lxc.so <-> libvirtd public
	RPC protocol, rename the former to lxc_monitor_protocol.x

	Add internal APIs for dealing with namespaces
	Add some APIs for acquiring namespace file descriptors and
	switching namespaces

	Add a way to return FDs to the RPC caller
	Currently the libvirt client can pass FDs to the server, but the
	dispatch mechanism provides no way to return FDs back from the
	server to the client. Tweak the dispatch code, such that if a
	dispatcher returns '1', this indicates that it populated the
	virNetMessagePtr with FDs to return

	Fix receiving of file descriptors from server
	A number of bugs handling file descriptors received from the
	server caused the FDs to be lost and leaked.

	Move qemu-XXX commands from virsh-host.c to virsh-domain.c
	The QEMU specific APIs all operate on domains, not the host,
	so should be in the virsh-domain.c file / group

2013-01-08  Guido Günther  <agx@sigxcpu.org>

	Add missing flags to migrate documentation

2013-01-08  John Ferlan  <jferlan@redhat.com>

	cpu: Avoid NULL dereference
	Don't dereference 'model' in PowerPCBaseline when there's no outputModel

	lxc: Avoid possible NULL dereference on *root prior to opendir().
	If running on older Linux without mounted cgroups then its possible that
	*root would be NULL.

	remote: Avoid calling virAuthConfigLookup() if 'credname' is NULL.

	vmware: Avoid NULL dereference for 'caps'
	When virCapabilitiesNew() fails, caps will be NULL resulting in possible
	core when deref'd in cpuDataFree() call.

	xen: Avoid possible NULL dereference
	Change calling sequence to only call xenUnifiedDomainSetVcpusFlags() when
	'dom' is not NULL. Use the GET_PRIVATE() macro to reference privateData.
	Just return -1 if dom is NULL.

2013-01-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix virLXCPrepareHostDevices method
	The virLXCPrepareHostDevices method was returning success even
	when it reported an error, and failed to handle several host
	device types

	Ensure we always setup a private mount namespace for LXC controller
	The code for setting up a private /dev/pts for the containers
	is also responsible for making the LXC controller have a
	private mount namespace. Unfortunately the /dev/pts code is
	not run if launching a container without a custom root. This
	causes the LXC FUSE mount to leak into the host FS.

	Speed up fallback to legacy non-QMP probing
	Since we daemonized QEMU for capabilities probing there is a long
	time if QEMU fails to launch. This is because we're not passing in
	any virDomainObjPtr instance and thus the monitor code can not
	check to see if the PID is still alive.

	Only initialize capabilities after setting dir permissions
	The current code is initializing capabilities before setting
	directory permissions. Thus the QEMU binaries being run may
	not have the ability to create the UNIX monitor socket on
	the first run of libvirtd.

2013-01-07  Jim Fehlig  <jfehlig@suse.com>

	build: Add libxenctrl to LIBXL_LIBS
	Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl
	driver uses a symbol from this library.  Explicitly link with
	libxenctrl instead of relying on the build system to support
	implicit DSO linking.

2013-01-07  Eric Blake  <eblake@redhat.com>

	build: install libvirt sysctl file correctly
	https://bugzilla.redhat.com/show_bug.cgi?id=887017 reports that
	even though libvirt attempts to set fs.aio-max-nr via sysctl,
	the file was installed with the wrong name and gets ignored by
	sysctl.  Furthermore, 'man systcl.d' recommends that packages
	install into hard-coded /usr/lib/sysctl.d (even when libdir is
	/usr/lib64), so that sysadmins can use /etc/sysctl.d for overrides.

	* daemon/Makefile.am (install-sysctl, uninstall-sysctl): Use
	correct location.
	* libvirt.spec.in (network_files): Reflect this.

2013-01-07  Eric Blake  <eblake@redhat.com>

	build: .service files don't need to be executable
	See also commit 66ff2dd, where we avoided installing these files
	as executables.

	* daemon/Makefile.am (libvirtd.service): Drop chmod.
	* tools/Makefile.am (libvirt-guests.service): Likewise.
	* src/Makefile.am (virtlockd.service, virtlockd.socket):
	Likewise.

2013-01-07  Eric Blake  <eblake@redhat.com>

	build: properly substitute virtlockd.socket
	virtlockd.service could be installed to a configurable root,
	but virtlockd.socket was hardcoded to installation into a
	distro.

	* src/Makefile.am (virtlockd.service, virtlockd.socket): Drop
	unused substitutions.
	* src/locking/virtlockd.socket.in (ListenStream): Don't hard-code
	/var.

2013-01-07  Eric Blake  <eblake@redhat.com>

	build: use common .in replacement mechanism
	We had several different styles of .in conversion in our Makefiles:
	ALLCAPS, @ALLCAPS@, @lower@, ::lower::
	Canonicalize on one form, to make it easier to copy and paste
	between .in files.

	Also, we were using some non-portable sed constructs: \@ is an
	undefined escape sequence (it happens to be @ itself in GNU sed,
	but POSIX allows it to mean something else), as well as risky
	behavior (failure to consistently quote things means a space
	in $(sysconfdir) could throw things off; also, Autoconf recommends
	using | rather than , or ! in the s||| operator, because | has to
	be quoted in shell and is therefore less likely to appear in file
	names than , or !).

	Fix all of these uses to follow the same syntax.

	* daemon/libvirtd.8.in: Switch to @var@.
	* tools/virt-xml-validate.in: Likewise.
	* tools/virt-pki-validate.in: Likewise.
	* src/locking/virtlockd.init.in: Likewise.
	* daemon/Makefile.am: Prefer | over ! in sed.
	(libvirtd.8): Prefer consistent substitution.
	(libvirtd.init, libvirtd.service): Avoid non-portable sed.
	* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
	(libvirt-guests.service): Likewise.
	(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
	Prefer consistent capitalization.
	* src/Makefile.am (virtlockd.init, virtlockd.service)
	(virtlockd.socket): Prefer consistent substitution.

2013-01-07  Osier Yang  <jyang@redhat.com>

	qemu: Check if the shared disk's cdbfilter conflicts with others
	This prevents domain starting and disk attaching if the shared disk's
	setting conflicts with other active domain(s), E.g. A domain with
	"sgio" set as "filtered", however, another active domain is using
	it set as "unfiltered".

	qemu: set unpriv_sgio when starting domain and attaching disk
	This ignores the default "filtered" if unpriv_sgio is not supported
	by kernel, but for explicit request "filtered", it error out for
	domain starting.

2013-01-07  Osier Yang  <jyang@redhat.com>

	conf: Parse and format the new XML
	Like "rawio", "sgio" is only allowed for block disk of device
	type "lun".

	It doesn't default disk->sgio to "filtered" when parsing, as
	it won't be able to distinguish explicitly requested "filtered"
	and a default "filtered" in driver then. We have to error out for
	explicit request when the kernel doesn't support the new sysfs
	knob "unpriv_sgio", however, for defaulted "filtered", we can
	just ignore it if the kernel doesn't support "unpriv_sgio".

2013-01-07  Osier Yang  <jyang@redhat.com>

	docs: Add docs and rng schema for new XML tag sgio
	This introduces new XML tag "sgio" for disk, its valid values
	are "filtered" and "unfiltered", setting it as "filtered" will
	set the disk's unpriv_sgio to 0, and "unfiltered" to set it
	as 1, which allows the unprivileged SG_IO commands.

2013-01-07  Osier Yang  <jyang@redhat.com>

	qemu: Add a hash table for the shared disks
	This introduces a hash table for qemu driver, to store the shared
	disk's info as (@major:minor, @ref_count). @ref_count is the number
	of domains which shares the disk.

	Since we only care about if the disk support unprivileged SG_IO
	commands, and the SG_IO commands only make sense for block disk,
	this patch only manages (add/remove hash entry) the shared disk for
	block disk.

	* src/qemu/qemu_conf.h: (Add member 'sharedDisks' of type
	                         virHashTablePtr; Declare helpers
	                         qemuGetSharedDiskKey, qemuAddSharedDisk
	                         and qemuRemoveSharedDisk)
	* src/qemu/qemu_conf.c (Implement the 3 helpers)
	* src/qemu/qemu_process.c (Update 'sharedDisks' when domain
	                           starting and shutdown)
	* src/qemu/qemu_driver.c (Update 'sharedDisks' when attaching
	                          or detaching disk).

2013-01-07  Osier Yang  <jyang@redhat.com>

	util: Prepare helpers for unpriv_sgio setting
	"virGetDeviceID" could be used across the sources, but it doesn't
	relate with this series, and could be done later.

	* src/util/virutil.h: (Declare virGetDeviceID, and
	                       vir{Get,Set}DeviceUnprivSGIO)
	* src/util/virutil.c: (Implement virGetDeviceID and
	                       vir{Get,Set}DeviceUnprivSGIO)
	* src/libvirt_private.syms: Export private symbols of upper helpers

2013-01-05  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Allow redefinition of external snapshots
	A redefinition of an external inactive snapshot/checkpoint wasn't
	possible without this change.

2013-01-05  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Fix segfault and vanishing snapshots when redefining
	When the disk alignment check done while redefining an existing snapshot
	failed, the qemu driver attempted to free the existing snapshot. As in
	the cleanup path the definition of the snapshot wasn't assigned, the
	cleanup code dereferenced a NULL pointer.

	This patch changes the behavior on error paths while redefining snapshot
	in two ways:

	1) On failure, modifications done on the snapshot definition object are
	rolled back.

	2) The previous definition of the data isn't freed until it's certain it
	won't be needed any more.

	This change avoids the segfault and additionally the snapshot doesn't
	vanish if redefinition fails for some reason.

2013-01-05  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Separate logic blocks with newlines

	snapshot: conf: Make virDomainSnapshotIsExternal more reusable
	Allow to use definition objects with this predicate function.

2013-01-05  John Eckersberg  <jeckersb@redhat.com>

	qemu: Implement virDomainOpenChannel API

	conf: Add unix socket support to virChrdevOpen
	This also changes the function signature to take a
	virDomainChrSourceDefPtr instead of just a path, since it needs to
	differentiate behavior based on source->type.

	conf: Rename console-specific identifiers to be more generic
	The functionality provided in virchrdev.c (previously virconsole.c) is
	applicable to other types of character devices besides consoles, such
	as channels.  This patch is just code motion, renaming things such as
	"console" or "pty", instead using more general terms such as
	"character device" or "device path".

	conf: Rename virconsole.* to virchrdev.*
	This is just code motion, in preparation to rename identifiers to be
	less console-specific.

2013-01-05  John Eckersberg  <jeckersb@redhat.com>

	api: Add API to tunnel a guest channel via stream
	This patch adds a new API, virDomainOpenChannel, that uses streams to
	connect to a virtio channel on a guest.  This creates a secure
	communication channel between a guest and a libvirt client.

	This behaves the same as virDomainOpenConsole, except on channels
	instead of console/serial/parallel devices.

2013-01-05  Eric Blake  <eblake@redhat.com>

	build: fix mingw rpm build
	Commit d13155c changed which files get installed for the
	libvirt-guests service, but did not touch up the mingw spec
	file.  As a result, rpmbuild complained:

	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/i686-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh
	   /usr/x86_64-w64-mingw32/sys-root/mingw/libexec/libvirt-guests.sh

	which in turn breaks ./autobuild.sh when cross-compilers are present.

	* mingw-libvirt.spec.in: Remove files not relevant to mingw.

2013-01-04  Eric Blake  <eblake@redhat.com>

	network: fix check for ambiguous lookup
	gcc -O2 complained:
	../../src/conf/network_conf.c: In function 'virNetworkDefUpdateDNSSrv':
	../../src/conf/network_conf.c:3232: error: 'foundIdx' may be used uninitialized in this function [-Wuninitialized]

	It turned out to be a spurious warning (we didn't use foundIdx
	unless foundCt was non-zero).  But in investigating that, I noticed
	a worse problem: we were using 'if (foundCt > 1)', but since foundCt
	was bool, it could never be > 1.

	* src/conf/network_conf.c (virNetworkDefUpdateDNSHost): Use
	correct type.
	(virNetworkDefUpdateDNSSrv): Likewise, and silence compiler
	warning.

2013-01-04  John Ferlan  <jferlan@redhat.com>

	Check and handle select() errors from waitsocket().

	tests: check and handle error for virAsprintf() calls

	Check return on mkdir for LOCKSPACE_DIR

	vmware: silence Coverity warning
	Ignore the return status check for vmwareUpdateVMStatus in convenience
	routine vmwareDomainObjListUpdateDomain

2013-01-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Detect VGA_QXL capability correctly
	Since 4c993d8a we failed to set this important capability, which
	allows starting a domain with QXL video card. We set DEVICE_QXL
	capability bit instead, which is not necessary wrong. Anyway, if
	qemu supports the new '-device qxl' it supports older '-vga qxl'
	as well. The latter is used for the primary (the first) qxl video
	card, the former for other video cards.

2013-01-04  Guido Günther  <agx@sigxcpu.org>

	Install virtlockd.{socket,service} non executable
	since they're not scripts but systemd service files.

2013-01-04  Ján Tomko  <jtomko@redhat.com>

	qemu: fix a segfault in qemuProcessWaitForMonitor
	Commit b3f2b4ca5cfe98b08ffdb96f0455e3e333e5ace6 left buf unallocated in
	the case of QMP capability probing being used, leading to a segfault in
	strlen in the cleanup path.

	This patch opens the log and allocates the buffer if QMP probing was
	used, so we can display the helpful error message.

2013-01-03  John Ferlan  <jferlan@redhat.com>

	parallels: check and handle error for virAsprintf() calls
	Ignore the return in parallelsMakePoolName() since subsequent check
	validates name was allocated.

	udev: check and handle error for virAsprintf() calls

2013-01-03  Eric Blake  <eblake@redhat.com>

	build: fix build with optimization enabled
	Build failure detected by Jenkins autobuilder:
	http://honk.sigxcpu.org:8001/job/libvirt-build/472/changes

	* .gnulib: Update to latest, for stdio.h rpl_fwrite fix.

2013-01-03  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't parse log output when starting up a domain
	Despite our great effort we still parsed qemu log output.
	We wouldn't notice unless upcoming qemu 1.4 changed the
	format of the logs slightly. Anyway, now we should gather
	all interesting knobs like pty paths from monitor. Moreover,
	since for historical reasons the first console can be just
	an alias to the first serial port, we need to check this and
	copy the pty path if that's the case to the first console.

2013-01-03  Eric Blake  <eblake@redhat.com>

	build: use autobuild module to make build logs nicer
	A recent build failure made me realize that we could usefully add
	a bit more information to configure output, for aid in analysis of
	failed builds.  Pulling in the autobuild module merely adds these
	four lines to configure output:

	configure: autobuild project... libvirt
	configure: autobuild revision... v1.0.1-113-g7a74eea
	configure: autobuild hostname... myhost
	configure: autobuild timestamp... 20130102T233543Z

	which can be useful even if not using the Autobuild project to parse
	build logs.

	* bootstrap.conf (gnulib_modules): Add autobuild.
	* configure.ac: Favor git version over release version, when available.

2013-01-02  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	'make syntax-check' warned that gnulib's copyright is now out of date.

	* .gnulib: Update to latest, for copyright year bump.
	* gnulib/local/m4/ssize_t.m4.diff: Regenerate.
	* bootstrap: Synchronize from upstream.

2013-01-02  Osier Yang  <jyang@redhat.com>

	Fix the comment grammar

	Remove the inexistent function in comments
	virNodeDeviceLookupByKey is inexistent.

2013-01-02  Michal Privoznik  <mprivozn@redhat.com>

	Revert "qemu: Adapt to new log format"
	This reverts commit 28224c4d2a2d623b9a0a714bc0454d47de5d7a35
	which shouldn't be needed at all because with current qemu
	we obtain all paths from 'query-chardev' output. We ought
	not parse log output at all anymore.

2012-12-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Adapt to new log format
	Since 586502189edf9fd0f89a83de96717a2ea826fdb0 qemu commit, the log
	lines reporting chardev's path has changed from:

	$ ./x86_64-softmmu/qemu-system-x86_64 -serial pty -serial pty -monitor pty
	char device redirected to /dev/pts/5
	char device redirected to /dev/pts/6
	char device redirected to /dev/pts/7

	to:

	$ ./x86_64-softmmu/qemu-system-x86_64 -serial pty -serial pty -monitor pty
	char device compat_monitor0 redirected to /dev/pts/5
	char device serial0 redirected to /dev/pts/6
	char device serial1 redirected to /dev/pts/7

	However, with current code we are not prepared for such change, which
	results in us being unable to start any domain.

2012-12-28  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Chown lease files as well
	Since sanlock doesn't run under root:root, we have chown()'ed the
	__LIBVIRT__DISKS__ lease file to the user:group defined in the
	sanlock config. However, when writing the patch I've forgot about
	lease files for each disk (this is the
	/var/lib/libvirt/sanlock/<md5>) file.

2012-12-28  Michal Privoznik  <mprivozn@redhat.com>

	python: Adapt to virevent rename
	With our recent renames under src/util/* we forgot to adapt
	python wrapper code generator. This results in some methods being
	not exposed:

	$ python examples/domain-events/events-python/event-test.py
	Using uri:qemu:///system
	Traceback (most recent call last):
	  File "examples/domain-events/events-python/event-test.py", line 585, in <module>
	    main()
	  File "examples/domain-events/events-python/event-test.py", line 543, in main
	    virEventLoopPureStart()
	  File "examples/domain-events/events-python/event-test.py", line 416, in virEventLoopPureStart
	    virEventLoopPureRegister()
	  File "examples/domain-events/events-python/event-test.py", line 397, in virEventLoopPureRegister
	    libvirt.virEventRegisterImpl(virEventAddHandleImpl,
	AttributeError: 'module' object has no attribute 'virEventRegisterImpl'

2012-12-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Convert some APIs to use qemuDomObjFromDomain
	Many internal qemu APIs must find domain object from passed
	virDomainPtr. And with function Peter's introduced, we can use it
	instead of copying multiple lines among code.

	qemu: Relax locking in DomainHasManagedSaveImage and DomainMonitorCommand
	There is no need to hold qemu lock during the whole execution
	of these two APIs.

2012-12-21  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Re-enable capability probing for virtio devices.
	Since we switched to QMP probing, the object types are spelled out
	explicitly, i.e. virtio-net-pci. This has effectively disabled
	the capability detection of s390 virtio devices. The trivial fix
	is to add the s390 virtio types explicitly to qemuCapsObjectProps.

2012-12-21  Laine Stump  <laine@laine.org>

	util: fix botched check for new netlink request filters
	This is an adjustment to the fix for

	  https://bugzilla.redhat.com/show_bug.cgi?id=889319

	to account for two bonehead mistakes I made.

	commit ac2797cf2af2fd0e64c58a48409a8175d24d6f86 attempted to fix a
	problem with netlink in newer kernels requiring an extra attribute
	with a filter flag set in order to receive an IFLA_VFINFO_LIST from
	netlink. Unfortunately, the #ifdef that protected against compiling it
	in on systems without the new flag went a bit too far, assuring that
	the new code would *never* be compiled, and even if it had, the code
	was incorrect.

	The first problem was that, while some IFLA_* enum values are also
	their existence at compile time, IFLA_EXT_MASK *isn't* #defined, so
	checking to see if it's #defined is not a valid method of determining
	whether or not to add the attribute. Fortunately, the flag that is
	being set (RTEXT_FILTER_VF) *is* #defined, and it is never present if
	IFLA_EXT_MASK isn't, so it's sufficient to just check for that flag.

	And to top it off, due to the code not actually compiling when I
	thought it did, I didn't realize that I'd been given the wrong arglist
	to nla_put() - you can't just send a const value to nla_put, you have
	to send it a pointer to memory containing what you want to add to the
	message, along with the length of that memory.

	This time I've actually sent the patch over to the other machine
	that's experiencing the problem, applied it to the branch being used
	(0.10.2) and verified that it works properly, i.e. it does fix the
	problem it's supposed to fix. :-/

2012-12-21  Eric Blake  <eblake@redhat.com>

	blockjob: fix memleak that prevented block pivot
	https://bugzilla.redhat.com/show_bug.cgi?id=888426

	The code for doing a block-copy was supposed to track the destination
	file in drive->mirror, but was set up to do all mallocs prior to
	starting the copy so that OOM wouldn't leave things partially started.
	However, the wrong variable was being written; later in the code we
	silently did 'disk->mirror = mirror' which was still NULL, and thus
	leaking memory and leaving libvirt to think that the mirror job was
	never started, which prevented a pivot operation after a copy.
	Problem introduced in commit 35c7701c6.

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Initialize correct
	variable.

2012-12-21  Daniel P. Berrange  <berrange@redhat.com>

	Sort util files in Makefile.am alphabetically

	Rename virterror.c virterror_internal.h to virerror.{c,h}

	Rename xml.{c,h} to virxml.{c,h}

	Rename uuid.{c,h} to viruuid.{c,h}

	Rename util.{c,h} to virutil.{c,h}

	Rename threads.{c,h} to virthread.{c,h}

	Rename threadpool.{c,h} to virthreadpool.{c,h}

	Rename sysinfo.{c,h} to virsysinfo.{c,h}

	Rename storage_file.{c,h} to virstoragefile.{c,h}

	Rename stats_linux.{c,h} to virstatslinux.{c,h}

	Rename sexpr.{c,h} to virsexpr.{c,h}

	Merge processinfo.{c,h} into virprocess.{c,h}

	Rename pci.{c,h} to virpci.{c,h}

	Rename memory.{c,h} to viralloc.{c,h}

	Rename logging.{c,h} to virlog.{c,h}

	Rename json.{c,h} to virjson.{c,h}

	Rename iptables.{c,h} to viriptables.{c,h}

	Rename hostusb.{c,h} to virusb.{c,h}

	Rename hooks.{c,h} to virhook.{c,h}

	Rename event_poll.{c,h} to vireventpoll.{c,h}

	Rename event.{c,h} to virevent.{c,h}
	Since the event APIs are now in the public header, no internal
	code should include virevent.h

	Rename ebtables.{c,h} to virebtables.{c,h}

	Rename dnsmasq.{c,h} to virdnsmasq.{c,h}

	Rename conf.{c,h} to virconf.{c,h}

	Rename command.{c,h} to vircommand.{c,h}

	Rename buf.{c,h} to virbuffer.{c,h}

	Rename bitmap.{c,h} to virbitmap.{c,h}

	Rename cgroup.{h,c} to vircgroup.{h,c}
	To bring in line with new naming practice, rename the=
	src/util/cgroup.{h,c} files to vircgroup.{h,c}

2012-12-21  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Support all backend serial devices for pSeries guest
	Currently, it only considers PTY backend serial devices for pseries.
	It need to support all kinds of serial devices.

	This patch is to fix the problem which is that it doesn't work
	when specifying source type as file.

2012-12-21  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Remove QEMU_CAPS_NO_ACPI capability for non-x86 platform
	ACPI is only supported on x86 platform, PPC can't support it.
	So QEMU_CAPS_NO_ACPI shouldn't be set.

	This patch is to remove QEMU_CAPS_NO_ACPI capability for
	non-x86 platform.

2012-12-21  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Set std VGA model as default model for ppc64.
	Cirrus VGA model is not supported on ppc64 currently.
	It needs to set std VGA model as the default model.

2012-12-20  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add sysinfo data and enable virSysinfoRead test case for POWER
	This patch is to enable virSysinfoRead test case for POWER,
	and provide sysinfo data on POWER.

	Reviewed-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>

2012-12-20  Laine Stump  <laine@laine.org>

	util: fix functions that retrieve SRIOV VF info
	This patch resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=889319

	When assigning an SRIOV virtual function to a guest using "intelligent
	PCI passthrough" (<interface type='hostdev'>, which sets the MAC
	address and vlan tag of the VF before passing its info to qemu),
	libvirt first learns the current MAC address and vlan tag by sending
	an NLM_F_REQUEST message for the VF's PF (physical function) to the
	kernel via a NETLINK_ROUTE socket (see virNetDevLinkDump()); the
	response message's IFLA_VFINFO_LIST section is examined to extract the
	info for the particular VF being assigned.

	This worked fine with kernels up until kernel commit
	115c9b81928360d769a76c632bae62d15206a94a (first appearing in upstream
	kernel 3.3) which changed the ABI to not return IFLA_VFINFO_LIST in
	the response until a newly introduced IFLA_EXT_MASK field was included
	in the request, with the (newly introduced, of course) RTEXT_FILTER_VF
	flag set.

	The justification for this ABI change was that new fields had been
	added to the VFINFO, causing NLM_F_REQUEST messages to fail on systems
	with large numbers of VFs if the requesting application didn't have a
	large enough buffer for all the info. The idea is that most
	applications doing an NLM_F_REQUEST don't care about VFINFO anyway, so
	eliminating it from the response would lower the requirements on
	buffer size. Apparently, the people who pushed this patch made the
	mistaken assumption that iproute2 (the "ip" command) was the only
	package that used IFLA_VFINFO_LIST, so it wouldn't break anything else
	(and they made sure that iproute2 was fixed.

	The logic of this "fix" is debatable at best (one could claim that the
	proper fix would be for the applications in question to be fixed so
	that they properly sized the buffer, which is what libvirt does
	(purely by virtue of using libnl), but it is what it is and we have to
	deal with it.

	In order for <interface type='hostdev'> to work properly on systems
	with a kernel 3.3 or later, libvirt needs to add the afore-mentioned
	IFLA_EXT_MASK field with RTEXT_FILTER_VF set.

	Of course we also need to continue working on systems with older
	kernels, so that one bit of code is compiled conditionally. The one
	time this could cause problems is if the libvirt binary was built on a
	system without IFLA_EXT_MASK which was subsequently updated to a
	kernel that *did* have it. That could be solved by manually providing
	the values of IFLA_EXT_MASK and RTEXT_FILTER_VF and adding it to the
	message anyway, but I'm uncertain what that might actually do on a
	system that didn't support the message, so for the time being we'll
	just fail in that case (which will very likely never happen anyway).

2012-12-20  Laine Stump  <laine@laine.org>

	util: add missing error log messages when failing to get netlink VFINFO
	This patch fixes the lack of error messages when libvirt fails to find
	VFINFO in a returned netlinke response message.

	https://bugzilla.redhat.com/show_bug.cgi?id=827519#c10 is an example
	of the error message that was previously logged when the
	IFLA_VFINFO_LIST object was missing from the netlink response. The
	reason for this failure is detailed in

	   https://bugzilla.redhat.com/show_bug.cgi?id=889319

	Even though that root problem has been fixed, the experience of
	finding the root cause shows us how important it is to properly log an
	error message in these cases. This patch *seems* to replace the entire
	function, but really most of the changes are due to moving code that
	was previously inside an if() statement out to the top level of the
	function (the original if() was reversed and made to log an error and
	return).

2012-12-20  Ján Tomko  <jtomko@redhat.com>

	security: fix #endif comment in security_stack.h

2012-12-19  Eric Blake  <eblake@redhat.com>

	maint: formatting cleanups in buf.c
	* src/util/buf.c: Use consistent formatting.

2012-12-19  Eric Blake  <eblake@redhat.com>

	build: use strchr now that we can work around broken gcc
	Revert the complex workaround of commit 39d91e9, now that we have
	a nicer framework for shutting up broken gcc.

	* src/util/buf.c (virBufferEscape): Simplify.

2012-12-19  Eric Blake  <eblake@redhat.com>

	build: make broken -Wlogical-op test be gcc-only
	Commit 8b8fcdea introduced a check for broken gcc -Wlogical-op,
	but did not guard the check against non-gcc compilers, which might
	lead to spurious failures when another compiler encounters an
	unknown pragma.  Additionally, all of our compiler warning logic
	should belong in a single file, and use cache variables to allow
	overriding the decision at configure time if necessary.

	* configure.ac (BROKEN_GCC_WLOGICALOP): Move...
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): ...here,
	and update to modern autoconf idioms.

2012-12-19  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	util: FreeBSD: stub out CPU affinity functions

	nodeinfo: add FreeBSD support
	Uses sysctl(3) interface to obtain CPU and memory information on FreeBSD

2012-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix arch datatype in vahControl in virt-aa-helper.c
	When changing to virArch, the virt-aa-helper.c file was not
	completely changed. The vahControl struct was left with a
	char *arch field, instead of virArch arch field.

	Change string form of VIR_ARCH_ITANIUM back to ia64
	Historically there was an inconsistency in handling of the
	itanium arch. The xen driver & CPU model code treated it
	as 'ia64' but the QEMU capabilities code used 'itanium'. On
	the grounds that no one has ever seriously used  itanium
	with QEMU, while RHEL shipped itanium with Xen, we should
	favour 'ia64' as the canonical format

	Fix parsing of arch from domain XML
	When parsing the arch from domain XML, the result was only
	saved to a local variable, not the virDomainDefPtr

	Fix CPU baseline to not hardcode arch
	Prior to the virArch changes, the CPU baseline method would
	free the arch string in the returned CPU. Fix the regression
	by setting arch to VIR_ARCH_NONE at the end

	Fix SELinux security label test
	If securityselinuxtest was run on a system with newer SELinux
	policy it would fail, due to using svirt_tcg_t instead of
	svirt_t. Fixing the domain type to be KVM avoids this issue.

2012-12-19  Martin Kletzander  <mkletzan@redhat.com>

	conf: eliminate redundant use of VIR_ALLOC
	We can use VIR_REALLOC_N with NULL pointer, which behaves the same way
	as VIR_ALLOC_N in that case, so no need for a condition that's
	checking if some data are allocated already.

	---

	I tried to find other parts of the code similar to this, so I can do a
	full cleanup for the whole repository, so I used this (excuse the long
	line, but that's how I was writing it):

	git grep -nHC 5 -e VIR_REALLOC_N -e VIR_ALLOC_N | while read line; do if [[ "$line" == "--" ]]; then if [[ ${#tmpbuf} -gt 10 && "$REALLOC_N" == "true" && "$ALLOC_N" == "true" ]]; then echo $line; while [[ ${#tmpbuf[*]} -gt 0 ]]; do echo "${tmpbuf[0]}"; tmpbuf=( "${tmpbuf[@]:1:${#tmpbuf[*]}}" ); done; fi; unset tmpbuf REALLOC_N ALLOC_N; else if [[ "$ALLOC_N" != "true" && "${line/VIR_ALLOC_N//}" != "${line}" ]]; then ALLOC_N="true"; fi; if [[ "$REALLOC_N" != "true" && "${line/VIR_REALLOC_N//}" != "${line}" ]]; then REALLOC_N="true"; fi; tmpbuf[${#tmpbuf[*]}]="$line"; fi; done | less

	And reviewed the output just to find out this was the only occurrence of
	the inconsistency.

2012-12-19  Martin Kletzander  <mkletzan@redhat.com>

	conf: minor indentation cleanups
	On few places there are too many levels of indentation when some of
	them can be fixed with negating the option they are in or omitting
	useless condition altogether.

	fix typo in the word affinities
	This patch fixes just the word Affinites to Affinities (it's really
	painful to search in TAGS without being able to find the right
	function).

2012-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix libxl driver for virArch changes

	Fix test cases for virArch changes

	Fix XenAPI driver for virArch changes

	Export all symbols from virarch.{c,h} to drivers/tests/etc

	Convert QEMU capabilities code to use virArch

2012-12-18  Jiri Denemark  <jdenemar@redhat.com>

	spec: Do not install *.py[co] in python examples
	Unfortunately, rpm is stupid enough to bytycompile python scripts even
	though they are located in /usr/share/doc/libvirt-python-*/examples and
	it does so after %install phase is finished. Thus there's no way we
	could remove those files from BUILDROOT. As a workaround, we may safely
	remove the examples subdirectory completely without losing anything. The
	python scripts that were installed there are also copied directly into
	/usr/share/doc/libvirt-python-*/ by

	    %doc python/tests/*.py

	rule. And yes, the files are actually tests, not examples.

2012-12-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert CPU APIs to use virArch

	Convert capabilities / domain_conf to use virArch
	Convert the host capabilities and domain config structs to
	use the virArch datatype. Update the parsers and all drivers
	to take account of datatype change

	Convert QEMU command line builder to virArch APIs
	Use virArch APIs to determine host architecture when launching
	QEMU.

	Convert nodeGetInfo to virArch APIs
	Replace use of uname in nodeGetInfo with virArch APIs to
	provide canonicalization of host architecture name

	Introduce a set of APIs for managing architectures
	Introduce a 'virArch' enum for CPU architectures. Include
	data type providing wordsize and endianness, and APIs to
	query this info and convert to/from enum and string form.

2012-12-18  Cole Robinson  <crobinso@redhat.com>

	spec: Fix script warning when uninstalling libvirt-client
	https://bugzilla.redhat.com/show_bug.cgi?id=888071

2012-12-18  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix documentation for readonly element

2012-12-18  Daniel Veillard  <veillard@redhat.com>

	Added Ján Tomko to the commiters list
	And Guannan Ren who was missing from the list

2012-12-17  Laine Stump  <laine@laine.org>

	network: don't require private addresses if dnsmasq uses SO_BINDTODEVICE
	This is yet another refinement to the fix for CVE-2012-3411:

	   https://bugzilla.redhat.com/show_bug.cgi?id=833033

	It turns out that it would be very intrusive to correctly backport the
	entire --bind-dynamic option to older dnsmasq versions
	(e.g. dnsmasq-2.48 that is used on RHEL6.x and CentOS 6.x), but very
	simple to patch those versions to just use SO_BINDTODEVICE on all
	their listening sockets (SO_BINDTODEVICE also has the desired effect
	of permitting only traffic that was received on the interface(s) where
	dnsmasq was set to listen.)

	This patch modifies the dnsmasq capabilities detection to detect the
	string:

	    --bind-interfaces with SO_BINDTODEVICE

	in the output of "dnsmasq --version", and in that case realize that
	using the old --bind-interfaces option is just as safe as
	--bind-dynamic (and therefore *not* forbid creation of networks that
	use public IP address ranges).

	If -bind-dynamic is available, it is still preferred over
	--bind-interfaces.

	Note that this patch does no harm in upstream, or in any distro's
	downstream if it happens to end up there, but builds for distros that
	have a new enough dnsmasq to support --bind-dynamic do *NOT* need to
	specifically backport this patch; it's only required for distro
	releases that have dnsmasq too old to have --bind-dynamic (and those
	distros will need to add the SO_BINDTODEVICE patch to dnsmasq,
	*including the extra string in the --version output*, as well.

2012-12-17  Jiri Denemark  <jdenemar@redhat.com>

	apparmor: Fix build

2012-12-17  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix AUTHORS generation
	Using s/#authorslist#/$$out/ makes perl eat @domain part of all email
	addresses from $out since it tries to interpret them as array variables.
	I'm not sure if we can escape those in s/// but I know we can use print:

	    s/#authorslist#// and print '$$out'

	to tell perl not to even look inside $out.

	This patch also fixes gen-AUTHORS so that it works in VPATH.

2012-12-17  Laine Stump  <laine@laine.org>

	network: fix indentation of networkDnsmasqConfContents
	Somehow I managed to push the changes to this file with improper
	indentation. This patch just re-indents, reformats the comment lines,
	and re-groups a couple of multi-line strings so that they fit within
	80 columns. The resulting binary should be identical.

2012-12-17  Cole Robinson  <crobinso@redhat.com>

	.gitignore: add tests/sysinfotest

	hostusb: Move USB_DEVFS define to hostusb.h to fix the build

2012-12-17  Cole Robinson  <crobinso@redhat.com>

	daemon: Preface polkit error output with 'polkit:'
	There's been a few bugs about an expected error from polkit:

	https://bugzilla.redhat.com/show_bug.cgi?id=873799
	https://bugzilla.redhat.com/show_bug.cgi?id=872166

	The error is:

	Authorization requires authentication but no agent is available.

	The error means that polkit needs a password, but there is no polkit
	agent registered in your session. Polkit agents are the bit of UI that
	pop up and actually ask for your password.

	Preface the error with the string 'polkit:' so folks can hopefully
	make more sense of it.

2012-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Add support for hotplug/unplug of host misc devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of host misc devices.

	Add support for hotplug/unplug of host storage devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of host storage devices.

	Add support for hotplug/unplug of USB host devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of USB host devices.

	Add support for hotplug/unplug of NIC devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of NICs.

	Add support for hotplug/unplug of disk devices in LXC
	Wire up the attach/detach device drivers in LXC to support the
	hotplug/unplug of disks.

	Add support for attach/detach/update hostdev devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of hostdevs in the persistent config file

	Add support for attach/detach/update disk devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of disks in the persistent config file

	Add support for attach/detach/update net devices in config for LXC
	Wire up the attach/detach/update device APIs to support changing
	of network interfaces in the persistent config file

	Add basic driver API framework for device attach/detach support in LXC
	This wires up the LXC driver to support the domain device attach/
	detach/update APIs, following the same code design as used in
	the QEMU driver. No actual changes are possible with this commit,
	it is only providing the framework

	Add support for misc host device passthrough with LXC
	This extends support for host device passthrough with LXC to
	cover misc devices. In this case all we need todo is a
	mknod in the container's /dev and whitelist the device in
	cgroups

	Add support for storage host device passthrough with LXC
	This extends support for host device passthrough with LXC to
	cover storage devices. In this case all we need todo is a
	mknod in the container's /dev and whitelist the device in
	cgroups

	Add support for USB host device passthrough with LXC
	This adds support for host device passthrough with the
	LXC driver. Since there is only a single kernel image,
	it doesn't make sense to pass through PCI devices, but
	USB devices are fine. For the latter we merely need to
	make the /dev/bus/usb/NNN/MMM character device exist
	in the container's /dev

	Add support for disks with LXC
	Currently LXC guests can be given arbitrary pre-mounted
	filesystems, however, for some usecases it is more appropriate
	to provide block devices which the container can mount itself.
	This first impl only allows for <disk type='block'>, in other
	words exposing a host disk device to a container. Since LXC
	does not have device namespace virtualization, we are cheating
	a little bit. If the XML specifies /dev/sdc4 to be given to
	the container as /dev/sda1, when we do the mknod /dev/sda1
	in the container's /dev, we actually use the major:minor
	number of /dev/sdc4, not /dev/sda1.

	Add support for SELinux labelling of hostdev storage/misc devices
	The SELinux security driver needs to learn to label storage/misc
	hostdev devices for LXC

	Refactor SELinux security driver hostdev labelling
	Prepare to support different types of hostdevs by refactoring
	the current SELinux security driver code

	Allow passing a vroot into security manager hostdev labelling
	When LXC labels USB devices during hotplug, it is running in
	host context, so it needs to pass in a vroot path to the
	container root.

	Skip bulk relabelling of resources in SELinux driver when used with LXC
	The virSecurityManager{Set,Restore}AllLabel methods are invoked
	at domain startup/shutdown to relabel resources associated with
	a domain. This works fine with QEMU, but with LXC they are in
	fact both currently no-ops since LXC does not support disks,
	hostdevs, or kernel/initrd files. Worse, when LXC gains support
	for disks/hostdevs, they will do the wrong thing, since they
	run in host context, not container context. Thus this patch
	turns then into a formal no-op when used with LXC. The LXC
	controller will call out to specific security manager labelling
	APIs as required during startup.

	Refactor LXC NIC creation to allow reuse by hotplug code
	The code for creating veth/macvlan devices is part of the
	LXC process startup code. Refactor this a little and export
	the methods to the rest of the LXC driver. This allows them
	to be reused for NIC hotplug code

2012-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Add support for <hostdev mode="capabilities">
	The <hostdev> device type has long had a redundant "mode"
	attribute, which has always been "subsys". This finally
	introduces a new mode "capabilities", which will be used
	by the LXC driver for device assignment. Since container
	based virtualization uses a single kernel, the idea of
	assigning physical PCI devices doesn't make sense. It is
	still reasonable to assign USB devices, but for assigning
	arbitrary nodes in /dev, the new 'capabilities' mode is
	to be used.

	The first capability support is 'storage', which is for
	assignment of block devices. Functionally this is really
	pretty similar to the <disk> support. The only difference
	is the device node name is identical in both host and
	container namespaces.

	    <hostdev mode='capabilities' type='storage'>
	      <source>
	        <block>/dev/sdf1</block>
	      </source>
	    </hostdev>

	The second capability support is 'misc', which is for
	assignment of character devices. There is no existing
	parallel to this. Again the device node is the same
	inside & outside the container.

	    <hostdev mode='capabilities' type='misc'>
	      <source>
	        <char>/dev/input/event3</char>
	      </source>
	    </hostdev>

	The reason for keeping the char & storage devices
	separate in the domain XML, is to mirror the split
	in the node device XML. NB the node device XML does
	not yet report character devices, but that's another
	new patch to come

2012-12-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	tests: Add tests for sysinfo
	Test cases for virSysinfoRead. Initially, there are tests for
	x86 (DMI based) and s390 (/proc/... based).
	In lack of PPC data, I have stubbed out the test for it, but it
	can be added with a minimal effort.

2012-12-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Fix virSysinfoRead memory corruption
	There was a double free issue caused by virSysinfoRead on s390,
	as the same manufacturer string instance was assigned to more
	than one processor record.
	Cleaned up other potential memory issues and restructured the sysinfo
	parsing code by moving repeating patterns into a helper function.

	The restructuring made it necessary to conditionally disable
	-Wlogical-op for some older GCC versions, using pragma GCC diagnostic.
	This is a GCC specific pragma, which is acceptable, since we're
	using it to work around a GCC specific bug.

	Finally, added a function virSysinfoSetup to configure the sysinfo
	data source files/script during run time, to facilitate writing test
	programs. This function is not published in sysinfo.h and only
	there for testing.

2012-12-17  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Check for broken GCC -Wlogical-op in configure
	Some older versions of GCC report a false positive on code like
	  char * haystack, needle;
	  strchr(haystack, needle);

	Added an extra check in configure.ac which will
	  #define BROKEN_GCC_WLOGICALOP 1
	in this case, allowing to special handle "offending" code.

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	conf: cpu: Break some long lines

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	conf: cpu: Refactor parsing of vendor_id and fallback attributes
	This patch simplifies the code that parses the fallback and vendor_id
	attributes from the domain xml cpu definition.

	Changes done:
	- free temp variables in the cleanup section instead of local use
	- remove checking for presence of the attribute to directly getting the
	value (saving call to virXPathBoolean)
	- replace loop used to check for ',' in the vendor_id string with strchr

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	conf: cpu: Fix memory leak when specifying cpu vendor_id manually
	The field was not freed from the cpu definition.

2012-12-17  Ken ICHIKAWA  <ichikawa.ken@jp.fujitsu.com>

	conf: cpu: Fix parsing of vendor_id
	This patch fixes a problem that vendor_id attribute can not be defined
	when fallback attribute is not defined.

	If I define domain xml like below:
	<domain>
	  <cpu>
	    <model vendor_id='aaaabbbbcccc'>core2duo</model>
	  </cpu>
	</domain>

	In dumpxml, vendor_id is not reflected:
	<domain>
	  <cpu mode='custom' match='exact'>
	    <model fallback='allow'>core2duo</model>
	  </cpu>
	</domain>

	The expected output is:
	<domain>
	  <cpu mode='custom' match='exact'>
	    <model fallback='allow' vendor_id='aaaabbbbcccc'>core2duo</model>
	  </cpu>
	</domain>

	If the fallback attribute and vendor_id attribute is defined at the same
	time, it's reflected as expected.

2012-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Support custom 'svirt_tcg_t' context for TCG based guests
	The current SELinux policy only works for KVM guests, since
	TCG requires the 'execmem' privilege. There is a 'virt_use_execmem'
	boolean to turn this on globally, but that is unpleasant for users.
	This changes libvirt to automatically use a new 'svirt_tcg_t'
	context for TCG based guests. This obsoletes the previous
	boolean tunable and makes things 'just work(tm)'

	Since we can't assume we run with new enough policy, I also
	make us log a warning message (once only) if we find the policy
	lacks support. In this case we fallback to the normal label and
	expect users to set the boolean tunable

2012-12-17  Peter Krempa  <pkrempa@redhat.com>

	docs: Replace </br> with <br/> in docs/news.html.in

2012-12-17  Guannan Ren  <gren@redhat.com>

	tests: add one -device video device testcase
	The testcase is for testing non-fixed PCI address for primary
	video device and using video args to -deivce qemu option.

2012-12-17  Guannan Ren  <gren@redhat.com>

	qemu: use newer -device video device in qemu commandline
	'-device VGA' maps to '-vga std'
	'-device cirrus-vga' maps to '-vga cirrus'
	'-device qxl-vga' maps to '-vga qxl'
	             (there is also '-device qxl' for secondary devices)
	'-device vmware-svga' maps to '-vga vmware'

	For qemu(>=1.2), we can use -device to replace -vga for video
	device. For the primary video device, the patch tries to use 0x2
	slot for matching old qemu. If the 0x2 slot is allocated already,
	the addr property could help for using any available slot.
	For qemu(< 1.2), we keep using -vga for primary device.

2012-12-17  Guannan Ren  <gren@redhat.com>

	conf: add optional attribte primary to video <model> element
	If there are multiple video devices
	primary = 'yes' marks this video device as the primary one.
	The rest are secondary video devices. No more than one could be
	mark as primary. If none of them has primary attribute, the first
	one will be the primary by default like what it was.
	The reason of this changing is that for qemu, only one primary video
	device is permitted which can be of any type. For secondary video
	devices, only qxl is allowd. Primary attribute removes the restriction
	that the first have to be the primary one.

	We always put the primary video device into the first position of
	video device structure array after parsing.

2012-12-17  Guannan Ren  <gren@redhat.com>

	qemu: add qemu vga devices caps and one cap to mark them usable
	QEMU_CAPS_DEVICE_QXL          -device qxl
	QEMU_CAPS_DEVICE_VGA          -device VGA
	QEMU_CAPS_DEVICE_CIRRUS_VGA   -device cirrus-vga
	QEMU_CAPS_DEVICE_VMWARE_SVGA  -device vmware-svga

	QEMU_CAPS_DEVICE_VIDEO_PRIMARY  /* safe to use -device XXX
	                                 for primary video device */

	Fix a typo in qemuCapsObjectTypes, the string 'qxl' here
	should be -device qxl rather than -vga [...|qxl|..]

2012-12-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.1
	- configure.ac docs/news.html.in: update for the release
	- po/*.po: updated from transifex

2012-12-14  Eric Blake  <eblake@redhat.com>

	build: minor build fixes for BSD
	Noticed these while building on FreeBSD.

	* src/qemu/qemu_monitor.c (qemuMonitorBlockInfoLookup): Rename
	variable to avoid 'devname' collision.
	* src/qemu/qemu_driver.c (qemuDomainInterfaceStats): Mark unused
	variable.

2012-12-14  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Socket identity support for FreeBSD.
	This adds an implementation of virNetSocketGetUNIXIdentity()
	using LOCAL_PEERCRED socket option and xucred struct, defined
	in <sys/ucred.h> on systems that have it.

2012-12-14  Laine Stump  <laine@laine.org>

	network: fix (non)update of dnsmasq config during virDomainUpdateDeviceFlags
	A forgotten "!" in recently-modified code at the top of
	networkRefreshDaemon() meant an improper early return, which led to 1)
	dnsmasq config files not being updated from the newly modified config,
	and 2) dnsmasq not being sent a SIGHUP so that it could learn about
	the changes to the config.

	virNetworkDefGetIpByIndex() returns NULL if there are no ip objects of
	the requested type, and if there are no IP elements, then dnsmasq
	shouldn't be running, so we can return early. Otherwise we should
	rewrite the config files and send a SIGHUP.

2012-12-14  Guido Günther  <agx@sigxcpu.org>

	Require SANLK_INQ_WAIT for inq_lockspace support
	since compilation breaks otherwise with older libsanlock.

2012-12-14  Eric Blake  <eblake@redhat.com>

	docs: fix some typos in examples
	As detected in https://bugzilla.redhat.com/show_bug.cgi?id=887187

	* docs/formatdomain.html.in: Fix XML typos.

2012-12-14  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Re-add lockspace unconditionally
	Currently, if sanlock is already registering a lockspace other
	libvirtd instances (from other hosts) obtain -EINPROGRESS. On
	sufficiently new sanlock, sanlock_inq_lockspace() is called,
	which suspend execution until lockspace state is changed. With
	current libvirt implementation, we fail to retry adding the
	lockspace again but continue in error path. Therefore we produce
	meaningless error message:

	virLockManagerSanlockSetupLockspace:363 : Unable to add lockspace
	/var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Success
	qemudLoadDriverConfig:558 : Failed to load lock manager sanlock

	We should try to re-add the lockspace after its state change to
	be sure it was added successfully. In fact, with sufficiently new
	sanlock we can just avoid dummy usleep() which is used if there's
	no inquire API.

2012-12-14  Eric Blake  <eblake@redhat.com>

	install: fix virtlockd installation
	The virtlockd daemon scripts were lousy, when compared to their
	counterparts in daemon/Makefile.am.  In particular, when init
	scripts were selected, this resulted in 'make distcheck' failing
	due to failure to clean up src/virtlockd.init.

	* src/Makefile.am (install-systemd): Fix dependencies.  Use MKDIR_P.
	(uninstall-systemd): Remove empty directory.  Use fewer processes.
	(install-init, install-sysconfig): Use MKDIR_P.
	(uninstall-init): Remove correct file, and also empty directory.
	(uninstall-sysconfig): Remove empty directory.
	(DISTCLEANFILES): Clean up trivially built sources.

2012-12-14  Michał Łomnicki  <michal.lomnicki@gmail.com>

	docs: Fix location of libvirt.conf and auth.conf
	For a unprivileged user libvirt.conf and auth.conf are looked up in
	$XDG_CONFIG_HOME but the docs incorrectly state that it's $XDG_CONFIG_DIR.

2012-12-14  Laine Stump  <laine@laine.org>

	qemu: don't fail update netdev on bridge detach failure
	When a network device's bridge connection is changed by
	virDomainUpdateDevice, libvirt first removes the netdev's tap from its
	old bridge, then adds it to the new bridge. Sometimes, due to a
	network being destroyed while a guest device is still attached, the
	tap may already be "removed" from the old bridge (or the old bridge
	may not even exist any more); the existing code was needlessly failing
	the update when this happened, making it impossible to recover from
	the situation without completely detaching (i.e. removing) the netdev
	from the guest and re-attaching.

	Instead of failing the entire operation when removal of the tap from
	the old bridge fails, this patch changes qemuDomainChangeNetBridge to
	just log a warning and continue, allowing a reasonable recover from
	the situation.

	(you'll appreciate this change if you ever accidentally destroy a
	network while your guests are still using it).

2012-12-14  Jiri Denemark  <jdenemar@redhat.com>

	spec: Include lockd files in libvirt-daemon package

	build: Install both qemu-lockd.conf and qemu-sanlock.conf
	With sanlock enabled, only one of those files was installed.

2012-12-13  Eric Blake  <eblake@redhat.com>

	build: use fewer cat processes
	* src/Makefile.am (libvirt.syms): Let cat loop for us.

2012-12-13  Ján Tomko  <jtomko@redhat.com>

	selinux: fix NULL dereference in GetSecurityMountOptions
	In the case of an OOM error in virDomainDefGetSecurityLabelDef, secdef
	is set to NULL, then dereferenced while printing the debug message.

2012-12-13  Jiri Denemark  <jdenemar@redhat.com>

	build: Distribute more files

	locking: Fix VPATH build and distribute generated files

2012-12-13  Laine Stump  <laine@laine.org>

	network: prevent dnsmasq from listening on localhost
	This patch resolves the problem reported in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=886663

	The source of the problem was the fix for CVE 2011-3411:

	   https://bugzilla.redhat.com/show_bug.cgi?id=833033

	which was originally committed upstream in commit
	753ff83a50263d6975f88d6605d4b5ddfcc97560. That commit improperly
	removed the "--except-interface lo" from dnsmasq commandlines when
	--bind-dynamic was used (based on comments in the latter bug).

	It turns out that the problem reported in the CVE could be eliminated
	without removing "--except-interface lo", and removing it actually
	caused each instance of dnsmasq to listen on localhost on port 53,
	which created a new problem:

	If another instance of dnsmasq using "bind-interfaces" (instead of
	"bind-dynamic") had already been started (or if another instance
	started later used "bind-dynamic"), this wouldn't have any immediately
	visible ill effects, but if you tried to start another dnsmasq
	instance using "bind-interfaces" *after* starting any libvirt
	networks, the new dnsmasq would fail to start, because there was
	already another process listening on port 53.

	(Subsequent to the CVE fix, another patch changed the network driver
	to put dnsmasq options in a conf file rather than directly on the
	dnsmasq commandline, but preserved the same options.)

	This patch changes the network driver to *always* add
	"except-interface=lo" to dnsmasq conf files, regardless of whether we use
	bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
	are listening on localhost (and the CVE is still fixed).

	The actual code change is miniscule, but must be propogated through all
	of the test files as well.

2012-12-13  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build
	$(srcdir) is already part of $$file since commit f1f9a7ac7e.

2012-12-13  Ján Tomko  <jtomko@redhat.com>

	virsh: use vshReconnect for non-default connections too
	For non-default connections (specified by the environment variable or
	the command line option) we call virConnectOpenAuth without registering
	the vshCatchDisconnect callback.

	This calls vshReconnect instead which takes care of it.

2012-12-13  Ján Tomko  <jtomko@redhat.com>

	virsh: don't lie about reconnection in vshReconnect
	Since we (ab)use vshReconnect for the default URI connection, if it
	fails it might print 'Failed to reconnect to the hypervisor' even if we
	were never connected before.

	This changes it to only mention reconnection on the first try after
	getting disconnected.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Add support for locking based on SCSI volume ID

	Add support for locking based on LVM volume uuid

	Add ability to maintain disk leases indirectly
	The default lockd driver behavour is to acquire leases
	directly on the disk files. This introduces an alternative
	mode, where leases are acquire indirectly on a file that
	is based on a SHA256 hash of the disk filename.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Add a virtlockd client as a lock driver impl
	This adds a 'lockd' lock driver which is just a client which
	talks to the lockd daemon to perform all locking. This will
	be the default lock driver for any hypervisor which needs one.

	* src/Makefile.am: Add lockd.so plugin
	* src/locking/lock_driver_lockd.c: Lockd driver impl

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Add support for re-exec() of virtlockd upon SIGUSR1
	The virtlockd daemon maintains file locks on behalf of libvirtd
	and any VMs it is running. These file locks must be held for as
	long as any VM is running. If virtlockd itself ever quits, then
	it is expected that a node would be fenced/rebooted. Thus to
	allow for software upgrads on live systemd, virtlockd needs the
	ability to re-exec() itself.

	Upon receipt of SIGUSR1, virtlockd will save its current live
	state out to a file /var/run/virtlockd-restart-exec.json
	It then re-exec()'s itself with exactly the same argv as it
	originally had, and loads the state file, reconstructing any
	objects as appropriate.

	The state file contains information about all locks held and
	all network services and clients currently active. An example
	state document is

	 {
	    "server": {
	        "min_workers": 1,
	        "max_workers": 20,
	        "priority_workers": 0,
	        "max_clients": 20,
	        "keepaliveInterval": 4294967295,
	        "keepaliveCount": 0,
	        "keepaliveRequired": false,
	        "services": [
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_client_max": 1,
	                "socks": [
	                    {
	                        "fd": 6,
	                        "errfd": -1,
	                        "pid": 0,
	                        "isClient": false
	                    }
	                ]
	            }
	        ],
	        "clients": [
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_max": 1,
	                "sock": {
	                    "fd": 9,
	                    "errfd": -1,
	                    "pid": 0,
	                    "isClient": true
	                },
	                "privateData": {
	                    "restricted": true,
	                    "ownerPid": 1722,
	                    "ownerId": 6,
	                    "ownerName": "f18x86_64",
	                    "ownerUUID": "97586ba9-df27-9459-c806-f016c8bbd224"
	                }
	            },
	            {
	                "auth": 0,
	                "readonly": false,
	                "nrequests_max": 1,
	                "sock": {
	                    "fd": 10,
	                    "errfd": -1,
	                    "pid": 0,
	                    "isClient": true
	                },
	                "privateData": {
	                    "restricted": true,
	                    "ownerPid": 1784,
	                    "ownerId": 7,
	                    "ownerName": "f16x86_64",
	                    "ownerUUID": "7b8e5e42-b875-61e9-b981-91ad8fa46979"
	                }
	            }
	        ]
	    },
	    "defaultLockspace": {
	        "resources": [
	            {
	                "name": "/var/lib/libvirt/images/f16x86_64.raw",
	                "path": "/var/lib/libvirt/images/f16x86_64.raw",
	                "fd": 14,
	                "lockHeld": true,
	                "flags": 0,
	                "owners": [
	                    1784
	                ]
	            },
	            {
	                "name": "/var/lib/libvirt/images/shared.img",
	                "path": "/var/lib/libvirt/images/shared.img",
	                "fd": 12,
	                "lockHeld": true,
	                "flags": 1,
	                "owners": [
	                    1722,
	                    1784
	                ]
	            },
	            {
	                "name": "/var/lib/libvirt/images/f18x86_64.img",
	                "path": "/var/lib/libvirt/images/f18x86_64.img",
	                "fd": 11,
	                "lockHeld": true,
	                "flags": 0,
	                "owners": [
	                    1722
	                ]
	            }
	        ]
	    },
	    "lockspaces": [

	    ],
	    "magic": "30199"
	 }

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Enable systemd socket activation with virtlockd
	This enhancement virtlockd so that it can receive a pre-opened
	UNIX domain socket from systemd at launch time, and adds the
	systemd service/socket unit files

	* daemon/libvirtd.service.in: Require virtlockd to be running
	* libvirt.spec.in: Add virtlockd systemd files
	* src/Makefile.am: Install systemd files
	* src/locking/lock_daemon.c: Support socket activation
	* src/locking/virtlockd.service.in, src/locking/virtlockd.socket.in:
	  systemd unit files
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h:
	  Add virNetServerServiceNewFD() method
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virNetSocketNewListenFD
	  method

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Implement dispatch functions for lock protocol in virtlockd
	Introduce a lock_daemon_dispatch.c file which implements the
	server side dispatcher the RPC APIs previously defined in the
	lock protocol.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Define a wire protocol for talking to the virtlockd daemon
	The virtlockd daemon will be responsible for managing locks
	on virtual machines. Communication will be via the standard
	RPC infrastructure. This provides the XDR protocol definition

	* src/locking/lock_protocol.x: Wire protocol for virtlockd
	* src/Makefile.am: Include lock_protocol.[ch] in virtlockd

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Introduce basic infrastructure for virtlockd daemon
	The virtlockd daemon will maintain locks on behalf of libvirtd.
	There are two reasons for it to be separate

	 - Avoid risk of other libvirtd threads accidentally
	   releasing fcntl() locks by opening + closing a file
	   that is locked
	 - Ensure locks can be preserved across libvirtd restarts.
	   virtlockd will need to be able to re-exec itself while
	   maintaining locks. This is simpler to achieve if its
	   sole job is maintaining locks

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Refactor creation of lock manager plugins
	Refactor virLockManagerPluginNew() so that the caller does
	not need to pass in the config file path itself - just the
	config directory and driver name.

	Fix QEMU to actually pass in a config file when creating the
	default lock manager plugin, rather than NULL.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting when fetching SCSI/LVM keys
	The current  virStorageFileGet{LVM,SCSI}Key methods return
	the key as the return value. Unfortunately it is desirable
	for "NULL" to be a valid return value, as well as an error
	indicator. Thus the returned key must instead be provided
	as an out-parameter.

	When we invoke lvs or scsi_id to extract ID for block devices,
	we don't want virCommandWait logging errors messages. Thus we
	must explicitly check 'status != 0', rather than letting
	virCommandWait do it.

2012-12-13  Jim Fehlig  <jfehlig@suse.com>

	Support network boot for HVM guests in libxl
	The libxl driver ignored boot devices in the domain config,
	preventing PXE booting HVM domains.  This patch accounts for
	user-specified boot devices when building the libxl domain
	configuration.

2012-12-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing of QED file format
	The QED file format is non-versioned, so although the magic
	value matched, libvirt rejected it due to lack of a version
	number to compare against. We need to distinguish this case
	by allowing a value of '-2' to indicate a non-versioned file
	where only the magic is required to match

	Add lots of debugging to storage file probing code

	Log warning if storage magic matches, but version does not
	To help us detect when new storage file versions come into
	existance log a warning if the storage file magic matches,
	but the version does not

	Fix memory leak in QEMU QMP capabilities initialization
	The qemuCapsInitQMP method never frees the QEMU 'package'
	version string.

	Change virCgroupGetAppRoot stub on non-Linux to avoid unused param warning
	Fully stub out the virCgroupGetAppRoot method as done with other
	methods in the file, rather than just the body. This lets us
	annotate the unused parameter to avoid a warning

2012-12-12  Eric Blake  <eblake@redhat.com>

	network: match xml warning message
	I noticed that /var/lib/libvirt/dnsmasq/*.conf used the wrong word;
	it was intended to match the wording in src/util/xml.c.

	* src/network/bridge_driver.c (networkDnsmasqConfContents): Fix typo.
	* tests/networkxml2confdata/*.conf: Update accordingly.

2012-12-12  Roman Bogorodskiy  <bogorodskiy@gmail.com>

	Qemu FreeBSD: fix compilation
	* Autotools changes:
	  - Don't assume Qemu is Linux-only
	  - Check Linux headers only on Linux
	  - Disable firewalld on FreeBSD
	* Initctl:
	  Initctl seem to present only on Linux, so stub it on other platforms
	* Raw I/O: Linux-only as well
	* Headers cleanup

	Drop mntent.h include.
	It's no longer used and also causes build fail on FreeBSD.

2012-12-12  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	Fix make check with different object directory
	make check fails in check-symsorting if configure is not run in
	the source directory. Prefixing symfile names with $(srcdir)
	fixes this.

2012-12-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Improve error reporting from qemuDomainManagedSaveRemove
	Report an error if unlink of the managedsave file fails.

	qemu: Small code cleanups in the managedsave functions
	Save a few lines moving assignments into conditions and fix braces
	position.

	qemu: Refactor managed save functions to use domain lookup helpers

2012-12-12  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add a new domain lookup helper and improve the docs
	This patch adds a new domain lookup helper qemuDomObjFromDomainDriver
	that lookups the domain and leaves the driver locked. The driver is
	returned as the second argument of that function. If the lookup fails
	the driver is unlocked to help avoid cleanup codepaths.

	This patch also improves docs for the helpers.

2012-12-12  Peter Krempa  <pkrempa@redhat.com>

	util: Fix warning message in previous patch
	I didn't notice the extra "does" in the previous patch. Remove it.

	util: rework error reporting in virGet(User|Group)IDByName
	This patch gets rid of the undeterministic error reporting code done on
	return values of get(pw|gr)nam_r. With this patch, if the group record
	is not returned by the corresponding function this error is not
	considered fatal even if errno != 0. The error is logged in such case.

2012-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Refactor virDomainHostdevFind method
	Move the code for matching hostdev instances out of virDomainHostdevFind
	and into virDomainHostdevMatch method, which in turn calls out to other
	helper methods depending on the type of hostdev.

2012-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Slightly refactor hostdev parsing / formating
	Rename virDomainHostdevPartsParse to virDomainHostdevDefParseSubsys
	to reflect the fact that it only deals with hostdevs uing the
	traditional mode=subsystem, and not mode=capabilities

	Rename virDomainHostSourceFormat to virDomainHostdevDefFormatSubsys
	for the same reason.

2012-12-12  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus const return values in storage file APIs
	virStorageFileGetLVMKey and virStorageFileGetSCSIKey
	both return heap allocated strings, so the return value
	should not be marked const.

	Add missing export of virStorageFileGetLVMKey & virStorageFileGetSCSIKey

	Fix sorting of libvirt_private.syms and add syntax check rule
	Add check-symsorting.pl to perform case-insensitive alphabetical
	sorting of groups of symbols. Fix all violations it reports

2012-12-12  Cole Robinson  <crobinso@redhat.com>

	uml: Report error if inotify fails on driver startup

2012-12-12  Cole Robinson  <crobinso@redhat.com>

	tools: Only install guests init script if --with-init=script=redhat
	Most of this deals with moving the libvirt-guests.sh script which
	does all the work to /usr/libexec, so it can be shared by both
	systemd and traditional init. Previously systemd depended on
	the script being in /etc/init.d

	Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747

2012-12-11  Serge Hallyn  <serge.hallyn@ubuntu.com>

	add vnc unix sockets to apparmor policy
	When using vnc gaphics over a unix socket, virt-aa-helper needs to provide
	access for the qemu domain to access the sockfile.

	add security hook for permitting hugetlbfs access
	When a qemu domain is backed by huge pages, apparmor needs to grant the domain
	rw access to files under the hugetlbfs mount point.  Add a hook, called in
	qemu_process.c, which ends up adding the read-write access through
	virt-aa-helper.  Qemu will be creating a randomly named file under the
	mountpoint and unlinking it as soon as it has mmap()d it, therefore we
	cannot predict the full pathname, but for the same reason it is generally
	safe to provide access to $path/**.

2012-12-11  Eric Blake  <eblake@redhat.com>

	maint: mention when HACKING is rebuilt during make
	I noticed that on Fedora 18, xlstproc decides to regenerate
	HACKING with additional whitespace.  I haven't figured out why
	that is happening (although fixing it would probably be a task
	for xlstproc), but in the process of investigating, I noticed
	that 'make HACKING' was completely silent, for no good reason.

	* Makefile.am (gen-ChangeLog, gen-AUTHORS, NEWS)
	($(top_srcdir)/HACKING): Mention which files we are generating.

2012-12-11  Jiri Denemark  <jdenemar@redhat.com>

	docs: Document offline migration

2012-12-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: reuse qemuMigrationIsAllowed when doing save and managedsave
	Save and managedsave both use migration to file. This patch reuses
	qemuMigrationIsAllowed to check if the migration could happen before
	trying.

	qemu: snapshot: Report better error message if migration isn't allowed
	Qemu doesn't support migration on guests with host devices. This patch
	adds a check to ensure migration is safe before actually doing so.

	qemu: Make qemuMigrationIsAllowed more reusable
	This patch exports qemuMigrationIsAllowed and adds a new parameter to it
	to denote if it's a remote migration or a local migration. Local
	migrations are used in snapshots and saving of the machine state and
	have fewer restrictions. This patch also adjusts callers of the function
	and tweaks some error messages to be more universal.

2012-12-11  Ján Tomko  <jtomko@redhat.com>

	qemu: assume seccomp sandbox is supported since qemu 1.2
	Currently there is no way to detect it via QMP and requesting "-sandbox
	off" works correctly even if it was compiled out, so this will work
	unless someone both requests the sandbox in qemu.conf and builds QEMU
	without the support for it.

2012-12-11  Michal Privoznik  <mprivozn@redhat.com>

	domain: Keep assigned class_id in domstatus XML
	Interfaces keeps a class_id, which is an ID from which bridge
	part of QoS settings is derived. We need to store class_id
	in domain status file, so we can later pass it to
	virNetDevBandwidthUnplug.

	network: Create real network status files
	Currently, we are only keeping a inactive XML configuration
	in status dir. This is no longer enough as we need to keep
	this class_id attribute so we don't overwrite old entries
	when the daemon restarts. However, since there has already
	been release which has just <network/> as root element,
	and we want to keep things compatible, detect that loaded
	status file is older one, and don't scream about it.

	bandwidth: Create network bandwidth (un)plug functions
	Network should be notified if we plug in or unplug an
	interface, so it can perform some action, e.g. set/unset
	network part of QoS. However, we are doing this in very
	early stage, so iface->ifname isn't filled in yet. So
	whenever we want to report an error, we must use a different
	identifier, e.g. the MAC address.

	bandwidth: Create rate update function
	This will be used whenever a NIC with guaranteed throughput is to
	be plugged into a bridge. It will adjust the average throughput of
	non guaranteed NICs (classid 1:2) to meet new requirements.

	bandwidth: Create (un)plug functions
	These set bridge part of QoS when bringing domain's interface up.
	Long story short, if there's a 'floor' set, a new QoS class is created.
	ClassID MUST be unique within the bridge and should be kept for
	unplug phase.

	bandwidth: Create hierarchical shaping classes
	These classes can borrow unused bandwidth. Basically,
	only egress qdsics can have classes, therefore we can
	do this kind of traffic shaping only on host's outgoing,
	that is domain's incoming traffic.

2012-12-11  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: add new 'floor' attribute
	This is however supported only on domain interfaces with
	type='network'. Moreover, target network needs to have at least
	inbound QoS set. This is required by hierarchical traffic shaping.

	From now on, the required attribute for <inbound/> is either 'average'
	(old) or 'floor' (new). This new attribute can be used just for
	interfaces type of network (<interface type='network'/>) currently.

2012-12-11  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Attach sfq to leaf node
	Stochastic Fairness Queuing (SFQ) is queuing discipline
	(qdisc) which doesn't really shape any traffic but 'just'
	re-arrange packets in sending buffer so no stream starve.
	The goal is to ensure fairness. There is basically only one
	configuration parameter (perturb) which is set to advised
	value of 10.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: handle network adapters of type 'routed'
	Network adapters of type 'routed' is a special case. Other adapters
	have 'network' parameter in prlctl's output instead.

	Routed network adapters should be connected to 'routed' network
	from libvirt's view.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add routed pseudo network
	Historically if traffic from the adapter is routed to LAN without
	NAT, it isn't connected to any virtual networks, but has a 'type'
	instead. Sinse libvirt has special virtual network type for such case,
	let's add pseudo network 'routed' to fit libvirt's API well.

	parallels: parse virtual network properties
	Fill bridge name and mac for bridged network and
	DHCP server parameter for host-only network.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add network driver
	Parallels Cloud Server uses virtual networks model for network
	configuration. It uses own tools for virtual network management.
	So add network driver, which will be responsible for listing
	virtual networks and performing different operations on them
	(in consequent patched).

	This patch only allows listing virtual network names, without
	any parameters like DHCP server settings.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: move parallelsParseError to parallels_utils.h
	This macro will be used in another file in the next
	patch, so move it to common header file.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add support of network interfaces to parallelsDomainDefineXML
	Allow changing network interfaces in domain configuration.

	ifname is used as iterface identifier: if there is interface
	with some ifname in old config and there are no interfaces with
	such name in the new config - issue prlctl command to delete
	the network interface. And vice versa - if interface with
	some ifname exists only in new config - issue prlctl command
	to create it.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: parse information about network interfaces
	Parse network interfaces info from prlctl output.

	Parallels Cloud Server uses virtual networks model for
	network configuration: You can add network adapter to
	VM and connect it to some predefined virtual network.

	Fill type, mac, network name and linkstate fields of
	virDomainNetDef structure.

2012-12-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: snapshot: Remove memory image if external checkpoint fails
	When the disk snapshot part of an external system checkpoint fails the
	memory image is retained. This patch adds code to remove the image in
	such case.

	qemu: snapshot: Don't leak XML definition if restarting of CPUs fails
	In case the snapshot code isn't able to restart CPUs after an external
	checkpoint we would leak a copy of the domains XML definition. This
	patch fixes the cleanup path.

2012-12-11  Ján Tomko  <jtomko@redhat.com>

	qemu: fix uninitialized variable warning in doPeer2PeerMigrate
	False positive, but it breaks the build with gcc-4.6.3.

	qemu/qemu_migration.c:2931:37: error: 'offline' may be used
	uninitialized in this function [-Werror=uninitialized]
	qemu/qemu_migration.c:2887:10: note: 'offline' was declared here

2012-12-11  Jiri Denemark  <jdenemar@redhat.com>

	conf: Remove duplicate declaration of virNetworkDNSDefPtr

	examples: Fix balloon event callback

2012-12-11  Gene Czarcinski  <gene@czarc.net>

	network: put dnsmasq parameters in conf-file instead of command line
	This patch changes how parameters are passed to dnsmasq.  Instead of
	being on the command line, the parameters are put into a file (one
	parameter per line) and a commandline --conf-file= specifies the
	location of the file.  The file is located in the same directory as
	the leases file.

	Putting the dnsmasq parameters into a configuration file
	allows them to be examined and more easily understood than
	examining the command lines displayed by "ps ax".  This is
	especially true when a number of networks have been started.

	When the use of dnsmasq was originally done, the required command line
	was simple, but it has gotten more complicated over time and will
	likely become even more complicated in the future.

	Note: The test conf files have all been renamed .conf instead of
	.argv, and tests/networkxml2xmlargvdata was moved to
	tests/networkxml2xmlconfdata.

2012-12-11  Gene Czarcinski  <gene@czarc.net>

	network: add support for DHCPv6
	The DHCPv6 support includes IPV6 dhcp-range and dhcp-host for one
	IPv6 subnetwork on one interface.  This support will only work
	if dnsmasq version >= 2.64; otherwise an error occurs if
	dhcp-range or dhcp-host is specified for an IPv6 address.

	Essentially, this change provides the same DHCP support for IPv6
	that has been available for IPv4.

	With dnsmasq >= 2.64, support for the RA service is also now provided
	by dnsmasq (radvd is no longer used/started). (Although at least one
	version of dnsmasq prior to 2.64 "supported" IPv6 Router
	Advertisement, there were bugs (fixed in 2.64) that rendered it
	unusable.)

	Documentation and the network schema has been updated
	to reflect the new support.

2012-12-11  Laine Stump  <laine@laine.org>

	conf: split <forward> parser/clear into separate functions
	virNetworkDefUpdateForward requires separate functions to parse and
	clear a virNetworkForwardDef by itself, but they were previously just
	inlined in the virNetworkDef parse and free functions. This patch
	makes them into separate functions.

2012-12-11  Laine Stump  <laine@laine.org>

	conf: put data for network <forward> element into its own struct
	The attributes of a <network> element's <forward> element were
	previously stored directly in the virNetworkDef object, but
	virNetworkUpdateForward() needs to operate on a <forward> in
	isolation, so this patchs pulls out all those attributes into a
	separate virNetworkForwardDef struct (and shortens their names
	appropriately). This new object is contained in the virNetworkDef, not
	pointed to by it, so there is no extra memory management.

	This patch makes no functional changes, it only changes, e.g.,
	"nForwardIfs" to "forward.nifs".

2012-12-11  Laine Stump  <laine@laine.org>

	conf: make virNetworkIpDefClear consistent with other functions
	The other clear functions in network_conf.c that clear out arrays of
	sub-objects do so by using the n[itemname]s value as a counter going
	down to 0. Make this one consistent. There's no functional value, just
	makes the style more consistent with the rest of the file.

	conf: rename some labels and functions in network_conf
	This makes some function names and arg lists for consistent with other
	parse functions in network_conf.c. While modifying
	virNetworkIPParseXML(), also change its "error" label to "cleanup",
	since the code at that label is executed on success as well as
	failure.

2012-12-11  Laine Stump  <laine@laine.org>

	network: backend functions for updating network dns host/srv/txt
	These three functions are very similar - none allow a MODIFY
	operation; you can only add or delete.

	The biggest difference between them (other than the data itself) is in
	the criteria for determining a match, and whether or not multiple
	matches are possible:

	1) for HOST records, it's considered a match if the IP address or any
	of the hostnames of an existing record matches.

	2) for SRV records, it's a match if all of
	domain+service+protocol+target *which have been specified* are
	matched.

	3) for TXT records, there is only a single field to match - name
	(value can be the same for multiple records, and isn't considered a
	search term), so by definition there can be no ambiguous matches.

	In all three cases, if any matches are found, ADD will fail; if
	multiple matches are found, it means the search term was ambiguous,
	and a DELETE will fail.

	The upper level code in bridge_driver.c is already implemented for
	these functions - appropriate conf files will be re-written, and
	dnsmasq will be SIGHUPed or restarted as appropriate.

2012-12-11  Laine Stump  <laine@laine.org>

	conf: clear and parse functions for dns host/srv/txt records
	Since there is only a single virNetworkDNSDef for any virNetworkDef,
	and it's trivial to determine whether or not it contains any real
	data, it's much simpler (and fits more uniformly with the parse
	function calling sequence of the parsers for many other objects that
	are subordinates of virNetworkDef) if virNetworkDef *contains* an
	virNetworkDNSDef rather than pointing to one.

	Since it is now just a part of another object rather than its own
	object, it no longer makes sense to have a *Free() function, so that
	is changed to a *Clear() function.

	More importantly though, ParseXML and Clear functions are needed for
	the individual items contained in a virNetworkDNSDef (srv, txt, and
	host records), but none of them have a *Clear(), and only two of the
	three had *ParseXML() functions (both of which used a non-uniform
	arglist). Those problems are cleared up by this patch - it splits the
	higher-level Clear function into separate functions for each of the
	three, creates a parse for txt records, and cleans up the srv and host
	parsers, so we now have all the utility functions necessary to
	implement virNetworkDefUpdateDNS(Host|Srv|Txt).

2012-12-11  Laine Stump  <laine@laine.org>

	conf: rename network dns host/srv/txt arrays
	This shortens the name of the structs for srv and txt, and their
	instances in virNetworkDNSDef, to be more compact and uniform with the
	naming of the dns host array. It also changes the type of ntxts, etc
	from unsigned int to size_t, so that they can be used directly as args
	to VIR_*_ELEMENT.

	conf: use VIR_(INSERT|DELETE)_ELEMENT in virNetworkUpdate backend
	The already-written backend functions for virNetworkUpdate that add
	and delete items into lists within the a network were already debugged
	to work properly, but future such functions will use
	VIR_(INSERT|DELETE)_ELEMENT instead, so these are changed for
	uniformity.

2012-12-11  Laine Stump  <laine@laine.org>

	util: add VIR_(APPEND|INSERT|DELETE)_ELEMENT
	I noticed when writing the backend functions for virNetworkUpdate that
	I was repeating the same sequence of memmove, VIR_REALLOC, nXXX-- (and
	messed up the args to memmove at least once), and had seen the same
	sequence in a lot of other places, so I decided to write a few
	utility functions/macros - see the .h file for full documentation.

	The intent is to reduce the number of lines of code, but more
	importantly to eliminate the need to check the element size and
	element count arithmetic every time we need to do this (I *always*
	make at least one mistake.)

	VIR_INSERT_ELEMENT: insert one element at an arbitrary index within an
	  array of objects. The size of each object is determined
	  automatically by the macro using sizeof(*array). The new element's
	  contents are copied into the inserted space, then the original copy
	  of contents are 0'ed out (if everything else was
	  successful). Compile-time assignment and size compatibility between
	  the array and the new element is guaranteed (see explanation below
	  [*])

	VIR_INSERT_ELEMENT_COPY: identical to VIR_INSERT_ELEMENT, except that
	  the original contents of newelem are not cleared to 0 (i.e. a copy
	  is made).

	VIR_APPEND_ELEMENT: This is just a special case of VIR_INSERT_ELEMENT
	  that "inserts" one past the current last element.

	VIR_APPEND_ELEMENT_COPY: identical to VIR_APPEND_ELEMENT, except that
	  the original contents of newelem are not cleared to 0 (i.e. a copy
	  is made).

	VIR_DELETE_ELEMENT: delete one element at an arbitrary index within an
	  array of objects. It's assumed that the element being deleted is
	  already saved elsewhere (or cleared, if that's what is appropriate).

	All five of these macros have an _INPLACE variant, which skips the
	memory re-allocation of the array, assuming that the caller has
	already done it (when inserting) or will do it later (when deleting).

	Note that VIR_DELETE_ELEMENT* can return a failure, but only if an
	invalid index is given (index + amount to delete is > current array
	size), so in most cases you can safely ignore the return (that's why
	the helper function virDeleteElementsN isn't declared with
	ATTRIBUTE_RETURN_CHECK). A warning is logged if this ever happens,
	since it is surely a coding error.

	[*] One initial problem with the INSERT and APPEND macros was that,
	due to both the array pointer and newelem pointer being cast to void*
	when passing to virInsertElementsN(), any chance of type-checking was
	lost. If we were going to move in newelem with a memmove anyway, we
	would be no worse off for this. However, most current open-coded
	insert/append operations use direct struct assignment to move the new
	element into place (or just populate the new element directly) - thus
	use of the new macros would open a possibility for new usage errors
	that didn't exist before (e.g. accidentally sending &newelemptr rather
	than newelemptr - I actually did this quite a lot in my test
	conversions of existing code).

	But thanks to Eric Blake's clever thinking, I was able to modify the
	INSERT and APPEND macros so that they *do* check for both assignment
	and size compatibility of *ptr (an element in the array) and newelem
	(the element being copied into the new position of the array). This is
	done via clever use of the C89-guaranteed fact that the sizeof()
	operator must have *no* side effects (so an assignment inside sizeof()
	is checked for validity, but not actually evaluated), and the fact
	that virInsertElementsN has a "# of new elements" argument that we
	want to always be 1.

2012-12-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Restart CPUs with valid async job type when doing external snapshots
	When restarting CPUs after an external snapshot, the restarting function
	was called without the appropriate async job type. This caused that a
	new sync job wasn't created and allowed races in the monitor.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add support of removing disks
	If some hard disk is not found in new domain configuration, it
	should be removed.

	parallels: apply config after VM creation
	New VM will have default values for all parameters, like
	cpu number, we have to change its configuration as provided
	by xml definition, given to parallelsDomainDefineXML.

	parallels: add support of disks creation
	Implement creation of new disks - if a new disk found
	in configuration, find a volume by disk path and
	actually create a disk image by issuing prlctl command.
	If it's successfully finished - remove the file with volume
	definition.

	parallels: add function parallelsGetDiskBusName
	Add function for convertion bus from libvirt's numeric constant
	to a name, used in a parallels command-line tools.

	parallels: split parallelsStorageVolumeDelete function
	Move part, which deletes existing volume, to a new function
	parallelsStorageVolumeDefRemove so that we can use it later
	in parallels_driver.c

	parallels: fill volumes capacity parameter
	Read disk images size from xml description and fill
	virStorageVolDef.capacity and allocation (let's consider
	that allocation is the same as capacity, calculating real
	allcoation will be implemented later).

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add info about volumes
	Disk images in Parallels Cloud Server stored in directories. Each
	one has files with data and xml description of an image stored in
	file DiskDescriptior.xml.

	Since we have to support 'detached' images, which are not used by
	any VM, the better way to collect info about volumes is searching for
	directories with a file DiskDescriptior.xml in each VM directory.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix leaks in parallelsFindVolumes
	We always have to close opened dir and free 'path'.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: create storage pools by VM list
	There are no storage pools in Parallels Cloud Server -
	All VM data stored in a single directory: config, snapshots,
	memory dump together with disk images.

	Let's look through list of VMs and create a storage pool for
	each directory, containing VMs.

	So if you have 3 vms: /var/parallels/vm-1.pvm,
	/var/parallels/vm-2.pvm and /root/test.pvm - 2 storage pools
	appear: -var-parallels and -root. xml descriptions of the pools
	will be saved in /etc/libvirt/parallels-storage, so UUIDs will
	not change netween connections to libvirt.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: remove unused code from storage driver
	We don't support unprivileged users anymore, so remove code, which
	selects configuration directory depending on user.

	parallels: split parallelsStorageOpen function
	Move code for loading inforation about pools to a separate
	function - parallelsLoadPools.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: handle disk devices in parallelsDomainDefineXML
	Allow changing some parameters of the hard disks: bus,
	image and drive address.

	Creating new disk devices and removing existing ones
	require changes in the storage driver, so it will be
	implemented later.

2012-12-11  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add info about hard disk devices
	Parse information about hard disks and fill disks array
	in virDomainDef structure.

2012-12-10  liguang  <lig.fnst@cn.fujitsu.com>

	Add support for offline migration
	Offline migration transfers inactive definition of a domain (which may
	or may not be active). After successful completion, the domain remains
	in its current state on source host and is defined but inactive on
	destination host. It's a bit more clever than virDomainGetXMLDesc() on
	source host followed by virDomainDefineXML() on destination host, as
	offline migration will run pre-migration hook to update the domain XML
	on destination host. Currently, copying non-shared storage is not
	supported during offline migration.

	Offline migration can be requested with a new migration flag called
	VIR_MIGRATE_OFFLINE (which has to be combined with
	VIR_MIGRATE_PERSIST_DEST flag).

2012-12-10  Laine Stump  <laine@laine.org>

	qemu: eliminate bogus error log when changing netdev's bridge
	This fixes a problem that showed up during testing of:

	  https://bugzilla.redhat.com/show_bug.cgi?id=881480

	Due to a logic error in the function that gets the name of the bridge
	an interface connects to, any time a bridge was specified directly
	(type='bridge') rather than indirectly (type='network'), An error
	would be logged (although the operation would then complete
	successfully):

	   Network type 6 is not supported

	The final virReportError() in the function
	qemuDomainNetGetBridgeName() was apparently avoided in the past with a
	"goto cleanup" at the end of each case, but the case of bridge somehow
	no longer has that final goto cleanup.

	The proper solution is anyway to not rely on goto's, but put the error
	log inside an else {} clause, so that it's executed only if the type
	is neither bridge nor network (in reality, this function should only
	ever be called for those two types, that's why this is an internal
	error).

	While making this change, the error message was also tuned to be more
	correct (since it's not really the type of the network, but the type
	of the interface, and it *is* otherwise supported, it's just that the
	interface type in question doesn't *have* a bridge device associated
	with it, or at least we don't know how to get it).

2012-12-10  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Assign default model "virtio" for network interfaces
	If a network interface model is not specified, libvirt will run
	into an unchecked NULL pointer coredump. On the other hand if
	the empty model is ignored, a PCI bus address would be generated,
	which is not supported by S390.
	Since the only valid network type model for S390 is virtio,
	we use this as the default value, which is the same for QEMU.

2012-12-10  Michal Privoznik  <mprivozn@redhat.com>

	Revert "dnsmasq: Fix parsing of the version number"
	This reverts commit 5114431396fd125b6ebe4d1a20a981111f948ee7
	which was pushed accidentally.

2012-12-07  Cole Robinson  <crobinso@redhat.com>

	qemu: capabilities: fix machine name/canonical swappage
	Things are supposed to look like:

	<machine canonical='pc-0.12'>pc</machine>

	But are currently swapped. This can cause many VMs to revert to having
	machine type='pc' which will affect save/restore across qemu upgrades.

2012-12-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix usage of header termios.h
	The termios struct exported by the termios.h header is used as an
	argument for vshMakeStdinRaw(). The header isn't used anywhere in
	tools/virsh-domain.c.

	This patch adds the header to the header declaring vshMakeStdinRaw() and
	removes other places in virsh.

2012-12-07  Ján Tomko  <jtomko@redhat.com>

	virsh: allow metadata preallocation when creating volumes
	Add --prealloc-metadata flag to these commands:
	vol-clone
	vol-create
	vol-create-as
	vol-create-from

	storage: allow metadata preallocation when creating qcow2 images
	Add VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA flag to virStorageVolCreateXML
	and virStorageVolCreateXMLFrom. This flag requests metadata
	preallocation when creating/cloning qcow2 images, resulting in creating
	a sparse file with qcow2 metadata. It has only slightly larger disk usage
	compared to new image with no allocation, but offers higher performance.

2012-12-07  Osier Yang  <jyang@redhat.com>

	qemu: Allow the user to specify vendor and product for disk
	QEMU supports setting vendor and product strings for disk since
	1.2.0 (only scsi-disk, scsi-hd, scsi-cd support it), this patch
	exposes it with new XML elements <vendor> and <product> of disk
	device.

2012-12-07  Jim Fehlig  <jfehlig@suse.com>

	Convert libxl driver to Xen 4.2
	Based on a patch originally authored by Daniel De Graaf

	  http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html

	This patch converts the Xen libxl driver to support only Xen >= 4.2.
	Support for Xen 4.1 libxl is dropped since that version of libxl is
	designated 'technology preview' only and is incompatible with Xen 4.2
	libxl.  Additionally, the default toolstack in Xen 4.1 is still xend,
	for which libvirt has a stable, functional driver.

2012-12-06  Guido Günther  <agx@sigxcpu.org>

	Inhibit daemon shutdown during driver initialization
	As of 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9 qemu capabilities probing
	takes longer since we timeout waiting for the monitor socket. When
	probing qemu for different architectures this can add up so the daemon
	auto shutdown timeout is reached and the client doesn't have a chance
	to connect. To avoid that inhibit daemon shutdown during driver
	initialization (which includes capabilities probing).

	This fixes

		http://honk.sigxcpu.org:8001/job/libvirt-tck-debian-wheezy-qemu-session/227/

2012-12-06  Christophe Fergeau  <cfergeau@redhat.com>

	util: Don't fail virGetGroupIDByName when group not found
	virGetGroupIDByName is documented as returning 1 if the groupname
	cannot be found. getgrnam_r is documented as returning:
	« 0 or ENOENT or ESRCH or EBADF or EPERM or ...  The given name
	or gid was not found. »
	 and that:
	« The formulation given above under "RETURN VALUE" is from POSIX.1-2001.
	It  does  not  call  "not  found"  an error, hence does not specify what
	value errno might have in this situation.  But that makes it impossible to
	recognize errors.  One might argue that according to POSIX errno should be
	left unchanged if an entry is not found.  Experiments on various UNIX-like
	systems shows that lots of different values occur in this situation: 0,
	ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. »

	virGetGroupIDByName returns an error when the return value of getgrnam_r
	is non-0. However on my RHEL system, getgrnam_r returns ENOENT when the
	requested user cannot be found, which then causes virGetGroupID not
	to behave as documented (it returns an error instead of falling back
	to parsing the passed-in value as an gid).

	This commit makes virGetGroupIDByName only report an error when errno
	is set to one of the values in the posix description of getgrnam_r
	(which are the same as the ones described in the manpage on my system).

2012-12-06  Christophe Fergeau  <cfergeau@redhat.com>

	util: Don't fail virGetUserIDByName when user not found
	virGetUserIDByName is documented as returning 1 if the username
	cannot be found. getpwnam_r is documented as returning:
	« 0 or ENOENT or ESRCH or EBADF or EPERM or ...  The given name
	or uid was not found. »
	 and that:
	« The formulation given above under "RETURN VALUE" is from POSIX.1-2001.
	It  does  not  call  "not  found"  an error, hence does not specify what
	value errno might have in this situation.  But that makes it impossible to
	recognize errors.  One might argue that according to POSIX errno should be
	left unchanged if an entry is not found.  Experiments on various UNIX-like
	systems shows that lots of different values occur in this situation: 0,
	ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. »

	virGetUserIDByName returns an error when the return value of getpwnam_r
	is non-0. However on my RHEL system, getpwnam_r returns ENOENT when the
	requested user cannot be found, which then causes virGetUserID not
	to behave as documented (it returns an error instead of falling back
	to parsing the passed-in value as an uid).

	This commit makes virGetUserIDByName only report an error when errno
	is set to one of the values in the posix description of getpwnam_r
	(which are the same as the ones described in the manpage on my system).

2012-12-06  Michal Privoznik  <mprivozn@redhat.com>

	dnsmasq: Fix parsing of the version number
	If debugging is enabled, the debug messages are sent to stderr.
	Moreover, if a command has catching of stderr set, the messages
	gets mixed with stdout output (assuming both outputs are stored
	in the same variable). The resulting string then doesn't
	necessarily have to start with desired prefix then. This bug
	exposes itself when parsing dnsmasq output:

	2012-12-06 11:18:11.445+0000: 18491: error :
	dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
	/usr/sbin/dnsmasq version number in '2012-12-06
	11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22'

	We can clearly see that the output of dnsmasq --version doesn't
	start with expected "Dnsmasq version " string but a libvirt debug
	output.

2012-12-06  Michal Privoznik  <mprivozn@redhat.com>

	dnsmasq: Fix parsing of the version number
	If the debugging is enabled, the virCommand subsystem catches debug
	messages in the command output as well. In that case, we can't assume
	the string corresponding to command's stdout will start with specific
	prefix. But the prefix can be moved deeper in the string. This bug
	shows itself when parsing dnsmasq output:

	2012-12-06 11:18:11.445+0000: 18491: error :
	dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
	/usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000:
	18492: debug : virFileClose:72 : Closed fd 22'

	We can clearly see that the output of dnsmasq --version
	doesn't start with expected "Dnsmasq version " string but a libvirt
	debug output.

2012-12-06  Laine Stump  <laine@laine.org>

	network: prevent a few invalid configuration combinations
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=767057

	It was possible to define a network with <forward mode='bridge'> that
	had both a bridge device and a forward device defined. These two are
	mutually exclusive by definition (if you are using a bridge device,
	then this is a host bridge, and if you have a forward dev defined,
	this is using macvtap). It was also possible to put <ip>, <dns>, and
	<domain> elements in this definition, although those aren't supported
	by the current driver (although it's conceivable that some other
	driver might support that).

	The items that are invalid by definition, are now checked in the XML
	parser (since they will definitely *always* be wrong), and the others
	are checked in networkValidate() in the network driver (since, as
	mentioned, it's possible that some other network driver, or even this
	one, could some day support setting those).

2012-12-05  Gene Czarcinski  <gene@czarc.net>

	network: allow guest to guest IPv6 without gateway definition
	This patch adds the capability for virtual guests to do IPv6
	communication via a virtual network interface with no IPv6 (gateway)
	addresses specified.  This capability has always been enabled by
	default for IPv4, but disabled for IPv6 for security concerns, and
	because it requires the ip6tables command to be operational (which
	isn't the case on a system with the ipv6 module completely disabled).

	This patch adds a new attribute "ipv6" at the toplevel of a <network>
	object.  If ipv6='yes', the extra ip6tables rules required to permite
	inter-guest communications are added when the network is started. If
	it is 'no', or not present, those rules will not be added; thus the
	default behavior doesn't change, so there should be no compatibility
	issues with any existing installations.

	Note that virtual guests cannot communication with the virtualization
	host via this interface, because the following kernel tunable has
	been set:

	   net.ipv6.conf.<bridge_interface_name>.disable_ipv6 = 1

	This assures that the bridge interface will not have an IPv6
	link-local (fe80::) address.

	To control this behavior so that it is not enabled by default, the parameter
	ipv6='yes' on the <network> statement has been added.

	Documentation related to this patch has been updated.
	The network schema has also been updated.

2012-12-05  Osier Yang  <jyang@redhat.com>

	storage: Error out earlier if the volume target path already exists
	https://bugzilla.redhat.com/show_bug.cgi?id=832302

	It's odd to fall through to buildVol, and the existed file is
	removed when buildVol fails. This checks if the volume target
	path already exists in createVol. The reason for not using
	error like "Volume already exists" is that there isn't volume
	maintained by libvirt for the path until a operation like
	pool-refresh, using error like that will just cause confusion.

2012-12-05  Daniel P. Berrange  <berrange@redhat.com>

	remote: Avoid the thread race condition
	https://bugzilla.redhat.com/show_bug.cgi?id=866524

	Since the virConnect object is not locked wholely when doing
	virConenctDispose, a thread can get the lock and thus might
	cause the race.

	Detected by valgrind:

	==23687== Invalid read of size 4
	==23687==    at 0x38BAA091EC: pthread_mutex_lock (pthread_mutex_lock.c:61)
	==23687==    by 0x3FBA919E36: remoteClientCloseFunc (remote_driver.c:337)
	==23687==    by 0x3FBA936BF2: virNetClientCloseLocked (virnetclient.c:688)
	==23687==    by 0x3FBA9390D8: virNetClientIncomingEvent (virnetclient.c:1859)
	==23687==    by 0x3FBA851AAE: virEventPollRunOnce (event_poll.c:485)
	==23687==    by 0x3FBA850846: virEventRunDefaultImpl (event.c:247)
	==23687==    by 0x40CD61: vshEventLoop (virsh.c:2128)
	==23687==    by 0x3FBA8626F8: virThreadHelper (threads-pthread.c:161)
	==23687==    by 0x38BAA077F0: start_thread (pthread_create.c:301)
	==23687==    by 0x33F68E570C: clone (clone.S:115)
	==23687==  Address 0x4ca94e0 is 144 bytes inside a block of size 312 free'd
	==23687==    at 0x4A0595D: free (vg_replace_malloc.c:366)
	==23687==    by 0x3FBA8588B8: virFree (memory.c:309)
	==23687==    by 0x3FBA86AAFC: virObjectUnref (virobject.c:145)
	==23687==    by 0x3FBA8EA767: virConnectClose (libvirt.c:1458)
	==23687==    by 0x40C8B8: vshDeinit (virsh.c:2584)
	==23687==    by 0x41071E: main (virsh.c:3022)

	The above race is caused by the eventLoop thread tries to handle
	the net client event by calling the callback set by:
	    virNetClientSetCloseCallback(priv->client,
	                                 remoteClientCloseFunc,
	                                 conn, NULL);

	I.E. remoteClientCloseFunc, which lock/unlock the virConnect object.

	This patch is to fix the bug by setting the callback to NULL when
	doRemoteClose.

2012-12-05  Peter Krempa  <pkrempa@redhat.com>

	pci: Fix building of 32bit PCI command array
	The pciWrite32 function assembled the array of data to be written to the
	fd with a bad offset on the last byte. This issue was probably caused by
	a typo (14, 24).

2012-12-05  Jiri Denemark  <jdenemar@redhat.com>

	util: Do not keep PCI device config file open
	Directly open and close PCI config file in the APIs that need it rather
	than keeping the file open for the whole life of PCI device structure.

	qemu: Fix memory (and FD) leak on PCI device detach
	Unmanaged PCI devices were only leaked if pciDeviceListAdd failed but
	managed devices were always leaked. And leaking PCI device is likely to
	leave PCI config file descriptor open. This patch fixes
	qemuReattachPciDevice to either free the PCI device or add it to the
	inactivePciHostdevs list.

	util: Slightly refactor PCI list functions
	In order to be able to steal PCI device by its index in the list.

	qemu: Don't free PCI device if adding it to activePciHostdevs fails
	The device is still referenced from pcidevs and freeing it would leave
	an invalid pointer there.

2012-12-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix error code when attaching existing device
	An attempt to attach device that is already attached to a domain results
	in the following error:

	virsh # attach-device rhel6 pci2 --persistent
	error: Failed to attach device from pci2
	error: invalid argument: device is already in the domain configuration

	The "invalid argument" error code looks wrong, we usually use "operation
	invalid" when the action cannot be done in current state.

2012-12-05  Eric Blake  <eblake@redhat.com>

	spec: require dbus-daemon when using libvirtd in Fedora
	https://bugzilla.redhat.com/show_bug.cgi?id=830201

	In older Fedora, the spec file for libivrt depended on avahi, which
	included avahi-daemon, which in turn depended on dbus.  But now that
	avahi libs and avahi-daemon are (correctly) in separate pacakges,
	and since we REALLY don't want a mandatory dependency on avahi-daemon,
	and considering that our init scripts require the messagebus service
	from dbus, we need to explicitly require dbus ourselves.

	* libvirt.spec.in (Requires): Add dbus for libvirt-daemon.

2012-12-05  Eric Blake  <eblake@redhat.com>

	systemd: require dbus service
	https://bugzilla.redhat.com/show_bug.cgi?id=830201

	The initscript and upstart services depend on dbus starting
	before libvirtd.  When we first wrote the systemd script, we
	tried to do the same, but we depended on dbus.target (which
	does not exist) in comparison to network.target (which does
	exist), so we removed that in commit 4c7973e.  But we still
	need dbus up and running first, especially now that we want
	to support shutdown inhibition via dbus (whereas we originally
	needed dbus only for firewall control).

	http://www.freedesktop.org/software/systemd/man/systemd.target.html
	explains how a target (such as network.target) is just a collection
	of common services bundled together, and why we want network.target
	but dbus.service.

	* daemon/libvirtd.service.in (Unit): Depend on dbus starting
	first.

2012-12-05  Osier Yang  <jyang@redhat.com>

	qemu: Simplify the code
	"disk" is initialized to "dev->data.disk" in the beginning of the
	function.

	storage: Remove the redundant white lines
	Pushed under trivial rule.

2012-12-04  Eric Blake  <eblake@redhat.com>

	qemu: improve error for failed JSON commands
	Only one error in qemu_monitor was already using the relatively
	new OPERATION_UNSUPPORTED error, even though it is a better fit
	for all of the messages related to options that are unsupported
	due to the version of qemu in use rather than due to a user's
	XML or .conf file choice.  Suggested by Osier Yang.

	* src/qemu/qemu_monitor.c (qemuMonitorSendFileHandle)
	(qemuMonitorAddHostNetwork, qemuMonitorRemoveHostNetwork)
	(qemuMonitorAttachDrive, qemuMonitorDiskSnapshot)
	(qemuMonitorDriveMirror, qemuMonitorTransaction)
	(qemuMonitorBlockCommit, qemuMonitorDrivePivot)
	(qemuMonitorBlockJob, qemuMonitorSystemWakeup)
	(qemuMonitorGetVersion, qemuMonitorGetMachines)
	(qemuMonitorGetCPUDefinitions, qemuMonitorGetCommands)
	(qemuMonitorGetEvents, qemuMonitorGetKVMState)
	(qemuMonitorGetObjectTypes, qemuMonitorGetObjectProps)
	(qemuMonitorGetTargetArch): Use better error category.

2012-12-04  Eric Blake  <eblake@redhat.com>

	qemu: nicer error message if live disk snapshot unsupported
	Without this patch, attempts to create a disk snapshot when qemu
	is too old results in a cryptic message:

	virsh # snapshot-create 23 --disk-only
	error: operation failed: Failed to take snapshot: unknown command: 'snapshot_blkdev'

	Now it reports:

	virsh # snapshot-create 23 --disk-only
	error: unsupported configuration: live disk snapshot not supported with this QEMU binary

	All versions of qemu that support live disk snapshot also support
	QMP (basically upstream qemu 1.1 and later, and backports to RHEL 6.2).

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_DISK_SNAPSHOT): New
	capability.
	* src/qemu/qemu_capabilities.c (qemuCaps): Track it.
	(qemuCapsProbeQMPCommands): Set it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive): Use
	it.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): Simplify.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Delete.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Likewise.

2012-12-04  Eric Blake  <eblake@redhat.com>

	rpc: fix build failure with older dbus
	RHEL 6.3 uses dbus-devel-1.2.24, which lacked support for the
	DBUS_TYPE_UNIX_FD define (contrast with Fedora 18 using 1.6.8).
	But since it is an older dbus, it also lacks support for shutdown
	inhibitions as provided by newer systemd.

	Compilation failure introduced in commit 31330926.

	* src/rpc/virnetserver.c (virNetServerAddShutdownInhibition):
	Compile out if dbus is too old.

2012-12-04  Jim Fehlig  <jfehlig@suse.com>

	Fix memory leak introduced by commit 501bfad1
	501bfad1 missed freeing priv->saveDir when opening the Xen unified
	driver failed.

2012-12-04  Bamvor Jian Zhang  <bjzhang@suse.com>

	implement managedsave in libvirt xen legacy driver
	Implement the domainManagedSave, domainHasManagedSaveImage, and
	domainManagedSaveRemove functions in the libvirt legacy xen driver.

	domainHasManagedSaveImage check the managedsave image from filesystem
	everytime. This is different from qemu and libxl driver. In qemu or
	libxl driver, there is a hasManagesSave flag in virDomainObjPtr which
	is not used in xen legacy driver. This flag could not add into xen
	driver ptr either, because the driver ptr will be released at the end of
	every libvirt api call. Meanwhile, AFAIK, xen store all the flags in
	xen not in libvirt xen driver. There is no need to add this flag in xen.

2012-12-04  Osier Yang  <jyang@redhat.com>

	Fix the indention
	Introduced by commit 1465876a, pushed under build-breaker &&
	trivial rule.

	Do not export symbol virStateActive anymore
	Commit 79b8a56995 removes virStateActive, however it forgot to
	remove the symbol together. Pushed under build-breaker rule.

2012-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Bind connection close callback APIs to python binding
	Add code in the python binding to cope with the new APIs
	virConnectRegisterCloseCallback and
	virConnectUnregisterCloseCallback. Also demonstrate their
	use in the python domain events demo

2012-12-04  Alexander Larsson  <alexl@redhat.com>

	Shut down session libvirtd cleanly on host shutdown/user logout
	When the session dies or when the system is going to be shut down
	we issue a virStateStop() call to instruct drivers to prepare to
	be stopped. This will remove any previously acquire inhibitions.

2012-12-04  Daniel P. Berrange  <berrange@redhat.com>

	Inhibit desktop shutdown while any virtual machines are running
	Use the freedesktop inhibition DBus service to prevent host
	shutdown or session logout while any VMs are running.

	Replace polling for active VMs with signalling by drivers
	Currently to deal with auto-shutdown libvirtd must periodically
	poll all stateful drivers. Thus sucks because it requires
	acquiring both the driver lock and locks on every single virtual
	machine. Instead pass in a "inhibit" callback to virStateInitialize
	which drivers can invoke whenever they want to inhibit shutdown
	due to existance of active VMs.

	Only let VM drivers block libvirtd timed shutdown
	The only important state that should prevent libvirtd shutdown
	is from running VMs. Networks, host devices, network filters
	and storage pools are all long lived resources that have no
	significant in-memory state. They should not block shutdown.

	Make QEMU perform managed save of all VMs on stop of libvirtd
	When the virStateStop() method is invoked, perform a managed
	save of all VMs currently running

2012-12-03  Eric Blake  <eblake@redhat.com>

	build: fix incremental autogen.sh when no AUTHORS is present
	Commit 71d1256 tried to fix a problem where rebasing an old
	branch on top of newer libvirt.git resulted in automake failing
	because of a missing AUTHORS file.  However, while the fix
	worked for an incremental 'make', it did not work for someone
	that directly reran './autogen.sh'.  Reported by Laine Stump.

	* autogen.sh (autoreconf): Check for same conditions as cfg.mk.
	* cfg.mk (_update_required): Add comments.

2012-12-03  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Add iSCSI backend storage driver for ESX
	The patch adds the backend driver to support iSCSI format storage pools
	and volumes for ESX host. The mapping of ESX iSCSI specifics to Libvirt
	is as follows:

	1. ESX static iSCSI target <------> Libvirt Storage Pools
	2. ESX iSCSI LUNs          <------> Libvirt Storage Volumes.

	The above understanding is based on http://libvirt.org/storage.html.

	The operation supported on iSCSI pools includes:

	1. List storage pools & volumes.
	2. Get XML descriptor operaion on pools & volumes.
	3. Lookup operation on pools & volumes by name, UUID and path (if applicable).

	iSCSI pools does not support operations such as: Create / remove pools
	and volumes.

2012-12-03  Laine Stump  <laine@laine.org>

	qemu: support live update of an interface's filter
	Since we can't (currently) rely on the ability to provide blanket
	support for all possible network changes by calling the toplevel
	netdev hostside disconnect/connect functions (due to qemu only
	supporting a lockstep between initialization of host side and guest
	side of devices), in order to support live change of an interface's
	nwfilter we need to make a special purpose function to only call the
	nwfilter teardown and setup functions if the filter for an interface
	(or its parameters) changes. The pattern is nearly identical to that
	used to change the bridge that an interface is connected to.

	This patch was inspired by a request from Guido Winkelmann
	<guido@sagersystems.de>, who tested an earlier version.

2012-12-03  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: utility function virNWFilterVarValueEqual
	To detect if an interface's nwfilter has changed, we need to also
	compare the filterparams, which is a hashtable of virNWFilterVarValue.
	virHashEqual can do this nicely, but requires a pointer to a function
	that will compare two of the items being stored in the hashes.

2012-12-03  Laine Stump  <laine@laine.org>

	conf: fix virDomainNetGetActualDirect*() and BridgeName()
	This resolves:

	   https://bugzilla.redhat.com/show_bug.cgi?id=881480

	These three functions:

	  virDomainNetGetActualBridgeName
	  virDomainNetGetActualDirectDev
	  virDomainNetGetActualDirectMode

	return attributes that are in a union whose contents are interpreted
	differently depending on the actual->type and so they should only
	return non-0 when actual->type is 'bridge' (in the first case) or
	'direct' (in the other two cases, but I had neglected to do that, so
	...DirectDev() was returning bridge.brname (which happens to share the
	same spot in the union with direct.linkdev) if actual->type was
	'bridge', and ...BridgeName was returning direct.linkdev when
	actual->type was 'direct'.

	How does this involve Bug 881480 (which was about the inability to
	switch between two networks that both have "<forward mode='bridge'/>
	<bridge name='xxx'/>"? Whenever the return value of
	virDomainNetGetActualDirectDev() for the new and old network
	definitions doesn't match, qemuDomainChangeNet() requires a "complete
	reconnect" of the device, which qemu currently doesn't
	support. ...DirectDev() *should* have been returning NULL for old and
	new, but was instead returning the old and new bridge names, which
	differ.

	(The other two functions weren't causing any behavioral problems in
	virDomainChangeNet(), but their problem and fix was identical, so I
	included them in this same patch).

2012-12-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: Report errors if arguments of the schedinfo command are incorrect
	Libvirt's helper API's when called directly don't raise the error so
	that virsh remembers it. Subsequent calls to libvirt API's might reset
	the error.

	In case of schedinfo virDomainFree() in the cleanup section resets the
	error when virTypedParameterAssignFromStr() fails.

	This patch adds function vshSaveLibvirtError() that can be called after
	calling libvirt helper APIs to ensure the error is remembered.

2012-12-03  Peter Krempa  <pkrempa@redhat.com>

	maint: Misc whitespace cleanups

2012-12-03  Ján Tomko  <jtomko@redhat.com>

	conf: prevent crash with no uuid in cephx auth secret
	Fix the null pointer access when UUID is not specified.
	Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
	if uuid was specified or not and use it instead of the pointless
	comparison of the static UUID array to NULL.
	Add an error message if both uuid and usage are specified.

	Fixes:
	Error: FORWARD_NULL (CWE-476):
	libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
	    null pointer "uuid" to function "virUUIDParse(char const *, unsigned
	    char *)", which dereferences it. (The dereference is assumed on the
	    basis of the 'nonnull' parameter attribute.)
	Error: NO_EFFECT (CWE-398):
	    libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
	    array to null is not useful: "src->auth.cephx.secret.uuid != NULL".

2012-12-03  Osier Yang  <jyang@redhat.com>

	Fix the coding style
	Fix the "if ... else" coding style, and indentions problem.

	Fix indentions

2012-11-30  Eric Blake  <eblake@redhat.com>

	virsh: don't crash if shutdown --mode not provided
	virStringSplit requires a non-NULL input, but commit cef78ed forgot
	to follow the rule.

	* tools/virsh-domain.c (cmdReboot, cmdShutdown): Avoid NULL deref.

2012-11-30  Eric Blake  <eblake@redhat.com>

	logging: more API needing to log flags
	Commit a21f5112 fixed one API, but missed two others that also
	failed to log their 'flags' argument.

	* src/libvirt.c (virNodeSuspendForDuration, virDomainGetHostname):
	Log flags parameter.

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	s/flags=%u/flags=%x/ in earlier commit

	Allow duration=0 for virsh nodesuspend
	The virNodeSuspend API allows for a duration of 0, to mean no
	timed wakup. virsh needlessly forbids this though

	Allow comma separated list of shutdown/reboot modes with virsh
	The shutdown and reboot commands in virsh allow a comma
	separated list of mode values

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Introduce APIs for splitting/joining strings
	This introduces a few new APIs for dealing with strings.
	One to split a char * into a char **, another to join a
	char ** into a char *, and finally one to free a char **

	There is a simple test suite to validate the edge cases
	too. No more need to use the horrible strtok_r() API,
	or hand-written code for splitting strings.

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Add support for shutdown / reboot APIs in LXC driver
	Add support for doing controlled shutdown / reboot in the LXC
	driver. The default behaviour is to try talking to /dev/initctl
	inside the container's virtual root (/proc/$INITPID/root). This
	works with sysvinit or systemd. If that file does not exist
	then send SIGTERM (for shutdown) or SIGHUP (for reboot). These
	signals are not any kind of particular standard for shutdown
	or reboot, just something apps can choose to handle. The new
	virDomainSendProcessSignal allows for sending custom signals.

	We might allow the choice of SIGTERM/HUP to be configured for
	LXC containers via the XML in the future.

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Introduce two new methods for triggering controlled shutdown/reboot
	The virDomainShutdownFlags and virDomainReboot APIs allow the caller
	to request the operation is implemented via either acpi button press
	or a guest agent. For containers, a couple of other methods make
	sense, a message to /dev/initctl, and direct kill(SIGTERM|HUP) of
	the container init process.

	Move reboot/shutdown flags combination check into QEMU driver
	The fact that only the guest agent, or ACPI flag can be used
	when requesting reboot/shutdown is merely a limitation of the
	QEMU driver impl at this time. Thus it should not be in
	libvirt.c code

	Add APIs for talking to init via /dev/initctl
	To be able todo controlled shutdown/reboot of containers an
	API to talk to init via /dev/initctl is required. Fortunately
	this is quite straightforward to implement, and is supported
	by both sysvinit and systemd. Upstart support for /dev/initctl
	is unclear.

	Ensure virDomainShutdownFlags logs flags parameter

2012-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Quote client identity in SASL whitelist log message
	When seeing a message

	 virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in whitelist

	it isn't immediately obvious that 'admin' is the identity
	being checked. Quote the string to make it more obvious

2012-11-30  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fix up the default machine type for QMP probing
	The default machine type must be stored in the first element of
	the caps->machineTypes array. This was done for help output
	parsing but not for QMP probing.

	Added a helper function qemuSetDefaultMachine to apply the same
	fix up for both probing methods.

	Further, it was necessary to set caps->nmachineTypes after QMP
	probing.

2012-11-30  Guido Günther  <agx@sigxcpu.org>

	Fix uninitialized variables
	detecet by

		http://honk.sigxcpu.org:8001/job/libvirt-build/348/console

2012-11-30  Eric Blake  <eblake@redhat.com>

	qemu: don't attempt undefined QMP commands
	https://bugzilla.redhat.com/show_bug.cgi?id=872292

	Libvirt should not attempt to call a QMP command that has not been
	documented in qemu.git - if future qemu introduces a command by the
	same name but with subtly different semantics, then libvirt will be
	broken when trying to use that command.

	We also had some code that could never be reached - some of our
	commands have an alternate for new vs. old qemu HMP commands; but
	if we are new enough to support QMP, we only need a fallback to
	the new HMP counterpart, and don't need to try for a QMP counterpart
	for the old HMP version.

	See also this attempt to convert the three snapshot commands to QMP:
	https://lists.gnu.org/archive/html/qemu-devel/2012-07/msg01597.html
	although it looks like that will still not happen before qemu 1.3.
	That thread eventually decided that qemu would use the name
	'save-vm' rather than 'savevm', which mitigates the fact that
	libvirt's attempt to use a QMP 'savevm' would be broken, but we
	might not be as lucky on the other commands.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONSetCPU)
	(qemuMonitorJSONAddDrive, qemuMonitorJSONDriveDel)
	(qemuMonitorJSONCreateSnapshot, qemuMonitorJSONLoadSnapshot)
	(qemuMonitorJSONDeleteSnapshot): Use only HMP fallback for now.
	(qemuMonitorJSONAddHostNetwork, qemuMonitorJSONRemoveHostNetwork)
	(qemuMonitorJSONAttachDrive, qemuMonitorJSONGetGuestDriveAddress):
	Delete; QMP implies QEMU_CAPS_DEVICE, which prefers AddNetdev,
	RemoveNetdev, and AddDrive anyways (qemu_hotplug.c has all callers).
	* src/qemu/qemu_monitor.c (qemuMonitorAddHostNetwork)
	(qemuMonitorRemoveHostNetwork, qemuMonitorAttachDrive): Reflect
	deleted commands.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddHostNetwork)
	(qemuMonitorJSONRemoveHostNetwork, qemuMonitorJSONAttachDrive):
	Likewise.

2012-11-30  Eric Blake  <eblake@redhat.com>

	storage: fix scsi detach regression with cgroup ACLs
	https://bugzilla.redhat.com/show_bug.cgi?id=876828

	Commit 38c4a9cc introduced a regression in hot unplugging of disks
	from qemu, where cgroup device ACLs were no longer being revoked
	(thankfully not a security hole: cgroup ACLs only prevent open()
	of the disk; so reverting the ACL prevents future abuse but doesn't
	stop abuse from an fd that was already opened before the ACL change).

	Commit 1b2ebf95 overlooked that there were two spots affected.

	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice):
	Transfer backing chain before deletion.
	* src/qemu/qemu_driver.c (qemuDomainDetachDeviceDiskLive): Fix
	spacing (partly to ensure a different-looking patch).

2012-11-30  Ján Tomko  <jtomko@redhat.com>

	nwfilter: report an error on OOM
	Also removed some unreachable code found by coverity:
	libvirt-0.10.2/src/nwfilter/nwfilter_driver.c:259: unreachable: This
	code cannot be reached: "nwfilterDriverUnlock(driver...".

2012-11-30  Ján Tomko  <jtomko@redhat.com>

	virsh: check the return value of virStoragePoolGetAutostart
	On error, virStoragePoolGetAutostart would return -1 leaving autostart
	untouched.

	Removed the misleading debug message as well.

	Error: CHECKED_RETURN (CWE-252):
	libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the
	    return value of "virStoragePoolGetAutostart(pool, &autostart)".

2012-11-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor error reporting in qemu driver configuration parser
	This patch adds two labels and gets rid of a ton of duplicated code.
	This patch also fixes some error message and switches most of them to
	proper error reporting functions.

	qemu: Refactor config parameter retrieval
	This patch adds macros to help retrieve configuration values from qemu
	driver's configuration. Some configuration options are grouped
	together in the process.

2012-11-29  Laine Stump  <laine@laine.org>

	network: use dnsmasq --bind-dynamic when available
	This bug resolves CVE-2012-3411, which is described in the following
	bugzilla report:

	  https://bugzilla.redhat.com/show_bug.cgi?id=833033

	The following report is specifically for libvirt on Fedora:

	  https://bugzilla.redhat.com/show_bug.cgi?id=874702

	In short, a dnsmasq instance run with the intention of listening for
	DHCP/DNS requests only on a libvirt virtual network (which is
	constructed using a Linux host bridge) would also answer queries sent
	from outside the virtualization host.

	This patch takes advantage of a new dnsmasq option "--bind-dynamic",
	which will cause the listening socket to be setup such that it will
	only receive those requests that actually come in via the bridge
	interface. In order for this behavior to actually occur, not only must
	"--bind-interfaces" be replaced with "--bind-dynamic", but also all
	"--listen-address" options must be replaced with a single
	"--interface" option. Fully:

	   --bind-interfaces --except-interface lo --listen-address x.x.x.x ...

	(with --listen-address possibly repeated) is replaced with:

	   --bind-dynamic --interface virbrX

	Of course libvirt can't use this new option if the host's dnsmasq
	doesn't have it, but we still want libvirt to function (because the
	great majority of libvirt installations, which only have mode='nat'
	networks using RFC1918 private address ranges (e.g. 192.168.122.0/24),
	are immune to this vulnerability from anywhere beyond the local subnet
	of the host), so we use the new dnsmasqCaps API to check if dnsmasq
	supports the new option and, if not, we use the "old" option style
	instead. In order to assure that this permissiveness doesn't lead to a
	vulnerable system, we do check for non-private addresses in this case,
	and refuse to start the network if both a) we are using the old-style
	options, and b) the network has a publicly routable IP
	address. Hopefully this will provide the proper balance of not being
	disruptive to those not practically affected, and making sure that
	those who *are* affected get their dnsmasq upgraded.

	(--bind-dynamic was added to dnsmasq in upstream commit
	54dd393f3938fc0c19088fbd319b95e37d81a2b0, which was included in
	dnsmasq-2.63)

2012-11-29  Laine Stump  <laine@laine.org>

	util: new virSocketAddrIsPrivate function
	This new function returns true if the given address is in the range of
	any "private" or "local" networks as defined in RFC1918 (IPv4) or
	RFC3484/RFC4193 (IPv6), otherwise they return false.

	These ranges are:

	   192.168.0.0/16
	   172.16.0.0/16
	   10.0.0.0/24
	   FC00::/7
	   FEC0::/10

2012-11-29  Laine Stump  <laine@laine.org>

	util: capabilities detection for dnsmasq
	In order to optionally take advantage of new features in dnsmasq when
	the host's version of dnsmasq supports them, but still be able to run
	on hosts that don't support the new features, we need to be able to
	detect the version of dnsmasq running on the host, and possibly
	determine from the help output what options are in this dnsmasq.

	This patch implements a greatly simplified version of the capabilities
	code we already have for qemu. A dnsmasqCaps device can be created and
	populated either from running a program on disk, reading a file with
	the concatenated output of "dnsmasq --version; dnsmasq --help", or
	examining a buffer in memory that contains the concatenated output of
	those two commands. Simple functions to retrieve capabilities flags,
	the version number, and the path of the binary are also included.

	bridge_driver.c creates a single dnsmasqCaps object at driver startup,
	and disposes of it at driver shutdown. Any time it must be used, the
	dnsmasqCapsRefresh method is called - it checks the mtime of the
	binary, and re-runs the checks if the binary has changed.

	networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
	startup - one "restricted" (doesn't support --bind-dynamic) and one
	"full" (does support --bind-dynamic). Some of the test cases use one
	and some the other, to make sure both code pathes are tested.

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	conf: fix uninitialized variable in virDomainListSnapshots
	If allocation of names fails, list is uninitialized.

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	rpc: don't destroy xdr before creating it in virNetMessageEncodeHeader
	On OOM, xdr_destroy got called even though it wasn't created yet.

	Found by coverity:
	Error: UNINIT (CWE-457):
	    libvirt-0.10.2/src/rpc/virnetmessage.c:214: var_decl: Declaring
	    variable "xdr" without initializer.
	    libvirt-0.10.2/src/rpc/virnetmessage.c:219: cond_true: Condition
	    "virReallocN(&msg->buffer, 1UL /* sizeof (*msg->buffer) */,
	    msg->bufferLength) < 0", taking true branch
	    libvirt-0.10.2/src/rpc/virnetmessage.c:221: goto: Jumping to label
	    "cleanup"
	    libvirt-0.10.2/src/rpc/virnetmessage.c:257: label: Reached label
	    "cleanup"
	    libvirt-0.10.2/src/rpc/virnetmessage.c:258: uninit_use: Using
	    uninitialized value "xdr.x_ops".

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	virsh: do timing even for unusable connections
	Time values were uninitialized if the connection wasn't usable.

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	virsh: use correct sizeof when allocating cpumap
	Found by coverity:
	Error: SIZEOF_MISMATCH (CWE-569):
	    libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing
	    argument "8UL /* sizeof (cpumap) */" to function
	    "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
	    then casting the return value to "unsigned char *" is suspicious.

	Error: SIZEOF_MISMATCH (CWE-569):
	    libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing
	    argument "8UL /* sizeof (cpumap) */" to function
	    "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
	    then casting the return value to "unsigned char *" is suspicious.

2012-11-29  Ján Tomko  <jtomko@redhat.com>

	util: fix virBitmap allocation in virProcessInfoGetAffinity
	Found by coverity:
	Error: REVERSE_INULL (CWE-476):
	    libvirt-0.10.2/src/util/processinfo.c:141: deref_ptr: Directly
	    dereferencing pointer "map".
	    libvirt-0.10.2/src/util/processinfo.c:142: check_after_deref:
	    Null-checking "map" suggests that it may be null, but it has already
	    been dereferenced on all paths leading to the check.

	conf: fix NULL check in virNetDevBandwidthParse
	Found by coverity:
	Error: REVERSE_INULL (CWE-476):
	    libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:99: deref_ptr:
	    Directly dereferencing pointer "node".
	    libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:107:
	    check_after_deref: Null-checking "node" suggests that it may be
	    null, but it has already been dereferenced on all paths leading to
	    the check.

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Turn some dual-state int parameters into booleans
	The virStateInitialize method and several cgroups methods were
	using an 'int privileged' parameter or similar for dual-state
	values. These are better represented with the bool type.

	Introduce a 'stop' method to virDriverState
	To allow actions to be performed in libvirtd when the host
	shuts down, or user session exits, introduce a 'stop'
	method to virDriverState. This will do things like saving
	the VM state to a file.

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Implement virDomainSendProcessSignal for LXC driver
	Implement the new API for sending signals to processes in a guest
	for the LXC driver. Only support sending signals to the init
	process for now, because

	 - The kernel does not appear to expose the mapping between
	   container PID numbers and host PID numbers anywhere in the
	   host OS namespace
	 - There is no race-free way to validate whether a host PID
	   corresponds to a process in a container.

	* src/lxc/lxc_driver.c: Allow sending processes signals

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Add a 'send-process-signal' command to virsh
	* tools/virsh.c: Add send-process-signal
	* tools/virsh.pod: Document new command

	Specify remote protocol for virDomainSendProcessSignal
	* src/remote/remote_protocol.x: message definition
	* src/remote/remote_driver.c: Register driver function
	* src/remote_protocol-structs: Test case

2012-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Add virDomainSendProcessSignal API
	Add an API for sending signals to arbitrary processes in the
	guest OS. This is primarily useful for container based virt,
	but can be used for machine virt too, if there is a suitable
	guest agent,

	* include/libvirt/libvirt.h.in: Add virDomainSendProcessSignal
	  and virDomainProcessSignal enum
	* src/driver.h: Driver entry point
	* src/libvirt.c, src/libvirt_public.syms: Impl for new API

2012-11-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove full stop from error messages

2012-11-29  Guido Günther  <agx@sigxcpu.org>

	Don't fail hard when we can't connect to the monitor
	As of 1a50ba2cb07d8bb2aa724062889deb9efd7ad9e9 we fail to connect to the
	monitor instead of getting an exit status != 0 from qemu itself.  This
	breaks capabilities probing for the non QMP case.

2012-11-29  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Fix wording and grammar in virDomainFSTrim
	The documentation to this API has some defects from
	grammar and wording POV. These were raised after I've
	pushed the patches, so they are in a separate commit.

2012-11-29  Osier Yang  <jyang@redhat.com>

	node_memory: Fix bug of node_memory_tune
	The 3 options accept 0, and merely checking for non-zero values
	would cause wrong results.

2012-11-29  Osier Yang  <jyang@redhat.com>

	node_memory: Do not fail if there is parameter unsupported
	It makes no sense to fail the whole getting command if there is
	a parameter unsupported by the kernel. This patch fixes it by
	omitting the unsupported parameter for getMemoryParameters.

	And for setMemoryParameters, this checks if there is an unsupported
	parameter up front of the setting, and just returns failure if not
	all parameters are supported.

2012-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Rename misc QEMU structs/enums to use normal naming style
	Replace the following names

	 * struct qemu_snap_remove  with virQEMUSnapRemovePtr
	 * struct qemu_snap_reparent with virQEMUSnapReparentPtr
	 * struct qemu_save_header with virQEMUSaveHeaderPtr
	 * enum qemu_save_formats with virQEMUSaveFormat

2012-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Replace 'struct qemud_driver *' with virQEMUDriverPtr
	Remove the obsolete 'qemud' naming prefix and underscore
	based type name. Introduce virQEMUDriverPtr as the replacement,
	in common with LXC driver naming style

2012-11-28  Laine Stump  <laine@laine.org>

	network: fix crash when portgroup has no name
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=879473

	The name attribute is required for portgroup elements (yes, the RNG
	specifies that), and there is code in libvirt that assumes it is
	non-null.  Unfortunately, the portgroup parsing function wasn't
	checking for lack of portgroup. One adverse result of this was that
	attempts to update a network by adding a portgroup with no name would
	cause libvirtd to segfault. For example:

	   virsh net-update default add portgroup "<portgroup default='yes'/>"

	This patch causes virNetworkPortGroupParseXML to fail if no name is
	specified, thus avoiding any later problems.

2012-11-28  Michal Privoznik  <mprivozn@redhat.com>

	maint: Fix use of invalid reboot flags
	Throughout the code, we've always used VIR_DOMAIN_SHUTDOWN* flags
	even for virDomainReboot() API and its implementation. Fortunately,
	the appropriate macros has the same value. But if we want to keep
	things consistent, we should be using the correct macros. This
	patch doesn't break anything, luckily.

2012-11-28  Hu Tao  <hutao@cn.fujitsu.com>

	build: more fix to avoid C99 for loop
	see commit 7e5aa78d0f7f4cbf1c8

	* src/interface/interface_backend_udev.c: Declare variable sooner.

2012-11-28  Eric Blake  <eblake@redhat.com>

	nwfilter: drop dead code
	Commit cb022152 went overboard and introduced a dead conditional
	while trying to get rid of a potential NULL dereference.

	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqNew):
	Remove redundant conditional.

2012-11-28  Ján Tomko  <jtomko@redhat.com>

	util: check for NULL parameter in virFileWrapperFdCatchError
	This reverts 8927c0e qemu: fix a crash when save file can't be opened
	and allows virFileWrapperFdCatchError to be called with NULL instead.

	conf: snapshot: check return value of virDomainSnapshotObjListNum
	If it's negative, this might result in a request to allocate lots of
	memory.

	conf: check the return value of virXPathNodeSet
	In a few places, the return value could get passed to VIR_ALLOC_N without
	being checked, resulting in a request to allocate a lot of memory if the
	return value was negative.

	virsh: fix error messages in iface-bridge
	The error messages did not correspond to the attributes they printed.

	libssh2_session: support DSS keys as well
	Missing break in the switch.

	cgroup: fix impossible overrun in virCgroupAddTaskController
	The size of the controllers array is VIR_CGROUP_CONTROLLER_LAST, however
	we only call it with values less than VIR_CGROUP_CONTROLLER_LAST.

	nwfilter: fix NULL pointer check in virNWFilterSnoopReqNew
	This can't lead to a crash since virNWFilterSnoopReqNew is only called
	with a static array as the argument, but if we check for NULL we should
	do it right.

2012-11-28  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix error messages when dispatching guest agent commands
	Error messages produced while dispatching guest agent commands didn't
	have an apparent reference to the fact that they are dealing with guest
	agent commands. This patch fixes up some of the messages to contain that
	reference.

	qemu: Drop word "either" from comments for agent monitor functions

2012-11-28  Martin Kletzander  <mkletzan@redhat.com>

	virsh: Rewrite cmdDomDisplay
	Just a little rewrite of the cmdDomDisplay function to make it
	consistent and hopefully more readable.  This also fixes a problem
	with password not being displayed for vnc even with the
	"--include-password" option.

2012-11-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new virDomainFSTrim API
	It's exposed under domfstrim command. Although the API
	doesn't support specifying mount point yet, expose it
	anyway.

	qemu: Implement virDomainFSTrim
	using qemu guest agent. As said in previous patch,
	@mountPoint must be NULL and @flags zero because
	qemu guest agent doesn't support these arguments
	yet. If qemu learns them, we can start supporting
	them as well.

	remote: Implement virDomainFSTrim
	A new rule to fixup_name() in gendispatch.pl needs to be added,
	otherwise we are left with remoteDomainFstrim which is not wanted.

	Introduce virDomainFSTrim() public API
	This will call FITRIM within guest. The API has 4 arguments,
	however, only 2 will be used for now (@dom and @minumum).
	The rest two are there if in future qemu guest agent learns them.

2012-11-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Add QEMU version computation to QMP probing
	With QMP capability probing, the version was not set.
	virsh version returns:
	...
	Cannot extract running QEMU hypervisor version

	This is fixed by computing caps->version from QMP major,
	minor, micro values.

2012-11-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fix QMP Capabability Probing Failure
	QMP Capability probing will fail if QEMU cannot bind to the
	QMP monitor socket in the qemu_driver->libDir directory.
	That's because the child process is stripped of all
	capabilities and this directory is chown'ed to the configured
	QEMU user/group (normally qemu:qemu) by the QEMU driver.

	To prevent this from happening, the driver startup will now pass
	the QEMU uid and gid down to the capability probing code.
	All capability probing invocations of QEMU will be run with
	the configured QEMU uid instead of libvirtd's.

	Furter, the pid file handling is moved to libvirt, as QEMU
	cannot write to the qemu_driver->runDir (root:root). This also
	means that the libvirt daemonizing must be used.

2012-11-28  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Wait for monitor socket even without pid
	If qemuMonitorOpenUnix is called without a related pid, i.e. for
	QMP probing, a connect failure can happen as the result of a race.
	Without a pid there is no retry and thus we give up too early.
	This changes the code to retry if no pid is supplied.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	mount fuse's meminfo file to container's /proc/meminfo
	we already have virtualize meminfo for container through fuse filesystem,
	add function lxcContainerMountProcFuse to mount this meminfo file to
	the container's /proc/meminfo.

	So we can isolate container's /proc/meminfo from host now.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	make /proc/meminfo isolate with host through fuse
	with this patch,container's meminfo will be shown based on
	containers' mem cgroup.

	Right now,it's impossible to virtualize all values in meminfo,
	I collect some values such as MemTotal,MemFree,Cached,Active,
	Inactive,Active(anon),Inactive(anon),Active(file),Inactive(anon),
	Active(file),Inactive(file),Unevictable,SwapTotal,SwapFree.

	if I miss something, please let me know.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	add interface virCgroupGetAppRoot
	because libvirt_lxc's cgroup mountpoint is what it shown
	in /proc/self/cgroup.

	we can get container's cgroup through virCgroupNew("/", &group),
	add interface virCgroupGetAppRoot to help container to
	get it's cgroup.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	add interface virCgroupGetMemSwapUsage
	virCgroupGetMemSwapUsage is used to get container's swap usage,
	with this interface,we can get swap usage in fuse filesystem.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	add fuse support for libvirt lxc
	this patch addes fuse support for libvirt lxc.
	we can use fuse filesystem to generate sysinfo dynamically,
	So we can isolate /proc/meminfo,cpuinfo and so on through
	fuse filesystem.

	we mount fuse filesystem for every container.
	the mount name is libvirt,mount point is
	localstatedir/run/libvirt/lxc/containername.

2012-11-28  Gao feng  <gaofeng@cn.fujitsu.com>

	Add a configure option for fuse support in LXC driver
	Add a configure option --with-fuse to prepare introduction
	of fuse support for libvirt lxc.

2012-11-28  Guannan Ren  <gren@redhat.com>

	bitmap: fix typo to use UL type of integer constant in virBitmapIsAllSet
	This bug leads to getting incorrect vcpupin information via
	qemudDomainGetVcpuPinInfo() API when the number of maximum
	cpu on a host falls into a range such as 31 < ncpus < 64.

	gcc warning:
	left shift count >= width of type

	The following bug is such the case
	https://bugzilla.redhat.com/show_bug.cgi?id=876415

2012-11-28  Ján Tomko  <jtomko@redhat.com>

	qemu: fix a crash when save file can't be opened
	In qemuDomainSaveMemory, wrapperFd might be NULL and should be checked before
	calling virFileWrapperFdCatchError. Same in doCoreDump.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=880919

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	Alphabetically sort libvirt_daemon.syms
	Sort the symbols listed in libvirt_daemon.syms

	Change bridge driver to use named initializers with virDriverState

2012-11-27  Alexander Larsson  <alexl@redhat.com>

	virdbus: Add virDBusGetSessionBus helper
	This splits out some common code from virDBusGetSystemBus and
	uses it to implement a new virDBusGetSessionBus helper.

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	s/qemud/qemu/ in QEMU driver sources
	Change some legacy function names to use 'qemu' as their
	prefix instead of 'qemud' which was a hang over from when
	the QEMU driver ran inside a separate daemon

	Fix leak of virNetworkPtr in LXC startup failure path
	When starting an LXC guest with a virNetwork based NIC device,
	if the network was not active, the virNetworkPtr device would
	be leaked

	Fix error reporting in virNetDevVethDelete
	In virNetDevVethDelete the virRun method will properly report
	errors, but when checking the exit status for non-zero exit
	code no error is reported

	Ensure transient def is removed if LXC start fails
	When starting a container, newDef is initialized to a
	copy of 'def', but when startup fails newDef is never
	removed. This cause later attempts to use 'virDomainDefine'
	to lose the new data being defined.

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	Ensure failure to create macvtap device aborts LXC start
	A mistaken initialization of 'ret' caused failure to create
	macvtap devices to be ignored. The libvirt_lxc process
	would later fail to start due to missing devices

	Also make sure code checks '< 0' and not '!= 0' since only
	-1 is considered an error condition

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash when LXC start fails with no interface target
	If the <interface> device did not contain any <target>
	element, LXC would crash on a NULL pointer if starting
	the container failed

	Specify name of target interface with macvlan error
	When failing to create a macvlan interface, make sure the
	error message contains the name of the host interface

	Treat missing driver cgroup as fatal in LXC driver
	The LXC driver relies on use of cgroups to kill off LXC processes
	in shutdown. If cgroups aren't available, we're unable to kill
	off processes, so we must treat lack of cgroups as a fatal startup
	error.

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	Ensure LXC container exits if cgroups setup fails
	The code setting up LXC cgroups used an 'rc' variable both
	for capturing the return value of methods it calls, and
	its own return status. The result was that several failures
	in setting up cgroups would actually result in success being
	returned.

	Use a separate 'ret' for tracking return value as per normal
	code design in other parts of libvirt

2012-11-27  Daniel P. Berrange  <berrange@redhat.com>

	Store initpid in the domain status XML for LXC
	The initpid will be required long term to enable LXC to
	implement various hotplug operations. Thus it needs to be
	persisted in the domain status XML. LXC has not used the
	domain status XML before, so this introduces use of the
	helpers.

	Remove bogus newline at end of debug log message

	Pass virSecurityManagerPtr object further down into LXC setup code
	Currently the lxcContainerSetupMounts method uses the
	virSecurityManagerPtr instance to obtain the mount options
	string and then only passes the string down into methods
	it calls. As functionality in LXC grows though, those
	methods need to have direct access to the virSecurityManagerPtr
	instance. So push the code down a level.

	Fix error handling in virSecurityManagerGetMountOptions
	The impls of virSecurityManagerGetMountOptions had no way to
	return errors, since the code was treating 'NULL' as a success
	value. This is somewhat pointless, since the calling code did
	not want NULL in the first place and has to translate it into
	the empty string "". So change the code so that the impls can
	return "" directly, allowing use of NULL for error reporting
	once again

2012-11-27  Eric Blake  <eblake@redhat.com>

	storage: fix device detach regression with cgroup ACLs
	https://bugzilla.redhat.com/show_bug.cgi?id=876828

	Commit 38c4a9cc introduced a regression in hot unplugging of disks
	from qemu, where cgroup device ACLs were no longer being revoked
	(thankfully not a security hole: cgroup ACLs only prevent open()
	of the disk; so reverting the ACL prevents future abuse but doesn't
	stop abuse from an fd that was already opened before the ACL change).

	The actual regression is due to a latent bug.  The hot unplug code
	was computing the set of files needing cgroup ACL revocation based
	on the XML passed in by the user, rather than based on the domain's
	details on which disk was being deleted.  As long as the revoke
	path was always recomputing the backing chain, this didn't really
	matter; but now that we want to compute the chain exactly once and
	remember that computation, we need to hang on to the backing chain
	until after the revoke has happened.

	* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice):
	Transfer backing chain before deletion.

2012-11-27  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	tests: Add tests for gluster protocol based network disks support

	qemu: Add support for gluster protocol based network storage backend.
	Qemu accepts gluster protocol as supported storage backend beside others.

2012-11-27  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	Add Gluster protocol as supported network disk backend
	This patch introduces the RNG schema and updates necessary data strucutures
	to allow various hypervisors to make use of Gluster protocol as one of the
	supported network disk backend. Next patch will add support to make use of
	this feature in Qemu since it now supports Gluster protocol as one of the
	network based storage backend.

	Two new optional attributes for <host> element are introduced - 'transport'
	and 'socket'. Valid transport values are tcp, unix or rdma. If none specified,
	tcp is assumed. If transport is unix, socket specifies path to unix socket.

	This patch allows users to specify disks on gluster backends like this:

	    <disk type='network' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='gluster' name='Volume1/image'>
	        <host name='example.org' port='6000' transport='tcp'/>
	      </source>
	      <target dev='vda' bus='virtio'/>
	    </disk>

	    <disk type='network' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source protocol='gluster' name='Volume2/image'>
	        <host transport='unix' socket='/path/to/sock'/>
	      </source>
	      <target dev='vdb' bus='virtio'/>
	    </disk>

2012-11-26  Eric Blake  <eblake@redhat.com>

	build: avoid C99 for loop
	Although we require various C99 features, we don't yet require a
	complete C99 compiler.  On RHEL 5, compilation complained:

	qemu/qemu_command.c: In function 'qemuBuildGraphicsCommandLine':
	qemu/qemu_command.c:4688: error: 'for' loop initial declaration used outside C99 mode

	* src/qemu/qemu_command.c (qemuBuildGraphicsCommandLine): Declare
	variable sooner.
	* src/qemu/qemu_process.c (qemuProcessInitPasswords): Likewise.

2012-11-26  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Refactor ESX storage driver to implement facade pattern
	The patch refactors the current ESX storage driver due to following reasons:

	1. Given most of the public APIs exposed by the storage driver in Libvirt
	remains same, ESX storage driver should not implement logic specific
	for only one supported format (current implementation only supports VMFS).
	2. Decoupling interface from specific storage implementation gives us an
	extensible design to hook implementation for other supported storage
	formats.

	This patch refactors the current driver to implement it as a facade pattern i.e.
	the driver exposes all the public libvirt APIs, but uses backend drivers to get
	the required task done. The backend drivers provide implementation specific to
	the type of storage device.

	File changes:
	------------------
	esx_storage_driver.c ----> esx_storage_driver.c (base storage driver)
	                     |
	                     |---> esx_storage_backend_vmfs.c (VMFS backend)

2012-11-26  Peter Krempa  <pkrempa@redhat.com>

	lxc: Don't crash if no security driver is specified in libvirt_lxc
	When no security driver is specified libvirt_lxc segfaults as a debug
	message tries to access security labels for the container that are not
	present.

	This problem was introduced in commit 6c3cf57d6cb27cf10064baf8cca0f39.

2012-11-26  Peter Krempa  <pkrempa@redhat.com>

	lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths
	Early jumps to the cleanup label caused a crash of the libvirt_lxc
	container helper as the cleanup section called
	virLXCControllerDeleteInterfaces(ctrl) without checking the ctrl argument
	for NULL. The argument was de-referenced soon after.

	$ /usr/libexec/libvirt_lxc
	/usr/libexec/libvirt_lxc: missing --name argument for configuration
	Segmentation fault

2012-11-26  Ata E Husain Bohra  <ata.husain@hotmail.com>

	Add private data pointer to virStoragePool and virStorageVol
	This will simplify the refactoring of the ESX storage driver to support
	a VMFS and an iSCSI backend.

	One of the tasks the storage driver needs to do is to decide which backend
	driver needs to be invoked for a given request. This approach extends
	virStoragePool and virStorageVol to store extra parameters:

	1. privateData: stores pointer to respective backend storage driver.
	2. privateDataFreeFunc: stores cleanup function pointer.

	virGetStoragePool and virGetStorageVol are modfied to accept these extra
	parameters as user params. virStoragePoolDispose and virStorageVolDispose
	checks for cleanup operation if available.

	The private data pointer allows the ESX storage driver to store a pointer
	to the used backend with each storage pool and volume. This avoids the need
	to detect the correct backend in each storage driver function call.

2012-11-26  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add Intel Haswell cpu model
	The new model supports following features in addition to those supported
	by SandyBridge:

	fma, pcid, movbe, fsgsbase, bmi1, hle, avx2, smep, bmi2, erms, invpcid,
	rtm

2012-11-26  Ján Tomko  <jtomko@redhat.com>

	storage: fix logical volume cloning
	Commit 258e06c removed setting of the volume type to
	VIR_STORAGE_VOL_BLOCK, which leads to failures in
	storageVolumeCreateXMLFrom.

	The type (and target.format) of the volume was set to zero. In
	virStorageBackendGetBuildVolFromFunction, this gets interpreted as
	VIR_STORAGE_FILE_NONE and the qemu-img tool is called with unknown
	"none" format.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=879780

2012-11-26  Ján Tomko  <jtomko@redhat.com>

	build: fix build --without-network
	bridge_driver.h: silence gcc warnings:
	statement with no effect [-Wunused-value]
	unused variable 'net' [-Wunused-variable]

	virdrivermoduletest.c: don't require network driver module
	if it hasn't been built.

2012-11-26  Osier Yang  <jyang@redhat.com>

	util: Use virReportSystemError for system error in pci.c

2012-11-25  Osier Yang  <jyang@redhat.com>

	util: Fix the indention

2012-11-23  Peter Krempa  <pkrempa@redhat.com>

	virsh: Report error when taking a snapshot with empty --memspec argument
	When the value of memspec was empty taking of a snapshot failed without
	reporting an error.

2012-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix exiting of libvirt_lxc program on container quit
	The virLXCControllerClientCloseHook method was mistakenly
	assuming that the private data associated with the network
	client was the virLXCControllerPtr. In fact it was just a
	dummy int, so we were derefencing a bogus struct. The
	frequent result of this was that we would never quit, because
	we tried to arm a non-existant timer.

	Fix the code by removing the dummy private data and just
	using the virLXCControllerPtr instance as private data

2012-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Skip deleted timers when calculting next timeout
	It is possible for there to be deleted timers when we
	calculate the next timeout, and they must be skipped.

	Warn if requesting update to non-existent timer/handle watch
	The event code is a no-op if requested to update a non-existent
	timer/handle watch. This makes it hard to detect bugs in the
	caller who have passed bogus data. Add a VIR_WARN output in
	such cases, since the API does not allow for return errors.

	Fix virDiskNameToIndex to actually ignore partition numbers
	The docs for virDiskNameToIndex claim it ignores partition
	numbers. In actual fact though, a code ordering bug means
	that a partition number will cause the code to accidentally
	multiply the result by 26.

2012-11-23  Michal Privoznik  <mprivozn@redhat.com>

	qemuhelpdata: Revert my 'fix'
	I was convicted that space at EOL should no be there
	even for qemu help data. Hence, I've removed one in
	commit bb2f6216119d50. However, it turns out we want
	it exactly the way qemu produces it. So I should undo
	my premature fix. A patch against qemu has been posted
	as well.

2012-11-22  Peter Krempa  <pkrempa@redhat.com>

	qemu: Stop recursive detection of image chains when an image is missing
	Commit e0c469e58b93f852a72265919703cb6abd3779f8 that fixes the detection
	of image chain wasn't complete. Iteration through the backing image
	chain has to stop at the last existing image if some of the images are
	missing otherwise the backing chain that is cached contains entries with
	paths being set to NULL resulting to:

	error: Unable to allow access for disk path (null): Bad address

	Fortunately stat() is kind enough not to crash when it's presented with
	a NULL argument. At least on Linux.

2012-11-22  Martin Kletzander  <mkletzan@redhat.com>

	conf: Report sensible error for invalid disk name
	The error "... but the cause is unknown" appeared for XMLs similar to
	this:

	 <disk type='file' device='cdrom'>
	   <driver name='qemu' type='raw'/>
	   <source file='/dev/zero'/>
	   <target dev='sr0'/>
	 </disk>

	Notice unsupported disk type (for the driver), but also no address
	specified. The first part is not a problem and we should not abort
	immediately because of that, but the combination with the address
	unknown was causing an unspecified error.

	While fixing this, I added an error to one place where this return
	value was not managed properly.

2012-11-22  Natanael Copa  <ncopa@alpinelinux.org>

	build: trivial fix error: implicit declaration of function 'malloc'
	Fixes this error when building with -Werror on Alpine Linux:

	util/processinfo.c: In function 'virProcessInfoSetAffinity':
	util/processinfo.c:52:5: error: implicit declaration of function 'malloc' [-Werror=implicit-function-declaration]

2012-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Log an audit message with the LXC init pid
	Currently the LXC driver logs audit messages when a container
	is started or stopped. These audit messages, however, contain
	the PID of the libvirt_lxc supervisor process. To enable
	sysadmins to correlate with audit messages generated by
	processes /inside/ the container, we need to include the
	container init process PID.

	We can't do this in the main 'start' audit message, since
	the init PID is not available at that point. Instead we output
	a completely new audit record, that lists both PIDs.

	type=VIRT_CONTROL msg=audit(1353433750.071:363): pid=20180 uid=0 auid=501 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='virt=lxc op=init vm="busy" uuid=dda7b947-0846-1759-2873-0f375df7d7eb vm-pid=20371 init-pid=20372 exe="/home/berrange/src/virt/libvirt/daemon/.libs/lt-libvirtd" hostname=? addr=? terminal=pts/6 res=success'

2012-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Use virNetServerRun instead of custom main loop
	The LXC controller code currently directly invokes the
	libvirt main loop code. The problem is that this misses
	the cleanup of virNetServerClient connections that
	virNetServerRun takes care of.

	The result is that when libvirtd is stopped, the
	libvirt_lxc controller process gets stuck in a I/O loop.
	When libvirtd is then started again, it fails to connect
	to the controller and thus kills off the entire domain.

2012-11-22  Osier Yang  <jyang@redhat.com>

	storage: Improve virStorageBackendFileSystemStop
	It's actually not used for DIR pool. So removing the checking.

	storage: Fix bug of fs pool destroying
	Regression introduced by commit 258e06c85b7, "ret" could be set to 1
	or 0 by virStorageBackendFileSystemIsMounted before goto cleanup.
	This could mislead the callers (up to the public API
	virStoragePoolDestroy) to return success even the underlying umount
	command fails.

2012-11-21  Scott Sullivan  <ssullivan@liquidweb.com>

	qemu: fix RBD attach regression
	I have been testing libvirt v1.0.0 for deployment within my
	organization, and in the process discovered what appears to be a bug
	that breaks virsh attach-device, when attaching an RBD volume to an
	instance. First, here is the error presented, with v1.0.0 (this worked
	in v0.10.2):

	[root@host ~]# virsh attach-device W5APQ8  G84VV1.xml
	error: Failed to attach device from G84VV1.xml
	error: cannot open file 'dc3-1-test/G84VV1': No such file or directory

	Using git bisect, I narrowed the problem down to this as the first
	commit to break this setup:

	4d34c92947e8cf9e9bedfa227ada1d2dba92d68a is the first bad commit

2012-11-21  Ján Tomko  <jtomko@redhat.com>

	tests: update qemuhelptest data
	Both generated with
	qemu-system-x86_64 --help > qemu-1.2.0

	qemu-system-x86_64 \
	-device ? \
	-device pci-assign,? \
	-device virtio-blk-pci,? \
	-device virtio-net-pci,? \
	-device scsi-disk,? \
	-device PIIX4_PM,? \
	-device usb-redir,? \
	-device ide-drive,? \
	-device usb-host,? 2> qemu-1.2.0-device

	It seems I missed a few -device flags when doing this last time and I
	mixed up qemu and qemu-kvm.

2012-11-21  Ján Tomko  <jtomko@redhat.com>

	tests: add boot order for host and redirected USB to qemu argv test

	docs: Fix a few spaces

	docs: boot order for host and redirected USB devices

2012-11-21  Ján Tomko  <jtomko@redhat.com>

	conf: add support for booting from redirected USB devices
	Commit a4c19459aa8634c43b51e8138fb1d7eec4c17824 only added the
	QEMU capability flag, command line option and added the boot element
	for redirdev's in the XML schema.

	This patch adds support for parsing and writing the XML with redirdevs
	with the boot flag. It also ignores unknown XML elements in redirdev
	instead of failing with:
	"error: An error occurred, but the cause is unknown"

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=805414

2012-11-21  Hu Tao  <hutao@cn.fujitsu.com>

	run bootstrap if .gnulib is not present
	If .gnulib is deleted unexpectedly, autogen.sh will fail with message:

	fatal: ambiguous argument '.gnulib': unknown revision or path not in the working tree.
	Use '--' to separate paths from revisions, like this:
	'git <command> [<revision>...] -- [<file>...]'

	which is actually given by git diff .gnulib, which doesn't exist.

	In the case to run bootstrap to create .gnulib.

2012-11-20  Alon Levy  <alevy@redhat.com>

	qemu/qemu_command.c: fix indent of label

	qemu: graphics support for simultaneous one of each sdl, vnc, spice

	qemu: refactor graphics code to not hardcode a single display
	The check for a single display remains so no new functionality is added.

2012-11-20  Eric Blake  <eblake@redhat.com>

	snapshot: make cloning of domain definition easier
	Upcoming patches for revert-and-clone branching of snapshots need
	to be able to copy a domain definition; make this step reusable.

	* src/conf/domain_conf.h (virDomainDefCopy): New prototype.
	* src/conf/domain_conf.c (virDomainObjCopyPersistentDef): Split...
	(virDomainDefCopy): ...into new function.
	(virDomainObjSetDefTransient): Use it.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use it.

2012-11-19  Eric Blake  <eblake@redhat.com>

	snapshot: expose location through virsh snapshot-info
	Now that we can filter on this information, we should also make
	it easy to get at.

	* tools/virsh-snapshot.c (cmdSnapshotInfo): Add another output
	row, and switch to XPath queries rather than strstr.

2012-11-19  Eric Blake  <eblake@redhat.com>

	snapshot: implement new filter sets
	Relatively straight-forward.  And since qemu was already using
	VIR_DOMAIN_SNAPSHOT_FILTERS_ALL, with 6 different APIs all calling
	into this common code, I've instantly added all 5 flags to 6 APIs.

	* src/conf/snapshot_conf.h (VIR_DOMAIN_SNAPSHOT_FILTERS_ALL):
	Enable new filters.
	* src/conf/snapshot_conf.c (virDomainSnapshotObjListGetNames):
	Prep the new flags.
	(virDomainSnapshotObjListCopyNames): Actually do the filtering.

2012-11-19  Eric Blake  <eblake@redhat.com>

	snapshot: add virsh back-compat support for new filters
	Snapshot filtering based on types is useful enough to add
	back-compat support into virsh.  It is also rather easy - all
	versions of libvirt that don't understand the new filter flags
	already gave us sufficient information in a single XML field
	to reconstruct all the information we need (that is, it isn't
	until libvirt 1.0.1 that we have more interesting types of
	snapshots, such as offline external).

	* tools/virsh-snapshot.c (vshSnapshotFilter): New function.
	(vshSnapshotListCollect): Add fallback support.

2012-11-19  Eric Blake  <eblake@redhat.com>

	snapshot: add two more filter sets to API
	As we enable more modes of snapshot creation, it becomes more important
	to be able to quickly filter based on snapshot properties.  This patch
	introduces new filter flags; subsequent patches will introduce virsh
	back-compat filtering, as well as actual libvirt filtering.

	* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add
	five new flags in two new groups.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainListAllSnapshots, virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames)
	(virDomainSnapshotListAllChildren): Document them.
	* src/conf/snapshot_conf.h (VIR_DOMAIN_SNAPSHOT_FILTERS_STATUS)
	(VIR_DOMAIN_SNAPSHOT_FILTERS_LOCATION): Add new convenience filter
	collection macros.
	* tools/virsh-snapshot.c (cmdSnapshotList): Add 5 new flags.
	* tools/virsh.pod (snapshot-list): Document them.

2012-11-16  Laine Stump  <laine@laine.org>

	qemu: allow larger discrepency between memory & currentMemory in domain xml
	This resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=873134

	The reported problem is that an attempt to restore a saved domain that
	was configured with <currentMemory> and <memory> set to some (same for
	both) number that's not a multiple of 4096KiB results in an error like
	this:

	  error: Failed to start domain libvirt_test_api
	  error: XML error: current memory '4001792k' exceeds maximum '4000768k'

	(in this case, currentMemory was set to 4000000KiB).

	The reason for this failure is:

	1) a saved image contains the "live xml" of the domain at the time of
	the save.

	2) the live xml of a running domain gets its currentMemory
	(a.k.a. cur_balloon) directly from the qemu monitor rather than from
	the configuration of the domain.

	3) the value reported by qemu is (sometimes) not exactly what was
	originally given to qemu when the domain was started, but is rounded
	up to [some indeterminate granularity] - in some versions of qemu that
	granularity is apparently 1MiB, and in others it is 4MiB.

	4) When the XML is parsed to setup the state of the restored domain,
	the XML parser for <currentMemory> compares it to <memory> (which is
	the maximum allowed memory size for the domain) and if <currentMemory>
	is greater than the next 1024KiB boundary above <memory>, it spits out
	an error and fails.

	For example (from the BZ) if you start qemu on RHEL6 with both
	<currentMemory> and <memory> of 4000000 (this number is in KiB),
	libvirt's dominfo or dumpxml will report "4001792" back (rounded up to
	next 4MiB) for 10-20 seconds after the start, then revert to reporting
	"4000000". On Fedora 16 (which uses qemu-1.0), it will instead report
	"4000768" (rounded up to next 1MiB). On Fedora 17 (qemu-1.2), it seems
	to always report "4000000". ("4000000" is of course okay, and
	"4000768" is also okay since that's the next 1024KiB boundary above
	"4000000" and the parser was already allowing for that. But "4001792
	is *not* okay and produces the error message.)

	This patch solves the problem by changing the allowed "fudge factor"
	when parsing from 1024KiB to 4096KiB to match the maximum up-rounding
	that could be done in qemu.

	(I had earlier thought to fix this by up-rounding <memory> in the
	dumpxml that's put into the saved image, but that wouldn't have fixed
	the case where the save image was produced by an "unfixed"
	libvirtd.)

2012-11-16  Dan Horák  <dan@danny.cz>

	add ppc64 and s390x to arches where qemu-kvm exists
	QEMU in Fedora >= 18 is configured with ppc64 and s390x as architectures
	where KVM is enabled.

	https://bugzilla.redhat.com/show_bug.cgi?id=872545

2012-11-16  Eric Blake  <eblake@redhat.com>

	nodeinfo: port nodecpumap to RHEL5
	Prior to this patch, 'virsh nodecpumap' on older kernels reported:
	error: Unable to get cpu map
	error: out of memory

	* src/nodeinfo.c (linuxParseCPUmax): Don't overwrite error.
	(nodeGetCPUBitmap): Provide backup implementation.

2012-11-16  Eric Blake  <eblake@redhat.com>

	nodeinfo: support kernels that lack socket information
	On RHEL 5, I was getting a segfault trying to start libvirtd,
	because we were failing virNodeParseSocket but not checking
	for errors, and then calling CPU_SET(-1, &sock_map) as a result.
	But if you don't have a topology/physical_package_id file,
	then you can just assume that the cpu belongs to socket 0.

	* src/nodeinfo.c (virNodeGetCpuValue): Change bool into
	default_value.
	(virNodeParseSocket): Allow for default value when file is missing,
	different from fatal error on reading file.
	(virNodeParseNode): Update call sites to fail on error.

2012-11-16  Eric Blake  <eblake@redhat.com>

	Revert "virsh: add aliases 'boot', 'stop', and 'restart'"
	This reverts commits 5f63a5cb42642f945696c51bbce7fdc160325510
	and ff86b0c97b0525a2cd26048a0dbf16e600aaeb7b.  After much list
	discussion, consensus was that libvirt aliases should be reserved
	to correct typos, otherwise it risks confusion.  Rather, we
	should implement a way for users to provide their own aliases
	as part of their virsh configuration preferences.

2012-11-16  Eric Blake  <eblake@redhat.com>

	snapshot: require user to supply external memory file name
	For disk snapshots, the user could request an external snapshot
	but not supply a filename; later on, we would check this condition
	and generate a suitable name if possible, or gracefully error out
	when not possible (such as when the original file was a block
	device).  But unless we come up with a suitable way to generate
	external memory file names, we have no later code point that was
	checking for NULL, so we should forbid this up front.

	* src/conf/snapshot_conf.c (virDomainSnapshotDefParseString):
	Avoid NULL deref, since we don't generate names yet.

2012-11-16  liguang  <lig.fnst@cn.fujitsu.com>

	qemu: Beautify code indent in migration codes

2012-11-16  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Retry after EINPROGRESS
	It may take some time for sanlock to add a lockspace. And if user
	restart libvirtd service meanwhile, the fresh daemon can fail adding
	the same lockspace with EINPROGRESS. Recent sanlock has
	sanlock_inq_lockspace() function which should block until lockspace
	changes state. If we are building against older sanlock we should
	retry a few times before claiming an error. This issue can be easily
	reproduced:

	for i in {1..1000} ; do echo $i; service libvirtd restart; sleep 2; done
	20
	Stopping libvirtd daemon:                                  [FAILED]
	Starting libvirtd daemon:                                  [  OK  ]
	21
	Stopping libvirtd daemon:                                  [  OK  ]
	Starting libvirtd daemon:                                  [  OK  ]
	22
	Stopping libvirtd daemon:                                  [  OK  ]
	Starting libvirtd daemon:                                  [  OK  ]

	 error : virLockManagerSanlockSetupLockspace:334 : Unable to add
	 lockspace /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__: Operation now in
	 progress

2012-11-16  Ján Tomko  <jtomko@redhat.com>

	virsh: save: report an error if XML file can't be read
	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=876868

2012-11-15  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: Use virNodeGetCPUMap if possible
	Modified the places where virNodeGetInfo was used for the purpose
	of obtaining the maximum node CPU number. Transparently falling
	back to virNodeGetInfo in case of failure.
	Wrote utility function vshNodeGetCPUCount to compute node CPU
	number.

	python: Use virNodeGetCPUMap where possible
	Modified the places where virNodeGetInfo was used for the purpose
	of obtaining the maximum node CPU number. Transparently falling
	back to virNodeGetInfo in case of failure.
	Wrote a utility function getPyNodeCPUCount for that purpose.

	qemu, lxc: Change host CPU number detection logic.
	The drivers for QEMU and LXC use virNodeGetInfo only to determine
	the number of host CPUs. On Linux hosts nodeGetCPUCount has less
	overhead.

2012-11-15  Ján Tomko  <jtomko@redhat.com>

	virsh: fix uninitialized variable in cmdSnapshotEdit
	If the domain can't be looked up, name is used unitialized after the
	cleanup label.

	Found by coverity.

2012-11-15  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	nodeinfo: enable nodeGetCPUCount for older kernels
	Since /sys/devices/system/cpu/present is not available on
	older kernels like on RHEL 5.x nodeGetCPUCount will
	fail there. The fallback implemented is to scan for
	/sys/devices/system/cpu/cpuNN entries.

2012-11-15  Miloslav Trmač  <mitr@redhat.com>

	Use helper functions to format the journal iov array
	This simplifies the top-level code, at the cost of using a little more
	stack space.  The primary benefit is being able to send more fields
	without knowing in advance how many of them, and of which types, these
	fields will be, and without having to individually add buffer variables.

	The code imposes an upper limit on the total number of iovs/buffers
	used, and fields that wouldn't fit are silently dropped.  This is not
	significant in this patch, but will affect the following one.

2012-11-15  Miloslav Trmač  <mitr@redhat.com>

	Add metadata to virLogOutputFunc
	... and update all users.  No change in functionality, the parameter
	will be used in the next patch.

2012-11-15  Miloslav Trmač  <mitr@redhat.com>

	Add a metadata parameter to virLog{, V}Message
	... and update all users.  No change in functionality, the parameter
	will be used later.

	The metadata representation is as minimal as possible, but requires
	the caller to allocate an array on stack explicitly.

	The alternative of using varargs in the virLogMessage() callers:
	* Would not allow the caller to optionally omit some metadata elements,
	  except by having two calls to virLogMessage.
	* Would not be as type-safe (e.g. using int vs. size_t), and the compiler
	  wouldn't be able to do type checking
	* Depending on parameter order:
	  a) virLogMessage(..., message format, message params...,
	                   metadata..., NULL)
	     can not be portably implemented (parse_printf_format() is a glibc
	     function)
	  b) virLogMessage(..., metadata..., NULL,
	                   message format, message params...)
	     would prevent usage of ATTRIBUTE_FMT_PRINTF and the associated
	     compiler checking.

2012-11-15  Ján Tomko  <jtomko@redhat.com>

	qemu: add bootindex for usb-host and usb-redir devices
	Allow bootindex to be specified for redirected USB devices and host USB
	devices.

	Bug: https://bugzilla.redhat.com/show_bug.cgi?id=805414

2012-11-15  Daniel Veillard  <veillard@redhat.com>

	Doug Goldstein gained commit capability

2012-11-14  Eric Blake  <eblake@redhat.com>

	build: rerun bootstrap if AUTHORS is missing
	Ever since commit 7b21981c started generating AUTHORS, we now have
	the situation that if you flip between two branches in the same
	git repository that cross that commit boundary, then 'make' will
	fail due to automake complaining about AUTHORS not existing.  The
	simplest solution is to realize that if AUTHORS does not exist,
	then we flipped branches so we will need to rerun bootstrap
	anyways; and rerunning bootstrap ensures AUTHORS will exist in time.

	* cfg.mk (_update_required): Also depend on AUTHORS.

2012-11-14  Laine Stump  <laine@laine.org>

	util: fix index when building lock owners array
	The "restart" function for locks allocates a new array according to
	and pre-sets its length, then reads the owner pids from a JSON
	document in a loop. Rather than adding each owner at a different
	index, though, it repeatedly overwrites the last element of the array
	with all the owners.

2012-11-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in virLXCControllerSetupDevPTS
	The lack of initialization of 'opts' caused a SEGV in the
	cleanup: path if the root->src directory did not exist

2012-11-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't force port=0 for SPICE
	If domain uses only TLS port we don't want to add
	'port=0' explicitly to command line.

2012-11-13  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Fix detection of external snapshots when deleting
	This patch adds a helper to determine if snapshots are external and uses
	the helper to fix detection of those in snapshot deletion code.

	Snapshots are external if they have an external memory image or if the
	disk locations are external. As mixed snapshots are forbidden for now
	we need to check just one disk to know.

2012-11-13  Peter Krempa  <pkrempa@redhat.com>

	tests: Remove temporary directories in qemumonitorjsontest
	qemumonitorjsontest creates a temporary directory to hold the socket
	that is simulating the monitor socket. The directory containing the
	socket wasn't disposed properly at the end of the test leaving garbage
	in the temporary folder.

	tests: Fix qemumonitorjsontest deadlock when the machine is under load
	When doing the qemumonitorjsontest on a machine under heavy load the
	test tends to deadlock from time to time. This patch adds the hack to
	break the event loop that is used in virsh.

	nodeinfotest: Add test data from a AMD bulldozer machine.
	The AMD Bulldozer architecture uses so called "Clustered integer core
	modules" that count both as threads and cores. This patch expects the
	cpu to be detected using the new fallback condition otherwise twice the
	number of processors would be detected.

2012-11-13  Peter Krempa  <pkrempa@redhat.com>

	nodeinfotest: Add test data for 2 processor host with broken NUMA
	This test data was gathered on an AMD MagnyCours machine that reports it
	has only one NUMA node although the hardware is consisting of 4. As
	duplicate core id's are ignored the reported topology was bogous. This
	should be fixed by the previous patch.

	Reported and data provided by George-Cristian Bîrzan.

2012-11-13  Peter Krempa  <pkrempa@redhat.com>

	nodeinfo: Add check and workaround to guarantee valid cpu topologies
	Lately there were a few reports of the output of the virsh nodeinfo
	command being inaccurate. This patch tries to avoid that by checking if
	the topology actually makes sense. If it doesn't we then report a
	synthetic topology that indicates to the user that the host capabilities
	should be checked for the actual topology.

2012-11-12  Michal Privoznik  <mprivozn@redhat.com>

	AbortJob: Fix documentation
	This API was never synchronous and probably doesn't even need to be.

	qemu: Allow migration to be cancelled at prepare phase
	Currently, if user calls virDomainAbortJob we just issue
	'migrate_cancel' and hope for the best. However, if user calls
	the API in wrong phase when migration hasn't been started yet
	(perform phase) the cancel request is just ignored. With this
	patch, the request is remembered and as soon as perform phase
	starts, migration is cancelled.

2012-11-09  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	capabilities: defaultConsoleTargetType can depend on architecture
	For S390, the default console target type cannot be of type 'serial'.
	It is necessary to at least interpret the 'arch' attribute
	value of the os/type element to produce the correct default type.

	Therefore we need to extend the signature of defaultConsoleTargetType
	to account for architecture. As a consequence all the drivers
	supporting this capability function must be updated.

	Despite the amount of changed files, the only change in behavior is
	that for S390 the default console target type will be 'virtio'.

	N.B.: A more future-proof approach could be to to use hypervisor
	specific capabilities to determine the best possible console type.
	For instance one could add an opaque private data pointer to the
	virCaps structure (in case of QEMU to hold capsCache) which could
	then be passed to the defaultConsoleTargetType callback to determine
	the console target type.
	Seems to be however a bit overengineered for the use case...

2012-11-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix domain ID numbering race condition
	When the libvirt daemon is restarted it tries to reconnect to running
	qemu domains. Since commit d38897a5d4b1880e1998394b2a37bba979bbdff1 the
	re-connection code runs in separate threads. In the original
	implementation the maximum of domain ID's (that is used as an
	initializer for numbering guests created next) while libvirt was
	reconnecting to the guest.

	With the threaded implementation this opens a possibility for race
	conditions with the thread that is autostarting guests. When there's a
	guest running with id 1 and the daemon is restarted. The autostart code
	is reached first and spawns the first guest that should be autostarted
	as id 1. This results into the following unwanted situation:

	 # virsh list
	   Id    Name                           State
	  ----------------------------------------------------
	   1     guest1                         running
	   1     guest2                         running

	This patch extracts the detection code before the re-connection threads
	are started so that the maximum id of the guests being reconnected to is
	known.

	The only semantic change created by this is if the guest with greatest ID
	quits before we are able to reconnect it's ID is used anyway as the
	greatest one as without this patch the greatest ID of a process we could
	successfuly reconnect to would be used.

2012-11-09  Philipp Hahn  <hahn@univention.de>

	storage: fix broken backing chain
	82507838 refactored the code to keep both the raw and canonicalized form
	of the backingStore, which breaks badly when the storage pool contains a
	storage volume, which is missing its backing store file:
	 # ./daemon/libvirtd -l
	 2012-11-07 12:43:33.279+0000: 22175: info : libvirt version: 1.0.0
	 2012-11-07 12:43:33.279+0000: 22175: error : absolutePathFromBaseFile:542 : Can't canonicalize path '/var/lib/libvirt/images/base.qcow2': No such file or directory
	 2012-11-07 12:43:33.280+0000: 22175: error : storageDriverAutostart:115 : Failed to autostart storage pool 'default': Can't canonicalize path '/var/lib/libvirt/images/base.qcow2': No such file or directory

	This is because virStorageFileGetMetadataFromBuf() aborts with -1 if the
	filename of the backingStore can not be canonicalized:
	 #0  absolutePathFromBaseFile () at util/storage_file.c:541
	 #1  virStorageFileGetMetadataFromBuf () at util/storage_file.c:728
	 #2  virStorageFileGetMetadataFromFD () at util/storage_file.c:932
	 #3  virStorageBackendProbeTarget () at storage/storage_backend_fs.c:94
	 #4  virStorageBackendFileSystemRefresh () at storage/storage_backend_fs.c:849
	 #5  storagePoolStart () at storage/storage_driver.c:700
	 #6  virStoragePoolCreate () at libvirt.c:12471
	 ...

	Treat files which miss their backing file as standalone files.

2012-11-08  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix function header formating of 2 functions
	Headers of qemuDomainSnapshotLoad and qemuDomainNetsRestart were
	improperly formatted.

2012-11-08  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Add support for external inactive snapshots
	This patch adds support for external disk snapshots of inactive domains.
	The snapshot is created by calling using qemu-img by calling:

	 qemu-img create -f format_of_snapshot -o
	 backing_file=/path/to/src,backing_fmt=format_of_backing_image
	 /path/to/snapshot

	in case the backing image format is known or probing is allowed and
	otherwise:

	 qemu-img create -f format_of_snapshot -o  backing_file=/path/to/src
	 /path/to/snapshot

	on each of the disks selected for snapshotting. This patch also modifies
	the snapshot preparing function to support creating external snapshots
	and to sanitize arguments. For now the user isn't able to mix external
	and internal snapshots but this restriction might be lifted in the
	future.

2012-11-08  Guido Günther  <agx@sigxcpu.org>

	Fix "virsh create" example
	We require a file and don't accept standard input:

	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692322

2012-11-07  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-create-as memspec support
	External checkpoints could be created with snapshot-create, but
	without libvirt supplying a default name for the memory file,
	it is essential to add a new argument to snapshot-create-as to
	allow the user to choose the memory file name.  This adds the
	option --memspec [file=]name[,snapshot=type], where type can
	be none, internal, or external.  For an example,

	virsh snapshot-create-as $dom --memspec /path/to/file

	is the shortest possible command line for creating an external
	checkpoint, named after the current timestamp.

	* tools/virsh-snapshot.c (vshParseSnapshotMemspec): New function.
	(cmdSnapshotCreateAs): Use it.
	* tests/virsh-optparse (test_url): Test it.
	* tools/virsh.pod (snapshot-create-as): Document it.

2012-11-07  Eric Blake  <eblake@redhat.com>

	virsh: make ,, escape parsing common
	So far, none of the existing callers of vshStringToArray expected
	the user to ever pass a literal comma; meanwhile, snapshot parsing
	had rolled its own array parser.  Moving the comma escaping into
	the common function won't affect any existing callers, and will make
	this function reusable for adding memory handling to snapshot parsing.

	As a bonus, the testsuite was already testing snapshot parsing, so
	the fact that the test still passes means that we are now giving
	testsuite exposure to vshStringToArray.

	* tools/virsh-snapshot.c (vshParseSnapshotDiskspec): Move ,,
	parsing...
	* tools/virsh.c (vshStringToArray): ...into common function.
	Also, vshStrdup can't fail.

2012-11-07  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Emit event if 'cont' fails
	Some operations, APIs needs domain to be paused prior operation can be
	performed, e.g. (managed-) save of a domain. The processors should be
	restored in the end. However, if 'cont' fails for some reason, we log a
	message but this is not sufficient as an event should be emitted as
	well. Mgmt application can then decide what to do.

	Introduce new VIR_DOMAIN_EVENT_SUSPENDED_API_ERROR event
	This is supposed to be thrown every time we need to pause domain
	because of API execution (e.g. qemuDomainSaveInternal) but fails
	to restore it back after. In this case, domain remains paused,
	however, none of existing reasons can fit this scenario.

2012-11-06  Eric Blake  <eblake@redhat.com>

	virsh: document which term is older
	Make it clear that the alternate terms have no difference except
	for length of time they were supported.

	* tools/virsh.pod (start, shutdown, reboot): More documentation.

2012-11-06  Eric Blake  <eblake@redhat.com>

	virsh: add aliases 'boot', 'stop', and 'restart'
	https://bugzilla.redhat.com/show_bug.cgi?id=873344 suggested that
	the grouping 'boot', 'shutdown', 'reboot'; as well as the grouping
	'start', 'stop', 'restart'; might be easier to remember than the
	current mix of 'start', 'shutdown', 'reboot'.

	Also, touch up the wording of 'reboot' to be more accurate.

	* tools/virsh-domain.c (domManagementCmds): Add other command names.
	* tools/virsh.pod (start, shutdown, reboot): Document the aliases.

2012-11-06  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't corrupt pointer in qemuDomainSaveMemory()
	The code that was split out into the qemuDomainSaveMemory expands the
	pointer containing the XML description of the domain that it gets from
	higher layers. If the pointer changes the old one is invalid and the
	upper layer function tries to free it causing an abort.

	This patch changes the expansion of the original string to a new
	allocation and copy of the contents.

2012-11-06  Martin Kletzander  <mkletzan@redhat.com>

	esx: Yet another connection fix for 5.1
	After the connection to ESX 5.1 being broken since g1e7cd39, the fix
	in bab7752c helped a bit, but still missed a spot, so the connection
	is now successful, but some APIs (for example defineXML) don't work.
	Two cases missing are added in this patch to avoid that.

2012-11-06  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add test for controller order

	qemu: Add controllers in specified order
	qemu is sensitive to the order of arguments passed. Hence, if a
	device requires a controller, the controller cmd string must
	precede device cmd string. The same apply for controllers, when
	for instance ccid controller requires usb controller. So
	controllers create partial ordering in which they should be added
	to qemu cmd line.

	qemu: Wrap controllers code into dummy loop
	which just re-indent code and prepare it for next patch.

2012-11-05  Václav Pavlín  <vpavlin@redhat.com>

	spec: replace scriptlets with new systemd macros
	https://bugzilla.redhat.com/850186

	I added %with_systemd_macros so it should now work in F17 with old
	scriptlets and in F18+/RHEL7+ with systemd macros
	(see https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Systemd)

	I missed libvirt-guests.service because there is no systemctl call for
	it. So I only added systemd macros calls.

2012-11-05  Eric Blake  <eblake@redhat.com>

	spec: don't enable cgconfig under systemd
	In Fedora 16, we quit enabling cgconfig because systemd set up
	default cgroups that were good enough for our use.  But in F17,
	when we switched to systemd, we reverted and started up cgconfig
	again.  See also the tail of this thread:
	https://www.redhat.com/archives/libvir-list/2012-October/msg01657.html

	* libvirt.spec.in (with_systemd): Rely on systemd for cgroups.

2012-11-05  Michal Privoznik  <mprivozn@redhat.com>

	iohelper: Don't report errors on special FDs
	Some FDs may not implement fdatasync() functionality,
	e.g.  pipes. In that case EINVAL or EROFS is returned.
	We don't want to fail then nor report any error.

	Reported-by: Christophe Fergeau <cfergeau@redhat.com>

2012-11-05  liguang  <lig.fnst@cn.fujitsu.com>

	gitignore: ignore more files
	ignore cscope.in.out, cscope.po.out

2012-11-04  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Remove restrictions preventing external checkpoints
	Some of the pre-snapshot check have restrictions wired in regarding
	configuration options that influence taking of external checkpoints.

	This patch removes restrictions that would inhibit taking of such a
	snapshot.

2012-11-04  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Add support for external checkpoints
	This patch adds support to take external system checkpoints.

	The functionality is layered on top of the previous disk-only snapshot
	code. When the checkpoint is requested the domain memory is saved to the
	memory image file using migration to file. (The user may specify to
	take the memory image while the guest is live with the
	VIR_DOMAIN_SNAPSHOT_CREATE_LIVE flag.)

	The memory save image shares format with the image created by
	virDomainSave() API.

2012-11-03  Peter Krempa  <pkrempa@redhat.com>

	snapshot: qemu: Rename qemuDomainSnapshotCreateActive
	Before now, libvirt supported only internal snapshots for active guests.
	This patch renames this function to qemuDomainSnapshotCreateActiveInternal
	to prepare the grounds for external active snapshots.

	snapshot: qemu: Add async job type for snapshots
	The new external system checkpoints will require an async job while the
	snapshot is taken. This patch adds QEMU_ASYNC_JOB_SNAPSHOT to track this
	job type.

2012-11-03  Peter Krempa  <pkrempa@redhat.com>

	snapshot: Add flag to enable creating checkpoints in live state
	The default behavior while creating external checkpoints is to pause the
	guest while the memory state is captured. We want the users to sacrifice
	space saving for creating the memory save image while the guest is live
	to minimize downtime.

	This patch adds a flag that causes the guest not to be paused before
	taking the snapshot.
	 *include/libvirt/libvirt.h.in:
	    - add new paused reason: VIR_DOMAIN_PAUSED_SNAPSHOT
	    - add new flag for taking snapshot: VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
	 *tools/virsh-domain-monitor.c:
	    - add string representation for VIR_DOMAIN_PAUSED_SNAPSHOT
	 *tools/virsh-snapshot.c:
	    - add support for VIR_DOMAIN_SNAPSHOT_CREATE_LIVE
	 *tools/virsh.pod:
	    - add docs for --live option added to use
	    VIR_DOMAIN_SNAPSHOT_CREATE_LIVE flag

2012-11-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Split out domain memory saving code to allow reuse
	The code that saves domain memory by migration to file can be reused
	while doing external checkpoints of a machine. This patch extracts the
	common code and places it in a separate function.

	qemu: Clean up snapshot retrieval to use the new helper
	Two other places were left with the old code to look up snapshots.
	Change them to use the snapshot lookup helper.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add AMD Opteron G5 cpu model

	cpu: Add newly added cpu flags
	This patch adds a few new processor feature flags. Namely:
	 f16c rdrand lwp tbm topoext perfctr_core perfctr_nb fsgsbase bmi1 hle
	 avx2 bmi2 erms invpcid rtm rdseed adx tce

	qemu: Fix possible race when pausing guest
	When pausing the guest while migration is running (to speed up
	convergence) the virDomainSuspend API checks if the migration job is
	active before entering the job. This could cause a possible race if the
	virDomainSuspend is called while the job is active but ends before the
	Suspend API enters the job (this would require that the migration is
	aborted). This would cause a incorrect event to be emitted.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: merge pre-snapshot checks
	Both system checkpoint snapshots and disk snapshots were iterating
	over all disks, doing a final sanity check before doing any work.
	But since future patches will allow offline snapshots to be either
	external or internal, it makes sense to share the pass over all
	disks, and then relax restrictions in that pass as new modes are
	implemented.  Future patches can then handle external disks when
	the domain is offline, then handle offline --disk-snapshot, and
	finally, combine with migration to file to gain a complete external
	system checkpoint snapshot of an active domain without using 'savevm'.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotIsAllowed): Merge...
	(qemuDomainSnapshotPrepare): ...into one function.
	(qemuDomainSnapshotCreateXML): Update caller.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: populate new XML info for qemu snapshots
	Now that the XML supports listing internal snapshots, it is worth
	always populating the <memory> and <disks> element to match.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Always
	parse disk info and set memory info.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: improve disk align checking
	There were not previous callers with require_match set to true.
	I originally implemented this bool with the intent of supporting
	ESX snapshot semantics, where the choice of internal vs. external
	vs. non-checkpointable must be made at domain start, but as ESX
	has not been wired up to use it yet, we might as well fix it to
	work with our next qemu patch for now, and worry about any further
	improvements (changing the bool to a flags argument) if the ESX
	driver decides to use this function in the future.

	* src/conf/snapshot_conf.c (virDomainSnapshotAlignDisks): Alter
	logic when require_match is true to deal with new XML.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: new XML for external system checkpoint
	Each <domainsnapshot> can now contain an optional <memory>
	element that describes how the VM state was handled, similar
	to disk snapshots.  The new element will always appear in
	output; for back-compat, an input that lacks the element will
	assume 'no' or 'internal' according to the domain state.

	Along with this change, it is now possible to pass <disks> in
	the XML for an offline snapshot; this also needs to be wired up
	in a future patch, to make it possible to choose internal vs.
	external on a per-disk basis for each disk in an offline domain.
	At that point, using the --disk-only flag for an offline domain
	will be able to work.

	For some examples below, remember that qemu supports the
	following snapshot actions:

	qemu-img: offline external and internal disk
	savevm: online internal VM and disk
	migrate: online external VM
	transaction: online external disk

	=====
	<domainsnapshot>
	  <memory snapshot='no'/>
	  ...
	</domainsnapshot>

	implies that there is no VM state saved (mandatory for
	offline and disk-only snapshots, not possible otherwise);
	using qemu-img for offline domains and transaction for online.

	=====
	<domainsnapshot>
	  <memory snapshot='internal'/>
	  ...
	</domainsnapshot>

	state is saved inside one of the disks (as in qemu's 'savevm'
	system checkpoint implementation).  If needed in the future,
	we can also add an attribute pointing out _which_ disk saved
	the internal state; maybe disk='vda'.

	=====
	<domainsnapshot>
	  <memory snapshot='external' file='/path/to/state'/>
	  ...
	</domainsnapshot>

	This is not wired up yet, but future patches will allow this to
	control a combination of 'virsh save /path/to/state' plus disk
	snapshots from the same point in time.

	=====

	So for 1.0.1 (and later, as needed), I plan to implement this table
	of combinations, with '*' designating new code and '+' designating
	existing code reached through new combinations of xml and/or the
	existing DISK_ONLY flag:

	domain  memory  disk   disk-only | result
	-----------------------------------------
	offline omit    omit   any       | memory=no disk=int, via qemu-img
	offline no      omit   any       |+memory=no disk=int, via qemu-img
	offline omit/no no     any       | invalid combination (nothing to snapshot)
	offline omit/no int    any       |+memory=no disk=int, via qemu-img
	offline omit/no ext    any       |*memory=no disk=ext, via qemu-img
	offline int/ext any    any       | invalid combination (no memory to save)
	online  omit    omit   off       | memory=int disk=int, via savevm
	online  omit    omit   on        | memory=no disk=default, via transaction
	online  omit    no/ext off       | unsupported for now
	online  omit    no     on        | invalid combination (nothing to snapshot)
	online  omit    ext    on        | memory=no disk=ext, via transaction
	online  omit    int    off       |+memory=int disk=int, via savevm
	online  omit    int    on        | unsupported for now
	online  no      omit   any       |+memory=no disk=default, via transaction
	online  no      no     any       | invalid combination (nothing to snapshot)
	online  no      int    any       | unsupported for now
	online  no      ext    any       |+memory=no disk=ext, via transaction
	online  int/ext any    on        | invalid combination (disk-only vs. memory)
	online  int     omit   off       |+memory=int disk=int, via savevm
	online  int     no/ext off       | unsupported for now
	online  int     int    off       |+memory=int disk=int, via savevm
	online  ext     omit   off       |*memory=ext disk=default, via migrate+trans
	online  ext     no     off       |+memory=ext disk=no, via migrate
	online  ext     int    off       | unsupported for now
	online  ext     ext    off       |*memory=ext disk=ext, via migrate+transaction

	* docs/schemas/domainsnapshot.rng (memory): New RNG element.
	* docs/formatsnapshot.html.in: Document it.
	* src/conf/snapshot_conf.h (virDomainSnapshotDef): New fields.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree)
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Manage new fields.
	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/domainsnapshotxml2xmlin/*.xml: Update existing tests.
	* tests/domainsnapshotxml2xmlout/*.xml: Likewise.

2012-11-02  Eric Blake  <eblake@redhat.com>

	snapshot: simplify OOM checking during parse
	* src/conf/snapshot_conf.c (virDomainSnapshotDefParseString):
	Simplify OOM reporting.

2012-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Document bracket whitespace rules & add syntax-check rule
	This documents the following whitespace rules

	      if(foo)   // Bad
	      if (foo)  // Good

	      int foo (int wizz)  // Bad
	      int foo(int wizz)   // Good

	      bar = foo (wizz);  // Bad
	      bar = foo(wizz);   // Good

	      typedef int (*foo) (int wizz);  // Bad
	      typedef int (*foo)(int wizz);   // Good

	      int foo( int wizz );  // Bad
	      int foo(int wizz);    // Good

	There is a syntax-check rule extension to validate all these rules.
	Checking for 'function (...args...)' is quite difficult since it
	needs to ignore valid usage with keywords like 'if (...test...)'
	and while/for/switch. It must also ignore source comments and
	quoted strings.

	It is not possible todo this with a simple regex in the normal
	syntax-check style. So a short Perl script is created instead
	to analyse the source. In practice this works well enough. The
	only thing it can't cope with is multi-line quoted strings of
	the form

	 "start of string\
	more lines\
	more line\
	the end"

	but this can and should be written as

	 "start of string"
	 "more lines"
	 "more line"
	 "the end"

	with this simple change, the bracket checking script does not
	have any false positives across libvirt source, provided it
	is only run against .c files. It is not practical to run it
	against .h files, since those use whitespace extensively to
	get alignment (though this is somewhat inconsistent and could
	arguably be fixed).

	The only limitation is that it cannot detect a violation where
	the first arg starts with a '*', eg

	   foo(*wizz);

	since this generates too many false positives on function
	typedefs which can't be supressed efficiently.

2012-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove spurious whitespace between function name & open brackets
	The libvirt coding standard is to use 'function(...args...)'
	instead of 'function (...args...)'. A non-trivial number of
	places did not follow this rule and are fixed in this patch.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	net: Mark network persistent when assigning persistent definition
	When assigning the new persistent definition for a transient network
	(thus making it persistent) the network needs to be marked persistent
	before actually atempting to assign the definition.

	net: Add support for changing persistent networks to transient
	Until now, the network undefine API was able to undefine only inactive
	networks. The restriction doesn't make sense any more so this patch
	implements changing networks to transient.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	net: Re-use checks when creating transient networks
	When a transient network was created some of the checks weren't run on
	the definition allowing to start invalid networks.

	This patch splits out code to the network validation function and
	re-uses that code when creating transient networks.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	net: Remove dnsmasq and radvd files also when destroying transient nets
	The network driver didn't care about config files when a network was
	destroyed, just when it was undefined leaving behind files for transient
	networks.

	This patch splits out the cleanup code to a helper function that handles
	the cleanup if the inactive network object is being removed and re-uses
	this code when getting rid of inactive networks.

2012-11-02  Peter Krempa  <pkrempa@redhat.com>

	net: Move creation of dnsmasq hosts file to function starting dnsmasq
	The hosts file was created in the network definition function. This
	patch moves the place the file is being created to the point where
	dnsmasq is being started.

	net: Change argument type of virNetworkObjIsDuplicate()
	The argument check_active is used only as a boolean so this patch
	changes the type and updates callers.

	conf: net: Fix deadlock if assignment of network def fails
	When the assignment fails, the network object is not unlocked and next
	call that would use it deadlocks.

	conf: net: Fix helper for applying new network definition
	When there's no new definition the helper overwrote the old one with
	NULL.

2012-11-02  Jiri Denemark  <jdenemar@redhat.com>

	build: Do not ignore logging.c in sc_prohibit_mkstemp
	Now that the offending code was removed, we may remove this as well.

2012-11-02  Daniel Veillard  <veillard@redhat.com>

	Remove a chunk which should not have been pushed as part of 1.0.0
	I didn't noticed that that small old patch was still applied locally

2012-11-02  Michal Privoznik  <mprivozn@redhat.com>

	logging.c: Properly indent and ignore one syntax-check rule
	With our fix of mkostemp (pushed as 2b435c15) we define a macro
	to compile with uclibc. However, this definition is conditional
	and thus needs to be properly indented. Moreover, with this definition
	sc_prohibit_mkstemp syntax-check rule keeps yelling:

	  src/util/logging.c:63:# define mkostemp(x,y) mkstemp(x)
	  maint.mk: use mkostemp with O_CLOEXEC instead of mkstemp

	Therefore we should ignore this file for this rule.

2012-11-02  Guannan Ren  <gren@redhat.com>

	qemu: use default machine type if missing it in qemu command line
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=871273
	when using virsh qemu-attach to attach an existing qemu process,
	if it misses the -M option in qemu command line, libvirtd crashed
	because the NULL value of def->os.machine in later use.

	Example:
	/usr/libexec/qemu-kvm -name foo \
	                      -cdrom /var/lib/libvirt/images/boot.img \
	                      -monitor unix:/tmp/demo,server,nowait \

	error: End of file while reading data: Input/output error
	error: Failed to reconnect to the hypervisor

	This patch tries to set default machine type if the value of
	def->os.machine is still NULL after qemu command line parsing.

2012-11-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-1.0.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for the new release
	* po/*.po*: update from transifex, a lot of added support e.g. Indian
	  languages, and regenerate

2012-11-02  Eric Blake  <eblake@redhat.com>

	cpumap: optimize for clients that don't need online count
	It turns out that calling virNodeGetCPUMap(conn, NULL, NULL, 0)
	is both useful, and with Viktor's patches, common enough to
	optimize.  Since this interface hasn't been released yet, we
	can change the RPC call.

	A bit more background on the optimization - learning the cpu count
	is a single file read (/sys/devices/system/cpu/possible), but
	learning the number of online cpus can possibly trigger a file
	read per cpu, depending on the age of the kernel, and all wasted
	if the caller passed NULL for both arguments.

	* src/nodeinfo.c (nodeGetCPUMap): Avoid bitmap when not needed.
	* src/remote/remote_protocol.x (remote_node_get_cpu_map_args):
	Supply two separate flags for needed arguments.
	* src/remote/remote_driver.c (remoteNodeGetCPUMap): Update
	caller.
	* daemon/remote.c (remoteDispatchNodeGetCPUMap): Likewise.
	* src/remote_protocol-structs: Regenerate.

2012-11-02  Doug Goldstein  <cardoe@cardoe.com>

	qemu: QMP capabilities support starts with 1.2
	Per the code comment in qemuCapsInitQMPBasic() and commit 43e23c7, we
	should only use QMP for capabilities probing starting with 1.2 and
	newer.  The old code had dead logic that probed on 1.0 and newer.

2012-11-01  Dan Walsh  <dwalsh@redhat.com>

	Linux Containers are not allowed to create device nodes.
	This needs to be done before the container starts. Turning
	off the mknod capability is noticed by systemd, which will
	no longer attempt to create device nodes.

	This eliminates SELinux AVC messages and ugly failure messages in the journal.

2012-11-01  Stefan Hajnoczi  <stefanha@redhat.com>

	qemu: Fix name comparison in qemuMonitorJSONBlockIoThrottleInfo()
	The string comparison logic was inverted and matched the first drive
	that does *not* have the name we search for.

2012-11-01  Stefan Hajnoczi  <stefanha@redhat.com>

	qemu: Keep QEMU host drive prefix in BlkIoTune
	The QEMU -drive id= begins with libvirt's QEMU host drive prefix
	("drive-"), which is stripped off in several places two convert between
	host ("-drive") and guest ("-device") device names.

	In the case of BlkIoTune it is unnecessary to strip the QEMU host drive
	prefix because we operate on "info block"/"query-block" output that uses
	host drive names.

	Stripping the prefix incorrectly caused string comparisons to fail since
	we were comparing the guest device name against the host device name.

2012-11-01  Michal Privoznik  <mprivozn@redhat.com>

	net-update docs: s/domain/network/
	A leftover from copy paste.

	iohelper: fdatasync() at the end
	Currently, when we are doing (managed) save, we insert the
	iohelper between the qemu and OS. The pipe is created, the
	writing end is passed to qemu and the reading end to the
	iohelper. It reads data and write them into given file. However,
	with write() being asynchronous data may still be in OS
	caches and hence in some (corner) cases, all migration data
	may have been read and written (not physically though). So
	qemu will report success, as well as iohelper. However, with
	some non local filesystems, where ENOSPACE is polled every X
	time units, we may get into situation where all operations
	succeeded but data hasn't reached the disk. And in fact will
	never do. Therefore we ought sync caches to make sure data
	has reached the block device on remote host.

2012-11-01  Richard W.M. Jones  <rjones@redhat.com>

	daemon: Make the default PolicyKit policy auth_admin_keep.

2012-11-01  Peter Krempa  <pkrempa@redhat.com>

	conf: Fix private symbols exported by files in conf
	Some of the functions were moved to other files but the private symbol
	file wasn't tweaked to reflect that.

2012-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix arch detection for qemu-system-i386 with QMP
	QEMU uses 'i386' for its 32-bit x86 architecture, but libvirt
	wants that to be 'i686', so we must fix it up

	Don't assume pid_t is the same size as an int
	virPidFileReadPathIfAlive passed in an 'int *' where a 'pid_t *'
	was expected, which breaks on Mingw64 targets. Also a few places
	were using '%d' for formatting pid_t, change them to '%lld' and
	force a cast to the longer type as done elsewhere in the same
	file.

2012-11-01  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	build: Fix RPM build for non-x86 platforms
	Make the post install script for the lock-sanlock package optional
	to prevent break on non-x86 platforms.

2012-10-31  Eric Blake  <eblake@redhat.com>

	docs: libvirtd no longer uses abstract namespace
	Commit 905be03d2 quit using the abstract namespace, but didn't
	update the --help text to match.

	* daemon/libvirtd.c (daemonUsage): Correct socket listing.

2012-10-31  Eric Blake  <eblake@redhat.com>

	build: prefer mkostemp for multi-thread safety
	https://bugzilla.redhat.com/show_bug.cgi?id=871756

	Commit cd1e8d1 assumed that systems new enough to have journald
	also have mkostemp; but this is not true for uclibc.

	For that matter, use of mkstemp[s] is unsafe in a multi-threaded
	program.  We should prefer mkostemp[s] in the first place.

	* bootstrap.conf (gnulib_modules): Add mkostemp, mkostemps; drop
	mkstemp and mkstemps.
	* cfg.mk (sc_prohibit_mkstemp): New syntax check.
	* tools/virsh.c (vshEditWriteToTempFile): Adjust caller.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemudDomainMemoryPeek): Likewise.
	* src/secret/secret_driver.c (replaceFile): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.

2012-10-31  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Ignore 'tags'

2012-10-31  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Fix EmulatorPinInfo without emulatorpin
	https://bugzilla.redhat.com/show_bug.cgi?id=871312

	Recent fixes made almost all the right steps to make emulator pinned
	to the cpuset of the whole domain in case <emulatorpin> isn't
	specified, but qemudDomainGetEmulatorPinInfo still reports all the
	CPUs even when cpuset is specified.  This patch fixes that.

2012-10-31  Peter Krempa  <pkrempa@redhat.com>

	util: Improve error reporting from absolutePathFromBaseFile helper
	There are multiple reasons canonicalize_file_name() used in
	absolutePathFromBaseFile helper can fail. This patch enhances error
	reporting from that helper.

2012-10-31  Martin Kletzander  <mkletzan@redhat.com>

	Make non-KVM machines work with QMP probing
	When there is no 'qemu-kvm' binary and the emulator used for a machine
	is, for example, 'qemu-system-x86_64' that, by default, runs without
	kvm enabled, libvirt still supplies '-no-kvm' option to this process,
	even though it does not recognize such option (making the start of a
	domain fail in that case).

	This patch fixes building a command-line for QEMU machines without KVM
	acceleration and is based on following assumptions:

	 - QEMU_CAPS_KVM flag means that QEMU is running KVM accelerated
	   machines by default (without explicitly requesting that using a
	   command-line option).  It is the closest to the truth according to
	   the code with the only exception being the comment next to the
	   flag, so it's fixed in this patch as well.

	 - QEMU_CAPS_ENABLE_KVM flag means that QEMU is, by default, running
	   without KVM acceleration and in case we need KVM acceleration it
	   needs to be explicitly instructed to do so.  This is partially
	   true for the past (this option essentially means that QEMU
	   recognizes the '-enable-kvm' option, even though it's almost the
	   same).

2012-10-30  Gene Czarcinski  <gene@czarc.net>

	bugfix: ip6tables rule removal
	Three FORWARD chain rules are added and two INPUT chain rules
	are added when a network is started but only the FORWARD chain
	rules are removed when the network is destroyed.

2012-10-30  Eric Blake  <eblake@redhat.com>

	maint: log xml during volume creation
	I noticed this while answering a list question about Java bindings
	of volume creation.  All other functions that take xml logged xmlDesc.

	* src/libvirt.c (virStorageVolCreateXML)
	(virStorageVolCreateXMLFrom): Use consistent spelling of xmlDesc,
	and log the argument.

2012-10-30  Guido Günther  <agx@sigxcpu.org>

	Create temporary dir for socket
	to avoid ENAMETOOLONG:

	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=amd64&ver=1.0.0~rc1-1&stamp=1351453521

2012-10-30  Laine Stump  <laine@laine.org>

	util: do a better job of matching up pids with their binaries
	This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=871201

	If libvirt is restarted after updating the dnsmasq or radvd packages,
	a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd
	process.

	The problem is that when libvirtd restarts, it re-reads the dnsmasq
	and radvd pidfiles, then does a sanity check on each pid it finds,
	including checking that the symbolic link in /proc/$pid/exe actually
	points to the same file as the path used by libvirt to execute the
	binary in the first place. If this fails, libvirt assumes that the
	process is no longer alive.

	But if the original binary has been replaced, the link in /proc is set
	to "$binarypath (deleted)" (it literally has the string " (deleted)"
	appended to the link text stored in the filesystem), so even if a new
	binary exists in the same location, attempts to resolve the link will
	fail.

	In the end, not only is the old dnsmasq/radvd not terminated when the
	network is stopped, but a new dnsmasq can't be started when the
	network is later restarted (because the original process is still
	listening on the ports that the new process wants).

	The solution is, when the initial "use stat to check for identical
	inodes" check for identity between /proc/$pid/exe and $binpath fails,
	to check /proc/$pid/exe for a link ending with " (deleted)" and if so,
	truncate that part of the link and compare what's left with the
	original binarypath.

	A twist to this problem is that on systems with "merged" /sbin and
	/usr/sbin (i.e. /sbin is really just a symlink to /usr/sbin; Fedora
	17+ is an example of this), libvirt may have started the process using
	one path, but /proc/$pid/exe lists a different path (indeed, on F17
	this is the case - libvirtd uses /sbin/dnsmasq, but /proc/$pid/exe
	shows "/usr/sbin/dnsmasq"). The further bit of code to resolve this is
	to call virFileResolveAllLinks() on both the original binarypath and
	on the truncated link we read from /proc/$pid/exe, and compare the
	results.

	The resulting code still succeeds in all the same cases it did before,
	but also succeeds if the binary was deleted or replaced after it was
	started.

2012-10-30  Peter Krempa  <pkrempa@redhat.com>

	cpu: Fix definition of flag smap
	A mild case of dyslexia caused that commit
	012f9b19ef3812884e207dc431571502de4cebce specifies wrong mask for the
	smap cpu feature flag. This patch fixes that mistake.

	nodeinfotest: Delete NUL bytes from test data
	The test data contained extra \0 bytes after newlines probably due to a
	kernel off-by-one bug.

2012-10-30  Michal Privoznik  <mprivozn@redhat.com>

	sanlock: Introduce 'user' and 'group' conf variables
	through which user set under what permissions does sanlock
	daemon run so libvirt will set the same permissions for
	files exposed to it.

2012-10-30  Vladislav Bogdanov  <bubble@hoster-ok.com>

	qemu: pass -usb and usb hubs earlier, so USB disks with static address are handled properly

	qemu: Do not ignore address for USB disks

2012-10-30  Martin Kletzander  <mkletzan@redhat.com>

	esx: Fix connection to ESX 5.1
	After separating 5.x and 5.1 versions of ESX, we forgot to add 5.1
	into the list of allowed connections, so connections to 5.1 fail since
	v1.0.0-rc1-5-g1e7cd39

2012-10-29  Eric Blake  <eblake@redhat.com>

	build: place attributes in correct location
	Ever since commit eefb881, ATTRIBUTE_NONNULL has normally been a
	no-op under gcc (since it tends to cause more bugs than it cures
	given gcc's current lame implementation of the attribute).  However,
	the macro is still useful to Coverity and other static-analysis
	tools, but only if we use it correctly.  Coverity follows gcc's lead
	in accepting function declarations with attributes at the end, but
	function bodies must attach attributes to the return type.  That is,
	these are valid:

	void foo(void *arg) ATTRIBUTE_NONNULL(1);
	void ATTRIBUTE_NONNULL(1) foo(void *arg);
	void ATTRIBUTE_NONNULL(1) foo(void *arg) {}

	but this is not:

	void foo(void *arg) ATTRIBUTE_NONNULL(1) {}

	even though you don't get a compile failure until you do static
	analysis.  Bug introduced in commit 80533ca, with these symptoms:

	nodeinfo.c:206: error: expected ',' or ';' before '{' token
	cc1: warning: unrecognized command line option "-Wno-suggest-attribute=const"
	cc1: warning: unrecognized command line option "-Wno-suggest-attribute=pure"
	make[3]: *** [libvirt_driver_la-nodeinfo.lo] Error 1

	* src/nodeinfo.c (virNodeParseNode): Fix syntax error when
	non-null attribute is in use.

2012-10-29  Eric Blake  <eblake@redhat.com>

	build: fix linking with systemtap probes
	Commit 34e8f63a3 altered virfile.o to drag in additional symbols,
	which in turn led to pulling in other .o files and eventually causing
	a link failure when systemtap probes are enabled, such as:

	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o): In function `virEventPollRunOnce':
	/home/dummy/libvirt/src/util/event_poll.c:614: undefined reference to `libvirt_event_poll_run_semaphore'
	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o):(.note.stapsdt+0x24): undefined reference to `libvirt_event_poll_add_handle_semaphore'

	Even though libvirt_iohelper and libvirt_parthelper don't directly
	use the portion of virfile.o that drags in probing, it was easier
	to satisfy the linker and get the build back up, than to figure out
	whether it is even possible or worth trying to disentangle the mess.

	* src/Makefile.am (libvirt_iohelper_LDADD)
	(libvirt_parthelper_LDADD): Use libvirt_probes.lo when needed.

2012-10-29  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Report errors from iohelper
	Currently, we use iohelper when saving/restoring a domain.
	However, if there's some kind of error (like I/O) it is not
	propagated to libvirt. Since it is not qemu who is doing
	the actual write() it will not get error. The iohelper does.
	Therefore we should check for iohelper errors as it makes
	libvirt more user friendly.

2012-10-29  Peter Krempa  <pkrempa@redhat.com>

	util: Re-format literal strings in virXMLEmitWarning
	And drop a stray space at the end of the first line of the warning.

2012-10-29  Ján Tomko  <jtomko@redhat.com>

	xml: print uuids in the warning
	In the XML warning, we print a virsh command line that can be used to
	edit that XML. This patch prints UUIDs if the entity name contains
	special characters (like shell metacharacters, or "--" that would break
	parsing of the XML comment). If the entity doesn't have a UUID, just
	print the virsh command that can be used to edit it.

2012-10-29  Jiri Denemark  <jdenemar@redhat.com>

	Revert "qemu: Do not require hostuuid in migration cookie"
	This reverts commit 8d75e47edefdd77b86df1ee9af3cd5001d456f73.

	Libvirt was never released with support for migration cookies without
	hostuuid.

2012-10-27  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix domxml-to-native network model conversion
	https://bugzilla.redhat.com/show_bug.cgi?id=636832

2012-10-27  Eric Blake  <eblake@redhat.com>

	build: typo fix for qemu cpu affinity
	Introduced in commit 0039a32f.

	* src/qemu/qemu_process.c (qemuPrepareCpumap): s/covert/convert/

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: relabel entire existing chain
	When using block copy to pivot over to a new chain, the backing files
	for the new chain might still need labeling (particularly if the user
	passes --reuse-ext with a relative backing file name).  Relabeling a
	file that is already labeled won't hurt, so this just labels the entire
	chain at the point of the pivot.  Doing the relabel of the chain uses
	the fact that we already safely probed the file type of an external
	file at the start of the block copy.

	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Relabel chain before
	asking qemu to pivot.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: allow mirroring under SELinux and cgroup
	Use the recent addition of qemuDomainPrepareDiskChainElement to
	obtain locking manager lease, permit a block device through cgroups,
	and set the SELinux label; then audit the fact that we hand a new
	file over to qemu.  Alas, releasing the lease and label at the end
	of the mirroring is a trickier prospect (we would have to trace the
	backing chain of both source and destination, and be sure not to
	revoke rights to any part of the chain that is shared), so for now,
	virDomainBlockJobAbort still leaves things with additional access
	granted (as block-pull and block-commit have the same problem of
	not clamping access after completion, a future cleanup would cover
	all three commands).

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): Set up labeling.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: allow for existing files in block-copy
	Support the REUSE_EXT flag, in part by copying sanity checks from
	snapshot code.  This code introduces a case of probing an external
	file for its type; such an action would be a security risk if the
	existing file is supposed to be raw but the contents resemble some
	other format; however, since the virDomainBlockRebase API has a
	flag to force treating the file as raw rather than probe, we can
	assume that probing is safe in all other instances.  Besides, if
	we don't probe or force raw, then qemu will.

	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Allow REUSE_EXT
	flag.
	(qemuDomainBlockCopy): Wire up flag, and add some sanity checks.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: implement block copy for qemu
	Minimal patch to wire up all the pieces in the previous patches
	to actually enable a block copy job.  By minimal, I mean that
	qemu creates the file (that is, no REUSE_EXT flag support yet),
	SELinux must be disabled, a lock manager is not informed, and the
	audit logs aren't updated.  But those will be added as
	improvements in future patches.

	This patch is designed so that if we ever add a future API
	virDomainBlockCopy with more bells and whistles (such as letting
	the user specify a destination image format different than the
	source), where virDomainBlockRebase is a wrapper around the
	simpler portions of the new functionality, then the new API can
	just reuse the new qemuDomainBlockCopy function and already
	support _SHALLOW and _REUSE_EXT flags.  Also note that libvirt.c
	already filtered the new flags if _COPY is not present, so that
	we are not impacting the case of BlockRebase being a wrapper
	around BlockPull.

	* src/qemu/qemu_driver.c (qemuDomainBlockCopy): New function.
	(qemuDomainBlockRebase): Call it when appropriate.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: make block pivot safer
	Since libvirt drops locks between issuing a monitor command and
	getting a response, it is possible for libvirtd to be restarted
	before getting a response on a block-job-complete command; worse, it
	is also possible for the guest to shut itself down during the window
	while libvirtd is down, ending the qemu process.  A management app
	needs to know if the pivot happened (and the destination file
	contains guest contents not in the source) or failed (and the source
	file contains guest contents not in the destination), but since
	the job is finished, 'query-block-jobs' no longer tracks the
	status of the job, and if the qemu process itself has disappeared,
	even 'query-block' cannot be checked to ask qemu its current state.

	At the time of this patch, the design for persistent bitmap has not
	been clarified, so a followup patch will be needed once qemu
	actually figures out how to expose it, and we figure out how to use
	it.  In the meantime, we have a solution that avoids the worst of
	the problem.  [This problem was first analyzed with the RHEL 6.3
	__com.redhat_drive-reopen command; which partly explains why
	upstream qemu 1.3 ditched the drive-reopen idea and went with
	block-job-complete plus persistent bitmap instead.]

	If we surround 'drive-reopen' with a pause/resume pair, then we can
	guarantee that the guest cannot modify either source or destination
	files in the window of libvirtd uncertainty, and the management app
	is guaranteed that either libvirt knows the outcome and reported it
	correctly; or that on libvirtd restart, the guest will still be
	paused and that the qemu process cannot have disappeared due to
	guest shutdown; and use that as a clue that the management app must
	implement recovery protocol, with both source and destination files
	still being in sync and with 'query-block' still being an option as
	part of that recovery.  My testing shows that the pause window will
	typically be only a fraction of a second.

	* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Pause around
	drive-reopen.
	(qemuDomainBlockJobImpl): Update caller.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: support pivot operation on cancel
	This is the bare minimum to end a copy job (of course, until a
	later patch adds the ability to start a copy job, this patch
	doesn't do much in isolation; I've just split the patches to
	ease the review).

	This patch intentionally avoids SELinux, lock manager, and audit
	actions.  Also, if libvirtd restarts at the exact moment that a
	'block-job-complete' is in flight, the proposed proper way to
	detect the outcome of that would be with a persistent bitmap and
	some additional query commands when libvirtd restarts.  This
	patch is enough to test the common case of success when used
	correctly, while saving the subtleties of proper cleanup for
	worst-case errors for later.

	When a mirror job is started, cancelling the job safely reverts back
	to the source disk, regardless of whether the destination is in
	phase 1 (streaming, in which case the destination is worthless) or
	phase 2 (mirroring, in which case the destination is synced up to
	the source at the time of the cancel).  Our existing code does just
	fine in either phase, other than some bookkeeping cleanup; this
	implements live block copy.

	Ideas for future enhancements via new flags:

	Depending on when persistent bitmap support is added, it may be
	worth adding a VIR_DOMAIN_REBASE_COPY_ATOMIC flag that fails up
	front if we detect an older qemu with risky pivot operation.

	Interesting side note: while snapshot-create --disk-only creates a
	copy of the disk at a point in time by moving the domain on to a
	new file (the copy is the file now in the just-extended backing
	chain), blockjob --abort of a copy job creates a copy of the disk
	while keeping the domain on the original file.  There may be
	potential improvements to the snapshot code to exploit block copy
	over multiple disks all at one point in time.  And, if
	'block-job-cancel' were made part of 'transaction', you could
	copy multiple disks at the same point in time without pausing
	the domain.  This also implies we may want to add a --quiesce flag
	to virDomainBlockJobAbort, so that when breaking a mirror (whether
	by cancel or pivot), the side of the mirror that we are abandoning
	is at least in a stable state with regards to guest I/O.

	* src/qemu/qemu_driver.c (qemuDomainBlockJobAbort): Accept new flag.
	(qemuDomainBlockPivot): New helper function.
	(qemuDomainBlockJobImpl): Implement it.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: return appropriate event and info
	Handle the new type of block copy event and info.  Of course,
	this patch does nothing until a later patch actually allows the
	creation/abort of a block copy job.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_JOB_READY): New
	block job status.
	* src/libvirt.c (virDomainBlockRebase): Document the event.
	* src/qemu/qemu_monitor_json.c (eventHandlers): New event.
	(qemuMonitorJSONHandleBlockJobReady): New function.
	(qemuMonitorJSONGetBlockJobInfoOne): Translate new job type.
	(qemuMonitorJSONHandleBlockJobImpl): Handle new event and job type.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Recognize
	the event to minimize snooping.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Snoop a successful
	info query to save effort on a pivot request.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: react to active block copy
	For now, disk migration via block copy job is not implemented in
	libvirt.  But when we do implement it, we have to deal with the
	fact that qemu does not yet provide an easy way to re-start a qemu
	process with mirroring still intact.  Paolo has proposed an idea
	for a persistent dirty bitmap that might make this possible, but
	until that design is complete, it's hard to say what changes
	libvirt would need.  Even something like 'virDomainSave' becomes
	hairy, if you realize the implications that 'virDomainRestore'
	would be stuck with recreating the same mirror layout.

	But if we step back and look at the bigger picture, we realize that
	the initial client of live storage migration via disk mirroring is
	oVirt, which always uses transient domains, and that if a transient
	domain is destroyed while a mirror exists, oVirt can easily restart
	the storage migration by creating a new domain that visits just the
	source storage, with no loss in data.

	We can make life a lot easier by being cowards for now, forbidding
	certain operations on a domain.  This patch guarantees that we
	never get in a state where we would have to restart a domain with
	a mirroring block copy, by preventing saves, snapshots, migration,
	hot unplug of a disk in use, and conversion to a persistent domain
	(thankfully, it is still relatively easy to 'virsh undefine' a
	running domain to temporarily make it transient, run tests on
	'virsh blockcopy', then 'virsh define' to restore the persistence).
	Later, if the qemu design is enhanced, we can relax our code.

	The change to qemudDomainDefine looks a bit odd for undoing an
	assignment, rather than probing up front to avoid the assignment,
	but this is because of how virDomainAssignDef combines both a
	lookup and assignment into a single function call.

	* src/conf/domain_conf.h (virDomainHasDiskMirror): New prototype.
	* src/conf/domain_conf.c (virDomainHasDiskMirror): New function.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainBlockJobImpl, qemudDomainDefine): Prevent dangerous
	actions while block copy is already in action.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.

2012-10-27  Eric Blake  <eblake@redhat.com>

	blockjob: add qemu capabilities related to block jobs
	Upstream qemu 1.3 is adding two new monitor commands, 'drive-mirror'
	and 'block-job-complete'[1], which can drive live block copy and
	storage migration.  [Additionally, RHEL 6.3 had backported an earlier
	version of most of the same functionality, but under the names
	'__com.redhat_drive-mirror' and '__com.redhat_drive-reopen' and with
	slightly different JSON arguments, and has been using patches similar
	to these upstream patches for several months now.]

	The libvirt API virDomainBlockRebase as already committed for 0.9.12
	is flexible enough to expose the basics of block copy, but some
	additional features in the 'drive-mirror' qemu command, such as
	setting error policy, setting granularity, or using a persistent
	bitmap, may later require a new libvirt API virDomainBlockCopy.  I
	will wait to add that API until we know more about what qemu 1.3
	will finally provide.

	This patch caters only to the upstream qemu 1.3 interface, although
	I have proven that the changes for RHEL 6.3 can be isolated to
	just qemu_monitor_json.c, and the rest of this series will
	gracefully handle either interface once the JSON differences are
	papered over in a downstream patch.

	For consistency with other block job commands, libvirt must handle
	the bandwidth argument as MiB/sec from the user, even though qemu
	exposes the speed argument as bytes/sec; then again, qemu rounds
	up to cluster size internally, so using MiB hides the worst effects
	of that rounding if you pass small numbers.

	[1]https://lists.gnu.org/archive/html/qemu-devel/2012-10/msg04123.html

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_DRIVE_MIRROR)
	(QEMU_CAPS_DRIVE_REOPEN): New bits.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	them.
	(qemuMonitorJSONDriveMirror, qemuMonitorDrivePivot): New functions.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDriveMirror)
	(qemuMonitorDrivePivot): Declare them.
	* src/qemu/qemu_monitor.c (qemuMonitorDriveMirror)
	(qemuMonitorDrivePivot): New passthroughs.
	* src/qemu/qemu_monitor.h (qemuMonitorDriveMirror)
	(qemuMonitorDrivePivot): Declare them.

2012-10-27  Laine Stump  <laine@laine.org>

	qemu: fix attach/detach of netdevs with matching mac addrs
	This resolves:

	   https://bugzilla.redhat.com/show_bug.cgi?id=862515

	which describes inconsistencies in dealing with duplicate mac
	addresses on network devices in a domain.

	(at any rate, it resolves *almost* everything, and prints out an
	informative error message for the one problem that isn't solved, but
	has a workaround.)

	A synopsis of the problems:

	1) you can't do a persistent attach-interface of a device with a mac
	address that matches an existing device.

	2) you *can* do a live attach-interface of such a device.

	3) you *can* directly edit a domain and put in two devices with
	matching mac addresses.

	4) When running virsh detach-device (live or config), only MAC address
	is checked when matching the device to remove, so the first device
	with the desired mac address will be removed. This isn't always the
	one that's wanted.

	5) when running virsh detach-interface (live or config), the only two
	items that can be specified to match against are mac address and model
	type (virtio, etc) - if multiple netdevs match both of those
	attributes, it again just finds the first one added and assumes that
	is the only match.

	Since it is completely valid to have multiple network devices with the
	same MAC address (although it can cause problems in many cases, there
	*are* valid use cases), what is needed is:

	1) remove the restriction that prohibits doing a persistent add of a
	netdev with a duplicate mac address.

	2) enhance the backend of virDomainDetachDeviceFlags to check for
	something that *is* guaranteed unique (but still work with just mac
	address, as long as it yields only a single results.

	This patch does three things:

	1) removes the check for duplicate mac address during a persistent
	netdev attach.

	2) unifies the searching for both live and config detach of netdevices
	in the subordinate functions of qemuDomainModifyDeviceFlags() to use the
	new function virDomainNetFindIdx (which matches mac address and PCI
	address if available, checking for duplicates if only mac address was
	specified). This function returns -2 if multiple matches are found,
	allowing the callers to print out an appropriate message.

	Steps 1 & 2 are enough to fully fix the problem when using virsh
	attach-device and detach-device (which require an XML description of
	the device rather than a bunch of commandline args)

	3) modifies the virsh detach-interface command to check for multiple
	matches of mac address and show an error message suggesting use of the
	detach-device command in cases where there are multiple matching mac
	addresses.

	Later we should decide how we want to input a PCI address on the virsh
	commandline, and enhance detach-interface to take a --address option,
	eliminating the need to use detach-device

	* src/conf/domain_conf.c
	* src/conf/domain_conf.h
	* src/libvirt_private.syms
	  * added new virDomainNetFindIdx function
	  * removed now unused virDomainNetIndexByMac and
	    virDomainNetRemoveByMac

	* src/qemu/qemu_driver.c
	  * remove check for duplicate max from qemuDomainAttachDeviceConfig
	  * use virDomainNetFindIdx/virDomainNetRemove instead
	    of virDomainNetRemoveByMac in qemuDomainDetachDeviceConfig
	  * use virDomainNetFindIdx instead of virDomainIndexByMac
	    in qemuDomainUpdateDeviceConfig

	* src/qemu/qemu_hotplug.c
	  * use virDomainNetFindIdx instead of a homespun loop in
	    qemuDomainDetachNetDevice.

	* tools/virsh-domain.c: modified detach-interface command as described
	    above

2012-10-26  Eric Blake  <eblake@redhat.com>

	cpustat: fix regression when cpus are offline
	It turns out that the cpuacct results properly account for offline
	cpus, and always returns results for every possible cpu, not just
	the online ones.  So there is no need to check the map of online
	cpus in the first place, merely only a need to know the maximum
	possible cpu.  Meanwhile, virNodeGetCPUBitmap had a subtle change
	from returning the maximum id to instead returning the width of
	the bitmap (one larger than the maximum id) in commit 2f4c5338,
	which made this code encounter some off-by-one logic leading to
	bad error messages when a cpu was offline:

	$ virsh cpu-stats dom
	error: Failed to virDomainGetCPUStats()

	error: An error occurred, but the cause is unknown

	Cleaning this up unraveled a chain of other unused variables.

	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Drop
	pointless check for cpumap changes, and use correct number of
	cpus.  Simplify signature.
	(qemuDomainGetCPUStats): Adjust caller.
	* src/nodeinfo.h (nodeGetCPUCount): New prototype.
	(nodeGetCPUBitmap): Drop unused parameter.
	* src/nodeinfo.c (nodeGetCPUBitmap): Likewise.
	(nodeGetCPUMap): Adjust caller.
	(nodeGetCPUCount): New function.
	* src/libvirt_private.syms (nodeinfo.h): Export it.

2012-10-26  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check tab violation
	* tools/Makefile.am: Fix tab damage in previous patch.

2012-10-26  Eric Blake  <eblake@redhat.com>

	build: check for pod errors
	Patch 61299a1c fixed a long-standing pod error in the man page.
	But we should be preventing these up front.
	See also https://bugzilla.redhat.com/show_bug.cgi?id=870273

	* tools/Makefile.am (virt-xml-validate.1, virt-pki-validate.1)
	(virt-host-validate.1, virt-sanlock-cleanup.8, virsh.1): Reject
	pod conversion errors.
	* daemon/Makefile.am ($(srcdir)/libvirtd.8.in): Likewise.

2012-10-26  Eric Blake  <eblake@redhat.com>

	build: silence compiler warning about signedness
	Commit 246143b fixed a warning on older gcc, but caused a warning
	on newer gcc.

	../../src/rpc/virnetserverservice.c: In function 'virNetServerServiceNewPostExecRestart':
	../../src/rpc/virnetserverservice.c:277:41: error: pointer targets in passing argument 3 of 'virJSONValueObjectGetNumberUint' differ in signedness [-Werror=pointer-sign]

	* src/rpc/virnetserverservice.c: Use correct types.

2012-10-26  Eric Blake  <eblake@redhat.com>

	build: fix type-punning bug
	With older gcc and 64-bit size_t, the compiler issues a real warning:
	rpc/virnetserverservice.c:277: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	Introduced in commit 0cc79255.  Depending on machine endianness,
	this warning represents a real bug that could mis-interpret the
	value by a factor of 2^32.  I don't know why I couldn't get newer
	gcc to report the same warning message.

	* src/rpc/virnetserverservice.c
	(virNetServerServiceNewPostExecRestart): Use temporary instead.

2012-10-26  Laine Stump  <laine@laine.org>

	parallels: fix build for some older compilers
	Found this when building on RHEL5:

	parallels/parallels_storage.c: In function 'parallelsStorageOpen':
	parallels/parallels_storage.c:180: error: 'for' loop initial declaration used outside C99 mode

	(and similar error in parallels_driver.c). This was in spite of
	configuring with "-Wno-error".

2012-10-26  Philipp Hahn  <hahn@univention.de>

	documentation: HTML tag fix
	Replace '%' by '&' for correct escaping of '>' in Domain specification.

2012-10-26  Peter Krempa  <pkrempa@redhat.com>

	maint: Sort .gitignore
	Sorting of the .gitignore file was broken after the last addition. After
	a clean build the scripts re-sort it making the working tree dirty.

2012-10-26  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix POD syntax
	The first two hunks fix "Unterminated I<...> sequence" error and the
	last one fixes "’=item’ outside of any ’=over’" error.

	virsh: Remove --flags from nodesuspend
	We always expose individual bits from flags as separate options rather
	than exposing a raw flags options. Since virNodeSuspendForDuration does
	not currently support any flags, the only way of using this --flags
	options that would not fail is "--flags 0", which is equivalent to
	omitting the option. Thus it is highly unlikely anyone would actually be
	using it and removing it should be safe.

2012-10-26  Eric Blake  <eblake@redhat.com>

	snapshot: improve snapshot-list error message
	https://bugzilla.redhat.com/show_bug.cgi?id=869100 mentioned some
	confusion about 'virsh snapshot-list' errors.  Clean up a
	misleading error message, and add some documentation.

	* tools/virsh-snapshot.c (cmdSnapshotList): Mention --current
	rather than --from when appropriate.
	* tools/virsh.pod (snapshot-list): Mention that the named starting
	point is NOT part of the list except under --tree.

2012-10-26  Eric Blake  <eblake@redhat.com>

	maint: ignore unsaved emacs files
	I did a 'git add .', then realized that it ended up trying to
	add the emacs lock file for a corresponding file that I had not
	yet saved all my edits; thankfully I noticed it in time.  Since
	we already exclude other temporary files, this makes the most
	sense for preventing such a mistake from actually hitting upstream.

	* .gitignore: Add .#* to the exclude list.

2012-10-25  Cole Robinson  <crobinso@redhat.com>

	daemon: Fix LIBVIRT_DEBUG=1 default output
	This commit changes the behavior of LIBVIRT_DEBUG=1 libvirtd:

	$ git show 7022b09111d4322d21396a70d58320a9ad773962
	commit 7022b09111d4322d21396a70d58320a9ad773962
	Author: Daniel P. Berrange <berrange@redhat.com>
	Date:   Thu Sep 27 13:13:09 2012 +0100

	    Automatically enable systemd journal logging

	    Probe to see if the systemd journal is accessible, and if
	    so enable logging to the journal by default, rather than
	    stderr (current default under systemd).

	Previously  'LIBVIRT_DEBUG=1 /usr/sbin/libvirtd' would show all debug
	output to stderr, now it send debug output to the journal.

	Only use the journal by default if running in daemon mode, or
	if stdin is _not_ a tty. This should make libvirtd launched from
	systemd use the journal, but preserve the old behavior in most
	situations.

2012-10-25  Laine Stump  <laine@laine.org>

	network: fix networkValidate check for default portgroup and vlan
	This was found during testing of the fix for:

	   https://bugzilla.redhat.com/show_bug.cgi?id=868483

	networkValidate was supposed to check for the existence of multiple
	portgroups and report an error if this was encountered. It did, but
	there were two problems:

	1) even though it logged an error, it still returned success, allowing
	the operation to continue.

	2) It could exit the portgroup checking loop early (or possibly not
	even do it once) if a vlan tag was supplied in the base network config
	or one of the portgroups.

	This patch fixes networkValidate to return failure in addition to
	logging the error, and also changes it to not exit the portgroup
	checking loop early. The logic was a bit off in the checking for vlan
	anyway, and it's intertwined with fixing the early loop exit, so I
	fixed that as well. Now it correctly checks for combinations where a
	<virtualport> is specified in the base network def and <vlan> is given
	in a portgroup, as well as the opposite (<vlan> in base network def
	and <virtualport> in portgroup), and ignores the case of a disallowed
	vlan when using *no* portgroup if there is a default portgroup (since
	in that case there is no way to not use any portgroup).

2012-10-25  Eric Blake  <eblake@redhat.com>

	maint: consistent whitespace after 'if'
	Noticed during the review of the previous patch.

	* python/libvirt-override.c: Use space between 'if ('.

2012-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Add python binding
	Added a method getCPUMap to virConnect.
	It can be used as follows:

	import libvirt
	import sys
	import os

	conn = libvirt.openReadOnly(None)
	if conn == None:
	    print 'Failed to open connection to the hypervisor'
	    sys.exit(1)

	try:
	    (cpus, cpumap, online) = conn.getCPUMap(0)
	except:
	    print 'Failed to extract the node cpu map information'
	    sys.exit(1)

	print 'CPUs total %d, online %d' % (cpus, online)
	print 'CPU map %s' % str(cpumap)

	del conn
	print "OK"

	sys.exit(0)

2012-10-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Implement driver support
	Driver support added for:
	- test: pretending 8 host CPUS, 3 being online
	- qemu, lxc, openvz, uml: using nodeGetCPUMap

	virNodeGetCPUMap: Implement support function in nodeinfo
	Added an implemention of virNodeGetCPUMap to nodeinfo.c,
	(nodeGetCPUMap) which can be used by all drivers for a Linux
	hypervisor host.

2012-10-25  Eric Blake  <eblake@redhat.com>

	nodeinfo: improve probing node cpu bitmap
	Callers should not need to know what the name of the file to
	be read in the Linux-specific version of nodeGetCPUmap;
	furthermore, qemu cares about online cpus, not present cpus,
	when determining which cpus to skip.

	While at it, I fixed the fact that we were computing the maximum
	online cpu id by doing a slow iteration, when what we really want
	to know is the max available cpu.

	* src/nodeinfo.h (nodeGetCPUmap): Rename...
	(nodeGetCPUBitmap): ...and simplify signature.
	* src/nodeinfo.c (linuxParseCPUmax): New function.
	(linuxParseCPUmap): Simplify and alter signature.
	(nodeGetCPUBitmap): Change implementation.
	* src/libvirt_private.syms (nodeinfo.h): Reflect rename.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Update
	caller.

2012-10-25  Eric Blake  <eblake@redhat.com>

	bitmap: add virBitmapCountBits
	Sometimes it's handy to know how many bits are set.

	* src/util/bitmap.h (virBitmapCountBits): New prototype.
	(virBitmapNextSetBit): Use correct type.
	* src/util/bitmap.c (virBitmapNextSetBit): Likewise.
	(virBitmapSetAll): Maintain invariant of clear tail bits.
	(virBitmapCountBits): New function.
	* src/libvirt_private.syms (bitmap.h): Export it.
	* tests/virbitmaptest.c (test2): Test it.

2012-10-25  Jiri Denemark  <jdenemar@redhat.com>

	Fix build with apparmor
	Recent storage patches changed signature of virStorageFileGetMetadata
	and replaced chain with backingChain in virDomainDiskDef.

2012-10-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Update version checks for vSphere 5.1
	Also remove warnings for upcoming versions. There hadn't been any
	compatibility problems with new ESX version over the whole lifetime
	of the ESX driver, so I don't expect any in the future.

	Update documentation to mention vSphere 5.x support.

2012-10-24  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add recently added cpu feature flags.
	Qemu has added some new feature flags. This patch adds them to libvirt.

	The new features are for the cpuid function 0x7 that takes an argument
	in the ecx register. Currently only 0x0 is used as the argument so I was
	lazy and I just clear the registers to 0 before calling cpuid. In future
	when there maybe will be some other possible arguments, we will need to
	improve the cpu detection code to take this into account.

2012-10-24  Osier Yang  <jyang@redhat.com>

	qemu: Prohibit chaning affinity of domain process if placement is 'auto'
	On one hand, numad probably will manage the affinity of domain process
	dynamically in future. On the other hand, even numad won't manage it,
	it still could confusion. Let's make things simpler enough to avoid
	the lair for now.

2012-10-24  Osier Yang  <jyang@redhat.com>

	qemu: Keep the affinity when creating cgroup for emulator thread
	When the cpu placement model is "auto", it sets the affinity for
	domain process with the advisory nodeset from numad, however,
	creating cgroup for the domain process (called emulator thread
	in some contexts) later overrides that with pinning it to all
	available pCPUs.

	How to reproduce:

	  * Configure the domain with "auto" placement for <vcpu>, e.g.
	    <vcpu placement='auto'>4</vcpu>
	  * % virsh start dom
	  * % cat /proc/$dompid/status

	Though the emulator cgroup cause conflicts, but we can't simply
	prohibit creating it, as other tunables are still useful, such
	as "emulator_period", which is used by API
	virDomainSetSchedulerParameter. So this patch doesn't prohibit
	creating the emulator cgroup, but inherit the nodeset from numad,
	and reset the affinity for domain process.

	* src/qemu/qemu_cgroup.h: Modify definition of qemuSetupCgroupForEmulator
	                          to accept the passed nodenet
	* src/qemu/qemu_cgroup.c: Set the affinity with the passed nodeset

2012-10-24  Osier Yang  <jyang@redhat.com>

	qemu: Add helper to prepare cpumap for affinity setting
	Abstract the codes to prepare cpumap into a helper a function,
	which can be used later.

	* src/qemu/qemu_process.h: Declare qemuPrepareCpumap
	* src/qemu/qemu_process.c: Implement qemuPrepareCpumap, and use it.

2012-10-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Implement virsh support.
	- Added a new host command nodecpumap
	- Added documentation

	Example:
	$ virsh nodecpumap
	CPUs present:  8
	CPUs online:   3
	CPU map:       y-y-y---

2012-10-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	libvirt.h.in: Add new cpumap macro VIR_CPU_USED
	New macro VIR_CPU_USED added to facilitate the interpretation of
	cpu maps.
	Further, hardened the other cpumap macros against invocations
	like VIR_CPU_USE(cpumap + 1, cpu)

	virNodeGetCPUMap: Implement wire protocol.
	- Defined the wire protocol format for virNodeGetCPUMap and its
	  arguments
	- Implemented remote method invocation (remoteNodeGetCPUMap)
	- Implemented method dispatcher (remoteDispatchNodeGetCPUMap)

2012-10-24  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virNodeGetCPUMap: Define public API.
	Adding a new API to obtain information about the
	host node's present, online and offline CPUs.

	int virNodeGetCPUMap(virConnectPtr conn,
	                     unsigned char **cpumap,
	                     unsigned int *online,
	                     unsigned int flags);

	The function will return the number of CPUs present on the host
	or -1 on failure;
	If cpumap is non-NULL virNodeGetCPUMap will allocate an array
	containing a bit map representation of the online CPUs. It's
	the callers responsibility to deallocate cpumap using free().
	If online is non-NULL, the variable pointed to will contain
	the number of online host node CPUs.
	The variable flags has been added to support future extensions
	and must be set to 0.

	Extend the driver structure by nodeGetCPUMap entry in support of the
	new API virNodeGetCPUMap.
	Added implementation of virNodeGetCPUMap to libvirt.c

2012-10-23  Eric Blake  <eblake@redhat.com>

	header: declare node memory parameter handling earlier
	Commit 12ad7435 added new functions (virNodeGetMemoryParameters,
	virNodeSetMemoryParameters) into the section of the file reserved
	for deprecated names.  Fix this by moving things earlier; split
	into two patches to make git diff easier to read.

	* include/libvirt/libvirt.h.in: Move virNodeGetMemoryParameters
	and friends earlier, add a note to prevent relapse.

2012-10-23  Eric Blake  <eblake@redhat.com>

	header: declare typed parameter handling earlier
	Commit 12ad7435 added new functions (virNodeGetMemoryParameters,
	virNodeSetMemoryParameters) into the section of the file reserved
	for deprecated names.  Fix this by moving things earlier; split
	into two patches to make git diff easier to read.

	* include/libvirt/libvirt.h.in: Move virTypedParameter earlier.

2012-10-23  Eric Blake  <eblake@redhat.com>

	build: improve FORTIFY_SOURCE usage
	Based on this coreutils bug report, since coreutils copied what
	libvirt had done:
	https://lists.gnu.org/archive/html/bug-coreutils/2012-10/msg00121.html

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Allow
	for user to pre-define _FORTIFY_SOURCE.

2012-10-23  Kyle Mestery  <kmestery@cisco.com>

	qemu_migration: Transport OVS per-port data during live migration
	Transport Open vSwitch per-port data during live
	migration by using the utility functions
	virNetDevOpenvswitchGetMigrateData() and
	virNetDevOpenvswitchSetMigrateData().

	openvswitch: Add utility functions for getting and setting Open vSwitch per-port data
	Add utility functions for Open vSwitch to both save
	per-port data before a live migration, and restore the
	per-port data after a live migration.

	qemu_migration: Add hooks to transport network data during migration
	Add the ability for the Qemu V3 migration protocol to
	include transporting network configuration. A generic
	framework is proposed with this patch to allow for the
	transfer of opaque data.

2012-10-23  Jim Fehlig  <jfehlig@suse.com>

	Fix detection of Xen sysctl version 9
	In commit 371ddc98, I mistakenly added the check for sysctl
	version 9 after setting the hypercall version to 1, which will
	fail with

	error : xenHypervisorDoV1Op:967 : Unable to issue hypervisor
	ioctl 3166208: Function not implemented

	This check should be included along with the others that use
	hypercall version 2.

2012-10-23  Cole Robinson  <crobinso@redhat.com>

	selinux: Don't fail RestoreAll if file doesn't have a default label
	When restoring selinux labels after a VM is stopped, any non-standard
	path that doesn't have a default selinux label causes the process
	to stop and exit early. This isn't really an error condition IMO.

	Of course the selinux API could be erroring for some other reason
	but hopefully that's rare enough to not need explicit handling.

	Common example here is storing disk images in a non-standard location
	like under /mnt.

2012-10-23  Eric Blake  <eblake@redhat.com>

	build: print uids as unsigned
	Reported by Michal Privoznik.

	* src/security/security_dac.c (virSecurityDACGenLabel): Use
	correct format.

2012-10-23  Ján Tomko  <jtomko@redhat.com>

	xml: omit domain name from comment if it contains double hyphen
	We put a comment containing "virsh edit <domain_name>" at the start of
	the XML. W3C recommendation forbids the use of "--" in comments [1] and
	libvirt can't parse it either. This patch omits the domain name if it
	contains a double hyphen.

	[1] http://www.w3.org/TR/REC-xml/#sec-comments

2012-10-23  Ján Tomko  <jtomko@redhat.com>

	storage: don't shadow global 'wait' declaration
	Rename the 'wait' parameter to 'loop'.
	This silences the warning:
	storage/storage_backend.c:1348:34: error: declaration of 'wait' shadows
	a global declaration [-Werror=shadow]
	and fixes the build with -Werror.
	--
	Note: loop is pool backwards.

2012-10-23  Christophe Fergeau  <cfergeau@redhat.com>

	Fix disabling of apparmor/selinux security drivers
	When using --without-$name --without-secdriver-$name with $name being
	selinux or apparmor, configure will fail saying that AppArmor/SELinux
	development package must be installed.
	This is caused by a small bug in --with-secdriver-$name handling in
	configure.ac which treats --without-secdriver-$name when $name as if the
	user had requested to enable $name when $name couldn't be detected on
	the system.

	This commit also makes sure the detection checks for disabled
	secdrivers do not needlessly get run, especially as this could
	cause an error as well in --with-$name --without-secdriver-$name
	situations.

2012-10-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, prior to freeze.

2012-10-22  Eric Blake  <eblake@redhat.com>

	snapshot: sanity check when reusing file for snapshot
	The snapshot code when reusing an existing file had hard-to-read
	logic, as well as a missing sanity check: REUSE_EXT should require
	the destination to already be present.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare): Require
	destination on REUSE_EXT, rename variable for legibility.

2012-10-22  Eric Blake  <eblake@redhat.com>

	build: use correct printf types for uid/gid
	Fixes a build failure on cygwin:
	cc1: warnings being treated as errors
	security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
	security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 7 has type 'uid_t' [-Wformat]
	security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 8 has type 'gid_t' [-Wformat]

	* src/security/security_dac.c (virSecurityDACSetProcessLabel)
	(virSecurityDACGenLabel): Use proper casts.

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	Remove a couple duplicates from AUTHORS.in

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	storage: Don't do wait loops from VolLookupByPath
	virStorageVolLookupByPath is an API call that virt-manager uses
	quite a bit when dealing with storage. This call use BackendStablePath
	which has several usleep() heuristics that can be tripped up
	and hang virt-manager for a while.

	Current example: an empty mpath pool pointing to /dev/mapper makes
	_any_ calls to virStorageVolLookupByPath take 5 seconds.

	The sleep heuristics are actually only needed in certain cases
	when we are waiting for new storage to appear, so let's skip the
	timeout steps when calling from LookupByPath.

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	spec: Fix multilib issue with systemtap tapsets
	If building on a 64bit host, rename the affected tapsets to <name>-64.stp.
	This is similar to what the python package does in fedora.

	https://bugzilla.redhat.com/show_bug.cgi?id=831425

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	docs: Fix installation of internals/*.html
	We were just installing them in the top level html directory, which
	broke navigation and overwrote other pages.

	https://bugzilla.redhat.com/show_bug.cgi?id=837825

2012-10-22  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't use -enable-nesting with qemu 1.2.0+
	Since the option doesn't exist. Fixes booting with
	cpu mode='host-model' and qemu 1.2.0

2012-10-22  Doug Goldstein  <cardoe@cardoe.com>

	qemu: Don't blindly assume VNC is supported
	Currently it's assumed that qemu always supports VNC, however it is
	definitely possible to compile qemu without VNC support so we should at
	the very least check for it and handle that correctly.

	test: Don't assume VNC is always available
	Several tests assume that VNC is always available and include it in
	their configs and the expected command line. The tests have nothing to
	do with graphics display so they shouldn't rely on VNC.

2012-10-22  Eric Blake  <eblake@redhat.com>

	storage: let format probing work on root-squash NFS
	Yet another instance of where using plain open() mishandles files
	that live on root-squash NFS, and where improving the API can
	improve the chance of a successful probe.

	* src/util/storage_file.h (virStorageFileProbeFormat): Alter
	signature.
	* src/util/storage_file.c (virStorageFileProbeFormat): Use better
	method for opening file.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Update caller.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

2012-10-22  Osier Yang  <jyang@redhat.com>

	virsh: Fix segfault of snapshot-list
	'snaps' is used after free()'ed.

2012-10-22  Ján Tomko  <jtomko@redhat.com>

	migrate: v2: use VIR_DOMAIN_XML_MIGRATABLE when available
	In v2 migration protocol, XML is obtained by calling domainGetXMLDesc.
	This includes the default USB controller in XML, which breaks migration
	to older libvirt (before 0.9.2).

	Commit 409b5f549530e7b3a33f4505f2cad2e26896107c
	    qemu: Emit compatible XML when migrating a domain
	only fixed this for v3 migration.

	This patch uses the new VIR_DOMAIN_XML_MIGRATABLE flag (detected by
	VIR_DRV_FEATURE_XML_MIGRATABLE) to obtain XML without the default controller,
	enabling backward v2 migration.

2012-10-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: set seamless migration capability
	As we switched to setting capabilities based on QMP communication,
	qemu seamless-migration capability was not set. In the -help output
	this knob is called seamless-migration=[on|off]. The equivalent in
	QMP world is SPICE_MIGRATE_COMPLETED event (qemu upstream commit
	2fdd16e2).

2012-10-22  Osier Yang  <jyang@redhat.com>

	qemu: Fix the unused parameter which causes the build failure

	qemu: Cleanup the unused 'nodeinfo'
	"nodeinfo" is not used in these two functions, and it's waste
	of goto in qemuProcessSetEmulatorAffinites

2012-10-21  Cole Robinson  <crobinso@redhat.com>

	docs: virsh: clarify behavior of send-key
	https://bugzilla.redhat.com/show_bug.cgi?id=860004

	Log parameters passed to virFileMakePath

	Log file name passed to virConfReadFile

2012-10-21  Cole Robinson  <crobinso@redhat.com>

	daemon: Avoid 'Could not find keytab file' in syslog
	On F17 at least, every time libvirtd starts we get this in syslog:

	libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory

	This comes from cyrus-sasl, and happens regardless of whether the
	gssapi plugin is requested, which is what actually uses
	/etc/libvirt/krb5.tab.

	While cyrus-sasl shouldn't complain, we can easily make it shut up by
	commenting out the keytab value by default.

	Also update the keytab comment to the more modern one from qemu's
	sasl config file.

2012-10-21  Laine Stump  <laine@laine.org>

	network: don't allow multiple default portgroups
	This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483

	virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three
	allow network definitions to contain multiple <portgroup> elements
	with default='yes'. Only a single default portgroup should be allowed
	for each network.

	This patch updates networkValidate() (called by both
	virNetworkCreate() and virNetworkDefine()) and
	virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not
	allow multiple default portgroups.

2012-10-21  Laine Stump  <laine@laine.org>

	network: always create dnsmasq hosts and addnhosts files, even if empty
	This fixes the problem reported in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=868389

	Previously, the dnsmasq hosts file (used for static dhcp entries, and
	addnhosts file (used for additional dns host entries) were only
	created/referenced on the dnsmasq commandline if there was something
	to put in them at the time the network was started. Once we can update
	a network definition while it's active (which is now possible with
	virNetworkUpdate), this is no longer a valid strategy - if there were
	0 dhcp static hosts (resulting in no reference to the hosts file on the
	commandline), then one was later added, the commandline wouldn't have
	linked dnsmasq up to the file, so even though we create it, dnsmasq
	doesn't pay any attention.

	The solution is to just always create these files and reference them
	on the dnsmasq commandline (almost always, anyway). That way dnsmasq
	can notice when a new entry is added at runtime (a SIGHUP is sent to
	dnsmasq by virNetworkUdpate whenever a host entry is added or removed)

	The exception to this is that the dhcp static hosts file isn't created
	if there are no lease ranges *and* no static hosts. This is because in
	this case dnsmasq won't be setup to listen for dhcp requests anyway -
	in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq
	will need to be restarted anyway (to get it listening on the dhcp
	port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there
	are no dhcp ranges) we need to restart dnsmasq so that it will stop
	listening on port 67. These special situations are handled in the
	bridge driver's networkUpdate() by checking for ((bool)
	nranges||nhosts) both before and after the update, and triggering a
	dnsmasq restart if the before and after don't match.

2012-10-20  Laine Stump  <laine@laine.org>

	network: free/null newDef if network fails to start
	https://bugzilla.redhat.com/show_bug.cgi?id=866364

	pointed out a crash due to virNetworkObjAssignDef free'ing
	network->newDef without NULLing it afterward. A fix for this is in
	upstream commit b7e9202401ebaa039b8f05acdefda8c24081537a. While the
	NULLing of newDef was a legitimate fix, newDef should have already
	been empty (NULL) anyway (as indicated in the comment that was deleted
	by that commit).

	The reason that newDef had a non-NULL value (i.e. the root cause) was
	that networkStartNetwork() had failed after populating
	network->newDef, but then neglected to free/NULL newDef in the
	cleanup.

	(A bit of background here: network->newDef should contain the
	persistent config of a network when a network is active (and of course
	only when it is persisten), and NULL at all other times. There is also
	a network->def which should contain the persistent definition of the
	network when it is inactive, and the current live state at all other
	times. The idea is that you can make changes to network->newDef which
	will take effect the next time the network is restarted, but won't
	mess with the current state of the network (virDomainObj has a similar
	pair of virDomainDefs that behave in the same fashion). Personally I
	think there should be a network->live and network->config, and the
	location of the persistent config should *always* be in
	network->config, but that's for a later cleanup).

	Since I love things to be symmetric, I created a new function called
	virNetworkObjUnsetDefTransient(), which reverses the effects of
	virNetworkObjSetDefTransient(). I don't really like the name of the
	new function, but then I also didn't really like the name of the old
	one either (it's just named that way to match a similar function in
	the domain conf code).

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: avoid segv on early error
	Gcc with optimization warns:
	../../src/qemu/qemu_driver.c: In function 'qemuDomainBlockCommit':
	../../src/qemu/qemu_driver.c:12813:46: error: 'disk' may be used uninitialized in this function [-Werror=maybe-uninitialized]
	../../src/qemu/qemu_driver.c:12698:25: note: 'disk' was declared here
	cc1: all warnings being treated as errors

	so obviously I had only been testing with optimization off.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Guard cleanup.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: properly label disks for qemu block-commit
	I finally have all the pieces in place to perform a block-commit with
	SELinux enforcing.  There's still missing cleanup work when the commit
	completes, but doing that requires tracking both the backing chain and
	the base and top files within that chain in domain XML across libvirtd
	restarts.  Furthermore, from a security standpoint, once you have
	granted access, you must assume any damage that can be done will be
	done; later revoking access is nice to minimize the window of damage,
	but less important as it does not affect the fact that damage can be
	done in the first place.  Therefore, deferring the revoke efforts until
	we have better XML tracking of what chain operations are in effect,
	including across a libvirtd restart, is reasonable.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Label disks as
	needed.
	(qemuDomainPrepareDiskChainElement): Cast away const.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: refactor qemu disk chain permission grants
	Previously, snapshot code did its own permission granting (lock
	manager, cgroup device controller, and security manager labeling)
	inline.  But now that we are adding block-commit and block-copy
	which also have to change permissions, it's better to reuse
	common code for the task.  While snapshot should fall back to
	no access if read-write access failed, block-commit will want to
	fall back to read-only access.  The common code doesn't know
	whether failure to grant read-write access should revert to no
	access (snapshot, block-copy) or read-only access (block-commit).
	This code can also be used to revoke access to unused files after
	block-pull.

	It might be nice to clean things up in a future patch by adding
	new functions to the lock manager, cgroup manager, and security
	manager that takes a single file name and applies context of a
	disk to that file, rather than the current semantics of applying
	context to the entire chain already associated to a disk.  That
	way, we could avoid the games this patch plays of temporarily
	swapping out the disk->src and related fields of the disk.  But
	that would involve more code changes, so this patch really is
	the smallest hack for doing the necessary work; besides, this
	patch is more or less code motion (the hack was already employed
	by the snapshot creation code, we are just making it reusable).

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Refactor labeling hacks...
	(qemuDomainPrepareDiskChainElement): ...into new function.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: implement shallow commit flag in qemu
	Now that we can crawl the chain of backing files, we can do
	argument validation and implement the 'shallow' flag.  In
	testing this, I discovered that it can be handy to pass the
	shallow flag and an explicit base, as a means of validating
	that the base is indeed the file we expected.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): Crawl through
	chain to implement shallow flag.
	* src/libvirt.c (virDomainBlockCommit): Relax API.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: wire up online qemu block-commit
	This is the bare minimum to kick off a block commit.  In particular,
	flags support is missing (shallow requires us to crawl the backing
	chain to determine the file name to pass to the qemu monitor command;
	delete requires us to track what needs to be deleted at the time
	the completion event fires).  Also, we are relying on qemu to do
	error checking (such as validating 'top' and 'base' as being members
	of the backing chain), including the fact that the current qemu code
	does not support committing the active layer (although it is still
	planned to add that before qemu 1.3).  Since the active layer won't
	change, we have it easy and do not have to alter the domain XML.
	Additionally, this will fail if SELinux is enforcing, because we fail
	to grant qemu proper read/write access to the files it will modify.

	* src/qemu/qemu_driver.c (qemuDomainBlockCommit): New function.
	(qemuDriver): Register it.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: manage qemu block-commit monitor command
	qemu 1.3 will be adding a 'block-commit' monitor command, per
	qemu.git commit ed61fc1.  It matches nicely to the libvirt API
	virDomainBlockCommit.

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCK_COMMIT): New bit.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeQMPCommands): Set it.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockCommit): New prototype.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockCommit):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockCommit): Implement it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockCommit):
	Likewise.
	(qemuMonitorJSONHandleBlockJobImpl)
	(qemuMonitorJSONGetBlockJobInfoOne): Handle new event type.

2012-10-20  Eric Blake  <eblake@redhat.com>

	blockjob: remove unused parameters after previous patch
	Minor cleanup made possible by previous simplifications.

	* src/qemu/qemu_cgroup.h (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup): Alter signature.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup, qemuSetupCgroup): Update all uses.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice)
	(qemuDomainDetachDiskDevice): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
	(qemuDomainChangeDiskMediaLive)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: use cache to walk backing chain
	We used to walk the backing file chain at least twice per disk,
	once to set up cgroup device whitelisting, and once to set up
	security labeling.  Rather than walk the chain every iteration,
	which possibly includes calls to fork() in order to open root-squashed
	NFS files, we can exploit the cache of the previous patch.

	* src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter
	signature.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller
	to supply backing chain via disk, if recursion is desired.
	* src/security/security_dac.c
	(virSecurityDACSetSecurityImageLabel): Adjust caller.
	* src/security/security_selinux.c
	(virSecuritySELinuxSetSecurityImageLabel): Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
	(qemuTeardownDiskCgroup): Likewise.
	(qemuSetupCgroup): Pre-populate chain.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: cache backing chain while qemu domain is live
	Technically, we should not be re-probing any file that qemu might
	be currently writing to.  As such, we should cache the backing
	file chain prior to starting qemu.  This patch adds the cache,
	but does not use it until the next patch.

	Ultimately, we want to also store the chain in domain XML, so that
	it is remembered across libvirtd restarts, and so that the only
	kosher way to modify the backing chain of an offline domain will be
	through libvirt API calls, but we aren't there yet.  So for now, we
	merely invalidate the cache any time we do a live operation that
	alters the chain (block-pull, block-commit, external disk snapshot),
	as well as tear down the cache when the domain is not running.

	* src/conf/domain_conf.h (_virDomainDiskDef): New field.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Clean new field.
	* src/qemu/qemu_domain.h (qemuDomainDetermineDiskChain): New
	prototype.
	* src/qemu/qemu_domain.c (qemuDomainDetermineDiskChain): New
	function.
	* src/qemu/qemu_driver.c (qemuDomainAttachDeviceDiskLive)
	(qemuDomainChangeDiskMediaLive): Pre-populate chain.
	(qemuDomainSnapshotCreateSingleDiskActive): Uncache chain before
	snapshot.
	* src/qemu/qemu_process.c (qemuProcessHandleBlockJob): Update
	chain after block pull.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: make it easier to find file within chain
	In order to temporarily label files read/write during a commit
	operation, we need to crawl the backing chain and find the absolute
	file name that needs labeling in the first place, as well as the
	name of the file that owns the backing file.

	* src/util/storage_file.c (virStorageFileChainLookup): New
	function.
	* src/util/storage_file.h: Declare it.
	* src/libvirt_private.syms (storage_file.h): Export it.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: remember relative names in backing chain
	In order to search for a backing file name as literally present
	in a chain, we need to remember if the chain had relative names.
	Also, searching for absolute names is easier if we only have
	to canonicalize once, rather than on every iteration.

	* src/util/storage_file.h (_virStorageFileMetadata): Add field.
	* src/util/storage_file.c (virStorageFileGetMetadataFromBuf):
	(virStorageFileFreeMetadata): Manage it
	(absolutePathFromBaseFile): Store absolute names in canonical form.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: don't require caller to pre-allocate metadata struct
	Requiring pre-allocation was an unusual idiom.  It allowed iteration
	over the backing chain to use fewer mallocs, but made one-shot
	clients harder to read.  Also, this makes it easier for a future
	patch to move away from opening fds on every iteration over the chain.

	* src/util/storage_file.h (virStorageFileGetMetadataFromFD): Alter
	signature.
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Allocate
	return value.
	 (virStorageFileGetMetadata): Update clients.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: get entire metadata chain in one call
	Previously, no one was using virStorageFileGetMetadata, and for good
	reason - it couldn't support root-squash NFS.  Change the signature
	and make it useful to future patches, including enhancing the metadata
	to recursively track the entire chain.

	* src/util/storage_file.h (_virStorageFileMetadata): Add field.
	(virStorageFileGetMetadata): Alter signature.
	* src/util/storage_file.c (virStorageFileGetMetadata): Rewrite.
	(virStorageFileGetMetadataRecurse): New function.
	(virStorageFileFreeMetadata): Handle recursion.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: don't probe non-files
	Backing chains can end on a network protocol, such as nbd:xxx; we
	should not attempt to probe the file system in this case.

	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Only probe files.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: use enum for snapshot driver type
	This is the last use of raw strings for disk formats throughout
	the src/conf directory.

	* src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Store enum
	rather than string for disk type.
	* src/conf/snapshot_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, virDomainSnapshotDefFormat):
	Adjust users.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive): Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: use enum for disk driver type
	Actually use the enum in the domain conf structure.

	* src/conf/domain_conf.h (_virDomainDiskDef): Store enum rather
	than string for disk type.
	* src/conf/domain_conf.c (virDomainDiskDefFree)
	(virDomainDiskDefParseXML, virDomainDiskDefFormat)
	(virDomainDiskDefForeachPath): Adjust users.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk):
	Likewise.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* src/vbox/vbox_tmpl.c (vboxAttachDrives): Likewise.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: use enum for default driver type
	Express the default disk type as an enum, for easier handling.

	* src/conf/capabilities.h (_virCaps): Store enum rather than
	string for disk type.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML): Adjust
	clients.
	* src/qemu/qemu_driver.c (qemuCreateCapabilities): Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: match RNG to supported driver types
	At one point, the code passed through arbitrary strings for file
	formats, which supposedly lets qemu handle a new file type even
	before libvirt has been taught to handle it.  However, to properly
	label files, libvirt has to learn the file type anyway, so we
	might as well make our life easier by only accepting file types
	that we are prepared to handle.  This patch lets the RNG validation
	ensure that only known strings are let through.

	* docs/schemas/domaincommon.rng (driverFormat): Limit to list of
	supported strings.
	* docs/schemas/domainsnapshot.rng (driver): Likewise.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: treat 'aio' like 'raw' at parse time
	We have historically allowed 'aio' as a synonym for 'raw' for
	back-compat to xen, but since a future patch will move to using
	an enum value, we have to pick one to be our preferred output
	name.  This is a slight change in the output XML, but the sexpr
	and xm outputs should still be identical, and the input XML can
	still use either form.

	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Move aio
	back-compat...
	(virDomainDiskDefParseXML): ...to parse time.
	* src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenFormatSxprDisk): ...and
	to output time.
	* src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise.
	* tests/sexpr2xmldata/sexpr2xml-*.xml: Update tests.

2012-10-20  Eric Blake  <eblake@redhat.com>

	storage: list more file types
	When an image has no backing file, using VIR_STORAGE_FILE_AUTO
	for its type is a bit confusing.  Additionally, a future patch
	would like to reserve a default value for the case of no file
	type specified in the XML, but different from the current use
	of -1 to imply probing, since probing is not always safe.

	Also, a couple of file types were missing compared to supported
	code: libxl supports 'vhd', and qemu supports 'fat' for directories
	passed through as a file system.

	* src/util/storage_file.h (virStorageFileFormat): Add
	VIR_STORAGE_FILE_NONE, VIR_STORAGE_FILE_FAT, VIR_STORAGE_FILE_VHD.
	* src/util/storage_file.c (virStorageFileMatchesVersion): Match
	documentation when version probing not supported.
	(cowGetBackingStore, qcowXGetBackingStore, qcow1GetBackingStore)
	(qcow2GetBackingStoreFormat, qedGetBackingStore)
	(virStorageFileGetMetadataFromBuf)
	(virStorageFileGetMetadataFromFD): Take NONE into account.
	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Likewise.
	* src/conf/storage_conf.c (virStorageVolumeFormatFromString): New
	function.
	(poolTypeInfo): Use it.

2012-10-19  Cole Robinson  <crobinso@redhat.com>

	Autogenerate AUTHORS
	AUTHORS.in tracks the maintainers, as well as some folks who were
	previously in AUTHORS but don't have a git commit with proper
	attribution.

	Generated output is sorted alphabetically and lacks pretty spacing, so
	tweak AUTHORS.in to follow the same format.

	Additionally, drop the syntax-check rule that previously validated
	AUTHORS against git log.

2012-10-19  Guannan Ren  <gren@redhat.com>

	selinux: relabel tapfd in qemuPhysIfaceConnect
	Relabeling tapfd right after the tap device is created.
	qemuPhysIfaceConnect is common function called both for static
	netdevs and for hotplug netdevs.

2012-10-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not require hostuuid in migration cookie
	Having hostuuid in migration cookie is a nice bonus since it provides an
	easy way of detecting migration to the same host. However, requiring it
	breaks backward compatibility with older libvirt releases.

	qemu: Allow migration with host USB devices
	Recently, patches were added support for (managed)saving, restoring, and
	migrating domains with host USB devices. However, qemu driver would
	still forbid migration of such domains because qemuMigrationIsAllowed
	was not updated.

2012-10-19  Guido Günther  <agx@sigxcpu.org>

	qemu: Set arch to i686 if qemu-system-i386 is found
	If we can't probe the architecture from QMP we parse the architecture
	from the qemu binaries name. This results in the architecture being i386
	instead of i686 which then results in QEMU_CAPS_PCI_MULTIBUS being unset
	which gives a broken qemu command line.

	This probably didn't show up earlier since most of the time there's also
	a /usr/bin/qemu around which results in i686 capabilities.

2012-10-19  Guido Günther  <agx@sigxcpu.org>

	qemu: Don't fail without emulatorpin or cpumask
	This unbreaks qemu:///session that got broken by
	ba63d8f7d843461f77a8206c1ef9da38388713e5.

2012-10-18  Michal Privoznik  <mprivozn@redhat.com>

	network: Set to NULL after virNetworkDefFree()
	which frees all allocated memory but doesn't set the passed pointer to
	NULL.  Therefore, we must do it ourselves. This is causing actual
	libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should
	be dropped.  And the memory is freed, indeed. However, the pointer is
	not set to NULL but kept instead. And the next duo of calls 'virsh
	net-start' and 'virsh net-destroy' starts the disaster. The latter one
	does the same as 'virsh destroy'; it sees that newDef is nonNULL so it
	replaces def with newDef (which has been freed already as said a few
	lines above). Therefore any subsequent call accessing def will hit the ground.

2012-10-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	dist: added cpu/cpu_ppc_data.h to Makefile.am
	Missing entry for cpu_ppc_data.h added to fix RPM build.

2012-10-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always format CPU topology
	When libvirt cannot find a suitable CPU model for host CPU (easily
	reproducible by running libvirt in a guest), it would not provide CPU
	topology in capabilities XML either. Even though CPU topology is known
	and can be queried by virNodeGetInfo. With this patch, CPU topology will
	always be provided in capabilities XML regardless on the presence of CPU
	model.

	spec: Fix dependency for lock-sanlock subpackage
	This should not make a big difference in real world since libvirt-daemon,
	which is already required by libvirt-lock-sanlock, requires
	libvirt-client and thus libvirt-lock-sanlock gets this dependency
	transitively. However, since libvirt-lock-sanlock contains
	sanlock_helper binary linked to libvirt.so, we should start requiring
	libvirt-client directly.

2012-10-18  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for HyperV Enlightenment feature "relaxed"
	This patch adds QEMU support for the "relaxed" feature implemented by
	previous patch.

2012-10-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Add support for HyperV Enlightenment features
	Hypervisors are starting to support HyperV Enlightenment features that
	improve behavior of guests running Microsoft Windows operating systems.

	This patch adds support for the "relaxed" feature that improves timer
	behavior and also establishes a framework to add these features in
	future.

2012-10-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Make tri-state feature options more universal
	The apic-eoi feature enum and implementation can be made more universal
	to allow re-use of the enum for other features.

2012-10-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Correctly wait for spice to migrate
	Currently we query-spice after the main migration has completed
	before moving to next state. Qemu reports this as boolean (not
	enclosed within quotes). Therefore it is not correct to use
	virJSONValueObjectGetString but virJSONValueObjectGetBoolean instead.

2012-10-18  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Fixed default machine detection in qemuCapsParseMachineTypesStr
	The machine in the last output line of <qemu-binary> -M ?
	was always reported as default machine even if this wasn't the
	actual default. Trivial fix.

2012-10-17  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Pin the emulator when only cpuset is specified
	According to our recent changes (clarifications), we should be pinning
	qemu's emulator processes using the <vcpu> 'cpuset' attribute in case
	there is no <emulatorpin> specified.  This however doesn't work
	entirely as expected and this patch should resolve all the remaining
	issues.

2012-10-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Clear async job when p2p migration fails early
	When p2p migration fails early because qemuMigrationIsAllowed or
	qemuMigrationIsSafe say migration should be cancelled, we fail to clear
	the migration-out async job. As a result of that, further APIs called
	for the same domain may fail with Timed out during operation: cannot
	acquire state change lock.

	Reported by Guido Winkelmann.

2012-10-17  Doug Goldstein  <cardoe@cardoe.com>

	interface: add virInterfaceGetXMLDesc() in udev
	Added support for retrieving the XML defining a specific interface via
	the udev based backend to virInterface. Implement the following APIs
	for the udev based backend:
	* virInterfaceGetXMLDesc()

	Note: Does not support bond devices.

2012-10-17  Michal Privoznik  <mprivozn@redhat.com>

	AUTHORS: Remove double entry
	I've accidentally added Li Zhang <zhlcindy@linux.vnet.ibm.com> to
	AUTHORS, even if he already was there.

2012-10-17  Li Zhang  <zhlcindy@gmail.com>

	Doc-fix for PowerPC CPU model driver
	There are some descriptions not right in PowerPC CPU model driver.
	This patch is to fix them.

	Acked-by: Michal Privoznik <mprivozn@redhat.com>

2012-10-17  Li Zhang  <zhlcindy@gmail.com>

	Implement CPU model driver for PowerPC
	Currently, the CPU model driver is not implemented for PowerPC.
	Host's CPU information is needed to exposed to guests' XML file some
	time.

	This patch is to implement the callback functions of CPU model driver.

	Acked-by: Michal Privoznik <mprivozn@redhat.com>

2012-10-17  Li Zhang  <zhlcindy@gmail.com>

	Add one file cpu_ppc_data.h to define CPU data for PPC
	CPU version can be got by PVR on PowerPC. So this PVR is defined in
	the CPU data in cpuData structure.

	Acked-by: Michal Privoznik <mprivozn@redhat.com>

2012-10-17  Guannan Ren  <gren@redhat.com>

	selinux: remove unused variables in socket labelling

2012-10-17  Guannan Ren  <gren@redhat.com>

	selinux: fix wrong tapfd relablling
	It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
	rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
	(commit ae368ebfcc4923d0b32e83d4ca96a6f599625785 introduced this bug)

	Caution: The context of the two hunks is identical other than indentation.
	Please be extremely cautious of where the patch gets applied.

2012-10-17  Cole Robinson  <crobinso@redhat.com>

	storage: lvm: lvcreate fails with allocation=0, don't do that
	On F17 at least, this command fails:

	$ sudo /usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt
	  Unable to create new logical volume with no extents

	Which is unfortunate since allocation=0 is what virt-manager tries to use
	by default.

	Rather than telling the user 'don't do that', let's just give them the
	smallest allocation possible if alloc=0 is requested.

	https://bugzilla.redhat.com/show_bug.cgi?id=866481

2012-10-17  Cole Robinson  <crobinso@redhat.com>

	storage: lvm: Don't overwrite lvcreate errors
	Before:
	$ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0
	error: Failed to create vol sparsetest
	error: internal error Child process (/usr/sbin/lvchange -aln vgvirt/sparsetest) unexpected exit status 5:   One or more specified logical volume(s) not found.

	After:
	$ sudo virsh vol-create-as --pool vgvirt sparsetest --capacity 16M --allocation 0
	error: Failed to create vol sparsetest
	error: internal error Child process (/usr/sbin/lvcreate --name sparsetest -L 0K --virtualsize 16384K vgvirt) unexpected exit status 5:   Unable to create new logical volume with no extents

2012-10-17  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require newer sanlock on recent distros 2
	The previous commit was incomplete. We need to also add explicit
	Requires for the newer version since RPM's automatic dependencies won't
	work with sanlock.

2012-10-16  Peter Krempa  <pkrempa@redhat.com>

	spec: Add runtime requirement for libssh2
	libssh2 unfortunately doesn't support symbol versioning so RPM can't
	figure out what version is needed for the currently installed libvirt
	package. This patch adds a runtime requirement, so that the correct
	version of libssh2 can be installed along with libvirt.

2012-10-16  Jiri Denemark  <jdenemar@redhat.com>

	spec: Require newer sanlock on recent distros
	Make sure libvirt is build with sanlock >= 2.4 on distros that are new
	enough to provide it.

	locking: Fix build with sanlock < 2.4
	libvirt started using sanlock_killpath to implement on_lockfailure
	action. Since sanlock_killpath was introduced in sanlock 2.4, libvirt
	fails to build with older sanlock.

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in previous commit s/lik/like/

	Make virInitialize thread safe
	Currently there is a restriction that multi-threaded applications
	must manually call virInitialize, before threads start using
	libvirt, because it is not thread-safe. By switching it to use
	a virOnceControl initializer we gain thread safety, and thus
	applications no longer need to manually call it. They can rely
	on virConnectOpen invoking it for them.

	Fix virProcessKillPainfully on Win32
	Win32 platforms don't have SIGKILL defined, but they do have
	SIGABRT. Since our virProcess wrapper treats anything which
	isn't SIGTERM/SIGINT as equivalent to SIGKILL, just use
	SIGABRT on Win32.

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add JSON serialization of virNetServerPtr objects for process re-exec()
	Add two new APIs virNetServerNewPostExecRestart and
	virNetServerPreExecRestart which allow a virNetServerPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.

	This includes serialization of all registered services
	and clients

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add JSON serialization of virNetServerClientPtr objects for process re-exec()
	Add two new APIs virNetServerClientNewPostExecRestart and
	virNetServerClientPreExecRestart which allow a virNetServerClientPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.

	This includes serialization of the connected socket associated
	with the client

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add JSON serialization of virNetServerServicePtr objects for process re-exec()
	Add two new APIs virNetServerServiceNewPostExecRestart and
	virNetServerServicePreExecRestart which allow a virNetServerServicePtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.

	This includes serialization of the listening sockets associated
	with the service

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add JSON serialization of virNetSocketPtr objects for process re-exec()
	Add two new APIs virNetSocketNewPostExecRestart and
	virNetSocketPreExecRestart which allow a virNetSocketPtr
	object to be created from a JSON object and saved to a
	JSON object, for the purpose of re-exec'ing a process.

	As well as saving the state in JSON format, the second
	method will disable the O_CLOEXEC flag so that the open
	file descriptors are preserved across the process re-exec()

	Since it is not possible to serialize SASL or TLS encryption
	state, an error will be raised if attempting to perform
	serialization on non-raw sockets

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Add JSON serialization of virLockSpacePtr objects for process re-exec()
	Add two new APIs virLockSpaceNewPostExecRestart and
	virLockSpacePreExecRestart which allow a virLockSpacePtr
	object to be created from a JSON object and saved to a
	JSON object, for the purposes of re-exec'ing a process.

	As well as saving the state in JSON format, the second
	method will disable the O_CLOEXEC flag so that the open
	file descriptors are preserved across the process re-exec()

2012-10-16  Daniel P. Berrange  <berrange@redhat.com>

	Introduce an internal API for handling file based lockspaces
	The previously introduced virFile{Lock,Unlock} APIs provide a
	way to acquire/release fcntl() locks on individual files. For
	unknown reason though, the POSIX spec says that fcntl() locks
	are released when *any* file handle referring to the same path
	is closed. In the following sequence

	  threadA: fd1 = open("foo")
	  threadB: fd2 = open("foo")
	  threadA: virFileLock(fd1)
	  threadB: virFileLock(fd2)
	  threadB: close(fd2)

	you'd expect threadA to come out holding a lock on 'foo', and
	indeed it does hold a lock for a very short time. Unfortunately
	when threadB does close(fd2) this releases the lock associated
	with fd1. For the current libvirt use case for virFileLock -
	pidfiles - this doesn't matter since the lock is acquired
	at startup while single threaded an never released until
	exit.

	To provide a more generally useful API though, it is necessary
	to introduce a slightly higher level abstraction, which is to
	be referred to as a "lockspace".  This is to be provided by
	a virLockSpacePtr object in src/util/virlockspace.{c,h}. The
	core idea is that the lockspace keeps track of what files are
	already open+locked. This means that when a 2nd thread comes
	along and tries to acquire a lock, it doesn't end up opening
	and closing a new FD. The lockspace just checks the current
	list of held locks and immediately returns VIR_ERR_RESOURCE_BUSY.

	NB, the API as it stands is designed on the basis that the
	files being locked are not being otherwise opened and used
	by the application code. One approach to using this API is to
	acquire locks based on a hash of the filepath.

	eg to lock /var/lib/libvirt/images/foo.img the application
	might do

	   virLockSpacePtr lockspace = virLockSpaceNew("/var/lib/libvirt/imagelocks");
	   lockname = md5sum("/var/lib/libvirt/images/foo.img");
	   virLockSpaceAcquireLock(lockspace, lockname);

	NB, in this example, the caller should ensure that the path
	is canonicalized before calculating the checksum.

	It is also possible to do locks directly on resources by
	using a NULL lockspace directory and then using the file
	path as the lock name eg

	   virLockSpacePtr lockspace = virLockSpaceNew(NULL);
	   virLockSpaceAcquireLock(lockspace, "/var/lib/libvirt/images/foo.img");

	This is only safe to do though if no other part of the process
	will be opening the files. This will be the case when this
	code is used inside the soon-to-be-reposted virlockd daemon

2012-10-16  Martin Kletzander  <mkletzan@redhat.com>

	tests: Fix domain-events python test
	There was a missing method in python implementation of domain-events
	test and this patch adds that.

2012-10-16  Eric Blake  <eblake@redhat.com>

	maint: prepare for next release number
	Given Daniel's announcement[1], code targetting the next release will
	be in 1.0.0, not 0.10.3.  Changed mechanically with:

	for f in $(git grep -l '0\(.\)10\13\b') ; do
	   sed -i -e 's/0\(.\)10\13/1\10\10/g' $f
	done

	[1]https://www.redhat.com/archives/libvir-list/2012-October/msg00403.html

	* docs/formatdomain.html.in: Use 1.0.0 for next release.
	* src/interface/interface_backend_udev.c: Likewise.

2012-10-16  Eric Blake  <eblake@redhat.com>

	maint: fix license on polkit script
	As approved here:
	https://www.redhat.com/archives/libvir-list/2012-October/msg00701.html

	* daemon/libvirtd.policy.in: Use LGPLv2+ license.

2012-10-16  Martin Kletzander  <mkletzan@redhat.com>

	conf: add test for boot dev and order
	Add test for 280b8c9e7c94db1decdca08d169c88554c09fa19.

	conf: Fix crash with cleanup
	There was a crash possible when both <boot dev... and <boot
	order... were specified due to virDomainDefParseBootXML() erroring out
	before setting *tmp (which was free'd in cleanup).  As a fix, I
	created this cleanup that uses one pointer for all the temporary
	stored XPath strings and values, plus this pointer is correctly
	initialized to NULL.

	selinux: Use raw contexts 2
	In commit 9674f2c637114fa6ac0680fe5658a41a62bb34a8, I forgot to change
	selabel_lookup with the other functions, so this one-liner does exactly
	that.

2012-10-15  Eric Blake  <eblake@redhat.com>

	maint: drop spurious semicolons
	Detected with:
	git grep ';;$' -- '**/*.[ch]'

	* src/network/bridge_driver.c (networkRadvdConfContents): Fix
	harmless typo.
	* src/phyp/phyp_driver.c (phypUUIDTable_Pull): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDriveDel):
	Likewise.

2012-10-15  Guannan Ren  <gren@redhat.com>

	selinux: add security selinux function to label tapfd
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=851981
	When using macvtap, a character device gets first created by
	kernel with name /dev/tapN, its selinux context is:
	system_u:object_r:device_t:s0

	Shortly, when udev gets notification when new file is created
	in /dev, it will then jump in and relabel this file back to the
	expected default context:
	system_u:object_r:tun_tap_device_t:s0

	There is a time gap happened.
	Sometimes, it will have migration failed, AVC error message:
	type=AVC msg=audit(1349858424.233:42507): avc:  denied  { read write } for
	pid=19926 comm="qemu-kvm" path="/dev/tap33" dev=devtmpfs ino=131524
	scontext=unconfined_u:system_r:svirt_t:s0:c598,c908
	tcontext=system_u:object_r:device_t:s0 tclass=chr_file

	This patch will label the tapfd device before qemu process starts:
	system_u:object_r:tun_tap_device_t:MCS(MCS from seclabel->label)

2012-10-15  Martin Kletzander  <mkletzan@redhat.com>

	Add support for SUSPEND_DISK event
	This patch adds support for SUSPEND_DISK event; both lifecycle and
	separated.  The support is added for QEMU, machines are changed to
	PMSUSPENDED, but as QEMU sends SHUTDOWN afterwards, the state changes
	to shut-off.  This and much more needs to be done in order for libvirt
	to work with transient devices, wake-ups etc.  This patch is not
	aiming for that functionality.

2012-10-15  Ján Tomko  <jtomko@redhat.com>

	util: switch virLogEatParams to virLogSource
	Commit e8fd8757c89abbd38571092bbb987650b7658aec changed 'const char *'
	category to virLogSource enum. This changes it in virLogEatParams as
	well, thus fixing the build with --disable-debug.
	--
	Hopefully moving the enum declarations is less ugly than using int.

2012-10-15  Osier Yang  <jyang@redhat.com>

	node_memory: Add new parameter field to tune the new sysfs knob
	Upstream kernel introduced new sysfs knob "merge_across_nodes" to
	specify if pages from different numa nodes can be merged. When set
	to 0, only pages which physically reside in the memory area of
	same NUMA node can be merged. When set to 1, pages from all nodes
	can be merged.

	This patch supports the tuning by adding new param field
	"shm_merge_across_nodes".

2012-10-15  Laine Stump  <laine@laine.org>

	qemu: reorganize qemuDomainChangeNet and qemuDomainChangeNetBridge
	This patch resolves:

	  https://bugzilla.redhat.com/show_bug.cgi?id=805071

	to the extent that it can be resolved with current qemu functionality.
	It attempts to detect as many situations as possible when the simple
	operation of disconnecting an existing tap device from one bridge and
	attaching it to another will satisfy the change requested in
	virDomainUpdateDeviceFlags() for a network device. Before this patch,
	that situation could only be detected if the pre-change interface
	*and* the post-change interface definition were both "type='bridge'".
	After this patch, it can also be detected if the before or after
	interfaces are any combination of type='bridge' and type='network'
	(the networks can be <forward mode='nat|route|bridge'>, as long as
	they use a Linux host bridge and not macvtap connections).

	This extra effort is especially useful since the recent discovery that
	a netdev_del+netdev_add combo (to reconnect the network device with
	completely different hostside configuration) doesn't work properly
	with current qemu (1.2) unless it is accompanied by the matching
	device_del+device_add - see this mailing list message for details:

	  http://lists.nongnu.org/archive/html/qemu-devel/2012-10/msg02355.html

	(A slight modification of the patch referenced there has been prepared
	to apply on top of this patch, but won't be pushed until qemu can be
	made to work with it.)

	* qemuDomainChangeNet needs access to the virDomainDeviceDef that
	holds the new netdef (so that it can clear out the virDomainDeviceDef
	if it ends up using the NetDef to replace the original), so the
	virDomainNetDefPtr arg is replaced with a virDomainDeviceDefPtr.

	* qemuDomainChangeNet previously checked for *some* changes to the
	interface config, but this check was by no means complete. It was also
	a bit disorganized.

	This refactoring of the code is (I believe) complete in its check of
	all NetDef attributes that might be changed, and either returns a
	failure (for changes that are simply impossible), or sets one of three
	flags:

	  needLinkStateChange - if the device link state needs to go up/down
	  needBridgeChange    - if everything else is the same, but it needs
	                        to be connected to a difference linux host
	                        bridge
	  needReconnect       - if the entire host side of the device needs
	                        to be torn down and reconstructed (currently
	                        non-working, as mentioned above)

	Note that this function will refuse to make any change that requires
	the *guest* side of the device to be detached (e.g. changing the PCI
	address or mac address). Those would be disruptive enough to the guest
	that it's reasonable to require an explicit detach/attach sequence
	from the management application.

	* As mentioned above, qemuDomainChangeNet also does its best to
	understand when a simple change in attached bridge for the existing
	tap device will work vs. the need to completely tear down/reconstruct
	the host side of the device (including tap device).

	This patch *does not* implement the "reconnect" code anyway - there is
	a placeholder that turns that into an error. Rather, the purpose of
	this patch is to replicate existing behavior with code that is ready
	to have that functionality plugged in in a later patch.

	* The expanded uses for qemuDomainChangeNetBridge meant that it needed
	to be enhanced as well - it no longer replaces the original brname
	string in olddev with the new brname; instead, it relies on the
	caller to replace the *entire* olddev with newdev (since we've gone
	to great lengths to assure they are functionally identical other
	than the name of the bridge, this is now not only safe, but more
	correct). Additionally, qemuDomainNetChangeBridge can now set the
	bridge for type='network' interfaces as well as plain type='bridge'
	interfaces. (Note that I had to make this change simultaneous to the
	reorganization of qemuDomainChangeNet because the two are too
	closely intertwined to separate).

2012-10-15  Guido Günther  <agx@sigxcpu.org>

	Avoid straying </cpuset>
	by using the same condition as for the <cpuset>.

	Fixes "make check" found by
	    http://honk.sigxcpu.org:8001/job/libvirt-check/160/

2012-10-15  Laine Stump  <laine@laine.org>

	conf: virDomainDeviceInfoCopy utility function
	This does a shallow copy of all the bits, then strdups the two items
	that are actually allocated separately.

	conf: fix virDevicePCIAddressEqual args
	This function really should have been taking virDevicePCIAddress*
	instead of the inefficient virDevicePCIAddress (results in copying two
	entire structs onto the stack rather than just two pointers), and
	returning a bool true/false (not matching is not necessarily a
	"failure", as a -1 return would imply, and also using "if
	(!virDevicePCIAddressEqual(x, y))" to mean "if x == y" is just a bit
	counterintuitive).

2012-10-15  Guido Günther  <agx@sigxcpu.org>

	Fix tab vs space
	that broke "make syntax-check"

	found by http://honk.sigxcpu.org:8001/job/libvirt-syntax-check/157/

	Pushed under the build breaker rule.

2012-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Ignore def->cpumask if emulatorpin is specified
	If the vcpu placement is "static", it's just fine to ignore the
	def->cpumask if emulatorpin is specified.

2012-10-15  Osier Yang  <jyang@redhat.com>

	conf: Ignore emulatorpin if vcpu placement is auto
	When vcpu placement is "auto", the domain process will be pinned
	to advisory nodeset from querying numad, While emulatorpin will
	override the pinning. That means both of them are to set the
	pinning policy for domain process, but conflicts with each other.

	This patch ingore emulatorpin if vcpu placement is "auto", because
	<vcpu> placement can't be simply ignored for <numatune> placement
	could default to it.

2012-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Initialize cpuset for hotplugged vcpu as def->cpuset
	The onlined vcpu pinning policy should inherit def->cpuset if
	it's not specified explicitly, and the affinity should be set
	in this case. Oppositely, the offlined vcpu pinning policy should
	be free()'ed.

2012-10-15  Osier Yang  <jyang@redhat.com>

	qemu: Create or remove cgroup when doing vcpu hotpluging
	Various APIs use cgroup to either set or get the statistics of
	host or guest. Hotplug or hot unplug new vcpus without creating
	or removing the cgroup for the vcpus could cause problems for
	those APIs. E.g.

	% virsh vcpucount dom
	maximum      config        10
	maximum      live          10
	current      config         1
	current      live           1

	% virsh setvcpu dom 2

	% virsh schedinfo dom --set vcpu_quota=1000
	Scheduler      : posix
	error: Unable to find vcpu cgroup for rhel6.2(vcpu: 1): No such file or
	directory

	This patch fixes the problem by creating cgroups for each of the
	onlined vcpus, and destroying cgroups for each of the offlined
	vcpus.

2012-10-15  Osier Yang  <jyang@redhat.com>

	conf: Initialize the pinning policy for vcpus
	Document for <vcpu>'s "cpuset" says:

	Since 0.4.4, this element can contain an optional cpuset attribute,
	which is a comma-separated list of physical CPU numbers that virtual
	CPUs can be pinned to.

	However, it's not the truth, libvirt actually pins the domain
	process to the specified pCPUs by "cpuset" of <vcpu>. And the
	vcpu thread are pinned to all available pCPUs if no <vcpupin>
	is specified for it.

	This patch is to implement the codes to inherit <vcpu>'s "cpuset" for
	vcpu that doesn't have <vcpupin> specified, and <vcpupin>
	for these vcpu will be ignored when formating. Underlying
	driver implementation will make sure the vcpu thread pinned
	to correct pCPUs.

2012-10-15  Osier Yang  <jyang@redhat.com>

	conf: Ignore vcpupin for not onlined vcpus when parsing
	Setting pinning policy for vcpu which exceeds current vcpus number
	just makes no sense, however, it could cause various problems, E.g.

	<vcpu current='1'>4</vcpu>
	<cputune>
	  <vcpupin vcpuid='3' cpuset='4'/>
	</cputune>

	% virsh start linux
	error: Failed to start domain linux
	error: cannot set CPU affinity on process 32534: No such process

	We must have some odd codes underlying which produces the
	"on process 32534", but the point is why we not to prevent
	earlier when parsing? Note that this is only one of the
	problem it could cause.

	This patch is to ignore the <vcpupin> for not onlined vcpus.

2012-10-15  Osier Yang  <jyang@redhat.com>

	doc: Sort out the relationship between <vcpu>, <vcpupin>, and <emulatorpin>
	These 3 elements conflicts with each other in either the doc
	or the underlying codes.

	Current problems:

	Problem 1:

	The doc shouldn't simply say "These settings are superseded
	by CPU tuning. " for element <vcpu>. As except the tuning, <vcpu>
	allows to specify the current, maxmum vcpu number. Apart from that,
	<vcpu> also allows to specify the placement as "auto", which binds
	the domain process to the advisory nodeset from numad.

	Problem 2:

	Doc for <vcpu> says its "cpuset" specify the physical CPUs
	that the vcpus can be pinned. But it's not the truth, as
	actually it only pin domain process to the specified physical
	CPUs. So either it's a document bug, or code bug.

	Problem 3:

	Doc for <vcpupin> says it supersed "cpuset" of <vcpu>, it's
	not quite correct, as each <vcpupin> specify the pinning policy
	only for one vcpu. How about the ones which doesn't have
	<vcpupin> specified? it says the vcpu will be pinned to all
	available physical CPUs, but what's the meaning of attribute
	"cpuset" of <vcpu> then?

	Problem 4:

	Doc for <emulatorpin> says it pin the emulator threads (domain
	process in other context, perhaps another follow up patch to
	cleanup the inconsistency is needed) to the physical CPUs
	specified its attribute "cpuset". Which conflicts with
	<vcpu>'s "cpuset". And actually in the underlying codes,
	it set the affinity for domain process twice if both
	"cpuset" for <vcpu> and <emulatorpin> are specified,
	and <emulatorpin>'s pinning will override <vcpu>'s.

	Problem 5:

	When "placement" of <vcpu> is "auto" (I.e. uses numad to
	get the advisory nodeset to which the domain process is
	pinned to), it will also be overridden by <emulatorpin>,

	This patch is trying to sort out the conflicts or bugs by:

	1) Don't say <vcpu> is superseded by <cputune>

	2) Keep the semanteme for "cpuset" of <vcpu> (I.e. Still says it
	   specify the physical CPUs the virtual CPUs). But modifying it
	   to mention it also set the pinning policy for domain process,
	   and the CPU placement of domain process specified by "cpuset"
	   of <vcpu> will be ingored if <emulatorpin> specified, and
	   similary, the CPU placement of vcpu thread will be ignored
	   if it has <vcpupin> specified, for vcpu which doesn't have
	   <vcpupin> specified, it inherits "cpuset" of <vcpu>.

	3) Don't say <vcpu> is supersed by <vcpupin>. If neither <vcpupin>
	   nor "cpuset" of <vcpu> is specified, the vcpu will be pinned
	   to all available pCPUs.

	4) If neither <emulatorpin> nor "cpuset" of <vcpu> is specified,
	   the domain process (emulator threads in the context) will be
	   pinned to all available pCPUs.

	5) If "placement" of <vcpu> is "auto", <emulatorpin> is not allowed.

	6) hotplugged vcpus will also inherit "cpuset" of <vcpu>

	Codes changes according to above document changes:

	1) Inherit def->cpumask for each vcpu which doesn't have <vcpupin>
	   specified, during parsing.

	2) ping the vcpu which doesn't have <vcpupin> specified to def->cpumask
	   either by cgroup for sched_setaffinity(2), which is actually done
	   by 1).

	3) Error out if "placement" == "auto", and <emulatorpin> is specified.
	   Otherwise, <emulatorpin> is honored, and "cpuset" of <cpuset> is
	   ignored.

	4) Setup cgroup for each hotplugged vcpu, and setup the pinning policy
	   by either cgroup or sched_setaffinity(2).

	5) Remove cgroup and <vcpupin> for each hot unplugged vcpu.

	Patches are following (6 in total except this patch)

2012-10-14  Cole Robinson  <crobinso@redhat.com>

	Tweak comments in the policykit rules file
	- Add the XML header so vim gives us syntax highlighting
	- polkit-policy-file-validate hasn't existed for 3 years
	- Permissions comment was not accurate

	Only keep one polkit rules file
	Just tweak it at build time depending on what polkit version we are
	building for.

	daemon: Use $(AM_V_GEN) in a few more places

2012-10-13  Guido Günther  <agx@sigxcpu.org>

	Properly parse (unsigned) long long
	This fixes problems on platforms where sizeof(long) != sizeof(long long)
	like ia32.

2012-10-12  Peter Krempa  <pkrempa@redhat.com>

	spec: Add support for libssh2 transport
	Libssh2 transport support was enabled lately but the spec file wasn't
	updated to take this into account. This caused libvirt to be built
	without libssh2 support in Red Hat based OSes.

2012-10-12  Martin Kletzander  <mkletzan@redhat.com>

	selinux: Use raw contexts
	We are currently able to work only with non-translated SELinux
	contexts, but we are using functions that work with translated
	contexts throughout the code.  This patch swaps all SELinux context
	translation relative calls with their raw sisters to avoid parsing
	problems.

	The problems can be experienced with mcstrans for example.  The
	difference is that if you have translations enabled (yum install
	mcstrans; service mcstrans start), fgetfilecon_raw() will get you
	something like 'system_u:object_r:virt_image_t:s0', whereas
	fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
	that we cannot parse.

	I was trying to confirm that the _raw variants were here since the dawn of
	time, but the only thing I see now is that it was imported together in
	the upstream repo [1] from svn, so before 2008.

	Thanks Laurent Bigonville for finding this out.

	[1] http://oss.tresys.com/git/selinux.git

2012-10-12  Jiri Denemark  <jdenemar@redhat.com>

	conf: Mark missing optional USB devices in domain XML
	When startupPolicy set for a USB devices allows such device to be
	missing, there was no way this could be detected from domain XML. With
	this patch, libvirt emits a new missing='yes' attribute for such devices
	when active domain XML is generated.

2012-10-12  Ján Tomko  <jtomko@redhat.com>

	virsh: remove reference to migration in blockcopy

	virsh: block SIGINT while getting BlockJobInfo
	SIGINT hasn't been blocked, which could lead to losing it somewhere in
	virDomainGetBlockJobInfo and not aborting the job.

	Various typos and misspellings

2012-10-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix misleading comment for qemuDomainObjBeginJobWithDriver()
	The comment stated that you may call qemuDomainObjBeginJobWithDriver
	without passing qemud_driver to signal it's not locked.
	qemuDomainObjBeginJobWithDriver still accesses the qemud_driver
	structure and the lock singaling is done through a separate parameter.

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make save/restore with USB devices usable
	Save/restore with passed through USB devices currently only works if the
	USB device can be found at the same USB address where it used to be
	before saving a domain. This makes sense in case a user explicitly
	configure the USB address in domain XML. However, if the device was
	found automatically by vendor/product identification, we should try to
	search for that device when restoring the domain and use any device we
	find as long as there is only one available. In other words, the USB
	device can now be removed and plugged again or the host can be rebooted
	between saving and restoring the domain.

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	Add MIGRATABLE flag for virDomainGetXMLDesc
	Using VIR_DOMAIN_XML_MIGRATABLE flag, one can request domain's XML
	configuration that is suitable for migration or save/restore. Such XML
	may contain extra run-time stuff internal to libvirt and some default
	configuration may be removed for better compatibility of the XML with
	older libvirt releases.

	This flag may serve as an easy way to get the XML that can be passed
	(after desired modifications) to APIs that accept custom XMLs, such as
	virDomainMigrate{,ToURI}2 or virDomainSaveFlags.

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Implement startupPolicy for USB passed through devices

	qemu: Add option to treat missing USB devices as success
	All USB device lookup functions emit an error when they cannot find the
	requested device. With this patch, their caller can choose if a missing
	device is an error or normal condition.

	qemu: Introduce qemuFindHostdevUSBDevice
	The code which looks up a USB device specified by hostdev is duplicated
	in two places. This patch creates a dedicated function that can be
	called in both places.

	conf: Add support for startupPolicy for USB devices
	USB devices can disappear without OS being mad about it, which makes
	them ideal for startupPolicy. With this attribute, USB devices can be
	configured to be mandatory (the default), requisite (will disappear
	during migration if they cannot be found), or completely optional.

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	locking: Implement lock failure action in sanlock driver
	While the changes to sanlock driver should be stable, the actual
	implementation of sanlock_helper is supposed to be replaced in the
	future. However, before we can implement a better sanlock_helper, we
	need an administrative interface to libvirtd so that the helper can just
	pass a "leases lost" event to the particular libvirt driver and
	everything else will be taken care of internally. This approach will
	also allow libvirt to pass such event to applications and use
	appropriate reasons when changing domain states.

	The temporary implementation handles all actions directly by calling
	appropriate libvirt APIs (which among other things means that it needs
	to know the credentials required to connect to libvirtd).

2012-10-11  Jiri Denemark  <jdenemar@redhat.com>

	locking: Add support for lock failure action

	locking: Pass hypervisor driver name when acquiring locks
	This is required in case a lock manager needs to contact libvirtd in
	case of an unexpected event.

	locking: Add const char * parameter to avoid ugly typecasts

	conf: Add on_lockfailure event configuration
	Using this new element, one can configure an action that should be
	performed when resource locks are lost.

	conf: Rename life cycle actions to event actions
	While current on_{poweroff,reboot,crash} action configuration is about
	configuring life cycle actions, they can all be considered events and
	actions that need to be done on a particular event. Let's generalize the
	code by renaming life cycle actions to event actions so that it can be
	reused later for non-lifecycle events.

2012-10-10  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Correct name of domain/pm/suspend-to-mem in docs

2012-10-10  Cole Robinson  <crobinso@redhat.com>

	storage: Report UUID/name consistently in driver errors
	Done with:

	sed -i -e "s/no pool with matching uuid/no storage pool with matching uuid/g" src/storage/storage_driver.c
	sed -i -e 's/"%s", _("no storage pool with matching uuid")/_("no storage pool with matching uuid %s"), obj->uuid/g' src/storage/storage_driver.c
	sed -i -e 's/"%s", _("storage pool is not active")/_("storage pool '%s' is not active"), pool->def->name/g' src/storage/storage_driver.c

	And a couple fixups before, during, and after, and a manual inspection
	pass to make sure nothing was wonky.

2012-10-10  Daniel P. Berrange  <berrange@redhat.com>

	Change qemuSetSchedularParameters to use AFFECT_CURRENT
	When adding variants of parameter setting APIs which accepted
	flags, the existing APIs were all adapted internally to pass
	VIR_DOMAIN_AFFECT_CURRENT to the new API. The QEMU impl
	qemuSetSchedularParameters was an exception, which instead
	used VIR_DOMAIN_AFFECT_LIVE. Change this to match other
	compatibility scenarios, so that calling

	   virDomainSetSchedularParameters(dom, params, nparams);

	Has the same semantics as

	   virDomainSetSchedularParametersFlags(dom, params, nparams, 0);

	And

	   virDomainSetSchedularParametersFlags(dom, params, nparams, VIR_DOMAIN_AFFECT_CURRENT);

2012-10-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	win32: Pretend that close-on-exec works
	Currently virNetSocketNew fails because virSetCloseExec fails as there
	is no proper implementation for it on Windows at the moment. Workaround
	this by pretending that setting close-on-exec on the fd works. This can
	be done because libvirt currently lacks the ability to create child
	processes on Windows anyway. So there is no point in failing to set a
	flag that isn't useful at the moment anyway.

2012-10-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic dispatch for types with more than one level of inheritance
	Traverse the whole inheritance hierarchy for dynamic dispatch as it is
	already done for the dynamic cast.

	Also make AnyType cast errors more verbose.

	Reported by Ata Bohra.

2012-10-09  Doug Goldstein  <cardoe@cardoe.com>

	interface: add udevIfaceIsActive() to udev backend
	Add support to check if a specific interface is active by supporting the
	following API function in the udev based virInterface backend:
	* virConnectInterfaceIsActive()

	interface: always build all available backends
	Always build all available backends to avoid bit-rot. At run time we
	select the correct backend and load it by attempting netcf first and
	then udev.

	interface: fix netcf based backend naming
	All other backends for virInterface or other HVs implementations of
	virInterface list their own names for the name instead of the generic
	'Interface' value. This does the same for the netcf based backend.
	Also, report any errors during registration.

	interface: add udev based backend for virInterface
	Add a read-only udev based backend for virInterface. Useful for distros
	that do not have netcf support yet. Multiple libvirt based utilities use
	a HAL based fallback when virInterface is not available which is less
	than ideal. This implements:
	* virConnectNumOfInterfaces()
	* virConnectListInterfaces()
	* virConnectNumOfDefinedInterfaces()
	* virConnectListDefinedInterfaces()
	* virConnectListAllInterfaces()
	* virConnectInterfaceLookupByName()
	* virConnectInterfaceLookupByMACString()

2012-10-09  Eric Blake  <eblake@redhat.com>

	hooks: let virCommand do the error reporting
	The code was reporting raw exit status without decoding it into
	normal vs. signal exit.  virCommandRun already does this, but
	with a different error type, so all we have to do is recast
	the error to the correct type.
	Reported by li guang.

	* src/util/hooks.c (virHookCall): Simplify.

2012-10-09  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: update description about user/group in qemu.conf
	As a side effect of changes in the functions virGetUserID and
	virGetGroupID, the user and group configurations for DAC in qemu.conf
	are now able to accept both names and IDs, supporting a leading plus
	sign to ensure that a numeric value will not be interpreted as a name.

	This patch updates the comments in qemu.conf, including a description of
	this new behavior.

2012-10-09  Michal Privoznik  <mprivozn@redhat.com>

	docs: Drop useless </p> in drvphyp.html.in

	nodeinfo: Fully convert to new virReportError
	With our latest s/[a-z]+ReportError/virReportError/ rewrite
	(47ab34e2) we forgot to update arm part of the code.

2012-10-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix QMP detection of QXL graphics
	With the recent introduction of QMP capabilities probing, libvirt failed
	to detect support for QXL graphics in QEMU 1.2 and newer. In addition to
	fixing that, this patch also causes libvirt to detect QXL support for
	qemu-kvm-0.13.0, which doesn't advertise it in -help output but mentions
	it in device list. Since qemu-kvm-0.13.0 supported -spice, it looks like
	not having qxl in -help was a bug.

2012-10-08  Eric Blake  <eblake@redhat.com>

	virsh: add qemu-monitor-command --pretty
	I was using qemu-monitor-command during development, and found it quite
	hard to use.  Compare the results of this patch on ease of reading:

	$ virsh qemu-monitor-command          dom '{"execute":"query-version"}'
	{"return":{"qemu":{"micro":1,"minor":12,"major":0},"package":"(qemu-kvm-0.12.1.2)"},"id":"libvirt-7683"}

	$ virsh qemu-monitor-command --pretty dom '{"execute":"query-version"}'
	{
	    "return": {
	        "qemu": {
	            "micro": 1,
	            "minor": 12,
	            "major": 0
	        },
	        "package": "(qemu-kvm-0.12.1.2)"
	    },
	    "id": "libvirt-7674"
	}

	* tools/virsh-host.c (cmdQemuMonitorCommand): New option.
	* tools/virsh.pod (qemu-monitor-command): Document it.

2012-10-08  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	security: update user and group parsing in security_dac.c
	The functions virGetUserID and virGetGroupID are now able to parse
	user/group names and IDs in a similar way to coreutils' chown. So, user
	and group parsing in security_dac can be simplified.

2012-10-08  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	util: extend virGetUserID and virGetGroupID to support names and IDs
	This patch updates virGetUserID and virGetGroupID to be able to parse a
	user or group name in a similar way to coreutils' chown. This means that
	a numeric value with a leading plus sign is always parsed as an ID,
	otherwise the functions try to parse the input first as a user or group
	name and if this fails they try to parse it as an ID.

	This patch includes Peter Krempa's changes to correctly handle errors
	returned by getpwnam_r and getgrnam_r.

2012-10-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Call curl_global_init from virInitialize to avoid thread-safety issues
	curl_global_init is not thread-safe. curl_easy_init might call
	curl_global_init when it was no called before. But curl_easy_init
	can be called from different threads by the ESX driver. Therefore,
	call curl_global_init from virInitialize to stop curl_easy_init from
	calling it.

	Reported by Benjamin Wang.

2012-10-08  Martin Kletzander  <mkletzan@redhat.com>

	fix kvm_pv_eoi with kvmclock
	When both kvmclock and kvm_pv_eoi are configured (either disabled or
	enabled) libvirt will generate invalid CPU specification due to the
	fact that even though kvmclock causes the CPU to be specified, it
	doesn't set have_cpu flag to true (and the new kvm_pv_eoi as well).
	This patch fixes the issue and adds a test exactly for that to show
	that it is fixed correctly (and also to keep it that way in the future
	of course).

2012-10-08  Alexander Larsson  <alexl@redhat.com>

	Fix typo in HAVE_DBUS automake conditional
	The variable that is set in the script is with_dbus, not have_dbus.

2012-10-08  Guannan Ren  <gren@redhat.com>

	python: keep consistent handling of Python integer conversion
	libvirt_ulonglongUnwrap requires the integer type of python obj.
	But libvirt_longlongUnwrap still could handle python obj of
	Pyfloat_type which causes the float value to be rounded up
	to an integer.

	For example
	 >>> dom.setSchedulerParameters({'vcpu_quota': 0.88})
	 0
	libvirt_longlongUnwrap treats 0.88 as a valid value 0

	However
	 >>> dom.setSchedulerParameters({'cpu_shares': 1000.22})
	libvirt_ulonglongUnwrap will throw out an error
	"TypeError: an integer is required"

	The patch make this consistent.

2012-10-08  Guannan Ren  <gren@redhat.com>

	python: cleanup vcpu related binding APIs
	libvirt_virDomainGetVcpus: add error handling, return -1 instead of None
	libvirt_virDomainPinVcpu and libvirt_virDomainPinVcpuFlags:
	  check the type of argument
	  make use of libvirt_boolUnwrap

	  Set bitmap according to these values which are contained in given
	  argument of vcpu tuple and turn off these bit corresponding to
	  missing vcpus in argument tuple

	  The original way ignored the error info from PyTuple_GetItem
	  if index is out of range.
	  "IndexError: tuple index out of range"
	  The error message will only be raised on next command in interactive mode.

2012-10-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Disable libcurl's use of signals to fix a segfault
	libcurl uses a SIGALRM in combination with sigsetjmp/siglongjmp to be
	able to abort a DNS lookup when it takes too long. The problem with this
	in a multi-threaded application is that the signal handler for SIGALRM
	and the call to siglongjmp can be executed on a thread that is different
	from the one that initially did the SIGALRM setup and the call to
	sigsetjmp. In the reported case this triggered a segfault.

	Disable libcurl's use of signals to avoid this situation. This has the
	disadvantage of losing the ability to abort synchronous DNS lookups which
	might result in libcurl getting stuck in a DNS lookup in the worst case.
	When libcurl was build with an asynchronous DNS backend such as c-ares
	then there is no problem because the timeout mechanism works without
	signals here anyway.

	Reported by Benjamin Wang.

2012-10-05  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Buffer too small for large CPU numbers.
	The output buffer for virFileReadAll was too small for systems with
	more than 30 CPUs which leads to a log entry and incorrect behavior.
	The new size will be sufficient for the current
	architectural limits.

2012-10-05  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	This reverts part of commit 5468594f465; the perl changes in that
	patch were sufficient.  Since libvirt.syms is already a generated
	file created in part from libvirt_private.syms, we don't need a
	second pass over libvirt_private.syms in isolation.

	* src/Makefile.am: Undo addition of check-private-symfile.

2012-10-05  Michal Privoznik  <mprivozn@redhat.com>

	Check for private symbols presence as well
	Currently, we are checking if libvirt.so contains public symbols.
	However, sometimes we rename an internal symbol and forget to
	change libvirt_private.syms accordingly. Hence, it's safer to check
	for internal symbols as well.

2012-10-05  Eric Blake  <eblake@redhat.com>

	spec: prefer canonical name of util-linux
	I noticed that in two places, we require util-linux, and in a third,
	we require util-linux-ng.  On Fedora (I tested F15 through rawhide),
	util-linux-ng is obsoleted by util-linux; on RHEL 6, util-linux
	is obsoleted by util-linux-ng.  That is, on either platform, either
	name will get you the correct package installed (where the preferred
	name on fedora is util-linux, and on RHEL 6 is util-linux-ng).  But
	on RHEL 5, there is no util-linux-ng

	* libvirt.spec.in (Requires): Use util-linux, not util-linux-ng.

2012-10-05  Michal Privoznik  <mprivozn@redhat.com>

	private.syms: Drop virKillProcess
	After it got renamed to virProcessKill (cf470068a11)
	it is no longer needed in the private syms file.

2012-10-05  Eric Blake  <eblake@redhat.com>

	docs: fix links in migration.html TOC
	Use of the wrong attribute name caused the table of contents to
	be useless.  Fix suggested by Daniel P. Berrange.

	* docs/migration.html.in: Use correct anchoring attribute.

2012-10-04  Wido den Hollander  <wido@widodh.nl>

	doc: Add Maven repository to Java bindings documentation
	Getting a artifact into Maven central has a lot of restrictions as
	where the artifact should be hosted.

	This seemed like a big hassle which we don't want to go through now.

	Document a way for users to use libvirt.org as a repository so they can
	fetch the Java bindings with maven.

2012-10-04  Kyle Mestery  <kmestery@cisco.com>

	Correct checking of virStrcpyStatic() return value
	Correct the check for the return value of virStrcpyStatic()
	when copying port-profile names. Fixes Open vSwitch ports
	which utilize port-profiles from network definitions.

2012-10-03  Eric Blake  <eblake@redhat.com>

	docs: rudimentary phyp documentation
	Based on a report that phyp is undocumented:
	https://www.redhat.com/archives/libvirt-users/2012-July/msg00013.html

	* docs/drvphyp.html.in (phyp): New file.
	* docs/drivers.html.in: List it.

2012-10-03  Eric Blake  <eblake@redhat.com>

	build: update gnulib for FreeBSD build
	Several gnulib tests were failing 'make check', and compilation with
	CFLAGS=-g failed due to a gcc 4.2.1 limitation.

	* .gnulib: Update to latest, for gcc 4.2 support and fixed FreeBSD tests.

2012-10-03  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: update description about security labels on formatdomain.html
	This patch adds a brief description about labels for each security
	driver.

2012-10-03  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	security: also parse user/group names instead of just IDs for DAC labels
	The DAC driver is missing parsing of group and user names for DAC labels
	and currently just parses uid and gid. This patch extends it to support
	names, so the following security label definition is now valid:

	  <seclabel type='static' model='dac' relabel='yes'>
	      <label>qemu:qemu</label>
	      <imagelabel>qemu:qemu</imagelabel>
	  </seclabel>

	When it tries to parse an owner or a group, it first tries to resolve it as
	a name, if it fails or it's an invalid user/group name then it tries to
	parse it as an UID or GID. A leading '+' can also be used for both owner and
	group to force it to be parsed as IDs, so the following example is also
	valid:

	  <seclabel type='static' model='dac' relabel='yes'>
	      <label>+101:+101</label>
	      <imagelabel>+101:+101</imagelabel>
	  </seclabel>

	This ensures that UID 101 and GUI 101 will be used instead of an user or
	group named "101".

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: avoid -Wno-format on new-enough gcc
	Commit c579d6b added a sledgehammer to silence spurious warnings from
	gcc 4.2, but in the process, it also silenced useful warnings from
	gcc 4.3 through 4.5.  As a result, a bug slipped in to commit 0caccb58.

	Tested with FreeBSD (gcc 4.2.1), RHEL 6.3 (gcc 4.4), and F17 (gcc 4.7.2),
	where the former didn't trip on spurious warnings, and where the latter
	two detected a revert of 2b804cf.

	* m4/virt-compile-warnings.m4 (-Wno-format): Probe for the actual
	spurious message, to once again allow gcc 4.4 to use -Wformat.

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: fix typo in debug message
	Introduced in commit 0caccb58.

	  CC     libvirt_driver_qemu_impl_la-qemu_capabilities.lo
	../../src/qemu/qemu_capabilities.c: In function 'qemuCapsInitQMP':
	../../src/qemu/qemu_capabilities.c:2327:13: error: format '%d' expects argument of type 'int', but argument 8 has type 'const char *' [-Werror=format]

	* src/qemu/qemu_capabilities.c (qemuCapsInitQMP): Use correct format.

2012-10-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Kill processes used for QMP caps probing
	Since libvirt switched to QMP capabilities probing recently, it starts
	QEMU process used for this probing with -daemonize, which means
	virCommandAbort can no longer reach these processes. As a result of
	that, restarting libvirtd will leave several new QEMU processes behind.
	Let's use QEMU's -pidfile and use it to kill the process when QMP caps
	probing is done.

2012-10-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Use proper agent entering function when freezing filesystems
	When doing snapshots, the filesystem freeze function used the agent
	entering function that expects the qemud_driver unlocked. This might
	cause a deadlock of the qemu driver if the agent does not respond.

	The only call path of this function has the qemud_driver locked, so this
	patch changes the entering functions to those expecting the driver
	locked.

2012-10-02  Michal Privoznik  <mprivozn@redhat.com>

	lxc: Correctly report active cgroups
	There was an inverted return value in lxcCgroupControllerActive().
	The function assumes cgroups are active and do couple of checks
	to prove that. If any of them fails, false is returned. Therefore,
	at the end, after all checks are done we must return true, not false.

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: avoid journald on rhel 5
	Commit f6430390 broke builds on RHEL 5, where glibc (2.5) is too
	old to support mkostemp (2.7) or htole64 (2.9).  While gnulib
	has mkostemp, it still lacks htole64; and it's not worth dragging
	in replacements on systems where journald is unlikely to exist
	in the first place, so we just use an extra configure-time check
	as our witness of whether to attempt compiling the code.

	* src/util/logging.c (virLogParseOutputs): Don't attempt to
	compile journald on older glibc.
	* configure.ac (AC_CHECK_DECLS): Check for htole64.

2012-10-02  Eric Blake  <eblake@redhat.com>

	build: fix bitmap conversion when !CPU_ALLOC
	Commit f1a43a8 missed one side of an #if/#else.

	* src/util/processinfo.c (virProcessInfoGetAffinity): Use correct
	bitmap operation.

2012-10-01  Dave Allan  <dallan@redhat.com>

	Add note about numeric domain names to manpage
	Clarify that domains with numeric names can only be identified by
	their domain id.

2012-10-01  Eric Blake  <eblake@redhat.com>

	build: avoid infinite autogen loop
	Several people have reported that if the .gnulib submodule is dirty,
	then 'make' will go into an infinite loop attempting to rerun bootstrap,
	because that never cleans up the dirty submodule.  By default, we
	should halt and make the user investigate, but if the user doesn't
	know why or care that the submodule is dirty, I also added the ability
	to 'make CLEAN_SUBMODULE=1' to get things going again.

	Also, while testing this, I noticed that when a submodule update was
	needed, 'make' would first run autoreconf, then bootstrap (which
	reruns autoreconf); adding a strategic dependency allows for less work.

	* .gnulib: Update to latest, for maint.mk improvements.
	* cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf.
	* autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless
	user requests discarding gnulib changes.

2012-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Fix and improve hypervListAllDomains
	Use MATCH for all flags checks.

	hypervMsvmComputerSystemToDomain expects the domain pointer to the
	initialized to NULL.

	All items in doms up to the count-th one are valid, no need to double
	check before freeing them.

2012-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix and improve esxListAllDomains function
	Avoid requesting information such as identity or power state when it
	is not necessary.

	Lookup virtual machine list with the required fields (configStatus,
	name, and config.uuid) to make esxVI_GetVirtualMachineIdentity work.

	No need to call esxVI_GetNumberOfSnapshotTrees. rootSnapshotTreeList
	can be tested for emptiness by checking it for NULL.

	esxVI_LookupRootSnapshotTreeList already does the error reporting,
	don't overwrite it.

	Check if autostart is enabled at all before looking up the individual
	autostart setting of a virtual machine.

	Reorder VIR_EXPAND_N(doms, ndoms, 1) to avoid leaking the result of
	the call to virGetDomain if VIR_EXPAND_N fails.

	Replace VIR_EXPAND_N by VIR_RESIZE_N to avoid quadratic scaling, as in
	the Hyper-V version of the function.

	If virGetDomain fails it already reports an error, don't overwrite it
	with an OOM error.

	All items in doms up to the count-th one are valid, no need to double
	check before freeing them.

	Finally, don't leak autoStartDefaults and powerInfoList.

2012-09-28  Daniel J Walsh  <dwalsh@redhat.com>

	build: default selinuxfs mount point to /sys/fs/selinux
	Currently if you build on a machine that does not support SELinux we end up
	with the default mount point being /selinux, since this is moved to
	/sys/fs/selinux, we should start defaulting there.

	I believe this is causing a bug in libvirt-lxc when /selinux does not exists,
	even though /sys/fs/selinux exists.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Add support for detecting capablities using QMP commands
	Start a QEMU process using

	   $QEMU -S -no-user-config -nodefaults \
	         -nographic -M none -qmp unix:/some/path,server,nowait

	and talk QMP over stdio to discover what capabilities the
	binary supports. This works for QEMU 1.2.0 or later and
	for older QEMU automatically fallback to the old approach
	of parsing -help and related command line args.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Ignore error from query-cpu-definitions
	Some architectures provide the query-cpu-definitions command,
	but are set to always return a "GenericError" from it :-(
	Catch this & treat it as if there was an empty list of CPUs
	returned

	Avoid bogus I/O event errors when closing the QEMU monitor
	After calling qemuMonitorClose(), it is still possible for
	the QEMU monitor I/O event callback to get invoked. This
	will trigger an error message because mon->fd has been set
	to -1 at this point. Silently ignore the case where mon->fd
	is -1, likewise for mon->watch being zero.

	Remove need to pass in a virDomainObjPtr instance to qemuMonitorOpen
	The qemuMonitorOpen method only needs a virDomainObjPtr in order
	to access the QEMU pid. This is not critical when detecting the
	QEMU capabilties, so can easily be skipped

	Fix QEMU test with 1.2.0 help output
	The help output for QEMU 1.2.0 changed 'pci-assign' to 'kvm-pci-assign'.
	Since the new capabilities code does exact device name matching
	instead of substring matching, this caused the capabilities to go
	missing.

2012-09-28  Chuck Short  <zulcss@gmail.com>

	ARMHF: implement /proc/cpuinfo parsing
	Minimal CPU "parser" for armhf to avoid compile time warning.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Automatically enable systemd journal logging
	Probe to see if the systemd journal is accessible, and if
	so enable logging to the journal by default, rather than
	stderr (current default under systemd).

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Add systemd journal support
	Add support for logging to the systemd journal, using its
	simple client library. The benefit over syslog is that it
	accepts structured log data, so the journald can store
	individual items like code file/line/func separately from
	the string message. Tools which require structured log
	data can then query the journal to extract exactly what
	they desire without resorting to string parsing

	While systemd provides a simple client library for logging,
	it is more convenient for libvirt to directly write its
	own client code. This lets us build up the iovec's on
	the stack, avoiding the need to alloc memory when writing
	log messages.

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Refactor qemuCapsParseDeviceStr to work from data tables
	Currently the qemuCapsParseDeviceStr method has a bunch of open
	coded string searches/comparisons to detect devices and their
	properties. Soon this data will be obtained from QMP queries
	instead of -device help output. Maintaining the list of device
	and properties in two places is undesirable. Thus the existing
	qemuCapsParseDeviceStr() method needs to be refactored to
	separate the device types and properties from the actual
	search code.

	Thus the -device help output is now parsed to construct a
	list of device names, and device properties. These are then
	checked against a set of datatables to set the capability
	flags

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Don't initialize logging twice in libvirtd
	The virInitialize function initializes logging from the env,
	so there is no need for another call to virLogSetFromEnv

	Change logging category parameter into an enum
	The 'const char *category' parameter only has a few possible
	values now that the filename has been separated. Turn this
	parameter into an enum instead.

	Include filename explicitly in logging APIs
	Currently the logging APIs have a 'const char *category' parameter
	which indicates where the log message comes from. This is typically
	a combination of the __FILE__ string and other prefix. Split the
	__FILE__ off into a dedicated parameter so it can passed to the
	log outputs

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Whitespace cleanup in logging files
	General whitespace cleanup in the logging files

	 - Move '{' to a new line after funtion declaration
	 - Put each parameter on a new line to avoid long lines
	 - Put return type on new line
	 - Leave 2 blank lines between functions

2012-09-28  Daniel P. Berrange  <berrange@redhat.com>

	s/int/virLogDestination/ in logging code
	The log destinations are an enum, but most of the code was
	just using a plain 'int' for function params / variables.

	s/long long/size_t/ for file line numbers in logging code
	The __LINE__ macro value is specified to fit in the size_t
	type, so use that instead of 'long long' in the logging code

	s/int/virLogPriority/ in logging code
	The log priority levels are an enum, but most of the code was
	just using a plain 'int' for function params / variables.

2012-09-28  Guannan Ren  <gren@redhat.com>

	python: return error if PyObject obj is NULL for unwrapper helper functions
	The result is indeterminate for NULL argument to python
	functions as follows. It's better to return negative value in
	these situations.

	PyObject_IsTrue will segfault if the argument is NULL
	PyFloat_AsDouble(NULL) is -1.000000
	PyLong_AsUnsignedLongLong(NULL) is 0.000000

2012-09-27  Benjamin Cama  <benjamin.cama@telecom-bretagne.eu>

	network: fix dnsmasq/radvd binding to IPv6 on recent kernels
	I hit this problem recently when trying to create a bridge with an IPv6
	address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to
	the given address, waiting 20s and then giving up with -EADDRNOTAVAIL
	(resp. exiting immediately with "error parsing or activating the config
	file", without libvirt noticing it, BTW). This can be reproduced with (I
	think) any kernel >= 2.6.39 and the following XML (to be used with
	"virsh net-create"):

	        <network>
	          <name>test-bridge</name>
	          <bridge name='testbr0' />
	          <ip family='ipv6' address='fd00::1' prefix='64'>
	          </ip>
	        </network>

	(it happens even when you have an IPv4, too)

	The problem is that since commit [1] (which, ironically, was made to
	“help IPv6 autoconfiguration”) the linux bridge code makes bridges
	behave like “real” devices regarding carrier detection. This makes the
	bridges created by libvirt, which are started without any up devices,
	stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate
	address detection) from happening, thus letting the IPv6 address flagged
	as “tentative”. Such addresses cannot be bound to (see RFC 2462), so
	dnsmasq fails binding to it (for radvd, it detects that "interface XXX
	is not RUNNING", thus that "interface XXX does not exist, ignoring the
	interface" (sic)). It seems that this behavior was enhanced somehow with
	commit [2] by avoiding setting NO-CARRIER on empty bridges, but I
	couldn't reproduce this behavior on my kernel. Anyway, with the “dummy
	tap to set MAC address” trick, this wouldn't work.

	To fix this, the idea is to get the bridge's attached device to be up so
	that DAD can happen (deactivating DAD altogether is not a good idea, I
	think). Currently, libvirt creates a dummy TAP device to set the MAC
	address of the bridge, keeping it down. But even if we set this device
	up, it is not RUNNING as soon as the tap file descriptor attached to it
	is closed, thus still preventing DAD. So, we must modify the API a bit,
	so that we can get the fd, keep the tap device persistent, run the
	daemons, and close it after DAD has taken place. After that, the bridge
	will be flagged NO-CARRIER again, but the daemons will be running, even
	if not happy about the device's state (but we don't really care about
	the bridge's daemons doing anything when no up interface is connected to
	it).

	Other solutions that I envisioned were:
	      * Keeping the *-nic interface up: this would waste an fd for each
	        bridge during all its life. May be acceptable, I don't really
	        know.
	      * Stop using the dummy tap trick, and set the MAC address directly
	        on the bridge: it is possible since quite some time it seems,
	        even if then there is the problem of the bridge not being
	        RUNNING when empty, contrary to what [2] says, so this will need
	        fixing (and this fix only happened in 3.1, so it wouldn't work
	        for 2.6.39)
	      * Using the --interface option of dnsmasq, but I saw somewhere
	        that it's not used by libvirt for backward compatibility. I am
	        not sure this would solve this problem, though, as I don't know
	        how dnsmasq binds itself to it with this option.

	This is why this patch does what's described earlier.

	This patch also makes radvd start even if the interface is
	“missing” (i.e. it is not RUNNING), as it daemonizes before binding to
	it, and thus sometimes does it after the interface has been brought down
	by us (by closing the tap fd), and then originally stops. This also
	makes it stop yelling about it in the logs when the interface is down at
	a later time.

	[1]
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e
	[2]
	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix regression starting QEMU instances without query-events
	If QEMU reports CommandNotFound for the 'query-events' command,
	we must treat that as success, returning a zero-length array
	of events

2012-09-27  Jim Fehlig  <jfehlig@suse.com>

	Fix compilation of legacy xen driver with Xen 4.2
	In Xen 4.2, xs.h is deprecated in favor of xenstore.h.  xs.h now
	contains

	#warning xs.h is deprecated use xenstore.h instead
	#include <xenstore.h>

	which fails compilation when warnings are treated as errors.

	Introduce a configure-time check for xenstore.h and if found,
	use it instead of xs.h.

2012-09-27  Miloslav Trmač  <mitr@redhat.com>

	Pass the "raw" log message to each virLogOutputFunc
	In addition to the preformatted text line, pass the raw message as well,
	to allow the output functions to use a different output format.

	Split priority conversion from virLogOutputToSyslog
	Allow for the code converting from libvirt log levels to syslog
	log levels to be reused.

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Move command/event capabilities detection out of QEMU monitor code
	The qemuMonitorSetCapabilities() API is used to initialize the QMP
	protocol capabilities. It has since been abused to initialize some
	libvirt internal capabilities based on command/event existance too.
	Move the latter code out into qemuCapsProbeQMP() in the QEMU
	capabilities source file instead

	Remove some unused includes in QEMU code
	The qemu monitor does not require qemu_conf.h, and the
	qemu capabilities code actually wants bitmap.h

	Add a qemuMonitorGetTargetArch() method for QMP query-target command
	Add a new qemuMonitorGetTargetArch() method to support invocation
	of the 'query-target' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetObjectProps() method for QMP device-list-properties command
	Add a new qemuMonitorGetObjectProps() method to support invocation
	of the 'device-list-properties' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetObjectTypes() method for QMP qom-list-types command
	Add a new qemuMonitorGetObjectTypes() method to support invocation
	of the 'qom-list-types' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a qemuMonitorGetEvents() method for QMP query-events command
	Add a new qemuMonitorGetEvents() method to support invocation
	of the 'query-events' JSON monitor command. No HMP equivalent
	is required, since this will only be used when JSON is available

	The existing qemuMonitorJSONCheckEvents() method is refactored
	to use this new method

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a qemuMonitorGetCommands() method for QMP query-commands command
	Add a new qemuMonitorGetCPUCommands() method to support invocation
	of the 'query-commands' JSON monitor command. No HMP equivalent
	is required, since this will only be used when JSON is available

	The existing qemuMonitorJSONCheckCommands() method is refactored
	to use this new method

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a qemuMonitorGetCPUDefinitions method for QMP query-cpu-definitions command
	Add a new qemuMonitorGetCPUDefinitions() method to support invocation
	of the 'query-cpu-definitions' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetMachines() method for QMP query-machines command
	Add a new qemuMonitorGetMachines() method to support invocation
	of the 'query-machines' JSON monitor command. No HMP equivalent
	is required, since this will only be present for QEMU >= 1.2

	Add a qemuMonitorGetVersion() method for QMP query-version command
	Add a new qemuMonitorGetVersion() method to support invocation
	of the 'query-version' JSON monitor command. No HMP equivalent
	is provided, since this will only be used for QEMU >= 1.2

	Refactor guest init to support qemu-system-i386 binary too

	Remove xenner support

	Make qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels static
	The qemuCapsProbeMachineTypes & qemuCapsProbeCPUModels methods
	do not need to be invoked directly anymore. Make them static
	and refactor them to directly populate the qemuCapsPtr object

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove probing of CPU models when launching QEMU guests
	When launching a QEMU guest the binary is probed to discover
	the list of supported CPU names. Remove this probing with a
	simple lookup of CPU models in the qemuCapsPtr object. This
	avoids another invocation of the QEMU binary during the
	startup path.

	As a nice benefit we can now remove all the nasty hacks from
	the test suite which were done to avoid having to exec QEMU
	on the test system. The building of the -cpu command line
	can just rely on data we pre-populate in qemuCapsPtr.

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove probing of machine types when canonicalizing XML
	When XML for a new guest is received, the machine type is
	immediately canonicalized into the version specific name.
	This involves probing QEMU for supported machine types.
	Replace this probing with a lookup of the machine types
	in the (hopefully cached) qemuCapsPtr object

	Remove probing of flags when launching QEMU guests
	Remove all use of the existing APIs for querying QEMU
	capability flags. Instead obtain a qemuCapsPtr object
	from the global cache. This avoids the execution of
	'qemu -help' (and related commands) when launching new
	guests.

	Switch over to use cache for building QEMU capabilities
	When building up a virCapsPtr instance, the QEMU driver
	was copying the list of machine types across from the
	previous virCapsPtr instance, if the QEMU binary had not
	changed. Replace this ad-hoc caching of data with use
	of the new qemuCapsCache global cache.

	Add a qemu capabilities cache manager
	Introduce a qemuCapsCachePtr object to provide a global cache
	of capabilities for QEMU binaries. The cache auto-populates
	on first request for capabilities about a binary, and will
	auto-refresh if the binary has changed since a previous cache
	was populated

	Fix handling of itanium arch name in QEMU driver
	For historical compat we use 'itanium' as the arch name, so
	if the QEMU binary suffix is 'ia64' we need to translate it

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential deadlock when agent is closed
	If the qemuAgentClose method is called from a place which holds
	the domain lock, it is theoretically possible to get a deadlock
	in the agent destroy callback. This has not been observed, but
	the equivalent code in the QEMU monitor destroy callback has seen
	a deadlock.

	Remove the redundant locking while unrefing the object and the
	bogus assignment

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Use size_t instead of int for virDomainDefPtr struct
	Many parts of virDomainDefPtr were using 'int' variables as
	array length counts. Replace all these with size_t and update
	various format strings & API signatures to adapt

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix (rare) deadlock in QEMU monitor callbacks
	Some users report (very rarely) seeing a deadlock in the QEMU
	monitor callbacks

	 Thread 10 (Thread 0x7fcd11e20700 (LWP 26753)):
	 #0  0x00000030d0e0de4d in __lll_lock_wait () from /lib64/libpthread.so.0
	 #1  0x00000030d0e09ca6 in _L_lock_840 () from /lib64/libpthread.so.0
	 #2  0x00000030d0e09ba8 in pthread_mutex_lock () from /lib64/libpthread.so.0
	 #3  0x00007fcd162f416d in virMutexLock (m=<optimized out>)
	     at util/threads-pthread.c:85
	 #4  0x00007fcd1632c651 in virDomainObjLock (obj=<optimized out>)
	     at conf/domain_conf.c:14256
	 #5  0x00007fcd0daf05cc in qemuProcessHandleMonitorDestroy (mon=0x7fcccc0029e0,
	     vm=0x7fcccc00a850) at qemu/qemu_process.c:1026
	 #6  0x00007fcd0db01710 in qemuMonitorDispose (obj=0x7fcccc0029e0)
	     at qemu/qemu_monitor.c:249
	 #7  0x00007fcd162fd4e3 in virObjectUnref (anyobj=<optimized out>)
	     at util/virobject.c:139
	 #8  0x00007fcd0db027a9 in qemuMonitorClose (mon=<optimized out>)
	     at qemu/qemu_monitor.c:860
	 #9  0x00007fcd0daf61ad in qemuProcessStop (driver=driver@entry=0x7fcd04079d50,
	     vm=vm@entry=0x7fcccc00a850,
	     reason=reason@entry=VIR_DOMAIN_SHUTOFF_DESTROYED, flags=flags@entry=0)
	     at qemu/qemu_process.c:4057
	 #10 0x00007fcd0db323cf in qemuDomainDestroyFlags (dom=<optimized out>,
	     flags=<optimized out>) at qemu/qemu_driver.c:1977
	 #11 0x00007fcd1637ff51 in virDomainDestroyFlags (
	     domain=domain@entry=0x7fccf00c1830, flags=1) at libvirt.c:2256

	At frame #10 we are holding the domain lock, we call into
	qemuProcessStop() to cleanup QEMU, which triggers the monitor
	to close, which invokes qemuProcessHandleMonitorDestroy() which
	tries to obtain the domain lock again. This is a non-recursive
	lock, hence hang.

	Since qemuMonitorPtr is a virObject, the unref call in
	qemuProcessHandleMonitorDestroy no longer needs mutex
	protection. The assignment of priv->mon = NULL, can be
	instead done by the caller of qemuMonitorClose(), thus
	removing all need for locking.

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Don't skip over socket label cleanup
	If QEMU quits immediately after we opened the monitor it was
	possible we would skip the clearing of the SELinux process
	socket context

	Move most of qemuProcessKill into virProcessKillPainfully
	In the cgroups APIs we have a virCgroupKillPainfully function
	which does the loop sending SIGTERM, then SIGKILL and waiting
	for the process to exit. There is similar functionality for
	simple processes in qemuProcessKill, but it is tangled with
	the QEMU code. Untangle it to provide a virProcessKillPainfuly
	function

	Don't ignore return value of qemuProcessKill
	When calling qemuProcessKill from the virDomainDestroy impl
	in QEMU, do not ignore the return value. This ensures that
	if QEMU fails to respond to SIGKILL, the caller will know
	about the failure.

2012-09-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock in handling EOF in LXC monitor
	Depending on the scenario in which LXC containers exit, it is
	possible for the EOF callback of the LXC monitor to deadlock
	the driver.

	  #0  0x00000038a0a0de4d in __lll_lock_wait () from /lib64/libpthread.so.0
	  #1  0x00000038a0a09ca6 in _L_lock_840 () from /lib64/libpthread.so.0
	  #2  0x00000038a0a09ba8 in pthread_mutex_lock () from /lib64/libpthread.so.0
	  #3  0x00007f4bd9579d55 in virMutexLock (m=<optimized out>) at util/threads-pthread.c:85
	  #4  0x00007f4bcacc7597 in lxcDriverLock (driver=0x7f4bc40c8290) at lxc/lxc_conf.h:81
	  #5  virLXCProcessMonitorEOFNotify (mon=<optimized out>, vm=0x7f4bb4000b00) at lxc/lxc_process.c:581
	  #6  0x00007f4bd9645c91 in virNetClientCloseLocked (client=client@entry=0x7f4bb4009e60)
	      at rpc/virnetclient.c:554
	  #7  0x00007f4bd96460f8 in virNetClientIOEventLoopPassTheBuck (thiscall=0x0, client=0x7f4bb4009e60)
	      at rpc/virnetclient.c:1306
	  #8  virNetClientIOEventLoopPassTheBuck (client=0x7f4bb4009e60, thiscall=0x0)
	      at rpc/virnetclient.c:1287
	  #9  0x00007f4bd96467a2 in virNetClientCloseInternal (reason=3, client=0x7f4bb4009e60)
	      at rpc/virnetclient.c:589
	  #10 virNetClientCloseInternal (client=0x7f4bb4009e60, reason=3) at rpc/virnetclient.c:561
	  #11 0x00007f4bcacc4a82 in virLXCMonitorClose (mon=0x7f4bb4000a00) at lxc/lxc_monitor.c:201
	  #12 0x00007f4bcacc55ac in virLXCProcessCleanup (reason=<optimized out>, vm=0x7f4bb4000b00,
	      driver=0x7f4bc40c8290) at lxc/lxc_process.c:240
	  #13 virLXCProcessStop (driver=0x7f4bc40c8290, vm=vm@entry=0x7f4bb4000b00,
	      reason=reason@entry=VIR_DOMAIN_SHUTOFF_DESTROYED) at lxc/lxc_process.c:735
	  #14 0x00007f4bcacc5bd2 in virLXCProcessAutoDestroyDom (payload=<optimized out>,
	      name=0x7f4bb4003c80, opaque=0x7fff41af2df0) at lxc/lxc_process.c:94
	  #15 0x00007f4bd9586649 in virHashForEach (table=0x7f4bc409b270,
	      iter=iter@entry=0x7f4bcacc5ab0 <virLXCProcessAutoDestroyDom>, data=data@entry=0x7fff41af2df0)
	      at util/virhash.c:514
	  #16 0x00007f4bcacc52d7 in virLXCProcessAutoDestroyRun (driver=driver@entry=0x7f4bc40c8290,
	      conn=conn@entry=0x7f4bb8000ab0) at lxc/lxc_process.c:120
	  #17 0x00007f4bcacca628 in lxcClose (conn=0x7f4bb8000ab0) at lxc/lxc_driver.c:128
	  #18 0x00007f4bd95e67ab in virReleaseConnect (conn=conn@entry=0x7f4bb8000ab0) at datatypes.c:114

	When the driver calls virLXCMonitorClose, there is really no
	need for the EOF callback to be invoked in this case, since
	the caller can easily handle events itself. In changing this,
	the monitor needs to take a deep copy of the callback list,
	not merely a reference.

	Also adds debug statements in various places to aid
	troubleshooting

2012-09-26  Jim Fehlig  <jfehlig@suse.com>

	Support Xen sysctl version 9 in Xen 4.2
	Xen upstream c/s 24102:dc8e55c9 bumped the sysctl version to 9.
	Support this sysctl version in the xen_hypervisor sub-driver.

2012-09-26  Laine Stump  <laine@laine.org>

	network: backend for virNetworkUpdate of interface list
	<interface> elements are location inside the <forward> element of a
	network. There is only one <forward> element in any network, but it
	might have many <interface> elements. This element only contains a
	single attribute, "dev", which is the name of a network device
	(e.g. "eth0").

	Since there is only a single attribute, the modify operation isn't
	supported for this "section", only add-first, add-last, and
	delete. Also, note that it's not permitted to delete an interface from
	the list while any guest is using it. We may later decide this is safe
	(because removing it from the list really only excludes it from
	consideration in future guest allocations of interfaces, but doesn't
	affect any guests currently connected), but for now this limitation
	seems prudent (of course when changing the persistent config, this
	limitation doesn't apply, because the persistent config doesn't
	support the concept of "in used").

	Another limitation - it is also possible for the interfraces in this
	list to be described by PCI address rather than netdev name. However,
	I noticed while writing this function that we currently don't support
	defining interfaces that way in config - the only method of getting
	interfaces specified as <adress type='pci' ..../> instead of
	<interface dev='xx'/> is to provide a <pf dev='yy'/> element under
	forward, and let the entries in the interface list be automatically
	populated with the virtual functions (VF) of the physical function
	device given in <pg>.

	As with the other virNetworkUpdate section backends, support for this
	section is completely contained within a single static function, no
	other changes were required, and only functions already called from
	elsewhere within the same file are used in the new content for this
	existing function (i.e., adding this code should not cause a new build
	problem on any platform).

2012-09-26  Eric Blake  <eblake@redhat.com>

	build: avoid older gcc warning
	Jim Fehlig reported a compilation error with older gcc 4.3.4:

	libvirt.c: In function 'virDomainGetEmulatorPinInfo':
	libvirt.c:9111: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]

	It looks like someone programmed via too much copy-and-paste.

	* src/libvirt.c (virDomainGetEmulatorPinInfo): Multiplying by 1 is
	a no-op, and thus will never overflow.

2012-09-26  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: don't give null pointers to virBitmapEqual

	parallels: remove unneded code from parallelsDoCmdRun
	scmd was used for debugging and I forgot to remove it before
	commit, so remove it now.

	parallels: fix memory allocation
	size of videos array must be increased.

	parallels: remove unused member 'os' from parallelsDomObj

2012-09-26  Michal Privoznik  <mprivozn@redhat.com>

	qemu: wait for SPICE to migrate
	Recently, there have been some improvements made to qemu so it
	supports seamless migration or something very close to it.
	However, it requires libvirt interaction. Once qemu is migrated,
	the SPICE server needs to send its internal state to the destination.
	Once it's done, it fires SPICE_MIGRATE_COMPLETED event and this
	fact is advertised in 'query-spice' output as well.
	We must not kill qemu until SPICE server finishes the transfer.

2012-09-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in header file comment
	s/mmeory/memory/ in libvirt.h.in

	Don't use O_TRUNC when opening QEMU logfiles
	SELinux wants all log files opened with O_APPEND. When
	running non-root though, libvirtd likes to use O_TRUNC
	to avoid log files growing in size indefinitely. Instead
	of using O_TRUNC though, we can use O_APPEND and then
	call ftruncate() which keeps SELinux happier.

	Simplify some redundant locking while unref'ing objects
	There is no need to hold the mutex when unref'ing
	virObject instances

	Remove pointless virLXCProcessMonitorDestroy method
	Asynchronously setting priv->mon to NULL was pointless,
	just remove the destroy callback entirely.

	Convert virLXCMonitor to use virObject
	Remove custom reference counting from virLXCMonitor, using
	virObject instead

	Move virProcess{Kill,Abort,TranslateStatus} into virprocess.{c,h}
	Continue consolidation of process functions by moving some
	helpers out of command.{c,h} into virprocess.{c,h}

	Move virProcessKill into virprocess.{h,c}
	There are a number of process related functions spread
	across multiple files. Start to consolidate them by
	creating a virprocess.{c,h} file

	Rename virCommandTranslateStatus to virProcessTranslateStatus
	The virCommand prefix was inappropriate because the API
	does not use any virCommandPtr object instance. This
	API closely related to waitpid/exit, so use virProcess
	as the prefix

	Rename virPid{Abort,Wait} to virProcess{Abort,Wait}
	Change "Pid" to "Process" to align with the virProcessKill
	API naming prefix

	Rename virKillProcess to virProcessKill
	Changing naming to follow the convention of "object" followed
	by "action"

	Fix start of containers with custom root filesystem
	A prefix change to unmount the SELinux filesystem broke starting
	of LXC containers with a custom root filesystem

2012-09-25  Doug Goldstein  <cardoe@cardoe.com>

	Update how to compile with -Werror
	--enable-compile-warnings=error has been renamed to --enable-werror so
	update the HACKING and the hacking.html to reflect that.

2012-09-25  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid holding the driver lock in trivial snapshot API's
	In most of the snapshot API's there's no need to hold the driver lock
	the whole time.

	This patch adds helper functions that get the domain object in functions
	that don't require the driver lock and simplifies call paths from
	snapshot-related API's.

2012-09-25  Osier Yang  <jyang@redhat.com>

	storage: Add timeout for iscsi volume's stable path discovery
	It might need some time till the LUN's stable path shows up on
	initiator host, and although the time window is not foreseeable,
	as a better than nothing fix, this patch adds timeout for the
	stable path discovery process.

2012-09-25  Christophe Fergeau  <cfergeau@redhat.com>

	build: fix detection of netcf linked with libnl1
	Commit 9298bfbcb introduced code to detect if netcf is linked with
	libnl1, and to prefer libnl1 over libnl3 when this is the case.
	This behaviour can be disabled by setting LIBNL_CFLAGS to any value,
	including the empty string.
	However, configure.ac sets LIBNL_CFLAGS to "" before attempting
	libnl detection, so the libnl1 detection code is always disabled.
	This caused issues on my f17 system where netcf is linked with libnl1
	but libvirt got built with libnl3.

	This commit removes the setting of the LIBNL_* variables to "" as
	this does not appear to be needed. After this change, libnl1 is
	used when building libvirt on my f17 system.

2012-09-25  Osier Yang  <jyang@redhat.com>

	node_memory: Improve the docs
	To declare that it's not recommended to use the tuning API while
	the outside tuning program (such as ksmtuned under Linux) is running.

2012-09-25  Eric Blake  <eblake@redhat.com>

	tests: test previous commit
	Add a test to avoid virCommand regressions.

	* tests/commandtest.c (test8): Explicitly test env-var overrides.

2012-09-24  Richard W.M. Jones  <rjones@redhat.com>

	command: Change virCommandAddEnv so it replaces existing environment variables.

	command: Move environ-adding code to common function virCommandAddEnv.
	This is just code motion.  The semantics of the code should be
	identical after this change.

2012-09-24  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update from transifex and regenerate

	Fix another rpmbuild failure
	without systemd we should not try to package the non-installed
	%{_sysconfdir}/rc.d/init.d/libvirtd

	Fix an rpmbuild failure
	$RPM_BUILD_ROOT was embedded in /etc/rc.d/init.d/libvirt-guests

2012-09-24  Daniel P. Berrange  <berrange@redhat.com>

	Don't install legacy initscripts at same time as systemd ones
	The Fedora policies don't want us installing the legacy initscripts
	in parallel with the systemd ones, so switch to only install the
	systemd unit

2012-09-22  Laine Stump  <laine@laine.org>

	network: log error for unknown virNetworkUpdate command codes
	Every level of the code for virNetworkUpdate was assuming that some
	other level was checking for validity of the "command" arg, but none
	actually were. The result was that an invalid command code would do
	nothing, but also report success.

	Since the command code isn't used until the very lowest level backend
	functions, that's where I put the check. I made a separate one-line
	function to log the error. The compiler would have combined the
	identical strings used by multiple calls if I'd just called
	virReportError directly in each location, but sending them all to the
	same string in the source guards against inadvertant divergence (which
	would lead to extra work for translators.)

2012-09-22  Laine Stump  <laine@laine.org>

	network: make virNetworkObjUpdate error detection/recovery better
	1) virNetworkObjUpdate should be an all or none operation, but in the
	case that we want to update both the live state and persistent config
	versions of the network, it was committing the update to the live
	state before starting to update the persistent config. If update of
	the persistent config failed, we would leave with things in an
	inconsistent state - the live state would be updated (even though an
	error was returned), but persistent config unchanged.

	This patch changed virNetworkObjUpdate to use a separate pointer for
	each copy of the virNetworkDef, and not commit either of them in the
	virNetworkObj until both live and config parts of the update have
	successfully completed.

	2) The parsers for various pieces of the virNetworkDef have all sorts
	of subtle limitations on them that may not be known by the
	Update[section] function, making it possible for one of these
	functions to make a modification directly to the object that may not
	pass the scrutiny of a subsequent parse. But normally another parse
	wouldn't be done on the data until the *next* time the object was
	updated (which could leave the network definition in an unusable
	state).

	Rather than fighting the losing battle of trying to duplicate all the
	checks from the parsers into the update functions as well, the more
	foolproof solution to this is to simply do an extra
	virNetworkDefCopy() operation on the updated networkdef -
	virNetworkDefCopy() does a virNetworkFormat() followed by a
	virNetworkParseString(), so it will do all the checks we need. If this
	fails, then we don't commit the changed def.

2012-09-22  Laine Stump  <laine@laine.org>

	network: don't "refresh" iptables rules on rule-less networks
	The bridge driver implementation of virNetworkUpdate() removes and
	re-adds iptables rules any time a network has an <ip>, <forward>, or
	<forward>/<interface> element updated. There are some types of
	networks that have those elements and yet have no iptables rules
	associated with them, and unfortunately the functions that remove/add
	iptables rules don't check the type of network before attempting to
	remove/add the rules, sometimes leading to an erroneous failure of the
	entire update operation.

	Under normal circumstances I would refactor the lower level functions
	to be more robust, but to avoid code churn as much as possible, I've
	just added extra checks directly to networkUpdate().

2012-09-21  Miloslav Trmač  <mitr@redhat.com>

	Drop unused return value of virLogOutputFunc
	Nothing uses the return value, and creating it requries otherwise
	unnecessary strlen () calls.

	This cleanup is conceptually independent from the rest of the series
	(although the later patches won't apply without it).  This just seems
	a good opportunity to clean this up, instead of entrenching the unnecessary
	return value in the virLogOutputFunc instance that will be added in this
	series.

2012-09-21  Tang Chen  <tangchen@cn.fujitsu.com>

	Remove redundant lines in src/qemu/qemu_driver.c
	maxcpu and hostcpus are defined and calculated in qemudDomainPinVcpuFlags()
	and qemudDomainPinEmulator(), but never used. So remove them including nodeinfo.

2012-09-21  Richard W.M. Jones  <rjones@redhat.com>

	Add <seclabel> to character devices.
	This allows the user to control labelling of each character device
	separately (the default is to inherit from the VM).

2012-09-21  Richard W.M. Jones  <rjones@redhat.com>

	Make virSecurityDeviceLabelDefParseXML into generic device <seclabel> parser.
	This is just code motion, allowing us to reuse the same function to
	parse the <seclabel> from character devices too.

	However it also fixes a possible segfault in the original code if
	VIR_ALLOC_N returns an error and the cleanup code (at the error:
	label) tries to iterate over the unallocated array (thanks Michal
	Privoznik for spotting this).

2012-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix failure path in disk hotplug
	Disk hotplug is a two phase action: qemuMonitorAddDrive followed by
	qemuMonitorAddDevice. When the first part succeeds but the second one
	fails, we need to rollback the drive addition.

	locking: Remove README file in favor of internals/locking.html
	The README file seems to be a leftover from some previous version of
	locking driver. It is not consistent with what the code does nor is it
	consistent with existing documentation in internals/locking.html.

2012-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Improve some debugging log messages in LXC mount setup

	Ensure existing selinux mount is removed before mounting new one in LXC
	Some kernel versions (at least RHEL-6 2.6.32) do not let you over-mount
	an existing selinuxfs instance with a new one. Thus we must unmount the
	existing instance inside our namespace.

	Fix crash accessing a NULL URI when looking up auth credentials
	When auto-probing hypervisor drivers, the conn->uri field will
	initially be NULL. Care must be taken not to access members
	when doing auth lookups in the config file

2012-09-21  Tang Chen  <tangchen@cn.fujitsu.com>

	Remove a redundant line in src/qemu/qemu_driver.c

2012-09-21  Laine Stump  <laine@laine.org>

	network: backend for virNetworkUpdate of portgroups
	portgroup elements are located in the toplevel of <network>
	objects. There can be multiple <portgroup> elements, and they each
	have a unique name attribute.

	Add, delete, and modify are all supported for portgroup. When deleting
	a portgroup, only the name must be specified in the provided xml - all
	other attributes and subelements are ignored for the purposes of
	matching and existing portgroup.

	The bridge driver and virsh already know about the portgroup element,
	so providing this backend should cause the entire stack to work. Note
	that in the case of portgroup, there is no external daemon based on
	the portgroup config, so nothing must be restarted.

	It is important to note that guests make a copy of the appropriate
	network's portgroup data when they are started, so although an updated
	portgroup's configuration will have an affect on new guests started
	after the cahange, existing guests won't magically have their
	bandwidth changed, for example. If something like that is desired, it
	will take a lot of redesign work in the way network devices are setup
	(there is currently no link from the network back to the individual
	interfaces using it, much less from a portgroup within a network back
	to the individual interfaces).

2012-09-21  Laine Stump  <laine@laine.org>

	network: backend for virNetworkUpdate of dhcp range
	The dhcp range element is contained in the <dhcp> element of one of a
	network's <ip> elements. There can be multiple <range>
	elements. Because there are only two attributes (start and end), and
	those are exactly what you would use to identify a particular range,
	it doesn't really make sense to modify an existing element, so
	VIR_NETWORK_UPDATE_COMMAND_MODIFY isn't supported for this section,
	only ADD_FIRST, ADD_LAST, and DELETE.

	Since virsh already has support for understanding all the defined
	sections, this new backend is automatically supported by virsh. You
	would use it like this:

	  virsh net-update mynet add ip-dhcp-range \
	        "<range start='1.2.3.4' end='1.2.3.20'/>" --live --config

	The bridge driver also already supports all sections, so it's doing
	the correct thing in this case as well - since the dhcp range is
	placed on the dnsmasq commandline, the bridge driver recreates the
	dnsmasq commandline, and re-runs dnsmasq whenever a range is
	added/deleted (and AFFECT_LIVE is specified in the flags).

2012-09-21  Laine Stump  <laine@laine.org>

	virsh: new net-update command
	This command uses the new virNetworkUpdate() API to modify an existing
	network definition, and optionally have those modifications take
	effect immediately without restarting the network.

	An example usage:

	  virsh net-update mynet add-last ip-dhcp-host \
	   "<host mac='00:11:22:33:44:55' ip='192.168.122.45'/>" \
	   --live --config

	If you like, you can instead put the xml into a file, and call like
	this:

	  virsh net-update mynet add ip-dhcp-host /tmp/myxml.xml
	   --live --config

	virsh will autodetect whether the argument is itself an xml element,
	or if it's a file, by looking at the first character - the first
	character of an xml element is always "<", and the first character of
	a file is almost always *not* "<" (in the rare case that it is, the
	user could specify "./<filename...").

	A --parent-index option is also available (to give the index within a
	list of parent objects, e.g. the index of the parent <ip> element when
	updating ip-dhcp-host elements), but is optional and at least for now
	will probably be used rarely.

	--live, --config, and --current options - if you specify --live, only
	the live state of the network will be updated. If you also specify
	--config, then the persistent configuration will also be updated;
	these two commands can be given separately, or both together. If you
	don't specify either (you can optionally specify "--current" for the
	same effect), then the "current" config will be updated (i.e. if the
	network is active, then only its live config is affected, but if the
	network is inactive, only the persistent config is affected).

2012-09-21  Eric Blake  <eblake@redhat.com>

	docs: fix typo in filesystem docs
	Noticed this by reading the page.  It would be so much nicer if our
	tools could automatically flag things like this as part of 'make'.

	* docs/formatdomain.html.in: Remove extra '>'.

2012-09-21  Eric Blake  <eblake@redhat.com>

	maint: fix up copyright notice inconsistencies
	https://www.gnu.org/licenses/gpl-howto.html recommends that
	the 'If not, see <url>.' phrase be a separate sentence.

	* tests/securityselinuxhelper.c: Remove doubled line.
	* tests/securityselinuxtest.c: Likewise.
	* globally: s/;  If/.  If/

2012-09-20  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	doc: include article about libvirt+audit in relatedlinks.html
	This patch adds to relatedlinks.html a link to an article about libvirt
	describing how the Linux audit subsystem can be used to track qemu
	guest's life-cycle.

2012-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Ensure autogen.sh exists if bootstrap fails
	If any of the bootstrap tasks (autoconf/automake/etc) failed,
	autogen.sh carried on running any pre-existing configure anyway.
	Use 'set -e' to ensure autogen.sh immediately exists on error.

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add tests for dump-core option

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: add support for dump-guest-core option
	The "dump-guest-core' option is new option for the machine type
	(-machine pc,dump-guest-core) that controls whether the guest memory
	will be marked as dumpable.

	While testing this, I've found out that the value for the '-M' options
	is not parsed correctly when additional parameters are used. However,
	when '-machine' is used for the same options, it gets parsed as
	expected. That's why this patch also modifies the parsing and creating
	of the command line, so both '-M' and '-machine' are recognized. In
	QEMU's help there is only mention of the 'machine parameter now with
	no sign of the older '-M'.

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	Add support for limiting guest coredump
	Sometimes when guest machine crashes, coredump can get huge due to the
	guest memory. This can be limited using madvise(2) system call and is
	being used in QEMU hypervisor. This patch adds an option for configuring
	that in the domain XML and related documentation.

	QEMU Tests for reboot-timeout

	qemu: Add support for reboot-timeout
	This patch adds support for "-boot reboot-timeout=rb_time" that is
	added in QEMU.

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	Add support for reboot-timeout
	Whenever the guest machine fails to boot, new parameter (reboot-timeout)
	controls whether it should reboot and after how many ms it should do so.

	Docs included.

2012-09-20  Peter Krempa  <pkrempa@redhat.com>

	security: Don't ignore errors when parsing DAC security labels
	The DAC security driver silently ignored errors when parsing the DAC
	label and used default values instead.

	With a domain containing the following label definition:

	<seclabel type='static' model='dac' relabel='yes'>
	  <label>sdfklsdjlfjklsdjkl</label>
	</seclabel>

	the domain would start normaly but the disk images would be still owned
	by root and no error was displayed.

	This patch changes the behavior if the parsing of the label fails (note
	that a not present label is not a failure and in this case the default
	label should be used) the error isn't masked but is raised that causes
	the domain start to fail with a descriptive error message:

	virsh #  start tr
	error: Failed to start domain tr
	error: internal error invalid argument: failed to parse DAC seclabel
	'sdfklsdjlfjklsdjkl' for domain 'tr'

	I also changed the error code to "invalid argument" from "internal
	error" and tweaked the various error messages to contain correct and
	useful information.

2012-09-20  liguang  <lig.fnst@cn.fujitsu.com>

	simplify xenXMDomainPinVcpu function
	supersede tedious statements getting cpu bitmap
	from parameter cpumap by virBitmapNewData function

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup of domain_conf sentinels
	This patch removes all commas after *_LAST sentinels in the enums.

2012-09-20  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Cleanup boot parameter building
	This patch cleans up building the "-boot" parameter and while on that
	fixes one inconsistency by modifying these things:

	 - I completed the unfinished virDomainBootMenu enum by specifying
	   LAST, declaring it and also declaring the TypeFromString and
	   TypeToString parameters.
	 - Previously mentioned TypeFromString and TypeToString are used when
	   parsing the XML.
	 - Last, but not least, visible change is that the "-boot" parameter
	   is built and parsed properly:
	    - The "order=" prefix is used only when additional parameters are
	      used (menu, etc.).
	    - It's rewritten in a way that other parameters can be added
	      easily in the future (used in following patch).
	    - The "order=" parameter is properly parsed regardless to where it
	      is placed in the string (e.g. "menu=on,order=nc").
	    - The "menu=" parameter (and others in the future) are created
	      when they should be (i.e. even when bootindex is supported and
	      used, but not when bootloader is selected).

2012-09-20  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Transition domain to PAUSED after 'stop' command
	Currently, we mark domain PAUSED (but not emit an event)
	just before we issue 'stop' on monitor; This command can
	take ages to finish, esp. when domain's doing a lot of
	IO - users can enforce qemu to open files with O_DIRECT
	which doesn't return from write() until data reaches the
	block device. Having said that, we report PAUSED even if
	domain is not paused yet.

2012-09-20  Laine Stump  <laine@laine.org>

	network: fix element size / length in memmove
	The memmove to move elements in the dhcp hosts array when inserting
	and deleting items was mistakenly basing the length of the copy on the
	size of a virNetworkDHCPHostDefPtr rather than virNetworkDHCPHostDef,
	with the expected disastrous results.

	The memmove to delete an entry commits two errors - along with the
	size of each element being wrong, it also omits some required
	parentheses.

2012-09-19  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Move daemon to misc since its not a network
	Move the 'Daemon' entry to the Miscellaneous section since its not a
	networking driver or component.

2012-09-19  Laine Stump  <laine@laine.org>

	network: fix incorrect VIR_NETWORK_UPDATE_COMMAND_* values
	These enums originally were put into the flags for virNetworkUpdate,
	and when they were moved into their own enum, the numbers weren't
	appropriately changed, causing the commands to start with value 2
	instead of 1. This causes problems for things like ENUM_IMPL, which
	wants a string for every value in the requested range, including those
	not used in the enum.

2012-09-19  Doug Goldstein  <cardoe@cardoe.com>

	build: define WITH_INTERFACE for the driver
	Based exclusively on work by Eric Blake in a patch posted with the same
	subject. However some modifications related to comments and my plans to
	add another backend.

	Added WITH_INTERFACE as the only automake variable deciding whether to
	build the driver and using WITH_NETCF to identify that we're wanting to
	use the netcf library as the backend.

	* configure.ac: Added with_interface
	* src/interface/netcf_driver.c: Renamed..
	* src/interface/interface_backend_netcf.c: ..to this to match storage.
	* src/interface/netcf_driver.h: Renamed..
	* src/interface/interface_driver.h: ..to this.
	* daemon/Makefile.am: Respect WITH_INTERFACE and WITH_NETCF.
	* libvirt.spec.in: Add RPM support for --with-interface

2012-09-19  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Rename QEmu to QEMU to match upstream
	Match upstream's naming of QEMU. There was a notice on the ML that said
	the preferred spelling was QEMU a while back.

2012-09-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix resource leaks when editing files.
	The cleanup path in virsh-edit helper was never reached when the edit
	was successful leaking the document in memory as well as the temporary
	file.

2012-09-19  Eric Blake  <eblake@redhat.com>

	util: don't print free'd dmidecode path
	The path was freed before printing the error message, resulting in:
	error : virSysinfoRead:773 : internal error Failed to execute command
	(null)
	But virCommandRun already gives a better error message.

	* src/util/sysinfo.c (virSysinfoRead): Avoid overwriting error.

2012-09-19  Eric Blake  <eblake@redhat.com>

	build: avoid unused symbol
	Commit f36309d added an export with no matching implementation;
	probably a misspelling of an earlier version of the final addition
	of virNetworkObjSetDefTransient.

	* src/libvirt_private.syms (network_conf.h): Drop bogus
	virNetworkSetDefTransient.

2012-09-19  Eric Blake  <eblake@redhat.com>

	build: fix nodeinfo build on non-Linux platforms
	Commit aaa8ab3 added new static functions that are only used on Linux;
	but commit 22acfdc didn't go far enough to fix compiler issues.

	* src/nodeinfo.c (nodeSetMemoryParameterValue)
	(nodeGetMemoryParameterValue): Conditionally compile based on use.

2012-09-19  Eric Blake  <eblake@redhat.com>

	bitmap: fix problems in previous commit
	Commit ee3d3893 missed the fact that (unsigned char)<<(int)
	is truncated to int, and therefore failed for any bitmap data
	longer than four bytes.

	Also, I failed to run 'make syntax-check' on my commit 4bba6579;
	for whatever odd reason, ffs lives in a different header than ffsl.

	* src/util/bitmap.c (virBitmapNewData): Use correct shift type.
	(includes): Glibc (and therefore gnulib) decided ffs is in
	<strings.h>, but ffsl is in <string.h>.
	* tests/virbitmaptest.c (test5): Test it.

2012-09-18  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable byte-swapping
	Commit 0fc89098 used functions only available on glibc, completely
	botched 32-bit environments, and risked SIGBUS due to unaligned
	memory access on platforms that aren't as forgiving as x86_64.

	* bootstrap.conf (gnulib_modules): Import ffsl.
	* src/util/bitmap.c (includes): Use <strings.h> for ffsl.
	(virBitmapNewData, virBitmapToData): Avoid 64-bit assumptions and
	non-portable functions.

2012-09-18  Martin Kletzander  <mkletzan@redhat.com>

	Fix minor details not only in apic eoi
	The introduction of APIC EOI patches had a few little details that
	could look better, so this patch fixes that and one more place in the
	file as well (same problem).

2012-09-18  Martin Kletzander  <mkletzan@redhat.com>

	secret: Fix error for private secrets
	When trying to get the value of a private secret, the code used
	'operation denied' error. That error is specified as a error for
	read-only connections trying to perform denied operation. The
	following error seems more accurate.

	To compare the difference:
	 - BEFORE
	error: operation secret is private forbidden for read only access

	 - AFTER
	error: Invalid secret: secret is private

2012-09-18  Martin Kletzander  <mkletzan@redhat.com>

	virNetDevBandwidthClear: Improve error handling
	Two changes are introduced in this patch:

	 - The first change removes ATTRIBUTE_RETURN_CHECK from
	   virNetDevBandwidthClear, because it was called with ignore_value
	   always, anyway. The function is used even when it's not necessary
	   to call it, just for cleanup purposes.

	 - The second change is added ignoring of the command's exit status,
	   since it may report an error even when run just as "to be sure we
	   clean up" function. No libvirt errors are suppresed by this.

2012-09-18  Martin Kletzander  <mkletzan@redhat.com>

	syntax-check: fix run.in
	Two more problems in "run.in" made the syntax-check fail.

2012-09-18  Guido Günther  <agx@sigxcpu.org>

	Adhere to copyright_address check
	to fix "make syntax-check"

	Found by http://honk.sigxcpu.org:8001/job/libvirt-syntax-check/

2012-09-18  Richard W.M. Jones  <rjones@redhat.com>

	Add a ./run script for running programs from the local directory.
	With this script you can run libvirt programs without needing to
	install them first.  You just have to do for example:

	  ./run ./tools/virsh [args ...]

	If you are already in the tools/ subdirectory, then the following
	command will also work:

	  ../run ./virsh [...]

	You can also run the C programs under valgrind like this:

	  ./run valgrind [valgrind opts...] ./program

	or under gdb:

	  ./run gdb --args ./program

	This also works with sudo (eg. if you need root access for libvirt):

	  sudo ./run ./tools/virsh list --all

	Derived from libguestfs and simplified.  The ./run script in
	libguestfs is much more sophisticated:

	https://github.com/libguestfs/libguestfs/blob/master/run.in

2012-09-18  Peter Krempa  <pkrempa@redhat.com>

	rpc: Fix name of member in remote_protocol-structs
	Commit 7a99b0abafb69e1686198ac3473892a9aaeb8255 adds a new RPC struct
	but one of the members has different names in remote_protocol.x and
	remote_protocol-struct breaking make check.

2012-09-18  Ján Tomko  <jtomko@redhat.com>

	virBitmap: fix build without HAVE_NUMACTL
	Commit 75b198b3e7b2c8b4106afbd42f8bb795c4773511 forgot to change
	arguments of dummy qemuProcessInitNumaMemoryPolicy from char* to
	virBitmapPtr.

	qemuhelptest: convert runaway tab to spaces
	Make syntax-check happy and smiling again.

2012-09-18  Richard W.M. Jones  <rjones@redhat.com>

	daemon: Fix error message when libvirtd is missing.
	Currently we search along the hard-coded names:
	  SBINDIR "/libvirtd"
	  SBINDIR "/libvirtd_dbg"
	but if the environment variable $LIBVIRTD_PATH is set to the
	name of the libvirtd binary, that is used instead.  Fix the
	error message so it accurately reflects current behaviour
	($PATH is NOT searched).

	gitignore: Ignore .gdb_history file.

2012-09-18  Daniel Veillard  <veillard@redhat.com>

	Fix the augea test for qemu libvirtd options
	Commit 1ccf22277be013beb3f26f0083867c9c9eddca18 forgot to
	add the output to the augeas test

2012-09-18  Laine Stump  <laine@laine.org>

	network: implement backend of virNetworkUpdate(IP_DHCP_HOST)
	This patch fills in the first implementation for one of the
	virNetworkUpdate sections. With this code, you can now add/delete/edit
	<host> entries in a network's <ip> address <dhcp> element (by
	specifying a section of VIR_NETWORK_SECTION_IP_DHCP_HOST).

	If you pass in a parentIndex of -1, the code will automatically find
	the one ip element that has a <dhcp> section and make the updates
	there. Otherwise, you can specify an index >= 0, and libvirt will look
	for that particular instance of <ip> in the network, and modify its
	<dhcp> element. (This currently isn't very useful, because libvirt
	only supports having dhcp information on a single IP address, but that
	could change in the future).

	When adding a new host entry
	(VIR_NETWORK_UPDATE_COMMAND_ADD_(FIRST|LAST)), the existing entries
	will be compared to the new entry, and if any non-empty attribute
	matches, the add will fail. When updating an existing entry
	(VIR_NETWORK_UPDATE_COMMAND_MODIFY), the mac address or name will be
	used to find the existing entry, and other fields will only be updated
	(note there is some potential for ambiguity here if you specify the
	mac address from one entry and the name from another).  When deleting
	an existing entry (VIR_NETWORK_UPDATE_COMMAND_DELETE), all non-empty
	attributes in the supplied xml arg will be compared - all of them must
	match before libvirt will delete the host.

	The xml should be a fully formed <host> element as it would appear in
	a network definition, e.g. "<host mac=00:11:22:33:44:55 ip=10.1.23.22
	name='testbox'/>" (when adding/updating, ip and one of mac|name is
	required; when deleting, you can specify any one, two, or all
	attributes, but they all must match the target element).

	As with the update of any other section, you can choose to affect the
	live config (with flag VIR_NETWORK_UPDATE_AFFECT_LIVE), the persistent
	config (VIR_NETWORK_UPDATE_AFFECT_CONFIG), or both. If you've chosen
	to affect the live config, those changes will take effect immediately,
	with no need to destroy/restart the network.

	An example of adding a host entry:

	   virNetworkUpdate(net, VIR_NETWORK_UPDATE_COMMAND_ADD_LAST,
	                     VIR_NETWORK_SECTION_IP_DHCP_HOST, -1,
	                    "<host mac='00:11:22:33:44:55' ip='192.168.122.5'/>",
	                    VIR_NETWORK_UPDATE_AFFECT_LIVE
	                    | VIR_NETWORK_UPDATE_AFFECT_CONFIG);

	To delete that same entry:

	   virNetworkUpdate(net, VIR_NETWORK_UPDATE_COMMAND_DELETE,
	                    VIR_NETWORK_SECTION_IP_DHCP_HOST, -1,
	                    "<host mac='00:11:22:33:44:55'/>",
	                    VIR_NETWORK_UPDATE_AFFECT_LIVE
	                    | VIR_NETWORK_UPDATE_AFFECT_CONFIG);

	(you could also delete it by replacing "mac='00:11:22:33:44:55'" with
	"ip='192.168.122.5'".)

2012-09-18  Laine Stump  <laine@laine.org>

	network: restart radvd/dnsmasq if needed when libvirtd is restarted
	A user on IRC had accidentally killed all of his libvirt-started
	dnsmasq instances (due to a buggy dnsmasq service script in Fedora
	16), and had hoped that libvirtd would notice this on restart and
	reload all the dnsmasq daemons (as it does with iptables
	rules). Unfortunately this was not the case - as long as the network
	object had a pid registered for dnsmasq and/or radvd, it assumed that
	the processes were running.

	This patch takes advantage of the new utility functions in
	bridge_driver.c to do a "refresh" of all radvd and dnsmasq processes
	started by libvirt each time libvirtd is restarted - this function
	attempts to do a SIGHUP of each existing process, and if that fails,
	it restarts the process, rebuilding all the associated config files
	and commandline parameters in the process. This normally has no
	effect, but will be useful in solving the occasional "odd situation"
	without needing to take the drastic step of destroying/re-starting the
	network.

2012-09-18  Laine Stump  <laine@laine.org>

	network: implement virNetworkUpdate for test_driver
	The test driver does nothing outside of keeping track of each
	network's config/state in the in-memory database maintained by
	network_conf functions, so all we have to do is call the function that
	updates the network's entry in the in-memory database.

2012-09-18  Laine Stump  <laine@laine.org>

	network: implement virNetworkUpdate for bridge_driver
	Call the network_conf function that modifies the live/persistent/both
	config, then refresh/restart dnsmasq/radvd if necessary, and finally
	save the config in the proper place(s).

	This patch also needed to uncomment a few utility functions that were
	added inside #if 0 in the previous commit (to avoid compiler errors
	due to unreferenced static functions).

2012-09-18  Laine Stump  <laine@laine.org>

	network: reorganize dnsmasq and radvd config file / startup
	This patch splits the starting of dnsmasq and radvd into multiple
	files, and adds new networkRefreshXX() and networkRestartXX()
	functions for each. These new functions are currently commented out
	because they won't be used until the next commit, and the compile options
	require all static functions to be used.

	networkRefreshXX() - rewrites any file-based config for dnsmasq/radvd,
	and sends SIGHUP to the process to make it reread its config. If the
	program isn't already running, it's just started.

	networkRestartXX() - kills the given program, waits for it to exit
	(see the comments in the function networkKillDaemon()), then calls
	networkStartXX().

	This commit is here mostly as a checkpoint to verify no change in
	functional behavior after refactoring networkStartXX() functions to
	fit in with these new functions.

2012-09-18  Laine Stump  <laine@laine.org>

	conf: implement NetworkObj backend of virNetworkUpdate API
	virNetworkObjUpdate takes care of all virNetworkUpdate-related changes
	to the data stored in the in-memory virNetworkObj list. It should be
	called by network drivers that use this in-memory list.

	virNetworkObjUpdate *does not* take care of updating any disk-based
	copies of the config, nor does it perform any other operations
	necessary to have the new config data take effect (e.g. it won't
	re-write dnsmasq host files, nor will it send a SIGHUP to dnsmasq) -
	those things should all be taken care of in the network driver
	function that calls virNetworkObjUpdate (assuming that it returns
	success).

2012-09-18  Laine Stump  <laine@laine.org>

	network: utility functions for updating network config
	These new functions are highly inspired by those in domain_conf.c (but
	not identical), and are intended to make it simpler to update the
	various combinations of live/persistent network configs.

	The network driver wasn't previously as careful about the separation
	between the live "status" in network->def and the persistent "config"
	in network->newDef (or sometimes in network->def). This series
	attempts to remedy some of that, but probably doesn't go all the way
	(enough to get these functions working and enable continued work on
	virNetworkUpdate though).

	bridge_driver.c and test_driver.c were updated in a few places to take
	advantage of the new functions and/or account for changes in argument
	lists.

2012-09-18  Laine Stump  <laine@laine.org>

	network: implement RPC calls for virNetworkUpdate
	This is very short, because almost everything is autogenerated. All
	that's needed are:

	* src/remote/remote_driver.c: add pointer to autogenerated
	    remoteNetworkUpdate to the function table for the remote
	    network driver.

	* src/remote/remote_protocol.x: add the "args" struct and add one more
	    item to the remote_procedure enum for this function.

	* src/remote_protocol-struct: update to match remote_protocol.x

2012-09-18  Laine Stump  <laine@laine.org>

	network: define new API virNetworkUpdate
	This patch adds a new public API virNetworkUpdate that will permit
	updating an existing network configuration without requiring that the
	network be destroyed/restarted for the changes to take effect.

2012-09-18  Ján Tomko  <jtomko@redhat.com>

	tests: add qemu-1.2.0 help data
	Generated with:

	qemu-system-x86_64 -help >tests/qemuhelpdata/qemu-1.2.0
	qemu-system-x86_64 \
	    -device ? \
	    -device pci-assign,? \
	    -device virtio-blk-pci,? \
	    -device virtio-net-pci,? \
	    -device scsi-disk,? 2>tests/qemuhelpdata/qemu-1.2.0-device

2012-09-18  Ján Tomko  <jtomko@redhat.com>

	qemu: add -sandbox to command line if requested

	qemu: conf: add seccomp_sandbox option

	qemu: add capability flag for seccomp sandbox
	This series adds support to run QEMU with seccomp sandbox enabled. It can be
	configured in qemu.conf to on, off, or the QEMU default, which is off in 1.2.
	Default value is the QEMU default.

2012-09-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Avoid deadlock on HandleAgentEOF
	On agent EOF the qemuProcessHandleAgentEOF() callback is called
	which locks virDomainObjPtr. Then qemuAgentClose() is called
	(with domain object locked) which eventually calls qemuAgentDispose()
	and qemuProcessHandleAgentDestroy(). This tries to lock the
	domain object again. Hence the deadlock.

2012-09-18  Osier Yang  <jyang@redhat.com>

	qemu: Use disk wwn in qemu command line
	All of ide-drive, ide-hd, ide-cd, scsi-disk, scsi-hd, and scsi-cd
	supports wwn property. (NB, scsi-block doesn't support to set wwn).

	* src/qemu/qemu_command.c: Error out if underlying QEMU doesn't
	support wwn property for the device; Set wwn for the device otherwise.

	* tests/qemuxml2argvdata/qemuxml2argv-disk-ide-wwn.args: New test
	* tests/qemuxml2argvdata/qemuxml2argv-disk-ide-wwn.xml: Likewise
	* tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-wwn.args: Likewise
	* tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-wwn.xml: Likewise
	* tests/qemuxml2argvtest.c: Add the new tests.

2012-09-18  Osier Yang  <jyang@redhat.com>

	qemu: Add caps to indentify if setting wwn is supported by qemu
	This assumes ide-drive.wwn, ide-hd.wwn, ide-cd.wwn were supported
	at the same time, similar for scsi-disk.wwn, scsi-hd.wwn, and
	scsi-cd.wwn. So only two new caps (QEMU_CAPS_IDE_DRIVE_WWN,
	and QEMU_CAPS_SCSI_DISK_WWN) are introduced.

2012-09-18  Osier Yang  <jyang@redhat.com>

	conf: Parse and format disk <wwn>
	Validates the wwn while parsing, error out if it's malformed.

	* src/util/util.h: Declare virValidateWWN
	* src/util/util.c: Implement virValidateWWN
	* src/libvirt_private.syms: Export virValidateWWN.
	* src/conf/domain_conf.h: New member 'wwn' for disk def.
	* src/conf/domain_conf.c: Parse and format disk <wwn>

2012-09-18  Osier Yang  <jyang@redhat.com>

	schema: Add schema for disk <wwn>
	* docs/formatdomain.html.in: Add document.
	* docs/schemas/nodedev.rng: Move definition of "wwn" to ...
	* docs/schemas/basictypes.rng: ...Here
	* docs/schemas/domaincommon.rng: Add schema for disk <wwn>

2012-09-18  Eric Blake  <eblake@redhat.com>

	blockjob: add blockcommit support to rpc
	Relatively straightforward.  Our decision to make block job
	speed a long keeps haunting us on new API.

	* src/remote/remote_protocol.x (remote_domain_block_commit_args):
	New struct.
	* src/remote/remote_driver.c (remote_driver): Enable it.
	* src/remote_protocol-structs: Regenerate.
	* src/rpc/gendispatch.pl (long_legacy): Exempt another bandwidth.

2012-09-18  Eric Blake  <eblake@redhat.com>

	blockjob: add virsh blockcommit
	The new command 'virsh blockcommit $dom $disk' requests the start
	of an asynchronous commit operation across the entire chain of
	$disk.  Further arguments can fine-tune which portion of the
	chain is committed.  Existing 'virsh blockjob' commands can then
	track the status, change the bandwidth, or abort the commit job.

	With a bit more on the command line, 'virsh blockcommit $dom $disk
	--wait --verbose' can be used for blocking behavior, with visual
	feedback on the overall status, and can be canceled with Ctrl-C.

	The overall design, including the wait loop logic, borrows heavily
	from the existing blockpull command.

	* tools/virsh-domain.c (cmdBlockCommit): New function.
	* tools/virsh.pod (blockcommit): Document it.

2012-09-18  Eric Blake  <eblake@redhat.com>

	blockjob: add virDomainBlockCommit
	A block commit moves data in the opposite direction of block pull.
	Block pull reduces the chain length by dropping backing files after
	data has been pulled into the top overlay, and is always safe; block
	commit reduces the chain length by dropping overlays after data has
	been committed into the backing file, and any files that depended
	on base but not on top are invalidated at any point where they have
	unallocated data that is now pointing to changed contents in base.
	Both directions are useful, however: a qcow2 layer that is more than
	50% allocated will typically be faster with a pull operation, while
	a qcow2 layer with less than 50% allocation will be faster as a
	commit operation.  Committing across multiple layers can be more
	efficient than repeatedly committing one layer at a time, but
	requires extra support from the hypervisor.

	This API matches Jeff Cody's proposed qemu command 'block-commit':
	https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02226.html

	Jeff's command is still in the works for qemu 1.3, and may gain
	further enhancements, such as the ability to control on-error
	handling (it will be comparable to the error handling Paolo is
	adding to 'drive-mirror', so a similar solution will be needed
	when I finally propose virDomainBlockCopy with more functionality
	than the basics supported by virDomainBlockRebase).  However, even
	without qemu support, this API will be useful for _offline_ block
	commits, by wrapping qemu-img calls and turning them into a block
	job, so this API is worth committing now.

	For some examples of how this will be implemented, all starting
	with the chain: base <- snap1 <- snap2 <- active

	+ These are equivalent:
	 virDomainBlockCommit(dom, disk, NULL, NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, NULL, "active", 0, 0)
	 virDomainBlockCommit(dom, disk, "base", NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, "base", "active", 0, 0)
	but cannot be implemented for online qemu with round 1 of
	Jeff's patches; and for offline images, it would require
	three back-to-back qemu-img invocations unless qemu-img
	is patched to allow more efficient multi-layer commits;
	the end result would be 'base' as the active disk with
	contents from all three other files, where 'snap1' and
	'snap2' are invalid right away, and 'active' is invalid
	once any further changes to 'base' are made.

	+ These are equivalent:
	 virDomainBlockCommit(dom, disk, "snap2", NULL, 0, 0)
	 virDomainBlockCommit(dom, disk, NULL, NULL, 0, _SHALLOW)
	they cannot be implemented for online qemu, but for offline,
	it is a matter of 'qemu-img commit active', so that 'snap2'
	is now the active disk with contents formerly in 'active'.

	+ Similarly:
	 virDomainBlockCommit(dom, disk, "snap2", NULL, 0, _DELETE)
	for an offline domain will merge 'active' into 'snap2', then
	delete 'active' to avoid leaving a potentially invalid file
	around.

	+ This version:
	 virDomainBlockCommit(dom, disk, NULL, "snap2", 0, _SHALLOW)
	can be implemented online with 'block-commit' passing a base of
	snap1 and a top of snap2; and can be implemented offline by
	'qemu-img commit snap2' followed by 'qemu-img rebase -u
	-b snap1 active'

	* include/libvirt/libvirt.h.in (virDomainBlockCommit): New API.
	* src/libvirt.c (virDomainBlockCommit): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.10.2): Export it.
	* src/driver.h (virDrvDomainBlockCommit): New driver callback.
	* docs/apibuild.py (CParser.parseSignature): Add exception.

2012-09-18  Eric Blake  <eblake@redhat.com>

	qemu: drop unused arguments for dump-guest-memory
	Upstream qemu has raised a concern about whether dumping guest
	memory by reading guest paging tables is a security hole:
	https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg02607.html

	While auditing libvirt to see if we would be impacted, I noticed
	that we had some dead code.  It is simpler to nuke the dead code
	and limit our monitor code to just the subset we make use of.

	* src/qemu/qemu_monitor.h (QEMU_MONITOR_DUMP): Drop poorly named
	and mostly-unused enum.
	* src/qemu/qemu_monitor.c (qemuMonitorDumpToFd): Drop arguments.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDump): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDump): Likewise.
	* src/qemu/qemu_driver.c (qemuDumpToFd): Update caller.

2012-09-18  Osier Yang  <jyang@redhat.com>

	build: Fix build failure on non-linux platform

2012-09-18  Laine Stump  <laine@laine.org>

	conf: avoid freeing network object with undestroyed mutex
	virNetworkAssignDef was allocating a new network object, initing and
	grabbing its lock, then potentially freeing it without unlocking or
	destroying the lock. In practice 1) this will probably never happen,
	and 2) even if it did, the lock implementation used on most (all?)
	platforms doesn't actually hold any resources for an initialized or
	held lock, but it still bothered me, so I moved the realloc that could
	lead to this bad situation earlier in the function, and now the mutex
	isn't inited or locked until we are assured of complete success.

	conf: separate functions to parse DHCPHostDef and DHCPRangeDef
	These two objects were previously always parsed as a part of an IpDef,
	but we will now need to be able to parse them on their own for
	virNetworkUpdate(). Split the parsing functions out, with no
	functional changes.

2012-09-17  Hu Tao  <hutao@cn.fujitsu.com>

	remove virDomainCpuSetFormat and virDomainCpuSetParse
	virBitmap is recommanded to store cpuset info, and
	virBitmapFormat/virBitmapParse can do the format/parse
	jobs.

2012-09-17  Laine Stump  <laine@laine.org>

	xen: eliminate remaining uses of virDomainCpuSetParse
	The final patch in Hu Tao's series to enhance virBitmap actually
	removes virDomainCpuSetParse and virDomainCpuSetFormat as "no longer
	used", and the rest of the series hadn't taken care of two uses of
	virDomainCpuSetParse in the xen code.

	This patch replaces those with appropriate virBitmap functions. It
	should be pushed prior to the patch removing virDomainCpuSetParse.

2012-09-17  Hu Tao  <hutao@cn.fujitsu.com>

	use virBitmap to store nodeinfo.

	use virBitmap to store cells' cpumask info.

	use virBitmap to store cpumask info.

	use virBitmap to store numa nodemask info.

	use virBitmap to store cpu affinity info

	use virBitmap to store cpupin info

	New functions for virBitmap
	In many places we store bitmap info in a chunk of data
	(pointed to by a char *), and have redundant codes to
	set/unset bits. This patch extends virBitmap, and convert
	those codes to use virBitmap in subsequent patches.

2012-09-17  Hu Tao  <hutao@cn.fujitsu.com>

	bitmap: new member variable and function renaming
	Add a new member variable map_len to store map len of bitmap.
	and rename size to max_bit accordingly.

	rename virBitmapAlloc to virBitmapNew.

2012-09-17  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clarify behavior of domain list filtering.
	Some combinations of filtering flags produce no result. This patch tries
	to clarify this.

2012-09-17  Osier Yang  <jyang@redhat.com>

	Build: Fix typos which cause build failure
	Pushed under build-breaker rules.

	node_memory: Expose the APIs to Python bindings
	* python/libvirt-override-api.xml: (Add document to describe
	  the APIs).
	* python/libvirt-override.c: (Implement the API wrappers manually)

2012-09-17  Osier Yang  <jyang@redhat.com>

	node_memory: Expose the APIs to virsh
	New command node-memory-tune to get/set the node memory parameters,
	only two parameters are allowed to set (pages_to_scan, and sleep_millisecs,
	see documents in this patch for more details).

	Example of node-memory-tune's output:

	Shared memory:
		pages_to_scan   100
		sleep_millisecs 20
		pages_shared    0
		pages_sharing   0
		pages_unshared  0
		pages_volatile  0
		full_scans      0

2012-09-17  Osier Yang  <jyang@redhat.com>

	node_memory: Support get/set memory parameters for drivers
	Including QEMU, LXC, UML, XEN drivers.

2012-09-17  Osier Yang  <jyang@redhat.com>

	node_memory: Implement the internal APIs
	Only implemented for linux platform.

	* src/nodeinfo.h: (Declare node{Get,Set}MemoryParameters)
	* src/nodeinfo.c: (Implement node{Get,Set}MemoryParameters)
	* src/libvirt_private.syms: (Export those two new internal APIs to
	  private symbols)

2012-09-17  Osier Yang  <jyang@redhat.com>

	node_memory: Wire up the RPC protocol
	* src/rpc/gendispatch.pl: (virNodeSetMemoryParameters is the
	  the special one which needs a connection object as the first
	  argument, improve the generator to support it).
	* daemon/remote.c: (Implement the server side handler for
	  virDomainGetMemoryParameters)
	* src/remote/remote_driver.c: (Implement the client side handler
	  for virDomainGetMemoryParameters)
	* src/remote/remote_protocol.x: (New RPC procedures for the two
	  new APIs and structs to represent the args and ret for it)
	* src/remote_protocol-structs: Likewise

	node_memory: Define the APIs to get/set memory parameters
	* include/libvirt/libvirt.h.in: (Add macros for the param fields,
	  declare the APIs).
	* src/driver.h: (New methods for the driver struct)
	* src/libvirt.c: (Implement the public APIs)
	* src/libvirt_public.syms: (Export the public symbols)

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllSecrets in virsh
	This introduces four new options for secret-list, to filter the
	returned secrets by whether it's ephemeral or not, and/or by
	whether it's private or not.

	* tools/virsh-secret.c: (New helper vshSecretSorter,
	  vshSecretListFree, and vshCollectSecretList; Use the new
	  API for secret-list; error out if flags are specified,
	  because there is no way to filter the results when using
	  old APIs (no APIs to get the properties (ephemeral, private)
	  of a secret yet).

	* tools/virsh.pod: Document the 4 new options.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllSecrets to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virConnect.py: Implementation for listAllSecrets.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement listAllSecrets
	Simply returns the object list. Supports to filter the secrets
	by its storage location, and whether it's private or not.

	src/secret/secret_driver.c: Implement listAllSecrets

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement RPC calls for virConnectListAllSecrets
	The RPC generator doesn't support returning list of object yet, this patch
	does the work manually.

	  * daemon/remote.c:
	    Implement the server side handler remoteDispatchConnectListAllSecrets.

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllSecrets.

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_SECRETS and
	    structs to represent the args and ret for it.

	  * src/remote_protocol-structs: Likewise.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Define new API virConnectListAllSecrets
	This is to list the secret objects. Supports to filter the secrets
	by its storage location, and whether it's private or not.

	include/libvirt/libvirt.h.in: Declare enum virConnectListAllSecretFlags
	                              and virConnectListAllSecrets.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllSecrets)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllNWFilters in virsh
	tools/virsh-nwfilter.c:
	  * vshNWFilterSorter to sort network filters by name

	  * vshNWFilterListFree to free the network filter objects list.

	  * vshNWFilterListCollect to collect the network filter objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllNWFilters to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virConnect.py:
	  * Implementation for listAllNWFilters.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement listAllNWFilters
	Simply returns the object list. No filtering.

	src/nwfilter/nwfilter_driver.c: Implement listAllNWFilters

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement RPC calls for virConnectListAllNWFilters
	The RPC generator doesn't support returning list of object yet, this patch
	do the work manually.

	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllNWFilters.

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllNWFilters.

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_NWFILTERS and
	    structs to represent the args and ret for it.

	  * src/remote_protocol-structs: Likewise.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Define new API virConnectListAllNWFilters
	This is to list the network filter objects. No flags are supported

	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNWFilterFlags
	                              and virConnectListAllNWFilters.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNWFilters)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllNodeDevices in virsh
	tools/virsh-nodedev.c:
	  * vshNodeDeviceSorter to sort node devices by name

	  * vshNodeDeviceListFree to free the node device objects list.

	  * vshNodeDeviceListCollect to collect the node device objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

	  * Change option --cap to accept multiple capability types.

	tools/virsh.pod
	  * Update document for --cap

2012-09-17  Osier Yang  <jyang@redhat.com>

	virsh: Don't motify the const string
	This improve helper vshStringToArray to accept const string as
	argument instead. To not convert the const string when using
	vshStringToArray, and thus avoid motifying it.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllNodeDevices to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virConnect.py:
	  * Implementation for listAllNodeDevices.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement listAllNodeDevices
	This simply implements listAllNodeDevices using helper virNodeDeviceList

	src/node_device/node_device_driver.h:
	  * Declare nodeListAllNodeDevices.

	src/node_device/node_device_driver.c:
	  * Implement nodeListAllNodeDevices.

	src/node_device/node_device_hal.c:
	  * Hook listAllNodeDevices to nodeListAllNodeDevices.

	src/node_device/node_device_udev.c
	  * Hook listAllNodeDevices to nodeListAllNodeDevices.

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Add helpers for listing node devices
	src/conf/node_device_conf.h:
	  * New macro VIR_CONNECT_LIST_NODE_DEVICES_FILTERS_CAP
	  * Declare virNodeDeviceList

	src/conf/node_device_conf.c:
	  * New helpers virNodeDeviceCapMatch, virNodeDeviceMatch.
	    virNodeDeviceCapMatch looks up the list of all the caps the device
	    support, to see if the device support the cap type.
	  * Implement virNodeDeviceList

	src/libvirt_private.syms:
	  * Export virNodeDeviceList
	  * Export virNodeDevCapTypeFromString

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Implement RPC calls for virConnectListAllNodeDevices
	The RPC generator doesn't support returning list of object yet, this patch
	does the work manually.

	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllNodeDevices.

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllNodeDevices.

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and

2012-09-17  Osier Yang  <jyang@redhat.com>

	list: Define new API virConnectListAllNodeDevices
	This is to list the node device objects, supports to filter the results
	by capability types.

	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNodeDeviceFlags
	                              and virConnectListAllNodeDevices.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNodeDevices)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-15  Dwight Engen  <dwight.engen@oracle.com>

	build: fix missing include
	virNWFilterSnoopAdjustPoll() uses a struct pollfd but poll.h is never included
	nwfilter/nwfilter_dhcpsnoop.c:1297: error: 'struct pollfd' declared inside parameter list

2012-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'goto error' in QEMU command line building
	If reporting case of a binary not supporting KVM or kQEMU, libvirt
	forgot to jump to the error branch for cleanup

	Fix initialization of virCommandPtr when creating QEMU argv
	If the qemuBuildCommandLine method raised an error before the
	virCommandPtr instance was created, the local var would not
	be initialized, resulting in a possible SEGV in the error
	cleanup branch. Also add some debugging of the method params

	Fix 3 broken test cases which were mistakenly raising errors
	Several test cases were mistakenly raising errors due to the
	QEMU_CAPS_KVM flag being missed.

2012-09-14  Ján Tomko  <jtomko@redhat.com>

	qemu: fix uninitialized variable in qemuParseCommandLine
	Newly added if branch for kvm_pv_eoi did not set the ret variable.

2012-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a API for creating QEMU capabilities for a binary
	Introduce a qemuCapsNewForBinary() API which creates a new
	QEMU capabilities object, populated with data relating to
	a specific QEMU binary. The qemuCaps object is also given
	a timestamp, which makes it possible to detect when the
	cached capabilities for a binary are out of date

	Remove upfront check for hmp - just try it cope with failure
	Don't bother checking for the existance of the HMP passthrough
	command. Just try to execute it, and propagate the failure.

	Don't overwrite errors raised by qemuMonitorHMPCommand
	The qemuMonitorHMPCommand() API and things it calls will report
	a wide variety of errors. The QEMU text monitor should not be
	overwriting these errors

2012-09-14  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Add support for EOI with APIC
	This patch adds full support for EOI setting for domains. Because this
	is CPU feature (flag), the model needs to be added even when it's not
	specified. Fortunately this problem was already solved with kvmclock,
	so this patch simply abuses that.

	And due to the size of the patch (17 lines) I dared to include the tests.

2012-09-14  Martin Kletzander  <mkletzan@redhat.com>

	Add support for EOI with APIC
	New options is added to support EOI (End of Interrupt) exposure for
	guests. As it makes sense only when APIC is enabled, I added this into
	the <apic> element in <features> because this should be tri-state
	option (cannot be handled as standalone feature).

2012-09-14  Martin Kletzander  <mkletzan@redhat.com>

	security: Fix libvirtd crash possibility
	Fix for CVE-2012-4423.

	When generating RPC protocol messages, it's strictly needed to have a
	continuous line of numbers or RPC messages. However in case anyone
	tries backporting some functionality and will skip a number, there is
	a possibility to make the daemon segfault with newer virsh (version of
	the library, rpc call, etc.) even unintentionally.

	The problem is that the skipped numbers will get func filled with
	NULLs, but there is no check whether these are set before the daemon
	tries to run them. This patch very simply enhances one check and fixes
	that.

2012-09-14  Guannan Ren  <gren@redhat.com>

	snapshot: fix rollback failure in transaction mode
	BZ:https://bugzilla.redhat.com/show_bug.cgi?id=843372
	when qemu supports the 'transaction' monitor command,
	and libvirt's --reuse-ext flag was not specified, libvirt created
	a stub file with zero size in first place. After the failure of
	QEMU transaction command performing qcow2 snapshots on more than
	one drives, the stub file is left behind with non-empty
	by the QEMU transaction command.
	In order to unlink the file, the patch removes the file size checking.

	Steps to reproduce the issue:
	Steps:
	 1, Create a qemu instance with two drive images of qcow2 type (root user)
	    /usr/libexec/qemu-kvm -m 1024 -smp 1 -name "rhel6u1" \
	      -drive file=/var/lib/libvirt/images/firstqcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
	      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
	      -drive file=/var/lib/libvirt/images/secondqcow2,if=none,id=drive-virtio-disk1,format=qcow2,cache=none \
	      -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk1,id=virtio-disk1 -qmp stdio

	 2, Initialize qemu qmp
	    {"execute":"qmp_capabilities"}

	 3, Remove the second drive image file
	    rm -f /var/lib/libvirt/images/secondqcow2

	 4, Run 'transaction' command with snapshot qemu commands in.
	    {"execute":"transaction","arguments":
	      {"actions":
	        [{"type":"blockdev-snapshot-sync","data":
	          {"device":"drive-virtio-disk0","snapshot-file":"/var/lib/libvirt/images/firstqcow2-snapshot.img","format":"qcow2"}
	         },
	         {"type":"blockdev-snapshot-sync","data":
	          {"device":"drive-virtio-disk1","snapshot-file":"/var/lib/libvirt/images/secondqcow2-snapshot.img","format":"qcow2"}
	         }]
	      },
	   "id":"libvirt-6"}

	 5, Got the error as follows:
	    {"id": "libvirt-6",
	      "error": {"class": "OpenFileFailed", "desc": "Could not open '/var/lib/libvirt/images/secondqcow2-snapshot.img'",
	                "data": {"filename": "/var/lib/libvirt/images/secondqcow2-snapshot.img"}
	               }
	    }

	 6, List first newly-created snapshot file:
	    -rw-r--r--. 1 root root     262144 Sep 13 11:43 firstqcow2-snapshot.img

2012-09-14  Osier Yang  <jyang@redhat.com>

	Improve virTypedParameterValidateSet
	Assume not only domain object will use it.

2012-09-13  Guido Günther  <agx@sigxcpu.org>

	Look in Debian's multiarch libs too
	so we don't fail when libnetcf is built as multiarch lib.

2012-09-13  Eric Blake  <eblake@redhat.com>

	build: don't fail if libnl-3 is not found
	Commit 9298bfb changed configure to split the libnl into two
	separate pkg config checks instead of nesting the second check
	on the failure path of the first.  But the default pkg config
	behavior is to abort configure if a check fails.  Since we have
	a second check lined up, we need an explicit failure case that
	does not abort if the first check fails.

	Meanwhile, commit 51b708c is reverted.  It did not fix any
	behavior, and in fact, introduced a regression to the fallback
	case when the user explicitly sets $LIBNL_CFLAGS.

	* configure.ac: Don't abort if libnl-3 is not found.

2012-09-13  Alex Jia  <ajia@redhat.com>

	conf: avoid libvirt crash with empty address guestfwd channel
	The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and
	its value is always '0xffffffff', in addition, the following test scenario
	hasn't also include 'address' element in channel XML block, so the branch
	'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the
	programming jumps to 'error' label to release relevant resources, and the
	statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then
	the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via
	VIR_FREE(), which results in libvirt crash, to use valgrind can also
	find a 'Invalid free() / delete / delete[]' error. This patch just adjusts
	codes order to initialize 'def->target.addr' firstly.

	With this patch, libvirt hasn't crash and can get a expected error message "
	XML error: guestfwd channel does not define a target address".

	How to reproduce?

	1. define a guest with the following channel XML configuration

	$ cat foo.xml
	<snip>
	    <channel type='pty'>
	      <target type='guestfwd'/>
	    </channel>
	</snip>

	$ virsh define foo.xml

	2. actual result

	error: Failed to define domain from /tmp/foo.xml
	error: End of file while reading data: Input/output error
	error: Failed to reconnect to the hypervisor

	GDB debugger information:
	<snip>
	Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264
	...ignore
	1264    {
	(gdb) p def->target
	$2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>}
	</snip>

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489

2012-09-13  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement containers creation
	Add separate function parallelsCreateCt, which creates container.
	Also add example xml configuration domain-parallels-ct-simple.xml.

	parallels: fix parallelsDomainDefineXML for existing containers
	Fix code, which checks what is changed in virDomainDef structure.
	It looks slightly different for containers and VMs: containers haven't
	boot devices, but have init path

	parallels: handle unlimited cpus on containers
	User may set "unlimited" cpus for containers, which means to
	take all available cpus on the node.

2012-09-13  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add support of containers to the driver
	This patch makes parallelsLoadDomains to be able to load information
	about containers. So functions, which return different information
	and change state will work.

	parallelsDomainDefineXML will be fixed in separate patch.

2012-09-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix data types used for list sizes in QEMU capabilities
	The QEMU capabilities APIs used a misc of 'int' and
	'unsigned int' for variables relating to array sizes.
	Change all these to use 'size_t'

	Add API for copying instances of the qemuCapsPtr object
	To allow each VM instance to record additional capabilities
	without affecting other VMs, there needs to be a way to do
	a deep copy of the qemuCapsPtr object

	Add ability to store other metadata in the qemu capabilities object
	Add struct fields and APIs to allow the qemu capabilities object
	to store version, arch, machines & cpu names, etc

	Make qemuCapsProbeCommand static
	The qemuCapsProbeCommand API is only used by the capabilities
	code, so can be static

	Turn QEMU capabilities object into a full virObjectPtr
	The current qemu capabilities are stored in a virBitmapPtr
	object, whose type is exposed to callers. We want to store
	more data besides just the flags, so we need to move to a
	struct type. This object will also need to be reference
	counted, since we'll be maintaining a cache of data per
	binary. This change introduces a 'qemuCapsPtr' virObject
	class. Most of the change is just renaming types and
	variables in all the callers

	Allow caps to be NULL when creating virDomainObjPtr instances
	If no private data needs to be maintained, it can be useful
	to create virDomainObjPtr instances without having a virCapsPtr
	instance around. Adapt the virDomainObjNew() function to allow
	for a NULL caps

	Wait to receive QMP greeting before sending any monitor commands
	Technically speaking we should wait until we receive the QMP
	greeting message before attempting to send any QMP monitor
	commands. Mostly we've got away with this, but there is a race
	in some QEMU which cause it to SEGV if you sent it data too
	soon after startup. Waiting for the QMP greeting avoids the
	race

	Add a virBitmapCopy API
	Add an API allowing flags from one virBitmapPtr to be copied
	into another instance.

2012-09-13  Guannan Ren  <gren@redhat.com>

	doc: update usb redirection filter infomation on formatdomain.html

	test: add xml2argvtest for usb-redir filter and update xml schema

2012-09-13  Guannan Ren  <gren@redhat.com>

	qemu: build USB redirection filter qemu command line
	Input XML snip:
	<redirdev bus='usb' type='spicevmc'>
	   <address type='usb' bus='0' port='4'/>
	 </redirdev>
	<redirfilter>
	  <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
	          version='2.00' allow='yes'/>
	  <usbdev class='-1' vendor='-1' product='-1' version='-1' allow='no'/>
	</redirfilter>

	will be converted to:
	-device usb-redir,chardev=charredir0,id=redir0,\
	filter=0x08:0x1234:0xBEEF:0x2000:1|-1:-1:-1:-1:0,bus=usb.0,port=4

2012-09-13  Guannan Ren  <gren@redhat.com>

	qemu: define and parse USB redirection filter XML
	https://bugzilla.redhat.com/show_bug.cgi?id=795929
	http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6af165892cf900291046f1d25f95416f379504c2

	This patch define and parse the input XML of USB redirection filter.
	<devices>
	...
	  <redirdev bus='usb' type='spicevmc'>
	    <address type='usb' bus='0' port='4'/>
	  </redirdev>
	  <redirfilter>
	    <usbdev class='0x08' vendor='0x1234' product='0xbeef' \
	            version='2.00' allow='yes'/>
	    <usbdev allow='no'/>
	  </redirfilter>
	...
	</devices>

	There is no 1:1 mapping between ports and redirected devices and
	qemu and spicy client couldn't decide into which usbredir ports
	the client can 'plug' redirected devices. So it make sense to apply
	all of filter rules global to all existing usb redirection devices.
	class attribute is USB Class codes. version is bcdDevice value
	of USB device. vendor and product is USB vendorId and productId.
	-1 can be used to allow any value for a field. Except allow attribute
	the other four are optional, default value is -1.

2012-09-13  Osier Yang  <jyang@redhat.com>

	virsh: Fix version numbers in comments
	And redundant error resetting.

	Pushed under trivial rule.

2012-09-13  Guannan Ren  <gren@redhat.com>

	qemu: add usb-redir.filter qemu capability flag
	Add a qemu flag for USB redirection filter support.

	The output:
	usb-redir.chardev=chr
	usb-redir.debug=uint8
	usb-redir.filter=string
	usb-redir.port=string

2012-09-13  Osier Yang  <jyang@redhat.com>

	build: Fix typo which causes build failure
	Pushed under build-breaker rule.

2012-09-12  Eric Blake  <eblake@redhat.com>

	build: force libnl1 if netcf also used libnl1
	Recent spec file changes ensure that in distro situations, netcf
	and libvirt will link against the same libnl in order to avoid
	dumping core.  But for every-day development, if you use F17 and
	have the libnl3-devel headers available, libvirt was blindly
	linking against libnl3 even though F17 netcf still links against
	libnl1, making testing a self-built binary on F17 impossible.

	By making configure a little bit smarter, we can avoid this
	situation - we merely skip the probe of libnl-3 if we can prove
	that netcf is still using libnl-1.  I intentionally wrote the
	test so that we still favor libnl-3 if netcf is not installed or
	if we couldn't use ldd to determine things.

	Defaults being what they are, someone will invariably complain
	that our smarts were wrong.  Never fear - in that case, just run
	./configure LIBNL_CFLAGS=..., where the fact that you set
	LIBNL_CFLAGS (even to the empty string) will go back to probing
	for libnl-3, regardless of netcf's choice.

	* configure.ac (LIBNL): Don't probe libnl3 if netcf doesn't use it.

2012-09-12  Eric Blake  <eblake@redhat.com>

	maint: fix missing spaces in message
	I got an off-list report about a bad diagnostic:
	Target network card mac 52:54:00:49:07:ccdoes not match source 52:54:00:49:07:b8

	True to form, I've added a syntax check rule to prevent it
	from recurring, and found several other offenders.

	* cfg.mk (sc_require_whitespace_in_translation): New rule.
	* src/conf/domain_conf.c (virDomainNetDefCheckABIStability): Add
	space.
	* src/esx/esx_util.c (esxUtil_ParseUri): Likewise.
	* src/qemu/qemu_command.c (qemuCollectPCIAddress): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetMetadata)
	(qemuDomainGetMetadata): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeNetBridge): Likewise.
	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertDNWhitelist): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainResume): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives):
	Avoid false negatives.
	* tools/virsh-domain.c (info_save_image_dumpxml): Reword.
	Based on a report by Luwen Su.

2012-09-12  Eric Blake  <eblake@redhat.com>

	build: avoid confusing make with raw name 'undefine'
	Make has a builtin operator 'undefine', and coupled with latest
	automake.git, this test name ended up confusing make into thinking
	the file name was meant to be used as the make operator.  Renaming
	the file avoids the confusion.

	* tests/undefine: Rename...
	* tests/virsh-undefine: ...to this.
	* tests/Makefile.am (test_scripts): Use new name.
	Reported by Jim Meyering.

2012-09-12  Daniel P. Berrange  <berrange@redhat.com>

	Add API for opening a QEMU monitor from a socket FD
	Currently qemuMonitorOpen() requires an address of the QEMU
	monitor. When doing QMP based capabilities detection it is
	easier if a pre-opened FD can be provided, since then the
	monitor can be run on the STDIO console. Add a new API
	qemuMonitorOpenFD() for such usage

2012-09-12  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: fix parallelsDomainDefineXML for domains with VNC and autoport
	virDomainDefParseString assigns 0 to port if autoport enabled.
	So fix code, which check different between old and new
	configurations.

	parallels: fix parallelsDoCmdRun in case of command failure
	Don't try to dereferece NULL pointer.

2012-09-12  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Backcompt for console devices in virDomainDeviceInfoIterate
	Historically, the first <console> element is treated as the
	alias of a <serial> device. In the virDomainDeviceInfoIterate,
	This situation is not considered. It still handles the first <console>
	element as another devices, which means that for console[0] with
	serial targetType, it calls callback function another time.
	It will cause the problem of address conflicts when assigning
	spapr-vio address for serial device on pSeries guest.

	For pSeries guest, the serial configuration in the xml file
	is as the following:
	         <serial type='pty'>
	               <target port='0'/>
	               <address type='spapr-vio'/>
	          </serial>

	Console configuration is default, the dumped xml file is as the following:
	   <serial type='pty'>
	      <source path='/dev/pts/5'/>
	      <target port='0'/>
	      <alias name='serial0'/>
	      <address type='spapr-vio' reg='0x30000000'/>
	    </serial>
	    <console type='pty' tty='/dev/pts/5'>
	      <source path='/dev/pts/5'/>
	      <target type='serial' port='0'/>
	      <alias name='serial0'/>
	      <address type='spapr-vio' reg='0x30000000'/>
	    </console>

	It shows that the <console> device is the alias of serial device.
	So its address is the same as the serial device. When detecting
	the conflicts in the qemuAssignSpaprVIOAddress the first console
	and the serial device conflicts because virDomainDeviceInfoIterate()
	still handle these as two different devices, and in the qemuAssignSpaprVIOAddress(),
	it will compare these two devices' addressed. If they have same address,
	it will report address conflict error.

	So this patch is to handle the first console which targetType is serial
	as the alias of serial device to avoid address conflicts error reported.

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllInterfaces to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virConnect.py:
	  * New file, includes implementation of listAllInterfaces.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllInterfaces in virsh
	tools/virsh-interface.c:
	  * vshInterfaceSorter to sort interfaces by name

	  * vshInterfaceListFree to free the interface objects list.

	  * vshInterfaceListCollect to collect the interface objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Implement listAllInterfaces
	This is not that ideal as API for other objects, as it's still
	O(n). Because interface driver uses netcf APIs to manage the
	stuffs, instead of by itself. And netcf APIs don't return a object.
	It provides APIs like old libvirt APIs:

	   ncf_number_of_interfaces
	   ncf_list_interfaces
	   ncf_lookup_by_name
	   ......

	Perhaps we should further improve netcf to let it provide an API
	to return the object, but it could be a later patch. And anyway,
	we will still benefit from the new API for the simplification,
	and no race like the old APIs.

	src/interface/netcf_driver.c: Implement listAllInterfaces

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Implemente RPC calls for virConnectListAllInterfaces
	The RPC generator doesn't support returning list of object yet, this patch
	do the work manually.

	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchConnectListAllInterfaces.

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllInterfaces.

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and
	    structs to represent the args and ret for it.

	  * src/remote_protocol-structs: Likewise.

2012-09-12  Osier Yang  <jyang@redhat.com>

	list: Define new API virConnectListAllInterfaces
	This is to list the interface objects, supported filtering flags
	are: active|inactive.

	include/libvirt/libvirt.h.in: Declare enum virConnectListAllInterfaceFlags
	                              and virConnectListAllInterfaces.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllInterfaces)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-12  Eric Blake  <eblake@redhat.com>

	docs: mention another iaas app built on libvirt
	Reported on the libvirt-users list.

	* docs/apps.html.in: Add Eucalyptus.
	Reported by Eric Choi.

2012-09-12  Hu Tao  <hutao@cn.fujitsu.com>

	fix bug in qemuSetupCgroupForEmulator
	Should not return 0 when failed to setup cgroup.

2012-09-11  Eric Blake  <eblake@redhat.com>

	build: avoid dirty docs on fresh bootstrap
	* HACKING: Regenerate.

2012-09-11  Federico Simoncelli  <fsimonce@redhat.com>

	python: Initialize new_params in virDomainSetSchedulerParameters
	The new_params variable must be initialized in case the
	virDomainGetSchedulerParameters call fails and we hit the cleanup
	section before actually allocating the new parameters.

2012-09-11  Ján Tomko  <jtomko@redhat.com>

	docs: page.xsl: fix FAQ link in subdirectories
	Links to the FAQ didn't work on pages in subdirectories, like
	devhelp/libvirt-virterror.html or internals/command.html, because
	they have had href_base prepended to them.

	docs: hacking.html.in: fix table of contents
	Two sections didn't have a working link in the TOC.

2012-09-11  Osier Yang  <jyang@redhat.com>

	Build: Fix typos which cause build failure
	Pushed under trivial rule.

2012-09-11  Daniel P. Berrange  <berrange@redhat.com>

	Don't invoke the auth callback if all credentials were in config file
	The remote driver first looks at the libvirt auth config file to
	fill in any credentials. It then invokes the auth callback for
	any remaining credentials. It was accidentally invoking the
	auth callback even if there were not any more credentials
	required.

	Call virResetLastError in all virConnectOpen* functions
	All public API functions must call virResetLastError to clear
	out any previous error. The virConnectOpen* functions forgot
	to do this.

	Check against python None type when filling in auth parameters
	When deciding whether to provide an auth function callback
	in openAuth(), credcb was checked against NULL, when it
	really needs to be checked against Py_None

	Print any exception that occurs in authentication callback
	If an exception occurs in the python callback for openAuth()
	the stack trace isn't seen by the apps, since this code is
	called from libvirt context. To aid diagnostics, print the
	error to stderr at least

	Fix crash passing an empty list to python openAuth() API
	If passing a 'credtype' parameter which was an empty list
	to the python openAuth() API, the 'credtype' field in
	the virConnectAuth struct would not be initialized. This
	lead to a crash when later trying to free that field.

2012-09-11  Osier Yang  <jyang@redhat.com>

	virsh: Fix the typos
	* tools/virsh-network.c: s/MATCH/VSH_MATCH/

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Expose virConnectListAllNetworks to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virConnect.py: Implement listAllNetworks.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllNetworks in virsh
	tools/virsh-network.c:
	  * vshNetworkSorter to sort networks by name

	  * vshNetworkListFree to free the network objects list.

	  * vshNetworkListCollect to collect the network objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

	  * New options --persistent, --transient, --autostart, --no-autostart,
	    for net-list, and new field 'Persistent' for its output.

	tools/virsh.pod:
	  * Add documents for the new options.

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Implement listAllNetworks for test driver
	src/test/test_driver.c: Implement listAllNetworks.

	list: Implement listAllNetworks for network driver
	src/network/bridge_driver.c: Implement listAllNetworks.

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Add helpers to list network objects
	src/conf/network_conf.c: Add virNetworkMatch to filter the networks;
	and virNetworkList to iterate over all the networks with the filter.

	src/conf/network_conf.h: Declare virNetworkList and define the macros
	for filters.

	src/libvirt_private.syms: Export virNetworkList.

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Implement RPC calls for virConnectListAllNetworks
	The RPC generator doesn't support returning list of object, this patch
	do the work manually.

	* daemon/remote.c:
	  Implemente the server side handler remoteDispatchConnectListAllNetworks.

	* src/remote/remote_driver.c:
	  Add remote driver handler remoteConnectListAllNetworks.

	* src/remote/remote_protocol.x:
	  New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_NETWORKS and
	  structs to represent the args and ret for it.

	* src/remote_protocol-structs: Likewise.

2012-09-11  Osier Yang  <jyang@redhat.com>

	list: Define new API virConnectListAllNetworks
	This is to list the network objects, supported filtering flags
	are: active|inactive, persistent|transient, autostart|no-autostart.

	include/libvirt/libvirt.h.in: Declare enum virConnectListAllNetworkFlags
	                              and virConnectListAllNetworks.
	python/generator.py: Skip auto-generating
	src/driver.h: (virDrvConnectListAllNetworks)
	src/libvirt.c: Implement the public API
	src/libvirt_public.syms: Export the symbol to public

2012-09-10  Christophe Fergeau  <cfergeau@redhat.com>

	Fix unwanted closing of libvirt client connection
	e5a1bee07 introduced a regression in Boxes: when Boxes is left idle
	(it's still doing some libvirt calls in the background), the
	libvirt connection gets closed after a few minutes. What happens is
	that this code in virNetClientIOHandleOutput gets triggered:

	if (!thecall)
	    return -1; /* Shouldn't happen, but you never know... */

	and after the changes in e5a1bee07, this causes the libvirt connection
	to be closed.

	Upon further investigation, what happens is that
	virNetClientIOHandleOutput is called from gvir_event_handle_dispatch
	in libvirt-glib, which is triggered because the client fd became
	writable. However, between the times gvir_event_handle_dispatch
	is called, and the time the client lock is grabbed and
	virNetClientIOHandleOutput is called, another thread runs and
	completes the current call. 'thecall' is then NULL when the first
	thread gets to run virNetClientIOHandleOutput.

	After describing this situation on IRC, danpb suggested this:

	11:37 < danpb> In that case I think the correct thing would be to change
	               'return -1' above to 'return 0' since that's not actually an
	               error - its a rare, but expected event

	which is what this patch is doing. I've tested it against master
	libvirt, and I didn't get disconnected in ~10 minutes while this
	happens in less than 5 minutes without this patch.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Expose virStoragePoolListAllVolumes to Python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document

	python/libvirt-override-virStoragePool.py:
	  * New file, includes implementation of listAllVolumes.

	python/libvirt-override.c: Implementation for the wrapper.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Use virStoragePoolListAllVolumes in virsh
	tools/virsh-volume.c:
	  * vshStorageVolSorter to sort storage vols by name

	  * vshStorageVolumeListFree to free the volume objects list

	  * vshStorageVolumeListCollect to collect the volume objects, trying
	    to use new API first, fall back to older APIs if it's not supported.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Implement virStoragePoolListAllVolumes for test driver
	src/test/test_driver.c: Implement poolListAllVolumes.

	list: Implement virStoragePoolListAllVolumes for storage driver
	src/storage/storage_driver.c: Implement poolListAllVolumes.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Implement RPC calls for virStoragePoolListAllVolumes
	The RPC generator doesn't returning support list of object, this
	patch do the work manually.

	  * daemon/remote.c:
	    Implemente the server side handler remoteDispatchStoragePoolListAllVolumes

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteStoragePoolListAllVolumes

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_STORAGE_POOL_LIST_ALL_VOLUMES and
	    structs to represent the args and ret for it.

	  * src/remote_protocol-structs: Likewise.

2012-09-10  Osier Yang  <jyang@redhat.com>

	list: Define new API virStoragePoolListAllVolumes
	Simply returns the storage volume objects. No supported filter
	flags.

	include/libvirt/libvirt.h.in: Declare the API
	python/generator.py: Skip the function for generating. virStoragePool.py
	                     will be added in later patch.
	src/driver.h: virDrvStoragePoolListVolumesFlags
	src/libvirt.c: Implementation for the API.
	src/libvirt_public.syms: Export the symbol to public

2012-09-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove unused variable from esxDomainGetAutostart

2012-09-09  Laine Stump  <laine@laine.org>

	docs: point out git send-email location, be more stern about make check
	An email came to libvir-list wondering why the git send-email command
	was missing in spite of having git installed; this is due to the
	send-email command being in a sub-package of the main git package.

	While touching the hacking file, I thought it would be useful to 1)
	indicate the location of the source (docs/hacking.html.in) in the
	message at the top of HACKING, and also to make the note about running
	"make check" and "make syntax-check" a bit more stern.

2012-09-07  Eric Blake  <eblake@redhat.com>

	build: fix build on older gcc
	On RHEL 6.2, gcc 4.4.6 complains:
	cc1: warning: command line option "-Wenum-compare" is valid for C++/ObjC++ but not for C
	which in turn breaks a -Werror build.

	Meanwhile, in Fedora 17, gcc 4.7.0, -Wenum-compare has been enhanced
	to also work on C, but at the same time, it is documented that -Wall
	now implicitly includes -Wenum-compare.

	Therefore, it is sufficient to remove explicit checks for this option,
	avoiding the warning from older gcc while still getting the
	compile-time safety from newer gcc.

	* m4/virt-compile-warnings.m4 (-Wenum-compare): Omit explicit check.

2012-09-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM spec conditional when %{rhel} is not defined

2012-09-07  Christophe Fergeau  <cfergeau@redhat.com>

	events: Fix domain event race on client disconnect
	GNOME Boxes sometimes stops getting domain events from libvirtd, even
	after restarting it. Further investigation in libvirtd shows that
	events are properly queued with virDomainEventStateQueue, but the
	timer virDomainEventTimer which flushes the events and sends them to
	the clients never gets called. Looking at the event queue in gdb
	shows that it's non-empty and that its size increases with each new
	events.

	virDomainEventTimer is set up in virDomainEventStateRegister[ID]
	when going from 0 client connecte to 1 client connected, but is
	initially disabled. The timer is removed in
	virDomainEventStateRegister[ID] when the last client is disconnected
	(going from 1 client connected to 0).

	This timer (which handles sending the events to the clients) is
	enabled in virDomainEventStateQueue when queueing an event on an
	empty queue (queue containing 0 events). It's disabled in
	virDomainEventStateFlush after flushing the queue (ie removing all
	the elements from it). This way, no extra work is done when the queue
	is empty, and when the next event comes up, the timer will get
	reenabled because the queue will go from 0 event to 1 event, which
	triggers enabling the timer.

	However, with this Boxes bug, we have a client connected (Boxes), a
	non-empty queue (there are events waiting to be sent), but a disabled
	timer, so something went wrong.

	When Boxes connects (it's the only client connecting to the libvirtd
	instance I used for debugging), the event timer is not set as expected
	(state->timer == -1 when virDomainEventStateRegisterID is called),
	but at the same time the event queue is not empty. In other words,
	we had no clients connected, but pending events. This also explains
	why the timer never gets enabled as this is only done when an event
	is queued on an empty queue.

	I think this can happen if an event gets queued using
	virDomainEventStateQueue and the client disconnection happens before
	the event timer virDomainEventTimer gets a chance to run and flush
	the event. In this situation, virDomainEventStateDeregister[ID] will
	get called with a non-empty event queue, the timer will be destroyed
	if this was the only client connected. Then, when other clients connect
	at a later time, they will never get notified about domain events as
	the event timer will never get enabled because the timer is only
	enabled if the event queue is empty when virDomainEventStateRegister[ID]
	gets called, which will is no longer the case.

	To avoid this issue, this commit makes sure to remove all events from
	the event queue when the last client in unregistered. As there is
	no longer anyone interested in receiving these events, these events
	are stale so there is no need to keep them around. A client connecting
	later will have no interest in getting events that happened before it
	got connected.

2012-09-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix location of SELinux mount during RPM builds
	When building RPMs the host kernel cannot be assumed to match
	the target OS kernel. Thus auto-detecting /selinux vs
	/sys/fs/selinux based on the host kernel can result in the
	wrong choice (eg F18 builds on a RHEL6 host kernel)

	Don't assume use of /sys/fs/cgroup
	The introduction of /sys/fs/cgroup came in fairly recent kernels.
	Prior to that time distros would pick a custom directory like
	/cgroup or /dev/cgroup. We need to auto-detect where this is,
	rather than hardcoding it

	Introduce a test suite for the JSON monitor
	Take advantage of the previously added monitor helpers to
	create a test suite for the QEMU JSON monitor impl. As a
	proof of concept, this tests the 'qemuMonitorGetStatus'
	implementation

	Add helper library for testing the qemu monitor code
	To be able to test the QEMU monitor code, we need to have a fake
	QEMU monitor server. This introduces a simple (dumb) framework
	that can do this. The test case registers a series of items to
	be sent back as replies to commands that will be executed. A
	thread runs the event loop looking for incoming replies and
	sending back this pre-registered data. This allows testing all
	QEMU monitor code that deals with parsing responses and errors
	from QEMU, without needing QEMU around

	Add non-null annotations to qemuMonitorOpen
	Add some non-null annotations to qemuMonitorOpen and also
	check that the error callback is set, since it is mandatory

2012-09-07  Jiri Denemark  <jdenemar@redhat.com>

	examples: Fix event detail printing in python test
	If there is only one detail string for a particular event, we need to pu
	comma after the string otherwise the string itself will be taken as a
	list and only its first character will be printed out. For example,

	    myDomainEventCallback1 EVENT: Domain fedora17(12) Shutdown F

	instead of the desired

	    myDomainEventCallback1 EVENT: Domain fedora17(12) Shutdown Finished

2012-09-07  Jiri Denemark  <jdenemar@redhat.com>

	Add PMSUSPENDED life cycle event
	While PMSUSPENDED state was added a long time ago, we didn't have
	corresponding life cycle event.

	Fix PMSuspend and PMWakeup events
	The unused reason parameter of PM{Suspend,Wakeup} event callbacks was
	completely ignored in lot of places and those events were not actually
	working at all.

2012-09-07  Peter Krempa  <pkrempa@redhat.com>

	virsh: Update only changed scheduler tunables
	When setting the cpu tunables in virsh you are able to update only a
	subset of them. Virsh while doing the update updated all of the
	tunables, changed ones with new values and unchanged with old ones.
	This is unfortunate as it:
	a) might overwrite some other change by a race condition (unprobable)
	b) fails with range checking as some of the old values saved might be
	   out of range

	This patch changes the update procedure so that only the changed value
	is updated on the host.

	This patch also fixes a very unprobable memory leak if the daemon would
	return a string tunable parameter, as the typed parameter array was not
	cleared.

2012-09-07  Peter Krempa  <pkrempa@redhat.com>

	util: Add helper to assign typed params from string
	This patch adds a helper to deal with assigning values to
	virTypedParameter structures from strings. The helper parses the value
	from the string and assigns it to the corresponding union value.

2012-09-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add range checking for scheduler tunables when changed by API
	The quota and period tunables for cpu scheduler accept only a certain
	range of values. When changing the live configuration invalid values get
	rejected. This check is not performed when changing persistent config.

	This patch adds a separate range check, that improves error messages
	when changing live config and adds the check for persistent config.
	This check is done only when using the API. It is still possible to
	specify invalid values in the XML.

2012-09-07  Peter Krempa  <pkrempa@redhat.com>

	qemu: clean up qemuSetSchedulerParametersFlags()
	This patch tries to clean the code up a little bit and shorten very long
	lines.

	The apparent semantic change from moving the condition before calling
	the setter function is a non-issue here as the setter function is a
	no-op when called with both arguments zero.

2012-09-07  Osier Yang  <jyang@redhat.com>

	virsh: Improve the document for pool-list
	Which is lost by commit 93a346d353.

2012-09-07  Eric Blake  <eblake@redhat.com>

	nwfilter: drop use of awk
	Commit 2a41bc9 dropped a dependency on gawk, but we can go one step
	further and avoid awk altogether.

	* src/nwfilter/nwfilter_ebiptables_driver.c
	(iptablesLinkIPTablesBaseChain): Simplify command.
	(ebiptablesDriverInit, ebiptablesDriverShutdown): Drop awk probe.

2012-09-06  Gene Czarcinski  <gene@czarc.net>

	remove dnsmasq command line parameter "--filterwin2k"
	This patch removed the "--filterwin2k" dnsmasq command line
	parameter which was unnecessary for domain specification,
	possibly blocked some usage, and was command line clutter.

	Gene Czarcinski <gene@czarc.net>

2012-09-06  Eric Blake  <eblake@redhat.com>

	build: improved handling of <execinfo.h>, BSD <net/if.h>
	FreeBSD and OpenBSD have a <net/if.h> that is not self-contained;
	and mingw lacks the header altogether.  But gnulib has just taken
	care of that for us, so we might as well simplify our code.  In
	the process, I got a syntax-check failure if we don't also take
	the gnulib execinfo module.

	* .gnulib: Update to latest, for execinfo and net_if.
	* bootstrap.conf (gnulib_modules): Add execinfo and net_if modules.
	* configure.ac: Let gnulib check for headers.  Simplify check for
	'struct ifreq', while also including enough prereq headers.
	* src/internal.h (IF_NAMESIZE): Drop, now that gnulib guarantees it.
	* src/nwfilter/nwfilter_learnipaddr.h: Use correct header for
	IF_NAMESIZE.
	* src/util/virnetdev.c (includes): Assume <net/if.h> exists.
	* src/util/virnetdevbridge.c (includes): Likewise.
	* src/util/virnetdevtap.c (includes): Likewise.
	* src/util/logging.c (includes): Assume <execinfo.h> exists.
	(virLogStackTraceToFd): Handle gnulib's fallback implementation.

2012-09-06  Eric Blake  <eblake@redhat.com>

	build: avoid tabs that failed syntax-check
	Introduced in commit f299ddd6.

	* src/check-symfile.pl: Fix whitespace.
	* .dir-locals.el (perl-mode): Prevent future occurrences.

2012-09-06  Eric Blake  <eblake@redhat.com>

	list: fix typo in virsh patch
	A last minute rename in commit fc122e1a to virsh.h was not properly
	reflected when rebasing virsh-pool.c in commit 93a346d.

	* tools/virsh-pool.c (vshStoragePoolListCollect): Use VSH_MATCH,
	not MATCH.

2012-09-06  Daniel P. Berrange  <berrange@redhat.com>

	Remove duplicate symbols and add test case
	When the event symbols were added to the public API, not all
	of them were removed from the private exports list. Solaris
	gets unhappy when there are duplicated symbols. Extend the
	symfile check to test for this scenario

2012-09-06  Osier Yang  <jyang@redhat.com>

	python: Expose virStorageListAllStoragePools to python binding
	The implementation is done manually as the generator does not support
	wrapping lists of C pointers into Python objects.

	python/libvirt-override-api.xml: Document
	python/libvirt-override-virConnect.py: Add listAllStoragePools
	python/libvirt-override.c: Implementation for the wrapper.

2012-09-06  Osier Yang  <jyang@redhat.com>

	list: Use virConnectListAllStoragePools in virsh
	tools/virsh-pool.c:
	  * vshStoragePoolSorter to sort the pool list by pool name.

	  * struct vshStoragePoolList to present the pool list, pool info
	    is collected by list->poolinfo if 'details' is specified by
	    user.

	  * vshStoragePoolListFree to free the pool list

	  * vshStoragePoolListCollect to collect the pool list, new API
	    virStorageListAllPools is tried first, if it's not supported,
	    fall back to older APIs.

	  * New options --persistent, --transient, --autostart, --no-autostart
	    and --type for pool-list. --persistent or --transient is to filter
	    the returned pool list by whether the pool is persistent or not.
	    --autostart or --no-autostart is to filter the returned pool list
	    by whether the pool is autostarting or not. --type is to filter
	    the pools by pool types. E.g.

	    % virsh pool-list --all --persistent --type dir,disk

	tools/virsh.pod:
	   * Add documentations for the new options.

2012-09-06  Osier Yang  <jyang@redhat.com>

	list: Change MATCH for common use in virsh
	Move definition of MATCH from virsh-domain-monitor.c into
	virsh.h, and rename it as VSH_MATCH for further use.

	* tools/virsh-domain-monitor.c: Change MATCH into VSH_MATCH
	* tools/virsh.h: Define VSH_MATCH

2012-09-06  Osier Yang  <jyang@redhat.com>

	virsh: Fix the wrong doc for pool-list
	The storage pool's management doesn't relate with a domain, it
	probably was an intention, but not achieved yet. And the fact
	is only active pools are listed by default.

	list: Add helper to convert strings separated by ', ' to array
	tools/virsh.c: New helper function vshStringToArray.
	tools/virsh.h: Declare vshStringToArray.
	tools/virsh-domain.c: use the helper in cmdUndefine.

	list: Implement listAllStoragePools for test driver
	src/test/test_driver.c: Implement listAllStoragePools

	list: Implement listAllStoragePools for storage driver
	src/storage/storage_driver.c: Implement listAllStoragePools.

2012-09-06  Osier Yang  <jyang@redhat.com>

	list: Implement the RPC calls for virConnectListAllStoragePools
	The RPC generator doesn't support returning list of object, this patch does
	the work manually.

	  * daemon/remote.c:
	    Implement the server side handler remoteDispatchConnectListAllStoragePools

	  * src/remote/remote_driver.c:
	    Add remote driver handler remoteConnectListAllStoragePools.

	  * src/remote/remote_protocol.x:
	    New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_STORAGE_POOLS and
	    structs to represent the args and ret for it.

	  * src/remote_protocol-structs: Likewise.

2012-09-06  Osier Yang  <jyang@redhat.com>

	list: Add helpers for listing storage pool objects
	src/conf/storage_conf.c: Add virStoragePoolMatch to filter the
	pools; Add virStoragePoolList to iterate over the pool objects
	with filter.

	src/conf/storage_conf.h: Declare virStoragePoolMatch,
	virStoragePoolList, and the macros for filters.

	src/libvirt_private.syms: Export helper virStoragePoolList.

2012-09-06  Osier Yang  <jyang@redhat.com>

	list: Define new API virStorageListAllStoragePools
	This introduces a new API to list the storage pool objects,
	4 groups of flags are provided to filter the returned pools:

	  * Active or not

	  * Autostarting or not

	  * Persistent or not

	  * And the pool type.

	include/libvirt/libvirt.h.in: New enum virConnectListAllStoragePoolFlags;
	                              Declare the API.
	python/generator.py: Skip the generating
	src/driver.h: (virDrvConnectListAllStoragePools)
	src/libvirt.c: Implementation for the API.
	src/libvirt_public.syms: Export the symbol.

2012-09-06  Peter Krempa  <pkrempa@redhat.com>

	esx: Add implementation for virConnectListAllDomains()
	ESX doesn't use the common virDomainObj implementation so this patch
	adds a separate implementation.

	This driver supports all currently defined filtering flags, but as with
	other drivers some combinations yield a empty result list.

2012-09-06  Peter Krempa  <pkrempa@redhat.com>

	hyperv: Add implementation for virConnectListAllDomains()
	Hyperv doesn't use the common virDomainObj implementation so this patch
	adds a separate implementation.

	This driver supports all currently added flags for filtering although
	some of those don't make sense with this driver (no support yet) and
	thus produce no output when used.

2012-09-06  Jasper Lievisse Adriaanse  <jasper@humppa.nl>

	Define DYNLIB_NAME on OpenBSD.

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: avoid test failure when sasl was not compiled in
	On systems without cyrus-sasl-devel available (I happened to be
	in that situation on my FreeBSD testing), this test fails rather
	miserably:

	TEST: libvirtdconftest
	      .....!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!  39  FAIL
	FAIL: libvirtdconftest

	with verbose output showing things like:

	39) Test corruption                                          ... libvir: Config File error : unsupporeted configuration: remoteReadConfigFile: /usr/home/dummy/libvirt/tests/../daemon/libvirtd.conf: auth_tcp: unsupported auth sasl

	* tests/libvirtdconftest.c (testCorrupt): Avoid failure when sasl
	is missing.

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: avoid check-symfile on non-Linux
	I tested both OpenBSD and cygwin; both failed 'make check' with:

	  GEN    check-symfile
	Can't return outside a subroutine at ./check-symfile.pl line 13.

	Perl requires 'exit 77' instead of 'return 77' in that context,
	but even with that tweak, the build still fails, since the exit
	code of 77 is only special to explicit TESTS=foo listings, and
	not to make-only dependency rules where we are not going through
	automake's test framework.

	* src/check-symfile.pl: Kill bogus platform check...
	* src/Makefile.am (check-symfile): ...and replace with an automake
	conditional.

2012-09-05  Laine Stump  <laine@laine.org>

	network: prevent infinite hang if ovs-vswitchd isn't running
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=852984

	If a network or interface is configured to use Open vSwitch, but
	ovs-vswitchd (the Open vSwitch database service) isn't running, the
	ovs-vsctl add-port/del-port commands will hang indefinitely rather
	than returning an error. There is a --nowait option, but that appears
	to have no effect on add-port and del-port commands, so instead we add
	a --timeout=5 to the commands - they will retry for up to 5 seconds,
	then fail if there is no response.

2012-09-05  Laine Stump  <laine@laine.org>

	build: require netcf-0.2.2 when installing on Fedora18+
	A previous patch forced libnl-3 and netcf-0.2.2 (which itself requires
	libnl-3) when *building* for Fedora 18+ (and RHEL 7+), but the
	install-time Requires: for netcf has always been implicit due to
	libvirtd linking with libnetcf.so. However, the since the API of netcf
	didn't change when it was rebuilt to use libnl-3, the internal library
	version didn't change either, making it possible (from rpm's point of
	view) to upgrade libvirt without upgrading netcf (in reality, that
	leads to a segfault - see
	https://bugzilla.redhat.com/show_bug.cgi?id=853381).

	The solution is to put an explicit Requires: line in libvirt's
	specfile for fedora >= 18 and rhel >= 7.

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: don't fail when xsltproc is missing
	On a machine without xsltproc, the build failed with:

	Scripting search.php
	/usr/local/bin/bash: line 1: search.php.tmp: No such file or directory
	rm: ./search.php: No such file or directory

	Regression introduced in commit 28183590.

	* docs/Makefile.am (%.php): Skip in the same conditions when the
	.tmp file is skipped.

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: avoid warnings from gcc 4.2.1
	OpenBSD ships with gcc 4.2.1, which annoyingly treats all format
	strings as though they were also attribute((nonnull)).  The two
	concepts are orthogonal, though, as evidenced by the number of
	spurious warnings it generates on uses where we know that
	virReportError specifically handles NULL instead of a format
	string; worse, since we now force -Werror on git builds, it
	prevents development builds on OpenBSD.

	I hate to do this, as it disables ALL format checking on older
	gcc, and therefore misses out on some useful checks (code that
	happened to compile on Linux may still have type mismatches
	when compiled on other platforms, as evidenced by the number
	of times I have fixed formatting mismatches for uid_t as found
	by warnings on Cygwin), but I don't see any other way to keep
	-Werror alive and still compile on OpenBSD.

	A more invasive change would be to make virReportError() mark
	its format attribute as nonnull, and fix (a lot of) fallout;
	we may end up doing that anyways as part of danpb's error
	refactoring improvements, but not today.

	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Use preferred spellings.
	* m4/virt-compile-warnings.m4 (-Wformat): Disable on older gcc.

2012-09-05  Martin Kletzander  <mkletzan@redhat.com>

	qemu: don't pin all the cpus
	This is another fix for the emulator-pin series. When going through
	the cputune pinning settings, the current code is trying to pin all
	the CPUs, even when not all of them are specified. This causes error
	in the subsequent function which, of course, cannot find the cpu to
	pin. Since it's enough to pass the correct VCPU ID to the function,
	the fix is trivial.

2012-09-05  Eric Blake  <eblake@redhat.com>

	maint: avoid doubled name in syntax check failures
	Based on the similar gnulib commit 96ad9077.  The use of
	$(_sc_search_regexp) already injects $(ME) into any output
	messages, so a failure of these rules would look like this,
	pre-patch:

	maint.mk: maint.mk: use virStrToLong_*, not strtol variants

	* cfg.mk (sc_prohibit_strncmp, sc_prohibit_strtol)
	(sc_libvirt_unmarked_diagnostics): Drop redundant $(ME).

2012-09-05  Eric Blake  <eblake@redhat.com>

	build: use re-entrant functions in virsh
	Yesterday's commit 15d2c9f pointed out that virsh was still using
	localtime(), which is not thread-safe, even though virsh is
	definitely multi-threaded.  Even if we only ever triggered it from
	one thread, it's better safe than sorry for maintenance purposes.

	* cfg.mk (exclude_file_name_regexp--sc_prohibit_nonreentrant):
	Tighten the rule.
	* tools/virsh.c (vshOutputLogFile): Avoid localtime.
	(vshEditWriteToTempFile, vshEditReadBackFile, cmdCd, cmdPwd)
	(vshCloseLogFile): Avoid strerror.
	* tools/console.c (vshMakeStdinRaw): Likewise.
	* tools/virsh-domain.c (vshGenFileName): Fix spacing in previous
	patch.

2012-09-05  Daniel P. Berrange  <berrange@redhat.com>

	Remove explicit dependency on ceph RPM
	The libvirt storage driver uses librbd.so for its functionality.
	RPM will automatically add a dependency on the library, so there
	is no need to have an explicit dependency on the ceph RPM itself.
	This allows newer Fedora distros to avoid pulling in the huge
	ceph RPM, in favour of just having the libraries installed

2012-09-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not require auth scheme in graphics events
	Only VNC_{{DIS,}CONNECTED,INITIALIZED} and SPICE_INITIALIZED events are
	documented to support server/auth field and even there it is marked as
	optional. Emit "" auth scheme in case QEMU didn't send it.

2012-09-05  Martin Kletzander  <mkletzan@redhat.com>

	conf: describe security_driver behavior
	As a request was raised for this, I added few lines in the "Notes"
	part of the "security_driver" comments about allowed values.

	docs: correct dompmwakeup description

2012-09-05  Paul Eggert  <eggert@cs.ucla.edu>

	Pass a correct pointer type to localtime_r(3).
	On 09/04/2012 08:20 AM, Eric Blake wrote:
	> tv_sec is required by POSIX to be
	> of type time_t; so this is a bug in the OpenBSD header
	> [for declaring it as long]

	Most likely this problem arose because of the patch I pushed
	in gnulib commit e07d7c40f3ca5ec410cf5aa6fa03cfe51e712039.
	Previously, gnulib required timeval's tv_sec to be
	the same size as time_t.  But now, it requires only that
	tv_sec be big enough to hold a time_t.

	This patch was needed for Emacs.  Without the patch, gnulib
	replaced struct timeval on OpenBSD, and this messed up
	utimens.c, and Emacs wouldn't build.

	Alternatively, gnulib could substitute its own struct timeval
	for the system's, wrapping every struct timeval-using function
	(gettimeofday, futimesat, futimes, lutimes, etc.  That'd be
	more work, though.  And it would introduce some performance
	issues with gettimeofday, which is supposed to be fast.

	I've been trying to get away from using struct timeval,
	and to use the higher-resolution struct timespec instead,
	so messing with these obsolescent interfaces has been
	lower priority for me.  But if someone wants to take the
	more-ambitious approach that'd be fine, I expect.

	For this particular case, though, how about if we avoid
	the problem entirely?  libvirt doesn't need to use struct
	timeval here at all.  It makes libvirt smaller and probably
	faster, and it ports to OpenBSD without messing with gnulib.

2012-09-04  Eric Blake  <eblake@redhat.com>

	build: use correct libraries for clock_gettime
	On OpenBSD, clock_gettime() exists in libc rather than librt, and
	blindly linking with -lrt made the build fail.  Gnulib already
	did the work for determining which libraries to use, so we should
	reuse that work rather than doing it ourselves.

	* bootstrap.conf (gnulib_modules): Pull in clock-time.
	* configure.ac (RT_LIBS): Drop.
	* src/Makefile.am (libvirt_util_la_LIBADD): Use gnulib variable
	instead.
	* src/util/virtime.c (includes): Simplify.

2012-09-04  Jasper Lievisse Adriaanse  <jasper@humppa.nl>

	Include an extra header needed for OpenBSD.

2012-09-04  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	Rename iolimit to blockio.
	After discussion with DB we decided to rename the new iolimit
	element as it creates the impression it would be there to
	limit (i.e. throttle) I/O instead of specifying immutable
	characteristics of a block device.
	This is also backed by the fact that the term I/O Limits has
	vanished from newer storage admin documentation.

2012-09-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix reboot with guest agent
	When reboot using qemu guest agent was requested, qemu driver kept
	waiting for SHUTDOWN event from qemu. However, such event is never
	emitted during guest reboot and qemu driver would keep waiting forever.

2012-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix mingw64 build by using intptr_t for int->void* casts
	The viratomictest.c was casting from an int to a void* via a
	long. This works on Linux or Mingw32, but fails on Mingw64
	due to a pointer/integer size mis-match. Replacing 'long'
	with 'intptr_t' ensures matching type sizes

2012-09-03  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't update graphic definitions on password change failure
	When the password change failed we updated the graphic definition
	anyways, which is not desired.

2012-09-03  Martin Kletzander  <mkletzan@redhat.com>

	tests: Add tests for qemu S3/S4 state configuration
	Few tests were added which are checking whether the parsing of the xml
	and command-line arguments is working and compatible with each other.

	qemu: Add support for S3/S4 state configuration
	This patch adds support for running qemu guests with the required
	parameters to forcefully enable or disable BIOS advertising of S3 and
	S4 states.  The support for this is added to capabilities and there is
	also a qemu command parameter parsing implemented.

	Add per-guest S3/S4 state configuration
	There is a new <pm/> element implemented that can control what ACPI
	sleeping states will be advertised by BIOS and allowed to be switched
	to by libvirt. The default keeps defaults on hypervisor, otherwise
	forces chosen setting.
	The documentation of the pm element is added as well.

2012-08-31  Eric Blake  <eblake@redhat.com>

	python: don't mask libvirt errors
	A user reported this crash when using python bindings:

	  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 134, in trigger
	    hook.trigger(event)
	  File "/home/nox/workspace/NOX/src/NOX/hooks.py", line 33, in trigger
	    self.handlers[event]()
	  File "/home/nox/workspace/NOX/hooks/volatility.py", line 81, in memory_dump
	    for block in Memory(self.ctx):
	  File "/home/see/workspace/NOX/src/NOX/lib/libtools.py", line 179, in next
	    libvirt.VIR_MEMORY_PHYSICAL)
	  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1759, in memoryPeek
	    ret = libvirtmod.virDomainMemoryPeek(self._o, start, size, flags)
	SystemError: error return without exception set

	In the python bindings, returning NULL makes python think an
	exception was thrown, while returning the None object lets the
	wrappers know that a libvirt error exists.

	Reported by Nox DaFox, fix suggested by Dan Berrange.

	* python/libvirt-override.c (libvirt_virDomainBlockPeek)
	(libvirt_virDomainMemoryPeek): Return python's None object, so
	wrapper knows to check libvirt error.

2012-08-31  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Support for Block Device IO Limits.
	Implementation of iolimits for the qemu driver with
	capability probing for block size attribute and
	command line generation for block sizes.
	Including testcase for qemuxml2argvtest.

	conf: Support for Block Device IO Limits
	Introducing a new iolimits element allowing to override certain
	properties of a guest block device like the physical and logical
	block size.
	This can be useful for platforms with 'non-standard' disk formats
	like S390 DASD with its 4K block size.

2012-08-31  Eric Blake  <eblake@redhat.com>

	command: shell-quote when logging commands
	Without this patch, logged command executions can be ambiguous if
	the command contained any shell metacharacters.  This has caused
	more than one person to attempt to patch clients to add unnecessary
	quoting, without realizing that the command itself was run with
	correct args, and only the logged output was ambiguous.

	* src/util/command.c (virCommandToString): Add shell escapes.
	* tests/commandtest.c (test16): Test new behavior.
	* tests/commanddata/test16.log: Update expected output.
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Likewise.
	* tests/networkxml2argvdata/*.argv: Likewise.

2012-08-31  Peter Krempa  <pkrempa@redhat.com>

	virsh: remove unneeded usage of vshConnectionUsability()
	Now that vshCommandRun() checks for the connection automaticaly, remove
	all of the redundant checks in the code.

	vshConnectionUsability() no longer needs to be exported and this patch
	marks it static.

2012-08-31  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve checking for connection when running commands
	Almost each virsh command uses the function vshConnectionUsability
	before doing anything, to check if the connection is "alive".  Commands
	that don't need an conection are already conveniently marked with
	VSH_CMD_FLAG_NOCONNECT. We can automaticaly check for the connection
	before calling any remote command so we don't forget to do so.

	This patch also upgrades the connection check to use virConnectIsAlive
	along with the current approach.

2012-08-31  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix remote port searching
	After fixing the last review comments on remote port searching (commit
	a14b4aea512d6c3a42af56207a65ef10ac4a12a1), the commit right after that
	wasn't modified accordingly, therefore two values weren't changed as
	they should and the configurable ports don't work as expected.

	This simple commit changes last two values missed and fixes the issue.

2012-08-31  Osier Yang  <jyang@redhat.com>

	schemas: Fix wwn pattern
	It should be [] instead of ().

	util: Update the inconsistent and outdated comments
	The codes were updated to allow to reset the device as long as
	there is no devices/functions behind the same bus. However, the
	comments were kept without touched.

2012-08-31  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.1
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: pulled localization updates for sp,ja,mr,pa,uk,zh_CN,zh_TW
	  and regenerated

2012-08-31  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	conf: Avoid formatting auto-generated DAC labels
	To avoid backward compatibility issues, this patch suppresses
	auto-generated DAC labels from XML. This change affects commands such as
	dumpxml and save.

2012-08-31  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	conf: Fix parsing of seclabels without model
	With this patch libvirt tries to assign a model to a single seclabel
	when model is missing. Libvirt will look up at host's capabilities and
	assign the first model to seclabel.

	This patch fixes:

	1. The problem with existing guests that have a seclabel defined in its XML.
	2. A XML parse error when a guest is restored.

2012-08-31  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: fixed incorrect timing report
	When executing virsh -t <command> the reported timing was off
	by 3 orders of magnitude if the command took more than one
	second.

2012-08-31  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Document subdriver option of attach-disk

	qemu: Don't ignore CPU tuning config if required cgroups are missing
	When domain XML contains any of the elements for setting up CPU
	scheduling parameters (period, quota, emulator_period, or
	emulator_quota) we need cpu cgroup to enforce the configuration.
	However, the existing code would just ignore silently such settings if
	either cgroups were not available at all cpu cgroup was not available.
	Moreover, APIs for manipulating CPU scheduler parameters were already
	failing if cpu cgroup was not available. This patch makes cpu cgroup
	mandatory for all domains that use CPU scheduling elements in their XML.

2012-08-31  Guannan Ren  <gren@redhat.com>

	doc: update option force to subcommand change-media
	BZ: https://bugzilla.redhat.com/show_bug.cgi?id=837761

	cgroup: fix libvirtd crash caused by messed memory
	The variable max_id is initialized again in the step of
	getting cpu mapping variable map2. But in the next for loop
	we still expect original value of max_id, the bug will
	crash libvirtd when using on NUMA machine with big number
	of cpus.

	cgroup: fix a typo on extracting data from vcpu cgroup

2012-08-31  Guannan Ren  <gren@redhat.com>

	cgroup: read more data from cgroup cpuacct.usage_percpu
	On NUMA machine, the length of string got from file
	cpuacct.usage_percpu is quite large, so expand the
	limit of 1024 bytes.

	errors like:
	Failed to read file \
	'/cgroup/cpuacct/libvirt/qemu/rhel6q/cpuacct.usage_percpu': \
	Value too large for defined data type

2012-08-31  Jiri Denemark  <jdenemar@redhat.com>

	docs: Fix typo in CPU tuning

2012-08-31  Peter Krempa  <pkrempa@redhat.com>

	doc: Fix emulator pinning example in formatdomain.html
	Add correct closing tags.

2012-08-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: adapt IP learning for broadcasted DHCP replies
	Adapt the IP learning code to also accept broadcasted DHCP replies

2012-08-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: accept broadcasted DHCP replies in DHCP snooping code
	Some DHCP servers send their DHCP replies to the broadcast MAC address
	rather than to the MAC address of the VM. The existing DHCP snooping
	code assumes that the reply always goes to the MAC address of the VM
	thus filtering the traffic of some DHCP servers' replies.

	The below patch adapts the code to

	1) filter DHCP replies by comparing the MAC address in the reply against
	   the MAC address of the VM (held in the snoop request)

	2) adapts the pcap filter for traffic towards the VM to accept DHCP replies
	   sent to any MAC address; for further filtering we rely on 1)

	3) creates initial rules that are active while waiting for DHCP replies;
	   these rules now accept DHCP replies to the VM's MAC address or to the
	   MAC broadcast address

2012-08-31  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Implement virMacAddrIsBroadcastRaw
	Add function for testing for Ethernet broadcast address

2012-08-31  Kyle Mestery  <kmestery@cisco.com>

	Fix adding ports to OVS bridges without VLAN tags
	The introduction of the new VLAN code, along with the fix
	from 5e465df6be8bcb00f0b4bff831e91f4042fae272, caused the
	addition of OVS ports to fail with the following message:

	ovs-vsctl: 00002|vsctl|ERR|: missing column name

	This fix takes into account the VLAN arguments are optional,
	and correctly sets up the command line to run the "ovs-vsctl"
	command to add ports to the OVS bridge.

	CC: Eric Blake <eblake@redhat.com>

2012-08-31  Jim Fehlig  <jfehlig@suse.com>

	Fix xen driver following changes to make it stateful
	Recent work to improve support for loadable driver modules introduced
	a regression in the xen driver.  The legacy xen driver is now a
	stateful, libvirtd driver but was not being registered when building
	without driver modules.

	A slight behavior change was also noted in the xen drivers when
	built as driver modules.  Previously, explicitly specifying a
	connection URI was not necessary, but now

	Compiled against library: libvirt 0.10.0
	Using library: libvirt 0.10.0
	Using API: QEMU 0.10.0
	error: failed to get the hypervisor version
	error: internal error Cannot find suitable emulator for x86_64

	The xen drivers need to be registered before the qemu driver since
	the qemu driver will return success with a null connection URI.
	This ordering is safe since the xen drivers will decline when not
	running the xen kernel.

2012-08-30  Nishank Trivedi  <nistrive@cisco.com>

	Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough
	If a 8021.Qbh network device supports SRIOV and its VF is being used
	in pci passthrough mode, when the guest is shutdown or destroyed, the
	PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
	finds out the PF for provided hostdev (which is VF) and passes it to
	virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
	to virNetDevSetOnline() where the interface is brought down by clearing
	IFF_UP flag.

	Bringing down a PF, when only VF is being brought down is not expected
	behavior. This patch adds a check so that virNetDevSetOnline() is called
	only for PF and not if device is a VF.

2012-08-30  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: loop generated too many rules
	The loop processing the trusted DHCP server generated one too
	many rules and added one final rules that accepted responses
	from all DHCP servers. Below patch fixes this.

2012-08-30  Peter Krempa  <pkrempa@redhat.com>

	security: Re-apply commit ce53382ba28179d3a504b29b4f888b6e130d53f0
	Recent changes in the security driver discarded changes that fixed
	labeling un-confined guests.

	vcpupin: Fix returning of arrays from virDomainVcpuPinAdd
	virDomainVcpuPinAdd does a realloc on vcpupin_list if the new vcpu pin
	definition doesn't fit into the array. The list is an array of pointers
	but the function definition didn't support returning the changed pointer
	to the caller if it was realloced. This caused segfaults if realloc
	would change the base pointer.

2012-08-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix possible infinite loop and segfault on error path.
	virDomainVcpuPinDefCopy when the control flow reaches out of memory
	cleanup code, the flow would end in a infinite loop as the loop variable
	wasn't decremented.

	Also a dereference of NULL pointers was possible if allocation of the
	Vcpu pinning definiton structure failed.

2012-08-30  Peter Krempa  <pkrempa@redhat.com>

	qemu: Clean up security driver initialisation and config file
	Commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 left behind some dead
	code (hasDAC can't be efectively set to true, because
	virSecurityManagerNew fails to load the "dac" driver).

	This patch also enhances the condition for adding the default
	auto-detected security manager if the manager array is allocated but
	empty.

	Also the configuration file for qemu driver still contains reference to
	the DAC driver that can't be enabled manualy.

2012-08-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Revert to blocking behavior of qemuAgentCommand
	Before commit 05447e3af44ec153314ff97cd611330d9b4b5730, qemuAgentCommand
	blocked until it got a reply or appropriate event. When new parameter
	was added to qemuAgentCommand in the above commit, all existing callers
	of it were updated in a wrong way changing them from blocking to
	5-seconds timeout.

	qemu: Remove redundant parameter from qemuAgentSend
	The @timeout parameter of qemuAgentSend is both redundant and confusing.
	This patch should not result in any functional changes.

2012-08-30  Laine Stump  <laine@laine.org>

	network: get vlan info for Open vSwitch interfaces from proper source
	This bug was revealed by the crash described in

	  https://bugzilla.redhat.com/show_bug.cgi?id=852383

	The vlan info pointer sent to virNetDevOpenvswitchAddPort should never
	be non-NULL unless there is at least one tag. The factthat such a vlan
	info pointer was receveid pointed out that a caller was passing the
	wrong pointer. Instead of sending &net->vlan, the result of
	virDomainNetGetActualVlan(net) should be sent - that function will
	look for vlan info in net->data.network.actual->vlan, and in cany case
	return NULL instead of a pointer if the vlan info it finds has no
	tags.

	Aside from causing the crash, sending a hardcoded &net->vlan has the
	effect of ignoring vlan info from a <network> or <portgroup> config.

2012-08-30  Daniel Veillard  <veillard@redhat.com>

	Small cleanup on previous patch
	As pointed by Eric Blake

2012-08-30  Kyle Mestery  <kmestery@cisco.com>

	Fix a crash when using Open vSwitch virtual ports
	Fixup buffer usage when handling VLANs. Also fix the logic
	used to determine if the virNetDevVlanPtr is valid or not.
	Fixes crashes in the latest code when using Open vSwitch
	virtualports.

2012-08-30  Osier Yang  <jyang@redhat.com>

	qemu: Sort the numa params only when it affects the live config
	As the next boot doesn't have to worry about the previous numa
	params setting (there is no).

2012-08-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix configuration of QEMU security drivers
	If no 'security_driver' config option was set, then the code
	just loaded the 'dac' security driver. This is a regression
	on previous behaviour, where we would probe for a possible
	security driver. ie default to SELinux if available.

	This changes things so that it 'security_driver' is not set,
	we once again do probing. For simplicity we also always
	create the stack driver, even if there is only one driver
	active.

	The desired semantics are:

	 - security_driver not set
	     -> probe for selinux/apparmour/nop
	     -> auto-add DAC driver
	 - security_driver set to a string
	     -> add that one driver
	     -> auto-add DAC driver
	 - security_driver set to a list
	     -> add all drivers in list
	     -> auto-add DAC driver

	It is not allowed, or possible to specify 'dac' in the
	security_driver config param, since that is always
	enabled.

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor initialisation of security drivers.
	The security driver loading code in qemu has a flaw that causes it to
	register the DAC security driver twice. This causes problems (machines
	unable to start) as the two DAC drivers clash together.

	This patch refactors the code to allow loading the DAC driver even if
	its specified in configuration (it can't be registered as a common
	security driver), and does not add the driver twice.

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	Revert "security: Add DAC to security_drivers"
	This reverts commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a.

	The DAC security driver needs special handling and extra parameters and
	can't just be added to regular security drivers.

2012-08-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix starting domains with no cpu cgroup
	If cgroups are enabled in general but cpu cgroup is disabled in
	qemu.conf or not mounted at all, libvirt would refuse to start any
	domain even though scheduler parameters are not set in domain XML.

	This patch makes cpu cgroup mandatory only for domains that actually
	want to use it.

2012-08-29  Alex Jia  <ajia@redhat.com>

	security: remove dead code from virSecurityDACGenLabel
	* src/security/security_dac.c: remove useless dead code.

2012-08-29  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.10.0
	* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	* po/*.po*: update localizations for zh_CN, uk, ja, pt_BR, as, sp, mr, zh_TW

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	nwfilter: Don't try to acquire DBus context when DBus is disabled
	To silence error if DBus support is not compiled in.

2012-08-29  Guido Günther  <agx@sigxcpu.org>

	Don't require gawk for a simple print expression
	Fedora uses gawk as awk so there's no change and in behavior while
	Debian/Ubuntu use mawk by default.

	This was reported by Luca Capello in
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636712

2012-08-29  Alex Jia  <ajia@redhat.com>

	util: Prevent libvirtd crash from virNetDevOpenvswitchAddPort()
	* src/util/virnetdevopenvswitch.c (virNetDevOpenvswitchAddPort): avoid libvirtd
	crash due to derefing a NULL virtVlan->tag.

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=852383

2012-08-29  Osier Yang  <jyang@redhat.com>

	qemu: Set placement when setting numa parameters
	To keep the internal data structure consistent.

2012-08-29  Daniel Veillard  <veillard@redhat.com>

	Portability fixes for non-linux or old linux platforms
	The commits d57567940153147f4d43875fb92c3030b3178b03 and
	080bf330e3749d94ebe094f8deca0e3e67d3f2fe made use directly of
	macro defined in recent linux netlink version. Make those
	part conditional on the definition

	* daemon/libvirtd.c: do not use NETLINK_ROUTE and NETLINK_KOBJECT_UEVENT
	  without some check first

2012-08-29  Peter Krempa  <pkrempa@redhat.com>

	security_dac: Don't return uninitialised uid and gid for image labels
	As in the previous commit, images are also chowned to uninitialised
	uid and gid if the label is not present.

2012-08-28  Peter Krempa  <pkrempa@redhat.com>

	security_dac: Don't return uninitialised value when parsing seclabels
	When starting a machine the DAC security driver tries to set the UID and
	GID of the newly spawned process. This worked as desired if the desired
	label was set. When the label was missing a logical bug in
	virSecurityDACGenLabel() caused that uninitialised values were used as
	uid and gid for the new process.

	With this patch, default values (from qemu driver configuration)
	are used if the label is not found.

2012-08-28  Peter Krempa  <pkrempa@redhat.com>

	security_dac: Avoid segfault when no label is requested
	When no DAC "label" was requested for a domain the DAC manager tried to
	strdup a NULL string causing a segfault.

2012-08-28  Peter Krempa  <pkrempa@redhat.com>

	util: Fix error message when getpwuid_r fails to find the user
	getpwuid_r returns success but sets the return structure to NULL when it
	fails to deliver data about the requested uid. In our helper code this
	created following strange error messages:

	" ... cannot getpwuid_r(1234): Success"

	This patch creates a more helpful message:
	" ... getpwuid_r failed to retrieve data for uid '1234'"

2012-08-28  Osier Yang  <jyang@redhat.com>

	conf: Fix the problem which cause libvirtd to crash
	* src/conf/domain_conf.c: Use STREQ_NULLABLE instead of STREQ,
	as def->seclables[i]->model could be NULL.

2012-08-28  Michal Privoznik  <mprivozn@redhat.com>

	build: define 'inline' iff HAVE_LIBNL1
	Previous commit 0b4b53bb80 defined 'inline' to prevent broken build on
	systems with libnl1 headers. However, it broke build on systems with
	libnl3 headers. Therefore we must make that fix conditional.

2012-08-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: CPU allocation and pinning clarification
	There was a request for clarifying this part of the
	documentation. This also fixes a case used with CPU.

2012-08-27  Eric Blake  <eblake@redhat.com>

	build: work with older libnl1 headers
	Ubuntu 10.04 shipped with out-of-the-box libnl1 headers, which
	assumed the old gcc semantics of 'extern inline' as a C89 extension:
	the function will _always_ be inline if it is used, and that
	it may be declared extern inline in headers without a definition,
	as long as the definition occurs before any use.  But when C99
	added 'extern inline' as a mandatory feature of the language, with
	slightly different semantics than gcc (the function MUST have
	external linkage, and the inline definition MUST be present
	alongside any declaration, where the compiler can then choose
	which of the two versions to use), this rendered the use of
	'inline' in libnl's header obsolete.  Most distros already solved
	this by removing 'inline' (the resulting 'extern' is correct,
	regardless of gcc semantics), and libnl-3 does not have the
	problem (where it has switched to 'static inline' instead, again
	with the definition present, and again, our hack will result in
	plain 'static' with no ill effects).  But for the case of building
	out of the box, we hack around the broken Ubuntu header.

	* src/util/virnetlink.h: Work around libnl issue.

2012-08-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix define logic
	With current flow in qemudDomainDefine we might lose data
	when updating an existing domain. We parse given XML and
	overwrite the configuration.  Then we try to save the new
	config. However, this step may fail and we don't perform any
	roll back.  In fact, we remove the domain from the list of
	domains held up by qemu driver. This is okay as long as the
	domain was brand new one.

	qemu_agent: Switch to virReportSystemError() on system error
	Currently, if a syscall in qemu_agent.c fails we report an internal
	error even though we should be reporting a system error.

	Introduce new VIR_ERR_AGENT_UNRESPONSIVE error code
	Currently, when guest agent is configured but not responsive
	(e.g. due to appropriate service not running in the guest)
	we return VIR_ERR_INTERNAL_ERROR. Both are wrong. Therefore
	we need to introduce new error code to reflect this case.

2012-08-27  Ján Tomko  <jtomko@redhat.com>

	conf: prevent NULL pointer access in virSecurityLabelDefsParseXML
	When checking for seclabels without security models, def->nseclabels is
	already set to n. In the case of an error def->seclabels is freed but
	nseclabels is left untouched. This leads to a segmentation fault when
	def is freed in virDomainDefParseXML.

2012-08-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Switch to unified func name
	With the latest patches libvirt supports qemu agent monitor
	passthrough. However, function in qemu driver is called
	qemuDrvDomainAgentCommand. s/Drv// as used in all other names.

2012-08-27  Guannan Ren  <gren@redhat.com>

	rpc: fix segmentation fault caused by null client-sock
	The client-sock could have been set to NULL by eventloop thread
	after async event fired.

2012-08-27  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix regression with spice tls port allocation
	In my quest for reusing variables I failed to edit one variable when
	fixing details between two patch versions. That results in a failure
	to start qemu with autoport and spice tls, because qemu is trying to
	bind two sockets to the same port.

2012-08-27  Martin Kletzander  <mkletzan@redhat.com>

	qemu: fix regression with pinning
	Commit 4b03d59167f4a4c6ec57def315a61d977466e75b changed the pinning
	behavior in a way that makes some machines non-startable.

	The comment mentioning that we cannot control each vcpu when there is
	not VCPU<-> PID mapping available is true, however, this isn't
	necessarily an error, because this can be caused by old QEMU without
	support for "query-cpus" command as well as a software emulated
	machines that don't create more than one process.

2012-08-27  Alex Jia  <ajia@redhat.com>

	virsh: fix missing return value
	Although virsh command raises a correct error information, the command status
	returns 0(true), this patch is used for fixing this issue.

2012-08-27  Laine Stump  <laine@laine.org>

	specfile: require libnl3 for Fedora >= 18 and RHEL >= 7
	Everything is ready in both netcf and libvirt to switch over to libnl3
	in future releases of both Fedora and RHEL. This needs to be done more
	or less simultaneously in both packages, though, because you can't mix
	libnl1.1 and libnl3 in the same process (e.g. libvirtd using
	libnl-3.so and libnetcf.so, while libnetcf.so uses libnl.so)

	This patch does two things when fedora >= 18 || rhel >= 7):

	  1) requires libnl3-devel
	  2) requires netcf-devel-0.2.2 or greater

	(the idea is that a similar patch is going into netcf's specfile, so
	that when a build of netcf is done on F18 or later (or RHEL7 or later)
	netcf will be guaranteed to be built with libnl3 rather than
	libnl-1.1)

2012-08-25  Laine Stump  <laine@laine.org>

	build: add LIBNL_CFLAGS to build of libvirt_lxc
	When libvirt_lxc is built, it uses the utility library and #includes
	virnetdev.h, which #includes virnetlink.h, which includes
	<netlink/msg.h>.

	Normally, the netlink include directory would be just off
	/usr/include, so that wouldn't create a problem, but on Fedora and
	RHEL systems using libnl3, the libnl includes have been moved into
	/usr/include/libnl3 (to allow concurrent installation of libnl-1.1).

	All other binaries that need it have added $(LIBNL_CFLAGS) to their
	CFLAGS, but not libvirt_lxc, so it fails to build on Fedora and RHEL
	that have only libnl3-devel installed. This was previously unnoticed
	because everyone was building with libnl headers in
	/usr/include/netlink (even on systems with the headers in
	/usr/include/libnl3/netlink, many people (like me) usually also have
	the libnl1.1 headers in /usr/include/netlink).

	This patch adds the necessary CFLAGS for libvirt_lxc.

	Note that we don't need to add $(LIBNL_LIBS) to the LDADD for this
	binary, because it never directly calls libnl functions, but only
	calls them indirectly through the util library, which it's already
	linking against.

2012-08-24  Eric Blake  <eblake@redhat.com>

	snapshot: rename an enum
	The name 'virDomainDiskSnapshot' didn't fit in with our normal
	conventions of using a prefix hinting that it is related to a
	virDomainSnapshotPtr.  Also, a future patch will reuse the
	enum for declaring where the VM memory is stored.

	* src/conf/snapshot_conf.h (virDomainDiskSnapshot): Rename...
	(virDomainSnapshotLocation): ...to this.
	(_virDomainSnapshotDiskDef): Update clients.
	* src/conf/domain_conf.h (_virDomainDiskDef): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Likewise.
	* src/conf/domain_conf.c (virDomainDiskDefParseXML)
	(virDomainDiskDefFormat): Likewise.
	* src/conf/snapshot_conf.c: (virDomainSnapshotDiskDefParseXML)
	(virDomainSnapshotAlignDisks, virDomainSnapshotDefFormat):
	Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotCreateDiskActive, qemuDomainSnapshotCreateXML):
	Likewise.

2012-08-24  Eric Blake  <eblake@redhat.com>

	snapshot: split snapshot conf code into own file
	This has several benefits:
	1. Future snapshot-related code has a definite place to go (and I
	_will_ be adding some)
	2. Snapshot errors now use the VIR_FROM_DOMAIN_SNAPSHOT error
	classification, which has been underutilized (previously only in
	libvirt.c)

	* src/conf/domain_conf.h, domain_conf.c: Split...
	* src/conf/snapshot_conf.h, snapshot_conf.c: ...into new files.
	* src/Makefile.am (DOMAIN_CONF_SOURCES): Build new files.
	* po/POTFILES.in: Mark new file for translation.
	* src/vbox/vbox_tmpl.c: Update caller.
	* src/esx/esx_driver.c: Likewise.
	* src/qemu/qemu_command.c: Likewise.
	* src/qemu/qemu_domain.h: Likewise.

2012-08-24  Eric Blake  <eblake@redhat.com>

	snapshot: make virDomainSnapshotObjList opaque
	We were failing to react to allocation failure when initializing
	a snapshot object list.  Changing things to store a pointer
	instead of a complete object adds one more possible point of
	allocation failure, but at the same time, will make it easier to
	react to failure now, as well as making it easier for a future
	patch to split all virDomainSnapshotPtr handling into a separate
	file, as I continue to add even more snapshot code.

	Luckily, there was only one client outside of domain_conf.c that
	was actually peeking inside the object, and a new wrapper function
	was easy.

	* src/conf/domain_conf.h (_virDomainObj): Use a pointer.
	(virDomainSnapshotObjListInit): Rename.
	(virDomainSnapshotObjListFree, virDomainSnapshotForEach): New
	declarations.
	(_virDomainSnapshotObjList): Move definitions...
	* src/conf/domain_conf.c: ...here.
	(virDomainSnapshotObjListInit, virDomainSnapshotObjListDeinit):
	Rename...
	(virDomainSnapshotObjListNew, virDomainSnapshotObjListFree): ...to
	these.
	(virDomainSnapshotForEach): New function.
	(virDomainObjDispose, virDomainListPopulate): Adjust callers.
	* src/qemu/qemu_domain.c (qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAllMetadata): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad)
	(qemuDomainUndefineFlags, qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
	(qemuDomainListAllSnapshots)
	(qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListAllChildren)
	(qemuDomainSnapshotLookupByName, qemuDomainSnapshotGetParent)
	(qemuDomainSnapshotGetXMLDesc, qemuDomainSnapshotIsCurrent)
	(qemuDomainSnapshotHasMetadata, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDelete): Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new function.

2012-08-24  Philipp Hahn  <hahn@univention.de>

	xen-xs: fix uuid of renamed domain
	When the XenStore tdb lives persistently and is not cleared between host
	reboots, Xend (version 3.4 and 4.1) re-creates the domain information
	located in XenStore below /vm/$UUID. (According to the xen-3.2-commit
	hg265950e3df69 to fix a problem when locally migrating a domain to the
	host itself.)

	When doing so a version number is added to the UUID separated by one
	dash, which confuses xenStoreDomainIntroduced(): It iterates over all
	domains and tries to lookup all inactive domains using
	xenStoreDomainGetUUID(), which fails if the running domain is renamed:
	virUUIDParse() fails to parse the versioned UUID and the domain is
	flagged as missing. When this happens the function delays .2s and
	re-tries 20 times again, multiplied by the number of renamed VMs.
	  14:48:38.878: 4285: debug : xenStoreDomainIntroduced:1354 : Some domains were missing, trying again

	This adds a significant delay:
	  # time virsh list >/dev/null
	  real    0m6.529s
	  # xenstore-list /vm
	  00000000-0000-0000-0000-000000000000
	  00000000-0000-0000-0000-000000000000-1
	  00000000-0000-0000-0000-000000000000-2
	  00000000-0000-0000-0000-000000000000-3
	  00000000-0000-0000-0000-000000000000-4
	  00000000-0000-0000-0000-000000000000-5
	  7c06121e-90c3-93d4-0126-50481d485cca
	  00000000-0000-0000-0000-000000000000-6
	  00000000-0000-0000-0000-000000000000-7
	  144ad19d-dfb4-2f80-8045-09196bb8784f
	  00000000-0000-0000-0000-000000000000-8
	  144ad19d-dfb4-2f80-8045-09196bb8784f-1
	  00000000-0000-0000-0000-000000000000-9
	  00000000-0000-0000-0000-000000000000-10
	  00000000-0000-0000-0000-000000000000-11
	  00000000-0000-0000-0000-000000000000-12
	  00000000-0000-0000-0000-000000000000-13
	  00000000-0000-0000-0000-000000000000-14
	  144ad19d-dfb4-2f80-8045-09196bb8784f-2
	  00000000-0000-0000-0000-000000000000-15
	  144ad19d-dfb4-2f80-8045-09196bb8784f-3
	  00000000-0000-0000-0000-000000000000-16

	The patch adds truncation of the UUID as read from the XenStore path
	before passing it to virUUIDParse().

	The same issue is reported at
	<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666135>

2012-08-24  Michal Privoznik  <mprivozn@redhat.com>

	conf: Don't always require security/@model
	Only parse model, if static labelling, or
	a base label is set, or doing active XML.

	security: Add DAC to security_drivers
	Currently, if users set 'security_driver="dac"' in qemu.conf libvirtd
	fails to initialize as DAC driver is not found because it is missing
	in our security drivers array.

2012-08-24  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: Add docs to remote.html
	Describe the existence of the transport driver and document the
	configurable options.

2012-08-24  Laine Stump  <laine@laine.org>

	nwfilter: don't log error if firewalld is disabled, improve diagnostics
	The original patch to support firewalld in nwfilter wasn't personally
	checking the exit status of firewall-cmd, but was instead sending NULL
	in the *exitstatus arg, which meant that virCommandWait would log an
	error just for the exit status being non-0 (and a "more scary than
	useful" error at that).

	We don't want to treat this as an error, though, just as a reason to
	use standard (ip|eb)tables commands instead of firewall-cmd.

	This patch modifies the virCommandRun in the nwfilter code to request
	status back from the caller. This avoids virCommandWait logging an
	error message, and allows the caller to do as it likes after examining
	the status.

	The VIR_DEBUG() logged when firewalld is enabled has also been
	reworded and changed to a VIR_INFO, and a similar VIR_INFO has been
	added in the case that firewalld is *not* found+enabled.

2012-08-24  Laine Stump  <laine@laine.org>

	openvz: check the exitstatus of vzlist
	I noticed this while auditing all calls to virCommandRun that request
	an exit status from virCommandRun. Two functions in the openvz driver

	  openvzDomainGetBarrierLimit
	  openvzDomainSetBarrierLimit

	request an exit status from virCommandRun (thus assuring that
	virCommandRun won't log any errors just due to a non-0 exit status),
	but then fail to examine that exit status. This could result in the
	functions believing that the call to "vzlist" was successful, even
	though it may have encountered an error.

2012-08-23  Eric Blake  <eblake@redhat.com>

	qemu-agent: available in 0.10.0
	The recent virDomainQemuAgentCommand addition is part of 0.10.0;
	also, grouping all libvirt-qemu.so callbacks together makes them
	easier to identify.

	* src/libvirt_qemu.syms: Fix release symbol.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/driver.h (_virDriver): Group qemu-specific callbacks.

2012-08-23  Laine Stump  <laine@laine.org>

	network: fix virtual network bridge delay setting
	libvirt's network config documents that a bridge's STP "forward delay"
	(called "delay" in the XML) should be specified in seconds, but
	virNetDevBridgeSetSTPDelay() assumes that it is given a delay in
	milliseconds (although the comment at the top of the function
	incorrectly says "seconds".

	This fixes the comment, and converts the delay to milliseconds before
	calling virNetDevBridgeSetSTPDelay().

2012-08-23  Michal Privoznik  <mprivozn@redhat.com>

	qemu: forbid suspend if already pmsuspended
	If a domain is pmsuspended then virsh suspend will succeed. Beside
	obvious flaw, virsh resume will report success and change domain
	state to running which is another mistake. Therefore we must forbid
	any attempts for suspend and resume when pmsuspended.

2012-08-23  MATSUDA Daiki  <matsudadik@intellilink.co.jp>

	agent: add qemu-agent-command to virsh
	Add qemu-agent-command to virsh to support virDomainQemuAgentCommand().

	agent: add python module support
	Add virDomainQemuAgentCommand() support function to python module.

	agent: add remote driver support
	Add qemuDomainAgentCommand() which is generated automatically,
	for .qemuDomainArbitraryAgentCommand to remote driver.

	agent: add qemu driver support
	Add qemuDrvDomainAgentCommand() for .qemuDomainArbitraryAgentCommand
	to qemu driver.

	agent: add virDrvDomainQemuAgentCommand prototype for drivers.
	Add virDrvDomainQemuAgentCommand prototype for drivers.
	Add virDomainQemuAgentCommand() for virDrvDomainQemuAgentCommand.

	agent: add qemuAgentArbitraryCommand() for general qemu agent command
	Add a function qemuAgentArbitraryCommand() for general qemu agent command.

	agent : add @seconds variable to qemuAgentSend().
	Add @seconds variable to qemuAgentSend().
	When @timemout is true, @seconds controls how long to wait for a
	response (if @seconds is VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT,
	default to QEMU_AGENT_WAIT_TIME).
	In addition, @seconds must be >= 0 or VIR_DOMAIN_QEMU_AGENT_COMMAND_DEFAULT.
	If @timeout is false, @seconds is ignored.

2012-08-23  Daniel Veillard  <veillard@redhat.com>

	Fix a missing build requirement on dbus-devel
	Communication with the firewall daemon uses DBus
	so if we compile with firewalld support, the dbus-devel
	is required for building

2012-08-23  Hu Tao  <hutao@cn.fujitsu.com>

	fix check of vcpuid in virDomainVcpuPinDefParseXML
	For emulator, the vcpuid field is always set to -1, instead of parsing
	XML for the value of it.

2012-08-23  Laine Stump  <laine@laine.org>

	util: eliminate erroneous VIR_WARNs in (eb|ip)tables.c
	Several VIR_DEBUG()'s were changed to VIR_WARN() while I was testing
	the firewalld support patch, and I neglected to change them back
	before I pushed.

	In the meantime I've decided that it would be useful to have them be
	VIR_INFO(), just so there will be logged evidence of which method is
	being used (firewall-cmd vs. (eb|ip)tables) without needing to crank
	logging to 11. (at most this adds 2 lines to libvirtd's logs per
	libvirtd start).

2012-08-22  Yuri Chornoivan  <yurchor@ukr.net>

	Fix some typos in messages, docs and comments.

2012-08-22  Gene Czarcinski  <gene@czarc.net>

	dnsmasq: avoid forwarding queries without a domain
	dnsmasq is forwarding a number of queries upstream that should not
	be done.  There still remains an MX query for a plain name with no
	domain specified that will be forwarded is dnsmasq has --domain=xxx
	--local=/xxx/ specified. This does not happen with no domain name
	and --local=// ... not a libvirt problem.

	BTW, thanks again to Claudio Bley!

2012-08-22  Stefan Hajnoczi  <stefanha@linux.vnet.ibm.com>

	docs: fix blockpull/blockcopy bandwidth Mbps -> MiB/s
	The bandwidth units for blockpull and blockcopy are in Megabytes per
	Second, not Megabits per Second.

2012-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix parameter list in virNetlinkEvent{Add,Remove}Client Win32 stubs
	The virNetlinkEventAddClient / virNetlinkEventRemoveClient stub
	impls had syntax errors in their parameter lists, using a ')'
	after the second-to-last parameter instead of a ','

2012-08-22  Guannan Ren  <gren@redhat.com>

	virsh: don't print error info when snapshot xml is not changed
	If xml is not changed, error message is printed.
	So check ret value instead of edit variable for error message.

2012-08-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in Makefile.am  s/LDFOAGS/LDFLAGS/

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	Add uevent netlink service.
	This patch adds a new netlink service with NETLINK_KOBJECT_UEVENT
	protocol hotplug event.

	Introduce virNetlinkEventServiceStopAll() to stop all netlink services.
	This patch introduce virNetlinkEventServiceStopAll() to stop
	all the monitors to receive netlink messages for libvirtd.

	Improve netlink to support all protocol.
	This patch improve all the API in virnetlink.c to support
	all kinds of netlink protocols, and make all netlink sockets
	be able to join in groups.

2012-08-22  Peter Krempa  <pkrempa@redhat.com>

	client: Change default location of known_hosts file for libssh2 layer
	Unfortunately libssh2 doesn't support all types of host keys that can be
	saved in the known_hosts file. Also it does not report that parsing of
	the file failed. This results into truncated known_hosts files where the
	standard client stores keys also in other formats (eg.
	ecdsa-sha2-nistp256).

	This patch changes the default location of the known_hosts file into the
	libvirt private configuration directory, where it will be only written
	by the libssh2 layer itself. This prevents trashing user's known_host
	file.

2012-08-22  Peter Krempa  <pkrempa@redhat.com>

	libssh2_session: Add support for creating known_hosts file
	The libssh2 code wasn't supposed to create the known_hosts file, but
	recent findings show, that we can't use the default created by OpenSSH
	as libssh2 might damage it. We need to create a private known_hosts file
	in the config path.

	This patch adds support for skipping error if the known_hosts file is
	not present and let libssh2 create a new one.

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: support of emulator_period and emulator_quota's modification
	allow the user change/get emulator's period and quota when the vm is running.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	new interface to control emulator_period/emulator_quota
	This patch adds two macros: VIR_DOMAIN_SCHEDULER_EMULATOR_PERIOD,
	VIR_DOMAIN_SCHEDULER_EMULATOR_QUOTA for controlling cpu bandwidth
	for emulator activities not tied to vcpus

	qemu: introduce period/quota tuning for emulator
	This patch introduces support of setting emulator's period and
	quota to limit cpu bandwidth when the vm starts.  Also updates
	XML Schema for new entries and docs.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	limit cpu bandwidth only for vcpus
	This patch changes the behaviour of xml element cputune.period
	and cputune.quota to limit cpu bandwidth only for vcpus, and no
	longer limit cpu bandwidth for the whole guest.

	The reasons to do this are:

	  - This matches docs of cputune.period and cputune.quota.
	  - The other parts excepting vcpus are treated as "emulator",
	    and there are separate period/quota settings for emulator
	    in the subsequent patches

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	new command emulatorpin

	Add a new function vshPrintPinInfo.
	This is a helper function to print vcpu pin info.

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	remote: introduce emulator pinning RPCs
	Introduce 2 APIs to support emulator threads in remote driver.
	    1) remoteDomainPinEmulator: call driver api, such as qemudDomainPinEmulator.
	    2) remoteDomainGetEmulatorPinInfo: call driver api, such as qemudDomainGetEmulatorPinInfo.
	They are similar to remoteDomainPinVcpuFlags and remoteDomainGetVcpuPinInfo.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: support emulator pinning
	Introduce 2 APIs to support emulator threads pin in qemu driver.

	    1) qemudDomainPinEmulator: setup emulator threads pin info.
	    2) qemudDomainGetEmulatorPinInfo: get all emulator threads pin info.

	They are similar to qemudDomainPinVcpuFlags and qemudDomainGetVcpuPinInfo.
	And also, remoteDispatchDomainPinEmulatorFlags and remoteDispatchDomainGetEmulatorPinInfo
	functions are introduced.

2012-08-22  Tang Chen  <tangchen@cn.fujitsu.com>

	Introduce virDomainEmulatorPinAdd and virDomainEmulatorPinDel functions
	Introduce 2 APIs to support emulator threads pin.
	    1) virDomainEmulatorPinAdd: setup emulator threads pin with a given cpumap string.
	    2) virDomainEmulatorPinDel: remove all emulator threads pin.

	Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo functions.
	Introduce 2 APIs to set/get physical cpu pinning info of emulator threads.

	Add qemuProcessSetEmulatorAffinites and set emulator threads affinities
	Emulator threads should also be pinned by sched_setaffinity(), just
	the same as vcpu threads.

	qemu: synchronize emulatorpin info to cgroup
	Introduce qemuSetupCgroupEmulatorPin() function to add emulator
	threads pin info to cpuset cgroup, the same as vcpupin.

	Support emulatorpin xml parse.
	This patch adds a new xml element <emulatorpin>, which is a sibling
	to the existing <vcpupin> element under the <cputune>, to pin emulator
	threads to specified physical CPUs.

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	Change virDomainVcpuPinDefParseXML to support parsing emulatorpin

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	Enable cpuset cgroup and synchronous vcpupin info to cgroup.
	vcpu threads pin are implemented using sched_setaffinity(), but
	not controlled by cgroup. This patch does the following things:

	    1) enable cpuset cgroup
	    2) reflect all the vcpu threads pin info to cgroup

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	updates of some vcpupin related functions
	1. add a new function virDomainVcpuPinDefCopy
	2. make virDomainVcpuPinDefFree non-static

	refactor virDomainVcpuPinAdd()

	add function bitmapFromBytemap() to convert bytemap to bitmap

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	create a new cgroup and move all emulator threads to the new cgroup
	Create a new cgroup and move all emulator threads to the new cgroup.
	And then we can do the other things:
	1. limit only vcpu usage rather than the whole qemu
	2. limit for emulator threads(include vhost-net threads)

2012-08-22  Hu Tao  <hutao@cn.fujitsu.com>

	Introduce the function virCgroupMoveTask
	Introduce a new API to move tasks of one controller from a cgroup to another cgroup

2012-08-22  Wen Congyang  <wency@cn.fujitsu.com>

	Introduce the function virCgroupForEmulator
	Introduce the function virCgroupForEmulator() to create sub directory
	for simulator thread(include I/O thread, vhost-net thread)

2012-08-21  Gerd v. Egidy  <lists@egidy.de>

	output status information during guest shutdown again
	Since the move to systemd libvirt-guests doesn't output this progress
	information anymore. This patch brings back this feature.

	It is helpful to show the admin what the system is waiting for and what
	is left of the timeout (e.g. for calibrating the shutdown timing of a ups).

	Rewriting the current line with \r doesn't work anymore in the context
	of systemd. So always write new lines, but move to 5 second intervals
	to avoid flooding the console.

2012-08-21  J.B. Joret  <jb@linux.vnet.ibm.com>

	qemu: Disk Geometry Override Support
	Qemu command line generation for geometry override and testcases.

	Support for Disk Geometry Override
	A hypervisor may allow to override the disk geometry of drives.
	Qemu, as an example with cyls=,heads=,secs=[,trans=].
	This patch extends the domain config to allow the specification of
	disk geometry with libvirt.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: avoid $(builddir) in Makefile
	Older automake 1.9.6 (hello there, RHEL 5) did not populate
	$(builddir), which meant 'make check' failed with:

	make[3]: *** No rule to make target `/.libs/libvirt.la', needed by `check-symfile'.  Stop.

	For that matter, even newer automake doesn't directly emit rules
	to build .libs/libvirt.la; we are better off basing our rules
	on the public ./libvirt.la.

	* src/Makefile.am (check-symfile): Delete useless variable.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: network requires location of dbus headers
	Without this patch, RHEL 5 fails to compile, since the dbus
	files lives under /usr/include/dbus-1.0/dbus/dbus.h, and
	DBUS_CFLAGS contains -I/usr/include/dbus-1.0.

	In file included from network/bridge_driver.c:67:
	../src/util/virdbus.h:26:25: error: dbus/dbus.h: No such file or directory

	* src/Makefile.am (libvirt_driver_network_impl_la_CFLAGS): Add
	DBUS_CFLAGS.

2012-08-21  Eric Blake  <eblake@redhat.com>

	atomic: fix whitespace in previous patch

2012-08-21  Eric Blake  <eblake@redhat.com>

	atomic: mark header functions static
	When gcc atomic intrinsics are not available (such as on RHEL 5
	with gcc 4.1.2), we were getting link errors due to multiple
	definitions:

	./.libs/libvirt_util.a(libvirt_util_la-virobject.o): In function `virAtomicIntXor':
	/home/dummy/l,ibvirt/src/util/viratomoic.h:404: multiple definition of `virAtomicIntXor'
	./.libs/libvirt_util.a(libvirt_util_la-viratomic.o):/home/dummy/libvirt/src/util/viratomic.h:404: first defined here

	Solve this by conditionally marking the functions static (the
	condition avoids falling foul of gcc warnings about unused
	static function declarations).

	* src/util/viratomic.h: When not using gcc intrinsics, use static
	functions to avoid linker errors on duplicate functions.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: work with glibc that lacks CPU_COUNT
	Building on RHEL 5 warned:

	nodeinfo.c: 305: warning: implicit declaration of function 'CPU_COUNT'

	This extension macro in <sched.h> was not added until later glibc.

	* src/nodeinfo.c (CPU_COUNT): Add fallback implementation.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: work with older RHEL 5 kernel
	We already skip out on building the LXC under RHEL 5, because the
	kernel is too old (commits 4c18acf, 2dee896); but commit 9612e4b
	moved some LXC-only code into common files, resulting in this
	build failure:

	util/virfile.c: In function 'virFileLoopDeviceAssociate':
	util/virfile.c:580: error: 'LO_FLAGS_AUTOCLEAR' undeclared (first use in this function)

	Unfortunately, the kernel folks only made it an enum, rather than
	also a #define, so we have to modify configure.ac to record when
	it is usable.

	* configure.ac (with_lxc): Mark when LO_FLAGS_AUTOCLEAR was found.
	* src/util/virfile.c (virFileLoopDeviceAssociate): Avoid
	compilation when kernel is too old.

2012-08-21  Ján Tomko  <jtomko@redhat.com>

	command: avoid double close in virExecWithHook
	Fix possible double close in the child process after the fork in case
	infd and outfd are equal, just like they are after being called from
	virNetSocketNewConnectCommand.

2012-08-21  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: provide basic support for firewalld
	This patch provides basic support for using firewalld's firewall-cmd
	rather than then plain eb/ip(6)tables commands.

2012-08-21  Thomas Woerner  <twoerner@redhat.com>

	network: use firewalld instead of iptables, when available
	* configure.ac, spec file: firewalld defaults to enabled if dbus is
	  available, otherwise is disabled. If --with_firewalld is explicitly
	  requested and dbus is not available, configure will fail.

	* bridge_driver: add dbus filters to get the FirewallD1.Reloaded
	  signal and DBus.NameOwnerChanged on org.fedoraproject.FirewallD1.
	  When these are encountered, reload all the iptables reuls of all
	  libvirt's virtual networks (similar to what happens when libvirtd is
	  restarted).

	* iptables, ebtables: use firewall-cmd's direct passthrough interface
	  when available, otherwise use iptables and ebtables commands. This
	  decision is made once the first time libvirt calls
	  iptables/ebtables, and that decision is maintained for the life of
	  libvirtd.

	* Note that the nwfilter part of this patch was separated out into
	  another patch by Stefan in V2, so that needs to be revised and
	  re-reviewed as well.

	================

	All the configure.ac and specfile changes are unchanged from Thomas'
	V3.

	V3 re-ran "firewall-cmd --state" every time a new rule was added,
	which was extremely inefficient.  V4 uses VIR_ONCE_GLOBAL_INIT to set
	up a one-time initialization function.

	The VIR_ONCE_GLOBAL_INIT(x) macro references a static function called
	vir(Ip|Eb)OnceInit(), which will then be called the first time that
	the static function vir(Ip|Eb)TablesInitialize() is called (that
	function is defined for you by the macro). This is
	thread-safe, so there is no chance of any race.

	IMPORTANT NOTE: I've left the VIR_DEBUG messages in these two init
	functions (one for iptables, on for ebtables) as VIR_WARN so that I
	don't have to turn on all the other debug message just to see
	these. Even if this patch doesn't need any other modification, those
	messages need to be changed to VIR_DEBUG before pushing.

	This one-time initialization works well. However, I've encountered
	problems with testing:

	1) Whenever I have enabled the firewalld service, *all* attempts to
	call firewall-cmd from within libvirtd end with firewall-cmd hanging
	internally somewhere. This is *not* the case if firewall-cmd returns
	non-0 in response to "firewall-cmd --state" (i.e. *that* command runs
	and returns to libvirt successfully.)

	2) If I start libvirtd while firewalld is stopped, then start
	firewalld later, this triggers libvirtd to reload its iptables rules,
	however it also spits out a *ton* of complaints about deletion failing
	(I suppose because firewalld has nuked all of libvirt's rules). I
	guess we need to suppress those messages (which is a more annoying
	problem to fix than you might think, but that's another story).

	3) I noticed a few times during this long line of errors that
	firewalld made a complaint about "Resource Temporarily
	unavailable. Having libvirtd access iptables commands directly at the
	same time as firewalld is doing so is apparently problematic.

	4) In general, I'm concerned about the "set it once and never change
	it" method - if firewalld is disabled at libvirtd startup, causing
	libvirtd to always use iptables/ebtables directly, this won't cause
	*terrible* problems, but if libvirtd decides to use firewall-cmd and
	firewalld is later disabled, libvirtd will not be able to recover.

2012-08-21  Jiri Denemark  <jdenemar@redhat.com>

	sanlock: Provide better error if lockspace directory is missing
	Generating "Unable to add lockspace /lock/space/dir/__LIBVIRT__DISKS__:
	No such file or directory" is correct but not exactly clear. This patch
	changes the error message to "Unable to create lockspace
	/lock/space/dir/__LIBVIRT__DISKS__: parent directory does not exist or
	is not a directory".

	daemon: Autodetect lock driver directory
	When running libvirtd from a build directory, libvirtd would load lock
	drivers from system directory unless explicitly overridden by setting
	LIBVIRT_LOCK_MANAGER_PLUGIN_DIR environment variable. Since we already
	autodetect driver directory if libvirt is build with driver modules, we
	can use the same trick to automagically set lock driver directory.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: split driver_storage into convenience library
	Commit 1d22ba95 was complete at the time, but we have since
	reintroduced a warning that is fixed in the same manner:

	  CCLD   storagebackendsheepdogtest

	*** Warning: Linking the executable storagebackendsheepdogtest against the loadable module
	*** libvirt_driver_storage.so is not portable!

	* src/Makefile.am (libvirt_driver_storage.la): Factor into new
	convenience library libvirt_driver_storage_impl.la.
	* tests/Makefile.am (storagebackendsheepdogtest_LDADD): Link to
	convenience library, not shared library.

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: silence stupid gcc warning on STREQ_NULLABLE
	Our existing STRNEQ_NULLABLE() triggered a warning in gcc 4.7 when
	used with a literal NULL argument:

	qemumonitorjsontest.c: In function 'testQemuMonitorJSONGetMachines':
	qemumonitorjsontest.c:289:5: error: null argument where non-null required (argument 1) [-Werror=nonnull]

	even though the strcmp is provably dead when a null argument is
	present.  Squelch the warning by refactoring things so that gcc
	never sees strcmp() called with NULL arguments (we still compare
	NULL as not equal to "", this rewrite merely aids gcc).

	Next, gcc has a valid warning about a literal NULLSTR(NULL):

	qemumonitorjsontest.c:289:5: error: invalid application of 'sizeof' to a void type [-Werror=pointer-arith]

	Of course, you'd never write NULLSTR(NULL) directly, but it is
	handy to use through macros.  But the entire part about verify_true()
	is unnecessary - gcc already warns about type mismatch with ?:,
	without needing to make it more complex.

	* src/internal.h (STREQ_NULLABLE, STRNEQ_NULLABLE): Avoid gcc 4.7
	stupidity.
	(NULLSTR): Simplify, to allow passing compile-time constants.

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix parsing of uid/gid on Mingw32
	The DAC security driver uses the virStrToLong_ui function to
	parse the uid/gid out of the seclabel string. This works on
	Linux where 'uid_t' is an unsigned int, but on Mingw32 it is
	just an 'int'. This causes compiler warnings about signed/
	unsigned int pointer mis-match.

	To avoid this, use explicit 'unsigned int ouruid' local
	vars to pass into virStrToLong_ui, and then simply assign
	to the 'uid_t' type after parsing

2012-08-21  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: Use libssh2 driver code in remote driver
	This patch adds URI options to support libssh2 transport in the remote
	driver.

	A new transport sceme is introduced eg. "qemu+libssh2://..." that
	utilizes the libssh2 code added in previous patches.

	The libssh2 code requires the authentication callback to be able to
	perform keyboard-interactive authentication or to ask t passprhases or
	add host keys to known hosts database.

	Added URI components:
	- known_hosts -  path to a knownHosts file in OpenSSH format to check
	                 for known ssh host keys
	- known_hosts_verify - how to deal with server key verification:
	                            * "normal" (default) - ask to add new keys
	                            * "auto" - automaticaly add new keys
	                            * "ignore" - don't validate host keys
	- sshauth - authentication methods to use. Default is
	            "agent,privkey,keyboard-interactive". It's a comma separated
	            string of methods to try while authenticating. The order is
	            preserved. Some of the methods may require additional
	            parameters.

	Locations of the known_hosts file and private keys are set to default
	values if they're present. (~/.ssh/known_hosts, ~/.ssh/id_rsa,
	                            ~/.ssh/id_dsa)

2012-08-21  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: Add libssh2 session support to net client code
	This patch adds a glue layer to enable using libssh2 code with the
	network client code.

	As in the original client implementation, shell code is sent to the
	server to detect correct options for netcat and connect to libvirt's
	unix socket.

2012-08-21  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: add ssh context support to virNetSocket
	This patch enables virNetSocket to be used as an ssh client when
	properly configured.

	This patch adds function virNetSocketNewConnectLibSSH2() that takes all
	needed parameters and creates a libssh2 session and performs steps
	needed to open the connection and then create a virNetSocket that
	seamlesly encapsulates the communication.

2012-08-21  Peter Krempa  <pkrempa@redhat.com>

	libssh2_transport: add main libssh2 transport implementation
	This patch adds helper functions that enable us to use libssh2 in
	conjunction with libvirt's virNetSockets for ssh transport instead of
	spawning "ssh" client process.

	This implemetation supports tunneled plaintext, keyboard-interactive,
	private key, ssh agent based and null authentication. Libvirt's Auth
	callback is used for interaction with the user. (Keyboard interactive
	authentication, adding of host keys, private key passphrases). This
	enables seamless integration into the application using libvirt. No
	helpers as "ssh-askpass" are needed.

	Reading and writing of OpenSSH style "known_hosts" files is supported.

	Communication is done using SSH exec channel, where the user may specify
	arbitrary command to be executed on the remote side and reads and writes
	to/from stdin/out are sent through the ssh channel. Usage of stderr is
	not (yet) supported.

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for SELinux label generation
	This test case validates the correct generation of SELinux labels
	for VMs, wrt the current process label. Since we can't actually
	change the label of the test program process, we create a shared
	library libsecurityselinuxhelper.so which overrides the getcon()
	and setcon() libselinux.so functions. When started the test case
	will check to see if LD_PRELOAD is set, and if not, it will
	re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Honour current sensitivity and category ranges in SELinux label generation
	Currently the dynamic label generation code will create labels
	with a sensitivity of s0, and a category pair in the range
	0-1023. This is fine when running a standard MCS policy because
	libvirtd will run with a label

	  system_u:system_r:virtd_t:s0-s0:c0.c1023

	With custom policies though, it is possible for libvirtd to have
	a different sensitivity, or category range. For example

	  system_u:system_r:virtd_t:s2-s3:c512.c1023

	In this case we must assign the VM a sensitivity matching the
	current lower sensitivity value, and categories in the range
	512-1023

2012-08-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix regression generating image context
	The code to refactor sec label handling accidentally changed the
	SELinux driver to use the 'domain_context' when generating the
	image label instead of the 'file_context'

2012-08-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: modify 3 error messages
	After the cleanup of remote display port allocation, I noticed some
	messages that didn't make a lot of sense the way they were written. So
	I rephrased them.

2012-08-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: configurable remote display port boundaries
	The defines QEMU_REMOTE_PORT_MIN and QEMU_REMOTE_PORT_MAX were used to
	find free port when starting domains. As this was hard-coded to the
	same ports as default VNC servers, there were races with these other
	programs. This patch includes the possibility to change the default
	starting port as well as the maximum port (mostly for completeness) in
	qemu config file.

	Support for two new config options in qemu.conf is added:
	 - remote_port_min (defaults to QEMU_REMOTE_PORT_MIN and
	   must be >= than this value)
	 - remote_port_max (defaults to QEMU_REMOTE_PORT_MAX and
	   must be <= than this value)

2012-08-21  Martin Kletzander  <mkletzan@redhat.com>

	qemu: Unify port-wise SPICE and VNC behavior
	Port allocations for SPICE and VNC behave almost the same (with
	default ports), but there is some mess in the code. This patch clears
	these inconsistencies and makes sure the same behavior will be used
	when ports for remote displays are changed.

	Changes:
	 - hard-coded number 5900 removed (handled elsewhere like with VNC)
	 - reservedVNCPorts renamed to reservedRemotePorts (it's not just for
	   VNC anymore)
	 - QEMU_VNC_PORT_{MIN,MAX} renamed to QEMU_REMOTE_PORT_{MIN,MAX}
	 - port allocation unified for VNC and SPICE

2012-08-21  Eric Blake  <eblake@redhat.com>

	build: fix build with autoconf 2.59
	Commit 350583c8 broke development on a RHEL 5 box, where the
	ancient Autoconf 2.59 lacks AS_VERSION_STRING.  Rather than
	backport the complex awk script that newer autoconf uses for
	true strverscmp comparisons from the shell, it was easier to
	just open-code a shell case statement.

	* configure.ac (qemu_version): Open-code a replacement for
	AS_VERSION_CHECK.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-volume.c
	Last of the file splits.

	* tools/virsh-volume.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-volume.c: Likewise.
	(vshCommandOptVolBy): Fix flag usage.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-snapshot.c
	Almost done with the splits.

	* tools/virsh-snapshot.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-snapshot.c: Likewise.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-secret.c
	One of the simpler splits.

	* tools/virsh-secret.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-secret.c: Likewise.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-pool.c
	More in a series of file splits.

	* tools/virsh-pool.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-pool.c: Likewise.
	(virCommandOptPoolBy): Fix flag usage.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-nwfilter.c
	Yet another split file.

	* tools/virsh-nwfilter.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-nwfilter.c: Likewise.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-nodedev.c
	Another worthwhile split, needed one more public function.

	* tools/virsh-nodedev.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh-nodedev.c: Use new header.
	* tools/virsh.c: Likewise.
	(vshTreePrint): Export.
	* tools/virsh.h (vshTreePrint): Declare.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-network.c
	Another relatively easy file split.

	* tools/virsh-network.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-network.c: Likewise.
	(vshCommandOptNetworkBy): Update signature.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-interface.c
	Another relatively easy split, since helper functions were fixed
	in the previous patch.

	* tools/virsh-interface.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.c: Use new header.
	* tools/virsh-interface.c: Likewise.
	(vshCommandOptInterfaceBy): Check flags.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: declare more common functions
	In preparation for splitting virsh-interface.c, I found these
	functions need to be declared in virsh.h, as well as one that
	belongs more properly in virsh-domain.h.  Also, since we
	use the VSH_BY* flags in more than one function, I improved
	how they are used.

	* tools/virsh.h (vshNameSorter, vshCmdHasOption): Declare.
	(VSH_BYID): Turn into enum.
	(vshCommandOptDomainBy): Move...
	* tools/virsh-domain.h): ...here.
	* tools/virsh.c: (vshNameSorter): Export.
	(cmd_has_option): Rename...
	(vshCmdHasOption): ...and export.
	(vshCommandOptDomainBy): Move...
	* tools/virsh-domain.c (vshCommandOptDomainBy): ...here, adjust
	signature, and check flags.
	* tools/virsh-network.c (vshCommandOptNetworkBy): Update callers.
	* tools/virsh-nwfilter.c (vshCommandOptNWFilterBy): Likewise.
	* tools/virsh-secret.c (vshCommandOptSecret): Likewise.
	* tools/virsh-domain-monitor.c (includes): Likewise.
	* tools/virsh-host.c (includes): Likewise.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-host.c
	The splits are getting easier, with fewer cleanups needed in virsh.h.

	* tools/virsh-host.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh-host.c: Use new header.
	* tools/virsh.c: Likewise.

2012-08-21  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-domain-monitor.c
	Another file worth compiling on its own instead of by .c inclusion.

	* tools/virsh-domain-monitor.h: New file.
	* tools/Makefile.am (virsh_SOURCES): Build it.
	* tools/virsh.h (vshGetDomainDescription): Move to correct
	header.
	* tools/virsh-domain-monitor.c: Use new header.
	* tools/virsh.c: Likewise.
	* tools/virsh-domain.c: Likewise.

2012-08-20  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Update the remote API
	This patch updates libvirt's API to allow applications to inspect the
	full list of security labels of a domain.

	Support for multiple default security drivers in QEMU config
	This patch updates the key "security_driver" in QEMU config to suport
	both a sigle default driver or a list of default drivers. This ensures
	that it will remain compatible with older versions of the config file.

	Update security layer to handle many security labels
	These changes make the security drivers able to find and handle the
	correct security label information when more than one label is
	available. They also update the DAC driver to be used as an usual
	security driver.

	Multiple security drivers in XML data
	This patch updates the domain and capability XML parser and formatter to
	support more than one "seclabel" element for each domain and device. The
	RNG schema and the tests related to this are also updated by this patch.

	Internal refactory of data structures
	This patch updates the structures that store information about each
	domain and each hypervisor to support multiple security labels and
	drivers. It also updates all the remaining code to use the new fields.

2012-08-20  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	selinux: Fix incorrect object label generation.
	This is a fix for the object label generation. It uses a new flag for
	virSecuritySELinuxGenNewContext that specifies whether the context is
	for an object. If so the context role remains unchanged.
	Without this fix it is not possible to start domains with image file or
	block device backed storage when selinux is enabled.

2012-08-20  Eric Blake  <eblake@redhat.com>

	virsh: drop unused headers
	The previous commit now trips up 'make syntax-check' due to a useless
	use of <signal.h>.

	* tools/virsh.c (includes): Drop useless includes.

2012-08-20  Eric Blake  <eblake@redhat.com>

	maint: prohibit translations in testsuite
	Nothing in the testsuite or examples directory should be translated,
	as it is not part of the normally installed binary.  We already
	meet this rule, but enforcing it will make it easier to remember.

	Suggested by Daniel P. Berrange.

	* cfg.mk (sc_prohibit_useless_translation): Enhance rule.

2012-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix build of virsh on Win32 by moving SA_SIGINFO stub
	On Win32 SA_SIGINFO is not defined, so virsh.c stub'd it out
	to 0, but recent changes moved the usage out of virsh.c and
	into virsh-domain.c

2012-08-20  Eric Blake  <eblake@redhat.com>

	virsh: use common namespacing
	Convert the exported items in virsh.h to use a common 'vsh' prefix.

	* tools/virsh.h (VIRSH_MAX_XML_FILE): Rename...
	(VSH_MAX_XML_FILE): ...and parenthesize.
	(DIFF_MSEC, CTRL_CLOSE_BRACKET): Delete.
	(vshUsage, vshInit, vshDeinit, vshParseArgv): Remove prototype.
	(editWriteToTempFile, editFile, editReadBackFile, prettyCapacity)
	(virshReportError): Rename...
	(vshEditWriteToTempFile, vshEditFile, vshEditReadBackFile)
	(vshPrettyCapacity, vshReportError): ...into vsh namespace.
	(jobWatchTimeoutFunc): Move to virsh-domain.c.
	* tools/virsh.c (vshCommandRun): Inline former DIFF_MSEC.
	(main): Inline former CTRL_CLOSE_BRACKET.
	(vshUsage, vshInit, vshDeinit, vshParseArgv): Make static.
	(prettyCapacity, virshReportError, editWriteToTempFile, editFile):
	Fix naming, and adjust usage.
	(vshAskReedit, vshCommandRun, vshEventLoop, vshInit): Adjust
	usage.
	* tools/virsh-domain.c (cmdAttachDevice, cmdCPUCompare)
	(cmdCPUBaseline, cmdCreate, cmdDefine, cmdDetachDevice)
	(cmdUpdateDevice, cmdDesc, cmdUndefine, cmdStart, cmdVcpucount)
	(cmdAttachDevice, cmdDomjobinfo): Likewise.
	* tools/virsh-edit.c (do): Likewise.
	* tools/virsh-interface.c (cmdInterfaceDefine): Likewise.
	* tools/virsh-network.c (cmdNetworkCreate, cmdNetworkDefine):
	Likewise.
	* tools/virsh-nodedev.c (cmdNodeDeviceCreate): Likewise.
	* tools/virsh-nwfilter.c (cmdNWFilterDefine): Likewise.
	* tools/virsh-pool.c (cmdPoolCreate, cmdPoolDefine)
	(cmdPoolDiscoverSources, cmdPoolList): Likewise.
	* tools/virsh-secret.c (cmdSecretDefine): Likewise.
	* tools/virsh-snapshot.c (cmdSnapshotCreate, vshSnapshotCreate)
	(vshLookupSnapshot, cmdSnapshotEdit, cmdSnapshotCurrent)
	(vshGetSnapshotParent): Likewise.
	* tools/virsh-volume.c (cmdVolCreate, cmdVolCreateFrom)
	(cmdVolInfo, cmdVolList): Likewise.

2012-08-20  Daniel P. Berrange  <berrange@redhat.com>

	Add support for creating sockets & RPC servers from a pre-opened fd
	In order to support systemd socket based activation, it needs to
	be possible to create virNetSocketPtr and virNetServerServicePtr
	instance from a pre-opened file descriptor

	Refactor impl of the virNetServerClientNew method
	In preparation for adding further constructors, refactor
	the virNetServerClientNew method to move most of the code
	into a common virNetServerClientNewInternal helper API.

	Refactor the way new clients are registered with the server
	Currently the virNetServerDispatchNewClient both creates the
	virNetServerClientPtr instance and registers it with the
	virNetServerPtr internal state. Split the client registration
	code out into a separate virNetServerAddClient method to
	allow future reuse from other contexts

	Make Win32 stub of vshAskReedit non-static
	The main impl of vshAskReedit is non-static, so the Win32
	stub must be the same

	Fix syntax-check failures wrt virsh
	* cfg.mk: Whitelist virsh.h instead of virsh.c for strcasecmp check
	* tools/virsh-domain.h, tools/virsh.h: Fix #define indentation

2012-08-18  Eric Blake  <eblake@redhat.com>

	virsh: kill some double underscores
	C99 says that __foo naming is reserved for the compiler.  Besides,
	we had several different styles in use; this consolidates things
	to set up the typedefs up front then declare the types with
	consistent naming.

	* tools/virsh.h: Use consistent struct naming.
	* tools/virsh.c (_vshCommandParser): Likewise.

2012-08-18  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh-domain.c
	The virsh-domain.c file was pretty self-contained; the only
	entry point was the table of command definitions.  The bulk
	of this patch is making more functions in virsh.c reusable.
	A later patch will clean up poor naming choices.

	* tools/Makefile.am (virsh_SOURCES): Build virsh-domain.c.
	* tools/virsh-domain.h: New file.
	* tools/virsh.h (virshReportError, vshResetLibvirtError)
	(vshAskReedit, vshStreamSink): Declare.
	* tools/virsh.c: Switch from using .c to .h.
	(virshReportError, vshResetLibvirtError, vshAskReedit)
	(vshStreamSink, prettyCapacity): Export.
	(vshCatchInt): Move...
	* tools/virsh-domain.c: ...into sole user.  Use header.

2012-08-18  Eric Blake  <eblake@redhat.com>

	virsh: split out virsh.h
	Having one .c file include another does not give any compilation
	benefits; move towards modular .o files by first splitting out
	reused declarations into a new virsh.h.  This patch doesn't try
	very hard to see which functions are used or not, to make it
	easier to review the file split.  Future patches can further trim
	the header to be smaller.

	* tools/Makefile.am (virsh_SOURCES): List new file, and prepare
	for others.
	* tools/virsh.c: Split declarations...
	* tools/virsh.h: ...into new file, and make several functions
	non-static.
	* tools/virsh-domain-monitor.c (vshGetDomainDescription): Make
	non-static.

2012-08-18  Eric Blake  <eblake@redhat.com>

	virsh: move vshWatchJob earlier
	It's easier to order things in topological order than it is to
	forward declare in one file for use only by one other file.

	* tools/virsh.c (vshWatchJob, parseRateStr)
	(vshDomainStateToString, vshDomainStateReasonToString)
	(vshDomainControlStateToString, vshDomainVcpuStateToString): Drop
	useless prototypes.
	* tools/virsh-domain.c (vshWatchJob): Move earlier.

2012-08-17  Shradha Shah  <sshah@solarflare.com>

	qemu: support netdevs from <forward mode='hostdev'> networks
	For network devices allocated from a network with <forward
	mode='hostdev'>, there is a need to add the newly minted hostdev to
	the hostdevs array.

	In this case we also need to call qemuPrepareHostDevices just for this
	one device, as the standard call to initialize all the hostdevs that
	were defined directly in the domain's configuration has already been
	made by the time we allocate a device from a libvirt network, and thus
	have something that needs initializing.

2012-08-17  Shradha Shah  <sshah@solarflare.com>

	network: support <forward mode='hostdev'> in network driver
	This patch updates the network driver to properly utilize the new
	attributes/elements that are now in virNetworkDef

	conf: add function virDevicePCIAddressEqual
	This function is needed by the network driver in a later commit.
	It is useful in functions like networkNotifyActualDevice and
	networkReleaseActualDevice

	network: return netdev name or pci addr of the VF in actualDevice
	The network pool should be able to keep track of both network device
	names and PCI addresses, and return the appropriate one in the
	actualDevice when networkAllocateActualDevice is called.

	conf: parser/formatter/rng for <forward mode='hostdev'>
	This patch introduces the new forward mode='hostdev' along with
	attribute managed. Includes updates to the network RNG and new xml
	parser/formatter code.

	network: helper function to create interface pool from PF
	Existing code that creates a list of forwardIfs from a single PF
	was moved to the new utility function networkCreateInterfacePool.
	No functional change.

2012-08-17  Shradha Shah  <sshah@solarflare.com>

	conf: move DevicePCIAddress functions to separate file
	Move the functions the parse/format, and validate PCI addresses to
	their own file so they can be conveniently used in other places
	besides device_conf.c

	Refactoring existing code without causing any functional changes to
	prepare for new code.

	This patch makes the code reusable.

2012-08-17  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance documentation of log_filters
	Also make sure documentation in libvirtd.conf matches the one from
	logging.html.

	conf: Fix ABI stability check for spicevmc channel
	Change device type of a virtio channel from/to spicevmc is not a user
	visible change. However, spicevmc channels use different default target
	name than other virtio channels. To maintain ABI stability during this
	change target name must be explicitly specified (and equal) in both
	configurations.

2012-08-17  Kyle Mestery  <kmestery@cisco.com>

	network: add support for setting VLANs on Open vSwitch ports
	Add the ability to support VLAN tags for Open vSwitch virtual port
	types. To accomplish this, modify virNetDevOpenvswitchAddPort and
	virNetDevTapCreateInBridgePort to take a virNetDevVlanPtr
	argument. When adding the port to the OVS bridge, setup either a
	single VLAN or a trunk port based on the configuration from the
	virNetDevVlanPtr.

2012-08-17  Osier Yang  <jyang@redhat.com>

	Fix the indentions of libvirt.h.in
	Substitute 2 spaces with 4 spaces instead.

2012-08-17  Osier Yang  <jyang@redhat.com>

	qemu: Set swap_hard_limit before hard_limit
	Setting hard_limit larger than previous swap_hard_limit must fail,
	it's not that good if one wants to change the swap_hard_limit
	and hard_limit together. E.g.

	% virsh memtune rhel6
	hard_limit     : 1000000
	soft_limit     : 1000000
	swap_hard_limit: 1000000

	% virsh memtune rhel6 --hard-limit 1000020 --soft-limit 1000020 \
	--swap-hard-limit 1000020 --live

	This patch reorder the limits setting to set the swap_hard_limit
	first, hard_limit then, and soft_limit last if it's greater than
	current swap_hard_limit. And soft_limit first, hard_limit then,
	swap_hard_limit last, if not.

2012-08-17  Eric Blake  <eblake@redhat.com>

	build: fix syntax check during 'make distcheck'
	'make distcheck' was failing because a syntax check file,
	.sc-start-sc_vulnerable_makefile_CVE-2012-3386, got left
	behind.  I traced it to the 'distdir' rule depending on a
	shortcut syntax-check name rather than the full rule name
	normally used during 'local-check' from maint.mk.

	* cfg.mk (distdir): Depend on full rule, not shorthand name.

2012-08-17  Eric Blake  <eblake@redhat.com>

	build: ship stamp files
	'make distcheck' fails because the generated ESX and HyperV files
	are (intentionally) marked read-only, but since the stamp file was
	missing, make assumes they need to be rebuilt.  Shipping the stamp
	file solves the problem.

	* src/Makefile.am (EXTRA_DIST): Ship stamp files.

2012-08-16  Laine Stump  <laine@laine.org>

	qemu: support setting vlan tag for <interface type='hostdev'>
	The underlying function to set the vlan tag of an SR-IOV network
	device was already in place (although an extra patch to save/restore
	the original vlan tag was needed), and recent patches added the
	ability to configure a vlan tag. This patch just ties those two
	together.

	An SR-IOV device doesn't support vlan trunking, so if anyone tries to
	configure more than a single tag, or set the trunk flag, and error is
	logged.

2012-08-16  Laine Stump  <laine@laine.org>

	util: properly save/restore original vlan tag for VFs
	When a network device that is a VF of an SR-IOV card was assigned to a
	guest using <interface type='hostdev'>, only the MAC address was being
	saved/restored, but the VLAN tag was left untouched. Up to now we
	haven't actually used vlan tags on SR-IOV devices, so the guest would
	have used whatever was set, and left it the same at the end.

	The patch following this one will hook up the <vlan> element from the
	interface config, so save/restore of the device state needs to also
	include the vlan tag.

	MAC address is being saved as a simple ASCII string in a file named
	for the device under /var/run.  The VLAN tag is now just added at the
	end of that file, after a newline. It might be nicer if the file was
	XML (in case it ever gets more complicated) but at the moment there's
	nothing else on the horizon, and this makes backward compatibility
	easier.

2012-08-16  Osier Yang  <jyang@redhat.com>

	qemu: Ensure the cpuset is formatted as expected before passing to cgroup
	The parameter value for cpuset could be in special format like
	"0-10,^7", which is not recognized by cgroup. This patch is to
	ensure the cpuset is formatted as expected before passing it to
	cgroup. As a side effect, after the patch, it parses the cpuset
	early before cgroup setting, to avoid the rollback if cpuset
	parsing fails afterwards.

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix WIN32 conditional for disabling console command
	The '#endif' for a WIN32 conditional was placed one function
	too high, leaving the impl of the console command enabled
	and referencing functions that were disabled

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Move some SASL symbols into libvirt_sasl.syms
	Previous commit:

	  commit 9093ab77345767f741304aa0adb02adbbe766f14
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Jul 18 17:03:17 2012 +0100

	    Add lots of internal symbols to libvirt_private.syms

	mistakenly put some conditional SASL symbols in libvirt_private.syms
	instead of libvirt_sasl.syms

2012-08-15  Eric Blake  <eblake@redhat.com>

	build: avoid warnings on older gcc
	A previous patch (c606671a) pulled in a newer version of
	stat-time.h from gnulib, which causes some warnings in older gcc:

	  CC     libvirt_driver_storage_la-storage_backend.lo
	cc1: warnings being treated as errors
	In file included from ../../src/storage/storage_backend.c:59:
	../../gnulib/lib/stat-time.h:55: error: no previous prototype for 'get_stat_atime_ns' [-Wmissing-prototypes]

	Upstream gnulib argues that these warnings are stupid (and I agree;
	see <http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54113>), and has
	used a modern gcc feature (#pragma GCC diagnostic push) to avoid the
	warning.  But we still aim to compile on RHEL 6.3, with gcc 4.4.6
	(not to mention even older platforms like RHEL 5), and therefore
	the warning trips up our default of development with -Werror.

	It took me a while to figure out how to make our set of warnings
	smaller on older gcc without losing the benefit of the warnings
	when using newer gcc (such as the one on Fedora 17), but this
	should do the trick.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Avoid
	warnings that gnulib can't silence on older gcc.

2012-08-15  Laine Stump  <laine@laine.org>

	network: make network driver vlan-aware
	The network driver now looks for the vlan element in network and
	portgroup objects, and logs an error at network define time if a vlan
	is requested for a network type that doesn't support it. (Currently
	vlan configuration is only supported for openvswitch networks, and
	networks used to do hostdev assignment of SR-IOV VFs.)

	At runtime, the three potential sources of vlan information are
	examined in this order: interface, chosen portgroup, network, and the
	first that is non-empty is used.  Another check for valid network type
	is made at this time, since the interface may have requested a vlan (a
	legal thing to have in the interface config, since it's not known
	until runtime if the chosen network will actually support it).

	Since we must also check for domains requesting vlans for unsupported
	connection types even if they are type='network', and since
	networkAllocateActualDevice() is being called in exactly the correct
	places, and has all of the necessary information to check, I slightly
	modified the logic of that function so that interfaces that aren't
	type='network' don't just return immediately. Instead, they also
	perform all the same validation for supported features. Because of
	this, it's not necessary to make this identical check in the other
	three places that would normally require it: 1) qemu domain startup,
	2) qemu device hotplug, 3) lxc domain startup.

	This can be seen as a first step in consolidating network-related
	functionality into the network driver, rather than having copies of
	the same code spread around in multiple places; this will make it
	easier to split the network parts off into a separate daemon, as we've
	discussed recently.

2012-08-15  Laine Stump  <laine@laine.org>

	conf: add <vlan> element to network and domain interface elements
	The following config elements now support a <vlan> subelements:

	within a domain: <interface>, and the <actual> subelement of <interface>
	within a network: the toplevel, as well as any <portgroup>

	Each vlan element must have one or more <tag id='n'/> subelements.  If
	there is more than one tag, it is assumed that vlan trunking is being
	requested. If trunking is required with only a single tag, the
	attribute "trunk='yes'" should be added to the toplevel <vlan>
	element.

	Some examples:

	  <interface type='hostdev'/>
	    <vlan>
	      <tag id='42'/>
	    </vlan>
	    <mac address='52:54:00:12:34:56'/>
	    ...
	  </interface>

	  <network>
	    <name>vlan-net</name>
	    <vlan trunk='yes'>
	      <tag id='30'/>
	    </vlan>
	    <virtualport type='openvswitch'/>
	  </network>

	  <interface type='network'/>
	    <source network='vlan-net'/>
	    ...
	  </interface>

	  <network>
	    <name>trunk-vlan</name>
	    <vlan>
	      <tag id='42'/>
	      <tag id='43'/>
	    </vlan>
	    ...
	  </network>

	  <network>
	    <name>multi</name>
	    ...
	    <portgroup name='production'/>
	      <vlan>
	        <tag id='42'/>
	      </vlan>
	    </portgroup>
	    <portgroup name='test'/>
	      <vlan>
	        <tag id='666'/>
	      </vlan>
	    </portgroup>
	  </network>

	  <interface type='network'/>
	    <source network='multi' portgroup='test'/>
	    ...
	  </interface>

	IMPORTANT NOTE: As of this patch there is no backend support for the
	vlan element for *any* network device type. When support is added in
	later patches, it will only be for those select network types that
	support setting up a vlan on the host side, without the guest's
	involvement. (For example, it will be possible to configure a vlan for
	a guest connected to an openvswitch bridge, but it won't be possible
	to do that for one that is connected to a standard Linux host bridge.)

2012-08-15  Laine Stump  <laine@laine.org>

	util: add virNetDevVlanType
	To allow for the possibility of vlan "trunks", which have more than
	one vlan tag associated with them, we need a vlan struct. Since it
	will be used by multiple files in src/util, src/conf, src/network, and
	src/qemu, it must be defined in src/util. Unfortunately there isn't
	currently a common file for simple netdev data definitions, so I
	created a new file.

2012-08-15  Laine Stump  <laine@laine.org>

	schema: fix some problems in network/interface schemas
	<portgroup> allows a <bandwidth> element, but the schema didn't have
	this. Since this makes for multiple elements in portgroup, they must
	be interleaved.

	<interface type='bridge'> needs to allow <virtualport> elements
	for openvswitch, but the schema didn't allow this.

2012-08-15  Laine Stump  <laine@laine.org>

	util: include memory.h even if WITH_VIRTUALPORT isn't defined
	This caused compilation of virnetdevvportprofile.c to fail on systems
	without IFLA support in netlink (these are netlink commands used to
	configure the VF's of SR-IOV network devices).

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix virJSONValueToString prototype for Mingw32
	Fix build on platforms lacking YAJL library by adding missing
	'bool pretty' parameter to virJSONValueToString.

2012-08-15  Doug Goldstein  <cardoe@cardoe.com>

	Update libvirtd --help output to match code
	Updated the paths that libvirtd --help says are used when run as
	non-root to match what the code actually does.

	Update paths in man page to reflect libvirtd code
	Updated the paths in the man page to reflect what the code in libvirtd
	does. In addition broke out the FILES section into two subsections for
	files used when run as root and files used when run as non-root.
	Provided information about the defaults that libvirtd uses when running
	as non-root and when XDG_CONFIG_HOME and XDG_RUNTIME_DIR are not set in
	the environment.

	Replace unset REMOTE_PID_FILE with proper value
	REMOTE_PID_FILE is no longer used in the source or the build process but
	the man page still used it resulting in no file name being displayed.
	The same value that the libvirtd daemon code uses is now used in the man
	page.

	Fix man page file paths to real paths
	Currently the man page has paths that start with @sysconfdir@,
	@localstatedir@ and @remote_pid_file@. The sed command attempts to
	replace these during the build but unfortunately pod2man gets to the
	files first and escapes the @ character resulting in the sed not
	working. This removes the @ character and makes the paths correct.

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Refactor RPC client private data setup
	Currently there is a hook function that is invoked when a
	new client connection comes in, which allows an app to
	setup private data. This setup will make it difficult to
	serialize client state during process re-exec(). Change to
	a model where the app registers a callback when creating
	the virNetServerPtr instance, which is used to allocate
	the client private data immediately during virNetClientPtr
	construction.

	Add further debugging lines to domain lock manager

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Allow sync IO and keepalives to be skipped in RPC client setup
	Currently the virNetClientPtr constructor will always register
	the async IO event handler and the keepalive objects. In the
	case of the lock manager, there will be no event loop available
	nor keepalive support required. Split this setup out of the
	constructor and into separate methods.

	The remote driver will enable async IO and keepalives, while
	the LXC driver will only enable async IO

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Change interaction when accepting new RPC client connections
	Currently the virNetServerServicePtr is responsible for
	creating the virNetServerClientPtr instance when accepting
	a new connection. Change this so that the virNetServerServicePtr
	merely gives virNetServerPtr a virNetSocketPtr instance. The
	virNetServerPtr can then create the virNetServerClientPtr
	as it desires

	Add APIs for virThreadPoolPtr to query some config params
	It is desirable to be able to query the config params of
	the thread pool, in order to save the server state. Add
	virThreadPoolGetMinWorkers, virThreadPoolGetMaxWorkers
	and virThreadPoolGetPriorityWorkers APIs.

	Allow control over JSON string pretty printing
	While the QEMU monitor/agent do not want JSON strings pretty
	printed, other parts of libvirt might. Instead of hardcoding
	QEMU's desired behaviour in virJSONValueToString(), add a
	boolean flag to control pretty printing

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Change function signature for creating new lock manager instances
	To allow a virLockManagerPtr to be created directly from a
	driver table struct, replace the virLockManagerPluginPtr parameter
	with a virLockDriverPtr parameter.

	* src/locking/domain_lock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Replace plugin param with
	  a driver in virLockManagerNew

2012-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused qemuProcessAutoDestroyRun decl from header
	The qemuProcessAutoDestroyRun function was removed in an earlier
	commit, but the header file declaration was not deleted

2012-08-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add domain configuration example

2012-08-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: cleanup parallelsOpen and fix error message
	Do some cleanup of parallelsOpen, STREQ_NULLABLE can replace
	a lot of checks.

	Also fix error message to be VIR_ERR_INTERNAL_ERROR, the same
	as in other drivers.

2012-08-15  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: change URI to parallels:///system
	Let's change URI to parallels:///system. Parallels Server supports
	creating VMs from non-privileged accounts, but it's not main usage
	scenario and it may be forbidden in the future.

	Also containers, which will be supported by the driver, can be managed
	only by root, so /system path is more suitable for this driver.

2012-08-15  Daniel Veillard  <veillard@redhat.com>

	Adding Sukadev Bhattiprolu

2012-08-15  Sukadev Bhattiprolu  <sukadev@linux.vnet.ibm.com>

	Update documentation for CPU quota/period support for LXC
	Following commit added suport the CPU quota/period to the LXC driver.
	Update the documentation to reflect that.

		commit d9724a81b3c53a40f45bf76067a976cce73ed278
		Author: Daniel P. Berrange <berrange@redhat.com>
		Date:   Thu Nov 10 12:16:26 2011 +0000

		Add support for CPU quota/period to LXC driver

2012-08-15  Osier Yang  <jyang@redhat.com>

	virsh: Add helper to avoid the strcase check for virsh-*.c
	* tools/virsh.c: New macro vshStrcasecmp
	* tools/virsh-domain-monitor.c: Use vshStrcasecmp instead of
	                                strcasecmp
	* tools/virsh-snapshot.c: Likewise
	* cfg.mk: Only avoid doing strcase checking for virsh.c

2012-08-15  Laine Stump  <laine@laine.org>

	conf: log error when encountering multiple filterrefs in interface
	Each interface has a single pointer to a filterref object. That
	filterref can itself point to multiple other filterrefs, but at the
	toplevel there is only one.

	The parser had previously just silently overwritten earlier filterrefs
	when a new one was encountered, so the interface was left with
	whichever was the last filterref in the xml, ignoring all the
	others. This patch logs an error when it sees more than one filterref.

2012-08-15  Laine Stump  <laine@laine.org>

	network: add connections counter to networks
	Just as each physical device used by a network has a connections
	counter, now each network has a connections counter which is
	incremented once for each guest interface that connects using this
	network.

	The count is output in the live network XML, like this:

	   <network connections='20'>
	   ...
	   </network>

	It is read-only, and for informational purposes only - it isn't used
	internally anywhere by libvirt.

2012-08-15  Laine Stump  <laine@laine.org>

	network: change cleanup: to success/cleanup/error: in network*() functions
	A later patch will be adding a counter that will be
	incremented/decremented each time an guest interface starts/stops
	using a particular network. For this to work, all types of networks
	need to go through a common return sequence rather than returning
	early. To setup for this, a new success: label is added (when
	necessary), a new error: label is added which does any cleanup
	necessary only for error returns and then does goto cleanup, and early
	returns are changed to goto error if it's a failure, or goto success
	if it's successful. This way the intent of all the gotos is
	unambiguous, and a successful return path never encounters the
	"error:" label.

	conf: output forward device connections count in network XML
	It may be useful for management applications to know which physical
	network devices are in use by guests. This information is already
	available in the network objects, but wasn't output in the XML. This
	patch outputs it when the INACTIVE flag isn't set (and if it's non-0).

2012-08-15  Laine Stump  <laine@laine.org>

	conf: rename interface "usageCount" to "connections"
	I want to include this count in the xml output of networks, but
	calling it "connections" in the XML sounds better than "usageCount", and it
	would be better if the name in the XML matched the variable name.

	In a few places, usageCount was being initialized to 0, but this is
	unnecessary, because VIR_ALLOC_N zero-fills everything anyway.

2012-08-15  Laine Stump  <laine@laine.org>

	conf: use a unique data type for PF array in virDomainNetDef
	This array was originally defined using the existing
	virNetworkForwardIfDef, but that struct has a UsageCount field that
	isn't used in the case of PFs. This patch just copies that struct and
	removes UsageCount. It ends up being a struct with a single field, but
	I left it as a struct in case we need to add other fields to it in the
	future.

2012-08-14  Eric Blake  <eblake@redhat.com>

	random: link with -lm when needed
	Use of ldexp() requires -lm on some platforms; use gnulib to determine
	this for our makefile.  Also, optimize virRandomInt() for the case
	of a power-of-two limit (actually rather common, given that Daniel
	has a pending patch to replace virRandomBits(10) with code that will
	default to virRandomInt(1024) on default SELinux settings).

	* .gnulib: Update to latest, for ldexp.
	* bootstrap.conf (gnulib_modules): Import ldexp.
	* src/Makefile.am (libvirt_util_la_CFLAGS): Link with -lm when
	needed.
	* src/util/virrandom.c (virRandomInt): Optimize powers of 2.

2012-08-14  Laine Stump  <laine@laine.org>

	network: merge relevant virtualports rather than choosing one
	One of the original ideas behind allowing a <virtualport> in an
	interface definition as well as in the <network> definition *and*one
	or more <portgroup>s within the network, was that guest-specific
	parameteres (like instanceid and interfaceid) could be given in the
	interface's virtualport, and more general things (portid, managerid,
	etc) could be given in the network and/or portgroup, with all the bits
	brought together at guest startup time and combined into a single
	virtualport to be used by the guest. This was somehow overlooked in
	the implementation, though - it simply picks the "most specific"
	virtualport, and uses the entire thing, with no attempt to merge in
	details from the others.

	This patch uses virNetDevVPortProfileMerge3() to combine the three
	possible virtualports into one, then uses
	virNetDevVPortProfileCheck*() to verify that the resulting virtualport
	type is appropriate for the type of network, and that all the required
	attributes for that type are present.

	An example of usage is this: assuming a <network> definitions on host
	ABC of:

	  <network>
	    <name>testA</name>
	    ...
	    <virtualport type='openvswitch'/>
	    ...
	    <portgroup name='engineering'>
	      <virtualport>
	        <parameters profileid='eng'/>
	      </virtualport>
	    </portgroup>
	    <portgroup name='sales'>
	      <virtualport>
	        <parameters profileid='sales'/>
	      </virtualport>
	    </portgroup>
	  </network>

	and the same <network> on host DEF of:

	  <network>
	    <name>testA</name>
	    ...
	    <virtualport type='802.1Qbg'>
	      <parameters typeid="1193047" typeidversion="2"/>
	    </virtualport>
	    ...
	    <portgroup name='engineering'>
	      <virtualport>
	        <parameters managerid="11"/>
	      </virtualport>
	    </portgroup>
	    <portgroup name='sales'>
	      <virtualport>
	        <parameters managerid="55"/>
	      </virtualport>
	    </portgroup>
	  </network>

	and a guest <interface> definition of:

	  <interface type='network'>
	    <source network='testA' portgroup='sales'/>
	    <virtualport>
	      <parameters instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"
	                  interfaceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"\>
	    </virtualport>
	    ...
	  </interface>

	If the guest was started on host ABC, the <virtualport> used would be:

	  <virtualport type='openvswitch'>
	    <parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'
	                profileid='sales'/>
	  </virtualport>

	but if that guest was started on host DEF, the <virtualport> would be:

	    <virtualport type='802.1Qbg'>
	      <parameters instanceid="09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f"
	                  typeid="1193047" typeidversion="2"
	                  managerid="55"/>
	    </virtualport>

	Additionally, if none of the involved <virtualport>s had a specified type
	(this includes cases where no virtualport is given at all),

2012-08-14  Laine Stump  <laine@laine.org>

	conf: support partially-specified <virtualport> in parser and formatter
	Until now, all attributes in a <virtualport> parameter list that were
	acceptable for a particular type, were also required. There were no
	optional attributes.

	One of the aims of supporting <virtualport> in libvirt's virtual
	networks and portgroups is to allow specifying the group-wide
	parameters in the network's virtualport, and merge that with the
	interface's virtualport, which will have the instance-specific info
	(i.e. the interfaceid or instanceid).

	Additionally, the guest's interface XML shouldn't need to know what
	type of network connection will be used prior to runtime - it could be
	openvswitch, 802.1Qbh, 802.1Qbg, or none of the above - but should
	still be able to specify instance-specific info just in case it turns
	out to be applicable.

	Finally, up to now, the parser for virtualport has always generated a
	random instanceid/interfaceid when appropriate, making it impossible
	to leave it blank (which is what's required for virtualports within a
	network/portprofile definition).

	This patch modifies the parser and formatter of the <virtualport>
	element in the following ways:

	* because most of the attributes in a virNetDevVPortProfile are fixed
	  size binary data with no reserved values, there is no way to embed a
	  "this value wasn't specified" sentinel into the existing data. To
	  solve this problem, the new *_specified fields in the
	  virNetDevVPortProfile object that were added in a previous patch of
	  this series are now set when the corresponding attribute is present
	  during the parse.

	* allow parsing/formatting a <virtualport> that has no type set. In
	  this case, all fields are settable, but all are also optional.

	* add a GENERATE_MISSING_DEFAULTS flag to the parser - if this flag is
	  set and an instanceid/interfaceid is expected but not provided, a
	  random one will be generated. This was previously the default
	  behavior, but is now done only for virtualports inside an
	  <interface> definition, not for those in <network> or <portgroup>.

	* add a REQUIRE_ALL_ATTRIBUTES flag to the parser - if this flag is
	  set the parser will call the new
	  virNetDevVPortProfileCheckComplete() functions at the end of the
	  parser to check for any missing attributes (based on type), and
	  return failure if anything is missing. This used to be default
	  behavior. Now it is only used for the virtualport defined inside an
	  interface's <actual> element (by the time you've figured out the
	  contents of <actual>, you should have all the necessary data to fill
	  in the entire virtualport)

	* add a REQUIRE_TYPE flag to the parser - if this flag is set, the
	  parser will return an error if the virtualport has no type
	  attribute. This also was previously the default behavior, but isn't
	  needed in the case of the virtualport for a type='network' interface
	  (i.e. the exact type isn't yet known), or the virtualport of a
	  portgroup (i.e. the portgroup just has modifiers for the network's
	  virtualport, which *does* require a type) - in those cases, the
	  check will be done at domain startup, once the final virtualport is
	  assembled (this is handled in the next patch).

2012-08-14  Laine Stump  <laine@laine.org>

	conf: simplify Buffer Indentation in virDomainNetDefFormat
	This function has several calls to increase the buffer indent by 6,
	then decrease it again, then increase, then decrease. Additionally,
	there were several printfs that had 6 spaces at the beginning of the
	line.

	virDomainActualNetDefFormat, which is called by virDomainNetDefFormat,
	had similar ugliness.

	This patch changes both functions to just increase the indent at the
	beginning, decrease it at (well, just before*) the end, and remove all
	of the occurences of 6/8 spaces at the beginning of lines.

	*The indent had to be reset before the end of the function because
	virDomainDeviceInfoFormat assumes a 0 indent and is called from many
	other places, and I didn't want to do an overhaul of every caller of
	that function. A separate patch to switch all of domain_conf.c would
	be a useful exercise, but my current goal is unrelated to that, so
	I'll leave it for another day.

2012-08-14  Laine Stump  <laine@laine.org>

	conf: make error returns from virDomainActualNetDefFormat consistent
	There was an error: label that simply did "return ret", but ret was
	defaulted to -1, and was never used other than setting it manually to
	0 just before a non-error return. Aside from this, some of the error
	return paths used "goto error" and others used "return ret".

	This patch removes ret and the error: label, and makes all error
	returns just consistently do "return -1".

2012-08-14  Laine Stump  <laine@laine.org>

	conf: move virtPortProfile out of unions in virDomainNetDef
	virtPortProfile is now used by 4 different types of network devices
	(NETWORK, BRIDGE, DIRECT, and HOSTDEV), and it's getting cumbersome to
	replicate so much code in 4 different places just because each type
	has the virtPortProfile in a slightly different place. This patch puts
	a single virtPortProfile in a common place (outside the type-specific
	union) in both virDomainNetDef and virDomainActualNetDef, and adjusts
	the parse and format code (and the few other places where it is used)
	accordingly.

	Note that when a <virtualport> element is found, the parse functions
	verify that the interface is of a type that supports one, otherwise an
	error is generated (CONFIG_UNSUPPORTED in the case of <interface>, and
	INTERNAL in the case of <actual>, since the contents of <actual> are
	always generated by libvirt itself).

2012-08-14  Laine Stump  <laine@laine.org>

	util: utility functions for virNetDevVPortProfile
	This patch adds three utility functions that operate on
	virNetDevVPortProfile objects.

	* virNetDevVPortProfileCheckComplete() - verifies that all attributes
	    required for the type of the given virtport are specified.

	* virNetDevVPortProfileCheckNoExtras() - verifies that there are no
	    attributes specified which are inappropriate for the type of the
	    given virtport.

	* virNetDevVPortProfileMerge3() - merges 3 virtports into a single,
	    newly allocated virtport. If any attributes are specified in
	    more than one of the three sources, and do not exactly match,
	    an error is logged and the function fails.

	These new functions depend on new fields in the virNetDevVPortProfile
	object that keep track of whether or not each attribute was
	specified. Since the higher level parse function doesn't yet set those
	fields, these functions are not actually usable yet (but that's okay,
	because they also aren't yet used - all of that functionality comes in
	a later patch.)

	Note that these three functions return 0 on success and -1 on
	failure. This may seem odd for the first two Check functions, since
	they could also easily return true/false, but since they actually log
	an error when the requested condition isn't met (and should result in
	a failure of the calling function), I thought 0/-1 was more
	appropriate.

2012-08-14  Laine Stump  <laine@laine.org>

	util: add openvswitch case to virNetDevVPortProfileEqual
	This function was overlooked when openvswitch support was
	added. Fortunately it's only use for update-device, which is
	relatively new and seldom-used.

	util: eliminate union in virNetDevVPortProfile
	virNetDevVPortProfile has (had) a type field that can be set to one of
	several values, and a union of several structs, one for each
	type. When a domain's interface object is of type "network", the
	domain config may not know beforehand which type of virtualport is
	going to be provided in the actual device handed down from the network
	driver at runtime, but may want to set some values in the virtualport
	that may or may not be used, depending on the type. To support this
	usage, this patch replaces the union of structs with toplevel fields
	in the struct, making it possible for all of the fields to be set at
	the same time.

	util: make return value of virUUIDFormat and virMacAddrFormat useful
	Both of these functions returned void, but it's convenient for them to
	return a const char* of the char* that is passed in. This was you can
	call the function and use the result in the same expression/arg.

2012-08-14  Eric Blake  <eblake@redhat.com>

	build: fix link error with appArmor
	Commit bb705e25 missed that the appArmor helper file also needs to
	resolve the new symbols dragged in by domain_conf.c.

	* src/Makefile.am (SECURITY_DRIVER_APPARMOR_HELPER_SOURCES): Pull
	in datatypes.c.

2012-08-14  Eric Blake  <eblake@redhat.com>

	maint: drop a leftover comment line
	* tests/viratomictest.c: Fix copy-and-paste bug.

2012-08-14  Dmitry Guryanov  <dguryanov@parallels.com>

	openvz: unlock virDomainObj objects in openvzOpen
	openvzOpen fucntion must leave unlocked virDomainObj objects in
	driver->domains.

	Now even simple commands like list or domain lookup hang,
	for example virsh -c openvz:///system list --all.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Pull code which finds a free MCS label out into its own method
	The code for picking a MCS label is about to get significantly
	more complicated, so it deserves to be in a standlone method,
	instead of a switch/case body.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Honour current user and role in SELinux label generation
	When generating an SELinux context for a VM from the template
	"system_u:system_r:svirt_t:s0", copy the role + user from the
	current process instead of the template context. So if the
	current process is

	   unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

	then the VM context ends up as

	  unconfined_u:unconfined_r:svirt_t:s0:c386,c703

	instead of

	   system_u:system_r:svirt_t:s0:c177,c424

	Ideally the /etc/selinux/targeted/contexts/virtual_domain_context
	file would have just shown the 'svirt_t' type, and not the full
	context, but that can't be changed now for compatibility reasons.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting in virSecuritySELinuxGenNewContext
	The virSecuritySELinuxGenNewContext method was not reporting any
	errors, leaving it up to the caller to report a generic error.
	In addition it could potentially trigger a strdup(NULL) in an
	OOM scenario. Move all error reporting into the
	virSecuritySELinuxGenNewContext method where accurate info
	can be provided

	Use VIR_ERR_CONFIG_UNSUPPORTED if requested security driver is disabled
	There is currently no way to distinguish the case that a requested
	security driver was disabled, from the case where no security driver
	was available. Use VIR_ERR_CONFIG_UNSUPPORTED as the error when an
	explicitly requested security driver was disabled

	Add missing domain_conf.h include in security_manager.h
	The security_manager.h header is not self-contained because it
	uses the virDomainDefPtr without first including domain_conf.h

	Add virRandom() API to generate numbers with non-power-of-2 limit
	The current virRandomBits() API is only usable if the caller wants
	a random number in the range [0, n-1) where n is a power of two.
	This adds a virRandom() API which generates a double in the
	range [0.0,1.0) with 48 bits of entropy. It then also adds a
	virRandomInt(uint32_t max) API which generates an unsigned
	in the range [0,@max)

2012-08-14  Martin Kletzander  <mkletzan@redhat.com>

	util: typos in fallback code fo virDoubleToStr
	Fixes for some typos that somehow didn't get to the final push of the
	commit 43bfa23e6f968be9a8c134a4b5c3cfb6da3816d9.

2012-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix timebomb in LIBVIRT_VERSION_INFO calculation
	The way LIBVIRT_VERSION_INFO is calculated has a timebomb that
	will cause us to accidentally break soname when we change the
	major version number to a non-zero value !

	Given CURRENT:REVISION:AGE, libtool will generate

	   libvirt.so.($CURRENT-$AGE).$AGE.$REVISION

	We set CURRENT to be MAJOR+MINOR and AGE to $MINOR, so as
	soon as MAJOR changes to non-zero, we get libvirt.so.1
	as the soname, eg  1.3.9 would create libvirt.so.1.3.9
	Looks natural but is not ABI compatible with libvirt.so.0.x.y

	The fix is to set CURRENT to always be exactly the same
	as AGE. We want to have the major version reflected in
	the so symlinks though. So then we set AGE to MAJOR*1000+MINOR
	eg, so 1.3.9 would create libvirt.so.0.1003.9 and libvirt
	2.51.3 would create libvirt.so.0.2051.3

2012-08-14  Osier Yang  <jyang@redhat.com>

	Destroy virdomainlist.[ch]
	As the consensus in:
	https://www.redhat.com/archives/libvir-list/2012-July/msg01692.html,
	this patch is to destroy conf/virdomainlist.[ch], folding the
	helpers into conf/domain_conf.[ch].

	* src/Makefile.am:
	  - Various indention fixes incidentally
	  - Add macro DATATYPES_SOURCES (datatypes.[ch])
	  - Link datatypes.[ch] for libvirt_lxc

	* src/conf/domain_conf.c:
	  - Move all the stuffs from virdomainlist.c into it
	  - Use virUnrefDomain and virUnrefDomainSnapshot instead of
	    virDomainFree and virDomainSnapshotFree, which are defined
	    in libvirt.c, and we don't want to link to it.
	  - Remove "if" before "free" the object, as virObjectUnref
	    is in the list "useless_free_options".

	* src/conf/domain_conf.h:
	  - Move all the stuffs from virdomainlist.h into it
	  - s/LIST_FILTER/LIST_DOMAINS_FILTER/

	* src/libxl/libxl_driver.c:
	  - s/LIST_FILTER/LIST_DOMAINS_FILTER/
	  - no (include "virdomainlist.h")

	* src/libxl/libxl_driver.c: Likewise

	* src/lxc/lxc_driver.c: Likewise

	* src/openvz/openvz_driver.c: Likewise

	* src/parallels/parallels_driver.c: Likewise

	* src/qemu/qemu_driver.c: Likewise

	* src/test/test_driver.c: Likewise

	* src/uml/uml_driver.c: Likewise

	* src/vbox/vbox_tmpl.c: Likewise

	* src/vmware/vmware_driver.c: Likewise

	* tools/virsh-domain-monitor.c: Likewise

	* tools/virsh.c: Likewise

2012-08-14  Martin Kletzander  <mkletzan@redhat.com>

	json: fix interface locale dependency
	libvirt creates invalid commands if wrong locale is selected. For
	example with locale that uses comma as a decimal point, JSON commands
	created with decimal numbers are invalid because comma separates the
	entries in JSON. Fortunately even when decimal point is affected,
	thousands grouping is not, because for grouping to be enabled with
	*printf, there has to be an apostrophe flag specified (and supported).

	This patch adds specific internal function for converting doubles to
	strings with C locale.

2012-08-14  Ján Tomko  <jtomko@redhat.com>

	virsh: say save-image-edit failed only when it does
	The common code for editing files in virsh-edit.c expects EDIT_DEFINE to
	return 0 on failure. virDomainSaveImageDefineXML returns 0 on success.

2012-08-14  Asad Saeed  <asad.saeed@acidseed.com>

	sanlock: don't unlink lockspace if registration fails
	This is a patch for bug 847848
	If registering an existing lockspace with the sanlock daemon
	returns an error, libvirt should not proceed to unlink the lockspace.

2012-08-13  Cole Robinson  <crobinso@redhat.com>

	virsh: make 'help' command ignore spurious options
	Similar to the previous patch, prepending 'help' to a partial
	command string doesn't cut us any slack.

	$ virsh help pool-define-as --name foo --type dir
	error: command 'help' doesn't support option --name

	This patch adds a few hacks to make 'help' ignore everything after the
	first data bit, so the above command shows help output for pool-define-as.

2012-08-13  Cole Robinson  <crobinso@redhat.com>

	virsh: Convert '<cmd> --help' to 'help <cmd>'
	Often times I find myself halfway through typing a long command when
	I want to see 'help' output. I instinctively append '--help' to the
	command I'm typing, only to get an error:

	    $ virsh vol-create-as foo --help
	    error: command 'vol-create-as' doesn't support option --help

	This patch makes --help work in a pretty hacky way. One missing piece
	here is that --help isn't listed as an option in the actual 'help <cmd>'
	output, but maybe this can be a starting point for someone.

2012-08-13  Cole Robinson  <crobinso@redhat.com>

	virsh.c: Fix compiler warning
	For some reason I only get this after applying subsequent upcoming
	patches that touch virsh, but don't seem to actually cause the warning.

	virsh.c: In function ‘vshCommandParse’:
	virsh.c:2014:46: error: ‘opt_index’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
	cc1: all warnings being treated as errors

2012-08-13  Cole Robinson  <crobinso@redhat.com>

	build: Distribute check-symfile.pl
	Otherwise distcheck can fail with:

	  GEN      check-symfile
	  Can't open perl script "../../src/check-symfile.pl": No such file or directory
	  make[4]: *** [check-symfile] Error 2

2012-08-13  Eric Blake  <eblake@redhat.com>

	maint: add attribution for last patch
	* AUTHORS: Add Frido Roose.

2012-08-13  Frido Roose  <frido.roose@gmail.com>

	Release only specific sanlock resource
	This is a patch for bug 826704
	All sanlock resources get released when hot-dettaching a disk from the domain
	because virLockManagerSanlockRelease uses the wrong function parameters/flags.
	With the patch only the resources that should be released are cleaned up.

2012-08-11  Peter Krempa  <pkrempa@redhat.com>

	virterror: Add error message for unsupported operations.
	This patch introduces a new error code VIR_ERR_OPERATION_UNSUPPORTED to
	mark error messages regarding operations that failed due to lack of
	support on the hypervisor or other than libvirt issues.

	The code is first used in reporting error if qemu does not support block
	IO tuning variables yielding error message:
	error: Unable to get block I/O throttle parameters
	error: Operation not supported: block_io_throttle field
	'total_bytes_sec' missing in qemu's output

	instead of:
	error: Unable to get block I/O throttle parameters
	error: internal error cannot read total_bytes_sec

2012-08-11  Laine Stump  <laine@laine.org>

	build: fix binary location in stap files --with-driver-modules
	libvirt_qemu_probes.stp stopped working after switching to a build
	that used --with-driver-modules. This was because the symbols listed
	int libvirt_qemu_probes.stp are no longer in $(bindir)/libvirtd, but
	are now in $(libdir)/connection-driver/libvirt_driver_qemu.so.

	This patch enhances dtrace2systemtap.pl (which generates the .stp
	files from .d files) to look for a new "module" setting in the
	comments of the .d file (similar to the existing "binary" setting),
	and to look for a --with-modules option. If the --with-modules option
	is set *and* a "module" setting is present in the .d file, the process
	name for the stap line is set to

	   $libdir/$module

	If either of these isn't true, it reverts to the old behavior.

	src/Makefile.am was also modified to add the --with-modules option
	when the build calls for it, and src/libvirt_qemu_probes.d has added a
	"module" line pointing to the correct .so file for the qemu driver.

2012-08-10  Martin Kletzander  <mkletzan@redhat.com>

	docs/virsh: various minor fixes
	List:
	 - some old libvir/libvirt rename leftovers (the only problem can be
	   if somebody parses 'virsh version' output really badly)
	 - remove pointless tags specified in some pages that are not used

2012-08-10  Martin Kletzander  <mkletzan@redhat.com>

	docs: autogenerate search.php
	This patch makes search.php autogenerated from search.php.in, thus
	removing hardcoded menus, footer etc. and the search.php is added to
	.gitignore.

	There is new rule added for *.php files (to make it bit less
	hardcoded) that takes *.php.code.in and injects it inside the
	generated *.php (xslt was not happy about php code in the source xml).

2012-08-10  Martin Kletzander  <mkletzan@redhat.com>

	docs: fix 404 page when fetched from different location
	Error 404 page had relative paths specified for both the image and
	stylesheets which caused a problem when requested URL included a
	subfolder (e.g. http://libvirt.org/asdf/asdf ). This patch corrects
	this behaviour by modifying href_base to '/' (for style-sheets) and
	changing the src of the image (to be '/' always).

2012-08-10  Laine Stump  <laine@laine.org>

	nwfilter: fix crash during filter define when lxc driver failed startup
	The meat of this patch is just moving the calls to
	virNWFilterRegisterCallbackDriver from each hypervisor's "register"
	function into its "initialize" function. The rest is just code
	movement to allow that, and a new virNWFilterUnRegisterCallbackDriver
	function to undo what the register function does.

	The long explanation:

	There is an array in nwfilter called callbackDrvArray that has
	pointers to a table of functions for each hypervisor driver that are
	called by nwfilter. One of those function pointers is to a function
	that will lock the hypervisor driver. Entries are added to the table
	by calling each driver's "register" function, which happens quite
	early in libvirtd's startup.

	Sometime later, each driver's "initialize" function is called. This
	function allocates a driver object and stores a pointer to it in a
	static variable that was previously initialized to NULL. (and here's
	the important part...) If the "initialize" function fails, the driver
	object is freed, and that pointer set back to NULL (but the entry in
	nwfilter's callbackDrvArray is still there).

	When the "lock the driver" function mentioned above is called, it
	assumes that the driver was successfully loaded, so it blindly tries
	to call virMutexLock on "driver->lock".

	BUT, if the initialize never happened, or if it failed, "driver" is
	NULL. And it just happens that "lock" is always the first field in
	driver so it is also NULL.

	Boom.

	To fix this, the call to virNWFilterRegisterCallbackDriver for each
	driver shouldn't be called until the end of its (*already guaranteed
	successful*) "initialize" function, not during its "register" function
	(which is currently the case). This implies that there should also be
	a virNWFilterUnregisterCallbackDriver() function that is called in a
	driver's "shutdown" function (although in practice, that function is
	currently never called).

2012-08-09  Eric Blake  <eblake@redhat.com>

	build: fix PROBE() usage of intptr_t
	Otherwise, in locations like virobject.c where PROBE is used,
	for certain configure options, the compiler warns:

	util/virobject.c:110:1: error: 'intptr_t' undeclared (first use in this function)

	As long as we are making this header always available, we can
	clean up several other files.

	* src/internal.h (includes): Pull in <stdint.h>.
	* src/conf/nwfilter_conf.h: Rely on internal.h.
	* src/storage/storage_backend.c: Likewise.
	* src/storage/storage_backend.h: Likewise.
	* src/util/cgroup.c: Likewise.
	* src/util/sexpr.h: Likewise.
	* src/util/virhashcode.h: Likewise.
	* src/util/virnetdevvportprofile.h: Likewise.
	* src/util/virnetlink.h: Likewise.
	* src/util/virrandom.h: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/xenapi/xenapi_utils.c: Likewise.
	* src/xenapi/xenapi_utils.h: Likewise.
	* src/xenxs/xenxs_private.h: Likewise.
	* tests/storagebackendsheepdogtest.c: Likewise.

2012-08-09  Eric Blake  <eblake@redhat.com>

	build: fix author of previous commit
	Stefan's attribution came through with an extra 'n' in the email address.

2012-08-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Implement network driver
	An ESX server has one or more PhysicalNics that represent the actual
	hardware NICs. Those can be listed via the interface driver.

	A libvirt virtual network is mapped to a HostVirtualSwitch. On the
	physical side a HostVirtualSwitch can be connected to PhysicalNics.
	On the virtual side a HostVirtualSwitch has HostPortGroups that are
	mapped to libvirt virtual network's portgroups. Typically there is
	HostPortGroups named 'VM Network' that is used to connect virtual
	machines to a HostVirtualSwitch. A second HostPortGroup typically
	named 'Management Network' is used to connect the hypervisor itself
	to the HostVirtualSwitch. This one is not mapped to a libvirt virtual
	network's portgroup. There can be more HostPortGroups than those
	typical two on a HostVirtualSwitch.

	         +---------------+-------------------+
	   ...---|               |                   |   +-------------+
	         | HostPortGroup |                   |---| PhysicalNic |
	         |   VM Network  |                   |   |    vmnic0   |
	   ...---|               |                   |   +-------------+
	         +---------------+ HostVirtualSwitch |
	                         |     vSwitch0      |
	         +---------------+                   |
	         | HostPortGroup |                   |
	   ...---|   Management  |                   |
	         |    Network    |                   |
	         +---------------+-------------------+

	The virtual counterparts of the PhysicalNic is the HostVirtualNic for
	the hypervisor and the VirtualEthernetCard for the virtual machines
	that are grouped into HostPortGroups.

	   +---------------------+   +---------------+---...
	   | VirtualEthernetCard |---|               |
	   +---------------------+   | HostPortGroup |
	   +---------------------+   |   VM Network  |
	   | VirtualEthernetCard |---|               |
	   +---------------------+   +---------------+
	                                             |
	                             +---------------+
	   +---------------------+   | HostPortGroup |
	   |    HostVirtualNic   |---|   Management  |
	   +---------------------+   |    Network    |
	                             +---------------+---...

	The currently implemented network driver can list, define and undefine
	HostVirtualSwitches including HostPortGroups for virtual machines.
	Existing HostVirtualSwitches cannot be edited yet. This will be added
	in a followup patch.

2012-08-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove redundant checks for esxVI_LookupHostSystemProperties result
	esxVI_LookupHostSystemProperties guarantees that hostSystem is non-NULL.
	Remove redundant NULL checks from callers.

	Also prefer esxVI_GetStringValue over open-coding the logic.

2012-08-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic deep copy
	The static deep copy allocates storage for the copy. The dynamic
	version injected the dynamic dispatch after the allocation. This
	triggered the invalid argument check in the dynamically dispatched
	deep copy call. The deep copy function expects its dest parameter
	to be a pointer to a NULL-pointer. This expectation wasn't met due
	to the dispatching deep copy doing the allocation before the call.

	Fix this by dynamically dispatching to the correct type before the
	allocation.

2012-08-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Implement interface driver
	Lists available PhysicalNic devices. A PhysicalNic is always active
	and can neither be defined nor undefined.

	A PhysicalNic is used to bridge a HostVirtualSwitch to the physical
	network.

2012-08-09  Stefan Berger  <stefannb@linux.vnet.ibm.com>

	nwfilter: remove target table before renaming it
	Remove the target table before renaming a table to it, i.e.,
	remove table B before renaming A to B. This makes the
	renaming more robust against unconnected left-over tables.

2012-08-09  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for obtaining the unique ID of LVM & SCSI volumes
	Both LVM volumes and SCSI LUNs have a globally unique
	identifier associated with them. It is useful to be able
	to query this identifier to then perform disk locking,
	rather than try to figure out a stable pathname.

2012-08-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix debug message in p2p migration
	When entering "confirm" phase, we are interested in the value of
	cancelled rather then ret variable which was interesting before "finish"
	phase and didn't change since then.

	examples: Update strings for event details

	qemu: Migrate at unlimited speed by default
	Previously, qemu did not respond to monitor commands during migration if
	the limit was too high. This prevented us from raising the limit
	earlier. The qemu issue seems to be fixed (according to my testing) and
	we may remove the 32Mb/s limit.

2012-08-09  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor parsing of block device IO tuning parameters.
	This patch refactors the JSON parsing function that extracts the block
	IO tuning parameters from qemu's output. The most impacting change
	concerns the error message that is returned if the reply from qemu does
	not contain the needed data. The data for IO parameter tuning were added
	in qemu 1.1 and the previous error message was confusing.

	This patch also breaks long lines and extracts a multiple time used code
	pattern to a macro.

2012-08-09  Peter Krempa  <pkrempa@redhat.com>

	remote: Clean up coding style and refactor remote connection opening
	Remove spaces before function calls and some other coding nits in some
	parts of the remote driver and refactor getting of URI argument
	components into variables used by libvirt later on.

2012-08-08  Peter Feiner  <peter@gridcentric.ca>

	Allow rbd backing stores
	Prevents libvirt from treating RBD backing stores as files. Without this
	patch, creating a domain with a qcow2 overlay on an RBD would fail.

	This patch essentially extends 9c7c4a4fc533598e59e9a0038ec783e61a38e664,
	which allows nbd backing stores, to allow rbd backing stores.

2012-08-08  Peter Feiner  <peter@gridcentric.ca>

	Fix errno check, prevent spurious errors under heavy load
	From man poll(2), poll does not set errno=EAGAIN on interrupt, however
	it does set errno=EINTR. Have libvirt retry on the appropriate errno.

	Under heavy load, a program of mine kept getting libvirt errors 'poll on
	socket failed: Interrupted system call'. The signals were SIGCHLD from
	processes forked by threads unrelated to those using libvirt.

2012-08-08  Guannan Ren  <gren@redhat.com>

	qemu:rename qemuCheckScsiControllerModel function

	rpc: fix a virObject typo error in struct _virNetServer
	This typo will crash libvirtd when it recevies signal SIGINT

	qemu: add two qemu caps for lsi and virtio-scsi SCSI controllers
	Rename qemuDefaultScsiControllerModel to qemuCheckScsiControllerModel.
	When scsi model is given explicitly in XML(model > 0) checking if the
	underlying QEMU supports it or not first, raise an error on checking
	failure.
	When the model is not given(mode <= 0), return LSI by default, if
	the QEMU doesn't support it, raise an error.

2012-08-08  Guannan Ren  <gren@redhat.com>

	qemu: add capabilities flags related to scsi controller
	  QEMU_CAPS_SCSI_LSI
	    set the flag when "lsi53c895a", bus PCI, alias "lsi" in
	    the output of "qemu -device ?"
	    -device lsi in qemu command line

	  QEMU_CAPS_VIRTIO_SCSI_PCI
	    set the flag when "name "virtio-scsi-pci", bus PCI" in
	    the output of qemu devices query.
	    -device virtio-scsi-pci in qemu command line

2012-08-07  Laine Stump  <laine@laine.org>

	util: include stderr in log message when an external command fails
	This patch is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=818467

	If a caller to virCommandRun doesn't ask for the exitstatus of the
	program it's running, the virCommand functions assume that they should
	log an error message and return failure if the exit code isn't
	0. However, only the commandline and exit status are logged, while
	potentially useful information sent by the program to stderr is
	discarded.

	Fortunately, virCommandRun is already checking if the caller had asked
	for stderr to be saved and, if not, sets things up to save it in
	*cmd->errbuf. This makes it fairly simple for virCommandWait to
	include *cmd->errbuf in the error log (there are still other callers
	that don't setup errbuf, and even virCommandRun won't set it up if the
	command is being daemonized, so we have to check that it's non-zero).

2012-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Set LIBVIRT_AUTOSTART=0 when running test suites
	Occasionally some test cases will (accidentally) try to spawn
	libvirtd. Set the LIBVIRT_AUTOSTART=0 environment variable to
	ensure the remote driver never tries autostart.

	Don't check the 'connect' command in virsh-all test
	The 'virsh-all' test case will invoke each virsh command with
	no args. With the 'connect' command this causes virsh to try
	to connect to the default URI, which in turn tries to spawn
	libvirtd. This is not something we want todo in the test suite,
	so skip the 'connect' command.

	Turn virNetClient* into virObject instances
	Make all the virNetClient* objects use virObject APIs for
	reference counting

	Turn virNetServer* into virObject instances
	Make all the virNetServer* objects use the virObject APIs
	for reference counting

	Turn virSocket into a virObject
	Make virSocket use the virObject APIs for reference counting

	Turn virKeepAlive into a virObject
	Make virKeepAlive use the virObject APIs for reference counting

	Turn virNetSASLContext and virNetSASLSession into virObject instances
	Make virNetSASLContext and virNetSASLSession use virObject APIs
	for reference counting

	Turn virNetTLSContext and virNetTLSSession into virObject instances
	Make virNetTLSContext and virNetTLSSession use the virObject
	APIs for reference counting

	Turn qemuAgentPtr and qemuMonitorPtr into virObjectPtr instances
	Make qemuAgentPtr and qemuMonitorPtr types use the virObject APIs
	for reference counting

	Turn virDomainObjPtr into a virObjectPtr
	Switch virDomainObjPtr to use the virObject APIs for reference
	counting. The main change is that virObjectUnref does not return
	the reference count, merely a bool indicating whether the object
	still has any refs left. Checking the return value is also not
	mandatory.

2012-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Convert public datatypes to inherit from virObject
	This converts the following public API datatypes to use the
	virObject infrastructure:

	  virConnectPtr
	  virDomainPtr
	  virDomainSnapshotPtr
	  virInterfacePtr
	  virNetworkPtr
	  virNodeDevicePtr
	  virNWFilterPtr
	  virSecretPtr
	  virStreamPtr
	  virStorageVolPtr
	  virStoragePoolPtr

	The code is significantly simplified, since the mutex in the
	virConnectPtr object now only needs to be held when accessing
	the per-connection virError object instance. All other operations
	are completely lock free.

	* src/datatypes.c, src/datatypes.h, src/libvirt.c: Convert
	  public datatypes to use virObject
	* src/conf/domain_event.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/storage/storage_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
	  tests/qemuxml2argvtest.c, tests/qemuxmlnstest.c,
	  tests/sexpr2xmltest.c, tests/xmconfigtest.c: Convert
	  to use virObjectUnref/virObjectRef

2012-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Add a generic reference counted virObject type
	This introduces a fairly basic reference counted virObject type
	and an associated virClass type, that use atomic operations for
	ref counting.

	In a global initializer (recommended to be invoked using the
	virOnceInit API), a virClass type must be allocated for each
	object type. This requires a class name, a "dispose" callback
	which will be invoked to free memory associated with the object's
	fields, and the size in bytes of the object struct.

	eg,

	   virClassPtr  connclass = virClassNew("virConnect",
	                                        sizeof(virConnect),
	                                        virConnectDispose);

	The struct for the object, must include 'virObject' as its
	first member

	eg

	  struct _virConnect {
	    virObject object;

	    virURIPtr uri;
	  };

	The 'dispose' callback is only responsible for freeing
	fields in the object, not the object itself. eg a suitable
	impl for the above struct would be

	  void virConnectDispose(void *obj) {
	     virConnectPtr conn = obj;
	     virURIFree(conn->uri);
	  }

	There is no need to reset fields to 'NULL' or '0' in the
	dispose callback, since the entire object will be memset
	to 0, and the klass pointer & magic integer fields will
	be poisoned with 0xDEADBEEF before being free()d

	When creating an instance of an object, one needs simply
	pass the virClassPtr eg

	   virConnectPtr conn = virObjectNew(connclass);
	   if (!conn)
	      return NULL;
	   conn->uri = virURIParse("foo:///bar")

	Object references can be manipulated with

	   virObjectRef(conn)
	   virObjectUnref(conn)

	The latter returns a true value, if the object has been
	freed (ie its ref count hit zero)

2012-08-06  Richa Marwaha  <rmarwah@linux.vnet.ibm.com>

	apparmor: QEMU bridge helper policy updates
	This patch provides AppArmor policy updates for the QEMU bridge helper.
	The QEMU bridge helper is a SUID executable exec'd by QEMU that drops
	capabilities to CAP_NET_ADMIN and adds a tap device to a network bridge.

	Add -netdev bridge support
	This patch adds the support to run the QEMU network helper
	under unprivileged user. It also adds the support for
	attach-interface option in virsh to run under unprivileged
	user.

	Add -netdev bridge capabilities
	This patch adds the capability in libvirt to check if
	-netdev bridge option is supported or not.

2012-08-06  Eric Blake  <eblake@redhat.com>

	virrandom: make virRandomInitialize an automatic one-shot
	All callers used the same initialization seed (well, the new
	viratomictest forgot to look at getpid()); so we might as well
	make this value automatic.  And while it may feel like we are
	giving up functionality, I documented how to get it back in the
	unlikely case that you actually need to debug with a fixed
	pseudo-random sequence.  I left that crippled by default, so
	that a stray environment variable doesn't cause a lack of
	randomness to become a security issue.

	* src/util/virrandom.c (virRandomInitialize): Rename...
	(virRandomOnceInit): ...and make static, with one-shot call.
	Document how to do fixed-seed debugging.
	* src/util/virrandom.h (virRandomInitialize): Drop prototype.
	* src/libvirt_private.syms (virrandom.h): Don't export it.
	* src/libvirt.c (virInitialize): Adjust caller.
	* src/lxc/lxc_controller.c (main): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/util/iohelper.c (main): Likewise.
	* tests/seclabeltest.c (main): Likewise.
	* tests/testutils.c (virtTestMain): Likewise.
	* tests/viratomictest.c (mymain): Likewise.

2012-08-06  Eric Blake  <eblake@redhat.com>

	build: drop conditional use of mdns code
	Commit 1f6f723 missed a step.  At first I was worried that scrubbing
	the conditionals would lead to a runtime failure when compiled without
	avahi, but my testing makes it appear that the runtime error will only
	occur if the .conf files in /etc request mdns advertisement; and the
	old behavior was to silently ignore the request, so this is actually
	a better behavior of only failing when the config requests the
	impossible.

	* src/rpc/virnetserver.c: Drop HAVE_AVAHI conditionals; all
	callers already passed NULL if mdns_adv was not configured.

2012-08-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Set reasonable RSS limit on domain startup
	If there's a memory leak in qemu or qemu is exploited the host's
	system will sooner or later start trashing instead of killing
	the bad process. This however has impact on performance and other
	guests as well. Therefore we should set a reasonable RSS limit
	even when user hasn't set any. It's better to be secure by default.

2012-08-06  Osier Yang  <jyang@redhat.com>

	virsh: Use vshPrint instead of printf

2012-08-04  Jim Fehlig  <jfehlig@suse.com>

	xen-xm: Generate UUID if not specified
	Parsing xen-xm format configuration will fail if UUID is not
	specified, e.g.

	virsh domxml-from-native xen-xm some-config-without-uuid
	error: internal error parsing xm config failed

	Initially I thought to skip parsing the UUID in xenParseXM() when
	not present in the configuration, but this results in a UUID of
	all zeros since it is never set

	virsh domxml-from-native xen-xm /tmp/jim/bug-773621_pierre-test
	<domain type='xen'>
	  <name>test</name>
	  <uuid>00000000-0000-0000-0000-000000000000</uuid>
	  ...

	which certainly can't be correct since this is the UUID the xen
	tools use for dom0.

	This patch takes the approach of generating a UUID when it is not
	specified in the configuration.

2012-08-03  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove console stream callback only when freeing console helper
	Commit ba226d334acbc49f6751b430e0c4e00f69eef6bf tried to fix crash of
	the daemon when a domain with an open console was destroyed. The fix was
	wrong as it tried to remove the callback also when the stream was
	aborted, where at that point the fd stream driver was already freed and
	removed.

	This patch clears the callbacks with a helper right before the hash is
	freed, so that it doesn't interfere with other codepaths where the
	stream object is freed.

2012-08-03  Peter Krempa  <pkrempa@redhat.com>

	client: Free message when freeing client
	The last message of the client was not freed leaking 4 bytes of memory
	in the client when the remote daemon crashed while processing a message.

2012-08-03  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Add "Byte" datatype
	Append "Byte" to set of predefined datatype objects.

2012-08-03  Eric Blake  <eblake@redhat.com>

	parallels: translate error message
	Without this patch, the English phrase 'no name' would appear
	literally within the remaining translated message.

	* src/parallels/parallels_driver.c (parallelsCreateVm)
	(parallelsDomainDefineXML): Tweak error message.

2012-08-03  Laine Stump  <laine@laine.org>

	build: fix "make rpm"
	make rpm was failing with the following error:

	Entering directory `/home/laine/devel/libvirt/tests'
	make[2]: *** No rule to make target `viratomicdata.h',
	             needed by `distdir'.  Stop.

	viratomicdata.h is listed in tests/Makefile.am as a dependency of
	viratomictest, but doesn't exist, is never referenced, and removing
	that dependency permits make rpm to complete successfully.

2012-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Export virUUIDIsValid to libvirt internal code

	Fix typo s/AM_CLFAGS/AM_CFLAGS/ in sanlock link

2012-08-03  Peter Krempa  <pkrempa@redhat.com>

	virsh: console: Avoid using stream after being freed.
	The stream object wasn't set to NULL after freeing causing a double free
	attempt on the cleanup path.

	remote: Fill snapshot argument in remoteDomainSnapshotListAllChildren
	The remote driver did not fill the required snapshot parent argument in
	the RPC call structure that caused a client crash when trying to use
	this new API.

2012-08-03  Osier Yang  <jyang@redhat.com>

	qemu: Allow to attach/detach controller device persistently
	* src/conf/domain_conf.c:
	  - Add virDomainControllerFind to find controller device by type
	    and index.
	  - Add virDomainControllerRemove to remove the controller device
	    from maintained controler list.

	* src/conf/domain_conf.h:
	  - Declare the two new helpers.

	* src/libvirt_private.syms:
	  - Expose private symbols for the two new helpers.

	* src/qemu/qemu_driver.c:
	  - Support attach/detach controller device persistently

	* src/qemu/qemu_hotplug.c:
	  - Use the two helpers to simplify the codes.

2012-08-03  Hendrik Schwartke  <hendrik@os-t.de>

	Added timestamps to storage volumes
	The access, birth, modification and change times are added to
	storage volumes and corresponding xml representations.  This
	shows up in the XML in this format:

	<timestamps>
	  <atime>1341933637.027319099</atime>
	  <mtime>1341933637.027319099</mtime>
	</timestamps>

2012-08-02  Ján Tomko  <jtomko@redhat.com>

	Update xml schemas according to libvirt source
	capability.rng: Guest features can be in any order.
	nodedev.rng: Added <driver> element, <capability> phys_function and
	virt_functions for PCI devices.
	storagepool.rng: Owner or group ID can be -1.

	schema tests: New capabilities and nodedev files; changed owner and
	group to -1 in pool-dir.xml.
	storage_conf: Print uid_t and gid_t as signed to storage pool XML.

2012-08-02  Eric Blake  <eblake@redhat.com>

	build: add stubs so mdns code can be unconditionally compiled
	The recent changes to the testsuite to validate exported symbols
	flushed out a case of unconditionally exporting symbols that
	were only conditionally compiled under HAVE_AVAHI.

	* src/Makefile.am (libvirt_net_rpc_server_la_SOURCES): Compile
	virnetservermdns unconditionally.
	* configure.ac (HAVE_AVAHI): Drop unused automake conditional.
	* src/rpc/virnetservermdns.c: Add fallbacks when Avahi is not
	present.

2012-08-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Switch to close callback
	Since we've introduced close callbacks we can drop this SIGINT magic
	(which doesn't work now neither) and fully utilize the new feature.

	qemu: Fix typo in qemuDomainModifyDeviceFlags
	One of our latest commits fbe87126 introduced this nasty typo:
	func(vmdef, ...); where func() dereference vmdef->ncontrollers,
	and vmdef was initialized to NULL. This leaves us with unconditional
	immediate segfault. It should be vm->def instead.

2012-08-02  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Portable auto-detection of driver module directory
	When running libvirtd from a build directory on a system with unmodified
	libtool, libvirtd's binary is not renamed as "lt-libvirtd". Check for
	"/daemon/.libs/libvirtd" in addition to "lt-libvirtd".

	build: Rename security manager library
	Security manager is not a dynamically loadable driver. Let's avoid the
	confusion by renaming libvirt_driver_security library as
	libvirt_security_manager.

2012-08-02  Jiri Denemark  <jdenemar@redhat.com>

	build: Link security manager into libvirt.so
	Security manager is not a dynamically loadable driver, it's a common
	infrastructure similar to util, conf, cpu, etc. used by individual
	drivers. Such code is allowed to be linked into libvirt.so.

	This reverts commit ec5b7bd2ecbf40ceff5b2d4fc00d5cfdfba966a4 and most of
	aae5cfb69948fddef556f8f5b9f80a444f9c6125.

	This patch is supposed to fix virdrivermoduletest failures for qemu and
	lxc drivers as well as libvirtd's ability to load qemu and lxc drivers.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Avoid clash of base64 symbols
	On Debian/Ubuntu, one of the libraries libvirt (indirectly) links
	with exports a symbol named 'base64_encode'. This takes precedence
	over GNULIB's base64_encode function during linking. Unfortunately
	they of course have different API semantics. To avoid this problem
	use a few #defines in config.h to rename the GNULIB provided
	function to have a 'libvirt_gl_' prefix

2012-08-02  Eric Blake  <eblake@redhat.com>

	build: commit to 0.10.0 release naming
	With 0.10.0-rc0 out the door, we are committed to the next version
	number.

	* src/libvirt_public.syms (LIBVIRT_0.9.14): Rename...
	(LIBVIRT_0.10.0): ...to this.
	* docs/formatdomain.html.in: Fix fallout.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused uuidstr variable from datatypes.c
	Several APIs in src/datatypes.c were formatting an UUID to a
	uuidstr variable and then not using it.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite virAtomic APIs using GLib's atomic ops code
	There are a few issues with the current virAtomic APIs

	 - They require use of a virAtomicInt struct instead of a plain
	   int type
	 - Several of the methods do not implement memory barriers
	 - The methods do not implement compiler re-ordering barriers
	 - There is no Win32 native impl

	The GLib library has a nice LGPLv2+ licensed impl of atomic
	ops that works with GCC, Win32, or pthreads.h that addresses
	all these problems. The main downside to their code is that
	the pthreads impl uses a single global mutex, instead of
	a per-variable mutex. Given that it does have a Win32 impl
	though, we don't expect anyone to seriously use the pthread.h
	impl, so this downside is not significant.

	* .gitignore: Ignore test case
	* configure.ac: Check for which atomic ops impl to use
	* src/Makefile.am: Add viratomic.c
	* src/nwfilter/nwfilter_dhcpsnoop.c: Switch to new atomic
	  ops APIs and plain int datatype
	* src/util/viratomic.h: inline impls of all atomic ops
	  for GCC, Win32 and pthreads
	* src/util/viratomic.c: Global pthreads mutex for atomic
	  ops
	* tests/viratomictest.c: Test validate to validate safety
	  of atomic ops.

2012-08-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove manual one-shot global initializers
	Remove the use of a manually run virLogStartup and
	virNodeSuspendInitialize methods. Instead make sure they
	are automatically run using VIR_ONCE_GLOBAL_INIT

2012-08-02  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for "none" USB controller
	This patch enables the "none" USB controller for qemu guests and adds
	valdiation on hot-plugged devices if the guest has USB disabled.

	This patch also adds a set of tests to check parsing of domain XMLs that
	use the "none" controller and some forbidden situations concerning it.

2012-08-02  Peter Krempa  <pkrempa@redhat.com>

	domain_conf: Add helpers to verify if device configuration is valid
	This patch adds helpers that validate domain's device configuration.
	This will be needed later on to verify devices being hot-plugged to
	guests. If the guest has no USB bus, then it's not valid to plug a USB
	device to that guest.

2012-08-02  Peter Krempa  <pkrempa@redhat.com>

	domain_conf: Add USB controler model "none"
	Libvirt adds a USB controller to the guest even if the user does not
	specify any in the XML. This is due to back-compat reasons.

	To allow disabling USB for a guest this patch adds a new USB controller
	type "none" that disables USB support for the guest.

2012-08-02  Osier Yang  <jyang@redhat.com>

	Fix indentions
	Some of the macros use tab, while the left use spaces, this patch
	change it to always use the spaces. And a few aligning fixes.

2012-08-02  Guannan Ren  <gren@redhat.com>

	storage: netfs and iscsi need option srcSpec for resource discovery
	The option 'srcSpec' to virsh command find-storage-pool-sources
	is optional for logical type of storage pool, but mandatory for
	netfs and iscsi type.
	When missing the option for netfs and iscsi, libvirt reports XML
	parsing error due to null string option srcSpec.

	before
	error: Failed to find any netfs pool sources
	error: (storage_source_specification):1: Document is empty
	(null)

	after:
	error: pool type 'iscsi' requires option --srcSpec for source discovery

2012-08-02  Gerd v. Egidy  <lists@egidy.de>

	maint: consolidate AUTHOR listings for Gerd von Egidy

2012-08-01  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Reorder alphabetically
	One of our latest patches added some files to .gitignore. However,
	not in the right place leaving the file not sorted. Since my git
	is set up to sort these files contents, fix this issue as it keeps
	showing up in git status.

2012-08-01  Jiri Denemark  <jdenemar@redhat.com>

	spec: Remove extra () with return statement

	build: Link security driver into daemon
	Commit aae5cfb69948fddef556f8f5b9f80a444f9c6125 removed security driver
	from libvirt_la but forgot to link it into libvirtd in case libvirt is
	built without modules.

2012-08-01  Daniel Veillard  <veillard@redhat.com>

	Fix rpm build failures
	The 'make check' was rebuilding the binaries just overrided,
	so for more safety also override the C program
	Also daemon-conf isn't built anymore so remove it from the list

	Add missing parallels_utils.h to Makefile.am
	Otherwise the file is missing from the dist tarball and distcheck fails

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement VM creation
	To create a new VM in Parallels Clud Server we should issue
	"prlctl create" command, and give path to the directory,
	where VM should be created. VM's storage will be in that
	directory later. So in this first version find out location
	of first VM's hard disk and create VM there.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add storage driver
	Parallels Cloud Server has one serious discrepancy with libvirt:
	libvirt stores domain configuration files in one place, and storage
	files in other places (with the API of storage pools and storage volumes).
	Parallels Cloud Server stores all domain data in a single directory,
	for example, you may have domain with name fedora-15, which will be
	located in '/var/parallels/fedora-15.pvm', and it's hard disk image will be
	in '/var/parallels/fedora-15.pvm/harddisk1.hdd'.

	I've decided to create storage driver, which produces pseudo-volumes
	(xml files with volume description), and they will be 'converted' to
	real disk images after attaching to a VM.

	So if someone creates VM with one hard disk using virt-manager,
	at first virt-manager creates a new volume, and then defines a
	domain. We can lookup a volume by path in XML domain definition
	and find out location of new domain and size of its hard disk.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: implement virDomainDefineXML operation for existing domains
	Add parallelsDomainDefineXML function, it works only for existing
	domains for the present.

	It's too hard to convert libvirt's XML domain configuration into
	Parallel's one, so I've decided to compare virDomainDef structures:
	current domain definition and the one created from XML, given to
	the function. And change only different parameters.

	Currently only name, description, number of cpus, memory amount
	and video memory can be changed.

	Video device and console added, because libvirt supposes that
	VM must always have one video device, if there are some
	graphics and one console.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add support of VNC remote display
	Add support for reading VNC parameters of the VM.

	parallels: get info about serial ports
	Add support of collecting information about serial
	ports. This change is needed mostly as an example,
	support of other devices will be added later.

	parallels: implement functions for domain life cycle management
	Add functions for create/shutdown/destroy and suspend/resume domain.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add functions to list domains and get info
	Parallels driver is 'stateless', like vmware or openvz drivers.
	It collects information about domains during startup using
	command-line utility prlctl. VMs in Parallels are identified by UUIDs
	or unique names, which can be used as respective fields in
	virDomainDef structure. Currently only basic info, like
	description, virtual cpus number and memory amount, is implemented.
	Querying devices information will be added in the next patches.

	Parallels doesn't support non-persistent domains - you can't run
	a domain having only disk image, it must always be registered
	in system.

	Functions for querying domain info have been just copied from
	test driver with some changes - they extract needed data from
	previously created list of virDomainObj objects.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	add function virCommandNewVAList
	Add function virCommandNewVAList which is equivalent to the
	virCommandNewArgList but with va_list instead of a variable number
	of arguments.

2012-08-01  Dmitry Guryanov  <dguryanov@parallels.com>

	parallels: add driver skeleton
	Parallels Cloud Server is a cloud-ready virtualization
	solution that allows users to simultaneously run multiple virtual
	machines and containers on the same physical server.

	More information can be found here: http://www.parallels.com/products/pcs/
	Also beta version of Parallels Cloud Server can be downloaded there.

2012-07-31  Marc-André Lureau  <marcandre.lureau@gmail.com>

	qemu: syntax fix
	Pushed without ack, under the trivial rule.

2012-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Only perform symbol check against libvirt.so
	The 'check-symfile' test case was checking the contents of
	libvirt.syms against libvirt.so + all of libvirt_driver_XXX.so
	This was in fact bogus - libvirt.syms should only refer to
	stuff in libvirt.so, but it had some symbols from the various
	driver modules in it too. Now that libvirt.syms has been
	fixed, the check-symfile test can be simplified to only
	consider libvirt.so

	Don't link nwfilter or secrets driver to libvirt.so
	The nwfilter and secrets drivers are both stateful and are already
	linked directly to libvirtd. Linking them to libvirt.so is thus
	wrong, likewise exporting their symbols in libvirt.so is wrong

	Remove bogus libvirt_network.syms file
	The network driver is stateful, so it is linked directly to libvirtd,
	rather than libvirt.so. Thus there are no network symbols to be exported
	in libvirt.so, and libvirt_network.syms can be deleted

2012-07-31  Eric Blake  <eblake@redhat.com>

	qemu: fix use after free
	Detected by Coverity.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostDevice): Avoid
	double free of usb on failure.

2012-07-31  Jiri Denemark  <jdenemar@redhat.com>

	build: Don't export xenLinuxDomainBlockStats symbol
	The symbol is only used within Xen driver.

2012-07-31  Guannan Ren  <gren@redhat.com>

	build: distribute virsh related source files
	In virsh.c, it includes multiple virsh source files, we need
	to have them distributed.

2012-07-30  Eric Blake  <eblake@redhat.com>

	build: fix build without HAVE_CAPNG
	Otherwise, a build may fail with:

	lxc/lxc_conatiner.c: In function 'lxcContainerDropCapabilities':
	lxc/lxc_container.c:1662:46: error: unused parameter 'keepReboot' [-Werror=unused-parameter]

	* src/lxc/lxc_container.c (lxcContainerDropCapabilities): Mark
	parameter unused.

2012-07-30  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Fix crash in virTypedParameterArrayClear
	Daemon uses the following pattern when dispatching APIs with typed
	parameters:

	    VIR_ALLOC_N(params, nparams);
	    virDomain*(dom, params, &nparams, flags);
	    virTypedParameterArrayClear(params, nparams);

	In case nparams was originally set to 0, virDomain* API would fill it
	with the number of typed parameters it can provide and we would use this
	number (rather than zero) to clear params. Because VIR_ALLOC* returns
	non-NULL pointer even if size is 0, the code would end up walking
	through random memory. If we were lucky enough and the memory contained
	7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
	random pointer and crash.

	Let's make sure params stays NULL when nparams is 0.

2012-07-30  Peter Krempa  <pkrempa@redhat.com>

	conf: Remove callback from stream when freeing entries in console hash
	When a domain has a active console connection and is destroyed the
	callback is called on private data that no longer exist causing a
	segfault.

	conf: Remove dead code from virConsoleOpen()

	python: Don't generate bodies for close callback functions
	Commit 6ed5a1b9bd6240b8f2736790e48dd1c284c2e0e1 adds close callback
	functions to the public API but doesn't add python implementation. This
	patch sets the function to be written manually (to fix the build), but
	doesn't implement them yet.

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Improve error message in LXC startup with network is not active
	If an LXC container is using a virtual network and that network
	is not active, currently the user gets a rather unhelpful
	error message about tap device setup failure. Add an explicit
	check for whether the network is active, in exactly the same
	way as the QEMU driver

	Remove tabs from all perl files & enforce this
	The cfg.mk file rule to check for tab characters was not
	applied to perl files. Much of our Perl code is full of
	tabs as a result. Kill them, kill them all !

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Add handling for reboots of LXC containers
	The reboot() syscall is allowed by new kernels for LXC containers.
	The LXC controller can detect whether a reboot was requested
	(instead of a normal shutdown) by looking at the "init" process
	exit status. If a reboot was triggered, the exit status will
	record SIGHUP as the kill reason.

	The LXC controller has cleared all its capabilities, and the
	veth network devices will no longer exist at this time. Thus
	it cannot restart the container init process itself. Instead
	it emits an event which is picked up by the LXC driver in
	libvirtd. This will then re-create the container, using the
	same configuration as it was previously running with (ie it
	will not activate 'newDef').

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Allow CAP_SYS_REBOOT on new enough kernels
	Check whether the reboot() system call is virtualized, and if
	it is, then allow the container to keep CAP_SYS_REBOOT.

	Based on an original patch by Serge Hallyn

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Run an RPC protocol over the LXC controller monitor
	This defines a new RPC protocol to be used between the LXC
	controller and the libvirtd LXC driver. There is only a
	single RPC message defined thus far, an asynchronous "EXIT"
	event that is emitted just before the LXC controller process
	exits. This provides the LXC driver with details about how
	the container shutdown - normally, or abnormally (crashed),
	thus allowing the driver to emit better libvirt events.

	Emitting the event in the LXC controller requires a few
	little tricks with the RPC service. Simply calling the
	virNetServiceClientSendMessage does not work, since this
	merely queues the message for asynchronous processing.
	In addition the main event loop is no longer running at
	the point the event is emitted, so no I/O is processed.

	Thus after invoking virNetServiceClientSendMessage it is
	necessary to mark the client as being in "delayed close"
	mode. Then the event loop is run again, until the client
	completes its close - this happens only after the queued
	message has been fully transmitted. The final complexity
	is that it is not safe to run virNetServerQuit() from the
	client close callback, since that is invoked from a
	context where the server is locked. Thus a zero-second
	timer is used to trigger shutdown of the event loop,
	causing the controller to finally exit.

	* src/Makefile.am: Add rules for generating RPC protocol
	  files and dispatch methods
	* src/lxc/lxc_controller.c: Emit an RPC event immediately
	  before exiting
	* src/lxc/lxc_domain.h: Record the shutdown reason
	  given by the controller
	* src/lxc/lxc_monitor.c, src/lxc/lxc_monitor.h: Register
	  RPC program and event handler. Add callback to let
	  driver receive EXIT event.
	* src/lxc/lxc_process.c: Use monitor exit event to decide
	  what kind of domain event to emit
	* src/lxc/lxc_protocol.x: Define wire protocol for LXC
	  controller monitor.

2012-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Make RPC code generator a little more flexible
	Update the gendispatch.pl script to get a little closer to
	being able to generate code for the LXC monitor, by passing
	in the struct prefix separately from the procedure prefix.
	Also allow method names using virCapitalLetters instead
	of vir_underscore_separator

	Move LXC monitor code out into separate file
	Move the code that handles the LXC monitor out of the
	lxc_process.c file and into lxc_monitor.{c,h}

	Convert the LXC driver to use virNetClient
	Update the LXC driver to use the virNetClient APIs for
	connecting to the libvirt_lxc monitor, instead of the
	low-level socket APIs. This is a step towards running
	a full RPC protocol with libvirt_lxc

	Replace use of lxcError with virReportError
	Update all LXC code to use virReportError instead of the custom
	lxcError macro

	Rename lxc_driver_t to virLXCDriver
	Rename the lxc_driver_t struct typedef to virLXCDriver to more
	closely follow normal libvirt naming conventions

	Rename all APIs in lxc_domain.c to have a virLXCDomain prefix
	For consistency all the APIs in the lxc_domain.c file should
	have a virLXCDomain prefix in their name

	Rename all APIs in lxc_process.c to have a virLXCProcess prefix
	For consistency all the APIs in the lxc_process.c file should
	have a virLXCProcess prefix in their name

	Process all pending I/O for a RPC client before checking EOF
	In the socket event handler for the RPC client we must deal
	with read/write events, before checking for EOF, otherwise
	we might close the socket before we've read & acted upon the
	last RPC messages

	Extend events demo to show close callbacks in use
	Use a driver close callback to trigger shutdown of the
	events demo program

	Update remote driver to support the connection close callbacks
	Update the remote driver to use the virNetClient close callback
	to trigger the virConnectPtr close callbacks

	Add callback to virNetClient to be invoked on connection close
	Allow detection of socket close in virNetClient via a callback
	function, triggered on any condition that causes the socket to
	be closed.

	Ensure client is marked for close in all error paths
	Currently if the keepalive timer triggers, the 'markClose'
	flag is set on the virNetClient. A controlled shutdown will
	then be performed. If an I/O error occurs during read or
	write of the connection an error is raised back to the
	caller, but the connection isn't marked for close. This
	patch ensures that all I/O error scenarios always result
	in the connection being marked for close.

	Add public API to register a callback to be invoked on connection close
	Define new virConnect{Register,Unregister}CloseCallback() public APIs
	which allows registering/unregistering a callback to be invoked when
	the connection to a hypervisor is closed. The callback is provided
	with the reason for the close, which may be 'error', 'eof', 'client'
	or 'keepalive'.

2012-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve error reporting for unknown VI types
	Print the actual unknown type name instead of <other> for AnyType objects.

2012-07-27  Jiri Denemark  <jdenemar@redhat.com>

	security: Skip labeling resources when seclabel defaults to none
	If a domain is explicitly configured with <seclabel type="none"/> we
	correctly ensure that no labeling will be done by setting
	norelabel=true. However, if no seclabel element is present in domain XML
	and hypervisor is configured not to confine domains by default, we only
	set type to "none" without turning off relabeling. Thus if such a domain
	is being started, security driver wants to relabel resources with
	default label, which doesn't make any sense.

	Moreover, with SELinux security driver, the generated image label lacks
	"s0" sensitivity, which causes setfilecon() fail with EINVAL in
	enforcing mode.

2012-07-27  Eric Blake  <eblake@redhat.com>

	maint: regenerate bootstrap
	Commit 3ad13c92a7 blindly touched all files to have a 3-line
	hint for getting LGPL, but bootstrap is synced from gnulib where
	it has a 2-line hint.

	* bootstrap: Resync from gnulib.

2012-07-27  Gerd v. Egidy  <lists@egidy.de>

	libvirt-guests: systemd host shutdown does not work
	I originally postet this into the Fedora bugzilla
	https://bugzilla.redhat.com/show_bug.cgi?id=843836

	Currently gracefully shutting down guest vms on host shutdown does not work on
	Fedora 17, the guests are killed hard on system shutdown.

	The reason is systemd considers libvirt-guests.service to be stopped when the
	system is running:

	$ systemctl status libvirt-guests.service
	libvirt-guests.service - Suspend Active Libvirt Guests
	          Loaded: loaded (/usr/lib/systemd/system/libvirt-guests.service;
	enabled)
	          Active: deactivating (stop) since Fri, 27 Jul 2012 15:47:31 +0200;
	2min 48s ago
	         Process: 1085 ExecStart=/etc/init.d/libvirt-guests start
	(code=exited, status=0/SUCCESS)
	         Control: 1150 (libvirt-guests)
	          CGroup: name=systemd:/system/libvirt-guests.service
	                  └ control
	                    ├ 1150 /bin/sh /etc/init.d/libvirt-guests stop
	                    └ 2257 sleep 1

	libvirt-guests.service is defined as type "simple" in systemd (the default).
	That means systemd will shut down the service when the start executable is
	terminated after starting is done. Systemd will not call stop again on system
	shutdown because it thinks it is already stopped.

	The solution is to define it as type "oneshot" and set the flag
	"RemainAfterExit". Then systemd will consider the service as active after
	startup and will call the stop function on host shutdown.

2012-07-27  Peter Krempa  <pkrempa@redhat.com>

	lib: Revert removing of Summary and Description fields in headers
	Those fields are used by the apibuild script to create documentation.
	This commit partialy reverts a4bcefbcff01c9cdc257127df376929cd80304b1.

	docs: Add method to print warnings in docBuilder class
	The method was not existing and did not allow to diagnose problems.

2012-07-27  Eric Blake  <eblake@redhat.com>

	maint: avoid regression on copyright listings
	Commit f9ce7dad6 tried to kill uses of a raw street address, but
	missed a few instances.  Automate things so we don't introduce
	new problems in the future.

	* cfg.mk (sc_copyright_address): New rule.
	(exclude_file_name_regexp--sc_copyright_address): Add exemption.
	* bootstrap.conf: Adjust offenders.
	* build-aux/augeas-gentest.pl: Likewise.
	* examples/systemtap/events.stp: Likewise.
	* examples/systemtap/qemu-monitor.stp: Likewise.
	* examples/systemtap/rpc-monitor.stp: Likewise.
	* src/dtrace2systemtap.pl: Likewise.
	* src/esx/esx_vi_generator.py: Likewise.
	* src/hyperv/hyperv_wmi_generator.py: Likewise.
	* src/remote/qemu_protocol.x: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/rpc/gensystemtap.pl: Likewise.
	* src/rpc/virnetprotocol.x: Likewise.
	* tests/object-locking.ml: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2012-07-27  Osier Yang  <jyang@redhat.com>

	maint: Use consistent copyright.
	This is a follow up patch of commit f9ce7dad6, it modifies all
	the files which declare the copyright like "See COPYING.LIB for
	the License of this software" to use the detailed/consistent one.

	And deserts the outdated comments like:

	 * libvirt-qemu.h:
	 * Summary: qemu specific interfaces
	 * Description: Provides the interfaces of the libvirt library to handle
	 *              qemu specific methods
	 *
	 * Copy:  Copyright (C) 2010, 2012 Red Hat, Inc.

	Uses the more compact style like:

	 * libvirt-qemu.h: Interfaces specific for QEMU/KVM driver
	 *
	 * Copyright (C) 2010, 2012 Red Hat, Inc.

2012-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a test case that checks there are no bogus entries in .syms
	During refactoring of code, it has proved common to forget to
	remove old symbols from the .syms file. While the Win32 linker
	will complain about this, the Linux ELF linker does not. The
	new test case validates that every symbol listed in the .syms
	file actually exists in the built ELF libraries.

	Remove accidentally commited virNetClientSetEOFNotify symbol
	The virNetClientSetEOFNotify symbol was accidentally added to
	the libvirt_private.syms file due to an out-of-order cherry-pick

	Remove two non-existant NWFilter driver symbols from .syms
	virNWFilterGetIpAddrForIfname and virNWFilterDelIpAddrForIfname
	do not exist, so remove them from libvirt_nwfilter.syms

2012-07-27  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix error resetting on fallback paths
	On some fallback paths in virsh, error reported by the previously failed
	API is cleared by virResetLastError() that doesn't free error stored by
	virsh. This patch changes this to clear it using vshResetLibvirtError().

2012-07-27  Peter Krempa  <pkrempa@redhat.com>

	virsh: Refactor error clearing on graceful fallback paths
	Virsh uses an error handler to save errors from libvirt. On some code
	paths it's needed to clear libvirt errors and continue on fallback code
	paths without reporting failure.

	This patch adds function vshResetLibvirtError() that clears error
	returned by libvirt and updates all places where the old two-line method
	was used.

2012-07-26  Eric Blake  <eblake@redhat.com>

	maint: don't permit format strings without %
	Any time we have a string with no % passed through gettext, a
	translator can inject a % to cause a stack overread.  When there
	is nothing to format, it's easier to ask for a string that cannot
	be used as a formatter, by using a trivial "%s" format instead.

	In the past, we have used --disable-nls to catch some of the
	offenders, but that doesn't get run very often, and many more
	uses have crept in.  Syntax check to the rescue!

	The syntax check can catch uses such as
	virReportError(code,
	               _("split "
	                 "string"));
	by using a sed script to fold context lines into one pattern
	space before checking for a string without %.

	This patch is just mechanical insertion of %s; there are probably
	several messages touched by this patch where we would be better
	off giving the user more information than a fixed string.

	* cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
	* src/datatypes.c (virUnrefConnect, virGetDomain)
	(virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
	(virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
	(virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
	(virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
	(virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
	* src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
	(lxcDomainGetBlkioParameters): Likewise.
	* src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
	(virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
	Likewise.
	* src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
	(virNetworkDefParseXML): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
	Likewise.
	* src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
	(virNWFilterVarAccessParse): Likewise.
	* src/libvirt.c (virDomainSave, virDomainSaveFlags)
	(virDomainRestore, virDomainRestoreFlags)
	(virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
	(virDomainCoreDump, virDomainGetXMLDesc)
	(virDomainMigrateVersion1, virDomainMigrateVersion2)
	(virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
	(virStreamSendAll, virStreamRecvAll)
	(virDomainSnapshotGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
	(virNWFilterDHCPSnoopReq): Likewise.
	* src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
	* src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
	* src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
	(qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
	Likewise.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
	(virNetSocketSendFD, virNetSocketRecvFD): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskBuildPool): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemProbe)
	(virStorageBackendFileSystemBuild): Likewise.
	* src/storage/storage_backend_rbd.c
	(virStorageBackendRBDOpenRADOSConn): Likewise.
	* src/storage/storage_driver.c (storageVolumeResize): Likewise.
	* src/test/test_driver.c (testInterfaceChangeBegin)
	(testInterfaceChangeCommit, testInterfaceChangeRollback):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
	Likewise.
	* src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
	(xenFormatXM): Likewise.

2012-07-26  Eric Blake  <eblake@redhat.com>

	maint: avoid empty regex in syntax checker
	We were defining 'func_or' as '|VIR_ERROR|...', which when put
	inside 'func_re' resulted in a regex that matches everything in
	isolation.  Thankfully, we always used func_re with a leading
	anchor \<, and since the empty regex does not start a word, we
	happened to get the result we wanted; but it's better to define
	func_or without a leading space converted into a leading empty
	alternation.

	* cfg.mk (func_or): Strip leading space.

2012-07-26  Ján Tomko  <jtomko@redhat.com>

	virsh: check if specified debug level is in range

2012-07-26  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib, for secure tarball
	Pick up some build fixes in the latest gnulib.  In particular,
	we want to ensure that official tarballs are secure, but don't
	want to penalize people who don't run 'make dist', since fixed
	automake still hasn't hit common platforms like Fedora 17.

	* .gnulib: Update to latest, for Automake CVE-2012-3386 detection.
	* bootstrap: Resync from gnulib.
	* bootstrap.conf (gnulib_extra_files): Drop missing, since gnulib
	has dropped it in favor of Automake's version.
	* cfg.mk (local-checks-to-skip): Conditionally skip the security
	check in cases where it doesn't matter.

2012-07-26  Peter Krempa  <pkrempa@redhat.com>

	virsh: Check for existence of storage before undefining the domain
	When undefining a domain and removing associated storage using "virsh
	undefine --storage" the domain was at first undefined and after that the
	storage removal proces was started. If the user specified an invalid
	disk to remove, the error could not be corrected.

	This patch moves enumeration and filtering of volumes that should be
	removed before the domain is undefined, but the removal process is still
	kept after the domain has been undefined.

2012-07-26  Guannan Ren  <gren@redhat.com>

	doc: add more description on libvirtd option timeout

	util: set minimum value of nodesuspend duration to 60 seconds
	Change the permissible minimum value of nodesuspend duration time
	to 60 seconds. If option is less than the value, reports error.
	Update virsh help and manpage the infomation.

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Move command group definition into its own file
	* virsh-domain-monitor.c: Add domMonitoringCmds
	* virsh-domain.c: Add domManagementCmds
	* virsh-host.c: Add hostAndHypervisorCmds
	* virsh-interface.c: Add ifaceCmds
	* virsh-network.c: Add networkCmds
	* virsh-nodedev.c: Add nodedevCmds
	* virsh-nwfilter.c: Add nwfilterCmds
	* virsh-pool.c: Add storagePoolCmds
	* virsh-secret.c: Add secretCmds
	* virsh-snapshot.c: Add snapshotCmds
	* virsh-volume.c: Add storageVolCmds
	* virsh.c: Remove all the above *Cmds.

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds in node device group from virsh.c
	Commands in node device group moved from virsh.c to virsh-nodedev.c,

	* virsh.c: Remove commands in node device group.
	* virsh-nodedev.c: New file, filled with commands in node device group
	* po/POTFILES.in: Add virsh-nodedev.c
	* cfg.mk: Skip to check config.h including for virsh-nodedev.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds in host group from virsh.c
	Commands in host group moved from virsh.c to virsh-host.c,

	* virsh.c: Remove commands in host group.
	* virsh-host.c: New file, filled with commands in host group
	* po/POTFILES.in: Add virsh-host.c
	* cfg.mk: Skip to check config.h including for virsh-host.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds to manage domain snapshot from virsh.c
	Commands to manage domain snapshot are moved from virsh.c to
	virsh-snapshot.c.

	* virsh.c: Remove domain snapshot commands.
	* virsh-snapshot.c: New file, filled with domain snapshot commands.
	* po/POTFILES.in: Add virsh-snapshot.c
	* cfg.mk: Skip strcase and config.h including checking for
	          virsh-snapshot.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds to manage secret from virsh.c
	Commands to manage secret are moved from virsh.c to virsh-secret.c,
	with a few helpers for secret command use.

	* virsh.c: Remove secret commands and a few helpers.
	           (vshCommandOptSecret, and vshCommandOptSecretBy)
	* virsh-secret.c: New file, filled with secret commands and its helpers.
	* po/POTFILES.in: Add virsh-secret.c
	* cfg.mk: Skip to check config.h including for virsh-secret.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds to manage network filter from virsh.c
	Commands to manage network filter are moved from virsh.c to virsh-nwfilter.c,
	with a few helpers for network filter command use.

	* virsh.c: Remove network filter commands and a few helpers.
	           (vshCommandOptNWFilter, and vshCommandOptNWFilterBy)
	* virsh-nwfilter.c: New file, filled with network filter commands and its helpers.

	* po/POTFILES.in: Add virsh-nwfilter.c

	* cfg.mk: Skip to check config.h including for virsh-nwfilter.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds to manage host interface from virsh.c
	Commands to manage host interface are moved from virsh.c to
	virsh-interface.c, with a few helpers for interface command use.

	* virsh.c: Remove interface commands and a few helpers.
	           (vshCommandOptInterface, vshCommandOptInterfaceBy)
	* virsh-interface.c: New file, filled with interface commands and
	                     its helpers.
	* cfg.mk: Skip to check config.h including for virsh-interface.c
	* po/POTFILES.in: Add virsh-interface.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds to manage network from virsh.c
	Commands to manage network are moved from virsh.c to virsh-network.c,
	with a few helpers for network command use.

	* virsh.c: Remove network commands and a few helpers.
	* virsh-network.c: New file, filled with network commands and its
	                   helpers.
	* po/POTFILES.in: Add virsh-network.c
	* cfg.mk: Skip to check config.h including for virsh-network.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds of storage pool group from virsh.c
	This splits commands of storage pool group into virsh-pool.c,
	The helpers not for common use are moved too. Standard copyright
	is added for the new file.

	* tools/virsh.c:
	  Remove commands for storage storage pool and a few helpers.
	  (vshCommandOptVol, vshCommandOptVolBy).

	* tools/virsh-pool.c:
	  New file, filled with commands of storage pool group and its
	  helpers.

	* po/POTFILES.in:
	  Add virsh-pool.c

	* cfg.mk:
	  Skip to check config.h including for virsh-pool.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds of storage volume group from virsh.c
	This splits commands of storage volume group into virsh-volume.c,
	The helpers not for common use are moved too. Standard copyright
	is added for the new file.

	* tools/virsh.c:
	  Remove commands for storage storage volume and a few helpers.
	  (vshCommandOptVol, vshCommandOptVolBy).

	* tools/virsh-volume.c:
	  New file, filled with commands of storage volume group and its
	  helpers.

	* po/POTFILES.in:
	  Add virsh-volume.c

	* cfg.mk:
	  Skip to check config.h including for virsh-volume.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds of domain group from virsh.c
	This splits commands to manage domain into virsh-domain.c,The helpers
	not for common use are moved into them too. Standard copyright is added
	for the new file.

	* tools/virsh.c:
	  - Remove commands for domain group, and one helper
	    (vshDomainVcpuStateToString)
	  - vshStreamSink is moved before commands's definition for it's
	    also used by commands not of domain group, such as volUpload.

	* tools/virsh-domain.c:
	  - New file, commands for domain group and the one helper are
	    moved into it.

	* po/POTFILES.in:
	  - Add virsh-domain.c

	* cfg.mk:
	  - Skip to check config.h including for virsh-domain.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Split cmds for domain monitoring from virsh.c
	This splits commands commands to monitor domain status into
	virsh-domain-monitor.c. The helpers not for common use are moved too.
	Standard copyright is added.

	* tools/virsh.c:
	  - Remove commands for domain monitoring group and a few helpers (
	    vshDomainIOErrorToString, vshGetDomainDescription,
	    vshDomainControlStateToString, vshDomainStateToString) not for
	    common use.
	  - Remove (incldue "intprops.h").

	* tools/virsh-domain-monitor.c:
	  - New file, filled with commands of domain monitor group.
	  - Add "intprops.h".

	* cfg.mk:
	  - Skip strcase checking for virsh-domain-monitor.c
	  - Skip to check config.h including for virsh-domain-monitor.c

	* po/POTFILES.in
	  - Add virsh-domain-monitor.c

2012-07-26  Osier Yang  <jyang@redhat.com>

	virsh: Move definition of cmds and cmd groups right at the top of main
	This will avoid many conflicts if moving the codes for each command
	group into separate files in later patches.

2012-07-25  Jan Tomko  <jtomko@redhat.com>

	virsh man page - domain-id consistency
	Using 'domain' to represent domain name, domain id or uuid all over
	the man page, to be consistent with virsh help.

2012-07-25  Laine Stump  <laine@laine.org>

	Fixup manpage names and copyright dates
	The copyright dates in the manpages haven't been updated in awhile.

	Also, when pod2man converts a pod file into a manpage, it will only
	remove the extension from the filename if it is ".pod". Some of the
	libvirt pod files are named *.pod.in, and that filename is placed
	unchanged into the manpage. This patch uses pod2man's --name option to
	fix that.

	Believe it or not, there's even a BZ for this:

	  https://bugzilla.redhat.com/show_bug.cgi?id=819364

2012-07-25  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix typo in virDomainHostdevSubsys comment

2012-07-25  Eric Blake  <eblake@redhat.com>

	maint: spelling correction in AUTHORS
	Ján Tomko has an accented name.

2012-07-25  Guannan Ren  <gren@redhat.com>

	util: Fix typoes on return value and comments
	virNetDevTapCreateInBridgePort: Fix return value to -1
	virNetDevTapCreate: Fix comments

2012-07-25  Martin Kletzander  <mkletzan@redhat.com>

	fixed SegFault in virauth
	No check for conn->uri being NULL in virAuthGetConfigFilePath (valid
	state) made the client segfault. This happens for example with these
	settings:
	 - no virtualbox driver installed (modifies conn->uri)
	 - no default URI set (VIRSH_DEFAULT_CONNECT_URI="",
	   LIBVIRT_DEFAULT_URI="", uri_default="")
	 - auth_sock_rw="sasl"
	 - virsh run as root

	That are unfortunately the settings with fresh Fedora 17 installation
	with VDSM.

	The check ought to be enough as conn->uri being NULL is valid in later
	code and is handled properly.

2012-07-24  Osier Yang  <jyang@redhat.com>

	daemon: Fix the wrong macro name
	WITH_INTERFACE is not defined, it should be WITH_NETCF there to load
	the interface driver.

	Eric posted patch weeks ago to resolve the problems in the whole
	build system, but it's not finalised yet:

	https://www.redhat.com/archives/libvir-list/2012-June/msg01299.html

	I'm going to simply fix the wrong macro name here so that the
	interface driver could loaded, and continue the work on the listing
	API for interface driver.

2012-07-24  Jan Tomko  <jtomko@redhat.com>

	virsh: Clarify that memtune parameters may be rounded in the man page

2012-07-24  Doug Goldstein  <cardoe@cardoe.com>

	Fix libnl CFLAGS/LIBS inclusion
	When using libnl, use the variables pkg-config provides in case there are
	additional libraries or CFLAGS required to build it. Specifically if
	the libnl headers are not directly in /usr/include.

2012-07-24  Martin Kletzander  <mkletzan@redhat.com>

	virsh: fixed domdisplay command
	The 'domdisplay' command didn't properly evaluate '--include-password'
	option.

2012-07-24  Wen Congyang  <wency@cn.fujitsu.com>

	building: fix deps error when some drivers are not built
	libvirt-daemon-driver-XXX should be a dependency only when with_driver_modules
	is 1.
	libvirt-daemon-driver-libxl should be a dependency only when with_libxl is 1.
	libvirt-daemon-driver-lxc should be a dependency only when with_lxc is 1.
	libvirt-daemon-driver-qemu should be a dependency only when with_qemu is 1.
	libvirt-daemon-driver-uml should be a dependency only when with_uml is 1.
	libvirt-daemon-driver-xen should be a dependency only when with_xen is 1.

2012-07-24  Daniel P. Berrange  <berrange@redhat.com>

	More advanced auto-detection of driver module directory
	When running directly from GIT, libvirtd attempts to locate
	the directory containing loadable modules. This currently
	only works if executing libvirtd with a CWD inside the libvirt
	source tree. Switch to locate based on the path to the current
	binary instead

2012-07-24  Royce Lv  <lvroyce@linux.vnet.ibm.com>

	adding handling EINTR to poll to make it more robust
	some system call and signal will interrupt poll,
	making event loop stops and fails to react events and keepalive message
	from libvirt.
	adding handling EINTR to poll to make it more robust

2012-07-24  Eric Blake  <eblake@redhat.com>

	build: regenerate .png files
	We don't expect people to have tools installed to regenerate .png
	from .fig by default.  However, since commit 5eb3df8, several
	.fig files were updated without regenerating the .png file, and
	as a result, 'make dist' ends up regenerating those five files,
	or worse, failing because of missing tools (convert from
	ImageMagick).

	Additionally, even if the tools are present, the generation of
	.png files is nondeterministic (the resulting files contain a
	timestamp), which means prior to this patch, running 'make dist'
	from two checkouts will end up producing different tarball
	contents (two 'make dist' runs will always produce different tar
	files, since tarballs also contain timestamps; but unpacking the
	tarballs and doing a recursive diff will show if the contents
	are unchanged).

	After this patch, the timestamps are now up-to-date, and 'make
	dist' no longer has anything to do for the .png files.  This gets
	us closer to the goal of two checkouts being able to produce the
	same tarball.

	* docs/libvirt-*.png: Regenerate.

2012-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Make ESX & Hyper-V code generator safe with parallel builds
	If from a clean GIT checkout 'make -j 8' is run, the ESX
	and Hyper-V code will be generated multiple times over.
	This is because there are multiple files being generated
	from one invocation of the generator script. make does not
	realize this and so invokes the generator once per file.
	This doesn't matter with serialized builds, but with
	parallel builds multiple instances of the generator get
	run at once.

	make[2]: Entering directory `/home/berrange/src/virt/libvirt/src'
	  GEN    util/virkeymaps.h
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_client_bodies.h
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_client_bodies.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  GEN    esx/esx_vi_methods.generated.c
	  GEN    esx/esx_vi_methods.generated.macro
	  GEN    esx/esx_vi.generated.h
	  GEN    esx/esx_vi.generated.c
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typedef
	  GEN    esx/esx_vi_types.generated.typeenum
	  GEN    esx/esx_vi_types.generated.typetostring
	  GEN    esx/esx_vi_types.generated.typefromstring
	  GEN    esx/esx_vi_types.generated.h
	  GEN    esx/esx_vi_types.generated.c
	  GEN    esx/esx_vi_methods.generated.h
	  ...snip...
	  GEN    hyperv/hyperv_wmi.generated.h
	  GEN    libvirt_qemu_probes.h
	  GEN    locking/qemu-sanlock.conf
	  GEN    hyperv/hyperv_wmi.generated.c
	  GEN    rpc/virnetprotocol.h
	  GEN    hyperv/hyperv_wmi_classes.generated.typedef
	  GEN    hyperv/hyperv_wmi_classes.generated.h
	  GEN    hyperv/hyperv_wmi_classes.generated.c
	  GEN    rpc/virkeepaliveprotocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.c
	  GEN    rpc/virkeepaliveprotocol.c
	  GEN    rpc/virnetprotocol.c
	  GEN    libvirt.def

	Prevent this using a timestamp file to control generation,
	as was previously done for the python bindings in commit
	a7868e0131516ef2dece82586edd52dc87fe336c

2012-07-23  Peter Krempa  <pkrempa@redhat.com>

	tests: Add support for catching domain XML parsing errors
	This patch enhances qemuxml2argvtest to deal with semantically incorrect
	domain XMLs, that generate errors while parsing.

	This patch cleans up macros that invoke the tests and changes boolean
	flags to a bit array flag variable.

2012-07-23  Peter Krempa  <pkrempa@redhat.com>

	maint: Clean up coding style and fix error message spelling
	This patch cleans up coding style breaks some long lines and fixes error
	message spelling on various places in domain_conf.c and in the qemu
	driver.

2012-07-23  Doug Goldstein  <cardoe@cardoe.com>

	doc: Fix time keeping example for the guest clock
	The time keeping example was missing quotes which resulted in an error
	if you copied and pasted the example into a domain's XML. Additionally
	the rest of the examples use single quotes (') instead of double quotes
	(") so standardized that.

	Fix test failure when no IPv6 is avail
	When the system doesn't have IPv6 available (e.g. not built into the
	kernel or the module isn't loaded), you can not create an IPv6 socket.
	The test determines earlier on that IPv6 isn't available then goes and
	creates a socket. This makes socket creation conditional on IPv6
	availability.

2012-07-23  Osier Yang  <jyang@redhat.com>

	Desert the FSF address in copyright
	Per the FSF address could be changed from time to time, and GNU
	recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)

	  You should have received a copy of the GNU General Public License
	  along with Foobar.  If not, see <http://www.gnu.org/licenses/>.

	This patch removes the explicit FSF address, and uses above instead
	(of course, with inserting 'Lesser' before 'General').

	Except a bunch of files for security driver, all others are changed
	automatically, the copyright for securify files are not complete,
	that's why to do it manually:

	  src/security/security_selinux.h
	  src/security/security_driver.h
	  src/security/security_selinux.c
	  src/security/security_apparmor.h
	  src/security/security_apparmor.c
	  src/security/security_driver.c

2012-07-21  Ata E Husain Bohra  <ata.husain@hotmail.com>

	ESX: Fix ESX_VI__TEMPLATE__DYNAMIC_DEEP_COPY
	Fix addresses two issues:
	1. Fix generator code to allow deep copy operation for objects with
	   Dynamic_Cast capabilities.
	2. Add missing deep copy routine to Long datatype.

2012-07-21  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmx: handle shared folders parsing
	This patch adds support for parsing vmx files with
	shared folders enabled.

	Update test suite accordingly.

2012-07-21  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmx: handle shared folders formatting
	This patch adds support for generating vmx files with
	shared folders enabled.

	Update test suite accordingly.

2012-07-20  Eric Blake  <eblake@redhat.com>

	tests: reduce length of nodeinfodata test names
	Commit ddd6bef4 switched to the ustar format to fix an issue where
	'make dist' fails to create a tarball because we have files with
	relative names longer than 100 bytes by the time you include a
	'libvirt-0.9.13' prefix.  Unfortunately, even with ustar format,
	the use of 'tar -ch' tries to convert symlinks to hard links,
	also with a name too long (omitting the -h works, but automake
	automatically passes -h); such symlinks were added in commit
	6dcf98c, which resulted in 'make dist' breaking again.  The
	solution is to rename the offending symlinks to something shorter,
	by shortening the entire nodeinfodata naming scheme.

	* tests/nodeinfotest.c (mymain): Shorten test names.
	(linuxTestNodeInfo): Accommodate new names.
	* tests/nodeinfodata/*: Rename files accordingly.

2012-07-20  Eric Blake  <eblake@redhat.com>

	tests: avoid seclabeltest crash
	Commit a56c347 introduced a use of random numbers into seclabel
	handling, but failed to initialize the random number generator
	in the testsuite.  Also, fail with usual status, not 255.

	* tests/seclabeltest.c (main): Initialize randomness.

2012-07-20  Guido Günther  <agx@sigxcpu.org>

	openvz: Implement domainGetHostname

	openvz: Add openvzVEGetStringParam
	to retrieve a VEs config parameters as a single string. This will be
	used by the upcoming domainGetHostname implementation.

	remote: Provide RPC call for domainGetHostname

	virsh: Add domhostname
	to query the guest's hostname.

	Add virDomainGetHostname
	to query a guests's hostname. Containers like LXC and OpenVZ allow to
	set a hostname different from the hosts name and QEMU's guest agent
	could provide similar functionality.

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Report 'errno' in int1 field of virErrorPtr
	When reporting a system error (VIR_ERR_SYSTEM_ERROR) via
	virReportSystemError, we should copy the errno value into
	the 'int1' field of the virErrorPtr struct. This allows
	callers to detect certain errno conditions & discard the
	error

	* src/util/virterror.c: Place errno value in int1 field

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Only enforce check for YAJL when starting a VM
	The previous check for YAJL would have many undesirable
	consequences, the most important being that it caused the
	capabilities XML to lose all <guest> elements. There is
	no user visible feedback as to what is wrong in this respect,
	merely a syslog message. The empty capabilities causes
	libvirtd to then throw away all guest XML configs that are
	stored.

	This changes the code so that the check for YAJL is only
	performed at the time we attempt to spawn a QEMU process

	error: Failed to start domain vm-vnc
	error: unsupported configuration: this qemu binary requires libvirt to be compiled with yajl

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Use a hash table for storing MCS labels
	Instead of using an O(n) efficiency linked list for storing
	MCS labels, use a hash table. Instead of having the list
	be global, put it in the SELinux driver private data struct
	to ensure uniqueness across different instances of the driver.
	This also ensures thread safety when multiple hypervisor
	drivers are used in the same libvirtd process

	Fix error handling when adding MCS labels
	When adding MCS labels, OOM was not being handled correctly.
	In addition when reserving an existing label, no check was
	made to see if it was already reserved

	Use standard naming prefix for SELinux driver function names
	The function names in the SELinux driver all start with
	SELinux or 'mcs' as a prefix. Sanitize this so that they
	all use 'virSecuritySELinux' as the prefix

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Disable NWFilter driver completely when unprivileged
	Running libvirtd unprivileged results in a warning message from
	the NWFilter driver

	  virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory

	Since it requires privileged network access, this driver should
	not even run when unprivileged.

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of custom macros with virReportError in the Xen drivers
	Update the legacy Xen drivers to use virReportError instead of
	the statsError, virXenInotifyError, virXenStoreError,
	virXendError, xenUnifiedError, xenXMError custom macros

	Make sure xenHypervisorInit correctly reports errors
	The xenHypervisorInit method was called from two different
	locations, during initial driver registration and also while
	opening a Xen connection. The former can't report any useful
	errors to the end user/app, so remove it. To ensure thread
	safety use a VIR_ONCE_GLOBAL_INIT call to invoke
	xenHypervisorInit from the xenHypervisorOpen method.

	Ensure failure to talk to Xen hypervisor is fatal when privileged
	As per the comment, the Xen hypervisor driver is considered to
	be mandatory when running privileged. When it fails to open,
	we should thus return an error, not ignore it.

	Using virOnce for global initialization is desirable since it ensures that initialization will always take place when it is needed, and guarantees it only occurs once. The problem is that the code to setup a global initializer with proper error propagation is tedious. This introduces VIR_ONCE_GLOBAL_INIT macro to simplify this.

	Replace use of VMX_ERROR with virReportError
	Update the VMX shared code to use virReportError instead of
	the VMX_ERROR custom macro

	Replace use of virNetError with virReportError
	Update the libvirtd dispatch code to use virReportError
	instead of the virNetError custom macro

	Replace use of virConfError with virReportError
	Update the libvirtd config handling code to use virReportError
	instead of the virConfError custom macro

	Replace use of nodeReportError with virReportError
	Update the nodeinfo helper code to use virReportError instead
	of the nodeReportError custom macro

	Replace use of virSecurityReportError with virReportError
	Update the security drivers to use virReportError instead of
	the virSecurityReportError custom macro

	Replace use of PHYP_ERROR with virReportError
	Update the Power-Hypervisor driver to use virReportError
	instead of the PHYP_ERROR custom macro

	Replace use of HYPERV_ERROR with virReportError
	Update the Hyper-V driver to use virReportError instead
	of the HYPERV_ERROR custom macro

	Replace use of ESX_ERROR & ESX_VI_ERROR with virReportError
	Update the ESX driver to use virReportError instead of
	the ESX_ERROR & ESX_VI_ERROR custom macros

	Replace use of virLockError with virReportError
	Update the lock manager drivers to use virReportError instead
	of the virLockError custom macro

	Replace use of libxlError with virReportError
	Update the libxl driver to use virReportError instead of
	the libxlError custom macro

2012-07-20  Jiri Denemark  <jdenemar@redhat.com>

	Add missing "%s" format string to constant error messages in lock manager
	Updates the lock manager code so that it passes "%s" as the format
	string whenever raising an error message with a const string.

	Add missing "%s" format string to constant error messages in libxl driver
	Updates the libxl driver code so that it passes "%s" as the format
	string whenever raising an error message with a const string.

2012-07-20  Gao feng  <gaofeng@cn.fujitsu.com>

	Make the 'lxc_driver' global variable non-static
	The 'lxc_driver' global variable is now used from several of
	the LXC sources files. Thus it needs to be non-static to
	avoid runtime linkage errors

2012-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of streamsReportError with virReportError
	Update the streams code to use virReportError instead of
	the streamsReportError custom macro

	Replace use of remoteError with virReportError
	Update the remote driver to use virReportError instead of
	the remoteError custom macro

	Replace use of XENXS_ERROR with virReportError
	Update the XenXS shared code to use virReportError instead
	of the XENXS_ERROR custom macro

	Replace use of openvzError with virReportError
	Update the OpenVZ driver to use virReportError instead of
	the openvzError custom macro

	Fix Xen driver to have sensible error messages
	The Xen driver had a number of error reports which passed a
	constant string without format specifiers and was missing
	"%s". Furthermore the errors were related to failing system
	calls, but virReportSystemError was not used. So the only
	useful piece of info (the errno) was being discarded

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Move LXC process management code into separate file
	Move all the code that manages stop/start of LXC processes
	into separate lxc_process.{c,h} file to make the lxc_driver.c
	file smaller

	Move cgroup setup code out of lxc_controller.c
	Move the cgroup setup code out of the lxc_controller.c file
	and into lxc_cgroup.{c,h}. This reduces the size of the
	lxc_controller.c file and paves the way to invoke cgroup
	setup from lxc_driver.c instead of lxc_controller.c in the
	future

	Move LXC domain private data into separate file
	Move the LXC driver code related to the virDomainObjPtr
	private data into separate lxc_domain.{c,h} files
	to reduce the size of lxc_driver.c

	Replace use of vmwareError with virReportError
	Update the VMWare driver to use virReportError instead of
	the vmwareError custom macro

	Replace use of virCPUReportError with virReportError
	Update the CPU helper APIs to use virReportError instead
	of the virCPUReportError custom macor

	Replace use of testError with virReportError
	Update the test driver to use virReportError instead of the
	testError custom macro

	Replace use of vboxError with virReportError
	Update the VirtualBox driver to use virReportError instead of
	the vboxError custom macro

	Replace use of xenapiError with virReportError
	Update the XenAPI driver to use virReportError instead of
	the xenapiError custom macro

	Replace use of qemuReportError with virReportError
	Update the QEMU driver to use virReportError instead of
	the qemuReportError custom macro

2012-07-19  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add missing "%s" before translation macros
	This patch cleans up some missing "%s" before translation macros,
	for strings which are const without format specifiers

2012-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of umlReportError with virReportError
	Update the UML driver to use virReportError instead of the
	umlReportError custom macro

	Add lots of internal symbols to libvirt_private.syms
	Make sure that libvirt_private.syms has all the internal symbols
	from APIs in src/rpc/*.h and src/util/cgroup.h, since the LXC
	controller/driver will shortly need them

	Reset the 'quit' flag in virNetServerRun
	To allow virNetServerRun/virNetServerQuit to be invoked multiple
	times, we must reset the 'quit' flag in virNetServerRun

	If in delay close mode for an RPC client, don't read further data
	In the delayed close mode, we're just waiting for final data to
	be written back to the client. While waiting, we should not
	bother to read more data from the client.

	Don't autostart domains when reloading config
	When sending SIGHUP to libvirtd, it will trigger the virStateDriver
	reload operation. This is intended to reload the configuration files
	for guests. For unknown historical reasons this is also triggering
	autostart of all guests. Autostart is generally expected to be
	something that happens on OS startup. Starting VMs on SIGHUP will
	violate that expectation and potentially cause dangerous scenarios
	if the admin has explicitly shutdown a misbehaving VM that has
	been marked as autostart

	Add missing deps on driver modules in libvirt RPM
	Turning on the building of driver modules in libvirt.spec.in
	means that installing 'libvirt' no longer pulls in all the
	drivers. For upgrade compatibility we need to list all drivers
	module sub-RPMs against the 'libvirt' RPM.

	Replace use of networkReportError with virReportError
	Update the linux bridge driver to use virReportError instead
	of the networkReportError custom macro

2012-07-19  Guannan Ren  <gren@redhat.com>

	rpc: remove trailing whitespace character in error string
	Instead of only removing the ending newline character, it is
	better to remove all of standard whitespace character for the
	sake of log format.

	One example that we have to do this is:
	After three times incorrect password input, virsh command
	virsh -c qemu://remoteserver/system will report error like:

	: Connection reset by peerey,gssapi-keyex,gssapi-with-mic,password).

	But it should be:
	Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
	: Connection reset by peer

	The reason is that we dropped the newline, but have a '\r' left.
	The terminal interprets it as "move the cursor back to the start
	of the current line", so the error string is messed up.

2012-07-19  Eric Blake  <eblake@redhat.com>

	po: avoid spurious double spaces in messages
	Noticed during the recent error cleanups.

	* src/network/bridge_driver.c (networkStartRadvd): Fix spacing.
	* src/openvz/openvz_conf.c (openvzReadMemConf): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainDetachNetDevice): Likewise.
	* src/qemu/qemu_process.c (qemuProcessStop): Likewise.
	* src/security/virt-aa-helper.c (vah_add_file): Likewise.

2012-07-19  Eric Blake  <eblake@redhat.com>

	build: fix compilation without struct ifreq
	Detected on Cygwin.  Broken in commit 387117ad.

	* src/util/virnetdev.c (virNetDevValidateConfig)
	(virNetDevReplaceNetConfig): Fix prototypes.
	* src/util/virnetlink.c (virNetlinkEventAddClient)
	(virNetlinkEventRemoveClient): Likewise.

2012-07-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix esxVI_String_Deserialize
	It was broken since forever as it expected a libxml2
	XML_ELEMENT_NODE containing a XML_TEXT_NODE instead of
	just a XML_TEXT_NODE.

	This problem was not discovered for so long because
	esxVI_String_Deserialize was not used until now.

	Reported by Ata Bohra

2012-07-19  Eric Blake  <eblake@redhat.com>

	nodeinfo: deal with offline cpus in a node
	Commit 80533ca forgot to think about offline cpus.  When a node
	cpu is offline, then its topology/ subdirectory is not present,
	leading to spurious error messages leaked to the user such as:

	libvir:  error : cannot open /home/dummy/libvirt/tests/nodeinfodata/linux-nodeinfo-sysfs-test-6/node/node0/cpu7/topology/physical_package_id: No such file or directory

	Fix that, as well as test it; the test data is gathered from a
	machine with one NUMA node, hyperthreading, and with 2 of the
	8 cpus offline.

	* src/nodeinfo.c (virNodeParseNode): Don't parse topology of
	offline cpus.
	* tests/nodeinfotest.c (mymain): Run new test.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-6*: New data.

2012-07-18  Eric Blake  <eblake@redhat.com>

	maint: add mailmap entry for Dan Walsh
	As confirmed with Dan on IRC.

	* .mailmap: List Dan's preferred 'shortlog' name.

2012-07-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Extend esxVI_CURL_Download for partial downloads
	Also ensure that the virBuffer used to store the downloaded data
	does not overflow.

2012-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of interfaceReportError with virReportError
	Update the netcf driver to use virReportError instead of the
	interfaceReportError custom macro

	Replace use of virNWFilterReportError with virReportError
	Update the network filter driver to use virReportError instead
	of the virNWFilterReportError custom macro

	Add missing "%s" with constant string error message in nwfilter_dhcpsnoop.c

2012-07-18  Dan Walsh  <dwalsh@redhat.com>

	lxcContainerMountCGroups also mounts a tmpfs that needs to be labeled.
	This patch passes down the sec_mount_options to the
	lxcContainerMountCGroups function and then mounts the tmpfs with
	the correct label.

2012-07-18  Sebastian Wiedenroth  <wiedi@frubar.net>

	Add a sheepdog backend for the storage driver
	This patch brings support to manage sheepdog pools and volumes to libvirt.
	It uses the "collie" command-line utility that comes with sheepdog for that.

	A sheepdog pool in libvirt maps to a sheepdog cluster.
	It needs a host and port to connect to, which in most cases
	is just going to be the default of localhost on port 7000.

	A sheepdog volume in libvirt maps to a sheepdog vdi.
	To create one specify the pool, a name and the capacity.
	Volumes can also be resized later.

	In the volume XML the vdi name has to be put into the <target><path>.
	To use the volume as a disk source for virtual machines specify
	the vdi name as "name" attribute of the <source>.
	The host and port information from the pool are specified inside the host tag.

	  <disk type='network'>
	    ...
	    <source protocol="sheepdog" name="vdi_name">
	      <host name="localhost" port="7000"/>
	    </source>
	  </disk>

	To work right this patch parses the output of collie,
	so it relies on the raw output option. There recently was a bug which caused
	size information to be reported wrong. This is fixed upstream already and
	will be in the next release.

2012-07-18  Daniel J Walsh  <dwalsh@redhat.com>

	Mount all tmpfs filesystems with correct SELinux label
	Basically within a Secure Linux Container (virt-sandbox) we want all content
	that the process within the container can write to be labeled the same.  We
	are labeling the physical disk correctly but when we create "RAM" based file
	systems
	libvirt is not labeling them, and they are defaulting to tmpfs_t, which will
	will not allow the processes to write.  This patch labels the RAM based file
	systems correctly.

2012-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Replace use of virNodeDeviceReportError with virReportError
	Update the node device driver to use virReportError instead of
	the virNodeDeviceReportError custom macro

	Replace use of virSecretReportError with virReportError
	Update the secret driver to use virReportError instead of the
	virSecretReportError custom macro

	Replace use of virStorageReportError with virReportError
	Update the storage driver to use virReportError instead of
	the virStorageReportError custom macro

	Add missing "%s" format to const error message in RBD storage driver
	When passing a const message string to the error reporting APIs
	RBD forgot to use "%s" to avoid GCC format string warnings

	Convert all files in src/conf/ to use virReportError()
	This removes all the per-file error reporting macros
	from the code in src/conf/

	Add missing _(...) around 2 error messages in test driver

	Fix parameter passed with VIR_ERR_INVALID_ARG in sanlock driver
	The VIR_ERR_INVALID_ARG is typically given the function name
	via __FUNCTION__

	Convert all files in src/rpc/ to use virReportError()
	This rmoves all the per-file error reporting macros
	from the code in src/rpc/

	Convert (nearly) all files in src/util/ to use virReportError()
	This removes nearly all the per-file error reporting macros
	from the code in src/util/. A few custom macros remain for the
	case, where the file needs to report errors with a variety of
	different codes or parameters

	Fix bogus cast to (int) in virNetServerMDNSTimeoutNew
	The virNetServerMDNSTimeoutNew method was casting a long long
	to an int when reporting errors. This should just be using
	%lld instead of %d, avoiding the need to cast

	Add missing "%s" with constant string error message in stats_linux.c

	Remove newline from end of error message in virnodesuspend.c

	Add _(...) around two error messages in src/util/
	The virnetdevtap.c and viruri.c files had two error report
	messages which were not annotated with _(...)

2012-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Introduce virReportError macro for general error reporting
	Nearly every source file does something like

	  #define VIR_FROM_THIS VIR_FROM_FOO
	  #define virFooReportErorr(code, ...) \
	     virReportErrorHelper(VIR_FROM_THIS, code,  __FILE__,    \
	                          __FUNCTION__, __LINE__, \
	                          __VA_ARGS__)

	This creates needless duplication and inconsistent error
	reporting function names in each file. It is trivial to
	just have virterror_internal.h provide a virReportError
	macro that is equivalent

	* src/util/virterror_internal.h: Define virReportError(code, ...)

2012-07-17  Jiri Denemark  <jdenemar@redhat.com>

	remote: Fix locking in stream APIs
	Remote driver needs to make sure the driver lock is released before
	entering client IO loop as that may block indefinitely in poll(). As a
	direct consequence of not following this in stream APIs, tunneled
	migration to a destination host which becomes non-responding may block
	qemu driver. Luckily, if keepalive is turned for p2p migrations, both
	remote and qemu drivers will get automagically unblocked after keepalive
	timeout.

	xenapi: Convert to virMacAddr

2012-07-17  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Convert to virMacAddrPtr not virMacAddrPtr*
	My previous patch wasn't complete as it converted from
	(unsigned char *) to (virMacAddrPtr *). It should be
	(virMacAddrPtr) only.

	nwfilter: Convert to virMacAddrPtr completely
	The previous commit (387117ad92) was incomplete leaving those
	who does not use libpcap with uncompilable sources beacuse
	of incomplete conversion of virNWFilterDHCPSnoopReq function.

2012-07-17  Cole Robinson  <crobinso@redhat.com>

	configure: rbd doesn't need -lcrypto
	See https://www.redhat.com/archives/libvir-list/2012-July/msg00493.html

	Basically building against librbd doesn't seem to actually require -lcrypto.

	Also report the rbd linker flags in configure output

2012-07-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Convert 'raw MAC address' usages to use virMacAddr
	Introduce new members in the virMacAddr 'class'
	- virMacAddrSet: set virMacAddr from a virMacAddr
	- virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer
	- virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer
	- virMacAddrCmp: comparing two virMacAddr
	- virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer

	then replace raw MAC addresses by replacing

	- 'unsigned char *' with virMacAddrPtr
	- 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr

	and introduce usage of above functions where necessary.

2012-07-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Do not fail virConnectCompareCPU if host CPU is not known
	When host CPU could not be properly detected, virConnectCompareCPU will
	just report that any CPU is incompatible with host CPU instead of
	failing.

2012-07-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix probing for guest capabilities
	Even though qemu-kvm binaries can be used in TCG mode, libvirt would
	only detect them if /dev/kvm was available. Thus, one would need to make
	a /usr/bin/qemu symlink to be able to use TCG mode with qemu-kvm in an
	environment without KVM support.

	And even though QEMU is able to make use of KVM, libvirt would not
	advertise KVM support unless there was a qemu-kvm symlink available.

	This patch fixes both issues.

2012-07-16  Michal Privoznik  <mprivozn@redhat.com>

	docs: Improve patch submission guidelines
	We should really advise (new) developers to send rebased patches
	that apply cleanly and use git-send-email rather than all other
	obscure ways.

2012-07-14  Daniel P. Berrange  <berrange@redhat.com>

	Wire up handling for QMP's BALLOON_EVENT
	If QEMU supports the BALLOON_EVENT QMP event, then we can
	avoid invoking 'query-balloon' when returning XML or the
	domain info.

	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h:
	  Add QEMU_CAPS_BALLOON_EVENT
	* src/qemu/qemu_driver.c: Skip query-balloon in
	  qemudDomainGetInfo and qemuDomainGetXMLDesc if we have
	  QEMU_CAPS_BALLOON_EVENT set
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Check
	  for BALLOON_EVENT at connect to monitor. Add callback
	  for balloon change notifications
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h:
	  Add handling of BALLOON_EVENT and impl 'query-events'
	  check

2012-07-14  Daniel P. Berrange  <berrange@redhat.com>

	Define public API for receiving guest memory balloon events
	When the guest changes its memory balloon applications may want
	to know what the new value is, without having to periodically
	poll on XML / domain info. Introduce a "balloon change" event
	to let apps see this

	* include/libvirt/libvirt.h.in: Define the
	  virConnectDomainEventBalloonChangeCallback callback
	  and VIR_DOMAIN_EVENT_ID_BALLOON_CHANGE constant
	* python/libvirt-override-virConnect.py,
	  python/libvirt-override.c: Wire up helpers for new event
	* daemon/remote.c: Helper for serializing balloon event
	* examples/domain-events/events-c/event-test.c,
	  examples/domain-events/events-python/event-test.py: Add
	  example of balloon event usage
	* src/conf/domain_event.c, src/conf/domain_event.h: Handling
	  of balloon events
	* src/remote/remote_driver.c: Add handler of balloon events
	* src/remote/remote_protocol.x: Define wire protocol for
	  balloon events
	* src/remote_protocol-structs: Likewise.

2012-07-13  Chuck Short  <chuck.short@canonical.com>

	ARMHF: CPU Support for armhf.
	Adding CPU encoder/decoder for armhf to avoid runtime error messages.

2012-07-13  Hu Tao  <hutao@cn.fujitsu.com>

	fix failure when building with --disable-debug
	When building with --disable-debug, VIR_DEBUG expands to a nop.
	But parameters to VIR_DEBUG can be variables that are passed only
	to VIR_DEBUG. In the case the building system complains about unused
	variables.

2012-07-13  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	virsh: remove unnecessary sleep for nodecpustats --percent
	Fix for a minor issue:
	the sleep(1) statement was called twice,
	effectively doubling the elapsed time
	execution "virsh nodecpustats --percent".

2012-07-13  Jiri Denemark  <jdenemar@redhat.com>

	Clarify direct migration
	When --direct is used when migrating a domain running on a hypervisor
	that does not support direct migration (such as QEMU), the caller would
	get the following error message:

	    this function is not supported by the connection driver:
	    virDomainMigrateToURI2

	which is a complete nonsense since qemu driver implements
	virDomainMigrateToURI2. This patch would emit a more sensible error in
	this case:

	    Requested operation is not valid: direct migration is not supported
	    by the connection driver

2012-07-12  Christophe Fergeau  <cfergeau@redhat.com>

	Fix daemon auto-spawning
	Commit 32a9aac switched libvirt to use the XDG base directories
	to locate most of its data/config. In particular, the per-user socket
	for qemu:///session is now stored in the XDG runtime directory.
	This directory is located by looking at the XDG_RUNTIME_DIR environment
	variable, with a fallback to ~/.cache/libvirt if this variable is not
	set.

	When the daemon is autospawned because a client application wants
	to use qemu:///session, the daemon is ran in a clean environment
	which does not contain XDG_RUNTIME_DIR. It will create its socket
	in ~/.cache/libvirt. If the client application has XDG_RUNTIME_DIR
	set, it will not look for the socket in the fallback place, and will
	fail to connect to the autospawned daemon.

	This patch adds XDG_RUNTIME_DIR to the daemon environment before
	auto-starting it. I've done this in virNetSocketForkDaemon rather
	than in virCommandAddEnvPassCommon as I wasn't sure we want to pass
	these variables to other commands libvirt spawns. XDG_CACHE_HOME
	and XDG_CONFIG_HOME are also added to the daemon env as it makes use
	of those as well.

2012-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Support creation of sparse LVM volumes
	When calling 'lvcreate' if specifying both the '-L' and
	'--virtualsize' options, the latter will be treated as
	the capacity and the former as the allocation. This can
	be used to support sparse volume creation. In addition,
	when listing volumes it is necessary to include the 'size'
	field in lvs output, so that we can detect sparse volume
	allocation correctly.

	Remove all use of virRun in storage code
	To make it easier to dynamically change the command line ARGV,
	switch all storage code over to use virCommandPtr APIs for
	running programs

2012-07-11  Guido Günther  <agx@sigxcpu.org>

	virsh: remove extra space between function name and opening brace
	to match our CodingStyle.

2012-07-11  Sascha Peilicke  <saschpe@suse.de>

	Fix directory removal in filesystem storage driver
	Fix the virStorageBackendFileSystemVolDelete method to not use
	unlink() unconditionally. It must use rmdir() for volumes which
	are directories. It should also raise an error if given a volume
	which has the network/block type.

2012-07-11  Osier Yang  <jyang@redhat.com>

	storage: Default pool permission mode to 0755
	Per the typical use of libvirt is to fork the qemu process with
	qemu:qemu. Setting the pool permission mode as 0700 by default
	will prevent the guest start with permission reason.

	Define macro for the default pool and vol permission modes
	incidentally.

2012-07-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix shutdown of LXC controller
	Since we are not yet using the virNetServerPtr object for running
	the event loop, we can't use virNetServerQuit(). Instead set the
	global 'quit' flag in libvirt_lxc

2012-07-11  Peter Krempa  <pkrempa@redhat.com>

	test: Add test case for nodeinfotest if host machine doesn't have NUMA
	Test filling of nodeinfo structure if /sys/devices/system/node does not
	exist. (Based on dump from a real machine)

	test: Add new test case for nodeinfotest
	This patch adds test data that describe a machine that has two physical
	processors that don't share same core id's on their cores. On this data
	the "virsh nodeinfo" reported that the machine had 10 cores per socket
	while the processor had only 8. (Before fixing nodeinfo gathering code).

2012-07-11  Peter Krempa  <pkrempa@redhat.com>

	nodeinfo: Fix gathering of nodeinfo data structure
	This patch changes the way data to fill the nodeinfo structure are
	gathered. We've gathere the test data by iterating processors an sockets
	separately from nodes. The reported data was based solely on information
	about core id. Problems arise when eg cores in mulit-processor machines
	don't have same id's on both processors or maybe one physical processor
	contains more NUMA nodes.

	This patch changes the approach how we detect processors and nodes. Now
	we start at enumerating nodes and for each node processors, sockets and
	threads are enumerated separately. This approach provides acurate data
	that comply to docs about the nodeinfo structure. This also enables to
	get rid of hacks: see commits 10d9038b744a69c8d4bd29c2e8c012a097481586,
	ac9dd4a676f21b5e3ca6dbe0526f2a6709072beb. (Those changes in nodeinfo.c
	are efectively reverted by this patch).

	This patch also changes output of one of the tests, as the processor
	topology is now acquired more precisely.

2012-07-11  Peter Krempa  <pkrempa@redhat.com>

	nodeinfo_test: Enhance test data before changing nodeinfo gathering
	This patch adds test data needed by the new way node information will be
	gathered. This patch adds symlinks to cpu cores to their corresponding
	node directory.

2012-07-11  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Adding testcases for s390
	Add minimal s390-virtio domain testcase and testcases for virtio serial,
	net, disk for the virtio-s390 bus.

	S390: Domain Schema for s390-virtio machines.
	Added s390-virtio machine type to the XML schema for domains in order
	to not fail the domain schema tests.

2012-07-11  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Add support for virtio-s390 devices.
	The s390(x) architecture doesn't feature a PCI bus. For the purpose of
	supporting virtio devices a virtual bus called virtio-s390 is used.
	A new address type VIR_DOMAIN_DEVICE_ADDRESS_TYPE_VIRTIO_S390 is used to
	distinguish the virtio devices on s390 from PCI-based virtio devices.

	V3 Change: updated QEMU_CAPS_VIRTIO_S390 to fit upstream.

2012-07-11  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Change tests to use (modified) qemuDomainAssignAddresses
	Rewrote the device assignment parts in tests to use qemuDomainAssignAddresses.
	This way the tests will work for new device address types as they show
	up in the future (like s390 device types).

2012-07-11  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	qemu: Extended qemuDomainAssignAddresses to be callable from everywhere.
	This is in preparation of the enablement of s390 guests with virtio devices.

	The assignment of device addresses happens in different places, i.e. the
	qemu driver and process modules as well as in the unit tests in slightly
	different flavors. Currently, these are PPC spapr-vio and PCI
	devices, virtio-s390 (not PCI based) will follow.

	By optionally passing to qemuDomainAssignAddresses the domain
	object and the capabilities it is now possible to call the function
	from most of the places (except for hotplug) where address assignment
	is done.

2012-07-11  Guido Günther  <agx@sigxcpu.org>

	openvz: Handle domain obj hash map errors
	This makes the driver fail with a clear error message in case of UUID
	collisions (for example if somebody copied a container configuration
	without updating the UUID) and also raises an error on other hash map
	failures.

	OpenVZ itself doesn't complain about duplicate UUIDs since this
	parameter is only used by libvirt.

2012-07-11  Christophe Fergeau  <cfergeau@redhat.com>

	Fix /domain/features setting in qemuParseCommandLine
	Commit 5e6ce1 moved down detection of the ACPI feature in
	qemuParseCommandLine. However, when ACPI is detected, it clears
	all feature flags in def->features to only set ACPI. This used to
	be fine because this was the first place were def->features was set,
	but after the move this is no longer necessarily true because this
	block comes before the ACPI check:

	if (strstr(def->emulator, "kvm")) {
	    def->virtType = VIR_DOMAIN_VIRT_KVM;
	    def->features |= (1 << VIR_DOMAIN_FEATURE_PAE);
	}

	Since def is allocated in qemuParseCommandLine using VIR_ALLOC, we
	can always use |= when modifying def->features

2012-07-10  Eric Blake  <eblake@redhat.com>

	build: detect all improper uses of _("%s")
	The only useful translation of "%s" as a format string is "%s" (I
	suppose you could claim "%1$s" is also valid, but why bother).  So
	it is not worth translating; fixing this exposes some instances
	where we were failing to translate real error messages.  This makes
	the fix of commit 097da1ab more generic, as well as ensuring no
	future regressions.

	* cfg.mk (sc_prohibit_useless_translation): New rule.
	* src/lxc/lxc_driver.c (lxcSetVcpuBWLive): Fix offender.
	* src/openvz/openvz_conf.c (openvzReadFSConf): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupCgroupForVcpu): Likewise.
	* src/qemu/qemu_driver.c (qemuSetVcpusBWLive): Likewise.
	* src/xenapi/xenapi_utils.c (xenapiSessionErrorHandle): Likewise.

2012-07-10  Jim Fehlig  <jfehlig@suse.com>

	systemd: start libvirtd after network
	Domains configured with autostart may fail to start if the host
	network stack has not been started.  E.g. when using bridged
	networking autostarting a domain can fail with

	libvirtd[1403]: 2012-06-20 13:23:49.833+0000: 1485: error :
	qemuAutostartDomain:177 : Failed to autostart VM 'test': Cannot get
	interface MTU on 'br0': No such device

2012-07-10  Osier Yang  <jyang@redhat.com>

	util: Use current uid and gid if they are passed as -1 for virDirCreate
	All the callers of virDirCreate are updated incidentally.

	virsh: Ensure the parents of the readline history path exists
	Instead of changing the existed virFileMakePath to accept mode
	argument and modifying a pile of its uses, this patch introduces
	virFileMakePathWithMode, and use it instead of mkdir() to create
	the readline history dir.

2012-07-10  Hendrik Schwartke  <hendrik@os-t.de>

	docs: added description of the vendor_id attribute

2012-07-10  tangchen  <tangchen@cn.fujitsu.com>

	Fix a string format bug in qemu_cgroup.c

2012-07-10  Eric Blake  <eblake@redhat.com>

	maint: revert gnulib update, until fixed automake is in more distros
	The previous commit (56f34e5) accidentally bumped to latest gnulib,
	but that adds a syntax check for CVE-2012-3386 that won't be fixed
	until Automake 1.11.6/1.12.2 lands in more distros.

	* .gnulib: Undo accidental commit.

2012-07-09  Eric Blake  <eblake@redhat.com>

	build: fix typo that breaks non-Linux builds
	Commit 9612e4b2 introduced a typo and unused variable that break
	non-Linux builds.

	* src/util/virfile.c (virFileLoopDeviceAssociate): Fix syntax error.

2012-07-09  Eric Blake  <eblake@redhat.com>

	maint: update preferred contributor name
	Based on off-list discussion with Royce.

	* AUTHORS: Update to Royce Lv's preferred anglicized name.
	* .mailmap: Likewise.

2012-07-09  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clarify documentation for virsh dompmsuspend command
	Clarify the docs to make more clear what this command does and that it
	requires a guest agent running in the guest.

	storage_backend_fs: Allocate entry for host before accessing it
	Commit 122fa379de44a2fd0a6d5fbcb634535d647ada17 introduces option to
	store more than one host entry in a storage pool source definition. That
	commit causes a regression, where a check is added that only one host
	entry should be present (that actualy is not present as the source
	structure was just allocated and zeroed) instead of allocating memory
	for the host entry.

	storage_backend_fs: Don't free a part of a structure on error
	As the storage pool sources are stored in a list of structs, the pointer
	returned by virStoragePoolSourceListNewSource() shouldn't be freed as it
	points in the middle of a memory block. This combined with a regression
	that takes the error path every time on caused a double-free abort on
	the src struct in question.

	storage_conf: Break long line and polish coding style

2012-07-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Wrap libcurl multi handle

2012-07-05  Daniel P. Berrange  <berrange@redhat.com>

	Only ummount /proc, /sys, /dev if the root source is '/'
	Previous commits added code to unmount the existing /proc,
	/sys and /dev hierarchies on the root filesystem of the
	container. This should only have been done if the container's
	root filesystem was the same as the host's root. ie if
	the root source is '/'.   As it is, this causes LXC containersr
	to fail to start if their root source is not '/'

2012-07-05  Daniel Veillard  <veillard@redhat.com>

	Fix one test regression on auth Ceph support
	The extra data need to be added to one test case

2012-07-05  Daniel P. Berrange  <berrange@redhat.com>

	Switch to using virNetServer APIs for monitor socket
	In preparation for introducing a full RPC protocol for
	libvirt_lxc, switch over to using the virNetServer APIs
	for the monitor connection

	Move loop device setup code into virfile.{c,h}
	While it is not currently used elsewhere in libvirt, the code
	for finding a free loop device & associating a file with it
	is not LXC specific. Move it into the viffile.{c,h} file where
	potentially shared code is more commonly kept.

	Move cgroup objects into virLXCControllerPtr
	Move the cgroup object into virLXCControllerPtr and rename
	all the setup methods to include 'Cgroup' in their name
	if appropriate

	Move monitor into virLXCControllerPtr
	Move the monitor FDs into the virLXCControllerPtr object
	removing the need for the 'struct lxcMonitor' object

	Move /dev/pts setup out of virLXCControllerRun
	The virLXCControllerRun method is getting a little too large,
	and about 50% of its code is related to setting up a /dev/pts
	mount. Move the latter out into a dedicated method

	Move security manager into virLXCControllerPtr object
	Move the security manager object into the virLXCControllerPtr
	object. Also simplify the code creating it in the first place

	Move loop device FDs into virLXCControllerPtr object
	Move the list of loop device FDs into the virLXCControllerPtr
	object and make sure that virLXCControllerStopInit will
	close them all

	Move daemon handshake FD into virLXCControllerPtr
	Keep the FD used to handshake with the libvirtd daemon in the
	virLXCControllerPtr object.

	Make console handling part of virLXCControllerPtr
	Turn 'struct lxc_console' into virLXCControllerConsolePtr and make it
	a part of virLXCControllerPtr

	Store the init PID in the virLXCController object
	Keep a record of the init PID in the virLXCController object
	and create a virLXCControllerStopInit method for killing this
	process

	Move veth device management into virLXCControllerPtr object
	Move the veth device name state into the virLXCControllerPtr
	object and stop passing it around. Also use size_t instead
	of unsigned int for the array length parameters.

	Introduce a virLXCControllerPtr object to hold LXC controller state
	The LXC controller code is having to pass around an ever increasing
	number of parameters between methods. To make the code more managable
	introduce a virLXCControllerPtr to hold all this state, starting with
	the container name and virDomainDefPtr object

	Avoid build shared source files again for libvirt_lxc
	Currently the build of libvirt_lxc will cause recompilation
	of all sources under src/util, src/conf, src/security and
	more. Switch the libvirt_lxc process to link against the
	libtool convenience libraries that are already built as
	part of the main libvirt.os & libvirtd build process

	Allow RPC server to run single threaded
	Refactor the RPC server dispatcher code so that if 'max_workers==0'
	the entire server will run single threaded. This is useful for
	use cases where there will only ever be 1 client connected
	which serializes its requests

	Add a opaque parameter to the RPC client init callback
	The callback that is invoked when a new RPC client is
	initialized does not have any opaque parameter. Add
	one so that custom data can be passed into the callback

2012-07-05  Wido den Hollander  <wido@widodh.nl>

	qemu: Always set auth_supported for Ceph disks.
	Recently the Ceph project defaulted auth_supported from 'none' to 'cephx'.

	When no auth information was set for Ceph disks this would lead to librados defaulting to
	'cephx', but there would be no additional authorization information.

	We now explicitly set auth_supported to none when passing down arguments to Qemu.

2012-07-04  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix ordering of arguments when calling vshCalloc.
	In vshSnapshotListCollect() vshCalloc was called with swapped nmemb and
	size argument. This caused division by zero in xalloc_oversized as the
	macro doesn't expect size to be zero.

2012-07-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: detect when a domain was shut down from the inside
	This patch adds an internal function vmwareUpdateVMStatus to
	update the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2012-07-04  Peter Krempa  <pkrempa@redhat.com>

	remote: Fill remote parameters in remoteDomainListAllSnapshots()
	This patch fills the domain argument that is sent to the remote side.
	This caused a client segfault as the argument was NULL.

	qemu: Mark domains as having managed state image only on managed save
	QEMU domains were marked as having managed save image even if they were
	saved using the regular save. With this patch, domains are marked so
	only when using managed save API.

2012-07-03  Hendrik Schwartke  <hendrik@os-t.de>

	Added the attribute vendor_id to the cpu model
	Introducing the attribute vendor_id to force the CPUID instruction
	in a kvm guest to return the specified vendor.

2012-07-02  Josh Durgin  <josh.durgin@inktank.com>

	qemu: add rbd to whitelist of migration-safe formats
	QEMU (and librbd) flush the cache on the source before the
	destination starts, and the destination does not read any
	changeable data before that, so live migration with rbd caching
	is safe.

	This makes 'virsh migrate' work with rbd and caching without the
	--unsafe flag.

	Reported-by: Vladimir Bashkirtsev <vladimir@bashkirtsev.com>

2012-07-02  Eric Blake  <eblake@redhat.com>

	maint: use full author name for previous commit
	* .mailmap: Add a name alias.

2012-07-02  lvroyce  <lvroyce@linux.vnet.ibm.com>

	fix key error for qemuMonitorGetBlockStatsInfo
	virDomainBlockStatsFlags can't collect total_time_ns for read/write/flush
	because of key typo when retriveing from qemu cmd result

2012-07-02  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.13
	* configure.ac docs/news.html.in libvirt.spec.in: new version and
	  documentation update
	* po/*.po*: updated and regenerated localizations

2012-06-29  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Cleanup virsh -V output
	Fixed up virsh -V output by removing invalid WITH_PROXY & WITH_ONE
	checks, adding several missing checks, and fixing the DTrace check.

2012-06-29  Eric Blake  <eblake@redhat.com>

	build: use correct limit for unsigned long long
	Reported by Jason Helfman as a build-breaker on FreeBSD.

	* src/conf/domain_conf.c (virDomainFSDefParseXML): Use POSIX
	spelling.
	* src/openvz/openvz_conf.c (openvzReadFSConf): Likewise.

2012-06-29  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix memory leak
	Below patch fixes this coverity report:

	/libvirt/src/conf/nwfilter_conf.c:382:
	leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.

2012-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove sub-mounts under /dev when starting an LXC container
	Since we are mounting a new /dev in the container, we must
	remove any sub-mounts like /dev/shm, /dev/mqueue, etc,
	otherwise they'll be recorded in /proc/mounts, but not be
	accessible to applications.

2012-06-29  Eiichi Tsukata  <eiichi.tsukata.xh@hitachi.com>

	Fix vm's outbound traffic control problem
	Hello,

	This is a patch to fix vm's outbound traffic control problem.

	Currently, vm's outbound traffic control by libvirt doesn't go well.
	This problem was previously discussed at libvir-list ML, however
	it seems that there isn't still any answer to the problem.
	http://www.redhat.com/archives/libvir-list/2011-August/msg00333.html

	I measured Guest(with virtio-net) to Host TCP throughput with the
	command "netperf -H".
	Here are the outbound QoS parameters and the results.

	outbound average rate[kilobytes/s] : Guest to Host throughput[Mbit/s]
	======================================================================
	1024  (8Mbit/s)                    : 4.56
	2048  (16Mbit/s)                   : 3.29
	4096  (32Mbit/s)                   : 3.35
	8192  (64Mbit/s)                   : 3.95
	16384 (128Mbit/s)                  : 4.08
	32768 (256Mbit/s)                  : 3.94
	65536 (512Mbit/s)                  : 3.23

	The outbound traffic goes down unreasonably and is even not controled.

	The cause of this problem is too large mtu value in "tc filter" command run by
	libvirt. The command uses burst value to set mtu and the burst is equal to
	average rate value if it's not set. This value is too large. For example
	if the average rate is set to 1024 kilobytes/s, the mtu value is set to 1024
	kilobytes. That's too large compared to the size of network packets.
	Here libvirt applies tc ingress filter to Host's vnet(tun) device.
	Tc ingress filter is implemented with TBF(Token Buckets Filter) algorithm. TBF
	uses mtu value to calculate the amount of token consumed by each packet. With too
	large mtu value, the token consumption rate is set too large. This leads to
	token starvation and deterioration of TCP throughput.

	Then, should we use the default mtu value 2 kilobytes?
	The anser is No, because Guest with virtio-net device uses 65536 bytes
	as mtu to transmit packets to Host, and the tc filter with the default mtu
	value 2k drops packets whose size is larger than 2k. So, the most packets
	is droped and again leads to deterioration of TCP throughput.

	The appropriate mtu value is 65536 bytes which is equal to the maximum value
	of network interface device defined in <linux/netdevice.h>. The value is
	not so large that it causes token starvation and not so small that it
	drops most packets.
	Therefore this patch set the mtu value to 64kb(== 65535 bytes).

	Again, here are the outbound QoS parameters and the TCP throughput with
	the libvirt patched.

	outbound average rate[kilobytes/s] : Guest to Host throughput[Mbit/s]
	======================================================================
	1024  (8Mbit/s)                    : 8.22
	2048  (16Mbit/s)                   : 16.42
	4096  (32Mbit/s)                   : 32.93
	8192  (64Mbit/s)                   : 66.85
	16384 (128Mbit/s)                  : 133.88
	32768 (256Mbit/s)                  : 271.01
	65536 (512Mbit/s)                  : 547.32

	The outbound traffic conforms to the given limit.

	Thank you,

2012-06-28  Peter Krempa  <pkrempa@redhat.com>

	network_conf: Don't free uninitialized pointers while parsing DNS SRV
	If the user specified invalid protocol type in a network's SRV record
	the error path ended up in freeing uninitialized pointers causing a
	daemon crash.

	*network_conf.c: virNetworkDNSSrvDefParseXML(): initialize local
	                                                variables

2012-06-28  Peter Krempa  <pkrempa@redhat.com>

	conf: Don't shadow error from virGetDomain()
	virGetDomain() does a good job of reporting errors itself. This patch
	removes shadowing of that error in virDomainListPopulate().

	maint: include ignore-value in internal.h
	The ignore_value macro is used across libvirt. This patch includes it in
	the internal header and cleans all other includes.

2012-06-28  Peter Krempa  <pkrempa@redhat.com>

	vbox: Add support for virConnectListAllDomains()
	VirtualBox doesn't use the common virDomainObj implementation so this
	patch adds a separate implementation using the VirtualBox API.

	This driver implementation supports all currently defined flags. As
	VirtualBox does not support transient guests, managed save images and
	autostarting we assume all guests are persistent, don't have a managed
	save image and are not autostarted. Filtering for existence of those
	properities results in empty list.

2012-06-28  Osier Yang  <jyang@redhat.com>

	storage: Error out if the target is already mounted for netfs pool
	mnt_fsname can not be the same, as we check the duplicate pool
	sources earlier before, means it can't be the same pool, moreover,
	a pool can't be started if it's already active anyway. So no reason
	to act as success.

2012-06-28  Marc-André Lureau  <marcandre.lureau@gmail.com>

	configure: show correct default argument in help
	Pushed without ack, under the trivial rule.

2012-06-27  Michal Privoznik  <mprivozn@redhat.com>

	events: Don't fail on registering events for two different domains
	virConnectDomainEventRegisterAny() takes a domain as an argument.
	So it should be possible to register the same event (be it
	VIR_DOMAIN_EVENT_ID_LIFECYCLE for example) for two different domains.
	That is, we need to take domain into account when searching for
	duplicate event being already registered.

2012-06-27  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Add domdisplay cmd for VNC, SPICE and RDP
	v2:
	- Refactored to use virBuffer
	- Refactored to use virXPath wrappers
	- Added support for tls-port and password for SPICE
	- Added optional flag to disable SPICE password to the URI
	- Added support for RDP
	- Fixed code reviews

	Add a new 'domdisplay' command that provides a URI for VNC, SPICE and
	RDP connections. Presently the 'vncdisplay' command provides you with
	the port info that QEMU is listening on but there is no counterpart for
	SPICE and RDP. Additionally this provides you with the bind address as
	specified in the XML, which the existing 'vncdisplay' lacks. For SPICE
	connections it supports secure and unsecure channels and optionally
	providing the password for the SPICE channel.

2012-06-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove accidentally added Patch: lines from mingw-libvirt.spec.in

2012-06-27  Christophe Fergeau  <cfergeau@redhat.com>

	doc: fix typo in virDomainDestroy API doc

2012-06-26  Guido Günther  <agx@sigxcpu.org>

	Add /tools/libvirt-guests.service to .gitignore
	since it's an autogenerated file

	Don't install systemd service files executable
	since they aren't. Detected by Debian's lintian.

2012-06-25  Michal Privoznik  <mprivozn@redhat.com>

	AUTHORS: Update
	Latest patchset enabling libvirt on s390(x) was developed by
	  Viktor Mihajlovski   <mihajlov@linux.vnet.ibm.com>
	  Thang Pham           <thang.pham@us.ibm.com>
	Add them to the AUTHORS file.

2012-06-25  Thang Pham  <thang.pham@us.ibm.com>

	S390: Added sysinfo for host on s390(x).
	In order to retrieve some sysinfo data we need to parse /proc/sysinfo and
	/proc/cpuinfo.

2012-06-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Fixed core identification for s390
	For the s390x architecture the sysfs core_id alone is not unique. As a
	result it can happen that libvirt thinks there are less host CPUs available
	than really present.
	Currently, a logical CPU is equivalent to a core for s390x. We therefore
	produce a fake core id from the CPU number.

2012-06-25  Thang Pham  <thang.pham@us.ibm.com>

	S390: Fixed Parser for /proc/cpuinfo needs to be adapted for your architecture
	Minimal CPU "parser" for s390 to avoid compile time warning.

	S390: CPU support for s390(x)
	Adding CPU encoder/decoder for s390 to avoid runtime error messages.

2012-06-25  Viktor Mihajlovski  <mihajlov@linux.vnet.ibm.com>

	S390: Override QEMU_CAPS_NO_ACPI for s390x
	Starting a KVM guest on s390 fails immediately. This is because
	"qemu --help" reports -no-acpi even for the s390(x) architecture but
	-no-acpi isn't supported there.
	Workaround is to remove QEMU_CAPS_NO_ACPI from the capability set
	after the version/capability extraction.

2012-06-25  Wido den Hollander  <wido@widodh.nl>

	storage backend rbd: Do not prefix rbd: on volume names.
	We used to prefix 'rbd:' to volume names, this is not necessary.

	Qemu takes RBD devices in this way, like: qemu -drive rbd:pool/image

	When attaching a network disk like RBD to a guest we however do not use this prefix.

	Currently you can't map a RBD volume name directly to a domain without removing the prefix.

2012-06-25  Osier Yang  <jyang@redhat.com>

	qemu: Improve error if setmem fails for lacking of balloon support
	"cannot set memory of an active domain" is misleading, it sounds
	like setting memory of active domain is not supported.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Include the default listen address in the live guest XML
	If no 'listen' attribute or <listen> element is set in the
	guest XML, the default driver configured listen address is
	used. There is no way to client applications to determine
	what this address is though. When starting the guest, we
	should update the live XML to include this default listen
	address

2012-06-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Introduce --inactive for pool-dumpxml
	Storage is one of the last domains in libvirt where we don't fully
	utilize inactive and live XML. Okay, it might be because we don't
	have support for that. So implement such support. However, we need
	to fallback when talking to old daemon which doesn't support this
	new flag called VIR_STORAGE_XML_INACTIVE.

	storage: Switch to new def on pool-destroy
	Currently, we share the idea of old & new def with domains. Users can
	*-edit an object (domain, pool) which spawns a new internal
	representation for them. This is referenced via
	{domainObj,poolObj}->newDef [compared to ->def]. However, for pool we
	were never overwriting def with newDef. This must be done on
	pool-destroy (like we do analogically in domain detroy).

	sanlock: Properly indent
	One of latest patches (0fce94fe) didn't properly indented #define
	making syntax-check fail.

2012-06-25  Daniel Veillard  <veillard@redhat.com>

	Fix compilation on older sanlock
	Temporary fix since compilation broke with older version of
	sanlock following acbd4965c44c4dbc676dfe89aff970052e376073

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Remove stray debug fprintf in XML parser

2012-06-25  Daniel J Walsh  <dwalsh@redhat.com>

	Support bind mounting host files, as well as directories in LXC
	Currently libvirt-lxc checks to see if the destination exists and is a
	directory.  If it is not a directory then the mount fails.  Since
	libvirt-lxc can bind mount files on an inode, this patch is needed to
	allow us to bind mount files on files.  Currently we want to bind mount
	on top of /etc/machine-id, and /etc/adjtime

	If the destination of the mount point does not exists, it checks if the
	src is a directory and then attempts to create a directory, otherwise it
	creates an empty file for the destination.  The code will then bind mount
	over the destination.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Allow NOCONFIGURE=1 to make autogen.sh skip ./configure
	Sometimes it is useful to re-bootstrap libvirt without running
	through a ./configure invocation immediately. eg if you want
	to run ./configure for Mingw32 rather than native.

	Fix unused parameters / functions in virsh on Win32
	The vshPrintRaw function is not used on Win32, and neither
	is the 'msg' parameter of vshAskReedit. Change the nesting
	of #ifdef WIN32 conditionals to address this

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Update to latest GNULIB to fix compat with Mingw64 toolchain
	On both x86_64-w64-mingw32 and i686-w64-mingw32 there were
	the following warnings/errors:

	  CC     fstat.lo
	../../../gnulib/lib/fstat.c:27:0: warning: "stat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/fstat.c:25:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition
	../../../gnulib/lib/fstat.c:28:0: warning: "fstat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/fstat.c:25:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:259:0: note: this is the location of the previous definition

	  CC     stat.lo
	../../../gnulib/lib/stat.c:32:0: warning: "stat" redefined [enabled by default]
	In file included from ./sys/stat.h:32:0,
	                 from ../../../gnulib/lib/stat.c:27:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/sys/stat.h:258:0: note: this is the location of the previous definition

	  CC     stdio-read.lo
	../../../gnulib/lib/stdio-read.c:102:1: error: redefinition of 'vscanf'
	In file included from ./stdio.h:43:0,
	                 from ../../../gnulib/lib/stdio-read.c:21:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:397:7: note: previous definition of 'vscanf' was here
	../../../gnulib/lib/stdio-read.c:108:1: error: redefinition of 'vfscanf'
	In file included from ./stdio.h:43:0,
	                 from ../../../gnulib/lib/stdio-read.c:21:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/stdio.h:384:7: note: previous definition of 'vfscanf' was here
	make[3]: *** [stdio-read.lo] Error 1
	make[3]: Leaving directory `/home/berrange/src/virt/libvirt/build/gnulib/lib'

	While on x86_64-w64-mingw32 only there was:

	In file included from ../../../gnulib/lib/regex.c:69:0:
	../../../gnulib/lib/regcomp.c: In function 'parse_dup_op':
	../../../gnulib/lib/regcomp.c:2624:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
	../../../gnulib/lib/regcomp.c: In function 'mark_opt_subexp':
	../../../gnulib/lib/regcomp.c:3859:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	winsock2.h must always be included before windows.h
	Some GNULIB headers (eg unistd.h) will often need to include
	winsock2.h for various symbols. There is a rule that winsock2.h
	must be included before windows.h. This means that any file
	which does

	  #ifdef WIN32
	  #include <windows.h>
	  #endif
	  #include <unistd.h>

	is potentially broken. A simple rule is that /all/ includes of
	windows.h must be matched with a preceding include of winsock2.h
	regardless of whether unistd.h is used currently

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Switch automated builds to use Mingw64 toolchain instead of Mingw32
	The Mingw32 toolchain is broadly obsoleted by the Mingw64 toolchain.
	The latter has been adopted by Fedora 17 and newer. Maintaining a
	RPM spec for Mingw32 is a needless burden, so switch to a Mingw64
	RPM spec (which provides 32 & 64 bit builds).

2012-06-25  Doug Goldstein  <cardoe@cardoe.com>

	virsh: Use virXPath wrappers for vncdisplay cmd
	Update the vncdisplay command to use the virXPath wrappers as well as
	check if the domain is up rather than using the port set to -1 to mean
	the domain is not up.

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add support for shared sanlock leases
	A sanlock lease can be marked as shared (rather
	than exclusive)  using SANLK_RES_SHARED flag. This
	adds support for that flag and ensures that in auto
	disk mode, any shared disks use shared leases. This
	also makes any read-only disks be completely
	ignored.

	These changes remove the need for the option

	  ignore_readonly_and_shared_disks

	so that is removed

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add support for guest bind mounts with LXC
	Currently you can configure LXC to bind a host directory to
	a guest directory, but not to bind a guest directory to a
	guest directory. While the guest container init could do
	this itself, allowing it in the libvirt XML means a stricter
	SELinux policy can be written

2012-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add support for RAM filesystems for LXC
	Introduce a new syntax for filesystems to allow use of a RAM
	filesystem

	   <filesystem type='ram'>
	      <source usage='10' units='MiB'/>
	      <target dir='/mnt'/>
	   </filesystem>

	The usage units default to KiB to limit consumption of host memory.

	* docs/formatdomain.html.in: Document new syntax
	* docs/schemas/domaincommon.rng: Add new attributes
	* src/conf/domain_conf.c: Parsing/formatting of RAM filesystems
	* src/lxc/lxc_container.c: Mounting of RAM filesystems

2012-06-22  Hu Tao  <hutao@cn.fujitsu.com>

	fix a bug of ref count in virnetserver.c
	The test of ref count is not protected by lock, which is unsafe because
	the ref count may have been changed by other threads during the test.

	This patch fixes this.

2012-06-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve error when trying to change vm's cpu count 0
	This patch adds a check for the count of processors the user requests
	for the guest machine so that invalid values produce a more helpful
	error message.

2012-06-21  Jim Fehlig  <jfehlig@suse.com>

	Fix deadlock on libvirtd shutdown
	When shutting down libvirtd, the virNetServer shutdown can deadlock
	if there are in-flight jobs being handled by virNetServerHandleJob().
	virNetServerFree() will acquire the virNetServer lock and call
	virThreadPoolFree() to terminate the workers, waiting for the workers
	to finish.  But in-flight workers will attempt to acquire the
	virNetServer lock, resulting in deadlock.

	Fix the deadlock by unlocking the virNetServer lock before calling
	virThreadPoolFree().  This is safe since the virNetServerPtr object
	is ref-counted and only decrementing the ref count needs to be
	protected.  Additionally, there is no need to re-acquire the lock
	after virThreadPoolFree() completes as all the workers have
	terminated.

2012-06-21  Gerd Hoffmann  <kraxel@redhat.com>

	qemu: Add xhci support
	qemu 1.1 features a xhci controller,
	this patch adds support for it.

2012-06-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: add support for virConnectListAllDomains and clean up cmdList
	This patch makes use of the newly added api virConnectListAllDomains()
	to list domains in virsh.

	Virsh now represents lists of domains using an internal structure
	vshDomainList. This structure contains the virDomainPtr list as provided
	by virConnectListAllDomains() and the count of domains in the list.

	For backwards compatibility, the function vshDomainListCollect was added
	that tries to enumerate the domains using the new API and if the API is
	not supported falls back to the older approach with the two list
	functions.  The helper function also simulates filtering by all
	currently supported flags added with virConnectListAllDomains().

	This patch also cleans up the "list" command handler to use the new
	helpers and adds new command line flags to make use of filtering.

2012-06-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Rename namesorter to vshNameSorter and clean up indentation

2012-06-21  Osier Yang  <jyang@redhat.com>

	util: Fix the indention
	src/util/util.c: virFileOpenAs.

2012-06-21  Jim Fehlig  <jfehlig@suse.com>

	Initialize random generator in lxc controller
	The lxc contoller eventually makes use of virRandomBits(), which was
	segfaulting since virRandomInitialize() is never invoked.

	Program received signal SIGSEGV, Segmentation fault.
	0x00007ffff554d560 in random_r () from /lib64/libc.so.6
	(gdb) bt
	0  0x00007ffff554d560 in random_r () from /lib64/libc.so.6
	1  0x0000000000469eaa in virRandomBits (nbits=32) at util/virrandom.c:80
	2  0x000000000045bf69 in virHashCreateFull (size=256,
	    dataFree=0x4aa2a2 <hashDataFree>, keyCode=0x45bd40 <virHashStrCode>,
	    keyEqual=0x45bdad <virHashStrEqual>, keyCopy=0x45bdfa <virHashStrCopy>,
	    keyFree=0x45be37 <virHashStrFree>) at util/virhash.c:134
	3  0x000000000045c069 in virHashCreate (size=0, dataFree=0x4aa2a2 <hashDataFree>)
	    at util/virhash.c:164
	4  0x00000000004aa562 in virNWFilterHashTableCreate (n=0)
	    at conf/nwfilter_params.c:686
	5  0x00000000004aa95b in virNWFilterParseParamAttributes (cur=0x711d30)
	    at conf/nwfilter_params.c:793
	6  0x0000000000481a7f in virDomainNetDefParseXML (caps=0x702c90, node=0x7116b0,
	    ctxt=0x7101b0, bootMap=0x0, flags=0) at conf/domain_conf.c:4589
	7  0x000000000048cc36 in virDomainDefParseXML (caps=0x702c90, xml=0x710040,
	    root=0x7103b0, ctxt=0x7101b0, expectedVirtTypes=16, flags=0)
	    at conf/domain_conf.c:8658
	8  0x000000000048f011 in virDomainDefParseNode (caps=0x702c90, xml=0x710040,
	    root=0x7103b0, expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9360
	9  0x000000000048ee30 in virDomainDefParse (xmlStr=0x0,
	    filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", caps=0x702c90,
	    expectedVirtTypes=16, flags=0) at conf/domain_conf.c:9310
	10 0x000000000048ef00 in virDomainDefParseFile (caps=0x702c90,
	    filename=0x702ae0 "/var/run/libvirt/lxc/x.xml", expectedVirtTypes=16, flags=0)
	    at conf/domain_conf.c:9332
	11 0x0000000000425053 in main (argc=5, argv=0x7fffffffe2b8)
	    at lxc/lxc_controller.c:1773

2012-06-21  Osier Yang  <jyang@redhat.com>

	storage: Set the perms if the pool target already exists for fs pools
	The comment says:

	/* Now create the final dir in the path with the uid/gid/mode
	 * requested in the config. If the dir already exists, just set
	 * the perms.
	 */

	However, virDirCreate is only invoked if the target path doesn't
	exist yet (which is opposite with the comment), or the uid from
	the config is not -1 (I don't understand why, think it's just
	another mistake). And the result is the perms of the pool won't
	be changed if one tries to build the pool with different perms
	again.

	Besides these logic error fix, if no uid and gid are specified in
	the config, the practical used uid, gid are reflected.

2012-06-20  Eric Blake  <eblake@redhat.com>

	snapshot: implement new APIs for esx and vbox
	The two new APIs are rather trivial; based on bits and pieces of
	other existing APIs.  But rather than blindly return 0 or 1 for
	HasMetadata, I chose to first validate that the snapshot in
	question in fact exists.

	* src/esx/esx_driver.c (esxDomainSnapshotIsCurrent)
	(esxDomainSnapshotHasMetadata): New functions.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotIsCurrent)
	(vboxDomainSnapshotHasMetadata): Likewise.

2012-06-20  Eric Blake  <eblake@redhat.com>

	snapshot: require existence before returning success
	Blindly returning success is misleading if the object no longer
	exists; it is a bit better to check for existence up front before
	returning information about that object.  This pattern matches the
	fact that most of our other APIs check for existence as a side
	effect prior to getting at the real piece of information being
	queried.

	* src/esx/esx_driver.c (esxDomainIsUpdated, esxDomainIsPersistent):
	Add existence checks.
	* src/vbox/vbox_tmpl.c (vboxDomainIsPersistent)
	(vboxDomainIsUpdated): Likewise.

2012-06-20  Peter Krempa  <pkrempa@redhat.com>

	drivers: Implement virListAllDomains for drivers using virDomainObj
	This patch adds support for listing all domains into drivers that use
	the common virDomainObj implementation: libxl, lxc, openvz, qemu, test,
	uml, vmware.

	For drivers that don't support managed save images the guests are
	treated as if they had none, so filtering guests that do have such an
	image on this driver succeeds and produces 0 results.

2012-06-20  Guido Günther  <agx@sigxcpu.org>

	openvz: check pointer size instead of int
	since int is 4 bytes on both i386 and amd64.

2012-06-19  Dipankar Sarma  <dipankar@in.ibm.com>

	Fix default USB controller for ppc64
	Fix the default usb controller for pseries systems if none
	specified.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: add qemu snapshot list support
	The two new functions are very similar to the existing functions;
	just a matter of different arguments and a call to a different
	helper function.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Support new flags.
	(qemuDomainListAllSnapshots): New functions.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: new helper function to collect snapshots
	Wraps the conversion from 'char *name' to virDomainSnapshotPtr in
	a reusable manner.

	* src/conf/virdomainlist.h (virDomainListSnapshots): New declaration.
	* src/conf/virdomainlist.c (virDomainListSnapshots): Implement it.
	* src/libvirt_private.syms (virdomainlist.h): Export it.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: provide RPC call for snapshots
	The generator doesn't handle lists of virDomainSnapshotPtr, so
	this commit requires a bit more work than some RPC additions.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_LIST_ALL_SNAPSHOTS)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_ALL_CHILDREN): New RPC calls,
	with corresponding structs.
	* daemon/remote.c (remoteDispatchDomainListAllSnapshots)
	(remoteDispatchDomainSnapshotListAllChildren): New functions.
	* src/remote/remote_driver.c (remoteDomainListAllSnapshots)
	(remoteDomainSnapshotListAllChildren): Likewise.
	* src/remote_protocol-structs: Regenerate.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: provide python bindings for snapshots
	This adds support for the new virDomainListAllSnapshots (a domain
	function) and virDomainSnapshotListAllChildren (a snapshot function)
	to the libvirt-python bindings.  The implementation is done manually
	as the generator does not support wrapping lists of C pointers into
	python objects.

	* python/libvirt-override.c (libvirt_virDomainListAllSnapshots)
	(libvirt_virDomainSnapshotListAllChildren): New functions.
	* python/libvirt-override-api.xml: Document them.
	* python/libvirt-override-virDomain.py (listAllSnapshots): New
	file.
	* python/libvirt-override-virDomainSnapshot.py (listAllChildren):
	Likewise.
	* python/Makefile.am (CLASSES_EXTRA): Ship them.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: use the new snapshot API in virsh when possible
	Using the new API is so much shorter than the rest of the remainder
	of the function.

	* tools/virsh.c (vshSnapshotList): Use the new API.

2012-06-19  Eric Blake  <eblake@redhat.com>

	list: add virDomainListAllSnapshots API
	There was an inherent race between virDomainSnapshotNum() and
	virDomainSnapshotListNames(), where an additional snapshot could
	be created in the meantime, or where a snapshot could be deleted
	before converting the name back to a virDomainSnapshotPtr.  It
	was also an awkward name: the function operates on domains, not
	domain snapshots.  virDomainSnapshotListChildrenNames() suffered
	from the same inherent race, although its naming was nicer.

	This patch makes things nicer by grabbing a snapshot list
	atomically, in the format most useful to the user.

	* include/libvirt/libvirt.h.in (virDomainListAllSnapshots)
	(virDomainSnapshotListAllChildren): New declarations.
	* src/libvirt.c (virDomainSnapshotListNames)
	(virDomainSnapshotListChildrenNames): Add cross-references.
	(virDomainListAllSnapshots, virDomainSnapshotListAllChildren):
	New functions.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export them.
	* src/driver.h (virDrvDomainListAllSnapshots)
	(virDrvDomainSnapshotListAllChildren): New callbacks.
	* python/generator.py (skip_function): Prepare for later
	hand-written versions.

2012-06-19  Eric Blake  <eblake@redhat.com>

	snapshot: expose new flags in virsh
	Previously, to get the name of all snapshots with children, it was
	necessary to get the name of all snapshots and then remove the
	name of leaf snapshots.  This is racy, and somewhat inefficient
	compared to planned API additions.  We can emulate --no-metadata on
	0.9.5-0.9.12, but for now, there is no emulation of --no-leaves.

	* tools/virsh.c (cmdSnapshotList): Add new options --no-leaves and
	--no-metadata.
	(vshSnapshotList): Emulate where possible.
	* tools/virsh.pod (snapshot-list): Document them.

2012-06-19  Eric Blake  <eblake@redhat.com>

	snapshot: add additional filters when getting lists
	It turns out that one-bit filtering makes it hard to select the inverse
	set, so it is easier to provide filtering groups.  For back-compat,
	omitting all bits within a group means the group is not used for
	filtering, and by definition of a group (each snapshot matches exactly
	one bit within the group, and the set of bits in the group covers all
	snapshots), selecting all bits also makes the group useless.

	Unfortunately, virDomainSnapshotListChildren defined the bit
	VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS as an expansion rather than a
	filter, so we cannot make it part of a filter group, so that bit
	(and its counterpart VIR_DOMAIN_SNAPSHOT_LIST_ROOTS for
	virDomainSnapshotList) remains a single control bit.

	* include/libvirt/libvirt.h.in (virDomainSnapshotListFlags): Add a
	couple more flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotNumChildren): Document them.
	(virDomainSnapshotListNames, virDomainSnapshotListChildrenNames):
	Likewise, and add thread-safety caveats.
	* src/conf/virdomainlist.h (VIR_DOMAIN_SNAPSHOT_FILTERS_*): New
	convenience macros.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListCount): Support the new flags.

2012-06-19  Martin Kletzander  <mkletzan@redhat.com>

	virsh: fix few typos on desc command
	virsh help fix:
	 - <--title> can also /get/ the title

	virsh man page:
	 - missing <domain-id>
	 - <new_desc> should be <new-desc>

2012-06-19  Martin Kletzander  <mkletzan@redhat.com>

	domain_conf: fix possible memory leak
	Until now, it was possible to crash libvirtd when defining domain with
	channel device with missing source element.

	When creating new virDomainChrDef, target.port is set to -1, but
	unfortunately it is an union with addresses that virDomainChrDefFree
	tries to free in case the deviceType is channel. Having the port set
	to -1 is intended, however the cleanest way to get around the problems
	with the crash seems to be renumbering the VIR_DOMAIN_CHR_CHANNEL_
	target types to cover new NONE type (with value 0) being the default
	(no target type yet).

2012-06-19  Peter Krempa  <pkrempa@redhat.com>

	error: Fix typos in argument checking macros
	Macro virCheckNullArgGoto is supposed to check for NULL argument but
	checks non-NULL instead.

	Macro virCheckNonNullArgReturn reports error as if the argument should
	be NULL when it shouldn't.

2012-06-19  Martin Kletzander  <mkletzan@redhat.com>

	virsh: make domiftune interface help string consistent
	Append '(MAC Address)' after the help string of domiftune virsh
	command as it takes the same type of argument as domif-{get,set}link
	which have it specified.

2012-06-19  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: avoid useless duplicate memory free
	when lxcContainerIdentifyCGroups failed, the memory it allocated
	has been freed, so we should not free this memory again in
	lxcContainerSetupPivortRoot and lxcContainerSetupExtraMounts.

2012-06-19  Peter Krempa  <pkrempa@redhat.com>

	driver: Clean up driver header to space indentation

2012-06-18  Eric Blake  <eblake@redhat.com>

	snapshot: merge count and name collection
	Another case where we can do the same amount of work with fewer
	lines of redundant code, which will make adding new filters easier.

	* src/conf/domain_conf.c (virDomainSnapshotNameData): Adjust
	struct.
	(virDomainSnapshotObjListCount): Delete, now taken care of...
	(virDomainSnapshotObjListCopyNames): ...here.
	(virDomainSnapshotObjListGetNames): Adjust caller to handle
	counting.
	(virDomainSnapshotObjListNum): Simplify.

2012-06-18  Eric Blake  <eblake@redhat.com>

	snapshot: merge domain and snapshot computation
	Now that domain listing is a thin wrapper around child listing,
	it's easier to have a common entry point.  This restores the
	hashForEach optimization lost in the previous patch when there
	are no snapshots being filtered out of the entire list.

	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Add parameter.
	(virDomainSnapshotObjListGetNamesFrom)
	(virDomainSnapshotObjListNumFrom): Delete.
	* src/libvirt_private.syms (domain_conf.h): Drop deleted functions.
	* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames):
	Merge, and (re)add an optimization.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags)
	(qemuDomainSnapshotListNames, qemuDomainSnapshotNum)
	(qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Update callers.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Likewise.
	* src/conf/virdomainlist.c (virDomainListPopulate): Likewise.

2012-06-18  Eric Blake  <eblake@redhat.com>

	snapshot: use metaroot node to simplify management
	This idea was first suggested by Daniel Veillard here:
	https://www.redhat.com/archives/libvir-list/2011-October/msg00353.html

	Now that I am about to add more complexity to snapshot listing, it
	makes sense to avoid code duplication and special casing for domain
	listing (all snapshots) vs. snapshot listing (descendants); adding
	a metaroot reduces the number of code lines by having the domain
	listing turn into a descendant listing of the metaroot.

	Note that this has one minor pessimization - if we are going to list
	ALL snapshots without filtering, then virHashForeach is more efficient
	than recursing through the child relationships; restoring that minor
	optimization will occur in the next patch.

	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Repurpose some fields.
	(virDomainSnapshotDropParent): Drop unused parameter.
	* src/conf/domain_conf.c (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListCount): Simplify.
	(virDomainSnapshotFindByName, virDomainSnapshotSetRelations)
	(virDomainSnapshotDropParent): Match new field semantics.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Adjust clients.

2012-06-18  Guido Günther  <agx@sigxcpu.org>

	openvz: Fix wordsize on 64 bit architectures
	The word size there is 64 bit not 8.

2012-06-18  Peter Krempa  <pkrempa@redhat.com>

	conf: Add helper for listing domains on drivers supporting virDomainObj
	This patch adds common code to list domains in fashion used by
	virListAllDomains with all currently supported flags. The header file
	also contains macros that group filters together that are used to
	shorten filter conditions.

	conf: Store managed save image existence in virDomainObj
	This patch stores existence of the image in the object. At start of the
	daemon the state is checked and then updated in key moments in domain
	lifecycle.

2012-06-18  Peter Krempa  <pkrempa@redhat.com>

	remote: implement remote protocol for virConnectListAllDomains()
	This patch wires up the RPC protocol handlers for
	virConnectListAllDomains(). The RPC generator has no support for the way
	how virConnectListAllDomains() returns the results so the handler code
	had to be done manually.

	The new api is handled by REMOTE_PROC_CONNECT_LIST_ALL_DOMAINS, with
	number 273 and marked with high priority.

2012-06-18  Peter Krempa  <pkrempa@redhat.com>

	python: add API exports for virConnectListAllDomains()
	This patch adds export of the new API function
	virConnectListAllDomains() to the libvirt-python bindings. The
	virConnect object now has method "listAllDomains" that takes only the
	flags parameter and returns a python list of virDomain object
	corresponding to virDomainPtrs returned by the underlying api.

	The implementation is done manually as the generator does not support
	wrapping list of virDomainPtrs into virDomain objects.

2012-06-18  Peter Krempa  <pkrempa@redhat.com>

	lib: Add public api to enable atomic listing of guest
	This patch adds a new public api that lists domains. The new approach is
	different from those used before. There are key points to this:

	1) The list is acquired atomically and contains both active and inactive
	domains (guests). This eliminates the need to call two different list
	APIs, where the state might change in between the calls.

	2) The returned list consists of virDomainPtrs instead of names or ID's
	that have to be converted to virDomainPtrs anyways using separate calls
	for each one of them. This is more convenient and saves hypervisor calls.

	3) The returned list is auto-allocated. This saves a lot of hassle for
	the users.

	4) Built in support for filtering. The API call supports various
	filtering flags that modify the output list according to user needs.

	Available filter groups:
	    Domain status:
	    VIR_CONNECT_LIST_DOMAINS_ACTIVE, VIR_CONNECT_LIST_DOMAINS_INACTIVE

	    Domain persistence:
	    VIR_CONNECT_LIST_DOMAINS_PERSISTENT,
	    VIR_CONNECT_LIST_DOMAINS_TRANSIENT

	    Domain state:
	    VIR_CONNECT_LIST_DOMAINS_RUNNING, VIR_CONNECT_LIST_DOMAINS_PAUSED,
	    VIR_CONNECT_LIST_DOMAINS_SHUTOFF, VIR_CONNECT_LIST_DOMAINS_OTHER

	    Existence of managed save image:
	    VIR_CONNECT_LIST_DOMAINS_MANAGEDSAVE,
	    VIR_CONNECT_LIST_DOMAINS_NO_MANAGEDSAVE

	    Auto-start option:
	    VIR_CONNECT_LIST_DOMAINS_AUTOSTART,
	    VIR_CONNECT_LIST_DOMAINS_NO_AUTOSTART

	    Existence of snapshot:
	    VIR_CONNECT_LIST_DOMAINS_HAS_SNAPSHOT,
	    VIR_CONNECT_LIST_DOMAINS_NO_SNAPSHOT

	5) The python binding returns a list of domain objects that is very neat
	to work with.

	The only problem with this approach is no support from code generators
	so both RPC code and python bindings had to be written manually.

	*include/libvirt/libvirt.h.in: - add API prototype
	                               - clean up whitespace mistakes nearby
	*python/generator.py: - inhibit generation of the bindings for the new
	                        api
	*src/driver.h: - add driver prototype
	               - clean up some whitespace mistakes nearby
	*src/libvirt.c: - add public implementation
	*src/libvirt_public.syms: - export the new symbol

2012-06-18  Daniel P. Berrange  <berrange@redhat.com>

	Add a custom 404 error page for the website

2012-06-18  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix incorrect DEBUG info
	print debug info "container support is enabled"
	when host support the user or net namespace.

	LXC: fix memory leak in lxcContainerSetupExtraMounts
	kill the "return 0;" code, it will cause memory leak.

2012-06-18  Eric Blake  <eblake@redhat.com>

	build: fix whitespace damage
	Introduced in commit 1f8c33b67.

	* src/lxc/lxc_container.c (lxcContainerGetSubtree): Avoid TAB.

2012-06-18  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix memory leak in lxcContainerGetSubtree
	when libvirt_lxc trigger oom error in lxcContainerGetSubtree
	we should free the alloced memory for mounts.

	so when lxcContainerGetSubtree failed,we should do some
	memory cleanup in lxcContainerUnmountSubtree.

2012-06-18  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix memory leak in lxcContainerMountFSBlockHelper
	we alloc the memory for format in lxcContainerMountDetectFilesystem
	but without free it in lxcContainerMountFSBlockHelper.

	this patch just call VIR_FREE to free it.

2012-06-18  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Update vol-create-as manpage
	as we support qed format as well.

	virsh: Tweak attach-* documentation
	as we are missing:
	attach-disk: --type can accept 'lun' too, not just cdrom or floppy.
	attach-disk: --target specify logical device name, not path
	attach-interface: --target silently drops strings with vnet* prefix

2012-06-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Wait for events instead of agent response
	With latest changes to qemu-ga success on some commands is not reported
	anymore, e.g. guest-shutdown or guest-suspend-*. However, errors are
	still being reported. Therefore, we need to find different source of
	indication if operation was successful. Events.

	qemu_agent: Add some more debug prints
	for agent ref count and qemuProcessHandleAgentDestroy

2012-06-16  Eric Blake  <eblake@redhat.com>

	snapshot: use new virsh function for snapshot-list
	Operating on a list of snapshot objects looks so much simpler.
	In particular, since the helper function already trimmed out
	irrelevant entries, we no longer have quite so many special cases
	on finding the first snapshot to operate on.  Also, vshTreePrint
	no longer has a generic callback struct; both clients now pass
	something different according to their own needs.

	* tools/virsh.c (cmdSnapshotList): Use previous patches.
	(vshTreeArrayLookup): Rename...
	(vshNodeListLookup): ...now that it only has one client.
	(cmdNodeListDevices): Adjust caller.

2012-06-16  Eric Blake  <eblake@redhat.com>

	snapshot: new virsh function factored from snapshot-list
	This patch is based on the fallback code out of cmdSnapshotList,
	with tweaks to keep the snapshot objects around rather than just
	their name, and to remove unwanted elements before returning.
	It looks forward to a future patch when we add a way to list all
	snapshot objects at once, and the next patch will simplify
	cmdSnapshotList to take advantage of this factorization.

	* tools/virsh.c (vshSnapshotList, vshSnapshotListFree): New functions.

2012-06-16  Eric Blake  <eblake@redhat.com>

	build: hoist qemu dependence on yajl to configure
	Commit 6e769eba made it a runtime error if libvirt was compiled
	without yajl support but targets a new enough qemu.  But enough
	users are hitting this on self-compiled libvirt that it is worth
	erroring out at compilation time, rather than an obscure failure
	when trying to use the built executable.

	* configure.ac: If qemu is requested and -version works, require
	yajl when qemu version is new enough.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Add
	comment.

2012-06-15  Cole Robinson  <crobinso@redhat.com>

	autogen: Always abide --system
	If we do ./autogen.sh && ./configure, then later try ./autogen.sh --system,
	configure isn't invoked with the requested params. Instead
	config.status --recheck is run.

2012-06-15  Jim Fehlig  <jfehlig@suse.com>

	Check for errors when parsing bridge interface XML
	The return status of virInterfaceDefParseBridge() was not being
	checked, potentially resulting in the creation of a broken
	interface.

2012-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix launch of libvirtd when DHCP snooping support is not available.
	When libpcap is not available, the NWFilter driver provides a
	no-op stub for the DHCP snooping initialization. This was
	mistakenly returning '-1' instead of '0', so the entire driver
	initialization failed

	Add more debug logging for libvirtd startup
	To facilitate future troubleshooting add a bunch more debugging
	statements into important startup parts of libvirt

2012-06-15  Osier Yang  <jyang@redhat.com>

	schema: Update domain XML schema
	'boot' tag shouldn't be exclusive with 'kernel', 'initrd', and 'cmdline',
	though the boot sequence doesn't make sense when the guest boots from
	kernel directly. But it's useful if booting from kernel is to install
	a newguest, even if it's not to install a guest, there is no hurt. And
	on the other hand, we allow 'boot' and the kernel tags when parsing.

2012-06-15  Wen Congyang  <wency@cn.fujitsu.com>

	virsh: allow the user to specify vmcore's format
	Add a new parameter --memory-only for 'virsh dump' command. So
	the user can decide the vmcore's format.

	qemu: allow the client to choose the vmcore's format
	This patch updates qemu driver to allow the client to choose the
	vmcore's format: memory only or including device state.

	qemu: implement qemu's dump-guest-memory
	dump-guest-memory is a new dump mechanism, and it can work when the
	guest uses host devices. This patch adds a API to use this new
	monitor command.
	We will always use json mode if qemu's version is >= 0.15, so I
	don't implement the API for text mode.

	qemu: fix potential dead lock
	If we lock the qemu_driver, we should call qemuDomainObjBeginJobWithDriver()
	not qemuDomainObjBeginJob().

2012-06-15  Osier Yang  <jyang@redhat.com>

	virsh: Null terminated the string memcpy from buffer explicitly
	Detected by valgrind:

	==16217== 1 errors in context 1 of 12:
	==16217== Invalid read of size 1
	==16217==    at 0x4A07804: __GI_strlen (mc_replace_strmem.c:284)
	==16217==    by 0x3019F167F6: xdr_string (in /lib64/libc-2.12.so)
	==16217==    by 0x3033709E8D: xdr_remote_nonnull_string (remote_protocol.c:31)
	==16217==    by 0x303370E5CB: xdr_remote_domain_update_device_flags_args (remote_protocol.c:2028)
	==16217==    by 0x30337197D1: virNetMessageEncodePayload (virnetmessage.c:341)
	==16217==    by 0x30337135E1: virNetClientProgramCall (virnetclientprogram.c:327)
	==16217==    by 0x30336F1EFD: callWithFD (remote_driver.c:4586)
	==16217==    by 0x30336F1F7B: call (remote_driver.c:4607)
	==16217==    by 0x30336F42F2: remoteDomainUpdateDeviceFlags (remote_client_bodies.h:2865)
	==16217==    by 0x30336D46E5: virDomainUpdateDeviceFlags (libvirt.c:9457)
	==16217==    by 0x41AEE8: cmdChangeMedia (virsh.c:15249)
	==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
	==16217==  Address 0x4ec5e25 is 0 bytes after a block of size 293 alloc'd
	==16217==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==16217==    by 0x303364F1DB: virAllocN (memory.c:129)
	==16217==    by 0x41A844: vshPrepareDiskXML (virsh.c:15043)
	==16217==    by 0x41AECC: cmdChangeMedia (virsh.c:15246)
	==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
	==16217==    by 0x423973: main (virsh.c:20261)

2012-06-14  Laine Stump  <laine@laine.org>

	docs: small typo in formatdomain.html

2012-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Always pivot_root event if the new root source is '/'
	This reverts

	  commit c16b4c43fcdd8ec02581f38377983b2e0925bfcd
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri May 11 15:09:27 2012 +0100

	    Avoid LXC pivot root in the root source is still /

	This commit broke setup of /dev, because the code which
	deals with setting up a private /dev and /dev/pts only
	works if you do a pivotroot.

	The original intent of avoiding the pivot root was to
	try and ensure the new root has a minimumal mount
	tree. The better way todo this is to just unmount the
	bits we don't want (ie old /proc & /sys subtrees.
	So apply the logic from

	  commit c529b47a756960d332fbe9903943dae855e7b949
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri May 11 11:35:28 2012 +0100

	    Trim /proc & /sys subtrees before mounting new instances

	to the pivot_root codepath as well

2012-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Improve error message diagnosing incorrect XML CPU mode
	Tell the user what CPU mode value is wrong

2012-06-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Enable disconnecting SPICE clients without changing password
	Libvirt updates the configuration of SPICE server only when something
	changes. This is unfortunate when the user wants to disconnect a
	existing spice session when the connected attribute is already
	"disconnect".

	This patch modifies the conditions for calling the password updater to
	be called when nothing changes, but the connected attribute is already
	"disconnect".

2012-06-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Report name from edited object
	There is a little easter egg in virsh: one can easily clone
	an object (domain, network, ...). Just 'virsh edit' change the name
	and remove <uuid>. And then, in the end when reporting success
	the new name was printed out.
	However, with recent edit rewrite we lost the final part and are
	still printing the original name out.

	virsh: Honor reedit opts printing to a function
	When printing reedit options we make stdin raw. However,
	this results in stdout being raw as well. Therefore we need
	to return carriage when doing new line. Unfortunately,
	'\r' cannot be part of internationalized messages hence
	we must move them to formatting string which then in turn
	become huge and disarranged. To solve this, a new function
	is introduced which takes variable string arguments and
	prepend each with "\r\n" just before printing.

2012-06-14  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix off-by-one error while unescaping monitor strings
	While unescaping the commands the commands passed through to the monitor
	function qemuMonitorUnescapeArg() initialized lenght of the input string
	to strlen()+1 which is fine for alloc but not for iteration of the
	string.

	This patch fixes the off-by-one error and drops the pointless check for
	a single trailing slash that is automaticaly handled by the default
	branch of switch.

2012-06-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: Don't generate invalid XML in attach-disk command
	The attach-disk command used with parameter --cache created an invalid
	XML snippet as the beginning of the <driver> element was not printed
	when used solely with --cache and no other attribute to driver.

2012-06-13  Laine Stump  <laine@laine.org>

	network: fully support/use VIR_NETWORK_XML_INACTIVE flag
	commit 52d064f42dbc857f4096dc60c0335395ffac73aa added
	VIR_NETWORK_XML_INACTIVE in order to allow suppressing the
	auto-generated list of VFs in network definitions, and a --inactive
	flag to virsh net-dumpxml to take advantage of the flag. However, it
	missed out on two opportunities:

	1) Use INACTIVE to get the current config of the network as it
	   exists on disk, rather than the currently active config.

	2) Add INACTIVE to the flags used for the virsh net-edit command, so
	   that it won't include the forward-pool interfaces that were
	   autogenerated, and so that a re-edit of the network prior to
	   restarting it will show any other edits made since the last restart
	   of the network. (prior to this patch, if you edited a network a 2nd
	   time without restarting, all of the previous edits would magically
	   disappear).

	In order to fit with the new #define-based generic edit function in
	virsh.c, a new function vshNetworkGetXMLDesc() was added. This
	function first tries to call virNetworkGetXMLDesc with the INACTIVE
	flag added, then retries without if the first attempt fails (in the
	manner expected when the server doesn't support it).

2012-06-13  Daniel P. Berrange  <berrange@redhat.com>

	Add some missing hook functions
	A core use case of the hook scripts is to be able to do things
	to a guest's network configuration. It is possible to hook into
	the 'start' operation for a QEMU guest which runs just before
	the guest is started. The TAP devices will exist at this point,
	but the QEMU process will not. It can be desirable to have a
	'started' hook too, which runs once QEMU has started.

	If libvirtd is restarted it will re-populate firewall rules,
	but there is no QEMU hook to trigger for existing domains.
	This is solved with a 'reconnect' hook.

	Finally, if attaching to an external QEMU process there needs
	to be an 'attach' hook script.

	This all also applies to the LXC driver

	* docs/hooks.html.in: Document new operations
	* src/util/hooks.c, src/util/hooks.c: Add 'started', 'reconnect'
	  and 'attach' operations for QEMU. Add 'prepare', 'started',
	  'release' and 'reconnect' operations for LXC
	* src/lxc/lxc_driver.c: Add hooks for 'prepare', 'started',
	  'release' and 'reconnect' operations
	* src/qemu/qemu_process.c: Add hooks for 'started', 'reconnect'
	  and 'reconnect' operations

2012-06-13  Daniel P. Berrange  <berrange@redhat.com>

	client rpc: Fix error checking after poll()
	First 'poll' can't return EWOULDBLOCK, and second, we're checking errno
	so far away from the poll() call that we've probably already trashed the
	original errno value.

2012-06-13  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Send keepalive requests from IO event loop
	In addition to keepalive responses, we also need to send keepalive
	requests from client IO loop to properly detect dead connection in case
	a libvirt API is called from the main loop, which prevents any timers to
	be called.

	server rpc: Remove APIs for manipulating filters on locked client
	We don't need to add or remove filters when client object is already
	locked anymore. There's no reason to keep the *Locked variants of those
	APIs.

	rpc: Remove unused parameter in virKeepAliveStopInternal
	The previous commit removed the only usage of ``all'' parameter in
	virKeepAliveStopInternal, which was actually the only reason for having
	virKeepAliveStopInternal. This effectively reverts most of commit
	6446a9e20cc65561ce6061742baf35a3a63d5ba1.

	rpc: Do not use timer for sending keepalive responses
	When a libvirt API is called from the main event loop (which seems to be
	common in event-based glib apps), the client IO loop would properly
	handle keepalive requests sent by a server but will not actually send
	them because the main event loop is blocked with the API. This patch
	gets rid of response timer and the thread which is processing keepalive
	requests is also responsible for queueing responses for delivery.

	client rpc: Separate call creation from running IO loop
	This makes it possible to create and queue new calls while we are
	running IO loop.

	rpc: Add APIs for direct triggering of keepalive timer
	Add virKeepAliveTimeout and virKeepAliveTrigger APIs that can be used to
	set poll timeouts and trigger keepalive timer. virKeepAliveTrigger
	checks if it is called to early and does nothing in that case.

	rpc: Refactor keepalive timer code
	The code that needs to be run every keepalive interval of inactivity was
	only called from a timer and thus from the main event loop. We will need
	to call the code directly from another place.

	client rpc: Drop unused return value of virNetClientSendNonBlock
	As we never drop non-blocking calls, the return value that used to
	indicate a call was dropped is no longer needed.

	client rpc: Just queue non-blocking call if another thread has the buck
	As non-blocking calls are no longer dropped, we don't really need to
	care that much about their fate and wait for the thread with the buck
	to process them. If another thread has the buck, we can just push a
	non-blocking call to the queue and be done with it.

2012-06-13  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Don't drop non-blocking calls
	So far, we were dropping non-blocking calls whenever sending them would
	block. In case a client is sending lots of stream calls (which are not
	supposed to generate any reply), the assumption that having other calls
	in a queue is sufficient to get a reply from the server doesn't work. I
	tried to fix this in b1e374a7ac56927cfe62435179bf0bba1e08b372 but
	failed and reverted that commit.

	With this patch, non-blocking calls are never dropped (unless the
	connection is being closed) and will always be sent.

2012-06-13  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Use event loop for writing
	Normally, when every call has a thread associated with it, the thread
	may get the buck and be in charge of sending all calls until its own
	call is done. When we introduced non-blocking calls, we had to add
	special handling of new non-blocking calls. This patch uses event loop
	to send data if there is no thread to get the buck so that any
	non-blocking calls left in the queue are properly sent without having to
	handle them specially. It also avoids adding even more cruft to client
	IO loop in the following patches.

	With this change in, non-blocking calls may see unpredictable delays in
	delivery when the client has no event loop registered. However, the only
	non-blocking calls we have are keepalives and we already require event
	loop for them, which makes this a non-issue until someone introduces new
	non-blocking calls.

2012-06-13  Jiri Denemark  <jdenemar@redhat.com>

	client rpc: Improve debug messages in virNetClientIO
	When analyzing our debug log, I'm always confused about what each of the
	pointers mean. Let's be explicit.

2012-06-13  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' on virgin checkout
	'make dist' was depending on *protocol-structs files, which are
	stored in git but in turn depended on generated files.  We still
	want to ship the protocol-structs files, but by renaming the
	tests to something not matching a file name, we separate 'make
	check' (which depends on the generated file) from 'make dist'
	(which only depends on the git files).  After all, the tarball
	should never depend on a generated file not stored in git.

	I found one more case of a git file depending on a generated
	file, in a bogus virkeycode.c listing; but at least this one
	had no associated rules so it never broke 'make dist'.

	Reported by Wen Congyang.  Latent bug has been present since
	commit 62dee6f, but only recently exposed by commit 7bff56a.

	* src/Makefile.am ($(srcdir)/util/virkeycode.c): Drop useless
	dependency.
	(BUILT_SOURCES): ...and build virkeymaps.h sooner.
	(PROTOCOL_STRUCTS): Rather than depend on the struct file...
	(check-local): ...convert things into a phony target of...
	(check-protocol): ...a new check.
	($(srcdir)/remote_protocol-struct): Rename to isolate the distributed
	file from the conditional test.
	(PDWTAGS): Deal with rename.  Swap to compare 'expected actual'.

2012-06-13  Eric Blake  <eblake@redhat.com>

	build: silence gettext warning
	Otherwise, 'make dist' gives multiple warnings like:

	libvirt.pot:20814: warning: internationalized messages should not contain the `\r' escape sequence

	* tools/virsh.c (vshAskReedit): Avoid \r in _().

2012-06-12  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up domainUpdateDeviceFlags
	so we can update file system quota

	openvz: add persist parameter to openvzSetDiskQuota
	with persist=false the domain config file will not be updated.

	Introduce virDomainFSIndexByName
	for containers matching virDomainDiskIndexByName.

2012-06-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in RPM specfile
	libvirt.spec.in: s/{?rhel}/%{?rhel}/

2012-06-12  Eric Blake  <eblake@redhat.com>

	python: fix snapshot listing bugs
	Python exceptions are different than libvirt errors, and we had
	some corner case bugs on OOM situations.

	* python/libvirt-override.c (libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainSnapshotListChildrenNames): Use correct error
	returns, avoid segv on OOM, and avoid memory leaks on error.

2012-06-12  Eric Blake  <eblake@redhat.com>

	python: use simpler methods
	* python/libvirt-override.c (libvirt_virDomainGetVcpus)
	(libvirt_virDomainGetVcpuPinInfo): Use Py_XDECREF instead of
	open-coding it.

2012-06-12  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't overwrite security labels
	Currently, if qemuProcessStart fail at some point, e.g. because
	domain being started wants a PCI/USB device already assigned to
	a different domain, we jump to cleanup label where qemuProcessStop
	is performed. This unconditionally calls virSecurityManagerRestoreAllLabel
	which is wrong because the other domain is still using those devices.

	However, once we successfully label all devices/paths in
	qemuProcessStart() from that point on, we have to perform a rollback
	on failure - that is - we have to virSecurityManagerRestoreAllLabel.

2012-06-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessStop: Switch to flags
	Currently, we are passing only one boolean (migrated) so there is
	no real profit in this. But it creates starting position for
	next patch.

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: implement new APIs for qemu
	The two APIs are rather trivial; based on bits and pieces of other
	existing APIs.  It leaves the door open for future extension to
	qemu to report snapshots without metadata based on reading qcow2
	internal snapshot names.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotIsCurrent)
	(qemuDomainSnapshotHasMetadata): New functions.

2012-06-11  Laine Stump  <laine@laine.org>

	docs: minor fixes to domain interface documentation
	A few examples for <interface> had a type='direct' interface with no
	sub-elements. This is not allowed - a type='direct' interface must
	have at least a source element. (Most likely the example was copied
	from the type='user' or type='ethernet' examples - they *do* allow an
	instance with no sub-elements).

	There was also one place that mistakenly used %lt; ... %gt; instead of
	&lt; ... &gt; (for some reason, I make that typo all the time).

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: RPC for new query APIs
	Pretty straightforward.

	* src/remote/remote_protocol.x
	(remote_domain_snapshot_is_current_args)
	(remote_domain_snapshot_is_current_ret)
	(remote_domain_snapshot_has_metadata_args)
	(remote_domain_snapshot_has_metadata_ret): New structs.
	(REMOTE_PROC_DOMAIN_SNAPSHOT_IS_CURRENT)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_HAS_METADATA): New RPC calls.
	* src/remote/remote_driver.c (remote_driver): Call them.
	* src/remote_protocol-structs: Regenerate.

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: add 'virsh snapshot-info'
	Expose the recent API additions in virsh.  Borrows ideas from 'dominfo'
	for the general type of information to display.

	Output looks like:

	$ tools/virsh snapshot-info fedora-local tmp
	Name:           tmp
	Domain:         fedora-local
	Current:        no
	State:          disk-snapshot
	Parent:         -
	Children:       1
	Descendants:    2
	Metadata:       yes

	possibly with fewer lines when talking to older servers.

	* tools/virsh.c (cmdSnapshotInfo): New command.
	* tools/virsh.pod (snapshot-info): Document it.

2012-06-11  Eric Blake  <eblake@redhat.com>

	docs: link to FLOSS Weekly podcast, virt blogs
	Eric Blake and Guido Günther were guests during this week's
	FLOSS Weekly podcast, giving insights into libvirt as a Free
	Software project.  Also, there are several useful blogs on
	virt-related topics.

	* docs/relatedlinks.html.in (Blogs and Podcasts): New section.

2012-06-11  Daniel P. Berrange  <berrange@redhat.com>

	Two RPM conditional fixes for RHEL-7
	Ensure systemd is used in RHEL-7 and cgconfig is not used in
	RHEL-7

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: new query APIs
	Right now, starting from just a virDomainSnapshotPtr, and wanting to
	know if it is the current snapshot for its respective domain, you have
	to use virDomainSnapshotGetDomain(), then virDomainSnapshotCurrent(),
	then compare the two names returned by virDomainSnapshotGetName().
	It is a bit easier if we can directly query this information from the
	snapshot itself.

	Right now, it is possible to filter a snapshot listing based on
	whether snapshots have metadata that would prevent domain deletion,
	but the only way to learn if an individual snapshot has metadata is
	to see if that snapshot appears in the list returned by a listing.
	Additionally, I hope to expand the qemu driver in a future patch to
	use qemu-img to reconstruct snapshot XML corresponding to internal
	qcow2 snapshot names not otherwise tracked by libvirt (in part, so
	that libvirt can guarantee that new snapshots are not created with
	a name that would silently corrupt the existing portion of the qcow2
	file); if I ever get that in, then it would no longer be an all-or-none
	decision on whether snapshots have metadata, and becomes all the more
	important to be able to directly determine that information from a
	particular snapshot.

	Other query functions (such as virDomainIsActive) do not have a flags
	argument, but since virDomainHasCurrentSnapshot takes a flags argument,
	I figured it was safer to provide a flags argument here as well.

	* include/libvirt/libvirt.h.in (virDomainSnapshotIsCurrent)
	(virDomainSnapshotHasMetadata): New declarations.
	* src/libvirt.c (virDomainSnapshotIsCurrent)
	(virDomainSnapshotHasMetadata): New functions.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export them.
	* src/driver.h (virDrvDomainSnapshotIsCurrent)
	(virDrvDomainSnapshotHasMetadata): New driver callbacks.

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh indentation cleanup
	No semantic change; this will make it easier to refactor code.

	* tools/virsh.c (cmdSnapshotList): Drop level of indentation, and
	rename a variable.

2012-06-11  Eric Blake  <eblake@redhat.com>

	virsh: make tree listing more flexible
	Requiring the user to pass in parallel arrays of names and parents
	is annoying; it means that you can't qsort one of the arrays without
	invalidating the ordering of the other.  By refactoring this function
	to use callbacks, we isolate the layout to be independent of the
	printing, and a future patch can exploit that to improve layout.

	* tools/virsh.c (vshTreePrintInternal): Use callbacks rather than
	requiring a char** array.
	(vshTreeArrayLookup): New helper function.
	(vshTreePrint, cmdNodeListDevices, cmdSnapshotList): Update callers.

2012-06-11  Eric Blake  <eblake@redhat.com>

	virsh: remove limits on tree listing
	I am not a fan of fixed-width buffers.  All it takes is a
	linear chain of more than 100 snapshots to mess up 'virsh
	snapshot-list --tree'.  Now that virBuffer is more powerful,
	we might as well exploit its power.

	* tools/virsh.c (cmdNodeListDevicesPrint): Simplify to use a
	virBuffer instead of fixed-width prefix, factor guts, and rename...
	(vshTreePrint, vshTreePrintInternal): ...along with new helper.
	(cmdNodeListDevices, cmdSnapshotList): Update callers.

2012-06-11  Eric Blake  <eblake@redhat.com>

	buf: support peeking at string contents
	Right now, the only way to get at the contents of a virBuffer is
	to destroy it.  But there are cases in my upcoming patches where
	peeking at the contents makes life easier.  I suppose this does
	open up the potential for bad code to dereference a stale pointer,
	by disregarding the docs that the return value is invalid on the
	next virBuf operation, but such is life.

	* src/util/buf.h (virBufferCurrentContent): New declaration.
	* src/util/buf.c (virBufferCurrentContent): Implement it.
	* src/libvirt_private.syms (buf.h): Export it.
	* tests/virbuftest.c (testBufAutoIndent): Test it.

2012-06-11  Michal Privoznik  <mprivozn@redhat.com>

	rpc: Fix memleak in virNetMessageEncodeHeader
	My latest patch for RPC rework (a2c304f6872) introduced a memory leak.
	virNetMessageEncodeHeader() is calling VIR_ALLOC_N(msg->buffer, ...)
	despite fact, that msg->buffer isn't VIR_FREE()'d on all paths calling
	the function. Therefore, rather than injecting free statement switch to
	VIR_REALLOC_N().

2012-06-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix privileges on /var/run/libvirt directory
	Previous commit

	  commit 32a9aac2e04c991340b66c855a1095e4e6445e54
	  Author: William Jon McCann <william.jon.mccann@gmail.com>
	  Date:   Thu May 3 12:36:27 2012 -0400

	    Use XDG Base Directories instead of storing in home directory

	Accidentally changed the umask when creating /var/run/libvirt
	to 077. This prevents /var/run/libvirt being readable by non-root,
	which is required for non-root to connect to libvirtd. Fix the
	code so that umask 077 is only used for the non-privileged libvirtd
	instance.

2012-06-11  Daniel P. Berrange  <berrange@redhat.com>

	Only migrate profile in non-privileged libvirtd instance
	Only the non-privileged libvirtd instance uses $HOME. So avoid
	running the code for migrating to XDG directories unless using
	a non-privileged libvirtd

2012-06-11  Eric Blake  <eblake@redhat.com>

	snapshot: avoid virsh crash with older servers
	Commits 51082301, 16d7b39, and 521cc447 introduced support for
	'virsh snapshot-list --from' when talking to a server older than
	0.9.5, but broke support for plain 'virsh snapshot-list' for the
	same old server in the process.  Because the code is not properly
	gated, we end up with a SIGSEGV during a strcmp with a NULL argument.

	* tools/virsh.c (cmdSnapshotList): Don't waste time on fallbacks
	when --from is not present.

2012-06-11  Osier Yang  <jyang@redhat.com>

	Update AUTHORS
	Commit a80bb970 forgot to update authors.

2012-06-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix memory leak in lxcContainerMountFSBlockAuto
	we forgot to free fslist,just add VIR_FREE(fslist).

2012-06-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: fix incorrect parameter of mount in lxcContainerMountFSBind
	when do remount,the source and target should be the same
	values specified in the initial mount() call.

	So change fs->dst to src.

2012-06-11  Gao feng  <gaofeng@cn.fujitsu.com>

	LXC: Delete unused variable src in lxcContainerMountBasicFS
	There is no code use the variable "src" in lxcContainerMountBasicFS.
	so delete it and VIR_FREE.

2012-06-10  Guido Günther  <agx@sigxcpu.org>

	msg_buf_size is unsigned long not size_t
	This fixes the build on 32bit systems which otherwise fails with:

	virnetmessagetest.c: In function 'testMessageHeaderEncode':
	virnetmessagetest.c:75:9: error: format '%zu' expects argument of type 'size_t', but argument 7 has type 'long unsigned int' [-Werror=format]

2012-06-08  Guido Günther  <agx@sigxcpu.org>

	Only check for cluster fs if we're using a filesystem
	otherwise migration fails for e.g. network filesystems like sheepdog
	with:

	   error: Invalid relative path 'virt-name': Invalid argument

	while we should fail with:

	    Migration may lead to data corruption if disks use cache != none

	References:

	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676328
	    https://www.redhat.com/archives/libvirt-users/2012-May/msg00088.html

2012-06-08  Eric Blake  <eblake@redhat.com>

	snapshot: add virDomainSnapshotRef API
	virDomainSnapshotPtr has a refcount member, but no one was able
	to use it.  Furthermore, all of our other vir*Ptr objects have
	a *Ref method to match their *Free method.  Thankfully, this is
	client-side only, so we can use this new function regardless of
	how old the server side is!  (I have future patches to virsh
	that want to use it.)

	* include/libvirt/libvirt.h.in (virDomainSnapshotRef): Declare.
	* src/libvirt.c (virDomainSnapshotRef): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.9.13): Export it.

2012-06-08  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix deadlock in virLogReset
	When libvirtd forks off a new child, the child then calls virLogReset(),
	which ends up closing file descriptors used as log outputs. However, we
	recently started logging closed file descriptors, which means we need to
	lock logging mutex which was already locked by virLogReset(). We don't
	really want to log anything when we are in the process of closing log
	outputs.

2012-06-07  Cole Robinson  <crobinso@redhat.com>

	Fix missing ) in 2 strings
	https://bugzilla.redhat.com/show_bug.cgi?id=801656

2012-06-07  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Assign correct address type to spapr-vlan and spapr-vty.
	For pseries guest, spapr-vlan and spapr-vty is based
	on spapr-vio address. According to model of network
	device, the address type should be assigned automatically.
	For serial device, serial pty device is recognized as
	spapr-vty device, which is also on spapr-vio.

	So this patch is to correct the address type of
	spapr-vlan and spapr-vty, and build correct
	command line of spapr-vty.

	Reviewed-by:   Michael Ellerman<michaele@au1.ibm.com>

2012-06-07  Eric Blake  <eblake@redhat.com>

	maint: make it easier to copy FORTIFY_SOURCE snippet
	While libvirt intentionally avoids -Wundef (after all, C99
	guarantees sane semantics of treating undefined macros as 0),
	the glibc insanity of #warning on _FORTIFY_SOURCE coupled with
	what some people feel is the black magic of autoconf means
	that other projects are likely to copy our snippet verbatim.
	We can be nicer to other projects by making it easier to
	integrate into projects that use -Wundef.

	Suggested by Christophe Fergeau.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Be nice
	to other projects using -Wundef.

2012-06-07  Eric Blake  <eblake@redhat.com>

	command: avoid potential deadlock on handshake
	There is a theoretical problem of an extreme bug where we can get
	into deadlock due to command handshaking.  Thanks to a pair of pipes,
	we have a situation where the parent thinks the child reported an
	error and is waiting for a message from the child to explain the
	error; but at the same time the child thinks it reported success
	and is waiting for the parent to acknowledge the success; so both
	processes are now blocked.

	Thankfully, I don't think this deadlock is possible without at
	least one other bug in the code, but I did see exactly that sort
	of situation prior to commit da831af - I saw a backtrace where a
	double close bug in the parent caused the parent to read from the
	wrong fd and assume the child failed, even though the child really
	sent success.

	This potential deadlock is not quite like commit 858c247 (a deadlock
	due to multiple readers on one pipe preventing a write from completing),
	although the solution is similar - always close unused pipe fds before
	blocking, rather than after.

	* src/util/command.c (virCommandHandshakeWait): Close unused fds
	sooner.

2012-06-07  Martin Kletzander  <mkletzan@redhat.com>

	qemu: better detection of crashed domains
	When libvirtd is started and there is an unusable/not-connectable
	leftover from earlier started machine, it's more reasonable to say
	that the machine "crashed" if we know it was started with
	"-no-shutdown".
	This patch fixes that and also changes the other result (when machine
	was started without "-no-shutdown") to "unknown", because the previous
	"failed" reason means (according to include/libvirt/libvirt.h.in:174),
	that the machine failed to start.

2012-06-07  Eric Blake  <eblake@redhat.com>

	build: fix build without i18n
	If you compile without NLS support, where _() is a no-op macro,
	then we end up passing a string literal to a char*, provoking:

	In file included from virsh.c:3639:0:
	virsh-edit.c: In function ‘cmdSaveImageEdit’:
	virsh-edit.c:97:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]
	virsh-edit.c:106:13: error: assignment discards ‘const’ qualifier from pointer target type [-Werror]

	* tools/virsh-edit.c: Be const-safe.

2012-06-06  Cole Robinson  <crobinso@redhat.com>

	spec: Build against systemd for udev
	They have now merged. Fedora details here:

	https://lists.fedoraproject.org/pipermail/devel/2012-June/168227.html

2012-06-06  Eric Blake  <eblake@redhat.com>

	build: fix build of fresh checkout
	Commit 7bff56a worked in an incremental build, but fails for a
	fresh clone; apparently, if make sees both an actual file
	spelling and an inference rule, only the exact spelling is used.

	  CCLD   libvirt_driver_test.la
	  CC     libvirt_driver_remote_la-remote_driver.lo
	remote/remote_driver.c:4707:34: fatal error: remote_client_bodies.h: No such file or directory
	compilation terminated.

	BUILT_SOURCES to the rescue, instead of trying to mess with .lo
	dependencies directly.

	* src/Makefile.am (REMOTE_DRIVER_PREREQS, %remote_driver.lo): Drop...
	(BUILT_SOURCES): ...and add here instead.

2012-06-06  Eric Blake  <eblake@redhat.com>

	build: ensure storage driver is used
	Commit 1c275e9a accidentally dropped the storage driver from
	libvirtd, because it depended on a C preprocessor macro that
	was not defined.  Furthermore, if you do './configure
	--without-storage-dir --with-storage-disk' or any other combination
	where you explicitly build a subset of storage backends excluding
	the dir backend, then the build is broken.

	Based on analysis by Osier Yang.

	* configure.ac (WITH_STORAGE): Define top-level conditional.
	* src/Makefile.am (mod_LTLIBRARIES): Build driver even when
	storage_dir is disabled.
	* daemon/libvirtd.c: Pick up storage driver for any backend, not
	just dir.
	* daemon/Makefile.am (libvirtd_LDADD): Likewise.

2012-06-05  Michal Privoznik  <mprivozn@redhat.com>

	rpc: Size up RPC limits
	Since we are allocating RPC buffer dynamically, we can increase limits
	for max. size of RPC message and RPC string. This is needed to cover
	some corner cases where libvirt is run on such huge machines that their
	capabilities XML is 4 times bigger than our current limit. This leaves
	users with inability to even connect.

	rpc: Switch to dynamically allocated message buffer
	Currently, we are allocating buffer for RPC messages statically.
	This is not such pain when RPC limits are small. However, if we want
	ever to increase those limits, we need to allocate buffer dynamically,
	based on RPC message len (= the first 4 bytes). Therefore we will
	decrease our mem usage in most cases and still be flexible enough in
	corner cases.

2012-06-05  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' issues
	We had a distributed file (remote_protocol.h, which in turn was
	a prereq to remote_driver.c) depending on a generated file
	(libvirt_probes.h), which is a no-no for a VPATH build from a
	read-only source tree (no wonder 'make distcheck' tests precisely
	that situation):

	     File `libvirt_driver_remote.la' does not exist.
	       File `libvirt_driver_remote_la-remote_driver.lo' does not exist.
	             Prerequisite `libvirt_probes.h' is newer than target `../../src/remote/remote_protocol.h'.
	            Must remake target `../../src/remote/remote_protocol.h'.
	Invoking recipe from Makefile:7464 to update target `../../src/remote/remote_protocol.h'.
	make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/libvirt-0.9.12/_build/src'
	  GEN    ../../src/remote/remote_protocol.h
	cannot create ../../src/remote/remote_protocol.h: Permission denied at ../../src/rpc/genprotocol.pl line 31.
	make[3]: *** [../../src/remote/remote_protocol.h] Error 13

	Rather than making distributed .c files depend on generated files, we
	really want to ensure that compilation into .lo files is not attempted
	until the generated files are present, done by this patch.  Since there
	were two different sets of conditionally generated files that both
	feed the .lo file, I had to introduce a new variable REMOTE_DRIVER_PREREQS
	to keep automake happy.

	After that fix, the next issue was that make treats './foo' and 'foo'
	differently in determining whether an implicit %foo rule is applicable,
	with the result that locking/qemu-sanlock.conf wasn't properly being
	built at the right times.  Also, the output for using the .aug test
	files was a bit verbose.

	After fixing the src directory, the next error is related to the docs
	directory, where the tarball is missing a stamp file and thus tries to
	regenerate files that are already present:

	  GEN    ../../docs/apibuild.py.stamp
	Traceback (most recent call last):
	  File "../../docs/apibuild.py", line 2511, in <module>
	    rebuild("libvirt")
	  File "../../docs/apibuild.py", line 2495, in rebuild
	    builder.serialize()
	  File "../../docs/apibuild.py", line 2424, in serialize
	    output = open(filename, "w")
	IOError: [Errno 13] Permission denied: '../../docs/libvirt-api.xml'
	make[5]: *** [../../docs/apibuild.py.stamp] Error 1

	and fixing that exposed another case of a distributed file (generated
	html) depending on a built file (libvirt.h), but only when doing an
	in-tree build, because of a file glob.

	* src/Makefile.am ($(srcdir)/remote/remote_driver.c): Change...
	(libvirt_driver_remote_la-remote_driver.lo): ...to the real
	dependency.
	($(builddir)/locking/%-sanlock.conf): Drop $(builddir), so that
	rule gets run in time for test_libvirt_sanlock.aug.
	(test_libvir*.aug): Cater to silent build.
	(conf_DATA): Don't ship qemu-sanlock.conf in the tarball, since it
	is trivial to regenerate.
	* docs/Makefile.am (EXTRA_DIST): Ship our stamp file.
	($(APIBUILD_STAMP)): Don't depend on generated file.

2012-06-05  Jiri Denemark  <jdenemar@redhat.com>

	tests: Refresh qemu-1.1.0 data
	QEMU 1.1.0 has been officially released. With 1.1.0 QEMU went back to
	three-digits version even for the initial release and I renamed the data
	files to match this fact. They were generated with

	qemu-system-x86_64 -help >tests/qemuhelpdata/qemu-1.1.0
	qemu-system-x86_64 \
	    -device ? \
	    -device pci-assign,? \
	    -device virtio-blk-pci,? \
	    -device virtio-net-pci,? \
	    -device scsi-disk,? 2>tests/qemuhelpdata/qemu-1.1.0-device

2012-06-05  Osier Yang  <jyang@redhat.com>

	virsh: Back out if the argument for vol-create-as is malformed

	virsh: Accept UUID as an argument for net-info and net-start

	virsh: Accept UUID as an argument for storage commands
	Affected commands are: pool-start, vol-create-from.

2012-06-05  Beat Jörg  <Beat.Joerg@ssatr.ch>

	Fix for parallel port passthrough for QEMU
	I came across a bug that the command line generated for passthrough
	of the host parallel port /dev/parport0 by libvirt for QEMU is incorrect.

	It currently produces:
	-chardev tty,id=charparallel0,path=/dev/parport0
	-device isa-parallel,chardev=charparallel0,id=parallel0

	The first parameter is "tty". It sould be "parport".

	If I launch qemu with -chardev parport,... it works as expected.

	I have already filled a bug report (
	https://bugzilla.redhat.com/show_bug.cgi?id=823879 ), the topic was
	already on the list some months ago:

	https://www.redhat.com/archives/libvirt-users/2011-September/msg00095.html

2012-06-05  Eric Blake  <eblake@redhat.com>

	maint: command.c whitespace cleanups
	Noticed during the previous commit.

	* src/util/command.c: Fix some spacing and break long lines.

2012-06-04  Eric Blake  <eblake@redhat.com>

	command: avoid deadlock on EPIPE situation
	It is possible to deadlock libvirt by having a domain with XML
	longer than PIPE_BUF, and by writing a hook script that closes
	stdin early.  This is because libvirt was keeping a copy of the
	child's stdin read fd open, which means the write fd in the
	parent will never see EPIPE (remember, libvirt should always be
	run with SIGPIPE ignored, so we should never get a SIGPIPE signal).
	Since there is no error, libvirt blocks waiting for a write to
	complete, even though the only reader is also libvirt.  The
	solution is to ensure that only the child can act as a reader
	before the parent does any writes; and then dealing with the
	fallout of dealing with EPIPE.

	Thankfully, this is not a security hole - since the only way to
	trigger the deadlock is to install a custom hook script, anyone
	that already has privileges to install a hook script already has
	privileges to do any number of other equally disruptive things
	to libvirt; it would only be a security hole if an unprivileged
	user could install a hook script to DoS a privileged user.

	* src/util/command.c (virCommandRun): Close parent's copy of child
	read fd earlier.
	(virCommandProcessIO): Don't let EPIPE be fatal; the child may
	be done parsing input.
	* tests/commandhelper.c (main): Set up a SIGPIPE situation.
	* tests/commandtest.c (test20): Trigger it.
	* tests/commanddata/test20.log: New file.

2012-06-04  Laine Stump  <laine@laine.org>

	util: fix "make rpm" when viratomic.h is used
	Although src/util/viratomic.h has been added to the repo, up until now
	it hasn't been used. Stefan Berger is using it in his proposed dhcp
	snooping patches, and an rpm build with those patches failed due to
	viratomic.h not being packed up with the rest of the sources.

2012-06-04  Eric Blake  <eblake@redhat.com>

	build: allow building with newer glibc-headers and -O0
	glibc 2.15 (on Fedora 17) coupled with explicit disabling of
	optimization during development dies a painful death:

	In file included from /usr/include/limits.h:27:0,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:169,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/syslimits.h:7,
	                 from /usr/lib/gcc/x86_64-redhat-linux/4.7.0/include/limits.h:34,
	                 from util/bitmap.c:26:
	/usr/include/features.h:314:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
	cc1: all warnings being treated as errors

	Work around this by only conditionally defining _FORTIFY_SOURCE,
	in the case where glibc can actually use it.  The trick is using
	AH_VERBATIM instead of AC_DEFINE.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Squelch
	_FORTIFY_SOURCE when needed to avoid glibc #warnings.

2012-06-04  Wen Congyang  <wency@cn.fujitsu.com>

	fix make syntax-check failed

2012-06-04  Eric Blake  <eblake@redhat.com>

	build: fix sc_prohibit_readlink
	I noticed this during 'make syntax-check':

	prohibit_readlink
	grep: Unmatched ( or \(

	* cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Fix
	mismatched '('.

2012-06-04  Jiri Denemark  <jdenemar@redhat.com>

	file: Log closing filedescriptors
	EBADF errors are logged as warnings as they normally indicate a double
	close bug. This patch also provides VIR_MASS_CLOSE helper to be user in
	the only case of mass close after fork when EBADF should rather be
	ignored.

	command: Fix debug message during handshake
	Probably a result of copy&paste...

2012-06-04  Radu Caragea  <dmns_serp@yahoo.com>

	Fix sync issue in virNetClientStreamEventRemoveCallback
	The stream lock is unlocked twice instead of being locked and then
	unlocked. Probably a typo.

2012-06-02  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Allow users to reedit rejected XML
	If users *-edit but make a mistake in XML all changes are
	permanently lost. However, if virsh is not running within
	a script we can ask user if he wants to re-edit the file
	and correct the mistakes.

	virsh: Switch from generated cmd*Edit commands to nongenerated
	Currently, we either generate some cmd*Edit commands (cmdPoolEdit
	and cmdNetworkEdit) via sed script or copy the body of cmdEdit
	(e.g. cmdInterfaceEdit, cmdNWFilterEdit, etc.). This fact makes
	it harder to implement any new feature to our editing system.
	Therefore switch to new implementation - define macros to:
	- dump XML (EDIT_GET_XML)
	- take an action if XML wasn't changed,
	  usually just vshPrint() (EDIT_NOT_CHANGED)
	- define new object (EDIT_DEFINE) - the edited XML is in @doc_edited
	- free object defined by EDIT_DEFINE (EDIT_FREE)
	and #include "virsh-edit.c"

2012-06-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add multiple IP address support to DHCP snooping
	With support for multiple IP addresses per interface in place, this patch
	now adds support for multiple IP addresses per interface for the DHCP
	snooping code.


	Testing:

	Since the infrastructure I tested this with does not provide multiple IP
	addresses per MAC address (anymore), I either had to plug the VM's interface
	from the virtual bride connected directly to the infrastructure to virbr0
	to get a 2nd IP address from dnsmasq (kill and run dhclient inside the VM)
	or changed the lease file  (/var/run/libvirt/network/nwfilter.leases) and
	restart libvirtd to have a 2nd IP address on an existing interface.
	Note that dnsmasq can take a lease timeout parameter as part of the --dhcp-range
	command line parameter, so that timeouts can be tested that way
	(--dhcp-range 192.168.122.2,192.168.122.254,120). So, terminating and restarting
	dnsmasq with that parameter is another choice to watch an IP address disappear
	after 120 seconds.

	Regards,
	   Stefan

2012-06-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: move code for IP address map into separate file
	The goal of this patch is to prepare for support for multiple IP
	addresses per interface in the DHCP snooping code.

	Move the code for the IP address map that maps interface names to
	IP addresses into their own file. Rename the functions on the way
	but otherwise leave the code as-is. Initialize this new layer
	separately before dependent layers (iplearning, dhcpsnooping)
	and shut it down after them.

2012-06-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: add DHCP snooping
	This patch adds DHCP snooping support to libvirt. The learning method for
	IP addresses is specified by setting the "CTRL_IP_LEARNING" variable to one of
	"any" [default] (existing IP learning code), "none" (static only addresses)
	or "dhcp" (DHCP snooping).

	Active leases are saved in a lease file and reloaded on restart or HUP.

	The following interface XML activates and uses the DHCP snooping:

	    <interface type='bridge'>
	      <source bridge='virbr0'/>
	      <filterref filter='clean-traffic'>
	        <parameter name='CTRL_IP_LEARNING' value='dhcp'/>
	      </filterref>
	    </interface>

	All filters containing the variable 'IP' are automatically adjusted when
	the VM receives an IP address via DHCP. However, multiple IP addresses per
	interface are silently ignored in this patch, thus only supporting one IP
	address per interface. Multiple IP address support is added in a later
	patch in this series.

2012-06-01  Marti Raudsepp  <marti@juffo.org>

	qemu: move -name arg to be 1st in "ps x" output
	Currently, monitoring QEMU virtual machines with standard Unix
	sysadmin tools is harder than it has to be. The QEMU command line is
	often miles long and mostly redundant, it's hard to tell which process
	is which.

	This patch reorders the QEMU -name argument to be the first, so it's
	immediately visible in "ps x", htop and "atop -c" output.

2012-06-01  Laine Stump  <laine@laine.org>

	qemu: fix netdev alias name assignment wrt type='hostdev'
	This patch resolves:

	   https://bugzilla.redhat.com/show_bug.cgi?id=827519

	The problem is that an interface with type='hostdev' will have an
	alias of the form "hostdev%d", while the function that looks through
	existing netdevs to determine the name to use for a new addition will
	fail if there's an existing entry that does not match the form
	"net%d".

	This is another of the handful of places that need an exception due to
	the hybrid nature of <interface type='hostdev'> (which is not exactly
	an <interface> or a <hostdev>, but is both at the same time).

2012-05-31  Martin Kletzander  <mkletzan@redhat.com>

	tools: make virt-pki-validate work with acls and xattrs
	This patch makes virt-pki-validate work with certificates that have
	acl or xattr set. Otherwise it failing due to wrong permissions.

2012-05-31  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: avoid closing fd more than once
	If we migrate to fd, spec->fwdType is not MIGRATION_FWD_DIRECT,
	we will close spec->dest.fd.local in qemuMigrationRun(). So we
	should set spec->dest.fd.local to -1 in qemuMigrationRun().

	Bug present since 0.9.5 (commit 326176179).

2012-05-31  Wen Congyang  <wency@cn.fujitsu.com>

	command: check for fork error before closing fd
	We should not set *outfd or *errfd if virExecWithHook() failed
	because the caller may close these fds.

	Bug present since v0.4.5 (commit 60ed1d2a).

2012-05-31  Eric Blake  <eblake@redhat.com>

	fdstream: avoid double close bug
	Wen Congyang reported that we have a double-close bug if we fail
	virFDStreamOpenInternal, since childfd duplicated one of the fds[]
	array contents.  In truth, since we always transfer both members
	of fds to other variables, we should close the fds through those
	other names, and just use fds[] for pipe().

	Bug present since 0.9.0 (commit e886237a).

	* src/fdstream.c (virFDStreamOpenFileInternal): Swap scope of
	childfd and fds[], to avoid a double close.

2012-05-31  Eric Blake  <eblake@redhat.com>

	command: avoid double close bugs
	KAMEZAWA Hiroyuki reported a nasty double-free bug when virCommand
	is used to convert a string into input to a child command.  The
	problem is that the poll() loop of virCommandProcessIO would close()
	the write end of the pipe in order to let the child see EOF, then
	the caller virCommandRun() would also close the same fd number, with
	the second close possibly nuking an fd opened by some other thread
	in the meantime.  This in turn can have all sorts of bad effects.

	The bug has been present since the introduction of virCommand in
	commit f16ad06f.

	This is based on his first attempt at a patch, at
	https://bugzilla.redhat.com/show_bug.cgi?id=823716

	* src/util/command.c (_virCommand): Drop inpipe member.
	(virCommandProcessIO): Add argument, to avoid closing caller's fd
	without informing caller.
	(virCommandRun, virCommandNewArgs): Adjust clients.

2012-05-30  Wen Congyang  <wency@cn.fujitsu.com>

	avoid fd leak
	virCommandRunAsync() will set errfd if it succeed. We should
	close it if virFDStreamOpenInternal() fails.

	avoid closing uninitialized fd
	If the system does not support bypass cache, we will close fd,
	but it is uninitialized.

2012-05-30  Martin Kletzander  <mkletzan@redhat.com>

	Fixes for check and rpm builds without sanlock (and qemu)
	Apart from the non-sanlock check build, there is also a little fix for
	qemu (EXTRA_DIST had qemu.conf and others inside even if the build was
	supposed to be without qemu).

2012-05-30  Wen Congyang  <wency@cn.fujitsu.com>

	build: include augeas-gentest.pl into dist file
	We generate *.aug from *.aug.in by augeas-gentest.pl, so this script
	should be included in dist file.

2012-05-30  Eric Blake  <eblake@redhat.com>

	build: use same perl binary throughout build
	Some of our rules used $(PERL), while others used 'perl'.  Always
	using the variable allows a developer to point to a different (often
	better) perl than the default one found on $PATH.

	* daemon/Makefile.am ($(srcdir)/remote_dispatch.h): s/perl/$(PERL).
	* src/Makefile.am ($(srcdir)/remote/remote_client_bodies.h)
	(PDWTAGS, %protocol.c, %_probes.stp): Likewise.

2012-05-30  Eric Blake  <eblake@redhat.com>

	build: fix testing of augeas files in VPATH builds
	Without this fix, a VPATH build (such as used by ./autobuild.sh)
	fails with messages like:

	make[3]: Entering directory `/home/remote/eblake/libvirt-tmp2/build/daemon'
	../../build-aux/augeas-gentest.pl libvirtd.conf ../../daemon/test_libvirtd.aug.in test_libvirtd.aug
	cannot read libvirtd.conf: No such file or directory at ../../build-aux/augeas-gentest.pl line 38.

	Since the test files are not part of the tarball, we can generate
	them into the build dir, but rather than create a subdirectory
	just for the test file, it is easier to test them directly in
	libvirt.git/src.

	* daemon/Makefile.am (AUG_GENTEST): Factor out definition.
	(test_libvirtd.aug): Look for correct file.
	* src/Makefile.am (AUG_GENTEST): Use $(PERL).
	(qemu/test_libvirtd_qemu.aug, lxc/test_libvirtd_lxc.aug)
	(locking/test_libvirt_sanlock.aug): Rename to avoid subdirectories.
	(check-augeas-qemu, check-augeas-lxc, check-augeas-sanlock): Reflect
	location of built tests.
	* configure.ac (PERL): Substitute perl.

2012-05-30  Eric Blake  <eblake@redhat.com>

	build: silence warning from autoconf
	Autoconf 2.60 and later insist on using ${datarootdir}, rather than
	the derived ${datadir} (although the latter defaults to the former,
	it is possible to set configure arguments so that they differ):

	config.status: creating libvirt.pc
	config.status: WARNING:  'libvirt.pc.in' seems to ignore the --datarootdir setting

	This patch follows the autoconf manual's suggestions for how to
	support 2.59 (RHEL 5) and newer simultaneously.

	* libvirt.pc.in (datarootdir): Define, so ${datadir} will not ignore
	datarootdir when using newer autoconf.

2012-05-30  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Extend debug message for handshake
	Currently, we are logging only one side of pipes we
	create in virCommandRequireHandshake(); This is enough
	in cases where pipe2() returns two consecutive FDs. However,
	it is not guaranteed and it may return any FDs.
	Therefore, it's wise to log the other ends as well.

2012-05-30  Martin Kletzander  <mkletzan@redhat.com>

	lxc: return correct number of CPUs
	When getting number of CPUs the host has assigned, there was always
	number "1" returned. Even though all lxc domains with no pinning
	launched by libvirt run on all pCPUs (by default, no matter what's the
	number), we should at least return the same number as the user
	specified when creating the domain.

	build: Fixed generating of libvirt_qemu_probes.h
	I added libvirt_qemu_probes.h into BUILT_SOURCES. That makes it
	generated, but most probably it is not the clearest way how to do
	that, but it fixes the build.

2012-05-30  Dave Allan  <dallan@redhat.com>

	examples: add consolecallback example python script
	A while back I wrote the attached code to demonstrate how to use
	events and serial console to create a serial console that stays up
	even when the VM is down.  It might need some work, as I am not
	terribly strong with Python.

	* examples/python/consolecallback.py: New file.
	* examples/python/Makefile.am (EXTRA_DIST): Ship it.

2012-05-29  Eric Blake  <eblake@redhat.com>

	build: don't lose probes.o files
	The previous patch fixed an incremental build, but missed that on
	a fresh checkout, we now have nothing left that stops make from
	nuking libvirt_qemu_probes.o.

	* src/Makefile.am ($(libvirt_driver_qemu_la_SOURCES)): Delete,
	since this variable is empty.
	(.PRECIOUS): Add %_probes.o, so they don't get nuked as an
	intermediate by-product after creating %_probes.lo.

2012-05-29  Eric Blake  <eblake@redhat.com>

	build: fix missing dependencies for libvirt-qemu.so
	The moment you specify a _DEPENDENCIES, older automake (stupidly)
	assumes that you will specify _all_ dependencies for that target.
	This stupidity has been fixed in automake 1.12, but we cannot rely on
	newer automake everywhere.  For libvirt_la_DEPENDENCIES, we took
	care of providing the full list, but for libvirt_qemu_la_DEPENDENCIES,
	we were missing the dependency on libvirt_qemu_impl.la, which resulted
	in a failed build:

	make[3]: Entering directory `/home/ajia/Workspace/libvirt/src'
	   CCLD   libvirt_driver_qemu.la
	libtool: link: `libvirt_qemu_probes.lo' is not a valid libtool object

	* src/Makefile.am (libvirt_driver_qemu_la_DEPENDENCIES): Delete;
	automake does a better job if it does the entire job.

2012-05-29  Eric Blake  <eblake@redhat.com>

	build: don't clean a file that belongs in the tarball
	Otherwise, 'make rpm' fails with:

	make[2]: *** No rule to make target `locking/test_libvirt_sanlock.aug.in', needed by `distdir'.  Stop.
	make[2]: Leaving directory `/home/dipankar/src/powerpc/libvirt-ppc/src'
	make[1]: *** [distdir] Error 1

	Reported by Dipankar Sarma.

	* src/Makefile.am (CLEANFILES): Clean only the generated file.

2012-05-29  Eric Blake  <eblake@redhat.com>

	virsh: avoid strncpy
	strncpy is generally evil - it runs the risk of missing NUL
	termination, and more often than not wastes time zeroing way
	more bytes than strictly necessary.  We've avoided this evil
	in our virStrncpy wrapper, except for places where we forgot
	to use the wrapper; meanwhile, we have also added an even
	higher layer wrapper for setting virTypedParameter values.

	* tools/virsh.c (cmdMemtune, cmdBlkdeviotune): Use modern API.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_strncpy): Tighten.

2012-05-29  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Gnulib finally relaxed the isatty license, needed as first mentioned here:
	https://www.redhat.com/archives/libvir-list/2012-February/msg01022.html

	Other improvements include better syntax-check rules (we can delete one
	of ours now that it is a duplicate) and better compiler warning usage.

	* .gnulib: Update to latest, for isatty.
	* cfg.mk (sc_prohibit_strncpy): Drop a now-redundant rule.
	* bootstrap.conf (gnulib_modules): Add isatty.
	* bootstrap: Resync from gnulib.

2012-05-29  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	leak_fix.diff
	==3240== 23 bytes in 1 blocks are definitely lost in loss record 242 of 744
	==3240==    at 0x4C2A4CD: malloc (vg_replace_malloc.c:236)
	==3240==    by 0x8077537: __vasprintf_chk (vasprintf_chk.c:82)
	==3240==    by 0x509C677: virVasprintf (stdio2.h:199)
	==3240==    by 0x509C733: virAsprintf (util.c:1912)
	==3240==    by 0x1906583A: qemudStartup (qemu_driver.c:679)
	==3240==    by 0x511991D: virStateInitialize (libvirt.c:809)
	==3240==    by 0x40CD84: daemonRunStateInit (libvirtd.c:751)
	==3240==    by 0x5098745: virThreadHelper (threads-pthread.c:161)
	==3240==    by 0x7953D8F: start_thread (pthread_create.c:309)
	==3240==    by 0x805FF5C: clone (clone.S:115)

	Introduce virMacAddr typedef

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in comment start
	src/libvirt.c: s,//,/,

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Santize the reporting of VIR_ERR_INVALID_ERROR
	To ensure consistent error reporting of invalid arguments,
	provide a number of predefined helper methods & macros.

	 - An arg which must not be NULL:

	   virCheckNonNullArgReturn(argname, retvalue)
	   virCheckNonNullArgGoto(argname, label)

	 - An arg which must be NULL

	   virCheckNullArgGoto(argname, label)

	 - An arg which must be positive (ie 1 or greater)

	   virCheckPositiveArgGoto(argname, label)

	 - An arg which must not be 0

	   virCheckNonZeroArgGoto(argname, label)

	 - An arg which must be zero

	   virCheckZeroArgGoto(argname, label)

	 - An arg which must not be negative (ie 0 or greater)

	   virCheckNonNegativeArgGoto(argname, label)

	* src/libvirt.c, src/libvirt-qemu.c,
	  src/nodeinfo.c, src/datatypes.c: Update to use
	  virCheckXXXX macros
	* po/POTFILES.in: Add libvirt-qemu.c and virterror_internal.h
	* src/internal.h: Define macros for checking invalid args
	* src/util/virterror_internal.h: Define macros for reporting
	  invalid args

2012-05-28  Eric Blake  <eblake@redhat.com>

	build: silence libtool during tests
	Libtool is picky about linking against a module library (aka a .so);
	giving lots of warnings like this in the tests directory:

	  CCLD   networkxml2argvtest

	*** Warning: Linking the executable networkxml2argvtest against the loadable module
	*** libvirt_driver_network.so is not portable!

	Fix that by splitting things into a convenience library which can
	be used directly by the tests, and making the real .so just wrap
	the convenience library.

	Based on a suggestion by Daniel P. Berrange.

	* configure.ac (--with-driver-modules): Fix help test.
	* src/Makefile.am (libvirt_driver_xen.la, libvirt_driver_libxl.la)
	(libvirt_driver_qemu.la, libvirt_driver_lxc.la)
	(libvirt_driver_uml.la): Factor into new convenience libraries.
	* tests/Makefile.am (xen_LDADDS, qemu_LDADDS, lxc_LDADDS)
	(networkxml2argvtest_LDADD): Link to convenience libraries, not
	shared libraries.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix linking to DTrace probes file
	There was no rule forcing libvirt_qemu_probes.o to be built
	before libvirt_qemu_probes.lo was used. Also libvirtd was
	still referencing the .o file, rather than the .lo file.

	Both the .lo and .o file must be listed as DEPENDENCIES,
	otherwise libtool will unhelpfully delete the .o file
	once the .lo file is created.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix Win32 build by linking to ole32
	The CoTaskMemFree function requires the ole32 DLL to be
	linked against. Currently this is only done for the
	VirtualBox driver. Also add it to libvirt_util.la

	* configure.ac: Unconditionally add ole32 DLL to Win32
	* src/Makefile.am: Link old32 to libvirt_util.la

2012-05-28  Martin Kletzander  <mkletzan@redhat.com>

	docs: typo in acceleration element
	"accel3d" was specified twice, the second one is obviously "accel2d"
	(also from the text down below.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Autogenerate augeas test case from default config files
	When adding new config file parameters, the corresponding
	additions to the augeas lens' are constantly forgotten.
	Also there are augeas test cases, these don't catch the
	error, since they too are never updated.

	To address this, the augeas test cases need to be auto-generated
	from the example config files.

	* build-aux/augeas-gentest.pl: Helper to generate an
	  augeas test file, substituting in elements from the
	  example config files
	* src/Makefile.am, daemon/Makefile.am: Switch to
	  auto-generated augeas test cases
	* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
	  src/locking/test_libvirt_sanlock.aug,
	  src/locking/test_libvirt_sanlock.aug.in,
	  src/lxc/test_libvirtd_lxc.aug,
	  src/lxc/test_libvirtd_lxc.aug.in,
	  src/qemu/test_libvirtd_qemu.aug,
	  src/qemu/test_libvirtd_qemu.aug.in: Remove example
	  config file data, replacing with a ::CONFIG:: placeholder

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Re-order config options in qemu driver augeas lens
	Currently all the config options are listed under a 'vnc_entry'
	group. Create a bunch of new groups & move options to the
	right place

	Fix mistakes in augeas lens
	Add nmissing 'host_uuid' entry to libvirtd.conf lens and
	rename spice_passwd to spice_password in qemu.conf lens

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Standardize whitespace used in example config files
	Instead of doing

	  # example_config

	use

	  #example_config

	so it is possible to programatically uncomment example config
	options, as distinct from their comment/descriptions

	Also delete rogue trailing comma not allowed by lens

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Add impl of APIs to get user directories on Win32
	Add an impl of +virGetUserRuntimeDirectory, virGetUserCacheDirectory
	virGetUserConfigDirectory and virGetUserDirectory for Win32 platform.
	Also create stubs for non-Win32 platforms which lack getpwuid_r()

	In adding these two helpers were added virFileIsAbsPath and
	virFileSkipRoot, along with some macros VIR_FILE_DIR_SEPARATOR,
	VIR_FILE_DIR_SEPARATOR_S, VIR_FILE_IS_DIR_SEPARATOR,
	VIR_FILE_PATH_SEPARATOR, VIR_FILE_PATH_SEPARATOR_S

	All this code was adapted from GLib2 under terms of LGPLv2+ license.

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove uid param from directory lookup APIs
	Remove the uid param from virGetUserConfigDirectory,
	virGetUserCacheDirectory, virGetUserRuntimeDirectory,
	and virGetUserDirectory

	These functions were universally called with the
	results of getuid() or geteuid(). To make it practical
	to port to Win32, remove the uid parameter and hardcode
	geteuid()

2012-05-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos in RPM dependencies
	s/daemon-driver-nwilter/daemon-driver-nwfilter/
	s/daemon-network/daemon-driver-network/

	Fix check for socket existance / daemon spawn
	When you try to connect to a socket in the abstract namespace,
	the error will be ECONNREFUSED for a non-listening daemon. With
	the non-abstract namespace though, you instead get ENOENT. Add
	a check for this extra errno when auto-spawning the daemon

	Remove last usage of PATH_MAX and ban its future use
	Remove a number of pointless checks against PATH_MAX and
	add a syntax-check rule to prevent its use in future

2012-05-26  Jim Meyering  <meyering@redhat.com>

	maint: avoid new automake warning about AM_PROG_CC_STDC
	* configure.ac (AM_PROG_CC_STDC): Stop using this macro.
	It provokes warnings from newer automake and is superseded by
	autoconf's AC_PROG_CC, which we're already using.

2012-05-25  Eric Blake  <eblake@redhat.com>

	build: silence libtool warning on probes.o
	Libtool supports linking directly against .o files on some platforms
	(such as Linux), which happens to be the only place where we are
	actually doing that (for the dtrace-generated probes.o files).  However,
	it raises a big stink about the non-portability, even though we don't
	attempt it on platforms where it would actually fail:

	  CCLD   libvirt_driver_qemu.la

	*** Warning: Linking the shared library libvirt_driver_qemu.la against
	the non-libtool
	*** objects  libvirt_qemu_probes.o is not portable!

	This shuts libtool up by creating a proper .lo file that matches
	what libtool normally expects.

	* src/Makefile.am (%_probes.lo): New rule.
	(libvirt_probes.stp, libvirt_qemu_probes.stp): Simplify into...
	(%_probes.stp): ...shorter rule.
	(CLEANFILES): Clean new .lo files.
	(libvirt_la_BUILT_LIBADD, libvirt_driver_qemu_la_LIBADD)
	(libvirt_lxc_LDADD, virt_aa_helper_LDADD): Link against .lo file.
	* tests/Makefile.am (PROBES_O, qemu_LDADDS): Likewise.

2012-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Improve docs about compiling libvirt from GIT
	Add a note about setting the LIBVIRT_DRIVER_DIR env variable,
	explain --system and fix example to use --disable-werror

2012-05-25  Eric Blake  <eblake@redhat.com>

	tests: run valgrind on real executables, not libtool wrappers
	* tests/Makefile.am (valgrind): Use libtool's ability to bypass
	libtool wrappers when running valgrind.

2012-05-25  Douglas Schilling Landgraf  <dougsland@redhat.com>

	qemu augeas: Add spice_tls/spice_tls_x509_cert_dir
	If vdsm is installed and configured in Fedora 17, we add the following
	items into qemu.conf:

	spice_tls=1
	spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice"

	However, after this changes, augtool cannot identify qemu.conf anymore.

2012-05-25  Eric Blake  <eblake@redhat.com>

	tests: back to short test names
	With the switch to modules by default, I was getting super long
	test output:

	TEST: /home/remote/eblake/libvirt/tests/.libs/lt-interfacexml2xmltest

	compared to the former:

	TEST: interfacexml2xmltest

	* tests/testutils.c (virtTestMain): Trim off libtool goop.

2012-05-25  Eric Blake  <eblake@redhat.com>

	maint: ignore more files from version control
	* .gitignore: Exempt recent test binary and probes.h name change.

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add sentinel for virErrorDomain enum
	Add a VIR_ERR_DOMAIN_LAST sentinel for virErrorDomain and
	replace the virErrorDomainName function by a VIR_ENUM_IMPL

	In the process the naming of error domains is sanitized

	* src/util/virterror.c: Use VIR_ENUM_IMPL for converting
	  error domains to strings
	* include/libvirt/virterror.h: Add VIR_ERR_DOMAIN_LAST

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add parsing for VIR_ENUM_IMPL & VIR_ENUM_DECL in apibuild.py
	The apibuild.py parser needs to be able to parse & ignore
	any VIR_ENUM_IMPL/VIR_ENUM_DECL macros in the source. Add
	some special case code to deal with this rather than trying
	to figure out a generic syntax for parsing macros.

	* apibuild.py: Special case  VIR_ENUM_IMPL & VIR_ENUM_DECL

2012-05-24  Michal Privoznik  <mprivozn@redhat.com>

	security: Switch to C99-style struct initialization

2012-05-24  Wen Congyang  <wency@cn.fujitsu.com>

	fix building error on non fedora system
	We forget to define with_storage_rbd if the system is not fedora,
	or the version is less than 16.

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add stub impl of virNetlinkEventServiceLocalPid for Win32
	The libvirt_private.syms file exports virNetlinkEventServiceLocalPid
	so there needs to be a no-op stub for Win32 to avoid linker errors

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Enable driver modules in libvirt RPM
	Turn on loadable modules for libvirtd. Add new sub-RPMs
	libvirt-daemon-driver-XXX, one for each loadable .so.
	Modify the libvirt-daemon-YYY RPMs to depend on each of
	the individual drivers they required

	* libvirt.spec.in: Enable driver modules

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Default to enable driver modules for libvirtd
	Always enable driver modules for libvirtd, if we have dlopen
	available. This allows more modular packaging by distros
	and ensures we don't break this config

	* configure.ac: Default to enable driver modules

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for loading driver modules
	To ensure all symbols used by loadable driver modules are
	exported in libvirt.so, add a test suite that simply loads
	each driver in turn

	* tests/Makefile.am, tests/virdrivermoduletest.c: Add
	  a test case for loading drivers

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Override default driver dir when running from GIT
	* daemon/libvirtd.c: Set custom driver module dir if the current
	  binary name is 'lt-libvirtd' (indicating execution directly
	  from GIT checkout)
	* src/driver.c, src/driver.h, src/libvirt_driver_modules.syms: Add
	  virDriverModuleInitialize to allow driver module location to
	  be changed

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Split QEMU dtrace probes into separate file
	When building as driver modules, it is not possible for the QEMU
	driver module to reference the DTrace/SystemTAP probes linked into
	the main libvirt.so. Thus we need to move the QEMU probes into a
	separate file 'libvirt_qemu_probes.d'. Also rename the existing
	file from 'probes.d' to 'libvirt_probes.d' while we're at it

	* daemon/Makefile.am, src/internal.h: Include libvirt_probes.h
	  instead of probes.h
	* src/Makefile.am: Add rules for libvirt_qemu_probes.d
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Include libvirt_qemu_probes.h
	* src/libvirt_probes.d: Rename from probes.d
	* src/libvirt_qemu_probes.d: QEMU specific probes formerly
	  in probes.d

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Replace RTLD_LOCAL with RTLD_GLOBAL
	Since we have drivers which depend on each other (ie QEMU/LXC
	depend on the network driver APIs), we need to use RTLD_GLOBAL
	instead of RTLD_LOCAL. While this pollutes the calling binary
	with many more symbols, this is no worse than if we directly
	link to the drivers, and this only applies to libvirtd

	* src/driver.c: s/RTLD_LOCAL/RTLD_GLOBAL/

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Ensure LXC driver links against libblkid explicitly.
	Only libvirt_driver_storage.la links to libblkid currently. If
	we are running in a scenario with driver modules, LXC must
	directly link to it, since it can't assume the storage driver
	is present

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Remove libvirt_test.la library
	The libvirt_test.la library was introduced to allow test suites
	to reference internal-only symbols. These days, nearly every
	symbol we care about is in src/libvirt_private.syms, so there
	is no need for libvirt_test.la to continue to exist

	* src/Makefile.am: Delete libvirt_test.la & add new .syms files
	* src/libvirt_private.syms: Export symbols needed by test suite
	* tests/Makefile.am: Link to libvirt_test.la. Ensure LXC tests link
	  to network_driver.la
	* src/libvirt_esx.syms, src/libvirt_openvz.syms: Add exports needed
	  by test suite

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix broken linkage of libvirt_driver_nodedev.la
	libvirt_driver_nodedev.la should not link against either
	libvirt_util.la or gnulib.la, since libvirt.so brings
	in those deps.

	* src/Makefile.am: Fix broken linkage of libvirt_driver_nodedev.la

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Only build server side drivers as modules
	The driver modules all use symbols which are defined in libvirt.so.
	Thus for loading of modules to work, the binary that libvirt.so
	is linked to must export its symbols back to modules. If the
	libvirt.so itself is dlopen()d then the RTLD_GLOBAL flag must
	be set. Unfortunately few, if any, programming languages use
	the RTLD_GLOBAL flag when loading modules :-( This means is it
	not practical to use driver modules for any libvirt client side
	drivers (OpenVZ, VMWare, Hyper-V, Remote client, test).

	This patch changes the build process so only server side drivers
	are built as modules (Xen, QEMU, LXC, UML)

	* daemon/libvirtd.c: Add missing load of 'interface' driver
	* src/Makefile.am: Only build server side drivers as modules
	* src/libvirt.c: Don't load any driver modules

2012-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix dep from libvirt-lock-sanlock RPM
	The libvirt-lock-sanlock RPM requires libvirtd, so its RPM dep
	should be on libvirt-daemon, not libvirt

2012-05-24  Guido Günther  <agx@sigxcpu.org>

	openvz: add quota argument when creating container

	openvz: support file system quota reporting

	Introduce filesystem limits to virDomainFSDef

	Introduce virDomainParseScaledValue
	and use it for virDomainParseMemory. This allows to parse arbitrary
	scaled value, not only memory related values as needed for the
	filesystem limits code following later in this series.

2012-05-23  Daniel P. Berrange  <berrange@redhat.com>

	Remove more bogus systemd service dependencies
	Adding syslog.target is obsolete, avahi.target does not
	exist and dbus.target is also obsolete

	Reported-by: Lennart Poettering <lpoetter@redhat.com>

2012-05-22  Jiri Denemark  <jdenemar@redhat.com>

	Revert "rpc: Discard non-blocking calls only when necessary"
	This reverts commit b1e374a7ac56927cfe62435179bf0bba1e08b372, which was
	rather bad since I failed to consider all sides of the issue. The main
	things I didn't consider properly are:

	- a thread which sends a non-blocking call waits for the thread with
	  the buck to process the call
	- the code doesn't expect non-blocking calls to remain in the queue
	  unless they were already partially sent

	Thus, the reverted patch actually breaks more than what it fixes and
	clients (which may even be libvirtd during p2p migrations) will likely
	end up in a deadlock.

2012-05-22  Peter Krempa  <pkrempa@redhat.com>

	qemu_hotplug: Don't free the PCI device structure after hot-unplug
	The pciDevice structure corresponding to the device being hot-unplugged
	was freed after it was "stolen" from activeList. The pointer was still
	used for eg-inactive list. This patch removes the free of the structure
	and frees it only if reset fails on the device.

2012-05-22  Laine Stump  <laine@laine.org>

	util: export virBufferTrim
	This was forgotten in commit cdb87b1c4b3c325c61e2a6a7d8edcca3ca73a765.

2012-05-22  Eric Blake  <eblake@redhat.com>

	virBuffer: add way to trim back extra text
	I'm tired of writing:

	bool sep = false;
	while (...) {
	    if (sep)
	       virBufferAddChar(buf, ',');
	    sep = true;
	    virBufferAdd(buf, str);
	}

	This makes it easier, allowing one to write:

	while (...)
	    virBufferAsprintf(buf, "%s,", str);
	virBufferTrim(buf, ",", -1);

	to trim any remaining comma.

	* src/util/buf.h (virBufferTrim): Declare.
	* src/util/buf.c (virBufferTrim): New function.
	* tests/virbuftest.c (testBufTrim): Test it.

2012-05-21  Wido den Hollander  <wido@widodh.nl>

	storage backend: Add RBD (RADOS Block Device) support
	This patch adds support for a new storage backend with RBD support.

	RBD is the RADOS Block Device and is part of the Ceph distributed storage
	system.

	It comes in two flavours: Qemu-RBD and Kernel RBD, this storage backend only
	supports Qemu-RBD, thus limiting the use of this storage driver to Qemu only.

	To function this backend relies on librbd and librados being present on the
	local system.

	The backend also supports Cephx authentication for safe authentication with
	the Ceph cluster.

	For storing credentials it uses the built-in secret mechanism of libvirt.

2012-05-21  Eric Blake  <eblake@redhat.com>

	build: fix unused variable after last patch
	The previous commit (2cb0899) left a dead variable behind.

	* src/libxl/libxl_driver.c (libxlClose): Drop dead variable.

2012-05-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential events deadlock when unref'ing virConnectPtr
	When the last reference to a virConnectPtr is released by
	libvirtd, it was possible for a deadlock to occur in the
	virDomainEventState functions. The virDomainEventStatePtr
	holds a reference on virConnectPtr for each registered
	callback. When removing a callback, the virUnrefConnect
	function is run. If this causes the last reference on the
	virConnectPtr to be released, then virReleaseConnect can
	be run, which in turns calls qemudClose. This function has
	a call to virDomainEventStateDeregisterConn which is intended
	to remove all callbacks associated with the virConnectPtr
	instance. This will try to grab a lock on virDomainEventState
	but this lock is already held. Deadlock ensues

	Thread 1 (Thread 0x7fcbb526a840 (LWP 23185)):

	Since each callback associated with a virConnectPtr holds a
	reference on virConnectPtr, it is impossible for the qemudClose
	method to be invoked while any callbacks are still registered.
	Thus the call to virDomainEventStateDeregisterConn must in fact
	be a no-op. Thus it is possible to just remove all trace of
	virDomainEventStateDeregisterConn and avoid the deadlock.

	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Delete virDomainEventStateDeregisterConn
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_driver.c, src/uml/uml_driver.c: Remove
	  calls to virDomainEventStateDeregisterConn

2012-05-21  Jim Fehlig  <jfehlig@suse.com>

	Fix build when configuring with polkit0
	Commit 2223ea98 removed the only use of 'server' param in
	remoteDispatchAuthPolkit().  Mark the parameter with ATTRIBUTE_UNUSED
	to fix the build when configuring with polkit0.

2012-05-21  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Add support for ipset
	This patch adds support for the recent ipset iptables extension
	to libvirt's nwfilter subsystem. Ipset allows to maintain 'sets'
	of IP addresses, ports and other packet parameters and allows for
	faster lookup (in the order of O(1) vs. O(n)) and rule evaluation
	to achieve higher throughput than what can be achieved with
	individual iptables rules.

	On the command line iptables supports ipset using

	iptables ... -m set --match-set <ipset name> <flags> -j ...

	where 'ipset name' is the name of a previously created ipset and
	flags is a comma-separated list of up to 6 flags. Flags use 'src' and 'dst'
	for selecting IP addresses, ports etc. from the source or
	destination part of a packet. So a concrete example may look like this:

	iptables -A INPUT -m set --match-set test src,src -j ACCEPT

	Since ipset management is quite complex, the idea was to leave ipset
	management outside of libvirt but still allow users to reference an ipset.
	The user would have to make sure the ipset is available once the VM is
	started so that the iptables rule(s) referencing the ipset can be created.

	Using XML to describe an ipset in an nwfilter rule would then look as
	follows:

	  <rule action='accept' direction='in'>
	    <all ipset='test' ipsetflags='src,src'/>
	  </rule>

	The two parameters on the command line are also the two distinct XML attributes
	'ipset' and 'ipsetflags'.

	FYI: Here is the man page for ipset:

	https://ipset.netfilter.org/ipset.man.html

	Regards,
	    Stefan

2012-05-18  Eric Blake  <eblake@redhat.com>

	build: fix virnetlink on glibc 2.11
	We were being lazy - virnetlink.c was getting uint32_t as a
	side-effect from glibc 2.14's <unistd.h>, but older glibc 2.11
	does not provide uint32_t from <unistd.h>.  In fact, POSIX states
	that <unistd.h> need only provide intptr_t, not all of <stdint.h>,
	so the bug really is ours.  Reported by Jonathan Alescio.

	* src/util/virnetlink.h: Include <stdint.h>.

2012-05-18  Hu Tao  <hutao@cn.fujitsu.com>

	Adds support to param 'vcpu_time' in qemu_driver.
	This involves setting the cpuacct cgroup to a per-vcpu granularity,
	as well as summing the each vcpu accounting into a common array.
	Now that we are reading more than one cgroup file, we double-check
	that cpus weren't hot-plugged between reads to invalidate our
	summing.

2012-05-17  Hu Tao  <hutao@cn.fujitsu.com>

	Add a new param 'vcpu_time' to virDomainGetCPUStats
	Currently virDomainGetCPUStats gets total cpu usage, which consists
	of:

	  1. vcpu usage: the physical cpu time consumed by virtual cpu(s) of
	     domain
	  2. hypervisor: `total cpu usage' - `vcpu usage'

	The param 'vcpu_time' is for getting vcpu usages.

2012-05-17  Marc-André Lureau  <marcandre.lureau@gmail.com>

	tests: add ich6 codec type test to qemuxml2argv-sound-device
	Test new codec type element.

	qemu: honour sound <codec> sub-elements
	With ICH6 audio device, allow to specify codecs.
	By default, for compatibility reasons, if no codec is specified,
	"hda-duplex" will be used.

	domain: add <codec> sound sub-element
	Allow specifying sound device codecs. See formatdomain.html for
	more details.

	qemu: test CAPS_HDA_MICRO

2012-05-17  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't delete USB device on failed qemuPrepareHostdevUSBDevices
	If qemuPrepareHostdevUSBDevices fail it will roll back devices added
	to the driver list of used devices. However, if it may fail because
	the device is being used already. But then again - with roll back.
	Therefore don't try to remove a usb device manually if the function
	fail. Although, we want to remove the device if any operation
	performed afterwards fail.

2012-05-16  Eric Blake  <eblake@redhat.com>

	nodeinfo: test more details
	Make it obvious why we need Osier's patch in commit 10d9038b
	to fix NUMA parsing of an AMD machine with two cores sharing
	a socket id.

	* tests/nodeinfotest.c (linuxTestCompareFiles): Enhance the test.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-*-output.txt: Update.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Add a virLogMessage alternative taking va_list args
	Allow the logging APIs to be called with a va_list for format
	args, instead of requiring var-args usage.

	* src/util/logging.h, src/util/logging.c: Add virLogVMessage

2012-05-16  Eric Blake  <eblake@redhat.com>

	build: fix recent syntax-check breakage
	The use of readlink() in lxc_container.c is intentional; we don't
	want an absolute pathname there.

	* src/util/cgroup.h (VIR_CGROUP_SYSFS_MOUNT): Indent properly.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_readlink): Add
	exemption.

2012-05-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Rollback on used USB devices
	One of our latest USB device handling patches
	05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduced a regression.
	That is, we first create a temporary list of all USB devices that
	are to be used by domain just starting up. Then we iterate over and
	check if a device from the list is in the global list of currently
	assigned devices (activeUsbHostdevs). If not, we add it there and
	continue with next iteration then. But if a device from temporary
	list is either taken already or adding to the activeUsbHostdevs fails,
	we remove all devices in temp list from the activeUsbHostdevs list.
	Therefore, if a device is already taken we remove it from
	activeUsbHostdevs even if we should not. Thus, next time we allow
	the device to be assigned to another domain.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix build compat with older libselinux for LXC
	Most versions of libselinux do not contain the function
	selinux_lxc_contexts_path() that the security driver
	recently started using for LXC. We must add a conditional
	check for it in configure and then disable the LXC security
	driver for builds where libselinux lacks this function.

	* configure.ac: Check for selinux_lxc_contexts_path
	* src/security/security_selinux.c: Disable LXC security
	  if selinux_lxc_contexts_path() is missing

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Reject any non-option command line arguments
	Due to a bug in editing /etc/sysconfig/libvirtd, VDSM was causing
	libvirt processes to run with the following command line args

	   /usr/sbin/libvirtd --listen '#' 'by vdsm'

	While it correctly rejects any invalid option flags, libvirtd
	was not rejecting any non-option command line arguments

	* daemon/libvirtd.c: Reject non-option argv

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Remount cgroups controllers after setting up new /sys in LXC
	Normal practice is for cgroups controllers to be mounted at
	/sys/fs/cgroup. When setting up a container, /sys is mounted
	with a new sysfs instance, thus we must re-mount all the
	cgroups controllers. The complexity is that we must mount
	them in the same layout as the host OS. ie if 'cpu' and 'cpuacct'
	were mounted at the same location in the host we must preserve
	this in the container. Also if any controllers are co-located
	we must setup symlinks from the individual controller name to
	the co-located mount-point

	Trim /proc & /sys subtrees before mounting new instances
	Both /proc and /sys may have sub-mounts in them from the host
	OS. We must explicitly unmount them all before mounting the
	new instance over that location. If we don't then /proc/mounts
	will show the sub-mounts as existing, even though nothing will
	be able to access them, due to the over-mount.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Avoid LXC pivot root in the root source is still /
	If the LXC config has a filesystem

	  <filesystem>
	     <source dir='/'/>
	     <target dir='/'/>
	  </filesystem>

	then there is no need to go down the pivot root codepath.
	We can simply use the existing root as needed.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Mount fresh instance of sysfs/selinux in LXC
	Currently to make sysfs readonly, we remount the existing
	instance and then bind it readonly. Unfortunately this means
	sysfs is still showing device objects wrt the host OS namespace.
	We need it to reflect the container namespace, so we must mount
	a completely new instance of it. Do the same for selinuxfs since
	there is no benefit to bind mounting & this lets us simplify
	the code.

	* src/lxc/lxc_container.c: Mount fresh sysfs instance

2012-05-16  Daniel Walsh  <dwalsh@redhat.com>

	Convert the LXC driver to use the security driver API for mount options
	Instead of hardcoding use of SELinux contexts in the LXC driver,
	switch over to using the official security driver API.

	Add security driver APIs for getting mount options
	Some security drivers require special options to be passed to
	the mount system call. Add a security driver API for handling
	this data.

2012-05-16  Daniel Walsh  <dwalsh@redhat.com>

	Add support for LXC specific SELinux configuration
	The SELinux policy for LXC uses a different configuration file
	than the traditional svirt one. Thus we need to load
	/etc/selinux/targeted/contexts/lxc_contexts which contains
	something like this:

	 process = "system_u:system_r:svirt_lxc_net_t:s0"
	 file = "system_u:object_r:svirt_lxc_file_t:s0"
	 content = "system_u:object_r:virt_var_lib_t:s0"

	cleverly designed to be parsable by virConfPtr

2012-05-16  Daniel Walsh  <dwalsh@redhat.com>

	Use private data struct in SELinux driver
	Currently the SELinux driver stores its state in a set of global
	variables. This switches it to use a private data struct instead.
	This will enable different instances to have their own data.

	Don't enable the AppArmour security driver with LXC
	The AppArmour driver does not currently have support for LXC
	so ensure that when probing, it claims to be disabled

	Pass the virt driver name into security drivers
	To allow the security drivers to apply different configuration
	information per hypervisor, pass the virtualization driver name
	into the security manager constructor.

2012-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus udev.target dep from libvirtd unit
	There is no 'udev.target' unit in systemd (only 'udev.service')
	yet libvirtd's unit file had a dep on one. There's no compelling
	reason for a dep on udev, so remove it altogether.

	Reported-by: Avi Kivity <avi@redhat.com>

2012-05-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for -no-user-config
	Thanks to this new option we are now able to use modern CPU models (such
	as Westmere) defined in external configuration file.

	The qemu-1.1{,-device} data files for qemuhelptest are filled in with
	qemu-1.1-rc2 output for now. I will update those files with real
	qemu-1.1 output once it is released.

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Set a sensible default master start port for ehci companion controllers
	The uhci1, uhci2, uhci3 companion controllers for ehci1 must
	have a master start port set. Since this value is predictable
	we should set it automatically if the app does not supply it

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix logic for assigning PCI addresses to USB2 companion controllers
	Currently each USB2 companion controller gets put on a separate
	PCI slot. Not only is this wasteful of PCI slots, but it is not
	in compliance with the spec for USB2 controllers. The master
	echi1 and all companion controllers should be in the same slot,
	with echi1 in function 7, and uhci1-3 in functions 0-2 respectively.

	* src/qemu/qemu_command.c: Special case handling of USB2 controllers
	  to apply correct pci slot assignment
	* tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.args,
	  tests/qemuxml2argvdata/qemuxml2argv-usb-ich9-ehci-addr.xml: Expand
	  test to cover automatic slot assignment

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix virDomainDeviceInfoIsSet() to check all struct fields
	The virDomainDeviceInfoIsSet API was only checking if an
	address or alias was set in the struct. Thus if only a
	rom bar setting / filename, boot index, or USB master
	value was set, they could be accidentally dropped when
	formatting XML

	Remove redundant trailing slash in user dir paths
	Callers of virGetUser{Config,Runtime,Cache}Directory all
	append further path component. We should not be
	adding a trailing slash in the return path otherwise we
	get paths containing '//'

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Allow stack traces to be included with log messages
	Sometimes it is useful to see the callpath for log messages.
	This change enhances the log filter syntax so that stack traces
	can be show by setting '1:+NAME' instead of '1:NAME'.

	This results in output like:

	2012-05-09 14:18:45.136+0000: 13314: debug : virInitialize:414 : register drivers
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xd6)[0x7f89188ebe86]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
	/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]

	2012-05-09 14:18:45.136+0000: 13314: debug : virRegisterDriver:775 : driver=0x7f8918d02760 name=Test
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virRegisterDriver+0x6b)[0x7f89188ec717]
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(+0x11b3ad)[0x7f891891e3ad]
	/home/berrange/src/virt/libvirt/src/.libs/libvirt.so.0(virInitialize+0xf3)[0x7f89188ebea3]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x431921]
	/lib64/libc.so.6(__libc_start_main+0xf5)[0x3a21e21735]
	/home/berrange/src/virt/libvirt/tools/.libs/lt-virsh[0x40a279]

	* docs/logging.html.in: Document new syntax
	* configure.ac: Check for execinfo.h
	* src/util/logging.c, src/util/logging.h: Add support for
	  stack traces
	* tests/testutils.c: Adapt to API change

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Move user libvirtd socket out of abstract namespace
	The current unprivileged user libvirtd sockets are in the abstract
	namespace. This has a number of problems

	 - You can't connect to them remotely using the nc/ssh tunnel
	 - This is not portable for OS-X, BSD & probably others
	 - Parent directory permissions don't apply

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Add openvz_util.c to POTFILES

2012-05-15  Daniel P. Berrange  <berrange@redhat.com>

	Add bundled(gnulib) to RPM specfile
	According to Fedora guidelines, because we bundle gnulib we
	need to add a virtual Provides: bundled(gnulib).

	https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Requirement_if_you_bundle

2012-05-15  Guido Günther  <agx@sigxcpu.org>

	openvz: determine kb/pages only once
	to save some syscalls (as suggested by Eric Blake)

2012-05-15  Osier Yang  <jyang@redhat.com>

	libvirt-guests: Remove LISTFILE if it's empty when stopping service
	$LISTFILE is created even no domain is running, and the empty
	$LISTFILE could cause improper service status.

	    stopped ,with saved guests

	Which is not right, as there is no domain was saved.

2012-05-15  Osier Yang  <jyang@redhat.com>

	nodeinfo: Get the correct CPU number on AMD Magny Cours platform
	"Instead of developing one CPU with 12 cores, the Magny Cours is
	actually two 6 core “Bulldozer” CPUs combined in to one package"

	I.e, each package has two NUMA nodes, and the two numa nodes share
	the same core ID set (0-6), which means parsing the cores number
	from sysfs doesn't work in this case.

	And the wrong CPU number could cause three problems for libvirt:

	1) performance lost

	  A domain without "cpuset" or "placement='auto'" (to drive numad)
	specified will be only pinned to part of the CPUs.

	2) domain can be started

	  If a domain uses numad, and the advisory nodeset returned from
	numad contains node which exceeds the range of wrong total CPU
	number. The domain will fail to start, as the bitmask passed to
	sched_setaffinity could be fully filled with zero.

	3) wrong CPU number affects lots of stuffs.

	  E.g. for command "virsh vcpuinfo", "virsh vcpupin", it will always
	output with the truncated CPU list.

	For more details:

	https://www.redhat.com/archives/libvir-list/2012-May/msg00607.html

	This patch is to fix the problem by parsing /proc/cpuinfo to get
	the value of field "cpu cores", and use it as nodeinfo->cores if
	it's greater than the cores number from sysfs.

2012-05-15  Osier Yang  <jyang@redhat.com>

	qemu: Set memory policy using cgroup if placement is auto
	Like for 'static' placement, when the memory policy mode is
	'strict', set the memory policy by writing the advisory nodeset
	returned from numad to cgroup file cpuset.mems,

2012-05-15  Osier Yang  <jyang@redhat.com>

	qemu: Use the CPU index in capabilities to map NUMA node to cpu list.
	On some of the NUMA platforms, the CPU index in each NUMA node
	grows non-consecutive. While on other platforms, it can be inconsecutive,
	E.g.

	% numactl --hardware
	available: 4 nodes (0-3)
	node 0 cpus: 0 4 8 12 16 20 24 28
	node 0 size: 131058 MB
	node 0 free: 86531 MB
	node 1 cpus: 1 5 9 13 17 21 25 29
	node 1 size: 131072 MB
	node 1 free: 127070 MB
	node 2 cpus: 2 6 10 14 18 22 26 30
	node 2 size: 131072 MB
	node 2 free: 127758 MB
	node 3 cpus: 3 7 11 15 19 23 27 31
	node 3 size: 131072 MB
	node 3 free: 127226 MB
	node distances:
	node   0   1   2   3
	  0:  10  20  20  20
	  1:  20  10  20  20
	  2:  20  20  10  20
	  3:  20  20  20  10

	This patch is to fix the problem by using the CPU index in
	caps->host.numaCell[i]->cpus[i] to set the bitmask instead of
	assuming the CPU index of the NUMA nodes are always sequential.

2012-05-15  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Assign spapr-vio bus address to ibmvscsi controller
	For pseries guest, the default controller model is
	ibmvscsi controller, this controller only can work
	on spapr-vio address.

	This patch is to assign spapr-vio address type to
	ibmvscsi controller and correct vscsi test case.

2012-05-15  David Weber  <wb@munzinger.de>

	sanlock: fix locking for readonly devices
	Add ignore param for readonly and shared disk in sanlock

2012-05-14  Eric Blake  <eblake@redhat.com>

	nodeinfo: add some more tests
	Test 2 data grabbed from a 2-core 1-node laptop.
	Test 3 data grabbed from a 48-cpu AMD Magny Cours box.

	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-2*: New test data.
	* tests/nodeinfodata/linux-nodeinfo-sysfs-test-3*: Likewise.
	* tests/nodeinfotest.c (mymain): Run them.
	* cfg.mk
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Exempt
	new test files.

2012-05-14  Eric Blake  <eblake@redhat.com>

	nodeinfo: avoid probing host filesystem during test
	We had previously weakened our nodeinfotest in order to ignore parsed
	node values, because the parse function was mistakenly relying on
	host files.  A better fix is to avoid using the numactl library, but
	to instead parse the same files that numactl would read, all while
	allowing the files to be relative to our choice of directory.

	* src/nodeinfo.c (CPU_SYS_PATH, NODE_SYS_PATH): Replace with...
	(SYSFS_SYSTEM_PATH): ...parent directory.
	(linuxNodeInfoCPUPopulate): Check NUMA nodes from requested
	directory (by inlining numactl code).
	(nodeGetCPUmap, nodeGetMemoryStats): Adjust macro use.
	* tests/nodeinfotest.c (linuxTestCompareFiles, linuxTestNodeInfo):
	Update test to match.

2012-05-14  Eric Blake  <eblake@redhat.com>

	nodeinfo: drop static variable
	We were wasting time to malloc a copy of a constant string, then
	copy it into static storage, for every call to nodeGetInfo.  At
	least we were lucky that it was a constant source, and thus not
	subject to even worse issues with one thread clobbering the static
	storage while another was using it.  This gets rid of the waste,
	by passing the string through the stack instead, as well as renaming
	internal functions to better match our conventions.

	* src/nodeinfo.c (sysfs_path): Delete.
	(get_cpu_value, count_thread_siblings, parse_socket): Add
	parameter, and rename...
	(virNodeGetCpuValue, virNodeCountThreadSiblings)
	(virNodeParseSocket): ... into a common namespace.
	(cpu_online, parse_core): Inline into callers.
	(linuxNodeInfoCPUPopulate): Update caller.
	(nodeGetInfo): Drop a useless malloc.

2012-05-14  Eric Blake  <eblake@redhat.com>

	build: really silence the 32-bit warning
	Commit cdce2f42d tried to silence a compiler warning on 32-bit builds,
	but the gcc shipped with RHEL 5 is old enough that the type conversion
	via multiplication by 1 was insufficient for the task.

	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Previous attempt
	didn't get past all gcc versions.

2012-05-14  Eric Blake  <eblake@redhat.com>

	maint: fix AUTHORS
	Use the address specified in the actual commit, to placate
	'make syntax-check'.

2012-05-14  William Jon McCann  <william.jon.mccann@gmail.com>

	Use XDG Base Directories instead of storing in home directory
	As defined in:
	http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

	This offers a number of advantages:
	 * Allows sharing a home directory between different machines, or
	sessions (eg. using NFS)
	 * Cleanly separates cache, runtime (eg. sockets), or app data from
	user settings
	 * Supports performing smart or selective migration of settings
	between different OS versions
	 * Supports reseting settings without breaking things
	 * Makes it possible to clear cache data to make room when the disk
	is filling up
	 * Allows us to write a robust and efficient backup solution
	 * Allows an admin flexibility to change where data and settings are stored
	 * Dramatically reduces the complexity and incoherence of the
	system for administrators

2012-05-14  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.12
	* configure.ac docs/news.html.in libvirt.spec.in: updates for the release
	* po/*.po: pushed new sources and synchronized new languages translations

2012-05-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leaks in error paths related to transferred ownership
	Appending an item to a list transfers ownership of that item to the
	list owner. But an error can occur in between item allocation and
	appending it to the list. In this case the item has to be freed
	explicitly. This was not done in some special cases resulting in
	possible memory leaks.

	Reported by Coverity.

2012-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Don't skip detection of virtual cpu's on non KVM targets
	This patch lifts the limit of calling thread detection code only on KVM
	guests. With upstream qemu the thread mappings are reported also on
	non-KVM machines.

	QEMU adopted the thread_id information from the kvm branch.

	To remain compatible with older upstream versions of qemu the check is
	attempted but the failure to detect threads (or even run the monitor
	command - on older versions without SMP support) is treated non-fatal
	and the code reports one vCPU with pid of the hypervisor (in same
	fashion this was done on non-KVM guests).

2012-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Re-detect virtual cpu threads after cpu hot (un)plug.
	After a cpu hotplug the qemu driver did not refresh information about
	virtual processors used by qemu and their corresponding threads. This
	patch forces a re-detection as is done on start of QEMU.

	This ensures that correct information is reported by the
	virDomainGetVcpus API and "virsh vcpuinfo".

	A failure to obtain the thread<->vcpu mapping is treated non-fatal and
	the mapping is not updated in a case of failure as not all versions of
	QEMU report this in the info cpus command.

2012-05-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Refactor qemuDomainSetVcpusFlags
	This patch changes a switch statement into ifs when handling live vs.
	configuration modifications getting rid of redundant code in case when
	both live and persistent configuration gets changed.

2012-05-11  Eric Blake  <eblake@redhat.com>

	build: fix stamp file name
	Ever since commit c964b6a, make was trying to find the timestamp
	of '""./apibuild.py".stamp"', but only touching 'apibuild.py.stamp',
	and thus always rebuilding.  Reported by Daniel P. Berrange.

	* docs/Makefile.am (APIBUILD, APIBUILD_STAMP): Omit bogus quotes.

2012-05-11  Guannan Ren  <gren@redhat.com>

	usb: fix crash when failing to attach a second usb device
	when failing to attach another usb device to a domain for some reason
	which has one use device attached before, the libvirtd crashed.
	The crash is caused by null-pointer dereference error in invoking
	usbDeviceListSteal passed in NULL value usb variable.
	commit 05abd1507d66aabb6cad12eeafeb4c4d1911c585 introduces the bug.

2012-05-10  Eric Blake  <eblake@redhat.com>

	docs: mention migration issue of which credentials are used
	Based on a report by Seth Vidal.  Just because _you_ can use virsh
	to connect to both source and destinations does not mean that libvirtd
	on the source (aka _root_) can likewise connect to the destination;
	this matters when setting up a peer-to-peer migration instead of a
	native one.

	* docs/migration.html.in: Mention that in peer-to-peer, the owner
	of the source libvirtd (usually root) must be able to connect to
	the destination.

2012-05-10  Osier Yang  <jyang@redhat.com>

	build: Fix the typo in configure.ac
	s/nuamd/numad/,

2012-05-10  Alex Jia  <ajia@redhat.com>

	conf: Fix memory leaks in virStoragePoolDefParseSource
	Detected by valgrind. Leaks are introduced in commit 122fa379.

	src/conf/storage_conf.c: fix memory leaks.

	How to reproduce?
	$ make && make -C tests check TESTS=storagepoolxml2xmltest
	$ cd tests && valgrind -v --leak-check=full ./storagepoolxml2xmltest

	actual result:
	==28571== LEAK SUMMARY:
	==28571==    definitely lost: 40 bytes in 5 blocks
	==28571==    indirectly lost: 0 bytes in 0 blocks
	==28571==      possibly lost: 0 bytes in 0 blocks
	==28571==    still reachable: 1,054 bytes in 21 blocks
	==28571==         suppressed: 0 bytes in 0 blocks

2012-05-10  Eric Blake  <eblake@redhat.com>

	qemu: fix build when !HAVE_NUMACTL
	Commit 97010eb1f forgot to change the other side of an #ifdef.

	* src/qemu/qemu_process.c (qemuProcessInitNumaMemoryPolicy): Add
	argument.

2012-05-09  Jim Fehlig  <jfehlig@suse.com>

	Report error when parsing character device target type
	No useful error was being reported when an invalid character device
	target type is specified in the domainXML. E.g.

	    ...
	    <console type="pty">
	      <source path="/dev/pts/2"/>
	      <target type="kvm" port="0"/>
	    </console>
	    ...

	resulted in

	error: Failed to define domain from x.xml
	error: An error occurred, but the cause is unknown

	With this small patch, the error is more helpful

	error: Failed to define domain from x.xml
	error: XML error: unknown target type 'kvm' specified for character device

2012-05-09  Jiri Denemark  <jdenemar@redhat.com>

	netlink: Fix build with libnl-3
	Commit 642973135c54b93242c4548ef27d591b52b0994c added three direct
	references to nl_handle_* instead of using our aliases which hide
	differences between libnl-3 and libnl-1.

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Update comments in libvirt.spec.in
	Not only support CPU placement now.

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Check numactl-devel if compiled with numad support
	Since now we pre-set memory policy using libnuma to fully
	drive numad, it needs to check numactl-devel if "with_numad"
	is "yes".

	configure with groups "--with-numad=yes --with-numactl=yes",
	"--with-numad=no --with-numactl=yes", "--with-numad=yes
	--with-numactl=yes" works fine after the change.

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Divide cur_balloon by 1024 before passing it to numad
	Numad expects MB by default.

	numad: Always output 'placement' of <vcpu>
	<vcpu> is not an optional node. The value for its 'placement'
	actually always defaults to 'static' in the underlying codes.
	(Even no 'cpuset' and 'placement' is specified, the domain
	process will be pinned to all the available pCPUs).

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Copy 'placement' of <numatune> to <vcpu> by default
	With this patch, one can also fully drive numad by:

	  <vcpu>2</vcpu>
	  <numatune>
	    <memory placement='auto'/>
	  </numatune>

	New tests are added.

2012-05-09  Osier Yang  <jyang@redhat.com>

	numad: Set memory policy from numad advisory nodeset
	Though numad will manage the memory allocation of task dynamically,
	it wants management application (libvirt) to pre-set the memory
	policy according to the advisory nodeset returned from querying numad,
	(just like pre-bind CPU nodeset for domain process), and thus the
	performance could benefit much more from it.

	This patch introduces new XML tag 'placement', value 'auto' indicates
	whether to set the memory policy with the advisory nodeset from numad,
	and its value defaults to the value of <vcpu> placement, or 'static'
	if 'nodeset' is specified. Example of the new XML tag's usage:

	  <numatune>
	    <memory placement='auto' mode='interleave'/>
	  </numatune>

	Just like what current "numatune" does, the 'auto' numa memory policy
	setting uses libnuma's API too.

	If <vcpu> "placement" is "auto", and <numatune> is not specified
	explicitly, a default <numatume> will be added with "placement"
	set as "auto", and "mode" set as "strict".

	The following XML can now fully drive numad:

	1) <vcpu> placement is 'auto', no <numatune> is specified.

	   <vcpu placement='auto'>10</vcpu>

	2) <vcpu> placement is 'auto', no 'placement' is specified for
	   <numatune>.

	   <vcpu placement='auto'>10</vcpu>
	   <numatune>
	     <memory mode='interleave'/>
	   </numatune>

	And it's also able to control the CPU placement and memory policy
	independently. e.g.

	1) <vcpu> placement is 'auto', and <numatune> placement is 'static'

	   <vcpu placement='auto'>10</vcpu>
	   <numatune>
	     <memory mode='strict' nodeset='0-10,^7'/>
	   </numatune>

	2) <vcpu> placement is 'static', and <numatune> placement is 'auto'

	   <vcpu placement='static' cpuset='0-24,^12'>10</vcpu>
	   <numatune>
	     <memory mode='interleave' placement='auto'/>
	   </numatume>

	A follow up patch will change the XML formatting codes to always output
	'placement' for <vcpu>, even it's 'static'.

2012-05-08  Eric Blake  <eblake@redhat.com>

	snapshot: allow block devices past cgroup
	It turns out that when cgroups are enabled, the use of a block device
	for a snapshot target was failing with EPERM due to libvirt failing
	to add the block device to the cgroup whitelist.  See also
	https://bugzilla.redhat.com/show_bug.cgi?id=810200

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive)
	(qemuDomainSnapshotUndoSingleDiskActive): Account for cgroup.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

2012-05-08  Alon Levy  <alevy@redhat.com>

	tests: add some self-documentation to tests
	Alon tried './qemuxml2argvtest --help' to figure out a test failure,
	but it didn't help.  The information is in HACKING, but it doesn't
	hurt to make the tests also provide their own help.

2012-05-08  Alon Levy  <alevy@redhat.com>

	domain_conf: add "default" to list of valid spice channels
	qemu's behavior in this case is to change the spice server behavior to
	require secure connection to any channel not otherwise specified as
	being in plaintext mode. libvirt doesn't currently allow requesting this
	(via plaintext-channel=<channel name>).

	RHBZ: 819499

2012-05-08  Alon Levy  <alevy@redhat.com>

	domain_conf: add "usbredir" to list of valid spice channels
	Add "usbredir" channel to list of recognized spice channels.

	RHBZ: 819498

2012-05-08  Eric Blake  <eblake@redhat.com>

	build: avoid link failure on Windows
	We only know -lpthread exists on platforms where we build
	threads-pthread.c; but when we build threads-win32.c, LIB_PTHREAD
	is empty.

	* tests/Makefile.am (shunloadtest_LDADD): Use correct library.

2012-05-07  Jim Meyering  <meyering@redhat.com>

	virsh: avoid heap corruption leading to virsh abort
	* tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
	that would corrupt heap when parsing escaped --diskspec comma.
	Bug introduced via commit v0.9.4-260-g35d52b5.

2012-05-07  Laine Stump  <laine@laine.org>

	util: set src_pid for virNetlinkCommand when appropriate
	Until now, the nl_pid of the source address of every message sent by
	virNetlinkCommand has been set to the value of getpid(). Most of the
	time this doesn't matter, and in the one case where it does
	(communication with lldpad), it previously was the proper thing to do,
	because the netlink event service (which listens on a netlink socket
	for unsolicited messages from lldpad) coincidentally always happened
	to bind with a local nl_pid == getpid().

	With the fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=816465

	that particular nl_pid is now effectively a reserved value, so the
	netlink event service will always bind to something else
	(coincidentally "getpid() + (1 << 22)", but it really could be
	anything). The result is that communication between lldpad and
	libvirtd is broken (lldpad gets a "disconnected" error when it tries
	to send a directed message).

	The solution to this problem caused by a solution, is to query the
	netlink event service's nlhandle for its "local_port", and send that
	as the source nl_pid (but only when sending to lldpad, of course - in
	other cases we maintain the old behavior of sending getpid()).

	There are two cases where a message is being directed at lldpad - one
	in virNetDevLinkDump, and one in virNetDevVPortProfileOpSetLink.

	The case of virNetDevVPortProfileOpSetLink is simplest to explain -
	only if !nltarget_kernel, i.e. the message isn't targetted for the
	kernel, is the dst_pid set (by calling
	virNetDevVPortProfileGetLldpadPid()), so only in that case do we call
	virNetlinkEventServiceLocalPid() to set src_pid.

	For virNetDevLinkDump, it's a bit more complicated. The call to
	virNetDevVPortProfileGetLldpadPid() was effectively up one level (in
	virNetDevVPortProfileOpCommon), although obscured by an unnecessary
	passing of a function pointer. This patch removes the function
	pointer, and calls virNetDevVPortProfileGetLldpadPid() directly in
	virNetDevVPortProfileOpCommon - if it's doing this, it knows that it
	should also call virNetlinkEventServiceLocalPid() to set src_pid too;
	then it just passes src_pid and dst_pid down to
	virNetDevLinkDump. Since (src_pid == 0 && dst_pid == 0) implies that
	the kernel is the destination, there is no longer any need to send
	nltarget_kernel as an arg to virNetDevLinkDump, so it's been removed.

	The disparity between src_pid being int and dst_pid being uint32_t may
	be a bit disconcerting to some, but I didn't want to complicate
	virNetlinkEventServiceLocalPid() by having status returned separately
	from the value.

2012-05-07  Laine Stump  <laine@laine.org>

	util: function to get local nl_pid used by netlink event socket
	This value will be needed to set the src_pid when sending netlink
	messages to lldpad. It is part of the solution to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=816465

	Note that libnl's port generation algorithm guarantees that the
	nl_socket_get_local_port() will always be > 0 (since it is "getpid() +
	(n << 22>" where n is always < 1024), so it is okay to cast the
	uint32_t to int (thus allowing us to use -1 as an error sentinel).

2012-05-07  Laine Stump  <laine@laine.org>

	util: allow specifying both src and dst pid in virNetlinkCommand
	Until now, virNetlinkCommand has assumed that the nl_pid in the source
	address of outgoing netlink messages should always be the return value
	of getpid(). In most cases it actually doesn't matter, but in the case
	of communication with lldpad, lldpad saves this info and later uses it
	to send netlink messages back to libvirt. A recent patch to fix Bug
	816465 changed the order of the universe such that the netlink event
	service socket is no longer bound with nl_pid == getpid(), so lldpad
	could no longer send unsolicited messages to libvirtd. Adding src_pid
	as an argument to virNetlinkCommand() is the first step in notifying
	lldpad of the proper address of the netlink event service socket.

2012-05-07  Laine Stump  <laine@laine.org>

	util: fix libvirtd startup failure due to netlink error
	This is part of the solution to the problem detailed in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=816465

	and further detailed in

	  https://www.redhat.com/archives/libvir-list/2012-May/msg00202.htm

	A short explanation is included in the comments of the patch itself.

	Note that this patch by itself breaks communication between lldpad and
	libvirtd, so the other 3 patches in the series must be applied at the
	same time as this patch.

2012-05-07  Guido Günther  <agx@sigxcpu.org>

	openvz: simplify openvzDomainDefineCmd by using virCommandPtr

2012-05-07  Guannan Ren  <gren@redhat.com>

	qemu: call usb search function for hostdev initialization and hotplug
	src/qemu/qemu_hostdev.c:
	refactor qemuPrepareHostdevUSBDevices function, make it focus on
	adding usb device to activeUsbHostdevs after check. After that,
	the usb hotplug function qemuDomainAttachHostDevice also could use
	it.
	expand qemuPrepareHostUSBDevices to perform the usb search,
	rollback on failure.

	src/qemu/qemu_hotplug.c:
	If there are multiple usb devices available with same vendorID and productID,
	but with different value of "bus, device", we give an error to let user
	use <address> to specify the desired one.

2012-05-07  Guannan Ren  <gren@redhat.com>

	usb: create functions to search usb device accurately
	usbFindDevice():get usb device according to
	                idVendor, idProduct, bus, device
	                it is the exact match of the four parameters

	usbFindDeviceByBus():get usb device according to bus, device
	                  it returns only one usb device same as usbFindDevice

	usbFindDeviceByVendor():get usb device according to idVendor,idProduct
	                     it probably returns multiple usb devices.

	usbDeviceSearch(): a helper function to do the actual search

2012-05-07  Cole Robinson  <crobinso@redhat.com>

	rpm: Handle different source URLs for maint releases

	docs: Add 'maintenance releases' link in 'News' sidebar

2012-05-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit compatible XML when migrating a domain
	When we added the default USB controller into domain XML, we efficiently
	broke migration to older versions of libvirt that didn't support USB
	controllers at all (0.9.4 and earlier) even for domains that don't use
	anything that the older libvirt can't provide. We still want to present
	the default USB controller in any XML seen by a user/app but we can
	safely remove it from the domain XML used during migration. If we are
	migrating to a new enough libvirt, it will add the controller XML back,
	while older libvirt won't be confused with it although it will still
	tell qemu to create the controller.

	Similar approach can be used in the future whenever we find out we
	always enabled some kind of device without properly advertising it in
	domain XML.

2012-05-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't use virDomainDefFormat* directly
	Always use appropriate qemuDomain{,Def}Format wrapper since it may do
	some additional magic based on the flags.

2012-05-05  Eric Blake  <eblake@redhat.com>

	qemu: reject blockiotune if qemu too old
	Commit 4c82f09e added a capability check for qemu per-device io
	throttling, but only applied it to domain startup.  As mentioned
	in the previous commit (98cec05), the user can still get an 'internal
	error' message during a hotplug attempt, when the monitor command
	doesn't exist.  It is confusing to allow tuning on inactive domains
	only to then be rejected when starting the domain.

	* src/qemu/qemu_driver.c (qemuDomainSetBlockIoTune): Reject
	offline tuning if online can't match it.

2012-05-05  Eric Blake  <eblake@redhat.com>

	qemu: don't modify domain on failed blockiotune
	If you have a qemu build that lacks the blockio tune monitor command,
	then this command:

	$ virsh blkdeviotune rhel6u2 hda --total_bytes_sec 1000
	error: Unable to change block I/O throttle
	error: internal error Unexpected error

	fails as expected (well, the error message is lousy), but the next
	dumpxml shows that the domain was modified anyway.  Worse, that means
	if you save the domain then restore it, the restore will likely fail
	due to throttling being unsupported, even though no throttling should
	even be active because the monitor command failed in the first place.

	* src/qemu/qemu_driver.c (qemuDomainSetBlockIoTune): Check for
	error before making modification permanent.

2012-05-04  Laine Stump  <laine@laine.org>

	util: remove error log from stubs of virNetlinkEventServiceStart|Stop
	These two functions are called from main() on all platforms, and
	always return success on platforms that don't support libnl. They
	still log an error message, though, which doesn't make sense - they
	should just be NOPs on those platforms. (Per a suggestion during
	review, I've turned the logs into debug messages rather than removing
	them completely).

2012-05-04  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	node_device: fix possible non-terminated string
	Error: STRING_NULL:
	/libvirt/src/node_device/node_device_linux_sysfs.c:80:
	string_null_argument: Function "saferead" does not terminate string "*buf".
	/libvirt/src/util/util.c:101:
	string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
	/libvirt/src/node_device/node_device_linux_sysfs.c:87:
	string_null: Passing unterminated string "buf" to a function expecting a null-terminated string.

	uuid: fix possible non-terminated string
	Error: STRING_NULL:
	/libvirt/src/util/uuid.c:273:
	string_null_argument: Function "getDMISystemUUID" does not terminate string "*dmiuuid".
	/libvirt/src/util/uuid.c:241:
	string_null_argument: Function "saferead" fills array "*uuid" with a non-terminated string.
	/libvirt/src/util/util.c:101:
	string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
	/libvirt/src/util/uuid.c:274:
	string_null: Passing unterminated string "dmiuuid" to a function expecting a null-terminated string.
	/libvirt/src/util/uuid.c:138:
	var_assign_parm: Assigning: "cur" = "uuidstr". They now point to the same thing.
	/libvirt/src/util/uuid.c:164:
	string_null_sink_loop: Searching for null termination in an unterminated array "cur".

	tests: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/tests/qemuxml2argvtest.c:47:
	alloc_arg: Calling allocation function "virAlloc" on "ret".
	/libvirt/src/util/memory.c:101:
	alloc_fn: Storage is returned from allocation function "calloc".
	/libvirt/src/util/memory.c:101:
	var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/libvirt/tests/qemuxml2argvtest.c:54:
	leaked_storage: Variable "ret" going out of scope leaks the storage it points to.

	qemu: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/src/qemu/qemu_driver.c:6968:
	alloc_fn: Calling allocation function "calloc".
	/libvirt/src/qemu/qemu_driver.c:6968:
	var_assign: Assigning: "nodeset" =  storage returned from "calloc(1UL, 1UL)".
	/libvirt/src/qemu/qemu_driver.c:6977:
	noescape: Variable "nodeset" is not freed or pointed-to in function "virTypedParameterAssign".
	/libvirt/src/qemu/qemu_driver.c:6997:
	leaked_storage: Variable "nodeset" going out of scope leaks the storage it points to.

	vmx: fix resource leak
	Error: RESOURCE_LEAK:
	/libvirt/src/vmx/vmx.c:2431:
	alloc_fn: Calling allocation function "calloc".
	/libvirt/src/vmx/vmx.c:2431:
	var_assign: Assigning: "networkName" =  storage returned from "calloc(1UL, 1UL)".
	/libvirt/src/vmx/vmx.c:2495:
	leaked_storage: Variable "networkName" going out of scope leaks the storage it points to.

2012-05-04  Guido Günther  <agx@sigxcpu.org>

	openvz: read vmguarpages/privvmpages to set memory tunables

2012-05-04  Osier Yang  <jyang@redhat.com>

	Coverity: Fix resource leak in virnetlink.c

	Coverity: Fix resource leak in nodeinfo.c
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:629: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:629: var_assign: Assigning: "cpuinfo" =  storage returned from "fopen("/proc/cpuinfo", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/nodeinfo.c:638: leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.

	Coverity: Fix resource leak in test driver
	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/test/test_driver.c:1041: alloc_arg: Calling allocation function "virXPathNodeSet" on "devs".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/xml.c:621: alloc_arg: "virAllocN" allocates memory that is stored into "*list".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/xml.c:625: noescape: Variable "*list" is not freed or pointed-to in function "memcpy".
	/builddir/build/BUILD/libvirt-0.9.10/src/test/test_driver.c:1098: leaked_storage: Variable "devs" going out of scope leaks the storage it points to.

2012-05-04  Osier Yang  <jyang@redhat.com>

	Coverity: Fix resource leak in xen driver
	Coverity logs:

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:103: alloc_fn: Calling allocation function "xenDaemonLookupByUUID".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2534: alloc_fn: Storage is returned from allocation function "virGetDomain".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:191: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:210: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2534: var_assign: Assigning: "ret" = "virGetDomain(conn, name, uuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xend_internal.c:2541: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:103: var_assign: Assigning: "dom" =  storage returned from "xenDaemonLookupByUUID(conn, rawuuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_inotify.c:126: leaked_storage: Variable "dom" going out of scope leaks the storage it points to.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2742: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2742: var_assign: Assigning: "cpuinfo" =  storage returned from "fopen("/proc/cpuinfo", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2763: noescape: Variable "cpuinfo" is not freed or pointed-to in function "xenHypervisorMakeCapabilitiesInternal".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2574:45: noescape: "xenHypervisorMakeCapabilitiesInternal" does not free or save its pointer parameter "cpuinfo".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2768: leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2752: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2752: var_assign: Assigning: "capabilities" =  storage returned from "fopen("/sys/hypervisor/properties/capabilities", "r")".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2763: noescape: Variable "capabilities" is not freed or pointed-to in function "xenHypervisorMakeCapabilitiesInternal".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2574:60: noescape: "xenHypervisorMakeCapabilitiesInternal" does not free or save its pointer parameter "capabilities".
	/builddir/build/BUILD/libvirt-0.9.10/src/xen/xen_hypervisor.c:2768: leaked_storage: Variable "capabilities" going out of scope leaks the storage it points to.

2012-05-04  Osier Yang  <jyang@redhat.com>

	Coverity: Fix resource leaks in phyp driver
	Coverity logs:

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:523: alloc_fn: Calling allocation function "fopen".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:523: var_assign: Assigning: "fd" =  storage returned from "fopen(local_file, "rb")".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:540: noescape: Variable "fd" is not freed or pointed-to in function "fread".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:542: noescape: Variable "fd" is not freed or pointed-to in function "feof".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:575: leaked_storage: Variable "fd" going out of scope leaks the storage it points to.
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:585: leaked_storage: Variable "fd" going out of scope leaks the storage it points to.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2088: alloc_fn: Calling allocation function "phypVolumeLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2026: alloc_fn: Storage is returned from allocation function "virGetStorageVol".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:724: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:753: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2026: var_assign: Assigning: "vol" = "virGetStorageVol(pool->conn, pool->name, volname, key)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2030: return_alloc: Returning allocated memory "vol".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2088: leaked_storage: Failing to save storage allocated by "phypVolumeLookupByName(pool, voldef->name)" leaks it.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2725: alloc_fn: Calling allocation function "phypGetStoragePoolLookUpByUUID".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2689: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2689: var_assign: Assigning: "sp" = "virGetStoragePool(conn, pools[i], uuid)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2694: return_alloc: Returning allocated memory "sp".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2725: leaked_storage: Failing to save storage allocated by "phypGetStoragePoolLookUpByUUID(conn, def->uuid)" leaks it.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2719: alloc_fn: Calling allocation function "phypStoragePoolLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: return_alloc_fn: Directly returning storage allocated by "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2719: leaked_storage: Failing to save storage allocated by "phypStoragePoolLookupByName(conn, def->name)" leaks it.

	Error: RESOURCE_LEAK:
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2270: alloc_fn: Calling allocation function "phypStoragePoolLookupByName".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: alloc_fn: Storage is returned from allocation function "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:592: alloc_arg: "virAlloc" allocates memory that is stored into "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
	/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
	/builddir/build/BUILD/libvirt-0.9.10/src/datatypes.c:610: return_alloc: Returning allocated memory "ret".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2254: return_alloc_fn: Directly returning storage allocated by "virGetStoragePool".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2270: var_assign: Assigning: "sp" =  storage returned from "phypStoragePoolLookupByName(vol->conn, vol->pool)".
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2324: leaked_storage: Variable "sp" going out of scope leaks the storage it points to.
	/builddir/build/BUILD/libvirt-0.9.10/src/phyp/phyp_driver.c:2327: leaked_storage: Variable "sp" going out of scope leaks the storage it points t

2012-05-04  Osier Yang  <jyang@redhat.com>

	Coverity: Fix the forward_null error in Python binding codes
	Related coverity log:

	Error: FORWARD_NULL:
	/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:355:
	assign_zero: Assigning: "params" = 0.
	/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:458:
	var_deref_model: Passing null variable "params" to function
	"getPyVirTypedParameter", which dereferences it. (The dereference is assumed on
	the basis of the 'nonnull' parameter attribute.)

2012-05-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid 32-bit compiler warning
	On 32-bit platforms, gcc warns that the comparison between a long
	and (ULLONG_MAX/1024/1024) is always false; throwing in a type
	conversion shuts up the warning.

	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Shut gcc up.

2012-05-03  Serge Hallyn  <serge.hallyn@canonical.com>

	build: support libnl-3
	configure.ac: check for libnl-3 in addition to libnl-1

	src/Makefile.am: link against libnl when needed

	src/util/virnetlink.c:
	support libnl3 api.  To minimize impact on code flow, wrap the
	differences under the virNetlink* namespace.

	Unfortunately libnl3 moves netlink/msg.h to
	/usr/include/libnl3/netlink/msg.h, so the LIBNL_CFLAGS need to be added
	to a bunch of places where they weren't needed with libnl1.

2012-05-03  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	On cygwin, <rpc/rpc.h> lives in a different directory than
	/usr/include, so anything that uses it must modify CFLAGS.  This
	previously tripped up just 'make check', but now that we build
	all test programs unconditionally, it also trips up 'make'.

	* tests/Makefile.am (virnetmessagetest_CFLAGS): Find rpc headers.

2012-05-03  Dmitry Guryanov  <dguryanov@parallels.com>

	util: add functions for interating over json object
	Add function virJSONValueObjectKeysNumber, virJSONValueObjectGetKey
	and virJSONValueObjectGetValue, which allow you to iterate over all
	fields of json object: you can get number of fields and then get
	name and value, stored in field with that name by index.

2012-05-03  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Correct indent errors in the function qemuDomainNetsRestart
	qemuDomainNetsRestart indents with 3 spaces.

	This patch is to correct it.

2012-05-02  Marc-André Lureau  <marcandre.lureau@gmail.com>

	build: update pid_t type static check
	The code uses long long for pid_t now.
	It fails on mingw64 without this change.

	build: fix output of pid values
	Fix a few more places where pid_t is printed with wrong type

2012-05-02  Eugen Feller  <eugen.feller@inria.fr>

	Added Snooze cloud manager to the IaaS section

2012-05-01  Eric Blake  <eblake@redhat.com>

	virsh: output scaled values with correct units
	The recent push to use correct scaling terms (kB for 1000, KiB for
	1024 - such as commit 9dfdead) missed some places in virsh.

	* tools/virsh.c (prettyCapacity, cmdDominfo, cmdFreecell)
	(cmdNodeinfo, cmdNodeMemStats, cmdMigrateSetMaxSpeed)
	(cmdBlockCopy, cmdBlockPull, cmdBlockJob): Use KiB, not kB, when
	referring to multiples of 1024.
	* tests/virshtest.c: Update expected output to match.

2012-05-01  Eric Blake  <eblake@redhat.com>

	virsh: make -h always give help
	https://bugzilla.redhat.com/show_bug.cgi?id=817244 mentions that
	unlike most other tools, where --help or --version prevent all
	further parsing of all later options, virsh was strange in that
	--version stopped parsing but --help tried to plow on to the end.
	There was no rationale for this original implementation (since
	2005!), so I think we can safely conform to common usage patterns.

	* tools/virsh.c (main): Drop useless 'help' variable.

2012-05-01  Laine Stump  <laine@laine.org>

	build: make ATTRIBUTE_NONNULL() a NOP unless STATIC_ANALYSIS is on
	The ATTRIBUTE_NONNULL(m) macro normally resolves to the gcc builtin
	__attribute__((__nonnull__(m))). The effect of this in gcc is
	unfortunately only to make gcc believe that "m" can never possibly be
	NULL, *not* to add in any checks to guarantee that it isn't ever NULL
	(i.e. it is an optimization aid, *not* something to verify code
	correctness.) - see the following gcc bug report for more details:

	  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17308

	Static source analyzers such as clang and coverity apparently can use
	ATTRIBUTE_NONNULL(), though, to detect dead code (in the case that the
	arg really is guaranteed non-NULL), as well as situations where an
	obviously NULL arg is given to the function.

	https://bugzilla.redhat.com/show_bug.cgi?id=815270 is a good example
	of a bug caused by erroneous application of ATTRIBUTE_NONNULL().
	Several people spent a long time staring at this code and not finding
	the problem, because the problem wasn't in the function itself, but in
	the prototype that specified ATTRIBUTE_NONNULL() for an arg that
	actually *wasn't* always non-NULL, and caused a segv when dereferenced
	(even though the code that dereferenced the pointer was inside an if()
	that checked for a NULL pointer, that code was optimized out by gcc).

	There may be some very small gain to be had from the optimizations
	that can be inferred from ATTRIBUTE_NONNULL(), but it seems safer to
	err on the side of generating code that behaves as expected, while
	turning on the attribute for static analyzers.

2012-05-01  Daniel P. Berrange  <berrange@redhat.com>

	Make lxcContainerSetStdio the last thing to be called in container startup
	Once lxcContainerSetStdio is invoked, logging will not work as
	expected in libvirt_lxc. So make sure this is the last thing to
	be called, in particular after setting the security process label

	Ensure logging is initialized early in libvirt_lxc
	The virLogSetFromEnv call was done too late in startup to
	catch many log messages (eg from security driver initialization).
	To assist debugging also explicitly log the security details
	at startup

2012-05-01  Daniel P. Berrange  <berrange@redhat.com>

	Ensure LXC security driver is set unconditonally
	The driver->securityDriverName field may be NULL, if automatic
	probing is used to determine security driver. This meant that
	unless selinux was explicitly requested in lxc.conf, it was
	not being sent to the libvirt_lxc process.

	The driver->securityManager field is guaranteed non-NULL, since
	there will always be the 'none' security driver present if
	nothing else exists. So use that to set the driver name for
	libvirt_lxc

2012-05-01  Daniel P. Berrange  <berrange@redhat.com>

	Ensure libvirt_lxc process loads the live XML config
	Currently the libvirt_lxc process uses VIR_DOMAIN_XML_INACTIVE
	when loading the XML for the container. This means it loses
	any dynamic data such as the, just allocated, SELinux label.

	Further there is an inconsistency in the libvirt LXC driver
	whereby it saves the live config XML and then later overwrites
	the file with the live status XML instead. Add a comment about
	this for future reference.

	* src/lxc/lxc_controller.c: Remove VIR_DOMAIN_XML_INACTIVE
	  when loading XML
	* src/lxc/lxc_driver.c: Add comment about inconsistent
	  config file formats

2012-05-01  Eric Blake  <eblake@redhat.com>

	maint: avoid false positives on unmarked diagnostics
	Otherwise, a string such as _("Don't use \"" VAR "\".") would
	complain about unmarked diagnostics.

	* cfg.mk (sc_libvirt_unmarked_diagnostics): Handle \" in message.

2012-05-01  Josh Durgin  <josh.durgin@dreamhost.com>

	qemu: allow snapshotting of sheepdog and rbd disks

	qemu: change rbd auth_supported separation character to ;
	This works with newer qemu that doesn't allow escaping spaces.
	It's backwards compatible as well.

2012-04-30  Alex Jia  <ajia@redhat.com>

	util: Avoid libvirtd crash in virNetDevTapCreate
	In fact, the 'tapfd' is always NULL, the function 'virNetDevTapCreate()' hasn't
	assign 'fd' to 'tapfd', when the function 'virNetDevSetMAC()' is failed then
	goto 'error' label, finally, the VIR_FORCE_CLOSE() will deref a NULL 'tapfd'.

	* util/virnetdevtap.c (virNetDevTapCreateInBridgePort): fix a NULL pointer derefing.

	* How to reproduce?

	$ cat > /tmp/net.xml <<EOF
	<network>
	  <name>test</name>
	  <forward mode='nat'/>
	  <bridge name='br1' stp='off' delay='1' />
	  <mac address='00:00:00:00:00:00'/>
	  <ip address='192.168.100.1' netmask='255.255.255.0'>
	    <dhcp>
	      <range start='192.168.100.2' end='192.168.100.254' />
	    </dhcp>
	  </ip>
	</network>
	EOF

	$ virsh net-define /tmp/net.xml

	$ virsh net-start test
	error: Failed to start network brTest
	error: End of file while reading data: Input/output error

2012-04-30  Eric Blake  <eblake@redhat.com>

	storage: fix build with iscsi
	The previous storage patch missed an instance affected by the struct
	member rename.  It also had some botched whitespace detected by
	'make check'.

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Adjust to new struct.
	* src/conf/storage_conf.c (virStoragePoolSourceFormat): Fix
	indentation.

2012-04-30  Osier Yang  <jyang@redhat.com>

	storage: Break out the loop if duplicate pool is found
	It doesn't break out the "for" loop even if duplicate pool is
	found, and thus the "matchpool" could be overriden as NULL again
	if there is different pool afterwards.

	To address the problem in libvirt-user list:

	https://www.redhat.com/archives/libvirt-users/2012-April/msg00150.html

2012-04-30  Wido den Hollander  <wido@widodh.nl>

	storage: Allow multiple hosts for a storage pool
	The current storage pools for NFS and iSCSI only require one host to
	connect to. Future storage pools like RBD and Sheepdog will require
	multiple hosts.

	This patch allows multiple source hosts and rewrites the current
	storage drivers.

2012-04-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Make sure qemu can access its directory in hugetlbfs
	When libvirtd is started, we create "libvirt/qemu" directories under
	hugetlbfs mount point. Only the "qemu" subdirectory is chowned to qemu
	user and "libvirt" remains owned by root. If umask was too restrictive
	when libvirtd started, qemu user may lose access to "qemu"
	subdirectory. Let's explicitly grant search permissions to "libvirt"
	directory for all users.

2012-04-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Report error class at least
	Currently, qemu GA is not providing 'desc' field for errors like
	we are used to from qemu monitor. Therefore, we fall back to this
	general 'unknown error' string. However, GA is reporting 'class' which
	is not perfect, but much more helpful than generic error string.
	Thus we should fall back to class firstly and if even no class
	is presented, then we can fall back to that generic string.

	Before this patch:
	virsh # dompmsuspend --target mem f16
	error: Domain f16 could not be suspended
	error: internal error unable to execute QEMU command
	'guest-suspend-ram': unknown QEMU command error

	After this patch:
	virsh # dompmsuspend --target mem f16
	error: Domain f16 could not be suspended
	error: internal error unable to execute QEMU command
	'guest-suspend-ram': The command has not been found

2012-04-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	More coverity findings addressed
	More bug extermination in the category of:

	Error: CHECKED_RETURN:

	/libvirt/src/conf/network_conf.c:595:
	check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).

	/libvirt/src/qemu/qemu_process.c:2780:
	unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))".

	/libvirt/tests/commandtest.c:809:
	check_return: Calling function "setsid" without checking return value (as is done elsewhere 4 out of 5 times).

	/libvirt/tests/commandtest.c:830:
	unchecked_value: No check of the return value of "virTestGetDebug()".

	/libvirt/tests/commandtest.c:831:
	check_return: Calling function "virTestGetVerbose" without checking return value (as is done elsewhere 41 out of 42 times).

	/libvirt/tests/commandtest.c:833:
	check_return: Calling function "virInitialize" without checking return value (as is done elsewhere 18 out of 21 times).


	One note about the error in commandtest line 809: setsid() seems to fail when running the test -- could be removed ?

2012-04-27  Eric Blake  <eblake@redhat.com>

	blockjob: fix block-stream bandwidth race
	With RHEL 6.2, virDomainBlockPull(dom, dev, bandwidth, 0) has a race
	with non-zero bandwidth: there is a window between the block_stream
	and block_job_set_speed monitor commands where an unlimited amount
	of data was let through, defeating the point of a throttle.

	This race was first identified in commit a9d3495e, and libvirt was
	able to reduce the size of the window for that race.  In the meantime,
	the qemu developers decided to fix things properly; per this message:
	https://lists.gnu.org/archive/html/qemu-devel/2012-04/msg03793.html
	the fix will be in qemu 1.1, and changes block-job-set-speed to use
	a different parameter name, as well as adding a new optional parameter
	to block-stream, which eliminates the race altogether.

	Since our documentation already mentioned that we can refuse a non-zero
	bandwidth for some hypervisors, I think the best solution is to do
	just that for RHEL 6.2 qemu, so that the race is obvious to the user
	(anyone using stock RHEL 6.2 binaries won't have this patch, and anyone
	building their own libvirt with this patch for RHEL can also rebuild
	qemu to get the modern semantics, so it is no real loss in behavior).

	Meanwhile the code must be fixed to honor actual qemu 1.1 naming.
	Rename the parameter to 'modern', since the naming difference now
	covers more than just 'async' block-job-cancel.  And while at it,
	fix an unchecked integer overflow.

	* src/qemu/qemu_monitor.h (enum BLOCK_JOB_CMD): Drop unused value,
	rename enum to match conventions.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Reflect enum rename.
	* src/qemu_qemu_monitor_json.h (qemuMonitorJSONBlockJob): Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Likewise,
	and support difference between RHEL 6.2 and qemu 1.1 block pull.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Reject
	bandwidth during pull with too-old qemu.
	* src/libvirt.c (virDomainBlockPull, virDomainBlockRebase):
	Document this.

2012-04-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	lxc: Fix coverity findings
	Error: UNINIT:
	/libvirt/src/lxc/lxc_driver.c:1412:
	var_decl: Declaring variable "fd" without initializer.
	/libvirt/src/lxc/lxc_driver.c:1460:
	uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose".
	/libvirt/src/util/virfile.c:50:
	read_parm: Reading a parameter value.

	Error: DEADCODE:
	/libvirt/src/lxc/lxc_controller.c:960:
	dead_error_condition: On this path, the condition "ret == 4" cannot be true.
	/libvirt/src/lxc/lxc_controller.c:959:
	at_most: After this line, the value of "ret" is at most -1.
	/libvirt/src/lxc/lxc_controller.c:959:
	new_values: Noticing condition "ret < 0".
	/libvirt/src/lxc/lxc_controller.c:961:
	dead_error_line: Execution cannot reach this statement "continue;".

	Error: UNINIT:
	/libvirt/src/lxc/lxc_controller.c:1104:
	var_decl: Declaring variable "consoles" without initializer.
	/libvirt/src/lxc/lxc_controller.c:1237:
	uninit_use: Using uninitialized value "consoles".

2012-04-27  Cole Robinson  <crobinso@redhat.com>

	python: Fix doc directory name for stable releases
	We were using the libvirt release version (like 0.9.11) and not
	the configure version (which for stable releases is 0.9.11.X)

	Most other places got this right so hopefully that's all the fallout
	from the version format change :)

2012-04-27  Cole Robinson  <crobinso@redhat.com>

	docs: Serialize running apibuild.py
	Use a witness file approach like we do for python/generator.py,
	as suggested by Eric. Fixes the build issue reported here:

	https://www.redhat.com/archives/libvir-list/2012-April/msg01435.html

2012-04-27  Cole Robinson  <crobinso@redhat.com>

	configure: Use ustar format for dist tarball
	Since for stable releases, some test files were over the 99 char
	limit for traditional tar filenames.

	Suggested by Osier here:
	https://www.redhat.com/archives/libvir-list/2012-April/msg01435.html

2012-04-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use common helper when probing qemu capabilities
	QEMU binary is called several times when we probe different kinds of
	capabilities the binary supports. This patch introduces new common
	helper so that all probes use a consistent way of invoking qemu.

2012-04-27  Eric Blake  <eblake@redhat.com>

	qemu: improve errors related to offline domains
	https://bugzilla.redhat.com/show_bug.cgi?id=816662 pointed out
	that attempting 'virsh blockpull' on an offline domain gave a
	misleading error message about qemu lacking support for the
	operation, even when qemu was specifically updated to support it.
	The real problem is that we have several capabilities that are
	only determined when starting a domain, and therefore are still
	clear when first working with an inactive domain (namely, any
	capability set by qemuMonitorJSONCheckCommands).

	While this patch was able to hoist an existing check in one of the
	three culprits, it had to add redundant checks in the other two
	places (because you always have to check for an active domain after
	obtaining a VM job lock, but the capability bits were being checked
	prior to obtaining the job lock).

	Someday it would be nice to patch libvirt to cache the set of
	capabilities per qemu binary (as determined by inode and timestamp),
	rather than re-probing the binary every time a domain is started,
	and to teach the cache how to query the monitor during the one
	time the probe is made rather than having to wait until a guest
	is started; then, a capability probe would succeed even for offline
	guests because it just refers to the cache, and the single check for
	an active domain after grabbing the job lock would be sufficient.
	But since that will involve a lot more coding, I'm happy to go
	with this simpler solution for an immediate solution.

	* src/qemu/qemu_driver.c (qemuDomainPMSuspendForDuration)
	(qemuDomainSnapshotCreateXML, qemuDomainBlockJobImpl): Check for
	offline state before checking an online-only cap.

2012-04-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	macvtap: fix a typo
	Below patch fixes the following coverity findings

	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_command.c:152:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:948:
	access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_migration.c:2744:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

	Error: OVERRUN_STATIC:
	/libvirt/src/qemu/qemu_driver.c:435:
	overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:1036:
	access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
	/libvirt/src/util/virnetdevmacvlan.c:773:
	access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

2012-04-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: address more coverity findings
	This patch addresses the following coverity findings:

	/libvirt/src/conf/nwfilter_params.c:390:
	var_assigned: Assigning: "varValue" = null return value from "virHashLookup".

	/libvirt/src/conf/nwfilter_params.c:392:
	dereference: Dereferencing a pointer that might be null "varValue" when calling "virNWFilterVarValueGetNthValue".

	/libvirt/src/conf/nwfilter_params.c:399:
	dereference: Dereferencing a pointer that might be null "tmp" when calling "virNWFilterVarValueGetNthValue".

2012-04-26  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: address coverity findings
	This patch addresses the following coverity findings:

	/libvirt/src/conf/nwfilter_params.c:157:
	deref_parm: Directly dereferencing parameter "val".

	/libvirt/src/conf/nwfilter_params.c:473:
	negative_returns: Using variable "iterIndex" as an index to array "res->iter".

	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
	unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".

	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
	unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".

	/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3590:
	var_deref_op: Dereferencing null variable "inst".

2012-04-26  Laine Stump  <laine@laine.org>

	util: fix error messages in virNetlinkEventServiceStart
	Some of the error messages in this function should have been
	virReportSystemError (since they have an errno they want to log), but
	were mistakenly written as netlinkError, which expects a libvirt error
	code instead. The result was that when one of the errors was
	encountered, "No error message provided" would be printed instead of
	something meaningful (see
	https://bugzilla.redhat.com/show_bug.cgi?id=816465 for an example).

2012-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid bogus error at the end of tunnelled migration
	Once qemu monitor reports migration has completed, we just closed our
	end of the pipe and let migration tunnel die. This generated bogus error
	in case we did so before the thread saw EOF on the pipe and migration
	was aborted even though it was in fact successful.

	With this patch we first wake up the tunnel thread and once it has read
	all data from the pipe and finished the stream we close the
	filedescriptor.

	A small additional bonus of this patch is that real errors reported
	inside qemuMigrationIOFunc are not overwritten by virStreamAbort any
	more.

2012-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix detection of failed migration
	When QEMU reported failed or canceled migration, we correctly detected
	it but didn't really consider it as an error condition and migration
	protocol just went on. Luckily, some of the subsequent steps eventually
	failed end we reported an (unrelated and mostly random) error back to
	the caller.

2012-04-26  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Discard non-blocking calls only when necessary
	Currently, non-blocking calls are either sent immediately or discarded
	in case sending would block. This was implemented based on the
	assumption that the non-blocking keepalive call is not needed as there
	are other calls in the queue which would keep the connection alive.
	However, if those calls are no-reply calls (such as those carrying
	stream data), the remote party knows the connection is alive but since
	we don't get any reply from it, we think the connection is dead.

	This is most visible in tunnelled migration. If it happens to be longer
	than keepalive timeout (30s by default), it may be unexpectedly aborted
	because the connection is considered to be dead.

	With this patch, we only discard non-blocking calls when the last call
	with a thread is completed and thus there is no thread left to keep
	sending the remaining non-blocking calls.

2012-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Preserve original error during migration
	In some cases (spotted with broken connection during tunneled migration)
	we were overwriting the original error with worse or even misleading
	errors generated when we were cleaning up after failed migration.

2012-04-26  Peter Krempa  <pkrempa@redhat.com>

	keepalive: Add ability to disable keepalive messages
	The docs for virConnectSetKeepAlive() advertise that this function
	should be able to disable keepalives on negative or zero interval time.

	This patch removes the check that prohibited this and adds code to
	disable keepalives on negative/zero interval.

	* src/libvirt.c: virConnectSetKeepAlive(): - remove check for negative
	                                             values
	* src/rpc/virnetclient.c
	* src/rpc/virnetclient.h: - add virNetClientKeepAliveStop() to disable
	                            keepalive messages
	* src/remote/remote_driver.c: remoteSetKeepAlive(): -add ability to
	                                                     disable keepalives

2012-04-26  Laine Stump  <laine@laine.org>

	util: fix crash when starting macvtap interfaces
	This patch resolves https://bugzilla.redhat.com/show_bug.cgi?id=815270

	The function virNetDevMacVLanVPortProfileRegisterCallback() takes an
	arg "virtPortProfile", and was checking it for non-NULL before using
	it. However, the prototype for
	virNetDevMacVLanPortProfileRegisterCallback had marked that arg with
	ATTRIBUTE_NONNULL(). Contrary to what one may think,
	ATTRIBUTE_NONNULL() does not provide any guarantee that an arg marked
	as such really is always non-null; the only effect to the code
	generated by gcc, is that gcc *assumes* it is non-NULL; this results
	in, for example, the check for a non-NULL value being optimized out.

	(Unfortunately, this code removal only occurs when optimization is
	enabled, and I am in the habit of doing local builds with optimization
	off to ease debugging, so the bug didn't show up in my earlier local
	testing).

	In general, virPortProfile might always be NULL, so it shouldn't be
	marked as ATTRIBUTE_NONNULL. One other function prototype made this
	same error, so this patch fixes it as well.

2012-04-26  Eric Blake  <eblake@redhat.com>

	build: fix bootstrap on RHEL
	Commit 8fe455fd364cd7462e02170084c45a58ee302cc3 tried to work around
	a regression introduced in upstream gnulib that requires gettext 0.18
	or newer on all projects using bootstrap, by making libvirt require
	gettext 0.18.  But this fails on RHEL 6.2, which still ships gettext
	0.17.  Revert that change, and instead, import the latest round of
	gnulib updates that fix that problem properly.

	If you have already built in the window where libvirt required 0.18,
	be aware that incremental updates may run into problems: this is
	because 'autopoint --force' will not downgrade m4/po.m4 back to an
	older version, but it must be downgraded back to 0.17 levels to work
	with this patch.  You may either manually remove that file then rerun
	bootstrap, or it may prove easier to just clean up all non-git files
	to start from a clean slate.

	* bootstrap.conf: Revert minimum gettext back to 0.17.
	* configure.ac: Likewise.
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Resync from gnulib.

2012-04-25  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add new functions to virSocketAddr
	Add 2 new functions to the virSocketAddr 'class':

	- virSocketAddrEqual: tests whether two IP addresses and their ports are equal
	- virSocketaddSetIPv4Addr: set a virSocketAddr given a 32 bit int

2012-04-25  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	macvtap: use embedded buffers
	Use embedded buffers for the MAC addresses and the VM's UUID.

2012-04-24  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Improve on virAtomic implementation
	This patch improves the previously added virAtomicInt implementation
	by using gcc-builtins if possible. The needed builtins are available
	since GCC >= 4.1. At least the 4.0 docs don't mention them.

2012-04-24  Hu Tao  <hutao@cn.fujitsu.com>

	fix memleak in linuxParseCPUmap

2012-04-24  Peter Krempa  <pkrempa@redhat.com>

	build: Fix version of gettext macros
	Commit c9cd419caba9effa11ca53e8696e5f6a4b424d60 added copying of the
	makefile for translation files from gnulib. The makefile from gnulib is
	of version 0.18 but the build configuration cretes macros from version
	0.17 which breaks the build with message:

	*** error: gettext infrastructure mismatch: using a Makefile.in.in from
	gettext version 0.18 but the autoconf macros are from gettext version
	0.17

2012-04-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix passing an empty IMedium* array to IMachine::Delete
	vboxArray is not castable to a COM item type. vboxArray is a
	wrapper around the XPCOM and MSCOM specific array handling.

	In this case we can avoid passing NULL as an empty array to
	IMachine::Delete by passing a dummy IMedium* array with a single
	NULL item.

2012-04-23  Guido Günther  <agx@sigxcpu.org>

	openvz: add network interface stats
	This will only work for veth devices since venet devices don't have
	a target element.

2012-04-23  Eric Blake  <eblake@redhat.com>

	blockjob: enhance xml to track mirrors across libvirtd restart
	In order to track a block copy job across libvirtd restarts, we
	need to save internal XML that tracks the name of the file
	holding the mirror.  Displaying this name in dumpxml might also
	be useful to the user, even if we don't yet have a way to (re-)
	start a domain with mirroring enabled up front.  This is done
	with a new <mirror> sub-element to <disk>, as in:

	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/original.img'/>
	      <mirror file='/var/lib/libvirt/images/copy.img' format='qcow2' ready='yes'/>
	      ...
	    </disk>

	For now, the element is output-only, in live domains; it is ignored
	when defining a domain or hot-plugging a disk (since those contexts
	use VIR_DOMAIN_XML_INACTIVE in parsing).  The 'ready' attribute appears
	when libvirt knows that the job has changed from the initial pulling
	phase over to the mirroring phase, although absence of the attribute
	is not a sure indicator of the current phase.  If we come up with a way
	to make qemu start with mirroring enabled, we can relax the xml
	restriction, and allow <mirror> (but not attribute 'ready') on input.
	Testing active-only XML meant tweaking the testsuite slightly, but it
	was worth it.

	* docs/schemas/domaincommon.rng (diskspec): Add diskMirror.
	* docs/formatdomain.html.in (elementsDisks): Document it.
	* src/conf/domain_conf.h (_virDomainDiskDef): New members.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Clean them.
	(virDomainDiskDefParseXML): Parse them, but only internally.
	(virDomainDiskDefFormat): Output them.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-mirror.xml: New test file.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-mirror.xml: Likewise.
	* tests/qemuxml2xmltest.c (testInfo): Alter members.
	(testCompareXMLToXMLHelper): Allow more test control.
	(mymain): Run new test.

2012-04-23  Eric Blake  <eblake@redhat.com>

	blockjob: add 'blockcopy' to virsh
	Rather than further overloading 'blockpull', I decided to create a
	new virsh command to expose the new flags of virDomainBlockRebase.

	Blocking until the command completes naturally is pointless, since
	the block copy job is intended to run indefinitely.  Instead, I
	made the command support three --wait modes: by default, it runs until
	mirroring is started; with --pivot, it pivots as soon as mirroring
	is started; and with --finish, it aborts (for a clean copy) as
	soon as mirroring is started.

	* tools/virsh.c (VSH_CMD_BLOCK_JOB_COPY): New mode.
	(blockJobImpl): Support new flags.
	(cmdBlockCopy): New command.
	(cmdBlockJob): Support new job info, new abort flag.
	* tools/virsh.pod (blockcopy, blockjob): Document the new command
	and flags.

2012-04-23  Eric Blake  <eblake@redhat.com>

	blockjob: add new API flags
	This patch introduces a new block job, useful for live storage
	migration using pre-copy streaming.  Justification for including
	this under virDomainBlockRebase rather than adding a new command
	includes: 1) there are now two possible block jobs in qemu, with
	virDomainBlockRebase starting either type of command, and
	virDomainBlockJobInfo and virDomainBlockJobAbort working to end
	either type; 2) reusing this command allows distros to backport
	this feature to the libvirt 0.9.10 API without a .so bump.

	Note that a future patch may add a more powerful interface named
	virDomainBlockJobCopy, dedicated to just the block copy job, in
	order to expose even more options (such as setting an arbitrary
	format type for the destination without having to probe it from a
	pre-existing destination file); adding a new command for targetting
	just block copy would be similar to how we already have
	virDomainBlockPull for targetting just the block pull job.

	Using a live VM with the backing chain:
	  base <- snap1 <- snap2
	as the starting point, we have:

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY)
	creates /path/to/copy with the same format as snap2, with no backing
	file, so entire chain is copied and flattened

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	creates /path/to/copy as a raw file, so entire chain is copied and
	flattened

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_SHALLOW)
	creates /path/to/copy with the same format as snap2, but with snap1 as
	a backing file, so only snap2 is copied.

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT)
	reuse existing /path/to/copy (must have empty contents, and format is
	probed[*] from the metadata), and copy the full chain

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_SHALLOW)
	reuse existing /path/to/copy (contents must be identical to snap1,
	and format is probed[*] from the metadata), and copy only the contents
	of snap2

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_SHALLOW|VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	reuse existing /path/to/copy (must be raw volume with contents
	identical to snap1), and copy only the contents of snap2

	Less useful combinations:

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_SHALLOW|
	    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	fail if source is not raw, otherwise create /path/to/copy as raw and
	the single file is copied (no chain involved)

	- virDomainBlockRebase(dom, disk, "/path/to/copy", 0,
	    VIR_DOMAIN_BLOCK_REBASE_COPY|VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT|
	    VIR_DOMAIN_BLOCK_REBASE_COPY_RAW)
	makes little sense: the destination must be raw but have no contents,
	meaning that it is an empty file, so there is nothing to reuse

	The other three flags are rejected without VIR_DOMAIN_BLOCK_COPY.

	[*] Note that probing an existing file for its format can be a security
	risk _if_ there is a possibility that the existing file is 'raw', in
	which case the guest can manipulate the file to appear like some other
	format.  But, by virtue of the VIR_DOMAIN_BLOCK_REBASE_COPY_RAW flag,
	it is possible to avoid probing of raw files, at which point, probing
	of any remaining file type is no longer a security risk.

	It would be nice if we could issue an event when pivoting from phase 1
	to phase 2, but qemu hasn't implemented that, and we would have to poll
	in order to synthesize it ourselves.  Meanwhile, qemu will give us a
	distinct job info and completion event when we either cancel or pivot
	to end the job.  Pivoting is accomplished via the new:

	virDomainBlockJobAbort(dom, disk, VIR_DOMAIN_BLOCK_JOB_ABORT_PIVOT)

	Management applications can pre-create the copy with a relative
	backing file name, and use the VIR_DOMAIN_BLOCK_REBASE_REUSE_EXT
	flag to have qemu reuse the metadata; if the management application
	also copies the backing files to a new location, this can be used
	to perform live storage migration of an entire backing chain.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_JOB_TYPE_COPY):
	New block job type.
	(virDomainBlockJobAbortFlags, virDomainBlockRebaseFlags): New enums.
	* src/libvirt.c (virDomainBlockRebase): Document the new flags,
	and implement general restrictions on flag combinations.
	(virDomainBlockJobAbort): Document the new flag.
	(virDomainSaveFlags, virDomainSnapshotCreateXML)
	(virDomainRevertToSnapshot, virDomainDetachDeviceFlags): Document
	restrictions.
	* include/libvirt/virterror.h (VIR_ERR_BLOCK_COPY_ACTIVE): New
	error.
	* src/util/virterror.c (virErrorMsg): Define it.

2012-04-23  Peter Krempa  <pkrempa@redhat.com>

	cpu: Improve error reporting on incompatible CPUs
	This patch modifies the CPU comparrison function to report the
	incompatibilities in more detail to ease identification of problems.

	* src/cpu/cpu.h:
	    cpuGuestData(): Add argument to return detailed error message.
	* src/cpu/cpu.c:
	    cpuGuestData(): Add passthrough for error argument.
	* src/cpu/cpu_x86.c
	    x86FeatureNames(): Add function to convert a CPU definition to flag
	                       names.
	    x86Compute(): - Add error message parameter
	                  - Add macro for reporting detailed error messages.
	                  - Improve error reporting.
	                  - Simplify calculation of forbidden flags.
	    x86DataIteratorInit():
	    x86cpuidMatchAny(): Remove functions that are no longer needed.
	* src/qemu/qemu_command.c:
	    qemuBuildCpuArgStr(): - Modify for new function prototype
	                          - Add detailed error reports
	                          - Change error code on incompatible processors
	                            to VIR_ERR_CONFIG_UNSUPPORTED instead of
	                            internal error
	* tests/cputest.c:
	    cpuTestGuestData(): Modify for new function prototype

2012-04-22  Wen Congyang  <wency@cn.fujitsu.com>

	building: remove libvirt_dbus.syms from EXTRA_DIST
	commit 2223ea98 removes src/libvirt_dbus.syms, but it forgets
	to remove it from EXTRA_DIST. It will cause 'make dist' failed.

2012-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	win32: Properly handle TlsGetValue returning NULL
	virThreadSelf tries to access the virThreadPtr stored in TLS for the
	current thread via TlsGetValue. When virThreadSelf is called on a thread
	that was not created via virThreadCreate (e.g. the main thread) then
	TlsGetValue returns NULL as TlsAlloc initializes TLS slots to NULL.

	virThreadSelf can be called on the main thread via this call chain from
	virsh

	vshDeinit
	virEventAddTimeout
	virEventPollAddTimeout
	virEventPollInterruptLocked
	virThreadIsSelf

	triggering a segfault as virThreadSelf unconditionally dereferences the
	return value of TlsGetValue.

	Fix this by making virThreadSelf check the TLS slot value for NULL and
	setting the given virThreadPtr accordingly.

	Reported by Marcel Müller.

2012-04-21  Ryan Woodsmall  <rwoodsmall@gmail.com>

	esx: Fix segfault in esxConnectToHost
	Caused by commit 4445e16bfa8056980ac643fabf17186f9e685925 that
	made the code used the connection private data pointer before
	it was initialized.

2012-04-20  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up getHostname

2012-04-20  Eric Blake  <eblake@redhat.com>

	virnetserver: handle sigaction correctly
	POSIX says that sa_sigaction is only safe to use if sa_flags
	includes SA_SIGINFO; conversely, sa_handler is only safe to
	use when flags excludes that bit.  Gnulib doesn't guarantee
	an implementation of SA_SIGINFO, but does guarantee that
	if SA_SIGINFO is undefined, we can safely define it to 0 as
	long as we don't dereference the 2nd or 3rd argument of
	any handler otherwise registered via sa_sigaction.

	Based on a report by Wen Congyang.

	* src/rpc/virnetserver.c (SA_SIGINFO): Stub for mingw.
	(virNetServerSignalHandler): Avoid bogus dereference.
	(virNetServerFatalSignal, virNetServerNew): Set flags properly.
	(virNetServerAddSignalHandler): Drop unneeded #ifdef.

2012-04-20  Eric Blake  <eblake@redhat.com>

	conf: remove redundant ()
	I almost copied-and-pasted some redundant () into my new code,
	and figured a general cleanup prereq patch would be better instead.

	No semantic change.

	* src/conf/domain_conf.c (virDomainLeaseDefParseXML)
	(virDomainDiskDefParseXML, virDomainFSDefParseXML)
	(virDomainActualNetDefParseXML, virDomainNetDefParseXML)
	(virDomainGraphicsDefParseXML, virDomainVideoAccelDefParseXML)
	(virDomainVideoDefParseXML, virDomainHostdevFind)
	(virDomainControllerInsertPreAlloced, virDomainDefParseXML)
	(virDomainObjParseXML, virDomainCpuSetFormat)
	(virDomainCpuSetParse, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainTimerDefFormat, virDomainGraphicsListenDefFormat)
	(virDomainDefFormatInternal, virDomainNetGetActualHostdev)
	(virDomainNetGetActualBandwidth, virDomainGraphicsGetListen):
	Reduce extra ().

2012-04-20  Eric Blake  <eblake@redhat.com>

	build: avoid strtol and strtod
	Ensure we don't introduce any more lousy integer parsing in new
	code, while avoiding a scrub-down of existing legacy code.

	Note that we also need to enable sc_prohibit_atoi_atof (see cfg.mk
	local-checks-to-skip) before we are bulletproof, but that also
	entails scrubbing I'm not ready to do at the moment.

	* src/util/util.c (virStrToLong_i, virStrToLong_ui)
	(virStrToLong_l, virStrToLong_ul, virStrToLong_ll)
	(virStrToLong_ull, virStrToDouble): Mark exemptions.
	* src/util/virmacaddr.c (virMacAddrParse): Likewise.
	* cfg.mk (sc_prohibit_strtol): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_strtol): Ignore files that
	I'm not willing to fix yet.
	(local-checks-to-skip): Re-enable sc_prohibit_atoi_atof.

2012-04-20  Eric Blake  <eblake@redhat.com>

	conf: tighten up XML integer parsing
	https://bugzilla.redhat.com/show_bug.cgi?id=617711 reported that
	even with my recent patched to allow <memory unit='G'>1</memory>,
	people can still get away with trying <memory>1G</memory> and
	silently get <memory unit='KiB'>1</memory> instead.  While
	virt-xml-validate catches the error, our C parser did not.

	Not to mention that it's always fun to fix bugs while reducing
	lines of code.  :)

	* src/conf/domain_conf.c (virDomainParseMemory): Check for parse error.
	(virDomainDefParseXML): Avoid strtoll.
	* src/conf/storage_conf.c (virStorageDefParsePerms): Likewise.
	* src/util/xml.c (virXPathLongBase, virXPathULongBase)
	(virXPathULongLong, virXPathLongLong): Likewise.

2012-04-20  Eric Blake  <eblake@redhat.com>

	virsh: avoid strtol
	We were forgetting to check errno for overflow.

	* tools/virsh.c (get_integer_keycode, vshCommandOptInt)
	(vshCommandOptUInt, vshCommandOptUL, vshCommandOptLongLong)
	(vshCommandOptULongLong): Rewrite to be safer.

2012-04-20  Eric Blake  <eblake@redhat.com>

	build: avoid type-punning in vbox
	Commit 78345c68 makes at least gcc 4.1.2 on RHEL 5 complain:

	cc1: warnings being treated as errors
	In file included from vbox/vbox_V4_0.c:13:
	vbox/vbox_tmpl.c: In function 'vboxDomainUndefineFlags':
	vbox/vbox_tmpl.c:5298: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Use union to
	avoid compiler warning.

2012-04-20  Eric Blake  <eblake@redhat.com>

	build: fix fresh checkout on RHEL5
	Building a fresh checkout on RHEL 5 has been broken since commit
	29db7a00, due to a gnulib regression in the bootstrap script
	(incremental builds from a checkout earlier than that point were
	okay, though).

	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Resync from gnulib.
	* gnulib/local/top/maint.mk.diff: Drop patch that was added
	upstream in the meantime.

2012-04-19  Eric Blake  <eblake@redhat.com>

	virsh: avoid uninitialized memory usage
	Detected by valgrind, via Alex Jia.  Caused by imcomplete
	copy-and-paste from vshWatchJob in commit 3b96a892.

	* tools/virsh.c (cmdBlockPull): fix uninitialized memory usage.

	* How to reproduce?
	$ qemu-img create /var/lib/libvirt/images/test 1M
	$ cat > /tmp/test.xml <<EOF
	<domain type='qemu'>
	  <name>test</name>
	  <memory>219200</memory>
	  <vcpu>1</vcpu>
	  <os>
	    <type arch='x86_64'>hvm</type>
	    <boot dev='hd'/>
	  </os>
	  <devices>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test'/>
	      <target dev='vda' bus='virtio'/>
	    </disk>
	    <input type='mouse' bus='ps2'/>
	    <graphics type='spice' autoport='yes' listen='0.0.0.0'/>
	  </devices>
	</domain>
	EOF
	$ virsh define /tmp/test.xml
	$ valgrind -v virsh blockpull test /var/lib/libvirt/images/test --wait

	actual result:

	==10906== 1 errors in context 1 of 1:
	==10906== Syscall param rt_sigaction(act->sa_flags) points to uninitialised byte(s)
	==10906==    at 0x39CF80F5BE: __libc_sigaction (sigaction.c:67)
	==10906==    by 0x43016C: cmdBlockPull (virsh.c:7638)
	==10906==    by 0x4150D4: vshCommandRun (virsh.c:18574)
	==10906==    by 0x425E73: main (virsh.c:20178)
	==10906==  Address 0x7fefffae8 is on thread 1's stack

2012-04-19  Daniel P. Berrange  <berrange@redhat.com>

	The policy kit and HAL node device drivers both require a DBus connection. The HAL device code further requires that the DBus connection is integrated with the event loop and provides such glue logic itself.
	The forthcoming FirewallD integration also requires a
	dbus connection with event loop integration. Thus we need
	to pull the current event loop glue out of the HAL driver.

	Thus we create src/util/virdbus.{c,h} files. This contains
	just one method virDBusGetSystemBus() which obtains a handle
	to the single shared system bus instance, with event glue
	automagically setup.

2012-04-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Fix support for trusted DHCP servers
	Fix the support for trusted DHCP server in the ebtables code's
	hard-coded function applying DHCP only filtering rules:
	Rather than using a char * use the more flexible
	virNWFilterVarValuePtr that contains the trusted DHCP server(s)
	IP address. Process all entries.

	Since all callers so far provided NULL as parameter, no changes
	are necessary in any other code.

2012-04-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Support for atomic operations on integers
	For threading support, add atomic add and sub operations working on
	integers. Base this on locking support provided by virMutex.

	Implement virHashRemoveAll function
	Implement function to remove all entries of a hash table.

2012-04-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix and clarify the --title flag for the list command in man page

2012-04-19  Eric Blake  <eblake@redhat.com>

	util: remove dead casts
	The sequence:
	  long long val;
	  if ((long long) val != val)
	is dead code.

	* src/util/util.c (virStrToLong_ll, virStrToLong_ull): Remove
	useless cast.

2012-04-18  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	util: only register callbacks for CREATE operations in virnetdevmacvlan.c
	Currently upon a migration a callback is created when a 802.1qbg link
	is set to PREASSOCIATE, this should not happen because this is a no-op
	on most switches, and does not lead to an ASSOCIATE state.  This patch
	only creates callbacks when CREATE or RESTORE is requested.  Migration
	and libvirtd restart scenarios are already handled elsewhere.

2012-04-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix a memory leak
	The below patch fixes the following memory leak.

	==20624== 24 bytes in 2 blocks are definitely lost in loss record 532 of 1,867
	==20624==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
	==20624==    by 0x38EC27FC01: strdup (strdup.c:43)
	==20624==    by 0x4EB6BA3: virDomainChrSourceDefCopy (domain_conf.c:1122)
	==20624==    by 0x495D76: qemuProcessFindCharDevicePTYs (qemu_process.c:1497)
	==20624==    by 0x498321: qemuProcessWaitForMonitor (qemu_process.c:1258)
	==20624==    by 0x49B5F9: qemuProcessStart (qemu_process.c:3652)
	==20624==    by 0x468B5C: qemuDomainObjStart (qemu_driver.c:4753)
	==20624==    by 0x469171: qemuDomainStartWithFlags (qemu_driver.c:4810)
	==20624==    by 0x4F21735: virDomainCreate (libvirt.c:8153)
	==20624==    by 0x4302BF: remoteDispatchDomainCreateHelper (remote_dispatch.h:852)
	==20624==    by 0x4F72C14: virNetServerProgramDispatch (virnetserverprogram.c:416)
	==20624==    by 0x4F6D690: virNetServerHandleJob (virnetserver.c:164)
	==20624==    by 0x4E8F43D: virThreadPoolWorker (threadpool.c:144)
	==20624==    by 0x4E8EAB5: virThreadHelper (threads-pthread.c:161)
	==20624==    by 0x38EC606CCA: start_thread (pthread_create.c:301)
	==20624==    by 0x38EC2E0C2C: clone (clone.S:115)

2012-04-17  Eric Blake  <eblake@redhat.com>

	blockjob: add virsh blockpull --wait
	I'm tired of shell-scripting to wait for completion of a block pull,
	when virsh can be taught to do the same.  I couldn't quite reuse
	vshWatchJob, as this is not a case of a long-running command where
	a second thread must be used to probe job status (at least, not unless
	I make virsh start doing blocking waits for an event to fire), but it
	served as inspiration for my simpler single-threaded loop.  There is
	up to a half-second delay between sending SIGINT and the job being
	aborted, but I didn't think it worth the complexity of a second thread
	and use of poll() just to minimize that delay.

	* tools/virsh.c (cmdBlockPull): Add new options to wait for
	completion.
	(blockJobImpl): Add argument.
	(cmdBlockJob): Adjust caller.
	* tools/virsh.pod (blockjob): Document new mode.

2012-04-17  Eric Blake  <eblake@redhat.com>

	qemu: use consistent error when qemu binary is too old
	Most of our errors complaining about an inability to support a
	particular action due to qemu limitations used CONFIG_UNSUPPORTED,
	but we had a few outliers.  Reported by Jiri Denemark.

	* src/qemu/qemu_command.c (qemuBuildDriveDevStr): Prefer
	CONFIG_UNSUPPORTED.
	* src/qemu/qemu_driver.c (qemuDomainReboot)
	(qemuDomainBlockJobImpl): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciControllerDevice):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorTransaction)
	(qemuMonitorBlockJob, qemuMonitorSystemWakeup): Likewise.

2012-04-17  Eric Blake  <eblake@redhat.com>

	virsh: minor syntactic cleanups
	No semantic change.

	* tools/virsh.c: Fix some spacing issues, {} usage, long lines,
	and redundant ().

2012-04-17  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vbox: avoid provoking assertions in VBoxSVC
	Passing a NULL pointer to IMachine::delete virtualbox API
	causes VBoxSVC to raise an assertion. This patch passes
	an empty array instead.

2012-04-17  Osier Yang  <jyang@redhat.com>

	docs: Improve the schema for fs device
	<filesystemtgt> is redundant, as every group uses it; <address>
	shouldn't be in <filesystemtgt> in case of the meaning could be
	"filesystemtarget"; The elements <address>, <alias>, <target>,
	... should be interleaved.

	conf: Do not parse cpuset only if the placement is auto
	So that a domain xml which doesn't have "placement" specified, but
	"cpuset" is specified, could be parsed. And in this case, the
	"placement" mode will be set as "static".

	tests: Update read-bufsiz to delete the UUID of vm XML
	Since now we have fixed domain UUID for test driver, defining
	a domain with different name but same UUID doesn't work any
	more. This patch delete the UUID from the dumped XML so that
	it could be generated.

2012-04-17  Osier Yang  <jyang@redhat.com>

	test: Set the fixed uuid for the default XMLs
	The objects (domain, pool, network, etc) for testing are defined/
	started each time when opening a connect to test driver, and thus
	the UUID for the objects will be generated each time, with different
	values. e.g.

	% for i in {1..3}; do ./tools/virsh --connect \
	  test:///default dumpxml test | grep uuid; done
	  <uuid>a1b6ee1f-97de-f0ee-617a-0cdb74947df5</uuid>
	  <uuid>ee68d7d2-3eb9-593e-2769-797ce1f4c4aa</uuid>
	  <uuid>fecb1d3a-918a-8412-e534-76192cf32b18</uuid>

	It's the potential bug which can cause operations like below to fail:

	$ virsh -c test:///default dumpxml test > test.xml

	[ Some modificatons, though it's not supported, but it should work ]

	$ virsh -c test:///default define test.xml

	This patch set fixed UUID for objects which support it. (domain,
	pool, network).

2012-04-17  Osier Yang  <jyang@redhat.com>

	qemu: Split ide-drive into ide-cd and ide-hd
	A "ide-drive" device can be either a hard disk or a CD-ROM,
	if there is ",media=cdrom" specified for the backend, it's
	a CD-ROM, otherwise it's a hard disk.

	Upstream qemu splitted "ide-drive" into "ide-hd" and "ide-cd"
	since commit 1f56e32, and ",media=cdrom" is not required for
	ide-cd anymore. "ide-drive" is still supported for backwards
	compatibility, but no doubt we should go foward.

2012-04-17  Osier Yang  <jyang@redhat.com>

	qemu: Split scsi-disk into into scsi-hd and scsi-cd
	A "scsi-disk" device can be either a hard disk or a CD-ROM,
	if there is ",media=cdrom" specified for the backend, it's
	a CD-ROM, otherwise it's a hard disk.

	But upstream qemu splitted "scsi-disk" into "scsi-hd" and
	"scsi-cd" since commit b443ae, and ",media=cdrom" is not
	required for scsi-cd anymore. "scsi-disk" is still supported
	for backwards compatibility, but no doubt we should go
	foward.

2012-04-17  Jan Kiszka  <jan.kiszka@siemens.com>

	Do not enforce source type of console[0]
	If console[0] is an alias for serial[0], do not enforce the former to
	have a PTY source type. This breaks serial consoles on stdio and makes
	no sense.

2012-04-17  Stefan Bader  <stefan.bader@canonical.com>

	xen: do not use ioemu type for any emulated NIC
	When using the xm/xend stack to manage instances there is a bug
	that causes the emulated interfaces to be unusable when the vif
	config contains type=ioemu.

	The current code already has a special quirk to not use this
	keyword if no specific model is given for the emulated NIC
	(defaulting to rtl8139).
	Essentially it works because regardless of the type argument,i
	the Xen stack always creates emulated and paravirt interfaces and
	lets the guest decide which one to use. So neither xl nor xm stack
	actually require the type keyword for emulated NICs.

2012-04-17  Osier Yang  <jyang@redhat.com>

	openvz: Correct the comments for new node APIs
	It should be 0.9.12 instead of 0.9.11

2012-04-16  Christophe Fergeau  <cfergeau@redhat.com>

	docs: fix 'omitted' typo in <cputune> doc
	'omitted' was mispelt 'commited' twice. One of the sentences with
	the typo was also missing an 'is' ('each VCPU *is* pinned to all...')
	which I added in this commit while I was at it.

	docs: add missing </span> in <vcpu placement> doc

2012-04-16  Michal Privoznik  <mprivozn@redhat.com>

	qemuProcessStart: Switch to flags instead of bunch booleans
	Currently, we have 3 boolean arguments we have to pass
	to qemuProcessStart(). As libvirt grows it is harder and harder
	to remember them and their position. Therefore we should
	switch to flags instead.

2012-04-16  Guido Günther  <agx@sigxcpu.org>

	docs: fix path to openvz network configuration file
	It's vznet.conf not vznetctl.conf, see e.g.:

	http://git.openvz.org/?p=vzctl;a=blob;f=bin/vznetcfg.in;h=e91f5c4a0744c1ea149e1b8c241b666052e10b12;hb=HEAD

2012-04-16  Cole Robinson  <crobinso@redhat.com>

	storage: lvm: use correct lv* command parameters
	lvcreate want's the parent pool's name, not the pool path
	lvchange and lvremove want lv specified as $vgname/$lvname

	This largely worked before because these commands strip off a
	starting /dev. But https://bugzilla.redhat.com/show_bug.cgi?id=714986
	is from a user using a 'nested VG' that was having problems.

	I couldn't find any info on nested LVM and the reporter never responded,
	but I reproduced with XML that specified a valid source name, and
	set target path to a symlink.

2012-04-16  Osier Yang  <jyang@redhat.com>

	qemu: Avoid the memory allocation and freeing

	numad: Ignore cpuset if placement is auto
	As explained in previous patch, numad will balance the affinity
	dynamically, so reflecting the cpuset from numad at the first
	time doesn't make much case, and may just could cause confusion.

2012-04-16  Osier Yang  <jyang@redhat.com>

	numad: Convert node list to cpumap before setting affinity
	Instead of returning a CPUs list, numad returns NUMA node
	list instead, this patch is to convert the node list to
	cpumap before affinity setting. Otherwise, the domain
	processes will be pinned only to CPU[$numa_cell_num],
	which will cause significiant performance losses.

	Also because numad will balance the affinity dynamically,
	reflecting the cpuset from numad back doesn't make much
	sense then, and it may just could produce confusion for
	the users. Thus the better way is not to reflect it back
	to XML. And in this case, it's better to ignore the cpuset
	when parsing XML.

	The codes to update the cpuset is removed in this patch
	incidentally, and there will be a follow up patch to ignore
	the manually specified "cpuset" if "placement" is "auto",
	and document will be updated too.

2012-04-16  Daniel Veillard  <veillard@redhat.com>

	Set Martin Kletzander as a commiter

2012-04-16  Guido Günther  <agx@sigxcpu.org>

	openvz: wire up more node information functions
	in detail nodeGetCPUStats, nodeGetMemoryStats, nodeGetCellsFreeMemory
	and nodeGetFreeMemory

2012-04-15  Guido Günther  <agx@sigxcpu.org>

	Fix macvtap detection by also checking for IFLA_VF_MAX
	since this isn't available on older kernels such as Debian Squeeze's
	2.6.32. This make --with-macvtap=check work as expected.

2012-04-13  Philipp Hahn  <hahn@univention.de>

	virnetdev: Check for defined IFLA_VF_*
	The linux-2.6.32 kernel header does not yet define IFLA_VF_MAX and others,
	which breaks compiling a new libvirt on old systems like Debian Squeeze.

	(I also have to add --without-macvtap --disable-werror --without-virtualport to
	 ./configure to get it to compile.)

2012-04-13  Daniel Veillard  <veillard@redhat.com>

	Web placeholder for pending patches on the web site
	This is based on recent developments on patch checker and the
	goal is to keep a list of pending patches needing review on the
	project web site. The page template in git just holds a pointer
	to the web page.

2012-04-13  Michal Privoznik  <mprivozn@redhat.com>

	gitignore: Reorder alphabetically
	Recent git reorders .gitignore alphabetically. However, changes are
	not committed and I am tired of discarding these changes from
	my patches.

	conf: Avoid double assignment in virDomainDiskRemove
	Although it should be harmless to do:
	    disk = disk = def->disks[i]
	some not-so-wise compilers may fool around.
	Besides, such assignment is useless here.

	qemu: Fix mem leak in qemuProcessInitCpuAffinity
	If placement mode is AUTO, on some return paths char *cpumap or
	char *nodeset are leaked.

2012-04-13  Stefan Bader  <stefan.bader@canonical.com>

	xend_internal: Use domain/status for shutdown check
	On newer xend (v3.x and after) there is no state and domid reported
	for inactive domains. When initially creating connections this is
	handled in various places by assigning domain->id = -1.
	But once an instance has been running, the id is set to the current
	domain id. And it does not change when the instance is shut down.
	So when querying the domain info, the hypervisor driver, which gets
	asked first will indicate it cannot find information, then the
	xend driver is asked and will set the status to NOSTATE because it
	checks for the -1 domain id.
	Checking domain/status for 0 seems to be more reliable for that.

	One note: I am not sure whether the domain->id also should get set
	back to -1 whenever any sub-driver thinks the instance is no longer
	running.

	BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=746007
	BugLink: http://bugs.launchpad.net/bugs/929626

2012-04-12  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	qemu,util: fix netlink callback registration for migration
	This patch adds a netlink callback when migrating a VEPA enabled
	virtual machine.  It fixes a Bug where a VM would not request a port
	association when it was cleared by lldpad.

	This patch requires the latest git version of lldpad to work.

2012-04-12  Michal Privoznik  <mprivozn@redhat.com>

	qemuOpenFile: Don't force chown on NFS
	If dynamic_ownership is off and we are creating a file on NFS
	we force chown. This will fail as chown/chmod are not supported
	on NFS. However, with no dynamic_ownership we are not required
	to do any chown.

2012-04-12  Alex Jia  <ajia@redhat.com>

	daemon: Plug memory leaks
	* daemon/libvirtd-config.c (daemonConfigFree): fix memory leaks.

	How to reproduce?

	% make && make -C tests check TESTS=libvirtdconftest
	% cd tests && valgrind -v --leak-check=full ./libvirtdconftest

	actual result:

	==11008== 185 bytes in 5 blocks are definitely lost in loss record 3 of 5
	==11008==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==11008==    by 0x39CF07F6E1: strdup (strdup.c:43)
	==11008==    by 0x406626: daemonConfigLoadOptions (libvirtd-config.c:438)
	==11008==    by 0x406800: daemonConfigLoadData (libvirtd-config.c:492)
	==11008==    by 0x403CCF: testCorrupt (libvirtdconftest.c:110)
	==11008==    by 0x404FAD: virtTestRun (testutils.c:145)
	==11008==    by 0x403A34: mymain (libvirtdconftest.c:219)
	==11008==    by 0x404687: virtTestMain (testutils.c:700)
	==11008==    by 0x39CF01ECDC: (below main) (libc-start.c:226)
	==11008==
	==11008== LEAK SUMMARY:
	==11008==    definitely lost: 185 bytes in 5 blocks

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: allow for fast-finishing job
	In my testing, I was able to provoke an odd block pull failure:

	$ virsh blockpull dom vda --bandwidth 10000
	error: Requested operation is not valid: No active operation on device: drive-virtio-disk0

	merely by using gdb to artifically wait to do the block job set speed
	until after the pull had already finished.  But in reality, that should
	be a success, since the pull finished before we had a chance to set
	speed.  Furthermore, using a double job lock is not only annoying, but
	a bug in itself - if you do parallel virDomainBlockRebase, and hit
	the race window just right, the first call grabs the VM job to start
	a fast block job, then the second call grabs the VM job to start
	a long-running job with unspecified speed, then the first call finally
	regrabs the VM job and sets the speed, which ends up running the
	second job under the speed from the first call.  By consolidating
	things into a single job, we avoid opening that race, as well as reduce
	the time between starting the job and changing the speed, for less
	likelihood of the speed change happening after block job completion
	in the first place.

	* src/qemu/qemu_monitor.h (BLOCK_JOB_CMD): Add new mode.
	* src/qemu/qemu_driver.c (qemuDomainBlockRebase): Move secondary
	job call...
	(qemuDomainBlockJobImpl): ...here, for fewer locks.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Change
	return value on new internal mode.

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: wire up qemu async virDomainBlockJobAbort
	Without the VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC flag, libvirt will internally
	poll using qemu's "query-block-jobs" API and will not return until the
	operation has been completed.  API users are advised that this operation
	is unbounded and further interaction with the domain during this period
	may block.  Future patches may refactor things to allow other queries in
	parallel with this polling.  For older qemu, we synthesize the cancellation
	event, since qemu won't generate it.

	The choice of polling duration copies from the code in qemu_migration.c.

	Cc: Stefan Hajnoczi <stefanha@gmail.com>

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: optimize JSON event handler lookup
	Probably in the noise, but this will let us scale more efficiently
	as we learn to recognize even more qemu events.

	* src/qemu/qemu_monitor_json.c (eventHandlers): Sort.
	(qemuMonitorEventCompare): New helper function.
	(qemuMonitorJSONIOProcessEvent): Optimize event lookup.

2012-04-12  Adam Litke  <agl@us.ibm.com>

	blockjob: add API for async virDomainBlockJobAbort
	Block job cancellation can take a while.  Now that upstream qemu 1.1
	has asynchronous block cancellation, we want to expose that to the user.
	Therefore, the following updates are made to the virDomainBlockJob API:

	A new block job event type VIR_DOMAIN_BLOCK_JOB_CANCELED is managed by
	libvirt.  Regardless of the flags used with virDomainBlockJobAbort, this
	event will be raised: 1. when using synchronous block_job_cancel (the
	event will be synthesized by libvirt), and 2. whenever it is received
	from qemu (via asynchronous block-job-cancel).  Note that the event
	may be detected by libvirt even before the virDomainBlockJobAbort
	completes (always true when it is synthesized, but also possible if
	cancellation was fast).

	A new extension flag VIR_DOMAIN_BLOCK_JOB_ABORT_ASYNC is added to the
	virDomainBlockJobAbort API.  When enabled, this function will allow
	(but not require) asynchronous operation (ie, it returns as soon as
	possible, which might be before the job has actually been canceled).
	When the API is used in this mode, it is the responsibility of the
	caller to wait for a VIR_DOMAIN_BLOCK_JOB_CANCELED event or poll via
	the virDomainGetBlockJobInfo API to check the cancellation status.

	This patch also exposes the new flag through virsh, and makes virsh
	slightly easier to use (--async implies --abort, and lack of any options
	implies --info), although it leaves the qemu implementation for later
	patches.

	Cc: Stefan Hajnoczi <stefanha@gmail.com>

2012-04-12  Eric Blake  <eblake@redhat.com>

	blockjob: add qemu capabilities related to block pull jobs
	RHEL 6.2 was released with an early version of block jobs, which only
	worked on the qed file format, where the commands were spelled with
	underscore (contrary to QMP style), and where 'block_job_cancel' was
	synchronous and did not trigger an event.

	The upcoming qemu 1.1 release has fixed these short-comings [1][2]:
	the commands now work on multiple file types, are spelled with dash,
	and 'block-job-cancel' is asynchronous and emits an event upon conclusion.

	[1]qemu commit 370521a1d6f5537ea7271c119f3fbb7b0fa57063
	[2]https://lists.gnu.org/archive/html/qemu-devel/2012-04/msg01248.html

	This patch recognizes the new spellings, and fixes virDomainBlockRebase
	to give a graceful error when talking to a too-old qemu on a partial
	rebase attempt.  Fixes for the new semantics will come later.  This
	patch also removes a bogus ATTRIBUTE_NONNULL mistakenly added in
	commit 10ec36e2.

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_BLOCKJOB_SYNC)
	(QEMU_CAPS_BLOCKJOB_ASYNC): New bits.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	them.
	(qemuMonitorJSONBlockJob): Manage both command names.
	(qemuMonitorJSONDiskSnapshot): Minor formatting fix.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Alter signature.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Pass through
	capability bit.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Update callers.

2012-04-11  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix deadlock when qemuDomainOpenConsole cleans up a connection
	The new safe console handling introduced a possibility to deadlock the
	qemu driver when a new console connection forcibly disconnects a
	previous console stream that belongs to an already closed connection.

	The virStreamFree function calls subsequently a the virReleaseConnect
	function that tries to lock the driver while discarding the connection,
	but the driver was already locked in qemuDomainOpenConsole.

	Backtrace of the deadlocked thread:
	0  0x00007f66e5aa7f14 in __lll_lock_wait () from /lib64/libpthread.so.0
	1  0x00007f66e5aa3411 in _L_lock_500 () from /lib64/libpthread.so.0
	2  0x00007f66e5aa322a in pthread_mutex_lock () from/lib64/libpthread.so.0
	3  0x0000000000462bbd in qemudClose ()
	4  0x00007f66e6e178eb in virReleaseConnect () from/usr/lib64/libvirt.so.0
	5  0x00007f66e6e19c8c in virUnrefStream () from /usr/lib64/libvirt.so.0
	6  0x00007f66e6e3d1de in virStreamFree () from /usr/lib64/libvirt.so.0
	7  0x00007f66e6e09a5d in virConsoleHashEntryFree () from/usr/lib64/libvirt.so.0
	8  0x00007f66e6db7282 in virHashRemoveEntry () from/usr/lib64/libvirt.so.0
	9  0x00007f66e6e09c4e in virConsoleOpen () from /usr/lib64/libvirt.so.0
	10 0x00000000004526e9 in qemuDomainOpenConsole ()
	11 0x00007f66e6e421f1 in virDomainOpenConsole () from/usr/lib64/libvirt.so.0
	12 0x00000000004361e4 in remoteDispatchDomainOpenConsoleHelper ()
	13 0x00007f66e6e80375 in virNetServerProgramDispatch () from/usr/lib64/libvirt.so.0
	14 0x00007f66e6e7ae11 in virNetServerHandleJob () from/usr/lib64/libvirt.so.0
	15 0x00007f66e6da897d in virThreadPoolWorker () from/usr/lib64/libvirt.so.0
	16 0x00007f66e6da7ff6 in virThreadHelper () from/usr/lib64/libvirt.so.0
	17 0x00007f66e5aa0c5c in start_thread () from /lib64/libpthread.so.0
	18 0x00007f66e57e7fcd in clone () from /lib64/libc.so.6

	* src/qemu/qemu_driver.c: qemuDomainOpenConsole()
	        -- unlock the qemu driver right after acquiring the domain
	        object

2012-04-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Warn on possibly incorrect usage of EnterMonitor*
	qemuDomainObjEnterMonitor{,WithDriver} should not be called from async
	jobs, only EnterMonitorAsync variant is allowed.

	qemu: Track job owner for better debugging
	In case an API fails with "cannot acquire state change lock", searching
	for the API that possibly forgot to end its job is not always easy.
	Let's keep track of the job owner and print it out for easier
	identification.

2012-04-11  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid excessive calls to qemuDomainObjSaveJob()
	As reported by Daniel Berrangé, we have a huge performance regression
	for virDomainGetInfo() due to the change which makes virDomainEndJob()
	save the XML status file every time it is called. Previous to that
	change, 2000 calls to virDomainGetInfo() took ~2.5 seconds. After that
	change, 2000 calls to virDomainGetInfo() take 2 *minutes* 45 secs.

	We made the change to be able to recover from libvirtd restart in the
	middle of a job. However, only destroy and async jobs are taken care of.
	Thus it makes more sense to only save domain state XML when these jobs
	are started/stopped.

2012-04-11  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix libvirtdconftest in VPATH build
	Without this, libvirtdconftest fails to build with "fatal error:
	daemon/libvirtd-config.h: No such file or directory"

2012-04-10  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Add libvirtd-config.c to the list of files to translate

2012-04-10  Eric Blake  <eblake@redhat.com>

	build: avoid s390 compiler warnings
	I noticed these compiler warnings when building for the s390 architecture.

	* src/node_device/node_device_udev.c (udevDeviceMonitorStartup):
	Mark unused variable.
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Avoid unused variable.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Wire up <loader> to set the QEMU BIOS path
	* src/qemu/qemu_command.c: Wire up -bios with <loader>
	* tests/qemuxml2argvdata/qemuxml2argv-bios.args,
	  tests/qemuxml2argvdata/qemuxml2argv-bios.xml: Expand
	  existing BIOS test case to cover <loader>

2012-04-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clean up usage of boolean flag variables
	This patch cleans up variables used to store boolean command flags that
	are inquired by vshCommandOptBool to use the bool data type instead of
	an integer.

	Additionally this patch cleans up flag variables that are inferred from
	existing flags.

2012-04-10  Peter Krempa  <pkrempa@redhat.com>

	virsh: Clarify use of the --managed-save flag for the list command
	The documentation for the flag doesn't clearly state that the flag only
	enhances the output and the user needs to specify other flags to list
	inactive domains, that are enhanced by this flag.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix comment about GNUTLS initialization/cleanup

2012-04-10  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Fix compilation error on 32bit
	Below code failed to compile on a 32 bit machine with error

	typewrappers.c: In function 'libvirt_intUnwrap':
	typewrappers.c:135:5: error: logical 'and' of mutually exclusive tests is always false [-Werror=logical-op]
	cc1: all warnings being treated as errors

	The patch fixes this error.

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Replace daemon-conf test script with a proper test case
	The daemon-conf test script continues to be very fragile to
	changes in libvirt. It currently fails 1 time in 3/4 due
	to race conditions in startup/shutdown of the test script.

	Replace it with a proper test case tailored to the code
	being tested

	* tests/Makefile.am: Remove daemon-conf, add libvirtdconftest
	* tests/daemon-conf: Delete obsolete test
	* tests/libvirtdconftest.c: Test config file handling

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Switch libvirtd config loading code to use error APIs
	Using VIR_ERROR means the test suite can't catch error messages
	easily. Use the proper error reporting APIs instead

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Add API for loading daemon config from in-memory blob
	Rename existing daemonConfigLoad API to daemonConfigLoadFile and
	add an alternative daemonConfigLoadData

	* daemon/libvirtd-config.c, daemon/libvirtd-config.h: Add
	  daemonConfigLoadData and rename daemonConfigLoad to
	  daemonConfigLoadFile
	* daemon/libvirtd.c: Update for renamed API

2012-04-10  Daniel P. Berrange  <berrange@redhat.com>

	Split libvirtd config file loading out into separate files
	To enable creation of unit tests, split the libvirtd config file
	loading code out into separate files.

	* daemon/libvirtd.c: Delete config loading code / structs
	* daemon/libvirtd-config.c, daemon/libvirtd-config.h: Config
	  file loading APIs

2012-04-09  MATSUDA, Daiki  <matsudadik@intellilink.co.jp>

	UML: fix iteration over consoles
	I found typo in UML driver.

	MATSUDA Daiki

2012-04-06  Eric Blake  <eblake@redhat.com>

	snapshot: fix memory leak on error
	Leak introduced in commit 0436d32.  If we allocate an actions array,
	but fail early enough to never consume it with the qemu monitor
	transaction call, we leaked memory.

	But our semantics of making the transaction command free the caller's
	memory is awkward; avoiding the memory leak requires making every
	intermediate function in the call chain check for error.  It is much
	easier to fix things so that the function that allocates also frees,
	while the call chain leaves the caller's data intact.  To do that,
	I had to hack our JSON data structure to make it easy to protect a
	portion of an arbitrary JSON tree from being freed.

	* src/util/json.h (virJSONType): Name the enum.
	(_virJSONValue): New field.
	* src/util/json.c (virJSONValueFree): Use it to protect a portion
	of an array.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONTransaction): Avoid
	freeing caller's data.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive):
	Free actions array on failure.

2012-04-06  Michal Privoznik  <mprivozn@redhat.com>

	qemu_ga: Don't overwrite errors on FSThaw
	We can tell qemuDomainSnapshotFSThaw if we want it to report errors or
	not. However, if we don't want to and an error has been already set by
	previous qemuReportError() we must keep copy of that error not just a
	pointer to it. Otherwise, it get overwritten if FSThaw reports an error.

2012-04-06  Stefan Bader  <stefan.bader@canonical.com>

	xen config: No vfb in HVM guest configuration
	This causes an implicit vkbd device to be added which takes
	6min to finally fail being initialized in the guest.

	http://lists.xen.org/archives/html/xen-devel/2012-04/msg00409.html

2012-04-06  Eric Blake  <eblake@redhat.com>

	tests: avoid compiler warnings
	gcc 4.7 warns about uninitialized struct members

	* tests/testutilsqemu.c (testQemuCapsInit): Populate new members.
	* tests/viruritest.c (mymain): Likewise.

2012-04-06  Laine Stump  <laine@laine.org>

	test: fix build errors with gcc 4.7.0 and -O0
	When building on Fedora 17 (which uses gcc 4.7.0) with -O0 in CFLAGS,
	three of the tests failed to compile.

	cputest.c and qemuxml2argvtest.c had non-static structs defined
	inside the macro that was being repeatedly invoked. Due to some so-far
	unidentified change in gcc, the stack space used by variables defined
	inside { } is not recovered/re-used when the block ends, so all these
	structs have become additive (this is the same problem worked around
	in commit cf57d345b). Fortunately, these two files could be fixed with
	a single line addition of "static" to the struct definition in the
	macro.

	virnettlscontexttest.c was a bit different, though. The problem structs
	in the do/while loop of macros had non-constant initializers, so it
	took a bit more work and piecemeal initialization instead of member
	initialization to get things to be happy.

	In an ideal world, none of these changes should be necessary, but not
	knowing how long it will be until the gcc regressions are fixed, and
	since the code is just as correct after this patch as before, it makes
	sense to fix libvirt's build for -O0 while also reporting the gcc
	problem.

2012-04-06  Guido Günther  <agx@sigxcpu.org>

	virURIParse: don't forget to copy the user part
	This got dropped with 300e60e15b22387dda41ed5985a9ebadfd86dd25

	Cheers,
	 -- Guido

2012-04-05  Laine Stump  <laine@laine.org>

	test: fix segfault in networkxml2argvtest
	This bug resolves https://bugzilla.redhat.com/show_bug.cgi?id=810100

	rpm builds for i686 were failing with a segfault in
	networkxml2argvtest. Running under valgrind showed that a region of
	memory was being referenced after it had been freed (as the result of
	realloc - see the valgrind report in the BZ).

	The problem (in replaceTokens() - added in commit 22ec60, meaning this
	bug was in 0.9.10 and 0.9.11) was that the pointers token_start and
	token_end were being computed based on the value of *buf, then *buf
	was being realloc'ed (potentially moving it), then token_start and
	token_end were used without recomputing them to account for movement
	of *buf.

	The solution is to change the code so that token_start and token_end
	are offsets into *buf rather than pointers. This way there is only a
	single pointer to the buffer, and nothing needs readjusting after a
	realloc. (You may note that some uses of token_start/token_end didn't
	need to be changed to add in "*buf +" - that's because there ended up
	being a +*buf and -*buf which canceled each other out).

	DV gets the credit for finding this bug and pointing out the valgrind
	report.

2012-04-05  Alex Jia  <ajia@redhat.com>

	conf: Plug memory leaks on virDomainDiskDefParseXML
	Detected by valgrind. Leaks are introduced in commit b22eaa7.

	* src/conf/domain_conf.c (virDomainDiskDefParseXML): fix memory leaks.

	How to reproduce?

	% make && make -C tests check TESTS=qemuxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./qemuxml2argvtest

	actual result:

	==2143== 12 bytes in 2 blocks are definitely lost in loss record 74 of 179
	==2143==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2143==    by 0x39D90A67DD: xmlStrndup (xmlstring.c:45)
	==2143==    by 0x4F5EC0: virDomainDiskDefParseXML (domain_conf.c:3438)
	==2143==    by 0x502F00: virDomainDefParseXML (domain_conf.c:8304)
	==2143==    by 0x505FE3: virDomainDefParseNode (domain_conf.c:9080)
	==2143==    by 0x5069AE: virDomainDefParse (domain_conf.c:9030)
	==2143==    by 0x41CBF4: testCompareXMLToArgvHelper (qemuxml2argvtest.c:105)
	==2143==    by 0x41E5DD: virtTestRun (testutils.c:145)
	==2143==    by 0x416FA3: mymain (qemuxml2argvtest.c:399)
	==2143==    by 0x41DCB7: virtTestMain (testutils.c:700)
	==2143==    by 0x39CF01ECDC: (below main) (libc-start.c:226)

2012-04-04  Ilja Livenson  <ilja.livenson@gmail.com>

	openvz: support vzctl 3.1
	https://bugzilla.redhat.com/show_bug.cgi?id=809895

	Basically, openvz dropped strict version numbering (3.1 vs 3.1.0),
	which caused parsing to fail.

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't install sysctl file on non-Linux hosts
	* configure.ac: Set WITH_SYSCTL only on Linux hosts
	* daemon/Makefile.am: Conditionalize install-sysctl using WITH_SYSCTL

	Cc: Jason Helfman <jhelfman@e-e.com>

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix parallel build in docs/ directory
	Every now & then, with parallel builds, we get a failure to
	validate hvsupport.html.in.  I eventually noticed that this
	is because we get 2 instances of the generator running at
	once.

	We already list hvsupport.html.in in BUILT_SOURCES but this
	was not working. It turns out the flaw is that we were
	adding deps to the 'all:' target instead of the 'all-am:'
	target. BUILT_SOURCES is a dep of 'all', so any custom
	targets written in Makefile.am must use 'all-am:' so that
	they don't get run until BUILT_SOURCES are completely
	generated

	* docs/Makefile.am: s/all/all-am/

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Pull in GNULIB regex module for benefit of test suite on Win32

	Add linuxNodeInfoCPUPopulate to src/libvirt_linux.syms
	This symbol is used in the test suites

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix format specifiers in test cases on Win32
	Some of the test suites use fprintf with format specifiers
	that are not supported on Win32 and are not fixed by gnulib.

	The mingw32 compiler also has trouble detecting ssize_t
	correctly, complaining that 'ssize_t' does not match
	'signed size_t' (which it expects for %zd). Force the
	cast to size_t to avoid this problem

	* tests/testutils.c, tests/testutils.h: Fix printf
	  annotation on virTestResult. Use virVasprintf
	  instead of vfprintf
	* tests/virhashtest.c: Use VIR_WARN instead of fprintf(stderr).
	  Cast to size_t to avoid mingw32 compiler bug

2012-04-04  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Build activeUsbHostdevs list on process reconnect
	If the daemon is restarted it will lose list of active
	USB devices assigned to active domains. Therefore we need
	to rebuild this list on qemuProcessReconnect().

	qemu: Delete USB devices used by domain on stop
	To prevent assigning one USB device to two domains,
	we keep a list of assigned USB devices. On domain
	startup - qemuProcessStart() - we insert devices
	used by domain into the list but remove them only
	on detach-device. Devices are, however, released
	on qemuProcessStop() as well.

	qemu: Don't leak temporary list of USB devices
	and add debug message when adding USB device
	to the list of active devices.

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix initial hypervisor conditionals
	The openvz, virtualbox and vmware drivers do not run inside
	libvirtd, therefore they should be grouped with the other
	client side drivers

	Remove bogus xen-devel dep from libvirt-devel RPM
	The public libvirt API does not have any application visible
	dependency on Xen libraries. The xen-devel dependency is thus
	bogus

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Introduce per-hypervisor virtual RPMs
	Introduce a set sub-RPMs, one per hypervisor, which can be used
	as dependency targets by applications wishing to pull in the
	full stack of packages required for a specific hypervisor. This
	avoids the application needing to know what the hypervisor specific
	package set is.

	ie, applications should not need to know that using the libvirt
	Xen hypervisor requires the 'xen' RPM - libvirt should take care
	of that knowledge. All the application wants is 'libvirt-daemon-xen'

	There are 5 sub-RPMs:

	  libvirt-daemon-qemu - non-native TCG based emulators
	  libvirt-daemon-kvm  - native KVM hypervisor
	  libvirt-daemon-uml  - User Mode linux
	  libvirt-daemon-xen  - Xen, either via XenD or libxl
	  libvirt-daemon-lxc  - Linux native containers

	When driver modules get turned on, these sub-RPMs will also
	gain dependencies on the appropriate driver module .so files

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Split config files & daemon off from main daemon RPM
	Take the libvirt RPM and split it into three pieces

	 - libvirt-daemon - libvirtd & other mandatory bits for its operation
	 - libvirt-daemon-config-network - the virbr0 config definition
	 - libvirt-daemon-config-nwfilter - the firewall config rules

	For backwards compatibility with existing installs / application RPM
	deps, the 'libvirt' RPM is retained, but will have a dependency on
	the 3 new RPMs.

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Remove API XML files from libvirt RPM
	The API XML files are now formally installed as part of the
	libvirt-devel RPM. Thus there is no need to include them as
	%doc in the main libvirt RPM

2012-04-04  Daniel P. Berrange  <berrange@redhat.com>

	Move all documentation into a -docs sub-RPM
	Currently documentation is split between the libvirt RPM and the
	libvirt-devel RPM. In the client-only build there is no libvirt
	RPM, so the docs need to live elsewhere. The obvious answer is a
	dedicated libvirt-docs RPM. For back-compatibility make the
	libvirt-devel RPM require the libvirt-docs RPM

	* libvirt.spec.in: Create separate libvirt-docs RPM

2012-04-03  Eric Blake  <eblake@redhat.com>

	docs: fix typo in previous patch
	* docs/news.html.in: Fix accidental deletion.

2012-04-03  Michal Privoznik  <mprivozn@redhat.com>

	news.html.in: Fix </br> void tag
	Void elements should be written with slash *after* the tag name,
	not before, so they are not confused with ending tags.

	virsh: Clarify escape sequence
	Currently, we put no strains on escape sequence possibly leaving users
	with console that cannot be terminated. However, not all ASCII
	characters can be used as escape sequence. Only those falling in
	@ - _ can be; implement and document this constraint.

2012-04-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 0.9.11
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated a number of languages translation including new
	  indian languages and regenerated

	Revert "Refactor the libvirt RPM daemon pieces"
	This reverts commit 06a0d57f5a90e408a6280dc2f9db0badeeeb78ee.

2012-04-02  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Start nested job in qemuDomainCheckEjectableMedia
	Originally, qemuDomainCheckEjectableMedia was entering monitor with qemu
	driver lock. Commit 2067e31bf97667eab9f111b496f5e9a44e827c5b, which I
	made to fix that, revealed another issue we had (but didn't notice it
	since the driver was locked): we didn't set nested job when
	qemuDomainCheckEjectableMedia is called during migration. Thus the
	original fix I made was wrong.

2012-04-02  Philipp Hahn  <hahn@univention.de>

	Xen: Fix <clock> handling
	XenD-3.1 introduced managed domains. HV-domains have rtc_timeoffset
	(hgd24f37b31030 from 2007-04-03), which tracks the offset between the
	hypervisors clock and the domains RTC, and is persisted by XenD.
	In combination with localtime=1 this had a bug until XenD-3.4
	(hg5d701be7c37b from 2009-04-01) (I'm not 100% sure how that bug
	manifests, but at least for me in TZ=Europe/Berlin I see the previous
	offset relative to utc being applied to localtime again, which manifests
	in an extra hour being added)

	XenD implements the following variants for clock/@offset:
	- PV domains don't have a RTC → 'localtime' | 'utc'
	- <3.1: no managed domains → 'localtime' | 'utc'
	- ≥3.1: the offset is tracked for HV → 'variable'
	        due to the localtime=1 bug → 'localtime' | 'utc'
	- ≥3.4: the offset is tracked for HV → 'variable'

	Current libvirtd still thinks XenD only implements <clock offset='utc'/>
	and <clock offset='localtime'/>, which is wrong, since the semantic of
	'utc' and 'localtime' specifies, that the offset will be reset on
	domain-restart, while with 'variable' the offset is kept. (keeping the
	offset over "virsh edit" is important, since otherwise the clock might
	jump, which confuses certain guest OSs)

	xendConfigVersion was last incremented to 4 by the xen-folks for
	xen-3.1.0. I know of no way to reliably detect the version of XenD
	(user space tools), which may be different from the version of the
	hypervisor (kernel) version! Because of this only the change from
	'utc'/'localtime' to 'variable' in XenD-3.1 is handled, not the buggy
	behaviour of XenD-3.1 until XenD-3.4.

	For backward compatibility with previous versions of libvirt Xen-HV
	still accepts 'utc' and 'localtime', but they are returned as 'variable'
	on the next read-back from Xend to libvirt, since this is what XenD
	implements: The RTC is NOT reset back to the specified time on next
	restart, but the previous offset is kept.
	This behaviour can be turned off by adding the additional attribute
	adjustment='reset', in which case libvirt will report an error instead
	of doing the conversion. The attribute can also be used as a shortcut to
	offset='variable' with basis='...'.

	With these changes, it is also necessary to adjust the xen tests:

	"localtime = 0" is always inserted, because otherwise on updates the
	value is not changed within XenD.

	adjustment='reset' is inserted for all cases, since they're all <
	XEND_CONFIG_VERSION_3_1_0, only 3.1 introduced persistent
	rtc_timeoffset.

	Some statements change their order because code was moved around.

2012-04-02  Philipp Hahn  <hahn@univention.de>

	Support clock=variable relative to localtime
	Since Xen 3.1 the clock=variable semantic is supported. In addition to
	qemu/kvm Xen also knows about a variant where the offset is relative to
	'localtime' instead of 'utc'.

	Extends the libvirt structure with a flag 'basis' to specify, if the
	offset is relative to 'localtime' or 'utc'.

	Extends the libvirt structure with a flag 'reset' to force the reset
	behaviour of 'localtime' and 'utc'; this is needed for backward
	compatibility with previous versions of libvirt, since they report
	incorrect XML.

	Adapt the only user 'qemu' to the new name.
	Extend the RelaxNG schema accordingly.
	Document the new 'basis' attribute in the HTML documentation.
	Adapt test for the new attribute.

2012-04-02  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos and spacing in messages.

2012-04-02  Laine Stump  <laine@laine.org>

	qemu: fix memory leak in virDomainGetVcpus
	https://bugzilla.redhat.com/show_bug.cgi?id=808979

	The leak is really in virProcessInfoGetAffinity, as shown in the
	valgrind output given in the above bug report - it calls CPU_ALLOC(),
	but then fails to call CPU_FREE().

	This leak has existed in every version of libvirt since 0.7.5.

2012-03-31  Eric Blake  <eblake@redhat.com>

	conf: allow fuzz in XML with cur balloon > max
	Commit 1b1402b introduced a regression.  Since older libvirt versions
	would silently round memory up (until the previous patch), but populated
	current memory based on querying the guest, it was possible to have
	dumpxml show cur > max by the amount of the rounding.  For example, if
	a user requested 1048570 KiB memory (just shy of 1GiB), the qemu
	driver would actually run with 1048576 KiB, and libvirt 0.9.10 would
	output a current that was 6KiB larger than the maximum.  Situations
	where this could have an impact include, but are not limited to,
	migration from old to new libvirt, managedsave in old libvirt and
	start in new libvirt, snapshot creation in old libvirt and revert in
	new libvirt - without this patch, the new libvirt would reject the
	VM because of the rounding discrepancy.

	Fix things by adding a fuzz factor, and silently clamp current down to
	maximum in that case, rather than failing to reparse XML for an existing
	VM.  From a practical standpoint, this has no user impact: 'virsh
	dumpxml' will continue to query the running guest rather than rely on
	the incoming xml, which will see the currect current value, and even if
	clamping down occurs during parsing, it will be by at most the fuzz
	factor of a megabyte alignment, and rounded back up when passed back to
	the hypervisor.

	Meanwhile, we continue to reject cur > max if the difference is beyond
	the fuzz factor of nearest megabyte.  But this is not a real change in
	behavior, since with 0.9.10, even though the parser allowed it, later
	in the processing stream we would reject it at the qemu layer; so
	rejecting it in the parser just moves error detection to a nicer place.

	* src/conf/domain_conf.c (virDomainDefParseXML): Don't reject
	existing XML.
	Based on a report by Zhou Peng.

2012-03-31  Eric Blake  <eblake@redhat.com>

	qemu: reflect any memory rounding back to xml
	If we round up a user's memory request, we should update the XML
	to reflect the actual value in use by the VM, rather than giving
	an artificially small value back to the user.

	* src/qemu/qemu_command.c (qemuBuildNumaArgStr)
	(qemuBuildCommandLine): Reflect rounding back to XML.

2012-03-31  Eric Blake  <eblake@redhat.com>

	python: improve conversion validation
	Laszlo Ersek pointed out that in trying to convert a long to an
	unsigned int, we used:

	long long_val = ...;
	if ((unsigned int)long_val == long_val)

	According to C99 integer promotion rules, the if statement is
	equivalent to:

	(unsigned long)(unsigned int)long_val == (unsigned long)long_val

	since you get an unsigned comparison if at least one side is
	unsigned, using the largest rank of the two sides; but on 32-bit
	platforms, where unsigned long and unsigned int are the same size,
	this comparison is always true and ends up converting negative
	long_val into posigive unsigned int values, rather than rejecting
	the negative value as we had originally intended (python longs
	are unbounded size, and we don't want to do silent modulo
	arithmetic when converting to C code).

	Fix this by using direct comparisons, rather than casting.

	* python/typewrappers.c (libvirt_intUnwrap, libvirt_uintUnwrap)
	(libvirt_ulongUnwrap, libvirt_ulonglongUnwrap): Fix conversion
	checks.

2012-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix client only RPM build & other misc RPM problems
	* libvirt.spec.in: Remove obsolete --with-remote-pid-file arg.
	  Add missing %{without_libxl} statement. Fix handling of docs
	  in client only build. Put systemtap files in -client RPM
	  instead of -daemon RPM
	* examples/xml/nwfilter/Makefile.am: Don't install examples if
	  nwfilter is disabled.

2012-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the libvirt RPM daemon pieces
	There are a number of flaws with our packaging of the libvirtd
	daemon:

	 - Installing 'libvirt' does not install 'qemu-kvm' or 'xen'
	   etc which are required to actually run the hypervisor in
	   question
	 - Installing 'libvirt' pulls in the default configuration
	   files which may not be wanted & cause problems if installed
	   inside a guest
	 - It is not possible to explicitly required all the peices
	   required to manage a specific hypervisor

	This change takes the 'libvirt' RPM and and changes it thus

	 - libvirt: just a virtual package with dep on libvirt-daemon,
	   libvirt-daemon-config-network & libvirt-daemon-config-nwfilter
	 - libvirt-daemon: the libvirt daemon and related pieces
	 - libvirt-daemon-config-network: the default network config
	 - libvirt-daemon-config-nwfilter: the network filter configs
	 - libvirt-docs: the website HTML

	We then introduce some more virtual (empty) packages

	 - libvirt-daemon-qemu: Deps on libvirt-daemon & 'qemu'
	 - libvirt-daemon-kvm: Deps on libvirt-daemon & 'qemu-kvm'
	 - libvirt-daemon-lxc: Deps on libvirt-daemon
	 - libvirt-daemon-uml: Deps on libvirt-daemon
	 - libvirt-daemon-xen: Deps on libvirt-daemon & 'xen'

	 - libvirt-qemu: Deps on libvirt-daemon-qemu & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-kvm: Deps on libvirt-daemon-kvm & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-lxc: Deps on libvirt-daemon-lxc & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-uml: Deps on libvirt-daemon-uml & libvirt-daemon-config-{network,nwfilter}
	 - libvirt-xen: Deps on libvirt-daemon-xen & libvirt-daemon-config-network

	My intent in the future is to turn on the driver modules by
	default, at which time 'libvirt-daemon' will cease to include
	any specific drivers, instead we'll get libvirt-daemon-driver-XXXX
	packages for each driver. The libvirt-daemon-XXX packages will
	then pull in each driver that they require.

	It is recommended that applications required a locally installed
	libvirtd daemon, use either 'Requires: libvirt-daemon-XXXX' or
	'Requires: libvirt-XXX' and *not* "Requires: libvirt-daemon"
	or 'Requires: libvirt'

	* libvirt.spec.in: Refactor RPMs
	* docs/packaging.html.in, docs/sitemap.html.in: Document
	  new RPM split rationale

2012-03-31  Hendrik Schwartke  <hendrik@os-t.de>

	qemu: support live change of the bridge used by a guest network device
	This patch was created to resolve this upstream bug:

	  https://bugzilla.redhat.com/show_bug.cgi?id=784767

	and is at least a partial solution to this RHEL RFE:

	  https://bugzilla.redhat.com/show_bug.cgi?id=805071

	Previously the only attribute of a network device that could be
	modified by virUpdateDeviceFlags() ("virsh update-device") was the
	link state; attempts to change any other attribute would log an error
	and fail.

	This patch adds recognition of a change in bridge device name, and
	supports reconnecting the guest's interface to the new device.
	Standard audit logs for detaching and attaching a network device are
	also generated. Although the current auditing function doesn't log the
	bridge being attached to, this will later be changed in a separate
	patch.

2012-03-31  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	Regression introduced when we changed types in commit 3e2c3d8f6.

	We've done this sort of cleanup before (see commit c685993d7).

	* src/conf/storage_conf.c (virStoragePoolDefFormat)
	(virStorageVolTargetDefFormat): Cast gid_t and uid_t.

2012-03-30  Eric Blake  <eblake@redhat.com>

	build: fix mingw ssize_t, syntax check
	We are so close to a release that we don't want to pull in a
	gnulib submodule update and risk regressions, since there has
	been a lot of other gnulib churn upstream.  However, there are
	a couple of gnulib issues that are worth fixing in isolation,
	by applying local patches to gnulib.

	There was an upstream gnulib bug in maint.mk that rendered most
	of our syntax checks ineffective (and fixing it flushed out a
	minor bug in our code):
	https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00194.html

	There is still an upstream bug where gnulib uses the wrong type
	for ssize_t on mingw; we need the fix now even though it has not
	yet been accepted into gnulib:
	https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00188.html

	* gnulib/local/top/maint.mk.diff: Pick up upstream gnulib
	maint.mk.
	* gnulib/local/m4/ssize_t.m4.diff: Work around gnulib bug.
	* src/libvirt.c: Remove unused header.
	* cfg.mk
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF): Exempt
	gnulib local files.

2012-03-30  Laine Stump  <laine@laine.org>

	qemu: eliminate nested switch, simplify code
	qemuBuildHostNetStr had a switch-within-a-switch where both were
	looking at the same variable. This was apparently to take advantage of
	code common to three different cases (while also taking care of some
	code that was different). However, there were only 2 lines common to
	all, one of those can be eliminated by merging it into the
	virAsprintfs that are in each case. On top of that, all the extra
	empty cases cause Coverity complaints (because they are unreachable),
	but absence of the empty cases causes a compile error due to
	"enumeration value not handled in switch".

	The solution is to just make each toplevel case independent, folding
	in the common code to each.

2012-03-30  Laine Stump  <laine@laine.org>

	Revert "Set default name for SPICE agent channel"
	This patch reverts commit b0e2bb3. Its functionality has been replaced
	by commit 3269ee6.

2012-03-30  Laine Stump  <laine@laine.org>

	qemu: set default name for SPICE agent channel when generating command
	commit b0e2bb33 set a default value for the SPICE agent channel by
	inserting it during parsing of the channel XML. That method of setting
	a default is problematic because it makes a format/parse roundtrip
	unclean, and experience with setting other values as a side effect of
	parsing has led to headaches (e.g. automatically setting a MAC address
	in the parser when one isn't specified in the input XML).

	This patch does not revert commit b0e2bb33 (it will be reverted in a
	separate patch) but adds the alternate implementation of simply
	inserting the default value in the appropriate place on the qemu
	commandline when no value is provided.

2012-03-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu_agent: Issue guest-sync prior to every command
	If we issue guest command and GA is not running, the issuing thread
	will block endlessly. We can check for GA presence by issuing
	guest-sync with unique ID (timestamp). We don't want to issue real
	command as even if GA is not running, once it is started, it process
	all commands written to GA socket.

	virnetdevtap: Don't check for flags in virNetDevTapCreateFlags
	With latest gnulib we are checking even the lowest level functions
	whether they check flags. Moreover, we are shadowing the real error
	on system without TUNSETIFF support.

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in previous patch
	* src/remote/remote_driver.c: s/sizeof(ret)2/sizeof(ret2)/

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Consistent style for usage of sizeof operator
	The code is splattered with a mix of

	  sizeof foo
	  sizeof (foo)
	  sizeof(foo)

	Standardize on sizeof(foo) and add a syntax check rule to
	enforce it

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Disable build of commandhelper & ssh on Win32
	The commandhelper.c & ssh.c programs rely on various APIs not present
	on Win32. Disable them, since the tests that uses these helpers are
	already disabled

	* tests/commandhelper.c, tests/ssh.c: Disable on WIN32

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Don't redefine the CPU comparison constants in CPU test
	Defining an enum with names like "ERROR" causes  a world of
	hurt on Win32 whose headers have such symbol names already

	* tests/cputest.c: Remove redefinition of CPU constants

2012-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix some format specifiers for size_t vs ssize_t
	A handful of places used %zd for format specifiers even
	though the args was size_t, not ssize_t.

	* src/remote/remote_driver.c, src/util/xml.c: s/%zd/%zu/

2012-03-30  Alex Jia  <ajia@redhat.com>

	conf: Prevent crash of libvirtd without channel target name
	* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability): avoid
	  crashing libvirtd due to derefing a NULL pointer.

	For details, please see bug:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=808371

2012-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	fix a deadlock when qemu cannot start
	When qemu cannot start, we may call qemuProcessStop() twice.
	We have check whether the vm is running at the beginning of
	qemuProcessStop() to avoid libvirt deadlock. We call
	qemuProcessStop() with driver and vm locked. It seems that
	we can avoid libvirt deadlock. But unfortunately we may
	unlock driver and vm in the function qemuProcessKill() while
	vm->def->id is not -1. So qemuProcessStop() will be run twice,
	and monitor will be freed unexpectedly. So we should set
	vm->def->id to -1 at the beginning of qemuProcessStop().

2012-03-30  Eric Blake  <eblake@redhat.com>

	build: silence recent syntax check violations
	An upstream gnulib bug[1] meant that some of our syntax checks
	weren't being run.  Fix up our offenders before we upgrade to
	a newer gnulib.

	[1] https://lists.gnu.org/archive/html/bug-gnulib/2012-03/msg00194.html

	* src/util/virnetdevtap.c (virNetDevTapCreate): Use flags.
	* tests/lxcxml2xmltest.c (mymain): Strip useless ().

2012-03-30  Eric Blake  <eblake@redhat.com>

	build: avoid 'devname' for BSD
	Commit 21b5daa1 was the last time we cleaned this up.

	* tools/virt-host-validate-common.c (virHostValidateDevice):
	Rename local variable.

2012-03-29  Zhou Peng  <ailvpeng25@gmail.com>

	private.syms: Add virNetDevMacVLanRestartWithVPortProfile
	virNetDevMacVLanRestartWithVPortProfile is omitted in src/libvirt_private.syms,
	which causes link err.

2012-03-28  Christian Benvenuti  <benve@cisco.com>

	qemu: Make migration fail when port profile association fails on the dst host
	In the current V3 migration protocol, Libvirt does not
	check the result of the function

	  qemuMigrationVPAssociatePortProfiles

	This means that it is possible for a migration to complete
	successfully even when the VM loses network connectivity on
	the destination host.

	With this change libvirt aborts the migration
	(during the "finish" step) when the above function fails, that
	is to say when at least one of the port profile associations fails.

	Signed-off by: Christian Benvenuti <benve@cisco.com>

2012-03-28  Christophe Fergeau  <cfergeau@redhat.com>

	Set default name for SPICE agent channel
	libvirt documentation for channels with type 'spicevmc' says that the
	'target' child node has:
	"an optional attribute name controls how the guest will have access
	 to the channel, and defaults to name='com.redhat.spice.0'."

	However, this default value is never set in libvirt code base,
	there's only a check in qemu_command.c to error out if the name
	attribute doesn't have the expected value (if it's set).

	This commit sets a default target name for spicevmc channels during
	the domain configuration parsing so that the code agrees with the
	documentation.

2012-03-28  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leaks on failure path
	Leaks are introduced in commit 1cf0e3d and fe383bb.

	Fixing memory leaks, in addition, the patch also fixes a potential missing
	return value issue in 'if (from)' statement, without the fixing, although
	the programming met a error, the subsequent codes will be executed
	continually.

	* tools/virsh.c (cmdSnapshotList): fix memory leaks and missing return value.

	* How to reproduce?

	% virsh snapshot-list <domain> --parent --roots
	% virsh snapshot-list <domain> --parent --tree
	% virsh snapshot-list <domain> --roots --tree

	actual result:
	error: --parent and --roots are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

	error: --parent and --tree are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

	error: --roots and --tree are mutually exclusive
	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

	% virsh snapshot-create-as <domain> --name "hello"
	% virsh snapshot-create-as <domain> --name "libvirt"
	% virsh snapshot-list <domain> --roots --from "hello"

	actual result:
	error: --roots and --from are mutually exclusive
	 Name                 Creation Time             State
	------------------------------------------------------------
	 libvirt              2012-03-28 13:46:51 +0800 running

2012-03-28  Guannan Ren  <gren@redhat.com>

	python: make python APIs use these helper functions
	    *setPyVirTypedParameter
	    *libvirt_virDomainGetCPUStats

	python: Add new helper functions for python to C integral conversion
	    int libvirt_intUnwrap(PyObject *obj, int *val);
	    int libvirt_uintUnwrap(PyObject *obj, unsigned int *val);
	    int libvirt_longUnwrap(PyObject *obj, long *val);
	    int libvirt_ulongUnwrap(PyObject *obj, unsigned long *val);
	    int libvirt_longlongUnwrap(PyObject *obj, long long *val);
	    int libvirt_ulonglongUnwrap(PyObject *obj, unsigned long long *val);
	    int libvirt_doubleUnwrap(PyObject *obj, double *val);
	    int libvirt_boolUnwrap(PyObject *obj, bool *val);

2012-03-28  Eric Blake  <eblake@redhat.com>

	snapshot: fix virsh docs
	Commit d42a2ff forgot to touch up virsh documentation, and commit
	4e9953a mis-spelled the option name.

	* tools/virsh.pod (snapshot-create, snapshot-create-as): Fix typo
	and match recent change in flag meaning.

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Enable all warnings permanently & default to -Werror for GIT builds
	Given that we auto-detect whether each -Wxxxx flag is supported by
	GCC, and we are warning-free and use automake silent rules, there
	is no compelling reason to allow compile warnings to be disabled.

	Replace the --enable-compile-warnings flag with a simpler
	--enable-werror flag, which defaults to 'yes' if building
	from GIT, or 'no' if building from tar.gz

	This helps ensure that everyone writing patches for libvirt will
	take care to fix their warning problems before submitting for
	review

	* autobuild.sh: Force -Werror
	* configure.ac: Update for LIBVIRT_COMPILE_WARNINGS macro change
	* m4/virt-compile-warnings.m4: Permanently enable all warnings,
	  auto-enable Werror for GIT builds

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Enable build of test suite programs by default for GIT checkouts
	Add a new flag '--with-test-suite' to configure to control whether
	the test suite binaries are built by default. ie built with a
	plain 'make', as opposed to delayed until 'make check'

	For builds from tar.gz tests will not be built by default. For
	builds from GIT, tests with be on by default, to try and ensure
	that patch developers don't accidentally break the test suites
	without noticing.

	* configure.ac: Add --with-test-suite
	* tests/Makefile.am: Use noinst_PROGRAMS instead of check_PROGRAMS
	  if building tests by default. Consolidate setting of TESTS and
	  {noinst,check}_PROGRAMS to avoid duplication

2012-03-27  Stef Walter  <stefw@gnome.org>

	Change the default of mdns_adv to false
	 * Don't advertise information on the network without consent of
	   the user, either through manual configuration, or a user
	   interface that drives this option.
	 * Since libvirtd must be configured for network access anyway
	   (for all but ssh), this setting was not useful "out of the box",
	   so changing this default setting does not remove "out of the box"
	   functionality.

2012-03-27  Eric Blake  <eblake@redhat.com>

	snapshot: don't pass NULL to QMP command creation
	Commit d42a2ff caused a regression in creating a disk-only snapshot
	of a qcow2 disk; by passing the wrong variable to the monitor call,
	libvirt ended up creating JSON that looked like "format":null instead
	of the intended "format":"qcow2".

	To make it easier to diagnose this in the future, make JSON creation
	error out if "s:arg" is paired with NULL (it is still possible to
	use "n:arg" in the rare cases where qemu will accept a null).

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Pass correct value.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommandRaw):
	Improve error message.

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Add LXC XML files to schema test & fix problems this uncovers
	* docs/schemas/domaincommon.rng: Add missing lxc & openvz
	  console target types. Allow arch on LXC <os> type element
	* tests/domainschematest: Include tests/lxcxml2xmldata/

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Add support for setting init argv for LXC
	Pass argv to the init binary of LXC, using a new <initarg> element.

	* docs/formatdomain.html.in: Document <os> usage for containers
	* docs/schemas/domaincommon.rng: Add <initarg> element
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and
	  formatting of <initarg>
	* src/lxc/lxc_container.c: Setup LXC argv
	* tests/Makefile.am, tests/lxcxml2xmldata/lxc-systemd.xml,
	  tests/lxcxml2xmltest.c, tests/testutilslxc.c,
	  tests/testutilslxc.h: Test parsing/formatting of LXC related
	  XML parts

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Detect location fo selinux mount point
	The SELinux mount point moved from /selinux to /sys/fs/selinux
	when systemd came along.

	* configure.ac: Probe for SELinux mount point
	* src/lxc/lxc_container.c: Use SELinux mount point determined
	  by configure.ac

2012-03-27  Daniel P. Berrange  <berrange@redhat.com>

	Expand docs for timer tick policy

2012-03-27  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	qemu,util: on restart of libvirt restart vepa callbacks
	When libvirtd is restarted, also restart the netlink event
	message callbacks for existing VEPA connections and send
	a message to lldpad for these existing links, so it learns
	the new libvirtd pid.

2012-03-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid entering monitor with locked driver
	This avoids possible deadlock of the qemu driver in case a domain is
	begin migrated (in Begin phase) and unrelated connection to qemu driver
	is closed at the right time.

	I checked all callers of qemuDomainCheckEjectableMedia() and they are
	calling this function with qemu driver locked.

2012-03-26  Laine Stump  <laine@laine.org>

	build: fix "missing initializer" error in qemu_process.c
	Found when attempting to build on Fedora 17 alpha with:

	   ./autogen.sh --system --enable-compile-warnings=error

	(this same build command works without problem on Fedora 16). Since
	the consumer of the qemuProcessReconnectData doesn't assume that the
	other fields of the struct are initialized (although it uses them
	internally), the simpler solution is to just switch to C99-style
	struct initialization (which doesn't require specification of all
	fields).

2012-03-26  Laine Stump  <laine@laine.org>

	build: fix "missing initializer" errors in virsh.c
	Found when attempting to build on Fedora 17 alpha with:

	   ./autogen.sh --system --enable-compile-warnings=error

	(this same build command works without problem on Fedora 16). All
	other struct initializers for this struct have the extra field filled
	in (almost always to 0), so the two errant ones were fixed by adding
	in the extra 0 field.

2012-03-26  Laine Stump  <laine@laine.org>

	build: avoid frame size error when building without -O2
	libvirt always adds -Werror-frame-larger-than=4096 to the flags when
	it builds. When building on Fedora 17, two functions with multiple
	1024 buffers declared inside if {} blocks would generate frame size
	errors; apparently the version of gcc on Fedora 16 will merge these
	multiple buffers into a single buffer even when optimization is off,
	but Fedora 17 won't.

	The fix is to declare a single 1024 buffer at the top of the two
	offending functions, and reuse the single buffer throughout the
	functions.

2012-03-26  Martin Kletzander  <mkletzan@redhat.com>

	Added syntax-check rule for return with parentheses
	After cleanup introduced with previous commit, there is a need for
	syntax-check rule taking care of return(). Regexp used in 'prohibit'
	parameter is taken from the cleanup commit and modified so it fits
	'grep -E' format. Semicolon at the end is needed, otherwise the regexp
	could match return with cast.

	Exception is created for python source files because we don't have any
	documentation restricting the use of return that matches this case.

2012-03-26  Martin Kletzander  <mkletzan@redhat.com>

	Cleanup for a return statement in source files
	Return statements with parameter enclosed in parentheses were modified
	and parentheses were removed. The whole change was scripted, here is how:

	List of files was obtained using this command:
	git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
	grep -e '\.[ch]$' -e '\.py$'

	Found files were modified with this command:
	sed -i -e                                                                 \
	's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
	-e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'

	Then checked for nonsense.

	The whole command looks like this:
	git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
	grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e                            \
	's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
	-e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'

2012-03-26  Eric Blake  <eblake@redhat.com>

	Fix and test round-trip of query parameters
	When qparams support was dropped in commit bc1ff160, we forgot
	to add tests to ensure that viruri can do the same round trip
	handling of a URI. This round trip was broken, due to use
	of the old 'query' field of xmlUriPtr, instead of the new
	'query_raw'

	Also, we forgot to report an OOM error.

	* tests/viruritest.c (mymain): Add tests based on just-deleted
	qparamtest.
	(testURIParse): Allow difference in input and expected output.
	* src/util/viruri.c (virURIFormat): Add missing error. Use
	  query_raw, instead of query for xmlUriPtr object.

2012-03-24  Osier Yang  <jyang@redhat.com>

	spec: Add missed dependancy for numad
	numad is available since Fedora 17 and RHEL6.X. And it's not supported
	on s390[x] and ARM.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: improve qemu handling of reused snapshot targets
	The oVirt developers have stated that the real reasons they want
	to have qemu reuse existing volumes when creating a snapshot are:
	1. the management framework is set up so that creation has to be
	done from a central node for proper resource tracking, and having
	libvirt and/or qemu create things violates the framework, and
	2. qemu defaults to creating snapshots with an absolute path to
	the backing file, but oVirt wants to manage a backing chain that
	uses just relative names, to allow for easier migration of a chain
	across storage locations.

	When 0.9.10 added VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT (commit
	4e9953a4), it only addressed point 1, but libvirt was still using
	O_TRUNC which violates point 2.  Meanwhile, the new qemu
	'transaction' monitor command includes a new optional mode argument
	that will force qemu to reuse the metadata of the file it just
	opened (with the burden on the caller to have valid metadata there
	in the first place).  So, this tweaks the meaning of the flag to
	cover both points as intended for use by oVirt.  It is not strictly
	backward-compatible to 0.9.10 behavior, but it can be argued that
	the O_TRUNC of 0.9.10 was a bug.

	Note that this flag is all-or-nothing, and only selects between
	'existing' and the default 'absolute-paths'.  A more flexible
	approach that would allow per-disk selections, as well as adding
	support for the 'no-backing-file' mode, would be possible by
	extending the <domainsnapshot> xml to have a per-disk mode, but
	until we have a management application expressing a need for that
	additional complexity, it is not worth doing.

	* src/libvirt.c (virDomainSnapshotCreateXML): Tweak documentation.
	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): Add
	parameters.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): Pass them
	through.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot): Use
	new monitor command arguments.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Adjust callers.
	(qemuDomainSnapshotDiskPrepare): Allow qed, modify rules on reuse.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: wire up qemu transaction command
	The hardest part about adding transactions is not using the new
	monitor command, but undoing the partial changes we made prior
	to a failed transaction.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive): Use
	transaction when available.
	(qemuDomainSnapshotUndoSingleDiskActive): New function.
	(qemuDomainSnapshotCreateSingleDiskActive): Pass through actions.
	(qemuDomainSnapshotCreateXML): Adjust caller.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: add support for qemu transaction command
	QEmu 1.1 is adding a 'transaction' command to the JSON monitor.
	Each element of a transaction corresponds to a top-level command,
	with the additional guarantee that the transaction flushes all
	pending I/O, then guarantees that all actions will be successful
	as a group or that failure will roll back the state to what it
	was before the monitor command.  The difference between a
	top-level command:

	{ "execute": "blockdev-snapshot-sync", "arguments":
	  { "device": "virtio0", ... } }

	and a transaction:

	{ "execute": "transaction", "arguments":
	  { "actions": [
	    { "type": "blockdev-snapshot-sync", "data":
	      { "device": "virtio0", ... } } ] } }

	is just a couple of changed key names and nesting the shorter
	command inside a JSON array to the longer command.  This patch
	just adds the framework; the next patch will actually use a
	transaction.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMakeCommand): Move
	guts...
	(qemuMonitorJSONMakeCommandRaw): ...into new helper.  Add support
	for array element.
	(qemuMonitorJSONTransaction): New command.
	(qemuMonitorJSONDiskSnapshot): Support use in a transaction.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot): Add
	argument.
	(qemuMonitorJSONTransaction): New declaration.
	* src/qemu/qemu_monitor.h (qemuMonitorTransaction): Likewise.
	(qemuMonitorDiskSnapshot): Add argument.
	* src/qemu/qemu_monitor.c (qemuMonitorTransaction): New wrapper.
	(qemuMonitorDiskSnapshot): Pass argument on.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Update caller.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: rudimentary qemu support for atomic disk snapshot
	Taking an external snapshot of just one disk is atomic, without having
	to pause and resume the VM.  This also paves the way for later patches
	to interact with the new qemu 'transaction' monitor command.

	The various scenarios when requesting atomic are:
	online, 1 disk, old qemu - safe, allowed by this patch
	online, more than 1 disk, old qemu - failure, this patch
	offline snapshot - safe, once a future patch implements offline disk snapshot
	online, 1 or more disks, new qemu - safe, once future patch uses transaction

	Taking an online system checkpoint snapshot is atomic, since it is
	done via a single 'savevm' monitor command.  Taking an offline system
	checkpoint snapshot is atomic, thanks to the previous patch.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag for single-disk setups.
	(qemuDomainSnapshotDiskPrepare): Check for atomic here.
	(qemuDomainSnapshotCreateDiskActive): Skip pausing the VM when
	atomic supported.
	(qemuDomainSnapshotIsAllowed): Use bool instead of int.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: make offline qemu snapshots atomic
	Offline internal snapshots can be rolled back with just a little
	bit of refactoring, meaning that we are now automatically atomic.

	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Move
	guts...
	(qemuDomainSnapshotForEachQcow2Raw): ...to new helper, to allow
	rollbacks.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: add atomic create flag
	Right now, it is appallingly easy to cause qemu disk snapshots
	to alter a domain then fail; for example, by requesting a two-disk
	snapshot where the second disk name resides on read-only storage.
	In this failure scenario, libvirt reports failure, but modifies
	the live domain XML in-place to record that the first disk snapshot
	was taken; and places a difficult burden on the management app
	to grab the XML and reparse it to see which disks, if any, were
	altered by the partial snapshot.

	This patch adds a new flag where implementations can request that
	the hypervisor make snapshots atomically; either no changes to
	XML occur, or all disks were altered as a group.  If you request
	the flag, you either get outright failure up front, or you take
	advantage of hypervisor abilities to make an atomic snapshot. Of
	course, drivers should prefer the atomic means even without the
	flag explicitly requested.

	There's no way to make snapshots 100% bulletproof - even if the
	hypervisor does it perfectly atomic, we could run out of memory
	during the followup tasks of updating our in-memory XML, and report
	a failure.  However, these sorts of catastrophic failures are rare
	and unlikely, and it is still nicer to know that either all
	snapshots happened or none of them, as that is an easier state to
	recover from.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_ATOMIC): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Expose it.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

2012-03-23  Eric Blake  <eblake@redhat.com>

	snapshot: add qemu capability for 'transaction' command
	We need a capability bit to gracefully error out if some of the
	additions in future patches can't be implemented by the running qemu.

	* src/qemu/qemu_capabilities.h (QEMU_CAPS_TRANSACTION): New cap.
	* src/qemu/qemu_capabilities.c (qemuCaps): Name it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONCheckCommands): Set
	it.

2012-03-23  Eric Blake  <eblake@redhat.com>

	build: drop obsolete qparams test
	Otherwise, 'make check' breaks since commit bc1ff160 deleted
	qparams.h.  A later patch will ensure that viruri takes over
	what qparams used to do.

	* tests/qparamtest.c (mymain): Delete, now that we have viruri.
	* tests/Makefile.am (check_PROGRAMS, TESTS, qparamtest_SOURCES):
	Delete old test.
	* .gitignore: Add recent test additions.

2012-03-23  Eric Blake  <eblake@redhat.com>

	build: fix incorrect enum declaration
	Recent changes have caused build failures on systems where pdwtags works:
	commit a26a196 mistakenly exported a public variable
	commits a26a196, 57ddcc2, 487c063 all had copy-paste bugs in
	hand-updating the golden API rather than rerunning pdwtags

	* include/libvirt/libvirt.h.in (virDomainEventTrayChangeReason):
	Make this a typedef, not external storage.
	* src/remote_protocol-structs (remote_procedure): Fix spelling.

2012-03-23  Li Zhang  <zhlcindy@linux.vnet.ibm.com>

	Add qemu support for ppc64 on FC16 or above for rpm packaging
	On Fedora16 or above, qemu is supported now. So it is added
	in rpm packaging.

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo s/virURIFormatQuery/virURIFormatParams/

2012-03-23  Osier Yang  <jyang@redhat.com>

	qemu: Update domain status to running while wakeup event is emitted
	This introduces a new running reason VIR_DOMAIN_RUNNING_WAKEUP,
	and new suspend event type VIR_DOMAIN_EVENT_STARTED_WAKEUP.

	While a wakeup event is emitted, the domain which entered into
	VIR_DOMAIN_PMSUSPENDED will be transferred to "running"
	with reason VIR_DOMAIN_RUNNING_WAKEUP, and a new domain lifecycle
	event emitted with type VIR_DOMAIN_EVENT_STARTED_WAKEUP.

2012-03-23  Osier Yang  <jyang@redhat.com>

	qemu: Update domain state to pmsuspended while suspend event occurs

	New domain state pmsuspended
	This introduces a new domain state pmsuspended to represent
	the domain which has been suspended by guest power management,
	e.g. (entered itno s3 state). Because a "running" state could
	be confused in this case, one will see the guest is paused
	actually while playing. And state "paused" is for the domain
	which was paused by virDomainSuspend.

2012-03-23  Osier Yang  <jyang@redhat.com>

	Add support for the suspend event
	This patch introduces a new event type for the QMP event
	SUSPEND:

	    VIR_DOMAIN_EVENT_ID_PMSUSPEND

	The event doesn't take any data, but considering there might
	be reason for wakeup in future, the callback definition is:

	typedef void
	(*virConnectDomainEventSuspendCallback)(virConnectPtr conn,
	                                        virDomainPtr dom,
	                                        int reason,
	                                        void *opaque);

	"reason" is unused currently, always passes "0".

2012-03-23  Osier Yang  <jyang@redhat.com>

	Add support for the wakeup event
	This patch introduces a new event type for the QMP event
	WAKEUP:

	    VIR_DOMAIN_EVENT_ID_PMWAKEUP

	The event doesn't take any data, but considering there might
	be reason for wakeup in future, the callback definition is:

	typedef void
	(*virConnectDomainEventWakeupCallback)(virConnectPtr conn,
	                                       virDomainPtr dom,
	                                       int reason,
	                                       void *opaque);

	"reason" is unused currently, always passes "0".

2012-03-23  Osier Yang  <jyang@redhat.com>

	qemu: Update tray status while tray moved event is emitted
	With this patch, libvirt won't start the guest with the medium
	source which already ejected by guest when doing migration, or
	saving/restoring.

	qemu: Prohibit setting tray status as open for block type disk

2012-03-23  Osier Yang  <jyang@redhat.com>

	qemu: Do not start with source for removable disks if tray is open
	This is similiar with physical world, one will be surprised if the
	box starts with medium exists while the tray is open.

	New tests are added, tests disk-{cdrom,floppy}-tray are for the qemu
	supports "-device" flag, and disk-{cdrom,floppy}-no-device-cap are
	for old qemu, i.e. which doesn't support "-device" flag.

2012-03-23  Osier Yang  <jyang@redhat.com>

	conf: Parse and for the tray attribute
	The "tray" is only allowed for removable disks, i.e. CDROM and
	Floppy disks.

2012-03-23  Osier Yang  <jyang@redhat.com>

	docs: Add documentation for new attribute tray of disk target
	Example XML:

	    <disk type='file' device='cdrom'>
	      <driver name='qemu' type='raw'/>
	      <source file='/tmp/cdrom.img'/>
	      <target dev='hdd' bus='ide' tray='open'/>
	    </disk>

2012-03-23  Osier Yang  <jyang@redhat.com>

	Add support for event tray moved of removable disks
	This patch introduces a new event type for the QMP event
	DEVICE_TRAY_MOVED, which occurs when the tray of a removable
	disk is moved (i.e opened or closed):

	    VIR_DOMAIN_EVENT_ID_TRAY_CHANGE

	The event's data includes the device alias and the reason
	for tray status' changing, which indicates why the tray
	status was changed. Thus the callback definition for the event
	is:

	enum {
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_OPEN = 0,
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_CLOSE,

	\#ifdef VIR_ENUM_SENTINELS
	    VIR_DOMAIN_EVENT_TRAY_CHANGE_LAST
	\#endif
	} virDomainEventTrayChangeReason;

	typedef void
	(*virConnectDomainEventTrayChangeCallback)(virConnectPtr conn,
	                                           virDomainPtr dom,
	                                           const char *devAlias,
	                                           int reason,
	                                           void *opaque);

2012-03-23  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Implement sysinfo on PowerPC.
	Libvirt on x86 parses 'dmidecode' to gather characteristics of host
	system. On PowerPC, this is now implemented by reading /proc/cpuinfo
	NOTE: memory-DIMM information is not presently implemented.

	Acked-by: Daniel Veillard <veillard@redhat.com>
	Acked-by: Daniel P Berrange <berrange@redhat.com>

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Lookup auth credentials in config file before prompting
	When SASL requests auth credentials, try to look them up in the
	config file first. If any are found, remove them from the list
	that the user is prompted for

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Refactor code prompting for SASL credentials
	SASL may prompt for credentials after either a 'start' or 'step'
	invocation. In both cases the code to handle this is the same.
	Refactor this code into a separate method to reduce the duplication,
	since the complexity is about to grow

	* src/remote/remote_driver.c: Refactor interaction with SASL

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Add helper API for finding auth file path
	* src/util/virauth.c, src/util/virauth.h: Add virAuthGetConfigFilePath
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_AUTH error domain

	Rename virRequest{Username,Password} to virAuthGet{Username,Password}
	Ensure that the functions in virauth.h have names matching the file
	prefix, by renaming  virRequest{Username,Password} to
	virAuthGet{Username,Password}

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Rename src/util/authhelper.[ch] to src/util/virauth.[ch]
	To follow latest naming conventions, rename src/util/authhelper.[ch]
	to src/util/virauth.[ch].

	* src/util/authhelper.[ch]: Rename to src/util/virauth.[ch]
	* src/esx/esx_driver.c, src/hyperv/hyperv_driver.c,
	  src/phyp/phyp_driver.c, src/xenapi/xenapi_driver.c: Update
	  for renamed include files

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Add a virKeyfilePtr object for parsing '.ini' files
	The '.ini' file format is a useful alternative to the existing
	config file style, when you need to have config files which
	are hashes of hashes. The 'virKeyFilePtr' object provides a
	way to parse these file types.

	* src/Makefile.am, src/util/virkeyfile.c,
	  src/util/virkeyfile.h: Add .ini file parser
	* tests/Makefile.am, tests/virkeyfiletest.c: Test
	  basic parsing capabilities

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Convert drivers over to use virURIPtr for query params
	Convert drivers currently using the qparams APIs, to instead
	use the virURIPtr query parameters directly.

	* src/esx/esx_util.c, src/hyperv/hyperv_util.c,
	  src/remote/remote_driver.c, src/xenapi/xenapi_utils.c: Remove
	  use of qparams
	* src/util/qparams.h, src/util/qparams.c: Delete
	* src/Makefile.am, src/libvirt_private.syms: Remove qparams

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Store parsed query parameters directly in the virURIPtr struct
	Avoid the need for each driver to parse query parameters itself
	by storing them directly in the virURIPtr struct. The parsing
	code is a copy of that from src/util/qparams.c  The latter will
	be removed in a later patch

	* src/util/viruri.h: Add query params to virURIPtr
	* src/util/viruri.c: Parse query parameters when creating virURIPtr
	* tests/viruritest.c: Expand test to cover params

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Use a libvirt custom struct for virURIPtr
	Instead of just typedef'ing the xmlURIPtr struct for virURIPtr,
	use a custom libvirt struct. This allows us to fix various
	problems with libxml2. This initially just fixes the query vs
	query_raw handling problems.

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Centralize error reporting for URI parsing/formatting problems
	Move error reporting out of the callers, into virURIParse
	and virURIFormat, to get consistency.

	* include/libvirt/virterror.h, src/util/virterror.c: Add VIR_FROM_URI
	* src/util/viruri.c, src/util/viruri.h: Add error reporting
	* src/esx/esx_driver.c, src/libvirt.c, src/libxl/libxl_driver.c,
	  src/lxc/lxc_driver.c, src/openvz/openvz_driver.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/remote/remote_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/vmx/vmx.c, src/xen/xen_driver.c,
	  src/xen/xend_internal.c, tests/viruritest.c: Remove error
	  reporting

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	s/xmlURIPtr/virURIPtr/ in virURIFormat impl
	The parameter in the virURIFormat impl mistakenly used the
	xmlURIPtr type, instead of virURIPtr. Since they will soon
	cease to be identical, this needs fixing

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Use virURIFree instead of xmlFreeURI
	Since we defined a custom virURIPtr type, we should use a
	virURIFree method instead of assuming it will always be
	a typedef for xmlURIPtr

	* src/util/viruri.c, src/util/viruri.h, src/libvirt_private.syms:
	  Add a virURIFree method
	* src/datatypes.c, src/esx/esx_driver.c, src/libvirt.c,
	  src/qemu/qemu_migration.c, src/vmx/vmx.c, src/xen/xend_internal.c,
	  tests/viruritest.c: s/xmlFreeURI/virURIFree/

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for virURIPtr classs
	To ensure we properly escape & unescape IPv6 numeric addresses,
	add a test case

	* tests/Makefile.am, tests/viruritest.c: URI parsing test

2012-03-23  Daniel P. Berrange  <berrange@redhat.com>

	Leave all child processes running when stopping systemd service
	Currently the libvirt.service unit file for systemd does not
	specify any kill mode. So systemd kills off every process
	inside its cgroup. ie all dnsmasq processes, all virtual
	machines. This obviously not what we want. Set KillMode=process
	so that it only kills the top level process of libvirtd

	* daemon/libvirtd.service.in: Add KillMode=process

	Reported-By: Mark McLoughlin <markmc@redhat.com>

2012-03-23  Dave Allan  <dallan@redhat.com>

	Clarify virsh freecell manpage entry

2012-03-23  Zhou Peng  <ailvpeng25@gmail.com>

	docs: fix typo
	Bogus <code/>, and incorrect use of it's instead of its.

2012-03-22  Dave Allan  <dallan@redhat.com>

	Clarify what documentation is being referenced
	virsh.pod had several instances in which it referred to "the
	documentation" which was a little puzzling to me since it is
	documentation.  Reading the document from end to end makes it clear
	that it means a specific URI which was noted previously in the text,
	but I had never noticed those URIs in several years of referring to
	the man page.  This patch adds those URIs to several additional places
	in the text.

2012-03-22  Guannan Ren  <gren@redhat.com>

	python: add virDomainGetCPUStats python binding API
	    dom.getCPUStats(True, 0)
	      [{'cpu_time': 24699446159L, 'system_time': 10870000000L, 'user_time': 950000000L}]
	    dom.getCPUStats(False, 0)
	      [{'cpu_time': 8535292289L}, {'cpu_time': 1005395355L}, {'cpu_time': 9351766377L}, {'cpu_time': 5813545649L}]

	    *generator.py Add a new naming rule
	    *libvirt-override-api.xml The API function description
	    *libvirt-override.c Implement it.

2012-03-22  Alex Jia  <ajia@redhat.com>

	python: Avoid memory leaks on libvirt_virNodeGetCPUStats
	Detected by valgrind. Leaks are introduced in commit 4955602.

	* python/libvirt-override.c (libvirt_virNodeGetCPUStats): fix memory leaks
	and improve codes return value.

	For details, please see the following link:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770943

2012-03-21  Eric Blake  <eblake@redhat.com>

	build: drop a painfully long gnulib test
	On machines with massive amounts of CPUs, the gnulib 'test-lock'
	could take minutes, or even appear to deadlock, because of poor
	scaling of timing interactions between multiple cores.

	See https://bugzilla.redhat.com/show_bug.cgi?id=797284.
	For precedence, note that iwhd has done the same:
	https://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00311.html

	We can re-enable things if gnulib ever analyzes and improves the
	situation.

	* bootstrap.conf (gnulib_tool_option_extras): Avoid lock-tests.

2012-03-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid dangling migration-out job when client dies
	When a client which started non-p2p migration dies in a bad time, the
	source libvirtd never clears the migration job and almost nothing can be
	done with the domain without restarting the daemon. This patch makes use
	of connection close callbacks and ensures that migration job is properly
	discarded when the client disconnects.

	qemu: Make autodestroy utilize connection close callbacks

	qemu: Add connection close callbacks
	Add support for registering arbitrary callback to be called for a domain
	when a connection gets closed.

	qemu: Avoid dangling migration-in job on shutoff domains
	Destination daemon should not rely on the client or source daemon
	(depending on the type of migration) to call Finish when migration
	fails, because the client may crash before it can do so. The domain
	prepared for incoming migration is set to be destroyed (and migration
	job cleaned up) when connection with the client closes but this is not
	enough. If the associated qemu process crashes after Prepare step and
	the domain is cleaned up before the connection gets closed, autodestroy
	is not called for the domain and migration jobs remains set. In case the
	domain is defined on destination host (i.e., it is not completely
	removed once destroyed) we keep the job set for ever. To fix this, we
	register a cleanup callback which is responsible to clean migration-in
	job when a domain dies anywhere between Prepare and Finish steps. Note
	that we can't blindly clean any job when spotting EOF on monitor since
	normally an API is running at that time.

	qemu: Add support for domain cleanup callbacks
	Add support for registering cleanup callbacks to be run when a domain
	transitions to shutoff state.

2012-03-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use unlimited speed when migrating to file
	This reverts commit 61f2b6ba5fdef0613d6351b99913b5ef468144ce and most of
	commit d8916dc8e2f612ab3ce46f32c4bfeb0bd73f6007, which effectively
	brings back commit ef1065cf5acad13767c054758cbe7f4e8af5d241 written by
	Jim Fehlig:

	The qemu migration speed default is 32MiB/s as defined in migration.c

	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);

	There's no need to throttle migration when targeting a file, so set
	migration speed to unlimited prior to migration, and restore to libvirt
	default value after migration.

	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.

	This was reverted because migration to file could not be canceled and
	even monitored since qemu was not processing any monitor commands until
	the migration finished. This is now different as we make sure the
	file descriptor we pass to qemu is able to properly report EAGAIN.
	Recent qemu changes might have helped as well.

	I tested managedsave with this patch in and indeed, it is 10x faster
	while I can still monitor its progress.

2012-03-21  Alex Jia  <ajia@redhat.com>

	python: Avoid memory leaks on libvirt_virNodeGetMemoryStats
	Detected by valgrind. Leaks are introduced in commit 17c7795.

	* python/libvirt-override.c (libvirt_virNodeGetMemoryStats): fix memory leaks
	and improve codes return value.

	For details, please see the following link:
	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770944

2012-03-20  Eric Blake  <eblake@redhat.com>

	python: always include config.h first
	On RHEL 5.7, I got this compilation failure:

	In file included from /usr/include/python2.4/pyport.h:98,
	                 from /usr/include/python2.4/Python.h:55,
	                 from libvirt.c:3:
	../gnulib/lib/time.h:468: error: expected ';', ',' or ')' before '__timer'

	Turns out that our '#define restrict __restrict' from config.h wasn't
	being picked up.  Gnulib _requires_ that all .c files include <config.h>
	first, otherwise the gnulib header overrides tend to misbehave.

	Problem introduced by patch c700613b8.

	* python/generator.py (buildStubs): Include <config.h> first.

2012-03-20  Martin Kletzander  <mkletzan@redhat.com>

	Minor docs fix
	End tag for "host" element was missing in example configuration

2012-03-20  Laine Stump  <laine@laine.org>

	conf: forbid use of multicast mac addresses
	A few times libvirt users manually setting mac addresses have
	complained of a networking failure that ends up being due to a multicast
	mac address being used for a guest interface. This patch prevents that
	by logging an error and failing if a multicast mac address is
	encountered in each of the three following cases:

	1) domain xml <interface> mac address.
	2) network xml bridge mac address.
	3) network xml dhcp/host mac address.

	There are several other places where a mac address can be input that
	aren't controlled in this manner because failure to do so has no
	consequences (e.g., if the address will be used to search through
	existing interfaces for a match).

	The RNG has been updated to add multiMacAddr and uniMacAddr along with
	the existing macAddr, and macAddr was switched to uniMacAddr where
	appropriate.

2012-03-20  Laine Stump  <laine@laine.org>

	conf: return immediately on error in dhcp host element
	If an error was encountered parsing a dhcp host entry mac address or
	name, parsing would continue and log a less descriptive error that
	might make it more difficult to notice the true nature of the problem.

	This patch returns immediately on logging the first error.

2012-03-20  Laine Stump  <laine@laine.org>

	util: fail attempts to use same mac address for guest and tap
	This patch is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=798467

	If a guest's tap device is created using the same MAC address the
	guest uses for its own network card (which connects to the tap
	device), the Linux kernel will log the following message and traffic
	will not pass:

	 kernel: vnet9: received packet with own address as source address

	This patch disallows MAC addresses with a first byte of 0xFE, but only in
	the case that the MAC address is used for a guest interface that's
	connected by way of a standard tap device. (In other words, the
	validation is done at runtime at the same place the MAC address is
	modified for the tap device, rather than when mac address is parsed,
	the idea being that it is then we know for sure the address will be
	problematic.)

2012-03-19  Martin Kletzander  <mkletzan@redhat.com>

	Cpu mapping cleanup
	Using inheritance, this patch cleans up the cpu_map.xml file and also
	sorts all CPU features according to the feature and registry
	values. Model features are sorted the same way as foeatures in the
	specification.
	Also few models that are related were organized together and parts of
	the XML are marked with comments

2012-03-19  Eric Blake  <eblake@redhat.com>

	snapshot: make quiesce a bit safer
	If a guest is paused, we were silently ignoring the quiesce flag,
	which results in unclean snapshots, contrary to the intent of the
	flag.  Since we can't quiesce without guest agent support, we should
	instead fail if the guest is not running.

	Meanwhile, if we attempt a quiesce command, but the guest agent
	doesn't respond, and we time out, we may have left the command
	pending on the guest's queue, and when the guest resumes parsing
	commands, it will freeze even though our command is no longer
	around to issue a thaw.  To be safe, we must _always_ pair every
	quiesce call with a counterpart thaw, even if the quiesce call
	failed due to a timeout, so that if a guest wakes up and starts
	processing a command backlog, it will not get stuck in a frozen
	state.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive):
	Always issue thaw after a quiesce, even if quiesce failed.
	(qemuDomainSnapshotFSThaw): Add a parameter.

2012-03-19  Martin Kletzander  <mkletzan@redhat.com>

	virConfGetValue: Fixed NULL pointer check
	This patch fixes a NULL pointer check that was causing SegFault on
	some specific configurations. It also reverts commit 59d0c9801c1ab
	that was checking for this value in one place.

2012-03-17  Eric Blake  <eblake@redhat.com>

	virsh: trim aliases from -h output
	Commit af3f9aab taught 'virsh help' to ignore command aliases,
	but forgot 'virsh -h'.

	* tools/virsh.c (vshUsage): Handle aliases.

2012-03-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of blkio deviceWeight empty string
	A common coding pattern for changing blkio parameters is

	  1. virDomainGetBlkioParameters

	  2. change one or more params

	  3. virDomainSetBlkioParameters

	For this to work, it must be possible to roundtrip through
	the methods without error. Unfortunately virDomainGetBlkioParameters
	will return "" for the deviceWeight parameter for guests by default,
	which virDomainSetBlkioParameters will then reject as invalid.

	This fixes the handling of "" to be a no-op, and also improves the
	error message to tell you what was invalid

2012-03-16  Osier Yang  <jyang@redhat.com>

	remote: Fix migration leaks
	How to reproduce:

	% valgrind -v --leak-check=full virsh migrate mig \
	  qemu+ssh://$dest/system --unsafe

	== 8 bytes in 1 blocks are definitely lost in loss record 1 of 28
	==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==    by 0x3EB7115FB8: xdr_reference (in /lib64/libc-2.12.so)
	==    by 0x3EB7115F10: xdr_pointer (in /lib64/libc-2.12.so)
	==    by 0x4D1EA84: xdr_remote_string (remote_protocol.c:40)
	==    by 0x4D1EAD8: xdr_remote_domain_migrate_prepare3_ret (remote_protocol.c:4772)
	==    by 0x4D2FFD2: virNetMessageDecodePayload (virnetmessage.c:382)
	==    by 0x4D2789C: virNetClientProgramCall (virnetclientprogram.c:382)
	==    by 0x4D0707D: callWithFD (remote_driver.c:4549)
	==    by 0x4D070FB: call (remote_driver.c:4570)
	==    by 0x4D12AEE: remoteDomainMigratePrepare3 (remote_driver.c:4138)
	==    by 0x4CF7BE9: virDomainMigrateVersion3 (libvirt.c:4815)
	==    by 0x4CF9432: virDomainMigrate2 (libvirt.c:5454)
	==
	== LEAK SUMMARY:
	==    definitely lost: 8 bytes in 1 blocks
	==    indirectly lost: 0 bytes in 0 blocks
	==      possibly lost: 0 bytes in 0 blocks
	==    still reachable: 126,995 bytes in 1,343 blocks
	==         suppressed: 0 bytes in 0 blocks

	This patch also fixes the leaks in remoteDomainMigratePrepare and
	remoteDomainMigratePrepare2.

2012-03-16  Alex Jia  <ajia@redhat.com>

	libvirt: fix comment typo
	* src/libvirt.c (virStorageVolResize): correct comment typo according to
	  virStorageVolResizeFlags enum definition.

2012-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for forcing a private network namespace for LXC guests
	If no <interface> elements are included in an LXC guest XML
	description, then the LXC guest will just see the host's
	network interfaces. It is desirable to be able to hide the
	host interfaces, without having to define any guest interfaces.

	This patch introduces a new feature flag <privnet/> to allow
	forcing of a private network namespace for LXC. In the future
	I also anticipate that we will add <privuser/> to force a
	private user ID namespace.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add support
	  for <privnet/> feature. Auto-set <privnet> if any <interface>
	  devices are defined
	* src/lxc/lxc_container.c: Honour request for private network
	  namespace

2012-03-15  Peter Krempa  <pkrempa@redhat.com>

	lib: Don't access configuration if none is present
	Commit e457d5ef2015e6106094b85f8bbd1582002edc4d adds ability to pass the
	default URI using the client configuration file. If the file is not
	present, it still accesses the NULL config object causing a segfault.

	Caught running "make check".

2012-03-15  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainDetachPciDiskDevice: Free allocated cgroup
	This function potentially allocates new virCgroup but never
	frees it.

2012-03-15  Laine Stump  <laine@laine.org>

	Emit graphics events when a SPICE client connects/disconnects
	Wire up the domain graphics event notifications for SPICE. Adapted
	from a RHEL-only patch written by Dan Berrange that used custom
	__com.redhat_SPICE events - equivalent events are now available in
	upstream QEMU (including a SPICE_CONNECTED event, which was missing in
	the __COM.redhat_SPICE version).

	* src/qemu/qemu_monitor_json.c: Wire up SPICE graphics events

2012-03-15  Osier Yang  <jyang@redhat.com>

	numad: Fix typo and warning
	src/libvirt_private.syms:
	  s/virDomainCpuPlacement/virDomainCpuPlacementMode/
	src/qemu/qemu_process.c
	  def->mem.cur_balloon expects "llu"
	--
	pushed under build-breaker rule

2012-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Add container_uuid env variable to LXC guests
	Systemd has declared that all container virtualization technologies
	should set 'container_uuid' to identify themselves.

	http://cgit.freedesktop.org/systemd/systemd/commit/?id=09b967eaa51a39dabb7f238927f67bd682466dbc

2012-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Allow overriding default URI in config file
	Currently if the URI passed to virConnectOpen* is NULL, then we

	 - Look for LIBVIRT_DEFAULT_URI env var
	 - Probe for drivers

	This changes it so that

	 - Look for LIBVIRT_DEFAULT_URI env var
	 - Look for 'uri_default' in $HOME/.libvirt/libvirt.conf
	 - Probe for drivers

2012-03-15  Osier Yang  <jyang@redhat.com>

	virsh: A bit smarter attach-disk
	Detects the file type of source path if no "--sourcetype" and
	"driver" is specified, instead of always set the disk type as
	"block".

2012-03-15  Alex Jia  <ajia@redhat.com>

	virsh: fix invalid free
	* tools/virsh.c (cmdDetachDisk): fix invalid free due to using
	  uninitialised value.

	* How to reproduce?
	# virsh detach-disk a b
	error: failed to get domain 'a'
	*** glibc detected *** virsh: double free or corruption (out): 0x00007fff410ed1a0 ***
	======= Backtrace: =========
	/lib64/libc.so.6[0x39cf0750c6]
	/usr/lib/libvirt.so.0(virFree+0x39)[0x7f045938a239]
	virsh[0x41c768]
	virsh[0x415075]
	virsh[0x425d64]
	/lib64/libc.so.6(__libc_start_main+0xfd)[0x39cf01ecdd]
	virsh[0x40a419]
	======= Memory map: ========
	00400000-0044e000 r-xp 00000000 08:0e 760441                             /usr/bin/virsh
	0064e000-00650000 rw-p 0004e000 08:0e 760441                             /usr/bin/virsh
	......
	39d7229000-39d722b000 r--p 00029000 08:0e 2183477                        /lib64/libk5crypto.so.3.1
	39d722b000-39d722c000 rw-p 0002b000 08:0e 2183477                        /lib64/lAborted (core dumped)

2012-03-15  Osier Yang  <jyang@redhat.com>

	qemu: Support numad
	numad is an user-level daemon that monitors NUMA topology and
	processes resource consumption to facilitate good NUMA resource
	alignment of applications/virtual machines to improve performance
	and minimize cost of remote memory latencies. It provides a
	pre-placement advisory interface, so significant processes can
	be pre-bound to nodes with sufficient available resources.

	More details: http://fedoraproject.org/wiki/Features/numad

	"numad -w ncpus:memory_amount" is the advisory interface numad
	provides currently.

	This patch add the support by introducing a new XML attribute
	for <vcpu>. e.g.

	  <vcpu placement="auto">4</vcpu>
	  <vcpu placement="static" cpuset="1-10^6">4</vcpu>

	The returned advisory nodeset from numad will be printed
	in domain's dumped XML. e.g.
	  <vcpu placement="auto" cpuset="1-10^6">4</vcpu>

	If placement is "auto", the number of vcpus and the current
	memory amount specified in domain XML will be used for numad
	command line (numad uses MB for memory amount):
	  numad -w $num_of_vcpus:$current_memory_amount / 1024

	The advisory nodeset returned from numad will be used to set
	domain process CPU affinity then. (e.g. qemuProcessInitCpuAffinity).

	If the user specifies both CPU affinity policy (e.g.
	(<vcpu cpuset="1-10,^7,^8">4</vcpu>) and placement == "auto"
	the specified CPU affinity will be overridden.

	Only QEMU/KVM drivers support it now.

	See docs update in patch for more details.

2012-03-14  Osier Yang  <jyang@redhat.com>

	qemu: Use scsi-block for lun passthrough instead of scsi-disk
	And don't allow to hotplug a usb disk with "device == lun". This
	is the missed pieces in previous virtio-scsi patchset:

	http://www.redhat.com/archives/libvir-list/2012-February/msg01052.html

2012-03-14  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Reverse condition in qemuDomainCheckDiskPresence
	With current code, we pass true iff domain is cold booting. However,
	if disk is inaccessible and startupPolicy for that disk is set to
	'requisite' we have to fail iff cold booting.

2012-03-14  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add cpu definition for Intel Sandy Bridge cpu type
	This patch adds support for the new tsc-deadline feature flag
	and a new model to the supported model list describing the
	Intel Sandy Bridge platform.

2012-03-13  Martin Kletzander  <mkletzan@redhat.com>

	Added support for AMD Bulldozer CPU
	AMD Bulldozer (or Opteron_G4 as called in QEMU) was added to the list
	of cpu models, flags were taken from upstream qemu cpu specifications
	and should be sorted by bit values (or first occurence in the feature
	specification part of cpu_map.xml).

	Based on QEMU upstream commit 885bb0369a4f0abe2c0185178f3cb347cb02cdf1.

2012-03-13  Michal Privoznik  <mprivozn@redhat.com>

	graphics: Cleanup port policy
	Even though we say in documentation setting (tls-)port to -1 is legacy
	compat style for enabling autoport, we're roughly doing this for VNC.
	However, in case of SPICE auto enable autoport iff both port & tlsPort
	are equal -1 as documentation says autoport plays with both.

2012-03-13  Guannan Ren  <gren@redhat.com>

	qemu: fix segfault when detaching non-existent network device
	In qemuDomainDetachNetDevice, detach was being used before it had been
	validated. If no matching device was found, this resulted in a
	dereference of a NULL pointer.

	This behavior was a regression introduced in commit
	cf90342be0022520e25cfa258cef1034b229a100, so it has not been a part of
	any official libvirt release.

2012-03-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix (managed)save and snapshots with host mode CPU
	When host-model and host-passthrouh CPU modes were introduced, qemu
	driver was properly modify to update guest CPU definition during
	migration so that we use the right CPU at the destination. However,
	similar treatment is needed for (managed)save and snapshots since they
	need to save the exact CPU so that a domain can be properly restored.
	To avoid repetition of such situation, all places that need live XML
	share the code which generates it.

	As a side effect, this patch fixes error reporting from
	qemuDomainSnapshotWriteMetadata().

2012-03-12  Eric Blake  <eblake@redhat.com>

	docs: fix usage example on setting log levels
	Reported by Michael S. Tsirkin.

	* docs/logging.html.in (log_examples): Use correct libvirtd.conf
	syntax.

2012-03-12  Eric Blake  <eblake@redhat.com>

	cpustats: report user and sys times
	Thanks to cgroups, providing user vs. system time of the overall
	guest is easy to add to our existing API.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_CPU_STATS_USERTIME)
	(VIR_DOMAIN_CPU_STATS_SYSTEMTIME): New constants.
	* src/util/virtypedparam.h (virTypedParameterArrayValidate)
	(virTypedParameterAssign): Enforce checking the result.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Fix offender.
	(qemuDomainGetTotalcpuStats): Implement new parameters.
	* tools/virsh.c (cmdCPUStats): Tweak output accordingly.

2012-03-12  Eric Blake  <eblake@redhat.com>

	cpustats: collect VM user and sys times
	As documented in linux.git/Documentation/cgroups/cpuacct.txt,
	cpuacct.stat returns user and system time in ticks (the same
	unit used in times(2)).  It would be a bit nicer if it were like
	getrusage(2) and reported timeval contents, or like cpuacct.usage
	and in nanoseconds, but we can't be picky.

	* src/util/cgroup.h (virCgroupGetCpuacctStat): New function.
	* src/util/cgroup.c (virCgroupGetCpuacctStat): Implement it.
	(virCgroupGetValueStr): Allow for multi-line files.
	* src/libvirt_private.syms (cgroup.h): Export it.

2012-03-12  Eric Blake  <eblake@redhat.com>

	qemu: support disk filenames with comma
	If there is a disk file with a comma in the name, QEmu expects a double
	comma instead of a single one (e.g., the file "virtual,disk.img" needs
	to be specified as "virtual,,disk.img" in QEmu's command line). This
	patch fixes libvirt to work with that feature. Fix RHBZ #801036.

	Based on an initial patch by Crístian Viana.

	* src/util/buf.h (virBufferEscape): Alter signature.
	* src/util/buf.c (virBufferEscape): Add parameter.
	(virBufferEscapeSexpr): Fix caller.
	* src/qemu/qemu_command.c (qemuBuildRBDString): Likewise.  Also
	escape commas in file names.
	(qemuBuildDriveStr): Escape commas in file names.
	* docs/schemas/basictypes.rng (absFilePath): Relax RNG to allow
	commas in input file names.
	* tests/qemuxml2argvdata/*-disk-drive-network-sheepdog.*: Update
	test.

2012-03-12  Daniel Veillard  <veillard@redhat.com>

	Fix a few typo in translated strings
	this was raised by our hindi localization team
	chandan kumar <chandankumar.093047@gmail.com>

2012-03-09  Martin Kletzander  <mkletzan@redhat.com>

	Removed more AMD-specific features from cpu64-rhel* models
	We found few more AMD-specific features in cpu64-rhel* models that
	made it impossible to start qemu guest on Intel host (with this
	setting) even though qemu itself starts correctly with them.
	This impacts one test, thus the fix in tests/cputestdata/.

2012-03-09  Laine Stump  <laine@laine.org>

	conf: eliminate redundant VIR_ALLOC of 1st element of network DNS hosts.
	virNetworkDNSHostsDefParseXML was calling VIR_ALLOC(def->hosts) if
	def->hosts was NULL. This is a waste of time, though, since
	VIR_REALLOC_N is called a few lines further down, prior to any use of
	def->hosts. (initializing def->nhosts to 0 is also redundant, because
	the newly allocated memory will always be cleared to all 0's anyway).

2012-03-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuxml2argvtest: Pass some additional flags to graphics-spice-agentmouse
	One of the recent commits introduced support for
	spice agent-mouse. However, test for this feature
	require some tweaking: pass QEMU_CAPS_CHARDEV_SPICEVMC |
	QEMU_CAPS_NODEFCONFIG and add "-vga cirrus".

	qemuBuildCommandLine: Don't add tlsPort if none set
	If user hasn't supplied any tlsPort we default to setting it
	to zero in our internal structure. However, when building command
	line we test it against -1 which is obviously wrong.

2012-03-09  Peng Zhou  <ailvpeng25@gmail.com>

	qemu: spice agent-mouse support
	spice agent-mouse support

	Usage:
	  <graphics type='spice'>
	    <mouse mode='client'|'server'/>
	  <graphics/>

2012-03-09  Osier Yang  <jyang@redhat.com>

	virsh: Use option alias for outmoded "--persistent"
	Since VIR_DOMAIN_AFFECT_{LIVE,CONFIG,CURRENT} was created,
	all new virsh commands use "--config" to represents the
	persistent changing. This patch add "--config" option
	for the old commands which still use "--persistent",
	and "--persistent" is now alias of "--config".

	tools/virsh.c: (use "--config", and "--persistent" is
	    alias of "--config" now).
	    cmdDomIfSetLink, cmdDomIfGetLink, cmdAttachDevice,
	    cmdDetachDevice, cmdUpdateDevice, cmdAttachInterface,
	    cmdDetachInterface, cmdAttachDisk, cmdDetachDisk

	toos/virsh.pod: Update docs of the changed commands, and
	    add some missed docs for "--config" (detach-interface,
	    detach-disk, and detach-device).

2012-03-08  Laine Stump  <laine@laine.org>

	remove daemon/probes.h from .gitignore
	The file daemon/probes.h used to be generated as part of a build, but
	is no longer used. However, a stale copy of it lying around could
	cause a build to fail. Removing it from .gitignore will make it more
	likely someone will notice that they have it lying around.

2012-03-08  Laine Stump  <laine@laine.org>

	util: consolidate duplicated error messages in pci.c
	This is nearly identical to an earlier patch for virnetlink.c.

	There are special stub versions of all public functions in this file
	that are compiled when the platform isn't linux. Each of these
	functions had an almost identical message, differing only in the
	function name included in the message. Since log messages already
	contain the function name, we can just define a const char* with the
	common part of the string, and use that same string for all the log
	messages.

	If nothing else, this at least makes for less strings that need
	translating...

2012-03-08  Laine Stump  <laine@laine.org>

	qemu: eliminate memory leak in qemuDomainUpdateDeviceConfig
	This function was freeing a virDomainNetDef with
	VIR_FREE(). virDomainNetDef is a complex structure with many pointers
	to other dynamically allocated data; to properly free it
	virDomainNetDefFree() must be called instead, otherwise several
	strings (and potentially other things) will be leaked.

	qemu: support persistent hotplug of <hostdev> devices
	For some reason, although live hotplug of <hostdev> devices is
	supported, persistent hotplug is not. This patch adds the proper
	VIR_DOMAIN_DEVICE_HOSTDEV cases to the switches in
	qemuDomainAttachDeviceConfig and qemuDomainDetachDeviceConfig.

2012-03-08  Laine Stump  <laine@laine.org>

	util: standardize return from functions calling virNetlinkCommand
	There are several functions that call virNetlinkCommand, and they all
	follow a common pattern, with three exit labels: err_exit (or
	cleanup), malformed_resp, and buffer_too_small. All three of these
	labels do their own cleanup and have their own return. However, the
	malformed_resp label usually frees the same items as the
	cleanup/err_exit label, and the buffer_too_small label just doesn't
	free recvbuf (because it's known to always be NULL at the time we goto
	buffer_too_small.

	In order to simplify and standardize the code, I've made the following
	changes to all of these functions:

	1) err_exit is replaced with the more libvirt-ish "cleanup", which
	   makes sense because in all cases this code is also executed in the
	   case of success, so labelling it err_exit may be confusing.

	2) rc is initialized to -1, and set to 0 just before the cleanup
	   label. Any code that currently sets rc = -1 is made to instead goto
	   cleanup.

	3) malformed_resp and buffer_too_small just log their error and goto
	   cleanup. This gives us a single return path, and a single place to
	   free up resources.

	4) In one instance, rather then logging an error immediately, a char*
	   msg was pointed to an error string, then goto cleanup (and cleanup
	   would log an error if msg != NULL). It takes no more lines of code
	   to just log the message as we encounter it.

	This patch should have 0 functional effects.

2012-03-08  Laine Stump  <laine@laine.org>

	util: eliminate device object leaks related to virDomain*Remove*()
	There are several functions in domain_conf.c that remove a device
	object from the domain's list of that object type, but don't free the
	object or return it to the caller to free. In many cases this isn't a
	problem because the caller already had a pointer to the object and
	frees it afterward, but in several cases the removed object was just
	left floating around with no references to it.

	In particular, the function qemuDomainDetachDeviceConfig() calls
	functions to locate and remove net (virDomainNetRemoveByMac), disk
	(virDomainDiskRemoveByName()), and lease (virDomainLeaseRemove())
	devices, but neither it nor its caller qemuDomainModifyDeviceConfig()
	ever obtain a pointer to the device being removed, much less free it.

	This patch modifies the following "remove" functions to return a
	pointer to the device object being removed from the domain device
	arrays, to give the caller the option of freeing the device object
	using that pointer if needed. In places where the object was
	previously leaked, it is now freed:

	  virDomainDiskRemove
	  virDomainDiskRemoveByName
	  virDomainNetRemove
	  virDomainNetRemoveByMac
	  virDomainHostdevRemove
	  virDomainLeaseRemove
	  virDomainLeaseRemoveAt

	The functions that had been leaking:

	  libxlDomainDetachConfig - leaked a virDomainDiskDef
	  qemuDomainDetachDeviceConfig - could leak a virDomainDiskDef,
	                            a virDomainNetDef, or a
	                            virDomainLeaseDef
	  qemuDomainDetachLease   - leaked a virDomainLeaseDef

2012-03-08  Laine Stump  <laine@laine.org>

	qemu: don't 'remove' hostdev objects from domain if operation fails
	There were certain paths through the hostdev detach code that could
	lead to the lower level function failing (and not removing the object
	from the domain's hostdevs list), but the higher level function
	free'ing the hostdev object anyway. This would leave a stale
	hostdevdef pointer in the list, which would surely cause a problem
	eventually.

	This patch relocates virDomainHostdevRemove from the lower level
	functions qemuDomainDetachThisHostDevice and
	qemuDomainDetachHostPciDevice, to their caller
	qemuDomainDetachThisHostDevice, placing it just before the call to
	virDomainHostdevDefFree. This makes it easy to verify that either both
	operations are done, or neither.

	NB: The "dangling pointer" part of this problem was introduced in
	commit 13d5a6, so it is not present in libvirt versions prior to
	0.9.9. Earlier versions would return failure in certain cases even
	though the the device object was removed/deleted, but the removal and
	deletion operations would always both happen or neither.

2012-03-08  Laine Stump  <laine@laine.org>

	util: make virDomainLeaseDefFree global
	It will be used in a different file in an upcoming patch.

2012-03-08  Laine Stump  <laine@laine.org>

	util: consolidate duplicated error messages in virnetlink.c
	There are special stub versions of all public functions in this file
	that are compiled when either libnl isn't available or the platform
	isn't linux. Each of these functions had two almost identical message,
	differing only in the function name included in the message. Since log
	messages already contain the function name, we can just define a const
	char* with the common part of the string, and use that same string for
	all the log messages.

	Also, rather than doing #if defined ... #else ... #endif *inside the
	error log macro invocation*, this patch does #if defined ... just
	once, using it to decide which single string to define. This turns the
	error log in each function from 6 lines, to 1 line.

2012-03-08  Laine Stump  <laine@laine.org>

	util: log error on OOM in virNetDevOpenvswitchAddPort
	OOM conditions silently returned failure.

2012-03-08  Ansis Atteka  <aatteka@nicira.com>

	Attach vm-id to Open vSwitch interfaces.
	This patch will allow OpenFlow controllers to identify which interface
	belongs to a particular VM by using the Domain UUID.

	ovs-vsctl get Interface vnet0 external_ids
	{attached-mac="52:54:00:8C:55:2C", iface-id="83ce45d6-3639-096e-ab3c-21f66a05f7fa", iface-status=active, vm-id="142a90a7-0acc-ab92-511c-586f12da8851"}

	V2 changes:
	Replaced vm-uuid with vm-id. There was a discussion in Open vSwitch
	mailinglist that we should stick with the same DB key postfixes for the
	sake of consistency (e.g iface-id, vm-id ...).

2012-03-08  Laine Stump  <laine@laine.org>

	util: whitespace change to virNetDevOpenvswitchAddPort
	The indentation on the final lines of the function was off by four
	spaces, making me wonder for a second if there was something
	missing. (There wasn't.)

	util: add stub pciConfigAddressToSysfsFile for non-linux platforms
	Absence of this stub function caused a build failure on mingw32.

2012-03-08  Eric Blake  <eblake@redhat.com>

	rpc: generalize solution for VPATH builds
	Commit 5d4b0c4c80 tried to fix certain classes of VPATH builds,
	but was too limited.  In particular, Guannan Ren reported:

	>    For example: The libvirt source code resides in /home/testuser,
	>                 I make dist in /tmp/buildvpath, the XDR routine .c file will
	>                 include full path of the header file like:
	>
	>                 #include "/home/testuser/src/rpc/virnetprotocol.h"
	>                 #include "internal.h"
	>                 #include <arpa/inet.h>
	>
	>    If we distribute the tarball to another machine to compile,
	>    it will report error as follows:
	>
	>    rpc/virnetprotocol.c:7:59: fatal error:
	>    /home/testuser/src/rpc/virnetprotocol.h: No such file or directory

	* src/rpc/genprotocol.pl: Fix more include lines.

2012-03-08  Peter Krempa  <pkrempa@redhat.com>

	xml: Clean up schemas to use shared data types instead of local
	The schema files contained duplicate data types that can be shared from
	the basictypes.rng file.

2012-03-08  Michal Privoznik  <mprivozn@redhat.com>

	util: Don't overflow on errno in virFileAccessibleAs
	If we need to virFork() to check assess() under different
	UID+GID we need to translate returned status via WEXITSTATUS().
	Otherwise, we may return values greater than 255 which is
	obviously wrong.

2012-03-08  Peter Krempa  <pkrempa@redhat.com>

	sanlock: Use STREQ_NULLABLE instead of STREQ on strings that may be null
	The function sanlock_inquire can return NULL in the state string if the
	message consists only of a header. The return value is arbitrary and
	sent by the server. We should proceed carefully while touching such
	pointers.

	sanlock: Fix condition left crippled while debugging

2012-03-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't parse device twice in attach/detach
	Some members are generated during XML parse (e.g. MAC address of
	an interface); However, with current implementation, if we
	are plugging a device both to persistent and live config,
	we parse given XML twice: first time for live, second for config.
	This is wrong then as the second time we are not guaranteed
	to generate same values as we did for the first time.
	To prevent that we need to create a copy of DeviceDefPtr;
	This is done through format/parse process instead of writing
	functions for deep copy as it is easier to maintain:
	adding new field to any virDomain*DefPtr doesn't require change
	of copying function.

	qemu: Fix startupPolicy for snapshot-revert
	Currently, startupPolicy='requisite' was determining cold boot
	by migrateFrom != NULL. That means, if domain was started up
	with migrateFrom set we didn't require disk source path and allowed
	it to be dropped. However, on snapshot-revert domain wasn't migrated
	but according to documentation, requisite should drop disk source
	as well.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: improve memory unit parsing
	The last vestige of the inaccurate 'kilobytes' when we meant 1024 is
	now gone.  And virsh is now useful for setting memory in units other
	than KiB.

	* tools/virsh.c (cmdSetmem, cmdSetmaxmem): Use new helper routine,
	allow passing bogus arguments on to hypervisor to test driver
	sanity checking, and fix leak on parse error.
	(vshMemtuneGetSize): New helper.
	(cmdMemtune): Use it.
	* tools/virsh.pod (setmem, setmaxmem, memtune): Document this.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: improve storage unit parsing
	Now can now do:

	virsh vol-resize $vol 10M
	virsh blockresize $dom $vol 10M

	to get both interfaces to resize to 10MiB.  The remaining wart
	is that vol-resize defaults to bytes, but blockresize defaults
	to KiB, but we can't break existing scripts; oh well, it's no
	worse than the same wart of the underlying virDomainBlockResize.

	The API for virStorageVolResize states that capacity must always
	be positive, and that the presence of shrink and delta flags is
	what implies a negative change.

	* tools/virsh.c (vshCommandOptScaledInt): New function.
	(cmdVolResize): Don't pass negative size.
	(cmdVolSize): Rename...
	(vshVolSize): ...and use new helper routine.
	(cmdBlockResize): Use new helper routine, and support new bytes
	flag.
	* tools/virsh.pod (NOTES): Document suffixes.
	(blockresize, vol-create-as, vol-resize): Point to notes.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: add command aliases, and rename nodedev-detach
	Just because our public API has a typo doesn't mean that virsh
	has to keep the typo.

	* tools/virsh.c (VSH_CMD_FLAG_ALIAS): New flag.
	(nodedevCmds): Use it.
	(cmdHelp): Omit alias commands.
	(cmdNodeDeviceDettach): Rename...
	(cmdNodeDeviceDetach): ...to this.
	* tools/virsh.pod (nodedev-detach): Document it.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: use option aliases
	Command line interfaces should use dash, not underscore, as many
	keyboard layouts allow that to be typed with fewer shift key presses.

	Also, the US spelling of --tunneled gets more google hits than the
	UK spelling of --tunnelled.

	* tools/virsh.c (opts_migrate): Allow US variant.
	(opts_blkdeviotune): Prefer - over _.
	* tools/virsh.pod (blkdeviotune): Fix spelling.

2012-03-08  Eric Blake  <eblake@redhat.com>

	virsh: add option aliases
	In the past, we have created some virsh options with less-than-stellar
	names.  For back-compat reasons, those names must continue to parse,
	but we don't want to document them in help output.  This introduces
	a new option type, an alias, which points to a canonical option name
	later in the option list.

	I'm actually quite impressed that our code has already been factored
	to do all option parsing through common entry points, such that I
	got this added in relatively few lines of code!

	* tools/virsh.c (VSH_OT_ALIAS): New option type.
	(opts_echo): Hook up an alias, for easy testing.
	(vshCmddefOptParse, vshCmddefHelp, vshCmddefGetOption): Allow for
	aliases.
	* tools/virsh.pod (NOTES): Document promise of back-compat.
	* tests/virshtest.c (mymain): Test new feature.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: allow scaled memory on input
	Output is still in kibibytes, but input can now be in different
	scales for ease of typing.

	* src/conf/domain_conf.c (virDomainParseMemory): New helper.
	(virDomainDefParseXML): Use it when parsing.
	* docs/schemas/domaincommon.rng: Expand XML; rename memoryKBElement
	to memoryElement and update callers.
	* docs/formatdomain.html.in (elementsMemoryAllocation): Document
	scaling.
	* tests/qemuxml2argvdata/qemuxml2argv-memtune.xml: Adjust test.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-memtune.xml: New file.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: use better types for memory values
	Using 'unsigned long' for memory values is risky on 32-bit platforms,
	as a PAE guest can have more than 4GiB memory.  Our API is
	(unfortunately) locked at 'unsigned long' and a scale of 1024, but
	the rest of our system should consistently use 64-bit values,
	especially since the previous patch centralized overflow checking.

	* src/conf/domain_conf.h (_virDomainDef): Always use 64-bit values
	for memory.  Change hugepage_backed to a bool.
	* src/conf/domain_conf.c (virDomainDefParseXML)
	(virDomainDefCheckABIStability, virDomainDefFormatInternal): Fix
	clients.
	* src/vmx/vmx.c (virVMXFormatConfig): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr, xenFormatSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenXMConfigGetULongLong): New function.
	(xenXMConfigGetULong, xenXMConfigSetInt): Avoid truncation.
	(xenParseXM, xenFormatXM): Fix clients.
	* src/phyp/phyp_driver.c (phypBuildLpar): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainSetMemoryInternal):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDefineXML): Likewise.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* src/qemu/qemu_monitor.h (qemuMonitorGetBalloonInfo): Likewise.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBalloonInfo):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetInfo)
	(qemuDomainGetXMLDesc): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLine): Likewise.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: use long long internally, to centralize overflow checks
	On 64-bit platforms, unsigned long and unsigned long long are
	identical, so we don't have to worry about overflow checks.
	On 32-bit platforms, anywhere we narrow unsigned long long back
	to unsigned long, we have to worry about overflow; it's easier
	to do this in one place by having most of the code use the same
	or wider types, and only doing the narrowing at the last minute.
	Therefore, the memory set commands remain unsigned long, and
	the memory get command now centralizes the overflow check into
	libvirt.c, so that drivers don't have to repeat the work.

	This also fixes a bug where xen returned the wrong value on
	failure (most APIs return -1 on failure, but getMaxMemory
	must return 0 on failure).

	* src/driver.h (virDrvDomainGetMaxMemory): Use long long.
	* src/libvirt.c (virDomainGetMaxMemory): Raise overflow.
	* src/test/test_driver.c (testGetMaxMemory): Fix driver.
	* src/rpc/gendispatch.pl (name_to_ProcName): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetMaxMemory): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetMaxMemory): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainGetMaxMemory):
	Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainGetMaxMemory):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetMaxMemory): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetMaxMemory): Likewise.
	* src/xen/xs_internal.c (xenStoreDomainGetMaxMemory): Likewise.
	* src/xen/xs_internal.h (xenStoreDomainGetMaxMemory): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetMaxMemory):
	Likewise.
	* src/esx/esx_driver.c (esxDomainGetMaxMemory): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetMaxMemory): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetMaxMemory): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetMaxMemory): Likewise.
	* src/uml/uml_driver.c (umlDomainGetMaxMemory): Likewise.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: drop unenforced minimum memory limit from RNG
	The test domain allows <memory>0</memory>, but the RNG was stating
	that memory had to be at least 4096000 bytes.  Hypervisors should
	enforce their own limits, rather than complicating the RNG.

	Meanwhile, some copy and paste had introduced some fishy constructs
	in various unit tests.

	* docs/schemas/domaincommon.rng (memoryKB, memoryKBElement): Drop
	limit that isn't enforced in code.
	* src/conf/domain_conf.c (virDomainDefParseXML): Require current
	<= maximum.
	* tests/qemuxml2argvdata/*.xml: Fix offenders.

2012-03-08  Eric Blake  <eblake@redhat.com>

	storage: support more scaling suffixes
	Disk manufacturers are fond of quoting sizes in powers of 10,
	rather than powers of 2 (after all, 2.1 GB sounds larger than
	2.0 GiB, even though the exact opposite is true).  So, we might
	as well follow coreutils' lead in supporting three types of
	suffix: single letter ${u} (which we already had) and ${u}iB
	for the power of 2, and ${u}B for power of 10.

	Additionally, it is impossible to create a file with more than
	2**63 bytes, since off_t is signed (if you have enough storage
	to even create one 8EiB file, I'm jealous).  This now reports
	failure up front rather than down the road when the kernel
	finally refuses an impossible size.

	* docs/schemas/basictypes.rng (unit): Add suffixes.
	* src/conf/storage_conf.c (virStorageSize): Use new function.
	* docs/formatstorage.html.in: Document it.
	* tests/storagevolxml2xmlin/vol-file-backing.xml: Test it.
	* tests/storagevolxml2xmlin/vol-file.xml: Likewise.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: output memory unit for clarity
	Make it obvious to 'dumpxml' readers what unit we are using,
	since our default of KiB for memory (1024) differs from qemu's
	default of MiB; and differs from our use of bytes for storage.

	Tests were updated via:

	$ find tests/*data tests/*out -name '*.xml' | \
	  xargs sed -i 's/<\(memory\|currentMemory\|hard_limit\|soft_limit\|min_guarantee\|swap_hard_limit\)>/<\1 unit='"'KiB'>/"
	$ find tests/*data tests/*out -name '*.xml' | \
	  xargs sed -i 's/<\(capacity\|allocation\|available\)>/<\1 unit='"'bytes'>/"

	followed by a few fixes for the stragglers.

	Note that with this patch, the RNG for <memory> still forbids
	validation of anything except unit='KiB', since the code silently
	ignores the attribute; a later patch will expand <memory> to allow
	scaled input in the code and update the RNG to match.

	* docs/schemas/basictypes.rng (unit): Add 'bytes'.
	(scaledInteger): New define.
	* docs/schemas/storagevol.rng (sizing): Use it.
	* docs/schemas/storagepool.rng (sizing): Likewise.
	* docs/schemas/domaincommon.rng (memoryKBElement): New define; use
	for memory elements.
	* src/conf/storage_conf.c (virStoragePoolDefFormat)
	(virStorageVolDefFormat): Likewise.
	* src/conf/domain_conf.h (_virDomainDef): Document unit used
	internally.
	* src/conf/storage_conf.h (_virStoragePoolDef, _virStorageVolDef):
	Likewise.
	* tests/*data/*.xml: Update all tests.
	* tests/*out/*.xml: Likewise.
	* tests/define-dev-segfault: Likewise.
	* tests/openvzutilstest.c (testReadNetworkConf): Likewise.
	* tests/qemuargv2xmltest.c (blankProblemElements): Likewise.

2012-03-08  Eric Blake  <eblake@redhat.com>

	xml: share 'unit' in RNG
	The code supported unit='E' for "exabyte", but the RNG did not;
	conversely, the RNG supported "z" and "y" but the code did not
	(I'm jealous if you have that much storage, particularly since
	it won't fit in 64-bit off_t).  Also, the code supported
	<allocation unit='...'>, but not the RNG.

	In an effort to make 'unit' more worthwhile in future patches,
	it's easier to share it between files.

	In making this factorization, note that absFilePath is more
	permissive than 'path', so storage pools and storage volumes
	will now validate with a wider set of file names than before.
	I don't think this should be a problem in practice.

	* docs/schemas/storagepool.rng: Include basic types, rather than
	repeating things here.
	* docs/schemas/storagevol.rng: Likewise.
	* docs/schemas/basictypes.rng: Add 'unsignedLong', 'unit', and fix
	to match storage code.

2012-03-08  Eric Blake  <eblake@redhat.com>

	util: new function for scaling numbers
	Scaling an integer based on a suffix is something we plan on reusing
	in several contexts: XML parsing, virsh CLI parsing, and possibly
	elsewhere.  Make it easy to reuse, as well as adding in support for
	powers of 1000.

	* src/util/util.h (virScaleInteger): New function.
	* src/util/util.c (virScaleInteger): Implement it.
	* src/libvirt_private.syms (util.h): Export it.

2012-03-08  Eric Blake  <eblake@redhat.com>

	api: add overflow error
	Overflow can be user-induced, so it deserves more than being called
	an internal error.  Note that in general, 32-bit platforms have
	far more places to trigger this error (anywhere the public API
	used 'unsigned long' but the other side of the connection is a
	64-bit server); but some are possible on 64-bit platforms (where
	the public API computes the product of two numbers).

	* include/libvirt/virterror.h (VIR_ERR_OVERFLOW): New error.
	* src/util/virterror.c (virErrorMsg): Translate it.
	* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpuPinInfo)
	(virDomainGetVcpus, virDomainGetCPUStats): Use it.
	* daemon/remote.c (HYPER_TO_TYPE): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockResize): Likewise.

2012-03-08  Eric Blake  <eblake@redhat.com>

	docs: use correct terminology for 1024 bytes
	Yes, I like kilobytes better than kibibytes (when I say kilobytes,
	I generally mean 1024).  But since the term is ambiguous, it can't
	hurt to say what we mean, by using both the correct name and
	calling out the numeric equivalent.

	* src/libvirt.c (virDomainGetMaxMemory, virDomainSetMaxMemory)
	(virDomainSetMemory, virDomainSetMemoryFlags)
	(virNodeGetFreeMemory): Tweak wording.
	* docs/formatdomain.html.in: Likewise.
	* docs/formatstorage.html.in: Likewise.

2012-03-07  Laine Stump  <laine@laine.org>

	util: fix build mingw (and all non-linux) build failure
	ATTRIBUTE_UNUSED was accidentally forgotten on one arg of a stub
	function for functionality that's not present on non-linux
	platforms. This causes a non-linux build with
	--enable-compile-warnings=error to fail.

2012-03-07  Eric Blake  <eblake@redhat.com>

	rpc: allow truncated return for virDomainGetCPUStats
	The RPC code assumed that the array returned by the driver would be
	fully populated; that is, ncpus on entry resulted in ncpus * return
	value on exit.  However, while we don't support holes in the middle
	of ncpus, we do want to permit the case of ncpus on entry being
	longer than the array returned by the driver (that is, it should be
	safe for the caller to pass ncpus=128 on entry, and the driver will
	stop populating the array when it hits max_id).

	Additionally, a successful return implies that the caller will then
	use virTypedParamArrayClear on the entire array; for this to not
	free uninitialized memory, the driver must ensure that all skipped
	entries are explicitly zeroed (the RPC driver did this, but not
	the qemu driver).

	There are now three cases:
	server 0.9.10 and client 0.9.10 or newer: No impact - there were no
	hypervisor drivers that supported cpu stats

	server 0.9.11 or newer and client 0.9.10: if the client calls with
	ncpus beyond the max, then the rpc call will fail on the client side
	and disconnect the client, but the server is no worse for the wear

	server 0.9.11 or newer and client 0.9.11: the server can return a
	truncated array and the client will do just fine

	I reproduced the problem by using a host with 2 CPUs, and doing:
	virsh cpu-stats $dom --start 1 --count 2

	* daemon/remote.c (remoteDispatchDomainGetCPUStats): Allow driver
	to omit tail of array.
	* src/remote/remote_driver.c (remoteDomainGetCPUStats):
	Accommodate driver that omits tail of array.
	* src/libvirt.c (virDomainGetCPUStats): Document this.
	* src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Clear all
	unpopulated entries.

2012-03-07  Laine Stump  <laine@laine.org>

	conf: fix error log with "address address"
	Addresses https://bugzilla.redhat.com/show_bug.cgi?id=800762

2012-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Ensure max_id is initialized in linuxParseCPUmap()

2012-03-07  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	cpu-stats command shows cpu statistics information of a domain.
	CPU0:
		cpu_time   88.231593093 seconds
	CPU1:
		cpu_time   123.613341883 seconds
	Total:
		cpu_time   211.844934976 seconds

2012-03-07  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu driver for virDomainGetCPUstats using cpuacct cgroup.
	* For now, only "cpu_time" is supported.
	* cpuacct cgroup is used for providing percpu cputime information.

	* src/qemu/qemu.conf     - take care of cpuacct cgroup.
	* src/qemu/qemu_conf.c   - take care of cpuacct cgroup.
	* src/qemu/qemu_driver.c - added an interface
	* src/util/cgroup.c/h    - added interface for getting percpu cputime

2012-03-07  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	add nodeGetCPUmap() for getting available CPU IDs in a cpumap.

2012-03-07  Osier Yang  <jyang@redhat.com>

	docs: Fix typo
	It used "&lt" for ">", reported by Kyla Zhang <weizhan@redhat.com>

2012-03-06  Duncan Rance  <libvirt@dunquino.com>

	Build error on OSX in src/util/virnetlink.c
	I'm building on OSX with no libnl. I had to do this to get src/util/virnetlink.c to compile:

2012-03-06  Roopa Prabhu  <roprabhu@cisco.com>

	qemu: install port profile and mac address on netdev hostdevs
	These changes are applied only if the hostdev has a parent net device
	(i.e. if it was defined as "<interface type='hostdev'>" rather than
	just "<hostdev>").  If the parent netdevice has virtual port
	information, the original virtualport associate functions are called
	(these set and restore both mac and port profile on an
	interface). Otherwise, only mac address is set on the device.

	Note that This is only supported for SR-IOV Virtual Functions (not for
	standard PCI or USB netdevs), and virtualport association is only
	supported for 802.1Qbh. For all other types of cards and types of
	virtualport, a "Config Unsupported" error is returned and the
	operation fails.

2012-03-06  Roopa Prabhu  <roprabhu@cisco.com>

	util: Changes to support portprofiles for hostdevs
	This patch includes the following changes to virnetdevmacvlan.c and
	virnetdevvportprofile.c:

	 - removes some netlink functions which are now available in
	   virnetdev.c

	 - Adds a vf argument to all port profile functions.

	For 802.1Qbh devices, the port profile calls can use a vf argument if
	passed by the caller. If the vf argument is -1 it will try to derive the vf
	if the device passed is a virtual function.

	For 802.1Qbg devices, This patch introduces a null check for the device
	argument because during port profile assignment on a hostdev, this argument
	can be null.

2012-03-06  Roopa Prabhu  <roprabhu@cisco.com>

	util: support functions for mac/portprofile associations on hostdev
	This patch adds the following:

	- functions to set and get vf configs
	- Functions to replace and store vf configs (Only mac address is handled today.
	  But the functions can be easily extended for vlans and other vf configs)
	- function to dump link dev info (This is moved from virnetdevvportprofile.c)

2012-03-06  Roopa Prabhu  <roprabhu@cisco.com>

	util: two new pci util functions
	pciDeviceGetVirtualFunctionInfo returns pf netdevice name and virtual
	function index for a given vf. This is just a wrapper around existing functions
	to return vf's pf and vf_index with one api call

	pciConfigAddressToSysfsfile returns the sysfile pci device link
	from a 'struct pci_config_address'

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: support type=hostdev network device live hotplug attach/detach
	qemuDomainAttachNetDevice

	  - re-ordered some things at start of function because
	    networkAllocateActualDevice should always be run and a slot
	    in def->nets always allocated, but host_net_add isn't needed
	    if the actual type is hostdev.

	  - if actual type is hostdev, defer to
	    qemuDomainAttachHostDevice (which will reach up to the NetDef
	    for things like MAC address when necessary). After return
	    from qemuDomainAttachHostDevice, slip directly to cleanup,
	    since the rest of the function is specific to emulated net
	    devices.

	  - put assignment of new NetDef into expanded def->nets down
	    below cleanup: (but only on success) since it is also needed
	    for emulated and hostdev net devices.

	qemuDomainDetachHostDevice

	  - after locating the exact device to detach, check if it's a
	    network device and, if so, use toplevel
	    qemuDomainDetachNetDevice instead so that the def->nets list
	    is properly updated, and 'actual device' properly returned to
	    network pool if appropriate. Otherwise, for normal hostdevs,
	    call the lower level qemuDomainDetachThisDevice.

	qemuDomainDetachNetDevice

	  - This is where it gets a bit tricky. After locating the device
	    on the def->nets list, if the network device type == hostdev,
	    call the *lower level* qemuDomainDetachThisDevice (which will
	    reach back up to the parent net device for MAC address /
	    virtualport when appropriate, then clear the device out of
	    def->hostdevs) before skipping past all the emulated
	    net-device-specific code to cleanup:, where the network
	    device is removed from def->nets, and the network device
	    object is freed.

	In short, any time a hostdev-type network device is detached, we must
	go through the toplevel virDomaineDetachNetDevice function first and
	last, to make sure 1) the def->nnets list is properly managed, and 2)
	any device allocated with networkAllocateActualDevice is properly
	freed. At the same time, in the middle we need to go through the
	lower-level vidDomainDetach*This*HostDevice to be sure that 1) the
	def->hostdevs list is properly managed, 2) the PCI device is properly
	detached from the guest and reattached to the host (if appropriate),
	and 3) any higher level teardown is called at the appropriate time, by
	reaching back up to the NetDef config (part (3) will be covered in a
	separate patch).

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: use virDomainNetRemove instead of inline code
	The code being replaced is exactly identical to the newly global
	function, right down to the comment.

	conf: change virDomainNetRemove from static to global
	This exact code is duplicated in qemuDomainDetachNetDevice().

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: support type='hostdev' network devices at domain start
	This patch makes sure that each network device ("interface") of
	type='hostdev' appears on both the hostdevs list and the nets list of
	the virDomainDef, and it modifies the qemu driver startup code so that
	these devices will be presented to qemu on the commandline as hostdevs
	rather than as network devices.

	It does not add support for hotplug of these type of devices, or code
	to honor the <mac address> or <virtualport> given in the config (both
	of those will be done in separate patches).

	Once each device is placed on both lists, much of what this patch does
	is modify places in the code that traverse all the device lists so
	that these hybrid devices are only acted on once - either along with
	the other hostdevs, or along with the other network interfaces. (In
	many cases, only one of the lists is traversed / a specific operation
	is performed on only one type of device. In those instances, the code
	can remain unchanged.)

	There is one special case - when building the commandline, interfaces
	are allowed to proceed all the way through
	networkAllocateActualDevice() before deciding to skip the rest of
	netdev-specific processing - this is so that (once we have support for
	networks with pools of hostdev devices) we can get the actual device
	allocated, then rely on the loop processing all hostdevs to generate
	the correct commandline.

	(NB: <interface type='hostdev'> is only supported for PCI network
	devices that are SR-IOV Virtual Functions (VF). Standard PCI[e] and
	USB devices, and even the Physical Functions (PF) of SR-IOV devices
	can only be assigned to a guest using the more basic <hostdev> device
	entry. This limitation is mostly due to the fact that non-SR-IOV
	ethernet devices tend to lose mac address configuration whenever the
	card is reset, which happens when a card is assigned to a guest;
	SR-IOV VFs fortunately don't suffer the same problem.)

2012-03-06  Laine Stump  <laine@laine.org>

	conf: parse/format type='hostdev' network interfaces
	This is the new interface type that sets up an SR-IOV PCI network
	device to be assigned to the guest with PCI passthrough after
	initializing some network device-specific things from the config
	(e.g. MAC address, virtualport profile parameters). Here is an example
	of the syntax:

	  <interface type='hostdev' managed='yes'>
	    <source>
	      <address type='pci' domain='0' bus='0' slot='4' function='3'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	    <address type='pci' domain='0' bus='0' slot='7' function='0'/>
	  </interface>

	This would assign the PCI card from bus 0 slot 4 function 3 on the
	host, to bus 0 slot 7 function 0 on the guest, but would first set the
	MAC address of the card to 00:11:22:33:44:55.

	NB: The parser and formatter don't care if the PCI card being
	specified is a standard single function network adapter, or a virtual
	function (VF) of an SR-IOV capable network adapter, but the upcoming
	code that implements the back end of this config will work *only* with
	SR-IOV VFs. This is because modifying the mac address of a standard
	network adapter prior to assigning it to a guest is pointless - part
	of the device reset that occurs during that process will reset the MAC
	address to the value programmed into the card's firmware.

	Although it's not supported by any of libvirt's hypervisor drivers,
	usb network hostdevs are also supported in the parser and formatter
	for completeness and consistency. <source> syntax is identical to that
	for plain <hostdev> devices, except that the <address> element should
	have "type='usb'" added if bus/device are specified:

	  <interface type='hostdev'>
	    <source>
	      <address type='usb' bus='0' device='4'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	  </interface>

	If the vendor/product form of usb specification is used, type='usb'
	is implied:

	  <interface type='hostdev'>
	    <source>
	      <vendor id='0x0012'/>
	      <product id='0x24dd'/>
	    </source>
	    <mac address='00:11:22:33:44:55'/>
	  </interface>

	Again, the upcoming patch to fill in the backend of this functionality
	will log an error and fail with "Unsupported Config" if you actually
	try to assign a USB network adapter to a guest using <interface
	type='hostdev'> - just use a standard <hostdev> entry in that case
	(and also for single-port PCI adapters).

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: refactor hotplug detach of hostdevs
	This refactoring is necessary to support hotplug detach of
	type=hostdev network devices, but needs to be in a separate patch to
	make potential debugging of regressions more practical.

	Rather than the lowest level functions searching for a matching
	device, the search is now done in the toplevel function, and an
	intermediate-level function (qemuDomainDetachThisHostDevice()), which
	expects that the device's entry is already found, is called (this
	intermediate function will be called by qemuDomainDetachNetDevice() in
	order to support detach of type=hostdev net devices)

	This patch should result in 0 differences in functionality.

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: re-order functions in qemu_hotplug.c
	Code movement only, no functional change. This is necessary to prevent
	a forward reference in an upcoming patch.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: hostdev utility functions
	Three new functions useful in other files:

	virDomainHostdevInsert:

	Add a new hostdev at the end of the array. This would more sensibly be
	called virDomainHostdevAppend, but the existing functions for other
	types of devices are called Insert.

	virDomainHostdevRemove:

	Eliminates one entry from the hostdevs array, but doesn't free it;
	patterned after the code at the end of the two
	qemuDomainDetachHostXXXDevice functions (and also other pre-existing
	virDomainXXXRemove functions for other device types).

	virDomainHostdevFind:

	This function is patterned from the search loops at the top of
	qemuDomainDetachHostPciDevice and qemuDomainDetachHostUsbDevice, and
	will be used to re-factor those (and other detach-related) functions.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: put subsys part of virDomainHostdevDef into its own struct
	To shorten some new code that accesses the many fields within the
	subsys struct of a hostdev, create a separate toplevel, typedefed
	virDomainHostdevSubsys struct so that we can define temporary pointers
	to the subsys part.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: give each hostdevdef a parent pointer
	The parent can be any type of device. It defaults to type=none, and a
	NULL pointer. The intent is that if a hostdevdef is contained in the
	def for a higher level device (e.g. virDomainNetDef), hostdev->parent
	will point to the higher level device, and type will be set to that
	type of device. This way, during attach and detach of the device,
	parent can be checked, and appropriate callouts made to do higher
	level device initialization (e.g. setting MAC address).

	Also, although these hostdevs with parents will be added to a domain's
	hostdevs list, they will be treated slightly differently when
	traversing the list, e.g. virDomainHostdefDefFree for a hostdev that
	has a parent doesn't need to be called (and will be a NOP); it will
	simply be removed from the list (since the parent device object is in
	its own type-specific list, and will be freed from there).

2012-03-06  Laine Stump  <laine@laine.org>

	conf: HostdevDef parse/format helper functions
	In an upcoming patch, virDomainNetDef will acquire a
	virDomainHostdevDef, and the <interface> XML will take on some of the
	elements of a <hostdev>. To avoid duplicating the code for parsing and
	formatting the <source> element (which will be nearly identical in
	these two cases), this patch factors those parts out of the
	HostdevDef's parse and format functions, and puts them into separate
	helper functions that are now called by the HostdevDef
	parser/formatter, and will soon be called by the NetDef
	parser/formatter.

	One change in behavior - previously virDomainHostdevDefParseXML() had
	diverged from current common coding practice by logging an error and
	failing if it found any subelements of <hostdev> other than those it
	understood (standard libvirt practice is to ignore/discard unknown
	elements and attributes during parse). The new helper function ignores
	unknown elements, and thus so does the new
	virDomainHostdevDefParseXML.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: make hostdev info a separate object
	In order to allow for a virDomainHostdevDef that uses the
	virDomainDeviceInfo of a "higher level" device (such as a
	virDomainNetDef), this patch changes the virDomainDeviceInfo in the
	HostdevDef into a virDomainDeviceInfoPtr. Rather than adding checks
	all over the code to check for a null info, we just guarantee that it
	is always valid. The new function virDomainHostdevDefAlloc() allocates
	a virDomainDeviceInfo and plugs it in, and virDomainHostdevDefFree()
	makes sure it is freed.

	There were 4 places allocating virDomainHostdevDefs, all of them
	parsers of one sort or another, and those have all had their
	VIR_ALLOC(hostdev) changed to virDomainHostdevDefAlloc(). Other than
	that, and the new functions, all the rest of the changes are just
	mechanical removals of "&" or changing "." to "->".

2012-03-06  Laine Stump  <laine@laine.org>

	conf: add device pointer to args of virDomainDeviceInfoIterate callback
	There will be cases where the iterator callback will need to know the
	type of the device whose info is being operated on, and possibly even
	need to use some of the device's config. This patch adds a
	virDomainDeviceDefPtr to the args of every callback, and fills it in
	appropriately as the devices are iterated through.

2012-03-06  Laine Stump  <laine@laine.org>

	qemu: rename virDomainDeviceInfoPtr variables to avoid confusion
	The virDomainDeviceInfoPtrs in qemuCollectPCIAddress and
	qemuComparePCIDevice are named "dev" and "dev1", but those functions
	will be changed (in order to match a change in the args sent to
	virDomainDeviceInfoIterate() callback args) to contain a
	virDomainDeviceDefPtr device.

	This patch renames "dev" to "info" (and "dev[n]" to "info[n]") to
	avoid later confusion.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: reorder static functions in domain_conf.c
	No code change, movement only.  This is necessary to eliminate forward
	references.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: relocate virDomainDeviceDef and virDomainHostdevDef
	This patch is only code movement + adding some forward definitions of
	typedefs.

	virDomainHostdevDef (not just a pointer to it, but an actual object)
	will be needed in virDomainNetDef and virDomainActualNetDef, so it
	must be relocated earlier in the file.

	Likewise, virDomainDeviceDef will be needed in virDomainHostdevDef, so
	it must be moved up even earlier. This, in turn, creates a forward
	reference problem, but fortunately only with pointers to other device
	types, so their typedefs can be moved up in the file, eliminating the
	problem.

2012-03-06  Laine Stump  <laine@laine.org>

	conf: add missing device types to virDomainDevice(Type|Def)
	Not all device types were represented in virDomainDeviceType, so some
	types of devices couldn't be represented in a virDomainDeviceDef
	(which requires a different type of pointer in the union for each
	different kind of device).

	Since serial, parallel, channel, and console devices are all
	virDomainChrDef, and the virDomainDeviceType is never used to produce
	a string from the type (and only used in the other direction
	internally to code, never to produce XML), I only added one "CHR"
	type, which is associated with "virDomainChrDefPtr chr" in the union.

2012-03-05  Jim Fehlig  <jfehlig@suse.com>

	Fix build after commit e3ba4025
	Commit e3ba4025 introduced a few build errors with HAVE_LIBNL undefined.

2012-03-05  Laine Stump  <laine@laine.org>

	util: eliminate crash in virNetDevMacVLanCreateWithVPortProfile
	Commit 723d5c (added after the release of 0.9.10) adds a
	NetlinkEventClient for each interface sent to
	virNetDevMacVLanCreateWithVPortProfile. This should only be done if
	the interface actually *has* a virtPortProfile, otherwise the event
	handler would be a NOP. The bigger problem is that part of the setup
	to create the NetlinkEventClient is to do a memcpy of virtPortProfile
	- if it's NULL, this triggers a segv.

	This patch just qualifies the code that adds the client - if
	virtPortProfile is NULL, it's skipped.

2012-03-05  Eric Blake  <eblake@redhat.com>

	blockResize: add flag for bytes
	Qemu supports sizing by bytes; we shouldn't force the user to
	round up if they really wanted an unaligned total size.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BLOCK_RESIZE_BYTES):
	New flag.
	* src/libvirt.c (virDomainBlockResize): Document it.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockResize): Take
	size in bytes.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextBlockResize):
	Likewise.  Pass bytes, not megabytes, to monitor.
	* src/qemu/qemu_driver.c (qemuDomainBlockResize): Implement new
	flag.

2012-03-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Shared or readonly disks are always safe wrt migration
	No matter what cache mode is used, readonly disks are always safe wrt
	migration. Shared disks are required to be readonly or to disable
	host-side cache, which makes them safe as well.

2012-03-05  Peter Krempa  <pkrempa@redhat.com>

	libvirt-guests: Add parallel startup and shutdown of guests
	With this patch, it's possible to shut down guests in parallel. Parallel
	startup was possible before, but this functionality was not documented
	properly.

	To enable parallel startup set the START_DELAY to 0.

	Parallel shutdown has a configurable parameter PARALLEL_SHUTDOWN that
	defines the number of machines being shut down in parallel. Enabling
	this feature changes the semantics of SHUTDOWN_TIMEOUT parameter that is
	applied as a cumulative timeout to shutdown all guests on a URI.

2012-03-05  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Fix client crash on connection close
	A multi-threaded client with event loop may crash if one of its threads
	closes a connection while event loop is in the middle of sending
	keep-alive message (either request or response). The right place for it
	is inside virNetClientIOEventLoop() between poll() and
	virNetClientLock(). We should only close a connection directly if no-one
	is using it and defer the closing to the last user otherwise. So far we
	only did so if the close was initiated by keep-alive timeout.

2012-03-05  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix build with dtrace + apparmor
	Building virt-aa-helper with dtrace probes enabled, ldd complained about
	undefined references:

	./.libs/libvirt_util.a(libvirt_util_la-event_poll.o):(.note.stapsdt+0x24):
	undefined reference to `libvirt_event_poll_purge_timeout_semaphore'
	...

2012-03-05  Osier Yang  <jyang@redhat.com>

	Fix type and add missed comment for diskChange callback
	Comment for parameter devAlias is missed. And a typo should
	be caused by copy & paste.

	qemu: Fix indention

2012-03-05  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add new flag supported by qemu to the cpu definition
	Some new cpu features were added to qemu. This patch adds some of them
	to our CPU map.

2012-03-03  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Correct a check for capacity arg of storageVolumeResize()
	Lets say I got a volume with '1G' allocation and '10G' capacity. The
	available space in the parent pool is '5G'. With the current check for
	overcapacity, I can only try to resize to <= '6G'. You see the problem?

2012-03-02  Laine Stump  <laine@laine.org>

	util: combine bools in virNetDevTapCreateInBridgePort into flags
	With an additional new bool added to determine whether or not to
	discourage the use of the supplied MAC address by the bridge itself,
	virNetDevTapCreateInBridgePort had three booleans (well, 2 bools and
	an int used as a bool) in the arg list, which made it increasingly
	difficult to follow what was going on. This patch combines those three
	into a single flags arg, which not only shortens the arg list, but
	makes it more self-documenting.

2012-03-02  Ansis Atteka  <aatteka@nicira.com>

	util: centralize tap device MAC address 1st byte "0xFE" modification
	When a tap device for a domain is created and attached to a bridge,
	the first byte of the tap device MAC address is set to 0xFE, while the
	rest is set to match the MAC address that will be presented to the
	guest as its network device MAC address. Setting this high value in
	the tap's MAC address discourages the bridge from using the tap
	device's MAC address as the bridge's own MAC address (Linux bridges
	always take on the lowest numbered MAC address of all attached devices
	as their own).

	In one case within libvirt, a tap device is created and attached to
	the bridge with the intent that its MAC address be taken on by the
	bridge as its own (this is used to assure that the bridge has a fixed
	MAC address to prevent network outages created by the bridge MAC
	address "flapping" as guests are started and stopped). In this case,
	the first byte of the mac address is *not* altered to 0xFE.

	In the current code, callers to virNetDevTapCreateInBridgePort each
	make the MAC address modification themselves before calling, which
	leads to code duplication, and also prevents lower level functions
	from knowing the real MAC address being used by the guest. The problem
	here is that openvswitch bridges must be informed about this MAC
	address, or they will be unable to pass traffic to/from the guest.

	This patch centralizes the location of the MAC address "0xFE fixup"
	into virNetDevTapCreateInBridgePort(), meaning 1) callers of this
	function no longer need the extra strange bit of code, and 2)
	bitNetDevTapCreateBridgeInPort itself now is called with the guest's
	unaltered MAC address, and can pass it on, unmodified, to
	virNetDevOpenvswitchAddPort.

	There is no other behavioral change created by this patch.

2012-03-02  Peter Krempa  <pkrempa@redhat.com>

	daemon: Remove deprecated HAL from init script dependencies
	The init script for the daemon requests to start HAL although it has
	been deprecated long time ago. This patch removes the dependency.

2012-03-02  Eric Blake  <eblake@redhat.com>

	build: fix output of pid values
	Nuke the last vestiges of printing pid_t values with the wrong
	types, at least in code compiled on mingw64.  There may be other
	places, but for now they are only compiled on systems where the
	existing %d doesn't trigger gcc warnings.

	* src/rpc/virnetsocket.c (virNetSocketNew): Use %lld and casting,
	rather than assuming any particular int type for pid_t.
	* src/util/command.c (virCommandRunAsync, virPidWait)
	(virPidAbort): Likewise.
	(verify): Drop a now stale assertion.

2012-03-02  Eric Blake  <eblake@redhat.com>

	build: use correct type for pid and similar types
	No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid
	constructs like 'int pid'.  Our API in libvirt-qemu cannot be
	changed without breaking ABI; but then again, libvirt-qemu can
	only be used on systems that support UNIX sockets, which rules
	out Windows (even if qemu could be compiled there) - so for all
	points on the call chain that interact with this API decision,
	we require a different variable name to make it clear that we
	audited the use for safety.

	Adding a syntax-check rule only solves half the battle; anywhere
	that uses printf on a pid_t still needs to be converted, but that
	will be a separate patch.

	* cfg.mk (sc_correct_id_types): New syntax check.
	* src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't
	use pid_t for pid, and validate for overflow.
	* include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name
	for syntax check.
	* src/vmware/vmware_conf.c (vmwareExtractPid): Likewise.
	* src/driver.h (virDrvDomainQemuAttach): Likewise.
	* tools/virsh.c (cmdQemuAttach): Likewise.
	* src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise.
	* src/qemu_protocol-structs (qemu_domain_attach_args): Likewise.
	* src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal):
	Likewise.
	* src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise.
	(qemuParseCommandLinePid): Use pid_t for pid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* src/conf/domain_conf.h (_virDomainObj): Likewise.
	* src/probes.d (rpc_socket_new): Likewise.
	* src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise.
	* src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessAttach): Likewise.
	* src/qemu/qemu_process.h (qemuProcessAttach): Likewise.
	* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
	* src/util/virnetdev.h (virNetDevSetNamespace): Likewise.
	* src/util/virnetdev.c (virNetDevSetNamespace): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
	* src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t,
	and gid_t rather than int.
	* src/security/security_dac.c (virSecurityDACSetOwnership): Likewise.
	* src/conf/storage_conf.c (virStorageDefParsePerms): Avoid
	compiler warning.

2012-03-02  Eric Blake  <eblake@redhat.com>

	build: prohibit cross-inclusion
	Make it easier to detect invalid cross-directory includes, by
	adding a syntax check.  The check is designed to be extensible:
	the default case lists only the non-driver directories, and
	specific directories can list a different set (for example,
	util/ can only use itself, network/ can only use itself, util/,
	or conf/).

	* .gnulib: Update to latest, for syntax check improvment.
	* cfg.mk (sc_prohibit_cross_inclusion): New check.
	(sc_prohibit_strncmp, sc_libvirt_unmarked_diagnostics): Simplify.

2012-03-02  Hu Tao  <hutao@cn.fujitsu.com>

	avoid global variable shadowed
	If "conf/domain_conf.h" included in file nodeinfo.c, gcc complains about
	a variable shadowing. fix it for potential further including of the file.

	ref: https://www.redhat.com/archives/libvir-list/2012-February/msg00955.html

2012-03-01  Laine Stump  <laine@laine.org>

	util: remove unneeded #include in virrandom.c
	Commit 7c90026 added #include "conf/domain_conf.h" to
	util/virrandom.c. Fortunately it didn't actually use anything from
	domain_conf.h, since as far as I'm aware, files in util aren't allowed
	to reference anything in conf (although the opposite is allowed). So
	this #include is unnecessary.

	I verified it still compiles with the line removed, but have placed a
	one day moratorium on me doing any "trivial rule" pushes, so will
	wait for someone else to verify/ACK before pushing.

2012-02-29  Eric Blake  <eblake@redhat.com>

	virsh: expose partial pull
	Now virsh can call virDomainBlockRebase.

	* tools/virsh.c (cmdBlockPull): Add --base parameter.
	(blockJobImpl): Use it to expose BlockRebase API.
	* tools/virsh.pod (blockpull): Document it.

2012-02-29  Eric Blake  <eblake@redhat.com>

	qemu: pass block pull backing file to monitor
	This actually wires up the new optional parameter to block_stream:
	http://wiki.qemu.org/Features/LiveBlockMigration/ImageStreamingAPI

	The error checking is still sparse, since libvirt must not use
	qemu-img or header probing on a qcow2 file in use by qemu to
	check if the backing file name is valid; so for now, libvirt is
	relying on qemu to diagnose an incorrect backing name.  Fixing this
	will require libvirt to track the entire backing file chain at the
	time qemu is started and keeps it updated with snapshot and pull
	operations.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONBlockJob): Add
	parameter, and update callers.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONBlockJob): Update
	signature.
	* src/qemu/qemu_monitor.h (qemuMonitorBlockJob): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Update caller.
	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Likewise.

2012-02-29  Eric Blake  <eblake@redhat.com>

	qemu: require json for block jobs
	Block job commands are not part of upstream qemu until 1.1; and
	proper support of job completion and cancellation depends on being
	able to receive QMP events, which implies the JSON monitor.
	Additionally, some early versions of block job commands were
	backported to RHEL qemu, but these versions lacked asynchronous
	job cancellation and partial block pull, so there are several
	patches that will still be needed in this area of libvirt code
	to support both flavors of block job commands.

	Due to earlier patches in libvirt, we are guaranteed that all versions
	of qemu that support block job commands already require libvirt to
	use the JSON monitor.  That means that the text version of block jobs
	will not be used, and having to refactor two copies of the block job
	handlers makes no sense.  So instead, we delete the text handlers.

	* src/qemu/qemu_monitor.c (qemuMonitorBlockJob): Drop text monitor
	support.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextBlockJob): Delete.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextParseBlockJobOne)
	(qemuMonitorTextParseBlockJob, qemuMonitorTextBlockJob):
	Likewise.

2012-02-29  Laine Stump  <laine@laine.org>

	fix alphabetical order of virNetlink functions in symbol file

	util: wrap virnetlink.c to 80 columns

2012-02-29  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	It's been a while, and we're between releases, so now's as good
	a time as any to resync.  This also fixes a build-breaker on
	cygwin, where cygwin 1.7.11 introduced a header bug in <termios.h>.

	* .gnulib: Update to latest.
	* bootstrap: Resync.
	* cfg.mk (sc_prohibit_strncmp): Copy upstream changes to
	sc_prohibit_strcmp.

2012-02-29  Christophe Fergeau  <cfergeau@redhat.com>

	Fix typo in domain XML documentation
	s/Modyfing/Modifying

2012-02-29  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	Add de-association handling to macvlan code
	Add de-association handling for 802.1qbg (vepa) via lldpad
	netlink messages. Also adds the possibility to perform an
	association request without waiting for a confirmation.

	util: Add netlink event handling to virnetlink.c
	This code adds a netlink event interface to libvirt.
	It is based upon the event_poll code and makes use of
	it. An event is generated for each netlink message sent
	to the libvirt pid.

2012-02-29  Martin Kletzander  <mkletzan@redhat.com>

	Support for cpu64-rhel* qemu cpu models
	In qemu there are 2 cpu models (cpu64-rhel5 and cpu64-rhel6) not
	supported by libvirt. This patch adds the support with the flags
	specifications from /usr/share/qemu-kvm/cpu-model/cpu-x86_64.conf
	The only difference is that AMD-specific features are removed so
	the processor type is not vendor-specific. Those features are either
	emulated or ignored by qemu if host CPU doesn't support them.

	lxc: Cleaner fix for compilation without SELinux
	Just a cleanup of commit 32f881c6c42f94da70a3782fe20a058fe3dc39cc.

2012-02-29  Peter Krempa  <pkrempa@redhat.com>

	libvirt-guests: Check if URI is reachable before launching commands
	This patch adds a check to the libvirt-guests script to check for the
	URI to be alive before attempting any calls. This avoids nasty error
	messages and allows us to fail gracefully and continue on other URIs
	configured in the script.

	libvirt-guests: Don't try to do a managed-save of transient guests
	The libvirt-guests script tried to do a managed save of transient guest
	that failed. This patch notifies which guests are transient (and not
	being saved) and saves only the persistent ones.

	libvirt-guests: Add documentation and clean up to use virsh's improved list
	This patch adds documentation to functions defined in the libvirt-guests
	init script and changes use of virsh's new commands to make the script
	easier.

2012-02-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add pre-migration hook
	This hook is called during the Prepare phase on destination host and may
	be used for changing domain XML.

	hooks: Add support for capturing hook output
	Hooks may now be used as filters.

2012-02-29  Michal Privoznik  <mprivozn@redhat.com>

	storage: fix typo
	* src/storage/storage_driver.c (storageVolumeWipeInternal):
	    s/ pfitzner33/pfitzner33/.

2012-02-29  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't emit tls-port spice option if port is -1
	Bug introduced by commit eda0fc7a.

2012-02-29  Alex Jia  <ajia@redhat.com>

	docs: comments wiping supported algorithms
	The current scrub version doesn't support pfitzner7, pfitzner33 and schneier
	patterns on RHEL, we should comment it in virsh man page.

	* tools/virsh.pod: update wiping algorithms docs.

2012-02-29  Alex Jia  <ajia@redhat.com>

	util: fix a typo
	* src/util/event_poll.c: (virEventPollRunOnce): s/imeout/timeout/.

2012-02-29  Alex Jia  <ajia@redhat.com>

	storage: fix a typo
	* src/storage/storage_driver.c (storageVolumeWipeInternal): s/shneier/schneier.

	http://code.google.com/p/diskscrub/

2012-02-29  Daniel Veillard  <veillard@redhat.com>

	Do not include binaries in EXTRA_DIST
	commit f27f616ff899732fe90ce1f0f4abb3887cea5e17 broke "make dist"
	by adding qemumonitortest which is a generated binary to the
	EXTRA_DIST, hence breaking "make dist"

2012-02-28  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix libvirt name in qemu commandline namespace URL
	s/libirt/libvirt/g

2012-02-28  Laine Stump  <laine@laine.org>

	libxl: eliminate memory leak in libxmlDomainModifyDeviceFlags
	This call to virDomainDeviceDefParse is both unnecessary (since
	it will again be called at the top of the immediately following if(),
	and if not there, then at the top of the if following that), but it
	also creates a leak of one virDomainDeviceDef and one [whatever type
	of device the DeviceDef is pointing to; probably a virDomainDiskDef]
	in the case that the function has been called with
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG (the second parse will overwrite the
	devicedef that was just created).

2012-02-28  Osier Yang  <jyang@redhat.com>

	virsh: Break long lines in virsh.pod
	No content changes, just breaking long lines.

	virsh: New command cmdChangeMedia
	One could use it to eject, insert, or update media of the CDROM
	or floppy drive. See the documentation for more details.

	virsh: Use vshFindDisk and vshPrepareDiskXML in cmdDetachDisk
	The first use of the two new helper functions.

2012-02-28  Osier Yang  <jyang@redhat.com>

	virsh: Two new helper functions for disk device changes
	vshFindDisk is to find the disk node in xml doc with given source
	path or target of disk device, and type (indicates disk type,
	normal disk or changeable disk).

	vshPrepareDiskXML is to make changes on the disk node (e.g. create
	and insert the new <source> node for inserting media of CDROM drive).

	They are marked as unused temporarily.

2012-02-28  Osier Yang  <jyang@redhat.com>

	tests: Add tests for virtio-scsi and ibmvscsi controllers

2012-02-28  Osier Yang  <jyang@redhat.com>

	qemu: Build command line for the new address format
	For any disk controller model which is not "lsilogic", the command
	line will be like:

	  -drive file=/dev/sda,if=none,id=drive-scsi0-0-3-0,format=raw \
	  -device scsi-disk,bus=scsi0.0,channel=0,scsi-id=3,lun=0,i\
	  drive=drive-scsi0-0-3-0,id=scsi0-0-3-0

	The relationship between the libvirt address attrs and the qdev
	properties are (controller model is not "lsilogic"; strings
	inside <> represent libvirt adress attrs):
	  bus=scsi<controller>.0
	  channel=<bus>
	  scsi-id=<target>
	  lun=<unit>

	* src/qemu/qemu_command.h: (New param "virDomainDefPtr def"
	  for function qemuBuildDriveDevStr; new param "virDomainDefPtr
	  vmdef" for function qemuAssignDeviceDiskAlias. Both for
	  virDomainDiskFindControllerModel's use).

	* src/qemu/qemu_command.c:
	  - New param "virDomainDefPtr def" for qemuAssignDeviceDiskAliasCustom.
	    For virDomainDiskFindControllerModel's use, if the disk bus is "scsi"
	    and the controller model is not "lsilogic", "target" is one part of
	    the alias name.
	  - According change on qemuAssignDeviceDiskAlias and qemuBuildDriveDevStr

	* src/qemu/qemu_hotplug.c:
	  - Changes to be consistent with declarations of qemuAssignDeviceDiskAlias
	    qemuBuildDriveDevStr, and qemuBuildControllerDevStr.

	* tests/qemuxml2argvdata/qemuxml2argv-pseries-vio-user-assigned.args,
	  tests/qemuxml2argvdata/qemuxml2argv-pseries-vio.args: Update the
	  generated command line.

2012-02-28  Osier Yang  <jyang@redhat.com>

	qemu: New cap flag to indicate if channel is supported by scsi-disk

2012-02-28  Osier Yang  <jyang@redhat.com>

	conf: Introduce new attribute for device address format
	* src/conf/domain_conf.h: Add new member "target" to struct
	  _virDomainDeviceDriveAddress.

	* src/conf/domain_conf.c: Parse and format "target"

	* Lots of tests (.xml) in tests/domainsnapshotxml2xmlout,
	  tests/qemuxml2argvdata, tests/qemuxml2xmloutdata, and
	  tests/vmx2xmldata/ are modified for newly introduced
	  attribute "target" for address of "drive" type.

2012-02-28  Osier Yang  <jyang@redhat.com>

	conf: Add helper function to look up disk controller model

2012-02-28  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add virtio-scsi controller model
	Adding a new model for virtio-scsi roughly follows the same scheme
	as the previous patch.

2012-02-28  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add ibmvscsi controller model
	KVM will be able to use a PCI SCSI controller even on POWER.  Let
	the user specify the vSCSI controller by other means than a default.

	After this patch, the QEMU driver will actually look at the model
	and reject anything but auto, lsilogic and ibmvscsi.

2012-02-28  Laine Stump  <laine@laine.org>

	qemu: fix cleanup of bridge during failure of qemuDomainAttachNetDevice
	In qemuDomainAttachNetDevice, the guest's tap interface has only been
	attached to the bridge if iface_connected is true. It's possible for
	an error to occur prior to that happening, and previously we would
	attempt to remove the tap interface from the bridge even if it hadn't
	been attached.

2012-02-28  Josh Durgin  <josh.durgin@dreamhost.com>

	qemu: unescape HMP commands before converting them to json
	QMP commands don't need to be escaped since converting them to json
	also escapes special characters. When a QMP command fails, however,
	libvirt falls back to HMP commands. These fallback functions
	(qemuMonitorText*) do their own escaping, and pass the result directly
	to qemuMonitorHMPCommandWithFd. If the monitor is in json mode, these
	pre-escaped commands will be escaped again when converted to json,
	which can result in the wrong arguments being sent.

	For example, a filename test\file would be sent in json as
	test\\file.

	This prevented attaching an image file with a " or \ in its name in
	qemu 1.0.50, and also broke rbd attachment (which uses backslashes to
	escape some internal arguments.)

	Reported-by: Masuko Tomoya <tomoya.masuko@gmail.com>

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add ability to abort existing console while creating new one
	This patch fixes console corruption, that happens if two concurrent
	sessions are opened for a single console on a domain. Result of this
	corruption was that each of the console streams recieved just a part
	of the data written to the pipe so every console rendered unusable.

	New helper function for safe console handling is used to establish the
	console stream connection. This function ensures that no other libvirt
	client is using the console (with the ability to disconnect consoles of
	libvirt clients) and that no UUCP style lockfile is placed on the PTY
	device.

	* src/qemu/qemu_domain.h
	        - add data structure to domain's private data dealing with
	          console connections
	* src/qemu/qemu_domain.c:
	        - allocate/free domain's console data structure
	* src/qemu/qemu_driver.c
	        - use the new helper function for console handling

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	util: Add helpers for safe domain console operations
	This patch adds a set of functions used in creating console streams for
	domains using PTYs and ensures mutually exclusive access to the PTYs.

	If mutually exclusive access is not used, two clients may open the same
	console, which results in corruption on both clients as both of them
	race to read data from the PTY.

	Two approaches are used to ensure this:
	1) Internal data structure holding open PTYs.
	        This is used internally and enables the user to forcibly
	        terminate another console connection eg. when somebody leaves
	        the console open on another host.

	2) UUCP style lock files:
	        This uses UUCP lock files according to the  FHS
	        ( http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLOCKLOCKFILES )
	        to check if other programs (like minicom) are not using the pty
	        device of the console.

	        This feature is disabled by default and may be enabled using
	        configure parameter
	        --with-console-lock-files=/path/to/lock/file/directory
	        or --with-console-lock-files=auto (which tries to infer the
	        location from OS used (currently only linux).

	        On usual linux systems, normal users may not write to the
	        /var/lock directory containing the locks. This poses problems
	        while in session mode. If the current user has no access to the
	        lockfile directory, check for presence of the file is still
	        done, but no lock file is created. This does NOT result in an
	        error.

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	fdstream: Add internal callback on stream close
	This patch adds another callback to a FDstream object. The original
	callback is used by the daemon stream driver to handle events.

	This callback is called if and only if the stream is about to be closed.
	This might be used to handle cleanup steps after a fdstream exits. This
	will be used later on in ensuring mutually exclusive access to consoles.

	* src/fdstream.c:
	        - emit the callback, when stream is being closed
	        - add data structures needed to handle the callback
	        - add function to register callback
	* src/fdstream.h:
	        - define function prototypes for the callback

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	fdstream: Emit stream abort callback even if poll() doesnt.
	This patch causes the fdstream driver to call the stream event callback
	if virStreamAbort() is called on a stream using this driver.

	A remote handler for a stream can only detect changes via stream events,
	so this event callback is necessary in order to enable a daemon to abort
	a stream in such a way that the client will see the change.

	* src/fdstream.c:
	        - modify close function to call stream event callback

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	virsh: add support for VIR_DOMAIN_CONSOLE_* flags
	This patch adds support for the newly introduced
	VIR_DOMAIN_CONSOLE_FORCE and VIR_DOMAIN_CONSOLE_SAFE flags. The console
	command now has an optional parameter --force that specifies that the
	user wants to forcibly interrupt an ongoing console session and create
	a new one. Flag --safe requests that the console should be opened only
	if the hypervisor driver supports safe console handling.

	The behaviour to this point was that the daemon opened two streams to
	the console, that competed for data from the pipe, and the result was
	that both of the consoles ended up scrambled.

	This patch doesn't modify operation of other commands dealing with
	console connections (start, create) as those open connections to newly
	started domains making it virtually impossible for another client to race
	for the console and steal it.

	* tools/console.c:
	        - add support for flag passthrough
	* tools/console.h:
	        - modify function prototypes to match impl.
	* tools/virsh.c:
	        - add flag --force for the console command

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	Add flags for virDomainOpenConsole
	This patch adds a set of flags to be used with the virDomainOpenConsole
	API call to specify if the user wishes to interrupt an existing console
	session or just to try open a new one.

	VIR_DOMAIN_CONSOLE_SAFE - specifies that the console connection should
	                          be opened only if the hypervisor supports
	                          mutually exclusive access to console devices

	VIR_DOMAIN_CONSOLE_FORCE - specifies that the caller wishes to interrupt
	                           existing session and force a creation of a
	                           new one.

2012-02-27  Peter Krempa  <pkrempa@redhat.com>

	pidfile: Make checking binary path in virPidFileRead optional
	This patch changes behavior of virPidFileRead to enable passing NULL as
	path to the binary the pid file should be checked against to skip this
	check. This enables using this function for reading files that have same
	semantics as pid files, but belong to unknown processes.

2012-02-27  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement virDomainPMWakeup API
	using 'system-wakeup' monitor command. It is supported only in JSON,
	as we are enabling it if possible. Moreover, this command is available
	in qemu-1.1+ which definitely has JSON.

	virsh: Expose virDomainPMWakeup

	Introduce virDomainPMWakeup API
	This API allows a domain which previously called
	virDomainPMSuspendForDuration() to be woken up.

2012-02-25  Martin Kletzander  <mkletzan@redhat.com>

	Fixed URI parsing
	Function xmlParseURI does not remove square brackets around IPv6
	address when parsing. One of the solutions is making wrappers around
	functions working with xmlURI*. This assures that uri->server will be
	always properly assigned and it doesn't have to be changed when used
	on some new place in the code.
	For this purpose, functions virParseURI and virSaveURI were
	added. These function are wrappers around xmlParseURI and xmlSaveUri
	respectively.
	Also there is one new syntax check function to prohibit these functions
	anywhere else.

	File changes:
	 - src/util/viruri.h        -- declaration
	 - src/util/viruri.c        -- definition
	 - src/libvirt_private.syms -- symbol export
	 - src/Makefile.am          -- added source and header files
	 - cfg.mk                   -- added sc_prohibit_xmlURI
	 - all others               -- ID name and include fixes

2012-02-25  Martin Kletzander  <mkletzan@redhat.com>

	Fixed service handling in specfile
	After adding the libvirt-guests service into usual runlevels, we used
	to start the libvirt-guests service. However this is usually not a
	good practice. As mentioned on fedoraproject wiki, the installations
	can be in changeroots, in an installer context, or in other situations
	where we don't want the services autostarted.

2012-02-24  Laine Stump  <laine@laine.org>

	virsh: fix informational message in iface-bridge command
	See: https://bugzilla.redhat.com/show_bug.cgi?id=797066

	The position of the bridge name and ethernet device name were
	accidentally swapped in the message informing of success creating the
	bridge.

2012-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Workaround python header file insanity
	The /usr/include/python/pyconfig.h file pollutes the global
	namespace with a huge number of HAVE_XXX and WITH_XXX
	defines. These change what we detected in our own config.h
	In particular if you try to build without DTrace, python's
	headers turn it back on with predictable fail.

	THe hack to workaround this is to rename WITH_DTRACE to
	WITH_DTRACE_PROBES to avoid the namespace clash

2012-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Improve error reporting when virsh console is run without a TTY
	If attempting to run

	  ssh root@somehost virsh console someguest

	You'll get an error

	  2012-02-15 13:11:47.683+0000: 4765: info : libvirt version: 0.9.10, package: 1.fc18 (Unknown, 2012-02-15-11:48:57, lettuce.camlab.fab.redhat.com)
	  2012-02-15 13:11:47.683+0000: 4765: error : vshRunConsole:320 : unable to get tty attributes: Invalid argument
	  Connected to domain f16x86_64
	  Escape character is ^]

	There are several problems here

	 - The actual error message is bad for users
	 - We shouldn't rely on VIR_ERROR for this case
	 - The prompt makes it look like we still connected
	   because we didn't flush stdout.

	* virsh.c: Flush stdout before starting console and check
	  for a valid tty

2012-02-24  Christophe Fergeau  <cfergeau@redhat.com>

	Error out when using SPICE TLS with spice_tls=0
	It's possible to disable SPICE TLS in qemu.conf. When this happens,
	libvirt ignores any SPICE TLS port or x509 directory that may have
	been set when it builds the qemu command line to use. However, it's
	not ignoring the secure channels that may have been set and adds
	tls-channel arguments to qemu command line.
	Current qemu versions don't report an error when this happens, and try to use
	TLS for the specified channels.

	Before this patch

	<domain type='kvm'>
	  <name>auto-tls-port</name>
	  <memory>65536</memory>
	  <os>
	    <type arch='x86_64' machine='pc'>hvm</type>
	  </os>
	  <devices>
	    <graphics type='spice' port='5900' tlsPort='-1' autoport='yes' listen='0' ke
	      <listen type='address' address='0'/>
	      <channel name='main' mode='secure'/>
	      <channel name='inputs' mode='secure'/>
	    </graphics>
	  </devices>
	</domain>

	generates

	-spice port=5900,addr=0,disable-ticketing,tls-channel=main,tls-channel=inputs

	and starts QEMU.

	After this patch, an error is reported if a TLS port is set in the XML
	or if secure channels are specified but TLS is disabled in qemu.conf.
	This is the behaviour the oVirt people (where I spotted this issue) said
	they would expect.

	This fixes bug #790436

2012-02-24  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmx: Better Workstation vmx handling
	This patch adds support for vmx files with empty networkName
	values (which is the case for vmx generated by Workstation).
	It also adds support for vmx containing NATed network interfaces.

	Update test suite accordingly

2012-02-24  Benjamin Cama  <benoar@dolka.fr>

	virterror: Misleading error message when name is missing
	[forwarding this here from RH bug #796732]

	When creating a network (virsh net-create) with an erroneous XML
	containing an empty <name> element, the error message is misleading:

	error: Failed to create network from foo.xml
	error: missing domain name information

	It took me a bit of time to figure out that it was the *network* name
	that was missing (I generate this xml and didn't look at it, first).

	I realized that the same message is used for missing name when creating
	a domain, network, or device node.

2012-02-24  Dave Allan  <dallan@redhat.com>

	Update bug reporting page
	Remove suggestion that people file bugs against RHEL 5 and add a
	suggestion that people increase the visibility of their bugs by
	mentioning them on libvir-list.

2012-02-23  Eric Blake  <eblake@redhat.com>

	qemu: nicer error message on failed graceful destroy
	https://bugzilla.redhat.com/show_bug.cgi?id=795656 mentions
	that a graceful destroy request can time out, meaning that the
	error message is user-visible and should be more appropriate
	than just internal error.

	* src/qemu/qemu_driver.c (qemuDomainDestroyFlags): Swap error type.

2012-02-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Forbid migration with cache != none
	Migrating domains with disks using cache != none is unsafe unless the
	disk images are stored on coherent clustered filesystem. Thus we forbid
	migrating such domains unless VIR_MIGRATE_UNSAFE flags is used.

	Introduce virStorageFileIsClusterFS

	virsh: Add --unsafe option to migrate command

2012-02-22  Jiri Denemark  <jdenemar@redhat.com>

	Add support for unsafe migration
	This patch adds VIR_MIGRATE_UNSAFE flag for migration APIs and new
	VIR_ERR_MIGRATION_UNSAFE error code.  The error code should be returned
	whenever migrating a domain is considered unsafe (e.g., it's configured
	in a way that does not ensure data integrity once it is migrated).
	VIR_MIGRATE_UNSAFE flag may be used to force migration even though it
	would normally be considered unsafe and forbidden.

2012-02-22  Michal Privoznik  <mprivozn@redhat.com>

	configure: Define program name if not found
	AC_CHECK_PROG checks for program in given path. However, if it doesn't
	exists, [variable] is set to [value-if-not-found]. We don't want this
	to be the empty string in case of 'modprobe' and 'scrub' as we want to
	fallback to runtime detection.

	util: Fix virFileAccessibleAs return path from parent
	Despite documentation, if we do fork() parent always returns -1
	even if file is accessible. Which is wrong obviously.

2012-02-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Enhance list command to ease creation of shell scripts
	This patch adds new options to the "virsh list" command enabling
	filtering of persistent and transient domains along with the option to
	print only UUIDs or names of domains instead of printing the table.

	Option --name prints domain names (one per line) instead of the default
	table. Similarly --uuid prints domain's UUID. The option --table is
	an alias for the default behavior.

	Aditionally --persistent and/or --transient may be specified to filter
	the output of domains.

2012-02-22  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	vmware: implement domainXMLFromNative

2012-02-22  Peter Krempa  <pkrempa@redhat.com>

	lib: Fix function documentation for virConnectListDomains
	Clarify the documentation of virConnectListDomains.

2012-02-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Correctly disable HTTP Expect header usage of libcurl
	Adding "Expect:" to the header list stops libcurl from sending a
	Expect header at all.

	Before, a dummy Expect header was added that might confuse HTTP
	proxies and result in HTTP error code 417 being reported.

2012-02-21  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix docs for list command
	Commit fad5cd210899dfde4afe36712754dc921c3f3051 introduced option to
	display domain's title in the list command output. There was a mistake
	in the virsh man page example for this command stating --note instead of
	--title.

2012-02-20  Cole Robinson  <crobinso@redhat.com>

	caps: Improve error if passed an unknown arch
	Previously we would have:

	"os type 'hvm' & arch 'idontexist' combination is not supported"

	Now we get

	"No guest options available for arch 'idontexist'"

	or if options available but guest OS type not applicable:

	"No os type 'xen' available for arch 'x86_64'"

2012-02-20  Peter Robinson  <pbrobinson@gmail.com>

	spec: use ix86 macros
	* libvirt.spec.in: Use %{ix86} rather than open-coded list.

2012-02-20  Lincoln Myers  <lincoln_myers@yahoo.com>

	Fix compilation on MacOS X
	* src/util/virfile.h: the virFileWrapperFdFlags being defined as
	  a globa variable instead of a type ended up generating a duplicate
	  symbol error.
	* AUTHORS: added Lincoln Myers

2012-02-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: improved logging during driver initialization
	Improve the logging during driver initialization when testing the command
	line tools.

2012-02-16  Alex Jia  <ajia@redhat.com>

	qemu: Prevent crash of libvirtd without guest agent
	* src/qemu/qemu_process.c (qemuFindAgentConfig): avoid crash libvirtd due to
	deref a NULL pointer.

	* How to reproduce?
	1. virsh edit the following xml into guest configuration:
	    <channel type='pty'>
	      <target type='virtio'/>
	    </channel>
	2. virsh start <domain>

	or
	% virt-install -n foo -r 1024 --disk path=/var/lib/libvirt/images/foo.img,size=1 \
	--channel pty,target_type=virtio -l <installation tree>

2012-02-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Unlock monitor when connecting to dest qemu fails
	When migrating a qemu domain, we enter the monitor, send some commands,
	try to connect to destination qemu, send other commands, end exit the
	monitor. However, if we couldn't connect to destination qemu we forgot
	to exit the monitor.

	Bug introduced by commit d9d518b1c8ef3b65658cc91f85ba33a63c0959a4.

2012-02-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix segfault when host CPU is empty
	In case libvirtd cannot detect host CPU model (which may happen if it
	runs inside a virtual machine), the daemon is likely to segfault when
	starting a new qemu domain. It segfaults when domain XML asks for host
	(either model or passthrough) CPU or does not ask for any specific CPU
	model at all.

2012-02-16  Michal Privoznik  <mprivozn@redhat.com>

	storage: Allow runtime detection of scrub
	Currently, if scrub (used for wiping algorithms) is not present
	at compile time, we don't support any other wiping algorithms than
	zeroing, even if it was installed later. Switch to runtime detection
	instead.

2012-02-16  Jim Fehlig  <jfehlig@suse.com>

	Fix polkit0 authentication
	Commit 7033c5f2 introduced some bugs in polkit0 authentication.

	Fix libvirtd segfault in remoteDispatchAuthPolkit().

	Fix polkit authentication bypass when caller UID = 0.

2012-02-16  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	Commit 8dd623b9 introduced a build error with --enable-compile-warnings=error

	  remote.c:2593: error: unused variable 'rv' [-Wunused-variable]

	Pushing under build-breaker rule.

2012-02-16  Alex Jia  <ajia@redhat.com>

	python: Expose virDomain{G,S}etInterfaceParameters APIs in python binding
	The v4 patch corrects indentation issues.

	The v3 patch follows latest python binding codes and change 'size'
	type from int to Py_ssize_t.

	An simple example to show how to use it:

	#!/usr/bin/env python

	import libvirt

	conn = libvirt.open(None)
	dom = conn.lookupByName('foo')

	print dom.interfaceParameters('vnet0', 0)

	params = {'outbound.peak': 10,
	          'inbound.peak': 10,
	          'inbound.burst': 20,
	          'inbound.average': 20,
	          'outbound.average': 30,
	          'outbound.burst': 30}

	print dom.setInterfaceParameters('vnet0', params, 0)
	print dom.interfaceParameters('vnet0', 0)

2012-02-16  Eric Blake  <eblake@redhat.com>

	snapshot: fix snapshot deletion use-after-free
	Bug introduced in commit 35abced.  On an inactive domain,
	$ virsh snapshot-create-as dom snap
	$ virsh snapshot-create dom
	$ virsh snapshot-create dom
	$ virsh snapshot-delete --children dom snap
	could crash libvirtd, due to a use-after-free that results
	when the callback freed the current element in the iteration.

	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotActOnDescendant): Allow iteration to delete
	current child.

2012-02-16  Eric Blake  <eblake@redhat.com>

	daemon: fix logic bug with virAsprintf
	Regression introduced in commit 7033c5f2, due to improper conversion
	from snprintf to virAsprintf.

	* daemon/remote.c (remoteDispatchAuthList): Check return value
	correctly.

2012-02-16  Eric Blake  <eblake@redhat.com>

	daemon: plug memory leak
	Leak introduced in commit bb2eddc6.

	* daemon/remote.c (remoteDispatchAuthPolkit): Also free pkout on
	success.

2012-02-15  Ansis Atteka  <aatteka@nicira.com>

	network: support Open vSwitch
	This patch allows libvirt to add interfaces to already
	existing Open vSwitch bridges. The following syntax in
	domain XML file can be used:

	    <interface type='bridge'>
	      <mac address='52:54:00:d0:3f:f2'/>
	      <source bridge='ovsbr'/>
	      <virtualport type='openvswitch'>
	        <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/>
	      </virtualport>
	      <address type='pci' domain='0x0000' bus='0x00'
	                          slot='0x03' function='0x0'/>
	    </interface>

	or if libvirt should auto-generate the interfaceid use
	following syntax:

	    <interface type='bridge'>
	      <mac address='52:54:00:d0:3f:f2'/>
	      <source bridge='ovsbr'/>
	      <virtualport type='openvswitch'>
	      </virtualport>
	      <address type='pci' domain='0x0000' bus='0x00'
	                          slot='0x03' function='0x0'/>
	    </interface>

	It is also possible to pass an optional profileid. To do that
	use following syntax:

	   <interface type='bridge'>
	     <source bridge='ovsbr'/>
	     <mac address='00:55:1a:65:a2:8d'/>
	     <virtualport type='openvswitch'>
	       <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'
	                   profileid='test-profile'/>
	     </virtualport>
	   </interface>

	To create Open vSwitch bridge install Open vSwitch and
	run the following command:

	    ovs-vsctl add-br ovsbr

2012-02-15  Laine Stump  <laine@laine.org>

	conf: rename virDomainNetGetActualDirectVirtPortProfile
	An upcoming patch will add a <virtualport> element to interfaces of
	type='bridge', so it makes sense to give this function a more generic
	name.

2012-02-15  Laine Stump  <laine@laine.org>

	qemu: increase the timeout before sending SIGKILL to qemu process
	The current default method of terminating the qemu process is to send
	a SIGTERM, wait for up to 1.6 seconds for it to cleanly shutdown, then
	send a SIGKILL and wait for up to 1.4 seconds more for the process to
	terminate. This is problematic because occasionally 1.6 seconds is not
	long enough for the qemu process to flush its disk buffers, so the
	guest's disk ends up in an inconsistent state.

	Since this only occasionally happens when the timeout prior to SIGKILL
	is 1.6 seconds, this patch increases that timeout to 10 seconds. At
	the very least, this should reduce the occurrence from "occasionally"
	to "extremely rarely". (Once SIGKILL is sent, it waits another 5
	seconds for the process to die before returning).

	Note that in the cases where it takes less than this for qemu to
	shutdown cleanly, libvirt will *not* wait for any longer than it would
	without this patch - qemuProcessKill polls the process and returns as
	soon as it is gone.

2012-02-15  Laine Stump  <laine@laine.org>

	qemu: drop driver lock while trying to terminate qemu process
	This patch is based on an earlier patch by Eric Blake which was never
	committed:

	https://www.redhat.com/archives/libvir-list/2011-November/msg00243.html

	Aside from rebasing, this patch only drops the driver lock once (prior
	to the first time the function sleeps), then leaves it dropped until
	it returns (Eric's patch would drop and re-acquire the lock around
	each call to sleep).

	At the time Eric sent his patch, the response (from Dan Berrange) was
	that, while it wasn't a good thing to be holding the driver lock while
	sleeping, we really need to rethink locking wrt the driver object,
	switching to a finer-grained approach that locks individual items
	within the driver object separately to allow for greater concurrency.

	This is a good plan, and at the time it made sense to not apply the
	patch because there was no known bug related to the driver lock being
	held in this function.

	However, we now know that the length of the wait in qemuProcessKill is
	sometimes too short to allow the qemu process to fully flush its disk
	cache before SIGKILL is sent, so we need to lengthen the timeout (in
	order to improve the situation with management applications until they
	can be updated to use the new VIR_DOMAIN_DESTROY_GRACEFUL flag added
	in commit 72f8a7f19753506ed957b78ad800c0f3892c9304). But, if we
	lengthen the timeout, we also lengthen the amount of time that all
	other threads in libvirtd are essentially blocked from doing anything
	(since just about everything needs to acquire the driver lock, if only
	for long enough to get a pointer to a domain).

	The solution is to modify qemuProcessKill to drop the driver lock
	while sleeping, as proposed in Eric's patch. Then we can increase the
	timeout with a clear conscience, and thus at least lower the chances
	that someone running with existing management software will suffer the
	consequence's of qemu's disk cache not being flushed.

	In the meantime, we still should work on Dan's proposal to make
	locking within the driver object more fine grained.

	(NB: although I couldn't find any instance where qemuProcessKill() was
	called with no jobs active for the domain (or some other guarantee
	that the current thread had at least one refcount on the domain
	object), this patch still follows Eric's method of temporarily adding
	a ref prior to unlocking the domain object, because I couldn't
	convince myself 100% that this was the case.)

2012-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos in API XML file paths
	* libvirt.pc.in: Add missing '/api/' in path
	* libvirt.spec.in, mingw32-libvirt.spec.in: s/apis/api/

2012-02-15  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement DomainPMSuspendForDuration
	via user agent. Allow targets mem & hybrid iff system_wakeup
	monitor command is available.

	qemu: Set capabilities based on supported monitor commands
	In the future (my next patch in fact) we may want to make
	decisions depending on qemu having a monitor command or not.
	Therefore, we want to set qemuCaps flag instead of querying
	on the monitor each time we are about to make that decision.

2012-02-14  Daniel P. Berrange  <berrange@redhat.com>

	Install API XML desc to a standard location
	Language bindings may well want to use the libvirt-api.xml and
	libvirt-qemu-api.xml files to either auto-generate themselves,
	or sanity check the manually written bindings for completeness.
	Currently these XML files are not installed as standard, merely
	ending up as a %doc file in the RPM.

	This changes them to be installed into $prefix/share/libvirt/apis/
	The *-refs.xml files are not installed, since those are only
	useful during generation of the online API doc files.

	The pkg-config file is enhanced so that you can query the install
	location of the API files. eg

	  # pkg-config --variable=libvirt_qemu_api libvirt
	  /home/berrange/builder/i686-pc-mingw32/sys-root/mingw/share/libvirt/libvirt-qemu-api.xml

	* docs/Makefile.am: Install libvirt-api.xml & libvirt-qemu-api.xml
	* libvirt.pc.in: Add vars for querying API install location
	* libvirt.spec.in, mingw32-libvirt.spec.in: Include API XML files

2012-02-13  Eric Blake  <eblake@redhat.com>

	qemu: make block io tuning smarter
	When blkdeviotune was first committed in 0.9.8, we had the limitation
	that setting one value reset all others.  But bytes and iops should
	be relatively independent.  Furthermore, setting tuning values on
	a live domain followed by dumpxml did not output the new settings.

	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Add parameter, and
	update callers.
	(qemuDomainSetBlockIoTune): Don't lose previous unrelated
	settings.  Make live changes reflect to dumpxml output.
	* tools/virsh.pod (blkdeviotune): Update documentation.

2012-02-13  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.10
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: update ja, it and uk localization, fixed the ja one

2012-02-13  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Fix name of domain suspend command
	It's dompmsuspend, not suspend-duration.

	virpidfile: Allow whitespace character at the end of pidfile
	Some programs, notably dnsmasq, which are writing pidfiles on their
	own do append a whitespace character after pid, e.g. '\n'.

2012-02-13  Daniel Veillard  <veillard@redhat.com>

	Revert "qemu: add ibmvscsi controller model"
	This reverts commit 7b345b69f28eb112238b941b743c5f6d57bd4a04.

	Conflicts:

		tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-vscsi.xml

2012-02-13  Daniel Veillard  <veillard@redhat.com>

	Revert "qemu: add virtio-scsi controller model"
	This reverts commit c9abfadf3721505e8eaffbf56ef1e53202c1db3c.

	Conflicts:

		tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-virtio-scsi.xml

2012-02-11  Guannan Ren  <gren@redhat.com>

	python: make other APIs share common {get, set}PyVirTypedParameter
	        *libvirt_virDomainBlockStatsFlags
	        *libvirt_virDomainGetSchedulerParameters
	        *libvirt_virDomainGetSchedulerParametersFlags
	        *libvirt_virDomainSetSchedulerParameters
	        *libvirt_virDomainSetSchedulerParametersFlags
	        *libvirt_virDomainSetBlkioParameters
	        *libvirt_virDomainGetBlkioParameters
	        *libvirt_virDomainSetMemoryParameters
	        *libvirt_virDomainGetMemoryParameters
	        *libvirt_virDomainSetBlockIoTune
	        *libvirt_virDomainGetBlockIoTune

2012-02-11  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virpidfile: replace fopen/fwrite/fscanf with more portable version
	Replace calls to fwrite() and fscanf() with more portable-friendly
	version, such as snprintf() and virStrToLong().

2012-02-10  Osier Yang  <jyang@redhat.com>

	util: Do not use PRIx64 macro
	It breaks the build on Mingw32,  because PRIx64 is coming
	from the Win32 headers, but virAsprintf uses the gnulib printf.

2012-02-10  Alex Jia  <ajia@redhat.com>

	rpc: Plug memory leaks on doRemoteOpen() failure path
	Detected by valgrind. Leaks are introduced in commit c1b2264.

	* src/remote/remote_driver.c (doRemoteOpen): free client program memory in failure path.

	* How to reproduce?
	% valgrind -v --leak-check=full virsh -c qemu:

	* Actual result

	==3969== 40 bytes in 1 blocks are definitely lost in loss record 8 of 28
	==3969==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	    ==3969==    by 0x4C89C41: virAlloc (memory.c:101)
	    ==3969==    by 0x4D5A236: virNetClientProgramNew (virnetclientprogram.c:60)
	    ==3969==    by 0x4D47AB4: doRemoteOpen (remote_driver.c:658)
	    ==3969==    by 0x4D49FFF: remoteOpen (remote_driver.c:871)
	    ==3969==    by 0x4D13373: do_open (libvirt.c:1196)
	    ==3969==    by 0x4D14535: virConnectOpenAuth (libvirt.c:1422)
	    ==3969==    by 0x425627: main (virsh.c:18537)
	    ==3969==
	    ==3969== 40 bytes in 1 blocks are definitely lost in loss record 9 of 28
	    ==3969==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	    ==3969==    by 0x4C89C41: virAlloc (memory.c:101)
	    ==3969==    by 0x4D5A236: virNetClientProgramNew (virnetclientprogram.c:60)
	    ==3969==    by 0x4D47AD7: doRemoteOpen (remote_driver.c:664)
	    ==3969==    by 0x4D49FFF: remoteOpen (remote_driver.c:871)
	    ==3969==    by 0x4D13373: do_open (libvirt.c:1196)
	    ==3969==    by 0x4D14535: virConnectOpenAuth (libvirt.c:1422)
	    ==3969==    by 0x425627: main (virsh.c:18537)
	    ==3969==
	    ==3969== LEAK SUMMARY:
	    ==3969==    definitely lost: 80 bytes in 2 blocks

2012-02-10  Osier Yang  <jyang@redhat.com>

	npiv: Auto-generate WWN if it's not specified
	The auto-generated WWN comply with the new addressing schema of WWN:

	<quote>
	the first nibble is either hex 5 or 6 followed by a 3-byte vendor
	identifier and 36 bits for a vendor-specified serial number.
	</quote>

	We choose hex 5 for the first nibble. And for the 3-bytes vendor ID,
	we uses the OUI according to underlying hypervisor type, (invoking
	virConnectGetType to get the virt type). e.g. If virConnectGetType
	returns "QEMU", we use Qumranet's OUI (00:1A:4A), if returns
	ESX|VMWARE, we use VMWARE's OUI (00:05:69). Currently it only
	supports qemu|xen|libxl|xenapi|hyperv|esx|vmware drivers. The last
	36 bits are auto-generated.

2012-02-10  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Remove single quotes from audit records
	Some audit records generated by libvirt contain fields enclosed by single
	quotes. Since those fields are inside the msg field, which is enclosed by
	single quotes, these records generated by libvirt are not correctly parsed by
	libauparse.

2012-02-10  Lai Jiangshan  <laijs@cn.fujitsu.com>

	GetCPUStats: fix overflow test
	Bug introduced in commit c6ec021b.

2012-02-10  Marc-André Lureau  <marcandre.lureau@gmail.com>

	domain: add implicit USB controller
	Some tools, such as virt-manager, prefers having the default USB
	controller explicit in the XML document. This patch makes sure there
	is one. With this patch, it is now possible to switch from USB1 to
	USB2 from the release 0.9.1 of virt-manager.

	Fix tests to pass with this change.

2012-02-10  Guannan Ren  <gren@redhat.com>

	python: refactoring virTypedParameter conversion for NUMA tuning APIs
	          *getPyVirTypedParameter
	          *setPyVirTypedParameter
	          *virDomainSetNumaParameters
	          *virDomainGetNumaParameters

2012-02-09  Eric Blake  <eblake@redhat.com>

	docs: fix typo in python bindings
	* docs/python.html.in: Class is virConnect, not virConn.

2012-02-09  Laine Stump  <laine@laine.org>

	conf: small changes to comments in virDomainDeviceInfo
	romfile wasn't mentioned in the comment, and the fact that rombar is
	now supported for network interfaces also wasn't there.

2012-02-09  Osier Yang  <jyang@redhat.com>

	python: Correct arguments number for migrateSetMaxSpeed
	The API definition accepts "flags" argument, however, the
	implementation ignores it, though "flags" is unused currently,
	we should expose it instead of hard coding, the API
	implementation inside hypervisor driver is responsible to check
	if the passed "flags" is valid.

2012-02-09  Eric Blake  <eblake@redhat.com>

	qemu: fix persistent setting of blkiodevice weights
	virsh blkiotune dom --device-weights /dev/sda,400 --config

	wasn't working correctly.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Use
	correct definition.

2012-02-08  Eric Blake  <eblake@redhat.com>

	qemu: make blkiodevice weights easier to read
	The merge code had too many indirections to easily analyze.

	* src/qemu/qemu_driver.c (qemuDomainMergeDeviceWeights): Pick
	better variable names.

2012-02-08  Eric Blake  <eblake@redhat.com>

	sysinfo: simplify function signature
	Now that no one is relying on the return value being a pointer to
	somewhere inside of the passed-in argument, we can simplify the
	callers to simply return success or failure.  Also wrap some long
	lines and add some const-correctness.

	* src/util/sysinfo.c (virSysinfoParseBIOS, virSysinfoParseSystem)
	(virSysinfoParseProcessor, virSysinfoParseMemory): Change return.
	(virSysinfoRead): Adjust caller.

2012-02-08  Daniel P. Berrange  <berrange@redhat.com>

	Populate /dev/std{in,out,err} symlinks in LXC containers
	Some applications expect /dev/std{in,out,err} to exist. Populate
	them during container startup as symlinks to /proc/self/fd

	Replace truncate() with ftruncate()
	Mingw32 does not have any truncate() API defined, but it does
	have ftruncate(). So replace use of the former with the latter

	Update symbols file for virFileDirectFd/virFileWrapperFd rename

2012-02-08  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix flag semantics and docs for "desc" command
	This patch fixes the domain modification impact flags for tie virsh
	desc command to match the new semantics and fix the docs to match
	actual behavior.

2012-02-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix memory leak when building -cpu argument
	Reported by Alex Jia:

	==21503== 112 (32 direct, 80 indirect) bytes in 1 blocks are
	definitely lost in loss record 37 of 40
	==21503==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==21503==    by 0x4A8991: virAlloc (memory.c:101)
	==21503==    by 0x505A6C: x86DataCopy (cpu_x86.c:247)
	==21503==    by 0x507B34: x86Compute (cpu_x86.c:1225)
	==21503==    by 0x43103C: qemuBuildCommandLine (qemu_command.c:3561)
	==21503==    by 0x41C9F7: testCompareXMLToArgvHelper
	(qemuxml2argvtest.c:183)
	==21503==    by 0x41E10D: virtTestRun (testutils.c:141)
	==21503==    by 0x41B942: mymain (qemuxml2argvtest.c:705)
	==21503==    by 0x41D7E7: virtTestMain (testutils.c:696)

2012-02-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Always use iohelper for domain save
	This is probably not strictly needed as save operation is not live but
	we may have other reasons to avoid blocking qemu's main loop.

2012-02-08  Jiri Denemark  <jdenemar@redhat.com>

	security: Driver 'none' cannot create confined guests
	In case the caller specifies that confined guests are required but the
	security driver turns out to be 'none', we should return an error since
	this driver clearly cannot meet that requirement.  As a result of this
	error, libvirtd fails to start when the host admin explicitly sets
	confined guests are required but there is no security driver available.

	Since security driver 'none' cannot create confined guests, we override
	default confined setting so that hypervisor drivers do not thing they
	should create confined guests.

2012-02-08  Jiri Denemark  <jdenemar@redhat.com>

	seclabel: Do not output relabel attribute for type 'none'
	Security label type 'none' requires relabel to be set to 'no' so there's
	no reason to output this extra attribute.  Moreover, since relabel is
	internally stored in a negative from (norelabel), the default value for
	relabel would be 'yes' in case there is no <seclabel> element in domain
	configuration.  In case VIR_DOMAIN_SECLABEL_DEFAULT turns into
	VIR_DOMAIN_SECLABEL_NONE, we would incorrectly output relabel='yes' for
	seclabel type 'none'.

	qemu: Always use iohelper for dumping domain core
	Qemu uses non-blocking I/O which doesn't play nice with regular file
	descriptors. We need to pass a pipe to qemu instead, which can easily be
	done using iohelper.

	util: Generalize virFileDirectFd
	virFileDirectFd was used for accessing files opened with O_DIRECT using
	libvirt_iohelper. We will want to use the helper for accessing files
	regardless on O_DIRECT and thus virFileDirectFd was generalized and
	renamed to virFileWrapperFd.

2012-02-08  Alex Jia  <ajia@redhat.com>

	virsh: Plug memory leak on cmdDesc

2012-02-08  Osier Yang  <jyang@redhat.com>

	virsh: Do not check the input XML at virsh layer for cmdDetachDevice
	Any device XML doesn't use the same order as libvirt generates, or
	uses decimal for attributes like "slot" of "<address>" will cause
	device detaching to fail, as virsh compares the XML simply earlier
	in strict manner before internal parsing.

	This is regression introduced by ea7182c.

2012-02-08  Eric Blake  <eblake@redhat.com>

	python: drop unused function
	Gcc warned about an unused static function.

	* python/libvirt-qemu-override.c (py_str): Delete.

2012-02-07  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	On systems with dmidecode version 2.10 or older,
	 dmidecode displays processor information, followed by BIOS, system and
	 memory-DIMM details.
	 Calls to virSysinfoParseBIOS(), virSysinfoParseSystem() would update
	 the buffer pointer 'base', so the processor information would be lost
	 before virSysinfoParseProcessor() was called. Sysinfo would therefore
	 not be able to display processor details -- It only described <bios>,
	 <system> and <memory_device> details.
	 This patch attempts to insulate sysinfo from ordering of dmidecode
	 output.

	Before the fix:
	---------------
	virsh # sysinfo
	<sysinfo type='smbios'>
	  <bios>
	    ....
	  </bios>
	  <system>
	    ....
	  </system>
	  <memory_device>
	    ....
	  </memory_device>

	After the fix:
	-------------
	virsh # sysinfo
	<sysinfo type='smbios'>
	  <bios>
	    ....
	  </bios>
	  <system>
	    ....
	  </system>
	  <processor>
	    ....
	  </processor>
	  <memory_device>
	    ....
	  </memory_device>

2012-02-07  Cole Robinson  <crobinso@redhat.com>

	storage: Don't unsparsify images when cloning
	Input to the volume cloning code is a source volume and an XML
	descriptor for the new volume. It is possible for the new volume
	to have a greater size than source volume, at which point libvirt
	will just stick 0s on the end of the new image (for raw format
	anyways).

	Unfortunately a logic error messed up our tracking of the of the
	excess amount that needed to be written: end result is that sparse
	clones were made very much non-sparse, and cloning regular disk
	images could end up excessively sized (though data unaltered).

	Drop the 'remain' variable entriely here since it's redundant, and
	track actual allocation directly against the desired 'total'.

2012-02-07  Laine Stump  <laine@laine.org>

	build: don't require avahi during install
	See: https://bugzilla.redhat.com/show_bug.cgi?id=785269

	The specfile requires avahi during install if libvirt was built with
	avahi support, but there are many situations where it is undesirable
	to install avahi due to security concerns. This patch requires only
	the avahi-libs package, which is needed by libvirt to call the
	function that tries to attach to the avahi daemon, but will instead
	silently fail because the avahi-daemon is in the main avahi package,
	and that package isn't installed.

2012-02-07  Cole Robinson  <crobinso@redhat.com>

	Allow polkit auth for VNC and SSH users
	If you are sitting in front of a physical machine and logged in as
	a regular user, you can connect to the system libvirtd instance
	by providing a root password to policykit. This is how most
	virt-manager users talk to libvirt.

	However, if you are launching virt-manager over ssh -X, or over
	VNC started from say /etc/sysconfig/vncservers, our policykit policy
	rejects the user outright, providing no option to provide the root
	password. This is confusing to users and doesn't seem to serve much
	point.

	Change the policy to allow inactive (VNC) and non-local (SSH, VNC)
	to provide root credentials for accessing system libvirtd. We use
	auth_admin rather than auth_admin_keep so that credentials aren't
	cached at all, and every subsequent reconnection to libvirt requires
	auth.

	Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=625115
	Similar change to PackageKit policy:
	https://bugzilla.redhat.com/show_bug.cgi?id=528511

2012-02-07  Michal Privoznik  <mprivozn@redhat.com>

	pyhton: Don't link against libvirt_util.la
	As we already link with libvirt.la which contains libvirt_utils.la.
	Double linking causes global symbols to be presented twice and
	thus confusion. This partially reverts c700613b8d463212d142c97108b7a2352e23e559

2012-02-07  Eric Blake  <eblake@redhat.com>

	build: avoid gcc 4.7 warning about inlines
	gcc 4.7 complains:

	util/virhashcode.c:49:17: error: always_inline function might not be inlinable [-Werror=attributes]
	util/virhashcode.c:35:17: error: always_inline function might not be inlinable [-Werror=attributes]

	Normal 'inline' is a hint that the compiler may ignore; the fact
	that the function is static is good enough.  We don't care if the
	compiler decided not to inline after all.

	* src/util/virhashcode.c (getblock, fmix): Relax attribute.

2012-02-06  Dave Allan  <dallan@redhat.com>

	Clarify the purpose of domxml-from-native
	Someone mentioned to me that they interpreted this section of the KVM
	driver page as suggesting that new guests should be created by
	creating a qemu commandline and converting it to XML with
	domxml-from-native.  I don't think that's the intent of
	domxml-from-native, so I added that clarification.

2012-02-06  Philipp Hahn  <hahn@univention.de>

	xen-xm: SIGSEGV in xenXMDomainDefineXML: filename
	filename is not initialized to NULL while it's unconditionally freed in
	the error path.

2012-02-06  Philipp Hahn  <hahn@univention.de>

	xen-xm: fix data loss in domain edit
	On CentOS5:
	If "virsh edit $DOM" is used and an error happens (for example changing
	any live cycle action to a non-existing value), libvirt forgets that
	$DOM exists, since it is already removed from the internal hash tables,
	which are used for domain lookup.
	In once case (unreproducible) even the persistent configuration
	/etc/xen/$DOM was deleted.

	Instead of using the compound function xenXMConfigSaveFile() explicitly
	use xenFomatXM() and virConfWriteFile() to distinguish between a failure
	in converting the libvirt definition to the xen-xm format and a problem
	when writing the file.

2012-02-06  Eric Blake  <eblake@redhat.com>

	seclabel: make code and RNG match
	Commit b170eb99 introduced a bug: domains that had an explicit
	<seclabel type='none'/> when started would not be reparsed if
	libvirtd restarted.  It turns out that our testsuite was not
	exercising this because it never tried anything but inactive
	parsing.  Additionally, the live XML for such a domain failed
	to re-validate.  Applying just the tests/ portion of this patch
	will expose the bugs that are fixed by the other two files.

	* docs/schemas/domaincommon.rng (seclabel): Allow relabel under
	type='none'.
	* src/conf/domain_conf.c (virSecurityLabelDefParseXML): Per RNG,
	presence of <seclabel> with no type implies dynamic.  Don't
	require sub-elements for type='none'.
	* tests/qemuxml2xmltest.c (mymain): Add test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.xml: Add file.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.args: Add file.
	Reported by Ansis Atteka.

2012-02-06  Peter Krempa  <pkrempa@redhat.com>

	maint: Add test output files to .gitignore
	Commit 8f00276c8a6140cec6a6d50441c802981d329c0c consolidated other
	.gitignore files to the master one, but forgot to add some test output
	files.

2012-02-06  Alex Jia  <ajia@redhat.com>

	Update myself in AUTHORS
	Move myself from 'Previous maintainers' section to 'the primary maintainers and
	people with commit access rights' section, because I have a commit rights now.

2012-02-06  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix resource leak while listing inactive domains with titles
	Commit fad5cd210899dfde4afe36712754dc921c3f3051 introduces a new flag
	that allows to show domain's title with domains. This commit introduced
	resource leak while listing inactive domains with titles.

2012-02-06  Philipp Hahn  <hahn@univention.de>

	xen_xm: Fix SIGSEGV in xenXMDomainDefineXML
	On CentOS5 with xen-3.0.3:

	 Program received signal SIGSEGV, Segmentation fault.
	 virFree (ptrptr=0x8) at util/memory.c:310
	 310         free(*(void**)ptrptr);
	 (gdb) bt
	 #0  virFree (ptrptr=0x8) at util/memory.c:310
	 #1  0x00002aaaaae167c8 in xenXMDomainDefineXML (conn=0x694e80, xml=0x6b2ce0 "P\fk") at xen/xm_internal.c:1199
	 #2  0x00002aaaaae070d7 in xenUnifiedDomainDefineXML (conn=0x8,
	     xml=0x6ac040 "<domain type='xen'>\n  <name>pv</name>\n  <uuid>20291bc0-453a-4d6c-c6ac-4e5af63b932c</uuid>\n  <memory>1048576</memory>\n  <currentMemory>1048576</currentMemory>\n  <vcpu>1</vcpu>\n  <os>\n    <type arch='x8"...) at xen/xen_driver.c:1524
	 #3  0x00002aaaaada7803 in virDomainDefineXML (conn=0x694e80,
	     xml=0x6ac040 "<domain type='xen'>\n  <name>pv</name>\n  <uuid>20291bc0-453a-4d6c-c6ac-4e5af63b932c</uuid>\n  <memory>1048576</memory>\n  <currentMemory>1048576</currentMemory>\n  <vcpu>1</vcpu>\n  <os>\n    <type arch='x8"...) at libvirt.c:7823
	 #4  0x0000000000426173 in cmdEdit (ctl=0x7fffffffb8e0, cmd=<value optimized out>) at virsh.c:14882
	 #5  0x000000000041c9ce in vshCommandRun (ctl=0x7fffffffb8e0, cmd=0x658c50) at virsh.c:17712
	 #6  0x000000000042c3b9 in main (argc=1, argv=<value optimized out>) at virsh.c:19317

2012-02-06  Jiri Denemark  <jdenemar@redhat.com>

	docs: Enhance documentation of the old-style boot configuration
	Also encourages people to use per-device boot elements for better
	control.

	qemu: Fix seamless spice migration
	Calling qemuDomainMigrateGraphicsRelocate notifies spice clients to
	connect to destination qemu so that they can seamlessly switch streams
	once migration is done. Unfortunately, current qemu is not able to
	accept any connections while incoming migration connection is open.
	Thus, we need to delay opening the migration connection to the point
	spice client is already connected to the destination qemu.

	tests: Fix build with -Werror

	apparmor: Add missing comma
	Typo introduced by c18a88ac

2012-02-06  Alex Jia  <ajia@redhat.com>

	virsh: Avoid invalid read of size errors
	Detected by valgrind. the codes are allocating 0 bytes memory to variable
	cpumap by vshCalloc function, and then the function VIR_USE_CPU will access
	it later, a invalid read error will be hit.

	* tools/virsh.c(cmdVcpuPin): fix invalid read error.

	* How to reproduce?
	% valgrind -v --read-var-info=yes virsh vcpupin <domain> 0 0

	* Actual result:

	==27271== ERROR SUMMARY: 5 errors from 2 contexts (suppressed: 8 from 6)
	==27271==
	==27271== 1 errors in context 1 of 2:
	==27271== Invalid read of size 1
	==27271==    at 0x39CF087E2E: __GI_memcpy (in /lib64/libc-2.12.so)
	==27271==    by 0x39CF114FDC: xdrmem_putbytes (in /lib64/libc-2.12.so)
	==27271==    by 0x39CF114707: xdr_opaque (in /lib64/libc-2.12.so)
	==27271==    by 0x4D56194: xdr_remote_domain_pin_vcpu_args (remote_protocol.c:1844)
	==27271==    by 0x4D6CCE1: virNetMessageEncodePayload (virnetmessage.c:341)
	==27271==    by 0x4D5A44B: virNetClientProgramCall (virnetclientprogram.c:327)
	==27271==    by 0x4D36EDB: callWithFD (remote_driver.c:4546)
	==27271==    by 0x4D36F7B: call (remote_driver.c:4567)
	==27271==    by 0x4D3B2C1: remoteDomainPinVcpu (remote_client_bodies.h:1566)
	==27271==    by 0x4D199D3: virDomainPinVcpu (libvirt.c:8585)
	==27271==    by 0x4241F4: cmdVcpuPin (virsh.c:5262)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
	==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
	==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
	==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)
	==27271==
	==27271==
	==27271== 4 errors in context 2 of 2:
	==27271== Invalid read of size 1
	==27271==    at 0x424133: cmdVcpuPin (virsh.c:5245)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)
	==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
	==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
	==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
	==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
	==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
	==27271==    by 0x426583: main (virsh.c:19289)

2012-02-03  Eric Blake  <eblake@redhat.com>

	maint: consolidate several .gitignore files
	Unlike .cvsignore under CVS, git allows for ignoring nested
	names.  We weren't very consistent where new tests were
	being ignored (some in .gitignore, some in tests/.gitignore),
	and I found it easier to just consolidate everything.

	* .gitignore: Subsume entries from subdirectories.
	* daemon/.gitignore: Delete.
	* docs/.gitignore: Likewise.
	* docs/devhelp/.gitignore: Likewise.
	* docs/html/.gitignore: Likewise.
	* examples/dominfo/.gitignore: Likewise.
	* examples/domsuspend/.gitignore: Likewise.
	* examples/hellolibvirt/.gitignore: Likewise.
	* examples/openauth/.gitignore: Likewise.
	* examples/domain-events/events-c/.gitignore: Likewise.
	* include/libvirt/.gitignore: Likewise.
	* src/.gitignore: Likewise.
	* src/esx/.gitignore: Likewise.
	* tests/.gitignore: Likewise.
	* tools/.gitignore: Likewise.

2012-02-03  Laine Stump  <laine@laine.org>

	qemu: eliminate "Ignoring open failure" when using root-squash NFS
	This eliminates the warning message reported in:

	 https://bugzilla.redhat.com/show_bug.cgi?id=624447

	It was caused by a failure to open an image file that is not
	accessible by root (the uid libvirtd is running as) because it's on a
	root-squash NFS share, owned by a different user, with permissions of
	660 (or maybe 600).

	The solution is to use virFileOpenAs() rather than open(). The
	codepath that generates the error is during qemuSetupDiskCGroup(), but
	the actual open() is in a lower-level generic function called from
	many places (virDomainDiskDefForeachPath), so some other pieces of the
	code were touched just to add dummy (or possibly useful) uid and gid
	arguments.

	Eliminating this warning message has the nice side effect that the
	requested operation may even succeed (which in this case isn't
	necessary, but shouldn't hurt anything either).

2012-02-03  Laine Stump  <laine@laine.org>

	util: refactor virFileOpenAs
	virFileOpenAs previously would only try opening a file as the current
	user, or as a different user, but wouldn't try both methods in a
	single call. This made it cumbersome to use as a replacement for
	open(2). Additionally, it had a lot of historical baggage that led to
	it being difficult to understand.

	This patch refactors virFileOpenAs in the following ways:

	* reorganize the code so that everything dealing with both the parent
	  and child sides of the "fork+setuid+setgid+open" method are in a
	  separate function. This makes the public function easier to understand.

	* Allow a single call to virFileOpenAs() to first attempt the open as
	  the current user, and if that fails to automatically re-try after
	  doing fork+setuid (if deemed appropriate, i.e. errno indicates it
	  would now be successful, and the file is on a networkFS). This makes
	  it possible (in many, but possibly not all, cases) to drop-in
	  virFileOpenAs() as a replacement for open(2).

	  (NB: currently qemuOpenFile() calls virFileOpenAs() twice, once
	  without forking, then again with forking. That unfortunately can't
	  be changed without at least some discussion of the ramifications,
	  because the requested file permissions are different in each case,
	  which is something that a single call to virFileOpenAs() can't deal
	  with.)

	* Add a flag so that any fchown() of the file to a different uid:gid
	  is explicitly requested when the function is called, rather than it
	  being implied by the presence of the O_CREAT flag. This just makes
	  for less subtle surprises to consumers. (Commit
	  b1643dc15c5de886fefe56ad18608d65f1325a2c added the check for O_CREAT
	  before forcing ownership. This patch just makes that restriction
	  more explicit.)

	* If either the uid or gid is specified as "-1", virFileOpenAs will
	  interpret this to mean "the current [gu]id".

	All current consumers of virFileOpenAs should retain their present
	behavior (after a few minor changes to their setup code and
	arguments).

2012-02-03  D. Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	util: rename netlink.[ch] to virnetlink.[ch]
	Rename the src/util/netlink files to src/util/virnetlink to
	better fit the naming scheme. Also rename nlComm to virNetlinkCommand.

2012-02-03  Laine Stump  <laine@laine.org>

	virsh: add --graceful switch to destroy command
	This allows virsh to use the new VIR_DOMAIN_DESTROY_GRACEUL flag for
	virDomainDestroyFlags.

2012-02-03  Laine Stump  <laine@laine.org>

	qemu: new GRACEFUL flag for virDomainDestroy w/ QEMU support
	When libvirt's virDomainDestroy API is shutting down the qemu process,
	it first sends SIGTERM, then waits for 1.6 seconds and, if it sees the
	process still there, sends a SIGKILL.

	There have been reports that this behavior can lead to data loss
	because the guest running in qemu doesn't have time to flush its disk
	cache buffers before it's unceremoniously whacked.

	This patch maintains that default behavior, but provides a new flag
	VIR_DOMAIN_DESTROY_GRACEFUL to alter the behavior. If this flag is set
	in the call to virDomainDestroyFlags, SIGKILL will never be sent to
	the qemu process; instead, if the timeout is reached and the qemu
	process still exists, virDomainDestroy will return an error.

	Once this patch is in, the recommended method for applications to call
	virDomainDestroyFlags will be with VIR_DOMAIN_DESTROY_GRACEFUL
	included. If that fails, then the application can decide if and when
	to call virDomainDestroyFlags again without
	VIR_DOMAIN_DESTROY_GRACEFUL (to force the issue with SIGKILL).

	(Note that this does not address the issue of existing applications
	that have not yet been modified to use VIR_DOMAIN_DESTROY_GRACEFUL.
	That is a separate patch.)

2012-02-03  Philipp Hahn  <hahn@univention.de>

	virterror.c: Fix several spelling mistakes
	compat{a->i}bility
	erron{->e}ous
	nec{c->}essary.
	Either "the" or "a".

2012-02-03  Martin Kletzander  <mkletzan@redhat.com>

	Added missing memory reporting into python bindings
	Two types of memory stats were not reported by python bindings. This
	patch fixes both of them.

2012-02-03  Eric Blake  <eblake@redhat.com>

	python: use libvirt_util to avoid raw free
	This patch starts the process of elevating the python binding code
	to be on the same level as the rest of libvirt when it comes to
	requiring good coding styles.  Statically linking against the
	libvirt_util library makes it much easier to write good code,
	rather than having to open-code and reinvent things locally.

	Done by global search and replace of s/free(/VIR_FREE(/, followed
	by hand-inspection of remaining malloc and redundant memset.

	* cfg.mk (exclude_file_name_regexp--sc_prohibit_raw_allocation):
	Remove python from exemption.
	* python/Makefile.am (INCLUDES): Add gnulib and src/util.  Drop
	$(top_builddir)/$(subdir), as automake already guarantees that.
	(mylibs, myqemulibs): Pull in libvirt_util and gnulib.
	(libvirtmod_la_CFLAGS): Catch compiler warnings if configured to
	use -Werror.
	* python/typewrappers.c (libvirt_charPtrSizeWrap)
	(libvirt_charPtrWrap): Convert free to VIR_FREE.
	* python/generator.py (print_function_wrapper): Likewise.
	* python/libvirt-override.c: Likewise.

2012-02-03  Eric Blake  <eblake@redhat.com>

	build: expand rule to cover testsuite
	The bulk of this patch was done with:

	sed -i 's/\(\bfree *(/VIR_FREE(/g' tests/*.c

	followed by fixing the few compile errors that resulted.

	* cfg.mk (exclude_file_name_regexp--sc_prohibit_raw_allocation):
	Remove tests from exemption.
	* tests/testutils.h: Add common header.
	* tests/commandhelper.c: Fix offenders.
	* tests/cputest.c: Likewise.
	* tests/domainsnapshotxml2xmltest.c: Likewise.
	* tests/interfacexml2xmltest.c: Likewise.
	* tests/networkxml2argvtest.c: Likewise.
	* tests/networkxml2xmltest.c: Likewise.
	* tests/nodedevxml2xmltest.c: Likewise.
	* tests/nodeinfotest.c: Likewise.
	* tests/nwfilterxml2xmltest.c: Likewise.
	* tests/qemuargv2xmltest.c: Likewise.
	* tests/qemuxml2argvtest.c: Likewise.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/qemuxmlnstest.c: Likewise.
	* tests/qparamtest.c: Likewise.
	* tests/sexpr2xmltest.c: Likewise.
	* tests/storagepoolxml2xmltest.c: Likewise.
	* tests/storagevolxml2xmltest.c: Likewise.
	* tests/testutils.c: Likewise.
	* tests/virshtest.c: Likewise.
	* tests/xencapstest.c: Likewise.
	* tests/xmconfigtest.c: Likewise.
	* tests/xml2sexprtest.c: Likewise.

2012-02-03  Eric Blake  <eblake@redhat.com>

	build: prohibit raw malloc and free
	Our HACKING discourages use of malloc and free, for at least
	a couple of years now.  But we weren't enforcing it, until now :)

	For now, I've exempted python and tests, and will clean those up
	in subsequent patches.  Examples should be permanently exempt,
	since anyone copying our examples won't have use of our
	internal-only memory.h via libvirt_util.la.

	* cfg.mk (sc_prohibit_raw_allocation): New rule.
	(exclude_file_name_regexp--sc_prohibit_raw_allocation): and
	exemptions.
	* src/cpu/cpu.c (cpuDataFree): Avoid false positive.
	* src/conf/network_conf.c (virNetworkDNSSrvDefParseXML): Fix
	offenders.
	* src/libxl/libxl_conf.c (libxlMakeDomBuildInfo, libxlMakeVfb)
	(libxlMakeDeviceModelInfo): Likewise.
	* src/rpc/virnetmessage.c (virNetMessageSaveError): Likewise.
	* tools/virsh.c (_vshMalloc, _vshCalloc): Likewise.

2012-02-03  Eric Blake  <eblake@redhat.com>

	python: drop redundant function
	I noticed some redundant code while preparing my next patch.

	* python/generator.py (py_types): Fix 'const char *' mapping.
	* python/typewrappers.h (libvirt_charPtrConstWrap): Drop.
	* python/typewrappers.c (libvirt_charPtrConstWrap): Delete, since
	it is identical to libvirt_constcharPtrWrap.

2012-02-03  Eric Blake  <eblake@redhat.com>

	build: clean up CPPFLAGS/INCLUDES usage
	Our syntax checker missed all-lower-case variables (this will
	be fixed by the next .gnulib update).  Additionally, anywhere
	that we mix in-tree files with generated files, automake recommends
	listing builddir prior to srcdir for VPATH builds.

	* src/Makefile.am (*_la_CFLAGS): Favor $(top_srcdir).
	(INCLUDES): Likewise, and follow automake recommendations on
	builddir before srcdir.
	* python/Makefile.am (INCLUDES): Swap directory order.
	* tests/Makefile.am (INCLUDES): Likewise.
	* tools/Makefile.am (INCLUDES): Likewise.
	* daemon/Makefile.am (INCLUDES): Likewise.
	(libvirtd.init, libvirtd.service): Favor $().
	* examples/hellolibvirt/Makefile.am (hellolibvirt_LDADD):
	Likewise.
	* examples/openauth/Makefile.am (openauth_LDADD): Likewise.
	* examples/dominfo/Makefile.am (INCLUDES): Drop dead include.
	* examples/domsuspend/Makefile.am (INCLUDES): Likewise.

2012-02-03  Eric Blake  <eblake@redhat.com>

	command: allow merging stdout and stderr in string capture
	Sometimes, its easier to run children with 2>&1 in shell notation,
	and just deal with stdout and stderr interleaved.  This was already
	possible for fd handling; extend it to also work when doing string
	capture of a child process.

	* docs/internals/command.html.in: Document this.
	* src/util/command.c (virCommandSetErrorBuffer): Likewise.
	(virCommandRun, virExecWithHook): Implement it.
	* tests/commandtest.c (test14): Test it.
	* daemon/remote.c (remoteDispatchAuthPolkit): Use new command
	feature.

2012-02-03  Eric Blake  <eblake@redhat.com>

	maint: prune duplicate listings in AUTHORS
	* AUTHORS: Remove duplicates.
	* .mailmap: Update accordingly.

2012-02-03  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh: extension of virsh attach-disk for rawio
	This patch extends "virsh attach-disk" command so that
	we can specify "rawio" attribute.

2012-02-03  Martin Kletzander  <mkletzan@redhat.com>

	Fixed connection definition for non-SELinux builds
	This patch fixes the access of variable "con" in two files where the
	variable was declared only on SELinux builds and thus the build failed
	without SELinux. It's a rather nasty fix but helps fix the build
	quickly and without any major changes to the code.

	Added RSS reporting
	Added RSS information gathering into qemuMemoryStats into qemu driver
	and the reporting into virsh dommemstat.

	Added RSS information gathering into qemudGetProcessInfo
	One more parameter added into the function parsing /proc/<pid>/stat
	and the call of the function is fixed as well.

2012-02-03  Osier Yang  <jyang@redhat.com>

	Replace TAB with white spaces

2012-02-03  Jiri Denemark  <jdenemar@redhat.com>

	lxc: Fix build with AppArmor

2012-02-03  Alex Jia  <ajia@redhat.com>

	conf: Plug memory on virDomainDiskDefParseXML
	Detected by valgrind. Leak is introduced in commit 397e6a7.

	* src/conf/domain_conf.c(virDomainDiskDefParseXML): fix memory leak.

	How to reproduce?
	% make -C tests check TESTS=qemuxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./qemuxml2argvtest

	* Actual result:

	==16352== 4 bytes in 1 blocks are definitely lost in loss record 12 of 147
	==16352==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16352==    by 0x39D90A67DD: xmlStrndup (xmlstring.c:45)
	==16352==    by 0x4E83D5: virDomainDiskDefParseXML (domain_conf.c:2894)
	==16352==    by 0x4F542D: virDomainDefParseXML (domain_conf.c:7626)
	==16352==    by 0x4F8683: virDomainDefParseNode (domain_conf.c:8390)
	==16352==    by 0x4F904E: virDomainDefParse (domain_conf.c:8340)
	==16352==    by 0x41C626: testCompareXMLToArgvHelper (qemuxml2argvtest.c:105)
	==16352==    by 0x41DED1: virtTestRun (testutils.c:142)
	==16352==    by 0x418172: mymain (qemuxml2argvtest.c:486)
	==16352==    by 0x41D5C7: virtTestMain (testutils.c:697)
	==16352==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Set a security context on /dev and /dev/pts mounts
	To allow the container to access /dev and /dev/pts when under
	sVirt, set an explicit mount option. Also set a max size on
	the /dev mount to prevent DOS on memory usage

	* src/lxc/lxc_container.c: Set /dev mount context
	* src/lxc/lxc_controller.c: Set /dev/pts mount context

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Add support for sVirt in the LXC driver
	For the sake of backwards compat, LXC guests are *not*
	confined by default. This is because it is not practical
	to dynamically relabel containers using large filesystem
	trees. Applications can create confined containers though,
	by giving suitable XML configs

	* src/Makefile.am: Link libvirt_lxc to security drivers
	* src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h,
	  src/lxc/lxc_conf.c, src/lxc/lxc.conf,
	  src/lxc/test_libvirtd_lxc.aug: Config file handling for
	  security driver
	* src/lxc/lxc_driver.c: Wire up security driver functions
	* src/lxc/lxc_controller.c: Add a '--security' flag to
	  specify which security driver to activate
	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set
	  the process label just before exec'ing init.

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Add two new security label types
	Curently security labels can be of type 'dynamic' or 'static'.
	If no security label is given, then 'dynamic' is assumed. The
	current code takes advantage of this default, and avoids even
	saving <seclabel> elements with type='dynamic' to disk. This
	means if you temporarily change security driver, the guests
	can all still start.

	With the introduction of sVirt to LXC though, there needs to be
	a new default of 'none' to allow unconfined LXC containers.

	This patch introduces two new security label types

	 - default:  the host configuration decides whether to run the
	             guest with type 'none' or 'dynamic' at guest start
	 - none:     the guest will run unconfined by security policy

	The 'none' label type will obviously be undesirable for some
	deployments, so a new qemu.conf option allows a host admin to
	mandate confined guests. It is also possible to turn off default
	confinement

	  security_default_confined = 1|0  (default == 1)
	  security_require_confined = 1|0  (default == 0)

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add new
	  seclabel types
	* src/security/security_manager.c, src/security/security_manager.h:
	  Set default sec label types
	* src/security/security_selinux.c: Handle 'none' seclabel type
	* src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
	  src/qemu/libvirtd_qemu.aug: New security config options
	* src/qemu/qemu_driver.c: Tell security driver about default
	  config

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Re-add domain device seclabel parsing / formatting
	This re-introduces parsing & formatting for per device seclabels.
	There is a new virDomainDeviceSeclabelPtr struct and corresponding
	APIs for parsing/formatting.

2012-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Revert changes to sec label parsing
	Revert parsing changes:

	  commit 302fe95ffa1bc5f1c61c0beb31a1adfbc38c668e
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Wed Jan 4 16:01:24 2012 -0700

	    seclabel: fix regression in libvirtd restart

	  commit b43432931aef92325920953ff92beabfbe5224c8
	  Author: Eric Blake <eblake@redhat.com>
	  Date:   Thu Dec 22 17:47:50 2011 -0700

	    seclabel: allow a seclabel override on a disk src

	These two commits changed the sec label parsing code so that
	the same code dealt with both the VM level sec label, and the
	per device label. Unfortunately, as we add more options to the
	VM level sec label, the logic required to use the same parsing
	code for the per device label becomes unintelligible.

	* src/conf/domain_conf.c: Remove support for parsing per
	  device sec labels

2012-02-02  Dave Allan  <dallan@redhat.com>

	Add detail to documentation on storage pools and volumes.
	The storage pools page contains details about the capabilities of the
	various pool types, but not an overview of how they are intended to be
	used.  This patch adds some explanation of what pools and volumes can
	be used for and why an administrator might want to use them.

2012-02-02  Alex Jia  <ajia@redhat.com>

	virsh: Plug memory leak on cmdUndefine
	Detected by valgrind. Leak is introduced in commit 3bb6bcf.

	Free 'vol' memory before allocating memory, the codes will miss one time
	free when 'vol_i = nvolumes' in for loop, so plug memory leak.

	* tools/virsh.c: fix memory leak on cmdUndefine.

	* How to reproduce?
	% dd if=/dev/null of=/var/lib/libvirt/images/foo bs=1 count=1 seek=10M
	% virsh define foo.xml                   (disk source file points to '/var/lib/libvirt/images/foo')
	% virsh vol-clone foo foo-clone default  (the original guest name is 'foo')
	% virsh pool-refresh default
	% virsh vol-list default                 (make sure 'foo-clone' volume exists)
	% virsh define foo-clone.xml             (disk source file points to '/var/lib/libvirt/images/foo-clone')
	% valgrind -v --leak-check=full virsh undefine foo-clone --remove-all-storage

	* Actual results:

	1. virsh output
	Domain foo-clone has been undefined
	Volume '/var/lib/libvirt/images/foo-clone' removed.

	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

	2. valgrind result

	==6515== 92 (40 direct, 52 indirect) bytes in 1 blocks are definitely lost in loss record 46 of 69
	==6515==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==6515==    by 0x4C89B71: virAlloc (memory.c:101)
	==6515==    by 0x4CFCACE: virGetStorageVol (datatypes.c:724)
	==6515==    by 0x4D4A8E0: remoteStorageVolLookupByPath (remote_driver.c:4664)
	==6515==    by 0x4D07153: virStorageVolLookupByPath (libvirt.c:12508)
	==6515==    by 0x4270E6: cmdUndefine (virsh.c:2828)
	==6515==    by 0x4151B6: vshCommandRun (virsh.c:17693)
	==6515==    by 0x4264D3: main (virsh.c:19270)
	==6515==
	==6515== LEAK SUMMARY:
	==6515==    definitely lost: 40 bytes in 1 blocks

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=786674

2012-02-02  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Update gnulib to fix mingw64 compilation errors

2012-02-02  Philipp Hahn  <hahn@univention.de>

	tests: dynamically replace dnsmasq path
	The path to the dnsmasq binary can be configured while in the test data
	the path is hard-coded to /usr/bin/. This break the test suite if a the
	binary is located in a different location, like /usr/local/sbin/.

	Replace the hard coded path in the test data by a token, which is
	dynamically replaced in networkxml2argvtest with the configured path
	after the test data has been loaded.

	(Another option would have been to modify configure.ac to generate the
	 test data during configure, but I do not know of an easy way do trick
	 configure into mass-generate those test files without listing every
	 single one, which I consider less flexible.)

	- unit-test the unit-test:
	  #include <assert.h>
	  #define TEST(in,token,rep,out) { char *buf = strdup(in); assert(!replaceTokens(&buf, token, rep) && !strcmp(buf, out)); free(buf); }
	  TEST("", "AA", "B", "");
	  TEST("A", "AA", "B", "A");
	  TEST("AA", "AA", "B", "B");
	  TEST("AAA", "AA", "B", "BA");
	  TEST("AA", "AA", "BB", "BB");
	  TEST("AA", "AA", "BBB", "BBB");
	  TEST("<AA", "AA", "B", "<B");
	  TEST("<AA", "AA", "BB", "<BB");
	  TEST("<AA", "AA", "BBB", "<BBB");
	  TEST("AA>", "AA", "B", "B>");
	  TEST("AA>", "AA", "BB", "BB>");
	  TEST("AA>", "AA", "BBB", "BBB>");
	  TEST("<AA>", "AA", "B", "<B>");
	  TEST("<AA>", "AA", "BB", "<BB>");
	  TEST("<AA>", "AA", "BBB", "<BBB>");
	  TEST("<AA|AA>", "AA", "B", "<B|B>");
	  TEST("<AA|AA>", "AA", "BB", "<BB|BB>");
	  TEST("<AA|AA>", "AA", "BBB", "<BBB|BBB>");
	  TEST("<AAAA>", "AA", "B", "<BB>");
	  TEST("<AAAA>", "AA", "BB", "<BBBB>");
	  TEST("<AAAA>", "AA", "BBB", "<BBBBBB>");
	  TEST("AAAA>", "AA", "B", "BB>");
	  TEST("AAAA>", "AA", "BB", "BBBB>");
	  TEST("AAAA>", "AA", "BBB", "BBBBBB>");
	  TEST("<AAAA", "AA", "B", "<BB");
	  TEST("<AAAA", "AA", "BB", "<BBBB");
	  TEST("<AAAA", "AA", "BBB", "<BBBBBB");
	  alarm(1); /* no infinite loop */
	  TEST("A", "A", "A", "A");
	  TEST("AA", "A", "A", "AA");
	  alarm(0);

2012-02-02  Eric Blake  <eblake@redhat.com>

	network: fix testsuite regression
	I slightly botched commit be9fb5a - I converted '--arg=value' to
	'--arg value', which has no semantic change, but did trip up the
	testsuite.

	* src/network/bridge_driver.c (networkBuildDnsmasqArgv): Restore
	expected output.

2012-02-02  Philipp Hahn  <hahn@univention.de>

	tests: virnettlscontexttest needs gnutls-2.6.0
	virnettlscontexttest uses gnutls_x509_crt_set_subject_alt_name() and
	GNUTLS_FSAN_APPEND, which - according to
	<http://www.gnu.org/software/gnutls/manual/gnutls.html> - are only
	available since 2.6.0.

	Since libvirt still works fine with gnutls-1.0.25 from RHEL5, only
	enable the test when the version of GNUTLS is at least 2.6.0.

2012-02-02  Philipp Hahn  <hahn@univention.de>

	xen_xs: name xendConfigVersion magic numbers
	libvirt supports 4 different versions of the user-land XenD daemon. When
	queried the daemon just returns its generation number, which is hard to
	match to the version of the Xen tools.

	Replace the magic generation numbers by named enum definitions to
	improve code readability.

2012-02-02  Alex Jia  <ajia@redhat.com>

	network: Avoid memory leaks on networkBuildDnsmasqArgv
	Detected by valgrind. Leaks introduced in commit 973af236.

	* src/network/bridge_driver.c: fix memory leaks on failure and successful path.

	* How to reproduce?
	% make -C tests check TESTS=networkxml2argvtest
	% cd tests && valgrind -v --leak-check=full ./networkxml2argvtest

	* Actual result:

	==2226== 3 bytes in 1 blocks are definitely lost in loss record 1 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A2D9: networkBuildDhcpDaemonCommandLine (bridge_driver.c:545)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== 3 bytes in 1 blocks are definitely lost in loss record 2 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A307: networkBuildDhcpDaemonCommandLine (bridge_driver.c:551)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== 5 bytes in 1 blocks are definitely lost in loss record 4 of 24
	==2226==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2226==    by 0x39CF0FEDE7: __vasprintf_chk (in /lib64/libc-2.12.so)
	==2226==    by 0x41DFF7: virVasprintf (stdio2.h:199)
	==2226==    by 0x41E0B7: virAsprintf (util.c:1695)
	==2226==    by 0x41A2AB: networkBuildDhcpDaemonCommandLine (bridge_driver.c:539)
	==2226==    by 0x4145C8: testCompareXMLToArgvHelper (networkxml2argvtest.c:47)
	==2226==    by 0x4156A1: virtTestRun (testutils.c:141)
	==2226==    by 0x414332: mymain (networkxml2argvtest.c:123)
	==2226==    by 0x414D97: virtTestMain (testutils.c:696)
	==2226==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2226==
	==2226== LEAK SUMMARY:
	==2226==    definitely lost: 11 bytes in 3 blocks

2012-02-01  Eric Blake  <eblake@redhat.com>

	block rebase: initial qemu implementation
	This is a trivial implementation, which works with the current
	released qemu 1.0 with backports of preliminary block pull but
	no partial rebase.  Future patches will update the monitor handling
	to support an optional parameter for partial rebase; but as qemu
	1.1 is unreleased, it can be in later patches, designed to be
	backported on top of the supported API.

	* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Add parameter,
	and adjust callers.  Drop redundant check.
	(qemuDomainBlockPull): Move guts...
	(qemuDomainBlockRebase): ...to new function.

2012-02-01  Eric Blake  <eblake@redhat.com>

	block rebase: wire up remote protocol
	Nice and simple.

	* src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_BLOCK_REBASE):
	New RPC.
	* src/remote/remote_driver.c (remote_driver): Wire it up.
	* src/remote_protocol-structs: Regenerate.

2012-02-01  Eric Blake  <eblake@redhat.com>

	block rebase: add new API virDomainBlockRebase
	Qemu is adding the ability to do a partial rebase.  That is, given:

	base <- intermediate <- current

	virDomainBlockPull will produce:

	current

	but qemu now has the ability to leave base in the chain, to produce:

	base <- current

	Note that current qemu can only do a forward merge, and only with
	the current image as the destination, which is fully described by
	this API without flags.  But in the future, it may be possible to
	enhance this API for additional scenarios by using flags:

	Merging the current image back into a previous image (that is,
	undoing a live snapshot), could be done by passing base as the
	destination and flags with a bit requesting a backward merge.

	Merging any other part of the image chain, whether forwards (the
	backing image contents are pulled into the newer file) or backwards
	(the deltas recorded in the newer file are merged back into the
	backing file), could also be done by passing a new flag that says
	that base should be treated as an XML snippet rather than an
	absolute path name, where the XML could then supply the additional
	instructions of which part of the image chain is being merged into
	any other part.

	* include/libvirt/libvirt.h.in (virDomainBlockRebase): New
	declaration.
	* src/libvirt.c (virDomainBlockRebase): Implement it.
	* src/libvirt_public.syms (LIBVIRT_0.9.10): Export it.
	* src/driver.h (virDrvDomainBlockRebase): New driver callback.
	* src/rpc/gendispatch.pl (long_legacy): Add exemption.
	* docs/apibuild.py (long_legacy_functions): Likewise.

2012-02-01  Peter Krempa  <pkrempa@redhat.com>

	qemu: Add support for virDomainGetMetadata and virDomainSetMetadata
	This patch adds support for the new api into the qemu driver to support
	modification and retrieval of domain description and title. This patch
	does not add support for modifying the <metadata> element.

2012-02-01  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add support for modifying domain description and titles
	This patch adds a new command "desc" to show and modify titles and
	description for the domains using the new API.

	This patch also adds a new flag for the "list" command to show titles in
	the domain list, to allow easy identification of VMs by storing a short
	description.

	Example:
	virsh # list --title
	 Id Name                 State      Title
	 -----------------------------------------------
	   0 Domain-0             running    Mailserver 1
	   2 fedora               paused

2012-02-01  Peter Krempa  <pkrempa@redhat.com>

	API: Add api to set and get domain metadata
	This patch adds API to modify domain metadata for running and stopped
	domains. The api supports changing description, title as well as the
	newly added <metadata> element. The API has support for storing data in
	the metadata element using xml namespaces.

	* include/libvirt/libvirt.h.in
	* src/libvirt_public.syms
	        - add function headers
	        - add enum to select metadata to operate on
	        - export functions
	* src/libvirt.c
	        - add public api implementation
	* src/driver.h
	        - add driver support
	* src/remote/remote_driver.c
	* src/remote/remote_protocol.x
	        - wire up the remote protocol
	* include/libvirt/virterror.h
	* src/util/virterror.c
	        - add a new error message note that metadata for domain are
	        missing

2012-02-01  Peter Krempa  <pkrempa@redhat.com>

	xml: Add element <title> to allow short description of domains
	This patch adds a new element <title> to the domain XML. This attribute
	can hold a short title defined by the user to ease the identification of
	domains. The title may not contain newlines and should be reasonably short.

	 *docs/formatdomain.html.in
	 *docs/schemas/domaincommon.rng
	        - add schema grammar for the new element and documentation
	  *src/conf/domain_conf.c
	  *src/conf/domain_conf.h
	        - add field to hold the new attribute
	        - add code to parse and create XML with the new attribute

2012-02-01  Laine Stump  <laine@laine.org>

	build: add missing virStorageFileResize to libvirt_private.syms
	This was forgotten when the function was originally written (not
	noticed because it wasn't used at the time). It's required for
	proper compilation with modules enabled after applying the recent
	virStorageVolResize patches.

	build: add missing virCommandAddCap to libvirt_private.syms
	This was forgotten when the function was initially written (not
	noticed because it wasn't used at the time). It's required for proper
	compilation with modules enabled after applying the recent rawio
	patches.

2012-02-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Silent bogus warning about unitialized variable
	GCC complaints about uninitialized use of len, which however is only
	used when errors != NULL and in that case len is always initialized.
	It's trivial to silence this by always initializing len.

2012-02-01  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Allow overriding NOFILES ulimit for the daemon as well
	One of my latest patches (d8db0f9690) created support for setting
	the limit for the maximum of opened files by qemu user. However,
	since libvirtd keeps one FD opened per domain (well, for qemu at least)
	it will likely hit this limit on huge scenarios.

2012-02-01  Jiri Denemark  <jdenemar@redhat.com>

	python: Add binding for virDomainGetDiskErrors

	virsh: Implement domblkerror command
	This command lists all disk devices with errors

	qemu: Implement virDomainGetDiskErrors

	Remote protocol for virDomainGetDiskErrors

	virDomainGetDiskErrors public API
	We already provide ways to detect when a domain has been paused as a
	result of I/O error, but there was no way of getting the exact error or
	even the device that experienced it.  This new API may be used for both.

2012-02-01  Alex Jia  <ajia@redhat.com>

	python: correct a copy-paste error
	* python/libvirt-override-virStream.py: fix a copy-paste error in sendAll().

2012-02-01  Michal Privoznik  <mprivozn@redhat.com>

	command: Fix ATTRIBUTE_UNUSED on virSetCapabilities
	If we are building not on a WIN32 architecture and without HAVE_CAPNG
	virSetCapabilities has unused argument and virClearCapabilities
	is unused as well.

	qemu: Clenup qemuDomainSetInterfaceParameters
	which contained some useless lines, copied code, NULL
	dereference.

	qemu: Don't jump to endjob if no job was even started
	In qemuDomainShutdownFlags if we try to use guest agent,
	which has error or is not configured, we jump go endjob
	label even if we haven't started any job yet. This may
	lead to the daemon crash:
	1) virsh shutdown --mode agent on a domain without agent configured
	2) wait until domain quits
	3) virsh edit

2012-02-01  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	qemu: fix my typo at commit 74e034964c32edb1732d0ff7642f3977f3587d72
	Fix my typo at
	  commit 74e034964c32edb1732d0ff7642f3977f3587d72

	"disk->rawio == -1" indicates that this value is not
	specified. So in case of this, domain must not
	be tainted.

2012-02-01  Alex Jia  <ajia@redhat.com>

	simplify block of codes
	Using new function 'virTypedParameterArrayClear' to simplify block of codes.

	* daemon/remote.c, src/remote/remote_driver.c: simplify codes.

2012-02-01  Eric Blake  <eblake@redhat.com>

	build: fix text regression
	Commit 8a09ee410 tickles a bug in libxml2-2.7.6 on RHEL 6.2,
	where libxml2 treats the pattern [^\n] as excluding literal
	backslash and n, instead of the intended newline, thus failing
	to validate any domain name containing 'n'.

	* docs/schemas/domaincommon.rng: Use literal newline instead.

2012-01-31  Laine Stump  <laine@laine.org>

	docs: fill out rawio description
	The original doc entry for rawio didn't mention the values it could
	have, the default, or the fact that setting it to "yes" for one disk
	effectively set it to "yes" for all disks in the domain.

2012-01-31  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	qemu: make qemu processes to retain rawio capability
	This patch revises qemuProcessStart() function for qemu
	processes to retain CAP_SYS_RAWIO if needed.
	And in case of that, add taint flag to domain.

	util: extend virExecWithHook()
	This patch extends virExecWithHook() to receive
	capability information.

2012-01-31  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	util: add functions to keep capabilities
	This patch introduces virSetCapabilities() function and implements
	virCommandAllowCap() function.

	Existing virClearCapabilities() is function to clear all capabilities.
	Instead virSetCapabilities() is function to set arbitrary capabilities.

2012-01-31  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	conf: add rawio attribute to disk element of domain XML
	 This patch adds a new attribute "rawio" to the "disk" element
	 of domain XML. Valid values of "rawio" attribute are "yes"
	 and "no".
	 rawio='yes' indicates the disk is desirous of CAP_SYS_RAWIO.

	 If you specify the following XML:

	 <disk type='block' device='lun' rawio='yes'>
	  ...
	 </disk>

	 the domain will be granted CAP_SYS_RAWIO.
	 (of course, the domain have to be executed with root privilege)

	NOTE:
	   - "rawio" attribute is only valid when device='lun'
	   - At the moment, any other disks you won't use rawio can use rawio.

2012-01-31  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Implement virStorageVolResize() for FS backend
	Currently only VIR_STORAGE_VOL_RESIZE_DELTA flag is supported.

2012-01-31  Eric Blake  <eblake@redhat.com>

	resize: slightly alter signature
	Our existing virDomainBlockResize takes an unsigned long long
	argument; if that command is later taught a DELTA and SHRINK flag,
	we cannot change its type without breaking API (but at least such
	a change would be ABI compatible).  Meanwhile, the only time a
	negative size makes sense is if both DELTA and SHRINK are used
	together, but if we keep the argument unsigned, applications can
	pass the positive delta amount by which they would like to shrink
	the system, and have the flags imply the negative value.  So,
	since this API has not yet been released, and in the interest of
	consistency with existing API, we swap virStorageVolResize to
	always pass an unsigned value.

	* include/libvirt/libvirt.h.in (virStorageVolResize): Use unsigned
	argument.
	* src/libvirt.c (virStorageVolResize): Likewise.
	* src/driver.h (virDrvStorageVolUpload): Adjust clients.
	* src/remote/remote_protocol.x (remote_storage_vol_resize_args):
	Likewise.
	* src/remote_protocol-structs: Regenerate.
	Suggested by Daniel P. Berrange.

2012-01-30  Philipp Hahn  <hahn@univention.de>

	XenXs: Update documentation
	Fix several references to now renamed functions and parameters when the
	functions were moved from src/xen/ to src/xenxs/.

2012-01-30  Laine Stump  <laine@laine.org>

	qemu: add "romfile" support to specify device boot ROM
	This patch addresses: https://bugzilla.redhat.com/show_bug.cgi?id=781562

	Along with the "rombar" option that controls whether or not a boot rom
	is made visible to the guest, qemu also has a "romfile" option that
	allows specifying a binary file to present as the ROM BIOS of any
	emulated or passthrough PCI device. This patch adds support for
	specifying romfile to both passthrough PCI devices, and emulated
	network devices that attach to the guest's PCI bus (just about
	everything other than ne2k_isa).

	One example of the usefulness of this option is described in the
	bugzilla report: 82576 sriov network adapters don't provide a ROM BIOS
	for the cards virtual functions (VF), but an image of such a ROM is
	available, and with this ROM visible to the guest, it can PXE boot.

	In libvirt's xml, the new option is configured like this:

	   <hostdev>
	     ...
	     <rom file='/etc/fake/boot.bin'/>
	     ...
	   </hostdev

	(similarly for <interface>).

2012-01-30  Laine Stump  <laine@laine.org>

	qemu: (and conf) support rombar for network devices
	When support for the rombar option was added, it was only added for
	PCI passthrough devices, configured with <hostdev>. The same option is
	available for any network device that is attached to the guest's PCI
	bus. This patch allows setting rombar for any PCI network device type.

	After adding cases to test this to qemuxml2argv-hostdev-pci-rombar.*,
	I decided to rename those files (to qemuxml2argv-pci-rom.*) to more
	accurately reflect the additional tests, and also noticed that up to
	now we've only been performing a domainschematest for that case, so I
	added the "pci-rom" test to both qemuxml2argv and qemuxml2xml (and in
	the process found some bugs whose fixes I squashed into previous
	commits of this series).

2012-01-30  Laine Stump  <laine@laine.org>

	conf: relocate rombar and boot order parse/format
	Since these two items are now in the virDomainDeviceInfo struct, it
	makes sense to parse/format them in the functions written to
	parse/format that structure. Not all types of devices allow them, so
	two internal flags are added to indicate when it is appropriate to do
	so.

	I was lucky - only one test case needed to be re-ordered!

2012-01-30  Laine Stump  <laine@laine.org>

	conf: put all guest-related HostdevDef data in one object
	To help consolidate the commonality between virDomainHostdevDef and
	virDomainNetDef into as few members as possible (and because I
	think it makes sense), this patch moves the rombar and bootIndex
	members into the "info" member that is common to both (and to all the
	other structs that use them).

	It's a bit problematic that this gives rombar and bootIndex to many
	device types that don't use them, but this is already the case for the
	master and mastertype members of virDomainDeviceInfo, and is properly
	commented as such in the definition.

	Note that this opens the door to supporting rombar for other devices
	that are attached to the guest PCI bus - virtio-blk-pci,
	virtio-net-pci, various other network adapters - which which have that
	capability in qemu, but previously had no support in libvirt.

2012-01-30  Laine Stump  <laine@laine.org>

	conf: remove duplicate call to VIR_FREE(info->alias)
	There is another identical call 4 lines up in the same function.

2012-01-30  Hendrik Schwartke  <hendrik@os-t.de>

	qemu: Fix segfault in qemuMonitorTextGetBlockInfo
	If some error occurs then the cleanup code calls VIR_FREE(info)
	without ensuring that info is initialized.

2012-01-30  Cole Robinson  <crobinso@redhat.com>

	xen: Don't add <console> to xml for dom0
	It just doesn't really make sense and confuses virt-manager

2012-01-30  Daniel P. Berrange  <berrange@redhat.com>

	Add virt-host-validate.1 to Mingw32 RPM spec file list

2012-01-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	remote handler for virDomainGetCPUStats()
	Unlike other users of virTypedParameter with RPC, this interface
	can return zero-filled entries because the interface assumes
	2 dimensional array. We compress these entries out from the
	server when generating the over-the-wire contents, then reconstitute
	them in the client.

2012-01-28  Eric Blake  <eblake@redhat.com>

	docs: reorder public header
	The bottom of the public header is reserved for deprecated APIs;
	it's nicer to arrange things in logical groups.

	* include/libvirt/libvirt.h.in (virConnectSetKeepAlive)
	(virDomainGetCPUStats): Float earlier in the file.

2012-01-28  Eric Blake  <eblake@redhat.com>

	docs: tweak recent suspend API additions
	* src/libvirt.c (virDomainPMSuspendForDuration): Clarify usage.

2012-01-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Add new public API virDomainGetCPUStats()
	add new API virDomainGetCPUStats() for getting cpu accounting information
	per real cpus which is used by a domain.  The API is designed to allow
	future extensions for additional statistics.

	based on ideas by Lai Jiangshan and Eric Blake.

	* src/libvirt_public.syms: add API for LIBVIRT_0.9.10
	* src/libvirt.c: define virDomainGetCPUStats()
	* include/libvirt/libvirt.h.in: add virDomainGetCPUStats() header
	* src/driver.h: add driver API
	* python/generator.py: add python API (as not implemented)

2012-01-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new virDomainPMSuspendForDuration API
	under new command "dompmsuspend"

	Introduce virDomainPMSuspendForDuration API
	This API allows a domain to be put into one of S# ACPI states.
	Currently, S3 and S4 are supported. These states are shared
	with virNodeSuspendForDuration.
	However, for now we don't support any duration other than zero.
	The same apply for flags.

2012-01-28  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	resize: implement remote protocol for virStorageVolResize()
	Autogeneration saves the day.

2012-01-28  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	resize: add virStorageVolResize() API
	Add a new function to allow changing of capacity of storage volumes.
	Plan out several flags, even if not all of them will be implemented
	up front.

	Expose the new command via 'virsh vol-resize'.

2012-01-28  Eric Blake  <eblake@redhat.com>

	tests: fix reversed comparisons
	Otherwise, a failed test gives misleading output.

	* tests/commandtest.c (test13, test14, test16): Pass arguments in
	correct order.

2012-01-27  Cole Robinson  <crobinso@redhat.com>

	Return more error output if policykit auth fails.
	Several not uncommon issues can be diagnosed through pkcheck output, like
	lack of/malfunctioning desktop agent, or lack of/malfunctioning polkit
	dbus agent.

	Add new error code VIR_ERROR_AUTH_CANCELLED
	And hook it up for policykit auth. This allows virt-manager to detect
	that the user clicked the policykit 'cancel' button and not throw
	an 'authentication failed' error message at the user.

2012-01-27  Eric Blake  <eblake@redhat.com>

	qemu: avoid double free of qemu help output
	If yajl was not compiled in, we end up freeing an incoming
	parameter, which leads to a bogus free later on.  Regression
	introduced in commit 6e769eb.

	* src/qemu/qemu_capabilities.c (qemuCapsParseHelpStr): Avoid alloc
	on failure path, which in turn fixes bogus free.
	Reported by Cole Robinson.

2012-01-27  Eric Blake  <eblake@redhat.com>

	build: fix missing include
	Fix a build failure:

	virt-host-validate.c: In function 'main':
	virt-host-validate.c:82:5: error: implicit declaration of function 'setlocale' [-Werror=implicit-function-declaration]
	virt-host-validate.c:82:5: error: nested extern declaration of 'setlocale' [-Werror=nested-externs]
	virt-host-validate.c:82:20: error: 'LC_ALL' undeclared (first use in this function)

	* tools/virt-host-validate.c: Add <locale.h>.
	* .gitignore: Ignore built executable.

2012-01-27  Eric Blake  <eblake@redhat.com>

	xml: fix struct typos
	Noticed this while reviewing Dan's patches.

	* src/util/xml.c (virXMLRewritFileData): Rename to
	virXMLRewriteFileData.

2012-01-27  Daniel P. Berrange  <berrange@redhat.com>

	Move virEmitXMLWarning into xml.h
	The virEmitXMLWarning function should always have been in
	the xml.[hc] files, and should use virXML as its name
	prefix

	* src/util/util.c, src/util/util.h: Remove virEmitXMLWarning
	* src/util/xml.c, src/util/xml.h: Add virXMLEmitWarning

2012-01-27  Daniel P. Berrange  <berrange@redhat.com>

	Move virMacAddrXXX functions to src/util/virmacaddr.[ch]
	Move the virMacAddrXXX functions out of util.[ch] and into a
	new dedicate file virmacaddr.[ch]

	Rename virXXXXMacAddr to virMacAddrXXX
	Rename virFormatMacAddr, virGenerateMacAddr and virParseMacAddr
	to virMacAddrFormat, virMacAddrGenerate and virMacAddrParse
	respectively

2012-01-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a virt-host-validate command to sanity check HV config
	To assist people in verifying that their host is operating in an
	optimal manner, provide a 'virt-host-validate' command. For each
	type of hypervisor, it will check any pre-requisites, or other
	good recommendations and report what's working & what is not.

	eg

	  # virt-host-validate
	  QEMU: Checking for device /dev/kvm                                         : FAIL (Check that the 'kvm-intel' or 'kvm-amd' modules are loaded & the BIOS has enabled virtualization)
	  QEMU: Checking for device /dev/vhost                                       : WARN (Load the 'vhost_net' module to improve performance of virtio networking)
	  QEMU: Checking for device /dev/net/tun                                     : PASS
	   LXC: Checking for Linux >= 2.6.26                                         : PASS

	This warns people if they have vmx/svm, but don't have /dev/kvm. It
	also warns about missing /dev/vhost net.

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: parse and create -cpu ...,-kvmclock
	QEMU supports a bunch of CPUID features that are tied to the kvm CPUID
	nodes rather than the processor's.  They are "kvmclock",
	"kvm_nopiodelay", "kvm_mmu", "kvm_asyncpf".  These are not known to
	libvirt and their CPUID leaf might move if (for example) the Hyper-V
	extensions are enabled. Hence their handling would anyway require some
	special-casing.

	However, among these the most useful is kvmclock; an additional
	"property" of this feature is that a <timer> element is a better model
	than a CPUID feature.  Although, creating part of the -cpu command-line
	from something other than the <cpu> XML element introduces some
	ugliness.

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	conf: add kvmclock timer
	Add kvmclock timer to documentation, schema and parsers.  Keep the
	platform timer first since it is kind of special, and alphabetize
	the others when possible (i.e. when it does not change the ABI).

	Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: do not create useless <cpu> element
	Avoid creating an empty <cpu> element when the QEMU command-line simply
	specifies the default "-cpu qemu32" or "-cpu qemu64".

	This requires the previous patch, which lets us represent "-cpu qemu32"
	as <os arch='i686'> in the generated XML.

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: get arch name from <cpu> element
	The qemu32 CPU model is chosen based on the <os arch=...> name when
	creating the QEMU command line for a 64-bit host.  For the opposite
	transformation we can test the guest CPU model for the "lm" feature.
	If it is absent, def->os.arch needs to be corrected.

	qemu: detect arch correctly for KVM
	When running under KVM, the arch is usually set to i686 because
	the name of the emulator is not qemu-system-x86_64.  Use the host
	arch instead.

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	x86: add kvm32 and kvm64, update qemu64
	Recently (or not so recently) QEMU added the kvm32 and kvm64
	architectures, representing a least common denominator of all
	hosts that can run KVM.  Add them to the machine map.

	Also, some features that TCG supports were added to qemu64.
	Add them to the cpu_map.xml whenever KVM is guaranteed to support
	those.  We still have to leave some out, because they would not
	be available to guests running on older hosts.

2012-01-27  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: parse -enable-kvm

2012-01-27  Eric Blake  <eblake@redhat.com>

	qemu: require qmp on new enough qemu
	The qemu developers have made it clear that modern qemu will no
	longer guarantee human monitor command stability; furthermore,
	some features, such as async events, are only supported via qmp.
	If we are compiled without support for handling JSON, we cannot
	expect to sanely interact with modern qemu.

	However, things must continue to build on RHEL 5, where qemu
	is stuck at 0.10, and where yajl is not available.

	Another benefit of this patch: future additions of new monitor
	commands need only focus on qemu_monitor_json.c, instead of
	also wasting time with qemu_monitor_text.c.

	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Report
	error if yajl is missing but qemu requires qmp.
	(qemuCapsParseHelpStr): Propagate error.
	(qemuCapsExtractVersionInfo): Update caller.
	* tests/qemuhelptest.c (testHelpStrParsing): Likewise.

2012-01-27  Eric Blake  <eblake@redhat.com>

	qemu: support qmp on RHEL/CentOS qemu
	I'm getting tired of remembering to backport RHEL-specific
	patches when building upstream libvirt on RHEL 6.x or CentOS.
	All the affected versions of RHEL qemu-kvm have backported
	enough patches to a) make JSON useful, and b) modify the
	-help text to mention libvirt as the preferred interface;
	which means this string in the help output is a reliable
	indicator that we can outsmart a strict version check,
	even when upstream qemu 0.12 lacked the needed features.

	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags):
	Recognize particular help string present when enough features were
	backported to be worth using JSON.
	* tests/qemuhelptest.c (mymain): Update tests accordingly.

2012-01-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Rebuild filters only if new filter is different than current
	Compare two filters' XML for equality and only rebuild/instantiate the new
	filter if the new and current filters are found to be different. This
	improves performance during an update of a filter with no obvious change
	or the reloading of filters during a 'kill -SIGHUP'

2012-01-27  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Force instantiation of filters upon driver reload
	Introduce a function that rebuilds all running VMs' filters. Call
	this function when reloading the nwfilter driver.

	This addresses a problem introduced by the 2nd patch that typically
	causes no filters to be reinstantiate anymore upon driver reload
	since their XML has not changed. Yet the current behavior is that
	upon a SIGHUP all filters get reinstantiated.

2012-01-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Refactor qemuMonitorGetBlockInfo
	QEMU always sends details about all available block devices as an answer
	for "info block"/"query-block" command. On the other hand, our
	qemuMonitorGetBlockInfo was made for a single block devices queries
	only. Thus, when asking for multiple devices, we asked qemu multiple
	times to always get the same answer from which different parts were
	filtered. This patch makes qemuMonitorGetBlockInfo return a hash table
	of all block devices, which may later be used for getting details about
	specific devices.

	apparmor: Fix use of uninitialized random_data
	Without this, virt-aa-helper would segfault in -c or -r commands.

2012-01-27  Marcelo Cerri  <mhcerri@linux.vnet.ibm.com>

	Update VIRT_CONTROL audit record with pid.
	Added a new field "vm-pid" to the VIRT_CONTROL audit record. This information
	is useful to correlated another audit events to the events generated by
	libvirt.

2012-01-27  Eric Blake  <eblake@redhat.com>

	build: allow for 64-bit pid in daemon
	Convert daemon code to handle 64-bit pid_t (even though at the
	moment, it is not compiled on mingw).

	* daemon/remote.c (remoteDispatchAuthList)
	(remoteDispatchAuthPolkit): Print pid_t via %lld.

2012-01-27  Eric Blake  <eblake@redhat.com>

	daemon: convert virRun to virCommand
	Using snprintf to build up argv seems archaic.

	* daemon/remote.c (remoteDispatchAuthPolkit): Modernize command call.

2012-01-26  Eric Blake  <eblake@redhat.com>

	hash: minor touchups
	On RHEL5, I got:
	util/virrandom.c:66: warning: nested extern declaration of '_gl_verify_function66' [-Wnested-externs]

	The fix is to hoist the verify earlier.  Also some other hodge-podge
	fixes I noticed while reviewing Dan's recent series.

	* .gitignore: Ignore new test.
	* src/util/cgroup.c: Bump copyright year.
	* src/util/virhash.c: Fix typo in description.
	* src/util/virrandom.c (virRandomBits): Mark doc comment, and
	hoist assert to silence older gcc.

2012-01-26  Michal Privoznik  <mprivozn@redhat.com>

	util: Include stdint.h because of uint32_t
	Some files are using uint32_t or int64_t without including
	stdint.h which defines them. Fix this.

2012-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Remove tabs from libvirt_public.syms & enforce it
	* src/libvirt_public.syms: Death to tabs
	* cfg.mk: Check .syms files for tabs

	Add missing docs for <viridian/> feature flag

2012-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Replace hashing algorithm with murmurhash
	Recent discussions have illustrated the potential for DOS attacks
	with the hash table implementations used by most languages and
	libraries.

	   https://lwn.net/Articles/474912/

	libvirt has an internal hash table impl, and uses hash tables for
	a variety of purposes. The hash key generation code is pretty
	simple and thus not strongly collision resistant.

	This patch replaces the current libvirt hash key generator with
	the (public domain) Murmurhash3 code. In addition every hash
	table now gets a random seed value which is used to perturb the
	hashing code. This should make it impossible to mount any
	practical attack against libvirt hashing code.

	* bootstrap.conf: Import bitrotate module
	* src/Makefile.am: Add virhashcode.[ch]
	* src/util/util.c: Make virRandom() return a fixed 32 bit
	  integer value.
	* src/util/hash.c, src/util/hash.h, src/util/cgroup.c: Replace
	  hash code generation with a call to virHashCodeGen()
	* src/util/virhashcode.h, src/util/virhashcode.c: Add a new
	  virHashCodeGen() API using the Murmurhash3 algorithm.

2012-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Rename  hash.h and hash.c to virhash.h and virhash.c
	In preparation for the patch to include Murmurhash3, which
	introduces a virhashcode.h and virhashcode.c files, rename
	the existing hash.h and hash.c to virhash.h and virhash.c
	respectively.

	Convert various virHash functions to use size_t / uint32
	In preparation for conversion over to use the Murmurhash3
	algorithm, convert various virHash APIs to use size_t or
	uint32 for their return values/parameters, instead of the
	variable size 'unsigned long' or 'int' types

2012-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Introduce new API for generating random numbers
	The old virRandom() API was not generating good random numbers.
	Replace it with a new API virRandomBits which instead of being
	told the upper limit, gets told the number of bits of randomness
	required.

	* src/util/virrandom.c, src/util/virrandom.h: Add virRandomBits,
	  and move virRandomInitialize
	* src/util/util.h, src/util/util.c: Delete virRandom and
	  virRandomInitialize
	* src/libvirt.c, src/security/security_selinux.c,
	  src/test/test_driver.c, src/util/iohelper.c: Update for
	  changes from virRandom to virRandomBits
	* src/storage/storage_backend_iscsi.c: Remove bogus call
	  to virRandomInitialize & convert to virRandomBits

2012-01-26  Peter Krempa  <pkrempa@redhat.com>

	schema: Relax schema for domain name
	The domain schema enforced restrictions on the domain name string that
	the code doesn't. This patch relaxes the check, leaving the restrictions
	on the driver or hypervisor. The only invalid character is a newline.

2012-01-26  Michal Privoznik  <mprivozn@redhat.com>

	storage: Support different wiping algorithms
	Currently, we support only filling a volume with zeroes on wiping.
	However, it is not enough as data might still be readable by
	experienced and equipped attacker. Many technical papers have been
	written, therefore we should support other wiping algorithms.

2012-01-26  Eric Blake  <eblake@redhat.com>

	docs: fix virsh man page
	Typo introduced in commit 4e9953a, and remained in 6fba577.

	* tools/virsh.pod (snapshot-create): Fix pod error.

2012-01-26  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Cast pointer to int using intptr_t
	Fix a few warnings with mingw64 x86_64.

2012-01-25  Eric Blake  <eblake@redhat.com>

	build: fix header order on mingw
	In file included from ../gnulib/lib/unistd.h:51:0,
	                 from ../src/util/util.h:30,
	                 from rpc/virkeepalive.c:29:
	/usr/x86_64-w64-mingw32/sys-root/mingw/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]

	Reported by Marc-André Lureau.

	* src/util/threads-win32.h (includes): Pick up winsock2.h before
	windows.h, as required by mingw64.

2012-01-25  Marc-André Lureau  <marcandre.lureau@gmail.com>

	errcode is typedef by mingw, rename an argument name
	Fixes the following warning:
	util/virterror.c:1242:31: warning: declaration of 'errcode' shadows a global declaration [-Wshadow]

	Add missing virGetGroupName()
	Add missing function if !HAVE_GETPWUID_R.

2012-01-25  Cole Robinson  <crobinso@redhat.com>

	storage: Fix any VolLookupByPath if we have an empty logical pool
	On F16 at least, empty volume groups don't have a directory under /dev.
	The directory only appears once a logical volume is created.

	This tickles some behavior in BackendStablePath which ends with
	libvirt sleeping for 5 seconds while waiting for the directory to appear.
	This causes all sorts of problems for the virStorageVolLookupByPath API
	which virtinst uses, even if trying to resolve a path that is independent
	of the logical pool.

	In reality we don't even need to do that checking since logical pools
	always have a stable target path. Short circuit the polling in that
	case.

	Fixes bug 782261

2012-01-25  Eric Blake  <eblake@redhat.com>

	lxc: export container=lxc-libvirt for systemd
	Systemd detects containers based on whether they have
	an environment variable starting with 'container=lxc';
	using a longer name fits the expectations, while also
	allowing detection of who created the container.

	Requested by Lennart Poettering, in response to
	https://bugs.freedesktop.org/show_bug.cgi?id=45175

	* src/lxc/lxc_container.c (lxcContainerBuildInitCmd): Add another
	env-var.

2012-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Don't bind mount onto a char device for /dev/ptmx in LXC
	The current setup code for LXC is bind mounting /dev/pts/ptmx
	on top of a character device /dev/ptmx. This is denied by SELinux
	policy and is just wrong. The target of a bind mount should just
	be a plain file

	* src/lxc/lxc_container.c: Don't bind /dev/pts/ptmx onto
	  a char device

2012-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Add virFileTouch for creating empty files
	Add a virFileTouch API which ensures that a file will always
	exist, even if zero length

	* src/util/virfile.c, src/util/virfile.h,
	  src/libvirt_private.syms: Introduce virFileTouch

2012-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Expose new VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag
	to cmdSnapshotCreate and cmdSnapshotCreateAs.

	snapshots: Introduce VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE flag
	With this flag, virDomainSnapshotCreate will use fs-freeze and
	fs-thaw guest agent commands to quiesce guest's disks.

	qemu_agent: Create file system freeze and thaw functions
	These functions simply issue command to guest agent which
	should freeze or unfreeze all file systems within guest.

2012-01-25  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Emit bootindex even for direct boot
	Direct boot (using kernel, initrd, and command line) is used by
	virt-install/virt-manager for network install. While any bootindex has
	no direct effect since -kernel is always first, we need it as a hint for
	SeaBIOS to present disks in the same order as they will be presented
	during normal boot.

2012-01-25  Laine Stump  <laine@laine.org>

	docs: fix a few small typos in formatdomain.html.in

2012-01-25  Eric Blake  <eblake@redhat.com>

	metadata: group metadata next to description
	It's better to group all the metadata together.  This is a
	cosmetic output change; since the RNG allows interleave, it
	doesn't matter where the user stuck it on input, and an XPath
	query will find the same information when parsing the output.

	* src/conf/domain_conf.c (virDomainDefFormatInternal): Output
	metadata earlier.
	* docs/formatdomain.html.in: Update documentation.
	* tests/domainsnapshotxml2xmlout/metadata.xml: Update test.
	* tests/qemuxml2xmloutdata/qemuxml2xmlout-metadata.xml: Likewise.

2012-01-25  Eric Blake  <eblake@redhat.com>

	build: simplify xmlFreeNode usage
	Noticed while reviewing the previous patch; thankfully, there
	are no violations.

	* cfg.mk (useless_free_options): Add xmlFreeNode.

2012-01-25  Zeeshan Ali (Khattak)  <zeeshanak@gnome.org>

	Allow custom metadata in domain configuration XML
	Applications can now insert custom nodes and hierarchies into domain
	configuration XML. Although currently not enforced, applications are
	required to use their own namespaces on every custom node they insert,
	with only one top-level element per namespace.

2012-01-24  Laszlo Ersek  <lersek@redhat.com>

	virCommandProcessIO(): make poll() usage more robust
	POLLIN and POLLHUP are not mutually exclusive. Currently the following
	seems possible: the child writes 3K to its stdout or stderr pipe, and
	immediately closes it. We get POLLIN|POLLHUP (I'm not sure that's possible
	on Linux, but SUSv4 seems to allow it). We read 1K and throw away the
	rest.

	When poll() returns and we're about to check the /revents/ member in a
	given array element, let's map all the revents bits to two (independent)
	ideas: "let's attempt to read()", and "let's attempt to write()". This
	should cover all errors, EOFs, and normal conditions; the read()/write()
	call should report any pending error.

	Under this approach, both POLLHUP and POLLERR are mapped to "needs read()"
	if we're otherwise prepared for POLLIN. POLLERR also maps to "needs
	write()" if we're otherwise prepared for POLLOUT. The rest of the mappings
	(POLLPRI etc.) would be easy, but probably useless for pipes.

	Additionally, SUSv4 doesn't appear to forbid POLLIN|POLLERR (or
	POLLOUT|POLLERR) set simultaneously. One could argue that the read() or
	write() call would return without blocking in these cases (with an error),
	so POLLIN / POLLOUT would be justified beside POLLERR.

	The code now penalizes POLLIN|POLLERR differently from plain POLLERR. The
	former (ie. read() returning -1) is terminal and we jump to cleanup, while
	plain POLLERR masks only the affected file descriptor for the future.
	Let's unify those.

2012-01-24  Alon Levy  <alevy@redhat.com>

	src/datatypes.h: fix typo

2012-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow choice of shutdown method via virsh
	Extend the 'shutdown' and 'reboot' methods so that they both
	accept a new argument

	    --mode acpi|agent

	* tools/virsh.c: New args for shutdown/reboot
	* tools/virsh.pod: Document new args

2012-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Wire up QEMU agent to reboot/shutdown APIs
	This makes use of the QEMU guest agent to implement the
	virDomainShutdownFlags and virDomainReboot APIs. With
	no flags specified, it will prefer to use the agent, but
	fallback to ACPI. Explicit choice can be made by using
	a suitable flag

	* src/qemu/qemu_driver.c: Wire up use of agent

2012-01-24  Daniel P. Berrange  <berrange@redhat.com>

	Add new virDomainShutdownFlags API
	Add a new API virDomainShutdownFlags and define:

	    VIR_DOMAIN_SHUTDOWN_DEFAULT        = 0,
	    VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN = (1 << 0),
	    VIR_DOMAIN_SHUTDOWN_GUEST_AGENT    = (1 << 1),

	Also define some flags for the reboot API

	    VIR_DOMAIN_REBOOT_DEFAULT        = 0,
	    VIR_DOMAIN_REBOOT_ACPI_POWER_BTN = (1 << 0),
	    VIR_DOMAIN_REBOOT_GUEST_AGENT    = (1 << 1),

	Although these two APIs currently have the same flags, using
	separate enums allows them to expand separately in the future.

	Add stub impls of the new API for all existing drivers

2012-01-24  Daniel P. Berrange  <berrange@redhat.com>

	QEMU guest agent support
	There is now a standard QEMU guest agent that can be installed
	and given a virtio serial channel

	    <channel type='unix'>
	      <source mode='bind' path='/var/lib/libvirt/qemu/f16x86_64.agent'/>
	      <target type='virtio' name='org.qemu.guest_agent.0'/>
	    </channel>

	The protocol that runs over the guest agent is JSON based and
	very similar to the JSON monitor. We can't use exactly the same
	code because there are some odd differences in the way messages
	and errors are structured. The qemu_agent.c file is based on
	a combination and simplification of qemu_monitor.c and
	qemu_monitor_json.c

	* src/qemu/qemu_agent.c, src/qemu/qemu_agent.h: Support for
	  talking to the agent for shutdown
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add thread
	  helpers for talking to the agent
	* src/qemu/qemu_process.c: Connect to agent whenever starting
	  a guest
	* src/qemu/qemu_monitor_json.c: Make variable static

2012-01-24  Michal Privoznik  <mprivozn@redhat.com>

	hashtest: Initialize variable in virHashEqual test
	One of latest patches (b7bcb22ce2) enhanced testing for virHashEqual.
	However, hash2 variable might be used uninitialized.

2012-01-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test case for virHashEqual function
	Add a test case to test the virHashEqual function.

	Compare two hash tables for equality
	Add function to compare two hash tables for equality.

2012-01-23  Eric Blake  <eblake@redhat.com>

	build: skip lxc with too-old glibc
	Since we already require the kernel to be new enough to support
	LO_FLAGS_AUTOCLEAR, we might as well also require glibc to be
	new enough to support epoll_create1().

	* configure.ac (with_lxc): We require glibc 2.9 for LXC.
	Reported and tested by Philipp Hahn.

2012-01-23  Guido Günther  <agx@sigxcpu.org>

	xen: Don't crash when we fail to init caps
	by dereferencing a NULL pointer in the call to
	virNodeSuspendGetTargetMask.

2012-01-21  Guido Günther  <agx@sigxcpu.org>

	xen: properly report out of memory when hvm_type is too small

2012-01-21  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh: let domif-{get,set}link take target name
	Other virsh domifXXX commands can accept target name
	as a parameter to specify interface. From viewpoint of
	consistency, virsh domif-getlink command should accept
	target name as a parameter. This patch achieves this.

2012-01-21  Eric Blake  <eblake@redhat.com>

	maint: cleanup qemu capabilities
	Fix inconsistent whitespace and long lines.

	* src/qemu/qemu_capabilities.h (qemuCapsFlags): Improve formatting.

2012-01-21  Eric Blake  <eblake@redhat.com>

	maint: enforce use of _LAST marker
	When converting a linear enum to a string, we have checks in
	place in the VIR_ENUM_IMPL macro to ensure that there is one
	string for every value, which lets us quickly flag if a user
	added a value but forgot to add a counterpart string.  However,
	this only works if we use the _LAST marker.

	* cfg.mk (sc_require_enum_last_marker): New syntax check.
	* src/conf/domain_conf.h (virDomainSnapshotState): Add new marker.
	* src/conf/domain_conf.c (virDomainSnapshotState): Fix offender.
	* src/qemu/qemu_monitor_json.c (qemuMonitorWatchdogAction)
	(qemuMonitorIOErrorAction, qemuMonitorGraphicsAddressFamily):
	Likewise.
	* src/util/virtypedparam.c (virTypedParameter): Likewise.

2012-01-21  Eric Blake  <eblake@redhat.com>

	API: make declaration of _LAST enum values conditional
	Although this is a public API break, it only affects users that
	were compiling against *_LAST values, and can be trivially
	worked around without impacting compilation against older
	headers, by the user defining VIR_ENUM_SENTINELS before using
	libvirt.h.  It is not an ABI break, since enum values do not
	appear as .so entry points.  Meanwhile, it prevents users from
	using non-stable enum values without explicitly acknowledging
	the risk of doing so.

	See this list discussion:
	https://www.redhat.com/archives/libvir-list/2012-January/msg00804.html

	* include/libvirt/libvirt.h.in: Hide all sentinels behind
	LIBVIRT_ENUM_SENTINELS, and add missing sentinels.
	* src/internal.h (VIR_DEPRECATED): Allow inclusion after
	libvirt.h.
	(LIBVIRT_ENUM_SENTINELS): Expose sentinels internally.
	* daemon/libvirtd.h: Use the sentinels.
	* src/remote/remote_protocol.x (includes): Don't expose sentinels.
	* python/generator.py (enum): Likewise.
	* tests/cputest.c (cpuTestCompResStr): Silence compiler warning.
	* tools/virsh.c (vshDomainStateReasonToString)
	(vshDomainControlStateToString): Likewise.

2012-01-19  Eric Blake  <eblake@redhat.com>

	error: drop old-style error reporting
	While we still don't want to enable gcc's new -Wformat-literal
	warning, I found a rather easy case where the warning could be
	reduced, by getting rid of obsolete error-reporting practices.
	This is the last place where we were passing the (unused) net
	and conn arguments for constructing an error.

	* src/util/virterror_internal.h (virErrorMsg): Delete prototype.
	(virReportError): Delete macro.
	* src/util/virterror.c (virErrorMsg): Make static.
	* src/libvirt_private.syms (virterror_internal.h): Drop export.
	* src/util/conf.c (virConfError): Convert to macro.
	(virConfErrorHelper): New function, and adjust error calls.
	* src/xen/xen_hypervisor.c (virXenErrorFunc): Delete.
	(xenHypervisorGetSchedulerType)
	(xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters)
	(xenHypervisorDomainBlockStats)
	(xenHypervisorDomainInterfaceStats)
	(xenHypervisorDomainGetOSType)
	(xenHypervisorNodeGetCellsFreeMemory, xenHypervisorGetVcpus):
	Update callers.

2012-01-19  Eric Blake  <eblake@redhat.com>

	util: use new virTypedParameter helpers
	Reusing common code makes things smaller; it also buys us some
	additional safety, such as now rejecting duplicate parameters
	during a set operation.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters)
	(qemuDomainSetMemoryParameters, qemuDomainSetNumaParameters)
	(qemuSetSchedulerParametersFlags)
	(qemuDomainSetInterfaceParameters, qemuDomainSetBlockIoTune)
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuDomainGetNumaParameters, qemuGetSchedulerParametersFlags)
	(qemuDomainBlockStatsFlags, qemuDomainGetInterfaceParameters)
	(qemuDomainGetBlockIoTune): Use new helpers.
	* src/esx/esx_driver.c (esxDomainSetSchedulerParametersFlags)
	(esxDomainSetMemoryParameters)
	(esxDomainGetSchedulerParametersFlags)
	(esxDomainGetMemoryParameters): Likewise.
	* src/libxl/libxl_driver.c
	(libxlDomainSetSchedulerParametersFlags)
	(libxlDomainGetSchedulerParametersFlags): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainSetMemoryParameters)
	(lxcSetSchedulerParametersFlags, lxcDomainSetBlkioParameters)
	(lxcDomainGetMemoryParameters, lxcGetSchedulerParametersFlags)
	(lxcDomainGetBlkioParameters): Likewise.
	* src/test/test_driver.c (testDomainSetSchedulerParamsFlags)
	(testDomainGetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorSetSchedulerParameters)
	(xenHypervisorGetSchedulerParameters): Likewise.

2012-01-19  Eric Blake  <eblake@redhat.com>

	util: add new file for virTypedParameter utils
	Preparation for another patch that refactors common patterns
	into the new file for fewer lines of code overall.

	* src/util/util.h (virTypedParameterArrayClear): Move...
	* src/util/virtypedparam.h: ...to new file.
	(virTypedParameterArrayValidate, virTypedParameterAssign): New
	prototypes.
	* src/util/util.c (virTypedParameterArrayClear): Likewise.
	* src/util/virtypedparam.c: New file.
	* po/POTFILES.in: Mark file for translation.
	* src/Makefile.am (UTIL_SOURCES): Build it.
	* src/libvirt_private.syms (util.h): Split...
	(virtypedparam.h): to new section.
	(virkeycode.h): Sort.
	* daemon/remote.c: Adjust callers.
	* tools/virsh.c: Likewise.

2012-01-19  Eric Blake  <eblake@redhat.com>

	lxc: use live/config helper
	Based on qemu changes made in commits ae523427 and 659ded58.

	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags, lxcDomainSetBlkioParameters)
	(lxcDomainGetBlkioParameters): Use helpers.
	(lxcDomainSetBlkioParameters): Allow setting live and config at
	once.

2012-01-19  Eric Blake  <eblake@redhat.com>

	build: silence some compiler warnings from gnulib
	Gnulib claims that there are some classes of warnings that are
	worth enabling during development, but where silencing those
	warnings causes code bloat that is not necessary in an optimized
	build.  The code bloat to silence the warnings is only enabled
	by -Dlint.  Follow the lead of coreutils in setting up -Dlint
	whenever full warnings are requested.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Add
	-Dlint, and move _FORTIFY_SOURCE to config.h instead of CFLAGS.

2012-01-19  Eric Blake  <eblake@redhat.com>

	threads: check for failure to set thread-local value
	We had a memory leak on a very arcane OOM situation (unlikely to ever
	hit in practice, but who knows if libvirt.so would ever be linked
	into some other program that exhausts all thread-local storage keys?).
	I found it by code inspection, while analyzing a valgrind report
	generated by Alex Jia.

	* src/util/threads.h (virThreadLocalSet): Alter signature.
	* src/util/threads-pthread.c (virThreadHelper): Reduce allocation
	lifetime.
	(virThreadLocalSet): Detect failure.
	* src/util/threads-win32.c (virThreadLocalSet): Likewise.
	(virCondWait): Fix caller.
	* src/util/virterror.c (virLastErrorObject): Likewise.

2012-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix rpc generator to anchor matches for method names
	The RPC generator transforms methods matching certain
	patterns like 'id' or 'uuid', etc but does not anchor
	its matches to the end of the word. So if a method
	contains 'id' in the middle (eg virIdentity) then the
	RPC generator munges that.

	* src/rpc/gendispatch.pl: Anchor matches

2012-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Rename APIs for fetching UNIX socket credentials
	To avoid a namespace clash with forthcoming identity APIs,
	rename the virNet*GetLocalIdentity() APIs to have the form
	virNet*GetUNIXIdentity()

	* daemon/remote.c, src/libvirt_private.syms: Update
	  for renamed APIs
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h,
	  src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: s/LocalIdentity/UNIXIdentity/

2012-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Add virGetGroupName to convert from GID to group name

	Remove duplicate call to virNetSASLSessionGetIdentity
	* daemon/remote.c: remoteSASLFinish called the method
	  virNetSASLSessionGetIdentity twice, remove second call

	Also retrieve GID from SO_PEERCRED
	* daemon/remote.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverclient.h, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h: Add gid parameter

2012-01-18  Martin Kletzander  <mkletzan@redhat.com>

	Added capability checking for block <iotune> setting.
	There was missing capability for blkiotune and thus specifying these
	settings caused libvirt to run qemu with invalid parameters and then
	reporting qemu error instead of the standard libvirt one. The support
	for blkiotune setting was added in upstream qemu repo under commit
	0563e191516289c9d2f282a8c50f2eecef2fa773.

2012-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix startup of LXC containers with filesystems containing symlinks
	Given an LXC guest with a root filesystem path of

	  /export/lxc/roots/helloworld/root

	During startup, we will pivot the root filesystem to end up
	at

	  /.oldroot/export/lxc/roots/helloworld/root

	We then try to open

	  /.oldroot/export/lxc/roots/helloworld/root/dev/pts

	Now consider if '/export/lxc' is an absolute symlink pointing
	to '/media/lxc'. The kernel will try to open

	  /media/lxc/roots/helloworld/root/dev/pts

	whereas it should be trying to open

	  /.oldroot//media/lxc/roots/helloworld/root/dev/pts

	To deal with the fact that the root filesystem can be moved,
	we need to resolve symlinks in *any* part of the filesystem
	source path.

	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileResolveAllLinks to resolve
	  all symlinks in a path
	* src/lxc/lxc_container.c: Resolve all symlinks in filesystem
	  paths during startup

2012-01-18  Osier Yang  <jyang@redhat.com>

	qemu: Prohibit reattaching node device if it is in use
	It doesn't make sense to reattach a device to host while it's
	still in use, e.g, by a domain.

2012-01-18  Osier Yang  <jyang@redhat.com>

	qemu: Introduce inactive PCI device list
	pciTrySecondaryBusReset checks if there is active device on the
	same bus, however, qemu driver doesn't maintain an effective
	list for the inactive devices, and it passes meaningless argument
	for parameter "inactiveDevs". e.g. (qemuPrepareHostdevPCIDevices)

	if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs)))
	    return -1;

	..skipped...

	if (pciResetDevice(dev, driver->activePciHostdevs, pcidevs) < 0)
	    goto reattachdevs;

	NB, the "pcidevs" used above are extracted from domain def, and
	thus one won't be able to attach a device of which bus has other
	device even detached from host (nodedev-detach). To see more
	details of the problem:

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=773667

	This patch is to resolve the problem by introducing an inactive
	PCI device list (just like qemu_driver->activePciHostdevs), and
	the whole logic is:

	  * Add the device to inactive list during nodedev-dettach
	  * Remove the device from inactive list during nodedev-reattach
	  * Remove the device from inactive list during attach-device
	    (for non-managed device)
	  * Add the device to inactive list after detach-device, only
	    if the device is not managed

	With the above, we have a sufficient inactive PCI device list, and thus
	we can use it for pciResetDevice. e.g.(qemuPrepareHostdevPCIDevices)

	if (pciResetDevice(dev, driver->activePciHostdevs,
	                   driver->inactivePciHostdevs) < 0)
	    goto reattachdevs;

2012-01-17  Martin Kletzander  <mkletzan@redhat.com>

	Permission change for systemtap examples.
	Execute bit on *.stp files in examples/systemtap/ caused dependency when
	building RPM packages. Disabling execute permission should help the auto
	dependency resolver to see that systemtap is not needed.

2012-01-17  Deepak C Shetty  <deepakcs@linux.vnet.ibm.com>

	Add new attribute wrpolicy to <driver> element
	This introduces new attribute wrpolicy with only supported
	value as immediate. This will be an optional
	attribute with no defaults. This helps specify whether
	to skip the host page cache.

	When wrpolicy is specified, meaning when wrpolicy=immediate
	a writeback is explicitly initiated for the dirty pages in
	the host page cache as part of the guest file write operation.

	Usage:
	<filesystem type='mount' accessmode='passthrough'>
	  <driver type='path' wrpolicy='immediate'/>
	  <source dir='/export/to/guest'/>
	  <target dir='mount_tag'/>
	</filesystem>

	Currently this only works with type='mount' for the QEMU/KVM driver.

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't break domain with 0:0:2.0 assigned to anything but VGA
	In the past we didn't reserve 0:0:2.0 PCI address if there was no video
	device assigned to a domain, which made it impossible to add a video
	device later on. So we fixed it (commit v0.9.0-37-g7b2cac1) by always
	reserving that address. However, that breaks existing domains without
	video devices that already have another device assigned to the
	problematic address.

	This patch reserves address 0:0:2.0 only in case it was not explicitly
	assigned to another device, which means libvirt will try to keep this
	address free and will not automatically assign it new devices. But
	existing domains for which older libvirt already assigned the address to
	a non-video device will keep working as they used to work before 0.9.1.
	Moreover, users who want to create a domain without a video device and
	use its address for another device may do so by explicitly configuring
	the PCI address in domain XML.

2012-01-17  Eric Blake  <eblake@redhat.com>

	tests: avoid dirname in tests
	qemuxml2argvtest sanitizes PATH to just /bin, but on at least
	Fedora 16, dirname lives in /usr/bin instead.  Regression
	introduced in commit e7201afd.

	* tests/qemuxml2argvdata/qemu.sh: Avoid forking a dirname call,
	since dirname might not be in PATH after test sanitization.
	* tests/qemuxml2argvdata/qemu-supported-cpus.sh: Likewise.
	Diagnosed by Michal Privoznik.

2012-01-17  Martin Kletzander  <mkletzan@redhat.com>

	Fixed dumpxml of <iotune> parameters
	The output of dumpxml for <iotune> settings was misformatted, this
	patch just adds missing newlines.

2012-01-17  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: fix typing error in filter
	Fix a typing error in the no-ip-spoofing filter.
	Return DHCP request packets passing through this filter. Have
	the user use another filter to actually allow DHCP requests to be
	sent (action='accept').

2012-01-17  Daniel Veillard  <veillard@redhat.com>

	Remove dmidecode dependancy outside PC arches
	The new dependancy is only available on ix86, x86_64 and ia64

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for host CPU modes
	This adds support for host-model and host-passthrough CPU modes to qemu
	driver. The host-passthrough mode is mapped to -cpu host.

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	Taint domains configured with cpu mode=host-passthrough
	There are several reasons for doing this:

	- the CPU specification is out of libvirt's control so we cannot
	  guarantee stable guest ABI
	- not every feature of a CPU may actually work as expected when
	  advertised directly to a guest
	- migration between two machines with exactly the same CPU may work but
	  no guarantees can be made
	- this mode is not supported and its use is at one's own risk

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Update guest CPU in host-* mode
	VIR_DOMAIN_XML_UPDATE_CPU flag for virDomainGetXMLDesc may be used to
	get updated custom mode guest CPU definition in case it depends on host
	CPU. This patch implements the same behavior for host-model and
	host-passthrough CPU modes.

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	Add support for cpu mode attribute
	The mode can be either of "custom" (default), "host-model",
	"host-passthrough". The semantics of each mode is described in the
	following examples:

	- guest CPU is a default model with specified topology:
	    <cpu>
	      <topology sockets='1' cores='2' threads='1'/>
	    </cpu>

	- guest CPU matches selected model:
	    <cpu mode='custom' match='exact'>
	      <model>core2duo</model>
	    </cpu>

	- guest CPU should be a copy of host CPU as advertised by capabilities
	  XML (this is a short cut for manually copying host CPU specification
	  from capabilities to domain XML):
	    <cpu mode='host-model'/>

	  In case a hypervisor does not support the exact host model, libvirt
	  automatically falls back to a closest supported CPU model and
	  removes/adds features to match host. This behavior can be disabled by
	    <cpu mode='host-model'>
	      <model fallback='forbid'/>
	    </cpu>

	- the same as previous returned by virDomainGetXMLDesc with
	  VIR_DOMAIN_XML_UPDATE_CPU flag:
	    <cpu mode='host-model' match='exact'>
	      <model fallback='allow'>Penryn</model>       --+
	      <vendor>Intel</vendor>                         |
	      <topology sockets='2' cores='4' threads='1'/>  + copied from
	      <feature policy='require' name='dca'/>         | capabilities XML
	      <feature policy='require' name='xtpr'/>        |
	      ...                                          --+
	    </cpu>

	- guest CPU should be exactly the same as host CPU even in the aspects
	  libvirt doesn't model (such domain cannot be migrated unless both
	  hosts contain exactly the same CPUs):
	    <cpu mode='host-passthrough'/>

	- the same as previous returned by virDomainGetXMLDesc with
	  VIR_DOMAIN_XML_UPDATE_CPU flag:
	    <cpu mode='host-passthrough' match='minimal'>
	      <model>Penryn</model>                        --+ copied from caps
	      <vendor>Intel</vendor>                         | XML but doesn't
	      <topology sockets='2' cores='4' threads='1'/>  | describe all
	      <feature policy='require' name='dca'/>         | aspects of the
	      <feature policy='require' name='xtpr'/>        | actual guest CPU
	      ...                                          --+
	    </cpu>

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Optionally forbid fallback CPU models
	In case a hypervisor doesn't support the exact CPU model requested by a
	domain XML, we automatically fallback to a closest CPU model the
	hypervisor supports (and make sure we add/remove any additional features
	if needed). This patch adds 'fallback' attribute to model element, which
	can be used to disable this automatic fallback.

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	tests: Print XML file name in verbose CPU test
	It's not totally obvious that a failure in

	    CPU guest data(x86): host/guest (models, pref="qemu64")

	test means one needs to fix

	    x86-host+guest,models,qemu64-result.xml

	where the expected XML is stored. Better to provide a nice hint in
	verbose mode for failed tests.

2012-01-17  Jiri Denemark  <jdenemar@redhat.com>

	Clarify semantics of virDomainMigrate{,ToURI}2
	Commit 5d784bd6d7b19314b0908aec6b46bfe377aeba42 was a nice attempt to
	clarify the semantics by requiring domain name from dxml to either match
	original name or dname. However, setting dxml domain name to dname
	doesn't really work since destination host needs to know the original
	domain name to be able to use it in migration cookies. This patch
	requires domain name in dxml to match the original domain name. The
	change should be safe and backward compatible since migration would fail
	just a bit later in the process.

2012-01-17  Osier Yang  <jyang@redhat.com>

	docs: Add missed RNG schema for interface
	We support <interface> of type "mcast", "server", and "client",
	but the RNG schema for them are missed. Attribute "address" is
	optional for "server" type. And these 3 types support
	<mac address='MAC'/>, too.

2012-01-16  Eric Blake  <eblake@redhat.com>

	build: fix bootstrap on fresh clone
	Commit 29db7a0 picked up a gnulib bug, where a change in
	bootstrap meant that it would fail to run libtoolize on
	projects, like libvirt, that used the older spelling
	AM_PROG_LIBTOOL instead of LT_INIT for the sake of building
	on RHEL 5.  Now that gnulib is fixed, we should pick up that
	fix.

	* .gnulib: Update to latest, for bootstrap fix.
	* bootstrap: Resync from gnulib.

2012-01-16  Osier Yang  <jyang@redhat.com>

	docs: Expose alias tag in domain RNG schema
	Though <alias> is ignored when defining a domain, it can cause
	failure if one validates (e.g. virt-xml-validate) the XML dumped
	from a running domain. This patch expose it in domain RNG schema
	for all the devices which support it.

	docs: Add readonly to filesystem RNG schema
	"<readonly/>" is supported by filesystem XML, and also documented.

2012-01-14  Michael Ellerman  <michael@ellerman.id.au>

	conf: Remove do-nothing validation functions
	There are three address validation routines that do nothing:
	  virDomainDeviceDriveAddressIsValid()
	  virDomainDeviceUSBAddressIsValid()
	  virDomainDeviceVirtioSerialAddressIsValid()

	Remove them, and replace their call sites with "1" which is what they
	currently return. In some cases this means we can remove an entire
	if block.

2012-01-14  Michael Ellerman  <michael@ellerman.id.au>

	tests: Add qemuxml2argv tests for PPC64 pseries machine
	Add four tests of the XML -> argv handling for the PPC64 pseries machine.

	The first is just a basic test of a bare bones machine.

	The three others test various aspects of the spapr-vio address handling.

	It seems that currently we can't include network devices, doing so leads
	to a segfault because the network driverState is not initialised. Working
	around that leads us to the problem that the 'default' network doesn't
	exist. So for now just leave network devices out.

2012-01-14  Michael Ellerman  <michael@ellerman.id.au>

	tests: Teach qemuxml2argvtest about spapr-vio addresses
	We can't call qemuCapsExtractVersionInfo() from test code, because it
	expects to be able to call the emulator, and for testing we have fake
	emulators that can't be executed. For that reason qemuxml2argvtest.c
	doesn't call qemuDomainAssignPCIAddresses(), instead it open codes its
	own version.

	That means we can't call qemuDomainAssignAddresses() from the test code,
	instead we need to manually call qemuDomainAssignSpaprVioAddresses().

	Also add logic to cope with qemuDomainAssignSpaprVioAddresses() failing,
	so that we can write a test that checks for a known failure in there.

2012-01-13  Michael Ellerman  <michael@ellerman.id.au>

	Make drive unit attribute optional in the XML schema
	The "unit" attribute of a drive address is optional in the code, so should
	also be in the XML schema.

2012-01-13  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add virtio-scsi controller model
	Adding a new model for virtio-scsi roughly follows the same scheme
	as the previous patch.

2012-01-13  Paolo Bonzini  <pbonzini@redhat.com>

	qemu: add ibmvscsi controller model
	KVM will be able to use a PCI SCSI controller even on POWER.  Let
	the user specify the vSCSI controller by other means than a default.

	After this patch, the QEMU driver will actually look at the model
	and reject anything but auto, lsilogic and ibmvscsi.

2012-01-13  Adam Litke  <agl@us.ibm.com>

	events: Return the correct number of registered events
	Commit d09f6ba5feb655925175dc80122ca2a1e14db2b9 introduced a regression in event
	registration.  virDomainEventCallbackListAddID() will only return a positive
	integer if the type of event being registered is VIR_DOMAIN_EVENT_ID_LIFECYCLE.
	For other event types, 0 is always returned on success.  This has the
	unfortunate side effect of not enabling remote event callbacks because
	remoteDomainEventRegisterAny() uses the return value from the local call to
	determine if an event callback needs to be registered on the remote end.

	Make sure virDomainEventCallbackListAddID() returns the callback count for the
	eventID being registered.

2012-01-13  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	virsh domiflist: change output
	When using "virsh domifstat" command or "virsh domiftune" command,
	we pass an interface name as a parameter, so interface name is
	important.

	"virsh domiflist" output should display interface names
	on the first row.

2012-01-13  Paolo Bonzini  <pbonzini@redhat.com>

	export virNetDevGetVirtualFunctions as a private symbol
	This avoids a linking error.

2012-01-13  Osier Yang  <jyang@redhat.com>

	virsh: Two new fields for command domblklist
	Disk "type" and "device" are generally interesting stuff the
	user may want to known, too. To not break any scripts which
	parsed the output field, a new option "--details" is introduced
	to output the two introduced fields.

	qemu: Support copy on read for disk
	The new introduced optional attribute "copy_on_read</code> controls
	whether to copy read backing file into the image file. The value can
	be either "on" or "off". Copy-on-read avoids accessing the same backing
	file sectors repeatedly and is useful when the backing file is over a
	slow network. By default copy-on-read is off.

2012-01-13  Martin Kletzander  <mkletzan@redhat.com>

	Added check for maximum number of vcpus exceeding topology limit
	Earlier, when the number of vcpus was greater than the topology allowed,
	libvirt didn't raise an error and continued, resulting in running qemu
	with parameters making no sense. Even though qemu did not report any
	error itself, the number of vcpus was set to maximum allowed by the
	topology.

2012-01-12  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Pick up recent gnulib improvements.

	* .gnulib: Update to latest.
	* bootstrap: Resync.
	* bootstrap.conf (gnulib_tool_option_extras): Adjust to bootstrap
	changes.
	* gnulib/lib/Makefile.am: Likewise.

2012-01-12  Eric Blake  <eblake@redhat.com>

	uuid: fix off-by-one
	Detected by Coverity.  Although unlikely, if we are ever started
	with stdin closed, we could reach a situation where we open a
	uuid file but then fail to close it, making that file the new
	stdin for the rest of the process.

	* src/util/uuid.c (getDMISystemUUID): Allow for stdin.

2012-01-12  Eric Blake  <eblake@redhat.com>

	build: fix virsh reformat fallout
	Commit 69f0b446 failed to update the expected test output.

	* tests/virshtest.c (testCompareListDefault)
	(testCompareListCustom): Adjust to recent code change.

2012-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Rsync keymaps.csv file with GTK-VNC

2012-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Re-write LXC controller end-of-file I/O handling yet again
	Currently the LXC controller attempts to deal with EOF on a
	tty by spawning a thread to do an edge triggered epoll_wait().
	This avoids the normal event loop spinning on POLLHUP. There
	is a subtle mistake though - even after seeing POLLHUP on a
	master PTY, it is still perfectly possible & valid to write
	data to the PTY. There is a buffer that can be filled with
	data, even when no client is present.

	The second mistake is that the epoll_wait() thread was not
	looking for the EPOLLOUT condition, so when a new client
	connects to the LXC console, it had to explicitly send a
	character before any queued output would appear.

	Finally, there was in fact no need to spawn a new thread to
	deal with epoll_wait(). The epoll file descriptor itself
	can be poll()'d on normally.

	This patch attempts to deal with all these problems.

	 - The blocking epoll_wait() thread is replaced by a poll
	   on the epoll file descriptor which then does a non-blocking
	   epoll_wait() to handle events
	 - Even if POLLHUP is seen, we continue trying to write
	   any pending output until getting EAGAIN from write.
	 - Once write returns EAGAIN, we modify the epoll event
	   mask to also look for EPOLLOUT

	* src/lxc/lxc_controller.c: Avoid stalled I/O upon
	  connected to an LXC console

2012-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Allow 10 chars for domain IDs & 30 chars for names in virsh list
	Domain IDs are at least 16 bits for most hypervisors, theoretically
	event 32-bits.  3 characters is clearly too small an alignment.
	Increase alignment to 5 characters to allow 16-bit domain IDs to
	display cleanly. Commonly seen with LXC where domain IDs are the
	process IDs by default.  Also increase the 'name' field from 20
	to 30 characters to cope with longer guest names which are quite
	common

2012-01-12  Michal Privoznik  <mprivozn@redhat.com>

	stream: Check for stream EOF
	If client stream does not have any data to sink and neither received
	EOF, a dummy packet is sent to the daemon signalising client is ready to
	sink some data. However, after we added event loop to client a race may
	occur:

	Thread 1 calls virNetClientStreamRecvPacket and since no data are cached
	nor stream has EOF, it decides to send dummy packet to server which will
	sent some data in turn. However, during this decision and actual message
	exchange with server -

	Thread 2 receives last stream data from server. Therefore an EOF is set
	on stream and if there is a call waiting (which is not yet) it is woken
	up. However, Thread 1 haven't sent anything so far, so there is no call
	to be woken up. So this thread sent dummy packet to daemon, which
	ignores that as no stream is associated with such packet and therefore
	no reply will ever come.

	This race causes client to hang indefinitely.

2012-01-12  Osier Yang  <jyang@redhat.com>

	virsh: New command print summary of all virtual interfaces
	Just like command "domblklist", the command extracts "type",
	"source", "target", "model", and "MAC" of all virtual interfaces
	from domain XML (live or persistent).

2012-01-11  Deepak C Shetty  <deepakcs@linux.vnet.ibm.com>

	Do not generate security_model when fs driver is anything but 'path'
	QEMU does not support security_model for anything but 'path' fs driver type.
	Currently in libvirt, when security_model ( accessmode attribute) is not
	specified it auto-generates it irrespective of the fs driver type, which
	can result in a qemu error for drivers other than path. This patch ensures
	that the qemu cmdline is correctly generated by taking into account the
	fs driver type.

2012-01-11  Shradha Shah  <sshah@solarflare.com>

	Added new option to virsh net-dumpxml called --inactive
	The above option helps to differentiate between implicit and explicit
	interface pools.

	Functionality to implicitly get interface pool from SR-IOV PF.
	If a system has 64 or more VF's, it is quite tedious to mention each VF
	in the interface pool.
	The following modification will implicitly create an interface pool from
	the SR-IOV PF.

	Adding the element pf to network xml.
	This element will help the user to just specify the SR-IOV physical
	function in order to access all the Virtual functions attached to it.

2012-01-11  Shradha Shah  <sshah@solarflare.com>

	Added Function virNetDevGetVirtualFunctions
	This functions enables us to get the Virtual Functions attached to
	a Physical function given the name of a SR-IOV physical functio.

	In order to accomplish the task, added a getter function pciGetDeviceAddrString
	to get the BDF of the Virtual Function in a char array.

2012-01-11  Shradha Shah  <sshah@solarflare.com>

	Added function pciSysfsFile to enable access to the PCI SYSFS files.

2012-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Disable netcf if building without libvirtd
	Although the netcf interface driver can in theory be used by
	the stateless drivers, in practice none of them want to use
	it because they have different ways of dealing with interfaces.

	Furthermore, if you have mingw32-netcf installed, then the
	libvirt mingw32 build will fail with

	  ../../src/interface/netcf_driver.c:644:5: error: unknown field 'close_used_without_including_unistd_h' specified in initializer

	 * configure.ac: disable netcf if built without libvirtd

2012-01-11  Eric Blake  <eblake@redhat.com>

	build: fix build on mingw with netcf available
	The autobuilder pointed out an odd failure on mingw:
	../../src/interface/netcf_driver.c:644:5: error: unknown field 'close_used_without_including_unistd_h' specified in initializer
	cc1: warnings being treated as errors

	This is because the gnulib headers #define close to different strings,
	according to which headers are included, in order to work around some
	odd mingw problems with close(), and these defines happen to also
	affect field members declared with a name of struct foo.close. As long
	as all headers are included before both the definition and use of the
	struct, the various #define doesn't matter, but the netcf file hit
	an instance where things were included in a different order.  Fix this
	for all clients that use a struct member named 'close'.

	* src/driver.h: Include <unistd.h> before using 'close'.

2012-01-11  Eric Blake  <eblake@redhat.com>

	build: avoid spurious compiler warning
	For some weird reason, i686-pc-mingw32-gcc version 4.6.1 at -O2 complained:
	../../src/conf/nwfilter_params.c: In function 'virNWFilterVarCombIterCreate':
	../../src/conf/nwfilter_params.c:346:23: error: 'minValue' may be used uninitialized in this function [-Werror=uninitialized]
	../../src/conf/nwfilter_params.c:319:28: note: 'minValue' was declared here
	../../src/conf/nwfilter_params.c:344:23: error: 'maxValue' may be used uninitialized in this function [-Werror=uninitialized]
	../../src/conf/nwfilter_params.c:319:18: note: 'maxValue' was declared here
	cc1: all warnings being treated as errors

	even though all paths of the preceding switch statement either
	assign the variables or return.

	* src/conf/nwfilter_params.c (virNWFilterVarCombIterAddVariable):
	Initialize variables.

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation new ways to access members of variables
	This patch adds documentation about the new 'ways' that users can
	access the contents of variables in filters:

	- access via index: $TEST[2]
	- access via iterators $TEST[@1]

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test cases for new ways to access variables in filters
	This patch adds a couple of XML parser / schema validator test cases
	for the new 'ways' to access variables via index or iterator.

	Address side effects of accessing vars via index
	Address side effect of accessing a variable via an index: Filters
	accessing a variable where an element is accessed that is beyond the
	size of the list (for example $TEST[10] and only 2 elements are available)
	cannot instantiate that filter. Test for this and report proper error
	to user.

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add access to elements of variables via index
	This patch adds access to single elements of variables via index. Example:

	  <rule action='accept' direction='in' priority='500'>
	    <tcp srcipaddr='$ADDR[1]' srcportstart='$B[2]'/>
	  </rule>

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Introduce possibility to have an iterator per variable
	This patch introduces the capability to use a different iterator per
	variable.

	The currently supported notation of variables in a filtering rule like

	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A' srcportstart='$B'/>
	  </rule>

	processes the two lists 'A' and 'B' in parallel. This means that A and B
	must have the same number of 'N' elements and that 'N' rules will be
	instantiated (assuming all tuples from A and B are unique).

	In this patch we now introduce the assignment of variables to different
	iterators. Therefore a rule like

	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A[@1]' srcportstart='$B[@2]'/>
	  </rule>

	will now create every combination of elements in A with elements in B since
	A has been assigned to an iterator with Id '1' and B has been assigned to an
	iterator with Id '2', thus processing their value independently.

	The first rule has an equivalent notation of

	  <rule action='accept' direction='out'>
	     <tcp  srcipaddr='$A[@0]' srcportstart='$B[@0]'/>
	  </rule>

2012-01-11  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Optimize the elements the iterator visits.
	In this patch we introduce testing whether the iterator points to a
	unique set of entries that have not been seen before at one of the previous
	iterations. The point is to eliminate duplicates and with that unnecessary
	filtering rules by preventing identical filtering rules from being
	instantiated.
	Example with two lists:

	list1 = [1,2,1]
	list2 = [1,3,1]

	The 1st iteration would take the 1st items of each list -> 1,1
	The 2nd iteration would take the 2nd items of each list -> 2,3
	The 3rd iteration would take the 3rd items of each list -> 1,1 but
	skip them since this same pair has already been encountered in the 1st
	iteration

	Implementation-wise this is solved by taking the n-th element of list1 and
	comparing it against elements 1..n-1. If no equivalent is found, then there
	is no possibility of this being a duplicate. In case an equivalent element
	is found at position i, then the n-th element in the 2nd list is compared
	against the i-th element in the 2nd list and if that is not the same, then
	this is a unique pair, otherwise it is not unique and we may need to do
	the same comparison on the 3rd list.

2012-01-11  Jiri Denemark  <jdenemar@redhat.com>

	apparmor: Mark pid parameter as unused

2012-01-11  Alex Jia  <ajia@redhat.com>

	virsh: improve doMigrate function docs
	When running virsh migrate with --xml option and actual xml file doesn't
	exist, virsh hasn't output any error information, although return value
	is 1.

	* tools/virsh.c: Raising a appropriate error information when operation fails.

	* How to reproduce?
	% virsh migrate <domain> --live qemu+ssh://<target host>/system --xml non-existent.xml
	% echo $?

	* Fixed result:
	error: file 'non-existent.xml' doesn't exist

2012-01-11  Daniel P. Berrange  <berrange@redhat.com>

	Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr
	When sVirt is integrated with the LXC driver, it will be neccessary
	to invoke the security driver APIs using only a virDomainDefPtr
	since the lxc_container.c code has no virDomainObjPtr available.
	Aside from two functions which want obj->pid, every bit of the
	security driver code only touches obj->def. So we don't need to
	pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
	is sufficient. Two functions also gain a 'pid_t pid' argument.

	* src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c,
	  src/security/security_dac.c,
	  src/security/security_driver.h,
	  src/security/security_manager.c,
	  src/security/security_manager.h,
	  src/security/security_nop.c,
	  src/security/security_selinux.c,
	  src/security/security_stack.c: Change all security APIs to use a
	  virDomainDefPtr instead of virDomainObjPtr

2012-01-10  Eric Blake  <eblake@redhat.com>

	snapshot: allow reuse of existing files in disk snapshot
	When disk snapshots were first implemented, libvirt blindly refused
	to allow an external snapshot destination that already exists, since
	qemu will blindly overwrite the contents of that file during the
	snapshot_blkdev monitor command, and we don't like a default of
	data loss by default.  But VDSM has a scenario where NFS permissions
	are intentionally set so that the destination file can only be
	created by the management machine, and not the machine where the
	guest is running, so that libvirt will necessarily see the destination
	file already existing; adding a flag will allow VDSM to force the file
	reuse without libvirt complaining of possible data loss.

	https://bugzilla.redhat.com/show_bug.cgi?id=767104

	* include/libvirt/libvirt.h.in (virDomainSnapshotCreateFlags): Add
	VIR_DOMAIN_SNAPSHOT_CREATE_REUSE_EXT.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.  Add
	note about partial failure.
	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add new
	flag.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateXML): Implement the new flag.

2012-01-10  Eric Blake  <eblake@redhat.com>

	docs: standardize description of flags
	We had loads of different styles in describing the @flags parameter
	for various APIs, as well as several APIs that didn't list which
	enums provided the bit values valid for the flags.

	The end result is one of two formats:
	@flags: bitwise-OR of vir...Flags
	@flags: extra flags; not used yet, so callers should always pass 0

	* src/libvirt.c: Use common sentences for flags.  Also,
	(virDomainGetBlockIoTune): Mention virTypedParameterFlags.
	(virConnectOpenAuth): Mention virConnectFlags.
	(virDomainMigrate, virDomainMigrate2, virDomainMigrateToURI)
	(virDomainMigrateToURI2): Mention virDomainMigrateFlags.
	(virDomainMemoryPeek): Mention virDomainMemoryFlags.
	(virStoragePoolBuild): Mention virStoragePoolBuildFlags.
	(virStoragePoolDelete): Mention virStoragePoolDeleteFlags.
	(virStreamNew): Mention virStreamFlags.
	(virDomainOpenGraphics): Mention virDomainOpenGraphicsFlags.

2012-01-10  Laine Stump  <laine@laine.org>

	qemu: check for kvm availability before starting kvm guests
	This *kind of* addresses:

	  https://bugzilla.redhat.com/show_bug.cgi?id=772395

	(it doesn't eliminate the failure to start, but causes libvirt to give
	a better idea about the cause of the failure).

	If a guest uses a kvm emulator (e.g. /usr/bin/qemu-kvm) and the guest
	is started when kvm isn't available (either because virtualization is
	unavailable / has been disabled in the BIOS, or the kvm modules
	haven't been loaded for some reason), a semi-cryptic error message is
	logged:

	  libvirtError: internal error Child process (LC_ALL=C
	  PATH=/sbin:/usr/sbin:/bin:/usr/bin /usr/bin/qemu-kvm -device ? -device
	  pci-assign,? -device virtio-blk-pci,? -device virtio-net-pci,?) status
	  unexpected: exit status 1

	This patch notices at process start that a guest needs kvm, and checks
	for the presence of /dev/kvm (a reasonable indicator that kvm is
	available) before trying to execute the qemu binary. If kvm isn't
	available, a more useful (too verbose??) error is logged.

2012-01-10  Alex Jia  <ajia@redhat.com>

	qemu: fix a typo on qemuDomainSetBlkioParameters
	It should be a copy-paste error, the result is programming will result in an
	infinite loop again due to without iterating 'j' variable.

	* src/qemu/qemu_driver.c: fix a typo on qemuDomainSetBlkioParameters.

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770520

2012-01-10  Michal Privoznik  <mprivozn@redhat.com>

	Docs: Document Android application using libvirt
	This is actually a patch for VM Manager for Android.

	https://www.redhat.com/archives/libvirt-users/2011-November/msg00076.html

2012-01-09  Jim Fehlig  <jfehlig@suse.com>

	PolicyKit: Check auth before asking client to obtain it
	I previously mentioned [1] a PolicyKit issue where libvirt would
	proceed with authentication even though polkit-auth failed:

	testusr xen134:~> virsh list --all
	Attempting to obtain authorization for org.libvirt.unix.manage.
	polkit-grant-helper: given auth type (8 -> yes) is bogus
	Failed to obtain authorization for org.libvirt.unix.manage.
	 Id Name                 State
	----------------------------------
	  0 Domain-0             running
	  - sles11sp1-pv         shut off

	AFAICT, libvirt attempts to obtain a privilege it already has,
	causing polkit-auth to fail with above message.  Instead of calling
	obtain and then checking auth, IMO the workflow should be for the
	server to check auth first, and if that fails ask the client to
	obtain it and check again.  This workflow also allows for checking
	only successful exit of polkit-auth in virConnectAuthGainPolkit().

	[1] https://www.redhat.com/archives/libvir-list/2011-December/msg00837.html

2012-01-09  Laine Stump  <laine@laine.org>

	qemu: add new disk device='lun' for bus='virtio' & type='block'
	In the past, generic SCSI commands issued from a guest to a virtio
	disk were always passed through to the underlying disk by qemu, and
	the kernel would also pass them on.

	As a result of CVE-2011-4127 (see:
	http://seclists.org/oss-sec/2011/q4/536), qemu now honors its
	scsi=on|off device option for virtio-blk-pci (which enables/disables
	passthrough of generic SCSI commands), and the kernel will only allow
	the commands for physical devices (not for partitions or logical
	volumes). The default behavior of qemu is still to allow sending
	generic SCSI commands to physical disks that are presented to a guest
	as virtio-blk-pci devices, but libvirt prefers to disable those
	commands in the standard virtio block devices, enabling it only when
	specifically requested (hopefully indicating that the requester
	understands what they're asking for). For this purpose, a new libvirt
	disk device type (device='lun') has been created.

	device='lun' is identical to the default device='disk', except that:

	1) It is only allowed if bus='virtio', type='block', and the qemu
	   version is "new enough" to support it ("new enough" == qemu 0.11 or
	   better), otherwise the domain will fail to start and a
	   CONFIG_UNSUPPORTED error will be logged).

	2) The option "scsi=on" will be added to the -device arg to allow
	   SG_IO commands (if device !='lun', "scsi=off" will be added to the
	   -device arg so that SG_IO commands are specifically forbidden).

	Guests which continue to use disk device='disk' (the default) will no
	longer be able to use SG_IO commands on the disk; those that have
	their disk device changed to device='lun' will still be able to use SG_IO
	commands.

	*docs/formatdomain.html.in - document the new device attribute value.
	*docs/schemas/domaincommon.rng - allow it in the RNG
	*tests/* - update the args of several existing tests to add scsi=off, and
	 add one new test that will test scsi=on.
	*src/conf/domain_conf.c - update domain XML parser and formatter

	*src/qemu/qemu_(command|driver|hotplug).c - treat
	 VIR_DOMAIN_DISK_DEVICE_LUN *almost* identically to
	 VIR_DOMAIN_DISK_DEVICE_DISK, except as indicated above.

	Note that no support for this new device value was added to any
	hypervisor drivers other than qemu, because it's unclear what it might
	mean (if anything) to those drivers.

2012-01-09  Laine Stump  <laine@laine.org>

	qemu: add capabilities flags related to SG_IO
	This patch adds two capabilities flags to deal with various aspects
	of supporting SG_IO commands on virtio-blk-pci devices:

	  QEMU_CAPS_VIRTIO_BLK_SCSI
	    set if -device virtio-blk-pci accepts the scsi="on|off" option
	    When present, this is on by default, but can be set to off to disable
	    SG_IO functions.

	  QEMU_CAPS_VIRTIO_BLK_SG_IO
	    set if SG_IO commands are supported in the virtio-blk-pci driver
	    (present since qemu 0.11 according to a qemu developer, if I
	     understood correctly)

2012-01-08  Laine Stump  <laine@laine.org>

	config: report error when script given for inappropriate interface type
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=638633

	Although scripts are not used by interfaces of type other than
	"ethernet" in qemu, due to the fact that the parser stores the script
	name in a union that is only valid when type is ethernet or bridge,
	there is no way for anyone except the parser itself to catch the
	problem of specifying an interface script for an inappropriate
	interface type (by the time the parsed data gets back to the code that
	called the parser, all evidence that a script was specified is
	forgotten).

	Since the parser itself should be agnostic to which type of interface
	allows scripts (an example of why: a script specified for an interface
	of type bridge is valid for xen domains, but not for qemu domains),
	the solution here is to move the script out of the union(s) in the
	DomainNetDef, always populate it when specified (regardless of
	interface type), and let the driver decide whether or not it is
	appropriate.

	Currently the qemu, xen, libxml, and uml drivers recognize the script
	parameter and do something with it (the uml driver only to report that
	it isn't supported). Those drivers have been updated to log a
	CONFIG_UNSUPPORTED error when a script is specified for an interface
	type that's inappropriate for that particular hypervisor.

	(NB: There was earlier discussion of solving this problem by adding a
	VALIDATE flag to all libvirt APIs that accept XML, which would cause
	the XML to be validated against the RNG files. One statement during
	that discussion was that the RNG shouldn't contain hypervisor-specific
	things, though, and a proper solution to this problem would require
	that (again, because a script for an interface of type "bridge" is
	accepted by xen, but not by qemu).

2012-01-07  Eric Blake  <eblake@redhat.com>

	qemu: one more client to live/config helper
	Commit ae523427 missed one pair of functions that could use
	the helper routine.

	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Simplify.

2012-01-07  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.9
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: updated localizations from transifex and regenerated

2012-01-07  Eric Blake  <eblake@redhat.com>

	tests: work around pdwtags 1.9 failure
	On rawhide, gcc is new enough to output new DWARF information that
	pdwtags has not yet learned, but the resulting 'make check' output
	was rather confusing:

	$ make -C src check
	...
	  GEN    virkeepaliveprotocol-structs
	die__process_function: DW_TAG_INVALID (0x4109) @ <0x58c> not handled!
	WARNING: your pdwtags program is too old
	WARNING: skipping the virkeepaliveprotocol-structs test
	WARNING: install dwarves-1.3 or newer
	...
	$ pdwtags --version
	v1.9

	I've filed the pdwtags deficiency as
	https://bugzilla.redhat.com/show_bug.cgi?id=772358

	* src/Makefile.am (PDWTAGS): Don't leave -t file behind on version
	mismatch.  Soften warning message, since 1.9 is newer than 1.3.
	Don't leak stderr from broken version.

2012-01-07  Eric Blake  <eblake@redhat.com>

	build: fix mingw virCommand build
	Commit db371a2 mistakenly added new functions inside a #ifndef WIN32
	guard, even though they are needed on all platforms.

	* src/util/command.c (virCommandFDSet): Move outside WIN32
	conditional.

2012-01-06  Eric Blake  <eblake@redhat.com>

	tests: avoid test failure on rawhide gnutls
	I hit a VERY weird testsuite failure on rawhide, which included
	_binary_ output to stderr, followed by a hang waiting for me
	to type something! (Here, using ^@ for NUL):

	$ ./commandtest
	TEST: commandtest
	      WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	WARNING: gnome-keyring:: couldn't send data: Bad file descriptor
	.8^@^@^@8^@^@^@^A^@^@^@^Bay^A^@^@^@)PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1

	I finally traced it to the fact that gnome-keyring, called via
	gnutls_global_init which is turn called by virNetTLSInit, opens
	an internal fd that it expects to communicate to via a
	pthread_atfork handler (never mind that it violates POSIX by
	using non-async-signal-safe functions in that handler:
	https://bugzilla.redhat.com/show_bug.cgi?id=772320).

	Our problem stems from the fact that we pulled the rug out from
	under the library's expectations by closing an fd that it had
	just opened.  While we aren't responsible for fixing the bugs
	in that pthread_atfork handler, we can at least avoid the bugs
	by not closing the fd in the first place.

	* tests/commandtest.c (mymain): Avoid closing fds that were opened
	by virInitialize.

2012-01-06  Alex Jia  <ajia@redhat.com>

	qemu: Avoid memory leaks on qemuParseRBDString
	Detected by valgrind. Leak introduced in commit 5745dc1.

	* src/qemu/qemu_command.c: fix memory leak on failure and successful path.

	* How to reproduce?
	% valgrind -v --leak-check=full ./qemuargv2xmltest

	* Actual result:

	==2196== 80 bytes in 1 blocks are definitely lost in loss record 3 of 4
	==2196==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==2196==    by 0x39CF07F6E1: strdup (in /lib64/libc-2.12.so)
	==2196==    by 0x419823: qemuParseRBDString (qemu_command.c:1657)
	==2196==    by 0x4221ED: qemuParseCommandLine (qemu_command.c:5934)
	==2196==    by 0x422AFB: qemuParseCommandLineString (qemu_command.c:7561)
	==2196==    by 0x416864: testCompareXMLToArgvHelper (qemuargv2xmltest.c:48)
	==2196==    by 0x417DB1: virtTestRun (testutils.c:141)
	==2196==    by 0x415CAF: mymain (qemuargv2xmltest.c:175)
	==2196==    by 0x4174A7: virtTestMain (testutils.c:696)
	==2196==    by 0x39CF01ECDC: (below main) (in /lib64/libc-2.12.so)
	==2196==
	==2196== LEAK SUMMARY:
	==2196==    definitely lost: 80 bytes in 1 blocks

2012-01-05  Eric Blake  <eblake@redhat.com>

	build: drop check for ANSI compiler
	Using automake.git (will become 1.12 someday), I got this error:

	configure.ac:90: error: automatic de-ANSI-fication support has been removed
	/usr/local/share/aclocal-1.11a/protos.m4:13: AM_C_PROTOTYPES is expanded from...
	configure.ac:90: the top level
	autom4te: /usr/bin/m4 failed with exit status: 1

	In short, pre-C89 compilers are no longer a viable portability
	target.  Besides, our code base already requires C99, so worrying
	about pre-C89 seems pointless.

	* configure.ac (AM_C_PROTOTYPES): Drop, since newer automake no
	longer provides it.

2012-01-05  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fix a bug in numatune
	When setting numa nodeset for a domain which has no nodeset set
	before, libvirtd crashes by dereferencing the pointer to the old
	nodemask which is null in that case.

2012-01-05  Eric Blake  <eblake@redhat.com>

	qemu: fix use-after-free regression
	Commit baade4d fixed a memory leak on failure, but in the process,
	introduced a use-after-free on success, which can be triggered with:

	1. set bandwidth with --live
	2. query bandwidth
	3. set bandwidth with --live

	* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
	free newBandwidth on success.
	Reported by Hu Tao.

2012-01-05  Eric Blake  <eblake@redhat.com>

	seclabel: fix regression in libvirtd restart
	Commit b434329 has a logic bug: seclabel overrides don't set
	def->type, but the default value is 0 (aka static).  Restarting
	libvirtd would thus reject the XML for any domain with an
	override of <seclabel relabel='no'/> (which happens quite
	easily if a disk image lives on NFS), with a message:

	2012-01-04 22:29:40.949+0000: 6769: error : virSecurityLabelDefParseXMLHelper:2593 : XML error: security label is missing

	Fix the logic to never read from an override's def->type, and
	to allow a missing <label> subelement when relabel is no.  There's
	a lot of stupid double-negatives in the code (!norelabel) because
	of the way that we want the zero-initialized defaults to behave.

	* src/conf/domain_conf.c (virSecurityLabelDefParseXMLHelper): Use
	type field from correct location.

2012-01-05  Michal Privoznik  <mprivozn@redhat.com>

	command: Discard FD_SETSIZE limit for opened files
	Currently, virCommand implementation uses FD_ macros from
	sys/select.h. However, those cannot handle more opened files
	than FD_SETSIZE. Therefore switch to generalized implementation
	based on array of integers.

2012-01-04  Jim Fehlig  <jfehlig@suse.com>

	Support Xen domctl v8
	xen-unstable c/s 23874:651aed73b39c added another member to
	xen_domctl_getdomaininfo struct and bumped domctl version to 8.
	Add a corresponding domctl v8 struct in xen hypervisor sub-driver
	and detect domctl v8 during initialization.

	Fix xenstore serial console path for HVM guests
	The console path in xenstore is /local/domain/<id>/console/tty
	for PV guests (PV console) and /local/domain/<id>/serial/0/tty
	(serial console) for HVM guests.  Similar to Xen's in-tree console
	client, read the correct path for PV vs HVM.

2012-01-04  Jiri Denemark  <jdenemar@redhat.com>

	schemas: Allow '.' in CPU feature name
	We already support CPU features with '.' in their name (e.g., sse4.1) so
	we should not forbid that in the schema.

2012-01-04  Michal Privoznik  <mprivozn@redhat.com>

	virCommand: Properly handle POLLHUP
	It is a good practise to set revents to zero before doing any poll().
	Moreover, we should check if event we waited for really occurred or
	if any of fds we were polling on didn't encountered hangup.

2012-01-04  Yuri Chornoivan  <yurchor@ukr.net>

	Fix typos in messages.
	https://bugzilla.redhat.com/show_bug.cgi?id=770954

2012-01-03  Jiri Denemark  <jdenemar@redhat.com>

	virCPUDefCopy forgot to copy NUMA topology
	As a result of it, guest NUMA topology would be lost during migration.

2012-01-03  Eric Blake  <eblake@redhat.com>

	qemu: fix block stat naming
	Typo has existed since API introduction in commit ee0d8c3.

	* src/qemu/qemu_driver.c (qemuDomainBlockStatsFlags): Use correct
	name.

2012-01-02  Eric Blake  <eblake@redhat.com>

	domiftune: clean up previous patches
	Most severe here is a latent (but currently untriggered) memory leak
	if any hypervisor ever adds a string interface property; the
	remainder are mainly cosmetic.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_BANDWIDTH_*): Move
	macros closer to interface that uses them, and document type.
	* src/libvirt.c (virDomainSetInterfaceParameters)
	(virDomainGetInterfaceParameters): Formatting tweaks.
	* daemon/remote.c (remoteDispatchDomainGetInterfaceParameters):
	Avoid memory leak.
	* src/libvirt_public.syms (LIBVIRT_0.9.9): Sort lines.
	* src/libvirt_private.syms (domain_conf.h): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Fix
	comments, break long lines.

2012-01-02  Peter Krempa  <pkrempa@redhat.com>

	virsh: Fix checking for reconnect conditions
	virshReportError() function frees the most recent error reported from
	libvirt. Condition that checks if connection to the daemon was broken
	during last command was then limited to check for SIGPIPE signal not
	taking into account possible errors signalized without SIGPIPE.

	This patch moves the check before the error is freed, to take into
	account code that does not emit SIGPIPE while failing.

	* tools/virsh.c: - move check for broken connection before error print.

2012-01-02  Peter Krempa  <pkrempa@redhat.com>

	network_conf: Fix whitespace to pass syntax-check

2012-01-02  Michal Novotny  <minovotn@redhat.com>

	Implement DNS SRV record into the bridge driver
	Hi,
	this is the fifth version of my SRV record for DNSMasq patch rebased
	for the current codebase to the bridge driver and libvirt XML file to
	include support for the SRV records in the DNS. The syntax is based on
	DNSMasq man page and tests for both xml2xml and xml2argv were added as
	well. There are some things written a better way in comparison with
	version 4, mainly there's no hack in tests/networkxml2argvtest.c and
	also the xPath context is changed to use a simpler query using the
	virXPathInt() function relative to the current node.

	Also, the patch is also fixing the networkxml2argv test to pass both
	checks, i.e. both unit tests and also syntax check.

	Please review,
	Michal

2012-01-01  Alex Jia  <ajia@redhat.com>

	qemu: Fix bandwidth memory leak on failure
	Detected by Coverity. Leaks introduced in commit e8d6b29.

2012-01-01  Eric Blake  <eblake@redhat.com>

	qemu: fix blkio memory leak on failure
	Leak detected by Coverity, and introduced in commit 93ab585.
	Reported by Alex Jia.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Free
	devices array on error.

2011-12-31  Eric Blake  <eblake@redhat.com>

	docs: re-fix stray /
	Commit 6cb4acc reintroduced the bug fixed in commit d145fe3.

	* docs/formatdomain.html.in (elementsDisks): Fix again.

2011-12-30  Daniel Veillard  <veillard@redhat.com>

	Fix build on s390(x) and other stange arches
	The blocks to extract node information on a per-arch
	basis wasn't well balanced leading to a compilation
	failure if not on one of the handled arches (PCs and PPCs)

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: honor device override in selinux
	This wires up the XML changes in the previous patch to let SELinux
	labeling honor user overrides, as well as affecting the live XML
	configuration in one case where the user didn't specify anything
	in the offline XML.

	I noticed that the logs contained messages like this:

	2011-12-05 23:32:40.382+0000: 26569: warning : SELinuxRestoreSecurityFileLabel:533 : cannot lookup default selinux label for /nfs/libvirt/images/dom.img

	for all my domain images living on NFS.  But if we would just remember
	that on domain creation that we were unable to set a SELinux label (due to
	NFSv3 lacking labels, or NFSv4 not being configured to expose attributes),
	then we could avoid wasting the time trying to clear the label on
	domain shutdown.  This in turn is one less point of NFS failure,
	especially since there have been documented cases of virDomainDestroy
	hanging during an attempted operation on a failed NFS connection.

	* src/security/security_selinux.c (SELinuxSetFilecon): Move guts...
	(SELinuxSetFileconHelper): ...to new function.
	(SELinuxSetFileconOptional): New function.
	(SELinuxSetSecurityFileLabel): Honor override label, and remember
	if labeling failed.
	(SELinuxRestoreSecurityImageLabelInt): Skip relabeling based on
	override.

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: allow a seclabel override on a disk src
	Implement the parsing and formatting of the XML addition of
	the previous commit.  The new XML doesn't affect qemu command
	line, so we can now test round-trip XML->memory->XML handling.

	I chose to reuse the existing structure, even though per-device
	override doesn't use all of those fields, rather than create a
	new structure, in order to reuse more code.

	* src/conf/domain_conf.h (_virDomainDiskDef): Add seclabel member.
	* src/conf/domain_conf.c (virDomainDiskDefFree): Free it.
	(virSecurityLabelDefFree): New function.
	(virDomainDiskDefFormat): Print it.
	(virSecurityLabelDefFormat): Reduce output if model not present.
	(virDomainDiskDefParseXML): Alter signature, and parse seclabel.
	(virSecurityLabelDefParseXML): Split...
	(virSecurityLabelDefParseXMLHelper): ...into new helper.
	(virDomainDeviceDefParse, virDomainDefParseXML): Update callers.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args:
	New file.
	* tests/qemuxml2xmltest.c (mymain): Enhance test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: extend XML to allow per-disk label overrides
	When doing security relabeling, there are cases where a per-file
	override might be appropriate.  For example, with a static label
	and relabeling, it might be appropriate to skip relabeling on a
	particular disk, where the backing file lives on NFS that lacks
	the ability to track labeling.  Or with dynamic labeling, it might
	be appropriate to use a custom (non-dynamic) label for a disk
	specifically intended to be shared across domains.

	The new XML resembles the top-level <seclabel>, but with fewer
	options (basically relabel='no', or <label>text</label>):

	<domain ...>
	  ...
	  <devices>
	    <disk type='file' device='disk'>
	      <source file='/path/to/image1'>
	        <seclabel relabel='no'/> <!-- override for just this disk -->
	      </source>
	      ...
	    </disk>
	    <disk type='file' device='disk'>
	      <source file='/path/to/image1'>
	        <seclabel relabel='yes'> <!-- override for just this disk -->
	          <label>system_u:object_r:shared_content_t:s0</label>
	        </seclabel>
	      </source>
	      ...
	    </disk>
	    ...
	  </devices>
	  <seclabel type='dynamic' model='selinux'>
	    <baselabel>text</baselabel> <!-- used for all devices without override -->
	  </seclabel>
	</domain>

	This patch only introduces the XML and documentation; future patches
	will actually parse and make use of it.  The intent is that we can
	further extend things as needed, adding a per-device <seclabel> in
	more places (such as the source of a console device), and possibly
	allowing a <baselabel> instead of <label> for labeling where we want
	to reuse the cNNN,cNNN pair of a dynamically labeled domain but a
	different base label.

	First suggested by Daniel P. Berrange here:
	https://www.redhat.com/archives/libvir-list/2011-December/msg00258.html

	* docs/schemas/domaincommon.rng (devSeclabel): New define.
	(disk): Use it.
	* docs/formatdomain.html.in (elementsDisks, seclabel): Document
	the new XML.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.xml:
	New test, to validate RNG.

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: move seclabel stuff earlier
	Pure code motion; no semantic change.

	* src/conf/domain_conf.h (virDomainSeclabelType)
	(virSecurityLabelDefPtr): Declare earlier.
	* src/conf/domain_conf.c (virSecurityLabelDefClear)
	(virSecurityLabelDefParseXML): Move earlier.
	(virDomainDefParseXML): Move seclabel parsing earlier.

2011-12-30  Eric Blake  <eblake@redhat.com>

	seclabel: refactor existing domain_conf usage
	A future patch will parse and output <seclabel> in more than one
	location in a <domain> xml; make it easier to reuse code.

	* src/conf/domain_conf.c (virSecurityLabelDefFree): Rename...
	(virSecurityLabelDefClear): ...and make static.
	(virSecurityLabelDefParseXML): Alter signature.
	(virDomainDefParseXML, virDomainDefFree): Adjust callers.
	(virDomainDefFormatInternal): Split output...
	(virSecurityLabelDefFormat): ...into new helper.

2011-12-30  Eric Blake  <eblake@redhat.com>

	schema: rewrite seclabel rng to match code
	The RNG for <seclabel> was too strict - if it was present, then it
	had to have sub-elements, even if those didn't make sense for the
	given attributes.  Also, we didn't have any tests of <seclabel>
	parsing or XML output.

	In this patch, I added more parsing tests than output tests (since
	the output populates and/or reorders fields not present in certain
	inputs).  Making the RNG reliable is a precursor to using <seclabel>
	variants in more places in the XML in later patches.

	See also:
	http://berrange.com/posts/2011/09/29/two-small-improvements-to-svirt-guest-configuration-flexibility-with-kvmlibvirt/

	* docs/schemas/domaincommon.rng (seclabel): Tighten rules.
	* tests/qemuxml2argvtest.c (mymain): New tests.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-seclabel-*.*: New files.

2011-12-29  Daniel Veillard  <veillard@redhat.com>

	Require avahi as an rpm dependancy
	As seen in https://bugzilla.redhat.com/show_bug.cgi?id=746111

	If compiled with the daemon and avahi support, then it's better
	to require avahi at the rpm level to avoid daemon startup errors.

2011-12-29  Hu Tao  <hutao@cn.fujitsu.com>

	domiftune: Enable the virDomain{S,G}etInterfaceParameters in virsh
	Add a new command domiftune to get/set interface parameters.

	* tools/virsh.c: implement the new command
	* tools/virsh.pod: documentation of the new command

2011-12-29  Hu Tao  <hutao@cn.fujitsu.com>

	domiftune: Add virDomain{S,G}etInterfaceParameters support to qemu driver
	* src/qemu/qemu_driver.c: implement the qemu driver support

	domiftune: Add a util function virDomainNetFind
	Add a util function virDomainNetFind to find a domain's net def.

	domiftune: Add support of new APIs to the remote driver
	* daemon/remote.c: implement the server side support
	* src/remote/remote_driver.c: implement the client side support
	* src/remote/remote_protocol.x: definitions for the new entry points
	* src/remote_protocol-structs: structure definitions

	domiftune: virDomain{S,G}etInterfaceParameters: the main entry points
	* src/libvirt.c: implement the main entry points

2011-12-29  Hu Tao  <hutao@cn.fujitsu.com>

	domiftune: Add API virDomain{S,G}etInterfaceParameters
	The APIs are used to set/get domain's network interface's parameters.
	Currently supported parameters are bandwidth settings.

	* include/libvirt/libvirt.h.in: new API and parameters definition
	* python/generator.py: skip the Python API generation
	* src/driver.h: add new entry to the driver structure
	* src/libvirt_public.syms: export symbols

2011-12-29  Daniel Veillard  <veillard@redhat.com>

	remove a static limit on max domains in python bindings
	* python/libvirt-override.c: remove the predefined array in the
	  virConnectListDomainsID binding and call virConnectNumOfDomains
	  to do a proper allocation

2011-12-29  Alex Jia  <ajia@redhat.com>

	python: Fix problems of virDomain{Set, Get}BlockIoTune bindings
	The parameter 'params' is useless for virDomainGetBlockIoTune API,
	and the return value type should be a virTypedParameterPtr but not
	integer. And "PyArg_ParseTuple" in functions
	libvirt_virDomain{Set,Get}BlockIoTune misses format unit for "format"
	argument.

	* libvirt-override-api.xml: Remove useless the parameter 'params'
	from virDomainGetBlockIoTune API, and change return value type from
	integer to virTypedParameterPtr.

	* python/libvirt-override.c: Add the missed format units.

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=770683

2011-12-28  Eric Blake  <eblake@redhat.com>

	qemu: fix inf-loop in blkio parameters
	https://bugzilla.redhat.com/show_bug.cgi?id=770520

	We had two nested loops both trying to use 'i' as the iteration
	variable, which can result in an infinite loop when the inner
	loop interferes with the outer loop.  Introduced in commit 93ab585.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Don't
	reuse iteration variable across two loops.

2011-12-28  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: move version command to host group
	Trivial patch, move version command to host commands group.

	It has no any related with any domain.

	It may connect to the daemon, so the flag is 0 but not VSH_CMD_FLAG_NOCONNECT.

2011-12-28  Eric Blake  <eblake@redhat.com>

	daemon: clean up daemonization
	Valgrind detected a pipe fd leak before the parent exits on success,
	introduced in commit 4296cea; by itself, the leak is not bad, since
	we immediately called _exit(), but we might as well be clean to make
	valgrind analysis easier.  Meanwhile, if the daemon grandchild detects
	an error, the parent failed to flush the error message before exiting.
	Also, we had the possibility of both parent and child returning to the
	caller, such that the user could see duplicated reports of failure
	from the two return paths.  And we might as well be robust to the
	(unlikely) situation of being started with stdin closed.

	* daemon/libvirtd.c (daemonForkIntoBackground): Use exit if an
	error message was generated, avoid fd leaks for valgrind's sake,
	avoid returning to caller in both parent and child, and don't
	close a just-dup'd stdin.
	Based on a report by Alex Jia.

	* How to reproduce?
	  % service libvirtd stop
	  % valgrind -v --track-fds=yes /usr/sbin/libvirtd --daemon

	* Actual valgrind result:

	==16804== FILE DESCRIPTORS: 7 open at exit.
	==16804== Open file descriptor 7:
	==16804==    at 0x321FAD8B87: pipe (in /lib64/libc-2.12.so)
	==16804==    by 0x41F34D: daemonForkIntoBackground (libvirtd.c:186)
	==16804==    by 0x4207A0: main (libvirtd.c:1420)

2011-12-26  Satoru SATOH  <satoru.satoh@gmail.com>

	docs: Move 'echo' command description into the generic commands section
	Virsh's echo command looks not having any relations with domains and its
	description should go into the generic commands section instead of the
	domain commands section (current).

	docs: Move 'send-key' command description into the domain commands section
	Virsh's send-key command manipulates domains and its description should
	go into the domain commands section instead of generic commands section
	(current).

2011-12-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Keep list of USB devices attached to domains
	In order to avoid situation where a USB device is
	in use by two domains, we must keep a list of already
	attached devices like we do for PCI.

2011-12-23  Eric Blake  <eblake@redhat.com>

	docs: remove stray /
	Commit e5a84d74 added a new attribute in the wrong location;
	commit c8b9fa74 fixed the missing / at the end but not the extra
	/ in the middle.

	* docs/formatdomain.html.in (elementsDisks): Fix another typo.

2011-12-22  Eric Blake  <eblake@redhat.com>

	docs: fix missing / in xml examples
	* docs/formatdomain.html.in: Fix typos in examples.

2011-12-22  Eric Blake  <eblake@redhat.com>

	tests: fix schema checks sorting
	Commit 6fdbce12 attempted to sort the list of tests, but failed
	(without quotes, echo merges all the tests into a single line,
	so there was nothing to sort).

	* tests/schematestutils.sh: Fix thinko in previous patch.

2011-12-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Support for overriding NOFILE limit
	This patch adds max_files option to qemu.conf which can be used to
	override system default limit on number of opened files that are
	allowed for qemu user.

	virsh: Use vshWatchJob in cmdManagedSave
	This patch alters saving code, so we can report progress
	and allow cancel via ^C.

	virsh: Use vshWatchJob in cmdSave
	This patch alters saving code, so we can report progress
	and allow cancel via ^C.

	virsh: Use vshWatchJob in cmdDump
	This patch alters dumping code, so we can report progress
	and allow cancel via ^C.

	virsh: Move job watch code to a separate function
	called vshWatchJob. This can be later used in other
	job oriented commands like dump, save, managedsave
	to report progress and allow user to cancel via ^C.

	qemuhelptest: Add new qemuCap flag
	Latest patch a1a83c587443 introduces new qemu capability flag
	QEMU_CAPS_FSDEV_READONLY. However, it was missing in qemuhelptest
	making test for qemu-1.0 fail.

2011-12-22  Osier Yang  <jyang@redhat.com>

	qemu: Support readonly filesystem passthrough
	Upstream QEMU starts to support it from commit 2c74c2cb.

2011-12-21  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: Do not require DHCP requests to be broadcasted
	Remove the requirement that DHCP messages have to be broadcasted.
	DHCP requests are most often sent via broadcast but can be directed
	towards a specific DHCP server. For example 'dhclient' takes '-s <server>'
	as a command line parameter thus allowing DHCP requests to be sent to a
	specific DHCP server.

2011-12-21  Osier Yang  <jyang@redhat.com>

	qemu: Release the lock on domobj if fails on finding the disk path

2011-12-21  Eric Blake  <eblake@redhat.com>

	tests: run schema checks in sorted order
	Having a test that depends on file system timestamps and/or inode
	allocation order gives non-deterministic output.

	* tests/schematestutils.sh: Run test in deterministic order.

2011-12-21  Michael Ellerman  <michael@ellerman.id.au>

	tests: Add fake PPC64 emulator for QEMU testing
	Create a fake PPC64 QEMU so that we can run PPC64 QEMU tests when we
	don't have a real version of the emulator available.

2011-12-21  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Add spapr-vio address assignment
	Add logic to assign addresses for devices with spapr-vio addresses.

	We also do validation of addresses specified by the user, ie. ensuring
	that there are not duplicate addresses on the bus.

2011-12-21  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	Add New address type spapr-vio to domain.rng
	Original patch by Bharata. Updated to use {1,16} in spaprvioReg based
	on example from Eric Blake.

2011-12-20  Michael Ellerman  <michael@ellerman.id.au>

	Add address type for SPAPR VIO devices
	For QEMU PPC64 we have a machine type ("pseries") which has a virtual
	bus called "spapr-vio". We need to be able to create devices on this
	bus, and as such need a way to specify the address for those devices.

	This patch adds a new address type "spapr-vio", which achieves this.

	The addressing is specified with a "reg" property in the address
	definition. The reg is optional, if it is not specified QEMU will
	auto-assign an address for the device.

2011-12-20  Alex Jia  <ajia@redhat.com>

	docs: improve virsh domxml-*-native command docs
	* tools/virsh.pod: improve virsh man page for domxml-from-native and
	domxml-to-native commands.

2011-12-20  Alex Jia  <ajia@redhat.com>

	virsh: plug mem leaks in domxml-*-native
	Detected by valgrind. Leaks introduced in commit 4d5383f.

	* tools/virsh.c: fix memory leaks on cmdDomXMLFromNative and cmdDomXMLToNative.

	* how to reproduce?

	  % virsh dumpxml ${guest} > foo.xml
	  % valgrind -v --leak-check=full virsh domxml-from-native qemu-argv foo.xml
	  % valgrind -v --leak-check=full virsh domxml-to-native qemu-argv foo.xml

	* actual valgrind results:

	==9724== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
	==9724==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==9724==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==9724==    by 0x4C7510B: virReallocN (memory.c:161)
	==9724==    by 0x4C84679: virFileReadLimFD (util.c:394)
	==9724==    by 0x4C84815: virFileReadAll (util.c:455)
	==9724==    by 0x41A89F: cmdDomXMLFromNative (virsh.c:5532)
	==9724==    by 0x414872: vshCommandRun (virsh.c:16464)
	==9724==    by 0x425623: main (virsh.c:17971)
	==9724==
	==9724== LEAK SUMMARY:
	==9724==    definitely lost: 8,193 bytes in 1 blocks
	==9724==    indirectly lost: 0 bytes in 0 blocks
	==9724==      possibly lost: 0 bytes in 0 blocks
	==9724==    still reachable: 127,128 bytes in 1,347 blocks

	==7409== 8,193 bytes in 1 blocks are definitely lost in loss record 31 of 33
	==7409==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==7409==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==7409==    by 0x4C7510B: virReallocN (memory.c:161)
	==7409==    by 0x4C84679: virFileReadLimFD (util.c:394)
	==7409==    by 0x4C84815: virFileReadAll (util.c:455)
	==7409==    by 0x41A7AF: cmdDomXMLToNative (virsh.c:5578)
	==7409==    by 0x414892: vshCommandRun (virsh.c:16463)
	==7409==    by 0x425633: main (virsh.c:17970)
	==7409==
	==7409== LEAK SUMMARY:
	==7409==    definitely lost: 8,193 bytes in 1 blocks
	==7409==    indirectly lost: 0 bytes in 0 blocks
	==7409==      possibly lost: 0 bytes in 0 blocks
	==7409==    still reachable: 127,128 bytes in 1,347 blocks

2011-12-20  Alex Jia  <ajia@redhat.com>

	console: plug memory leaks
	Using 'virReallocN' to allocate memory on virConsoleEventOnStdin,
	virConsoleEventOnStdout and virConsoleEventOnStream, however, the
	cleanup function virConsoleShutdown hasn't released these memory.

	* tools/console.c: fix memory leaks on virConsoleShutdown.

	https://bugzilla.redhat.com/show_bug.cgi?id=767488

2011-12-20  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Add a capability flag for -no-acpi
	Currently non-x86 guests must have <acpi/> defined in <features> to
	prevent libvirt from running qemu with -no-acpi. Although it works, it
	is a hack.

	Instead add a capability flag which indicates whether qemu understands
	the -no-acpi option. Use it to control whether libvirt emits -no-acpi.

	Current versions of qemu always display -no-acpi in their help output,
	so this patch has no effect. However the development version of qemu
	has been modified such that -no-acpi is only displayed when it is
	actually supported.

2011-12-20  Hu Tao  <hutao@cn.fujitsu.com>

	add new command numatune to virsh
	add new command numatune to virsh to get/set numa parameters

	Implement virDomain{G, S}etNumaParameters for the qemu driver

	Add virDomain{G, S}etNumaParameters support to the remote driver

	add new API virDomain{G, S}etNumaParameters
	Set up the types for the numa functions and insert them into the
	virDriver structure definition.

	use cpuset to manage numa
	This patch also sets cgroup cpuset parameters for numatune.

	Add functions to set/get cgroup cpuset parameters

2011-12-20  Eric Blake  <eblake@redhat.com>

	rpc: handle param_int, plug memory leaks
	The RPC code had several latent memory leaks and an attempt to
	free the wrong string, but thankfully nothing triggered them
	(blkiotune was the only one returning a string, and always as
	the last parameter).  Also, our cleanups for rpcgen ended up
	nuking a line of code that renders VIR_TYPED_PARAM_INT broken,
	because it was the only use of 'i' in a function, even though
	it was a member usage rather than a standalone declaration.

	* daemon/remote.c (remoteSerializeTypedParameters): Free the
	correct array element.
	(remoteDispatchDomainGetSchedulerParameters)
	(remoteDispatchDomainGetSchedulerParametersFlags)
	(remoteDispatchDomainBlockStatsFlags)
	(remoteDispatchDomainGetMemoryParameters): Don't leak strings.
	* src/rpc/genprotocol.pl: Don't nuke member-usage of 'buf' or 'i'.

2011-12-20  Eric Blake  <eblake@redhat.com>

	virsh: simplify printing of typed parameters
	No need to repeat code for formatting typed parameters.

	* tools/virsh.c (vshGetTypedParamValue): Support strings, and exit
	on OOM.
	(cmdSchedinfo, cmdBlkiotune, cmdMemtune, cmdBlkdeviotune): Use
	it for less code.

2011-12-19  Eric Blake  <eblake@redhat.com>

	docs: document <qemu:commandline> xml
	Even though we technically don't support <qemu:commandline> (as in,
	if you mis-use things, you get to keep the pieces), we should at
	least document how to use it.

	[See also http://berrange.com/posts/2011/12/19/using-command-line-arg-monitor-command-passthrough-with-libvirt-and-kvm/]

	* docs/drvqemu.html.in (qemucommand): New section.

2011-12-19  Alex Jia  <ajia@redhat.com>

	python: plug memory leak on libvirt_virConnectOpenAuth
	* Detected by valgrind. Leak introduced in commit 5ab109f.

	* python/libvirt-override.c: avoid memory leak on libvirt_virConnectOpenAuth.

	* How to reproduce?

	  % valgrind -v --leak-check=full virt-clone --print-xml
	  Note: it can hit the issue although options are incomplete.

	* Actual valgrind result:

	==1801== 12 bytes in 1 blocks are definitely lost in loss record 25 of 3,270
	==1801==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==1801==    by 0xCF1F60E: libvirt_virConnectOpenAuth (libvirt-override.c:1507)
	==1801==    by 0x3AFEEDE7F3: PyEval_EvalFrameEx (ceval.c:3794)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEDF99E: PyEval_EvalFrameEx (ceval.c:3880)
	==1801==    by 0x3AFEEE0466: PyEval_EvalCodeEx (ceval.c:3044)
	==1801==    by 0x3AFEEE0541: PyEval_EvalCode (ceval.c:545)
	==1801==    by 0x3AFEEFB88B: run_mod (pythonrun.c:1351)
	==1801==    by 0x3AFEEFB95F: PyRun_FileExFlags (pythonrun.c:1337)
	==1801==    by 0x3AFEEFCE4B: PyRun_SimpleFileExFlags (pythonrun.c:941)

2011-12-19  Christophe Fergeau  <cfergeau@redhat.com>

	Fix typo in storage pool documentation
	Remove 2 words that shouldn't be here.

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Disable python explicitly in mingw32 autobuild

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Only add the timer when a callback is registered
	The lifetime of the virDomainEventState object is tied to
	the lifetime of the driver, which in stateless drivers is
	tied to the lifetime of the virConnectPtr.

	If we add & remove a timer when allocating/freeing the
	virDomainEventState object, we can get a situation where
	the timer still triggers once after virDomainEventState
	has been freed. The timeout callback can't keep a ref
	on the event state though, since that would be a circular
	reference.

	The trick is to only register the timer when a callback
	is registered with the event state & remove the timer
	when the callback is unregistered.

	The demo for the bug is to run

	  while true ; do date ; ../tools/virsh -q -c test:///default 'shutdown test; undefine test; dominfo test' ; done

	prior to this fix, it will frequently hang and / or
	crash, or corrupt memory

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Hide use of timers for domain event dispatch
	Currently all drivers using domain events need to provide a callback
	for handling a timer to dispatch events in a clean stack. There is
	no technical reason for dispatch to go via driver specific code. It
	could trivially be dispatched directly from the domain event code,
	thus removing tedious boilerplate code from all drivers

	Also fix the libxl & xen drivers to pass 'true' when creating the
	virDomainEventState, since they run inside the daemon & thus always
	expect events to be present.

	* src/conf/domain_event.c, src/conf/domain_event.h: Internalize
	  dispatch of events from timer callback
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_domain.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Remove all timer dispatch functions

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove decl of all APIs related to domain event callbacks & queues
	The virDomainEventCallbackList and virDomainEventQueue APIs are
	now solely helpers used internally by virDomainEventState APIs.
	Remove their decls from domain_event.h since no driver code should
	need to use them any more.

	* src/conf/domain_event.c: Make virDomainEventCallbackList and
	  virDomainEventQueue APIs static & remove some unused APIs
	* src/conf/domain_event.h, src/libvirt_private.syms: Remove
	  virDomainEventCallbackList and virDomainEventQueue APIs

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove all domain event structs from header
	No caller of the domain events APIs should need to poke at the
	struct internals. Thus they should all be removed from the
	header file

	* src/conf/domain_event.h: Remove struct definitions
	* src/conf/domain_event.c: Add struct definitions

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Convert drivers to thread safe APIs for adding callbacks
	* src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Convert
	  to threadsafe APIs

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs to allow management of callbacks purely with virDomainEventState
	While virDomainEventState has APIs for managing removal of callbacks,
	while locked, adding callbacks in the first place requires direct
	access to the virDomainEventCallbackList structure. This is not
	threadsafe since it is bypassing the virDomainEventState locks

	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Add APIs for managing callbacks
	  via virDomainEventState.

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Return count of callbacks when registering callbacks
	When registering a callback for a particular event some callers
	need to know how many callbacks already exist for that event.
	While it is possible to ask for a count, this is not free from
	race conditions when threaded. Thus the API for registering
	callbacks should return the count of callbacks. Also rename
	virDomainEventStateDeregisterAny to virDomainEventStateDeregisterID

	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Return count of callbacks when
	  registering callbacks
	* src/libxl/libxl_driver.c, src/libxl/libxl_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/remote/remote_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Update
	  for change in APIs

2011-12-19  Daniel P. Berrange  <berrange@redhat.com>

	Convert Xen & VBox drivers to use virDomainEventState
	The Xen & VBox drivers deal with callbacks & dispatching of
	events directly. All the other drivers use a timer to dispatch
	events from a clean stack state, rather than deep inside the
	drivers. Convert Xen & VBox over to virDomainEventState so
	that they match behaviour of other drivers

	* src/conf/domain_event.c: Return count of remaining
	  callbacks when unregistering event callback
	* src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
	  src/xen/xen_driver.h: Convert to virDomainEventState

2011-12-16  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: do not create ebtables chain unnecessarily
	If only iptables rules are created then two unnecessary ebtables chains
	are also created. This patch fixes this and prevents these chains from
	being created. They have been cleaned up properly, though.

2011-12-16  Eric Blake  <eblake@redhat.com>

	build: disable dtrace on non-Linux builds
	Using dtrace (and systemtap in general) is Linux-specific.
	Running ./autobuild.sh shows that attempting a cross-build to
	target mingw was mistakenly trying to build dtrace code, merely
	because it was present on the compilation host.

	* configure.ac (with_dtrace): Don't attempt to use dtrace when
	doing a cross-build hosted on Linux but targetting elsewhere.
	Reported by Daniel P. Berrange.

2011-12-16  Peter Krempa  <pkrempa@redhat.com>

	migration: Add more specific error code/message on migration abort
	A generic error code was returned, if the user aborted a migration job.
	This made it hard to distinguish between a user requested abort and an
	error that might have occured. This patch introduces a new error code,
	which is returned in the specific case of a user abort, while leaving
	all other failures with their existing code. This makes it easier to
	distinguish between failure while mirgrating and an user requested
	abort.

	 * include/libvirt/virterror.h: - add new error code
	 * src/util/virterror.c: - add message for the new error code
	 * src/qemu/qemu_migration.h: - Emit operation aborted error instead of
	                                operation failed, on migration abort

2011-12-16  Eric Blake  <eblake@redhat.com>

	qemu: detect truncated file as invalid save image
	If managed save fails at the right point in time, then the save
	image can end up with 0 bytes in length (no valid header), and
	our attempts in commit 55d88def to detect and skip invalid save
	files missed this case.

	* src/qemu/qemu_driver.c (qemuDomainSaveImageOpen): Also unlink
	empty file as corrupt.  Reported by Dennis Householder.

2011-12-16  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't drop hostdev config until security label restore
	Currently, on device detach, we parse given XML, find the device
	in domain object, free it and try to restore security labels.
	However, in some cases (e.g. usb hostdev) parsed XML contains
	less information than freed device. In usb case it is bus & device
	IDs. These are needed during label restoring as a symlink into
	/dev/bus is generated from them. Therefore don't drop device
	configuration until security labels are restored.

2011-12-16  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add option to undefine storage with domains
	Add an option for virsh undefine command, to remove associated storage
	volumes while undefining a domain. This patch allows the user to remove
	associated (libvirt managed ) storage volumes while undefining a domain.

	The new option --storage for the undefine command takes a string
	argument that consists of comma separated list of target or source path
	of volumes to be undefined. Volumes are removed after the domain has
	been successfully undefined,

	If a volume is not part of a storage pool, the user is warned to remove
	the volume in question himself.

	Option --wipe-storage may be specified along with this, that ensures
	the image is wiped before removing.

	Option --remove-all-storage enables the user to remove all storage. The
	name is chosen long as the users should be aware what they're about to
	do.

2011-12-16  Eric Blake  <eblake@redhat.com>

	build: let autobuild check more code
	Some gcc warnings about no % in a printf format string only
	appear under --disable-nls.  And configure.ac should automatically
	be excluding modules on mingw without us having to be explicit.
	Improving autobuild.sh to stress more combinations can only help.

	* autobuild.sh: Add --disable-nls on first build.  Update mingw
	build to rely more on configure.ac detection.

2011-12-15  Jim Fehlig  <jfehlig@suse.com>

	Fix default migration speed in qemu driver
	In commit 6f84e110 I mistakenly set default migration speed to
	33554432 Mb!  The units of migMaxBandwidth is Mb, with conversion
	handled in qemuMonitor{JSON,Text}SetMigrationSpeed().

	Also, remove definition of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX since
	it is no longer used after reverting commit ef1065cf.

2011-12-15  Osier Yang  <jyang@redhat.com>

	python: Expose blockPeek and memoryPeek in Python binding
	A simple example to show how to use it:

	\#! /usr/bin/python

	import os
	import sys
	import libvirt

	disk = "/var/lib/libvirt/images/test.img"

	conn = libvirt.open(None)
	dom = conn.lookupByName('test')

	mem_contents = dom.memoryPeek(0, 32, libvirt.VIR_MEMORY_VIRTUAL);
	sys.stdout.write(mem_contents)

	% python test.py | hexdump
	0000000 1660 0209 0000 0000 0000 0000 0000 0000
	0000010 0000 0000 0000 0000 d3a0 01d0 0000 0000
	0000020

2011-12-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix race between async and query jobs
	If an async job run on a domain will stop the domain at the end of the
	job, a concurrently run query job can hang in qemu monitor and nothing
	can be done with that domain from this point on. An attempt to start
	such domain results in "Timed out during operation: cannot acquire state
	change lock" error.

	However, quite a few things have to happen at the right time... There
	must be an async job running which stops a domain at the end. This race
	was reported with dump --crash but other similar jobs, such as
	(managed)save and migration, should be able to trigger this bug as well.
	While this async job is processing its last monitor command, that is a
	query-migrate to which qemu replies with status "completed", a new
	libvirt API that results in a query job must arrive and stay waiting
	until the query-migrate command finishes. Once query-migrate is done but
	before the async job closes qemu monitor while stopping the domain, the
	other thread needs to wake up and call qemuMonitorSend to send its
	command to qemu. Before qemu gets a chance to respond to this command,
	the async job needs to close the monitor. At this point, the query job
	thread is waiting for a condition that no-one will ever signal so it
	never finishes the job.

2011-12-15  Osier Yang  <jyang@redhat.com>

	qemu: Do not free the device from activePciHostdevs if it's in use
	* src/qemu/qemu_hostdev.c (qemuDomainReAttachHostdevDevices):
	pciDeviceListFree(pcidevs) in the end free()s the device even if
	it's in use by other domain, which can cause a race.

	How to reproduce:

	<script>

	virsh nodedev-dettach pci_0000_00_19_0
	virsh start test
	virsh attach-device test hostdev.xml
	virsh start test2

	for i in {1..5}; do
	        echo "[ -- ${i}th time --]"
	        virsh nodedev-reattach pci_0000_00_19_0
	done

	echo "clean up"
	virsh destroy test
	virsh nodedev-reattach pci_0000_00_19_0
	</script>

	Device pci_0000_00_19_0 dettached

	Domain test started

	Device attached successfully

	error: Failed to start domain test2
	error: Requested operation is not valid: PCI device 0000:00:19.0 is in use by domain test

	[ -- 1th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 2th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 3th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 4th time --]
	Device pci_0000_00_19_0 re-attached

	[ -- 5th time --]
	Device pci_0000_00_19_0 re-attached

	clean up
	Domain test destroyed

	Device pci_0000_00_19_0 re-attached

	The patch also fixes another problem, there won't be error like
	"qemuDomainReAttachHostdevDevices: Not reattaching active
	device 0000:00:19.0" in daemon log if some device is in active.
	As pciResetDevice and pciReattachDevice won't be called for
	the device anymore. This is sensible as we already reported
	error when preparing the device if it's active. Blindly trying
	to pciResetDevice & pciReattachDevice on the device and getting
	an error is just redundant.

2011-12-15  Osier Yang  <jyang@redhat.com>

	qemu: Honor the original properties of PCI device when detaching
	This patch fixes two problems:
	    1) The device will be reattached to host even if it's not
	       managed, as there is a "pciDeviceSetManaged".
	    2) The device won't be reattached to host with original
	       driver properly. As it doesn't honor the device original
	       properties which are maintained by driver->activePciHostdevs.

2011-12-14  Wen Congyang  <wency@cn.fujitsu.com>

	spec: fix inverted logic on sanlock
	Commit d336dbdb tried to refactor sanlock to avoid building it
	on RHEL for architectures where it is not available, but used
	the wrong conditional.

	* libvirt.spec.in (with_sanlock): Use %ifarch, not %ifnarch.

2011-12-14  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	virsh: support multifunction in attach-disk
	PCI <address...> can be specified by attach-disk but multifunction cannot
	be specified. Add --multifunction support.

2011-12-13  Eric Blake  <eblake@redhat.com>

	docs: tweak 'virsh edit' wording
	I was wondering why 'virsh edit' didn't support the same
	'--inactive' option as 'virsh dumpxml'; reading the source
	code showed that --inactive was already implied, and that
	the only way to alter a running guest rather than affecting
	next boot is by hot-plugging individual devices, or by
	something complex like saving the guest and modifying the
	save image.

	* tools/virsh.pod (define, edit): Mention behavior when guest is
	already running.

2011-12-13  Peter Krempa  <pkrempa@redhat.com>

	python: Fix export of virDomainSnapshotListChildrenNames
	Commit f2013c9dd1ce468b8620ee35c232a93ef7026fb0 added implementation of
	virDomainSnapshotListChildrenNames override export, but registration of
	the newly exported function was not added.

	 *python/libvirt-override.c: - register export of function

2011-12-13  Lei Li  <lilei@linux.vnet.ibm.com>

	Provide a helper method virDomainLiveConfigHelperMethod
	This chunk of code below repeated in several functions, factor it into
	a helper method virDomainLiveConfigHelperMethod to eliminate duplicated code
	based on Eric and Adam's suggestion. I have tested it for all the
	relevant APIs changed.

2011-12-13  Peter Krempa  <pkrempa@redhat.com>

	virsh: Print error message if argument parsing fails for cmdNodesuspend
	If parsing of arguments failed, virsh did silently exit returning and
	error state, but not specifying the possible problem.

	 * tools/virsh: cmdNodesuspend: - error handling added

2011-12-13  Alex Jia  <ajia@redhat.com>

	tests: plug memory leak on linuxTestNodeInfo
	Detected by valgrind. Leak introduced in commit 82ff25e.

	* tests/nodeinfotest.c: avoid memory leak on nodeinfo test case.

	* how to reproduce?
	  % cd tests && valgrind -v --leak-check=full ./nodeinfotest

	* actual valgrind result:

	==22147== 65 bytes in 1 blocks are definitely lost in loss record 14 of 29
	==22147==    at 0x4A0610F: realloc (vg_replace_malloc.c:525)
	==22147==    by 0x330D6FED94: __vasprintf_chk (in /lib64/libc-2.12.so)
	==22147==    by 0x426697: virVasprintf (stdio2.h:199)
	==22147==    by 0x426757: virAsprintf (util.c:1695)
	==22147==    by 0x41585F: linuxTestNodeInfo (nodeinfotest.c:108)
	==22147==    by 0x416B21: virtTestRun (testutils.c:141)
	==22147==    by 0x4157EA: mymain (nodeinfotest.c:140)
	==22147==    by 0x416217: virtTestMain (testutils.c:696)
	==22147==    by 0x330D61ECDC: (below main) (in /lib64/libc-2.12.so)
	==22147==
	==22147== LEAK SUMMARY:
	==22147==    definitely lost: 65 bytes in 1 blocks
	==22147==    indirectly lost: 0 bytes in 0 blocks
	==22147==      possibly lost: 0 bytes in 0 blocks
	==22147==    still reachable: 126,126 bytes in 1,341 blocks

2011-12-13  Osier Yang  <jyang@redhat.com>

	storage: Fix a potential crash when creating vol object
	If the vol object is newly created, it increases the volumes count,
	but doesn't decrease the volumes count when do cleanup. It can
	cause libvirtd to crash when one trying to free the volume objects
	like:
	    for (i = 0; i < pool->volumes.count; i++)
	        virStorageVolDefFree(pool->volumes.objs[i]);

	It's more reliable if we add the newly created vol object in the
	end.

2011-12-12  Eric Blake  <eblake@redhat.com>

	docs: document <address> elements in one place
	Improve the documentation of what forms a valid <address> element,
	since these elements appear in numerous devices.

	* docs/formatdomain.html.in (elementsAddress): New section.
	(elementsControllers, elementsUSB, elementsNICS, elementsInput)
	(elementsHub, elementsCharChannel, elementsSound): Refer to it.

2011-12-12  Eric Blake  <eblake@redhat.com>

	build: follow directory install conventions
	Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
	to follow other conventions already present in src/Makefile.am.
	In particular, we prefer MKDIR_P over mkdir -p, and should
	have a matching rmdir during uninstall for every directory
	created during install (the idea being that uninstall in a
	DESTDIR should be clean, while installation in the final
	system should not fail with non-empty directories left behind).

	* tools/Makefile.am (install-sysconfig, install-initscript)
	(install-systemd): Use MKDIR_P.
	(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
	Also remove directories.
	* daemon/Makefile.am (install-data-local, install-data-polkit)
	(install-logrotate, install-sysconfig, install-sysctl)
	(install-init-redhat, install-init-upstart, install-init-systemd)
	(install-data-sasl): Use MKDIR_P.
	(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
	(uninstall-init-redhat, uninstall-init-upstart)
	(uninstall-init-systemd): Also remove directory.
	(uninstall-logrotate): New rule.
	(uninstall-local): Add uninstall-logrotate.

2011-12-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Disable EOF processing during qemuDomainDestroy
	When destroying a domain qemuDomainDestroy kills its qemu process and
	starts a new job, which means it unlocks the domain object and locks it
	again after some time. Although the object is usually unlocked for a
	pretty short time, chances are another thread processing an EOF event on
	qemu monitor is able to lock the object first and does all the cleanup
	by itself. This leads to wrong shutoff reason and lifecycle event detail
	and virDomainDestroy API incorrectly reporting failure to destroy an
	inactive domain.

	Reported by Charlie Smurthwaite.

2011-12-12  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Free returned MIME type string
	In terms of documentation to virDomainScreenshot, caller MUST free
	returned value. But virsh was not.

2011-12-12  Osier Yang  <jyang@redhat.com>

	Maint: Update AUTHORs
	Add Rommer in.

2011-12-12  Rommer  <rommer@active.by>

	storage: Activate/deactivate logical volumes only on local node
	Current "-ay | -an" has problems on pool starting/refreshing if
	the volumes are clustered. Rommer has posted a patch to list 2
	months ago.

	https://www.redhat.com/archives/libvir-list/2011-October/msg01116.html

	But IMO we shouldn't skip the inactived vols. So this is a squashed
	patch by Rommer.

2011-12-12  Josh Durgin  <josh.durgin@dreamhost.com>

	security: don't try to label network disks
	Network disks don't have paths to be resolved or files to be checked
	for ownership. ee3efc41e6233e625aa03003bf3127319ccd546f checked this
	for some image label functions, but was partially reverted in a
	refactor.  This finishes adding the check to each security driver's
	set and restore label methods for images.

2011-12-12  Dave Allan  <dallan@redhat.com>

	Fix make uninstall
	Make uninstall currently fails with the following message:

	rmdir /etc/sasl2/
	rmdir: failed to remove `/etc/sasl2/': Directory not empty

	That's fine (correct in fact) so force the command to return success
	with || :

2011-12-10  Laine Stump  <laine@laine.org>

	test: replace deprecated "fedora-13" machine with "pc-0.13"
	One of the xml tests in the test suite was created using a
	now-deprecated qemu machine type ("fedora-13", which was only ever
	valid for Fedora builds of qemu). Although strictly speaking it's not
	necessary to replace it with an actual supported qemu machine type
	(since the xml in question is never actually sent to qemu), this patch
	changes it to the actually-supported "pc-0.13" just for general
	tidiness. (Also, on some Fedora builds which contain a special patch
	to rid the world of "fedora-13", having it mentioned in the test suite
	will cause make check to fail.)

2011-12-10  Laine Stump  <laine@redhat.com>

	network: don't add iptables rules for externally managed networks
	This patch addresses https://bugzilla.redhat.com/show_bug.cgi?id=760442

	When a network has any forward type other than route, nat or none, the
	network configuration should be done completely external to libvirt -
	libvirt only uses these types to allow configuring guests in a manner
	that isn't tied to a specific host (all the host-specific information,
	in particular interface names, port profile data, and bandwidth
	configuration is in the network definition, and the guest
	configuration only references it).

	Due to a bug in the bridge network driver, libvirt was adding iptables
	rules for networks with forward type='bridge' etc. any time libvirtd
	was restarted while one of these networks was active.

	This patch eliminates that error by only "reloading" iptables rules if
	forward type is route, nat, or none.

2011-12-09  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Prepare to cater for more general address assignment
	Currently qemuDomainAssignPCIAddresses() is called to assign addresses
	to PCI devices.

	We need to do something similar for devices with spapr-vio addresses.
	So create one place where address assignment will be done, that is
	qemuDomainAssignAddresses().

2011-12-09  Michael Ellerman  <michael@ellerman.id.au>

	qemu: Add address in qemuBuildChrDeviceStr() on pseries
	For the PPC64 pseries machine type we need to add address information
	for the spapr-vty device.

	qemu: Use spapr-vscsi on pseries machine type
	On the PPC64 pseries machine type we need to use the spapr-vscsi device
	rather than an lsi.

2011-12-09  Eric Blake  <eblake@redhat.com>

	network: allow '-' in model name
	In QEMU PPC64 we have a network device called "spapr-vlan". We can specify
	this using the existing syntax for network devices, however libvirt
	currently rejects "spapr-vlan" in virDomainNetDefParseXML() because of
	the "-". Fix the code to accept "-".

	* src/conf/domain_conf.c (virDomainNetDefParseXML): Allow '-' in
	model name, and be more efficient.
	* docs/schemas/domaincommon.rng: Limit valid model names to match code.
	Based on a patch by Michael Ellerman.

2011-12-09  Michal Privoznik  <mprivozn@redhat.com>

	threadpool: Use while loop on virCondWait
	instead of simple 'if' statement as virCondWait can return
	even if associated condition was not signaled.

	threads: Document spurious wakeups on virCondWait

2011-12-09  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leak on cmdDomblklist
	Detected by valgrind. Leak introduced in commit 88a993b:

	* tools/virsh.c: fix memory leak on cmdDomblklist.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domblklist <domain name>

	* actual valgrind result:

	==6573== 1,836 bytes in 1 blocks are definitely lost in loss record 110 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x330D71497D: xdr_string (in /lib64/libc-2.12.so)
	==6573==    by 0x4D26CED: xdr_remote_nonnull_string (remote_protocol.c:30)
	==6573==    by 0x4D28138: xdr_remote_domain_get_xml_desc_ret (remote_protocol.c:1418)
	==6573==    by 0x4D3C0C2: virNetMessageDecodePayload (virnetmessage.c:382)
	==6573==    by 0x4D3279F: virNetClientProgramCall (virnetclientprogram.c:382)
	==6573==    by 0x4D0D50B: callWithFD (remote_driver.c:4339)
	==6573==    by 0x4D0D5AB: call (remote_driver.c:4360)
	==6573==    by 0x4D16EAF: remoteDomainGetXMLDesc (remote_client_bodies.h:861)
	==6573==    by 0x4CF9F4F: virDomainGetXMLDesc (libvirt.c:4098)
	==6573==    by 0x4154D9: cmdDomblklist (virsh.c:1722)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==
	==6573== 46,009 (352 direct, 45,657 indirect) bytes in 1 blocks are definitely lost in loss record 123 of 124
	==6573==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==6573==    by 0x3318286DC6: xmlXPathNewContext (in /usr/lib64/libxml2.so.2.7.6)
	==6573==    by 0x4C79AE2: virXMLParseHelper (xml.c:779)
	==6573==    by 0x415512: cmdDomblklist (virsh.c:1726)
	==6573==    by 0x4149E2: vshCommandRun (virsh.c:16365)
	==6573==    by 0x427743: main (virsh.c:17867)
	==6573==
	==6573== LEAK SUMMARY:
	==6573==    definitely lost: 2,188 bytes in 2 blocks
	==6573==    indirectly lost: 45,657 bytes in 332 blocks
	==6573==      possibly lost: 0 bytes in 0 blocks
	==6573==    still reachable: 128,034 bytes in 1,364 blocks
	==6573==         suppressed: 0 bytes in 0 blocks

2011-12-09  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	fix error when parsing ppc64 models on x86 host
	When parsing ppc64 models on an x86 host an out-of-memory error message is displayed due
	to it checking for retcpus being NULL. Fix this by removing the check whether retcpus is NULL
	since we will realloc into this variable.
	Also in the X86 model parser display the OOM error at the location where it happens.

2011-12-09  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	fix memory leak in src/nodeinfo.c
	Fix memory leak:

	==27534== 24 bytes in 1 blocks are definitely lost in loss record 207 of 530
	==27534==    at 0x4A05E46: malloc (vg_replace_malloc.c:195)
	==27534==    by 0x38EC26EC37: vasprintf (in /lib64/libc-2.13.so)
	==27534==    by 0x4E998E6: virVasprintf (util.c:1677)
	==27534==    by 0x4E999F1: virAsprintf (util.c:1695)
	==27534==    by 0x4F1EAAC: nodeGetInfo (nodeinfo.c:593)
	==27534==    by 0x47948F: qemuCapsInitCPU (qemu_capabilities.c:855)
	==27534==    by 0x4796B1: qemuCapsInit (qemu_capabilities.c:915)
	==27534==    by 0x456550: qemuCreateCapabilities (qemu_driver.c:245)
	==27534==    by 0x4578C4: qemudStartup (qemu_driver.c:580)
	==27534==    by 0x4F20886: virStateInitialize (libvirt.c:852)
	==27534==    by 0x420E55: daemonRunStateInit (libvirtd.c:1156)
	==27534==    by 0x4E94C56: virThreadHelper (threads-pthread.c:157)

	Mark this leaked variable as const char * when it is passed into another
	function.

2011-12-09  Michal Privoznik  <mprivozn@redhat.com>

	threadpool: Don't wait on condition if pool has no workers
	Pool creates new workers dynamically. However, it is possible
	for a pool to have no workers. If we want to free that pool,
	we don't want to wait on quit condition as it will never be
	signaled.

2011-12-09  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix forward delay APIs
	Due to copy&paste error in c1df2c14b590b3d68b707aa4f3a570f95a6bc548,
	virNetDevBridge[SG]etSTPDelay APIs were accessing wrong file.

2011-12-09  Peter Krempa  <pkrempa@redhat.com>

	cpu: Add cpu flags supported by newest qemu
	Add support for newly supported Intel cpu features. Newly supported
	flags are: pclmuldq, dtes64, smx, fma, pdcm, movbe, xsave, osxsave and
	avx. This adds support for Intel's Sandy Bridge platform.

	virsh: return correct value from cmdDomIfGetLink
	Reported by Alex Jia <ajia@redhat.com>. Function cmdDomIfGetLink did not
	set a success return value on success path.

2011-12-09  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Pass the VM's UUID into the nwfilter subsystem
	A preparatory patch for DHCP snooping where we want to be able to
	differentiate between a VM's interface using the tuple of
	<VM UUID, Interface MAC address>. We assume that MAC addresses could
	possibly be re-used between different networks (VLANs) thus do not only
	want to rely on the MAC address to identify an interface.

	At the current 'final destination' in virNWFilterInstantiate I am leaving
	the vmuuid parameter as ATTRIBUTE_UNUSED until the DHCP snooping patches arrive.
	(we may not post the DHCP snooping patches for 0.9.9, though)

	Mostly this is a pretty trivial patch. On the lowest layers, in lxc_driver
	and uml_conf, I am passing the virDomainDefPtr around until I am passing
	only the VM's uuid into the NWFilter calls.

2011-12-09  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: cleanup return codes in nwfilter subsystem
	This patch cleans up return codes in the nwfilter subsystem.

	Some functions in nwfilter_conf.c (validators and formatters) are
	keeping their bool return for now and I am converting their return
	code to true/false.

	All other functions now have failure return codes of -1 and success
	of 0.

	[I searched for all occurences of ' 1;' and checked all 'if ' and
	adapted where needed. After that I did a grep for 'NWFilter' in the source
	tree.]

2011-12-09  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leak on cmdDomIfGetLink() sucessful path
	Detected by valgrind. Leak introduced in commit dc675f3:

	* tools/virsh.c: fix memory leak on cmdDomIfGetLink.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh domif-getlink <domain name> 0

	* actual valgrind result:

	==13102== 18 bytes in 1 blocks are definitely lost in loss record 9 of 47
	==13102==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==13102==    by 0x322A6A67DD: xmlStrndup (in /usr/lib64/libxml2.so.2.7.6)
	==13102==    by 0x414892: cmdDomIfGetLink (virsh.c:1538)
	==13102==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==13102==    by 0x4253FB: main (virsh.c:17865)
	==13102==
	==13102== LEAK SUMMARY:
	==13102==    definitely lost: 18 bytes in 1 blocks
	==13102==    indirectly lost: 0 bytes in 0 blocks
	==13102==      possibly lost: 0 bytes in 0 blocks
	==13102==    still reachable: 127,888 bytes in 1,361 blocks
	==13102==         suppressed: 0 bytes in 0 blocks

2011-12-09  Alex Jia  <ajia@redhat.com>

	virsh: plug memory leak on cmdBlkdeviotune() sucessful path
	Detected by valgrind. Leak introduced in commit e9bd9a0:

	* tools/virsh.c: fix memory leak on cmdBlkdeviotune.

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkdeviotune <domain name> <block device>

	* actual valgrind result:

	==12759== 576 bytes in 1 blocks are definitely lost in loss record 18 of 29
	==12759==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==12759==    by 0x42134E: _vshCalloc.clone.2 (virsh.c:422)
	==12759==    by 0x4217CB: cmdBlkdeviotune (virsh.c:6364)
	==12759==    by 0x4136A2: vshCommandRun (virsh.c:16363)
	==12759==    by 0x4253FB: main (virsh.c:17865)
	==12759==
	==12759== LEAK SUMMARY:
	==12759==    definitely lost: 576 bytes in 1 blocks
	==12759==    indirectly lost: 0 bytes in 0 blocks
	==12759==      possibly lost: 0 bytes in 0 blocks
	==12759==    still reachable: 126,964 bytes in 1,342 blocks
	==12759==         suppressed: 0 bytes in 0 blocks

2011-12-08  Eric Blake  <eblake@redhat.com>

	maint: allow bootstrap in a sandbox
	Jiri Denemark reported an instance of bootstrapping libvirt
	failing when run inside a sandbox, traced to rpm trying to
	access /var/ which was not permitted by the sandbox.

	Alex Jia reported that 0.9.8-rc1 failed to bootstrap if patch(1)
	is not installed.

	* bootstrap.conf (buildreq): Avoid rpm call if python-config
	exists.  Also, require patch, in case we have gnulib-local diffs.

2011-12-08  Laine Stump  <laine@redhat.com>

	test: fix potential lock corruption in test driver
	In some error situations, the function testDomainRestoreFlags() could
	unlock the test driver mutex without first locking it. This patch
	moves the lock operation earlier, so that it occurs before any
	potential jump down to the unlock call.

	I found this problem while auditing the test driver lock usage to
	determine the cause of a hang while running the following test:

	  cd tests; while true; do printf x; ./undefine; done

	This patch *does not* solve that problem, but we now understand its
	actual source, and danpb is working on a patch.

2011-12-08  Eric Blake  <eblake@redhat.com>

	spec: fix logic bug in deciding to turn on cgconfig
	https://bugzilla.redhat.com/show_bug.cgi?id=738725

	Commit ecd8725 tried to silence a spurious warning on the initial
	libvirt install, and commit ba6cbb1 tried to fix up the logic to the
	correct Fedora version, but the warning was still present due to a
	logic bug: since %{fedora} and %{rhel} are never simulatanously
	set, then 0%{rhel} <= 6 made the %if always true.  Checking for
	minimum versions (via >=) is okay, but checking for maximum versions
	(via <=) requires a prerequisite test that the platform being tested
	is non-zero.

	Also fix a bogus setting of with_libxl (although we previously
	hard-code with_libxl to 0 for rhel earlier in the file, so this
	was not as severe a bug).

	* libvirt.spec.in (with_cgconfig): Don't enable cgconfig on F16.

2011-12-08  Eric Blake  <eblake@redhat.com>

	spec: make it easier to autoreconf when building rpm
	Over time, Fedora and RHEL RPMs have often backported upstream
	patches that touched configure.ac and/or Makefile.am; this
	necessitates rerunning the autotools for the patch to be effective.
	Making this a one-liner spec tweak will make it easier for future
	backports to pull patches without having to find all the places
	to touch to properly use the autotools.  Meanwhile, there have been
	historical instances where an update in the autotools caused FTBFS
	situations, so this is not on by default.

	* libvirt.spec.in (enable_autotools): New variable, default off.
	(BuildRequires): Conditionally add autotools.
	(%build): Conditionally use them before configure.
	* mingw32-libvirt.spec.in: Likewise.

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	When checking nttyFDs to see if it is != 1, be sure to use '1' and not '-1'
	* src/lxc/lxc_controller.c: Fix check for tty count

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix installation of libvirt-guests.service
	The installation rules for the libvirt-guests.service were
	totally broken

	 - Installing in the wrong location
	 - The location was not overridable
	 - The install-systemd rule was not invoked anywhere
	 - The install-systemd rule was not invoking install-initscript
	   which it depends on
	 - The installed service file lacked a .service extension

	* tools/Makefile.am: Fix install of libvirt-guests.service

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Ensure to prefix %{buildroot} when overriding systemd install location
	The %makeinstall macro does not set DESTDIR, instead of explicitly
	prefixes %{buildroot} onto all paths. Thus we need to do the same
	when setting the systemd unit dir

	* libvirt.spec.in: Prefix %{buildroot} onto %{unitdir}

2011-12-08  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	Add ppc64 specific definitions to domain.rng
	ppc64 as new arch type and pseries as new machine type are
	added under <os> ...  </os>.

2011-12-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Clean up qemuBuildCommandLine to remove x86-specific
	 assumptions from generic code.

	This implements the minimal set of changes needed in libvirt to launch a
	PowerPC-KVM based guest.
	It removes x86-specific assumptions about choice of serial driver backend
	from generic qemu guest commandline generation code.
	It also restricts the ACPI capability to be available for an x86 or
	x86_64 domain.
	This is not a complete solution -- it still does not guarantee libvirt
	the capability to flag non-supported options in guest XML. (Eg, an ACPI
	specification in a PowerPC guest XML will still get processed, even
	though qemu-system-ppc64 does not support it while qemu-system-x86_64 does.)
	This drawback exists because libvirt falls back on qemu to query supported
	features, and qemu '-h' blindly lists all capabilities -- irrespective
	of whether they are available while emulating a given architecture or not.
	The long-term solution would be for qemu to list out capabilities based
	on architecture and platform -- so that libvirt can cleanly make out what
	devices are supported on an arch (say 'ppc64') and platform (say, 'mac99').

2011-12-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Add support for ppc64 qemu
	This enables libvirt to select the correct qemu binary (qemu-system-ppc64)
	for a guest vm based on arch 'ppc64'.
	Also, libvirt is enabled to correctly parse the list of supported PowerPC
	CPUs, generated by running 'qemu-system-ppc64 -cpu ?'

	Acked-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

2011-12-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Modify the tests/nodeinfotest.c to use sysfs in addition
	 to proc/cpuinfo

	This patch creates a new sysfs hierarchy under
	tests/nodeinfodata/linux-nodeinfo-sysfs-test-1.
	Output files and /proc/cpuinfo files are also respectively added for
	both x86 and ppc64.

2011-12-08  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Use sysfs to gather host topology, in place of
	 /proc/cpuinfo

	Libvirt at present depends on /proc/cpuinfo to gather host
	details such as CPUs, cores, threads, etc. This is an architecture-
	dependent approach. An alternative is to use 'Sysfs', which provides
	a platform-agnostic interface to parse host CPU topology.

2011-12-08  Christophe Fergeau  <cfergeau@redhat.com>

	maint: move my name to commiters
	Since I have commit rights on libvirt-glib, I can also push to
	libvirt, Eric Blake told to move my name up to committers to better
	reflect reality.

2011-12-08  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.8
	* configure.ac docs/news.html.in libvirt.spec.in: updated for the release
	* po/*.po*: fetched localization update and regenerated

2011-12-08  Eric Blake  <eblake@redhat.com>

	spec: don't use chkconfig --list
	https://bugzilla.redhat.com/show_bug.cgi?id=694403 reports that
	the specfile is incorrectly checking for a running libvirt-guests
	service.  For example,

	$ LC_ALL=es_ES chkconfig --list libvirt-guests
	libvirt-guests 	  0:desactivado		 1:desactivado	   2:desactivado     3:activo	 4:activo  5:activo	    6:desactivado

	will fail to find 5:on, even though it is active.  But chkconfig
	already has a mode where you can silently use the exit status to
	check for an active service.

	* libvirt.spec.in (%post): Use simpler chkconfig options, to avoid
	issues with localization.

2011-12-08  Eric Blake  <eblake@redhat.com>

	build: fix build with older libxml2
	On RHEL 5, with libxml2-2.6.26, the build failed with:
	virsh.c: In function 'vshNodeIsSuperset':
	virsh.c:11951: warning: implicit declaration of function 'xmlChildElementCount'

	(or if warnings aren't errors, a link failure later on).

	* src/util/xml.h (virXMLChildElementCount): New prototype.
	* src/util/xml.c (virXMLChildElementCount): New function.
	* src/libvirt_private.syms (xml.h): Export it.
	* tools/virsh.c (vshNodeIsSuperset): Use it.

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix updating of haveTheBuck in RPC client to be race-free
	When one thread passes the buck to another thread, it uses
	virCondSignal to wake up the target thread. The variable
	'haveTheBuck' is not updated in a race-free manner when
	this occurs. The current thread sets it to false, and the
	woken up thread sets it to true. There is a window where
	a 3rd thread can come in and grab the buck.

	Even if this didn't lead to crashes & deadlocks, this would
	still result in unfairness in the buckpassing algorithm.

	A better solution is to *never* set haveTheBuck to false
	when we're passing the buck. Only set it to false when there
	is no further thread waiting for the buck.

	* src/rpc/virnetclient.c: Only set haveTheBuck to false
	  if no thread is waiting

2011-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d
	Commit fd066925440ba48acc95d8f31b2c98b1cc9d582d tried to fix
	a race condition in

	  commit fa9595003d043df9f2efe95521c00898cef27106
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Fri Nov 11 15:28:41 2011 +0000

	    Explicitly track whether the buck is held in remote client

	Unfortunately there is a second race condition whereby the
	event loop can trigger due to incoming data to read. Revert
	this fix, so a complete fix for the problem can be cleanly
	applied

	* src/rpc/virnetclient.c: Revert fd066925440ba48acc95d8f31b2c98b1cc9d582d

2011-12-07  Jim Fehlig  <jfehlig@suse.com>

	Prevent crash of libvirtd when attaching to existing qemu process
	With security_driver set to "none" in /etc/libvirt/qemu.conf,
	libvirtd would crash when attempted to attach to an existing
	qemu process.  Only copy the security model if it actually exists.

2011-12-07  Christophe Fergeau  <cfergeau@redhat.com>

	Add documentation for <disk><source type="dir">

	Fix typo in virDomainResume API doc
	It's referring to virSuspendDomain instead of
	virDomainSuspend.

2011-12-07  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore shutdown event from destroyed domain
	During virDomainDestroy, QEMU may emit SHUTDOWN event as a response to
	SIGTERM and since domain object is still locked, the event is processed
	after the domain is destroyed. We need to ignore this event in such case
	to avoid changing domain state from shutoff to shutdown.

2011-12-07  Osier Yang  <jyang@redhat.com>

	npiv: Expose fabric_name outside
	This patch is to expose the fabric_name of fc_host class, which
	might be useful for users who wants to known which fabric the
	(v)HBA connects to.

	The patch also adds the missed capabilities' XML schema of scsi_host,
	(of course, with fabric_wwn added), and update the documents
	(docs/formatnode.html.in)

2011-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Conditionalize daemonPath decl for Win32 which lacks UNIX sockets

2011-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Improve error reporting when libvirtd is not installed
	Currently if you try to connect to a local libvirtd when
	libvirtd is not in $PATH, you'll get an error

	  error: internal error invalid use of command API

	This is because remoteFindDaemonPath() returns NULL, which
	causes us to pass NULL into virNetSocketConnectUNIX which
	in turn causes us to pass NULL into virCommandNewArgList.

	Adding missing error checks improves this to

	  error: internal error Unable to locate libvirtd daemon in $PATH

	* src/remote/remote_driver.c: Report error if libvirtd
	  cannot be found
	* src/rpc/virnetsocket.c: Report error if caller requested
	  spawning of daemon, but provided no binary path

2011-12-05  Eric Blake  <eblake@redhat.com>

	spec: fix sanlock dependency
	* libvirt.spec.in (with_sanlock): On RHEL, don't force sanlock
	on architectures where it isn't available.

2011-12-05  Eric Blake  <eblake@redhat.com>

	spec: add dmidecode as prereq
	https://bugzilla.redhat.com/show_bug.cgi?id=754909 complains that
	because libvirt didn't require dmidecode, that the logs are noisy
	and virConnectGetSysinfo needlessly fails.  Even 'virt-what' requires
	dmidecode, so it's not that onerous of a dependency.  We may be
	able to drop this in the future when we move to parsing sysfs data,
	but for now, listing the dependency will help matters.

	* libvirt.spec.in (Requires): Sort Requires before BuildRequires.
	Add dmidecode.

2011-12-05  Eric Blake  <eblake@redhat.com>

	build: reduce warnings from older gcc
	Older gcc warns (on every file!) that -Wabi and -Wdeprecated only
	make sense on C++ projects.  Newer gcc accepts these warnings for
	C, but it is not clear that they can do anything useful, so it
	is easier to just drop the warnings altogether.

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wabi and -Wdeprecated on older gcc.
	Reported by Peter Krempa.

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	examples: Update event tests for shutdown event

2011-12-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect symbols for virtime.h module breaking Mingw32
	The Mingw32 linker highlighted that the symbols for virtime.h
	declared in libvirt_private.syms were incorrect

	* src/libvirt_private.syms: Fix virtime.h symbols

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rework handling of shutdown event
	When QEMU guest finishes its shutdown sequence, qemu stops virtual CPUs
	and when started with -no-shutdown waits for us to kill it using
	SGITERM. Since QEMU is flushing its internal buffers, some time may pass
	before QEMU actually dies. We mistakenly used "paused" state (and
	events) for this which is quite confusing since users may see a domain
	going to pause while they expect it to shutdown. Since we already have
	"shutdown" state with "the domain is being shut down" semantics, we
	should use it for this state.

	However, the state didn't have a corresponding event so I created one
	and called its detail as VIR_DOMAIN_EVENT_SHUTDOWN_FINISHED (guest OS
	finished its shutdown sequence) with the intent to add
	VIR_DOMAIN_EVENT_SHUTDOWN_STARTED in the future if we have a
	sufficiently capable guest agent that can notify us when guest OS starts
	to shutdown.

2011-12-05  Guido Günther  <agx@sigxcpu.org>

	remote_driver: don't fail if keepalive check fails
	Otherwise connections to older libvirt abort with:

	$ virsh -c qemu+ssh://host.example.com/system list
	error: invalid connection pointer in virDrvSupportsFeature
	error: failed to connect to the hypervisor

	Tested against 0.8.3 and 0.9.8-rc2.

2011-12-05  Jiri Denemark  <jdenemar@redhat.com>

	Add support for QEMU 1.0

2011-12-05  Peter Krempa  <pkrempa@redhat.com>

	python: Expose binding for virNodeGetMemoryStats()
	This patch adds binding for virNodeGetMemoryStats method of libvirtd.
	Return value is represented as a python dictionary mapping field
	names to values.

	python: Expose binding for virNodeGetCPUStats()
	This patch adds binding for virNodeGetCPUStats method of libvirtd.
	Return value is represented as a python dictionary mapping field names
	to values.

2011-12-04  Eric Blake  <eblake@redhat.com>

	maint: fix improper use of 'an'
	https://bugzilla.redhat.com/show_bug.cgi?id=648855 mentioned a
	misuse of 'an' where 'a' is proper; that has since been fixed,
	but a search found other problems (some were a spelling error for
	'and', while most were fixed by 'a').

	* daemon/stream.c: Fix grammar.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_event.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_vi.c: Likewise.
	* src/rpc/virnetclient.c: Likewise.
	* src/rpc/virnetserverprogram.c: Likewise.
	* src/storage/storage_backend_fs.c: Likewise.
	* src/util/conf.c: Likewise.
	* src/util/dnsmasq.c: Likewise.
	* src/util/iptables.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* tools/virsh.c: Likewise.

2011-12-03  Eric Blake  <eblake@redhat.com>

	build: require more tools from maintainers
	We want our tarballs to be complete - this means that any
	generated file that gets shipped as part of the tarball so that
	ordinary users don't have to rebuild it must be something
	that the maintainer can generate.  There have been various
	reports of random build failures when using libvirt.git
	instead of a tarball, and often it is due to missing a
	maintainer-specific tool to produce one of these generated
	files.  This patch raises the bar for what you must have
	installed to build libvirt.git, but does not impact what
	you can get away with for building tarballs.

	Note: It still remains possible to do a successful 'make dist'
	without these tools, when starting from a release tarball.

	* bootstrap.conf (buildreq): Add tools that maintainers need for a
	successful 'make dist' from a fresh git checkout.

2011-12-03  Eric Blake  <eblake@redhat.com>

	command: handle empty buffer argument correctly
	virBufferContentAndReset (intentionally) returns NULL for a buffer
	with no content, but it is feasible to invoke a command with an
	explicit empty string.

	* src/util/command.c (virCommandAddEnvBuffer): Reject empty string.
	(virCommandAddArgBuffer): Allow explicit empty argument.
	* tests/commandtest.c (test9): Test it.
	* tests/commanddata/test9.log: Adjust.

2011-12-03  Eric Blake  <eblake@redhat.com>

	build: fix build on Cygwin
	The RPC fixups needed on Linux are also needed on cygwin, and
	worked without further tweaking to the list of fixups.  Also,
	unlike BSD, Cygwin exports 'struct ifreq', but unlike Linux,
	Cygwin lacks the ioctls that we were using 'struct ifreq' to
	access.  This patch allows compilation under cygwin.

	* src/rpc/genprotocol.pl: Also perform fixups on cygwin.
	* src/util/virnetdev.c (HAVE_STRUCT_IFREQ): Also require AF_PACKET
	definition.
	* src/util/virnetdevbridge.c (virNetDevSetupControlFull): Only
	compile if SIOCBRADDBR works.

2011-12-02  Eric Blake  <eblake@redhat.com>

	build: fix build at -O2 on rawhide
	I had previously tested commit 059d746 with -O intentionally omitted
	from my CFLAGS; but that means that I missed out on this warning
	from gcc 4.6.2 when optimizations are enabled:

	util/buf.c: In function 'virBufferGetIndent':
	util/buf.c:86:1: error: function might be candidate for attribute 'pure' [-Werror=suggest-attribute=pure]

	While it is probably a good idea to add the attributes and silence
	this warning, it's also invasive; 'make -k' found more than 75 such
	complaints.  And it doesn't help that gcc 4.6.2 is still buggy
	(coreutils reported a case where gcc 4.6.2 incorrectly suggested
	marking a function pure that incremented a global variable; fixed
	in gcc 4.7).  So the best fix for now is to disable the warning.

	It also doesn't help that I stumbled across another problem - gcc
	documents that -Wsuggest-attribute=pure only warns if you use -O,
	or if you use -fipa-pure-const.  But in practice, when I omitted -O
	but added -fipa-pure-const, the warnings are fickle - I got warnings
	for simple compilation that disappeared when I also added -fPIC.
	And the way libtool compiles things is with -fPIC first, then without
	-fPIC but with errors sent to /dev/null - which meant that without
	disabling -Wsuggest-attribute=pure, I got a compile error with no
	message.  :(  See http://debbugs.gnu.org/cgi/bugreport.cgi?bug=10197

	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Silence
	-Wsuggest-attribute warnings for now.

2011-12-02  Serge Hallyn  <serge.hallyn@canonical.com>

	apparmor: allow tunnelled migrations.
	The pathname for the pipe for tunnelled migration is unresolvable.  The
	libvirt apparmor driver therefore refuses access, causing migration to
	fail.  If we can't resolve the path, the worst that can happen is that
	we should have given permission to the file but didn't.  Otherwise
	(especially since this is a /proc/$$/fd/N file) the file is already open
	and libvirt won't be refused access by apparmor anyway.

	Also adjust virt-aa-helper to allow access to the
	*.tunnelmigrate.dest.name files.

	For more information, see https://launchpad.net/bugs/869553.

2011-12-02  Peter Krempa  <pkrempa@redhat.com>

	client: Check if other thread claims it has the buck before claiming it.
	Originaly, the code checked if another client is the queue and infered
	ownership of the buck from that. Commit fa9595003d043df9f2efe95521c008
	added a separate variable to track the buck. That caused, that a new
	call might enter claiming it has the buck, while another thread was
	signalled to take the buck. This ends in two threads claiming they hold
	the buck and entering poll(). This happens due to a race on waking up
	threads on the client lock mutex.

	This caused multi-threaded clients to hang, most prominently visible and
	reproducible on python based clients, like virt-manager.

	This patch causes threads, that have been signalled to take the buck to
	re-check if buck is held by another thread.

2011-12-02  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Update of filters to handle multiple IP addresses
	With fragments borrowed from David Steven's previous submission and some
	further modifications:

	A set of modifications to filters to handle multiple IP addresses
	(and MAC addresses) per interface.

	Also:
	- enable DHCP traffic from VM to any DHCP server
	- will require an update to a libvirt-tck data file

2011-12-02  Eric Blake  <eblake@redhat.com>

	virsh: translate net-info help
	Reported by kato.tomoyuki@jp.fujitsu.com at
	https://bugzilla.redhat.com/show_bug.cgi?id=749564

	* tools/virsh.c (info_network_info): Mark string for translation.

2011-12-02  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	Many of these were mentioned by Yuri Chornoivan in:
	https://bugzilla.redhat.com/show_bug.cgi?id=669506

	* src/esx/esx_vi.c (esxVI_WaitForTaskCompletion): Fix spelling.
	* src/conf/netdev_vport_profile_conf.c
	(virNetDevVPortProfileParse): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags):
	Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): Likewise.
	* src/esx/esx_util.c (esxUtil_ResolveHostname): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemBuild): Likewise.
	* daemon/libvirtd.conf: Likewise.
	* src/util/logging.c (virLogMessage): Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineNet): Likewise.
	* src/vmx/vmx.c (virVMXFormatEthernet): Likewise.

2011-12-01  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	* .gnulib: Update to latest, for improved 'make syntax-check' and
	compiler warnings.
	* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS):
	Re-silence -Wformat-nonliteral.
	* cfg.mk (_test_script_regex): Recognize our test scripts.
	* gnulib/local/lib/*.diff: Drop, now that gnulib has this.
	* tests/virsh-optparse: Fix use of compare.
	* tests/virsh-schedinfo: Likewise.

2011-12-01  Eric Blake  <eblake@redhat.com>

	build: properly skip tests
	I got this failure on FreeBSD:

	shunloadtest.c: In function 'main':
	shunloadtest.c:150: error: 'EXIT_AM_SKIP' undeclared (first use in this function)

	but inspection showed several other problems, all fixed here.

	* tests/domainsnapshotxml2xmltest.c [!WITH_QEMU]: Ensure
	EXIT_AM_SKIP is defined.
	* tests/esxutilstest.c [!WITH_ESX]: Likewise.
	* tests/openvzutilstest.c [!WITH_OPENVZ]: Likewise.
	* tests/qemuargv2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuhelptest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2argvtest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxml2xmltest.c [!WITH_QEMU]: Likewise.
	* tests/qemuxmlnstest.c [!WITH_QEMU]: Likewise.
	* tests/shunloadtest.c [!linux]: Likewise.
	* tests/vmx2xmltest.c [!WITH_VMX]: Likewise.
	* tests/xml2vmxtest.c [!WITH_VMX]: Likewise.

2011-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash in shunloadtest
	For unknown reasons, the shunloadtest will crash on Fedora 16
	inside dlopen()

	 (gdb) bt
	 #0  0x00000000000050e6 in ?? ()
	 #1  0x00007ff61a77b9d5 in floor () from /lib64/libm.so.6
	 #2  0x00007ff61e522963 in _dl_relocate_object () from /lib64/ld-linux-x86-64.so.2
	 #3  0x00007ff61e5297e6 in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
	 #4  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #5  0x00007ff61e52917a in _dl_open () from /lib64/ld-linux-x86-64.so.2
	 #6  0x00007ff61e0f6f26 in dlopen_doit () from /lib64/libdl.so.2
	 #7  0x00007ff61e525006 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
	 #8  0x00007ff61e0f752f in _dlerror_run () from /lib64/libdl.so.2
	 #9  0x00007ff61e0f6fc1 in dlopen@@GLIBC_2.2.5 () from /lib64/libdl.so.2
	 #10 0x0000000000400a15 in main (argc=<optimized out>, argv=<optimized out>) at shunloadtest.c:105

	Changing from RTLD_NOW to RTLD_LAZY avoids this problem,
	but quite possibly does not fix the root cause.

	* shunloadtest.c: s/NOW/LAZY/

2011-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix build for platforms lacking struct ifreq
	This ought to fix the build if you have net/if.h but do
	not have struct ifreq

	* configure.ac: Check for struct ifreq in net/if.h
	* src/util/virnetdev.c: Conditionalize to avoid use of
	  struct ifreq if it does not exist

2011-12-01  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' without dtrace
	probes.h can only be generated on Linux, and then only with dtrace
	installed.  If it is part of the tarball, then either 'make dist'
	will fail if you don't have that setup, or we would have to start
	keeping probes.h in libvirt.git.  Since we only need it to be
	generated when dtrace is in use, it's better to avoid shipping
	it in the first place, and avoid tracking it in git.

	Meanwhile, there is a build dependency - since the RPC code is
	generated, it can be built early; but when dtrace is enabled, we
	must ensure probes.h is built even earlier.  Commit 1afcfbdd tried
	to fix this, but did so in a way that added probes.h into the
	tarball, and broke VPATH as well.  Commit ecbca767 fixed VPATH,
	but didn't fix the more fundamental problem.  This patch solves
	the issue by adding a dependency instead.

	Tested with 'make dist' in a clean VPATH builds, for both
	'./configure --without-dtrace' and './configure --with-dtrace';
	all configurations were able to correctly build a tarball, and
	the dtrace configuration no longer sticks probes.h in the tarball.

	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Don't ship probes.h;
	rather, make it a dependency.

2011-12-01  Lei Li  <lilei@linux.vnet.ibm.com>

	Fix a logic error for setting block I/O
	Fix a logic error, the initial value of ret = -1, if just set --config,
	it will goto endjob directly without doing its really job here.

2011-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Don't use undocumented __isleap macro
	The glibc time.h header has an undocumented __isleap macro
	that we are using. Since it is undocumented & does not appear
	on any other OS, stop using it and just define the macro in
	libvirt code instead.

	* src/util/virtime.c: Remove __isleap usage

2011-12-01  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Allow other escape characters for console
	Currently virsh supports only ^] as escape character for console.
	However, some users might want to use something else. This patch
	creates such ability by specifying '-e' switch on virsh command
	line.

2011-12-01  Peter Krempa  <pkrempa@redhat.com>

	bridge_driver: Don't define network if XML contains more IPv4 adreses.
	Only one IPv4 DHCP definition is supported. Originally the code checked
	for a multiple definition and returned an error, but the new domain
	definition was already added to networks. This patch moves the check
	before the newly defined network is added to active networks.

	 *src/network/bridge_driver.c: networkDefine(): - move multiple IPv4
	                                                  addresses check before
	                                                  definition is used.

2011-12-01  Eric Blake  <eblake@redhat.com>

	spec: mark directories in /var/run as ghosts
	We have several directories that are created on the fly, and which
	only contain state relevant to a running libvirtd process (all
	located in /var/run).  Since the directories are created as needed,
	and make no sense without a running libvirtd, we want them deleted
	if libvirt is uninstalled.  And in F15 and newer, /var/run is on
	tmpfs (forcing us to recreate on the fly); which means that someone
	trying to verify a complete rpm will fail if the directory does not
	currently exist because libvirtd has not been started since boot.
	The solution, then, is to mark the directories as %ghost, so that
	rpm knows that we own them and will clean it up if libvirt is
	uninstalled, but will no longer create the directory for us at
	install, nor complain at verify time if the directory does not exist.

	See https://bugzilla.redhat.com/show_bug.cgi?id=656611.

	* libvirt.spec.in (%files): Add %ghost to temporary directories
	that we don't install, but want cleaned up on libvirt removal.

2011-12-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix possible deadlock when virsh is about to exit
	Not only was ctl->quit accessed without a mutex but unfortunately,
	virEventAddTimeout only interrupts the poll when event loop is running
	so the hack needs to add a timeout that will make next poll return
	immediately without blocking.

2011-12-01  Alex Jia  <ajia@redhat.com>

	util: Plug memory leak on virNetDevMacVLanCreateWithVPortProfile() error path
	Detected by Coverity. Leak introduced in commit 90074ec.

2011-12-01  Alex Jia  <ajia@redhat.com>

	util: Plug memory leak on virNetDevBridgeGet() sucessful path
	Detected by Coverity. Leak introduced in commit c1df2c1.

	Two bugs here:
	1. memory leak on successful parse
	2. failure to parse still returned success

2011-12-01  Alex Jia  <ajia@redhat.com>

	uml: Plug memory leak on umlStartVMDaemon() error path
	Detected by Coverity.  Leak introduced in commit 8866eed.

	Two bugs here:
	1. logfd wasn't closed on all return paths
	2. if we failed to mark a domain autodestroy, then the domain
	was not made transient but we still returned success

2011-12-01  Alex Jia  <ajia@redhat.com>

	rpc: Plug memory leak on virNetClientSendInternal() error path
	Detected by Coverity. Leak introduced in commit 673adba.

	Two separate bugs here:
	1. call was not freed on all error paths
	2. virCondDestroy was called even if virCondInit failed

2011-11-30  Alex Jia  <ajia@redhat.com>

	conf: Plug memory leak on virDomainDefParseXML() error path
	Detected by Coverity. Leak introduced in commit 0873b68.

	qemu: Plug memory leak onqemuProcessWaitForMonitor() error path
	Detected by Coverity. Leak introduced in commit 109efd7.

2011-11-30  Prerna Saxena  <prerna@linux.vnet.ibm.com>

	Add PPC cpu driver.
	To add support for running libvirt on PowerPC, a CPU driver for the
	PowerPC platform must be added.
	Most generic cpu driver routines such as CPU compare, decode, etc
	are based on CPUID comparison and are not relevant for non-x86
	platforms.
	Here, we introduce stubs for relevant PowerPC routines invoked by libvirt.

2011-11-30  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: filter blkio 0-device-weight at two other places
	filter 0-device-weight when:

	  - getting blkio parameters with --config
	  - starting up a domain

	When testing with blkio, I found these issues:

	  (dom is down)
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,500
	  virsh blkiotune dom --device-weights /dev/sda,300,/dev/sdb,0
	  virsh blkiotune dom
	  weight         : 800
	  device_weight  : /dev/sda,200,/dev/sdb,0

	  # issue 1: shows 0 device weight of /dev/sdb that may confuse user

	  (continued)
	  virsh start dom

	  # issue 2: If /dev/sdb doesn't exist, libvirt refuses to bring the
	  # dom up because it wants to set the device weight to 0 of a
	  # non-existing device. Since 0 means no weight-limit, we really don't
	  # have to set it.

2011-11-30  Eric Blake  <eblake@redhat.com>

	qemu: amend existing table of device weights
	Prior to this patch, for a running dom, the commands:

	$ virsh blkiotune dom --device-weights /dev/sda,502,/dev/sdb,498
	$ virsh blkiotune dom --device-weights /dev/sda,503
	$ virsh blkiotune dom
	weight         : 500
	device_weight  : /dev/sda,503

	claim that /dev/sdb no longer has a non-default weight, but
	directly querying cgroups says otherwise:

	$ cat /cgroup/blkio/libvirt/qemu/dom/blkio.weight_device
	8:0     503
	8:16    498

	After this patch, an explicit 0 is required to remove a device path
	from the XML, and omitting a device path that was previously
	specified leaves that device path untouched in the XML, to match
	cgroups behavior.

	* src/qemu/qemu_driver.c (parseBlkioWeightDeviceStr): Rename...
	(qemuDomainParseDeviceWeightStr): ...and use correct type.
	(qemuDomainSetBlkioParameters): After parsing string, modify
	rather than replacing existing table.
	* tools/virsh.pod (blkiotune): Tweak wording.

2011-11-30  Eric Blake  <eblake@redhat.com>

	conf: reject duplicate paths in device weights
	The next patch will make it possible to have virDomainSetBlkioParameters
	leave device weights unchanged if they are not mentioned in the incoming
	string, but this only works if the list of block weights does not allow
	duplicate paths.  Technically, a user can still confuse libvirt by
	passing alternate spellings that resolve to the same device, but it
	is not worth worrying about working around that kind of abuse.

	* src/conf/domain_conf.c (virDomainDefParseXML): Require unique
	paths.

2011-11-30  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: fix setting weight and device-weights at the same time
	When setting both blkio weight and device-weights at the same time, the weight
	is lost. Fix it.

2011-11-30  Lei Li  <lilei@linux.vnet.ibm.com>

	Add tests for blkdeviotune

	Support virDomain{Set, Get}BlockIoTune in the python API
	Python support for both setting and getting block I/O throttle.

	Enable the blkdeviotune command in virsh
	Support virsh command blkdeviotune. Can set or query a block disk
	I/O throttle setting.

	Implement virDomain{Set, Get}BlockIoTune for the qemu driver
	Implement the block I/O throttle setting and getting support to qemu
	driver.

	Support block I/O throttle in XML
	Enable block I/O throttle for per-disk in XML, as the first
	per-disk IO tuning parameter.

	Add virDomain{Set, Get}BlockIoTune support to the remote driver
	Support Block I/O Throttle setting and query to remote driver.

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak build config file path
	* src/libvirt.c: Free user directory path

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove time APIs from src/util/util.h
	The virTimestamp and virTimeMs functions in src/util/util.h
	duplicate functionality from virtime.h, in a non-async signal
	safe manner. Remove them, and convert all code over to the new
	APIs.

	* src/util/util.c, src/util/util.h: Delete virTimeMs and virTimestamp
	* src/lxc/lxc_driver.c, src/qemu/qemu_domain.c,
	  src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c, src/util/event_poll.c: Convert to use
	  virtime APIs

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Make logging async signal safe wrt time stamp generation
	Use the new virTimeStringNowRaw() API for generating log timestamps
	in an async signal safe manner

	* src/util/logging.c: Use virTimeStringNowRaw

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Add internal APIs for dealing with time
	The logging APIs need to be able to generate formatted timestamps
	using only async signal safe functions. This rules out using
	gmtime/localtime/malloc/gettimeday(!) and much more.

	Introduce a new internal API which is async signal safe.

	  virTimeMillisNowRaw replacement for gettimeofday. Uses clock_gettime
	                      where available, otherwise falls back to the unsafe
	                      gettimeofday

	  virTimeFieldsNowRaw  replacements for gmtime(), convert a timestamp
	  virTimeFieldsThenRaw into a broken out set of fields. No localtime()
	                       replacement is provided, because converting to
	                       local time is not practical with only async signal
	                       safe APIs.

	  virTimeStringNowRaw  replacements for strftime() which print a timestamp
	  virTimeStringThenRaw into a string, using a pre-determined format, with
	                       a fixed size buffer (VIR_TIME_STRING_BUFLEN)

	For each of these there is also a version without the Raw postfix
	which raises a full libvirt error. These versions are not async
	signal safe

	* src/Makefile.am, src/util/virtime.c, src/util/virtime.h: New files
	* src/libvirt_private.syms: New APis
	* configure.ac: Check for clock_gettime in -lrt
	* tests/virtimetest.c, tests/Makefile.am: Test new APIs

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete virGetPMCapabilities sym from private symbols file
	Fix the build on Mingw32 by removing the now obsolete
	virGetPMCapabilities symbol from the private exports file

	* src/libvirt_private.syms: Remove virGetPMCapabilities

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Don't mark suspend as active until we know it is running
	If suspend failed for some reason (e.g. too short duration) then
	subsequent attempts to trigger suspend were rejected because we
	had already marked a suspend as being in progress

	* src/util/virnodesuspend.c: Don't mark suspend as active
	  until we've successfully triggered it

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Add suspend info to Xen, LXC and UML hypervisor capabilities
	* src/lxc/lxc_conf.c, src/uml/uml_conf.c,
	  src/xen/xen_hypervisor.c: Initialize suspend capabilities
	* tests/xencapsdata/*xml: Add empty powermgmt capabilities

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove pointless strdup in node suspend code
	The command name for the suspend action does not need to be
	strdup'd. The constant string can be used directly. This
	also means the code can be trivially rearranged to make the
	switch clearer

	* src/util/virnodesuspend.c: Remove strdup of cmdString

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Do lazy init of host PM features
	To avoid probing the host power management features on any
	call to virInitialize, only initialize the mutex in
	virNodeSuspendInit. Do lazy load of the supported PM target
	mask when it is actually needed

	* src/util/virnodesuspend.c: Lazy init of supported features

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove powerMgmt_valid field from capabilities struct
	If we ensure that virNodeSuspendGetTargetMask always resets
	*bitmask to zero upon failure, there is no need for the
	powerMgmt_valid field.

	* src/util/virnodesuspend.c: Ensure *bitmask is zero upon
	  failure
	* src/conf/capabilities.c, src/conf/capabilities.h: Remove
	  powerMgmt_valid field
	* src/qemu/qemu_capabilities.c: Remove powerMgmt_valid

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Add export of node suspend capabilities APIs
	* src/libvirt_private.syms: Export virNodeSuspendSupportsTarget
	  and virNodeSuspendGetTargetMask

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Move suspend capabilities APIs out of util.h into virnodesuspend.c
	The node suspend capabilities APIs should not have been put into
	util.[ch]. Instead move them into virnodesuspend.[ch]

	* src/util/util.c, src/util/util.h: Remove suspend capabilities APIs
	* src/util/virnodesuspend.c, src/util/virnodesuspend.h: Add
	  suspend capabilities APIs
	* src/qemu/qemu_capabilities.c: Include virnodesuspend.h

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Rename suspend capabilities APIs
	Rename virGetPMCapabilities to virNodeSuspendGetTargetMask and
	virDiscoverHostPMFeature to virNodeSuspendSupportsTarget.

	* src/util/util.c, src/util/util.h: Rename APIs
	* src/qemu/qemu_capabilities.c, src/util/virnodesuspend.c: Adjust
	  for new names

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Sanitize virDiscoverHostPMFeature to return a boolean
	Since virDiscoverHostPMFeature is just checking one feature,
	there is no reason for it to return a bitmask. Change it to
	return a boolean

	* src/util/util.c, src/util/util.h: Make virDiscoverHostPMFeature
	  return a boolean

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Move the virHostPMCapability enum helpers into capabilities.c
	The virHostPMCapability enum helper was declared in util.h
	but implemented in capabilities.c, which is in a completely
	separate library at link time. Move the declaration into the
	capabilities.c file and rename it to match normal conventions

	* src/util/util.h: Remove virHostPMCapability enum decl
	* src/conf/capabilities.c: Add virCapsHostPMTarget enum

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix capabilities XML to use generic terms for suspend targets
	The capabilities XML uses the x86 specific terms 'S3', 'S4'
	and 'Hybrid-Syspend'. Switch it to use the same terminology
	as the API constants and virsh options, eg 'suspend_mem'
	'suspend_disk' and 'suspend_hybrid'

	* docs/formatcaps.html.in, docs/schemas/capability.rng,
	  src/conf/capabilities.c: Rename suspend constants

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove internal only virHostPMCapability enum
	The internal virHostPMCapability enum just duplicates the
	public virNodeSuspendTarget enum, but with different names.

	* src/util/util.c: Use VIR_NODE_SUSPEND_TARGET constants
	* src/util/util.h: Remove virHostPMCapability enum
	* src/conf/capabilities.c: Use VIR_NODE_SUSPEND_TARGET_LAST

2011-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix values of PM target type constants
	The VIR_NODE_SUSPEND_TARGET constants are not flags, so they
	should just be assigned straightforward incrementing values.

	* include/libvirt/libvirt.h.in: Change VIR_NODE_SUSPEND_TARGET
	  values
	* src/util/virnodesuspend.c: Fix suspend target checks

2011-11-30  Alex Jia  <ajia@redhat.com>

	util: avoid null deref on qcowXGetBackingStore
	Detected by Coverity. the only case is caller passes a NULL to 'format' variable,
	then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat
	will directly dereferences the NULL 'format' pointer variable.

2011-11-30  Alex Jia  <ajia@redhat.com>

	virsh: correct return value error
	Fix cmdDomblklist to return 'true' on success instead of '0'

	https://bugzilla.redhat.com/show_bug.cgi?id=758590

2011-11-30  Lei Li  <lilei@linux.vnet.ibm.com>

	Add new API virDomain{Set, Get}BlockIoTune
	This patch add new pulic API virDomainSetBlockIoTune and
	virDomainGetBlockIoTune.

2011-11-29  Hu Tao  <hutao@cn.fujitsu.com>

	blkiotune: add qemu support for blkiotune.device_weight
	Implement setting/getting per-device blkio weights in qemu,
	using the cgroups blkio.weight_device tunable.

2011-11-29  Hu Tao  <hutao@cn.fujitsu.com>

	blkiotune: add interface for blkiotune.device_weight
	This adds per-device weights to <blkiotune>.  Note that the
	cgroups implementation only supports weights per block device,
	and not per-file within the device; hence this option must be
	global to the domain definition rather than tied to individual
	<devices>/<disk> entries:

	<domain ...>
	  <blkiotune>
	    <device>
	      <path>/path/to/block</path>
	      <weight>1000</weight>
	    </device>
	  </blkiotune>
	..

	This patch also adds a parameter --device-weights to virsh command
	blkiotune for setting/getting blkiotune.weight_device for any
	hypervisor that supports it.  All <device> entries under
	<blkiotune> are concatenated into a single string attribute under
	virDomain{Get,Set}BlkioParameters, named "device_weight".

2011-11-29  Eric Blake  <eblake@redhat.com>

	qemu: fix blkiotune --live --config
	Without this,  'virsh blkiotune --live --config --weight=n'
	only affected live.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Allow
	setting both configurations at once.

2011-11-29  Eric Blake  <eblake@redhat.com>

	qemu, lxc: drop redundant checks
	After the previous patch, there are now some redundant checks.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo)
	(qemuGetSchedulerParametersFlags): Drop checks now guaranteed by
	libvirt.c.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParametersFlags):
	Likewise.

2011-11-29  Eric Blake  <eblake@redhat.com>

	API: prevent query of --live and --config at once
	Drivers were inconsistent when presented both --live and --config
	at once.  For example, within qemu, getting memory parameters
	favored live, getting blkio tuning favored config, and getting
	scheduler parameters errored out.  Also, some, but not all,
	attempts to mix flags on query were filtered at the virsh level.
	We shouldn't have to duplicate efforts in every client app, nor
	in every driver.  So, it is simpler to just enforce that the two
	flags cannot both be used at once on query operations, which has
	precedent in libvirt.c, and which matches the documentation of
	virDomainModificationImpact.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters)
	(virDomainGetSchedulerParametersFlags, virDomainGetVcpuPinInfo):
	Borrow sanity checking from virDomainGetVcpusFlags.

2011-11-29  Eric Blake  <eblake@redhat.com>

	build: fix typo in last patch
	* src/remote_protocol-structs: Use correct RPC name.

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Update test file for RPC
	Pushed under build failure rule.

	block_resize: Expose the new API to virsh

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Implement qemu driver method
	It requires the domain is running, otherwise fails. Resize to a lower
	size is supported, but should be used with extreme caution.

	In order to prohibit the "size" overflowing after multiplied by
	1024. We do checking in the codes. For QMP mode, the default units
	is Bytes, the passed size needs to be multiplied by 1024, however,
	for HMP mode, the default units is "Megabytes", the passed "size"
	needs to be divided by 1024 then.

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Implement qemu monitor functions
	Implements functions for both HMP and QMP mode.

	For HMP mode, qemu uses "M" as the units by default, so the passed "sized"
	is divided by 1024.

	For QMP mode, qemu uses "Bytes" as the units by default, the passed "sized"
	is multiplied by 1024.

	All of the monitor functions return -1 on failure, 0 on success, or -2 if
	not supported.

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Wire up the remote protocol

2011-11-29  Osier Yang  <jyang@redhat.com>

	block_resize: Define the new API
	The new API is named as "virDomainBlockResize", intending to add
	support for qemu monitor command "block_resize" (both HMP and QMP).

	Similar with APIs like "virDomainSetMemoryFlags", the units for
	argument "size" is kilobytes.

2011-11-29  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Fix funky identation

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix typos in man page

	lxc: Fix suspend/resume with freezer cgroup

2011-11-29  Osier Yang  <jyang@redhat.com>

	examples: Correct the example command to use testnode.xml
	 * s/-connection/-c/
	 * Removes the redundant '/'.
	 * Add "absolute" so that it's more clear.

	Pushed under trivial rule.

2011-11-29  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Add virsh command to initiate suspend on the host
	Add a new command 'nodesuspend' to perform a timed suspend on the host.

2011-11-29  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Implement the core API to suspend/resume the host
	Add the core functions that implement the functionality of the API.
	Suspend is done by using an asynchronous mechanism so that we can return
	the status to the caller before the host gets suspended. This asynchronous
	operation is achieved by suspending the host in a separate thread of
	execution. However, returning the status to the caller is only best-effort,
	but not guaranteed.

	To resume the host, an RTC alarm is set up (based on how long we want to
	suspend) before suspending the host. When this alarm fires, the host
	gets woken up.

	Suspend-to-RAM operation on a host running Linux can take upto more than 20
	seconds, depending on the load of the system. (Freezing of tasks, an operation
	preceding any suspend operation, is given up after a 20 second timeout).
	And Suspend-to-Disk can take even more time, considering the time required
	for compaction, creating the memory image and writing it to disk etc.
	So, we do not allow the user to specify a suspend duration of less than 60
	seconds, to be on the safer side, since we don't want to prematurely declare
	failure when we only had to wait for some more time.

2011-11-29  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Add the remote protocol implementation for virNodeSuspendForDuration
	Implement the remote protocol for virNodeSuspendForDuration() API.

	Add a public API to invoke suspend/resume on the host
	Implement the public definitions for the new API
	virNodeSuspendForDuration() which will be subsequently used to
	do a timed suspend on the host.

	Add 'Hybrid-Suspend' power management discovery for the host
	Some systems support a feature known as 'Hybrid-Suspend', apart from the
	usual system-wide sleep states such as Suspend-to-RAM (S3) or Suspend-to-Disk
	(S4). Add the functionality to discover this power management feature and
	export it in the capabilities XML under the <power_management> tag.

2011-11-29  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Really send non-blocking calls while waiting for another call
	When another thread was dispatching while we wanted to send a
	non-blocking call, we correctly queued the call and woke up the thread
	but the thread just threw the call away since it forgot to recheck if
	its socket was writable.

2011-11-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Don't traverse childless nodes in vshNodeIsSuperset
	If both nodes do not have any children, we pass zero to
	virBitmapAlloc which returns NULL. In turn we report OOM error
	and return false (meaning nodes are different). This is not true.

2011-11-28  Christian Franke  <nobody@nowhere.ws>

	virnetsocket: pass XAUTORITY for ssh connection
	When spawning an ssh connection, the environment variables
	DISPLAY, SSH_ASKPASS, ... are passed. However XAUTHORITY,
	which is necessary if the .Xauthority is in a non default
	place, was not passed.

2011-11-28  Lorin Hochstein  <lorin@isi.edu>

	conf: make virt-xml-validate work with vbox domains
	virt-xml-validate fails when run on a domain XML file of type 'vbox'.

	For failing test case, see https://bugzilla.redhat.com/show_bug.cgi?id=757097

	This patch updates the XML schema to accept all valid hypervisor
	types, as well as dropping hypervisor types that are not in use
	by the current code base.

2011-11-28  Michal Privoznik  <mprivozn@redhat.com>

	conf: Improve incorrect root element error messages
	When user pass wrong root element, it is not 'internal error' and
	we can give him hint what we are expecting.

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Refactor initial LXC mem tune / device ACL code
	To make lxcSetContainerResources smaller, pull the mem tune
	and device ACL setup code out into separate methods

	* src/lxc/lxc_controller.c: Introduce lxcSetContainerMemTune
	  and lxcSetContainerDeviceACL

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Add support for blkio tuning of LXC containers
	* src/lxc/lxc_controller.c: Refactor setting of initial blkio
	  tuning parameters
	* src/lxc/lxc_driver.c: Enable live change of blkio tuning

	Add support for CPU quota/period to LXC driver
	* src/lxc/lxc_driver.c: Support changing quota/period for LXC
	  containers
	* src/lxc/lxc_controller.c: Set initial quota/period at startup

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Support CPU placement in LXC driver
	While LXC does not have the concept of VCPUS, so we can't do
	per-VCPU pCPU placement, we can support the VM level CPU
	placement. Todo this simply set the CPU affinity of the LXC
	controller at startup. All child processes will inherit this
	affinity.

	* src/lxc/lxc_controller.c: Set process affinity

2011-11-28  Daniel P. Berrange  <berrange@redhat.com>

	Support NUMA memory placement for LXC containers
	Use numactl to set NUMA memory placement for LXC containers

	* src/lxc/lxc_controller.c: Support NUMA memory placement

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Refetch file status after open
	This partly reverts my previous patch f88de3eb. We need to
	get file status after open, as given path could have been symlink,
	so fstat() will operate on different file than lstat().

2011-11-25  Paolo Bonzini  <pbonzini@redhat.com>

	util: fix thinko in runIO
	When aligning you need to clear the bits in the mask and leave the
	others aside.  Likely this code has never run, and will never run.

2011-11-25  Michal Privoznik  <mprivozn@redhat.com>

	storage: Skip socket and fifo on pool-start
	If pool directory contains special files like FIFO or sockets
	we want to skip those on pool-start or pool-refresh otherwise
	open() will get an error.

	conf: Don't drop console definition on domain restart
	One of my latest patches 2e37bf42d28d8bb5d045b206587c64643c64d02a
	copy serial console definition. On domain shutdown we save this
	info into state XML. However, later on the daemon start we simply
	drop this info and since we are not re-reading qemu log,
	vm->def->consoles[0] does not get populated with copy. Therefore
	we need to avoid dropping console definition if it is just alias
	for serial console.

2011-11-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix version numbers for isAlive and setKeepAlive driver APIs

	build: Properly generate and check virkeepaliveprotocol-structs
	This fixes make dist broken by recent keepalive series

	examples: Use virConnectOpenAuth in events-c

	qemu: Cancel p2p migration when connection breaks
	If a connection to destination host is lost during peer-to-peer
	migration (because keepalive protocol timed out), we won't be able to
	finish the migration and it doesn't make sense to wait for qemu to
	transmit all data. This patch automatically cancels such migration
	without waiting for virDomainAbortJob to be called.

	qemu: Add support for keepalive messages during p2p migration

	Add keepalive support into domain-events examples

	Implement virConnectIsAlive in all drivers

	Introduce virConnectIsAlive API
	This API can be used to check if the socket associated with
	virConnectPtr is still open or it was closed (probably because keepalive
	protocol timed out). If there the connection is local (i.e., no socket
	is associated with the connection, it is trivially always alive.

	Implement keepalive protocol in remote driver

	Add support for async close of client RPC socket

	Implement keepalive protocol in libvirt daemon

	virsh: Always run event loop
	Since virsh already implements event loop, it has to also run it. So far
	the event loop was only running during virsh console command.

	Introduce virConnectSetKeepAlive
	virConnectSetKeepAlive public API can be used by a client connecting to
	remote server to start using keepalive protocol. The API is handled
	directly by remote driver and not transmitted over the wire to the
	server.

	Implement common keepalive handling
	These APIs are used by both client and server RPC layer to handle
	processing of keepalive messages.

	Define keepalive protocol
	The keepalive program has two procedures: PING, and PONG.
	Both are used only in asynchronous messages and the sender doesn't wait
	for any reply. However, the party which receives PING messages is
	supposed to react by sending PONG message the other party, but no
	explicit binding between PING and PONG messages is made. For backward
	compatibility neither server nor client are allowed to send keepalive
	messages before checking that remote party supports them.

	rpc: Add some debug messages to virNetClient

	rpc: Fix handling of non-blocking calls that could not be sent
	When virNetClientIOEventLoop is called for a non-blocking call and not
	even a single byte can be sent from this call without blocking, we
	properly reported that to the caller which properly frees the call. But
	we never removed the call from a call queue.

	rpc: Fix a typo in virNetClientSendNonBlock documentation

	rpc: Pass the buck only to the first available thread

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: remove virConnectPtr from internal API calls
	Remove the virConnectPtr from the nwfilter's internal API calls as
	far as possible.

2011-11-23  Peter Krempa  <pkrempa@redhat.com>

	qemu: Avoid dereference of NULL pointer
	If something fails while initializing qemu job object in
	qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but
	after that, the pointer is still dereferenced, which may result in a
	segfault.

	* qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer.

2011-11-23  Eric Blake  <eblake@redhat.com>

	qemu: fix a const-correctness issue
	Generally, functions which return malloc'd strings should be typed
	as 'char *', not 'const char *', to make it obvious that the caller
	is responsible to free things.  free(const char *) fails to compile,
	and although we have a cast embedded in VIR_FREE to work around poor
	code that frees const char *, it's better to not rely on that hack.

	* src/qemu/qemu_driver.c (qemuDiskPathToAlias): Change return type.
	(qemuDomainBlockJobImpl): Update caller.

2011-11-23  Eric Blake  <eblake@redhat.com>

	API: prefer 'disk' over 'block' or 'path'
	Given that we can now handle the target's disk shorthand, in addition
	to an absolute path to the file or block device used on the host,
	the term 'disk' fits a bit better as the parameter name than 'path'.

	* include/libvirt/libvirt.h.in: Update some parameter names.
	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainBlockPeek, virDomainGetBlockInfo, virDomainBlockJobAbort)
	(virDomainGetBlockJobInfo, virDomainBlockJobSetSpeed)
	(virDomainBlockPull): Likewise.

2011-11-23  Eric Blake  <eblake@redhat.com>

	blockstats: support lookup by path in blockstats
	Commit 89b6284f made it possible to pass either a source name or
	the target device to most API demanding a disk designation, but
	forgot to update the documentation.  It also failed to update
	virDomainBlockStats to take both forms. This patch fixes both the
	documentation and the remaining function.

	Xen continues to use just device shorthand (that is, I did not
	implement path lookup there, since xen does not track a domain_conf
	to quickly tie a path back to the device shorthand).

	* src/libvirt.c (virDomainBlockStats, virDomainBlockStatsFlags)
	(virDomainGetBlockInfo, virDomainBlockPeek)
	(virDomainBlockJobAbort, virDomainGetBlockJobInfo)
	(virDomainBlockJobSetSpeed, virDomainBlockPull): Document
	acceptable disk naming conventions.
	* src/qemu/qemu_driver.c (qemuDomainBlockStats)
	(qemuDomainBlockStatsFlags): Allow lookup by source name.
	* src/test/test_driver.c (testDomainBlockStats): Likewise.

2011-11-23  Michal Privoznik  <mprivozn@redhat.com>

	nwfilter: Initialize virNWFilterAddIpAddrForIfname return variable
	Latest nwfilter patch ad6c67cf introduced uninitialized return
	value. This was spotted by 4.6.2 gcc.

2011-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix disabling of virtual port profile code on old hosts
	The WITH_VIRTUALPORT macro is defined to 0 when disabled, not
	left undefined. So #if must be used instead of #ifdef

	* src/util/virnetdevvportprofile.c: s/#ifdef/#if/

2011-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in NWfilter IP learning code
	* src/nwfilter/nwfilter_learnipaddr.c: Initialize ret variable

2011-11-23  Michal Prívozník  <mprivozn@redhat.com>

	virsh: Increase device-detach intelligence
	Up to now users have to give a full XML description on input when
	device-detaching. If they omitted something it lead to unclear
	error messages (like generated MAC wasn't found, etc.).
	With this patch users can specify only those information which
	specify one device sufficiently precise. Remaining information is
	completed from domain.

2011-11-23  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Enable detection of multiple IP addresses
	In preparation of DHCP Snooping and the detection of multiple IP
	addresses per interface:

	The hash table that is used to collect the detected IP address of an
	interface can so far only handle one IP address per interface. With
	this patch we extend this to allow it to handle a list of IP addresses.

	Above changes the returned variable type of virNWFilterGetIpAddrForIfname()
	from char * to virNWFilterVarValuePtr; adapt all existing functions calling
	this function.

2011-11-22  Eli Qiao  <taget@linux.vnet.ibm.com>

	fix error message when using wrong URI alias

	When configuring a URI alias like this in 'libvirt.conf':

	uri_aliases = [
	  "jj#j=qemu+ssh://root@127.0.0.1/system",
	  "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	]
	virsh -c jj#j

	It will show this error message:
	'no connection driver available for No connection for URI jj#j'
	Actually，we expect this message below：
	Malformed 'uri_aliases' config entry 'jj#j=qemu+ssh://root@127.0.0.1/system', aliases may only contain 'a-Z, 0-9, _, -'

	Give this patch to fix this error.

2011-11-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Pass additional parameter into applyDHCPOnly function
	In preparation for the DHCP Snooping code:
	Pass an additional parameter into the applyDHCPOnly function
	of the 'techdriver'.

2011-11-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: use shell variable to invoke 'ip(6)tables' command
	Introduce a shell variable 'IBT' to invoke the ip(6)tables command.

	Tested with libvirt-tck.

2011-11-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	nwfilter: use shell variable to invoke 'ebtables' command
	Introduce a shell variable 'EBT' to invoke the ebtables command.
	Hard-code the used ebtables table to '-t nat'.

	Tested with libvirt-tck.

2011-11-22  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Improve error reporting of failures to apply filtering rules
	Display the executed command and failure message if a command failed to
	execute.

	Add documentation for STP filtering support
	Add documentation for the STP filtering support. Describe the XML attributes
	that are supported.

	Add test cases for STP traffic filtering
	This patch adds a few test cases for the XML parsing of STP filtering nodes.

	Add support for STP filtering
	This patch adds support for filtering of STP (spanning tree protocol) traffic
	to the parser and makes us of the ebtables support for STP filtering. This code
	now enables the filtering of traffic in chains with prefix 'stp'.

	Add a 'mac' chain
	With hunks borrowed from one of David Steven's previous patches, we now
	add the capability of having a 'mac' chain which is useful to filter
	for multiple valid MAC addresses.

2011-11-22  Eric Blake  <eblake@redhat.com>

	docs: fix grammar of capabilities
	* docs/formatcaps.html.in: Avoid run-on sentence, wrap lines.

2011-11-22  Daniel P. Berrange  <berrange@redhat.com>

	Add strings.h include to capabilities.h for ffs() function prototype
	On Mingw32 the ffs() function was not declared due to missing header
	include

	* src/conf/capabilities.c: The ffs() function lives in strings.h

2011-11-22  Osier Yang  <jyang@redhat.com>

	build: Update AUTHORS
	Add Chang Liu to the AUTHORS' list.

2011-11-22  Chang Liu  <lingjiao.lc@taobao.com>

	storage: Fallback to use lvchange first if lvremove fails
	virStorageBackendLogicalDeleteVol() could not remove the lv with error
	"could not remove open logical volume" sometimes. Generally it's caused
	by the volume is still active, even if lvremove tries to remove it with
	option "--force".

	This patch is to fix it by disbale the lv first using "lvchange -aln"
	and "lvremove -f" afterwards if the direct "lvremove -f" failed.

2011-11-22  Srivatsa S. Bhat  <srivatsa.bhat@linux.vnet.ibm.com>

	Export KVM Host Power Management capabilities
	This patch exports KVM Host Power Management capabilities as XML so that
	higher-level systems management software can make use of these features
	available in the host.

	The script "pm-is-supported" (from pm-utils package) is run to discover if
	Suspend-to-RAM (S3) or Suspend-to-Disk (S4) is supported by the host.
	If either of them are supported, then a new tag "<power_management>" is
	introduced in the XML under the <host> tag.

	However in case the query to check for power management features succeeded,
	but the host does not support any such feature, then the XML will contain
	an empty <power_management/> tag. In the event that the PM query itself
	failed, the XML will not contain any "power_management" tag.

	To use this, new APIs could be implemented in libvirt to exploit power
	management features such as S3/S4.

2011-11-21  Eric Blake  <eblake@redhat.com>

	conf: don't modify cpu set string during parsing
	None of the callers cared if str was updated to point to the next
	byte after the parsed cpuset; simplifying this results in quite
	a few code simplifications.  Additionally, virCPUDefParseXML was
	strdup()'ing a malloc()'d string; avoiding a memory copy resulted
	in less code.

	* src/conf/domain_conf.h (virDomainCpuSetParse): Alter signature.
	* src/conf/domain_conf.c (virDomainCpuSetParse): Don't modify str.
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML): Adjust
	callers.
	* src/conf/cpu_conf.c (virCPUDefParseXML): Likewise.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Likewise.
	* src/xen/xm_internal.c (xenXMDomainPinVcpu): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Likewise.
	* src/xenxs/xen_xm.c (xenParseXM): Likewise.

2011-11-21  Roopa Prabhu  <roprabhu@cisco.com>

	qemu: don't release network actual device twice
	For direct attach devices, in qemuBuildCommandLine, we seem to be freeing
	actual device on error path (with networkReleaseActualDevice). But the actual
	device is not deleted.

	qemuProcessStop eventually deletes the direct attach device and releases
	actual device. But by the time qemuProcessStop is called qemuBuildCommandLine
	has already freed actual device, leaving stray macvtap devices behind on error.
	So the simplest fix is to remove the networkReleaseActualDevice in
	qemuBuildCommandLine. This patch does just that.

2011-11-21  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Copy console definition from serial
	Now, when we support multiple consoles per domain,
	the vm->def->console[0] can still remain an alias
	for vm->def->serial[0]; However, we need to copy
	it's source definition as well otherwise we'll regress
	on virDomainOpenConsole.

2011-11-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix distribution of .syms files for previous commit
	* src/Makefile.am: Remove libvirt_bridge.syms and libvirt_macvtap.syms
	  from EXTRA_DIST. Add libvirt_dbus.syms

2011-11-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix build on Mingw32 wrt export of virNetServerGetDBusConn
	Mingw32 complains if you request export of a symbol which does
	not in fact exist.

	* src/libvirt_bridge.syms, src/libvirt_macvtap.syms: Delete
	  obsolete files
	* src/libvirt_private.syms: Remove virNetServerGetDBusConn
	* src/libvirt_dbus.syms: Add virNetServerGetDBusConn

2011-11-21  Osier Yang  <jyang@redhat.com>

	storage: Skips backingStore of virtual snapshot lv
	lvs outputs "[$lvname_vorigin]" for the virtual snapshot lv
	(created with "--virtualsize"), and the original device pointed
	by "$lvname_vorigin" is just for lvm internal use, one should
	never use it.

	Per lvm's nameing rules, "[" is not valid as part of the vg/lv name.
	(man 8 lvm).

	<quote>
	VALID NAMES
	The following characters are valid for VG and LV names: a-z A-Z 0-9 + _
	. -

	VG and LV names cannot begin with a hyphen.   There  are  also  various
	reserved  names that are used internally by lvm that can not be used as
	LV or VG names.  A VG cannot be called anything that exists in /dev/ at
	the time of creation, nor can it be called '.' or '..'.  A LV cannot be
	called '.' '..' 'snapshot' or 'pvmove'. The LV name may also  not  con‐
	tain the strings '_mlog' or '_mimage'
	</quote>

	So we can skip the set the lv's backingStore by checking if the name
	begins with a "[".

2011-11-19  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add documentation for VLAN filtering support
	Add documentation for the VLAN filtering support. Describe the XML attributes
	that are supported.

	Add test cases for VLAN traffic filtering
	This patch adds a few test cases for the XML parsing of VLAN filtering nodes.

	Add support for VLAN filtering
	This patch adds support for filtering of VLAN (802.1Q) traffic to the
	parser and makes us of the ebtables support for VLAN filtering. This code
	now enables the filtering of traffic in chains with prefix 'vlan'.

2011-11-19  Jim Fehlig  <jfehlig@suse.com>

	Don't copy sexpr node value that is an empty string
	Xen4.1 initializes some unspecified sexpr config items to an empty
	string, unlike previous Xen versions that would leave the item unset.
	E.g. the kernel item for an HVM guest (non-direct kernel boot):

	Xen4.0 and earlier
	  ...
	  (image
	    (hvm
	      (kernel )
	  ...

	Xen4.1
	  ...
	  (image
	    (hvm
	      (kernel '')
	  ...

	The empty string for kernel causes some grief in subsequent parsing
	where existence of specified kernel is checked, e.g.

	  if (!def->os.kernel)
	  ...

	This patch solves the problem in sexpr_node_copy() by not copying
	a node containing an empty string.

2011-11-18  Eric Blake  <eblake@redhat.com>

	tests: avoid xend ABRT crash report
	I installed the xen development packages on my non-Xen F16 machine
	in order to compile-test xen code and ensure we don't break things
	on that front, but being a non-xen machine, /usr/sbin/xend is
	obviously not running.  Unfortunately, xen-4.1.2-1.fc16 has a bug
	where merely trying to probe xend status on a non-xen kernel causes
	xend to issue an ABRT crash report:

	https://bugzilla.redhat.com/show_bug.cgi?id=728696

	Even though libvirt (correctly) skips the test, the xend crash report
	is unnecessary noise.  Fix this by first filtering out non-xen
	kernels even before attempting to probe xend.  The test still runs
	and passes on a RHEL 5 xen kernel after this patch.

	* tests/reconnect.c (mymain): Skip xend probe on non-xen kernel.
	* tests/statstest.c (mymain): Likewise.

2011-11-18  Eric Blake  <eblake@redhat.com>

	build: fix compile error with no macvtap
	Since commit 6ec8288a, compilation has failed on RHEL 5:

	util/virnetdevmacvlan.c:672: error: conflicting types for 'virNetDevMacVLanCreateWithVPortProfile'

	* src/util/virnetdevmacvlan.c
	(virNetDevMacVLanCreateWithVPortProfile): Add missing parameter.

2011-11-18  Hu Tao  <hutao@cn.fujitsu.com>

	enable cgroup cpuset by default
	This prepares for subsequent patches which introduce dependence
	on cgroup cpuset. Enable cgroup cpuset by default so users don't
	have to modify configuration file before encountering a cpuset
	error.

2011-11-18  Eric Blake  <eblake@redhat.com>

	build: fix accidental POTFILES.in regression
	The original patch for commit 4789fb2 considered renaming a file,
	then backed out the name change, but forgot to back out the POTFILES.in
	change, resulting in 'make syntax-check' failure.

2011-11-18  Eric Blake  <eblake@redhat.com>

	tests: test recent hash addition
	Excercise the new hash API, to ensure we avoid regressions.

	* tests/hashtest.c (testHashGetItems): New test.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test cases for parsing of list values
	This patch adds test cases for parsing of parameters with
	multiple occurrances of the same name.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Extend NWFilter parameter parser to cope with lists of values
	This patch modifies the NWFilter parameter parser to support multiple
	elements with the same name and to internally build a list of items.
	An example of the XML looks like this:

	        <parameter name='TEST' value='10.1.2.3'/>
	        <parameter name='TEST' value='10.2.3.4'/>
	        <parameter name='TEST' value='10.1.1.1'/>

	The list of values is then stored in the newly introduced data type
	virNWFilterVarValue.

	The XML formatter is also adapted to print out all items in alphabetical
	order sorted by 'name'.

	This patch also fixes a bug in the XML schema on the way.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Create rules for each member of a list
	This patch extends the NWFilter driver for Linux (ebiptables) to create
	rules for each member of a previously introduced list. If for example
	an attribute value (internally) looks like this:

	IP = [10.0.0.1, 10.0.0.2, 10.0.0.3]

	then 3 rules will be generated for a rule accessing the variable 'IP',
	one for each member of the list. The effect of this is that this now
	allows for filtering for multiple values in one field. This can then be
	used to support for filtering/allowing of multiple IP addresses per
	interface.

	An iterator is introduced that extracts each member of a list and
	puts it into a hash table which then is passed to the function creating
	a rule. For the above example the iterator would cause 3 loops.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Rework value part of name-value pairs
	NWFilters can be provided name-value pairs using the following
	XML notation:

	      <filterref filter='xyz'>
	        <parameter name='PORT' value='80'/>
	        <parameter name='VAL' value='abc'/>
	      </filterref>

	The internal representation currently is so that a name is stored as a
	string and the value as well. This patch now addresses the value part of it
	and introduces a data structure for storing a value either as a simple
	value or as an array for later support of lists.

	This patch adjusts all code that was handling the values in hash tables
	and makes it use the new data type.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Documentation about chains' priorities, lists of elements etc.
	This patch adds several aspects of documentation about the network filtering
	system:

	- chains, chains' priorities and chains' default priorities
	- talks about lists of elements, i.e., a variable assigned multiple values
	  (part of already ACK-ed series)
	- already mentions the vlan, stp and mac chains added later on
	  (https://www.redhat.com/archives/libvir-list/2011-October/msg01238.html)
	- mentions limitations of vlan filtering (when sent by VM) on Linux systems

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Add test cases
	Add test case for the chain names with known prefixes and the chain
	priority.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Interleave jumping into chains with filtering rules in 'root' table
	The previous patch extends the priority of filtering rules into negative
	numbers. We now use this possibility to interleave the jumping into
	chains with filtering rules to for example create the 'root' table of
	an interface with the following sequence of rules:

	Bridge chain: libvirt-I-vnet0, entries: 6, policy: ACCEPT
	-p IPv4 -j I-vnet0-ipv4
	-p ARP -j I-vnet0-arp
	-p ARP -j ACCEPT
	-p 0x8035 -j I-vnet0-rarp
	-p 0x835 -j ACCEPT
	-j DROP

	The '-p ARP -j ACCEPT' rule now appears between the jumps.
	Since the 'arp' chain has been assigned priority -700 and the 'rarp'
	chain -600, the above ordering can now be achieved with the following
	rule:

	  <rule action='accept' direction='out' priority='-650'>
	    <mac protocolid='arp'/>
	  </rule>

	This patch now sorts the commands generating the above shown jumps into
	chains and interleaves their execution with those for generating rules.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Extend rule priorities into negative numbers
	So far rules' priorities have only been valid in the range [0,1000].
	Now I am extending their priority into the range [-1000, 1000] for subsequently
	being able to sort rules and the access of (jumps into) chains following
	priorities.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Enable chains with names having a known prefix
	This patch enables chains that have a known prefix in their name.
	Known prefixes are: 'ipv4', 'ipv6', 'arp', 'rarp'. All prefixes
	are also protocols that can be evaluated on the ebtables level.

	Following the prefix they will be automatically connected to an interface's
	'root' chain and jumped into following the protocol they evaluate, i.e.,
	a table 'arp-xyz' will be accessed from the root table using

	ebtables -t nat -A <iface root table> -p arp -j I-<ifname>-arp-xyz

	thus generating a 'root' chain like this one here:

	Bridge chain: libvirt-O-vnet0, entries: 5, policy: ACCEPT
	-p IPv4 -j O-vnet0-ipv4
	-p ARP -j O-vnet0-arp
	-p 0x8035 -j O-vnet0-rarp
	-p ARP -j O-vnet0-arp-xyz
	-j DROP

	where the chain 'arp-xyz' is accessed for filtering of ARP packets.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Extend the filter XML to support priorities of chains
	This patch extends the filter XML to support priorities of chains
	in the XML. An example would be:

	<filter name='allow-arpxyz' chain='arp-xyz' priority='200'>
	[...]
	</filter>

	The permitted values for priorities are [-1000, 1000].
	By setting the priority of a chain the order in which it is accessed
	from the interface root chain can be influenced.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Use the actual names of chains in data structure
	Use the name of the chain rather than its type index (enum).
	This pushes the later enablement of chains with user-given names
	into the XML parser. For now we still only allow those names that
	are well known ('root', 'arp', 'rarp', 'ipv4' and 'ipv6').

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Use scripting for cleaning and renaming of chains
	Use scripts for the renaming and cleaning up of chains. This allows us to get
	rid of some of the code that is only capable of renaming and removing chains
	whose names are hardcoded.

	A shell function 'collect_chains' is introduced that is given the name
	of an ebtables chain and then recursively determines the names of all
	chains that are accessed from this chain and its sub-chains using 'jumps'.

	The resulting list of chain names is then used to delete all the found
	chains by first flushing and then deleting them.

	The same function is also used for renaming temporary filters to their final
	names.

	I tested this with the bash and dash as script interpreters.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Make filter creation in root table more flexible
	Use the previously introduced chain priorities to sort the chains for access
	from an interface's 'root' table and have them created in the proper order.
	This gets rid of a lot of code that was previously creating the chains in a
	more hardcoded way.

	To determine what protocol a filter is used for evaluation do prefix-
	matching, i.e., the filter 'arp' is used to filter for the 'arp' protocol,
	'ipv4' for the 'ipv4' protocol and 'arp-xyz' will also be used to filter
	for the 'arp' protocol following the prefix 'arp' in its name.

2011-11-18  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Introduce an internal priority for chains
	For better handling of the sorting of chains introduce an internally used
	priority. Use a lookup table to store the priorities. For now their actual
	values do not matter just that the values cause the chains to be properly
	sorted through changes in the following patches. However, the values are
	chosen as negative so that once they are sorted along with filtering rules
	(whose priority may only be positive for now) they will always be instantiated
	before them (lower values cause instantiation before higher values). This
	is done to maintain backwards compatibility.

	Add function to get hash table's key/value pairs
	Add a function to the virHashTable for getting an array of the hash table's
	key-value pairs and have the keys (optionally) sorted.

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for systemd init service
	This patch adds support for a systemd init service for libvirtd
	and libvirt-guests. The libvirtd.service is *not* written to use
	socket activation, since we want libvirtd to start on boot so it
	can do guest auto-start.

	The libvirt-guests.service is pretty lame, just exec'ing the
	original init script for now. Ideally we would factor out the
	functionality, into some shared tool.

	Instead of

	  ./configure --with-init-script=redhat

	You can now do

	  ./configure --with-init-script=systemd

	Or better still:

	  ./configure --with-init-script=systemd+redhat

	We can also now support install of the upstart init script

	* configure.ac: Add systemd, and systemd+redhat options to
	  --with-init-script option
	* daemon/Makefile.am: Install systemd services
	* daemon/libvirtd.sysconf: Add note about unused env variable
	  with systemd
	* daemon/libvirtd.service.in: libvirtd systemd service unit
	* libvirt.spec.in: Add scripts to installing systemd services
	  and migrating from legacy init scripts
	* tools/Makefile.am: Install systemd services
	* tools/libvirt-guests.init.sh: Rename to tools/libvirt-guests.init.in
	* tools/libvirt-guests.service.in: systemd service unit

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for interfaces with type=direct to LXC
	Support creation of macvlan devices for LXC containers. Do not
	allow setting of bandwidth controls or vport profiles due to the
	complication that there is no host side visible device to work
	with.

	* src/lxc/lxc_driver.c: Support type=direct interfaces

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Allow creation of plain macvlan devices
	Update virNetDevMacVLanCreateWithVPortProfile to allow creation
	of plain macvlan devices, as well as macvtap devices. The former
	is useful for LXC containers

	* src/qemu/qemu_command.c: Explicitly request a macvtap device
	* src/util/virnetdevmacvlan.c, src/util/virnetdevmacvlan.h: Add
	  new flag to allow switching between macvlan and macvtap
	  creation

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Refactor LXC network setup to allow future enhancements
	The current lxcSetupInterfaces() method directly performs setup
	of the bridge devices. Since it will shortly need to also create
	macvlan devices, move the bridge related code into a separate
	method

	* src/lxc/lxc_driver.c: Split lxcSetupInterfaces() to create a
	  new lxcSetupInterfaceBridge()

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Add missing 'const' annotations for internal domain conf helpers
	The virDomainNetGetActualBridgeName and virDomainNetGetActualDirectDev
	methods both return strings that point to data in the virDomainDefPtr
	struct, and should therefore not be freed. The return values should
	thus be 'const char *' not 'char *'.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Mark const
	* src/network/bridge_driver.c: Update to use a const char *

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix up ordering of private symbols file
	Fix ordering of symbols after re-arranging network device
	management API source files

	* src/libvirt_private.syms: Fix ordering

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move ifaceMacvtapLinkDump and ifaceGetNthParent functions
	Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
	into virnetdevvportprofile.c since they are specific to that
	code. This avoids polluting the headers with the Linux specific
	netlink data types

	* src/util/interface.c, src/util/interface.h: Move
	  ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
	  remaining file
	* src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
	  and ifaceGetNthParent functions
	* src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
	  Remove include of interface.h

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move functions for dealing with physical/virtual devices
	Move virNetDevIsVirtualFunction, virNetDevGetVirtualFunctionIndex
	and virNetDevGetPhysicalFunction to virnetdev.c

	* src/util/interface.c, src/util/interface.h, src/util/virnetdev.c,
	  src/util/virnetdev.h: Move APIs

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename APIs for dealing with virtual/physical functions
	Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
	ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
	and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction

	* src/util/interface.c, src/util/interface.h: Rename APIs
	* src/util/virnetdevvportprofile.c: Update for API rename

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move virNetDevValidateConfig to virnetdev.c
	* src/util/interface.c, src/util/interface.h: Remove virNetDevValidateConfig
	* src/util/virnetdev.c, src/util/virnetdev.h: Add virNetDevValidateConfig

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename ifaceCheck to virNetDevValidateConfig
	Rename the ifaceCheck method to virNetDevValidateConfig and change
	so that it always raises an error and returns -1 on error.

	* src/util/interface.c, src/util/interface.h: Rename ifaceCheck
	  to virNetDevValidateConfig
	* src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c: Update for API rename

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move virNetDevGetIPv4Address to virnetdev.c
	Move the virNetDevGetIPv4Address function to virnetdev.c

	* util/interface.c, util/interface.h: Remove virNetDevGetIPv4Address
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIPv4Address

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename ifaceGetIPAddress to virNetDevGetIPv4Address
	To match up with the existing virNetDevSetIPv4Address, rename
	ifaceGetIPAddress to virNetDevGetIPv4Address

	* util/interface.h, util/interface.c: Rename API
	* network/bridge_driver.c: Update for API rename

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c
	Move virNetDevGetIndex & virNetDevGetVLanID to virnetdev.c to
	suit their functional purpose

	* util/interface.c, util/interface.h: Remove virNetDevGetIndex &
	  virNetDevGetVLanID
	* util/virnetdev.c, util/virnetdev.h: Add virNetDevGetIndex &
	  virNetDevGetVLanID

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename ifaceGetIndex and ifaceGetVLAN
	Rename the ifaceGetIndex method to virNetDevGetIndex and
	ifaceGetVlanID to virNetDevGetVLanID. Also change the error
	reporting behaviour to always raise errors and return -1 on
	failure

	* util/interface.c, util/interface.h: Rename ifaceGetIndex
	  and ifaceGetVLAN
	* nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
	  nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
	  for API renames and error handling changes

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move MAC address replacement functions to virnetdev.c
	Move virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	to the virnetdev.c file where they naturally belong

	* util/interface.c, util/interface.h: Remove
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress
	* util/virnetdev.c, util/virnetdev.h: Add
	  virNetDevReplaceMacAddress and virNetDevRestoreMacAddress

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename interface MAC address replacement APIs
	Rename ifaceReplaceMacAddress to virNetDevReplaceMacAddress
	and ifaceRestoreMacAddress to virNetDevRestoreMacAddress.

	* util/interface.c, util/interface.h, util/virnetdevmacvlan.c:
	  Rename APIs

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Move the low level macvlan creation APIs
	Move the low level macvlan creation APIs into the
	virnetdevmacvlan.c file where they more naturally
	belong

	* util/interface.c, util/interface.h: Remove virNetDevMacVLanCreate
	  and virNetDevMacVLanDelete
	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h: Add
	  virNetDevMacVLanCreate and virNetDevMacVLanDelete

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename low level macvlan creation APIs
	Rename ifaceMacvtapLinkAdd to virNetDevMacVLanCreate and
	ifaceLinkDel to virNetDevMacVLanDelete. Strictly speaking
	the latter isn't restricted to macvlan devices, but that's
	the only use libvirt has for it.

	* util/interface.c, util/interface.h,
	  util/virnetdevmacvlan.c: Rename APIs

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename high level macvlan creation APIs
	Rename virNetDevMacVLanCreate to virNetDevMacVLanCreateWithVPortProfile
	and virNetDevMacVLanDelete to virNetDevMacVLanDeleteWithVPortProfile

	To make way for renaming the other macvlan creation APIs in
	interface.c

	* util/virnetdevmacvlan.c, util/virnetdevmacvlan.h,
	  qemu/qemu_command.c, qemu/qemu_hotplug.c, qemu/qemu_process.c:
	  Rename APIs

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename and split the macvtap.c file
	Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
	functionality. Move the port profile association code out into
	virnetdevvportprofile.c. Make the APIs available unconditionally
	to callers

	* src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
	* src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
	* src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
	  Pull in vport association code
	* src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
	  src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
	  paths & remove conditional compilation

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Rename Macvtap management APIs
	In preparation for code re-organization, rename the Macvtap
	management APIs to have the following patterns

	  virNetDevMacVLanXXXXX     - macvlan/macvtap interface management
	  virNetDevVPortProfileXXXX - virtual port profile management

	* src/util/macvtap.c, src/util/macvtap.h: Rename APIs
	* src/conf/domain_conf.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_command.h,
	  src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/qemu/qemu_process.h: Update for renamed APIs

2011-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix use of uninitialized variable in QEMU driver

2011-11-17  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	qemu: Generate -numa option
	Add routines to generate -numa QEMU command line option based on
	<numa> ... </numa> XML specifications.

2011-11-17  Bharata B Rao  <bharata@linux.vnet.ibm.com>

	XML definitions for guest NUMA and parsing routines
	This patch adds XML definitions for guest NUMA specification and contains
	routines to parse the same. The guest NUMA specification looks like this:

	<cpu>
	        ...
	        <topology sockets='2' cores='4' threads='2'/>
	        <numa>
	                <cell cpus='0-7' memory='512000'/>
	                <cell cpus='8-15' memory='512000'/>
	        </numa>
	        ...
	</cpu>

2011-11-17  Eric Blake  <eblake@redhat.com>

	snapshot: refuse to generate names for non-regular backing files
	For whatever reason, the kernel allows you to create a regular
	file named /dev/sdc.12345; although this file will disappear the
	next time devtmpfs is remounted.  If you let libvirt generate
	the name of the external snapshot for a disk image originally
	using the block device /dev/sdc, then the domain will be rendered
	unbootable once the qcow2 file is lost on the next devtmpfs
	remount.  In this case, the user should have used 'virsh
	snapshot-create --xmlfile' or 'virsh snapshot-create-as --diskspec'
	to specify the name for the qcow2 file in a sane location, rather
	than relying on libvirt generating a name that is most likely to
	be wrong.  We can help avoid naive mistakes by enforcing that
	the user provide the external name for any backing file that is
	not a regular file.

	* src/conf/domain_conf.c (virDomainSnapshotAlignDisks): Only
	generate names if backing file exists as regular file.
	Reported by MATSUDA Daiki.

2011-11-16  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding virNetServerGetDBusConn() to libvirtd_private.syms
	in commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-16  Jim Fehlig  <jfehlig@suse.com>

	Revert commit 0f590c62
	As noted by Daniel Berrange [1], the proper fix for the older
	PolicyKit build issue is to add virNetServerGetDBusConn to
	libvirt_private.syms.  Revert unnecessary changes to
	daemon/Makefile.am

	[1] https://www.redhat.com/archives/libvir-list/2011-November/msg00852.html

2011-11-16  Laine Stump  <laine@laine.org>

	virsh: add iface-bridge and iface-unbridge commands
	One of the top questions by libvirt users is how to create a host
	bridge device so that guests can be directly on the physical
	network. There are several example documents that explain how to do
	this manually, but following them often results in confusion and
	failure. virt-manager does a good job of creating a bridge based on an
	existing network device, but not everyone wants to use virt-manager.

	This patch adds a new command, iface-bridge that makes it just about
	as simple as possible to create a new bridge device based on an
	existing ethernet/vlan/bond device (including associating IP
	configuration with the bridge rather than the now-attached device),
	and start that new bridge up ready for action, eg:

	    virsh iface-bridge eth0 br0

	For symmetry's sake, it also adds a command to remove a device from a
	bridge, restoring the IP config to the now-unattached device:

	    virsh iface-unbridge br0

	(I had a short debate about whether to do "iface-unbridge eth0"
	instead, but that would involve searching through all bridge devices
	for the one that contained eth0, which seems like a bit too much
	trouble).

	NOTE: These two commands require that the netcf library be available
	on the host. Hopefully this will provide some extra incentive for
	people using suse, debian, ubuntu, and other similar systems to polish
	up (and push downstream) the ports to those distros recently pushed to
	the upstream netcf repo by Dan Berrange. Anyone interested in helping
	with that effort in any way should join the netcf-devel mailing list
	(subscription info at
	https://fedorahosted.org/mailman/listinfo/netcf-devel)

	During creation of the bridge, it's possible to specify whether or not
	the STP protocol should be started up on the bridge and, if so, how
	many seconds the bridge should squelch traffic from newly added
	devices while learning new topology (defaults are stp='on' and
	delay='0', which seems to usually work best for bridges used in the
	context of libvirt guests).

	There is also an option to not immediately start the bridge (and a
	similar option to not immediately start the un-attached device after
	destroying the bridge. Default is to start the new device, because in
	the case of iface-unbridge not starting is strongly discouraged as it
	will leave the system with no network connectivity on that interface
	(because it's necessary to destroy/undefine the bridge device before
	the unattached device can be defined), and it seemed better to make
	the option for iface-bridge behave consistently.

	NOTE TO THOSE TRYING THESE COMMANDS FOR THE FIRST TIME: to guard
	against any "unexpected" change to configuration, it is advisable to
	issue an "virsh iface-begin" command before starting any interface
	config changes, and "virsh iface-commit" only after you've verified
	that everything is working as you expect. If something goes wrong,
	you can always run "virsh iface-rollback" or reboot the system (which
	should automatically do iface-rollback).

	Aside from adding the code for these two functions, and the two
	entries into the command table, the only other change to virsh.c was
	to add the option name to vshCommandOptInterfaceBy(), because the
	iface-unbridge command names its interface option as "bridge".

	virsh.pod has also been updated with short descriptions of these two
	new commands.

2011-11-16  Hu Tao  <hutao@cn.fujitsu.com>

	fix a bug in remoteSerializeTypedParameters
	This is a fatal typo believed to be very likely to happen when using
	both i and j at the same time for indexing.

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't return a fatal error if receiving unexpected stream data
	Due to the asynchronous nature of streams, we might continue to
	receive some stream packets from the server even after we have
	shutdown the stream on the client side. These should be discarded
	silently, rather than raising an error in the RPC layer.

	* src/rpc/virnetclient.c: Discard stream data silently

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of stream EOF
	Very occasionally the sequence of events from poll would result
	in getting a HANGUP on its own, instead of a HANGUP+READABLE
	at the same time. In the former case we would send back an error
	event to the client, but never send the empty packet to indicate
	EOF.

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Allow non-blocking message sending on virNetClient
	Add a new virNetClientSendNonBlock which returns 2 on
	full send, 1 on partial send, 0 on no send, -1 on error

	If a partial send occurs, then a subsequent call to any
	of the virNetClientSend* APIs will finish any outstanding
	I/O.

	TODO: the virNetClientEvent event handler could be used
	to speed up completion of partial sends if an event loop
	is present.

	* src/rpc/virnetsocket.h, src/rpc/virnetsocket.c: Add new
	  virNetSocketHasPendingData() API to test for cached
	  data pending send.
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add new
	  virNetClientSendNonBlock() API to send non-blocking API

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor code for enabling/disabling I/O callback in remote client
	* src/rpc/virnetclient.c: Add helper for setting I/O callback events

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Split virNetClientSend into 2 methods
	Stop multiplexing virNetClientSend for two different purposes,
	instead add virNetClientSendWithReply and virNetClientSendNoReply

	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Replace
	  virNetClientSend with virNetClientSendWithReply and
	  virNetClientSendNoReply
	* src/rpc/virnetclientprogram.c, src/rpc/virnetclientstream.c:
	  Update for new API names

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor code for passing the buck in the remote client
	Remove some duplication by pulling the code for passing the
	buck out into a helper method

	* src/rpc/virnetclient.c: Introduce virNetClientIOEventLoopPassTheBuck

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Explicitly track whether the buck is held in remote client
	Instead of inferring whether the buck is held from the waitDispatch
	pointer, use an explicit 'bool haveTheBuck' field

	* src/rpc/virnetclient.c: Explicitly track the buck

2011-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Remove all linked list handling from remote client event loop
	Directly messing around with the linked list is potentially
	dangerous. Introduce some helper APIs to deal with list
	manipulating the list

	* src/rpc/virnetclient.c: Create linked list handlers

2011-11-16  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: Add netdev helper functions to private symbols

2011-11-16  Sage Weil  <sage@newdream.net>

	qemu/rbd: improve rbd device specification
	This improves the support for qemu rbd devices by adding support for a few
	key features (e.g., authentication) and cleaning up the way in which
	rbd configuration options are passed to qemu.

	An <auth> member of the disk source xml specifies how librbd should
	authenticate. The username attribute is the Ceph/RBD user to authenticate as.
	The usage or uuid attributes specify which secret to use. Usage is an
	arbitrary identifier local to libvirt.

	The old RBD support relied on setting an environment variable to
	communicate information to qemu/librbd.  Instead, pass those options
	explicitly to qemu.  Update the qemu argument parsing and tests
	accordingly.

2011-11-15  Jim Fehlig  <jfehlig@suse.com>

	Fix build with polkit0
	I missed adding libvirt_driver_remote.la to libvirtd_LDADD in
	commit b8adfcc6, which didn't cause a problem in 0.9.6 but
	results in this build error in 0.9.7

	libvirtd-remote.o: In function `remoteDispatchAuthPolkit':
	remote.c:(.text+0x188dd): undefined reference to `virNetServerGetDBusConn'

2011-11-15  Stefan Berger  <stefanb@us.ibm.com>

	Fix strchr call triggering gcc 4.3 & 4.4 bug
	Replacing the strchr call with two variables through a strstr call.
	Calling strchr with two variables triggers a gcc 4.3/4.4
	bug when used in combination with -Wlogical-op and at least -O1.

	maint: fix build
	include stdint.h to fix the build

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove ifaceSetMac and ifaceGetMac APIs
	The ifaceSetMac and ifaceGetMac APIs duplicate the functionality
	of the virNetDevSetMAC and virNetDevGetMAC APIs, but returning
	errno's instead of raising errors.

	* src/util/interface.c, src/util/interface.h: Remove
	  ifaceSetMac and ifaceGetMac APIs, adjusting callers
	  for new error behaviour

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs
	The ifaceUp, ifaceDown, ifaceCtrl & ifaceIsUp APIs can be replaced
	with calls to virNetDevSetOnline and virNetDevIsOnline

	* src/util/interface.c, src/util/interface.h: Delete ifaceUp,
	  ifaceDown, ifaceCtrl & ifaceIsUp
	* src/nwfilter/nwfilter_gentech_driver.c, src/util/macvtap.c:
	  Update to use virNetDevSetOnline and virNetDevIsOnline

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Move LXC veth.c code into shared utility APIs
	Move the virNetDevSetName and virNetDevSetNamespace APIs out
	of LXC's veth.c and into virnetdev.c.

	Move the remaining content of the file to src/util/virnetdevveth.c

	* src/lxc/veth.c: Rename to src/util/virnetdevveth.c
	* src/lxc/veth.h: Rename to src/util/virnetdevveth.h
	* src/util/virnetdev.c, src/util/virnetdev.h: Add
	  virNetDevSetName and virNetDevSetNamespace
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update include paths

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Rename the LXC veth management APIs and delete duplicated APIs
	The src/lxc/veth.c file contains APIs for managing veth devices,
	but some of the APIs duplicate stuff from src/util/virnetdev.h.
	Delete thed duplicate APIs and rename the remaining ones to
	follow virNetDevVethXXXX

	* src/lxc/veth.c, src/lxc/veth.h: Rename APIs & delete duplicates
	* src/lxc/lxc_container.c, src/lxc/lxc_controller.c,
	  src/lxc/lxc_driver.c: Update for API renaming

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Split src/util/network.{c,h} into 5 pieces
	The src/util/network.c file is a dumping ground for many different
	APIs. Split it up into 5 pieces, along functional lines

	 - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
	 - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
	 - src/util/virsocketaddr.c: virSocketAddr and APIs
	 - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
	   for virNetDevBandwidth
	 - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
	   for virNetDevVPortProfile

	* src/util/network.c, src/util/network.h: Split into 5 pieces
	* src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
	  src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
	  src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
	  src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
	  src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
	* daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
	  src/conf/domain_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/conf/nwfilter_conf.h,
	  src/esx/esx_util.h, src/network/bridge_driver.c,
	  src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
	  src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
	  src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
	  src/util/virnetdev.h, src/util/virnetdevtap.c,
	  tools/virsh.c: Update include files

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting in port profile parsing/formatting APIs
	The virtual port profile parsing/formatting APIs do not
	correctly handle unknown profile type strings/numbers.
	They behave as a no-op, instead of raising an error

	* src/util/network.c, src/util/network.h: Fix error
	  handling of port profile APIs
	* src/conf/domain_conf.c, src/conf/network_conf.c: Update
	  for API changes

2011-11-15  Daniel P. Berrange  <berrange@redhat.com>

	Rename virVirtualPortProfileParams & APIs
	Rename the virVirtualPortProfileParams struct to be
	virNetDevVPortProfile, and rename the APIs to match
	this prefix.

	* src/util/network.c, src/util/network.h: Rename port profile
	  APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c, src/qemu/qemu_hotplug.c,
	  src/util/macvtap.c, src/util/macvtap.h: Update for
	  renamed APIs/structs

2011-11-14  Stefan Berger  <stefanb@us.ibm.com>

	maint: Add Michael Wood as an author
	Add Michael Wood <esiotrot@gmail.com> as an author.

2011-11-14  Michael Wood  <esiotrot@gmail.com>

	PATCH: Fix build without MACVTAP
	Hi

	Commit c31d23a78715f1144c73862c46ab0436de8b5e85 removed the "conn"
	parameter from qemuPhysIfaceConnect(), but it's still used if
	WITH_MACVTAP is false.  Also, it's still mentioned in the comment
	above the function:

	/**
	 * qemuPhysIfaceConnect:
	 * @def: the definition of the VM (needed by 802.1Qbh and audit)
	 * @conn: pointer to virConnect object
	 * @driver: pointer to the qemud_driver
	 * @net: pointer to he VM's interface description with direct device type
	 * @qemuCaps: flags for qemu
	 *
	 * Returns a filedescriptor on success or -1 in case of error.
	 */
	int
	qemuPhysIfaceConnect(virDomainDefPtr def,
	                     struct qemud_driver *driver,
	                     virDomainNetDefPtr net,
	                     virBitmapPtr qemuCaps,
	                     enum virVMOperationType vmop)
	{
	    int rc;
	#if WITH_MACVTAP
	[...]
	#else
	    (void)def;
	    (void)conn;
	    (void)net;
	    (void)qemuCaps;
	    (void)driver;
	    (void)vmop;
	    qemuReportError(VIR_ERR_INTERNAL_ERROR,
	                    "%s", _("No support for macvtap device"));
	    rc = -1;
	#endif
	    return rc;
	}

	--
	Michael Wood <esiotrot@gmail.com>

	From f4fc43b4111a4c099395c55902e497b8965e2b53 Mon Sep 17 00:00:00 2001
	From: Michael Wood <esiotrot@gmail.com>
	Date: Sat, 12 Nov 2011 13:37:53 +0200
	Subject: [PATCH] Fix build without MACVTAP.

2011-11-14  Guido Günther  <agx@sigxcpu.org>

	storage: forbid rebuilding existing disk storage pools
	which would blow away all volumes. Honor VIR_STORAGE_POOL_BUILD_OVERWRITE
	to force a rebuild.

	This was caught by libvirt-tck's storage/110-disk-pool.t.

2011-11-12  Eric Blake  <eblake@redhat.com>

	API: add trivial qemu support for VIR_TYPED_PARAM_STRING
	Qemu will be the first driver to make use of a typed string in the
	next round of additions.  Separate out the trivial addition.

	* src/qemu/qemu_driver.c (qemudSupportsFeature): Advertise feature.
	(qemuDomainGetBlkioParameters, qemuDomainGetMemoryParameters)
	(qemuGetSchedulerParametersFlags, qemudDomainBlockStatsFlags):
	Allow typed strings flag where trivially supported.

2011-11-12  Eric Blake  <eblake@redhat.com>

	API: remote support for VIR_TYPED_PARAM_STRING
	Send and receive string typed parameters across RPC.  This also
	completes the back-compat mentioned in the previous patch - the
	only time we have an older client talking to a newer server is
	if RPC is in use, so filtering out strings during RPC prevents
	returning an unknown type to the older client.

	* src/remote/remote_protocol.x (remote_typed_param_value): Add
	another union value.
	* daemon/remote.c (remoteDeserializeTypedParameters): Handle
	strings on rpc.
	(remoteSerializeTypedParameters): Likewise; plus filter out
	strings when replying to older clients.  Adjust callers.
	* src/remote/remote_driver.c (remoteFreeTypedParameters)
	(remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): Handle strings on rpc.
	* src/rpc/gendispatch.pl: Properly clean up typed arrays.
	* src/remote_protocol-structs: Update.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eric Blake  <eblake@redhat.com>

	API: add VIR_TYPED_PARAM_STRING
	This allows strings to be transported between client and server
	in the context of name-type-value virTypedParameter functions.
	For compatibility,

	    o new clients will not send strings to old servers, based on
	      a feature check
	    o new servers will not send strings to old clients without the
	      flag VIR_TYPED_PARAM_STRING_OKAY; this will be enforced at
	      the RPC layer in the next patch, so that drivers need not
	      worry about it in general.  The one exception is that
	      virDomainGetSchedulerParameters lacks a flags argument, so
	      it must not return a string; drivers that forward that
	      function on to virDomainGetSchedulerParametersFlags will
	      have to pay attention to the flag.
	    o the flag VIR_TYPED_PARAM_STRING_OKAY is set automatically,
	      based on a feature check (so far, no driver implements it),
	      so clients do not have to worry about it

	Future patches can then enable the feature on a per-driver basis.

	This patch also ensures that drivers can blindly strdup() field
	names (previously, a malicious client could stuff 80 non-NUL bytes
	into field and cause a read overrun).

	* src/libvirt_internal.h (VIR_DRV_FEATURE_TYPED_PARAM_STRING): New
	driver feature.
	* src/libvirt.c (virTypedParameterValidateSet)
	(virTypedParameterSanitizeGet): New helper functions.
	(virDomainSetMemoryParameters, virDomainSetBlkioParameters)
	(virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainGetMemoryParameters, virDomainGetBlkioParameters)
	(virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags, virDomainBlockStatsFlags):
	Use them.
	* src/util/util.h (virTypedParameterArrayClear): New helper
	function.
	* src/util/util.c (virTypedParameterArrayClear): Implement it.
	* src/libvirt_private.syms (util.h): Export it.
	Based on an initial patch by Hu Tao, with feedback from
	Daniel P. Berrange.

2011-11-12  Eli Qiao  <taget@linux.vnet.ibm.com>

	util: fix compile error on debian
	Add virnetdev.h,virnetdevbridge.h,virnetdevtap.h to private symbols,
	since debian linker no longer allows transitive link resolution

2011-11-12  Eric Blake  <eblake@redhat.com>

	qemu: fix domjobabort regression
	This reverts commit ef1065cf5ac; see also this bug report:
	https://bugzilla.redhat.com/show_bug.cgi?id=751900

	In qemu 0.15.1 and earlier, during migration to file, the
	qemu_savevm_state_begin and qemu_savevm_state_iterate methods
	will both process as much migration data as possible until either

	  1. The file descriptor returns EAGAIN
	  2. The bandwidth rate limit is reached

	If we set the rate limit to ULONG_MAX, test 2 never becomes true. We're
	passing a plain file descriptor to QEMU and POSIX does not support EAGAIN on
	regular files / block devices, so test 1 never becomes true either.

	In the 'virsh save --bypass-cache' case, we pass a pipe instead of a
	regular fd, but using a pipe adds I/O overhead, so always passing a
	pipe just so qemu can see EAGAIN doesn't seem nice.

	The ultimate fix needs to come from qemu - background migration must
	respect asynchronous abort requests, or else periodically return
	control to the main handling loop without an EAGAIN and without
	waiting to hit an insanely large amount of data.  But until a
	version of qemu is fixed to support "unlimited" data rates while
	still allowing cancellation, the best we can do is avoid the
	automatic use of unlimited rates from within libvirt (users can
	still explicitly change the migration rates, if they are aware that
	they are giving up the ability to cancel a job).

	Reverting the lone use of QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX is
	the simplest patch; this slows migration back down to a default
	32M/sec cap, but also ensures that the main qemu processing loop
	will still be responsive to cancellation requests.  Hopefully
	upstream qemu will provide us a means of safely using unlimited
	speed, including a runtime probe of that capability.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Revert attempt
	to use unlimited migration bandwidth when migrating to file.

2011-11-12  Hu Tao  <hutao@cn.fujitsu.com>

	fix two bugs in bridge_driver.c
	steps to reproduce:

	1. having a network xml file(named default.xml) like this one:

	<network>
	  <name>default</name>
	  <uuid>c5322c4c-81d0-4985-a363-ad6389780d89</uuid>
	  <bridge name="virbr0" />
	  <forward/>
	  <ip address="192.168.122.1" netmask="255.255.255.0">
	    <dhcp>
	      <range start="192.168.122.2" end="192.168.122.254" />
	    </dhcp>
	  </ip>
	</network>

	in /etc/libvirt/qemu/networks/, and mark it as autostart:

	$ ls -l /etc/libvirt/qemu/networks/autostart
	total 0
	lrwxrwxrwx 1 root root 14 Oct 12 14:02 default.xml -> ../default.xml

	2. start libvirtd and the device virbr0 is not automatically up.

	The reason is that the function virNetDevExists is now returns 1 if
	the device exists, comparing to the former one returns 0 if the device
	exists. But with only this fix will cause a segmentation fault(the same
	steps as above)  that is fixed by the second chunk of code.

2011-11-11  Eric Blake  <eblake@redhat.com>

	build: drop useless dirent.h includes
	* .gnulib: Update to latest, for improved syntax-check.
	* src/lxc/lxc_container.c (includes): Drop unused include.
	* src/network/bridge_driver.c: Likewise.
	* src/node_device/node_device_linux_sysfs.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/qemu/qemu_conf.c: Likewise.
	* src/storage/storage_backend_iscsi.c: Likewise.
	* src/storage/storage_backend_mpath.c: Likewise.
	* src/uml/uml_conf.c: Likewise.
	* src/uml/uml_driver.c: Likewise.

2011-11-11  Eric Blake  <eblake@redhat.com>

	xenapi: remove unused variable
	  CC     libvirt_driver_xenapi_la-xenapi_driver.lo
	xenapi/xenapi_driver.c: In function 'xenapiDomainGetVcpus':
	xenapi/xenapi_driver.c:1209:21: error: variable 'cpus' set but not used [-Werror=unused-but-set-variable]

	* src/xenapi/xenapi_driver.c (xenapiDomainGetVcpus): Silence
	compiler warning.

2011-11-11  Eric Blake  <eblake@redhat.com>

	maint: use mailmap, not AUTHORS, for secondary addresses
	* AUTHORS: Move Stefan's second entry...
	* .mailmap: ...here.

2011-11-10  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix make syntax-check
	Add my 2nd email to the list of AUTHORS to get 'make syntax-check'
	to pass.

2011-11-10  Stefan Berger  <stefanb@linux.vnet.ibm.com>

	Remove code instantiating filters on direct interfaces
	Remove the code that instantiates network filters on direct type
	of interfaces. The parser already does not accept it.

2011-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Disable numactl on ARM architectures too
	* libvirt.spec.in: Disable numactl on ARM

	Add libvirt confdir to files section in mingw32 spec
	* mingw32-libvirt.spec.in: Ensure we own the confdir

2011-11-10  Eric Blake  <eblake@redhat.com>

	nwfilter: simplify execution of ebiptables scripts
	It's not worth even worrying about a temporary file, unless we
	ever expect the script to exceed maximum command-line argument
	length limits.

	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Run the commands as an argument to /bin/sh, rather than worrying
	about a temporary file.
	(ebiptablesWriteToTempFile): Delete unused function.

2011-11-10  Eric Blake  <eblake@redhat.com>

	nwfilter: avoid failure with noexec /tmp
	If /tmp is mounted with the noexec flag (common on security-conscious
	systems), then nwfilter will fail to initialize, because we cannot
	run any temporary script via virRun("/tmp/script"); but we _can_
	use "/bin/sh /tmp/script".  For that matter, using /tmp risks collisions
	with other unrelated programs; we already have /var/run/libvirt as a
	dedicated temporary directory for use by libvirt.

	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use internal directory, not /tmp;
	drop attempts to make script executable; and detect close error.
	(ebiptablesExecCLI): Switch to virCommand, and invoke the shell to
	read the script, rather than requiring an executable script.

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Adjust naming of network device bandwidth management APIs
	Rename virBandwidth to virNetDevBandwidth, and virRate to
	virNetDevBandwidthRate.

	* src/util/network.c, src/util/network.h: Rename bandwidth
	  structs and APIs
	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/network_conf.c, src/conf/network_conf.h,
	  src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/util/macvtap.c,
	  src/util/macvtap.h, tools/virsh.c: Update for API changes.

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Santize naming of socket address APIs
	The socket address APIs in src/util/network.h either take the
	form  virSocketAddrXXX, virSocketXXX or virSocketXXXAddr.

	Sanitize this so everything is virSocketAddrXXXX, and ensure
	that the virSocketAddr parameter is always the first one.

	* src/util/network.c, src/util/network.h: Santize socket
	  address API naming
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/conf/nwfilter_conf.c, src/network/bridge_driver.c,
	  src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/rpc/virnetsocket.c,
	  src/util/dnsmasq.c, src/util/iptables.c,
	  src/util/virnetdev.c, src/vbox/vbox_tmpl.c: Update for
	  API renaming

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Split bridge.h into three separate files
	Following the renaming of the bridge management APIs, we can now
	split the source file into 3 corresponding pieces

	 * src/util/virnetdev.c: APIs for any type of network interface
	 * src/util/virnetdevbridge.c: APIs for bridge interfaces
	 * src/util/virnetdevtap.c: APIs for TAP interfaces

	* src/util/virnetdev.c, src/util/virnetdev.h,
	  src/util/virnetdevbridge.c, src/util/virnetdevbridge.h,
	  src/util/virnetdevtap.c, src/util/virnetdevtap.h: Copied
	  from bridge.{c,h}
	* src/util/bridge.c, src/util/bridge.h: Split into 3 pieces
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_command.c,
	  src/qemu/qemu_conf.h, src/uml/uml_conf.c, src/uml/uml_conf.h,
	  src/uml/uml_driver.c: Update #include directives

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Remove usage of brctl command line tool
	Convert the virNetDevBridgeSetSTP and virNetDevBridgeSetSTPDelay
	to use ioctls instead of spawning brctl.

	Implement the virNetDevBridgeGetSTP and virNetDevBridgeGetSTPDelay
	methods which were declared in the header but never existed

	* src/util/bridge.c: Convert to use bridge ioctls instead of brctl

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Add an API for retrieving the MAC address of an interface
	* src/util/bridge.c, src/util/bridge.h: Add virNetDevGetMAC

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Expose MTU management APIs
	The MTU management APIs are useful to other code inside libvirt,
	so should be exposed as non-static APIs.

	* src/util/bridge.c, src/util/bridge.h: Expose virNetDevSetMTU,
	  virNetDevSetMTUFromDevice & virNetDevGetMTU

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Turn two int parameters into bools in bridge APIs
	* src/util/bridge.c, src/util/bridge.h: s/int/bool/ in
	  virNetDevSetOnline and virNetDevBridgeSetSTP

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Rename all brXXXX APIs to follow new convention
	The existing brXXX APIs in src/util/bridge.h are renamed to
	follow one of three different conventions

	 - virNetDevXXX       - operations for any type of interface
	 - virNetDevBridgeXXX - operations for bridge interfaces
	 - virNetDevTapXXX    - operations for tap interfaces

	* src/util/bridge.h, src/util/bridge.c: Rename all APIs
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Update for API renaming

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Make all brXXX APIs raise errors, instead of returning errnos
	Currently every caller of the brXXX APIs has to store the returned
	errno value and then raise an error message. This results in
	inconsistent error messages across drivers, additional burden on
	the callers and makes the error reporting inaccurate since it is
	hard to distinguish different scenarios from 1 errno value.

	* src/util/bridge.c: Raise errors instead of returning errnos
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/qemu/qemu_command.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Remove error reporting code

2011-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Remove 'brControl' object
	The bridge management APIs in src/util/bridge.c require a brControl
	object to be passed around. This holds the file descriptor for the
	control socket. This extra object complicates use of the API for
	only a minor efficiency gain, which is in turn entirely offset by
	the need to fork/exec the brctl command for STP configuration.

	This patch removes the 'brControl' object entirely, instead opening
	the control socket & closing it again within the scope of each method.

	The parameter names for the APIs are also made to consistently use
	'brname' for bridge device name, and 'ifname' for an interface
	device name. Finally annotations are added for non-NULL parameters
	and return check validation

	* src/util/bridge.c, src/util/bridge.h: Remove brControl object
	  and update API parameter names & annotations.
	* src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_conf.c, src/uml/uml_driver.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_conf.h,
	  src/qemu/qemu_driver.c: Remove reference to 'brControl' object

2011-11-09  Eric Blake  <eblake@redhat.com>

	build: fix mingw build of gnulib openpty
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  Work around it while waiting for an upstream gnulib fix.

	* gnulib/local/lib/pty.in.h (openpty): Provide forward
	declarations of opaque structs not present on mingw.
	* gnulib/local/lib/openpty.c (openpty): Provide stub for mingw.

2011-11-09  Eric Blake  <eblake@redhat.com>

	build: allow for local gnulib diffs
	Commit f7bd00c12 pulled in a gnulib module that fails to compile
	on mingw.  While it would be nice to pull in a newer version of
	.gnulib that fixes this, it is difficult to backport any .gnulib
	update to older releases.  So, it makes sense to take advantage
	of gnulib-tool's ability to support local diffs, where we can
	apply specific diffs in our use of gnulib without waiting for
	upstream gnulib to pick up those changes, as well as avoiding
	a wholesale .gnulib update.  The existence of local diffs will
	also make it easier to backport fixes against a tarball (as long
	as a tarball and libvirt.git share the same .gnulib commit, then
	the tarball can be patched by applying the same local diffs as
	a post-release libvirt.git commit, without having to rerun an
	entire gnulib-tool bootstrap).

	This patch introduces the framework for supporting local diffs,
	without actually introducing any.

	* bootstrap.conf (local_gl_dir): New variable.
	* autogen.sh (bootstrap_hash): Hash any local diffs, to force a
	re-bootstrap if just diffs change.
	* cfg.mk (_update_required): Likewise.

2011-11-09  Alex Jia  <ajia@redhat.com>

	lxc: free error object to avoid memory leak
	Detected by Coverity. Leak introduced in commit 9d201a5.

	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Alex Jia  <ajia@redhat.com>

	lxc: free 'ttyFDs' array on return from lxcVmStart
	Detected by Coverity. Leak introduced in commit 0f31f7b.

	* src/lxc/lxc_driver.c: Clean up on failure.

2011-11-09  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper error message for disk detaching
	s/virDomainDeviceTypeToString/virDomainDiskDeviceTypeToString/

	Report by Xu He Jie <xuhj@linux.vnet.ibm.

2011-11-09  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add VSH_OFLAG_EMPTY_OK for attach-disk command
	As the description of removing CDROM media from
	  http://wiki.libvirt.org/page/QEMUSwitchToLibvirt#eject_DEV

	Add flag 'VSH_OFLAG_EMPTY_OK' to the option 'source' of attach-disk

	Then avoid outputting <source> in the XML if 'source' was empty,
	rather than trusting libvirt domain_conf.c to understand an empty
	string.

2011-11-08  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.7
	* confiure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: update localizations and rebuilt

2011-11-07  Eric Blake  <eblake@redhat.com>

	build: fix build on platforms without ptsname_r
	MacOS lacks ptsname_r, and gnulib doesn't (yet) provide it.
	But we can avoid it altogether, by using gnulib openpty()
	instead.  Note that we do _not_ want the pt_chown module;
	gnulib uses it only to implement a replacement openpty() if
	the system lacks both openpty() and granpt(), but all
	systems that we currently port to either have at least one of
	openpty() and/or grantpt(), or lack ptys altogether.  That is,
	we aren't porting to any system that requires us to deal with
	the hassle of installing a setuid pt_chown helper just to use
	gnulib's ability to provide openpty() on obscure platforms.

	* .gnulib: Update to latest, for openpty fixes
	* bootstrap.conf (gnulib_modules): Add openpty, ttyname_r.
	(gnulib_tool_option_extras): Exclude pt_chown module.
	* src/util/util.c (virFileOpenTty): Rewrite in terms of openpty
	and ttyname_r.
	* src/util/util.h (virFileOpenTtyAt): Delete dead prototype.

2011-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Add missing defaultConsoleTargetType callback for AppArmour
	Every instance of virCapsPtr must have the defaultConsoleTargetType
	field set.

	* src/security/virt-aa-helper.c: Add defaultConsoleTargetType to
	  virCapsPtr

2011-11-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix sending/receiving of FDs when stream returns EAGAIN
	The code calling sendfd/recvfd was mistakenly assuming those
	calls would never block. They can in fact return EAGAIN and
	this is causing us to drop the client connection when blocking
	ocurrs while sending/receiving FDs.

	Fixing this is a little hairy on the incoming side, since at
	the point where we see the EAGAIN, we already thought we had
	finished receiving all data for the packet. So we play a little
	trick to reset bufferOffset again and go back into polling for
	more data.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Update
	  virNetSocketSendFD/RecvFD to return 0 on EAGAIN, or 1
	  on success
	* src/rpc/virnetclient.c: Move decoding of header & fds
	  out of virNetClientCallDispatch and into virNetClientIOHandleInput.
	  Handling blocking when sending/receiving FDs
	* src/rpc/virnetmessage.h: Add a 'donefds' field to track
	  how many FDs we've sent / received
	* src/rpc/virnetserverclient.c: Handling blocking when
	  sending/receiving FDs

2011-11-04  Eric Blake  <eblake@redhat.com>

	build: silence compiler warning on BSD
	Building on 64-bit FreeBSD 8.2 complained about a cast between
	a pointer and a smaller integer.  Going through an intermediate
	cast shuts up the compiler.

	* src/util/threads-pthread.c (virThreadSelfID): Silence a warning.

2011-11-04  Eric Blake  <eblake@redhat.com>

	build: fix linking on BSD
	While building on FreeBSD (and after fixing a ptsname_r link error),
	I got this failure:

	./.libs/libvirt_util.a(libvirt_util_la-threads.o)(.text+0x240): In function `virThreadCreate':
	util/threads-pthread.c:185: undefined reference to `pthread_create'

	It turns out that gnulib used only pthread_join for LIB_PTHREAD,
	but on FreeBSD, libc provides that (as a stub function); whereas
	the more complex pthread_create really does require -pthread,
	which gnulib tracked under [LT]LIBMULTITHREAD.

	* configure.ac (LIBS): Check LIBMULTITHREAD alongside LIB_PTHREAD.
	* src/Makefile.am (THREAD_LIBS): New variable.
	(libvirt_util_la_LIBADD, libvirt_lxc_LDADD): Use it.

2011-11-04  Laine Stump  <laine@laine.org>

	remote: fix mingw32 build
	tty is initialized, and later set in code that is compiled for all
	platforms, but is only used in a section that's inside #ifndef WIN32.

2011-11-04  Eric Blake  <eblake@redhat.com>

	lxc: avoid use-after-free
	I got this weird failure:

	error: Failed to start domain simple
	error: internal error cannot mix caller fds with blocking execution

	and tracked it down to a use-after-free - virCommandSetOutputFD
	was storing the address of a stack-local variable, which then
	went out of scope before the virCommandRun that dereferenced it.

	Bug introduced in commit 451cfd05 (0.9.2).

	* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
	registration...
	(lxcVmStart): ...to caller.

2011-11-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix naming of constant for disk event
	All constants related to events should have a prefix of
	VIR_DOMAIN_EVENT_

	* include/libvirt/libvirt.h.in, src/qemu/qemu_domain.c:
	  Rename VIR_DOMAIN_DISK_CHANGE_MISSING_ON_START to
	  VIR_DOMAIN_EVENT_DISK_CHANGE_MISSING_ON_START

2011-11-04  Jiri Denemark  <jdenemar@redhat.com>

	conf: Don't free uninitialized pointer
	This causes libvirtd to crash when both <boot dev='...'/> and <boot
	order='...'/> are used in one domain XML. Introduced by
	5fa3d775a9f8cdb3423373eb084219aaf778df11

2011-11-03  Eric Blake  <eblake@redhat.com>

	build: fix deep VPATH builds
	I ran into the following build failure:
	$ mkdir -p build1 build2/a/very/deep/hierarcy
	$ cd build2/a/very/deep/hierarcy
	$ ../../../../../configure && make
	$ cd ../../../../build1
	$ ../configure && make
	...
	../../src/remote/remote_protocol.c:7:55: fatal error: ../../../../../src/remote/remote_protocol.h: No such file or directory

	Turns out that we were sometimes generating the remote_protocol.c
	file with information from the VPATH build, which is bad, since
	any file shipped in the tarball should be idempotent no matter how
	deep the VPATH build tree that created it.

	* src/rpc/genprotocol.pl: Don't embed VPATH into generated file.

2011-11-03  Philipp Hahn  <hahn@univention.de>

	doc: Add <deviceboot> capability.
	Allow /capabilities/guest/features/deviceboot.

2011-11-03  Eric Blake  <eblake@redhat.com>

	lxc: use common code for process cleanup
	Based on a Coverity report - the return value of waitpid() should
	always be checked, to avoid problems with leaking resources.

	* src/lxc/lxc_controller.c (lxcControllerRun): Use simpler virPidAbort.

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix default console type setting
	The default console type may vary based on the OS type. ie a Xen
	paravirt guests wants a 'xen' console, while a fullvirt guests
	wants a 'serial' console.

	A plain integer default console type in the capabilities does
	not suffice. Instead introduce a callback that is passed the
	OS type.

	* src/conf/capabilities.h: Use a callback for default console
	  type
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Use callback
	  for default console type. Add missing LXC/OpenVZ console types.
	* src/esx/esx_driver.c, src/libxl/libxl_conf.c,
	  src/lxc/lxc_conf.c, src/openvz/openvz_conf.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_capabilities.c,
	  src/uml/uml_conf.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_conf.c, src/xen/xen_hypervisor.c,
	  src/xenapi/xenapi_driver.c: Set default console type callback

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Set aliases for LXC/UML console devices
	To allow virDomainOpenConsole to access non-primary consoles,
	device aliases are required to be set. Until now only the QEMU
	driver has done this. Update LXC & UML to set aliases for any
	console devices

	* src/lxc/lxc_driver.c, src/uml/uml_driver.c: Set aliases
	  for console devices

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Default console target type with no <target> element
	When no <target> element was set at all, the default console
	target type was not being honoured

	* src/conf/domain_conf.c: Set default target type for consoles
	  with no <target>

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Add support for multiple consoles in LXC
	Currently the LXC controller only supports setup of a single
	text console. This is wired up to the container init's stdio,
	as well as /dev/console and /dev/tty1. Extending support for
	multiple consoles, means wiring up additional PTYs to /dev/tty2,
	/dev/tty3, etc, etc. The LXC controller is passed multiple open
	file handles, one for each console requested.

	* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Wire up
	  all the /dev/ttyN links required to symlink to /dev/pts/NN
	* src/lxc/lxc_container.h: Open more container side /dev/pts/NN
	  devices, and adapt event loop to handle I/O from all consoles
	* src/lxc/lxc_driver.c: Setup multiple host side PTYs

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite LXC I/O forwarding to use main event loop
	The current I/O code for LXC uses a hand crafted event loop
	to forward I/O between the container & host app, based on
	epoll to handle EOF on PTYs. This event loop is not easily
	extensible to add more consoles, or monitor other types of
	file descriptors.

	Remove the custom event loop and replace it with a normal
	libvirt event loop. When detecting EOF on a PTY, disable
	the event watch on that FD, and fork off a background thread
	that does a edge-triggered epoll() on the FD. When the FD
	finally shows new incoming data, the thread re-enables the
	watch on the FD and exits.

	When getting EOF from a read() on the PTY, the existing code
	would do waitpid(WNOHANG) to see if the container had exited.
	Unfortunately there is a race condition, because even though
	the process has closed its stdio handles, it might still
	exist.

	To deal with this the new event loop uses a SIG_CHILD handler
	to perform the waitpid only when the container is known to
	have actually exited.

	* src/lxc/lxc_controller.c: Rewrite the event loop to use
	  the standard APIs.

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash formatting virtio console
	qemuBuildVirtioSerialPortDevStr was mistakenly accessing the
	target.name field in the virDomainChrDef object for chardevs
	belonging to a console. Those chardevs only have port set,
	and if there's > 1 console, the > 1port number results in
	trying to access a target.name with address 0x1

	* src/qemu/qemu_command.c: Fix target.name handling and
	  make code more robust wrt error reporting

	* src/qemu/qemu_command.c: Conditionally access target.name

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Allow multiple consoles per virtual guest
	While Xen only has a single paravirt console, UML, and
	QEMU both support multiple paravirt consoles. The LXC
	driver can also be trivially made to support multiple
	consoles. This patch extends the XML to allow multiple
	<console> elements in the XML. It also makes the UML
	and QEMU drivers support this config.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Allow
	  multiple <console> devices
	* src/lxc/lxc_driver.c, src/xen/xen_driver.c,
	  src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c: Update for
	  internal API changes
	* src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Only label consoles that aren't a copy of the serial device
	* src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_process.c, src/uml/uml_conf.c,
	  src/uml/uml_driver.c: Support multiple console devices
	* tests/qemuxml2xmltest.c, tests/qemuxml2argvtest.c: Extra
	  tests for multiple virtio consoles. Set QEMU_CAPS_CHARDEV
	  for all console /channel tests
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio.args: Update
	  for correct chardev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.args,
	  tests/qemuxml2argvdata/qemuxml2argv-console-virtio-many.xml: New
	  test file

2011-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Remove translations in socket test case
	The test case errors should not be translated since they're only
	targetted at developers, not users.

	* tests/virnetsockettest.c: Remove error reporting with translations

2011-11-03  Guido Günther  <agx@sigxcpu.org>

	virnetsockettest: Use a temporary directory in /tmp
	to avoid exceeding UNIX_PATH_MAX

2011-11-02  Guido Günther  <agx@sigxcpu.org>

	Use ENAMETOOLONG if the the socket path is longer than UNIX_PATH_MAX

2011-11-02  Eric Blake  <eblake@redhat.com>

	xen: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters):
	Allow fewer than max.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters):
	Likewise.

2011-11-02  Eric Blake  <eblake@redhat.com>

	test: drop redundant check
	libvirt.c guarantees that nparams is non-zero for scheduler parameters.

	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags): Drop
	redundant check.  Avoid strcpy.

2011-11-02  Eric Blake  <eblake@redhat.com>

	lxc: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.
	Also, libvirt.c filters out nparams of 0 for scheduler parameters.

	* src/lxc/lxc_driver.c (lxcDomainGetMemoryParameters): Allow fewer
	than max.
	(lxcGetSchedulerParametersFlags): Drop redundant check.

2011-11-02  Eric Blake  <eblake@redhat.com>

	libxl: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/libxl/libxl_driver.c
	(libxlDomainGetSchedulerParametersFlags): Allow fewer than max.

2011-11-02  Eric Blake  <eblake@redhat.com>

	esx: allow getting < max typed parameters
	Allow the user to call with nparams too small, per API documentation.

	* src/esx/esx_driver.c (esxDomainGetMemoryParameters): Drop
	redundant check.
	(esxDomainGetSchedulerParametersFlags): Allow fewer than max.

2011-11-02  Eric Blake  <eblake@redhat.com>

	API: document scheduler parameter names
	Document the parameter names that will be used by
	virDomain{Get,Set}SchedulerParameters{,Flags}, rather than
	hard-coding those names in each driver, to match what is
	done with memory, blkio, and blockstats parameters.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SCHEDULER_CPU_SHARES)
	(VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)
	(VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_DOMAIN_SCHEDULER_WEIGHT)
	(VIR_DOMAIN_SCHEDULER_CAP, VIR_DOMAIN_SCHEDULER_RESERVATION)
	(VIR_DOMAIN_SCHEDULER_LIMIT, VIR_DOMAIN_SCHEDULER_SHARES): New
	field name macros.
	* src/qemu/qemu_driver.c (qemuSetSchedulerParametersFlags)
	(qemuGetSchedulerParametersFlags): Use new defines.
	* src/test/test_driver.c (testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorGetSchedulerParameters)
	(xenHypervisorSetSchedulerParameters): Likewise.
	* src/xen/xend_internal.c (xenDaemonGetSchedulerParameters)
	(xenDaemonSetSchedulerParameters): Likewise.
	* src/lxc/lxc_driver.c (lxcSetSchedulerParametersFlags)
	(lxcGetSchedulerParametersFlags): Likewise.
	* src/esx/esx_driver.c (esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): Likewise.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-one printing month in logging code
	The field 'mon' in 'struct tm' gives months 0-11, where as
	humans tend to expect months 1-12. Thus the month number
	needing adjusting by 1

	* src/util/logging.c: Use human friendly month number

2011-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Add missing param initialization in qemuDomainBlockStatsFlags
	* src/qemu/qemu_driver.c: Fix use of uninitialized 'params'

2011-11-02  Wen Congyang  <wency@cn.fujitsu.com>

	fix crash when starting network
	commit 27908453 introduces a regression, and it will
	cause libvirt crashed when starting network.

	The reason is that tapfd may be NULL, but we dereference
	it without checking whether it is NULL.

2011-11-01  Eric Blake  <eblake@redhat.com>

	qemu: allow getting < max typed parameters
	Since all virTypedParameter APIs allow us to return the number
	of slots we actually populated, we should allow the user to
	call with nparams too small (without overrunning their array)
	or too large (ignoring the tail of the array that we can't fill),
	rather than requiring that they get things exactly right.

	Making this change will make it easier for a future patch to
	introduce VIR_TYPED_PARAM_STRING, with filtering in libvirt.c
	rather than in every single driver, since users already have
	to be prepared for *nparams to be smaller on exit than on entry.

	* src/qemu/qemu_driver.c (qemuDomainGetBlkioParameters)
	(qemuDomainGetMemoryParameters): Allow variable nparams on entry.
	(qemuGetSchedulerParametersFlags): Drop redundant check.
	(qemudDomainBlockStats, qemudDomainBlockStatsFlags): Rename...
	(qemuDomainBlockStats, qemuDomainBlockStatsFlags): ...to this.
	Don't return unavailable stats.

2011-11-01  Eric Blake  <eblake@redhat.com>

	docs: improve typed parameter documentation
	virDomainBlockStatsFlags was missing a check that was present in
	virDomainGetMemoryParameters.  Additionally, I found that the
	existing descriptions were a bit hard to read.  A later patch
	will fix qemu to return fewer than max parameters if @nparams
	was too small on input.

	* src/libvirt.c (virDomainGetMemoryParameters)
	(virDomainGetBlkioParameters, virDomainGetSchedulerParameters)
	(virDomainGetSchedulerParametersFlags):
	Tweak documentation wording.
	(virDomainBlockStatsFlags): Likewise, and add sanity check.

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite error message during VM cleanup
	If an LXC VM fails to start, quite a few cleanup paths will
	result in the original error message being overwritten. Some
	other cleanup paths also forgot to actually terminate the VM.

	* src/lxc/lxc_driver.c: Ensure VM is terminated on startup
	  failure and preserve original error

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Add support for probing filesystem with libblkid
	The LXC code for mounting container filesystems from block devices
	tries all filesystems in /etc/filesystems and possibly those in
	/proc/filesystems. The regular mount binary, however, first tries
	using libblkid to detect the format. Add support for doing the same
	in libvirt, since Fedora's /etc/filesystems is missing many formats,
	most notably ext4 which is the default filesystem Fedora uses!

	* src/Makefile.am: Link libvirt_lxc to libblkid
	* src/lxc/lxc_container.c: Probe filesystem format with libblkid

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix error message when failing to detect filesystem
	If we looped through /etc/filesystems trying to mount with each
	type and failed all options, we forget to actually raise an
	error message.

	* src/lxc/lxc_container.c: Raise error if unable to detect
	  the filesystems. Also fix existing error message

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Workaround for broken kernel autofs mounts
	The kernel automounter is mostly broken wrt to containers. Most
	notably if you start a new filesystem namespace and then attempt
	to unmount any autofs filesystem, it will typically fail with a
	weird error message like

	  Failed to unmount '/.oldroot/sys/kernel/security':Too many levels of symbolic links

	Attempting to detach the autofs mount using umount2(MNT_DETACH)
	will also fail with the same error. Therefore if we get any error on
	unmount()ing a filesystem from the old root FS when starting a
	container, we must immediately break out and detach the entire
	old root filesystem (ignoring any mounts below it).

	This has the effect of making the old root filesystem inaccessible
	to anything inside the container, but at the cost that the mounts
	live on in the kernel until the container exits. Given that SystemD
	uses autofs by default, we need LXC to be robust this scenario and
	thus this tradeoff is worthwhile.

	* src/lxc/lxc_container.c: Detach root filesystem if any umount
	  operation fails.

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Correctly handle '*' in /etc/filesystems
	The /etc/filesystems file can contain a '*' on the last line to
	indicate that /proc/filessystems should be tried next. We have
	a check that this '*' only occurs on the last line. Unfortunately
	when we then start reading /proc/filesystems, we mistakenly think
	we've seen '*' in /proc/filesystems and fail

	* src/lxc/lxc_container.c: Skip '*' validation when we're reading
	  /proc/filesystems

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Ensure errno is valid when returning from lxcContainerWaitForContinue
	Only some of the return paths of lxcContainerWaitForContinue will
	have set errno. In other paths we need to set it manually to avoid
	the caller getting a random stale errno value

	* src/lxc/lxc_container.c: Set errno in lxcContainerWaitForContinue

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Create /var/lib/libvirt/filesystems for LXC trees
	We already have a /var/lib/libvirt/images for OS install images.
	We need a separate /var/lib/libvirt/filesystems for OS install
	trees, since SELinux labelling will be different

	* libvirt.spec.in: Add /var/lib/libvirt/filesystems
	* src/Makefile.am: Create /var/lib/libvirt/filesystems

2011-11-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support folders in the path of vpx:// connection URIs
	Allow the datacenter and compute resource parts of the path
	to be prefixed with folders. Therefore, the way the path is
	parsed has changed. Before, it was split in 2 or 3 items and
	the items' meanings were determined by their positions. Now
	the path can have 2 or more items and the the vCenter server
	is asked whether a folder, datacenter of compute resource
	with the specified name exists at the current hierarchy level.

	Before the datacenter and compute resource lookup automatically
	traversed folders during lookup. This is logic got removed
	and folders have to be specified explicitly.

	The proper datacenter path including folders is now used when
	accessing a datastore over HTTPS. This makes virsh dumpxml
	and define work for datacenters in folders.

	https://bugzilla.redhat.com/show_bug.cgi?id=732676

2011-11-01  Patrice LACHANCE  <patlachance@gmail.com>

	esx: Support vSphere 5.x
	And virtual hardware version 8.

2011-11-01  Wen Ruo Lv  <lvroyce@linux.vnet.ibm.com>

	Fix URI alias prefix matching
	with /etc/libvirt/libvirt.conf below:
	uri_aliases = [
	  "hail=qemu:///system",
	  "sleet=qemu+ssh://root 9 115 122 57/system",
	  "sam=qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock",
	]
	Neither "virsh -c hailly" nor "hai" should result in matching "hail=qemu:///system"

	Fix URI alias prefix matching when connecting

2011-11-01  Eric Blake  <eblake@redhat.com>

	docs: fix typo in <disk>/<target> example
	* docs/formatdomain.html.in: Use dev, not def.
	Reported by Alexander Biryukov.

2011-11-01  Michal Privoznik  <mprivozn@redhat.com>

	ServerClient: Flush cached data
	If daemon is using SASL it reads client data into a cache. This cache is
	big (usually 65KB) and can thus contain 2 or more messages. However,
	on socket event we can dispatch only one message. So if we read two
	messages at once, the second will not be dispatched as the socket event
	goes away with filling the cache.
	Moreover, when dispatching the cache we need to remember to take care
	of client max requests limit.

2011-11-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix storage pool source comparison to avoid comparing with self
	If we are comparing storage pools we must skip comparing with
	ourself, so that re-defining an existing pool works

	* conf/storage_conf.c: Skip self when comparing

2011-10-31  Sage Weil  <sage@newdream.net>

	qemu: pass virConnectPtr into Domain{Attach,Detach}*
	The qemu RBD driver needs access to the conn in order to get the secret
	needed for connecting to the ceph cluster.

2011-10-31  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Detected by Coverity. Leak introduced in commit 6cabc0b.

	* src/qemu/qemu_command.c: Clean up on failure.

2011-10-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix documentation of virStream recv
	This was fixed in be757a3f7baf93b for libvirt.c.

2011-10-31  Michal Privoznik  <mprivozn@redhat.com>

	startupPolicty: Minor cleanups
	This patch does some cleanups to my previous startupPolicy patchset.

2011-10-30  Osier Yang  <jyang@redhat.com>

	qemu: Restore the original states of PCI device when restarting daemon
	To support "managed" mode of host PCI device, we record the original
	states (unbind_from_stub, remove_slot, and reprobe) so that could
	reattach the device to host with original driver. But there is no XML
	for theses attrs, and thus after daemon is restarted, we lose the
	original states. It's easy to reproduce:

	    1) virsh start domain
	    2) virsh attach-device dom hostpci.xml (in 'managed' mode)
	    3) service libvirtd restart
	    4) virsh destroy domain

	    You will see the device won't be bound to the original driver
	if there was one.

	This patch is to solve the problem by introducing internal XML
	(won't be dumped to user, only dumped to status XML). The XML is:
	    <origstates>
	      <unbind/>
	      <remove_slot/>
	      <reprobe/>
	    </origstates>

	Which will be child node of <hostdev><source>...</souce></hostdev>.
	(only for PCI device).

	A new struct "virDomainHostdevOrigStates" is introduced for the XML,
	and the according members are updated when preparing the PCI device.
	And function "qemuUpdateActivePciHostdevs" is modified to honor
	the original states. Use of qemuGetPciHostDeviceList is removed
	in function "qemuUpdateActivePciHostdevs", and the "managed" value of
	the device config is honored by the change. This fixes another problem
	alongside:

	    qemuGetPciHostDeviceList set the device as "managed" force
	    regardless of whether the device is configured as "managed='yes'"
	    or not in XML, which is not right.

2011-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.1
	Deal with the incompatible changes in the VirtualBox 4.1 API.

	INetworkAdapter has its different AttachTo* method replaced by
	a settable attachmentType property.

	The maximum number of network adapters is now requestable per
	chipset type.

	The OpenMedium method got a bool parameter to request opening
	a medium under a new IID.

2011-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Support shared folders
	Shared folders are handled as filesystems and can also be hotplugged.

2011-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Improve error reporting in xenapiOpen once again
	privP->session->error_description is a list and in order to get the
	complete error message all parts of the list should be concatenated.
	xenapiSessionErrorHandler does this when its third parameter is NULL.
	The current code discards all but the first part of the error message
	resulting in a potentially incomplete error message.

	This partly reverts 006be75ee214f9b4, that tried to avoid reporting
	a (null) in the error message. The actual problem is more general in
	returnErrorFromSession that might return NULL if there is no error.

	Make sure that returnErrorFromSession return non-NULL always. Also
	don't skip the last error message part.

2011-10-29  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix error return value convention/inconsistencies
	- changed some return 1's to return -1
	- changed if (rc) error checks to if (rc < 0)
	- fixed some other minor convention violations

	I might have missed some. Can fix in another patch or can respin

	Reported-by: Eric Blake <eblake@redhat.com>
	Reported-by: Laine Stump <laine@laine.org>

2011-10-29  Josh Durgin  <josh.durgin@dreamhost.com>

	Use a common xml type for ceph secret usage.
	The types used in domaincommon.rng and secret.rng should be the same.

	Move genericName to basictypes.rng, then drop redundant types now
	that secret.rng uses basictypes.rng.

2011-10-28  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	pci address conflict when virtio disk with drive type
	When using the xml as below:
	------------------------------------------------------
	<devices>
	  <emulator>/home/soulxu/data/work-code/qemu-kvm/x86_64-softmmu/qemu-system-x86_64</emulator>
	    <disk type='file' device='disk'>
	    <driver name='qemu' type='qcow2'/>
	    <source file='/home/soulxu/data/VM/images/linux.img'/>
	    <target dev='vda' bus='virtio'/>
	    <address type='drive' controller='0' bus='0' unit='0'/>
	  </disk>
	  <input type='mouse' bus='ps2'/>
	  <graphics type='vnc' port='-1' autoport='yes'/>
	  <video>
	    <model type='cirrus' vram='9216' heads='1'/>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
	  </video>
	  <memballoon model='virtio'>
	    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	  </memballoon>
	</devices>
	------------------------------------------------------

	Then can't startup qemu, the error message as below:
	virsh # start test-vm
	error: Failed to start domain test-vm
	error: internal error process exited while connecting to monitor: qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: PCI: slot 3 function 0 not available for virtio-balloon-pci, in use by virtio-blk-pci
	qemu-system-x86_64: -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3: Device 'virtio-balloon-pci' could not be initialized

	So adding check for bus type and address type. Only the address of pci type support by virtio bus.

2011-10-28  Eric Blake  <eblake@redhat.com>

	secret: fix bad patch application
	In hand-applying Josh and Sage's patch, I missed out on a break.

	* src/conf/secret_conf.c (virSecretDefFree): Fix my botch.

2011-10-28  Josh Durgin  <josh.durgin@dreamhost.com>

	storage: add auth to virDomainDiskDef
	Add additional fields to let you specify the how to authenticate with a disk.
	The secret to use may be referenced by a usage string or a UUID, i.e.:

	<auth username='myuser'>
	 <secret type='ceph' usage='secretname'/>
	</auth>

	or

	<auth username='myuser'>
	 <secret type='ceph' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
	</auth>

2011-10-28  Sage Weil  <sage@newdream.net>

	secret: add Ceph secret type
	Add a new secret type to store a Ceph authentication key. The name
	is simply an identifier for easy human reference.

	The xml looks like this:

	<secret ephemeral='no' private='no'>
	 <uuid>0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f</uuid>
	 <usage type='ceph'>
	   <name>mycluster_admin</name>
	 </usage>
	</secret>

2011-10-28  Alex Jia  <ajia@redhat.com>

	qemu: plug memory leak
	Leak introduced in commit c1bc3d89.
	Detected by valgrind:

	==18462== 1,100 bytes in 1 blocks are definitely lost in loss record 183 of 184
	==18462==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==18462==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==18462==    by 0x4AADBB: virReallocN (memory.c:161)
	==18462==    by 0x4A975E: virBufferGrow (buf.c:117)
	==18462==    by 0x4A9D92: virBufferVasprintf (buf.c:290)
	==18462==    by 0x4A9EF7: virBufferAsprintf (buf.c:263)
	==18462==    by 0x429488: qemuBuildControllerDevStr (qemu_command.c:1993)
	==18462==    by 0x42C4B6: qemuBuildCommandLine (qemu_command.c:3803)
	==18462==    by 0x41A604: testCompareXMLToArgvHelper (qemuxml2argvtest.c:124)
	==18462==    by 0x41BB81: virtTestRun (testutils.c:141)
	==18462==    by 0x416DFF: mymain (qemuxml2argvtest.c:369)
	==18462==    by 0x41B277: virtTestMain (testutils.c:696)
	==18462==
	==18462== LEAK SUMMARY:
	==18462==    definitely lost: 1,100 bytes in 1 blocks
	==18462==    indirectly lost: 0 bytes in 0 blocks

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clean up on success.

2011-10-28  Eric Blake  <eblake@redhat.com>

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  The fix in 2c27dfa didn't catch all bad
	instances of memcpy().  Thankfully, on further analysis, all of
	the problematic uses are only triggered by old qemu that lacks
	-device.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachPciDiskDevice)
	(qemuDomainAttachNetDevice, qemuDomainAttachHostPciDevice): Init
	all fields since monitor only populates some of them.

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	util: Fix virUUIDGeneratePseudoRandomBytes
	It forgets to move a pointer to a buffer for UUID and as a result
	fills only the first byte of the buffer.

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Implement RPC driver support for virDomainOpenGraphics
	Since it needs to access file descriptors passed in the msg,
	the RPC driver for virDomainOpenGraphics needs to be manually
	implemented.

	* daemon/remote.c: RPC server dispatcher
	* src/remote/remote_driver.c: RPC client dispatcher
	* src/remote/remote_protocol.x: Define protocol

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Extend RPC server to allow FD passing
	The RPC server classes are extended to allow FDs to be received
	from clients with calls. There is not currently any way for a
	procedure to pass FDs back to the client with replies

	* daemon/remote.c, src/rpc/gendispatch.pl: Change virNetMessageHeaderPtr
	  param to virNetMessagePtr in dispatcher impls
	* src/rpc/virnetserver.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c, src/rpc/virnetserverprogram.h:
	  Extend to support FD passing

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Add client side support for FD passing
	Extend the RPC client code to allow file descriptors to be sent
	to the server with calls, and received back with replies.

	* src/remote/remote_driver.c: Stub extra args
	* src/libvirt_private.syms, src/rpc/virnetclient.c,
	  src/rpc/virnetclient.h, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientprogram.h: Extend APIs to allow
	  FD passing

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Extend RPC protocol to allow FD passing
	Define two new RPC message types VIR_NET_CALL_WITH_FDS and
	VIR_NET_REPLY_WITH_FDS. These message types are equivalent
	to VIR_NET_CALL and VIR_NET_REPLY, except that between the
	message header, and payload there is a 32-bit integer field
	specifying how many file descriptors have been passed.

	The actual file descriptors are sent/recv'd out of band.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h,
	  src/libvirt_private.syms: Add support for handling
	  passed file descriptors
	* src/rpc/virnetprotocol.x: Extend protocol for FD
	  passing

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for virNetSocket for sending/receiving file descriptors
	Add APIs to the virNetSocket object, to allow file descriptors
	to be sent/received over UNIX domain socket connections

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h,
	  src/libvirt_private.syms: Add APIs for FD send/recv

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Wire up QEMU implementation for virDomainOpenGraphics
	The QEMU monitor command 'add_client' can be used to connect to
	a VNC or SPICE graphics display. This allows for implementation
	of the virDomainOpenGraphics API

	* src/qemu/qemu_driver.c: Implement virDomainOpenGraphics
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add binding for 'add_client' command

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Extend graphics event to include UNIX socket
	Not all VNC/SPICE servers use a TCP socket for their connections.
	It is possible to configure a UNIX socket server. The graphics
	event must thus include a UNIX socket address type.

	* include/libvirt/libvirt.h.in: Add UNIX socket address type
	  for graphics event
	* src/qemu/qemu_monitor_json.c: Add 'unix' string to address
	  type enum

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Introduce the virDomainOpenGraphics API
	The virDomainOpenGraphics API allows a libvirt client to pass in
	a file descriptor for an open socket pair, and get it connected
	to the graphics display of the guest. This is limited to working
	with local libvirt hypervisors connected over a UNIX domain
	socket, since it will use UNIX FD passing

	* include/libvirt/libvirt.h.in: Define virDomainOpenGraphics
	* src/driver.h: Define driver for virDomainOpenGraphics
	* src/libvirt_public.syms, src/libvirt.c: Entry point for
	  virDomainOpenGraphics
	* src/libvirt_internal.h: VIR_DRV_FEATURE_FD_PASSING

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove trailing whitespace from all xfig files
	The 5th line of every xfig file has 'Letter   ' which
	annoys GITs trailing-whitespace commit hook. Hand edit
	the files to remove that trailing whitespace

	* docs/*.fig: Remove trailing whitespace

2011-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation about migration.
	This adds a page documenting many aspects of migration:

	 - The types of migration (managed direct, p2p, unmanaged direct)
	 - Data transports (native, tunnelled)
	 - Migration URIs
	 - Config file handling
	 - Example scenarios

	* libvirt.css: Rules for data tables and diagrams
	* Makefile.am: Include extra png/fig files
	* migration-managed-direct.fig, migration-managed-direct.png,
	  migration-managed-direct.png, migration-managed-p2p.png,
	  migration-native.fig, migration-native.png,
	  migration-tunnel.fig, migration-tunnel.png,
	  migration-unmanaged-direct.fig, migration-unmanaged-direct.png:
	  Diagrams of migration
	* migration.html.in, sitemap.html.in: New migration doc

2011-10-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix error message on vol-create-from failure
	If vol-create-from is failed due to 'input volume not found',
	virsh outputs like this:
	  $ sudo virsh vol-create-from testpool test-vol.xml test.img
	  error: failed to get vol 'test.img', specifying --pool might help
	  error: Storage volume not found: no storage vol with matching path
	However, '--pool' is incorrect because it is already specified as
	second argument ('testpool' in this case). It should be "--inputpool".

	The patch fixes this by using pooloptname, which will be "inputpool"
	in this case and "pool" in other cases, as error message.

2011-10-28  Tyler Coumbes  <coumbes@gmail.com>

	bridge: modify for use when sVirt is enabled with qemu
	This refactors the TAP creation code out of brAddTap into a new
	function brCreateTap to allow it to be used on its own. I have also
	changed ifSetInterfaceMac to brSetInterfaceMac and exported it since
	it is will be needed by code outside of util/bridge.c in the next
	patch.

	 AUTHORS                 |    1 +
	 src/libvirt_bridge.syms |    2 +
	 src/util/bridge.c       |  116 +++++++++++++++++++++++++++++++----------------
	 src/util/bridge.h       |    9 ++++
	 4 files changed, 89 insertions(+), 39 deletions(-)

2011-10-27  Jiri Denemark  <jdenemar@redhat.com>

	Use virXMLSaveFile when writing XML config

	Introduce virXMLSaveFile as a wrapper for virFileRewrite
	Every time we write XML into a file we call virEmitXMLWarning to write a
	warning that the file is automatically generated. virXMLSaveFile
	simplifies this into a single step and makes rewriting existing XML file
	safe by using virFileRewrite internally.

	Introduce virFileRewrite for safe file rewrite
	When saving config files we just overwrite old content of the file. In
	case something fails during that process (e.g. disk gets full) we lose
	both old and new content. This patch makes the process more robust by
	writing the new content into a separate file and only if that succeeds
	the original file is atomically replaced with the new one.

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add a systemtap script for watching QEMU monitor interactions
	This change adds some systemtap/dtrace probes to the QEMU monitor
	client code. In particular it allows watching of all operations
	for a VM

	* examples/systemtap/qemu-monitor.stp: Watch all monitor commands
	* src/Makefile.am: Passing libdir/bindir/sbindir to dtrace2systemtap.pl
	* src/dtrace2systemtap.pl: Accept libdir/bindir/sbindir as args
	  and look for '# binary:' comment to mark probes against libvirtd
	  vs libvirt.so
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor_json.c,
	  src/qemu/qemu_monitor_text.c: Add probes for key functions

2011-10-27  Peter Krempa  <pkrempa@redhat.com>

	lxc: Revert zeroing count of allocated items if VIR_REALLOC_N fails
	Previous commit clears number of items alocated in lxcSetupLoopDevices
	if VIR_REALLOC_N fails. In that case, the pointer is not NULL, and
	causes leaking FDs that have been allocated.

	 *  src/lxc/lxc_controller.c: revert zeroing array size

2011-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in virFileAccessibleAs
	* src/util/util.c: s/git_t/gid_t/ in parameter list of virFileAccessibleAs

2011-10-27  Alex Jia  <ajia@redhat.com>

	lxc: avoid null deref on lxcSetupLoopDevices failure
	If the function lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) failed,
	the variable loopDevs will keep a initial NULL value, however, the
	function VIR_FORCE_CLOSE(loopDevs[i]) will directly deref it.

	This patch also fixes returning a bogous number of devices from
	lxcSetupLoopDevices on an error path.

	* rc/lxc/lxc_controller.c: fixed a null pointer dereference.

2011-10-27  Alex Jia  <ajia@redhat.com>

	lxc: avoid missing '{' in the function
	Cppcheck detected a syntaxError on lxcDomainInterfaceStats.

	* src/lxc/lxc_driver.c: fixed missing '{' in the function lxcDomainInterfaceStats.

2011-10-26  Eric Blake  <eblake@redhat.com>

	qemu: simplify use of HAVE_YAJL
	Rather than making all clients of monitor commands that are JSON-only
	check whether yajl support was compiled in, it is simpler to just
	avoid setting the capability bit up front if we can't use the capability.

	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Only set
	capability bit if we also have yajl library to use it.
	* src/qemu/qemu_driver.c (qemuDomainReboot): Drop #ifdefs.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* tests/qemuhelptest.c (testHelpStrParsing): Pass test even
	without yajl.
	* tests/qemuxml2argvtest.c (mymain): Simplify use of json flag.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-error-*.args:
	Update expected results to match.

2011-10-26  Eric Blake  <eblake@redhat.com>

	snapshot: minor cleanups from reviewing indentation
	Break some long lines, and use more efficient functions when possible,
	such as relying on virBufferEscapeString to skip output on a NULL arg.
	Ensure that output does not embed newlines, since auto-indent won't
	work in those situations.

	* src/conf/domain_conf.c (virDomainTimerDefFormat): Break output lines.
	(virDomainDefFormatInternal, virDomainDiskDefFormat)
	(virDomainActualNetDefFormat, virDomainNetDefFormat)
	(virDomainHostdevDefFormat): Minor cleanups.

2011-10-26  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of disk encryption xml
	Use auto-indent in more places.

	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Drop parameter.
	* src/conf/storage_encryption_conf.c (virStorageEncryptionFormat)
	(virStorageEncryptionSecretFormat): Simplify with auto-indent.
	* src/conf/domain_conf.c (virDomainDiskDefFormat): Adjust caller.
	* src/conf/storage_conf.c (virStorageVolTargetDefFormat): Likewise.

2011-10-26  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of nwfilter
	Fixing this involved some refactoring of common code out of
	domain_conf and nwfilter_conf into nwfilter_params.

	* src/conf/nwfilter_params.h (virNWFilterFormatParamAttributes):
	Adjust signature.
	* src/conf/nwfilter_params.c (_formatParameterAttrs)
	(virNWFilterFormatParamAttributes): Adjust indentation handling,
	and handle filterref here.
	(formatterParam): Delete unused struct.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Adjust caller.
	* src/conf/nwfilter_conf.c (virNWFilterIncludeDefFormat): Likewise.

2011-10-26  Eric Blake  <eblake@redhat.com>

	storage: avoid null deref on qemu-img failure
	Detected by Coverity.  Only possible if qemu-img gives bogus output,
	but we might as well be robust.

	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.

2011-10-26  Eric Blake  <eblake@redhat.com>

	build: avoid RHEL 5 build failure on LXC
	Per the discussion here, LXC on RHEL 5 makes no sense.
	https://www.redhat.com/archives/libvir-list/2011-September/msg01169.html

	* configure.ac (with_lxc): Reject RHEL 5.x LXC as too old.

2011-10-25  Eric Blake  <eblake@redhat.com>

	build: use gnulib fdatasync
	Commit 1726a73 hacked around MacOS' lack of fdatasync, since
	gnulib did not have it at the time.  But now that we use newer
	gnulib, we can avoid the hack.

	* bootstrap.conf (gnulib_modules): Add fdatasync.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop our own check.

2011-10-25  Daniel P. Berrange  <berrange@redhat.com>

	Add REMOTE_PROC_DOMAIN_EVENT_DISK_CHANGE to remote_protocol-structs
	* src/remote_protocol-structs: Add new event

2011-10-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema to support new targets
	Extend the nwfilter schema to support the continue and return targets.

2011-10-25  Michal Privoznik  <mprivozn@redhat.com>

	util: Add virFileAccessibleAs to private symbols
	Commit 458b7099b2e791b58f1286002974927d3e8bcc80 introduced this
	function. However it was not added into libvirt_private.syms so
	the compilation may not succeed on some hosts.

	startupPolicy: Emit event on disk source dropping
	If a disk source gets dropped because it is not accessible,
	mgmt application might want to be informed about this. Therefore
	we need to emit an event. The event presented in this patch
	is however a bit superset of what written above. The reason is simple:
	an intention to be easily expanded, e.g. on 'user ejected disk
	in guest' events. Therefore, callback gets source string and disk alias
	(which should be unique among a domain) and reason (an integer);

	qemu: implement startupPolicy
	This patch implements on_missing feature in qemu driver.
	Upon qemu startup process an accessibility of CDROMs
	and floppy disks is checked. The source might get dropped
	if unavailable and on_missing is set accordingly.
	No event is emit thought. Look for follow up patch.

	qemu: Move device alias assigning before command line construction
	This patch is rather cosmetic as it only moves device alias
	assignation from command line construction just before that.
	However, it is needed in connotation of previous and next patch.

	util: Create virFileAccessibleAs function
	This function checks if a given path is accessible under
	given uid and gid.

2011-10-25  Michal Privoznik  <mprivozn@redhat.com>

	conf: Introduce optional startupPolicy attribute for cdrom and floppy
	This attribute says what to do with cdrom (or floppy) if
	the source is missing. It accepts:
	- mandatory - fail if missing for any reason (the default)
	- requisite - fail if missing on boot up, drop if missing on
	              migrate/restore/revert
	- optional  - drop if missing at any start attempt.

	However, this patch introduces only XML part of this new
	functionality.

2011-10-25  Eric Blake  <eblake@redhat.com>

	storage: make previous leak less likely to regress
	Splitting into two functions allows the user to call the right
	function, rather than having to remember that a *Free function is
	an exception to the rule.

	* src/conf/storage_conf.h (virStoragePoolSourceClear): New function.
	* src/libvirt_private.syms (storage_conf.h): Export it.
	* src/conf/storage_conf.c (virStoragePoolSourceFree): Split...
	(virStoragePoolSourceClear): ...into new function.
	(virStoragePoolDefFree, virStoragePoolDefParseSourceString):
	Update callers.
	* src/test/test_driver.c (testStorageFindPoolSources): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSourcesFunc)
	(virStorageBackendFileSystemNetFindPoolSources): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources): Likewise.

2011-10-25  Eric Blake  <eblake@redhat.com>

	storage: plug iscsi memory leak
	Detected by Coverity.  virStoragePoolSourceFree does not free the
	actual passed-in pointer.  A bigger patch would be to rename it
	virStoragePoolSourceClear to match behavior, or even split it into
	two functions depending on needed behavior; but this is the minimal
	fix to the one location out of eight that leaked memory.

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Free memory.

2011-10-24  Eric Blake  <eblake@redhat.com>

	waitpid: improve safety
	Based on a report by Coverity.  waitpid() can leak resources if it
	fails with EINTR, so it should never be used without checking return
	status.  But we already have a helper function that does that, so
	use it in more places.

	* src/lxc/lxc_container.c (lxcContainerAvailable): Use safer
	virWaitPid.
	* daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
	* tests/testutils.c (virtTestCaptureProgramOutput, virtTestMain):
	Likewise.
	* src/libvirt.c (virConnectAuthGainPolkit): Simplify with virCommand.

2011-10-24  Eric Blake  <eblake@redhat.com>

	qemu: avoid leaking uninit data from hotplug to dumpxml
	Detected by Coverity.  Both text and JSON monitors set only the
	bus and unit fields, which means driveAddr.controller spends
	life as garbage on the stack, and is then memcpy()'d into the
	in-memory representation which the user can see via dumpxml.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachSCSIDisk): Only copy
	defined fields.

2011-10-24  Ryota Ozaki  <ozaki.ryota@gmail.com>

	virsh: Fix vol-info's 'Type' output
	We have a new vol type "dir" in addition to "file" and "block", but
	virsh doesn't know it. Fix it.

	Additionally, the patch lets virsh output "unknown" if not matched
	any of them.

2011-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	docs: Document filesystem type='block' for LXC
	Commit 77791dc0e allows LXC to use a host block device as a guest
	filesystem, but it isn't documented yet.

2011-10-21  David L Stevens  <dlstevens@us.ibm.com>

	support continue/return targets in nwfilter
		This patch adds support for "continue" and "return" actions
	in filter rules.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of network xml
	More simplifications possible due to auto-indent.  Also,
	<bandwidth> within <actual> was only using 6 instead of 8 spaces.

	* src/util/network.h (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter signature.
	* src/util/network.c (virVirtualPortProfileFormat)
	(virBandwidthDefFormat): Alter indentation.
	(virBandwidthChildDefFormat): Tweak to make use easier.
	* src/conf/network_conf.c (virPortGroupDefFormat)
	(virNetworkDefFormat): Adjust callers.
	* src/conf/domain_conf.c (virDomainNetDefFormat): Likewise.
	(virDomainActualNetDefFormat): Likewise, and fix bandwidth
	indentation.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of cpu features
	Auto-indent makes life a bit easier; this patch also drops unused
	arguments and replaces a misspelled flag name with two entry points
	instead, so that callers don't have to worry about how much spacing
	is present when embedding cpu elements.

	* src/conf/cpu_conf.h (virCPUFormatFlags): Delete.
	(virCPUDefFormat): Drop unused argument.
	(virCPUDefFormatBuf): Alter signature.
	(virCPUDefFormatBufFull): New prototype.
	* src/conf/cpu_conf.c (virCPUDefFormatBuf): Split...
	(virCPUDefFormatBufFull): ...into new function.
	(virCPUDefFormat): Adjust caller.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Likewise.
	* src/cpu/cpu.c (cpuBaselineXML): Likewise.
	* tests/cputest.c (cpuTestCompareXML): Likewise.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: simplify indentation of sysinfo
	The improvements to virBuffer, along with a paradigm shift to pass
	the original buffer through rather than creating a second buffer,
	allow us to shave off quite a few lines of code.

	* src/util/sysinfo.h (virSysinfoFormat): Alter signature.
	* src/util/sysinfo.c (virSysinfoFormat, virSysinfoBIOSFormat)
	(virSysinfoSystemFormat, virSysinfoProcessorFormat)
	(virSysinfoMemoryFormat): Change indentation parameter.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Adjust
	caller.
	* src/qemu/qemu_driver.c (qemuGetSysinfo): Likewise.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: test domainsnapshot indentation
	Add a test for the simple parts of my indentation changes, and
	fix the fallout.

	* tests/domainsnapshotxml2xmltest.c: New test.
	* tests/Makefile.am (domainsnapshotxml2xmltest_SOURCES): Build it.
	* src/conf/domain_conf.c (virDomainSnapshotDefFormat): Avoid NULL
	deref, match documented order.
	* src/conf/domain_conf.h (virDomainSnapshotDefFormat): Add const.
	* tests/domainsnapshotxml2xmlout/all_parameters.xml: Tweak output.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Likewise.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: Likewise.
	* .gitignore: Exempt new binary.

2011-10-21  Eric Blake  <eblake@redhat.com>

	snapshot: indent domain xml when nesting
	<domainsnapshot> is the first public instance of <domain> being
	used as a sub-element, although we have two other private uses
	(runtime state, and migration cookie).  Although indentation has
	no effect on XML parsing, using it makes the output more consistent.

	This uses virBuffer auto-indentation to obtain the effect, for all
	but the portions of <domain> that are not generated a line at a
	time into the same virBuffer.  Further patches will clean up the
	remaining problems.

	* src/conf/domain_conf.h (virDomainDefFormatInternal): New prototype.
	* src/conf/domain_conf.c (virDomainDefFormatInternal): Export.
	(virDomainObjFormat, virDomainSnapshotDefFormat): Update callers.
	* src/libvirt_private.syms (domain_conf.h): Add new export.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLFormat): Use
	new function.
	(qemuMigrationCookieXMLFormatStr): Update caller.

2011-10-21  Eric Blake  <eblake@redhat.com>

	virbuf: add auto-indentation support
	Rather than having to adjust all callers in a chain to deal with
	indentation, it is nicer to have virBuffer do auto-indentation.

	* src/util/buf.h (_virBuffer): Increase size.
	(virBufferAdjustIndent, virBufferGetIndent): New prototypes.
	* src/libvirt_private.syms (buf.h): Export new functions.
	* src/util/buf.c (virBufferAdjustIndent, virBufferGetIndent): New
	functions.
	(virBufferSetError, virBufferAdd, virBufferAddChar)
	(virBufferVasprintf, virBufferStrcat, virBufferURIEncodeString):
	Implement auto-indentation.
	* tests/virbuftest.c (testBufAutoIndent): Test it.
	(testBufInfiniteLoop): Don't rely on internals.
	Idea by Daniel P. Berrange.

2011-10-21  Eric Blake  <eblake@redhat.com>

	virbuf: more detailed error reporting
	The next patch wants to add some sanity checking, which would
	be a different error than ENOMEM.  Many existing callers blindly
	report OOM failure if virBuf reports an error, and this will be
	wrong in the (unlikely) case that they actually had a usage error
	instead; but since the most common error really is ENOMEM, I'm
	not going to fix all callers.  Meanwhile, new discriminating
	callers can react differently depending on what failure happened.

	* src/util/buf.c (virBufferSetError): Add parameter.
	(virBufferGrow, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscapeShell): Adjust callers.

2011-10-21  Eric Blake  <eblake@redhat.com>

	virbuf: improve testsuite reporting
	I had some temporary test failures while working on virbuf
	improvements in later patches, with output that looked like:

	Expected [<]
	Actual [  <]

	which is pretty hard to figure out.  Adding an Offset designation
	made it much easier to find which particular '<' was at the
	wrong indentation, to fix the right part of the code.

	* tests/testutils.c (virtTestDifference): Make it easier to
	diagnose test failures.

2011-10-21  Eric Blake  <eblake@redhat.com>

	virbuf: fix const-correctness
	Although the compiler wasn't complaining (since it was the pointer,
	rather than what was being pointed to, that was actually const), it
	looks quite suspicious to call a function with an argument labeled
	const when the nature of the pointer (virBufferPtr) is hidden behind
	a typedef.  Dropping const makes the function declarations easier
	to read.

	* src/util/buf.h: Drop const from all functions that modify buffer
	argument.
	* src/util/buf.c (virBufferSetError, virBufferAdd)
	(virBufferContentAndReset, virBufferFreeAndReset)
	(virBufferAsprintf, virBufferVasprintf, virBufferEscapeString)
	(virBufferEscapeSexpr, virBufferEscape): Fix fallout.

2011-10-20  Laine Stump  <laine@laine.org>

	docs: fix incorrect info about routed networks
	In a recent expansion of the documentation on network forward modes, I
	incorrectly stated that incoming sessions to guests on routed networks
	were blocked. This is true for guests on NATed networks, but not
	routed. This patch corrects that error, and adds a pointer to the
	nwfilter page for those who do want to restrict incoming sessions to
	hosts on routed networks.

2011-10-20  tangchen  <tangchen@cn.fujitsu.com>

	qemu: allow json in domxml-to-native
	There is a little difference between the output of domxml-to-native and the actual commandline.
	No matter qemu is in control or readline mode, domxml-to-native always converts it to readline mode.

	That is because the parameter "monitor_json" for qemuBuildCommandLine() is always set to false
	in qemuDomainXMLToNative().

2011-10-20  Eric Blake  <eblake@redhat.com>

	docs: document managed=yes of hostdev passthrough
	Clarify some of the effects of managed passthrough <hostdev> devices;
	with recent changes (commit d093547), a nodedev-reattach is only needed
	to pair up to an explicit nodedev-dettach (but beware that older
	virt-manager has a bug where it uses explicit nodedev-dettach under the
	hood when using the gui to hotplug a hostdev device).

	* docs/formatdomain.html.in: Mention reattach.
	* tools/virsh.pod (nodedev): Mention managed mode.

2011-10-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileOpenTty definition on Win32
	Stub out a complete impl of virFileOpenTty to avoid unused
	parameter warnings

	* src/util/util.c: Fix virFileOpenTty on Win32

2011-10-20  Hu Tao  <hutao@cn.fujitsu.com>

	support setting bandwidth from virsh attach-interface
	Adds two options, inbound and outbound, to attach-interface to set
	bandwidth when attaching interfaces

2011-10-19  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lxc: use hand-rolled code in place of unlockpt and grantpt
	The glibc ones (intentionally) cannot handle ptys opened in a
	devpts not mounted at /dev/pts.

	Drop the (un-exported, unused) virFileOpenTtyAt.

2011-10-19  Eric Blake  <eblake@redhat.com>

	build: ignore test executable
	* .gitignore: Add exemption.

2011-10-19  Philipp Hahn  <hahn@univention.de>

	qemu: Test name-space handling
	Add test cases for parsing the qemu-name-space.
	This is based on qemuxml2argv{test,data/}, but can not reside in
	qemuxml2argv{test,data/} because ...

	1. qemuxmlns-qemu-ns-domain.xml is not schema-valid and breaks
	domainschematest. The test is still important to detect xmlns:qemu
	bindings to a name-space other than
	http://libvirt.org/schemas/domain/qemu/1.0

	2. they break qemuxml2xml, because the xmlns:qemu binding is moved to
	the top-level <domain> element when converting from argv to xml.

2011-10-19  Philipp Hahn  <hahn@univention.de>

	qemu: Fix name-space handling
	The XML parser for the qemu specific extensions expects the qemu name-space
	to be bound to the 'qemu' prefix. This is too strict, since the name of the
	name-space-prefix is only meant as an internal lookup key. Only the associated
	URI is relevant.
	<domain>...
	  <qemu:commandline xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  ...</qemu:commandline>
	</domain>

	<domain xmlns:ns0="http://libvirt.org/schemas/domain/qemu/1.0">...
	  <ns0:commandline>
	  ...</ns0:commandline>
	</domain>

	<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
	  <qemu:commandline xmlns:qemu="urn:foo">
	  ...</qemu:commandline>
	</domain>

	Remove the test for checking the name-space binding on the top-level <domain>
	element. Registering the name-space with XPath is enough.

2011-10-19  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: fix undefined reference to gnutls_x509_crt_get_dn with gcc-4.6.1
	When I compile libvirt with gcc-4.6.1 in ubuntu 11.10, got error as below:

	  CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_migration.o): undefined reference to symbol 'gnutls_x509_crt_get_dn@@GNUTLS_1_4'
	/usr/bin/ld: note: 'gnutls_x509_crt_get_dn@@GNUTLS_1_4' is defined in DSO /usr/lib/x86_64-linux-gnu/libgnutls.so so try adding it to the linker command line
	/usr/lib/x86_64-linux-gnu/libgnutls.so: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status
	make[3]: *** [libvirtd] Error 1

	It can compile with gcc-4.5.2 in ubuntu 11.04, but it can not compile with gcc-4.6.1 in ubuntu 11.10.

	I didn't find reason. Does Anyone know the reason or the different between gcc-4.5.2 and gcc-4.6.1?

	I still provide a patch for this. Just make it is working now.

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Replace virBufferAdd with virBufferAddLit for const string
	The statement

	        virBufferAdd(buf, "''", 2);

	triggers a syntax-check warning

	* src/util/buf.c: Replace virBufferAdd with virBufferAddLit

2011-10-19  Philipp Hahn  <hahn@univention.de>

	documentation: trivial spelling fix

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Allow for URI aliases when connecting to libvirt
	This adds support for a libvirt client configuration file
	either /etc/libvirt/libvirt.conf for privileged clients,
	or $HOME/.libvirt/libvirt.conf for unprivileged clients.

	It allows one parameter

	 uri_aliases = [
	   "hail=qemu+ssh://root@hail.cloud.example.com/system",
	   "sleet=qemu+ssh://root@sleet.cloud.example.com/system",
	 ]

	Any call to virConnectOpen with a non-NULL URI will first
	attempt to match against the uri_aliases list. An application
	can disable this by using VIR_CONNECT_NO_ALIASES

	* docs/uri.html.in: Document URI aliases
	* include/libvirt/libvirt.h.in: Add VIR_CONNECT_NO_ALIASES
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add /etc/libvirt/libvirt.conf
	* src/Makefile.am: Install default config file
	* src/libvirt.c: Add support for URI aliases
	* src/remote/remote_driver.c: Don't try to handle URIs
	  with no scheme and which clearly are not paths
	* src/util/conf.c: Don't raise error on virConfFree(NULL)
	* src/xen/xen_driver.c: Don't raise error on URIs
	  with no scheme

2011-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Add support for autodestroy of guests to the LXC and UML drivers
	We recently added support for VIR_DOMAIN_START_AUTODESTROY and
	an impl to the QEMU driver. It is very desirable to support in
	other drivers, so this adds it to LXC and UML

	* src/lxc/lxc_conf.h, src/lxc/lxc_driver.c,
	  src/uml/uml_conf.h, src/uml/uml_driver.c: Wire up autodestroy
	  functions

2011-10-19  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in cmdEcho

	qemu: replace qemuMonitorEscapeShell by virBufferEscapeShell

	virBufferEscapeShell: Emit quotes for the empty string
	Make the empty string return '' to match cmdEcho's behavior.

2011-10-19  Eric Blake  <eblake@redhat.com>

	snapshot: detect when qemu lacks disk-snapshot support
	Noticed when testing new libvirt against old qemu that lacked the
	snapshot_blkdev HMP command.  Libvirt was mistakenly treating the
	command as successful, and re-writing the domain XML to use the
	just-created 0-byte file, rendering the domain broken on restart.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDiskSnapshot):
	Notice another possible error message.
	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Don't keep 0-byte file
	on failure.

2011-10-18  Guido Günther  <agx@sigxcpu.org>

	virBufferEscapeShell: Fix escaping of single quotes.
	When checking if we need to escape a single quote we were looking at the
	character after the quote instead of at the quote itself.

2011-10-18  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	compile: Add a missing function 'pciDeviceListFind' to libvirt_private.syms
	compile error:
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuPrepareHostdevPCIDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:183: undefined reference to `pciDeviceListFind'
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:230: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuGetActivePciHostDeviceList':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:102: undefined reference to `pciDeviceListFind'
	./src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_hostdev.o): In function `qemuDomainReAttachHostdevDevices':
	/home/soulxu/data/work-code/libvirt/src/qemu/qemu_hostdev.c:370: undefined reference to `pciDeviceListFind'

2011-10-18  Osier Yang  <jyang@redhat.com>

	qemu: Do not wait if the PCI device is not managed when reattaching
	Waiting for qemu-kvm cleaning up the PCI bar(s) mapping with long time
	while the device is not managed is just waste of time.

2011-10-17  Jim Fehlig  <jfehlig@suse.com>

	Add AHCI support to qemu driver
	Tested with multiple AHCI controllers and multiple disks attached
	to a controller. E.g.,

	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk0.raw'/>
	      <target dev='sda' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='0'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk1.raw'/>
	      <target dev='sdb' bus='sata'/>
	      <address type='drive' controller='0' bus='0' unit='1'/>
	    </disk>
	    <disk type='file' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source file='/var/lib/libvirt/images/test/disk2.raw'/>
	      <target dev='sdc' bus='sata'/>
	      <address type='drive' controller='1' bus='0' unit='0'/>
	    </disk>
	    <controller type='sata' index='0'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
	    </controller>
	    <controller type='sata' index='1'>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
	    </controller>

2011-10-17  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in esx
	Relatively straight-forward filtering.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow leaf filtering.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames, esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): Pass new flag through.

2011-10-17  Philipp Hahn  <hahn@univention.de>

	Fix virt-sanlock-cleanup documentation
	The referenced page does not exist, but locking.html has a section about
	sanlock.

2011-10-17  Jiri Denemark  <jdenemar@redhat.com>

	Fix VPATH build
	probes.h is generated in build directory; setting a dependency on
	probes.h from source directory doesn't work well in VPATH builds. Caused
	by commit 1afcfbdda0cac112faa61f74ec943e46aa43f2f5

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.0]
	The patch that fixes SIGTERM handling with -no-shutdown was taken into
	0.15.1 stable release of qemu.

2011-10-17  Philipp Hahn  <hahn@univention.de>

	Fix two comments related to error handling

2011-10-15  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix 'make dist' error
	When I run 'make dist', I receive the following error messages:
	make[1]: Entering directory `/home/wency/source/libvirt/src'
	  GEN    remote/remote_protocol.h
	  GEN    remote/remote_protocol.c
	  GEN    remote/qemu_protocol.h
	  GEN    remote/qemu_protocol.c
	  GEN    remote/qemu_client_bodies.h
	  CC     libvirt_driver_remote_la-remote_protocol.lo
	In file included from ./remote/remote_protocol.h:16,
	                 from ./remote/remote_protocol.c:7:
	/internal.h:249:23: error: probes.h: No such file or directory
	make[1]: *** [libvirt_driver_remote_la-remote_protocol.lo] Error 1
	make[1]: Leaving directory `/home/wency/source/libvirt/src'
	make: *** [distdir] Error 1

	The reason is that we use probes.h before generating it.

2011-10-15  Roopa Prabhu  <roprabhu@cisco.com>

	Add missing strdup return value check
	Check strdup return value and fail if error

2011-10-14  Osier Yang  <jyang@redhat.com>

	qemu: Honor the orginal PCI dev properties when reattaching
	BZ# https://bugzilla.redhat.com/show_bug.cgi?id=736214

	The problem is caused by the original info of domain's PCI dev is
	maintained by qemu_driver->activePciHostdevs list, (E.g. dev->reprobe,
	which stands for whether need to reprobe driver for the dev when do
	reattachment). The fields (dev->reprobe, dev->unbind_from_stub, and
	dev->remove_slot) are initialized properly when preparing the PCI
	device for managed attachment. However, when do reattachment, it
	construct a complete new "pciDevice" without honoring the original
	dev info, and thus the dev won't get the original driver or can get
	other problem.

	This patch is to fix the problem by get the devs from list
	driver->activePciHostdevs.

	Tested with following 3 scenarios:
	  * the PCI was bound to some driver not pci-stub before attaching

	    result: the device will be bound to the original driver

	  * the PCI was bound to pci-stub before attaching

	    result: no driver reprobing, and still bound to pci-stub

	  * The PCI was not bound to any driver

	    result: no driver reprobing, and still not bound to any driver.

2011-10-14  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: avoid invalid free
	Commit 0472f39 plugged a leak, but introduced another bug:

	Actually looks like physfndev is conditionally allocated in getPhysfnDev
	Its better to modify getPhysfnDev to allocate physfndev every time.

2011-10-14  Laine Stump  <laine@laine.org>

	docs: fix network XML documentation
	A few people have attempted to use the new forwarding modes with older
	versions of libvirt. The docs where the modes are described have
	always stated the minimum required libvirt version, but the examples
	at the end didn't, which I believe is what has caused the confusion.

	Similarly, the section on portgroups now has a version tag added at
	the beginning.

	I also noticed that there was no example of defining a <dns> hostname,
	so I added one, as well as making the domain name example more
	recognizable (by adding ".com" to the domain).

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	Clarify semantics of virDomainMigrate2
	Explicitly disallow conflicts between domain name from dxml and dname.

2011-10-14  Osier Yang  <jyang@redhat.com>

	qemu: Do not reattach PCI device used by other domain when shutdown
	When failing on starting a domain, it tries to reattach all the PCI
	devices defined in the domain conf, regardless of whether the devices
	are still used by other domain. This will cause the devices to be deleted
	from the list qemu_driver->activePciHostdevs, thus the devices will be
	thought as usable even if it's not true. And following commands
	nodedev-{reattach,reset} will be successful.

	How to reproduce:
	  1) Define two domains with same PCI device defined in the confs.
	  2) # virsh start domain1
	  3) # virsh start domain2
	  4) # virsh nodedev-reattach $pci_device

	You will see the device will be reattached to host successfully.
	As pciDeviceReattach just check if the device is still used by
	other domain via checking if the device is in list driver->activePciHostdevs,
	however, the device is deleted from the list by step 2).

	This patch is to prohibit the bug by:
	  1) Prohibit a domain starting or device attachment right at
	     preparation period (qemuPrepareHostdevPCIDevices) if the
	     device is in list driver->activePciHostdevs, which means
	     it's used by other domain.

	  2) Introduces a new field for struct _pciDevice, (const char *used_by),
	     it will be set as the domain name at preparation period,
	     (qemuPrepareHostdevPCIDevices). Thus we can prohibit deleting
	     the device from driver->activePciHostdevs if it's still used by
	     other domain when stopping the domain process.

	* src/pci.h (define two internal functions, pciDeviceSetUsedBy and
	    pciDevceGetUsedBy)
	* src/pci.c (new field "const char *used_by" for struct _pciDevice,
	    implementations for the two new functions)
	* src/libvirt_private.syms (Add the two new internal functions)
	* src/qemu_hostdev.h (Modify the definition of functions
	    qemuPrepareHostdevPCIDevices, and qemuDomainReAttachHostdevDevices)
	* src/qemu_hostdev.c (Prohibit preparation and don't delete the
	    device from activePciHostdevs list if it's still used by other domain)
	* src/qemu_hotplug.c (Update function usage, as the definitions are
	    changed)

2011-10-14  Philipp Hahn  <hahn@univention.de>

	Xen: Fake versions in xencapstest
	virInitialize() → xenRegister() → xenhypervisorInit() determines the
	version of the Hypervisor. This breaks xencapstest when building as root
	on a dom0 system, since xenHypervisorBuildCapabilities() adds the "hap"
	and "viridian" features based on the detected version.

	Add an optional parameter to xenhypervisorInit() to disable automatic
	detection of the Hypervisor version. The passed in arguments are used
	instead.

2011-10-14  Philipp Hahn  <hahn@univention.de>

	Xen: move versions to struct
	Calling virInitialize() → xenRegister() → xenhypervisorInit() directly
	opens a connection to the Xen Hypervisor, which breaks some unit tests.

	Move all static variables into a struct to make it easier to override
	them when testing.

2011-10-14  Eric Blake  <eblake@redhat.com>

	esx: drop dead code to silence Coverity
	Coverity detected that the only way to get to the cleanup label
	is if objectSpec had been successfully allocated, so the null
	check was dead code.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Drop
	redundant null check.

2011-10-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix typo in virGetHostname description

2011-10-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix syntax problem in mingw32-libvirt.spec.in
	When defining macros, you can't put comments on the end of the
	line because they will get included in the macro definition

	* mingw32-libvirt.spec.in: Fix comment about hyperv

2011-10-14  Eric Blake  <eblake@redhat.com>

	macvtap: plug memory leak for 802.1Qbh
	Detected by Coverity.  Leak present since commit ca3b22b.

	* src/util/macvtap.c (doPortProfileOp8021Qbh): Release device name.

2011-10-14  Eric Blake  <eblake@redhat.com>

	qemu: plug memory leak on migration
	Detected by Coverity.  Leak introduced in commit 72de0d2.

	* src/qemu/qemu_migration.c (qemuMigrationCookieGraphicsXMLParse):
	Clean up on success.

2011-10-14  Eric Blake  <eblake@redhat.com>

	conf: plug memory leak on error
	Detected by Coverity.  Leak present since commit 874e65a; and
	while commit d50bb45 tried to fix the issue, it missed a path.

	* src/conf/domain_conf.c (virDomainDefParseBootXML): Always clean
	up useserial.

2011-10-13  Guido Günther  <agx@sigxcpu.org>

	Use virBufferEscapeShell in virNetSocketNewConnectSSH
	to escape the netcat command since it's passed to the shell. Adjust
	expected test case output accordingly.

	Add virBufferEscapeShell
	Escape strings so they're safe to pass to the shell. It's based on
	virsh's cmdEcho.

2011-10-13  Guido Günther  <agx@sigxcpu.org>

	Autodetect if the remote nc command supports the -q option
	Based on a patch by Marc Deslauriers <marc.deslauriers@ubuntu.com>

	RH: https://bugzilla.redhat.com/show_bug.cgi?id=562176
	Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517478
	Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573172

2011-10-13  Eric Blake  <eblake@redhat.com>

	storage: plug memory leak on error
	Detected by Coverity.  Present since commit 82c1740.

	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Fix leak.

2011-10-13  Jiri Denemark  <jdenemar@redhat.com>

	util: Make getaddrinfo failure nonfatal in virGetHostname
	Setting a hostname that cannot be resolved is not the best configuration
	but since virGetHostname only calls getaddrinfo to get host's canonical
	name and we do not fail if the returned canonical name is NULL or
	"localhost", there is no reason why we should fail if getaddrinfo itself
	fails.

	qemu: Make sure BeginJob is always followed by EndJob
	Otherwise we can end up with a dangling job that can only be cleared by
	restarting libvirtd.

	qemu: Log debug messages when changing job
	Log debug messages anytime we call *BeginJob* or *EndJob* so that it's
	easier to spot incorrect usage of domain job APIs.

2011-10-13  Eric Blake  <eblake@redhat.com>

	qemu: fix text block info parsing
	Detected by Coverity.  p (the pointer to the string) is always true;
	when in reality, we wanted to know whether the integer value of the
	just-parsed string is '0' or '1'.  Logic bug since commit b1b5b51.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetBlockInfo): Set
	results to proper value.

2011-10-13  Eric Blake  <eblake@redhat.com>

	qemu: avoid text monitor null deref
	Detected by Coverity.  If, for some reason, our text monitor input
	does not match our assumptions, we end up incrementing p while it
	is NULL, then dereferencing the pointer 0x1, which will fault.

	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
	deref of strchr failure.  Fix indentation.

2011-10-13  Eric Blake  <eblake@redhat.com>

	qemu: check for json allocation failure
	Detected by Coverity.  Introduced in commit b1b5b51.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo):
	Avoid null dereference.

2011-10-13  Eric Blake  <eblake@redhat.com>

	build: add compiler attributes to virUUIDParse
	Coverity complained that most, but not all, clients of virUUIDParse
	were checking for errors.  Silence those coverity warnings by
	explicitly marking the cases where we trust the input, and fixing
	one instance that really should have been checking.  In particular,
	this silences a rather large percentage of the warnings I saw on my
	most recent Coverity analysis run.

	* src/util/uuid.h (virUUIDParse): Enforce rules.
	* src/util/uuid.c (virUUIDParse): Drop impossible check; at least
	Coverity will detect if we break rules and pass NULL.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML)
	(xenapiDomainLookupByID, xenapiDomainLookupByName)
	(xenapiDomainDefineXML): Ignore return when we trust data source.
	* src/vbox/vbox_tmpl.c (nsIDtoChar, vboxIIDToUUID_v3_x)
	(vboxCallbackOnMachineStateChange)
	(vboxCallbackOnMachineRegistered, vboxStoragePoolLookupByName):
	Likewise.
	* src/node_device/node_device_hal.c (gather_system_cap): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxpr): Check for errors.

2011-10-13  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virFDStream: close also given errfd (fd leak)
	In virFDStreamOpenFileInternal(), a errfd pipe is opened by
	virCommandRunAsync() and given to virFDStreamOpenInternal().

	It seems virFDStream should close errfd, just like the other
	fd it is given.

	This fixes screenshots leaking FDs:
	http://bugzilla.redhat.com/show_bug.cgi?id=745761

2011-10-13  Eric Blake  <eblake@redhat.com>

	command: avoid fd leak on failure
	virCommandTransferFD promises that the fd is no longer owned by
	the caller.  Normally, we want the fd to remain open until the
	child runs, but in error situations, we must close it earlier.

	* src/util/command.c (virCommandTransferFD): Close fd now if we
	can't track it to close later.
	(virCommandKeepFD): Adjust helper to make this easier.

2011-10-13  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Fix typo in lxc_controller
	s/Mouting/Mounting.

2011-10-13  Eric Blake  <eblake@redhat.com>

	spec: mingw cleanups
	* libvirt.spec.in (%configure): Drop unused %{one} macro.
	* mingw32-libvirt.spec.in (%{rhel}): Compile ESX but not HyperV on
	mingw build for RHEL.
	(%build): Make configure honor spec conditionals.  Reorder to
	match libvirt.spec.
	* autobuild.sh (mingw): Update list to match.
	Suggested by Daniel P. Berrange.

2011-10-13  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	358 changes; most probably have no impact on libvirt, but we
	might as well stay current.

	* .gnulib: Update to latest.

2011-10-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for domain being active on successful job acquire
	As this is needed. Although some functions check for domain
	being active before obtaining job, we need to check it after,
	because obtaining job unlocks domain object, during which
	a state of domain can be changed.

2011-10-13  Michal Privoznik  <mprivozn@redhat.com>

	events: Propose a separate lock for event queue
	Currently, push & pop from event queue (both server & client side)
	rely on lock from higher levels, e.g. on driver lock (qemu),
	private_data (remote), ...; This alone is not sufficient as not
	every function that interacts with this queue can/does lock,
	esp. in client where we have a different approach, "passing
	the buck".

	Therefore we need a separate lock just to protect event queue.

	For more info see:
	https://bugzilla.redhat.com/show_bug.cgi?id=743817

2011-10-13  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Implement VIR_DUMP_RESET
	This patch extends qemudDomainCoreDump so it supports new VIR_DUMP_RESET
	flag. If this flag is set, domain is reset on successful dump. However,
	this is needed to be done after we start CPUs.

	virDomainCoreDump: Introduce VIR_DUMP_RESET flag
	This flag is intended to allow user to do so called system reset
	after dump, instead of sending ACPI reboot event.

2011-10-13  Philipp Hahn  <hahn@univention.de>

	example: Support debug output and loop switch
	Add support for enabling debug output via command line option.
	Allow to toggle the loop implementation between pure-Python and
	native-C.

	example: Redirect --help output to stdout/stderr
	When --help is requested, print usage() to stdout.
	When an illegal option is passed, print usage to stderr.

	example: Fix argument handling
	sys.argv contains the original command line arguments, while args only
	contains the arguments not handled by getopt(). Currently this is no
	problem since --help is the only command line option passable, which
	terminates the process, so the code is never reached. Any option added
	in the future will reveal the bug.

2011-10-13  Eric Blake  <eblake@redhat.com>

	snapshot: implement LIST_LEAVES flag in qemu
	With the recent refactoring of qemu snapshot relationships, it
	is now trivial to filter on leaves.

	* src/conf/domain_conf.c (virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListCopyNames): Handle new flag.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotListNames)
	(qemuDomainSnapshotNum, qemuDomainSnapshotListChildrenNames)
	(qemuDomainSnapshotNumChildren): Pass new flag through.

2011-10-13  Eric Blake  <eblake@redhat.com>

	snapshot: add API for filtering by leaves
	Counterpart to --roots.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_LEAVES):
	New flag.
	* src/libvirt.c (virDomainSnapshotNum, virDomainSnapshotListNames)
	(virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): Document it.
	* tools/virsh.c (cmdSnapshotList): Expose it.
	* tools/virsh.pod (snapshot-list): Document --leaves.

2011-10-12  Philipp Hahn  <hahn@univention.de>

	xen: Return tap2 for tap2 disks
	For some versions of Xen the difference between "tap" and "tap2" is
	important. When converting back from xen-sxpr to libvirt-xml, that
	information is lost, which breaks re-defining the domain using that
	data.

	Explicitly return "tap2" for disks defined as "device/tap2".

2011-10-12  Philipp Hahn  <hahn@univention.de>

	xen: fix PyGrub boot device order
	When PyGrub is used as the bootloader in Xen, it gets passed the first
	bootable disk. Xend supports a "bootable"-flag for this, which isn't
	explicitly supported by libvirt.
	When converting libvirt-xml to xen-sxpr the "bootable"-flag gets
	implicitly set by xen.xend.XenConfig.device_add() for the first disk
	(marked as "Compat hack -- mark first disk bootable").
	When converting back xen-sxpr to libvirt-xml, the disks are returned in
	the internal order used by Xend ignoring the "bootable"-flag, which
	loses the original order. When the domain is then re-defined, the order
	of disks is changed, which breaks PyGrub, since a different disk gets
	passed.

	When converting xen-sxpr to libvirt-xml, use the "bootable"-flag to
	determine the first disk.

	This isn't perfect, since several disks can be marked as bootable using
	the Xend-API, but that is not supported by libvirt. In all known cases
	relevant to libvirt exactly one disk is marked as bootable.

2011-10-12  Philipp Hahn  <hahn@univention.de>

	tests: Add support for skipping tests
	AM_TESTS has support for skipping tests, while the C-implementation
	virtTestRun() does not support that feature.

	Print "_" or "SKIP" in verbose mode for tests returning EXIT_AM_SKIP=77.

2011-10-12  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	Introduce <driver> under <filesystem> to support open-by-handle
	VirtFS allows the user to choose between path/handle based fs driver.
	As of now, libvirt hardcoded path based driver only. This patch provides
	a solution to allow user to choose between path/handle based fs driver.

	Sample:

	    <filesystem type='mount'>
	      <driver type='handle'/>
	      <source dir='/folder/to/share1'/>
	      <target dir='mount_tag1'/>
	    </filesystem>

	    <filesystem type='mount'>
	      <driver type='path'/>
	      <source dir='/folder/to/share2'/>
	      <target dir='mount_tag2'/>
	    </filesystem>

2011-10-12  Sage Weil  <sage@newdream.net>

	buf: implement generic virBufferEscape
	Implement a generic helper to escape a given set of characters with a
	leading '\'.  Generalizes virBufferEscapeSexpr().

2011-10-12  Osier Yang  <jyang@redhat.com>

	daemon: Always advertise libvirtd service
	This is a regression introduced by new RPC codes, previously
	we advertise the service via ssh even if the daemon doesn't
	listen on TLS port (TCP is not choosed). Now the service is
	only advertised when it listens on TLS or TCP port. This breaks
	upper layer apps which intends to discover the service, such
	as virt-manager.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: drop dead parameters
	The previous optimizations lead to some follow-on cleanups.

	* src/conf/domain_conf.c (virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Drop dead parameter.
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames, qemuDomainSnapshotDelete):
	Likewise.
	* src/conf/domain_conf.h: Update prototypes.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: take advantage of new relations
	Among other improvements, virDomainSnapshotForEachDescendant is
	changed from iterative O(n^2) to recursive O(n).  A bit better
	than the O(n^3) implementation in virsh snapshot-list!

	* src/conf/domain_conf.c (virDomainSnapshotObjListNum)
	(virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjeListGetNames, virDomainSnapshotForEachChild)
	(virDomainSnapshotForEachDescendant): Optimize.
	(virDomainSnapshotActOnDescendant): Tweak.
	(virDomainSnapshotActOnChild, virDomainSnapshotMarkDescendant):
	Delete, now that they are unused.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: track qemu snapshot relations
	Maintain the parent/child relationships of all qemu snapshots.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Populate
	relationships after loading.
	(qemuDomainSnapshotCreateXML): Set relations on creation; tweak
	redefinition to reuse existing object.
	(qemuDomainSnapshotReparentChildren, qemuDomainSnapshotDelete):
	Clear relations on delete.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: framework for more efficient relation traversal
	No one was using virDomainSnapshotHasChildren, but that was an
	O(n) function.  Exposing and tracking a bit more metadata for each
	snapshot will allow the same query to be made with an O(1) query
	of the member field.  For single snapshot operations (create,
	delete), callers can be trusted to maintain the metadata themselves,
	but for reloading, we can't compute parents as we go since there
	is no guarantee that parents were parsed before children, so we also
	provide a function to refresh the relationships, and which can
	be used to detect if the user has ignored our warnings and been
	directly modifying files in /var/lib/libvirt/qemu/snapshot.  This
	patch only adds metadata; later patches will actually use it.

	This layout intentionally hardcodes the size of each snapshot struct,
	by tracking sibling pointers, rather than having to deal with the
	headache of yet more memory management by directly sticking a
	dynamically sized child[] on each parent.

	* src/conf/domain_conf.h (_virDomainSnapshotObj)
	(_virDomainSnapshotObjList): Add members.
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New prototypes.
	(virDomainSnapshotHasChildren): Delete.
	* src/conf/domain_conf.c (virDomainSnapshotSetRelations)
	(virDomainSnapshotUpdateRelations, virDomainSnapshotDropParent):
	New functions.
	(virDomainSnapshotHasChildren): Drop unused function.
	* src/libvirt_private.syms (domain_conf): Update exports.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: use correct qmp monitor command
	To date, JSON disk snapshots worked by accident, as they were always
	using hmp fallback due to a typo in commit e702b5b not picking up
	on the (intentional) difference in command names between the two
	monitor protocols.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Spell QMP command correctly.
	Reported by Luiz Capitulino.

2011-10-12  Eric Blake  <eblake@redhat.com>

	snapshot: virsh shorthand for operating on current snap
	Rather than having to do:

	$ virsh snapshot-revert dom $(virsh snapshot-current dom --name)

	I thought it would be nice to do:

	$ virsh snapshot-revert dom --current

	I didn't add 'virsh snapshot-dumpxml --current' since we already have
	'virsh snapshot-current' for the same task.  snapshot-list accepted
	a name but did not require it, and that remains the case, with
	--current serving in place of that name.  For all other commands,
	name used to be required, and can now be replaced by --current;
	I intentionally made it so that omitting both --current and a name
	is an error (having the absence of a name imply --current seems
	just a bit too magic, so --current must be explicit).  I also had
	to keep snapshot-edit backwards-compatible, as the only command
	that already had a --current argument alongside a name, which still
	works to both edit a named snapshot and make it current.

	* tools/virsh.c (vshLookupSnapshot): New helper function.
	(cmdSnapshotEdit, cmdSnapshotList, cmdSnapshotParent)
	(cmdSnapshotDelete, cmdDomainSnapshotRevert): Use it, adding an
	option where needed.
	* tools/virsh.pod (snapshot-delete, snapshot-edit)
	(snapshot-list, snapshot-parent, snapshot-revert): Document
	use of --current.
	(snapshot-dumpxml): Mention alternative.

2011-10-12  Eric Blake  <eblake@redhat.com>

	build: fix mingw build without sasl
	Detected by autogen.sh on a cross-mingw build:

	Creating library file: .libs/libvirt.dll.a
	Cannot export virNetSASLContextCheckIdentity: symbol not defined
	Cannot export virNetSASLContextNewServer: symbol not defined
	...

	* src/libvirt_private.syms (virnetsaslcontext.h): Move symbols...
	* src/libvirt_sasl.syms: ...to new file.
	* src/Makefile.am (USED_SYM_FILES) [HAVE_SASL]: Use new file.
	(EXTRA_DIST): Ship it.

2011-10-11  Eric Blake  <eblake@redhat.com>

	build: fix 'make rpm'
	Since commit ddf3bd3, 'make rpm' failed with:

	RPM build errors:
	    File not found: /home/remote/eblake/rpmbuild/BUILDROOT/libvirt-0.9.6-1.fc14.eblake1318366440.x86_64/usr/share/systemtap/tapset/libvirtd.stp

	* libvirt.spec.in (with_dtrace): Match installed .stp files.

2011-10-11  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck'
	I got these distcheck failures with sanlock enabled:

	ERROR: files left in build directory after distclean:
	./tools/virt-sanlock-cleanup
	./src/locking/qemu-sanlock.conf

	* src/Makefile.am (DISTCLEANFILES) [HAVE_SANLOCK]: Clean built
	file.
	* tools/Makefile.am (DISTCLEANFILES): Likewise.

2011-10-11  Eric Blake  <eblake@redhat.com>

	build: ship helper scripts
	Otherwise, 'make rpm' fails with:

	  GEN    libvirt_qemu.def
	make[2]: *** No rule to make target `dtrace2systemtap.pl', needed by `libvirt_probes.stp'.  Stop.

	* src/Makefile.am (EXTRA_DIST): Add recent script additions.

2011-10-11  Dan Horák  <dan@danny.cz>

	disable xenlight for non-Xen platforms
	when building libvirt in Fedora/s390x I've found that xenlight needs to
	be explicitly disabled in the spec file. Configure properly sets the
	library as non-existent, but the %files section still wants to package
	the 3 /var/*/libvirt/libxl directories. See also
	https://bugzilla.redhat.com/show_bug.cgi?id=745020

2011-10-11  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' linkage with dtrace
	Building on Linux with dtrace enabled was failing 'make check':

	  CCLD   nodeinfotest
	../src/.libs/libvirt_test.a(libvirt_net_rpc_client_la-virnetclient.o): In function `virNetClientNew':
	/home/remote/eblake/libvirt/src/rpc/virnetclient.c:162: undefined reference to `libvirt_rpc_client_new_semaphore'

	On looking further, I see some earlier warnings emitted from libtool:

	*** Warning: Linking the shared library libvirt.la against the non-libtool
	*** objects  probes.o is not portable!

	Since src/probes.o is only built on Linux, and even then, only when
	dtrace is enabled, this failure does not affect other platforms, and
	despite libtool warning that it is not generally portable, it is not
	a problem for our use-case in libvirt.la.  But it turns out that while
	libtool is willing to jam raw .o files into an installed shared
	library (libvirt.la becomes libvirt.so), it is NOT willing to jam
	the same .o file into the convenience library libvirt_test.la.
	Perhaps this is a bug in libtool, but even if we get libtool fixed,
	libvirt must continue to build on platforms with older libtool.  So,
	the fix is the same as we are already using for the libvirt_lxc
	executable - don't rely on the .o file being in the convenience
	library, but instead use LDADD to pull it in directly.

	* tests/Makefile.am (PROBES_O): New macro.
	(LDADDS): Use it to fix link errors.

2011-10-11  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build with new probes

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix deps for probes.o to ensure correct build ordering

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Update examples for probing with systemtap
	This removes the old example for legacy probes and adds two
	new scripts demonstrating many of the new probe point facilities.

	The rpc-monitor.stp script will print out friendly details of all
	RPC traffic between a libvirt client/server. This is incredibly
	useful in seeing what RPC calls are being made, and also debugging
	problems in the RPC protocol code

	The events.stp script will print out lots of info about the poll
	event loop, which is useful for debugging event handling problems

	* examples/systemtap/events.stp, examples/systemtap/rpc-monitor.stp:
	  New examples
	* examples/systemtap/client.stp: Remove obsolete example

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite all the DTrace/SystemTAP probing
	The libvirtd daemon had a few crude system tap probes. Some of
	these were broken during the RPC rewrite. The new modular RPC
	code is structured in a way that allows much more effective
	tracing. Instead of trying to hook up the original probes,
	define a new set of probes for the RPC and event code.

	The master probes file is now src/probes.d.  This contains
	probes for virNetServerClientPtr, virNetClientPtr, virSocketPtr
	virNetTLSContextPtr and virNetTLSSessionPtr modules. Also add
	probes for the poll event loop.

	The src/dtrace2systemtap.pl script can convert the probes.d
	file into a libvirt_probes.stp file to make use from systemtap
	much simpler.

	The src/rpc/gensystemtap.pl script can generate a set of
	systemtap functions for translating RPC enum values into
	printable strings. This works for all RPC header enums (program,
	type, status, procedure) and also the authentication enum

	The PROBE macro will automatically generate a VIR_DEBUG
	statement, so any place with a PROBE can remove any existing
	manual DEBUG statements.

	* daemon/libvirtd.stp, daemon/probes.d: Remove obsolete probing
	* daemon/libvirtd.h: Remove probe macros
	* daemon/Makefile.am: Remove all probe buildings/install
	* daemon/remote.c: Update authentication probes
	* src/dtrace2systemtap.pl, src/rpc/gensystemtap.pl: Scripts
	  to generate STP files
	* src/internal.h: Add probe macros
	* src/probes.d: Master list of probes
	* src/rpc/virnetclient.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetsocket.c, src/rpc/virnettlscontext.c,
	  src/util/event_poll.c: Insert probe points, removing any
	  DEBUG statements that duplicate the info

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix missing lock calls on virNetTLSContextRef
	The virNetTLSContextRef API forgot to acquire/release the lock
	while changing ctxt->refs

	* src/rpc/virnettlscontext.c: Add lock calls

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Refactor TLS to facilitate dynamic probing
	Pull the call to gnutls_x509_crt_get_dn up into a higher function
	so that the 'dname' variable will be available for probe points

	* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
	  one level

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Add virSocketRef API to facilitate dynamic probing
	Instead of directly manipulating sock->refs, add a virSocketRef
	API

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add virSocketRef

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	If receiving a stream error, mark EOF on the stream
	If we receive an error on the stream, set the EOF marker so
	that any further (bogus) incoming data is dropped.

	* src/rpc/virnetclientstream.c: Set EOF on stream

2011-10-11  Daniel P. Berrange  <berrange@redhat.com>

	Make libvirt.so include the RPC server code
	To avoid static linking libvirtd to the RPC server code, which
	then prevents sane introduction of DTrace probes, put it all
	in the libvirt.so, and export it

	* daemon/Makefile.am: Don't link to RPC libraries
	* src/Makefile.am: Link all RPC libraries to libvirt.so
	* src/libvirt_private.syms: Export all RPC functions

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot children listing in esx
	It was fairly trivial to return snapshot listing based on a
	point in the hierarchy, rather than starting at all roots.

	* src/esx/esx_driver.c (esxDomainSnapshotNumChildren)
	(esxDomainSnapshotListChildrenNames): New functions.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot children listing in qemu
	Not too hard to wire up.  The trickiest part is realizing that
	listing children of a snapshot cannot use SNAPSHOT_LIST_ROOTS,
	and that we overloaded that bit to also mean SNAPSHOT_LIST_DESCENDANTS;
	we use that bit to decide which iteration to use, but don't want
	the existing counting/listing functions to see that bit.

	* src/conf/domain_conf.h (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New prototypes.
	* src/conf/domain_conf.c (virDomainSnapshotObjListNumFrom)
	(virDomainSnapshotObjListGetNamesFrom): New functions.
	* src/libvirt_private.syms (domain_conf.h): Export them.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNumChildren)
	(qemuDomainSnapshotListChildrenNames): New functions.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: remote protocol for snapshot children
	Very mechanical.  I'm so glad we've automated the generation of things,
	compared to what it was in 0.8.x days, where this would be much longer.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_NUM_CHILDREN)
	(REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES): New rpcs.
	(remote_domain_snapshot_num_children_args)
	(remote_domain_snapshot_num_children_ret)
	(remote_domain_snapshot_list_children_names_args)
	(remote_domain_snapshot_list_children_names_ret): New structs.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh fallback for snapshot-list --descendants --from
	Given a list of snapshots and their parents, finding all descendants
	requires a hairy traversal.  This code is O(n^3); it could maybe be
	made to scale O(n^2) with the use of a hash table, but that costs more
	memory.  Hopefully there aren't too many people with a hierarchy
	so large as to approach REMOTE_DOMAIN_SNAPSHOT_LIST_NAMES_MAX (1024).

	* tools/virsh.c (cmdSnapshotList): Add final fallback.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh fallback for snapshot-list --from children
	Iterating over one level of children requires parsing all snapshots
	and their parents; a bit of code shuffling makes it pretty easy
	to do this as well.

	* tools/virsh.c (cmdSnapshotList): Add another fallback.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh fallback for snapshot-list --tree --from
	Emulating --from requires grabbing the entire list of snapshots
	and their parents, and recursively iterating over the list from
	the point of interest - but we already do that for --tree.  This
	turns on emulation for that situation.

	* tools/virsh.c (__vshControl): Rename member.
	(vshReconnect, cmdConnect, vshGetSnapshotParent): Update clients.
	(cmdSnapshotList): Add fallback.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: virsh snapshot-list and children
	Sometimes, we only care about one branch of the snapshot hierarchy.
	Make it easier to list a single branch, by using the new APIs.

	Technically, I could emulate these new virsh options on old servers
	by doing a complete dump, then scraping xml to filter out just the
	snapshots that I care about, but I didn't want to do that in this patch.

	* tools/virsh.c (cmdSnapshotList): Add --from, --descendants.
	* tools/virsh.pod (snapshot-list): Document them.

2011-10-11  Eric Blake  <eblake@redhat.com>

	snapshot: new virDomainSnapshotListChildrenNames API
	The previous API addition allowed traversal up the hierarchy;
	this one makes it easier to traverse down the hierarchy.

	In the python bindings, virDomainSnapshotNumChildren can be
	generated, but virDomainSnapshotListChildrenNames had to copy
	from the hand-written example of virDomainSnapshotListNames.

	* include/libvirt/libvirt.h.in (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New prototypes.
	(VIR_DOMAIN_SNAPSHOT_LIST_DESCENDANTS): New flag alias.
	* src/libvirt.c (virDomainSnapshotNumChildren)
	(virDomainSnapshotListChildrenNames): New functions.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSnapshotNumChildren)
	(virDrvDomainSnapshotListChildrenNames): New callbacks.
	* python/generator.py (skip_impl, nameFixup): Update lists.
	* python/libvirt-override-api.xml: Likewise.
	* python/libvirt-override.c
	(libvirt_virDomainSnapshotListChildrenNames): New wrapper function.

2011-10-11  Eric Blake  <eblake@redhat.com>

	docs: fix html bug
	</space> doesn't exist.  Introduced in commit 4bb4109f.

	* docs/formatdomain.html.in: Use correct end tag.

2011-10-10  Guido Günther  <agx@sigxcpu.org>

	xen_xs: Guard against set but empty kernel argument
	On xen 4.1 I observed configurations that look like:

	(image
	    (hvm
	        (kernel '')
	        (loader '/foo/bar')
	))

	The kernel element is there but unset. This leads to an empty <kernel/>
	element in the XML and even worse makes us skip the boot order parsing
	and therefore not emit a <boot device='$dev>'/> element which breaks CD
	booting.

2011-10-10  Guido Günther  <agx@sigxcpu.org>

	xen: add error handling to UUID parsing
	otherwise a missing UUID in a domain config just shows:

	error: An error occurred, but the cause is unknown

	Now we have:

	error: configuration file syntax error: config value uuid was missing

2011-10-10  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	I noticed a couple typos in recent commits, and fixed the remaining
	instances of them.

	* docs/internals/command.html.in: Fix spelling errors.
	* include/libvirt/libvirt.h.in (virConnectDomainEventCallback):
	Likewise.
	* python/libvirt-override.py (virEventAddHandle): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChild): Likewise.
	* src/util/hash.c (virHashCreateFull): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalMakeVol): Likewise.
	* src/esx/esx_driver.c (esxFormatVMXFileName): Likewise.
	* src/vbox/vbox_tmpl.c (vboxIIDIsEqual_v3_x): Likewise.

2011-10-10  Eric Blake  <eblake@redhat.com>

	snapshot: avoid accidental renames with snapshot-edit
	I was a bit surprised that 'virsh snapshot-edit dom name' silently
	allowed me to clone things, while still telling me the old name,
	especially since other commands like 'virsh edit dom' reject rename
	attempts (*).  This fixes things to be more explicit (**).

	(*) Technically, 'virsh edit dom' relies on virDomainDefineXML
	behavior, which rejects attempts to mix a new name with existing
	uuid or new uuid with existing name, but you can create a new
	domain by changing both uuid and name.  On the other hand, while
	snapshot-edit --clone is a true clone, creating a new domain
	would also have to decide whether to clone snapshot metadata,
	managed save, and any other secondary data related to the domain.
	Domain renames are not trivial either.

	(**) Renaming or creating a clone is still a risky proposition -
	for offline snapshots and system checkpoints, if the new name
	does not match an actual name recorded in the qcow2 internal
	snapshots, then you cannot revert to the new checkpoint.  But it
	is assumed that anyone using the new virsh flags knows what they
	are doing, and can deal with the fallout caused by a rename/clone;
	that is, we can't completely prevent a user from shooting
	themselves in the foot, so much as we are making the default
	action less risky.

	* tools/virsh.c (cmdSnapshotEdit): Add --rename, --clone.
	* tools/virsh.pod (snapshot-edit): Document them.

2011-10-10  Eric Blake  <eblake@redhat.com>

	snapshot: sort snapshot-list --tree
	Otherwise, the results are not repeatable.

	* tools/virsh.c (cmdSnapshotList): Print tree in predictable order.

2011-10-10  Osier Yang  <jyang@redhat.com>

	storage: Do not use comma as seperator for lvs output
	* src/storage/storage_backend_logical.c:

	If a logical vol is created as striped. (e.g. --stripes 3),
	the "device" field of lvs output will have multiple fileds which are
	seperated by comma. Thus the RE we write in the codes will not
	work well anymore. E.g. (lvs output for a stripped vol, uses "#" as
	seperator here):

	test_stripes##fSLSZH-zAS2-yAIb-n4mV-Al9u-HA3V-oo9K1B#\
	/dev/sdc1(10240),/dev/sdd1(0)#42949672960#4194304

	The RE we use:

	    const char *regexes[] = {
	        "^\\s*(\\S+),(\\S*),(\\S+),(\\S+)\\((\\S+)\\),(\\S+),([0-9]+),?\\s*$"
	    };

	Also the RE doesn't match the "devices" field of striped vol properly,
	it contains multiple "device path" and "offset".

	This patch mainly does:
	    1) Change the seperator into "#"
	    2) Change the RE for "devices" field from "(\\S+)\\((\\S+)\\)"
	       into "(\\S+)".
	    3) Add two new options for lvs command, (segtype, stripes)
	    4) Extend the RE to match the value for the two new fields.
	    5) Parse the "devices" field seperately in virStorageBackendLogicalMakeVol,
	       multiple "extents" info are generated if the vol is striped. The
	       number of "extents" is equal to the stripes number of the striped vol.

	A incidental fix: (virStorageBackendLogicalMakeVol)
	    Free "vol" if it's new created and there is error.

	Demo on striped vol with the patch applied:

	% virsh vol-dumpxml /dev/test_vg/vol_striped2
	<volume>
	  <name>vol_striped2</name>
	  <key>QuWqmn-kIkZ-IATt-67rc-OWEP-1PHX-Cl2ICs</key>
	  <source>
	    <device path='/dev/sda5'>
	      <extent start='79691776' end='88080384'/>
	    </device>
	    <device path='/dev/sda6'>
	      <extent start='62914560' end='71303168'/>
	    </device>
	  </source>
	  <capacity>8388608</capacity>
	  <allocation>8388608</allocation>
	  <target>
	    <path>/dev/test_vg/vol_striped2</path>
	    <permissions>
	      <mode>0660</mode>
	      <owner>0</owner>
	      <group>6</group>
	      <label>system_u:object_r:fixed_disk_device_t:s0</label>
	    </permissions>
	  </target>
	</volume>

	RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=727474

2011-10-09  Michal Privoznik  <mprivozn@redhat.com>

	qemuDomainAttach: Initialize pidfile variable
	If parsing qemu command line fails (e.g. because of non-existing
	process number supplied), we jump to cleanup label where we free
	pidfile. Therefore it needs to be initialized. Otherwise we free
	random pointer.

2011-10-08  Eric Blake  <eblake@redhat.com>

	qemu: silence Coverity false positive
	Coverity complained that 4 out of 5 callers to virJSONValueObjectGetBoolean
	checked for errors.  But we documented that we don't care in this case.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockInfo): Use
	ignore_value.

2011-10-08  Eric Blake  <eblake@redhat.com>

	lxc: fix logic bug
	Detected by Coverity.  We want to increment the size_t counter,
	not the pointer to the counter.  Bug present since 5f5c6fde (0.9.5).

	* src/lxc/lxc_controller.c (lxcSetupLoopDevices): Use correct
	precedence.

2011-10-07  tangchen  <tangchen@cn.fujitsu.com>

	virsh: Update the help information for undefine command.
	virsh undefine command can now undefine an active guest, but the help information is still the old.
	This patch modifies it and make it coincident to the manpage of virsh.

2011-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Don't send back unknown program errors for async messages
	If we send back an unknown program error for async messages,
	we will confuse the client because they only expect replies
	for method calls. Just log & drop any invalid async messages

	* src/rpc/virnetserver.c: Don't send error for async messages

2011-10-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock when the RPC program is unknown
	Commit 597fe3cee68f561a181967b59a87b4e5c5880c4c accidentally
	introduced a deadlock when reporting an unknown RPC program.
	The virNetServerDispatchNewMessage method is called with
	the client locked, and must therefore not attempt to send
	any RPC messages back to the client. Only once the incoming
	message is passed off to the virNetServerHandleJob worker
	is it safe to start sending messages back

	* src/rpc/virnetserver.c: Delay checking for unknown RPC
	  program until in worker thread

2011-10-07  Eric Blake  <eblake@redhat.com>

	snapshot: simplify redefinition of disk snapshot
	Redefining disk-only snapshot xml should work even if the user
	did not explicitly pass VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY;
	the flag is only required for conditions where the <state>
	subelement is not already present in parsing (that is, defining
	a new snapshot).

	Also, fix the error code of some user-visible errors (the remaining
	VIR_ERR_INTERNAL_ERROR should not be user-visible, since parsing
	of <active> is only done from internal code).

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Allow
	disks during redefinition of disk snapshot.

2011-10-07  Eric Blake  <eblake@redhat.com>

	snapshot: let virsh edit disk snapshots
	It was impossible for 'virsh snapshot-current dom name' to set name
	as the current snapshot, if name is a disk-only snapshot.

	Using strstr rather than full-blown xml parsing is safe, since the
	xml is assumed to be well-formed coming from libvirtd rather than
	arbitrary text coming from the user.

	* tools/virsh.c (cmdSnapshotCurrent, cmdSnapshotEdit): Pass
	disk_only flag when redefining a disk snapshot.

2011-10-07  Eric Blake  <eblake@redhat.com>

	snapshot: fix virsh error message typo
	* tools/virsh.c (cmdSnapshotList): Spell exclusive correctly.

2011-10-07  Michal Privoznik  <mprivozn@redhat.com>

	remote_driver: Avoid double free in EventControl building
	Don't xdr_free event data as they are freed by our caller
	virNetClientProgramDispatch.

2011-10-07  Eric Blake  <eblake@redhat.com>

	build: fix 'make distcheck' with pdwtags installed
	I am getting this failure with 'make distcheck':

	  GEN    ../../src/remote_protocol-structs
	/bin/sh: ../../src/remote_protocol-structs-t: Permission denied
	make[4]: *** [../../src/remote_protocol-structs] Error 1

	since it attempts a sub-run of a VPATH 'make check' where $(srcdir)
	is intentionally read-only.  I'm not sure which commit introduced
	the problem, although I suspect it was around 62dee6f when I
	refactored protocol struct checking to be more powerful.

	$(@F) is required by POSIX, and although it is not yet portable
	to all make implementations, we already require GNU make.

	* src/Makefile.am (PDWTAGS): Generate temp file into current
	directory, since $(srcdir) is read-only during distcheck.

2011-10-06  Guido Günther  <agx@sigxcpu.org>

	xenParseXM: don't dereference NULL pointer when script is empty

2011-10-06  Laine Stump  <laine@laine.org>

	qemu: add separate rerror_policy for disk errors
	Previously libvirt's disk device XML only had a single attribute,
	error_policy, to control both read and write error policy, but qemu
	has separate options for controlling read and write. In one case
	(enospc) a policy is allowed for write errors but not read errors.

	This patch adds a separate attribute that sets only the read error
	policy. If just error_policy is set, it will apply to both read and
	write error policy (previous behavior), but if the new rerror_policy
	attribute is set, it will override error_policy for read errors only.
	Possible values for rerror_policy are "stop", "report", and "ignore"
	("report" is the qemu-controlled default for rerror_policy when
	error_policy isn't specified).

	For consistency, the value "report" has been added to the possible
	values for error_policy as well.

2011-10-06  Laine Stump  <laine@laine.org>

	qemu: leave rerror policy at default when enospace is requested
	commit 12062ab set rerror=ignore when error_policy="enospace" was
	selected (since the rerror option in qemu doesn't accept "enospc", as
	the werror option does).

	After that patch was already pushed, Paolo Bonzini noticed it and
	commented that leaving rerror at the default ("report") would be a
	better choice. This patch corrects the problem - if error_policy =
	"enospace" is given, rerror is left off the qemu commandline,
	effectively setting it to "report". For other values, rerror is still
	set to match werror.

	Additionally, the parsing of error_policy was changed to no longer
	erroneously allow "default" as a choice - as with most other
	attributes, if you want the default setting, just don't specify an
	error_policy.

	Finally, two ommissions in the first patch were corrected - a
	long-dormant qemuxml2argv test for enospace was enabled, and fixed to
	pass, and the argv2xml parser in qemu_command.c was updated to
	recognize the different spelling on the qemu commandline.

2011-10-06  Eric Blake  <eblake@redhat.com>

	qemu: enable multifunction for older qemu
	Now that RHEL 6.2 Beta is out, it would be nice to test multifunction
	devices on that platform.  This changes things so that the multifunction
	cap bit can be set in two different ways: by version comparison (needed
	for qemu 0.13 which lacked a -device query), and by -device query
	(provided by qemu.git and backported to the RHEL beta build of
	qemu-kvm which still claims to be a modified 0.12, and therefore needed
	for RHEL).

	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Allow
	second method of setting multifunction cap bit.
	* tests/qemuhelptest.c (mymain): Test it.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel62-beta-device: Likewise.

2011-10-06  Guido Günther  <agx@sigxcpu.org>

	Document STREQ_NULLABLE and STRNEQ_NULLABLE

2011-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC work with new network configuration types
	If using one of the new non-NAT/routed virtual network
	configurations, the LXC driver would not know how to
	setup the VETH devices. Adding in calls to setup the
	"actual" network configuration at VM startup and cleanup
	when shutting down fixes this.

	* src/lxc/lxc_driver.c: Setup/cleanup actual net devs

2011-10-05  Eric Blake  <eblake@redhat.com>

	init: raise default system aio limits
	https://bugzilla.redhat.com/show_bug.cgi?id=740899 documents that
	if qemu uses aio=native for its disks, then it consumes 128 aio
	requests per disk.  On a host with multiple guests, this can quickly
	run out of kernel aio requests with the default aio-max-nr of
	65536.  Kernel developers have confirmed that there is no up-front
	cost to raising this limit (a larger limit merely implies that more
	aio requests can be issued in parallel, which in turn will result
	in more kernel memory allocation, only if the system really does use
	that many requests).  Since the system default limit prevents 256
	disks, which is well within libvirt's current scalability, this
	patch installs a file to raise the limit and document it in case a
	system administrator has further cause to tune the limit.  The
	install only works on platforms new enough to source /etc/sysctl.d/*
	alongside /etc/sysctl.conf (F14 and RHEL 6).

	* daemon/libvirtd.sysctl: New file.
	* daemon/Makefile.am (EXTRA_DIST): Ship it.
	(install-init, uninstall-init): Install it.
	* libvirt.spec.in (%files): Include it in rpm.

2011-10-05  Eric Blake  <eblake@redhat.com>

	maint: fix minor issues in virterror public header
	Consistent use of tabs, fewer long lines, and a typo fix.

	* include/libvirt/virterror.h: Fix typos, layout.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: enforce REVERT_FORCE on qemu
	Implements the documentation for snapshot revert vs. force.

	Part of the patch tightens existing behavior (previously, reverting
	to an old snapshot without <domain> was blindly attempted, now it
	requires force), while part of it relaxes behavior (previously, it
	was not possible to revert an active domain to an ABI-incompatible
	active snapshot, now force allows this transition).

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Check for
	risky situations, and allow force to get past them.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: use qemu-img on disks in use at time of snapshot
	Once we know which set of disks belong to a snapshot, reverting or
	deleting that snapshot should visit just those disks, rather than
	also visiting disks that were hot-plugged in the meantime or
	skipping disks that were hot-unplugged in the meantime.

	* src/qemu/qemu_domain.c (qemuDomainSnapshotForEachQcow2): Use
	snapshot domain details when available.  Avoid NULL deref.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: add REVERT_FORCE to API
	Although reverting to a snapshot is a form of data loss, this is
	normally expected.  However, there are two cases where additional
	surprises (failure to run the reverted state, or a break in
	connectivity to the domain) can come into play.  Requiring extra
	acknowledgment in these cases will make it less likely that
	someone can get into an unrecoverable state due to a default revert.

	Also create a new error code, so users can distinguish when forcing
	would make a difference, rather than having to blindly request force.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_REVERT_FORCE):
	New flag.
	* src/libvirt.c (virDomainRevertToSnapshot): Document it.
	* include/libvirt/virterror.h (VIR_ERR_SNAPSHOT_REVERT_RISKY): New
	error value.
	* src/util/virterror.c (virErrorMsg): Implement it.
	* tools/virsh.c (cmdDomainSnapshotRevert): Add --force to virsh.
	* tools/virsh.pod (snapshot-revert): Document it.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot roots listing in vbox
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for VBox until now.

	The VBox implementation prohibits deletion of a snapshot with
	multiple children.  Hence, there can only be at most one root,
	which is found by searching for the snapshot with a NULL uuid.

	Prior to 4.0, snapshotGet looked up by UUID, and snapshotFind
	looked up by name; after that point, snapshotGet disappeared
	and snapshotFind handles uuid or name.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Implement limiting list to root.

2011-10-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't fail virDomainGetInfo if we can't update balloon info
	Qemu driver tries to update balloon data in virDomainGetInfo and if it
	can't do so because there is another monitor job running, it just
	reports what's known in domain def. However, if there was no job running
	but getting the data from qemu fails, we would fail the whole API. This
	doesn't make sense. Let's make the failure nonfatal.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: simplify esx snapshot name lookup
	No need to request the parent of a snapshot if we aren't going to use it.

	* src/esx/esx_vi.c (esxVI_GetSnapshotTreeByName): Make parent
	optional.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotLookupByName, esxDomainRevertToSnapshot)
	(esxDomainSnapshotDelete): Simplify accordingly.

2011-10-05  Eric Blake  <eblake@redhat.com>

	snapshot: implement snapshot roots listing in esx
	Commit 9f5e53e introduced the ability to filter snapshots to
	just roots, but it was never implemented for ESX until now.

	* src/esx/esx_vi.h (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Add parameter.
	* src/esx/esx_vi.c (esxVI_GetNumberOfSnapshotTrees)
	(esxVI_GetSnapshotTreeNames): Allow choice of recursion or not.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Use it to limit to roots.

2011-10-05  Laine Stump  <laine@laine.org>

	qemu: correct misspelled 'enospc' option, and only use for werror
	This resolves:

	     https://bugzilla.redhat.com/show_bug.cgi?id=730909

	When support for setting the qemu disk error policy to "enospc" was
	added, it was inadvertently spelled "enospace". This patch corrects
	that on the qemu commandline (while retaining the "enospace" spelling
	for libvirt's XML).

	Also, while examining the qemu source, I found that "enospc" is not
	allowed for the read error policy, only for write error policy (makes
	sense). Since libvirt currently only has a single error policy
	setting, when "enospace" is selected, the read error policy is set to
	"ignore".

2011-10-04  Eric Blake  <eblake@redhat.com>

	snapshot: better virsh handling of missing current, parent
	Previously, virsh 'snapshot-parent' and 'snapshot-current' were
	completely silent in the case where the code conclusively proved
	there was no parent or current snapshot, but differed in exit
	status; this silence caused some confusion on whether the commands
	worked.  Furthermore, commit d1be48f introduced a regression where
	snapshot-parent would leak output about an unknown function, but
	only on the first attempt, when talking to an older server that
	lacks virDomainSnapshotGetParent.  This changes things to consistenly
	report an error message and exit with status 1 when no snapshot
	exists, and to avoid leaking unknown function warnings when using
	fallbacks.

	* tools/virsh.c (vshGetSnapshotParent): Alter signature, to
	distinguish between real error and missing parent.  Don't pollute
	last_error on success.
	(cmdSnapshotParent): Adjust caller.  Always output message on
	failure.
	(cmdSnapshotList): Adjust caller.
	(cmdSnapshotCurrent): Always output message on failure.

2011-10-04  Guido Günther  <agx@sigxcpu.org>

	Document that ff callbacks need to be invoked from a clean stack.
	Also fix a typo.

2011-10-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix migration with dname
	Destination libvirtd remembers the original name in the prepare phase
	and clears it in the finish phase. The original name is used when
	comparing domain name in migration cookie.

2011-10-04  Daniel P. Berrange  <berrange@redhat.com>

	Allow passing of command line args to LXC container
	When booting a virtual machine with a kernel/initrd it is possible
	to pass command line arguments using the <cmdline>...args...</cmdline>
	element in the guest XML. These appear to the kernel / init process
	in /proc/cmdline.

	When booting a container we do not have a custom /proc/cmdline,
	but we can easily set an environment variable for it. Ideally
	we could pass individual arguments to the init process as a
	regular set of 'char *argv[]' parameters, but that would involve
	libvirt parsing the <cmdline> XML text. This can easily be added
	later, even if we add the env variable now

	* docs/drvlxc.html.in: Document env variables passed to LXC
	* src/conf/domain_conf.c: Add <cmdline> to be parsed for
	  guests of type='exe'
	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_CMDLINE env var

2011-10-04  Daniel P. Berrange  <berrange@redhat.com>

	Add support for bandwidth filtering on LXC guests
	Call virBandwidthEnable after creating the LXC veth, so that any
	bandwidth controls get applied

	* src/lxc/lxc_driver.c: Enable bandwidth limiting

2011-10-04  Laine Stump  <laine@laine.org>

	network: fill in bandwidth from portgroup for all forward modes
	This patch is a fix for:

	  https://bugzilla.redhat.com/show_bug.cgi?id=743176

	which was discovered by Dan Berrange while making bandwidth
	configuration work for LXC guests.

	Background: Although virtportprofile data from a network portgroup is
	only applicable for direct mode interfaces, the code that copies
	bandwidth data from the portgroup was also only being executed in the
	case of direct mode interfaces. The result was that interfaces using
	traditional virtual networks (forward mode='nat|route|none'), and
	those using a host bridge for forwarding, would not pick up bandwidth
	data from a portgroup defined in the network.

	This patch moves that code outside the conditional, so that bandwidth
	information is *alway* copied from the appropriate portgroup (unless
	the <interface> definition itself already has bandwidth information,
	which would take precedence over what's in the portgroup anyway).

2011-10-04  Neil Wilson  <neil@brightbox.co.uk>

	bridge_driver.c: Fix autoconf setting
	Code altered so that it is consistent with the associated comment. The
	'autoconf' variable is forced to zero.

2011-10-03  Marc-André Lureau  <marcandre.lureau@gmail.com>

	Set to NULL members that have been freed to prevent crashes
	Do not crash if virStreamFinish is called after error.

	==11000== Invalid read of size 4
	==11000==    at 0x373A8099A0: pthread_mutex_lock (pthread_mutex_lock.c:51)
	==11000==    by 0x4C7CADE: virMutexLock (threads-pthread.c:85)
	==11000==    by 0x4D57C31: virNetClientStreamRaiseError (virnetclientstream.c:203)
	==11000==    by 0x4D385E4: remoteStreamFinish (remote_driver.c:3541)
	==11000==    by 0x4D182F9: virStreamFinish (libvirt.c:14157)
	==11000==    by 0x40FDC4: cmdScreenshot (virsh.c:3075)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)
	==11000==  Address 0x59b86c0 is 16 bytes inside a block of size 216 free'd
	==11000==    at 0x4A06928: free (vg_replace_malloc.c:427)
	==11000==    by 0x4C69E2B: virFree (memory.c:310)
	==11000==    by 0x4D57B56: virNetClientStreamFree (virnetclientstream.c:184)
	==11000==    by 0x4D3DB7A: remoteDomainScreenshot (remote_client_bodies.h:1812)
	==11000==    by 0x4CFD245: virDomainScreenshot (libvirt.c:2903)
	==11000==    by 0x40FB73: cmdScreenshot (virsh.c:3029)
	==11000==    by 0x42BA40: vshCommandRun (virsh.c:14922)
	==11000==    by 0x42ECCA: main (virsh.c:16381)

2011-10-03  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent for vbox
	Built by copying from existing functions.

	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotGetParent): New function.

2011-10-03  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent for esx
	Pretty easy to paste together compared to existing functions.

	* src/esx/esx_driver.c (esxDomainSnapshotGetParent): New function.

2011-10-01  Laine Stump  <laine@laine.org>

	qemu: make PCI multifunction support more manual
	When support for was added for PCI multifunction cards (in commit
	9f8baf, first included in libvirt 0.9.3), it was done by always
	turning on the multifunction bit for all PCI devices. Since that time
	it has been realized that this is not an ideal solution, and that the
	multifunction bit must be selectively turned on. For example, see

	  https://bugzilla.redhat.com/show_bug.cgi?id=728174

	and the discussion before and after

	  https://www.redhat.com/archives/libvir-list/2011-September/msg01036.html

	This patch modifies multifunction support so that the multifunction=on
	option is only added to the qemu commandline for a device if its PCI
	<address> definition has the attribute "multifunction='on'", e.g.:

	  <address type='pci' domain='0x0000' bus='0x00'
	           slot='0x04' function='0x0' multifunction='on'/>

	In practice, the multifunction bit should only be turned on if
	function='0' AND other functions will be used in the same slot - it
	usually isn't needed for functions 1-7 (although there are apparently
	some exceptions, e.g. the Intel X53 according to the QEMU source
	code), and should never be set if only function 0 will be used in the
	slot. The test cases have been changed accordingly to illustrate.

	With this patch in place, if a user attempts to assign multiple
	functions in a slot without setting the multifunction bit for function
	0, libvirt will issue an error when the domain is defined, and the
	define operation will fail. In the future, we may decide to detect
	this situation and automatically add multifunction=on to avoid the
	error; even then it will still be useful to have a manual method of
	turning on multifunction since, as stated above, there are some
	devices that excpect it to be turned on for all functions in a slot.

	A side effect of this patch is that attempts to use the same PCI
	address for two different devices will now log an error (previously
	this would cause the domain define operation to fail, but there would
	be no log message generated). Because the function doing this log was
	almost completely rewritten, I didn't think it worthwhile to make a
	separate patch for that fix (the entire patch would immediately be
	obsoleted).

2011-10-01  Laine Stump  <laine@laine.org>

	conf: remove unused VIR_ENUM_DECL
	While adding a new enum, I noticed a VIR_ENUM_DECL for a type that
	doesn't exist. There is also of course no matching VIR_ENUM_IMPL for
	it.

2011-10-01  Marc-André Lureau  <marcandre.lureau@gmail.com>

	virsh: do not unlink NULL file
	error:could not take a screenshot of xp
	==6216== Syscall param unlink(pathname) points to unaddressable byte(s)
	==6216==    at 0x373A0D4937: unlink (syscall-template.S:82)
	==6216==    by 0x40FD73: cmdScreenshot (virsh.c:3070)
	==6216==    by 0x42BA0D: vshCommandRun (virsh.c:14920)
	==6216==    by 0x42EC97: main (virsh.c:16379)
	==6216==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
	==6216==
	error:Requested operation is not valid: domain is not running

2011-09-30  Serge E. Hallyn  <serge.hallyn@canonical.com>

	lvm storage backend: handle command_names=1 in lvm.conf
	If the regexes supported (?:pvs)?, then we could handle this by
	optionally matching but not returning the initial command name.  But it
	doesn't.  So add a new char* argument to
	virStorageBackendRunProgRegex().  If that argument is NULL then we act
	as usual.  Otherwise, if the string at that argument is found at the
	start of a returned line, we drop that before running the regex.

	With this patch, virt-manager shows me lvs with command_names 1 or 0.

	The definitions of PVS_BASE etc may want to be moved into the configure
	scripts (though given how PVS is found, IIUC that could only happen if
	pvs was a link to pvs_real), but in any case no sense dealing with that
	until we're sure this is an ok way to handle it.

2011-09-30  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for outstanding async job too
	Currently, qemuDomainGetXMLDesc and qemudDomainGetInfo check for
	outstanding synchronous job before (eventual) monitor entering.
	However, there can be already async job set, e.g. migration.

2011-09-29  Peter Krempa  <pkrempa@redhat.com>

	qemu: Fix error message mentioning VNC instead of SPICE

2011-09-29  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	virsh: Add 'reset' command for virsh

	remote: Implement 'reset' for remote driver

	qemu: Implement 'reset' for qemu driver

	api: Add public api for 'reset'
	Add new public api for 'reset'.
	It can reset domain immediately without any guest shutdown.

2011-09-29  Jiri Denemark  <jdenemar@redhat.com>

	logging: Add date to log timestamp

	logging: Do not log timestamp through syslog
	Syslog puts the timestamp to every message anyway so this removes
	redundant data.

2011-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Report an error for acceptable URI schemes with a transport
	Before, URIs such as hyperv+ssh:// have been declined by the Hyper-V
	driver resulting in the remote driver trying to connect to an
	non-existing libvirtd.

	Now such URIs trigger an error in the yper-V driver suggesting to
	try again without the transport part in the scheme.

2011-09-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Report an error for acceptable URI schemes with a transport
	Before, URIs such as esx+ssh:// have been declined by the ESX driver
	resulting in the remote driver trying to connect to an non-existing
	libvirtd.

	Now such URIs trigger an error in the ESX driver suggesting to try
	again without the transport part in the scheme.

2011-09-29  Douglas Schilling Landgraf  <dougsland@redhat.com>

	formatdomain.html.in: fix tickpolicy
	there is no option "none":

	>From libvirt/src/conf/domain_conf.c

	<snip>
	VIR_ENUM_IMPL(virDomainTimerTickpolicy,
	VIR_DOMAIN_TIMER_TICKPOLICY_LAST,
	              "delay",
	              "catchup",
	              "merge",
	              "discard");
	</snip>

	Replacing with delay.

2011-09-29  Daniel Veillard  <veillard@redhat.com>

	virsh: describe attach-interface parameter target
	This patch is based on a improvement suggested by Kazuhiro Kikuchi
	of Fujitsu, it gives a description of the target parameter for that
	command

	* tools/virsh.pod: add description for target parameter of
	  attach-interface

2011-09-29  Daniel Veillard  <veillard@redhat.com>

	virsh: update man page for cpu_shares parameter
	The man page suggest that the cpu_shares parameter of schedinfo
	allows values 0-262144, but the kernel remaps values 0 and 1 to
	the minimum 2, just document that behaviour:

	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	1024
	[root@test ~]# echo 0 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]# echo 1 > /cgroup/cpu/libvirt/qemu/cpu.shares
	[root@test ~]# cat /cgroup/cpu/libvirt/qemu/cpu.shares
	2
	[root@test ~]#

	* tools/virsh.pod: update description of the cpu_shares parameter
	  to indicate the values 0 and 1 are automatically changed by the
	  kernel to minimal value 2

2011-09-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Check for ejected media during startup and migration
	If the daemon is restarted so we reconnect to monitor, cdrom media
	can be ejected. In that case we don't want to show it in domain xml,
	or require it on migration destination.

	To check for disk status use 'info block' monitor command.

2011-09-28  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_migration.c: if 'vmdef' is NULL, the function
	  virDomainSaveConfig still dereferences it, it doesn't make
	  sense, so should add return value check to make sure 'vmdef'
	  is non-NULL before calling virDomainSaveConfig, in addition,
	  in order to debug later, also should record error information
	  into log.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: implement getparent in qemu
	First hypervisor implementation of the new API.
	Allows 'virsh snapshot-list --tree' to be more efficient.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotGetParent): New
	function.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: add virsh snapshot-list --tree
	Reuse the tree listing of nodedev-list, coupled with the new helper
	function to efficiently grab snapshot parent names, to produce
	tree output for a snapshot hierarchy.  For example:

	$ virsh snapshot-list dom --tree
	root1
	 |
	  +- sibling1
	  +- sibling2
	  |   |
	  |   +- grandchild
	  |
	  +- sibling3

	root2
	 |
	  +- child

	* tools/virsh.c (cmdSnapshotList): Add --tree.
	* tools/virsh.pod (snapshot-list): Document it.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: refactor virsh snapshot parent computation
	Make parent computation reusable, using virDomainSnapshotGetParent
	when possible.

	* tools/virsh.c (vshGetSnapshotParent): New helper.
	(cmdSnapshotParent): Use it.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: remote protocol for getparent
	Mostly straight-forward, although this is the first API that
	returns a new snapshot based on a snapshot rather than a domain.

	* src/remote/remote_protocol.x
	(REMOTE_PROC_DOMAIN_SNAPSHOT_GET_PARENT): New rpc.
	(remote_domain_snapshot_get_parent_args)
	(remote_domain_snapshot_get_parent_ret): New structs.
	* src/rpc/gendispatch.pl: Adjust generator.
	* src/remote/remote_driver.c (remote_driver): Use it.
	* src/remote_protocol-structs: Update.

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: new virDomainSnapshotGetParent API
	Although a client can already obtain a snapshot's parent by
	dumping and parsing the xml, then doing a snapshot lookup by
	name, it is more efficient to get the parent in one step, which
	in turn will make operations that must traverse a snapshot
	hierarchy easier to perform.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetParent):
	Declare.
	* src/libvirt.c (virDomainSnapshotGetParent): New function.
	* src/libvirt_public.syms: Export it.
	* src/driver.h (virDrvDomainSnapshotGetParent): New callback.

2011-09-28  Eric Blake  <eblake@redhat.com>

	docs: document node device XML
	Coupled with the recent virsh nodedev-* doc patch, this should now
	give a better picture of libvirt node device handling.

	* docs/formatnode.html.in: Fill in page.

2011-09-28  Eric Blake  <eblake@redhat.com>

	docs: document virsh nodedev-* commands
	This section of the man page was completely missing; I stumbled on
	it when I had no clue that I had to use nodedev-reattach after
	I was done playing with <hostdev> device passthrough to one of my
	guests.

	* tools/virsh.pod (NODEDEV COMMANDS): New section.
	(attach-device, detach-device): Add cross-references.

2011-09-28  Laine Stump  <laine@laine.org>

	security: properly chown/label bidirectional and unidirectional fifos
	This patch fixes the regression with using named pipes for qemu serial
	devices noted in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=740478

	The problem was that, while new code in libvirt looks for a single
	bidirectional fifo of the name given in the config, then relabels that
	and continues without looking for / relabelling the two unidirectional
	fifos named ${name}.in and ${name}.out, qemu looks in the opposite
	order. So if the user had naively created all three fifos, libvirt
	would relabel the bidirectional fifo to allow qemu access, but qemu
	would attempt to use the two unidirectional fifos and fail (because it
	didn't have proper permissions/rights).

	This patch changes the order that libvirt looks for the fifos to match
	what qemu does - first it looks for the dual fifos, then it looks for
	the single bidirectional fifo. If it finds the dual unidirectional
	fifos first, it labels/chowns them and ignores any possible
	bidirectional fifo.

	(Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
	the code that checked for a bidirectional fifo. Prior to that commit,
	bidirectional fifos for serial devices didn't work because libvirt
	always required the ${name}.(in|out) fifos to exist, and qemu would
	always prefer those.

2011-09-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Preserve fakeReboot flag in domain status
	Thus, when libvirtd is restarted, it will know if a domain is supposed
	to be killed or reset when it shuts down.

	qemu: Finish domain shutdown on reconnect
	If a domain started with -no-shutdown shuts down while libvirtd is not
	running, it will be seen as paused when libvirtd reconnects to it. Use
	the paused reason to detect if a domain was stopped because of shutdown
	and finish the process just as if a SHUTDOWN event is delivered from
	qemu.

	qemu: Check domain status details when reconnecting monitor
	Current qemu is able to give us detailed domain status (not just if it
	is running or not) which we can translate into a status reason.

	qemu: Always remove domain object if MigratePrepare fails
	If migration failed in Prepare phase after virDomainAssignDef and before
	a job was started, the domain object was not properly removed.

2011-09-28  Jamie Strandboge  <jamie@canonical.com>

	fix AppArmor driver for pipe character devices
	The AppArmor security driver adds only the path specified in the domain
	XML for character devices of type 'pipe'. It should be using <path>.in
	and <path>.out. We do this by creating a new vah_add_file_chardev() and
	use it for char devices instead of vah_add_file(). Also adjust
	valid_path() to accept S_FIFO (since qemu chardevs of type 'pipe' use
	fifos). This is https://launchpad.net/bugs/832507

2011-09-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Allow using complete <capabilities> elements with cpu-baseline
	This patch cleans the cpu baseline function using new libvirt helper
	functions and fixes XPath expression that selects <cpu> elements from
	the source file, that can contain concatenated <capabilities> XMLs,
	domain XMLs and bare <cpu> elements. The fixed XPath expression ensures
	not to select NUMA <cpu id=... elements.

	This patch also removes vshRealloc function, that remained unused after
	cleaning up cpu-baseline.

	https://bugzilla.redhat.com/show_bug.cgi?id=731645

2011-09-28  Peter Krempa  <pkrempa@redhat.com>

	virsh: Allow using domain and capabilities XMLs with cpu-compare
	This patch adds extraction of the <cpu> element from capabilities and
	domain definition XML documents to improve user experience.

	https://bugzilla.redhat.com/show_bug.cgi?id=731151

2011-09-28  Eric Blake  <eblake@redhat.com>

	snapshot: fix man page typos
	pod2man from perl-5.8.8 (RHEL 5) errors out on ill-formed POD:

	*** ERROR: unterminated I<...> at line 1114 in file virsh.pod
	*** ERROR: unterminated I<...> at line 1851 in file virsh.pod

	Newer pod2man appears to be more tolerant (which is a shame,
	because it meant that this error is harder to detect).

	* tools/virsh.pod (undefine, snapshot-current): Add missing >.

2011-09-27  Laine Stump  <laine@laine.org>

	qemu: add ability to set PCI device "rombar" on or off
	This patch was made in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=738095

	In short, qemu's default for the rombar setting (which makes the
	firmware ROM of a PCI device visible/not on the guest) was previously
	0 (not visible), but they recently changed the default to 1
	(visible). Unfortunately, there are some PCI devices that fail in the
	guest when rombar is 1, so the setting must be exposed in libvirt to
	prevent a regression in behavior (it will still require explicitly
	setting <rom bar='off'/> in the guest XML).

	rombar is forced on/off by adding:

	  <rom bar='on|off'/>

	inside a <hostdev> element that defines a PCI device. It is currently
	ignored for all other types of devices.

	At the moment there is no clean method to determine whether or not the
	rombar option is supported by QEMU - this patch uses the advice of a
	QEMU developer to assume support for qemu-0.12+. There is currently a
	patch in the works to put this information in the output of "qemu-kvm
	-device pci-assign,?", but of course if we switch to keying off that,
	we would lose support for setting rombar on all the versions of qemu
	between 0.12 and whatever version gets that patch.

2011-09-27  Eric Blake  <eblake@redhat.com>

	spec: F15 still uses cgconfig, RHEL lacks hyperv
	Commit ecd8725c dropped attempts to probe the cgconfig service on
	new enough Fedora where systemd took over that aspect of the system,
	but mistakenly used F14 instead of F15 as the cutoff point.

	https://bugzilla.redhat.com/show_bug.cgi?id=741358

	Also, RHEL does not include HyperV support yet.

	* libvirt.spec.in (with_cgconfig): Check cgconfig service in F15.
	(%{?rhel}): Provide default for with_hyperv.

2011-09-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Relax -no-shutdown check to [0.14.0, 0.15.50)
	SIGTERM handling for -no-shutdown is already fixed in qemu git and
	libvirt can safely use it. The downside is that 0.15.50 version of qemu
	can be any qemu compiled from git, even that without the fix for
	SIGTERM. However, I think this patch is worth it since excluding 0.15.50
	from the check makes testing current qemu with libvirt much easier and
	someone running qemu from git should be able to rebuild fixed qemu from
	git if they hit the problem with a hang on shutdown.

	virsh: Better document --copy-storage migrate options
	Both --copy-storage-{all,inc} options require disk images to be present
	on destination host.

	virsh: Enhance documentation of commands starting jobs
	Some virsh commands start a (long-running) job that can be monitored
	using domjobinfo and aborted with domjobabort. Let's be explicit about
	this in virsh man page.

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	virLockManagerNopInit: Rename flags to unused_flags
	As these might be not used and make syntax-check complains about checking
	them via virCheckFlags.

2011-09-27  Peter Krempa  <pkrempa@redhat.com>

	daemon: Don't remove pidfiles in init scripts
	Init scripts removed pid file of the daemon. Removing pid files may be
	harmful as new api for crash-safe pidfiles is used (introduced by
	c8a3a26).

2011-09-27  Michal Privoznik  <mprivozn@redhat.com>

	debug: Annotate some variables as unused
	as they are not used with debugging turned off.

2011-09-27  Osier Yang  <jyang@redhat.com>

	storage: Do not break the whole vol lookup process in the middle
	* src/storage/storage_driver.c: As virStorageVolLookupByPath lookups
	all the pool objs of the drivers, breaking when failing on getting
	the stable path of the pool will just breaks the whole lookup process,
	it can cause the API fails even if the vol exists indeed. It won't get
	any benefit. This patch is to fix it.

2011-09-23  Peter Krempa  <pkrempa@redhat.com>

	maint: update authors

2011-09-23  Oskari Saarenmaa  <os@ohmu.fi>

	Add unsafe cache mode support for disk driver
	QEMU 0.13 introduced cache=unsafe for -drive, this patch exposes
	it in the libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_UNSAFE),
	    as even if $prefix_CACHE_V2 is set, we can't know if unsafe
	    is supported.

	  * Improved the reliability of qemu cache type detection.

2011-09-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix synchronous reading of stream data
	commit 984840a2c292402926ad100aeea33f8859ff31a9 removed the
	notification of waiting calls when VIR_NET_CONTINUE messages
	arrive. This was to fix the case of a virStreamAbort() call
	being prematurely notified of completion.

	The problem is that sometimes there are dummy calls from a
	virStreamRecv() call waiting that *do* need to be notified.

	These dummy calls should have a status VIR_NET_CONTINUE. So
	re-add the notification upon VIR_NET_CONTINUE, but only if
	the waiter also has a status of VIR_NET_CONTINUE.

	* src/rpc/virnetclient.c: Notify waiting call if stream data
	  arrives
	* src/rpc/virnetclientstream.c:  Mark dummy stream read packet
	  with status VIR_NET_CONTINUE

2011-09-23  Michal Privoznik  <mprivozn@redhat.com>

	selinux: Correctly report warning if virt_use_nfs not set
	Previous patch c9b37fee tried to deal with virt_use_nfs. But
	setfilecon() returns EOPNOTSUPP on NFS so we need to move the
	warning to else branch.

2011-09-22  Peter Krempa  <pkrempa@redhat.com>

	virsh: Improve virsh manual for virsh memtune command
	Commit 0a22f54 added --min-guarantee option for the memtune command.
	This option is supported only by the ESX hypervisor. This patch adds a
	statement about this fact, to prevent user confusion.

	This patch also adds explanation how to clear/set to unlimited the
	memory tunables. (documments the -1 value).

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: Do not ignore the specified flags for cmdSaveImageDefine
	Introduced by commit 42c52d53c, which added the support for new
	flags, but forgot to update the API use to pass the flags.

2011-09-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Transfer inactive XML among cookie
	If a domain has inactive XML we want to transfer it to destination
	when migrating with VIR_MIGRATE_PERSIST_DEST. In order to harm
	the migration protocol as least as possible, a optional cookie was
	chosen.

2011-09-22  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.6

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: also delete empty directory
	The previous patch removed all snapshots, but not the directory
	where the snapshots lived, which is still a form of stale data.

	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive): Wipe any
	snapshot directory.

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: remove snapshot metadata on transient exit
	Commit 282fe1f0 documented that transient domains will auto-delete
	any snapshot metadata when the last reference to the domain is
	removed, and that management apps are in charge of grabbing any
	snapshot metadata prior to that point.  However, this was not
	actually implemented for qemu until now.

	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainDestroyFlags, qemuDomainSaveInternal)
	(qemudDomainCoreDump, qemuDomainRestoreFlags, qemudDomainDefine)
	(qemuDomainUndefineFlags, qemuDomainMigrateConfirm3)
	(qemuDomainRevertToSnapshot): Clean up snapshot metadata.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny)
	(qemuMigrationPerformJob, qemuMigrationPerformPhase)
	(qemuMigrationFinish): Likewise.
	* src/qemu/qemu_process.c (qemuProcessHandleMonitorEOF)
	(qemuProcessReconnect, qemuProcessReconnectHelper)
	(qemuProcessAutoDestroyDom): Likewise.

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: prepare to remove transient snapshot metadata
	This patch is mostly code motion - moving some functions out
	of qemu_driver and into qemu_domain so they can be reused by
	multiple qemu_* files (since qemu_driver.h must not grow).
	It also adds a new helper function, qemuDomainRemoveInactive,
	which will be used in the next patch.

	* src/qemu/qemu_domain.h (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll)
	(qemuDomainRemoveInactive): New prototypes.
	(struct qemu_snap_remove): New struct.
	* src/qemu/qemu_domain.c (qemuDomainRemoveInactive)
	(qemuDomainSnapshotDiscardAllMetadata): New functions.
	(qemuFindQemuImgBinary, qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotDiscardAll): Move here...
	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata, qemuDomainSnapshotForEachQcow2)
	(qemuDomainSnapshotDiscard, qemuDomainSnapshotDiscardAll): ...from
	here.
	(qemuDomainUndefineFlags): Update caller.
	* src/conf/domain_conf.c (virDomainRemoveInactive): Doc fixes.

2011-09-22  Eric Blake  <eblake@redhat.com>

	snapshot: fix logic bug in qemu undefine
	Commit 19f8c98 introduced VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA,
	with the intent that omitting the flag makes undefine fail, and
	including the flag deletes metadata.  But it used the wrong logic.
	Also, hoist the transient domain sooner, so that we don't
	accidentally remove metadata of a transient domain.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Check correct
	flag value.

2011-09-22  Eric Blake  <eblake@redhat.com>

	sanlock: fix memory leak
	Detected by Coverity.  The only way to get to error_unlink is if
	path was successfully assigned, so the if was useless.  Meanwhile,
	there was a return statement that did not free path.

	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
	useless if.

2011-09-22  Eric Blake  <eblake@redhat.com>

	virsh: fix regression in argv parsing
	Prior to commit 85d2810, we had an issue where:

	snapshot-create-as dom name --diskspec spec --diskspec spec

	failed to parse the second spec, because the first spec had marked
	that option as no longer requiring an argument.

	In commit 85d2810, I fixed it by making argv options no longer mark
	the option as seen.  But this in turn breaks mandatory argv options,
	which now complain that the argv option is missing.

	This patch reverts that part of 85d2810, and instead replaces it with
	fixes to no longer clear opts_need_arg of an argv argument.

	* tools/virsh.c (vshCmddefGetOption, vshCmddefGetData)
	(vshCommandParse): Fix option parsing for required argv option.
	(vshCmddefOptParse): Check that argv option is last.
	* tests/virsh-optparse: Enhance test.

2011-09-22  Osier Yang  <jyang@redhat.com>

	virsh: More friendly err if no pool is specified for looking up a vol
	There are 3 ways to lookup a volume, only virStorageVolLookupByName
	needs pool object. So if no --pool is specified, it will tries to
	get the volume via virStorageVolLookupByPath/virStorageVolLookupByKey.

	But if all 3 ways fails, and no --pool is specified, a friendly
	error might help the user get right way quickly.

2011-09-22  Osier Yang  <jyang@redhat.com>

	storage: Wait udev events are handled before removing lvm vol
	Related #BZ: https://bugzilla.redhat.com/show_bug.cgi?id=702260.

	There are two problems described in the BZ:
	1) "Can't remove open logical volume".
	2) "Unable to deactivate logical volume "foo""

	This patch just intends to fix 2), as 1) is expected if the vol
	is still used by something, and you never known if "lvchange -an"
	will fail or not either (sometime, it will succeed, sometimes not).
	We'd better not look for trouble, :-)

	For 2), that's caused by race between lvremove and udev event handling,
	the only workable way now is to wait the events handling are finished,
	though it might introduce latencies, as "udevadmin settle" exits
	after *all* events are handled, it's the only way we can fix
	the racing in libvirt layer.

	See https://bugzilla.redhat.com/show_bug.cgi?id=570359 for more
	details.

2011-09-21  Alex Jia  <ajia@redhat.com>

	qemu: avoid dereferencing a NULL pointer
	* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
	  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
	  virDomainObjUnref(obj) will dereference NULL pointer.

2011-09-21  Oskari Saarenmaa  <os@ohmu.fi>

	tests: improve test failure diagnosis
	  * qemuhelptest prints test case name on failure.

2011-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid loop of fake reboots
	Once virDomainReboot is called for a domain, guest OS initiated shutdown
	would always result in reboot instead of shutdown. Only
	virDomainShutdown would actually shutd such domain down. That's because
	we forgot to reset fakeReboot flag once we asked the domain to reboot.

2011-09-21  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix shutdown regression with buggy qemu
	The commit that prevents disk corruption on domain shutdown
	(96fc4784177ecb70357518fa863442455e45ad0e) causes regression with QEMU
	0.14.* and 0.15.* because of a regression bug in QEMU that was fixed
	only recently in QEMU git. The affected versions of QEMU do not quit on
	SIGTERM if started with -no-shutdown, which we use to implement fake
	reboot. Since -no-shutdown tells QEMU not to quit automatically on guest
	shutdown, domains started using the affected QEMU cannot be shutdown
	properly and stay in a paused state.

	This patch disables fake reboot feature on such QEMU by not using
	-no-shutdown, which makes shutdown work as expected. However,
	virDomainReboot will not work in this case and it will report "Requested
	operation is not valid: Reboot is not supported with this QEMU binary".

2011-09-21  Osier Yang  <jyang@redhat.com>

	API: prefer to use NULLSTR macro

2011-09-21  Eric Blake  <eblake@redhat.com>

	remote: fix crash on OOM
	Bug introduced in commit 675464b.  On an OOM, this would try to
	dereference a char* and free the contents as a pointer, which is
	doomed to failure.

	Adding a syntax check will prevent mistakes like this in the future.

	* cfg.mk (sc_prohibit_internal_functions): New syntax check.
	(exclude_file_name_regexp--sc_prohibit_internal_functions): Add
	exemptions.
	* daemon/remote.c (remoteRelayDomainEventIOError)
	(remoteRelayDomainEventIOErrorReason)
	(remoteRelayDomainEventGraphics, remoteRelayDomainEventBlockJob):
	Use correct free function.

2011-09-21  Eric Blake  <eblake@redhat.com>

	xen: use typical allocations
	The next patch will add a syntax check that flags this usage in xen
	as awkward - while it was valid memory management, it was very hard
	to maintain.  Swapping to a more traditional allocation may be a bit
	slower, but easier to understand.

	* src/xen/xend_internal.c (xenDaemonListDomainsOld): Use two-level
	allocation, rather than abusing allocation function.
	(xenDaemonLookupByUUID): Update caller.

2011-09-21  Osier Yang  <jyang@redhat.com>

	virsh: Remove useless codes of cmdVolPath
	Variable "name" is never used in the codes, it's useless.

2011-09-21  Eric Blake  <eblake@redhat.com>

	build: silence warning on 32-bit build
	gcc warns when building libvirt 0.9.5 on a 32-bit machine:

	qemu/qemu_migration.c: In function 'qemuMigrationToFile':
	qemu/qemu_migration.c:2727:38: error: large integer implicitly truncated to unsigned type [-Woverflow]

	* src/qemu/qemu_domain.h (QEMU_DOMAIN_FILE_MIG_BANDWIDTH_MAX): Cap
	to long when building for 32-bit platform.

2011-09-20  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.5
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: fetch updated translations from transifex and rebuilt

2011-09-20  Daniel Veillard  <veillard@redhat.com>

	Fix crash on events due to allocation errors
	remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics
	were using const string directly in rpc structure, before calling
	remoteDispatchDomainEventSend(). But that routine now frees up all
	the pointed allocated memory from the rpc structure and we end up
	with a double free.
	This now strdup() all the strings passed and provide mem_error goto
	labels to be used when an allocation error occurs.
	Note that the cleanup isn't completely finished because all relaying
	function also call make_nonnull_domain() which also allocate a string
	and never handle the error case. This patches doesn't try to address
	this as this is only error correctness a priori and touches far more
	functions in this module:

	* daemon/remote.c: fix string allocations and memory error handling
	  for remoteRelayDomainEventBlockJob, remoteRelayDomainEventIOError,
	  remoteRelayDomainEventIOErrorReason and remoteRelayDomainEventGraphics

2011-09-20  Daniel P. Berrange  <berrange@redhat.com>

	Update to require sanlock 1.8 for license compliance
	Inexplicably the sanlock code all got placed under the GPLv2-only,
	so libvirt's use of sanlock introduces a license incompatibility.
	The sanlock developers have now rearranged the code such that there
	is a 'sanlock_client.so' which is LGPLv2+ while their daemon remains
	GPLv2-only. To use the new client library we need to call the new
	sanlock_init and sanlock_align APIs instead of sanlock_direct_init
	and sanlock_direct_align. These APIs calls are now routed via the
	sanlock daemon, instead of doing direct I/O calls to disk.

	For all this we require sanlock >= 1.8

	* configure.ac: Check for sanlock_client.so instead of sanlock.so
	  and fix various comments
	* libvirt.spec.in: Mandate sanlock >= 1.8
	* src/Makefile.am: Link to -lsanlock_client
	* src/locking/lock_driver_sanlock.c: Use sanlock_init and
	  sanlock_align

2011-09-20  Osier Yang  <jyang@redhat.com>

	conf: Assign newDef of active domain as persistent conf if it is NULL
	Libvirt loads the domain conf from status XML if it's running when
	starting up. The problem is there is no record of the original conf.
	(dom->newDef is NULL here).

	So libvirt won't be able to restore the domain conf to original one
	when destroying/shutdown. E.g.

	1) attach a device without "--persistent"
	2) restart libvirtd
	3) destroy domain
	4) start domain

	One will see the the disk still exists.

	This patch is to fix the peoblem by assigning persistent domain conf
	to dom->newDef if it's NULL and the domain is running.

2011-09-20  Osier Yang  <jyang@redhat.com>

	storage: Ensure the device path exists before refreshing disk pool
	Doing libvirt_parthelper on an not existed device path will get
	an unfriendly error message. This patch is to prohibit it.

	daemon: Error and exit if specified value for timeout is not valid
	Silently setting "timeout" as -1 if the specified value is invalid
	is a bit confused.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	Remove devname identifier from autogenerated RPC code
	Patch 79cf07a missed one instance of "devname" in source for RPC code
	generator.

2011-09-20  Eric Blake  <eblake@redhat.com>

	virsh: tweak previous domblkstat patch
	Translators are likely to botch trailing spacing; by doing the
	formatting outside of the translation, we can generally get
	better alignment.  Also, for consistency, use 'bytes read' to
	match 'bytes written'.

	* tools/virsh.c (domblkstat_output): Drop trailing space. Tweak
	rd_bytes output.
	(cmdDomblkstat, DOMBLKSTAT_LEGACY_PRINT): Update formatting.

2011-09-20  Peter Krempa  <pkrempa@redhat.com>

	virsh: doc: Fix supported driver types for attach-disk command
	Virsh man page lists driver types to be used with attach-device
	command, but does not specify that those are usable only with the XEN
	Hypervisor.

	This patch adds statement, that those options specified are applicable
	only on the Xen hypervisor and adds option usable with qemu emulator.

	This patch also changes type of error returned by QEMU driver if the
	user specifies incompatible driver type from VIR_ERR_INTERNAL_ERROR to
	VIR_ERR_CONFIG_UNSUPPORTED.

2011-09-20  Eric Blake  <eblake@redhat.com>

	maint: Prefer names over email in 'git shortlog'
	Alex recently committed some patches with just an email instead
	of a preferred name; this fixes things so 'git shortlog' gives
	nicer output.

	* .mailmap: Update.

2011-09-19  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add more human-friendly output of domblkstat command
	Users of virsh complain that output of the domblkstat command
	is not intuitive enough. This patch adds explanation of fields
	returned by this command to the help section for domblkstat and
	the man page of virsh. Also a switch --human is added for
	domblkstat that prints the fields with more descriptive
	texts.

	This patch also changes sequence of the output fields and their
	names back to the order and spelling established by previous
	versions of virsh to maintain compatibility with scripts.

	Example of ordered and "translated" output:

	PRE-patch:

	virsh # domblkstat 1 vda
	vda wr_bytes 5170176
	vda wr_operations 511
	vda rd_bytes 82815488
	vda rd_operations 3726

	POST-patch:

	virsh # domblkstat 1 vda
	vda rd_req 3726
	vda rd_bytes 82815488
	vda wr_req 478
	vda wr_bytes 4965376

	Example of human readable output:

	virsh # domblkstat 1 vda --human
	Device: vda
	 number of read operations:      3726
	 number of read bytes:           82815488
	 number of write operations:     478
	 number of bytes written:        4965376

	https://bugzilla.redhat.com/show_bug.cgi?id=731656

2011-09-19  ajia@redhat.com  <ajia@redhat.com>

	vmx: avoid memory leak
	* src/vmx/vmx.c: fix memory leak, 'def' has a initial value 'NULL', so
	  'goto cleanup' is perfected instead of adding a virConfFree before
	  'return NULL'.

2011-09-19  ajia@redhat.com  <ajia@redhat.com>

	util: avoid memory leak
	Leak in pciGetVirtualFunctionIndex present since commit 17d64ca.

	* src/util/pci.c: fix memory leak.

2011-09-19  ajia@redhat.com  <ajia@redhat.com>

	remote: avoid memory leak
	Leak present since introduction of remoteDomainBuildEventGraphics
	in commit 987e31e.

	* src/remote/remote_driver.c: fix memory leak.

2011-09-19  ajia@redhat.com  <ajia@redhat.com>

	qemu: avoid memory leak
	Leak introduced in commit 036ad50, affects only error case.

	* src/qemu/qemu_command.c: fix memory leak.

2011-09-19  ajia@redhat.com  <ajia@redhat.com>

	daemon: avoid memory leak
	Introduced in commit efa7fc9f.

	* daemon/remote.c: fix memory leak in remoteDispatchDomainBlockStatsFlags

2011-09-17  Eric Blake  <eblake@redhat.com>

	spec: silence warnings when installing in F16
	https://bugzilla.redhat.com/show_bug.cgi?id=738725 documents that
	'yum install libvirt' in Fedora 16 is rather noisy.  This fixes
	the problems.

	* libvirt.spec.in (%post client): Silence chkconfig warning about
	SysV services.
	(%post) [with_cgconfig]: Drop for Fedora 15 and newer, where
	systemd does this automatically.

2011-09-17  Eric Blake  <eblake@redhat.com>

	snapshot: allow disk snapshots of qcow2 disks
	For all types of disks other than qcow2, we were requesting that
	SELinux labeling visit the new file as if it were qcow2, which
	means labeling would try to find the backing files of an empty file.
	And for a pre-existing qcow2 disk, we were passing NULL, which meant
	that labelling tried to probe the file type (and if probing is
	disabled, per the default qemu.conf, this made snapshots fail).
	What we really want is to make SELinux labeling visit the new
	file as raw; it will later be converted to qcow2 if qemu successfully
	made the snapshot.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Force SELinux labeling
	to avoid probe of new file.

2011-09-17  Eric Blake  <eblake@redhat.com>

	snapshot: affect persistent xml after disk snapshot
	For external snapshots to be useful on persistent domains, we must
	alter the persistent definition alongside the running definition.
	Thanks to the possibility of disk hotplug as well as of edits that
	only affect the persistent xml, we can't assume that vm->def and
	vm->newDef have the same disk at the same index, so we can only
	update the persistent copy if the device destination matches up.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): Also affect newDef, if
	present.

2011-09-17  Eric Blake  <eblake@redhat.com>

	build: work around lack of MacOS fdatasync
	Mingw lacks fsync, but gnulib provides that.  Meanwhile, gnulib does
	not (yet) provide fdatasync, so this is a quick hack to fake that
	function on MacOS X; we can revert this configure change once gnulib
	gives us a real module.

	We have been implicitly relying on gnulib's largefile module being
	pulled in by other modules, but it's better to make that explicit.

	* bootstrap.conf (gnulib_modules): Add fsync.  Make largefile use
	explicit.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for fdatasync, and
	fake it with fsync when not present.

2011-09-16  Daniel P. Berrange  <berrange@redhat.com>

	Prevent crash from dlclose() of libvirt.so
	When libvirt calls virInitialize it creates a thread local
	for the virErrorPtr storage, and registers a callback to
	cleanup memory when a thread exits. When libvirt is dlclose()d
	or otherwise made non-resident, the callback function is
	removed from memory, but the thread local may still exist
	and if a thread later exists, it will invoke the callback
	and SEGV. There may also be other thread locals with callbacks
	pointing to libvirt code, so it is in general never safe to
	unload libvirt.so from memory once initialized.

	To allow dlclose() to succeed, but keep libvirt.so resident
	in memory, link with '-z nodelete'. This issue was first
	found with the libvirt CIM provider, but can potentially
	hit many of the dynamic language bindings which all ultimately
	involve dlopen() in some way, either on libvirt.so itself,
	or on the glue code for the binding which in turns links
	to libvirt

	* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
	  with -z nodelete
	* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
	  tests/shunloadtest.c: A test case to unload libvirt while
	  a thread is still running.

2011-09-16  Alex Jia  <ajia@redhat.com>

	qemu: add return value check
	* src/qemu/qemu_command.c: missing return value check.

2011-09-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Introduce shutdown reason for paused state
	Qemu sends STOP event as part of the shutdown process. Detect such STOP
	event and consider shutdown to be reason of emitting such event. That's
	the best we can do until qemu provides us the reason directly in STOP
	event. This allows us to report shutdown reason for paused state so that
	apps can detect domains that failed to finish the shutdown process
	(e.g., because qemu is buggy and doesn't exit on SIGTERM or it is
	blocked in flushing disk buffers).

2011-09-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Prevent disk corruption on domain shutdown
	Ever since we introduced fake reboot, we call qemuProcessKill as a
	reaction to SHUTDOWN event. Unfortunately, qemu doesn't guarantee it
	flushed all internal buffers before sending SHUTDOWN, in which case
	killing the process forcibly may result in (virtual) disk corruption.

	By sending just SIGTERM without SIGKILL we give qemu time to to flush
	all buffers and exit. Once qemu exits, we will see an EOF on monitor
	connection and tear down the domain. In case qemu ignores SIGTERM or
	just hangs there, the process stays running but that's not any different
	from a possible hang anytime during the shutdown process so I think it's
	just fine.

	Also qemu (since 0.14 until it's fixed) has a bug in SIGTERM processing
	which causes it not to exit but instead send new SHUTDOWN event and keep
	waiting. I think the best we can do is to ignore duplicate SHUTDOWN
	events to avoid a SHUTDOWN-SIGTERM loop and leave the domain in paused
	state.

2011-09-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Properly detect crash of a rebooted domain
	When a domain is rebooted using libvirt API, we use fake reboot
	consisting of shutting down and resetting the domain. Thus we see a
	SHUTDOWN event and set gotShutdown flag. But we never reset it back and
	if the domain crashes after it was rebooted this way, we consider it was
	a normal shutdown and not a crash.

	qemu: Fix shutoff reason when domain crashes
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 changed shutoff reason
	from VIR_DOMAIN_SHUTOFF_CRASHED to VIR_DOMAIN_SHUTOFF_FAILED in case we
	see an unexpected EOF on monitor connection. But FAILED reason is
	dedicated for domains that fail to start. CRASHED reason is the right
	one to use in this situation.

	python: Fix bindings generated in VPATH build

2011-09-16  Eric Blake  <eblake@redhat.com>

	Revert "virsh: Use old API if remote libvirtd does not support new"
	This reverts commit 799912fa05b8c3aa37bd04c57b196755f3f70552; now
	that the rpc regression is fixed, virsh no longer needs the special
	case here.

2011-09-16  Eric Blake  <eblake@redhat.com>

	rpc: convert unknown procedures to VIR_ERR_NO_SUPPORT
	Libvirt special-cases a specific VIR_ERR_RPC from the remote driver
	back into VIR_ERR_NO_SUPPORT on the client, so that clients can
	handle missing rpc functions the same whether the hypervisor driver
	is local or remote.  However, commit c1b22644 introduced a regression:
	VIR_FROM_THIS changed from VIR_FROM_REMOTE to VIR_FROM_RPC, so the
	special casing no longer works if the server uses the newer error
	domain.

	* src/rpc/virnetclientprogram.c
	(virNetClientProgramDispatchError): Also cater to 0.9.3 and newer.

2011-09-16  Stefan Berger  <stefanb@us.ibm.com>

	Fix buzzilla 738778
	This patch fixes the bug shown in bugzilla 738778. It's not an nwfilter problem but a connection sharing / closure issue.

	https://bugzilla.redhat.com/show_bug.cgi?id=738778

	Depending on the speed / #CPUs of the machine you are using you may not see this bug all the time.

2011-09-16  Alex Jia  <ajia@redhat.com>

	conf: avoid memory leak on virDomainDefParseXML
	* conf/domain_conf.c: allocate memory to def->redirdevs in
	  virDomainDefParseXML such as VIR_ALLOC_N(def->redirdevs, n),
	  however, virDomainDefFree(def) hasn't released these memory.

	* Detected in valgrind run:

	==19820== 209 (16 direct, 193 indirect) bytes in 1 blocks are definitely lost in loss record 25 of 26
	==19820==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==19820==    by 0x4A13AF: virAllocN (memory.c:129)
	==19820==    by 0x4D4A0E: virDomainDefParseXML (domain_conf.c:7258)
	==19820==    by 0x4D4C93: virDomainDefParseNode (domain_conf.c:7512)
	==19820==    by 0x4D562F: virDomainDefParse (domain_conf.c:7465)
	==19820==    by 0x415863: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
	==19820==    by 0x415982: testCompareXMLToXMLHelper (qemuxml2xmltest.c:80)
	==19820==    by 0x416D31: virtTestRun (testutils.c:140)
	==19820==    by 0x415604: mymain (qemuxml2xmltest.c:192)
	==19820==    by 0x416437: virtTestMain (testutils.c:689)
	==19820==    by 0x3CA7A1ECDC: (below main) (in /lib64/libc-2.12.so)
	==19820==
	==19820== LEAK SUMMARY:
	==19820==    definitely lost: 16 bytes in 1 blocks
	==19820==    indirectly lost: 193 bytes in 5 blocks
	==19820==      possibly lost: 0 bytes in 0 blocks
	==19820==    still reachable: 1,054 bytes in 21 blocks

	* How to reproduce?
	% valgrind -v --leak-check=full ./tests/qemuxml2xmltest

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	build: storage: Macro 'MKFS' is undefined on some platforms.
	Mac OS X 10.6. Snow Leopard and probably other do not provide a mkfs
	command to create filesystems. Macro MKFS then remained undefined and
	did not provide any substitute, so that build failed on a missing
	argument.

	build: storage: Conditionaly compiled structure caused build fail on OSX
	Struct virStoragePoolProbeResult was compiled in conditionaly, but
	virStorageBackendFileSystemProbe used it unconditionaly. This patch
	exempts the struct from conditional include.

	Avoid using "devname" as an identifier.
	/usr/lib/stdlib.h in Mac OS X and probably also in BSD's
	exports this symbol :(

2011-09-16  Peter Krempa  <pkrempa@redhat.com>

	doc: Add statment about permissions needed to do a core dump
	Documentation did not specify, that some permissions are required on
	target path for coredump for the user running the hypervisor.

	Diff to v1:
	- reword statements

2011-09-16  Eric Blake  <eblake@redhat.com>

	snapshot: tweak snapshot-create-as diskspec docs
	With this patch, it is hopefully a bit more obvious that for
	snapshot-create-as, a literal '--diskspec' is mandatory if name
	or description was omitted, but optional if all earlier options
	were provided.

	These all denote two diskspecs and a description:
	virsh snapshot-create-as dom name desc vda vdb
	virsh snapshot-create-as dom name desc --diskspec vda --diskspec vdb
	virsh snapshot-create-as dom name desc --diskspec vda vdb
	virsh snapshot-create-as dom name desc vda --diskspec vdb
	virsh snapshot-create-as dom --diskspec vda --diskspec vdb name desc

	This gives two diskspecs but no description:
	virsh snapshot-create-as dom name --diskspec vda --diskspec vdb

	And this treats 'vda' as the description, with only one diskspec:
	virsh snapshot-create-as dom name vda vdb

	The help output now shows:
	    snapshot-create-as <domain> [<name>] [<description>] [--print-xml] [--no-metadata] [--halt] [--disk-only] [[--diskspec] <string>]...

	I also checked the help output for echo and send-key, which are two
	other variants of argv commands.

	* tools/virsh.pod (snapshot-create-as): Document when a literal
	--diskspec must preceed a diskspec argument.
	* tools/virsh.c (vshCmddefHelp): Update help output for argv when
	naming the option is useful.
	(vshCmddefGetData): Fix logic on when argv was seen.
	* tests/virsh-optparse: Add tests to avoid regressions.

2011-09-15  Cole Robinson  <crobinso@redhat.com>

	python: Fix libvirt.py generation to include virterror info
	Recent generator refactoring broke libvirt.py. With this patch, libvirt.py
	is generated exactly the same as before offending commit 9eba0d25.

2011-09-15  Eric Blake  <eblake@redhat.com>

	qemu_api: doc improvements
	The new doc text had a few readability issues.  Also, the
	monitor command text copied a bit too much from the attach case.

	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Fix typos and grammar.

2011-09-15  Peter Krempa  <pkrempa@redhat.com>

	doc: virsh: Fix command name in man page
	Fix cut&paste error having command named domif-setlink instead of
	domif-getlink.

2011-09-15  Alex Jia  <ajia@redhat.com>

	sanlock: add missing test command in virt-sanlock-cleanup.in
	* tools/virt-sanlock-cleanup.in: fix missing test command when judging
	  second condition.

	https://bugzilla.redhat.com/show_bug.cgi?id=738534

2011-09-15  Michal Privoznik  <mprivozn@redhat.com>

	spec: Require augeas for sanlock
	Even though we BuildRequire augeas in some cases, we need to require
	it even after if we build with sanlock. virt-sanlock-cleanup use it.

2011-09-15  Jim Fehlig  <jfehlig@suse.com>

	Fix build after commit 829bce17
	Pushing under build-breaker rule.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Use max bandwidth from qemuDomainObjPrivate struct when migrating
	Adjust qemuMigrationRun() to use migMaxBandwidth in qemuDomainObjPrivate
	structure when setting qemu migration speed.  Caller-specified 'resource'
	parameter overrides migMaxBandwidth.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Set qemu migration speed unlimited when migrating to file
	The qemu migration speed default is 32MiB/s as defined in migration.c

	/* Migration speed throttling */
	static int64_t max_throttle = (32 << 20);

	There's no need to throttle migration when targeting a file, so set migration
	speed to unlimited prior to migration, and restore to libvirt default value
	after migration.

	Default units is MB for migrate_set_speed monitor command, so
	(INT64_MAX / (1024 * 1024)) is used for unlimited migration speed.

	Tested with both json and text monitors.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Save migration speed in qemuDomainMigrateSetMaxSpeed
	Now that migration speed is stored in qemuDomainObjPrivate structure,
	save the new value when invoking qemuDomainMigrateSetMaxSpeed().

	Allow setting migration speed on inactive domain too.

2011-09-15  Jim Fehlig  <jfehlig@novell.com>

	Impl virDomainMigrateGetMaxSpeed in qemu driver

	Store max migration bandwidth in qemuDomainObjPrivate struct
	The maximum bandwidth that can be consumed when migrating a domain
	is better classified as an operational vs configuration parameter of
	the dommain.  As such, store this parameter in qemuDomainObjPrivate
	structure.

2011-09-14  Marc-André Lureau  <marcandre.lureau@gmail.com>

	conf: add missing break in virDomainAuditRedirdev
	Also initialize to NULL a few variables that might get
	free before being set.

2011-09-14  Eric Blake  <eblake@redhat.com>

	network: add missing exports
	Commit c246b025 added new functions, but forgot to export them,
	resulting in a build failure when using modules.

	* src/libvirt_private.syms (network.h): Export new functions.

2011-09-14  Eric Blake  <eblake@redhat.com>

	snapshot: ABI stability must include memory sizing
	Commit 973fcd8f introduced the ability for qemu to reject snapshot
	reversion on an ABI incompatibility; but the very example that was
	first proposed on-list[1] as a demonstration of an ABI incompatibility,
	namely that of changing the max memory allocation, was not being
	checked for, resulting in a cryptic failure when running with larger
	max mem than what the snapshot was created with:
	error: operation failed: Error -22 while loading VM state

	This commit merely protects the three variables within mem that are
	referenced by qemu_command.c, rather than all 7 (the other 4 variables
	affect cgroup handling, but as far as I can tell, have no visible effect
	to the qemu guest).  This also affects migration and save file handling,
	which are other places where we perform ABI compatibility checks.

	[1] https://www.redhat.com/archives/libvir-list/2010-December/msg00331.html

	* src/conf/domain_conf.c (virDomainDefCheckABIStability): Add
	memory sizing checks.

2011-09-14  Eric Blake  <eblake@redhat.com>

	maint: ignore generated files
	* .gitignore: Exempt recently added generated files.

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	xml: Clean up rest of virtual XML document names for XML strings
	Commit 498d783 cleans up some of virtual file names for parsing strings
	in memory. This patch cleans up (hopefuly) the rest forgotten by the
	first patch.

	This patch also changes all of the previously modified "filenames" to
	valid URI's replacing spaces for underscores.

	Changes to v1:
	- Replace all spaces for underscores, so that the strings form valid
	  URI's
	- Replace spaces in places changed by commit 498d783

2011-09-14  Daniel Veillard  <veillard@redhat.com>

	Remove two references to files not generated
	This was breaking "make dist"

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	make: Fix 'make syntax-check' failing.
	Commit 2a0d75e5 added file python/libvirt-qemu-override.c that contains
	code that does not pass "make syntax-check". This patch adds an
	exception for this file and the check.

	prohibit_always_true_header_tests
	python/libvirt-qemu-override.c:17:#undef HAVE_PTHREAD_H
	maint.mk: do not test the above HAVE_<header>_H symbol(s);
	  with the corresponding gnulib module, they are always true
	make: *** [sc_prohibit_always_true_header_tests] Error 1

2011-09-14  Osier Yang  <jyang@redhat.com>

	qemu_api: Update libvirt spec file

	qemu_api: Update Makefile to generate libvirtmod_qemu lib

	qemu_api: Update Py binding generator to generate files for QEMU APIs
	It will generate:
	  libvirt-qemu.py
	  libvirt-qemu.h
	  libvirt-qemu.c
	  libvirt-qemu-export.c

	qemu_api: Add override XML and C files for QEMU APIs
	There is only one function (virDomainQemuMonitorCommand) need to
	be hand-craft.

	qemu_api: Add comments for API virDomainQemuMonitorCommand
	And fix argument @pid's type of virDomainQemuAttach.

	qemu_api: Update Makefile for subdir docs

	qemu_api: Modify apibuild.py to generate docs for QEMU APIs
	The generated docs are: libvirt-qemu-api.xml, libvirt-qemu-refs.xml

2011-09-14  Peter Krempa  <pkrempa@redhat.com>

	virsh: Use old API if remote libvirtd does not support new
	Commit ffe28ab74b821c916ec4ba8efb5c992454e4bd24 introduced regression
	while communicating with older libvirtd command 'domblkstat' used the new
	API and did not check for VIR_ERR_RPC error code signalling the remote
	server does not support this API and did not fall back to older API.
	Thereafter 'domblkstat' ended with "error: unknown procedure: 243".

2011-09-13  Guannan Ren  <gren@redhat.com>

	snapshot: fix double free of qemuImgBinary
	Regression introduced in commit 3881a470, due to an improper rebase
	of a cleanup written beforehand but only applied after a rebased of
	a refactoring that created a new function in commit 25fb3ef.

	Also avoids passing NULL to printf %s.

	* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
	it free up the memory of qemu_driver->qemuImgBinary in the
	cleanup tag which leads to the garbage value of qemuImgBinary
	in qemu_driver struct and libvirtd crash when running
	"virsh snapshot-create" command a second time.

2011-09-13  Daniel Veillard  <veillard@redhat.com>

	Do not log invalid operations in libvirtd logs
	  This is a bit painful for example when starting virt-manager
	it tends to clutter libvirtd.log with invalid operation on cpu pinning
	for defined but not running domains. A priori those kind of errors
	don't indicate an error when executing the command but on a precondition
	for running the API, and honnestly while the application should report
	it, logging it as an error in libvirtd.log is not really useful,

	   Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=590807

	* daemon/libvirtd.c: extend daemonErrorLogFilter() to filter out
	   errors of type VIR_ERR_OPERATION_INVALID

2011-09-09  Michal Privoznik  <mprivozn@redhat.com>

	virnetsocket: Pass KRB5CCNAME env variable
	So we can allow GSSAPI authentication for ssh.

	selinux: Detect virt_use_nfs boolean set
	If we fail setting label on a file and this file is on NFS share,
	it is wise to advise user to set virt_use_nfs selinux boolean
	variable.

2011-09-09  Philipp Hahn  <hahn@univention.de>

	Fix URL-escaping for domainDefine
	'+' in strings get translated to ' ' when editing domains.
	While xenDaemonDomainCreateXML() did URL-escape the sexpr,
	xenDaemonDomainDefineXML() did not.

	Remove the explicit urlencode() in xenDaemonDomainCreateXML() and add
	the direct encoding calls to xend_op_ext() because it calls xend_post()
	which uses "Content-Type: application/x-www-form-urlencoded". According
	to <http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1> this
	requires all parameters to be url-encoded as specified in rfc1738.

	Notice: virBufferAsprintf(..., "%s=%s", ...) is again replaced by three
	calls to virBufferURIEncodeString() and virBufferAddChar() because '='
	is a "reserved" character, which would get escaped by
	virBufferURIEncodeString(), which - by the way - escapes anything not
	c_isalnum().

2011-09-08  Peter Krempa  <pkrempa@redhat.com>

	xml: Change virtual file names of xml documents parsed in memory
	While parsing XML strings from memory, the previous convention in
	libvirt was to set the virtual file name to "domain.xml" or something
	similar. This could potentialy trick the user into looking for a file
	named domain.xml on the disk in an attempt to fix the error.

	This patch changes these filenames to something that can't be as easily
	confused for a valid filename.

	Examples of error messages:
	---------------------------
	Error while loading file from disk:

	15:07:59.015: 527: error : catchXMLError:709 : /path/to/domain.xml:1: StartTag: invalid element name
	<domain type='kvm'><
	--------------------^

	Error while parsing definition in memory:

	15:08:43.581: 525: error : catchXMLError:709 : (domain definition):2: error parsing attribute name
	  <name>vm1</name>
	--^

2011-09-08  Eric Blake  <eblake@redhat.com>

	snapshot: fix regression with system checkpoints
	Regression introduced in commit d6f6b2d194c.  Running
	'virsh snapshot-create dom' would mistakenly report that
	disks can only be specified for disk snapshots.

	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Only
	give error about no disk support when <disk> was found.

2011-09-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest.

2011-09-08  Eric Blake  <eblake@redhat.com>

	snapshot: use new API for less work
	This has the added benefit of making 'snapshot-create dom --no-metadata'
	now able to tell you the name of the just-generated snapshot.

	* tools/virsh.c (vshSnapshotCreate, cmdSnapshotCurrent): Don't get
	XML just for name.

2011-09-08  Eric Blake  <eblake@redhat.com>

	snapshot: new APIs for inspecting snapshot object
	These functions access internals of the opaque object, and do
	not need any rpc counterpart.  It could be argued that we should
	have provided these when snapshot objects were first introduced,
	since all the other vir*Ptr objects have at least a GetName accessor.

	* include/libvirt/libvirt.h.in (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): Declare.
	* src/libvirt.c (virDomainSnapshotGetName)
	(virDomainSnapshotGetDomain, virDomainSnapshotGetConnect): New
	functions.
	* src/libvirt_public.syms: Export them.

2011-09-08  Soren Hansen  <soren@linux2go.dk>

	Don't treat pci_system_init failure as fatal if no PCI bus is present
	Xen PV domU's have no PCI bus. node_device_udev.c calls pci_system_init
	which looks for /sys/bus/pci. If it does not find /sys/bus/pci (which it
	won't in a Xen PV domU) it returns unsuccesfully (ENOENT), which libvirt
	considers fatal. This makes libvirt unusable in this environment, even
	though there are plenty of valid virtualisation options that work
	there (LXC, UML, and QEmu spring to mind)

	https://bugzilla.redhat.com/show_bug.cgi?id=709471

2011-09-08  Alex Jia  <ajia@redhat.com>

	doc: fix incorrect option in send-key
	* tools/virsh.pod: fix a option typo of send-key section.

	virsh: fix typo in opts_send_key
	* tools/virsh.c: millseconds should be milliseconds in opts_send_key.

2011-09-08  Alex Jia  <ajia@redhat.com>

	rpc: avoid memory leak on virNetTLSContextValidCertificate
	* src/rpc/virnettlscontext.c: fix memory leak on
	  virNetTLSContextValidCertificate.

	* Detected in valgrind run:

	==25667==
	==25667== 6,085 (44 direct, 6,041 indirect) bytes in 1 blocks are definitely
	lost in loss record 326 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F2791F3: _asn1_add_node_only (structure.c:53)
	==25667==    by 0x4F27997A: _asn1_copy_structure3 (structure.c:421)
	==25667==    by 0x4F276A50: _asn1_append_sequence_set (element.c:144)
	==25667==    by 0x4F2743FF: asn1_der_decoding (decoding.c:1194)
	==25667==    by 0x4F22B9CC: gnutls_x509_crt_import (x509.c:229)
	==25667==    by 0x805274B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1009)
	==25667==    by 0x804DE32: testTLSSessionInit (virnettlscontexttest.c:693)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 23,188 (88 direct, 23,100 indirect) bytes in 11 blocks are definitely
	lost in loss record 346 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F22B841: gnutls_x509_crt_init (x509.c:50)
	==25667==    by 0x805272B: virNetTLSContextCheckCertificate
	(virnettlscontext.c:1003)
	==25667==    by 0x804DDD1: testTLSSessionInit (virnettlscontexttest.c:673)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

2011-09-08  Alex Jia  <ajia@redhat.com>

	tests: avoid memory leak on testTLSSessionInit
	* tests/virnettlscontexttest: fix memory leak on virnettlscontext test case.

	* Detected in valgrind run:

	==25667==
	==25667== 86,651 (34,680 direct, 51,971 indirect) bytes in 10 blocks are
	definitely lost in loss record 350 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD24: testTLSSessionInit (virnettlscontexttest.c:624)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)
	==25667==
	==25667== 100,578 (38,148 direct, 62,430 indirect) bytes in 11 blocks are
	definitely lost in loss record 351 of 351
	==25667==    at 0x4005447: calloc (vg_replace_malloc.c:467)
	==25667==    by 0x4F1F515D: gnutls_init (gnutls_state.c:270)
	==25667==    by 0x8053432: virNetTLSSessionNew (virnettlscontext.c:1181)
	==25667==    by 0x804DD3C: testTLSSessionInit (virnettlscontexttest.c:625)
	==25667==    by 0x804F14D: virtTestRun (testutils.c:140)

	* How to reproduce?
	% cd libvirt && ./configure && make && make -C tests valgrind
	or
	% valgrind -v --leak-check=full ./tests/virnettlscontexttest

2011-09-08  Alex Jia  <ajia@redhat.com>

	libxl: avoid a dereference of a null pointer
	Variable 'l_disk' initialized to a null pointer value, control jumps to 'case
	VIR_DOMAIN_DISK_DEVICE_DISK and then taking false branch, Within the expansion
	of the macro 'libxlError': Field access results in a dereference of a null
	pointer (loaded from variable 'l_disk').

	* src/libxl/libxl_driver.c: Field access results in a dereference of a null
	  pointer (loaded from variable 'l_disk')

2011-09-08  Eric Blake  <eblake@redhat.com>

	blockinfo: fix qemu regression in handling disk name
	Regression introduced in commit 89b6284fd, due to an incorrect
	conversion to the new means of converting disk names back to
	the correct object.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Avoid NULL deref.

2011-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix managed object lookup with optional occurrence
	Exit early if managed object is not found, instead of dereferencing
	a NULL pointer and triggering a segfault.

2011-09-07  Michal Privoznik  <mprivozn@redhat.com>

	Threadpool: Initialize new dynamic workers
	Although we were initializing worker threads during pool creating,
	we missed this during virThreadPoolSendJob. This bug led to segmenation
	fault as worker thread free() given argument.

2011-09-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Don't use interface as an identifier
	Because it's a define used in MSCOM and its usage as
	identifier results in a compile error.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: virsh: Add wrapper commands for changing link state
	Two new commands are added to virsh that wrap usage of
	virDomainUpdateDeviceFlags for changing link state of domain's network
	interfaces. These wrappers extract network devices's xml configuration
	and modify the link state for easy manipulation from an user's perspective.

	 - domif-setlink - set link state of a domains virtual network interface
	 - domif-getlink - get link state

	* tools/virsh.c   - Add functionality to virsh
	* tools/virsh.pod - Manpage documentation

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: qemu: Add net intf modification to virUpdateDeviceFlags
	This patch enables modifying network device configuration using the
	virUpdateDeviceFlags API method. Matching of devices is accomplished
	using MAC addresses.

	While updating live configuration of a running domain, the user is
	allowed only to change link state of the interface. Additional
	modifications may be added later. For now the code checks for
	unsupported changes and thereafter changes the link state, if
	applicable.

	When updating persistent configuration of guest's network interface the
	whole configuration (except for the MAC address) may be modified and
	is stored for the next startup.

	* src/qemu/qemu_driver.c   - Add dispatching of virUpdateDevice for
	                             network devices update (live/config)
	* src/qemu/qemu_hotplug.c  - add setting of initial link state on live
	                             device addition
	                           - add function to change network device
	                             configuration. By now it supports only
	                             changing of link state
	* src/qemu/qemu_hotplug.h  - Headers to above functions
	* src/qemu/qemu_process.c  - set link states before virtual machine
	                             start. Qemu does not support setting of
	                             this on the command line.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: qemu: Add monitor handling for link state modification
	This patch adds handlers for modification of guest's interface
	link state. Both HMP and QMP commands are supported, but as the
	link state functionality is from the beginning supported in QMP
	the HMP code will probably never be used.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: conf: Add element to XML for controling link state
	A new element is introduced to XML that allows to control
	state of virtual network interfaces in hypervisors.

	Live modification of the link state allows networking tools
	propagate topology changes to guest OS or testing of
	scenarios in complex (virtual) networks.

	This patch adds elements to XML grammars and parsing and generating
	code.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	link-state: util: Add equality comparison functions for structures
	This patch adds functions to compare structures containing network
	device configuration for equality. They serve for the purpose of
	disallowing unsupported changes to live network devices.

2011-09-06  Peter Krempa  <pkrempa@redhat.com>

	XML: Improve XML parsing error messages
	This patch modifies error handling function for the XML parser provided
	by libxml2.

	Originaly only a line number and error message were logged. With this
	new error handler function, the user is provided with a more complex
	description of the parsing error.

	Context of the error is printed in libXML2 style and filename of the
	file, that caused the error is printed. Example of an parse error:

	13:41:36.262: 16032: error : catchXMLError:706 :
	/etc/libvirt/qemu/rh_bad.xml:58: Opening and ending tag mismatch: name
	line 2 and domain
	</domain>
	---------^

	Context of the error gives the user hints that may help to quickly
	locate a corrupt xml file.

	fixes BZs:
	----------
	Bug 708735 - [RFE] Show column and line on XML parsing error
	https://bugzilla.redhat.com/show_bug.cgi?id=708735

	Bug 726771 - libvirt does not specify problem file if persistent xml is
	invalid
	https://bugzilla.redhat.com/show_bug.cgi?id=726771

2011-09-06  Marc-André Lureau  <marcandre.lureau@redhat.com>

	redirdev: allows to specify device address
	It is important to be able to attach USB redirected devices to a
	particular controller (one that supports USB2 for instance).
	Without this patch, only the default bus was used.

	     <redirdev bus='usb' type='spicevmc'>
	       <address type='usb' bus='0' port='4'/>
	     </redirdev>

2011-09-06  Daniel Veillard  <veillard@redhat.com>

	latency: fix make check for remote protocol structs and numbers

2011-09-06  Osier Yang  <jyang@redhat.com>

	latency: Update virsh command domblkstat to use new API
	The modified function fallbacks to use virDomainBlockStats if
	virDomainBlockStatsFlags is not supported by the hypervisor driver.
	If the new API is supported, it will be invoked instead of the
	old API.

	latency: Expose the new API for Python binding

	latency: Implemente internal API for qemu driver

2011-09-06  Osier Yang  <jyang@redhat.com>

	latency: Update monitor functions for new latency fields
	The mainly changes are:

	1) Update qemuMonitorGetBlockStatsInfo and it's children (Text/JSON)
	   functions to return the value of new latency fields.
	2) Add new function qemuMonitorGetBlockStatsParamsNumber, which is
	   to count how many parameters the underlying QEMU supports.
	3) Update virDomainBlockStats in src/qemu/qemu_driver.c to be
	   compatible with the changes by 1).

2011-09-06  Osier Yang  <jyang@redhat.com>

	latency: Wire up the remote protocol

	latency: Implemente the public API

	latency: Define the internal driver callback

	latency: Define new public API and structure

2011-09-05  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Deal with stucked qemu on daemon startup
	If libvirt daemon gets restarted and there is (at least) one
	unresponsive qemu, the startup procedure hangs up. This patch creates
	one thread per vm in which we try to reconnect to monitor. Therefore,
	blocking in one thread will not affect other APIs.

	qemu: Introduce job queue size limit
	This patch creates an optional BeginJob queue size limit. When
	active, all other attempts above level will fail. To set this
	feature assign desired value to max_queued variable in qemu.conf.
	Setting it to 0 turns it off.

2011-09-05  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Create priority workers pool
	This patch annotates APIs with low or high priority.
	In low set MUST be all APIs which might eventually access monitor
	(and thus block indefinitely). Other APIs may be marked as high
	priority. However, some must be (e.g. domainDestroy).

	For high priority calls (HPC), there are some high priority workers
	(HPW) created in the pool. HPW can execute only HPC, although normal
	worker can process any call regardless priority. Therefore, only those
	APIs which are guaranteed to end in reasonable small amount of time
	can be marked as HPC.

	The size of this HPC pool is static, because HPC are expected to end
	quickly, therefore jobs assigned to this pool will be served quickly.
	It can be configured in libvirtd.conf via prio_workers variable.
	Default is set to 5.

	To mark API with low or high priority, append priority:{low|high} to
	it's comment in src/remote/remote_protocol.x. This is similar to
	autogen|skipgen. If not marked, the generator assumes low as default.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: use SELinux and lock manager with external snapshots
	With this, it is now possible to create external snapshots even
	when SELinux is enforcing, and to protect the new file with a
	lock manager.

	* src/qemu/qemu_driver.c
	(qemuDomainSnapshotCreateSingleDiskActive): Create and register
	new file with proper permissions and locks.
	(qemuDomainSnapshotCreateDiskActive): Update caller.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: wire up live qemu disk snapshots
	Lots of earlier patches led up to this point - the qemu snapshot_blkdev
	monitor command can now be controlled by libvirt!  Well, insofar as
	SELinux doesn't prevent qemu from open(O_CREAT) on the files.  There's
	still some followup work before things work with SELinux enforcing,
	but this patch is big enough to post now.

	There's still room for other improvements, too (for example, taking a
	disk snapshot of an inactive domain, by using qemu-img for both internal
	and external snapshots; wiring up delete and revert control, including
	additional flags from my RFC; supporting active QED disk snapshots;
	supporting per-storage-volume snapshots such as LVM or btrfs snapshots;
	etc.).  But this patch is the one that proves the new XML works!

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Wire in
	active disk snapshots.
	(qemuDomainSnapshotDiskPrepare)
	(qemuDomainSnapshotCreateDiskActive)
	(qemuDomainSnapshotCreateSingleDiskActive): New functions.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: wire up new qemu monitor command
	No one uses this yet, but it will be important once
	virDomainSnapshotCreateXML learns a VIR_DOMAIN_SNAPSHOT_DISK_ONLY
	flag, and the xml allows passing in the new file names.

	* src/qemu/qemu_monitor.h (qemuMonitorDiskSnapshot): New prototype.
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONDiskSnapshot):
	Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorDiskSnapshot): New
	function.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONDiskSnapshot):
	Likewise.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: make it possible to audit external snapshot
	Snapshots alter the set of disk image files opened by qemu, so
	they must be audited.  But they don't involve a full disk definition
	structure, just the new filename.  Make the next patch easier by
	refactoring the audit routines to just operate on file name.

	* src/conf/domain_audit.h (virDomainAuditDisk): Update prototype.
	* src/conf/domain_audit.c (virDomainAuditDisk): Act on strings,
	not definition structures.
	(virDomainAuditStart): Update caller.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia)
	(qemuDomainAttachPciDiskDevice, qemuDomainAttachSCSIDisk)
	(qemuDomainAttachUsbMassstorageDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachDiskDevice):
	Likewise.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: reject unimplemented disk snapshot features
	My RFC for snapshot support [1] proposes several rules for when it is
	safe to delete or revert to an external snapshot, predicated on
	the existence of new API flags.  These will be incrementally added
	in future patches, but until then, blindly mishandling a disk
	snapshot risks corrupting internal state, so it is better to
	outright reject the attempts until the other pieces are in place,
	thus incrementally relaxing the restrictions added in this patch.

	[1] https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCountExternal): New
	function.
	(qemuDomainUndefineFlags, qemuDomainSnapshotDelete): Use it to add
	safety valve.
	(qemuDomainRevertToSnapshot, qemuDomainSnapshotCreateXML): Add safety
	valve.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: wire up disk-only flag to snapshot-create
	Expose the disk-only flag through virsh.  Additionally, make
	virsh snapshot-create-as take an arbitrary number of diskspecs,
	which can be used to build up the xml for <domainsnapshot>.

	* tools/virsh.c (cmdSnapshotCreate): Add --disk-only.
	(cmdSnapshotCreateAs): Likewise, and add argv diskspec.
	(vshParseSnapshotDiskspec): New helper function.
	(vshCmddefGetOption): Allow naming of argv field.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	them.
	* tests/virsh-optparse: Test snapshot-create-as parsing.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: add flag for requesting disk snapshot
	Prior to this patch, <domainsnapshot>/<disks> was ignored.  This
	changes it to be an error unless an explicit disk snapshot is
	requested (a future patch may relax things if it turns out to
	be useful to have a <disks> specification alongside a system
	checkpoint).

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_DISK_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Disk
	snapshots not supported yet.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Likewise.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: add virsh domblklist command
	This adds a convenience function to virsh that parses out block
	information from the domain xml, making it much easier to see
	what strings can be used in all other contexts that demand a
	specific block name, especially when given the previous patch
	that allows using either target or unique source name.

	As an example on a domain with one disk and an empty cdrom drive:

	Target     Source
	-------------------------------------------
	vda        /var/lib/libvirt/images/fedora_12.img
	hdc        -

	* tools/virsh.c (cmdDomblklist): New function.
	* tools/virsh.pod (domblklist): Document it.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: also support disks by path
	I got confused when 'virsh domblkinfo dom disk' required the
	path to a disk (which can be ambiguous, since a single file
	can back multiple disks), rather than the unambiguous target
	device name that I was using in disk snapshots.  So, in true
	developer fashion, I went for the best of both worlds - all
	interfaces that operate on a disk (aka block) now accept
	either the target name or the unambiguous path to the backing
	file used by the disk.

	* src/conf/domain_conf.h (virDomainDiskIndexByName): Add
	parameter.
	(virDomainDiskPathByName): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainDiskIndexByName): Also allow
	searching by path, and decide whether ambiguity is okay.
	(virDomainDiskPathByName): New function.
	(virDomainDiskRemoveByName, virDomainSnapshotAlignDisks): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainBlockPeek)
	(qemuDomainAttachDeviceConfig, qemuDomainUpdateDeviceConfig)
	(qemuDomainGetBlockInfo, qemuDiskPathToAlias): Likewise.
	* src/qemu/qemu_process.c (qemuProcessFindDomainDiskByPath):
	Likewise.
	* src/libxl/libxl_driver.c (libxlDomainAttachDeviceDiskLive)
	(libxlDomainDetachDeviceDiskLive, libxlDomainAttachDeviceConfig)
	(libxlDomainUpdateDeviceConfig): Likewise.
	* src/uml/uml_driver.c (umlDomainBlockPeek): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainBlockPeek): Likewise.
	* docs/formatsnapshot.html.in: Update documentation.
	* tools/virsh.pod (domblkstat, domblkinfo): Likewise.
	* docs/schemas/domaincommon.rng (diskTarget): Tighten pattern on
	disk targets.
	* docs/schemas/domainsnapshot.rng (disksnapshot): Update to match.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: Update test.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: add <disks> to snapshot xml
	Adds an optional element to <domainsnapshot>, which will be used
	to give user control over external snapshot filenames on input,
	and specify generated filenames on output.

	For now, no driver accepts this element; that will come later.

	<domainsnapshot>
	  ...
	  <disks>
	    <disk name='vda' snapshot='no'/>
	    <disk name='vdb' snapshot='internal'/>
	    <disk name='vdc' snapshot='external'>
	      <driver type='qcow2'/>
	      <source file='/path/to/new'/>
	    </disk>
	  </disks>
	  <domain>
	    ...
	    <devices>
	      <disk ...>
	        <driver name='qemu' type='raw'/>
	        <target dev='vdc'/>
	        <source file='/path/to/old'/>
	      </disk>
	    </devices>
	  </domain>
	</domainsnapshot>

	* src/conf/domain_conf.h (_virDomainSnapshotDiskDef): New type.
	(_virDomainSnapshotDef): Add new elements.
	(virDomainSnapshotAlignDisks): New prototype.
	* src/conf/domain_conf.c (virDomainSnapshotDiskDefClear)
	(virDomainSnapshotDiskDefParseXML, disksorter)
	(virDomainSnapshotAlignDisks): New functions.
	(virDomainSnapshotDefParseString): Parse new fields.
	(virDomainSnapshotDefFree): Clean them up.
	(virDomainSnapshotDefFormat): Output them.
	* src/libvirt_private.syms (domain_conf.h): Export new function.
	* docs/schemas/domainsnapshot.rng (domainsnapshot, disksnapshot):
	Add more xml.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlin/disk_snapshot.xml: New test.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: Update.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: support extra state in snapshots
	In order to distinguish disk snapshots from system checkpoints, a
	new state value that is only valid for snapshots is helpful.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_LAST): New placeholder.
	* src/conf/domain_conf.h (virDomainSnapshotState): New enum mapping.
	(VIR_DOMAIN_DISK_SNAPSHOT): New internal enum value.
	* src/conf/domain_conf.c (virDomainState): Use placeholder.
	(virDomainSnapshotState): Extend mapping by one for use in snapshot.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Handle new state.
	(virDomainObjSetState, virDomainStateReasonToString)
	(virDomainStateReasonFromString): Avoid compiler warnings.
	* tools/virsh.c (vshDomainState, vshDomainStateReasonToString):
	Likewise.
	* src/libvirt_private.syms (domain_conf.h): Export new functions.
	* docs/schemas/domainsnapshot.rng: Tighten state definition.
	* docs/formatsnapshot.html.in: Document it.
	* tests/domainsnapshotxml2xmlout/disk_snapshot.xml: New test.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: expose halt-after-creation in virsh
	Easy enough to emulate even with older servers.

	* tools/virsh.c (cmdSnapshotCreate, cmdSnapshotCreateAs): Add
	--halt flag.
	(vshSnapshotCreate): Emulate halt when flag is unsupported.
	* tools/virsh.pod (snapshot-create, snapshot-create-as): Document
	it.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: allow halting after snapshot
	Since a snapshot is fully recoverable, it is useful to have a
	snapshot as a means of hibernating a guest, then reverting to
	the snapshot to wake the guest up.  This mode of usage is
	similar to 'virsh save/virsh restore', except that virsh
	save uses an external file while virsh snapshot keeps the
	vm state internal to a qcow2 file.  However, it only works on
	persistent domains.

	In the usage pattern of snapshot/revert for hibernating a guest,
	there is no need to keep the guest running between the two points
	in time, especially since that would generate runtime state that
	would just be discarded.  Add a flag to make it possible to
	stop the domain after the snapshot has completed.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_CREATE_HALT):
	New flag.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document it.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotCreateActive): Implement it.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: expose new delete flag in virsh
	It would technically be possible to have virsh compute the list
	of descendants of a given snapshot, then delete those one at
	a time.  But it's complex, and not worth writing for a first
	cut at implementing the new flags.

	* tools/virsh.c (cmdSnapshotDelete): Add --children-only,
	--metadata.
	* tools/virsh.pod (snapshot-delete): Document them.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: introduce new deletion flag
	Reverting to a state prior to an external snapshot risks
	corrupting any other branches in the snapshot hierarchy that
	were using the snapshot as a read-only backing file.  So
	disk snapshot code will default to preventing reverting to
	a snapshot that has any children, meaning that deleting just
	the children of a snapshot becomes a useful operation in
	preparing that snapshot for being a future reversion target.
	The code for the new flag is simple - it's one less deletion,
	plus a tweak to keep the current snapshot correct.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it, and
	enforce mutual exclusion.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDelete): Implement
	it.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: reject transient disks where code is not ready
	The previous patch introduced new config, but if a hypervisor does
	not support that new config, someone can write XML that does not
	behave as documented.  This prevents some of those cases by
	explicitly rejecting transient disks for several hypervisors.

	Disk snapshots will require a new flag to actually affect a snapshot
	creation, so there's not much to reject there.

	* src/qemu/qemu_command.c (qemuBuildDriveStr): Reject transient
	disks for now.
	* src/libxl/libxl_conf.c (libxlMakeDisk): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

2011-09-05  Eric Blake  <eblake@redhat.com>

	snapshot: additions to domain xml for disks
	As discussed here:
	https://www.redhat.com/archives/libvir-list/2011-August/msg00361.html
	https://www.redhat.com/archives/libvir-list/2011-August/msg00552.html

	Adds snapshot attribute and transient sub-element:

	<devices>
	  <disk type=... snapshot='no|internal|external'>
	    ...
	    <transient/>
	  </disk>
	</devices>

	* docs/schemas/domaincommon.rng (snapshot): New define.
	(disk): Add snapshot and persistent attributes.
	* docs/formatdomain.html.in: Document them.
	* src/conf/domain_conf.h (virDomainDiskSnapshot): New enum.
	(_virDomainDiskDef): New fields.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-transient.xml: New
	test of rng, no args counterpart until qemu support is complete.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.args: New
	file, snapshot attribute does not affect args.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-snapshot.xml: Likewise.
	* tests/qemuxml2argvtest.c (mymain): Run new test.

2011-09-05  Lei Li  <lilei@linux.vnet.ibm.com>

	Check for source conflicts in storage pools
	Fix bug #611823 storage driver should prohibit pools with duplicate
	underlying storage.

	Add internal API virStoragePoolSourceFindDuplicate() to do uniqueness
	check based on source location infomation for pool type.

	* AUTHORS: add Lei Li

2011-09-05  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add a usb1 & usb2 qemuxml2argv test

	Default USB device is on slot 1 function 2
	Fix qemuAssignDevicePCISlots() and the associated regression tests

	PIIX3 USB controller is on function 2
	Current code reserves slot 1 function 2 even if there is a user
	defined PIIX3 USB controller there.

2011-09-05  Philipp Hahn  <hahn@univention.de>

	Fix localtime handling for Xen-PV domains
	At least Xen-3.4.3 translates the /vm/localtime SXPR value to
	/domain/platform/localtime and /domain/image/{linux,hvm}/localtime when
	the domain is defined.  When reading back that information libvirt only
	handles HVM domains, but not PV domains: This results in libvirtd always
	returning
	    <clock offset="utc"/>
	while Xend used (localtime 1).

	For PV domains use /domain/image/linux/localtime.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: store qemu domain details in xml
	When reverting to a snapshot, the inactive domain configuration
	has to be rolled back to what it was at the time of the snapshot.
	Additionally, if the VM is active and the snapshot was active,
	this now adds a failure if the two configurations are ABI
	incompatible, rather than risking qemu confusion.

	A future patch will add a VIR_DOMAIN_SNAPSHOT_FORCE flag, which
	will be required for two risky code paths - reverting to an
	older snapshot that lacked full domain information, and reverting
	from running to a live snapshot that requires starting a new qemu
	process.  Any reverting that stops a running vm is also a form
	of data loss (discarding the current running state to go back in
	time), but as that is what reversion usually implies, it is
	probably not worth requiring a force flag.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Copy out
	domain.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Perform
	ABI compatibility checks.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: update rng to support full domain in xml
	This patch will probably cause merge conflicts to those trying
	to do backports.  The end goal is simple - domaincommon.rng
	should be the state of domain.rng pre-patch, with a few lines
	tweaked in the header, while domain.rng post-patch is now just
	a shell that includes domaincommon.rng and sets the <start>.

	* docs/schemas/domain.rng: Move guts...
	* docs/schemas/domaincommon.rng: ...to new file.
	* docs/schemas/domainsnapshot.rng: Allow new xml.
	* docs/schemas/Makefile.am (schema_DATA): Distribute new file.
	* tests/domainsnapshotxml2xmlout/full_domain.xml: New test.
	* libvirt.spec.in (%files client): Ship new file.  Sort lines.
	* mingw32-libvirt.spec.in: Likewise.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: correctly escape generated xml
	Commit 69278878 fixed one direction of arbitrarily-named snapshots,
	but not the round trip path.  While auditing domain_conf, I found
	a couple other instances that weren't escaping arbitrary strings.

	* src/conf/domain_conf.c (virDomainFSDefFormat)
	(virDomainGraphicsListenDefFormat, virDomainSnapshotDefFormat):
	Escape arbitrary strings.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: allow full domain xml in snapshot
	Just like VM saved state images (virsh save), snapshots MUST
	track the inactive domain xml to detect any ABI incompatibilities.

	The indentation is not perfect, but functionality comes before form.

	Later patches will actually supply a full domain; for now, this
	wires up the storage to support one, but doesn't ever generate one
	in dumpxml output.

	Happily, libvirt.c was already rejecting use of VIR_DOMAIN_XML_SECURE
	from read-only connections, even though before this patch, there was
	no information to be secured by the use of that flag.

	And while we're at it, mark the libvirt snapshot metadata files
	as internal-use only.

	* src/libvirt.c (virDomainSnapshotGetXMLDesc): Document flag.
	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add member.
	(virDomainSnapshotDefParseString, virDomainSnapshotDefFormat):
	Update signature.
	* src/conf/domain_conf.c (virDomainSnapshotDefFree): Clean up.
	(virDomainSnapshotDefParseString): Optionally parse domain.
	(virDomainSnapshotDefFormat): Output full domain.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML)
	(esxDomainSnapshotGetXMLDesc): Update callers.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML)
	(vboxDomainSnapshotGetXMLDesc): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML)
	(qemuDomainSnapshotLoad, qemuDomainSnapshotGetXMLDesc)
	(qemuDomainSnapshotWriteMetadata): Likewise.
	* docs/formatsnapshot.html.in: Rework doc example.
	Based on a patch by Philipp Hahn.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: refactor domain xml output
	Minor semantic change - allow domain xml to be generated in place
	within a larger buffer, rather than having to go through a
	temporary string.

	* src/conf/domain_conf.c (virDomainDefFormatInternal): Add
	parameter.
	(virDomainDefFormat, virDomainObjFormat): Update callers.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: prevent migration from stranding snapshot data
	Migration is another case of stranding metadata.  And since
	snapshot metadata is arbitrarily large, there's no way to
	shoehorn it into the migration cookie of migration v3.

	This patch consolidates two existing locations for migration
	validation into one helper function, then enhances that function
	to also do the new checks.  If we could always trust the source
	to validate migration, then the destination would not have to
	do anything; but since older servers that did not do checking
	can migrate to newer destinations, we have to repeat some of
	the same checks on the destination; meanwhile, we want to
	detect failures as soon as possible.  With migration v2, this
	means that validation will reject things at Prepare on the
	destination if the XML exposes the problem, otherwise at Perform
	on the source; with migration v3, this means that validation
	will reject things at Begin on the source, or if the source
	is old and the XML exposes the problem, then at Prepare on the
	destination.

	This patch is necessarily over-strict.  Once a later patch
	properly handles auto-cleanup of snapshot metadata on the
	death of a transient domain, then the only time we actually
	need snapshots to prevent migration is when using the
	--undefinesource flag on a persistent source domain.

	It is possible to recreate snapshot metadata on the destination
	with VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE and
	VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT.  But for now, that is limited,
	since if we delete the snapshot metadata prior to migration,
	then we won't know the name of the current snapshot to pass
	along; and if we delete the snapshot metadata after migration
	and use the v3 migration cookie to pass along the name of the
	current snapshot, then we need a way to bypass the fact that
	this patch refuses migration with snapshot metadata present.

	So eventually, we may have to introduce migration protocol v4
	that allows feature negotiation and an arbitrary number of
	handshake exchanges, so as to pass as many rpc calls as needed
	to transfer all the snapshot xml hierarchy.

	But all of that is thoughts for the future; for now, the best
	course of action is to quit early, rather than get into a
	funky state of stale metadata; then relax restrictions later.

	* src/qemu/qemu_migration.h (qemuMigrationIsAllowed): Make static.
	* src/qemu/qemu_migration.c (qemuMigrationIsAllowed): Alter
	signature, and allow checks for both outgoing and incoming.
	(qemuMigrationBegin, qemuMigrationPrepareAny)
	(qemuMigrationPerformJob): Update callers.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: support new undefine flags in qemu
	A nice benefit of deleting all snapshots at undefine time is that
	you don't have to do any reparenting or subtree identification - since
	everything goes, this is an O(n) process, whereas using multiple
	virDomainSnapshotDelete calls would be O(n^2) or worse.  But it is
	only doable for snapshot metadata, where we are in control of the
	data being deleted; for the actual snapshots, there's too much
	likelihood of something going wrong, and requiring even more API
	calls to figure out what failed in the meantime, so callers are
	better off deleting the snapshot data themselves one snapshot at
	a time where they can deal with failures as they happen.

	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Honor new flags.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: cache qemu-img location
	As more clients start to want to know this information, doing
	a PATH stat walk and malloc for every client adds up.

	We are only caching the location, not the capabilities, so even
	if qemu-img is updated in the meantime, it will still probably
	live in the same location.  So there is no need to worry about
	clearing this particular cache.

	* src/qemu/qemu_conf.h (qemud_driver): Add member.
	* src/qemu/qemu_driver.c (qemudShutdown): Cleanup.
	(qemuFindQemuImgBinary): Add an argument, and cache result.
	(qemuDomainSnapshotForEachQcow2, qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotCreateInactive, qemuDomainSnapshotRevertInactive)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot): Update
	callers.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: refactor some qemu code
	Prepare for code sharing.  No semantic change.

	* src/qemu/qemu_driver.c (qemuFindQemuImgBinary)
	(qemuDomainSnapshotWriteMetadata)
	(qemuDomainSnapshotDiscard)
	(qemuDomainSnapshotForEachQcow2): Float up.
	(qemuDomainSnapshotDiscardDescendant): Likewise, and rename...
	(qemuDomainSnapshotDiscardAll): ...for generic use.
	(qemuDomainSnapshotDelete): Update caller.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: teach virsh about new undefine flags
	Similar to 'undefine --managed-save' (commit 83e849c1), we must
	assume that the old API is unsafe; however, we cannot emulate
	metadata-only deletion on older servers.  Additionally, we have
	the wrinkle that while virDomainUndefineFlags and managed save
	cleanup were introduced in 0.9.4, it wasn't until 0.9.5 that
	snapshots block undefine of a domain.  Do the best we can given
	the server we are talking to.

	* tools/virsh.c (cmdUndefine): Add --snapshots-metadata flag.
	* tools/virsh.pod (undefine, destroy, shutdown): Document effect
	of snapshots.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: prevent stranding snapshot data on domain destruction
	Just as leaving managed save metadata behind can cause problems
	when creating a new domain that happens to collide with the name
	of the just-deleted domain, the same is true of leaving any
	snapshot metadata behind.  For safety sake, extend the semantic
	change of commit b26a9fa9 to also cover snapshot metadata as a
	reason to reject undefining an inactive domain.  A future patch
	will make sure that shutdown of a transient domain automatically
	deletes snapshot metadata (whether by destroy, shutdown, or
	guest-initiated action).  Management apps of transient domains
	should take care to capture xml of snapshots, if it is necessary
	to recreate the snapshot metadata on a later transient domain
	with the same name and uuid.

	This also documents a new flag that hypervisors can choose to
	support as a shortcut for taking care of the metadata as part of
	the undefine process; however, nontrivial driver support for these
	flags will be deferred to future patches.

	Note that ESX and VBox can never be transient; therefore, they
	do not have to worry about automatic cleanup after shutdown
	(the persistent domain still remains); likewise they never
	store snapshot metadata, so the undefine flag is trivial.
	The nontrivial work remaining is thus in the qemu driver.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_UNDEFINE_SNAPSHOTS_METADATA): New flag.
	* src/libvirt.c (virDomainUndefine, virDomainUndefineFlags):
	Document new limitations and flag.
	* src/esx/esx_driver.c (esxDomainUndefineFlags): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainUndefineFlags): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainUndefineFlags): Enforce
	the limitations.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: add qemu snapshot redefine support
	Redefining a qemu snapshot requires a bit of a tweak to the common
	snapshot parsing code, but the end result is quite nice.

	Be careful that redefinitions do not introduce circular parent
	chains.  Also, we don't want to allow conversion between online
	and offline existing snapshots.  We could probably do some more
	validation for snapshots that don't already exist to make sure
	they are even feasible, by parsing qemu-img output, but that
	can come later.

	* src/conf/domain_conf.h (virDomainSnapshotParseFlags): New
	internal flags.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString): Alter
	signature to take internal flags.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Update caller.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new public flags.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: add qemu snapshot creation without metadata
	Supporting NO_METADATA on snapshot creation is interesting - we must
	still return a valid opaque snapshot object, but the user can't get
	anything out of it (unless we add a virDomainSnapshotGetName()),
	since it is no longer registered with the domain.

	Also, virsh now tries to query for secure xml, in anticipation of
	when we store <domain> xml inside <domainsnapshot>; for now, we
	can trivially support it, since we have nothing secure.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Support
	new flag.
	(qemuDomainSnapshotGetXMLDesc): Trivially support VIR_DOMAIN_XML_SECURE.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: improve virsh snapshot-create, add snapshot-edit
	Wire up the new snapshot creation flags in virsh.  For convenience,
	teach 'snapshot-current' how to make an existing snapshot become
	current (can be used after upgrading to newer libvirt to recover
	from the fact that the older libvirt lost track of the current
	snapshot after a restart).  The snapshot-create-as command is
	intentionally not taught --redefine or --current, as this would
	imply adding a lot of other options for everything else that can
	appear in the <domainsnapshot> xml, but which is normally read-only.
	Besides, redefining will usually be done on files created by
	snapshot-dumpxml, rather than something built up by hand on the
	command line.  And now that we can redefine, we can edit.

	* tools/virsh.c (cmdSnapshotCreate): Add --redefine, --current,
	and --no-metadata.
	(cmdSnapshotCreateAs): Add --no-metadata.
	(cmdSnapshotCurrent): Add snapshotname to alter current snapshot.
	(cmdSnapshotEdit): New command.
	* tools/virsh.pod (snapshot-create, snapshot-create-as)
	(snapshot-current, snapshot-edit):  Document these.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: refactor virsh snapshot creation
	The next patch will make snapshot creation more complex, so it's
	better to avoid repetition of the complexity.

	* tools/virsh.c (vshSnapshotCreate): New helper function.
	(cmdSnapshotCreate, cmdSnapshotCreateAs): Use it.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: allow recreation of metadata
	The first two flags are essential for being able to replicate
	snapshot hierarchies across multiple hosts, which will come in
	handy for supervised migrations.  It also allows a management app
	to take a snapshot of a transient domain, save the metadata, stop
	the domain, recreate a new transient domain by the same name,
	redefine the snapshot, then revert to it.

	This is not quite as convenient as leaving the metadata behind
	after a domain is no longer around, but doing that has a few
	problems: 1. the libvirt API can only delete snapshot metadata
	if there is a valid domain handle to use to get to that snapshot
	object - if stale data is left behind without a domain, there is
	no way to request that the data be cleaned up. 2. creating a new
	domain with the same name but different uuid than the older
	domain where a snapshot existed cannot use the older snapshot
	data; this risks confusing libvirt, and forbidding the stale
	data is similar to the recent patch to forbid stale managed save.

	The first two flags might be useful on hypervisors with no metadata,
	but only for modifying the notion of the current snapshot;
	however, I don't know how to do that for ESX or VBox.

	The third flag is a convenience option, to combine a creation with
	a delete metadata into one step.  It is trivial for hypervisors
	with no metadata.

	The qemu changes will be involved enough to warrant a separate patch.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_CREATE_REDEFINE)
	(VIR_DOMAIN_SNAPSHOT_CREATE_CURRENT)
	(VIR_DOMAIN_SNAPSHOT_CREATE_NO_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotCreateXML): Document them, and
	enforce mutual exclusion.
	* src/esx/esx_driver.c (esxDomainSnapshotCreateXML): Trivial
	implementation.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotCreateXML): Likewise.
	* docs/formatsnapshot.html.in: Document re-creation.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: identify qemu snapshot roots
	Filtering for roots is pretty easy to do.

	* src/conf/domain_conf.h (virDomainSnapshotObjListGetNames)
	(virDomainSnapshotObjListNum): Update prototype.
	* src/conf/domain_conf.c (virDomainSnapshotObjListCopyNames)
	(virDomainSnapshotObjListGetNames, virDomainSnapshotObjListCount)
	(virDomainSnapshotObjListNum): Support filtering.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Update callers.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: reflect new dumpxml and list options in virsh
	New flag bits are worth exposing via virsh.  In the case of
	snapshot-list --roots, it's possible to emulate this even when
	talking to an older server that lacks the bit; whereas
	--metadata requires a newer server.

	Although we don't use --security-info yet, the flag is already
	documented for other dumpxml operations, and turning it on now
	will make it useful when a future patch actually has to honor it.

	* tools/virsh.c (cmdSnapshotDumpXML, cmdSnapshotCurrent): Add
	--security-info.
	(cmdSnapshotList): Add --roots, --metadata.
	* tools/virsh.pod (snapshot-dumpxml, snapshot-current)
	(snapshot-list): Document these.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: identify which snapshots have metadata
	To make it easier to know when undefine will fail because of existing
	snapshot metadata, we need to know how many snapshots have metadata.

	Also, it is handy to filter the list of snapshots to just those that
	have no parents; document that flag now, but implement it in later patches.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SNAPSHOT_LIST_ROOTS)
	(VIR_DOMAIN_SNAPSHOT_LIST_METADATA): New flags.
	* src/libvirt.c (virDomainSnapshotNum)
	(virDomainSnapshotListNames): Document them.
	* src/esx/esx_driver.c (esxDomainSnapshotNum)
	(esxDomainSnapshotListNames): Implement trivial flag.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotNum)
	(vboxDomainSnapshotListNames): Likewise.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotNum)
	(qemuDomainSnapshotListNames): Likewise.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: let qemu discard only snapshot metadata
	Adding this was trivial compared to the previous patch for fixing
	qemu snapshot deletion in the first place.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscard): Add
	parameter.
	(qemuDomainSnapshotDiscardDescendant, qemuDomainSnapshotDelete):
	Update callers.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: allow deletion of just snapshot metadata
	A future patch will make it impossible to remove a domain if it
	would leave behind any libvirt-tracked metadata about snapshots,
	since stale metadata interferes with a new domain by the same name.
	But requiring snaphot contents to be deleted before removing a
	domain is harsh; with qemu, qemu-img can still make use of the
	contents after the libvirt domain is gone.  Therefore, we need
	an option to get rid of libvirt tracking information, but not
	the actual contents.  For hypervisors that do not track any
	metadata in libvirt, the implementation is trivial; all remaining
	hypervisors (really, just qemu) will be dealt with separately.

	* include/libvirt/libvirt.h.in
	(VIR_DOMAIN_SNAPSHOT_DELETE_METADATA_ONLY): New flag.
	* src/libvirt.c (virDomainSnapshotDelete): Document it.
	* src/esx/esx_driver.c (esxDomainSnapshotDelete): Trivially
	supported when there is no libvirt metadata.
	* src/vbox/vbox_tmpl.c (vboxDomainSnapshotDelete): Likewise.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: simplify acting on just children
	Similar to the last patch in isolating the filtering from the
	client actions, so that clients don't have to reinvent the
	filtering.

	* src/conf/domain_conf.h (virDomainSnapshotForEachChild): New
	prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotActOnChild)
	(virDomainSnapshotForEachChild): New functions.
	(virDomainSnapshotCountChildren): Delete.
	(virDomainSnapshotHasChildren): Simplify.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotReparentChildren)
	(qemuDomainSnapshotDelete): Likewise.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: track current domain across deletion of children
	Deleting a snapshot and all its descendants had problems with
	tracking the current snapshot.  The deletion does not necessarily
	proceed in depth-first order, so a parent could be deleted
	before a child, wreaking havoc on passing the notion of the
	current snapshot to the parent.  Furthermore, even if traversal
	were depth-first, doing multiple file writes to pass current up
	the chain one snapshot at a time is wasteful, comparing to a
	single update to the current snapshot at the end of the algorithm.

	* src/qemu/qemu_driver.c (snap_remove): Add field.
	(qemuDomainSnapshotDiscard): Add parameter.
	(qemuDomainSnapshotDiscardDescendant): Adjust accordingly.
	(qemuDomainSnapshotDelete): Properly reset current.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: avoid crash when deleting qemu snapshots
	This one's nasty.  Ever since we fixed virHashForEach to prevent
	nested hash iterations for safety reasons (commit fba550f6),
	virDomainSnapshotDelete with VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN
	has been broken for qemu: it deletes children, while leaving
	grandchildren intact but pointing to a no-longer-present parent.
	But even before then, the code would often appear to succeed to
	clean up grandchildren, but risked memory corruption if you have
	a large and deep hierarchy of snapshots.

	For acting on just children, a single virHashForEach is sufficient.
	But for acting on an entire subtree, it requires iteration; and
	since we declared recursion as invalid, we have to switch to a
	while loop.  Doing this correctly requires quite a bit of overhaul,
	so I added a new helper function to isolate the algorithm from the
	actions, so that callers do not have to reinvent the iteration.

	Note that this _still_ does not handle CHILDREN correctly if one
	of the children is the current snapshot; that will be next.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Add mark.
	(virDomainSnapshotForEachDescendant): New prototype.
	* src/libvirt_private.syms (domain_conf.h): Export it.
	* src/conf/domain_conf.c (virDomainSnapshotMarkDescendant)
	(virDomainSnapshotActOnDescendant)
	(virDomainSnapshotForEachDescendant): New functions.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotDiscardChildren):
	Replace...
	(qemuDomainSnapshotDiscardDescenent): ...with callback that
	doesn't nest hash traversal.
	(qemuDomainSnapshotDelete): Use new function.

2011-09-03  Eric Blake  <eblake@redhat.com>

	snapshot: speed up snapshot location
	Each snapshot lookup was iterating over the entire hash table, O(n),
	instead of honing in directly on the hash key, amortized O(1).

	Besides, fixing this means that virDomainSnapshotFindByName can now
	be used inside another virHashForeach iteration (without this patch,
	attempts to lookup a snapshot by name during a hash iteration will
	fail due to nested iteration).

	* src/conf/domain_conf.c (virDomainSnapshotFindByName): Simplify.
	(virDomainSnapshotObjListSearchName): Delete unused function.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: add snapshot-list --parent to virsh
	Even though I recently added 'virsh snapshot-parent', doing it one
	snapshot at a time is painful, so make it possible to expand the
	snapshot-list table at once.

	* tools/virsh.c (cmdSnapshotList): Add --parent.
	* tools/virsh.pod (snapshot-list): Document it.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fine-tune qemu snapshot revert states
	For a system checkpoint of a running or paused domain, it's fairly
	easy to honor new flags for altering which state to use after the
	revert.  For an inactive snapshot, the revert has to be done while
	there is no qemu process, so do back-to-back transitions; this also
	lets us revert to inactive snapshots even for transient domains.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Support new
	flags.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: properly revert qemu to offline snapshots
	Commit 5e47785 broke reverts to offline system checkpoint snapshots
	with older qemu, since there is no longer any code path to use
	qemu -loadvm on next boot.  Meanwhile, reverts to offline system
	checkpoints have been broken for newer qemu, both before and
	after that commit, since -loadvm no longer works to revert to
	disk state without accompanying vm state.  Fix both of these by
	using qemu-img to revert disk state.

	Meanwhile, consolidate the (now 3) clients of a qemu-img iteration
	over all disks of a VM into one function, so that any future
	algorithmic fixes to the FIXMEs in that function after partial
	loop iterations are dealt with at once.  That does mean that this
	patch doesn't handle partial reverts very well, but we're not
	making the situation any worse in this patch.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use
	qemu-img rather than 'qemu -loadvm' to revert to offline snapshot.
	(qemuDomainSnapshotRevertInactive): New helper.
	(qemuDomainSnapshotCreateInactive): Factor guts...
	(qemuDomainSnapshotForEachQcow2): ...into new helper.
	(qemuDomainSnapshotDiscard): Use it.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: improve reverting to qemu paused snapshots
	If you take a checkpoint snapshot of a running domain, then pause
	qemu, then restore the snapshot, the result should be a running
	domain, but the code was leaving things paused.  Furthermore, if
	you take a checkpoint of a paused domain, then run, then restore,
	there was a brief but non-deterministic window of time where the
	domain was running rather than paused.  Fix both of these
	discrepancies by always pausing before restoring.

	Also, check that the VM is active every time lock is dropped
	between two monitor calls.

	Finally, straighten out the events that get emitted on each
	transition.

	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Always
	pause before reversion, and improve events.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fine-tune qemu saved images starting paused
	Implement the new running/paused overrides for saved state management.

	Unfortunately, for virDomainSaveImageDefineXML, the saved state
	updates are write-only - I don't know of any way to expose a way
	to query the current run/pause setting of an existing save image
	file to the user without adding a new API or modifying the domain
	xml of virDomainSaveImageGetXMLDesc to include a new element to
	reflect the state bit encoded into the save image.  However, I
	don't think this is a show-stopper, since the API is designed to
	leave the state bit alone unless an explicit flag is used to
	change it.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemuDomainSaveImageOpen): Adjust signature.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjRestore): Adjust
	callers.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: expose --running and --paused in virsh
	Pretty straight-forward exposure of new flags.  For most commands,
	we let the API reject mutually exclusive flags; but for save-image-edit,
	we do the sanity check ourselves to avoid looping on flag failure if
	the edit cycle is ever enhanced to allow the user to retry an edit
	to fix up an xml validation error.

	* tools/virsh.c (cmdManagedSave, cmdRestore, cmdSave)
	(cmdSaveImageDefine, cmdSaveImageEdit): Add new flags.
	* tools/virsh.pod (managedsave, restore, save, save-image-define)
	(save-image-edit): Document them.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fine-tune ability to start paused
	While it is nice that snapshots and saved images remember whether
	the domain was running or paused, sometimes the restoration phase
	wants to guarantee a particular state (paused to allow hot-plugging,
	or running without needing to call resume).  This introduces new
	flags to allow the control, and a later patch will implement the
	flags for qemu.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_SAVE_RUNNING)
	(VIR_DOMAIN_SAVE_PAUSED, VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING)
	(VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED): New flags.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags)
	(virDomainManagedSave, virDomainSaveImageDefineXML)
	(virDomainRevertToSnapshot): Document their use, and enforce
	mutual exclusion.

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: better events when starting paused
	There are two classes of management apps that track events - one
	that only cares about on/off (and only needs to track EVENT_STARTED
	and EVENT_STOPPED), and one that cares about paused/running (also
	tracks EVENT_SUSPENDED/EVENT_RESUMED).  To keep both classes happy,
	any transition that can go from inactive to paused must emit two
	back-to-back events - one for started and one for suspended (since
	later resuming of the domain will only send RESUMED, but the first
	class isn't tracking that).

	This also fixes a bug where virDomainCreateWithFlags with the
	VIR_DOMAIN_START_PAUSED flag failed to start paused when restoring
	from a managed save image.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_EVENT_SUSPENDED_RESTORED)
	(VIR_DOMAIN_EVENT_SUSPENDED_FROM_SNAPSHOT)
	(VIR_DOMAIN_EVENT_RESUMED_FROM_SNAPSHOT): New sub-events.
	* src/qemu/qemu_driver.c (qemuDomainRevertToSnapshot): Use them.
	(qemuDomainSaveImageStartVM): Likewise, and add parameter.
	(qemudDomainCreate, qemuDomainObjStart): Send suspended event when
	starting paused.
	(qemuDomainObjRestore): Add parameter.
	(qemuDomainObjStart, qemuDomainRestoreFlags): Update callers.
	* examples/domain-events/events-c/event-test.c
	(eventDetailToString): Map new detail strings.

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Learn to use spicevmc as a redirection type for usb-redir

	Add "redirdev" redirection device
	- create a new "redirdev" element for this purpose

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	qemu: Don't append 0 at usb id, so that it is compatible with legacy -usb
	QEMU uses USB bus name "usb.0" when using the legacy -usb argument.
	If we want to allow USB devices to specify their addresses with legacy
	-usb, we should either in case of legacy bus name drop the 0 from the
	address bus, or just drop the 0 from device id. This patch does the
	later.

	Another solution would be to permit addressing on non-legacy USB
	controllers only.

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	qemu: don't reserve slot 1 if a PIIX3 USB controller is defined there
	Applies only to piix3 and check if piix3 controller is on correct
	address, or report error

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Modify USB port to be defined as a port path
	So that devices can be attached to hubs. Example, to attach to first
	port of a usb-hub on port 1.

	      <hub type='usb'>
	         <address type='usb' bus='0' port='1'/>
	      </hub>

	      <input type='mouse' type='usb'>
	         <address type='usb' bus='0' port='1.1'/>
	      </hub>

	also add a test entry

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add USB hub device
	domain parsing and serialization code, qemu driver backend and
	a couple of test

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add USB companion controllers support
	Companion controllers take an extra 'master' attribute to associate
	them.

	Also add tests for this

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	USB devices gain a new USB address child element
	Expand the domain and the QEmu driver code
	Adds a couple of tests

	test: USB controller can have a PCI address child element
	add a few tests for the new constructs

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add a new controller type 'usb' with optionnal 'model'
	The model by default is piix3-uchi.

	Example:
	<controller type='usb' index='0' model='ich9-ehci'/>

2011-09-02  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Add USB controller models
	List is: piix3-uhci piix4-uhci ehci ich9-ehci1 ich9-uhci1 ich9-uhci2
	ich9-uhci3 vt82c686b-uhci pci-ohci

	Rename virDomainControllerModel to virDomainControllerModelSCSI
	Since we are about to add USB controller support let's remove the
	ambiguity

	Add various USB devices QEMU_CAPS

2011-09-02  Eric Blake  <eblake@redhat.com>

	snapshot: fix corner case on OOM during creation
	Commit 6766ff10 introduced a corner case bug with snapshot creation:
	if a snapshot is created, but then we hit OOM while trying to
	create the return value of the function, then we have polluted the
	internal directory with the snapshot metadata with no way to clean
	it up from the running libvirtd.

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Don't
	write metadata file on OOM condition.

2011-09-02  Eric Blake  <eblake@redhat.com>

	tests: add missing files
	Created by copying from qemuxml2argv-disk-drive-v2-wb.*, then
	s/writeback/directsync/.  Hopefully this matches Osier's intentions.

	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.args:
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-cache-directsync.xml:
	Add missing files needed by 'make check'.

2011-09-02  Osier Yang  <jyang@redhat.com>

	Add directsync cache mode support for disk driver
	Newer QEMU introduced cache=directsync for -drive, this patchset
	is to expose it in libvirt layer.

	  * Introduced a new QEMU capability flag ($prefix_CACHE_DIRECTSYNC),
	    As even $prefix_CACHE_V2 is set, we can't known if directsync
	    is supported.

2011-09-02  Osier Yang  <jyang@redhat.com>

	storage: Add virsh support for fs pool formating

2011-09-02  Osier Yang  <jyang@redhat.com>

	storage: Add fs pool formatting
	This patch adds the ability to make the filesystem for a filesystem
	pool during a pool build.

	The patch adds two new flags, no overwrite and overwrite, to control
	when mkfs gets executed.  By default, the patch preserves the
	current behavior, i.e., if no flags are specified, pool build on a
	filesystem pool only makes the directory on which the filesystem
	will be mounted.

	If the no overwrite flag is specified, the target device is checked
	to determine if a filesystem of the type specified in the pool is
	present.  If a filesystem of that type is already present, mkfs is
	not executed and the build call returns an error.  Otherwise, mkfs
	is executed and any data present on the device is overwritten.

	If the overwrite flag is specified, mkfs is always executed, and any
	existing data on the target device is overwritten unconditionally.

2011-09-02  Osier Yang  <jyang@redhat.com>

	storage: Add mkfs and libblkid to build system

	API: Init conn in case of it might be used uninitialized
	There is a goto before "conn" is initialized.

2011-09-02  Eric Blake  <eblake@redhat.com>

	qemu: detect incomplete save files
	Several users have reported problems with 'virsh start' failing because
	it was encountering a managed save situation where the managed save file
	was incomplete.  Be more robust to this by using two different magic
	numbers, so that newer libvirt can gracefully handle an incomplete file
	differently than a complete one, while older libvirt will at least fail
	up front rather than trying to load only to have qemu fail at the end.

	Managed save is a convenience - it exists to preserve as much state
	as possible; if the state was not preserved, it is reasonable to just
	log that fact, then proceed with a fresh boot.  On the other hand,
	user saves are under user control, so we must fail, but by making
	the failure message distinct, the user can better decide how to handle
	the situation of an incomplete save file.

	* src/qemu/qemu_driver.c (QEMUD_SAVE_PARTIAL): New define.
	(qemuDomainSaveInternal): Use it to mark incomplete images.
	(qemuDomainSaveImageOpen, qemuDomainObjRestore): Add parameter
	that controls what to do with partial images.
	(qemuDomainRestoreFlags, qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML, qemuDomainObjStart): Update callers.
	Based on an initial idea by Osier Yang.

2011-09-02  Eric Blake  <eblake@redhat.com>

	qemu: refactor file opening
	In a SELinux or root-squashing NFS environment, libvirt has to go
	through some hoops to create a new file that qemu can then open()
	by name.  Snapshots are a case where we want to guarantee an empty
	file that qemu can open; also, reopening a save file to convert it
	from being marked partial to complete requires a reopen to avoid
	O_DIRECT headaches.  Refactor some existing code to make it easier
	to reuse in later patches.

	* src/qemu/qemu_migration.h (qemuMigrationToFile): Drop parameter.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): Let cgroup do
	the stat, rather than asking caller to do it and pass info down.
	* src/qemu/qemu_driver.c (qemuOpenFile): New function, pulled from...
	(qemuDomainSaveInternal): ...here.
	(doCoreDump, qemuDomainSaveImageOpen): Use it here as well.

2011-09-02  Wen Congyang  <wency@cn.fujitsu.com>

	reserve slot 1 on pci bus0
	After supporting multi function pci device, we only reserve function 1 on slot 1.
	The user can use the other function on slot 1 in the xml config file. We should
	detect this wrong usage.

2011-09-02  Xu He Jie  <xuhj@linux.vnet.ibm.com>

	libvirtd: create run dir when running at non-root user
	When libvirtd is running at non-root user, it won't create ${HOME}/.libvirt.

	It will show error message:
	17:44:16.838: 7035: error : virPidFileAcquirePath:322 : Failed to open pid file

2011-09-02  Scott Moser  <smoser@ubuntu.com>

	lxc: do not require 'ifconfig' or 'ipconfig' in container
	Currently, the lxc implementation invokes 'ip' and 'ifconfig' commands
	inside a container using 'virRun'.  That has the side effect of requiring
	those commands to be present and to function in a manner consistent with
	the usage.  Some small roots (such as ttylinux) may not have 'ip' or
	'ifconfig'.

	This patch replaces the use of these commands with usage of
	netdevice.  The result is that lxc containers do not have to implement
	those commands, and lxc in libvirt is only dependent on the netdevice
	interface.

	I've tested this patch locally against the ubuntu libvirt version enough
	to verify its generally sane.  I attempted to build upstream today, but
	failed with:
	  /usr/bin/ld:
	    ../src/.libs/libvirt_driver_qemu.a(libvirt_driver_qemu_la-qemu_domain.o):
	   undefined reference to symbol 'xmlXPathRegisterNs@@LIBXML2_2.4.30

	Thats probably a local issue only, but I wanted to get this patch up and
	see what others thought of it.  This is ubuntu bug
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/828211 .

2011-09-02  Serge Hallyn  <serge.hallyn@canonical.com>

	Create ptmx as a device
	Hi,

	I'm seeing an issue with udev and libvirt-lxc.  Libvirt-lxc creates
	/dev/ptmx as a symlink to /dev/pts/ptmx.  When udev starts up, it
	checks the device type, sees ptmx is 'not right', and replaces it
	with a 'proper' ptmx.

	In lxc, /dev/ptmx is bind-mounted from /dev/pts/ptmx instead of being
	symlinked, so udev sees the right device type and leaves it alone.

	A patch like the following seems to work for me.  Would there be
	any objections to this?

	>From 4c5035de52de7e06a0de9c5d0bab8c87a806cba7 Mon Sep 17 00:00:00 2001
	From: Ubuntu <ubuntu@domU-12-31-39-14-F0-B3.compute-1.internal>
	Date: Wed, 31 Aug 2011 18:15:54 +0000
	Subject: [PATCH 1/1] make ptmx a bind mount rather than symlink

	udev on some systems checks the device type of /dev/ptmx, and replaces it if
	not as expected.  The symlink created by libvirt-lxc therefore gets replaced.
	By creating it as a bind mount, the device type is correct and udev leaves it
	alone.

2011-09-02  Adam Litke  <agl@us.ibm.com>

	BlockPull: Set initial bandwidth limit if specified
	The libvirt BlockPull API supports the use of an initial bandwidth limit but the
	qemu block_stream API does not.  To get the desired behavior we use the two APIs
	strung together: first BlockPull, then BlockJobSetSpeed.  We can do this at the
	driver level to avoid duplicated code in each monitor path.

2011-09-02  Adam Litke  <agl@us.ibm.com>

	BlockJob: Bandwidth parameter is in MB when using text monitor
	Due to an unfortunate precedent in qemu, the units for the bandwidth parameter
	to block_job_set_speed are different between the text monitor and the qmp
	monitor.  While the qmp monitor uses bytes/s, the text monitor expects MB/s.

	Correct the units for the text interface.

2011-09-02  Jim Fehlig  <jfehlig@suse.com>

	Increase size of buffer for xend response
	On systems with many pcpus, the sexpr returned by xend can be quite
	large for dom0 when it is configured to have #vcpus = #pcpus (default).
	E.g. on a 80 pcpu system, where dom0 had 80 vcpus, the sexpr details
	for dom0 was 73817 bytes!  Increase maximum buffer size to 256k.

2011-09-02  Jim Fehlig  <jfehlig@suse.com>

	Don't overwrite errors from xend_{get,req}
	xenDaemonDomainFetch() was overwriting errors reported by
	xend_get() and xend_req().  E.g. without patch

	error: failed Xen syscall xenDaemonDomainFetch failed to find this domain

	with patch

	error: internal error Xend returned HTTP Content-Length of 73817, which exceeds
	maximum of 65536

2011-09-02  Jim Fehlig  <jfehlig@suse.com>

	Change my email domain
	I'd like to change my primary email address to jfehlig@suse.com.
	This patch changes it in AUTHORS and .mailmap.

2011-09-01  Eric Blake  <eblake@redhat.com>

	virsh: improve send-key documentation
	The 'virsh man' description of send-key was incomplete and used the
	old style (literal 'optional name' instead of '[name]' metasyntax).
	Meanwhile, none of the other virsh help texts include examples, so
	I moved it out of virsh help and into the man page.

	* tools/virsh.pod (send-key): Give better details.
	* tools/virsh.c (info_send_key): Drop example from here.

2011-09-01  Eric Blake  <eblake@redhat.com>

	virsh: support 'virsh start --force-boot' on older servers
	Managed save was added in 0.8.0, virDomainCreateWithFlags in 0.8.2,
	and FORCE_BOOT in 0.9.5.  The virsh flag is more useful if we
	emulate it for all older servers (note that if a hypervisor fails
	the query for a managed save image, then it does not have one to
	be removed, so the flag can be safely ignored).

	* tools/virsh.c (cmdStart): Add emulation for new flag.

2011-09-01  Alex Jia  <ajia@redhat.com>

	virsh: avoid memory leak on cmdVolCreateAs
	* tools/virsh.c: fix memory leak on cmdVolCreateAs function.

	* Detected in valgrind run:

	==4746==
	==4746== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 26 of 52
	==4746==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==4746==    by 0x4C76E51: virAlloc (memory.c:101)
	==4746==    by 0x4CD9418: virGetStoragePool (datatypes.c:592)
	==4746==    by 0x4D21367: remoteStoragePoolLookupByName (remote_driver.c:4126)
	==4746==    by 0x4CE42B0: virStoragePoolLookupByName (libvirt.c:10232)
	==4746==    by 0x40C276: vshCommandOptPoolBy (virsh.c:13660)
	==4746==    by 0x40CA37: cmdVolCreateAs (virsh.c:8094)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== 1,011 bytes in 1 blocks are definitely lost in loss record 45 of 52
	==4746==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==4746==    by 0x4A06167: realloc (vg_replace_malloc.c:525)
	==4746==    by 0x4C76ECB: virReallocN (memory.c:161)
	==4746==    by 0x4C60319: virBufferGrow (buf.c:72)
	==4746==    by 0x4C606AA: virBufferAdd (buf.c:106)
	==4746==    by 0x40CB37: cmdVolCreateAs (virsh.c:8118)
	==4746==    by 0x412AF2: vshCommandRun (virsh.c:13770)
	==4746==    by 0x422F11: main (virsh.c:15127)
	==4746==
	==4746== LEAK SUMMARY:
	==4746==    definitely lost: 1,051 bytes in 2 blocks
	==4746==    indirectly lost: 8 bytes in 1 blocks
	==4746==      possibly lost: 0 bytes in 0 blocks
	==4746==    still reachable: 390,767 bytes in 1,373 blocks
	==4746==         suppressed: 0 bytes in 0 blocks

	* How to reproduce?

	% valgrind -v --leak-check=full virsh vol-create-as default foo.img 10M \
	  --allocation 0 --format qcow2 --backing-vol bar.img

	Notes: bar.img doesn't exist.

2011-09-01  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' with pdwtags
	Problem introduced by commit b12354b.

	* src/remote_protocol-structs: Remove spurious blank line.

2011-09-01  Jim Fehlig  <jfehlig@novell.com>

	virsh: Expose virDomainMigrateGetMaxSpeed API

2011-09-01  Jim Fehlig  <jfehlig@novell.com>

	Add public API for getting migration speed
	Includes impl of python binding since the generator was not
	able to cope.

	Note: Requires gendispatch.pl patch from Matthias Bolte

	https://www.redhat.com/archives/libvir-list/2011-August/msg01367.html

2011-09-01  Eric Blake  <eblake@redhat.com>

	virsh: prefer unsigned flags
	virsh had some leftover 'int flags', and even an 'int flag'
	declaration, compared to our preferred style of 'unsigned int flags'.

	* tools/virsh.c (cmdUndefine, cmdSave, cmdSaveImageDumpxml)
	(cmdSaveImageEdit, cmdManagedSave, cmdRestore, cmdDump)
	(cmdVcpuPin, cmdSetvcpus, cmdSetmem, cmdSetmaxmem, cmdDumpXML)
	(cmdDomXMLFromNative, cmdDomXMLToNative, doMigrate)
	(cmdInterfaceEdit, cmdInterfaceDumpXML, cmdEdit): Match coding
	style for flags.
	(struct vshComdOptDef): Rename field member.
	(vshCmddefOptParse, vshCmddefHelp): Adjust clients.

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix tracking of RPC messages wrt streams
	Commit 2c85644b0b51fbe5b6244e6773531af29933a727 attempted to
	fix a problem with tracking RPC messages from streams by doing

	-            if (msg->header.type == VIR_NET_REPLY) {
	+            if (msg->header.type == VIR_NET_REPLY ||
	+                (msg->header.type == VIR_NET_STREAM &&
	+                 msg->header.status != VIR_NET_CONTINUE)) {
	                 client->nrequests--;

	In other words any stream packet, with status NET_OK or NET_ERROR
	would cause nrequests to be decremented. This is great if the
	packet from from a synchronous virStreamFinish or virStreamAbort
	API call, but wildly wrong if from a server initiated abort.
	The latter resulted in 'nrequests' being decremented below zero.
	This then causes all I/O for that client to be stopped.

	Instead of trying to infer whether we need to decrement the
	nrequests field, from the message type/status, introduce an
	explicit 'bool tracked' field to mark whether the virNetMessagePtr
	object is subject to tracking.

	Also add a virNetMessageClear function to allow a message
	contents to be cleared out, without adversely impacting the
	'tracked' field as a naive memset() would do

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a 'bool tracked' field and virNetMessageClear() API
	* daemon/remote.c, daemon/stream.c, src/rpc/virnetclientprogram.c,
	  src/rpc/virnetclientstream.c, src/rpc/virnetserverclient.c,
	  src/rpc/virnetserverprogram.c: Switch over to use
	  virNetMessageClear() and pass in the 'bool tracked' value
	  when creating messages.

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Avoid use-after-free on streams, due to message callbacks
	When sending outbound stream RPC messages, a callback is
	used to re-enable stream data transmission. If the stream
	aborts while one of these messages is outstanding, the
	stream may have been free'd by the time it is invoked. This
	results in a use-after-free error

	* daemon/stream.c: Ref-count streams to avoid use-after-free

2011-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix parted sector size assumption
	Parted does not report disk size in 512 byte units, but
	rather the disks' logical sector size, which with modern
	drives might be 4k.

	* src/storage/parthelper.c: Remove hardcoded 512 byte sector
	  size

2011-09-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domain save
	* src/qemu/qemu_driver.c - qemuDomainSaveInternal: Return directly
	will keep the domain object locked, introduced by 173015bec6a.

	Revert "test: Cleanup improper VIR_ERR_NO_SUPPORT use"
	This reverts commit 172214bd304ff958160307be2efd6614e9868946.

	storage: Fix incorrect error codes
	Commit 0376f4a69b intended to fix incorrect use of VIR_ERR_NO_SUPPORT,
	but replacing it with VIR_ERR_OPERATION_INVALID is not proper either.

	remote: Fix incorrect error codes
	Introduced by d4b53ef6c. For "no internalFlags support", the
	error code is changed into INTERNAL_ERROR.

	nodeinfo: Fix incorrect error codes
	Introduced by 5e495c8b, except the ones for checking if numa
	is supported by host, all the NO_SUPPORT are changed back. For
	the ones about numa checking, change them into INTERNAL_ERROR.

	lxc: Fix incorrect changes on error codes.
	Fix incorrect changes introduced by commit 6ac47762bb9.

	conf: Substitute OPERATION_INVALID with INTERNAL_ERROR

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Stop libxl driver polluting logs on non-Xen hosts
	If the libxl driver is compiled in, then everytime libvirtd
	starts up on a non-Xen Dom0 host, it logs a error message.
	Since this is an expected condition, we should not log at
	'error' level, only 'info'.

	* src/libxl/libxl_driver.c: Lower log level for certain
	  expected errors during driver init

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak parsing 'relabel' attribute in domain security XML
	* src/conf/domain_conf.c: Free the 'relabel' attribute

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak dispatching domain events
	When dispatching domain events we will create an XDR struct
	containing the event info. Some of this data may be allocated
	on the heap and so must be freed. The graphics event dispatcher
	had a broken attempt to free one field, but missed others. All
	the events have a dom->name string that needs freeing. The code
	should have used the xdr_free() procedure for doing all this

	* daemon/remote.c: Use xdr_free after dispatching events

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Don't leak memory if a cgroup is mounted multiple times
	It is possible (expected/likely in Fedora 15) for a cgroup controller
	to be mounted in multiple locations at the same time, due to bind
	mounts. Currently we leak memory if this happens, because we overwrite
	the previous 'mountPoint' string. Instead just accept the first match
	we find.

	* src/util/cgroup.c: Only accept first match for a cgroup
	  controller mount

2011-08-31  Eric Blake  <eblake@redhat.com>

	security: fix build
	Regression introduced in commit 183383889.

	* src/libvirt_private.syms (security_manager.h): Drop deleted
	symbol. Detected by build-bot.

2011-08-31  Guannan Ren  <gren@redhat.com>

	stream: remove redundant reference to client while sending stream data
	    *daemon/stream.c: remove virNetServerClientRef()

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus virSecurityManagerSetProcessFDLabel method
	The virSecurityManagerSetProcessFDLabel method was introduced
	after a mis-understanding from a conversation about SELinux
	socket labelling. The virSecurityManagerSetSocketLabel method
	should have been used for all such scenarios.

	* src/security/security_apparmor.c, src/security/security_apparmor.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: Remove SetProcessFDLabel driver

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix sanlock socket security labelling
	It is not possible to change the label of a TCP socket once it
	has been opened. When creating a TCP socket care must be taken
	to ensure the socket creation label is set & then cleared.
	Remove the bogus call to virSecurityManagerSetProcessFDLabel
	from the lock driver guest setup code and instead make use of
	virSecurityManagerSetSocketLabel

2011-08-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect path length check in sanlock lockspace setup
	The code for creating a sanlock lockspace accidentally used
	SANLK_NAME_LEN instead of SANLK_PATH_LEN for a size check.
	This meant disk paths were limited to 48 bytes !

	* src/locking/lock_driver_sanlock.c: Fix disk path length
	  check

2011-08-30  Eric Blake  <eblake@redhat.com>

	snapshot: forbid snapshot on autodestroy domain
	There is no reason to forbid pausing an autodestroy domain
	(not to mention that 'virsh start --paused --autodestroy'
	succeeds in creating a paused autodestroy domain).

	Meanwhile, qemu was failing to enforce the API documentation that
	autodestroy domains cannot be saved.  And while the original
	documentation only mentioned save/restore, snapshots are another
	form of saving that are close enough in semantics as to make no
	sense on one-shot domains.

	* src/qemu/qemu_driver.c (qemudDomainSuspend): Drop bogus check.
	(qemuDomainSaveInternal, qemuDomainSnapshotCreateXML): Forbid
	saves of autodestroy domains.
	* src/libvirt.c (virDomainCreateWithFlags, virDomainCreateXML):
	Document snapshot interaction.

2011-08-30  Philipp Hahn  <hahn@univention.de>

	Fix error detection in device change
	According to qemu-kvm/qerror.c all messages start with a capital
	"Device ", but the current code only scans for the lower case "device ".
	This results in "virDomainUpdateDeviceFlags()" to not detect locked
	CD-ROMs and reporting success even in the case of a failure:
		# virsh qemu-monitor-command "$VM" change\ drive-ide0-0-0\ \"/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso\"
		Device 'drive-ide0-0-0' is locked
		# virsh update-device "$VM" /dev/stdin <<<"<disk type='file' device='cdrom'><driver name='qemu' type='raw'/><source file='/var/lib/libvirt/images/ucs_2.4-0-sec4-20110714145916-dvd-amd64.iso'/><target dev='hda' bus='ide'/><readonly/><alias name='ide0-0-0'/><address type='drive' controller='0' bus='0' unit='0'/></disk>"
		Device updated successfully

2011-08-30  Eric Blake  <eblake@redhat.com>

	start: allow discarding managed save
	There have been several instances of people having problems with
	a broken managed save file, and not aware that they could use
	'virsh managedsave-remove dom' to fix things.  Making it possible
	to do this as part of starting a domain makes the same functionality
	easier to find, and one less API call.

	* include/libvirt/libvirt.h.in (VIR_DOMAIN_START_FORCE_BOOT): New
	flag.
	* src/libvirt.c (virDomainCreateWithFlags): Document it.
	* src/qemu/qemu_driver.c (qemuDomainObjStart): Alter signature.
	(qemuAutostartDomain, qemuDomainStartWithFlags): Update callers.
	* tools/virsh.c (cmdStart): Expose it in virsh.
	* tools/virsh.pod (start): Document it.

2011-08-30  Eric Blake  <eblake@redhat.com>

	build: simplify use of verify
	Back in 2008 when this line of util.h was written, gnulib's verify
	module didn't allow the use of multiple verify() in one file
	in combination with our choice of gcc -W options.  But that has
	since been fixed in gnulib, and newer gnulib even maps verify()
	to the C1x feature of _Static_assert, which gives even nicer
	diagnostics with a new enough compiler, so we might as well go
	with the simpler verify().

	* src/util/util.h (VIR_ENUM_IMPL): Use simpler verify, now that
	gnulib module is smarter.

2011-08-30  Eric Blake  <eblake@redhat.com>

	qemu: properly label outgoing pipe for tunneled migration
	Commit 3261761 made it possible to use pipes instead of sockets
	for outgoing tunneled migration; however, it caused a regression
	because the pipe was never given a SELinux label.

	* src/qemu/qemu_migration.c (doTunnelMigrate): Label outgoing pipe.

2011-08-29  Guannan Ren  <gren@redhat.com>

	rpc: fix a typo in debugging log in virNetServerProgramSendStreamData
	The bufferOffset has been initialized to zero in virNetMessageEncodePayloadRaw(),
	so, we use bufferLength to represent the length of message which is going to be
	sent to client side.

2011-08-27  Eric Blake  <eblake@redhat.com>

	maint: fix spelling errors on lose
	* docs/drvqemu.html.in: Fix typo.
	* src/libvirt.c (virDomainCreateXML, virDomainCreateWithFlags):
	Likewise.

2011-08-26  Jim Fehlig  <jfehlig@novell.com>

	Fix generator to cope with call-by-ref long types
	From: Matthias Bolte <matthias.bolte@googlemail.com>
	Tested-by: Jim Fehlig <jfehlig@novell.com>

	Matthias provided this patch to fix an issue I encountered in the
	generator with APIs containing call-by-ref long type, e.g.

	int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
	                                unsigned long *bandwidth,
	                                unsigned int flags);

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add basic documentation

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add basic driver for Microsoft Hyper-V
	Domain listing, basic information retrieval and domain life cycle
	management is implemented. But currently the domain XML output
	lacks the complete devices section.

	The driver uses OpenWSMAN to directly communicate with a Hyper-V
	server over its WS-Management interface exposed via Microsoft WinRM.

	The driver is based on the work of Michael Sievers. This started in
	the same master program project group at the University of Paderborn
	as the ESX driver.

	See Michael's blog for details: http://hyperv4libvirt.wordpress.com/

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add OpenWSMAN based client for the Hyper-V WMI API
	Add a generator script to generate the structs and serialization
	information for OpenWSMAN.

	openwsman.h collects workarounds for problems in OpenWSMAN <= 2.2.6.
	There are also disabled sections that would use ws_serializer_free_mem
	but can't because it's broken in OpenWSMAN <= 2.2.6. Patches to fix
	this have been posted upstream.

2011-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	hyperv: Add driver skeleton

	hyperv: Add configure check for OpenWSMAN

2011-08-26  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: update man page about virsh schedinfo command
	This patch updates the man page about virsh schedinfo command.

	 - fix typo: 1844674407370955 -> 18446744073709551
	 - describe the value 0 of vcpu_period and vcpu_quota parameters

2011-08-26  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix persistent migration config save
	When a user migrates a domain by command as

	libvirt saves vm's domain XML config in destination host after migration.
	But it saves vm->def. Then, the saved XML contains some garbage.

	  <domain type='kvm' id='50'>
	                     ^^^^^^^^
	  ...
	   <console type='pty' tty='/dev/pts/5'>
	                       ^^^^^^^^^^^^^^^^^

	Avoid saving unnecessary things by saving persistent vm definition.

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	rpc: Don't close connection if program is unknown
	In case we add a new program in the future (we did that in the past and
	we are going to do it again soon) current daemon will behave badly with
	new client that wants to use the new program. Before the RPC rewrite we
	used to just send an error reply to any request with unknown program.
	With the RPC rewrite in 0.9.3 the daemon just closes the connection
	through which such request was sent. This patch fixes this regression.

2011-08-26  Michal Privoznik  <mprivozn@redhat.com>

	remote: Refuse connecting to remote socket
	If users wants to connect to remote unix socket, e.g.
	'qemu+unix://<remote>/system' currently the <remote> part is ignored,
	ending up connecting to localhost. Connecting to remote socket is not
	supported and user should have used TLS/TCP/SSH instead.

	virterror: Fix error message for VIR_ERR_INVALID_ARG
	When a detail message is presented, nobody expects prefix 'invalid
	argument in' but something more general, like 'invalid argument:'.

2011-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Detect errors from the 'sendkey' command
	On success, the 'sendkey' command does not return any data, so
	any data in the reply should be considered to be an error
	message

	* src/qemu/qemu_monitor_text.c: Treat non-"" reply data as an
	  error message for 'sendkey' command

2011-08-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix keymap used to talk with QEMU
	The QEMU 'sendkey' command expects keys to be encoded in the same
	way as the RFB extended keycode set. Specifically it wants extended
	keys to have the high bit of the first byte set, while the Linux
	XT KBD driver codeset uses the low bit of the second byte. To deal
	with this we introduce a new keymap 'RFB' and use that in the QEMU
	driver

	* include/libvirt/libvirt.h.in: Add VIR_KEYCODE_SET_RFB
	* src/qemu/qemu_driver.c: Use RFB keycode set instead of XT KBD
	* src/util/virkeycode-mapgen.py: Auto-generate the RFB keycode
	  set from the XT KBD set
	* src/util/virkeycode.c: Add RFB keycode entry to table. Add a
	  verify check on cardinality of the codeOffset table

2011-08-26  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Clarify documentation of -d option
	The default is 4, not 0.

	qemu: Correctly label migration TCP socket

	security: Introduce SetSocketLabel
	This API labels all sockets created until ClearSocketLabel is called in
	a way that a vm can access them (i.e., they are labeled with svirt_t
	based label in SELinux).

	security: Rename SetSocketLabel APIs to SetDaemonSocketLabel
	The APIs are designed to label a socket in a way that the libvirt daemon
	itself is able to access it (i.e., in SELinux the label is virtd_t based
	as opposed to svirt_* we use for labeling resources that need to be
	accessed by a vm). The new name reflects this.

	Ignore unused streams in virStreamAbort
	When virStreamAbort is called on a stream that has not been used yet,
	quite confusing error is returned: "this function is not supported by
	the connection driver". Let's just ignore such streams as there's
	nothing to abort anyway.

	Do not try to cancel non-existent migration on source
	If migration failed on source daemon, the migration is automatically
	canceled by the daemon itself. Thus we don't need to call
	virDomainMigrateConfirm3(cancelled=1). Calling it doesn't cause any harm
	but the resulting error message printed in logs may confuse people.

2011-08-25  Eric Blake  <eblake@redhat.com>

	snapshot: track current snapshot across restarts
	Audit all changes to the qemu vm->current_snapshot, and make them
	update the saved xml file for both the previous and the new
	snapshot, so that there is always at most one snapshot with
	<active>1</active> in the xml, and that snapshot is used as the
	current snapshot even across libvirtd restarts.

	This patch does not fix the case of virDomainSnapshotDelete(,CHILDREN)
	where one of the children is the current snapshot; that will be later.

	* src/conf/domain_conf.h (_virDomainSnapshotDef): Alter member
	type and name.
	* src/conf/domain_conf.c (virDomainSnapshotDefParseString)
	(virDomainSnapshotDefFormat): Update clients.
	* docs/schemas/domainsnapshot.rng: Tighten rng.
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Reload current
	snapshot.
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Track current snapshot.

2011-08-25  Eric Blake  <eblake@redhat.com>

	snapshot: only pass snapshot to qemu command line when reverting
	Changing the current vm, and writing that change to the file
	system, all before a new qemu starts, is risky; it's hard to
	roll back if starting the new qemu fails for some reason.
	Instead of abusing vm->current_snapshot and making the command
	line generator decide whether the current snapshot warrants
	using -loadvm, it is better to just directly pass a snapshot all
	the way through the call chain if it is to be loaded.

	This frees up the last use of snapshot->def->active for qemu's
	use, so the next patch can repurpose that field for tracking
	which snapshot is current.

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't use active
	field of snapshot.
	* src/qemu/qemu_process.c (qemuProcessStart): Add a parameter.
	* src/qemu/qemu_process.h (qemuProcessStart): Update prototype.
	* src/qemu/qemu_migration.c (qemuMigrationPrepareAny): Update
	callers.
	* src/qemu/qemu_driver.c (qemudDomainCreate)
	(qemuDomainSaveImageStartVM, qemuDomainObjStart)
	(qemuDomainRevertToSnapshot): Likewise.
	(qemuDomainSnapshotSetCurrentActive)
	(qemuDomainSnapshotSetCurrentInactive): Delete unused functions.

2011-08-25  Eric Blake  <eblake@redhat.com>

	snapshot: don't leak resources on qemu snapshot failure
	https://bugzilla.redhat.com/show_bug.cgi?id=727709
	mentions that if qemu fails to create the snapshot (such as what
	happens on Fedora 15 qemu, which has qmp but where savevm is only
	in hmp, and where libvirt is old enough to not try the hmp fallback),
	then 'virsh snapshot-list dom' will show a garbage snapshot entry,
	and the libvirt internal directory for storing snapshot metadata
	will have a bogus file.

	This fixes the fallout bug of polluting the snapshot-list with
	garbage on failure (the root cause of the F15 bug of not having
	fallback to hmp has already been fixed in newer libvirt releases).

	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): Allocate
	memory before making snapshot, and cleanup on failure.  Don't
	dereference NULL if transient domain exited during snapshot creation.

2011-08-25  Alex Jia  <ajia@redhat.com>

	libvirt: avoid dead store in virDomainMigrateVersion3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	libvirt.c:4277:5: warning: Value stored to 'ret' is never read
	    ret = domain->conn->driver->domainMigrateConfirm3
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-25  Alex Jia  <ajia@redhat.com>

	qemu: avoid dead store in doPeer2PeerMigrate3
	* src/qemu/qemu_migration.c: avoid dead 'ret' assignment and silence
	  clang warning.

	Detected by ccc-analyzer:

	  CC     libvirt_driver_qemu_la-qemu_migration.lo
	qemu/qemu_migration.c:2046:5: warning: Value stored to 'ret' is never read
	    ret = qemuMigrationConfirm(driver, sconn, vm,
	    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2011-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix command test wrt gnutls initialize & fix debugging
	The VIR_TEST_DEBUG and VIR_TEST_VERBOSE env vars did not work
	because we replaced 'environ' with 'newenv'. Simply calling
	virTestGetDebug/Verbose() before replacing the 'environ' ensures
	we have processed the env variables.

	The gnutls initialization code opens /dev/urandom and keeps that
	FD around for later use. We have code which kills off FDs 3-5
	to avoid interfereing with our test case. Move the virInitialize
	call before this point, so it kills off the gnutls /dev/urandom
	FD which is irrelevant for testing purposes

	* tests/commandtest.c: Fix test debugging & make it robust against
	  opened FDs

2011-08-25  Michal Privoznik  <mprivozn@redhat.com>

	daemon: Move TLS initialization to virInitialize
	My previous patch 74c75671331d284e1f777f9692b72e9737520bf0
	introduced a regression by removing TLS initialization from client.

2011-08-24  Laine Stump  <laine@laine.org>

	util: only fchown newly created files in virFileOpenAs
	virFileOpenAs takes desired uid:gid as arguments, and not only uses
	them for a fork/setuid/setgid when retrying failed open operations,
	but additionally always forces the opened file to be owned by the
	given uid:gid.

	One example of the problems this causes is that, when restoring a
	domain from a file that is owned by the qemu user, opening the file
	chowns it to root. if dynamic_ownership=1 this is coincidentally
	expected, but if dynamic_ownership=0, no existing file should ever
	have its ownership changed.

	This patch adds an extra check before calling fchown() - it only does
	it if O_CREAT was passed to virFileOpenAs() in the openflags.

2011-08-24  Shradha Shah  <sshah@solarflare.com>

	qemu: fix off-by-one in pci slot reservation

2011-08-24  Steve Hodgson  <shodgson@solarflare.com>

	maint: attribute second author of previous patch

2011-08-24  Shradha Shah  <sshah@solarflare.com>

	pci: fix pciDeviceListSteal on multiple devices
	pciDeviceListSteal(pcidevs, dev) removes dev from pcidevs reducing
	the length of pcidevs, so moving onto what was the next dev is wrong.

	Instead callers should pop entry 0 repeatedly until pcidevs is empty.

2011-08-24  Eric Blake  <eblake@redhat.com>

	libvirt: log all flags parameters
	I was testing a virsh patch, and wanted to see if I had passed the
	flags I thought.  But with LIBVIRT_DEBUG in the environment, I just
	saw:

	14:24:52.359: 15022: debug : virDomainSnapshotNum:15586 : dom=0xc9c180, (VM: name=rhel_6-64, uuid=48f8e8e7-e14f-0e14-02f0-ce71997bdcab),

	including a trailing space.  This fixes the issues.

	* src/libvirt.c: Log flag parameters, even if currently unused.
	(VIR_DOMAIN_DEBUG_0): Drop trailing comma in log.
	(VIR_DOMAIN_DEBUG_1): Split guts into...
	(VIR_DOMAIN_DEBUG_2): ...new macro.

2011-08-24  Eric Blake  <eblake@redhat.com>

	virsh: add list --managed-save
	Knowing whether 'virsh start' will resume a saved image or do
	a fresh boot is useful enough to expose via 'virsh list'.

	Also, translate the state column.

	* tools/virsh.c (cmdList): add --managed-save flag
	* tools/virsh.pod (list): Document it.
	Based on a suggestion by Miklos Vajna.

2011-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use $(PYTHON) instead of the shebang to run the generator

2011-08-24  Osier Yang  <jyang@redhat.com>

	qemu: Report error if qemu monitor command not found for BlockJob
	* src/qemu/qemu_monitor_json.c: Handle error "CommandNotFound" and
	  report the error.

	* src/qemu/qemu_monitor_text.c: If a sub info command is not found,
	  it prints the output of "help info", for other commands,
	  "unknown command" is printed.

	Without this patch, libvirt always report:

	  An error occurred, but the cause is unknown

	This patch was adapted from a patch by Osier Yang <jyang@redhat.com> to
	break out detection of unrecognized text monitor commands into a separate
	function.

2011-08-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor a repeated string in the generator

2011-08-23  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Fix typo.
	* src/conf/domain_event.c (virDomainEventDispatchMatchCallback):
	Likewise.
	* daemon/libvirtd.c (daemonRunStateInit): Likewise.
	* src/lxc/lxc_container.c (lxcContainerChildMountSort): Likewise.
	* src/util/virterror.c (virCopyError, virRaiseErrorFull): Likewise.
	* src/xenxs/xen_sxpr.c (xenParseSxprSound): Likewise.

2011-08-23  Osier Yang  <jyang@redhat.com>

	virsh: Substitute goto label out with cleanup
	Introduced by 241cbc13a, pushed under urgent rule.

2011-08-23  Osier Yang  <jyang@redhat.com>

	virsh: Do not try to free domain if it is NULL
	Without these patch, there will be error like below if domain
	is NULL.

	error: invalid domain pointer in virDomainFree

	Which is useless.

2011-08-23  Osier Yang  <jyang@redhat.com>

	xen: Cleanup improper VIR_ERR_NO_SUPPORT use

	test: Cleanup improper VIR_ERR_NO_SUPPORT use

	storage: Cleanup improper VIR_ERR_NO_SUPPORT use

	remote: Cleanup improper VIR_ERR_NO_SUPPORT use

2011-08-23  Osier Yang  <jyang@redhat.com>

	qemu: Cleanup improper VIR_ERR_NO_SUPPORT use
	* src/qemu/qemu_command.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_CONFIG_UNSUPPORTED/

	* src/qemu/qemu_driver.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	* src/qemu/qemu_process.c: s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

2011-08-23  Osier Yang  <jyang@redhat.com>

	nodeinfo: Cleanup improper VIR_ERR_NO_SUPPORT use

2011-08-23  Osier Yang  <jyang@redhat.com>

	lxc: Cleanup improper VIR_ERR_NO_SUPPORT use
	s/VIR_ERR_NO_SUPPORT/VIR_ERR_OPERATION_INVALID/

	Special case is changes on lxcDomainInterfaceStats, if it's not
	implemented on the platform, prints error like:

	    lxcError(VIR_ERR_OPERATION_INVALID, "%s",
	             _("interface stats not implemented on this platform"));

	As the function is supported by driver actually, error like
	VIR_ERR_NO_SUPPORT is confused.

2011-08-23  Osier Yang  <jyang@redhat.com>

	conf: Cleanup improper use of VIR_ERR_NO_SUPPORT in node_device_conf

	qemu: Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_OPERATION_INVALID
	* src/qemu/qemu_monitor_text.c: Error like "this function is not
	supported by the connection driver" is confused obviously.

	virsh: Print error if specified bandwidth is invalid for blockjob
	It's strange that the command fails but without any error if one
	specifies as not a number.

2011-08-22  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	send-key: fix scan keycode map
	Now, bad key-code in send-key can cause segmentation fault in libvirt.
	(example)
	 % virsh send-key --codeset win32 12
	   error: End of file while reading data: Input/output error

	This is caused by overrun at scanning keycode array.

	Fix it.

2011-08-22  Eric Blake  <eblake@redhat.com>

	build: work around older systemtap header
	Systemtap 1.2 <sys/sdt.h> tried to expand STAP_PROBE3 into an
	initialization:
	  volatile __typeof__(arg) foo = arg;
	but that fails if arg was declared as 'char arg[100]'.
	Rather than make all callers to PROBE deal with the stupidity
	of <sys/sdt.h>, we instead make PROBE cast away the problem.
	Some of this preprocessor abuse copies ideas in src/libvirt.c.

	* daemon/libvirtd.h (PROBE): Add casts to all arguments, using...
	(VIR_ADD_CASTS, VIR_ADD_CAST, VIR_ADD_CAST2, VIR_ADD_CAST3)
	(VIR_ADD_CAST_EXPAND, VIR_ADD_CAST_PASTE, VIR_COUNT_ARGS)
	(VIR_ARG5, PROBE_EXPAND): New macros.
	Reported by Wen Congyang.

2011-08-19  Eric Blake  <eblake@redhat.com>

	virsh: properly interleave shared stdout and stderr
	Without this patch, invoking 'virsh >file 2>&1' results in
	error messages appearing before normal output, even if they
	occurred later in time than the normal output (since stderr
	is unbuffered, but stdout waits until a full buffer).

	* tools/virsh.c (print_job_progress, vshError): Flush between
	stream transitions.
	* tests/undefine: Test it.

2011-08-19  Eric Blake  <eblake@redhat.com>

	maint: simplify lots of libxml2 clients
	Repetitive patterns should be factored.  The sign of a good
	factorization is a change that kills 5x more lines than it adds :)

	* src/conf/domain_conf.c (virDomainDeviceDefParse)
	(virDomainSnapshotDefParseString): Use new convenience macros.
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	Likewise.
	* src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
	* src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
	Likewise.
	* src/security/virt-aa-helper.c (caps_mockup): Likewise.
	* src/test/test_driver.c (testOpenFromFile): Likewise.
	* tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
	Likewise.
	* tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
	(cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
	(cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
	(cmdSnapshotList, cmdSnapshotParent): Likewise.

2011-08-19  Eric Blake  <eblake@redhat.com>

	xml: add another convenience function
	Often, we want to use XPath functions on the just-parsed document;
	fold this into the parser function for convenience.

	* src/util/xml.h (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.
	(virXMLParseCtxt, virXMLParseStringCtxt, virXMLParseFileCtxt): New
	macros.
	* src/libvirt_private.syms (xml.h): Remove deleted functions.
	* src/util/xml.c (virXMLParseHelper): Add argument.
	(virXMLParseStrHelper, virXMLParseFileHelper): Delete.

2011-08-19  Eric Blake  <eblake@redhat.com>

	maint: treat more libxml2 functions as free-like
	* cfg.mk (useless_free_options): Add xmlFreeDoc, xmlBufferFree.
	* src/esx/esx_vi.c (ESX_VI__TEMPLATE__FREE): Fix offenders.
	* tools/virsh.c (cmdFreecell, cmdVNCDisplay, cmdTTYConsole)
	(cmdDetachInterface, cmdDetachDisk, cmdSnapshotCreate)
	(cmdSnapshotCreateAs, cmdSnapshotList, cmdSnapshotParent):
	Likewise.

2011-08-19  Eric Blake  <eblake@redhat.com>

	test: rewrite test to match change in behavior
	Test failure exposed in commit 7d3390f.

	* tests/undefine: Fix to match updated test driver semantics.

2011-08-19  Eric Blake  <eblake@redhat.com>

	build: fix typo in recent test patch
	* src/test/test_driver.c (testDomainUndefineFlags): Use right
	variable name.

2011-08-19  Eric Blake  <eblake@redhat.com>

	Revert "xen: Allow to undefine a running domain (xm_internal)"
	ACK was given too soon.  According to the code, the xm driver is
	only used for inactive domains, and has no notion of an active
	domain, thus, it cannot support undefine of a running domain.
	The real fix for xen needs to be in the unified driver and/or
	the xend level.

	This reverts commit 49186deda62161599877b0de6f7f4345c50d842a.

2011-08-19  Osier Yang  <jyang@redhat.com>

	xen: Allow to undefine a running domain (xm_internal)

	vmware: Allow to undefine a running domain

	uml: Allow to undefine a running domain

	test: Allow to undefine a running domain

	qemu: Allow to undefine a running domain

	openvz: Allow to undefine a running domain

	lxc: Allow to undefine a running domain

	libxl: Allow to undefine a running domain.
	Undefining a running domain will convert it to trasient, but keep
	the domain still running.

	qemu: Get memory balloon info correctly for text monitor
	* src/qemu/qemu_monitor_text.c: BALLOON_PREFIX was defined as
	"balloon: actual=", which cause "actual=" is stripped early before
	the real parsing. This patch changes BALLOON_PREFIX into "balloon: ",
	and modifies related functions, also renames
	"qemuMonitorParseExtraBalloonInfo" to "qemuMonitorParseBalloonInfo",
	as after the changing, it parses all the info returned by "info balloon".

2011-08-19  Eric Blake  <eblake@redhat.com>

	build: fix compilation on mingw64
	* .gnulib: Update to latest, for getcwd fixes.
	* bootstrap: Resync to gnulib.

2011-08-19  Michal Privoznik  <mprivozn@redhat.com>

	storage: Flush host cache after write
	Although we are flushing cache after some critical writes (e.g.
	volume creation), after some others we do not (e.g. volume cloning).
	This patch fix this issue. That is for volume cloning, writing
	header of logical volume, and storage wipe.

2011-08-19  Michal Privoznik  <mprivozn@redhat.com>

	daemon: initialize GnuTLS
	When spice_tls is set but listen_tls is not, we don't initialize
	GnuTLS library. So any later gnutls call (e.g. during migration,
	where we initialize a certificate) will access uninitialized GnuTLS
	internal structs and throws an error.

	Although, we might now initialize GnuTLS twice, it is safe according
	to the documentation:

	    This function can be called many times,
	    but will only do something the first time.

	This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
	with respect to written above.

2011-08-19  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	schedinfo: add missing documentation
	This patch adds the missing documentation about the scheduler parameter
	"vcpu_period" and "vcpu_quota".

2011-08-19  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	I did 'git add .' while in the middle of 'make syntax-check', and
	it picked up a temporary file that should not be committed.

	* .gitignore: Ignore sc_* from syntax check.

2011-08-17  Eric Blake  <eblake@redhat.com>

	build: fix virnetsocket on mingw
	Regression introduced in commit 5d30db0.

	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX) [WIN32]: Use
	correct signature.

2011-08-17  Eric Blake  <eblake@redhat.com>

	build: fix virpidfile on mingw
	Regression introduced in commit b7e5ca4.

	Mingw lacks kill(), but we were only using it for a sanity check;
	so we can go with one less check.

	Also, on OOM error, this function should outright fail rather than
	claim that the pid file was successfully read.

	* src/util/virpidfile.c (virPidFileReadPathIfAlive): Skip kill
	call where unsupported, and report error on OOM.

2011-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Ensure async packets never get marked for sync replies
	If a client had initiated a stream abort, it will have a call
	waiting for a reply in the queue. If more data continues to
	arrive on the stream, the abort command could mistakenly get
	signalled as complete. Remove the code from async data processing
	that looked for waiting calls. Add a sanity check to ensure no
	async call can ever be marked as needing a reply

	* src/rpc/virnetclient.c: Ensure async data packets can't
	  trigger a reply

2011-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Don't attempt to read from a stream if it is closed
	The I/O event callback processes incoming packets first, and then
	does outgoing packets. If the incoming packet caused the stream to
	close, then the attempt to process outgoing data resulted in an
	error. This caused libvirt to then send an error back to the client,
	but the stream had already been stopped. This confused the client
	since it sees 2 error events.

	* daemon/stream.c: Don't attempt read if stream is closed

2011-08-17  Tom Vijlbrief  <tom.vijlbrief@xs4all.nl>

	qemu: disk migration verbose progress
	A virsh command like:

	migrate --live --copy-storage-all Guest qemu+ssh://user@host/system
	--persistent --verbose

	shows

	Migration: [  0 %]

	during the storage copy and does not start counting
	until the ram transfer starts

	Fix this by scraping optional disk transfer status, and adding it
	into the progress meter.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: concatenate qemu-monitor-command arguments
	Call me lazy, but:

	virsh qemu-monitor-command dom --hmp info status

	is nicer than:

	virsh qemu-monitor-command dom --hmp 'info status'

	* tools/virsh.c (cmdQemuMonitorCommand): Allow multiple arguments,
	for convenience.

2011-08-17  Osier Yang  <jyang@redhat.com>

	qemu: Init reattaching related members of pciDevice before reattach
	Otherwise the device will still be bound to pci-stub driver even
	it's set as "managed=yes" when do detaching. Of course, it won't
	triger any driver reprobing too.

2011-08-17  Eric Blake  <eblake@redhat.com>

	virsh: tweak misleading wording
	Fixes confusing docs introduced in commit 98369d3.

	* tools/virsh.c (cmdSnapshotParent): Operates on named snapshot,
	not current.

2011-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Tweak debugging message in RPC client code
	Make it clearer that a log message is for an outgoing message

2011-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition in abort of stream
	If a stream gets a server initiated abort, the client may still
	send an abort request before it receives the server side abort.
	This causes the server to send back another abort for the
	stream. Since the protocol defines that abort is the last thing
	to be sent, the client gets confused by this second abort from
	the server. If the stream is already shutdown, just drop any
	client requested abort, rather than sending back another message.
	This fixes the regression from previous versions.

	Tested as follows

	In one virsh session

	  virsh # start foo
	  virsh # console foo

	In other virsh session

	  virsh # destroy foo

	The first virsh session should be able to continue issuing
	commands without error. Prior to this patch it saw

	  virsh # list
	  error: Failed to list active domains
	  error: An error occurred, but the cause is unknown

	  virsh # list
	  error: Failed to list active domains
	  error: no call waiting for reply with prog 536903814 vers 1 serial 9

	* src/rpc/virnetserverprogram.c: Drop abort requests
	  for streams which no longer exist

2011-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Ensure client streams are closed when marking a client for close
	Every active stream results in a reference being held on the
	virNetServerClientPtr object. This meant that if a client quit
	with any streams active, although all I/O was stopped the
	virNetServerClientPtr object would leak. This causes libvirtd
	to leak any file handles associated with open streams when a
	client quit

	To fix this, when we call virNetServerClientClose there is a
	callback invoked which lets the daemon release the streams
	and thus the extra references

	* daemon/remote.c: Add a hook to close all streams
	* daemon/stream.c, daemon/stream.h: Add API for releasing
	  all streams
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Allow registration of a hook to trigger when closing client

2011-08-16  Daniel P. Berrange  <berrange@redhat.com>

	Ensure stream is aborted when exiting console
	After running 'virsh console' in interactive mode, there was a
	missing call to virStreamAbort, which meant the server kept the
	stream resources open

	* tools/console.c: Abort stream when exiting

2011-08-16  Stefan Berger  <stefanb@us.ibm.com>

	maint: fix some compilation issues on non-linux platforms (part 2)
	Get rid of the #if __linux__ check in virPidFileReadPathIfAlive that
	was preventing a check of a symbolic link in /proc/<pid>/exe on
	non-linux platforms against an expected executable. Replace
	this with a run-time check testing whether the /proc/<pid>/exe is a
	symbolic link and if so call the function doing the comparison
	against the expected file the link is supposed to point to.

	maint: fix some compilation issues on non-linux platforms
	This patch fixes *some* compilation issues on non-Linux platforms (cygwin).

2011-08-16  Peter Krempa  <pkrempa@redhat.com>

	daemon: Add early libvirtd start verbose errors.
	Early errors during start of libvirtd didn't have
	an error reporting mechanism and caused libvirtd
	to exit silently (only the return value indicated
	an error).

	Libvirt logging is initialized very early using
	enviroment variables and the internal error reporting
	API is used to report early errors.

	 v2 changes:
	 - print errors unconditionaly before logging starts
	 - fix message to US spelling
	 v2.5 changes:
	 - initialize logging from enviroment
	 - log all early errors using VIR_ERROR
	 v3 changes:
	 - move virSetLogFromEnv() after virInitialize()

	fixes: https://bugzilla.redhat.com/show_bug.cgi?id=728654

2011-08-16  Stefan Berger  <stefanb@us.ibm.com>

	maint: add missing symbols
	Add missing symbols to libvirt_private.syms.

2011-08-16  Roopa Prabhu  <roprabhu@cisco.com>

	macvtap: Fix getPhysfn to get the PF of a direct attach network interface
	This patch renames getPhysfn to getPhysfnDev and adds code to get the
	Physical function and Virtual Function index of the direct attach linkdev (if
	the direct attach interface is a SRIOV VF). The idea is to send the port
	profile message to a PF if the direct attach interface is a SRIOV VF.

	interface: Add functions to get sriov PF/VF relationship of a net interface
	This patch adds the following functions to get PF/VF relationship of an SRIOV
	network interface:
	ifaceIsVirtualFunction: Function to check if a network interface is a SRIOV VF
	ifaceGetVirtualFunctionIndex: Function to get VF index if a network interface is a SRIOV VF
	ifaceGetPhysicalFunction: Function to get the PF net interface name of a SRIOV VF net interface

	pci: Add helper functions for sriov devices
	This patch adds the following helper functions:
	pciDeviceIsVirtualFunction: Function to check if a pci device is a sriov VF
	pciGetVirtualFunctionIndex: Function to get the VF index of a sriov VF
	pciDeviceNetName: Function to get the network device name of a pci device
	pciConfigAddressCompare: Function to compare pci config addresses

	pci: Move some pci sriov helper code out of node device driver to util/pci
	This patch moves some of the sriov related pci code from node_device driver
	to src/util/pci.[ch]. Some functions had to go thru name and argument list
	change to accommodate the move.

2011-08-15  Eric Blake  <eblake@redhat.com>

	maint: ignore generated file
	* .gitignore: Ignore qemu-sanlock.conf.

2011-08-15  Laine Stump  <laine@laine.org>

	qemu: support event_idx parameter for virtio disk and net devices
	In some versions of qemu, both virtio-blk-pci and virtio-net-pci
	devices can have an event_idx setting that determines some details of
	event processing. When it is enabled, it "reduces the number of
	interrupts and exits for the guest". qemu will automatically enable
	this feature when it is available, but there may be cases where this
	new feature could actually make performance worse (NB: no such case
	has been found so far).

	As a safety switch in case such a situation is encountered in the
	field, this patch adds a new attribute "event_idx" to the <driver>
	element of both disk and interface devices. event_idx can be set to
	"on" (to force event_idx on in case qemu has it disabled by default)
	or "off" (for force event_idx off). In the case that event_idx support
	isn't present in qemu, the attribute is ignored (this on the advice of
	the qemu developer).

	docs/formatdomain.html.in: document the new flag (marking it as
	   "don't mess with this!"
	docs/schemas/domain.rng: add event_idx in appropriate places
	src/conf/domain_conf.[ch]: add event_idx to parser and formatter
	src/libvirt_private.syms: export
	   virDomainVirtioEventIdx(From|To)String
	src/qemu/qemu_capabilities.[ch]: detect and report event_idx in
	   disk/net
	src/qemu/qemu_command.c: add event_idx parameter to qemu commandline
	    when appropriate.
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args,
	tests/qemuxml2argvdata/qemuxml2argv-event_idx.xml,
	tests/qemuxml2argvtest.c,
	tests/qemuxml2xmltest.c: test cases for event_idx.

2011-08-15  Peter Krempa  <pkrempa@redhat.com>

	qemu: error message should show uri instead of (null)
	Fix pointer for error message uri if domain migration fails.

	BZ# 730244

2011-08-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Use fd: protocol for migration
	By opening a connection to remote qemu process ourselves and passing the
	socket to qemu we get much better errors than just "migration failed"
	when the connection is opened by qemu.

	qemu: Use virNetSocket for tunneled migration

	qemu: Refactor do{Tunnel,Native}Migrate functions
	The core of these two functions is very similar and most of it is even
	exactly the same. Factor out the core functionality into a separate
	function to remove code duplication and make further changes easier.

	Support changing UNIX socket owner in virNetSocketNewListenUNIX
	This patch allows owner's UID to be changed as well.

	Add backlog parameter to virNetSocketListen
	So that callers can change the default value.

2011-08-15  Daniel P. Berrange  <berrange@redhat.com>

	Add API for duplicating a socket/client file descriptor
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add
	  virNetSocketDupFD()
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add
	  virNetClientDupFD() and virNetClientGetFD()

2011-08-15  Douglas Schilling Landgraf  <dougsland@redhat.com>

	libvirtd.init.in: stop/restart() - wrong return value in case of failure
	The function stop() was always returning 0 (OK) from killproc() even
	in case of error.

2011-08-15  Osier Yang  <jyang@redhat.com>

	daemon: Fix regression of libvirtd reloading support
	This is introduced by commit df0b57a95a, which forgot to
	add signal handler for SIGHUP.

	A simple reproduce method:

	1) Create a domain XML under /etc/libvirt/qemu
	2) % kill -SIGHUP $(pidof libvirtd)
	3) % virsh list --all (the new created domain XML is not listed)

2011-08-13  Eric Blake  <eblake@redhat.com>

	maint: let emacs avoid tabs in rng files
	* .dir-locals.el: Add nxml-mode preferences.

2011-08-13  Philipp Hahn  <hahn@univention.de>

	Swap virDomain / virFomainSnapshot declaration
	In preparation for storing the domain description with the snapshot,
	swap the order of declaration.

2011-08-13  Eric Blake  <eblake@redhat.com>

	build: fix recent build failures
	With gcc 4.5.1:

	util/virpidfile.c: In function 'virPidFileAcquirePath':
	util/virpidfile.c:308:66: error: nested extern declaration of '_gl_verify_function2' [-Wnested-externs]

	Then in tests/commandtest.c, the new virPidFile APIs need to be used.

	* src/util/virpidfile.c (virPidFileAcquirePath): Move verify to
	top level.
	* tests/commandtest.c: Use new pid APIs.

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Convert libvirtd to use crash-safe pidfile APIs
	Remove the current libvirtd pidfile handling code, in favour of
	calling out to the new APIs. This ensures libvirtd's pidfile
	handling is crashsafe

	This also means that the non-root libvirtd instances (for handling
	qemu:///session URIs) can now safely use pidfiles without racing

	* daemon/libvirtd.c: Switch to use virPidFileAcquire and
	  virPidFileRelease

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Add some APIs which use locking for crashsafe pidfile handling
	In daemons using pidfiles to protect against concurrent
	execution there is a possibility that a crash may leave a stale
	pidfile on disk, which then prevents later restart of the daemon.

	To avoid this problem, introduce a pair of APIs which make
	use of virFileLock to ensure crash-safe & race condition-safe
	pidfile acquisition & releae

	* src/libvirt_private.syms, src/util/virpidfile.c,
	  src/util/virpidfile.h: Add virPidFileAcquire and virPidFileRelease

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Introduce functions for checking whether a pidfile is valid
	In some cases the caller of virPidFileRead might like extra checks
	to determine whether the pid just read is really the one they are
	expecting. This adds virPidFileReadIfAlive which will check whether
	the pid is still alive with kill(0, -1), and (on linux only) will
	look at /proc/$PID/path

	* libvirt_private.syms, util/virpidfile.c, util/virpidfile.h: Add
	  virPidFileReadIfValid and virPidFileReadPathIfValid
	* network/bridge_driver.c: Use new APIs to check PID validity

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Move pidfile functions into util/virpidfile.{c,h}
	The functions for manipulating pidfiles are in util/util.{c,h}.
	We will shortly be adding some further pidfile related functions.
	To avoid further growing util.c, this moves the pidfile related
	functions into a dedicated virpidfile.{c,h}. The functions are
	also all renamed to have 'virPidFile' as their name prefix

	* util/util.h, util/util.c: Remove all pidfile code
	* util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile
	  handling.
	* lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c,
	  qemu/qemu_process.c: Add virpidfile.h include and adapt for API
	  renames

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Add virFileLock and virFileUnlock APIs
	Add some simple wrappers around the fcntl() discretionary file
	locking capability.

	* src/util/util.c, src/util/util.h, src/libvirt_private.syms: Add
	  virFileLock and virFileUnlock APIs

2011-08-12  Eric Blake  <eblake@redhat.com>

	virsh: fix dead store
	Two copy-and-paste bugs in a row.  :(

	* tools/virsh.c (cmdUndefine): Also avoid dead store.

2011-08-12  Eric Blake  <eblake@redhat.com>

	virsh: fix logic bug
	Bug introduced in commit 9a0ec36.

	* tools/virsh.c (cmdUndefine): Add missing line.

2011-08-12  Eric Blake  <eblake@redhat.com>

	vbox, xenapi: add virDomainUndefineFlags
	We forgot to add virDomainUndefineFlags for a couple of hypervisors.
	This wires up trivial versions (since neither hypervisor supports
	managed save yet, they do not need to support any flags).

	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Update caller.
	(vboxDomainUndefine): Move guts...
	(vboxDomainUndefineFlags): ...to new function.
	* src/xenapi/xenapi_driver.c (xenapiDomainUndefine)
	(xenapiDomainUndefineFlags): Likewise.

2011-08-12  Eric Blake  <eblake@redhat.com>

	virsh: don't reject undefine on active domain
	The public API documents that undefine may be used to transition a
	running persistent domain into a transient one.  Many drivers still
	do not support this usage, but virsh shouldn't be getting in the
	way of those that do support it.

	This also drops a redundant conditional; vshCommandOptString
	guaranteed that name was non-NULL.

	* tools/virsh.c (cmdUndefine): Allow undefine on active domains;
	the drivers may still reject it, but it is a valid API usage.
	* tests/undefine (error): Fix the test to match.

2011-08-12  Philipp Hahn  <hahn@univention.de>

	Improve tokenizing of linkable terms
	Currently only tabs and blanks are used for tokenizing the description,
	which breaks when a term is at the end of a line or has () appended to
	it.
	1. Use also other white space characters such as new-lines and carriage
	   return for splitting.
	2. Remove some common non-word characters from the token before lookup.

2011-08-12  Daniel P. Berrange  <berrange@redhat.com>

	Add some docs about the RPC protocol and APIs
	* remote.html.in: Remove obsolete notes about internals of the
	  RPC protocol
	* internals/rpc.html.in: Extensive docs on RPC protocol/API
	* sitemap.html.in: Add new page

2011-08-11  Philipp Hahn  <hahn@univention.de>

	Align table cells on top
	When the description of an entry is too long and needs multiple lines,
	all other table cells of the same row are currently vertically aligned
	on center. Without row borders or different background colors for
	alternating rows this is hard to read.

	Change the style-sheet to align the table cells of a row on top.

2011-08-11  Peter Krempa  <pkrempa@redhat.com>

	virsh: Add dir type for listing volumes with vol-list
	Fix of output of detailed volume list. BZ #727088

2011-08-11  Peter Krempa  <pkrempa@redhat.com>

	storage: Directory shouldn't be listed as type 'file'
	Fix internals of libvirt for new storage volume type.
	Libvirt reported an invalid type of the volume.

	BZ #727088

2011-08-11  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-parent
	Down the road, I want to add virDomainSnapshotGetParent, and use
	the new API rather than xml scraping; but this virsh command can
	be implemented even without the new API.

	* tools/virsh.c (cmdSnapshotParent): New command.
	* tools/virsh.pod (snapshot-parent): Document it.

2011-08-11  Eric Blake  <eblake@redhat.com>

	qemu: silence clang false positive
	Our logic throws off analyzer tools:

	ptr var = NULL;
	if (flags == 0) flags = live ? _LIVE : _CONFIG;
	if (flags & _LIVE) do stuff
	if (flags & _CONFIG) var = non-null;
	if (flags & _LIVE) do more stuff
	else if (flags & _CONFIG) use var

	the tools keep thinking that var can still be NULL in the last
	if clause, adding the hint shuts them up.

	* src/qemu/qemu_driver.c (qemuDomainSetBlkioParameters): Add a
	static analysis hint.

2011-08-11  Laine Stump  <laine@laine.org>

	network: eliminate potential memory leak on parse failure
	While the first encountered dns host record is being parsed, it's
	possible for virNetworkDef::hosts to point to memory that has been
	allocated, but virNetworkDef::nhosts to still be 0. If there is a
	failure during that time, virNetworkDef::hosts will be leaked.

	Although this isn't currently the case for virNetworkDef::txtrecords,
	it could become that way through future re-factoring, and it hurts
	nothing to restructure the freeing of txtrecord data to match that of
	hosts data.

2011-08-11  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: tolerate disappearing interfaces while instantiating filter
	When instantiating a filter, a VM may disappear and remove its tap interfaces. Tolerate this case and don't report an error.

2011-08-11  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix -chardev udp if parameters are omitted
	The following XML:

	    <serial type='udp'>
	      <source mode='connect' service='9999'/>
	    </serial>

	is accepted by domain_conf.c but maps to the qemu command line:

	-chardev udp,host=127.0.0.1,port=2222,localaddr=(null),localport=(null)

	qemu can cope with everything omitting except the connection port, which
	seems to also be the intent of domain_conf validation, so let's not
	generate bogus command lines for that case.
	The defaults are empty strings for addresses and 0 for the localport

	Additionally, tweak the qemu cli parsing to handle omitted host
	parameters
	for -serial udp

2011-08-11  Laine Stump  <laine@laine.org>

	docs: use IPv6 addresses in range reserved for documentation
	Someone in an IRC channel or an email pointed out a few days ago that
	the examples of IPv6 addresses in the libvirt documentation were not
	in the officially reserved "documentation" range. This addresses their
	concern.

2011-08-11  Eric Blake  <eblake@redhat.com>

	virsh: add virsh snapshot-current --name
	Sometimes, full XML is too much; since most snapshot commands
	operate on a snapshot name, there should be an easy way to get
	at the current snapshot's name.  For example:

	virsh snapshot-revert dom `virsh snapshot-current dom --name`

	* tools/virsh.c (cmdSnapshotCurrent): Add an option.
	* tools/virsh.pod (snapshot-current): Document it.

2011-08-11  Eric Blake  <eblake@redhat.com>

	virsh: fix snapshot-create-as to handle arbitrary names
	Found this working on the next patch to use xpath to parse
	arbitrary names back out.

	* tools/virsh.c (cmdSnapshotCreateAs): Escape user input.

2011-08-11  Eric Blake  <eblake@redhat.com>

	managedsave: prohibit use on transient domains
	Transient domains reject attempts to set autostart, and using
	virDomainCreate to restart a domain only works on persistent
	domains.  Therefore, managed save makes no sense on transient
	domains, and should be rejected up front rather than creating
	an otherwise unrecoverable managed save file.

	Besides, transient domains imply that a lot more management is
	being done by the upper layer; this includes the assumption
	that the upper layer is okay managing the saved state file
	created by virDomainSave, and does not need to use managed save.

	* src/libvirt.c: Document that transient domains are incompatible
	with managed save.
	* src/qemu/qemu_driver.c (qemuDomainManagedSave): Enforce it.
	* src/libxl/libxl_driver.c (libxlDomainManagedSave): Likewise.

2011-08-10  Laine Stump  <laine@laine.org>

	docs: describe new virtual switch configuration in network XML docs
	This should have been done with the rest of the patch for virtual
	switch / network device abstraction. If documents the new elements
	(and new usage of existing elements) in the <network> XML to support
	libvirt networks that use existing host bridges and macvtap direct
	connections, as well as the new <portgroup> element.

2011-08-10  Juerg Haefliger  <juerg.haefliger@hp.com>

	Bugfix: Check stdoutWatch before removing the handler.

2011-08-10  Eric Blake  <eblake@redhat.com>

	qemu: minor formatting cleanup
	I noticed some inconsistent use of 'else'.

	* src/qemu/qemu_driver.c (qemuCPUCompare)
	(qemuDomainSnapshotCreateXML, qemuDomainRevertToSnapshot)
	(qemuDomainSnapshotDiscard): Match coding conventions.

2011-08-09  Philipp Hahn  <hahn@univention.de>

	Fix memory leak while scanning snapshots
	If a snapshot with the name already exists, virDomainSnapshotAssignDef()
	just returns NULL, in which case the snapshot definition is leaked.
	Currently this leak is not a big problem, since qemuDomainSnapshotLoad()
	is only called once during initial startup of libvirtd.

2011-08-08  Eric Blake  <eblake@redhat.com>

	build: fix regression in large file support
	* .gnulib: Update to latest, for largefile fix.

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Allow use of file images for LXC container filesystems
	A previous commit gave the LXC driver the ability to mount
	block devices for the container filesystem. Through use of
	the loopback device functionality, we can build on this to
	support use of plain file images for LXC filesytems.

	By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that
	the loop device automatically disappears when the container
	dies / shuts down

	* src/lxc/lxc_container.c: Raise error if we see a file
	  based filesystem, since it should have been turned into
	  a loopback device already
	* src/lxc/lxc_controller.c: Rewrite any filesystems of
	  type=file, into type=block, by binding the file image
	  to a free loop device

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in LXC cgroups setup error message
	* src/lxc/lxc_controller.c: s/PYT/PTY/

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Allow use of block devices for guest filesystem
	Currently the LXC driver can only populate filesystems from
	host filesystems, using bind mounts. This patch allows host
	block devices to be mounted. It autodetects the filesystem
	format at mount time, and adds the block device to the cgroups
	ACL. Example usage is

	    <filesystem type='block' accessmode='passthrough'>
	      <source dev='/dev/sda1'/>
	      <target dir='/home'/>
	    </filesystem>

	* src/lxc/lxc_container.c: Mount block device filesystems
	* src/lxc/lxc_controller.c: Add block device filesystems
	  to cgroups ACL

2011-08-08  Daniel P. Berrange  <berrange@redhat.com>

	Don't mount /dev for application containers
	An application container shouldn't get a private /dev. Fix
	the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285

	* src/lxc/lxc_container.c: Don't mount /dev for app containers

2011-08-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid overwriting errors from virGetHostname

2011-08-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid crash on process attach
	Detected by ccc-analyzer, reported by Alex Jia.

	qemuProcessStart always calls qemuProcessWaitForMonitor with a
	non-negative position, but qemuProcessAttach always calls with -1.
	In the latter case, there is no log file we can scrape, so we
	also should not be trying to scrape the logs if the qemu process
	died at the very end.

	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Don't try
	to read from log in qemuProcessAttach case.

2011-08-04  Laine Stump  <laine@laine.org>

	network: eliminate lag in updating dnsmasq hosts files
	This addresses https://bugzilla.redhat.com/show_bug.cgi?id=713728

	When "defining" a new network (or one that exists but isn't currently
	active) the new definition is stored in network->def, but for a
	network that already exists and is active, the new definition is
	stored in network->newDef, and then moved over to network->def as soon
	as the network is destroyed.

	However, the code that writes the dhcp and dns hosts files used by
	dnsmasq was always using network->def for its information, even when
	the new data was actually in network->newDef, so the hosts files
	always lagged one edit behind the definition.

	This patch changes the code to keep the pointer to the new definition
	after it's been assigned into the network, and use it directly
	(regardless of whether it's stored in network->newDef or network->def)
	to construct the hosts files.

2011-08-04  Alex Jia  <ajia@redhat.com>

	qemu: avoid dead store in qemuMonitorTextBlockJob
	Value stored to 'ret' is never read, so remove this dead assignment.

	* src/qemu/qemu_monitor_text.c: kill dead assignment.

2011-08-04  Alex Jia  <ajia@redhat.com>

	qemu: avoid dead store in qemuProcessStart
	Value stored to 'ret' is never read, in fact, 'cleanup' section will
	directly return -1 when function is fail, so remove this dead assignment.

	* src/qemu/qemu_process.c: kill dead assignment.

2011-08-04  Guannan Ren  <gren@redhat.com>

	rpc:fix sasl session relocking intead of unlocking it
	When trying to use any SASL authentication for TCP sockets by
	setting auth_tls = "sasl" in libvirtd.conf on server side, the
	client will hang because of the sasl session relocking other than
	dropping the lock when exiting virNetSASLSessionExtKeySize()
	* src/rpc/virnetsaslcontext.c: virNetSASLSessionExtKeySize drop the
	  lock on exit

2011-08-04  Osier Yang  <jyang@redhat.com>

	daemon: Unlink unix socket paths on shutdown
	This patch introduces a internal RPC API "virNetServerClose", which
	is standalone with "virNetServerFree".  it closes all the socket fds,
	and unlinks the unix socket paths, regardless of whether the socket
	is still referenced or not.

	This is to address regression bug:
	https://bugzilla.redhat.com/show_bug.cgi?id=725702

2011-08-03  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	I noticed that with 0.9.4, gnulib ended up replacing pthread_sigmask
	on glibc, even though glibc's works perfectly fine.  It turns out
	to have been an upstream gnulib bug.

	* .gnulib: Update to latest, for pthread_sigmask fix.

2011-08-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix detection of GnuTLS 1.x.y
	Detection based on gnutls_session doesn't work because GnuTLS 2.x.y
	comes with a compat.h that defines gnutls_session to gnutls_session_t.

	Instead detect this based on LIBGNUTLS_VERSION_MAJOR. Move this from
	configure/config.h to gnutls_1_0_compat.h and make sure that all users
	include gnutls_1_0_compat.h properly.

	Also fix header guard in gnutls_1_0_compat.h.

2011-08-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.4
	* configure.ac docs/news.html.in libvirt.spec.in: updates for new
	  release
	* po/*.po*: pulled translations from the transifex teams and regenerated
	  localizations

2011-08-03  Eric Blake  <eblake@redhat.com>

	qemu: silence coverity false positives
	Coverity gets confused by our logic.  Add some hints to silence
	false positives.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpuPinInfo): Add hint.
	(qemuDomainGetMemoryParameters): Likewise.

2011-08-03  Eric Blake  <eblake@redhat.com>

	util: plug memory leak
	Leak detected by Coverity; only possible on unlikely ptsname_r
	failure.  Additionally, the man page for ptsname_r states that
	failure is merely non-zero, not necessarily -1.

	* src/util/util.c (virFileOpenTtyAt): Avoid leak on ptsname_r
	failure.

2011-08-03  Eric Blake  <eblake@redhat.com>

	interface: drop dead code
	Coverity detected that ifaceGetNthParent had already dereferenced
	'nth' prior to the conditional; all callers already complied with
	passing a non-NULL pointer so make this part of the contract.

	* src/util/interface.h (ifaceGetNthParent): Add annotations.
	* src/util/interface.c (ifaceGetNthParent): Drop useless null check.

2011-08-03  Eric Blake  <eblake@redhat.com>

	rpc: silence coverity false positives
	In virNetServerNew, Coverity didn't realize that srv->mdsnGroupName
	can only be non-NULL if mdsnGroupName was non-NULL.

	In virNetServerRun, Coverity didn't realize that the array is non-NULL
	if the array count is non-zero.

	* src/rpc/virnetserver.c (virNetServerNew): Use alternate pointer.
	(virNetServerRun): Give coverity a hint.

2011-08-03  Eric Blake  <eblake@redhat.com>

	rpc: avoid null deref
	Detected by Coverity.

	* src/rpc/virnetserverclient.c (virNetServerClientDispatchRead):
	Avoid null deref on OOM.

2011-08-03  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positives
	Coverity complained that 395 out of 409 virAsprintf calls are
	checked, and therefore assumed that the remaining cases are bugs
	waiting to happen.  But in each of these cases, a failed virAsprintf
	will properly set the target string to NULL, and pass on that
	failure to the caller, without wasting efforts to check the call.
	Adding the ignore_value silences Coverity.

	* src/conf/domain_audit.c (virDomainAuditGetRdev): Ignore
	virAsprintf return value, when it behaves like we need.
	* src/network/bridge_driver.c (networkDnsmasqLeaseFileNameDefault)
	(networkRadvdConfigFileName, networkBridgeDummyNicName)
	(networkRadvdPidfileBasename): Likewise.
	* src/util/storage_file.c (absolutePathFromBaseFile): Likewise.
	* src/openvz/openvz_driver.c (openvzGenerateContainerVethName):
	Likewise.
	* src/util/command.c (virCommandTranslateStatus): Likewise.

2011-08-03  Eric Blake  <eblake@redhat.com>

	qemu: avoid memory leaks
	Quite a few leaks detected by coverity.  For chr, the leaks were
	close enough to the allocations to plug in place; for disk, the
	leaks were separated from the allocation by enough other lines with
	intermediate failure cases that I refactored the cleanup instead.

	* src/qemu/qemu_command.c (qemuParseCommandLine): Plug leaks.

2011-08-02  Eric Blake  <eblake@redhat.com>

	qemu: plug child process leak on domain core dump
	Detected by Coverity.  Leak introduced by typo in commit 58e668d2.

	* src/qemu/qemu_driver.c (doCoreDump): Use correct function.

2011-08-02  Eric Blake  <eblake@redhat.com>

	qemu: remove dead code
	Warning detected by Coverity.  No need for the NULL check, and
	removing it silences the warning without any semantic change.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): All entries to
	endjob had non-NULL vm.

2011-08-02  Eric Blake  <eblake@redhat.com>

	conf: avoid memory leak on disk operations
	Detected by Coverity.  Leak on meta introduced in commit 85aa40e.

	* src/conf/domain_conf.c (virDomainDiskDefForeachPath): Plug leak.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid crash on error
	Detected by Coverity.  Freeing the wrong variable results in both
	a memory leak and the likelihood of the caller dereferencing through
	a freed pointer.

	* src/rpc/virnettlscontext.c (virNetTLSSessionNew): Free correct
	variable.

2011-08-02  Eric Blake  <eblake@redhat.com>

	qemu: avoid null deref on block pull error
	Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
	for a NULL return; and that by not checking we risk a null deref
	during an error.  The error is unlikely since the prior call to
	virJSONValueArraySize would probably have already caught any botched
	JSON array parse, but better safe than sorry.

	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
	Check for NULL.
	(qemuMonitorJSONExtractPtyPaths): Fix typo.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: correctly process sasl whitelist globs
	Detected by Coverity.  We want to compare the result of fnmatch 'rv',
	not our pre-set return value 'ret'.

	* src/rpc/virnetsaslcontext.c (virNetSASLContextCheckIdentity):
	Check correct variable.

2011-08-02  Eric Blake  <eblake@redhat.com>

	build: allow caching the input to STATIC_ANALYSIS
	Right now, every re-run of configure re-evaluates whether a
	static analysis tool is in use.  But if you run configure under
	coverity, make a tweak, and then do an incremental rebuild with
	gcc but not coverity to test the tweak, then rerun a build under
	coverity, then configure does not get rerun, and static analysis
	ends up with lots of false positives.

	This patch caches the static analysis result, and also makes it
	easier to force static analysis even if the existing checks are
	insufficient to detect newer versions of the static analyzer tools.

	* configure.ac (lv_cv_static_analysis): New cache variable.

2011-08-02  Eric Blake  <eblake@redhat.com>

	fdstream: drop delete argument
	Revert 6a1f5f568f8.  Now that libvirt_iohelper takes fds by
	inheritance rather than by open() (commit 1eb66479), there is
	no longer a race where the parent can unlink() a file prior to
	the iohelper open()ing the same file.  From there, it makes
	more sense to have the callers both create and unlink, rather
	than the caller create and the stream unlink, since the latter
	was only needed when iohelper had to do the unlink.

	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Callers are responsible for deletion.
	* src/fdstream.c (virFDStreamOpenFileInternal): Don't leak created
	file on failure.
	(virFDStreamOpenFile, virFDStreamCreateFile): Drop parameter.
	* src/lxc/lxc_driver.c (lxcDomainOpenConsole): Update callers.
	* src/qemu/qemu_driver.c (qemuDomainScreenshot)
	(qemuDomainOpenConsole): Likewise.
	* src/storage/storage_driver.c (storageVolumeDownload)
	(storageVolumeUpload): Likewise.
	* src/uml/uml_driver.c (umlDomainOpenConsole): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.

2011-08-02  Eric Blake  <eblake@redhat.com>

	screenshot: don't unlink bogus file
	The previous qemu patch could end up calling unlink(tmp) before
	tmp was the name of a valid file (unlinking a fileXXXXXX template
	instead), or calling unlink(tmp) twice on success (once here,
	and once at the end of the stream).  Meanwhile, vbox also suffered
	from the same leaked tmp file bug.

	* src/qemu/qemu_driver.c (qemuDomainScreenshot): Don't unlink on
	success, or on invalid name.
	* src/vbox/vbox_tmpl.c (vboxDomainScreenshot): Don't leak temp file.

2011-08-02  Eric Blake  <eblake@redhat.com>

	python: avoid unlikely sign extension bug
	Detected by Coverity; same analysis as for commit f73198df.

	* python/libvirt-override.c (libvirt_virDomainGetVcpuPinInfo): Use
	correct type.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid uninitialized memory use
	Spotted by Coverity.  Gnutls documents that buffer must be NULL
	if gnutls_x509_crt_get_key_purpose_oid is to be used to determine
	the correct size needed for allocating a buffer.

	* src/rpc/virnettlscontext.c
	(virNetTLSContextCheckCertKeyPurpose): Initialize buffer.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid double close on error
	Spotted by coverity.  If pipe2 fails, then we attempt to close
	uninitialized fds, which may result in a double-close.

	* src/rpc/virnetserver.c (virNetServerSignalSetup): Initialize fds.

2011-08-02  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Unlink temporary file on failure
	Although virFDStreamOpenFile will unlink it once opened, when we hit
	error path, we must unlink it by hand.

2011-08-02  Eric Blake  <eblake@redhat.com>

	doc: fix confusing statement about required privileges
	src/libvirt.c: "may requires" is confusing; the s was extra.

2011-08-02  Eric Blake  <eblake@redhat.com>

	rpc: avoid libvirtd crash on unexpected client close
	Steps to reproduce this problem (vm1 is not running):
	for i in `seq 50`; do virsh managedsave vm1& done; killall virsh

	Pre-patch, virNetServerClientClose could end up setting client->sock
	to NULL prior to other cleanup functions trying to use client->sock.
	This fixes things by checking for NULL in more places, and by deferring
	the cleanup until after all queued messages have been served.

	* src/rpc/virnetserverclient.c (virNetServerClientRegisterEvent)
	(virNetServerClientGetFD, virNetServerClientIsSecure)
	(virNetServerClientLocalAddrString)
	(virNetServerClientRemoteAddrString): Check for closed socket.
	(virNetServerClientClose): Rearrange close sequence.
	Analysis from Wen Congyang.

2011-08-02  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdNetworkInfo
	* tools/virsh.c: avoid memory leak in cmdNetworkInfo.

	* how to reproduce?
	  % valgrind -v --leak-check=yes virsh net-info default

	  https://bugzilla.redhat.com/show_bug.cgi?id=722806

2011-08-02  Alex Jia  <ajia@redhat.com>

	doc: fix incorrect option in blockjob
	* tools/virsh.pod: change 'live' to 'abort' based on actual option

2011-08-01  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: detect when a domain was shut down from the inside
	This patch adds an internal function openvzGetVEStatus to
	get the real state of the domain. This function is used in
	various places in the driver, in particular to detect when
	the domain has been shut down by the user with the "halt"
	command.

2011-08-01  Eric Blake  <eblake@redhat.com>

	qemu: fix crash when mixing sync and async monitor jobs
	Currently, we attempt to run sync job and async job at the same time. It
	means that the monitor commands for two jobs can be run in any order.

	In the function qemuDomainObjEnterMonitorInternal():
	    if (priv->job.active == QEMU_JOB_NONE && priv->job.asyncJob) {
	        if (qemuDomainObjBeginNestedJob(driver, obj) < 0)
	We check whether the caller is an async job by priv->job.active and
	priv->job.asynJob. But when an async job is running, and a sync job is
	also running at the time of the check, then priv->job.active is not
	QEMU_JOB_NONE. So we cannot check whether the caller is an async job
	in the function qemuDomainObjEnterMonitorInternal(), and must instead
	put the burden on the caller to tell us when an async command wants
	to do a nested job.

	Once the burden is on the caller, then only async monitor enters need
	to worry about whether the VM is still running; for sync monitor enter,
	the internal return is always 0, so lots of ignore_value can be dropped.

	* src/qemu/THREADS.txt: Reflect new rules.
	* src/qemu/qemu_domain.h (qemuDomainObjEnterMonitorAsync): New
	prototype.
	* src/qemu/qemu_process.h (qemuProcessStartCPUs)
	(qemuProcessStopCPUs): Add parameter.
	* src/qemu/qemu_migration.h (qemuMigrationToFile): Likewise.
	(qemuMigrationWaitForCompletion): Make static.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal): Add
	parameter.
	(qemuDomainObjEnterMonitorAsync): New function.
	(qemuDomainObjEnterMonitor, qemuDomainObjEnterMonitorWithDriver):
	Update callers.
	* src/qemu/qemu_driver.c (qemuDomainSaveInternal)
	(qemudDomainCoreDump, doCoreDump, processWatchdogEvent)
	(qemudDomainSuspend, qemudDomainResume, qemuDomainSaveImageStartVM)
	(qemuDomainSnapshotCreateActive, qemuDomainRevertToSnapshot):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessStopCPUs)
	(qemuProcessFakeReboot, qemuProcessRecoverMigration)
	(qemuProcessRecoverJob, qemuProcessStart): Likewise.
	* src/qemu/qemu_migration.c (qemuMigrationToFile)
	(qemuMigrationWaitForCompletion, qemuMigrationUpdateJobStatus)
	(qemuMigrationJobStart, qemuDomainMigrateGraphicsRelocate)
	(doNativeMigrate, doTunnelMigrate, qemuMigrationPerformJob)
	(qemuMigrationPerformPhase, qemuMigrationFinish)
	(qemuMigrationConfirm): Likewise.
	* src/qemu/qemu_hotplug.c: Drop unneeded ignore_value.

2011-08-01  Alex Jia  <ajia@redhat.com>

	qemu: fix return value issue
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in src/qemu/qemu_driver.c:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when give a argument
	  in out of blkio weight range for a inactive guest.

	* how to reproduce?
	  % virsh blkiotune ${guestname} --weight 10
	  % echo $?

	  Note: guest must be inactive, argument 10 in out of blkio weight range,
	  and can get a error information by checking libvirtd.log, however,
	  virsh hasn't raised any error information, and return value is 0.

	  https://bugzilla.redhat.com/show_bug.cgi?id=726304

2011-08-01  Alex Jia  <ajia@redhat.com>

	qemu: fix return value issue in qemuDomainSetMemoryParameters
	whether or not previous return value is -1, the following codes will be
	executed for a inactive guest in qemuDomainSetMemoryParameters:
	ret = virDomainSaveConfig(driver->configDir, persistentDef);
	and if everything is okay, 'ret' is assigned to 0, the previous 'ret'
	will be overwritten, this patch will fix this issue.

	* src/qemu/qemu_driver.c: avoid return value is overwritten when set
	  min_guarante value to a inactive guest.

	* how to reproduce?
	  % virsh memtune ${guestname} --min_guarante 1024
	  % echo $?

	  Note: guest must be inactive, in fact, 'min_guarante' hasn't been implemented
	  in memory tunable, and I can get the error when check actual libvirtd.log,
	  however, virsh hasn't raised any error information, and return value is 0.

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Fix vol-name and vol-pool commands
	This commands don't have a --pool option, so don't tell
	vshCommandOptVolBy that there could be one. This made
	vshCommandOptString for pooloptname fail and an "missing option"
	error was reported.

	Make pooloptname optional for vshCommandOptVolBy.

2011-08-01  Guannan Ren  <gren@redhat.com>

	Correct the default value of lock_manager in qemu.conf
	* src/qemu/qemu.conf: switch back the comment for the default lock
	  manager to sanlock

2011-08-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of domjobabort
	Introduced by f9a837da73a11ef, the condition is not changed after
	the else clause is removed. So now it quit with "domain is not
	running" when the domain is running. However, when the domain is
	not running, it reports "no job is active".

	How to reproduce:

	1)
	% virsh start $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: domain is not running

	2)
	% virsh destroy $domain
	% virsh domjobabort $domain
	error: Requested operation is not valid: no job is active on the domain

	3)
	% virsh save $domain /tmp/$domain.save

	Before above commands finished, try to abort job in another terminal

	% virsh domabortjob $domain
	error: Requested operation is not valid: domain is not running

2011-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Don't leak the virtual port profile in virNetworkDefFree
	Reported by Alex Jia.

2011-07-30  Eric Blake  <eblake@redhat.com>

	save: generate idempotent inactive xml for running domain
	Originally noticed by comparing the xml generated by virDomainSave
	with the xml produced by reparsing and redumping that xml, but I
	also did an audit of every last use of VIR_DOMAIN_XML_INACTIVE in
	domain_conf.c to ensure that no other discrepancies exist.

	* src/conf/domain_conf.c (virDomainDeviceInfoIsSet): Add
	parameter, and update all callers.  Make static.
	(virDomainNetDefFormat): Skip generated ifname.
	(virDomainDefFormatInternal): Skip default <seclabel>.
	(virDomainChrSourceDefParseXML): Skip generated pty path, and add
	parameter.  Update callers.
	* src/conf/domain_conf.h (virDomainDeviceInfoIsSet): Delete.
	* src/libvirt_private.syms (domain_conf.h): Update.

2011-07-30  Eric Blake  <eblake@redhat.com>

	conf: make 'vnet' prefix a macro
	Using a macro ensures that all the code is looking for the same
	prefix.

	* src/conf/domain_conf.h (VIR_NET_GENERATED_PREFIX): New macro.
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Use it.
	* src/uml/uml_conf.c (umlConnectTapDevice): Likewise.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect): Likewise.
	Suggested by Laine Stump.

2011-07-29  Laine Stump  <laine@laine.org>

	network: don't forward DNS requests from isolated networks
	This is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=723862

	which points out that a guest on an "isolated" network could
	potentially exploit the DNS forwarding provided by dnsmasq to create a
	communication channel to the outside.

	This patch eliminates that possibility by adding the "--no-resolv"
	argument to the dnsmasq commandline, which tells dnsmasq to not
	forward on any requests that it can't resolve itself (by looking at
	its own static hosts files and runtime list of dhcp clients), but to
	instead return a failure for those requests.

	This shouldn't cause any undesirable change from current
	behavior, even in the case where a guest is currently configured with
	multiple interfaces, one of them being connected to an isolated
	network, and another to a network that does have connectivity to the
	outside. If the isolated network's DNS server is queried for a name
	it doesn't know, it will return "Refused" rather than "Unknown", which
	indicates to the guest that it should query other servers, so it then
	queries the connected DNS server, and gets the desired response.

2011-07-29  Eric Blake  <eblake@redhat.com>

	build: fix include path for cygwin
	Without this, cygwin failed to compile:

	In file included from ../src/rpc/virnetmessage.h:24,
	                 from ../src/rpc/virnetclient.h:27,
	                 from remote/remote_driver.c:31:
	../src/rpc/virnetprotocol.h:9:21: error: rpc/rpc.h: No such file or directory

	With that fixed, compilation warned:

	rpc/virnetsocket.c: In function 'virNetSocketNewListenUNIX':
	rpc/virnetsocket.c:347: warning: format '%d' expects type 'int', but argument 8 has type 'gid_t' [-Wformat]
	rpc/virnetsocket.c: In function 'virNetSocketGetLocalIdentity':
	rpc/virnetsocket.c:743: warning: pointer targets in passing argument 5 of 'getsockopt' differ in signedness

	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS)
	(libvirt_net_rpc_client_la_CFLAGS)
	(libvirt_net_rpc_server_la_CFLAGS): Include XDR_CFLAGS, for rpc
	headers on cygwin.
	* src/rpc/virnetsocket.c (virNetSocketNewListenUNIX)
	(virNetSocketGetLocalIdentity): Avoid compiler warnings.

2011-07-29  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable shell in test setup
	POSIX states that 'a=1; a=2 b=$a command' has unspecified results
	for the value of $b visible within command.  In particular, on
	BSD, this resulted in PATH not picking up the in-test ssh.

	* tests/Makefile.am (lv_abs_top_builddir): New macro.
	(path_add, TESTS_ENVIRONMENT): Use it to avoid referring to an
	environment variable set previously within the same command line.
	Reported by Matthias Bolte.

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't use bash if we don't have to
	This tested failed on FreeBSD because it was using bash, that might
	not be installed.

2011-07-29  Osier Yang  <jyang@redhat.com>

	utils: More useful error message for hook script failure
	Commit 3709a386 ported hooks codes to new command execution API,
	together with the useful error message removed. Though we can't
	get "errbuf" from the new command execution API anymore, still
	we can give a more useful error.

	https://bugzilla.redhat.com/show_bug.cgi?id=726398

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Fix build problem due to picking up the wrong libvirt.h
	Gettext annoyingly modifies CPPFLAGS in-place, putting
	-I/usr/local/include into the search patch if libintl headers
	must be used from that location.  But since we must support
	automake 1.9.6 which lacks AM_CPPFLAGS, and since CPPFLAGS is used
	prior to INCLUDES, this means that the build picks up the _old_
	installed libvirt.h in priority to the in-tree version, leading
	to all sorts of weird build failures on FreeBSD.

	Fix this by teaching configure to undo gettext's actions, but
	to keep any changes required by gettext at the end of INCLUDES
	after all in-tree locations are used first.  Also requires
	adding a wrapper Makefile.am and making gnulib-tool create
	just gnulib.mk files during the bootstrap process.

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Avoid /bin/true in commandtest
	Rely on PATH and use just true, because on FreeBSD it's /usr/bin/true.

2011-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Unify style of test skipping code
	Prefer 'return EXIT_AM_SKIP' over 'exit(EXIT_AM_SKIP)'.

	Prefer 'int main(void)' over 'int main(int argc, char **argv)'.

	Fix mymain signature in commandtest and nodeinfotest.

2011-07-28  Eric Blake  <eblake@redhat.com>

	save: let qemu driver manipulate save files
	The goal here is that save-image-dumpxml fed back to
	save-image-define should not change the save file; anywhere that
	this is not the case is probably a bug in domain_conf.c.

	* src/qemu/qemu_driver.c (qemuDomainSaveImageGetXMLDesc)
	(qemuDomainSaveImageDefineXML): New functions.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Adjust clients.

2011-07-28  Eric Blake  <eblake@redhat.com>

	save: support qemu modifying xml on domain save/restore
	With this, it is possible to update the path to a disk backing
	image on either the save or restore action, without having to
	binary edit the XML embedded in the state file.

	This also modifies virDomainSave to output a smaller xml (only
	the inactive xml, which is all the more virDomainRestore parses),
	while still guaranteeing padding for most typical abi-compatible
	xml replacements, necessary so that the next patch for
	virDomainSaveImageDefineXML will not cause unnecessary
	modifications to the save image file.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal): Add parameter,
	only use inactive state, and guarantee padding.
	(qemuDomainSaveImageOpen): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave)
	(qemuDomainRestoreFlags, qemuDomainObjRestore): Update callers.

2011-07-28  Eric Blake  <eblake@redhat.com>

	maint: add missing copyright notices
	I went with the shorter license notice used by src/libvirt.c,
	rather than spelling out the full LGPLv2+ clause into each of
	these files.

	* configure.ac: Declare copyright.
	* all Makefile.am: Likewise.

2011-07-28  Eric Blake  <eblake@redhat.com>

	xen: drop unused callbacks
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are still necessary.

	* src/xen/xen_driver.h (xenUnifiedDriver): Drop all callbacks that
	are only used directly.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Shrink list.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

2011-07-28  Eric Blake  <eblake@redhat.com>

	xen: make direct call when there is only one subdriver
	No need to use a for loop if we know there is exactly one client.
	Found by:

	for f in $(sed -n 's/.*Drv[^ ]* \([^;]*\);.*/\1/p' src/xen/xen_driver.h)
	do
	  git grep "\(\.\|->\)$f\b" src/xen
	done | cat

	and looking through the resulting list to see which callback struct
	members are used exactly once.  The next patch will ensure that we
	don't reintroduce uses of these callbacks.

	* src/xen/xen_driver.c (xenUnifiedClose): Call close
	unconditionally, to match xenUnifiedOpen.
	(xenUnifiedNodeGetInfo, xenUnifiedDomainCreateXML)
	(xenUnifiedDomainSave, xenUnifiedDomainRestore)
	(xenUnifiedDomainCoreDump, xenUnifiedDomainUpdateDeviceFlags):
	Make direct call to lone implementation.
	* src/xen/xend_internal.h (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Add prototypes.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump)
	(xenDaemonUpdateDeviceFlags, xenDaemonCreateXML): Export.

2011-07-28  Eric Blake  <eblake@redhat.com>

	xen: reduce callback special cases
	The callback struct is great when iterating through several
	possibilities, but when calling a known callback, it's just
	overhead.  We can make the direct call in those cases.

	* src/xen/xen_driver.c (xenUnifiedOpen, xenUnifiedDomainSuspend)
	(xenUnifiedDomainResume, xenUnifiedDomainDestroyFlags): Make
	direct calls instead of going through callback.

2011-07-28  Eric Blake  <eblake@redhat.com>

	xen: cleanup callback struct
	Using C99 initializers and xen-specific prefixes will make it
	so that future patches are less likely to add callback members
	to the xenUnifiedDriver struct, since the goal is to get rid
	of the callback struct in the first place.

	* src/xen/xen_driver.h (xenUnifiedDriver): Rename all struct
	members, to make it obvious which ones are still in use.
	* src/xen/xen_driver.c: Update all callers.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Rewrite with C99
	initializers.
	* src/xen/xend_internal.c (xenDaemonDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.

2011-07-28  Laine Stump  <laine@laine.org>

	libxl: fix build failure due to change in virDomainGraphicsDef
	This failure was introduced by commit dacee3d, which removed
	listenAddr from the unions in virDomainGraphicsDef in favor of putting
	it in the address attribute of virDomainGraphicsListenDef.

2011-07-28  Laine Stump  <laine@laine.org>

	qemu: support type=network in domain graphics <listen>
	The domain XML now understands the <listen> subelement of its
	<graphics> element (including when listen type='network'), and the
	network driver has an internal API that will turn a network name into
	an IP address, so the final logical step is to put the glue into the
	qemu driver so that when it is starting up a domain, if it finds
	<listen type='network' network='xyz'/> in the XML, it will call the
	network driver to get an IPv4 address associated with network xyz, and
	tell qemu to listen for vnc (or spice) on that address rather than the
	default address (localhost).

	The motivation for this is that a large installation may want the
	guests' VNC servers listening on physical interfaces rather than
	localhost, so that users can connect directly from the outside; this
	requires sending qemu the appropriate IP address to listen on. But
	this address will of course be different for each host, and if a guest
	might be migrated around from one host to another, it's important that
	the guest's config not have any information embedded in it that is
	specific to one particular host. <listen type='network.../> can solve
	this problem in the following manner:

	  1) on each host, define a libvirt network of the same name,
	     associated with the interface on that host that should be used
	     for listening (for example, a simple macvtap network: <forward
	     mode='bridge' dev='eth0'/>, or host bridge network: <forward
	     mode='bridge'/> <bridge name='br0'/>

	  2) in the <graphics> element of each guest's domain xml, tell vnc to
	     listen on the network name used in step 1:

	     <graphics type='vnc' port='5922'>
	       <listen type='network'network='example-net'/>
	     </graphics>

	(all the above also applies for graphics type='spice').

2011-07-28  Laine Stump  <laine@laine.org>

	conf: add <listen> subelement to domain <graphics> element
	Once it's plugged in, the <listen> element will be an optional
	replacement for the "listen" attribute that graphics elements already
	have. If the <listen> element is type='address', it will have an
	attribute called 'address' which will contain an IP address or dns
	name that the guest's display server should listen on. If, however,
	type='network', the <listen> element should have an attribute called
	'network' that will be set to the name of a network configuration to
	get the IP address from.

	* docs/schemas/domain.rng: updated to allow the <listen> element

	* docs/formatdomain.html.in: document the <listen> element and its
	  attributes.

	* src/conf/domain_conf.[hc]:

	  1) The domain parser, formatter, and data structure are modified to
	     support 0 or more <listen> subelements to each <graphics>
	     element. The old style "legacy" listen attribute is also still
	     accepted, and will be stored internally just as if it were a
	     separate <listen> element. On output (i.e. format), the address
	     attribute of the first <listen> element of type 'address' will be
	     duplicated in the legacy "listen" attribute of the <graphic>
	     element.

	  2) The "listenAddr" attribute has been removed from the unions in
	     virDomainGRaphicsDef for graphics types vnc, rdp, and spice.
	     This attribute is now in the <listen> subelement (aka
	     virDomainGraphicsListenDef)

	  3) Helper functions were written to provide simple access
	     (both Get and Set) to the listen elements and their attributes.

	* src/libvirt_private.syms: export the listen helper functions

	* src/qemu/qemu_command.c, src/qemu/qemu_hotplug.c,
	  src/qemu/qemu_migration.c, src/vbox/vbox_tmpl.c,
	  src/vmx/vmx.c, src/xenxs/xen_sxpr.c, src/xenxs/xen_xm.c

	  Modify all these files to use the listen helper functions rather
	  than directly referencing the (now missing) listenAddr
	  attribute. There can be multiple <listen> elements to a single
	  <graphics>, but the drivers all currently only support one, so all
	  replacements of direct access with a helper function indicate index
	  "0".

	* tests/* - only 3 of these are new files added explicitly to test the
	  new <listen> element. All the others have been modified to reflect
	  the fact that any legacy "listen" attributes passed in to the domain
	  parse will be saved in a <listen> element (i.e. one of the
	  virDomainGraphicsListenDefs), and during the domain format function,
	  both the <listen> element as well as the legacy attributes will be
	  output.

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: avoid missing zero value judgement in cmdBlkiotune
	* tools/virsh.c: fix missing zero value judgement in cmdBlkiotune and correct
	  vshError information.

	  when weight is equal to 0, the cmdBlkiotune will not raise any error information
	  when judge weight value first time, and execute else branch to judge weight
	  value again, strncpy(temp->field, VIR_DOMAIN_BLKIO_WEIGHT, sizeof(temp->field))
	  will be not executed for ever. However, if and only if param->field is equal
	  to VIR_DOMAIN_BLKIO_WEIGHT, underlying qemuDomainSetBlkioParameters function
	  will check whether weight value is in range [100, 1000].

	* how to reproduce?

	  % virsh blkiotune ${guestname} --weight 0

2011-07-28  Eric Blake  <eblake@redhat.com>

	build: avoid type-punning compiler warning
	On RHEL 5, with gcc 4.1.2:

	rpc/virnetsaslcontext.c: In function 'virNetSASLSessionUpdateBufSize':
	rpc/virnetsaslcontext.c:396: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]

	* src/rpc/virnetsaslcontext.c (virNetSASLSessionUpdateBufSize):
	Use a union to work around gcc warning.

2011-07-28  Eric Blake  <eblake@redhat.com>

	qemu: fix nested job with driver lock held
	qemuMigrationUpdateJobStatus (called in a loop by migration
	and save tasks) uses qemuDomainObjEnterMonitorWithDriver;
	however, that function ended up starting a nested job without
	releasing the driver.

	Since no one else is making nested calls, we can inline the
	internal functions to properly track driver_locked.

	* src/qemu/qemu_domain.h (qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused prototypes.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitorInternal):
	Reflect driver lock to nested job.
	(qemuDomainObjBeginNestedJob)
	(qemuDomainObjBeginNestedJobWithDriver)
	(qemuDomainObjEndNestedJob): Drop unused functions.

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Fix memory leak on metadata fetching
	As written in virStorageFileGetMetadataFromFD decription, caller
	must free metadata after use. Qemu driver miss this and therefore
	leak metadata which can grow to huge mem leak if somebody query
	for blockInfo a lot.

2011-07-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	freebsd: Add gnulib environ module for the commandtest

2011-07-28  Michal Privoznik  <mprivozn@redhat.com>

	libvirt.c: Update outdated description of flags
	Because we do support flags for virDomainSetBlkioParameters and
	virDomainGetBlkioParameters, update appropriate description as well.

2011-07-28  Hu Tao  <hutao@cn.fujitsu.com>

	python: add python binding for virDomainSetMemoryParameters

	python: add python binding for virDomainGetMemoryParameters

	python: add python binding for virDomainSetBlkioParameters

	python: add python binding for virDomainGetBlkioParameters

2011-07-28  Alex Jia  <ajia@redhat.com>

	virsh: fix memory leak in cmdVolPath code
	* tools/virsh.c: avoid memory leak in cmdVolPath.
	* src/libvirt.c: Add doc for virStorageVolGetPath to tell one
	  must free() the returned path after use.

	* how to reproduce?

	% dd if=/dev/zero of=/var/lib/libvirt/images/foo.img count=1 bs=10M
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

	* actual results:

	Detected in valgrind run:

	==16436== 32 bytes in 1 blocks are definitely lost in loss record 7 of 22
	==16436==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
	==16436==    by 0x386A314B3D: xdr_string (in /lib64/libc-2.12.so)
	==16436==    by 0x3DF8CD770D: xdr_remote_nonnull_string (remote_protocol.c:3
	==16436==    by 0x3DF8CD7EC8: xdr_remote_storage_vol_get_path_ret
	% virsh pool-refresh default
	% valgrind -v --leak-check=full virsh vol-path --vol \
	/var/lib/libvirt/images/foo.img

2011-07-28  Osier Yang  <jyang@redhat.com>

	qemu: Improve docs for virsh dump format
	The error in getCompressionType will never be reported, change
	the errors codes into warning (VIR_WARN("%s", _(foo)); doesn't break
	syntax-check rule), and also improve the docs in qemu.conf to tell
	user the truth.

2011-07-28  Eric Blake  <eblake@redhat.com>

	qemu: improve thread documentation
	* src/qemu/THREADS.txt: Fix problems with typos, grammar, and
	outdated examples.

2011-07-27  Eric Blake  <eblake@redhat.com>

	virsh: expose change-protection during migration
	* tools/virsh.c (doMigrate): Add --change-protection flag.
	* tools/virsh.pod (migrate): Document it.

2011-07-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Fix memory leak in remoteDomainSet*Parameters functions
	Add a new helper remoteFreeTypedParameters and teach the generator
	to add it to the cleanup section.

	https://bugzilla.redhat.com/show_bug.cgi?id=725322

2011-07-27  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implement Python API

2011-07-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove special case for virDomainAbortJob
	This doesn't abort migration job in any phase, yet.

	qemu: Remove special case for virDomainSuspend

	qemu: Remove special case for virDomainMigrateSetMaxDowntime
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainMigrateSetMaxSpeed
	Call qemu monitor command directly within a special job that is only
	allowed during outgoing migration.

	qemu: Remove special case for virDomainBlockStats
	Like other query commands, this can now be called directly during
	migration.

	qemu: Remove special case for virDomainGetBlockInfo
	Like other query commands, this can now be called directly during
	migration.

	qemu: Recover from interrupted migration

2011-07-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Migration job on source daemon
	Make MIGRATION_OUT use the new helper methods.

	This also introduces new protection to migration v3 process: the
	migration job is held from Begin to Confirm to avoid changes to a domain
	during migration (esp. between Begin and Perform phases). This change is
	automatically applied to p2p and tunneled migrations. For normal
	migration, this requires support from a client. In other words, if an
	old (pre 0.9.4) client starts normal migration of a domain, the domain
	will not be protected against changes between Begin and Perform steps.

2011-07-27  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Migration job on destination daemon
	Make MIGRATION_IN use the new helper methods.

	qemu: Implement migration job phases
	This patch introduces several helper methods to deal with jobs and
	phases during migration in a simpler manner.

2011-07-27  Eric Blake  <eblake@redhat.com>

	build: support warnings on RHEL 5
	Without this, a configure built by autoconf 2.59 was broken when
	trying to detect which compiler warning flags were supported.

	* .gnulib: Update to latest, for warnings.m4 fix.
	* bootstrap.conf: Add fclose explicitly, to match recent gnulib
	implicit dependency changes.
	* src/qemu/qemu_conf.c (includes): Drop unused include.
	* src/uml/uml_conf.c (include): Likewise.
	Reported by Daniel P. Berrange.

2011-07-27  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Integrate bandwidth into portgroups
	Every DomainNetDef has a bandwidth, as does every portgroup.
	Whenever a DomainNetDef of type NETWORK is about to be used, a call is
	made to networkAllocateActualDevice(). This function chooses the "best"
	bandwidth object and places it in the DomainActualNetDef.
	From that point on, whenever some code needs to use the bandwidth data
	for the interface, it's retrieved with virDomainNetGetActualBandwidth(),
	which will always return the "best" info as determined in the
	previous step.

2011-07-27  Osier Yang  <jyang@redhat.com>

	doc: Add doc for blockpull and blockjob commands
	Commit b31abc6f0 introduce commands blockpull and blockjob, but
	forgot to add the docs meanwhile.

2011-07-27  Cole Robinson  <crobinso@redhat.com>

	python: Properly report errors if virStreamRecv fails
	We only want to raise the special value -2. -1 should return None
	which tells the bindings to throw an exception.

2011-07-26  Alex Jia  <ajia@redhat.com>

	tools: format percent strings of nodecpustats
	* tools/virsh.c: format strings display for virsh nodecpustats --percent.

	* how to reproduce?

	% virsh nodecpustats --percent
	usage:            2.0%
	    user  :       1.0%
	    system:       1.0%
	idle  :          98.0%
	iowait:           0.0%

	* after format strings

	% virsh nodecpustats --percent
	usage:            2.0%
	user:             1.0%
	system:           1.0%
	idle:            98.0%
	iowait:           0.0%

2011-07-26  Stefan Berger  <stefanb@us.ibm.com>

	Build: fix build if HAVE_AVAHI is not defined
	Fix the build if HAVE_AVAHI is not defined.

2011-07-26  Dave Allan  <dallan@redhat.com>

	Fix incorrect implication about list options
	The description of the list command seemed to suggest that it could
	take a set of domains as an argument, which is not correct in the
	current HEAD.  If virsh list is intended to take a list of domains,
	then this patch should be NAK'd and a bug opened against virsh list.

	Reported by hachi on #virt

	v2:

	Change language to include transient domains

	Osier pointed out that transient domains are not defined, so what I
	had originally proposed wasn't quite correct.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix race in ref counting when handling RPC jobs
	When an incoming RPC message is ready for processing,

	  virNetServerClientDispatchRead()

	will invoke the 'dispatchFunc' callback. This is set to

	  virNetServerDispatchNewMessage

	This function puts the message + client in a queue for processing by the thread
	pool. The thread pool worker function is

	  virNetServerHandleJob

	The first thing this does is acquire an extra reference on the 'client'.

	Unfortunately, between the time the message+client are put on the thread pool
	queue, and the time the worker runs, the client object may have had its last
	reference removed.

	We clearly need to add the reference to the client object before putting the
	client on the processing queue

	* src/rpc/virnetserverclient.c: Add a reference to the client when
	  invoking the dispatch function
	* src/rpc/virnetserver.c: Don't acquire a reference to the client
	  when in the worker thread

2011-07-26  Wen Congyang  <wency@cn.fujitsu.com>

	set cpu bandwidth for the vm
	The cpu bandwidth is applied at the vcpu group level. We should apply it
	at the vm group level too, because the vm may do heavy I/O, and it will affect
	the other vm.

	We apply cpu bandwidth at the vcpu and the vm group level, so we must ensure
	that max(child_quota) <= parent_quota when we modify cpu bandwidth.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix build with gnutls 1.0.x branch

	Fix typos in virsh.pod file
	* tools/virsh.pod: Fix missing > tag in docs

2011-07-26  Osier Yang  <jyang@redhat.com>

	network: Fix typo
	Introduced by commit 239322cb, reported by Ruben Kerkhof.

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Add libtasn1-devel as a BuildRequires for libvirt.spec
	* libvirt.spec.in: Add libtasn1-devel

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Add mutex protection to SASL and TLS modules
	The virNetSASLContext, virNetSASLSession, virNetTLSContext and
	virNetTLSSession classes previously relied in their owners
	(virNetClient / virNetServer / virNetServerClient) to provide
	locking protection for concurrent usage. When virNetSocket
	gained its own locking code, this invalidated the implicit
	safety the SASL/TLS modules relied on. Thus we need to give
	them all explicit locking of their own via new mutexes.

	* src/rpc/virnetsaslcontext.c, src/rpc/virnettlscontext.c: Add
	  a mutex per object

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Report error if unable to bind to any socket
	When setting up a server socket, we must skip EADDRINUSE errors
	from bind, since the IPv6 socket bind may have already bound to
	the IPv4 socket too. If we don't manage to bind to any sockets
	at all though, we should then report the EADDRINUSE error as
	normal.

	This fixes the case where libvirtd would not exit if some other
	program was listening on its TCP/TLS ports.

	* src/rpc/virnetsocket.c: Report EADDRINUSE

2011-07-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mDNS object in virNetServer
	* src/rpc/virnetserver.c: Free mDNS object

	Fix memory leaks in MDNS code
	* src/rpc/virnetservermdns.c: Fix leaks

2011-07-25  Eric Blake  <eblake@redhat.com>

	virsh: use faster bit search
	Now that gnulib gives us ffs, we might as well use it.

	* tools/virsh.c (vshCmddefGetData): Use ffs rather than
	count_one_bits.

2011-07-25  Eric Blake  <eblake@redhat.com>

	virsh: make vcpucount use --current consistently
	Rename the existing --current flag to the new name --active,
	while adding a new flag --current to expose the new
	VIR_DOMAIN_AFFECT_CURRENT flag of virDomainGetVcpusFlags.

	For backwards compability, the output does not change (even
	though the label "current" no longer matches the spelling of
	the option that would trigger that number in isolation), and
	we accept "--current --live" as an undocumented synonym for
	"--active --live" to avoid breaking any existing clients.

	* tools/virsh.c (cmdVcpucount): Add --active flag, and rearrange
	existing flag handling to expose VIR_DOMAIN_AFFECT_CURRENT support.
	* tools/virsh.pod (vcpucount): Document this.

2011-07-25  Eric Blake  <eblake@redhat.com>

	vcpu: teach getVcpusFlags about current
	Now that virDomainSetVcpusFlags knows about VIR_DOMAIN_AFFECT_CURRENT,
	so should virDomainGetVcpusFlags.

	Unfortunately, the virsh counterpart 'virsh vcpucount' has already
	commandeered --current for a different meaning, so teaching virsh
	to expose this in the next patch will require a bit of care.

	* src/libvirt.c (virDomainGetVcpusFlags): Allow
	VIR_DOMAIN_AFFECT_CURRENT.
	* src/libxl/libxl_driver.c (libxlDomainGetVcpusFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainGetVcpusFlags): Likewise.
	* src/test/test_driver.c (testDomainGetVcpusFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Likewise.

2011-07-25  Cole Robinson  <crobinso@redhat.com>

	python: Handle embedded NUL in stream.send data
	Otherwise things like volume upload are only useful with text data.

2011-07-25  Laine Stump  <laine@laine.org>

	util: change virFile*Pid functions to return < 0 on failure
	Although most functions in libvirt return 0 on success and < 0 on
	failure, there are a few functions lingering around that return errno
	(a positive value) on failure, and sometimes code calling those
	functions incorrectly assumes the <0 standard. I noticed one of these
	the other day when auditing networkStartDhcpDaemon after Guido Gunther
	found a place where success was improperly returned on failure (that
	patch has been acked and is pending a push). The problem was that it
	expected the return value from virFileReadPid to be < 0 on failure,
	but it was actually positive (it was also neglected to set the return
	code in this case, similar to the bug found by Guido).

	This all led to the fact that *all* of the virFile*Pid functions in
	util.c are returning errno on failure. This patch remedies that
	problem by changing them all to return -errno on failure, and makes
	any necessary changes to callers of the functions. (In the meantime, I
	also properly set the return code on failure of virFileReadPid in
	networkStartDhcpDaemon).

2011-07-25  Guido Günther  <agx@sigxcpu.org>

	Catch dnsmasq start failures
	While we checked the return value we didn't maks sure ret != 0 which
	resulted in dnsmasq errors being ignored.

2011-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix import of private key with older gnutls
	With older GNUTLS the gnutls_x509_privkey_import function is
	unable to import our private key. Instead we must use the
	alternative gnutls_x509_privkey_import_pkcs8() (as certtool
	does).

	* virnettlscontexttest.c: Fix import of private key with
	  older gnutls. Also add missing newlines to key

2011-07-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix TLS context tests with expired certs
	commit 5283ea9b1d8a4b0f2fd6796bf60615aca7b6c3e6 changed the
	semantics of the 'expire_offset' field in the test case struct
	so that instead of being an absolute timestamp, it was a delta
	relative to the current time. This broke the test cases which
	were testing expiry of certificates, by putting the expiry
	time into the future, instead of in the past.

	Fix this by changing the expiry values to be negative, so that
	the delta goes into the past again.

	* virnettlscontexttest.c: Fix expiry tests

2011-07-25  Wen Congyang  <wency@cn.fujitsu.com>

	rename cfs_* to vcpu_*
	In the XML file we now have

	  <cputune>
	    <shares>1024</shares>
	    <period>90000</period>
	    <quota>0</quota>
	  </cputune>

	But the schedinfo parameter are being named

	 cpu_shares: 1024
	 cfs_period: 90000
	 cfs_quota: 0

	The period/quota is per-vcpu value, so these new tunables should be named
	'vcpu_period' and 'vcpu_quota'.

2011-07-25  Cole Robinson  <crobinso@redhat.com>

	docs: Break up 'Basic Resources' XML section
	We had a bit too many elements crammed in there. Separate it into different
	headings:

	- CPU Allocation (<vcpus>)
	- CPU Tuning (<cputune>)
	- Memory allocation (<memory> and <currentMemory>)
	- Memory backing (<memoryBacking>)
	- Memory tuning (<memtune>)
	- Numa tuning (<numatune>)
	- Block I/O tuning (<blkiotune>)

2011-07-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	python: add Python binding for virDomainGetVcpuPinInfo API
	This patch adds the Python bindings for virDomainGetVcpuPinInfo API.
	* python/generator.py: add it to generator skip list
	* python/libvirt-override-api.xml: provide an override description
	* python/libvirt-override.c: provide an override binding implementation

	python: add Python binding for virDomainPinVcpusFlags API
	This patch adds the Python bindings for virDomainPinVcpuFlags API.
	* python/generator.py: add it to the generator skip list
	* python/libvirt-override-api.xml: provide override description
	* python/libvirt-override.c: provide override bindings implementation

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.

	python: add Python binding for virDomainGetSchedulerParametersFlags API
	This patch adds the Python bindings for
	virDomainGetSchedulerParametersFlags API.
	* python/libvirt-override-api.xml: provide and override description
	* python/libvirt-override.c: implement the bindings

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: detect gnutls errors
	* tests/virnettlscontexttest.c (testTLSLoadKey): Report errors.

2011-07-25  Wieland Hoffmann  <themineo@googlemail.com>

	driver.h: Fix two driver documentation mistakes

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Add domain schema and xml2xml tests

	bandwidth: Add test cases for network

	bandwidth: Implement functions to enable and disable QoS
	These function executes 'tc' with appropriate arguments to set
	desired QoS setting on interface or bridge during its creation.

	bandwidth: Create format functions

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Add parsing and free functions
	These functions parse given XML node and return pointer to the
	output. Unknown elements are silently ignored. Attributes must
	be integer and must fit in unsigned long long.

	Free function frees elements of virBandwidth structure.

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Declare internal structures

2011-07-25  Michal Privoznik  <mprivozn@redhat.com>

	bandwidth: Define schema and create documentation
	Define new 'bandwidth' element with possible child element 'inbound'
	and 'outbound' addressing incoming and outgoing traffic respectively:

	<bandwidth>
	  <inbound average='1000' peak='2000' burst='5120'/>
	  <outbound average='500'/>
	</bandwidth>

	Leaving any element out means not to shape traffic in that
	direction.
	The units for average and peak (rate) are in kilobytes per second,
	for burst (size) are just in kilobytes.
	This element can be inserted into domain's 'interface' and
	'network'.

2011-07-25  Laine Stump  <laine@laine.org>

	network: provide internal API to return IP of a network
	The new listenNetwork attribute needs to learn an IP address based on a
	named network. This patch provides a function networkGetNetworkAddress
	which provides that.

	Some networks have an IP address explicitly in their configuration
	(ie, those with a forward type of "none", "route", or "nat"). For
	those, we can just return the IP address from the config.

	The rest will have a physical device associated with them (either via
	<bridge name='...'/>, <forward ... dev='...'/>, or possibly via a pool
	of interfaces inside the network's <forward> element) and we will need
	to ask the kernel for a current IP address of that device (via the
	newly added ifaceGetIPAddress)

	If networkGetNetworkAddress encounters an error while trying to learn
	the address for a network, it will return -1. In the case that libvirt
	has been compiled without the network driver, the call is a macro
	which reduces to -2. This allows differentiating between a failure of
	the network driver, and its complete absence.

2011-07-25  Laine Stump  <laine@laine.org>

	util: add an ifaceGetIPAddress to the interface utilities
	This function uses ioctl(SIOCGIFADDR), which limits it to returning
	the first IPv4 address of an interface, but that's what we want right
	now (the place we're going to use the address only accepts one).

2011-07-25  Eric Blake  <eblake@redhat.com>

	tests: fix compilation failures
	Even though gnutls is a hard-req for libvirt, and gnutls depends
	on libtasn1, that does not mean that you have to have the libtasn1
	development files installed.  Skip the test rather than failing
	compilation in that case.

	With newer gcc, the test consumed too much stack space.  Move
	things to static storage to fix that.

	* configure.ac (AC_CHECK_HEADERS): Check for libtasn1.h.
	(HAVE_LIBTASN1): New automake conditional.
	* tests/Makefile.am (virnettlsconvirnettlscontexttest_SOURCES)
	(virnettlscontexttest_LDADD): Allow compilation without libtasn1.
	* tests/virnettlscontexttest.c: Skip test if headers not present.
	(struct testTLSCertReq): Alter time members.
	(testTLSGenerateCert): Reflect the change.
	(mymain): Reduce stack usage.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Pre-create /var/lib/libvirt/sanlock directory
	The sanlock plugin for libvirt expects the directory
	/var/lib/libvirt/sanlock to exist. Create this and add
	it to the RPM

	* libvirt.spec.in: Add /var/lib/libvirt/sanlock
	* src/Makefile.am: Create /var/lib/libvirt/sanlock

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Honour filesystem readonly flag & make special FS readonly
	A container should not be allowed to modify stuff in /sys
	or /proc/sys so make them readonly. Make /selinux readonly
	so that containers think that selinux is disabled.

	Honour the readonly flag when mounting container filesystems
	from the guest XML config

	* src/lxc/lxc_container.c: Support readonly mounts

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Refactor mounting of special filesystems
	Even in non-virtual root filesystem mode we should be mounting
	more than just a new /proc. Refactor lxcContainerMountBasicFS
	so that it does everything except for /dev and /dev/pts moving
	that into lxcContainerMountDevFS. Pass in a source prefix
	to lxcContainerMountBasicFS() so it can be used in both shared
	root and private root modes.

	* src/lxc/lxc_container.c: Unify mounting code for special
	  filesystems

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Pull code for doing a bind mount into separate method
	The bind mount setup is about to get more complicated.
	To avoid having to deal with several copies, pull it
	out into a separate lxcContainerMountFSBind method.

	Also pull out the iteration over container filesystems,
	so that it will be easier to drop in support for non-bind
	mount filesystems

	* src/lxc/lxc_container.c: Pull bind mount code out into
	  lxcContainerMountFSBind

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typos in daemon config file from previous commit

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Add a test case for certificate validation
	This test case checks certification validation rules for

	 - Basic constraints
	 - Key purpose
	 - Key usage
	 - Start/expiry times

	It checks initial context creation sanity checks, and live
	session validation

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Allow certificate sanity checking to be disabled
	When libvirtd starts it it will sanity check its own certs,
	and before libvirt clients connect to a remote server they
	will sanity check their own certs. This patch allows such
	sanity checking to be skipped. There is no strong reason to
	need to do this, other than to bypass possible libvirt bugs
	in sanity checking, or for testing purposes.

	libvirt.conf gains tls_no_sanity_certificate parameter to
	go along with tls_no_verify_certificate. The remote driver
	client URIs gain a no_sanity URI parameter

	* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
	  daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
	  allow cert sanity checks to be skipped
	* src/remote/remote_driver.c: Add no_sanity parameter to
	  skip cert checks
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
	  Add new parameter for skipping sanity checks independantly
	  of skipping session cert validation checks

2011-07-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Use $(PYTHON) instead of python for the keycode map generator
	Also prepend $(AM_V_GEN) to the command line, mark virkeycode-mapgen.py
	as executable and switch the shebang line from /bin/python to the
	commonly use /usr/bin/python.

2011-07-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Fix double-freeing the session in xenapiClose
	xen_session_logout already frees the whole session object.
	Don't call xenSessionFree on a freed session object.

	Reported by Sharmila Radhakrishnan.

2011-07-22  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: optional "keyfile" parameter.
	New optional parameter "keyfile" for ssh transport allows the user to select
	the private key to be used to authenticate to the remote host.

2011-07-22  Laine Stump  <laine@laine.org>

	util: make interface.c functions consistently return < 0 on error
	All of the functions in util/interface.c were returning 0 on success,
	but some returned -1 on error, and some returned a positive value
	(usually the value of errno, but sometimes just 1). Libvirt's standard
	is to return < 0 on error (in the case of functions that need to
	return errno, -errno is returned.

	This patch modifies all functions in interface.c to consistently
	return < 0 on error, and makes changes to callers of those functions
	where necessary.

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the certification validation code
	There is some commonality between the code for sanity checking
	certs when initializing libvirt and the code for validating
	certs during a live TLS session handshake. This patchset splits
	up the sanity checking function into several smaller functions
	each doing a specific type of check. The cert validation code
	is then updated to also call into these functions

	* src/rpc/virnettlscontext.c: Refactor cert validation code

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove call to deprecated gnutls_certificate_type_set_priority (again)
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, it was not
	serving any useful purpose and can be removed

	* src/rpc/virnettlscontext.c: Remove gnutls_certificate_type_set_priority
	  call

2011-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that libvirtd shuts down if initialization fails
	If the virStateInitialize call fails we must shutdown libvirtd
	since drivers will not be available. Just free'ing the virNetServer
	is not sufficient, we must send a SIGTERM to ourselves so that
	we interrupt the event loop and trigger a orderly shutdown

	* daemon/libvirtd.c: Kill ourselves if state init fails
	* src/rpc/virnetserver.c: Add some debugging to event loop

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockJob completion
	When an operation started by virDomainBlockPull completes (either with
	success or with failure), raise an event to indicate the final status.
	This API allow users to avoid polling on virDomainGetBlockJobInfo if
	they would prefer to use an event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Enable virDomainBlockPull in the python API
	virDomainGetBlockJobInfo requires manual override since it returns a
	custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Initiate a blockPull for the given disk
	 * blockjob: Retrieve progress info, modify speed, and cancel active block jobs

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	following HMP/QMP commands: 'block_stream', 'block_job_cancel',
	 'info block-jobs' / 'query-block-jobs', and 'block_job_set_speed'.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the proper qemu monitor commands.
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Add virDomainBlockPull support to the remote driver
	The generator can handle everything except virDomainGetBlockJobInfo().

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side for virDomainGetBlockJobInfo.
	* src/remote_protocol-structs: structure definitions for protocol verification
	* src/rpc/gendispatch.pl: Permit some unsigned long parameters

2011-07-22  Adam Litke  <agl@us.ibm.com>

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

2011-07-22  Adam Litke  <agl@us.ibm.com>

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to
	prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings
	* are
	  implemented later
	* src/libvirt_public.syms: export symbols
	* docs/apibuild.py: Extend 'unsigned long' parameter exception to this
	* API

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: add virsh commands for manipulating save files
	Now you can edit a saved state file even if you forgot to grab
	a dumpxml file prior to saving a domain.  Plus, in-place editing
	feels so much nicer.

	* tools/virsh.c (cmdSaveImageDumpxml, cmdSaveImageDefine)
	(cmdSaveImageEdit): New commands.
	* tools/virsh.pod (save-image-dumpxml, save-image-define)
	(save-image-edit): Document them.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_image_get_xml_desc_args)
	(remote_domain_save_image_get_xml_desc_ret)
	(remote_domain_save_image_define_xml_args): New structs.
	* src/remote_protocol-structs: Update.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: new API to manipulate save file images
	Modifying the xml on either save or restore only gets you so
	far - you have to remember to 'virsh dumpxml dom' just prior
	to the 'virsh save' in order to have an xml file worth modifying
	that won't be rejected due to abi breaks.  To make this more
	powerful, we need a way to grab the xml embedded within a state
	file, and from there, it's not much harder to also support
	modifying a state file in-place.

	Also, virDomainGetXMLDesc didn't document its flags.

	* include/libvirt/libvirt.h.in (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New prototypes.
	* src/libvirt.c (virDomainSaveImageGetXMLDesc)
	(virDomainSaveImageDefineXML): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveImageGetXMLDesc)
	(virDrvDomainSaveImgeDefineXML): New driver callbacks.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: support bypass-cache flag in libvirt-guests init script
	libvirt-guests is a perfect use case for bypassing the file system
	cache - lots of filesystem traffic done at system shutdown, where
	caching is pointless, and startup, where reading large files only
	once just gets in the way.  Make this a configurable option in the
	init script, but defaulting to existing behavior.

	* tools/libvirt-guests.sysconf (BYPASS_CACHE): New variable.
	* tools/libvirt-guests.init.sh (start, suspend_guest): Use it.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: support bypass-cache flag in qemu.conf
	When auto-dumping a domain on crash events, or autostarting a domain
	with managed save state, let the user configure whether to imply
	the bypass cache flag.

	* src/qemu/qemu.conf (auto_dump_bypass_cache, auto_start_bypass_cache):
	Document new variables.
	* src/qemu/libvirtd_qemu.aug (vnc_entry): Let augeas parse them.
	* src/qemu/qemu_conf.h (qemud_driver): Store new preferences.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Parse them.
	* src/qemu/qemu_driver.c (processWatchdogEvent, qemuAutostartDomain):
	Honor them.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: support BYPASS_CACHE during qemu save/restore
	Wire together the previous patches to support file system cache
	bypass during API save/restore requests in qemu.

	* src/qemu/qemu_driver.c (qemuDomainSaveInternal, doCoreDump)
	(qemudDomainObjStart, qemuDomainSaveImageOpen, qemuDomainObjRestore)
	(qemuDomainObjStart): Add parameter.
	(qemuDomainSaveFlags, qemuDomainManagedSave, qemudDomainCoreDump)
	(processWatchdogEvent, qemudDomainStartWithFlags, qemuAutostartDomain)
	(qemuDomainRestoreFlags): Update callers.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: add virFileDirectFd wrapper type
	O_DIRECT has stringent requirements.  Rather than make lots of changes
	at each site that wants to use O_DIRECT, it is easier to offload
	the work through a helper process that mirrors the I/O between a
	pipe and the actual direct fd, so that the other end of the pipe
	no longer has to worry about constraints.

	Plus, if the kernel ever gains better posix_fadvise support, then we
	only have to touch a single file to let all callers benefit from a
	more efficient way to avoid file system caching.

	* src/util/virfile.h (virFileDirectFdFlag, virFileDirectFdNew)
	(virFileDirectFdClose, virFileDirectFdFree): New prototypes.
	* src/util/virdirect.c: Implement new wrapper object.
	* src/libvirt_private.syms (virfile.h): Export new symbols.
	* cfg.mk (useless_free_options): Add to list.
	* po/POTFILES.in: Add new translations.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: let iohelper work on O_DIRECT fds
	Required for a coming patch where iohelper will operate on O_DIRECT
	fds.  There, the user-space memory must be aligned to file system
	boundaries (at least 512, but using page-aligned works better, and
	some file systems prefer 64k).  Made tougher by the fact that
	VIR_ALLOC won't work on void *, but posix_memalign won't work on
	char * and isn't available everywhere.

	This patch makes some simplifying assumptions - namely, output
	to an O_DIRECT fd will only be attempted on an empty seekable
	file (hence, no need to worry about preserving existing data
	on a partial block, and ftruncate will work to undo the effects
	of having to round up the size of the last block written), and
	input from an O_DIRECT fd will only be attempted on a complete
	seekable file with the only possible short read at EOF.

	* configure.ac (AC_CHECK_FUNCS_ONCE): Check for posix_memalign.
	* src/util/iohelper.c (runIO): Use aligned memory, and handle
	quirks of O_DIRECT on last write.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: let iohelper handle inherited fd
	Rather than making the iohelper subject to a race in reopening
	the file, it is nicer to pass an already-open fd by inheritance.

	The old synopsis form must continue to work - if someone updates
	their libvirt package and installs a new libvirt_iohelper but
	without restarting the old libvirtd daemon, then the daemon can
	still make calls using the old syntax but the new iohelper.

	* src/util/iohelper.c (runIO): Split code for open...
	(prepare): ...to new function.
	(usage): Update synopsis.
	(main): Allow alternate calling form.
	* src/fdstream.c (virFDStreamOpenFileInternal): Use alternate form.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: support --xml to virsh save/restore
	Also, migrate was missing documentation for the --xml option
	added in commit ec5301cb.

	* tools/virsh.c (cmdSave, cmdRestore): Add xml argument.
	* tools/virsh.pod (save, restore, migrate): Document it.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: add --bypass-cache flag to virsh save/restore operations
	Wire up the new flag to several virsh commands.  Also, the
	'dump' command had undocumented flags.

	* tools/virsh.c (cmdSave, cmdManagedSave, cmdDump, cmdStart)
	(cmdRestore): Add new flag.
	* tools/virsh.pod (save, managedsave, dump, start, restore):
	Document flags.

2011-07-22  Eric Blake  <eblake@redhat.com>

	save: wire up trivial save/restore flags implementations
	For all hypervisors that support save and restore, the new API
	now performs the same functions as the old.

	VBox is excluded from this list, because its existing domainsave
	is broken (there is no corresponding domainrestore, and there
	is no control over the filename used in the save).  A later
	patch should change vbox to use its implementation for
	managedsave, and teach start to use managedsave results.

	* src/libxl/libxl_driver.c (libxlDomainSave): Move guts...
	(libxlDomainSaveFlags): ...to new function.
	(libxlDomainRestore): Move guts...
	(libxlDomainRestoreFlags): ...to new function.
	* src/test/test_driver.c (testDomainSave, testDomainSaveFlags)
	(testDomainRestore, testDomainRestoreFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSave)
	(xenUnifiedDomainSaveFlags, xenUnifiedDomainRestore)
	(xenUnifiedDomainRestoreFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSave, qemudDomainRestore):
	Rename and move guts.
	(qemuDomainSave, qemuDomainSaveFlags, qemuDomainRestore)
	(qemuDomainRestoreFlags): ...here.
	(qemudDomainSaveFlag): Rename...
	(qemuDomainSaveInternal): ...to this, and update callers.

2011-07-22  Eric Blake  <eblake@redhat.com>

	error: add new error type for reflecting partial API support
	VIR_ERR_INVALID_ARG implies that an argument cannot possibly
	be correct, given the current state of the API.
	VIR_ERR_CONFIG_UNSUPPORTED implies that a configuration is
	wrong, but arguments aren't configuration.
	VIR_ERR_NO_SUPPORT implies that a function is completely
	unimplemented.

	But in the case of a function that is partially implemented,
	yet the full power of the API is not available for that
	driver, none of the above messages make sense.  Hence a new
	error message, implying that the argument is known to comply
	with the current state of the API, and that while the driver
	supports aspects of the function, it does not support that
	particular use of the argument.

	A good use case for this is a driver that supports
	virDomainSaveFlags, but not the dxml argument of that API.

	It might be feasible to also use this new error for all functions
	that check flags, and which accept fewer flags than what is possible
	in the public API.  But doing so would get complicated, since
	neither libvirt.c nor the remote driver may do flag filtering,
	and every other driver would have to do a two-part check, first
	using virCheckFlags on all public flags (which gives
	VIR_ERR_INVALID_ARG for an impossible flag), followed by a
	particular mask check for VIR_ERR_ARGUMENT_UNSUPPORTED (for a
	possible public flag but unsupported by this driver).

	* include/libvirt/virterror.h (VIR_ERR_ARGUMENT_UNSUPPORTED): New
	error.
	* src/util/virterror.c (virErrorMsg): Give it a message.
	Suggested by Daniel P. Berrange.

2011-07-21  Eric Blake  <eblake@redhat.com>

	build: fix bugs with destroyFlags patches
	Build failure on xenapi_driver from compiler warnings (flags was unused).

	Build failure on xen (incorrect number of arguments).  And in fixing
	that, I obeyed the comments of struct xenUnifiedDriver that state
	that we want to minimize the number of callback functions in that
	struct, not add to it.

	* src/xen/xen_driver.c (xenUnifiedDomainDestroyFlags): Use correct
	arguments.
	(xenUnifiedDomainDestroy): Simplify.
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove unused callback.
	* src/xen/xen_hypervisor.c (xenHypervisorDestroyDomain): Likewise.
	* src/xen/xend_internal.c (xenDaemonDomainDestroy): Likewise.
	* src/xen/xend_internal.h (xenDaemonDomainDestroyFlags): Likewise.
	* src/xen/xm_internal.c (xenXMDriver): Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDestroyFlags): Reject
	unknown flags.

2011-07-21  Michal Privoznik  <mprivozn@redhat.com>

	remote: Fix forgotten comma
	during conflict resolving

2011-07-21  Laine Stump  <laine@laine.org>

	network: internal API functions to manage assignment of physdev to guest
	The network driver needs to assign physical devices for use by modes
	that use macvtap, keeping track of which physical devices are in use
	(and how many instances, when the devices can be shared). Three calls
	are added:

	networkAllocateActualDevice - finds a physical device for use by the
	domain, and sets up the virDomainActualNetDef accordingly.

	networkNotifyActualDevice - assumes that the domain was already
	running, but libvirtd was restarted, and needs to be notified by each
	already-running domain about what interfaces they are using.

	networkReleaseActualDevice - decrements the usage count of the
	allocated physical device, and frees the virDomainActualNetDef to
	avoid later accidentally using the device.

	bridge_driver.[hc] - the new APIs. When WITH_NETWORK is false, these
	functions are all #defined to be "0" in the .h file (effectively
	becoming a NOP) to prevent link errors.

	qemu_(command|driver|hotplug|process).c - add calls to the above APIs
	    in the appropriate places.

	tests/Makefile.am - we need to include libvirt_driver_network.la
	    whenever libvirt_driver_qemu.la is linked, to avoid unreferenced
	    symbols (in functions that are never called by the test
	    programs...)

2011-07-21  Laine Stump  <laine@laine.org>

	qemu: use virDomainNetGetActual*() in qemuDomainXMLToNative
	This is the one function outside of domain_conf.c that plays around
	with (even modifying) the internals of the virDomainNetDef, and thus
	can't be fixed up simply by replacing direct accesses to the fields of
	the struct with the GetActual*() access functions.

	In this case, we need to check if the defined type is "network", and
	if it is *then* check the actual type; if the actual type is "bridge",
	then we can at least put the bridgename in a place where it can be
	used; otherwise (if type isn't "bridge"), we behave exactly as we used
	to - just null out *everything*.

2011-07-21  Laine Stump  <laine@laine.org>

	qemu: use virDomainNetGetActual*() functions where appropriate
	The qemu driver accesses fields in the virDomainNetDef directly, but
	with the advent of the virDomainActualNetDef, some pieces of
	information may be found in a different place (the ActualNetDef) if
	the network connection is of type='network' and that network is of
	forward type='bridge|private|vepa|passthrough'. The previous patch
	added functions to mask this difference from callers - they hide the
	decision making process and just pick the value from the proper place.

	This patch uses those functions in the qemu driver as a first step in
	making qemu work with the new network types. At this point, the
	virDomainActualNetDef is guaranteed always NULL, so the GetActualX()
	function will return exactly what the def->X that's being replaced
	would have returned (ie bisecting is not compromised).

	There is one place (in qemu_driver.c) where the internal details of
	the NetDef are directly manipulated by the code, so the GetActual
	functions cannot be used there without extra additional code; that
	file will be treated in a separate patch.

2011-07-21  Laine Stump  <laine@laine.org>

	network: separate Start/Shutdown functions for new network types
	Previously all networks were composed of bridge devices created and
	managed by libvirt, and the same operations needed to be done for all
	of them when they were started and stopped (create and start the
	bridge device, configure its MAC address and IP address, add iptables
	rules). The new network types are (for now at least) managed outside
	of libvirt, and the network object is used only to contain information
	about the network, which is then used as each individual guest
	connects itself.

	This means that when starting/stopping one of these new networks, we
	really want to do nothing, aside from marking the network as
	active/inactive.

	This has been setup as toplevel Start/Shutdown functions that do the
	small bit of common stuff, then have a switch statement to execute
	network type-specific start/shutdown code, then do a bit more common
	code. The type-specific functions called for the new host bridge and
	macvtap based types are currently empty.

	In the future these functions may actually do something, and we will
	surely add more functions that are similarly patterned. Once
	everything has settled, we can make a table of "sub-driver" function
	pointers for each network type, and store a pointer to that table in
	the network object, then we can replace the switch statements with
	calls to functions in the table.

	The final step in this will be to add a new table (and corresponding
	new functions) for new network types as they are added.

2011-07-21  Laine Stump  <laine@laine.org>

	conf: support abstracted interface info in network XML
	The network XML is updated in the following ways:

	1) The <forward> element can now contain a list of forward interfaces:

	     <forward .... >
	       <interface dev='eth10'/>
	       <interface dev='eth11'/>
	       <interface dev='eth12'/>
	       <interface dev='eth13'/>
	     </forward>

	   The first of these takes the place of the dev attribute that is
	   normally in <forward> - when defining a network you can specify
	   either one, and on output both will be present. If you specify
	   both on input, they must match.

	2) In addition to forward modes of 'nat' and 'route', these new modes
	   are supported:

	     private, passthrough, vepa - when this network is referenced by a
	     domain's interface, it will have the same effect as if the
	     interface had been defined as type='direct', e.g.:

	        <interface type='direct'>
	          <source mode='${mode}' dev='${dev}>
	          ...
	        </interface>

	     where ${mode} is one of the three new modes, and ${dev} is an interface
	     selected from the list given in <forward>.

	     bridge - if a <forward> dev (or multiple devs) is defined, and
	     forward mode is 'bridge' this is just like the modes 'private',
	     'passthrough', and 'vepa' above. If there is no forward dev
	     specified but a bridge name is given (e.g. "<bridge
	     name='br0'/>"), then guest interfaces using this network will use
	     libvirt's "host bridge" mode, equivalent to this:

	       <interface type='bridge'>
	          <source bridge='${bridge-name}'/>
	          ...
	       </interface>

	3) A network can have multiple <portgroup> elements, which may be
	   selected by the guest interface definition (by adding
	   "portgroup='${name}'" in the <source> element along with the
	   network name). Currently a portgroup can only contain a
	   virtportprofile, but the intent is that other configuration items
	   may be put there int the future (e.g. bandwidth config). When
	   building a guest's interface, if the <interface> XML itself has no
	   virtportprofile, and if the requested network has a portgroup with
	   a name matching the name given in the <interface> (or if one of the
	   network's portgroups is marked with the "default='yes'" attribute),
	   the virtportprofile from that portgroup will be used by the
	   interface.

	4) A network can have a virtportprofile defined at the top level,
	   which will be used by a guest interface when connecting in one of
	   the 'direct' modes if the guest interface XML itself hasn't
	   specified any virtportprofile, and if there are also no matching
	   portgroups on the network.

2011-07-21  Laine Stump  <laine@laine.org>

	conf: support abstracted interface info in domain interface XML
	the domain XML <interface> element is updated in the following ways:

	1) <virtualportprofile> can be specified when source type='network'
	(previously it was only valid for source type='direct')

	2) A new attribute "portgroup" has been added to the <source>
	element. When source type='network' (the only time portgroup is
	recognized), extra configuration information will be taken from the
	<portgroup> element of the given name in the network definition.

	3) Each virDomainNetDef now also potentially has a
	virDomainActualNetDef which is a private object (never
	exported/imported via the public API, and not defined in the RNG) that
	is used to maintain information about the physical device that was
	actually used for a NetDef of type VIR_DOMAIN_NET_TYPE_NETWORK.

	The virDomainActualNetDef will only be parsed/formatted if the
	parse/format function is called with the
	VIR_DOMAIN_XML_INTERNAL_ACTUAL_NET flag set (which is only needed when
	saving/loading a running domain's state info to the stateDir).

2011-07-21  Laine Stump  <laine@laine.org>

	conf: virDomainNetDef points to (rather than contains) virtPortProfile
	The virtPortProfile in the domain interface struct is now a separately
	allocated object *pointed to by* (rather than contained in) the main
	virDomainNetDef object. This is done to make it easier to figure out
	when a virtualPortProfile has/hasn't been specified in a particular
	config.

	conf: put virtPortProfile struct / functions in a common location
	virtPortProfiles are currently only used in the domain XML, but will
	soon also be used in the network XML. To prepare for that change, this
	patch moves the structure definition into util/network.h and the parse
	and format functions into util/network.c (I decided that this was a
	better choice than macvtap.h/c for something that needed to always be
	available on all platforms).

	util: define MAX
	If util.h is going to have a MIN, it may as well also have MAX.

2011-07-21  Michal Privoznik  <mprivozn@redhat.com>

	destroy: Implement internal API for xenapi driver

	destroy: Implement internal API for xen driver

	destroy: Implement internal API for vmware driver

	destroy: Implement internal API for vbox driver

	destroy: Implement internal API for uml driver

	destroy: Implement internal API for phyp driver

	destroy: Implement internal API for openvz driver

	destroy: Implement internal API for lxc driver

	destroy: Implement internal API for libxl driver

	destroy: Implement internal API for ESX driver

	destroy: Implement internal API for qemu driver

	destroy: Wire up the remote protocol

2011-07-21  Michal Privoznik  <mprivozn@redhat.com>

	destroy: Define new public API virDomainDestroyFlags
	This introduces new API virDomainDestroyFlags to allow
	domain destroying with flags, as the existing API virDomainDestroy
	misses flags.

	The set of flags is defined in virDomainDestroyFlagsValues enum,
	which is currently commented, because it is empty.

	Calling this API with no flags set (@flags == 0) is equivalent calling
	virDomainDestroy.

2011-07-21  Eric Blake  <eblake@redhat.com>

	save: wire up remote protocol
	* src/remote/remote_driver.c (remote_driver): Add new callbacks.
	* src/remote/remote_protocol.x (remote_procedure): New RPCs.
	(remote_domain_save_flags_args, remote_domain_restore_flags_args):
	New structs.
	* src/remote_protocol-structs: Update.

2011-07-21  Eric Blake  <eblake@redhat.com>

	save: new public API to bypass file system cache on save/restore
	In order to choose whether to use O_DIRECT when saving a domain image
	to a file, we need a new flag.  But virDomainSave was implemented
	before our policy of all new APIs having a flag argument.  Likewise
	for virDomainRestore when restoring from a file.

	The new flag name is chosen as CACHE_BYPASS so as not to preclude
	a future solution that uses posix_fadvise once the Linux kernel has
	a smarter implementation of that interface.

	* include/libvirt/libvirt.h.in (virDomainCreateFlags)
	(virDomainCoreDumpFlags): Add a flag.
	(virDomainSaveFlags, virDomainRestoreFlags): New prototypes.
	* src/libvirt.c (virDomainSaveFlags, virDomainRestoreFlags): New API.
	* src/libvirt_public.syms: Export them.
	* src/driver.h (virDrvDomainSaveFlags, virDrvDomainRestoreFlags):
	New driver callbacks.

2011-07-21  Eric Blake  <eblake@redhat.com>

	qemu: fix error message with migrate2 xml
	Otherwise, an ABI mismatch gives error messages attributing the target
	xml string as current, and the current domain state as the new xml.

	* src/qemu/qemu_migration.c (qemuMigrationBegin): Use correct
	argument order.

2011-07-21  Eric Blake  <eblake@redhat.com>

	build: rename files.h to virfile.h
	In preparation for a future patch adding new virFile APIs.

	* src/util/files.h, src/util/files.c: Move...
	* src/util/virfile.h, src/util/virfile.c: ...here, and rename
	functions to virFile prefix.  Macro names are intentionally
	left alone.
	* *.c: All '#include "files.h"' uses changed.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
	* src/libvirt_private.syms: Likewise.
	* docs/hacking.html.in: Likewise.
	* HACKING: Regenerate.

2011-07-21  Eric Blake  <eblake@redhat.com>

	command: avoid leaking fds across fork
	Since libvirt is multi-threaded, we should use FD_CLOEXEC as much
	as possible in the parent, and only relax fds to inherited after
	forking, to avoid leaking an fd created in one thread to a fork
	run in another thread.  This gets us closer to that ideal, by
	making virCommand automatically clear FD_CLOEXEC on fds intended
	for the child, as well as avoiding a window of time with non-cloexec
	pipes created for capturing output.

	* src/util/command.c (virExecWithHook): Use CLOEXEC in parent.  In
	child, guarantee that all fds to pass to child are inheritable.
	(getDevNull): Use CLOEXEC.
	(prepareStdFd): New helper function.
	(virCommandRun, virCommandRequireHandshake): Use pipe2.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Simplify caller.

2011-07-21  Eric Blake  <eblake@redhat.com>

	command: move all docs into .c file
	We already have a precedent of function documentation in C files,
	where it is closer to the implementation (witness libvirt.h vs.
	libvirt.c); maintaining docs in both files risks docs going stale.

	While I was at it, I used consistent doxygen style on all comments.

	* src/util/command.h: Remove duplicate docs, and move unique
	documentation...
	* src/util/command.c: ...here.
	Suggested by Matthias Bolte.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Make the dispatch generator handle 'void name(void)' style procedures
	The only 'void name(void)' style procedure in the protocol is 'close' that
	is handled special, but also programming errors like a missing _args or
	_ret suffix on the structs in the .x files can create such a situation by
	accident. Making the generator aware of this avoids bogus errors from the
	generator such as:

	  Use of uninitialized value in exists at ./rpc/gendispatch.pl line 967.

	Also this allows to get rid of the -c option and the special case code for
	the 'close' procedure, as the generator handles it now correctly.

	Reported by Michal Privoznik

2011-07-21  Eric Blake  <eblake@redhat.com>

	error: preserve errno when saving last error
	It is common to see the sequence:

	virErrorPtr save_err = virSaveLastError();
	// do cleanup
	virSetError(save_err);
	virFreeError(save_err);

	on cleanup paths.  But for functions where it is desirable to
	return the errno that caused failure, this sequence can clobber
	that errno.  virFreeError was already safe; this makes the other
	two functions in the sequence safe as well, assuming all goes
	well (on OOM, errno will be clobbered, but then again, save_err
	won't reflect the real error that happened, so you are no longer
	preserving the real situation - that's life with OOM).

	* src/util/virterror.c (virSaveLastError, virSetError): Preserve
	errno.

2011-07-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix makefile rule for code generation
	Commit 8665f85523f0451c changed generated.stamp to $(GENERATE).stamp,
	but missed one instance in the CLEANFILES list. This can break the
	build in case the generated code is deleted but the .stamp file stays
	around and therefore the code isn't regenerated.

2011-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable in QEMU CPU bandwidth code
	* src/qemu/qemu_driver.c: Fix uninitialized variable

2011-07-21  Wen Congyang  <wency@cn.fujitsu.com>

	fix make syntax-check error

	doc: Add documentation for new cputune elements period and quota
	We have added element period and quota. Document them in formatdomain.html.in.

	qemu: Implement cfs_period and cfs_quota's modification
	This patch implements cfs_period and cfs_quota's modification.
	We can use the command 'virsh schedinfo' to query or modify cfs_period and
	cfs_quota.
	If you query period or quota from config file, the value 0 means it does not set
	in the config file.
	If you set period or quota to config file, the value 0 means that delete current
	setting from config file.
	If you modify period or quota while vm is running, the value 0 means that use
	current value.

	qemu: Implement period and quota tunable XML configuration and parsing
	This patch implements period and quota tunable XML configuration and parsing.
	A quota or period of zero will be simply ignored.

	Update XML Schema for new entries
	Define the element cputune's child elements 'period' and 'quota':
	<cputune>
	  <period>100000</period>
	  <quota>50000</quota>
	</cputune>

	cgroup: Implement cpu.cfs_period_us and cpu.cfs_quota_us tuning API
	This patch provides 4 APIs to get and set cpu.cfs_period_us and cpu.cfs_quota_us.

	Introduce the function virCgroupForVcpu
	Introduce the function virCgroupForVcpu() to create sub directory for each vcpu.

2011-07-21  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu: send-key: Implement the driver methods
	qemu driver just accept xt_kbd codeset's keycode, so the lib virtkey
	is used for translating keycodes from other codesets

	send-key: Expose the new API in virsh
	Also support string names for the linux keycode(auto detect)
	* tools/virsh.c: add new command "send-key"
	* tools/virsh.pod: documents the new command

2011-07-21  Lai Jiangshan  <laijs@cn.fujitsu.com>

	util: add virtkeycode module
	Add virtkey lib for usage-improvment and keycode translating.
	Add 4 internal API for the aim

	const char *virKeycodeSetTypeToString(int codeset);
	int virKeycodeSetTypeFromString(const char *name);
	int virKeycodeValueFromString(virKeycodeSet codeset, const char *keyname);
	int virKeycodeValueTranslate(virKeycodeSet from_codeset,
	                             virKeycodeSet to_offset,
	                             int key_value);

	* include/libvirt/libvirt.h.in: extend virKeycodeSet enum
	* src/Makefile.am: add new virtkeycode module and rule to generate
	  virkeymaps.h
	* src/util/virkeycode.c src/util/virkeycode.h: new module
	* src/util/virkeycode-mapgen.py: python generator for virkeymaps.h
	  out of keymaps.csv
	* src/libvirt_private.syms: extend private symbols for new module
	* .gitignore: add generated virkeymaps.h

2011-07-21  Lai Jiangshan  <laijs@cn.fujitsu.com>

	util: Add keymaps.csv
	Should keep it as the same as:
	http://git.gnome.org/browse/gtk-vnc/commit/src/keymaps.csv

	All master  keymaps are defined in a CSV file. THis covers
	Linux keycodes, OSX keycodes, AT set1, 2 & 3, XT keycodes,
	the XT encoding used by the Linux KBD driver, USB keycodes,
	Win32 keycodes, the XT encoding used by Xorg on Cygwin,
	the XT encoding used by Xorg on Linux with kbd driver.

	* src/Makefile.am: added to EXTRA_DIST
	* src/util/keymaps.csv: new file

2011-07-21  Eric Blake  <eblake@redhat.com>

	maint: fix typos on guaranteed
	* src/conf/domain_event.c (virDomainEventDispatch): Fix typo.
	* src/internal.h (ATTRIBUTE_FMT_PRINTF): Likewise.
	* src/libvirt.c (virStreamEventUpdateCallback): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.
	* src/util/virterror.c (virConnCopyLastError, virCopyLastError):
	Likewise.
	* src/xen/xend_internal.h (xend_wait_for_devices): Likewise.

2011-07-20  Cole Robinson  <crobinso@redhat.com>

	rpc: Pass through DISPLAY so ssh can launch askpass
	Though we prefer users to have SSH keys setup, virt-manager users still
	depend on remote SSH connections to launch a password dialog. This fixes
	launch ssh-askpass

	Fix suggested by danpb

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	sysinfo: Don't try to run dmidecode on archs missing it
	DMI table is Intel & Intel-compatible specific. Therefore other
	architectures miss dmidecode command. So we always fail in searching
	for that command on non-Intel architectures.

2011-07-20  Guannan Ren  <gren@redhat.com>

	Don't try to close a NULL virNetClientPtr
	* src/rpc/virnetclient.c: Skip close attempt if virNetClientPtr
	  is NULL

2011-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Honour key usage/purpose criticality flag
	If a key purpose or usage field is marked as non-critical in the
	certificate, then a data mismatch is not (ordinarily) a cause for
	rejecting the connection

	* src/rpc/virnettlscontext.c: Honour key usage/purpose criticality

2011-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix checking of key usage/purpose data
	If key usage or purpose data is not present in the cert, the
	RFC recommends that access be allowed. Also fix checking of
	key usage to include requirements for client/server certs,
	and fix key purpose checking to treat data as a list of bits

	Fix mixed up error messages when reporting TLS certificate problems
	* src/rpc/virnettlscontext.c: Fix mixed up error messages

2011-07-20  Michal Privoznik  <mprivozn@redhat.com>

	udev: Don't try to dump DMI on non-intel archs
	DMI is Intel & Intel-compatible specific. Don't try to dump information
	on non-compatible architectures, which results only in error message in
	logs.

2011-07-20  Eric Blake  <eblake@redhat.com>

	build: fix broken build
	* src/libxl/libxl_driver.c (libxlDomainUndefineFlags): Use correct
	enum value.
	* src/remote_protocol-structs (remote_procedure): Likewise.

2011-07-20  Osier Yang  <jyang@redhat.com>

	undefine: Extend virsh undefine to support the new flag
	If the domain has managed save image, and --managed-save is
	not specified, then it fails with an error telling the user
	that a managed save image still exists.

	If the domain has managed save image, and --managed-save is
	specified, it invokes virDomainUndefineFlags. If
	virDomainUndefineFlags fails, then it tries to remove the managed
	save image using virDomainManagedSaveRemove first, with
	invoking virDomainUndefine following. (For compatibility between
	new virsh with this patch and older libvirt without this patch).

	Similarly if the domain has no managed save image. See the codes for
	detail.

	NOTE: Have not removing the codes checking if the domain is running
	in function "cmdUndefine", it will go along with qemu driver's fix
	(allow to undefine a running domain).

2011-07-20  Osier Yang  <jyang@redhat.com>

	undefine: Implement undefineFlags for all other drivers

	undefine: Implement internal API for libxl driver
	* src/libxl/libxl_driver.c: New callback for libxl_driver,
	new function libxlDomainUndefineFlags, and changes libxlDomainUndefine
	as a wrapper of libxlDomainUndefineFlags.

	undefine: Implement internal API for qemu driver
	* src/qemu/qemu_driver.c: New call back for qemu_driver,
	New function qemudDomainUndefineFlags, and changes on
	qemudDomainUndefine.

	undefine: Wire up the remote protocol

2011-07-20  Osier Yang  <jyang@redhat.com>

	undefine: Define the new API
	This introduces a new API virDomainUndefineFlags to control the
	domain undefine process, as the existing API virDomainUndefine
	doesn't support flags.

	Currently only flag VIR_DOMAIN_UNDEFINE_MANAGED_SAVE is supported.
	If the domain has a managed save image, including
	VIR_DOMAIN_UNDEFINE_MANAGED_SAVE in @flags will also remove that
	file, and omitting the flag will cause undefine process to fail.

	This patch also changes the behavior of virDomainUndefine, if the
	domain has a managed save image, the undefine will be refused.

2011-07-19  Eric Blake  <eblake@redhat.com>

	maint: fix spelling of Red Hat
	* cfg.mk (sc_copyright_format): Add to rule.
	* src/util/files.h: Fix offenders.
	* src/util/files.c: Likewise.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add sanity checking of basic constraints, key purpose & key usage
	Gnutls requires that certificates have basic constraints present
	to be used as a CA certificate. OpenSSL doesn't add this data
	by default, so add a sanity check to catch this situation. Also
	validate that the key usage and key purpose constraints contain
	correct data

	* src/rpc/virnettlscontext.c: Add sanity checking of certificate
	  constraints

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add some basic sanity checking of certificates before use
	If the libvirt daemon or libvirt client is configured with bogus
	certificates, it is very unhelpful to only find out about this
	when a TLS connection is actually attempted. Not least because
	the error messages you get back for failures are incredibly
	obscure.

	This adds some basic sanity checking of certificates at the
	time the virNetTLSContext object is created. This is at libvirt
	startup, or when creating a virNetClient instance.

	This checks that the certificate expiry/start dates are valid
	and that the certificate is actually signed by the CA that is
	loaded.

	* src/rpc/virnettlscontext.c: Add certificate sanity checks

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix reporting of errors for p2p migration
	Starting/ending jobs when closing the connection may reset any
	error which was reported earlier in p2p migration. We must
	save the original error before doing so. This means we can also
	just call virConnectClose as normal, instead of virUnrefConnect

	* src/qemu/qemu_migration.c: Preserve errors in p2p migration

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add an explicit virNetClientClose method
	Since the I/O callback registered against virNetSocket will
	hold a reference on the virNetClient, we can't rely on the
	virNetClientFree to be able to close the network connection.
	The last reference will only go away when the event callback
	fires (likely due to EOF from the server).

	This is sub-optimal and can potentially cause a leak of the
	virNetClient object if the server were to not explicitly
	close the socket itself

	* src/remote/remote_driver.c: Explicitly close the client
	  object when disconnecting
	* src/rpc/virnetclient.c, src/rpc/virnetclient.h: Add a
	  virNetClientClose method

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Use a virFreeCallback on virNetSocket to ensure safe release
	When unregistering an I/O callback from a virNetSocket object,
	there is still a chance that an event may come in on the callback.
	In this case it is possible that the virNetSocket might have been
	freed already. Make use of a virFreeCallback when registering
	the I/O callbacks and hold a reference for the entire time the
	callback is set.

	* src/rpc/virnetsocket.c: Register a free function for the
	  file handle watch
	* src/rpc/virnetsocket.h, src/rpc/virnetserverservice.c,
	  src/rpc/virnetserverclient.c, src/rpc/virnetclient.c: Add
	  a free function for the socket I/O watches

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add mutex locking and reference counting to virNetSocket
	Remove the need for a virNetSocket object to be protected by
	locks from the object using it, by introducing its own native
	locking and reference counting

	* src/rpc/virnetsocket.c: Add locking & reference counting

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add some debugging for virNetClient reference counting
	* src/rpc/virnetclient.c: Add debugging of ref counts

2011-07-19  Eric Blake  <eblake@redhat.com>

	build: detect doc generation failure
	Commit 8665f85 introduced a slight regression in doc generation,
	since make only quits a rule on the first failed command ending
	with a newline rather than a semicolon.

	* docs/Makefile.am (html/index.html): Don't use xmllint unless
	xsltproc succeeded.
	* .gitignore: Ignore recently updated stamp file name.

2011-07-19  Alex Jia  <ajia@redhat.com>

	util: avoid fds leak when virEventPollAddHandle fail
	* src/util/event_poll.c: avoid file descriptors leak when
	  virEventPollAddHandle fail on virEventPollInit function.

2011-07-19  Eric Blake  <eblake@redhat.com>

	Revert "virsh: make migrate --tunnelled imply --p2p"
	This reverts commit 40143fb697c3cb042197632c0286e7dadf40afd4.

	The patch prevents future compatibility if migration ever learns
	how to do tunnelled without p2p.

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Unregister event callback if a fatal error occurs during dispatch
	If we get an I/O error in the async event callback for an RPC
	client, we might not have consumed all pending data off the
	wire. This could result in the callback being immediately
	invoked again. At which point the same I/O might occur. And
	we're invoked again. And again...And again...

	Unregistering the async event callback if an error occurs is
	a good safety net. The real error will be seen when the next
	RPC method is invoked

	* src/rpc/virnetclient.c: Unregister event callback on error

2011-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Quieten build & ensure API build scripts exit with non-zero status
	The current API build scripts will continue and exit with a zero
	status even if they find problems. This has been the cause of many
	build problems, or hidden build errors, in the past. Change the
	scripts so they always exit with a non-zero status for any problems
	they do not understand. Also turn off all debug output by default
	so they respect $(AM_V_GEN)

	* docs/Makefile.am: Use $(AM_V_GEN) for API/HTML scripts
	* docs/apibuild.py, python/generator.py: Exit with non-zero status
	  if problems are found. Also be silent, not outputting any debug
	  messages.
	* src/Makefile.am: Use $(AM_V_GEN) for ESX generator
	* python/Makefile.am: Tweak rule

2011-07-19  Osier Yang  <jyang@redhat.com>

	tests: Fix virshtest failure after dominfo changed
	Caused by the new changed "dominfo" command.

	virsh: Extend virsh dominfo to display if managed save image exists
	* tools/virsh.c: new column "Managed save" for "cmdDominfo".
	* tools/virsh.pod: Update document of "managedsave" to tell one can
	  use "dominfo" to query whether a domain has any managed save image.

	doc: Correct documents for iface commands
	The problems:
	    * Duplicate documents for "iface-name"
	    * Lacks of document for "iface-mac"
	    * Inconsistent option names with virsh help strings.

2011-07-18  Eric Blake  <eblake@redhat.com>

	virsh: make migrate --tunnelled imply --p2p
	We can make the virsh migrate UI friendlier by supplying the
	missing bit automatically instead of erroring out when requesting
	--tunnelled without --p2p.

	* tools/virsh.c (doMigrate): Make --p2p optional when using
	--tunnelled.
	* tools/virsh.pod (migrate): Tweak wording accordingly.

2011-07-18  Eric Blake  <eblake@redhat.com>

	libvirt: do not mix internal flags into public API
	There were two API in driver.c that were silently masking flags
	bits prior to calling out to the drivers, and several others
	that were explicitly masking flags bits.  This is not
	forward-compatible - if we ever have that many flags in the
	future, then talking to an old server that masks out the
	flags would be indistinguishable from talking to a new server
	that can honor the flag.  In general, libvirt.c should forward
	_all_ flags on to drivers, and only the drivers should reject
	unknown flags.

	In the case of virDrvSecretGetValue, the solution is to separate
	the internal driver callback function to have two parameters
	instead of one, with only one parameter affected by the public
	API.  In the case of virDomainGetXMLDesc, it turns out that
	no one was ever mixing VIR_DOMAIN_XML_INTERNAL_STATUS with
	the dumpxml path in the first place; that internal flag was
	only used in saving and restoring state files, which happened
	to be in functions internal to a single file, so there is no
	mixing of the internal flag with a public flags argument.
	Additionally, virDomainMemoryStats passed a flags argument
	over RPC, but not to the driver.

	* src/driver.h (VIR_DOMAIN_XML_FLAGS_MASK)
	(VIR_SECRET_GET_VALUE_FLAGS_MASK): Delete.
	(virDrvSecretGetValue): Separate out internal flags.
	(virDrvDomainMemoryStats): Provide missing flags argument.
	* src/driver.c (verify): Drop unused check.
	* src/conf/domain_conf.h (virDomainObjParseFile): Delete
	declaration.
	(virDomainXMLInternalFlags): Move...
	* src/conf/domain_conf.c: ...here.  Delete redundant include.
	(virDomainObjParseFile): Make static.
	* src/libvirt.c (virDomainGetXMLDesc, virSecretGetValue): Update
	clients.
	(virDomainMemoryPeek, virInterfaceGetXMLDesc)
	(virDomainMemoryStats, virDomainBlockPeek, virNetworkGetXMLDesc)
	(virStoragePoolGetXMLDesc, virStorageVolGetXMLDesc)
	(virNodeNumOfDevices, virNodeListDevices, virNWFilterGetXMLDesc):
	Don't mask unknown flags.
	* src/interface/netcf_driver.c (interfaceGetXMLDesc): Reject
	unknown flags.
	* src/secret/secret_driver.c (secretGetValue): Update clients.
	* src/remote/remote_driver.c (remoteSecretGetValue)
	(remoteDomainMemoryStats): Likewise.
	* src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryStats): Likewise.
	* daemon/remote.c (remoteDispatchDomainMemoryStats): Likewise.

2011-07-18  Alex Jia  <ajia@redhat.com>

	virsh: avoid double free of domain
	* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
	  less than 0, codes will free domain and jump to cleanup section, however,
	  cleanup will free domain again.

	Detected in valgrind run:

	==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
	==21297==
	==21297== 1 errors in context 1 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==
	==21297==
	==21297== 1 errors in context 2 of 20:
	==21297== Invalid read of size 4
	==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
	==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)
	==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
	==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
	==21297==    by 0x406814D: virFree (memory.c:310)
	==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
	==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
	==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
	==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
	==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
	==21297==    by 0x806B967: main (virsh.c:14487)

	* how to reproduce?
	  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

2011-07-18  Eric Blake  <eblake@redhat.com>

	docs: improve virsh man page synopses
	"optional" is not a very good meta-syntactic construct in our man
	page.  I scrubbed this, and additionally improved some documentation
	on mutually exclusive options.  For example,

	[[--live] [--config] | [--current]]

	implies a set of optional flags, where within the set you can have
	either --current or a choice of 0, 1, or both --live and --config.

	* tools/virsh.pod: Use "[name]" rather than "optional name" for
	optional arguments.

2011-07-18  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix protocol-structs check in VPATH build
	$@ already included $(srcdir)

2011-07-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix now dead cleanup of VMs on libvirtd restart
	When libvirtd restarts it will attempt to reconnect to existing
	LXC containers. If it loads a XML state file for the container
	the container will appear running. If we fail to read the PID
	file, or fail to connect to the LXC monitor, we should be killing
	off the guest, but if the VMs cgroup does not exist any more,
	cleanup will get skipped. Reading the PID file is also pointless
	since the PID is in the XML statefile

	In lxcReconnectVM we do not need to read the PID file. If part
	of the reconnect process fails we need to run the VM terminate
	code as a safety net.

	In lxcVMTerminate, if we can't obtain the VM cgroup, we know
	the process has died, but we must still run lxcVMCleanup to
	clear out the virDomainObjPtr live state

	* src/lxc/lxc_driver.c: Fix cleanup of dead VMs on restart

2011-07-18  Michal Privoznik  <mprivozn@redhat.com>

	docs: Fix spice documentation typo
	We missed ending tag for paragraph element

2011-07-17  Osier Yang  <jyang@redhat.com>

	rpc: Fix typos in rpc generator scripts
	These typos are introduced by file renaming in commit b17b4afaf.

	src/remote/qemu_protocol.x \
	src/remote/remote_protocol.x \
	src/rpc/gendispatch.pl:
	    s/remote_generator/gendispatch/

	src/rpc/genprotocol.pl:
	    s/remote\/remote_protocol/remote_protocol/

2011-07-16  Osier Yang  <jyang@redhat.com>

	qemu: Fix a regression of attaching device
	The regression is introduced by Commit da1eba6b, the new
	codes with this commit doesn't reset "ret" to "-1" when
	it fails on parsing the device XML (live device attachment)

	This patch changes the codes to reset the "ret" and "-1",
	and also changes the codes so that it don't modify "ret"
	for condition checking.

	How to reproduce:

	% cat test.xml
	<disk type='oops' device='disk'>
	  <driver name='qemu' type='raw'/>
	  <source file='/var/lib/libvirt/images/test.img'/>
	  <target dev='vda' bus='virtio'/>
	</disk>

	% virsh attach-device $domain test.xml
	Device attached successfully

	The device attachment failed actually with error "unknown disk type 'oops'",
	however, it reports success.

2011-07-16  Eric Blake  <eblake@redhat.com>

	build: also track RPC on-wire enum values
	As long as we guarantee RPC struct layout stability, we might as
	well also guarantee RPC enum value constancy.

	* src/Makefile.am (r1, r2, PDWTAGS): Adjust rule to pick up named
	and anonymous enums.
	* src/remote_protocol-structs: Add enum values.
	* src/qemu_protocol-structs: Likewise.
	* src/virnetprotocol-structs: Likewise.

2011-07-16  Eric Blake  <eblake@redhat.com>

	docs: document dxml argument to migrate2
	Commit 135554166 introduced a nice feature without documenting it.

	* src/libvirt.c (virDomainMigrate2): Add paragraph.

2011-07-16  Eric Blake  <eblake@redhat.com>

	build: add syntax check for proper flags use
	Enforce the recent flags cleanups - we want to use 'unsigned int flags'
	in any of our APIs (except where backwards compatibility is important,
	in the public migration APIs), and that all flags are checked for
	validity (except when there are stub functions that completely
	ignore the flags argument).

	There are a few minor tweaks done here to avoid false positives:
	signed arguments passed to open() are renamed oflags, and flags
	arguments that are legitimately ignored are renamed flags_unused.

	* cfg.mk (sc_flags_usage): New rule.
	(exclude_file_name_regexp--sc_flags_usage): And a few exemptions.
	(sc_flags_debug): Tweak wording.
	* src/util/iohelper.c (runIO, main): Rename variable.
	* src/util/util.c (virSetInherit): Likewise.
	* src/fdstream.h (virFDStreamOpenFile, virFDStreamCreateFile):
	Likewise.
	* src/fdstream.c (virFDStreamOpenFileInternal)
	(virFDStreamOpenFile, virFDStreamCreateFile): Likewise.
	* src/util/command.c (virExecWithHook) [WIN32]: Likewise.
	* src/util/util.c (virFileOpenAs, virDirCreate) [WIN32]: Likewise.
	* src/locking/lock_manager.c (virLockManagerPluginNew)
	[!HAVE_DLFCN_H]: Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopNew)
	(virLockManagerNopAddResource, virLockManagerNopAcquire)
	(virLockManagerNopRelease, virLockManagerNopInquire): Likewise.

2011-07-16  Eric Blake  <eblake@redhat.com>

	xen: reject unknown flags
	Also fix a logic bug in xenXMDomain{Attach,Detach}DeviceFlags,
	where (flags & VIR_DOMAIN_DEVICE_MODIFY_CURRENT) is always false.

	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative)
	(xenUnifiedDomainXMLToNative, xenUnifiedDomainBlockPeek): Reject
	unknown flags.
	* src/xen/xen_hypervisor.c (xenHypervisorOpen)
	(xenHypervisorGetDomainState): Likewise.
	* src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
	* src/xen/xs_internal.c (xenStoreOpen, xenStoreDomainGetState)
	(xenStoreDomainReboot): Likewise.
	* src/xen/xend_internal.c (xenDaemonOpen, xenDaemonDomainReboot)
	(xenDaemonDomainCoreDump, xenDaemonDomainGetState)
	(xenDaemonDomainMigratePrepare, xenDaemonDomainSetVcpusFlags,
	xenDaemonDomainGetVcpusFlags, xenDaemonAttachDeviceFlags,
	xenDaemonDetachDeviceFlags): Likewise.
	(xenDaemonDomainGetXMLDesc): Prefer unsigned flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.h (xenXMDomainGetXMLDesc): Likewise.
	* src/xen/xm_internal.c (xenXMDomainGetXMLDesc): Likewise.
	(xenXMOpen, xenXMDomainGetState, xenXMDomainSetVcpusFlags)
	(xenXMDomainGetVcpusFlags): Reject unknown flags.
	(xenXMDomainAttachDeviceFlags, xenXMDomainDetachDeviceFlags):
	Likewise, and avoid always-false conditional.
	* src/xen/xen_driver.h (XEN_MIGRATION_FLAGS): New define.

2011-07-16  Eric Blake  <eblake@redhat.com>

	esx: reject unknown flags
	Silently ignored flags get in the way of new features that
	use those flags.

	Regarding ESX migration flags - right now, ESX silently enforces
	VIR_MIGRATE_PERSIST_DEST, VIR_MIGRATE_UNDEFINE_SOURCE, and
	VIR_MIGRATE_LIVE, even if those flags were not supplied; it ignored
	other flags.  This patch does not change the implied bits (it permits
	but does not require them), but enforces only the supported bits.
	If further cleanup is needed to be more particular about migration
	flags, that should be a separate patch.

	* src/esx/esx_device_monitor.c (esxDeviceOpen): Reject unknown
	flags.
	* src/esx/esx_driver.c (esxOpen, esxDomainReboot)
	(esxDomainXMLFromNative, esxDomainXMLToNative)
	(esxDomainMigratePrepare, esxDomainMigratePerform)
	(esxDomainMigrateFinish): Likewise.
	* src/esx/esx_interface_driver.c (esxInterfaceOpen): Likewise.
	* src/esx/esx_network_driver.c (esxNetworkOpen): Likewise.
	* src/esx/esx_nwfilter_driver.c (esxNWFilterOpen): Likewise.
	* src/esx/esx_secret_driver.c (esxSecretOpen): Likewise.
	* src/esx/esx_storage_driver.c (esxStorageOpen): Likewise.

2011-07-15  Eric Blake  <eblake@redhat.com>

	virsh: improve option handling
	The documentation for vshCommandOptString claims that it returns
	-1 on a missing required argument, but in reality, that error
	message was unreachable (it was buried inside an if clause that
	is true only if the argument was present).  The code was so hairy
	that I decided a rewrite would make it easier to understand,
	and actually return the error values we want.

	Meanwhile, our construction guarantees that all vshCmdOpt have
	a non-null def member, so there are some redundant checks that
	can be trimmed.

	* tools/virsh.c (vshCommandOpt): Alter signature.
	(vshCommandOptInt, vshCommandOptUInt, vshCommandOptUL)
	(vshCommandOptString, vshCommandOptLongLong)
	(vshCommandOptULongLong, vshCommandOptBool): Adjust all callers.
	(vshCommandOptArgv): Remove dead condition.

2011-07-15  Eric Blake  <eblake@redhat.com>

	flags: fix domain_conf migration regression
	Commit 461e0f1a broke migration, because there was a code path
	that tried to enable an internal flag while still going through
	the public function.  Split the internal flag into a separate
	callback, and validate that flags do not overlap.

	* src/conf/domain_conf.c (virDomainDefFormat): Split...
	(virDomainDefFormatInternal): ...to separate the flag check.
	(virDomainObjFormat): Adjust caller.

2011-07-15  Dave Allan  <dallan@redhat.com>

	website: Point main page links to libvirt driver pages
	The "libvirt supports:" section on the main page of libvirt.org
	contains a list of hypervisors with links that point to the sites of
	the underlying virt technologies.  The entry for KVM points to
	http://www.linux-kvm.org/, for example.  People coming to libvirt.org
	for the first time are likely to know about those sites, and they're
	probably interested in how libvirt manages those technologies.  This
	patch points those links to the libvirt driver pages instead.  It also
	consolidates KVM and QEMU as there is only one libvirt driver page for
	them.  Finally, it adds a line about networking support.

	v2: incorporate Eric's feedback adding project links to driver pages.

	website: Add project links to KVM/QEMU driver page
	website: Add project links to Xen driver page
	website: Add project links to LXC driver page
	website: Add project links to OpenVZ driver page
	website: Add project links to UML driver page
	website: Add project links to Virtualbox driver page
	website: Add project links to ESX driver page
	website: Add project links to VMware driver page

2011-07-15  Eric Blake  <eblake@redhat.com>

	flags: fix qemu migration regression
	Commit f548480b broke migration v3 on qemu, because the driver
	passed flags on through to qemu_migration even though
	qemu_migration wasn't using those flags.

	* src/qemu/qemu_migration.h (QEMU_MIGRATION_FLAGS): New define.
	* src/qemu/qemu_driver.c: Simplify all migration callbacks.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Fix regression.

2011-07-15  Eric Blake  <eblake@redhat.com>

	flags: use common dumpxml flags check
	The previous patches only cleaned up ATTRIBUTE_UNUSED flags cases;
	auditing the drivers found other places where flags was being used
	but not validated.  In particular, domainGetXMLDesc had issues with
	clients accepting a different set of flags than the common
	virDomainDefFormat helper function.

	* src/conf/domain_conf.c (virDomainDefFormat): Add common flag check.
	* src/uml/uml_driver.c (umlDomainAttachDeviceFlags)
	(umlDomainDetachDeviceFlags): Reject unknown
	flags.
	* src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc)
	(vboxDomainAttachDeviceFlags)
	(vboxDomainDetachDeviceFlags): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Likewise.
	(qemuDomainGetXMLDesc): Document common flag handling.
	* src/libxl/libxl_driver.c (libxlDomainGetXMLDesc): Likewise.
	* src/lxc/lxc_driver.c (lxcDomainGetXMLDesc): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainGetXMLDesc): Likewise.
	* src/phyp/phyp_driver.c (phypDomainGetXMLDesc): Likewise.
	* src/test/test_driver.c (testDomainGetXMLDesc): Likewise.
	* src/vmware/vmware_driver.c (vmwareDomainGetXMLDesc): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainGetXMLDesc): Likewise.

2011-07-15  Eric Blake  <eblake@redhat.com>

	maint: fix typos
	Our XML prefers "shareable" over "sharable".

	* docs/internals/locking.html.in: s/sharable/shareable/
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockAddResource): Likewise.

2011-07-15  Hu Tao  <hutao@cn.fujitsu.com>

	add --cache, --serial, --shareable and --address to attach-disk
	This adds four options for virsh command attach-disk.

	--cache option allows user to specify cache mode of disk device
	from virsh command line when attaching a disk device.

	--serial option allows user to specify serial string of disk device
	from virsh command line when attaching a disk device.

	--shareable option allows user to specify whether the disk device is
	shareable between domains when attaching a disk device from virsh
	command line.

	--address option allows user to specify address of disk device when
	attaching a disk device.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix error message for missing TLS write function
	* src/rpc/virnettlscontext.c: s/read/write/

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix reporting of cert validation failures
	If the server succesfully validates the client cert, it will send
	back a single byte, under TLS. If it fails, it will close the
	connection. In this case, we were just reporting the standard
	I/O error. The original RPC code had a special case hack for the
	GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
	a more useful error message

	* src/rpc/virnetclient.c: Return ENOMSG if we get
	  GNUTLS_E_UNEXPECTED_PACKET_LENGTH
	* src/rpc/virnettlscontext.c: Report cert failure if we
	  see ENOMSG

2011-07-15  Dave Allan  <dallan@redhat.com>

	Fix error code for storage operations
	Many volume operations will fail if the volume in question is being
	allocated.  These operations were returning VIR_ERR_INTERNAL_ERROR
	when they should be returning VIR_ERR_OPERATION_INVALID.

2011-07-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setvcpus: add "--current" option to "virsh setvcpus"
	This patch adds the --current option to "virsh setvcpus"
	command. Currently "virsh setvcpus" command supports
	"--live" and "--config" , but "--current" option.
	From view of consistency, it's reasonable to support
	"--current" option too.

	When --current is specified, it affects a "current"
	domain.

2011-07-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setvcpus: extend qemuDomainSetVcpusFlags() to support current flag
	This patch extends qemudDomainSetVcpusFlags() function to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

2011-07-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setvcpus: extend virDomainSetVcpusFlags API to support current flag
	This patch extends virDomainSetVcpusFlags API to support
	VIR_DOMAIN_AFFECT_CURRENT flag.

	Now because most APIs accept VIR_DOMAIN_AFFECT_CURRENT flags,
	virDomainSetVcpusFlags API should also do.

2011-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Add domain events support to UML driver
	* src/uml_conf.h: Add queue for dispatch of domain events
	* src/uml_driver.c: Trigger domain events upon important lifecycle transitions

2011-07-14  Eric Blake  <eblake@redhat.com>

	docs: mention EMOTIVE as a libvirt-using app
	* docs/apps.html.in: Add EMOTIVE.
	Reported by Alex Vaqué Brull <memfis@gmail.com>.

2011-07-14  Eric Blake  <eblake@redhat.com>

	virnetsocket: use new API for uniform child cleanup
	Rather than trying to clean up the ssh child ourselves, and risk
	subtle differences from the socket creation error path, we can
	just use the new APIs.

	* src/rpc/virnetsocket.c (virNetSocketFree): Use new function.

2011-07-14  Eric Blake  <eblake@redhat.com>

	fdstream: avoid child process leak on error
	By requesting the pid in virCommandRunAsync, fdstream was claiming
	that it would manually wait for the process.  But on the failure
	path, the child process was being leaked.

	* src/fdstream.c (virFDStreamOpenFileInternal): Auto-reap child.

2011-07-14  Eric Blake  <eblake@redhat.com>

	command: introduce virPidWait, virPidAbort
	When using virCommandRunAsync and saving the pid for later, it
	is useful to be able to reap that pid in the same way that it
	would have been auto-reaped by virCommand if we had passed
	NULL for the pid argument in the first place.

	* src/util/command.c (virPidWait, virPidAbort): New functions,
	created from...
	(virCommandWait, virCommandAbort): ...bodies of these.
	(includes): Drop duplicate <stdlib.h>.  Ensure that our pid_t
	assumptions hold.
	(virCommandRunAsync): Improve documentation.
	* src/util/command.h (virPidWait, virPidAbort): New prototypes.
	* src/libvirt_private.syms: Export them.
	* docs/internals/command.html.in: Document them.

2011-07-14  Jamie Strandboge  <jamie@canonical.com>

	update apparmor security driver for new udev paths
	In the Ubuntu development release we recently got a new udev that
	moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
	This change in udev requires updating the apparmor security driver in
	libvirt[1].

	Attached is a patch that:
	 * adjusts src/security/virt-aa-helper.c to allow both
	LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
	the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
	to /run/ anyway, so there is no additional access (remember that
	apparmor resolves symlinks, which is why this is still required even
	if /var/run points to /run).
	 * adjusts example/apparmor/libvirt-qemu paths for /dev/shm

	[1]https://launchpad.net/bugs/810270

	--
	Jamie Strandboge             | http://www.canonical.com

2011-07-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Improve error reporting in xenapiOpen
	Use better suited error code and avoid NULL in error messsage
	as *privP->session->error_description can be NULL.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build of todo
	Without this patch, the make rule in a VPATH build was trying to
	invoke ../../docs/../../docs/todo.pl, which didn't exist.

	* docs/Makefile.am (todo.html.in): Using $< already implies
	$(srcdir) in GNU make VPATH situations.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: check for virnetprotocol on-the-wire stability
	Similar to the recent qemu_protocol-structs addition.

	* src/virnetprotocol-structs: New file.
	* src/Makefile.am (%_protocol-structs): Factor body...
	(PDWTAGS): ...into new helper macro.
	(virnetprotocol-structs): New rule.
	(PROTOCOL_STRUCTS): Add virnetprotocol-structs.

2011-07-14  Wen Congyang  <wency@cn.fujitsu.com>

	build: disable some drivers when building without libvirt daemon
	We disable some drivers when building without libvirtd in configure,
	but we do not do the same thing in libvirt.spec. It may break rpm
	building without libvirtd.

2011-07-14  Michal Privoznik  <mprivozn@redhat.com>

	storage: Avoid memory leak on metadata fetching
	Getting metadata on storage allocates a memory (path) which need to
	be freed after use otherwise it gets leaked. This means after use of
	virStorageFileGetMetadataFromFD or virStorageFileGetMetadata one
	must call virStorageFileFreeMetadata to free it. This function frees
	structure internals and structure itself.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Don't overwrite errors by closefd in error paths
	When qemuMonitorCloseFileHandle is called in error path, we need to
	preserve the original error since a possible further error when running
	closefd monitor command is not very useful to users.

	qemu: Save domain status ASAP after creating qemu process
	When creating new qemu process we saved domain status XML only after the
	process was fully setup and running. In case libvirtd was killed before
	the whole process finished, once libvirtd started again it didn't know
	anything about the new process and we end up with an orphaned qemu
	process. Let's save the domain status XML as soon as we know the PID so
	that libvirtd can kill the process on restart.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: avoid ATTRIBUTE_UNUSED in headers
	The compiler might optimize based on our declaration that something
	is unused.  Putting that declaration in the header risks getting
	out of sync with the actual implementation, so it belongs better
	only in the .c files.  We were mostly compliant, and a new syntax
	check will help us in the future.

	* cfg.mk (sc_avoid_attribute_unused_in_header): New syntax check.
	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Delete
	attribute already present in .c file.
	* src/qemu/qemu_domain.h (qemuDomainEventFlush): Likewise.
	* src/util/virterror_internal.h (virReportErrorHelper): Parameters
	are actually used by .c file.
	* src/xenxs/xen_sxpr.h (xenFormatSxprDisk): Adjust prototype.
	* src/xenxs/xen_sxpr.c (xenFormatSxprDisk): Delete unused argument.
	(xenFormatSxpr): Adjust caller.
	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags): Likewise.
	Suggested by Daniel Veillard.

2011-07-14  Eric Blake  <eblake@redhat.com>

	remote: prefer unsigned flags
	* src/remote/remote_driver.c (call, remoteOpenSecondaryDriver):
	Prefer unsigned flags.

2011-07-14  Eric Blake  <eblake@redhat.com>

	conf: delete unused flags arguments
	For static functions not used as callbacks, there's no need to
	keep an unused parameter.

	* src/conf/domain_conf.c (virDomainChrDefParseTargetXML)
	(virDomainTimerDefParseXML, virDomainHostdevSubsysUsbDefParseXML)
	(virDomainVcpuPinDefParseXML): Drop unused parameter.
	(virDomainChrDefParseXML, virDomainDefParseXML)
	(virDomainHostdevDefParseXML): Update callers.
	(virDomainNetDefParseXML): Mark flags used.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Update virsh man page
	Valid loglevel range for virsh  is 0-4. Update virsh man page
	accordingly. Also explain virsh ENV variables and values.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: fix previous patch
	The last patch breaks make check for two reasons. First, it reverses the
	condition but leaves default level unchanged, so instead of not printing
	anything but errors before the patch it now prints all debug messages by
	default. Second, you forgot to change -d5 option passed to virsh in
	tests/virsh-optparse to -d0; the script wants to see all debug messages.

2011-07-14  Supriya Kannery  <supriyak@linux.vnet.ibm.com>

	virsh: Make "DEBUG" loglevel the superset
	Aligning loglevel values of virsh to that of libvirt.
	"DEBUG"=0 loglevel, when specified through commandline or
	env variable, should log all the messages. "ERROR=4"
	should log only error messages.

	virsh: Avoid using magic numbers for logging
	Replace magic numbers with loglevel variables.

2011-07-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Avoid duplicating virFileOpenAsNoFork in virFileOpenAs
	In 2f4d2496a88055a8343b3efca618522da8715d92 I didn't notice that one
	part of virFileOpenAs doesn't actually call to virFileOpenAsNoFork but
	rather includes a copy of the code from there.

2011-07-14  Eric Blake  <eblake@redhat.com>

	build: don't hand-roll cloexec code
	No need to repeat common code.

	* bootstrap.conf (gnulib_modules): Import calloc-posix.
	* src/util/bridge.c (brInit): Use virSetCloseExec.
	(brSetInterfaceUp): Adjust flags name.
	* src/uml/uml_driver.c (umlSetCloseExec): Delete.
	(umlStartVMDaemon): Use util version instead.

2011-07-14  Eric Blake  <eblake@redhat.com>

	conf: prefer unsigned flags
	* src/conf/cpu_conf.h (virCPUDefFormat, virCPUDefFormatBuf):
	Change flags type.
	* src/conf/cpu_conf.c (virCPUDefFormat, virCPUDefFormatBuf):
	Likewise.
	* src/conf/storage_conf.c (_virStoragePoolOptions): Likewise.
	* src/datatypes.h (_virConnect, _virStream): Likewise.

	python: prefer unsigned flags
	* python/libvirt-override.c (libvirt_virConnectOpenAuth)
	(libvirt_virDomainSnapshotListNames)
	(libvirt_virDomainRevertToSnapshot): Change flags type.

2011-07-14  Eric Blake  <eblake@redhat.com>

	node_device: avoid implicit int
	'unsigned a' and 'unsigned int a' are synonyms, but we generally
	always spell out the 'int' in that case.  Fixing this will avoid
	a false positive in the next syntax-check commit.

	* src/conf/node_device_conf.h (pci_config_address)
	(_virNodeDevCapsDef): Prefer 'unsigned int' over 'unsigned'.

2011-07-14  Eric Blake  <eblake@redhat.com>

	virsh, daemon: prefer unsigned flags
	* tools/virsh.c (vshCmdDef): Change flags type.
	* daemon/remote.c (remoteDispatchOpen): Likewise.

	xenapi: reject unknown flags
	* src/xenapi/xenapi_driver.c (xenapiOpen, xenapiDomainReboot):
	Reject unknown flags.
	(xenapiDomainGetXMLDesc): Likewise, and pass known flags through
	to XML generation.

	vmware: reject unknown flags
	* src/vmware/vmware_driver.c (vmwareOpen, vmwareDomainReboot)
	(vmwareDomainCreateXML, vmwareDomainCreateWithFlags): Reject
	unknown flags.

	vbox: reject unknown flags
	* src/vbox/vbox_driver.c (vboxOpenDummy): Reject unknown flags.
	* src/vbox/vbox_tmpl.c (vboxOpen, vboxDomainReboot)
	(vboxNetworkOpen, vboxNetworkGetXMLDesc, vboxStorageOpen)
	(vboxStorageVolCreateXML, vboxStorageVolDelete)
	(vboxStorageVolGetXMLDesc, vboxDomainScreenshot): Likewise.

2011-07-13  Eric Blake  <eblake@redhat.com>

	uml: reject unknown flags
	* src/uml/uml_driver.c (umlOpen, umlDomainGetXMLDesc)
	(umlDomainBlockPeek): Reject unknown flags.

	test: reject unknown flags
	* src/test/test_driver.c (testOpen, testDomainCoreDump)
	(testOpenNetwork, testNetworkGetXMLDesc, testOpenInterface)
	(testInterfaceChangeBegin, testInterfaceChangeCommit)
	(testInterfaceChangeRollback, testInterfaceGetXMLDesc)
	(testInterfaceDefineXML, testInterfaceCreate)
	(testInterfaceDestroy, testStorageOpen, testStoragePoolStart)
	(testStorageFindPoolSources, testStoragePoolCreate)
	(testStoragePoolDefine, testStoragePoolBuild)
	(testStoragePoolDelete, testStoragePoolRefresh)
	(testStoragePoolGetXMLDesc, testStorageVolumeCreateXML)
	(testStorageVolumeCreateXMLFrom, testStorageVolumeDelete)
	(testStorageVolumeGetXMLDesc, testDevMonOpen)
	(testNodeNumOfDevices, testNodeListDevices)
	(testNodeDeviceGetXMLDesc, testNodeDeviceCreateXML)
	(testSecretOpen, testNWFilterOpen): Reject unknown flags.

	qemu: reject unknown flags
	* src/qemu/qemu_driver.c (qemudOpen, qemuDomainScreenshot)
	(qemuDomainXMLFromNative, qemuDomainXMLToNative)
	(qemudDomainBlockPeek, qemuCPUCompare, qemuCPUBaseline): Reject
	unknown flags.
	* src/qemu/qemu_migration.c (qemuMigrationConfirm): Likewise.
	(_qemuMigrationCookie, qemuMigrationCookieXMLParse)
	(qemuMigrationCookieXMLParseStr, qemuMigrationBakeCookie)
	(qemuMigrationEatCookie): Make flags unsigned.
	* src/qemu/qemu_domain.h: (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Prefer unsigned flags.
	* src/qemu/qemu_domain.c (qemuDomainDefFormatXML)
	(qemuDomainFormatXML): Likewise.
	(qemuDomainOpenLogHelper, qemuDomainCreateLog): Rename variable.

	phyp: reject unknown flags
	* src/phyp/phyp_driver.c (phypOpen, phypDomainReboot)
	(phypVIOSDriverOpen): Reject unknown flags.

	openvz: reject unknown flags
	* src/openvz/openvz_driver.c (openvzDomainReboot, openvzOpen):
	Reject unknown flags.

	lxc: reject unknown flags
	* src/lxc/lxc_driver.c (lxcOpen, lxcDomainSetMemoryParameters)
	(lxcDomainGetMemoryParameters): Reject unknown flags.
	* src/lxc/lxc_container.c (lxcContainerStart): Rename flags to
	cflags to reflect that it is not tied to libvirt.

	libxl: reject unknown flags
	* src/libxl/libxl_driver.c (libxlOpen, libxlDomainReboot)
	(libxlDomainXMLFromNative, libxlDomainXMLToNative)
	(libxlDomainCreateWithFlags): Reject unknown flags.

2011-07-13  Nan Zhang  <nzhang@redhat.com>

	virsh: fix missing prompt message for 'snapshot-delete' command
	Make the command 'virsh snapshot-delete' has the appropriate prompt
	message when executing sucessful or failed.

2011-07-13  Peter Krempa  <pkrempa@redhat.com>

	qemu: build failed due to unused variables
	While compiling on F15 build crashed (probably because of new GCC).

2011-07-13  Eric Blake  <eblake@redhat.com>

	storage: reject unknown flags
	* src/storage/storage_backend.c (virStorageBackendCreateBlockFrom)
	(virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Reject unknown flags.
	* src/storage/storage_backend_disk.c (virStorageBackendDiskBuildPool)
	(virStorageBackendDiskDeleteVol): Likewise.
	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemNetFindPoolSources)
	(virStorageBackendFileSystemBuild)
	(virStorageBackendFileSystemDelete, createFileDir)
	(virStorageBackendFileSystemVolBuildFrom)
	(virStorageBackendFileSystemVolDelete): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIFindPoolSources): Likewise.
	* src/storage/storage_backend_logical.c
	(virStorageBackendLogicalFindPoolSources)
	(virStorageBackendLogicalBuildPool)
	(virStorageBackendLogicalDeletePool)
	(virStorageBackendLogicalDeleteVol): Likewise.
	* src/storage/storage_driver.c (storageOpen, storagePoolCreate)
	(storagePoolDefine, storagePoolRefresh, storagePoolGetXMLDesc)
	(storageVolumeCreateXML, storageVolumeCreateXMLFrom)
	(storageVolumeGetXMLDesc): Likewise.

	node_device: reject unknown flags
	* src/node_device/node_device_driver.c (nodeNumOfDevices)
	(nodeListDevices, nodeDeviceGetXMLDesc, nodeDeviceCreateXML):
	Reject unknown flags.
	* src/node_device/node_device_hal.c (halNodeDrvOpen): Likewise.
	* src/node_device/node_device_udev.c (udevNodeDrvOpen): Likewise.

2011-07-13  Eric Blake  <eblake@redhat.com>

	util: reject unknown flags, and prefer unsigned flags
	Silently ignored flags get in the way of new features that
	use those flags.  Also, an upcoming syntax check will favor
	unsigned flags.

	* src/nodeinfo.h (nodeGetCPUStats, nodeGetMemoryStats): Drop
	unused attribute.
	* src/interface/netcf_driver.c (interfaceOpenInterface)
	(interfaceDefineXML, interfaceCreate, interfaceDestroy): Reject
	unknown flags.
	* src/network/bridge_driver.c (networkOpenNetwork)
	(networkGetXMLDesc): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterOpen): Likewise.
	* src/secret/secret_driver.c (secretOpen, secretDefineXML)
	(secretGetXMLDesc, secretSetValue): Likewise.
	* src/util/logging.c (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Likewise; also use unsigned flags.
	* src/util/logging.h (virLogDefineFilter, virLogDefineOutput)
	(virLogMessage): Change signature.
	* src/util/command.c (virExecWithHook): Likewise.

2011-07-13  Eric Blake  <eblake@redhat.com>

	libvirt-qemu: use unsigned flags
	Like commit 1740c381, but for libvirt-qemu.

	* src/remote/qemu_protocol.x (qemu_monitor_command_args): Adjust
	type to match API.
	* src/qemu_protocol-structs: Update accordingly.

2011-07-13  Eric Blake  <eblake@redhat.com>

	maint: print flags in hex during debug
	Continuation of commit 313ac7fd, and enforce things with a syntax
	check.

	Technically, virNetServerClientCalculateHandleMode is not printing
	a mode_t, but rather a collection of VIR_EVENT_HANDLE_* bits;
	however, these bits are < 8, so there is no different in the
	output, and that was the easiest way to silence the new syntax check.

	* cfg.mk (sc_flags_debug): New syntax check.
	(exclude_file_name_regexp--sc_flags_debug): Add exemptions.
	* src/fdstream.c (virFDStreamOpenFileInternal): Print flags in
	hex, mode_t in octal.
	* src/libvirt-qemu.c (virDomainQemuMonitorCommand)
	(virDomainQemuAttach): Likewise.
	* src/locking/lock_driver_nop.c (virLockManagerNopInit): Likewise.
	* src/locking/lock_driver_sanlock.c (virLockManagerSanlockInit):
	Likewise.
	* src/locking/lock_manager.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_monitor.c: Likewise.
	* src/rpc/virnetserverclient.c
	(virNetServerClientCalculateHandleMode): Print mode with %o.

2011-07-13  Eric Blake  <eblake@redhat.com>

	maint: exclude more files from syntax check
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Exempt
	docs/api_extension/*.patch.
	(exclude_file_name_regexp--sc_prohibit_always_true_header_tests)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF)
	(exclude_file_name_regexp--sc_prohibit_fork_wrappers)
	(exclude_file_name_regexp--sc_trailing_blank): Simplify.
	(exclude_file_name_regexp--sc_prohibit_gettext_noop): Delete.
	(exclude_file_name_regexp--sc_prohibit_close)
	(exclude_file_name_regexp--sc_prohibit_nonreentrant)
	(exclude_file_name_regexp--sc_prohibit_sprintf): Tighten.

2011-07-13  Eric Blake  <eblake@redhat.com>

	util: honor anchored names when searching for executables
	I got bit in a debugging session on an uninstalled libvirtd; the
	code tried to call out to the installed $LIBEXECDIR/libvirt_iohelper
	instead of my just-built version.  So I set a breakpoint and altered
	the binary name to be "./src/libvirt_iohelper", and it still failed
	because I don't have "." on my PATH.

	According to POSIX, execvp only searches PATH if the name does
	not contain a slash.  Since we are trying to mimic that behavior,
	an anchored name should be relative to the current working dir.

	This tightens existing behavior, but most callers already pass
	an absolute name or a name with no slashes, so it probably won't
	be noticeable.

	* src/util/util.c (virFindFileInPath): Anchored relative names do
	not invoke a PATH search.

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Ensure signal handler propagates fatal signals to default handler
	When replacing the default SEGV/ABORT/BUS signal handlers you
	can't rely on the process being terminated after your custom
	handler runs. It is neccessary to manually restore the default
	handler and then re-raise the signal

	* src/rpc/virnetserver.c: Restore default handler and raise
	  signal

2011-07-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused virNetServerProgramErrorHander typedef
	* src/rpc/virnetserverprogram.h: Remove unused typedef for
	  virNetServerProgramErrorHander function callback
	* daemon/remote.h: Remove decl for non-existant variables

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix monitor unlocking in some error paths
	When monitor is entered with qemuDomainObjEnterMonitorWithDriver, the
	correct method for leaving and unlocking the monitor is
	qemuDomainObjExitMonitorWithDriver.

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Consolidate qemuMigrationPrepare{Direct,Tunnel}
	Most of the code in these two functions is supposed to be identical but
	currently it isn't (which is natural since the code is duplicated).
	Let's move common parts of these functions into qemuMigrationPrepareAny.

	This also fixes qemuMigrationPrepareTunnel which didn't store received
	lockState in the domain object.

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add support for job phase
	Asynchronous jobs may take long time to finish and may consist of
	several phases which we need to now about to help with recovery/rollback
	after libvirtd restarts.

	qemu: Recover from interrupted jobs
	Detect and react on situations when libvirtd was restarted or killed
	when a job was active.

	qemu: Save job type in domain status XML
	If libvirtd is restarted when a job is running, the new libvirtd process
	needs to know about that to be able to recover and rollback the
	operation.

2011-07-13  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Allow all query commands to be run during long jobs
	Query commands are safe to be called during long running jobs (such as
	migration). This patch makes them all work without the need to
	special-case every single one of them.

	The patch introduces new job.asyncCond condition and associated
	job.asyncJob which are dedicated to asynchronous (from qemu monitor
	point of view) jobs that can take arbitrarily long time to finish while
	qemu monitor is still usable for other commands.

	The existing job.active (and job.cond condition) is used all other
	synchronous jobs (including the commands run during async job).

	Locking schema is changed to use these two conditions. While asyncJob is
	active, only allowed set of synchronous jobs is allowed (the set can be
	different according to a particular asyncJob) so any method that
	communicates to qemu monitor needs to check if it is allowed to be
	executed during current asyncJob (if any). Once the check passes, the
	method needs to normally acquire job.cond to ensure no other command is
	running. Since domain object lock is released during that time, asyncJob
	could have been started in the meantime so the method needs to recheck
	the first condition. Then, normal jobs set job.active and asynchronous
	jobs set job.asyncJob and optionally change the list of allowed job
	groups.

	Since asynchronous jobs only set job.asyncJob, other allowed commands
	can still be run when domain object is unlocked (when communicating to
	remote libvirtd or sleeping). To protect its own internal synchronous
	commands, the asynchronous job needs to start a special nested job
	before entering qemu monitor. The nested job doesn't check asyncJob, it
	only acquires job.cond and sets job.active to block other jobs.

2011-07-12  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Consolidate {Enter,Exit}Monitor{,WithDriver}
	EnterMonitor and ExitMonitor methods are very similar to their
	*WithDriver variants; consolidate them into EnterMonitorInternal and
	ExitMonitorInternal to avoid (mainly future) code duplication.

	qemu: Consolidate BeginJob{,WithDriver} into a single method
	This avoids code duplication and also avoids relying on good luck that
	ignore_value(virDomainObjUnref(obj)) doesn't set errno.

	qemu: Separate job related data into a new object

2011-07-12  Eric Blake  <eblake@redhat.com>

	maint: avoid incremental 'make syntax-check' failure
	Incrementally running 'make syntax-check' on a tree previously
	built after commit 62dee6f but before 44036460 fails sc_po_check
	(because the generated qemu_dispatch.h gained translatable strings).
	This is a followup to commit addaa537 for that scenario.

	* cfg.mk (sc_po_check): Add another prereq.
	($(srcdir)/daemon/qemu_dispatch.h): Add rule.

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Skip bugs which are CLOSED in todo list
	* docs/todo.pl: Skip closed bugs

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add missing cleanup for transient guests in UML driver
	The UML inotify handler would kill off guests when certain
	conditions arise, but it forgot to remove transient guests
	from the list of domains

	* src/uml/uml_driver.c: Cleanup transient guests

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add auditing to the UML driver
	* src/uml/uml_driver.c: Add audit hooks

	Add auditing to the LXC driver
	* src/lxc/lxc_driver.c: Add auditing hooks

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add virtualization type in audit messages
	Since a host can run several different virtualization types at
	the same time, audit messages should allow domains to be identified.
	Add a 'virt={qemu,kvm,uml,lxc,...}' key to domain audit messages

	* src/conf/domain_audit.c: Identify virt type of guest

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add auditing of filesystems
	When passing through filesystems from the host to a guest, the
	host filesystem passed must be audited

	* src/conf/domain_audit.{c,h}: Add virDomainAuditFS

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Move qemu_audit.h helpers into shared code
	The LXC and UML drivers can both make use of auditing. Move
	the qemu_audit.{c,h} files to src/conf/domain_audit.{c,h}

	* src/conf/domain_audit.c: Rename from src/qemu/qemu_audit.c
	* src/conf/domain_audit.h: Rename from src/qemu/qemu_audit.h
	* src/Makefile.am: Remove qemu_audit.{c,h}, add domain_audit.{c,h}
	* src/qemu/qemu_audit.h, src/qemu/qemu_cgroup.c,
	  src/qemu/qemu_command.c, src/qemu/qemu_driver.c,
	  src/qemu/qemu_hotplug.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_process.c: Update for changed audit API names

2011-07-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Initialize all instances of esxVMX_Data to zero
	To avoid using or freeing uninitialized memory or pointers.

	rpc: Fix compile error due to potentially unused parameter
	connectDBus is only used if HAVE_DBUS is set. Therefore mark
	it as potentially unused.

2011-07-12  Jim Fehlig  <jfehlig@novell.com>

	Fix build when using polkit0
	V2: Remove policy kit references from virNetServer and use DBus APIs
	    directly, if available.

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Implement code to attach to external QEMU instances.
	Given a PID, the QEMU driver reads /proc/$PID/cmdline and
	/proc/$PID/environ to get the configuration. This is fed
	into the ARGV->XML convertor to build an XML configuration
	for the process.

	/proc/$PID/exe is resolved to identify the full command
	binary path

	After checking for name/uuid uniqueness, an attempt is
	made to connect to the monitor socket. If successful
	then 'info status' and 'info kvm' are issued to determine
	whether the CPUs are running and if KVM is enabled.

	* src/qemu/qemu_driver.c: Implement virDomainQemuAttach
	* src/qemu/qemu_process.h, src/qemu/qemu_process.c: Add
	  qemuProcessAttach to connect to the monitor of an
	  existing QEMU process

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add monitor API for checking whether KVM is enabled
	When attaching to an external QEMU process, it is neccessary
	to check if the process is using KVM or not. This can be done
	using a monitor command

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for checking if KVM is enabled

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add a method for extracting QEMU argv from /proc
	To enable attaching to externally launched QEMU, we need
	to be able to reverse engineer a guest XML config based
	on the argv for a PID in /proc

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Add
	  qemuParseCommandLinePid which extracts QEMU config from
	  argv in /proc, given a PID number

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Change extract pidfile & monitor config from QEMU command line
	When converting QEMU argv into a virDomainDefPtr, also extract
	the pidfile, monitor character device config and the monitor
	mode.

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: Extract
	  pidfile & monitor config from QEMU argv
	* src/qemu/qemu_driver.c, tests/qemuargv2xmltest.c: Add extra
	  params when calling qemuParseCommandLineString

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Keep pidfile path in qemuDomainObjPrivate struct
	Avoid re-formatting the pidfile path everytime we need it. Create
	it once when starting the guest, and preserve it until the guest
	is shutdown.

	* src/libvirt_private.syms, src/util/util.c,
	  src/util/util.h: Add virFileReadPidPath
	* src/qemu/qemu_domain.h: Add pidfile field
	* src/qemu/qemu_process.c: Store pidfile path in qemuDomainObjPrivate

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Add a new 'virsh qemu-attach' command.
	This command allows libvirt to attach to an existing QEMU
	instance.

	 $ qemu-kvm -cdrom ~/demo.iso \
	     -monitor unix:/tmp/demo,server,nowait \
	     -name foo \
	     -uuid cece4f9f-dff0-575d-0e8e-01fe380f12ea  &
	 $ QEMUPID=$!
	 $ virsh qemu-attach $QEMUPID

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Define remote wire protocol & impls for virDomainQemuAttach
	This tweaks the RPC generator to cope with some naming
	conventions used for the QEMU specific APIs

	* daemon/remote.c: Server side dispatcher
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/qemu_protocol.x: Wire protocol definition
	* src/rpc/gendispatch.pl: Use '$structprefix' in method
	  names, fix QEMU flags and fix dispatcher method names

2011-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Define a QEMU specific API to attach to a running QEMU process
	Introduce a new API in libvirt-qemu.so

	 virDomainPtr virDomainQemuAttach(virConnectPtr domain,
	                                  unsigned long long pid,
	                                  unsigned int flags);

	This allows libvirtd to attach to an existing, externally
	launched QEMU process. This is useful for QEMU developers who
	prefer to launch QEMU themselves for debugging/devel reasons,
	but still want the benefit of libvirt based tools like
	virt-top, virt-viewer, etc

	* include/libvirt/libvirt-qemu.h: Define virDomainQemuAttach
	* src/driver.h, src/libvirt-qemu.c, src/libvirt_qemu.syms:
	  Driver glue for virDomainQemuAttach

2011-07-12  Alex Jia  <ajia@redhat.com>

	qemu: update configuration file
	* src/qemu/qemu.conf: Add blkio controller into qemu.conf.

2011-07-12  Eric Blake  <eblake@redhat.com>

	qemu: avoid fd leak on core dump failure
	* src/qemu/qemu_driver.c (doCoreDump): Guarantee fd is closed.

	maint: rename virtaudit to match file contents
	* src/util/virtaudit.[ch]: Rename...
	* src/util/viraudit.[ch]: ...to match virAudit* API.
	* src/Makefile.am (UTIL_SOURCES): Reflect rename.
	* daemon/libvirtd.c: Likewise.
	* po/POTFILES.in: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c: Likewise.

2011-07-12  Oskari Saarenmaa  <os@ohmu.fi>

	remote/ssh: support for no_verify.
	Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
	no_verify extra parameter was specified.  This won't disable host key
	checking for already known hosts.  Includes a test and documentation.

2011-07-12  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	Fix virsh inject-nmi man page
	* tools/virsh.pod: move the description which was misplaced

2011-07-12  Michal Privoznik  <mprivozn@redhat.com>

	domain_conf: Free temporary variable
	* src/conf/domain_conf.c: caller must free returned value of
	  virXPathString in useserial

2011-07-12  Osier Yang  <jyang@redhat.com>

	esx: Fix a potential crash
	Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
	it might cause crash when trying to free it in cleanup.

2011-07-12  Eric Blake  <eblake@redhat.com>

	build: also check qemu_protocol for on-the-wire stability
	Since we are going to add some libvirt-qemu.so entry points in
	0.9.4, we might as well start checking for RPC stability, just
	as for libvirt.so.

	* src/Makefile.am (PROTOCOL_STRUCTS): New variable.
	(remote_protocol-structs): Rename...
	(%_protocol-structs): ...and make more generic.
	* src/qemu_protocol-structs: New file.

2011-07-12  Eric Blake  <eblake@redhat.com>

	build: avoid requiring -lm
	log2() is heavy when ffs() can do the same thing.  But ffs()
	requires gnulib support for mingw.

	This patch solves this linker error on Fedora 14.

	/usr/bin/ld: libvirt_lxc-domain_conf.o: undefined reference to symbol 'log2@@GLIBC_2.2.5'
	/usr/bin/ld: note: 'log2@@GLIBC_2.2.5' is defined in DSO /lib64/libm.so.6 so try adding it to the linker command line
	/lib64/libm.so.6: could not read symbols: Invalid operation
	collect2: ld returned 1 exit status

	* .gnulib: Update to latest, for ffs.
	* bootstrap.conf (gnulib_modules): Import ffs.
	* src/conf/domain_conf.c (virDomainDefParseXML): Use ffs instead
	of log2.
	Reported by Dave Allan.

2011-07-11  Jim Fehlig  <jfehlig@novell.com>

	Remove code no longer used after commit df0b57a9

2011-07-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add domain type checking
	The drivers were accepting domain configs without checking if those
	were actually meant for them. For example the LXC driver happily
	accepts configs with type QEMU.

	Add a check for the expected domain types to the virDomainDefParse*
	functions.

2011-07-11  Alex Jia  <ajia@redhat.com>

	remote: Fix memory leak
	Detected in valgrind run:

	==9184== 1 bytes in 1 blocks are definitely lost in loss record 1 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF97C9: xdr_remote_domain_get_security_label_ret (remote_protocol.c:1696)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF71C6: remoteDomainGetSecurityLabel (remote_driver.c:1580)
	==9184==    by 0x4CCA480: virDomainGetSecurityLabel (libvirt.c:7340)
	==9184==    by 0x41993A: cmdDominfo (virsh.c:2414)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 2 bytes in 1 blocks are definitely lost in loss record 2 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF974F: xdr_remote_node_get_security_model_ret (remote_protocol.c:1713)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== 8 bytes in 1 blocks are definitely lost in loss record 3 of 19
	==9184==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
	==9184==    by 0x3073715F78: xdr_array (xdr_array.c:97)
	==9184==    by 0x4CF9729: xdr_remote_node_get_security_model_ret (remote_protocol.c:1710)
	==9184==    by 0x4D08741: virNetMessageDecodePayload (virnetmessage.c:286)
	==9184==    by 0x4D00F78: virNetClientProgramCall (virnetclientprogram.c:318)
	==9184==    by 0x4CE3887: call (remote_driver.c:3933)
	==9184==    by 0x4CF6F96: remoteNodeGetSecurityModel (remote_driver.c:1648)
	==9184==    by 0x4CBF799: virNodeGetSecurityModel (libvirt.c:7382)
	==9184==    by 0x4197D7: cmdDominfo (virsh.c:2394)
	==9184==    by 0x411E92: vshCommandRun (virsh.c:12730)
	==9184==    by 0x4211ED: main (virsh.c:14076)
	==9184==
	==9184== LEAK SUMMARY:
	==9184==    definitely lost: 11 bytes in 3 blocks

	* src/remote/remote_driver.c: Avoid leak on remoteDomainGetSecurityLabel
	  and remoteNodeGetSecurityModel.

2011-07-11  Eric Blake  <eblake@redhat.com>

	tests: simplify formatting
	The shell version would output 40 extra spaces for a test with
	a multiple of 40 sub-tests, and the C version can use the same
	printf optimization for avoiding a loop over single space output
	as the shell version.

	* tests/testutils.c (virtTestMain): Avoid loop for alignment.
	* tests/test-lib.sh: Fix formatting when counter is multiple of 40.

2011-07-11  Jim Fehlig  <jfehlig@novell.com>

	Do not drop kernel cmdline for xen pv domains
	Kernel cmdline args can be passed to xen pv domains even when a
	bootloader is specified.  The current config-to-sxpr mapping
	ignores cmdline when bootloader is present.

	Since the xend sub-driver is used with many xen toolstack versions,
	this patch takes conservative approach of adding an else block to
	existing !def->os.bootloader, and only appends sxpr if def->os.cmdline
	is non-NULL.

	V2: Fix existing testcase broken by this patch and add new testcases

2011-07-11  Wen Congyang  <wency@cn.fujitsu.com>

	kill vm if saving config failed in v3 protocol
	If virDomainSaveConfig() failed, we will return NULL to source,
	and the vm is still available to restart during confirm() step in
	v3 protocol. So we should kill it off in qemuMigrationFinish().

	In v2 protocol, we should not set vm to NULL, because we hold
	a reference of vm and should unrefernce it.

2011-07-11  Wen Congyang  <wency@cn.fujitsu.com>

	RPC: fix argument's name

	fix typo error

2011-07-11  Michal Privoznik  <mprivozn@redhat.com>

	bios: Add support for SGA
	This patch creates new <bios> element which, at this time has only the
	attribute useserial='yes|no'. This attribute allow users to use
	Serial Graphics Adapter and see BIOS messages from the very first moment
	domain boots up. Therefore, users can choose boot medium, set PXE, etc.

2011-07-11  Daniel Veillard  <veillard@redhat.com>

	Fix rpm build with sanlock and without QEmu
	The qemu-sanlock.conf file is not installed in this case

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix logic in storage driver open function
	If the main driver is the vbox driver, then the open function
	has to return an error if the private data is invalid.

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Improve output of tests that decide to skip at runtime
	Don't print OK/FAIL for tests that decide to be skipped after
	calling virtTestMain. Delay printing of the indentation before
	the first test until we know that the test didn't decide to be
	skipped.

	Also make the reconnect test use VIRT_TEST_MAIN.

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Fix compressed test output padding logic
	The current logic tries to count from 1 to 40 and ignores paddings
	of 0 and 1 to 40. This doesn't work for counter + 1 mod 40 == 0
	like here for counter value 159

	TEST: virsh-all
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ....................................... 159 OK
	PASS: virsh-all

	Also seq isn't portable. Therefore, calculate the correct padding
	length directly and use printf to output it at once.

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Use EXIT_AM_SKIP instead of 77 directly

2011-07-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	rpc: Fix whitespace problem in generated code
	Add missing line break and fix indention level.

	Reported by Cole Robinson.

2011-07-08  Federico Simoncelli  <fsimonce@redhat.com>

	sanlock: avoid lockspace setup when auto_disk_lease is off
	When auto_disk_lease is off we should avoid the automatic lockspace
	creation.

2011-07-08  Eric Blake  <eblake@redhat.com>

	libvirtd: diagnose explicitly requested but missing conf file
	Fixes test regression introduced in commit 8e2e4780.

	* daemon/libvirtd.c (daemonConfigLoad): Add argument.
	(main): Update caller.

2011-07-08  Michael Santos  <michael.santos@gmail.com>

	qemu: clean up OOM checks

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Don't exit if the libvirtd config does not exist
	It is common for the $HOME/.libvirt/libvirtd.conf file to not
	exist. Treat this situation as non-fatal since we can carry
	on with our default settings just fine.

	* daemon/libvirtd.c: Treat ENOENT as non-fatal when loading
	  config

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix sending of reply to final RPC message
	The dispatch for the CLOSE RPC call was invoking the method
	virNetServerClientClose(). This caused the client connection
	to be immediately terminated. This meant the reply to the
	final RPC message was never sent. Prior to the RPC rewrite
	we merely flagged the connection for closing, and actually
	closed it when the next RPC call dispatch had completed.

	* daemon/remote.c: Flag connection for a delayed close
	* daemon/stream.c: Update to use new API for closing
	  failed connection
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h:
	  Add support for a delayed connection close. Rename the
	  virNetServerClientMarkClose method to virNetServerClientImmediateClose
	  to clarify its semantics

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of remote driver if final 'CLOSE' RPC call fails
	When closing a remote connection we issue a (fairly pointless)
	'CLOSE' RPC call to the daemon. If this fails we skip all the
	cleanup of private data, but the virConnectPtr object still
	gets released as normal. This causes a memory leak. Since the
	CLOSE RPC call is pretty pointless, just carry on freeing the
	remote driver if it fails.

	* src/remote/remote_driver.c: Ignore failure to issue CLOSE
	  RPC call

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix release of outgoing stream confirmation/abort message
	When sending back the final OK or ERROR message on completion
	of a stream, we were not decrementing the 'nrequests' tracker
	on the client. With the default requests limit of '5', this
	meant once a client had created 5 streams, they are unable to
	process any further RPC calls.  There was also a bug when
	handling an error from decoding a message length header, which
	meant a client connection would not immediately be closed.

	* src/rpc/virnetserverclient.c: Fix release of request after
	  stream completion & mark client for close on error

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of 'msg' object in client stream code
	In one exit path we forgot to free the virNetMessage object causing
	a large memory leak for streams which send a lot of data. Some other
	paths were calling VIR_FREE directly instead of virNetMessageFree
	although this was (currently) harmless.

	* src/rpc/virnetclientstream.c: Fix leak of msg object
	* src/rpc/virnetclientprogram.c: Call virNetMessageFree instead
	  of VIR_FREE

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential crash in libvirtd with active streams
	If a client disconnects while it has a stream active, there is
	a race condition which could see libvirtd crash. This is because
	the client struct may be freed before the last stream event has
	triggered. This is trivially solved by holding an extra reference
	on the client for the stream callbak

	* daemon/stream.c: Acquire reference on client when adding the
	  stream callback

2011-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix mistaken order of server cert/key parameters in constructor
	The virNetTLSContextNew was being passed key/cert parameters in
	the wrong order. This wasn't immediately visible because if
	virNetTLSContextNewPath was used, a second bug reversed the order
	of those parameters again.

	Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
	did the bug appear

	* src/rpc/virnettlscontext.c: Fix order of params passed to
	  virNetTLSContextNew

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	graphics: add support for action_if_connected in qemu
	This option accepts 3 values:
	-keep, to keep current client connected (Spice+VNC)
	-disconnect, to disconnect client (Spice)
	-fail, to fail setting password if there is a client connected (Spice)

2011-07-08  Jiri Denemark  <jdenemar@redhat.com>

	util: Don't try to fchown files opened as non-root
	When virFileOpenAs is called with VIR_FILE_OPEN_AS_UID flag and uid/gid
	different from root/root while libvirtd is running as root, we fork a
	new child, change its effective UID/GID to uid/gid and run
	virFileOpenAsNoFork. It doesn't make any sense to fchown() the opened
	file in this case since we already know that uid/gid can access the file
	when open succeeds and one of the following situations may happen:

	- the file is already owned by uid/gid and we skip fchown even before
	  this patch
	- the file is owned by uid but not gid because it was created in a
	  directory with SETGID set, in which case it is desirable not to change
	  the group
	- the file may be owned by a completely different user and/or group
	  because it was created on a root-squashed or even all-squashed NFS
	  filesystem, in which case fchown would most likely fail anyway

2011-07-08  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't chown files on NFS share if dynamic_ownership is off
	When dynamic ownership is disabled we don't want to chown any files,
	not just local.

2011-07-08  John Williams  <john.williams@petalogix.com>

	microblaze: Add architecture support
	Add libvirt support for MicroBlaze architecture as a QEMU target.  Based on mips/mipsel pattern.

2011-07-08  Jim Fehlig  <jfehlig@novell.com>

	Skip some xen tests if xend is not running
	Currently, the xen statstest and reconnect tests are only compiled
	if xend is running.  Compile them unconditionally if xen headers
	are present, but skip the tests at runtime if xend is not running.

	This is in response to Eric's suggestion here

	https://www.redhat.com/archives/libvir-list/2011-July/msg00367.html

2011-07-07  Eric Blake  <eblake@redhat.com>

	util: drop unused safezero argument
	No caller was using the flags argument, and this function is internal
	only, so we might as well skip it.

	* src/util/util.h (safezero): Update signature.
	* src/util/util.c (safezero): Update function.
	* src/locking/lock_driver_sanlock.c
	(virLockManagerSanlockSetupLockspace)
	(virLockManagerSanlockCreateLease): Update all callers.
	* src/storage/storage_backend.c (createRawFile): Likewise.

2011-07-07  Eric Blake  <eblake@redhat.com>

	conf: prefer unsigned int for flags
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceInfoFormat, virDomainDeviceInfoParseXML)
	(virDomainDiskDefParseXML, virDomainControllerDefParseXML)
	(virDomainFSDefParseXML, virDomainNetDefParseXML)
	(virDomainChrDefParseTargetXML, virDomainChrDefParseXML)
	(virDomainSmartcardDefParseXML, virDomainInputDefParseXML)
	(virDomainTimerDefParseXML, virDomainSoundDefParseXML)
	(virDomainWatchdogDefParseXML, virDomainMemballoonDefParseXML)
	(virDomainVideoDefParseXML)
	(virDomainHostdevSubsysUsbDefParseXML)
	(virDomainHostdevSubsysPciDefParseXML)
	(virDomainHostdevDefParseXML, virSecurityLabelDefParseXML)
	(virDomainVcpuPinDefParseXML, virDomainDefParseXML)
	(virDomainDefParse, virDomainDiskDefFormat)
	(virDomainControllerDefFormat, virDomainFSDefFormat)
	(virDomainNetDefFormat, virDomainChrSourceDefFormat)
	(virDomainChrDefFormat, virDomainSmartcardDefFormat)
	(virDomainSoundDefFormat, virDomainMemballoonDefFormat)
	(virDomainWatchdogDefFormat, virDomainVideoDefFormat)
	(virDomainInputDefFormat, virDomainGraphicsDefFormat)
	(virDomainHostdevDefFormat, virDomainObjFormat): Switch signature.
	(virDomainObjTaint, virDomainSaveStatus): Use unsigned flags.

2011-07-07  Eric Blake  <eblake@redhat.com>

	drivers: prefer unsigned int for flags
	Now that the public APIs always use unsigned flags, the internal
	driver callbacks might as well do likewise.

	* src/driver.h (vrDrvOpen, virDrvDomainCoreDump)
	(virDrvDomainGetXMLDesc, virDrvNetworkGetXMLDesc)
	(virDrvNWFilterGetXMLDesc): Update type.
	* src/remote/remote_protocol.x (remote_open_args)
	(remote_domain_core_dump_args, remote_domain_get_xml_desc_args)
	(remote_network_get_xml_desc_args)
	(remote_nwfilter_get_xml_desc_args): Likewise.
	* src/test/test_driver.c: Update clients.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* src/xen/xs_internal.c: Likewise.
	* src/xen/xs_internal.h: Likewise.
	* src/xen/xen_inotify.c: Likewise.
	* src/xen/xen_inotify.h: Likewise.
	* src/phyp/phyp_driver.c: Likewise.
	* src/openvz/openvz_driver.c: Likewise.
	* src/vmware/vmware_driver.c: Likewise.
	* src/vbox/vbox_driver.c: Likewise.
	* src/vbox/vbox_tmpl.c: Likewise.
	* src/xenapi/xenapi_driver.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/esx/esx_interface_driver.c: Likewise.
	* src/esx/esx_network_driver.c: Likewise.
	* src/esx/esx_storage_driver.c: Likewise.
	* src/esx/esx_device_monitor.c: Likewise.
	* src/esx/esx_secret_driver.c: Likewise.
	* src/esx/esx_nwfilter_driver.c: Likewise.
	* src/interface/netcf_driver.c: Likewise.
	* src/nwfilter/nwfilter_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/uml/uml_driver.c: Likewise.
	* src/network/bridge_driver.c: Likewise.
	* src/secret/secret_driver.c: Likewise.
	* src/storage/storage_driver.c: Likewise.
	* src/node_device/node_device_hal.c: Likewise.
	* src/node_device/node_device_udev.c: Likewise.
	* src/remote_protocol-structs: Likewise.

2011-07-07  Eric Blake  <eblake@redhat.com>

	public API: prefer unsigned int for flags
	Most APIs use 'unsigned int flags'; but a few stragglers were using
	a signed value.  In particular, the vir*GetXMLDesc APIs were
	split-brain, with inconsistent choice of types.  Although it is
	an API break to use 'int' instead of 'unsigned int', it is ABI
	compatible (pre-compiled apps will have no difference in behavior),
	and generally apps can be recompiled without any issue (only rare
	apps that compiled with extremely high warning levels, or which
	pass libvirt API around as typed function pointers, would have to
	make any code changes to deal with the change).

	The migrate APIs use 'unsigned long flags', which can't be changed,
	due to ABI constraints.

	This patch intentionally touches only the public API, to prove the
	claim that most existing code (including driver callbacks and virsh)
	still compiles just fine in spite of the type change.

	* include/libvirt/libvirt.h.in (virConnectOpenAuth)
	(virDomainCoreDump, virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc): Use unsigned int for flags.
	(virDomainHasCurrentSnapshot): Use consistent spelling.
	* src/libvirt.c (virConnectOpenAuth, virDomainCoreDump)
	(virDomainGetXMLDesc, virNetworkGetXMLDesc)
	(virNWFilterGetXMLDesc, do_open): Update accordingly.

2011-07-07  Eric Blake  <eblake@redhat.com>

	maint: print flags in hex during debug
	Debugging decimal flags is a pain.

	* src/libvirt.c: Always print flags in hex.

2011-07-07  Eric Blake  <eblake@redhat.com>

	virsh: make destroy sound less scary
	Destroy has a rather negative English connotation.  Try to reduce
	the impact, so newbies aren't as scared to use it.

	* tools/virsh.c: Tweak all destroy documentation.
	* tools/virsh.pod: Likewise.

2011-07-07  Eric Blake  <eblake@redhat.com>

	build: use gnulib pthread_sigmask
	Gnulib finally learned how to do pthread_sigmask on mingw.

	* .gnulib: Update to latest, for pthread_sigmask.
	* bootstrap.conf (gnulib_modules): Add pthread_sigmask.
	* configure.ac (AC_CHECK_FUNCS): Drop redundant check.
	* src/rpc/virnetclient.c (virNetClientSetTLSSession)
	(virNetClientIOEventLoop): Make code unconditional.
	* src/util/command.c (virFork): Likewise.
	* tools/virsh.c (doMigrate, cmdMigrate): Likewise.

2011-07-07  Eric Blake  <eblake@redhat.com>

	build: fix virBufferVasprintf on mingw
	Gnulib documents that mingw vsnprintf is broken (it returns -1
	on out-of-space, instead of the count of what would have been
	printed); but while we were using the snprintf wrapper, we had
	not yet been using the vsnprintf wrapper.

	Meanwhile, mingw (but not mingw64) has a replacement snprintf
	that fixes return values, but still lacks %1$s support; so in
	that case, gnulib didn't replace snprintf, but libintl then
	went ahead and installed a version that supported %1$s but not
	return values.  Gnulib has since been fixed to guarantee that
	the snprintf module will always guarantee the constraints needed
	by libintl.

	Also, we want to guarantee that strdup sets errno on failure.

	* .gnulib: Update to latest, for vsnprintf fix.
	* bootstrap.conf (gnulib_modules): Add vsnprintf, strdup-posix.
	Reported by Matthias Bolte.

2011-07-07  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of statstest.c during make check

2011-07-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Fix bogus label placement

2011-07-07  Laine Stump  <laine@laine.org>

	util: close the ioctl socket at the end of if(Get|Set)MacAddress
	Otherwise this will leak an fd each time one of these functions is
	called.

	util: rename err_exit to cleanup in interface.c
	This brings it in line with the recommendations in HACKING.

2011-07-06  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: delete unnecessary white space of sysinfo.
	  * Trim each element and delete null entry of sysinfo by
	  virSkipSpacesBackwards().

2011-07-06  Eric Blake  <eblake@redhat.com>

	util: add virTrimSpaces
	The next patch wants to adjust an end pointer to trim trailing
	spaces but without modifying the underlying string, but a more
	generally useful ability to trim trailing spaces in place is
	also worth providing.

	* src/util/util.h (virTrimSpaces, virSkipSpacesBackwards): New
	prototypes.
	* src/util/util.c (virTrimSpaces, virSkipSpacesBackwards): New
	functions.
	* src/libvirt_private.syms (util.h): Export new functions.
	Inspired by a patch by Minoru Usui.

2011-07-06  Eric Blake  <eblake@redhat.com>

	util: fix virSkipSpaces
	Most clients of virSkipSpaces don't want to omit backslashes.
	Also, open-coding the list of spaces is not as nice as using
	c_isspace.

	* src/util/util.c (virSkipSpaces): Use c_isspace.
	(virSkipSpacesAndBackslash): New function.
	* src/util/util.h (virSkipSpacesAndBackslash): New prototype.
	* src/xen/xend_internal.c (sexpr_to_xend_topology): Update caller.
	* src/libvirt_private.syms (util.h): Export new function.

2011-07-06  Eric Blake  <eblake@redhat.com>

	docs: minor whitespace cleanups
	No change in wording.  One spacing change in a <pre>, noticed because
	of odd XML formatting online; the rest is in free-flowing text to
	make it easier to see nesting levels in the document.

	* docs/formatdomain.html.in: Adjust spacing.  Break long lines.

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Reduce code duplication in virFileMakePath(Helper)
	Move stat and mkdir to virFileMakePathHelper.

	Also use the stat result to detect whether the existing path
	is a directory and set errno accordingly if it's not.

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	apparmor: Finish incomplete renaming of relabel to norelabel
	Commit 693eac388f1759d was incomplete here.

2011-07-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix default value of security label 'relabel' attribute
	When no <seclabel> is present in the XML, the virDomainSeclabelDef
	struct is left as all zeros. Unfortunately, this means it gets setup
	as type=dynamic, with relabel=no, which is an illegal combination.

	Change the 'bool relabel' attribute in virDomainSeclabelDef to
	the inverse 'bool norelabel' so that the default initialization
	is sensible

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/security/security_apparmor.c, src/security/security_selinux.c:
	  Replace 'relabel' with 'norelabel'

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix return value semantic of virFileMakePath
	Some callers expected virFileMakePath to set errno, some expected
	it to return an errno value. Unify this to return 0 on success and
	-1 on error. Set errno to report detailed error information.

	Also optimize virFileMakePath if stat fails with an errno different
	from ENOENT.

2011-07-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	nodedev: Let check_fc_host_linux report errors to the caller

2011-07-06  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix compilation error when SASL support is disabled
	This patch adds #if HAVE_SASL where needed in libvirtd.h

2011-07-05  Guannan Ren  <gren@redhat.com>

	pci: initialize state values on reattach
	add a new API pciDeviceReAttachInit() in pci.c to initialize state values for nodedev reattach

	Initialize three state value of device driver to 1. This is just for a new call to
	qemudNodeDeviceReAttach()

2011-07-05  Laine Stump  <laine@laine.org>

	xml: create an RNG file for common types and move some definitions there
	domain.rng, network.rng, and interface.rng already use a few of the
	same types (or in some cases *should* but don't), and an upcoming code
	change will have them sharing even more. To prepare for that, this
	patch takes those common data type definitions and moves them into
	basictypes.rng.

	This may break some rule about the need to RNG files to be autonomous
	or something, but I saw that storageencryption.rng is used in this
	way, so I figured it must not be completely against the law...

2011-07-05  Laine Stump  <laine@laine.org>

	docs: sort the file list in the schemas Makefile

	qemu: check flags in qemuDomainGetXMLDesc
	Although most functions with flags check to verify no application is
	passing in flag bits that are currently undefined, for some reason
	this function wasn't.

2011-07-05  Laine Stump  <laine@laine.org>

	conf: fix domain parse flags
	* Change all flags args from int to unsigned int

	* Allow passing flags in virDomainObjParseFile (and propogate those
	  flags all the way down the call chain). Previously the flags were
	  hardcoded (to VIR_DOMAIN_XML_INTERNAL_STATUS) several layers down
	  the chain. Pass that value in at the one place that is currently
	  calling virDomainObjParseFile.

2011-07-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Disable networkxml2argvtest when configured without network
	Reported by Ruben Kerkhof.

	qemu: Fix virFileMakePath error handling in snapshot creation
	virFileMakePath returns an errno value on error, that will never
	be negative. An virFileMakePath error would have been ignored here,
	instead of being reported correctly.

2011-07-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	conf: Fix declaration of virNetworkDNS(Hosts)Def struct
	The struct A {} A; construct triggers a linker error on OSX about
	duplicate symbols. This also differs from the common struct style.

	Switch to common style to fix this.

	Reported by Justin Clift.

2011-07-04  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for the seclabel XML element
	The domain XML documentation is missing information about the
	<seclabel> element used by security drivers

	* formatdomain.html.in: Document <seclabel>

2011-07-04  Daniel P. Berrange  <berrange@redhat.com>

	Allow for resource relabelling with static labels
	Add a new attribute to the <seclabel> XML to allow resource
	relabelling to be enabled with static label usage.

	  <seclabel model='selinux' type='static' relabel='yes'>
	    <label>system_u:system_r:svirt_t:s0:c392,c662</label>
	  </seclabel>

	* docs/schemas/domain.rng: Add relabel attribute
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  the 'relabel' attribute
	* src/qemu/qemu_process.c: Unconditionally clear out the
	  'imagelabel' attribute
	* src/security/security_apparmor.c: Skip based on 'relabel'
	  attribute instead of label type
	* src/security/security_selinux.c: Skip based on 'relabel'
	  attribute instead of label type and fill in <imagelabel>
	  attribute if relabel is enabled.

2011-07-04  Daniel P. Berrange  <berrange@redhat.com>

	Allow a base label to be specified in dynamic labelling mode
	Normally the dynamic labelling mode will always use a base
	label of 'svirt_t' for VMs. Introduce a <baselabel> field
	in the <seclabel> XML to allow this base label to be changed

	eg

	   <seclabel type='dynamic' model='selinux'>
	     <baselabel>system_u:object_r:virt_t:s0</baselabel>
	   </seclabel>

	* docs/schemas/domain.rng: Add <baselabel>
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  of base label
	* src/qemu/qemu_process.c: Don't reset 'model' attribute if
	  a base label is specified
	* src/security/security_apparmor.c: Refuse to support base label
	* src/security/security_selinux.c: Use 'baselabel' when generating
	  label, if available

2011-07-04  Osier Yang  <jyang@redhat.com>

	storage: Do not override the exact error of createRawFile
	virStorageBackendCreateRaw: createRawFile already reported the
	exact error.

	Before the fix:

	error: Failed to create vol vol-create.img
	error: cannot create path '/var/lib/libvirt/images/vol-create.img': Unknown error 18446744073709551597

	After the fix:

	error: Failed to create vol vol-create.img
	error: cannot fill file '/var/lib/libvirt/images/vol-create.img': No space left on device

2011-07-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.3
	* configure.ac docs/news.html.in libvirt.spec.in: update for the
	  new release
	* po/*.po*: updated and regenerated localizations

2011-07-04  Wen Congyang  <wency@cn.fujitsu.com>

	initialize pointer to NULL
	cmd is not initialized to NULL, but we try to freed it if we
	meet some error.

2011-07-04  Eric Blake  <eblake@redhat.com>

	storage: avoid crash on parse error
	Coverity detected that we could crash on bogus input.  Meanwhile,
	strtok_r is rather heavy compared to strchr.

	* src/storage/storage_backend_iscsi.c (virStorageBackendIQNFound):
	  Check for parse failure, and use lighter-weight functions.

2011-07-04  Eric Blake  <eblake@redhat.com>

	vmware: avoid null deref on failed lookup
	* src/vmware/vmware_driver.c (vmwareDomainReboot): Check error
	  before dereferencing memory.

2011-07-04  Eric Blake  <eblake@redhat.com>

	qemu: avoid null deref on low memory
	Detected by Coverity.  qemuDomainEventQueue requires a non-NULL
	pointer; most callers silently drop the event if we encountered
	and OOM situation trying to create the event.

	* src/qemu/qemu_migration.c (qemuMigrationFinish): Check for OOM.

2011-07-04  Eric Blake  <eblake@redhat.com>

	cgroup: silence coverity warning
	Coverity noted that most clients reacted to failure to hash; but in
	a best-effort kill loop, we can ignore failure.

	* src/util/cgroup.c (virCgroupKillInternal): Ignore hash failure.

2011-07-04  Eric Blake  <eblake@redhat.com>

	rpc: silence coverity warning
	Coverity noted that 4 out of 5 calls to virNetClientStreamRaiseError
	checked the return value.  This case expects a particular value, so
	warn if our expectations went wrong due to some bug elsewhere.

	* src/rpc/virnetclient.c (virNetClientCallDispatchStream): Warn on
	  unexpected scenario.

2011-07-04  Eric Blake  <eblake@redhat.com>

	qemu: silence coverity warnings
	Coverity warns if the majority of callers check a function for
	errors, but a few don't; but in qemu_audit and qemu_domain, the
	choice to not check for failures was safe.  In qemu_command, the
	failure to generate a uuid can only occur on a bad pointer.

	* src/qemu/qemu_audit.c (qemuAuditCgroup): Ignore failure to get
	  cgroup controller.
	* src/qemu/qemu_domain.c (qemuDomainObjEnterMonitor)
	  (qemuDomainObjEnterMonitorWithDriver): Ignore failure to get
	  timestamp.
	* src/qemu/qemu_command.c (qemuParseCommandLine): Check for error.

2011-07-04  Eric Blake  <eblake@redhat.com>

	rpc: avoid memory leak on error
	Detected by Coverity.  The leak is on an error path, but I'm not
	sure whether that path is likely to be triggered in practice.

	* src/rpc/virnetserverservice.c (virNetServerServiceAccept): Plug leak.

2011-07-04  Eric Blake  <eblake@redhat.com>

	rpc: fix logic bug
	Spotted by Coverity.  If we don't update tmp each time through
	the loop, then if the filter being removed was not the head of
	the list, we accidentally lose all filters prior to the one we
	wanted to remove.

	* src/rpc/virnetserverclient.c (virNetServerClientRemoveFilter):
	    Don't lose unrelated filters.

2011-07-02  Eric Blake  <eblake@redhat.com>

	pci: avoid memory leak on error
	Detected by Coverity.  Some, but not all, error paths were clean;
	but they were repetitive so I refactored them.

	* src/util/pci.c (pciGetDevice): Plug leak.

2011-07-02  Eric Blake  <eblake@redhat.com>

	interface: avoid memory leak on parse error
	Detected by Coverity.  Unlikely to hit unless the file contents
	were corrupted.

	* src/util/interface.c (ifaceRestoreMacAddress): Plug leak.

2011-07-02  Eric Blake  <eblake@redhat.com>

	libvirtd: avoid memory leak on OOM
	Detected by Coverity; only strikes on OOM so not serious.

	* daemon/libvirtd.c (daemonPidFilePath): Plug leak.

2011-07-02  Eric Blake  <eblake@redhat.com>

	build: avoid 'make syntax-check' failure
	* tests/utiltest.c (DO_TEST): Fix indentation for cppi.

2011-07-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Add a general util test
	Move non-esx specific tests from esxutilstest there and add a
	test for virParseVersionString.

2011-07-01  Eric Blake  <eblake@redhat.com>

	util: choose whether to require micro in version strings
	To avoid regressions, we let callers specify whether to require a
	minor and micro version.  Callers that were parsing uname() output
	benefit from defaulting to 0, whereas callers that were parsing
	version strings from other sources should not change in behavior.

	* src/util/util.c (virParseVersionString): Allow caller to choose
	whether to fail if minor or micro is missing.
	* src/util/util.h (virParseVersionString): Update signature.
	* src/esx/esx_driver.c (esxGetVersion): Update callers.
	* src/lxc/lxc_driver.c (lxcVersion): Likewise.
	* src/openvz/openvz_conf.c (openvzExtractVersionInfo): Likewise.
	* src/uml/uml_driver.c (umlGetVersion): Likewise.
	* src/vbox/vbox_MSCOMGlue.c (vboxLookupVersionInRegistry):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxExtractVersion): Likewise.
	* src/vmware/vmware_conf.c (vmwareExtractVersion): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiGetVersion): Likewise.
	Reported by Matthias Bolte.

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: consistently use CFLAGS
	According to the automake manual, CPPFLAGS (aka INCLUDES, as spelled
	in automake 1.9.6) should only include -I, -D, and -U directives; more
	generic directives like -Wall belong in CFLAGS since they affect more
	phases of the build process.  Therefore, we should be sticking CFLAGS
	additions into a CFLAGS container, not a CPPFLAGS container.

	* src/Makefile.am (libvirt_driver_vmware_la_CFLAGS): Use AM_CFLAGS.
	(INCLUDES): Move CFLAGS items...
	(AM_CFLAGS): ...to their proper location.
	* python/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	* tests/Makefile.am (INCLUDES, AM_CFLAGS): Likewise.
	(commandtest_CFLAGS, commandhelper_CFLAGS)
	(virnetmessagetest_CFLAGS, virnetsockettest_CFLAGS): Use AM_CFLAGS.

2011-07-01  Daniel Veillard  <veillard@redhat.com>

	Explicitely invoke python for API doc generator
	This fixes the problem of not finding python in /usr/bin
	which broke build on FreeBSD

2011-07-01  Scott Moser  <smoser@ubuntu.com>

	fix virParseVersionString with linux 3.0
	linux 3.0 has no micro version number, and that is causing problems
	for virParseVersionString.  The patch below should allow for:
	  major
	  major.minor
	  major.minor.micro

	If major or minor are not present they just default to zero.
	We found this in Ubuntu (https://bugs.launchpad.net/bugs/802977)

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: remove dead variables
	Detected by Coverity.  No real harm in leaving these, but fixing
	them cuts down on the noise for future analysis.

	* src/rpc/virnetserver.c (virNetServerAddService): Delete unused
	entry.
	* src/util/sysinfo.c (virSysinfoRead): Delete dead assignment to
	base.

2011-07-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus jsondata.h file reference which does not exist
	* tests/Makefile.am: Remove jsondata.h

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: simplify sanlock distribution
	EXTRA_DIST files should unconditionally be part of the tarball,
	rather than depending on the presence of sanlock-devel.

	Meanwhile, parallel builds could fail if we don't use mkdir -p.

	* src/Makefile.am (EXTRA_DIST): Always ship sanlock .aug and
	template .conf files.
	(%-sanlock.conf): Use MKDIR_P.

2011-07-01  Eric Blake  <eblake@redhat.com>

	build: allow 'make syntax-check' on fresh checkout
	For good or for bad, I did a fresh checkout, ./autogen.sh, then
	'configure', then 'make syntax-check', and was surprised that it
	failed.  Running 'make' before 'make syntax-check' cleaned up the
	issue, but this patch makes it work up front.

	* cfg.mk (sc_po_check): Add prerequisites.

2011-06-30  Eric Blake  <eblake@redhat.com>

	build: ignore generated file
	* .gitignore: Exempt jsontest binary.

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Add conditionals to allow build without SASL
	* daemon/libvirtd.c, daemon/remote.c: Add #if HAVE_SASL and
	  suitable function stubs to allow build without SASL

2011-06-30  Eric Blake  <eblake@redhat.com>

	build: avoid double-close bug with pipe2
	Based on Coverity's finding on the previous patch, I audited
	gnulib's pipe2 code and found that we had the potential for
	a subtle double-close bug, unless gnulib guarantees that the
	contents of the fd array are unchanged on pipe2() failure.

	* .gnulib: Update to latest, for pipe2 fix.

2011-06-30  Eric Blake  <eblake@redhat.com>

	rpc: avoid freeing uninitialized variable
	Detected by Coverity.  Both are instances of bad things happening
	if pipe2 fails; the virNetClientNew failure could free garbage,
	and virNetSocketNewConnectCommand could close random fds.

	Note: POSIX doesn't guarantee the contents of fd[0] and fd[1]
	after pipe failure: http://austingroupbugs.net/view.php?id=467
	We may need to introduce a virPipe2 wrapper that guarantees
	that on pipe failure, the fds are explicitly set to -1, rather
	than our current state of assuming the fds are unchanged from
	their value prior to the failed pipe call.

	* src/rpc/virnetclient.c (virNetClientNew): Initialize variable.
	* src/rpc/virnetsocket.c (virNetSocketNewConnectCommand):
	Likewise.

2011-06-30  Eric Blake  <eblake@redhat.com>

	virsh: avoid uninitialized variable
	Detected by Coverity; neither vshCmddefHelp nor vshCmdOptParse
	was initializing opts_required.

	* tools/virsh.c (vshCmddefOptParse): Always initialize bitmaps.

2011-06-30  Eric Blake  <eblake@redhat.com>

	virsh: avoid integer overflow
	Detected by Coverity.  info.nrVirtCpu is unsigned short, but if
	cpumaplen is int, then the product of the two in vshMalloc risks
	unintended sign extension.  cmdVcpuinfo had already solved this
	by using size_t cpumaplen.

	* tools/virsh.c (cmdVcpuPin): Use correct type.

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix stream procedure number for virDomainMigratePrepareTunnel3
	The virDomainMigratePrepareTunnel3 impl in the remote driver
	was using the procedure number for the virDomainMigratePrepareTunnel
	method. This doesn't work out so well, because it makes the server
	ignore & drop all stream packets

	* src/remote/remote_driver.c: Fix procedure for PrepareTunnel3

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Send back an error if we get unexpected stream control message
	We ignore any stream data packets which come in for streams which
	are not registered, since these packets are async and do not have
	a reply. If we get a stream control packet though we must send back
	an actual error, otherwise a (broken) client may hang forever
	making it hard to diagnose the client bug.

	* src/rpc/virnetserverprogram.c: Send back error for unexpected
	  stream control messages

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix release of virNetMessagePtr instances in streams processing
	If a message packet for a invalid stream is received it is just
	free'd. This is not good because it doesn't let the client RPC
	request counter decrement. If a stream is shutdown with pending
	packets the message also isn't released properly because of an
	incorrect header type

	* daemon/stream.c: Fix message header type
	* src/rpc/virnetserverprogram.c: Send dummy reply instead of
	  free'ing ignored stream message

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Add missing include of signal.h in virnetsocket.c
	virNetSocketFree uses kill(SIGTERM) so we must include
	signal.h for the definitions

	* src/rpc/virnetsocket.c: Include signal.h

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Add test case for parsing JSON docs
	While investigating some memory leaks it was unclear whether the
	JSON code correctly free'd all memory during parsing. Add a test
	case which can be run under valgrind to clearly demonstrate that
	the parser is leak free.

	* tests/Makefile.am: Add 'jsontest'
	* tests/jsontest.c: A few simple JSON parsing tests

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential crash when saving guests
	The qemudDomainSaveFlag method will call EndJob on the 'vm'
	object it is passed in. This can result in the 'vm' object
	being free'd if the last reference is removed. Thus no caller
	of 'qemudDomainSaveFlag' must *ever* reference 'vm' again
	upon return.

	Unfortunately qemudDomainSave and qemuDomainManagedSave
	both call 'virDomainObjUnlock', which can result in a
	crash. This is non-deterministic since it involves a race
	with the monitor I/O thread.

	Fix this by making qemudDomainSaveFlag responsible for
	calling virDomainObjUnlock instead.

	* src/qemu/qemu_driver.c: Fix potential use after free
	  when saving guests

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized value in QEMU monitor FD sending code
	The 'char control[CMSG_SPACE(sizeof(int))];' was not being
	wiped, so could potentially contain uninitialized bytes.
	While this was harmless in this case, it caused complaints
	from valgrind

	* src/qemu/qemu_monitor.c: memset 'control' variable
	  in qemuMonitorIOWriteWithFD

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of JSON object for events
	The event handler functions do not free the virJSONValuePtr
	object. Every event received from a VM thus caused a memory
	leak

	* src/qemu/qemu_monitor_json.c: Fix leak of event object

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus warning message in JSON code
	* src/util/json.c: Remove warning message

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix use of uninitialized memory when releasing PCI slots
	The 'function' field in the PCI address was not correctly
	initialized, so it was building the wrong address address
	string and so not removing all functions from the in use
	list.

	* src/qemu/qemu_command.c: Fix initialization of PCI function

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of virStreamPtr object with callback added in fdstream impl
	When adding a callback to an FD stream, we take an extra reference
	on the virStreamPtr instance. We forgot to registered a free function
	with the callback, so when the callback was removed, the extra
	reference held on virStreamPtr was not released.

	* src/fdstream.c: Use a free callback to release reference on
	  virStreamPtr when removing callback

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mdnsGroupName in virNetServer object
	* src/rpc/virnetserver.c: Free mdnsGroupName

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix release of filtered stream messages
	The stream code was reusing a stream message object before
	it was removed from the linked list of filtered messages.
	This caused any later queued messages to be completely lost.

	* daemon/stream.c: Delay reuse of stream message until
	  after it is removed from the queue

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Ensure RPC message is cleared before being reused
	To save on memory reallocation, virNetMessage instances that
	have been transmitted, may be reused for a subsequent incoming
	message. We forgot to clear out the old data of the message
	fully, which caused later confusion upon read.

	* src/rpc/virnetserverclient.c: memset entire message before
	  reusing it

2011-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix hardcoded limit on client requests in RPC code
	The virNetServerClient object had a hardcoded limit of 10 requests
	per client. Extend constructor to allow it to be passed in as a
	configurable variable. Wire this up to the 'max_client_requests'
	config parameter in libvirtd

	* daemon/libvirtd.c: Pass max_client_requests into services
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Pass
	  nrequests_client_max to clients
	* src/rpc/virnetserverclient.c, src/rpc/virnetserverclient.h: Allow
	  configurable request limit

2011-06-30  Osier Yang  <jyang@redhat.com>

	tests: Add valgrind.supp into EXTRA_DIST

	virsh: Fix a problem of buildPoolXML
	It doesn't generate "<name>" and "<format>" nodes for "<source>"
	even if they are explicitly specified. This patch fixes it.

2011-06-30  Wen Congyang  <wency@cn.fujitsu.com>

	lock qemu_driver early in qemuGetSchedulerParametersFlags()
	If we pass VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG to
	qemuGetSchedulerParametersFlags() or *nparams is less than 1,
	we will unlock qemu_driver without locking it. It's very dangerous.

	We should lock qemu_driver after calling virCheckFlags().

2011-06-30  Wen Congyang  <wency@cn.fujitsu.com>

	save domain status after modifing vcpupin
	We should save domain status after modifing vcpupin. If not,
	we will get wrong vcpupin information after rebooting libvirtd.

2011-06-30  Wen Congyang  <wency@cn.fujitsu.com>

	Fix memory leak in virDomainVcpuPinDel()
	virDomainVcpuPinDefFree() does not free def->cputune.vcpupin if nvcpupin
	is 0, and does not set def->cputune.vcpupin to NULL.

	If we set nvcpupin to 0 but do not free vcpupin, vcpupin will not be freed
	when vm->def is freed.

	Use VIR_FREE() instead of virDomainVcpuPinDefFree() to free the memory
	and set def->cputune.vcpupint to NULL.

2011-06-29  Eric Blake  <eblake@redhat.com>

	build: avoid pod2man on tarball
	virt-sanlock-cleanup.8 has static contents (no dependency on
	configure), but is generated by pod2man (a perl dependency that
	maintainers must have, but which ordinary tarball users need
	not have).  Therefore, ensure that it is always part of the
	tarball, even though it is only conditionally installed.

	This is similar to commit 6db98a2d4b, but made simpler by the fact
	that the .8 page is static content.

	* tools/Makefile.am (EXTRA_DIST): Add virt-sanlock-cleanup.8.

2011-06-29  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: fix illegal NULL return
	If virSysinfoParse{BIOS,System,Processor,Memory}()
	can't find newline('\n'), these return NULL.
	This patch fixes this.

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that EOF is dispatched to the stream callback
	When the remote client receives end of file on the stream
	it never invokes the stream callback. Applications relying
	on async event driven I/O will thus never see the EOF
	condition on the stream

	* src/rpc/virnetclient.c, src/rpc/virnetclientstream.c:
	  Ensure EOF is dispatched

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix locking wrt virNetClientStreamPtr object
	The client stream object can be used independently of the
	virNetClientPtr object, so must have full locking of its
	own and not rely on any caller.

	* src/remote/remote_driver.c: Remove locking around stream
	  callback
	* src/rpc/virnetclientstream.c: Add locking to all APIs
	  and callbacks

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Avoid referencing NULL pointer when copying stream error
	* src/rpc/virnetclientstream.c: Avoid referencing NULL

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Avoid free'ing a filtered RPC message in the server
	When a filter steals an RPC message, that message must
	not be freed, except by the filter code itself

	* src/rpc/virnetserverclient.c: Don't free stolen RPC
	  messages

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Improve two log messages in virNetMessage
	Improve log messages issued when encountering a bogus
	message length to include the actual length and the
	limit violated

	* src/rpc/virnetmessage.c: Improve log messages

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Ensure empty payload is written upon stream completion
	On stream completion it is neccessary to send back a
	message with an empty payload. The message header was
	not being filled out correctly, since we were not writing
	any payload. Add a method for encoding an empty payload
	which updates the message headers correctly.

	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Add
	  a virNetMessageEncodePayloadEmpty method
	* src/rpc/virnetserverprogram.c: Write empty payload on
	  stream completion

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Lower logging level when failing to register socket watch
	The RPC client treats failure to register a socket watch
	as non-fatal, since we do not mandate that a libvirt client
	application provide an event loop implementation. It is
	thus inappropriate to a log a message at VIR_LOG_WARN

	* src/rpc/virnetsocket.c: Lower logging level

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix propagation of RPC errors from streams
	If a streams error is raised, virNetClientIOEventLoop
	returns 0, but an error is set. Check for this and
	propagate it if present

	* src/rpc/virnetclient.c: Propagate streams error

2011-06-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash when aborting a stream from a I/O callback
	If a callback being invoked from a stream issues a virStreamAbort
	operation, the stream data will be free'd but the callback will
	then still try to use this. Delay free'ing of the stream data when
	a callback is dispatching

	* src/fdstream.c: Delay stream free when callback is active

2011-06-29  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Set access rights to temporary file
	Although we create a temporary file, it is owned by root:root and have
	rights 0600. In case qemu does not run under root, it is unable to write
	to that file and thus we transfer 0B sized file.

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	dnsmasq: Fix errno handling and don't unlink non-existing files
	addnhostsSave and hostsfileSave expect < 0 return value on error from
	addnhostsWrite and hostsfileWrite but then pass err instead of -err
	to virReportSystemError that expects an errno value.

	Also addnhostsWrite returns -ENOMEM and errno, change this to -errno.

	addnhostsWrite and hostsfileWrite tried to unlink the tempfile after
	renaming it, making both fail on the final step. Remove the unnecessary
	unlink calls.

2011-06-29  Eric Blake  <eblake@redhat.com>

	maint: improve makefile whitespace
	None of these instances cause any semantic differences, but
	consistency is nice.

	* src/Makefile.am: Replace leading spaces with tabs.

2011-06-29  Osier Yang  <jyang@redhat.com>

	tests: Fix memory leak in virnetmessagetest
	Detected when playing with "make -C tests valgrind".

	conf: Fix memory leak in virNetworkDNSDefFormat

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	network: Don't ignore errors in dnsmasq config file creation

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	network: Fix dnsmasq hostsfile creation logic and related tests
	networkSaveDnsmasqHostsfile was added in 8fa9c2214247 (Apr 2010).
	It has a force flag. If the dnsmasq hostsfile already exists force
	needs to be true to overwrite it. networkBuildDnsmasqArgv sets force
	to false, networkDefine sets it to true. This results in the
	hostsfile being written only in networkDefine in the common case.
	If no error occurred networkSaveDnsmasqHostsfile returns true and
	networkBuildDnsmasqArgv adds the --dhcp-hostsfile to the dnsmasq
	command line.

	networkSaveDnsmasqHostsfile was changed in 89ae9849f744 (24 Jun 2011)
	to return a new dnsmasqContext instead of reusing one. This change broke
	the logic of the force flag as now networkSaveDnsmasqHostsfile returns
	NULL on error, but the early return -- if force was not set and the
	hostsfile exists -- returns 0. This turned the early return in an error
	case and networkBuildDnsmasqArgv didn't add the --dhcp-hostsfile option
	anymore if the hostsfile already exists. It did because networkDefine
	created the hostsfile already.

	Then 9d4e2845d498 fixed the return 0 case in networkSaveDnsmasqHostsfile
	but didn't apply the force option correctly to the new addnhosts file.
	Now force doesn't control an early return anymore, but influences the
	handling of the hostsfile context creation and dnsmasqSave is always
	called now. This commit also added test cases that reveal several
	problems. First, the tests now calls functions that try to write the
	dnsmasq config files to disk. If someone runs this tests as root this
	might overwrite actively used dnsmasq config files, this is a no-go. Also
	the tests depend on configure --localstatedir, this needs to be fixed as
	well, because it makes the tests fail when localstatedir is different
	from /var.

	This patch does several things to fix this:

	1) Move dnsmasqContext creation and saving out of networkBuildDnsmasqArgv
	to the caller to separate the command line generation from the config
	file writing. This makes the command line generation testable without the
	risk of interfering with system files, because the tests just don't call
	dnsmasqSave.

	2) This refactoring of networkSaveDnsmasqHostsfile makes the force flag
	useless as the saving happens somewhere else now. This fixes the wrong
	usage of the force flag in combination with then newly added addnhosts
	file by removing the force flag.

	3) Adapt the wrong test cases to the correct behavior, by adding the
	missing --dhcp-hostsfile option. Both affected tests contain DHCP host
	elements but missed the necessary --dhcp-hostsfile option.

	4) Rename networkSaveDnsmasqHostsfile to networkBuildDnsmasqHostsfile,
	because it doesn't save the dnsmasqContext anymore.

	5) Move all directory creations in dnsmasq context handling code from
	the *New functions to dnsmasqSave to avoid directory creations in system
	paths in the test cases.

	6) Now that networkBuildDnsmasqArgv doesn't create the dnsmasqContext
	anymore the test case can create one with the localstatedir that is
	expected by the tests instead of the configure --localstatedir given one.

2011-06-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation with systemtap 1.3
	Version 1.3 of <sys/sdt.h> uses this macro

	  #define STAP_CAST(t) (size_t)t

	that breaks like this if t is a function

	  remote.c:1775: error: cast from function call of type 'const char *'
	  to non-matching type 'long unsigned int' [-Wbad-function-cast]

	For that to work it should probably look like this

	  #define STAP_CAST(t) ((size_t)(t))

	In systemtap 1.4 this was completely rewritten.

	Anyway, before commit df0b57a95a767c t was always a variable, but now
	also a function is used here, namely virNetSASLSessionGetIdentity.

	Use an intermediate variable to avoid this problem.

2011-06-28  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	./autobuild.sh died on several messages resembling:

	../../src/rpc/virnetsocket.c: In function 'virNetSocketNewListenTCP':
	../../src/rpc/virnetsocket.c:231:9: error: implicit declaration of function 'bind_used_without_requesting_gnulib_module_bind' [-Wimplicit-function-declaration]
	../../src/rpc/virnetsocket.c:231:9: error: nested extern declaration of 'bind_used_without_requesting_gnulib_module_bind' [-Wnested-externs]

	Basically, gnulib socket fds are not safe to pass to mingw socket
	functions unless we pull in those gnulib modules.

	* bootstrap.conf (gnulib_modules): Add modules to handle socket
	functions on mingw.

2011-06-28  Eric Blake  <eblake@redhat.com>

	sysinfo: fix parsing regression
	Detected by gcc -O2, introduced in commit 532ce9c2.  If dmidecode
	outputs a field unrecognized by the parsers, then the code would
	dereference an uninitialized eol variable.

	* src/util/sysinfo.c (virSysinfoParseBIOS)
	(virSysinfoParseSystem, virSysinfoParseProcessor)
	(virSysinfoParseMemory): Avoid uninitialized variable.

2011-06-28  Eric Blake  <eblake@redhat.com>

	build: update translated files
	The last patch was incomplete.  The translated strings merely
	moved between generated file names, rather than disappearing.

	* cfg.mk (generated_files): Update generated file names.
	* po/POTFILES.in: Add remote_dispatch.h

2011-06-28  Jiri Denemark  <jdenemar@redhat.com>

	build: Don't expect translatable strings in a dead file
	daemon/remote_dispatch_bodies.h is no longer with us and shouldn't be
	searched for translatable strings.

	daemon: Fix build without polkit

2011-06-28  Eric Blake  <eblake@redhat.com>

	remote: fix uninitialized variable
	Detected by gcc -O2:

	remote/remote_driver.c: In function 'doRemoteOpen':
	remote/remote_driver.c:2753:26: error: 'sasl' may be used uninitialized in this function [-Werror=uninitialized]

	* src/remote/remote_driver.c (remoteAuthSASL): Initialize sasl.

2011-06-28  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' when pdwtags is available
	Problem introduced in commit 6818cf86.

	* src/remote_protocol-structs: Delete unused struct.

2011-06-28  Eric Blake  <eblake@redhat.com>

	build: sanlock-devel is not in F15 yet
	* libvirt.spec.in (with_sanlock): Only default on in rawhide.
	Reported by Gerhard Stenzel.

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Add documentation for configuration lock managers
	Add a page which documents how to configure lock managers,
	focusing on use of sanlock with the QEMU/KVM driver

	* docs/locking.html.in: Docs about lock managers
	* docs/sitemap.html.in: Add lock manager config to
	  the deployment section

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Support automatic creation of leases for disks in sanlock
	The current sanlock plugin requires a central management
	application to manually add <lease> elements to each guest,
	to protect resources that are assigned to it (eg writable
	disks). This makes the sanlock plugin useless for usage
	in more ad hoc deployment environments where there is no
	central authority to associate disks with leases.

	This patch adds a mode where the sanlock plugin will
	automatically create leases for each assigned read-write
	disk, using a md5 checksum of the fully qualified disk
	path. This can work pretty well if guests are using
	stable disk paths for block devices eg /dev/disk/by-path/XXXX
	symlinks, or if all hosts have NFS volumes mounted in
	a consistent pattern.

	The plugin will create one lockspace for managing disks
	with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__.
	For each VM disks, there will be another file to hold
	a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd
	Each VM disk lease is usually 1 MB in size. The script
	virt-sanlock-cleanup should be run periodically to remove
	unused lease files from the lockspace directory.

	To make use of this capability the admin will need to do
	several tasks:

	 - Mount an NFS volume (or other shared filesystem)
	   on /var/lib/libvirt/sanlock
	 - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf
	   with a unique value for each host with the same NFS
	   mount
	 - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf

	Technically the first step can be skipped, in which case
	sanlock will only protect against 2 vms on the same host
	using the same disk (or the same VM being started twice
	due to error by libvirt).

	* src/locking/libvirt_sanlock.aug,
	  src/locking/sanlock.conf,
	  src/locking/test_libvirt_sanlock.aug: Add config params
	  for configuring auto lease setup
	* libvirt.spec.in: Add virt-sanlock-cleanup program, man
	  page
	* tools/virt-sanlock-cleanup.in: Script to purge unused
	  disk resource lease files

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Support loading a configuration file for sanlock plugin
	Introduce a configuration file with a single parameter
	'require_lease_for_disks', which is used to decide whether
	it is allowed to start a guest which has read/write disks,
	but without any leases.

	* libvirt.spec.in: Add sanlock config file and augeas
	  lens
	* src/Makefile.am: Install sanlock config file and
	  augeas lens
	* src/locking/libvirt_sanlock.aug: Augeas master lens
	* src/locking/test_libvirt_sanlock.aug: Augeas test file
	* src/locking/sanlock.conf: Example sanlock config
	* src/locking/lock_driver_sanlock.c: Wire up loading
	  of configuration file

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Allow per-driver config file for lock manager plugins
	Allow a 'configFile' parameter to be passed into the lock
	drivers to provide configuration. Wire up the QEMU driver
	to pass in file names '/etc/libvirt/qemu-$NAME.conf
	eg qemu-sanlock.conf

	* src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Add configFile parameter
	* src/qemu/qemu_conf.c: Pass in configuration file path to
	  lock driver plugins

2011-06-28  Laine Stump  <laine@laine.org>

	network: add domain to unqualified names defined with <host>
	If a domain name is defined for a network, add the --expand-hosts
	option to the dnsmasq commandline. This results in the domain being
	added to any hostname that is defined in a dns <host> element and
	contains no '.' characters (i.e. it is an "unqualified"
	hostname). Since PTR records are automatically created for any name
	defined in <host>, the result of a PTR request will change from the
	unqualified name to the qualified name.

	This also has the same effect on any hostnames that dnsmasq reads
	from the host's /etc/hosts file.

	(In the case of guest hostnames that were learned by dnsmasq via DHCP
	requests, they were already getting the domain name added on, even
	without --expand-hosts).

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup remote protocol definitions
	The standard remote protocol for libvirtd no longer needs to
	include definitions of the generic message header/error structs
	or status codes. This is all defined in the generic RPC protocol

	* src/remote/remote_protocol.x: Remove all RPC message definitions
	* src/remote/remote_protocol.h, src/remote/remote_protocol.c:
	  Re-generate
	* daemon/remote_generate_stubs.pl: Delete obsolete script

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete libvirtd mdns code
	libvirtd now uses the generic RPC code for MDNS, so its
	custom mdns APIs are no longer required

	* daemon/mdns.c, daemon/mdns.h: Removed obsolete files

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Convert libvirtd over to the new RPC handling APIs
	This guts the libvirtd daemon, removing all its networking and
	RPC handling code. Instead it calls out to the new virServerPtr
	APIs for all its RPC & networking work

	As a fallout all libvirtd daemon error reporting now takes place
	via the normal internal error reporting APIs. There is no need
	to call separate error reporting APIs in RPC code, nor should
	code use VIR_WARN/VIR_ERROR for reporting fatal problems anymore.

	* daemon/qemu_dispatch_*.h, daemon/remote_dispatch_*.h: Remove
	  old generated dispatcher code
	* daemon/qemu_dispatch.h, daemon/remote_dispatch.h: New dispatch
	  code
	* daemon/dispatch.c, daemon/dispatch.h: Remove obsoleted code
	* daemon/remote.c, daemon/remote.h: Rewrite for new dispatch
	  APIs
	* daemon/libvirtd.c, daemon/libvirtd.h: Remove all networking
	  code
	* daemon/stream.c, daemon/stream.h: Update for new APIs
	* daemon/Makefile.am: Link to libvirt-net-rpc-server.la

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Convert the remote driver to new RPC client APIs
	This guts the current remote driver, removing all its networking
	handling code. Instead it calls out to the new virClientPtr and
	virClientProgramPtr APIs for all RPC & networking work.

	* src/Makefile.am: Link remote driver with generic RPC code
	* src/remote/remote_driver.c: Gut code, replacing with RPC
	  API calls
	* src/rpc/gendispatch.pl: Update for changes in the way
	  streams are handled

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Add XDR_CFLAGS to libvirt-net-rpc.la library
	* src/Makefile.am: Add XDR_CFLAGS

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Ensure sanlock socket is labelled with the VM process label
	The libvirt sanlock plugin is intentionally leaking a file
	descriptor to QEMU. To enable QEMU to use this FD under
	SELinux, it must be labelled correctly. We dont want to use
	the svirt_image_t for this, since QEMU must not be allowed
	to actually use the FD. So instead we label it with svirt_t
	using virSecurityManagerSetProcessFDLabel

	* src/locking/domain_lock.c, src/locking/domain_lock.h,
	  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
	  src/locking/lock_manager.h: Optionally pass an FD back to
	  the hypervisor for security driver labelling
	* src/qemu/qemu_process.c: label the lock manager plugin
	  FD with the process label

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Add a virSecurityManagerSetProcessFDLabel
	Add a new security driver method for labelling an FD with
	the process label, rather than the image label

	* src/libvirt_private.syms, src/security/security_apparmor.c,
	  src/security/security_dac.c, src/security/security_driver.h,
	  src/security/security_manager.c, src/security/security_manager.h,
	  src/security/security_selinux.c, src/security/security_stack.c:
	  Add virSecurityManagerSetProcessFDLabel & impl

2011-06-28  Daniel P. Berrange  <berrange@redhat.com>

	Rename virSecurityManagerSetFDLabel method
	The virSecurityManagerSetFDLabel method is used to label
	file descriptors associated with disk images. There will
	shortly be a need to label other file descriptors in a
	different way. So the current name is ambiguous. Rename
	the method to virSecurityManagerSetImageFDLabel to clarify
	its purpose

	* src/libvirt_private.syms,
	  src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
	  src/security/security_apparmor.c, src/security/security_dac.c,
	  src/security/security_driver.h, src/security/security_manager.c,
	  src/security/security_manager.h, src/security/security_selinux.c,
	  src/security/security_stack.c: s/FDLabel/ImageFDLabel/

2011-06-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add node prefix to virNodeGet(CPU|Memory)Stats structs and defines

2011-06-28  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix update device for CURRENT + FORCE flags
	When CURRENT and FORCE flags were used together, UpdateDeviceFlags did
	nothing because it failed to transform CURRENT into either LIVE or
	CONFIG.

2011-06-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Return error message about unresolvable variables
	This is in response to bugzilla 664629

	https://bugzilla.redhat.com/show_bug.cgi?id=664629

	The patch below returns an appropriate error message if the chain of
	nwfilters is found to contain unresolvable variables and therefore
	cannot be instantiated.

	Example: The following XMl added to a domain:

	    <interface type='bridge'>
	      <mac address='52:54:00:9f:80:45'/>
	      <source bridge='virbr0'/>
	      <model type='virtio'/>
	      <filterref filter='test'/>
	    </interface>

	that references the following filter

	<filter name='test' chain='root'>
	  <filterref filter='clean-traffic'/>
	  <filterref filter='allow-dhcp-server'/>
	</filter>

	now displays upon 'virsh start mydomain'

	error: Failed to start domain mydomain
	error: internal error Cannot instantiate filter due to unresolvable variable: DHCPSERVER

	'DHPCSERVER' is contained in allow-dhcp-server.

2011-06-27  Eric Blake  <eblake@redhat.com>

	build: rename Vcpupin to VcpuPin
	We already have a public virDomainPinVcpu, which implies that
	Pin and Vcpu are treated as separate words.  Unreleased commit
	e261987c introduced virDomainGetVcpupinInfo as the first public
	API that used Vcpupin, although we had prior internal uses of
	that spelling.  For consistency, change the spelling to be two
	words everywhere, regardless of whether pin comes first or last.

	* daemon/remote.c: Treat vcpu and pin as separate words.
	* include/libvirt/libvirt.h.in: Likewise.
	* src/conf/domain_conf.c: Likewise.
	* src/conf/domain_conf.h: Likewise.
	* src/driver.h: Likewise.
	* src/libvirt.c: Likewise.
	* src/libvirt_private.syms: Likewise.
	* src/libvirt_public.syms: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.
	* src/remote/remote_protocol.x: Likewise.
	* src/remote_protocol-structs: Likewise.
	Suggested by Matthias Bolte.

2011-06-27  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	sysinfo: cleanup function/struct names.
	Fix lack of 'virSysinfo' prefix of functions/structs in src/util/sysinfo.[ch]

	sysinfo: fix lack of error check in virSysinfoFormat().
	Fix lack of error check in virSysinfoFormat().

2011-06-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Partly fix networkxml2argvtest being configure result dependent
	Convert networkDnsmasqLeaseFileName to a replaceable function pointer
	that allow the testsuite to use a version of that function that is not
	depending on configure --localstatedir.

	This fixes 5 of 6 test failures, when configure --localstatedir isn't
	set to /var.

2011-06-27  Osier Yang  <jyang@redhat.com>

	qemu: Remove bogus error codes for NUMA memory tuning
	This is no code between virSaveLastError and virGetLastError will
	set an error, remove the bogus codes.

2011-06-27  Laine Stump  <laine@laine.org>

	network: fix indentation in networkBuildDnsmasqArgv
	This block was inadvertently added with the wrong indentation.

2011-06-27  Ruben Kerkhof  <ruben@rubenkerkhof.com>

	Only include parthelper if built with storage_disk
	Parthelper is only compiled if both --with-libvirtd
	and --with-storage-disk are set.

2011-06-25  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable
	Caught by gcc -O2, during autobuild.sh.

	* src/qemu/qemu_driver.c (qemudDomainGetVcpupinInfo): Initialize vm.

2011-06-25  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	The build currently fails when trying to create virnetprotocol.c
	into $(builddir)/rpc, which doesn't exist.  But since the file
	is part of the tarball, it should be generated into $(srcdir).
	Caught by autobuild.sh.

	* src/Makefile.am (VIR_NET_RPC_GENERATED): Generate into srcdir.

2011-06-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add query option to virsh vcpupin command
	This patch teaches "virsh vcpupin" command to query if no list
	is given. Its feature is to show CPU affinity information in more
	reader-friendly way.

	 # virsh vcpupin VM --config
	 VCPU: CPU Affinity
	 ----------------------------------
	    0: 1-6,9-20
	    1: 10
	    2: 5,9-11,15-20
	    3: 1,3,5,7,9,11,13,15

	When cpulist is omitted, vcpu number is optional. When vcpu number is
	provided, information of only specified vcpu is displayed.

2011-06-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpuinfo: add the code to fallback to try new API
	The "virsh vcpuinfo" command results in failure when the target domain
	is inactive on KVM. This patch improves this behavior by adding the
	fallback to invoke virDomainGetVcpupinInfo API in case of
	virDomainGetVcpus API returns error and the target domain is inactive.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API
	(virDomainGetVcpupinInfo).

	vcpupin: implement the code to support new API for the qemu driver
	This patch implements the code to address the new API (virDomainGetVcpupinInfo)
	in the qemu driver.

2011-06-25  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
	This patch introduces a new libvirt API (virDomainGetVcpupinInfo),
	as a counterpart to virDomainPinVcpuFlags.

	We can use virDomainGetVcpus API to retrieve CPU affinity information,
	but can't use this API against inactive domains (at least in case of KVM),
	as it lacks a flags parameter.
	The usual thing is to add a new virDomainGetVcpusFlags, but that API name
	is already occupied by the counterpart to virDomainGetMaxVcpus, which
	has a completely different signature.

	The virDomainGetVcpupinInfo is the new API to retrieve CPU affinity
	information of active and inactive domains.  While the usual convention
	is to list an array before its length, this API violates that rule
	in order to be more like virDomainGetVcpus (where maxinfo was doing
	double-duty as the length of two different arrays).

2011-06-25  Laine Stump  <laine@laine.org>

	docs: fix indentation of sub-elements of <ip> in network XML
	The sub-elements of <ip> had been placed at the same level of
	indentation as ip itself, implying that they were really elements of
	<network>. Within that, sub-elements of ip/dhcp were also at that same
	level. These have been double-indented.

	At the same time, I realized that the documentation for the new <dns>
	element had been placed right in the middle of the description of the
	sub-elements of <ip>. I moved it up out of the way.

2011-06-25  Eric Blake  <eblake@redhat.com>

	buf: protect against integer overflow
	It's unlikely that we'll ever want to escape a string as long as
	INT_MAX/6, but adding this check can't hurt.

	* src/util/buf.c (virBufferEscapeSexpr, virBufferEscapeString):
	Check for (unlikely) overflow.

2011-06-24  Eric Blake  <eblake@redhat.com>

	remote: protect against integer overflow
	Integer overflow and remote code are never a nice mix.

	This has existed since commit 56cd414.

	* src/libvirt.c (virDomainGetVcpus): Reject overflow up front.
	* src/remote/remote_driver.c (remoteDomainGetVcpus): Avoid overflow
	on sending rpc.
	* daemon/remote.c (remoteDispatchDomainGetVcpus): Avoid overflow on
	receiving rpc.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: update gnulib for intprops
	Done as a separate commit to make backporting the next patch easier.
	We are already using "intprops.h", but this makes it explicit.

	* .gnulib: Update, for syntax-check fix.
	* bootstrap.conf (gnulib_modules): Make intprops use explicit.
	* src/locking/domain_lock.c (includes): Drop unused header.
	* src/nwfilter/nwfilter_learnipaddr.c (includes): Use "", not <>,
	for gnulib.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid long line tests
	'make syntax-check' regression introduced in commit 60b9c69.

	* tests/networkxml2argvdata/*.argv: Break long lines.

2011-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	Rename iface(G|S)etMacaddr to iface(G|S)etMacAddress for consistency

	Fix typo in libvirt_private.syms
	Triggered a linker error on MinGW.

2011-06-24  Michal Novotny  <minovotn@redhat.com>

	Network: Add support for DNS hosts definition to the network XML
	This commit introduces names definition for the DNS hosts file using
	the following syntax:

	  <dns>
	    <host ip="192.168.1.1">
	      <name>alias1</name>
	      <name>alias2</name>
	    </host>
	  </dns>

	Some of the improvements and fixes were done by Laine Stump so
	I'm putting him into the SOB clause again ;-)

2011-06-24  Michal Novotny  <minovotn@redhat.com>

	Network: Add additional hosts internal infrastructure

	Network: Add regression tests for the command-line arguments
	The regression testing done by comparison of command-line
	generated from the network XML file and the expected
	command-line arguments (read from file).

	Network: modify dnsmasq commandline build function to allow testing
	The dnsmasq commandline was being built as a part of running
	dnsmasq. This patch puts the commandline build into a separate
	function (and exports it as a private API) making it possible to build
	a dnsmasq commandline without executing it, so that we can write a
	test program to verify that the proper commandlines are being created.

2011-06-24  Michal Novotny  <minovotn@redhat.com>

	Add TXT record support for virtual DNS service
	This commit introduces the <dns> element and <txt> record for the
	virtual DNS network. The DNS TXT record can be defined using following
	syntax in the network XML file:

	  <dns>
	    <txt name="example" value="example value" />
	  </dns>

	Also, the Relax-NG scheme has been altered to allow the texts without
	spaces only for the name element and some nitpicks about memory
	free'ing have been fixed by Laine so therefore I'm adding Laine to the
	SOB clause ;-)

2011-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	python: Don't declare Py_ssize_t for Python 2.6
	Commit cd48c3f4e95597 added a Py_ssize_t typedef for Python < 2.7.
	But Py_ssize_t was added in Python 2.5. This makes the build fail
	for Python 2.6.

	Adjust the check to match Python < 2.5 to fix this.

2011-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Improve IPv6 detection for virNetSocket tests
	getifaddrs can return an IPv6 address, but getaddrinfo can fail
	for an IPv6 address. Cover this combination.

2011-06-24  Jamie Strandboge  <jamie@canonical.com>

	Move load of AppArmor profile to GenLabel()
	Commit 12317957ecd6c37a2fb16275dcdeeacfe25c517 introduced an incompatible
	architectural change for the AppArmor security driver. Specifically,
	virSecurityManagerSetAllLabel() is now called much later in
	src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
	called immediately after GenLabel() such that after the dynamic label (profile
	name) was generated, SetAllLabel() would be called to create and load the
	AppArmor profile into the kernel before qemuProcessHook() was executed. With
	12317957ecd6c37a2fb16275dcdeeacfe25c517, qemuProcessHook() is now called
	before SetAllLabel(), such that aa_change_profile() ends up being called
	before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
	qemuProcessHook()).

	This patch addresses the change by making GenLabel() load the AppArmor
	profile into the kernel after the label (profile name) is generated.
	SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
	the profile when it is specified. This also makes the AppArmor driver work
	like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
	Bug-Ubuntu: https://launchpad.net/bugs/801569

2011-06-24  Eric Blake  <eblake@redhat.com>

	docs: document correct flag name
	When adding virDomainGetVcpusFlags in commit ea3f5c6, I did
	enough rebasing that the doc comments in libvirt.c no longer
	matched the final chosen enum names in libvirt.h.

	And now we've gone ahead and deprecated the names
	VIR_DOMAIN_VCPU_{LIVE,CONFIG}.

	* src/libvirt.c (virDomainGetVcpusFlags): Fix comment.

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "Add new API virDomainBlockPull* to headers"
	This reverts commit 7d56a16d036d9aa7292e10e884c129742036f8a7.

	Conflicts:

		python/generator.py
		src/libvirt_public.syms

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "virDomainBlockPull: Implement the main entry points"
	This reverts commit 6419f596e114ee9f372136cc2b9eb19f1cbb7a77.

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "Add virDomainBlockPull support to the remote driver"
	This reverts commit d1693bb160ea78954592c45a40eb856190c619c8.

	Conflicts:

		daemon/remote.c
		src/remote/remote_driver.c
		src/remote/remote_protocol.x

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "Implement virDomainBlockPull for the qemu driver"
	This reverts commit 784ee08d2220d2a77424d5fc756b6eebe8efd5fa.

	Revert "Enable the virDomainBlockPull API in virsh"
	This reverts commit 3e2493ce28b7e20416e916fdf893a9569c267925.

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "Enable virDomainBlockPull in the python API."
	This reverts commit d74b86f5d6ecae3d18a391f90a918fcac75914db.

	Conflicts:

		python/generator.py

2011-06-24  Eric Blake  <eblake@redhat.com>

	Revert "Asynchronous event for BlockPull completion"
	This reverts commit 12cd77a0c58a80179182f7d09e8e73f9f66b4677.

	Conflicts:

		python/libvirt-override-virConnect.py
		python/libvirt-override.c
		src/remote/remote_protocol.x

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid python 2.4 build failure
	I'm not sure when Py_ssize_t was introduced; but Fedora 14 Python 2.7
	has it, while RHEL 5 Python 2.4 lacks it.  It should be easy enough
	to adjust if someone runs into problems.

	* python/typewrappers.h (Py_ssize_t): Define for older python.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: fix NUMA build on RHEL 5
	Use NUMA's older nodemask_t (fixed-size map) rather than the newer
	'struct bitmask' (variable-size) in order to still compile on RHEL 5,
	with its numactl-devel-0.9.8.

	* src/qemu/qemu_process.c [HAVE_NUMA]: Prefer back-compat mode.
	(qemuProcessInitNumaMemoryPolicy): Use older nodemask_t.

2011-06-24  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Add Memory Device Information to virSysinfoRead() from dmidecode type 17
	* src/util/sysinfo.[ch]: also parse and save all the SMBIOS informations
	  about memory modules

	Add Processor Information to virSysinfoRead() from dmidecode type 4
	* src/util/sysinfo.c: add parsing and formatting of processor
	  information data

	Cleanup virSysinfoRead()
	* src/util/sysinfo.c: Separate BIOSInfo and SystemInfo part from
	                      virSysinfoRead()

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Make sure virnetprotocol.[ch] are in BUILT_SOURCES
	To ensure virnetprotocol.[ch] are generated before any other
	files, add them to BUILT_SOURCES and MAINTAINERCLEANFILES.
	At the same time, move ESX_DRIVER_GENERATED out of DISTCLEAN
	and into MAINTAINERCLEANFILES, since they are included in
	EXTRA_DIST

	* src/Makefile.am: Add virnetprotocol.[ch] to BUILT_SOURCES

2011-06-24  Eric Blake  <eblake@redhat.com>

	maint: typo fixes
	* src/xenxs/xen_sxpr.c (xenParseSxprPCI): Comment fix.
	* tests/object-locking.ml (driverTables): Likewise.
	* tests/testutils.c (virtTestDifferenceBin): Likewise.

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix some bugs in RPC protocol make rules
	The Makefile.am rules for generating RPC protocol had a couple
	of bugs

	 - A instance of remote/rpcgen_fix.pl  was not changed
	   to rpc/genprotocol.pl
	 - A dep from rpc/virnetmessage.h on the generated
	   rpc/virnetprotocol.h was missing
	 - The generated rpc/virnetprotocol.[ch] were not listed
	   in MAINTAINERCLEANFILES

	* Makefile.am: Fix RPC protocol generation

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add missing translation of error message from QEMU reboot patch
	* src/qemu/qemu_process.c: Add missing _(...)

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix job type set in qemuMigrationPrepareDirect/PrepareTunnel
	The qemuMigrationPrepareDirect/PrepareTunnel methods accidentally
	set the domain job to  QEMU_JOB_MIGRATION_OUT when it should have
	been  QEMU_JOB_MIGRATION_IN. This didn't have any ill-effect, but
	it is none-the-less wrong.

	* src/qemu/qemu_migration.c: Fix job type

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Avoid high privileges taint warning for QEMU session driver
	The code emitting taint warnings was mistakenly thinking
	that guests run from the QEMU session driver were tainted
	for having high privileges. This is of course nonsense
	since the session driver is always unprivileged

	* src/qemu/qemu_domain.c: Don't warn for high privileges in
	  non-privileged QEMU

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow automatic kill of guests when a connection is closed
	If an application is using libvirt + KVM as a piece of its
	internal infrastructure to perform a specific task, it can
	be desirable to guarentee the VM dies when the virConnectPtr
	disconnects from libvirtd. This ensures the app can't leak
	any VMs it was using. Adding VIR_DOMAIN_START_AUTOKILL as
	a flag when starting guests enables this to be done.

	* include/libvirt/libvirt.h.in: All VIR_DOMAIN_START_AUTOKILL
	* src/qemu/qemu_driver.c: Support automatic killing of guests
	  upon connection close
	* tools/virsh.c: Add --autokill flag to 'start' and 'create'
	  commands

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Automatically kill target QEMU if migration aborts abnormally
	Migration is a multi-step process

	  1. Begin(src)
	  2. Prepare(dst)
	  3. Perform(src)
	  4. Finish(dst)
	  5. Confirm(src)

	At step 2, a QEMU process is lauched in the destination to
	accept the incoming migration. Occasionally the process
	that is controlling the migration workflow aborts, and fails
	to call step 4, Finish. This leaves a QEMU process running
	on the target (albeit with paused CPUs). Unfortunately because
	step 2 actives a job on the QEMU process, it is unkillable by
	normal means.

	By registering the VM for autokill against the src virConnectPtr
	in step 2, we can ensure that the guest is forcefully killed off
	if the connection is closed without step 4 being invoked

	* src/qemu/qemu_migration.c: Register autokill in PrepareDirect
	  and PrepareTunnel. Unregister autokill on successful run
	  of Finish
	* src/qemu/qemu_process.c: Unregister autokill when stopping a
	  process

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Add infrastructure to automatically destroy guests when a connection closes
	Sometimes it is useful to be able to automatically destroy a guest when
	a connection is closed. For example, kill an incoming migration if
	the client managing the migration dies. This introduces a map between
	guest 'uuid' strings and virConnectPtr objects. When a connection is
	closed, any associated guests are killed off.

	* src/qemu/qemu_conf.h: Add autokill hash table to qemu driver
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add APIs
	  for performing autokill of guests associated with a connection
	* src/qemu/qemu_driver.c: Initialize autodestroy map

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Support reboots with the QEMU driver
	For controlled shutdown we issue a 'system_powerdown' command
	to the QEMU monitor. This triggers an ACPI event which (most)
	guest OS wire up to a controlled shutdown. There is no equiv
	ACPI event to trigger a controlled reboot. This patch attempts
	to fake a reboot.

	 - In qemuDomainObjPrivatePtr we have a bool fakeReboot
	   flag.
	 - The virDomainReboot method sets this flag and then
	   triggers a normal 'system_powerdown'.
	 - The QEMU process is started with '-no-shutdown'
	   so that the guest CPUs pause when it powers off the
	   guest
	 - When we receive the 'POWEROFF' event from QEMU JSON
	   monitor if fakeReboot is not set we invoke the
	   qemuProcessKill command and shutdown continues
	   normally
	 - If fakeReboot was set, we spawn a background thread
	   which issues 'system_reset' to perform a warm reboot
	   of the guest hardware. Then it issues 'cont' to
	   start the CPUs again

	* src/qemu/qemu_command.c: Add -no-shutdown flag if
	  we have JSON support
	* src/qemu/qemu_domain.h: Add 'fakeReboot' flag to
	  qemuDomainObjPrivate struct
	* src/qemu/qemu_driver.c: Fake reboot using the
	  system_powerdown command if JSON support is available
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  binding for system_reset command
	* src/qemu/qemu_process.c: Reset the guest & start CPUs if
	  fakeReboot is set

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Move the RPC generator scripts into src/rpc
	Move the daemon/remote_generator.pl to src/rpc/gendispatch.pl
	and move the src/remote/rpcgen_fix.pl to src/rpc/genprotocol.pl

	* daemon/Makefile.am: Update for new name/location of generator
	* src/Makefile.am: Update for new name/location of generator

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Introduce generic RPC client objects
	To facilitate creation of new clients using XDR RPC services,
	pull alot of the remote driver code into a set of reusable
	objects.

	 - virNetClient: Encapsulates a socket connection to a
	   remote RPC server. Handles all the network I/O for
	   reading/writing RPC messages. Delegates RPC encoding
	   and decoding to the registered programs

	 - virNetClientProgram: Handles processing and dispatch
	   of RPC messages for a single RPC (program,version).
	   A program can register to receive async events
	   from a client

	 - virNetClientStream: Handles generic I/O stream
	   integration to RPC layer

	Each new client program now merely needs to define the list of
	RPC procedures & events it wants and their handlers. It does
	not need to deal with any of the network I/O functionality at
	all.

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Introduce generic RPC module for advertising via MDNS
	Allow RPC servers to advertise themselves using MDNS,
	via Avahi

	* src/rpc/virnetserver.c, src/rpc/virnetserver.h: Allow
	  registration of MDNS services via avahi
	* src/rpc/virnetserverservice.c, src/rpc/virnetserverservice.h: Add
	  API to fetch the listen port number
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Add API to
	  fetch the local port number
	* src/rpc/virnetservermdns.c, src/rpc/virnetservermdns.h: Represent
	  an MDNS advertisement

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Introduce generic RPC server objects
	To facilitate creation of new daemons providing XDR RPC services,
	pull a lot of the libvirtd daemon code into a set of reusable
	objects.

	 * virNetServer: A server contains one or more services which
	   accept incoming clients. It maintains the list of active
	   clients. It has a list of RPC programs which can be used
	   by clients. When clients produce a complete RPC message,
	   the server passes this onto the corresponding program for
	   handling, and queues any response back with the client.

	 * virNetServerClient: Encapsulates a single client connection.
	   All I/O for the client is handled, reading & writing RPC
	   messages.

	 * virNetServerProgram: Handles processing and dispatch of
	   RPC method calls for a single RPC (program,version).
	   Multiple programs can be registered with the server.

	 * virNetServerService: Encapsulates socket(s) listening for
	   new connections. Each service listens on a single host/port,
	   but may have multiple sockets if on a dual IPv4/6 host.

	Each new daemon now merely has to define the list of RPC procedures
	& their handlers. It does not need to deal with any network related
	functionality at all.

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Integrate TLS/SASL directly into the socket APIs
	This extends the basic virNetSocket APIs to allow them to have
	a handle to the TLS/SASL session objects, once established.
	This ensures that any data reads/writes are automagically
	passed through the TLS/SASL encryption layers if required.

	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Wire up
	  SASL/TLS encryption

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Generic module for handling SASL authentication & encryption
	This provides two modules for handling SASL

	 * virNetSASLContext provides the process-wide state, currently
	   just a whitelist of usernames on the server and a one time
	   library init call

	 * virNetTLSSession provides the per-connection state, ie the
	   SASL session itself. This also include APIs for providing
	   data encryption/decryption once the session is established

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsaslcontext.c, src/rpc/virnetsaslcontext.h: Generic
	  SASL handling code

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Generic module for handling TLS encryption and x509 certs
	This provides two modules for handling TLS

	 * virNetTLSContext provides the process-wide state, in particular
	   all the x509 credentials, DH params and x509 whitelists
	 * virNetTLSSession provides the per-connection state, ie the
	   TLS session itself.

	The virNetTLSContext provides APIs for validating a TLS session's
	x509 credentials. The virNetTLSSession includes APIs for performing
	the initial TLS handshake and sending/recving encrypted data

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
	  TLS handling code

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a generic object for using network sockets
	Introduces a simple wrapper around the raw POSIX sockets APIs
	and name resolution APIs. Allows for easy creation of client
	and server sockets with correct usage of name resolution APIs
	for protocol agnostic socket setup.

	It can listen for UNIX and TCP stream sockets.

	It can connect to UNIX, TCP streams directly, or indirectly
	to UNIX sockets via an SSH tunnel or external command

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetsocket.c, src/rpc/virnetsocket.h: Generic
	  sockets APIs
	* tests/Makefile.am: Add socket test
	* tests/virnetsockettest.c: New test case
	* tests/testutils.c: Avoid overriding LIBVIRT_DEBUG settings
	* tests/ssh.c: Dumb helper program for SSH tunnelling tests

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Provide a simple object for encoding/decoding RPC messages
	This provides a new struct that contains a buffer for the RPC
	message header+payload, as well as a decoded copy of the message
	header. There is an API for applying a XDR encoding & decoding
	of the message headers and payloads. There are also APIs for
	maintaining a simple FIFO queue of message instances.

	Expected usage scenarios are:

	To send a message

	   msg = virNetMessageNew()

	   ...fill in msg->header fields..
	   virNetMessageEncodeHeader(msg)
	   ...loook at msg->header fields to determine payload filter
	   virNetMessageEncodePayload(msg, xdrfilter, data)
	   ...send msg->bufferLength worth of data from buffer

	To receive a message

	   msg = virNetMessageNew()
	   ...read VIR_NET_MESSAGE_LEN_MAX of data into buffer
	   virNetMessageDecodeLength(msg)
	   ...read msg->bufferLength-msg->bufferOffset of data into buffer
	   virNetMessageDecodeHeader(msg)
	   ...look at msg->header fields to determine payload filter
	   virNetMessageDecodePayload(msg, xdrfilter, data)
	   ...run payload processor

	* src/Makefile.am: Add to libvirt-net-rpc.la
	* src/rpc/virnetmessage.c, src/rpc/virnetmessage.h: Internal
	  message handling API.
	* testutils.c, testutils.h: Helper for printing binary differences
	* virnetmessagetest.c: Validate all XDR encoding/decoding

2011-06-24  Daniel P. Berrange  <berrange@redhat.com>

	Defines the basics of a generic RPC protocol in XDR
	This patch defines the basics of a generic RPC protocol in XDR.
	This is wire ABI compatible with the original remote_protocol.x.
	It takes everything except for the RPC calls / events from that
	protocol

	 - The basic header virNetMessageHeader (aka remote_message_header)
	 - The error object virNetMessageError  (aka remote_error)
	 - Two dummy objects virNetMessageDomain & virNetMessageNetwork
	   sadly needed to keep virNetMessageError ABI compatible with
	   the old remote_error

	The RPC protocol supports method calls, async events and
	bidirectional data streams as before

	* src/Makefile.am: Add rules for generating RPC code from
	  protocol & define a new libvirt-net-rpc.la helper library
	* src/rpc/virnetprotocol.x: New generic RPC protocol

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid python 2.4 build failure
	On RHEL 5, I got:

	/usr/bin/python ./generator.py /usr/bin/python
	  File "./generator.py", line 427
	    "virStreamFree", # Needed in custom virStream __del__, but free shouldn't
	                   ^
	SyntaxError: invalid syntax

	* python/generator.py (function_skip_python_impl): Use same syntax
	as other skip lists.

2011-06-24  Eric Blake  <eblake@redhat.com>

	build: avoid compiler failure
	GCC complained about a C99 for-loop declaration outside of C99 mode
	when compiling on RHEL 5.

	* src/qemu/qemu_driver.c (qemudDomainPinVcpuFlags): Avoid C99 for
	loop, since gcc 4.1.2 hates it.

2011-06-23  David S. Wang  <dwang2@cisco.com>

	documenting the 802.1Qbh parameters of a 'direct' interface
	This patch adds documentation about the 802.1Qbh related parameters
	of the virtualport element for 'direct' interfaces.

2011-06-23  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	Gnulib has been busy, with 397 commits; it's easier to update now
	even without any known libvirt issue to be fixed, rather than
	having to analyze an even larger changeset later on.

	* .gnulib: Update to latest, for lots of changes.
	* bootstrap: Synchronize to upstream.

2011-06-23  Stefan Berger  <stefanb@us.ibm.com>

	build: fix compilation on systems missing libnl and new includes
	This patch fixes the compilation of netlink.c and interface.c on those
	systems missing either libnl or that have an older linux/if_link.h
	include file not supporting macvtap or VF_PORTS.

	WITH_MACVTAP is '1' if newer include files were detected, '0' otherwise.

	IFLA_PORT_MAX is defined in linux/if_link.h if yet more functionality is
	supported.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Make libnl optional unless macvtap is required
	If macvtap is required then libnl has to be available, otherwise
	libnl is optional.

2011-06-23  Cole Robinson  <crobinso@redhat.com>

	python: Generate virStreamFree but don't expose in bindings
	Turns out I was right in removing this the first time :) This is
	needed in our custom __del__ function, but the C code wasn't
	being generated. Add new infrastructure to do what we want

2011-06-23  Eric Blake  <eblake@redhat.com>

	maint: avoid future setgid problems
	* cfg.mk (sc_prohibit_setuid)
	(exclude_file_name_regexp--sc_prohibit_setuid): New rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Always exempt po files.
	(exclude_file_name_regexp--sc_prohibit_asprintf): Simplify.
	(exclude_file_name_regexp--sc_prohibit_can_not): Drop.
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Likewise.

2011-06-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make virConnectClose comply to apibuild.py expectations
	apibuild.py expects a sentence that starts with "Returns"
	describing the return value of a function.

2011-06-23  Osier Yang  <jyang@redhat.com>

	util: Fix memory leak in virJSONParserHandleStartMap

	qemu: Fix memory leak in qemuProcessWaitForMonitor
	Move "VIR_FREE(buf) into label "closelog", so that "buf" could be
	freed before returning.

2011-06-23  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only check for NUMA availability if required
	We only care about NUMA availability if NUMA configuration is requested
	in domain XML.

2011-06-23  Matthew Booth  <mbooth@redhat.com>

	storage: fix volDelete return when volume still being allocated
	volDelete used to return VIR_ERR_INTERNAL_ERROR when attempting to
	delete a volume which was still being allocated. It should return
	VIR_ERR_OPERATION_INVALID.

	* src/storage/storage_driver.c: Fix return of volDelete.

2011-06-23  Eric Blake  <eblake@redhat.com>

	util: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/util/pci.c (struct _pciDevice, pciGetDevice, pciFreeDevice):
	Manage path dynamically.  Report snprintf overflow.
	* src/util/hostusb.c (struct _usbDevice, usbGetDevice)
	(usbFreeDevice): Likewise.

2011-06-23  Eric Blake  <eblake@redhat.com>

	xen: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/xen/xen_driver.h (xenXMConfCache): Manage filename
	dynamically.
	* src/xen/xm_internal.c (xenXMConfigCacheAddFile)
	(xenXMConfigFree, xenXMDomainDefineXML): Likewise.

2011-06-23  Eric Blake  <eblake@redhat.com>

	tests: avoid PATH_MAX-sized array
	See previous patch for why this is good...

	* src/test/test_driver.c (struct _testConn, testOpenFromFile)
	(testClose): Manage path dynamically.

2011-06-23  Eric Blake  <eblake@redhat.com>

	virStorageVol: avoid PATH_MAX-sized array
	POSIX allows implementations where PATH_MAX is undefined, leading
	to compilation error.  Not to mention that even if it is defined,
	it is often wasteful in relation to the amount of data being stored.

	All clients of vol->key were audited, and found not to care about
	whether key is static or dynamic, except for these offenders:

	* src/datatypes.h (struct _virStorageVol): Manage key dynamically.
	* src/datatypes.c (virReleaseStorageVol): Free key.
	(virGetStorageVol): Copy key.

2011-06-22  Eric Blake  <eblake@redhat.com>

	maint: add omitted copyright header
	Bug introduced in commit 6a597883.

	* src/util/netlink.h: Add boilerplate.

2011-06-22  Eric Blake  <eblake@redhat.com>

	docs: fix docs to match behavior of virConnectClose
	* src/libvirt.c (virConnectClose): Mention reference count return.
	Reported by Michal Novotny, analyzed by Matthias Bolte.

2011-06-22  Stefan Berger  <stefanb@us.ibm.com>

	cleanup: make several interface functions commonly available
	In a second cleanup step this patch makes several interface functions from macvtap.c commonly available by moving them into interface.c and prefixing their names with 'iface'. Those functions taking Linux-specific structures as parameters are only visible on Linux.

	ifaceRestoreMacAddress returns the return code from the ifaceSetMacAddr call and display an error message if setting the MAC address did not work. The caller is unchanged and still ignores the return code (which is ok).

2011-06-22  Stefan Berger  <stefanb@us.ibm.com>

	cleanup: make nlComm commonly available
	In a first cleanup step, make nlComm from macvtap.c commonly available
	for other code to use. Since nlComm uses Linux-specific structures as
	parameters it's prototype is only visible on Linux.

2011-06-22  Eric Blake  <eblake@redhat.com>

	maint: remove syntax-check exception
	We weren't using the @FOO@ notation for a Makefile substitution,
	but instead for a sed rule, so using [@]FOO@ instead avoids the
	need to exempt this syntax check.

	* cfg.mk (_makefile_at_at_check_exceptions): Delete.
	* tools/Makefile.am (virt-xml-validate, virt-pki-validate): Avoid
	tripping syntax-check.
	Reported by Daniel P. Berrange.

2011-06-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix use-after-free in handling domain taint flags
	* src/conf/domain_conf.c: Fix use after free

2011-06-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove macvtap dependency on domain configuration
	Files under src/util must not depend on src/conf
	Solve the macvtap problem by moving the definition
	of macvtap modes from domain_conf.h into macvtap.h

	* src/util/macvtap.c, src/util/macvtap.h: Add enum
	  for macvtap modes
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  enum for macvtap modes

2011-06-22  Osier Yang  <jyang@redhat.com>

	util: Correct the error prompt string
	virCommandProcessIO: It's reading from stdout or stderr of child,
	but not writing.

2011-06-22  Osier Yang  <jyang@redhat.com>

	qemu: Fix one memory leak
	* src/qemu/qemu_domain.c: (qemuDomainAppendLog)

	  Free "message" in "cleanup".

2011-06-22  Daniel Veillard  <veillard@redhat.com>

	Fix to python API extractor and API doc generation
	This fixes a number of issues most of them raised by Eric Blake on the
	generated documentation output:
	   - parsing of "long long int" and similar
	   - add parsing of unions within a struct
	   - remove spurious " * " fron comments on structure fields and enums
	   - fix concatenation of base type and name in arrays
	   - extend XSLT to cope with union in structs

	* docs/apibuild.py: fix and extend API extraction tool
	* docs/newapi.xsl: extend the stylesheets to cope with union in
	  public structures

2011-06-22  Michal Privoznik  <mprivozn@redhat.com>

	qemu: domain I/O asynchronous handling
	For virtio disks and interfaces, qemu allows users to enable or disable
	ioeventfd feature. This means, qemu can execute domain code, while
	another thread waits for I/O event. Basically, in some cases it is win,
	in some loss. This feature is available via 'ioeventfd' attribute in disk
	and interface <driver> element. It accepts 'on' and 'off'. Leaving this
	attribute out defaults to hypervisor decision.

2011-06-21  Eric Blake  <eblake@redhat.com>

	build: require newer netcf when it is available
	When building rpms for newer Fedora or RHEL, take advantage of the
	newer netcf packaging to guarantee interface snapshot support.

	* libvirt.spec.in (BuildRequires): Bump minimum version on
	platforms that support netcf 0.1.8.

2011-06-21  Eric Blake  <eblake@redhat.com>

	virsh: avoid bogus description
	https://bugzilla.redhat.com/show_bug.cgi?id=682121

	Gettext reserves the empty string for internal use, and it must
	not be passed through _().  We were violating this for commands
	that (for whatever reason) used "" for their description.

	* tools/virsh.c (vshCmddefHelp): Don't translate empty string.
	Reported by Tatsuo Kawasaki.

2011-06-21  Dirk Herrendoerfer  <d.herrendoerfer@herrendoerfer.name>

	set and restore MAC address of a NIC when using PASSTHROUGH mode
	The following patch addresses the problem that when a PASSTHROUGH
	mode DIRECT NIC connection is made the MAC address of the NIC is
	not automatically set and reset to the configured VM MAC and
	back again.

	The attached patch fixes this problem by setting and resetting the MAC
	while remembering the previous setting while the VM is running.
	This also works if libvirtd is restarted while the VM is running.

	the patch passes make syntax-check

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Mark event callback wrappers as private
	These functions aren't intended to be called directly by users, so mark
	them as private.

	While we're at it, remove unneeded exception handling, and break some
	long lines.

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: events: Fix C->Python handle callback prototype
	If registering our own event loop implementation written in python,
	any handles or timeouts callbacks registered by libvirt C code must
	be wrapped in a python function. There is some argument trickery that
	makes this all work, by wrapping the user passed opaque value in
	a tuple, along with the callback function.

	Problem is, the current setup requires the user's event loop to know
	about this trickery, rather than just treating the opaque value
	as truly opaque.

	Fix this in a backwards compatible manner, and adjust the example
	python event loop to do things the proper way.

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Add bindings for virEvent*Handle/Timeout

	events: Correct virEventAddTimeout docs

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	Promote virEvent*Handle/Timeout to public API
	Since we virEventRegisterDefaultImpl is now a public API, callers need
	a way to invoke the default registered Handle and Timeout functions. We
	already have general functions for these internally, so promote
	them to the public API.

	v2:
	    Actually add APIs to libvirt.h

2011-06-21  Cole Robinson  <crobinso@redhat.com>

	python: Implement virStreamSend/RecvAll helpers
	Pure python implementation. The handler callbacks have been altered
	a bit compared to the C API: RecvAll doesn't pass length of the data read
	since that can be trivially obtained from python string objects, and SendAll
	requires the handler to return the string data to send rather than
	store the data in a string pointer.

	python: Implement virStreamSend/Recv
	The return values for the python version are different that the C version
	of virStreamSend: on success we return a string, an error raises an exception,
	and if the stream would block we return int(-2). We need to do this
	since strings aren't passed by reference in python.

2011-06-21  Osier Yang  <jyang@redhat.com>

	conf: Make full use of goto label
	* virDomainDefParse: There is a goto label "no_memory", which
	reports OOM error, and then fallthrough label "error". This
	patch changes things like following:

	    virReportOOMError();
	    goto error;

	into:

	    goto no_memory;

2011-06-21  Osier Yang  <jyang@redhat.com>

	conf: Fix one memory leak
	Free def->numatune.memory.nodemask in virDomainDefFree.

2011-06-20  Cole Robinson  <crobinso@redhat.com>

	python: Implement bindings for virStreamEventAddCallback
	v2:
	    Don't generate virStreamFree

	python: generator: Don't print warning if nothing to warn about

2011-06-20  Cole Robinson  <crobinso@redhat.com>

	python: libvirt-override: use simpler debug
	In a couple instances we have to mark a debug variable as ATTRIBUTE_UNUSED
	to avoid warnings.

	v2:
	    Use #if 0 to comment out debug define

2011-06-20  Eric Blake  <eblake@redhat.com>

	virsh: enhance snapshot-create-as
	Similar to pool-create-as.

	* tools/virsh.c (cmdSnapshotCreateAs): Add --print-xml.
	* tools/virsh.pod: Document it.

2011-06-20  Eric Blake  <eblake@redhat.com>

	virsh: add snapshot-create-as command
	Producing an xml file just for name and description fields is
	overkill; this makes life easier from virsh.

	* tools/virsh.c (cmdSnapshotCreateAs): New command.
	(snapshotCmds): Install it.
	* tools/virsh.pod: Document it.

2011-06-20  Eric Blake  <eblake@redhat.com>

	virsh: clarify snapshot vs. save
	* tools/virsh.c (info_snapshot_create, info_save): Clarify
	description.
	* tools/virsh.pod (save): Likewise.

2011-06-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix compile warnings in virsh vcpupin
	The 'char *cur' variable was being assigned from a
	'const char *' string, thus discarding constness.
	As well as causing a compile warning, it masked a
	piece of code which attempts to assign to the
	previously const string.

	* tools/virsh.c: Fix const-ness of 'cur' variable in vcpupin

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Allow to annotate arrays with typecasts
	Removes special case code from the generator and handle additional
	methods.

	The generated version of remoteDispatchDomainPinVcpu(Flags) has no
	length check, but this check was useless anyway as it was applied to
	data that was already deserialized from its XDR form.

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Handle functions that return optional strings

	remote: Generate virDomainGetBlockPullInfo
	It was already generatable but skipped.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add vcpupin resetting feature to qemu driver
	Pinning to all physical cpus means resetting, hence it is preferable to
	delete vcpupin setting of XML.

	This patch changes qemu driver to delete vcpupin setting by invoking
	virDomainVcpupinDel API when pinning the specified virtual cpu to
	all host physical cpus.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add virDomainVcpupinDel function
	This patch add the private API (virDomainVcpupinDel).
	This API can delete the vcpupin setting of a specified virtual cpu.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add reset option to virsh vcpupin command
	When resetting vcpupin setting, we have to specify all host physical
	cpus as a cpulist parameter of virsh vcpupin command. It's a little
	tedious.

	This patch changes to allow to receive the special keyword 'r' as a cpulist
	parameter of virsh vcpupin command when resetting vcpupin setting.

	If you set the following:

	 # virsh vcpupin VM 0 r

	the vcpu0 will be pinned to all physical cpus.

2011-06-20  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: improve vcpupin definition of virsh vcpupin
	When using vcpupin command, we have to speficy comma-separated list as cpulist,
	but this is tedious in case the number of phsycal cpus is large.
	This patch improves this by introducing special markup "-" and "^" which are
	similar to XML schema of "cpuset" attribute.

	The example:

	 # virsh vcpupin Guest 0 0-15,^8

	 is identical to

	 # virsh vcpupin Guest 0 0,1,2,3,4,5,6,7,9,10,11,12,13,14,15

	NOTE: The expression is sequentially evaluated, so "0-15,^8" is not identical
	to "^8,0-15".

2011-06-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix preprocessor indentation in nodeinfo.c

	Move XenAPI driver to correct spec file section
	The XenAPI driver works like the ESX and PHyp driver by using its
	own HTTPS based remote protocol.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Add tests for numatune XML
	Only add tests for qemuxmlargvtest.c, as there is no qemu command line
	for numatune XML, just want to make sure the XML could be validated
	well.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Support NUMA memory tuning in qemu driver
	Implemented as setting NUMA policy between fork and exec as a hook,
	using libnuma. Only support memory tuning on domain process currently.

	For the nodemask out of range, will report soft warning instead of
	hard error in libvirt layer. (Kernel will be silent as long as one
	of set bit in the nodemask is valid on the host. E.g. For a host
	has two NUMA nodes, kernel will be silent for nodemask "01010101").
	So, soft warning is the only thing libvirt can do, as one might want
	to specify the numa policy prior to a node that doesn't exist yet,
	however, it may come as hotplug soon.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Support persistent XML for numatune
	* src/conf/domain_conf.h: Introduce one new struct for representing
	NUMA tuning related stuffs.

	* src/conf/domain_conf.c: Parse and format numatune XML.

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Add doc for new numatune XML

2011-06-20  Osier Yang  <jyang@redhat.com>

	numatune: Define XML schema
	Example XML:

	<numatune>
	  <memory mode="strict" nodeset="0-10,^4"/>
	</numatune>

	Please enter the commit message for your changes. Lines starting

2011-06-20  Hu Tao  <hutao@cn.fujitsu.com>

	Update qemuDomainSetBlkioParameters to use flags

	update qemuDomainGetBlkioParameters to use flags

	Add new parameters for blkiotune
	Add --config, --live and --current for command blkiotune

2011-06-20  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, we will receive the following error
	message:

	make[3]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.2/tools'
	  CC     virsh-virsh.o
	  CC     virsh-console.o
	  GEN    virt-xml-validate
	  GEN    virt-pki-validate
	  CCLD   virsh
	./src/.libs/libvirt.so: undefined reference to `numa_available'
	./src/.libs/libvirt.so: undefined reference to `numa_max_node'
	collect2: ld returned 1 exit status

	The reason is that: we check numactl only when building qemu driver, and qemu
	driver will not be built when bulding without libvirtd. So with_numactl's
	value is check and we will not link libnuma.so.

	In the other function, we call numa_available() and numa_max_node() only
	when HAVE_NUMACTL is 1. We should do the same check in the function nodeGetMemoryStats().

2011-06-20  Jamie Strandboge  <jamie@canonical.com>

	apparmor: implement AppArmorSetFDLabel()
	During a savevm operation, libvirt will now use fd migration if qemu
	supports it. When the AppArmor driver is enabled, AppArmorSetFDLabel()
	is used but since this function simply returns '0', the dynamic AppArmor
	profile is not updated and AppArmor blocks access to the save file. This
	patch implements AppArmorSetFDLabel() to get the pathname of the file by
	resolving the fd symlink in /proc, and then gives that pathname to
	reload_profile(), which fixes 'virsh save' when AppArmor is enabled.

	Reference: https://launchpad.net/bugs/795800

2011-06-17  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for NULL in domain lock manager
	The domain lock manager forgot to include a bunch of checks
	for NULL which could occur on OOM

	* src/locking/domain_lock.c: Add checks for NULL

2011-06-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix errno return in safezero()
	Most of the safezero() implementations return -1 on error,
	setting errno. The safezero() impl using posix_fallocate()
	though returned a positive errno value on error (due to
	the unusual API contract of posix_fallocate() compared to
	most syscall APIs).

	* src/util/util.c: Ensure safezero() returns -1 and sets
	  errno on error.
	* src/storage/storage_backend.c: Change safezero != 0 to
	  < 0 for detecting errors

2011-06-17  Daniel P. Berrange  <berrange@redhat.com>

	Add missing error reporting when loading mac filter config for QEMU
	If the 'mac_filter' configuration parameter is enabled, and there
	is a failure to enable filtering, no error is reported back to
	the caller. Also fix some bogus whitespace indentation for
	hugetlbfs_mount

	* src/qemu/qemu_conf.c: Add missing error reporting

2011-06-16  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add support for virDomainGetControlInfo

	qemu: Implement virDomainGetControlInfo

	Wire protocol and remote driver for virDomainGetControlInfo

	Introduce virDomainGetControlInfo API
	The API can be used to query current state of an interface to VMM used
	to control a domain. In QEMU world this translates into monitor
	connection.

2011-06-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix documentation of virStreamRecv
	virStreamRecv is for reading.

	Also add some missing punctuation to virStreamSend's documentation.

2011-06-15  Eric Blake  <eblake@redhat.com>

	sendkey: use consistent API convention
	Even though rpc uses 'unsigned int' for the _len parameter that
	passes the length of item<length>, the public libvirt APIs all
	use 'int' and filter out lengths < 0, except for virDomainSendKey.

	* include/libvirt/libvirt.h.in (virDomainSendKey): All other APIs
	use int for array length.
	* src/libvirt.c (virDomainSendKey): Adjust.
	* src/driver.h (virDrvDomainSendKey): Likewise.
	* daemon/remote_generator.pl: Likewise.

2011-06-15  Eric Blake  <eblake@redhat.com>

	build: export correct function names
	Detected by autobuild.sh, when targetting mingw.
	Introduced in commit 98bfdff.

	* src/libvirt_private.syms: Fix typos.

2011-06-15  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on non-Linux
	Detected by autobuild.sh when cross-building for mingw.
	Introduced in commits ce76e85 and af35cec.

	* src/nodeinfo.c (nodeGetCPUStats, nodeGetMemoryStats): Mark
	parameters as potentially unused.

2011-06-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle struct returning functions better (part 2)
	Commit 64000eabedf2 is part 1, that only covered the daemon side by
	accident. Part 2 covers the client side too.

	Fix apibuild.py warnings about missing comment headers
	Also improve wording of some comments.

	remote generator: Handle struct returning functions better
	The position of the struct parameter in the function signature
	differs. Instead of hardcoding the handling for this add an annotation
	to the .x file to define the position.

2011-06-15  Daniel Gollub  <gollub@b1-systems.de>

	support for Xen HVM Viridian (Hyper-V) enlightenment interface
	Introduce libvirt support for Xen HVM Viridian (Hyper-V) enlightenment
	interface guest feature.

	 src/conf/domain_conf.c     |    3 ++-
	 src/conf/domain_conf.h     |    1 +
	 src/xen/xen_hypervisor.c   |   11 +++++++++++
	 src/xenapi/xenapi_driver.c |    2 ++
	 src/xenapi/xenapi_utils.c  |    2 ++
	 src/xenxs/xen_sxpr.c       |    4 ++++
	 src/xenxs/xen_xm.c         |   12 +++++++++++-
	 7 files changed, 33 insertions(+), 2 deletions(-)

2011-06-15  Eric Blake  <eblake@redhat.com>

	virsh: reduce complexity in argv iteration
	This reduces things from O(n^2) to O(n).

	* tools/virsh.c (vshCommandOptArgv): Change signature.
	(cmdEcho): Update caller.
	Based on a patch by Lai Jiangshan.

2011-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Add support for network filter code in LXC driver
	The LXC driver networking uses veth device pairs. These can
	be easily hooked into the network filtering code.

	* src/lxc/lxc_driver.c: Add calls to setup/teardown nwfilter

2011-06-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix allocation of veth's to not skip an index
	The algorithm for autoassigning vethXXX devices, was always
	skipping over the starting dev index when finding a free
	name for the guest device. This should only be done if the host
	device was autoallocated.

	* src/lxc/veth.c: Don't skip over veth indexes

2011-06-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Translate boot config into bootindex if possible
	Prefer bootindex=N option for -device over the old way -boot ORDER
	possibly accompanied with boot=on option for -drive. This gives us full
	control over which device will actually be used for booting guest OS.
	Moreover, if qemu doesn't support boot=on, this is the only way to boot
	of certain disks in some configurations (such as virtio disks when used
	together IDE disks) without transforming domain XML to use per device
	boot elements.

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Asynchronous event for BlockPull completion
	When an operation started by virDomainBlockPullAll completes (either with
	success or with failure), raise an event to indicate the final status.  This
	allows an API user to avoid polling on virDomainBlockPullInfo if they would
	prefer to use the event mechanism.

	* daemon/remote.c: Dispatch events to client
	* include/libvirt/libvirt.h.in: Define event ID and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle the new event
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block_stream completion and emit a libvirt block pull event
	* src/remote/remote_driver.c: Receive and dispatch events to application
	* src/remote/remote_protocol.x: Wire protocol definition for the event
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_STREAM_COMPLETED event
	  from QEMU monitor

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Enable virDomainBlockPull in the python API.
	virDomainBlockPullAll and virDomainBlockPullAbort are handled automatically.
	virDomainBlockPull and virDomainBlockPullInfo require manual overrides since
	they return a custom type.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c:
	  manual overrides

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Enable the virDomainBlockPull API in virsh
	Define two new virsh commands:
	 * blockpull: Perform block pull operations (incremental plus start
	              and stop continuous streams)
	 * blockpullinfo: Retrieve progress info for continuous block pull

	Share print_job_progress() with the migration code.

	* tools/virsh.c: implement the new commands

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Implement virDomainBlockPull for the qemu driver
	The virDomainBlockPull* family of commands are enabled by the
	'block_stream' and 'info block_stream' qemu monitor commands.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement disk
	  streaming by using the stream and info stream text monitor commands
	* src/qemu/qemu_monitor_json.[ch]: implement commands using the qmp monitor

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Add virDomainBlockPull support to the remote driver
	The generator can handle DomainBlockPullAll and DomainBlockPullAbort.
	DomainBlockPull and DomainBlockPullInfo must be written by hand.

	* src/remote/remote_protocol.x: provide defines for the new entry points
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* src/remote_protocol-structs: structure definitions for protocol verification

2011-06-15  Adam Litke  <agl@us.ibm.com>

	virDomainBlockPull: Implement the main entry points
	* src/libvirt.c: implement the main entry points

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-06-15  Adam Litke  <agl@us.ibm.com>

	Add new API virDomainBlockPull* to headers
	Set up the types for the block pull functions and insert them into the
	virDriver structure definition.  Symbols are exported in this patch to prevent
	documentation compile failures.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h: add the new entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python bindings are
	  implemented later
	* src/libvirt_public.syms: export symbols

2011-06-15  Marc-André Lureau  <marcandre.lureau@gmail.com>

	spice: add <clipboard copypaste='yes|no'> option
	From a security pov copy and paste between the guest and the client is not
	always desirable. So we need to be able to enable/disable this. The best place
	to do this from an administration pov is on the hypervisor, so the qemu cmdline
	is getting a spice disable-copy-paste option, see bug 693645. Example qemu
	invocation:
	qemu -spice port=5932,disable-ticketing,disable-copy-paste

	https://bugzilla.redhat.com/show_bug.cgi?id=693661

2011-06-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	virNodeGetMemoryStats: Implement linux support

	virNodeGetMemoryStats: Implement virsh support

	virNodeGetMemoryStats: Implement remote protocol

	virNodeGetMemoryStats: Implement public API

	virNodeGetMemoryStats: Define internal driver API

	virNodeGetMemoryStats: Expose new API

2011-06-14  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	virNodeGetCPUStats: Implement linux support

	virNodeGetCPUStats: Implement virsh support

	virNodeGetCPUStats: Implement remote protocol

	virNodeGetCPUTime: Implement public API

	virNodeGetCPUStats: Define internal driver API

	virNodeGetCPUStats: Expose new API

2011-06-14  Guido Günther  <agx@sigxcpu.org>

	Skip nodeinfo test on non intel architectures
	since the testfiles assume a /proc/cpuinfo specific to this
	architecture. We e.g. can't parse the number of cores on other
	architectures.

2011-06-14  Michael Chapman  <mike@very.puzzling.org>

	Fix autostart flag when loading running domains
	Drivers load running persistent and transient domain configs before
	inactive persistent domain configs, however only the latter would set a
	domain's autostart flag. This mismatch between the loaded and on-disk
	state could later cause problems with "virsh autostart":

	  # virsh autostart example
	  error: Failed to mark domain example as autostarted
	  error: Failed to create symlink '/etc/libvirt/qemu/autostart/example.xml to '/etc/libvirt/qemu/example.xml': File exists

	This patch ensures the autostart flag is set correctly even when the
	domain is already defined.

	Fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=632100
	  https://bugzilla.redhat.com/show_bug.cgi?id=675319

2011-06-14  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Implementing the remote protocol

	send-key: Implementing the public API

	send-key: Defining the internal API

2011-06-14  Lai Jiangshan  <laijs@cn.fujitsu.com>

	send-key: Defining the public API
	Add public virDomainSendKey() and enum libvirt_keycode_set
	for the @codeset.

	Python version of virDomainSendKey() has not been implemented yet,
	it will be done soon.

2011-06-14  Lai Jiangshan  <laijs@cn.fujitsu.com>

	remote generator: Handle (unsigned) int arrays

2011-06-14  Lai Jiangshan  <laijs@cn.fujitsu.com>

	add VSH_OFLAG_REQ_OPT options
	A VSH_OFLAG_REQ_OPT option means --optionname is required when used.
	It will kill any ambiguity, even a !VSH_OFLAG_REQ option listed before
	a VSH_OFLAG_REQ option, if the !VSH_OFLAG_REQ option is a
	VSH_OFLAG_REQ_OPT option.

	It will help us use optional argument with VSH_OT_ARGV argument.

2011-06-14  Lai Jiangshan  <laijs@cn.fujitsu.com>

	allow name for VSH_OT_ARGV options
	A name will improve the usege, example

	# virsh help echo
	  NAME
	    echo - echo arguments

	  SYNOPSIS
	    echo [--shell] [--xml] [<string>]...

	  DESCRIPTION
	    Echo back arguments, possibly with quoting.

	  OPTIONS
	    --shell          escape for shell use
	    --xml            escape for XML use
	    <string>         arguments to echo

	"[<string>]..." is added to SYNOPSIS.
	"<string>         arguments to echo" is added to OPTIONS.

2011-06-14  Ohad Levy  <ohadlevy@gmail.com>

	docs: updated list of applications using libvirt.
	Added:
	* Virt ruby bindings
	* Foreman for provisioning and webui.

2011-06-14  Eric Blake  <eblake@redhat.com>

	storage: avoid an intermediate malloc
	Suggested here:
	https://www.redhat.com/archives/libvir-list/2011-May/msg00594.html

	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Generate size inline.

2011-06-14  Eric Blake  <eblake@redhat.com>

	command: avoid double close
	Previously, the parent process opened 'null' to /dev/null, then
	the child process closes 'null' as well as 'childout'.  But if
	childout was set to be null, then this is a double close.  At
	least the double close was confined to the child process after a
	fork, and therefore there is no risk of another thread opening
	an fd of the same value to be bitten by the double close, but it
	is always better to avoid double-close to begin with.

	Additionally, if all three fds were specified, then opening
	'null' was wasted.

	This patch fixes things to lazily open null on the first use,
	then guarantees it gets closed exactly once.

	* src/util/command.c (getDevNull): New helper function.
	(virExecWithHook): Use it to avoid spurious opens and double close.

2011-06-14  Eric Blake  <eblake@redhat.com>

	command: reduce duplicated debug messages
	This also reduces malloc pressure for invoking a child when
	VIR_DEBUG is enabled.

	* src/util/command.c (virExecWithHook): Drop debug, since the only
	caller (virCommandRunAsync) also prints debug info.

2011-06-14  Eric Blake  <eblake@redhat.com>

	docs: improve VIR_DOMAIN_AFFECT_CURRENT description
	* include/libvirt/libvirt.h.in (virDomainModificationImpact): Reword.

2011-06-14  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix parsing 'info chardev'
	If qemu supports -chardev, our char frontend aliases are ex. 'charserial0'
	not just 'serial0'. Typically we don't use this code path because the
	pty's are scraped from stdout.

	qemu: Scrape stdout for virtio console pty
	Currently we forget to do this and have to fallback to info chardev (which
	also fails, see following patch)

2011-06-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Add daemon version reporting
	'virsh version' might report against which version of libvirtd is
	running.

2011-06-14  Guido Günther  <agx@sigxcpu.org>

	nodeinfo: remove superflous braces
	that break compilation on non intel architectures:

	mips:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=mips&ver=0.9.2-1&stamp=1307570195
	powerpc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=powerpc&ver=0.9.2-1&stamp=1307550913
	s390:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=s390&ver=0.9.2-1&stamp=1307641748
	sparc:
	https://buildd.debian.org/status/fetch.php?pkg=libvirt&arch=sparc&ver=0.9.2-1&stamp=1307552926

2011-06-14  Osier Yang  <jyang@redhat.com>

	util: Cleanup indention problem in virterror.c
	Push under trivial rule.

2011-06-14  Osier Yang  <jyang@redhat.com>

	qemu: Parse current balloon value returned by query_balloon
	Qemu once supported following memory stats which will returned by
	"query_balloon":

	    stat_put(dict, "actual", actual);
	    stat_put(dict, "mem_swapped_in", dev->stats[VIRTIO_BALLOON_S_SWAP_IN]);
	    stat_put(dict, "mem_swapped_out", dev->stats[VIRTIO_BALLOON_S_SWAP_OUT]);
	    stat_put(dict, "major_page_faults", dev->stats[VIRTIO_BALLOON_S_MAJFLT]);
	    stat_put(dict, "minor_page_faults", dev->stats[VIRTIO_BALLOON_S_MINFLT]);
	    stat_put(dict, "free_mem", dev->stats[VIRTIO_BALLOON_S_MEMFREE]);
	    stat_put(dict, "total_mem", dev->stats[VIRTIO_BALLOON_S_MEMTOT]);

	But it later disabled all the stats except "actual" by commit
	07b0403dfc2b2ac179ae5b48105096cc2d03375a.

	libvirt doesn't parse "actual", so user will always see a empty result
	with "virsh dommemstat $domain". Even qemu haven't disabled the stats,
	we should support parsing "actual".

2011-06-14  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: Fix cpu affinity setting bug of qemu driver
	There is the case where cpu affinites for vcpu of qemu doesn't work
	correctly. For example, if only one vcpupin setting entry is provided
	and its setting is not for vcpu0, it doesn't work.

	   # virsh dumpxml VM
	   ...
	   <vcpu>4</vcpu>
	   <cputune>
	     <vcpupin vcpu='3' cpuset='9-11'/>
	   </cputune>
	   ...

	   # virsh start VM
	   Domain VM started

	   # virsh vcpuinfo VM
	   VCPU:           0
	   CPU:            31
	   State:          running
	   CPU time:       2.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           1
	   CPU:            12
	   State:          running
	   CPU time:       0.9s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           2
	   CPU:            30
	   State:          running
	   CPU time:       1.5s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	   VCPU:           3
	   CPU:            13
	   State:          running
	   CPU time:       1.7s
	   CPU Affinity:   yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

	This patch fixes this problem.

2011-06-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix dlopen dependency
	Since the addition of the lock manager framework in 6a943419c528fdd7
	dlopen is always required, but the checks in configure wasn't changed
	to reflect that. This didn't show up directly because the VirtualBox
	driver linking dlopen in covered it. But disabling the VirtualBox
	driver makes the build fail due to missing dlopen.

	Change the dlopen check in configure to pick up dlopen when available.

	Reported by Ruben Kerkhof.

2011-06-13  Hu Tao  <hutao@cn.fujitsu.com>

	Deprecate several CURRENT/LIVE/CONFIG enums
	This patch deprecates following enums:

	VIR_DOMAIN_MEM_CURRENT
	VIR_DOMAIN_MEM_LIVE
	VIR_DOMAIN_MEM_CONFIG

	VIR_DOMAIN_VCPU_LIVE
	VIR_DOMAIN_VCPU_CONFIG

	VIR_DOMAIN_DEVICE_MODIFY_CURRENT
	VIR_DOMAIN_DEVICE_MODIFY_LIVE
	VIR_DOMAIN_DEVICE_MODIFY_CONFIG

	And modify internal codes to use virDomainModificationImpact.

2011-06-13  Stefan Berger  <stefanb@us.ibm.com>

	qemu: Faster response time to qemu startup errors
	The below patch decreases the response time of libvirt to errors reported by Qemu upon startup by checking whether the qemu process is still alive while polling for the local socket to show up.

	This patch also introduces a special handling of signal for the Win32 part of virKillProcess.

2011-06-13  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	* .gnulib: Update to latest, for more strerror_r fixes.

2011-06-13  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	vcpupin: add the new option to "virsh vcpupin" command
	This patch adds the new option (--live, --config and --current) to
	"virsh vcpupin" command. The behavior of above aption is the same as
	that of "virsh setmem", "virsh setvcpus", and whatnot.
	When the --config option is specified, the command affects a persistent
	domain, while --live option is specified, it affects a running (live) domain.
	The --current option cannot be used with --config or --live at the same
	time, and when --current is specified, it affects a "current" domain.

	vcpupin: implement the remote protocol to address the new API
	This patch implements the remote protocol for the new API
	(virDomainPinVcpuFlags).

	vcpupin: implement the code to address the new API in the qemu driver
	This patch implements the new API (virDomainPinVcpuFlags) in the qemu
	driver.

	vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags)
	This patch introduces a new libvirt API virDomainPinVcpuFlags,
	a direct extension from the existing virDomainPinVcpu

2011-06-13  Jiri Denemark  <jdenemar@redhat.com>

	Use virTimeMs when appropriate

	Introduce virTimeMs for getting current time in ms

	test: Remove unused timeval

2011-06-13  Wen Congyang  <wency@cn.fujitsu.com>

	tests: add a test for multi function PCI device

2011-06-13  Wen Congyang  <wency@cn.fujitsu.com>

	support multifunction PCI device
	If qemu supports multi function PCI device, the format of the PCI address passed
	to qemu is "bus=pci.0,multifunction=on,addr=slot.function".

	If qemu does not support multi function PCI device, the format of the PCI address
	passed to qemu is "bus=pci.0,addr=slot".

2011-06-13  Wen Congyang  <wency@cn.fujitsu.com>

	the hotplugged PCI device should use the whole slot
	Hot pluging/unpluging multi PCI device is not supported now. So the function
	of hotplugged PCI device must be 0. When we hot unplug it, we should set release
	all functions in the slot.

	assign the whole slot to the PCI device that has no address
	If user does not specify the PCI address, we should auto assign an unused slot.

	Reimplement qemuDomainPCIAddressReserveSlot(): reserve all functions in the slot
	We will support multi function PCI device. So we should reserve all functions in
	the slot if we want to reserve a slot.

	the key of hash table should include the function value
	We save all used PCI address in the hash table. The key is generated by domain,
	bus and slot now. We will support multi function PCI device, so the key should
	be generated by domain, bus, slot and function.

	prevent hot unplugging multi function PCI device
	We do not support to hot unplug multi function PCI device now. If the device is
	one function of multi function PCI device, we shoul not allow to hot unplugg
	it.

	check whether qemu supports multi function PCI device
	qemu supports multi function PCI device at least version 0.13.0.

2011-06-10  Matthew Booth  <mbooth@redhat.com>

	xenapi: Improve error message on session failure
	XenAPI session login can fail for a number of reasons, but currently no
	specific
	reason is displayed to the user, e.g.:

	virsh -c XenAPI://citrix-xen.example.com/
	Enter username for citrix-xen.example.com: root
	Enter root's password for citrix-xen.example.com:
	error: authentication failed: (null)
	error: failed to connect to the hypervisor

	This patch displays the session error description on failure.

2011-06-10  Osier Yang  <jyang@redhat.com>

	qemu: Fix one type in the error prompt string
	s/hostdevwork/hostdev/

2011-06-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Move VMware Workstation/Player driver to correct spec file section
	The VMware driver works like the OpenVZ driver by using a commandline
	tool for management. It dosen't use it's own remote protocol.

2011-06-08  Eric Blake  <eblake@redhat.com>

	virt-aa-helper: add missing include
	Regression introduced in commit 02e8691.

	* src/security/virt-aa-helper.c (includes): Reflect move of virRun.

2011-06-08  Eric Blake  <eblake@redhat.com>

	daemon: plug memory leak
	Detected by Coverity.  Commit ef21beda was incomplete; it solved
	a leak one one path, but not on the other.

	* daemon/libvirtd.c (qemudSetLogging): Avoid leak on success.

2011-06-08  Eric Blake  <eblake@redhat.com>

	build: break some long lines
	As long as I was already touching the function...

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Line wrap.

2011-06-08  Eric Blake  <eblake@redhat.com>

	qemu: add missing break statement
	Detected by Coverity.  Bug introduced in commit 9d73efd (v0.8.8).

	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphics): Don't report
	error on success.

2011-06-08  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positives
	Coverity complained about these intentional fallthrough cases, but
	not about other cases that were explicitly marked with nice comments.

	For some reason, Coverity doesn't seem smart enough to parse the
	up-front English comment in virsh about intentional fallthrough :)

	* tools/virsh.c (cmdVolSize): Mark fallthrough in a more typical
	fashion.
	* src/conf/nwfilter_conf.c (virNWFilterRuleDefDetailsFormat)
	(virNWFilterRuleDetailsParse): Mark explicit fallthrough.

2011-06-08  Eric Blake  <eblake@redhat.com>

	esx: avoid dead code
	Detected by Coverity.  The beginning of the function already filtered
	out NULL objectContentList as invalid.  Further investigation shows:

	esxVI_RetrieveProperties is generated and returns a list of objects
	that match the given propertyFilterSpec.
	esxVI_LookupObjectContentByType then tests whether the result
	corresponds to the expected occurrence and reports an error otherwise.
	This simplifies the callers of  esxVI_LookupObjectContentByType, but
	due to the missing dereference the check was never performed because
	the code thought that at least one item was obtained. NULL represents
	an empty list. This is a potential segfault fix because callers of
	esxVI_LookupObjectContentByType that specified "required" occurrence
	assume *objectContentList to be non-NULL when
	esxVI_LookupObjectContentByType succeeds.

	* src/esx/esx_vi.c (esxVI_LookupObjectContentByType): Check
	correct pointer.

2011-06-08  Eric Blake  <eblake@redhat.com>

	secret: drop dead code
	Detected by Coverity.  The only ways to get to the cleanup label
	were by an early abort (list still unassigned) or after successfully
	transferring list to dest, so there is no list to clean up.

	* src/secret/secret_driver.c (loadSecrets): Kill dead code.

2011-06-08  Eric Blake  <eblake@redhat.com>

	qemu: reorder checks for safety
	Detected by Coverity.  All existing callers happen to be in
	range, so this isn't too serious.

	* src/qemu/qemu_cgroup.c (qemuCgroupControllerActive): Check
	bounds before dereference.

2011-06-08  Eric Blake  <eblake@redhat.com>

	uuid: annotate non-null requirements
	Coverity already saw through a NULL dereference without these
	annotations, and gcc is still too puny to do good NULL analysis.
	But clang still benefits (and is easier to run than coverity),
	not to mention that adding this bit of documentation to the code
	may help future developers remember the constraints.

	* src/util/uuid.h (virGetHostUUID, virUUIDFormat): Document
	restrictions, for improved static analysis.

2011-06-08  Eric Blake  <eblake@redhat.com>

	debug: avoid null dereference on uuid lookup api
	Detected by Coverity.  Commit a98d8f0d tried to make uuid debugging
	more robust, but missed some APIs.  And on the APIs that it visited,
	the mere act of preparing the debug message ends up dereferencing
	uuid prior to the null check.  Which means the APIs which are supposed
	to gracefully reject NULL arguments now end up with SIGSEGV.

	* src/libvirt.c (VIR_UUID_DEBUG): New macro.
	(virDomainLookupByUUID, virDomainLookupByUUIDString)
	(virNetworkLookupByUUID, virNetworkLookupByUUIDString)
	(virStoragePoolLookupByUUID, virStoragePoolLookupByUUIDString)
	(virSecretLookupByUUID, virSecretLookupByUUIDString)
	(virNWFilterLookupByUUID, virNWFilterLookupByUUIDString): Avoid
	null dereference.

2011-06-08  Eric Blake  <eblake@redhat.com>

	python: avoid unlikely sign extension bug
	Detected by Coverity.  cpumap was allocated with a value of
	(unsigned short)*(int), which is an int computation, and then
	promotes to size_t.  On a 64-bit platform, this fails if bit
	32 of the product is set (because of sign extension giving
	a HUGE value to malloc), even though a naive programmer would
	assume that since the first value is unsigned, the product
	is also unsigned and at most 4GB would be allocated.

	Won't bite in practice (the product should never be that large),
	but worth using the right types to begin with, so that we are
	now computing (unsigned short)*(size_t).

	* python/libvirt-override.c (libvirt_virDomainGetVcpus): Use
	correct type.

2011-06-08  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positive
	Similar in nature to commit fd21ecfd, which shut up valgrind.

	sigaction is apparently a nasty interface for analyzer tools,
	at least for how many false positives it generates.

	* src/util/command.c (virExecWithHook): Initialize entire var, since
	coverity gripes about the (unused and non-standard) sa_restorer.

2011-06-08  Eric Blake  <eblake@redhat.com>

	storage: avoid mishandling backing store > 2GB
	Detected by Coverity.  The code was doing math on shifted unsigned
	char (which promotes to int), then promoting that to unsigned long
	during assignment to size.  On 64-bit platforms, this risks sign
	extending values of size > 2GiB.  Bug present since commit
	489fd3 (v0.6.0).

	I'm not sure if a specially-crafted bogus qcow2 image could
	exploit this, although it's probably not possible, since we
	were already checking for the computed results being within
	range of our fixed-size buffer.

	* src/util/storage_file.c (qcowXGetBackingStore): Avoid sign
	extension.

2011-06-08  Eric Blake  <eblake@redhat.com>

	build: detect Coverity 5.3.0
	Coverity 5.3.0 still outputs lots of COVERITY_* variables, but no
	longer modifies COVERITY_BUILD_COMMAND in the environment.  Pick
	one that seems likely to stay around.

	* configure.ac (STATIC_ANALYSIS): Detect newer Coverity.

2011-06-08  Osier Yang  <jyang@redhat.com>

	build: Fix typos in configure.ac

	virsh: Expose virDomainMigrateSetMaxSpeed API to virsh
	API virDomainMigrateSetMaxSpeed was introduced since 0.9.0, but
	no command in virsh yet.

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	lxc: Ensure container <init> actually exists
	Since we can't really get useful error reporting from virCommandExec since
	it needs to be the last thing we do.

	lxc: Verify root fs exists before mounting
	Otherwise the following virFileMakePath will create the directory for
	us and fail further ahead, which probably isn't intended.

	lxc: controller: Improve container error reporting
	Add a handshake with the cloned container process to try and detect
	if it fails to start.

	lxc: Improve guest startup error reporting
	Add a simple handshake with the lxc_controller process so we can detect
	process startup failures. We do this by adding a new --handshake cli arg
	to lxc_controller for passing a file descriptor. If the process fails to
	launch, we scrape all output from the logfile and report it to the user.

	lxc: Refactor controller command building
	Arranges things similar to the qemu driver. Will allow us to more easily
	report command error output.

	lxc: Don't report error in Wait/SendContinue
	We will reuse these shortly, and each use should have a different error
	message.

	lxc: Drop container stdio as late as possible
	Makes it more likely we get useful error output in the logs

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	Move virRun, virExec*, virFork to util/command
	Seems reasonable to have all command wrappers in the same place

	v2:
	    Dont move SetInherit

	v3:
	    Comment spelling fix
	    Adjust WARN0 comment
	    Remove spurious #include movement
	    Don't include sys/types.h
	    Combine virExec enums

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	util: Implement virRun as a wrapper around virCommand
	v2:
	    Simplify command building
	    Handle command building failure

	v3:
	    Remove unneeded NULL check

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	util: Remove unused virExec wrapper
	v3:
	    Remove obsolete comment

2011-06-07  Cole Robinson  <crobinso@redhat.com>

	qemu: Convert virExec usage to virCommand
	v2:
	    Have virCommand cleanup intermediate process for us

	v3:
	    Preserve original FD closing behavior

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove duplicated invalid-argument checks
	Those checks are already performed at the public API level.

2011-06-07  Osier Yang  <jyang@redhat.com>

	docs: Add doc for video element
	For backwards compatibility, if no <video> is set but there is a
	<graphics> tag, then we add a default <video> according to the
	guest type. Add docs to tell the user about this to not make
	them confused. Especially if they remove the video (such as via
	"virsh edit"), it will be surprised for them to see the video
	element is still in domain XML.

	Use VIR_USE_CPU instead of new wheel

2011-06-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid virGetVersion failure on specific driver support configurations
	virGetVersion itself doesn't take a virConnectPtr, but in order to obtain
	the hypervisor version against which libvirt was compiled it is used in
	combination with virConnectGetType like this:

	hvType = virConnectGetType(conn)
	virGetVersion(&libVer, hvType, &typeVer)

	When virConnectGetType is called on a remote connection then the remote
	driver returns the type of the underlying driver on the server side, for
	example QEMU. Then virGetVersion compares hvType to a set of strings that
	depend on configure options and returns LIBVIR_VERSION_NUMBER in most
	cases. Now this fails in case libvirt on the client side is just compiled
	with the remote driver enabled only and the server side has the actual
	driver such as the QEMU driver. It just happens to work when the actual
	driver is enabled on client and server side. But that's not always true.
	I noticed this on FreeBSD:

	freebsd# virsh -c qemu+tcp://192.168.178.22/system version
	Compiled against library: libvir 0.9.2
	error: failed to get the library version
	error: this function is not supported by the connection driver: virGetVersion

	This is not FreeBSD specific, happens on Windows as well due to the
	similar driver support configuration. The problem is that virConnectGetType
	returns QEMU, but virGetVersion on the client side only accepts Remote
	as hvType due to all other drivers being disabled on the client side.

	Daniel P. Berrange suggested to get rid of all the conditional code in
	virGetVersion, ignoring the hvType and always setting typeVer to
	LIBVIR_VERSION_NUMBER. virConnectGetVersion is supposed to be used to
	obtain the hypervisor version.

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make hvsupport.pl pick up the host device drivers
	Annotate the ESX device driver dummy.

	Refactor the udev and hal device driver strcuts to match the
	common annotation pattern.

2011-06-06  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.2
	* configure.ac docs/news.html.in libvirt.spec.in: update for release
	* po/*.po*: updated translations and regenerated

2011-06-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix driver method version annotations
	Change the driver comments for proper extraction and values by
	the scripts used for documentation

2011-06-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU p2p v2 migration when run from a v3 client
	When peer-2-peer migration was invoked by a client supporting
	v3, but where the target server only supported v2, we'd not
	correctly shutdown the guest.

	* src/qemu/qemu_migration.c: Ensure guest is shutdown in
	  v2 peer 2 peer migration

2011-06-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix typo in error message

2011-06-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't raise an error if the migration cookie is NULL
	The v2 migration protocol doesn't use cookies, so we should not
	be raising an error if the cookie parameters are NULL.

	* src/qemu/qemu_migration.c: Don't raise error if cookie is NULL

2011-06-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix check of virKillProcess return status
	The error code for virKillProcess is returned in the errno variable
	not the return value. THis mistake caused the logs to be filled with
	errors when shutting down QEMU processes

	* src/qemu/qemu_process.c: Fix process kill check.

2011-06-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix version extraction on Windows for newer VirtualBox versions
	VirtualBox 4.0.8 changed the registry key layout. Before the version
	number was in a Version key. Now the Version key contains %VER% and
	the actual version number is in VersionExt now.

	Move value lookup code into its own function: vboxLookupRegistryValue.

2011-06-04  Eric Blake  <eblake@redhat.com>

	API: consolidate common unreleased enums
	This commit is safe precisely because there has been no release
	for any of the enum values being deleted (they were added post-0.9.1).

	After the 0.9.2 release, we can then take advantage of
	virDomainModificationImpact in more places.

	* include/libvirt/libvirt.h.in (virDomainModificationImpact): New
	enum.
	(virDomainSchedParameterFlags, virMemoryParamFlags): Delete, since
	these were never released, and the new enum works fine here.
	* src/libvirt.c	(virDomainGetMemoryParameters)
	(virDomainSetMemoryParameters)
	(virDomainGetSchedulerParametersFlags)
	(virDomainSetSchedulerParametersFlags): Update documentation.
	* src/qemu/qemu_driver.c (qemuDomainSetMemoryParameters)
	(qemuDomainGetMemoryParameters, qemuSetSchedulerParametersFlags)
	(qemuSetSchedulerParameters, qemuGetSchedulerParametersFlags)
	(qemuGetSchedulerParameters): Adjust clients.
	* tools/virsh.c (cmdSchedinfo, cmdMemtune): Likewise.
	Based on ideas by Daniel Veillard and Hu Tao.

2011-06-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid use after free in qemuCaps parsing

	virsh: Document nodeinfo output

2011-06-03  Laine Stump  <laine@laine.org>

	security driver: ignore EINVAL when chowning an image file
	This fixes:

	  https://bugzilla.redhat.com/show_bug.cgi?id=702044
	  https://bugzilla.redhat.com/show_bug.cgi?id=709454

	Both of these complain of a failure to use an image file that resides
	on a read-only NFS volume. The function in the DAC security driver
	that chowns image files to the qemu user:group before using them
	already has special cases to ignore failure of chown on read-only file
	systems, and in a few other cases, but it hadn't been checking for
	EINVAL, which is what is returned if the qemu user doesn't even exist
	on the NFS server.

	Since the explanation of EINVAL in the chown man page almost exactly
	matches the log message already present for the case of EOPNOTSUPP,
	I've just added EINVAL to that same conditional.

2011-06-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Make dlopen usage in lock manager conditional
	This fixes a build failure on MinGW, due to MinGW not supporting dlopen.

2011-06-03  Neil Wilson  <neil@aldur.co.uk>

	Correct 'cputune' documentation example.

2011-06-03  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positive
	Coverity couldn't see that priv is NULL on failure.  But on failure,
	we might as well guarantee that callers don't try to free uninitialized
	memory.

	* src/remote/remote_driver.c (remoteGenericOpen): Even on failure,
	pass priv back to caller.

2011-06-03  Eric Blake  <eblake@redhat.com>

	build: silence coverity false positive
	Coverity complained that infd could be -1 at the point where it is
	passed to write, when in reality, this code can only be reached if
	infd is non-negative.

	* src/util/command.c (virCommandProcessIO): Help out coverity.

2011-06-03  Eric Blake  <eblake@redhat.com>

	migrate: detect xml incompatibility
	Detected by Coverity.  Bug introduced in 08106e2044 (unreleased).

	* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability):
	Use correct sizeof operand.

2011-06-03  Eric Blake  <eblake@redhat.com>

	event: avoid memory leak on cleanup
	Detected by Coverity.  Introduced in commit aaf2b70, and turned into
	a regression in the next few commits through 4e6e6672 (unreleased).

	* src/conf/domain_event.c (virDomainEventStateFree): Free object,
	per documentation.

2011-06-03  Eric Blake  <eblake@redhat.com>

	qemu: avoid memory leak on vcpupin
	Detected by Coverity.  This leaked a cpumap on every iteration
	of the loop.  Leak introduced in commit 1cc4d02 (v0.9.0).

	* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
	leak, and hoist allocation outside loop.

2011-06-03  Eric Blake  <eblake@redhat.com>

	remote: avoid leak on failure
	Detected by Coverity.  Only possible in OOM situations.

	* daemon/remote.c (remoteDispatchDomainScreenshot): Plug leak.

2011-06-03  Eric Blake  <eblake@redhat.com>

	lock: avoid leak on failure
	Detected by Coverity.  Only possible on OOM situations.

	* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.

2011-06-03  Eric Blake  <eblake@redhat.com>

	storage: avoid memory leak on stat failure
	Spotted by coverity.  Triggers on failed stat, although I'm not sure
	how easy that condition is, so I'm not sure if this is a runtime
	memory hog.  Regression introduced in commit 8077d64 (unreleased).

	* src/util/storage_file.c (virStorageFileGetMetadataFromFD):
	Reduce need for malloc, avoiding a leak.

2011-06-03  Eric Blake  <eblake@redhat.com>

	storage: avoid memory leak
	Coverity detected that options was being set by strdup but never
	freed.  But why even bother with an options variable?  The options
	parameter never changes!  Leak present since commit 44948f5b (0.7.0).

	This function could probably be rewritten to take better advantage
	of virCommand, but that is more invasive.

	* src/storage/storage_backend_fs.c
	(virStorageBackendFileSystemMount): Avoid wasted strdup, and
	guarantee proper cleanup on all paths.

2011-06-03  Eric Blake  <eblake@redhat.com>

	libvirtd: avoid leak on failure
	Spotted by Coverity.  Only possible on an OOM condition, so
	unlikely to bite in the wild.

	* daemon/libvirtd.c (qemudSetLogging): Don't leak memory.

2011-06-03  Eric Blake  <eblake@redhat.com>

	command: avoid leak on failure
	Detected by Coverity.  While it is possible on OOM condition, as
	well as with bad code that passes binary == NULL, it is unlikely
	to be encountered in the wild.

	* src/util/command.c (virCommandNewArgList): Don't leak memory.

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Explicitly set VM state to paused after migration completes
	In v3 migration, once migration is completed, the VM needs
	to be left in a paused state until after Finish3 has been
	executed on the target. Only then will the VM be killed
	off. When using non-JSON QEMU monitor though, we don't
	receive any 'STOP' event from QEMU, so we need to manually
	set our state offline & thus release lock manager leases.
	It doesn't hurt to run this on the JSON case too, just in
	case the event gets lost somehow

	* src/qemu/qemu_migration.c: Explicitly set VM state to
	  paused when migration completes

2011-06-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix regressions BlockStats/Info APIs in QEMU driver
	The change 18c2a592064d69499f70428e498f4a3cb5161cda caused
	some regressions in behaviour of virDomainBlockStats
	and virDomainBlockInfo in the QEMU driver.

	The virDomainBlockInfo API stopped working for inactive
	guests if querying a block device.

	The virDomainBlockStats API did not promptly report
	an error if the guest was not running in some cases.

	* src/qemu/qemu_driver.c: Fix inactive guest handling
	  in BlockStats/Info APIs

2011-06-02  Jim Fehlig  <jfehlig@novell.com>

	Fix minor issues in libxenlight managed save
	There were a few minor issues in commit 5b6c961e
	- leak managed save path
	- leak managed save fd
	- functions that open an fd should also close it

2011-06-02  Heath Petersen  <HeathPetersen@Kandre.com>

	uml: correct command line networking parameters
	I have been finding that some UML command line networking parameters are
	being generated incorrectly.

	For more information, see
	https://bugzilla.redhat.com/show_bug.cgi?id=706295 .

2011-06-02  Eric Blake  <eblake@redhat.com>

	docs: document iface-* commands
	I intentionally set things up so 'virsh help interface' lists
	commands in alphabetical order, but 'man virsh' lists them in
	topical order; this matches our practice on some other commands.

	* tools/virsh.pod: Document all iface commands.
	* tools/virsh.c (ifaceCmds): Sort.

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix auditing of disk hotunplug operations
	The qemuAuditDisk calls in disk hotunplug operations were being
	passed 'ret >= 0', but the code which sets ret to 0 was not yet
	executed, and the error path had already jumped to the 'cleanup'
	label. This meant hotunplug failures were never audited, and
	hotunplug success was audited as a failure

	* src/qemu/qemu_hotplug.c: Fix auditing of hotunplug

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash on NULL pointer in lock driver impls during hotplug
	When virLockDriverAcquire is invoked during hotplug the state
	parameter will be left as NULL.

	* src/locking/lock_driver_nop.c,
	  src/locking/lock_driver_sanlock.c: Don't reference NULL state
	  parameter

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix return value in lock manager hotplug methods
	Refactoring of the lock manager hotplug methods lost the
	ret = 0 assignment for successful return path

	* src/locking/domain_lock.c: Add missing ret = 0 assignments

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Make sure virDomainSave/virDomainManagedSave reset id to -1
	After successfull virDomainSave/virDomainManagedSave calls
	the guest will no longer be active, so the domain ID must
	be reset to -1

	* daemon/remote_generator.pl: Special case virDomainSave &
	  virDomainManagedSave for same reason as virDomainDestroy

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of VIR_EVENT_HANDLE_ERROR in QEMU monitor
	Commit 4454a9efc728b91e791b1f14c26ea23a19d57f48 introduced bad
	behaviour on the VIR_EVENT_HANDLE_ERROR condition. This condition
	is only hit when an invalid FD is used in poll() (typically due
	to a double-close bug). The QEMU monitor code was treating this
	condition as non-fatal, and thus libvirt would poll() in a fast
	loop forever burning 100% CPU. VIR_EVENT_HANDLE_ERROR must be
	handled in the same way as VIR_EVENT_HANDLE_HANGUP, killing the
	QEMU instance.

	* src/qemu/qemu_monitor.c: Treat VIR_EVENT_HANDLE_ERROR as EOF

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add call to sanlock_restrict() in QEMU lock driver
	In between fork and exec, a connection to sanlock is acquired
	and the socket file descriptor is intionally leaked to the
	child process. sanlock watches this FD for POLL_HANGUP to
	detect when QEMU has exited. We don't want a rogus/compromised
	QEMU from issuing sanlock RPC calls on the leaked FD though,
	since that could be used to DOS other guests. By calling
	sanlock_restrict() on the socket before exec() we can lock
	it down.

	* configure.ac: Check for sanlock_restrict API
	* src/locking/domain_lock.c: Restrict lock acquired in
	  process startup phase
	* src/locking/lock_driver.h: Add VIR_LOCK_MANAGER_ACQUIRE_RESTRICT
	* src/locking/lock_driver_sanlock.c: Add call to sanlock_restrict
	  when requested by VIR_LOCK_MANAGER_ACQUIRE_RESTRICT flag

2011-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build break from previous patch
	Partial revert of commit c3c30d4de9d.

	* docs/Makefile.am (internals/%.html.tmp): Restore MKDIR_P; it is
	needed for intermediate file after all.
	Reported by Daniel P. Berrange.

2011-06-02  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Expose the new API in virsh
	* tools/virsh.c: Add screenshot command
	* tools/virsh.pod: Document new command
	* src/libvirt.c: Fix off-be-one error

2011-06-02  Daniel Veillard  <veillard@redhat.com>

	libxl : fix the version for the managed save APIs

2011-06-02  Markus Groß  <gross@univention.de>

	libxl: adds managed save and restore support
	Based on the equivalent qemu driver code

	* src/libxl/libxl_driver.c: refactor the Start save and restore
	  routines of the driver and adds the new entry points for
	  managed saves handling

2011-06-02  Markus Groß  <gross@univention.de>

	libxl: get maximum memory of running domain
	* src/libxl/libxl_driver.c: fix the libxlDomainGetInfo to return the
	  maximum memory for running domain

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add a plugin for the 'sanlock' project
	Sanlock is a project that implements a disk-paxos locking
	algorithm. This is suitable for cluster deployments with
	shared storage.

	* src/Makefile.am: Add dlopen plugin for sanlock
	* src/locking/lock_driver_sanlock.c: Sanlock driver
	* configure.ac: Check for sanlock
	* libvirt.spec.in: Add a libvirt-lock-sanlock RPM

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Allow leases to be hotpluged with QEMU guests
	* src/conf/domain_conf.c, src/conf/domain_conf.h: APIs for
	  inserting/finding/removing virDomainLeaseDefPtr instances
	* src/qemu/qemu_driver.c: Wire up hotplug/unplug for leases
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Support
	  for hotplug and unplug of leases

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Support passing QEMU lock state to dest during migration
	Some lock managers associate state with leases, allowing a process
	to temporarily release its leases, and re-acquire them later, safe
	in the knowledge that no other process has acquired + released the
	leases in between.

	This is already used between suspend/resume operations, and must
	also be used across migration. This passes the lockstate in the
	migration cookie. If the lock manager uses lockstate, then it
	becomes compulsory to use the migration v3 protocol to get the
	cookie support.

	* src/qemu/qemu_driver.c: Validate that migration v2 protocol is
	  not used if lock manager needs state transfer
	* src/qemu/qemu_migration.c: Transfer lock state in migration
	  cookie XML

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Integrate the QEMU driver with the lock manager infrastructure
	The QEMU integrates with the lock manager instructure in a number
	of key places

	 * During startup, a lock is acquired in between the fork & exec
	 * During startup, the libvirtd process acquires a lock before
	   setting file labelling
	 * During shutdown, the libvirtd process acquires a lock
	   before restoring file labelling
	 * During hotplug, unplug & media change the libvirtd process
	   holds a lock while setting/restoring labels

	The main content lock is only ever held by the QEMU child process,
	or libvirtd during VM shutdown. The rest of the operations only
	require libvirtd to hold the metadata locks, relying on the active
	QEMU still holding the content lock.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,
	  src/qemu/libvirtd_qemu.aug, src/qemu/test_libvirtd_qemu.aug:
	  Add config parameter for configuring lock managers
	* src/qemu/qemu_driver.c: Add calls to the lock manager

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add initial docs about the lock managers

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add higher level lock API for domain objects
	To facilitate use of the locking plugins from hypervisor drivers,
	introduce a higher level API for locking virDomainObjPtr instances.
	In includes APIs targetted to VM startup, and hotplug/unplug

	* src/Makefile.am: Add domain lock API
	* src/locking/domain_lock.c, src/locking/domain_lock.h: High
	  level API for domain locking

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Add a 'nop' lock driver implementation.
	To allow hypervisor drivers to assume that a lock driver impl
	will be guaranteed to exist, provide a 'nop' impl that is
	compiled into the library

	* src/Makefile.am: Add nop driver
	* src/locking/lock_driver_nop.c, src/locking/lock_driver_nop.h:
	  Nop lock driver implementation
	* src/locking/lock_manager.c: Enable direct access of 'nop'
	  driver, instead of dlopen()ing it.

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Basic framework for lock manager plugins
	Define the basic framework lock manager plugins. The
	basic plugin API for 3rd parties to implemented is
	defined in

	  src/locking/lock_driver.h

	This allows dlopen()able modules for alternative locking
	schemes, however, we do not install the header. This
	requires lock plugins to be in-tree allowing changing of
	the lock manager plugin API in future.

	The libvirt code for loading & calling into plugins
	is in

	  src/locking/lock_manager.{c,h}

	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_LOCKING
	* src/locking/lock_driver.h: API for lock driver plugins
	  to implement
	* src/locking/lock_manager.c, src/locking/lock_manager.h:
	  Internal API for managing locking
	* src/Makefile.am: Add locking code

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Support leases in guest XML and lock manager
	A lock manager may operate in various modes. The direct mode of
	operation is to obtain locks based on the resources associated
	with devices in the XML. The indirect mode is where the app
	creating the domain provides explicit leases for each resource
	that needs to be locked. This XML extension allows for listing
	resources in the XML

	  <devices>
	     ...
	     <lease>
	       <lockspace>somearea</lockspace>
	       <key>thequickbrownfoxjumpsoverthelazydog</key>
	       <target path='/some/lease/path' offset='23432'/>
	     </lease>
	     ...
	  </devices>

	The 'lockspace' is a unique identifier for the lockspace which
	the lease is associated

	The 'key' is a unique identifier for the resource associated
	with the lease.

	The 'target' is the file on disk where the leases are held.

	* docs/schemas/domain.rng: Add lease schema
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing and
	  formatting for leases
	* tests/qemuxml2argvdata/qemuxml2argv-lease.args,
	  tests/qemuxml2argvdata/qemuxml2argv-lease.xml,
	  tests/qemuxml2xmltest.c: Test XML handling for leases

2011-06-02  Daniel P. Berrange  <berrange@redhat.com>

	Allow handshake with child process during startup
	Allow the parent process to perform a bi-directional handshake
	with the child process during fork/exec. The child process
	will fork and do its initial setup. Immediately prior to the
	exec(), it will stop & wait for a handshake from the parent
	process. The parent process will spawn the child and wait
	until the child reaches the handshake point. It will do
	whatever extra setup work is required, before signalling the
	child to continue.

	The implementation of this is done using two pairs of blocking
	pipes. The first pair is used to block the parent, until the
	child writes a single byte. Then the second pair pair is used
	to block the child, until the parent confirms with another
	single byte.

	* src/util/command.c, src/util/command.h,
	  src/libvirt_private.syms: Add APIs to perform a handshake

2011-06-02  Eric Blake  <eblake@redhat.com>

	security: plug regression introduced in disk probe logic
	Regression introduced in commit d6623003 (v0.8.8) - using the
	wrong sizeof operand meant that security manager private data
	was overlaying the allowDiskFormatProbing member of struct
	_virSecurityManager.  This reopens disk probing, which was
	supposed to be prevented by the solution to CVE-2010-2238.

	* src/security/security_manager.c
	(virSecurityManagerGetPrivateData): Use correct offset.

2011-06-01  Eric Blake  <eblake@redhat.com>

	tests: really fix QEMU XML-2-ARGV graphics-spice-timeout test
	Alas, /usr/bin/kvm is also not directly supported by testutilsqemu.c.

	In fact, _any_ test that uses <cpu match=...> has to use our faked
	qemu.sh in order to properly answer the 'qemu -cpu ?' probe done
	during qemu command line building.

	* tests/qemuxml2argvdata/*graphics-spice-timeout*: Switch emulator, again.

2011-06-01  Eric Blake  <eblake@redhat.com>

	build: avoid corrupting / in RHEL 5
	I noticed this while building from libvirt.git on RHEL 5.6:

	Generating internals/command.html.tmp
	mkdir: cannot create directory `/internals': Permission denied

	If I had been building as root instead, this pollutes /.

	Older autoconf lacks $(builddir), but it is rigorously equal to '.'
	in newer autoconf, so we could use '$(MKDIR_P) internals' instead.

	However, since internals/command.html is part of the tarball, we
	_already_ build it in $(srcdir), not $(builddir) during VPATH
	builds, so the mkdir is wasted effort!

	* docs/Makefile.am (internals/%.html.tmp): Drop unused mkdir.

2011-06-01  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add a test for correct disk device ordering

	Fix order of disks and controllers
	Commit 2d6adabd53c8f1858191d521dc9b4948d1205955 replaced qsorting disk
	and controller devices with inserting them at the right position. That
	was to fix unnecessary reordering of devices. However, when parsing
	domain XML devices are just taken in the order in which they appear in
	the XML since. Use the correct insertion algorithm to honor device
	target.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix QEMU XML-2-ARGV graphics-spice-timeout test
	The test used an emulator that is not supported in testutilsqemu.c.
	Switch from qemu-kvm to kvm to fix this.

	remote generator: Handle some virTypedParameterPtr using functions
	This doesn't cover the getters that allow to query nparams yet.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	apibuild: Restrict long usage to existing functions and structs
	New APIs have to use long long instead of long.

	Also make apibuild errors fatal.

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Legacy support for hyper to long mappings
	Remove some special case code that took care of mapping hyper to the
	correct C types.

	As the list of procedures that is allowed to map hyper to long is fixed
	put it in the generator instead annotations in the .x files. This
	results in simpler .x file parsing code.

	Use macros for hyper to long assignments that perform overflow checks
	when long is smaller than hyper. Map hyper to long long by default.

	Suggested by Eric Blake.

2011-06-01  Daniel P. Berrange  <berrange@redhat.com>

	Remove call to deprecated gnutls_certificate_type_set_priority
	The gnutls_certificate_type_set_priority method is deprecated.
	Since we already set the default gnutls priority, and do not
	support OpenGPG credentials in any case, it was not serving
	any useful purpose and can be removed

	* src/remote/remote_driver.c: Remove src/remote/remote_driver.c
	  call

2011-06-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use common parameter order for remote(De)SerializeTypedParameters
	We commonly use "value, length" order, let's stick to this.

	openvz: Add simple test for openvzReadNetworkConf
	Convert openvzLocateConfFile to a replaceable function pointer to
	allow testing the config file parsing without rewriting the whole
	OpenVZ config parsing to a more testable structure.

	openvz: Set virtType to openvz in openvzLoadDomains
	Otherwise virsh dumpxml will report <domain type='qemu'> instead
	of the expected <domain type='openvz'>.

2011-06-01  Osier Yang  <jyang@redhat.com>

	util: Fix incorrect error in PCI functions
	Substitute VIR_ERR_NO_SUPPORT with VIR_ERR_INTERNAL_ERROR. Error
	like following is not what user want to see.

	error : pciDeviceIsAssignable:1487 : this function is not supported
	by the connection driver: Device 0000:07:10.0 is behind a switch
	lacking ACS and cannot be assigned

2011-05-31  Eric Blake  <eblake@redhat.com>

	maint: use consistent file name for threading notes
	* daemon/THREADING.txt: Rename...
	* daemon/THREADS.txt: ...to match qemu thread notes.
	* daemon/Makefile.am (EXTRA_DIST): Reflect rename.

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Restore original EOF handling in openvzGetProcessInfo
	This function is also affected by getline conversion. But this
	didn't result in a regression in general, because the difference
	would only affect the behavior of the function when the line in
	/proc/vz/vestat for the given vpsid wasn't found. Under normal
	conditions this should not happen.

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Handle getline failures in openvzReadConfigParam properly
	The regression fix in 3aab7f2d6b068f0 altered the error handling.
	getline returns -1 on failure to read a line (including EOF). The
	original openvzReadConfigParam function using openvz_readline only
	treated EOF as not-found. The current getline version treats all
	getline failures as not-found.

	This patch fixes this and distinguishes EOF from other getline
	failures.

2011-05-31  Eric Blake  <eblake@redhat.com>

	* .gitignore: Exempt a new test binary.

2011-05-31  Cole Robinson  <crobinso@redhat.com>

	storage: List directory volumes for dir/fs/netfs pools
	Since directories can be used for <filesystem> passthrough, they are
	basically storage volumes.

	v2:
	    Skip ., .., lost+found dirs

	v3:
	    Use gnulib last_component

	v4:
	    Use gnulib "dirname.h", not system <dirname.h>
	    Don't skip lost+found

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	tests: Add more complex domain scheme test data

	tests: Test for SPICE compression options
	and check regression

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Ignore backward compatibility macros in apibuild.py
	This fixes this three warnings from the parser by allowing the parser
	to ignore some macros in the same way as it can ignore functions.

	Parsing ./../include/libvirt/libvirt.h
	Misformatted macro comment for _virSchedParameter
	 Expecting '* _virSchedParameter:' got '* virSchedParameter:'
	Misformatted macro comment for _virBlkioParameter
	 Expecting '* _virBlkioParameter:' got '* virBlkioParameter:'
	Misformatted macro comment for _virMemoryParameter
	 Expecting '* _virMemoryParameter:' got '* virMemoryParameter:'

2011-05-31  Michal Privoznik  <mprivozn@redhat.com>

	conf: Fix incorrect spice graphic XML format on compression options
	If spice graphics has no <channel> elements, the output graphics XML
	is messed up. To prevent this, we need to end the <graphics> element
	just before adding any compression selecting elements.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix sysinfo/virsh build problems on Win32
	The virSysinfoIsEqual method was mistakenly inside a #ifndef WIN32
	conditional.

	The existing virSysinfoFormat is also stubbed out on Win32, even
	though the code works without any trouble. This breaks XML output
	on Win32, so the stub is removed.

	virsh migrate mistakenly had some variables inside the conditional

	* src/util/sysinfo.c: Build virSysinfoIsEqual on Win32 and remove
	  Win32 stub for virSysinfoFormat
	* tools/virsh.c: Fix variable declaration on Win32

2011-05-31  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix bridge devices parsing in openvzReadNetworkConf()
	strchrnul() was called on the wrong string so it returned
	the same result for each iteration.

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Ensure hvsupport.html.in is built before HTML validation
	In a parallel make, HTML validation tries to run before
	hvsupport.html.in has been built.

	* docs/Makefile.am: List hvsupport.html.in as a built source

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Allow custom XML to be passed in during migration
	Update the qemuDomainMigrateBegin method so that it accepts
	an optional incoming XML document. This will be validated
	for ABI compatibility against the current domain config,
	and if this check passes, will be passed back out for use
	by the qemuDomainMigratePrepare method on the target

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h,
	  src/qemu/qemu_migration.c: Allow custom XML to be passed

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Allow virsh to pass in a custom XML document for migration
	Switch virsh migrate over to use virDomainMigrate2 and
	virDomainMigrateToURI2. This is still compatible with
	older libvirts, because these methods dynamically choose
	whether to perform v1, v2 or v3 migration based on declared
	RPC support from the libvirtd instances

	Add a --xml arg which allows the user to pass in a custom
	XML document. This XML document must be ABI compatible
	with the current *live* XML document for the running guest
	on the source host. ABI compatibility will be enforced by
	any driver supporting this function

	* tools/virsh.c: Add '--xml' arg to migrate command

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Add an API for comparing the ABI of two guest configurations
	To allow a client app to pass in custom XML during migration
	of a guest it is neccessary to ensure the guest ABI remains
	unchanged. The virDomainDefCheckABIStablity method accepts
	two virDomainDefPtr structs and compares everything in them
	that could impact the guest machine ABI

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefCheckABIStablity
	* src/conf/cpu_conf.c, src/conf/cpu_conf.h: Add virCPUDefIsEqual
	* src/util/sysinfo.c, src/util/sysinfo.h: Add virSysinfoIsEqual

2011-05-31  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused 'target' field in virDomainHostdevDef
	The virDomainHostdevDef struct contains a 'char *target'
	field. This is set to 'NULL' when parsing XML and never
	used / set anywhere else. Clearly it is bogus & unused

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove
	  target from virDomainHostdevDef

2011-05-31  Osier Yang  <jyang@redhat.com>

	lxc: Seperate domain config loading
	This patch seperate the domain config loading just as qemu driver
	does, first loading config of running or trasient domains, then
	of persistent inactive domains. And only try to reconnect the
	monitor of running domains, so that it won't always throws errors
	saying can't connect to domain monitor.

	And as "virDomainLoadConfig->virDomainAssignDef->virDomainObjAssignDef",
	already do things like "vm->newDef = def", removed the codes
	in "lxcReconnectVM" that does the same work.

2011-05-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix virTypedParameter alias comments
	Remove the Domain prefix from the comments.

	openvz: Automatically disable on non-Linux systems
	As OpenVZ is Linux specific.

2011-05-31  Markus Groß  <gross@univention.de>

	Support maximum and current memory flags in libxl driver
	Add support to set the maximum memory of the domain.
	Also add support to change the memory of the current
	state of the domain, which translates to a running
	domain or the config of the domain.

	Based on the code from the qemu driver.

2011-05-31  Markus Groß  <gross@univention.de>

	Add domainSave/Restore to libxl driver
	v3:
	* initialize xml pointer to avoid segfault
	* throw error message if domain is paused as
	  libxenlight itself will pause it

	v2:
	* header is now padded and has a version field
	* the correct restore function from libxl is used
	* only create the restore event once in libxlVmStart

2011-05-31  Markus Groß  <gross@univention.de>

	Add domainCoreDump to libxl driver
	v2:
	* incorporated Jim Fehlig's review

	Populate domid field of devices for libxenlight
	This patch fixes the population of the
	libxenlight data structures. Now the devices
	should be removed correctly from the xenstore
	if they are detached.

2011-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Issue full error messages when processing QEMU monitor I/O
	Currently the QEMU monitor I/O handler code uses errno values
	to report errors. This results in a sub-optimal error messages
	on certain conditions, in particular when parsing JSON strings
	malformed data simply results in 'EINVAL'.

	This changes the code to use the standard libvirt error reporting
	APIs. The virError is stored against the qemuMonitorPtr struct,
	and when a monitor API is run, any existing stored error is copied
	into that thread's error local

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Use
	  virError APIs for all monitor I/O handling code

2011-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Don't kill QEMU process when a monitor I/O parsing error occurs
	Currently whenever there is any failure with parsing the monitor,
	this is treated in the same was as end-of-file (ie QEMU quit).
	The domain is terminated, if not already dead.

	With this change, failures in parsing the monitor stream do not
	result in the death of QEMU. The guest continues running unchanged,
	but all further use of the monitor will be disabled.

	The VMM_FAILURE event will be emitted, and the mgmt application
	can decide when to kill/restart the guest to re-gain control

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Run a
	  different callback for monitor EOF vs error conditions.
	* src/qemu/qemu_process.c: Emit VMM_FAILURE event when monitor
	  fails

2011-05-29  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a new event emitted when a virtualization failure occurs
	This introduces a new domain

	  VIR_DOMAIN_EVENT_ID_CONTROL_ERROR

	Which uses the existing generic callback

	typedef void (*virConnectDomainEventGenericCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     void *opaque);

	This event is intended to be emitted when there is a failure in
	some part of the domain virtualization system. Whether the domain
	continues to run/exist after the failure is an implementation
	detail specific to the hypervisor.

	The idea is that with some types of failure, hypervisors may
	prefer to leave the domain running in a "degraded" mode of
	operation. For example, if something goes wrong with the QEMU
	monitor, it is possible to leave the guest OS running quite
	happily. The mgmt app will simply loose the ability todo various
	tasks. The mgmt app can then choose how/when to deal with the
	failure that occured.
	* daemon/remote.c: Dispatch of new event
	* examples/domain-events/events-c/event-test.c: Demo catch
	  of event
	* include/libvirt/libvirt.h.in: Define event ID and callback
	* src/conf/domain_event.c, src/conf/domain_event.h: Internal
	  event handling
	* src/remote/remote_driver.c: Receipt of new event from daemon
	* src/remote/remote_protocol.x: Wire protocol for new event
	* src/remote_protocol-structs: add new event for checks

2011-05-29  Eric Blake  <eblake@redhat.com>

	sched: provide new API shims for remaining drivers
	Well, the remaining drivers that already had the get/set
	scheduler parameter functionality to begin with.

	For now, this blindly treats VIR_DOMAIN_SCHEDINFO_CURRENT as
	the only supported operation for these 5 domains; it will
	take domain-specific patches if more specific behavior is
	preferred.

	* src/esx/esx_driver.c (esxDomainGetSchedulerParameters)
	(esxDomainSetSchedulerParameters): Move guts...
	(esxDomainGetSchedulerParametersFlags)
	(esxDomainSetSchedulerParametersFlags): ...to new functions.
	* src/libxl/libxl_driver.c (libxlDomainGetSchedulerParameters)
	(libxlDomainSetSchedulerParameters)
	(libxlDomainGetSchedulerParametersFlags)
	(libxlDomainSetSchedulerParametersFlags): Likewise.
	* src/lxc/lxc_driver.c (lxcGetSchedulerParameters)
	(lxcSetSchedulerParameters, lxcGetSchedulerParametersFlags)
	(lxcSetSchedulerParametersFlags): Likewise.
	* src/test/test_driver.c (testDomainGetSchedulerParams)
	(testDomainSetSchedulerParams, testDomainGetSchedulerParamsFlags)
	(testDomainSetSchedulerParamsFlags): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainGetSchedulerParameters)
	(xenUnifiedDomainSetSchedulerParameters)
	(xenUnifiedDomainGetSchedulerParametersFlags)
	(xenUnifiedDomainSetSchedulerParametersFlags): Likewise.

2011-05-29  Eric Blake  <eblake@redhat.com>

	virsh: improve schedinfo querying ability
	Since we can now set just --live or --config, we also need to be
	able to query that back.

	In the case of setting both --live and --config, it shouldn't matter
	which value we read back; otherwise, since querying treats the two
	flags as mutually exclusive, so does this patch.

	* tools/virsh.c (cmdSchedinfo): Use new API where appropriate.

2011-05-29  Eric Blake  <eblake@redhat.com>

	remote: introduce remoteGetSchedulerParametersFlags
	* daemon/remote.c (remoteDispatchDomainGetSchedulerParameters):
	New function.
	* src/remote/remote_driver.c (remoteDomainGetSchedulerParameters):
	Likewise.
	* src/remote/remote_protocol.x
	(remote_domain_get_scheduler_parameters_flags_args)
	(remote_domain_get_scheduler_parameters_flags_ret): New types.
	(remote_procedure): New RPC.
	* src/remote_protocol-structs: Likewise.

	qemu: introduce qemuGetSchedulerParametersFlags
	* src/qemu/qemu_driver.c (qemuGetSchedulerParameters): Move
	guts...
	(qemuGetSchedulerParametersFlags): ...to new callback, and honor
	flags more accurately.

2011-05-29  Eric Blake  <eblake@redhat.com>

	sched: introduce virDomainGetSchedulerParametersFlags
	If we can choose live or config when setting, then we need to
	be able to choose which one we are querying.

	Also, make the documentation clear that set must use a non-empty
	subset (some of the hypervisors fail if params is NULL).

	* include/libvirt/libvirt.h.in
	(virDomainGetSchedulerParametersFlags): New prototype.
	* src/libvirt.c (virDomainGetSchedulerParametersFlags): Implement
	it.
	* src/libvirt_public.syms: Export it.
	* python/generator.py (skip_impl): Don't auto-generate.
	* src/driver.h (virDrvDomainGetSchedulerParametersFlags): New
	callback.

2011-05-29  Eric Blake  <eblake@redhat.com>

	remote: consolidate typed parameter handling
	* src/remote/remote_protocol.x (remote_typed_param_value)
	(remote_typed_param):  New types.
	(remote_sched_param_value, remote_sched_param)
	(remote_blkio_param_value, remote_blkio_param)
	(remote_memory_param_value, remote_memory_param): Delete.
	(remote_domain_get_scheduler_parameters_ret)
	(remote_domain_set_scheduler_parameters_args)
	(remote_domain_set_scheduler_parameters_flags_args)
	(remote_domain_set_blkio_parameters_args)
	(remote_domain_get_blkio_parameters_ret)
	(remote_domain_set_memory_parameters_args)
	(remote_domain_get_memory_parameters_ret): Update clients.
	* src/remote_protocol-structs: Likewise.
	* src/remote/remote_driver.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDomainSetMemoryParameters)
	(remoteDomainGetMemoryParameters, remoteDomainSetBlkioParameters)
	(remoteDomainGetBlkioParameters)
	(remoteDomainGetSchedulerParameters)
	(remoteDomainSetSchedulerParameters)
	(remoteDomainSetSchedulerParametersFlags): Update clients.
	* daemon/remote.c (remoteSerializeTypedParameters)
	(remoteDeserializeTypedParameters): New functions.
	(remoteDispatchDomainGetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParameters)
	(remoteDispatchDomainSetSchedulerParametersFlags)
	(remoteDispatchDomainSetMemoryParameters)
	(remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainSetBlkioParameters)
	(remoteDispatchDomainGetBlkioParameters): Update clients.

2011-05-29  Eric Blake  <eblake@redhat.com>

	maint: prefer newer API names internally
	Rather mechanical in nature.

	* src/driver.h: Use newer virTypedParameter API names.
	* src/libvirt.c: Likewise.
	* daemon/remote.c: Likewise.
	* src/esx/esx_driver.c: Likewise.
	* src/libxl/libxl_driver.c: Likewise.
	* src/lxc/lxc_driver.c: Likewise.
	* src/qemu/qemu_driver.c: Likewise.
	* src/remote/remote_driver.c: Likewise.
	* src/test/test_driver.c: Likewise.
	* src/xen/xen_driver.c: Likewise.
	* src/xen/xen_hypervisor.c: Likewise.
	* src/xen/xen_hypervisor.h: Likewise.
	* src/xen/xend_internal.c: Likewise.
	* tools/virsh.c: Likewise.

2011-05-29  Eric Blake  <eblake@redhat.com>

	libvirt.h: avoid regression, and document preferred name
	Commit 824dcaff was a regression (thankfully unreleased) for any
	client code that used 'struct _virSchedParameter' directly rather
	than the preferred virSchedParameter typedef.  Adding a #define
	avoids even that API change, while rearranging the file makes it
	clear what the old vs. new API is.

	* include/libvirt/libvirt.h.in: Rearrange older names to the
	bottom and improve documentation on preferred names.
	(virDomainGetSchedulerParameters, virDomainSetSchedulerParameters)
	(virDomainSetSchedulerParametersFlags)
	(virDomainSetBlkioParameters, virDomainGetBlkioParameters)
	(virDomainSetMemoryParameters, virDomainGetMemoryParameters):
	Use newer type names.
	* python/libvirt-override.c: Adjust code generation to cope.
	Suggested by Daniel P. Berrange.

2011-05-29  Daniel Veillard  <veillard@redhat.com>

	Fix a make check error
	Apparently introdunced in commit 376e1d9420b
	the generator produces u_int flags not unsigned int flags.

	* src/remote_protocol-structs: fix to the actual expected type and
	  alignment

2011-05-29  Richard Laager  <rlaager@wiktel.com>

	Fix virExecWithHook Prototype
	This was necessary to get libvirt to build on Solaris 11 Express and
	seems correct (as it makes this match the definition in util.c):

2011-05-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder locks
	This patch reorders the locks for the nwfilter updates and the access
	the nwfilter objects. In the case that the IP address learning thread
	was instantiating filters while an update happened, the previous order
	lead to a deadlock.

2011-05-27  Laine Stump  <laine@laine.org>

	interface: reformat error logs
	It was suggested during review of a different patch that the libvirt
	interface driver API's should have "netcf:" in their log
	messages. This patch eliminates that from all interface driver API
	functions, and also eliminates the extra " - " in the case that netcf
	returns no details in its error info (which *never* happens at
	present, but could happen sometime in the future.

2011-05-27  Michal Privoznik  <mprivozn@redhat.com>

	interface: implement a test driver for network config transaction API.

	interface: Implement driver methods for network config transaction API
	This is the functionality at the end of the libvirt part of the call
	chain - for each function, the corresponding netcf API is called.

	interface: expose network config transaction API to virsh
	This implements the commands iface-begin, iface-commit, and iface-rollback,
	which simply call the corresponding functions in the libvirt API.

	interface: implement remote protocol for network config transaction API

	interface: implement public APIs for libvirt transactional network changes

	interface: define internal driver API for network config transactions

2011-05-27  Michal Privoznik  <mprivozn@redhat.com>

	interface: new public API for network config change transactions
	This is the API agreed on in:

	  https://www.redhat.com/archives/libvir-list/2011-May/msg00026.html

	(with a slight name change to use "...begin" rather than
	"...start"). This implements transactional changes to the host network
	config. When a transaction is begun with ncf_change_begin(), all other
	netcf APIs will continue to work as they always have, but a snapshot
	of the existing config will be taken, allowing reversion (rollback,
	using ncf_change_rollback()) to the exact state of config at the time
	ncf_change_begin() was called. Alternately, if it's determined that
	the new changes are acceptable, ncf_change_commit() can be called,
	which will eliminate the snapshot and make the changes permanent.

	As a failsafe measure, if neither ncf_change_commit() or
	ncf_change_rollback() is called by the next time the system reboots,
	the netcf-transaction initscript will be automatically called to
	rollback the changes.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Fix regression in openvzGetVPSUUID
	Commit f044376530f313a replaced openvz_readline with getline and
	changed EOF-handling in the openvzGetVPSUUID.

	This patch restores original EOF-handling.

	Reported by Jean-Baptiste Rouault.

2011-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add sexpr.c to the list of file with translatable messages
	This should have been in the last commit.

	sexpr: Improve serialization error reporting

	Fix build with --with-driver-modules enabled
	Export a bunch of missing symbols and link the remote driver to gnulib.

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: implement the new flags for setting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainSetMemoryParameters to
	  look at the flag parameter and depending on it save the config
	  or the live amount

	qemu: implement the new flags for getting memory parameters
	* src/qemu/qemu_driver.c: update qemuDomainGetMemoryParameters to
	  look at the flag parameter and depending on it read the config
	  or the live amount

2011-05-27  Hu Tao  <hutao@cn.fujitsu.com>

	Add new flags for setting memory parameters
	The new flags allow to pick current state, config or the live
	parameter, with current being the existing API default (0).
	This also hooks this to --config, --live, --current parameters for
	the memtune virsh command

	* include/libvirt/libvirt.h.in: defines the new flags
	* tools/virsh.c: adds support at virsh level
	* tools/virsh.pod: updates virsh documentation

2011-05-27  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu : support persistent add/delete network interface
	This patch allows to modify interfaces of domain(qemu)
	* src/conf/domain_conf.c src/conf/domain_conf.h src/libvirt_private.syms:
	  (virDomainNetInsert)     : Insert a network device to domain definition.
	  (virDomainNetIndexByMac) : Returns an index of net device in array.
	  (virDomainNetRemoveByMac): Remove a NIC of passed MAC address.
	* src/qemu/qemu_driver.c
	  (qemuDomainAttachDeviceConfig): add codes for NIC.
	  (qemuDomainDetachDeviceConfig): add codes for NIC.

2011-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix regression in absolute file name handling
	Before commit 145d6cb05c45f4 (in August 2010) absolute file names
	in VMX and domain XML configs were handled correctly. But this got
	lost during the refactoring. The test cases didn't highlight this
	problem because they have their own set of file name handling
	functions. The actual ones require a real connection to an ESX
	server. Also the test case functions always worked correctly.

	Fix the regression and add a new in-the-wild VMX file that contains
	such a problematic absolute path. Even though this test case won't
	protect against new regressions.

	Reported by lofic (IRC nick)

2011-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Add simple testcase for config file parsing function
	This testcase passes before the regression is added in f0443765, fails
	after that commit and passes again after the regression was fixed.

2011-05-26  Hu Tao  <hutao@cn.fujitsu.com>

	don't check flags in virDomainSetSchedulerParametersFlags
	drivers implementing domainSetSchedulerParametersFlags should check
	flags themselves.

2011-05-26  Taisuke Yamada  <tai@rakugaki.org>

	openvz: Fix regression in config file parsing
	As reported by Diego Blanco in

	  https://bugzilla.redhat.com/show_bug.cgi?id=702602

	commit f0443765 which replaced openvz_readline to getline(3)
	broke OpenVZ driver as it changed semantics of EOF-handling
	when parsing OpenVZ configuration.

	There're several other issues reported with current OpenVZ driver:

	 #1: unclear error message when parsing "CPUS=" line
	 #2: openvz driver goes into crashing loop
	 #3: "NETIF=" line in configuration is not parsed correctly
	 #4: aborts even when optional parameter is missing
	 #5: there's a potential memory leak

	This updated patch to fix #[145]. This patch does not fix #[23]
	as I haven't verified these yet, but this at least got me to run
	OpenVZ on libvirt once again.

2011-05-26  Eric Blake  <eblake@redhat.com>

	audit: fix minor off-by-one
	Coverity spotted this off-by-one.  Thankfully, no one in libvirt
	was ever calling virAuditSend with an argument of 3.

	* src/util/virtaudit.c (virAuditSend): Use correct comparison.

2011-05-26  Federico Simoncelli  <fsimonce@redhat.com>

	qemu: allow blkstat/blkinfo calls during migration
	Originally most of libvirt domain-specific calls were blocking
	during a migration.
	A new mechanism to allow specific calls (blkstat/blkinfo) to be
	executed in such condition has been implemented.
	In the long term it'd be desirable to get a more general
	solution to mark further APIs as migration safe, without needing
	special case code.

	 * src/qemu/qemu_migration.c: add some additional job signal
	   flags for doing blkstat/blkinfo during a migration
	 * src/qemu/qemu_domain.c: add a condition variable that can be
	   used to efficiently wait for the migration code to clear the
	   signal flag
	 * src/qemu/qemu_driver.c: execute blkstat/blkinfo using the
	   job signal flags during migration

2011-05-26  Markus Groß  <gross@univention.de>

	Add disk attach/detach support to libxl driver
	Based on the device attach/detach code from the QEMU driver,
	but using the new functions to create the structures associated.
	* src/libxl/libxl_driver.c: implements domainAttachDevice,
	  domainAttachDeviceFlags, domainDetachDevice, domainDetachDeviceFlags
	  and domainUpdateDeviceFlags

	Fix libxl vm def handling on domU cleanup
	* src/libxl/libxl_driver.c: in libxlVmCleanup, free up the
	  newDef definition if present overwise it would be leaked.

2011-05-26  Markus Groß  <gross@univention.de>

	Refactored libxl datastructure instantiation
	Create 3 new function refactored from previous list ones and
	exports them internally to the driver

	* src/libxl/libxl_conf.c src/libxl/libxl_conf.h: create libxlMakeDisk,
	  libxlMakeNic libxlMakeVfb out of the exsting static List functions
	  and exports them

2011-05-26  Markus Groß  <gross@univention.de>

	Fix modifying disk devices in qemu driver
	When modifying the disk devices of a live domain and the domain
	configuration, the function qemuDomainAttachDeviceConfig
	first sets dev->data->disk to NULL. Later qemuDomainAttachDeviceLive
	accesses dev->data.disk and causes a segfault.
	* src/qemu/qemu_driver.c: fix qemuDomainModifyDeviceFlags() accordingly

2011-05-26  Michal Privoznik  <mprivozn@redhat.com>

	schema: Add graphics element passwdValidTo attribute to schema
	We support this in code, but forgot to add this to RNG schema as well.
	According to documentation, the value match the dateTime type.

2011-05-26  Eric Blake  <eblake@redhat.com>

	build: fix 'make dist' for ./configure --without-remote
	Anything generated that must end up in the tarball must either
	have unconditional rules for generation (remote_protocol.c) or
	must live in libvirt.git for the case where the person running
	'make dist' has disabled the configure options that control the
	rebuild of the generated file (remote_protocol-structs).

	* src/Makefile.am (remote_protocol-structs): Add a dependency and
	document why it must live in git.
	($(srcdir)/remote/%_protocol.c, $(srcdir)/remote/%_protocol.c):
	Unconditionally generate.

2011-05-25  Richard W.M. Jones  <rjones@redhat.com>

	json: Avoid passing large positive 64 bit integers to QMP.
	http://lists.gnu.org/archive/html/qemu-devel/2011-05/threads.html#02162

	Currently, qemu silently clips any JSON integer in the range
	0x8000000000000000 - 0xffffffffffffffff (all numbers in this range
	will be clipped to 0x7fffffffffffffff == LLONG_MAX).

	To avoid this, pass these as signed 64 bit integers in the QMP
	request.

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix sign mismatches between public API, driver API and XDR protocol
	In most cases this affects flags parameters that are unsigned in the
	public and driver API but signed in the XDR protocol. Switch the
	XDR protocol to unsigned for those.

	A counterexample is virNWFilterGetXMLDesc. Its flags parameter is signed
	in the public API and XDR protocol, but unsigned in the driver API.

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Fix XDR sign mismatch for virNodeGet(Cells)FreeMemory
	virNodeGetFreeMemory used unsigned long long in the public API but
	signed hyper in the XDR protocol. Convert the XDR protocol to use
	unsigned hyper.

	As explained by Eric before, this doesn't affect the on-the-wire protocol.

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Handle stream-using functions
	Extend procedure annotation in the .x file for stream handling.

	Adds a missing remoteStreamRelease call to remoteDomainScreenshot
	error path.

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Make call-by-reference handling stricter
	Several functions return values by reference parameters. This is realized
	by passing the members of remote_CALL_ret by reference to the called
	function.

	The position of this parameters in the function signature follows some
	patterns with some exceptions. This patterns and exceptions are hardcoded
	in the generator.

	Add an insert@<offset> annotation to the remote_CALL_ret struct members
	for functions that return lists to remove some of the hardcoded patterns
	and exceptions.

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Rename virNodeGetCellsFreeMemory parameters to common pattern
	This allows to remove some special case code from the generator.

	remote generator: Handle virDomainCreateWithFlags
	Add special case code for updating a given domain object instead of
	returning a new one.

	virsh: time_t is not a long on FreeBSD
	localtime_r expects time_t.

	time_t is not a long on FreeBSD, switch internal type to long long

	Allow to explicitly disable the secrets a directory storage driver

2011-05-25  Eric Blake  <eblake@redhat.com>

	build: avoid strerror_r pitfalls
	In particular, this guarantees that virStrerror always gives a
	useful result.

	* .gnulib: Update to latest, for (lots of) strerror_r fixes.

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix the signature of virDomainMigrateFinish3 for error reporting
	The current virDomainMigrateFinish3 method signature attempts to
	distinguish two types of errors, by allowing return with ret== 0,
	but ddomain == NULL, to indicate a failure to start the guest.
	This is flawed, because when ret == 0, there is no way for the
	virErrorPtr details to be sent back to the client.

	Change the signature of virDomainMigrateFinish3 so it simply
	returns a virDomainPtr, in the same way as virDomainMigrateFinish2
	The disk locking code will protect against the only possible
	failure mode this doesn't account for (loosing conenctivity to
	libvirtd after Finish3 starts the CPUs, but before the client
	sees the reply for Finish3).

	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Change
	  virDomainMigrateFinish3 to return a virDomainPtr instead of int
	* src/remote/remote_driver.c, src/remote/remote_protocol.x,
	  daemon/remote.c, src/qemu/qemu_driver.c, src/qemu/qemu_migration.c:
	  Update for API change

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix preservation of errors across migration steps
	When doing migration, if an error occurs in Perform, it must not
	be overwritten during Finish/Confirm steps. If an error occurs
	in Finish, it must not be overwritten in Confirm.

	Previous commit a9d12c2444e43a0d3e5135eb15b4b62a7c011427 added
	code to qemudDomainMigrateFinish2 to preserve the error. This
	is not the right place, because it is not applicable in non-p2p
	migration. The src/libvirt.c virDomainMigrateV2/3 methods need
	code to preserve errors for non-p2p migration, while the
	doPeer2PeerMigrate2 and doPeer2PeerMigrate3 methods contain
	code to preverse errors for p2p migration.

	Remove the bogus error preservation from qemudDomainMigrateFinish2
	and qemudDomainMigrateFinish3.

	Fix virDomainMigrateV3 and doPeer2PeerMigrate3 so that they
	preserve any error hit during the Finish3 step, before invoking
	Confirm3.

	Finally if qemuMigrationFinish fails to resume the CPUs, it must
	preserve the error before tearing down the VM, so that VM cleanup
	doesn't overwrite it.

	* src/libvirt.c: Preserve error before invoking Confirm3
	* src/qemu/qemu_driver.c: Remove bogus error preservation
	  code in qemudDomainMigrateFinish2/qemudDomainMigrateFinish3
	* src/qemu/qemu_migration.c: Preserve error before invoking Confirm3
	  and after resume fails in qemuMigrationFinish.

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Improve debug logging of migration APIs
	* src/libvirt.c: Add further debug lines in helper APIs for
	  migration
	* src/qemu/qemu_migration.c: Add debug lines for all internal
	  migration API parameters

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix error propagation in finish method for v3 migration
	Even when failing to start CPUs, the finish method was returning
	a success result. Fix this so that the QEMU process is killed
	off when finish fails under v3 protocol. Also rename the
	killOnFinish boolean to 'v3proto' to make it clearer that this
	is a tunable based on the migration protocol version

	* src/qemu/qemu_driver.c: Update for API change
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Kill
	  VM in qemuMigrationFinish if failing to start CPUs

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix SPICE seamless migration hostname
	The SPICE seamless migration process requires data to be passed
	back from the target host, to the source host via a cookie.
	The cookie includes the target host's hostname, but this was not
	stored, merely validated. This patch explicitly records the
	remote hostname after parsing the cookie, and uses it when
	initiating the SPICE migration

	* qemu/qemu_migration.c: Fix SPICE seamless migration hostname

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix resume on destination when doing non-live tunnelled migration
	Before running perform in peer-2-peer migration, the current
	guest state must be recorded, so that non-live migration can
	currently unpause a running guest on completion.

	* src/qemu/qemu_migration.c: Move check for offline guest
	  to fix non-live migration

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Introduce two method migration APIs
	There are two pieces of information which are desirable for
	migration, which cannot be supplied by applications

	 - The explicit QEMU migration URI, while using Peer2Peer
	   migration
	 - An override for the target VM XML

	This introduces two new public APIs to support these extra
	parameters. There is no need for extra wire protocool changes,
	since this is supported by the v3 migration enhancements

	* include/libvirt/libvirt.h.in,
	  src/libvirt.c, src/libvirt_public.syms: Add virDomainMigrate2
	  and virDomainMigrateToURI2

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Add a second URI parameter to virDomainMigratePerform3 method
	The virDomainMigratePerform3 currently has a single URI parameter
	whose meaning varies. It is either

	 - A QEMU migration URI (normal migration)
	 - A libvirtd connection URI (peer2peer migration)

	Unfortunately when using peer2peer migration, without also
	using tunnelled migration, it is possible that both URIs are
	required.

	This adds a second URI parameter to the virDomainMigratePerform3
	method, to cope with this scenario. Each parameter how has a fixed
	meaning.

	NB, there is no way to actually take advantage of this yet,
	since virDomainMigrate/virDomainMigrateToURI do not have any
	way to provide the 2 separate URIs

	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs: Add
	  the second URI parameter to perform3 message
	* src/driver.h, src/libvirt.c, src/libvirt_internal.h: Add
	  the second URI parameter to Perform3 method
	* src/libvirt_internal.h, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Update to handle URIs correctly

2011-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Extend v3 migration protocol to allow app supplied XML for target
	This extends the v3 migration protocol such that the
	virDomainMigrateBegin3 and virDomainMigratePerform3
	methods accept an application supplied XML config for
	the target VM.

	If the 'xmlin' parameter is NULL, then Begin3 uses the
	current guest XML as normal. A driver implementing the
	Begin3 method should either reject all non-NULL 'xmlin'
	parameters, or strictly validate that the app supplied
	XML does not change guest ABI.

	The Perform3 method also needed the xmlin parameter to
	cope with the Peer2Peer migration sequence.

	NB it is not yet possible to use this capability since
	neither of the public virDomainMigrate/virDomainMigrateToURI
	methods have a way to pass in XML.

	* daemon/remote.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.x, src/remote_protocol-structs:
	  Add 'remote_string xmlin' parameter to begin3/perform3
	  RPC messages
	* src/libvirt.c, src/driver.h, src/libvirt_internal.h: Add
	  'const char *xmlin' parameter to Begin3/Perform3 methods
	* src/qemu/qemu_driver.c, src/qemu/qemu_migration.c,
	  src/qemu/qemu_migration.h: Pass xmlin parameter around
	  migration methods

2011-05-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Report an error when auth pointer is missing instead of declining
	Otherwise an attempt to use virConnectOpen or virConnectOpenAuth without
	auth pointer results in the driver declining the URI and libvirt falling
	back to the remote driver for an esx:// URI.

2011-05-24  Jim Fehlig  <jfehlig@novell.com>

	Fix initialization of current vcpus in libxl driver
	The cur_vcpus member of struct libxl_domain_build_info was incorrectly
	initialized to the number of vcpus, when it should have been interpreted
	as a bitmap, where bit X corresponds to online/offline status of vcpuX.

	To complicate matters, cur_vcpus is an int, so only 32 vcpus can be
	set online.  Add a check to ensure vcpus does not exceed this limit.

	V2: Eric Blake noted a compilation pitfal when '1 << 32' on an int.
	    Account for vcpus == 32.

2011-05-24  Eric Blake  <eblake@redhat.com>

	build: fix VIR_DEBUG on mingw
	We don't use the gnulib vsnprintf replacement, which means that
	on mingw, vsnprintf doesn't support %zn or %lln.

	And as it turns out, VIR_GET_VAR_STR was a rather inefficient
	reimplementation of virVasprintf logic.

	* src/util/logging.c (VIR_GET_VAR_STR): Drop.
	(virLogMessage): Inline a simpler version here.
	* src/util/virterror.c (VIR_GET_VAR_STR, virRaiseErrorFull):
	Likewise.
	Reported by Matthias Bolte.

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	qemu: Don't change ownership of file when appending to it
	Saving domain to previously created file changes also its ownership.
	This is certainly not what users want if some conditions are met:
	it is a regular, local file and dynamic_ownership is off.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix accidental revert of .gnulib update
	Change f88af9dc16cf891f88bb925885bdf5e328cf44df accidentally
	reverted the .gnulib update from f3cfc99e794bd77479878fc224c6581b61d57dbd

	* .gnulib: Update to 2c25c9ebe8db1415bfde25f0a451767332c8cf59

2011-05-24  Laine Stump  <laine@laine.org>

	qemu: fix typo in name - should be VHOST_NET, not VNET_HOST
	NB: the enum that uses the string vnet-host (now changed to vhost-net)
	is used in XML, but fortunately that hasn't been in an official
	release yet, so it can still be fixed.

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU -vnc arg generation with raw IPv6 addresses
	Since -vnc uses ':' to separate the address from the port, raw
	IPv6 addresses need to be escaped like [addr]:port

	* src/qemu/qemu_command.c: Escape raw IPv6 addresses with []
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml: Tweak
	  to test Ipv6 escaping
	* docs/schemas/domain.rng: Allow Ipv6 addresses, or hostnames
	  in <graphics> listen attributes

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix peer2peer migration with transient VMs
	The qemuMigrationConfirm method shouldn't deal with final VM
	cleanup, since it can be called from the peer2peer migration,
	which expects to still use the 'vm' object afterwards.

	Push the cleanup code out of qemuMigrationConfirm, into its
	caller, qemuDomainMigrateConfirm3

	* src/qemu/qemu_driver.c: Add VM cleanup code to
	  qemuDomainMigrateConfirm3
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  job handling cleanup from qemuMigrationConfirm

2011-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Perform feature flag compat checking in QEMU migration cookies
	To allow new mandatory migration cookie data to be introduced,
	add support for checking supported feature flags when parsing
	migration cookie.

	* src/qemu/qemu_migration.c: Feature flag checking in migration
	  cookie parsing

2011-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Replace all remaining setgid/setuid calls with virSetUIDGID
	Two additional places need initgroups call to properly work in an
	environment where the UID is allowed to open/create stuff through its
	supplementary groups.

	util: Keep errno set to the root error after when returning from virSetUIDGID

2011-05-24  Michal Privoznik  <mprivozn@redhat.com>

	python: Don't free must-not-free variables
	py_str() function call PyString_AsString(). As written in documentation,
	the caller must not free the returned value, because it points to some
	internal structures.

	storage: Add comment to picking return value of qemu-img
	Commit d7b2679253504d6defa9fc7159b572cfd6a25a95 introduced
	a return value picking of qemu-img on '-h', but without any comment.

2011-05-24  Alon Levy  <alevy@redhat.com>

	spice: support streaming-video parameter
	This adds a streaming-video=filter|all|off attribute. It is used to change
	the behavior of video stream detection in spice, the default is filter (the
	default for libvirt is not to specify it - the actual default is defined in
	libspice-server.so).

	Usage:

	    <graphics type='spice' autoport='yes'>
	      <streaming mode='off'/>
	    </graphics>

	Tested with the above and with tests/qemuxml2argvtest.

2011-05-24  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable filtering of gratuitous ARP packets
	This patch enables filtering of gratuitous ARP packets using the following XML:

	<rule action='accept' direction='in' priority='425'>
	<arp gratuitous='true'/>
	</rule>

2011-05-23  Laine Stump  <laine@laine.org>

	qemu: don't require is_kvm for vhost-net support
	This was discussed in:

	  https://www.redhat.com/archives/libvir-list/2011-May/msg01370.html

	The capabilities code only sets the flag to allow use of vhost-net if
	kvm is detected (set if the help string contains "(qemu-kvm-" or
	"(kvm-"), but actually vhost-net is available in some qemu builds that
	don't have kvm in their name, so just checking for ",vhost=" is enough.

2011-05-23  Doug Goldstein  <cardoe@cardoe.com>

	Use per-user TLS certificates when possible
	When using TLS authentication and operating as the non-root user,
	initially attempt to use that specific user's TLS certificates before
	attempting to use the system wide TLS certificates.

2011-05-23  Michal Privoznik  <mprivozn@redhat.com>

	python: Fix typo in bindings
	This typo caused a bug in which we wanted to free() invalid pointer.

	storage: pick return value of qemu-img
	qemu-img returns non-zero status on -h. Therefore we need to
	provide virCommandRun() a non-NULL exit status pointer.

2011-05-22  Wen Congyang  <wency@cn.fujitsu.com>

	build: generate files when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	   ...
	   make[1]: Entering directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make[1]: *** No rule to make target `remote_dispatch_prototypes.h', needed by `distdir'.  Stop.
	   make[1]: Leaving directory `/home/wency/source/libvirt-nodaemon/daemon'
	   make: *** [distdir] Error 1

2011-05-21  Osier Yang  <jyang@redhat.com>

	docs: Fix error syntax of vcpupin example XML
	Lacks of "/", push this directly in trivial rule.

2011-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add special case for virConnectGetType

2011-05-20  Richard W.M. Jones  <rjones@redhat.com>

	libvirt.spec: /var/cache/libvirt should be 0711.
	This allows qemu to create files in /var/cache/libvirt/qemu/, and
	specifically is required to fix virDomainMemoryPeek.

	remote: remove bogus virDomainFree.

2011-05-20  Richard W.M. Jones  <rjones@redhat.com>

	qemudDomainMemoryPeek: change ownership/selinux label on temporary file.
	Otherwise qemu is unable to write to it, with the error:

	libvir: QEMU error : internal error unable to execute QEMU command 'memsave': Could not open '/var/cache/libvirt/qemu/qemu.mem.RRNvLv'

2011-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Don't rely on $_ being stable over a large function
	Replace $calls{$_} with $call in the dispatch bodies generator function.

	No functional change included.

2011-05-20  Eric Blake  <eblake@redhat.com>

	build: require newer gettext
	Now that RHEL 5.6 ships with gettext 0.17, we can get out of the
	stone age and use the newer gettext capabilities and improved
	macros for certain configure tests.

	* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17.
	(MKINSTALLDIRS): Delete hack that is no longer needed.
	* bootstrap.conf (buildreq): Check for minimum gettext version.
	Based on a report by Wen Congyang.

2011-05-20  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: Use Env variables for debug level and logfile
	Use variables VIRSH_DEBUG and VIRSH_LOG_FILE for controlling virsh logging.

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Don't generate cookies with v2 migration protocol.
	The v2 migration protocol had a limit on cookie length that was
	too small to be useful for QEMU. Avoid generating cookies with
	v2 protocol, so that old libvirtd can still reliably migrate a
	guest to new libvirtd uses v2 protocol.

	* src/qemu/qemu_driver.c: Avoid migration cookies with v2
	  migration

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU migration cookie crash for guests with no graphics
	When generating a cookie for a guest with no data, the
	QEMU_MIGRATION_COOKIE_GRAPHICS flag was set even if no
	graphics data was added. Avoid setting the flag unless
	it was needed, also add a safety check for mig->graphics
	being non-NULL

	* src/qemu/qemu_migration.c: Avoid cookie crash for guest
	  with no graphics

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Ensure p2p and direct migration use the new v3 protocol if available
	The internal virDomainMigratePeer2Peer and virDomainMigrateDirect
	helper methods were not checking whether the target supports the
	v3 migration protocol.

	* src/libvirt.c: Use v3 migration protocol for p2p/direct
	  migration if available.

2011-05-19  Daniel P. Berrange  <berrange@redhat.com>

	Blank out the 'listenAddr' parameter if empty string
	Some bogus apps are generating a VNC/SPICE/RFB listen attribute
	with no content. This then causes a failure with the graphics
	migration cookie parsing. Blank out the 'listenAddr' parameter
	after parsing domain XML if it is the empty string, so the host
	default takes over

	* src/qemu/qemu_migration.c: Blank out listenAddr parameter
	  if empty

2011-05-18  Eric Blake  <eblake@redhat.com>

	remote: remove special case for getting version
	The on-the-wire protocol is identical; XDR guarantees that
	both 'hyper' and 'unsigned hyper' are transmitted as 8 bytes.

	* src/remote/remote_protocol.x (remote_get_version_ret)
	(remote_get_lib_version_ret): Match public API.
	* daemon/remote_generator.pl: Drop special case.
	* src/remote_protocol-structs: Reflect updated type.

2011-05-18  Eric Blake  <eblake@redhat.com>

	build: silence clang false positive
	Clang couldn't quite see that the same condition of
	(flags & VIR_DOMAIN_MEM_CONFIG) is used twice, such that
	the second block is guaranteed that def was assigned in
	the first block.

	* src/libxl/libxl_driver.c (libxlDomainSetMemoryFlags): Add a hint
	for clang.

2011-05-18  Eric Blake  <eblake@redhat.com>

	virsh: optimize creation of default connection
	Ramon de Carvalho Valle reported a problem with:
	virsh connect qemu:///system
	as a non-root user.  The real root problem appears to be a regression
	in libvirtd being auto-started on the default qemu:///session URI;
	however, the symptom points to an independent flaw in virsh - we
	shouldn't be wasting efforts on making a connection if we aren't going
	to be using that connection.  Fixing virsh avoids Ramon's issue, while
	I work in the meantime to fix the real libvirtd regression.

	This patch looks big, but that's because 'gcc -Wmissing-field-initializers'
	gets triggered by './autobuild.sh --enable-compile-warnings=error', so I
	had to add 0 initialization to everyone (rather than my preference of
	just adding the non-zero flags to virshCmds and to cmdConnect).

	Meanwhile, if you use 'virsh -c URI', the connection must succeed; this
	patch _only_ optimizes the default connection to be deferred to a later
	point where we know if a particular command to be run needs a connection.

	* tools/virsh.c (VSH_CMD_FLAG_NOCONNECT): New flag.
	(vshCmdDef): Add new flags field.
	(vshCommandRun): Honor new flag.
	(domManagementCmds, domMonitoringCmds, storagePoolCmds)
	(storageVolCmds, networkCmds, nodedevCmds, ifaceCmds)
	(nwfilterCmds, secretCmds, virshCmds, snapshotCmds)
	(hostAndHypervisorCmds): Populate new field.
	(vshReconnect): Don't warn on initial connection.

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve invalid argument checks for the public API

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Clarify that virDomainGet(Memory|Blkio)Parameters doesn't support subsets
	Improve invalid argument checks in the size query case. The drivers already
	relied on this unchecked behavior.

	Relax the implementation of virDomainGet(Memory|Blkio)MemoryParameters
	in the drivers and allow to pass more memory than necessary for all
	parameters.

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Clarify that virDomainSet(Memory|Blkio)Parameters can take parameter subsets

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Clarify that virDomainSetSchedulerParameters(Flags) can take subsets
	Add invalid argument checks for params and nparams to the public API
	and remove them from the drivers (e.g. xend).

	Add subset handling to libxl and test drivers.

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Clarify the semantic of virDomainGetSchedulerParameters arguments
	params and nparams are essential and cannot be NULL. Check this in
	libvirt.c and remove redundant checks from the drivers (e.g. xend).

	Instead of enforcing that nparams must point to exact same value as
	returned by virDomainGetSchedulerType relax this to a lower bound
	check. This is what some drivers (e.g. xen hypervisor and esx)
	already did. Other drivers (e.g. xend) didn't check nparams at all
	and assumed that there is enough space in params.

	Unify the behavior in all drivers to a lower bound check and update
	nparams to the number of valid values in params on success.

2011-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Clarify semantic of nparams argument of virDomainGetSchedulerType
	Some drivers assumed it can be NULL (e.g. qemu and lxc) and check it
	before assigning to it, other drivers assumed it must be non-NULL
	(e.g. test and esx) and just assigned to it.

	Unify this to nparams being optional and document it.

2011-05-18  Cole Robinson  <crobinso@redhat.com>

	Fix messages using VIR_ERR_XML_ERROR
	This error code has existed since the dawn of time, yet the messages it
	generates are almost universally busted. Here's a small sampling:

	src/conf/domain_conf.c:4889 : XML description for missing root element is not well formed or invalid
	src/conf/domain_conf.c:4951 : XML description for unknown device type is not well formed or invalid
	src/conf/domain_conf.c:5460 : XML description for maximum vcpus must be an integer is not well formed or invalid
	src/conf/domain_conf.c:5468 : XML description for invalid maxvcpus %(count)lu is not well formed or invalid

	Fix up the error code to instead be

	XML error: <msg>

	Adjust the few locations that were using the original correctly (or shouldn't
	have been using the error code at all).

	v2:
	    Fix wording of error code without a passed argument

2011-05-18  Eric Blake  <eblake@redhat.com>

	libvirt.h: consolidate typed parameter handling
	The new type is identical to the three old types that it replaces,
	and by creating a common type, this allows future patches to share
	common code that manipulates typed parameters.

	This change is backwards-compatible in API (recompilation works
	without any edits) and ABI (an older client that has not been
	recompiled uses the same layout) for code using only public
	names; only code using private names (those beginning with _)
	will have to adapt.

	* include/libvirt/libvirt.h.in (virTypedParameterType)
	(VIR_TYPED_PARAM_FIELD_LENGTH, _virTypedParameter): New enum,
	macro, and type.
	(virSchedParameter, virBlkioParameter, virMemoryParameter):
	Rewrite in terms of a common type, while keeping all old public
	names for backwards compatibility.
	(struct _virSchedParameter, struct _virBlkioParameter)
	(struct _virMemoryParameter): Delete - these are private names.
	* python/generator.py (enum): Cope with the refactoring.

2011-05-18  Eric Blake  <eblake@redhat.com>

	build: update to latest gnulib
	* .gnulib: Update, for bootstrap and other fixes.
	* bootstrap: Resynchronize with gnulib.

2011-05-18  Dirk Herrendorefer  <d.herrendoerfer@herrendoerfer.name>

	Add support for 'passthru' mode for direct network interfaces
	starting with kernel 2.6.38 macvtap supports a 'passthru' mode for
	attaching virtual functions of a SRIOV capable network card directly to a VM.
	This patch adds the capability to configure such a device.

2011-05-18  Michal Privoznik  <mprivozn@redhat.com>

	qemu: fix typo in spice migration code
	This typo caused XPath returning improper value and thus not
	working spice after migration.

2011-05-17  Hu Tao  <hutao@cn.fujitsu.com>

	virsh: add parameters --live, --config and --current to cmd schedinfo
	This enables user to modify cpu.shares even when domain is inactive.

	remote: introduce remoteSetSchedulerParametersFlags
	support for virDomainSetSchedulerParametersFlags of remote driver.

	qemu: introduce qemuSetSchedulerParametersFlags
	Support for virDomainSetSchedulerParametersFlags of qemu driver.

2011-05-17  Eric Blake  <eblake@redhat.com>

	sched: adjust parameter values to make current = 0
	See virDomainMemoryModFlags for precedent.

	* include/libvirt/libvirt.h.in (virDomainSchedParameterFlags): Set
	CURRENT as a synonym to 0.

2011-05-17  Hu Tao  <hutao@cn.fujitsu.com>

	introduce virDomainSetSchedulerParametersFlags
	This new function allows aditional flags to be passed into from
	the virsh command line.

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: drop unused <sys/syslimits.h> header
	<sys/syslimits.h> is not standardized, so portable programs should
	not need to rely on it.  If there really is something that we need
	where <sys/syslimits.h> provided the limit but <limits.h> did not,
	then that would be a candidate for fixing in gnulib.  But this patch
	did not turn up any compilation failures on Linux.

	* src/internal.h (includes): Drop unused header.
	* daemon/libvirtd.h (includes): Likewise.
	* configure.ac (AC_CHECK_HEADERS): Likewise.
	Based on a report by Matthias Bolte.

2011-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix prototype of virRun for Win32 targets
	* src/util/util.c: Fix virRun prototype

2011-05-17  Eric Blake  <eblake@redhat.com>

	build: tolerate unlimited group size
	POSIX allows sysconf(_SC_GETPW_R_SIZE_MAX) to return -1 if there
	is no fixed limit, and requires ERANGE errors to track real size.
	Model our behavior after the example in POSIX itself:
	http://pubs.opengroup.org/onlinepubs/9699919799/functions/getpwuid_r.html

	Also, on error for get*_r functions, errno is undefined, and the
	real error was the return value.

	* src/util/util.c (virGetUserEnt, virGetUserID, virGetGroupID)
	(virSetUIDGID):  Cope with sysconf failure or too small buffer.
	Reported by Matthias Bolte.

2011-05-17  Eric Blake  <eblake@redhat.com>

	openvz: fix logic bug in previous patch
	We want to free names on failure, not on success.

	* src/openvz/openvz_driver.c (openvzListDefinedDomains): Use
	correct condition.

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Convert virRunWithHook usage to virCommand
	virRunWithHook is now unused, so we can drop it. Tested w/ raw + qcow2
	volume creation and copying.

	v2:
	    Use opaque data to skip hook second time around
	    Simply command building

	v3:
	    Drop explicit FindFileInPath

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	storage_backend: Fix error reporting with regex helper
	Some clients overwrite the error from the regex helper, or do half-baked
	error reporting with the exitstatus.

	storage: Covert regex helpers to virCommand
	v2:
	    Simplify command creation
	    Add a missing virCommandFree
	    Use virCommand auto-cleanup for async process

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	openvz: Convert virExec usage to virCommand
	v2:
	    Use virCommand's autocleanup

	v3:
	    Don't free 'names' on success

2011-05-17  Cole Robinson  <crobinso@redhat.com>

	storage: iscsi: Convert virExec to virCommand
	v2:
	    Use virCommand auto-cleanup

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix error reporting in stream creation code
	virStreamNew needs to dispatch the error that virGetStream reports
	on failure.

	remoteCreateClientStream can fail due to virStreamNew or due to
	VIR_ALLOC. Report OOM error for VIR_ALLOC failure to report errors
	in all error cases.

	Remove OOM error reporting from remoteCreateClientStream callers.

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator, client: Add more special case handling
	For virDomainDestroy and virDrvSupportsFeature.

	remote generator, client: Handle functions that return an optional string

	esx: Simplify some esxVI_Boolean to bool

	esx: Convert autoAnswer from esxVI_Boolean to a simple bool
	Just true/false is good enough for it. Also use it directly from the
	parsed URI instead of caching it in esxPrivate.

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix race condition in esxVI_EnsureSession
	When the session has expired then multiple threads can race while
	reestablishing it.

	This race condition is not that critical as it requires a special usage
	pattern to be triggered. It can only happen when an application doesn't
	do API calls for quite some time (the session expires after 30 min
	inactivity) and then multiple threads doing simultaneous API calls and
	end up doing simultaneous calls to esxVI_EnsureSession.

2011-05-17  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Correctly initialize libvirt
	virsh didn't call virInitialize(), which (among other things)
	initializes virLastErr thread local variable. As a result of that, virsh
	could just segfault in virEventRegisterDefaultImpl() since that is the
	first call that touches (resets) virLastErr.

	I have no idea what lucky coincidence made this bug visible but I was
	able to reproduce it in 100% cases but only in one specific environment
	which included building in sandbox.

2011-05-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Whitespace cleanup in the generator
	Break long lines and change spacing of keyword arguments to match
	Python style standards better.

	No functional change included.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mime type string in screenshot dispatcher
	* daemon/remote.c: Free mime string

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolete remoteDispatchOOMError method
	No new code should be using remoteDispatchOOMError()

	* daemon/dispatch.c, daemon/dispatch.h: Remove remoteDispatchOOMError

2011-05-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Change some alignments in the input file
	No functional change included.

	esx: Change generated method parameter autobinding
	Instead of specifying the type of the managed object directly specify
	the ServiceContent member name. This way the mapping dictionary can be
	removed.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix remote dispatcher for screenshot command
	* daemon/remote.c: Update screenshot dispatcher to follow
	  standard practice

2011-05-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Report an error when virGetUserDirectory fails
	Otherwise virsh shows the interactive greeting and then silently exists
	instead of entering interactive mode.

2011-05-16  Eric Blake  <eblake@redhat.com>

	maint: mark more perl scripts executable
	* src/remote/rpcgen_fix.pl: Add executable bit.
	* tests/oomtrace.pl: Likewise.

	maint: mark perl script executable
	* docs/hvsupport.pl: Add execute bit.

	maint: ignore generated file
	* .gitignore: Ignore recently added file.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Add missing initialization to 'ret' in qemu migration
	* src/qemu/qemu_migration.c: Add missing 'ret' initializer
	  in qemuMigrationCookieXMLParseStr

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Disable virCommandExec on Win32
	Mingw execve() has a broken signature. Disable this
	function until gnulib fixes the signature, since we
	don't really need this on Win32 anyway.

	* src/util/command.c: Disable virCommandExec on Win32

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Improve error message when XDR marshalling fails
	When failing to marshall an XDR message, include the
	full program/version/status/proc/type info, to allow
	easier debugging & diagnosis of the problem.

	* src/remote/remote_driver.c: Improve error when marshalling
	  fails

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Run tunnelled migration IO in separate thread
	By running the doTunnelSendAll code in a separate thread, the
	main thread can do qemuMigrationWaitForCompletion as with
	normal migration. This in turn ensures that job signals work
	correctly and that progress monitoring can be done

	* src/qemu/qemu_migration.c: Run tunnelled migration in
	  separate thread

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Don't overwrite error when stream send fails
	virStreamSend already sets an error message, so don't
	overwrite it

	* src/qemu/qemu_migration.c: Remove bogus error report

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Close all sockets before cancelling QEMU migration
	Cancelling the QEMU migration may cause QEMU to flush pending
	data on the migration socket. This may in turn block QEMU if
	nothing reads from the other end of the socket. Closing the
	socket before cancelling QEMU migration avoids this possible
	deadlock.

	* src/qemu/qemu_migration.c: Close sockets before cancelling
	  migration on failure

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Ensure we always read a full buffer in tunnelled migration
	The 'nbytes' variable was not re-initialized to the
	buffer size on each iteration of the tunnelled migration
	loop. While saferead() will ensure a full read, except
	on EOF, it is clearer to use the real buffer size

	* src/qemu/qemu_migration.c: Always read full buffer of data

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Make tunnelled migration honour resource restriction
	The doTunnelMigrate method forgot to set the bandwidth
	resource restriction

	* src/qemu/qemu_migration.c: Set resource restriction

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor migration completion loop to allow code reuse
	The qemuMigrationWaitForCompletion method contains a loop which
	repeatedly queries QEMU to check migration progress, and also
	processes job signals (pause, setspeed, setbandwidth, cancel).

	The tunnelled migration loop does not currently support this
	functionality, but should. Refactor the code to allow it to
	be used with tunnelled migration.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Implement migration v3 protocol in QEMU driver
	Implement the v3 migration protocol, which has two extra
	steps, 'begin' on the source host and 'confirm' on the
	source host. All other methods also gain both input and
	output cookies to allow bi-directional data passing at
	all stages.

	The QEMU peer2peer migration method gains another impl
	to provide the v3 migration. This finally allows migration
	cookies to work with tunnelled migration, which is required
	for Spice seamless migration & the lock manager transfer

	* src/qemu/qemu_driver.c: Wire up migrate v3 APIs
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  begin & confirm methods, and peer2peer impl of v3

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Merge tunnel & non-tunnel migration impl into one
	Merge the doNonTunnelMigrate2 and doTunnelMigrate2 methods
	into one doPeer2PeerMigrate2 method, since they are substantially
	the same. With the introduction of v3 migration, this will be
	even more important, to avoid massive code duplication.

	* src/qemu/qemu_migration.c: Merge tunnel & non-tunnel migration

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix VM teardown if prepare returns invalid URI in v2 migration
	The v2 migration protocol was accidentally missing out the
	finish step, when prepare succeeded, but returned an invalid
	URI

	* src/libvirt.c: Teardown VM if prepare returns invalid URI

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor tunnelled migration methods
	To facilitate the introduction of the v3 migration protocol,
	the doTunnelMigrate method is refactored into two pieces. One
	piece is intended to mirror the flow of virDomainMigrateVersion2,
	while the other is the helper for setting up sockets and processing
	the data.

	Previously socket setup would be done before the 'prepare' step,
	so errors could be dealt with immediately, avoiding need to shut
	off the destination QEMU. In the new split, socket setup is done
	after the 'prepare' step. This is not a serious problem, since
	the control flow already requires calling 'finish' to tear down
	the destination QEMU upon several errors.

	* src/qemu/qemu_migration.c:

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Wire up SPICE client relocation with QEMU migration
	Use the graphics information from the QEMU migration cookie to
	issue a 'client_migrate_info' monitor command to QEMU. This causes
	the SPICE client to automatically reconnect to the target host
	when migration completes

	* src/qemu/qemu_migration.c: Set data for SPICE client relocation
	  before starting migration on src
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new qemuMonitorGraphicsRelocate() command

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Pass graphics setup from dst back to src via migration cookies
	Extend the QEMU migration cookie structure to allow information
	about the destination host graphics setup to be passed by to
	the source host. This will enable seamless migration of any
	connected graphics clients

	* src/qemu/qemu_migration.c: Add graphics info to migration
	  cookies
	* daemon/libvirtd.c: Always initialize gnutls to enable
	  x509 cert parsing in QEMU

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Introduce migration cookies to QEMU driver
	The migration protocol has support for a 'cookie' parameter which
	is an opaque array of bytes as far as libvirt is concerned. Drivers
	may use this for passing around arbitrary extra data they might
	need during migration. The QEMU driver needs to do a few things:

	 - Pass hostname/uuid to allow strict protection against localhost
	   migration attempts
	 - Pass SPICE/VNC server port from the target back to the source to
	   allow seamless relocation of client sessions
	 - Pass lock driver state from source to destination

	This patch introduces the basic glue for handling cookies
	but only includes the host/guest UUID & name.

	* src/libvirt_private.syms: Export virXMLParseStrHelper
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Parsing
	  and formatting of migration cookies
	* src/qemu/qemu_driver.c: Pass in cookie parameters where possible
	* src/remote/remote_protocol.h, src/remote/remote_protocol.x: Change
	  cookie max length to 16384 bytes

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix locking with qemuMigrationPrepareTunnel method
	The qemuMigrationPrepareTunnel method should not unlock the
	qemu driver, since that is the caller's job.

	* src/qemu/qemu_migration.c: Fix qemuMigrationPrepareTunnel
	  unlocking of QEMU driver

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Remote driver implementation of new migration API
	* src/remote/remote_protocol.x: Define wire protocol for migration
	  protocol v3
	* daemon/remote.c: Server side dispatch
	* src/remote/remote_driver.c: Client side serialization
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h:
	  Re-generate files
	* src/remote_protocol-structs: Declare new ABIs

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Introduce yet another migration version in API.
	Migration just seems to go from bad to worse. We already had to
	introduce a second migration protocol when adding the QEMU driver,
	since the one from Xen was insufficiently flexible to cope with
	passing the data the QEMU driver required.

	It turns out that this protocol still has some flaws that we
	need to address. The current sequence is

	 *  Src: DumpXML
	          - Generate XML to pass to dst

	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src

	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Kill off VM if successful, resume if failed

	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if unsuccessful

	The problems with this are:

	 - Since the first step is a generic 'DumpXML' call, we can't
	   add in other migration specific data. eg, we can't include
	   any VM lease data from lock manager plugins
	 - Since the first step is a generic 'DumpXML' call, we can't
	   emit any 'migration begin' event on the source, or have
	   any hook that runs right at the start of the process
	 - Since there is no final step on the source, if the Finish
	   method fails to receive all migration data & has to kill
	   the VM, then there's no way to resume the original VM
	   on the source

	This patch attempts to introduce a version 3 that uses the
	improved 5 step sequence

	 *  Src: Begin
	          - Generate XML to pass to dst
	          - Generate optional cookie to pass to dst

	 *  Dst: Prepare
	          - Get ready to accept incoming VM
	          - Generate optional cookie to pass to src

	 *  Src: Perform
	          - Start migration and wait for send completion
	          - Generate optional cookie to pass to dst

	 *  Dst: Finish
	          - Wait for recv completion and check status
	          - Kill off VM if failed, resume if success
	          - Generate optional cookie to pass to src

	 *  Src: Confirm
	          - Kill off VM if success, resume if failed

	The API is designed to allow both input and output cookies
	in all methods where applicable. This lets us pass around
	arbitrary extra driver specific data between src & dst during
	migration. Combined with the extra 'Begin' method this lets
	us pass lease information from source to dst at the start of
	migration

	Moving the killing of the source VM out of Perform and
	into Confirm, means we can now recover if the dst host
	can't successfully Finish receiving migration data.

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Automatically generate the hvsupport.html.in file from source files
	The hvsupport.html.in file is forever out of date. By annotating
	the driver struct tables in each driver with version information,
	we can auto-generate the hvsupport.html.in file. Annotating the
	drivers will be mandatory for new patches, ensuring hvsupport.html.in
	is never out of date again.

	* docs/hvsupport.html.in: Delete
	* hvsupport.pl: Script to generate hvsupport.html.in
	* Makefile.am: Autogenerate hvsupport.html.in

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Add many version number annotations to drivers
	Add many version number annotations to the internal driver
	tables, to allow hvsupport.html to display more accurate
	information

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Convert all driver struct intializers to C99 style
	Change all the driver struct initializers to use the
	C99 style, leaving out unused fields. This will make
	it possible to add new APIs without changing every
	driver. eg change:

	    qemudDomainResume, /* domainResume */
	    qemudDomainShutdown, /* domainShutdown */
	    NULL, /* domainReboot */
	    qemudDomainDestroy, /* domainDestroy */

	to

	    .domainResume = qemudDomainResume,
	    .domainShutdown = qemudDomainShutdown,
	    .domainDestroy = qemudDomainDestroy,

	And get rid of any existing C99 style initializersr which
	set NULL, eg change

	     .listPools          = vboxStorageListPools,
	     .numOfDefinedPools  = NULL,
	     .listDefinedPools   = NULL,
	     .findPoolSources    = NULL,
	     .poolLookupByName   = vboxStoragePoolLookupByName,

	to

	     .listPools          = vboxStorageListPools,
	     .poolLookupByName   = vboxStoragePoolLookupByName,

2011-05-16  Daniel P. Berrange  <berrange@redhat.com>

	Tweak driver naming for consistency with public API
	Fix some driver names:

	  s/virDrvCPUCompare/virDrvCompareCPU/
	  s/virDrvCPUBaseline/virDrvBaselineCPU/
	  s/virDrvQemuDomainMonitorCommand/virDrvDomainQemuMonitorCommand/
	  s/virDrvSecretNumOfSecrets/virDrvNumOfSecrets/
	  s/virDrvSecretListSecrets/virDrvListSecrets/

	And some driver struct field names:

	  s/getFreeMemory/nodeGetFreeMemory/

2011-05-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Update domain state when reconnecting monitor
	A qemu domain can get paused when libvirtd is stopped (e.g., because of
	I/O error) so we should check its current state when reconnecting to it.

2011-05-16  Jiri Denemark  <jdenemar@redhat.com>

	Implement domain state reason
	Only in drivers which use virDomainObj, drivers that query hypervisor
	for domain status need to be updated separately in case their hypervisor
	supports this functionality.

	The reason is also saved into domain state XML so if a domain is not
	running (i.e., no state XML exists) the reason will be lost by libvirtd
	restart. I think this is an acceptable limitation.

2011-05-16  Jiri Denemark  <jdenemar@redhat.com>

	Implement basic virDomainGetState in all drivers
	Reason is currently always set to 0 (i.e., *_UNKNOWN).

	virsh: Prefer virDomainGetState over virDomainGetInfo

	Wire protocol format and remote driver for virDomainGetState

	virDomainGetState public API implementation

	Internal driver API for virDomainGetState

	virDomainGetState public API
	This API is supposed to replace virDomainGetInfo when the only purpose
	of calling it is getting current domain status.

2011-05-14  Eric Blake  <eblake@redhat.com>

	phyp: avoid a crash
	This has been present since the introduction of phypAttachDevice
	in commit 444fd07a.

	* src/phyp/phyp_driver.c (phypAttachDevice): Don't dereference
	NULL.

2011-05-14  Eric Blake  <eblake@redhat.com>

	stream: avoid use-after-free
	virFDStreamClose used a mutex after it was freed, and failed
	to destroy that mutex on its last use.

	* src/fdstream.c (virFDStreamFree): Inline into sole caller...
	(virFDStreamClose): ...to avoid use-after-free and leak.
	Reported by Matthias Bolte.

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor common code in the generator
	Move common code from Property and Parameter into new Member class.

	Rename the other base class to Type.

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve dynamic cast detection in the generator
	Detect it based on usage as parameter, return type and member of other
	object types.

	esx: Improve list usage detection in the generator
	Detect it based on usage as parameter and return type too.

	esx: Remove 1000 lines of generated but unused code
	Don't make all object and enum types (de)serializable by default.
	Detect this from the input file instead.

	esx: Generate implicit _this macros
	Several vSphere API methods are called on global objects like the
	FileManager, the PerformanceManager or the SearchIndex. The generator
	input file allows to mark such methods and the generator generates
	such method in a way that automatically handles marked parameter. This
	is done by some special macros. Those were manually written and this
	patch moves them to the generator.

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Move the Event type from the VI generator to manually written code
	Accept all types on deserialization in order to accept all Event subtypes.

	This will be used for the upcoming domain event support.

2011-05-14  Wen Congyang  <wency@cn.fujitsu.com>

	test: all test_scripts should be part of tarball when building without libvirtd
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make  check-TESTS
	   make[1]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make[1]: *** No rule to make target `test_conf.sh', needed by `check-TESTS'.  Stop.
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/tests'
	   make: *** [check-am] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.7Rb9PV (%check)

	build: probes.d and libvirtd.stp should be part of tarball
	Steps to reproduce this problem:
	1. # ./autogen.sh --without-libvirtd
	2. # make dist
	3. # rpmbuild --nodeps --define "_sourcedir `pwd`" -ba libvirt.spec
	   ...
	   make[2]: Entering directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[2]: *** No rule to make target `probes.d', needed by `probes.h'.  Stop.
	   make[2]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1/daemon'
	   make[1]: *** [all-recursive] Error 1
	   make[1]: Leaving directory `/home/wency/rpmbuild/BUILD/libvirt-0.9.1'
	   make: *** [all] Error 2
	   error: Bad exit status from /var/tmp/rpm-tmp.WkAD7a (%build)

2011-05-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	command: Fix compilation on FreeBSD
	kill, SIGTERM and SIGKILL require additional header.

	virsh: Fix uninitialized variable warning
	Reported on FreeBSD only.

	apparmor: Fix compilation by removing remains from virCommand conversion
	Commit aaf20355b87d3bfda7579a7f6a4a978e848635c3 was incomplete here and
	missed to remove some parts.

	configure: Fix mpath check on non-Linux systems

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	remote: Convert SSH tunnel to virCommand

	storage: Convert qemu-img -help parsing to virCommand

	apparmor: Convert virExec usage to virCommand
	Untested

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	util: Combine __virExec and virExecWithHook
	All callers were expecting argv logging, so the split is unneeded.

	v2:
	    Reindent new virExecWithHook call

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	remote_driver: Convert virExecDaemonize usage to virCommand
	And drop the now unused virExecDaemonize

2011-05-13  Eric Blake  <eblake@redhat.com>

	remote: keep 'make check' happy
	* src/remote_protocol-structs (remote_domain_screenshot_args): Use
	spelling preferred by dwarves.

	libxl: fix typos in previous patch
	* src/libxl/libxl_driver.c (libxlDomainEventFlush, libxlShutdown)
	(libxlStartup): Fix typos.

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	remote: Use virDomainEventState helpers
	One functionality change here is that we no longer force enable the event
	timeout for every queued event, only enable it for the first event after
	the queue has been flushed. This is how other drivers have already done it,
	and I haven't encountered problems in practice.

	v3:
	    Adjust for new virDomainEventStateNew argument

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	libxl: Convert to virDomainEventState

	test: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

	lxc: Use virDomainEventState helpers
	v3:
	    Adjust for new virDomainEventStateNew argument

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	qemu: Use virDomainEventState helpers
	v2:
	    Drop libvirt_private.syms changes

	v3:
	    Adjust for new virDomainEventStateNew argument

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	domain_event: Add common domain event queue/flush helpers
	The same code for queueing, flushing, and deregistering events exists
	in multiple drivers, which will soon use these common functions.

	v2:
	    Adjust libvirt_private.syms
	    isDispatching bool fixes
	    NONNULL tagging

	v3:
	    Add requireTimer parameter to virDomainEventStateNew

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	domain_event: Add virDomainEventState structure
	This structure will be used to unify lots of duplicated event handling code
	across the state drivers.

	v2:
	    Check for state == NULL in StateFree
	    Add NONNULL tagging
	    Use bool for isDispatching

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	xml: Use virXMLParse* helpers everywhere
	virt-aa-helper isn't even compile tested since I don't have the setup for
	it.

	v2:
	    virt-aa-helper fixes from Eric

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	domain: Require <init> for container guests
	Use capabilities to allow a driver to register a default <init> if none
	is specified in the XML. Openvz was already open-coding this to be /sbin/init

	LXC currently falls over if no init is specified, so an explicit error is
	an improvement IMO.

	(Side note: I don't think we can set a default value for LXC. If we use
	/sbin/init but the user doesn't specify a separate root FS for their guest,
	the container will rerun the host's init which can be traumatic :). For
	virt-install I'm thinking of defaulting to /sbin/init if a root FS has
	been specified, otherwise require the user to manually specify <init>)

2011-05-13  Cole Robinson  <crobinso@redhat.com>

	xml: Make sure virXpathNodeSet always sets an error
	And update callers to actually respect the error

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	vbox: Implement the driver methods
	* src/vbox/vbox_tmpl.c: New vboxDomainScreenshot() function

	qemu: Implement the driver methods
	* src/qemu/qemu_driver.c: new qemuDomainScreenshot() function
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Monitor command

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	virFDStream: Add option for delete file after it's opening
	This is needed if we want to transfer a temporary file. If the
	transfer is done with iohelper, we might run into a race condition,
	where we unlink() file before iohelper is executed.

	* src/fdstream.c, src/fdstream.h,
	  src/util/iohelper.c: Add new option
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/storage/storage_driver.c, src/uml/uml_driver.c,
	  src/xen/xen_driver.c: Expand existing function calls

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Implementing the remote protocol
	* src/remote/remote_protocol.x: Wire protocol definition
	* daemon/remote.c: Daemon part
	* src/remote/remote_driver.c: Client part
	* src/remote_protocol-structs: Add structures

	screenshot: Implementing the public API
	* src/libvirt.c: new function virDomainScreenshot

	screenshot: Defining the internal API
	* src/driver.h: Stub code for new API
	* src/esx/esx_driver.c, src/libxl/libxl_driver.c,
	  src/lxc/lxc_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  rc/remote/remote_driver.c, rc/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c, src/xen/xs_internal.c,
	  src/xenapi/xenapi_driver.c: Add dummy entries in driver
	  table for new APIs

2011-05-13  Michal Privoznik  <mprivozn@redhat.com>

	screenshot: Defining the public API
	Add public API for taking screenshots of current domain console.

	* include/libvirt/libvirt.h.in: add virDomainScreenshot
	* src/libvirt_public.syms: Export new symbol

2011-05-12  Wen Congyang  <wency@cn.fujitsu.com>

	build: avoid compiler warning during configure
	There is no need to redefine _GNU_SOURCE in tests that occur after
	gl_INIT, since that macro already AC_DEFINE'd it for us.

2011-05-12  Osier Yang  <jyang@redhat.com>

	docs: Fix documentation for cputune parameters
	This re-adds the example section originally written by Osier Yang,
	and indicates the version in which the cputune parameters became
	available in libvirt.

2011-05-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Add skipgen/autogen flags to .x files
	Make procedure parsing more robust, by allowing arbitrary
	amounts of whitespaces.

	Also make some error messages more verbose.

2011-05-12  Eric Blake  <eblake@redhat.com>

	nwfilter: drop unused flag argument
	The public API and RPC over-the-wire format have no flags argument,
	so neither should the internal callback API.  This simplifies the
	RPC generator.

	* src/driver.h (virDrvNWFilterDefineXML): Drop argument that does
	not match public API.
	* src/nwfilter/nwfilter_driver.c (nwfilterDefine): Likewise.
	* src/libvirt.c (virNWFilterDefineXML): Likewise.
	* daemon/remote_generator.pl: Drop special case.

2011-05-11  Eric Blake  <eblake@redhat.com>

	maint: omit translation for all VIR_INFO
	We were 31/73 on whether to translate; since less than 50% translated
	and since VIR_INFO is less than VIR_WARN which also doesn't translate,
	this makes sense.

	* cfg.mk (sc_prohibit_gettext_markup): Add VIR_INFO, since it
	falls between WARN and DEBUG.
	* daemon/libvirtd.c (qemudDispatchSignalEvent, remoteCheckAccess)
	(qemudDispatchServer): Adjust offenders.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/network/bridge_driver.c (networkReloadIptablesRules)
	(networkStartNetworkDaemon, networkShutdownNetworkDaemon)
	(networkCreate, networkDefine, networkUndefine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainDefine)
	(qemudDomainUndefine): Likewise.
	* src/storage/storage_driver.c (storagePoolCreate)
	(storagePoolDefine, storagePoolUndefine, storagePoolStart)
	(storagePoolDestroy, storagePoolDelete, storageVolumeCreateXML)
	(storageVolumeCreateXMLFrom, storageVolumeDelete): Likewise.
	* src/util/bridge.c (brProbeVnetHdr): Likewise.
	* po/POTFILES.in: Drop src/util/bridge.c.

2011-05-11  Eric Blake  <eblake@redhat.com>

	build: wrap macro body in one-shot do-while loop
	* src/libvirt.c (VIR_DOMAIN_DEBUG_1): Convert to single statement.
	Suggested by Jiri Denemark.

2011-05-11  Eric Blake  <eblake@redhat.com>

	build: drop need for VIR_DOMAIN_DEBUG0()
	This one's tricker than the VIR_DEBUG0() removal, but the end
	result is still C99 compliant, and reasonable with enough comments.

	* src/libvirt.c (VIR_ARG10, VIR_HAS_COMMA)
	(VIR_DOMAIN_DEBUG_EXPAND, VIR_DOMAIN_DEBUG_PASTE): New macros.
	(VIR_DOMAIN_DEBUG): Rewrite to handle one argument, moving
	multi-argument guts to...
	(VIR_DOMAIN_DEBUG_1): New macro.
	(VIR_DOMAIN_DEBUG0): Rename to VIR_DOMAIN_DEBUG_0.

2011-05-11  Christophe Fergeau  <cfergeau@redhat.com>

	fix xdr detection and use with recent glibc
	glibc 2.13.90 has obsoleted its rpc implementation in favour of
	the one provided by the TI-RPC library:

	> * The RPC implementation in libc is obsoleted.  Old programs keep working
	>   but new programs cannot be linked with the routines in libc anymore.
	>   Programs in need of RPC functionality must be linked against TI-RPC.
	>   The TI-RPC implemtation is IPv6 enabled and there are other benefits.
	>
	>   Visible changes of this change include (obviously) the inability to
	>   link
	>   programs using RPC functions without referencing the TI-RPC library,
	>   the
	>   removal of the RPC headers from the glibc headers, and the lack of
	>   symbols defined in <rpc/netdb.h> when <netdb.h> is installed.
	>   Implemented by Ulrich Drepper.
	(from glibc NEWS)

	Thus with recent glibc, we need to try linking with -ltirpc when looking
	for the XDR functions. The daemon also needs to use XDR_CFLAGS to be able
	to find the XDR headers stored in /usr/include/tirpc.

	When using TI-RPC, there are some warnings about redundant declarations, but
	the fix probably belongs in other modules:

	/usr/include/tirpc/rpc/rpcent.h:68:13: warning: redundant redeclaration of
	'setrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:53:13: note: previous declaration of 'setrpcent'
	was here

	/usr/include/tirpc/rpc/rpcent.h:69:13: warning: redundant redeclaration of
	'endrpcent' [-Wredundant-decls]
	/usr/include/rpc/netdb.h:54:13: note: previous declaration of 'endrpcent'
	was here

	/usr/include/tirpc/rpc/rpc.h:84:12: warning: redundant redeclaration of
	'bindresvport' [-Wredundant-decls]
	/usr/include/netinet/in.h:440:12: note: previous declaration of
	'bindresvport' was here

2011-05-11  Eric Blake  <eblake@redhat.com>

	build: avoid gcc preprocessor extensions
	Use of ',##__VA_ARGS__' is a gcc extension not guaranteed by
	C99; thankfully, we can avoid it by lumping the format argument
	into the var-args set.

	* src/util/logging.h (VIR_DEBUG_INT, VIR_INFO_INT, VIR_WARN_INT)
	(VIR_ERROR_INT, VIR_DEBUG, VIR_INFO, VIR_WARN, VIR_ERROR): Stick
	to C99 var-arg macro syntax.
	* examples/domain-events/events-c/event-test.c (VIR_DEBUG):
	Simplify.

2011-05-11  Lai Jiangshan  <laijs@cn.fujitsu.com>

	libvirt,logging: cleanup VIR_XXX0()
	These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead.

	How do these coversions works? The magic is using the gcc extension of ##.
	When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to
	avoid compile error.

	example: origin				after CPP
		high_level_api("%d", a_int)	low_level_api("%d", a_int)
		high_level_api("a  string")	low_level_api("a  string")

	About 400 conversions.

	8 special conversions:
	VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions
	VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions
	VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal)
	  (for security) 6 conversions

2011-05-11  Eric Blake  <eblake@redhat.com>

	maint: avoid a couple of gnulib regressions
	Double-close regression in upstream gnulib fclose was introduced
	to libvirt in commit 9d8e01a1d.

	Meanwhile, adding rpcgen as a bootstrap prerequisite in commit
	fb1e8d9c prevented RHEL 5 from running bootstrap.

	* .gnulib: Update to latest, for fclose and bootstrap fixes.
	* bootstrap: Synchronize from upstream.

2011-05-11  Eric Blake  <eblake@redhat.com>

	node_device: avoid null dereference on error
	If we plow on after udev_device_get_syspath fails, we will hit a NULL
	dereference.  Clang found one due to strdup later in udevSetParent,
	but in fact we hit a NULL dereference sooner because of the use of
	STREQ within virNodeDeviceFindBySysfsPath.

	* src/conf/node_device_conf.h (virNodeDeviceFindBySysfsPath): Mark
	path argument non-null.
	* src/node_device/node_device_udev.c (udevSetParent): Avoid null
	dereference.

2011-05-11  Eric Blake  <eblake@redhat.com>

	build: remove some dead assignments
	No syntactic effect; this merely silences some clang warnings.

	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Drop
	redundant ret=0 statement.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextDriveDel):
	Likewise.

2011-05-11  Eric Blake  <eblake@redhat.com>

	tests: avoid crash when run under gcov
	Running ./autobuild.sh failed when gcov is installed, because
	commandtest ended up crashing during gcov's getenv() call after
	exit() had already started.  I traced this nasty bug back to
	a scoping issue present since the test introduction.

	* tests/commandtest.c (mymain): Move newenv...
	(newenv): ...to a scope that is still useful during exit().

2011-05-11  Eric Blake  <eblake@redhat.com>

	build: fix VPATH build with distributed generated files
	* daemon/Makefile.am (DAEMON_GENERATED, remote_dispatch_*.h)
	(qemu_dispatch_*.h): Update to live in srcdir, since they are
	distributed.
	Detected by Daniel P. Berrange's autobuilder.

	docs: avoid double 'the'
	* docs/testsuites.html.in: Keep 'make syntax-check' happy.

2011-05-11  Daniel Veillard  <veillard@redhat.com>

	Add documentation about test suites
	Create a new top level entry, add a new page listing the 3
	test suites, and then one page for the TCK and one page for
	libvirt-test-API

2011-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Allow destroying QEMU VM even if a job is active
	Introduce a virProcessKill function that can be safely called
	even when the job mutex is held. This allows virDomainDestroy
	to kill any VM even if it is asleep in a monitor job. The PID
	will die and the thread asleep on the monitor will then wake
	up releasing the job mutex.

	* src/qemu/qemu_driver.c: Kill process before using qemuProcessStop
	  to ensure job is released
	* src/qemu/qemu_process.c: Add virProcessKill for killing off
	  QEMU processes

2011-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Add support for YAJL version 2 API/ABI
	Version 2.0.0 or yajl changed API. It is fairly trivial for us to
	cope with both APIs in libvirt, so adapt.

	* configure.ac: Probe for yajl2 API
	* src/util/json.c: Conditional support for yajl2 API

2011-05-11  Paolo Bonzini  <pbonzini@redhat.com>

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.


	Apologies from Eric Blake, for mistakenly committing the broken
	intermediate version.

2011-05-11  Paolo Bonzini  <pbonzini@redhat.com>

	libxl: support enabling the HPET
	libxl accepts hpet configuration in its domain info struct.  Parse the
	domain definition's <clock> element in order to set the value.

2011-05-11  Paolo Bonzini  <pbonzini@redhat.com>

	xen: parse and generate hpet item in sxpr
	Recent versions of Xen disable the virtual HPET by default.  This is
	usually more precise because tick policies are not implemented for
	the HPET in Xen.  However, there may be several reasons to control
	the HPET manually: 1) to test the emulation; 2) because distros may
	provide the knob while leaving the default to "enabled" for compatibility
	reasons.

	This patch provides support for the hpet item in both sexpr and xm
	formats, and translates it to a <timer> element.

2011-05-10  Doug Goldstein  <cardoe@gentoo.org>

	docs: updates to CA cert and client cert/key info
	Update the documentation to mention that the CA certificate and the
	client cert/key pair can come from the user's location or the global
	location independent of each other.

2011-05-10  Doug Goldstein  <cardoe@gentoo.org>

	virsh: flexibility in CA cert and user cert/key
	Allow the CA certificate to come from the user's home directory or from
	the global location independently of the client certificate/key pair.

	Mostly for the case when each user on a system has their own cert/key
	pair but the system as a whole shares the same CA.

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Make parsing stricter
	Anchor matches at the beginning of a line.

	Specialize some general matches.

	Add some comments to special cases.

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Unify unsigned int notation in .x files
	Rename u_int and unsigned to unsigned int. This gets rid of some special
	case code in the generator.

	remote generator: Fix comment ignoring regex

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Rename internal DumpXML functions to GetXMLDesc
	This matches the public API and helps to get rid of some special
	case code in the remote generator.

	Rename driver API functions and XDR protocol structs.

	No functional change included outside of the remote generator.

2011-05-10  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu,inject-nmi: Implement the driver methods

	inject-nmi: Expose the new API in virsh

	inject-nmi: Implementing the remote protocol

	inject-nmi: Implementing the public API

	inject-nmi: Defining the internal API

	inject-nmi: Defining the public API

2011-05-10  Cole Robinson  <crobinso@redhat.com>

	lxc: container: Build init cmd before we close stdout
	That way we can log the 'init' argv for debugging.

	lxc: container: Convert <init> exec to virCommand

	command: Add virCommandExec helper
	Actually execs the argv/env we've generated, replacing the current process.
	Kind of has a limited usage, but allows us to use virCommand in LXC
	driver to launch the 'init' process

	lxc: driver: Improve logging when launching emulator
	Log the full command line and a timestamp like we do for QEMU

	lxc: driver: Convert emulator launching to virCommand
	v2:
	    Shorten a few virCommand calls
	    s/remain/retain/

2011-05-10  Cole Robinson  <crobinso@redhat.com>

	command: Add virCommandEnvAddFormat
	Similar to virCommandArgAddFormat. We will use this shortly.

	v2:
	    Convert virCommandEnvAddPair to use the new function

2011-05-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix two uninitialized variable warnings
	gcc only reports them when compiling with -O3.

	apparmor: Fix uninitalized variable warning in virt-aa-helper

2011-05-09  Eric Blake  <eblake@redhat.com>

	build: translate generated strings
	Make sure that xgettext scans generated files for translatable
	strings, rather than just files stored in libvirt.git.

	* .gnulib: Update, for bootstrap and syntax-check fixes.
	* bootstrap: Resynchronize with gnulib.
	* cfg.mk (generated_files): Define.
	* po/POTFILES.in: Add more files with _().

2011-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus assert() from migration code
	assert() is forbidden in libvirt code, and these two cases would
	in fact never execute due to earlier error checks.

	* src/libvirt.c: Remove assert() usage

2011-05-09  Daniel P. Berrange  <berrange@redhat.com>

	Pull in gnulib fnmatch module
	The libvirtd daemon uses fnmatch. Although we don't yet build
	it on Win32, we should use gnulib's fnmatch module to ensure
	portability to all platforms.

	* bootstrap.conf: Add fnmatch

2011-05-09  Jiri Denemark  <jdenemar@redhat.com>

	json: Fix *GetBoolean functions
	They were not used anywhere so far so nobody noticed they are broken.

2011-05-09  Eric Blake  <eblake@redhat.com>

	build: rebuild generated files after rpcgen_fix.pl tweak
	Noticed this while trying to run rpcgen on cygwin.

	* src/Makefile.am ($(srcdir)/remote/%_protocol.h)
	($(srcdir)/remote/%_protocol.c): Add a dependency.

2011-05-09  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	* src/Makefile.am (REMOTE_DRIVER_GENERATED): Generated files
	should live in $(srcdir). Update rules to reflect this.

2011-05-09  Daniel Veillard  <veillard@redhat.com>

	Re-add libvirt.spec to tarball to allwo "make rpm"
	Commit e6972165 broke "make rpm" and rpmbuild -ta tarball

2011-05-07  Daniel P. Berrange  <berrange@redhat.com>

	build: Remove all generated RPC files from GIT
	Stop storing the generated files for the remote protocol client
	and server in source control. The generated files will still be
	included in the result of 'make dist' to avoid end-users needing
	to generate the files


	Unfortunately, this means that the strings marked for translation
	in generated files are not picked up by gnulib's syntax-check,
	I'm working on fixing that in gnulib.

	* .gitignore, cfg.mk, po/POTFILES.in: Reflect deletion.

2011-05-07  Daniel P. Berrange  <berrange@redhat.com>

	build: refactor generated RPC files
	Always generate the rpc files, and require rpcgen during bootstrap.

	* daemon/Makefile.am: Removed generated files with
	  maintainer-clean target
	* src/Makefile.am: Removed generated files with
	  maintainer-clean target. Always run 'rpcgen' if
	  generated files are missing

2011-05-06  Eric Blake  <eblake@redhat.com>

	build: rename generated files to .h, for automake's sake
	In preparation for removing generated files, it is necessary
	to tell automake that the generated files must be distributed
	but not directly compiled (since they are included into the
	body of a larger .c file that is compiled).  Hence, even though
	these files are code and not headers in the strict sense of
	the word, it is easier to rename them to .h for automake's sake.

	* daemon/remote_client_bodies.c: Rename to .h.
	* daemon/qemu_client_bodies.c: Likewise.
	* src/remote/remote_client_bodies.c: Likewise.
	* src/remote/qemu_client_bodies.c: Likewise.
	* daemon/Makefile.am (remote_dispatch_bodies.c)
	(qemu_dispatch_bodies.c): Rename to .h.
	(remote.c, EXTRA_DIST): Reflect rename.
	* daemon/remote.c: Likewise.
	* daemon/remote_generator.pl: Likewise.
	* src/Makefile.am (remote/remote_driver.c): Likewise.
	* src/remote/remote_driver.c: Likewise.
	* po/POTFILES.in: Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_require_config_h)
	(exclude_file_name_regexp--sc_require_config_h_first)
	(exclude_file_name_regexp--sc_prohibit_empty_lines_at_EOF):
	Likewise.

2011-05-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator, client: Handle arguments with limited length
	This adds length checks to all affected functions.

	remote generator, client: Handle functions that return lists

	remote: Refactor remote*Open and remote*Close functions
	Add generic versions of the open and close functions and call them.

	remote generator, client: Handle functions with optional return values

	remote generator, client: Handle functions with multiple return values

	remote generator, client: Handle functions with wrapped return values

	remote generator, client: Handle functions with simple return values

	remote generator, client: Handle simple remote driver functions
	Rename remoteSecretListSecrets to remoteListSecrets to match the normal
	naming pattern.

	remote generator: Reorder into prepare and print section

	remote generator, daemon: Handle functions with multiple return values
	Once again rename members in the XDR definitions to avoid special case
	code in the generator.

	remote generator, daemon: Combine multiple ifs in the generated code

	remote generator, daemon: Handle the CPU functions
	They require additional special cases.

	remote generator: Refactor duplicate code

	remote generator, daemon: Handle functions that return lists

	remote: Rename 'nameslen' to the common 'maxnames'
	Avoids special case handling in the remote generator.

	remote generator, daemon: Handle functions with optional arguments

	remote generator, daemon: Handle more functions
	This covers functions that return single wrapped objects and don't
	involve complexer code in the body.

	remote generator, daemon: Handle simple-return-value functions

	remote generator, daemon: Change capitalization of some words
	Again this will simplify the generator, due to less special case handling.

2011-05-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Replace 'domain' with 'dom' in the XDR protocol
	This simplifies the remote protocol code generator.

	Also rename 'ret' to 'result' to resolve a naming conflict in the
	generator.

2011-05-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator, daemon: Output function bodies too
	This patch just covers the simple functions without explicit return
	values. There is more to be handled.

	The generator collects the members of the XDR argument structs and uses
	this information to generate the function bodies.

	Exclude the generated files from offending syntax-checks.

	Suggested by Richard W.M. Jones

2011-05-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote generator: Replace tabs with spaces and rename file
	No functional change included, just a whitespace change.

2011-05-06  Markus Groß  <gross@univention.de>

	Balloon dom0 in libxl driver
	Creating a domU on a freshly booted dom0 does not work,
	because the libxl driver does not allocate memory for the domU.
	After creating a domain with xl libvirt is able to create domains too.
	This patch reserves enough memory for the domU first.

2011-05-06  Eric Blake  <eblake@redhat.com>

	build: drop files generated by config.status from tarball
	The rule of thumb is that any file generated by config.status
	is a) reproducible by any user, b) dependent on configure options.
	Therefore, it is inappropriate to include such generated files
	in the tarball (for proof, Makefile is generated from Makefile.in;
	the former is not in the tarball while the latter is).

	* Makefile.am (EXTRA_DIST): Remove files covered by AC_OUTPUT.

2011-05-06  Doug Goldstein  <cardoe@gentoo.org>

	remote: check actual access to the cert
	Instead of calling stat(), check that we'll actually be able to access
	and read the file.

2011-05-06  Eric Blake  <eblake@redhat.com>

	maint: avoid comparisons to bool constants
	HACKING already mentions that comparisons against literal 'true'
	are unsafe; for consistency, also shorten comparisons against 'false'.

	* src/conf/domain_conf.c (virDomainNetDefParseXML): Simplify.
	* src/nwfilter/nwfilter_gentech_driver.c
	(virNWFilterDomainFWUpdateCB): Likewise.
	* tools/virsh.c (cmdVolDownload, vshCommandRun, vshPrintExtra):
	Likewise.

2011-05-06  Michal Privoznik  <mprivozn@redhat.com>

	Add warning message to XML definition files stored on disk
	Users often edit XML file stored in configuration directory
	thinking of modifying a domain/network/pool/etc. Thus it is wise
	to let them know they are using the wrong way and give them hint.

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix security driver handling of FIFOs with QEMU
	When setting up a FIFO for QEMU, it allows either a pair
	of fifos used unidirectionally, or a single fifo used
	bidirectionally. Look for the bidirectional fifo first
	when labelling since that is more useful

	* src/security/security_dac.c,
	  src/security/security_selinux.c: Fix fifo handling

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Make taint warnings also go into the domain logfile
	As well as taint warnings going to the main libvirt log,
	add taint warnings to the per-domain logfile

	  Domain id=3 is tainted: high-privileges
	  Domain id=3 is tainted: disk-probing
	  Domain id=3 is tainted: shell-scripts
	  Domain id=3 is tainted: custom-monitor

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Enhance
	  qemuDomainTaint to also log to the domain logfile
	* src/qemu/qemu_driver.c: Pass -1 for logFD to taint methods to
	  auto-append to logfile
	* src/qemu/qemu_process.c: Pass open logFD at startup for taint
	  methods

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Add a qemuDomainAppendLog method for writing to the domain logfile
	The qemuDomainAppendLog method allows writing a formatted string
	to the end of the domain logfile, optionally opening it if needed.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainAppendLog

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Move qemuProcessLogReadFD and qemuProcessLogFD methods
	Move the qemuProcessLogReadFD and qemuProcessLogFD methods
	into qemu_domain.c, renaming them to qemuDomainCreateLog
	and qemuDomainOpenLog.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainCreateLog and qemuDomainOpenLog.
	* src/qemu/qemu_process.c: Remove qemuProcessLogFD
	  and qemuProcessLogReadFD

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Log taint warnings in QEMU driver
	Wire up logging of VM tainting to the QEMU driver

	 - If running QEMU as root user/group or without capabilities
	   being cleared
	 - If passing custom QEMU command line args
	 - If issuing custom QEMU monitor commands
	 - If using a network interface config with an associated
	   shell script
	 - If using a disk config relying on format probing

	The warnings, per-VM appear in the main libvirtd logs

	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: high-privileges
	  11:56:17.571: 10832: warning : qemuDomainObjTaint:712 : Domain id=1 name='l2' uuid=c7a3edbd-edaf-9455-926a-d65c16db1802 is tainted: disk-probing

	The taint flags are reset when the VM is stopped.

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Helper APIs
	  for logging taint warnings
	* src/qemu/qemu_driver.c: Log tainting with custom QEMU monitor
	  commands and disk/net hotplug with unsupported configs
	* src/qemu/qemu_process.c: Log tainting at startup based on
	  unsupported configs

2011-05-06  Daniel P. Berrange  <berrange@redhat.com>

	Add field to virDomainObjPtr to track "tainting"
	Some configuration setups for guests are allowed, but strongly
	discouraged and unsupportable in production systems. Introduce
	a concept of 'tainting' to virDomainObjPtr to allow such setups
	to be identified. Drivers can then log warnings at suitable
	times

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Declare taint
	  flags and add parsing/formatting of domain status XML

2011-05-06  Doug Goldstein  <cardoe@gentoo.org>

	virsh: improve TLS certificate error messages
	Print the name of the CA cert, certificate, and key file that resulted
	in the failure so that the user has an idea what to troubleshoot.

2011-05-05  Eric Blake  <eblake@redhat.com>

	virsh: use new method for easier log to file
	Easier to maintain, and no longer an arbitrary line length limit.

	* tools/virsh.c (vshOutputLogFile): Replace snprintf with
	virBuffer.

2011-05-05  Eric Blake  <eblake@redhat.com>

	buf: add virBufferVasprintf
	Match the fact that we have virAsprintf and virVasprintf.

	* src/util/buf.h (virBufferVasprintf): New prototype.
	* src/util/buf.c (virBufferAsprintf): Move guts...
	(virBufferVasprintf): ...to new function.
	* src/libvirt_private.syms (buf.h): Export it.
	* bootstrap.conf (gnulib_modules): Add stdarg, for va_copy.

2011-05-05  Eric Blake  <eblake@redhat.com>

	maint: rename virBufferVSprintf to virBufferAsprintf
	We already have virAsprintf, so picking a similar name helps for
	seeing a similar purpose.  Furthermore, the prefix V before printf
	generally implies 'va_list', even though this variant was '...', and
	the old name got in the way of adding a new va_list version.

	global rename performed with:

	$ git grep -l virBufferVSprintf \
	  | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'

	then revert the changes in ChangeLog-old.

2011-05-05  Cole Robinson  <crobinso@redhat.com>

	docs: <filesystem> attr is 'accessmode', not 'mode'

2011-05-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix qemuMigrationToFile nonull annotation
	The qemuMigrationToFile method was accidentally annotated for
	the 'compressor' parameter to be non-null, instead of the
	'path' parameter. Thus GCC with -O2, unhelpfully deleted the
	entire 'if (compressor == NULL)' block of code during
	optimization. Thus NULL was passed to virCommandNew() with
	predictably bad results.

	* src/qemu/qemu_migration.h: Fix non-null annotation to be
	  against path instead of compressor

2011-05-05  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU migration use cached qemu capabilities data
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Remove
	  qemuCaps parameters & use cached data
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  migration methods

	Make QEMU hotplug use cached qemu capabilities data
	* src/qemu/qemu_hotplug.h, src/qemu/qemu_hotplug.c: Remove
	  qemuCaps parameters from all methods
	* src/qemu/qemu_driver.c: Don't create & pass qemuCaps to
	  hotplug methods

2011-05-05  Daniel P. Berrange  <berrange@redhat.com>

	Persist qemu capabilities in the domain status file
	To cope with the QEMU binary being changed while a VM is running,
	it is neccessary to persist the original qemu capabilities at the
	time the VM is booted.

	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: Add
	  an enum for a string rep of every capability
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Support for
	  storing capabilities in the domain status XML
	* src/qemu/qemu_process.c: Populate & free QEMU capabilities at
	  domain startup

2011-05-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.1
	* configure.ac libvirt.spec.in docs/news.html.in: update and document
	  the release
	* po/*.po*: update localizations for german, polish, spanish, ukrainian
	  and vietnamese coming from transifex, regenerate

2011-05-05  Eric Blake  <eblake@redhat.com>

	maint: detect clang 2.9
	In Fedora 15, with clang 2.8, 'scan-build env' shows:
	CCC_ANALYZER_ANALYSIS=-analyzer-check-objc-mem -analyzer-check-security-syntactic -analyzer-check-dead-stores -analyzer-check-objc-unused-ivars -analyzer-check-objc-methodsigs

	But in rawhide, with clang 2.9, the same variable is set but
	empty, implying the default set of analysis.  We still want
	sa_assert defined in that case, to stop clang from hitting
	false positives.

	* configure.ac (STATIC_ANALYSIS): Detect clang even when the set
	of analyses is the default.

2011-05-04  Eric Blake  <eblake@redhat.com>

	storage: avoid null deref and leak on failure
	Detected by clang.  NULL deref added in commit 343a27a (Mar 11),
	but leak of voldef present since commit 2cd9b2d (Apr 09).

	* src/storage/storage_driver.c (storageVolumeCreateXML): Don't
	leak voldef or dereference null volobj.

2011-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Disable performance counter queries in esxDomainGetInfo
	The queried values aren't used yet.

2011-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Avoid null dereference on error in esxDomainGetInfo
	Add missing early exits and convert error logging to proper API level
	error reporting.

	Centralize cleanup code for the PerfQuerySpec object.

	Reported by Eric Blake, detected by clang.

2011-05-04  Eric Blake  <eblake@redhat.com>

	remote: avoid null dereference on error
	Clang found three instances of uninitialized use of nparams in
	the cleanup path.  Unfortunately, one is a false positive: clang
	couldn't see that ret->params.params_val is guaranteed to be
	NULL unless allocated within a function, and that nparams is
	guaranteed to be assigned prior to the allocation; hoisting the
	assignment to nparams to be earlier in the function shuts up
	that false positive.  But two of the reports also happened to
	highlight a real bug - the error path can dereference NULL.

	Regression introduced in commit 158ba873.

	* daemon/remote.c (remoteDispatchDomainGetMemoryParameters)
	(remoteDispatchDomainGetBlkioParameters): Don't clear fields if
	array was not allocated.
	(remoteDispatchDomainGetSchedulerParameters): Initialize nparams
	earlier.

2011-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Remove dead store in esxUtil_ParseDatastorePath
	The ++ on preliminaryFileName was a left over from a previous version
	of this function that explicitly returned the filename and did a strdup
	on preliminaryFileName afterwards.

	As the filename isn't returned explicitly anymore remove the preliminary
	variable for it and reuse the tmp variable instead.

	Reported by Eric Blake, detected by clang.

2011-05-04  Eric Blake  <eblake@redhat.com>

	qemu: update qemuCgroupControllerActive signature
	Clang warned about a dead assignment.  In the process, I noticed
	that we are only using the function for a bool value.  I audited
	all other callers in qemu_{migration,cgroup,driver,hotplug), and
	all were making the call in a bool context.

	Also, do bounds checking on the argument.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Delete dead
	assignment.
	(qemuCgroupControllerActive): Change return type to bool.
	* src/qemu/qemu_cgroup.h (qemuCgroupControllerActive): Likewise.

2011-05-04  Eric Blake  <eblake@redhat.com>

	util: remove dead assignment
	Clang complained about this, and it was easy enough to fix.

	* src/util/util.c (virFileOpenAs): Drop dead assignment.

2011-05-04  Eric Blake  <eblake@redhat.com>

	lxc: report correct error
	Clang noticed a dead assignment, which turned out to be the use
	of the wrong variable.  rc starts life as -1, and is only ever
	assigned to 0 just before a successful cleanup.

	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Don't call
	virReportSystemError(-1).

2011-05-04  Eric Blake  <eblake@redhat.com>

	libxl: avoid compiler warning
	Detected by gcc:

	libxl/libxl_driver.c: In function 'libxlDomainDestroy':
	libxl/libxl_drier.c:1351:30: error: variable 'priv' set but not used [-Werror=unused-but-set-variable]

	* src/libxl/libxl_driver.c (libxlDomainDestroy): Delete unused
	variable.

2011-05-04  Eric Blake  <eblake@redhat.com>

	qemu: remove dead assignment
	Detected by clang.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Nothing later
	uses is_reg.

2011-05-04  Eric Blake  <eblake@redhat.com>

	storage: use virCommand to avoid compiler warning
	clang didn't like the last increment to nargs.  But why even
	track nargs ourselves, when virCommand does it for us?

	* src/storage/storage_backend_iscsi.c
	(virStorageBackendISCSIConnection): Switch to virCommand to avoid
	a dead-store warning on nargs.

2011-05-04  Eric Blake  <eblake@redhat.com>

	cgroup: avoid leaking a file
	Clang detected a dead store to rc.  It turns out that in fixing this,
	I also found a FILE* leak.

	This is a subtle change in behavior, although unlikely to hit.  The
	pidfile is a kernel file, so we've probably got more serious problems
	under foot if we fail to parse one.  However, the previous behavior
	was that even if one pid file failed to parse, we tried others,
	whereas now we give up on the first failure.  Either way, though,
	the function returns -1, so the caller will know that something is
	going wrong, and that not all pids were necessarily reaped.  Besides,
	there were other instances already in the code where failure in the
	inner loop aborted the outer loop.

	* src/util/cgroup.c (virCgroupKillInternal): Abort rather than
	resuming loop on fscanf failure, and cleanup file on error.

2011-05-03  Eric Blake  <eblake@redhat.com>

	qemu: silence clang false positives
	Clang 2.8 wasn't quite able to follow that persistentDef was
	assigned earlier if (flags & VIR_DOMAIN_MEM_CONFIG) is true.
	Silence this false positive, to make clang analysis easier to use.

	* src/qemu/qemu_driver.c (qemudDomainSetMemoryFlags): Add an
	annotation to silence clang's claim of a NULL dereference.

2011-05-03  Eric Blake  <eblake@redhat.com>

	virsh: avoid null pointer dereference
	Clang detected that vol-download will call unlink(NULL) if there
	is a parse error during option parsing.  Also, mingw doesn't like
	unlinking an open file.

	* tools/virsh.c (cmdVolDownload): Only unlink file if created.

2011-05-03  Eric Blake  <eblake@redhat.com>

	pci: fix null pointer dereference
	Clang detected a null-pointer dereference regression, introduced
	in commit 4e8969eb.  Without this patch, a device with
	unbind_from_stub set to false would eventually try to call
	virFileExists on uncomputed drvdir.

	* src/util/pci.c (pciUnbindDeviceFromStub): Ensure drvdir is set
	before use.

2011-05-03  Eric Blake  <eblake@redhat.com>

	qemu: avoid null pointer dereference
	This code has had problems historically.  As originally
	written, in commit 6bcf2501 (Jun 08), it could call unlink
	on a random string, nuking an unrelated file.

	Then commit 182a80b9 (Sep 09), the code was rewritten to
	allocate tmp, with both a use-after-free bug and a chance to
	call unlink(NULL).

	Commit e206946 (Mar 11) fixed the use-after-free, but not the
	NULL dereference.  Thanks to clang for catching this!

	* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
	unlink on NULL.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: avoid null pointer dereference
	Unlikely to hit in real life, but clang noticed it.

	* tests/commandtest.c (checkoutput, test4, test18): Avoid
	unlink(NULL) on OOM.

2011-05-03  Eric Blake  <eblake@redhat.com>

	Revert "lxc: Do not try to reconnect inactive domain when do lxcStartup"
	This reverts commit 0e7f7f8566f3e7fcf5bce395555fa1b5cf1e136b.

	From the mailing list:

	> So, AFAICT, this patch means we will never reconnect to any LXC
	> VMs now.
	>
	> The correct solution, is to refactor LXC driver startup to work
	> the same way as the QEMU driver startup.
	>
	>   - Load all the live state XML files (to pick up running VMs)
	>   - Reconnect to all VMs
	>   - Load all the persistent config XML files (to pick up any additional
	>     inactive guets)

	But that solution is invasive enough to be post-0.9.1.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: suppress more valgrind situations
	* tests/.valgrind.supp: Consolidate bash suppressions.  Ignore
	more libnl issues.

2011-05-03  Michal Privoznik  <mprivozn@redhat.com>

	Fix disability to run on systems with no PCI bus
	The patch which moved libpciaccess initialization to one place caused
	regression - we were not able to run on system with no PCI bus, like
	s390(x).

2011-05-03  Osier Yang  <jyang@redhat.com>

	lxc: Do not try to reconnect inactive domain when do lxcStartup
	Otherwise if there are inactive lxc domains, lxcStartup will
	try to reconnect to sockets of these domains, which results in
	errors in libvirtd log.

2011-05-03  Eric Blake  <eblake@redhat.com>

	tests: avoid compiler warning
	../../tests/xmconfigtest.c: In function 'testCompareParseXML':
	../../tests/xmconfigtest.c:49:19: error: 'conn' may be used uninitialized in this function [-Wuninitialized]

	* tests/xmconfigtest.c (testCompareParseXML): Initialize variable.

2011-05-02  Christophe Fergeau  <cfergeau@redhat.com>

	qemu: fix uninitialized variable warning
	This commit fixes
	qemu/qemu_driver.c: In function 'qemuDomainModifyDeviceFlags':
	qemu/qemu_driver.c:4041:8: warning: 'ret' may be used uninitialized in this
	function [-Wuninitialized]
	qemu/qemu_driver.c:4013:9: note: 'ret' was declared here

	The variable is set to -1 so that the error paths are taken when the code
	to set it didn't get a chance to run. Without initializing it, we could
	return some an undefined value from this function.

	While I was at it, I made a trivial whitespace change in the same function
	to improve readability.

2011-05-02  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	fix missing VLAN id for Qbg example
	For IEEE 802.1Qbg, it is necessary to use a VLAN interface.
	vepa itself does not require a VLAN interface.

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Lower stack usage below 4096 bytes
	Make virtTestLoadFile allocate the buffer to read the file into.

	Fix logic error in virtTestLoadFile, stop reading on the first empty line.

	Use virFileReadLimFD in virtTestCaptureProgramOutput to avoid manual
	buffer handling.

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Update valgrind suppressions file

2011-04-30  Supriya Kannery  <supriyak@in.ibm.com>

	virsh: fix regression in log to file
	Commit 36deff04 introduced a regression due to which virsh is not able
	to log to a file - msg_buf was changed from an array to a pointer
	without corresponding change to usage of "sizeof()".

	Fix regression in virsh logging

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix memory leak in the ebtables subdriver
	Call shutdown functions for all subcomponents in nwfilterDriverShutdown.

	Make sure that this shutdown functions can safely be called multiple times
	and independent from the actual subcomponents state.

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Fix qemuDomainModifyDeviceFlags leaking the caps bitmap

2011-04-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix memory leak in __virExec
	Commit e0d014f2379dd made binary potentially allocated on the heap.
	It was freed in the parent in the error path, but not in the success path
	that doesn't goto the cleanup label.

	Found by 'make -C tests valgrind'.

2011-04-29  Eric Blake  <eblake@redhat.com>

	hash: fix memory leak regression
	Commit 1671d1d introduced a memory leak in virHashFree, and
	wholesale table corruption in virHashRemoveSet (elements not
	requested to be freed are lost).

	* src/util/hash.c (virHashFree): Free bucket array.
	(virHashRemoveSet): Don't lose elements.
	* tests/hashtest.c (testHashCheckForEachCount): New method.
	(testHashCheckCount): Expose the bug.

2011-04-29  Cole Robinson  <crobinso@redhat.com>

	docs: Document <filesystem> device
	Tried to dredge through old changelogs and commits to come up with it, so
	may not be completely accurate.

	v2:
	Drop ambiguous 'containers'
	Use same mail archive for all links

2011-04-29  Eric Blake  <eblake@redhat.com>

	build: fix getcwd portability problems
	* bootstrap.conf (gnulib_modules): Add getcwd-lgpl.
	* tests/commandtest.c (checkoutput): Drop unused cwd.
	* tests/commandhelper.c (main): Let getcwd malloc.
	* tests/testutils.c (virTestMain): Likewise.
	* tools/virsh.c (cmdPwd): Likewise.
	(virshCmds): Expose cmdPwd and cmdCd on mingw.

2011-04-29  Eric Blake  <eblake@redhat.com>

	tests: simplify common setup
	A few of the tests were missing basic sanity checks, while most
	of them were doing copy-and-paste initialization (in fact, some
	of them pasted the argc > 1 check more than once!).  It's much
	nicer to do things in one common place, and minimizes the size of
	the next patch that fixes getcwd usage.

	* tests/testutils.h (EXIT_AM_HARDFAIL): New define.
	(progname, abs_srcdir): Define for all tests.
	(VIRT_TEST_MAIN): Change callback signature.
	* tests/testutils.c (virtTestMain): Do more common init.
	* tests/commandtest.c (mymain): Simplify.
	* tests/cputest.c (mymain): Likewise.
	* tests/esxutilstest.c (mymain): Likewise.
	* tests/eventtest.c (mymain): Likewise.
	* tests/hashtest.c (mymain): Likewise.
	* tests/networkxml2xmltest.c (mymain): Likewise.
	* tests/nodedevxml2xmltest.c (myname): Likewise.
	* tests/nodeinfotest.c (mymain): Likewise.
	* tests/nwfilterxml2xmltest.c (mymain): Likewise.
	* tests/qemuargv2xmltest.c (mymain): Likewise.
	* tests/qemuhelptest.c (mymain): Likewise.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qparamtest.c (mymain): Likewise.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/sockettest.c (mymain): Likewise.
	* tests/statstest.c (mymain): Likewise.
	* tests/storagepoolxml2xmltest.c (mymain): Likewise.
	* tests/storagevolxml2xmltest.c (mymain): Likewise.
	* tests/virbuftest.c (mymain): Likewise.
	* tests/virshtest.c (mymain): Likewise.
	* tests/vmx2xmltest.c (mymain): Likewise.
	* tests/xencapstest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.
	* tests/xml2sexprtest.c (mymain): Likewise.
	* tests/xml2vmxtest.c (mymain): Likewise.

2011-04-29  Eric Blake  <eblake@redhat.com>

	build: avoid test warnings on mingw
	* .gnulib: Update to latest, for getaddrinfo fixes.
	Reported by Matthias Bolte.

2011-04-28  Eric Blake  <eblake@redhat.com>

	virsh: avoid compiler warning on mingw
	We don't use gnulib's sanitizations for vfprintf, but vshDebug
	was used with %zu, which means that it would fail on mingw.
	Thank goodness the compiler indirectly caught this for us :)

	virsh.c: In function 'vshDebug':
	virsh.c:12105:5: warning: function might be possible candidate for
	'ms_printf' format attribute [-Wmissing-format-attribute]

	since mingw <stdio.h> hasn't yet added gcc attributes to vfprintf.

	* tools/virsh.c (vshDebug): Avoid vfprintf.
	(vshPrintExtra): Use lighter-weight fputs.
	Reported by Matthias Bolte.

2011-04-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent update of disks
	Support update of disks by MODIFY_CONFIG

	This patch includes changes for qemu's disk to support
	virDomainUpdateDeviceFlags() with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.

	This patch adds support for CDROM/foppy disk types.


	* src/qemu/qemu_driver.c
	(qemuDomainUpdateDeviceConfig): support cdrom/floppy.

2011-04-28  Jim Fehlig  <jfehlig@novell.com>

	Xen: Do not generate net ifname if domain is inactive
	V2: Use virAsprintf instead of snprintf/strdup

	The xend driver will generate a virDomainNetDef ifname if one is not
	specified in xend sexpr, even if domain is inactive.  The result is
	network interface XML containing 'vif-1.Y' on dev attribute of target
	element, e.g.

	  <interface type='bridge'>
	    <target dev='vif-1.0'/>
	    ...

	This patch changes the behavior to only generate the ifname if not
	specified in xend sexpr *and* domain is not inactive (id != -1).

2011-04-28  Yufang Zhang  <yuzhang@redhat.com>

	xen: check if device is assigned to guest before reattaching
	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=664059

	Reattaching pci device back to host without destroying guest or
	detaching device from guest would cause host to crash. This patch adds
	a check before doing device reattach. If the device is being assigned
	to guest, libvirt refuses to reattach device to host. The patch only
	works for Xen, for it just checks xenstore to get pci device
	information.

2011-04-28  Laine Stump  <laine@laine.org>

	network: fix return value of hostsFileWrite
	The lone caller to hostsFileWrite (and the callers for at least 3
	levels up the return stack) assume that the return value will be < 0
	on failure. However, hostsFileWrite returns 0 on success, and a
	positive errno on failure. This patch changes hostsFileWrite to return
	-errno on failure.

2011-04-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/esx/esx_driver.c: Fix spelling of 'relative'.
	* src/util/util.c: Likewise.

2011-04-28  Jiri Denemark  <jdenemar@redhat.com>

	build: Use pkg-config for libssh2 check
	Currently the build fails if /usr/local/include does not exist since
	its use is hardcoded in configure.ac

	build: Ignore old audit library
	Check for audit_encode_nv_string in libaudit so that ancient audit
	library is ignored rather than trying to compile with libaudit support
	and failing.

2011-04-28  Osier Yang  <jyang@redhat.com>

	util: Initialize hooks at daemon shutdown if no hooks defined
	We support to initialize the hooks at daemon reload if there is no
	hooks script is defined, we should also support initialize the hooks
	at daemon shutdown if no hooks is defined.

	To address bz: https://bugzilla.redhat.com/show_bug.cgi?id=688859

2011-04-28  Wen Congyang  <wency@cn.fujitsu.com>

	fix virsh's regression
	This patch does the following things:
	1. The return value of cmdSchedInfoUpdate() can be -1, 0 and 1. So the
	   type of return value should be int not bool.(This function is not a
	   entry of a virsh command, but the name of this function likes cmdXXX)

	2. The type of cmdSchedinfo()'s, cmdFreecell()'s, cmdPoolList()'s and
	   cmdVolList()'s return value is bool not int, so change the type of
	   variable ret_val, func_ret and functionReturn.

	3. Add a variable functionReturn for cmdMigrate(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to save the
	   return value.

	4. Change the type of variable ret in the function cmdAttachDevice(),
	   cmdDetachDevice(), cmdUpdateDevice(), cmdAttachInterface(),
	   cmdDetachInterface(), cmdAttachDisk() and cmdDetachDisk() to int, as
	   we use it to save the return value of virXXX() and the type of virXXX()'s
	   return value is int not bool.

	5. Do some cleanup when virBuff.error is 1.

	The bug 1-4 were introduced by commit b56fa5bb.

2011-04-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent attach/detach disks
	Support changes of disks by MODIFY_CONFIG for qemu.

	This patch includes patches for qemu's disk to support
	virDomainAt(De)tachDeviceFlags with VIR_DOMAIN_DEVICE_MODIFY_CONFIG.

	Other devices can be added incrementally.


	* /src/conf/domain_conf.c
	(virDomainDiskIndexByName): returns array index of disk in vmdef.
	(virDomainDiskRemoveByName): removes a disk which has the name in vmdef.
	* src/qemu/qemu_driver.c
	(qemuDomainAttachDeviceConfig): add support for Disks.
	(qemuDomainDetachDeviceConfig): add support for Disks.

2011-04-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - support persistent modification of devices
	This patch adds functions for modify domain's persistent definition.
	To do error recovery in easy way, we use a copy of vmdef and update it.

	The whole sequence will be:

	  make a copy of domain definition.

	  if (flags & MODIFY_CONFIG)
	      update copied domain definition
	  if (flags & MODIF_LIVE)
	      do hotplug.
	  if (no error)
	      save copied one to the file and update cached definition.
	  else
	      discard copied definition.

	This patch is mixuture of Eric Blake's work and mine.
	From: Eric Blake <eblake@redhat.com>

	(virDomainObjCopyPersistentDef): make a copy of persistent vm definition
	(qemuDomainAttach/Detach/UpdateDeviceConfig) : callbacks. now empty
	(qemuDomainModifyDeviceFlags): add support for MODIFY_CONFIG and MODIFY_CURRENT

2011-04-27  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	Same fix as commit 1fc288e1e25.

	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-27  Jiri Denemark  <jdenemar@redhat.com>

	util: Simplify hash implementation
	So far first entries for each hash key are stored directly in the hash
	table while other entries mapped to the same key are linked through
	pointers. As a result of that, the code is cluttered with special
	handling for the first items.

	This patch makes all entries (even the first ones) linked through
	pointers, which significantly simplifies the code and makes it more
	maintainable.

2011-04-27  Jiri Denemark  <jdenemar@redhat.com>

	tests: More unit tests for internal hash APIs
	This adds several tests for remaining hash APIs (custom
	hasher/comparator functions are not covered yet, though).

	All tests pass both before and after the "Simplify hash implementation".

2011-04-27  Osier Yang  <jyang@redhat.com>

	build: Fix problem of building Python bindings
	If one specify "--with-python=yes" but no python-devel package
	is installed, we ignore it with just a notice message, which
	doesn't give clear guide to user.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	release PCI address only when we have ensured it successfully
	Steps to reproduce this bug:
	1. # cat net.xml # 00:03.0 has been used
	    <interface type='network'>
	      <mac address='52:54:00:04:72:f3'/>
	      <source network='default'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
	    </interface>

	2. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to reserve PCI address 0:0:3

	3. # virsh attach-device vm1 net.xml
	   error: Failed to attach device from net.xml
	   error: internal error unable to execute QEMU command 'device_add': Device 'rtl8139' could not be initialized

	The reason of this bug is that: we can not reserve PCI address 0:0:3 because it has
	been used, but we release PCI address when we reserve it failed.

2011-04-27  Hu Tao  <hutao@cn.fujitsu.com>

	free memory properly in cleanup patch
	virsh schedinfo inactive-domain will trigger the problem.

2011-04-27  Wen Congyang  <wency@cn.fujitsu.com>

	free buf->content when vsnprintf() failed
	When buf->error is 1, we do not return buf->content in the function
	virBufferContentAndReset(). So we should free buf->content when
	vsnprintf() failed.

2011-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix dynamic dispatch for CastFromAnyType functions
	This was broken by the refactoring in ac1e6586ec75. It resulted in a
	segfault for 'virsh vol-dumpxml' and related volume functions.

	Before the refactoring all users of the ESX_VI__TEMPLATE__DISPATCH
	macro dispatched on the item type, as the item is the input to all those
	functions.

	Commit ac1e6586ec75 made the dynamically dispatched CastFromAnyType
	functions use this macro too, but this functions dispatched on the
	actual type of the AnyType object. The item is the output of the
	CastFromAnyType functions.

	This difference was missed in the refactoring, making CastFromAnyType
	functions dereferencing the item pointer that is NULL at the time of
	the dispatch.

2011-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Move call to virReportOOMError into virFileBuildPath
	Suggested by Daniel P. Berrange

2011-04-26  Eric Blake  <eblake@redhat.com>

	build: use gnulib passfd for simpler SCM_RIGHTS code
	* .gnulib: Update to latest for passfd fixes.
	* bootstrap.conf (gnulib_modules): Add passfd.
	* src/util/util.c (virFileOpenAs): Simplify.

2011-04-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add flags checking in DomainCoreDump

2011-04-26  Mark Wu  <dwu@redhat.com>

	Make crash and live flags mutually exclusive in virDomainCoreDump
	They don't make any sense when used together.

2011-04-25  Guido Günther  <agx@sigxcpu.org>

	Make sure DNSMASQ_STATE_DIR exists
	otherwise the directory returned by networkDnsmasqLeaseFileName will not
	be created if ipdef->nhosts == 0 in networkBuildDnsmasqArgv.

2011-04-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix small memory leaks in config parsing related functions
	Found by 'make -C tests valgrind'.

	xen_xm.c: Dummy allocation via virDomainChrDefNew is directly
	overwritten and lost. Free 'script' in success path too.

	vmx.c: Free virtualDev_string in success path too.

	domain_conf.c: Free compression in success path too.

2011-04-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virDomainEventRebootNew
	This will be used in the ESX driver event handling.

2011-04-25  Eric Blake  <eblake@redhat.com>

	build: make VIR_FREE do some type checking
	We can exploit the fact that gcc warns about int-to-pointer conversion
	in ternary cond?(void*):(int) in order to prevent future mistakes of
	calling VIR_FREE on a scalar lvalue.  For example, between commits
	158ba873 and 802e2df, we would have had this warning:

	cc1: warnings being treated as errors
	remote.c: In function 'remoteDispatchListNetworks':
	remote.c:3684:70: error: pointer/integer type mismatch in conditional expression

	There are still a number of places that malloc into a const char*;
	while it would probably be worth scrubbing them to use char*
	instead, that is a separate patch, so we have to cast away const
	in VIR_FREE for now.

	* src/util/memory.h (VIR_FREE): Make gcc warn about integers.
	Iteratively developed from a patch by Christophe Fergeau.

2011-04-25  Eric Blake  <eblake@redhat.com>

	threads: add one-time initialization support
	mingw lacks the counterpart to PTHREAD_MUTEX_INITIALIZER, so the
	best we can do is portably expose once-only runtime initialization.

	* src/util/threads.h (virOnceControlPtr): New opaque type.
	(virOnceFunc): New callback type.
	(virOnce): New prototype.
	* src/util/threads-pthread.h (virOnceControl): Declare.
	(VIR_ONCE_CONTROL_INITIALIZER): Define.
	* src/util/threads-win32.h (virOnceControl)
	(VIR_ONCE_CONTROL_INITIALIZER): Likewise.
	* src/util/threads-pthread.c (virOnce): Implement in pthreads.
	* src/util/threads-win32.c (virOnce): Implement in WIN32.
	* src/libvirt_private.syms: Export it.

2011-04-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add a wrapper for shared CURL handles
	To be used to share a CURL handle between multiple threads in the
	upcoming domain event support.

	esx: Move CURL handling code to it's own type

2011-04-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	daemon: Don't try to free an unsigned int in error paths

	daemon: Honor error variable name change in the generator
	Commit 36b652138be renamed err to rerr, do the same in the generator.

2011-04-21  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - clean up UpdateDevice for consolidation.
	This patch strips reusable part of qemuDomainUpdateDeviceFlags()
	and consolidate it to qemuDomainModifyDeviceFlags().
	No functional changes.

	* src/qemu/qemu_driver.c
	(qemuDomainChangeDiskMediaLive) : pulled out code for updating disks.
	(qemuDomainUpdateDeviceLive) : core of UpdateDevice, extracted from
	UpdateDeviceFlags()
	(qemuDomainModifyDeviceFlags): add support for updating device in live domain.
	(qemuDomainUpdateDeviceFlags): reworked as a wrapper function of
	qemuDomainModifyDeviceFlags()

2011-04-21  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - clean up At(De)tachDeviceFlags() for consolidation.
	clean up At(De)tachDeviceFlags() for consolidation.

	qemuDomainAttachDeviceFlags()/qemuDomainDetachFlags()/
	qemuDomainUpdateDeviceFlags() has similar logics and copied codes.

	This patch series tries to unify them to use shared code when it can.
	At first, clean up At(De)tachDeviceFlags() and devide it into functions.

	By this, this patch pulls out shared components between functions.
	Based on patch series by Eric Blake, I added some modification as
	switch-case with QEMU_DEVICE_ATTACH, QEMU_DEVICE_DETACH, QEMU_DEVICE_UPDATE

	* src/qemu/qemu_driver.c
	(qemuDomainAt(De)tachDeviceFlags) : pulled out to qemuDomainModifyDeviceFlags()
	(qemuDomainModifyDeviceFlags) : implements generic code for modifying domain.
	(qemuDomainAt(De)tachDeviceFlagsLive) : code for at(de)taching devices to
	domain in line. no changes in logic from old code.
	(qemuDomainAt(De)tachDeviceDiskLive) : for at(de)taching Disks.
	(qemuDomainAt(De)tachDeviceControllerLive) : for at(de)taching Controllers

2011-04-21  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	libvirt/qemu - Centralize device modification in the more flexible APIs
	Centralize device modification in the more flexible APIs, to allow future
	honoring of additional flags.  Explicitly reject the
	VIR_DOMAIN_DEVICE_MODIFY_FORCE flag on attach/detach.

	Based on Eric Blake<eblake@redhat.com>'s work.

	* src/qemu/qemu_driver.c
	(qemudDomainAttachDevice)(qemudDomainAttachDeviceFlags): Swap bodies,rename...
	(qemudDomainDetachDevice, qemudDomainDetachDeviceFlags): Likewise.

2011-04-21  Michal Privoznik  <mprivozn@redhat.com>

	Add support for s390(x) cpu options parsing
	Up to now we missed parser for cpuinfo on x390(x) machines. Those machines
	have only 1 thread, core, socket. What is missing is information about
	CPU frequency.

2011-04-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU tunnelled migration FD handling
	The two ends of the pipe used for feeding QEMU tunnelled
	migration data were interchanged, so QEMU got given the
	"write" end instead of the "read" end.

	The qemuMigrationPrepareTunnel method was also immediately
	closing the "write" end of the pipe, so the stream failed
	to actually write anything.

	* src/qemu/qemu_migration.c: Swap tunnelled migration
	  pipe FDs & don't close pipe given to stream

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix 32-bit test failure
	ARRAY_CARDINALITY is typed as size_t, not long; this matters on 32-bit
	platforms:

	hashtest.c: In function 'testHashRemoveForEach':
	hashtest.c:114: error: format '%lu' expects type 'long unsigned int', but argument 4 has type 'unsigned int' [-Wformat]

	* tests/hashtest.c (testHashRemoveForEach): Use correct format.

2011-04-21  Jiri Denemark  <jdenemar@redhat.com>

	Remove artificial minimum limit for guest memory
	Remove the artificial minimum of 4096 KB for guest memory. It's drivers'
	job to set the limit if needed.

2011-04-21  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding reboot domain function
	Adding reboot <domain> function for pHyp driver.

2011-04-21  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check failure
	* .mailmap: Add an alias for last commit.

2011-04-20  Wen Congyang  <wency cn fujitsu com>

	fix tunnelled migration's regression
	If the migrateFrom is "stdio" not "stdin", qemuBuildCommandLine()
	will convert it to exec:cat or fd:n.

2011-04-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: no support for direct type of interface
	Ebtables filtering doesn't work on macvtap device. Remove support for direct type of interface.

2011-04-19  Eric Blake  <eblake@redhat.com>

	virsh: nuke use of TRUE and FALSE
	Gnulib already guarantees <stdbool.h>, so it is easier to just
	use the standardized spellings.

	* tools/virsh.c (vshCmdDef): Change callback to return real bool.
	(__vshControl): Change several fields to bool.
	(vshCommandOptBool): Change return type.
	All callers updated.
	* tools/Makefile.am (virsh-net-edit.c, virsh-pool-edit.c):
	Likewise.

2011-04-19  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix the check of virDomainObjUnref()'s return value
	If vm is unlocked in virDomainObjUnref(), the return value is 0, not less
	than 0.

2011-04-18  Markus Groß  <gross@univention.de>

	Add cputune support to libxl driver
	Here is a new version of this patch:
	https://www.redhat.com/archives/libvir-list/2011-April/msg00337.html

	v2:
	  - store the cputune info for the whole runtime of the domain
	  - remove cputune info when domain is destroyed

	The nodeGetInfo code had to be moved into a helper
	function to reuse it without a virConnectPtr.

2011-04-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update and sort msg_gen_function list and mark unmarked messages
	Inspired by Eric Blake

2011-04-18  Eric Blake  <eblake@redhat.com>

	phyp: another simplification
	Rather than copying and pasting lots of code, factor it into a
	single helper function.

	This commit adds a warning if tighter integer parsing would fail
	due to any stray bytes after the number, but should not change
	any behavior other than the bug fix for phypNumDomainsGeneric
	looking only at numeric lines.

	* src/phyp/phyp_driver.c (phypExecInt): New function.
	(phypGetVIOSPartitionID, phypNumDomainsGeneric, phypGetLparID)
	(phypGetLparMem, phypGetLparCPUGeneric, phypGetRemoteSlot)
	(phypGetVIOSNextSlotNumber, phypAttachDevice)
	(phypGetStoragePoolSize, phypStoragePoolNumOfVolumes)
	(phypNumOfStoragePools, phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypNumOfInterfaces): Use it.
	(phypNumDomainsGeneric): Correctly find numeric line.

2011-04-18  Eric Blake  <eblake@redhat.com>

	maint: ignore built file
	* .gitignore: Add exemption for hashtest.

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	build: fix qemu build failure in previous patch
	This last minute addition caused a build failure

	cc1: warnings being treated as errors
	qemu/qemu_process.c: In function 'qemuProcessHandleWatchdog':
	qemu/qemu_process.c:436:34: error: ignoring return value of 'virDomainObjUnref', declared with attribute warn_unused_result [-Wunused-result]
	make[3]: *** [libvirt_driver_qemu_la-qemu_process.lo] Error 1

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	Change some variable names to follow standard in daemon dispatcher
	Replace some occurrances of

	  virDomainPtr domain;
	  virNetworkPtr network;

	With

	  virDomainPtr dom;
	  virNetworkPtr net;

	* daemon/remote.c: Fix variable naming to follow standard

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	Write error check conditionals in more compact form for dispatcher
	Replace cases of

	     type = virConnectGetType(conn);
	     if (type == NULL)
	         goto cleanup;

	With

	     if (!(type = virConnectGetType(conn)))
	         goto cleanup;

	* daemon/remote.c: Write error checks in compat form

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove curly braces on all single-line conditional jumps in dispatcher
	Replace all occurrances of

	   if (....) {
	      goto cleanup;
	   }

	With

	   if (.....)
	      goto cleanup;

	to save one line of code

	* daemon/remote.c: Remove curly braces on single line conditionals

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix checking of return codes in dispatcher
	The libvirt APIs reserve any negative value for indicating an
	error. Thus checks

	    if (virXXXX() == -1)

	Should instead be

	    if (virXXXX() < 0)

	* daemon/remote.c: s/ == -1/ < 0/

2011-04-18  Daniel P. Berrange  <berrange@redhat.com>

	Merge all returns paths from dispatcher into single path
	The dispatcher functions have numerous places where they
	return to the caller. This leads to duplicated cleanup
	code, often resulting in memory leaks. It makes it harder
	to ensure that errors are dispatched before freeing objects,
	which may overwrite the original error.

	The standard pattern is now

	    remoteDispatchXXX(...) {
	        int rv = -1;

	        ....
	        if (XXX < 0)
	          goto cleanup;
	        ...
	        if (XXXX < 0)
	          goto cleanup;
	        ...

	        rv = 0;
	    cleanup:
	        if (rv < 0)
	           remoteDispatchError(rerr);
	        ...free all other stuff..
	        return rv;
	    }

	* daemon/remote.c: Centralize all cleanup paths
	* daemon/stream.c: s/remoteDispatchConnError/remoteDispatchError/
	* daemon/dispatch.c, daemon/dispatch.h: Replace
	  remoteDispatchConnError with remoteDispatchError
	  removing unused virConnectPtr

2011-04-18  Alan Pevec  <apevec@redhat.com>

	Experimental libvirtd upstart job
	To install it, disable libvirtd sysv initscript:
	    chkconfig libvirtd off
	    service libvirtd stop

	and enable libvirtd upstart job:
	    cp  /usr/share/doc/libvirt-*/libvirtd.upstart \
	        /etc/init/libvirtd.conf
	    initctl reload-configuration
	    initctl start libvirtd

	Test:
	    initctl status libvirtd
	libvirtd start/running, process 3929
	    killall -9 libvirtd
	    initctl status libvirtd
	libvirtd start/running, process 4047

	I looked into the possibility to use the upstart script from Ubuntu or
	at least getting inspiration from it but that's not possible. "expect
	daemon" is a nice thing but it only works if the process is defined with
	exec stanza instead of script ... no script. Unfortunately, with exec
	stanza environment variables can only be set within upstart script
	(i.e., configuration in /etc/sysconfig/libvirtd can't work). Hence, we
	need to use script stanza, source sysconfig, and execute libvirtd
	without --daemon. For similar reasons we can't use limit stanza and need
	to handle DAEMON_COREFILE_LIMIT in job's script.

2011-04-18  Wen Congyang  <wency@cn.fujitsu.com>

	enhance processWatchdogEvent()
	This patch does the following two things:
	1. hold an extra reference while handling watchdog event
	   If the domain is not persistent, and qemu quits unexpectedly before
	   calling processWatchdogEvent(), vm will be freed and the function
	   processWatchdogEvent() will be dangerous.

	2. unlock qemu driver and vm before returning from processWatchdogEvent()
	   When the function processWatchdogEvent() failed, we only free wdEvent,
	   but forget to unlock qemu driver and vm, free dumpfile.

2011-04-18  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: avoid qemu_driver being unlocked twice when virThreadPoolNew() failed
	We do not lock qemu_driver when calling virThreadPoolNew(). If it failed,
	we will unlock qemu_driver. It is dangerous.

	We may use this pool during auto starting domains. So we must create it before
	calling qemuAutostartDomains(). Otherwise, libvirtd will crash.

2011-04-17  Richard Laager  <rlaager@wiktel.com>

	Fix two out-of-date comments in LVM backend

2011-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Replace statsErrorFunc with a macro
	Also mark error messages in block_stats.c for translation, add the
	new macro to the msg_gen functions in cfg.mk and add block_stats.c
	to po/POTFILES.in

	Remove virConnectPtr from virRaiseErrorFull
	And from all related macros and functions.

2011-04-16  Jiri Denemark  <jdenemar@redhat.com>

	tests: Unit tests for internal hash APIs
	This is a basic set of tests for testing removals of hash entries during
	iteration.

2011-04-16  Wen Congyang  <wency@cn.fujitsu.com>

	build: include esx_vi.generated.* into dist file
	commit d4601696 introduces two more generated files: esx_vi.generated.h
	and esx_vi.generated.h. But we do not include them into dist file.
	It will break building if using dist file to build.

2011-04-16  Eric Blake  <eblake@redhat.com>

	tests: test recent virsh option parsing changes
	* tests/virsh-optparse: New file.
	* tests/Makefile.am (test_scripts): Use it.

2011-04-16  Eric Blake  <eblake@redhat.com>

	virsh: fix regression in parsing optional integer
	Regression introduced in 0.8.5, commit c1564268.  The command
	'virsh freecell 0' quit working when it changed from an optional
	string to an optional integer.

	This patch introduces a slight change that specifying an option
	twice is now detected as an error.  It also changes things so
	that a command that has more than 1 required option will not
	complain about missing options if one but not all of the options
	were given in long format, as in 'virsh vol-create --pool p file',
	as well as making positional parsing work for all optional
	options (each positional argument is associated with the earliest
	option that has not yet been seen by name).

	Optional boolean options can appear before required argument
	options, because they don't affect positional argument parsing,
	and obviously a required boolean option makes no sense.

	Technically, this patch renders VSH_OT_STRING and VSH_OT_DATA
	redundant; but cleaning that up can be a separate patch.

	No command should ever need more than 32 options, right? :)

	* tools/virsh.c (vshCmddefGetData, vshCmddefGetOption)
	(vshCommandCheckOpts): Alter parameters to use bitmaps.
	(vshCmddefOptParse): New function.
	(vshCommandParse): Update for better handling of positional
	arguments.
	(vshCmddefHelp): Allow unit tests to validate options.

2011-04-15  Eric Blake  <eblake@redhat.com>

	virsh: list required options first
	The current state of virsh parsing is that:

	$ virsh vol-info /path/to/image
	$ virsh vol-info --pool default /path/to/image
	$ virsh vol-info --pool default --vol /path/to/image

	all lookup the volume by path (technically, the last two also attempt
	a name lookup within a pool, whereas the first skips that step, but
	the end result is the same); meanwhile:

	$ virsh vol-info default /path/to/image

	complains about unexpected data.  Why?  Because the --pool option is
	optional, so default was parsed as the --vol argument, and
	/path/to/image.img doesn't match up with any remaining options that
	require an argument.  For proof, note that:

	$ virsh vol-info default --vol /path/to/image

	complains about looking up 'default' - the parser mis-associated both
	arguments with --vol.  Given the above, the only way to specify pool
	is with an explicit "--pool" argument (you can't specify it
	positionally).  However, named arguments can appear in any order, so:

	$ virsh vol-info /path/to/image --pool default
	$ virsh vol-info --vol /path/to/image --pool default

	have also always worked.  Therefore, this patch has no functional
	change on vol-info option parsing, but only on 'virsh help vol-info'
	synopsis layout.  However, it also allows the next patch to 1) enforce
	that required options are always first (without this patch, the next
	patch would fail the testsuite), and 2) allow the user to omit the
	"--pool" argument.  That is, the next patch makes it possible to do:

	$ virsh vol-info /path/to/image default

	which to date was not possible.

	* tools/virsh.c (opts_vol_create_from, opts_vol_clone)
	(opts_vol_upload, opts_vol_download, opts_vol_delete)
	(opts_vol_wipe, opts_vol_info, opts_vol_dumpxml, opts_vol_key)
	(opts_vol_path): List optional pool parameter after required
	arguments.

2011-04-15  Eric Blake  <eblake@redhat.com>

	phyp: avoid memory leaks in command values
	* src/phyp/phyp_driver.c (phypExecBuffer): New function. Use it
	throughout file for less code, and for plugging a few leaks.

2011-04-15  Eric Blake  <eblake@redhat.com>

	phyp: use consistent return string handling
	Use the name 'ret' for all phypExec results, to make it easier
	to wrap phypExec.  Don't allow a possibly NULL ret through printf.

	* src/phyp/phyp_driver.c (phypBuildVolume, phypDestroyStoragePool)
	(phypBuildStoragePool, phypBuildLpar): Avoid NULL dereference.
	(phypInterfaceDestroy): Avoid redundant free.
	(phypVolumeLookupByPath, phypVolumeGetPath): Use consistent
	naming.

2011-04-15  Eric Blake  <eblake@redhat.com>

	phyp: prefer memcpy over memmove when legal
	* src/phyp/phyp_driver.c (phypUUIDTable_AddLpar)
	(phypGetLparUUID, phypGetStoragePoolUUID, phypVolumeGetXMLDesc)
	(phypGetStoragePoolXMLDesc): Use faster method.

	phyp: use consistent style for labels
	* src/phyp/phyp_driver.c: Match label style of rest of project.
	(phypExec, phypUUIDTable_Pull): Drop an extra label.

	phyp: more return handling cleanup
	* src/phyp/phyp_driver.c (phypInterfaceDestroy)
	(phypInterfaceDefineXML, phypInterfaceLookupByName)
	(phypInterfaceIsActive, phypListInterfaces, phypNumOfInterfaces):
	Clean up return handling of recent additions.

	phyp: avoid memory leak on failure
	* src/phyp/phyp_driver.c (phypUUIDTable_Init): Avoid memory leak
	on error.

2011-04-15  Eric Blake  <eblake@redhat.com>

	phyp: avoid a logic bug
	Ever since commit ebc46f, the destroy function built two command
	variants but only used one.  I went with the variant that matches
	the idiom used in the counterpart of phypBuildStoragePool.

	* src/phyp/phyp_driver.c (phypDestroyStoragePool): Avoid
	clobbering cmd.  Fix error message typo.

2011-04-15  Eric Blake  <eblake@redhat.com>

	maint: use lighter-weight function for straight appends
	It costs quite a few processor cycles to go through printf parsing
	just to determine that we only meant to append.

	* src/xen/xend_internal.c (xend_op_ext): Consolidate multiple
	printfs into one.
	* src/qemu/qemu_command.c (qemuBuildWatchdogDevStr)
	(qemuBuildUSBInputDevStr, qemuBuildSoundDevStr)
	(qemuBuildSoundCodecStr, qemuBuildVideoDevStr): Likewise.
	(qemuBuildCpuArgStr, qemuBuildCommandLine): Prefer virBufferAdd
	over virBufferVsprintf for trivial appends.
	* src/phyp/phyp_driver.c (phypExec, phypUUIDTable_Push)
	(phypUUIDTable_Pull): Likewise.
	* src/conf/nwfilter_conf.c (macProtocolIDFormatter)
	(arpOpcodeFormatter, formatIPProtocolID, printStringItems)
	(virNWFilterPrintStateMatchFlags, virNWIPAddressFormat)
	(virNWFilterDefFormat): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/util/sexpr.c (sexpr2string): Likewise.
	* src/xenxs/xen_sxpr.c (xenFormatSxprChr): Likewise.
	* src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.

2011-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix gcc 4.6 warning about initialized but unused variables
	This warnings come from partly generated code. Therefore, the best
	solution is to mark them as potentially being unused using the
	ATTRIBUTE_UNUSED macro. This is suggested by the gcc documentation.

	Reported by Christophe Fergeau

2011-04-15  Alexander Todorov  <atodorov@otb.bg>

	libvirt-guests: implement START_DELAY
	Allow libvirt-guests to stage a delay between guest startups,
	to avoid system load caused by back-to-back startup.

2011-04-14  Eric Blake  <eblake@redhat.com>

	maint: silence cppi warnings
	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Fix indentation of
	last patch.

2011-04-14  Laine Stump  <laine@laine.org>

	network: truncate bridges' dummy tap device names to IFNAMSIZ (15) chars
	This patch addresses:

	   https://bugzilla.redhat.com/show_bug.cgi?id=694382

	In order to give each libvirt-created bridge a fixed MAC address,
	commit 5754dbd56d4738112a86776c09e810e32f7c3224, added code to create
	a dummy tap device with guaranteed lowest MAC address and attach it to
	the bridge. This tap device was given the name "${bridgename}-nic".
	However, an interface device name must be IFNAMSIZ (15) characters or
	less, so a valid ${bridgename} such as "verylongname123" (15
	characters) would lead to an invalid tap device name
	("verylongname123-nic" - 19 characters), and that in turn led to a
	failure to bring up the network.

	The solution is to shorten the part of the original name used to
	generate the tap device name. However, simply truncating it is
	insufficient, because the last few characters of an interface name are
	often a number used to indicate one of a list of several similar
	devices (for example, "verylongname123", "verylongname124", etc) and
	simple truncation would lead to duplicate names (eg "verlongnam-nic"
	and "verylongnam-nic"). So instead we take the first 8 characters of
	$bridgename ("verylong" in the example), add on the final 3 bytes
	("123"), then add "-nic" (so "verylong123-nic").  Not pretty, but it
	is much more likely to generate a unique name, and is reproducible
	(unlike, say, a random number).

2011-04-14  Stefan Berger  <stefanb@us.ibm.com>

	ppc: Enable starting of Qemu VMs on ppc host
	Due to differences in /proc/cpuinfo the parsing of the cpu data is
	different between architectures. On PPC /proc/cpuinfo looks like this:

	[original formatting with tabs]

	processor    : 0
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)

	processor    : 1
	cpu          : PPC970MP, altivec supported
	clock        : 2297.700000MHz
	revision     : 1.1 (pvr 0044 0101)

	[..]

	timebase     : 14318000
	platform     : pSeries
	model        : IBM,8844-AC1
	machine      : CHRP IBM,8844-AC1

	The patch adapts the parsing of the data found in /proc/cpuinfo.

	/sys/devices/system/cpu/cpuX/topology/physical_package_id also
	always returns -1. Check for it on ppc and make it '0' if found negative.

2011-04-14  Stefan Berger  <stefanb@us.ibm.com>

	Migrate VMs between different-endianess hosts
	This patch enables the migration of Qemu VMs between hosts of different endianess. I tested this by migrating a i686 VM between a x86 and ppc64 host.

	I am converting the 'int's in the VM's state header to uint32_t assuming this doesn't break compatibility with existing deployments other than Linux.

2011-04-14  Christophe Fergeau  <cfergeau@redhat.com>

	Fix gcc 4.6 warnings in vbox_tmpl.c

2011-04-14  Christophe Fergeau  <cfergeau@redhat.com>

	Fix gcc 4.6 warnings
	gcc 4.6 warns when a variable is initialized but isn't used afterwards:

	vmware/vmware_driver.c:449:18: warning: variable 'vmxPath' set but not used [-Wunused-but-set-variable]

	This patch fixes these warnings. There are still 2 offending files:

	- vbox_tmpl.c: the variable is used inside an #ifdef and is assigned several
	  times outside of #ifdef. Fixing the warning would have required wrapping
	  all the assignment inside #ifdef which hurts readability.

	vbox/vbox_tmpl.c: In function 'vboxAttachDrives':
	vbox/vbox_tmpl.c:3918:22: warning: variable 'accessMode' set but not used [-Wunused-but-set-variable]

	- esx_vi_types.generated.c: the name implies it's generated code and I
	  didn't want to dive into the code generator

	esx/esx_vi_types.generated.c: In function 'esxVI_FileQueryFlags_Free':
	esx/esx_vi_types.generated.c:1203:3: warning: variable 'item' set but not used [-Wunused-but-set-variable]

2011-04-14  Michal Novotny  <minovotn@redhat.com>

	Introduce virDomainChrDefNew()
	Make: passed
	Make check: passed
	Make syntax-check: passed

	this is the commit to introduce the function to create new character
	device definition for the domain as advised by Cole Robinson
	<crobinso@redhat.com>.

	The function is used on the relevant places and also new tests has
	been added.

2011-04-14  Michal Privoznik  <mprivozn@redhat.com>

	Spice: support audio, images and stream compression
	This extends the SPICE XML to allow variable compression settings for audio,
	images and streaming:
	    <graphics type='spice' port='5901' tlsPort='-1' autoport='yes'>
	        <image compression='auto_glz'/>
	        <jpeg compression='auto'/>
	        <zlib compression='auto'/>
	        <playback compression='on'/>
	    </graphics>

	All new elements are optional.

2011-04-14  Hu Tao  <hutao@cn.fujitsu.com>

	free cpumask of vcpupinDef
	cpumask doesn't get freed when vcpupinDef being freed, this leaks
	memory.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the parsed URI part of the private connection data
	This will be used to make esxVI_Context clonable.

	Also move cleanup code for esxPrivate to esxFreePrivate().

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Mark error message in macros for translation

	esx: Extend VI generator to cover managed object types
	Generate lookup functions for managed object types.

	esx: Cleanup and refactor CastFromAnyType macros
	Add CastFromAnyType functions for the String type.

	esx: Cleanup VI generator code

2011-04-14  Michal Privoznik  <mprivozn@redhat.com>

	network: Fix NULL dereference during error recovery
	This fixes: https://bugzilla.redhat.com/show_bug.cgi?id=696660

	While starting a network, if brSetForwardDelay() fails, we go to err1
	where we want to access macTapIfName variable which was just
	VIR_FREE'd a few lines above. Instead, keep macTapIfName until we are
	certain of success.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Serial and parallel device target ports actually start from 0
	Reported by Igor Galić

2011-04-14  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for QEMU domain state in tunables APIs
	The methods qemuDomain{Get,Set}{Memory,Blkio,Scheduler}Parameters
	all forgot to do a check on virDomainIsActive(), resulting in bogus
	error messages from later parts of their impl

	* src/qemu/qemu_driver.c: Add missing checks on virDomainIsActive()

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Fix too small buffer allocation in phypAttachDevice
	sizeof(domain->name) is the wrong thing. Instead of using strdup here
	rewrite escape_specialcharacters to allocate the buffer itself.

	Add a contains_specialcharacters to be used in phypOpen, as phypOpen is
	not interested in the escaped version.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Don't overwrite error from virDomainDeviceDefParse by OOM error

	phyp: Don't try to use a string from a failed virAsprintf

	phyp: Reduce code duplication in error and success paths
	Also fix memory leaks along the way in phypCreateServerSCSIAdapter and
	phypAttachDevice.

2011-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Remove stack allocating a 4kb volume key and fix related memory leaks
	Don't pre-allocate 4kb per key, make phypVolumeGetKey allocate the memory.

	Make phypBuildVolume return the volume key instead of using pre-allocated
	memory to store it.

	Also fix a memory leak in phypVolumeLookupByName when phypVolumeGetKey
	fails. Fix another memory leak in phypVolumeLookupByPath in the success
	path. Fix phypVolumeGetXMLDesc leaking voldef.key.

2011-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove C99 variable declare in PHYP network driver
	Move the virInterfacePtr declaration to the top of the
	function to avoid jump uninitialized variable warnings

	* src/phyp/phyp_driver.c: Fix var declaration

2011-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Replace REMOTE_DEBUG with VIR_DEBUG in daemon dispatcher
	The daemon dispatcher code had an obsolete macro

	  #define REMOTE_DEBUG(fmt, ...) VIR_DEBUG(fmt, __VA_ARGS__)

	This can be trivially removed

	* daemon/remote.c: s/REMOTE_DEBUG/VIR_DEBUG/

2011-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Add missing checks for whether the connection is open in dispatcher
	Many functions did not check for whether a connection was
	open. Replace the macro which obscures control flow, with
	explicit checks, and ensure all dispatcher code has checks.

	* daemon/remote.c: Add connection checks

2011-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Standard on error variable name in libvirtd dispatcher
	Some dispatcher methods have a parameter

	            remote_error *err,

	Instead of the more normal

	            remote_error *rerr,

	* daemon/remote.c: s/err/rerr/

2011-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove all whitespace before function brackets in daemon dispatcher
	A lot of code in libvirtd's dispatcher used the style

	    dom = get_nonnull_domain (conn, args->dom);

	Instead of the normal libvirt style

	    dom = get_nonnull_domain(conn, args->dom);

	* daemon/remote.c: Remove all whitelist before function brackets

2011-04-13  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Adding network interface
	This is the implementation of the previous patch now using virInterface*
	API. Ended up this patch got much more simpler, smaller and easier to
	review. Here is some details:

	  * MAC size and interface name are fixed due to specifications on HMC,
	    both are created automatically and CAN'T be specified from user. They
	    have the following format:

	     * MAC: 122980003002
	     * Interface name: U9124.720.067BE8B-V3-C0

	  * I did replaced all the |grep|sed following the comments Eric Blake
	    did on the last patch.

	  * According to my last email, It's not possible to create a network
	    interface without assigning it to a specific lpar. Then, I am using
	    this very minimalistic XML file for testing:

	     <interface type='ethernet' name='LPAR01'>
	     </interface>

	    In this file I am using "name" as the lpar name which I am going to
	    assign the new network interface. I couldn't find a better way to
	    refer to it. Comments are welcome.

	  * Regarding the fact I am sleeping one second waiting for the HMC to
	    complete creation of the interface, I don't have means to check
	    if the whole process is done. All I do is execute a command, wait
	    until is complete (which is not enough in this case) check
	    the return and the exit status. The process of actually creating
	    a networking interface seems to take a little longer than just the
	    return of the ssh control.

2011-04-13  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fix a dead-lock problem
	In qemuDomainObjBeginJobWithDriver, when virCondWaitUntil timeouts,
	the function tries to call qemuDriverLock with virDomainObj locked,
	this causes the dead-lock problem. This patch fixes this.

2011-04-12  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix crash when removing entries during hash iteration
	Commit 9677cd33eea4c65d78ba463b46b8b45ed2da1709 made it possible to
	remove current entry when iterating through all hash entries. However,
	it didn't properly handle a special case of removing first entry
	assigned to a given key which contains several entries in its collision
	list.

2011-04-12  Michal Privoznik  <mprivozn@redhat.com>

	Fix possible infinite loop in remote driver
	When we take out completed calls from queue we might end up
	in circular pointer. We don't want pointer to previous item
	point to element taken out.

2011-04-12  Eric Blake  <eblake@redhat.com>

	maint: fix grammar errors
	Jim Meyering recently improved gnulib to catch various grammar
	errors during 'make syntax-check'.

	* .gnulib: Update to latest, for syntax-check improvements.
	* include/libvirt/libvirt.h.in (virConnectAuthCallbackPtr): Use
	cannot rather than two words.
	* src/driver.c: Likewise.
	* src/driver.h (VIR_SECRET_GET_VALUE_INTERNAL_CALL): Likewise.
	* src/remote/remote_driver.c (initialize_gnutls): Likewise.
	* src/util/pci.c (pciBindDeviceToStub): Likewise.
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg):
	Likewise.
	(virStorageBackendUpdateVolTargetInfoFD): Avoid doubled word.
	* docs/formatdomain.html.in: Likewise.
	* src/qemu/qemu_process.c (qemuProcessStart): Likewise.
	* cfg.mk (exclude_file_name_regexp--sc_prohibit_can_not)
	(exclude_file_name_regexp--sc_prohibit_doubled_word): Exclude
	existing translation problems.

2011-04-11  Eric Blake  <eblake@redhat.com>

	docs: document freecell --all
	Based on a smaller patch developed by Moritoshi Oshiro:
	https://bugzilla.redhat.com/show_bug.cgi?id=693963

	* tools/virsh.pod (freecell): Mention all, and clarify that
	optional cellno requires --cellno.

2011-04-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Remove PATH_MAX sized stack allocation from block stats code

2011-04-09  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: add the new options to "virsh setmaxmem" command
	This patch adds the new options (--live, --config, and --current) to
	"virsh setmaxmem" command. The behavior of above options is the same
	as that of "virsh setmem".  When the --config option is specified, a
	modification is effective for the persistent domain, while the --live
	option is specified, a modification is effective for an active
	domain. The --current option is specified, it affects a current
	domain.

	maxmem: implement virDomainSetMaxMemory API of the qemu driver
	This patch implements the code to support virDomainSetMaxMemory API,
	and to support VIR_DOMAIN_MEM_MAXIMUM flag in qemudDomainSetMemoryFlags function.
	As a result, we can change the maximum memory size of inactive QEMU guests.

	maxmem: introduces VIR_DOMAIN_MEM_MAXIMUM flag
	This patch introduces VIR_DOMAIN_MEM_MAXIMUM flag.

2011-04-09  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	docs: remove "returns" word from beginning of lines
	Move "returns" keyword from beginning of API doc lines
	when it does not describe return values.
	Maybe the API doc extractor could be changed to look for
	"returns: " to avoid such confusion.

2011-04-08  Eric Blake  <eblake@redhat.com>

	build: really fix mingw startup
	Aargh; commit 8ae5dfd still didn't fix the mingw problem, because
	gnulib defined O_NONBLOCK to 0 for just mingw.  I've now fixed
	that in gnulib, but we need the latest pipe2 for libvirt to work.

	* .gnulib: Update to latest, for pipe2 fixes.

2011-04-08  Eric Blake  <eblake@redhat.com>

	build: fix mingw build
	Commit 02c39a2 introduced a mingw build regression, due to a
	regression in gnulib's areadlink module:

	../../../gnulib/lib/careadlinkat.c: In function 'careadlinkat':
	../../../gnulib/lib/careadlinkat.c:143:39: error: 'const struct allocator' has no member named 'malloc'

	* .gnulib: Update to latest, for careadlinkat fix.

2011-04-08  Eric Blake  <eblake@redhat.com>

	docs: tweak virsh restore warning
	* tools/virsh.pod: Fix grammar, and clarify wording.
	* src/qemu/qemu_driver.c (qemudDomainObjStart): Drop redundant
	condition.

2011-04-08  Wen Congyang  <wency@cn.fujitsu.com>

	do not build libvirt_iohelper when building without libvirtd
	The libexec program libvirt_iohelper is only for libvirtd. If we build rpm
	without libvirtd, we will receive the following messages:

	Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/wency/rpmbuild/BUILDROOT/libvirt-0.9.0-1.el6.x86_64
	error: Installed (but unpackaged) file(s) found:
	   /usr/libexec/libvirt_iohelper

2011-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilters: support for TCP flags evaluation
	This patch adds support for the evaluation of TCP flags in nwfilters.

	It adds documentation to the web page and extends the tests as well.
	Also, the nwfilter schema is extended.

	The following are some example for rules using the tcp flags:

	<rule action='accept' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL' dsptportstart='80'/>
	</rule>
	<rule action='drop' direction='in'>
	    <tcp state='NONE' flags='SYN/ALL'/>
	</rule>

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add --current option to virsh setmem command
	This patch adds the new option (--current) to the "virsh setmem" command.
	When --current option is specified, it affects a "current" domain.
	The word "current" denotes that if a domain is running, it affects
	a running domain only; otherwise it affects a persistent domain.

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add VIR_DOMAIN_MEM_CURRENT support to qemu
	This patch adds virDomainSetMemoryFlags(,,VIR_DOMAIN_MEM_CURRENT) support
	code to qemu driver.

	Also, change virDomainObjIsActive to return bool, given its usage.

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: introduce VIR_DOMAIN_MEM_CURRENT flag
	This patch introduces VIR_DOMAIN_MEM_CURRENT flag and
	modifies virDomainSetMemoryFlags function to support it.

2011-04-08  Jim Fehlig  <jfehlig@novell.com>

	build: Install libxenlight log dir
	Add $localstatedir/log/libvirt/libxl when building libxenlight driver

2011-04-08  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmaxmem: remove the code to invoke virDomainSetMemory in cmdSetmaxmem
	When the new maximum memory size becomes less than the current memory size,
	I think it is not the libvirt client but the each driver that decides the behavior
	(reject the operation or shrink the current memory size).

2011-04-07  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw startup
	* .gnulib: Update to latest, for pipe2.
	* bootstrap.conf (gnulib_modules): Add pipe2.
	* src/util/event_poll.c (virEventPollInit): Use it, to avoid
	problematic virSetCloseExec on mingw.

2011-04-07  Eric Blake  <eblake@redhat.com>

	build: fix gitignore sorting
	Make it so we don't have to 'git add -f' particular files like
	po/POTFILES.in all the time (tested by fixing one of our
	special-case files as part of the patch).

	* .gnulib: Update to latest.
	* bootstrap: Resync from coreutils.
	* .gitignore: Sort whitelist entries correctly, including ignoring
	files rather than directories.
	* m4/virt-compile-warnings.m4: Convert tabs to space.

2011-04-07  Laine Stump  <laine@laine.org>

	docs: add an IPv6 address to network XML examples
	It was just pointed out that, although I added documentation for the
	IPv6 additions to the network XML, I neglected to use those additions
	in the examples. This patch adds an IPv6 address to each of the
	examples except for the "default" network, since that is a faithful
	reproduction of the default network config that's automatically
	installed, which doesn't include any IPv6 address (for good reason -
	because there is no such thing as IPv6 NAT, there is no one IPv6
	address that would work for all installations).

2011-04-07  Markus Groß  <gross@univention.de>

	Add domainSet/GetSchedulerParameters to libxl driver
	Libxenlight currently only supports the credit scheduler.
	Therefore setting or getting a parameter of other
	schedulers raise an error (for now).

2011-04-07  Osier Yang  <jyang@redhat.com>

	qemu: Remove the managed state file only if restoring succeeded
	1) Both "qemuDomainStartWithFlags" and "qemuAutostartDomain" try to
	restore the domain from managedsave'ed image if it exists (by
	invoking "qemuDomainObjRestore"), but it unlinks the image even
	if restoring fails, which causes data loss. (This problem exists
	for "virsh managedsave dom; virsh start dom").

	The fix for is to unlink the managed state file only if restoring
	succeeded.

	2) For "virsh save dom; virsh restore dom;", it can cause data
	corruption if one reuse the saved state file for restoring. Add
	doc to tell user about it.

	3) In "qemuDomainObjStart", if "managed_save" is NULL, we shouldn't
	fallback to start the domain, skipping it to cleanup as a incidental
	fix. Discovered by Eric.

2011-04-07  Wen Congyang  <wency@cn.fujitsu.com>

	reattach pci devices when qemuPrepareHostdevPCIDevices() failed
	Reattach all pci devices that we detached when qemuPrepareHostdevPCIDevices()
	failed.

	reattach pci device when pciBindDeviceToStub() failed
	We should bind pci device to original driver when pciBindDeviceToStub() failed.
	If the pci device is not bound to any driver before calling pciBindDeviceToStub(),
	we should only unbind it from pci-stub. If it is bound to pci-stub, we should not
	unbind it from pci-stub.

	rename pciUnBindDeviceFromStub() to pciUnbindDeviceFromStub() and float it up
	This patch do the following things:
	1. rename the function as 'Unbind' is better than 'UnBind'.
	2. pciUnbindDeviceFromStub() will be used in the function pciBindDeviceToStub() in
	   next patch. Float it up, instead of having to have a forward declaration

	remove devices from driver->activePciHostdevs when qemuPrepareHostdevPCIDevices() failed
	We should not mark pci devices as active when qemuPrepareHostdevPCIDevices()
	failed.

	pci: avoid invalid free, init path to NULL
	This bug was introduce by commit 57162db8, and it will cause libvirtd crashed.

2011-04-07  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	In file included from util/threads.c:31:
	util/threads-pthread.c: In function 'virThreadSelfID':
	util/threads-pthread.c:214: warning: cast from function call of type 'pthread_t' to non-matching type 'int' [-Wbad-function-cast]

	* src/util/threads-pthread.c (virThreadSelfID) [!SYS_gettid]:
	Add intermediate cast to silence gcc.

2011-04-06  Markus Groß  <gross@univention.de>

	Add domainIsUpdated to libxl driver

2011-04-06  Jim Fehlig  <jfehlig@novell.com>

	Fix build for older gcc
	With gcc 4.3.4 I'm seeing the following warning failure

	cc1: warnings being treated as errors
	cc1: error: -funit-at-a-time is required for inlining of functions
	that are only called once [-Wdisabled-optimization]

	Add -funit-at-a-time to WARN_CFLAGS.

2011-04-06  Serge Hallyn  <serge.hallyn@canonical.com>

	Change locking for udev monitor and callbacks
	We're seeing bugs apparently resulting from thread unsafety of
	libpciaccess, such as
	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/726099
	To prevent those, as suggested by danpb on irc, move the
	nodeDeviceLock(driverState) higher into the callers.  In
	particular:

	  udevDeviceMonitorStartup should hold the lock while calling
	  udevEnumerateDevices(), and udevEventHandleCallback should hold it
	  over its entire execution.

	It's not clear to me whether it is ok to hold the
	nodeDeviceLock while taking the virNodeDeviceObjLock(dev) on a
	device.  If not, then the lock will need to be dropped around
	the calling of udevSetupSystemDev(), and udevAddOneDevice()
	may not actually be safe to call from higher layers with the
	driverstate lock held.

	libvirt 0.8.8 with this patch on it seems to work fine for me.
	Assuming it looks ok and I haven't done anything obviously dumb,
	I'll ask the bug submitters to try this patch.

2011-04-06  Eric Blake  <eblake@redhat.com>

	tests: fix recent test failures
	* tests/qemuxml2argvdata/qemuxml2argv-*.args: Reflect reserved VGA
	port change.

2011-04-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support for overriding NPROC limit
	This patch adds max_processes option to qemu.conf which can be used to
	override system default limit on number of processes that are allowed to
	be running for qemu user.

2011-04-06  Osier Yang  <jyang@redhat.com>

	qemu: Always reserves slot 0x02 for primary VGA.
	To address https://bugzilla.redhat.com/show_bug.cgi?id=692355

	This fix is to reserve slot 0x02 for primary VGA even if there
	is no "video" specified in domain XML to avoid the problem.

2011-04-05  Eric Blake  <eblake@redhat.com>

	libxl: avoid compiler warning
	cc1: warnings being treated as errors
	libxl/libxl_driver.c: In function 'libxlDomainSetVcpusFlags':
	libxl/libxl_driver.c:1570:14: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]
	libxl/libxl_driver.c:1578:15: error: cast from function call of type 'double' to non-matching type 'unsigned int' [-Wbad-function-cast]

	This was the only use of floor() and ceil(), and floating-point
	is overkill for power-of-two manipulations.

	* src/libxl/libxl_driver.c (libxlDomainSetVcpusFlags): Avoid -lm
	for trivial computations.

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in systemtap tapset directory name
	The systemtap directory for tapsets is called

	  /usr/share/systemtap/tapset

	Not

	 /usr/share/systemtap/tapsets

	* daemon/Makefile.am,libvirt.spec.in: s/tapsets/tapset/

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to enable stack protector on Win32
	The GCC Win32 compiler will claim to support -fstack-protector,
	but if it actually gets triggered by a suitable code pattern,
	linking will fail. Other non-Linux OS likely suffer the same
	way with gcc.

	* m4/virt-compile-warnings.m4: Only use stack protector when
	  the build target is Linux.

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Avoid compiler warnings about int -> void * casts
	GCC is a little confused about the cast of beginthread/beginthreadex
	from unsigned long -> void *. Go via an intermediate variable avoids
	the bogus warning, and makes the code a little cleaner

	* src/util/threads-win32.c: Avoid compiler warning in cast

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Improve SCSI volume key generation
	The SCSI volumes get a better 'key' field based on the fully
	qualified volume path. All SCSI volumes have a unique serial
	available in hardware which can be obtained by sending a
	suitable SCSI command. Call out to udev's 'scsi_id' command
	to fetch this value

	* src/storage/storage_backend_scsi.c: Improve volume key
	  field value stability and uniqueness

2011-04-05  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore unusable binaries
	When initializing qemu guest capabilities, we should ignore qemu
	binaries that we are not able to extract version/help info from since
	they will be unusable for creating domains anyway. Ignoring them is also
	much better than letting initialization of qemu driver fail.

	qemu: Rewrite LOOKUP_PTYS macro into a function
	The macro is huge and gives us nothing but headache when maintaining it.

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Enable use of -Wold-style-definition compiler flag
	A couple of functions were declared using the old style foo()
	for no-parameters, instead of foo(void)

	* src/xen/xen_hypervisor.c, tests/testutils.c: Replace () with (void)
	  in some function declarations
	* m4/virt-compile-warnings.m4: Enable -Wold-style-definition

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Enable use of -Wmissing-noreturn
	* src/internal.h: Define a ATTRIBUTE_NO_RETURN annotation
	* src/lxc/lxc_container.c: Annotate lxcContainerDummyChild
	  with ATTRIBUTE_NO_RETURN
	* tests/eventtest.c: Mark async thread as ATTRIBUTE_NO_RETURN
	* m4/virt-compile-warnings.m4: Enable -Wmissing-noreturn

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Enable -Wmissing-format-attribute warning
	Add a couple of missing ATTRIBUTE_FMT_PRINTF annotations

	* tools/virsh.c, tests/testutils.c: Add printf format attribute
	* m4/virt-compile-warnings.m4: Enable -Wmissing-format-attribute

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Remove acinclude.m4 file
	Split the bit acinclude.m4 file into smaller pieces named
	as m4/virt-XXXXX.m4

	* .gitignore: Ignore gettext related files
	* acinclude.m4: Delete
	* m4/virt-compile-warnings.m4: Checks for GCC compiler flags
	* m4/virt-pkgconfig-back-compat.m4: Backcompat check for
	  pkgconfig program

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Use gnulib's manywarnings & warnings modules
	Remove custom code for checking compiler warnings, using
	gl_WARN_ADD instead. Don't list all flags ourselves, use
	gnulib's gl_MANYWARN_ALL_GCC to get all possible GCC flags,
	then turn off the ones we don't want yet.

	* acinclude.m4: Rewrite to use gl_WARN_ADD and gl_MANYWARN_ALL_GCC
	* bootstrap.conf: Add warnings & manywarnings
	* configure.ac: Switch to gl_WARN_ADD
	* m4/compiler-flags.m4: Obsoleted by gl_WARN_ADD

2011-04-05  Daniel P. Berrange  <berrange@redhat.com>

	Remove possible uninitialized variable in openvz driver
	* src/openvz/openvz_driver.c: Initialize saveptr variable

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use virBufferPtr for sexpr2string instead of manual buffer handling
	Removes 4kb stack allocation in the XenD subdriver.

	xend: Remove 4kb stack allocation

	uml: Remove PATH_MAX sized stack allocation from /proc parsing code

	storage: Remove PATH_MAX sized stack allocation from iSCSI backend

	qemu: Remove PATH_MAX sized stack allocation used in commandline building

	Remove PATH_MAX sized stack allocation from virFileOpenTtyAt

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	openvz: Remove several larger stack allocations
	Replace openvz_readline with getline in several places to get rid of stack
	allocated buffers to hold lines.

	openvzReadConfigParam allocates memory for return values instead of
	expecting a preexisting buffer.

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	daemon: Remove 4kb stack allocation of security label

	virsh: Remove two 4kb stack allocations

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use virFileAbsPath instead of manually creating the absolute path
	Removes multiple 4kb stack allocations.

	Removes TODO comments as suggested by Daniel P. Berrange.

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenxs: Remove PATH_MAX sized stack allocation in XM script parsing

	sasl: Remove stack allocated 8kb temporary buffers
	Move the buffers to the heap allocated client/private data structs.

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Use heap allocated memory to read the monitor greeting
	Removing a 4kb stack allocation.

	Reduce stack buffer for virStrerror to the common 1kb instead of 4kb.

2011-04-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Remove 16kb stack allocation
	Allocate on the heap instead.

	virt-aa-helper: Remove PATH_MAX sized stack allocations

	ebtables: Remove PATH_MAX sized stack allocation

	pci: Remove PATH_MAX sized stack allocations
	Use virAsprintf instead of snprintf.

	Remove PATH_MAX sized stack allocations related to virFileBuildPath
	Make virFileBuildPath operate on the heap instead of the stack. It
	allocates a buffer instead of expecting a preexisting buffer.

	vmx: Use case-insensitive compare functions for all content

	vmx: Support persistent CPU shares

2011-04-05  Markus Groß  <gross@univention.de>

	Add autostart support to libxl driver
	The domainSetAutostart function is nearly identical to the one from qemu.

2011-04-05  Jesse Cook  <code.crashenx@gmail.com>

	Allow relative path for qemu backing file
	This patch enables the relative backing file path support provided by
	qemu-img create.

	If a relative path is specified for the backing file, it is converted
	to an absolute path using the storage pool path. The absolute path is
	used to verify that the backing file exists. If the backing file exists,
	the relative path is allowed and will be provided to qemu-img create.

2011-04-04  Eric Blake  <eblake@redhat.com>

	build: detect potentential uninitialized variables
	Even with -Wuninitialized (which is part of autobuild.sh
	--enable-compile-warnings=error), gcc does NOT catch this
	use of an uninitialized variable:

	{
	  if (cond)
	    goto error;
	  int a = 1;
	error:
	  printf("%d", a);
	}

	which prints 0 (supposing the stack started life wiped) if
	cond was true.  Clang will catch it, but we don't use clang
	as often.  Using gcc -Wjump-misses-init catches it, but also
	gives false positives:

	{
	  if (cond)
	    goto error;
	  int a = 1;
	  return a;
	error:
	  return 0;
	}

	Here, a was never used in the scope of the error block, so
	declaring it after goto is technically fine (and clang agrees).
	However, given that our HACKING already documents a preference
	to C89 decl-before-statement, the false positive warning is
	enough of a prod to comply with HACKING.

	[Personally, I'd _really_ rather use C99 decl-after-statement
	to minimize scope, but until gcc can efficiently and reliably
	catch scoping and uninitialized usage bugs, I'll settle with
	the compromise of enforcing a coding standard that happens to
	reject false positives if it can also detect real bugs.]

	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init.
	* src/util/util.c (__virExec): Adjust offenders.
	* src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise.
	* src/remote/remote_driver.c (doRemoteOpen): Likewise.
	* src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile)
	(phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey)
	(phypGetStoragePoolDevice)
	(phypVolumeGetPhysicalVolumeByStoragePool)
	(phypVolumeGetPath): Likewise.
	* src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy)
	(vboxNetworkCreate, vboxNetworkDumpXML)
	(vboxNetworkDefineCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (getCapsObject)
	(xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/security/security_selinux.c (SELinuxGenNewContext):
	Likewise.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
	Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainShutdown)
	(qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise.
	* src/storage/storage_backend_iscsi.c
	(virStorageBackendCreateIfaceIQN): Likewise.
	* src/node_device/node_device_udev.c (udevProcessPCI): Likewise.

2011-04-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.9.0
	* configure.ac docs/news.html.in libvirt.spec.in: update for the release
	* po/*.po*: update polish translation and regenerate

2011-04-03  Wen Congyang  <wency@cn.fujitsu.com>

	fix memory leak in qemuProcessHandleGraphics()
	If strdup("x509dname") or strdup("saslUsername") success, but
	strdup(x509dname) or strdup(saslUsername) failed, subject->nidentity
	is not the num elements of subject->identities, and we will leak some
	memory.

	do not lock vm while allocating memory
	There is no need to lock vm while allocating memory. If allocating
	memory failed, we forgot to unlock vm.

2011-04-02  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/formatdomain.html.in: Fix KVM name.

	docs: correct invalid xml
	* docs/internals.html.in: Fix xml errors.
	* docs/formatstorageencryption.html.in: Likewise.
	* docs/drvesx.html.in: Likewise.
	* docs/archnetwork.html.in: Likewise.
	* docs/logging.html.in: Likewise.
	* docs/drvvmware.html.in: Likewise.
	* docs/api.html.in: Likewise.
	* docs/formatnwfilter.html.in: Likewise.
	* docs/formatdomain.html.in: Likewise.
	* docs/windows.html.in: Likewise.

2011-04-01  Eric Blake  <eblake@redhat.com>

	virsh: fix mingw failure on creating nonblocking pipe
	* .gnulib: Update to latest, for nonblocking module.
	* bootstrap.conf (gnulib_modules): Add nonblocking.
	* src/util/util.c (virSetBlocking): Defer to gnulib.

2011-04-01  Daniel Veillard  <veillard@redhat.com>

	Fix libxl driver startup
	  When you happen to have a libvirtd binary compiled with the
	libxenlight driver (say you have installed xen-4.1 libraries)
	but not running a xen enabled system, then libvirtd fails to start.

	The cause is that libxlStartup() returns -1 when failing to initialize
	the library, and this propagates to virStateInitialize() which consider
	this a failure. We should only exit libxlStartup with an error code
	if something like an allocation error occurs, not if the driver failed
	to initialize.

	* src/libxl/libxl_driver.c: fix libxlStartup() to not return -1
	  when failing to initialize the libxenlight library

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix documentation for memtune command
	Commit 78ba748ef14c520ff1c4af2b5b0a44586ac49c8c claims to fix
	documentation for swap_hard_limit virsh memtune option but it only fixes
	documentation in formatdomain.html and libvirt.h. This patch completes
	the task by fixing "virsh help memtune" output and memtune section of
	virsh man page.

2011-04-01  Guido Günther  <agx@sigxcpu.org>

	Make check_fc_host() and check_vport_capable() usable as rvalues
	as needed on non linux ports using HAL.

2011-04-01  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Ignore libvirt debug messages in qemu log
	qemu driver uses a 4K buffer for reading qemu log file. This is enough
	when only qemu's output is present in the log file. However, when
	debugging messages are turned on, intermediate libvirt process fills the
	log with a bunch of debugging messages before it executes qemu binary.
	In such a case the buffer may become too small. However, we are not
	really interested in libvirt messages so they can be filtered out from
	the buffer.

2011-04-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix improper logic of qemuCgroupSetup
	It throws errors as long as the cgroup controller is not available,
	regardless of whether we really want to use it to do setup or not,
	which is not what we want, fixing it with throwing error when need
	to use the controller.

	And change "VIR_WARN" to "qemuReportError" for memory controller
	incidentally.

2011-04-01  Wen Congyang  <wency@cn.fujitsu.com>

	free tmp after unlinking it
	We create a temporary file to save memory, and we will remove it after reading
	memory to buffer. But we free the variable that contains the temporary filename
	before we remove it. So we should free tmp after unlinking it.

2011-03-31  Michal Privoznik  <mprivozn@redhat.com>

	Fix several formatting mistakes in doc

2011-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Remove iohelper on Win32 since it is not required
	The iohelper binary is not required on Win32, although it compiles
	without trouble. Simply remove it from the RPM.

	* mingw32-libvirt.spec.in: Remove iohelper

2011-03-31  Daniel P. Berrange  <berrange@redhat.com>

	Fix domain events C example on Win32
	printf on Win32 does not necessarily support %lld and we don't
	have GNULIBs wrapper for printf(). Switch to use asprintf() for
	which we do have a gnulib wrapper with %lld support

	* examples/domain-events/events-c/event-test.c: Fix formatting
	  of %lld on Win32
	* cfg.mk: Don't require use of virAsprintf since this is an
	  example app for out of tree users to follow

2011-03-31  Eric Blake  <eblake@redhat.com>

	maint: avoid locale-sensitivity in string case comparisons
	strcase{cmp/str} have the drawback of being sensitive to the global
	locale; this is unacceptable in a library setting.  Prefer a
	hard-coded C locale alternative for all but virsh, which is user
	facing and where the global locale isn't changing externally.

	* .gnulib: Update to latest, for c-strcasestr change.
	* bootstrap.conf (gnulib_modules): Drop strcasestr, add c-strcase
	and c-strcasestr.
	* cfg.mk (sc_avoid_strcase): New rule.
	(exclude_file_name_regexp--sc_avoid_strcase): New exception.
	* src/internal.h (STRCASEEQ, STRCASENEQ, STRCASEEQLEN)
	(STRCASENEQLEN): Adjust offenders.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextEjectMedia):
	Likewise.
	* tools/virsh.c (namesorter): Document exception.

2011-03-30  Eric Blake  <eblake@redhat.com>

	docs: mention C89 syntax preferences
	* docs/hacking.html.in (Code formatting): Document that // comment
	and declaration-after-statement are discouraged.
	* HACKING: Regenerate.

2011-03-30  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix media eject with qemu-0.12.*
	In qemu-0.12.* "device '...' is locked" message was changed to "Device
	..." so libvirt was no longer detecting this as an error.

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	The next release is 0.9.0 not 0.8.9
	Fix this which went into documentation

2011-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	check whether qemuMonitorJSONHMP() failed
	If qemu quited unexpectedly when we call qemuMonitorJSONHMP(),
	libvirt will crash.
	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuMonitorSetCapabilities()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorJSONSetCapabilities() returns.
	4. kill the qemu process
	5. continue running libvirtd

2011-03-30  Wen Congyang  <wency@cn.fujitsu.com>

	do not send monitor command after monitor meet error
	If the monitor met a error, and we will call qemuProcessHandleMonitorEOF().
	But we may try to send monitor command after qemuProcessHandleMonitorEOF()
	returned. Then libvirtd will be blocked in qemuMonitorSend().

	Steps to reproduce this bug:
	1. use gdb to attach libvirtd, and set a breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm
	3. let the libvirtd to run until qemuMonitorOpen() returns.
	4. kill the qemu process
	5. continue running libvirtd

2011-03-30  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: unlock qemu driver before return from domain save
	qemuDriverUnlock() wasn't called on 2 exit paths
	* src/qemu/qemu_driver.c: fix qemudDomainSave() to always unlock
	  the driver before exiting on error

2011-03-30  Naoya Horiguchi  <n-horiguchi@ah.jp.nec.com>

	extend logging to record configuration-related changes
	Currently libvirt's default logging is limited and it is difficult to
	determine what was happening when a proglem occurred (especially on a
	machines where one don't know the detail.)  This patch helps to do that
	by making additional logging available for the following events:

	  creating/defining/undefining domains
	  creating/defining/undefining/starting/stopping networks
	  creating/defining/undefining/starting/stopping storage pools
	  creating/defining/undefining/starting/stopping storage volumes.

	* AUTHORS: add Naoya Horiguchi
	* src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/storage/storage_driver.c: provide more VIR_INFO logging

2011-03-30  Daniel Veillard  <veillard@redhat.com>

	Add libvirt_iohelper to spec file
	The new iohelper binary was missing from the packaging spec

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: New tests for cputune XML
	v1 - v2:
	  * Add missed tests/qemuxml2argvdata/qemuxml2argv-cputune.args

	cputune: Support cputune for xend driver
	Not sure if it's the correct way to add cputune xml for xend driver,
	and besides, seems "xm driver" and "xen hypervisor" also support
	vcpu affinity, do we need to add support for them too?

	cputune: Support cputune for lxc driver
	LXC driver doesn't support vcpu affinity yet, so just need
	to modify it to support cpu shares.

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: Support cputune for qemu driver
	When domain startup, setting cpu affinity and cpu shares according
	to the cputune xml specified in domain xml.

	Modify "qemudDomainPinVcpu" to update domain config for vcpupin,
	and modify "qemuSetSchedulerParameters" to update domain config
	for cpu shares.

	v1 - v2:
	   * Use "VIR_ALLOC_N" instead of "VIR_ALLOC_VAR"
	   * But keep raising error when it fails on adding vcpupin xml
	     entry, as I still don't have a better idea yet.

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: Implementations of parsing and formating cputune xml
	Implementations of following functions:
	  virDomainVcpupinIsDuplicate
	  virDomainVcpupinFindByVcpu
	  virDomainVcpupinAdd

	Update "virDomainDefParseXML" to parse, and "virDomainDefFormatXML"
	to build cputune xml, also implementations of new internal helper
	functions.

	v1 - v2:
	  * Resolve potential crash bug of "virDomainVcpupinAdd"

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: Add data structures presenting cputune XML
	Also related new functions' declaration, and expose the new introduced
	functions in libvirt_private.syms.

	v1 - v2:
	  Don't expose "virAllocVar" in libvirt_private.syms

2011-03-29  Osier Yang  <jyang@redhat.com>

	cputune: Add document for cputune XML
	v1 - v3:
	  * More clear document for "cpu shares", adopted suggestions from
	    Matthias Bottle and Daniel Veillard.

	cputune: Add XML schema for cputune xml
	v1 - v2:
	  * Remove upper limit of cpu shares. (Suggested by Matthias Bottle)

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression with fd labeling on migration
	My earlier testing for commit 34fa0de0 was done while starting
	just-built libvirt from an unconfined_t shell, where the fds happened
	to work when transferring to qemu.  But when installed and run under
	virtd_t, failure to label the raw file (with no compression) or the
	pipe (with compression) triggers SELinux failures when passing fds
	over SCM_RIGHTS to svirt_t qemu.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): When passing
	FDs, make sure they are labeled.

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: improve error message on failed fd transfer
	First fallout of fd: migration - it looks like SELinux enforcing
	_does_ require fd labeling (running uninstalled libvirtd from an
	unconstrained shell had no problems, but once faked out by doing
	 chcon `stat -c %C /usr/sbin/libvirtd` daemon/libvirtd
	 run_init $PWD/daemon/libvirtd
	to run it with the same context as an init script service, and with
	SELinux enforcing, I got a rather confusing failure:
	error: Failed to save domain fedora_12 to fed12.img
	error: internal error unable to send TAP file handle: No file descriptor supplied via SCM_RIGHTS

	This fixes the error message, then I need to figure out a subsequent
	patch that does the fsetfilecon() necessary to keep things happy.
	It also appears that libvirtd hangs on a failed fd transfer; I don't
	know if that needs an independent fix.

	* src/qemu/qemu_monitor_text.c (qemuMonitorTextSendFileHandle):
	Improve message, since TAP is no longer only client.

2011-03-29  Eric Blake  <eblake@redhat.com>

	maint: ignore new built file
	* .gitignore: Exclude libvirt_iohelper.

2011-03-29  Markus Groß  <gross@univention.de>

	Add domainSuspend/Resume to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainSuspend and
	  libxlDomainResume

	Add domainGetOSType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetOSType

	Add domainGetSchedulerType to libxl driver
	* src/libxl/libxl_driver.c: implements libxlDomainGetSchedulerType

	Implements domainXMLTo/FromNative in libxl driver
	* src/Makefile.am src/libvirt_private.syms configure.ac: share and
	  reuse the sexpr routines from sexpr.h of the old xen driver
	* src/libxl/libxl_driver.c: implements libxlDomainXMLFromNative and
	  libxlDomainXMLToNative

2011-03-29  Markus Groß  <gross@univention.de>

	Add vcpu functions to libxl driver
	Hook the virtual cpu functions to their libxenlight counterparts

	* src/libxl/libxl_driver.c: implements libxlDomainSetVcpus,
	  libxlDomainGetVcpus, libxlDomainSetVcpusFlags,
	  libxlDomainGetVcpusFlags and libxlDomainPinVcpu

2011-03-29  Markus Groß  <gross@univention.de>

	List authors in copyright headers
	* src/libxl/libxl_conf.[ch] src/libxl/libxl_driver.[ch]: add authors
	  after the licence template

	Add event callbacks to libxl driver
	* src/libxl/libxl_conf.h: add the necessary fields to the driver
	  private structure
	* src/libxl/libxl_driver.c: add lifecycle event support and entry
	  points for event(de)register(any)

	Ignore return value of virDomainObjUnref
	* src/libxl/libxl_driver.c: use ignore_value() in libxlDomainObjUnref
	  and libxlCreateDomEvents

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix infinite loop in daemon if client quits with multiple streams open
	The daemon loops over the linked list of streams when a client
	quits, closing any that the client hadn't already closed. Except
	it didn't ever move to the next element in the list!

	* daemon/stream.c: Fix loop over linked list of streams

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Remote protocol support for storage vol upload/download APIs
	* daemon/remote.c, src/remote/remote_driver.c: Implementation
	  of storage vol upload/download APIs
	* src/remote/remote_protocol.x: Wire protocol definition for
	  upload/download
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.c: Re-generate

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Support volume data upload/download APIs in storage driver
	Use generic FD streams to allow data upload/download to/from
	any storage volume

	* src/storage/storage_driver.c: Wire up upload/download APIs

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Add vol-upload and vol-download commands to virsh
	The new commands vol-upload and vol-download, allow a local file
	to be transferred to/from a storage volume.

	* tools/virsh.c: Add vol-upload and vol-download commands
	* tools/virsh.pod: Document new commands

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Add public APIs for storage volume upload/download
	New APIs are added allowing streaming of content to/from
	storage volumes.

	* include/libvirt/libvirt.h.in: Add virStorageVolUpload and
	  virStorageVolDownload APIs
	* src/driver.h, src/libvirt.c, src/libvirt_public.syms: Stub
	  code for new APIs
	* src/storage/storage_driver.c, src/esx/esx_storage_driver.c:
	  Add dummy entries in driver table for new APIs

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Enhance the streams helper to support plain file I/O
	The O_NONBLOCK flag doesn't work as desired on plain files
	or block devices. Introduce an I/O helper program that does
	the blocking I/O operations, communicating over a pipe that
	can support O_NONBLOCK

	* src/fdstream.c, src/fdstream.h: Add non-blocking I/O
	  on plain files/block devices
	* src/Makefile.am, src/util/iohelper.c: I/O helper program
	* src/qemu/qemu_driver.c, src/lxc/lxc_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Update for
	  streams API change

2011-03-29  Daniel P. Berrange  <berrange@redhat.com>

	Update event loop example programs to demonstrate best practice
	The example C event loop code is a nasty hack and not compliant
	with the require API semantics. Delete this, so that developers
	don't mistakenly copy it. Instead call the new public event loop
	APIs.

	Update the python event loop example, so that it can optionally
	use the public event APIs, as an alternative to the pure python
	code. The pure python event code is a good working example, so
	don't delete it.

	Also make the python example use a read only connection to avoid
	authentication prompts

	* examples/domain-events/events-c/event-test.c: Replace event
	  loop code with use of public APIs
	* examples/domain-events/events-python/event-test.py: Allow
	  optional use of new public event APIs

2011-03-29  Eric Blake  <eblake@redhat.com>

	qemu: fix regression that hangs on save failure
	Regression introduced in commit 6034ddd55.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Jump to correct
	label.

2011-03-28  Eric Blake  <eblake@redhat.com>

	build: fix compilation on mingw
	* src/util/command.c (virCommandAbort) [WIN32]: Provide stub.
	Reported by Daniel P. Berrange's autobuilder.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: support fd: migration with compression
	Spawn the compressor ourselves, instead of requiring the shell.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Spawn
	compression helper process when needed.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: skip granting access during fd migration
	SELinux labeling and cgroup ACLs aren't required if we hand a
	pre-opened fd to qemu.  All the more reason to love fd: migration.

	* src/qemu/qemu_migration.c (qemuMigrationToFile): Skip steps
	that are irrelevant in fd migration.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: consolidate migration to file code
	This points out that core dumps (still) don't work for root-squash
	NFS, since the fd is not opened correctly.  This patch should not
	introduce any functionality change, it is just a refactoring to
	avoid duplicated code.

	* src/qemu/qemu_migration.h (qemuMigrationToFile): New prototype.
	* src/qemu/qemu_migration.c (qemuMigrationToFile): New function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag, doCoreDump): Use
	it.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: use common API for reading difficult files
	Direct access to an open file is so much simpler than passing
	everything through a pipe!

	* src/qemu/qemu_driver.c (qemudOpenAsUID)
	(qemudDomainSaveImageClose): Delete.
	(qemudDomainSaveImageOpen): Rename...
	(qemuDomainSaveImageOpen): ...and drop read_pid argument.  Use
	virFileOpenAs instead of qemudOpenAsUID.
	(qemudDomainSaveImageStartVM, qemudDomainRestore)
	(qemudDomainObjRestore): Rename...
	(qemuDomainSaveImageStartVM, qemuDomainRestore)
	(qemDomainObjRestore): ...and simplify accordingly.
	(qemudDomainObjStart, qemuDriver): Update callers.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu, storage: improve type safety
	* src/storage/storage_backend.c (createRawFileOpHook): Change
	signature.
	(struct createRawFileOpHookData): Delete unused struct.
	(virStorageBackendCreateRaw): Adjust caller.
	* src/qemu/qemu_driver.c (struct fileOpHookData): Delete unused
	struct.
	(qemudDomainSaveFileOpHook): Rename...
	(qemuDomainSaveFileOpHook): ...and change signature.
	(qemudDomainSaveFlag): Adjust caller.

2011-03-28  Eric Blake  <eblake@redhat.com>

	util: adjust indentation in previous patch
	Separating the indentation from the real patch made review easier.

	* src/util/util.c (virFileOpenAs): Whitespace changes.

2011-03-28  Eric Blake  <eblake@redhat.com>

	util: rename virFileOperation to virFileOpenAs
	This patch intentionally doesn't change indentation, in order to
	make it easier to review the real changes.

	* src/util/util.h (VIR_FILE_OP_RETURN_FD, virFileOperationHook):
	Delete.
	(virFileOperation): Rename...
	(virFileOpenAs): ...and reduce parameters.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Rename and simplify.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust caller.
	* src/storage/storage_backend.c (virStorageBackendCreateRaw):
	Likewise.
	* src/libvirt_private.syms: Reflect rename.

2011-03-28  Eric Blake  <eblake@redhat.com>

	storage: simplify fd handling
	* src/storage/storage_backend.c (virStorageBackendCreateRaw): Use
	new virFileOperation flag.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: simplify domain save fd handling
	This makes root-squash NFS saves more efficient.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new
	virFileOperation flag to open fd only once.

2011-03-28  Eric Blake  <eblake@redhat.com>

	util: use SCM_RIGHTS in virFileOperation when needed
	Currently, the hook function in virFileOperation is extremely limited:
	it must be async-signal-safe, and cannot modify any memory in the
	parent process.  It is much handier to return a valid fd and operate
	on it in the parent than to deal with hook restrictions.

	* src/util/util.h (VIR_FILE_OP_RETURN_FD): New flag.
	* src/util/util.c (virFileOperationNoFork, virFileOperation):
	Honor new flag.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: allow simple domain save to use fd: protocol
	This allows direct saves (no compression, no root-squash NFS) to use
	the more efficient fd: migration, which in turn avoids a race where
	qemu exec: migration can sometimes fail because qemu does a generic
	waitpid() that conflicts with the pclose() used by exec:.  Further
	patches will solve compression and root-squash NFS.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Use new function
	when there is no compression.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: fix restoring a compressed save image
	Latent bug introduced in commit 2d6a581960 (Aug 2009), but not exposed
	until commit 1859939a (Jan 2011).  Basically, when virExec creates a
	pipe, it always marks libvirt's side as cloexec.  If libvirt then
	wants to hand that pipe to another child process, things work great if
	the fd is dup2()'d onto stdin or stdout (as with stdin: or exec:
	migration), but if the pipe is instead used as-is (such as with fd:
	migration) then qemu sees EBADF because the fd was closed at exec().

	This is a minimal fix for the problem at hand; it is slightly racy,
	but no more racy than the rest of libvirt fd handling, including the
	case of uncompressed save images.  A more invasive fix, but ultimately
	safer at avoiding leaking unintended fds, would be to _always and
	atomically_ open all fds as cloexec in libvirt (thanks to primitives
	like open(O_CLOEXEC), pipe2(), accept4(), ...), then teach virExec to
	clear that bit for all fds explicitly marked to be handed to the child
	only after forking.

	* src/qemu/qemu_command.c (qemuBuildCommandLine): Clear cloexec
	flag.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Tweak test.

2011-03-28  Eric Blake  <eblake@redhat.com>

	util: allow clearing cloexec bit
	* src/util/util.h (virSetInherit): New prototype.
	* src/util/util.c (virSetCloseExec): Move guts...
	(virSetInherit): ...to new function, and allow clearing.
	* src/libvirt_private.syms (util.h): Export it.

	logging: always NUL-terminate circular buffer
	* src/util/logging.c (virLogStartup, virLogSetBufferSize):
	Over-allocate, so that a debugger can just print the circular
	buffer.  Suggested by Daniel Veillard.

	maint: use space, not tab, in remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Flatten tabs.
	* src/remote_protocol-structs: Likewise.  Also add a hint to emacs
	to make it easier to keep spaces in the file.

2011-03-28  Eric Blake  <eblake@redhat.com>

	tests: don't alter state in $HOME
	Diego reported a bug where virsh tries to initialize a readline
	history directory during 'make check' run as root, but fails
	because /root was read-only.

	It turns out that I could reproduce this as non-root, by using:

	mv ~/.virsh{,.bak}
	chmod a-w ~
	make check -C tests TESTS=int-overflow
	chmod u+w ~
	mv ~/.virsh{.bak,}

	* tests/int-overflow: Don't trigger interactive mode.
	Reported by Diego Elio Pettenò.

2011-03-28  Eric Blake  <eblake@redhat.com>

	docs: document recent hook additions
	* src/qemu/qemu_process.c (qemuProcessStart, qemuProcessStop): Fix
	typos.
	* docs/hooks.html.in: Document 'prepare' and 'release' hooks.

2011-03-28  Eric Blake  <eblake@redhat.com>

	qemu: don't restore state label twice
	Otherwise, if something like doStopVcpus fails after the first
	restore, a second restore is attempted and throws a useless
	warning.

	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Avoid second
	restore of state label.

2011-03-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove the Open Nebula driver
	The Open Nebula driver has been unmaintained since it was first
	introduced. The only commits have been for tree-wide cleanups.
	It also has a major design flaw, in that it only knows about guests
	that it has created itself, which makes it of very limited use.

	Discussions wrt evolution of the VMWare ESX driver, concluded that
	it should limit itself to single-node ESX operation and not try to
	manage the multi-node architecture of VirtualCenter. Open Nebula
	is a cluster like Virtual Center, not a single node system, so
	the same reasoning applies.

	The DeltaCloud project includes an Open Nebula driver and is a much
	better fit architecturally, since it is explicitly targetting the
	distributed multihost cluster scenario.

	Thus this patch deletes the libvirt Open Nebula driver with the
	recommendation that people use DeltaCloud for managing it instead.

	* configure.ac: Remove probe for xmlrpc & --with-one arg
	* daemon/Makefile.am, daemon/libvirtd.c, src/Makefile.am: Remove
	  ONE driver build
	* src/opennebula/one_client.c, src/opennebula/one_client.h,
	  src/opennebula/one_conf.c, src/opennebula/one_conf.h,
	  src/opennebula/one_driver.c, src/opennebula/one_driver.c: Delete
	  files
	* autobuild.sh, libvirt.spec.in, mingw32-libvirt.spec.in: Remove
	  build rules for Open Nebula
	* docs/drivers.html.in, docs/sitemap.html.in: Remove reference
	  to OpenNebula
	* docs/drvone.html.in: Delete file

2011-03-28  Osier Yang  <jyang@redhat.com>

	Fix syntax error in configure.ac
	Which will lead "./configure --with-audit=yes" breaks.

2011-03-28  Daniel Veillard  <veillard@redhat.com>

	Update of localisations, switch to transifex
	Last pull from i18n CVS, then push to transifex.net which is now
	our localization upstream:

	http://www.transifex.net/projects/p/libvirt/resource/strings/

2011-03-28  Daniel Veillard  <veillard@redhat.com>

	Update on the goal page
	Some things to note in this patch:
	   - we do extend libvirt scope beyond purely managing domains, there is
	     already a number of blocks which are here as helpr functions to
	     manage the resources on the host.
	   - we are expanding in the direction of libvirt being sufficient to do
	     most of the management on the Host (but within the limits of the need
	     for virtualization, e.g. managing users on the host is out of scope)
	   - we don't require anymore APIs to be supported by multiple
	     hypervisors to get in, it's already the case in practice, but we
	     should still make sure the semantic of those APIs are clear. We
	     added quite a bit for QEmu, but for example I saw on IRC that VBox
	     could emulate a network unplug/replug on a domain interface, and
	     that would be a good addition even if a priori no other hypervisor
	     supports it.
	   - Make clear that all libvirt APIs are available remotely, which is
	     key to use libvirt for building management tools.
	   - link the goal page from the project main page

	As for libvirt project directions, I think it just reflects the natural
	evolution in the last couple of years. We are less hypervisor agnostic
	and extending in the Host management. Clearly there is interest in
	making sure libvirt is complete in term of features for the hypervisors
	supported, especially the ones like KVM or LXC which don't really have
	integrated management library.

	* docs/goals.html.in: update the goals page
	* docs/index.html.in: link it from the top page

2011-03-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Don't leak gnutls session on negotiation error

2011-03-25  Eric Blake  <eblake@redhat.com>

	hooks: fix regression in previous patch
	* src/util/hooks.c (virHookCheck): Missing hooks should just be
	debug, not warn.

2011-03-25  Philipp Hahn  <hahn@univention.de>

	Add missing { for qemudDomainInterfaceStats
	Add missing open curly brace between function declaration of non-linux
	variant of qemudDomainInterfaceStats() and its body.

2011-03-25  Eric Blake  <eblake@redhat.com>

	build: shorten libxenlight summary for consistent alignment
	* configure.ac: Use xenlight: rather than libxenlight: in summary.
	Suggested by Daniel Veillard.

2011-03-25  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Avoid resetting errors before they are reported
	Commit f44bfb7 was supposed to make sure no additional libvirt API (esp.
	*Free) is called before remoteDispatchConnError() is called on error.
	However, the patch missed two instances.

2011-03-25  Eric Blake  <eblake@redhat.com>

	command: add virCommandAbort for cleanup paths
	Sometimes, an asynchronous helper is started (such as a compressor
	or iohelper program), but a later error means that we want to
	abort that child.  Make this easier.

	Note that since daemons and virCommandRunAsync can't mix, the only
	time virCommandFree can reap a process is if someone did
	virCommandRunAsync for a non-daemon and didn't stash the pid.

	* src/util/command.h (virCommandAbort): New prototype.
	* src/util/command.c (_virCommand): Add new field.
	(virCommandRunAsync, virCommandWait): Track whether pid was used.
	(virCommandFree): Reap child if caller did not request pid.
	(virCommandAbort): New function.
	* src/libvirt_private.syms (command.h): Export it.
	* tests/commandtest.c (test19): New test.

2011-03-25  Eric Blake  <eblake@redhat.com>

	command: don't mix RunAsync and daemons
	It doesn't make sense to run a daemon without synchronously
	waiting for the child process to reply whether the daemon has
	been kicked off and pidfile written yet.

	* src/util/command.c (VIR_EXEC_RUN_SYNC): New constant.
	(virCommandRun): Set temporary flag.
	(virCommandRunAsync): Use it to prevent async runs of intermediate
	child when spawning asynchronous daemon grandchild.

2011-03-25  Eric Blake  <eblake@redhat.com>

	command: properly diagnose process exit via signal
	Child processes don't always reach _exit(); if they die from a
	signal, then any messages should still be accurate.  Most users
	either expect a 0 status (thankfully, if status==0, then
	WIFEXITED(status) is true and WEXITSTATUS(status)==0 for all
	known platforms) or were filtering on WIFEXITED before printing
	a status, but a few were missing this check.  Additionally,
	nwfilter_ebiptables_driver was making an assumption that works
	on Linux (where WEXITSTATUS shifts and WTERMSIG just masks)
	but fails on other platforms (where WEXITSTATUS just masks and
	WTERMSIG shifts).

	* src/util/command.h (virCommandTranslateStatus): New helper.
	* src/libvirt_private.syms (command.h): Export it.
	* src/util/command.c (virCommandTranslateStatus): New function.
	(virCommandWait): Use it to also diagnose status from signals.
	* src/security/security_apparmor.c (load_profile): Likewise.
	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Likewise.
	* src/util/util.c (virExecDaemonize, virRunWithHook)
	(virFileOperation, virDirCreate): Likewise.
	* daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
	Likewise.

2011-03-25  Markus Groß  <gross@univention.de>

	Add memory functions to libxl driver

2011-03-25  Wen Congyang  <wency@cn.fujitsu.com>

	fix the check of the output of monitor command 'device_add'
	Hotpluging host usb device by text mode will fail, because the monitor
	command 'device_add' outputs 'husb: using...' if it succeeds, but we
	think the command should not output anything.

2011-03-24  Eric Blake  <eblake@redhat.com>

	build: enforce reference count checking
	Add the compiler attribute to ensure we don't introduce any more
	ref bugs like were just patched in commit 9741f34, then explicitly
	mark the remaining places in code that are safe.

	* src/qemu/qemu_monitor.h (qemuMonitorUnref): Mark
	ATTRIBUTE_RETURN_CHECK.
	* src/conf/domain_conf.h (virDomainObjUnref): Likewise.
	* src/conf/domain_conf.c (virDomainObjParseXML)
	(virDomainLoadStatus): Fix offenders.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/vmware/vmware_conf.c (vmwareLoadDomains): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjBeginJob)
	(qemuDomainObjBeginJobWithDriver)
	(qemuDomainObjExitRemoteWithDriver): Likewise.
	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): Likewise.
	Suggested by Daniel P. Berrange.

2011-03-24  Eric Blake  <eblake@redhat.com>

	maint: prohibit access(,X_OK)
	This simplifies several callers that were repeating checks already
	guaranteed by util.c, and makes other callers more robust to now
	reject directories.  remote_driver.c was over-strict - access(,R_OK)
	is only needed to execute a script file; a binary only needs
	access(,X_OK) (besides, it's unusual to see a file with x but not
	r permissions, whether script or binary).

	* cfg.mk (sc_prohibit_access_xok): New syntax-check rule.
	(exclude_file_name_regexp--sc_prohibit_access_xok): Exempt one use.
	* src/network/bridge_driver.c (networkStartRadvd): Fix offenders.
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsInitGuest, qemuCapsInit, qemuCapsExtractVersionInfo):
	Likewise.
	* src/remote/remote_driver.c (remoteFindDaemonPath): Likewise.
	* src/uml/uml_driver.c (umlStartVMDaemon): Likewise.
	* src/util/hooks.c (virHookCheck): Likewise.

2011-03-24  Markus Groß  <gross@univention.de>

	Get cpu time and current memory balloon from libxl

2011-03-24  Jiri Denemark  <jdenemar@redhat.com>

	Make error reporting in libvirtd thread safe
	Bug https://bugzilla.redhat.com/show_bug.cgi?id=689374 reported libvirtd
	crash during error dispatch.

	The reason is that libvirtd uses remoteDispatchConnError() with non-NULL
	conn parameter which means that virConnGetLastError() is used instead of
	its thread safe replacement virGetLastError().

	So when several libvirtd threads are reporting errors at the same time,
	the errors can get mixed or corrupted or in case of bad luck libvirtd
	itself crashes.

	Since Daniel B. is going to rewrite this code from scratch on top of his
	RPC infrastructure, I tried to come up with a minimal fix. Thus,
	remoteDispatchConnError() now just ignores its conn argument and always
	calls virGetLastError(). However, several callers had to be touched as
	well, since no libvirt API is allowed to be called before dispatching
	the error. Doing so would reset the error and we would have nothing to
	dispatch. As a result of that, the code is not very nice but that
	doesn't really make daemon/remote.c worse than it is now :-) And it will
	all die soon, which is good.

	The bug report also contains a reproducer in C which detects both mixed
	up error messages and libvirtd crash. Before this patch, I was able to
	crash libvirtd in about 20 seconds up to 3 minutes depending on number
	of CPU cores (more is better) and luck.

2011-03-24  Wen Congyang  <wency@cn.fujitsu.com>

	update domain status forcibly even if attach a device failed
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver qcow2
	   error: Failed to attach disk
	   error: operation failed: adding scsi-disk,bus=scsi0.0,scsi-id=1,drive=drive-scsi0-0-1,id=scsi0-0-1 device failed: Property 'scsi-disk.drive' can't find value 'drive-scsi0-0-1'
	2. service libvirtd restart
	   Stopping libvirtd daemon:                                  [  OK  ]
	   Starting libvirtd daemon:                                  [  OK  ]
	3. virsh attach-disk domain --source diskimage --target sdb --sourcetype file --driver qemu --subdriver raw
	   error: Failed to attach disk
	   error: operation failed: adding lsi,id=scsi0,bus=pci.0,addr=0x6 device failed: Duplicate ID 'scsi0' for device

	The reason is that we create a new scsi controller but we do not update
	/var/run/libvirt/qemu/domain.xml.

2011-03-23  Eric Blake  <eblake@redhat.com>

	build: nuke all .x-sc* files, and fix VPATH syntax-check
	Not every day you see a patch that nukes 27 files!

	* .gnulib: Update to latest, for maint.mk improvements
	* bootstrap: Resync to gnulib.
	* bootstrap.conf (ACLOCAL): Swap the secondary aclocal include
	directory, now that bootstrap picks up gnulib/m4 instead of m4.
	* Makefile.am (syntax_check_exceptions, EXTRA_DIST): No longer
	worry about nuked files.
	* cfg.mk (sc_x_sc_dist_check): Delete dead rule.
	(VC_LIST_ALWAYS_EXCLUDE_REGEX): Add HACKING.
	(exclude_file_name_regexp--sc_*): Inline and simplify contents...
	* .x-sc_*: ...from here, then delete the files.

2011-03-23  Eric Blake  <eblake@redhat.com>

	command: reject pidfile on non-daemon
	* src/util/command.c (virCommandRunAsync): Since virExec only
	creates pidfiles for daemon, enforce this in virCommand.

2011-03-23  Eric Blake  <eblake@redhat.com>

	domain_conf: drop unused ref-count in snapshot object
	The ref count was assigned to 1 at creation, then never modified again
	until it was decremented just before freeing the object.

	* src/conf/domain_conf.h (_virDomainSnapshotObj): Delete unused
	field.
	(virDomainSnapshotObjUnref): Delete unused prototype.
	* src/libvirt_private.syms: Likewise.
	* src/conf/domain_conf.c (virDomainSnapshotObjNew)
	(virDomainSnapshotObjListDataFree): Update users.
	(virDomainSnapshotObjUnref): Delete.

2011-03-23  Eric Blake  <eblake@redhat.com>

	rpm: add missing dependencies
	Among others, the missing radvd dependency showed up as:

	error: Failed to start network ipv6net
	error: Cannot find radvd - Possibly the package isn't installed: No such file
	or directory

	even when radvd was installed, because the RADVD preprocessor
	symbol was missing at configure time.

	* libvirt.spec.in (with_network): Add BuildRequires for radvd,
	iptables, and ip6tables.
	(BuildRequires): Add libxslt and augeas for docs and test.
	(with_libvirtd): Add module-init-tools for modprobe.
	(with_nwfilter): Add BuildRequires for ebtables.
	(with_esx): Fix esx build on RHEL 5, thanks to curl-devel rename.

2011-03-23  Eric Blake  <eblake@redhat.com>

	rpm: separate runtime and build requirements
	* libvirt.spec.in (Requires): Reorganize requirements a bit; no
	functional change.

2011-03-23  Osier Yang  <jyang@redhat.com>

	util: Fix return value for virJSONValueFromString if it fails
	Problem:
	  "parser.head" is not NULL even if it's free'ed by "virJSONValueFree",
	returning "parser.head" when "virJSONValueFromString" fails will cause
	unexpected errors (libvirtd will crash sometimes), e.g.
	  In function "qemuMonitorJSONArbitraryCommand":

	        if (!(cmd = virJSONValueFromString(cmd_str)))
	            goto cleanup;

	        if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
	            goto cleanup;

	        ......

	     cleanup:
	        virJSONValueFree(cmd);

	  It will continues to send command to monitor even if "virJSONValueFromString"
	is failed, and more worse, it trys to free "cmd" again.

	  Crash example:
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	{"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}}
	error: server closed connection:
	error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may need to be started: Connection refused
	error: failed to connect to the hypervisor

	  This fix is to:
	    1) return NULL for failure of "virJSONValueFromString",
	    2) and it seems "virJSONValueFree" uses incorrect loop index for type
	       of "VIR_JSON_TYPE_OBJECT", fix it together.

	* src/util/json.c

2011-03-23  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of qemuCgroupData in Qemu host usb hotplug
	Steps to reproduce this bug:
	# cat usb.xml
	<hostdev mode='subsystem' type='usb'>
	  <source>
	    <address bus='0x001' device='0x003'/>
	  </source>
	</hostdev>
	# virsh attach-device vm1 usb.xml
	error: Failed to attach device from usb.xml
	error: server closed connection:

	The reason of this bug is that we set data.cgroup to NULL, and this will cause
	libvirtd crashed.

2011-03-23  Eric Blake  <eblake@redhat.com>

	qemu: simplify monitor callbacks
	A future patch will change reference counting idioms; consolidating
	this pattern now makes the next patch smaller (touch only the new
	macro rather than every caller).

	* src/qemu/qemu_monitor.c (QEMU_MONITOR_CALLBACK): New helper.
	(qemuMonitorGetDiskSecret, qemuMonitorEmitShutdown)
	(qemuMonitorEmitReset, qemuMonitorEmitPowerdown)
	(qemuMonitorEmitStop, qemuMonitorEmitRTCChange)
	(qemuMonitorEmitWatchdog, qemuMonitorEmitIOError)
	(qemuMonitorEmitGraphics): Use it to reduce duplication.

2011-03-22  Eric Blake  <eblake@redhat.com>

	build: fix missing initializer
	Commit cb4aba9b6 forgot xenapi.

	* src/xenapi/xenapi_driver.c (xenapiDriver): Adjust to recent API.

2011-03-22  Roopa Prabhu  <roprabhu@cisco.com>

	8021Qbh: use preassociate-rr during the migration prepare stage
	This patch introduces PREASSOCIATE-RR during incoming VM migration on the
	destination host. This is similar to the usage of PREASSOCIATE during
	migration in 8021qbg libvirt code today. PREASSOCIATE-RR is a VDP operation.
	With the latest at IEEE, 8021qbh will need to support VDP operations.
	A corresponding enic driver patch to support PREASSOCIATE-RR for 8021qbh
	will be posted for net-next-2.6 inclusion soon.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix uninitialized variable & error reporting in LXC veth setup
	THe veth setup in LXC had a couple of flaws, first brInit did
	not report any error when it failed. Second vethCreate() did
	not correctly initialize the variable containing the return
	code, so could report failure even when it succeeded.

	* src/lxc/lxc_driver.c: Report error when brInit fails
	* src/lxc/veth.c: Fix uninitialized variable

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Wire up virDomainMigrateSetSpeed into QEMU driver
	Enhance the QEMU migration monitoring loop, so that it can get
	a signal to change migration speed on the fly

	* src/qemu/qemu_domain.h: Add signal for changing speed on the fly
	* src/qemu/qemu_driver.c: Wire up virDomainMigrateSetSpeed driver
	* src/qemu/qemu_migration.c: Support signal for changing speed

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Wire up virDomainMigrateSetSpeed for the remote RPC driver
	* src/remote/remote_protocol.x: Define wire protocol
	* daemon/remote.c, src/remote/remote_driver.c: Add new
	  functions for virDomainMigrateSetSpeed API
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h: Re-generate files

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Add public API for setting migration speed on the fly
	It is possible to set a migration speed limit when starting
	migration. This new API allows the speed limit to be changed
	on the fly to adjust to changing conditions

	* src/driver.h, src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in: Add virDomainMigrateSetMaxSpeed
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/vmware/vmware_driver.c, src/xen/xen_driver.c,
	  src/libxl/libxl_driver.c: Stub new API

2011-03-22  Eric Blake  <eblake@redhat.com>

	maint: update authors
	* AUTHORS: Update, to satisfy 'make syntax-check'.

2011-03-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable libxl build in RPM on Fedora < 16
	The xen RPM in Fedora isn't new enough to support libxl builds
	yet. Disable it until Fedora 16

	* libvirt.spec.in: Disable libxl on Fedora < 16

2011-03-22  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: fallback to HMP drive_add/drive_del
	fallback to HMP drive_add/drive_del commands if not found in QMP

2011-03-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Only use HMP passthrough if it is supported
	Avoids calling text monitor methods when it is know they will not
	succeed and also results in nicer error messages.

	qemu: Detect support for HMP passthrough

2011-03-22  Thibault Vincent  <thibault.vincent@smartjog.com>

	qemu: add two hook script events "prepare" and "release"
	Fix for bug https://bugzilla.redhat.com/show_bug.cgi?id=618970

	The "prepare" hook is called very early in the VM statup process
	before device labeling, so that it can allocate ressources not
	managed by libvirt, such as DRBD, or for instance create missing
	bridges and vlan interfaces.
	* src/util/hooks.c src/util/hooks.h: add definitions for new hooks
	  VIR_HOOK_QEMU_OP_PREPARE and VIR_HOOK_QEMU_OP_RELEASE
	* src/qemu/qemu_process.c: use them in qemuProcessStart and
	  qemuProcessStop()

2011-03-22  Daniel Veillard  <veillard@redhat.com>

	Update the set of maintainers for the project
	Wen Congyang gained commiter access

	Created a new section of previous commiters to the project
	but not involved much anymore: Karel Zak, Atsushi SAKAI,
	Dave Leskovec and Dan Smith

2011-03-21  Eric Blake  <eblake@redhat.com>

	qemu: simplify interface fd handling in monitor
	With only a single caller to these two monitor commands, I
	didn't need to wrap a new WithFds version, but just change
	the command itself.

	* src/qemu/qemu_monitor.h (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add parameters.
	* src/qemu/qemu_monitor.c (qemuMonitorAddNetdev)
	(qemuMonitorAddHostNetwork): Add support for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Use it to
	simplify code.

2011-03-21  Eric Blake  <eblake@redhat.com>

	qemu: simplify PCI configfd handling in monitor
	This is also a bug fix - on the error path, qemu_hotplug would
	leave the configfd file leaked into qemu.  At least the next
	attempt to hotplug a PCI device would reuse the same fdname,
	and when the qemu getfd monitor command gets a new fd by the
	same name as an earlier one, it closes the earlier one, so there
	is no risk of qemu running out of fds.

	* src/qemu/qemu_monitor.h (qemuMonitorAddDeviceWithFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorAddDevice): Move guts...
	(qemuMonitorAddDeviceWithFd): ...to new function, and add support
	for fd passing.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice): Use it
	to simplify code.
	Suggested by Daniel P. Berrange.

2011-03-21  Eric Blake  <eblake@redhat.com>

	qemu: simplify monitor fd error handling
	qemu_monitor was already returning -1 and setting errno to EINVAL
	on any attempt to send an fd without a unix socket, but this was
	a silent failure in the case of qemuDomainAttachHostPciDevice.
	Meanwhile, qemuDomainAttachNetDevice was doing some sanity checking
	for a better error message; it's better to consolidate that to a
	central point in the API.

	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Move sanity
	checking...
	* src/qemu/qemu_monitor.c (qemuMonitorSendFileHandle): ...into
	central location.
	Suggested by Chris Wright.

2011-03-21  Eric Blake  <eblake@redhat.com>

	udev: fix regression with qemu:///session
	https://bugzilla.redhat.com/show_bug.cgi?id=684655 points out
	a regression introduced in commit 2215050edd - non-root users
	can't connect to qemu:///session because libvirtd dies when
	it can't use pciaccess initialization.

	* src/node_device/node_device_udev.c (udevDeviceMonitorStartup):
	Don't abort udev driver (and libvirtd overall) if non-root user
	can't use pciaccess.

2011-03-21  Eric Blake  <eblake@redhat.com>

	logging: fix off-by-one bug
	Valgrind caught that our log wrap-around was going 1 past the end.
	Regression introduced in commit b16f47a; previously the
	buffer was static and size+1 bytes, but now it is dynamic and
	exactly size bytes.

	* src/util/logging.c (virLogStr): Don't write past end of log.

2011-03-21  Wen Congyang  <wency@cn.fujitsu.com>

	do not report OOM error when prepareCall() failed
	We have reported error in the function prepareCall(), and
	the error is not only OOM error. So we should not report
	OOM error in the function call() when prepareCall() failed.

2011-03-21  Eric Blake  <eblake@redhat.com>

	util: guarantee sane errno in virFileIsExecutable
	If virFileIsExecutable is to replace access(file,X_OK), then
	errno must be usable on failure.

	* src/util/util.c (virFileIsExecutable): Set errno on failure.

2011-03-21  Cole Robinson  <crobinso@redhat.com>

	docs: Document first release with spice and qxl

2011-03-21  Osier Yang  <jyang@redhat.com>

	doc: Add schema definition for imagelabel
	<imagelable> is not generated by running domain, actually we parse
	it in src/conf/domain_conf.c, this patch is to fix it, otherwise any
	validation (virt-xml-validate) on the domain xml dumped from shutoff
	domain containing <imagelable> will fail.

	* docs/schemas/domain.rng

2011-03-19  Tiziano Mueller  <dev-zero@gentoo.org>

	update virGetVersion description
	The current description suggests that you always have to provide
	a valid typeVer pointer. But if you want only the libvirt version
	it's also possible to set type and typeVer to NULL to skip the
	hypervisor part.

2011-03-18  Hu Tao  <hutao@cn.fujitsu.com>

	Don't return an error on failure to create blkio controller
	This patch enables cgroup controllers as much as possible by skipping
	the creation of blkio controller when running with old kernels that
	doesn't support multi-level directory for blkio controller.

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Don't build libxenlight driver for Xen 4.0
	The libxenlight driver does not build against the tech preview
	version of libxenlight in Xen 4.0.  Only enable building the
	driver against more complete libxenlight found in Xen 4.1.

2011-03-18  Eric Blake  <eblake@redhat.com>

	qemu: respect locking rules
	THREADS.txt states that the contents of vm should not be read or
	modified while the vm lock is not held, but that the lock must not
	be held while performing a monitor command.  This fixes all the
	offenders that I could find.

	* src/qemu/qemu_process.c (qemuProcessStartCPUs)
	(qemuProcessInitPasswords, qemuProcessStart): Don't modify or
	refer to vm state outside lock.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainChangeGraphicsPasswords):
	Likewise.

2011-03-18  Laine Stump  <laine@laine.org>

	network driver: log error and abort network startup when radvd isn't found
	This is detailed in:

	  https://bugzilla.redhat.com/show_bug.cgi?id=688957

	Since radvd is executed by daemonizing it, the attempt to exec the
	radvd binary doesn't happen until after libvirtd has already received
	an exit code from the intermediate forked process, so no error is
	detected or logged by __virExec().

	We can't require radvd as a prerequisite for the libvirt package (many
	installations don't use IPv6, so they don't need it), so instead we
	add in a check to verify there is an executable radvd binary prior to
	trying to exec it.

2011-03-18  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvz: fix a simple bug in openvzListDefinedDomains()
	This patch adds missing curly brackets to an if
	statement in openvzListDefinedDomains()

2011-03-18  Eric Blake  <eblake@redhat.com>

	build: translate changes in previous patch
	* po/POTFILES.in: Add src/util/hash.c for 'make syntax-check'.

2011-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix delayed event delivery when SASL is active
	When SASL is active, it was possible that we read and decoded
	more data off the wire than we initially wanted. The loop
	processing this data terminated after only one message to
	avoid delaying the calling thread, but this could delay
	event delivery. As long as there is decoded SASL data in
	memory, we must process it, before returning to the poll()
	event loop.

	This is a counterpart to the same kind of issue solved in

	  commit 68d2c3482fa16801f8e6ca5c42698319bb87f385

	in a different area of the code

	* src/remote/remote_driver.c: Process all pending SASL data

2011-03-18  Daniel P. Berrange  <berrange@redhat.com>

	Ensure binary is resolved wrt $PATH in virExec
	virExec would only resolved the binary to $PATH if no env
	variables were being set. Since there is no execvep() API
	in POSIX, we use virFindFileInPath to manually resolve
	the binary and then use execv() instead of execvp().

2011-03-18  Jim Fehlig  <jfehlig@novell.com>

	Add libxenlight driver
	Add a new xen driver based on libxenlight [1], which is the primary
	toolstack starting with Xen 4.1.0.  The driver is stateful and runs
	privileged only.

	Like the existing xen-unified driver, the libxenlight driver is
	accessed with xen:// URI.  Driver selection is based on the status
	of xend.  If xend is running, the libxenlight driver will not load
	and xen:// connections are handled by xen-unified.  If xend is not
	running *and* the libxenlight driver is available, xen://
	connections are deferred to the libxenlight driver.

	V6:
	 - Address several code style issues noted by Daniel Veillard
	 - Make drive work with xen:/// URI
	 - Hold domain object reference while domain is injected in
	   libvirt event loop.  Race found and fixed by Markus Groß.

	V5:
	 - Ensure events are unregistered when domain private data
	   is destroyed.  Discovered and fixed by Markus Groß.

	V4:
	 - Handle restart of libvirtd, reconnecting to previously
	   started domains
	 - Rebased to current master
	 - Tested against Xen 4.1 RC7-pre (c/s 22961:c5d121fd35c0)

	V3:
	  - Reserve vnc port within driver when autoport=yes

	V2:
	  - Update to Xen 4.1 RC6-pre (c/s 22940:5a4710640f81)
	  - Rebased to current master
	  - Plug memory leaks found by Stefano Stabellini and valgrind
	  - Handle SHUTDOWN_crash domain death event

	[1] http://lists.xensource.com/archives/html/xen-devel/2009-11/msg00436.html

2011-03-18  Jiri Denemark  <jdenemar@redhat.com>

	util: Forbid calling hash APIs from iterator callback
	Calling most hash APIs is not safe from inside of an iterator callback.
	Exceptions are APIs that do not modify the hash table and removing
	current hash entry from virHashFroEach callback.

	This patch make all APIs which are not safe fail instead of just relying
	on the callback being nice not calling any unsafe APIs.

2011-03-18  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix copy&paste error messages in text monitor

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	do not unref obj in qemuDomainObjExitMonitor*
	Steps to reproduce this bug:
	# cat test.sh
	  #! /bin/bash -x
	  virsh start domain
	  sleep 5
	  virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	# while true; do ./test.sh ; done

	Then libvirtd will crash.

	The reason is that:
	we add a reference of obj when we open the monitor. We will reduce this
	reference when we free the monitor.

	If the reference of monitor is 0, we will free monitor automatically and
	the reference of obj is reduced.

	But in the function qemuDomainObjExitMonitorWithDriver(), we reduce this
	reference again when the reference of monitor is 0.

	It will cause the obj be freed in the function qemuDomainObjEndJob().

	Then we start the domain again, and libvirtd will crash in the function
	virDomainObjListSearchName(), because we pass a null pointer(obj->def->name)
	to strcmp().

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: check driver name while attaching disk
	This bug was reported by Shi Jin(jinzishuai@gmail.com):
	=============
	# virsh attach-disk RHEL6RC /var/lib/libvirt/images/test3.img vdb \
	        --driver file --subdriver qcow2
	Disk attached successfully

	# virsh save RHEL6RC /var/lib/libvirt/images/memory.save
	Domain RHEL6RC saved to /var/lib/libvirt/images/memory.save

	# virsh restore /var/lib/libvirt/images/memory.save
	error: Failed to restore domain from /var/lib/libvirt/images/memory.save
	error: internal error unsupported driver name 'file'
	       for disk '/var/lib/libvirt/images/test3.img'
	=============

	We check the driver name when we start or restore VM, but we do
	not check it while attaching a disk. This adds the same check on disk
	driverName used in qemuBuildCommandLine to qemudDomainAttachDevice.

2011-03-18  Daniel Veillard  <veillard@redhat.com>

	Improve logging documentation including the debug buffer
	* docs/logging.html.in: document the fact that starting from
	  0.9.0 the server logs goes to libvirtd.log instead of syslog
	  by default, describe the debug buffer, restructure the page
	  and add a couple more examples

2011-03-18  Daniel Veillard  <veillard@redhat.com>

	Avoid taking lock in libvirt debug dump
	As pointed out, locking the buffer from the signal handler
	cannot been guaranteed to be safe, so to avoid any hazard
	we prefer the trade off of dumping logs possibly messed up
	by concurrent logging activity rather than risk a daemon
	crash.

	* src/util/logging.c: change virLogEmergencyDumpAll() to not
	  take any lock on the log buffer but reset buffer content variables
	  to an empty set before starting the actual dump.

2011-03-18  Wen Congyang  <wency@cn.fujitsu.com>

	unlock the monitor when unwatching the monitor
	Steps to reproduce this bug:
	# virsh qemu-monitor-command domain 'cpu_set 2 online' --hmp
	The domain has 2 cpus, and we try to set the third cpu online.
	The qemu crashes, and this command will hang.

	The reason is that the refs is not 1 when we unwatch the monitor.
	We lock the monitor, but we do not unlock it. So virCondWait()
	will be blocked.

2011-03-18  Hu Tao  <hutao@cn.fujitsu.com>

	Add vim configuration that makes vim auto-indent code

2011-03-17  Hu Tao  <hutao@cn.fujitsu.com>

	Make virDomainObjParseNode() static
	Make virDomainObjParseNode() static since it is called only
	in one file.

2011-03-17  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	virsh: fix memtune's help message for swap_hard_limit
	* Correct the documentation for cgroup: the swap_hard_limit indicates
	  mem+swap_hard_limit.
	* Change cgroup private apis to: virCgroupGet/SetMemSwapHardLimit

2011-03-17  Alex Williamson  <alex.williamson@redhat.com>

	Add PCI sysfs reset access
	I'm proposing we make use of $PCIDIR/reset in qemu-kvm to reset
	devices on VM reset.  We need to add it to libvirt's list of
	files that get ownership for device assignment.

2011-03-17  Jim Fehlig  <jfehlig@novell.com>

	Support Xen sysctl v8, domctl v7
	xen-unstable c/s 21118:28e5409e3fb3 bumped sysctl version to 8.
	xen-unstable c/s 21212:de94884a669c introduced CPU pools feature,
	adding another member to xen_domctl_getdomaininfo struct.  Add a
	corresponding domctl v7 struct in xen hypervisor sub-driver and
	detect sysctl v8 during initialization.

2011-03-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Add missing virCondDestroy calls
	The virCond of the remote_thread_call struct was leaked in some
	places. This results in leaking the underlying mutex. Which in turn
	leaks a handle on Windows.

	Reported by Aliaksandr Chabatar and Ihar Smertsin.

2011-03-16  Eric Blake  <eblake@redhat.com>

	build: improve rpm generation for distro backports
	When building for an older distro, it's convenient to just
	tell rpmbuild to define dist (for example, to .el6_0), rather
	than also remembering to define rhel to 6.

	* libvirt.spec.in: Guess %{rhel} based on %{dist}.
	Based on an idea by Jiri Denemark.

2011-03-16  Laine Stump  <laine@laine.org>

	macvtap: log an error if on failure to connect to netlink socket
	A bug in libnl (see https://bugzilla.redhat.com/show_bug.cgi?id=677724
	and https://bugzilla.redhat.com/show_bug.cgi?id=677725) makes it very
	easy to create a failure to connect to the netlink socket when trying
	to open a macvtap network device ("type='direct'" in domain interface
	XML). When that error occurred (during a call to libnl's nl_connect()
	from libvirt's nlComm(), there was no log message, leading virsh (for
	example) to report "unknown error".

	There were two other cases in nlComm where an error in a libnl
	function might return with failure but no error reported. In all three
	cases, this patch logs a message which will hopefully be more useful.

	Note that more detailed information about the failure might be
	available from libnl's nl_geterror() function, but it calls
	strerror(), which is not threadsafe, so we can't use it.

2011-03-16  Osier Yang  <jyang@redhat.com>

	storage: Fix a problem which will cause libvirtd crashed
	If pool xml has no definition for "port", then "Segmentation fault"
	happens when jumping to "cleanup:" to do "VIR_FREE(port)", as "port"
	was not initialized in this situation.

	* src/conf/storage_conf.c

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: support migration to fd
	* src/qemu/qemu_monitor.h (qemuMonitorMigrateToFd): New
	prototype.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFd): New function.

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: improve efficiency of dd during snapshots
	POSIX states about dd:

	If the bs=expr operand is specified and no conversions other than
	sync, noerror, or notrunc are requested, the data returned from each
	input block shall be written as a separate output block; if the read
	returns less than a full block and the sync conversion is not
	specified, the resulting output block shall be the same size as the
	input block. If the bs=expr operand is not specified, or a conversion
	other than sync, noerror, or notrunc is requested, the input shall be
	processed and collected into full-sized output blocks until the end of
	the input is reached.

	Since we aren't using conv=sync, there is no zero-padding, but our
	use of bs= means that a short read results in a short write.  If
	instead we use ibs= and obs=, then short reads are collected and dd
	only has to do a single write, which can make dd more efficient.

	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToFile):
	Avoid 'dd bs=', since it can cause short writes.

2011-03-15  Eric Blake  <eblake@redhat.com>

	virsh: allow empty string arguments
	"virsh connect ''" should try to connect to the default connection,
	but the previous patch made it issue a warning about an invalid URI.

	* tools/virsh.c (VSH_OFLAG_EMPTY_OK): New option flag.
	(vshCommandOptString): Per the declaration, value is required to
	be non-NULL.  Honor new flag.
	(opts_connect): Allow empty string connection.

2011-03-15  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fallback to HMP when cpu_set QMP command is not found

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Change message for VIR_FROM_RPC error domain
	The VIR_FROM_RPC error domain is used generically for any RPC
	problem, not simply XML-RPC problems.

	* src/util/virterror.c: s/XML-RPC/RPC/

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Add compat function for geteuid()
	* configure.ac: Check for geteuid()
	* src/util/util.h: Compat for geteuid()

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc bugs in virCommandPtr
	The virCommandNewArgs() method would free the virCommandPtr
	if it failed to add the args. This meant errors reported in
	virCommandAddArgSet() were lost. Simply removing the check
	for errors from the constructor means they can be reported
	correctly later

	The virCommandAddEnvPassCommon() method failed to check for
	errors before reallocating the cmd->env array, causing a
	potential SEGV if cmd was NULL

	The virCommandAddArgSet() method needs to validate that at
	least 1 element in 'val's parameter is non-NULL, otherwise
	code like

	    cmd = virCommandNew(binary)
	    virCommandAddAtg(cmd, "foo")

	Would end up trying todo  execve("foo"), if binary was
	NULL.

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Add virSetBlocking() to allow O_NONBLOCK to be toggle on or off
	The virSetNonBlock() API only allows enabling non-blocking
	operations. It doesn't allow turning blocking back on. Add
	a new API to allow arbitrary toggling.

	* src/libvirt_private.syms, src/util/util.h
	  src/util/util.c: Add virSetBlocking

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: use more appropriate error
	Fixes bug in commit acacced

	* src/qemu/qemu_command.c (qemuBuildCommandLine):
	s/INVALID_ARG/CONFIG_UNSUPPORTED/.
	Reported by Daniel P. Berrange.

2011-03-15  Justin Clift  <jclift@redhat.com>

	docs: update windows page for initial libvirt 0.8.8 installer

2011-03-15  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	libvirt: fix a simple bug in virDomainSetMemoryFlags()
	This patch fix a simple bug in virDomainSetMemoryFlags function.
	The patch sent before lacks the consideration of the case
	where the driver doesn't support virDomainSetMemoryFlags API.

2011-03-15  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC container startup/shutdown/I/O more robust
	The current LXC I/O controller looks for HUP to detect
	when a guest has quit. This isn't reliable as during
	initial bootup it is possible that 'init' will close
	the console and let mingetty re-open it. The shutdown
	of containers was also flakey because it only killed
	the libvirt I/O controller and expected container
	processes to gracefully follow.

	Change the I/O controller such that when it see HUP
	or an I/O error, it uses kill($PID, 0) to see if the
	process has really quit.

	Change the container shutdown sequence to use the
	virCgroupKillPainfully function to ensure every
	really goes away

	This change makes the use of the 'cpu', 'devices'
	and 'memory' cgroups controllers compulsory with
	LXC

	* docs/drvlxc.html.in: Document that certain cgroups
	  controllers are now mandatory
	* src/lxc/lxc_controller.c: Check if PID is still
	  alive before quitting on I/O error/HUP
	* src/lxc/lxc_driver.c: Use virCgroupKillPainfully

2011-03-15  Daniel Veillard  <veillard@redhat.com>

	Allow to dynamically set the size of the debug buffer
	This is the part allowing to dynamically resize the debug log
	buffer from it's default 64kB size. The buffer is now dynamically
	allocated.
	It adds a new API virLogSetBufferSize() which resizes the buffer
	If passed a zero size, the buffer is deallocated and we do the small
	optimization of not formatting messages which are not output anymore.
	On the daemon side, it just adds a new option log_buffer_size to
	libvirtd.conf and call virLogSetBufferSize() if needed
	* src/util/logging.h src/util/logging.c src/libvirt_private.syms:
	  make buffer dynamic and add virLogSetBufferSize() internal API
	* daemon/libvirtd.conf: document the new log_buffer_size option
	* daemon/libvirtd.c: read and use the new log_buffer_size option

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: consolidate duplicated monitor migration code
	* src/qemu/qemu_monitor_text.h (qemuMonitorTextMigrate): Declare
	in place of individual monitor commands.
	* src/qemu/qemu_monitor_json.h (qemuMonitorJSONMigrate): Likewise.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToHost)
	(qemuMonitorTextMigrateToCommand, qemuMonitorTextMigrateToFile)
	(qemuMonitorTextMigrateToUnix): Delete.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToHost)
	(qemuMonitorJSONMigrateToCommand, qemuMonitorJSONMigrateToFile)
	(qemuMonitorJSONMigrateToUnix): Delete.
	* src/qemu/qemu_monitor.c (qemuMonitorMigrateToHost)
	(qemuMonitorMigrateToCommand, qemuMonitorMigrateToFile)
	(qemuMonitorMigrateToUnix): Consolidate shared code.

2011-03-15  Eric Blake  <eblake@redhat.com>

	qemu: use lighter-weight fd:n on incoming tunneled migration
	Outgoing migration still uses a Unix socket and or exec netcat until
	the next patch.

	* src/qemu/qemu_migration.c (qemuMigrationPrepareTunnel):
	Replace Unix socket with simpler pipe.
	Suggested by Paolo Bonzini.

2011-03-15  Eric Blake  <eblake@redhat.com>

	maint: make spacing in .sh files easier
	Commit 7f193757 renamed libvirt-guests.init from .in to .sh, which
	made it slip past sc_TAB_in_indentation.  I nearly reintroduced a
	tab, so I'm pushing this to prevent that from happening.

	* cfg.mk (sc_TAB_in_indentation): Update rule to include .sh files.
	* .dir-locals.el: List spacing preference for .sh files.

2011-03-15  Osier Yang  <jyang@redhat.com>

	qemu: Check the unsigned integer overflow
	As perhaps other hypervisor drivers use different capacity units,
	do the checking in qemu driver instead of in conf/domain_conf.c.

2011-03-15  Minoru Usui  <usui@mxm.nes.nec.co.jp>

	Fix performance problem of virStorageVolCreateXMLFrom()
	This patch changes zerobuf variable from array to VIR_ALLOC_N().

2011-03-14  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid globbing when splitting $URIS
	* tools/libvirt-guests.init.sh (start, stop, gueststatus): Avoid
	shell globbing, since valid URIs can contain '?'.

2011-03-14  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: quoting variables
	At least protect the $uri variable against further expansion by properly
	quoting it. While doing that, also quote all other variables to protect
	against shell meta characters.

	docs/formatdomain.html.in: Fix spelling PIC->PCI
	Not "Programmable Interrupt Controller" but "Peripheral Component
	Interconnect".

2011-03-14  Laine Stump  <laine@laine.org>

	audit: eliminate potential null pointer deref when auditing macvtap devices
	The newly added call to qemuAuditNetDevice in qemuPhysIfaceConnect was
	assuming that res_ifname (the name of the macvtap device) was always
	valid, but this isn't the case. If openMacvtapTap fails, it always
	returns NULL, which would result in a segv.

	Since the audit log only needs a record of devices that are actually
	sent to qemu, and a failure to open the macvtap device means that no
	device will be sent to qemu, we can solve this problem by only doing
	the audit if openMacvtapTap is successful (in which case res_ifname is
	guaranteed valid).

2011-03-14  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Insert error messages to avoid a quiet abortion of commands
	in case of incorrect option parsing.

2011-03-14  Laine Stump  <laine@laine.org>

	network driver: don't send default route to clients on isolated networks
	Normally dnsmasq will send a default route (the address of the host in
	the network definition) to any client requesting an address via
	DHCP. On an isolated network this makes no sense, as we have iptables
	to prevent any traffic going out via that interface, so anything sent
	that way would be dropped anyway.

	This extra/unusable default route becomes problematic if you have
	setup a guest with multiple network interfaces, with one connected to
	an isolated network and another that provides connectivity to the
	outside (example - one interface directly connecting to a physical
	interface via macvtap, with a second connected to an isolated network
	so that the host and guest can communicate (macvtap doesn't support
	guest<->host communication without an external switch that supports
	vepa, or reflecting all traffic back)). In this case, if the guest
	chooses the default route of the isolated network, the guest will not
	be able to get network traffic beyond the host.

	To prevent dnsmasq from sending a default route, you can tell it to
	send 0 bytes of data for the default route option (option number 3)
	with --dhcp-option=3 (normally the data to send for the option would
	follow the option number; no extra data means "don't send this option").

	I have checked on RHEL5 (a good representative of the oldest supported
	libvirt platforms) and its version of dnsmasq (2.45) does support
	--dhcp-option, so this shouldn't create any compatibility problems.

2011-03-14  Jiri Denemark  <jdenemar@redhat.com>

	python: Use hardcoded python path in libvirt.py
	This partially reverts (and fixes that part in a different way) commit
	e4384459c93e3e786aa483c7f077d1d22148f689, which replaced
	``/usr/bin/python'' with ``/usr/bin/env python'' in all examples or
	scripts used during build to generate other files.

	However, python bindings module is compiled and linked against a
	specific python discovered or explicitly provided in configure phase.
	Thus libvirt.py, which is generated and installed into the system,
	should use the same python binary for which the module has been built.

	The hunk in Makefile.am replaces $(srcdir) with $(PYTHON), which might
	seem wrong but it is not. generator.py didn't use any of its command
	line arguments so passing $(srcdir) to it was redundant.

2011-03-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Allow starting domains by UUID

2011-03-14  Osier Yang  <jyang@redhat.com>

	virsh: Free stream when shutdown console
	Otherwise connection of hypervisor driver will be leaked when
	one shutdown the guest in console. e.g.

	[root@localhost]# init 0
	......
	init: Re-executing /sbin/init
	Halting system...
	Power down.

	error: Failed to disconnect from the hypervisor, 1 leaked reference(s)

2011-03-14  Guido Günther  <agx@sigxcpu.org>

	Add missing checks for read only connections
	As pointed on CVE-2011-1146, some API forgot to check the read-only
	status of the connection for entry point which modify the state
	of the system or may lead to a remote execution using user data.
	The entry points concerned are:
	  - virConnectDomainXMLToNative
	  - virNodeDeviceDettach
	  - virNodeDeviceReAttach
	  - virNodeDeviceReset
	  - virDomainRevertToSnapshot
	  - virDomainSnapshotDelete

	* src/libvirt.c: fix the above set of entry points to error on read-only
	                 connections

2011-03-12  Laine Stump  <laine@laine.org>

	network driver: Use a separate dhcp leases file for each network
	By default, all dnsmasq processes share the same leases file. libvirt
	also uses the --dhcp-lease-max option to control the maximum number of
	leases allowed. The problem is that libvirt puts in a number equal to
	the number of addresses in the range for the one network handled by a
	single instance of dnsmasq, but dnsmasq checks the total number of
	leases in the file (which could potentially contain many more).

	The solution is to tell each instance of dnsmasq to create and use its
	own leases file. (/var/lib/libvirt/network/<net-name>.leases).

	This file is created by dnsmasq when it starts, but not deleted when
	it exists. This is fine when the network is just being stopped, but if
	the leases file was left around when a network was undefined, we could
	end up with an ever-increasing number of dead files - instead, we
	explicitly unlink the leases file when a network is undefined.

	Note that Ubuntu carries a patch against an older version of libvirt for this:

	hhttps://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/713071
	ttp://bazaar.launchpad.net/~serge-hallyn/ubuntu/maverick/libvirt/bugall/revision/109

	I was certain I'd also seen discussion of this on libvir-list or
	libvirt-users, but couldn't find it.

2011-03-12  Laine Stump  <laine@laine.org>

	network driver: Fix indentation from previous commit
	The previous commit put a large portion of networkBuildDnsmasqArgv
	inside an if { } block. This readjusts the indentation.

2011-03-12  Laine Stump  <laine@laine.org>

	network driver: Start dnsmasq even if no dhcp ranges/hosts are specified.
	This fixes a regression introduced in commit ad48df, and reported on
	the libvirt-users list:

	  https://www.redhat.com/archives/libvirt-users/2011-March/msg00018.html

	The problem in that commit was that we began searching a list of ip
	address definitions (rather than just having one) to look for a dhcp
	range or static host; when we didn't find any, our pointer (ipdef) was
	left at NULL, and when ipdef was NULL, we returned without starting up
	dnsmasq.

	Previously dnsmasq was started even without any dhcp ranges or static
	entries, because it's still useful for DNS services.

	Another problem I noticed while investigating was that, if there are
	IPv6 addresses, but no IPv4 addresses of any kind, we would jump out
	at an ever higher level in the call chain.

	This patch does the following:

	1) networkBuildDnsmasqArgv() = all uses of ipdef are protected from
	   NULL dereference. (this patch doesn't change indentation, to make
	   review easier. The next patch will change just the
	   indentation). ipdef is intended to point to the first IPv4 address
	   with DHCP info (or the first IPv4 address if none of them have any
	   dhcp info).

	2) networkStartDhcpDaemon() = if the loop looking for an ipdef with
	   DHCP info comes up empty, we then grab the first IPv4 def from the
	   list. Also, instead of returning if there are no IPv4 defs, we just
	   return if there are no IP defs at all (either v4 or v6). This way a
	   network that is IPv6-only will still get dnsmasq listening for DNS
	   queries.

	3) in networkStartNetworkDaemon() - we will startup dhcp not just if there
	   are any IPv4 addresses, but also if there are any IPv6 addresses.

2011-03-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use INT64_MAX in libvirt.h because it requires stdint.h
	VIR_DOMAIN_MEMORY_PARAM_UNLIMITED uses INT64_MAX but stdint.h
	was not and should not be included. Therefore, libvirt.h was
	not self-contained.

	Instead of including stdint.h specify the value directly.

2011-03-11  Philipp Hahn  <hahn@univention.de>

	libvirt-guest.init: handle domain name with spaces
	awk splits the line on consecutive spaces, which breaks getting the name
	of a domain whose name contains spaces. Use sed instead to strip the
	"Name:" prefix from the line

2011-03-11  Philipp Hahn  <hahn@univention.de>

	domain.rng vs. formatdomain.html#elementsUSB
	The Relax-NG schema for domains regarding <hostdev> doesn't match what's
	implemented in src/conf/domain_conf.c#virDomainHostdevDefFormat(): The
	implementation only requires @type, but the schema currently either
	required none or all three attributes (@mode, @type, and @managed) to be
	defined together, because they are declared in the same
	<optional)-section. (@managed is currently even undocumented on
	<http://libvirt.org/formatdomain.html#elementsUSB>).

	Thus the following minimal <hostdev>-example fails to validate:
	<domain type='test'>
	        <name>N</name>
	        <memory>4096</memory>
	        <bootloader>/bin/false</bootloader>
	        <os>
	                <type arch='x86_64' machine='xenpv'>linux</type>
	        </os>
	        <devices>
	                <hostdev type='pci'>
	                        <source>
	                                <address bus='0x06' slot='0x00' function='0x0'/>
	                        </source>
	                </hostdev>
	        </devices>
	</domain>

	The schema is changed to match the current implementation:
	1. @mode is optional (which defaults to 'subsystem')
	2. @type is required
	3. @managed is optional (which defaults to 'no')

	The documentation is updated to mention @managed.

2011-03-11  Eric Blake  <eblake@redhat.com>

	qemu: fix -global argument usage
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Pass two
	separate arguments, and fix indentation.

	docs: fix missing </p>
	* docs/formatdomain.html.in: Fix typo in last patch.
	Reported by Matthias Bolte.

2011-03-11  Philipp Hahn  <hahn@univention.de>

	Ignore backing file errors in FS storage pool
	Currently a single storage volume with a broken backing file will disable the
	whole storage pool. This can happen when the backing file is on some
	unavailable network storage or if the backing volume is deleted, while the
	storage volumes using it remain.
	Since the storage pool can not be re-activated, re-creating the missing
	or deleting the now useless volumes using libvirt only is not possible.

	Fixing this is a little bit tricky:
	1. virStorageBackendProbeTarget() only detects the missing backing file,
	   if the backing file format is not explicitly specified. If the
	   backing file is created using
		   kvm-img create -f qcow2 -o backing_fmt=qcow2,backing_file=... ...
	   no error is detected at this stage.
	   The new return code -3 signals that the backing file could not be
	   opened.
	2. The backingStore.format must be >= 0, since values < 0 would break
	   virStorageVolTargetDefFormat() when dumping the XML data such as
	       <format type='...'/>
	   Because of this the format is faked as VIR_STORAGE_FILE_RAW.
	3. virStorageBackendUpdateVolTargetInfo() always opens the backing file
	   and thus always detects a missing backing file.
	   Since it "only" updates the capacity, allocation, owner, group, mode
	   and SELinux label, just ignore errors at this stage, print an error
	   message and continue.
	4. Using vol-dump on a broken volume still doesn't work, but at least
	   vol-destroy and pool-refresh do work now.

	To reproduce:
	  dir=$(mktemp -d)
	  virsh pool-create-as tmp dir '' '' '' '' "$dir"
	  virsh vol-create-as --format qcow2 tmp back 1G
	  virsh vol-create-as --format qcow2 --backing-vol-format qcow2 --backing-vol back tmp cow 1G
	  virsh vol-delete --pool tmp back
	  virsh pool-refresh tmp
	After the last step, the pool will be gone (because it was not persistent). As
	long as the now broken image stays in the directory, you will not be able to
	re-create or re-start the pool.

2011-03-11  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	documenting the 802.1Qbg parameters of a 'direct' interface
	This patchs adds documentation about the 802.1Qbg related parameters
	of the virtualport element in a 'direct' interface definition.

2011-03-11  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	remote-protocol: implement new BlkioParameters API
	Remote protocol implementation of virDomainSetBlkioParameters and virDomainGetBlkioParameters.

	virsh: Adding blkiotune command to virsh tool
	Adding blkiotune command to virsh tool

	qemu: implement new BlkioParameters API
	Implement domainSetBlkioParameters and domainGetBlkioParameters for QEmu

	libvirt: implements virDomain{Get,Set}BlkioParameters
	Implements virDomainSetBlkioParameters and virDomainGetBlkioParameters and initialization

	libvirt: add virDomain{Get,Set}BlkioParameters
	Add virDomainSetBlkioParameters virDomainGetBlkioParameters

2011-03-10  Taku Izumi  <izumi.taku@jp.fujitsu.com>

	setmem: add the new options to "virsh setmem" command
	This patch adds the new options (--live and --config)  to "virsh setmem" command.
	The behavior of above options is the same as that of "virsh setvcpus" and so on.
	That is, when the --config option is specified, a modification is effective for
	the persistent domain. Moreover we can modify the memory size of inactive domains
	as well as that of active domains.

	setmem: implement the remote protocol to address the new API
	This patch implements the remote protocol to address the new API.

	setmem: implement the code to address the new API in the qemu driver
	This patch implements the code to address the new API
	in the qemu driver.

	setmem: introduce a new libvirt API (virDomainSetMemoryFlags)
	This patch introduces a new libvirt API (virDomainSetMemoryFlags) and
	a flag (virDomainMemoryModFlags).

2011-03-10  Guido Günther  <agx@sigxcpu.org>

	Make sure we reset the umask on the error path

2011-03-10  Eric Blake  <eblake@redhat.com>

	audit: audit use of /dev/net/tun, /dev/tapN, /dev/vhost-net
	Opening raw network devices with the intent of passing those fds to
	qemu is worth an audit point.  This makes a multi-part audit: first,
	we audit the device(s) that libvirt opens on behalf of the MAC address
	of a to-be-created interface (which can independently succeed or
	fail), then we audit whether qemu actually started the network device
	with the same MAC (so searching backwards for successful audits with
	the same MAC will show which fd(s) qemu is actually using).  Note that
	it is possible for the fd to be successfully opened but no attempt
	made to pass the fd to qemu (for example, because intermediate
	nwfilter operations failed) - no interface start audit will occur in
	that case; so the audit for a successful opened fd does not imply
	rights given to qemu unless there is a followup audit about the
	attempt to start a new interface.

	Likewise, when a network device is hot-unplugged, there is only one
	audit message about the MAC being discontinued; again, searching back
	to the earlier device open audits will show which fds that qemu quits
	using (and yes, I checked via /proc/<qemu-pid>/fd that qemu _does_
	close out the fds associated with an interface on hot-unplug).  The
	code would require much more refactoring to be able to definitively
	state which device(s) were discontinued at that point, since we
	currently don't record anywhere in the XML whether /dev/vhost-net was
	opened for a given interface.

	* src/qemu/qemu_audit.h (qemuAuditNetDevice): New prototype.
	* src/qemu/qemu_audit.c (qemuAuditNetDevice): New function.
	* src/qemu/qemu_command.h (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Adjust prototype.
	* src/qemu/qemu_command.c (qemuNetworkIfaceConnect)
	(qemuPhysIfaceConnect, qemuOpenVhostNet): Add audit points and
	adjust parameters.
	(qemuBuildCommandLine): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.

2011-03-10  Eric Blake  <eblake@redhat.com>

	qemu: don't request cgroup ACL access for /dev/net/tun
	Since libvirt always passes /dev/net/tun to qemu via fd, we should
	never trigger the cases where qemu tries to directly open the
	device.  Therefore, it is safer to deny the cgroup device ACL.

	* src/qemu/qemu_cgroup.c (defaultDeviceACL): Remove /dev/net/tun.
	* src/qemu/qemu.conf (cgroup_device_acl): Reflect this change.

2011-03-10  Eric Blake  <eblake@redhat.com>

	qemu: support vhost in attach-interface
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Honor vhost
	designations, similar to qemu_command code paths.
	* src/qemu/qemu_command.h (qemuOpenVhostNet): New prototype.
	* src/qemu/qemu_command.c (qemuOpenVhostNet): Export.

2011-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Stop guest CPUs before creating a snapshot

	qemu: Refactor qemuDomainSnapshotCreateXML

	qemu: Escape snapshot name passed to {save,load,del}vm

2011-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fallback to HMP for snapshot commands
	qemu driver in libvirt gained support for creating domain snapshots
	almost a year ago in libvirt 0.8.0. Since then we enabled QMP support
	for qemu >= 0.13.0 but QMP equivalents of {save,load,del}vm commands are
	not implemented in current qemu (0.14.0) so the domain snapshot support
	is not very useful.

	This patch detects when the appropriate QMP command is not implemented
	and tries to use human-monitor-command (aka HMP passthrough) to run
	it's HMP equivalent.

2011-03-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Rename qemuMonitorCommandWithHandler as qemuMonitorText*
	To make it more obvious that it is only used for text monitor. The
	naming also matches the style of qemuMonitorTextCommandWithFd.

	qemu: Rename qemuMonitorCommand{,WithFd} as qemuMonitorHMP*
	So that it's obvious that they are supposed to be used with HMP commands.

	qemu: Setup infrastructure for HMP passthrough
	JSON monitor command implementation can now just directly call text
	monitor implementation and it will be automatically encapsulated into
	QMP's human-monitor-command.

	qemu: Fix warnings in event handlers
	Some qemu monitor event handlers were issuing inadequate warning when
	virDomainSaveStatus() failed. They copied the message from I/O error
	handler without customizing it to provide better information on why
	virDomainSaveStatus() was called.

2011-03-10  Osier Yang  <jyang@redhat.com>

	storage: Update qemu-img flag checking
	For newer qemu-img, the help string for "backing file format" is
	"[-F backing_fmt]".

	Fix the wrong logic error by commit e997c268.

	* src/storage/storage_backend.c

2011-03-10  Osier Yang  <jyang@redhat.com>

	qemu: Replace deprecated option of qemu-img
	qemu-img silently disable "-e", so we can't use it for volume
	encryption anymore, change it into "-o encryption=on" if qemu
	supports "-o" option.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: also audit cgroup ACL permissions
	* src/qemu/qemu_audit.h (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add parameter.
	* src/qemu/qemu_audit.c (qemuAuditCgroupMajor)
	(qemuAuditCgroupPath): Add 'acl=rwm' to cgroup audit entries.
	* src/qemu/qemu_cgroup.c: Update clients.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Likewise.

2011-03-09  Eric Blake  <eblake@redhat.com>

	cgroup: allow fine-tuning of device ACL permissions
	Adding audit points showed that we were granting too much privilege
	to qemu; it should not need any mknod rights to recreate any
	devices.  On the other hand, lxc should have all device privileges.
	The solution is adding a flag parameter.

	This also lets us restrict write access to read-only disks.

	* src/util/cgroup.h (virCgroup*Device*): Adjust prototypes.
	* src/util/cgroup.c (virCgroupAllowDevice)
	(virCgroupAllowDeviceMajor, virCgroupAllowDevicePath)
	(virCgroupDenyDevice, virCgroupDenyDeviceMajor)
	(virCgroupDenyDevicePath): Add parameter.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients.
	* src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise.
	* src/qemu/qemu_cgroup.c: Likewise.
	(qemuSetupDiskPathAllow): Also, honor read-only disks.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: rename remaining qemu audit functions
	Also add ATTRIBUTE_NONNULL markers.

	* src/qemu/qemu_audit.h: The pattern qemuDomainXXXAudit is
	inconsistent; prefer qemuAuditXXX instead.
	* src/qemu/qemu_audit.c: Reflect the renames.
	* src/qemu/qemu_driver.c: Likewise.
	* src/qemu/qemu_hotplug.c: Likewise.
	* src/qemu/qemu_migration.c: Likewise.
	* src/qemu/qemu_process.c: Likewise.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: also audit cgroup controller path
	Although the cgroup device ACL controller path can be worked out
	by researching the code, it is more efficient to include that
	information directly in the audit message.

	* src/util/cgroup.h (virCgroupPathOfController): New prototype.
	* src/util/cgroup.c (virCgroupPathOfController): Export.
	* src/libvirt_private.syms: Likewise.
	* src/qemu/qemu_audit.c (qemuAuditCgroup): Use it.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: split cgroup audit types to allow more information
	Device names can be manipulated, so it is better to also log
	the major/minor device number corresponding to the cgroup ACL
	changes that libvirt made.  This required some refactoring
	of the relatively new qemu cgroup audit code.

	Also, qemuSetupChardevCgroup was only auditing on failure, not success.

	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): Delete.
	(qemuAuditCgroup, qemuAuditCgroupMajor, qemuAuditCgroupPath): New
	prototypes.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Rename...
	(qemuAuditCgroup): ...and drop a parameter.
	(qemuAuditCgroupMajor, qemuAuditCgroupPath): New functions, to
	allow listing device major/minor in audit.
	(qemuAuditGetRdev): New helper function.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Adjust callers.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupHostUsbDeviceCgroup, qemuSetupCgroup)
	(qemuTeardownDiskPathDeny): Likewise.
	(qemuSetupChardevCgroup): Likewise, fixing missing audit.

2011-03-09  Eric Blake  <eblake@redhat.com>

	audit: tweak audit messages to match conventions
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): Avoid use of
	"type", which has a pre-defined meaning.
	(qemuDomainCgroupAudit): Likewise, as well as "item".

2011-03-09  Eric Blake  <eblake@redhat.com>

	docs: silence warnings about generated API docs
	I noticed these while testing 'make dist'.

	Parsing ./../src/util/event.c
	Function comment for virEventRegisterDefaultImpl lacks description of return value
	Function comment for virEventRunDefaultImpl lacks description of return value
	Parsing ./../src/util/virterror.c
	Missing comment for function virSetErrorLogPriorityFunc

	* src/util/event.c (virEventRegisterDefaultImpl)
	(virEventRunDefaultImpl): Document return types.
	* src/util/virterror.c (virSetErrorLogPriorityFunc): Provide docs.

2011-03-09  Eric Blake  <eblake@redhat.com>

	docs: document <driver name='vhost'/> for interfaces
	* docs/formatdomain.html.in: Document virtio backend selection.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	Make sure the rundir is accessible by the user
	otherwise the user might not have enough permissions to access the
	socket if root's umask is 077.

	http://bugs.debian.org/614210

2011-03-09  Cole Robinson  <crobinso@redhat.com>

	Don't overwrite virRun error messages
	virRun gives pretty useful error output, let's not overwrite it unless there
	is a good reason. Some places were providing more information about what
	the commands were _attempting_ to do, however that's usually less useful from
	a debugging POV than what actually happened.

2011-03-09  Guido Günther  <agx@sigxcpu.org>

	libvirtd: Remove indirect linking
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange

	otherwise the build fails on current Debian unstable with:

	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_lxc.a(libvirt_driver_lxc_la-lxc_container.o): undefined reference to symbol 'capng_apply'
	/usr/bin/ld: note: 'capng_apply' is defined in DSO //usr/lib/libcap-ng.so.0 so try adding it to the linker command line

	CCLD   libvirtd
	/usr/bin/ld: ../src/.libs/libvirt_driver_storage.a(libvirt_driver_storage_la-storage_backend.o): undefined reference to symbol 'fgetfilecon'
	/usr/bin/ld: note: 'fgetfilecon' is defined in DSO //lib/libselinux.so.1 so try adding it to the linker command line
	//lib/libselinux.so.1: could not read symbols: Invalid operation

	and similar errors.

2011-03-09  Hu Tao  <hutao@cn.fujitsu.com>

	Fix a wrong error message thrown to user
	* src/qemu/qemu_driver.c: qemuDomainUpdateDeviceFlags() is not disk
	  specific as the message suggests

2011-03-09  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning on cygwin
	On cygwin:

	  CC       libvirt_driver_security_la-security_dac.lo
	security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
	security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]

	We've done this before (see src/util/util.c).

	* src/security/security_dac.c (virSecurityDACSetProcessLabel): On
	cygwin, uid_t is a 32-bit long.

2011-03-09  Eric Blake  <eblake@redhat.com>

	build: fix build on cygwin
	On cygwin:

	  CC        libvirt_util_la-cgroup.lo
	util/cgroup.c: In function 'virCgroupKillRecursiveInternal':
	util/cgroup.c:1458: warning: implicit declaration of function 'virCgroupNew' [-Wimplicit-function-declaration]

	* src/util/cgroup.c (virCgroupKill): Don't build on platforms
	where virCgroupNew is unsupported.

2011-03-09  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When building libvirt without libvirtd, I receive the following errors:
	make[1]: Leaving directory `/home/wency/source/test/libvirt/src'
	 (cd daemon && make  top_distdir=../libvirt-0.8.8 distdir=../libvirt-0.8.8/daemon \
	     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)
	make[1]: Entering directory `/home/wency/source/test/libvirt/daemon'
	make[1]: *** No rule to make target `libvirtd.8.in', needed by `distdir'.  Stop.

	This bug was caused by commit 6db98a2d.

2011-03-09  Eric Blake  <eblake@redhat.com>

	docs: correct range of default NAT subnet
	* docs/formatdomain.html.in: Fix typo.

2011-03-08  Guido Günther  <agx@sigxcpu.org>

	virsh: Remove indirect link against libxml2
	as described at
	http://wiki.debian.org/ToolChain/DSOLinking
	https://fedoraproject.org/wiki/UnderstandingDSOLinkChange

	otherwise the build fails on current Debian unstable with:

	CCLD   virsh
	/usr/bin/ld: virsh-virsh.o: undefined reference to symbol 'xmlSaveTree@@LIBXML2_2.6.8'
	/usr/bin/ld: note: 'xmlSaveTree@@LIBXML2_2.6.8' is defined in DSO //usr/lib/libxml2.so.2 so try adding it to the linker command line
	//usr/lib/libxml2.so.2: could not read symbols: Invalid operation

2011-03-08  Michal Privoznik  <mprivozn@redhat.com>

	virsh: Change option parsing functions to return tri-state information
	This is needed to detect situations when optional argument was
	specified with non-integer value: '--int-opt foo'. To keep functions
	uniform vshCommandOptString function was also changed, because it
	returns tri-state value as well. Given result pointer is updated only
	in case of success. If parsing fails, result is not updated at all.

	virsh: change vshCommandOptString return type and fix const-correctness
	This function should return pointer to const, because we don't want
	to change command option value. Therefore we can ensure const-correctness.

2011-03-08  Cole Robinson  <crobinso@redhat.com>

	docs/formatdomain: Add release info for disk <driver> attributes

2011-03-08  Daniel Veillard  <veillard@redhat.com>

	Fix build on cygwin
	Apparently some signals found on Unix are not exposed, this led
	to a compilation failure
	* src/util/logging.c: make code related to each signal dependant
	  upon the definition of that signal

2011-03-07  Wen Congyang  <wency@cn.fujitsu.com>

	support to detach USB disk

	rename qemuDomainDetachSCSIDiskDevice to qemuDomainDetachDiskDevice
	The way to detach a USB disk is the same as that to detach a SCSI
	disk. Rename this function and we can use it to detach a USB disk.

2011-03-07  Cole Robinson  <crobinso@redhat.com>

	qemu_hotplug: Reword error if spice password change not available
	Currently it sounds like spice is completely unsupported, which is
	confusing.

2011-03-07  Wen Congyang  <wency@cn.fujitsu.com>

	unlock eventLoop before calling callback function
	When I use newest libvirt to save a domain, libvirtd will be deadlock.
	Here is the output of gdb:
	(gdb) thread 3
	[Switching to thread 3 (Thread 0x7f972a1fc710 (LWP 30265))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	    at qemu/qemu_driver.c:2074
	    ret=0x7f972a1fbbe0) at remote.c:2273
	(gdb) thread 7
	[Switching to thread 7 (Thread 0x7f9730bcd710 (LWP 30261))]#0  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	(gdb) bt
	(gdb) p *(virMutexPtr)0x6fdd60
	$2 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30261, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\065v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) p *(virMutexPtr)0x1a63ac0
	$3 = {lock = {__data = {__lock = 2, __count = 0, __owner = 30265, __nusers = 1, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}},
	    __size = "\002\000\000\000\000\000\000\000\071v\000\000\001", '\000' <repeats 26 times>, __align = 2}}
	(gdb) info threads
	  7 Thread 0x7f9730bcd710 (LWP 30261)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  6 Thread 0x7f972bfff710 (LWP 30262)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  5 Thread 0x7f972b5fe710 (LWP 30263)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  4 Thread 0x7f972abfd710 (LWP 30264)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	* 3 Thread 0x7f972a1fc710 (LWP 30265)  0x000000351fe0e034 in __lll_lock_wait () from /lib64/libpthread.so.0
	  2 Thread 0x7f97297fb710 (LWP 30266)  0x000000351fe0b43c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
	  1 Thread 0x7f9737aac800 (LWP 30260)  0x000000351fe0803d in pthread_join () from /lib64/libpthread.so.0

	The reason is that we will try to lock some object in callback function, and we may call event API with locking the same object.
	In the function virEventDispatchHandles(), we unlock eventLoop before calling callback function. I think we should
	do the same thing in the function virEventCleanupTimeouts() and virEventCleanupHandles().

2011-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Expose event loop implementation as a public API
	Not all applications have an existing event loop they need
	to integrate with. Forcing them to implement the libvirt
	event loop integration APIs is an undue burden. This just
	exposes our simple poll() based implementation for apps
	to use. So instead of calling

	   virEventRegister(....callbacks...)

	The app would call

	   virEventRegisterDefaultImpl()

	And then have a thread somewhere calling

	    static bool quit = false;
	    ....
	    while (!quit)
	      virEventRunDefaultImpl()

	* daemon/libvirtd.c, tools/console.c,
	  tools/virsh.c: Convert to public event loop APIs
	* include/libvirt/libvirt.h.in, src/libvirt_private.syms: Add
	  virEventRegisterDefaultImpl and virEventRunDefaultImpl
	* src/util/event.c: Implement virEventRegisterDefaultImpl
	  and virEventRunDefaultImpl using poll() event loop
	* src/util/event_poll.c: Add full error reporting
	* src/util/virterror.c, include/libvirt/virterror.h: Add
	  VIR_FROM_EVENTS

2011-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Move event code out of the daemon/ into src/util/
	The event loop implementation is used by more than just the
	daemon, so move it into the shared area.

	* daemon/event.c, src/util/event_poll.c: Renamed
	* daemon/event.h, src/util/event_poll.h: Renamed
	* tools/Makefile.am, tools/console.c, tools/virsh.c: Update
	  to use new virEventPoll APIs
	* daemon/mdns.c, daemon/mdns.c, daemon/Makefile.am: Update
	  to use new virEventPoll APIs

2011-03-07  Daniel P. Berrange  <berrange@redhat.com>

	Convert daemon/virsh over to use primary event APIs, rather than impl
	The daemon code calls virEventAddHandleImpl directly instead
	of calling the wrapper virEventAddHandle.

	* tools/console.c, daemon/libvirtd.c, daemon/mdns.c: Convert to
	  use primary event APIs

2011-03-07  Daniel Veillard  <veillard@redhat.com>

	Cleaning up some of the logging code
	* src/util/logging.c: fix virLogDumpAllFD() to avoid snprintf, simplify
	  the code and provide more useful signal descriptions. Also remove an
	  unused variable.

2011-03-06  Osier Yang  <jyang@redhat.com>

	qemu: Support vram for video of qxl type
	For qemu names the primary vga as "qxl-vga":

	  1) if vram is specified for 2nd qxl device:

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE,...

	  2) if vram is not specified for 2nd qxl device, (use the default
	     set by global):

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...

	For qemu names all qxl devices as "qxl":

	  1) if vram is specified for 2nd qxl device:

	    -vga qxl -global qxl.vram_size=$SIZE \
	    -device qxl,id=video1,vram_size=$SIZE ...

	  2) if vram is not specified for 2nd qxl device:

	    -vga qxl -global qxl-vga.vram_size=$SIZE \
	    -device qxl,id=video1,...

	"-global" is the only way to define vram_size for the primary qxl
	device, regardless of how qemu names it, (It's not good a good
	way, as original idea of "-global" is to set a global default for
	a driver property, but to specify vram for first qxl device, we
	have to use it).

	For other qxl devices, as they are represented by "-device", could
	specify it directly and seperately for each, and it overrides the
	default set by "-global" if specified.

	v1 - v2:
	  * modify "virDomainVideoDefaultRAM" so that it returns 16M as the
	    default vram_size for qxl device.

	  * vram_size * 1024 (qemu accepts bytes for vram_size).

	  * apply default vram_size for qxl device for which vram_size is
	    not specified.

	  * modify "graphics-spice" tests (more sensiable vram_size)

	  * Add an argument of virDomainDefPtr type for qemuBuildVideoDevStr,
	    to use virDomainVideoDefaultRAM in qemuBuildVideoDevStr).

	v2 - v3:
	  * Modify default video memory size for qxl device from 16M to 24M

	  * Update codes to be consistent with changes on qemu_capabilities.*

2011-03-04  Phil Petty  <phpetty@cisco.com>

	fixes for several memory leaks

2011-03-04  Daniel Veillard  <veillard@redhat.com>

	Dump the debug buffer to libvirtd.log on fatal signal
	In case of imminent crash or upon request (signal USR2),
	dump the logging buffer to the libvirtd.log file for
	post-mortem analysis
	* daemon/libvirtd.c: create a sig_fatal() handler connected to
	  SIGFPE SIGSEGV SIGILL SIGABRT SIGBUS and SIGUSR2, just dumping
	  the log buffer using virLogEmergencyDumpAll

	Add an an internal API for emergency dump of debug buffer
	virLogEmergencyDumpAll() allows to dump the content of the
	debug buffer from within a signal handler. It saves to all
	log file or stderr if none is found
	* src/util/logging.h src/util/logging.c: add the new API
	  and cleanup the old virLogDump code
	* src/libvirt_private.syms: exports it as a private symbol

	Fix a counter bug in the log buffer
	* src/util/logging.c: the start pointer need to wrap around too

	Add logrotate support for libvirtd.log
	As the file may grow quite a bit especially with debug turned on.
	* daemon/libvirtd.logrotate.in daemon/Makefile.am libvirt.spec.in:
	  add new logrotate file for the daemon log

	Change default log policy to libvirtd.log instead of syslog
	Syslog is not the best place to go search for libvirt error
	logs, change it to a default file output libvirtd.log, but
	still keep standard error if not run as a daemon.
	Depending on whether it's run as root or user, the log is saved
	in the local state dir or in $HOME/.libvirt.
	* daemon/libvirtd.c: change default logging to go to libvirtd.log

	Force all logs to go to the round robbin memory buffer
	Initially only the log actually written out by libvirt were
	saved on the memory buffer, this patch forces all informations
	including info and debug to be saved in memory too. This is
	useful to get full data in case of crash.

2011-03-04  Laine Stump  <laine@laine.org>

	qemu: avoid corruption of domain hashtable and misuse of freed domains
	This was also found while investigating

	   https://bugzilla.redhat.com/show_bug.cgi?id=670848

	An EOF on a domain's monitor socket results in an event being queued
	to handle the EOF. The handler calls qemuProcessHandleMonitorEOF. If
	it is a transient domain, this leads to a call to
	virDomainRemoveInactive, which removes the domain from the driver's
	hashtable and unref's it. Nowhere in this code is the qemu driver lock
	acquired.

	However, all modifications to the driver's domain hashtable *must* be
	done while holding the driver lock, otherwise the hashtable can become
	corrupt, and (even more likely) another thread could call a different
	hashtable function and acquire a pointer to the domain that is in the
	process of being destroyed.

	To prevent such a disaster, qemuProcessHandleMonitorEOF must get the
	qemu driver lock *before* it gets the DomainObj's lock, and hold it
	until it is finished with the DomainObj. This guarantees that nobody
	else modifies the hashtable at the same time, and that anyone who had
	already gotten the DomainObj from the hashtable prior to this call has
	finished with it before we remove/destroy it.

2011-03-04  Laine Stump  <laine@laine.org>

	qemu: Add missing lock of virDomainObj before calling virDomainUnref
	This was found while researching the root cause of:

	https://bugzilla.redhat.com/show_bug.cgi?id=670848

	virDomainUnref should only be called with the lock held for the
	virDomainObj in question. However, when a transient qemu domain gets
	EOF on its monitor socket, it queues an event which frees the monitor,
	which unref's the virDomainObj without first locking it. If another
	thread has already locked the virDomainObj, the modification of the
	refcount could potentially be corrupted. In an extreme case, it could
	also be potentially unlocked by virDomainObjFree, thus left open to
	modification by anyone else who would have otherwise waited for the
	lock (not to mention the fact that they would be accessing freed
	data!).

	The solution is to have qemuMonitorFree lock the domain object right
	before unrefing it. Since the caller to qemuMonitorFree doesn't expect
	this lock to be held, if the refcount doesn't go all the way to 0,
	qemuMonitorFree must unlock it after the unref.

2011-03-04  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	AUTHORS: adjust to preferred spelling
	maybe sounds strange but I've used this signature for years.
	see http://en.wikipedia.org/wiki/Family_name

2011-03-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Escape password for XML
	Passwords are allowed to contain <, >, &, ', " characters.
	Those need to be replaced by the corresponding entities.

	Reported by Hereward Cooper.

2011-03-03  Eric Blake  <eblake@redhat.com>

	util: correct retry path in virFileOperation
	In virFileOperation, the parent does a fallback to a non-fork
	attempt if it detects that the child returned EACCES.  However,
	the child was calling _exit(-EACCES), which does _not_ appear
	as EACCES in the parent.

	* src/util/util.c (virFileOperation): Correctly pass EACCES from
	child to parent.

2011-03-03  Soren Hansen  <soren@linux2go.dk>

	Pass virSecurityManagerPtr to virSecurityDAC{Set, Restore}ChardevCallback
	virSecurityDAC{Set,Restore}ChardevCallback expect virSecurityManagerPtr,
	but are passed virDomainObjPtr instead. This makes
	virSecurityDACSetChardevLabel set a wrong uid/gid on chardevs. This
	patch fixes this behaviour.

2011-03-03  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for syntax-check improvement.
	* .x-sc_prohibit_empty_lines_at_EOF: Add more exemptions.

	maint: avoid long lines in more tests
	* tests/xml2sexprdata/*.sexpr: Add backslash-newlines.
	* tests/sexpr2xmldata/*.sexpr: Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-disk-aio.args: Likewise.

2011-03-03  Jiri Denemark  <jdenemar@redhat.com>

	util: Allow removing hash entries in virHashForEach
	This fixes a possible crash of libvirtd during its startup. When qemu
	driver reconnects to running domains, it iterates over all domain
	objects in a hash. When reconnecting to an associated qemu monitor
	fails and the domain is transient, it's immediately removed from the
	hash. Despite the fact that it's explicitly forbidden to do so. If
	libvirtd is lucky enough, virHashForEach will access random memory when
	the callback finishes and the deamon will crash.

	Since it's trivial to fix virHashForEach to allow removal of hash
	entries while iterating through them, I went this way instead of fixing
	qemuReconnectDomain callback (and possibly others) to avoid deleting the
	entries.

2011-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Attempt to improve an error message
	Replace the 'Unknown failure' error message with something a
	little bit more descriptive.

	* src/util/virterror.c: Improve error message

2011-03-02  Eric Blake  <eblake@redhat.com>

	qemu: avoid double close on domain restore
	qemudDomainSaveImageStartVM was evil - it closed the incoming fd
	argument on some, but not all, code paths, without informing the
	caller about that action.  No wonder that this resulted in
	double-closes: https://bugzilla.redhat.com/show_bug.cgi?id=672725

	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Alter
	signature, to avoid double-close.
	(qemudDomainRestore, qemudDomainObjRestore): Update callers.

2011-03-02  Daniel P. Berrange  <berrange@redhat.com>

	add additional event debug points
	Followup to commit 2222bd24

2011-02-28  Eric Blake  <eblake@redhat.com>

	qemu: only request sound cgroup ACL when required
	When a SPICE or VNC graphics controller is present, and sound is
	piggybacked over a channel to the graphics device rather than
	directly accessing host hardware, then there is no need to grant
	host hardware access to that qemu process.

	* src/qemu/qemu_cgroup.c (qemuSetupCgroup): Prevent sound with
	spice, and with vnc when vnc_allow_host_audio is 0.
	Reported by Daniel Berrange.

2011-02-28  Daniel P. Berrange  <berrange@redhat.com>

	Add check for kill() to fix build of cgroups on win32
	The kill() function doesn't exist on Win32, so it needs to be
	checked for at build time & code disabled in cgroups

	* configure.ac: Check for kill()
	* src/util/cgroup.c: Stub out virCGroupKill* functions
	  when kill() isn't available

2011-02-25  Michal Novotny  <minovotn@redhat.com>

	Add support for multiple serial ports into the Xen driver
	this is the patch to add support for multiple serial ports to the
	libvirt Xen driver. It support both old style (serial = "pty") and
	new style (serial = [ "/dev/ttyS0", "/dev/ttyS1" ]) definition and
	tests for xml2sexpr, sexpr2xml and xmconfig have been added as well.

	Written and tested on RHEL-5 Xen dom0 and working as designed but
	the Xen version have to have patch for RHBZ #614004 but this patch
	is for upstream version of libvirt.

	Also, this patch is addressing issue described in RHBZ #670789.

2011-02-25  Michal Novotny  <minovotn@redhat.com>

	Fix port value parsing for serial and parallel ports
	this is the patch to fix the virDomainChrDefParseTargetXML() functionality
	to parse the target port from XML if available. This is necessary for
	multiple serial port support which is the second part of this patch.

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for killing off processes inside a cgroup
	The virCgroupKill method kills all PIDs found in a cgroup

	The virCgroupKillRecursively method does this recursively
	for child cgroups.

	The virCgroupKillPainfully method does a recursive kill
	several times in a row until everything has really died

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Allow hash tables to use generic pointers as keys
	Relax the restriction that the hash table key must be a string
	by allowing an arbitrary hash code generator + comparison func
	to be provided

	* util/hash.c, util/hash.h: Allow any pointer as a key
	* internal.h: Include stdbool.h as standard.
	* conf/domain_conf.c, conf/domain_conf.c,
	  conf/nwfilter_params.c, nwfilter/nwfilter_gentech_driver.c,
	  nwfilter/nwfilter_gentech_driver.h, nwfilter/nwfilter_learnipaddr.c,
	  qemu/qemu_command.c, qemu/qemu_driver.c,
	  qemu/qemu_process.c, uml/uml_driver.c,
	  xen/xm_internal.c: s/char */void */ in hash callbacks

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Remove deallocator parameter from hash functions
	Since the deallocator is passed into the constructor of
	a hash table it is not desirable to pass it into each
	function again. Remove it from all functions, but provide
	a virHashSteal to allow a item to be removed from a hash
	table without deleteing it.

	* src/util/hash.c, src/util/hash.h: Remove deallocator
	  param from all functions. Add virHashSteal
	* src/libvirt_private.syms: Add virHashSteal
	* src/conf/domain_conf.c, src/conf/nwfilter_params.c,
	  src/nwfilter/nwfilter_learnipaddr.c,
	  src/qemu/qemu_command.c, src/xen/xm_internal.c: Update
	  for changed hash API

2011-02-25  Daniel P. Berrange  <berrange@redhat.com>

	Make commandtest more robust wrt its execution environment
	When executed from cron, commandtest would fail to correctly
	identify daemon processes. Set session ID and process group
	IDs at startup to ensure we have a consistent environment to
	run in.

	* tests/commandtest.c: Call setsid() and setpgid()

2011-02-24  Philipp Hahn  <hahn@univention.de>

	Fix spelling mistake: seek
	Replace wrong "set" by correct "seek" in error message.

2011-02-24  Eric Blake  <eblake@redhat.com>

	audit: audit qemu pci and usb device passthrough
	* src/qemu/qemu_audit.h (qemuDomainHostdevAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainHostdevAudit): New function.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostPciDevice)
	(qemuDomainAttachHostUsbDevice, qemuDomainDetachHostPciDevice)
	(qemuDomainDetachHostUsbDevice): Likewise.

	audit: audit qemu memory and vcpu adjusments
	* src/qemu/qemu_audit.h (qemuDomainMemoryAudit)
	(qemuDomainVcpuAudit): New prototypes.
	* src/qemu/qemu_audit.c (qemuDomainResourceAudit)
	(qemuDomainMemoryAudit, qemuDomainVcpuAudit): New functions.
	(qemuDomainStartAudit): Call as appropriate.
	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainHotplugVcpus): Likewise.

	audit: add qemu hooks for auditing cgroup events
	* src/qemu/qemu_audit.h (qemuDomainCgroupAudit): New prototype.
	* src/qemu/qemu_audit.c (qemuDomainCgroupAudit): Implement it.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Add audit.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

	audit: prepare qemu for listing vm in cgroup audits
	* src/qemu/qemu_cgroup.h (struct qemuCgroupData): New helper type.
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Drop unneeded prototypes.
	(qemuSetupDiskCgroup, qemuTeardownDiskCgroup): Adjust prototype.
	* src/qemu/qemu_cgroup.c
	(qemuSetupDiskPathAllow, qemuSetupChardevCgroup)
	(qemuTeardownDiskPathDeny): Mark static and use new type.
	(qemuSetupHostUsbDeviceCgroup): Use new type.
	(qemuSetupDiskCgroup): Alter signature.
	(qemuSetupCgroup): Adjust caller.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.

	cgroup: determine when skipping non-devices
	* src/util/cgroup.c (virCgroupAllowDevicePath)
	(virCgroupDenyDevicePath): Don't fail with EINVAL for
	non-devices.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update caller.
	* src/qemu/qemu_cgroup.c (qemuSetupDiskPathAllow)
	(qemuSetupChardevCgroup, qemuSetupHostUsbDeviceCgroup)
	(qemuSetupCgroup, qemuTeardownDiskPathDeny): Likewise.

2011-02-24  Eric Blake  <eblake@redhat.com>

	virExec: avoid uninitialized memory usage
	valgrind warns:

	==21079== Syscall param rt_sigaction(act->sa_mask) points to uninitialised byte(s)
	==21079==    at 0x329840F63E: __libc_sigaction (sigaction.c:67)
	==21079==    by 0x4E5A8E7: __virExec (util.c:661)

	Regression introduced in commit ab07533e.  Technically, sa_mask
	shouldn't affect operation if sa_flags selects sa_handler, and
	sa_handler selects SIG_IGN, but better safe than sorry.

	* src/util/util.c (__virExec): Supply missing sigemptyset.

2011-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Allow 32-on-64 execution for LXC guests
	Using the 'personality(2)' system call, we can make a container
	on an x86_64 host appear to be i686. Likewise for most other
	Linux 64bit arches.

	* src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts
	* src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to
	  check if an arch has a 32bit alternative
	* src/lxc/lxc_controller.c: Set the process personality when
	  starting guest

2011-02-24  Daniel P. Berrange  <berrange@redhat.com>

	Put <stdbool.h> into internal.h so it is available everywhere
	Remove the <stdbool.h> header from all source files / headers
	and just put it into internal.h

	* src/internal.h: Add <stdbool.h>

2011-02-24  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Switch over command line capabilities to virBitmap
	This is done for two reasons:
	- we are getting very close to 64 flags which is the maximum we can use
	  with unsigned long long
	- by using LL constants in enum we already violates C99 constraint that
	  enum values have to fit into int

	qemu: Rename qemud\?CmdFlags to qemuCaps
	The new name complies more with the fact that it contains a set of
	qemuCapsFlags.

	qemu: Use helper functions for handling cmd line capabilities
	Three new functions (qemuCapsSet, qemuCapsClear, and qemuCapsGet) were
	introduced replacing direct bit operations.

	qemu: Rename QEMUD_CMD_FLAG_* to QEMU_CAPS_*
	The new names comply more with the fact that they are all members of
	enum qemuCapsFlags.

	util: Add API for converting virBitmap into printable string

	util: Use unsigned long as a base type for virBitmap

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Expose name + UUID to LXC containers via env variables
	When spawning 'init' in the container, set

	  LIBVIRT_LXC_UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
	  LIBVIRT_LXC_NAME=YYYYYYYYYYYY

	to allow guest software to detect & identify that they
	are in a container

	* src/lxc/lxc_container.c: Set LIBVIRT_LXC_UUID and
	  LIBVIRT_LXC_NAME env vars

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix discard of expected errors
	In a couple of commands virsh catches & ignores errors, but fails
	to reset last_error. Thus the error is ignored, but still reported
	to the user.

	* tools/virsh.c: Reset last_error if ignoring an error

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in virFileAbsPath.
	The virFileAbsPath was not taking into account the '/' directory
	separator when allocating memory for combining cwd + path. Convert
	to use virAsprintf to avoid this type of bug completely.

	* src/util/util.c: Convert virFileAbsPath to use virAsprintf

2011-02-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix group/mode for /dev/pts inside LXC container
	Normal practice for /dev/pts is to have it mode=620,gid=5
	but LXC was leaving mode=000,gid=0 preventing unprivilegd
	users in the guest use of PTYs

	* src/lxc/lxc_controller.c: Fix /dev/pts setup

2011-02-22  Eric Blake  <eblake@redhat.com>

	security: avoid memory leak
	Leak introduced in commit d6623003.

	* src/qemu/qemu_driver.c (qemuSecurityInit): Avoid leak on failure.
	* src/security/security_stack.c (virSecurityStackClose): Avoid
	leaking component drivers.

2011-02-22  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Delay IFF_UP'ing interface until migration final stage
	Current code does an IFF_UP on a 8021Qbh interface immediately after a port
	profile set. This is ok in most cases except when its the migration prepare
	stage. During migration we want to postpone IFF_UP'ing the interface on the
	destination host until the source host has disassociated the interface.
	This patch moves IFF_UP of the interface to the final stage of migration.
	The motivation for this change is to postpone any addr registrations on the
	destination host until the source host has done the addr deregistrations.

	While at it, for symmetry with associate move ifDown of a 8021Qbh interface
	to before disassociate

2011-02-22  Osier Yang  <jyang@redhat.com>

	storage: make debug log more useful
	"__func__" is useless there, as VIR_DEBUG will print the function
	name.

	* src/storage/storage_backend_mpath.c

2011-02-22  Osier Yang  <jyang@redhat.com>

	virsh: replace vshPrint with vshPrintExtra for snapshot list Otherwise extra information will be printed even if "--quiet" is specified.
	* tools/virsh.c

2011-02-21  Wen Congyang  <wency@cn.fujitsu.com>

	check device-mapper when building with mpath or disk storage driver
	Currently, we need virIsDevMapperDevice() when we build libvirt with
	disk or mpath storage drivers.  So we should check device-mapper-devel
	when we build with disk storage driver but without mpath storage
	driver.

2011-02-21  Eric Blake  <eblake@redhat.com>

	build: add dependency on gnutls-utils
	* libvirt.spec.in (Requires): Add gnutls-utils, for virt-pki-validate.
	Suggested by Daniel P. Berrange.

2011-02-21  Markus Groß  <gross@univention.de>

	Renamed functions in xenxs

	Moved XM formatting functions to xenxs

	Moved XM parsing functions to xenxs

	Moved SEXPR formatting functions to xenxs

	Moved SEXPR parsing functions to xenxs

	Moved some SEXPR functions from xen-unified

	Moved SEXPR unit to utils

2011-02-21  Wen Congyang  <wency@cn.fujitsu.com>

	protect the scsi controller to be deleted when it is in use
	Steps to reproduce this bug:
	1. virsh attach-disk domain --source imagefile --target sdb --sourcetype file --driver qemu --subdriver raw
	2. virsh detach-device controller.xml # remove scsi controller 0
	3. virsh detach-disk domain sdb
	   error: Failed to detach disk
	   error: operation failed: detaching scsi0-0-1 device failed: Device 'scsi0-0-1' not found

	I think we should not detach a controller when it is used by some other device.

2011-02-21  Eric Blake  <eblake@redhat.com>

	maint: fix grammar in error message
	* python/tests/create.py: Use correct wording.

2011-02-21  Dan Kenigsberg  <danken@redhat.com>

	virt-*-validate.in: quote all variable references
	Alas, the shell is not a real programming language.

	Patch generated by manual confirmation of vim's
	s/[^"]\@<=\$\S\+\s\@=/"&"/gc
	and
	s/\(echo \)\@<=[^"].*\$.*$/"&"/c matches.

	This patch generate a lot of noise and carries little benefits, as
	I do not really expect $PKI to contain spaces or backticks. I'm just
	fuming, and would not really mind if this patch is ignored

2011-02-21  Dan Kenigsberg  <danken@redhat.com>

	virt-pki-validate: behave when CERTTOOL is missing

2011-02-21  Eric Blake  <eblake@redhat.com>

	autobuild.sh: use VPATH build
	Try to avoid future regressions on the VPATH front.

	* autobuild.sh: Uncomment VPATH use.
	* .gitignore: Exclude build directory.

2011-02-21  Eric Blake  <eblake@redhat.com>

	maint: fix 'make dist' in VPATH build
	A diff of 'make dist' from in-tree vs. a VPATH build showed
	that we were missing docs/api_extension/*.patch files, but
	shipping other files that we didn't need.

	* bootstrap.conf (gnulib_extra_files): Don't distribute files we
	don't care about.
	* docs/Makefile.am (patches): Perform wildcard correctly.

2011-02-21  Eric Blake  <eblake@redhat.com>

	build: don't require pod2man for tarball builds
	Right now, 'man libvirtd' includes information that depends on
	configure results, so it must be generated on the fly and live
	in $(builddir); however, requiring pod2man on all end user
	machines is overkill.  Meanwhile, 'man virsh' doesn't mention
	any configure results, so it can be built at 'make dist' time.
	If that situation changes in the future, we can generate virsh.1
	in the same way that we generate libvirtd.8.

	* daemon/Makefile.am (libvirtd.8.in): New rule, to run pod2man in
	advance of distribution.
	(libvirtd.8): Use only sed from tarball.
	(EXTRA_DIST): Ship new file.
	(libvirtd.pod): Delete unused rule.
	(man8_MANS): Let automake know which section to use.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new files.
	* tools/Makefile.am (dist_man1_MANS): Distribute pre-built man
	pages, fine since they don't require any substitution.
	(virt-xml-validate.1, virt-pki-validate.1): Change input source.
	(virsh.1): Build into srcdir.
	(CLEANFILES, MAINTAINERCLEANFILES): Adjust to new build style.
	* daemon/.gitignore: Update.
	Reported by Diego Elio Pettenò.

2011-02-21  Eric Blake  <eblake@redhat.com>

	maint: kill all remaining uses of old DEBUG macro
	Done mechanically with:
	$ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'

	followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
	with a single 'make syntax-check' fallout in the same file, and the
	actual deletion in src/util/logging.h.

	* src/util/logging.h (DEBUG, DEBUG0): Delete.
	* daemon/libvirtd.h (qemudDebug): Likewise.
	* global: Change remaining clients over to VIR_DEBUG counterpart.

2011-02-21  Eric Blake  <eblake@redhat.com>

	hash: make virHashFree more free-like
	Two-argument free functions are uncommon; match the style elsewhere
	by caching the callback at creation.

	* src/util/hash.h (virHashCreate, virHashFree): Move deallocator
	argument to creation.
	* cfg.mk (useless_free_options): Add virHashFree.
	* src/util/hash.c (_virHashTable): Track deallocator.
	(virHashCreate, virHashFree): Update to new signature.
	* src/conf/domain_conf.c (virDomainObjListDeinit)
	(virDomainObjListInit, virDomainDiskDefForeachPath)
	(virDomainSnapshotObjListDeinit, virDomainSnapshotObjListInit):
	Update callers.
	* src/conf/nwfilter_params.c (virNWFilterHashTableFree)
	(virNWFilterHashTableCreate): Likewise.
	* src/conf/nwfilter_conf.c (virNWFilterTriggerVMFilterRebuild):
	Likewise.
	* src/cpu/cpu_generic.c (genericHashFeatures, genericBaseline):
	Likewise.
	* src/xen/xm_internal.c (xenXMOpen, xenXMClose): Likewise.
	* src/nwfilter/nwfilter_learnipaddr.c (virNWFilterLearnInit)
	(virNWFilterLearnShutdown): Likewise.
	* src/qemu/qemu_command.c (qemuDomainPCIAddressSetCreate)
	(qemuDomainPCIAddressSetFree): Likewise.
	* src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.

2011-02-21  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix API docs generation in VPATH build
	XSLT allows for two ways of generating the output of transformation.
	Either implicit, which xsltproc prints to stdout and can be redirected
	to a file using -o file. Or explicit, which means the stylesheet
	contains <xsl:document> element which specifies where the output should
	be saved. This can be used for generating more files by a single run of
	xsltproc and -o directory/ can change the directory where the output
	files will be stored.

	devhelp.xsl is special in that it combines both options in one
	stylesheet, which doesn't work well with -o:

	xsltproc --nonet -o ./devhelp/ ./devhelp/devhelp.xsl ./libvirt-api.xml

	Outputs 4 *.html files into ./devhelp but then tries to write to
	./devhelp/ as a file (hence the I/O error) rather than writing output to
	the fifth file devhelp/libvirt.devhelp.

	This patch modifies devhelp.xsl so that all files are generated using
	<xsl:document> element and -o directory/ can be used to override output
	directory where those files are saved.

2011-02-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove all object hashtable caches from virConnectPtr
	The virConnectPtr struct will cache instances of all other
	objects. APIs like virDomainLookupByUUID will return a
	cached object, so if you do virDomainLookupByUUID twice in
	a row, you'll get the same exact virDomainPtr instance.

	This does not have any performance benefit, since the actual
	logic in virDomainLookupByUUID (and other APIs returning
	virDomainPtr, etc instances) is not short-circuited. All
	it does is to ensure there is only one single virDomainPtr
	in existance for any given UUID.

	The caching has a number of downsides though, all relating
	to stale data. If APIs aren't careful to always overwrite
	the 'id' field in virDomainPtr it may become out of data.
	Likewise for the name field, if a guest is renamed, or if
	a guest is deleted, and then a new one created with the
	same UUID but different name.

	This has been an ongoing, endless source of bugs for all
	applications using libvirt from languages with garbage
	collection, causing them to get virDomainPtr instances
	from long ago with stale data.

	The caching is also a waste of memory resources, since
	both applications, and language bindings often maintain
	their own hashtable caches of object instances.

	This patch removes all the hash table caching, so all
	APIs return brand new virDomainPtr (etc) object instances.

	* src/datatypes.h: Delete all hash tables.
	* src/datatypes.c: Remove all object caching code

2011-02-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable rejection of packets
	This patch adds the possibility to not just drop packets, but to also have them rejected where iptables at least sends an ICMP msg back to the originator. On ebtables this again maps into dropping packets since rejecting is not supported.

	I am adding 'since 0.8.9' to the docs assuming this will be the next version of libvirt.

2011-02-18  Guido Günther  <agx@sigxcpu.org>

	Drop empty argument from dnsmasq call
	since dnsmasq >= 2.56 now bails out with empty arguments. See
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613944
	for the Debian bug and
	    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589885
	for the upstream reasoning.

2011-02-18  Eric Blake  <eblake@redhat.com>

	build: fix broken mingw cross-compilation
	Two regressions:
	Commit df1011ca broke builds for systems that lack devmapper
	(non-Linux, as well as Linux with ./autogen.sh --without-libvirtd
	and without the libraries present).
	Commit ce6fd650 broke cross-compilation, due to a gnulib bug.

	* .gnulib: Update to latest, for cross-compilation fix.
	* src/util/util.c (virIsDevMapperDevice): Provide stub for
	platforms not using storage driver.
	* configure.ac (devmapper): Arrange to define HAVE_LIBDEVMAPPER_H.
	devmapper issue reported by Wen Congyang.

2011-02-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Ignore malformed host UUID from BIOS
	Etienne Gosset reported that libvirt fails to connect to his ESX
	server because it failed to parse its malformed host UUID, that
	contains an additional space and lacks one hexdigit in the last
	group:

	xxxxxxxx-xxxx-xxxx-xxxx- xxxxxxxxxxx

	Don't treat this as a fatal error, just ignore it.

2011-02-18  Michal Privoznik  <mprivozn@redhat.com>

	virsh: freecell --all getting wrong NUMA nodes count
	Virsh freecell --all was not only getting wrong NUMA nodes count, but
	even the NUMA nodes IDs. They doesn't have to be continuous, as I've
	found out during testing this. Therefore a modification of
	nodeGetCellsFreeMemory() error message.

2011-02-18  Eric Blake  <eblake@redhat.com>

	build: speed up non-maintainer builds
	* configure.ac (gl_ASSERT_NO_GNULIB_POSIXCHECK): Use to reduce
	time spent in configure.

2011-02-18  Eric Blake  <eblake@redhat.com>

	build: recompute symbols after changing configure options
	$ ./configure
	...
	$ make
	...
	  GEN    libvirt.syms
	...
	$ ./configure --with-driver-modules
	...
	$ make
	...

	libvirt.syms doesn't get regenerated but it should as it should
	contain virDriverLoadModule now.

	* src/Makefile.am (libvirt.syms): Depend on configure changes.
	Reported by Matthias Bolte.

2011-02-18  Jiri Denemark  <jdenemar@redhat.com>

	maint: Expand tabs in python code
	Also cfg.mk is tweaked to force this for all future changes to *.py
	files.

2011-02-18  Osier Yang  <jyang@redhat.com>

	Requires gettext for client package
	libvirt-guests invokes functions in gettext.sh, so we need to
	require gettext package in spec file.

	Demo with the fix:
	% rpm -q gettext
	package gettext is not installed

	% rpm -ivh libvirt-client-0.8.8-1.fc14.x86_64.rpm
	error: Failed dependencies:
		gettext is needed by libvirt-client-0.8.8-1.fc14.x86_64

	* libvirt.spec.in

2011-02-18  Jim Fehlig  <jfehlig@novell.com>

	Do not add drive 'boot=on' param when a kernel is specified
	libvirt-tck was failing several domain tests [1] with qemu 0.14, which
	is now less tolerable of specifying 2 bootroms with the same boot index [2].

	Drop the 'boot=on' param if kernel has been specfied.

	[1] https://www.redhat.com/archives/libvir-list/2011-February/msg00559.html
	[2] http://lists.nongnu.org/archive/html/qemu-devel/2011-02/msg01892.html

2011-02-18  Christophe Fergeau  <teuf@gnome.org>

	remove duplicated call to reportOOMError

	remove space between function name and (
	There were several occurrences of an extra space inserted between
	a function name and the ( opening the argument list in
	datatypes.c. This is not consistent with the coding style used in
	the rest of this file so removing this extra space makes the
	code slightly more readable.

	don't check for NULL before calling virHashFree
	virHashFree follows the convention described in HACKING that
	XXXFree() functions can be called with a NULL argument.

	remove no longer needed calls to virReportOOMError
	Now that the virHash handling functions call virReportOOMError by
	themselves when needed, users of the virHash API no longer need to
	do it by themselves. Since users of the virHash API were not
	consistently calling virReportOOMError after memory failures from
	the virHash code, this has the added benefit of making OOM
	reporting from this code more consistent and reliable.

	factor common code in virHashAddEntry and virHashUpdateEntry
	The only difference between these 2 functions is that one errors
	out when the entry is already present while the other modifies
	the existing entry. Add an helper function with a boolean argument
	indicating whether existing entries should be updated or not, and
	use this helper in both functions.

	add hash table rebalancing in virHashUpdateEntry
	The code in virHashUpdateEntry and virHashAddEntry is really
	similar. However, the latter rebalances the hash table when
	one of its buckets contains too many elements while the former
	does not. Fix this discrepancy.

2011-02-18  Eric Blake  <eblake@redhat.com>

	hash: modernize debug code
	* src/util/hash.c (virHashGrow) [DEBUG_GROW]: Use modern logging.
	Reported by Christophe Fergeau.

2011-02-17  Eric Blake  <eblake@redhat.com>

	build: improve 'make install' for VPATH builds
	This still doesn't fix {html,devhelp}/libvirt-{libvirt-virterror}.html,
	but it's progress in the right direction.

	* docs/Makefile.am (%.html): Build into srcdir.

2011-02-17  Wen Congyang  <wency@cn.fujitsu.com>

	check more error info about whether drive_add failed
	When we attach a disk, but we specify a wrong format of disk image,
	qemu monitor command drive_add will fail, but libvirt does not detect
	this error.

2011-02-17  Eric Blake  <eblake@redhat.com>

	logging: make VIR_ERROR and friends preserve errno
	Followup to commit 17e19add, and would have prevented the bug
	independently fixed in commit 76c57a7c.

	* src/util/logging.c (virLogMessage): Preserve errno, since
	logging should be as unintrusive as possible.

2011-02-17  Eric Blake  <eblake@redhat.com>

	maint: avoid 'make syntax-check' from tarball
	* .gnulib: update to latest gnulib for maint.mk fixes

2011-02-17  Laine Stump  <laine@laine.org>

	Give each virtual network bridge its own fixed MAC address
	This fixes https://bugzilla.redhat.com/show_bug.cgi?id=609463

	The problem was that, since a bridge always acquires the MAC address
	of the connected interface with the numerically lowest MAC, as guests
	are started and stopped, it was possible for the MAC address to change
	over time, and this change in the network was being detected by
	Windows 7 (it sees the MAC of the default route change), so on each
	reboot it would bring up a dialog box asking about this "new network".

	The solution is to create a dummy tap interface with a MAC guaranteed
	to be lower than any guest interface's MAC, and attach that tap to the
	bridge as soon as it's created. Since all guest MAC addresses start
	with 0xFE, we can just generate a MAC with the standard "0x52, 0x54,
	0" prefix, and it's guaranteed to always win (physical interfaces are
	never connected to these bridges, so we don't need to worry about
	competing numerically with them).

	Note that the dummy tap is never set to IFF_UP state - that's not
	necessary in order for the bridge to take its MAC, and not setting it
	to UP eliminates the clutter of having an (eg) "virbr0-nic" displayed
	in the output of the ifconfig command.

	I chose to not auto-generate the MAC address in the network XML
	parser, as there are likely to be consumers of that API that don't
	need or want to have a MAC address associated with the
	bridge.

	Instead, in bridge_driver.c when the network is being defined, if
	there is no MAC, one is generated. To account for virtual network
	configs that already exist when upgrading from an older version of
	libvirt, I've added a %post script to the specfile that searches for
	all network definitions in both the config directory
	(/etc/libvirt/qemu/networks) and the state directory
	(/var/lib/libvirt/network) that are missing a mac address, generates a
	random address, and adds it to the config (and a matching address to
	the state file, if there is one).

	docs/formatnetwork.html.in: document <mac address.../>
	docs/schemas/network.rng: add nac address to schema
	libvirt.spec.in: %post script to update existing networks
	src/conf/network_conf.[ch]: parse and format <mac address.../>
	src/libvirt_private.syms: export a couple private symbols we need
	src/network/bridge_driver.c:
	    auto-generate mac address when needed,
	    create dummy interface if mac address is present.
	tests/networkxml2xmlin/isolated-network.xml
	tests/networkxml2xmlin/routed-network.xml
	tests/networkxml2xmlout/isolated-network.xml
	tests/networkxml2xmlout/routed-network.xml: add mac address to some tests

2011-02-17  Laine Stump  <laine@laine.org>

	Allow brAddTap to create a tap device that is down
	An upcoming patch has a use for a tap device to be created that
	doesn't need to be actually put into the "up" state, and keeping it
	"down" keeps the output of ifconfig from being unnecessarily cluttered
	(ifconfig won't show down interfaces unless you add "-a").

	bridge.[ch]: add "up" as an arg to brAddTap()
	uml_conf.c, qemu_command.c: add "up" (set to "true") to brAddTap() call.

2011-02-17  Laine Stump  <laine@laine.org>

	Add txmode attribute to interface XML for virtio backend
	This is in response to:

	   https://bugzilla.redhat.com/show_bug.cgi?id=629662

	Explanation

	qemu's virtio-net-pci driver allows setting the algorithm used for tx
	packets to either "bh" or "timer". This is done by adding ",tx=bh" or
	",tx=timer" to the "-device virtio-net-pci" commandline option.

	'bh' stands for 'bottom half'; when this is set, packet tx is all done
	in an iothread in the bottom half of the driver. (In libvirt, this
	option is called the more descriptive "iothread".)

	'timer' means that tx work is done in qemu, and if there is more tx
	data than can be sent at the present time, a timer is set before qemu
	moves on to do other things; when the timer fires, another attempt is
	made to send more data. (libvirt retains the name "timer" for this
	option.)

	The resulting difference, according to the qemu developer who added
	the option is:

	    bh makes tx more asynchronous and reduces latency, but potentially
	    causes more processor bandwidth contention since the cpu doing the
	    tx isn't necessarily the cpu where the guest generated the
	    packets.

	Solution

	This patch provides a libvirt domain xml knob to change the option on
	the qemu commandline, by adding a new attribute "txmode" to the
	<driver> element that can be placed inside any <interface> element in
	a domain definition. It's use would be something like this:

	    <interface ...>
	      ...
	      <model type='virtio'/>
	      <driver txmode='iothread'/>
	      ...
	    </interface>

	I chose to put this setting as an attribute to <driver> rather than as
	a sub-element to <tune> because it is specific to the virtio-net
	driver, not something that is generally usable by all network drivers.
	(note that this is the same placement as the "driver name=..."
	attribute used to choose kernel vs. userland backend for the
	virtio-net driver.)

	Actually adding the tx=xxx option to the qemu commandline is only done
	if the version of qemu being used advertises it in the output of

	    qemu -device virtio-net-pci,?

	If a particular txmode is requested in the XML, and the option isn't
	listed in that help output, an UNSUPPORTED_CONFIG error is logged, and
	the domain fails to start.

2011-02-17  Laine Stump  <laine@laine.org>

	Restructure domain struct interface "driver" data for easier expansion
	When the <driver> element (and its "name" attribute) was added to the
	domain XML's interface element, a "backend" enum was simply added to
	the toplevel of the virDomainNetDef struct.

	Ignoring the naming inconsistency ("name" vs. "backend"), this is fine
	when there's only a single item contained in the driver element of the
	XML, but doesn't scale well as we add more attributes that apply to
	the backend of the virtio-net driver, or add attributes applicable to
	other drivers.

	This patch changes virDomainNetDef in two ways:

	1) Rename the item in the struct from "backend" to "name", so that
	   it's the same in the XML and in the struct, hopefully avoiding
	   confusion for someone unfamiliar with the function of the
	   attribute.

	2) Create a "driver" union within virDomainNetDef, and a "virtio"
	   struct in that struct, which contains the "name" enum value.

	3) Move around the virDomainNetParse and virDomainNetFormat functions
	   to allow for simple plugin of new attributes without disturbing
	   existing code. (you'll note that this results in a seemingly
	   redundant if() in the format function, but that will no longer be
	   the case as soon as a 2nd attribute is added).

	In the future, new attributes for the virtio driver backend can be
	added to the "virtio" struct, and any other network device backend that
	needs an attribute will have its own struct added to the "driver"
	union.

2011-02-17  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix VPATH build
	Even VPATH make dist succeeds now

2011-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Move all the QEMU migration code to a new file
	The introduction of the v3 migration protocol, along with
	support for migration cookies, will significantly expand
	the size of the migration code. Move it all to a separate
	file to make it more manageable

	The functions are not moved 100%. The API entry points
	remain in the main QEMU driver, but once the public
	virDomainPtr is resolved to the internal virDomainObjPtr,
	all following code is moved.

	This will allow the new v3 API entry points to call into the
	same shared internal migration functions

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  qemuDomainFormatXML helper method
	* src/qemu/qemu_driver.c: Remove all migration code
	* src/qemu/qemu_migration.c, src/qemu/qemu_migration.h: Add
	  all migration code.

2011-02-17  Daniel P. Berrange  <berrange@redhat.com>

	Split all QEMU process mangement code into separate file
	Move the qemudStartVMDaemon and qemudShutdownVMDaemon
	methods into a separate file, renaming them to
	qemuProcessStart, qemuProcessStop. All helper methods
	called by these are also moved & renamed to match

	* src/Makefile.am: Add qemu_process.c/.h
	* src/qemu/qemu_command.c: Add qemuDomainAssignPCIAddresses
	* src/qemu/qemu_command.h: Add VNC port min/max
	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add
	  domain event queue helpers
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  all QEMU process startup/shutdown functions
	* src/qemu/qemu_process.c, src/qemu/qemu_process.h: Add
	  all QEMU process startup/shutdown functions

2011-02-17  Osier Yang  <jyang@redhat.com>

	storage: Allow to delete device mapper disk partition
	The name convention of device mapper disk is different, and 'parted'
	can't be used to delete a device mapper disk partition. e.g.

	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1

	Error: Expecting a partition number.

	This patch introduces 'dmsetup' to fix it.

	Changes:
	  - New function "virIsDevMapperDevice" in "src/utils/utils.c"
	  - remove "is_dm_device" in "src/storage/parthelper.c", use
	    "virIsDevMapperDevice" instead.
	  - Requires "device-mapper" for 'with-storage-disk" in "libvirt.spec.in"
	  - Check "dmsetup" in 'configure.ac' for "with-storage-disk"
	  - Changes on "src/Makefile.am" to link against libdevmapper
	  - New entry for "virIsDevMapperDevice" in "src/libvirt_private.syms"

	Changes from v1 to v3:
	  - s/virIsDeviceMapperDevice/virIsDevMapperDevice/g
	  - replace "virRun" with "virCommand"
	  - sort the list of util functions in "libvirt_private.syms"
	  - ATTRIBUTE_NONNULL(1) for virIsDevMapperDevice declaration.

	e.g.

	Name                 Path
	-----------------------------------------
	3600a0b80005ad1d7000093604cae912fp1 /dev/mapper/3600a0b80005ad1d7000093604cae912fp1

	Vol /dev/mapper/3600a0b80005ad1d7000093604cae912fp1 deleted

	Name                 Path
	-----------------------------------------

2011-02-17  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.8
	* configure.ac docs/news.html.in libvirt.spec.in: bump version and add docs
	* po/*.po*: updated Gujarati, Polish and Dutch localisations and regenerated

2011-02-17  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when saving a shutoff domain
	"qemudDomainSaveFlag" goto wrong label "endjob", which will cause
	error when security manager trying to restore label (regression).

	As it's more reasonable to check if vm is shutoff immediately, and
	return right away if it is, remove the checking in "qemudDomainSaveFlag",
	and add checking in "qemudDomainSave".

	* src/qemu/qemu_driver.c

2011-02-16  Eric Blake  <eblake@redhat.com>

	maint: delete unused 'make install' step
	Libxml2-Logo-90x34.gif was removed from the repository in Sep 2009
	(commit d6d528c) because our docs no longer reference it.

	* docs/Makefile.am (install-data-local): Don't install missing file.

2011-02-16  Eric Blake  <eblake@redhat.com>

	cgroup: preserve correct errno on failure
	* src/util/cgroup.c (virCgroupSetValueStr, virCgroupGetValueStr)
	(virCgroupRemoveRecursively): VIR_DEBUG can clobber errno.
	(virCgroupRemove): Use VIR_DEBUG rather than DEBUG.

2011-02-16  Zdenek Styblik  <stybla@turnovfree.net>

	Update czech localization

2011-02-15  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix command line generation with faked host CPU
	The code expected that host CPU architecture matches the architecture on
	which libvirt runs. This is normally true but not in tests, where host
	CPU is faked to produce consistent results.

	tests: Fake host capabilities properly
	Since we fake host CPU we should also fake host arch instead of taking
	the real architecture tests are running on.

2011-02-15  Eric Blake  <eblake@redhat.com>

	docs: fix typos
	* docs/drvopenvz.html.in: Spell administrator correctly.
	* docs/drvuml.html.in: Likewise.
	* src/qemu/qemu.conf: Likewise.  Fix other typos, too.

2011-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid empty strings when --with-packager(-version) is not specified
	Make with_packager and with_packager_version default to "no". This way
	--without-packager-version (as shorthand for --with-packager(-version)=no)
	works correctly too.

	Prior to this patch libvirt outputs a line like this when
	--with-packager(-version) was not specified

	# ./daemon/libvirtd
	14:11:15.018: 31796: info : libvirt version: 0.8.8, package:  ()

	Now the unspecified parts are correctly omitted.

	Reported by Osier Yang.

2011-02-15  Eric Blake  <eblake@redhat.com>

	build: address clang reports about virCommand
	clang had 5 reports against virCommand; three were false positives
	(a NULL deref in ProcessIO solved by sa_assert, and two uninitialized
	memory operations solved by adding an initializer), but two were real.

	* src/util/command.c (virCommandProcessIO): Fix real bug of
	possible NULL dereference.  Teach clang that buf is never NULL.
	(virCommandRun): Teach clang that infd is only ever accessed when
	initialized.

2011-02-15  Eric Blake  <eblake@redhat.com>

	build: silence some clang warnings
	* tools/virsh.c (cmdHelp): Kill dead variables.

	qemu: don't mask real error with oom report
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Don't report oom
	after qemuBuildControllerDevStr, which reported its own errors.

2011-02-15  Eric Blake  <eblake@redhat.com>

	qemu: avoid NULL derefs
	The processWatchdogEvent fix is real, although it can only trigger
	on OOM, since bad things happen if doCoreDump is called with a NULL
	pathname argument.  The other fixes silence clang, but aren't a real
	bug because virReportErrorHelper tolerates a NULL format string even
	though *printf does not.

	* src/qemu/qemu_driver.c (processWatchdogEvent): Exit on OOM.
	(qemuDomainIsActive, qemuDomainIsPersistent, qemuDomainIsUpdated):
	Provide valid message.

2011-02-15  Eric Blake  <eblake@redhat.com>

	virDomainMemoryStats: avoid null dereference
	* src/libvirt.c (virDomainMemoryStats): Check domain before flags.

2011-02-15  Justin Clift  <jclift@redhat.com>

	docs: added link for nimbus to apps page

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of mutex attributes in POSIX threads impl
	* src/util/threads-pthread.c: Fix mutex leak

2011-02-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak in SCSI storage backend
	The SCSI storage backend leaks a string containing the pathname
	for each block device it discovers

	* src/storage/storage_backend_scsi.c: Free the device name

2011-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Output commandline on status != 0 in virCommandWait
	This helps identifying which command exited with status != 0.

2011-02-15  Christophe Fergeau  <teuf@gnome.org>

	add missing error handling to virGetDomain
	When creating the virDomain::snapshots hash table, virGetDomain
	wasn't checking if the creation was successful. This would then
	lead to failures in the vir*DomainSnapshot functions. Better to
	report this error early and make virGetDomain fail if the
	snapshots hash couldn't be created.
	* src/datatypes.c: report failure to make a hash table

2011-02-15  Christophe Fergeau  <teuf@gnome.org>

	call virReportOOMError when appropriate in hash.c
	A couple of allocation were not calling virReportOOMError on allocation
	errors

	* src/util/hash.c: add the needed call in virHashCreate and
	  virHashAddOrUpdateEntry

2011-02-15  Osier Yang  <jyang@redhat.com>

	storage: Create enough volumes for mpath pool
	"virStorageBackendCreateVols":
	  "names->next" serves as condition expression for "do...while",
	however, "names" was shifted before, it then results in one less
	loop, and thus, one less volume will be created for mpath pool,
	the patch is to fix it.

	* src/storage/storage_backend_mpath.c

2011-02-15  Eric Blake  <eblake@redhat.com>

	maint: kill dead assignments
	* src/network/bridge_driver.c (networkStartNetworkDaemon): Delete
	unused assignments.

	qemu: avoid NULL deref on error
	* src/qemu/qemu_command.c (qemuParseCommandLineDisk): Report error
	before cleaning def.

2011-02-14  Eric Blake  <eblake@redhat.com>

	build: silence false positive clang report
	clang complained that STREQ(group->controllers[i].mountPoint,...)  was
	a NULL dereference when i==VIR_CGROUP_CONTROLLER_CPUSET, because it
	assumes the worst about virCgroupPathOfController.  Marking the
	argument const doesn't yet have an effect, per this clang bug:
	http://llvm.org/bugs/show_bug.cgi?id=7758

	So, we use sa_assert, which was designed to shut up false positives
	from tools like clang.

	* src/util/cgroup.c (virCgroupMakeGroup): Teach clang that there
	is no NULL dereference.

2011-02-14  Eric Blake  <eblake@redhat.com>

	qemu: ignore failure of qemu -M ? on older qemu
	https://bugzilla.redhat.com/show_bug.cgi?id=676563

	Regression introduced in commit 2211518.

	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes): Allow
	non-zero exit status.

2011-02-14  Eric Blake  <eblake@redhat.com>

	xml: avoid compiler warning
	Detected by clang.

	* src/util/xml.c (virXPathStringLimit): Use %zd, not obsolete %Zd.

2011-02-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: reorder match extensions relative to state match
	This patch reorders the connlimit and comment match extensions relative to the state match (-m state); connlimit being most useful if found after a -m state --state NEW and not before it.

2011-02-14  Jiri Denemark  <jdenemar@redhat.com>

	conf: Fix XML generation for smartcards
	When formatting XML for smartcard device with mode=host, libvirt
	generates invalid XML if the device has address info associated:

	<smartcard mode='host' <address type='ccid' controller='0' slot='1'/>

2011-02-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix cleanup on VM state after failed QEMU startup
	Commit 9962e406c664ed5521f5aca500c860a331cb3979 introduced a
	problem where if the VM failed to startup, it would not be
	correctly cleaned up. Amongst other things the SELinux
	security label would not be removed, which prevents the VM
	from ever starting again.

	The virDomainIsActive() check at the start of qemudShutdownVMDaemon
	checks for vm->def->id not being -1. By moving the assignment of the
	VM id to the start of qemudStartVMDaemon, we can ensure cleanup will
	occur on failure

	* src/qemu/qemu_driver.c: Move initialization of 'vm->def->id'
	  so that qemudShutdownVMDaemon() will process the shutdown

2011-02-14  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-qemu: Fix enum type declaration

2011-02-14  Christophe Fergeau  <teuf@gnome.org>

	fix OOM handling in hash routines
	* src/util/hash.c: virHashAddEntry and virHashUpdateEntry were missing NULL
	  checks on strdup
	* AUTHORS: add Christophe Fergeau

2011-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update src/README
	Add missing subdirectories.

2011-02-12  Eric Blake  <eblake@redhat.com>

	virsh: avoid mingw compiler warnings
	Compilation on mingw was warning about %lld use in fprintf, and
	in the gnulib strptime module about dead labels.

	* tools/virsh.c (vshPrint): Change redirect.
	(vshPrintExtra): Allow use within vshPrint.  Avoid fprintf on
	arbitrary formats, since we aren't using gnulib module; instead,
	use virVasprintf to pre-format.
	(vshError): Likewise.
	* .gnulib: Update to latest, for mingw strptime warning fix.
	Reported by Matthias Bolte.

2011-02-12  Eric Blake  <eblake@redhat.com>

	build: avoid problems with autogen.sh runs from tarball
	Introduced by commit fac97c65c distributing cfg.mk, which
	previously could blindly assume it was in a git checkout.

	* cfg.mk (_update_required): Also check for .git.
	* autogen.sh: Don't run bootstrap from a tarball.
	Reported by Daniel Veillard.

2011-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Distribute XSLT files to generate HACKING

	qemu: Report a more informative error for missing cgroup controllers
	Also use VIR_ERR_OPERATION_INVALID instead of VIR_ERR_NO_SUPPORT, as
	the operation could succeed when the cgroup controller was mounted.

2011-02-12  Osier Yang  <jyang@redhat.com>

	xen: Prevent updating device when attaching a device
	When attaching a device that already exists, xend driver updates
	the device with "device_configure", it causes problems (e.g. for
	disk device, 'device_configure' only can be used to update device
	like CDROM), on the other hand, we provide additional API
	(virDomainUpdateDevice) to update device, this fix is to raise up
	errors instead of updating the existed device which is not CDROM
	device.

	Changes from v1 to v2:
	  - allow to update CDROM

	* src/xen/xend_internal.c

2011-02-11  Eric Blake  <eblake@redhat.com>

	build: fix cygwin strerror_r failure
	Building the 0.8.8 release candidate on cygwin produced this compiler
	warning, which is indicative of catastrophic failure on any attempt to
	print an error message with errno turned to a string:

	  CC       strerror_r.lo
	strerror_r.c: In function 'rpl_strerror_r':
	strerror_r.c:67: warning: assignment makes integer from pointer without a cast

	This has been fixed in gnulib.

	* .gnulib: Update to latest, for strerror_r fix.
	* src/util/memory.c (includes): Satisfy 'make syntax-check'.

2011-02-11  Philipp Hahn  <hahn@univention.de>

	qemu: Fix escape_monitor(escape_shell(command))
	Suspending a VM which contains shell meta characters doesn't work with
	libvirt-0.8.7:
	/var/log/libvirt/qemu/andreas_231-ne\ doch\ nicht.log:
	  sh: -c: line 0: syntax error near unexpected token `doch'
	  sh: -c: line 0: `cat | { dd bs=4096 seek=1 if=/dev/null && dd bs=1048576; }

	Although target="andreas_231-ne doch nicht" contains shell meta
	characters (here: blanks), they are not properly escaped by
	src/qemu/qemu_monitor_{json,text}.c#qemuMonitor{JSON,Text}MigrateToFile()

	First, the filename needs to be properly escaped for the shell, than
	this command line has to be properly escaped for qemu again.

	For this to work, remove the old qemuMonitorEscapeArg() wrapper, rename
	qemuMonitorEscape() to it removing the handling for shell=TRUE, and
	implement a new qemuMonitorEscapeShell() returning strings using single
	quotes.

	Using double quotes or escaping special shell characters with backslashes
	would also be possible, but the set of special characters heavily
	depends on the concrete shell (dsh, bash, zsh) and its setting (history
	expansion, interactive use, ...)

2011-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Imprint all logs with version + package build information
	The logging functions are enhanced so that immediately prior to
	the first log message being printed to any output channel, the
	libvirt package version will be printed.

	eg

	 $ LIBVIRT_DEBUG=1 virsh
	 18:13:28.013: 17536: info : libvirt version: 0.8.7
	 18:13:28.013: 17536: debug : virInitialize:361 : register drivers
	 ...

	The 'configure' script gains two new arguments which can be
	used as

	   --with-packager="Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10"
	   --with-packager-version="1.fc14"

	to allow distros to append a custom string with package specific
	data.

	The RPM specfile is modified so that it appends the RPM version,
	the build host, the build date and the packager name.

	eg

	 $ LIBVIRT_DEBUG=1 virsh
	 18:14:52.086: 17551: info : libvirt version: 0.8.7, package: 1.fc13 (Fedora Project, x86-01.phx2.fedoraproject.org, 01-27-2011-18:00:10)
	 18:14:52.086: 17551: debug : virInitialize:361 : register drivers

	Thus when distro packagers receive bug reports they can clearly
	see what version was in use, even if the bug reporter mistakenly
	or intentionally lies about version/builds

	* src/util/logging.c: Output version data prior to first log message
	* libvirt.spec.in: Include RPM release, date, hostname & packager
	* configure.ac: Add --with-packager & --with-packager-version args

2011-02-10  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: fix attach-interface regression
	QEMUD_CMD_FLAG_PCI_MULTIBUS should be set in the function
	qemuCapsExtractVersionInfo()

	The flag QEMUD_CMD_FLAG_PCI_MULTIBUS is used in the function
	qemuBuildDeviceAddressStr(). All callers get qemuCmdFlags
	by the function qemuCapsExtractVersionInfo() except that
	testCompareXMLToArgvFiles() in qemuxml2argvtest.c.

	So we should set QEMUD_CMD_FLAG_PCI_MULTIBUS in the function
	qemuCapsExtractVersionInfo() instead of qemuBuildCommandLine()
	because the function qemuBuildCommandLine() does not be called
	when we attach a pci device.

	tests: set QEMUD_CMD_FLAG_PCI_MULTIBUS in testCompareXMLToArgvFiles()

	set QEMUD_CMD_FLAG_PCI_MULTIBUS before calling qemuBuildCommandLine()
	as the flags is not set by qemuCapsExtractVersionInfo().

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Avoid pthread_sigmask on Win32 platforms
	Win32 doesn't have a concept of signal masks so disable that
	code. It is unclear how SIGINT is delivered (if at all) on
	Win32, so this might further work to provide an alternative
	to pthread_sigmask

	* tools/virsh.c: Avoid pthread_sigmask on Win32

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Reduce log level when cgroups aren't mounted
	Quite a few hosts don't have cgroups mounted and so see warnings
	from libvirt logged, which then cause bug reports, etc. Reduce
	the log level to INFO so they're not visible by default

	* src/qemu/qemu_driver.c: Reduce log level for cgroups

2011-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Avoid warnings from nwfilter driver when run non-root
	When run non-root the nwfilter driver logs error messages about
	being unable to find iptables/ebtables commands (they are in
	/sbin which isn't in $PATH). The nwfilter driver can't ever work
	as non-root, so simply skip it entirely thus avoiding the error
	messages

	* src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.c,
	  src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
	  flag down to final driver impl
	* src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
	  if not privileged

2011-02-10  Michal Privoznik  <mprivozn@redhat.com>

	Fix typo in parsing of spice 'auth' data
	A typo s/spice/vnc/ caused parsing of the spice 'auth' data
	to write into the wrong part of the struct, blowing away
	other unrelated data.

	* src/conf/domain_conf.c: s/vnc/spice/ in parsing spice auth

2011-02-09  Eric Blake  <eblake@redhat.com>

	build: distribute 'make syntax-check' tweaks
	* Makefile.am (EXTRA_DIST): Distribute cfg.mk.

2011-02-09  Michal Novotny  <minovotn@redhat.com>

	docs: Add information about libvirt-php new location

2011-02-09  Eric Blake  <eblake@redhat.com>

	maint: whitespace cleanup
	* .dir-locals.el (html-mode): Let emacs help out.
	* cfg.mk (sc_TAB_in_indentation): Check more files.
	* docs/internals/command.html.in: Fix offenders.
	* docs/formatdomain.html.in: Likewise.
	* docs/internals.html.in: Likewise.
	Reported by Jiri Denemark.

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Adjust some log levels in udev driver
	Most of te VIR_INFO calls in the udev driver are only relevant
	to developers so can switch to VIR_DEBUG. Failure to initialize
	libpciaccess though is a fatal error

	* src/node_device/node_device_udev.c: Adjust log levels

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Add check for binary existing in machine type probe
	When probing machine types if the QEMU binary does not exist
	we get a hard to diagnose error, due to the execve() in the
	child failing

	error: internal error Child process exited with status 1.

	Add an explicit check so that we get

	error: Cannot find QEMU binary /usr/libexec/qem3u-kvm: No such file or directory

	* src/qemu/qemu_capabilities.c: Check for QEMU binary

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Add a little more debugging for async events
	To make it easier to investigate problems with async event
	delivery, add two more debugging lines

	* daemon/remote.c: Debug when an event is queued for dispatch
	* src/remote/remote_driver.c: Debug when an event is received
	  for processing

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Move connection driver modules directory
	When built as modules, the connection drivers live
	in $LIBDIR/libvirt/drivers. Now we add lock manager
	drivers, we need to distinguish. So move the existing
	modules to 'connection-driver'

	* src/Makefile.am: Move module install dir
	* src/driver.c: Move module search dir

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Reset logging filter function when forking
	To ensure child processes will log all error messages, reset
	the logging filter function when forking

	* src/util/util.c: Reset log filter in fork

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Block SIGPIPE around virExec hook functions
	Some functionality run in virExec hooks may do I/O which
	can trigger SIGPIPE. Renable SIGPIPE blocking around the
	hook function

	* src/util/util.c: Block SIGPIPE around hooks

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Support SCSI RAID type & lower log level for unknown types
	The Linux kernel headers don't have a value for SCSI type 12,
	but HAL source code shows this to be a 'raid'. Add workaround
	for this type. Lower log level for unknown types since
	this is not a fatal error condition. Include the device sysfs
	path in the log output to allow identification of which device
	has problems.

	* src/node_device/node_device_udev.c: Add SCSI RAID type

2011-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Only initialize/cleanup libpciaccess once
	libpciaccess has many bugs in its pci_system_init/cleanup
	functions that makes calling them multiple times unwise.
	eg it will double close() FDs, and leak other FDs.

	* src/node_device/node_device_udev.c: Only initialize
	  libpciaccess once

2011-02-09  Serge E. Hallyn  <serge.hallyn@canonical.com>

	Don't use CLONE_NEWUSER for now
	Until now, user namespaces have not done much, but (for that
	reason) have been innocuous to glob in with other CLONE_
	flags.  Upcoming userns development, however, will make tasks
	cloned with CLONE_NEWUSER far more restricted.  In particular,
	for some time they will be unable to access files with anything
	other than the world access perms.

	This patch assumes that noone really needs the user namespaces
	to be enabled.  If that is wrong, then we can try a more
	baroque patch where we create a file owned by a test userid with
	700 perms and, if we can't access it after setuid'ing to that
	userid, then return 0.  Otherwise, assume we are using an
	older, 'harmless' user namespace implementation.

	Comments appreciated.  Is it ok to do this?

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: implement qemu support
	* src/qemu/qemu_driver.c (qemuGetSysinfo): New function.
	(qemuDriver): Install it.

	sysinfo: refactor xml formatting
	* src/util/sysinfo.h (virSysinfoFormat): New prototype.
	* src/conf/domain_conf.c (virDomainSysinfoDefFormat): Move guts...
	* src/util/sysinfo.c (virSysinfoFormat): ...into new function.
	* src/libvirt_private.syms: Export it.

	sysinfo: implement virsh support
	* tools/virsh.c (cmdSysinfo): New function.
	(hostAndHypervisorCmds): Add it.
	* tools/virsh.pod: Document it.

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.

	* daemon/remote.c (remoteDispatchGetSysinfo): New function.
	* src/remote/remote_driver.c (remoteGetSysinfo, remote_driver):
	Client side serialization.
	* src/remote/remote_protocol.x (remote_get_sysinfo_args)
	(remote_get_sysinfo_ret): New types.
	(REMOTE_PROC_GET_SYSINFO): New enum value.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_ret.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: implement the public API
	* src/libvirt.c (virConnectGetSysinfo): New function.
	* docs/formatdomain.html.in: Mention it.

	sysinfo: define internal driver API
	* src/driver.h (virDrvGetSysinfo): New typedef.
	(_virDriver): New callback member.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/vmware/vmware_driver.c (vmwareDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

2011-02-09  Eric Blake  <eblake@redhat.com>

	sysinfo: expose new API
	The new virConnectGetSysinfo() API allows one to get the system
	information associated to a connection host, providing the same
	data as a guest that uses <os><smbios mode='host'/></os>, and in
	a format that can be pasted into the guest and edited when using
	<os><smbios mode='sysinfo'/></os>.

	* include/libvirt/libvirt.h.in (virConnectGetSysinfo): Declare.
	* src/libvirt_public.syms: Export new symbol.

2011-02-09  Daniel Veillard  <veillard@redhat.com>

	Adding Michal Novotny for previous patch

2011-02-09  Michal Novotny  <minovotn@redhat.com>

	Add libvirt-php information page
	This adds a ibvirt-php information page with some
	basic information on libvirt-php project compilation, contribution
	and other useful information.

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Add documentation for blkiotune elements.
	Add documentation for blkiotune elements.

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	LXC: LXC Blkio weight configuration support.
	LXC Blkio weight configuration support.

	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	qemu: Implement blkio tunable XML configuration and parsing.
	Implement blkio tunable XML configuration and parsing.

	Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com>

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Update XML Schema for new entries.
	Update XML Schema for new entries.

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Implement blkio.weight tuning API.
	Implement blkio.weight tuning API.

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-02-08  Gui Jianfeng  <guijianfeng@cn.fujitsu.com>

	cgroup: Enable cgroup hierarchy for blkio cgroup
	Enable cgroup hierarchy for blkio cgroup

	Acked-by: Daniel P. Berrange <berrange@redhat.com>

2011-02-08  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS
	* AUTHORS: Adjust for recent commits.

2011-02-08  Daniel Veillard  <veillard@redhat.com>

	Update Dutch and Polish localizations

	Revert "Czech translation updates"
	This reverts commit 9169c0eeb4b68a0001b57d35d11e41f9c1bc6148.
	The patch didn't applied cleanly and completely broke po regeneration

2011-02-08  Zdenek Styblik  <stybla@turnovfree.net>

	Czech translation updates

2011-02-08  Hero Phương  <herophuong93@gmail.com>

	Vietnamese translations for libvirt

2011-02-07  Niels de Vos  <ndevos@redhat.com>

	docs/index.html.in: update KVM url

2011-02-04  Eric Blake  <eblake@redhat.com>

	spicevmc: support older -device spicevmc of qemu 0.13.0
	qemu 0.13.0 (at least as built for Fedora 14, and also backported to
	RHEL 6.0 qemu) supported an older syntax for a spicevmc channel; it's
	not as flexible (it has an implicit name and hides the chardev
	aspect), but now that we support spicevmc, we might as well target
	both variants.

	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_DEVICE_SPICEVMC):
	New flag.
	* src/qemu/qemu_capabilities.c (qemuCapsParseDeviceStr): Set it
	correctly.
	* src/qemu/qemu_command.h (qemuBuildVirtioSerialPortDevStr): Drop
	declaration.
	* src/qemu/qemu_command.c (qemuBuildVirtioSerialPortDevStr): Alter
	signature, check flag.
	(qemuBuildCommandLine): Adjust caller and check flag.
	* tests/qemuhelptest.c (mymain): Update test.
	* tests/qemuxml2argvtest.c (mymain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.xml:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc-old.args:
	Likewise.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: add spicevmc support
	Adds <smartcard mode='passthrough' type='spicevmc'/>, which uses the
	new <channel name='smartcard'/> of <graphics type='spice'>.

	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainGraphicsSpiceChannelName): New
	enum value.
	(virDomainChrSpicevmcName): New enum.
	(virDomainChrSourceDef): Distinguish spicevmc types.
	* src/conf/domain_conf.c (virDomainGraphicsSpiceChannelName): Add
	smartcard.
	(virDomainSmartcardDefParseXML): Parse it.
	(virDomainChrDefParseXML, virDomainSmartcardDefParseXML): Set
	spicevmc name.
	(virDomainChrSpicevmc): New enum conversion functions.
	* src/libvirt_private.syms: Export new functions.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Conditionalize
	name.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.args:
	New file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-spicevmc.xml:
	Likewise.

2011-02-04  Daniel P. Berrange  <berrange@redhat.com>

	spicevmc: support new qemu chardev
	Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=615757

	Add a new character device backend for virtio serial channels that
	activates the QEMU spice agent on the main channel using the vdagent
	spicevmc connection.  The <target> must be type='virtio', and supports
	an optional name that specifies how the guest will see the channel
	(for now, name must be com.redhat.spice.0).

	<channel type='spicevmc'>
	  <target type='virtio'/>
	  <address type='virtio-serial' controller='1' bus='0' port='3'/>
	</channel>

	* docs/schemas/domain.rng: Support new XML.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.h (virDomainChrType): New enum value.
	* src/conf/domain_conf.c (virDomainChr): Add spicevmc.
	(virDomainChrDefParseXML, virDomainChrSourceDefParseXML)
	(virDomainChrDefParseTargetXML): Parse and enforce proper use.
	(virDomainChrSourceDefFormat, virDomainChrDefFormat): Format.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildCommandLine): Add qemu support.
	* tests/qemuxml2argvtest.c (domain): New test.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.xml: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-channel-spicevmc.args:
	Likewise.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: turn on qemu support
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Emit smartcard
	options.
	(qemuAssignDeviceAliases): Assign an alias for smartcards.
	(qemuBuildControllerDevStr): Manage the usb-ccid controller.
	* tests/qemuxml2argvtest.c (mymain): Add new tests.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.args: New
	file.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough.args:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.args:
	Likewise.

	smartcard: enable SELinux support
	* src/security/security_selinux.c
	(SELinuxRestoreSecuritySmartcardCallback)
	(SELinuxSetSecuritySmartcardCallback): New helper functions.
	(SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use
	them.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: check for qemu capability
	Qemu smartcard/spicevmc support exists on branches (such as
	http://cgit.freedesktop.org/~alon/qemu/commit/?h=usb_ccid.v15&id=024a37b)
	but is not yet upstream.  The added -help output matches a scratch build
	that will be close to the RHEL 6.1 qemu-kvm.

	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_CCID_EMULATED)
	(QEMUD_CMD_FLAG_CCID_PASSTHRU, QEMUD_CMD_FLAG_CHARDEV_SPICEVMC):
	New flags.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags)
	(qemuCapsParseDeviceStr): Check for smartcard capabilities.
	(qemuCapsExtractVersionInfo): Tweak comment.
	* tests/qemuhelptest.c (mymain): New test.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel61-device: Likewise.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: add domain conf support
	* src/conf/domain_conf.h (virDomainSmartcardType): New enum.
	(virDomainSmartcardDef, virDomainDeviceCcidAddress): New structs.
	(virDomainDef): Include smartcards.
	(virDomainSmartcardDefIterator): New typedef.
	(virDomainSmartcardDefFree, virDomainSmartcardDefForeach): New
	prototypes.
	(virDomainControllerType, virDomainDeviceAddressType): Add ccid
	enum values.
	(virDomainDeviceInfo): Add ccid address type.
	* src/conf/domain_conf.c (virDomainSmartcard): Convert between
	enum and string.
	(virDomainSmartcardDefParseXML, virDomainSmartcardDefFormat)
	(virDomainSmartcardDefFree, virDomainDeviceCcidAddressParseXML)
	(virDomainDefMaybeAddSmartcardController): New functions.
	(virDomainDefParseXML): Parse the new XML.
	(virDomainDefFormat): Convert back to XML.
	(virDomainDefFree): Clean up.
	(virDomainDeviceInfoIterate): Iterate over passthrough aliases.
	(virDomainController, virDomainDeviceAddress)
	(virDomainDeviceInfoParseXML, virDomainDeviceInfoFormat)
	(virDomainDefAddImplicitControllers): Support new values.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): List new function.

2011-02-04  Eric Blake  <eblake@redhat.com>

	smartcard: add XML support for <smartcard> device
	Assuming a hypervisor that supports multiple smartcard devices in the
	guest, this would be a valid XML description:

	<devices>
	  <smartcard mode='host'/>
	  <smartcard mode='host-certificates'>
	    <certificate>/path/to/cert1</certificate>
	    <certificate>/path/to/cert2</certificate>
	    <certificate>/path/to/cert3</certificate>
	  </smartcard>
	  <smartcard mode='passthrough' type='tcp'>
	    <source mode='bind' host='127.0.0.1' service='2001'/>
	    <protocol type='raw'/>
	  </smartcard>
	</devices>

	(As of this commit, the qemu hypervisor will be the first
	implementation, but it only supports one smartcard.)

	* docs/formatdomain.html.in (Smartcard devices): New section.
	* docs/schemas/domain.rng (smartcard): New define, used in
	devices.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host.xml: New file
	to test schema.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-host-certificates.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-passthrough-tcp.xml:
	Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smartcard-controller.xml:
	Likewise.

2011-02-04  Alon Levy  <alevy@redhat.com>

	docs/index.html.in: update QEMU url

2011-02-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Support booting from hostdev PCI devices

	Support booting from hostdev devices

2011-02-03  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Add shortcut for HMP pass through
	Currently users who want to use virDomainQemuMonitorCommand() API or
	it's virsh equivalent has to use the same protocol as libvirt uses for
	communication to qemu. Since the protocol is QMP with current qemu and
	HMP much more usable for humans, one ends up typing something like the
	following:

	    virsh qemu-monitor-command DOM \
	'{"execute":"human-monitor-command","arguments":{"command-line":"info kvm"}}'

	which is not a very convenient way of debugging qemu.

	This patch introduces --hmp option to qemu-monitor-command, which says
	that the provided command is in HMP. If libvirt uses QMP to talk with
	qemu, the command will automatically be converted into QMP. So the
	example above is simplified to just

	    virsh qemu-monitor-command --hmp DOM "info kvm"

	Also the result is converted from

	    {"return":"kvm support: enabled\r\n"}

	to just plain HMP:

	    kvm support: enabled

	If libvirt talks to qemu in HMP, --hmp flag is obviously a noop.

2011-02-03  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix 2 nla_put expressions (non-serious bug)
	This patch fixes 2 occurrences of nla_put expression with a '!' in
	front of them that basically prevented the detection that the buffer
	is too small. However, code further below would then detect that the
	buffer is too small when further parts are added to the netlink message.

2011-02-03  Eric Blake  <eblake@redhat.com>

	qemu: avoid double shutdown
	* src/qemu/qemu_driver.c (qemudShutdownVMDaemon): Check that vm is
	still active.
	Reported by Wen Congyang as follows:

	Steps to reproduce this bug:

	1. use gdb to debug libvirtd, and set breakpoint in the function
	   qemuConnectMonitor()
	2. start a vm, and the libvirtd will be stopped in qemuConnectMonitor()
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. continue to run libvirtd in gdb, and libvirtd will be blocked in the
	   function qemuMonitorSetCapabilities()
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)

	Here is log of the qemu:
	=========
	LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin ...
	char device redirected to /dev/pts/3
	2011-01-27 09:38:48.101: shutting down
	2011-01-27 09:41:26.401: shutting down
	=========

	The vm is shut down twice. I do not know whether this behavior has
	side effect, but I think we should shutdown the vm only once.

2011-02-03  Davidlohr Bueso  <dave@gnu.org>

	Fix conflicts with glibc globals
	When compiling libvirt with GCC 3.4.6 the following warning is being triggered quite a lot:

	util/memory.h:60: warning: declaration of 'remove' shadows a global declaration
	/usr/include/stdio.h:175: warning: shadowed declaration is here

	Fix this by renaming the parameter to 'toremove'.

2011-02-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation when building without sasl
	Use of saslDecoded field need to be guarded by #if HAVE_SASL/endif
	* src/remote/remote_driver.c: fix remoteIOEventLoop accordingly

2011-02-02  Eric Blake  <eblake@redhat.com>

	docs: more on qemu locking patterns
	* src/qemu/THREADS.txt: Improve documentation.

2011-02-02  Niels de Vos  <ndevos@redhat.com>

	qemuBuildDeviceAddressStr() checks for QEMUD_CMD_FLAG_PCI_MULTIBUS
	Depending if the qemu binary supports multiple pci-busses, the device
	options will contain "bus=pci" or "bus=pci.0".

	Only x86_64 and i686 seem to have support for multiple PCI-busses. When
	a guest of these architectures is started, set the
	QEMUD_CMD_FLAG_PCI_MULTIBUS flag.

2011-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't sleep in poll() if there is existing SASL decoded data
	In the SASL codepath we typically read far more data off the
	wire than we immediately need. When using a connection from a
	single thread this isn't a problem, since only our reply will
	be pending (or an event we can handle directly). When using a
	connection from multiple threads though, we may read the data
	from replies from other threads. If those replies occur after
	our own reply, they'll not be processed. The other thread will
	then go into poll() and wait for its reply which has already
	been received and decoded. The solution is to set poll() timeout
	to 0 if there is pending SASL data.

	* src/remote/remote_driver.c: Don't sleep in poll() if SASL
	  data exists

2011-02-02  Justin Clift  <jclift@redhat.com>

	docs: renamed hudson project link to jenkins, matching project rename

2011-02-01  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: fix variable in debugging output
	This patch fixes a variable in the debugging output.

2011-02-01  Eric Blake  <eblake@redhat.com>

	build: fix parted detection at configure time
	* configure.ac (PARTED_FOUND): Issue configure error if
	--with-storage-disk=yes but no parted is found.

2011-02-01  Osier Yang  <jyang@redhat.com>

	docs: Update docs for cpu_shares setting
	* tools/virsh.pod

2011-02-01  Osier Yang  <jyang@redhat.com>

	qemu: Build command line for incoming tunneled	migration
	Command line building for incoming tunneled migration is missed,
	as a result, all the tunneled migration will fail with "unknown
	migration protocol".

	* src/qemu/qemu_command.c

2011-02-01  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: handle DNS over IPv6
	* dnsmasq listens on all defined IPv[46] addresses for network
	* Add ip6tables rules to allow DNS traffic to host

2011-01-31  Juerg Haefliger  <juerg.haefliger@hp.com>

	tests: handle backspace-newline pairs in test input files
	This patch teaches testutil how to read multi-line input files with
	backspace-newline line continuation markers.

	The patch also breaks up all the single-line arguments test input files into
	multi-line files with lines shorter than 80 characters.

2011-01-31  Osier Yang  <jyang@redhat.com>

	qemu: More clear error parsing domain def failure of tunneled migration
	* src/qemu/qemu_driver.c

2011-01-31  Wen Congyang  <wency@cn.fujitsu.com>

	Initialization error of controller in QEmu SCSI hotplug
	Bug manifests itself by:

	1. # virsh attach-disk --target sdb ...
	2. # virsh attach-disk --target sdh ...
	   error: Failed to attach disk
	   error: operation failed: target scsi:0 already exists

	sdh uses scsi:1, rather than scsi:0.

	* src/qemu/qemu_hotplug.c: properly set controller idx in
	  qemuDomainFindOrCreateSCSIDiskController()

2011-01-31  Daniel Veillard  <veillard@redhat.com>

	Osier get commit rights

2011-01-29  Eric Blake  <eblake@redhat.com>

	maint: reject raw close, popen in 'make syntax-check'
	commit f1fe9671e was supposed to make sure we use files.h
	macros to avoid double close, but it didn't work.

	Meanwhile, virCommand is vastly superior to system(), fork(),
	and popen() (also to virExec, but we haven't completed that
	conversion), so enforce that, too.

	* cfg.mk (sc_prohibit_close): Fix typo that excluded close, and
	add pclose.
	(sc_prohibit_fork_wrappers): New rule, for fork, system, and popen.
	* .x-sc_prohibit_close: More exemptions.
	* .x-sc_prohibit_fork_wrappers: New file.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/datatypes.c (virReleaseConnect): Tweak comment to avoid
	false positive.
	* src/util/files.h (VIR_CLOSE): Likewise.

2011-01-29  Eric Blake  <eblake@redhat.com>

	build: avoid close, system
	* src/fdstream.c (virFDStreamOpenFile, virFDStreamCreateFile):
	Use VIR_FORCE_CLOSE instead of close.
	* tests/commandtest.c (mymain): Likewise.
	* tools/virsh.c (editFile): Use virCommand instead of system.
	* src/util/util.c (__virExec): Special case preservation of std
	file descriptors to child.

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Prefer C style comments over C++ ones
	Pure cosmetic change.

	esx: Ensure max-memory has 4 megabyte granularity

2011-01-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add VIR_DIV_UP to divide memory or storage request sizes with round up
	Use it in all places where a memory or storage request size is converted
	to a larger granularity. This avoids requesting too small memory or storage
	sizes that could result from the truncation done by a simple division.

	This extends the round up fix in 6002e0406c338668ea0ecbfeb6c1ef20a8b67efe
	to the whole codebase.

	Instead of reporting errors for odd values in the VMX code round them up.

	Update the QEMU Argv tests accordingly as the original memory size 219200
	isn't a even multiple of 1024 and is rounded up to 215 megabyte now. Change
	it to 219100 and 219136. Use two different values intentionally to make
	sure that rounding up works.

	Update virsh.pod accordingly, as rounding down and rejecting are replaced
	by rounding up.

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: fix augeas support for vnc_auto_unix_socket
	Fixes test failure that was overlooked after commit 1e1f7a8950.

	* daemon/Makefile.am (check-local): Let 'make check' fail on error.
	* daemon/test_libvirtd.aug: Move qemu-specific option...
	* src/qemu/test_libvirtd_qemu.aug: ...into correct test.
	* src/qemu/libvirtd_qemu.aug: Parse new option.

2011-01-28  Michal Privoznik  <mprivozn@redhat.com>

	virsh: added --all flag to freecell command
	This will iterate over all NUMA nodes, showing
	free memory for each and sum at the end.
	Existing default behavior is not changed.

2011-01-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't try to change max-memory of an active domain
	Report an VIR_ERR_OPERATION_INVALID error in that case instead of letting
	the SOAP call fail with an VIR_ERR_INTERNAL_ERROR error.

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu aio: enable support
	qemu allows the user to choose what io storage api should be used,
	either the default (threads) or native (linux aio) which in the latter
	case can result in better performance.

	Based on a patch originally by Matthias Dahl.

	Red Hat Bugzilla #591703

2011-01-28  Matthias Dahl  <mdvirt@designassembly.de>

	qemu aio: parse aio support from qemu -help

	qemu aio: add XML parsing
	Allows io={threads|native} as an optional attribute to <driver>.

2011-01-28  Juerg Haefliger  <juerg.haefliger@hp.com>

	docs: replace CRLF with LF

2011-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus log warning lines when launching QEMU
	The refactoring of QEMU command startup was comitted with
	a couple of VIR_WARN lines left in from debugging.

	* src/qemu/qemu_driver.c: Remove log warning lines

2011-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Remove double close of qemu monitor
	When qemuMonitorSetCapabilities() fails, there is no need to
	call qemuMonitorClose(), because the caller will already see
	the error code and tear down the entire VM. The extra call to
	qemuMonitorClose resulted in a double-free due to it removing
	a ref count prematurely.

	* src/qemu/qemu_driver.c: Remove premature close of monitor

2011-01-28  Daniel P. Berrange  <berrange@redhat.com>

	Prevent overfilling of self-pipe in python event loop
	If the event loop takes a very long time todo something, it is
	possible for the 'self pipe' buffer to become full at which
	point the entire event loop + remote driver deadlock. Use a
	boolean flag to ensure we have strict one-in, one-out behaviour
	on writes/reads of the 'self pipe'

2011-01-28  Osier Yang  <jyang@redhat.com>

	docs: Add docs for new extra parameter pkipath
	* docs/remote.html.in

2011-01-28  Eric Blake  <eblake@redhat.com>

	qemu: fix error messages
	Regression in commit caa805ea let a lot of bad messages slip in.

	* cfg.mk (msg_gen_function): Fix function name.
	* src/qemu/qemu_cgroup.c (qemuRemoveCgroup): Fix fallout from
	'make syntax-check'.
	* src/qemu/qemu_driver.c (qemudDomainGetInfo)
	(qemuDomainWaitForMigrationComplete, qemudStartVMDaemon)
	(qemudDomainSaveFlag, qemudDomainAttachDevice)
	(qemuDomainUpdateDeviceFlags): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachHostUsbDevice)
	(qemuDomainDetachPciDiskDevice, qemuDomainDetachSCSIDiskDevice):
	Likewise.

2011-01-28  Hu Tao  <hutao@cn.fujitsu.com>

	qemu: Report more accurate error on failure to attach device.
	When attaching device from a xml file and the device is mis-configured,
	virsh gives mis-leading message "out of memory". This patch fixes this.

2011-01-27  Wen Congyang  <wency@cn.fujitsu.com>

	Force guest suspend at timeout
	If the memory of guest OS is changed constantly, the live migration
	can not be ended ever for ever.

	We can use the command 'virsh migrate-setmaxdowntime' to control the
	live migration. But the value of maxdowntime is diffcult to calculate
	because it depends on the transfer speed of network and constantly
	changing memroy size. We need a easy way to control the live migration.

	This patch adds the support of forcing guest to suspend at timeout.
	With this patch, when we migrate the guest OS, we can specify a
	timeout. If the live migration timeouts, auto-suspend the guest OS,
	where the migration will complete offline.

2011-01-27  Wen Congyang  <wency@cn.fujitsu.com>

	Show migration progress.
	Show migration progress if `migrate --verbose'.

2011-01-27  Hu Tao  <hutao@cn.fujitsu.com>

	Cancel migration if user presses Ctrl-C when migration is in progress
	While migration is in progress and virsh is waiting for its
	completion, user may want to terminate the progress by pressing
	Ctrl-C. But virsh just exits on user's Ctrl-C leaving migration
	in background that user isn't even aware of. It's not reasonable.

	This patch changes the behaviour for migration. For other
	commands Ctrl-C still terminates virsh itself.

2011-01-27  Eric Blake  <eblake@redhat.com>

	qemu: use separate alias for chardev and associated device
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr): Alter the
	chardev alias.
	(qemuBuildCommandLine): Output an id for the chardev counterpart.
	* tests/qemuxml2argvdata/*: Update tests to match.
	Reported by Daniel P. Berrange.

2011-01-27  Wen Congyang  <wency@cn.fujitsu.com>

	avoid vm to be deleted if qemuConnectMonitor failed
	Steps to reproduce this bug:
	1. service libvirtd start
	2. virsh start <domain>
	3. kill -STOP $(cat /var/run/libvirt/qemu/<domain>.pid)
	4. service libvirtd restart
	5. kill -9 $(cat /var/run/libvirt/qemu/<domain>.pid)

	Then libvirtd will core dump or be in deadlock state.

	Make sure that json is built into libvirt and the version
	of qemu is newer than 0.13.0.

	The reason of libvirtd cores dump is that:
	We add vm->refs when we alloc the memory, and decrease it
	in the function qemuHandleMonitorEOF() in other thread.

	We add vm->refs in the function qemuConnectMonitor() and
	decrease it when the vm is inactive.

	The libvirtd will block in the function qemuMonitorSetCapabilities()
	because the vm is stopped by signal SIGSTOP. Now the vm->refs is 2.

	Then we kill the vm by signal SIGKILL. The function
	qemuMonitorSetCapabilities() failed, and then we will decrease vm->refs
	in the function qemuMonitorClose().
	In another thread, mon->fd is broken and the function
	qemuHandleMonitorEOF() is called.

	If qemuHandleMonitorEOF() decreases vm->refs before qemuConnectMonitor()
	returns, vm->refs will be decrease to 0 and the memory is freed.

	We will call qemudShutdownVMDaemon() as qemuConnectMonitor() failed.
	The memory has been freed, so qemudShutdownVMDaemon() is too dangerous.

	We will reference NULL pointer in the function virDomainConfVMNWFilterTeardown():
	=============
	void
	virDomainConfVMNWFilterTeardown(virDomainObjPtr vm) {
	    int i;

	    if (nwfilterDriver != NULL) {
	        for (i = 0; i < vm->def->nnets; i++)
	            virDomainConfNWFilterTeardown(vm->def->nets[i]);
	    }
	}
	============
	vm->def->nnets is not 0 but vm->def->nets is NULL(We don't set vm->def->nnets
	to 0 when we free vm).

	We should add an extra reference of vm to avoid vm to be deleted if
	qemuConnectMonitor() failed.

2011-01-27  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix virtio channel tests
	As noticed by Eric, commit 8e28c5d40200b4c5d483bd585d237b9d870372e5,
	which fixed generation of virtio-serial port numbers, forgot to adjust
	test files which resulted in make check failure.

2011-01-27  Justin Clift  <jclift@redhat.com>

	docs: expand the man page text for virsh setmaxmem
	Addresses BZ # 622534:

	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-27  Eric Blake  <eblake@redhat.com>

	event: fix event-handling allocation crash
	Regression introduced in commit e6b68d7 (Nov 2010).

	Prior to that point, handlesAlloc was always a multiple of
	EVENT_ALLOC_EXTENT (10), and was an int (so even if the subtraction
	had been able to wrap, a negative value would be less than the count
	not try to free the handles array).  But after that point,
	VIR_RESIZE_N made handlesAlloc grow geometrically (with a pattern of
	10, 20, 30, 45 for the handles array) but still freed in multiples of
	EVENT_ALLOC_EXTENT; and the count changed to size_t.  Which means that
	after 31 handles have been created, then 30 handles destroyed,
	handlesAlloc is 5 while handlesCount is 1, and since (size_t)(1 - 5)
	is indeed greater than 1, this then tried to free 10 elements, which
	had the awful effect of nuking the handles array while there were
	still live handles.

	Nuking live handles puts libvirtd in an inconsistent state, and was
	easily reproducible by starting and then stopping 60 faqemu guests.

	* daemon/event.c (virEventCleanupTimeouts, virEventCleanupHandles):
	Avoid integer wrap-around causing us to delete the entire array
	while entries are still active.
	* tests/eventtest.c (mymain): Expose the bug.

2011-01-27  Justin Clift  <jclift@redhat.com>

	docs: fix incorrect XML element mentioned by setmem text

2011-01-27  Osier Yang  <jyang@redhat.com>

	remote: Add extra parameter pkipath for URI
	This new parameter allows user specifies where the client
	cerficate, client key, CA certificate of x509 is, instead of
	hardcoding it. If 'pkipath' is not specified, and the user
	is not root, try to find files in $HOME/.pki/libvirt, as long
	as one of client cerficate, client key, CA certificate can
	not be found, use default global location (LIBVIRT_CACERT,
	LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
	src/remote/remote_driver.h)

	Example of use:

	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
	or directory
	error: failed to connect to the hypervisor
	[root@Osier client]# ls -l
	total 24
	-rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
	-rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
	-rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
	-rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem

	[root@Osier client]# cp /tmp/cacert.pem .
	[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
	Welcome to virsh, the virtualization interactive terminal.

	Type:  'help' for help with commands
	'quit' to quit

	virsh #

	* src/remote/remote_driver.c: adds support for the new pkipath URI parameter

2011-01-27  Osier Yang  <jyang@redhat.com>

	storage: Round up capacity for LVM volume creation
	If vol->capacity is odd, the capacity will be rounded down
	by devision, this patch is to round it up instead of rounding
	down, to be safer in case of one writes to the volume with the
	size he used to create.

	- src/storage/storage_backend_logical.c: make sure size is not rounded down

2011-01-27  Daniel Veillard  <veillard@redhat.com>

	Update localization files from Fedora i10n

2011-01-27  David Allan  <dallan@redhat.com>

	Do not use virtio-serial port 0 for generic ports
	Per the discussion in:

	https://bugzilla.redhat.com/show_bug.cgi?id=670394

	The port numbering should start from 1, not 0.  We assign maxport + 1,
	so start maxport at 0.

2011-01-26  Laine Stump  <laine@laine.org>

	Manually kill gzip if restore fails before starting qemu
	If a guest image is saved in compressed format, and the restore fails
	in some way after the intermediate process used to uncompress the
	image has been started, but before qemu has been started to hook up to
	the uncompressor, libvirt will endlessly wait for the uncompressor to
	finish, but it never will because it's still waiting to have something
	hooked up to drain its output.

	The solution is to close the pipes on both sides of the uncompressor,
	then send a SIGTERM before calling waitpid on it (only if the restore
	has failed, of course).

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix setup of lib directory with autogen.sh --system
	On x86_64 hosts, /usr/lib64 must be used instead of /usr/lib
	Rather than attempt to whitelist architectures, just check
	for existance of /usr/lib64

	* autogen.sh: Fix to use /usr/lib64 if it exists

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Add check for poll error events in monitor
	Handle poll errors in the same way as hangup event

	* src/qemu/qemu_monitor.c: Handle error events

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Filter out certain expected error messages from libvirtd
	Add a hook to the error reporting APIs to allow specific
	error messages to be filtered out. Wire up libvirtd to
	remove VIR_ERR_NO_DOMAIN & similar error codes from the
	logs. They are still logged at DEBUG level.

	* daemon/libvirtd.c: Filter VIR_ERR_NO_DOMAIN and friends
	* src/libvirt_private.syms, src/util/virterror.c,
	  src/util/virterror_internal.h: Hook for changing error
	  reporting level

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Revert all previous error log priority hacks
	This reverts the additions in commit

	  abff683f78ffd01df5005fb7a457c0b38b8eb6e1

	taking us back to state where all errors are fully logged
	in both libvirtd and normal clients.

	THe intent was to stop VIR_ERR_NO_DOMAIN (No such domain
	with UUID XXXX) messages from client apps polluting syslog
	The change affected all error codes, but more seriously,
	it also impacted errors from internal libvirtd infrastructure
	For example guest autostart no longer logged errors. The
	libvirtd network code no longer logged some errors. This
	makes debugging incredibly hard

	* daemon/libvirtd.c: Remove error log priority filter
	* src/util/virterror.c, src/util/virterror_internal.h: Remove
	  callback for overriding log priority

2011-01-26  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup code style in logging APIs
	Remove use of brackets around following return statement.
	Fix indentation of two switch statements

2011-01-26  Laine Stump  <laine@laine.org>

	Set SELinux context label of pipes used for qemu migration
	This patch is a partial resolution to the following bug:

	   https://bugzilla.redhat.com/show_bug.cgi?id=667756

	(to complete the fix, an updated selinux-policy package is required,
	to add the policy that allows libvirt to set the context of a fifo,
	which was previously not allowed).

	Explanation : When an incoming migration is over a pipe (for example,
	if the image was compressed and is being fed through gzip, or was on a
	root-squash nfs server, so needed to be opened by a child process
	running as a different uid), qemu cannot read it unless the selinux
	context label for the pipe has been set properly.

	The solution is to check the fd used as the source of the migration
	just before passing it to qemu; if it's a fifo (implying that it's a
	pipe), we call the newly added virSecurityManagerSetFDLabel() function
	to set the context properly.

2011-01-26  Laine Stump  <laine@laine.org>

	Add a function to the security driver API that sets the label of an open fd.
	A need was found to set the SELinux context label on an open fd (a
	pipe, as a matter of fact). This patch adds a function to the security
	driver API that will set the label on an open fd to secdef.label. For
	all drivers other than the SELinux driver, it's a NOP. For the SElinux
	driver, it calls fsetfilecon().

	If the return is a failure, it only returns error up to the caller if
	1) the desired label is different from the existing label, 2) the
	destination fd is of a type that supports setting the selinux context,
	and 3) selinux is in enforcing mode. Otherwise it will return
	success. This follows the pattern of the existing function
	SELinuxSetFilecon().

2011-01-26  Justin Clift  <jclift@redhat.com>

	docs: add a link to the bindings page under the downloads menu item
	So people looking to download the language bindings, but don't know
	they're under the "Docs" area.

2011-01-25  Michal Privoznik  <mprivozn@redhat.com>

	virsh: require --mac to avoid detach-interface ambiguity
	bugfix for https://bugzilla.redhat.com/show_bug.cgi?id=671050

	virsh simply refutes to detach-interface in case when multiple
	interfaces are attached and --mac is not specified.

2011-01-25  Wen Congyang  <wency@cn.fujitsu.com>

	dispatch error before return

2011-01-25  Osier Yang  <jyang@redhat.com>

	qemu: Error prompt when managed save a shutoff domain
	The problem was introduced by commit 4303c91, which removed the checking
	of domain state, this patch is to fix it.

	Otherwise, improper error will be thrown, e.g.

	error: Failed to save domain rhel6 state
	error: cannot resolve symlink /var/lib/libvirt/qemu/save/rhel6.save: No such
	file or directory

2011-01-25  Eric Blake  <eblake@redhat.com>

	build: avoid corrupted gnulib/tests/Makefile
	Running 'make check' can sometimes fail in the gnulib/tests
	subdirectory, when doing an incremental build, because
	./bootstrap generates a Makefile.am that tries to refer to
	../../.. instead of ../.., and gets lost.

	This may be an upstream gnulib bug, where a more elegant
	solution will present itself in the future:
	http://thread.gmane.org/gmane.comp.lib.gnulib.bugs/24898

	But in the meantime, I was able to reproduce both the issue,
	and this solution to work around it.

	* bootstrap.conf (bootstrap_epilogue): Ensure that no stray
	../../.. components remain in gnulib/tests/Makefile.in.
	Reported by Serge Hallyn.

2011-01-24  Cole Robinson  <crobinso@redhat.com>

	qemu: sound: Support intel 'ich6' model
	In QEMU, the card itself is a PCI device, but it requires a codec
	(either -device hda-output or -device hda-duplex) to actually output
	sound. Specifying <sound model='ich6'/> gives us -device intel-hda
	-device hda-duplex I think it's important that a simple <sound model='ich6'/>
	sets up a useful codec, to have consistent behavior with all other sound cards.

	This is basically Dan's proposal of

	    <sound model='ich6'>
	        <codec type='output' slot='0'/>
	        <codec type='duplex' slot='3'/>
	    </sound>

	without the codec bits implemented.

	The important thing is to keep a consistent API here, we don't want some
	<sound> devs require tweaking codecs but not others. Steps I see to
	accomplishing this:

	    - every <sound> device has a <codec type='default'/> (unless codecs are
	        manually specified)
	    - <codec type='none'/> is required to specify 'no codecs'
	    - new audio settings like mic=on|off could then be exposed in
	        <sound> or <codec> in a consistent manner for all sound models

	v2:
	    Use model='ich6'

	v3:
	    Use feature detection, from eblake
	    Set codec id, bus, and cad values

	v4:
	    intel-hda isn't supported if -device isn't available

	v5:
	    Comment spelling fixes

2011-01-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Use VIR_ERR_CONFIG_UNSUPPORTED when appropriated

2011-01-21  Eric Blake  <eblake@redhat.com>

	event: fix event-handling data race
	This bug has been present since before the time that commit
	f8a519 (Dec 2008) tried to make the dispatch loop re-entrant.

	Dereferencing eventLoop.handles outside the lock risks crashing, since
	any other thread could have reallocated the array in the meantime.
	It's a narrow race window, however, and one that would have most
	likely resulted in passing bogus data to the callback rather than
	actually causing a segv, which is probably why it has gone undetected
	this long.

	* daemon/event.c (virEventDispatchHandles): Cache data while
	inside the lock, as the array might be reallocated once outside.

2011-01-21  Eric Blake  <eblake@redhat.com>

	build: fix 'make check' with older git
	* .gnulib: Update to latest, for maintainer-makefile fix.
	Reported by Matthias Bolte.

2011-01-21  Cole Robinson  <crobinso@redhat.com>

	Push unapplied fixups for previous patch
	- Add augeas tests
	- Clarify vnc_auto_unix_socket precedence in qemu.conf

2011-01-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Add conf option to auto setup VNC unix sockets
	If vnc_auto_unix_socket is enabled, any VNC devices without a hardcoded
	listen or socket value will be setup to serve over a unix socket in
	/var/lib/libvirt/qemu/$vmname.vnc.

	We store the generated socket path in the transient VM definition at
	CLI build time.

2011-01-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow serving VNC over a unix domain socket
	QEMU supports serving VNC over a unix domain socket rather than traditional
	TCP host/port. This is specified with:

	<graphics type='vnc' socket='/foo/bar/baz'/>

	This provides better security access control than VNC listening on
	127.0.0.1, but will cause issues with tools that rely on the lax security
	(virt-manager in fedora runs as regular user by default, and wouldn't be
	able to access a socket owned by 'qemu' or 'root').

	Also not currently supported by any clients, though I have patches for
	virt-manager, and virt-viewer should be simple to update.

	v2:
	    schema: Make listen vs. socket a <choice>

2011-01-21  Cole Robinson  <crobinso@redhat.com>

	qemu: Set domain def transient at beginning of startup process
	This will allow us to record transient runtime state in vm->def, like
	default VNC parameters. Accomplish this by adding an extra 'live' parameter
	to SetDefTransient, with similar semantics to the 'live' flag for
	AssignDef.

2011-01-21  Eric Blake  <eblake@redhat.com>

	maint: support --no-git option during autogen.sh
	https://bugzilla.redhat.com/show_bug.cgi?id=562743

	Also, fixes gnulib bug in dealing with strerror_r from glibc 2.13.

	* .gnulib: Update to latest, for improved bootstrap.
	* bootstrap: Resync from gnulib.
	* autogen.sh (bootstrap): Add --bootstrap-sync, to make it easier
	to keep bootstrap up-to-date.  Pass optional --no-git through.
	Reported by Aleksey Avdeev.

2011-01-21  Jim Fehlig  <jfehlig@novell.com>

	[v2] qemu: Retry JSON monitor cont cmd on MigrationExpected error
	When restoring a saved qemu instance via JSON monitor, the vm is
	left in a paused state.  Turns out the 'cont' cmd was failing with
	"MigrationExpected" error class and "An incoming migration is
	expected before this command can be executed" error description
	due to migration (restore) not yet complete.

	Detect if 'cont' cmd fails with "MigrationExpecte" error class and
	retry 'cont' cmd.

	V2: Fix potential double-free noted by Laine Stump

2011-01-21  Osier Yang  <jyang@redhat.com>

	qemu: report more proper error for unsupported graphics
	Report VIR_ERR_CONFIG_UNSUPPORTED instead of VIR_ERR_INTERNAL_ERROR,
	as it's valid in our domain schema, just unsupported by hypervisor
	here.

	* src/qemu/qemu_command.c

2011-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix startup with VNC password expiry on old QEMU
	The code which set VNC passwords correctly had fallback for
	the set_password command, but was lacking it for the
	expire_password command. This made it impossible to start
	a guest. It also failed to check whether QEMU was still
	running after the initial 'set_password' command completed

	* src/qemu/qemu_hotplug.c: Fix error handling when
	  password expiry fails
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  return code for missing expire_password command

2011-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting when machine type probe fails
	Avoid overwriting the real error message with a generic
	OOM failure message, when machine type probe fails

	* src/qemu/qemu_driver.c: Don't overwrite error

2011-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Avoid crash in security driver if model is NULL
	If the XML security model is NULL, it is assumed that the current
	model will be used with dynamic labelling. The verify step is
	meaningless and potentially crashes if dereferencing NULL

	* src/security/security_manager.c: Skip NULL model on verify

2011-01-21  Wen Congyang  <wency@cn.fujitsu.com>

	qemu: Fix a possible deadlock in p2p migration
	The function virUnrefConnect() may call virReleaseConnect() to release
	the dest connection, and the function virReleaseConnect() will call
	conn->driver->close().

	So the function virUnrefConnect() should be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.

	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

2011-01-20  Eric Blake  <eblake@redhat.com>

	docs: document <controller> element
	* docs/formatdomain.html.in: Talk about <controller> and <address>
	throughout.

2011-01-20  Justin Clift  <jclift@redhat.com>

	docs: move the apps page to the top level as its good promo

	docs: added new entries to apps page, plus adjusted a few existing
	Added new entries for Hudson, LCFG, Tivoli Provisioning Manager,
	virt-what, and Zenoss.  Adjusted the existing entries for BuildBot
	and vmware2libvirt.

2011-01-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Avoid sending STOPPED event twice
	In some circumstances, libvirtd would issue two STOPPED events after it
	stopped a domain. This was because an EOF event can arrive after a qemu
	process is killed but before qemuMonitorClose() is called.

	qemuHandleMonitorEOF() should ignore EOF when the domain is not running.

	I wasn't able to reproduce this bug directly, only after adding an
	artificial sleep() into qemudShutdownVMDaemon().

2011-01-19  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fail if per-device boot is used but deviceboot is not supported

	spec: Start libvirt-guests only if it's on in current runlevel

2011-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove redundant brackets around return values
	A large number of return values used 'return (0)' instead
	of simply 'return 0'. Remove all these redundant brackets
	so the style is consistent throughout the file

	* src/libvirt.c: Remove redundant brackets

2011-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Increase size of driver table to make UML work again
	The driver table only has 10 slots, but there are potentially
	11 drivers that need activating. Improve the error message
	when driver registration fails

	* src/libvirt.c: Increase driver table size & improve errors

2011-01-19  Daniel P. Berrange  <berrange@redhat.com>

	Turn libvirt.c error reporting functions into macros
	The virLibConnError() function (and related ones) do not correctly
	report line number info. Turn them all into macros so line numbers
	are reported correctly. Drop the connection object in all of them
	since it is no longer used.

	Also from the virLibConnWarning() equivalents completely. Now
	that the Xen driver is running 100% inside libvirtd, those
	codepaths for secondary drivers cannot be reached.

	* src/libvirt.c: Replace error functions with macros

2011-01-18  Eric Blake  <eblake@redhat.com>

	docs: document <sysinfo> and <smbios> elements
	* docs/formatdomain.html.in: Talk about <sysinfo> throughout.

	build: use more gnulib modules for simpler code
	* .gnulib: Update to latest, for sigpipe and sigaction modules.
	* bootstrap.conf (gnulib_modules): Add siaction, sigpipe, strerror_r.
	* tools/virsh.c (vshSetupSignals) [!SIGPIPE]: Delete, now that
	gnulib guarantees it.
	(SA_SIGINFO): Define for mingw fallback.
	* src/util/virterror.c (virStrerror): Simplify, now that gnulib
	guarantees the POSIX interface.
	* configure.ac (AC_CHECK_FUNCS_ONCE): Drop redundant check.
	(AM_PROG_CC_STDC): Move earlier, to keep autoconf happy.

2011-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove two unused PATH_MAX-sized char arrays from the stack

	Use VIR_ERR_OPERATION_INVALID when appropriated
	VIR_ERR_OPERATION_INVALID means that the operation is not valid
	for the current state of the involved object.

	Fix misuse of VIR_ERR_INVALID_* error code
	VIR_ERR_INVALID_* is meant for invalid pointers only.

2011-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Simplify "NWFilterPool" to "NWFilter"
	The public object is called NWFilter but the corresponding private
	object is called NWFilterPool. I don't see compelling reasons for this
	Pool suffix. One might argue that an NWFilter is a "pool" of rules, etc.

	Remove the Pool suffix from NWFilterPool. No functional change included.

2011-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	datatypes: Fix outdated function names in the documentation

	Add documentation for VIR_DOMAIN_MEMORY_PARAM_UNLIMITED
	Otherwise apibuild.py complains about it.

	datatypes: Get virSecretFreeName in sync with the other free functions

2011-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Move the "Network Filtering" page one level up in the hierarchy
	"Network Filtering" is not directly related to "Networks".

	Suggested by Daniel P. Berrange.

2011-01-18  Justin Clift  <jclift@redhat.com>

	docs: add buildbot to the apps page

2011-01-18  Eric Blake  <eblake@redhat.com>

	qemu: don't fail capabilities check on 0.12.x
	Fixes regression introduced in commit 2211518, where all qemu 0.12.x
	fails to start, as does qemu 0.13.x lacking the pci-assign device.
	Prior to 2211518, the code was just ignoring a non-zero exit status
	from the qemu child, but the virCommand code checked this to avoid
	masking any other issues, which means the real bug of provoking
	non-zero exit status has been latent for a longer time.

	* src/qemu/qemu_capabilities.c (qemuCapsExtractVersionInfo): Check
	for -device driver,? support.
	(qemuCapsExtractDeviceStr): Avoid failure if all probed devices
	are unsupported.
	Reported by Ken Congyang.

2011-01-18  Justin Clift  <jclift@redhat.com>

	docs: add new conversion heading to the apps listing

	docs: updated windows page for new 0.8.7 installer

2011-01-17  Eric Blake  <eblake@redhat.com>

	qemu: use -incoming fd:n to avoid qemu holding fd indefinitely
	https://bugzilla.redhat.com/show_bug.cgi?id=620363

	When using -incoming stdio or -incoming exec:, qemu keeps the
	stdin fd open long after the migration is complete.  Not to
	mention that exec:cat is horribly inefficient, by doubling the
	I/O and going through a popen interface in qemu.

	The new -incoming fd: of qemu 0.12.0 closes the fd after using
	it, and allows us to bypass an intermediary cat process for
	less I/O.

	* src/qemu/qemu_command.h (qemuBuildCommandLine): Add parameter.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Support
	migration via fd: when possible.  Consolidate migration handling
	into one spot, now that it is more complex.
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Update caller.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.args: New file.
	* tests/qemuxml2argvdata/qemuxml2argv-restore-v2-fd.xml: Likewise.

2011-01-17  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for per-device boot elements

	qemu: Support per-device boot ordering
	Support for this is included in qemu and seabios from upstream git.

2011-01-17  Jiri Denemark  <jdenemar@redhat.com>

	Introduce per-device boot element
	Currently, boot order can be specified per device class but there is no
	way to specify exact disk/NIC device to boot from.

	This patch adds <boot order='N'/> element which can be used inside
	<disk/> and <interface/>. This is incompatible with the older os/boot
	element. Since not all hypervisors support per-device boot
	specification, new deviceboot flag is included in capabilities XML for
	hypervisors which understand the new boot element. Presence of the flag
	allows (but doesn't require) users to use the new style boot order
	specification.

2011-01-17  Jiri Denemark  <jdenemar@redhat.com>

	conf: Move boot parsing into a separate function

2011-01-17  Eric Blake  <eblake@redhat.com>

	build: let xgettext see strings in libvirt-guests
	* tools/libvirt-guests.init.in: Rename...
	* tools/libvirt-guests.init.sh: ...so that xgettext's language
	detection via suffix will work.
	* po/POTFILES.in: Update all references.
	* tools/Makefile.am (EXTRA_DIST, libvirt-guests.init): Likewise.

2011-01-17  Laurent Léonard  <laurent@open-minds.org>

	libvirt-guests: remove bashisms
	* tools/libvirt-guests.init.sh: Use only POSIX shell features, which
	includes using gettext.sh for translation rather than $"".
	* tools/Makefile.am (libvirt-guests.init): Supply a few more substitutions.
	* po/POTFILES.in: Mark that libvirt-guests.init needs translation.

2011-01-17  Daniel Veillard  <veillard@redhat.com>

	A couple of fixes for the search PHP code

2011-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Remove obsolete secaatest
	Before the security driver was refactored in d6623003 seclabeltest and
	secaatest were basically the same. seclabeltest was meant for SELinux
	and secaatest for AppArmor. Both tests exited early when the specific
	security driver backend wasn't enabled.

	With the new security manager trying to initialize a disabled security
	driver backend is an error that can't be distinguished from other errors
	anymore. Therefore, the updated seclabeltest just asks for the first
	available backend as this will always work even with SELinux and AppArmor
	backend being disabled due to the new Nop backend.

	Remove the obsolete secaatest and compile and run the seclabeltest
	unconditional.

	This fixes make check on systems that support AppArmor.

2011-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Use WITH_SECDRIVER_APPARMOR to detect AppArmor support
	There is no ENABLE_SECDRIVER_APPARMOR.

2011-01-15  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Let virsh know the unlimited value for memory tunables
	Display or set unlimited values for memory parameters. Unlimited is
	represented by INT64_MAX in memory cgroup.

	Reported-by: Justin Clift <jclift@redhat.com>

2011-01-14  Eric Blake  <eblake@redhat.com>

	maint: improve sc_prohibit_strncmp syntax check
	* .gnulib: Update, for sc_prohibit_strcmp fix.
	* cfg.mk: Adjust copyright; the only FSF portions come from when
	this file was copied from coreutils.
	(sc_prohibit_strncmp): Copy bug-fixes from sc_prohibit_strcmp.
	* .x-sc_prohibit_strcmp: Delete, now that rule is smarter.
	* .x-sc_prohibit_strncmp: Likewise.
	* Makefile.am (syntax_check_exceptions): Track deletion.

2011-01-14  Eric Blake  <eblake@redhat.com>

	datatypes: avoid redundant __FUNCTION__
	virLibConnError already includes __FUNCTION__ in its output, so we
	were redundant.  Furthermore, clang warns that __FUNCTION__ is not
	a string literal (at least __FUNCTION__ will never contain %, so
	it was not a security risk).

	* src/datatypes.c: Replace __FUNCTION__ with a descriptive string.

2011-01-14  Laine Stump  <laine@laine.org>

	Enable tuning of qemu network tap device "sndbuf" size
	This is in response to a request in:

	   https://bugzilla.redhat.com/show_bug.cgi?id=665293

	In short, under heavy load, it's possible for qemu's networking to
	lock up due to the tap device's default 1MB sndbuf being
	inadequate. adding "sndbuf=0" to the qemu commandline -netdevice
	option will alleviate this problem (sndbuf=0 actually sets it to
	0xffffffff).

	Because we must be able to explicitly specify "0" as a value, the
	standard practice of "0 means not specified" won't work here. Instead,
	virDomainNetDef also has a sndbuf_specified, which defaults to 0, but
	is set to 1 if some value was given.

	The sndbuf value is put inside a <tune> element of each <interface> in
	the domain. The intent is that further tunable settings will also be
	placed inside this element.

	     <interface type='network'>
	       ...
	       <tune>
	         <sndbuf>0</sndbuf>
	       ...
	       </tune>
	     </interface>

2011-01-14  Laine Stump  <laine@laine.org>

	Add XML config switch to enable/disable vhost-net support
	This patch is in response to

	  https://bugzilla.redhat.com/show_bug.cgi?id=643050

	The existing libvirt support for the vhost-net backend to the virtio
	network driver happens automatically - if the vhost-net device is
	available, it is always enabled, otherwise the standard userland
	virtio backend is used.

	This patch makes it possible to force whether or not vhost-net is used
	with a bit of XML. Adding a <driver> element to the interface XML, eg:

	     <interface type="network">
	       <model type="virtio"/>
	       <driver name="vhost"/>

	will force use of vhost-net (if it's not available, the domain will
	fail to start). if driver name="qemu", vhost-net will not be used even
	if it is available.

	If there is no <driver name='xxx'/> in the config, libvirt will revert
	to the pre-existing automatic behavior - use vhost-net if it's
	available, and userland backend if vhost-net isn't available.

2011-01-14  Marc-André Lureau  <marcandre.lureau@redhat.com>

	Use the new set_password monitor command to set password.
	We try to use that command first when setting a VNC/SPICE password. If
	that doesn't work we fallback to the legacy VNC only password

	Allow an expiry time to be set, if that doesn't work, throw an error
	if they try to use SPICE.

	Change since v1:
	- moved qemuInitGraphicsPasswords to qemu_hotplug, renamed
	  to qemuDomainChangeGraphicsPasswords.
	- updated what looks like a typo (that appears to work anyway) in
	  initial patch from Daniel:
	    - ret = qemuInitGraphicsPasswords(driver, vm,
	    -                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    -                                 &vm->def->graphics[0]->data.vnc.auth,
	    -                                 driver->vncPassword);
	    + ret = qemuInitGraphicsPasswords(driver, vm,
	    +                                 VIR_DOMAIN_GRAPHICS_TYPE_SPICE,
	    +                                 &vm->def->graphics[0]->data.spice.auth,
	    +                                 driver->spicePassword);

	Based on patch by Daniel P. Berrange <berrange@redhat.com>.

2011-01-14  Marc-André Lureau  <marcandre.lureau@redhat.com>

	qemu: add set_password and expire_password monitor commands

2011-01-14  Jim Fehlig  <jfehlig@novell.com>

	Fix 'make check' after commit 04197350
	I broke 'make check' with commit 04197350 by unconditionally
	emitting 'hap=' in xen xm driver.  Only emit 'hap=' if
	xendConfigVersion >= 3.  I've tested sending 'hap=' to a Xen 3.2
	machine without support for hap setting and verified that xend
	silently drops the unrecognized setting.

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: move monitor device out of domain_conf common code
	* src/conf/domain_conf.h (virDomainChrDeviceType): Drop monitor.
	* src/conf/domain_conf.c (virDomainChrDevice)
	(virDomainChrDefParseTargetXML, virDomainChrDefFormat): Drop
	monitor support.
	* src/qemu/qemu_command.h (qemuBuildCommandLine): Alter signature.
	* src/qemu/qemu_monitor.h (qemuMonitorOpen): Likewise.
	* src/qemu/qemu_domain.h (_qemuDomainObjPrivate): Change type of
	monConfig.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateFree)
	(qemuDomainObjPrivateXMLFormat, qemuDomainObjPrivateXMLParse):
	Adjust to type change.
	* src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemuPrepareMonitorChr)
	(qemudStartVMDaemon, qemuDomainXMLToNative, qemuConnectMonitor)
	(qemudShutdownVMDaemon): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_monitor.c (qemuMonitorOpen): Likewise.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Likewise.

2011-01-14  Eric Blake  <eblake@redhat.com>

	domain_conf: split source data out from ChrDef
	This opens up the possibility of reusing the smaller ChrSourceDef
	for both qemu monitor and a passthrough smartcard device.

	* src/conf/domain_conf.h (_virDomainChrDef): Factor host
	details...
	(_virDomainChrSourceDef): ...into new struct.
	(virDomainChrSourceDefFree): New prototype.
	* src/conf/domain_conf.c (virDomainChrDefFree)
	(virDomainChrDefParseXML, virDomainChrDefFormat): Split...
	(virDomainChrSourceDefClear, virDomainChrSourceDefFree)
	(virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
	...into new functions.
	(virDomainChrDefParseTargetXML): Update clients to reflect type
	split.
	* src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
	(virVMXFormatSerial, virVMXFormatParallel): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
	* src/xen/xend_internal.c (xenDaemonParseSxprChar)
	(xenDaemonFormatSxprChr): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
	(vboxAttachParallel): Likewise.
	* src/security/security_dac.c (virSecurityDACSetChardevLabel)
	(virSecurityDACSetChardevCallback)
	(virSecurityDACRestoreChardevLabel)
	(virSecurityDACRestoreChardevCallback): Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback)
	(SELinuxRestoreSecurityChardevLabel)
	(SELinuxSetSecurityChardevCallback): Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.
	* src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
	Likewise.
	* src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
	* src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
	(umlDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.c (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr, qemuBuildCommandLine)
	(qemuParseCommandLineChr): Likewise.
	* src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
	(qemuDomainObjPrivateXMLParse): Likewise.
	* src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
	* src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
	* src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
	(qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
	(qemuPrepareMonitorChr, qemudShutdownVMDaemon)
	(qemuDomainOpenConsole): Likewise.
	* src/qemu/qemu_command.h (qemuBuildChrChardevStr)
	(qemuBuildChrArgStr): Delete, now that they are static.
	* src/libvirt_private.syms (domain_conf.h): New exports.
	* cfg.mk (useless_free_options): Update list.
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
	tests.

2011-01-14  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add support for Westmere CPU model

2011-01-14  Eric Blake  <eblake@redhat.com>

	qemu: improve device flag parsing
	* src/qemu/qemu_capabilities.h (qemuCapsParseDeviceStr): New
	prototype.
	* src/qemu/qemu_capabilities.c (qemuCapsParsePCIDeviceStrs)
	Rename and split...
	(qemuCapsExtractDeviceStr, qemuCapsParseDeviceStr): ...to make it
	easier to add and test device-specific checks.
	(qemuCapsExtractVersionInfo): Update caller.
	* tests/qemuhelptest.c (testHelpStrParsing): Also test parsing of
	device-related flags.
	(mymain): Update expected flags.
	* tests/qemuhelpdata/qemu-0.12.1-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.12.3-device: New file.
	* tests/qemuhelpdata/qemu-kvm-0.13.0-device: New file.

2011-01-13  Eric Blake  <eblake@redhat.com>

	util: add missing string->integer conversion functions
	It was awkward having only int conversion in the virStrToLong family,
	but only long conversion in the virXPath family.  Make both families
	support both types.

	* src/util/util.h (virStrToLong_l, virStrToLong_ul): New
	prototypes.
	* src/util/xml.h (virXPathInt, virXPathUInt): Likewise.
	* src/util/util.c (virStrToLong_l, virStrToLong_ul): New
	functions.
	* src/util/xml.c (virXPathInt, virXPathUInt): Likewise.
	* src/libvirt_private.syms (util.h, xml.h): Export them.

2011-01-13  Justin Clift  <jclift@redhat.com>

	docs: clarify virsh setvcpus and setmem usage with active domains
	Addresses BZ # 622534:

	  https://bugzilla.redhat.com/show_bug.cgi?id=622534

2011-01-13  Eric Blake  <eblake@redhat.com>

	qemu: convert capabilities to use virCommand
	* src/qemu/qemu_capabilities.c (qemuCapsProbeMachineTypes)
	(qemuCapsProbeCPUModels, qemuCapsParsePCIDeviceStrs)
	(qemuCapsExtractVersionInfo): Use virCommand rather than virExec.

2011-01-13  Justin Clift  <jclift@redhat.com>

	virsh: ensure --maximum flag used only with --config for setvcpus

2011-01-13  Jim Fehlig  <jfehlig@novell.com>

	Document HAP domain feature
	Add HAP feature to schema and documentation.

2011-01-13  Jim Fehlig  <jfehlig@novell.com>

	Add HAP to xen hypervisor capabilities
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.

	Xen does not provide a mechanism to discover the HAP capability, so
	we advertise its availability for hvm guests on Xen >= 3.3.

2011-01-13  Jim Fehlig  <jfehlig@novell.com>

	Add support for HAP feature to xen drivers
	xen-unstable c/s 16931 introduced a per-domain setting for hvm
	guests to enable/disable hardware assisted paging.  If disabled,
	software techniques such as shadow page tables are used.  If enabled,
	and the feature exists in underlying hardware, hardware support for
	paging is used.

	This provides implementation for mapping HAP setting to/from
	domxml/native formats in xen drivers.

2011-01-13  Jim Fehlig  <jfehlig@novell.com>

	Add HAP to virDomainFeature enum
	Extend the virDomainFeature enumeration to include HAP (hardware
	assisted paging) feature.

	Hardware features such as Extended Page Table and Nested Page
	Table augment hypervisor software techniques such as shadow
	page table.  Adding HAP to the virDomainFeature enumeration
	allows users to select between hardware and software memory
	management mechanisms for their guests.

2011-01-13  Eric Blake  <eblake@redhat.com>

	tests: virsh is no longer in builddir/src
	Commit 870dba0 (Mar 2008) added builddir/src to PATH to pick
	up virsh.  Later, virsh was moved to tools; commit db68d6b
	(Oct 2009) noticed this, but only added the new location rather
	than deleting the old location.

	* tests/Makefile.am (path_add): Drop now-useless directory.
	Suggested by Daniel P. Berrange.

2011-01-13  Eric Blake  <eblake@redhat.com>

	virFindFileInPath: only find executable non-directory
	Without this patch, at least tests/daemon-conf (which sticks
	$builddir/src in the PATH) tries to execute the directory
	$builddir/src/qemu rather than a real qemu binary.

	* src/util/util.h (virFileExists): Adjust prototype.
	(virFileIsExecutable): New prototype.
	* src/util/util.c (virFindFileInPath): Reject non-executables and
	directories.  Avoid huge stack allocation.
	(virFileExists): Use lighter-weight syscall.
	(virFileIsExecutable): New function.
	* src/libvirt_private.syms (util.h): Export new function.

2011-01-13  Daniel Veillard  <veillard@redhat.com>

	Fix old PHP syntax in the search online form

2011-01-13  Eric Blake  <eblake@redhat.com>

	build: restore mingw build
	* bootstrap.conf (gnulib_modules): Add chown.

2011-01-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak in HostSystem managed object free function

2011-01-12  Justin Clift  <jclift@redhat.com>

	docs: fix trivial typos in currentMemory description

2011-01-12  Wen Congyang  <wency@cn.fujitsu.com>

	doc: improve the documentation of desturi

	report error when specifying wrong desturi
	When we do peer2peer migration, the dest uri is an address of the
	target host as seen from the source machine. So we must specify
	the ip or hostname of target host in dest uri. If we do not specify
	it, report an error to the user.

2011-01-12  Osier Yang  <jyang@redhat.com>

	qemu: Reject SDL graphic if it's not supported by qemu
	If the emulator doesn't support SDL graphic, we should reject
	the use of SDL graphic xml with error messages, but not ignore
	it silently, and pretend things are fine.

	"-sdl" flag was exposed explicitly by qemu since 0.10.0, more detail:
	http://www.redhat.com/archives/libvir-list/2011-January/msg00442.html

	And we already have capability flag "QEMUD_CMD_FLAG_0_10", which
	could be used to prevent the patch affecting the older versions
	of QEMU.

	* src/qemu/qemu_command.c

2011-01-12  Justin Clift  <jclift@redhat.com>

	docs: reorder apps page alphabetically, plus add libguestfs entries

2011-01-11  Justin Clift  <jclift@redhat.com>

	docs: add entry for archipel to the apps page

	docs: use xml entity encoding for extended character last name

2011-01-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Silently ignore missing registry key on Windows
	Don't report an error when the VirtualBox registry key is missing,
	as this just indicates that VirtualBox is not installed in general.

	This matches the behavior of the XPCOM glue that silently ignores
	a missing VBoxXPCOMC.so.

2011-01-11  Richard W.M. Jones  <rjones@redhat.com>

	qemu: Watchdog IB700 is not a PCI device (RHBZ#667091).
	Skip IB700 when assigning PCI slots.

	Note: the I6300ESB watchdog _is_ a PCI device.

	To test this: I applied this patch to libvirt-0.8.3-2.fc14 (rebasing
	it slightly: qemu_command.c didn't exist in that version) and
	installed this on my machine, then tested that I could successfully
	add an ib700 watchdog device to a guest, start the guest, and the
	ib700 was available to the guest.  I also added an i6300esb (PCI)
	watchdog to another guest, and verified that libvirt assigned a PCI
	device to it, that the guest could be started, and that i6300esb was
	present in the guest.

	Note that if you previously had a domain with a ib700 watchdog, it
	would have had an <address type='pci' .../> clause added to it in the
	libvirt configuration.  This patch does not attempt to remove this.
	You cannot start such a domain -- qemu gives an error if you try.
	With this patch you are able to remove the bogus address element
	without libvirt adding it back.

2011-01-11  Eric Blake  <eblake@redhat.com>

	cpu: plug memory leak
	* src/cpu/cpu_x86.c (x86ModelLoad): Free data before overwriting.

2011-01-10  Eric Blake  <eblake@redhat.com>

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDefParseXML): Release ipNodes.

	network: plug unininitialized read found by valgrind
	* src/util/network.c (virSocketAddrMask): Zero out port, so that
	iptables can initialize just the netmask then call
	virSocketFormatAddr without an uninitialized read in getnameinfo.

2011-01-10  Justin Clift  <jclift@redhat.com>

	docs: updated memtune info again in virsh command reference

2011-01-10  Cole Robinson  <crobinso@redhat.com>

	python: Use PyCapsule API if available
	On Fedore 14, virt-manager spews a bunch of warnings to the console:

	/usr/lib64/python2.7/site-packages/libvirt.py:1781: PendingDeprecationWarning: The CObject type is marked Pending Deprecation in Python 2.7.  Please use capsule objects instead.

	Have libvirt use the capsule API if available. I've verified this compiles
	fine on older python (2.6 in RHEL6 which doesn't have capsules), and
	virt-manager seems to function fine.

2011-01-10  Cole Robinson  <crobinso@redhat.com>

	event-test: Simplify debug on/off
	Make it easy to change debugging if being used by a client program.

2011-01-10  Cole Robinson  <crobinso@redhat.com>

	remote: Don't lose track of events when callbacks are slow
	After the remote driver runs an event callback, it unconditionally disables the
	loop timer, thinking it just flushed every queued event. This doesn't work
	correctly though if an event is queued while a callback is running.

	The events actually aren't being lost, it's just that the event loop didn't
	think there was anything that needed to be dispatched. So all those 'lost
	events' should actually get re-triggered if you manually kick the loop by
	generating a new event (like creating a new guest).

	The solution is to disable the dispatch timer _before_ we invoke any event
	callbacks. Events queued while a callback is running will properly reenable the
	timer.

	More info at https://bugzilla.redhat.com/show_bug.cgi?id=624252

2011-01-10  Daniel P. Berrange  <berrange@redhat.com>

	Refactor the security drivers to simplify usage
	The current security driver usage requires horrible code like

	    if (driver->securityDriver &&
	        driver->securityDriver->domainSetSecurityHostdevLabel &&
	        driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
	                                                              vm, hostdev) < 0)

	This pair of checks for NULL clutters up the code, making the driver
	calls 2 lines longer than they really need to be. The goal of the
	patchset is to change the calling convention to simply

	  if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
	                                        vm, hostdev) < 0)

	The first check for 'driver->securityDriver' being NULL is removed
	by introducing a 'no op' security driver that will always be present
	if no real driver is enabled. This guarentees driver->securityDriver
	!= NULL.

	The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
	being non-NULL is hidden in a new abstraction called virSecurityManager.
	This separates the driver callbacks, from main internal API. The addition
	of a virSecurityManager object, that is separate from the virSecurityDriver
	struct also allows for security drivers to carry state / configuration
	information directly. Thus the DAC/Stack drivers from src/qemu which
	used to pull config from 'struct qemud_driver' can now be moved into
	the 'src/security' directory and store their config directly.

	* src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
	  use new virSecurityManager APIs
	* src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
	  src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
	  Move into src/security directory
	* src/security/security_stack.c, src/security/security_stack.h,
	  src/security/security_dac.c, src/security/security_dac.h: Generic
	  versions of previous QEMU specific drivers
	* src/security/security_apparmor.c, src/security/security_apparmor.h,
	  src/security/security_driver.c, src/security/security_driver.h,
	  src/security/security_selinux.c, src/security/security_selinux.h:
	  Update to take virSecurityManagerPtr object as the first param
	  in all callbacks
	* src/security/security_nop.c, src/security/security_nop.h: Stub
	  implementation of all security driver APIs.
	* src/security/security_manager.h, src/security/security_manager.c:
	  New internal API for invoking security drivers
	* src/libvirt.c: Add missing debug for security APIs

2011-01-10  Osier Yang  <jyang@redhat.com>

	conf: Report error if invalid type specified for character device
	If invalid type is specified, e.g.
	<serial type='foo'>
	    <target port='0'/>
	</serial>

	We replace 'foo' with "null" type implicitly, without reporting an
	error message to tell the user, and "start" or "edit" the domain
	will be success.

	It's not good to guess what the user wants, This patch is to fix
	the problem.

	* src/conf/domain_conf.c

2011-01-10  Jiri Denemark  <jdenemar@redhat.com>

	daemon: Fix core dumps if unix_sock_group is set
	Setting unix_sock_group to something else than default "root" in
	/etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on
	crash. This is because we used setgid(unix_sock_group) before binding to
	/var/run/libvirt/libvirt-sock* and setgid() back to original group.
	However, if a process changes its effective or filesystem group ID, it
	will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl
	is set to something else then 0 (and it is 0 by default).

	Changing socket's group ownership after bind works better. And we can do
	so without introducing a race condition since we loosen access rights by
	changing the group from root to something else.

2011-01-07  Guido Günther  <agx@sigxcpu.org>

	Add AM_MAINTAINER_MODE
	and keep it enabled by default. This allows downstreams to turn it off
	via:

	./configure --disable-maintainer-mode

	as discussed in

	https://www.redhat.com/archives/virt-tools-list/2010-October/msg00049.html

2011-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Move occurrence check into esxVI_LookupObjectContentByType
	This simplifies the callers of esxVI_LookupObjectContentByType.

2011-01-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add domain autostart support

2011-01-06  Diego Elio Pettenò  <flameeyes@gmail.com>

	commandtest: avoid printing loader-control variables from commandhelper
	This avoids throwing the tests off if LD_LIBRARY_PATH or LD_PRELOAD or
	other variables are set.

2011-01-06  Justin Clift  <jclift@redhat.com>

	docs: updated release of virsh cmd reference, with memtune info

2011-01-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmx: Add support for video device VRAM size
	Update test suite accordingly.

	vbox: Use correct VRAM size unit
	VirtualBox uses megabyte, libvirt uses kilobyte.

2011-01-06  Osier Yang  <jyang@redhat.com>

	API: Improve log for domain related APIs
	Add VM name/UUID in log for domain related APIs.
	Format: "dom=%p, (VM: name=%s, uuid=%s), param0=%s, param1=%s

	*src/libvirt.c (introduce two macros: VIR_DOMAIN_DEBUG, and
	VIR_DOMAIN_DEBUG0)

2011-01-06  Eric Blake  <eblake@redhat.com>

	schema: tighten <serial><protocol type=...> relaxNG
	* docs/schemas/domain.rng (qemucdevSrcDef): Restrict list of
	supported <protocol type=> values.

2011-01-06  Kay Schubert  <kayegypt@web.de>

	bridge: Fix generation of dnsmasq's --dhcp-hostsfile option
	I added a host definition to a network definition:

	<network>
	  <name>Lokal</name>
	  <uuid>2074f379-b82c-423f-9ada-305d8088daaa</uuid>
	  <bridge name='virbr1' stp='on' delay='0' />
	  <ip address='192.168.180.1' netmask='255.255.255.0'>
	    <dhcp>
	      <range start='192.168.180.128' end='192.168.180.254' />
	      <host mac='23:74:00:03:42:02' name='somevm' ip='192.168.180.10' />
	    </dhcp>
	  </ip>
	</network>

	But due to the wrong if-statement the argument --dhcp-hostsfile doesn't get
	added to the dnsmasq command. The patch below fixes it for me.

2011-01-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix bogus warning about uninitialized saveptr
	The warning is bogus since strtok_r doesn't use the value when it's
	first called and initializes it for the following calls.

2011-01-06  Laine Stump  <laine@laine.org>

	Don't chown qemu saved image back to root after save if dynamic_ownership=0
	When dynamic_ownership=0, saved images must be owned by the same uid
	as is used to run the qemu process, otherwise restore won't work. To
	accomplish this, qemuSecurityDACRestoreSavedStateLabel() needs to
	simply return when it's called.

	This fix is in response to:

	  https://bugzilla.redhat.com/show_bug.cgi?id=661720

2011-01-05  Eric Blake  <eblake@redhat.com>

	maint: document dislike of mismatched if/else bracing
	* docs/hacking.html.in (Curly braces): Tighten recommendations to
	disallow if (cond) one-line; else { block; }.
	* HACKING: Regenerate.
	Suggested by Daniel P. Berrange.

2011-01-05  Laine Stump  <laine@laine.org>

	Log an error on attempts to add a NAT rule for non-IPv4 addresses
	Although the upper-layer code protected against it, it was possible to
	call iptablesForwardMasquerade() with an IPv6 address and have it
	attempt to add a rule to the MASQUERADE chain of ip6tables (which
	doesn't exist).

	This patch changes that function to check the protocol of the given
	address, generate an error log if it's not IPv4 (AF_INET), and finally
	hardcodes all the family parameters sent down to lower-level functions.

2011-01-05  Laine Stump  <laine@laine.org>

	Improve error reporting when parsing dhcp info for virtual networks
	This is partially in response to

	  https://bugzilla.redhat.com/show_bug.cgi?id=653300

	The crash in that report was coincidentally fixed when we switched
	from using inet_pton() to using virSocketParseAddr(), but the absence
	of an ip address in a dhcp static host definition was still silently
	ignored (and that entry discarded from the saved XML). This patch
	turns that into a logged failure; likewise if the entry has neither a
	mac address nor a name attribute (the entry is useless without at
	least one of those, plus an ip address).

	Since the network name is now pulled into this function in order for
	those error logs to be more informative, the other error messages in
	the function have also been changed to take advantage.

2011-01-05  Justin Clift  <jclift@redhat.com>

	docs: added libvirt-announce to contact page
	Also added explicit links to the subscription and
	archive pages for the user and developer mailing
	lists.

2011-01-04  Stefan Berger  <stefanb@us.ibm.com>

	qemu driver: fix positioning to end of log file
	While doing some testing with Qemu and creating huge logfiles I encountered the case where the VM could not start anymore due to the lseek() to the end of the Qemu VM's log file failing. The patch below fixes the problem by replacing the previously used 'int' with 'off_t'.

	To reproduce this error, you could do the following:

	dd if=/dev/zero of=/var/log/libvirt/qemu/<name of VM>.log bs=1024 count=$((1024*2048))

	and you should get an error like this:

	error: Failed to start domain <name of VM>
	error: Unable to seek to -2147482651 in /var/log/libvirt/qemu/<name of VM>.log: Success

2011-01-04  Eric Blake  <eblake@redhat.com>

	build: satisfy 'make syntax-check' regarding year change
	* .gnulib: Update to latest, to pick up 2011 copyrights.

2011-01-04  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.7
	* configure.ac libvirt.spec.in docs/news.html.in: bump version and add
	  documentation
	* po/*po*: regenerate po and pot files

2011-01-03  Eric Blake  <eblake@redhat.com>

	build: avoid compilation warnings
	Detected on cygwin:
	util/util.c: In function 'virSetUIDGID':
	util/util.c:2824: warning: format '%d' expects type 'int', but argument 7 has type 'gid_t' [-Wformat]
	(and three other lines)

	* src/util/util.c (virSetUIDGID): Cast, as is done elsewhere in
	this file, to avoid printf type mismatch warnings.

2011-01-03  Hu Tao  <hutao@cn.fujitsu.com>

	threadpool: allow NULL jobdata
	Don't require non-null jobdata to virThreadPoolSendJob().

2011-01-03  Chris Wright  <chrisw@redhat.com>

	node_device: udev driver does not handle SR-IOV devices
	The udev driver does not update a PCI device with its SR-IOV capabilities,
	when applicable, the way the hal driver does.  As a result, dumping the
	device's XML will not include the relevant physical or virtual function
	information.

	With this patch, the XML is correct:

	# virsh nodedev-dumpxml pci_0000_09_00_0
	<device>
	  <name>pci_0000_09_00_0</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>9</bus>
	    <slot>0</slot>
	    <function>0</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='virt_functions'>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x1'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x2'/>
	      <address domain='0x0000' bus='0x0a' slot='0x00' function='0x3'/>
	    </capability>
	  </capability>
	</device>

	# virsh nodedev-dumpxml pci_0000_0a_00_1
	<device>
	  <name>pci_0000_0a_00_1</name>
	  <parent>pci_0000_00_1c_0</parent>
	  <driver>
	    <name>vxge</name>
	  </driver>
	  <capability type='pci'>
	    <domain>0</domain>
	    <bus>10</bus>
	    <slot>0</slot>
	    <function>1</function>
	    <product id='0x5833'>X3100 Series 10 Gigabit Ethernet PCIe</product>
	    <vendor id='0x17d5'>Neterion Inc.</vendor>
	    <capability type='phys_function'>
	      <address domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
	    </capability>
	  </capability>
	</device>

	Cc: Dave Allan <dallan@redhat.com>

2010-12-31  Eric Blake  <eblake@redhat.com>

	virExec: fix logic bug
	As pointed out in https://bugzilla.redhat.com/show_bug.cgi?id=659855#c9,
	commit c3568ec2 introduced a regression where we no longer close any
	fd's beyond FD_SETSIZE.

	* src/util/util.c (__virExec): Continue to close fd's beyond
	keepfd range.
	Reported by Stefan Praszalowicz.

2010-12-31  Laine Stump  <laine@laine.org>

	Improve virSocketAddrMask[ByPrefix] API
	The original version of these functions would modify the address sent
	in, meaning that the caller would usually need to copy the address
	first. This change makes the original a const, and puts the resulting
	masked address into a new arg (which could point to the same
	virSocketAddr as the original, if the caller really wants to modify
	it).

	This also makes the API consistent with virSocketAddrBroadcast[ByPrefix].

2010-12-31  Laine Stump  <laine@laine.org>

	Set broadcast address for IPv4 addresses on virtual network bridges
	Previously we used ioctl() to set the IP address and netmask of the
	bridges used for virtual networks, and apparently the SIOCSIFNETMASK
	ioctl implicitly set the broadcast address for the interface. The new
	method of using the "ip" command requires broadcast address to be
	explicitly specified though.

	Utility functions to produce an IPv4 broadcast address
	These functions work only for IPv4, becasue IPv6 doesn't have the same
	concept of "broadcast address" as IPv4. They merely OR the inverse of
	the netmask with the given host address, thus turning on all the host
	bits.

2010-12-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix "occurence" typo (again)
	Also include some whitespace changes. No functional change included.

2010-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add support for VirtualBox 4.0
	Add vboxArrayGetWithUintArg to handle new signature variations. Also
	refactor vboxArrayGet* implementation to use a common helper function.

	Deal with the incompatible changes in the VirtualBox 4.0 API. This
	includes major changes in virtual machine and storage medium lookup,
	in RDP server property handling, in session/lock handling and other
	minor areas.

	VirtualBox 4.0 also dropped the old event API and replaced it with a
	completely new one. This is not fixed yet and will be addressed in
	another patch. Therefore, currently the domain events are supported
	for VirtualBox 3.x only.

	Based on initial work from Jean-Baptiste Rouault.

2010-12-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix misuse of VIR_ERR_INVALID_DOMAIN
	VIR_ERR_INVALID_DOMAIN is meant for invalid domain pointers.
	VIR_ERR_NO_DOMAIN is meant for non-existing domains.

2010-12-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Handle different IID representation in Version 2.2 on Windows
	On Windows IID's are represented as GUID by value, instead of nsID
	by reference on non-Windows platforms.

	Patch the vbox_CAPI_v2_2.h header to deal with this difference.

	Rewrite vboxIID abstraction that deals with the different IID
	representations. Add support for the GUID representation. Also unify
	the four context dependent free functions for vboxIIDs

	  vboxIIDUnalloc, vboxIIDFree, vboxIIDUtf8Free, vboxIIDUtf16Free

	into vboxIIDUnalloc that is now safe to be called (even multiple
	times) on a vboxIID independent of the source and context of the
	vboxIID.

	The new vboxIID is designed to be used as a stack allocated variable.
	It has a value member that represents the actual IID value.

2010-12-24  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	update docs for network disks

2010-12-24  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix building error when building without libvirtd
	When I build libvirt without libvirtd, I receive some errors:
	cp: cannot stat `/home/wency/rpmbuild/BUILDROOT/libvirt-0.8.6-1.el6.x86_64/etc/libvirt/qemu/networks/default.xml': No such file or directory

	My build step:
	# ./autogen.sh --without-libvirtd
	# make dist
	# rpmbuild --nodeps --define "_sourcedir `pwd`" --define "_without_libvirtd 1" -ba libvirt.spec

	The reason is we disable network when we do not build libvirt daemon in configure.ac.
	After fixing this bug, I build libvirt without libvirtd, I receive other errors:
	RPM build errors:
	    Installed (but unpackaged) file(s) found:
	   /usr/share/doc/libvirt-0.8.6/html/32favicon.png
	   /usr/share/doc/libvirt-0.8.6/html/api.html
	..

2010-12-24  Eric Blake  <eblake@redhat.com>

	qemu: add -incoming fd:n capability checking
	* src/qemu/qemu_capabilities.h (QEMUD_CMD_FLAG_MIGRATE_QEMU_FD):
	New enum value.
	* src/qemu/qemu_capabilities.c (qemuCapsComputeCmdFlags): Populate
	flags according to qemu version.
	* tests/qemuhelptest.c (mymain): Adjust test.

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	spec: Enable ESX driver on RHEL

2010-12-23  Daniel P. Berrange  <berrange@redhat.com>

	spec: Automatically turn on cgconfig service
	A number of the libvirt APIs require the use of cgroups. This is not
	enabled by default on a RHEL6 install. After discussion with cgroups
	team, it was decided that upon installation of the libvirt RPM, we
	should automatically turn on the cgroups service. This will activate a
	default configuration that turns on all cgroups controllers libvirt
	requires for full operation.

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix uninitialized variable

2010-12-23  Laine Stump  <laine@laine.org>

	Replace setuid/setgid/initgroups with virSetUIDGID()
	This patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=664406

	If qemu is run as a different uid, it has been unable to access mode
	0660 files that are owned by a different user, but with a group that
	the qemu is a member of (aside from the one group listed in the passwd
	file), because initgroups() is not being called prior to the
	exec. initgroups will change the group membership of the process (and
	its children) to match the new uid.

	To make this happen, the setregid()/setreuid() code in
	qemuSecurityDACSetProcessLabel has been replaced with a call to
	virSetUIDGID(), which does both of those, plus calls initgroups.

	Similar, but not identical, code in qemudOpenAsUID() has been replaced
	with virSetUIDGID(). This not only consolidates the functionality to a
	single location, but also potentially fixes some as-yet unreported
	bugs.

2010-12-23  Laine Stump  <laine@laine.org>

	new virSetUIDGID() utility function
	virSetUIDGID() sets both the real and effective group and user of the
	process, and additionally calls initgroups() to assure that the
	process joins all the auxiliary groups that the given uid is a member
	of.

	Preserve errno across calls to error reporting functions & VIR_FREE
	There are cases when we want log an error message, and possibly free
	some memory as part of the cleanup, while still preserving errno for a
	caller, but the functions that log errors, and virFree (VIR_FREE) make
	system calls that will clear errno. This patch preserves errno during
	those most basic functions (corresponding to virReportSystemError(),
	virReportOOMError(), networkReportError(), etc, as well as
	virStrError()). It does *not preserve errno across calls to higher
	level items such as virDispatchError(), as it's assumed the caller is
	all finished with any need for errno by the time it dispatches the
	error.

2010-12-23  Laine Stump  <laine@laine.org>

	Run radvd for virtual networks with IPv6 addresses
	Running an instance of the router advertisement daemon (radvd) allows
	guests using the virtual network to automatically acquire an IPv6
	address and default route. Note that acquiring an address only works
	for networks with a prefix length of exactly 64 - radvd is still run
	in other circumstances, and still advertises routes, but autoconf will
	not work because it requires exactly 64 bits of address info from the
	network prefix.

	This patch avoids a race condition with the pidfile by manually
	daemonizing radvd rather than allowing it to daemonize itself, then
	creating our own pidfile (in addition to radvd's own file, which is
	unnecessary, but there is no way to tell radvd to not create it). This
	is accomplished by exec'ing it with "--debug 1" in the commandline,
	and using virCommand's features to fork, create a pidfile, and detach
	from the newly forked process.

2010-12-23  Laine Stump  <laine@laine.org>

	Turn on IPv6 support in the bridge_driver.c virtual network driver
	At this point everything is already in place to make IPv6 happen, we just
	need to add a few rules, remove some checks for IPv4-only, and document
	the changes to the XML on the website.

2010-12-23  Laine Stump  <laine@laine.org>

	Update iptables.c to also support ip6tables.
	All of the iptables functions eventually call down to a single
	bottom-level function, and fortunately, ip6tables syntax (for all the
	args that we use) is identical to iptables format (except the
	addresses), so all we need to do is:

	1) Get an address family down to the lowest level function in each
	   case, either implied through an address, or explicitly when no
	   address is in the parameter list, and

	2) At the lowest level, just decide whether to call "iptables" or
	   "ip6tables" based on the family.

	The location of the ip6tables binary is determined at build time by
	autoconf. If a particular target system happens to not have ip6tables
	installed, any attempts to run it will generate an error, but that
	won't happen unless someone tries to define an IPv6 address for a
	network. This is identical behavior to IPv4 addresses and iptables.

2010-12-23  Laine Stump  <laine@laine.org>

	Support multiple IP addresses on one network in bridge_driver.c
	This patch reorganizes the code in bridge_driver.c to account for the
	concept of a single network with multiple IP addresses, without adding
	in the extra variable of IPv6. A small bit of code has been
	temporarily added that checks all given addresses to verify they are
	IPv4 - this will be removed when full IPv6 support is turned on.

2010-12-23  Laine Stump  <laine@laine.org>

	Change virtual network XML parsing/formatting to support IPv6
	This commit adds support for IPv6 parsing and formatting to the
	virtual network XML parser, including moving around data definitions
	to allow for multiple <ip> elements on a single network, but only
	changes the consumers of this API to accommodate for the changes in
	API/structure, not to add any actual IPv6 functionality. That will
	come in a later patch - this patch attempts to maintain the same final
	functionality in both drivers that use the network XML parser - vbox
	and "bridge" (the Linux bridge-based driver used by the qemu
	hypervisor driver).

	* src/libvirt_private.syms: Add new private API functions.
	* src/conf/network_conf.[ch]: Change C data structure and
	  parsing/formatting.
	* src/network/bridge_driver.c: Update to use new parser/formatter.
	* src/vbox/vbox_tmpl.c: update to use new parser/formatter
	* docs/schemas/network.rng: changes to the schema -
	  * there can now be more than one <ip> element.
	  * ip address is now an ip-addr (ipv4 or ipv6) rather than ipv4-addr
	  * new optional "prefix" attribute that can be used in place of "netmask"
	  * new optional "family" attribute - "ipv4" or "ipv6"
	    (will default to ipv4)
	  * define data types for the above
	* tests/networkxml2xml(in|out)/nat-network.xml: add multiple <ip> elements
	  (including IPv6) to a single network definition to verify they are being
	  correctly parsed and formatted.

2010-12-23  Laine Stump  <laine@laine.org>

	make the <dhcp> element optional in network.rng
	In practice this has always been optional, but the RNG has shown it as
	mandatory, and since all the examples for make check had it, it was
	never noticed. One of the existing test cases has been changed to
	check for this.

	I also noticed that the dhcp/host/ip was still defined as <text/>,
	but should really be <ref name='ipv4-addr'/>

2010-12-23  Laine Stump  <laine@laine.org>

	Replace brSetInetAddress/brSetInetNetmask with brAddInetAddress
	brSetInetAddress can only set a single IP address on the bridge, and
	uses a method (ioctl(SIOCSETIFADDR)) that only works for IPv4. Replace
	it and brSetInetNetmask with a single function that uses the external
	"ip addr add" command to add an address/prefix to the interface - this
	supports IPv6, and allows adding multiple addresses to the interface.

	Although it isn't currently used in the code, we also add a
	brDelInetAddress for completeness' sake.

	Also, while we're modifying bridge.c, we change brSetForwardDelay and
	brSetEnableSTP to use the new virCommand API rather than the
	deprecated virRun, and also log an error message in bridge_driver.c if
	either of those fail (previously the failure would be completely
	silent).

2010-12-23  Laine Stump  <laine@laine.org>

	Make virtual network netmasks optional
	When a netmask isn't specified for an IPv4 address, one can be implied
	based on what network class range the address is in. The
	virNetworkDefPrefix function does this for us, so netmask isn't
	required.

2010-12-23  Laine Stump  <laine@laine.org>

	Pass prefix rather than netmask into iptables functions
	IPv6 will use prefix exclusively, and IPv4 will also optionally be
	able to use it, and the iptables functions really need a prefix
	anyway, so use the new virNetworkDefPrefix() function to send prefixes
	into iptables functions instead of netmasks.

	Also, in a couple places where a netmask is actually needed, use the
	new private API function for it rather than getting it directly. This
	will allow for cases where no netmask or prefix is specified (it
	returns the default for the current class of network.)

2010-12-23  Laine Stump  <laine@laine.org>

	Consistently return 0 on success, -1 on failure in bridge_driver.c
	Some functions in this file were returning 1 on success and 0 on
	failure, and others were returning 0 on success and -1 on
	failure. Switch them all to return the libvirt-preferred 0/-1.

	Fix logging of failed iptables commands
	The functions in iptables.c all return -1 on failure, but all their
	callers (which all happen to be in bridge_driver.c) assume that they
	are returning an errno, and the logging is done accordingly. This
	patch fixes all the error checking and logging to assume < 0 is an
	error, and nothing else.

2010-12-23  Laine Stump  <laine@laine.org>

	New virNetworkDef utility functions
	Later patches will add the possibility to define a network's netmask
	as a prefix (0-32, or 0-128 in the case of IPv6). To make it easier to
	deal with definition of both kinds (prefix or netmask), add two new
	functions:

	virNetworkDefNetmask: return a copy of the netmask into a
	virSocketAddr. If no netmask was specified in the XML, create a
	default netmask based on the network class of the virNetworkDef's IP
	address.

	virNetworkDefPrefix: return the netmask as numeric prefix (or the
	default prefix for the network class of the virNetworkDef's IP
	address, if no netmask was specified in the XML)

2010-12-23  Laine Stump  <laine@laine.org>

	New virSocketAddr utility functions
	virSocketPrefixToNetmask: Given a 'prefix', which is the number of 1
	bits in a netmask, fill in a virSocketAddr object with a netmask as an
	IP address (IPv6 or IPv4).

	virSocketAddrMask: Mask off the host bits in one virSocketAddr
	according to the netmask in another virSocketAddr.

	virSocketAddrMaskByPrefix, Mask off the host bits in a virSocketAddr
	according to a prefix (number of 1 bits in netmask).

	VIR_SOCKET_FAMILY: return the family of a virSocketAddr

2010-12-23  Wen Congyang  <wency@cn.fujitsu.com>

	fix syntax error in configure.ac
	When I run configure, I receive some syntax error.

	.....
	checking where to find <rpc/rpc.h>... none
	checking for library containing dlopen... -ldl
	/configure: line 52500: test: =: unary operator expected
	/configure: line 52766: test: =: unary operator expected
	checking linux/kvm.h usability... yes
	checking linux/kvm.h presence... yes
	.....

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Make VMware Workstation / Player page appear in the menu
	By adding it to sitemap.html.in. Also <ul> can't be nested in <p>.

2010-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Reparent children when deleting a snapshot
	Shorten qemuDomainSnapshotWriteSnapshotMetadata function name
	and make it take a snapshot pointer instead of dealing with
	the current snapshot. Update other functions accordingly.

	Add a qemuDomainSnapshotReparentChildren hash iterator to
	reparent the children of a snapshot that is being deleted. Use
	qemuDomainSnapshotWriteMetadata to write updated metadata
	to disk.

	This fixes a problem where outdated parent information breaks
	the snapshot tree and hinders the deletion of child snapshots.

	Reported by Philipp Hahn.

2010-12-23  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add info about VMware driver to the libvirt website

2010-12-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add --force option to update-device

2010-12-22  Jim Fehlig  <jfehlig@novell.com>

	Set bitmap size when allocating a bitmap
	I began noticing a race when reserving VNC ports as described here

	https://www.redhat.com/archives/libvir-list/2010-November/msg00379.html

	Turns out that we were not initializing the size field of bitmap
	struct when allocating the bitmap.  This subsequently caused
	virBitmapSetBit() to fail since bitmap->size is 0, hence we never
	actually reserved the port.

2010-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume wiping

	esx: Add support for storage volume deletion

2010-12-22  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Return SPICE ports on domain shutdown
	Commit ed0d9f6c0cdd56f38ce31b8d9b5293162addaa23 added support for
	automatic port allocation for SPICE but forgot to mark such ports as
	unused when they are not used anymore.

2010-12-22  Eric Blake  <eblake@redhat.com>

	virterror: avoid API breakage with vmware
	Fix glitch in commit cddd2a06 (thankfully post-0.8.6, so no
	released version has the glitch).

	Document and try to workaround glitch in commit 46e9b0f (in 0.8.0),
	which invalidated 6 virErrorNumber values dating as far back as 0.7.1.

	My audit did not find any other glitches until pre-0.1.0 days.  I'm
	not sure how to add a syntax-check off the top of my head, but
	hopefully the explicit numbering will make people think twice about
	renumbering in the future.

	* include/libvirt/virterror.h (virErrorDomain): Avoid inserting
	new values in the middle, and add explicit numbering to help avoid
	this in the future.
	(virErrorNumber): Add explicit numbering, and document the snafu.
	* src/remote/remote_driver.c (remoteIO): Compensate for the snafu.

2010-12-22  Hu Tao  <hutao@cn.fujitsu.com>

	Fix memory leak in virsh

2010-12-22  Justin Clift  <jclift@redhat.com>

	docs: fixed typo, added table of contents

2010-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute libvirt_vmx.syms
	This fixes the build from a tarball and makes autobuild.sh
	work again.

	This should actually have been part of this earlier commit:

	  esx: Move VMX handling code out of the driver directory
	  42b2f35d36a9e33f03e973130267c19cff910f2e

	Reported by Eric Blake.

2010-12-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	vmware: Fix undefine symbol with loadable drivers enabled
	All other drivers are explicitly linked to gnulib. The VMware
	driver lacked this, resulting in mdir_name being an undefine
	symbol.

	Explicitly link the VMware driver to gnulib to fix this.

2010-12-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Move VMX handling code out of the driver directory
	Now the VMware driver doesn't depend on the ESX driver anymore.

	Add a WITH_VMX option that depends on WITH_ESX and WITH_VMWARE.
	Also add a libvirt_vmx.syms file.

	Move some escaping functions from esx_util.c to vmx.c.

	Adapt the test suite, ESX and VMware driver to the new code layout.

2010-12-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix cluster resource lookup when connecting to a vCenter
	Connecting to a ESX(i) server that is part of a cluster failed
	when the connection also involved a vCenter.

	Accept ClusterComputeResource type in addition to ComputeResource
	type in the object lookup function.

	Reported by Guillaume Le Louët.

2010-12-21  Eric Blake  <eblake@redhat.com>

	maint: avoid space-tab
	* daemon/Makefile.am: Avoid spurious space before tabs.
	* src/Makefile.am: Likewise.
	* examples/dominfo/Makefile.am: Likewise.
	* examples/domsuspend/Makefile.am: Likewise.
	* tools/Makefile.am: Likewise.
	* src/datatypes.h (VIR_CONNECT_MAGIC): Likewise.
	* src/internal.h (TODO): Likewise.
	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE): Likewise.
	* src/xen/xen_hypervisor.c (XEN_V2_OP_GETAVAILHEAP): Likewise.
	* src/xen/xs_internal.h: Likewise.

	command: avoid hanging on daemon processes
	* src/util/command.c (virCommandRun): Don't capture output on
	daemons.
	* tests/commandtest.c (test18): Expose the bug.
	Reported by Laine Stump.

	build: skip vmware driver when building for RHEL
	* libvirt.spec.in: Provide vmware conditionals.

2010-12-21  Osier Yang  <jyang@redhat.com>

	storage: Ignore dangling symbolic link for filesystem pool
	If there is a dangling symbolic link in filesystem pool, the pool
	will fail to start or refresh, this patch is to fix it by ignoring
	it with a warning log.

2010-12-21  Josh Durgin  <joshd@hq.newdream.net>

	Skip file-based security checks for network disks
	Network disks are accessed by qemu directly, and have no
	associated file on the host, so checking for file ownership etc.
	is unnecessary.

2010-12-21  Justin Clift  <jclift@redhat.com>

	docs: added compiling page and significantly expanded windows page
	Also added an additional menu placement for the windows page, in
	order to attract further potential testers.

2010-12-20  Eric Blake  <eblake@redhat.com>

	build: make building on cygwin easier
	* configure.ac (dlopen): Cygwin dlopen is in libc; avoid spurious
	failure.
	(XDR_CFLAGS): Define when needed.
	* src/Makefile.am (libvirt_driver_remote_la_CFLAGS): Use it.

	qemu: use virAsprintf instead of PATH_MAX
	* src/qemu/qemu_driver.c (qemudLogFD, qemudLogReadFD)
	(qemudStartup, qemudGetProcessInfo): Use heap instead of stack.

2010-12-20  Eric Blake  <eblake@redhat.com>

	tests: avoid spurious failure of nodeinfotest
	When running 'make check' under a multi-cpu Dom0 xen machine,
	nodeinfotest had a spurious failure it was reading from
	/sys/devices/system/cpu, but xen has no notion of topology.  The test
	was intended to be isolated from reading any real system files; the
	regression was introduced in Mar 2010 with commit aa2f6f96dd.

	Fix things by allowing an early exit for the testsuite.

	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Add parameter.
	(nodeGetInfo): Adjust caller.
	* tests/nodeinfotest.c (linuxTestCompareFiles): Likewise.

2010-12-20  Eric Blake  <eblake@redhat.com>

	tests: avoid data race
	I got some spurious failures when commandhelper won the race and
	ran to the point of parent detection prior to the intermediate
	daemonizing process getting a chance to exit.  This fixes it.

	* tests/commandhelper.c (main): Checking for re-parenting to
	init(1) is racy; instead check that we belong to a new session.

2010-12-20  Eric Blake  <eblake@redhat.com>

	build: improve testsuite results with older automake
	* tests/Makefile.am (TESTS_ENVIRONMENT, commandtest_CFLAGS)
	(commandhelper_CFLAGS): Avoid $(builddir) and $(abs_builddir) in
	automake 1.9.6; fixes spurious failures of commandtest.

	build: allow older libselinux again
	* configure.ac (with_selinux): Check for <selinux/label.h>.
	* src/security/security_selinux.c (getContext): New function.
	(SELinuxRestoreSecurityFileLabel): Use it to restore compilation
	when using older libselinux.

2010-12-20  Eric Blake  <eblake@redhat.com>

	build: allow autoconf 2.59 again
	Autoconf 2.59 doesn't define ${localedir}, so libvirt was failing
	to compile due to a missing LOCALEDIR until today's configmake fix.

	* .gnulib: Update to latest for configmake fix.
	* configure.ac (libpcap): Avoid AS_CASE.

2010-12-20  Wen Congyang  <wency@cn.fujitsu.com>

	build: fix typo that broke 'make dist'
	* src/Makefile.am (VMWARE_DRIVER_SOURCES): Fix vmware_driver.h.

2010-12-20  Eric Blake  <eblake@redhat.com>

	libvirt-guests: avoid sourcing failure
	* tools/libvirt-guests.init.in (libvirtd): Skip function library
	if it is not present.
	Suggested by Guido Günther.

2010-12-20  Paweł Krześniak  <pawel.krzesniak@gmail.com>

	bridge_driver: avoid double call to VIR_FREE
	While not technically a double free (since VIR_FREE NULLs the
	pointer), this is unnecessary extra code.

	This crept in when the function was converted from virRun to virCommand.

	The AUTHORS file has also been updated.

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Add additional indentation to level 3 menu items
	formatnetwork.html has a menu item at level 3. libvirt.css
	doesn't have a explicit rule for level 3 and level 3 and
	level 2 items end up at the same indentation level.

	Add an additional 1em indentation to level 3 menu items.

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Don't leak domain names in vboxListDefinedDomains

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Don't leak arrays from XPCOM
	XPCOM returns an array as a pointer to an array of pointers to the
	actual items. When the array isn't needed anymore the items are
	released, but the actual array containing the pointers to the items
	was not freed and leaked.

	Free the actual array using ComUnallocMem.

	This doesn't affect MSCOM as SafeArrayDestroy releases all items
	and frees the array.

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Handle different array representations of XPCOM and MSCOM
	Add a vboxArray to hide the details from the general driver code.

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Add glue layer for MSCOM on Windows
	Don't require dlopen, but link to ole32 and oleaut32 on Windows.

	Don't expose g_pVBoxFuncs anymore. It was only used to get the
	version of the API. Make VBoxCGlueInit return the version instead.
	This simplifies the implementation of the MSCOM glue layer.

	Get the VirtualBox version from the registry.

	Add a dummy implementation of the nsIEventQueue to the MSCOM glue
	as there seems to be no direct equivalent with MSCOM. It might be
	implemented using the normal window message loop. This requires
	additional investigation.

2010-12-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Match struct layout of the MSCOM implementation on Windows

	vbox: Use stdcall convention for all COM methods on Windows
	MSCOM requires stdcall convention.

2010-12-17  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Add VMware Workstation and Player driver

2010-12-17  Eric Blake  <eblake@redhat.com>

	maint: improve tests distribution
	* tests/Makefile.am (EXTRA_DIST): Sort, and add directories.
	(SUBDIRS): Drop automake recursion into subdirs.
	* tests/commanddata/Makefile.am: Delete.
	* tests/confdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am: Likewise.
	* tests/xencapsdata/Makefile.am: Likewise.
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.

	build: fix typo that broke 'make dist'
	* src/Makefile.am (QEMU_DRIVER_SOURCES): Ship qemu_cgroup.h.

2010-12-17  Daniel P. Berrange  <dan@berrange.com>

	Update QEMU test cases for new file locations & API renames
	* qemuargv2xmltest.c, qemuhelptest.c,
	  qemuxml2argvtest.c, testutilsqemu.c: Update includes and
	  cope with API renames

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU hotplug helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hotplug
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_hotplug.c, src/qemu/qemu_hotplug.h,
	  src/Makefile.am: Add hotplug helper file
	* src/qemu/qemu_driver.c: Delete hotplug code

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU domain lock / job helper code to separate file
	To allow the APIs to be used from separate files, move the domain
	lock / job helper code into qemu_domain.c

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: Add domain lock
	  / job code
	* src/qemu/qemu_driver.c: Remove domain lock / job code

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU driver lock helpers to a separate file
	To allow their use from other source files, move qemuDriverLock
	and qemuDriverUnlock to qemu_conf.h and make them non-static

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuDriverLock
	  qemuDriverUnlock
	* src/qemu/qemu_driver.c: Remove qemuDriverLock and qemuDriverUnlock

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU hostdev helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the hostdev
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_hostdev.c, src/qemu/qemu_hostdev.h,
	  src/Makefile.am: Add hostdev helper file
	* src/qemu/qemu_driver.c: Delete hostdev code

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU cgroup helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the cgroup
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_cgroup.c, src/qemu/qemu_cgroup.h,
	  src/Makefile.am: Add cgroup helper file
	* src/qemu/qemu_driver.c: Delete cgroup code

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU audit helper code out of the QEMU driver
	The QEMU driver file is far too large. Move all the audit
	helper code out into a separate file. No functional change.

	* src/qemu/qemu_audit.c, src/qemu/qemu_audit.h,
	  src/Makefile.am: Add audit helper file
	* src/qemu/qemu_driver.c: Delete audit code

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU private data & namespace code into separate file
	Move the code for handling the QEMU virDomainObjPtr private
	data, and custom XML namespace into a separate file

	* src/qemu/qemu_domain.c, src/qemu/qemu_domain.h: New file
	  for private data & namespace code
	* src/qemu/qemu_driver.c, src/qemu/qemu_driver.h: Remove
	  private data & namespace code
	* src/qemu/qemu_driver.h, src/qemu/qemu_command.h: Update
	  includes
	* src/Makefile.am: Add src/qemu/qemu_domain.c

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU command line management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the command line code into its own file

	* src/qemu/qemu_command.c, src/qemu/qemu_command.h: New
	  command line management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete command
	  line code
	* src/qemu/qemu_conf.h, src/qemu_conf.c: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_command.c
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Add
	  import of qemu_command.h

2010-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU capabilities management into a separate file
	The qemu_conf.c code is doing three jobs, driver config file
	loading, QEMU capabilities management and QEMU command line
	management. Move the capabilities code into its own file

	* src/qemu/qemu_capabilities.c, src/qemu/qemu_capabilities.h: New
	  capabilities management code
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Delete capabilities
	  code
	* src/qemu/qemu_conf.h: Adapt for API renames
	* src/Makefile.am: add src/qemu/qemu_capabilities.c

2010-12-16  Eric Blake  <eblake@redhat.com>

	maint: doc fix
	* src/libvirt.c: Avoid duplicate word.

2010-12-14  Hu Tao  <hutao@cn.fujitsu.com>

	Add a new function doStartCPUs

	Add a new function doStopCPUs

	Add a macro timeval_to_ms to compute micro seconds from timeval

2010-12-14  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Unify CPUID data structures
	So far, CPUID data were stored in two different data structures. First
	of them was a structure allowing direct access for CPUID data according
	to function number and the second was a plain array of struct
	cpuX86cpuid. This was a silly design which resulted in converting data
	from one type to the other and back again or implementing similar
	functionality for both data structures.

	The patch leaves only the direct access structure. This makes the code
	both smaller and more maintainable since operations on different objects
	can use common low-level operations.

	All 57 tests for cpu subsystem still pass after this rewrite.

2010-12-14  Jiri Denemark  <jdenemar@redhat.com>

	util: Fix logical error in virReportSystemErrorFull

	util: Fix error message in __virExec
	Remove superfluous ": %s" suffix from the error message.

	daemon: Change CWD to / before daemonizing
	We were doing so for child processes but not for libvirtd itself.

2010-12-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for storage volume cloning

2010-12-14  Eric Blake  <eblake@redhat.com>

	selinux: avoid memory overhead of matchpathcon
	https://bugzilla.redhat.com/show_bug.cgi?id=658657

	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of
	matchpathcon.
	Suggested by Daniel Walsh.

2010-12-14  Eric Blake  <eblake@redhat.com>

	daemon, threads: plug a memory leak
	* daemon/libvirtd.c (qemudStartWorker, qemudStartEventLoop): Avoid
	leaking pthread_attr resources.
	* src/util/threads-pthread.c (virThreadCreate): Likewise.

	tests: test Fedora 14 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.13.0: New file.
	* tests/qemuhelptest.c (mymain): New test from Fedora 14 qemu-kvm,
	which covers some options (like -fstype passthrough) not tested elsewhere.

	tests: test RHEL 6.0 qemu-kvm -help parsing
	* tests/qemuhelpdata/qemu-kvm-0.12.1.2-rhel60: New file.
	* tests/qemuhelptest.c (mymain): New test from RHEL 6.0 qemu-kvm,
	which covers some options (like -vga=qxl) not tested elsewhere.
	* .x-sc_prohibit_empty_lines_at_EOF: Exempt qemu help output.

	sysinfo: convert to virCommand
	* src/util/sysinfo.c (virSysinfoRead): Use virCommand instead of
	virExec.

	sysinfo: formatting cleanups
	* src/util/sysinfo.c: Indentation and () fixups.

2010-12-14  Eric Blake  <eblake@redhat.com>

	build: allow mingw compilation with virCommand
	Allows compilation, but no creation of child processes yet.  Take it
	one step at a time.

	* src/util/util.c (virExecWithHook) [WIN32]: New dummy function.
	* src/libvirt_private.syms: Export it.

2010-12-14  Eric Blake  <eblake@redhat.com>

	build: update gnulib for pipe on mingw
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import pipe-posix and waitpid
	for mingw.
	* src/remote/remote_driver.c (pipe) [WIN32]: Drop dead macro.
	* daemon/event.c (pipe) [WIN32]: Drop dead function.

	test: fix commandtest under autobuild.sh
	* tests/commandtest.c (mymain): Kill off any leaked-in fds.
	* autobuild.sh: Don't leak fds.

2010-12-13  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: quote AC_LANG_PROGRAM to avoid warnings with autoconf 2.68

2010-12-13  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: properly handle ./configure --with-libpcap
	Without this fix, ./configure --with-libpcap will cause --with-libpcap=yes
	to be implicitly passed down, which cause yes/bin/pcap-config to be
	searched for rather than /usr/bin/pcap-config.

	Also output pcap: no when pcap is not found or disabled.

2010-12-13  Osier Yang  <jyang@redhat.com>

	qemu: Introduce two new job types
	Currently, all of domain "save/dump/managed save/migration"
	use the same function "qemudDomainWaitForMigrationComplete"
	to wait the job finished, but the error messages are all
	about "migration", e.g. when a domain saving job is canceled
	by user, "migration was cancled by client" will be throwed as
	an error message, which will be confused for user.

	As a solution, intoduce two new job types(QEMU_JOB_SAVE,
	QEMU_JOB_DUMP), and set "priv->jobActive" to "QEMU_JOB_SAVE"
	before saving, to "QEMU_JOB_DUMP" before dumping, so that we
	could get the real job type in
	"qemudDomainWaitForMigrationComplete", and give more clear
	message further.

	And as It's not important to figure out what's the exact job
	is in the DEBUG and WARN log, also we don't need translated
	string in logs, simply repace "migration" with "job" in some
	statements.

	* src/qemu/qemu_driver.c

2010-12-13  Laurent Léonard  <laurent@open-minds.org>

	Missing "Default-Stop" field in LSB comment in libvirt-guests
	The "Default-Stop" field in LSB comment in libvirt-guests is missing and should
	be added. I also suggests to add runlevel 2 to the "Default-Start" field.

	--
	Laurent Léonard

2010-12-13  Eric Blake  <eblake@redhat.com>

	daemon: plug a memory leak
	* daemon/libvirtd.c (qemudFreeClient): Avoid a leak.
	(qemudDispatchServer): Avoid null dereference.

2010-12-13  Roopa Prabhu  <roprabhu@cisco.com>

	802.1Qbh: Add support for IFLA_VF_MAC
	Current code does not pass VM mac address to a 802.1Qbh direct attach
	interface using IFLA_VF_MAC.  This patch adds support in macvtap code to
	send IFLA_VF_MAC netlink request during port profile association on a
	802.1Qbh interface.

	Stefan Cc'ed for comments because this patch changes a condition for
	802.1Qbg

	802.1Qbh support for IFLA_VF_MAC in enic driver has been posted and is
	pending acceptance at http://marc.info/?l=linux-netdev&m=129185244410557&w=2

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: ease use with virBuffer, and fix qemu leak
	* src/util/command.h (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): New prototypes.
	* src/util/command.c (virCommandAddArgBuffer)
	(virCommandAddEnvBuffer): Implement them.
	* src/libvirt_private.syms (command.h): Export them.
	* src/qemu/qemu_conf.c (qemudBuildCommandLine): Use them, plugging
	a memory leak on rbd_hosts in the process.

	conf: plug memory leaks
	* src/conf/domain_conf.c (virDomainGraphicsDefParseXML)
	(virDomainDeviceVirtioSerialAddressParseXML)
	(virDomainDiskDefFree): Free various leaks.

	tests: plug memory leaks
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Don't
	allocate, since we don't use virDomainChrDefFree.

	virExec: avoid undefined behavior
	* src/util/util.c (__virExec): Don't use FD_ISSET on out-of-bounds fd.

2010-12-10  Laine Stump  <laine@laine.org>

	Convert dhcpStartDhcpDaemon from virRun to virCommand
	This is pretty straightforward - even though dnsmasq gets daemonized
	and uses a pid file, those things are both handled by the dnsmasq
	binary itself. And libvirt doesn't need any of the output of the
	dnsmasq command either, so we just setup the args and call
	virRun(). Mainly it was just a (mostly) mechanical job of replacing
	the APPEND_ARG() macro (and some other *printfs()) with
	virCommandAddArg*().

2010-12-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Refactor storage pool type lookup into a function

2010-12-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve error reporting for failed tasks
	Instead of just reporting that a task failed get the
	localized message from the TaskInfo error and include
	it in the reported error message.

	Implement minimal deserialization support for the
	MethodFault type in order to obtain the actual fault
	type.

	For example, this changes the reported error message
	when trying to create a volume with zero size from

	  Could not create volume

	to

	  Could not create volume: InvalidArgument - A specified parameter was not correct.

	Not perfect yet, but better than before.

2010-12-10  Eric Blake  <eblake@redhat.com>

	command: plug memory leak
	* src/util/command.c (virCommandFree): Free data from
	virCommandSetInputBuffer.

	build: distribute commandtest files
	* tests/Makefile.am (SUBDIRS): Add commanddata.
	* tests/commandtest.c (checkoutput): Delete correct file.
	(test4): Delete pid file.
	(mymain): Delete unused variable.
	* tests/commanddata/Makefile.am: New file.
	* configure.ac (AC_OUTPUT): Build new makefile.
	Reported by Dominik Klein.

2010-12-10  Hu Tao  <hutao@cn.fujitsu.com>

	Update documentation of watchdog dump option and add test data for it
	The xml watchdog dump option is converted to qemu watchdog pause arg
	but it is not reasonable to convert it back from qemu watchdog pause
	arg since there already is a xml watchdog pause option, so a test for
	the dump option to convert it from arg to xml is not added.

2010-12-10  Dan Kenigsberg  <danken@redhat.com>

	spec: do not start libvirt-guests if that service is off
	starting a service during rpm installation is impolite. It is even worse if done
	during upgrade, for a service that was explicitly turned off.

2010-12-09  Josh Durgin  <joshd@hq.newdream.net>

	tests: Add tests for network disks

	qemu: Add RBD support and some network disk fixes
	Changes common to all network disks:
	-Make source name optional in the domain schema, since NBD doesn't use it
	-Add a hostName type to the domain schema, and use it instead of genericName, which doesn't include .
	-Don't leak host names or ports
	-Set the source protocol in qemuParseCommandline

2010-12-09  MORITA Kazutaka  <morita.kazutaka@lab.ntt.co.jp>

	add network disk support
	This patch adds network disk support to libvirt/QEMU.  The currently
	supported protocols are nbd, rbd, and sheepdog.  The XML syntax is like
	this:

	    <disk type="network" device="disk">
	      <driver name="qemu" type="raw" />
	      <source protocol='rbd|sheepdog|nbd' name="...some image identifier...">
	        <host name="mon1.example.org" port="6000">
	        <host name="mon2.example.org" port="6000">
	        <host name="mon3.example.org" port="6000">
	      </source>
	      <target dev="vda" bus="virtio" />
	    </disk>

2010-12-09  Wen Congyang  <wency@cn.fujitsu.com>

	correct the signal's name
	The signal's name is wrong...

2010-12-09  Hu Tao  <hutao@cn.fujitsu.com>

	Add a watchdog action `dump'
	`dump' watchdog action lets libvirtd to dump the guest when receives a
	watchdog event (which probably means a guest crash)

	Currently only qemu is supported.

2010-12-09  Hu Tao  <hutao@cn.fujitsu.com>

	Add a new function doCoreDump
	This patch prepares for the next patch.

	threadpool impl
	* src/util/threadpool.c, src/util/threadpool.h: Thread pool
	  implementation
	* src/Makefile.am: Build thread pool
	* src/libvirt_private.syms: Export public functions

2010-12-09  Eric Blake  <eblake@redhat.com>

	command: avoid memory leak
	* src/util/command.c (virCommandRun): Fix yesterday's regression
	on logging, and avoid leaking log-only output captures.
	Reported by Hu Tao.

2010-12-09  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Distinguish between domain shutdown and crash
	When we get an EOF event on monitor connection, it may be a result of
	either crash or graceful shutdown. QEMU which supports async events
	(i.e., we are talking to it using JSON monitor) emits SHUTDOWN event on
	graceful shutdown. In case we don't get this event by the time monitor
	connection is closed, we assume the associated domain crashed.

2010-12-08  Ryan Harper  <ryanh@us.ibm.com>

	qemu: call drive_del in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.

	This patch adds support for the drive_del() command and introduces it
	in the disk removal paths.  If the guest is running in a QEMU without this
	command we currently explicitly check for unknown command/CommandNotFound
	and log the issue.

	If QEMU supports the command we issue the drive_del command after we attempt
	to remove the device.  The guest may respond and remove the block device
	before we get to attempt to call drive_del.  In that case, we explicitly check
	for 'Device not found' from the monitor indicating that the target drive
	was auto-deleted upon guest responds to the device removal notification.

	1. http://thread.gmane.org/gmane.comp.emulators.qemu/84745

2010-12-08  Ryan Harper  <ryanh@us.ibm.com>

	qemu: call drive_unplug in DetachPciDiskDevice
	Currently libvirt doesn't confirm whether the guest has responded to the
	disk removal request.  In some cases this can leave the guest with
	continued access to the device while the mgmt layer believes that it has
	been removed.  With a recent qemu monitor command[1] we can
	deterministically revoke a guests access to the disk (on the QEMU side)
	to ensure no futher access is permitted.

	This patch adds support for the drive_unplug() command and introduces it
	in the disk removal paths.  There is some discussion to be had about how
	to handle the case where the guest is running in a QEMU without this
	command (and the fact that we currently don't have a way of detecting
	what monitor commands are available).

	Changes since v2:
	 - use VIR_ERROR to report when unplug command not found
	Changes since v1:
	 - return > 0 when command isn't present, < 0 on command failure
	 - detect when drive_unplug command isn't present and log error
	   instead of failing entire command

2010-12-08  Anthony Liguori  <aliguori@us.ibm.com>

	qemud: fix memory leak in io error events
	The extra data isn't being free()'d for IO error events that have a reason.

2010-12-08  Osier Yang  <jyang@redhat.com>

	qemu: Only build devstr when needs (attach PCI controller)
	- qemudDomainAttachPciControllerDevice: Don't build "devstr"
	  if "-device" of qemu is not available, as "devstr" will only
	  be used by "qemuMonitorAddDevice", which depends on "-device"
	  argument of qemu is supported.

	- "qemudDomainSaveImageOpen": Fix indent problem.

	* src/qemu/qemu_driver.c

2010-12-08  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Enable disabled debug messages

	qemu: Use -vga none only if it is supported
	Commit febc591683cf51e4551f8bcf3ce279a776056e1c introduced -vga none in
	case no video card is included in domain XML. However, old qemu
	versions do not support this and such domain cannot be successfully
	started.

2010-12-08  Justin Clift  <jclift@redhat.com>

	virsh: fix a typo in the memtune help description

	docs: updated virsh command reference download links to new version
	The new version lists every virsh command, its description, and
	the version of libvirt where it became available.

	configure: improve misleading libnl missing error message
	This fixes a misleading error message saying the libnl package
	needs to be installed, when it's really the libnl-devel package
	needing to be installed.

2010-12-08  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest, for at least a stdint.h fix
	* src/storage/storage_driver.c (storageVolumeZeroSparseFile)
	(storageWipeExtent): Use better type, although it still triggers
	spurious -Wformat warning on MacOS's gcc.

2010-12-08  Justin Clift  <jclift@redhat.com>

	Moved the nodeinfo command to the 'host' help keyword group

2010-12-07  Eric Blake  <eblake@redhat.com>

	openvz: avoid potential buffer overflow
	* src/openvz/openvz_conf.c (openvzLoadDomains): Replace unsafe
	sscanf with safe direct parsing.
	(openvzGetVEID): Avoid lost integer overflow detection.
	(openvzAssignUUIDs): Likewise, and detect readdir failure.

2010-12-07  Eric Blake  <eblake@redhat.com>

	openvz: convert popen to virCommand
	popen must be matched with pclose (not fclose), or it will leak
	resources.  Furthermore, it is a lousy interface when it comes to
	signal handling.  We're much better off using our decent command
	wrapper.  Note that virCommand guarantees that VIR_FREE(outbuf) is
	both required and safe to call, whether virCommandRun succeeded or
	failed.

	* src/openvz/openvz_conf.c (openvzLoadDomains, openvzGetVEID):
	Replace popen with virCommand usage.

2010-12-07  Eric Blake  <eblake@redhat.com>

	command: improve behavior on no output
	Guarantee that outbuf/errbuf are allocated on success, even if to the
	empty string.  Caller always has to free the result, and empty output
	check requires checking if *outbuf=='\0'.  Makes the API easier to use
	safely.  Failure is best effort allocation (some paths, like
	out-of-memory, cannot allocate a buffer, but most do), so caller must
	free buffer on failure.

	* docs/internals/command.html.in: Update documentation.
	* src/util/command.c (virCommandSetOutputBuffer)
	(virCommandSetErrorBuffer, virCommandProcessIO) Guarantee empty
	string on no output.
	* tests/commandtest.c (test17): New test.

2010-12-07  Eric Blake  <eblake@redhat.com>

	command: enforce fd vs. buffer considerations
	* docs/internals/command.html.in: Better documentation of buffer
	vs. fd considerations.
	* src/util/command.c (virCommandRunAsync): Reject raw execution
	with string io.
	(virCommandRun): Reject execution with user-specified fds not
	visiting a regular file.

2010-12-07  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix commandtest in VPATH build

2010-12-07  Eric Blake  <eblake@redhat.com>

	tests: fix leaks in commandtest
	Most leaks could only occur on error cleanup paths.

	command: improve allocation failure reporting
	* src/util/command.c (virCommandAddEnvString): Remove duplicate
	code.
	(virCommandToString, virCommandRun, virCommandRunAsync)
	(virCommandWait): Report NULL command as ENOMEM, not invalid
	usage.
	Reported by Jiri Denemark.

2010-12-07  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected error

	tests: Fix code formating in commandtest

2010-12-07  Eric Blake  <eblake@redhat.com>

	uuid: require smbios uuid and domain uuid to match
	* src/conf/domain_conf.c (virDomainDefParseXML): Prefer sysinfo
	uuid over generating one, and if both uuids are present, require
	them to be identical.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Allow skipping
	the uuid.
	(qemudBuildCommandLine): Adjust caller; <smbios mode=host/> must
	not use host uuid in place of guest uuid.

	smbios: allow () in smbios strings
	* docs/schemas/domain.rng (sysinf-value): Expand pattern.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Prefer '' over
	"" for attribute values.  Copy real hardware values.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

	smbios: support system family
	* docs/schemas/domain.rng (sysinfo-system-name): Also allow
	family.
	* src/util/sysinfo.h (struct _virSysinfoDef): Add system_family.
	* src/conf/domain_conf.c (virSysinfoParseXML)
	(virDomainSysinfoDefFormat): Support it.
	* src/util/sysinfo.c (virSysinfoDefFree, virSysinfoRead): Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmbiosSystemStr): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.xml: Adjust test.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: Likewise.

2010-12-07  Eric Blake  <eblake@redhat.com>

	qemu: avoid adding "" in smbios arguments
	The log lists things like -smbios type=1,vendor="Red Hat", which
	is great for shell parsing, but not so great when you realize that
	execve() then passes those literal "" on as part of the command
	line argument, such that qemu sets SMBIOS with extra literal quotes.

	The eventual addition of virCommand is needed before we have the API
	to shell-quote a string representation of a command line, so that the
	log can still be pasted into a shell, but without inserting extra
	bytes into the execve() arguments.

	* src/qemu/qemu_conf.c (qemuBuildSmbiosBiosStr)
	(qemuBuildSmbiosSystemStr): Qemu doesn't like quotes around uuid
	arguments, and the remaining quotes are passed literally to
	smbios, making <smbios mode='host'/> inaccurate.  Removing the
	quotes makes the log harder to parse, but that can be fixed later
	with virCommand improvements.
	* tests/qemuxml2argvdata/qemuxml2argv-smbios.args: 'Fix' test; it
	will need fixing again once virCommand learns how to shell-quote a
	potential command line.

2010-12-07  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant commands in group domain
	"echo" is already in group "virsh", "freecell" and "hostname" are
	already in group "host", so remove them from group "domain"

	* tools/virsh.c

2010-12-06  Dan Kenigsberg  <danken@redhat.com>

	Fix funny off-by-one error in clock-variable
	Humans consider January as month #1, while gmtime_r(3) calls it month #0.

	While fixing it, render qemu's rtc parameter with leading zeros, as is more
	commonplace.

	Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=660194

2010-12-06  Laurent Léonard  <laurent@open-minds.org>

	syntax error "Bad fd number" when stopping libvirt-guests
	When libvirt-guests is being stopped, I get the following message:
	$Running guests on default URI: test-vm
	$Suspending guests on default URI...
	$Suspending test-vm: /etc/init.d/libvirt-guests: 340: Syntax error: Bad fd
	number

2010-12-06  Eric Blake  <eblake@redhat.com>

	threads: add virThreadID for debugging use
	* src/util/threads.h (virThreadID): New prototype.
	* src/util/threads-pthread.c (virThreadID): New function.
	* src/util/threads-win32.c (virThreadID): Likewise.
	* src/libvirt_private.syms (threads.h): Export it.
	* daemon/event.c (virEventInterruptLocked): Use it to avoid
	warning on BSD systems.

2010-12-06  Osier Yang  <jyang@redhat.com>

	util: Fix bug which will cause libvirtd crash
	"virCommandRun": if "cmd->outbuf" or "cmd->errbuf" is NULL,
	libvirtd will be crashed when trying to start a qemu domain
	(which invokes "virCommandRun"), it caused by we try to use
	"*cmd->outbuf" and "*cmd->errbuf" regardless of cmd->outbuf
	or cmd->errbuf is NULL.

	* src/util/command.c (virCommandRun)

2010-12-06  Jiri Denemark  <jdenemar@redhat.com>

	tests: Don't ignore return value of getcwd()

	build: Fix internal docs generation in VPATH builds

2010-12-06  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix a possible deadlock in p2p migration
	Two more calls to remote libvirtd have to be surrounded by
	qemuDomainObjEnterRemoteWithDriver() and
	qemuDomainObjExitRemoteWithDriver() to prevent possible deadlock between
	two communicating libvirt daemons.

	See commit f0c8e1cb3774d6f09e2681ca1988bf235a343007 for further details.

2010-12-06  Jiri Denemark  <jdenemar@redhat.com>

	Change return value of VIR_DRV_SUPPORTS_FEATURE to bool
	virDrvSupportsFeature API is allowed to return -1 on error while all but
	one uses of VIR_DRV_SUPPORTS_FEATURE only check for (non)zero return
	value. Let's make this macro return zero on error, which is what
	everyone expects anyway.

2010-12-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Don't try to set input FD to -1

2010-12-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Implement virVMOperationType{To|From}String independent from WITH_MACVTAP
	As this symbols are exported independent from WITH_MACVTAP.

2010-12-03  Eric Blake  <eblake@redhat.com>

	build: avoid shadowing devname() on BSD systems
	* tools/virsh.c (cmdRunConsole, cmdConsole): Rename problematic
	symbol.
	Reported by Justin Clift.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: Remove redundant optional option for cmdHelp
	Remove the optional option "group", as cmdHelp should accepts
	only one option ("virsh help" supports both command and command
	group now, and user rarely uses the options, so it doesn't matter
	much for it being longer, :-)

	* tools/virsh.c

2010-12-03  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Create file in virFileWriteStr() if it doesn't exist
	This patch adds a mode_t parameter to virFileWriteStr().
	If mode is different from 0, virFileWriteStr() will try
	to create the file if it doesn't exist.

	* src/util/util.h (virFileWriteStr): Alter signature.
	* src/util/util.c (virFileWriteStr): Allow file creation.
	* src/network/bridge_driver.c (networkEnableIpForwarding)
	(networkDisableIPV6): Adjust clients.
	* src/node_device/node_device_driver.c
	(nodeDeviceVportCreateDelete): Likewise.
	* src/util/cgroup.c (virCgroupSetValueStr): Likewise.
	* src/util/pci.c (pciBindDeviceToStub, pciUnBindDeviceFromStub):
	Likewise.

2010-12-03  Justin Clift  <jclift@redhat.com>

	man pages: update the description for the virsh help command
	Now includes information on keyword usage, and provides examples.

2010-12-03  Osier Yang  <jyang@redhat.com>

	virsh: move two commands from domain group to storage pool group
	* tools/virsh.c (find-storage-pool-sources-as and find-storage-pool-sources
	should't be in command group "Domain Management", move them to group
	"Storage Pool".

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus includes

	uml: convert to virCommand
	* src/uml/uml_conf.c (umlBuildCommandLineChr)
	(umlBuildCommandLine): Rewrite with virCommand.
	* src/uml/uml_conf.h (umlBuildCommandLine): Update signature.
	* src/uml/uml_driver.c (umlStartVMDaemon): Adjust caller.

2010-12-03  Eric Blake  <eblake@redhat.com>

	qemu: convert to virCommand
	* src/qemu/qemu_conf.c (qemudExtractVersionInfo): Check for file
	before executing it here, rather than in callers.
	(qemudBuildCommandLine): Rewrite with virCommand.
	* src/qemu/qemu_conf.h (qemudBuildCommandLine): Update signature.
	* src/qemu/qemu_driver.c (qemuAssignPCIAddresses)
	(qemudStartVMDaemon, qemuDomainXMLToNative): Adjust callers.

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Port hooks and iptables code to new command execution APIs
	This proof of concept shows how two existing uses of virExec
	and virRun can be ported to the new virCommand APIs, and how
	much simpler the code becomes

	virCommand: docs for usage of new command APIs
	* docs/internals/command.html.in: New file.
	* docs/Makefile.am: Build new docs.
	* docs/subsite.xsl: New glue file.
	* docs/internals.html.in, docs/sitemap.html.in: Update glue.

2010-12-03  Daniel P. Berrange  <berrange@redhat.com>

	Introduce new APIs for spawning processes
	This introduces a new set of APIs in src/util/command.h
	to use for invoking commands. This is intended to replace
	all current usage of virRun and virExec variants, with a
	more flexible and less error prone API.

	* src/util/command.c: New file.
	* src/util/command.h: New header.
	* src/Makefile.am (UTIL_SOURCES): Build it.
	* src/libvirt_private.syms: Export symbols internally.
	* tests/commandtest.c: New test.
	* tests/Makefile.am (check_PROGRAMS): Run it.
	* tests/commandhelper.c: Auxiliary program.
	* tests/commanddata/test2.log - test15.log: New expected outputs.
	* cfg.mk (useless_free_options): Add virCommandFree.
	(msg_gen_function): Add virCommandError.
	* po/POTFILES.in: New translation.
	* .x-sc_avoid_write: Add exemption.
	* tests/.gitignore: Ignore new built file.

2010-12-02  Eric Blake  <eblake@redhat.com>

	util: add virVasprintf
	* src/util/util.h (virVasprintf): New declaration.
	* src/util/util.c (virVasprintf): New function.
	(virAsprintf): Use it.
	* src/util/virtaudit.c (virAuditSend): Likewise.
	* src/libvirt_private.syms: Export it.
	* cfg.mk (sc_prohibit_asprintf): Also prohibit vasprintf.
	* .x-sc_prohibit_asprintf: Add exemption.

	util: fix saferead type
	* src/util/util.c (saferead): Fix return type.
	(safewrite): Fix indentation.

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Tweak daemon event debug to include errno
	* daemon/event.c: Include errno in debug info upon poll() failure

2010-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak in logging setup
	The logging setup requires const char * strings, but the
	virLogSetFromEnv() strdup's the env variables, thus causing
	a memory leak

	* src/util/logging.c: Avoid strdup'ing env variables

2010-12-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add tests for CPU selection in qemu driver

2010-12-02  Jiri Denemark  <jdenemar@redhat.com>

	tests: Support for faking emulator in qemuxml2argv
	This patch allows for using custom scripts instead of /usr/bin/qemu
	emulator in domain XML. To do so, one would specify relative path to the
	custom script in <emulator/>. The path needs to be relative to
	qemuxml2argvdata directory and it will be transparently made absolute in
	runtime. The expected command line needs to contain the exact relative
	path as was used in domain XML.

	The problem is RelaxNG schema for domain XML only allows for absolute
	path within <emulator/>. To workaround it, an extra '/' must be added at
	the beginning of the path. That is, instead of "./qemu.sh" or
	"../emulator/qemu.sh" one would use "/./qemu.sh" or
	"/../emulator/qemu.sh". The extra slash is removed before further
	processing. I don't like this workaround, it's very ugly but it's the
	best option I was able to come up with. Relaxing domain XML schema is
	not an option IMO.

2010-12-02  Jiri Denemark  <jdenemar@redhat.com>

	schemas: Fix cpu element schema
	Both vendor and topology elements are optional.

2010-12-02  Osier Yang  <jyang@redhat.com>

	virsh: Remove using phy as default disk driver in cmdAttachDisk
	* tools/virsh.c (virsh shouldn't use 'phy' as the disk driver if
	user doesn't specify "--driver", it causes bugs, as not all of
	hypervisor driver supports 'phy', and actually hypervisor should
	known the correct default disk driver and subdriver, so remove it)

2010-12-02  Eric Blake  <eblake@redhat.com>

	maint: update .gitignore
	* .gitignore: Ignore recent built file, sort.

2010-12-01  Guido Günther  <agx@sigxcpu.org>

	OpenVZ: drop fd leackage
	Drop unused (and unclosed) errfd and close outfd on exit. Otherwise
	polling the running domains with virt-manager let's us quickly run out
	of fds.

2010-12-01  Osier Yang  <jyang@redhat.com>

	qemu: Use macro for max and min vnc port instead of number
	* src/qemu/qemu_driver.c (though MACROS QEMU_VNC_PORT_MAX, and
	QEMU_VNC_PORT_MIN are defined at the beginning, numbers (65535, 5900)
	are still used, replace them)

2010-12-01  Osier Yang  <jyang@redhat.com>

	qemu: Fix typo in qemuTeardownDiskPathDeny
	typo in error message, it should be by copy-a-paste
	from "qemuSetupDiskPathAllow".

	* src/qemu/qemu_driver.c (qemuTeardownDiskPathDeny)

2010-12-01  Eric Blake  <eblake@redhat.com>

	qemu: plug memory leak
	* src/qemu/qemu_driver.c (qemudShutdown): Free all strings and the
	ebtables structure.
	* src/libvirt_private.syms (ebtablesContextFree): Export missing
	symbol.
	* src/util/ebtables.c (ebtablesContextFree): Allow early exit.

	libvirtd: avoid memory leak on shutdown
	* daemon/libvirtd.c (qemudRunLoop): Free any remaining client data.

2010-12-01  Daniel P. Berrange  <berrange@redhat.com>

	Fix flaw in thread creation APIs
	The arguments passed to the thread function must be allocated on
	the heap, rather than the stack, since it is possible for the
	spawning thread to continue before the new thread runs at all.
	In such a case, it is possible that the area of stack where the
	thread args were stored is overwritten.

	* src/util/threads-pthread.c, src/util/threads-win32.c: Allocate
	  thread arguments on the heap

2010-12-01  Osier Yang  <jyang@redhat.com>

	virsh: update help for "virsh help help"
	As virsh help supports both command and command group now,
	update "cmdHelp" to print consite help, (this patch is
	increment of "7829052757953023b0826e0293ffe18ed4ab89e9").

	And also remove redundant empty line in "vshUsage".

	* tools/virsh.c

2010-12-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined symbol errors when macvtap support is disabled
	Use macvtap specific functions depending on WITH_MACVTAP.

	Use #if instead of #ifdef to check for WITH_MACVTAP, because
	WITH_MACVTAP is always defined with value 0 or 1.

	Also export virVMOperationType{To|From}String unconditional,
	because they are used unconditional in the domain config code.

2010-12-01  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Fix warning when macvtap support is disabled

2010-12-01  Justin Clift  <jclift@redhat.com>

	virsh: remove a badly placed line break in virsh -h output
	The output was previously:

	    -c | --connect <uri>    hypervisor connection URI
	    -r | --readonly         connect readonly
	    -d | --debug <num>      debug level [0-5]
	    -h | --help             this help
	    -q | --quiet            quiet mode
	    -t | --timing           print timing information
	    -l | --log <file>       output logging to file
	    -v | --version[=short]  program version

	    -V | --version=long     version and full options

	(note the blank line between the --version types)

	This patch removes the extra blank line.

2010-12-01  Jiri Denemark  <jdenemar@redhat.com>

	tests: Add unit tests for internal CPU APIs

	cpu: Add support for overriding path to CPU map XML file

2010-11-30  Hu Tao  <hutao@cn.fujitsu.com>

	Fall back to QEMUD_SAVE_FORMAT_RAW if compression method fails.
	When dumping a domain, it's reasonable to save dump-file in raw format
	if dump format is misconfigured or the corresponding compress program
	is not available rather then fail dumping.

2010-11-30  Osier Yang  <jyang@redhat.com>

	virsh: Categorize commands into groups for virsh help
	Change the virsh help out. The new output of "virsh help" and
	"virsh --help" will be like:

	 Secret (help keyword 'secret'):
	    secret-define                  define or modify a secret from an XML file
	    secret-dumpxml                 secret attributes in XML
	    secret-set-value               set a secret value
	    secret-get-value               Output a secret value
	    secret-undefine                undefine a secret
	    secret-list                    list secrets

	 Snapshot (help keyword 'snapshot'):
	    snapshot-create                Create a snapshot
	    snapshot-current               Get the current snapshot
	    snapshot-delete                Delete a domain snapshot
	    snapshot-dumpxml               Dump XML for a domain snapshot
	    snapshot-list                  List snapshots for a domain
	    snapshot-revert                Revert a domain to a snapshot

	Also support output help information of specified command group, e.g.

	% ./tools/virsh help "Network Filter"
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter

	Each group has a help keyword, e.g.

	% ./tools/virsh help filter
	 Network Filter (help keyword 'filter'):
	    nwfilter-define                define or update a network filter from an XML file
	    nwfilter-undefine              undefine a network filter
	    nwfilter-dumpxml               network filter information in XML
	    nwfilter-list                  list network filters
	    nwfilter-edit                  edit XML configuration for a network filter

	* tools/virsh.c:
	  - introduce new struct "vshCmdGrp" and macros to define the groups.
	  - split previous array "commands" into small arrays which are orgnized
	    by group
	  - changed some functions, e.g. "vshCmdDefSearch"
	  - Added new functions, e.g. "vshCmdGrpSearch"
	  - commands of each group are in "alphabetical order" now.
	  - command groups are in "alphabetical order" now.
	  - the commands are categorized with reference of
	    http://wiki.libvirt.org/page/VirshHelpV2 (by Justin)
	  - the modifications doesn't affect tests

	* TODO:
	  - doc

2010-11-30  Eric Blake  <eblake@redhat.com>

	maint: allow 'make syntax-check' to run again
	* cfg.mk (VC_LIST_ALWAYS_EXCLUDE_REGEX): Permanently exempt
	docs/news.html.in from all future syntax checks.

2010-11-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt 0.8.6
	- configure.ac libvirt.spec.in: bump version, add a missing systemtap
	  build requirement
	- docs/news.html.in: add informations about the release
	- po/*: updated Polish and Dutch localizations, and regenerated
	- tests/qemuxml2argvtest.c: Fix build problem

2010-11-30  Stefan Berger  <stefanb@us.ibm.com>

	802.1Qbg: use pre-associate state at beginning of inc. migr
	This patch introduces the usage of the pre-associate state of the IEEE 802.1Qbg standard on incoming VM migration on the target host. It is in response to bugzilla entry 632750.

	https://bugzilla.redhat.com/show_bug.cgi?id=632750

	For being able to differentiate the exact reason as to why a macvtap device is being created, either due to a VM creation or an incoming VM migration, I needed to pass that reason as a parameter from wherever qemudStartVMDaemon is being called in order to determine whether to send an ASSOCIATE (VM creation) or a PRE-ASSOCIATE (incoming VM migration) towards lldpad.

	I am also fixing a problem with the virsh domainxml-to-native call on the way.

	Gerhard successfully tested the patch with a recent blade network 802.1Qbg-compliant switch.

	The patch should not have any side-effects on the 802.1Qbh support in libvirt, but Roopa (cc'ed) may want to verify this.

2010-11-30  Guido Günther  <agx@sigxcpu.org>

	Ignore files generated by "make tags"

	OpenVZ: Fix some overwritten error codes
	Don't overwrite errors during domain creation/definition to ease
	tracking down problems.

2010-11-30  Guido Günther  <agx@sigxcpu.org>

	OpenVZ: take veid from vmdef->name when defining new domains
	We currently use the next free veid although there's one given in the
	domain xml. This currently breaks defining new domains since vmdef->name
	and veid don't match leading to the following error later on:

	    error: Failed to define domain from 110.xml
	    error: internal error Could not set UUID

	Since silently ignoring vmdef->name is not nice respect it instead. We
	avoid veid collisions in the upper levels already.

2010-11-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Log client errors in libvirtd at debug priority
	This reverts commit

	 Log all errors at level INFO to stop polluting syslog
	 04bd0360f32ec628ecf7943b3fd1468d6eb2dde5.

	and makes virRaiseErrorFull() log errors at debug priority
	when called from inside libvirtd. This stops libvirtd from
	polluting it's own log with client errors at error priority
	that'll be reported and logged on the client side anyway.

2010-11-29  Wen Congyang  <wency@cn.fujitsu.com>

	correct the arguments of migrate_speed
	When we set migrate_speed by json, we receive the following
	error message:
	libvirtError: internal error unable to execute QEMU command
	'migrate_set_speed': Invalid parameter type, expected: number

	The reason is that: the arguments of migrate_set_speed
	by json is json number, not json string.

2010-11-29  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix detection of expected errors

2010-11-29  Justin Clift  <jclift@redhat.com>

	docs: updated c# bindings with arnauds latest changes

2010-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leaks in audit & VirtualBox code
	* src/util/virtaudit.c: Free audit string
	* src/vbox/vbox_XPCOMCGlue.c: Free library name

2010-11-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus check for Xen in example program
	The dominfo.py example script has a bogus check for /proc/xen
	existing. The default connection cannot be assumed to be Xen
	any more

	* examples/python/dominfo.py: Remove check for Xen

2010-11-25  Jiri Denemark  <jdenemar@redhat.com>

	doc: Fix spelling of virBufferVSprintf

2010-11-25  Jiri Denemark  <jdenemar@redhat.com>

	Fix host CPU counting on unusual NUMA topologies
	The nodeinfo structure includes

	    nodes   : the number of NUMA cell, 1 for uniform mem access
	    sockets : number of CPU socket per node
	    cores   : number of core per socket
	    threads : number of threads per core

	which does not work well for NUMA topologies where each node does not
	consist of integral number of CPU sockets.

	We also have VIR_NODEINFO_MAXCPUS macro in public libvirt.h which
	computes maximum number of CPUs as (nodes * sockets * cores * threads).

	As a result, we can't just change sockets to report total number of
	sockets instead of sockets per node. This would probably be the easiest
	since I doubt anyone is using the field directly. But because of the
	macro, some apps might be using sockets indirectly.

	This patch leaves sockets to be the number of CPU sockets per node (and
	fixes qemu driver to comply with this) on machines where sockets can be
	divided by nodes. If we can't divide sockets by nodes, we behave as if
	there was just one NUMA node containing all sockets. Apps interested in
	NUMA should consult capabilities XML, which is what they probably do
	anyway.

	This way, the only case in which apps that care about NUMA may break is
	on machines with funky NUMA topology. And there is a chance libvirt
	wasn't able to start any guests on those machines anyway (although it
	depends on the topology, total number of CPUs and kernel version).
	Nothing changes at all for apps that don't care about NUMA.

2010-11-25  Philipp Hahn  <hahn@univention.de>

	Fix broken XML entity for '>'
	Add missing 'g' to '&gt;' of '<product />' source-element.

2010-11-24  Eric Blake  <eblake@redhat.com>

	security, storage: plug memory leaks for security_context_t
	security_context_t happens to be a typedef for char*, and happens to
	begin with a string usable as a raw context string.  But in reality,
	it is an opaque type that may or may not have additional information
	after the first NUL byte, where that additional information can
	include pointers that can only be freed via freecon().

	Proof is from this valgrind run of daemon/libvirtd:

	==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274
	==6028==    at 0x4A0515D: malloc (vg_replace_malloc.c:195)
	==6028==    by 0x3022E0D48C: selabel_open (label.c:165)
	==6028==    by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296)
	==6028==    by 0x3022E1190D: matchpathcon (matchpathcon.c:317)
	==6028==    by 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382)

	800k is a lot of memory to be leaking.

	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD): Avoid leak on error.
	* src/security/security_selinux.c
	(SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel)
	(SELinuxRestoreSecurityFileLabel): Use correct function to free
	security_context_t.

2010-11-24  Eric Blake  <eblake@redhat.com>

	network: plug memory leak
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML): Free
	xml strings when no longer referenced.

2010-11-24  Eric Blake  <eblake@redhat.com>

	maint: prohibit most uses of xmlGetProp
	Making this change makes it easier to spot the memory leaks
	that will be fixed in the next patch.

	* cfg.mk (sc_prohibit_xmlGetProp): New rule.
	* .x-sc_prohibit_xmlGetProp: New exception.
	* Makefile.am (EXTRA_DIST): Ship exception file.
	* tools/virsh.c (cmdDetachInterface, cmdDetachDisk): Adjust
	offenders.
	* src/conf/storage_conf.c (virStoragePoolDefParseSource):
	Likewise.
	* src/conf/network_conf.c (virNetworkDHCPRangeDefParseXML)
	(virNetworkIPParseXML): Likewise.

2010-11-24  Eric Blake  <eblake@redhat.com>

	qemu: plug memory leak
	https://bugzilla.redhat.com/show_bug.cgi?id=656795

	* src/qemu/qemu_monitor.c (qemuMonitorFree): Also free the buffer.

2010-11-24  Eric Blake  <eblake@redhat.com>

	maint: ensure syntax check exceptions are distributed
	* Makefile.am (EXTRA_DIST): Factor exceptions files...
	(syntax_check_excpetions): into new list.  Include recently added
	exceptions.
	* cfg.mk (sc_x_sc_dist_check): New check, copied from coreutils.

	build: enforce files.h usage
	* cfg.mk (sc_prohibit_close): New syntax-check rule.
	* src/util/pci.c (pciWaitForDeviceCleanup): Fix violation.
	* .x-sc_prohibit_close: New exceptions.
	* Makefile.am (EXTRA_DIST): Distribute new file.

2010-11-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	Always close drivers when a virConnectPtr is released
	virConnectClose calls virUnrefConnect which in turn closes
	all open drivers when the refcount of that connection dropped
	to zero. This works fine when you free all other objects that
	hold a ref to the connection before you close it, because in
	this case virUnrefConnect is the one that removes the last
	ref to the connection.

	But it doesn't work when you close the connection first before
	freeing the other objects. This is because the other virUnref*
	functions call virReleaseConnect when they detect that the
	connection's refcount dropped to zero. In this case another
	virUnref* function (different from virUnrefConnect) removes the
	last ref to the connection. This results in not closing the
	open drivers and leaking things that should have been cleaned
	up in the driver close functions.

	To fix this move the driver close calls to virReleaseConnect.

2010-11-24  Osier Yang  <jyang@redhat.com>

	Implementations of virDomainIsUpdated for drivers except qemu
	Except LXC and UML driver, implementations of all other drivers
	simply return 0, because these drivers doesn't have config both
	in memory and on disk, no need to track if the domain of these
	drivers updated or not.

	Rename "xenUnifiedDomainisPersistent" to "xenUnifiedDomainIsPersistent"

	* esx/esx_driver.c
	* lxc/lxc_driver.c
	* opennebula/one_driver.c
	* openvz/openvz_driver.c
	* phyp/phyp_driver.c
	* test/test_driver.c
	* uml/uml_driver.c
	* vbox/vbox_tmpl.c
	* xen/xen_driver.c
	* xenapi/xenapi_driver.c

2010-11-23  Osier Yang  <jyang@redhat.com>

	implement callback function for qemu driver
	* src/qemu/qemu_driver.c (add function qemuDomainIsUpdated)

	implement the remote protocol
	* daemon/remote.c
	* daemon/remote_dispatch_args.h
	* daemon/remote_dispatch_prototypes.h
	* daemon/remote_dispatch_ret.h
	* daemon/remote_dispatch_table.h
	* src/remote/remote_driver.c
	* src/remote/remote_protocol.c
	* src/remote/remote_protocol.h
	* src/remote/remote_protocol.x
	* src/remote_protocol-structs

	implement public API virDomainIsUpdated
	* src/libvirt.c

	define internal driver API
	* src/driver.h (new typedef, new callback member for "_virDriver")
	* src/esx/esx_driver.c
	* src/lxc/lxc_driver.c
	* src/opennebula/one_driver.c
	* src/openvz/openvz_driver.c
	* src/phyp/phyp_driver.c
	* src/qemu/qemu_driver.c
	* src/remote/remote_driver.c
	* src/test/test_driver.c
	* src/uml/uml_driver.c
	* src/vbox/vbox_tmpl.c
	* src/xen/xen_driver.c
	* src/xenapi/xenapi_driver.c

2010-11-23  Osier Yang  <jyang@redhat.com>

	virDomainIsUpdated: define the new public API
	introduce new public API "virDomainIsUpdated"

	* src/conf/domain_conf.h (new member "updated" for "virDomainObj")
	* src/libvirt_public.syms
	* include/libvirt/libvirt.h.in

2010-11-23  Eric Blake  <eblake@redhat.com>

	maint: sort exports
	* src/libvirt_private.syms (buf.h): Sort.

2010-11-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Fix TLS transport on Windows
	gnulib wraps Windows' SOCKET handle based send() and recv() functions
	into file descriptor based ones that are used in libvirt.

	Even though GnuTLS is using gnulib too, it explicitly doesn't use
	gnulib's replacement functions on Windows. By default GnuTLS uses the
	SOCKET handle based send() and recv(). This makes gnutls_handshake()
	fail internally with a WSAENOTSOCK error because libvirt passes a
	file descriptor; GnuTLS needs the SOCKET handle.

	To avoid this mismatch make sure that GnuTLS uses gnulib's replacment
	functions, by setting custom pull() and push() functions for GnuTLS.

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	tests: Fix dispatching internal error reports
	Without this fix, the test suite doesn't print error messages when a libvirt
	function fails. Additionally, only print error reports if DEBUG or VERBOSE
	requested.

2010-11-23  Eric Blake  <eblake@redhat.com>

	libvirtd: fix bug when shrinking number of clients
	* daemon/libvirtd.c (qemudRunLoop): Pass allocation size, not
	current count, to VIR_SHRINK_N.
	* docs/hacking.html.in: Update doc example.
	* HACKING: Regenerate.

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Rename 'remove' param to 'toremove' to avoid clash with stdio.h
	The stdio.h header has a function called 'remove' declared. This
	clashes with the 'remove' parameter in virShrinkN

	* src/util/memory.c: Rename 'remove' to 'toremove'

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix 32-bit int truncation in QED header check
	* src/util/memory.c: Avoid 32-bit truncation extracting a 64bit int

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix error handling in virsh when listing storage volumes
	virsh was not checking for a error code when listing storage
	volumes. So when listing volumes in a pool that was shutoff,
	no output was displayed

	* tools/virsh.c: Fix error handling when listing volumes

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Improve SCSI volume name generation
	The SCSI volumes currently get a name like '17:0:0:1' based
	on $host:$bus:$target:$lun. The names are intended to be unique
	per pool and stable across pool restarts. The inclusion of the
	$host component breaks this, because the $host number for iSCSI
	pools is dynamically allocated by the kernel at time of login.
	This changes the name to be 'unit:0:0:1', ie removes the leading
	host component. The 'unit:' prefix is just to ensure the volume
	name doesn't start with a number and make it clearer when seen
	out of context.

	* src/storage/storage_backend_scsi.c: Improve volume name
	  field value stability and uniqueness

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix error codes returned when a storage pool is inactive
	Many operations are not valid on inactive storage pools. The
	storage driver is currently returning VIR_ERR_INTERNAL_ERROR
	in these cases, rather than the more suitable error code
	VIR_ERR_OPERATION_INVALID

	* src/storage/storage_driver.c: Fix error code when pool
	  is not active

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Check whether pools are already active upon libvirtd startup
	When libvirt starts up all storage pools default to the inactive
	state, even if the underlying storage is already active on the
	host. This introduces a new API into the internal storage backend
	drivers that checks whether a storage pool is already active. If
	the pool is active at libvirtd startup, the volume list will be
	immediately populated.

	* src/storage/storage_backend.h: New internal API for checking
	  storage pool state
	* src/storage/storage_driver.c: Check whether a pool is active
	  upon driver startup
	* src/storage/storage_backend_fs.c, src/storage/storage_backend_iscsi.c,
	  src/storage/storage_backend_logical.c, src/storage/storage_backend_mpath.c,
	  src/storage/storage_backend_scsi.c: Add checks for pool state

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus port handling code in virsh
	The "find-storage-pool-sources-as" command takes two arguments,
	a hostname and a port number. For some reason the code would
	also then look for a port number appended to the hostname
	string by searching for ':'. This totally breaks if the user
	gives an IPv6 address, and is redundant, since you can already
	provide a port as a separate argument

	* tools/virsh.c: Remove bogus port number handling code

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Allow iSCSI IQN to be set with find-storage-pool-sources-as command
	Allow an iSCSI initiator IQN to be set with the XML for the
	find-storage-pool-sources-as virsh command

	* tools/virsh.c: Add iSCSI IQN support

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Switch the virsh XML generation to use virBuffer instead of virAsprintf
	The code generating XML for storage pool source discovery is
	hardcoded to only allow a hostname and optional port number.
	Refactor this code to make it easier to add support for extra
	parameters.

	* tools/virsh.c: Refactor XML generator

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Add support for iSCSI target auto-discovery
	Since the previous patch added support for parsing the output of
	the 'sendtargets' command, it is now trivial to support the
	storage pool discovery API.

	Given a hostname and optional portnumber and initiator IQN,
	the code can return a full list of storage pool source docs,
	each one representing a iSCSI target.

	* src/storage/storage_backend_iscsi.c: Wire up target
	  auto-discovery

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Stop iSCSI targets automatically logging back in after logout
	The Linux iSCSI initiator toolchain has the dubious feature that
	if you ever run the 'sendtargets' command to merely query what
	targets are available from a server, the results will be recorded
	in /var/lib/iscsi. Any time the '/etc/init.d/iscsi' script runs
	in the future, it will then automatically login to all those
	targets. /etc/init.d/iscsi is automatically run whenever a NIC
	comes online.

	So from the moment you ask a server what targets are available,
	your client will forever more automatically try to login to all
	targets without ever asking if you actually want it todo this.

	To stop this stupid behaviour, we need to run

	  iscsiadm --portal $PORTAL --target $TARGET
	   --op update --name node.startup --value manual

	For every target on the server.

	* src/storage/storage_backend_iscsi.c: Disable automatic login
	  for targets found as a result of a 'sendtargets' command

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Refactor iSCSI driver code to facilitate future changes
	The following series of patches are adding significant
	extra functionality to the iSCSI driver. THe current
	internal helper methods are not sufficiently flexible
	to cope with these changes. This patch refactors the
	code to avoid needing to have a virStoragePoolObjPtr
	instance as a parameter, instead passing individual
	target, portal and initiatoriqn parameters.

	It also removes hardcoding of port 3260 in the portal
	address, instead using the XML value if any.

	* src/storage/storage_backend_iscsi.c: Refactor internal
	  helper methods

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix parsing of port attribute in storage XML configuration
	The XML docs describe a 'port' attribute for the
	storage source <host> element, but the parser never
	handled it.

	* docs/schemas/storagepool.rng: Define port attribute
	* src/conf/storage_conf.c: Add missing parsing/formatting
	  of host port number
	* src/conf/storage_conf.h: Remove bogus/unused 'protocol' field

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Don't catch SIGCHLD in libvirtd
	libvirtd no longer deals with SIGCHLD in its signal handler
	since the QEMU driver switched to always daemonize processes.
	Thus remove the sigaction for it, to avoid warning log
	messages

	* daemon/libvirtd.c: Don't catch SIGCHLD

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Ensure logfile isn't truncated by shutdown message.
	When running non-root, the QEMU log file is usually opened with
	truncation, since there is no logrotate for non-root usage.
	This means that when libvirt logs the shutdown timestamp, the
	log is accidentally truncated

	* src/qemu/qemu_driver.c: Never truncate log file with shutdown
	  message

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Remove trailing ':' from timestamp
	The QEMU logger appends a ':' to the timestamp when it deems
	it neccessary, so the virTimestamp API should not duplicate
	this

	* src/util/util.c: Remove trailing ':' from timestamp

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Log all errors at level INFO to stop polluting syslog
	Everytime a public API returns an error, libvirtd pollutes
	syslog with that error message. Reduce the error logging
	level to INFO so these don't appear by default.

	* src/util/virterror.c: Log all errors at INFO

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Ensure virExec preserves logging environment
	The virFork call resets all logging handlers that may have been
	set. Re-enable them after fork in virExec, so that env variables
	fir LIBVIRT_LOG_OUTPUTS and LIBVIRT_LOG_FILTERS take effect
	until the execve()

	* src/util/util.c: Preserve logging in child in virExec

2010-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Include a thread identifier in log messages
	To allow messages from different threads to be untangled,
	include an integer thread identifier in log messages.

	* src/util/logging.c: Include thread ID
	* src/util/threads.h, src/util/threads.h, src/util/threads-pthread.c:
	  Add new virThreadSelfID() function
	* configure.ac: Check for sys/syscall.h

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	qemu: setvcpus: Save config changes to disk
	Currently changes to the persistent config aren't flushed to disk, meaning
	they are lost if the domain is redefined or libvirtd is restarted.

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	qemu: setvcpus: Simplify altering the persistent config
	Do this by adding a helper function to get the persistent domain config. This
	should be useful for other functions that may eventually want to alter
	the persistent domain config (attach/detach device). Also make similar changes
	to the test drivers setvcpus command.

	A caveat is that the function will return the running config for a transient
	domain, rather than error. This simplifies callers, as long as they use
	other methods to ensure the guest is persistent.

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	qemu: setvcpus: Fix maxvcpus check
	Doing 'virsh setvcpus $vm --config 10' doesn't check the value against the
	domains maxvcpus value. A larger value for example will prevent the guest
	from starting.

	Also make a similar change to the test driver.

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	conf: domain: Improve vcpus validation reporting

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	Make state driver device hotplug/update actually transient
	The current semantics of non-persistent hotplug/update are confusing: the
	changes will persist as long as the in memory domain definition isn't
	overwritten. This means hotplug changes stay around until the domain is
	redefined or libvirtd is restarted.

	Call virDomainObjSetDefTransient at VM startup, so that we properly discard
	hotplug changes when the VM is shutdown.

2010-11-23  Cole Robinson  <crobinso@redhat.com>

	domain_conf: Add virDomainObjSetDefTransient
	This function sets the running domain definition as transient, by reparsing
	the persistent config and assigning it to newDef. This ensures that any
	changes made to the running definition and not the persistent config are
	discarded when the VM is shutdown.

2010-11-22  Cole Robinson  <crobinso@redhat.com>

	xend: Escape reserved sexpr characters
	If we don't escape ' or \ xend can't parse the generated sexpr. This
	might over apply the EscapeSexpr routine, but it shouldn't hurt.

	buf: Simplify virBufferEscapeString
	We are about to copy this function, so clean it up before we do.

	xend: urlencode: Properly escape '&'
	Since we send the sexpr to xend via HTTP, we need to properly escape
	'&'

	conf: Fix parsing python style triple quotes
	An incorrect check broke matching the closing set of quotes. Update
	tests to cover this case for XM config files.

	conf: Convert ParseString to use STRPREFIX

	schemas: domain: Add more valid file path chars
	Also, standardize path usage on 'filePath' and 'absFilePath'

2010-11-22  Adam Litke  <agl@us.ibm.com>

	qed: Minor updates to QED support patches
	This patch makes two corrections to the newly-added QED support patch series:

	 - Correct the QED header field offsets
	 - Remove XML parsing for VIR_STORAGE_FILE_AUTO_SAFE

2010-11-22  Justin Clift  <jclift@redhat.com>

	docs: removed outdated reference to virt-mem
	The virt-mem program is no longer shipped, but was still being
	referenced at the bottom of the virsh and libvirtd man pages.

	This patch removes it from those man pages, addressing
	BZ# 639603:

	  https://bugzilla.redhat.com/show_bug.cgi?id=639603

2010-11-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: re-order lock grabbed by IP addr. learn thread
	The IP address learning thread was causing a deadlock when it instantiated a filter while a filter update/change was ongoing. The reason for this was the ordering of locks due to the following calls

	virNWFilterUnlockFilterUpdates()
	virNWFilterPoolObjFindByName()

	The below patch now puts the order of the locks in the above shown order when instantiating the filter from the IP address learning thread.

2010-11-20  Adam Litke  <agl@us.ibm.com>

	Support for probing qed image metadata
	Implement getBackingStore() for QED images.  The header format is defined in
	the QED spec: http://wiki.qemu.org/Features/QED .

	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

2010-11-20  Adam Litke  <agl@us.ibm.com>

	storage_file: Add a new flag to mark backing files that are safe to probe

2010-11-20  Adam Litke  <agl@us.ibm.com>

	QED: Basic support for QED images
	Add an entry in fileTypeInfo for QED image files.

	Cc: Stefan Hajnoczi <stefan.hajnoczi@uk.ibm.com>
	Cc: Anthony Liguori <aliguori@linux.vnet.ibm.com>

2010-11-19  Adam Litke  <agl@us.ibm.com>

	Allow probing of image formats without version information
	Disk image formats that wish to opt-out of version validation are supposed to
	set versionOffset to -1 in their fileTypeInfo entry.

	By unconditionally returning False for these formats,
	virStorageFileMatchesVersion() incorrectly reports a version mismatch when the
	test was actually skipped.  The correct behavior is to return True so these
	formats can be successfully probed using the magic bytes alone.

2010-11-18  Eric Blake  <eblake@redhat.com>

	maint: tighten strncmp syntax check
	Using 'int ret = strcmp(a, b)' in a qsort function is a valid use of
	str[n]cmp that should _not_ be turned to STREQ, but it was falling
	foul of our specific syntax-check.  Meanwhile, gnulib's maint.mk
	already has a tighter bound for strcmp, so we can copy that regex and
	just check for strncmp, which results in fewer false positives that
	require exceptions.

	* cfg.mk (sc_prohibit_strcmp_and_strncmp): Rename...
	(sc_prohibit_strncmp): ...to this, and tighten, to mirror
	maint.mk's sc_prohibit_strcmp's better regex.
	* Makefile.am (syntax_check_exceptions): Update exception rule.
	* .x-sc_prohibit_strcmp_and_strncmp: Rename...
	* .x-sc_prohibit_strncmp: ...and trim.

2010-11-18  Daniel P. Berrange  <berrange@redhat.com>

	virExec: fix bug in setting up child stderr/out with /dev/null

2010-11-18  Eric Blake  <eblake@redhat.com>

	capabilities, cpu: use new array API
	* src/conf/capabilities.h (_virCaps, _virCapsHost, _virCapsGuest)
	(_virCapsGuestArch): Add additional fields.
	* src/conf/cpu_conf.h (_virCPUDef): Likewise.
	* src/conf/capabilities.c (virCapabilitiesFormatXML): Reflect
	updated type.
	(virCapabilitiesAddGuest, virCapabilitiesAddHostFeature)
	(virCapabilitiesAddHostMigrateTransport)
	(virCapabilitiesAddHostNUMACell, virCapabilitiesAddGuestFeature)
	(virCapabilitiesAddGuestDomain): Use new array APIs.
	* src/conf/cpu_conf.c (virCPUDefAddFeature, virCPUDefCopy)
	(virCPUDefParseXML): Likewise.
	* tests/testutilsqemu.c (testQemuCapsInit): Adjust test.

	daemon: use safer memory growth macros
	* daemon/libvirtd.h (qemud_server): Change types of members
	tracking array sizes, and add allocation trackers.
	* daemon/event.c (virEventLoop): Likewise.
	(virEventAddHandleImpl, virEventAddTimeoutImpl)
	(virEventCleanupTimeouts, virEventCleanupHandles): Use
	VIR_RESIZE_N instead of VIR_REALLOC_N.  Tweak debug messages to
	match type changes.
	* daemon/libvirtd.c (qemudDispatchServer, qemudRunLoop): Likewise.

	memory: make it easier to avoid quadratic scaling of arrays
	* src/util/memory.h (VIR_RESIZE_N): New macro.
	* src/util/memory.c (virResizeN): New function.
	* src/libvirt_private.syms: Export new helper.
	* docs/hacking.html.in: Document it.
	* HACKING: Regenerate.

	memory: make it safer to expand arrays
	* src/util/memory.h (VIR_REALLOC_N): Update docs.
	(VIR_EXPAND_N, VIR_SHRINK_N): New macros.
	(virAlloc, virAllocN, virReallocN, virAllocVar, virFree): Add some
	gcc attributes.
	* src/util/memory.c (virExpandN, virShrinkN): New functions.
	(virReallocN): Update docs.
	* src/libvirt_private.syms: Export new helpers.
	* docs/hacking.html.in: Prefer newer interfaces over
	VIR_REALLOC_N, since uninitialized memory can bite us.
	* HACKING: Regenerate.

2010-11-18  Osier Yang  <jyang@redhat.com>

	doc: Add doc for missed options of migrate
	* tools/virsh.pod (add doc for options like "--p2p", "--direct",
	"--copy-storage-all", "dname", etc.)

	doc: add doc for missed parameters of attach-disk
	* tools/virsh.pod (add docs for --persistent and --sourcetype
	of attach-disk, break the long lines in the meantime)

2010-11-18  Daniel Veillard  <veillard@redhat.com>

	Fix a failure to restore SELinux label for character devices
	The code in SELinuxRestoreSecurityChardevLabel() was trying to
	use SELinuxSetFilecon directly for devices or file types while
	it should really use SELinuxRestoreSecurityFileLabel encapsulating
	routine, which avoid various problems like resolving symlinks,
	making sure he file exists and work around NFS problems

2010-11-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Fix several compile errors
	Include locale.h for setlocale().

	Revert the usage string back to it's original form.

	Use puts() instead of fputs(), as fputs() expects a FILE*.

	Add closing parenthesis to some vah_error() calls.

	Use argv[0] instead of an undefined argv0.

2010-11-17  Eric Blake  <eblake@redhat.com>

	build: fix autobuild failures on gcov upgrade
	Last time I ran ./autobuild.sh was on F13; and upgrading to F14
	exposed these leftovers due to a newer gcov than what was in the stale
	files, in the form of spurious messages that break 'make check':

	+profiling:/home/remote/eblake/libvirt-tmp/tools/virsh-console.gcda:Version mismatch - expected 405R got 404R

	and concluding with a bug in the autobuild.sh script itself:

	./autobuild.sh: line 44: test: =: unary operator expected

	* autobuild.sh: avoid syntax error on failed test
	* tools/Makefile.am (CLEANFILES): Clean coverage files.

2010-11-17  Osier Yang  <jyang@redhat.com>

	doc: update virsh manual
	* tools/virsh.pod (change things like "edit domain.xml" into
	  "vi domain.xml", so that it's more clear for user)

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: avoid remaining sprintf uses
	* cfg.mk (sc_prohibit_sprintf): New rule.
	(sc_prohibit_asprintf): Avoid false positives.
	* docs/hacking.html.in (Printf-style functions): Document the
	policy.
	* HACKING: Regenerate.
	* .x-sc_prohibit_sprintf: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* src/vbox/vbox_tmpl.c (vboxStartMachine, vboxAttachUSB): Use
	virAsprintf instead.
	* src/uml/uml_driver.c (umlOpenMonitor): Use snprintf instead.
	* tools/virsh.c (cmdDetachInterface): Likewise.
	* src/security/security_selinux.c (SELinuxGenSecurityLabel):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Likewise,
	and ensure large enough buffer.

2010-11-17  Eric Blake  <eblake@redhat.com>

	virt-aa-helper: translate error messages
	These messages are visible to the user, so they should be
	consistently translated.

	* cfg.mk (msg_gen_function): Add vah_error, vah_warning.
	* src/security/virt-aa-helper.c: Translate messages.
	(catchXMLError): Fix capitalization.

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	Allows bootstrap to work on FreeBSD, where gzip doesn't have a '.'
	in its version; and silences false positives in the new
	'make syntax-check' rule.

	* .gnulib: Update to latest.
	* bootstrap: Synchronize to upstream.
	* .x-sc_bindtextdomain: New exemptions.
	* Makefile.am (syntax_check_exceptions): Ship new file.
	* .gitignore: Regenerate per latest bootstrap, anchor entries that
	are only in the root directory, and consolidate entries from other
	generated .gitignore files.
	* build-aux/.gitignore, m4/.gitignore, po/.gitignore: Remove from
	version control, since bootstrap generates them.

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: improve i18n on non-Linux
	Per the gettext developer:
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html
	http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html

	gettext() doesn't work correctly on all platforms unless you have
	called setlocale().  Furthermore, gnulib's gettext.h has provisions
	for setting up a default locale, which is the preferred method for
	libraries to use gettext without having to call textdomain() and
	override the main program's default domain (virInitialize already
	calls bindtextdomain(), but this is insufficient without the
	setlocale() added in this patch; and a redundant bindtextdomain()
	in this patch doesn't hurt, but serves as a good example for other
	packages that need to bind a second translation domain).

	This patch is needed to silence a new gnulib 'make syntax-check'
	rule in the next patch.

	* daemon/libvirtd.c (main): Setup locale and gettext.
	* src/lxc/lxc_controller.c (main): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/parthelper.c (main): Likewise.
	* tools/virsh.c (main): Fix exit status.
	* src/internal.h (DEFAULT_TEXT_DOMAIN): Define, for gettext.h.
	(_): Simplify definition accordingly.
	* po/POTFILES.in: Add src/storage/parthelper.c.

2010-11-17  Eric Blake  <eblake@redhat.com>

	maint: use gnulib configmake rather than open-coding things
	* bootstrap.conf (gnulib_modules): Add configmake.
	* daemon/Makefile.am (libvirtd_CFLAGS): Drop defines provided by
	gnulib.
	* src/Makefile.am (INCLUDES): Likewise.
	* tests/Makefile.am (INCLUDES): Likewise.
	* tools/Makefile.am (virsh_CFLAGS): Likewise.
	* daemon/libvirtd.c (qemudInitPaths, usage, main): Update
	clients.
	* src/cpu/cpu_map.c (CPUMAPFILE): Likewise.
	* src/driver.c (DEFAULT_DRIVER_DIR): Likewise.
	* src/internal.h (_): Likewise.
	* src/libvirt.c (virInitialize): Likewise.
	* src/lxc/lxc_conf.h (LXC_CONFIG_DIR, LXC_STATE_DIR, LXC_LOG_DIR):
	Likewise.
	* src/lxc/lxc_conf.c (lxcCapsInit, lxcLoadDriverConfig):
	Likewise.
	* src/network/bridge_driver.c (NETWORK_PID_DIR)
	(NETWORK_STATE_DIR, DNSMASQ_STATE_DIR, networkStartup): Likewise.
	* src/nwfilter/nwfilter_driver.c (nwfilterDriverStartup):
	Likewise.
	* src/qemu/qemu_conf.c (qemudLoadDriverConfig): Likewise.
	* src/qemu/qemu_driver.c (qemudStartup): Likewise.
	* src/remote/remote_driver.h (LIBVIRTD_PRIV_UNIX_SOCKET)
	(LIBVIRTD_PRIV_UNIX_SOCKET_RO, LIBVIRTD_CONFIGURATION_FILE)
	(LIBVIRT_PKI_DIR): Likewise.
	* src/secret/secret_driver.c (secretDriverStartup): Likewise.
	* src/security/security_apparmor.c (VIRT_AA_HELPER): Likewise.
	* src/security/virt-aa-helper.c (main): Likewise.
	* src/storage/storage_backend_disk.c (PARTHELPER): Likewise.
	* src/storage/storage_driver.c (storageDriverStartup): Likewise.
	* src/uml/uml_driver.c (TEMPDIR, umlStartup): Likewise.
	* src/util/hooks.c (LIBVIRT_HOOK_DIR): Likewise.
	* tools/virsh.c (main): Likewise.
	* docs/hooks.html.in: Likewise.

2010-11-17  Stefan Berger  <stefanb@us.ibm.com>

	replace last instances of close()
	I am replacing the last instances of close() I found with VIR_CLOSE() / VIR_FORCE_CLOSE respectively.

	The first part patches virsh, which I missed out on previously.

	The 2nd patch I had left out intentionally to look at it more carefully:
	The 'closed' variable could be easily removed since it wasn't used anywhere else. The possible race condition that could result from the filedescriptor being closed and not set to -1 (and possibly let us write into 'something' totally different if the fd was allocated by another thread) seems to be prevented by the qemuMonitorLock() already placed around the code that reads from or writes to the fd. So the change of this code as shown in the patch should not have any side-effects.

2010-11-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: also purge ip(6)tables rules before detecting IP address
	Rather than only cleaning any remaining ebtables rules, also clean those applied to iptables and ip6tables when detecting the IP address of an interface. Previous applied iptables rules may hinder DHCP packets.

2010-11-17  Stefan Berger  <stefanb@us.ibm.com>

	deprecate fclose() and introduce VIR_{FORCE_}FCLOSE()
	Similarly to deprecating close(), I am now deprecating fclose() and
	introduce VIR_FORCE_FCLOSE() and VIR_FCLOSE(). Also, fdopen() is replaced with
	VIR_FDOPEN().

	Most of the files are opened in read-only mode, so usage of
	VIR_FORCE_CLOSE() seemed appropriate. Others that are opened in write
	mode already had the fclose()<  0 check and I converted those to
	VIR_FCLOSE()<  0.

	I did not find occurrences of possible double-closed files on the way.

2010-11-16  Osier Yang  <jyang@redhat.com>

	daemon: fix indention problem in daemon/libvirt.c
	* daemon/libvirtd.c

	qemu: fix typos in qemu_monitor_text.c
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextChangeMedia)

2010-11-16  Osier Yang  <jyang@redhat.com>

	qemu: record timestamp in qemu domain log
	Currently only support domain start and shutdown, for domain start,
	record timestamp before the qemu command line, and for domain shutdown,
	just say it's shutting down with timestamp.

	* src/qemu/qemu_driver.c (qemudStartVMDaemon, qemudShutdownVMDaemon
	  introduced two macros - START_POSTFIX, SHUTDOWN_POSTFIX)

2010-11-16  Osier Yang  <jyang@redhat.com>

	virsh: add net-info command
	To list basic information about the network.

	* tools/virsh.c
	* tools/virsh.pod

2010-11-16  Eric Blake  <eblake@redhat.com>

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c (CMD_EXEC): Fix syntax
	error in previous patch.
	Reported by Stefan Berger.

	nwfilter: use /bin/sh rather than requiring bash
	* src/nwfilter/nwfilter_ebiptables_driver.c
	(ebiptablesWriteToTempFile): Use /bin/sh.
	(bash_cmd_path): Delete.
	(ebiptablesDriverInit, ebiptablesDriverShutdown): No need to
	search for bash.
	(CMD_EXEC): Prefer $() over ``, since we can assume POSIX.
	(iptablesSetupVirtInPost): Use portable 'test' syntax.
	(iptablesLinkIPTablesBaseChain): Use POSIX $(()) syntax.

2010-11-15  Laine Stump  <laine@laine.org>

	interface.rng: Make miimon and arpmon optional for bond interfaces
	This has been optional in netcf for awhile, but the change hadn't been
	propogated to the libvirt copy of the RNG.

2010-11-15  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert send / recv function to use libnl
	In a second step I am converting the netlink send/receive functions to
	use libnl.

	I tested this with 802.1Qbg profiles and my test server and did not see
	a regression.

	Caveat: The online documentation of libnl talks about nl_socket_alloc()
	but the header file provides nl_handle_alloc() -- this could be a hint
	to a possible problem between libnl versions...

	http://www.infradead.org/~tgr/libnl/doc/group__socket.html

	versus

	http://libnl.sourcearchive.com/documentation/1.1/group__socket_gf903c9ea089735b1ba8e40dae801c47d.html

2010-11-15  Laine Stump  <laine@laine.org>

	Fix ipv4-addr definition in interface.rng
	Eric Blake pointed out a deficiency in this regex when it was
	copy-pasted into network.rng. This is just propogating the fix back to
	its origin.

2010-11-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use python discovered through env instead of hardcoding a path
	This is more flexible regarding the location of the python binary
	but doesn't allow to pass the -u flag. The -i flag can be passed
	from inside the script using the PYTHONINSPECT env variable.

	This fixes a problem with the esx_vi_generator.py on FreeBSD.

2010-11-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Avoid warnings about breaking strict-aliasing rules on FreeBSD

	Make sure struct sockaddr_in is defined on FreeBSD

	configure: Disable FS storage driver if mntent.h is not available
	This is the case on FreeBSD.

	daemon: Include stdlib.h in dispatch.c
	Otherwise GCC complains about malloc being unknown on FreeBSD.

2010-11-13  Justin Clift  <jclift@redhat.com>

	docs: updated virsh command reference with libvirt.org links

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure: Remove bashism and replace 'test ==' with 'test ='
	This also fixes configure problems on FreeBSD, as test doesn't
	understand '==' there.

	virsh: Fix compile error in VPATH build
	tools/console.c depends on daemon/event.h.

	Generate HACKING from docs/hacking.html.in

	docs: Prepare hacking.html.in to generate HACKING from it
	Tweak pre tags to achieve proper indentation of their
	plaintext representation. Also use more b/i/code tags.

2010-11-12  Justin Clift  <jclift@redhat.com>

	docs: updated csharp pages with latest info

	docs: trivial typo fix

	docs: added virsh command reference page.
	Using temporary location links for the moment, until we get a
	proper place to store the files on the libvirt.org server.

2010-11-12  Cole Robinson  <crobinso@redhat.com>

	rpm: Fix summary wording

2010-11-12  John Morrissey  <jwm@horde.net>

	qemu: Remove unnecessary quoting from the process name argument

2010-11-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Don't do a flags check in the storage driver
	This makes the storage driver fail when the connection is
	opened with the VIR_CONNECT_RO flag, resulting in a read-only
	connection with no storage driver.

	qemu: Add qemu-system-s390x to the emulators list

2010-11-12  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: convert nl msg construction to use libnl
	In a first step I am converting the netlink message construction in
	macvtap code to use libnl. It's pretty much a 1:1 conversion except that
	now the message needs to be allocated and deallocated.

2010-11-12  Laine Stump  <laine@laine.org>

	Do a better job of validating IP and MAC addresses in network.rng
	IP addresses and MAC addresses had been defined in the RNG simply as
	<text/> meaning that, according to the RNG, any string could go in
	there. Of course the C parsing code does a much better job of
	validating, but we may as well have this describing the contents
	accurately (even though it's currently only used during "make check").

	re-indent network.rng following structural change
	This commit is whitespace changes only, do avoid obscuring actual code
	changes.

2010-11-12  Laine Stump  <laine@laine.org>

	Put network.rng contents inside <grammar> for uniformity with other RNGs
	All the other RNG files in libvirt are enclosed within <grammar>. This
	commit makes the syntactical changes necessary to make network.rng fit
	that pattern. (This is the first step in adding some data type
	definitions to network.rng for more exact validation of IP and MAC
	addresses).

	Formatting changes (indentation) will be done in a subsequent commit,
	so that actual changes to the code won't be obscured by whitespace.

2010-11-11  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper should require <uuid> in XML
	When <uuid> is not in the XML, a virUUIDGenerate() ends up being called which
	is unnecessary and can lead to crashes if /dev/urandom isn't available
	because virRandomInitialize() is not called within virt-aa-helper. This patch
	adds verify_xpath_context() and updates caps_mockup() to use it.

	Bug-Ubuntu: https://launchpad.net/bugs/672943

2010-11-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support SMBIOS host mode

2010-11-11  Laine Stump  <laine@laine.org>

	remote_driver.c: fix non-literal format strings w/o args

2010-11-11  Laine Stump  <laine@laine.org>

	ignore SELinuxSetFilecon error in SELinuxSetSecurityFileLabel if on nfs
	If virDomainAttachDevice() was called with an image that was located
	on a root-squashed NFS server, and in a directory that was unreadable
	by root on the machine running libvirtd, the attach would fail due to
	an attempt to change the selinux label of the image with EACCES (which
	isn't covered as an ignore case in SELinuxSetFilecon())

	NFS doesn't support SELinux labelling anyway, so we mimic the failure
	handling of commit 93a18bbafaf11729d3ca1241e11bee133d77fa77, which
	just ignores the errors if the target is on an NFS filesystem (in
	SELinuxSetSecurityAllLabel() only, though.)

	This can be seen as a follow-on to commit
	347d266c51705f4987fa5ce2a0ecb314ed8745ce, which ignores file open
	failures of files on NFS that occur directly in
	virDomainDiskDefForeachPath() (also necessary), but does not ignore
	failures in functions that are called from there (eg
	SELinuxSetSecurityFileLabel()).

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix reference counting bug in virsh console
	The event watches need to be removed before the event loop
	terminates, otherwise they cause a dangling reference to
	be held on the virStreamPtr, which in turns holds a reference
	on virConnectPtr, which in turn causes errors like

	  "Failed to disconnect from the hypervisor"

	* tools/console.c: Remove watches before event loop quits
	* tools/virsh.c: Print out dangling reference count

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Wire up virDomainOpenConsole for LXC, Xen and UML
	Introduce implementations of the virDomainOpenConsole() API
	for LXC, Xen and UML drivers.

	* src/lxc/lxc_driver.c, src/lxc/lxc_driver.c,
	  src/xen/xen_driver.c: Wire up virDomainOpenConsole

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix busy-wait loop on closed file descriptor
	When closing open streams after a client quits, the event
	callback was not removed. This mean that poll() was using
	a closed FD and returning POLLNVAL in a busy-wait loop.

	* daemon/stream.c: Disconnect stream callbacks

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Re-write virsh console to use streams
	This re-writes the 'virsh console' command so that it uses
	the new streams API. This lets it run remotely and/or as a
	non-root user. This requires that virsh be linked against
	the simple event loop from libvirtd in daemon/event.c
	As an added bonus, it can now connect to any console device,
	not just the first one.

	* tools/Makefile.am: Link to event.c
	* tools/console.c, tools/console.h: Rewrite to use the
	  virDomainOpenConsole() APIs with streams
	* tools/virsh.c: Support choosing the console name
	  via --devname $NAME

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Convert daemon/events.c to use virMutex and virThread
	The code currently uses pthreads APIs directly. This is not
	portable to Win32 threads. Switch it over to use the portability
	APIs. Also add a wrapper for pipe() which is subtely different
	on Win32

	* daemon/event.c: Switch to use virMutex & virThread.

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Introduce portability APIs for creating threads
	The util/threads.c/h code already has APIs for mutexes,
	condition variables and thread locals. This commit adds
	in code for actually creating threads.

	* src/libvirt_private.syms: Export new symbols
	* src/util/threads.h: Define APIs virThreadCreate, virThreadSelf,
	  virThreadIsSelf and virThreadJoin
	* src/util/threads-win32.c, src/util/threads-win32.h: Win32
	  impl of threads
	* src/util/threads-pthread.c, src/util/threads-pthread.h: POSIX
	  impl of threads

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Support virDomainOpenConsole with QEMU
	This provides an implementation of the virDomainOpenConsole
	API with the QEMU driver. For the streams code, this reuses
	most of the code previously added for the tunnelled migration
	streams since it is generic.

	* src/qemu/qemu_driver.c: Support virDomainOpenConsole

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Add a generic internal API for handling any FD based stream
	To avoid the need for duplicating implementations of virStream
	drivers, provide a generic implementation that can handle any
	FD based stream. This code is copied from the existing impl
	in the QEMU driver, with the locking moved into the stream
	impl, and addition of a read callback

	The FD stream code will refuse to operate on regular files or
	block devices, since those can't report EAGAIN properly when
	they would block on I/O

	* include/libvirt/virterror.h, include/libvirt/virterror.h: Add
	  VIR_FROM_STREAM error domain
	* src/qemu/qemu_driver.c: Remove code obsoleted by the new
	  generic streams driver.
	* src/fdstream.h, src/fdstream.c, src/fdstream.c,
	  src/libvirt_private.syms: Generic reusable FD based streams

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Lower logging level in remote driver streams
	Now that bi-directional, non-blocking streams are supported
	in the remote driver, some of the VIR_WARN statements need
	to be reduced to VIR_DEBUG.

	* src/remote/remote_driver.c: Lower logging level

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Remote driver client and server for virDomainOpenConsole
	This provides an implementation of the virDomainOpenConsole
	API for the remote driver client and server.

	* daemon/remote.c: Server side impl
	* src/remote/remote_driver.c: Client impl
	* src/remote/remote_protocol.x: Wire definition

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a virDomainOpenConsole API
	To enable virsh console (or equivalent) to be used remotely
	it is necessary to provide remote access to the /dev/pts/XXX
	pseudo-TTY associated with the console/serial/parallel device
	in the guest. The virStream API provide a bi-directional I/O
	stream capability that can be used for this purpose. This
	patch thus introduces a virDomainOpenConsole API that uses
	the stream APIs.

	* src/libvirt.c, src/libvirt_public.syms,
	  include/libvirt/libvirt.h.in, src/driver.h: Define the
	  new virDomainOpenConsole API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	  src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub
	  API entry point

2010-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Support callbacks on virStream APIs in remote driver client
	The current remote driver code for streams only supports
	blocking I/O mode. This is fine for the usage with migration
	but is a problem for more general use cases, in particular
	bi-directional streams.

	This adds supported for the stream callbacks and non-blocking
	I/O. with the minor caveat is that it doesn't actually do
	non-blocking I/O for sending stream data, only receiving it.
	A future patch will try to do non-blocking sends, but this is
	quite tricky to get right.

	* src/remote/remote_driver.c: Allow non-blocking I/O for
	  streams and support callbacks

2010-11-11  Daniel P. Berrange  <dan@berrange.com>

	Fix LXC container console device setup
	The /dev/console device inside the container must NOT map
	to the real /dev/console device node, since this allows the
	container control over the current host console. A fun side
	effect of this is that starting a container containing a
	real Fedora OS will kill off your X server.

	Remove the /dev/console node, and replace it with a symlink
	to the primary console TTY

	* src/lxc/lxc_container.c: Replace /dev/console with a
	  symlink to /dev/pty/0
	* src/lxc/lxc_controller.c: Remove /dev/console from cgroups
	  ACL

2010-11-11  Eric Blake  <eblake@redhat.com>

	virsh: supply long option for -V
	* tools/virsh.c (vshParseArgv): Use NULL instead of 0 for pointer,
	and symbolic names for has_arg.  Give --version an optional arg.
	(vshUsage): Document this.
	* tools/virsh.pod: Likewise.

2010-11-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Add flag to force a CDROM eject
	QEMU allows forcing a CDROM eject even if the guest has locked the device.
	Expose this via a new UpdateDevice flag, VIR_DOMAIN_DEVICE_MODIFY_FORCE.

	This has been requested for RHEV:

	https://bugzilla.redhat.com/show_bug.cgi?id=626305

	v2: Change flag name, bool cleanups

2010-11-10  Eric Blake  <eblake@redhat.com>

	rpm: fix /var/lib/libvirt permissions
	https://bugzilla.redhat.com/show_bug.cgi?id=649511

	Regression of forcing 0700 permissions (which breaks guest startup
	because the qemu user can't see /var/lib/libvirt/*.monitor) was
	introduced in commit 66823690e, as part of libvirt 0.8.2.

	* libvirt.spec.in (%files): Drop %{_localstatedir}/lib/libvirt,
	since libvirt depends on libvirt-client.
	(%files client): Guarantee 755 permissions on
	%(_localstatedir}/lib/libvirt, since the qemu user must be able to
	do pathname resolution to a subdirectory.

2010-11-10  Daniel Veillard  <veillard@redhat.com>

	Augment bug reporting documentation
	With some instruction on how to attach useful gdb backtraces

2010-11-10  Adam Litke  <agl@us.ibm.com>

	Allow non-file disk backingStores
	I am trying to use a qcow image with libvirt where the backing 'file' is a
	qemu-nbd server.  Unfortunately virDomainDiskDefForeachPath() assumes that
	backingStore is always a real file so something like 'nbd:0:3333' is rejected
	because a file with that name cannot be accessed.  Note that I am not worried
	about directly using nbd images.  That would require a new disk type with XML
	markup, etc.  I only want it to be permitted as a backingStore

	The following patch implements danpb's suggestion:
	> I think I'm inclined to push the logic for skipping NBD one stage higher.
	> I'd rather expect virStorageFileGetMetadata() to return all backing
	> stores, even if not files. The virDomainDiskDefForeachPath() method
	> should definitely ignore non-file backing stores though.
	>
	> So what I'm thinking is to extend the virStorageFileMetadata struct and
	> just add a 'bool isFile' field to it. Default this field to true, unless
	> you see the prefix of nbd: in which case set it to false. The
	> virDomainDiskDefForeachPath() method can then skip over any backing
	> store with isFile == false

	Cc: Daniel P. Berrange <berrange@redhat.com>

2010-11-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	xencapstest: Don't fail when Xen is installed
	xencapstest calls xenHypervisorMakeCapabilitiesInternal with conn == NULL
	which calls xenDaemonNodeGetTopology with conn == NULL when a recent
	enough Xen was detected (sys_interface_version >= SYS_IFACE_MIN_VERS_NUMA).
	But xenDaemonNodeGetTopology insists in having conn != NULL and fails,
	because it expects to be able to talk to an actual xend.

	We cannot do that in a 'make check' test. Therefore, only call the xend
	subdriver function when conn isn't NULL.

	Reported by Andy Howell and Jim Fehlig.

2010-11-09  Laine Stump  <laine@laine.org>

	virsh: fix non-literal string format
	These are in the newly added -V output.

2010-11-09  Stefan Berger  <stefanb@us.ibm.com>

	bye to close(), welcome to VIR_(FORCE_)CLOSE()
	Using automated replacement with sed and editing I have now replaced all
	occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of
	course. Some replacements were straight forward, others I needed to pay
	attention. I hope I payed attention in all the right places... Please
	have a look. This should have at least solved one more double-close
	error.

2010-11-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix syntax-check error in domain.rng
	Replace tab with spaces.

	esx: Add support for memtune/min_guarantee
	Also add a test case for the VMX handling of it.

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	schema: Move timer element inside clock
	Both conf/domain_conf.c and domain XML documentation have <timer>
	elements inside /domain/clock. Change domain.rng schema to be consistent
	with them.

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Misc test case fixes for SPICE
	* docs/schemas/domain.rng: Fix merge error which left SPICE channel
	  elements under VNC schema.
	* tests/qemuhelptest.c: Add SPICE flag to kvm-83 test
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add
	  <memballoon> element

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Add .xml suffix to tmp files used in *edit commands
	This helps editors with detecting the temporary files as XML since the
	temporary files do not contain <?xml ...?> declaration.

	Requested by https://bugzilla.redhat.com/show_bug.cgi?id=602277

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Support SPICE channel security options
	This extends the SPICE XML to allow channel security options

	    <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
	      <channel name='main' mode='secure'/>
	      <channel name='record' mode='insecure'/>
	    </graphics>

	Any non-specified channel uses the default, which allows both
	secure & insecure usage

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add XML syntax for specifying per
	  channel security options for spice.
	* src/qemu/qemu_conf.c: Configure channel security with spice

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Support multiple QXL video cards
	QEMU crashes & burns if you try multiple Cirrus video cards, but
	QXL copes fine. Adapt QEMU config code to allow multiple QXL
	video cards

	* src/qemu/qemu_conf.c: Support multiple QXL video cards

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Define XML syntax for password expiry
	This extends the XML syntax for <graphics> to allow a password
	expiry time to be set

	eg

	  <graphics type='vnc' port='5900' autoport='yes' keymap='en-us' passwd='12345' passwdValidTo='2010-04-09T15:51:00'/>

	The timestamp is in UTC.

	* src/conf/domain_conf.h: Pull passwd out into separate struct
	  virDomainGraphicsAuthDef to allow sharing between VNC & SPICE
	* src/conf/domain_conf.c: Add parsing/formatting of new passwdValidTo
	  argument
	* src/opennebula/one_conf.c, src/qemu/qemu_conf.c, src/qemu/qemu_driver.c,
	  src/xen/xend_internal.c, src/xen/xm_internal.c: Update for changed
	  struct containing VNC password

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Add SPICE support for QEMU driver configuration file
	In common with VNC, the QEMU driver configuration file is used
	specify the host level TLS certificate location and a default
	password / listen address

	* src/qemu/qemu.conf: Add spice_listen, spice_tls,
	  spice_tls_x509_cert_dir & spice_password config params
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Parsing of
	  spice config parameters and updating -spice arg generation
	  to use them
	* tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-rhel6.args,
	  tests/qemuxml2argvtest.c: Expand test case to cover driver
	  level configuration

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Support automatic port number allocation for SPICE
	* src/qemu/qemu_driver.c: Allocate the TCP ports for SPICE
	  before starting guest

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Implement QEMU/KVM support for SPICE graphics
	This supports the -spice argument posted for review against
	the latest upstream QEMU/KVM. This supports the bare minimum
	config with port, TLS port & listen address. The x509 bits are
	added in a later patch.

	* src/qemu_conf.c, src/qemu_conf.h: Add SPICE flag. Check for
	  -spice availability. Format -spice arg for command line
	* qemuhelptest.c: Add SPICE flag
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.args: Add <graphics>
	  for spice
	* qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Add -spice arg
	* qemuxml2argvtest.c: Add SPICE flag

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Implement QEMU/KVM QXL video card support in QEMU driver
	This supports the '-vga qxl' parameter in upstream QEMU/KVM
	which has SPICE support added. This isn't particularly useful
	until you get the next patch for -spice support. Also note that
	while the libvirt XML supports multiple video devices, this
	patch only supports a single one. A later patch can add support
	for 2nd, 3rd, etc PCI devices for QXL

	* src/qemu/qemu_conf.h: Flag for QXL support
	* src/qemu/qemu_conf.c: Probe for '-vga qxl' support and implement it
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args,
	  tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml: Test
	  case for generating spice args with RHEL6 kvm

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Add a <graphics> type for SPICE protocol
	This adds an element

	 <graphics type='spice' port='5903' tlsPort='5904' autoport='yes' listen='127.0.0.1'/>

	This is the bare minimum that should be exposed in the guest
	config for SPICE. Other parameters are better handled as per
	host level configuration tunables

	* docs/schemas/domain.rng: Define the SPICE <graphics> schema
	* src/domain_conf.h, src/domain_conf.c: Add parsing and formatting
	  for SPICE graphics config
	* src/qemu_conf.c: Complain about unsupported graphics types

2010-11-09  Daniel P. Berrange  <berrange@redhat.com>

	Add a QXL graphics card type to domain XML schema
	* src/qemu_conf.c: Add dummy entry in enumeration
	* docs/schemas/domain.rng: Add 'qxl' as a type for the <video> tag
	* src/domain_conf.c, src/domain_conf.h: Add QXL to video type
	  enumerations

2010-11-09  Daniel Veillard  <veillard@redhat.com>

	Show compiled in options in virsh -V
	  To ease debugging this trivial patch allows to find what was compiled
	in in the local version of libvirt, this doesn't work for remote access
	but that's probably sufficient. With the patch I get on my machine:

	paphio:~/libvirt/tools -> ./virsh -V
	Virsh command line tool of libvirt 0.8.4
	See web site at http://libvirt.org/

	Compiled with support for:
	 Hypervisors: Xen QEmu/KVM UML OpenVZ LXC ESX PHYP Test
	 Networking: Remote Daemon Network Bridging Netcf Nwfilter
	 Storage: Dir Disk Filesystem SCSI Multipath iSCSI LVM
	 Miscellaneous: SELinux Secrets Debug Readline
	paphio:~/libvirt/tools ->

	* tools/virsh.c: add -V option
	* tools/virsh.pod: document the extension

2010-11-09  Jiri Denemark  <jdenemar@redhat.com>

	maint: Commit .gitignore sorting done by bootstrap

	qemu: Fix non-literal format string

2010-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy: Remove it entirely and use libvirtd instead
	Suggested by danpb, as it's not up-to-date anymore and
	lacks many functions that were added to libvirtd.

	lxc: Exit on first error in lxcDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when lxcDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	Allow virDomainGetMemoryParameters on read-only connections
	Also fix a typo in the documentation of the function.

2010-11-08  Justin Clift  <jclift@redhat.com>

	virsh: fix incorrect help text mentioning non-existent network 'id'

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add a new test for sysinfo and smbios handling

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add sysinfo/smbios support to the QEmu driver
	The patch is based on the possiblity in the QEmu command line to
	add -smbios options allowing to override the default values picked
	by QEmu. We need to detect this first from QEmu help output.
	If the domain is defined with smbios to be inherited from host
	then we pass the values coming from the Host own SMBIOS, but
	if the domain is defined with smbios to come from sysinfo, we
	use the ones coming from the domain definition.

	* src/qemu/qemu_conf.h: add the QEMUD_CMD_FLAG_SMBIOS_TYPE enum
	  value
	* src/qemu/qemu_conf.c: scan the help output for the smbios support,
	  and if available add support based on the domain definitions,
	  and host data
	* tests/qemuhelptest.c: add the new enum in the outputs

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Read the host sysinfo for the QEmu driver
	Read and store the data when initializing the driver.

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add a sysinfo util module and read host info API
	Move existing routines about virSysinfoDef to an util module,
	add a new entry point virSysinfoRead() to read the host values
	with dmidecode

	* src/conf/domain_conf.c src/conf/domain_conf.h src/util/sysinfo.c
	  src/util/sysinfo.h: move to a new module, add virSysinfoRead()
	* src/Makefile.am: handle the new module build
	* src/libvirt_private.syms: new internal symbols
	* include/libvirt/virterror.h src/util/virterror.c: defined a new
	  error code for that module
	* po/POTFILES.in: add new file for translations

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Add smbios element to schema and configuration to HVM os
	the element has a mode attribute allowing only 3 values:
	  - emulate: use the smbios emulation from the hypervisor
	  - host: try to use the smbios values from the node
	  - sysinfo: grab the values from the <sysinfo> fields

	* docs/schemas/domain.rng: extend the schemas
	* src/conf/domain_conf.h: add the flag to the domain config
	* src/conf/domain_conf.h: parse and serialize the smbios if present

2010-11-08  Daniel Veillard  <veillard@redhat.com>

	Sysinfo parsing and saving to/from configuration files
	* src/conf/domain_conf.h: defines a new internal type added to the
	  domain structure
	* src/conf/domain_conf.c: parsing and serialization of that new type

	Sysinfo extension to relax-ng schemas
	Currently includes a subset of the SMBIOS strings set

2010-11-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Remove redundant slash in save directory path

2010-11-05  Chris Lalancette  <clalance@redhat.com>

	Implement virsh qemu-monitor-command.
	Now that the virsh parsing has been revamped, we can
	implement qemu-monitor-command.  This is basically the same
	as it was in previous iterations, but has now been tested to
	work both with the plain text monitor and the QMP monitor.

2010-11-05  Daniel P. Berrange  <dan@berrange.com>

	Fix off-by-1 in todo page generator
	The todo.pl script had an off-by-1 which meant any category
	with only a single bug would not appear

	* docs/todo.pl: Fix off-by-1

2010-11-03  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: libvirtd forgot macvtap dev name when restarted
	During a shutdown/restart cycle libvirtd forgot the macvtap device name that it had created on behalf of a VM so that a stale macvtap device remained on the host when the VM terminated. Libvirtd has to actively tear down a macvtap device and it uses its name for identifying which device to tear down.

	The solution is to not blank out the <target dev='...'/> completely, but only blank it out on VMs that are not active. So, if a VM is active, the device name makes it into the XML and is also being parsed. If a VM is not active, the device name is discarded.

2010-11-03  Osier Yang  <jyang@redhat.com>

	tests: fix daemon-conf testing failure
	libvirtd.conf uses "libvirt" as the value of "unix_sock_group",
	however, group "libvirt" may not exist on the system, in this case
	the case will always fail.

	As a solution, replace "libvirt" with "$USER" in "tmp.conf".

2010-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix virPipeReadUntilEOF on more than 1024 bytes of data
	virPipeReadUntilEOF is used to read the stdout of exec'ed
	and this could fail to capture the full output and read only
	1024 bytes.
	  The problem is that this is based on a poll loop, and in the
	loop we read at most 1024 bytes per file descriptor, but we also
	note in the loop if poll indicates that the process won't output
	more than that on that fd by setting finished[i] = 1.
	  The simplest way is that if we read a full buffer make sure
	finished[i] is still 0 because we will need another pass in the
	loop.

2010-11-02  Eric Blake  <eblake@redhat.com>

	virterror: supply missing spaces
	* src/util/virterror.c (virErrorDomainName): Always supply
	trailing space if category was present.

	xen: work with xen 4.0.1 headers
	* src/xen/xen_driver.h (includes): Include main xen headers
	here...
	* src/xen/xs_internal.c (includes): ...rather than in just one of
	the sub-drivers.

2010-11-02  Jim Fehlig  <jfehlig@novell.com>

	Fix build with polkit 0
	Commit e8066d53 broke the build with polkit0:

	remote.c: In function 'remoteDispatchAuthPolkit':
	remote.c:4177: error: 'rv' undeclared (first use in this function)

	Add missing identifier.

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Change calling conventions in remote driver client internals
	The remoteIO() method has wierd calling conventions, where
	it is passed a pre-allocated 'struct remote_call *' but
	then free()s it itself, instead of letting the caller free().
	This fixes those weird semantics

	* src/remote/remote_driver.c: Sanitize semantics of remoteIO
	  method wrt to memory release

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix comment for <video> tag in domain RNG schema
	The comment for the <video> tag was a cut+paste error duplicating
	info about the <graphics> tag

	* docs/schemas/domain.rng: Fix comment for <video> tag

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Misc error handling fixes in text mode monitor commands
	A couple of places in the text monitor were overwriting the
	'ret' variable with a >= 0 value before success was actually
	determined. So later error paths would not correctly return
	the -1 value. The drive_add code was not checking for errors
	like missing command

	* src/qemu/qemu_monitor_text.c: Misc error handling fixes

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Ignore open failures when relabelling disk images
	NFS in root squash mode may prevent opening disk images to
	determine backing store. Ignore errors in this scenario.

	* src/security/security_selinux.c: Ignore open failures on disk
	  images

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Treat failure to relabel stdin_path as non-fatal on NFS
	NFS does not support file labelling, so ignore this error
	for stdin_path when on NFS.

	* src/security/security_selinux.c: Ignore failures on labelling
	  stdin_path on NFS
	* src/util/storage_file.c, src/util/storage_file.h: Refine
	  virStorageFileIsSharedFS() to allow it to check for a
	  specific FS type.

2010-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Revert commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090
	Commit 06f81c63ebc19cb0e51f9b397991f6d6ae56d090 attempted to make
	QEMU driver ignore the failure to relabel 'stdin_path' if it was
	on NFS. The actual result was that it ignores *all* failures to
	label any aspect of the VM, unless stdin_path is non-NULL and
	is not on NFS.

	* src/qemu/qemu_driver.c: Treat all relabel failures as terminal

2010-11-02  Jiri Denemark  <jdenemar@redhat.com>

	Fix several warnings about a non-literal format string
	They only popped up during --disable-nls build. Without this configure
	option, gcc wasn't able to detect them.

2010-11-02  Osier Yang  <jyang@redhat.com>

	util: Add helper function to build timestamp string
	* src/util/util.h
	* src/util/util.c
	* src/libvirt_private.syms

2010-11-01  Eric Blake  <eblake@redhat.com>

	docs: fix typo
	* docs/drvqemu.html.in (qemu): Fix typo.

	build: avoid compiler warning in xen code
	* src/xen/xend_internal.c (xenDaemonFormatSxpr): Hoist verify
	outside of function to avoid a -Wnested-externs warning.
	* src/xen/xm_internal.c (xenXMDomainConfigFormat): Likewise.
	Reported by Daniel P. Berrange.

2010-11-01  Diego Elio Pettenò  <flameeyes@gmail.com>

	misc: encode the Emacs suggstions from HACKING into a .dir-locals.el file
	With this file in place, opening any source file in libvirt will set up
	Emacs for proper indentation.

	qemu: add the USB devices to the cgroup whitelist
	Make sure that the QEmu process within the cgroup can access the device
	file for the USB device that has to be connected to the virtual domain.

2010-11-01  Eric Blake  <eblake@redhat.com>

	xen: work with ia64 MAX_VIRT_CPUS of 64
	* src/xen/xen_hypervisor.c (MAX_VIRT_CPUS): Move...
	* src/xen/xen_driver.h (MAX_VIRT_CPUS): ...so all xen code can see
	same value.
	* src/xen/xend_internal.c (sexpr_to_xend_domain_info)
	(xenDaemonDomainGetVcpusFlags, xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Work if MAX_VIRT_CPUS is 64 on a platform
	where long is 64-bits.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.

2010-10-29  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: cleanup declaration of xen tests.
	Only build statstest and reconnect if they should be used, so add them
	behind the ENABLE_XEN_TESTS conditional.

2010-10-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	qemu: check compression program availability of virsh save and dump

2010-10-29  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	add compression support for "virsh dump"
	Add dump_image_format[] to qemu.conf and support compressed dump
	at virsh dump. coredump compression is important for saving disk space
	in an environment where multiple guests run.

	In general, "disk space for dump" is specially allocated and will be
	a dead space in the system. It's used only at emergency. So, it's better
	to have both of save_image_format and dump_image_format. "save" is done
	in scheduled manner with enough calculated disk space for it.

	This code reuses some of save_image_format[] and supports the same format.

	Changelog:
	 - modified libvirtd_qemu.aug
	 - modified test_libvirtd_qemu.aug
	 - fixed error handling of qemudSaveCompressionTypeFromString()

2010-10-29  Lai Jiangshan  <laijs@cn.fujitsu.com>

	qemu_driver: add virCgroupMounted
	When we mount any cgroup without "-o devices", we will fail to start vms:

	error: Failed to start domain vm1
	error: Unable to deny all devices for vm1: No such file or directory

	When we mount any cgroup without "-o cpu", we will fail to get schedinfo:
	Scheduler      : posix
	error: unable to get cpu shares tunable: No such file or directory

	We should only use the cgroup controllers which are mounted on host.
	So I add virCgroupMounted() for qemuCgroupControllerActive()

2010-10-29  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.5
	* configure.ac libvirt.spec.in: new version
	* docs/news.html.in: update news page and improve format
	* po/*.po*: Update po again

	Updating localization and regenerating before release

2010-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Don't warn when the linker search path doesn't contain VBoxXPCOMC.so
	This is actually a workaround, to unbreak make check on systems
	without VirtualBox.

2010-10-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Stop hardcoding a single path for VBoxXPCOMC.so
	This partly reverts df90ca7661b0a789bd790ccf8258a4527c13eb8d.

	Don't disable the VirtualBox driver when configure can't find
	VBoxXPCOMC.so, rely on detection at runtime again instead.

	Keep --with-vbox=/path/to/virtualbox intact, added to for:
	https://bugzilla.redhat.com/show_bug.cgi?id=609185

	Detection order for VBoxXPCOMC.so:

	1. VBOX_APP_HOME environment variable
	2. configure provided location
	3. hardcoded list of known locations
	4. dynamic linker search path

	Also cleanup the glue code and improve error reporting.

2010-10-29  Justin Clift  <jclift@redhat.com>

	virsh: improve the help description for managedsave and start
	Updated the descriptions for managedsave and start in virsh and
	the virsh man page, and also for managedsave-remove in the virsh
	man page.

2010-10-28  KAMEZAWA Hiroyuki  <kamezawa.hiroyu@jp.fujitsu.com>

	audit: printf warning fix
	fix warning
	  CC     libvirt_util_la-virtaudit.lo
	cc1: warnings being treated as errors
	util/virtaudit.c: In function 'virAuditEncode':
	util/virtaudit.c:146: error: implicit declaration of function 'virAsprintf' [-Wimplicit-function-declaration]
	util/virtaudit.c:146: error: nested extern declaration of 'virAsprintf' [-Wnested-externs]

2010-10-28  Stefan Berger  <stefanb@us.ibm.com>

	eliminate possibility of a double-closed file descriptor
	The 2nd and 3rd hunk show the only double-closed file descriptor code part that I found while trying to clean up close(). The first hunk seems a harmless cleanup in that same file.

2010-10-28  Eric Blake  <eblake@redhat.com>

	qemu: check for vm after starting a job
	https://bugzilla.redhat.com/show_bug.cgi?id=638285 - when migrating
	a guest, it was very easy to provoke a race where an application
	could query block information on a VM that had just been migrated
	away.  Any time qemu code obtains a job lock, it must also check
	that the VM was not taken down in the time where it was waiting
	for the lock.

	* src/qemu/qemu_driver.c (qemudDomainSetMemory)
	(qemudDomainGetInfo, qemuDomainGetBlockInfo): Check that vm still
	exists after obtaining job lock, before starting monitor action.

2010-10-28  Laine Stump  <laine@laine.org>

	Only attempt removal of the rule allowing tftp if it was added
	During virtual network startup, the iptables rule that allows tftp
	traffic is only added if network->def->tftproot is non-empty, but when
	the virtual network is destroyed, we had been unconditionally trying
	to delete the rule. This was harmless, except that it created a bogus
	error message.

	This patch conditionalizes the delete command in the same manner that
	the insert command is already conditionalized.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: updated the C# bindings page with arnauds latest changes

	docs: update ruby bindings maintainer to chris lalancette

2010-10-28  Eric Blake  <eblake@redhat.com>

	build: use shorter file names for 'make dist'
	* docs/api_extension/{0013,0014}*.patch: Rename to shorter files.
	* docs/api_extension.html.in: Reflect rename.

2010-10-28  Justin Clift  <jclift@redhat.com>

	docs: reworded and reordered the bindings page, plus minor tweaks
	Reordered the bindings into alphabetical order, added a link to
	the php-libvirt source on Github, plus gave the direct package
	names needed for Python usage on RHEL/Fedora, and Ubuntu.

2010-10-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Add body for virFork and remove double virDriverLoadModule export
	Commit 9bd3cce0d2d54e6ab893bb8137218b83d9294714 added virFork and
	virDriverLoadModule to libvirt_private.syms, but virFork didn't have
	a body on Win32 and virDriverLoadModule was already correctly
	exported conditional via libvirt_driver_modules.syms.

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add disk/net resource auditing to QEMU driver
	Add auditing of all initial disk/net assignments to QEMU guests
	at startup. Add auditing for all hotplug & unplug events and
	disk media changes.

	* src/qemu/qemu_driver.c: Add disk/net resource auditing

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add auditing of security label in QEMU driver
	Add auditing of the allocated security label in the QEMU driver
	VM startup code

	* src/qemu/qemu_driver.c: Audit security label

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add auditing of start/stop events to the QEMU driver
	Add audit hooks to report all start and stop events on QEMU
	guest domains.

	* src/qemu/qemu_driver.c: Audit start/stop events

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add printf format attribute annotation to virAuditSend method
	* src/util/virtaudit.h: Add printf format attribute annotation

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Add audit helper for escaping log message strings
	Add a helper API for ecscaping the value in audit log
	messages

	* src/util/virtaudit.h, src/util/virtaudit.c,
	  src/libvirt_private.syms: Add virAuditEncode

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove audit hooks from the selinux security driver code
	This reverts commit b8e2de8899594edcd78b3a7cb1b39b89bbed2891
	The hooks will be re-added in the QEMU driver itself.

	* src/security/security_selinux.c: Remove audit hooks

2010-10-27  Daniel P. Berrange  <berrange@redhat.com>

	Remove all auditing hooks from libvirtd dispatch code
	Revert most of commit a8b5f9bd27d65c2ced064b9267ca31dee7ad9c86.
	The audit hooks will be re-added directly in the QEMU driver code
	in a future commit

	* daemon/remote.c: Remove all audit logging hooks
	* src/qemu/qemu_driver.c: Remove all audit logging hooks

2010-10-27  Philipp Hahn  <hahn@univention.de>

	Fix xen API documentation
	*src/xen/xend_internal.c: fix a couple of comments in function descriptions

2010-10-27  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the first 11 docs files
	There are a 58 docs files, so adding an autogenerated Table Of
	Contents to them all will take some time.  This is the first
	piece of the work done.

	docs: reformated the bindings page html markup to match other pages

2010-10-26  Eric Blake  <eblake@redhat.com>

	virsh: use - not _ in memtune option names
	* tools/virsh.c (opts_memtune): All other options in virsh use -
	for separating words.

2010-10-26  Eric Blake  <eblake@redhat.com>

	build: fix shell detection bug
	A missing shell was noisy, and the use of command to decipher a
	shell's absolute path requires "" rather than ''.

	* configure.ac (lv_cv_wrapper_shell): Fix logic errors if candidate
	shell is not available.
	* .gitignore: Ignore file created when /bin/sh is old dash.
	Reported by Matthias Bolte.

2010-10-26  Eric Blake  <eblake@redhat.com>

	maint: fix syntax-check failure of previous patch
	* cfg.mk (sc_prohibit_trailing_blank_lines): Delete; this is
	adequately covered by maint.mk's sc_prohibit_empty_lines_at_EOF.
	* .x-sc_prohibit_empty_lines_at_EOF: New file, to exempt raw
	patches.
	* Makefile.am (EXTRA_DIST): Include new exemption.

	docs: revamp api_extension example, using vcpu patch series
	* docs/api_extension/*: Replace example files.
	* docs/api_extension.html.in: Rewrite to match new example files.

2010-10-26  Diego Elio Pettenò  <flameeyes@gmail.com>

	qemu: don't use %.3d format for bus/addr of USB devices
	When using 0-prefixed numbers, QEmu will interpret them as octal numbers
	(as C convention says); this means that if you attach a device that has
	addr > 10 (decimal) you're going to attach a different device.

2010-10-26  Eric Blake  <eblake@redhat.com>

	virsh: fix range of memtune command
	* tools/virsh.c (cmdMemtune): Use long long for memory
	sizes. Simplify allocation, and plug memory leak.

	virsh: improve help text where integers are expected
	* tools/virsh.c (opts_freecell, opts_memtune, opts_vcpupin)
	(opts_setvcpus, opts_setmaxmem, opts_setmem)
	(opts_migrate_setmaxdowntime): Use VSH_OT_INT when only an integer
	is expected.
	(vshCmddefHelp, vshCmddefGetData): Allow mandatory VSH_OT_INT
	arguments.

2010-10-26  Eric Blake  <eblake@redhat.com>

	qemu: work around dash 0.5.5 bug in managed save
	Older dash mistakenly truncates regular files when using <> redirection;
	this kills our use of double dd to reduce storage overhead when
	saving qemu images.  But qemu insists on running a command through
	/bin/sh, so we work around it by having qemu run $sh -c 'real command'
	when we have a replacement $sh in mind.

	* configure.ac (VIR_WRAPPER_SHELL): Define to a replacement shell,
	if /bin/sh is broken on <> redirection.
	* src/qemu/qemu_monitor.h (VIR_WRAPPER_SHELL_PREFIX)
	(VIR_WRAPPER_SHELL_SUFFIX): New macros.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	them.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: make the location of the xml catalog file a configure option
	The default location for the XML catalog file, /etc/xml/catalog,
	used when validating the generated html docs, isn't correct for
	MacOS X.

	This commit adds an option to the configure script, allowing the
	default to be overridden:

	  --with-xml-catalog-file=/path/to/xml/catalog/file

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Avoid squashing errors during network startup cleanup path
	When failing to start a virtual network, we have to cleanup,
	tearing down any iptables rules. If the iptables rules were
	not present yet though, this raises an error, which squashes
	the original error we were handling.

	* src/network/bridge_driver.c: When failing to start a virtual
	  network, don't squash the original error in cleanup

2010-10-26  Justin Clift  <jclift@redhat.com>

	docs: install the generated html files when make install is run
	Previously, only the API docs were installed, rather than the
	complete documentation set.  This commit ensures the complete
	documentation set is installed.

2010-10-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix build for SystemTap 1.0
	With SystemTap 1.0 a part of the generated macros in probes.h
	expands to:

	volatile __typeof__(((name))) arg2 = (name);

	GCC reports an 'invalid initialize' error when name has type
	char[]. Therfore, add casts to char* to avoid this.

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix domain dump
	Remove redundant 'live' parameter which caused an error from xend:

	    "xend.err 'Too many values for live'"

2010-10-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix formatting of network address in iptables helpers
	The network address was being set to 192.168.122.0 instead
	of 192.168.122.0/24. Fix this by removing the unneccessary
	'network' field from virNetworkDef and just pass the
	network address and netmask into the iptables APIs directly.

	* src/conf/network_conf.h, src/conf/network_conf.c: Remove
	  the 'network' field from virNEtworkDef.
	* src/network/bridge_driver.c: Update for iptables API changes
	* src/util/iptables.c, src/util/iptables.h: Require the
	  network address + netmask pair to be passed in

2010-10-26  Osier Yang  <jyang@redhat.com>

	virsh: Add option 'model' for attach-interface
	* tools/virsh.c: add missing option from the CLI to allows setting
	  up the NIC model type when attaching an interface
	* tools/virsh.pod: extend documentation
	* AUTHORS: add Osier Yang to the list

2010-10-26  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix detection of drive readonly option
	So far, readonly=on option is used when qemu supports -device. However,
	there are qemu versions which support readonly option with -drive
	although they don't have support for -device.

2010-10-26  Philipp Hahn  <hahn@univention.de>

	Fix documentation for virEventAddTimeout()
	* src/util/event.h: Fix copy&paste error from virEventAddHandle()

2010-10-25  Eric Blake  <eblake@redhat.com>

	maint: ignore new test executable
	* tests/.gitignore: Sort, and add sockettest.

2010-10-23  Justin Clift  <jclift@redhat.com>

	daemon: updates previous 1 line patch for correctness
	The previous commit, 880da47a05b9fb8381e79b03ead5dd2d8a6a937a,
	worked on my system, but wasn't actually correct.  This follow
	up patch corrects it properly.

2010-10-22  Justin Clift  <jclift@redhat.com>

	daemon: exclude requirement for probes.h on systems without systemtap
	This 1-liner was actually written by Eric Blake, over IRC. It
	addresses a compilation failure in make dist and make rpm for
	systems without the dtrace/systemtap development libraries
	installed.

2010-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add documentation about certificates and connection problems

2010-10-22  Jiri Denemark  <jdenemar@redhat.com>

	tests: Silence qemuxml2argv test

2010-10-22  Eric Blake  <eblake@redhat.com>

	dnsmasq: avoid potential crash
	* src/util/dnsmasq.c (hostsfileAdd): Don't free uninitialized
	memory on allocation failure.

2010-10-22  Justin Clift  <jclift@redhat.com>

	docs: added a table of contents to the new c sharp bindings page

	docs: removed old changelog file, as it is no longer relevant
	We instead point to the live git log URL for the few links still
	needing to point to something.

2010-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix compile errors due to the virSocketAddr series

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Don't try to parse a NULL ip address for boot server
	The boot server IP address is optional, so it needs to be
	checked before attempting to parse it.

	* src/conf/network_conf.c: Don't parse NULL ip address for
	  boot server

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Convert virNetwork to use virSocketAddr everywhere
	Instead of storing the IP address string in virNetwork related
	structs, store the parsed virSocketAddr. This will make it
	easier to add IPv6 support in the future, by letting driver
	code directly check what address family is present

	* src/conf/network_conf.c, src/conf/network_conf.h,
	  src/network/bridge_driver.c: Convert to use virSocketAddr
	  in virNetwork, instead of char *.
	* src/util/bridge.c, src/util/bridge.h,
	  src/util/dnsmasq.c, src/util/dnsmasq.h,
	  src/util/iptables.c, src/util/iptables.h: Convert to
	  take a virSocketAddr instead of char * for any IP
	  address parameters
	* src/util/network.h: Add macros to determine if an address
	  is set, and what address family is set.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Include socket address in client probe data
	It is useful to know where the client is connecting from,
	so include the socket address in probe data.

	* daemon/libvirtd.h: Use virSocketAddr for storing client
	  address and keep printable address handy for logging
	* daemon/libvirtd.c: Include socket address in client
	  connect/disconnect probes
	* daemon/probes.d: Add socket address to probes
	* examples/systemtap/client.stp: Print socket address
	* src/util/network.h: Add sockaddr_un to virSocketAddr union

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Add dtrace static probes in libvirtd
	Adds initial support for dtrace static probes in libvirtd
	daemon, assuming use of systemtap dtrace compat shim on
	Linux. The probes are inserted for network client connect,
	disconnect, TLS handshake states and authentication protocol
	states.

	This can be tested by running the xample program and then
	attempting to connect with any libvirt client (virsh,
	virt-manager, etc).

	 # stap examples/systemtap/client.stp
	  Client fd=44 connected readonly=0
	  Client fd=44 auth polkit deny pid:24997,uid:500
	  Client fd=44 disconnected
	  Client fd=46 connected readonly=1
	  Client fd=46 auth sasl allow test
	  Client fd=46 disconnected

	The libvirtd.stp file should also really not be required,
	since it is duplicated info that is already available in
	the main probes.d definition file. A script to autogenerate
	the .stp file is needed, either in libvirtd tree, or better
	as part of systemtap itself.

	* Makefile.am: Add examples/systemtap subdir
	* autobuild.sh: Disable dtrace for mingw32
	* configure.ac: Add check for dtrace
	* daemon/.gitignore: Ignore generated dtrace probe file
	* daemon/Makefile.am: Build dtrace probe header & object
	  files
	* daemon/libvirtd.stp: SystemTAP convenience probeset
	* daemon/libvirtd.c: Add connect/disconnect & TLS probes
	* daemon/remote.c: Add SASL and PolicyKit auth probes
	* daemon/probes.d: Master probe definition
	* daemon/libvirtd.h: Add convenience macro for probes
	  so that compilation is a no-op when dtrace is not available
	* examples/systemtap/Makefile.am, examples/systemtap/client.stp
	  Example systemtap script using dtrace probe markers
	* libvirt.spec.in: Enable dtrace on F13/RHEL6
	* mingw32-libvirt.spec.in: Force disable dtrace

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Add test suite for virSocket APIs
	Add a test suite for check parsing, formatting, range calculation
	and netmask checking APIs in virSocketAddr.

	* tests/sockettest.c, tests/Makefile.am: Add new test case

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Ban use of all inet_* functions
	All the inet_* functions can be replaced with calls to the
	virSocket APIs. Since many of the inet_* funtions are unsafe,
	and the remainder are obsolete, forbid all future use of them
	in libvirt.

	* Makefile.nonreentrant: Ban use of inet_*

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove all use of inet_pton and inet_ntop
	The  inet_pton and inet_ntop functions are obsolete, replaced
	by getaddrinfo+getnameinfo with the AI_NUMERICHOST flag set.
	These can be accessed via the virSocket APIs.

	The bridge.c code had methods for fetching the IP address of
	a bridge which used inet_ntop. Aside from the use of inet_ntop
	these methods are broken, because a NIC can have multiple
	addresses and this only returns one address. Since the methods
	are never used, just remove them.

	* src/conf/network_conf.c, src/nwfilter/nwfilter_learnipaddr.c:
	  Replace inet_pton and inet_ntop with virSocket APIs
	* src/util/bridge.c, src/util/bridge.h: Remove unused methods
	  which called inet_ntop.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove both addrToString methods
	The addrToString functionality is now available via the
	virSocketFormatAddrFull method.

	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  addrToString methods

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting for virSocketParse
	The virSocketParse method was not doing any error reporting
	which meant the true cause of the problem was lost. Remove
	all error reporting from callers, and push it into virSocketParse

	* src/util/network.c: Add error reporting to virSocketParse
	* src/conf/domain_conf.c, src/conf/network_conf.c,
	  src/network/bridge_driver.c: Remove error reporting in
	  callers of virSocketParse

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Expand virSocketFormat to be more flexible
	The getnameinfo() function is more flexible than inet_ntop()
	avoiding the need to if/else the code based on socket family.
	Also make it support UNIX socket addrs and allow inclusion
	of a port (service) address. Finally do proper error reporting
	via normal APIs.

	* src/conf/domain_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c,
	  src/qemu/qemu_conf.c: Fix error handling with virSocketFormat
	* src/util/network.c: Rewrite virSocketFormat to use getnameinfo
	  and cope with UNIX socket addrs.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove pointless nwIPAddress struct & void *casts
	The nwIPAddress was simply a wrapper about virSocketAddr.
	Just use the latter directly, removing all the extra field
	de-references from code & helper APIs for parsing/formatting.

	Also remove all the redundant casts from strong types to
	void * and then immediately back to strong types.

	* src/conf/nwfilter_conf.h: Remove nwIPAddress
	* src/conf/nwfilter_conf.c, src/nwfilter/nwfilter_ebiptables_driver.c:
	  Update to use virSocketAddr and remove void * casts.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix netmask checks for IPv6 in virSocketCheckNetmask
	There was a typo in the IPv6 path of virSocketCheckNetmask which
	caused it to never execute.

	* src/util/network.c: s/AF_INET/AF_INET6/ in virSocketCheckNetmask

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix passing of address family to virSocketParseAddr
	The virSocketParseAddr function was accepting any AF_* constant
	and using that to set the ai_flags field in struct addrinfo.
	This is invalid, since address families must go in the ai_family
	field of the struct.

	* src/util/network.c: Fix handling of address family
	* src/conf/network_conf.c, src/network/bridge_driver.c: Pass
	  AF_UNSPEC instead of relying on it being 0.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Include length with virSocketAddr data
	Some operations on socket addresses need to know the length of
	the sockaddr struct for the particular address family. This
	info was being discarded when passing around virSocketAddr
	instances. Turn it from a union into a struct containing
	union+socklen_t fields, so length is always kept around.

	* src/util/network.h: Add socklen_t field to virSocketAddr
	* src/util/network.c, src/network/bridge_driver.c,
	  src/conf/domain_conf.c: Update to take account of new
	  struct definition.

2010-10-22  Daniel P. Berrange  <berrange@redhat.com>

	Remove useless code in error path of getnameinfo()
	If getnameinfo() with NI_NUMERICHOST set fails, there are no
	grounds to expect inet_ntop to succeed, since these calls
	are functionally equivalent. Remove useless inet_ntop code
	in the getnameinfo() error path.

	* daemon/remote.c, src/remote/remote_driver.c: Remove
	  calls to inet_ntop

2010-10-21  Eric Blake  <eblake@redhat.com>

	maint: sort private sym lists
	* src/libvirt_private.syms: Sort by header name, then within
	header, and drop duplicate virNetworkDefParseNode,
	virFileLinkPointsTo and virXPathBoolean.

2010-10-21  Daniel P. Berrange  <berrange@redhat.com>

	Enable JSON and netdev features in QEMU >= 0.13
	The QEMU 0.13 release is finally out and from testing in RHEL-6
	we know that its JSON and netdev features are now good enough
	for us to use by default.

	* src/qemu/qemu_conf.c: Enable JSON + netdev for QEMU >= 0.13

2010-10-20  Eric Blake  <eblake@redhat.com>

	audit: simplify declaration
	* src/util/virtaudit.c (virAuditSend): one less ifdef, since gcc
	does not care if an ATTRIBUTE_UNUSED var gets used in some paths.

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Exit on first error in qemuDomainGetMemoryParameters
	There is no point in trying to fill params beyond the first error,
	because when qemuDomainGetMemoryParameters returns -1 then the caller
	cannot detect which values in params are valid.

	virsh: Don't read nparams when virDomainGetMemoryParameters fails
	Also exit early when nparams is 0.

	Rename VIR_DOMAIN_SWAP_HARD_LIMIT to VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT
	To get them under the common VIR_DOMAIN_MEMORY_* prefix.

	Fix formatting of the memtune XML element
	Also output the min_guarantee element when set.

2010-10-20  Jiri Denemark  <jdenemar@redhat.com>

	Fix make check on RHEL-5
	The test for <vcpu> element is unrelated to vnc so the easiest fix is to
	remove related configuration.

2010-10-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't let daemon-conf test fail when auditing is disabled

2010-10-20  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Update comments for the memory tunables macros
	* include/libvirt/libvirt.h.in: Update comment with actual description

2010-10-20  Daniel Veillard  <veillard@redhat.com>

	Add John Morrissey to AUTHORS

2010-10-20  John Morrissey  <jwm@horde.net>

	Add process= support for 'qemu-kvm -name'
	This sets the process name to the same value as the Windows title,
	but since the name is limited to 16 chars only this is kept as a
	configuration option and turned off by default
	* src/qemu/qemu.conf src/qemu/qemu_conf.[ch]: hceck for support in the
	  QEmu help output, add the option in qemu conf file and augment
	  qemudBuildCommandLine to add it if switched on
	* src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug: augment
	  the augeas lenses accordingly
	* tests/qemuhelptest.c: cope with the extra flag being detected now

2010-10-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: avoid dir. enforcement for certain types of rules
	 Avoid the enforcement of direction if
	- icmp rules specify the type/code information
	- the 'skipMatch' variable is set to 'true'

2010-10-19  Justin Clift  <jclift@redhat.com>

	docs: added initial page for c# binding, with links to it
	Adds a new page for the C# language bindings being developed by Arnaud
	Champion.

2010-10-19  Guido Günther  <agx@sigxcpu.org>

	Don't fail lxc domain start when memory controller support is missing
	Debian stock kernel has CONFIG_CGROUP_MEM_RES_CTLR disabled due to the
	overhead [1]. Allow to start containers if the corresponding files in
	the cgroup filesystem are missing. This fixes Debian bug #566180 [2].

	[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534964
	[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566180

2010-10-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compile errors in remote.c and newly added audit code

2010-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix symbol exports & remove duplicated libvirt_util.la linkage
	The libvirt_util.la library was mistakenly linked into libvirtd
	directly. Since libvirt_util.la is already linked to libvirt.so,
	this resulted in libvirtd getting two copies of the code and
	more critically 2 copies of static global variables.

	Testing in turn exposed a issue with loadable modules. The
	gnulib replacement functions are not exported to loadable
	modules. Rather than trying to figure out the name sof all
	gnulib functions & export them, just linkage all loadable
	modules against libgnu.la statically.

	* daemon/Makefile.am: Remove linkage of libvirt_util.la
	  and libvirt_driver.la
	* src/Makefile.am: Link driver modules against libgnu.la
	* src/libvirt.c: Don't try to load modules which were
	  compiled out
	* src/libvirt_private.syms: Export all other internal
	  symbols that are required  by drivers

2010-10-19  Miloslav Trmač  <mitr@redhat.com>

	Audit SELinux label assignment.
	A more natural auditing point would perhaps be
	SELinuxSetSecurityProcessLabel, but this happens in the child after root
	permissions are dropped, so the kernel would refuse the audit record.

2010-10-19  Miloslav Trmač  <mitr@redhat.com>

	Audit VM start/stop/suspend/resume
	Most operations are audited at the libvirtd level; auditing in
	src/libvirt.c would result in two audit entries per operation (one in
	the client, one in libvirtd).

	The only exception is a domain stopping of its own will (e.g. because
	the user clicks on "shutdown" inside the interface).  There can often be
	no client connected at the time the domain stops, so libvirtd does not
	have any virConnectPtr object on which to attach an event watch.  This
	patch therefore adds auditing directly inside the qemu driver (other
	drivers are not supported).

2010-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Basic framework for auditing integration
	Integrate with libaudit.so for auditing of important operations.
	libvirtd gains a couple of config entries for auditing. By
	default it will enable auditing, if its enabled on the host.
	It can be configured to force exit if auditing is disabled
	on the host. It will can also send audit messages via libvirt
	internal logging API

	Places requiring audit reporting can use the VIR_AUDIT
	macro to report data. This is a no-op unless auditing is
	enabled

	* autobuild.sh, mingw32-libvirt.spec.in: Disable audit
	  on mingw
	* configure.ac: Add check for libaudit
	* daemon/libvirtd.aug, daemon/libvirtd.conf,
	  daemon/test_libvirtd.aug, daemon/libvirtd.c: Add config
	  options to enable auditing
	* include/libvirt/virterror.h, src/util/virterror.c: Add
	  VIR_FROM_AUDIT source
	* libvirt.spec.in: Enable audit
	* src/util/virtaudit.h, src/util/virtaudit.c: Simple internal
	  API for auditing messages

2010-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix statstest when driver modules are enabled
	The statstest is xen specific. Instead of filling the code with
	a huge number of #ifdef WITH_XEN, just make its entire compilation
	conditional in the Makefile.am. Also ensure it links to the Xen
	driver so that it builds when driver modules are enabled

	* tests/Makefile.am: Make statstest xen conditional. Link to
	  xen driver
	* tests/Makefile.am: Remove all conditionals

2010-10-19  Eric Blake  <eblake@redhat.com>

	virsh: consolidate memtune docs
	* tools/virsh.pod (memtune): Drop second copy, fill to 80 columns,
	enhance wording.

	vcpu: remove dead xen code
	* src/xen/xen_driver.h (xenUnifiedDriver): Remove now-unused
	domainGetMaxVcpus, domainSetVcpus.
	* src/xen/proxy_internal.c (xenProxyDriver): Likewise.
	* src/xen/xen_hypervisor.c (xenHypervisorDriver): Likewise.
	* src/xen/xen_inotify.c (xenInotifyDriver): Likewise.
	* src/xen/xend_internal.c (xenDaemonDriver)
	(xenDaemonDomainSetVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDriver, xenXMDomainSetVcpus):
	Likewise.
	* src/xen/xs_internal.c (xenStoreDriver): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: improve support for setting xen vcpu counts
	Tested with RHEL 5.6 (xendConfigVersion 2, where xend_internal
	controls live domains and xm_internal controls inactive domains).
	Hopefully this works with xendConfigVersion 3 (where xend_internal
	controls everything).

	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpusFlags): Support
	more flags.
	(xenUnifiedGetMaxVcpus): Export.
	* src/xen/xm_internal.h (xenXMDomainSetVcpusFlags): New prototype.
	* src/xen/xend_internal.h (xenDaemonDomainSetVcpusFlags): Likewise.
	* src/xen/xen_driver.h (xenUnifiedGetMaxVcpus): Likewise.
	* src/xen/xm_internal.c (xenXMDomainSetVcpusFlags): New function.
	* src/xen/xend_internal.c (xenDaemonDomainSetVcpusFlags): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: improve support for getting xen vcpu counts
	* src/xen/xen_driver.c (xenUnifiedDomainGetVcpusFlags): Support
	more flags.
	* src/xen/xend_internal.h (xenDaemonDomainGetVcpusFlags): New
	prototype.
	* src/xen/xm_internal.h (xenXMDomainGetVcpusFlags): Likewise.
	* src/xen/xend_internal.c (virDomainGetVcpusFlags): New function.
	* src/xen/xm_internal.c (xenXMDomainGetVcpusFlags): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: improve vcpu support in xen command line
	This patch series focuses on xendConfigVersion 2 (xm_internal) and 3
	(xend_internal), but leaves out changes for xenapi drivers.

	See this link for more details about vcpu_avail for xm usage.
	http://lists.xensource.com/archives/html/xen-devel/2009-11/msg01061.html

	This relies on the fact that def->maxvcpus can be at most 32 with xen.

	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(sexpr_to_xend_domain_info, xenDaemonFormatSxpr): Use vcpu_avail
	when current vcpus is less than maximum.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.sexpr: New file.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.sexpr: Likewise.
	* tests/sexpr2xmldata/sexpr2xml-pv-vcpus.xml: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.cfg: Likewise.
	* tests/xmconfigdata/test-paravirt-vcpu.xml: Likewise.
	* tests/xml2sexprtest.c (mymain): New test.
	* tests/sexpr2xmltest.c (mymain): Likewise.
	* tests/xmconfigtest.c (mymain): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: complete vcpu support in qemu driver
	* src/qemu/qemu_driver.c (qemudDomainSetVcpusFlags)
	(qemudDomainGetVcpusFlags): Support all feasible flag
	combinations.

	vcpu: improve vcpu support in qemu command line
	* src/qemu/qemu_conf.c (qemuParseCommandLineSmp): Distinguish
	between vcpus and maxvcpus, for new enough qemu.
	* tests/qemuargv2xmltest.c (mymain): Add new test.
	* tests/qemuxml2argvtest.c (mymain): Likewise.
	* tests/qemuxml2xmltest.c (mymain): Likewise.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.args: New file.

	vcpu: support all flags in test driver
	* src/test/test_driver.c (testDomainGetVcpusFlags)
	(testDomainSetVcpusFlags): Support all flags.
	(testDomainUpdateVCPUs): Update cpu count here.

	vcpu: add virsh support
	* tools/virsh.c (cmdSetvcpus): Add new flags.  Let invalid
	commands through to driver, to ease testing of hypervisor argument
	validation.
	(cmdMaxvcpus, cmdVcpucount): New commands.
	(commands): Add new commands.
	* tools/virsh.pod (setvcpus, vcpucount, maxvcpus): Document new
	behavior.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: support maxvcpu in domain_conf
	Although this patch adds a distinction between maximum vcpus and
	current vcpus in the XML, the values should be identical for all
	drivers at this point.  Only in subsequent per-driver patches will
	a distinction be made.

	In general, virDomainGetInfo should prefer the current vcpus.

	* src/conf/domain_conf.h (_virDomainDef): Adjust vcpus to unsigned
	short, to match virDomainGetInfo limit.  Add maxvcpus member.
	* src/conf/domain_conf.c (virDomainDefParseXML)
	(virDomainDefFormat): parse and print out vcpu details.
	* src/xen/xend_internal.c (xenDaemonParseSxpr)
	(xenDaemonFormatSxpr): Manage both vcpu numbers, and require them
	to be equal for now.
	* src/xen/xm_internal.c (xenXMDomainConfigParse)
	(xenXMDomainConfigFormat): Likewise.
	* src/phyp/phyp_driver.c (phypDomainDumpXML): Likewise.
	* src/openvz/openvz_conf.c (openvzLoadDomains): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainDefineXML)
	(openvzDomainCreateXML, openvzDomainSetVcpusInternal): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxDomainDefineXML):
	Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainDumpXML): Likewise.
	* src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
	* src/esx/esx_vmx.c (esxVMX_ParseConfig, esxVMX_FormatConfig):
	Likewise.
	* src/qemu/qemu_conf.c (qemuBuildSmpArgStr)
	(qemuParseCommandLineSmp, qemuParseCommandLine): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainHotplugVcpus): Likewise.
	* src/opennebula/one_conf.c (xmlOneTemplate): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: make old API trivially wrap to new API
	Note - this wrapping is completely mechanical; the old API will
	function identically, since the new API validates that the exact
	same flags are provided by the old API.  On a per-driver basis,
	it may make sense to have the old API pass a different set of flags,
	but that should be done in the per-driver patch that implements
	the full range of flag support in the new API.

	* src/esx/esx_driver.c (esxDomainSetVcpus, escDomainGetMaxVpcus):
	Move guts...
	(esxDomainSetVcpusFlags, esxDomainGetVcpusFlags): ...to new
	functions.
	(esxDriver): Trivially support the new API.
	* src/openvz/openvz_driver.c (openvzDomainSetVcpus)
	(openvzDomainSetVcpusFlags, openvzDomainGetMaxVcpus)
	(openvzDomainGetVcpusFlags, openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDomainSetCPU)
	(phypDomainSetVcpusFlags, phypGetLparCPUMAX)
	(phypDomainGetVcpusFlags, phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus)
	(qemudDomainSetVcpusFlags, qemudDomainGetMaxVcpus)
	(qemudDomainGetVcpusFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testSetVcpus, testDomainSetVcpusFlags)
	(testDomainGetMaxVcpus, testDomainGetVcpusFlags, testDriver):
	Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainSetVcpus)
	(vboxDomainSetVcpusFlags, virDomainGetMaxVcpus)
	(virDomainGetVcpusFlags, virDriver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainSetVcpus)
	(xenUnifiedDomainSetVcpusFlags, xenUnifiedDomainGetMaxVcpus)
	(xenUnifiedDomainGetVcpusFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainSetVcpus)
	(xenapiDomainSetVcpusFlags, xenapiDomainGetMaxVcpus)
	(xenapiDomainGetVcpusFlags, xenapiDriver): Likewise.
	(xenapiError): New helper macro.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: implement the remote protocol
	Done by editing the first three files, then running
	'make -C src rpcgen', then editing src/remote_protocol-structs
	to match.

	* daemon/remote.c (remoteDispatchDomainSetVcpusFlags)
	(remoteDispatchDomainGetVcpusFlags): New functions.
	* src/remote/remote_driver.c (remoteDomainSetVcpusFlags)
	(remoteDomainGetVcpusFlags, remote_driver): Client side
	serialization.
	* src/remote/remote_protocol.x
	(remote_domain_set_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_args)
	(remote_domain_get_vcpus_flags_ret)
	(REMOTE_PROC_DOMAIN_SET_VCPUS_FLAGS)
	(REMOTE_PROC_DOMAIN_GET_VCPUS_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: implement the public APIs
	Factors common checks (such as nonzero vcpu count) up front, but
	drivers will still need to do additional flag checks.

	* src/libvirt.c (virDomainSetVcpusFlags, virDomainGetVcpusFlags):
	New functions.
	(virDomainSetVcpus, virDomainGetMaxVcpus): Refer to new API.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: define internal driver API
	* src/driver.h (virDrvDomainSetVcpusFlags)
	(virDrvDomainGetVcpusFlags): New typedefs.
	(_virDriver): New callback members.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: add new public API
	API agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00456.html,
	but modified for enum names to be consistent with virDomainDeviceModifyFlags.

	* include/libvirt/libvirt.h.in (virDomainVcpuFlags)
	(virDomainSetVcpusFlags, virDomainGetVcpusFlags): New
	declarations.
	* src/libvirt_public.syms: Export new symbols.

2010-10-19  Eric Blake  <eblake@redhat.com>

	vcpu: add current attribute to <vcpu> element
	Syntax agreed on in
	https://www.redhat.com/archives/libvir-list/2010-September/msg00476.html

	<domain ...>
	  <vcpu current='x'>y</vcpu>
	...

	can now be used to specify 1 <= x <= y current vcpus, in relation
	to the boot-time max of y vcpus.  If current is omitted, then
	current and max are assumed to be the same value.

	* docs/schemas/domain.rng: Add new attribute.
	* docs/formatdomain.html.in: Document it.
	* tests/qemuxml2argvdata/qemuxml2argv-smp.xml: Add to
	domainschematest.
	* tests/xml2sexprdata/xml2sexpr-pv-vcpus.xml: Likewise.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: changes to rules in VM->host table
	In the table built for traffic coming from the VM going to the host make the following changes:

	- don't ACCEPT the packets but do a 'RETURN' and let the host-specific firewall rules in subsequent rules evaluate whether the traffic is allowed to enter

	- use the '-m state' in the rules as everywhere else

2010-10-19  Eric Blake  <eblake@redhat.com>

	build: avoid false positive syntax-check failure
	* .x-sc_po_check: Exclude docs directory.

2010-10-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	proxy: Fix undefined reference to virClose
	Add src/util/files.c to libvirt_proxy_SOURCES.

2010-10-19  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Handle non-UTF-8 encoded VMX files
	ESX(i) uses UTF-8, but a Windows based GSX server writes
	Windows-1252 encoded VMX files.

	Add a test case to ensure that libxml2 provides Windows-1252
	to UTF-8 conversion.

2010-10-19  Stefan Berger  <stefanb@us.ibm.com>

	Introduce VIR_CLOSE to be used rather than close()
	Since bugs due to double-closed file descriptors are difficult to track down in a multi-threaded system, I am introducing the VIR_CLOSE(fd) macro to help avoid mistakes here.

	There are lots of places where close() is being used. In this patch I am only cleaning up usage of close() in src/conf where the problems were.

	I also dare to declare close() as being deprecated in libvirt code base (HACKING).

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	root_squash: virFileOperation may fail with EPERM too
	Over root-squashing nfs, when virFileOperation() is called as uid==0,
	it may fail with EACCES, but also with EPERM, due to
	virFileOperationNoFork()'s failed attemp to chown a writable file.

	qemudDomainSaveFlag() should expect this case, too.

2010-10-19  Dan Kenigsberg  <danken@redhat.com>

	Run initgroups() in qemudOpenAsUID()
	qemudOpenAsUID is intended to open a file with the credentials of a
	specified uid. Current implementation fails if the file is accessible to
	one of uid's groups but not owned by uid.

	This patch replaces the supplementary group list that the child process
	inherited from libvirtd with the default group list of uid.

2010-10-19  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	memtune: Add min_guarantee to the virsh memtune command
	* tools/virsh.c: Add new memory tunable "min_guarantee", currently only
	  ESX can use this
	* tools/virsh.pod: Update the manpage

	Update docs for memory parameters and memtune command
	* docs/formatdomain.html.in: Add memtune element details, added min_guarantee
	* src/libvirt.c: Update virDomainGetMemoryParameters api description, make
	  it more clear that the user first needs to call the api to get the number
	  of parameters supported and then call again to get the values.
	* tools/virsh.pod: Add usage of new command memtune in virsh manpage

2010-10-18  Dan Kenigsberg  <danken@redhat.com>

	qemu: let qemu group look below /var/lib/libvirt/qemu/
	Vdsm needs to communicate with its guest agent via unix domain socket,
	which qemu creates due to the following domain xml device:

	    <channel type='unix'>
	      <target type='virtio' name='com.redhat.rhevm.vdsm'/>
	      <source mode='bind' path='/var/lib/libvirt/qemu/channels/fcp-xp-1.com.redhat.rhevm.vdsm'/>
	    </channel>

	The location of the socket below /var/lib/libvirt/qemu/channels makes
	sense, to humans and selinux policy alike. However, that socket should
	be accessible to vdsm, too.

	Due to other (storage) reasons, vdsm is to join the "qemu" group. With
	this patch, vdsm can look below /var/lib/libvirt/qemu and connect to the
	socket.

	The socket itself should be chmod'ed to allow qemu group read/write, but
	that's for another project.

	BZ#643407

2010-10-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix check in esxDomainGetInfo's perf metric handling

2010-10-16  Eric Blake  <eblake@redhat.com>

	build: use latest gnulib, for ignore-value fix
	* .gnulib: Update to latest.

2010-10-15  Eric Blake  <eblake@redhat.com>

	virsh: add tests for recent cli improvements
	* tests/virshtest.c (mymain): Add tests of command parsing and
	echo command.

	virsh: new echo command
	* tools/virsh.c (cmdEcho): New command.
	(commands): Add it.
	* tools/virsh.pod (echo): Document it.

	virsh: add support for accepting arbitrary argv
	* tools/virsh.c (vshCmdOptType): Add VSH_OT_ARGV.  Delete
	unused VSH_OT_NONE.
	(vshCmddefGetData): Special case new opt flag.
	(vshCmddefHelp): Display help for argv.
	(vshCommandOptArgv): New function.

2010-10-15  Eric Blake  <eblake@redhat.com>

	docs: document how to disable memballoon
	https://bugzilla.redhat.com/show_bug.cgi?id=623903 documents a qemu
	bug that causes libvirt to hang if virt-manager happens to be
	querying balloon info when a guest is paused.  Until the qemu bug
	is fixed, people need to know how to avoid the issue.

	* docs/formatdomain.html.in (Memory balloon device): Mention
	model='none'.

2010-10-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explictly declare VMX file content as UTF-8

2010-10-15  Laine Stump  <laine@laine.org>

	Fix warning about a non-literal format string in qemu_driver.c

2010-10-15  Eric Blake  <eblake@redhat.com>

	build: skip xenapi driver when building for RHEL
	https://bugzilla.redhat.com/show_bug.cgi?id=643118

	* libvirt.spec.in: Provide xenapi conditionals.

2010-10-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Handle name escaping properly
	VMware uses a mix of percent-, pipe- and base64-encoding in
	different combinations in different places.

	Add a testcase for this.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: prevent filters with different name but same UUID
	Patch to prevent multiple nwfilters with different name but same UUID.

2010-10-14  Eric Blake  <eblake@redhat.com>

	maint: add recent author
	* AUTHORS: List Harsh Prateek Bora, for 'make syntax-check'.

	build: fix accidental submodule reversion
	* .gnulib: Undo change in previous commit.

2010-10-14  Harsh Prateek Bora  <harsh@linux.vnet.ibm.com>

	new attribute accessmode to filesystem element
	This introduces new attribute to filesystem element
	to support customizable access mode for mount type.
	Valid accessmode are: passthrough, mapped and squash.

	Usage:
	        <filesystem type='mount' accessmode='passthrough'>
	          <source dir='/export/to/guest'/>
	          <target dir='mount_tag'/>
	        </filesystem>

	passthrough is the default model if not specified, that's
	also the current behaviour.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: cut off connections after changing filters
	The following filter transition from a filter allowing incoming TCP connections

	  <rule action='accept' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>

	to one that does not allow them

	  <rule action='drop' direction='in' priority='401'>
	    <tcp/>
	  </rule>
	  <rule action='accept' direction='out' priority='500'>
	    <tcp/>
	  </rule>

	did previously not cut off existing (ssh) connections but only prevented newly initiated ones. The attached patch allows to cut off existing connections as well, thus enforcing what the filter is showing.

	I had only tested with a configuration where the physical interface is connected to the bridge where the filters are applied. This patch now also solves a filtering problem where the physical interface is not connected to the bridge, but the bridge is given an IP address and the host routes between bridge and physical interface. Here the filters drop non-allowed traffic on the outgoing side on the host.

2010-10-14  Eric Blake  <eblake@redhat.com>

	build: provide URL in 'configure --help'
	* configure.ac (AC_INIT): Provide email and URL.

	build: fix mingw build
	* .gnulib: Update to latest, for termios fix.
	* configure.ac (AC_CHECK_HEADERS): Drop redundent check.
	* bootstrap: Synchronize from upstream.
	Reported by Daniel P. Berrange.

2010-10-14  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Prohibit migration of guests with host devices
	Explicitly raising a nice error in the case user tries to migrate a
	guest with assigned host devices is much better than waiting for a
	mysterious error with no clue for the reason.

	tests: Honor LIBVIRT_{DEBUG,LOG_*} variables

	tests: Do not override LIBVIRT_DEBUG variable

	cpu: Use vendor in baseline CPU only if all hosts use it
	When only some host CPUs given to cpuBaseline contain <vendor> element,
	baseline CPU should not contain it. Otherwise the result would not be
	compatible with the host CPUs without vendor. CPU vendors are still
	taken into account when computing baseline CPU, it's just removed from
	the result.

	cpu: Fix vendor for recent CPU models
	Recent CPU models were specified using invalid vendor element
	<vendor>NAME</vendor>, which was silently ignored due to a bug in the
	code which was parsing it.

2010-10-14  Stefan Berger  <stefanb@us.ibm.com>

	test: silence nwfilter test
	 This patch silences the nwfilter test case.

2010-10-13  Eric Blake  <eblake@redhat.com>

	tests: fix spurious test failure
	Failure introduced in commit 3a092f389.

	* tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr: Fix typo.

2010-10-13  Eric Blake  <eblake@redhat.com>

	memory: fix remote protocol compilation
	'make -C src rpcgen' is supposed to be idempotent.  But commit
	f928f43b7b mistakently manually edited a generated file rather
	than fixing the upstream file.

	* src/remote/remote_protocol.x (remote_memory_param_value): Use
	correct spelling of enum values.
	* src/remote/remote_protocol.c: Regenerate.

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Enable support for nested SVM
	This enables support for nested SVM using the regular CPU
	model/features block. If the CPU model or features include
	'svm', then the '-enable-nesting' flag will be added to the
	QEMU command line. Latest out of tree patches for nested
	'vmx', no longer require the '-enable-nesting' flag. They
	instead just look at the cpu features. Several of the models
	already include svm support, but QEMU was just masking out
	the svm bit silently. So this will enable SVM on such
	models

	* src/qemu/qemu_conf.h: flag for -enable-nesting
	* src/qemu/qemu_conf.c: Use -enable-nesting if VMX or SVM are in
	  the CPUID
	* src/cpu/cpu.h, src/cpu/cpu.c: API to check for a named feature
	* src/cpu/cpu_x86.c: x86 impl of feature check
	* src/libvirt_private.syms: Add cpuHasFeature
	* src/qemuhelptest.c: Add nesting flag where required

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Improve error reporting in test suites
	Before running each test case clear the thread local error
	indicator. After running each test case, dispatch any error
	that was reported

	* tests/testutils.c: Fix error reporting in test suites

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Update todo list file to point at bugzilla/website
	The TODO list changes frequently so cannot be well maintained
	under GIT. Update the TODO file to point people at bugzilla
	and the libvirt website

	* TODO: Point at bugzilla/website

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix Xen SEXPR generation to properly quote strings containing ()
	* src/xen/sexpr.c: Ensure () are escaped in sexpr2string
	* tests/sexpr2xmldata/sexpr2xml-boot-grub.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-boot-grub.xml,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.sexpr,
	  tests/xml2sexprdata/xml2sexpr-boot-grub.xml: Data files to
	  check escaping
	* tests/sexpr2xmltest.c, tests/xml2sexprtest.c: Add boot-grub
	  escaping test case

2010-10-13  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: resolve deadlock between VM ops and filter update
	 This is from a bug report and conversation on IRC where Soren reported that while a filter update is occurring on one or more VMs (due to a rule having been edited for example), a deadlock can occur when a VM referencing a filter is started.

	The problem is caused by the two locking sequences of

	qemu driver, qemu domain, filter             # for the VM start operation
	filter, qemu_driver, qemu_domain            # for the filter update operation

	that obviously don't lock in the same order. The problem is the 2nd lock sequence. Here the qemu_driver lock is being grabbed in qemu_driver:qemudVMFilterRebuild()

	The following solution is based on the idea of trying to re-arrange the 2nd sequence of locks as follows:

	qemu_driver, filter, qemu_driver, qemu_domain

	and making the qemu driver recursively lockable so that a second lock can occur, this would then lead to the following net-locking sequence

	qemu_driver, filter, qemu_domain

	where the 2nd qemu_driver lock has been ( logically ) eliminated.

	The 2nd part of the idea is that the sequence of locks (filter, qemu_domain) and (qemu_domain, filter) becomes interchangeable if all code paths where filter AND qemu_domain are locked have a preceding qemu_domain lock that basically blocks their concurrent execution

	So, the following code paths exist towards qemu_driver:qemudVMFilterRebuild where we now want to put a qemu_driver lock in front of the filter lock.

	-> nwfilterUndefine()   [ locks the filter ]
	    -> virNWFilterTestUnassignDef()
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()

	-> nwfilterDefine()
	    -> virNWFilterPoolAssignDef() [ locks the filter ]
	        -> virNWFilterTriggerVMFilterRebuild()
	            -> qemudVMFilterRebuild()

	-> nwfilterDriverReload()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()

	-> nwfilterDriverStartup()
	    -> virNWFilterPoolLoadAllConfigs()
	        ->virNWFilterPoolObjLoad()
	            -> virNWFilterPoolAssignDef() [ locks the filter ]
	                -> virNWFilterTriggerVMFilterRebuild()
	                    -> qemudVMFilterRebuild()

	Qemu is not the only driver using the nwfilter driver, but also the UML driver calls into it. Therefore qemuVMFilterRebuild() can be exchanged with umlVMFilterRebuild() along with the driver lock of qemu_driver that can now be a uml_driver. Further, since UML and Qemu domains can be running on the same machine, the triggering of a rebuild of the filter can touch both types of drivers and their domains.

	In the patch below I am now extending each nwfilter callback driver with functions for locking and unlocking the (VM) driver (UML, QEMU) and introduce new functions for locking all registered callback drivers and unlocking them. Then I am distributing the lock-all-cbdrivers/unlock-all-cbdrivers call into the above call paths. The last shown callpath starting with nwfilterDriverStart() is problematic since it is initialize before the Qemu and UML drives are and thus a lock in the path would result in a NULL pointer attempted to be locked -- the call to virNWFilterTriggerVMFilterRebuild() is never called, so we never lock either the qemu_driver or the uml_driver in that path. Therefore, only the first 3 paths now receive calls to lock and unlock all callback drivers. Now that the locks are distributed where it matters I can remove the qemu_driver and uml_driver lock from qemudVMFilterRebuild() and umlVMFilterRebuild() and not requiring the recursive locks.

	For now I want to put this out as an RFC patch. I have tested it by 'stretching' the critical section after the define/undefine functions each lock the filter so I can (easily) concurrently execute another VM operation (suspend,start). That code is in this patch and if you want you can de-activate it. It seems to work ok and operations are being blocked while the update is being done.
	I still also want to verify the other assumption above that locking filter and qemu_domain always has a preceding qemu_driver lock.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: update comment about parsing
	* tools/virsh.c: Update comments to match patch series.

	virsh: move code into topological order
	* tools/virsh.c (vshCommandParse): Float up, to avoid the need for
	a forward declaration.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: simplify top-level option parsing
	This makes 'virsh --conn test:///default help help' work right;
	previously, the abbreviation confused our hand-rolled option parsing.

	* tools/virsh.c (vshParseArgv): Use getopt_long feature, rather
	than (incorrectly) reparsing options ourselves.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: add -- support
	"--" means no option at the following arguments.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: support single quote
	Some users may type command like this at the virsh shell:
	virsh # somecmd 'some arg'

	because they often use single quote in linux shell.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: add escaper \ for command string parsing
	add escaper \ for command string parsing, example:

	virsh # cd /path/which/have/a/double\"quote

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: document options in man page
	* tools/virsh.pod: Document top-level options.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: rework command parsing
	Old virsh command parsing mashes all the args back into a string and
	miss the quotes, this patches fix it. It is also needed for introducing
	qemu-monitor-command which is very useful.

	This patches uses the new vshCommandParser abstraction and adds
	vshCommandArgvParse() for arguments vector, so we don't need
	to mash arguments vector into a command sting.

	And the usage was changed:
	old:
	virsh [options] [commands]

	new:
	virsh [options]... [<command_string>]
	virsh [options]... <command> [args...]

	So we still support commands like:
	"define D.xml; dumpxml D" was parsed as a commands-string.

	and support commands like:
	we will not mash them into a string, we use new argv parser for it.

	But we don't support the command like:
	"define D.xml; dumpxml" was parsed as a command-name, but we have no such command-name.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: add vshCommandParser abstraction
	add vshCommandParser and make vshCommandParse() accept different
	parsers.

	the current code for parse command string is integrated as
	vshCommandStringParse().

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: better handling the boolean option
	in old code the following commands are equivalent:
	     virsh # dumpxml --update-cpu=vm1
	     virsh # dumpxml --update-cpu vm1
	because the old code split the option argument into 2 parts:
	--update-cpu=vm1 is split into update-cpu and vm1,
	and update-cpu is a boolean option, so the parser takes vm1 as another
	argument, very strange.

	after this patch applied, the first one will become illegal.

	To achieve this, we don't parse/check options when parsing command sting,
	but check options when parsing a command argument. And the argument is
	not split when parsing command sting.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: allow zero length arguments
	the following command is allowed at shell, we also make it allowed at virsh shell.

2010-10-13  Eric Blake  <eblake@redhat.com>

	virsh: poison raw allocation routines
	* tools/virsh.c (malloc, calloc, realloc, strdup): Enforce that
	within this file, we use the safe vsh wrappers instead.
	(cmdNodeListDevices, cmdSnapshotCreate, main): Fix violations of
	this policy.

2010-10-13  Lai Jiangshan  <laijs@cn.fujitsu.com>

	virsh: better support double quote
	In origin code, double quote is only allowed at the begin or end
	"complicated argument"
	--some_opt="complicated string"  (we split this argument into 2 parts,
	option and data, the data is "complicated string").

	This patch makes it allow double quote at any position of
	an argument:
	complicated" argument"
	complicated" "argument
	--"some opt=complicated string"

	This patch is also needed for the following patches,
	the following patches will not split option argument into 2 parts,
	so we have to allow double quote at any position of an argument.

2010-10-13  Guido Günther  <agx@sigxcpu.org>

	Don't fail on missing D-Bus
	We don't fail when we can't contact HAL so we shouldn't fail if we can't
	contact D-Bus either.

2010-10-13  Daniel Veillard  <veillard@redhat.com>

	Fixes for documentation extraction
	* include/libvirt/libvirt.h.in: some of the function type description
	  were broken so they could not be automatically documented
	* src/util/event.c docs/apibuild.py: event.c exports one public API
	  so it needs to be scanned too, avoid a few warnings

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Implement support for virtio plan9fs filesystem passthrough in QEMU
	Make use of the existing <filesystem> element to support plan9fs
	filesystem passthrough in the QEMU driver

	    <filesystem type='mount'>
	      <source dir='/export/to/guest'/>
	      <target dir='/import/from/host'/>
	    </filesystem>

	NB, the target is not actually a directory, it is merely a arbitrary
	string tag that is exported to the guest as a hint for where to mount
	it.

2010-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Add todo.pl and config example to EXTRA_DIST
	* docs/Makefile.am: Add todo.pl and todo.cfg-example to EXTRA_DIST

2010-10-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix several minor problems introduced by the memtune series
	Add proper documentation to the new VIR_DOMAIN_MEMORY_* macros in
	libvirt.h.in to placate apibuild.py.

	Mark args as unused in for libvirt_virDomain{Get,Set}MemoryParameters
	in the Python bindings and add both to the libvirtMethods array.

	Update remote_protocol-structs to placate make syntax-check.

	Undo unintended modifications in vboxDomainGetInfo.

	Update the function table of the VirtualBox and XenAPI drivers.

2010-10-12  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Remote protocol implementation of virDomainSet/GetMemoryParameters

	Adding memtune command to virsh tool
	The command helps to control the memory/swap parameters for the system, for
	eg. hard_limit (max memory the vm can use), soft_limit (limit during memory
	contention), swap_hard_limit(max swap the vm can use)

2010-10-12  Daniel Veillard  <veillard@redhat.com>

	Avoid checking against strncpy in virsh.c
	since the replacement function virStrcpy is not available

2010-10-12  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Implement domainGetMemoryParamters for LXC
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit.

	Implement domainSetMemoryParamters for LXC
	Add support in the lxc driver for various memory controllable parameters

	Adding memtunables to libvirt-lxc command
	libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if
	specified in the domain xml file or picks up the defaults.

	Adding memtunables to qemuSetupCgroup
	QEmu startup will pick up the memory tunables specified in the domain
	configuration file

	Implement domainGetMemoryParamters for QEmu
	Driver interface for getting memory parameters, eg. hard_limit,
	soft_limit and swap_hard_limit based on cgroup support

	Implement domainSetMemoryParamters for QEmu
	Driver interface for setting memory hard_limit, soft_limit and swap
	hard_limit based on cgroup support

	Implement cgroup memory controller tunables
	Provides interfaces for setting/getting memory tunables like hard_limit,
	soft_limit and swap_hard_limit

	XML parsing for memory tunables
	Adding parsing code for memory tunables in the domain xml file
	also change the internal define structures used for domain memory
	informations
	Adds a new specific test

2010-10-12  Daniel Veillard  <veillard@redhat.com>

	Cleanup some tabs issues

2010-10-12  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Adds xml entries for memory tunables in domain schema
	The patch adds xml entries to the domain.rng file.

	v2:
	+ Fix typo min_guarantee

2010-10-12  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Adding virDomainSetMemoryParameters and virDomainGetMemoryParameters API
	Public api to set/get memory tunables supported by the hypervisors.

	dv:
	* some cleanups in libvirt.c
	* adding extra checks in libvirt.c new entry points

	v4:
	* Move exporting public API to this patch
	* Add unsigned int flags to the public api for future extensions

	v3:
	* Add domainGetMemoryParamters and NULL in all the driver interface

	v2:
	* Initialize domainSetMemoryParameters to NULL in all the driver
	  interface structure.

2010-10-12  Nikunj A. Dadhania  <nikunj@linux.vnet.ibm.com>

	Adding structure and defines for virDomainSet/GetMemoryParameters
	This patch adds a structure virMemoryParameter, it contains the name of
	the
	parameter and the type of the parameter along with a union.

	dv:
	+ rename enums to VIR_DOMAIN_MEMORY_PARAM_*
	+ remove some extraneous tabs

	v4:
	+ Add unsigned int flags to the public api for future extensions

	v3:
	+ Protoype for virDomainGetMemoryParameters and dummy python binding.

	v2:
	+ Includes dummy python bindings for the library to build cleanly.
	+ Define string constants like "hard_limit", etc.
	+ re-order this patch.

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Remove redundant features
	Some features provided by the recently added CPU models were mentioned
	twice for each model. This was a result of automatic generation of the
	XML from qemu's CPU configuration file without noticing this redundancy.

2010-10-12  Eric Blake  <eblake@redhat.com>

	util: add missing export
	Commit 1fe2927a3 forgot to export a symbol.

	* src/libvirt_private.syms (virHexToBin): Add.
	* src/.gitignore: Ignore temporary file.

2010-10-12  Daniel P. Berrange  <berrange@redhat.com>

	Set sensible defaults for cpu match and feature policy
	To enable the CPU XML from the capabilities to be pasted directly
	into the guest XML with no editing, pick a sensible default for
	match and feature policy. The CPU match will be exact and the
	feature policy will be require. This should ensure safety for
	migration and give DWIM semantics for users

	* src/conf/cpu_conf.c: Default to exact match and require policy
	* docs/formatdomain.html.in: Document new defaults

2010-10-12  Daniel P. Berrange  <berrange@redhat.com>

	Add automatic generation of a todo item page
	This adds a script to generate the todo item page from
	bugzilla. This requires a valid username+password for
	bugzilla, so it is intended that this only be run on
	the libvirt.org website via cron. Normal usage will just
	generate an empty stub page.

	* docs/todo.pl: Script to extract todo items from bugzilla
	* docs/todo.cfg-example: Example config file
	* docs/sitemap.html.in: Add todo page
	* docs/Makefile.am: Generation rules for todo items

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix virDomain{At,De}tachDevice
	According to API documentation virDomain{At,De}tachDevice calls are
	supposed to only work on active guests for device hotplug. For anything
	beyond that, their *Flags variants have to be used.

	Despite the variant which was acked on libvirt mailing list
	(https://www.redhat.com/archives/libvir-list/2010-January/msg00385.html)
	commit ed9c14a7ef86d7a45a6d57cbfee5410fca428633 (by Jim Fehlig)
	introduced automagic behavior of these API calls for xen driver. Since
	January, these calls always change persistent configuration of a guest
	and if the guest is currently active, they also hot(un)plug the device.

	That change didn't follow API documentation and also broke device
	hot(un)plug for older xend implementations which do not support changing
	persistent configuration of a guest and hot(un)plugging in one step.

	This patch should not break anything for active guests. On the other
	hand, changing inactive guests is not supported any more.

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	xen: xenXMDomain*DeviceFlags should obey all flags
	xenXMDomain*DeviceFlags() silently ignores requests to modify live
	configuration of an active guest while still touching its persistent
	configuration.

	xen: Fix logic bug in xenDaemon*DeviceFlags

2010-10-12  Jiri Denemark  <jdenemar@redhat.com>

	xen: Make xenDaemon*DeviceFlags errors less confusing
	When a user calls to virDomain{Attach,Detach,Update}DeviceFlags() with
	flags == VIR_DOMAIN_DEVICE_MODIFY_LIVE on an inactive guest running on
	an old Xen hypervisor (such as RHEL-5) xend_internal driver reports:

	    Xend version does not support modifying persistent config

	which is pretty confusing since no-one requested to modify persistent
	config.

2010-10-12  Guido Günther  <agx@sigxcpu.org>

	Return a suitable error message if we can't find a matching emulator

2010-10-08  Guido Günther  <agx@sigxcpu.org>

	Pass -n to ip(6)tables
	to avoid long timeouts waiting for DNS servers

2010-10-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add 2nd example to the html docs
	This patch adds another example to the nwfilter html page and provides 2 solutions for how to write a filter meeting the given requirements using newly added features.

	nwfilter: Extend docs with info about the state attribute
	I am adding a row with information about the newly supported state
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend schema to accept state attribute
	Extend the nwfilter.rng schema to accept state attribute.

	nwfilter: Add test case for testing the state attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the state attribute. The other test case tests existing
	capabilities. Both test cases will be used in TCK again.

	nwfilter: Instantiate state match in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the state
	match according to the state attribute in the XML. Only one iptables
	rule in the incoming or outgoing direction will be created for a rule
	in direction 'in' or 'out' respectively. A rule in direction 'inout' does
	get iptables rules in both directions.

	nwfilter: Extend XML parser and gen. to support state attr.
	The patch below extends the XML parser and generator so that every l3 protocol
	now can have a state attribute.

2010-10-05  Eric Blake  <eblake@redhat.com>

	build: require pkg-config for bootstrap
	* .gnulib: Update to latest, for bootstrap fixes.
	* bootstrap: Synchronize with upstream.
	* bootstrap.conf: Add pkg-config pre-requisite.
	* autogen.sh: Tweak wording message.
	Reported by Justin Clift, and with feedback from Bruno Haible.

2010-10-05  Jiri Denemark  <jdenemar@redhat.com>

	xen: Fix bogus error when attaching a device
	The xm internal xen driver only supports disk and network devices to be
	added to a guest. On an attempt to attach any other device the xm driver
	used VIR_ERR_XML_ERROR which resulted in a completely bogus error
	message:

	error: Failed to attach device from pci.xml
	error: XML description for unknown device is not well formed or invalid

2010-10-05  Justin Clift  <jclift@redhat.com>

	configure: disable network and storage-fs drivers on mac os x
	Disabling these two drivers on MacOS X, where they are known to
	not work, allows libvirt (including the daemon) to compile without
	any further changes.

2010-10-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix memory leaks
	Fixing memory leak shown by valgrind and freeing buffer in two more places.

2010-10-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for virtual serial device network backing
	Since version 4.1 ESX(i) can expose virtual serial devices over TCP.

	Add support in the VMX handling code for this, add test cases to cover
	it and add links to some documentation.

	ESX supports two additional protocols: TELNETS and TLS. Add them to
	the list of serial-over-TCP protocols.

2010-10-01  Eric Blake  <eblake@redhat.com>

	vcpu: improve cpuset attribute
	The <vcpu cpuset=...> attribute has been available since commit
	e193b5dd, but without documentation or RNG validation.

	* docs/schemas/domain.rng (vcpu): Further validate cpuset.
	* docs/formatdomain.html.in: Document it.
	* src/conf/domain_conf.c: Fix typos.

2010-10-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Verify that domain XML contains at least one disk element
	phypBuildLpar expects that at least one disk element is provided.

2010-09-30  Jamie Strandboge  <jamie@canonical.com>

	virt-aa-helper-test cleanups
	Don't cat | sed, just sed.  Suggested by Eric Blake.

2010-09-30  Jamie Strandboge  <jamie@canonical.com>

	implement usb and pci hot attach in AppArmor driver
	Description: Implement AppArmorSetSecurityHostdevLabel() and
	AppArmorRestoreSecurityHostdevLabel() for hostdev and pcidev attach.

	virt-aa-helper also has to be adjusted because *FileIterate() is used for pci
	and usb devices and the corresponding XML for hot attached hostdev and pcidev
	is not in the XML passed to virt-aa-helper. The new '-F filename' option is
	added to append a rule to the profile as opposed to the existing '-f
	filename', which rewrites the libvirt-<uuid>.files file anew. This new '-F'
	option will append a rule to an existing libvirt-<uuid>.files if it exists,
	otherwise it acts the same as '-f'.

	load_profile() and reload_profile() have been adjusted to add an 'append'
	argument, which when true will use '-F' instead of '-f' when executing
	virt-aa-helper.

	All existing calls to load_profile() and reload_profile() have been adjusted
	to use the old behavior (ie append==false) except AppArmorSetSavedStateLabel()
	where it made sense to use the new behavior.

	This patch also adds tests for '-F'.

	Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/640993

2010-09-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add a test case for testing the comment attribute
	This patch adds a test case for testing the XML parser's and instantiator's
	support of the comment attribute.

	nwfilter: Extend docs with information about comment attr.
	I am adding a row with information about the newly supported comment
	attribute to each of the tables describing supported attributes of protocols.

	nwfilter: Extend nwfilter schema to accept comment attrib.
	Extend the nwfilter.rng schema to accept comment attributes for all protocol
	types.

2010-09-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Instantiate comments in ip(6)tables rules
	In this patch I am extending the rule instantiator to create the comment
	node where supported, which is the case for iptables and ip6tables.

	Since commands are written in the format

	cmd='iptables ...-m comment --comment \"\" '

	certain characters ('`) in the comment need to be escaped to
	prevent comments from becoming commands themselves or cause other
	forms of (bash) substitutions. I have tested this with various input and in
	my tests the input made it straight into the comment. A test case for TCK
	will be provided separately that tests this.

2010-09-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Extend XML parser and generator w/ comment attribute
	The patch below extends the XML parser and generator so that every protocol
	now can have a comment node. Comments are limited to 256 characters.

2010-09-30  Eric Blake  <eblake@redhat.com>

	build: fix example build on MacOS X
	Partial reversion of commit 76d87a59, now that bootstrap is smarter.

	* .gnulib: Update to latest, for poll and bootstrap fixes.
	* bootstrap: Resync from gnulib.
	* autogen.sh: Drop redundant tool checks; bootstrap does them
	better, by honoring environment variables.
	* examples/domain-events/events-c/Makefile.am (INCLUDES)
	(event_test_LDADD): Use gnulib library during build.
	* bootstrap.conf (gnulib_tool_option_extras): Revert --libtool
	addition, now that updated bootstrap does it for us.
	Reported by Justin Clift.

2010-09-29  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Checking for NULL values when building new guest
	When creating a new gust, the function phypBuildLpar() was not
	checking for NULL values

	src/phyp/phyp_driver.c: check the definition arguments to avoid a segmentation
	  fault in phypBuildLpar()

2010-09-29  Justin Clift  <jclift@redhat.com>

	configure: tweak logic flow of virtport check
	This fixes a small logic bug, where passing --without-macvtap
	on the configure line, or otherwise indicating a lack of
	support for macvtap, causes configure to bail.

2010-09-29  Justin Clift  <jclift@redhat.com>

	mpath: disable devmapper-multipath checking on non-linux
	The configure script was breaking on MacOS X unless passed:

	  --without-storage-mpath

	This patch leverages Stefan Bergers earlier work for nwfilter,
	so non-linux systems don't even attempt to build multipath.

2010-09-29  Stefan Berger  <stefanb@us.ibm.com>

	Rework configure logic for virtualport support
	In this patch I am reworking the logic around detecting virtual port support and requiring the libnl dependency.

	- It requires --with-macvtap and displays an error in case of --without-macvtap --with-virtualport.
	- It tests for availability of certain data in include files and displays an error in case the include file is not at the correct level and --with-virtualport was chosen
	- displays 'checking' messages for macvtap and virtualport support and results
	- libnl support is required when macvtap is found or requested; if libnl is not there, please supply without-macvtap

2010-09-28  Justin Clift  <jclift@redhat.com>

	mac os x: use awk selected by build system rather than first in path
	Prior to this patch, the ChangeLog generation was hard coded to use
	"awk", when it should have been using the AWK variable set by our
	build system.

	This breaks compilation on a newly installed OS X system, where the
	default path has the Mac (non GNU) awk in the default search PATH
	before any installed GNU awk (gawk).

2010-09-28  Justin Clift  <jclift@redhat.com>

	nwfilter: remove recently added workaround define for macos x
	This reverses commit 04c3704, which added a define to nwfilter to
	allow libvirtd compilation on Mac OS X.  Stefan Bergers commit, 2e7294d,
	is the proper solution, removing the requirement for nwfilter on non-Linux.

2010-09-28  Justin Clift  <jclift@redhat.com>

	virtualbox: fix a typo in the expected location on mac os x
	Mac OS X provides an "/Applications" folder, not an "/Application" folder,
	so installed VirtualBox wasn't being detected by default.

	This 1 character patch fixes this.

2010-09-27  Dan Kenigsberg  <danken@redhat.com>

	python: drop unnecessary conn assignment
	Since 554d82a200289938d5639a782a9f12e3e2e968f0, conn is unused. Let's
	drop it - but keep the signature of the constructor for backward
	compatibility.

2010-09-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Don't compile nwfilter driver on other systems than Linux
	Don't compile the nwfilter driver (instantiating the rules) on other systems than Linux.

2010-09-27  Justin Clift  <jclift@redhat.com>

	nwfilter: add a missing define, so libvirtd builds on macos x
	The nwfilter code uses ETH_ALEN, which isn't defined on MacOS X.
	This is a simple workaround, to add it when missing.

2010-09-24  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: report if ip(6)tables rules would not be active
	The patch below reports a warning in the log if the generated ip(6)tables rules would not be effective due to the proc filesystem entries

	    /proc/sys/net/bridge/bridge-nf-call-iptables
	    /proc/sys/net/bridge/bridge-nf-call-ip6tables

	containing a '0'. The warning tells the user what to do. I am rate-limiting the warning message to appear only every 10 seconds.

2010-09-23  Jamie Strandboge  <jamie@canonical.com>

	app-armor: add 'rw' for appropriate devices
	Description: Check for VIR_DOMAIN_CHR_TYPE in serial ports and add 'rw' for
	defined serial ports, parallel ports and channels

	Bug-Ubuntu: LP: #578527, LP: #609055

2010-09-23  Jamie Strandboge  <jamie@canonical.com>

	add extra tests to virt-aa-helper-test for new '-p' option

2010-09-23  Eric Blake  <eblake@redhat.com>

	docs: grammar cleanups on logging examples
	* docs/logging.html.in: Fix spelling and grammar.

2010-09-23  Philipp Hahn  <hahn@univention.de>

	Fix spelling of Xen in comments

2010-09-23  Eric Blake  <eblake@redhat.com>

	maint: update to latest gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Add new termios module.
	(gnulib_tool_option_extras): Make libtool usage explicit.
	* src/util/util.c (includes): Gnulib now guarantees termios.h.
	* bootstrap: Resync from gnulib.

2010-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow '-' in VMX entry names
	Add a test for this.

	Reported by Frank Dirks.

2010-09-23  Chris Wright  <chrisw@redhat.com>

	pciFindStubDriver should return NULL on error
	pciFindStubDriver currently returns 0 in one of the error cases.
	While it's correct...NULL is more readable.

2010-09-22  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: start late and stop early
	libvirt-guests init script should be started as late as possible during
	host startup and stopped as early as possible during host shutdown to
	make sure required services are already/still up and running at the time
	libvirt-guests runs.

2010-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Make SASL work over UNIX domain sockets
	The addrToString methods were not coping with UNIX domain sockets
	which have no normal host+port address. Hardcode special handling
	for these so that SASL routines can work over UNIX sockets. Also
	fix up SSF logic in remote client so that it presumes that a UNIX
	socket is secure

	* daemon/remote.c: Fix addrToString for UNIX sockets.
	* src/remote/remote_driver.c: Fix addrToString for UNIX sockets
	  and fix SSF logic to work for TLS + UNIX sockets in the same
	  manner

2010-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Refactor some daemon code to facilitate introduction of static probes
	Refactor some daemon code to facilitate the introductioin of static
	probes, sanitizing function exit paths in many places

	* daemon/libvirtd.c: Pass the dname string into remoteCheckDN
	  to let caller deal with failure paths. Add separate exit paths
	  to remoteCheckCertificate for auth failure vs denial. Merge
	  all exit paths in qemudDispatchServer to one cleanup block
	* daemon/remote.c: Add separate exit paths to SASL & PolicyKit
	  functions for auth failure vs denial

2010-09-22  Eric Blake  <eblake@redhat.com>

	nodeinfo: work when hot-plugging is disabled
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=635857.

	* src/nodeinfo.c (cpu_online): Allow missing directory for all
	CPUs, not just cpu0.

2010-09-22  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes a bug appearing on big endian machines where the returned XML is not the one that is expected (see test/nwfilterxml2xmltest). The problem is due to for example the casting of pointers to unsigned integers to void * and then back to 16 bit integers.

2010-09-16  Eric Blake  <eblake@redhat.com>

	tests: silence qemuargv2xmltest noise
	Before this patch, the testsuite was noisy:

	TEST: qemuargv2xmltest
	      ........................................ 40
	      ................20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument '-unknown', adding to the qemu namespace
	20:41:28.046: warning : qemuParseCommandLine:6565 : unknown QEMU argument 'parameter', adding to the qemu namespace
	.                        57  OK
	PASS: qemuargv2xmltest

	It's not a real failure (which is why the test was completing
	successfully), so much as an intentional warning to the user that use
	of the qemu namespace has the potential for undefined effects that
	leaked through the default logging behavior.  After this patch series,
	all tests can access any logged data, and this particular test can
	explicitly check for the presence or absence of the warning, such that
	the test output becomes:

	TEST: qemuargv2xmltest
	      ........................................ 40
	      .................                        57  OK
	PASS: qemuargv2xmltest

	* tests/testutils.h (virtTestLogContentAndReset): New prototype.
	* tests/testutils.c (struct virtTestLogData): New struct.
	(virtTestLogOutput, virtTestLogClose, virtTestLogContentAndReset):
	New functions.
	(virtTestMain): Always capture log data emitted during tests.
	* tests/qemuargv2xmltest.c (testCompareXMLToArgvHelper, mymain):
	Use flag to mark which tests expect noisy stderr.
	(testCompareXMLToArgvFiles): Add parameter to test whether stderr
	was appropriately silent.

2010-09-16  Eric Blake  <eblake@redhat.com>

	tests: clean up qemuargv2xmltest
	Since commit 107a7bd06bc, the extraFlags argument was unused.

	* tests/qemuargv2xmltest.c (DO_TEST): Drop extraFlags argument.
	Adjust all callers.

2010-09-16  Justin Clift  <jclift@redhat.com>

	docs: reworked the policykit patch submitted by Patrick Dignan
	Tweaked the PolicyKit documentation improvement patch submitted
	by Patrick Dignan.

	Additionally, removed the reference to PolicyKit.conf, which is
	no longer used by PolicyKit, plus added a link to the expanded
	PolicyKit example page on the wiki.

2010-09-16  Justin Clift  <jclift@redhat.com>

	docs: fix the xml validity errors regarding name and id
	Got sick of seeing the "validity error : ID Objects already defined"
	errors, which this patch addresses.

2010-09-15  Eric Blake  <eblake@redhat.com>

	build: avoid non-portable IPv6 struct member, for MacOS X
	* src/util/network.c (getIPv6Addr): Manually join s6_addr bytes,
	instead of assuming s6_addr16 shorts.
	Reported by Justin Clifton; solution suggested by Bruno Haible.

2010-09-15  Justin Clift  <jclift@redhat.com>

	virsh: change wexitstatus order to allow compilation on mac osx
	This is the simple fix Daniel Veillard suggested last year:

	  http://www.redhat.com/archives/libvir-list/2009-May/msg00459.html

2010-09-15  Justin Clift  <jclift@redhat.com>

	libvirtd: improve the error message displayed on tls client auth failure
	This address BZ # 556599:

	  https://bugzilla.redhat.com/show_bug.cgi?id=556599

2010-09-14  Eric Blake  <eblake@redhat.com>

	maint: silence warning from libtool
	I got tired of seeing this.

	config.status: executing libtool commands
	/bin/rm: cannot remove `libtoolT': No such file or directory
	config.status: executing po-directories commands

	While I was at it, there were a couple other unused variables.

	* configure.ac (RM, MV, TAR): Drop; nothing in libvirt directly uses
	this, and assigning RM interferes with libtool.

2010-09-14  Soren Hansen  <soren@linux2go.dk>

	Rebuild network filter for UML guests on updates
	When nwfilter support was added to UML, I didn't realise the UML driver
	needed instrumentation to make updating nwfilters on the fly work. This
	patch adds this bit of glue.

2010-09-14  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Use virBuffer for generating XML
	cmdAttachInterface and cmdAttachDisk still used vshRealloc and sprintf
	for generating XML, which is hardly maintainable. Let's get rid of this
	old code.

2010-09-14  Eric Blake  <eblake@redhat.com>

	build: use portable sed expressions
	* src/Makefile.am (libvirt.def, libvirt_qemu.def): '\}' and '\t'
	are not required by POSIX.  Use '}' and literal tab instead.
	(install-data-local): Avoid sed -i.
	* tests/read-bufsiz: Likewise.
	Reported by Mitchell Hashimoto.

2010-09-13  Justin Clift  <jclift@redhat.com>

	docs: improve wording for the dev guide
	Wording tweak suggested by David Jorm, author of the libvirt App Dev Guide.

2010-09-13  Jiri Denemark  <jdenemar@redhat.com>

	tests: Fix preprocessor indentation

2010-09-10  Justin Clift  <jclift@redhat.com>

	docs: add the app dev guide
	Added a workable initial page for the libvirt Application
	Development Guide, giving the online viewable options +
	the available download ones (pdf, epub, srpm).

	Added a link to the PDF to the main Downloads page, plus
	neatened the html tags throughout the page as they
	were a bit of a mess.

	Added --enable-compile-warnings=error to the autogen line,
	as suggested by Eric Blake.

2010-09-10  Daniel Veillard  <veillard@redhat.com>

	Libvirt release 0.8.4
	update news, spec and french localizaton

2010-09-10  Cole Robinson  <crobinso@redhat.com>

	buf: Fix possible infinite loop in EscapeString, VSnprintf
	The current code will go into an infinite loop if the printf generated
	string is >= 1000, AND exactly 1 character smaller than the amount of free
	space in the buffer. When this happens, we are dropped into the loop body,
	but nothing will actually change, because count == (buf->size - buf->use - 1),
	and virBufferGrow returns unchanged if count < (buf->size - buf->use)

	Fix this by removing the '- 1' bit from 'size'. The *nprintf functions handle
	the NULL byte for us anyways, so we shouldn't need to manually accommodate
	for it.

	Here's a bug where we are actually hitting this issue:
	https://bugzilla.redhat.com/show_bug.cgi?id=602772

	v2: Eric's improvements: while -> if (), remove extra va_list variable,
	    make sure we report buffer error if snprintf fails

	v3: Add tests/virbuftest which reproduces the infinite loop before this
	    patch, works correctly after

2010-09-10  Guido Günther  <agx@sigxcpu.org>

	Fix block statistics with newer versions of Xen
	Apparently the xen block device statistics moved from
	"/sys/devices/xen-backend/vbd-%d-%d/statistics/%s"
	to
	"/sys/bus/xen-backend/devices/vbd-%d-%d/statistics/%s"

	* src/xen/block_stats.c: try the extra path in case of failure to
	  find the statistics in /sys

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Option for overriding disk type in attach-disk
	Unless --driver tap|file option was given to attach-disk, virsh would
	generate <disk type='block'> XML which might be fine for Xen but not for
	other hypervisors. This patch introduces a new option --sourcetype which
	can be used to explicitly set the type of disk source. The option
	accepts either "file" or "block" types.

2010-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix dependancies for remote generated files
	Very occasionally during a parallel make, dispatch.c would
	be compiled before the generated remote headers had been
	fully written. This would cause it to compile an empty
	union, and result in really wierd runtime bugs that are
	near impossible to diagnose.

	* daemon/Makefile.am: Fix remote build deps

2010-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Ensure remote daemon unions are always non-zero length
	If the remote daemon args/ret unions ever become zero length
	(due to a build / Makefile bug) then bad stuff happens at
	runtime. Add a compile time assertion to check for this kind
	of problem

	* daemon/remote.h: Ensure non-zero length unions

2010-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in QEMU boot arg array handling
	A QEMU guest can have upto VIR_DOMAIN_BOOT_LAST boot entries
	defined. When building the QEMU arg, each entry takes a
	single byte. This means the array must be declared to be
	VIR_DOMAIN_BOOT_LAST+1 bytes in length to allow for the
	trailing null

	* src/qemu/qemu_conf.c: Fix off-by-1 boot arg array size

2010-09-10  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix static-only DHCP configuration
	For static-only DHCP, i.e. with no <range> but at least one <host>
	element within <dhcp> element, we have to add "--dhcp-range IP,static"
	option to dnsmasq to actually enable the service. Without this option,
	dnsmasq will not respond to DHCP requests.

2010-09-10  Luiz Capitulino  <lcapitulino@redhat.com>

	qemu: qemuMonitorJSONEjectMedia(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

	qemu: qemuMonitorJSONMigrate(): Fix arguments' type
	QMP in QEMU 0.13 has been fixed to enforce type correctness,
	this means that boolean types must be true or false, not
	integers.

2010-09-09  Soren Hansen  <soren@linux2go.dk>

	Add nwfilter support to UML driver
	Extend user-mode-linux driver to support nwfilter.

2010-09-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	test: Don't overwrite storage volume target path and key
	Only generate target path and key when they are not defined
	in the XML config.

2010-09-09  Daniel Veillard  <veillard@redhat.com>

	Remove hack to get static binaries in DV environment

2010-09-08  Justin Clift  <jclift@redhat.com>

	Moved my name up to the primary list, as I have commit rights now.
	As recommended by Eric. :)

2010-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use SessionIsActive when available
	Before this commit SessionIsActive was not used because ESX(i)
	doesn't implement it. vCenter supports SessionIsActive, so use
	it here, but keep the fall back mechanism for ESX(i) and GSX.

2010-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fall back to path as key when QueryVirtualDiskUuid isn't available
	QueryVirtualDiskUuid is only available on an ESX(i) server. vCenter
	returns an NotImplemented fault and a GSX server is missing the
	VirtualDiskManager completely. Therefore only use QueryVirtualDiskUuid
	with an ESX(i) server and fall back to path as storage volume key for
	vCenter and GSX server.

2010-09-07  Eric Blake  <eblake@redhat.com>

	mingw: match recent changes in spec file
	* libvirt.spec.in (%file): List new installed files.
	* configure.ac (with_init_script): Assume default of none when
	cross-compiling.

2010-09-07  Jiri Denemark  <jdenemar@redhat.com>

	build: Fix permissions of sysconfig files

2010-09-04  Daniel Veillard  <veillard@redhat.com>

	Update of localization files
	- Updated dutch, spanish and russian, regenerated the po/pot files

2010-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use the VirtualDisk UUID as storage volume key
	VirtualDisks are .vmdk file based. Other files in a datastore
	like .iso or .flp files don't have a UUID attached, fall back
	to the path as key for them.

2010-09-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add .vmdk storage volume creation

2010-09-03  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: add ethernet interface type support
	This patch adds support for ethernet interface type to OpenVZ domains
	as stated in this previous message: http://www.redhat.com/archives/libvir-
	list/2010-July/msg00658.html

2010-09-03  Eric Blake  <eblake@redhat.com>

	build: avoid uninitialized variable warning
	* src/vbox/vbox_tmpl.c (vboxAttachDrives): Capture return value.

2010-09-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Rework datastore path parsing and handling
	Instead of splitting the path part of a datastore path into
	directory and file name, keep this in one piece. An example:

	  "[datastore] directory/file"

	was split into this before:

	  datastoreName = "datastore"
	  directoryName = "directory"
	  fileName = "file"

	Now it's split into this:

	  datastoreName = "datastore"
	  directoryName = "directory"
	  directoryAndFileName = "directory/file"

	This simplifies code using esxUtil_ParseDatastorePath, because
	directoryAndFileName is used more often than fileName. Also the
	old approach expected the datastore path to reference an actual
	file, but this isn't always correct, especially when listing
	volumes. In that case esxUtil_ParseDatastorePath is used to parse
	a path that references a directory. This fails for a vpx://
	connection because the vCenter returns directory paths with a
	trailing '/'. The new approach is robust against this and the
	actual decision if the datastore path should reference a file or
	a directory is up to the caller of esxUtil_ParseDatastorePath.

	Update the tests accordingly.

2010-09-02  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainDefineXML): Split...
	(vboxSetBootDeviceOrder, vboxAttachDrives, vboxAttachSound)
	(vboxAttachNetwork, vboxAttachSerial, vboxAttachParallel)
	(vboxAttachVideo, vboxAttachDisplay, vboxAttachUSB): ...into new
	helper functions.

	lxc: avoid large stacks with veth creation
	* src/lxc/veth.h (vethCreate): Change prototype.
	* src/lxc/veth.c (vethCreate): Always malloc veth2, and allocate
	veth1 if needed.
	(getFreeVethName): Adjust signature, and use virAsprintf.
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Adjust caller.

2010-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix generator for string return values
	Distinguish between strings as parameters (const char *)
	and strings as return values (char **).

2010-09-02  Eric Blake  <eblake@redhat.com>

	openvz: use virAsprintf to avoid large stacks
	* src/openvz/openvz_conf.c (openvzLocateConfFile): Alter
	signature.
	(openvzGetVPSUUID, openvzSetDefinedUUID)
	(openvzWriteVPSConfigParam, openvzReadVPSConfigParam)
	(openvzCopyDefaultConfig): Adjust callers.

	openvz: formatting cleanups
	* src/openvz/openvz_conf.c: Whitespace fixes.
	* src/openvz/openvz_driver.c: Likewise.

2010-09-01  Eric Blake  <eblake@redhat.com>

	network: use virAsprintf when appropriate
	* src/conf/network_conf.c (virNetworkAllocateBridge): Avoid
	limited buffer from snprintf.

2010-09-01  Eric Blake  <eblake@redhat.com>

	build: add some modules
	snprintf is currently implicitly picked up by getaddrinfo, but we
	might as well make it explicit so that mingw doesn't break if
	getaddrinfo changes to drop the dependency.

	func doesn't matter for gcc compilation, but may help other compilers
	cope with our use of __func__.

	* bootstrap.conf (gnulib_modules): Add snprintf and func.

2010-09-01  Ryan Harper  <ryanh@us.ibm.com>

	virsh: remove driver check from attach-disk command
	Virsh shouldn't check for driver support but rather let the backend handled this.
	After removing the check, I can successfully attach file-based images to a qemu
	VM with attach-disk.

	% virsh attach-disk vm2 /images/test02.img vdc --driver qemu --type disk --subdriver raw
	Disk attached successfully

	This command generates the following XML:

	<disk type='block' device='disk'>
	      <driver name='qemu' type='raw'/>
	      <source dev='/images/test02.img'/>
	      <target dev='vdc' bus='virtio'/>
	      <alias name='virtio-disk2'/>
	      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
	</disk>

2010-08-31  Soren Hansen  <soren@linux2go.dk>

	Use global directory as UML's monitorDir for privileged connections
	For privileged UML connections (uml:///system), we shouldn't use root's
	home dir, but rather somewhere in /var/run/libvirt/uml-guest.

	https://bugzilla.redhat.com/show_bug.cgi?id=499536

2010-08-31  Soren Hansen  <soren@linux2go.dk>

	Explicitly pass uml_dir argument to user-mode-linux
	uml_dir overrides user-mode-linux's default of ~/.uml. This is needed
	for a couple of different reasons:

	libvirt expects this to default to virGetUserDirectory(geteuid()) +
	'/.uml'. However, user-mode-linux actually uses the HOME environment
	variable to determine where to look for the uml sockets, but if running
	libvirtd under sudo (which I routinely do during development), $HOME is
	pointing at my user's homedir, while my euid is 0, so libvirt looks in
	/root.

	Also (and this was my actual motivation for this patch), if HOME isn't
	set at all, user-mode-linux utterly fails. Looking at the code, it seems
	it's meant to emit a warning, but alas, it doesn't for some reason.
	If running libvirtd from upstart, HOME is not set, so any system using
	upstart will need this change.

2010-08-31  Eric Blake  <eblake@redhat.com>

	maint: track moved file
	* daemon/.gitignore: Move libvirt-guests.init...
	* tools/.gitignore: ...to its new location.

2010-08-31  Jim Fehlig  <jfehlig@novell.com>

	Add tests for Xen's blktap2 implementation
	xml2sexpr and sexpr2xml tests for blktap2

	Add blktap2 support to xend driver
	Xen4.0 includes a new blktap2 implementation, which is specified
	with 'tap2' prefix.  AFAICT it's configuration syntax is identical
	to blktap, with exception of 'tap2' vs 'tap' prefix.  This patch
	takes the simple approach of accepting and generating sexp
	containing 'tap2' prefix.

2010-08-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Map the .vmx annotation to the domain XML description
	Take care of escaping '"' and '|' (the escape character).

	Add tests for this.

2010-08-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Move hextobin as virHexToBin to util.c
	virHexToBin will be used in the .vmx handling code.

2010-08-27  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Bad comparison when checking for existing domain name
	When creating a new domain from XML, the check for an existing
	domain name should compare the return of the function to a valid
	LPAR ID (!= -1) and not to error (== -1).

2010-08-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix esxVI_BuildSelectSet's invalid argument check
	The check was altered in 8c48743b9737ad4d246ab6043fd299316f9a2091
	and got too strict, I've no clue how that snuck in. This check
	makes every try to open a connection using the ESX driver fail
	with an invalid argument error.

	Revert the change to the check and add a comment to prevent future
	mistakes with this check.

2010-08-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add read-only storage volume access
	This allows to list existing volumes and to retrieve information
	about them.

2010-08-25  Jiri Denemark  <jdenemar@redhat.com>

	Move libvirt-guests init script and config to tools
	Since libvirt-guests init script and its configuration do not require
	libvirtd to be running/installed, it was a bad idea to put them into
	daemon directory. libvirt.spec even includes these files in
	libvirt-client subpackage, which may result in build failure for
	client-only builds when the whole daemon directory is just skipped.

	spec: Fix undefined with_libnl
	When building libvirt RPM without macvtap, with_libnl would be
	undefined.

2010-08-24  Soren Hansen  <soren@linux2go.dk>

	Support virDomainAttachDevice and virDomainDetachDevice for disks in UML
	UML supports hot plugging and unplugging of various devices. This patch
	exposes this functionality for disks.

	Rename qemudShrinkDisks to virDomainDiskRemove and move to domain_conf.c
	Other drivers will need this same functionality, so move it to up to
	conf/domain_conf.c and give it a more general name.

2010-08-24  Serge Hallyn  <serge.hallyn@canonical.com>

	docs: fix lxc examples
	* docs/drvlxc.html.in: Use correct VM name, and mention that
	libvirt_lxc might be in an alternate location.

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of sparse NUMA topologies
	When finding a sparse NUMA topology, libnuma will return ENOENT
	the first time it is invoked. On subsequent invocations it
	will return success, but with an all-1's CPU mask. Check for
	this, to avoid polluting the capabilities XML with 4096 bogus
	CPUs

	* src/nodeinfo.c: Check for all-1s CPU mask

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Log return value for virConnectGetCapabilities
	Enabling debug doesn't show the capabilities XML for a connection.
	Add an extra debug statement for the return value

	* src/libvirt.c: Enable debug logging of capabilities XML

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Try harder to send RPC error message back to client
	When failing to serialize the normal RPC reply, try harder to
	send a error message back to the client, instead of immediately
	closing the connection.

	* daemon/dispatch.c: Improve error messages when RPC reply
	  can not be sent

2010-08-24  Daniel P. Berrange  <berrange@redhat.com>

	Add explicit warning messages when failing to serialize to XDR
	When libvirtd fails to serialize a message to XDR the client
	connection is terminated immediately. To enable this to be
	diagnosed, log the message which caused the problem on the
	server

	* daemon/dispatch.c: Log XDR serialization failures

2010-08-24  Soren Hansen  <soren@linux2go.dk>

	Allow chardev of type 'file' for UML domains.
	Like the comment suggested, we just open the file and pass the file
	descriptor to uml. The input "stream" is set to "null", since I couldn't
	find any useful way to actually use a file for input for a chardev and
	this also mimics what e.g. QEmu does internally.

2010-08-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve object-by-type lookup performance
	Instead of using one big traversal spec for lookup use a set of
	more fine grained traversal specs that are selected based on the
	actual needs of the lookup.

	This gives up to 20% speedup for certain operations like domain
	listing due to less HTTP(S) traffic.

2010-08-24  Jiri Denemark  <jdenemar@redhat.com>

	xen tests: Fix PV-VFB tests with RHEL-5 API
	RHEL-5 Xen doesn't support the old style vnc configuration. In sexpr, we
	can't really check it with rhel5-api turned on. However, for XM
	configuration files it's sufficient to use cfg version 1 instead of 2.

	xml2sexprtest: Remove graphics from unrelated tests
	This caused unnecessary make check failures when libvirt is configured
	--with-rhel5-api

2010-08-24  Jiri Denemark  <jdenemar@redhat.com>

	xen tests: Fix missing "type ioemu" with rhel5-api
	The most common cause of errors with rhel5-api turn on was missing
	"(type ioemu)" in sexpr or its equivalent in XM configuration file. This
	happens because the presence of that part in sexpr (or cfg) depends on
	xen version the host is running. Let's avoid it by explicitly specifying
	interface model which ensures "type ioemu" will always be emitted.

	This patch adds

	    <model type='e1000'/>

	withing the interface element in all affected xml files. And

	    (model 'e1000')

	to all corresponding sexpr files with similar fix to cfg files. Such
	configuration works regardless on Xen version.

2010-08-24  Jiri Denemark  <jdenemar@redhat.com>

	nodeinfotest: Print libvirt error on failure
	If linuxNodeInfoCPUPopulate() fails, the test would just print "FAILED"
	which is not very informative. It's better to print the real error.

2010-08-23  Eric Blake  <eblake@redhat.com>

	xenapi: support xenapi 5.6.0 headers
	* src/xenapi/xenapi_driver.c (xenapiDomainGetInfo): Avoid using
	XEN_VM_POWER_STATE_UNKNOWN, which disappeared in newer xenapi.
	* src/xenapi/xenapi_utils.c (mapPowerState): Likewise.

2010-08-23  Daniel P. Berrange  <berrange@redhat.com>

	Add support for -enable-kqemu flag
	Previously QEMU enabled KQEMU by default and had -no-kqemu.
	0.11.x switched to requiring -enable-kqemu. 0.12.x dropped
	kqemu entirely. This patch adds support for -enable-kqemu
	so 0.11.x works. It replaces a huge set of if() with a
	switch() to make the code a bit more readable.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Support
	  -enable-kqemu

2010-08-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use MD5 sum of mount path as storage pool UUID
	With the previous storage pool UUID source not all storage pools
	had a proper UUID, especially GSX storage pools. The mount path
	is unique per host and cannot change during the lifetime of the
	datastore. Therefore, it's MD5 sum can be used as UUID.

	Use gnulib's crypto/md5 module to generate the MD5 sum.

2010-08-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make sure dumpxml outputs proper ID for active domains

2010-08-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Fix compile error in previous commit

2010-08-20  Jim Fehlig  <jfehlig@novell.com>

	Add actions to virDomainLifecycle enum
	Xen supports on_crash actions coredump-{destroy,restart}.  libvirt
	cannot parse config returned by xend that contains either of these
	actions

	xen52 # xm li -l test | grep on_crash
	    (on_crash coredump-restart)
	xen52 # virsh dumpxml test
	error: internal error unknown lifecycle type coredump-restart

	This patch adds a new virDomainLifecycleCrash enum and appends
	the new options to existing destroy, restart, preserve, and
	rename-restart options.

2010-08-20  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Remove code duplication
	We already filled the PCI address structure when we checked whether it's
	free or not, so let's just use the structure here instead of filling it
	again.

	qemu: Check for errors when converting PCI address to string

	qemu: Fix JSON migrate_set_downtime command

2010-08-20  Eric Blake  <eblake@redhat.com>

	vbox: factor a large function
	* src/vbox/vbox_tmpl.c (vboxDomainCreateWithFlags): Split...
	(vboxStartMachine): ...into new helper.

	vbox: add location used in rpmfusion release
	* configure.ac (vbox_xpcomc_dir): Add another potential dir.

	xenapi: avoid sprintf
	* src/xenapi/xenapi_utils.h (createVifNetwork): Delete prototype.
	* src/xenapi/xenapi_utils.c (createVifNetwork): Change signature,
	and use virAsprintf.  Detect allocation failure.
	(createVMRecordFromXml): Adjust caller.

	storage: avoid s[n]printf
	* src/storage/storage_backend.c (virStorageBackendCreateQemuImg)
	(virStorageBackendCreateQcowCreate): Use virAsprintf instead.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskCreateVol, virStorageBackendDiskPartFormat):
	Likewise.

	maint: whitespace cleanups
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskPartFormat): Fix spacing.

	build: delete dead comments
	* src/qemu/qemu_driver.c (qemudGetProcessInfo): Clean up.
	* src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
	* src/xen/sexpr.c (_string2sexpr): Likewise.

2010-08-19  Patrick Dignan  <pat_dignan@dell.com>

	storage: add support for Vendor and Model in XML
	I wrote a patch to add support for listing the Vendor and Model of a
	storage pool in the storage pool XML.  This would allow vendor
	extensions of specific devices.  The patch includes a test for the new
	attributes as well.

	Patrick Dignan

2010-08-19  Eric Blake  <eblake@redhat.com>

	uml: fix logic bug in checking reply length
	* src/uml/uml_driver.c (umlMonitorCommand): Validate that enough
	bytes were read to dereference both res.length, and that many
	bytes from res.data.
	Reported by Soren Hansen.

	nwfilter: use consistent OOM reporting
	* src/nwfilter/nwfilter_driver.c (nwfilterLog): Delete.
	(nwfilterDriverStartup): Use virReportOOMError instead.

2010-08-18  Eric Blake  <eblake@redhat.com>

	build: fix compiler warning
	node_device/node_device_driver.c: In function 'nodeDeviceVportCreateDelete':
	node_device/node_device_driver.c:423: error: implicit declaration of function 'stat' [-Wimplicit-function-declaration]

	* src/node_device/node_device_driver.c (includes): Add <sys/stat.h>.

2010-08-18  Daniel Veillard  <veillard@redhat.com>

	xen: Fix scheduler setting problems
	Doing `virsh schedinfo rhel5u3 --cap 65535' the hypervisor does the
	call, but does not change the value nor raise an error. Best is just to
	consider it's not in the allowed values. The problem is that the error
	won't be output since the xend driver will then be called and raise an
	error

	    error: this function is not supported by the hypervisor: unsupported
	    in xendConfigVersion < 4

	which will override the useful information from
	xenUnifiedDomainSetSchedulerParameters(). So best is to also invert the
	order in which the xen sub-drivers are called.

	* src/xen/xen_hypervisor.c: mark 65535 cap value as out of bound
	* src/xen/xen_hypervisor.c: reverse the order of the calls to the xen
	  sub drivers to get the error message if needed

2010-08-18  Jiri Denemark  <jdenemar@redhat.com>

	nodedev: Free the right pointers when getting WWNs fails

2010-08-18  Dave Allan  <dallan@redhat.com>

	nodedev: Fix sysfs paths for vport operations
	Some kernels, such as the one used in RHEL-5, have vport_create and
	vport_delete operation files in /sys/class/scsi_host/hostN directory
	instead of /sys/class/fc_host/hostN. Let's check both paths for
	compatibility reasons.

	This also removes unnecessary '/' characters from sysfs paths containing
	LINUX_SYSFS_FC_HOST_PREFIX.

2010-08-18  Daniel Berrange  <berrange@redhat.com>

	xen: Fix device count on detach

	remote: Fix incorrect use of private data field
	NodeDeviceCreateXML and NodeDeviceDestroy methods added for NPIV were
	using the wrong privateData field for the remote driver. This doesn't
	impact KVM, since the remote driver handles everything, thus
	privateData == devMonPrivateData. It does impact Xen though, because
	the remote driver only handles a subset of methods and thus
	privateData != devMonPrivateData.

2010-08-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix memory leak when looking up an non-existing domain by name
	In case an optional object cannot be found the lookup function is
	left early and the cleanup code is not executed.

	This pattern occurs in some other functions too.

2010-08-17  Chris Lalancette  <clalance@redhat.com>

	Fix up qemu domain save/managed save locking.
	The current version of the qemu managed save implementation
	is subject to a race where the domain shuts down between
	the time that we start the command and the time that we
	actually try to do the save.  Close this race by making
	qemuDomainSaveFlags() expect both the driver and the passed-in
	vm object to be locked before executing.

2010-08-17  Eric Blake  <eblake@redhat.com>

	docs: mention domain <clock> improvements
	Add documentation for features added a while ago.

	* docs/formatdomain.html.in (Time keeping): Update documentation
	of <clock> element to match 0.8.0 addition.

2010-08-17  Stefan Berger  <stefanb@us.ibm.com>

	cygwin: build fix
	Fixing a problem in the build on cygwin due to missing #define's.

2010-08-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix copy&paste error in warning message
	This also makes the message consistent with the message used in error
	path of qemudDomainAttachHostPciDevice.

	qemu: Release PCI slot when detaching disk and net devices

2010-08-16  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Re-reserve all PCI addresses on libvirtd restart
	When reconnecting to existing VMs, we re-reserved only those PCI
	addresses which were explicitly mentioned in domain XML. Since some
	addresses are always reserved (e.g., 0:0:0 and 0:0:1), we need to handle
	those too.

	Also all this should only be done if device flag is supported by qemu.

2010-08-16  Jamie Strandboge  <jamie@canonical.com>

	build: fix AppArmor compilation
	* src/security/virt-aa-helper.c: Add missing include.

2010-08-16  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend nwfilter reload support
	In this patch I am extending and fixing the nwfilter module's reload support to stop all ongoing threads (for learning IP addresses of interfaces) and rebuild the filtering rules of all interfaces of all VMs when libvirt is started. Now libvirtd rebuilds the filters upon the SIGHUP signal and libvirtd restart.

	About the patch: The nwfilter functions require a virConnectPtr. Therefore I am opening a connection in qemudStartup, which later on needs to be closed outside where the driver lock is held since otherwise it ends up in a deadlock due to virConnectClose() trying to lock the driver as well.

	I have tested this now for a while with several machines running and needing the IP address learner thread(s). The rebuilding of the firewall rules seems to work fine following libvirtd restart or a SIGHUP. Also the termination of libvirtd worked fine.

2010-08-14  Eric Blake  <eblake@redhat.com>

	build: allow mingw VPATH build
	* .gnulib: Update to latest.
	Reported by Matthias Bolte.

2010-08-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Explicitly disable unused floppy devices
	floppy0.present defaults to true. Therefore, it needs to be
	explicitly set to false when the XML config doesn't specify the
	corresponding floppy device.

	Also update tests accordingly.

2010-08-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Generate libvirt_qemu.def from libvirt_qemu.syms for MinGW builds

2010-08-14  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	PHYP: Add rudimentary network driver
	I changed virStorage[Open|Close] to virVIOSDriver[Open|Close] so
	the network driver can use it - since the network driver deals
	with Open/Close in the same way.

2010-08-14  Soren Hansen  <soren@linux2go.dk>

	Make umlConnectTapDevice ask brAddTap for a persistent tap device.
	This patch does two things:

	 * It makes umlConnectTapDevice ask brAddTap for a persistent tap by
	   passing it a NULL tapfd argument.
	 * Stops umlConnectTapDevice from immediately dismantling the bridge
	   it just set up.

2010-08-14  Soren Hansen  <soren@linux2go.dk>

	Close fd's of persistent tap devices
	When passing a NULL tapfd argument to brAddTap, we need to close the fd
	of the tap device. If we don't, libvirt will keep the fd open
	indefinitely and renders the the guest unable to configure its side of
	the tap device.

	Make sure all command line arguments get passed to UML
	If umlBuildCommandLineChr fails (e.g. due to an unsupported chardev
	type), it returns NULL. umlBuildCommandLine does not check for this and
	sets this as an argument on the comand line, effectively ending the
	argument list. This patch checks for this case and sets the chardev to
	"none".

2010-08-13  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Discard class D,E IP addresses when sniffing pkts
	When sniffing the network traffic, discard class D and E IP addresses when sniffing traffic. This was a reason why filters were not correctly rebuilt on VMs on the local 192.* network when libvirt was restarted and those VMs did not use a DHCP request to get its IP address.

	nwfilter: serialize execution of scripts with ebtables cmds
	While testing the SIGHUP handling and reloading of the nwfilter driver, I found that when the filters are rebuilt and mutlipe threads handled the individual interfaces, concurrently running multiple external bash scripts causes strange failures even though the executed ebtables commands are working on different tables for different interfaces. I cannot say for sure where the concurrency problems are caused, but introducing this lock definitely helps.

2010-08-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	Only require XDR when building libvirtd or the remote driver

2010-08-13  Chris Lalancette  <clalance@redhat.com>

	Move the tunnelled migration unix socket to /var/lib/libvirt/qemu
	Since the qemu process is running as qemu:qemu, it can't actually
	look at the unix socket in /var/run/libvirt/qemu which is owned by
	root and has permission 700.  Move the unix socket to
	/var/lib/libvirt/qemu, which is already owned by qemu:qemu.

	Thanks to Justin Clift for test this out for me.

2010-08-13  Chris Lalancette  <clalance@redhat.com>

	Fix tunnelled migration with qemu running as qemu:qemu.
	The problem is that on the source of the migration, libvirtd
	is responsible for creating the unix socket over which the data
	will flow.  Since libvirtd is running as root, this file will
	be created as root.  When the qemu process running as qemu:qemu
	goes to access the unix file to write data to it, it will get
	permission denied and fail.  Make sure to change the owner
	of the unix file to qemu:qemu.

	Thanks to Justin Clift for testing this patch out for me.

2010-08-12  Stefan Berger  <stefanb@us.ibm.com>

	Fix valgrind complaints when using kill -SIGHUP on libvirtd
	This patch fixes a couple of complaints from valgrind when tickling libvirtd with SIGHUP.

	The first two files contain fixes for memory leaks. The 3rd one initializes an uninitialized variable. The 4th one is another memory leak.

2010-08-12  Daniel Veillard  <veillard@redhat.com>

	qemu: avoid calling the balloon info command if disabled
	 Basically a followup of the previous patch about balloon desactivation
	if desactivated, to not ask for balloon information to qemu as we will
	just get an error back.
	 This can make a huge difference in the time needed for domain
	information or list when a machine is loaded, and balloon has been
	desactivated in the guests.

	* src/qemu/qemu_driver.c: do not get the balloon info if the balloon
	  suppor is disabled

2010-08-12  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Add --dhcp-no-override option to dnsmasq
	--dhcp-no-override description from dnsmasq man page:

	      Disable  re-use  of  the  DHCP servername and filename fields as
	      extra option space. If it can, dnsmasq moves the boot server and
	      filename  information  (from  dhcp-boot)  out of their dedicated
	      fields into DHCP options. This make extra space available in the
	      DHCP  packet  for options but can, rarely, confuse old or broken
	      clients. This flag forces "simple and safe" behaviour  to  avoid
	      problems in such a case.

	It seems some virtual network card ROMs are this old/buggy so let's add
	--dhcp-no-override as a workaround for them. We don't use extra DHCP
	options so this should be safe. The option was added in dnsmasq-2.41,
	which becomes the minimum required version.

2010-08-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve VMX file name parsing and formatting
	For parsing try to match by datastore mount path first, if that
	fails fallback to /vmfs/volumes/<datastore>/<path> parsing. This
	also fixes problems with GSX on Windows. Because GSX on Windows
	doesn't use /vmfs/volumes/ style file names.

	For formatting use the datastore mount path too, instead of using
	/vmfs/volumes/<datastore>/<path> as fixed format.

2010-08-11  Jiri Denemark  <jdenemar@redhat.com>

	bridge: Fix potential segfault when preparing dnsmasq arguments
	We add --dhcp-lease-max=xxx argument when network->def->nranges > 0 but
	we only allocate space for in the opposite case :-) I guess we are lucky
	enough to miscount somewhere else so that we actually allocate more
	space than we need since no-one has hit this bug so far.

2010-08-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Split VMX code into a general and an ESX specific part
	Introduce esxVMX_Context containing functions pointers to
	glue both parts together in a generic way.

	Move the ESX specific part to esx_driver.c.

	This is a step towards making the VMX code reusable in a
	potential VMware Workstation and VMware Player driver.

2010-08-11  Daniel Veillard  <veillard@redhat.com>

	allow memballoon type of none to desactivate it
	  The balloon device is automatically added to qemu guests if supported,
	but it may be useful to desactivate it. The simplest to not change the
	existing behaviour is to allow
	  <memballoon type="none"/>
	as an extra option to desactivate it (it is automatically added if the
	memballoon construct is missing for the domain).
	The following simple patch just adds the extra option and does not
	change the default behaviour but avoid creating a balloon device if
	type="none" is used.

	* docs/schemas/domain.rng: add the extra type attribute value
	* src/conf/domain_conf.c src/conf/domain_conf.h: add the extra enum
	  value
	* src/qemu/qemu_conf.c: if enum is NONE, don't activate the device,
	  i.e. don't pass the args to qemu/kvm

2010-08-11  Jiri Denemark  <jdenemar@redhat.com>

	Avoid unnecessary bootstrap runs in VPATH builds

2010-08-11  Doug Goldstein  <cardoe@gentoo.org>

	Add a detailed message when tap device add fails
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

2010-08-11  Eric Blake  <eblake@redhat.com>

	nodeinfo: skip offline CPUs
	https://bugzilla.redhat.com/622515 - When hot-unplugging CPUs,
	libvirt failed to start a guest that had been pinned to CPUs that
	were still online.

	Tested on a dual-core laptop, where I also discovered that, per
	http://www.cyberciti.biz/files/linux-kernel/Documentation/cpu-hotplug.txt,
	/sys/devices/system/cpu/cpu0/online does not exist on systems where it
	cannot be hot-unplugged.

	* src/nodeinfo.c (linuxNodeInfoCPUPopulate): Ignore CPUs that are
	currently offline.  Detect readdir failure.
	(parse_socket): Move guts...
	(get_cpu_value): ...to new function, shared with...
	(cpu_online): New function.

2010-08-10  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Hack around asynchronous device_del
	device_del command is not synchronous for PCI devices, it merely asks
	the guest to release the device and returns. If the host wants to use
	that device before the guest actually releases it, we are in big
	trouble. To avoid this, we already added a loop which waits up to 10
	seconds until the device is actually released before we do anything else
	with that device. But we only added this loop for managed PCI devices
	before we try reattach them back to the host.

	However, we need to wait even for non-managed devices. We don't reattach
	them automatically, but we still want to prevent the host from using it.
	This was revealed thanks to sVirt: when we relabel sysfs files
	corresponding to the PCI device before the guest finished releasing the
	device, qemu is no longer allowed to access those files and if it wants
	(as a result of guest's request) to write anything to them, it just
	exits, which kills the guest.

	This is not a proper fix and needs some further work both on libvirt and
	qemu side in the future.

2010-08-10  Eric Blake  <eblake@redhat.com>

	maint: update an email address preference
	* AUTHORS (Soren Hansen): Update address.
	* .mailmap: Alias other addresses to new preference.

2010-08-10  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: only build the test programs during the check phase.
	This avoids building the tests when testing libvirt is not the aim.

2010-08-10  Soren Hansen  <soren@linux2go.dk>

	Add "ubd" to the list of disk prefixes
	virDiskNameToIndex has a list of disk name prefixes that it uses in the
	process of finding the disk's index. This list is missing "ubd" which
	is the disk prefix used for UML domains.

2010-08-10  Daniel Veillard  <veillard@redhat.com>

	Extend virSocketParseAddr() to allow a NULL result pointer
	That way it can be used to verify a numeric address without storing
	the details
	* src/util/network.c: change virSocketParseAddr to allow a null @addr
	  parameter

2010-08-10  Philipp Hahn  <hahn@univention.de>

	bootloader_args is named bootargs in xen-xm
	According to <xen-3.4.3/tools/python/xen/xm/create.py:158>
		gopts.var('bootargs', val='NAME',
				  fn=set_value, default=None,
				  use="Arguments to pass to boot loader")
	the "bootloader_args" parameter needs to be translated into "bootargs"
	when using "virsh domxml-to-native xen-xm".
	The reverse direction (domxml-from-native) is already okay.

	This patch fixes domxml-to-native and adds two test files to catch this
	problem.

2010-08-06  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: refactor phypListDomainsGeneric to eliminate buffer overflow
	src/phyp/phyp_driver.c:phypListDomainsGeneric was crashing due to a buffer
	overflow if any line returned from virRun wasn't <=10 characters.

	Since virStrToLong_i recognizes any non-numeric as a terminator (not
	just NULL), there actually is no need to copy the number into a
	separate string anyway, so this patch eliminates that copy, the fixed
	length buffer, and therefore the potential to overflow.

	This change also provided the oppurtunity to eliminate the character
	counting loop, instead using the return from virStrToLong_i to point
	past the end of the number, then simply skip the \n to get to the
	next.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: fix an incorrect keyword in updated hooks page

2010-08-06  Diego Elio Pettenò  <flameeyes@gmail.com>

	build-sys: fix build when daemon is disabled by not installing libvirtd.8
	Since the rule to build libvirtd.8 is within the WITH_LIBVIRTD conditional,
	so declare the man page in there as well. Without this change, build
	without daemon will fail.

2010-08-06  Justin Clift  <jclift@redhat.com>

	docs: significant expansion of custom hook script information

2010-08-06  Doug Goldstein  <cardoe@gentoo.org>

	Fix return value usage
	Fix the error checking to use the return value from brAddTap() instead
	of checking the current errno value which might have been changed by
	clean up calls inside of brAddTap().

	qemu: improve error if tun device is missing
	Added a more detailed error message when adding a tap devices fails and
	the kernel is missing tun support.

2010-08-04  Eric Blake  <eblake@redhat.com>

	build: rerun bootstrap if po/Makevars got nuked
	There has been a frequent complaint of:

	make[2]: Entering directory `/home/remote/eblake/libvirt/po'
	make[2]: *** No rule to make target `/config.status', needed by `Makefile'.  Stop.

	It happens after nuking and regenerating the po directory,
	which is a common action after running anything like
	'make dist' or 'make rpm' that dirties all the .po files.

	Teach autogen.sh that it must regenerate po/Makevars to avoid
	the missing variable declaration, and teach cfg.mk to recognize
	that a nuked po directory is cause to rerun autogen.sh.

	* cfg.mk (_update_required): Check for po/Makevars.
	* autogen.sh (bootstrap): Run bootstrap if it got lost.
	Diagnosed by Justin Clift.

2010-08-04  Daniel Veillard  <veillard@redhat.com>

	Do not use boot=on on IDE device
	the followup on the boot=on problem, basically it's not needed to
	specify it when booting out of IDE devices when using KVM
	* src/qemu/qemu_conf.c: do not use boot=on for IDE devices
	* tests/qemuxml2argvdata/qemuxml2argv*.args: this changes the output
	  for 5 of the tests

	Release of libvirt-0.8.3
	* configure.ac docs/news.html.in libvirt.spec.in: updates
	* po/*.po*: update and regenerated

2010-08-04  Jiri Denemark  <jdenemar@redhat.com>

	qemu: Fix PCI address allocation
	Patch version revamped by Eric Blake <eblake@redhat.com> of Jiri
	Denemark <jdenemar@redhat.com> original patch

	When attaching a PCI device which doesn't explicitly set its PCI
	address, libvirt allocates the address automatically. The problem is
	that when checking which PCI address is unused, we only check for those
	with slot number higher than the highest slot number ever used.

	Thus attaching/detaching such device several times in a row (31 is the
	theoretical limit, less then 30 tries are enough in practise) makes any
	further device attachment fail. Furthermore, attaching a device with
	predefined PCI address to 0:0:31 immediately forbids attachment of any
	PCI device without explicit address.

	This patch changes the logic so that we always check all PCI addresses
	before we say there is no PCI address available.

	Modifications from v1: revert back to remembering the last slot
	reserved, but allow wraparound to not be limited by the end.
	In this way, slots are still assigned in the same order as
	before the patch, rather than filling in the gaps closest to
	0 and risking making windows guests mad.

	* src/qemu/qemu_conf.c: fix pci reservation code to do a round-robbin
	  check of all available PCI splot availability before failing.

2010-08-04  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	OpenVZ: implement suspend/resume driver APIs
	* src/openvz/openvz_driver.c: implements openvzDomainSuspend and
	  openvzDomainResume

2010-08-03  Laine Stump  <laine@laine.org>

	Don't leak delay string when freeing virInterfaceBridgeDefs

	Fix build error in virsh.c
	Another gettext string with no format args sent to printf as a format string.

2010-08-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Set storage pool target path to host.mountInfo.path
	Now all storage pool types expose the target path.

2010-08-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make storage pool lookup by name and UUID more robust
	Don't rely on summary.url anymore, because its value is different
	between an esx:// and vpx:// connection. Use host.mountInfo.path
	instead.

	Don't fallback to lookup by UUID (actually lookup by absolute path)
	in esxVI_LookupDatastoreByName when lookup by name fails. Add a
	seperate function for this: esxVI_LookupDatastoreByAbsolutePath

2010-08-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Restrict vpx:// to handle a single host in a vCenter
	Now a vpx:// connection has an explicitly specified host. This
	allows to enabled several functions for a vpx:// connection
	again, like host UUID, hostname, general node info, max vCPU
	count, free memory, migration and defining new domains.

	Lookup datacenter, compute resource, resource pool and host
	system once and cache them. This simplifies the rest of the
	code and reduces overall HTTP(S) traffic a bit.

	esx:// and vpx:// can be mixed freely for a migration.

	Ensure that migration source and destination refer to the
	same vCenter. Also directly encode the resource pool and
	host system object IDs into the migration URI in the prepare
	function. Then directly build managed object references in
	the perform function instead of re-looking up already known
	information.

2010-08-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Map some managed object types
	Datacenter, ComputeResource and HostSystem will be used for
	simplified handling and caching.

	esx: Parse the path of the URI
	The path will be used to specify the datacenter, compute resource
	and host system to be used with a vpx:// connection.

2010-08-02  Eric Blake  <eblake@redhat.com>

	qemu: don't lose error on setting monitor capabilities
	Spotted by clang.  Regression introduced in commit e72cc3c11d.

	* src/qemu/qemu_driver.c (qemuConnectMonitor): Don't lose error status.

2010-08-02  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning, for real this time
	* tools/virsh.c (vshParseArgv): Drop spurious argument to printf.

	Fix virsh error message when -d arg is not numeric

2010-08-02  Daniel Veillard  <veillard@redhat.com>

	Add Aurelien to AUTHORS

2010-08-02  Aurelien ROUGEMONT  <beorn@binaries.fr>

	Fix a couple of typo in iSCSI backend
	- a pure typo error and a wrong command referenced in an error message.

2010-08-02  Daniel Veillard  <veillard@redhat.com>

	Make virsh -d check its input
	it was using atoi direct without checking leading to confusion
	in case of flag error for example with -c

	* tools/virsh.c: vshParseArgv() use virStrToLong_i and remove the
	  unchecked atoi used to parse teh parameter

2010-08-02  Laine Stump  <laine@redhat.com>

	Add iptables rule to fixup DHCP response checksum.
	This patch attempts to take advantage of a newly added netfilter
	module to correct for a problem with some guest DHCP client
	implementations when used in conjunction with a DHCP server run on the
	host systems with packet checksum offloading enabled.

	The problem is that, when the guest uses a RAW socket to read the DHCP
	response packets, the checksum hasn't yet been fixed by the IP stack,
	so it is incorrect.

	The fix implemented here is to add a rule to the POSTROUTING chain of
	the mangle table in iptables that fixes up the checksum for packets on
	the virtual network's bridge that are destined for the bootpc port (ie
	"dhcpc", ie port 68) port on the guest.

	Only very new versions of iptables will have this support (it will be
	in the next upstream release), so a failure to add this rule only
	results in a warning message. The iptables patch is here:

	  http://patchwork.ozlabs.org/patch/58525/

	A corresponding kernel module patch is also required (the backend of
	the iptables patch) and that will be in the next release of the
	kernel.

2010-08-02  Chris Lalancette  <clalance@redhat.com>

	Fix the ACS checking in the PCI code.
	When trying to assign a PCI device to a guest, we have
	to check that all bridges upstream of that device support
	ACS.  That means that we have to find the parent bridge of
	the current device, check for ACS, then find the parent bridge
	of that device, check for ACS, etc.  As it currently stands,
	the code to do this iterates through all PCI devices on the
	system, looking for a device that has a range of busses that
	included the current device's bus.

	That check is not restrictive enough, though.  Depending on
	how we iterated through the list of PCI devices, we could first
	find the *topmost* bridge in the system; since it necessarily had
	a range of busses including the current device's bus, we
	would only ever check the topmost bridge, and not check
	any of the intermediate bridges.

	Note that this also caused a fairly serious bug in the
	secondary bus reset code, where we could erroneously
	find and reset the topmost bus instead of the inner bus.

	This patch changes pciGetParentDevice() so that it first
	checks if a bridge device's secondary bus exactly matches
	the bus of the device we are looking for.  If it does, we've
	found the correct parent bridge and we are done.  If it does not,
	then we check to see if this bridge device's busses *include* the
	bus of the device we care about.  If so, we mark this bridge device
	as best, and go on.  If we later find another bridge device whose
	busses include this device, but is more restrictive, then we
	free up the previous best and mark the new one as best.  This
	algorithm ensures that in the normal case we find the direct
	parent, but in the case that the parent bridge secondary bus
	is not exactly the same as the device, we still find the
	correct bridge.

	This patch was tested by me on a 4-port NIC with a
	bridge without ACS (where assignment failed), a 4-port
	NIC with a bridge with ACS (where assignment succeeded),
	and a 2-port NIC with no bridges (where assignment
	succeeded).

2010-08-02  Chris Lalancette  <clalance@redhat.com>

	Free up memballoon def.
	Forgetting to do this was causing a memory leak.

	Don't put a semicolon on the end of a VIR_ENUM_IMPL.

2010-08-02  Chris Lalancette  <clalance@redhat.com>

	Fix a bogus warning when parsing <hostdev>
	When parsing hostdev, the following message would be emitted:

	10:17:19.052: error : virDomainHostdevDefParseXML:3748 : internal error unknown node alias

	However, alias is appropriately parsed in
	virDomainDeviceInfoParseXML anyway.  Disable the error message
	in the initial XML parsing loop.

2010-08-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove duplicate </p> from downloads.html.in

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update ID after stopping a domain

2010-07-30  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	openvzDomainCreateWithFlags: set domain id to the correct value
	When an openvz domain is defined with virDomainDefineXML,
	domain id is set to -1. A call to virDomainGetInfo after
	starting the domain would then fail because this invalid
	id is passed to openvzGetProcessInfo.

2010-07-30  Eric Blake  <eblake@redhat.com>

	storage: kill dead stores
	Found by clang.  Clang complained that virStorageBackendProbeTarget
	could dereference NULL if backingStoreFormat was NULL, but since all
	callers passed a valid pointer, I added attributes instead of null
	checks.

	* src/storage/storage_backend.c
	(virStorageBackendQEMUImgBackingFormat): Kill dead store.
	* src/storage/storage_backend_fs.c (virStorageBackendProbeTarget):
	Likewise.  Skip null checks, by adding attributes.

2010-07-30  Eric Blake  <eblake@redhat.com>

	qemu: kill some dead stores
	Spotted by clang.

	* src/qemu/qemu_monitor.c (qemuMonitorClose): Kill dead store.
	* src/qemu/qemu_driver.c (qemudDomainSaveImageStartVM): Likewise.

2010-07-30  Eric Blake  <eblake@redhat.com>

	network: kill dead store
	* src/network/bridge_driver.c (networkDefine): Kill dead store.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Update ID after starting a domain

	esx: Update ID after starting a domain

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix DMI uuid parsing.
	valgrind was complaining that virUUIDParse was depending on
	an uninitialized value.  Indeed it was; virSetHostUUIDStr()
	didn't initialize the dmiuuid buffer to 0's, meaning that
	anything after the string read from /sys was uninitialized.
	Clear out the dmiuuid buffer before use, and make sure to
	always leave a \0 at the end.

2010-07-30  Daniel Veillard  <veillard@redhat.com>

	Do not activate boot=on on devices when not using KVM
	  Basically the 'boot=on' boot selection device is something present in
	KVM but not in upstream QEmu, as a result if we boot a QEmu domain
	without KVM acceleration we must disable boot=on ... even if the front
	end kvm binary expose that capability in the help page.

	* src/qemu/qemu_conf.c: in qemudBuildCommandLine if -no-kvm
	  is passed, then deactivate QEMUD_CMD_FLAG_DRIVE_BOOT

2010-07-30  Chris Lalancette  <clalance@redhat.com>

	Fix a memory leak in the qemudBuildCommandLine.
	ADD_ARG_LIT should only be used for literal arguments,
	since it duplicates the memory.  Since virBufferContentAndReset
	is already allocating memory, we should only use ADD_ARG.

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix freeing of heterogeneous lists
	Always call the free function of the base type. The base type
	function then dynamically dispatches the call to the free function
	for the actual type.

	esx: Switch from name to number checks in the subdrivers

2010-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve blocked task detection and fix race condition
	esxVI_WaitForTaskCompletion can take a UUID to lookup the
	corresponding domain and check if the current task for it
	is blocked by a question. It calls another function to do
	this: esxVI_LookupAndHandleVirtualMachineQuestion looks up
	the VirtualMachine and checks for a question. If there is
	a question it calls esxVI_HandleVirtualMachineQuestion to
	handle it.

	If there was no question or it has been answered the call
	to esxVI_LookupAndHandleVirtualMachineQuestion returns 0.
	If any error occurred during the lookup and answering
	process -1 is returned. The problem with this is, that -1
	is also returned when there was no error but the question
	could not be answered. So esxVI_WaitForTaskCompletion cannot
	distinguish between this two situations and reports that a
	question is blocking the task even when there was actually
	another problem.

	This inherent problem didn't surface until vSphere 4.1 when
	you try to define a new domain. The driver tries to lookup
	the domain that is just in the process of being registered.
	There seems to be some kind of race condition and the driver
	manages to issue a lookup command before the ESX server was
	able to register the domain. This used to work before.

	Due to the return value problem described above the driver
	reported a false error message in that case.

	To solve this esxVI_WaitForTaskCompletion now takes an
	additional occurrence parameter that describes whether or
	not to expect the domain to be existent. Also add a new
	parameter to esxVI_LookupAndHandleVirtualMachineQuestion
	that allows to distinguish if the call returned -1 because
	of an actual error or because the question could not be
	answered.

2010-07-29  Eric Blake  <eblake@redhat.com>

	esx: silence spurious compiler warning
	* src/esx/esx_vi_types.c (_DESERIALIZE_NUMBER)
	(ESX_VI__TEMPLATE__DESERIALIZE_NUMBER): Add range check to shut up
	gcc 4.5.0 regarding long long.

	build: distribute libvirt_qemu.syms
	* src/Makefile.am (EXTRA_DIST): Ensure 'make distcheck' and
	'rpmbuild' can reproduce a build.
	* daemon/Makefile.am (DAEMON_SOURCES): Likewise.

2010-07-29  Eric Blake  <eblake@redhat.com>

	build: restore operation of bit-rotted 'make cov'
	'./autobuild.sh' with lcov installed discovered that our
	coverage support has been bit-rotting for a while.  This
	restores it back to a successful state, although I have
	not yet spent any time looking through the resulting files to
	look for low-hanging fruit in the unit test coverage front.

	* configure.ac: Clear COMPILER_FLAGS at right place.
	* Makefile.am (cov): Newer genhtml no longer likes plain -s.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Don't AC_SUBST
	COMPILER_FLAGS; it is a shell variable for use in configure only.
	* src/Makefile.am (AM_CFLAGS, AM_LDFLAGS): New variables, to make
	it easier to provide global flag additions.  Use throughout, to
	uniformly apply coverage flags.
	* .gitignore: Globally ignore gcov output.
	* daemon/.gitignore: Simplify.
	* src/.gitignore: Likewise.
	* tests/.gitignore: Likewise.

2010-07-29  Eric Blake  <eblake@redhat.com>

	xen: fix logic bug
	The recent switch to enable -Wlogical-op paid off again.
	gcc 4.5.0 (rawhide) is smarter than 4.4.4 (Fedora 13).

	* src/xen/xend_internal.c (xenDaemonAttachDeviceFlags)
	(xenDaemonUpdateDeviceFlags, xenDaemonDetachDeviceFlags): Use
	correct operator.

2010-07-29  Eric Blake  <eblake@redhat.com>

	build: fix 'make syntax-check' failure
	src/lxc/veth.c:150:        VIR_DEBUG(_("Failed to delete '%s' (%d)"),
	src/lxc/veth.c:188:            VIR_DEBUG(_("Failed to disable '%s' (%d)"),
	maint.mk: do not mark these strings for translation

	* src/lxc/veth.c (vethDelete, vethInterfaceUpOrDown): Don't
	translate VIR_DEBUG.

2010-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix return values of veth.c functions
	Previously, the functions in src/lxc/veth.c could sometimes return
	positive values on failure rather than -1. This made accurate error
	reporting difficult, and led to one failure to catch an error in a
	calling function.

	This patch makes all the functions in veth.c consistently return 0 on
	success, and -1 on failure. It also fixes up the callers to the veth.c
	functions where necessary.

	Note that this patch may be related to the bug:

	  https://bugzilla.redhat.com/show_bug.cgi?id=607496.

	It will not fix the bug, but should unveil what happens.

	* po/POTFILES.in - add veth.c, which previously had no translatable strings
	* src/lxc/lxc_controller.c
	* src/lxc/lxc_container.c
	* src/lxc/lxc_driver.c    - fixup callers to veth.c, and remove error logs,
	                            as they are now done in veth.c
	* src/lxc/veth.c - make all functions consistently return -1 on error.
	* src/lxc/veth.h - use ATTRIBUTE_NONNULL to protect against NULL args.

2010-07-29  Laine Stump  <laine@redhat.com>

	Eliminate memory leak in xenUnifiedDomainInfoListFree
	This fixes a leak described in

	   https://bugzilla.redhat.com/show_bug.cgi?id=590073

	xenUnifiedDomainInfoList has a pointer to a list of pointers to
	xenUnifiedDomain. We were freeing up all the domains, but neglecting
	to free the list.

	This was found by Paolo Bonzini <pbonzini@redhat.com>.

2010-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix 'autostart' doesn't take effect actually
	lxcStartup forgot to call lxcAutostartConfigs. Fix it.

	This patch should fix https://bugzilla.redhat.com/show_bug.cgi?id=589863 .

2010-07-29  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix --with-xen-proxy related compile error
	Move virDomainChrTargetTypeToString out of the #ifndef PROXY
	block, because it's used outside of it.

2010-07-29  Chris Lalancette  <clalance@redhat.com>

	Fix a potential race in pciInitDevice.
	If detecting the FLR flag of a pci device fails, then we
	could run into the situation of trying to close a file
	descriptor twice, once in pciInitDevice() and once in pciFreeDevice().
	Fix that by removing the pciCloseConfig() in pciInitDevice() and
	just letting pciFreeDevice() handle it.

	Thanks to Chris Wright for pointing out this problem.

	While we are at it, fix an error check.  While it would actually
	work as-is (since success returns 0), it's still more clear to
	check for < 0 (as the rest of the code does).

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	qemu: virtio console support
	Enable specifying a virtio console device with:

	<console type='pty'>
	  <target type='virtio'/>
	</console>

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	domain conf: Track <console> target type
	All <console> devices now export a <target> type attribute. QEMU defaults
	to 'serial', UML defaults to 'uml, xen can be either 'serial' or 'xen'
	depending on fullvirt. Understandably there is lots of test fallout.

	This will be used to differentiate between a serial vs. virtio console for
	QEMU.

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	domain conf: char: Add an explicit targetType field
	targetType only tracks the actual <target> format we are parsing. Currently
	we only fill abide this value for channel devices.

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	domain conf: Rename character prop targetType -> deviceType
	There is actually a difference between the character device type (serial,
	parallel, channel, ...) and the target type (virtio, guestfwd). Currently
	they are awkwardly conflated.

	Start to pull them apart by renaming targetType -> deviceType. This is
	an entirely mechanical change.

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	docs: domain: Document virtio <channel>

2010-07-28  Cole Robinson  <crobinso@redhat.com>

	tests: Test qemuxml2xml when expected xml changes
	Add tests for auto memballon, implicit IDE, SCSI, virtio channel
	controllers, and console/serial back compat.

	Additionally, an explicit qemuxml2argvtest for scsi disks is added.

2010-07-28  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	fix handling of PORT_PROFILE_RESPONSE_INPROGRESS netlink message
	During function test of the 802.1Qbg implementation in lldpad we came
	across a small problem in the handling of the netlink message
	corresponding to PORT_PROFILE_RESPONSE_INPROGRESS. This should not
	result in returning the default rc=1.

	- src/util/macvtap.c: fix getPortProfileStatus() to return 0 in that
	  case and also fix an indentation problem

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: fix comment typos
	* src/network/bridge_driver.c
	(networkAddMasqueradingIptablesRules): Fix spelling and grammar.

2010-07-28  Chris Lalancette  <clalance@redhat.com>

	Fix up confusing indentation in qemudDomainAttachHostPciDevice.

2010-07-28  Eric Blake  <eblake@redhat.com>

	maint: turn on gcc logical-op checking
	This would have detected the bug in commit 38ad33931 (Aug 09), which
	we missed until commit f828ca35 (Jul 10); over 11 months later.

	However, on Fedora 13, it also triggers LOTS of warnings from
	the libcurl-devel header for two files:

	esx/esx_vi.c: In function 'esxVI_CURL_Perform':
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	esx/esx_vi.c:232: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...
	xenapi/xenapi_driver.c: In function 'call_func':
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	xenapi/xenapi_driver.c:1872: error: logical '&&' with non-zero constant will always evaluate as true [-Wlogical-op]
	...

	libcurl allows to disable the type-checking code that triggers those
	warnings, along with the reduction in type-safety of calls to some
	libcurl functions. I figure this is worth the improved compiler
	checking throughout the rest of libvirt.

	* acinclude.m4 (--enable-compile-warnings=error): Add -Wlogical-op.
	* configure.ac: Add -DCURL_DISABLE_TYPECHECK to LIBCURL_CFLAGS to
	avoid compilation warning.

	Suggested by Daniel P. Berrange.
	Tweaked by Matthias Bolte.

2010-07-28  Eric Blake  <eblake@redhat.com>

	libvirt-guests: add reload, condrestart
	Optional per LSB, but required by Fedora:
	https://fedoraproject.org/wiki/Packaging/SysVInitScript

	* daemon/libvirt-guests.init.in (main): Add more required
	commands.

2010-07-28  Eric Blake  <eblake@redhat.com>

	libvirt-guests: enhance status
	LSB and https://fedoraproject.org/wiki/Packaging/SysVInitScript
	require status to output something useful, rather than just use
	the exit code.

	* daemon/libvirt-guests.init.in (rh_status): Break into new routine,
	and provide output.
	(usage): Document status.

2010-07-28  Eric Blake  <eblake@redhat.com>

	libvirt-guests: detect invalid arguments
	Reject extra arguments.
	Return the correct status for unknown arguments, as mandated by
	https://fedoraproject.org/wiki/Packaging/SysVInitScript
	Add --help, as a permitted extension.

	* daemon/libvirt-guests.init.in (usage): New function.  Use it in
	more places, and return correct value.

2010-07-28  Daniel P. Berrange  <berrange@redhat.com>

	Invert logic for checking for QEMU disk cache options
	QEMU has had two different syntax for disk cache options

	 Old: on|off
	 New: writeback|writethrough|none

	QEMU recently added another 'unsafe' option which broke the
	libvirt check. We can avoid this & future breakage, if we
	do a negative check for the old syntax, instead of a positive
	check for the new syntax

	* src/qemu/qemu_conf.c: Invert cache option check

2010-07-27  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow setting boot menu on/off
	Add a new element to the <os> block:

	  <bootmenu enable="yes|no"/>

	Which maps to -boot,menu=on|off on the QEMU command line.

	I decided to use an explicit 'enable' attribute rather than just make the
	bootmenu element boolean. This allows us to treat lack of a bootmenu element
	as 'use hypervisor default'.

2010-07-27  Cole Robinson  <crobinso@redhat.com>

	docs: Link wiki FAQ to main page
	Since DV recommended keeping the build instructions distributed with the
	source, move them from the old FAQ to the downloads page.

	qemu: Error on unsupported graphics config
	Throw an explicit error if multiple graphics devices are specified, or
	an unsupported type is specified (rdp).

2010-07-27  Jiri Denemark  <jdenemar@redhat.com>

	libvirt-guests: Don't throw errors if libvirtd is not installed
	When only client parts of libvirt are installed (i.e., no libvirtd
	daemon), libvirt-guests init script in its default configuration would
	throw seriously looking errors during host shutdown:

	Running guests on default URI: error: unable to connect to
	'/var/run/libvirt/libvirt-sock', libvirtd may need to be started: No
	such file or directory
	error: failed to connect to the hypervisor

	This patch changes the script to print rather harmless message in that
	situation:

	Running guests on default URI: libvirtd not installed; skipping this
	URI.

2010-07-26  Chris Lalancette  <clalance@redhat.com>

	Force FLR on for buggy SR-IOV devices.
	Some buggy PCI devices actually support FLR, but
	forget to advertise that fact in their PCI config space.
	However, Virtual Functions on SR-IOV devices are
	*required* to support FLR by the spec, so force has_flr
	on if this is a virtual function.

2010-07-26  Eric Blake  <eblake@redhat.com>

	build: fix VPATH builds
	After the recent libvirt-qemu library addition, VPATH builds fail with:

	  CC     libvirt_qemu_la-libvirt-qemu.lo
	In file included from ../../src/libvirt-qemu.c:29:
	../../include/libvirt/libvirt-qemu.h:17:22: error: libvirt.h: No such file or directory
	...
	  CCLD   libvirt-qmeu.la
	/usr/bin/ld: cannot open linker script file libvirt_qemu.syms: No such file or directory

	This fixes both issues (there are still some documentation VPATH issues,
	but those don't show up with 'make check').

	* configure.ac (LIBVIRT_QEMU_SYMBOL_FILE): While libvirt.syms is
	generated and lives in $(builddir), libvirt_qemu.syms is static
	and lives in $(srcdir).
	* include/libvirt/libvirt-qemu.h (includes): Pull in libvirt.h via
	the public location, since this is a public header.

2010-07-26  Chris Wright  <chrisw@redhat.com>

	pciResetDevice: use inactive devices to determine safe reset
	When doing a PCI secondary bus reset, we must be sure that there are no
	active devices on the same bus segment.  The active device tracking is
	designed to only track host devices that are active in use by guests.
	This ignores host devices that are actively in use by the host.  So the
	current logic will reset host devices.

	Switch this logic around and allow sbus reset when we are assigning all
	devices behind a bridge to the same guest at guest startup or as a result
	of a single attach-device command.

	* src/util/pci.h: change signature of pciResetDevice to add an
	  inactive devices list
	* src/qemu/qemu_driver.c src/xen/xen_driver.c: use (or not) the new
	  functionality of pciResetDevice() depending on the place of use
	* src/util/pci.c: implement the interface and logic changes

2010-07-26  Chris Wright  <chrisw@redhat.com>

	qemudDomainAttachHostPciDevice refactor to use new helpers
	- src/qemu/qemu_driver.c: Eliminate code duplication by using the new
	  helpers qemuPrepareHostdevPCIDevices and qemuDomainReAttachHostdevDevices.
	  This reduces the number of open coded calls to pciResetDevice.

	Add helpers qemuPrepareHostdevPCIDevice and qemuDomainReAttachHostdevDevices
	- src/qemu/qemu_driver.c: These new helpers take hostdev list and count
	  directly rather than getting them indirectly from domain definition.
	  This will allow reuse for the attach-device case.

	qemuGetPciHostDeviceList take hostdev list directly
	- src/qemu/qemu_driver.c: Update qemuGetPciHostDeviceList to take a
	  hostdev list and count directly, rather than getting this indirectly
	  from domain definition. This will allow reuse for the attach-device case.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Support vSphere 4.1
	Also accept version > 4.1, but output a warning.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add vpx:// scheme to allow direct connection to a vCenter
	Add a pointer to the primary context of a connection and use it in all
	driver functions that don't dependent on the context type. This includes
	almost all functions that deal with a virDomianPtr. Therefore, using
	a vpx:// connection allows you to perform all the usual domain related
	actions like start, destroy, suspend, resume, dumpxml etc.

	Some functions that require an explicitly specified ESX server don't work
	yet. This includes the host UUID, the hostname, the general node info, the
	max vCPU count and the free memory. Also not working yet are migration and
	defining new domains.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't ignore the vcenter query parameter
	Since 070f61002f47b602c15d1e4950a122ac9edefe1b the vcenter query
	parameter has been ignored, because the refactoring to use
	esxUtil_ParseQuery was incomplete. This effectively broke migration,
	because the vcenter query parameter is essential for a migration.

	esx: Add autodetection for the SCSI controller model
	This works for file-backed SCSI disk device with a datastore
	related source path.

	esx: Allow 'vmpvscsi' as SCSI controller model

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	secaatest: Fix compilation
	Since 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 virSecurityDriverStartup
	takes and additional parameter to control disk format probing.

	Pass false as third parameter.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper-test: Fix failure due to the new disk format probing option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the disk format
	probing option. This makes virt-aa-helper-test fail because the domain
	config didn't specifiy the disk format and it didn't pass '-p 1' to
	virt-aa-helper to allow disk format probing.

	Specify the disk format in the domain config. Pass the '-p 1' option
	to virt-aa-helper for the test case with two disks. This way this test
	also covers this new option.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Make getopt accept the p option
	Commit 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 added the
	p option to control disk format probing, but it wasn't added
	to the getopt_long optstring parameter.

	Add the p option to the getopt_long optstring parameter.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Fix return value of add_file_path
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 added this
	function and wrapped vah_add_file in it. vah_add_file may
	return -1, 0, 1. It returns 1 in case the call to valid_path
	detects a restricted file. The original code treated a return
	value != 0 as error. The refactored code treats a return
	value < 0 as error. This triggers segfault in virt-aa-helper
	and breaks virt-aa-helper-test for the restricted file tests.

	Make sure that add_file_path returns -1 on error.

2010-07-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	virt-aa-helper: Ignore open errors again
	virt-aa-helper used to ignore errors when opening files.
	Commit a8853344994a7c6aaca882a5e949ab5536821ab5 refactored
	the related code and changed this behavior. virt-aa-helper
	didn't ignore open errors anymore and virt-aa-helper-test
	fails.

	Make sure that virt-aa-helper ignores open errors again.

2010-07-24  Eric Blake  <eblake@redhat.com>

	qemu-api: avoid build failure
	* src/remote_protocol-structs: Tweak to match intentional type
	change (with no ABI change) in remote protocol.

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Add tests for the new Qemu namespace XML.
	Thanks to DV for knocking together the Relax-NG changes
	quickly for me.

	Changes since v1:
	 - Change the domain.rng to correspond to the new schema
	 - Don't allocate caps->ns in testQemuCapsInit since it is a static table

	Changes since v2:
	 - Change domain.rng to add restrictions on allowed environment names

	Changes since v3:
	 - Remove a bogus comment in the tests

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Qemu remote protocol.
	Since we are adding a new "per-hypervisor" protocol, we
	make it so that the qemu remote protocol uses a new
	PROTOCOL and PROGRAM number.  This allows us to easily
	distinguish it from the normal REMOTE protocol.

	This necessitates changing the proc in remote_message_header
	from a "remote_procedure" to an "unsigned", which should
	be the same size (and thus preserve the on-wire protocol).

	Changes since v1:
	 - Fixed up a couple of script problems in remote_generate_stubs.pl
	 - Switch an int flag to a bool in dispatch.c

	Changes since v2:
	 - None

	Changes since v3:
	 - Change unsigned proc to signed proc, to conform to spec

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Qemu arbitrary monitor commands.
	Implement the qemu driver's virDomainQemuMonitorCommand
	and hook it into the API entry point.

	Changes since v1:
	 - Rename the (external) qemuMonitorCommand to qemuDomainMonitorCommand
	 - Add virCheckFlags to qemuDomainMonitorCommand

	Changes since v2:
	 - Drop ATTRIBUTE_UNUSED from the flags

	Changes since v3:
	 - Add a flag to priv so we only print out monitor command warning once.  Note
	   that this has not been plumbed into qemuDomainObjPrivateXMLFormat or
	   qemuDomainObjPrivateXMLParse, which means that if you run a monitor command,
	   restart libvirtd, and then run another monitor command, you may get an
	   an erroneous VIR_INFO.  It's a pretty minor matter, and I didn't think it
	   warranted the additional code.
	 - Add BeginJob/EndJob calls around EnterMonitor/ExitMonitor

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Qemu Monitor API entry point.
	Add the library entry point for the new virDomainQemuMonitorCommand()
	entry point.  Because this is not part of the "normal" libvirt API,
	it gets its own header file, library file, and will eventually
	get its own over-the-wire protocol later in the series.

	Changes since v1:
	 - Go back to using the virDriver table for qemuDomainMonitorCommand, due to
	   linking issues
	 - Added versioning information to the libvirt-qemu.so

	Changes since v2:
	 - None

	Changes since v3:
	 - Add LGPL header to libvirt-qemu.c
	 - Make virLibConnError and virLibDomainError macros instead of function calls

	Changes since v4:
	 - Move exported symbols to libvirt_qemu.syms

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Handle arbitrary qemu command-lines in qemuParseCommandLine.
	Now that we have the ability to specify arbitrary qemu
	command-line parameters in the XML, use it to handle unknown
	command-line parameters when doing a native-to-xml conversion.

	Changes since v1:
	 - Rename num_extra to num_args
	 - Fix up a memory leak on an error path

	Changes since v2:
	 - Add a VIR_WARN when adding the argument via qemu:arg

	Changes since v3:
	 - None

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Qemu arbitrary command-line arguments.
	Implement the qemu hooks for XML namespace data.  This
	allows us to specify a qemu XML namespace, and then
	specify:

	<qemu:commandline>
	 <qemu:arg value='arg'/>
	 <qemu:env name='name' value='value'/>
	</qemu:commandline>

	In the domain XML.

	Changes since v1:
	 - Change the <qemu:arg>arg</qemu:arg> XML to <qemu:arg value='arg'/> XML
	 - Fix up some memory leaks in qemuDomainDefNamespaceParse
	 - Rename num_extra and extra to num_args and args, respectively
	 - Fixed up some error messages
	 - Make sure to escape user-provided data in qemuDomainDefNamespaceFormatXML

	Changes since v2:
	 - Add checking to ensure environment variable names are valid
	 - Invert the logic in qemuDomainDefNamespaceFormatXML to return early

	Changes since v3:
	 - Change strspn() to c_isalpha() check of first letter of environment variable

2010-07-23  Chris Lalancette  <clalance@redhat.com>

	Add namespace callback hooks to domain_conf.
	This patch adds namespace XML parsers to be hooked into
	the main domain parser.  This allows for individual hypervisor
	drivers to add per-namespace XML into the main domain XML.

	Changes since v1:
	 - Use a statically declared table for caps->ns, removing the need to
	   allocate/free it.

	Changes since v2:
	 - None

	Changes since v3:
	 - None

2010-07-23  Philipp Hahn  <hahn@univention.de>

	Fix SEGV on exit after domainEventDeregister()
	When the last callback is removed using domainEventDeregister(), the
	events dispatcher is deregistered from the C-library, but
	domainEventsCallbacks is still an empty list.
	On shutdown __del__() deregisters the dispatacher again, which SEGVs

		# You need the event-loop implementation from the Python examples;
		# give the file a name which is importable by Python.
		ln examples/domain-events/events-python/event-test.py eloop.py
		python -c 'from eloop import *
		import sys

		def dump(*args): print " ".join(map(str, args))

		virEventLoopPureStart()
		c = libvirt.open("xen:///")
		c.domainEventRegister(dump, None)
		c.domainEventDeregister(dump)
		sys.exit(0)'

	domainEventDeregister() needs to delete domainEventCallbacks so subsequent
	calls to __del__() and domainEventRegister() choose the right code paths.
	Setting it to None is not enough, since calling domainEventRegiser() again
	would trigger an TypeError.

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix .mailmap after accidental wrong committer address

2010-07-23  Chris Wright  <chrisw@redhat.com>

	pciSharesBusWithActive fails to find multiple devices on bus
	The first conditional is always true which means the iterator will
	never find another device on the same bus.

	    if (dev->domain != check->domain ||
	        dev->bus != check->bus ||
	  ----> (check->slot == check->slot &&
	         check->function == check->function)) <-----

	The goal of that check is to verify that the device is either:

	  in a different pci domain
	  on a different bus
	  is the same identical device

	This means libvirt may issue a secondary bus reset when there are
	devices
	on that bus that actively in use by the host or another guest.

	* src/util/pci.c: fix a bogus test in pciSharesBusWithActive()

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect use of private data in remote driver
	The remote driver is using the wrong privateData field in
	a couple of functions. THis is harmless for stateful
	drivers like QEMU/UML/LXC, but will crash with Xen

	* src/remote/remote_driver.c: Fix use of privateData field

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Set a stable & high MAC addr for guest TAP devices on host
	A Linux software bridge will assume the MAC address of the enslaved
	interface with the numerically lowest MAC addr. When the bridge
	changes MAC address there is a period of network blackout, so a
	change should be avoided. The kernel gives TAP devices a completely
	random MAC address. Occassionally the random TAP device MAC is lower
	than that of the physical interface (eth0, eth1etc) that is enslaved,
	causing the bridge to change its MAC.

	This change sets an explicit MAC address for all TAP devices created
	using the configured MAC from the XML, but with the high byte set
	to 0xFE. This should ensure TAP device MACs are higher than any
	physical interface MAC.

	* src/qemu/qemu_conf.c, src/uml/uml_conf.c: Pass in a MAC addr
	  for the TAP device with high byte set to 0xFE
	* src/util/bridge.c, src/util/bridge.h: Set a MAC when creating
	  the TAP device to override random MAC

2010-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix PCI address assignment if no IDE controller is present
	The PCI slot 1 must be reserved at all times, since PIIX3 is
	always present, even if no IDE device is in use for guest disks

	* src/qemu/qemu_conf.c: Always reserve slot 1 for PIIX3

2010-07-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: force kill of init process by sending SIGKILL if needed
	Init process may remain after sending SIGTERM for some reason.
	For example, if original init program is used, it is definitely
	not killed by SIGTERM.

	* src/lxc/lxc_controller.c: kill with SIGKILL if SIGTERM wasn't
	  sufficient

2010-07-21  Laine Stump  <laine@laine.org>

	Remove erroneous setting of return value to errno.
	One error exit in virStorageBackendCreateBlockFrom was setting the
	return value to errno. The convention for volume build functions is to
	return 0 on success or -1 on failure. Not only was it not necessary to
	set the return value (it defaults to -1, and is set to 0 when
	everything has been successfully completed), in the case that some
	caller were checking for < 0 rather than != 0, they would incorrectly
	believe that it completed successfully.

	Change virDirCreate to return -errno on failure.
	virDirCreate also previously returned 0 on success and errno on
	failure. This makes it fit the recommended convention of returning 0
	on success, -errno (ie a negative number) on failure.

	Make virStorageBackendCopyToFD return -errno.
	Previously virStorageBackendCopyToFD would simply return -1 on
	error. This made the error return from one of its callers inconsistent
	(createRawFileOpHook is supposed to return -errno, but if
	virStorageBackendCopyToFD failed, createRawFileOpHook would just
	return -1). Since there is a useful errno in every case of error
	return from virStorageBackendCopyToFD, and since the other uses of
	that function ignore the return code (beyond simply checking to see if
	it is < 0), this is a safe change.

2010-07-21  Laine Stump  <laine@laine.org>

	Change virFileOperation to return -errno (ie < 0) on error.
	virFileOperation previously returned 0 on success, or the value of
	errno on failure. Although there are other functions in libvirt that
	use this convention, the preferred (and more common) convention is to
	return 0 on success and -errno (or simply -1 in some cases) on
	failure. This way the check for failure is always (ret < 0).

	* src/util/util.c - change virFileOperation and virFileOperationNoFork to
	                    return -errno on failure.

	* src/storage/storage_backend.c, src/qemu/qemu_driver.c
	  - change the hook functions passed to virFileOperation to return
	    -errno on failure.

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Document the memory balloon device
	* formatdomain.html.in: Document <memballoon> element

2010-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Re-arrange PCI device address assignment to match QEMU's default
	To try and ensure that people upgrading from old QEMU get guests
	with the same PCI device ordering, change the way we assign addrs
	to match QEMU's default order. This should make Windows less
	annoyed.

	* src/qemu/qemu_conf.c: Follow QEMU's default PCI ordering
	  logic when assigning addresses
	* tests/*.args: Update for changed PCI addresses

2010-07-21  Daniel P. Berrange  <dan@berrange.com>

	Explicitly represent balloon device in XML and handle PCI address
	To allow compatibility with older QEMU PCI device slot assignment
	it is necessary to explicitly track the balloon device in the
	XML. This introduces a new device

	   <memballoon model='virtio|xen'/>

	It can also have a PCI address, auto-assigned if necessary.

	The memballoon will be automatically added to all Xen and QEMU
	guests by default.

	* docs/schemas/domain.rng: Add <memballoon> element
	* src/conf/domain_conf.c, src/conf/domain_conf.h: parsing
	  and formatting for memballoon device. Always add a memory
	  balloon device to Xen/QEMU if none exists in XML
	* src/libvirt_private.syms: Export memballoon model APIs
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Honour the
	  PCI device address in memory balloon device
	* tests/*: Update to test new functionality

2010-07-21  Daniel P. Berrange  <dan@berrange.com>

	Rearrange VGA/IDE controller address reservation
	The first VGA and IDE devices need to have fixed PCI address
	reservations. Currently this is handled inline with the other
	non-primary VGA/IDE devices. The fixed virtio balloon device
	at slot 3, ensures auto-assignment skips the slots 1/2. The
	virtio address will shortly become configurable though. This
	means the reservation of fixed slots needs to be done upfront
	to ensure that they don't get re-used for other devices.

	This is more or less reverting the previous changeset:

	  commit 83acdeaf173b2a1206b755c1ab317cac36facd90
	  Author: Daniel P. Berrange <berrange@redhat.com>
	  Date:   Wed Feb 3 16:11:29 2010 +0000

	  Fix restore of QEMU guests with PCI device reservation

	The difference is that this time, instead of unconditionally
	reserving the address, we only reserve the address if it was
	initially type=none. Addresses of type=pci were handled
	earlier in process by qemuDomainPCIAddressSetCreate(). This
	ensures restore step doesn't have problems

	* src/qemu/qemu_conf.c: Reserve first VGA + IDE address
	  upfront

2010-07-21  Daniel P. Berrange  <dan@berrange.com>

	Remove inappropriate use of VIR_ERR_NO_SUPPORT
	The VIR_ERR_NO_SUPPORT refers to an API which is not implemented.
	There is a separate VIR_ERR_CONFIG_UNSUPPORTED for XML config
	options that are not available with the current hypervisor.

	* src/qemu/qemu_conf.c, src/qemu/qemu_driver.c: Remove
	  many VIR_ERR_NO_SUPPORT replace with VIR_ERR_CONFIG_UNSUPPORTED

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Fix a NULL dereference in the case that the arg in question didn't exist.

2010-07-20  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus free of static strings
	Remove bogus free of statically allocated strings introduced
	in 03ca42046a54c5cfadb2e69194896abf06f6a10f

	* src/conf/capabilities.c: Don't free static strings for
	  default disk driver type/name

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Fix a deadlock in bi-directional p2p concurrent migration.
	If you try to execute two concurrent migrations p2p
	from A->B and B->A, the two libvirtd's will deadlock
	trying to perform the migrations.  The reason for this is
	that in p2p migration, the libvirtd's are responsible for
	making the RPC Prepare, Migrate, and Finish calls.  However,
	they are currently holding the driver lock while doing so,
	which basically guarantees deadlock in this scenario.

	This patch fixes the situation by adding
	qemuDomainObjEnterRemoteWithDriver and
	qemuDomainObjExitRemoteWithDriver helper methods.  The Enter
	take an additional object reference, then drops both the
	domain object lock and the driver lock.  The Exit takes
	both the driver and domain object lock, then drops the
	reference.  Adding calls to these Enter and Exit helpers
	around remote calls in the various migration methods
	seems to fix the problem for me in testing.

	This should make the situation safe. The additional domain
	object reference ensures that the domain object won't disappear
	while this operation is happening.  The BeginJob that is called
	inside of qemudDomainMigratePerform ensures that we can't execute a
	second migrate (or shutdown, or save, etc) job while the
	migration is active.  Finally, the additional check on the state
	of the vm after we reacquire the locks ensures that we can't
	be surprised by an external event (domain crash, etc).

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Make virsh setmaxmem balloon only when successful.
	After playing around with virsh setmaxmem for a bit,
	I ran into some surprising behavior; if a hypervisor does
	not support the virDomainSetMaxMemory() API, but the value
	specified for setmaxmem is less than the current amount
	of memory in the domain, the domain would be ballooned
	down *before* an error was reported.

	To make this more consistent, run virDomainSetMaxMemory()
	before trying to shrink; that way, if an error is thrown,
	no changes to the running domain are made.

2010-07-20  Chris Lalancette  <clalance@redhat.com>

	Use unsigned long in cmdSetmem.
	The virsh command "setmem" takes as input a number that
	should represent an unsigned long number of kilobytes.  Fix
	cmdSetmem to properly parse this as an unsigned long instead
	of an int.

2010-07-20  Laine Stump  <laine@laine.org>

	fsync new storage volumes even if new volume was copied.
	Originally the storage volume files were opened with O_DSYNC to make
	sure they were flushed to disk immediately. It turned out that this
	was extremely slow in some cases, so the O_DSYNC was removed in favor
	of just calling fsync() after all the data had been written. However,
	this call to fsync was inside the block that is executed to zero-fill
	the end of the volume file. In cases where the new volume is copied
	from an old volume, and they are the same length, this fsync would
	never take place.

	Now the fsync is *always* done, unless there is an error (in which
	case it isn't important, and is most likely inappropriate.

2010-07-20  Laine Stump  <laine@laine.org>

	Don't skip zero'ing end of volume file when inputvol is shorter than newvol
	A missing set of braces around an error condition caused us to skip
	zero'ing out the remainder of a new volume file if the new volume was
	longer than the original (the goto was supposed to be taken only in
	the case of error, but was always being taken).

2010-07-19  Chris Lalancette  <clalance@redhat.com>

	Always clear out the last_error in virshReportError.
	Otherwise you can get bogus "unknown error" printouts on
	subsequent commands.

	Fix up inconsistent virsh option error reporting.
	The virsh option error reporting was not being used
	consistently; some commands would spit out errors on
	missing required options while others would just silently fail.
	However, vshCommandOptString knows which ones are required
	and which ones aren't, so make it spit out an error where
	appropriate.  The rest of the patch is just cleaning up
	the uses of vshCommandOptString to deal with the new error
	reporting.

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Use the extract backing store format in storage volume lookup
	The storage volume lookup code was probing for the backing store
	format, instead of using the format extracted from the file
	itself. This meant it could report in accurate information. If
	a format is included in the file, then use that in preference,
	with probing as a fallback.

	* src/storage/storage_backend_fs.c: Use extracted backing store
	  format

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite qemu-img backing store format handling
	When creating qcow2 files with a backing store, it is important
	to set an explicit format to prevent QEMU probing. The storage
	backend was only doing this if it found a 'kvm-img' binary. This
	is wrong because plenty of kvm-img binaries don't support an
	explicit format, and plenty of 'qemu-img' binaries do support
	a format. The result was that most qcow2 files were not getting
	a backing store format.

	This patch runs 'qemu-img -h' to check for the two support
	argument formats

	  '-o backing_format=raw'
	  '-F raw'

	and use whichever option it finds

	* src/storage/storage_backend.c: Query binary to determine
	  how to set the backing store format

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add ability to set a default driver name/type when parsing disks
	Record a default driver name/type in capabilities struct. Use this
	when parsing disks if value is not set in XML config.

	* src/conf/capabilities.h: Record default driver name/type for disks
	* src/conf/domain_conf.c: Fallback to default driver name/type
	  when parsing disks
	* src/qemu/qemu_driver.c: Set default driver name/type to raw

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Disable all disk probing in QEMU driver & add config option to re-enable
	Disk format probing is now disabled by default. A new config
	option in /etc/qemu/qemu.conf will re-enable it for existing
	deployments where this causes trouble

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Pass security driver object into all security driver callbacks
	The implementation of security driver callbacks often needs
	to access the security driver object. Currently only a handful
	of callbacks include the driver object as a parameter. Later
	patches require this is many more places.

	* src/qemu/qemu_driver.c: Pass in the security driver object
	  to all callbacks
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_apparmor.c, src/security/security_driver.h,
	  src/security/security_selinux.c: Add a virSecurityDriverPtr
	  param to all security callbacks

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Convert all disk backing store loops to shared helper API
	Update the QEMU cgroups code, QEMU DAC security driver, SELinux
	and AppArmour security drivers over to use the shared helper API
	virDomainDiskDefForeachPath().

	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Convert over to use virDomainDiskDefForeachPath()

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Add an API for iterating over disk paths
	There is duplicated code which iterates over disk backing stores
	performing some action. Provide a convenient helper for doing
	this to eliminate duplication & risk of mistakes with disk format
	probing

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDiskDefForeachPath()

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Require format to be passed into virStorageFileGetMetadata
	Require the disk image to be passed into virStorageFileGetMetadata.
	If this is set to VIR_STORAGE_FILE_AUTO, then the format will be
	resolved using probing. This makes it easier to control when
	probing will be used

	* src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c,
	  src/security/security_selinux.c, src/security/virt-aa-helper.c:
	  Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata.
	* src/storage/storage_backend_fs.c: Probe for disk format before
	  calling virStorageFileGetMetadata.
	* src/util/storage_file.h, src/util/storage_file.c: Remove format
	  from virStorageFileMeta struct & require it to be passed into
	  method.

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Refactor virStorageFileGetMetadataFromFD to separate functionality
	The virStorageFileGetMetadataFromFD did two jobs in one. First
	it probed for storage type, then it extracted metadata for the
	type. It is desirable to be able to separate these jobs, allowing
	probing without querying metadata, and querying metadata without
	probing.

	To prepare for this, split out probing code into a new pair of
	methods

	  virStorageFileProbeFormatFromFD
	  virStorageFileProbeFormat

	* src/util/storage_file.c, src/util/storage_file.h,
	  src/libvirt_private.syms: Introduce virStorageFileProbeFormat
	  and virStorageFileProbeFormatFromFD

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove 'type' field from FileTypeInfo struct
	Instead of including a field in FileTypeInfo struct for the
	disk format, rely on the array index matching the format.
	Use verify() to assert the correct number of elements in the
	array.

	* src/util/storage_file.c: remove type field from FileTypeInfo

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	Extract the backing store format as well as name, if available
	When QEMU opens a backing store for a QCow2 file, it will
	normally auto-probe for the format of the backing store,
	rather than assuming it has the same format as the referencing
	file. There is a QCow2 extension that allows an explicit format
	for the backing store to be embedded in the referencing file.
	This closes the auto-probing security hole in QEMU.

	This backing store format can be useful for libvirt users
	of virStorageFileGetMetadata, so extract this data and report
	it.

	QEMU does not require disk image backing store files to be in
	the same format the file linkee. It will auto-probe the disk
	format for the backing store when opening it. If the backing
	store was intended to be a raw file this could be a security
	hole, because a guest may have written data into its disk that
	then makes the backing store look like a qcow2 file. If it can
	trick QEMU into thinking the raw file is a qcow2 file, it can
	access arbitrary files on the host by adding further backing
	store links.

	To address this, callers of virStorageFileGetMeta need to be
	told of the backing store format. If no format is declared,
	they can make a decision whether to allow format probing or
	not.

2010-07-19  Daniel P. Berrange  <berrange@redhat.com>

	CVE-2010-2242 Apply a source port mapping to virtual network masquerading
	IPtables will seek to preserve the source port unchanged when
	doing masquerading, if possible. NFS has a pseudo-security
	option where it checks for the source port <= 1023 before
	allowing a mount request. If an admin has used this to make the
	host OS trusted for mounts, the default iptables behaviour will
	potentially allow NAT'd guests access too. This needs to be
	stopped.

	With this change, the iptables -t nat -L -n -v rules for the
	default network will be

	Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
	 pkts bytes target     prot opt in     out     source               destination
	   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
	    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24

	* src/network/bridge_driver.c: Add masquerade rules for TCP
	  and UDP protocols
	* src/util/iptables.c, src/util/iptables.c: Add source port
	  mappings for TCP & UDP protocols when masquerading.

2010-07-16  Justin Clift  <jclift@redhat.com>

	man pages: update authors and copyright notice for libvirtd and virsh
	This patch removes the individual author names from the libvirtd and virsh
	man pages, instead referring to the main AUTHORS file distributed with
	libvirt.  This approach is needed, as we can't guarantee unicode support
	across all versions of pod2man used with libvirt.

	Additionally, this patch includes the libvirtd man page in the spec file
	used with "make rpm".  Without this patch "make rpm" is broken.

2010-07-16  Chris Lalancette  <clalance@redhat.com>

	Fix compile on i686.
	When printing out size_t, we need to use %zu to make sure it
	will continue to compile on both 32-bit and 64-bit platforms.

	Remove unused and bitrotting vshCommandOptStringList

	Remove error checking after using vshMalloc.
	vshMalloc and friends always exit() on allocation failure,
	so there is no reason to do checking for NULL in the code
	that uses it.

	Remove the "showerror" parameter from vshConnectionUsability.
	Nobody was using it anyway.

2010-07-15  David Allan  <dallan@redhat.com>

	RFC: Canonicalize block device paths
	There are many naming conventions for partitions associated with a
	block device.  Some of the major ones are:

	/dev/foo -> /dev/foo1
	/dev/foo1 -> /dev/foo1p1
	/dev/mapper/foo -> /dev/mapper/foop1
	/dev/disk/by-path/foo -> /dev/disk/by-path/foo-part1

	The universe of possible conventions isn't clear.  Rather than trying
	to understand all possible conventions, this patch divides devices
	into two groups, device mapper devices and everything else.  Device
	mapper devices seem always to follow the convention of device ->
	devicep1; everything else is canonicalized.

2010-07-15  Ryota Ozaki  <ozaki.ryota@gmail.com>

	daemon: dispatch.c should include stdio.h (and stdarg.h)
	dispatch.c requires stdio.h (and stdarg.h), however, currently
	dispatch.c implicitly relys on rpc/xdr.h to include stdio.h.
	If rpc/xdr.h unxpectedly does not include stdio.h, the compilation
	of dispatch.c fails.

	This can happen, for example, when portablexdr is installed
	under /usr/local; because portablexdr's rpc/xdr.h does not
	include stdio.h and gcc looks up it not /usr/include/rpc/xdr.h.

	Note that stdarg.h is also included according to man va_start,
	although stdio.h seems including it anyway.

2010-07-14  Jim Meyering  <meyering@redhat.com>

	uml_driver: correct logic error in umlMonitorCommand
	* src/uml/uml_driver.c (umlMonitorCommand): Correct flaw that would
	cause unconditional "incomplete reply ..." failure, since "nbytes"
	was always 0 or 1.

	qemuConnectMonitor: fix a bug that would have masked SELinux failure
	* src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous
	parenthesization in two expressions.  Without this fix, failure
	to set or clear SELinux security context in the monitor would go
	undiagnosed.  Also correct a diagnostic and split some long lines.

2010-07-14  Cole Robinson  <crobinso@redhat.com>

	python: Fix IOErrorReasonCallback bindings
	A copy and paste error was causing us to dispatch the incorrect
	routine. Spotted by Dan Kenigsberg.

	.gitignore: Ignore generated libvirtd docs

2010-07-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_Deserialize dynamically dispatched
	This will be used to deserialize the response from a call
	to esxVI_SearchDatastore_Task properly.

	Add openauth example to demonstrate a custom auth callback

2010-07-13  Laine Stump  <laine@redhat.com>

	Eliminate compiler warning due to gettext string with no format args

2010-07-12  Justin Clift  <jclift@redhat.com>

	docs: fix so generated .html files are removed with make clean

2010-07-12  Jiri Denemark  <jdenemar@redhat.com>

	cpuCompare: Fix crash on unexpected CPU XML
	When comparing a CPU without <model> element, such as

	    <cpu>
	        <topology sockets='1' cores='1' threads='1'/>
	    </cpu>

	libvirt would happily crash without warning.

2010-07-12  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Fail when CPU type cannot be detected from XML
	When autodetecting whether XML describes guest or host CPU, the presence
	of <arch> element is checked. If it's present, we treat the XML as host
	CPU definition. Which is right, since guest CPU definitions do not
	contain <arch> element. However, if at the same time the root <cpu>
	element contains `match' attribute, we would silently ignore it and
	still treat the XML as host CPU. We should rather refuse such invalid
	XML.

	cpuCompare: Fix comparison of two host CPUs
	When a CPU to be compared with host CPU describes a host CPU instead of
	a guest CPU, the result is incorrect. This is because instead of
	treating additional features in host CPU description as required, they
	were treated as if they were mentioned with all possible policies at the
	same time.

	qemu: Use -nodefconfig when probing for CPU models
	In case qemu supports -nodefconfig, libvirt adds uses it when launching
	new guests. Since this option may affect CPU models supported by qemu,
	we need to use it when probing for available models.

2010-07-12  Jiri Denemark  <jdenemar@redhat.com>

	virsh: Fix man page syntax
	pod2man prints the following warning when generating virsh.1:

	    tools/virsh.pod:890: Unmatched =back

2010-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix potential crash in QEMU monitor JSON impl
	An indentation mistake meant that a check for return status
	was not properly performed in all cases. This could result
	in a crash on NULL pointer in a following line.

	* src/qemu/qemu_monitor_json.c: Fix check for return status
	  when processing JSON for blockstats

2010-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix build by removing unknown pod2man flag
	Some versions of pod2man do not support the -u flag, so this
	can't be used

	* daemon/Makefile.am: Remove -u flag from pod2man

2010-07-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure we return the callback ID in python events binding
	A missing return statement in the python binding meant that
	the callers could not get the callback ID, and thus not be
	able to unregister event callbacks

	* python/libvirt-override-virConnect.py: Add missing return
	  statement

2010-07-10  Justin Clift  <jclift@redhat.com>

	html docs: added firewall explanation page by daniel berrange

2010-07-09  Justin Clift  <jclift@redhat.com>

	libvirtd: add man page for libvirtd
	With gracious thanks to Chris Lalancette for helping knock the
	description section into shape.

	This addresses BZ #595350

	  https://bugzilla.redhat.com/show_bug.cgi?id=595350

2010-07-09  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to vol-list
	This patch adds a new --details option to the virsh vol-list
	command, making its output more useful when many luns are
	present.

	Addresses BZ # 605543

	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-07-09  Justin Clift  <jclift@redhat.com>

	authors: update my authors details

2010-07-08  Chris Lalancette  <clalance@redhat.com>

	Fix a compile error in the previous commit.

	Implement virsh managedsave-remove command.

2010-07-07  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add new models from qemu's target-x86_64.conf

2010-07-07  Jiri Denemark  <jdenemar@redhat.com>

	cpu: Add support for CPU vendor
	By specifying <vendor> element in CPU requirements a guest can be
	restricted to run only on CPUs by a given vendor. Host CPU vendor is
	also specified in capabilities XML.

	The vendor is checked when migrating a guest but it's not forced, i.e.,
	guests configured without <vendor> element can be freely migrated.

2010-07-07  Jiri Denemark  <jdenemar@redhat.com>

	cpuBaseline: Detect empty set of common features
	In case the set of CPUs has no features in common, report incompatible
	CPUs instead of returning the simplest CPU model with all features
	disabled.

	cpuBaseline: Don't mess with the CPU returned by arch driver
	All features in the baseline CPU definition were always created with
	policy='require' even though an arch driver returned them with different
	policy settings.

	Make html docs in non-srcdir build

2010-07-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.2
	- configure.ac docs/news.html.in libvirt.spec.in: updated
	- po/*/o* : updated or.po and regenerated

2010-07-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Let configure detect/set the XPCOMC directory
	This allows the user to give an explicit path to configure

	  ./configure --with-vbox=/path/to/virtualbox

	instead of having the VirtualBox driver probe a set of possible
	paths at runtime. If no explicit path is specified then configure
	probes the set of "known" paths.

	https://bugzilla.redhat.com/show_bug.cgi?id=609185

2010-07-02  Cole Robinson  <crobinso@redhat.com>

	udev: Parse PCI devices even if libpciaccess fails
	We only use libpciaccess for resolving device product/vendor. If
	initializing the library fails (say if using qemu:///session), don't
	warn so loudly, and carry on as usual.

	qemu: Improve some qemu.conf error reporting
	Log some info if we can't find a config file. Make parse failures
	fatal, and actually raise an error message.

	util: virExec: Dispatch all errors raised after fork
	Any error message raised after the process has forked needs
	to be followed by virDispatchError, otherwise we have no chance of
	ever seeing it. This was selectively done for hook functions in the past,
	but really applies to all post-fork errors.

2010-06-30  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix compilation broken on MinGW due to dirent->d_type
	As pointed out by Eric Blake, using dirent->d_type breaks
	compilation on MinGW. This patch addresses this by using
	'#if defined' as same as doing for virCgroupForDriver.

2010-06-30  Justin Clift  <justin@salasaga.org>

	html docs: add link to PHP bindings by Radek Hladik

2010-06-30  Eric Blake  <eblake@redhat.com>

	virsh: tweak help output for VSH_OT_DATA
	https://bugzilla.redhat.com/show_bug.cgi?id=609044 complained
	that 'virsh help pool-create-as' didn't document the shortcut
	that you can do 'virsh pool-create-as $name $type --target $target'
	rather than having to supply the four optional source- arguments
	in order to fill out the necessary positional arguments.

	This one-liner changes the help output to hopefully make this more obvious:

	  NAME
	    pool-create-as - create a pool from a set of args

	  SYNOPSIS
	    pool-create-as <name> [--print-xml] <type> [<source-host>] [<source-path>] [<source-dev>] [<source-name>] [<target>] [--source-format <string>]

	  DESCRIPTION
	    Create a pool.

	  OPTIONS
	    [--name] <string>  name of the pool
	    --print-xml      print XML document, but don't define/create
	    [--type] <string>  type of the pool
	    [--source-host] <string>  source-host for underlying storage
	    [--source-path] <string>  source path for underlying storage
	    [--source-dev] <string>  source device for underlying storage
	    [--source-name] <string>  source name for underlying storage
	    [--target] <string>  target for underlying storage
	    --source-format <string>  format for underlying storage

	* tools/virsh.c (vshCmddefHelp): Make it more obvious that data
	arguments may, but not must, be specified by option leaders.

2010-06-30  Daniel P. Berrange  <berrange@redhat.com>

	Avoid invoking the qemu monitor destroy callback if the constructor fails
	Some, but not all, codepaths in the qemuMonitorOpen() method
	would trigger the destroy callback. The caller does not expect
	this to be invoked if construction fails, only during normal
	release of the monitor. This resulted in a possible double-unref
	of the virDomainObjPtr, because the caller explicitly unrefs
	the virDomainObjPtr  if qemuMonitorOpen() fails

	* src/qemu/qemu_monitor.c: Don't invoke destroy callback from
	  qemuMonitorOpen() failure paths

2010-06-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Add missing errno == ENOENT check in virCgroupRemoveRecursively
	ENOENT happens normally when a subsystem is enabled with any other
	subsystems and the directory of the target group has already removed
	in a prior loop. In that case, the function should just return without
	leaving an error message.

	NB this is the same behavior as before introducing virCgroupRemoveRecursively.

2010-06-29  Chris Lalancette  <clalance@redhat.com>

	Fix crash when detaching devices from qemu domains.
	Make sure to *not* call qemuDomainPCIAddressReleaseAddr if
	QEMUD_CMD_FLAG_DEVICE is *not* set (for older qemu).  This
	prevents a crash when trying to do device detachment from
	a qemu guest.

	Check for active PCI devices when doing nodedevice operations.
	In the current libvirt PCI code, there is no checking whether
	a PCI device is in use by a guest when doing node device
	detach or reattach.  This causes problems when a device is
	assigned to a guest, and the administrator starts issuing
	nodedevice commands.  Make it so that we check the list
	of active devices when trying to detach/reattach, and only
	allow the operation if the device is not assigned to a guest.

2010-06-29  Justin Clift  <justin@salasaga.org>

	virsh: add new --details option to pool-list
	This patch adds a new --details option to the virsh pool-list
	command, making its output more useful to people who use virsh
	for significant lengths of time.

	Addresses BZ # 605543

	  https://bugzilla.redhat.com/show_bug.cgi?id=605543

2010-06-29  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: guarantee an absolute path
	https://bugzilla.redhat.com/show_bug.cgi?id=608092

	* src/util/util.c (virFileResolveLink): Use
	canonicalize_file_name, rather than areadlink.

2010-06-29  Eric Blake  <eblake@redhat.com>

	phyp: don't steal storage management from other drivers
	Fix regression introduced in commit a4a287242 - basically, the
	phyp storage driver should only accept the same URIs that the
	main phyp driver is willing to accept.  Blindly accepting all
	URIs meant that the phyp storage driver was being consulted for
	'virsh -c qemu:///session pool-list --all', rather than the
	qemu storage driver, then since the URI was not for phyp, attempts
	to then use the phyp driver crashed because it was not initialized.

	* src/phyp/phyp_driver.c (phypStorageOpen): Only accept connections
	already open to a phyp driver.

2010-06-29  Laine Stump  <laine@redhat.com>

	Avoid calling virStorageFileIsSharedFS with NULL
	This code was just recently added (by me) and didn't account for the
	fact that stdin_path is sometimes NULL. If it's NULL, and
	SetSecurityAllLabel fails, a segfault would result.

2010-06-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix virsh console doesn't work after restarting libvirtd
	Because tty path is unexpectedly not saved in the live configuration
	file of a domain, libvirtd cannot get the console of the domain back
	after restarting.

	The reason why the tty path isn't saved is that, to save the tty path,
	the save function, virDomainSaveConfig, requires that the target domain
	is running (pid != -1), however, lxc driver calls the function before
	starting the domain to pass the configuration to controller.

	To ensure to save the tty path, the patch lets lxc driver call the save
	function again after starting the domain.

2010-06-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix error handlings in lxcContainerRenameAndEnableInterfaces
	The function is expected to return negative value on failure,
	however, it returns positive value when either setInterfaceName
	or vethInterfaceUpOrDown fails. Because the function returns
	the return value of either as is, however, the two functions
	may return positive value on failure.

	The patch fixes the defects and add error messages.

2010-06-28  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Change VIR_ERROR to VIR_DEBUG for just a debugging message
	The message is actually not of error but of debugging.
	02:22:56.091: error : lxcControllerMain:316 : monitor=3 client=4 appPty=19 contPty=7

2010-06-28  Laine Stump  <laine@laine.org>

	Selectively ignore domainSetSecurityAllLabel failure in domain restore
	When the saved domain image is on an NFS share, at least some part of
	domainSetSecurityAllLabel will fail (for example, selinux labels can't
	be modified). To allow domain restore to still work in this case, just
	ignore the errors.

	use virStorageFileIsSharedFS utility function in qemudDomainSaveFlag
	Previously, this function had it's own bit of code performing the same
	function. Since there's now an equivalent utility function, let's use it.

2010-06-28  Laine Stump  <laine@laine.org>

	Enhance virStorageFileIsSharedFS
	virStorageFileIsSharedFS would previously only work if the entire path
	in question was stat'able by the uid of the libvirtd process. This
	patch changes it to crawl backwards up the path retrying the statfs
	call until it gets to a partial path that *can* be stat'ed.

	This is necessary to use the function to learn the fstype for files
	stored as a different user (and readable only by that user) on a
	root-squashed remote filesystem.

2010-06-28  Laine Stump  <laine@laine.org>

	Set proper selinux label on image file during qemu domain restore
	Also restore the label to its original value after qemu is finished
	with the file.

	Prior to this patch, qemu domain restore did not function properly if
	selinux was set to enforce.

2010-06-26  Eric Blake  <eblake@redhat.com>

	build: fix regression with libvirt-api.xml generation
	(EXTRA_DIST): Remove redundant listing of xml files.
	(html/%-%.html, html/%-virterror.html, %-api.xml, %-refs.xml):
	Rewrite with...
	(python_generated_files): ...new macro, since make didn't see
	through the dependency chain correctly otherwise.

2010-06-26  Chris Lalancette  <clalance@redhat.com>

	Fix a reference leak for node devices.
	There were some major, and some minor bugs having to do with
	the reference counting of node devices in daemon/remote.c.

	Some functions were completely failing to unreference node devices;
	this would lead to many open file descriptors, which would eventually
	fail.

	The minor bugs were along the same lines, but were in rarely
	used error paths.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Don't squash file permissions when migration fails
	If an active migration operation fails, or is cancelled by the
	admin, the QEMU on the destination is shutdown and the one on
	the source continues running. It is important in shutting down
	the QEMU on the destination, the security drivers don't reset
	the file labelling/permissions.

	* src/qemu/qemu_driver.c: Don't reset labelling/permissions
	  on migration abort

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: optimize use of sed
	Minor speedups by using the full power of sed.

	* src/phyp/phyp_driver.c (phypGetVIOSFreeSCSIAdapter)
	(phypDiskType, phypListDefinedDomains): Use fewer processes, by
	folding other work into sed.
	(phypGetVIOSPartitionID): Likewise.  Also avoid non-portable use
	of 'sed -s'.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: add storage management driver
	Add the storage management driver to the Power Hypervisor driver.
	This is a big but simple patch, it's just a new set of functions.

	This patch includes:
	 * Storage driver: The set of pool-* and vol-* functions.
	 * attach-disk function.
	 * Support for IVM on the new functions.

2010-06-25  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: add rudimentary storage driver
	* src/phyp/phyp_driver.c (phypStorageDriver): New driver.
	(phypStorageOpen, phypStorageClose): New functions.
	(phypRegister): Register it.

2010-06-25  Eric Blake  <eblake@redhat.com>

	phyp: reduce scope of driver functions
	Several phyp functions are not namespace clean, and had no reason
	to be exported since no one outside the phyp driver needed to use
	them.  Rather than do lots of forward declarations, I was able
	to topologically sort the file.  So, this patch looks huge, but
	is really just a matter of marking things static and dealing with
	the compiler fallout.

	* src/phyp/phyp_driver.h (PHYP_DRIVER_H): Add include guard.
	(phypCheckSPFreeSapce): Delete unused declaration.
	(phypGetSystemType, phypGetVIOSPartitionID, phypCapsInit)
	(phypBuildLpar, phypUUIDTable_WriteFile, phypUUIDTable_ReadFile)
	(phypUUIDTable_AddLpar, phypUUIDTable_RemLpar, phypUUIDTable_Pull)
	(phypUUIDTable_Push, phypUUIDTable_Init, phypUUIDTable_Free)
	(escape_specialcharacters, waitsocket, phypGetLparUUID)
	(phypGetLparMem, phypGetLparCPU, phypGetLparCPUGeneric)
	(phypGetRemoteSlot, phypGetBackingDevice, phypDiskType)
	(openSSHSession): Move declarations to phyp_driver.c and make static.
	* src/phyp/phyp_driver.c: Rearrange file contents to provide
	topological sorting of newly-static funtions (no semantic changes
	other than reduced scope).
	(phypGetBackingDevice, phypDiskType): Mark unused, for now.

2010-06-25  Eric Blake  <eblake@redhat.com>

	maint: add gnulib gettimeofday module
	* bootstrap.conf (gnulib_modules): Add gettimeofday.

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix test case failure due to missing -nodefconfig
	The previous change which split -nodefconfig probing off
	from -device broke the test case because it missed adding
	the QEMUD_CMD_FLAG_NODEFCONFIG to the test

	* src/util/bridge.c: Set QEMUD_CMD_FLAG_NODEFCONFIG for all
	  configs with QEMUD_CMD_FLAG_DEVICE set

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix migration in text mode and shared storage migration in json mode
	The patches for shared storage migration were not correctly written
	for json mode. Thus the 'blk' and 'inc' parameters were never being
	set. In addition they didn't set the QEMU_MONITOR_MIGRATE_BACKGROUND
	so migration was synchronous. Due to multiple bugs in QEMU's JSON
	impl this wasn't noticed because it treated the sync migration requst
	as asynchronous anyway. Finally 'background' parameter was converted
	to take arbitrary flags but not renamed, and not all uses were changed
	to unsigned int.

	* src/qemu/qemu_driver.c: Set QEMU_MONITOR_MIGRATE_BACKGROUND in
	  doNativeMigrate
	* src/qemu/qemu_monitor_json.c: Process QEMU_MONITOR_MIGRATE_NON_SHARED_DISK
	  and QEMU_MONITOR_MIGRATE_NON_SHARED_INC flags
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: change 'int background' to
	  'unsigned int flags' in migration APIs. Add logging of flags
	  parameter

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Avoid blocking all APIs during incoming migration
	During incoming migration the QEMU monitor is not able to be
	used. The incoming migration code did not keep hold of the
	job lock because migration is split across multiple API calls.
	This meant that further monitor commands on the guest would
	hang until migration finished with no timeout.

	In this change the qemuDomainMigratePrepare method sets the
	job flag just before it returns. The qemuDomainMigrateFinish
	method checks for this job flag & clears it once done. This
	prevents any use of the monitor between prepare+finish steps.

	The qemuDomainGetJobInfo method is also updated to refresh
	the job elapsed time. This means that virsh domjobinfo can
	return time data during incoming migration

	* src/qemu/qemu_driver.c: Keep a job active during incoming
	  migration. Refresh job elapsed time when returning job info

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Set labelling for character devices in security drivers
	When configuring serial, parallel, console or channel devices
	with a file, dev or pipe backend type, it is necessary to label
	the file path in the security drivers. For char devices of type
	file, it is neccessary to pre-create (touch) the file if it does
	not already exist since QEMU won't be allowed todo so itself.
	dev/pipe configs already require the admin to pre-create before
	starting the guest.

	* src/qemu/qemu_security_dac.c: set file ownership for character
	  devices
	* src/security/security_selinux.c: Set file labeling for character
	  devices
	* src/qemu/qemu_driver.c: Add character devices to cgroup ACL

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add API for iterating over all character devices
	The parallel, serial, console and channel devices are all just
	character devices. A lot of code needs todo the same thing to
	all these devices. This provides an convenient API for iterating
	over all of them.

	* src/conf/domain_conf.c, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainChrDefForeach

2010-06-25  Daniel P. Berrange  <berrange@redhat.com>

	Add missing parameter in python Disk IO error callback
	The IO error callback was forgetting to pass the action
	parameter, causing a stack trace when IO errors arrive

	* python/libvirt-override-virConnect.py: Add missing action
	  parameter in IO error callback

2010-06-25  Laine Stump  <laine@laine.org>

	Check for presence of qemu -nodefconfig option before using it
	We previously assumed that if the -device option existed in qemu, that
	-nodefconfig would also exist. It turns out that isn't the case, as
	demonstrated by qemu-kvm-0.12.3 in Fedora 13.

	*/src/qemu/qemu_conf.[hc] - add a new QEMUD_CMD_FLAG, set it via the
	                            help output, and check it before adding
	                            -nodefconfig to the qemu commandline.

2010-06-24  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Adding Storage Management driver (style and indentation)
	This is just the indentation, style  and cleanup patch.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Use bool instead of int where appropriated

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add support for the controller element
	Also don't abuse the disk driver name to specify the SCSI controller
	model anymore:

	  <driver name='buslogic'/>

	Use the newly added model attribute of the controller element for this:

	  <controller type='scsi' index='0' model='buslogic'/>

	The disk driver name approach is deprecated now, but still works for
	backward compatibility reasons.

	Update the documentation and tests accordingly.

	Fix usage of the words controller and id in the VMX handling code. Use
	controller, bus and unit properly.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add optional model attribute to the controller element
	This is a step towards controller support for the ESX driver.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add wide SCSI bus disk address generation support
	The domain XML parsing code autogenerates disk address and
	controller elements when they are not explicitly specified.
	The code assumes a narrow SCSI bus (7 units per bus). ESX
	uses a wide SCSI bus (16 units per bus).

	This is a step towards controller support for the ESX driver.

2010-06-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup some LIBADD and CFLAGS
	Move libnl to libvirt_util.la, because macvtap.c requires it.

	Add GnuTLS to libvirt_driver.la, because libvirt.c calls gcrypt functions.
	When built without loadable driver modules, then the remote driver pulls
	in GnuTLS.

	Move libgnu.la from libvirt_parthelper_CFLAGS to libvirt_parthelper_LDADD.

2010-06-23  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Enable memory.use_hierarchy of cgroup for domain
	Through conversation with Kumar L Srikanth-B22348, I found
	that the function of getting memory usage (e.g., virsh dominfo)
	doesn't work for lxc with ns subsystem of cgroup enabled.

	This is because of features of ns and memory subsystems.
	Ns creates child cgroup on every process fork and as a result
	processes in a container are not assigned in a cgroup for
	domain (e.g., libvirt/lxc/test1/). For example, libvirt_lxc
	and init (or somewhat specified in XML) are assigned into
	libvirt/lxc/test1/8839/ and libvirt/lxc/test1/8839/8849/,
	respectively. On the other hand, memory subsystem accounts
	memory usage within a group of processes by default, i.e.,
	it does not take any child (and descendant) groups into
	account. With the two features, virsh dominfo which just
	checks memory usage of a cgroup for domain always returns
	zero because the cgroup has no process.

	Setting memory.use_hierarchy of a group allows to account
	(and limit) memory usage of every descendant groups of the group.
	By setting it of a cgroup for domain, we can get proper memory
	usage of lxc with ns subsystem enabled. (To be exact, the
	setting is required only when memory and ns subsystems are
	enabled at the same time, e.g., mount -t cgroup none /cgroup.)

2010-06-23  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Change virCgroupRemove to remove all descendant groups at first
	As same as normal directories, a cgroup cannot be removed if it
	contains sub groups. This patch changes virCgroupRemove to remove
	all descendant groups (subdirectories) of a target group before
	removing the target group.

	The handling is required when we run lxc with ns subsystem of cgroup.
	Ns subsystem automatically creates child cgroups on every process
	forks, but unfortunately the groups are not removed on process exits,
	so we have to remove them by ourselves.

	With this patch, such child (and descendant) groups are surely removed
	at lxc shutdown, i.e., lxcVmCleanup which calls virCgroupRemove.

2010-06-23  Eric Blake  <eblake@redhat.com>

	virsh: document attach-disk better
	http://bugzilla.redhat.com/601143, part 1 - document existing
	behavior.  Ever since Mar 2010 (commit ced154cb), the use of
	'attach-disk' or 'attach-device' to change cdrom/floppy media has been
	documented but deprecated, but the replacement to use 'update-device'
	was not documented.

	* tools/virsh.c (cmdAttachInterface, cmdAttachDisk): Fix bad error
	message.
	* tools/virsh.pod (attach-device, attach-disk): Refer to
	update-device for cdrom and floppy behavior.
	(update-device): Add documentation.

2010-06-23  Alan Pevec  <apevec@redhat.com>

	network: allow tftp port if tftp is defined
	add iptables rules to allow TFTP from the virtual network if <tftp>
	element is defined in the network definition.

	Fedora bz#580215

	* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
	  tftproot is defined

2010-06-23  Alan Pevec  <apevec@redhat.com>

	bridge_driver.c: fix file description

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Add '-nodefconfig' command line arg to QEMU
	We already use the '-nodefaults' command line arg with QEMU to stop
	it adding any default devices to guests. Unfortunately, QEMU will
	load global config files from /etc/qemu that may also add default
	devices. These aren't blocked by '-nodefaults', so we need to also
	add the '-nodefconfig' arg to prevent that.

	Unfortunately these global config files are also used to define
	custom CPU models. So in blocking global hardware device addition
	we also block definitions of new CPU models. Libvirt doesn't know
	about these custom CPU models though, so it would never make use
	of them anyway. Thus blocking them via -nodefconfig isn't a show
	stopping problem. We would need to expand libvirt's own CPU model
	XML database to support these instead.

	* src/qemu/qemu_conf.c: Add '-nodefconfig' if available
	* tests/qemuxml2argvdata/: Add '-nodefconfig' to all data files which
	  have '-nodefaults' present

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix reference handling leak on qemuMonitor
	The current code pattern requires that callers of qemuMonitorClose
	check for the return value == 0, and if so, set priv->mon = NULL
	and release the reference held on the associated virDomainObjPtr

	The change d84bb6d6a3bd2fdd530184cc9743249ebddbee71 violated that
	requirement, meaning that priv->mon never gets set to NULL, and
	a reference count is leaked on virDomainObjPtr.

	This design was a bad one, so remove the need to check the return
	valueof qemuMonitorClose(). Instead allow registration of a
	callback that's invoked just when the last reference on qemuMonitorPtr
	is released.

	Finally there was a potential reference leak in qemuConnectMonitor
	in the failure path.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a destroy
	  callback invoked from qemuMonitorFree
	* src/qemu/qemu_driver.c: Use the destroy callback to release the
	  reference on virDomainObjPtr when the monitor is freed. Fix other
	  potential reference count leak in connecting to monitor

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Make checks for inactive QEMU guest more robust
	Before issuing monitor commands it is neccessary to check whether
	the guest is still running. Most places use virDomainIsActive()
	correctly, but a few relied on 'priv->mon != NULL'. In theory
	these should be equivalent, but the release of the last reference
	count on priv->mon can be delayed a small amount of time until
	the event handler is finally deregistered. A further ref counting
	bug also means that priv->mon might be never released. In such a
	case, code could mistakenly issue a monitor command and wait for
	a response that will never arrive, effectively leaving the QEMU
	driver waiting on virCondWait() forever..

	To protect against these possibilities, make sure all code uses
	virDomainIsActive(), not 'priv->mon != NULL'

	* src/qemu/qemu_driver.c: Replace 'priv->mon != NULL' with
	  calls to 'priv->mon != NULL'()

2010-06-23  Daniel P. Berrange  <berrange@redhat.com>

	Improve some error messages about unsupported APIs/URIs
	If there is no driver for a URI we report

	  "no hypervisor driver available"

	This is bad because not all virt drivers are hypervisors (ie container
	based virt).

	If there is no driver support for an API we report

	  "this function is not supported by the hypervisor"

	This is bad for the same reason, and additionally because it is
	also used for the network, interface & storage drivers.

	* src/util/virterror.c: Improve error messages

2010-06-22  Jiri Denemark  <jdenemar@redhat.com>

	Don't leak open fd to virsh in libvirt-guests init script
	Running virsh while having /var/lib/libvirt/libvirt-guests file open
	makes SELinux emit messages about preventing virsh from reading that
	file. Since virsh doesn't really want to read anything, it's better to
	run it with /dev/null on stdin to prevent those messages.

2010-06-21  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix loadable module support
	Following Daniel Berrange's multiple helpful suggestions for improving
	this patch and introducing another driver interface, I now wrote the
	below patch where the nwfilter driver registers the functions to
	instantiate and teardown the nwfilters with a function in
	conf/domain_nwfilter.c called virDomainConfNWFilterRegister. Previous
	helper functions that were called from qemu_driver.c and qemu_conf.c
	were move into conf/domain_nwfilter.h with slight renaming done for
	consistency. Those functions now call the function expored by
	domain_nwfilter.c, which in turn call the functions of the new driver
	interface, if available.

2010-06-21  Justin Clift  <justin@salasaga.org>

	virsh: remove a doubled up include for errno.h

2010-06-21  Jiri Denemark  <jdenemar@redhat.com>

	Misc cleanups
	- Fix documentation for virGetStorageVol: it has 'key' argument instead
	  of 'uuid'.
	- Remove TODO comment from virReleaseStorageVol: we use volume key as an
	  identifier instead of UUID.
	- Print human-readable UUID string in debug message in virReleaseSecret.

	Do not free static buffer with UUID
	As anywhere else, uuid is defined as a fixed size array inside
	_virSecret structure; we shouldn't try to free it.

	Remove unnecessary check for non-NULL uuid
	The first thing we do in all these functions is to check uuid != NULL
	and fail if it isn't.

	Index hashes by UUID instead of name
	Per-connection hashes for domains, networks, storage pools and network
	filter pools were indexed by names which was not the best choice. UUIDs
	are better identifiers, so lets use them.

2010-06-21  Philipp Hahn  <hahn@univention.de>

	Allow one-or-more <boot dev="..."/> entries
	According to docs/formatdomain.html.in, "The boot element can be
	repeated multiple times to setup a priority list of boot devices to try
	in turn." The Relax-NG schema required / allowed exactly one entry.

2010-06-18  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extensions of docs with
	As requested, here a couple of paragraphs about the recently added statematch attribute and some advanced (and tricky) traffic filtering topics.

2010-06-18  Cole Robinson  <crobinso@redhat.com>

	Add ACK'd v2 changes for previous commit

2010-06-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix crash on failed VM startup
	If VM startup fails early enough (can't find a referenced USB device),
	libvirtd will crash trying to clear the VNC port bit, since port = 0,
	which overflows us out of the bitmap bounds.

	Fix this by being more defensive in the bitmap operations, and only
	clearing a previously set VNC port.

2010-06-18  Philipp Hahn  <hahn@univention.de>

	Fix description of virStorageVolGetInfo()
	Probably a copy-paste-bug in python/libvirt-override-api.xml:
	virStorageVolGetInfo() extracts information about a "storage volume",
	not the "storage pool" as virStoragePoolGetInfo() does.

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: add --uuid option to vol-pool
	Adds an optional switch, --uuid, for telling the virsh vol-pool command
	to return the pool UUID rather than pool name.

2010-06-17  Eric Blake  <eblake@redhat.com>

	qemu: reduce file padding requirements
	Followup to https://bugzilla.redhat.com/show_bug.cgi?id=599091,
	commit 20206a4b, to reduce disk waste in padding.

	* src/qemu/qemu_monitor.h (QEMU_MONITOR_MIGRATE_TO_FILE_BS): Drop
	back to 4k.
	(QEMU_MONITOR_MIGRATE_TO_FILE_TRANSFER_SIZE): New macro.
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update comment.
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrateToFile): Use
	two invocations of dd to output non-aligned large blocks.
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONMigrateToFile):
	Likewise.

2010-06-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add XML attribute to control iptables state match
	This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

	[...]
	<rule action='accept' direction='in' statematch='false'>
	<tcp srcmacaddr='1:2:3:4:5:6'
	           srcipaddr='10.1.2.3' srcipmask='32'
	           dscp='33'
	           srcportstart='20' srcportend='21'
	           dstportstart='100' dstportend='1111'/>
	</rule>
	[...]

	I am also extending the nwfilter schema and add this attribute to a test case.

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: ensure persistence and autostart are shown for dominfo and pool-info
	This patch adds the persistence status (yes/no) to the output of the virsh
	dominfo and pool-info commands.  This patch also adds the autostart status
	to the output of the virsh pool-info command.

	Red Hat BZ for this:

	  https://bugzilla.redhat.com/show_bug.cgi?id=603696

2010-06-17  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: adding support for IVM
	Use virBuffer* API to conditionally keep the portion of the command
	line specific to HMC, so that IVM can work.

2010-06-17  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use match target on incoming traffic
	The following patch enables the iptables match target to be used by
	default for incoming traffic. So far it has only be used for outgoing
	traffic.

	macvtap: work-around for 2.6.32 and older kernels
	This patch works around a recent extension of the netlink driver I had made use of when building the netlink messages. Unfortunately older kernels don't accept IFLA_IFNAME + name of interface as a replacement for the interface's index, so this patch now gets the interface index ifindex if it's not provided (ifindex <= 0).

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: change printf() calls to vshPrint()
	Trivial fix changing printf() calls to vshPrint() where the ctl
	variable is available.

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: improve help text for vol query commands
	Improves the help text for vol-path, vol-name, and vol-key, which
	previously referred to volume UUIDs.

	Addresses BZ # 598365.

2010-06-17  Justin Clift  <justin@salasaga.org>

	virsh: add pool support to vol-key command
	Presently the vol-key command only supports being provided with
	a volume path.

	This patch adds support for providing it with a pool and volume
	identifier pair as well.

	    virsh # vol-key --pool <pool-name-or-uuid> <vol-name-or-path>

2010-06-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add several missing vir*Free calls in libvirtd's remote code
	Justin Clift reported a problem with adding virStoragePoolIsPersistent
	to virsh's pool-info command, resulting in a strange problem. Here's
	an example:

	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created

	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    State:          running
	    Capacity:       395.20 GB
	    Allocation:     30.88 GB
	    Available:      364.33 GB

	    virsh # pool-destroy images_dir3
	    Pool images_dir3 destroyed

	At this point the images_dir3 pool should be gone (because it was
	transient) and we should be able to create a new pool with the same name:

	    virsh # pool-create-as images_dir3 dir - - - - "/home/images2"
	    Pool images_dir3 created

	    virsh # pool-info images_dir3
	    Name:           images_dir3
	    UUID:           90301885-94eb-4ca7-14c2-f30b25a29a36
	    error: Storage pool not found

	The new pool got the same UUID as the first one, but we didn't specify
	one. libvirt should have picked a random UUID, but it didn't.

	It turned out that virStoragePoolIsPersistent leaks a reference to the
	storage pool object (actually remoteDispatchStoragePoolIsPersistent does).
	As a result, pool-destroy doesn't remove the virStoragePool for the
	"images_dir3" pool from the virConnectPtr's storagePools hash on libvirtd's
	side. Then the second pool-create-as get's the stale virStoragePool object
	associated with the "images_dir3" name. But this object has the old UUID.

	This commit ensures that all get_nonnull_* and make_nonnull_* calls for
	libvirt objects are matched properly with vir*Free calls. This fixes the
	reference leaks and the reported problem.

	All remoteDispatch*IsActive and remoteDispatch*IsPersistent functions were
	affected. But also remoteDispatchDomainMigrateFinish2 was affected in the
	success path. I wonder why that didn't surface earlier. Probably because
	domainMigrateFinish2 is executed on the destination host and in the common
	case this connection is opened especially for the migration and gets closed
	after the migration is done. So there was no chance to run into a problem
	because of the leaked reference.

2010-06-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Update case insensitive .vmx tests
	Commit b9efc7dc3b97ef667ab99cee884b8485ebcb2f91 made virFileHasSuffix
	case insensitive. Honor this in the tests by switching vmdk to VMDK.

	esx: Accept 'disk' as harddisk device type in .vmx files

2010-06-16  Eric Blake  <eblake@redhat.com>

	phyp: sed cleanups
	* src/phyp/phyp_driver.c (phypNumDomainsGeneric): Avoid glob
	collision by quoting sed argument.
	(phypDomainSetCPU): Avoid non-portable \+ in sed.
	(phypGetVIOSPartitionID, phypDiskType, phypListDomainsGeneric)
	(phypListDefinedDomains): Micro-optimize anchored substitutions.

2010-06-15  Justin Clift  <justin@salasaga.org>

	virsh: mark autostart answers for translation
	This is a trivial fix for several autostart yes/no strings that
	weren't correctly marked for translation.

2010-06-15  Eric Blake  <eblake@redhat.com>

	virsh: add start --paused support
	Make 'start --paused' mirror 'create --paused'.

	* tools/virsh.c (cmdStart): Use new virDomainCreateWithFlags API
	when needed.
	* tools/virsh.pod (start): Document --paused.

2010-06-15  Eric Blake  <eblake@redhat.com>

	qemu: support starting persistent domain paused
	Match earlier change for qemu pause support with virDomainCreateXML.

	* src/qemu/qemu_driver.c (qemudDomainObjStart): Add parameter; all
	callers changed.
	(qemudDomainStartWithFlags): Implement flag support.

2010-06-15  Eric Blake  <eblake@redhat.com>

	drivers: add virDomainCreateWithFlags if virDomainCreate exists
	* src/esx/esx_driver.c (esxDomainCreate): Move guts...
	(esxDomainCreateWithFlags): ...to new function.
	(esxDriver): Trivially support the new API.
	* src/lxc/lxc_driver.c (lxcDomainStart, lxcDomainStartWithFlags)
	(lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDomainStart)
	(oneDomainStartWithFlags, oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreate)
	(openvzDomainCreateWithFlags, openvzDriver): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainStart)
	(qemudDomainStartWithFlags, qemuDriver): Likewise.
	* src/test/test_driver.c (testDomainCreate)
	(testDomainCreateWithFlags, testDriver): Likewise.
	* src/uml/uml_driver.c (umlDomainStart, umlDomainStartWithFlags)
	(umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreate)
	(vboxDomainCreateWithFlags, Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDomainCreate)
	(xenUnifiedDomainCreateWithFlags, xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreate)
	(xenapiDomainCreateWithFlags, xenapiDriver): Likewise.

2010-06-15  Eric Blake  <eblake@redhat.com>

	remote: protocol implementation for virDomainCreateWithFlags
	Define the wire format for the new virDomainCreateWithFlags
	API, and implement client and server side of marshaling code.

	* daemon/remote.c (remoteDispatchDomainCreateWithFlags): Add
	server side dispatch for virDomainCreateWithFlags.
	* src/remote/remote_driver.c (remoteDomainCreateWithFlags)
	(remote_driver): Client side serialization.
	* src/remote/remote_protocol.x
	(remote_domain_create_with_flags_args)
	(remote_domain_create_with_flags_ret)
	(REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS): Define wire format.
	* daemon/remote_dispatch_args.h: Regenerate.
	* daemon/remote_dispatch_prototypes.h: Likewise.
	* daemon/remote_dispatch_table.h: Likewise.
	* src/remote/remote_protocol.c: Likewise.
	* src/remote/remote_protocol.h: Likewise.
	* src/remote_protocol-structs: Likewise.

2010-06-15  Eric Blake  <eblake@redhat.com>

	libvirt: introduce domainCreateWithFlags API
	Persistent domain creation needs the same features as transient
	domains, but virDomainCreate lacks the flags argument present in
	virDomainCreateXML.  virDomainCreateFlags is already claimed as
	a public enum, so we have to break convention and expose
	virDomainCreateWithFlags.

	* include/libvirt/libvirt.h.in (virDomainCreateWithFlags): Add.
	* src/driver.h (virDrvDomainCreateWithFlags): Internal API.
	* src/libvirt.c (virDomainCreateWithFlags): Glue public API to
	driver API.
	* src/libvirt_public.syms (LIBVIRT_0.8.2): Expose public API.
	* src/esx/esx_driver.c (esxDriver): Add stub for driver.
	* src/lxc/lxc_driver.c (lxcDriver): Likewise.
	* src/opennebula/one_driver.c (oneDriver): Likewise.
	* src/openvz/openvz_driver.c (openvzDriver): Likewise.
	* src/phyp/phyp_driver.c (phypDriver): Likewise.
	* src/qemu/qemu_driver.c (qemuDriver): Likewise.
	* src/remote/remote_driver.c (remote_driver): Likewise.
	* src/test/test_driver.c (testDriver): Likewise.
	* src/uml/uml_driver.c (umlDriver): Likewise.
	* src/vbox/vbox_tmpl.c (Driver): Likewise.
	* src/xen/xen_driver.c (xenUnifiedDriver): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDriver): Likewise.

2010-06-15  Eric Blake  <eblake@redhat.com>

	maint: simplify some ignore files
	* .hgignore: Delete, no longer used.
	* examples/python/.gitignore: Delete, covered globally.
	* include/.gitignore: Likewise.
	* python/tests/.gitignore: Likewise.
	* docs/schemas/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.
	* tests/sexpr2xmldata/.gitignore: Likewise.
	* tests/confdata/.gitignore: Likewise.
	* tests/xencapsdata/.gitignore: Likewise.
	* tests/xmconfigdata/.gitignore: Likewise.
	* tests/xml2sexprdata/.gitignore: Likewise.

2010-06-14  Eric Blake  <eblake@redhat.com>

	parthelper: fix compilation without optimization
	Daniel's patch works with gcc and CFLAGS containing -O (the
	autoconf default), but fails with non-gcc or with other
	CFLAGS (such as -g), since c-ctype.h declares c_isdigit as
	a macro only for certain compilation settings.

	* src/Makefile.am (libvirt_parthelper_LDFLAGS): Add gnulib
	library, for when c_isdigit is not a macro.
	* src/storage/parthelper.c (main): Avoid out-of-bounds
	dereference, noticed by Jim Meyering.

2010-06-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix enumeration of partitions in disks with a trailing digit in path
	Disks with a trailing digit in their path (eg /dev/loop0 or
	/dev/dm0) have an extra 'p' appended before the partition
	number (eg, to form /dev/loop0p1 not /dev/loop01). Fix the
	partition lookup to append this extra 'p' when required

	* src/storage/parthelper.c: Add a 'p' before partition
	  number if required

2010-06-11  Eric Blake  <eblake@redhat.com>

	uml: sanity check external data before using it
	Otherwise, a malicious packet could cause a DoS via spurious
	out-of-memory failure.

	* src/uml/uml_driver.c (umlMonitorCommand): Validate that incoming
	data is reliable before using it to allocate/dereference memory.
	Don't report bogus errno on short read.
	Reported by Jim Meyering.

2010-06-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Improve error message for disabled client-side drivers
	Report that libvirt was built without that driver instead of
	trying to connect to a libvirtd, when we know that this is
	going to fail.

2010-06-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: check getenv("DISPLAY") for NULL in vboxDomainDumpXML
	Otherwise this will segfault if DISPLAY is not defined.

2010-06-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Check getenv("PATH") for NULL in virFindFileInPath
	Otherwise this will segfault if PATH is not defined.

	Reported by Emre Erenoglu

2010-06-10  Justin Clift  <justin@salasaga.org>

	virsh: add snapshot backing store support to vol-create-as
	This patch adds two new parameters to the vol-create-as command:

	 --backing-vol <volume-name-or-key-or-path>
	 --backing-vol-format <format-of-backing-vol>

	  virsh # vol-create-as guest_images_lvm snapvol1 5G --backing-vol \
	              rhel6vm1lun1
	  Vol snapvol1 created

	  virsh # vol-create-as image_dir qcow2snap2 5G --format qcow2 \
	              --backing-vol imagevol1.qcow2 \
	              --backing-vol-format qcow2
	  Vol qcow2snap2 created

	Additionally, the virsh man page update fixes incorrect snapshot
	parameters that were included in my prior bulk volume command patch.

2010-06-10  Eric Blake  <eblake@redhat.com>

	build: fix some mingw issues
	On Fedora 13 with sufficient mingw32-* packages installed, running
	./autobuild.sh failed to cross-compile to mingw because
	mingw32-pthreads installed a broken <pthread.h>.  With that
	issue fixed, the build still failed due to use of O_SYNC.
	Meanwhile, recent .spec.in changes got out of sync.

	* bootstrap.conf (gnulib_modules): Add fcntl-h, for O_SYNC.
	* .gnulib: Update to latest, to work around buggy pthreads-win32
	library.
	* bootstrap: Import latest from gnulib.
	* mingw32-libvirt.spec.in: Distribute new file.

2010-06-10  Eric Blake  <eblake@redhat.com>

	build: avoid pthreads-win32 on mingw
	* src/util/threads.c (includes) [WIN32]: On mingw, favor native
	threading over pthreads-win32 library.
	* src/util/thread.h [WIN32] Likewise.
	Suggested by Daniel P. Berrange.

2010-06-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup setup code to cope with root squashing NFS
	When a disk is on a root squashed NFS server, it may not be
	possible to stat() the disk file in virCgroupAllowDevice.
	The virStorageFileGetMeta method may also fail to extract
	the parent backing store. Both of these errors have to be
	ignored to avoid breaking NFS deployments

	* src/qemu/qemu_driver.c: Ignore errors in cgroup setup to
	   keep root squash NFS happy

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: fixed trivial comment and debug message in vshCommandOptVolBy function

	virsh: remove xen reference in header comment
	With libvirt and virsh now being used for much more than Xen, this
	patch removes the outdated reference to Xen in the file header.

2010-06-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add proxy query parameter
	Allow to specify a proxy to be used by libcurl.

	esx: Refactor esxUtil_ParseQuery's parameter handling
	Pass a struct containing the parameters instead of passing each
	one individually. This make future extensions a bit simpler.

2010-06-09  Justin Clift  <justin@salasaga.org>

	virsh: add the volume commands to the virsh man page
	This patch also includes the new vol-pool command.

	virsh: add new vol-pool command
	This patch adds a new "vol-pool" command to virsh, to round out the
	identifier conversion functions for volumes in virsh.  Now it is
	possible to work with volumes when starting from just a volume key
	or volume path.

2010-06-08  Eric Blake  <eblake@redhat.com>

	virsh: add --paused option to create
	* tools/virsh.c (opts_create): Add --paused option.
	(cmdCreate): Pass appropriate flag.
	* tools/virsh.pod: Document it.

2010-06-08  Eric Blake  <eblake@redhat.com>

	qemu: allow creation of a paused domain
	https://bugzilla.redhat.com/show_bug.cgi?id=589465

	Some guests (eg with badly configured grub, or Windows' installation cd)
	require quick response from the console user. That's why we have a
	"launchPaused" option in vdsm.

	To implement it via libvirt, we need to ask libvirt not to call
	qemuMonitorStartCPUs() after starting qemu.  Calling virDomainStop
	immediately after the domain is up is inherently raceful.

	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Add new parameter;
	all callers adjusted.
	(qemudDomainCreate): Implement support for new flag.

2010-06-08  Eric Blake  <eblake@redhat.com>

	virDomainCreateXML: support new flag
	* include/libvirt/libvirt.h.in (virDomainCreateFlags): Add
	VIR_DOMAIN_START_PAUSED.
	* src/libvirt.c (virDomainCreateXML): Update documentation.
	* src/lxc/lxc_driver.c (lxcDomainCreateAndStart): Reject new flag
	as unimplemented.
	* src/opennebula/one_driver.c (oneDomainCreateAndStart):
	Likewise.
	* src/openvz/openvz_driver.c (openvzDomainCreateXML): Likewise.
	* src/phyp/phyp_driver.c (phypDomainCreateAndStart): Likewise.
	* src/qemu/qemu_driver.c (qemudDomainCreate): Likewise.
	* src/test/test_driver.c (testDomainCreateXML): Likewise.
	* src/uml/uml_driver.c (umlDomainCreate): Likewise.
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Likewise.
	* src/xen/xend_internal.c (xenDaemonCreateXML): Likewise.
	* src/xenapi/xenapi_driver.c (xenapiDomainCreateXML): Likewise.

2010-06-08  David Allan  <dallan@redhat.com>

	Fix leaks in udev device add/remove v3
	* This patch is a modification of a patch submitted by Nigel Jones.
	  It fixes several memory leaks on device addition/removal:

	1. Free the virNodeDeviceDefPtr in udevAddOneDevice if the return
	   value is non-zero

	2. Always release the node device reference after the device has been
	   processed.

	* Refactored for better readability per the suggestion of clalance

2010-06-08  David Allan  <dallan@redhat.com>

	Add multiIQN tests
	* Fix broken rng schema
	* Add test input & output files

	Add multiiqn XML dump
	* Use virBufferEscapeString() per Dan B.

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix test breakage from virtio serial changes
	The virtio serial changes broke the test suite because they forgot
	to add the new address attribute to the domain XML schema. The
	xml2xml test also broke because the XML no longer roundtrips. This
	is due to testing of auto-addition of <controller> elements. Split
	that test case off into a separate XML file to avoid breakage

	* docs/schemas/domain.rng: Allow port number for virtio serial addresses
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Revert to
	  a simple config to avoid breaking xml2xml test
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio-auto.args: Add
	  complex test case for auto-controller addition for xml2argv test
	* tests/qemuxml2argvtest.c: Add channel-virtio-auto test

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Enable probing of VPC disk format type
	A look at the QEMU source revealed the missing bits of info about
	the VPC file format, so we can enable this now

	* src/util/storage_file.c: Enable VPC format, providing version
	  and disk size offset fields

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Ensure that PCI device is reattached to host if hotadd fails
	When an attempt to hotplug a PCI device to a guest fails,
	the device was left attached to pci-stub. It is neccessary
	to reset the device and then attach it to the host driver
	again.

	* src/qemu/qemu_driver.c: Reattach PCI device to host if
	  hotadd fails

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Don't raise errors in the selinux restore code
	The restore code is done in places where errors cannot be
	raised, since they will overwrite over pre-existing errors.

	* src/security/security_selinux.c: Only warn about failures
	  in label restore, don't report errors

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix check for errors in device_add command in QEMU text monitor
	Any output at all from device_add indicates an error in the
	command execution. Thus it needs to check for reply != ""

	* src/qemu/qemu_monitor_text.c: Fix reply check for errors
	  to treat any output as an error

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Prefer UDEV to HAL drivers if both a compiled
	HAL is deprecated and UDEV is the future. Thus if both
	options are compiled, we should prefer use of UDEV over
	HAL

	* src/node_device/node_device_driver.c: Switch init
	  order to try UDEV first, then HAL

2010-06-08  Daniel J Walsh  <dwalsh@redhat.com>

	Add support for setting socket MLS level in SELinux driver
	When SELinux is running in MLS mode, libvirtd will have a
	different security level to the VMs. For libvirtd to be
	able to connect to the monitor console, the client end of
	the UNIX domain socket needs a different label. This adds
	infrastructure to set the socket label via the security
	driver framework

	* src/qemu/qemu_driver.c: Call out to socket label APIs in
	  security driver
	* src/qemu/qemu_security_stacked.c: Wire up socket label
	  drivers
	* src/security/security_driver.h: Define security driver
	  entry points for socket labelling
	* src/security/security_selinux.c: Set socket label based on
	  VM label

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Network duplicate UUID/name checking
	The network driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virNetworkObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.

	* src/conf/network_conf.c, src/conf/network_conf.c,
	  src/libvirt_private.syms: Add virNetworkObjIsDuplicate,
	* src/network/bridge_driver.c: Call virNetworkObjIsDuplicate
	  for checking uniqueness of uuid/names

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix error codes for missing storage pools
	The storage pool driver is mistakenly using the error code
	VIR_ERR_INVALID_STORAGE_POOL which is for diagnosing invalid
	pointers. This patch switches it to use VIR_ERR_NO_STORAGE_POOL
	which is the correct code for cases where the storage pool does
	not exist

	* src/storage/storage_driver.c: Replace VIR_ERR_INVALID_STORAGE_POOL
	  with VIR_ERR_NO_STORAGE_POOL

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Storage pool duplicate UUID/name checking
	The storage pool driver is not doing correct checking for
	duplicate UUID/name values. This introduces a new method
	virStoragePoolObjIsDuplicate, based on the previously
	written virDomainObjIsDuplicate.

	* src/conf/storage_conf.c, src/conf/storage_conf.c,
	  src/libvirt_private.syms: Add virStoragePoolObjIsDuplicate,
	* src/storage/storage_driver.c: Call virStoragePoolObjIsDuplicate
	  for checking uniqueness of uuid/names

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix auto-adding of virtio serial controllers
	The domain parsing code would auto-add a virtio serial controller
	if it saw any virtio serial channel defined. Unfortunately it
	always added a controller with index=0, even if the channel address
	specified an index != 0. It only added one controller, even if
	multiple controllers were referenced by channels. Finally, it let
	the ports+vectors parameters initialize to zero instead of -1, which
	prevented the controllers accepting any ports.

	* src/conf/domain_conf.c: Initialize ports+vectors when adding
	  virtio serial controllers. Add all neccessary virtio serial
	  controllers, instead of hardcoding controller 0
	* qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand to
	  test controller auto-add behaviour

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Include port number with virtio serial devices
	To ensure that the device addressing scheme is stable across
	hotplug/unplug, all virtio serial channels needs to have an
	associated port number in their address. This is then specified
	to QEMU using the nr=NNN parameter

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
	  for port number in vioserial address types.
	* src/qemu/qemu_conf.c: Set 'nr=NNN' parameter with virtio
	  serial port number
	* tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args,
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: Expand
	  data set to ensure coverage of port addressing

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Disable use of 'reason' field in block IO event in QEMU
	QEMU upstream decided against adding a 'reason' field to
	the block IO event in QMP. Disable this code to remove a
	annoying warning message. It will be renabled when the
	error string reason is re-introduced in QEMU

2010-06-08  Daniel P. Berrange  <berrange@redhat.com>

	Ensure UNIX domain sockets are removed on daemon shutdown
	When libvirtd exits it is leaving UNIX domain sockets on
	the filesystem. These need to be removed.

	The qemudInitPaths() method has signficant code churn to
	switch from using a pre-allocated buffer on the stack, to
	dynamically allocating on the heap.

	* daemon/libvirtd.c, daemon/libvirtd.h: Store a reference
	  to the UNIX domain socket path and unlink it on shutdown

2010-06-08  Justin Clift  <justin@salasaga.org>

	virsh: fix minor virsh man page typos and formatting problems

2010-06-07  Jamie Strandboge  <jamie@ubuntu.com>

	Fix AppArmor save/restore.Add stdin_path to qemudStartVMDaemon() args.
	Refactor to update AppArmor security driver to adjust profile for
	save/restore. This addresses the following bugs:

	 https://bugzilla.redhat.com/show_bug.cgi?id=529363
	 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/457716

2010-06-07  Jamie Strandboge  <jamie@ubuntu.com>

	Add stdin_path to qemudStartVMDaemon() args.
	Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd,
	so this can be passed to the AppArmor driver via SetSecurityAllLabel().

	This updates all calls to qemudStartVMDaemon() as well as setting up
	the non-AppArmor security driver *SetSecurityAllLabel() declarations
	for the above. This is required for the following
	"apparmor-fix-save-restore" patch since AppArmor resolves the passed
	file descriptor to the pathname given to open().

2010-06-06  Jim Meyering  <meyering@redhat.com>

	avoid syntax-check failure
	* .mailmap: Map a stray commit-author email address to the canonical one.
	Reported by Justin Clift.

2010-06-04  Laine Stump  <laine@laine.org>

	Adjust block size used by dd to speed QEMU domain save operations.
	See https://bugzilla.redhat.com/show_bug.cgi?id=599091

	Saving a paused 512MB domain took 3m47s with the old block size of 512
	bytes. Changing the block size to 1024*1024 decreased the time to 56
	seconds. (Doubling again to 2048*1024 yielded 0 improvement; lowering
	to 512k increased the save time to 1m10s, about 20%)

2010-06-04  Laine Stump  <laine@laine.org>

	Fix dereference of potentially freed pointer in qemudDomainSaveFlags
	The pointer to the xml describing the domain is saved into an object
	prior to calling VIR_REALLOC_N() to make the size of the memory it
	points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that
	operation needs to allocate new memory, the pointer that was saved is
	no longer valid.

	To avoid this situation, adjust the size *before* saving the pointer.

	(This showed up when experimenting with very large values of
	QEMU_MONITOR_MIGRATE_TO_FILE_BS).

2010-06-04  Jim Fehlig  <jfehlig@linux-ypgk.site>

	Fixes for commit 211dd1e9
	Fixes for issues in commit 211dd1e9 noted by by Jim Meyering.

	1. Allocate content buffer of size content_length + 1 to ensure
	   NUL-termination.
	2. Limit content buffer size to 64k
	3. Fix whitespace issue

	V2:
	  - Add comment to clarify allocation of content buffer
	  - Add ATTRIBUTE_NONNULL where appropriate
	  - User NULLSTR macro

2010-06-04  Eric Blake  <eblake@redhat.com>

	autobuild.sh: avoid bashism
	* autobuild.sh: Replace 'set -o pipefail' with POSIX alternative.
	Reported by Matthias Bolte.

2010-06-03  Jim Fehlig  <jfehlig@novell.com>

	Allocate buffer to hold xend response
	There are cases when a response from xend can exceed 4096 bytes, in
	which case anything beyond 4096 is ignored. This patch changes the
	current fixed-size, stack-allocated buffer to a dynamically allocated
	buffer based on Content-Length in HTTP header.

2010-06-03  David Allan  <dallan@redhat.com>

	Update nodedev scsi_host data before use
	* It appears that the udev event for HBA creation arrives before the
	  associated sysfs data is fully populated, resulting in bogus data
	  for the nodedev entry until the entry is refreshed.  This problem is
	  particularly troublesome when creating NPIV vHBAs because it results
	  in libvirt failing to find the newly created adapter and waiting for
	  the full timeout period before erroneously failing the create
	  operation.  This patch forces an update before any attempt to use
	  any scsi_host nodedev entry.

	Fix device destroy return value
	* Set return value in error cases
	* Clarify error message when parent device is not vport capable

2010-06-03  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Strict check when listing domains

2010-06-03  Stefan Berger  <stefanb@us.ibm.com>

	add 802.1Qbh and 802.1Qbg handling
	This patch that adds support for configuring 802.1Qbg and 802.1Qbh
	switches. The 802.1Qbh part has been successfully tested with real
	hardware. The 802.1Qbg part has only been tested with a (dummy)
	server that 'behaves' similarly to how we expect lldpad to 'behave'.

	The following changes were made during the development of this patch:

	 - Merging Scott's v13-pre1 patch
	 - Fixing endptr related bug while using virStrToLong_ui() pointed out
	   by Jim Meyering
	 - Addressing Jim Meyering's comments to v11
	 - requiring mac address to the vpDisassociateProfileId() function to
	   pass it further to the 802.1Qbg disassociate part (802.1Qbh untouched)
	 - determining pid of lldpad daemon by reading it from /var/run/libvirt.pid
	   (hardcode as is hardcode alson in lldpad sources)
	 - merging netlink send code for kernel target and user space target
	   (lldpad) using one function nlComm() to send the messages
	 - adding a select() after the sending and before the reading of the
	   netlink response in case lldpad doesn't respond and so we don't hang
	 - when reading the port status, in case of 802.1Qbg, no status may be
	   received while things are 'in progress' and only at the end a status
	   will be there.
	 - when reading the port status, use the given instanceId and vf to pick
	   the right IFLA_VF_PORT among those nested under IFLA_VF_PORTS.
	 - never sending nor parsing IFLA_PORT_SELF type of messages in the
	   802.1Qbg case
	 - iterating over the elements in a IFLA_VF_PORTS to pick the right
	   IFLA_VF_PORT by either IFLA_PORT_PROFILE and given profileId
	   (802.1Qbh) or IFLA_PORT_INSTANCE_UUID and given instanceId (802.1Qbg)
	   and reading the current status in IFLA_PORT_RESPONSE.
	 - recycling a previous patch that adds functionality to interface.c to
	   - get the vlan identifier on an interface
	   - get the flags of an interface and some convenience function to
	     check whether an interface is 'up' or not (not currently used here)
	 - adding function to determine the root physical interface of an
	   interface. For example if a macvtap is linked to eth0.100, it will
	   find eth0. Also adding a function that finds the vlan on the 'way to
	   the root physical interface'
	 - conveying the root physical interface name and index in case of 802.1Qbg
	 - conveying mac address of macvlan device and vlan identifier in
	   IFLA_VFINFO_LIST[ IFLA_VF_INFO[ IFLA_VF_MAC(mac), IFLA_VF_VLAN(vlan) ] ]
	   to (future) lldpad via netlink
	  - To enable build with --without-macvtap rename the
	    [dis|]associatePortProfileId functions, prepend 'vp' before their
	    name and make them non-static functions.
	  - Renaming variable multicast to nltarget_kernel and inverting
	    the logic
	  - Addressing Jim Meyering's comments; this also touches existing
	    code for example for correcting indentation of break statements or
	    simplification of switch statements.
	  - Renamed occurrencvirVirtualPortProfileDef to virVirtualPortProfileParamses
	  - 802.1Qbg part prepared for sending a RTM_SETLINK and getting
	    processing status back plus a subsequent RTM_GETLINK to
	    get IFLA_PORT_RESPONSE.
	    Note: This interface for 802.1Qbg may still change
	  - [David Allan] move getPhysfn inside IFLA_VF_PORT_MAX to avoid
	compiler
	    warning when latest if_link.h isn't available
	  - move from Stefan's 802.1Qb{g|h} XML v8 to v9
	  - move hostuuid and vf index calcs to inside doPortProfileOp8021Qbh
	  - remove debug fprintfs
	  - use virGetHostUUID (thanks Stefan!)
	  - fix compile issue when latest if_link.h isn't available
	  - change poll timeout to 10s, at 1/8 intervals
	     - if polling times out, log msg and return -ETIMEDOUT
	  - Add Stefan's code for getPortProfileStatus
	  - Poll for up to 2 secs for port-profile status, at 1/8 sec intervals:
	     - if status indicates error, abort openMacvtapTap
	     - if status indicates success, exit polling
	     - if status is "in-progress" after 2 secs of polling, exit
	       polling loop silently, without error

	My patch finishes out the 802.1Qbh parts, which Stefan had mostly complete.
	I've tested using the recent kernel updates for VF_PORT netlink msgs and
	enic for Cisco's 10G Ethernet NIC.  I tested many VMs, each with several
	direct interfaces, each configured with a port-profile per the XML.  VM-to-VM,
	and VM-to-external work as expected.  VM-to-VM on same host (using same NIC)
	works same as VM-to-VM where VMs are on diff hosts.  I'm able to change
	settings on the port-profile while the VM is running to change the virtual
	port behaviour.  For example, adjusting a QoS setting like rate limit.  All
	VMs with interfaces using that port-profile immediatly see the effect of the
	change to the port-profile.

	I don't have a SR-IOV device to test so source dev is a non-SR-IOV device,
	but most of the code paths include support for specifing the source dev and
	VF index.  We'll need to complete this by discovering the PF given the VF
	linkdev.  Once we have the PF, we'll also have the VF index.  All this info-
	mation is available from sysfs.

2010-06-02  Eric Blake  <eblake@redhat.com>

	bitmap: reject zero-size bitmap
	* src/util/bitmap.c (virBitmapAlloc): Tighten sanity check.

2010-06-02  Cole Robinson  <crobinso@redhat.com>

	hostusb: Properly handle 'usbX' sysfs files
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=598272

	Some files under /sys/bus/usb/devices/ have the format 'usbX', where
	X is the USB bus number. Use STRPREFIX to correctly parse the bus numbers.

2010-06-02  Justin Clift  <justin@salasaga.org>

	Add --source-format argument to virsh pool-define-as and pool-create-as
	This is the corresponding patch for the virsh man page (virsh.pod).

2010-06-02  Justin Clift  <justin@salasaga.org>

	Add --source-format argument to virsh pool-define-as and pool-create-as
	When creating pools from dedicated disks, the existing pool-define-as
	and pool-create-as commands are a bit non-optimal.

	Ideally, a person would be able to specify all of the required options
	directly on the command line instead of having to edit the XML.

	At the moment, there is no way to specify the format type (ie gpt) so it
	gets included in the XML the pool is constructed with.

	Please find attached a simple (tested) patch to add an optional
	"--source-format 'type'" to virsh.  This is patched against current git
	master and will apply cleanly.

	Also created a Red Hat BZ ticket for this (#597790) for tracking.

2010-06-02  Justin Clift  <justin@salasaga.org>

	Trivial virsh.pod additions --all for "list" command and similar
	This is just a trivial patch to virsh.pod (from git master). It adds the
	following pieces to the virsh man page:

	  + Shows the --inactive and --all optional parameters for the list
	    command.

	    Closes Bugzilla #575512, reported by Renich Bon Ciric
	    https://bugzilla.redhat.com/show_bug.cgi?id=575512

	  + Corrects the existing description of the list command, to now say
	    that only running domains are listed if no domains are specified.

	    The man page up until this point has said all domains are listed if
	    no domains are specified, which is incorrect.

	  + Adds the "shut off" state to the list of states for the list
	    command.

	  + Adds a missing =back around line 755, that pod2man was complaining
	    was missing.

2010-06-02  Eric Blake  <eblake@redhat.com>

	build: fix VPATH 'make syntax-check'
	* cfg.mk (sc_check_author_list): Look in correct location.

2010-06-01  Eric Blake  <eblake@redhat.com>

	build: depend on correct file
	Otherwise, VPATH builds fail with:

	make[1]: *** No rule to make target `libvirt-guests.init', needed by `all'.

	Regression introduced in commit 482e08a9.

	* daemon/Makefile.am (%.init): Look in correct place for
	config.status.

2010-06-01  Cole Robinson  <crobinso@redhat.com>

	qemu: Add a qemu.conf option for clearing capabilities
	Currently there is no way to opt out of libvirt dropping POSIX
	capabilities for qemu. This at least is a useful debugging tool, but
	is also wanted by users (and distributors):

	https://bugzilla.redhat.com/show_bug.cgi?id=559154
	https://bugzilla.redhat.com/show_bug.cgi?id=573850

	v2: Clarify qemu.conf comment, warn about security implications

	v3: Add .aug changes

2010-05-29  Jim Meyering  <meyering@redhat.com>

	build: make cpp indentation conform
	* src/storage/storage_backend.h (VIR_STORAGE_VOL_OPEN_DEFAULT):
	Adjust s/#define/# define/, and align continued lines.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	storage: Check for invalid storage mode before opening
	If a directory pool contains pipes or sockets, a pool start can fail or hang:

	https://bugzilla.redhat.com/show_bug.cgi?id=589577

	We already try to avoid these special files, but only attempt after
	opening the path, which is where the problems lie. Unify volume opening
	into helper functions, which use the proper open() flags to avoid error,
	followed by fstat to validate storage mode.

	Previously, virStorageBackendUpdateVolTargetInfoFD attempted to enforce the
	storage mode check, but allowed callers to detect this case and silently
	continue. In practice, only the FS backend was using this feature, the rest
	were treating unknown mode as an error condition. Unfortunately the InfoFD
	function wasn't raising an error message here, so error reporting was
	busted.

	This patch adds 2 functions: virStorageBackendVolOpen, and
	virStorageBackendVolOpenModeSkip. The latter retains the original opt out
	semantics, the former now throws an explicit error.

	This patch maintains the previous volume mode checks: allowing specific
	modes for specific pool types requires a bit of surgery, since VolOpen
	is called through several different helper functions.

	v2: Use ATTRIBUTE_NONNULL. Drop stat check, just open with
	    O_NONBLOCK|O_NOCTTY.

	v3: Move mode check logic back to VolOpen. Use 2 VolOpen functions with
	    different error semantics.

	v4: Make second VolOpen function more extensible. Didn't opt to change
	    FS backend defaults, this can just be to fix the original bug.

	v5: Prefix default flags with VIR_, use ATTRIBUTE_RETURN_CHECK

2010-05-28  Stefan Berger  <stefanb@us.ibm.com>

	macvtap: cannot support target device name
	Since the macvtap device needs active tear-down and the teardown logic
	is based on the interface name, it can happen that if for example 1 out
	of 3 interfaces was successfully created, that during the failure path
	the macvtap's target device name is used to tear down an interface that
	is doesn't own (owned by another VM).

	So, in this patch, the target interface name is reset so that there is
	no target interface name and the interface name is always cleared after
	a tear down.

2010-05-28  David Allan  <dallan@redhat.com>

	Improve nodedev parent/child relationships
	* If a nodedev has a parent that we don't want to display, we should
	  continue walking up the udev device tree to see if any of its
	  earlier ancestors are devices that we display.  It makes the tree
	  much nicer looking than having a whole lot of devices hanging off
	  the root node.

2010-05-28  Jiri Denemark  <jdenemar@redhat.com>

	Fix libvirt-guests init script
	Firstly, the init script has to touch its file under /var/lock/subsys
	when started, otherwise the system would think it's not running and
	won't stop it during shutdown.

	Secondly, for some reason there is a policy to automatically enable
	init scripts when they are installed, so let the specfile do this. We
	also need to start the init script to ensure it will be stopped during
	the first shutdown after installing the package.

	Also $LISTFILE should be enclosed by quotes everywhere as suggested by
	Eric.

2010-05-28  Jim Meyering  <meyering@redhat.com>

	maint: new syntax-check rule to ensure that AUTHORS stays in sync
	* cfg.mk (sc_check_AUTHOR_list): New rule.
	* .mailmap: New file, to tell git log how to map email addresses.

2010-05-28  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	hooks: fix typo
	* src/util/hooks.c (virHookLxcOp): Use correct bound.

2010-05-28  Eric Blake  <eblake@redhat.com>

	build: silence cppi warning, clarify vbox headers
	These files are borrowed from upstream release versions, and should
	not need further edits in the context of libvirt (instead, a new
	upstream vbox release would entail adding a new header file).  We do
	not re-generate these files as part of libvirt, nor do we want to lose
	our minor edits (such as cppi cleanups).

	* src/vbox/vbox_CAPI_v2_2.h: Clarify file origins.
	* src/vbox/vbox_CAPI_v3_0.h: Likewise.
	* src/vbox/vbox_CAPI_v3_1.h: Likewise.
	* src/vbox/vbox_CAPI_v3_2.h: Likewise.  Reindent with cppi.

2010-05-28  Cole Robinson  <crobinso@redhat.com>

	network: bridge: Don't start network if it collides with host routing
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=235961

	If using the default virtual network, an easy way to lose guest network
	connectivity is to install libvirt inside the VM. The autostarted
	default network inside the guest collides with host virtual network
	routing. This is a long standing issue that has caused users quite a
	bit of pain and confusion.

	On network startup, parse /proc/net/route and compare the requested
	IP+netmask against host routing destinations: if any matches are found,
	refuse to start the network.

	v2: Drop sscanf, fix a comment typo, comment that function could use
	    libnl instead of /proc

	v3: Consider route netmask. Compare binary data rather than convert to
	    string.

	v4: Return to using sscanf, drop inet functions in favor of virSocket,
	    parsing safety checks. Don't make parse failures fatal, in case
	    expected format changes.

	v5: Try and continue if we receive unexpected. Delimit parsed lines to
	    prevent scanning past newline

2010-05-27  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-05-27  Cole Robinson  <crobinso@redhat.com>

	xen: Fix chardev listen sexpr formatting
	'listen' isn't a valid qemu-dm option, as reported a long time ago here:

	https://bugzilla.redhat.com/show_bug.cgi?id=492958

	Matches the near identical logic in qemu_conf.c

	v2: When parsing sexpr, only match on ",server", rather than
	    full ',server,nowait'.

2010-05-27  Cole Robinson  <crobinso@redhat.com>

	xen: Remove unused function

2010-05-27  David Allan  <dallan@redhat.com>

	v2 of Cole's wlan support
	* Incorporated Jim's feedback (v1 & v2)

	* Moved case of DEVTYPE == "wlan" up as it's definitive that we have a network interface.

	* Made comment more detailed about the wired case to explain better
	  how it differentiates between wired network interfaces and USB
	  devices.

2010-05-27  Марк Коренберг  <socketpair gmail com>

	Add docs on drive <serial> element
	* docs/formatdomain.html.in: Document <serial> element within
	  <disk> and fix typo on <driver/> element

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Simplify goto usage
	Eliminate almost all backward jumps by replacing this common pattern:

	int
	some_random_function(void)
	{
	    int result = 0;
	    ...

	  cleanup:
	    <unconditional cleanup code>
	    return result;

	  failure:
	    <cleanup code in case of an error>
	    result = -1;
	    goto cleanup
	}

	with this simpler pattern:

	int
	some_random_function(void)
	{
	    int result = -1;
	    ...
	    result = 0;

	  cleanup:
	    if (result < 0) {
	        <cleanup code in case of an error>
	    }

	    <unconditional cleanup code>
	    return result;
	}

	Add a bool success variable in functions that don't have a int result
	that can be used for the new pattern.

	Also remove some unnecessary memsets in error paths.

2010-05-27  Jean-Baptiste Rouault  <jean-baptiste.rouault@diateam.net>

	Support for VirtualBox version 3.2

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use printf instead of echo -e in libvirt.spec.in
	make rpm created dummy tests containing '-e #!/bin/sh' for me.

	Install, distribute and package domainsnapshot.rng

2010-05-27  Eric Blake  <eblake@redhat.com>

	build: support 'make check' in pristine tree
	Otherwise, 'make check' in the python dir tries to reference a file in
	docs that is built by 'make' but not by 'make check'.

	* docs/Makefile.am (check-local): New rule.
	Reported by Matthias Bolte.

2010-05-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Expose host UUID in the capabilities XML
	Parse the BIOS UUID. This information may not be available, in that
	case no host UUID is exposed in the capabilities XML.

2010-05-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix integer overflow in hotplug methods
	The hotplug methods still had the qemuCmdFlags variable declared
	as an int, instead of unsigned long long. This caused flag checks
	to be incorrect for flags > 31

	* src/qemu/qemu_driver.c: Fix integer overflow in hotplug

2010-05-26  Alex Williamson  <alex.williamson@redhat.com>

	Pass pre-opened PCI device sysfs config file to QEMU
	This allows libvirt to open the PCI device sysfs config file prior
	to dropping privileges so qemu can access the full config space.
	Without this, a de-privileged qemu can only access the first 64
	bytes of config space.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Detect support
	  for pci-assign.configfd option. Use this option when formatting
	  PCI device string if possible
	* src/qemu/qemu_driver.c: Pre-open PCI sysfs config file and pass
	  to QEMU

2010-05-26  Cole Robinson  <crobinso@redhat.com>

	daemon: sysconf: Update comment about VNC audio

2010-05-26  Chris Lalancette  <clalance@redhat.com>

	Fix failing virGetHostname.
	We've been running into a lot of situations where
	virGetHostname() is returning "localhost", where a plain
	gethostname() would have returned the correct thing.  This
	is because virGetHostname() is *always* trying to canonicalize
	the name returned from gethostname(), even when it doesn't
	have to.

	This patch changes virGetHostname so that if the value returned
	from gethostname() is already FQDN or localhost, it returns
	that string directly.  If the value returned from gethostname()
	is a shortened hostname, then we try to canonicalize it.  If
	that succeeds, we returned the canonicalized hostname.  If
	that fails, and/or returns "localhost", then we just return
	the original string we got from gethostname() and hope for
	the best.

	Note that after this patch it is up to clients to check whether
	"localhost" is an allowed return value.  The only place
	where it's currently not is in qemu migration.

2010-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen-proxy build broken
	The virVirtualPortProfileFormat just went below the
	virVirtualPortProfileParamsParseXML function and got inside the

	The attached patch moves virVirtualPortProfileFormat below the #ifndef
	PROXY block.

2010-05-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add read-only storage pool access
	Allows listing existing pools and requesting information about them.

	Alter the esxVI_ProductVersion enum in a way that allows to check for
	product type by masking.

2010-05-26  Eric Blake  <eblake@redhat.com>

	build: fix HTML errors in nwfilter docs
	A build on Ubuntu reported:

	|| Generating formatnwfilter.html.tmp
	/dados/develop/libvirt/docs/formatnwfilter.html.in|390| HTML parser error : Unexpected end tag : p
	||     </p>
	||         ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|705| HTML parser error : Unexpected end tag : code
	||          <td>End of range of valid source ports</code></td>
	||                                                       ^
	/dados/develop/libvirt/docs/formatnwfilter.html.in|710| HTML parser error : Unexpected end tag : code
	||          <td>Start of range of valid destination ports</code></td>
	||                                                              ^

	* docs/formatnwfilter.html.in: Fix invalid HTML constructs.
	Reported by Eduardo Otubo.

2010-05-26  Eric Blake  <eblake@redhat.com>

	build: fix compilation without macvtap
	* src/util/macvtap.c: (associatePortProfileId)
	(disassociatePortProfileId): Move inside HAVE_MACVTAP
	conditional.
	Reported by Eduardo Otubo.

2010-05-25  Jim Meyering  <jim@meyering.net>

	tests: avoid new failure of the daemon-conf test
	* tests/daemon-conf: Accommodate the fact that out template,
	daemon/libvirtd.conf now contains an invalid host_uuid.
	Convert it to a valid one before the final libvirtd-running
	test that must terminate normally.

	libvirtd: diagnose invalid host UUID
	* daemon/libvirtd.c (remoteReadConfigFile): Diagnose an invalid
	host UUID rather than silently exiting with status 7.

2010-05-25  Stefan Berger  <stefanb@us.ibm.com>

	vepa: parsing for 802.1Qb{g|h} XML
	This patch parses the following two XML descriptions, one for
	802.1Qbg and one for 802.1Qbh, and stores the data internally.
	The actual triggering of the switch setup protocol has not been
	implemented here but the relevant code to do that should go into
	the functions associatePortProfileId() and disassociatePortProfileId().

	   <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbg'>
	        <parameters managerid='12' typeid='0x123456' typeidversion='1'
	         instanceid='fa9b7fff-b0a0-4893-8e0e-beef4ff18f8f'/>
	      </virtualport>
	      <filterref filter='clean-traffic'/>
	    </interface>

	    <interface type='direct'>
	      <source dev='eth0.100' mode='vepa'/>
	      <model type='virtio'/>
	      <virtualport type='802.1Qbh'>
	        <parameters profileid='my_profile'/>
	      </virtualport>
	    </interface>

	I'd suggest to use this patch as a base for triggering the setup
	protocol with the 802.1Qb{g|h} switch.

	Several rounds of changes were made to this patch. The
	following is a list of these changes.
	- Renamed structure virVirtualPortProfileDef to virVirtualPortProfileParams
	  as per Daniel Berrange's request
	- Addressing Daniel Berrange's comments:
	 - removing macvtap.h's dependency on domain_conf.h by
	   moving the virVirtualPortProfileDef structure into macvtap.h
	   and not passing virtDomainNetDefPtr to any functions in
	   macvtap.c
	- Addressed most of Chris Wright's comments:
	  - indicating error in case virtualport XML node cannot be parsed
	    properly
	  - parsing hex and decimal numbers using virStrToLong_ui() with
	    parameter '0' for base
	  - tgifname (target interface name) variable wasn't necessary
	    to pass to openMacvtapTap function anymore
	- assigning the virtual port data structure to the virDomainNetDef
	  only if it was previously parsed
	- make sure that the error code returned by openMacvtapTap() is a negative n
	  in case the associatePortProfileId() function failed.
	- renaming vsi in the XML to virtualport
	- replace all occurrences of vsi in the source as well
	- removing mode and MAC address parameters from the functions that
	  will communicate with the hareware diretctly or indirectly
	- moving the associate and disassociate functions to the end of the
	  file for subsequent patches to easier make them generally available
	  for export
	- passing the macvtap interface name rather than the link device since
	  this otherwise gives funny side effects when using netlink messages
	  where IFLA_IFNAME and IFLA_ADDRESS are specified and the link dev
	  all of a sudden gets the MAC address of the macvtap interface.
	- Removing rc = -1 error indications in the case of 802.1Qbg|h setup in case
	  we wanted to use hook scripts for the setup and so the setup doesn't fail
	  here.
	- if instance ID UUID is not supplied it will automatically be generated
	  - adapted schema to make instance ID UUID optional
	  - added test case
	- parser and XML generator have been separated into their own
	  functions so they can be re-used elsewhere (passthrough case
	  for example)
	- Adapted XML parser and generator support the above shown type
	  (802.1Qbg, 802.1Qbh).
	- Adapted schema to above XML
	- Adapted test XML to above XML
	- Passing through the VM's UUID which seems to be necessary for
	  802.1Qbh -- sorry no host UUID
	- adding virtual function ID to association function, in case it's
	  necessary to use (for SR-IOV)

2010-05-25  Stefan Berger  <stefanb@us.ibm.com>

	vepa+vsi: Introduce dependency on libnl
	This patch introduces a dependency on libnl, which subsequent patches
	will then use.

	Changes from V1 to V2:
	- added diffstats
	- following changes in tree

2010-05-25  Cole Robinson  <crobinso@redhat.com>

	storage: Sanitize pool target paths
	Spurious / in a pool target path makes life difficult for apps using the
	GetVolByPath, and doing other path based comparisons with pools. This
	has caused a few issues for virt-manager users:

	https://bugzilla.redhat.com/show_bug.cgi?id=494005
	https://bugzilla.redhat.com/show_bug.cgi?id=593565

	Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
	target paths when parsing pool XML, and for paths passed to GetVolByPath.

	v2: Leading // must be preserved, properly sanitize path=/, sanitize
	    away /./ -> /

	v3: Properly handle starting ./ and ending /.

	v4: Drop all '.' handling, just sanitize / for now.

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Expose a host UUID in the capabilities XML
	Allow for a host UUID in the capabilities XML. Local drivers
	will initialize this from the SMBIOS data. If a sanity check
	shows SMBIOS uuid is invalid, allow an override from the
	libvirtd.conf configuration file

	* daemon/libvirtd.c, daemon/libvirtd.conf: Support a host_uuid
	  configuration option
	* docs/schemas/capability.rng: Add optional host uuid field
	* src/conf/capabilities.c, src/conf/capabilities.h: Include
	  host UUID in XML
	* src/libvirt_private.syms: Export new uuid.h functions
	* src/lxc/lxc_conf.c, src/qemu/qemu_driver.c,
	  src/uml/uml_conf.c: Set host UUID in capabilities
	* src/util/uuid.c, src/util/uuid.h: Support for host UUIDs
	* src/node_device/node_device_udev.c: Use the host UUID functions
	* tests/confdata/libvirtd.conf, tests/confdata/libvirtd.out: Add
	  new host_uuid config option to test

2010-05-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk

	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Fix up basic migration.
	Basic live migration was broken by the commit that added
	non-shared block support in two ways:

	1)  It added a virCheckFlags() to doNativeMigrate().  Besides
	the fact that typical usage of virCheckFlags() is in driver
	entry points, and doNativeMigrate() is not an entry point,
	it was missing important flags like VIR_MIGRATE_LIVE.  Move
	the virCheckFlags to the top-level qemuDomainMigratePrepare2
	and friends.

	2)  It also added a memory leak in qemuMonitorTextMigrate()
	by not freeing the memory used by virBufferContentAndReset().
	This is fixed by storing the pointer in a temporary variable
	and freeing it at the end.

	With this patch in place, normal live migration works again.

	v3: Instead of the churn for virCheckFlagsUI and UL, instead
	always promote flags to an unsigned long and always use %lx
	for the fprintf.
	v2: Add back flags check, which required adding virCheckFlagsUI
	and virCheckFlagsUL

2010-05-25  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow using regular audio backends with VNC
	Currently all host audio backends are disabled if a VM is using VNC, in
	favor of the QEMU VNC audio extension. Unfortunately no released VNC
	client supports this extension, so users have no way of getting audio
	to work if using VNC.

	Add a new config option in qemu.conf which allows changing libvirt's
	behavior, but keep the default intact.

	v2: Fix doc typos, change name to vnc_allow_host_audio

2010-05-25  Cole Robinson  <crobinso@redhat.com>

	storage: mpath: Fix incorrect VIR_ERROR use

2010-05-25  Chris Lalancette  <clalance@redhat.com>

	Allow nwfilter functions to be compiled with C++
	Unfortunately the NWFilter functions were outside of the
	"extern C { ... }" declaration in include/libvirt/libvirt.h.in,
	which means that they couldn't be properly used with C++.  Move
	them inside of the braces, which should fix the problem.

2010-05-25  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: documentation
	This patch adds documentation of the nwfilter subsystem of libvirt to
	the existing (web) docs.

2010-05-25  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-05-25  Alex Williamson  <alex.williamson@redhat.com>

	qemu: Release bus address on PCI host device remove

	qemu: avoid corrupting guest info struct on host device PCI hot add
	The device path doesn't make use of guestAddr, so the memcpy corrupts
	the guest info struct.

2010-05-24  Daniel P. Berrange  <berrange@redhat.com>

	Query block allocation extent from QEMU monitor
	The virDomainGetBlockInfo API allows query physical block
	extent and allocated block extent. These are normally the
	same value unless storing a special format like qcow2
	inside a block device. In this scenario we can query QEMU
	to get the actual allocated extent.

	Since last time:

	 - Return fatal error in text monitor
	 - Only invoke monitor command for block devices
	 - Fix error handling JSON code

	* src/qemu/qemu_driver.c: Fill in block aloction extent when VM
	  is running
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API to query the highest block extent via info blockstats

2010-05-24  Jim Meyering  <jim@meyering.net>

	lxcSetSchedulerParameters: reverse order of tests; diagnose a failure
	* src/lxc/lxc_driver.c (lxcSetSchedulerParameters): Ensure that
	"->field" is "cpu_shares" before possibly giving a diagnostic about
	a type for a "cpu_shares" value.
	Also, virCgroupSetCpuShares could fail without evoking a diagnostic.
	Add one.

2010-05-24  Chris Lalancette  <clalance@redhat.com>

	Don't overwrite virDomainAssignDef errors.

2010-05-24  Cole Robinson  <crobinso@redhat.com>

	storage: Combine some duplicate code
	Volume detection in the scsi backend was duplicating code already
	present in storage_backend.c. Let's drop the duplicate code.

	Also, change the shared function name to be less generic, and remove
	some error squashing in the other call site.

2010-05-24  Cole Robinson  <crobinso@redhat.com>

	storage: mpath: Clean up some error handling
	We were squashing error messages in a few cases. Recode to follow common
	ret = -1 convention.

	v2: Handle more error squashing issues further up in MakeNewVol and
	    CreateVols. Use ret = -1 convention in MakeVols.

2010-05-24  Jiri Denemark  <jdenemar@redhat.com>

	Remove dead code after refactoring qemudDomainStart
	The event is already generated and sent by qemudDomainObjStart, no need
	to do anything about here.

2010-05-22  Jim Meyering  <meyering@redhat.com>

	libvirtd: start each diagnostic with "argv0: "
	Some diagnostics had a hard-coded "libvirtd: " prefix, some used
	"error: " and some used "argv[0]: ".  Always use "argv[0]: ".
	* daemon/libvirtd.c (argv0): New global.
	(main): Set it.
	(version, usage): Remove argv0 parameter.  Use global; update callers.
	(daemonForkIntoBackground): Use argv0:, not error:.
	(qemudWritePidFile): Start each diagnostic with argv0:.
	Suggested by Eric Blake.

2010-05-22  Jim Meyering  <meyering@redhat.com>

	libvirtd: mark strings for translation, including --help output
	* daemon/libvirtd.c (daemonForkIntoBackground, main): Mark strings
	for translation.
	(usage): Rework --help so that it is translatable, replacing
	each embedded, configuration-dependent, macro with an `%s'.

	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-22  Eric Blake  <eblake@redhat.com>

	build: fix cppi warnings
	* src/util/bitmap.h (includes): Placate cppi.

2010-05-21  Eric Blake  <eblake@redhat.com>

	build: force init scripts to rebuild on changed --prefix
	Otherwise, './configure --prefix=/foo && make &&
	 ./configure --prefix=/bar && make' leaves the wrong files
	in libvirtd.init (/foo instead of /bar).

	* daemon/Makefile.am (libvirtd.init): Add dependency on
	config.status.  Reported by Cole Robinson.

2010-05-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	build: Distribute the whole tests/qemuhelpdata directory
	Instead of distributing the individual files.

	Now it's less error prone and consistent with the rest of
	the data directories in the tests directory.

2010-05-21  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Add libvirt-guests.init

2010-05-21  Jim Fehlig  <jfehlig@novell.com>

	Fix race in finding available vnc port
	The qemu driver contains a subtle race in the logic to find next
	available vnc port.  Currently it iterates through all available ports
	and returns the first for which bind(2) succeeds.  However it is possible
	that a previously issued port has not yet been bound by qemu, resulting
	in the same port used for a subsequent domain.

	This patch addresses the race by using a simple bitmap to "reserve" the
	ports allocated by libvirt.

	V2:
	  - Put port bitmap in struct qemud_driver
	  - Initialize bitmap in qemudStartup

	V3:
	  - Check for failure of virBitmapGetBit
	  - Additional check for port != -1 before calling virbitmapClearBit

	V4:
	  - Check for failure of virBitmap{Set,Clear}Bit

2010-05-21  Jim Fehlig  <jfehlig@novell.com>

	Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them

2010-05-21  Jim Fehlig  <jfehlig@novell.com>

	Add simple bitmap operations to utils
	V2:
	  - Move bitmap impl to src/util/bitmap.[ch]
	  - Use CHAR_BIT instead of explicit '8'
	  - Use size_t instead of unsigned int
	  - Fix calculation of bitmap size in virBitmapAlloc
	  - Ensure bit is within range of map in the set, clear, and get
	    operations
	  - Use bool in virBitmapGetBit
	  - Add virBitmapFree to free-like funcs in cfg.mk

	V3:
	  - Check for overflow in virBitmapAlloc
	  - Fix copy and paste bug in virBitmapAlloc
	  - Use size_t in prototypes
	  - Add ATTRIBUTE_NONNULL in prototypes where appropriate
	    and remove NULL check from impl

	V4:
	  - Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.

2010-05-21  Cole Robinson  <crobinso@redhat.com>

	daemon: Export SDL audio environment variables
	/etc/sysconfig/libvirtd has a few environment variables for configuring
	libvirt SDL audio. The libvirtd process doesn't see these, however, because
	they are never exported. Let's export the variables after sourcing the
	sysconfig script.

	There is another problem here that the commented out values in the
	sysconfig script are not neccessarily the actual defaults, we are qemus
	mercy here. Not sure how to solve that.

2010-05-21  Chris Lalancette  <clalance@redhat.com>

	Remove isValidIfname.
	We shouldn't be checking validity in domain_conf, since
	it can be used by multiple different hosts and hypervisors.
	Remove the check completely.

2010-05-21  Jiri Denemark  <jdenemar@redhat.com>

	Init script for handling guests on shutdown/boot
	Example output during shutdown:

	Running guests on default URI: console, rhel6-1, rhel5-64
	Running guests on lxc:/// URI: lxc-shell
	Running guests on xen:/// URI: error: no hypervisor driver available for xen:///
	error: failed to connect to the hypervisor
	Running guests on vbox+tcp://orkuz/system URI: no running guests.
	Suspending guests on default URI...
	Suspending console: done
	Suspending rhel6-1: done
	Suspending rhel5-64: done
	Suspending guests on lxc:/// URI...
	Suspending lxc-shell: error: Failed to save domain 9cba8bfb-56f4-6589-2d12-8a58c886dd3b state
	error: this function is not supported by the hypervisor: virDomainManagedSave

	Note, the "Suspending $guest: " shows progress during the suspend phase
	if domjobinfo gives meaningful output.

	Example output during boot:

	Resuming guests on default URI...
	Resuming guest rhel6-1: done
	Resuming guest rhel5-64: done
	Resuming guest console: done
	Resuming guests on lxc:/// URI...
	Resuming guest lxc-shell: already active

	Configuration used for generating the examples above:
	URIS='default lxc:/// xen:/// vbox+tcp://orkuz/system'

	The script uses /var/lib/libvirt/libvirt-guests files to note all active
	guest it should try to resume on next boot. It's content looks like:

	default 7f8b9d93-30e1-f0b9-47a7-cb408482654b 085b4c95-5da2-e8e1-712f-6ea6a4156af2 fb4d8360-5305-df3a-2da1-07d682891b8c
	lxc:/// 9cba8bfb-56f4-6589-2d12-8a58c886dd3b

2010-05-21  Jiri Denemark  <jdenemar@redhat.com>

	Autostart domains using virDomainObjStart

	Refactor qemudDomainStart
	We need a common internal function for starting managed domains to be
	used during autostart. This patch factors out relevant code from
	qemudDomainStart into qemudDomainObjStart and makes it use the
	refactored code for domain restore instead of calling qemudDomainRestore
	API directly.

	Factor out def assignment to existing domain from virDomainAssignDef
	We need to be able to assign new def to an existing virDomainObj which
	is already locked. This patch factors out the relevant code from
	virDomainAssignDef into virDomainObjAssignDef.

	Refactor qemudDomainRestore
	We need to be able to restore a domain which we already locked and
	started a job for it without undoing these steps. This patch factors
	out internals of qemudDomainRestore into separate functions which work
	for locked objects.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	maint: update po/POTFILES.in
	* po/POTFILES.in: Add 3 files.

	maint: enforce policy wrt VIR_DEBUG and VIR_DEBUG0
	* cfg.mk (sc_prohibit_gettext_markup): Just like VIR_WARN*.

	maint: don't mark VIR_DEBUG or VIR_DEBUG0 diagnostics for translation
	Run this command:
	  git grep -l VIR_DEBUG|xargs perl -pi -e \
	    's/(VIR_DEBUG0?)\s*\(_\((".*?")\)/$1($2/'

	maint: enforce policy wrt VIR_ERROR and VIR_ERROR0
	* cfg.mk (msg_gen_function): Add VIR_ERROR and VIR_ERROR0,
	so that sc_libvirt_unmarked_diagnostics will check them, too.

	maint: change "" in err ? err->message : "" to _("unknown error"), ...
	These changes avoid false-positive syntax-check failure,
	and also make the resulting diagnostics more comprehensible.

	maint: more of same, but manual: convert VIR_ERROR("%s" to VIR_ERROR0(

	maint: VIR_ERROR/VIR_ERROR0: mark up the remaining ones manually
	Handle concatenated strings manually.

	maint: mark translatable string args of VIR_ERROR
	Run this:
	  git grep -l 'VIR_ERROR\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR)\s*\((".*?"),/$1(_($2),/'

	maint: mark translatable string args of VIR_ERROR0
	Run this:
	  git grep -l 'VIR_ERROR0\s*("'|xargs perl -pi -e \
	    's/(VIR_ERROR0)\s*\((".*?")\)/$1(_($2))/'

2010-05-20  Jim Meyering  <meyering@redhat.com>

	maint: use VIR_ERROR0 rather than VIR_ERROR with a bare "%s"
	Change VIR_ERROR("%s", "..."
	to     VIR_ERROR0("..."

	and

	Change VIR_ERROR("%s", _("...")
	to     VIR_ERROR0(_("...")

	Use this command:
	  git grep -E -l 'VIR_ERROR\("%s", (_\()?"'|xargs perl -pi -e \
	  's/VIR_ERROR\("%s", (_\()?"/VIR_ERROR0($1"/'

2010-05-20  Chris Wright  <chrisw@redhat.com>

	qemu driver: fix version check typos
	* src/qemu/qemu_conf.c (qemudParseHelpStr): Fix errors that made
	it impossible to diagnose invalid minor and micro version number
	components.

2010-05-20  Cole Robinson  <crobinso@redhat.com>

	daemon: A few initscript corrections
	Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=565238

	- Avahi service is called 'avahi-daemon'
	- chkconfig descriptions must use \ for line continuations

2010-05-20  Cole Robinson  <crobinso@redhat.com>

	qemu: Use ShutdownVMDaemon for all startup cleanup paths
	The current cleanup: in StartVMDaemon path is a poor duplication.
	qemuShutdownVMDaemon can handle teardown for inactive VMs, so let's use it.

	v2: Remove old abort: label, only use cleanup:

2010-05-20  Chris Lalancette  <clalance@redhat.com>

	Domain snapshot RNG and tests.

2010-05-20  Chris Lalancette  <clalance@redhat.com>

	Fix up the python bindings for snapshotting.
	This involved a few fixes.  To start with,
	an virDomainSnapshot object is really tied to a
	domain, not a connection, so we have to generate
	a slightly different object so that we can get
	at self._dom for the object.

	Next, we had to "dummy" up an override piece of
	XML with a bogus argument that the function doesn't
	actually take.  That's so that the generator places
	virDomainRevertToSnapshot underneath the correct
	class (namely, the virDomain class).

	Finally, we had to hand-implement the
	virDomainRevertToSnapshot implementation, ignoring the
	bogus pointer we are being passed.

	With all of this in place, I was able to successfully
	take a snapshot and revert to it using only the
	Python bindings.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	qemu_conf.c: also recognize new first line of qemu -help output
	* src/qemu/qemu_conf.c (QEMU_VERSION_STR_1, QEMU_VERSION_STR_2):
	Define these instead of...
	(QEMU_VERSION_STR): ... this.  Remove definition.
	(qemudParseHelpStr): Check first for the new, shorter prefix,
	"QEMU emulator version", and then for the old one,
	"QEMU PC emulator version" when trying to parse the version number.
	Based on a patch by Chris Wright.

	lxc_controller.c: don't ignore failed "accept"
	* src/lxc/lxc_controller.c (ignorable_epoll_accept_errno): New function.
	(lxcControllerMain): Handle a failed accept carefully:
	most errno values indicate legitimate failure and must be fatal.
	However, ignore a special case: that in which an incoming client quits
	between the poll() indicating its presence, and our accept() which
	is trying to process it.

2010-05-20  Cole Robinson  <crobinso@redhat.com>

	qemu: Don't deny ShutdownVMDaemon for non-running VMs
	Clients that require this already seem to do so. Calling this function
	with pid < 1 also should not cause problems.

	qemu: Remove explicit VNC XML cleanup
	This only exists for a certain cleanup path in StartVMDaemon, but is
	unneeded since domain_conf.c handles this for us automatically.

	qemu: Properly cleanup in security startup error path
	Everything after hostdev setup needs to jump to cleanup on error.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	libvirtd: don't ignore virInitialize failure
	* daemon/libvirtd.c (main): Diagnose virInitialize failure
	and exit nonzero.

2010-05-20  Alex Williamson  <alex.williamson@redhat.com>

	Rename qemuBuildCommandLine tapfds -> vmfds.
	There doesn't seem to be anything specific to tap devices for this
	array of file descriptors which need to stay open of the guest to use.
	Rename then for others to make use of.

2010-05-20  Jim Meyering  <meyering@redhat.com>

	maint: prohibit newline at end of diagnostic
	* cfg.mk (sc_prohibit_newline_at_end_of_diagnostic): New rule.
	Idea proposed by Jiri Denemark.

	maint: remove unwanted newline at end of diagnostic
	* src/xen/xend_internal.c (xenDaemonDomainDefineXML): Remove \n.
	* src/network/bridge_driver.c (networkAddMasqueradingIptablesRules):
	Likewise.

	qemudDomainMigrateFinish2: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Don't ignore
	virDomainSaveStatus failure.
	* src/conf/domain_conf.h (virDomainSaveStatus): Use
	ATTRIBUTE_RETURN_CHECK, so this doesn't happen again.

2010-05-20  Eric Blake  <eblake@redhat.com>

	docs: distribute more coding convention documentation
	These files may be useful for anyone making modifications to
	source files in a tarball distribution.

	* src/Makefile.am (EXTRA_DIST): Add THREADS.txt.
	* daemon/Makefile.am (EXTRA_DIST): Add THREADING.txt.

2010-05-20  Eric Blake  <eblake@redhat.com>

	build: distribute missing file
	Commit f30ccb2458829 was incomplete.

	* .gitignore: Ignore intermediate directory during failed 'make
	distcheck'.
	* tests/Makefile.am (qemuhelpdata): Distribute new file.

2010-05-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make esxVI_*_CastFromAnyType dynamically dispatched
	This will be used in the ESX storage driver in order to handle
	the DatastoreInfo type and inheriting types properly.

	esx: Allow esxVI_X_DynamicCast to be called successfully on X objects
	This semantic will be used in the ESX storage driver.

2010-05-19  Jim Meyering  <meyering@redhat.com>

	tests: the remote_protocol check also accommodates older pdwtags
	This test was failing on systems using pdwtags from dwarves-1.3.
	Reported by Matthias Bolte.
	Two-pronged fix:
	  - use --verbose to work also with dwarves-1.3; adapt regular
	    expressions to handle now-varying separators
	  - require a minimum number of post-split clauses, in order to
	    skip upon any future format change.
	    Currently there are 318; if there are 300 or fewer,
	    give a warning similar to when pdwtags is missing.
	* src/Makefile.am (remote_protocol-structs): Use pdwtags' --verbose
	option to make 1.3 emit member sizes and offsets.
	Consistently output WARNING messages to stderr.

	initialize "meta" in virStorageFileGetMetadata, not in each caller
	Do not require each caller of virStorageFileGetMetadata and
	virStorageFileGetMetadataFromFD to first clear the storage of the
	"meta" buffer.  Instead, initialize that storage in
	virStorageFileGetMetadataFromFD.
	* src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear
	"meta" here, not before each of the following callers.
	* src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here.
	(qemuTeardownDiskCgroup): Likewise.
	* src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel):
	Likewise.
	* src/security/security_selinux.c (SELinuxSetSecurityImageLabel):
	Likewise.
	* src/security/virt-aa-helper.c (get_files): Likewise.

	(qemu*DiskCgroup): avoid dead code
	* src/qemu/qemu_driver.c (qemuTeardownDiskCgroup): Remove
	bogus empty-body while-loop.
	(qemuSetupDiskCgroup): Likewise.

	maint: more VIR_WARN corrections: now manually
	* po/POTFILES.in: Remove src/util/logging.c and src/util/uuid.c.
	* src/phyp/phyp_driver.c (phypUUIDTable_ReadFile): Correct more
	VIR_WARN uses, now manually.
	(phypUUIDTable_Init, phypUUIDTable_Pull): Likewise.

	maint: use VIR_WARN0("...") rather than VIR_WARN("%s", "...")
	Run this command:
	  git grep -l 'VIR_WARN("%s", "'|xargs perl -pi -e \
	    's/VIR_WARN\("%s", "/VIR_WARN0("/'
	* src/phyp/phyp_driver.c (phypDomainGetInfo): Perform the above.
	(phypDomainCreateAndStart, phypUUIDTable_ReadFile): Likewise.

	maint: enforce no-markup policy wrt VIR_WARN-like macros
	* cfg.mk (sc_prohibit_gettext_markup): New rule, to enforce
	this policy.  Contrary to most diagnostic-emitting functions,
	where we require _(...) markup, here, we require that _() *not*
	be used for certain functions (or function-like macros).

	maint: remove _(...) from VIR_WARN arg manually
	* src/util/uuid.c (virUUIDGenerate): Remove _(...) manually.

2010-05-19  Jim Meyering  <meyering@redhat.com>

	maint: don't mark VIR_WARN or VIR_WARN0 diagnostics for translation
	Approximately 60 messages were marked.  Since these diagnostics are
	intended solely for developers and maintainers, encouraging translation
	is deemed to be counterproductive:
	http://thread.gmane.org/gmane.comp.emulators.libvirt/25050/focus=25052

	Run this command:
	  git grep -l VIR_WARN|xargs perl -pi -e \
	    's/(VIR_WARN0?)\s*\(_\((".*?")\)/$1($2/'

2010-05-19  Jim Meyering  <meyering@redhat.com>

	note a typo: VIR_MIGRATE_TUNNELLED should be VIR_MIGRATE_TUNNELED,
	so that searches for properly spelled "TUNNELED" turn up
	the surprising spelling of this public symbol.
	* include/libvirt/libvirt.h.in: Add a comment.

2010-05-18  Jiri Denemark  <jdenemar@redhat.com>

	Add support for SSE4.1 and SSE4.2 CPU features

	Fix potential NULL dereference in remoteDomainMigratePrepare2

2010-05-18  Jim Meyering  <meyering@redhat.com>

	do not ignore qemuMonitorAddDrive failure; make uses identical
	There were three very similar uses of qemuMonitorAddDrive.
	This change makes the three 17-line sequences identical.
	* src/qemu/qemu_driver.c (qemudDomainAttachPciDiskDevice): Detect
	failure.  Add VIR_WARN and braces.
	(qemudDomainAttachSCSIDisk): Add VIR_WARN and braces.
	(qemudDomainAttachUsbMassstorageDevice): Likewise.

	ebtablesAddRemoveRule, iptablesAddRemoveRule: don't skip va_end
	* src/util/ebtables.c (ebtablesAddRemoveRule): Don't skip
	va_end(args) on an error path.
	* src/util/iptables.c (iptablesAddRemoveRule): Identical change.

	qemudDomainRestore: handle a case of virDomainSaveStatus failure
	* src/qemu/qemu_driver.c (qemudDomainRestore): Don't ignore
	virDomainSaveStatus failure.

	python: don't ignore virInitialize failure in module initialization
	* python/libvirt-override.c (initlibvirtmod): Upon virInitialize
	failure, skip the Py_InitModule call.

	tests: do not ignore virInitialize failure
	* tests/nodeinfotest.c (mymain): Do not ignore virInitialize failure.
	Most other callers of virInitialize test for failure.

	qemuMonitorTextMigrate: avoid leak on OOM-error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextMigrate): Also
	free "safedest" buffer when failing.

	virNWFilterDefParseXML: avoid leak on error paths
	* src/conf/nwfilter_conf.c (virNWFilterDefParseXML): Also free "ret"
	via cleanup.

	linuxNodeInfoCPUPopulate: avoid used-uninitialized via a test
	* tests/nodeinfotest.c (linuxTestCompareFiles): Don't use
	nodeinfo->member uninitialized.  linuxNodeInfoCPUPopulate requires
	that some of its nodeinfo members (including threads) be initialized
	upon input.  The nodeinfotest.c program lacked the initialization,
	while the only other use (nodeGetInfo) did perform it.
	It's not trivial to move the initialization into the function,
	since nodeGetInfo sets at least one member after clearing the
	buffer but before calling linuxNodeInfoCPUPopulate.

	virDomainNetDefParseXML: avoid leak upon multiple "filterref"
	* src/conf/domain_conf.c (virDomainNetDefParseXML): Don't leak
	memory when parsing two or more "filterref" elements.

	ebiptablesWriteToTempFile: don't close a negative file descriptor
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile):
	Skip the close if "fd" is negative.

2010-05-18  Daniel P. Berrange  <berrange@redhat.com>

	Protect against NULL pointer flaws in monitor usage
	History has shown that there are frequent bugs in the QEMU driver
	code leading to the monitor being invoked with a NULL pointer.
	Although the QEMU driver code should always report an error in
	this case before invoking the monitor, as a safety net put in a
	generic check in the monitor code entry points.

	* src/qemu/qemu_monitor.c: Safety net to check for NULL monitor
	  object

2010-05-18  Daniel P. Berrange  <berrange@redhat.com>

	Fix multiple potential NULL pointer references in monitor usage
	Any method which intends to invoke a monitor command must have
	a check for virDomainObjIsActive() before using the monitor to
	ensure that priv->mon != NULL.

	There is one subtle edge case in this though. If a method invokes
	multiple monitor commands, and calls qemuDomainObjExitMonitor()
	in between two of these commands then there is no guarentee that
	priv->mon != NULL anymore. This is because the QEMU process may
	exit or die at any time, and because qemuDomainObjEnterMonitor()
	releases the lock on virDomainObj, it is possible for the background
	thread to close the monitor handle and thus qemuDomainObjExitMonitor
	will release the last reference allowing priv->mon to become NULL.

	This affects several methods, most notably migration but also some
	hotplug methods. This patch takes a variety of approaches to solve
	the problem, depending on the particular usage scenario. Generally
	though it suffices to add an extra virDomainObjIsActive() check
	if qemuDomainObjExitMonitor() was called during the method.

	* src/qemu/qemu_driver.c: Fix multiple potential NULL pointer flaws
	  in usage of the monitor

2010-05-18  Jim Meyering  <meyering@redhat.com>

	maint: add more free-like functions to the list and deal with fallout
	* cfg.mk (useless_free_options): Add many vir*Free* function names,
	and then remove the useless if-before-free tests exposed by running
	make syntax-check.
	* src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if".
	(virInterfaceAssignDef): Likewise.
	* src/conf/network_conf.c (virNetworkAssignDef): Likewise.
	* src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise.
	* src/node_device/node_device_hal.c (dev_create): Likewise.
	* src/security/virt-aa-helper.c (vahDeinit): Likewise.
	* src/test/test_driver.c (testNodeDeviceCreateXML): Likewise.
	* src/util/conf.c (virConfSetValue): Likewise.

	maint: add virCgroupFree to the list of free-like functions
	This makes the useless-if-before-free test in maint.mk spot
	uses of virCgroupFree just like it does for free and the other
	listed functions.
	* cfg.mk (useless_free_options): Add virCgroupFree.
	Prompted by suggestion from Eric Blake.

	qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
	i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
	since the latter would dereference vm, but more fundamentally because
	we certainly don't want to call qemuDomainObjEndJob before we've
	even attempted qemuDomainObjBeginJob.

	lxcFreezeContainer: avoid test-after-deref of never-NULL pointer
	* src/lxc/lxc_driver.c (lxcFreezeContainer): Remove test-after-deref.
	Correct indentation in expression.

2010-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add CIFS to the list of network file systems
	ESX supports NFS and CIFS. The ESX storage driver will reflect this.

2010-05-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add VIR_STORAGE_POOL_INACCESSIBLE to denote inaccessible storage pools
	This status will be used by the ESX storage driver.

	For example a running NFS pool is inaccessible when the NFS server is
	currently unreachable.

2010-05-18  Eric Blake  <eblake@redhat.com>

	qemu_conf: fix flag value
	(gdb) p/x QEMUD_CMD_FLAG_VNET_HOST
	$7 = 0xffffffff80000000

	Oops - that meant we were incorrectly setting QEMU_CMD_FLAG_RTC_TD_HACK
	for qemu-kvm-0.12.3 (and probably botching a few other settings as well).

	Fixes Red Hat BZ#592070

	* src/qemu/qemu_conf.h (QEMUD_CMD_FLAG_VNET_HOST): Avoid sign
	extension.
	* tests/qemuhelpdata/qemu-kvm-0.12.3: New file.
	* tests/qemuhelptest.c (mymain): Add another case.

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Clarify a couple error messages
	A fedora translator filed:

	https://bugzilla.redhat.com/show_bug.cgi?id=580816

	Pointing out these two error messages as unclear: "write save" sounds
	like a typo without context, and lack of a colon made the second message
	difficult to parse.

2010-05-17  Eric Blake  <eblake@redhat.com>

	virFileResolveLink: fix return value
	virFileResolveLink was returning a positive value on error,
	thus confusing callers that assumed failure was < 0.  The
	confusion is further evidenced by callers that would have
	ended up calling virReportSystemError with a negative value
	instead of a valid errno.

	Fixes Red Hat BZ #591363.

	* src/util/util.c (virFileResolveLink): Live up to documentation.
	* src/qemu/qemu_security_dac.c
	(qemuSecurityDACRestoreSecurityFileLabel): Adjust callers.
	* src/security/security_selinux.c
	(SELinuxRestoreSecurityFileLabel): Likewise.
	* src/storage/storage_backend_disk.c
	(virStorageBackendDiskDeleteVol): Likewise.

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	tests: Skip daemon-conf test if dir exceeds UNIX_PATH_MAX
	The max path length for unix sockets is pretty small (108, see man 7 unix).
	If 'make check' is run from a directory that exceeds this, one of the tests
	will fail, and in such a way that requires manually editting the test to
	determine why.

	There are certainly other ways to handle this, but I've chosen just to skip
	the offending test if we will exceed the length limitation.

	v2: Drop bashism, use test infrastructure to warn and skip

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	pci: Give an explicit error if device not found
	v2: Use intended F_OK. Drop devdir param, just check dev->path for device
	existence.

	v3: Use virReportSystemError, include dev->path in error message.

2010-05-17  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build, correctly this time
	Fix the cygwin regression introduced in commit 48445ccff, but
	without repeating the fresh build regression of commit
	2d550542e.

	* src/Makefile.am (libvirt_test_la_LIBADD): Split out subset of
	locally-built libraries...
	(libvirt_test_la_BUILT_LIBADD): ...into new variable.
	(libvirt_test_la_DEPENDENCIES): Depend only on the subset that
	automake would have given us for free if we didn't have to add our
	own extra file.

2010-05-17  Jim Meyering  <meyering@redhat.com>

	umlAutostartDomain: avoid NULL-deref upon virGetLastError failure
	* src/uml/uml_driver.c (umlAutostartDomain): Handle a NULL return
	from virGetLastError.

2010-05-17  Eric Blake  <eblake@redhat.com>

	build: fix up some compiler flags
	Matthias noted that the line:
	virt_aa_helper_LDFLAGS = $(WARN_CFLAGS)
	looks inconsistent, so I did an audit.

	Currently, the set of compiler warning flags passed to gcc as $CC are
	equally permitted as the set of linker flags passed to gcc as $LD, so
	there was no problem with that usage.  But if we ever get in a
	situation where $CC and $LD treat particular flags differently, using
	the right variable form will make it easier.

	In the process, I spotted a couple of typos that were omitting useful
	flags, as well as specifying a -l under the wrong variable.

	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Define WARN_LDFLAGS as
	an alias for WARN_CFLAGS.
	* tools/Makefile.am (virsh_LDFLAGS): Use more canonical spelling.
	* proxy/Makefile.am (libvirt_proxy_LDFLAGS): Likewise. Move
	library...
	(libvirt_proxy_LDADD): ...here.
	* src/Makefile.am (virt_aa_helper_LDFLAGS): Use more canonical
	spelling of WARN_LDFLAGS.
	(libvirt_parthelper_LDFLAGS, libvirt_lxc_LDFLAGS): Likewise.  Use
	correct spelling of COVERAGE_LDFLAGS.
	Reported by Matthias Bolte.

2010-05-17  Jim Meyering  <meyering@redhat.com>

	build: avoid compile failure on linux kernels older than 2.6.19
	* configure.ac: Check for <linux/magic.h>.
	* src/util/storage_file.c: Include <linux/magic.h> only if present.
	Linux kernels prior to 2.6.19 lacked it.
	[__linux__] (NFS_SUPER_MAGIC): Define if not already defined.

	x86ModelHasFeature: avoid NULL-dereference for unmatched CPU "feature"
	* src/cpu/cpu_x86.c (x86ModelHasFeature): Do not dereference the pointer
	returned by x86cpuidFind without first ensuring it is non-NULL.

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Report cmdline output if VM dies early
	qemuReadLogOutput early VM death detection is racy and won't always work.
	Startup then errors when connecting to the VM monitor. This won't report
	the emulator cmdline output which is typically the most useful diagnostic.

	Check if the VM has died at the very end of the monitor connection step,
	and if so, report the cmdline output.

	See also: https://bugzilla.redhat.com/show_bug.cgi?id=581381

2010-05-17  Cole Robinson  <crobinso@redhat.com>

	qemu: Fix previous commit, use comparision in if()

2010-05-17  Jim Meyering  <meyering@redhat.com>

	qemu_driver: avoid NULL dereference
	* src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
	goto cleanup, rather than dereferencing the NULL pointer.

2010-05-17  Daniel P. Berrange  <berrange@redhat.com>

	Remove debugging fprintf() calls
	* src/qemu/qemu_driver.c: Remove debugging fprintf() calls
	  accidentally left in code

2010-05-15  Jim Meyering  <meyering@redhat.com>

	qemudDomainSetVcpus: avoid NULL-deref
	* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Avoid NULL-deref
	upon unknown UUID.  Call qemuDomainObjBeginJob(vm) only after
	ensuring that vm != NULL, not before.  This potential NULL-deref
	was introduced by commit 2c555d87b0041e0d1ec4742386d2161d1b2f0600.

2010-05-15  Eric Blake  <eblake@redhat.com>

	Revert "build: fix cygwin build"
	This reverts commit 2d550542ee729c1d9a4d92de344892650817b213.

	The patch worked for incremental builds, but broke fresh
	builds, because it interfered with automake's automatic
	dependency generation.  Until I figure out how to make
	automake do what we want, I'd rather leave cygwin broken
	but fresh Linux builds working.

2010-05-15  Eric Blake  <eblake@redhat.com>

	build: fix cygwin build
	make[3]: *** No rule to make target `-lxml2', needed by `libvirt.la'.  Stop.

	Due to treating the wrong string as a dependency.

	* src/Makefile.am (libvirt_la_DEPENDENCIES): Depend only on
	locally-built file, not on strings that might resolve as '-lxml2'.

2010-05-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add missing driver lock in qemu driver
	This adds a missing driver lock in the qemu driver to protect
	the list of domains.

2010-05-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix a misuse of virAsprintf in qemudDomainMemoryPeek
	The code specifies driver->cacheDir as the format string,
	but it usually doesn't contain '%s', so the subsequent
	argument, "/qemu.mem.XXXXXX", is always ignored.

	The patch fixes the misuse.

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Make domain save work when dynamic_ownership=0
	Setting dynamic_ownership=0 in /etc/libvirt/qemu.conf prevents
	libvirt's DAC security driver from setting uid/gid on disk
	files when starting/stopping QEMU, allowing the admin to manage
	this manually. As a side effect it also stopped setting of
	uid/gid when saving guests to a file, which completely breaks
	save when QEMU is running non-root. Thus saved state labelling
	code must ignore the dynamic_ownership parameter

	* src/qemu/qemu_security_dac.c: Ignore dynamic_ownership=0 when
	  doing save/restore image labelling

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Don't reset user/group/security label on shared filesystems during migrate
	When QEMU runs with its disk on NFS, and as a non-root user, the
	disk is chownd to that non-root user. When migration completes
	the last step is shutting down the QEMU on the source host. THis
	normally resets user/group/security label. This is bad when the
	VM was just migrated because the file is still in use on the dest
	host. It is thus neccessary to skip the reset step for any files
	found to be on a shared filesystem

	* src/libvirt_private.syms: Export virStorageFileIsSharedFS
	* src/util/storage_file.c, src/util/storage_file.h: Add a new
	  method virStorageFileIsSharedFS() to determine if a file is
	  on a shared filesystem (NFS, GFS, OCFS2, etc)
	* src/qemu/qemu_driver.c: Tell security driver not to reset
	  disk labels on migration completion
	* src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c,
	  src/security/security_selinux.c, src/security/security_driver.h,
	  src/security/security_apparmor.c: Add ability to skip disk
	  restore step for files on shared filesystems.

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of disk backing stores with cgroups
	The cgroups ACL code was only allowing the primary disk image.
	It is possible to chain images together, so we need to search
	for backing stores and add them to the ACL too. Since the ACL
	only handles block devices, we ignore the EINVAL we get from
	plain files. In addition it was missing code to teardown the
	cgroup when hot-unplugging a disk

	* src/qemu/qemu_driver.c: Allow backing stores in cgroup ACLs
	  and add missing teardown code in unplug path

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix possible crash in handling IO Error event
	If the IO error event does not include a reason, then there
	is a possible crash dispatching the event

	* src/conf/domain_event.c: Missing check for a NULL reason before
	  strduping allows for a crash

2010-05-14  Daniel P. Berrange  <berrange@redhat.com>

	Add support for NIC hotplug using netdev_add in QEMU
	QEMU is gaining a new monitor command netdev_add for hotplugging
	NICs using the netdev backend code. We already support this on
	the command this, though it is disabled. This adds support for
	hotplug too, also to remain disabled until 0.13 QEMU is released

	* src/qemu/qemu_driver.c: Support netdev hotplug for NICs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for netdev_add and netdev_remove commands

2010-05-12  Eric Blake  <eblake@redhat.com>

	datatypes: fix comment typo
	* src/datatypes.c: Use correct word.

2010-05-12  Jiri Denemark  <jdenemar@redhat.com>

	Fix monitor ref counting when adding event handle
	When closing a monitor using qemuMonitorClose(), we are aware of
	the possibility the monitor is still being used somewhere:

	    /* NB: ordinarily one might immediately set mon->watch to -1
	     * and mon->fd to -1, but there may be a callback active
	     * that is still relying on these fields being valid. So
	     * we merely close them, but not clear their values and
	     * use this explicit 'closed' flag to track this state */

	but since we call virEventAddHandle() on that monitor without increasing
	its ref counter, the monitor is still freed which makes possible users
	of it quite unhappy. The unhappiness can lead to a hang if qemuMonitorIO
	tries to lock mutex which no longer exists.

2010-05-12  Jiri Denemark  <jdenemar@redhat.com>

	Remove watches before calling REMOTE_PROC_CLOSE
	First calling REMOTE_PROC_CLOSE and then removing watches might lead to
	a hang as HANGUP event can be triggered before the watches are actually
	removed but after virConnectPtr is already freed. As a result of that
	remoteDomainEventFired() would try to lock uninitialized mutex, which
	would hang for ever.

2010-05-12  Jim Meyering  <meyering@redhat.com>

	tests: use GPLv2+, not GPLv3
	* tests/cpuset: Change from GPLv3 to GPLv2+
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-schedinfo: Likewise.
	* tests/virsh-synopsis: Likewise.

2010-05-12  Eric Blake  <eblake@redhat.com>

	libvirt_proxy: link with -lpthread if needed
	Continuation of earlier patches to fix LIB_PTHREAD, only
	triggered by ./configure --with-xen-proxy (a la autobuild.sh).

	* proxy/Makefile.am (libvirt_proxy_LDADD): Add LIB_PTHREAD.

2010-05-11  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Fix PCI product/vendor swappage
	Product and vendor values were swapped in the XML, which made virt-manager
	PCI device listing kinda useless.

2010-05-11  Eric Blake  <eblake@redhat.com>

	build: update gnulib
	* .gnulib: Update to latest.
	* bootstrap.conf (gnulib_modules): Import netdb.
	* src/esx/esx_util.c (AI_ADDRCONFIG): Rely on gnulib.
	* src/remote/remote_driver.c (AI_ADDRCONFIG): Likewise.
	* tools/virsh.c (WEXITSTATUS, O_SYNC): Likewise.

	build: allow older gettext
	* bootstrap.conf (gnulib_modules): Use gettext-h, not gettext,
	since the latter drags in a depedency on gettext 0.18.
	Suggested by Bruno Haible.

2010-05-11  Jim Meyering  <meyering@redhat.com>

	tests: correct PATH in new test, for when running manually
	* tests/virsh-schedinfo: This test sets PATH internally, just in
	case you're running it manually.  Normally, the PATH setting from
	tests/Makefile.am's TESTS_ENVIRONMENT is sufficient.  Prepend the
	correct directory, and take advantage of the PATH setting in one
	more case.

2010-05-11  Daniel P. Berrange  <berrange@redhat.com>

	Add env variable for debugging gnutls usage
	Allow debugging of GNUTLS interactions by setting

	  LIBVIRT_GNUTLS_DEBUG=10 LIBVIRT_DEBUG=1 virsh

	* src/remote/remote_driver.c: Use LIBVIRT_GNUTLS_DEBUG to
	  enable gnutls debugging

2010-05-11  Jim Meyering  <meyering@redhat.com>

	tests: adjust copyrights on scripts: s/FSF/Red Hat/
	* tests/cpuset: Change copyright holder from FSF to Red Hat, Inc.
	* tests/read-bufsiz: Likewise.
	* tests/read-non-seekable: Likewise.
	* tests/start: Likewise.
	* tests/undefine: Likewise.
	* tests/vcpupin: Likewise.
	* tests/virsh-all: Likewise.
	* tests/virsh-synopsis: Likewise.

	virsh: schedinfo --set invalid=value would simply ignore the option
	For example, virsh -c test:///default schedinfo 1 --set P=k would
	mistakenly exit successfully, giving no indication that it had failed
	to set the scheduling parameter "P".
	* tools/virsh.c (cmdSchedinfo): Diagnose an invalid --set j=k option,
	rather than silently ignoring it.
	* tests/virsh-schedinfo: New test for the above.
	* tests/Makefile.am (test_scripts): Add it.
	Reported by Jintao Yang in http://bugzilla.redhat.com/586632

	virsh: fix a typo in a diagnostic
	* tools/virsh.c (cmdSchedInfoUpdate): Fix typo in a diagnostic:
	s/an long long/a long long/.  One in a comment, too.

2010-05-11  Eric Blake  <eblake@redhat.com>

	delMacvtap: typo fix
	* src/util/macvtap.c (delMacvtap): Fix documentation.

2010-05-10  Eric Blake  <eblake@redhat.com>

	maint: allow VPATH use of remote_protocol-structs
	* src/Makefile.am (remote_protocol-structs): Ensure file lives in srcdir.

	docs/Makefile.am: remove unnecessary subshells
	* docs/Makefile.am (ChangeLog.html.in, %.html.tmp, %.html)
	(html/index.html, $(devhelphtml)): Avoid spurious subshells.

2010-05-10  Eric Blake  <eblake@redhat.com>

	maint: avoid spurious output if program not present
	Some shells warn about missing programs before redirection;
	the idiomatic way to silence them is to run the program check
	inside a subshell, with the redirections outside the subshell.
	But a subshell is only needed in places where it is reasonable
	to expect the use of such a noisy shell in the first place.

	* src/Makefile.am (remote_protocol-structs): Use subshell, for
	FreeBSD 8.0 /bin/sh.
	* cfg.mk (sc_preprocessor_indentation): Avoid subshell, since the
	only users running cfg.mk can be assumed to have decent tools.

2010-05-10  Eric Blake  <eblake@redhat.com>

	storage_encryption: silence clang warning
	For printf("%*s",foo,bar), clang complains if foo is not int:

	warning: field width should have type 'int', but argument has
	type 'unsigned int' [-Wformat]

	* src/conf/storage_encryption_conf.c
	(virStorageEncryptionSecretFormat, virStorageEncryptionFormat):
	Use correct type.
	* src/conf/storage_encryption_conf.h (virStorageEncryptionFormat):
	Likewise.

2010-05-08  Jim Meyering  <meyering@redhat.com>

	help avoid accidental remote_protocol.x changes
	Now, if you update remote_protocol.x without also updating
	remote_protocol-structs to match, then "make check" will fail.
	* src/Makefile.am (remote_protocol-structs): Extract list of
	structs and member names from remote_protocol.o.
	(check-local): Depend on it.
	* src/remote_protocol-structs: New file.

2010-05-07  Eric Blake  <eblake@redhat.com>

	mingw32-libvirt.spec: bring up to date
	Right now, mingw32-portablexdr is not available in Fedora, but is
	present in fedora-mingw.git.  With that package, plus
	redhat-rpm-config and this patch, it is once again possible to build
	mingw32-libvirt from a Fedora 12 host.

	* mingw32-libvirt.spec.in (__debug_install_post): Override.
	(%files): Mention recent additions.

2010-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Manually revert "Fix pthread related link error for virt-aa-helper"
	This reverts commit b5b8a6db69ba16a8225962bf7659b6ff6756bc18.

	That commit was not necessary. The problem is fixed by commit
	0e9b3a269be9ce821615aba4aece87c4451d43ac, but I didn't rebuild
	it properly after pulling in the commit and didn't notice it.

2010-05-07  Ersek Laszlo  <lacos@caesar.elte.hu>

	Fix a typo in docs

2010-05-07  Eric Blake  <eblake@redhat.com>

	build: use LIBADD, not LDFLAGS, for adding libraries
	Per automake, LDFLAGS is used early in the line, and LIBADD
	(libraries) or LDADD (programs) is used late.  On platforms like
	cygwin, without lazy linking, this order matters.  Therefore, libtool
	commands, -L, and similar should be in LDFLAGS, but -l should be in
	L*ADD.

	* src/Makefile.am (*_LDFLAGS): Move libraries...
	(*_LIBADD): ...to their LIBADD counterpart.

2010-05-07  Eric Blake  <eblake@redhat.com>

	maint: whitespace cleanups
	* src/Makefile.am: Fix some space-tab issues.

2010-05-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix pthread related link error for virt-aa-helper
	Link virt-aa-helper explicitly with pthread. This is at least
	required on Ubuntu 10.04.

	qemu: Fix warning about a non-literal format string

2010-05-07  Jim Meyering  <meyering@redhat.com>

	avoid link error in tests using libvirt_util; due to pthread_sigmask
	* src/Makefile.am (libvirt_util_la_LDFLAGS): Add $(LIB_PTHREAD),
	required, now that we're using gnulib's pthread module.

2010-05-07  Matthew Booth  <mbooth@redhat.com>

	Remove unused nwfilter field from struct remote_error
	Change 965466c1 added a new field to struct remote_error, which broke
	the RPC protocol. Fortunately the new field is unused, so this change
	simply removes it again.

	* src/remote/remote_protocol.(c|h|x): Remove remote_nwfilter from struct
	  remote_error

2010-05-06  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI disk unplugging
	With the introduction of the generic qemu device model, unplugging
	SCSI disks works like a charm, so support it in libvirt.

	* src/qemu/qemu_driver.c: Add qemudDomainDetachSCSIDiskDevice() to do the
	  unplugging, extend qemudDomainDetachDeviceAdd().

2010-05-06  Eric Blake  <eblake@redhat.com>

	qemu: use better types
	* src/qemu/qemu_driver.c (qemudFindDisk): Mark parameter const.
	(qemudShrinkDisks): Mark parameter unsigned.

2010-05-06  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Refactor disk unplugging
	We can reuse some of the code for other purposes.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: simplify checks for sched.h
	* configure.ac: Remove redundant checks.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: update gnulib
	81 patches to gnulib, picks up several new syntax checks.

	* .gnulib: Update to latest.
	* .x-sc_prohibit_always_true_header_tests: New file.
	* bootstrap.conf (gnulib_modules): Add sched.
	* src/util/processinfo.c (includes): <sched.h> is now guaranteed.
	* src/network/bridge_driver.c (includes): Drop useless
	<strings.h>.
	* src/openvz/openvz_conf.c (includes): Likewise.
	* src/openvz/openvz_driver.c (includes): Likewise.
	* src/phyp/phyp_driver.c (includes): Likewise.
	* src/qemu/qemu_driver.c (includes): Likewise.
	* src/uml/uml_driver.c (includes): Likewise.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: drop more redundant configure checks
	* configure.ac (AC_CHECK_FUNCS_ONCE, AC_SYS_LARGEFILE): Rely on
	gnulib for strtok_r and large file support.
	(AC_OBJEXT): Drop call now done by AC_PROG_CC.
	(m4_foreach_w): Drop macro guaranteed by gnulib.
	(AC_C_CONST): Drop call declared obsolete by autoconf.

	build: use gnulib's sys/wait.h
	* configure.ac: Drop sys/wait.h check.
	* src/libvirt.c (includes): Use header unconditionally.
	* src/remote/remote_driver.c (includes): Likewise.
	* src/storage/storage_backend.c (includes): Likewise.
	* src/util/ebtables.c (includes): Likewise.
	* src/util/hooks.c (includes): Likewise.
	* src/util/iptables.c (includes): Likewise.
	* src/util/util.c (includes): Likewise.

	build: use gnulib's uname
	* bootstrap.conf (gnulib_modules): Add uname.
	* configure.ac: Drop uname and sys/utsname.h checks.
	* src/nodeinfo.c (nodeGetInfo): Use uname unconditionally.

2010-05-06  Eric Blake  <eblake@redhat.com>

	build: rely on gnulib's pthread module
	Gnulib can guarantee that pthread.h exists, but for now, it is a dummy
	header with no support for most pthread_* functions.  Modify our
	use of pthread to use function checks, rather than header checks,
	to determine how much pthread support is present.

	* bootstrap.conf (gnulib_modules): Add pthread.
	* configure.ac: Drop all pthread.h checks.  Optimize function
	checks.  Add check for pthread functions.
	* src/Makefile.am (libvirt_lxc_LDADD): Ensure proper link.
	* src/remote/remote_driver.c (remoteIOEventLoop): Depend on
	pthread_sigmask, now that gnulib guarantees pthread.h.
	* src/util/util.c (virFork): Likewise.
	* src/util/threads.c (threads-pthread.c): Depend on
	pthread_mutexattr_init, as a witness of full pthread support.
	* src/util/threads.h (threads-pthread.h): Likewise.

2010-05-05  Eric Blake  <eblake@redhat.com>

	build: silence a clang false positive
	* src/qemu/qemu_monitor.c (qemuMonitorIOWriteWithFD): Work around
	recent clang shortcoming in analysis.

2010-05-05  Stefan Berger  <stefanb@us.ibm.com>

	rpmbuild: add ebtables & ip(6)tables dependency for rpm
	Add ebtables,iptables & iptables-ipv6 dependency to rpm.

	Changes from V1 to V2:
	  -passing --without-libpcap to configure script, if libpcap is not to be used

2010-05-05  Eric Blake  <eblake@redhat.com>

	util: fix va_start usage bug
	Detected by clang.  POSIX requires that the second argument to
	va_start be the name of the last variable; and in some implementations,
	passing *path instead of path would dereference bogus memory instead
	of pulling arguments off the stack.

	* src/util/util.c (virBuildPathInternal): Use correct argument to
	va_start.

2010-05-05  Kenneth Nagin  <NAGIN@il.ibm.com>

	qemu: live migration with non-shared storage for kvm
	Support for live migration between hosts that do not share storage was
	added to qemu-kvm release 0.12.1.
	It supports two flags:
	-b migration without shared storage with full disk copy
	-i migration without shared storage with incremental copy (same base image
	shared between source and destination).

	I tested the live migration without shared storage (both flags) for native
	and p2p with and without tunnelling.  I also verified that the fix doesn't
	affect normal migration with shared storage.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	configure.ac: Avoid uname, which breaks cross-compilation
	When cross-compiling on Linux, configure will misdetect the target as
	Linux because it uses uname instead of relying on the $host variable.
	This results in including libvirt_linux.syms into libvirt.syms and
	therefore trying to export undefined symbols.

	Replace uname checks with $host checks to fix this.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	Don't wipe generated iface target in active domains
	Wipe generated interface target only when reading configuration of
	inactive domains.

2010-05-04  Daniel Veillard  <veillard@redhat.com>

	Various fixes for the spec file
	This includes various things:
	 - fix the Requires: libvirt-client to use %{name} to allow easy
	   renaming
	 - when building ESX support one need libcurl-devel
	 - remove Makefile[.in] from xml/nwfilter in the docs, as this breaks
	   parallel install ation of i686 and x86_64 packages
	 - don't include nwfilter config files if not building with the daemon
	all relatively trivial which is why I packed them together
	* libvirt.spec.in: fix various small bugs

2010-05-04  Jim Meyering  <meyering@redhat.com>

	docs: hacking: explain why using curly braces well is important
	* docs/hacking.html.in: Use the "curly braces" section from coreutils'
	HACKING, adapting for libvirt's different formatting style.
	* HACKING: Sync from the above, still mostly manually.

2010-05-04  Jiri Denemark  <jdenemar@redhat.com>

	lxc: Check domain is active/inactive as required by operation
	Report VIR_ERR_OPERATION_INVALID when operation which requires running
	domain is called on inactive domain and vice versa.

	lxc: Make SetMemory work for active domains only

	lxc: Use virDomainFindByUUID for domain lookup
	Consistently use virDomainFindByUUID instead of virDomainFindByID and
	virDomainFindByName and report VIR_ERR_NO_DOMAIN when domain cannot be
	found.

2010-05-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix two undefined symbols
	Add an empty body for virCondWaitUntil and move virPipeReadUntilEOF
	out of the '#ifndef WIN32' block, because it compiles fine with MinGW
	in combination with gnulib.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	Necessary on cygwin, where uid_t and gid_t are 4-byte long rather
	than int, causing gcc -Wformat warnings.

	* src/util/util.c (virFileOperationNoFork, virDirCreateNoFork)
	(virFileOperation, virDirCreate, virGetUserEnt): Cast uid_t and
	gid_t before passing to printf.
	* .gitignore: Ignore Windows executables.

2010-05-04  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: skip some interfaces on filter update
	When a filter is updated, only those interfaces must have their old
	rules cleared that either reference the filter directly or indirectly
	through another filter. Remember between the different steps of the
	instantiation of the filters which interfaces must be skipped. I am
	using a hash map to remember the names of the interfaces and store a
	bogus pointer to ~0 into it that need not be freed.

	pass info where request stems from to have rules applied
	For the decision on whether to instantiate the rules, the check for a
	pending IP address learn request is not sufficient since then only the
	thread could instantiate the rules. So, a boolean needs to be passed
	when the thread instantiates the filter rules late and the IP address
	learn request is still pending in order to override the check for the
	pending learn request. If the rules are to be updated while the thread
	is active, this will not be done immediately but the thread will do that
	later on.

2010-05-04  Eric Blake  <eblake@redhat.com>

	build: prefer WIN32 over __MINGW32__ checks
	WIN32 is always defined when __MINGW32__ is defined, but the
	converse is not true.  WIN32 is more generic, if someone were
	to ever attempt porting to a microsoft compiler.  This does
	not affect Cygwin, which intentionally does not define WIN32.

	* src/qemu/qemu_driver.c (qemuDomainGetBlockInfo): Use more
	generic flag macro.
	* src/storage/storage_backend.c
	(virStorageBackendUpdateVolTargetInfoFD)
	(virStorageBackendRunProgRegex): Likewise.
	* tools/console.h (vshRunConsole): Likewise.

2010-05-03  Ryota Ozaki  <ozaki.ryota@gmail.com>

	cgroup: Fix possible memory leak in virCgroupMakeGroup
	* src/util/cgroup.c: free temporal path string before breaking loop

2010-05-03  Eric Blake  <eblake@redhat.com>

	dnsmasqReload: avoid mingw link failure
	* src/util/dnsmasq.c (dnsmasqReload): Mingw lacks kill, but is not
	running a dnsmasq daemon either.

2010-05-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	mingw: Fix symbol export
	In commit 98fb83ce25f46e0236706fa6e0943032d921935f I changed the
	version script handling. But it seems that I didn't test this properly
	and broke it. The .def file is passed to the compiler directly, but it
	should get passed to the linker instead.

	Set VERSION_SCRIPT_FLAGS to -Wl, to pass the .def file correctly to
	the linker.

	This fixes the undefined symbol errors while linking virsh.

2010-05-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	dnsmasq.c: Fix OOM error reporting
	Also do some indentation clean up.

2010-05-03  Laine Stump  <laine@laine.org>

	Fix memory leaks in cmdInterfaceEdit and cmdNWFilterEdit.
	This applies a fix to thos functions similar to that made to cmdEdit
	in 270895063d1cf86ab42fa220a8d090c24d58dbc0, thus fnixing a memory
	leak - if tmp is unlinked and NULLed early in the function, the memory
	used by tmp is never freed. Since we will always unlink tmp prior to
	freeing its memory at the end of the function, just remove the earlier
	code and let cleanup: do the cleanup.

2010-05-03  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: Fix failure on starting a domain with multiple interfaces
	[Error message]
	error: Failed to start domain lxc_test1
	error: internal error Failed to create veth device pair: 512

	The reason of the failure is that lxc driver unexpectedly re-uses
	an auto-assigned veth name and tries to create the created veth
	again. The failure will happen when a domain has multiple network
	interfaces and the names of those are not specified in XML.

	The patch fixes the problem by resetting buffers of veth names
	in every iteration of creating veth.

	* src/lxc/lxc_driver.c: prevent re-using auto-assigned veth name
	  Reported by Kumar L Srikanth-B22348.

2010-04-30  Eric Blake  <eblake@redhat.com>

	autobuild.sh: provide default prefix
	Without this patch and with a clean environment, ./autobuild.sh
	tried to use ./configure --prefix=/, and fails.

	* autobuild.sh (AUTOBUILD_INSTALL_ROOT): Provide sensible
	default.  Suggested by Daniel P. Berrange.

2010-04-30  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.1
	* configure.ac docs/news.html.in libvirt.spec.in: updates for release
	* po/*.po*: updated localizations and regenerated

2010-04-30  Cole Robinson  <crobinso@redhat.com>

	domain: Fix PCI address decimal parsing regression
	<hostdev> address parsing previously attempted to detect the number
	base: currently it is hardcoded to base 16, which can break PCI
	assignment via virt-manager. Revert to the previous behavior.

	* src/conf/domain_conf.c: virDomainDevicePCIAddressParseXML, switch to
	  virStrToLong_ui(bus, NULL, 0, ...) to autodetect base

2010-04-30  Daniel P. Berrange  <berrange@redhat.com>

	Add support for another explicit IO error event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_IO_ERROR_REASON

	This event is the same as the previous VIR_DOMAIN_ID_IO_ERROR
	event, but also includes a string describing the cause of
	the event.

	Thus there is a new callback definition for this event type

	typedef void (*virConnectDomainEventIOErrorReasonCallback)(virConnectPtr conn,
	                                                           virDomainPtr dom,
	                                                           const char *srcPath,
	                                                           const char *devAlias,
	                                                           int action,
	                                                           const char *reason,
	                                                           void *opaque);

	This is currently wired up to the QEMU block IO error events

	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

2010-04-30  Jiri Denemark  <jdenemar@redhat.com>

	Report all errors in SELinuxRestoreSecurityFileLabel

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	Prevent updates while IP address learn thread is running
	Prevent updating and tearing down of filter while the IP
	address learning thread is running and has its own filtering
	rules applied.

	Syncronize the teardown of rules with the thread
	Introduce a function to notify the IP address learning
	thread to terminate and thus release the lock on the interface.
	Notify the thread before grabbing the lock on the interface
	and tearing down the rules. This prevents a 'virsh destroy' to
	tear down the rules that the IP address learning thread has
	applied.

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	Clean all tables before applying 'basic' rules
	The functions invoked by the IP address learning thread
	that apply some basic filtering rules did not clean up
	any previous filtering rules that may still be there
	(due to a libvirt restart for example). With the
	patch below all the rules are cleaned up first.

	Also, I am introducing a function to drop all traffic
	in case the IP address learning thread could not apply
	the rules.

2010-04-30  Daniel Veillard  <veillard@redhat.com>

	MAke virFileHasSuffix case insensitive
	* src/util/util.c: as it's used for checking things like .iso suffixes

2010-04-30  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Also pick IP address from a DHCP ACK message
	The local DHCP server on virtbr0 sends DHCP ACK messages when a VM is
	started and requests an IP address while the initial DHCP lease on the
	VM's MAC address hasn't expired. So, also pick the IP address of the VM
	if that type of message is seen.
	Thanks to Gerhard Stenzel for providing a test case for this.

	Changes from V1 to V2:
	- cleanup: replacing DHCP option numbers through constants

2010-04-30  Dustin Kirkland  <kirkland@canonical.com>

	Fix virt-pki-validate's determination of CN
	Ubuntu's gntls package generates an Issuer line that looks like this:
	        Issuer: C=US,ST=NY,L=Rochester,O=example.com,CN=example.com CA,EMAIL=hostmaster@example.com

	While Red Hat's looks like this
	Issuer: CN=Red Hat Emerging Technologies

	Note the leading whitespace, and the additional fields in the former.

	This patch updates the regular expression to:
	 * trim leading characters before "Issuer:"
	 * trim anything between Issuer: and CN=
	 * trim anything after the next ,

	I've tested this against the certool output of both RH and Ubuntu
	generated certs.

2010-04-29  Jim Meyering  <meyering@redhat.com>

	qemudDomainSaveFlag: remove dead store
	* src/qemu/qemu_driver.c (qemudDomainSaveFlag): Remove dead store to "rc".

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of disk in IO events
	When using -device syntax, the IO event will have a different
	prefix, 'drive-' that needs to be skipped over before matching
	against the libvirt disk alias

	* src/qemu/qemu_driver.c: Skip QEMU_DRIVE_HOST_PREFIX in IO event

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Implement python binding for virDomainGetBlockInfo
	This binds the virDomainGetBlockInfo API to python's blockInfo
	method on the domain object

	>>> c = libvirt.openReadOnly('qemu:///session')
	>>> d = c.lookupByName('demo')
	>>> f = d.blockInfo("/dev/loop0", 0)
	>>> print f
	[1048576000L, 104857600L, 104857600L]

	* python/libvirt-override-api.xml: Define override signature
	* python/generator.py: Skip C impl generator for virDomainGetBlockInfo
	* python/libvirt-override.c: Manual impl of virDomainGetBlockInfo

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Add new domblkinfo command to virsh
	  virsh # domblkinfo demoguest /dev/hda2
	  Capacity:       1048576000
	  Allocation:     104857600
	  Physical:       104857600

	* tools/virsh.c: Implement domblkinfo command mapping to the
	  new virDomainGetBlockInfo API

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Implement virDomainGetBlockInfo in QEMU driver
	* src/qemu/qemu_driver.c: Implementation of virDomainGetBlockInfo
	* src/util/storage_file.h: Add DEV_BSIZE
	* src/storage/storage_backend.c: Remove DEV_BSIZE

	Remote protocol impl for virDomainGetBlockInfo
	* daemon/remote.c: Server side dispatcher
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h: Update
	  with new API
	* src/remote/remote_driver.c: Client side dispatcher
	* src/remote/remote_protocol.c, src/remote/remote_protocol.h: Update
	* src/remote/remote_protocol.x: Define new wire protocol

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Internal driver API infrastructure for virDomainGetBlockInfo
	This defines the internal driver API and stubs out each driver

	* src/driver.h: Define virDrvDomainGetBlockInfo signature
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to drivers
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Stub out driver

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Add virDomainGetBlockInfo API to query disk sizing
	Some applications need to be able to query a guest's disk info,
	even for paths not managed by the storage pool APIs. This adds
	a very simple API to get this information, modelled on the
	virStorageVolGetInfo API, but with an extra field 'physical'.
	Normally 'physical' and 'allocation' will be identical, but
	in the case of a qcow2-like file stored inside a block device
	'physical' will give the block device size, while 'allocation'
	will give the qcow2 image size

	* include/libvirt/libvirt.h.in: Define virDomainGetBlockInfo

2010-04-29  Chris Lalancette  <clalance@redhat.com>

	Fix a virsh edit memory leak
	When running virsh edit, we are unlinking and setting
	the tmp variable to NULL before going to the end of the
	function, meaning that we never free tmp.  Since the
	exit to the function will always unlink and free tmp,
	just remove this bit of code and let it get done at the
	end.

	Fix a qemuDomainPCIAddressSetFree memory leak
	qemuDomainPCIAddressSetFree was freeing up the hash
	table for the pci addresses, but not freeing up the addr
	structure.  Looking over the callers of this function, it
	seems like they expect it to also free up the structure,
	so do that here.

	Fix a memory leak in the node_device_udev code
	We were over-writing a pointer without freeing it in
	case of a disk device, leading to a memory leak.

	Fix build on Ubuntu.
	When building on Ubuntu with make -j3 (or more), it would always
	fail when trying to build virt-aa-helper.  I'm not an expert in
	automake by any means, but I think the entry for virt-aa-helper
	is mis-using LDADD; it shouldn't be putting direct paths to
	libvirt_conf.la and libvirt_util.la, but instead referencing those
	names.  With this patch in place, I'm able to successfully build
	on Ubuntu 9.04 with make -j3.

	Report better error if qemuSnapshotIsAllowed failed.

2010-04-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove unused goto label from qemudDomainCreate
	The previous commit changes a goto from 'endjob' to 'cleanup',
	leaving the endjob label unused. Remove it to avoid compile
	warning.

	* src/qemu/qemu_driver.c: Remove 'endjob' label

2010-04-29  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: python bindings for nwfilter
	I have primarily followed the pattern of the 'secret' driver to provide
	support for the missing python bindings for the network filter API.

2010-04-29  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotCreateXML: avoid NULL dereferences
	* src/qemu/qemu_driver.c (qemuDomainSnapshotCreateXML): When setting
	"vm" to NULL, jump over vm-dereferencing code to "cleanup".
	(qemuDomainRevertToSnapshot): Likewise.

	qemudDomainCreate: correct a slightly misdirected goto
	* src/qemu/qemu_driver.c (qemudDomainCreate): Goto cleanup,
	not "endjob", since we know "vm" is already NULL.  No semantic change.

2010-04-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin/mingw: Fix version script handling
	Let configure detect ld instead of hardcoding /usr/bin/ld, because
	MinGW may have ld in /bin.

	Only use a .def file to export symbols on MinGW. Cygwin's ld supports
	the normal .syms file used on Linux.

2010-04-28  Eric Blake  <eblake@redhat.com>

	build: fix autogen rule for VPATH build
	* cfg.mk (gnulib_srcdir): Override maint.mk default.
	(_update_required): Run in correct directory.

2010-04-28  Daniel Veillard  <veillard@redhat.com>

	Move dnsmasq host file to a separate directory
	use /var/lib/libvirt/dnsmasq since /var/lib/libvirt/network is
	unreadable by the dnsmasq binary

	* src/network/bridge_driver.c: update DNSMASQ_STATE_DIR
	* src/Makefile.am: create it on make install
	* libvirt.spec.in: take the new directory into account

2010-04-28  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: allow to mix filterrefs and rules in the schema
	So far the references to other filters needed to appear before filtering
	rules. With the below patch they can now appear in any order.

	Also I forgot to add a couple of 'rarp's.

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of security driver restore failures in QEMU domain save
	In cases where the security driver failed to restore a label after a
	guest has saved, we mistakenly jumped to the error cleanup paths.
	This is not good, because the operation has in fact completed and
	cannot be rolled back completely. Label restore is non-critical, so
	just log the problem instead. Also add a missing restore call in
	the error cleanup path

	* src/qemu/qemu_driver.c: Fix handling of security driver
	  restore failures in QEMU domain save

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU domain save to block devices with cgroups enabled
	When cgroups is enabled, access to block devices is likely to be
	restricted to a whitelist. Prior to saving a guest to a block device,
	it is necessary to add the block device to the whitelist. This is
	not required upon restore, since QEMU reads from stdin

	* src/qemu/qemu_driver.c: Add block device to cgroups whitelist
	  if neccessary during domain save.

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU save/restore with block devices
	The save process was relying on use of the shell >> append
	operator to ensure the save data was placed after the libvirt
	header + XML. This doesn't work for block devices though.
	Replace this code with use of 'dd' and its 'seek' parameter.
	This means that we need to pad the header + XML out to a
	multiple of dd block size (in this case we choose 512).

	The qemuMonitorMigateToCommand() monitor API is used for both
	save/coredump, and migration via UNIX socket. We can't simply
	switch this to use 'dd' since this causes problems with the
	migration usage. Thus, create a dedicated qemuMonitorMigateToFile
	which can accept an filename + offset, and remove the filename
	from the current qemuMonitorMigateToCommand() API

	* src/qemu/qemu_driver.c: Switch to qemuMonitorMigateToFile
	  for save and core dump
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Create
	  a new qemuMonitorMigateToFile, separate from the existing
	  qemuMonitorMigateToCommand to allow handling file offsets

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Avoid create/unlink with block devs used for QEMU save
	It is possible to use block devices with domain save/restore. Upon
	failure QEMU unlinks the path being saved to. This isn't good when
	it is a block device !

	* src/qemu/qemu_driver.c: Don't unlink block devices if save fails

2010-04-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash when cleaning up from failed save attempt
	If a transient QEMU crashes during save attempt, then the virDomainPtr
	object may be freed. If a persistent QEMU crashes during save, then
	the 'priv->mon' field is no longer valid since it will be inactive.

	* src/qemu/qemu_driver.c: Fix two crashes when QEMU exits
	  during a save attempt

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: let qemu's after-migration packet pass
	Qemu currently sends an Ethernet packet with protocol id 0x835 once a VM
	was successfully migrated. The content of the packet looks like a
	gratuitous RARP, just with the wrong protocol ID, which should be
	0x8035. I wrote some filters to let either one of the packets pass and
	am adapting the clean-traffic sample filter to use it. I am also
	doing some changes on the existing ARP filter which was lacking a
	test for source MAC address.

2010-04-27  Chris Lalancette  <clalance@redhat.com>

	Fix up the error message if we can't parse the snapshot XML.

2010-04-27  Klaus Ethgen  <Klaus@Ethgen.de>

	The base used for conversion of USB values should be 16 not 10.

2010-04-27  Chris Lalancette  <clalance@redhat.com>

	Fix up the locking in the snapshot code.
	In particular I was forgetting to take the qemuMonitorPrivatePtr
	lock (via qemuDomainObjBeginJob), which would cause problems
	if two users tried to access the same domain at the same time.
	This patch also fixes a problem where I was forgetting to remove
	a transient domain from the list of domains.

	Thanks to Stephen Shaw for pointing out the problem and testing
	out the initial patch.

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	cleanup the download section of the documentation
	Just removing reverences to the deprecated CVS server and the old git
	on et.redhat.com

2010-04-27  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for RAPR protocol
	This patch adds support for the RARP protocol. This may be needed due to
	qemu sending out a RARP packet (at least that's what it seems to want to
	do even though the protocol id is wrong) when migration finishes and
	we'd need a rule to let the packets pass.

	Unfortunately my installation of ebtables does not understand -p RARP
	and also seems to otherwise depend on strings in /etc/ethertype
	translated to protocol identifiers. Therefore I need to pass -p 0x8035
	for RARP. To generally get rid of the dependency of that file I switch
	all so far supported protocols to use their protocol identifier in the
	-p parameter rather than the string.

	I am also extending the schema and added a test case.

	changes from v1 to v2:
	- added test case into patch

2010-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Ignore qemu STOP event when stopping CPUs
	With JSON qemu monitor, we get a STOP event from qemu whenever qemu
	stops guests CPUs. The downside of it is that vm->state is changed to
	PAUSED and a new generic paused event is send to applications. However,
	when we ask qemu to stop the CPUs we are not really interested in qemu
	event and we usually want to issue a more specific event.

	By setting vm->status to PAUSED before actually sending the request to
	qemu (and resetting it back if the request fails) we can ignore the
	event since the event handler does nothing when the guest is already
	paused. This solution is quite hacky but unfortunately it's the best
	solution which I was able to come up with and it doesn't introduce a
	race condition.

2010-04-27  Jiri Denemark  <jdenemar@redhat.com>

	Fix build with DEBUG_RAW_IO=1

2010-04-27  David Allan  <dallan@redhat.com>

	Fix indentation for storage conf XML
	* virStorageEncryptionFormat is called from both
	  virDomainDiskDefFormat and virStorageVolTargetDefFormat.  The proper
	  indentation in the generated XML depends on the caller.  My earlier
	  patch to fix the incorrect indentation for the domain XML broke the
	  indentation for the storage XML.  This patch adopts Laine's
	  suggestion of requring the caller of virStorageEncryptionFormat to
	  provide an unsigned int with the number of spaces the output should
	  be indented.  The patch modifies both callers to provide the
	  additional argument.

	* Add a regression test for the domain XML

	* src/conf/domain_conf.c src/conf/storage_conf.c
	  src/conf/storage_encryption_conf.c src/conf/storage_encryption_conf.h:
	  change the indentation code
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-encrypted-disk.xml: add a regression test

2010-04-27  Daniel Veillard  <veillard@redhat.com>

	Don't try to build qemu and lxc on non-Linux platforms
	as their drivers requires linux only headers

2010-04-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Handle differences in the XDR implementation
	Cygwin's XDR implementation defines xdr_u_int64_t instead of
	xdr_uint64_t and lacks IXDR_PUT_INT32/IXDR_GET_INT32.

	Alter the IXDR_GET_LONG regex in rpcgen_fix.pl so it doesn't destroy
	the #define IXDR_GET_INT32 IXDR_GET_LONG in remote_protocol.x.

	Also fix the remote_protocol.h regex in rpcgen_fix.pl.

2010-04-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cygwin's GCC doesn't like this .sa_handler initialization for some reason

	linux/if.h header is not available on non-Linux platforms

2010-04-26  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: enable hex number inputs in filter XML
	With this patch I want to enable hex number inputs in the filter XML. A
	number that was entered as hex is also printed as hex unless a string
	representing the meaning can be found.

	I am also extending the schema and adding a test case. A problem with
	the DSCP value is fixed on the way as well.

	Changes from V1 to V2:

	- using asHex boolean in all printf type of functions to select the
	output format in hex or decimal format

2010-04-26  Satoru SATOH  <satoru.satoh@gmail.com>

	Starts dnsmasq from libvirtd with --dhcp-hostsfile option
	This patch makes libvirtd start the dnsmasq daemon with a
	--dhcp-hostsfile option instead of --dhcp-host options for each
	'//ip/dhcp/host' entries defined in network xml file.

	the dnsmasq host file is stored into /var/lib/libvirt/network

	* src/network/bridge_driver.c: define the directory for the hostfiles
	  and save/delete them to be used by dnsmasq

2010-04-26  Satoru SATOH  <satoru.satoh@gmail.com>

	Add build support for dnsmasq module
	* po/POTFILES.in: the new module contains translatable strings
	* src/Makefile.am: include the files in the utils set
	* src/libvirt_private.syms: exports the symbols internally

2010-04-26  Satoru SATOH  <satoru.satoh@gmail.com>

	Add dnsmasq module files
	It implements an idea to save dhcp hosts' macaddr vs. ipaddr mappings to
	static file and make dnsmasq loading it with "--dhcp-hostsfile" option,
	originally suggested by Dan, and can address the problem that too
	many "--dhcp-host" args hitting ARG_MAX limit

	* src/util/dnsmasq.h src/util/dnsmasq.c: adds the 2 new files

2010-04-26  Daniel Veillard  <veillard@redhat.com>

	Fix make dist missing ESX generated files
	new method generated files are missing from dist tarball.

2010-04-23  Chris Lalancette  <clalance@redhat.com>

	Fix memory leak in virsh snapshot-list.
	We were forgetting to release the memory allocated by
	virDomainSnapshotListNames.  Free the memory properly.

	Fix printing of pathnames on error in qemuDomainSnapshotLoad.
	While doing some testing of the snapshot code I noticed that
	if qemuDomainSnapshotLoad failed, it would print a NULL as
	part of the error.  That's not desirable, so leave the
	full_path variable around until after we are done printing
	errors.

	Fix virDomainSnapshotObjFree memory leak.
	We were freeing the virDomainSnapshotDefPtr, but not
	the virDomainSnapshotObjPtr in virDomainSnapshotObjFree.

	Make virDomainSnapshotObjListDeinit static.

	Fix a memory leak in the snapshot code in libvirtd.
	While running libvirtd under valgrind and doing some
	snapshot testing I noticed that we would always leak a
	connection reference.  The problem was actually that we
	were leaking a domain reference in the libvirtd remote
	snapshot code, which was in turn causing a leaked
	connection reference.  Fix the situation by explicitly
	taking and dropping a domain reference where we need it.

2010-04-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	cygwin: Check explicitly for getmntent_r
	Cygwin has mntent.h but lacks getmntent_r. Update preprocessor
	checks to catch this combination.

	Some NWFilter symbols are conditional and have to be exported conditional

	xen: Fix inside_daemon beeing unused when libvirtd is disabled
	The defined __sun is there, because inside_daemon is used in xenUnifiedOpen
	if __sun is defined.

	Disable stateful OpenNebula driver if libvirtd is disabled
	Also move the equivalent checks for LXC and UML before their header
	checks. This way configure doesn't check for the headers when the driver
	gets disabled anyway.

	Improve configure error message about missing Linux headers

2010-04-23  Eric Blake  <eblake@redhat.com>

	build: fix typo in previous commit
	* configure.ac: Avoid syntax error.

2010-04-23  Eric Blake  <eblake@redhat.com>

	build: don't include winsock2.h on cygwin
	Under cygwin, winsock2.h is intentionally incompatible with,
	<sys/socket.h>, and checking for existence is wrong.

	Under mingw, HAVE_WINSOCK2_H is defined on our behalf by
	gnulib, in a way that does not interfere with cygwin.

	* configure.ac: Drop unnecessary header check.
	Reported by Matthias Bolte.

2010-04-23  Luiz Capitulino  <lcapitulino@redhat.com>

	QEmu JSON drop timestamp from command object
	It's not needed and is currently ignored, but this is a bug.

	It will get fixed soon and QMP will return an error for keys
	it doesn't know about, this will break libvirt.

	* src/qemu/qemu_monitor_json.c: remove qemuMonitorJSONCommandAddTimestamp()
	  and the place where it's invoked in qemuMonitorJSONMakeCommand()

2010-04-23  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: extend schema + add testcase w/ connlimit-above
	I am extending the schema with the recently added connlimit-above
	attribute and adding a test case for it to the test suite.

2010-04-23  Marco Bozzolan  <redshift@gmx.com>

	maint: update AUTHORS
	* AUTHORS: Use preferred name.

2010-04-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in nwfilter driver check
	The nwfilterDriverActive() could de-reference a NULL pointer
	if it hadn't be started at the point it was called. It was
	also not thread safe, since it lacked locking around data
	accesses.

	* src/nwfilter/nwfilter_driver.c: Fix locking & NULL checks
	  in nwfilterDriverActive()

2010-04-22  Eric Blake  <eblake@redhat.com>

	addrToString: give better error message
	The user probably doesn't care what the gai error numbers are, as
	much as what the failed conversion IP address was.

	* src/remote/remote_driver.c (addrToString): Mention which address
	could not be converted.
	* daemon/remote.c (addrToString): Likewise.

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS with recent contributors
	git shortlog $(git log -1 --format=%H AUTHORS).. | grep -v "^ "

	then add missing entries to AUTHORS.

	* AUTHORS: Update.

2010-04-22  Spencer Shimko  <sshimko@tresys.com>

	qemu: fix security context references in DAC code
	* The error messages coming from qemu's DAC support contain strings
	  from the original SELinux security driver code.  This just removes
	  references to "security context" and other SELinux-isms from the DAC
	  code.

2010-04-22  Stefan Berger  <stefanb@us.ibm.com>

	Changes from V1 to V2:  - using INT_BUFSIZE_BOUND() to determine the length of the buffersize for printing and integer into
	 - not explicitly initializing static var threadsTerminate to false
	anymore, since that's done automatically

	Changes after V2:
	  - removed while looks in case of OOM error
	  - removed on ifaceDown() call
	  - preceding one ifaceDown() call with an ifaceCheck() call

	Since the name of an interface can be the same between stops and starts
	of different VMs I have to switch the IP address learning thread to use
	the index of the interface to determine whether an interface is still
	available or not - in the case of macvtap the thread needs to listen for
	traffic on the physical interface, thus having to time out periodically
	to check whether the VM's macvtap device is still there as an indication
	that the VM is still alive. Previously the following sequence of 2 VMs
	with macvtap device

	virsh start testvm1; virsh destroy testvm1 ; virsh start testvm2

	would not terminate the thread upon testvm1's destroy since the name of
	the interface on the host could be the same (i.e, macvtap0) on testvm1
	and testvm2, thus it was easily race-able. The thread would then
	determine the IP address parameter for testvm2 but apply the rule set
	for testvm1. :-(
	I am also introducing a lock for the interface (by name) that the thread
	must hold while it listens for the traffic and releases when it
	terminates upon VM termination or 0.5 second thereafter. Thus, the new
	thread for a newly started VM with the same interface name will not
	start while the old one still holds the lock. The only other code that I
	see that also needs to grab the lock to serialize operation is the one
	that tears down the firewall that were established on behalf of an
	interface.

	I am moving the code applying the 'basic' firewall rules during the IP
	address learning phase inside the thread but won't start the thread
	unless it is ensured that the firewall driver has the ability to apply
	the 'basic' firewall rules.

2010-04-22  David Allan  <dallan@redhat.com>

	Properly indent encryption tags
	* Fix for the bug reported at:

	https://bugzilla.redhat.com/show_bug.cgi?id=573908

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Fix locking in qemudDomainCoreDump
	The hang fix in d376b7d63ec1ef24ba4c812d58b9a414ddb561f8 was incomplete
	since it left quite a few {Enter,Exit}Monitor calls which require driver
	to be unlocked. Since the driver is locked throughout the whole
	function, {Enter,Exit}MonitorWithDriver need to be used instead to
	ensure driver is not locked when issuing monitor commands.

	Poll for migration end every 50ms instead of 50us
	The comment in qemuDomainWaitForMigrationComplete says we are polling
	every 50ms but the code sleeps only for 50us. This was already discussed
	during review but apparently forgotten when the series was pushed.

2010-04-22  Spencer Shimko  <sshimko@tresys.com>

	configure.ac SELinux fixes
	* Fix a logic error in configure.ac that prevented --with-selinux=no
	  from being used with --with-secdriver-selinux=no.

	* Fix some strings to clarify the difference between --with-selinux
	  and --with-secdriver-selinux.

2010-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU text monitor command error checking
	The text monitor code was checking for a '\n' prefix on several
	places. Previously this would work, but since the monitor code
	re-write the '\n' is already stripped off, so mustn't be checked
	for.

	* src/qemu/qemu_monitor_text.c: Fix monitor error checking

2010-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix CPU hotplug command names
	Probably as a result of a merge error, the CPU hotplug command
	names were completely wrong.

	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Fix
	  the CPU hotplug command names

2010-04-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix printing of event detail in python events demo program
	The events demo program is slightly misleading printing

	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Added

	which is not distinguishing Add vs Update events. It should have
	been doing

	  myDomainEventCallback1 EVENT: Domain f14i686(-1) Defined Updated

	* examples/domain-events/events-python/event-test.py: Fully print
	  event detail info string

2010-04-22  Dustin Kirkland  <kirkland@canonical.com>

	portability fixes to tools/virt-pki-validate.in
	A few fixes will help make tools/virt-pki-validate.in useful on Debian
	and Ubuntu.  And one fix should be useful to everyone (see #3).

	 1) note our gnutls-bin package (in addition to your gnutls-utils
	package) in the no-certtool error text

	 2) fix a bashism, == should be = in the case where /bin/sh is a symlink
	to dash

	 3) $(SYSCONFDIR) cannot evaluate; set a single shell SYSCONFDIR
	variable to the autoconf @SYSCONFDIR@ value, and use $SYSCONFDIR
	everywhere

	Bug report:
	 * https://bugs.edge.launchpad.net/ubuntu/+source/libvirt/+bug/562266

2010-04-22  Eric Blake  <eblake@redhat.com>

	maint: enforce whitespace on shell scripts
	Noticed because virt-pki-validate was very inconsistent on
	using tabs vs. 8 spaces, sometimes mixing both paradigms on
	a single line.

	'git diff -b' shows significant changes only in cfg.mk.

	* cfg.mk (sc_TAB_in_indentation): Add a few files.
	* daemon/libvirtd.init.in: Avoid tabs.
	* tools/virt-pki-validate.in: Likewise.

2010-04-22  Eric Blake  <eblake@redhat.com>

	testutilsqemu: avoid uninitialized variable
	* tests/testutilsqemu.c (testQemuCapsInit): Initialize variables.

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Fake host CPU for qemu tests

	Use configured CPU model if possible
	Adds ability to provide a preferred CPU model for CPUID data decoding.
	Such model would be considered as the best possible model (if it's
	supported by hypervisor) regardless on number of features which have to
	be added or removed for describing required CPU.

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Support removing features when converting data to CPU
	So far, when CPUID data were converted into CPU model and features, the
	features can only be added to the model. As a result, when a guest asked
	for something like "qemu64,-svm" it would get a qemu32 plus a bunch of
	additional features instead.

	This patch adds support for removing feature from the base model.
	Selection algorithm remains the same: the best CPU model is the model
	which requires lowest number of features to be added/removed from it.

2010-04-22  Jiri Denemark  <jdenemar@redhat.com>

	Move MIN macro to util.h so that others can use it

	Deal with CPU models in []
	Qemu committed a patch which list some CPU names in [] when asked for
	supported CPUs (qemu -cpu ?). Yet, it needs such CPUs to be passed
	without those square braces. When probing for supported CPU models, we
	can just strip the square braces and pretend we have never seen them.

	Fix initial VCPU pinning in qemu driver
	First, inital VCPU pinning is set correctly but then it is reset by
	assigning qemu process to a new cgroup (which contains all CPUs). It's
	easily fixed by swapping these two actions.

2010-04-21  Eric Blake  <eblake@redhat.com>

	maint: ignore 'make syntax-check' failure files
	* .gitignore: Add exemption.
	* cfg.mk (local-checks-to-skip): Ignore a test to silence a skip
	warning.

2010-04-21  Chris Lalancette  <clalance@redhat.com>

	Make avahi startup more robust.
	If the hostname of the current virtualization machine
	could not be resolved, then libvirtd would fail to
	start.  However, for disconnected operation (on a laptop,
	for instance) the hostname may very legitimately not
	be resolvable.  This patch makes it so that if we can't
	resolve the hostname, avahi doesn't fail, it just uses
	a less useful MDNS string.

2010-04-21  Guido Günther  <agx@sigxcpu.org>

	Ignore empty type attribute in driver element of virtual disks
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578347

2010-04-21  Eric Blake  <eblake@redhat.com>

	build: fix preprocessor indentation
	* src/esx/esx_vi.h: Placate cppi.

2010-04-21  Chris Wong  <wongc-redhat@hoku.net>

	esx: Don't treat an empty root snapshot list as error
	An empty root snapshot list was considered as error condition. Creating a
	new snapshot would fail if the domain didn't have snapshots yet, because
	the snapshot-create function tries to lookup the list of existing snapshots
	in order to verify that the snapshot name is unique. This fails if the
	domain doesn't have snapshots yet.

	Removing the NULL check from esxVI_LookupRootSnapshotTreeList fixes this.

2010-04-21  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Gather some XML generation macros in esx_vi.h

	esx: Fix FindByIp response handling
	FindByIp may return nothing if there is no host or virtual machine
	with the given IP address. Handle that case properly.

	esx: Fix virtualHW.version generation
	The supported virtualHW.version doesn't depend on the API version,
	but on the product version.

2010-04-20  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: add support for connlimit match
	This patch adds support for the connlimit match in iptables that is used
	to limit the number of outgoing directions.

	Extend fwall-drv interface and call functions via interface
	I am moving some of the eb/iptables related functions into the interface
	of the firewall driver and am making them only accessible via the driver's
	interface. Otherwise exsiting code is adapted where needed. I am adding one
	new function to the interface that checks whether the 'basic' rules can be
	applied,  which will then be used by a subsequent patch.

2010-04-20  Eric Blake  <eblake@redhat.com>

	build: avoid compiler warning
	According to GCC, ATTRIBUTE_UNUSED means that an attribute _might_
	be unused, not _must_ be unused.  Therefore, it is easier to
	blindly mark a variable, than to try and do preprocessor limiting
	of when we know it is unused.

	* src/remote/remote_driver.c (remoteAuthenticate): Mark attribute
	as potentially unused.
	Reported by Gustovo Morozowski.

2010-04-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Explicitly set virStoragePoolTypeInfo FS and NETFS defaults
	No semantic change, the now explicitly set default are all zero and
	that's what GCC sets unspecified struct members to.

	esx: Add support for the VMXNET 2 (Enhanced) NIC model
	Add a test case and document it.

	Mark in_open parameter of remoteAuthenticate as unused when it's unused
	Otherwise compiling with -Werror will fail.

2010-04-20  Philipp Hahn  <hahn@univention.de>

	Install nwfilter xml files from source directory.
	During an out-of-tree build, the current working directory is the build
	directory. Since the FILTERS are static and not modified or
	auto-generated during the build process, they need to be explicitly
	fetched from the source directory during install.

	Prefix the files with $(srcdir), which gets expanded to the absolute or
	relative path to the source directory, even when duing out-of-tree
	builds.

2010-04-20  Philipp Hahn  <hahn@univention.de>

	Don't ship generated python/libvirt.? files.
	libvirt.c and libvirt.h are auto-generated files. Mentioning their names
	in *_SOURCES includes them in the distribution. During an out-of-tree
	build these shipped files are included instead of the auto-generated
	version, potentially breaking the build (as it happend in 0.8.0, because
	the shipped libvirt.h was missing the declaration for
	'libvirt_virDomainUpdateDeviceFlags')

	Use the nodist_*_SOURCES automake variable instead.

2010-04-20  Daniel P. Berrange  <berrange@redhat.com>

	Fixup python binding for virDomainSnapshot APIs
	The generator code was totally wrong for the virDomainSnapshot
	APIs, not generating the wrapper class, and giving methods the
	wrong names

	* generator.py: Set metadata for virDomainSnapshot type & APIs
	* libvirt-override-api.xml, libvirt-override.c: Hand-code the
	  virDomainSnapshotListNames glue layer

2010-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix network hotplug to use device_add in QEMU
	The initial boot of VMs uses -device for NICs where available. The
	corresponding monitor command is device_add, but the network hotplug
	code was still using device_del by mistake.

	* src/qemu/qemu_driver.c: Use device_add for NIC hotplug where
	  available

2010-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix error reporting for getfd + host_net_add in QEMU
	If either of the getfd or host_net_add monitor commands return
	any text, this indicates an error condition. Don't ignore this!

	* src/qemu/qemu_monitor_text.c: Report errors for getfd and
	  host_net_add

2010-04-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix device_del in JSON mode for QEMU
	The 'device_del' command expects a parameter called 'id' but we
	were passing 'config'.

	* src/qemu/qemu_monitor_json.c: Fix device_del command parameter

2010-04-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Free nwfilter hash of virConnectPtr
	And close the driver on connection close.

	Replace printf with logging macros

2010-04-16  Jiri Denemark  <jdenemar@redhat.com>

	Mark internal.h for translation

	Use virCheckFlags for APIs added in 0.8.0

2010-04-16  Jiri Denemark  <jdenemar@redhat.com>

	Introduce virCheckFlags for consistent flags checking
	The idea is that every API implementation in driver which has flags
	parameter should first call virCheckFlags() macro to check the function
	was called with supported flags:

	    virCheckFlags(VIR_SUPPORTED_FLAG_1 |
	                  VIR_SUPPORTED_FLAG_2 |
	                  VIR_ANOTHER_SUPPORTED_FLAG, -1);

	The error massage which is printed when unsupported flags are passed
	looks like:

	    invalid argument in virFooBar: unsupported flags (0x2)

	Where the unsupported flags part only prints those flags which were
	passed but are not supported rather than all flags passed.

2010-04-16  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Clear all state tracking from a drop rule
	Don't use state-matching in a drop rule.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Replace scanf with STRSKIP and strtok_r
	This also fixes a portability problem with the %a format modifier.
	%a is not portable and made esxDomainDumpXML fail at runtime in
	MinGW builds.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Update to latest gnulib to get strtok_r relaxed to LGPLv2+
	strtok_r will be used in the ESX driver to replace scanf-based code.

	MinGW lacks strtok_r, so we need gnulib to provide it, but until now
	strtok_r was licensed LGPL3.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add nwfilter driver stub
	This stops libvirt trying to connect to a non-existing libvirtd on the
	ESX server in order to find a nwfilter driver.

2010-04-15  Eric Blake  <eblake@redhat.com>

	remote: react to failures on wakeupFD
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Report
	failures on pipe used for wakeup.
	Reported by Chris Lalancette.

2010-04-15  Eric Blake  <eblake@redhat.com>

	util: ensure safe{read,write,zero} return is checked
	Based on a warning from coverity.  The safe* functions
	guarantee complete transactions on success, but don't guarantee
	freedom from failure.

	* src/util/util.h (saferead, safewrite, safezero): Add
	ATTRIBUTE_RETURN_CHECK.
	* src/remote/remote_driver.c (remoteIO, remoteIOEventLoop): Ignore
	some failures.
	(remoteIOReadBuffer): Adjust error messages on read failure.
	* daemon/event.c (virEventHandleWakeup): Ignore read failure.

2010-04-15  Eric Blake  <eblake@redhat.com>

	maint: another preprocessor fix
	Regression introduced in commit 62170b995.

	* src/util/memory.h: Placate cppi, and fit 80 columns.

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix CDROM media change for QEMU when using -device syntax
	Disk devices in QEMU have two parts, the guest device and the host
	backend driver. Historically these two parts have had the same
	"unique" name. With the switch to using -device though, they now
	have separate names. Thus when changing CDROM media, for guests
	using -device syntax, we need to prepend the QEMU_DRIVE_HOST_PREFIX
	constant

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add helper function
	  qemuDeviceDriveHostAlias() for building a host backend alias
	* src/qemu/qemu_driver.c: Use qemuDeviceDriveHostAlias() to determine
	  the host backend alias for performing eject/change commands in the
	  monitor

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Update QEMU device_add command in JSON mode
	The device_add command was added in JSON mode in a way I didn't
	expect. Instead of passing the normal device string to the JSON
	command:

	    { "execute": "device_add", "arguments": { "device": "ne2k_pci,id=nic.1,netdev=net.1" } }

	We need to split up the device string into a full JSON object

	    { "execute": "device_add", "arguments": { "driver": "ne2k_pci", "id": "nic.1", "netdev": "net.1" } }

	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Rename the
	  qemuCommandLineParseKeywords method to qemuParseKeywords
	  and export it to monitor
	* src/qemu/qemu_monitor_json.c: Split up device string into
	  a JSON object for device_add command

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Rename parameter in qemuMonitorDeviceDel
	The parameter for the qemuMonitorDeviceDel() is a device alias,
	not a device config string. Rename the parameter reflect this
	and avoid confusion to readers.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename devicestr to devalias in qemuMonitorDeviceDel()

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Remove code from JSON monitor for commands that won't be ported
	The QEMU developers have stated that they will not be porting
	the commands 'pci_add', 'pci_del', 'usb_add', 'usb_del' to the
	JSON mode monitor, since they're obsoleted by 'device_add'
	and 'device_del'. libvirt has (untested) code that would have
	supported those commands in theory, but since we already use
	device_add/del where available, there's no need to keep the
	legacy stuff anymore.

	The text mode monitor keeps support for all commands for sake
	of historical compatability.

	* src/qemu/qemu_monitor_json.c: Remove 'pci_add', 'pci_del',
	  'usb_add', 'usb_del' commands

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Run test suite as part of RPM build process
	To ensure that patches in the RPM don't break any functionality
	it is neccessary to run the test suites during build. It currently
	has 3 tests disabled

	 - daemon-conf: this is totally broken, since it relies on
	   being able to resolve the 'libvirt' group & being able to
	   resolve hostnames at daemon startup. This isn't possible
	   in a mock build root
	 - seclabeltest: fails to initialize selinux in the mock
	   build root. Possibly fixable
	 - nodeinfotest: broken on s390 + ppc - this is a real bug

	* libvirt.spec.in: Add a %check section, with 3 tests
	   temporarily disabled

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU memory stats JSON mode
	The QEMU driver is mistakenly calling directly into the text
	mode monitor for the domain memory stats query.

	* src/qemu/qemu_driver.c: Replace qemuMonitorTextGetMemoryStats with
	  qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add the new
	  wrapper for qemuMonitorGetMemoryStats
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  qemuMonitorJSONGetMemoryStats implementation

2010-04-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU command building errors to reflect unsupported configuration
	Instead of reporting VIR_ERR_INTERNAL_ERROR use the more specific
	VIR_ERR_CONFIG_UNSUPPORTED

	* src/qemu/qemu_conf.c: Report VIR_ERR_CONFIG_UNSUPPORTED for
	  unsupported video adapters

2010-04-15  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix tear down order and consolidate functions
	To avoid race-conditions, the tear down of a filter has to happen before
	the tap interface disappears and another tap interface with the same
	name can re-appear. This patch tries to fix this. In one place, where
	communication with the qemu monitor may fail, I am only tearing the
	filters down after knowing that the function did not fail.

	I am also moving the tear down functions into an include file for other
	drivers to reuse.

2010-04-15  Stefan Berger  <stefanb@us.ibm.com>

	Trivial fix: Add braces to for statement to avoid crashes
	I am adding braces around the for statement that are now needed to due the
	new sa_assert immediately following the for statement.

2010-04-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix close_used_without_including_unistd_h error
	Triggered by gnulib when compiling with MinGW.

	Fix apibuild.py warnings about missing ':'

2010-04-14  David Allan  <dallan@redhat.com>

	Implement variable length structure allocator
	* This patch implements a memory allocator to obtain memory for
	  structures whose last member is a variable length array.  C99 refers
	  to these variable length objects as structs containing flexible
	  array members.
	* Fixed macro parentheses per Eric Blake

2010-04-14  Jim Meyering  <meyering@redhat.com>

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/util/conf.c (virConfParseValue): Add an sa_assert.

	xend_internal.c: assure clang that we do not dereference NULL
	* src/xen/xend_internal.c (xend_parse_sexp_desc_char): Add three
	uses of sa_assert, each preceding a strchr(value,... to assure
	clang that "value" is non-NULL.

	qemudDomainAttachSCSIDisk: avoid FP NULL-ptr-deref from clang
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk):
	Initialize "cont" to NULL, so clang knows it's set.
	Add an sa_assert so it knows it's non-NULL when dereferenced.

	virGetHostnameLocalhost: avoid FP NULL-ptr-deref from clang
	* src/util/util.c (virGetHostnameLocalhost): Add an sa_assert
	to tell clang it's ok to dereference "info" after a non-failing
	getaddrinfo call.

	nwfilter_ebiptables_driver.c: avoid NULL dereference
	* src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
	Don't dereference a NULL or uninitialized pointer when given
	an empty list of rules.  Add an sa_assert(inst) in each loop to
	tell clang that the uses of "inst[i]" are valid.

	build: set STATIC_ANALYSIS when running via clang or coverity
	* configure.ac (STATIC_ANALYSIS): Define when run via clang's
	scan-build or coverity-prevent's cov-build.
	Use the CLANG_CC and COVERITY_BUILD_COMMAND envvars as witnesses.

	sa_assert: assert-like macro, enabled only for use with static analyzers
	Among some here, there is a strong aversion to the use of "assert", yet
	some others think it is essential (when applied judiciously) even --
	perhaps "especially" -- at the heart of libraries and core hypervisor-
	related code.
	Here is a compromise that lets us make assertions about the code (e.g.,
	to tell static analyzers about invariants) without even a hint of risk
	of an abort.
	* src/internal.h [STATIC_ANALYSIS]: Include <assert.h>.
	(sa_assert): Define.  A no-op most of the time, but equivalent
	to classical assert when STATIC_ANALYSIS is nonzero.

2010-04-14  Eric Blake  <eblake@redhat.com>

	build: fix recent 'make syntax-check' failure
	* src/esx/esx_vi_methods.h: Placate cppi.

	virt-aa-helper-test: avoid non-portable echo -n
	* tests/virt-aa-helper-test (testme): Use printf instead.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	schematestutils.sh: improve shell portability: avoid "echo -e"
	* tests/schematestutils.sh: Use printf rather than echo -e.

	virStorageBackendFileSystemMount: prefer strdup over virAsprintf
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Use virAsprintf only when needed.  In this case, strdup works fine.

	virStorageBackendFileSystemMount: placate clang
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemMount):
	Clang was not smart enough, and mistakenly reported that "options"
	could be used uninitialized.  Initialize it.

2010-04-14  Laine Stump  <laine@laine.org>

	Implement forgotten backend of virInterfaceIsActive()
	Somehow the backend of this function was never implemented in
	libvirt's netcf driver, and nobody noticed until now. (The required
	netcf function was already in place, so nothing needs to change
	there.)
	* src/interface/netcf_driver.c: add in the backend function, and point
	                                to it from the table of driver functions.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	openvzGetProcessInfo: address clang-detected low-probability flaw
	* src/openvz/openvz_driver.c (openvzGetProcessInfo): Reorganize
	so that unexpected /proc/vz/vestat content cannot make us use
	uninitialized variables.  Without this change, an input line with
	a matching "readvps", but fewer than 4 numbers would result in our
	using at least "systime" uninitialized.

	vshCommandRun: avoid used-uninitialized timing-related report from clang
	* tools/virsh.c (vshCommandRun): Test only the initial value of
	ctl->timing, so that static analyzers don't have to consider that
	it might be changed by cmd->def->handler.

2010-04-14  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: use virFindFileInPath for needed CLI tools
	I am getting rid of determining the path to necessary CLI tools at
	compile time. Instead, now the firewall driver has an initialization
	function that uses virFindFileInPath() to determine the path to
	necessary CLI tools and a shutdown function to free allocated memory.
	The rest of the patch mostly deals with availability of the CLI tools
	and to not call certain code blocks if a tool is not available and that
	strings now have to be built slightly differently.

2010-04-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Extend esx_vi_generator.py to cover methods too
	Generate almost all SOAP method mapping code.

	Update the driver code to use the complete paramater list of some methods
	that had parameters skipped before.

	Improve the ESX_VI__METHOD marco to do automatic output deserialization
	based on output occurrence. Also incorporate automatic _this binding and
	output pointer check.

2010-04-14  Jim Meyering  <meyering@redhat.com>

	esxVMX_GatherSCSIControllers: avoid NULL dereference
	* src/esx/esx_vmx.c (esxVMX_GatherSCSIControllers): Do not dereference
	a NULL disk->driverName.  We already detect this condition in another
	case.  Check for it here, too.

2010-04-13  Chris Lalancette  <clalance@redhat.com>

	Fix build of openvz on RHEL-5.
	When building libvirt on RHEL-5, I saw this error:

	cc1: warnings being treated as errors
	openvz/openvz_conf.c: In function 'openvzGetVPSUUID':
	openvz/openvz_conf.c:835: warning: 'saveptr' may be used uninitialized in this function
	make[3]: *** [libvirt_driver_openvz_la-openvz_conf.lo] Error 1

	gcc in RHEL-5 gets upset about this usage of strtok_r (even though
	it is perfectly valid).  Just set *saveptr to NULL at the
	start to quiet it down.

2010-04-13  Chris Lalancette  <clalance@redhat.com>

	Fix up formatting of remote protocol stuff.

	Fix messsage -> message.

	Fix up a debug typo.

	Remove some debugging leftovers.

2010-04-13  Stefan Berger  <stefanb@us.ibm.com>

	Consolidate interface related functions in interface.c
	Changes from v1 to v2:
	- changed function name prefixes to 'iface' from previous 'Iface'

	- Further to make make syntax-check pass:
	 - indentation fix in interface.h
	 - added entry to POTFILES.in

	I am consolidating network interface related functions used in nwfilter
	and macvtap code in utils/interface.c. All function names are prefixed
	with 'Iface'. The following functions are now available through
	interface.h:

	int ifaceCtrl(const char *name, bool up);
	int ifaceUp(const char *name);
	int ifaceDown(const char *name);

	int ifaceCheck(bool reportError, const char *ifname,
	               const unsigned char *macaddr, int ifindex);

	int ifaceGetIndex(bool reportError, const char *ifname, int *ifindex);

	I added 'int ifindex' as parameter to ifaceCheck to the original
	function and modified the code accordingly.

2010-04-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix nodeinfotest on NUMA machines
	The nodeinfotest was reliant on the host NUMA topology, but all
	the test data files assumed 1 single NUMA node. This test thus
	failed on any NUMA machine with > 1 node

	* tests/nodeinfotest.c: Hardcode 1 single numa node

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: include usleep gnulib module
	Without this module, attempts to sleep for 1 or more seconds
	on mingw instead become a no-delay no-op.

	* bootstrap.conf (gnulib_modules): Add usleep.

2010-04-13  Daniel Berteaud  <daniel@firewall-services.com>

	Fix spec file for builds without lxc
	* libvirt.spec.in: fix a cut and paste error

2010-04-13  Eric Blake  <eblake@redhat.com>

	build: fix syntax-check problems
	* .x-sc_prohibit_gettext_noop: Add new exemption.
	* .x-sc_prohibit_test_minus_ao: Likewise.
	* Makefile.am (EXTRA_DIST): Distribute new files.
	* .gitignore: Ignore built file.

2010-04-12  Stefan Berger  <stefanb@us.ibm.com>

	add nwfilter functions to virsh man page
	With Eric Blake's spelling corrections applied.

	Unfortunately after the 0.8.0 release, but here's a beginning of the
	documentation of the nwfilter functionality.

2010-04-12  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.8.0
	* configure.ac docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates for release of 0.8.0
	* po/*.po po/libvirt.pot: updated a lar set of localizations, and merge
	  the messages

	Add documentation for synchronous hooks
	* docs/sitemap.html.in: add in navigation under
	  Documentation/Deployment/Hooks
	* docs/hooks.html.in: new doc describing current support for 0.8.0

2010-04-12  Chris Lalancette  <clalance@redhat.com>

	Rename virsh "revert-to-snapshot" to "snapshot-revert"

2010-04-12  Luiz Capitulino  <lcapitulino@redhat.com>

	Small fixes to virsh man page
	* tools/virsh.pod: add two missing 's' and section about 'dominfo' is
	  duplicated

2010-04-12  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Fix memory leak on daemon init and shutdown
	This patch fixes a memory leak on daemon init and shutdown. The module
	was initialized twice and not shut down.

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Process DHCP option to determine whether packet is a DHCP_OFFER
	I mistakenly took the op field in the DHCP message as the DHCP_OFFER
	type. Rather than basing the decision to read the VM's IP address on
	that field, process the appended DHCP options where option 53 indicates
	the actual type of the packet. I am also reading the broadcast address
	of the VM, but don't use it so far.

2010-04-09  David Allan  <dallan@redhat.com>

	Add enospace option to qemu disk error policy
	* Dan Kenigsberg requested explicit support for the qemu default disk error policy which is enospace

2010-04-09  Daniel P. Berrange  <berrange@redhat.com>

	More event callback fixes
	In a couple of cases typos meant we were firing the wrong type
	of event. In the python code my previous commit accidentally
	missed some chunks of the code.

	* python/libvirt-override-virConnect.py: Add missing python glue
	  accidentally left out of previous commit
	* src/conf/domain_event.c, src/qemu/qemu_monitor_json.c: Fix typos
	  in event name / method name to invoke

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	Undoing 2nd application of the patch...

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

	Fix error in nwfilter test driver
	Trivial fix for the c&p error in the nwfilter test driver.

2010-04-09  Daniel Veillard  <veillard@redhat.com>

	Fix some cppi prepocessor indentation issues
	* src/conf/nwfilter_conf.c src/util/hooks.c: added spaces to avoid
	  "make syntax-check" failures

2010-04-09  Ryan Harper  <ryanh@us.ibm.com>

	qemu: catch cdrom change error
	Currently when we attempt to change the cdrom in a qemu VM the monitor
	doesn't generate an error if the target filename doesn't exist.  I've
	submitted a patch[1] for this.  This patch is the libvirt qemu-driver
	side which catches the error message from the monitor and reportes the
	error to libvirt.  This means that virsh attach-disk cdrom commands
	won't appear to succeed when qemu change command actually failed.

	* src/qemu/qemu_monitor_text.c: in qemuMonitorTextChangeMedia() look
	  for failure to access the new data

2010-04-09  redshift  <redshift@gmx.com>

	Avoid using multicast addresses for Ethernet MAC examples
	* docs/formatdomain.html.in: use '00:11:22:33:44:55' instead of
	  '11:22:33:44:55:66'

2010-04-09  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: More XML parser test cases
	This patch adds a couple more nwfilter test cases for the XML parser tests.

2010-04-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup the msg_gen_function list in cfg.mk
	Remove symbols that don't exist anymore (e.g. ERROR0) or aren't
	message generating functions (e.g. VIR_FREE) or are now reported
	as unmarked because the grep command is different, but that should
	not be marked at all (e.g. DEBUG0).

	Also don't restrict one of the grep lines in the
	libvirt_unmarked_diagnostics rule to match exactly one space
	between function name and opening parenthesis.

2010-04-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	remote: Replace some virRaiseError with remoteError

	remote: Remove virConnectPtr from error/errorf
	Also unify error/errorf to remoteError and update cfg.mk accordingly.

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove undefined symbols from symbols file

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add domain snapshot support
	Fix invalid code generating in esx_vi_generator.py regarding deep copy
	types that contain enum properties.

	Add strptime and timegm to bootstrap.conf. Both are used to convert a
	xsd:dateTime to calendar time.

	Add a testcase of the xsd:dateTime conversion.

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Generate libvirt.def from libvirt.syms
	The MinGW linker needs the libvirt.def file.

2010-04-08  Jiri Denemark  <jdenemar@redhat.com>

	Fix unterminated B<...> in virsh man page

2010-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix up python bindings for new event callbacks
	The generator was disabled for the new event callbacks, since they
	need to be hand written. This patch  adds the C and python glue to
	expose the new APIs in the python binding. The python example
	program is extended to demonstrate of the code

	* python/libvirt-override.c: Registration and dispatch of events
	   at the C layer
	* python/libvirt-override-virConnect.py: Python glue for events
	* examples/domain-events/events-python/event-test.py: Demo use
	  of new event callbacks

2010-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Add missing nwfilter_learnipaddr.c to POTFILES.in
	* po/POTFILES.in: Add src/nwfilter/nwfilter_learnipaddr.c

2010-04-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix Win32 portability problems
	The network filter / snapshot / hooks code introduced some
	non-portable pices that broke the win32 build

	* configure.ac: Check for net/ethernet.h required by nwfile config
	   parsing code
	* src/conf/nwfilter_conf.c: Define ethernet protocol  constants
	  if net/ethernet.h is missing
	* src/util/hooks.c: Disable hooks build on Win32 since it lacks
	  fork/exec/pipe
	* src/util/threads-win32.c: Fix unchecked return value
	* tools/virsh.c: Disable SIGPIPE on Win32 since it doesn't exist.
	  Fix non-portable strftime() formats

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: fix for directionality of ICMP traffic
	Changes from V1 to V2 of this patch
	- I had reversed the logic thinking that icmp type 0 is a echo
	request,but it's reply -- needed to reverse the logic
	- Found that ebtables takes the --ip-tos argument only as a hex number

	This patch enables the skipping of some of the ICMP traffic rules on the
	iptables level under certain circumstances so that the following filter
	properly enables unidirectional pings:

	<filter name='testcase'>
	    <uuid>d6b1a2af-def6-2898-9f8d-4a74e3c39558</uuid>
	    <!-- allow incoming ICMP Echo Request -->
	    <rule action='accept' direction='in' priority='500'>
	        <icmp type='8'/>
	    </rule>
	    <!-- allow outgoing ICMP Echo Reply -->
	    <rule action='accept' direction='out' priority='500'>
	        <icmp type='0'/>
	    </rule>
	    <!-- drop all other ICMP traffic -->
	    <rule action='drop' direction='inout' priority='600'>
	        <icmp/>
	    </rule>
	</filter>

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Allow 'lsisas1068' as SCSI controller type
	Extend tests to cover all SCSI controller types and document the
	new type.

	The lsisas1068 SCSI controller type was added in ESX 4.0. The VMX
	parser reports an error when this controller type is present. This
	makes virsh dumpxml fail for every domain that uses this controller
	type.

	This patch fixes this and adds lsisas1068 to the list of accepted
	SCSI controller types.

	Reported by Jonathan Kelley.

2010-04-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Report an error for invalid arguments in esxList(Defined)Domains

2010-04-08  Diego Elio Pettenò  <flameeyes@gmail.com>

	Avoid searching for windres when not building for Windows
	Just checking for a windres tool might hit even on Linux systems when
	building for Linux (e.g.: when using Gentoo and having built binutils
	with multitarget support), and will then fail to link properly at the
	end of the build.

	* configure.ac: Avoid searching for windres on non windows target

2010-04-08  Stefan Berger  <stefanb@us.ibm.com>

	Executable does not belong into repository.
	Removing the tests/nwfilterxml2xmltest executable that got in with a previous patch.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Support for learning a VM's IP address
	This patch implements support for learning a VM's IP address. It uses
	the pcap library to listen on the VM's backend network interface (tap)
	or the physical ethernet device (macvtap) and tries to capture packets
	with source or destination MAC address of the VM and learn from DHCP
	Offers, ARP traffic, or first-sent IPv4 packet what the IP address of
	the VM's interface is. This then allows to instantiate the network
	traffic filtering rules without the user having to provide the IP
	parameter somewhere in the filter description or in the interface
	description as a parameter. This only supports to detect the parameter
	IP, which is for the assumed single IPv4 address of a VM. There is not
	support for interfaces that may have multiple  IP addresses (IP
	aliasing) or IPv6 that may then require more than one valid IP address
	to be detected. A VM can have multiple independent interfaces that each
	uses a different IP address and in that case it will be attempted to
	detect each one of the address independently.

	So, when for example an interface description in the domain XML has
	looked like this up to now:

	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'>
	        <parameter name='IP' value='10.2.3.4'/>
	      </filterref>
	    </interface>

	you may omit the IP parameter:

	    <interface type='bridge'>
	      <source bridge='mybridge'/>
	      <model type='virtio'/>
	      <filterref filter='clean-traffic'/>
	    </interface>

	Internally I am walking the 'tree' of a VM's referenced network filters
	and determine with the given variables which variables are missing. Now,
	the above IP parameter may be missing and this causes a libvirt-internal
	thread to be started that uses the pcap library's API to listen to the
	backend interface  (in case of macvtap to the physical interface) in an
	attempt to determine the missing IP parameter. If the backend interface
	disappears the thread terminates assuming the VM was brought down. In
	case of a macvtap device a timeout is being used to wait for packets
	from the given VM (filtering by VM's interface MAC address). If the VM's
	macvtap device disappeared the thread also terminates. In all other
	cases it tries to determine the IP address of the VM and will then apply
	the rules late on the given interface, which would have happened
	immediately if the IP parameter had been explicitly given. In case an
	error happens while the firewall rules are applied, the VM's backend
	interface is 'down'ed preventing it to communicate. Reasons for failure
	for applying the network firewall rules may that an ebtables/iptables
	command failes or OOM errors. Essentially the same failure reasons may
	occur as when the firewall rules are applied immediately on VM start,
	except that due to the late application of the filtering rules the VM
	now is already running and cannot be hindered anymore from starting.
	Bringing down the whole VM would probably be considered too drastic.
	While a VM's IP address is attempted to be determined only limited
	updates to network filters are allowed. In particular it is prevented
	that filters are modified in such a way that they would introduce new
	variables.

	A caveat: The algorithm does not know which one is the appropriate IP
	address of a VM. If the VM spoofs an IP address in its first ARP traffic
	or IPv4 packets its filtering rules will be instantiated for this IP
	address, thus 'locking' it to the found IP address. So, it's still
	'safer' to explicitly provide the IP address of a VM's interface in the
	filter description if it is known beforehand.

	* configure.ac: detect libpcap
	* libvirt.spec.in: require libpcap[-devel] if qemu is built
	* src/internal.h: add the new ATTRIBUTE_PACKED define
	* src/Makefile.am src/libvirt_private.syms: add the new modules and symbols
	* src/nwfilter/nwfilter_learnipaddr.[ch]: new module being added
	* src/nwfilter/nwfilter_driver.c src/conf/nwfilter_conf.[ch]
	  src/nwfilter/nwfilter_ebiptables_driver.[ch]
	  src/nwfilter/nwfilter_gentech_driver.[ch]: plu the new functionality in
	* tests/nwfilterxml2xmltest: extend testing

2010-04-07  Jim Meyering  <meyering@redhat.com>

	xenXMDomainDefineXML: remove dead store and useless/leaky virGetDomain
	* src/xen/xm_internal.c (xenXMDomainDefineXML): Remove useless and
	leak-inducing call to virGetDomain, as well as decl of now-unused local.

	createRawFileOpHook: avoid dead stores
	* src/storage/storage_backend.c (createRawFileOpHook): Remove dead
	stores and declaration of each stored-to variable.

	qemudDomainGetSecurityLabel: avoid dead store to "type"
	* src/qemu/qemu_driver.c (qemudDomainGetSecurityLabel): Remove store
	and declaration.

2010-04-07  Jiri Denemark  <jdenemar@redhat.com>

	Fix CPU comparison for x86 arch
	When comparing a CPU to host CPU, the result would be
	VIR_CPU_COMPARE_SUPERSET (or even VIR_CPU_COMPARE_INCOMPATIBLE if strict
	match was required) even though the two CPUs were identical.

	Cleanup x86Compute()
	No change in semantics.

	Properly advertise cpuselection guest capability
	There's no sense in advertising cpuselection capability when host CPU
	is not properly detected and advertised in host capabilities.

	Don't ignore guest CPU selection when unsupported by HV
	When qemu libvirt driver doesn't support guest CPU selection with given
	qemu binary, guests requiring specific CPU should fail to start instead
	of being silently supplied with a default CPU.

	Document all options of virsh dumpxml

2010-04-07  Jim Meyering  <meyering@redhat.com>

	qemuDomainSnapshotLoad: avoid dead store
	* src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Remove dead store
	into "snap", as well as its declaration.

2010-04-07  Eric Blake  <eblake@redhat.com>

	maint: s/initialis/initializ/
	git grep found 12 of the former but 100 of the latter in src/.

	* src/remote/remote_driver.c (initialise_gnutls): Rename...
	(initialize_gnutls): ...to this.
	(doRemoteOpen): Adjust caller.
	* src/xen/xen_driver.c (xenUnifiedOpen): Adjust output string.
	* src/util/network.c: Adjust comments.
	Suggested by Matthias Bolte.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	domain_event.c: don't deref NULL on an OOM error path
	* src/conf/domain_event.c (virDomainEventGraphicsNewFromDom):
	Return NULL when handling out-of-memory error, rather than
	falling through with ev=NULL and then assigning to ev->member.
	(virDomainEventGraphicsNewFromObj): Likewise.

2010-04-07  Stefan Berger  <stefanb@us.ibm.com>

	nwfiler: fix due to non-symmetric src mac address match in iptables
	The attached patch fixes a problem due to the mac match in iptables only
	supporting --mac-source and no --mac-destination, thus it not being
	symmetric. Therefore a rule like this one

	<rule action='drop' direction='out'>
	  <all match='no' srcmacaddr='$MAC'/>
	</rule>

	should only have the MAC match on traffic leaving the VM and not test
	for the same source MAC address on traffic that the VM receives.

2010-04-07  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: don't close an arbitrary file descriptor
	* src/qemu/qemu_driver.c (qemudStartVMDaemon): Initialize "logfile"
	to ensure that we don't use it uninitialized -- thus closing an
	arbitrary file descriptor -- in the cleanup block.

2010-04-07  Daniel Veillard  <veillard@redhat.com>

	Fix a typo in comment

2010-04-06  Jamie Strandboge  <jamie@ubuntu.com>

	Update of the apparmore regression tests
	* tests/virt-aa-helper-test: test augmented with hostdev and sdl display
	  checks

	Improve the apparmor example
	* examples/apparmor/libvirt-qemu examples/apparmor/usr.sbin.libvirtd
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper: Update the examples

	Improve virt-aa-helper to handle SDL graphics and cleanups
	* src/security/virt-aa-helper.c: add support for SDL devices and 3
	  code cleanups

	Adjust virt-aa-helper to handle pci devices
	* src/security/virt-aa-helper.c: adjust virt-aa-helper to handle pci
	  devices. Update valid_path() to have an override array to check against,
	  and add "/sys/devices/pci" to it. Then rename file_iterate_cb() to
	  file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it

	Add backingstore support to apparmor
	adjust virt-aa-helper to handle backing store
	* src/security/virt-aa-helper.c: look for backing store metadata
	  for disk definitions.

	Add VIR_DOMAIN_XML_INACTIVE flag when parsing domain XML
	To avoid an error when hitting the <seclabel...> definition
	* src/security/virt-aa-helper.c: add VIR_DOMAIN_XML_INACTIVE flag
	  to virDomainDefParseString

	virt-aa-helper should not fail if profile was removed
	Don't exit with error if the user unloaded the profile outside of
	 libvirt
	* src/security/virt-aa-helper.c: check the exit error from apparmor_parser
	  before exiting with a failure

	Do nor clear caps when invoking virt-aa-helper
	The calls to virExec() in security_apparmor.c when
	invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
	libcap-ng, this is not a problem (it's effectively a no-op) but with
	libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
	virt-aa-helper to manipulate apparmor profiles and without it VMs will
	not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
	instead.
	* src/security/security_apparmor.c: fallback to VIR_EXEC_NONE flags for
	  virExec of virt_aa_helper

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix 'avialable' typo
	Reported by Paul Jenner

2010-04-06  Eric Blake  <eblake@redhat.com>

	build: avoid autogen on 'make clean'
	Tested by running 'git submodule foreach git pull origin master' and
	'git add .gnulib', then seeing that 'make clean' skips autogen
	although 'make' properly runs it.

	* cfg.mk (_clean_requested): New check, to speed up 'make clean'
	even if gnulib submodule is outdated.
	Suggested by Daniel P. Berrange.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	Fix for nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	Fixing the regular expressions for variables where the first letter must be a $.

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	macvtap: Remove virConnectPtr from ReportError
	Also rename ReportError to macvtapError.

	phyp: Remove virConnectPtr from PHYP_ERROR

2010-04-06  Jim Meyering  <meyering@redhat.com>

	virterror.c: avoid erroneous case "fall-through"
	* src/util/virterror.c (virErrorMsg): Insert missing "break;"

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Mark error messages for translation
	Also define ESX_ERROR and ESX_VI_ERROR in a central place, instead of
	defining them in each source file.

	Add ESX_ERROR and ESX_VI_ERROR to the msg_gen_function list in cfg.mk.

	Update po/POTFILES.in accordingly.

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Mark all error messages for translation
	Add vboxError to the msg_gen_function list in cfg.mk.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Add filter schema for nwfilter XML, extend domain XML schema
	This patch adds a relaxng nwfilter schema along with a test that
	verifies all the test output XML against the schema. The input XMLs
	contain a lot of intentional out-of-range values that make them fail the
	schema verification, so I am not verifying against those.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	nwfilter: Fix instantiated layer 2 rules for 'inout' direction
	With Eric Blake's suggestions applied.

	The following rule for direction 'in'

	<rule direction='in' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>

	drops all traffic from the given mac address.
	The following rule for direction 'out'

	<rule direction='out' action='drop'>
	  <mac dstmacaddr='1:2:3:4:5:6'/>
	</rule>

	drops all traffic to the given mac address.
	The following rule in direction 'inout'

	<rule direction='inout' action='drop'>
	  <mac srcmacaddr='1:2:3:4:5:6'/>
	</rule>

	now drops all traffic from and to the given MAC address.
	So far it would have dropped traffic from the given MAC address
	and outgoing traffic with the given source MAC address, which is not useful
	since the packets will always have the VM's MAC address as source
	MAC address. The attached patch fixes this.

	This is the last bug I currently know of and want to fix.

2010-04-06  Eric Blake  <eblake@redhat.com>

	virsh: improve documentation
	Document several missing commands.  There's more work that could be
	done, but incremental improvements is better than no patch at all.

	* tools/virsh.pod (autostart, connect): Improve grammar.
	(create): Improve example.
	(domjobabort, domjobinfo, domxml-from-native, domxml-to-native):
	Document.
	(storage pool commands): New section.

2010-04-06  Chris Lalancette  <clalance@redhat.com>

	Clarify an error message in setmem.

	Fix up comments for isEncrypted, isSecure, domainIsActive, and domainIsPersistent.

	Document snapshot virsh commands in the man page.

2010-04-06  Chris Lalancette  <clalance@redhat.com>

	Better error reporting in virsh.
	When hitting failures in virsh, a common idiom is
	to jump to a cleanup label, free some resources, and
	then return a FALSE error code to vshCommandRun.
	In theory, vshCommandRun is then supposed to print
	out the last error.  The problem is that many of
	the cleanup paths have library calls to free resources,
	and all of those library calls clear out the last error.
	This is leading to situations where no error is being
	reported at all.

	This patch remedies the situation somewhat by
	printing out the errors inside the command methods
	themselves when we know it will go through a cleanup
	path that will lose the error.

2010-04-06  Chris Lalancette  <clalance@redhat.com>

	Website documentation for the snapshot XML.

	Increase the number of available VNC ports.
	When starting up qemu VNC autoport guests, we were
	only looking through ports 5900 to 6000, meaning we
	were limited to 100 total clients.  Increase that
	limit to 65535 (the last available port), so we can
	have up to 59635 VNC autoport guests.

2010-04-06  Stefan Berger  <stefanb@us.ibm.com>

	This patch fixes some compilation issues for the RHEL5 build. I am also removing the IPV6 constant where it appears in the wrong place.

2010-04-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compiler warning about unused conn parameter
	This only affects builds without NUMA support.

	openvz: Remove virConnectPtr from openvzError
	Also remove unused enum values OPENVZ_WARN and OPENVZ_ERR.

	one: Remove virConnectPtr from oneError

	uml: Remove virConnectPtr from umlReportError

	Remove virConnectPtr from eventReportError

	Remove virConnectPtr from virLibConnError

	xen: Remove virConnectPtr from xenUnifiedError

	Remove virConnectPtr from nodeReportError

	netcf: Remove virConnectPtr from interfaceReportError

	xen: Remove virConnectPtr from virXenInotifyError

	xen: Remove virConnectPtr from virXenStoreError

	xen: Remove virConnectPtr from virXenError/virXenErrorFunc

	xen: Remove virConnectPtr from virXMError

	xen: Remove virConnectPtr from virXendError

	proxy: Remove virConnectPtr from virProxyError

	vbox: Remove virConnectPtr from vboxError

	test: Remove virConnectPtr from testError

	Remove unnecessary trailing \n in log messages

	Fix compiler warning about non-literal format string

2010-04-05  Stefan Berger  <stefanb@us.ibm.com>

	This patch removes the virConnectPtr parameter from all functions where it's not necessary starting out with removing it as a parameter to the error reporting function.

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot virsh implementation.

2010-04-05  Jiri Denemark  <jdenemar@redhat.com>

	Snapshots for VBox

2010-04-05  Chris Lalancette  <clalance@redhat.com>

	Snapshot QEMU driver.

	Only assign newDef when we have a new def.
	While playing around with def/newDef with the qemu code,
	I noticed that newDef was *always* getting set to a value,
	even when I didn't redefine the domain.  I think the problem
	is the virDomainLoadConfig is always doing virDomainAssignDef
	regardless of whether the domain already exists in the hashtable.
	In turn, virDomainAssignDef is assigning the definition (which
	is actually a duplicate) to newDef.  Fix this so that newDef stays
	NULL until we actually have a new def.

	Snapshot internal methods.

	Snapshot API framework.

2010-04-05  David Allan  <dallan@redhat.com>

	Clarified error message
	* Since the file pattern matches RNG schemas as well as C sources, the error message should mention both.

2010-04-05  Laine Stump  <laine@laine.org>

	Eliminate compiler warning about non-const format string

2010-04-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	xenapi: Add managedsave entries to the driver struct
	Commit 15c647a91e8c5bcfcb02ac4e755160c5c99a2a1e added the new
	managedsave entries to all driver structs except the XenAPI one.

2010-04-04  Stefan Berger  <stefanb@us.ibm.com>

	Get rid of the regular expressions when evaluating variable names and values. Rather use the strspn() function. Along with this cleanup the initialization function for the code that used the regular expression can also be removed.

2010-04-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	nwfilter: Fix random index in virNWFilterRuleDefDetailsFormat
	An uninitialized int value was used to index an array. This can
	result in a segfault in nwfilterxml2xmltest.

	xenapi: Fix uninitialized variable warning

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Add a managedsave command to virsh
	This command implements the managed save operation

	* tools/virsh.c: new command
	* tools/virsh.pod: documentation

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Implement managed save operations for qemu driver
	The images are saved in /var/lib/libvirt/qemu/save/
	and named $domainname.save . The directory is created appropriately
	at daemon startup. When a domain is started while a saved image is
	available, libvirt will try to load this saved image, and start the
	domain as usual in case of failure. In any case the saved image is
	discarded once the domain is created.

	* src/qemu/qemu_conf.h: adds an extra save path to the driver config
	* src/qemu/qemu_driver.c: implement the 3 new operations and handling
	  of the image directory

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Implement remote protocol for managed save
	* src/remote/remote_protocol.x src/remote/remote_protocol.h
	  src/remote/remote_protocol.c src/remote/remote_driver.c: add the entry
	  points in the remote driver
	* daemon/remote.c daemon/remote_dispatch_args.h
	  daemon/remote_dispatch_prototypes.h daemon/remote_dispatch_table.h:
	  and implement the daemon counterpart

2010-04-04  Daniel Veillard  <veillard@redhat.com>

	Add managed save API entry points
	virDomainManagedSave() is to be run on a running domain. Once the call
	complete, as in virDomainSave() the domain is stopped upon completion,
	but there is no restore counterpart as any order to start the domain
	from the API would load the state from the managed file, similary if
	the domain is autostarted when libvirtd starts.
	Once a domain has restarted his managed save image is destroyed,
	basically managed save image can only exist for a stopped domain,
	for a running domain that would be by definition outdated data.

	* include/libvirt/libvirt.h.in src/libvirt.c src/libvirt_public.syms:
	  adds the new entry points virDomainManagedSave(),
	  virDomainHasManagedSaveImage() and virDomainManagedSaveRemove()
	* src/driver.h src/esx/esx_driver.c src/lxc/lxc_driver.c
	  src/opennebula/one_driver.c  src/openvz/openvz_driver.c
	  src/phyp/phyp_driver.c src/qemu/qemu_driver.c src/vbox/vbox_tmpl.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/xen/xen_driver.c: add corresponding new internal drivers entry
	  points

2010-04-02  Eric Blake  <eblake@redhat.com>

	build: improve check for out-of-date .gnulib submodule
	git reset --hard 96e5a2d4d5b13bf2cc887562dc11d146b78d5950
	./autogen.sh
	make -s
	git pull
	make -s    <-- expecting auto-bootstrap here, doesn't happen

	Use git diff to expose whether the submodule has untracked changes,
	which are typical on an incremental pull if .gnulib was updated but
	the user did not manually run 'git submodule update'.

	After this patch is applied, I encountered a new problem when
	following the reproducing pattern.  Basically, the change to .gnulib
	between libvirt's commit 96e5a2d4 and this patch introduced a change
	to sys_ioctl.in.h, but gnulib (intentionally) does not make the
	replacement headers depend on Makefile changes.  Therefore, I ended up
	with the generated replacement header being broken:
	gnulib/lib/sys/ioctl.h complained about a use of @.  But that seems
	like something that should be fixed upstream in gnulib's bootstrap
	script (that is, when doing a gnulib update, all files created from
	.in.h file should probably be deleted).  Without the benefit of that
	proposed gnulib fix, I worked around the problem by manually removing
	the stale gnulib/lib/sys/ioctl.h.

	* autogen.sh (t): Also run bootstrap if the gnulib submodule needs
	to be updated.
	* cfg.mk (_autogen): Likewise.
	Reported by Matthias Bolte.

2010-04-02  Stefan Berger  <stefanb@us.ibm.com>

	Use the virStrToLong_ui() function rather than the virStrToLong_i() where possible.

	The attached patch optimizes the validation of the name of an interface.

	This patch adds a couple of test cases for the XML parsing test suite covering various filterable protocols. For each test case an input XML and an output XML is provided checking the input XML after parsing and converting back into XML against the exepcted output XML.

2010-04-02  Stefan Berger  <stefanb@us.ibm.com>

	The following issues are fixed in the patch below:
	- ebtables requires that some of the command line parameters are passed as hex numbers; so have those attributes call a function that prints 16 and 8 bit integers as hex nunbers.

	- ip6tables requires '--icmpv6-type' rather than '--icmp-type'

	- ebtables complains about protocol identifiers lower than 0x600, so already discard anything lower than 0x600 in the parser

	- make the protocol entry types more readable using a #define for its entries

	- continue parsing a filtering rule even if a faulty entry is encountered; return an error value at the end and let the caller decide what to do with the rule's object

	- fix an error message

2010-04-02  Eric Blake  <eblake@redhat.com>

	build: import latest gnulib
	A lot of syntax check rules have to be rewritten, but the
	result is easier to maintain.  I tested each syntax rule
	by intentionally introducing a temporary violation of the rule.
	Additionally, some false positives for unmarked_diagnostics
	crept in, and an improved copyright_format test caught some bugs.

	* .gnulib: Update to latest.
	* cfg.mk (sc_prohibit_test_minus_ao): Delete, it was moved into
	gnulib's maint.mk.
	(sc_avoid_write, sc_prohibit_strcmp_and_strncmp)
	(sc_prohibit_asprintf, sc_prohibit_strncpy, sc_prohibit_readlink)
	(sc_prohibit_gethostname, sc_prohibit_gettext_noop)
	(sc_prohibit_VIR_ERR_NO_MEMORY, sc_prohibit_nonreentrant)
	(sc_prohibit_ctype_h, sc_TAB_in_indentation)
	(sc_avoid_ctype_macros)
	(sc_prohibit_virBufferAdd_with_string_literal)
	(sc_prohibit_gethostby, sc_copyright_format): Rewrite in terms of
	new maint.mk macros.
	(sc_libvirt_unmarked_diagnostics): Fix whitespace.
	* .x-sc_unmarked_diagnostics: New file.
	* tests/object-locking.ml: Fix copyright.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Add a missing break statement to nwfilter errors.

	Make virDomainLoadConfig static.

2010-04-02  Jiri Denemark  <jdenemar@redhat.com>

	VBox: Fix use of uninitialized value

2010-04-02  Laine Stump  <laine@laine.org>

	Changes to clock timer XML to match final design.
	The clock timer XML is being updated in the following ways (based on
	further off-list discussion that was missed during the initial
	implementation):

	1) 'wallclock' is changed to 'track', and the possible values are 'boot'
	 (corresponds to old 'host'), 'guest', and 'wall'.

	2) 'mode' has an additional value 'smpsafe'

	3) when tickpolicy='catchup', there can be an optional sub-element of
	   timer called 'catchup':

	   <catchup threshold=123 slew=120 limit=10000/>

	Those three values are all longs, always optional, and if they are present,
	they are positive. Internally, 0 indicates "unspecified".

	* docs/schemas/domain.rng: updated RNG definition to account for changes

	* src/conf/domain_conf.h: change the C struct and enums to match changes.

	* src/conf/domain_conf.c: timer parse and format functions changed to
	                          handle the new selections and new element.

	* src/libvirt_private.syms: *TimerWallclock* changes to *TimerTrack*

	* src/qemu/qemu_conf.c: again, account for Wallclock --> Track change.

2010-04-02  Laine Stump  <laine@laine.org>

	Allow domain disk images on root-squash NFS to coexist with security driver.
	(suggested by Daniel Berrange, tested by Dan Kenigsberg)

	virStorageFileGetMetadata will fail for disk images that are stored on
	a root-squash NFS share that isn't world-readable.
	SELinuxSetSecurityImageLabel is called during the startup of every
	domain (as long as security_driver != "none"), and it will propogate
	the error from virStorageFileGetMetadata, causing the domain startup
	to fail. This is, however, a common scenario when qemu is run as a
	non-root user and the disk image is stored on NFS.

	Ignoring this failure (which doesn't matter in this case, since the
	next thing done by SELinuxSetSecurityImageLabel - setting the file
	context - will also fail (and that function already ignores failures
	due to root-squash NFS) will allow us to continue bringing up the
	domain. The result is that we don't need to disable the entire
	security driver just because a domain's disk image is stored on
	root-squashed NFS.

2010-04-02  Laine Stump  <laine@laine.org>

	Eliminate compile warnings in nwfilter error log calls

2010-04-02  Chris Lalancette  <clalance@redhat.com>

	Don't use virFileReadLimFD in qemuDomainRestore.
	virFileReadLimFD is a poor fit for reading the header
	of the restore file.  The problem is that virFileReadLimFD
	returns an error when there is more data after the amount
	you ask to read, but that is *expected* in this case.

	This patch is essentially a revert of
	1a4d5c9543641c444dccd682f6256ee3faf22a80, but I don't think
	that commit does what it says anyway.  It purports to prevent
	an unwarranted OOM error, but since virFileReadLimFD will
	allocate memory up to the maximum anyway, the upper limit
	on the total amount of memory allocated is the same for either
	the old version or the new version.  Since the old saferead
	actually works and virFileReadLimFD does not, revert to
	using saferead.

2010-04-01  Jim Fehlig  <jfehlig@novell.com>

	Only parse 'CPU XML' in virCPUDefParseXML()
	Received report of user crashing libvirtd with

	virsh capabilities > capabilities.xml
	virsh cpu-compare capabilities.xml

	While user has been informed about proper usage of cpu-compare,
	segfaulting libvirt should be avoided.

	Do not parse CPU definition in virCPUDefParseXML() if XML is not
	a 'cpu' node.

2010-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Keep build quiet for generated file
	Adds $(AM_V_GEN) to many more manual makefile.am rules that
	were generating files

2010-04-01  Daniel P. Berrange  <berrange@redhat.com>

	Keep track of guest paused state after disk IO / watchdog events
	When a watchdog/IO error occurs, one of the possible actions that
	QEMU might take is to pause the guest. In this scenario libvirt
	needs to update its internal state for the VM, and emit a
	lifecycle event:

	  VIR_DOMAIN_EVENT_SUSPENDED

	with a detail being one of:

	  VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	  VIR_DOMAIN_EVENT_SUSPENDED_WATCHDOG

	To future proof against possible QEMU support for multiple monitor
	consoles, this patch also hooks into the 'STOPPED' event in QEMU
	and emits a generic VIR_DOMAIN_EVENT_SUSPENDED_PAUSED event

	* include/libvirt/libvirt.h.in: Add VIR_DOMAIN_EVENT_SUSPENDED_IOERROR
	* src/qemu/qemu_driver.c: Update VM state to paused when IO error
	  or watchdog events occurrs
	* src/qemu/qemu_monitor_json.c: Fix typo in disk IO event name

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace sscanf in PCI device address parsing
	This also fixes a problem with MinGW's GCC on Windows. GCC complains
	about the L modifier being unknown.

	Parsing in pciIterDevices is stricter now and doesn't accept trailing
	characters after the actual <domain>:<bus>:<slot>.<function> sequence
	anymore.

	Parsing in pciWaitForDeviceCleanup is also stricter now and expects
	the <start>-<end> : <domain>:<bus>:<slot>.<function> sequence to be
	terminated by \n.

	Change domain from unsigned long long to unsigned int in
	pciWaitForDeviceCleanup, because everywhere else domain is handled as
	unsigned int too.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Use virStrToLong_i instead of sscanf for XenD port parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	xenapi: Use virStrToLong_i instead of sscanf for CPU map parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	openvz: Use strtok_r instead of sscanf for VPS UUID parsing
	Also free 2k stack space.

	xen: Use virParseMacAddr instead of sscanf
	This also fixes a bug in xenXMDomainConfigParse where uninitialized
	memory would be used as MAC address if sscanf fails.

	vbox: Replace atoi with virStrToLong_i
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value or non-number strings anymore. atoi just
	returns 0 in case it cannot parse a number from the given string.
	Now an error is reported for such a string.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	cgroup: Replace sscanf with virStrToLong_ll
	The switch from %lli to %lld in virCgroupGetValueI64 is intended,
	as virCgroupGetValueU64 uses base 10 too, and virCgroupSetValueI64
	uses %lld to format the number to string.

	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Refactor major.minor.micro version parsing into a function
	virParseVersionString uses virStrToLong_ui instead of sscanf.

	This also fixes a bug in the UML driver, that always returned 0
	as version number.

	Introduce STRSKIP to check if a string has a certain prefix and
	to skip this prefix.

2010-04-01  Matthias Bolte  <matthias.bolte@googlemail.com>

	Replace sscanf in nwfilter rule parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual value anymore.

	Replace sscanf in legacy device address parsing
	Parsing is stricter now and doesn't accept trailing characters
	after the actual <domain>:<bus>:<slot> sequence anymore.

2010-04-01  Stefan Berger  <stefanb@us.ibm.com>

	While writing a couple of test cases for the nwfilter's XML parser I found some cases where the output ended up not looking as expected. So the following changes are in the patch below:
	- if the protocol ID in the MAC header is an integer, just write it into
	the datastructure without trying to find a corresponding string for it
	and if none is found failing
	- when writing the protocol ID as string, simply write it as integer if
	no corresponding string can be found
	- same changes for arpOpcode parsing and printing
	- same changes for protocol ID in an IP packet
	- DSCP value needs to be written into the data structure
	- IP protocol version number is redundant at this level, so remove it
	- parse the protocol ID found inside an IP packet not only as string but
	also as uint8
	- arrange the display of the src and destination masks to be shown after
	the src and destination ip address respectively in the XML
	- the existing libvirt IP address parser accepts for example '25' as an
	IP address. I want this to be parsed as a CIDR type netmask. So try to
	parse it as an integer first (CIDR netmask) and if that doesn't work as
	a dotted IP address style netmask.
	- instantiation of rules with MAC masks didn't work because they weren't
	printed into a buffer, yet.

	ESX test case needs '/' in interface name
	To fix an ESX test case, valid interface names need '/' as valid letter.

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linker errors in proxy
	domain_conf.c:494: undefined reference to 'virNWFilterHashTableFree'
	domain_conf.c:5107: undefined reference to 'virNWFilterFormatParamAttributes'

	Add missing source to the proxy and disable XML parsing code in
	nwfilter_params.c for a proxy build.

2010-03-31  Eric Blake  <eblake@redhat.com>

	build: more fallout from test -a
	* cfg.mk (sc_prohibit_test_minus_ao): Also check for [.
	* docs/Makefile.am (%.html, html/index.html): Avoid non-portable
	test usage.
	* libvirt.spec.in (%post): Likewise.
	* tools/virt-pki-validate.in (servercert.pem): Likewise.
	* configure.ac (LOGNAME): Use test, not [, in files processed by
	autoconf.
	Detected by Matthias Bolte.

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warning about virNWFilterLookupByUUIDString
	The function name was written with capital I in the Filter part.

	website: Add archive link for libvirt-users list

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: remove redundant tests after virStrToLong
	virStrToLong* guarantees (via strtol) that the end pointer will be set
	to the point at which parsing stopped (even on failure, this point is
	the start of the input string).

	* src/esx/esx_driver.c (esxGetVersion): Remove pointless
	conditional.
	* src/qemu/qemu_conf.c (qemuParseCommandLinePCI)
	(qemuParseCommandLineUSB, qemuParseCommandLineSmp): Likewise.
	* src/qemu/qemu_monitor_text.c
	(qemuMonitorTextGetMigrationStatus): Likewise.

2010-03-31  Eric Blake  <eblake@redhat.com>

	maint: update AUTHORS
	* AUTHORS: Add recent contributors.

2010-03-31  Paolo Smiraglia  <paolo.smiraglia@gmail.com>

	virConnectGetLibVersion: Avoid error message on success.
	* src/libvirt.c (virConnectGetLibVersion): Don't emit error on
	success.

2010-03-31  Eric Blake  <eblake@redhat.com>

	virsh: add 'exit' as an alias for 'quit'
	Call me lazy: some shells use exit (e.g. sh), others use quit (e.g. ftp),
	but I never remember which.  So it's faster to write a patch to make
	virsh take both than it is to take a 50-50 guess, and get it wrong
	in half of my attempts.

	* tools/virsh.c (commands): Add 'exit'.
	* tools/virsh.pod: Document it.

2010-03-31  Jim Meyering  <meyering@redhat.com>

	maint: fix cpp indentation syntax-check failure
	* src/esx/esx_vi_types.h: Filter through cppi.

	maint: mark xenapiSessionErrorHandler messages for translation
	* cfg.mk (msg_gen_function): Add xenapiSessionErrorHandler.
	* po/POTFILES.in: Add src/xenapi/xenapi_driver.c
	* src/xenapi/xenapi_driver.c: Mark strings for translation.
	* src/xenapi/xenapi_utils.c (xenapiUtil_ParseQuery):

2010-03-31  Stefan Berger  <stefanb@us.ibm.com>

	Blank out invalid interface names with escaped letters etc.
	Check that interface names only contain valid characters. Blank them out
	otherwise.
	Valid characters in this code are currently a-z,A-Z,0-9, '-' and '_'.

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virt-aa-helper and secaatest to .gitignore

	esx: Remove redundant semicolons

2010-03-31  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Generate most SOAP mapping and improve inheritance handling
	The Python script generates the mappings based on the type descriptions
	in the esx_vi_generator.input file.

	This also improves the inheritance handling and allows to get rid of the
	ugly, inflexible, and error prone _base/_super approach. Now every struct
	that represents a SOAP type contains a _type member, that allows to
	recreate C++-like dynamic dispatch for "method" calls in C.

2010-03-31  Daniel Veillard  <veillard@redhat.com>

	Distribute nwfilter xml files and add them to rpm
	* examples/xml/nwfilter/Makefile.am: add all xml to the distribution
	* libvirt.spec.in: reference them from the rpm spec file to have them
	  available in the main libvirt package

	Make sure nwfilter headers are part of distribution
	* src/Makefile.am: adds a few missing header files in the associated
	  file variables, it's needed otherwise the missing headers breaks
	  compilation from a distribution tarball

2010-03-30  Eric Blake  <eblake@redhat.com>

	maint: show which compiler warning triggered
	* acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add
	-fdiagnostics-show-option.

2010-03-30  Eric Blake  <eblake@redhat.com>

	build: automate the rerun of autogen.sh
	Automate the reuse of autogen.sh, rather than just erroring out.

	* cfg.mk (_update_required): Run autogen.sh, rather than just
	warning about it.
	(_autogen): New target.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	A cosmetic change that makes the entries in the int-2-string maps look more readable. Add some missing entries: ipv6 and icmpv6.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	Use libvirt's existing ipv6/ipv4 parser/printer rather than self-written ones
	This patch changes the network filtering code to use libvirt's existing
	IPv4 and IPv6 address parsers/printers rather than my self-written ones.

	I am introducing a new function in network.c that counts the number of
	bits in a netmask and ensures that the given address is indeed a netmask,
	return -1 on error or values of 0-32 for IPv4 addresses and 0-128 for
	IPv6 addresses. I then based the function checking for valid netmask
	on invoking this function.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	Add ip6tables support for IPv6 filtering
	This patch adds IPv6 filtering support for the following protocols:
	- tcp-ipv6
	- udp-ipv6
	- udplite-ipv6
	- esp-ipv6
	- ah-ipv6
	- sctp-ipv6
	- all-ipv6
	- icmpv6

	Many of the IPv4 data structure could be re-used for IPv6 support.
	Since ip6tables also supports pretty much the same command line parameters
	as iptables does, also much of the code could be re-used and now
	command lines are invoked with the ip(6)tables tool parameter passed
	through the functions as a parameter.

2010-03-30  Stefan Berger  <stefanb@us.ibm.com>

	Remove driver dependency from nwfilter_conf.c
	This patch removes the driver dependency from nwfilter_conf.c and moves
	a callback function calling into the driver into
	nwfilter_gentech_driver.c and passes a pointer to that callback function
	upon initialization of nwfilter_conf.c.

	Add support for so-far missing protocols for iptables filtering
	This patch adds filtering support for the so-far missing protocols 'ah',
	'esp' and 'udplite'.

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Fix daemon hook script initialization
	* daemon/libvirtd.c: we should error out only if virHookInitialize()
	  return value is negative

2010-03-30  Laine Stump  <laine@laine.org>

	Implement the qemu-kvm backend of clock timer elements
	Since the timers are defined to cover all possible config cases for
	several different hypervisors, many of these possibilities generate an
	error on qemu. Here is what is currently supported:

	RTC: If the -rtc commandline option is available, allow setting
	"clock=host"
	     or "clock=vm" based on the rtc timer clock='host|guest' value. Also
	     add "driftfix=slew" if the tickpolicy is 'catchup', or add nothing
	if
	     tickpolicy is 'delay'. (Other tickpolicies will raise an error).

	     If -rtc isn't available, but -rtc-td-hack is, add that option
	     if the tickpolicy is 'catchup', add -rtc-td-hack, if it is 'delay'
	     add nothing, and if it's anything else, raise an error.

	PIT: If -no-kvm-pit-reinjection is available, and tickpolicy is
	     'delay', add that option. if tickpolicy is 'catchup', do
	     nothing. Anything else --> raise an error.

	     If -no-kvm-pit-reinjection *isn't* available, but -tdf is, when
	     tickpolicy is 'catchup' add -tdf. If it's 'delay', do
	     nothing. Anything else --> raise an error.

	     If neither of those commandline options is available, and
	     tickpolicy is anything other than 'delay' (or unspecified), raise
	     an error.

	HPET: If -no-hpet flag is available and present='no', add -no-hpet.
	      If -no-hpet is not available, and present='yes', raise an error.
	      If present is unspecified, the default is to do whatever this
	      particular qemu does by default, so don't raise an error.

	All other timer types are unsupported by QEMU, so they will raise an
	error.

	* src/qemu/qemu_conf.c: extend qemuBuildClockArgStr() to generate the
	  command line arguments for the new options

2010-03-30  Laine Stump  <laine@laine.org>

	Add flags to indicate presence of timekeeping-related qemu options
	* src/qemu/qemu_conf.h: define 4 new flags
	* src/qemu/qemu_conf.c: check the help text of qemu for presence of
	                        features indicated by each flag.
	* tests/qemuhelptest.c: add appropriate flags into the masks for each test

2010-03-30  Laine Stump  <laine@laine.org>

	Add timer element to domain schema
	timers are sub-elements of clocks. A clock can have zero or more
	instances of timer. Within the timer, only the name attribute is
	required; all other attributes are optional.

	A simpler representation of a timer element is:

	  <timer name='platform|pit|rtc|hpet|tsc'
	         wallclock='host|guest'
	         tickpolicy='delay|catchup|merge|discard'
	         frequency='123'
	         mode='auto|native|emulate|paravirt'
	         present='yes|no'/>

	frequency is a ulong. All other attributes are simple enums.

2010-03-30  Laine Stump  <laine@laine.org>

	Implement XML parser/formatter for "timer" subelement of domain clock
	This extension is described in

	http://www.redhat.com/archives/libvir-list/2010-March/msg00304.html

	Currently all attributes are optional, except name.

	* src/conf/domain_conf.h: add data definition for virDomainTimerDef
	  and add a list of them to virDomainClockDef
	* src/conf/domain_conf.c: XML parser and formatter for a timer inside a clock
	* src/libvirt_private.syms: add new Timer enum helper functions to symbols

2010-03-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU cpu affinity at startup to include all threads
	The QEMU cpu affinity is used in NUMA scenarios to ensure that
	guest memory is allocated from a specific node. Normally memory
	is allocate on demand in vCPU threads, but when using hugepages
	the initial thread leader allocates memory upfront. libvirt was
	not setting affinity of the thread leader, or I/O threads. This
	patch changes the code to set the process affinity in between
	the fork()/exec() of QEMU. This ensures that every single QEMU
	thread gets the affinity

	* src/qemu/qemu_driver.c: Set affinity on entire QEMU process
	  at startup

2010-03-30  Daniel Veillard  <veillard@redhat.com>

	Updating the commiters list
	Laine Stump, Stefan Berger, Eric Blake now have commit rights !

2010-03-30  Eric Blake  <eblake@redhat.com>

	virsh: support VISUAL, and allow metacharacters in EDITOR
	Common Unix practice is to prefer VISUAL over EDITOR, particularly if
	the editor of choice spawns a new window.  Thus, it is also common to
	see settings like EDITOR='emacs -nw', with the expectation that the
	shell will parse this as an argument to 'emacs' and not try to invoke
	a file containing a space.

	If a user puts junk in EDITOR, they deserve what they get (much more
	than virsh will misbehave); furthermore, sudo scrubs EDITOR by
	default.  So the blind use of metacharacters in EDITOR should not be
	considered too much of a security issue.

	* tools/virsh.c (editFile): Prefer VISUAL over EDITOR.  Don't
	reject shell metacharacters in EDITOR.
	* tools/virsh.pod (edit, net-edit, ENVIRONMENT): Document VISUAL.
	Fixes https://bugzilla.redhat.com/show_bug.cgi?id=487738.

2010-03-30  Eric Blake  <eblake@redhat.com>

	virsh: improve man page
	* tools/virsh.pod: (DESCRIPTION): Improve grammar.  Mention other drivers.
	(ENVIRONMENT): Document EDITOR.
	(COPYRIGHT): Bump.

2010-03-29  Stefan Berger  <stefanb@us.ibm.com>

	Add dummy nwfilter driver to test driver
	This patch adds a dummy nwfilter driver to the test driver so that the
	int-overflow test passes without modifications.

2010-03-29  Stefan Berger  <stefanb@us.ibm.com>

	Fix "make check" run requesting authentication
	This patch fixes the 'make check' runs for me which, under certain
	circumstances and login configurations, did invoke popups requesting
	authentication. I removed the parameter conn from being passed into the
	error reporting function.

	* src/conf/nwfilter_conf.h src/conf/nwfilter_conf.c: remove conn from
	  error reporting parameters.

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Fix a merge error leftover

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Add script hook support to the LXC driver
	Right now this implements only 2 basic hooks:
	- before the lxc control process is being launched
	- after the lxc control process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/lxc

	* src/lxc/lxc_driver.c: implement synchronous script hooks for LXC
	  at domain startup and end

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Add script hook support to the QEmu driver
	Right now this implements only 2 basic hooks:
	- before the qemu process is being launched
	- after the qemu process is terminated
	the XML description of the domain is passed to the hook script stdin
	/etc/libvirt/hook/qemu

	* src/qemu/qemu_driver.c: implement synchronous script hooks for QEmu
	  at domain startup and end

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Add the script hook support to the libvirt daemon
	It supports 3 kind of probing times, at daemon startup, when the
	daemon reloads its drivers on SIGHUP and when the daemon exits

	* daemon/libvirtd.c: daemon hooks for startup, reload and exit

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Add hook utilities
	This exports 3 basic routines:
	  - virHookInitialize() initializing the hook support by looking for
	    scripts availability
	  - virHookPresent() used to test if there is a hook for a given driver
	  - virHookCall() which actually calls a synchronous script hook with
	    the needed parameters
	Note that this doesn't expose any public API except for the locations
	and arguments passed to the scripts

	* src/Makefile.am: add the 2 new files
	* src/util/hooks.h src/util/hooks.c: implements the 3 functions
	* src/libvirt_private.syms: export the 3 symbols internally
	* po/POTFILES.in: add src/util/hooks.c to translatables modules

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Add an error module and message for the hooks subsystem
	* include/libvirt/virterror.h: add VIR_FROM_HOOK and VIR_ERR_HOOK_SCRIPT_FAILED
	* src/util/virterror.c: associated strings

2010-03-29  Daniel Veillard  <veillard@redhat.com>

	Export virPipeReadUntilEOF internally
	used to read the data from virExec stdout/err file descriptors

	* src/util/util.c src/util/util.h: not static anymore and export it
	* src/libvirt_private.syms: allow access internally

2010-03-26  Jiri Denemark  <jdenemar@redhat.com>

	Introduce UPDATE_CPU flag for virDomainGetXMLDesc
	This flag is used in migration prepare step to send updated XML
	definition of a guest.

	Also ``virsh dumpxml --update-cpu [--inactive] guest'' command can be
	used to see the updated CPU requirements.

2010-03-26  Jiri Denemark  <jdenemar@redhat.com>

	Helper function for making a copy of virCPUDefPtr

2010-03-26  Jiri Denemark  <jdenemar@redhat.com>

	cpuUpdate() for updating guest CPU according to host CPU
	Useful mainly for migration. cpuUpdate changes guest CPU requirements in
	the following way:

	- match == "strict" || match == "exact"
	    - optional features which are supported by host CPU are changed into
	      required features
	    - optional features which are not supported by host CPU are disabled
	    - all other features remain untouched
	- match == "minimum"
	    - match is changed into "exact"
	    - optional features and all features not mentioned in guest CPU
	      specification which are supported by host CPU become required
	      features
	    - other optional features are disabled
	    - all other features remain untouched

	This ensures that no feature will suddenly disappear from the guest
	after migration.

2010-03-26  Jiri Denemark  <jdenemar@redhat.com>

	Don't replace persistent domain config with migrated config
	When a domain is defined on host1, migrated to host2 and then migrated
	back to host1, its current configuration would overwrite the libvirtd's
	in-memory copy of persistent configuration of that domain. This is not
	desired as we want to preserve the persistent configuration untouched.

	This patch introduces new 'live' parameter to virDomainAssignDef.
	Passing 'true' for 'live' means the configuration passed to
	virDomainAssignDef describes a configuration of live instance of the
	domain. This applies for saved domains which are being restored or for
	incoming domains during migration.

	All callers have been changed to pass the appropriate value.

2010-03-26  Jim Meyering  <meyering@redhat.com>

	filter new files through cppi, so syntax-check passes once again
	* src/conf/nwfilter_conf.h: Indent cpp directives.
	* src/conf/nwfilter_params.h: Likewise.
	* src/datatypes.h: Likewise.
	* src/nwfilter/nwfilter_driver.h: Likewise.
	* src/nwfilter/nwfilter_ebiptables_driver.h: Likewise.
	* src/nwfilter/nwfilter_gentech_driver.h: Likewise.

2010-03-26  David Allan  <dallan@redhat.com>

	Add disk error policy to domain XML
	* Fixes per feedback from Dan and Daniel
	* Added test datafiles
	* Re-disabled JSON flags
	* Added code to print the error policy attribute when generating XML
	* Re-add empty tag

2010-03-26  Eric Blake  <eblake@redhat.com>

	build: don't lose prior configure args on autogen.sh
	My prior patch forced an autogen.sh run, and I was surprised that the
	suggested './autogen.sh' lost the fact that I had previously used
	'./autogen.sh -C' for speed.

	* autogen.sh: Use config.status, if present and there were no arguments.

2010-03-26  Eric Blake  <eblake@redhat.com>

	build: update gnulib
	Picks up fixes for gethostname compilation problems on mingw.

	* .gnulib: Update to latest.
	* build-aux/.gitignore: Regenerate.
	* cfg.mk (local-checks-to-skip): Avoid new test not relevent to
	libvirt.

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Add some examples filters
	This patch adds some example filters to libvirt. They are automatically
	installed into the proper directory for libvirt to pick them up.

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Extensions for iptables rules
	This patch adds support for L3/L4 filtering using iptables. This adds
	support for 'tcp', 'udp', 'icmp', 'igmp', 'sctp' etc. filtering.

	As mentioned in the introduction, a .c file provided by this patch
	is #include'd into a .c file. This will need work, but should be alright
	for review.

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Add IPv6 support for the ebtables layer
	This patch adds IPv6 support for the ebtables layer. Since the parser
	etc. are all parameterized, it was fairly easy to add this...

	Add qemu support
	Add support for Qemu to have firewall rules applied and removed on VM
	startup and shutdown respectively. This  patch also provides support for
	the updating of a filter that causes all VMs that reference the filter
	to have their ebtables/iptables rules updated.

	Core driver implementation with ebtables support
	This patch implements the core driver and provides
	- management functionality for managing the filter XMLs
	- compiling the internal filter representation into ebtables rules
	- applying ebtables rules on a network (tap,macvtap) interface
	- tearing down ebtables rules that were applied on behalf of an
	interface
	- updating of filters while VMs are running and causing the firewalls to
	be rebuilt
	- other bits and pieces

	Add XML parser extensions for network filtering
	This patch adds XML processing for the network filter schema
	and extends the domain XML processing to parse the top level
	referenced filter along with potentially provided parameters

	Add virsh support for new CLI commands
	This patch adds virsh support for the five new CLI commands to manage
	network filters.

	Definition of the wire format, RPC client & server
	This patch adds the definition of the wire format for RPC calls
	and implementation of the RPC client & server code

	Implementation of the public API
	This patch adds the implementation of the public API for the network
	filtering (ACL) extensions to libvirt.c .

	Add internal API
	This patch adds the internal API extensions for network filtering (ACL) support.

	Add public API
	This patch adds extensions to libvirt's public API necessary for
	controlling the new functionality from remote for example.

	Add recursive locks
	This patch adds recursive locks necessary due to the processing of
	network filter XML that can reference other network filters, including
	references that cause looks. Loops in the XML are prevented but their
	detection requires recursive locks.

2010-03-26  David Allan  <dallan@redhat.com>

	Fix build break
	* Add types to switch; the switch is only exectuted for known types because of a preceding conditional, so this fix is merely to placate the compiler.

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Use enum of virDomainNetType
	To find out where the net type 'direct' needs to be handled I introduced
	the 'enum virDomainNetType' in the virDomainNetDef structure and let the
	compiler tell me where the case statement is missing. Then I added the
	unhandled device statement to the UML driver.

	* src/conf/domain_conf.h: change _virDomainNetDef type from int to
	  virDomainNetType enum
	* src/conf/domain_conf.c src/lxc/lxc_driver.c src/qemu/qemu_conf.c
	  src/uml/uml_conf.c: make sure all enum cases are properly handled
	  in switches

2010-03-26  Daniel Veillard  <veillard@redhat.com>

	Silence cppi syntax-check warning

2010-03-26  Stefan Berger  <stefanb@us.ibm.com>

	Mention direct device support since 0.7.7 in docs
	In the documentation mention that the direct device support is there
	since libvirt 0.7.7. A Linux kernel 2.6.34 is required for macvtap to be
	available as standard device.

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement VNC password change in QEMU
	Use the new virDomainUpdateDeviceFlags API to allow the VNC password
	to be changed on the fly

	* src/internal.h: Define STREQ_NULLABLE() which is like STREQ()
	  but does not crash if either argument is NULL, and treats two
	  NULLs as equal.
	* src/libvirt_private.syms: Export virDomainGraphicsTypeToString
	* src/qemu/qemu_driver.c: Support VNC password change on a live
	  machine
	* src/qemu/qemu_monitor.c: Disable crazy debugging info. Treat a
	  NULL password as "" (empty string), allowing passwords to be
	  disabled in the monitor

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Allow parsing <graphics> in device XML
	Expand the parser for the standalone <device> XML format to
	allow inclusion of the <graphics> device type

	* src/conf/domain_conf.h: Add virDomainGraphicsDef to
	  the virDomainDeviceDef struct
	* src/conf/domain_conf.c: Wire up parser for virDomainGraphicsDef
	  to virDomainDeviceDefParse method

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a update-device command in virsh
	Support the new virDomainUpdateDeviceFlags API in virsh by adding
	a new 'update-device' command. In the future this should be augmented
	with an explicit 'change-disk' command for media change to make it
	end user discoverable, as attach-disk is.

	* tools/virsh.c: Add 'update-device' command

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Implement virDomainUpdateDeviceFlags API in all drivers with media change
	To allow the new virDomainUpdateDeviceFlags() API to be universally
	used with all drivers, this patch adds an impl to all the current
	drivers which support CDROM or Floppy disk media change via the
	current virDomainAttachDeviceFlags API

	* src/qemu/qemu_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/proxy_internal.c, src/xen/xen_driver.c,
	  src/xen/xend_internal.c: Implement media change via the
	  virDomainUpdateDeviceFlags API
	* src/xen/xen_driver.h, src/xen/xen_hypervisor.c,
	  src/xen/xen_inotify.c, src/xen/xm_internal.c,
	  src/xen/xs_internal.c: Stubs for Xen driver entry points

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Remote protocol impl for virDomainUpdateDeviceFlags
	This defines the wire format for the new virDomainUpdateDeviceFlags()
	API, and implements the server & client side of the marshalling code.

	* daemon/remote.c: Server side dispatch for virDomainUpdateDeviceFlags
	* src/remote/remote_driver.c: Client side serialization for
	  virDomainUpdateDeviceFlags
	* src/remote/remote_protocol.x: Define wire format for
	  virDomainUpdateDeviceFlags
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate code

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a new virDomainUpdateDeviceFlags public API
	The current virDomainAttachDevice API can be (ab)used to change
	the media of an existing CDROM/Floppy device. Going forward there
	will be more devices that can be configured on the fly and overloading
	virDomainAttachDevice for this is not too pleasant. This patch adds
	a new virDomainUpdateDeviceFlags() explicitly just for modifying
	existing devices.

	* include/libvirt/libvirt.h.in: Add virDomainUpdateDeviceFlags
	* src/driver.h: Internal API for virDomainUpdateDeviceFlags
	* src/libvirt.c, src/libvirt_public.syms: Glue public API to
	  driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c, src/xenapi/xenapi_driver.c: Add
	  stubs for new driver entry point

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add domain events for graphics network clients
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_GRAPHICS

	The same event can be emitted in 3 scenarios

	  typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_CONNECT = 0,
	      VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE,
	      VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT,
	  } virDomainEventGraphicsPhase;

	Connect/disconnect are triggered at socket accept/close.
	The initialize phase is immediately after the protocol
	setup and authentication has completed. ie when the
	client is authorized and about to start interacting with
	the graphical desktop

	This event comes with *a lot* of potential information

	 - IP address, port & address family of client
	 - IP address, port & address family of server
	 - Authentication scheme (arbitrary string)
	 - Authenticated subject identity. A subject may have
	   multiple identities with some authentication schemes.
	   For example, vencrypt+sasl results in a x509dname
	   and saslUsername identities.

	This results in a very complicated callback :-(

	   typedef enum {
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4,
	      VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV6,
	   } virDomainEventGraphicsAddressType;

	   struct _virDomainEventGraphicsAddress {
	       int family;
	       const char *node;
	       const char *service;
	   };
	   typedef struct _virDomainEventGraphicsAddress virDomainEventGraphicsAddress;
	   typedef virDomainEventGraphicsAddress *virDomainEventGraphicsAddressPtr;

	   struct _virDomainEventGraphicsSubject {
	      int nidentity;
	      struct {
	          const char *type;
	          const char *name;
	      } *identities;
	   };
	   typedef struct _virDomainEventGraphicsSubject virDomainEventGraphicsSubject;
	   typedef virDomainEventGraphicsSubject *virDomainEventGraphicsSubjectPtr;

	   typedef void (*virConnectDomainEventGraphicsCallback)(virConnectPtr conn,
	                                                         virDomainPtr dom,
	                                                         int phase,
	                                                         virDomainEventGraphicsAddressPtr local,
	                                                         virDomainEventGraphicsAddressPtr remote,
	                                                         const char *authScheme,
	                                                         virDomainEventGraphicsSubjectPtr subject,
	                                                         void *opaque);

	The wire protocol is similarly complex

	   struct remote_domain_event_graphics_address {
	     int family;
	     remote_nonnull_string node;
	     remote_nonnull_string service;
	   };

	   const REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX = 20;

	   struct remote_domain_event_graphics_identity {
	     remote_nonnull_string type;
	     remote_nonnull_string name;
	   };

	   struct remote_domain_event_graphics_msg {
	     remote_nonnull_domain dom;
	     int phase;
	     remote_domain_event_graphics_address local;
	     remote_domain_event_graphics_address remote;
	     remote_nonnull_string authScheme;
	     remote_domain_event_graphics_identity subject<REMOTE_DOMAIN_EVENT_GRAPHICS_IDENTITY_MAX>;
	   };

	This is currently implemented in QEMU for the VNC graphics
	protocol, but designed to be usable with SPICE graphics in
	the future too.

	* daemon/remote.c: Dispatch graphics events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  graphics events
	* include/libvirt/libvirt.h.in: Define new graphics event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle graphics events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for VNC events and emit a libvirt graphics event
	* src/remote/remote_driver.c: Receive and dispatch graphics
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  graphics events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for VNC_CONNECTED,
	  VNC_INITIALIZED & VNC_DISCONNETED events from QEMU monitor

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add support for an explicit IO error event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_IO_ERROR

	This event includes the action that is about to be taken
	as a result of the watchdog triggering

	  typedef enum {
	     VIR_DOMAIN_EVENT_IO_ERROR_NONE = 0,
	     VIR_DOMAIN_EVENT_IO_ERROR_PAUSE,
	     VIR_DOMAIN_EVENT_IO_ERROR_REPORT,
	  } virDomainEventIOErrorAction;

	In addition it has the source path of the disk that had the
	error and its unique device alias. It does not include the
	target device name (/dev/sda), since this would preclude
	triggering IO errors from other file backed devices (eg
	serial ports connected to a file)

	Thus there is a new callback definition for this event type

	typedef void (*virConnectDomainEventIOErrorCallback)(virConnectPtr conn,
	                                                     virDomainPtr dom,
	                                                     const char *srcPath,
	                                                     const char *devAlias,
	                                                     int action,
	                                                     void *opaque);

	This is currently wired up to the QEMU block IO error events

	* daemon/remote.c: Dispatch IO error events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  IO error events
	* include/libvirt/libvirt.h.in: Define new IO error event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle IO error events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for block IO errors and emit a libvirt IO error event
	* src/remote/remote_driver.c: Receive and dispatch IO error
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  IO error events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for BLOCK_IO_ERROR event
	  from QEMU monitor

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add support for an explicit watchdog event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_WATCHDOG

	This event includes the action that is about to be taken
	as a result of the watchdog triggering

	 typedef enum {
	     VIR_DOMAIN_EVENT_WATCHDOG_NONE = 0,
	     VIR_DOMAIN_EVENT_WATCHDOG_PAUSE,
	     VIR_DOMAIN_EVENT_WATCHDOG_RESET,
	     VIR_DOMAIN_EVENT_WATCHDOG_POWEROFF,
	     VIR_DOMAIN_EVENT_WATCHDOG_SHUTDOWN,
	     VIR_DOMAIN_EVENT_WATCHDOG_DEBUG,
	 } virDomainEventWatchdogAction;

	Thus there is a new callback definition for this event type

	 typedef void (*virConnectDomainEventWatchdogCallback)(virConnectPtr conn,
	                                                       virDomainPtr dom,
	                                                       int action,
	                                                       void *opaque);

	* daemon/remote.c: Dispatch watchdog events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  watchdog events
	* include/libvirt/libvirt.h.in: Define new watchdg event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle watchdog events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for watchdogs and emit a libvirt watchdog event
	* src/remote/remote_driver.c: Receive and dispatch watchdog
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  watchdog events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for WATCHDOG event
	  from QEMU monitor

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add support for an explicit  RTC change event
	This introduces a new event type

	   VIR_DOMAIN_EVENT_ID_RTC_CHANGE

	This event includes the new UTC offset measured in seconds.
	Thus there is a new callback definition for this event type

	 typedef void (*virConnectDomainEventRTCChangeCallback)(virConnectPtr conn,
	                                                        virDomainPtr dom,
	                                                        long long utcoffset,
	                                                        void *opaque);

	If the guest XML configuration for the <clock> is set to
	offset='variable', then the XML will automatically be
	updated with the new UTC offset value. This ensures that
	during migration/save/restore the new offset is preserved.

	* daemon/remote.c: Dispatch RTC change events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  RTC change events
	* include/libvirt/libvirt.h.in: Define new RTC change event ID
	  and callback signature
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle RTC change events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for RTC changes and emit a libvirt RTC change event
	* src/remote/remote_driver.c: Receive and dispatch RTC change
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  RTC change events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c: Watch for RTC_CHANGE event
	  from QEMU monitor

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add support for an explicit guest reboot event
	The reboot event is not a normal lifecycle event, since the
	virtual machine on the host does not change state. Rather the
	guest OS is resetting the virtual CPUs. ie, the QEMU process
	does not restart. Thus, this does not belong in the current
	lifecycle events callback.

	This introduces a new event type

	    VIR_DOMAIN_EVENT_ID_REBOOT

	It takes no parameters, besides the virDomainPtr, so it can
	use the generic callback signature.

	* daemon/remote.c: Dispatch reboot events to client
	* examples/domain-events/events-c/event-test.c: Watch for
	  reboot events
	* include/libvirt/libvirt.h.in: Define new reboot event ID
	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Extend API to handle reboot events
	* src/qemu/qemu_driver.c: Connect to the QEMU monitor event
	  for reboots and emit a libvirt reboot event
	* src/remote/remote_driver.c: Receive and dispatch reboot
	  events to application
	* src/remote/remote_protocol.x: Wire protocol definition for
	  reboot events

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Rename domain lifecycle event message
	To avoid confusion, rename the current REMOTE_PROC_DOMAIN_EVENT
	message to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE. This does not
	cause ABI problems, since the names are only relevant at the source
	code level. On the wire they encoding is a plain integer whose
	value does not change

	* src/remote/remote_protocol.x: Rename REMOTE_PROC_DOMAIN_EVENT
	  to REMOTE_PROC_DOMAIN_EVENT_LIFECYCLE.
	* daemon/remote.c, src/remote/remote_driver.c: Update code for
	  renamed event

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Convert domain events example to new API
	Convert the domain events example program to use the new
	events APIs for one of its callback registrations to demo the
	new API and interoperability with the old API.

	* examples/domain-events/events-c/event-test.c: Convert to
	  new events API

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Remote driver & daemon impl of new event API
	This wires up the remote driver to handle the new events APIs.
	The public API allows an application to request a callback filters
	events to a specific domain object, and register multiple callbacks
	for the same event type. On the wire there are two strategies for
	this

	 - Register multiple callbacks with the remote daemon, each
	   with filtering as needed
	 - Register only one callback per event type, with no filtering

	Both approaches have potential inefficiency. In the first scheme,
	the same event gets sent over the wire many times if multiple
	callbacks are registered. With the second scheme, unneccessary
	events get sent over the wire if a per-domain filter is set on
	the client. The second scheme is far easier to implement though,
	so this patch takes that approach.

	* daemon/dispatch.h: Don't export remoteRelayDomainEvent since it
	  is no longer needed for unregistering callbacks, instead the
	  unique callback ID is used
	* daemon/libvirtd.c, daemon/libvirtd.h: Track and unregister
	  callbacks based on callback ID, instead of function pointer
	* daemon/remote.c: Switch over to using virConnectDomainEventRegisterAny
	  instead of legacy virConnectDomainEventRegister function. Refactor
	  remoteDispatchDomainEventSend() to cope with arbitrary event types
	* src/driver.h, src/driver.c: Move verify() call into source file
	  instead of header, to avoid polluting the global namespace with
	  the verify function name
	* src/remote/remote_driver.c: Implement new APIs for event
	  registration. Refactor processCallDispatchMessage() to cope
	  with arbitrary incoming event types. Merge remoteDomainQueueEvent()
	  into processCallDispatchMessage() to avoid duplication of code.
	  Rename remoteDomainReadEvent() to remoteDomainReadEventLifecycle()
	* src/remote/remote_protocol.x: Define wire format for the new
	  virConnectDomainEventRegisterAny and virConnectDomainEventDeregisterAny
	  functions

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Support new event register/deregister APis in all drivers except remote
	The libvirtd daemon impl will need to switch over to using the
	new event APIs. To make this simpler, ensure all drivers currently
	providing events support both the new APIs and old APIs.

	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c: Implement the new
	  virConnectDomainEvent(Dereg|Reg)isterAny driver entry points

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Add new internal domain events APIs for handling other event types
	The current internal domain events API tracks callbacks based on
	the function pointer, and only supports lifecycle events. This
	adds new internal APIs for registering callbacks for other event
	types. These new APIs are postfixed with the word 'ID' to indicate
	that they operated based on event ID, instead of hardcoded to
	lifecycle events

	* src/conf/domain_event.c, src/conf/domain_event.h,
	  src/libvirt_private.syms: Add new APIs for handling callbacks
	  for non-lifecycle events

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Refactor domain events to handle multiple event types
	The internal domain events APIs are designed to handle the lifecycle
	events. This needs to be refactored to allow arbitrary new event
	types to be handled.

	 * The signature of virDomainEventDispatchFunc changes to use
	   virConnectDomainEventGenericCallback instead of the lifecycle
	   event specific virConnectDomainEventCallback
	 * Every registered callback gains a unique ID to allow its
	   removal based on ID, instead of function pointer
	 * Every registered callback gains an 'eventID' to allow callbacks
	   for different types of events to be distinguished
	 * virDomainEventDispatch is adapted to filter out callbacks
	   whose eventID does not match the eventID of the event being
	   dispatched
	 * virDomainEventDispatch is adapted to filter based on the
	   domain name and uuid, if this filter is set for a callback.
	 * virDomainEvent type/detail fields are moved into a union to
	   allow different data fields for other types of events to be
	   added later

	* src/conf/domain_event.h, src/conf/domain_event.c: Refactor
	  to allow handling of different types of events
	* src/lxc/lxc_driver.c, src/qemu/qemu_driver.c,
	  src/remote/remote_driver.c, src/test/test_driver.c,
	  src/xen/xen_driver.c: Change dispatch function signature
	  to use virConnectDomainEventGenericCallback

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Make internal domain events struct definitions private
	The virtual box driver was directly accesing the domain events
	structs instead of using the APIs provided. To prevent this kind
	of abuse, make the struct definitions private, forcing use of the
	internal APIs. This requires adding one extra internal API.

	* src/conf/domain_event.h, src/conf/domain_event.c: Move
	  virDomainEventCallback and virDomainEvent structs into
	  the source file instead of header
	* src/vbox/vbox_tmpl.c: Use official APIs for dispatching domain
	  events instead of accessing structs directly.

2010-03-26  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a new public API for domain events
	The current API for domain events has a number of problems

	 - Only allows for domain lifecycle change events
	 - Does not allow the same callback to be registered multiple times
	 - Does not allow filtering of events to a specific domain

	This introduces a new more general purpose domain events API

	  typedef enum {
	     VIR_DOMAIN_EVENT_ID_LIFECYCLE = 0,       /* virConnectDomainEventCallback */
	      ...more events later..
	  }

	  int virConnectDomainEventRegisterAny(virConnectPtr conn,
	                                       virDomainPtr dom, /* Optional, to filter */
	                                       int eventID,
	                                       virConnectDomainEventGenericCallback cb,
	                                       void *opaque,
	                                       virFreeCallback freecb);

	  int virConnectDomainEventDeregisterAny(virConnectPtr conn,
	                                         int callbackID);

	Since different event types can received different data in the callback,
	the API is defined with a generic callback. Specific events will each
	have a custom signature for their callback. Thus when registering an
	event it is neccessary to cast the callback to the generic signature

	eg

	  int myDomainEventCallback(virConnectPtr conn,
	                            virDomainPtr dom,
	                            int event,
	                            int detail,
	                            void *opaque)
	  {
	    ...
	  }

	  virConnectDomainEventRegisterAny(conn, NULL,
	                                   VIR_DOMAIN_EVENT_ID_LIFECYCLE,
	                                   VIR_DOMAIN_EVENT_CALLBACK(myDomainEventCallback)
	                                   NULL, NULL);

	The VIR_DOMAIN_EVENT_CALLBACK() macro simply does a "bad" cast
	to the generic signature

	* include/libvirt/libvirt.h.in: Define new APIs for registering
	  domain events
	* src/driver.h: Internal driver entry points for new events APIs
	* src/libvirt.c: Wire up public API to driver API for events APIs
	* src/libvirt_public.syms: Export new APIs
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c,
	  src/vbox/vbox_tmpl.c, src/xen/xen_driver.c,
	  src/xenapi/xenapi_driver.c: Stub out new API entries

2010-03-26  Eric Blake  <eblake@redhat.com>

	maint: update syntax-check rule to also catch test's -o operator
	* cfg.mk (sc_prohibit_test_minus_a): Rename...
	(sc_prohibit_test_minus_ao): ...and flag '-o', too.

2010-03-26  Jim Meyering  <meyering@redhat.com>

	tests: teach syntax-check that virDomainDefFree has free-like semantics
	* cfg.mk (useless_free_options): Add virDomainDefFree to the list
	of free-like functions.
	* src/test/test_driver.c (testDomainCreateXML): Remove useless-if-
	before-virDomainDefFree.
	* src/conf/domain_conf.c (virDomainAssignDef): Likewise

2010-03-25  Jiri Denemark  <jdenemar@redhat.com>

	Add entry point logging for cpu functions

2010-03-25  Eric Blake  <eblake@redhat.com>

	build: don't use "test cond1 -o cond2": it's not portable
	* configure.ac: Use "test cond1 || test cond2" instead.
	* m4/compiler-flags.m4 (gl_COMPILER_FLAGS): Likewise.
	* tests/test-lib.sh (verbose): Likewise.

2010-03-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Make the conf parser compare names case insensitive in VMX mode
	The keys of entries in a VMX file are case insensitive. Both scsi0:1.fileName
	and scsi0:1.filename are valid. Therefore, make the conf parser compare names
	case insensitive in VMX mode to accept every capitalization variation.

	Also add test cases for this.

2010-03-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Fix segfault on empty device source
	<source file=''/> results in def->disks[i]->src == NULL. But
	vboxDomainDefineXML and vboxDomainAttachDevice didn't check
	def->disks[i]->src for NULL and expected it to be a valid string.

	Add checks for def->disks[i]->src != NULL to fix the segfault.

2010-03-24  Philipp Hahn  <hahn@univention.de>

	python example: poll(-0.001) does not sleep forever
	The conversion from seconds to milliseconds should only be done for
	actual delays >= 0, not for the magic -1 value used for infinite
	timeouts.

2010-03-24  Jim Meyering  <meyering@redhat.com>

	build: suppress distracting build output
	* src/Makefile.am (augeas-check): New target, just to give the existing
	rule a name.  At the same time, prefix the commands with $(AM_V_GEN),
	to avoid unexpected build output with V=0 which is the default.

	maint: add syntax-check rule to prohibit use of test's -a operator
	* cfg.mk (sc_prohibit_test_minus_a): New rule.

	build: don't use "test cond1 -a cond2" in configure: it's not portable
	* configure.ac: Use "test cond1 && test cond2" instead.

	tests: shell script portability and clean-up
	* tests/test-lib.sh: "echo -n" is not portable.  Use printf instead.
	Remove unnecessary uses of "eval-in-subshell" (subshell is sufficient).
	Remove uses of tests' -a operator; it is not portable.
	Instead, use "test cond && test cond2".
	* tests/schematestutils.sh: Replace use of test's -a.

2010-03-24  Matthias Bolte  <matthias.bolte@googlemail.com>

	tests: Don't add extra padding if counter mod 40 is 0
	This change only affects the output of tests that have an exact
	multiple of 40 test cases. For example the domainschematest currently:

	TEST: domainschematest
	      ........................................ 40
	      ........................................ 80
	      ........................................ 120
	      ........................................ 160
	      ........................................                                         200 OK
	PASS: domainschematest

	It outputs additional 40 spaces on the last line.

	The domainschematest output is fixed by the change in test-lib.sh. The
	change in testutils.c fixes this for tests written in C. Currently no
	C test has an exact multiple of 40 test cases, but I checked it and
	the same problem exists there.

	This patch stops that in both cases.

2010-03-23  Jiri Denemark  <jdenemar@redhat.com>

	Fix error reporting when parsing CPU XML strings

	Use common XML parsing functions

	Introduce XML parsing utility functions

2010-03-23  Jim Meyering  <meyering@redhat.com>

	virDomainDiskDefAssignAddress: return int, not void
	Before, this function would blindly accept an invalid def->dst
	and then abuse the idx=-1 it would get from virDiskNameToIndex,
	when passing it invalid strings like "xvda:disk" and "sda1".
	Now, this function returns -1 upon failure.
	* src/conf/domain_conf.c (virDomainDiskDefAssignAddress): as above.
	Update callers.
	* src/conf/domain_conf.h: Update prototype.
	* src/qemu/qemu_conf.c: Update callers.

	tests: do not use the ":disk" suffix in sample xml input
	* tests/xml2sexprdata/xml2sexpr-curmem.xml: Remove ":disk" suffix from
	"<target dev=" value.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.xml: Likewise.
	* tests/xml2sexprdata/xml2sexpr-curmem.sexpr: Update expected output
	to match.
	* tests/xml2sexprdata/xml2sexpr-pv-localtime.sexpr: Likewise.

	virDiskNameToIndex: ignore trailing digits
	* src/util/util.c (virDiskNameToIndex): Accept sda1, and map it to "sda".
	I.e., accept and ignore any string of trailing digits.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	util: Add stubs for some functions on Windows
	virSetCloseExec and virExecDaemonize were missing a body on Windows.

	Add HAVE_PTHREAD_H guard for pthread_sigmask
	Correctly disable pthread related code if pthread is not avialable,
	in order to get it compile with MinGW on Windows.

	bootstrap: Enable copy-mode for MinGW builds
	MSYS' ln doesn't work well in the way bootstrap uses it with relative paths.

	util: Handle lack of (f)chmod and (f)chown on Windows
	Even if gnulib can provide stubs, it won't help that much. So just
	replace affected util functions (virFileOperation and virDirCreate)
	with stubs on Windows. Both functions aren't used on libvirt's
	client side, so this is fine for MinGW builds.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	bootstrap: Remove rsync from buildreq list
	rsync is used to download .po files, but SKIP_PO=true is set and
	downloading .po files is skipped.

	This also fixes a problem with MinGW builds, because rsync is not
	available for MinGW.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	util: Make some conditional symbols unconditional
	Add dummy bodies for HAVE_GETPWUID_R and HAVE_MNTENT_H dependent
	functions for MinGW builds.

	Make sure virtTestCaptureProgramOutput has a body on Windows
	Now the virsh tests compile at least.

	Fix export of virConnectAuthPtrDefault for MinGW builds
	Use the __declspec(dllexport/dllimport) stuff to export the symbol,
	otherwise accessing virConnectAuthPtrDefault triggers a segfault.

	Remove interfaceRegister from libvirt_private.syms
	This symbol is conditional, it would need to be exported conditional to
	work properly with MinGW. So just remove it, as no other driver register
	function is listed in the symbols files.

	Export conditional state driver symbols only when they are defined
	This is necessary for MinGW builds.

	Make sure uid_t and gid_t are available

	esx: Add esxVI_LookupVirtualMachineByName
	Used in esxDomainLookupByName and to be used in esxDomainDefineXML later.

	esx: Fix potential memory leak in esxVI_BuildFullTraversalSpecItem
	If esxVI_String_DeepCopyValue or esxVI_SelectionSpec_AppendToList fail
	then selectionSpec would leak. Add a free call in the failure path to
	fix the leak.

	esx: Cleanup file header comments
	Replace 'method' with 'function' and get the filename's suffix right.

2010-03-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Generate method mappings via macros
	This is actually a consequence of the reworked required parameter
	checking: Unify the required parameter check into a Validate function
	instead of doing it separately im the (de)serialization part.

	The required parameter checking for the mapped methods parameter was
	done in the (de)serialize functions before. Now it's explicitly done
	in the mapped method itself.

2010-03-22  Jim Fehlig  <jfehlig@novell.com>

	Avoid libvirtd crash when cgroups is not configured on host
	Invoking virDomainSetMemory() on lxc driver results in libvirtd
	segfault when cgroups has not been configured on the host.

	Ensure driver->cgroup is non-null before invoking
	virCgroupForDomain().  To prevent similar segfaults in the future,
	ensure driver parameter to virCgroupForDomain() is non-null before
	dereferencing.

2010-03-22  Cole Robinson  <crobinso@redhat.com>

	security: selinux: Fix crash when releasing non-existent label
	This can be triggered by the qemuStartVMDaemon cleanup path if a
	VM references a non-existent USB device (by product) in the XML.

2010-03-22  Guido Günther  <agx@sigxcpu.org>

	Don't crash without a security driver
	"virsh dominfo <vm>" crashes if there's no primary security driver set
	since we only intialize the secmodel.model and secmodel.doi if we have
	one. Attached patch checks for securityPrimaryDriver instead of
	securityDriver since the later is always set in qemudSecurityInit().

	Closes: http://bugs.debian.org/574359

2010-03-19  Jiri Denemark  <jdenemar@redhat.com>

	Add migrate-setmaxdowntime command to virsh

	Implement virDomainMigrateSetMaxDowntime in qemu driver

	Implement virDomainMigrateSetMaxDowntime in remote driver

	Wire protocol and dispatcher for virDomainMigrateSetMaxDowntime

	Public virDomainMigrateSetMaxDowntime API

	Internal driver API for virDomainMigrateSetMaxDowntime

2010-03-19  David Allan  <dallan@redhat.com>

	Virsh support for vol wiping

	Simplified version of volume wiping based on feedback from the list.

	Implement remote bits for vol wiping

	Implement the public API for vol wiping

	Define the internal driver API for vol wiping
	Also add vol wiping to ESX storage driver struct

	Add public API for volume wiping

2010-03-19  Laine Stump  <laine@laine.org>

	Support vhost-net mode at qemu startup for virtio network devices
	Attempt to turn on vhost-net mode for devices of type NETWORK, BRIDGE,
	and DIRECT (macvtap).

	* src/qemu/qemu_conf.h: add vhostfd to qemuBuildHostNetStr prototype
	  add qemudOpenVhostNet prototype new flag to set when :,vhost=" found in
	  qemu help
	* src/qemu/qemu_conf.c: * set QEMUD_CMD_FLAG_VNET_HOST is ",vhost=" found
	  in qemu help
	   - qemudOpenVhostNet - opens /dev/vhost-net to pass to qemu if everything
	     is in place to use it.
	   - qemuBuildHostNetStr - add vhostfd to commandline if it's not empty
	     (higher levels decide whether or not to fill it in)
	   - qemudBuildCommandLine - if /dev/vhost-net is successfully opened, add
	     its fd to tapfds array so it isn't closed on qemu exec, and populate
	     vhostfd_name to be passed in to commandline builder.
	* src/qemu/qemu_driver.c: add filler 0 for new arg to qemuBuildHostNetStr,
	  along with a note that this must be implemented in order for hot-plug of
	  vhost-net virtio devices to work properly (once qemu "netdev_add" monitor
	  command is implemented).

2010-03-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Fix FD leak in qemudStartVMDaemon
	The logfile FD is dup2'ed in __virExec in the child. The FD needs to
	be closed in the parent, otherwise it leaks.

2010-03-18  Eric Blake  <eblake@redhat.com>

	util: ensure virMutexInit is not recursive
	POSIX states that creation of a mutex with default attributes
	is unspecified whether the mutex is recursive or non-recursive.
	We specifically want non-recursive (deadlock is desirable in
	flushing out coding bugs that used our mutex incorrectly).

	* src/util/threads-pthread.c (virMutexInit): Specifically request
	non-recursive mutex, rather than relying on unspecified default.

2010-03-18  Eric Blake  <eblake@redhat.com>

	maint: enforce recent copyright style
	* cfg.mk (sc_copyright_format): New rule.

2010-03-18  Eric Blake  <eblake@redhat.com>

	maint: make Red Hat copyright notices consistent
	Spell out 'Red Hat, Inc.':
	 git grep -i 'Copyright.*Red Hat' | grep -v Inc

	Include (C) consistently:
	 git grep -i 'Copyright [^(].*Red Hat'

	* src/lxc/lxc_container.c: Update copyright formatting.
	* src/node_device/node_device_udev.c: Likewise.
	* src/node_device/node_device_udev.h: Likewise.
	* src/xen/xend_internal.h: Likewise.
	* src/xen/xm_internal.c: Likewise.
	* src/xen/xm_internal.h: Likewise.
	* tests/xmconfigtest.c: Likewise.
	* tests/object-locking.ml: Likewise.
	* tools/virt-pki-validate.in: Likewise.
	* tools/virt-xml-validate.in: Likewise.

2010-03-18  Eric Blake  <eblake@redhat.com>

	maint: fix typo
	* cfg.mk (sc_prohibit_gettext_noop): Fix typo

	maint: enforce recent N_ usage
	* cfg.mk (sc_prohibit_gettext_noop): New rule applied in "make syntax-check"

2010-03-18  Daniel Veillard  <veillard@redhat.com>

	Fix logroate rpm build breakage
	related to fix of bug https://bugzilla.redhat.com/show_bug.cgi?id=547514

2010-03-18  Daniel Veillard  <veillard@redhat.com>

	Fix LSB compliance of init script
	https://bugzilla.redhat.com/show_bug.cgi?id=538701

	* daemon/libvirtd.init.in: daemon/libvirtd.init.in were not mentionned
	  in the usage message and if a missing or wrong argument is given it
	  should return 2, not 1

2010-03-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: <pre> cannot be nested in <p>
	xsltproc complained about this.

2010-03-17  Philip Hahn  <hahn@univention.de>

	python: Fix networkLookupByUUID
	According to:

	http://libvirt.org/html/libvirt-libvirt.html#virNetworkLookupByUUID

	virNetworkLookupByUUID() expects a virConnectPtr as its first argument,
	thus making it a method of the virConnect Python class.

	Currently it's a method of libvirt.virNetwork.

	@@ -805,13 +805,6 @@ class virNetwork:
	         if ret == -1: raise libvirtError ('virNetworkGetAutostart() failed', net=self)
	         return ret

	-    def networkLookupByUUID(self, uuid):
	-        """Try to lookup a network on the given hypervisor based on its UUID. """
	-        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	-        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', net=self)
	-        __tmp = virNetwork(self, _obj=ret)
	-        return __tmp
	-
	 class virInterface:
	     def __init__(self, conn, _obj=None):
	         self._conn = conn
	@@ -1689,6 +1682,13 @@ class virConnect:
	         __tmp = virDomain(self,_obj=ret)
	         return __tmp

	+    def networkLookupByUUID(self, uuid):
	+        """Try to lookup a network on the given hypervisor based on its UUID. """
	+        ret = libvirtmod.virNetworkLookupByUUID(self._o, uuid)
	+        if ret is None:raise libvirtError('virNetworkLookupByUUID() failed', conn=self)
	+        __tmp = virNetwork(self, _obj=ret)
	+        return __tmp
	+

2010-03-17  Cole Robinson  <crobinso@redhat.com>

	.gitignore: Ignore generated daemon/libvirtd.logrotate

	Fix make dist with XenAPI changes

2010-03-17  Jiri Denemark  <jdenemar@redhat.com>

	Allow suspend during live migration
	Currently no command can be sent to a qemu process while another job is
	active. This patch adds support for signaling long-running jobs (such as
	migration) so that other threads may request predefined operations to be
	done during such jobs. Two signals are defined so far:
	    - QEMU_JOB_SIGNAL_CANCEL
	    - QEMU_JOB_SIGNAL_SUSPEND

	The first one is used by qemuDomainAbortJob.

	The second one is used by qemudDomainSuspend for suspending a domain
	during migration, which allows for changing live migration into offline
	migration. However, there is a small issue in the way qemudDomainSuspend
	is currently implemented for migrating domains. The API calls returns
	immediately after signaling migration job which means it is asynchronous
	in this specific case.

2010-03-16  Jim Meyering  <meyering@redhat.com>

	do not require two ./autogen.sh runs to permit "make"
	* autogen.sh (bootstrap_hash): New function.
	Running bootstrap may update the gnulib SHA1, yet we were computing
	t=$(git submodule status ...) *prior* to running bootstrap, and
	then recording that sometimes-stale value in the stamp file upon
	a successful bootstrap run.  That would require two (lengthy!)
	bootstrap runs to update the stamp file.

2010-03-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use virRequestUsername and virRequestPassword

	xenapi: Don't leak url and caps in case of error

	xenapi: Check for NULL before accessing the scheme

	xenapi: Request a username if there is non in the URI
	Use virRequestUsername and virRequestPassword.

	xenapi: Check for valid private data in xenapiSessionErrorHandle

	esx: Move username and password helper functions to authhelper.c

2010-03-16  Jim Meyering  <meyering@redhat.com>

	fix two "make syntax check" failures
	* src/xenapi/xenapi_driver.c (xenapiOpen): Remove useless-if-before-free.
	* po/POTFILES.in: Add src/xenapi/xenapi_utils.c.

2010-03-16  Jiri Denemark  <jdenemar@redhat.com>

	Use WARN_CFLAGS when compiling virsh.c

	Use fsync() at the end of file allocation instead of O_DSYNC
	Instead of opening storage file with O_DSYNC, make sure data are written
	to a disk only before we claim allocation has finished.

2010-03-15  Jim Meyering  <meyering@redhat.com>

	Revert f5a6ce44ce8368d4183b69a31b77f67688d9af43
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): The ".controller"
	member is an index, and *may* be 0.  As such, the commit that we're
	reverting broke SCSI disk hot-plug on controller 0.
	Reported by Wolfgang Mauerer.

2010-03-15  Cole Robinson  <crobinso@redhat.com>

	security: Set permissions for kernel/initrd
	Fixes URL installs when running virt-install as root on Fedora.

	qemu: Fix USB by product with security enabled
	We need to call PrepareHostdevs to determine the USB device path before
	any security calls. PrepareHostUSBDevices was also incorrectly skipping
	all USB devices.

	qemu: Add some debugging at domain startup

2010-03-15  Daniel Veillard  <veillard@redhat.com>

	qemu: pass the information when disks are read-only
	* src/qemu/qemu_conf.c: add the ",readonly=on" for read-only disks
	  and also parse it back in qemuParseCommandLineDisk()
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.args
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-readonly-disk.xml:
	  add a specific regression test

2010-03-15  Jiri Denemark  <jdenemar@redhat.com>

	Fix syntax-check errors

	Fix error messages in qemu text monitor

2010-03-14  Sharadha Prabhakar  <sharadha.prabhakar@citrix.com>

	xenapi: Initial commit of the new driver

2010-03-13  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve documentation about remote URIs

	macvtap: Only export symbols if support is enabled

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Only use the numa functions when they are available.

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Make nodeGetInfo report the correct number of NUMA nodes.
	The nodeGetInfo code was always assuming that machine had a
	single NUMA node, which is not correct.  The good news is that
	libnuma gives us this information pretty easily, so let's
	properly report it.

	NOTE: With recent hardware starting to support CPU hot-add
	and hot-remove, both this code and the nodeCapsInitNUMA()
	code are quickly going to become obsolete.  We'll have to
	think of a more dynamic solution for dealing with NUMA
	nodes and CPUs that can come and go at will.

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Fix crash in virsh after bogus command
	If you ran virsh in interactive mode and ran a command
	that virsh could not parse, it would then SEGV
	on subsequent commands.  The problem is that we are
	freeing the vshCmd structure in the syntaxError label
	at the end of vshCommandParse, but forgetting to
	set ctl->cmd to NULL.  This means that on the next command,
	we would try to free the same structure again, leading
	to badness.

	* tools/virsh.c: Make sure to set ctl->cmd to NULL after
	  freeing it in vshCommandParse()

2010-03-12  Chris Lalancette  <clalance@redhat.com>

	Fix virsh command 'cd'
	* tools/virsh.c: cmdCd was returning a 0 on success and -1 on error,
	  when the rest of the code expected a TRUE on success and a
	  FALSE on error.

2010-03-12  Laine Stump  <laine@laine.org>

	Fix compiler warnings in virsh.c
	No functional change. These all generated compiler warnings which, for
	some reason weren't converted to errors by
	--enable-compiler-warnings=error.

	* tools/virsh.c:
	  - change return type from int to void on two functions that don't
	    return a value.
	  - remove unused variables/labels from two functions
	  - eliminate non-literal format strings
	  - typecast char* into xmlChar* when calling
	  - xmlParseBalancedChunkMemory

2010-03-12  Laine Stump  <laine@laine.org>

	Silence compiler complaints about non-literal format strings
	* src/util/macvtap.c: replace _("....") with "%s", _("...") in two places

2010-03-12  Daniel Veillard  <veillard@redhat.com>

	Update commiters list

2010-03-11  Chris Lalancette  <clalance@redhat.com>

	Fix hang in qemudDomainCoreDump.
	Currently if you dump the core of a qemu guest with
	qemudDomainCoreDump, subsequent commands will hang
	up libvirtd.  This is because qemudDomainCoreDump
	uses qemuDomainWaitForMigrationComplete, which expects
	the qemuDriverLock to be held when it's called.  This
	patch does the simple thing and moves the qemuDriveUnlock
	to the end of the qemudDomainCoreDump so that the driver
	lock is held for the entirety of the call (as it is done
	in qemudDomainSave).  We will probably want to make the
	lock more fine-grained than that in the future, but
	we can fix both qemudDomainCoreDump and qemudDomainSave
	at the same time.

	Make sure qemudDomainSetVcpus doesn't hang.
	The code to add job support into libvirtd caused a problem
	in qemudDomainSetVcpus.  In particular, a qemuDomainObjEndJob()
	call was added at the end of the function, but a
	corresponding qemuDomainObjBeginJob() was not.  Additionally,
	a call to qemuDomainObj{Enter,Exit}Monitor() was also missed
	in qemudDomainHotplugVcpus().  These missing calls conspired to
	cause a hang in the libvirtd process after the command was
	finished.  Fix this by adding the missing calls.

2010-03-11  Chris Lalancette  <clalance@redhat.com>

	Remove qemudDomainSetMaxMemory.
	As previously discussed[1], this patch removes the
	qemudDomainSetMaxMemory() function, since it doesn't
	work.  This means that instead of getting somewhat
	cryptic errors, you will now get:

	error: Unable to change MaxMemorySize
	error: this function is not supported by the hypervisor: virDomainSetMaxMemory

	Which describes the situation perfectly.

	[1] https://www.redhat.com/archives/libvir-list/2010-February/msg00928.html

2010-03-11  Chris Lalancette  <clalance@redhat.com>

	Fix a JSON CPU information bug.
	When using the JSON monitor, qemuMonitorJSONExtractCPUInfo
	was returning 0 on success.  Unfortunately, higher levels of
	the cpuinfo code expect that it returns the number of CPUs
	it found on success.  This one-line patch fixes it so that
	it returns the correct number.  This makes "virsh vcpuinfo <domain>"
	work when using the JSON monitor.

2010-03-10  Ed Swierk  <eswierk@aristanetworks.com>

	Allow devices without a parent
	* Allow devices without parent links to be created and set their parent to the root "computer" node

2010-03-10  Eric Blake  <eblake@redhat.com>

	build: change to gnulib module list should rerun bootstrap
	* autogen.sh (curr_status): Also include hash of bootstrap.conf
	when checking for changes that require bootstrap rerun.
	* cfg.mk (_update_required): Likewise.

2010-03-10  Eric Blake  <eblake@redhat.com>

	build: enforce preprocessor indentation
	Since cppi is not part of Fedora Core 12, the check is conditional:
	without cppi, running 'make syntax-check' merely warns:

	$ make sc_preprocessor_indentation
	preprocessor_indentation
	maint.mk: skipping test sc_preprocessor_indentation: cppi not installed

	* cfg.mk (sc_preprocessor_indentation): New syntax-check rule.
	(preprocessor_exempt): New macro, with first exemption.

2010-03-10  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to newer (but not latest)
	This is a stop-gap measure to make autogen.sh rerun ./bootstrap,
	(required due to recent bootstrap.conf addition) while we prepare
	the fix to automatically detect the case of an updated modules list.

2010-03-10  David Allan  <dallan@redhat.com>

	Free resources on error in udev startup
	* The udev driver didn't properly free resources that it allocates when setting up the 'computer' device in the error case.

2010-03-10  Daniel Veillard  <veillard@redhat.com>

	Make virsh reconnect when losing connection
	When the daemon libvirtd restarts, a connected virsh gets a SIGPIPE
	and dies. This change the behaviour to try to reconnect if the
	signal was received or command error indicated a connection or RPC
	failure. Note that the failing command is not restarted.

	* tools/virsh.c: catch SIGPIPE signals as well as connection related
	  failures, add some automatic reconnection code and appropriate error
	  messages.

2010-03-10  Chris Lalancette  <clalance@redhat.com>

	Fix up nodeinfo parsing code.
	As pointed out by eblake, I made a real hash of the
	nodeinfo code with commit
	aa2f6f96ddd7a57011c3d25586d588100651feb2.  This patch
	cleans it up:

	1)  Do more work at compile time instead of runtime (minor)
	2)  Properly handle the hex digits that come from
	/sys/devices/system/cpu/cpu*/topology/thread_siblings
	3)  Fix up some error paths that could cause SEGV
	4)  Used unsigned's for the cpu numbers (cpu -1 doesn't
	make any sense)

	Along with the recent patch from jdenemar to zero out
	the nodeinfo structure, I've re-tested this on the
	machines having the problems, and it seems to be good.

2010-03-10  Daniel Veillard  <veillard@redhat.com>

	Change logrotate to be per-hypervisor logs
	Having a single logrotate configuration file for all hypervisors
	did not work as logrotate would get confused if an hypervisor not
	supported on that platform was still listed. Simplest is to split
	the logrotate as separate per hypervisor files and change the
	spec file to only install the ones compiled in.
	* daemon/libvirtd.lxc.logrotate.in daemon/libvirtd.qemu.logrotate.in
	  daemon/libvirtd.uml.logrotate.in: copy and split the original
	  daemon/libvirtd.logrotate.in file
	* daemon/Makefile.am: update to support the different files and
	  cleanup in sed suggested by Eric Blake
	* libvirt.spec.in: only install the relevant logrotate configs
	* daemon/.gitignore: update logrotate generated list

2010-03-09  Eric Blake  <eblake@redhat.com>

	build: consistently indent preprocessor directives
	* global: patch created by running:
	for f in $(git ls-files '*.[ch]') ; do
	    cppi $f > $f.t && mv $f.t $f
	done

2010-03-09  Eric Blake  <eblake@redhat.com>

	virsh: use N_ rather than gettext_noop
	With N_() in place, we can use it for a smaller file.

	* doc/api-extension/0008-Step-8-of-8-Add-virsh-support.patch:
	Replace all uses of gettext_noop with N_.
	* tools/virsh.c: Likewise, throughout the file.

2010-03-09  Eric Blake  <eblake@redhat.com>

	virsh: fix existing N_ uses
	It is a bad idea to call gettext on an already-translated
	string.  In cases where a string must be translated separately
	from where it is exposed to xgettext, the gettext manual
	recommends the idiom of N_() wrapping gettext_noop for
	marking the string.

	* src/internal.h (N_): Fix definition to match gettext manual.
	* tools/virsh.c: (cmdHelp, cmdList, cmdDomstate, cmdDominfo)
	(cmdVcpuinfo, vshUsage): Replace incorrect use of N_ with _.
	(vshCmddefHelp): Likewise.  Mark C format strings appropriately.

2010-03-09  Jim Meyering  <meyering@redhat.com>

	doc: fix typos in hacking.html.in; mark HACKING as read-only
	* HACKING: Mark as read-only.  Soon we'll generate it from...
	* docs/hacking.html.in: ... this file.  More typo fixes.

2010-03-09  Jiri Denemark  <jdenemar@redhat.com>

	Fix copy&paste typos in virProcessInfoGetAffinity

2010-03-09  Jiri Denemark  <jdenemar@redhat.com>

	Wipe nodeinfo structure before filling it
	The nodeinfo structure wasn't initialized in qemu driver and with the
	recent change in CPU topology parsing, old value of nodeinfo->sockets
	could be used and incremented giving totally bogus results.

	Let's just wipe the structure completely.

2010-03-09  Jim Meyering  <meyering@redhat.com>

	doc: fix more typos in HACKING
	* HACKING: More spelling/typo fixes.

2010-03-09  Eric Blake  <eblake@redhat.com>

	AUTHORS: add recent contributors

	hacking: add a section on preprocessor conventions
	* doc/hacking.html.in (preprocessor): New section to document
	recently-discussed style issues.

	hacking: fix typos
	* docs/hacking.html.in (committers): Fix spelling and grammar.

2010-03-09  Laine Stump  <laine@laine.org>

	Fix format string warnings
	A few more non-literal format strings in error log messages have crept
	in. Fix them in the standard way - turn the format string into "%s"
	with the original string as the arg.

2010-03-09  Stefan Berger  <stefanb@us.ibm.com>

	macvtap build detection fix
	* configure.ac: fix the header test used for macvtap availability
	  detection

2010-03-09  Soren Hansen  <soren@ubuntu.com>

	Fix virDomainGetXMLDesc cache settings output
	If a special cache strategy for a disk has been specified in a domain
	definition, but no driverName has been set, virDomainGetXMLDesc would not
	include the <driver> tag at all.

	* src/conf/domain_conf.c: make sure any <driver> tag setting is
	  serialized if set.

2010-03-08  David Allan  <dallan@redhat.com>

	Update hacking.html.in
	* Added section on use of goto
	* Added missing content from HACKING document

2010-03-08  Chris Lalancette  <clalance@redhat.com>

	Get thread and socket information in virsh nodeinfo.
	The current code for "nodeinfo" is pretty naive
	about socket and thread information.  To determine the
	sockets, it just takes the number of cpus and divides
	by the number of cores.  For the thread count, it always
	sets it to 1.  With more recent Intel machines, however,
	hyperthreading is again an option, meaning that these
	heuristics no longer work and give bogus numbers.  This
	patch goes through /sys to get the additional
	information so we properly report it.

	Note that I had to edit the tests not to report on
	socket and thread counts, since these are determined
	dynamically now.

	v2: As pointed out by Eric Blake, gnulib provides
	    count-one-bits (which is LGPLv2+).  Use it instead
	    of a hand-coded popcnt.

2010-03-08  Adam Litke  <agl@us.ibm.com>

	Fix locking in qemudDomainMemoryStats
	When adding domainMemoryStats API support for the qemu driver, I didn't
	follow the locking rules exactly.  The job condition must be held when
	executing monitor commands.  This corrects the segfaults I was seeing
	when calling domainMemoryStats in a multi-threaded environment.

	* src/qemu/qemu_driver.c: in qemudDomainMemoryStats() add missing
	  calls to qemuDomainObjBeginJob/qemuDomainObjEndJob

2010-03-08  Laine Stump  <laine@laine.org>

	Eliminate large stack buffer in doTunnelSendAll
	doTunnelSendAll function (used by QEMU migration) uses a 64k buffer on
	the stack, which could be problematic. This patch replaces that with a
	buffer from the heap.

	While in the neighborhood, this patch also improves error reporting in
	the case that saferead fails - previously, virStreamAbort() was called
	(resetting errno) before reporting the error. It's been changed to
	report the error first.

	* src/qemu/qemu_driver.c: fix doTunnelSendAll() to use a malloc'ed
	  buffer

2010-03-08  Eric Blake  <eblake@redhat.com>

	build: consistently use C99 varargs macros
	Prior to this patch, there was an inconsistent mix between GNU and C99.

	For consistency, and potential portability to other compilers, stick
	with the C99 vararg macro syntax.

	* src/conf/cpu_conf.c (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/conf/domain_conf.c (virDomainReportError): Likewise.
	* src/conf/domain_event.c (eventReportError): Likewise.
	* src/conf/interface_conf.c (virInterfaceReportError): Likewise.
	* src/conf/network_conf.c (virNetworkReportError): Likewise.
	* src/conf/node_device_conf.h (virNodeDeviceReportError): Likewise.
	* src/conf/secret_conf.h (virSecretReportError): Likewise.
	* src/conf/storage_conf.h (virStorageReportError): Likewise.
	* src/esx/esx_device_monitor.c (ESX_ERROR): Use C99 rather than
	  GNU vararg macro syntax.
	* src/esx/esx_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_interface_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_network_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_secret_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_storage_driver.c (ESX_ERROR): Likewise.
	* src/esx/esx_util.c (ESX_ERROR): Likewise.
	* src/esx/esx_vi.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_methods.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vi_types.c (ESX_VI_ERROR): Likewise.
	* src/esx/esx_vmx.c (ESX_ERROR): Likewise.
	* src/util/hostusb.c (usbReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/util/json.c (virJSONError): Likewise.
	* src/util/macvtap.c (ReportError): Likewise.
	* src/util/pci.c (pciReportError): Likewise.
	* src/util/stats_linux.c (virStatsError): Likewise.
	* src/util/util.c (virUtilError): Likewise.
	* src/util/xml.c (virXMLError): Likewise.
	* src/xen/proxy_internal.c (virProxyError): Use C99 rather than
	  GNU vararg macro syntax.
	* src/xen/sexpr.c (virSexprError): Likewise.
	* src/xen/xen_driver.c (xenUnifiedError): Likewise.
	* src/xen/xen_hypervisor.c (virXenError): Likewise.
	* src/xen/xen_inotify.c (virXenInotifyError): Likewise.
	* src/xen/xend_internal.c (virXendError): Likewise.
	* src/xen/xm_internal.c (xenXMError): Likewise.
	* src/xen/xs_internal.c (virXenStoreError): Likewise.
	* src/cpu/cpu.h (virCPUReportError): Use C99 rather than GNU
	  vararg macro syntax.
	* src/datatypes.c (virLibConnError): Likewise.
	* src/interface/netcf_driver.c (interfaceReportError): Likewise.
	* src/libvirt.c (virLibStreamError): Likewise.
	* src/lxc/lxc_conf.h (lxcError): Likewise.
	* src/network/bridge_driver.c (networkReportError): Likewise.
	* src/nodeinfo.c (nodeReportError): Likewise.
	* src/opennebula/one_conf.h (oneError): Likewise.
	* src/openvz/openvz_conf.h (openvzError): Likewise.
	* src/phyp/phyp_driver.c (PHYP_ERROR): Likewise.
	* src/qemu/qemu_conf.h (qemuReportError): Likewise.
	* src/remote/remote_driver.c (errorf): Likewise.
	* src/security/security_driver.h (virSecurityReportError): Likewise.
	* src/test/test_driver.c (testError): Likewise.
	* src/uml/uml_conf.h (umlReportError): Likewise.
	* src/vbox/vbox_driver.c (vboxError): Likewise.
	* src/vbox/vbox_tmpl.c (vboxError): Likewise.

2010-03-05  Jim Meyering  <meyering@redhat.com>

	ebtablesAddRemoveRule: avoid dead store
	* src/util/ebtables.c (ebtablesAddRemoveRule): Avoid dead store
	to local, "s".

	virInterfaceDefParseBond: avoid dead stores
	* src/conf/interface_conf.c (virInterfaceDefParseBond): Avoid dead stores
	to local, "node".  Remove declaration, too.

	xenXMDomainConfigParse: avoid dead store
	* src/xen/xm_internal.c (xenXMDomainConfigParse): Avoid dead store
	to local, "data".  Remove declaration, too.

	qemudDomainAttachSCSIDisk: handle empty controller list
	* src/qemu/qemu_driver.c (qemudDomainAttachSCSIDisk): Handle
	the (theoretical) case of an empty controller list, so that
	clang does not think the subsequent dereference of "cont"
	would dereference an undefined variable (due to preceding
	loop not iterating even once).

	qemu restore: don't let corrupt input provoke unwarranted OOM
	* src/qemu/qemu_driver.c (qemudDomainRestore): A corrupt save file
	(in particular, a too-large header.xml_len value) would cause an
	unwarranted out-of-memory error.  Do not trust the just-read
	header.xml_len.  Instead, merely use that as a hint, and
	read/allocate up to that number of bytes from the file.
	Also verify that header.xml_len is positive; if it were negative,
	passing it to virFileReadLimFD could cause trouble.

	virFileReadLimFD: diagnose maxlen <= 0, rather than passing it on...
	to saferead_lim, which interprets it as a size_t.
	* src/util/util.c (virFileReadLimFD): Do not malfunction when
	maxlen < -1.  Return -1,EINVAL in that case.  Handle maxlen==0
	in the same manner.

	xen: don't let bogus packets trigger over-allocation and segfault
	* src/xen/proxy_internal.c (xenProxyDomainDumpXML): An invalid packet
	could include a too-large "ans.len" value, which would make us allocate
	too much memory and then copy data from beyond the end of "ans",
	possibly evoking a segfault.  Ensure that the value we use is no
	larger than the remaining portion of "ans".
	Also, change unnecessary memmove to memcpy (src and dest obviously
	do not overlap, so no need to use memmove).
	(xenProxyDomainGetOSType): Likewise.
	(xenProxyGetCapabilities): Likewise.

	qemuMonitorTextGetMemoryStats: decrease risk of false positive in parsing
	The code erroneously searched the entire "reply" for a comma, when
	its intent was to search only that portion after "balloon: actual="
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetMemoryStats):
	Search for "," only starting *after* the BALLOON_PREFIX string.
	Otherwise, we'd be more prone to false positives.

2010-03-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.7
	* configure.ac libvirt.spec.in: update with new version
	* docs/news.html.in: add list of changes in 0.7.7
	* po/*po*: updated spanish and russian localisations, rebuilt

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB passthrough based on product/vendor
	Changeset

	  commit 5073aa994af460e775cb3e548528e28d7660fcc8
	  Author: Cole Robinson <crobinso@redhat.com>
	  Date:   Mon Jan 11 11:40:46 2010 -0500

	Added support for product/vendor based passthrough, but it only
	worked at the security driver layer. The main guest XML config
	was not updated with the resolved bus/device ID. When the QEMU
	argv refactoring removed use of product/vendor, this then broke
	launching guests.

	THe solution is to move the product/vendor resolution up a layer
	into the QEMU driver. So the first thing QEMU does is resolve
	the product/vendor to a bus/device and updates the XML config
	with this info. The rest of the code, including security drivers
	and QEMU argv generated can now rely on bus/device always being
	set.

	* src/util/hostusb.c, src/util/hostusb.h: Split vendor/product
	  resolution code out of usbGetDevice and into usbFindDevice.
	  Add accessors for bus/device ID
	* src/security/virt-aa-helper.c, src/security/security_selinux.c,
	  src/qemu/qemu_security_dac.c: Remove vendor/product from the
	  usbGetDevice() calls
	* src/qemu/qemu_driver.c: Use usbFindDevice to resolve vendor/product
	  into a bus/device ID

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Convert QEMU driver all hotunplug code from pci_del to device_del
	The pci_del command is not being ported to QMP. Convert all the
	QEMU hotplug code over to use device_del whenever it is available
	to avoid the pci_del problem

	* src/qemu/qemu_driver.c: Convert unplug code to device_del

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Support hot-unplug for USB devices in QEMU
	Previously hot-unplug could not be supported for USB devices
	in QEMU, since usb_del required the guest visible address
	which libvirt never knows. With 'device_del' command we can
	now unplug based on device alias, so support that.

	* src/qemu/qemu_driver.c: Use device_del to remove USB devices

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Tweak container initialization to make upstart/init happier
	Upstart crashes & burns in a heap if $TERM environment variable
	is missing. Presumably the kernel always sets this when booting
	init on a real machine, so libvirt should set it for containers
	too.

	To make a typical inittab / mingetty setup happier, we need to
	symlink the primary console /dev/pts/0 to /dev/tty1.

	Improve logging in certain scenarios to make troubleshooting
	easier

	* src/lxc/lxc_container.c: Create /dev/tty1 and set $TERM

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Misc fixes for LXC cgroups setup
	When using the 'ns' cgroup controller, the moment a process calls
	'unshare(CLONE_NEWNS)', it will be given a private cgroup tree
	under its current location. This really messages up the LXC
	controller process, because it ends up creating the containers'
	cgroup in the wrong place. The fix is fairly easy, just move
	the cgroup setup before the code which calls unshare(). The
	'ns' controller will still create extra undesired cgroups, but
	they at least won't break libvirt's setup now.

	The patch also adds a missing cgroups allow rule for /dev/tty
	device node

2010-03-05  Daniel P. Berrange  <berrange@redhat.com>

	Avoid creating top level cgroups if just querying for existance
	When getting the driver/domain cgroup it is possible to specify
	whether it should be auto created. If auto-creation was turned
	off, libvirt still mistakenly created its own top level cgroup

	* src/util/cgroup.c: Honour autocreate flag for top level cgroup

2010-03-05  Stefan Berger  <stefanb@us.ibm.com>

	web docs -- macvtap mode explanation
	This adds more information about the different macvtap device modes,
	spells out VEPA and adds a link to a pdf at the ieee site.

2010-03-04  Laine Stump  <laine@laine.org>

	Change default for storage uid/gid from getuid()/getgid() to -1/-1
	This allows the config to have a setting that means "leave it alone",
	eg when building a pool where the directory already exists the user
	may want the current uid/gid of the directory left intact. This
	actually gets us back to older behavior - before recent changes to the
	pool building code, we weren't as insistent about honoring the uid/gid
	settings in the XML, and virt-manager was taking advantage of this
	behavior.

	As a side benefit, removing calls to getuid/getgid from the XML
	parsing functions also seems like a good idea. And having a default
	that is different from a common/useful value (0 == root) is a good
	thing in general, as it removes ambiguity from decisions (at least one
	place in the code was checking for (perms.uid == 0) to see if a
	special uid was requested).

	Note that this will only affect newly created pools and volumes. Due
	to the way that the XML is parsed, then formatted for newly created
	volumes, all existing pools/volumes already have an explicit uid and
	gid set.

	src/conf/storage_conf.c: Remove calls to setuid/setgid for default values
	                         of uid/gid, and set them to -1 instead

	src/storage/storage_backend.c:
	src/storage/storage_backend_fs.c:
	        Make account for the new default values of perms.uid
	        and perms.gid.

2010-03-04  Diego Elio Pettenò  <flameeyes@gmail.com>

	build: vbox: avoid build failure when linking with --no-add-needed
	With the recent changes to the linking defaults in Fedora 13 (namely
	enabling --no-add-needed behaviour by default), we have to pass the
	dlopen()-providing libraries directly at the link of the module; use the
	same AC_SEARCH_LIBS function as used before to look for it and add it to
	the Makefile.

	build: avoid dlopen-related link failure on rawhide/F13
	Instead of using AC_CHECK_LIB and hardcoding -ldl, search for the library
	needed to get dlopen() and then use the cached value.

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Support VCPU hotplug in QEMU guests
	QEMU has a monitor command 'set_cpu' which allows a specific
	CPU to be toggled between online& offline state. libvirt CPU
	hotplug does not work in terms of individual indexes CPUs.
	Thus to support this, we iteratively toggle the online state
	when the total number of vCPUs is adjusted via libvirt

	NB, currently untested since QEMU segvs when running this!

	* src/qemu/qemu_driver.c: Toggle online state for CPUs when
	  doing hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  monitor API for toggling a CPU's online status via 'set_cpu

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix parser checking of storage pool device
	The storage backend implementations all presume that the XML parser
	is validating correctness of the source specification. The check for
	a source device was lost at some point. This allowed for a potential
	crash in the disk backend. Re-introduce the sanity check

	* src/conf/storage_conf.c: Re-add check for source device

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix mis-leading error message in pool delete API
	When trying to delete a pool the error message claimed the volume
	could not be deleted.

	* src/storage/storage_driver.c: Error message referred to
	  volumes instead of pools

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in QEMU migration command name
	The QMP code was running query-migration instead of query-migrate.
	This doesn't work so well

	* src/qemu/qemu_monitor_json.c: s/query-migration/query-migrate/

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Don't raise error message from cgroups if QEMU fails to start
	The code to remove the cgroup after QEMU failed to startup could
	be obscuring a real error from earlier on. It is not neccessary
	to raise an error in this case, so tell cgroups to keep quiet

	* src/qemu/qemu_driver.c: Don't raise cgroups error in QEMU start
	  cleanup code.

2010-03-04  Daniel P. Berrange  <berrange@redhat.com>

	Add missing device type check in QEMU PCI hotunplug
	The QEMU hotunplug code for PCI devices was looking at host
	devices in the guest config without first filtering non
	PCI devices. This means it was reading garbage

	* src/qemu/qemu_driver.c: Filter out non-PCI devices

2010-03-03  Chris Lalancette  <clalance@redhat.com>

	Add a define for NFS_SUPER_MAGIC
	Commit 3c12a67b766cce51b47861ccde2be41de369f832 added
	a dependency on the NFS_SUPER_MAGIC macro, which is
	defined in linux/magic.h.  Unfortunately linux/magic.h
	is not available in RHEL-5, and causes a compile error.
	Just define it locally, since this is something that
	can't change.

2010-03-03  Laine Stump  <laine@laine.org>

	Make domain save work on root-squash NFS
	Move *all* file operations related to creation and writing of libvirt
	header to the domain save file into a hook function that is called by
	virFileOperation. First try to call virFileOperation as root. If that
	fails with EACCESS, and (in the case of Linux) statfs says that we're
	trying to save the file on an NFS share, rerun virFileOperation,
	telling it to fork a child process and setuid to the qemu user. This
	is the only way we can successfully create a file on a root-squashed
	NFS server.

	This patch (along with setting dynamic_ownership=0 in qemu.conf)
	makes qemudDomainSave work on root-squashed NFS.

	* src/qemu/qemu_driver.c: provide new qemudDomainSaveFileOpHook()
	  utility, use it in qemudDomainSave() if normal creation of the
	  file as root failed, and after checking the filesystem type for
	  the storage is NFS. In that case we also bypass the security
	  driver, as this would fail on NFS.

2010-03-03  Laine Stump  <laine@laine.org>

	Fix domain restore for files on root-squash NFS
	If qemudDomainRestore fails to open the domain save file, create a
	pipe, then fork a process that does setuid(qemu_user) and opens the
	file, then reads this file and stuffs it into the pipe. the parent
	libvirtd process will use the other end of the pipe as its fd, then
	reap the child process after it's done reading.

	This makes domain restore work on a root-squash NFS share that is only
	visible to the qemu user.

	* src/qemu/qemu_driver.c: add new qemudOpenAsUID() helper function,
	  and use it in qemudDomainRestore() if reading as root directly failed.

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB/PCI device address aliases in QEMU hotplug driver
	The USB/PCI device hotplug code for the QEMU driver was forgetting
	to allocate a unique device alias.

	* src/qemu/qemu_driver.c: Fill in device alias for USB/PCI devices

2010-03-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of errors in QEMU device_add command
	The code assumed that 'device_add' returned an empty string upon
	success. This is not true, it sometimes prints random debug info.
	THus we need to check for an explicit fail string

	* src/qemu/qemu_monitor_text.c: Fix error checking of the device_add
	  monitor command

2010-03-03  Eric Blake  <eblake@redhat.com>

	esx: don't ignore failure on close
	Another warning caught by coverity.  Continue to perform best-effort
	closing and resource release, but warn the caller about the failure.

	* src/esx/esx_driver.c (esxClose): Return an error on failure to close.

2010-03-03  Eric Blake  <eblake@redhat.com>

	uml: avoid crash on partial read
	Coverity detected a potential dereference of uninitialized memory
	if recvfrom got cut short.

	* src/uml/uml_driver.c (umlMonitorCommand): Validate complete read
	prior to dereferencing res.

2010-03-03  Eric Blake  <eblake@redhat.com>

	virsh: silence compiler warning
	gcc warns:
	virsh.c:1879: warning: '0' flag ignored with '-' flag in gnu_printf format

	* tools/virsh.c (cmdDomjobinfo): Delete useless flag.

2010-03-02  Jiri Denemark  <jdenemar@redhat.com>

	Fix safezero()
	Various safezero() implementations used either -1, errno or -errno
	return values. This patch fixes them all to return -1 and set errno
	appropriately.

	There was also a bug in size parameter passed to safewrite() which could
	result in an attempt to write gigabytes out of a megabyte buffer.

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU domain state after a save attempt fails
	When a VM save attempt failed, the VM would be left in a paused
	state. It is neccessary to resume CPU execution upon failure
	if it was running originally

	* src/qemu/qemu_driver.c: Resume CPUs upon save failure

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Support job cancellation in QEMU driver
	This supports cancellation of jobs for the QEMU driver against
	the virDomainMigrate, virDomainSave and virDomainCoreDump APIs.
	It is not yet supported for the virDomainRestore API, although
	it is desirable.

	* src/qemu/qemu_driver.c: Issue 'migrate_cancel' command if
	  virDomainAbortJob is issued during a migration operation
	* tools/virsh.c: Add a domjobabort command

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Remote driver implementation for the virDomainAbortJob APi
	This defines the wire protocol for the new API

	* src/remote/remote_protocol.x: Wire protocol definition
	* src/remote/remote_driver.c,daemon/remote.c: Client and server
	  side implementation
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate from remote_protocol.x

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Wire up internal entry points for virDomainAbortJob API
	This provides the internal glue for the driver API

	* src/driver.h: Internal API contract
	* src/libvirt.c, src/libvirt_public.syms: Connect public API
	  to driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub out entry points

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Introduce public API for cancelling async domain jobs
	The new virDomainAbortJob() method provides a way for a second
	thread to abort an ongoing job run by another thread. This
	extends to any API with  which the virDomainGetJobInfo() API
	is intended to work. Cancellation is not guarenteed, rather best
	effort on part of the hypervisor and not required to be implmented.

	* include/libvirt/libvirt.h.in: Define virDomainAbortJob()

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Add QEMU driver support for job info on migration ops
	Introduce support for  virDomainGetJobInfo in the QEMU driver. This
	allows for monitoring of any API that uses the 'info migrate' monitor
	command. ie virDomainMigrate, virDomainSave and virDomainCoreDump

	Unfortunately QEMU does not provide a way to monitor incoming migration
	so we can't wire up virDomainRestore yet.

	The virsh tool gets a new command 'domjobinfo' to query status

	* src/qemu/qemu_driver.c: Record virDomainJobInfo and start time
	  in qemuDomainObjPrivatePtr objects. Add generic shared handler
	  for calling 'info migrate' with all migration based APIs.
	* src/qemu/qemu_monitor_text.c: Fix parsing of 'info migration' reply
	* tools/virsh.c: add new 'domjobinfo' command to query progress

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Remote driver implmentation of job info API
	* src/remote/remote_protocol.x: Define wire protocol format
	  for virDomainGetJobInfo API
	* src/remote/remote_driver.c, daemon/remote.c: Implement client
	  and server marshalling code for virDomainGetJobInfo()
	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h, daemon/remote_dispatch_table.h,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h: Rebuild
	  files from src/remote/remote_protocol.x

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Stub out internal driver entry points for job processing
	The internal glue layer for the new pubic API

	* src/driver.h: Define internal driver API contract
	* src/libvirt.c, src/libvirt_public.syms: Wire up public
	  API to internal driver API
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c: Stub new entry point

2010-03-02  Daniel P. Berrange  <berrange@redhat.com>

	Introduce public API for domain async job handling
	Introduce a new public API that provides a way to get progress
	info on currently running jobs on a virDomainpPtr. APIs that
	are initially within scope of this idea are

	 virDomainMigrate
	 virDomainMigrateToURI
	 virDomainSave
	 virDomainRestore
	 virDomainCoreDump

	These all take a potentially long time and benefit from monitoring.
	The virDomainJobInfo struct allows for various pieces of information
	to be reported

	 - Percentage completion
	 - Time
	 - Overall data
	 - Guest memory data
	 - Guest disk/file data

	* include/libvirt/libvirt.h.in: Add virDomainGetJobInfo
	* python/generator.py, python/libvirt-override-api.xml,
	  python/libvirt-override.c: Override for virDomainGetJobInfo API
	* python/typewrappers.c, python/typewrappers.h: Introduce wrapper
	  for unsigned long long type

2010-03-02  Eric Blake  <eblake@redhat.com>

	build: silence coverity warning in node_device
	All other uses of get_str_prop in this file that ignored
	failure explicitly cast to void.

	* src/node_device/node_device_hal.c (dev_create): Silence coverity
	warning.

2010-03-02  Rolf Eike Beer  <eike@sf-mail.de>

	Fix error messages when parsing USB devices in QEMU
	A number of the error messages raised when parsing USB devices
	refered to PCI devices by mistake

	* src/qemu/qemu_conf.c: s/PCI/USB/ in qemuParseCommandLineUSB()

2010-03-02  Rolf Eike Beer  <eike@sf-mail.de>

	Fix USB hotplug device string in QEMU driver
	The USB hotplug method was mistakenly generating a PCI address
	string

	* src/qemu/qemu_driver.c: Fix USB hotplug device string

2010-03-02  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Use device_del to remove SCSI controllers
	when the underlying qemu supports the drive/device model and the
	controller has been added this way.
	* src/qemu/qemu_driver.c: use qemuMonitorDelDevice() when detaching
	  PCI controller and if supported
	* src/qemu/qemu_monitor.[ch]: add new qemuMonitorDelDevice() function
	* src/qemu/qemu_monitor_json.[ch]: JSON backend for DelDevice command
	* src/qemu/qemu_monitor_text.[ch]: Text backend for DelDevice command

	Fix PCI address handling when controllers are deleted
	* src/qemu/qemu_driver.c: in qemudDomainDetachPciControllerDevice()
	  when a controller is not present in the system anymore, the PCI
	  address must be deleted from libvirt's hashtable because it can
	  be re-used for other purposes.

	Fix data structure handling when controllers are attached
	* src/qemu/qemu_driver.c: in qemudDomainAttachDevice(), one must not
	  delete the data part when the operation succeeds because it is
	  required later on. The correct pattern to handlethe parsed
	  representation of the device information on success
	  is dev->data.controller = NULL; virDomainDeviceDefFree(dev);,
	  which leaves the structure pointed at by data in memory.

	Tiny spelling fix

2010-03-02  Eric Blake  <eblake@redhat.com>

	libvirtd: avoid false-positive NULL-deref warning from clang
	* daemon/libvirtd.c (qemudWorker): Rewrite loop to silence a
	warning.

2010-03-02  Jim Meyering  <meyering@redhat.com>

	x86Decode: avoid NULL-dereference upon questionable input
	* src/cpu/cpu_x86.c (x86Decode): Don't dereference NULL when passed
	a NULL "models" pointer, or when passed a nonzero "nmodels" value
	and a corresponding NULL models[i].

	phypUUIDTable_Push: do not corrupt output stream upon partial write
	* src/phyp/phyp_driver.c (phypUUIDTable_Push): Move incr/decr
	of ptr/nread into the loop where those variables are used.
	Also, remove "exit" label and just-preceding "goto".

	openvzDomainDefineCmd: remove useless increment
	* src/openvz/openvz_driver.c (openvzDomainDefineCmd): Remove
	useless increment of "max_veid".

2010-03-01  Jim Meyering  <meyering@redhat.com>

	maint: disallow TAB-in-indentation also in *.rng files
	* cfg.mk (sc_TAB_in_indentation): Also check .rng files.

	maint: convert leading TABs in *.rng files to equivalent spaces
	* docs/schemas/capability.rng: Likewise.
	* docs/schemas/network.rng: Likewise.
	* docs/schemas/nodedev.rng: Likewise.
	* docs/schemas/storagepool.rng: Likewise.
	* docs/schemas/storagevol.rng: Likewise.
	Use these commands:
	t=$'\t'
	git ls-files | grep '\.rng$' | xargs grep -lE "^ *$t" \
	  | xargs perl -MText::Tabs -ni -le \
	    '$m=/^( *\t[ \t]*)(.*)/; print $m ? expand($1) . $2 : $_'

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Expand docs about clock modes
	* formatdomain.html.in: Document new clock options

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Allow configurable timezones with QEMU
	Allow an arbitrary timezone with QEMU by setting the $TZ environment
	variable when launching QEMU

	* src/qemu/qemu_conf.c: Set TZ environment variable if a timezone
	  is requested
	* tests/qemuxml2argvtest.c: Add test case for timezones
	* tests/qemuxml2argvdata/qemuxml2argv-clock-france.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-clock-france.args: Data
	  for timezone tests

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Allow a timezone to be specified instead of sync to host timezone
	This extends the XML to allow for

	  <clock offset='timezone' timezone='Europe/Paris'/>

	This is useful if the admin has not configured any timezone on the
	host OS, but still wants to synchronize a guest to a specific one.

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Support extra
	  'timezone' attribute on clock configuration
	* docs/schemas/domain.rng: Add 'timezone' attribute
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Reject configs
	  with a configurable timezone

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Support variable clock offset mode in QEMU
	This allows QEMU guests to be started with an arbitrary clock
	offset

	The test case can't actually be enabled, since QEMU argv expects
	an absolute timestring, and this will obviously change every
	time the test runs :-( Hopefully QEMU will allow a relative
	time offset in the future.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Use the -rtc arg
	  if available to support variable clock offset mode
	* tests/qemuhelptest.c: Add QEMUD_CMD_FLAG_RTC for qemu 0.12.1
	* qemuxml2argvdata/qemuxml2argv-clock-variable.args,
	  qemuxml2argvdata/qemuxml2argv-clock-variable.xml,
	  qemuxml2argvtest.c: Test case, except we can't actually enable
	  it yet.

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Add new clock mode allowing variable adjustments
	This introduces a third option for clock offset synchronization,
	that allows an arbitrary / variable adjustment to be set. In
	essence the XML contains the time delta in seconds, relative to
	UTC.

	  <clock offset='variable' adjustment='123465'/>

	The difference from 'utc' mode, is that management apps should
	track adjustments and preserve them at next reboot.

	* docs/schemas/domain.rng: Schema for new clock mode
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
	  new clock time delta
	* src/libvirt_private.syms, src/util/xml.c, src/util/xml.h: Add
	  virXPathLongLong() method

2010-03-01  Daniel P. Berrange  <berrange@redhat.com>

	Change the internal domain conf representation of localtime/utc
	The XML will soon be extended to allow more than just a simple
	localtime/utc boolean flag. This change replaces the plain
	'int localtime' with a separate struct to prepare for future
	extension

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a new
	  virDomainClockDef structure
	* src/libvirt_private.syms: Export virDomainClockOffsetTypeToString
	  and virDomainClockOffsetTypeFromString
	* src/qemu/qemu_conf.c, src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
	  src/xen/xm_internal.c: Updated to use new structure for localtime

2010-03-01  Jim Meyering  <meyering@redhat.com>

	udevEnumerateDevices: remove dead code
	* src/node_device/node_device_udev.c (udevEnumerateDevices): Remove
	unnecessary call to udev_list_entry_get_name.

	qemudNetworkIfaceConnect: remove dead store
	* src/qemu/qemu_conf.c (qemudNetworkIfaceConnect): Remove extraneous
	virSaveLastError call, whose result was unused.

	cmdPoolDiscoverSources: initialize earlier to avoid FP from clang
	* tools/virsh.c (cmdPoolDiscoverSources): Always initialize srcSpec.
	Otherwise, clang would report that srcSpec could be used uninitialized
	in the call to virConnectFindStoragePoolSources.

2010-03-01  Eric Blake  <eblake@redhat.com>

	qemu: avoid null dereference on failed migration
	* src/qemu/qemu_monitor_text.c: qemuMonitorTextGetMigrationStatus: Check for
	  failed strchr, to silence a coverity warning.

2010-03-01  Stefan Berger  <stefanb@us.ibm.com>

	Free the macvtap mode string
	* src/conf/domain_conf.c: forgot to free the attribute value in
	  virDomainNetDefParseXML()

2010-03-01  Daniel Veillard  <veillard@redhat.com>

	Update of indian, spanish and russian translations
	and regeneration of the po/pot files

2010-02-26  David Allan  <dallan@redhat.com>

	Revert fs pool formatting
	* We are reverting this patch pending a discussion of the right way to implement.

2010-02-26  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: Update to latest.
	Commit 89bdf84bcd9c6032e37 inadvertently rewound the .gnulib
	submodule by 51 commits.  This corrects it.
	Spotted by Eric Blake.

	build: avoid warning about return-with-value in void function
	* tools/virsh.c: Just "return;", not "return NULL;".

	libvirtd: do not ignore failure to set group ID in privileged mode
	* daemon/libvirtd.c (qemudListenUnix): Diagnose and fail upon
	failure to set or restore group-ID.

2010-02-26  Chris Lalancette  <clalance@redhat.com>

	Only build virDomainObjFormat if not building proxy.
	While building under RHEL-5, I got a compile warning because
	virDomainObjFormat was defined but not used.  That came about
	because in RHEL-5 we build with "#define PROXY", and
	virDomainObjFormat is only used with !PROXY.  Move the
	define.

2010-02-25  Jim Meyering  <meyering@redhat.com>

	openvzGetVEID: don't leak (memory + file descriptor)
	* src/openvz/openvz_conf.c (openvzGetVEID): Always call fclose.
	Diagnose parse failure also when vzlist output is empty.
	If somehow we read a -1, diagnose that (albeit as a parse failure).

2010-02-25  Cole Robinson  <crobinso@redhat.com>

	Use standard spacing for user/pass prompt
	Kind of minor, but it annoys me that the default auth callback
	doesn't put a space between the prompt and the input, like a typical
	terminal, ssh, etc. This patch changes the current prompt:

	Please enter your authentication name:myuser

	to

	Please enter your authentication name: myuser

2010-02-25  Cole Robinson  <crobinso@redhat.com>

	libvirtd: Better initscript error reporting
	From time to time I bork my install, and hate it when the initscript
	returns no info. This patch removes the sanity check, which lets
	the shell give us 'command not found' or 'permission denied' errors.

	qemu: Report binary path if error parsing -help

2010-02-25  Cole Robinson  <crobinso@redhat.com>

	remote: Improve daemon startup error reporting
	If I toggle enable_tcp in libvirtd.conf and add --listen in
	/etc/init.d/libvirtd, I get the unhelpful error:

	Starting libvirtd daemon: error: Unable to initialize network sockets.

	Running without --daemon provides much more useful info:

	sudo libvirtd --listen
	11:29:26.117: error : remoteCheckCertFile:270 : Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

	The daemon architecture makes it difficult to report this useful
	info if daemonized, so point users to /var/log/messages and
	dropping the --daemon flag if they want more info.

2010-02-25  Cole Robinson  <crobinso@redhat.com>

	virsh: Show errors reported by nonAPI functions
	Only API calls trigger the error callback, which is required for
	proper virsh error reporting. Since we use non API functions from
	util/, make sure we properly report these errors.

	Fixes lack of error message from 'virsh create idontexit.xml'

2010-02-25  Cole Robinson  <crobinso@redhat.com>

	remote: Improve error message when libvirtd isn't running
	While this could lead people in the wrong direction, people most commonly
	hit this error when libvirtd isn't running, so let's mention a possible
	fix.

2010-02-25  Jim Meyering  <meyering@redhat.com>

	build: avoid warning about unused variables
	* tools/virsh.c (cmdCPUBaseline): Remove declarations of unused
	variables, p and cur.

	build: avoid "make rpm" failure in docs/
	Add missing rule to build html/libvirt-libvirt.html.
	Use a GNU Make pattern rule to avoid running apibuild.py once
	for each out-of-date target, in a parallel build.
	* docs/Makefile.am

	build: teach apibuild.py to work in a non-srcdir build
	* docs/Makefile.am (libvirt-api.xml libvirt-refs.xml): Generalize
	apibuild.py to work in a non-srcdir build.  Pass "srcdir" to it.
	* docs/apibuild.py (rebuild): Honor the $srcdir envvar.

	build: avoid non-srcdir "make distcheck" failures (CLEANFILES)
	* docs/Makefile.am (MAINTAINERCLEANFILES): Use this variable
	for generated-and-distributed files, not "CLEANFILES".
	Besides, "make clean" and "make distclean" should not delete
	distributed files.

	build: make git submodule checking more reliable
	* cfg.mk (_curr_status): Accommodate leading "+" or "-" in the output
	of git submodule status.
	* autogen.sh: Likewise.

	build: avoid non-srcdir "make distcheck" failures (srcdir vs wildcard)
	* tests/xencapsdata/Makefile.am: Use $(wildcard in $(srcdir)-aware manner
	* tests/xmconfigdata/Makefile.am: Likewise.
	* tests/xml2sexprdata/Makefile.am: Likewise.
	* tests/sexpr2xmldata/Makefile.am (EXTRA_DIST): Likewise.
	* Makefile.am (XML_EXAMPLES): Use $(wildcard in $(srcdir)-aware manner.

	build: avoid non-srcdir "make distcheck" failure (test_conf.sh)
	* tests/confdata/Makefile.am (EXTRA_DIST): Apply $(wildcard... to
	$(srcdir)/..., and then remove the prefix.

	build: avoid non-srcdir installation failure (sitemap.html.in)
	* docs/Makefile.am (EXTRA_DIST): Add sitemap.html.in.

	build: avoid non-srcdir installation failure (apibuild.py)
	* docs/Makefile.am (libvirt-api.xml): Insert missing "$(srcdir)/".
	Also, remove unnecessary sub-shell.

	build: fix typos in makefile variable names
	* configure.ac: Fix typos:
	s/DRIVER_MODULES_CFLAGS/DRIVER_MODULE_CFLAGS/
	s/DRIVER_MODULES_LIBS/DRIVER_MODULE_LIBS/

2010-02-25  Jim Meyering  <meyering@redhat.com>

	build: ensure that MKINSTALLDIRS is AC_SUBST-defined
	since we're using gettext-0.14.1, which uses that now-obsolete
	automake symbol.  Otherwise, make distcheck would fails like this:

	    make[2]: Entering directory `/t/libvirt-0.7.6/_build/po'
	    /bin/sh @MKINSTALLDIRS@ /t/libvirt-0.7.6/_inst/share
	    /bin/sh: @MKINSTALLDIRS@: No such file or directory
	    make[2]: *** [install-data-yes] Error 127

	* configure.ac (MKINSTALLDIRS): Define.
	For reference, we're currently hamstrung by our desire
	to support RHEL5, which still uses gettext-0.14:
	http://bugzilla.redhat.com/523713

2010-02-24  Eric Blake  <eblake@redhat.com>

	maint: relax git minimum version
	Requiring git 1.6.4, just for the optional GNULIB_SRCDIR support,
	was too harsh.  Resynchronize from gnulib.

	* .gnulib: Import from latest gnulib.
	* bootstrap: Re-synchronize from .gnulib/build-aux.
	* bootstrap.conf: Drop git to 1.5.5.
	* README-hacking: Document use of GNULIB_SRCDIR.

2010-02-24  Richard Jones  <rjones@redhat.com>

	Ignore SIGWINCH in remote client call to poll(2) (RHBZ#567931).
	In bug 567931 we found that virt-top would exit occasionally
	when the terminal window was resized.  Tracking this down it
	turned out that SIGWINCH was being delivered to the process at
	exactly the point where the libvirt remote driver was calling
	poll(2) waiting for a reply from libvirtd.

	This caused the poll(2) call to be interrupted (returning errno
	EINTR).  However handling EINTR the same way as EAGAIN was not
	the solution to this problem since we found previously that this
	would break Ctrl-C handling (commit 47fec8eac2bb3).

	The correct solution is to mask out SIGWINCH for the duration
	of the poll(2) system call.  The per-thread mask is changed and
	restored immediately after the call.  Since we are using
	pthread_sigmask, this should not affect other threads, and
	since we restore the signal mask immediately afterwards it should
	not affect the current thread visibly either.  Other possibly
	problematic signals are SIGCHLD and SIGPIPE and these are
	masked too.

	Note use of ignore_value: It's not fatal if we cannot mask out
	SIGWINCH, and in any case pthread_sigmask never fails on Linux
	as long as you supply the correct arguments.

	I tested this patch and it cures the original problem with
	virt-top.

2010-02-24  Stefan Berger  <stefanb@us.ibm.com>

	Add descriptions for macvtap direct type interfaces
	This adds a description about the 'direct' type of interface recently
	added for macvtap device type support on the host.

2010-02-24  Dave Allan  <dallan@redhat.com>

	Format FS pools on creation
	Create the filesystem on the partition used by the pool
	* configure.ac: check for mkfs availability
	* libvirt.spec.in: add extra require on util-linux for mkfs
	* src/storage/storage_backend_fs.c: run mkfs with the expected
	  fs type when creating a filesystem pool

2010-02-23  Eric Blake  <eblake@redhat.com>

	maint: sort .gitignore
	Fallout from the new bootstrap.

	* .gitignore: Commit sorting done by bootstrap.
	* build-aux/.gitignore: Likewise.
	* po/.gitignore: Likewise.

2010-02-23  Eric Blake  <eblake@redhat.com>

	maint: import modern bootstrap
	Copy the latest gnulib bootstrap, which runs autoreconf and
	generates po/Makevars for us.  Other improvements include some
	improved prerequisite tool checking.

	This also fixes a bug in the .pot files, regarding the copyright holder.

	* bootstrap: Update to version in .gnulib/build-aux.
	* bootstrap.conf (MSGID_BUGS_ADDRESS, COPYRIGHT_HOLDER, SKIP_PO)
	(gnulib_mk, ACLOCAL, bootstrap_epilogue): Provide overrides.
	* autogen.sh (autoreconf): Avoid redundant autoreconf if bootstrap
	was run.
	* po/Makevars: Delete, now that bootstrap creates it.
	* po/.gitignore: Update.

2010-02-23  Eric Blake  <eblake@redhat.com>

	maint: start factoring bootstrap
	Borrow ideas from gnulib/build-aux/bootstrap, in order to factor the
	specifics of libvirt into bootstrap.conf, while allowing future
	upgrades of bootstrap to happen with less effort.

	* bootstrap (gnulib_tool): Update invocation to be closer to
	gnulib's version.  Move libvirt specifics...
	* bootstrap.conf: ...into new file.

2010-02-23  Eric Blake  <eblake@redhat.com>

	maint: fix quoting in autogen.sh
	* autogen.sh (srcdir, THEDIR, OBJ_DIR): Use proper quoting.
	(.git-module-status): Abort if bootstrap fails.

2010-02-23  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* cfg.mk (local-checks-to-skip): Disable sc_prohibit_hash_without_use
	for now, since it fails with a false-positive match.

	virFork: placate static analyzers: ignore pthread_sigmask return value
	* src/util/util.c: Include "ignore-value.h".
	(virFork): We really do want to ignore pthread_sigmask failure.

2010-02-23  Cole Robinson  <crobinso@redhat.com>

	docs: Fix syntax warnings from recent changes.

	docs: network: Document <domain> element

	docs: network: Document STP and delay attributes

	docs: domain: Document <description> element

	docs: storage: Document multipath pools

	docs: storage: Document SCSI pools

	docs: storage: Fix backingStore <format> docs

	docs: storage: <volume><key> is always generated.

	docs: storage: Document capacity/alloc 'unit'

	storage: conf: Correctly calculate exabyte unit
	We were using 'Y' to mean exabyte, when the correct abbreviation would be
	'E' ('Y' is yettabyte, which is exabyte * 1024 * 1024). While it isn't
	strictly backwards compatible, I highly doubt anyone was actually using
	this broken behavior, so I don't see any harm in in dropping 'Y' handling.

2010-02-23  Jiri Denemark  <jdenemar@redhat.com>

	virsh.c: avoid all leaks in OOM path in cmdCPUBaseline

2010-02-22  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC (again)
	Recently we introduced O_DSYNC flag when creating raw storage files to
	avoid filling all disk cache with dirty pages. However, the patch got
	lost when virStorageBackendCreateRaw was reworked using
	virFileOperation. Let's use O_DSYNC again.

2010-02-21  David Allan  <dallan@redhat.com>

	Fixed reference count in virsh pool-build command
	* tools/virsh.c: call virStoragePoolFree() in the main path too

2010-02-21  Dan Kenigsberg  <danken@redhat.com>

	docs: add 3 missing spaces

2010-02-20  David Allan  <dallan@redhat.com>

	Fix daemon-conf invalid failures
	The daemon-conf test would fail on my system if there was a system libvirtd
	running.  In the course of troubleshooting that problem, I discovered that the
	daemon-conf script would always fail if run by itself because it found the line:

	\# that each "PARAMETER = VALUE" line in this file have the parameter

	which it mistook for a line containing a parameter.  I have changed the test to
	avoid mistaking a line containing \"PARAMETER = VALUE\" for a parameter line.

	The corrupted config tests turned out to be failing because the test daemon was
	discovering the pid file from the running daemon and exiting before it processed
	the test config file.  Specifying the pid file for the corrupt config tests in
	the same way as for the valid config test solved that problem.

2010-02-19  Jim Meyering  <meyering@redhat.com>

	virsh.c: avoid leak on OOM error path
	* tools/virsh.c (cmdCPUBaseline): Also free "buffer" and "list" upon OOM.

	virBufferVSprintf: do not omit va_end(argptr) call
	* src/util/buf.c (virBufferVSprintf): Do not omit va_end(argptr).
	Improved-by: Daniel Veillard.

	xend_internal.c: don't dereference NULL for unexpected input
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Avoid a NULL
	dereference upon non-SEXPR_VALUE'd on_xend_start.  This bug was
	introduced by commit 37ce5600c0bb1aed9e2f2888922388de4340ebd3.

2010-02-19  Laine Stump  <laine@laine.org>

	Use virFileOperation hook function in virStorageBackendFileSystemVolBuild
	There were a few operations on the storage volume file that were still
	being done as root, which will fail if the file is on a root-squashed
	NFS share. The result was that attempts to create a storage volume of
	type "raw" on a root-squashed NFS share would fail.

	This patch uses the newly introduced "hook" function in
	virFileOperation to execute all those file operations in the child
	process that's run under the uid that owns the file (and, presumably,
	has permission to write to the NFS share)

	* src/storage/storage_backend.c: use virFileOperation() in
	  virStorageBackendCreateRaw, turning virStorageBackendCreateRaw()
	  into a new createRawFileOpHook() hook

2010-02-19  Laine Stump  <laine@laine.org>

	Rename virFileCreate to virFileOperation, add hook function
	It turns out it is also useful to be able to perform other operations
	on a file created while running as a different uid (eg, write things
	to that file), and possibly to do this to a file that already
	exists. This patch adds an optional hook function to the renamed (for
	more accuracy of purpose) virFileOperation; the hook will be called
	after the file has been opened (possibly created) and gid/mode
	checked/set, before closing it.

	As with the other operations on the file, if the VIR_FILE_OP_AS_UID
	flag is set, this hook function will be called in the context of a
	child process forked from the process that called virFileOperation.
	The implication here is that, while all data in memory is available to
	this hook function, any modification to that data will not be seen by
	the caller - the only indication in memory of what happened in the
	hook will be the return value (which the hook should set to 0 on
	success, or one of the standard errno values on failure).

	Another piece of making the function more flexible was to add an
	"openflags" argument. This arg should contain exactly the flags to be
	passed to open(2), eg O_RDWR | O_EXCL, etc.

	In the process of adding the hook to virFileOperation, I also realized
	that the bits to fix up file owner/group/mode settings after creation
	were being done in the parent process, which could fail, so I moved
	them to the child process where they should be.

	* src/util/util.[ch]: rename and rework virFileCreate-->virFileOperation,
	  and redo flags in virDirCreate
	* storage/storage_backend.c, storage/storage_backend_fs.c: update the
	  calls to virFileOperation/virDirCreate to reflect changes in the API,
	  but don't yet take advantage of the hook.

2010-02-19  Dustin Xiong  <x_k_123@hotmail.com>

	qemu: Check for IA64 kvm
	ACPI feature bit dropped: I asked internally if the -no-acpi option
	had any meaning for IA64, and was told 'probably not'.

2010-02-19  Cole Robinson  <crobinso@redhat.com>

	remote: Print ssh stderr on connection failure

2010-02-19  Yuji NISHIDA  <nishidy@nict.go.jp>

	fix multiple veth problem for OpenVZ
	Fix multiple veth problem.
	NETIF setting was overwritten after first CT because any CT could not be
	found by name.
	* src/openvz/openvz_conf.c src/openvz/openvz_conf.h: add the
	  openvzGetVEID lookup function
	* src/openvz/openvz_driver.c: use it in openvzDomainSetNetwork()

2010-02-19  Chris Lalancette  <clalance@redhat.com>

	Better error reporting for failed migration
	If the hostname as returned by "gethostname" resolves
	to "localhost" (as it does with the broken Fedora-12
	installer), then live migration will fail because the
	source will try to migrate to itself.  Detect this
	situation up-front and abort the live migration before
	we do any real work.

	* src/util/util.h src/util/util.c: add a new virGetHostnameLocalhost
	  with an optional localhost check, and rewire virGetHostname() to use
	  it
	* src/libvirt_private.syms: expose the new function
	* src/qemu/qemu_driver.c: use it in qemudDomainMigratePrepare2()

2010-02-19  Chris Lalancette  <clalance@redhat.com>

	Make virDomainObjFormat static
	* src/conf/domain_conf.c: make function static
	* src/conf/domain_conf.h: remove it from header

	Make an error message in PCI util code clearer
	* src/util/pci.c: update 2 message on pciRead errors

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap mac_filter support
	This patch adds the mac_filter support to the macvtap device.

2010-02-19  Jim Meyering  <meyering@redhat.com>

	virsh: be careful to return "FALSE" upon OOM
	* tools/virsh.c (cmdCPUBaseline): Add an explicit "return" statement
	after the "no_memory:" label.

	virBufferStrcat: do not skip va_end
	* src/util/buf.c (virBufferStrcat): Do not skip va_end due to
	an early return.

	qparams.c: do not skip va_end, twice
	* src/util/qparams.c (new_qparam_set, append_qparams): Do not skip
	va_end due to an early return.

	xenDaemonDomainSetAutostart: avoid appearance of impropriety
	* src/xen/xend_internal.c (xenDaemonDomainSetAutostart): Rewrite to
	avoid dereferencing the result of sexpr_lookup.  While in this
	particular case, it was guaranteed never to be NULL, due to the
	preceding "if sexpr_node(...)" guard, it's cleaner to skip the
	sexpr_node call altogether, and also saves a lookup.

2010-02-19  Stefan Berger  <stefanb@us.ibm.com>

	macvtap IFF_VNET_HDR configuration
	This patch sets or unsets the IFF_VNET_HDR flag depending on what device
	is used in the VM. The manipulation of the flag is done in the open
	function and is only fatal if the IFF_VNET_HDR flag could not be cleared
	although it has to be (or if an ioctl generally fails). In that case the
	macvtap tap is closed again and the macvtap interface torn.

	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: pass qemuCmdFlags to
	  qemudPhysIfaceConnect()
	* src/util/macvtap.c src/util/macvtap.h: add vnet_hdr boolean to
	  openMacvtapTap(), and private function configMacvtapTap()
	* src/qemu/qemu_driver.c: add extra qemuCmdFlags when calling
	  qemudPhysIfaceConnect()

2010-02-18  Laine Stump  <laine@laine.org>

	Use virFork() in __virExec(), virFileCreate() and virDirCreate()
	For __virExec() this is a semantic NOP except for when fork()
	fails. __virExec() would previously forget to restore the signal mask
	in this case; virFork() corrects this behavior.

	virFileCreate() and virDirCreate() gain the code to reset the logging
	and properly deal with the signal handling race condition.

	This also removes a log message that had a typo ("cannot fork o create
	file '%s'") - this error is now logged in a more generic manner in
	virFork() (more generic, but really just as informative, since the
	fact that it's forking to create a file is immaterial to the fact that
	it simply can't fork)

	* src/util/util.c: use the generic virFork() in the 3 functions

2010-02-18  Laine Stump  <laine@laine.org>

	Add virFork() function to utils
	virFork() contains bookkeeping that must be done any time a process
	forks. Currently this includes:

	1) Call virLogLock() prior to fork() and virLogUnlock() just after,
	   to avoid a deadlock if some other thread happens to hold that lock
	   during the fork.

	2) Reset the logging hooks and send all child process log messages to
	   stderr.

	3) Block all signals prior to fork(), then either a) reset the signal
	   mask for the parent process, or b) clear the signal mask for the
	   child process.

	Note that the signal mask handling in __virExec erroneously fails to
	restore the signal mask when fork() fails. virFork() fixes this
	problem.

	Other than this, it attempts to behave as closely to fork() as
	possible (including preserving errno for the caller), with a couple
	exceptions:

	1) The return value is 0 (success) or -1 (failure), while the pid is
	   returned via the pid_t* argument. Like fork(), if pid < 0 there is
	   no child process, otherwise both the child and the parent will
	   return to the caller, and both should look at the return value,
	   which will indicate if some of the extra processing outlined above
	   encountered an error.

	2) If virFork() returns with pid < 0 or with a return value < 0
	   indicating an error condition, the error has already been
	   reported. You can log an additional message if you like, but it
	   isn't necessary, and may be awkwardly extraneous.

	Note that virFork()'s child process will *never* call _exit() - if a
	child process is created, it will return to the caller.

	* util.c util.h: add virFork() function, based on what is currently
	                 done in __virExec().

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Add QEMU support for virtio channel
	Support virtio-serial controller and virtio channel in QEMU backend.
	Will output
	the following for virtio-serial controller:

	-device
	virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4,max_ports=16,vectors=4

	and the following for a virtio channel:

	-chardev pty,id=channel0 \
	-device
	virtserialport,bus=virtio-serial0.0,chardev=channel0,name=org.linux-kvm.port.0

	* src/qemu/qemu_conf.c: Add argument output for virtio
	* tests/qemuxml2argvtest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.args: Add test for
	  QEMU command line generation

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Add domain support for virtio channel
	Add support for virtio-serial by defining a new 'virtio' channel target type
	and a virtio-serial controller. Allows the following to be specified in a
	domain:

	<controller type='virtio-serial' index='0' ports='16' vectors='4'/>
	<channel type='pty'>
	  <target type='virtio' name='org.linux-kvm.port.0'/>
	  <address type='virtio-serial' controller='0' bus='0'/>
	</channel>

	* docs/schemas/domain.rng: Add virtio-serial controller and virtio
	  channel type.
	* src/conf/domain_conf.[ch]: Domain parsing/serialization for
	  virtio-serial controller and virtio channel.
	* tests/qemuxml2xmltest.c
	  tests/qemuxml2argvdata/qemuxml2argv-channel-virtio.xml: add domain xml
	  parsing test
	* src/libvirt_private.syms src/qemu/qemu_conf.c:
	  virDomainDefAddDiskControllers() renamed to
	  virDomainDefAddImplicitControllers()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Remove unused functions from domain_conf
	Remove virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual,
	which are defined but not used anywhere.

	* src/conf/domain_conf.[ch] src/libvirt_private.syms: Remove
	  virDomainDevicePCIAddressEqual and virDomainDeviceDriveAddressEqual.

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Fix typo in comment
	* src/qemu/qemu_driver.c: qemudStartVMDaemon() fix typo in comment

2010-02-18  Jim Meyering  <meyering@redhat.com>

	get_virtual_functions_linux: would mistakenly always return zero
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Return "ret", rather than always returning 0.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	qemu: Explicitly error if guest virtual network is inactive
	Currently we just error with ex. 'virbr0: No such device'.

	Since we are using public API calls here, we need to ensure that any
	raised error is properly saved and restored, since API entry points
	always reset messages.

2010-02-18  Cole Robinson  <crobinso@redhat.com>

	network: bridge: Fix IsActive, IsPersistent
	We were accessing the wrong private data structure, which would
	cause a segfault.

	virterror: Make SetError work if no previous error was set
	virGetLastError returns NULL if no error has been set, not on
	allocation error like virSetError assumed. Use virLastErrorObject
	instead. This fixes virSetError when no error is currently stored.

	libvirt: Update docs for hotplug only commands
	The commands updated are SetMem, SetMaxMem, SetVcpus, and PinVcpu.

2010-02-18  Stefan Berger  <stefanb@us.ibm.com>

	macvtap teardown rework
	Rework and simplification of teardown of the macvtap device.

	Basically all devices with the same MAC address and link device are kept
	alive and not attempted to be torn down. If a macvtap device linked to a
	physical interface with a certain MAC address 'M' is to be created it
	will automatically fail if the interface is 'up'ed and another macvtap
	with the same properties (MAC addr 'M', link dev) happens to be 'up'.
	This will prevent the VM from starting or the device from being attached
	to a running VM. Stale interfaces are assumed to be there for some
	reason and not stem from libvirt.

	In the VM shutdown path, it's assuming that an interface name is always
	available so that if the device type is DIRECT it can be torn down
	using its name.

	* src/util/macvtap.h src/libvirt_macvtap.syms: change of deleting routine
	* src/util/macvtap.c: cleanups and change of deleting routine
	* src/qemu/qemu_driver.c: change cleanup on shutdown
	* src/qemu/qemu_conf.c: don't delete Macvtap in qemudPhysIfaceConnect()

2010-02-18  Matthew Booth  <mbooth@redhat.com>

	Fix whitespace in domain.rng
	* src/schemas/domain.rng: Replace tabs with 8 spaces

2010-02-18  Daniel P. Berrange  <berrange@redhat.com>

	Update QEMU JSON balloon command handling
	The QEMU JSON monitor changed balloon commands to return/accept
	bytes instead of kilobytes. Update libvirt to cope with this

	* src/qemu/qemu_monitor_json.c: Expect/use bytes for ballooning

2010-02-18  Jim Meyering  <meyering@redhat.com>

	openvzLoadDomains: don't ignore failing virUUIDFormat
	* src/openvz/openvz_conf.c (openvzLoadDomains): Diagnose failure of
	virUUIDFormat.

2010-02-17  Cole Robinson  <crobinso@redhat.com>

	python: Actually add virConnectGetVersion to generated bindings
	The recent commit to implement a python version of this function
	didn't drop an explicit 'ignore' check in the generator, so this
	never ended up in the bindings.

2010-02-17  Eric Blake  <ebb9@byu.net>

	build: inform libtool of m4 directory
	Silence a libtoolize warning.
	*  configure.ac (AC_CONFIG_MACRO_DIR): Add.

2010-02-17  Jiri Denemark  <jdenemar@redhat.com>

	Adds a cpu-baseline command for virsh
	* tools/virsh.c: add a command to compute a CPU baseline based on
	  multiple CPU definitions in an XML chunk
	* tools/virsh.pod: add it to the man page

2010-02-16  Jim Meyering  <meyering@redhat.com>

	vshCommandParse: placate coverity
	There is no real leak here, but Coverity-Prevent thinks there is.
	It does not see that while there are four ways to return from
	vshCommandGetToken with VSH_TK_END, none of them results in allocation
	of a result.
	* tools/virsh.c (vshCommandParse): Add a (currently) useless VIR_FREE,
	to ensure that we never leak when vshCommandGetToken returns VSH_TK_END.

	qemuMonitorTextAddUSBDisk: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddUSBDisk): Free
	command output buffer.

	tests: avoid NULL deref upon OOM failure
	* tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Handle malloc
	failure.

	qemuInitPasswords: avoid unconditional leak
	* src/qemu/qemu_driver.c (qemuInitPasswords): Free pass-phrase buffer.

	qemuMonitorTextAddDevice: avoid unconditional leak
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAddDevice): Free the
	device name buffer.

	libvirt-override.c: avoid a leak upon call with invalid argument
	* python/libvirt-override.c (libvirt_virConnectBaselineCPU): Don't leak
	the xmlcpus buffer upon encountering a non-string list element.

	vboxDomainDumpXML: avoid a leak on OOM error path
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free vboxCallback buffer
	upon OOM.

	virNodeDevCapScsiHostParseXML: avoid an unconditional leak
	* src/conf/node_device_conf.c (virNodeDevCapScsiHostParseXML):
	Free the "nodes" buffer allocated by virXPathNodeSet.

	uml_driver.c: avoid leak upon failure
	* src/uml/uml_driver.c (umlMonitorCommand): This function would
	sometimes return -1, yet fail to free the "reply" it had allocated.
	Hence, no caller would know to free the corresponding argument.
	When returning -1, be sure to free all allocated resources.

	vbox_tmpl.c: avoid an unconditional leak
	* src/vbox/vbox_tmpl.c (vboxDomainDumpXML): Free def.
	Improved by Matthias Bolte.

	openvz (openvzFreeDriver): avoid leaks
	* src/openvz/openvz_conf.c (openvzFreeDriver): Also free driver buffer.
	Based on a suggestion from Matthias Bolte.

	virStorageBackendIsMultipath: avoid dead store
	* src/storage/storage_backend_mpath.c (virStorageBackendIsMultipath):
	The result of dm_get_next_target was never used (and isn't needed),
	so don't store it.

2010-02-16  Cole Robinson  <crobinso@redhat.com>

	qemu: Make SetVcpu command hotplug only
	Similar to the Set*Mem commands, this implementation was bogus and
	misleading. Make it clear this is a hotplug only operation, and that the
	hotplug piece isn't even implemented.

	Also drop the overkill maxvcpus validation: we don't perform this check
	at XML define time so clearly no one is missing it, and there is
	always the risk that our info will be out of date, possibly preventing
	legitimate CPU values.

2010-02-16  Cole Robinson  <crobinso@redhat.com>

	qemu: Make Set*Mem commands hotplug only
	SetMem and SetMaxMem are hotplug only APIs, any persistent config
	changes are supposed to go via XML definition. The original implementation
	of these calls were incorrect and had the nasty side effect of making
	a psuedo persistent change that would be lost after libvirtd restart
	(I didn't know any better).

	Fix these APIs to rightly reject non running domains.

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Treat missing QEMU 'thread_id' as non-fatal in JSON monitor
	The plain QEMU tree does not include 'thread_id' in the JSON
	output. Thus we need to treat it as non-fatal if missing.

	* src/qemu/qemu_monitor_json.c: Treat missing thread_id as non-fatal

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix check for primary IDE controller in QEMU PCI slot assignment
	A typo in the check for the primary IDE controller could cause
	a crash on restore depending on the exact guest config.

	* src/qemu/qemu_conf.c: Fix s/video/controller/ typo & slot
	  number typo

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Make error reporting for QEMU JSON mode more friendly
	Current error reporting for JSON mode returns the full JSON
	command string and full JSON error string. This is not very
	user friendly, so this change makes the error report only
	contain the basic command name, and friendly error message
	description string. The full JSON data is logged instead.

	* src/qemu/qemu_monitor_json.c: Always return the 'desc' field from
	  the JSON error message to users.

2010-02-16  Daniel P. Berrange  <berrange@redhat.com>

	Run 'qmp_capabilities' command at QEMU monitor startup
	When in JSON mode, QEMU requires that 'qmp_capabilities' is run as
	the first command in the monitor. This is a no-op when run in the
	text mode monitor

	* src/qemu/qemu_driver.c: Run capabilities negotiation when
	  connecting to the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  support for the 'qmp_capabilities' command, no-op in text mode.

2010-02-15  Stefan Berger  <stefanb@us.ibm.com>

	macvtap support for libvirt -- schema extensions
	* docs/schemas/domain.rng: extends the domain xml schema to support the
	  new interface type 'direct'

	macvtap support for libvirt -- qemu support
	This part adds support for qemu making a macvtap tap device available
	via file descriptor passed to qemu command line. This also attempts to
	tear down the macvtap device when a VM terminates. This includes support
	for attachment and detachment to/from running VM.
	* src/qemu/qemu_conf.[ch] src/qemu/qemu_driver.c: add support in the
	  QEmu driver

2010-02-15  Stefan Berger  <stefanb@us.ibm.com>

	macvtap support for libvirt -- helper code
	This part adds the helper code to setup and tear down macvtap devices
	using direct communication with the device driver via netlink sockets.
	The rather short messages received from the netlink layer are now
	written into a dynamically allocated buffer

	* src/util/macvtap.h src/util/macvtap.c: provides the new module
	* po/POTFILES.in: the module contains translated strings

2010-02-15  Stefan Berger  <stefanb@us.ibm.com>

	macvtap support for libvirt -- parse new interface XML
	This part adds support to domain_conf.{c|h} for parsing the new
	interface XML of type 'direct'. The parsed mode is now stored as
	an int.
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend parsing code
	* src/util/macvtap.h: empty header to not break compilation

	macvtap support for libvirt -- build support
	This patch adds build support for libvirt checking for certain contents
	of /usr/include/linux/if_link.h to see whether macvtap support is
	compilable on that system. One can disable macvtap support in libvirt
	via --without-macvtap passed to configure.
	* configure.ac src/Makefile.am: new build support
	* src/libvirt_macvtap.syms: list of exported symbols
	* src/util/macvtap.c: empty module to not break compilation

2010-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	interface: Use proper return codes in the open function
	The open function returned -1 in case of an error, but -1 maps
	to VIR_DRV_OPEN_DECLINED instead of VIR_DRV_OPEN_ERROR.

2010-02-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Convert virSecurityReportError into a macro
	The virRaiseError macro inside of virSecurityReportError expands to
	virRaiseErrorFull and includes the __FILE__, __FUNCTION__ and __LINE__
	information. But this three values are always the same for every call
	to virSecurityReportError and do not reflect the actual error context.

	Converting virSecurityReportError into a macro results in getting the
	correct __FILE__, __FUNCTION__ and __LINE__ information.

2010-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Add persistence of PCI addresses to QEMU
	Current PCI addresses are allocated at time of VM startup.
	To make them truely persistent, it is neccessary to do this
	at time of virDomainDefine/virDomainCreate. The code in
	qemuStartVMDaemon still remains in order to cope with upgrades
	from older libvirt releases

	* src/qemu/qemu_driver.c: Rename existing qemuAssignPCIAddresses
	  to qemuDetectPCIAddresses. Add new qemuAssignPCIAddresses which
	  does auto-allocation upfront. Call qemuAssignPCIAddresses from
	  qemuDomainDefine and qemuDomainCreate to assign PCI addresses that
	  can then be persisted. Don't clear PCI addresses at shutdown if
	  they are intended to be persistent

2010-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in LXC driver open method when URI has no path
	If giving a lxc://  URI instead of lxc:/// the open method
	would crash ona NULL pointer

	* src/lxc/lxc_driver.c: Cope with a NULL URI path

2010-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Fix USB device path formatting mixup
	* src/util/hostusb.c: The device path for a USB device wants the
	  bus/device IDs in decimal not octal

2010-02-12  Daniel P. Berrange  <berrange@redhat.com>

	Support 'block_passwd' command for QEMU disk encryption
	The old text mode monitor prompts for a password when disks are
	encrypted. This interactive approach doesn't work for JSON mode
	monitor. Thus there is a new 'block_passwd' command that can be
	used.

	* src/qemu/qemu_driver.c: Split out code for looking up a disk
	  secret from findVolumeQcowPassphrase, into a new method
	  getVolumeQcowPassphrase. Enhance qemuInitPasswords() to also
	  set the disk encryption password via the monitor
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for the 'block_passwd' monitor command.

2010-02-12  Jiri Denemark  <jdenemar@redhat.com>

	Implement cpuBaseline in remote and qemu drivers

	Wire protocol format and dispatcher for virConnectBaselineCPU

	virConnectBaselineCPU public API implementation

	Internal driver API for virConnectBaselineCPU

	virConnectBaselineCPU public API

	Implement cpuArchBaseline in x86 CPU driver

	Implement cpuArchBaseline in generic CPU driver

	Functions for computing baseline CPU from a set of host CPUs
	Baseline CPU is the best CPU which can be used for a guest on any of the
	hosts.

2010-02-12  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compliation of AppArmor related code
	Broken by the latest commits to remove the virConnectPtr parameter
	from internal functions.

2010-02-11  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: honor dname parameter once again
	Since c26cb9234f4b9fa46d7caa3385ae36704167c53f, the dname
	parameter has been ignored by these two functions.  Use it.
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Honor dname
	parameter once again.
	(qemudDomainMigratePrepare2): Likewise.

	plug four virStoragePoolSourceFree-related leaks
	* src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
	* src/storage/storage_backend_fs.c:
	(virStorageBackendFileSystemNetFindPoolSourcesFunc):
	(virStorageBackendFileSystemNetFindPoolSources):
	* src/test/test_driver.c (testStorageFindPoolSources):

	remote_driver.c: avoid leak on OOM error path
	* src/remote/remote_driver.c (doRemoteOpen): Don't leak a qparam_set
	buffer upon OOM error.

2010-02-11  Jiri Denemark  <jdenemar@redhat.com>

	Mark all error messages for translation

	Add cpu_generic.c to the list of translated files

	Swap position of nmodels and models parameters in cpuDecode()
	All other libvirt functions use array first and then number of elements
	in that array. Let's make cpuDecode follow this rule.

2010-02-11  Jiri Denemark  <jdenemar@redhat.com>

	Fix <cpu> element in domain XML schema
	The current schema is more permissive than the XML parsing code in
	libvirt. Precisely, 'match' attribute is optional in schema while in
	reality its use is bound to <model> element:

	- <cpu> element without 'match' attribute is allowed only if <topology>
	  element is the only child element of <cpu>

	- <cpu> element with 'match' attribute requires <model> element to be
	  present; <topology> and <feature> elements are optional

2010-02-11  Chris Lalancette  <clalance@redhat.com>

	Fix up a misspelled comment.

2010-02-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix disk stats retrieval with QEMU >= 0.12
	With QEMU >= 0.12 the host and guest side of disks no longer have
	the same naming convention. Specifically the host side will now
	get a 'drive-' prefix added to its name. The 'info blockstats'
	monitor command returns the host side name, so it is neccessary
	to strip this off when looking up stats since libvirt stores the
	guest side name !

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Move 'drive-' prefix
	  string to a defined constant
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_text.c: Strip
	  off 'drive-' prefix (if found) when looking up disk stats

2010-02-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Increase guest startup timeout to 30 seconds
	Currently the timeout for reading startup output is 3 seconds. If the
	host is under any sort of load, we can easily trigger this. Lets bump
	it to 30 seconds.

	Since the polling loop checks to see if the process has died, we shouldn't
	erroneously hit this timeout if qemu bombs (only if it is stuck in some
	infinite loop).

2010-02-10  Cole Robinson  <crobinso@redhat.com>

	qemu: Properly report a startup timeout error
	The timeout errors were unconditionally being overwritten by the less
	helpful 'unable to start guest' error.

	test: Fake security driver support in capabilities
	Having some value in capabilities helps testing this stuff in
	virt-manager.

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Annotate some virConnectPtr as mandatory non-null
	Use the ATTRIBUTE_NONNULL annotation to mark some virConnectPtr
	args as mandatory non-null so the compiler can warn of mistakes

	* src/conf/domain_event.h: All virConnectPtr args must be non-null
	* src/qemu/qemu_conf.h: qemudBuildCommandLine and
	  qemudNetworkIfaceConnect() must be given non-null connection
	* tests/qemuxml2argvtest.c: Provide a non-null (dummy) connection to
	  qemudBuildCommandLine()

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Remove virConnectPtr from secret XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in secret_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from interface XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in interface_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from CPU XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in cpu_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from storage APIs & driver
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in storage_conf.{h,c} and storage_encryption_conf.{h,c}
	and update all callers to match

	Remove virConnectPtr from all node device XML APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in node_device_conf.{h,c} and update all callers to
	match

	Remove virConnectPtr from network XML APis
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in network_conf.{h,c} and update all callers to
	match

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Remove virConnectPtr from USB/PCI device iterators
	All callers now pass a NULL virConnectPtr into the USB/PCi device
	iterator functions. Therefore the virConnectPtr arg can now be
	removed from these functions

	* src/util/hostusb.h, src/util/hostusb.c: Remove virConnectPtr
	  from usbDeviceFileIterate
	* src/util/pci.c, src/util/pci.h: Remove virConnectPtr arg from
	  pciDeviceFileIterate
	* src/qemu/qemu_security_dac.c, src/security/security_selinux.c: Update
	  to drop redundant virConnectPtr arg

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix generation of floppy disk arg for QEMU's -global arg
	* src/qemu/qemu_conf.c: Fix ',' vs '.' typo in floppy disk arg

	Fix compile error in Xen proxy from virConnectPtr changes
	* proxy/libvirt_proxy.c: Remove 'conn' arg to virDomainDefFormat

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Convert qemu command line flags to 64-bit int
	The QEMU flags are commonly stored as a signed or unsigned int,
	allowing only 31 flags. This limit is rather close, so to aid
	future patches, change it to a 64-bit int

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/qemuargv2xmltest.c, tests/qemuhelptest.c, tests/qemuxml2argvtest.c:
	  Use 'unsigned long long' for QEMU flags

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of virConnectPtr from security driver APIs
	The virConnectPtr is no longer required for error reporting since
	that is recorded in a thread local. Remove use of virConnectPtr
	from all APIs in security_driver.{h,c} and update all callers to
	match

	Remove virConnectPtr from all domain XML parsing/formatting APIs

	Remove virConnectPtr from LXC driver

	Remove passing of virConnectPtr throughout QEMU driver

2010-02-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix security driver configuration
	The security driver was mistakenly initialized before the QEMU
	config file was loaded. This prevents it being turned off again.
	The capabilities XML was also getting the wrong security driver
	name, due to the stacked driver arrangement.

	* src/qemu/qemu_driver.c: Fix initialization order and capabilities
	  model name

2010-02-10  Jim Meyering  <meyering@redhat.com>

	virAsprintf: remove its warn_unused_result attribute
	* src/util/util.h (virAsprintf): Remove ATTRIBUTE_RETURN_CHECK, since
	it is perfectly fine to ignore the return value, now that the pointer
	is guaranteed to be set to NULL upon failure.
	* src/util/storage_file.c (absolutePathFromBaseFile): Remove now-
	unnecessary use of ignore_value.

	absolutePathFromBaseFile: avoid an unnecessary use of assert
	* src/util/storage_file.c (absolutePathFromBaseFile): While this use
	of virAsprintf is slightly cleaner than using stpncpy(stpcpy(...,
	it does impose an artificial limitation on the length of the base_file
	name.  Rather than asserting that it does not exceed INT_MAX, return
	NULL when it does.

2010-02-10  Daniel Veillard  <veillard@redhat.com>

	Escape strings serialized in XML
	* src/conf/node_device_conf.c: string saved into XML should be escaped
	  with the use of virBufferEscapeString()

2010-02-09  Jiri Denemark  <jdenemar@redhat.com>

	Create raw storage files with O_DSYNC
	When creating preallocated large raw files opening them with O_DSYNC
	prevents long delays in reading because cache pages can be immediately
	reused without writing them on a disk first.

2010-02-09  Daniel P. Berrange  <berrange@redhat.com>

	Re-generate remote protocol files for new APIs
	Re-generate remote protocol files for changes in commit
	daeb6f6b40432f74150c96fa99ef12df31344fbb

	* daemon/remote_dispatch_args.h, daemon/remote_dispatch_prototypes.h,
	  daemon/remote_dispatch_table.h, src/remote/remote_protocol.c,
	  src/remote/remote_protocol.h: Re-generate files

2010-02-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove conn parameter from USB functions
	It was used for error reporting only.

	Remove conn parameter from JSON error macro

	Remove conn parameter from PCI functions
	It was used for error reporting only.

	Remove conn parameter from Linux stats functions
	It was used for error reporting only.

	Remove conn parameter from storage file functions
	It was used for error reporting only.

	Remove conn parameter from util functions
	It was used for error reporting only.

	Remove conn parameter from virXPath* functions
	It was used for error reporting only.

	Remove conn parameter from virReportSystemError

	Remove conn parameter from virReportOOMError

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	Modify virsh commands
	Change all virsh commands that invoke virDomain{Attach,Detach}Device()
	to use virDomain{Attach,Detach}DeviceFlags() instead.

	Add a "--persistent" flag to these virsh commands, allowing user to
	specify that the domain persisted config be modified as well.

	V2: Only invoke virDomain{Attach,Detach}DeviceFlags() if
	"--persistent" flag is specified.  Otherwise invoke
	virDomain{Attach,Detach}Device() to retain current behavior.

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	domain{Attach,Detach}DeviceFlags handler for drivers
	Implementation of domain{Attach,Detach}DeviceFlags handlers
	in the drivers.

	Server side dispatcher
	Server side dispatcher for Domain{Attach,Detach}DeviceFlags.

	Remote driver
	Implementation of Domain{Attach,Detach}DeviceFlags in remote driver.

	Wire protocol format
	Definition of wire protocol format for
	virDomain{Attach,Detach}DeviceFlags.

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	Public API Implementation
	Implementation of public API for virDomain{Attach,Detach}DeviceFlags.

	V2: Don't break remote compatibility with older libvirtd

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	Internal API
	Definition of internal API for virDomain{Attach,Detach}DeviceFlags.

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	Public API
	Definition of public API for virDomain{Attach,Detach}DeviceFlags.

	V2: Adjust libvrt_public.syms to anticipated 0.7.7 release.

2010-02-08  Jim Fehlig  <jfehlig@novell.com>

	doc: restrict virDomain{Attach,Detach}Device to active domains
	virDomain{Attach,Detach}Device is now only permitted on active
	domains.  Explicitly state this restriction in the API
	documentation.

	V2: Only change doc, dropping the hunk that forced the restriction
	    in libvirt frontend.

2010-02-05  Jim Meyering  <meyering@redhat.com>

	build: update gnulib submodule to latest
	* .gnulib: This fixes a warning in test-gettimeofday.c,
	seen via "make check".  Reported by Daniel Veillard.

	(absolutePathFromBaseFile): fix up preceding commit
	When configured with --enable-gcc-warnings, it didn't even compile.
	* src/util/storage_file.c: Include <assert.h>.
	(absolutePathFromBaseFile): Assert that converting size_t to int is valid.
	Reverse length/string args to match "%.*s".
	Explicitly ignore the return value of virAsprintf.

	absolutePathFromBaseFile: don't leak when first arg contains no "/"
	* src/util/storage_file.c: Include "dirname.h".
	(absolutePathFromBaseFile): Rewrite not to leak, and to require
	fewer allocations.
	* bootstrap (modules): Add dirname-lgpl.
	* .gnulib: Update submodule to the latest.

	sexpr_string: avoid leak on OOM error path
	* src/xen/sexpr.c (sexpr_string): Free sexpr buffer upon allocation
	failure.

2010-02-04  Jim Meyering  <meyering@redhat.com>

	virDomainChrDefParseXML: don't leak upon invalid input
	* src/conf/domain_conf.c (virDomainChrDefParseXML): Don't leak a
	virDomainChrDef buffer upon "unknown target type for char device" error.

	virExecWithHook: avoid leak on OOM error path
	* src/util/util.c (virExecWithHook): Free argv_str string before
	returning upon failure to allocate space for environment.

	cgroup.c: don't leak mem+FD upon OOM
	* src/util/cgroup.c (virCgroupDetectPlacement): Close the mapping
	FILE* also upon error.

	cgroup.c: avoid unconditional leaks
	* src/util/cgroup.c (virCgroupCpuSetInherit) [HAVE_MNTENT_H]:
	Don't leak CPU-set inheritance value strings.

2010-02-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	website: Add a 1em right margin
	This stops the text and pre-boxes from touching the right border.

	storage: Replace storageLog with VIR_ERROR

	opennebula: Remove unnecessary casts

	esx: Remove unnecessary casts

	cpu conf: Use virBufferFreeAndReset instead of virBufferContentAndReset and VIR_FREE

	docs: Refer to virReportOOMError in the HACKING file
	Instead of refering to __virRaiseError(VIR_ERROR_NO_MEMORY).

	esx: Cleanup preprocessing structure in esxVI_EnsureSession

	docs: Emphasize that devices have to be inside the <devices> element
	Also cleanup indentation of domain XML examples.

2010-02-04  Doug Goldstein  <cardoe@gentoo.org>

	virt-pki-validate contains unexpanded SYSCONFDIR variable
	* tools/virt-pki-validate.in: use an automake variable instead of a
	  shell variable so the resulting shell actually work

2010-02-03  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.6
	* configure.ac docs/news.html.in libvirt.spec.in: version bump and doc
	  updates
	* po/*.po*: updated and regenerated the localizations

2010-02-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix restore of QEMU guests with PCI device reservation
	When restoring from a saved guest image, the XML would already
	contain the PCI slot ID of the IDE controller & video card.
	The attempt to explicitly reserve this upfront would thus fail
	everytime.

	* src/qemu/qemu_conf.c: Reserve IDE controller / video card
	  slot at time of need, rather than upfront

2010-02-03  Laine Stump  <laine@laine.org>

	Another fork() log locking cleanup in file creation
	Similar fix as previous one but for fork() usage when creating
	a file or directory

	* src/util/util.c: virLogLock() and virLogUnlock() around fork()
	  in virFileCreate() and virDirCreateSimple()

2010-02-03  Cole Robinson  <crobinso@redhat.com>

	Fix log locking problem when using fork() in the library
	Ad pointed out by Dan Berrange:
	So if some thread in libvirtd is currently executing a logging call,
	while another thread calls virExec(), that other thread no longer
	exists in the child, but its lock is never released. So when the
	child then does virLogReset() it deadlocks.

	The only way I see to address this, is for the parent process to call
	virLogLock(), immediately before fork(), and then virLogUnlock()
	afterwards in both parent & child. This will ensure that no other
	thread
	can be holding the lock across fork().

	* src/util/logging.[ch] src/libvirt_private.syms: export virLogLock() and
	  virLogUnlock()
	* src/util/util.c: lock just before forking and unlock just after - in
	  both parent and child.

2010-02-03  David Allan  <dallan@redhat.com>

	Fix locking for udev device add/remove
	The original udev node device backend neglected to lock the driverState
	struct containing the device list when adding and removing devices
	* src/node_device/node_device_udev.c: add necessary locks in
	  udevRemoveOneDevice() and udevAddOneDevice()

2010-02-03  Jim Meyering  <meyering@redhat.com>

	interface_conf.c: don't use a negative value as allocation size
	* src/conf/interface_conf.c (virInterfaceDefParseProtoIPv4): If
	virXPathNodeSet returns -1, indicate failure by returning -1 right away.
	(virInterfaceDefParseProtoIPv6): Likewise.

	virStoragePoolSourceListNewSource: avoid unconditional leak
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Remove an unused (and leaked) allocation.

	xs_internal.c: don't use a negative value as allocation size
	* src/xen/xs_internal.c (xenStoreDomainIntroduced): Don't use -1
	as an allocation size upon xenStoreNumOfDomains failure.
	(xenStoreDomainReleased): Likewise.

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Ensure QEMU DAC security driver is activated at all times
	If the primary security driver (SELinux/AppArmour) was disabled
	then the secondary QEMU DAC security driver was also disabled.
	This is mistaken, because the latter must be active at all times

	* src/qemu/qemu_driver.c: Ensure DAC driver is always active

2010-02-02  Jim Meyering  <meyering@redhat.com>

	xen_hypervisor.c: remove all "domain == NULL" tests, ...
	* src/xen/xen_hypervisor.c: Remove all "domain == NULL" tests.
	* src/xen/xen_hypervisor.h: Instead, use ATTRIBUTE_NONNULL to
	mark each "domain" parameter as "known always to be non-NULL".

	xen_hypervisor.c: avoid NULL deref for NULL domain argument
	* src/xen/xen_hypervisor.c (xenHypervisorGetVcpus): Don't attempt
	to diagnose an unlikely NULL-domain or NULL-domain->conn error.

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Tweak USB hostdevice XML handling
	When attaching a USB host device based on vendor/product, libvirt
	will resolve the vendor/product into a device/bus pair. This means
	that when printing XML we should allow device/bus info to be printed
	at any time if present

	* src/conf/domain_conf.c, docs/schemas/domain.rng: Allow USB device
	  bus info alongside vendor/product

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU hotplug device alias assignment
	To allow devices to be hot(un-)plugged it is neccessary to ensure
	they all have a unique device aliases. This fixes the hotplug
	methods to assign device aliases before invoking the monitor
	commands which need them

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Expose methods
	  for assigning device aliases for disks, host devices and
	  controllers
	* src/qemu/qemu_driver.c: Assign device aliases when hotplugging
	  all types of device
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-address-device.args:
	  Update for changed hostdev naming scheme

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Disable QEMU monitor IO debugging by default

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Re-arrange QEMU device alias assignment code
	This patch re-arranges the QEMU device alias assignment code to
	make it easier to call into the same codeblock when performing
	device hotplug. The new code has the ability to skip over already
	assigned names to facilitate hotplug

	* src/qemu/qemu_driver.c: Call qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_conf.h: Export qemuAssignDeviceNetAlias()
	  instead of qemuAssignNetNames
	* src/qemu/qemu_driver.c: Merge the legacy disk/network alias
	  assignment code into the main methods

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove direct storage of hostnet_name & vlan
	The current way of assigning names to the host network backend and
	NIC device in QEMU was over complicated, by varying naming scheme
	based on the NIC model and backend type. This simplifies the naming
	to simply be 'net0' and 'hostnet0', allowing code to easily determine
	the host network name and vlan based off the primary device alias
	name 'net0'. This in turn allows removal of alot of QEMU specific
	code from the XML parser, and makes it easier to assign new unique
	names for NICs that are hotplugged

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove hostnet_name
	  and vlan fields from virNetworkDefPtr
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c:
	  Use a single network alias naming scheme regardless of NIC type
	  or backend type. Determine VLANs from the alias name.
	* tests/qemuxml2argvdata/qemuxml2argv-net-eth-names.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args: Update
	  for new simpler naming scheme

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Remove use of -netdev arg with QEMU
	The QEMU 0.12.x tree has the -netdev command line argument, but not
	corresponding monitor command. We can't enable the former, without
	the latter since it will break hotplug/unplug.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Disable -netdev usage
	  until 0.13 at earliest
	* tests/qemuxml2argvtest.c: Add test for -netdev syntax
	* tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-netdev.xml: Test
	  data files for -netdev syntax

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Assign PCI addresses before hotplugging devices
	PCI disk, disk controllers, net devices and host devices need to
	have PCI addresses assigned before they are hot-plugged

	* src/qemu/qemu_conf.c: Add APIs for ensuring a device has an
	  address and releasing unused addresses
	* src/qemu/qemu_driver.c: Ensure all devices have addresses
	  when hotplugging.

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite way QEMU PCI addresses are allocated
	The current QEMU code allocates PCI addresses incrementally starting
	at 4. This is not satisfactory because the user may have given some
	addresses in their XML config, which need to be skipped over when
	allocating addresses to remaining devices.

	It is thus neccessary to maintain a list of already allocated PCI
	addresses and then only allocate ones that remain unused. This is
	also required for domain device hotplug to work properly later.

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add APIs for creating
	  list of existing PCI addresses, and allocating new addresses.
	  Refactor address assignment to use this code
	* src/qemu/qemu_driver.c: Pull PCI address assignment up into the
	  qemuStartVMDaemon() method, as a prelude to moving it into the
	  'define' method. Update list of allocated addresses when connecting
	  to a running VM at daemon startup.
	* tests/qemuxml2argvtest.c, tests/qemuargv2xmltest.c,
	  tests/qemuxml2xmltest.c: Remove USB product test since all
	  passthrough is done based on address
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.args,
	  tests/qemuxml2argvdata/qemuxml2argv-hostdev-usb-product.xml: Kil
	  unused data files

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Introduce generic virDomainDeviceInfo iterator function
	The virDomainDeviceInfoIterate() function will provide a
	convenient way to iterate over all devices in a domain.

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDeviceInfoIterate()
	  function.

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Make hotplug use new device_add where possible
	Since QEMU startup uses the new -device argument, the hotplug
	code needs todo the same. This converts disk, network and
	host device hotplug to use the device_add command

	* src/qemu/qemu_driver.c: Use new device_add monitor APIs
	  whereever possible

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Introduce internal QEMU monitor APIs for drive + device hotadd
	The way QEMU is started has been changed to use '-device' and
	the new style '-drive' syntax. This needs to be mirrored in
	the hotplug code, requiring addition of two new APIs.

	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Define APIs
	  qemuMonitorAddDevice() and qemuMonitorAddDrive()
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Implement the new monitor APIs

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Split out QEMU code for building PCI/USB hostdev arg values
	To allow for better code reuse from hotplug methods, the code for
	generating PCI/USB hostdev arg values is split out into separate
	methods

	* qemu/qemu_conf.h, qemu/qemu_conf.c: Introduce new APis for
	  qemuBuildPCIHostdevPCIDevStr, qemuBuildUSBHostdevUsbDevStr
	  and qemuBuildUSBHostdevDevStr

2010-02-02  Daniel P. Berrange  <berrange@redhat.com>

	Standard internal API syntax for building QEMU command line arguments
	All the helper functions for building command line arguments
	now return a 'char *', instead of acepting a 'char **' or
	virBufferPtr argument

	* qemu/qemu_conf.c: Standardize syntax for building args
	* qemu/qemu_conf.h: Export all functions for building args
	* qemu/qemu_driver.c: Update for changed syntax for building
	  NIC/hostnet args

2010-02-02  Jim Meyering  <meyering@redhat.com>

	libvirtd.c: avoid closing a negative socket file descriptor
	* daemon/libvirtd.c (qemudListenUnix): Close socket only if non-negative.

	storage_backend.c: avoid closing a negative file descriptor
	* src/storage/storage_backend.c (virStorageBackendRunProgRegex):
	Don't close a negative (read-only) file descriptor.

	avoid a probable EINVAL from lseek
	* src/qemu/qemu_driver.c (qemudLogReadFD): Don't pass a negative
	offset (from a preceding failed attempt to seek to EOF) to this use
	of lseek.

2010-02-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Don't let strtoul parse USB busnum and devnum as octal
	udevGetUintProperty was called with base set to 0 for busnum and devnum.
	With base 0 strtoul parses the number as octal if it start with a 0. But
	busnum and devnum are decimal and udev returns them padded with leading
	zeros. So strtoul parses them as octal. This works for certain decimal
	values like 001-007, but fails for values like 008.

	Change udevProcessUSBDevice to use base 10 for busnum and devnum.

2010-02-01  Jim Meyering  <meyering@redhat.com>

	util.c (two more): don't use a negative value as allocation size
	* src/util/util.c (virGetUserID, virGetGroupID): In the unlikely event
	that sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

	json.c: avoid an unconditional leak from most qemuMonitorJSON* functions
	* src/util/json.c (virJSONValueFree): Free the "value" pointer, too.

	avoid format-related warnings
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetAllPCIAddresses):
	Use %s.
	* src/storage/storage_backend_iscsi.c (virStorageBackendCreateIfaceIQN):
	Likewise.
	* tools/virsh.c (cmdSecretSetValue): Likewise.

2010-02-01  Eric Blake  <ebb9@byu.net>

	maint: avoid excess parens in STREQ
	* src/internal.h (STREQ, STRCASEEQ, STRNEQ, STRCASENEQ, STREQLEN)
	(STRCASEEQLEN, STRNEQLEN, STRCASENEQLEN, STRPREFIX): Avoid
	redundant parenthesis.
	* examples/domain-events/events-c/event-test.c (STREQ): Likewise.
	* src/storage/parthelper.c (STREQ): Likewise.

2010-02-01  Jiri Denemark  <jdenemar@redhat.com>

	Move models/nmodels mismatch checking one level up

	Log flags in virConnectCompareCPU
	* src/libvirt.c: extend the debug statement to log flags too

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix PCI host reattach on domain detach.
	Similar to the race fixed by
	be34c3c7efbb1ea8999530f98b99c5dde3793f84, make sure
	to wait around for KVM to release the resources from
	a hot-detached PCI device before attempting to
	rebind that device to the host driver.

2010-02-01  Matthew Booth  <mbooth@redhat.com>

	Clarify controllers -device string in QEMU driver
	The QEMU driver contained code to generate a -device string for piix4-ide, but
	wasn't using it. This change removes this string generation. It also adds a
	comment explaining why IDE and FDC controllers don't generate -device strings.

	The change also generates an error if a sata controller is specified for a QEMU
	domain, as this isn't supported.

	* src/qemu/qemu_conf.c: Remove VIR_DOMAIN_CONTROLLER_TYPE_IDE handler in
	  qemuBuildControllerDevStr(). Ignore IDE and FDC controllers. Error if
	  SATA controller is discovered. Add comments.

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Fix up a comment in virHashUpdateEntry

2010-02-01  Chris Lalancette  <clalance@redhat.com>

	Look in /usr/libexec for the qemu-kvm binary.
	On RHEL-5 the qemu-kvm binary is located in /usr/libexec.
	To reduce confusion for people trying to run upstream libvirt
	on RHEL-5 machines, make the qemu driver look in /usr/libexec
	for the qemu-kvm binary.

	To make this work, I modified virFindFileInPath to handle an
	absolute path correctly.  I also ran into an issue where
	NULL was sometimes being passed for the file parameter
	to virFindFileInPath; it didn't crash prior to this patch
	since it was building paths like /usr/bin/(null).  This
	is non-standard behavior, though, so I added a NULL
	check at the beginning.

2010-01-29  Eric Blake  <ebb9@byu.net>

	maint: fix spelling error in hacking
	* HACKING: STRCASEEQ is case insensitive.
	* docs/hacking.html.in: Likewise.

2010-01-29  Jim Meyering  <meyering@redhat.com>

	util.c (virGetUserEnt): don't use a negative value as allocation size
	* src/util/util.c (virGetUserEnt): In the unlikely event that
	sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
	the subsequent allocation.

2010-01-27  Jim Fehlig  <jfehlig@novell.com>

	Support Xen 4.0 sysctl version 7
	xen-unstable c/s 20762 bumped XEN_SYSCTL_INTERFACE_VERSION to 7.  The
	interface change does not affect libvirt, other than xenHypervisorInit()
	failing since version 7 is not tried.

	The attached patch accommodates the upcoming Xen 4.0 release by checking
	for XEN_SYSCTL_INTERFACE_VERSION 7.  If found, it sets
	XEN_DOMCTL_INTERFACE_VERSION to 6, which is also new to Xen 4.0.

2010-01-27  Matthew Booth  <mbooth@redhat.com>

	Add missing sata controller type to domain.rng
	* docs/schemas/domain.rng: Add sata controller type

2010-01-27  Jim Meyering  <meyering@redhat.com>

	cpu_x86.c: avoid NULL-deref for invalid arguments
	* src/cpu/cpu_x86.c (x86Decode): Do not dereference NULL
	when "models" is NULL and nmodels is 1 or greater.

	portability to non-glibc: don't use realpath(..., NULL)
	it causes a NULL-dereference on some systems like Solaris 10.
	* src/node_device/node_device_linux_sysfs.c. Include <stdlib.h>.
	(get_sriov_function): Use canonicalize_file_name, not realpath.
	* bootstrap (modules): Add canonicalize-lgpl.

	pci.c: correct an erroneous expression
	* src/util/pci.c (pciDeviceDownstreamLacksACS): Fix a typo
	that rendered a subexpression always false.

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Set the state driver name

	Remove undefined symbols from libvirt_private.syms

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	udev: Remove event handle on shutdown
	This fixes a segfault when the event handler is called after shutdown
	when the global driver state is NULL again.

	Also fix a locking issue in an error path.

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't call disabled timer callbacks in event-test.c
	This fixes a segfault in the remote driver that occurs for example when
	the event-test is run inside a domain-0 and libvirtd is also running.

	esx: Output error details from libcurl

	Add missing function parameter documentation

2010-01-26  Jim Meyering  <meyering@redhat.com>

	hostusb: closedir only if non-NULL; rename labels: s/error/cleanup/
	* src/util/hostusb.c (usbSysReadFile): Rename labels s/error/cleanup/
	(usbFindBusByVendor): Likewise.  And closedir only if non-NULL.

2010-01-26  Laine Stump  <laine@laine.org>

	Cleanup of large buffer on stack in virFileMakePath
	virFileMakePath is a recursive function that was creates a buffer
	PATH_MAX bytes long for each recursion (one recursion for each element
	in the path). This changes it to have no buffers on the stack, and to
	allocate just one buffer total, no matter how many elements are in the
	path. Because the modified algorithm requires a char* to be passed in
	rather than const char *, it is now 2 functions - a toplevel API
	function that remains identical in function, and a 2nd helper function
	called for the recursions, which 1) doesn't allocate anything, and 2)
	takes a char* arg, so it can modify the contents.
	* src/util/util.c: rewrite virFileMakePath

2010-01-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Stop passing around virConnectPtr for error reporting

2010-01-25  Chris Lalancette  <clalance@redhat.com>

	Revert "Fix libvirtd restart for domains with PCI passthrough devices"
	This reverts commit cdc42d0a4865199a941d330dbb6ca1ef426323ae.
	As DanB pointed out, this patch is actually wrong.  The real
	bug that was causing me to see this problem is a bug
	introduced in a RHEL-5 libvirt snapshot, and I'm going to
	fix the real bug there.

2010-01-25  Chris Lalancette  <clalance@redhat.com>

	Fix a crash when restarting libvirtd.
	If you shutdown libvirtd while a domain with PCI
	devices is running, then try to restart libvirtd,
	libvirtd will crash.

	This happens because qemuUpdateActivePciHostdevs() is calling
	pciDeviceListSteal() with a dev of 0x0 (NULL), and then trying
	to dereference it.  This patch fixes it up so that
	qemuUpdateActivePciHostdevs() steals the devices after first
	Get()'ting them, avoiding the crash.

2010-01-25  Chris Lalancette  <clalance@redhat.com>

	Fix two instances of misspelled 'pseudo'

2010-01-25  Jim Meyering  <meyering@redhat.com>

	qemuMonitorTextAttachDrive: avoid two leaks
	* src/qemu/qemu_monitor_text.c (qemuMonitorTextAttachDrive): Most other
	failures in this function would "goto cleanup", but one mistakenly
	returned directly, skipping the cleanup and resulting in a leak.
	In addition, iterating the "try_command" loop would clobber, and
	thus leak, the "cmd" allocated on the first iteration,
	so be careful to free it in addition to "reply" beforehand.

2010-01-25  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Search binaries in PATH instead of hardcoding /usr/bin

2010-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Implement QMP support for extracting CPU thread ID
	The KVM build of QEMU includs the thread ID of each vCPU in the
	'query-cpus' output. This is required for pinning guests to
	particular host CPUs

	* src/qemu/qemu_monitor_json.c: Extract 'thread_id' from CPU info

2010-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Misc fixes to QMP monitor support for QEMU
	* src/util/json.c, src/util/json.h: Declare returned strings
	  to be const
	* src/qemu/qemu_monitor.c: Wire up JSON mode for qemuMonitorGetPtyPaths
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Fix
	  const correctness. Add missing error message in the function
	  qemuMonitorJSONGetAllPCIAddresses. Add implementation of the
	  qemuMonitorGetPtyPaths function calling 'query-chardev'.

2010-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Add some missing include files which break build in certain platforms
	Two files were using functions from <sys/stat.h> but not including
	in. Most of the time they got this automatically via another header,
	but certain build flag combinations can reveal the problem

	* src/lxc/lxc_container.c, src/node_device/node_device_linux_sysfs.c:
	  Add <sys/stat.h>

2010-01-25  Daniel P. Berrange  <berrange@redhat.com>

	Fix setup of compatability serial devices from console device
	The <console> tag is supposed to result in addition of a single
	<serial> device for HVM guests. The 'targetType' attribute was
	missing though causing the compatibility code to add a second
	<console> device

	* src/conf/domain_conf.c: Set targetType for serial device

2010-01-25  Jim Meyering  <meyering@redhat.com>

	usbGetDevice: don't leak a "usbDevice" buffer on failure path
	* src/util/hostusb.c (usbGetDevice): Free "dev" when returning NULL.

	qemuMonitorTextGetMemoryStats: plug a leak on an error path
	* src/qemu/qemu_monitor_text.c (qemuMonitorCommandWithHandler):
	Always free *reply, upon failure.

	usbFindBusByVendor: don't leak a DIR buffer and FD
	* src/util/hostusb.c (usbFindBusByVendor): Don't leak a DIR buffer
	and file descriptor.

2010-01-25  Eric Blake  <ebb9@byu.net>

	Start modernizing configure
	* configure.ac: reanmed configura.in, use AC_CONFIG_HEADERS instead of
	  AM_CONFIG_HEADER

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Fix libvirtd restart for domains with PCI passthrough devices
	When libvirtd shuts down, it places a <state/> tag in the XML
	state file it writes out for guests with PCI passthrough
	devices.  For devices that are attached at bootup time, the
	state tag is empty.  However, at libvirtd startup time, it
	ignores anything with a <state/> tag in the XML, effectively
	hiding the guest.
	This patch remove the check for VIR_DOMAIN_XML_INTERNAL_STATUS
	when parsing the XML.
	* src/conf/domain_conf.c: remove VIR_DOMAIN_XML_INTERNAL_STATUS
	  flag check in virDomainHostdevSubsysPciDefParseXML()

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	qemu: Fix race between device rebind and kvm cleanup
	Certain hypervisors (like qemu/kvm) map the PCI bar(s) on
	the host when doing device passthrough.  This can lead to a race
	condition where the hypervisor is still cleaning up the device while
	libvirt is trying to re-attach it to the host device driver.  To avoid
	this situation, we look through /proc/iomem, and if the hypervisor is
	still holding onto the bar (denoted by the string in the matcher variable),
	then we can wait around a bit for that to clear up.

	v2: Thanks to review by DV, make sure we wait the full timeout per-device

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Fix device assignment with root devices
	The patches to add ACS checking to PCI device passthrough
	introduced a bug.  With the current code, if you try to
	passthrough a device on the root bus (i.e. bus 0), then
	it denies the passthrough.  This is because the code in
	pciDeviceIsBehindSwitchLackingACS() to check for a parent
	device doesn't take into account the possibility of the
	root bus.  If we are on the root bus, it means we
	legitimately can't find a parent, and it also means that
	we don't have to worry about whether ACS is enabled.
	Therefore return 0 (indicating we don't lack ACS) from
	pciDeviceIsBehindSwitchLackingACS().

	Add a rule to check for uses of readlink.

	Use virFileResolveLink instead of readlink in AppArmor

	Fix a compile warning in parthelper.c

2010-01-22  Taizo ITO  <taizo.ito@hde.co.jp>

	Add virConnectGetVersion Python API
	adds a new python API call for retrieving the running
	hypervisor version used by a connection: virConnectGetVersion

	* python/generator.py: skip virConnectGetVersion from autogenerated
	* python/libvirt-override-api.xml python/libvirt-override.c: define
	  direct native bindings

2010-01-22  Jamie Strandboge  <jamie@canonical.com>

	Remove AppArmor compile warnings
	* src/security/security_apparmor.c: unused variable in
	  AppArmorSetSecurityAllLabel and unused parameter in
	  AppArmorReleaseSecurityLabel

2010-01-22  Chris Lalancette  <clalance@redhat.com>

	Remove unused PROC_MOUNT_BUF_LEN #define

2010-01-22  Daniel Veillard  <veillard@redhat.com>

	Update polish translation and regenerate localizations

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Add docs about new mailing list
	* docs/contact.html.in: Document new users mailing list

2010-01-21  Adam Litke  <agl@us.ibm.com>

	domMemoryStats / qemu: Fix parsing of unknown stats
	Fix a small problem with the qemu memory stats parsing algorithm.  If qemu
	reports a stat that libvirt does not recognize, skip past it so parsing can
	continue.  This corrects a potential infinite loop in the parsing code that can
	only be triggered if new statistics are added to qemu.

	* src/qemu/qemu_monitor_text.c: qemuMonitorParseExtraBalloonInfo add a
	  skip for extra ','

2010-01-21  David Allan  <dallan@redhat.com>

	Corrected log level of WWN path message
	* src/node_device/node_device_linux_sysfs.c: open_wwn_file() the
	  VIR_ERROR resllay should be just a VIR_DEBUG

2010-01-21  Daniel Veillard  <veillard@redhat.com>

	Fix an error when looking for devices in syspath
	* src/node_device/node_device_udev.c: udevSetupSystemDev() only print the
	  error message if lookup failed in both DMI_DEVPATH and DMI_DEVPATH_FALLBACK

2010-01-21  Dan Kenigsberg  <danken@redhat.com>

	Allow surrounding whitespace in uuid
	* src/util/uuid.c: extend virUUIDParse to allow leading and trailing
	  spaces in UUIDs

2010-01-21  Jim Meyering  <meyering@redhat.com>

	fix "make distcheck" failure
	* tests/Makefile.am (qemuhelpdata): Add qemu-0.12.1.

	avoid more format-related warnings
	* src/qemu/qemu_conf.c (qemuBuildDriveStr): Use "%s".
	* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetGuestPCIAddress):
	(qemuMonitorJSONGetGuestDriveAddress): Likewise.

	avoid format-related warnings
	* src/conf/domain_conf.c (virDomainDeviceInfoParseXML): Use "%s".

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix off-by-1 in SCSI drive hotplug
	The loop looking for the controller associated with a SCI drive had
	an off by one, causing it to miss the last controller.

	* src/qemu/qemu_driver.c: Fix off-by-1 in searching for SCSI
	  drive hotplug

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak in hotplug code in QEMU driver
	The hotplug code in QEMU was leaking memory because although the
	inner device object was being moved into the main virDomainDefPtr
	config object, the outer container virDomainDeviceDefPtr was not.

	 * src/qemu/qemu_driver.c: Clarify code to show that the inner
	   device object is owned by the main domain config upon
	   successfull attach.

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Add configuration option to turn off dynamic permissions management
	Add the ability to turn off dynamic management of file permissions
	for libvirt guests.

	* qemu/libvirtd_qemu.aug: Support 'dynamic_ownership' flag
	* qemu/qemu.conf: Document 'dynamic_ownership' flag.
	* qemu/qemu_conf.c: Load 'dynamic_ownership' flag
	* qemu/test_libvirtd_qemu.aug: Test 'dynamic_ownership' flag

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix security driver calls in hotplug cleanup paths
	The hotplug code was not correctly invoking the security driver
	in error paths. If a hotplug attempt failed, the device would
	be left with VM permissions applied, rather than restored to the
	original permissions. Also, a CDROM media that is ejected was
	not restored to original permissions. Finally there was a bogus
	call to set hostdev permissions in the hostdev unplug code

	* qemu/qemu_driver.c: Fix security driver usage in hotplug/unplug

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Add missing call to re-attach host devices if VM startup fails
	If there is a problem with VM startup, PCI devices may be left
	assigned to pci-stub / pci-back. Adding a call to reattach
	host devices in the cleanup path is required.

	* qemu/qemu_driver.c: qemuDomainReAttachHostDevices() when
	  VM startup fails

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Switch QEMU driver over to use the DAC security driver
	Remove all the QEMU driver calls for setting file ownership and
	process uid/gid. Instead wire in the QEMU DAC security driver,
	stacking it ontop of the primary SELinux/AppArmour driver.

	* qemu/qemu_driver.c: Switch over to new DAC security driver

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a new DAC security driver for QEMU
	This new security driver is responsible for managing UID/GID changes
	to the QEMU process, and any files/disks/devices assigned to it.

	* qemu/qemu_conf.h: Add flag for disabling automatic file permission
	  changes
	* qemu/qemu_security_dac.h, qemu/qemu_security_dac.c: New DAC driver
	  for QEMU guests
	* Makefile.am: Add new files

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a stacked security driver impl for QEMU
	* qemu/qemu_conf.h: Add securityPrimaryDriver and
	  securitySecondaryDriver fields to 'struct qemud_driver'
	* Makefile.am: Add new files
	* qemu/qemu_security_stacked.c, qemu/qemu_security_stacked.h: A
	  simple stacked security driver

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Pull initial disk labelling out into libvirtd instead of exec hook
	Pulling the disk labelling code out of the exec hook, and into
	libvirtd will allow it to access shared state in the daemon. It
	will also make debugging & error reporting easier / more reliable.

	* qemu/qemu_driver.c: Move initial disk labelling calls up into
	  libvirtd. Add cleanup of disk labels upon failure

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix leak of allocated security label
	If a VM fails to start, we can't simply free the security label
	strings, we must call the domainReleaseSecurityLabel() method
	otherwise the reserved 'mcs' level will be leaked in SElinux

	* src/qemu/qemu_driver.c: Invoke domainReleaseSecurityLabel()
	  when domain fails to start

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Refactor setup & cleanup of security labels in security driver
	The current security driver architecture has the following
	split of logic

	 * domainGenSecurityLabel

	    Allocate the unique label for the domain about to be started

	 * domainGetSecurityLabel

	    Retrieve the current live security label for a process

	 * domainSetSecurityLabel

	    Apply the previously allocated label to the current process
	    Setup all disk image / device labelling

	 * domainRestoreSecurityLabel

	    Restore the original disk image / device labelling.
	    Release the unique label for the domain

	The 'domainSetSecurityLabel' method is special because it runs
	in the context of the child process between the fork + exec.

	This is require in order to set the process label. It is not
	required in order to label disks/devices though. Having the
	disk labelling code run in the child process limits what it
	can do.

	In particularly libvirtd would like to remember the current
	disk image label, and only change shared image labels for the
	first VM to start. This requires use & update of global state
	in the libvirtd daemon, and thus cannot run in the child
	process context.

	The solution is to split domainSetSecurityLabel into two parts,
	one applies process label, and the other handles disk image
	labelling. At the same time domainRestoreSecurityLabel is
	similarly split, just so that it matches the style. Thus the
	previous 4 methods are replaced by the following 6 new methods

	 * domainGenSecurityLabel

	    Allocate the unique label for the domain about to be started
	    No actual change here.

	 * domainReleaseSecurityLabel

	   Release the unique label for the domain

	 * domainGetSecurityProcessLabel

	   Retrieve the current live security label for a process
	   Merely renamed for clarity.

	 * domainSetSecurityProcessLabel

	   Apply the previously allocated label to the current process

	 * domainRestoreSecurityAllLabel

	    Restore the original disk image / device labelling.

	 * domainSetSecurityAllLabel

	    Setup all disk image / device labelling

	The SELinux and AppArmour drivers are then updated to comply with
	this new spec. Notice that the AppArmour driver was actually a
	little different. It was creating its profile for the disk image
	and device labels in the 'domainGenSecurityLabel' method, where as
	the SELinux driver did it in 'domainSetSecurityLabel'. With the
	new method split, we can have consistency, with both drivers doing
	that in the domainSetSecurityAllLabel method.

	NB, the AppArmour changes here haven't been compiled so may not
	build.

2010-01-21  Daniel P. Berrange  <berrange@redhat.com>

	Make security drivers responsible for checking dynamic vs static labelling
	The QEMU driver is doing 90% of the calls to check for static vs
	dynamic labelling. Except it is forgetting todo so in many places,
	in particular hotplug is mistakenly assigning disk labels. Move
	all this logic into the security drivers themselves, so the HV
	drivers don't have to think about it.

	* src/security/security_driver.h: Add virDomainObjPtr parameter
	  to virSecurityDomainRestoreHostdevLabel and to
	  virSecurityDomainRestoreSavedStateLabel
	* src/security/security_selinux.c, src/security/security_apparmor.c:
	  Add explicit checks for VIR_DOMAIN_SECLABEL_STATIC and skip all
	  chcon() code in those cases
	* src/qemu/qemu_driver.c: Remove all checks for VIR_DOMAIN_SECLABEL_STATIC
	  or VIR_DOMAIN_SECLABEL_DYNAMIC. Add missing checks for possibly NULL
	  driver entry points.

2010-01-21  David Allan  <dallan@redhat.com>

	Implement support for multi IQN
	Allows the initiator to use a variety of IQNs rather than just the
	system IQN when creating iSCSI pools.
	* docs/schemas/storagepool.rng: extends the syntax with <iqn name="..."/>
	* src/conf/storage_conf.[ch]: read and stores the iqn name
	* src/storage/storage_backend_iscsi.[ch]: implement the IQN selection
	  when detected

2010-01-21  Jiri Denemark  <jdenemar@redhat.com>

	Let make fail when XHTML validation fails

2010-01-21  Laine Stump  <laine@laine.org>

	Fix uses of virFileMakePath
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/network/bridge_driver.c src/qemu/qemu_driver.c
	  src/uml/uml_driver.c: virFileMakePath returns 0 for success, or the
	  value of errno on failure, so error checking should be to test
	  if non-zero, not if lower than 0

2010-01-21  Laine Stump  <laine@laine.org>

	Create storage pool directories with proper uid/gid/mode
	Previously the uid/gid/mode in the xml was ignored when creating new
	storage pool directories. This commit attempts to honor the requested
	permissions, and spits out an error if it can't.

	Note that when creating the directory, the rest of the path leading up
	to the final element is created using current uid/gid/mode, and the
	final element gets the settings from xml. It is NOT an error for the
	directory to already exist; in this case, the perms for the existing
	directory are just set (if necessary).

	* src/storage/storage_backend_fs.c: update the virStorageBackendFileSystemBuild
	  function to check the directory hierarchy separately then create the
	  leaf directory with the right attributes

2010-01-21  Laine Stump  <laine@laine.org>

	Create storage volumes directly with desired uid/gid
	In order to avoid problems trying to chown files that were created by
	root on a root-squashing nfs server, fork a new process that setuid's
	to the desired uid before creating the file. (It's only done this way
	if the pool containing the new volume is of type 'netfs', otherwise
	the old method of creating the file followed by chown() is used.)

	This changes the semantics of the "create_func" slightly - previously
	it was assumed that this function just created the file, then the
	caller would chown it to the desired uid. Now, create_func does both
	operations.

	There are multiple functions that can take on the role of create_func:

	createFileDir - previously called mkdir(), now calls virDirCreate().
	virStorageBackendCreateRaw - previously called open(),
	                             now calls virFileCreate().
	virStorageBackendCreateQemuImg - use virRunWithHook() to setuid/gid.
	virStorageBackendCreateQcowCreate - same.
	virStorageBackendCreateBlockFrom - preserve old behavior (but attempt
	                                   chown when necessary even if not root)

	* src/storage/storage_backend.[ch] src/storage/storage_backend_disk.c
	  src/storage/storage_backend_fs.c src/storage/storage_backend_logical.c
	  src/storage/storage_driver.c: change the create_func implementations,
	  also propagate the pool information to be able to detect NETFS ones.

2010-01-21  Laine Stump  <laine@laine.org>

	New utility functions virFileCreate and virDirCreate
	These functions create a new file or directory with the given
	uid/gid. If the flag VIR_FILE_CREATE_AS_UID is given, they do this by
	forking a new process, calling setuid/setgid in the new process, and
	then creating the file. This is better than simply calling open then
	fchown, because in the latter case, a root-squashing nfs server would
	create the new file as user nobody, then refuse to allow fchown.

	If VIR_FILE_CREATE_AS_UID is not specified, the simpler tactic of
	creating the file/dir, then chowning is is used. This gives better
	results in cases where the parent directory isn't on a root-squashing
	NFS server, but doesn't give permission for the specified uid/gid to
	create files. (Note that if the fork/setuid method fails to create the
	file due to access privileges, the parent process will make a second
	attempt using this simpler method.)

	If the bit VIR_FILE_CREATE_ALLOW_EXIST is set in the flags, an
	existing file/directory will not cause an error; in this case, the
	function will simply set the permissions of the file/directory to
	those requested. If VIR_FILE_CREATE_ALLOW_EXIST is not specified, an
	existing file/directory is considered (and reported as) an error.

	Return from both of these functions is 0 on success, or the value of
	errno if there was a failure.

	* src/util/util.[ch]: add the 2 new util functions

2010-01-21  Laine Stump  <laine@laine.org>

	Add virRunWithHook util function
	* src/util/util.[ch]: similar to virExecWithHook, but waits for child to
	  exit. Useful for doing things like setuid after the fork but before the
	  exec.

2010-01-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	Unset copied environment variables in qemuxml2argvtest
	The test expected all environment variables copied in qemudBuildCommandLine
	to have known values. So all of them have to be either set to a known value
	or be unset. SDL_VIDEODRIVER and QEMU_AUDIO_DRV are not handled at all but
	should be handled. Unset both, otherwise the test will fail if they are set
	in the testing environment.

	* src/qemu/qemu_conf.c: add a comment about copied environment variables
	  and qemuxml2argvtest
	* tests/qemuxml2argvtest.c: unset SDL_VIDEODRIVER and QEMU_AUDIO_DRV

2010-01-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Don't allocate zero bytes

2010-01-20  Jim Meyering  <meyering@redhat.com>

	clean-up: remove unnecessary closedir call
	* src/node_device/node_device_linux_sysfs.c (get_virtual_functions_linux):
	Remove unnecessary closedir.  Spotted by Dave Allan.

	node_device_linux_sysfs.c: avoid opendir/fd leak on error path
	* src/node_device/node_device_linux_sysfs.c(get_virtual_functions_linux):
	Don't leak a DIR buffer and file descriptor on error path.

	domain_conf.c: avoid a leak and the need for "cleanup:" block
	* src/conf/domain_conf.c (virDomainChrDefFormat): Plug a leak on
	an error path, and at the same time, eliminate the need for a
	"cleanup:" block.  Before, the "return -1" after the switch
	would leak an "addr" string.  Now, by reversing the port,addr-
	getting blocks we can free "addr" immediately and skip the goto.

2010-01-20  Daniel P. Berrange  <berrange@redhat.com>

	Make all bitfields unsigned ints to avoid unexpected values in casts
	The 'int virInterfaceIsActive()' method was directly returning the
	value of the 'int active:1' bitfield in virIntefaceDefPtr. A bitfield
	with a signed integer, will hold the values 0 and -1, not 0 and +1
	as might be expected. This meant that virInterfaceIsActive() was
	always returning -1 when the interface was active, not +1 & thus all
	callers thought an error had occurred. To protect against this kind
	of mistake again, change all bitfields to be unsigned ints

	* daemon/libvirtd.h, src/conf/domain_conf.h, src/conf/interface_conf.h,
	  src/conf/network_conf.h: Change bitfields to unsigned int.

2010-01-20  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU driver custom domain status XML extensions
	Invoking the virConnectGetCapabilities() method causes the QEMU
	driver to rebuild its internal capabilities object. Unfortunately
	it was forgetting to register the custom domain status XML hooks
	again.

	To avoid this kind of error in the future, the code which builds
	capabilities is refactored into one single method, which can be
	called from all locations, ensuring reliable rebuilds.

	* src/qemu/qemu_driver.c: Fix rebuilding of capabilities XML and
	  guarentee it is always consistent

2010-01-20  Jiri Denemark  <jdenemar@redhat.com>

	Document cpu-compare command in virsh man page

	Document <cpu> elements in capabilities and domain XML

2010-01-20  Matthias Bolte  <matthias.bolte@googlemail.com>

	docs: Remove outdated information about remote limitations

2010-01-19  Jim Meyering  <meyering@redhat.com>

	logging: confirm that we want to ignore a write error
	* src/util/logging.c (virLogMessage): Include "ignore-value.h".
	Use it to ignore the return value of safewrite.
	Use STDERR_FILENO, rather than "2".
	* bootstrap (modules): Add ignore-value.
	* gnulib: Update to latest, for ignore-value that is now LGPLv2+.

	xen_driver: don't leak a parsed-config buffer
	* src/xen/xen_driver.c (xenUnifiedDomainXMLFromNative): Also
	free "conf" before returning.

2010-01-19  Laine Stump  <laine@laine.org>

	Update interface.rng and xml test files to match netcf 0.1.5
	The RNG now supports IPv6 and bonds attached to bridges, along with
	some other minor tweaks. All test files from netcf have been copied to
	the test directory and added to the xml2xml and schema tests (and they
	all pass, of course ;-)

2010-01-19  Laine Stump  <laine@laine.org>

	Support bond interfaces attached to bridges in interface xml.
	This was accomplished in xml parsing by doing away with the
	stripped-down virInterfaceBareDef object, and just always using
	virInterfaceDef, but with restrictions in certain places (eg, the type
	of subordinate interface allowed in parsing depends on the parent
	interface).

	xml formatting was similarly adjusted. In addition, the formatting
	functions keep track of the level of interface nesting, and insert
	extra leading spaces on each line accordingly (using %*s).

	The only change in formatted xml from previous (aside frmo supporting
	new combinations of interface types) is that the subordinate ethernet
	interfaces take up 2 lines rather than one, eg:

	   <interface type='ethernet' name='eth0'>
	   </interface>

	instead of:

	   <interface type='ethernet' name='eth0'/>

2010-01-19  Laine Stump  <laine@laine.org>

	Allow empty bridges in interface xml.

	Support delay property in interface bridge xml.

2010-01-19  Jim Meyering  <meyering@redhat.com>

	storage_conf: plug a leak on OOM error path
	* src/conf/storage_conf.c (virStoragePoolSourceListNewSource):
	Free just-allocated "source" upon VIR_REALLOC_N failure.

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Remove superfluous new lines from messages
	I noticed some debug messages are printed with an empty lines after
	them. This patch removes these empty lines from all invocations of the
	following macros:
	    VIR_DEBUG
	    VIR_DEBUG0
	    VIR_ERROR
	    VIR_ERROR0
	    VIR_INFO
	    VIR_WARN
	    VIR_WARN0

	Use pciDeviceIsAssignable in qemu driver

	Tests for ACS in PCIe switches
	New pciDeviceIsAssignable() function for checking whether a given PCI
	device can be assigned to a guest was added. Currently it only checks
	for ACS being enabled on all PCIe switches between root and the PCI
	device. In the future, it could be the right place to check whether a
	device is unbound or bound to a stub driver.

2010-01-19  Daniel Veillard  <veillard@redhat.com>

	Add Jiri Denemark <jdenemar@redhat.com> to commiters

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Allow for CPU topology specification without model
	Currently CPU topology may only be specified together with CPU model:
	    <cpu match='exact'>
	        <model>name</model>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>

	This patch allows for CPU topology specification without the need for
	also specifying CPU model:
	    <cpu>
	        <topology sockets='1' cores='2' threads='3'/>
	    </cpu>

	'match' attribute and 'model' element are made optional with the
	restriction that 'match' attribute has to be set when 'model' is
	present.

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Add debug messages for CPU incompatibility
	When comparing incompatible CPUs, the reason for this incompatibility is
	logged as a debug message.

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Take disabled/forced CPU features into account
	When comparing x86 CPUs, features with 'disabled' policy were mistakenly
	required to be supported by the host CPU.

	Likewise, features with 'force' policy which were supported by host CPU
	would make CPUs incompatible if 'strict' match was used by guest CPU.

	This patch fixes both issues.

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Implement CPU topology support for QEMU driver
	QEMU's command line equivalent for the following domain XML fragment
	    <vcpus>2</vcpus>
	    <cpu ...>
	        ...
	        <topology sockets='1' cores='2', threads='1'/>
	    </cpu>

	is

	    -smp 2,sockets=1,cores=2,threads=1

	This syntax was introduced in QEMU-0.12.

	Version 2 changes:
	- -smp argument build split into a separate function
	- always add ",sockets=S,cores=C,threads=T" to -smp if qemu supports it
	- use qemuParseCommandLineKeywords for command line parsing

	Version 3 changes:
	- ADD_ARG_LIT => ADD_ARG and line reordering in qemudBuildCommandLine
	- rebased

2010-01-19  Jiri Denemark  <jdenemar@redhat.com>

	Enhance qemuParseCommandLineKeywords
	Current version expects name=value,... list and when an incorrect string
	such as "a,b,c=d" would be parsed as "a,b,c" keyword with "d" value
	without reporting any error, which is probably not the expected
	behavior.

	This patch adds an extra argument called allowEmptyValue, which if
	non-zero will permit keywords with no value; "a,b=c,,d=" will be parsed
	as follows:
	    keyword value
	    "a"     NULL
	    "b"     "c"
	    ""      NULL
	    "d"     ""

	In case allowEmptyValue is zero, the string is required to contain
	name=value pairs only; retvalues is guaranteed to contain non-NULL
	pointers. Now, "a,b,c=d" will result in an error.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert VirtIO balloon over to -device syntax
	Replace

	   -balloon virtio

	With

	   -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3

	This allows it to get correct assigned PCI address as declared in
	previous patch

	 * src/qemu/qemu_conf.c: Convert Virtio ballon to -device and
	   give it an explicit PCI address
	 * tests/qemuxml2argvdata/qemuxml2argv-*args: Add in virtio balloon
	   where appropriate

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Auto-assign PCI addresses
	Instead of relying on QEMU to assign PCI addresses and then querying
	them with 'info pci', manually assign all PCI addresses before starting
	the guest.  These addresses are not stable across reboots. That will
	come in a later patch

	NB, the PIIX3 (IDE, FDC, ISA-Bridge) will always have slot 1 and
	VGA will always have slot 2. We declare the Virtio Balloon gets
	slot 3, and then all remaining slots are for configured devices.

	* src/qemu/qemu_conf.c: If -device is supported, then assign all PCI
	  addresses when building the command line
	* src/qemu/qemu_driver.c: Don't query monitor for PCI addresses if
	  they have already been assigned
	* tests/qemuxml2argvdata/qemuxml2argv-hostdev-pci-address-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-net-virtio-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-sound-device.args,
	  tests/qemuxml2argvdata/qemuxml2argv-watchdog-device.args: Update
	  to include PCI slot/bus information

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Pass -vga none if no video card specified
	QEMU always configures a VGA card. If no video card is included in
	the libvirt XML, it is neccessary to explicitly turn off the default
	using -vga none

	* src/qemu/qemu_conf.c: Pass -vga none if no video card is configured
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Test for
	  handling -vga none.
	* tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.args,
	  tests/qemuxml2argvdata/qemuxml2argv-nographics-vga.xml: Test
	  data files

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Add support for explicit -sdl flag to QEMU
	Not all QEMU builds default to SDL graphics for their display.
	Newer QEMU now has an explicit -sdl flag, which we can use to
	explicitly request SDL intead of relying on the default. This
	protects libvirt against unexpected changes in graphics default

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Probe for -sdl
	  flag and use it if it is found
	* tests/qemuhelptest.c: Add SDL flag to tests

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert guestfwd to -device, and add -sdl explicit args
	The old syntax was

	   -chardev SOMECONFIG
	   -nic user,guestfwd=tcp:IP:PORT-chardev:CHARDEV

	The new syntax is

	   -chardev SOMECONFIG
	   -netdev user,guestfwd=tcp:IP:PORT,chardev=ID,id=user-ID

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert PCI device assignment over to -device
	The old syntax is

	  -pcidevice host=BUS:SLOT:FUNCTION

	The new syntax is

	  -device pci-assign,host=BUS:SLOT:FUNCTION,addr=<PCI SLOT>,id=host0

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert USB input devices to -device

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert USB hostdevices over to -device
	The old syntax was

	   -usbdevice host:PRODUCT:VENDOR

	Or

	   -usbdevice host:BUS.DEV

	The new syntax is

	   -device usb-host,product=PRODUCT,vendor=VENDOR

	Or

	   -device usb-host,hostbus=BUS,hostaddr=DEV

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert USB disks over to -device
	The previous syntax was severely limited in its options

	  -usbdevice disk:/home/berrange/output.img

	The new syntax is the same as for other disk types

	  -drive file=/home/berrange/output.img,if=none,id=usb-1,index=1
	  -device usb-storage,drive=usb-1

	Again, the index= arg is wrong here, and will be removed in a
	later merge

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert NICs over to use -device & -netdev where possible
	The current syntax uses a pair of args

	   -net nic,macaddr=52:54:00:56:6c:55,vlan=3,model=pcnet,name=pcnet.0
	   -net user,vlan=3,name=user.0

	The new syntax does not  need the vlan craziness anymore, and
	so has a simplified pair of args

	   -netdev user,id=user.0
	   -device pcnet,netdev=user.0,id=pcnet.0,mac=52:54:00:56:6c:55,addr=<PCI SLOT>

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert disk drive over to use -device where available
	The current preferred syntax for disk drives uses

	  -drive file=/vms/plain.qcow,if=virtio,index=0,boot=on,format=qcow

	The new syntax splits this up into a pair of linked args

	  -drive file=/vms/plain.qcow,if=none,id=drive-virtio-0,format=qcow2
	  -device virtio-blk-pci,drive=drive-virtio-0,id=virtio-0,addr=<PCI SLOT>

	SCSI/IDE devices also get a bus property linking them to the
	controller

	  -device scsi-disk,drive=drive-scsi0-0-0,id=scsi0-0-0,bus=scsi0.0,scsi-id=0
	  -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bus=ide0,unit=0

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert audio devices over to -device syntax
	The current syntax for audio devices is a horrible multiplexed
	arg

	    -soundhw sb16,pcspk,ac97

	The new syntax is

	    -device sb16,id=sound0

	or

	    -device AC97,id=sound1,addr=<PCI SLOT>

	NB, pcspk still uses the old -soundhw syntax

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert watchdog to -device
	The current syntax for watchdogs is

	    -watchdog i6300esb

	The new syntax will now be

	    -device i6300esb,id=watchdogNN,addr=<PCI-SLOT>

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Convert character devices over to use -device
	The current character device syntax uses either

	  -serial tty,path=/dev/ttyS2

	Or

	  -chardev tty,id=serial0,path=/dev/ttyS2 -serial chardev:serial0

	With the new -device support, we now prefer

	  -chardev file,id=serial0,path=/tmp/serial.log -device isa-serial,chardev=serial0

	This patch changes the existing -chardev syntax to use this new
	scheme, and fallbacks to the old plain -serial syntax for old
	QEMU.

	The monitor device changes to

	  -chardev socket,id=monitor,path=/tmp/test-monitor,server,nowait -mon chardev=monitor

	In addition, this patch adds --nodefaults, which kills off the
	default serial, parallel, vga and nic devices. THis avoids the
	need for us to explicitly turn each off

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Assign device aliases for all devices at startup
	When starting a guest, give every device a unique alias. This will
	be used for the 'id' parameter in -device args in later patches.
	It can also be used to uniquely identify devices in the monitor

	For old QEMU without -device, assign disk names based on QEMU's
	historical naming scheme.

	* src/qemu/qemu_conf.c: Assign unique device aliases
	* src/qemu/qemu_driver.c: Remove obsolete qemudDiskDeviceName
	  and use the device alias in eject & blockstats commands

2010-01-18  Jim Meyering  <meyering@redhat.com>

	storage_backend_fs.c: do not ignore probe failure
	* src/storage/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Correct parentheses.  The documented intent is to ignore non-regular
	files, yet due to a parenthesization error all errors were handled
	that way.

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Probe for -device and use -nodefaults
	Probe for the new -device flag and if available set the -nodefaults
	flag, instead of using -net none, -serial none or -parallel none.
	Other device types will be converted to use -device in later patches.
	The -nodefaults flag will help avoid unwelcome surprises from future
	QEMU releases

	* src/qemu/qemu_conf.c: Probe for -device. Add -nodefaults flag.
	  Remove -net none, -serial none or -parallel none
	* src/qemu/qemu_conf.h: Define QEMU_CMD_FLAG_DEVICE
	* tests/qemuhelpdata/qemu-0.12.1: New data file for 0.12.1 QEMU
	* tests/qemuhelptest.c: Test feature extraction from 0.12.1 QEMU

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Add device info to serial, parallel, channel, input & fs devices
	Although the serial, parallel, chanel, input & fs devices do
	not have PCI address info, they can all have device aliases.
	Thus it neccessary to associate the virDomainDeviceInfo data
	with them all.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add hooks for
	  parsing / formatting device info for serial, parallel, channel
	  input and fs devices.
	* docs/schemas/domain.rng: Associate device info with character
	  devices, input & fs device

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Introduce device aliases
	This patch introduces the support for giving all devices a short,
	unique name, henceforth known as a 'device alias'.  These aliases
	are not set by the end user, instead being assigned by the hypervisor
	if it decides it want to support this concept.

	The QEMU driver sets them whenever using the -device arg syntax
	and uses them for improved hotplug/hotunplug. it is the intent
	that other APIs (block / interface stats & device hotplug) be
	able to accept device alias names in the future.

	The XML syntax is

	   <alias name="video0"/>

	This may appear in any type of device that supports device info.

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add a 'alias'
	  field to virDomainDeviceInfo struct & parse/format it in XML
	* src/libvirt_private.syms: Export virDomainDefClearDeviceAliases
	* src/qemu/qemu_conf.c: Replace use of "nic_name" field with the
	  standard device alias
	* src/qemu/qemu_driver.c: Clear device aliases at shutdown

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Clear assigned PCI devices at shutdown
	The PCI device addresses are only valid while the VM is running,
	since they are auto-assigned by QEMU. After shutdown they must
	all be cleared. Future QEMU driver enhancement will allow for
	persistent PCI address assignment

	* src/conf/domain_conf.h, src/conf/domain_conf.c, src/libvirt_private.syms
	  Add virDomainDefClearPCIAddresses() method for wiping out auto assigned
	  PCI addresses
	* src/qemu/qemu_driver.c: Clear PCI addresses at VM shutdown

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Auto-add disk controllers based on defined disks
	Existing applications using libvirt are not aware of the disk
	controller concept. Thus, after parsing the <disk> definitions
	in the XML, it is neccessary to create <controller> elements
	to satisfy all requested disks, as per their defined drive
	addresses

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/libvirt_private.syms: Add virDomainDefAddDiskControllers()
	  method for populating disk controllers, and call it after
	  parsing disk definitions.
	* src/qemu/qemu_conf.c: Call virDomainDefAddDiskControllers()
	  when doing ARGV -> XML conversion
	* tests/qemuxml2argvdata/qemuxml2argv*.xml: Add disk controller
	  data to all data files which don't have it already

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Avoid free'ing a constant string in chardev lookup code
	 * src/qemu/qemu_monitor_text.c: Don't free const string in
	   qemuMonitorTextGetPtyPaths()

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Remove restriction on duplicated sound devices in parser
	It is perfectly acceptable to have multiple sound devices of
	same type in guest configuration. If the underlying hypervisor
	does not like this, it is its job to complain, not the XML
	parser's

	* src/conf/domain_conf.c: Remove hack which deleted duplicated
	  sound device models.
	* tests/xml2sexprdata/xml2sexpr-fv-sound.xml: Remove duplicate
	  models

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Detect PCI addresses at QEMU startup
	Hotunplug of devices requires that we know their PCI address. Even
	hotplug of SCSI drives, required that we know the PCI address of
	the SCSI controller to attach the drive to. We can find this out
	by running 'info pci' and then correlating the vendor/product IDs
	with the devices we booted with.

	Although this approach is somewhat fragile, it is the only viable
	option with QEMU < 0.12, since there is no way for libvirto set
	explicit PCI addresses when creating devices in the first place.
	For QEMU > 0.12, this code will not be used.

	* src/qemu/qemu_driver.c: Assign all dynamic PCI addresses on
	  startup of QEMU VM, matching vendor/product IDs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  API for fetching PCI device address mapping

2010-01-18  Daniel P. Berrange  <berrange@redhat.com>

	Properly support SCSI drive hotplug
	The current SCSI hotplug support attaches a brand new SCSI controller
	for every disk. This is broken because the semantics differ from those
	used when starting the VM initially. In the latter case, each SCSI
	controller is filled before a new one is added.

	If the user specifies an high drive index (sdazz) then at initial
	startup, many intermediate SCSI controllers may be added with no
	drives.

	This patch changes SCSI hotplug so that it exactly matches the
	behaviour of initial startup. First the SCSI controller number is
	determined for the drive to be hotplugged. If any controller upto
	and including that controller number is not yet present, it is
	attached. Then finally the drive is attached to the last controller.

	NB, this breaks SCSI hotunplug, because there is no 'drive_del'
	command in current QEMU. Previous SCSI hotunplug was broken in
	any case because it was unplugging the entire controller, not
	just the drive in question.

	A future QEMU will allow proper SCSI hotunplug of a drive.

	This patch is derived from work done by Wolfgang Mauerer on disk
	controllers.

	* src/qemu/qemu_driver.c: Fix SCSI hotplug to add a drive to
	 the correct controller, instead of just attaching a new
	  controller.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  support for 'drive_add' command

2010-01-18  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Implement SCSI controller hotplug/unplug for QEMU
	This patch allows for explicit hotplug/unplug of SCSI controllers.
	Ordinarily this is not required, since QEMU/libvirt will attach
	a new SCSI controller whenever one is required. Allowing explicit
	hotplug of controllers though, enables the caller to specify a
	static PCI address, instead of auto-assigning the next available
	PCI slot. Or it will when we have static PCI addressing.

	This patch is derived from Wolfgang Mauerer's disk controller
	patch series.

	* src/qemu/qemu_driver.c: Support hotplug & unplug of SCSI
	  controllers
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h,
	  src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: Add
	  new API for attaching PCI SCSI controllers

2010-01-18  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: remove useless array-is-non-NULL comparisons
	* src/vbox/vbox_tmpl.c (vboxStorageVolDelete): Remove always-true
	array-is-non-NULL test.  git grep 'key\[.*\];'|grep -F .h
	src/datatypes.h:    char key[PATH_MAX];
	(vboxStorageVolGetInfo): Likewise.
	(vboxStorageVolGetXMLDesc): Likewise.
	(vboxStorageVolGetPath): Likewise.
	(vboxDomainDefineXML): Likewise. (but now with "mac[]")

	lxc_driver: remove useless comparison
	* src/lxc/lxc_driver.c (lxcSetupInterfaces): Remove always-true
	array-is-non-NULL test.  git grep 'mac\[.*\];'|grep -F .h
	src/conf/domain_conf.h:    unsigned char mac[VIR_MAC_BUFLEN];

	build: update gnulib submodule to latest

	gnulib added a new syntax-check test: use $(VAR), not @VAR@
	The latter is not officially "wrong", but *is* terribly anachronistic.
	I think automake documentation or comments call that syntax obsolescent.
	* cfg.mk (_makefile_at_at_check_exceptions): Exempt @SCHEMADIR@
	and @SYSCONFDIR@ uses -- there are no Makefile variables for those.
	* docs/Makefile.am: Use $(INSTALL), not @INSTALL@.
	* examples/dominfo/Makefile.am: Similar.
	* examples/domsuspend/Makefile.am: Similar.
	* proxy/Makefile.am: Similar.
	* python/Makefile.am: Similar.
	* python/tests/Makefile.am: Similar.
	* src/Makefile.am: Similar.
	* tests/Makefile.am: Similar.

	storage_backend.h: include required headers
	* src/storage/storage_backend.h: Include <stdint.h>.

	esx_vi_types.c: include required headers
	* src/esx/esx_vi_types.c: Include <stdint.h>.

	vbox: include required headers
	* src/vbox/vbox_driver.c: Include <stdint.h> <unistd.h> <sys/types.h>.

	cpu_x86_data.h: include required header
	* src/cpu/cpu_x86_data.h: Include <stdint.h>.

	util.c: include required header, no longer masked by gnulib
	Until recently, some gnulib-generated replacement headers
	included *other* headers that were not strictly necessary,
	thus masking the need in this file for an explicit <stdlib.h>.
	* src/util/util.c: Include <stdlib.h> for declarations of e.g.,
	strtol, random_r, getenv, etc.

2010-01-18  Jiri Denemark  <jdenemar@redhat.com>

	Use closest CPU model when decoding from CPUID
	Current implementation of x86Decode() used for CPUID -> model+features
	translation does not always select the closest CPU model. When walking
	through all models from cpu_map.xml the function considers a new
	candidate as a better choice than a previously selected candidate only
	if the new one is a superset of the old one. In case the new candidate
	is closer to host CPU but lacks some feature comparing to the old
	candidate, the function does not choose well.

	This patch changes the algorithm so that the closest model is always
	selected. That is, the model which requires the lowest number of
	additional features to describe host CPU.

2010-01-18  Diego Elio Pettenò  <flameeyes@gmail.com>

	Change detection of xen so that it's actually automatic rather than forced.
	This ensures that ./configure will work fine if xen development packages
	are not around, rather than fail. When passing ./configure --with-xen, the
	lack of xen development packages become fatal.

2010-01-18  Diego Elio Pettenò  <flameeyes@gmail.com>

	Standardise ./configure --help options reporting.
	Always use AC_HELP_STRING for the help text for options at ./configure,
	so that the output is properly aligned.

	Use proper quadrigraphs for outputting the brackets.

	Always use autoconf-style [default=$foo] output to state the default, both
	where it was stated before and where it wasn't.

	This time, include Matthias Bolte notes regarding defaults, and removing
	PFX specification from phyp.

2010-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Use log output for pty assignment if 'info chardev' is unavailable
	qemudFindCharDevicePTYsMonitor reports an error if 'info chardev' didn't
	provide information for a requested device, even if the log output parsing
	had found the pty path for that device. This makes pty assignment fail for
	older QEMU/KVM versions. For example KVM 72 on Debian doesn't support
	'info chardev', so qemuMonitorTextGetPtyPaths cannot parse any useful
	information and the hash for device-id-to-pty-path mapping stays empty.

	Make qemudFindCharDevicePTYsMonitor report an error only if the log output
	parsing and the 'info chardev' parsing failed to provide the pty path.

2010-01-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add VNC support
	* src/conf/domain_conf.c: add defaults for the video device
	* src/esx/esx_vmx.[ch]: add VNC support to the VMX handling
	* tests/vmx2xmltest.c, tests/xml2vmxtest.c: add tests for the VNC support

	esx: Make the domain part of the hostname optional
	Before the driver assumed that there is always a domain part. That's
	not true. Now the domain part is handled as optional.

	esx: Add stubs for secondary driver types
	This stops libvirt from probing for a libvirtd on the ESX server and
	sets the base for the implementation of the secondary drivers.

2010-01-18  David Jorm  <dfj@dfj.bne.redhat.com>

	BZs 528709 548485

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix validation of news.html

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix build of Xen proxy daemon
	* src/conf/domain_conf.c: Allow virDomainDeviceInfoIsSet,
	  virDomainDeviceInfoClear & virDomainDeviceInfoFormat when
	  building Xen proxy

	Remove obsolete comment in QEMU JSON code
	* src/qemu/qemu_monitor_json.c: We fill in the PCI function number
	   now, so remove obsolete XXX comment

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Specify bus/unit instead of index for disks with QEMU
	The current code for using -drive simply sets the -drive 'index'
	parameter. QEMU internally converts this to bus/unit depending
	on the type of drive. This does not give us precise control over
	the bus/unit assignment though. This change switches over to make
	libvirt explicitly calculate the bus/unit number.

	In addition bus/unit/index are actually irrelevant for VirtIO
	disks, since each virtio disk is a separate PCI device. No disk
	controller is involved.

	Doing the conversion to bus/unit in libvirt allows us to correctly
	attach SCSI controllers when required.

	* src/qemu/qemu_conf.c: Specify bus/unit instead of index for
	  disks
	* tests/qemuxml2argvdata/qemuxml2argv-disk*.args: Switch over from
	  using index=NNNN, to bus=NN, unit=NN for SCSI/IDE/Floppy disks

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Split code for building QEMU -drive arg in separate method
	To enable it to be called from multiple locations, split out
	the code for building the -drive arg string. This will be needed
	by later patches which do drive hotplug, the conversion to use
	-device, and the conversion to controller/bus/unit addressing

	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Add qemuBuildDriveStr
	  for building -drive arg string

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Convert monitor over to use virDomainDeviceAddress
	Convert the QEMU monitor APIs over to use virDomainDeviceAddress
	structs for passing addresses in/out, instead of individual bits.
	This makes the number of parameters smaller & easier to deal with.
	No functional change

	* src/qemu/qemu_driver.c, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor.h, src/qemu/qemu_monitor_text.c,
	  src/qemu/qemu_monitor_text.h: Change monitor hotplug APIs to
	  take an explicit address ptr for all host/guest addresses

2010-01-15  Jim Fehlig  <jfehlig@novell.com>

	Minor fixes for API extension doc
	Update the API Extensions doc to reflect new source directory layout.

2010-01-15  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Add new domain device: "controller"
	This augments virDomainDevice with a <controller> element
	that is used to represent disk controllers (e.g., scsi
	controllers). The XML format is given by

	  <controller type="scsi" index="<num>">
	     <address type="pci" domain="0xNUM" bus="0xNUM" slot="0xNUM"/>
	  </controller>

	where type denotes the disk interface (scsi, ide,...), index
	is an integer that identifies the controller for association
	with disks, and the <address> element specifies the controller
	address on the PCI bus as described in previous commits
	The address element can be omitted; in this case, an address
	will be assigned automatically.

	Most of the code in this patch is from Wolfgang Mauerer's
	previous disk controller series

	 * docs/schemas/domain.rng: Define syntax for <controller>
	   XML element
	 * src/conf/domain_conf.c, src/conf/domain_conf.h: Define
	   virDomainControllerDef struct, and routines for parsing
	   and formatting XML
	* src/libvirt_private.syms: Add virDomainControllerInsert
	   and virDomainControllerDefFree

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Set default disk controller/bus/unit props
	When parsing the <disk> element specification, if no <address>
	is provided for the disk, then automatically assign one based on
	the <target dev='sdXX'/> device name. This provides for backwards
	compatability with existing applications using libvirt, while also
	allowing new apps to have complete fine grained control.

	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: Add virDomainDiskDefAssignAddress()
	  for assigning a controller/bus/unit address based on disk target
	* src/qemu/qemu_conf.c: Call virDomainDiskDefAssignAddress() after
	  generating XML from ARGV
	* tests/qemuxml2argvdata/*.xml: Add in drive address information
	  to all XML files

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Add address info to sound, video and watchdog devices
	Add the virDomainDeviceAddress information to the sound, video
	and watchdog devices. This means all of them gain the new XML
	element

	  <address .... />

	This brings them upto par with disk/net/hostdev devices which
	already have address info

	* src/conf/domain_conf.h: Add virDomainDeviceAddress to sound,
	  video & watchdog device struts.
	* src/conf/domain_conf.c: Hook up parsing/formatting for
	  virDomainDeviceAddress in sound, video & watchdog devices
	* docs/schemas/domain.rng: Associate device address info
	  with sound, video & watchdog

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Extend the virDomainDeviceAddress struture to allow disk controller addresses
	Introduce a new structure

	      struct _virDomainDeviceDriveAddress {
	        unsigned int controller;
	        unsigned int bus;
	        unsigned int unit;
	      };

	and plug that into virDomainDeviceAddress and generates XML that
	looks like

	  <address type='drive' controller='1' bus='0' unit='5'/>

	This syntax will be used by the QEMU driver to explicitly control
	how drives are attached to the bus

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Parsing and
	  formatting of drive addresses
	* docs/schemas/domain.rng: Define new address format for drives

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a standardized data structure for device addresses
	All guest devices now use a common device address structure
	summarized by:

	  enum virDomainDeviceAddressType {
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE,
	    VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI,
	  };

	  struct _virDomainDevicePCIAddress {
	    unsigned int domain;
	    unsigned int bus;
	    unsigned int slot;
	    unsigned int function;
	  };

	  struct _virDomainDeviceInfo {
	    int type;
	    union {
	        virDomainDevicePCIAddress pci;
	    } addr;
	  };

	This replaces the anonymous structs in Disk/Net/Hostdev data
	structures. Where available, the address is *always* printed
	in the XML file, instead of being hidden in the internal state
	file.

	  <address type='pci' domain='0x0000' bus='0x1e' slot='0x07' function='0x0'/>

	The structure definition is based on Wolfgang Mauerer's disk
	controller patch series.

	* docs/schemas/domain.rng: Define the <address> syntax and
	  associate it with disk/net/hostdev devices
	* src/conf/domain_conf.h, src/conf/domain_conf.c,
	  src/libvirt_private.syms: APIs for parsing/formatting address
	  information. Also remove the QEMU specific 'pci_addr' attributes
	* src/qemu/qemu_driver.c: Replace use of 'pci_addr' attrs with
	  new standardized format.

2010-01-15  Daniel P. Berrange  <berrange@redhat.com>

	Make test suite output less verbose
	Only print out '.' for each test case, full test output can be
	re-enabled with VIR_TEST_VERBOSE=1, or VIR_TEST_DEBUG=XXXX

	Sample output now looks like

	  TEST: statstest
	        ........................................ 40
	        ...................................      75  OK
	  PASS: statstest
	  TEST: qparamtest
	        ................................         32  OK
	  PASS: qparamtest
	  TEST:
	        ............                             12  OK

2010-01-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation of virt-aa-helper.c
	Commit 5073aa994af460e775cb3e548528e28d7660fcc8 added an additional
	'}' to a case block that messed up the block structure of the get_files
	function.

2010-01-15  Jim Meyering  <meyering@redhat.com>

	xen: do not report a write-to-Xen-daemon failure as a read failure
	* src/xen/xend_internal.c (wr_sync): Correct the diagnostic.

2010-01-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix linkage of virt-aa-helper to libgnu.a

2010-01-14  Cole Robinson  <crobinso@redhat.com>

	util: Make sure virExec hook failures are raised
	With the introduction virDispatchError, hook function errors are
	never sent through the error callback, so users will never see
	these messages.

	Fix this by calling virDispatchError after hook failure.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	Implement path lookup for USB by vendor:product
	Based off how QEMU does it, look through /sys/bus/usb/devices/* for
	matching vendor:product info, and if found, use info from the surrounding
	files to build the device's /dev/bus/usb path.

	This fixes USB device assignment by vendor:product when running qemu
	as non-root (well, it should, but for some reason I couldn't reproduce
	the failure people are seeing in [1], but it appears to work properly)

	[1] https://bugzilla.redhat.com/show_bug.cgi?id=542450

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	daemon: Don't blindly unregister domain events
	The daemon will attempt to unregister domain events on client disconnect,
	even if no events were ever registered. This raises an unneeded error.

	Track in the qemu_client structure if events have been registered, and
	check this when performing cleanup.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	daemon: Fix various error reporting issues
	Many node device calls weren't properly relaying error messages, and
	domain event registeration was not checking for error.

	events: Report errors on failure

	node_device: udev: Fix memory leak
	We are setting the same property two different ways without
	free'ing in between. Just drop the second assignment.

	node_device: udev: Enumerate floppy devices
	There are quite a few differences between how udev exposes legacy
	and USB floppy devs, but this patch takes care of both variants.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	node_device: udev: Use base 16 for product/vendor
	udev doesn't prefix USB product/vendor info with '0x', so the
	strtol conversions were wrong for the product field (vendor already
	set the correct base). Make the change for PCI product/vendor as
	well to be safe.

	This fixes USB device assignment via virt-manager.

2010-01-13  Cole Robinson  <crobinso@redhat.com>

	util: Remove logging handlers in virExec
	This allows debug statements and raised errors in hook functions to
	actually be logged somewhere (stderr). Users can enable debugging in the
	daemon and now see more info in /var/log/libvirt/...

2010-01-12  Jim Fehlig  <jfehlig@novell.com>

	Fix migration in xend driver
	Upstream xen has changed parameters to the migration operation
	several times over the past 18 months.  Changeset 17553 removed
	the resouce parameter,  Changesets 17709, 17753, and 20326 added
	ssl, node, and change_home_server parameters respectively.

	Fortunately, testing has revealed that xend will fail the
	operation if a parameter is missing but happily honor it if
	unknown parameters are provided.  Thus all currently supported
	parameters can be provided, satisfying current xend but not
	regressing older versions.

2010-01-12  Cole Robinson  <crobinso@redhat.com>

	Commit bootstrap .gitignore additions

	qemu: Disable errors in qemudShutdownVMDaemon

	libvirt.c: Preserve MigratePerform failure

	qemu: migrate: Save MigratePerform error in MigrateFinish.
	This way we won't squash the original error report in
	MigratePerform, as is done for P2P and Tunneled migration.

	virterror: Add virSetError
	Can be used to re-set an old error, which may have been squashed by
	other functions (like cleanup routines). Will be used in subsequent patches

2010-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Ensure error handling callback functions are called from safe context
	The virRaiseErrorFull() may invoke the error handler callback
	functions an application has registered. This is not good
	because the connection object may not be available at this
	point, and the caller may be holding locks. This creates a
	problem if the error handler calls back into libvirt.

	The solutuon is to move invocation of the handler into the
	final cleanup code in the public API entry points, where it
	is guarenteed to have safe state.

	* src/libvirt.c: Invoke virDispatchError() in all error paths
	* src/util/virterror.c: Remove virSetConnError/virSetGlobalError,
	  replacing with virDispatchError(). Move invocation of the
	  error callbacks into virDispatchError() instead of the
	  virRaiseErrorFull function which is not in a safe context

2010-01-12  Daniel P. Berrange  <berrange@redhat.com>

	Revert 7aee22939f7f67a60e24472e5acc40b3b5b9d152
	Revert commit 7aee22939f7f67a60e24472e5acc40b3b5b9d152 since it
	is mistakenly adding an extra parameter to virsh that does not
	belong there.

2010-01-12  David Jorm  <dfj@dfj.bne.redhat.com>

	cpu_shares parameter limit documented

2010-01-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Document the domain XML cache attribute for disk devices

2010-01-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	qemu: Fix a memory leak in qemudExtractTTYPath
	qemudWaitForMonitor calls qemudReadLogOutput with qemudFindCharDevicePTYs
	as callback. qemudFindCharDevicePTYs calls qemudExtractTTYPath to assign
	a string to chr->data.file.path. Afterwards qemudWaitForMonitor may call
	qemudFindCharDevicePTYsMonitor that overwrites chr->data.file.path without
	freeing the old value. This results in leaking the memory allocated by
	qemudExtractTTYPath.

	Report an OOM error if the strdup in qemudFindCharDevicePTYsMonitor fails.

2010-01-11  Guido Günther  <agx@sigxcpu.org>

	Also look for dmi information in /sys/class
	older kernels such as 2.6.26 have it there.

2010-01-11  Laine Stump  <laine@laine.org>

	Fix UUID random generator to use /dev/random
	Only use pseudo-random generator for uuid if using /dev/random fails.
	* src/util/uuid.c: The original code. would only print the warning
	  message if using /dev/random failed, but would still go ahead and call
	  virUUIDGeneratePseudoRandomBytes in all cases anyway.

2010-01-09  Jim Meyering  <meyering@redhat.com>

	avoid another "make distcheck" failure
	* docs/Makefile.am (uninstall-local): Separate $$f from preceding
	dir name with a "/" and use $$(basename $$f) rather than $$f, since
	some values of $$f are prefixed with devhelp/.

	avoid newly-introduced test failure
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Update
	expected output to match, now that we use -mem-prealloc.

	proxy_internal.c: mark "request" parameter as nonnull
	* src/xen/proxy_internal.c (xenProxyCommand): Mark "request"
	as an always-non-NULL parameter.

	don't test "res == NULL" after we've already dereferenced "res"
	* src/xen/proxy_internal.c (xenProxyCommand): "res" is known to be
	non-NULL at that point, so remove the "res == NULL" guard.

	fix 7 "make check" test failures in non-srcdir build
	* tests/capabilityschematest: Define and use $srcdir.
	* tests/domainschematest: Likewise.
	* tests/interfaceschematest: Likewise.
	* tests/networkschematest: Likewise.
	* tests/nodedevschematest: Likewise.
	* tests/storagepoolschematest: Likewise.
	* tests/storagevolschematest: Likewise.

2010-01-08  Jim Meyering  <jim@meyering.net>

	let "configure --disable-shared" work once again
	Without this change, ./autogen.sh --disable-shared && make would
	evoke a "can not build a shared library" failure for libvirtmod.la
	due to the new use of libtool's -shared link option in
	python/Makefile.am.  Now, --disable-shared also
	disables building python.

	* configure.in: Make --disable-shared imply --without-python and
	silently override --with-python.
	Improved by: Diego Elio Pettenò <flameeyes@gmail.com>

2010-01-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Dump the raw response in case of an SOAP fault
	Currently only the faultcode and faultstring are deserialized, the
	detail part is ignored. The implementation of many new SOAP types
	would be necessary to deserialize the detail part correctly. As an
	intermediate solution the raw response is dumped to the debug log.

	esx: Warn if the ESX server is in maintenance mode

	Replace old CVS references with GIT

2010-01-08  Daniel Veillard  <veillard@redhat.com>

	Qemu: ask for memory preallocation with large pages
	The -mem-prealloc flag should be used when using large pages
	This ensures qemu tries to allocate all required memory immediately,
	rather than when first used. The latter mode will crash qemu
	if hugepages aren't available when accessed, while the former
	should gracefully fallback to non-hugepages.

	* src/qemu/qemu_conf.c: add -mem-prealloc flag to qemu command line
	  when using large pages

2010-01-07  Jim Fehlig  <jfehlig@novell.com>

	xen hypervisor: xen domctl version 6
	xen-unstable c/s 20685 changed the domctl interface, adding a field to
	xen_domctl_getdomaininfo structure.  This additional field causes stack
	corruption in libvirt.  xen-unstable c/s 20711 rightly bumped the domctl
	interface version so it is at least possible to handle the new field.
	This change accounts for shr_pages field added to xen_domctl_getdomaininfo
	structure.

2010-01-07  Jim Meyering  <meyering@redhat.com>

	network/bridge_driver.c: avoid potential NULL-dereference
	* src/network/bridge_driver.c (networkBuildDnsmasqArgv): Correct
	test for NULL *argv.

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	virsh: Use VIR_FREE instead of free
	virsh uses other parts of the internal API already, so use VIR_FREE also.

	virsh: Add persistent history using libreadline

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix 'vpx' MAC address range and allow arbitrary MAC addresses
	The MAC addresses with 00:50:56 prefix are split into several ranges:

	  00:50:56:00:00:00 - 00:50:56:3f:ff:ff  'static' range (manually assigned)
	  00:50:56:80:00:00 - 00:50:56:bf:ff:ff  'vpx' range (assigned by a VI Client)

	Erroneously the 'vpx' range was assumed to be larger and to occupy the
	remaining addresses of the 00:50:56 prefix that are not part of the 'static'
	range.

	00:50:56 was used as prefix for generated MAC addresses, this is not possible
	anymore, because there are gaps in the allowed ranges. Therefore, change the
	prefix to 00:0c:29 which is the prefix for auto generated MAC addresses anyway.

	Allow arbitrary MAC addresses to be used and set the checkMACAddress VMX option
	to false in case the MAC address doesn't fall into any predefined range.

	* docs/drvesx.html.in: update website accordingly
	* src/esx/esx_driver.c: set the auto generation prefix to 00:0c:29
	* src/esx/esx_vmx.c: fix MAC address range handling and allow arbitrary MAC
	  addresses
	* tests/vmx2xml*, tests/xml2vmx*: add some basic MAC address range tests

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix deserialization for VI API calls CancelTask and UnregisterVM

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix and improve the libcurl debug callback
	The data passed to the callback is not guaranteed to be zero terminated,
	take care of that by coping the data and adding a zero terminator.

	Also dump the data for other types than CURLINFO_TEXT.

	Set CURLOPT_VERBOSE to 1 so the debug callback is called when enabled.

2010-01-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't warn about an empty URI path

	esx: Also allow virtualHW version 4 for ESX 4.0
	A domain with virtualHW version 4 is allowed on an ESX 4.0 server.
	If a domain is migrated from an ESX 3.5 server to an ESX 4.0 server
	then the virtualHW version stays the same. So a ESX 4.0 server can
	host domains with virtualHW version 4.

	Don't free an uninitalized pointer in update_driver_name()
	This invalid free results in heap corruption. Some symptoms I saw
	because of this were libvirtd crashing and virt-manager hanging
	while trying to enumerate devices.

2010-01-06  Jim Meyering  <meyering@redhat.com>

	xend_internal: don't let invalid input provoke NULL dereference
	* src/xen/xend_internal.c (xenDaemonOpen_unix): Do not dereference
	a NULL "conn".  Move first deref to follow the "conn == NULL" test.

2010-01-06  Adam Litke  <agl@us.ibm.com>

	qemu: Always enable the virtio balloon driver
	The behavior for the qemu balloon device has changed.  Formerly, a virtio
	balloon device was provided by default.  Now, '-balloon virtio' must be
	specified on the command line to enable it.  This patch causes libvirt to
	add '-balloon virtio' to the command line whenever the -balloon option is
	available.
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h: check for the new flag and
	  add "-baloon vitio" to qemu command when needed
	* tests/qemuhelptest.c: add the new flag for detection

2010-01-06  David Allan  <dallan@redhat.com>

	Don't update vol details after build
	This patch removes the call to vol update after the volume build completes.
	The update call is currently meaningless anyway because the vol build is passed
	a copy of the definition, so the update result is thrown away.  More
	importantly, if the user specified a selinux label for the volume, the update
	call results in a double free of the label
	* src/storage/storage_backend_fs.c: remove the update call

2010-01-06  Diego Elio Pettenò  <flameeyes@gmail.com>

	Disable building of static Python module
	* python/Makefile.am: python modules are loaded at runtime so the static
	  version is not needed, avoid building it

2010-01-06  Matthew Booth  <mbooth@redhat.com>

	Fix parsing of 'info chardev' line endings
	This change makes the 'info chardev' parser ignore any trailing
	whitespace on a line. This fixes a specific problem handling a '\r\n'
	line ending.

	* src/qemu/qemu_monitor_text.c: Ignore trailing whitespace in
	  'info chardev' output.

2010-01-05  Jim Meyering  <meyering@redhat.com>

	vbox_tmpl.c: don't leak a domain pointer upon failure to create
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): "Unref" the domain
	upon failure.  Patch by Matthias Bolte.

	vbox_tmpl.c: avoid NULL deref upon vboxDomainCreateXML failure
	* src/vbox/vbox_tmpl.c (vboxDomainCreateXML): Don't call
	vboxDomainUndefine on a NULL "dom".

	qemu_driver.c: remove useless, warning-provoking test
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepare2): Remove useless
	test of always-non-NULL uri_out parameter.  Use ATTRIBUTE_NONNULL to
	inform tools.

	qemu_driver.c: avoid NULL dereference upon disk-op failure
	* src/qemu/qemu_driver.c (qemudDomainAttachDevice): Call
	virCgroupDenyDevicePath only if cgroup is non-NULL.

	openvz_conf.c: don't dereference NULL upon failure
	* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
	of "dom".

2009-12-28  Matthias Bolte  <matthias.bolte@googlemail.com>

	Distribute vmx2xml and xml2vmx test data files

2009-12-23  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.5

	Update and regenerate localizations
	upate of as.po bn_IN.po de.po es.po gu.po hi.po kn.po ml.po mr.po or.po
	pa.po pl.po ru.po ta.po te.po zh_CN.po and regeneration

2009-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	The secret driver is stateful, link it directly to libvirtd
	All other stateful drivers are linked directly to libvirtd
	instead of libvirt.so. Link the secret driver to libvirtd too.

	* daemon/Makefile.am: link the secret driver to libvirtd
	* daemon/libvirtd.c: add #ifdef WITH_SECRETS blocks
	* src/Makefile.am: don't link the secret driver to libvirt.so
	* src/libvirt_private.syms: remove the secretRegister symbol

2009-12-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove undefined symbols from libvirt_private.syms
	MinGW's ld gives an error when trying to export undefined symbols.

	boolean shadows a typedef in rpcndr.h when compiled with MinGW
	Alter the offending variable names to fix this.

2009-12-23  Jiri Denemark  <jdenemar@redhat.com>

	Rename DATADIR to PKGDATADIR to fix win32 build
	* src/Makefile.am src/cpu/cpu_map.c: rename in Makefile and in the
	  cpu map loading code

	Move cpu_map.xml to -client RPM
	All the cpu code is part of libvirt library and it might be used by
	drivers which do not require libvirtd to be running.

2009-12-22  Daniel Veillard  <veillard@redhat.com>

	convert missing server entry points into unsupported errors
	If using a remote access, sometimes an RPC entry point is not
	available, and currently we just end up with a raw:
	    error: unknown procedure: xxx
	error, while this should be more cleanly reported as an unsupported
	entry point like for local access

	* src/remote/remote_driver.c: convert missing remote entry points into
	  the unsupported feature error

2009-12-22  Olivier Fourdan  <ofourdan@redhat.com>

	fix some error report when on remote access
	When querying about a domain from 0.3.3 (or RHEL 5.3) domain located
	on a 0.6.3 (RHEL-5) machine, the errors are not properly reported.
	This patch from Olivier Fourdan <ofourdan@redhat.com> , slightly
	modified to not change the semantic when the domain os details cannot
	be provided

	* src/xen/proxy_internal.c src/xen/xen_hypervisor.c: add some missing
	  error reports

2009-12-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix undefined reference to 'close_used_without_including_unistd_h'
	Found while trying to cross-compile libvirt on Fedora 12 for Windows.
	gnulib redefines 'close' to 'close_used_without_including_unistd_h'
	in sys/socket.h if winsock2.h is present and unistd.h has not been
	included before sys/socket.h. Reorder some includes to fix this.

	Fix argument type of virProcessInfoSetAffinity dummy function

	Define ATTRIBUTE_SENTINEL for GCC < 4.0 too
	ATTRIBUTE_SENTINEL was defined for GCC >= 4.0 only, resulting in
	compile errors when using GCC < 4.0.

	Fix compilation  with configure --disable-nls

	cpu: Fix memory leaks in x86FeatureLoad and x86ModelLoad
	Also backup and restore the original ctxt->node value in x86FeatureLoad.

	Fix configure check for SASL
	The option --with-sasl defaults to 'check', but an inverted test logic
	lets the SASL check fail with an error instead of disabling SASL.
	Fix the test logic so SASL support gets disabled if SASL is missing and
	--with-sasl is set to check.

	Fix GnuTLS pkg-config check
	The testlogic for $PKG_CONFIG was inverted, checking for an empty string
	before using PKG_CHECK_MODULES. Use -x instead of -z and add an else branch
	to the if checking for $GNUTLS_FOUND = no to add -lgcrypt in case the
	GnuTLS libraries are detected by pkg-config.

	Report an error if no XDR library can be found

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Disable JSON mode monitor until QEMU is more mature
	* src/qemu/qemu_conf.h: Remove QEMU_CMD_FLAG_0_12 and just leave
	  the lone JSON flag
	* src/qemu/qemu_conf.c: Enable JSON on QEMU 0.13 or later, but
	  leave it disabled for now

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Only probe for CPU models if required
	* src/qemu/qemu_conf.c: CPU models should be probed only if the
	  a guest's XML contains CPU model, not each time a qemu command line
	  is generated.

2009-12-22  Daniel Veillard  <veillard@redhat.com>

	Add some people missing from the AUTHORS list

2009-12-22  Jiri Denemark  <jdenemar@redhat.com>

	Add cpu_map.xml to libvirt.spec
	* libvirt.spec.in: embbed it in the main libvirt binary rpm

	Install cpu_map.xml
	* src/Makefile.am: install it in $(pkgdatadir) i.e. /usr/share/libvirt/
	  usually

2009-12-22  Chris Lalancette  <clalance@redhat.com>

	Make Xen VT-d PCI attach/detach work
	The Xen code for making HVM VT-d PCI passthrough attach and detach
	wasn't working properly:

	1)  In xenDaemonAttachDevice(), we were always trying to reconfigure
	a PCI passthrough device, even the first time we added it.  This was
	because the code in virDomainXMLDevID() was not checking xenstore for
	the existence of the device, and always returning 0 (meaning that
	the device already existed).

	2)  In xenDaemonDetachDevice(), we were trying to use "device_destroy"
	to detach a PCI device.  While you would think that is the right
	method to call, it's actually wrong for PCI devices.  In particular,
	in upstream Xen (and soon in RHEL-5 Xen), device_configure is actually
	used to destroy a PCI device.

	To fix the attach
	problem I add a lookup into xenstore to see if the device we are
	trying to attach already exists.  To fix the detach problem I change
	it so that for PCI detach (only), we use device_configure with the
	appropriate sxpr to do the detachment.

	* src/xen/xend_internal.c: don't use device_destroy for PCI devices
	  and fix the other issues.
	* src/xen/xs_internal.c src/xen/xs_internal.h: add
	  xenStoreDomainGetPCIID()

2009-12-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix detection of JSON when restarting libvirtd
	The XML XPath for detecting JSON in the running VM statefile was
	wrong causing all VMs to get JSON mode enabled at libvirtd restart.

	In addition if a VM was running a JSON enabled QEMU once, and then
	altered to point to a non-JSON enabled QEMU later the 'monJSON'
	flag would not get reset to 0.

	* src/qemu/qemu_driver.c: Fix setting/detection of JSON mode

2009-12-21  Adam Litke  <agl@us.ibm.com>

	Document the dommemstat command in the virsh man page
	* tools/virsh.pod: Provide a basic mention of the dommemstat command in
	  the virsh man page.

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Change virsh dommemstats command to dommemstat
	As Paul Jenner pointed out all other statistics commands use the
	singular form

	* tools/virsh.c: rename dommemstats to dommemstat as well as function
	  name and associated structures

2009-12-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix reporting of TLS connection errors
	The code for connecting to a server tries each socket in turn
	until it finds one that connects. Unfortunately for TLS sockets
	if it connected, but failed TLS handshake it would treat that
	as a failure to connect, and try the next socket. This is bad,
	it should have reported the TLS failure immediately.

	$ virsh -c qemu://somehost.com/system
	error: unable to connect to libvirtd at 'somehost.com': Invalid argument
	error: failed to connect to the hypervisor

	$ ./tools/virsh -c qemu://somehost.com/system
	error: server certificate failed validation: The certificate hasn't got a known issuer.
	error: failed to connect to the hypervisor

	 * src/remote/remote_driver.c: Stop trying to connect if the
	   TLS handshake fails

2009-12-21  Daniel Veillard  <veillard@redhat.com>

	Fix typo in qemudDomainAttachHostPciDevice()
	* src/qemu/qemu_driver.c: The 'if' statement is supposed to check return
	  value of pci = pciGetDevice(conn, ...); , but check uses if (!dev),
	  fix it

2009-12-20  Adam Litke  <agl@us.ibm.com>

	python: Add python bindings for virDomainMemoryStats
	Enable virDomainMemoryStats in the python API.  dom.memoryStats() will return a
	dictionary containing the supported statistics.  A dictionary is required
	because the meaining of each quantity cannot be inferred from its index in a
	list.

	* python/generator.py: reenable bindings for this entry point
	* python/libvirt-override-api.xml python/libvirt-override.c: the
	  generator can't handle this new function, add the new binding,
	  and the XML description

2009-12-20  Adam Litke  <agl@us.ibm.com>

	Add a new command dommemstats for virDomainMemoryStats
	Define a new command 'dommemstats' to report domain memory statistics.  The
	output format is inspired by 'domblkstat' and 'domifstat' and consists of
	tag/value pairs, one per line.  The command can complete successfully and
	print no output if virDomainMemoryStats is supported by the driver, but not
	the guest operating system.

	Sample output:
	swap_in 0
	swap_out 0
	major_fault 54
	minor_fault 58259
	unused 487680
	available 502472

	All stats referring to a quantity of memory (eg. all above except major and
	minor faults) represent the quantity in KBytes.

	* tools/virsh.c: implements the new command

2009-12-20  Adam Litke  <agl@us.ibm.com>

	Add domainMemoryStats support to remote driver
	Use a dynamically sized xdr_array to pass memory stats on the wire.  This
	supports the addition of future memory stats and reduces the message size
	since only supported statistics are returned.

	* src/remote/remote_protocol.x: provide defines for the new entry point
	* src/remote/remote_driver.c daemon/remote.c: implement the client and
	  server side
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: generated
	  stubs

2009-12-20  Adam Litke  <agl@us.ibm.com>

	Implements domainMemStats in the qemu driver
	Support for memory statistics reporting is accepted for qemu inclusion.
	Statistics are reported via the monitor command 'info balloon' as a comma
	seprated list:

	(qemu) info balloon
	balloon: actual=1024,mem_swapped_in=0,mem_swapped_out=0,major_page_faults=88,minor_page_faults=105535,free_mem=1017065472,total_mem=1045229568

	Libvirt, qemu, and the guest operating system may support a subset of the
	statistics defined by the virtio spec.  Thus, only statistics recognized by
	components will be reported.

	* src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.[ch]: implement the
	  new entry point by using info balloon monitor command

2009-12-20  Adam Litke  <agl@us.ibm.com>

	domMemoryStats: Add public symbol to libvirt API
	* src/libvirt.c: implement the main entry point
	* src/libvirt_public.syms: add it to the exported symbols

2009-12-20  Adam Litke  <agl@us.ibm.com>

	Add new API virDomainMemoryStats to header and drivers
	Set up the types for the domainMemoryStats function and insert it into the
	virDriver structure definition.  Because of static initializers, update
	every driver and set the new field to NULL.

	* include/libvirt/libvirt.h.in: new API
	* src/driver.h src/*/*_driver.c src/vbox/vbox_tmpl.c: add the new
	  entry to the driver structure
	* python/generator.py: fix compiler errors, the actual python binding is
	  implemented later

2009-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add more links to external documentation

	esx: Destroy virtual machine on a vCenter if available
	If a virtual machine is destroyed on a ESX server then immediately
	undefining this virtual machine on a vCenter may fail, because the
	vCenter has not been informed about the status change yet. Therefore,
	destroy a virtual machine on a vCenter if available, so the vCenter
	is up-to-date when the virtual machine should be undefined.

	esx: Undefine virtual machine on a vCenter if available
	Undefining a virtual machine on an ESX server leaves a orphan on the
	vCenter behind. So undefine a virtual machine on a vCenter if available
	to fix this problem.

	esx: Don't warn about '/' paths

	esx: Use occurrence enum to specify expected result of a SOAP call
	Also move XPath expression composition into esxVI_Context_Execute().

	esx: Fix occurence typo

	esx: Extend documentation about 'vcenter' and add some about 'auto_answer'

	esx: Extend vCenter query parameter
	If an ESX host is managed by a vCenter, it knows the IP address of the
	vCenter. Setting the vCenter query parameter to * allows to connect to the
	vCenter known to an ESX host without the need to specify its IP address
	or hostname explicitly.

	esx: Removed unused inttypes.h include

	esx: Replace libxml1 'xmlChildrenNode' with libxml2 'children'

	esx: Use more suitable error code in esxVI_LookupVirtualMachineByUuid()

2009-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Improve domain lookup by UUID
	esxDomainLookupByUUID() and esxDomainIsActive() lookup a domain by asking
	ESX for all known domains and searching manually for the one with the
	matching UUID. This is inefficient. The VI API allows to lookup by UUID
	directly: FindByUuid().

	* src/esx/esx_driver.c: change esxDomainLookupByUUID() and esxDomainIsActive()
	  to use esxVI_LookupVirtualMachineByUuid(), also reorder some functions to
	  keep them in sync with the driver struct

2009-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Add automatic question handling
	Questions can block tasks, to handle them automatically the driver can answers
	them with the default answer. The auto_answer query parameter allows to enable
	this automatic question handling.

	* src/esx/README: add a detailed explanation for automatic question handling
	* src/esx/esx_driver.c: add automatic question handling for all task related
	  driver functions
	* src/esx/esx_util.[ch]: add handling for the auto_answer query parameter
	* src/esx/esx_vi.[ch], src/esx/esx_vi_methods.[ch], src/esx/esx_vi_types.[ch]:
	  add new VI API methods and types and additional helper functions for
	  automatic question handling

2009-12-18  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation with gcrypt < 1.4.2
	Commit 33a198c1f6a4a1bc7f34d50a31032e03bec10fee increased the gcrypt
	version requirement to 1.4.2 because the GCRY_THREAD_OPTION_VERSION
	define was added in this version.

	The configure script doesn't check for the gcrypt version. To support
	gcrypt versions < 1.4.2 change the virTLSThreadImpl initialization
	to use GCRY_THREAD_OPTION_VERSION only if it's defined.

2009-12-18  Diego Elio Pettenò  <flameeyes@gmail.com>

	Don't mix LDFLAGS and LIBS in the configure script
	* configure.in: If you pass libraries in the LDFLAGS variable, and then
	  try AC_CHECK_FUNCS to find whether a function is present or not,
	  it'll fail badly when using the --as-needed linker flag. Instead,
	  pass the libraries through the LIBS library, so that they are passed
	  after the conftest.c source file and the tests are done properly.

	Don't make it possible to define HAVE_HAL but not enable it in automake
	* configure.in: With the previous logic, if libhal_get_all_devices
	  function was not found, HAVE_HAL would be defined for the preprocessor
	  but it wouldn't be enabled in automake conditionals, causing the final
	  link to fail with missing references to HAL entries.

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	Implement virsh command 'cpu-compare'
	* tools/virsh.c: provide a way to us teh new API with virsh

	Implement CPU selection in QEMU driver
	* src/qemu/qemu_conf.c src/qemu/qemu_conf.h src/qemu/qemu_driver.c:
	  add the new entry point, extend capabilities and code to interract
	  with qemu

	Adds CPU map for models and features
	* src/cpu/cpu_map.xml: newdescription file
	* src/Makefile.am: include it in dist

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	Adds CPU selection infrastructure
	Each driver supporting CPU selection must fill in host CPU capabilities.
	When filling them, drivers for hypervisors running on the same node as
	libvirtd can use cpuNodeData() to obtain raw CPU data. Other drivers,
	such as VMware, need to implement their own way of getting such data.
	Raw data can be decoded into virCPUDefPtr using cpuDecode() function.

	When implementing virConnectCompareCPU(), a hypervisor driver can just
	call cpuCompareXML() function with host CPU capabilities.

	For each guest for which a driver supports selecting CPU models, it must
	set the appropriate feature in guest's capabilities:

	    virCapabilitiesAddGuestFeature(guest, "cpuselection", 1, 0)

	Actions needed when a domain is being created depend on whether the
	hypervisor understands raw CPU data (currently CPUID for i686, x86_64
	architectures) or symbolic names has to be used.

	Typical use by hypervisors which prefer CPUID (such as VMware and Xen):

	- convert guest CPU configuration from domain's XML into a set of raw
	  data structures each representing one of the feature policies:

	    cpuEncode(conn, architecture, guest_cpu_config,
	              &forced_data, &required_data, &optional_data,
	              &disabled_data, &forbidden_data)

	- create a mask or whatever the hypervisor expects to see and pass it
	  to the hypervisor

	Typical use by hypervisors with symbolic model names (such as QEMU):

	- get raw CPU data for a computed guest CPU:

	    cpuGuestData(conn, host_cpu, guest_cpu_config, &data)

	- decode raw data into virCPUDefPtr with a possible restriction on
	  allowed model names:

	    cpuDecode(conn, guest, data, n_allowed_models, allowed_models)

	- pass guest->model and guest->features to the hypervisor

	* src/cpu/cpu.c src/cpu/cpu.h src/cpu/cpu_generic.c
	  src/cpu/cpu_generic.h src/cpu/cpu_map.c src/cpu/cpu_map.h
	  src/cpu/cpu_x86.c src/cpu/cpu_x86.h src/cpu/cpu_x86_data.h
	* configure.in: check for CPUID instruction
	* src/Makefile.am: glue the new files in
	* src/libvirt_private.syms: add new private symbols
	* po/POTFILES.in: add new cpu files containing translatable strings

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	Remote driver CPU flags support
	* src/remote/remote_driver.c: add the new entry point

	CPU flags wire protocol format and server side
	* src/remote/remote_protocol.x: update with new entry point
	* daemon/remote.c: add the new server dispatcher
	* daemon/remote_dispatch_args.h daemon/remote_dispatch_prototypes.h
	  daemon/remote_dispatch_ret.h daemon/remote_dispatch_table.h
	  src/remote/remote_protocol.c src/remote/remote_protocol.h: regenerated

	Public API implementation
	* src/libvirt.c: adds the public entry point virConnectCompareCPU()

	Adds the internal driver API
	* src/driver.h: add an extra entry point in the structure
	* src/esx/esx_driver.c src/lxc/lxc_driver.c src/opennebula/one_driver.c
	  src/openvz/openvz_driver.c src/phyp/phyp_driver.c src/qemu/qemu_driver.c
	  src/remote/remote_driver.c src/test/test_driver.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xen_driver.c: add NULL entry points for
	  all drivers

	New public API definition virConnectCompareCPU()
	* include/libvirt/libvirt.h.in: add it in the public API as
	  well as the new flags
	* src/libvirt_public.syms: export it

2009-12-18  Daniel Veillard  <veillard@redhat.com>

	Fixes syntax-check with previous commit
	* po/POTFILES.in: adds src/conf/cpu_conf.c in teh set of files with
	  translatable content
	* src/conf/cpu_conf.c: remove an unused include

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	XML parsing/formating code for CPU flags
	* include/libvirt/virterror.h src/util/virterror.c: add new domain
	  VIR_FROM_CPU for errors
	* src/conf/cpu_conf.c src/conf/cpu_conf.h: new parsing module
	* src/Makefile.am proxy/Makefile.am: include new files
	* src/conf/capabilities.[ch] src/conf/domain_conf.[ch]: reference
	  new code
	* src/libvirt_private.syms: private export of new entry points

2009-12-18  Jiri Denemark  <jdenemar@redhat.com>

	XML schema for CPU flags
	XML schema for CPU flags

	Firstly, CPU topology and model with optional features have to be
	advertised in host capabilities:

	    <host>
	        <cpu>
	            <arch>ARCHITECTURE</arch>
	            <features>
	                <!-- old-style features are here -->
	            </features>
	            <model>NAME</model>
	            <topology sockets="S" cores="C" threads="T"/>
	            <feature name="NAME"/>
	        </cpu>
	        ...
	    </host>

	Secondly, drivers which support detailed CPU specification have to
	advertise
	it in guest capabilities:

	    <guest>
	    ...
	    <features>
	            <cpuselection/>
	        </features>
	    </guest>

	And finally, CPU may be configured in domain XML configuration:

	<domain>
	    ...
	    <cpu match="MATCH">
	        <model>NAME</model>
	        <topology sockets="S" cores="C" threads="T"/>
	        <feature policy="POLICY" name="NAME"/>
	    </cpu>
	</domain>

	Where MATCH can be one of:
	    - 'minimum'     specified CPU is the minimum requested CPU
	    - 'exact'       disable all additional features provided by host CPU
	    - 'strict'      fail if host CPU doesn't exactly match

	POLICY can be one of:
	    - 'force'       turn on the feature, even if host doesn't have it
	    - 'require'     fail if host doesn't have the feature
	    - 'optional'    match host
	    - 'disable'     turn off the feature, even if host has it
	    - 'forbid'      fail if host has the feature

	'force' and 'disable' policies turn on/off the feature regardless of its
	availability on host. 'force' is unlikely to be used but its there for
	completeness since Xen and VMWare allow it.

	'require' and 'forbid' policies prevent a guest from being started on a host
	which doesn't/does have the feature. 'forbid' is for cases where you disable
	the feature but a guest may still try to access it anyway and you don't want
	it to succeed.

	'optional' policy sets the feature according to its availability on host.
	When a guest is booted on a host that has the feature and then migrated to
	another host, the policy changes to 'require' as we can't take the feature
	away from a running guest.

	Default policy for features provided by host CPU but not specified in domain
	configuration is set using match attribute of cpu tag. If 'minimum' match is
	requested, additional features will be treated as if they were specified
	with 'optional' policy. 'exact' match implies 'disable' policy and 'strict'
	match stands for 'forbid' policy.

	* docs/schemas/capability.rng docs/schemas/domain.rng: extend the
	  RelaxNG schemas to add CPU flags support

2009-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Initialize gcrypt threading
	GNUTLS uses gcrypt for its crypto functions. gcrypt requires
	that the app/library initializes threading before using it.
	We don't want to force apps using libvirt to know about
	gcrypt, so we make virInitialize init threading on their
	behalf. This location also ensures libvirtd has initialized
	it correctly. This initialization is required even if libvirt
	itself were only using one thread, since another non-libvirt
	library (eg GTK-VNC) could also be using gcrypt from another
	thread

	* src/libvirt.c: Register thread functions for gcrypt
	* configure.in: Add -lgcrypt to linker flags

2009-12-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix bug in storage driver accessing wrong private data
	* src/storage/storage_driver.c: Fix IsPersistent() and IsActivE()
	  methods on storage pools to use 'storagePrivateData' instead
	  of 'privateData'. Also fix naming convention of objects

2009-12-16  Jim Meyering  <meyering@redhat.com>

	esx_vi.c: do not call through NULL function pointer
	* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
	inputs, fail right away.  Do not "goto failure" where a NULL
	input pointer would be dereferenced.

	esx_util.c: avoid NULL deref for invalid inputs
	* src/esx/esx_util.c (esxUtil_ParseDatastoreRelatedPath): Return
	right away for invalid inputs, rather than using them (which would
	dereference NULL pointers) in clean-up code.

2009-12-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Don't goto failure for invalid arguments in VMX code
	This also fixes a NULL-deref of virtualDev in esxVMX_ParseSCSIController
	found by Jim Meyering.

	Fix memory leak in qemudBuildCommandLine

2009-12-15  Jim Meyering  <meyering@redhat.com>

	avoid calling exit with a constant; use EXIT_* instead
	This appeases a new gnulib-provided "syntax-check".
	* daemon/libvirtd.c (main): Use EXIT_FAILURE, not 1.
	* proxy/libvirt_proxy.c (main): Likewise, and EXIT_SUCCESS, not 0.
	* tests/conftest.c (main): Likewise.
	* tests/reconnect.c (main): Likewise.
	* tests/testutils.h (EXIT_AM_SKIP): Define.
	* tests/nodeinfotest.c (mymain): Use EXIT_AM_SKIP, not 77.
	* tests/qemuargv2xmltest.c: Likewise.
	* tests/qemuxml2xmltest.c: Likewise.
	* tests/virshtest.c (mymain): Likewise.

	maint: remove from VC two gnulib-provided files
	* build-aux/link-warning.h: Remove file from version control.
	* build-aux/mktempd: Likewise.
	* build-aux/.gitignore: Adjust.

	avoid malfunction when virFileResolveLink is applied to non-POSIX FS
	The virFileResolveLink utility function relied on the POSIX guarantee
	that stat.st_size of a symlink is the length of the value.  However,
	on some types of file systems, it is invalid, so do not rely on it.
	Use gnulib's areadlink module instead.
	* bootstrap (modules): Add areadlink.
	* src/util/util.c: Include "areadlink.h".
	Let areadlink perform the readlink and malloc.
	* configure.in (AC_CHECK_FUNCS): Remove readlink.  No need,
	since it's presence is guaranteed by gnulib.

	build: update gnulib submodule to latest

	xm_internal.c: remove misleading dead code
	* src/xen/xm_internal.c (xenXMConfigGetULong): Remove useless and
	misleading test (always false) for val->str == NULL before code that
	always dereferences val->str.  "val" comes from virConfGetValue, and
	at that point, val->str is guaranteed to be non-NULL.
	(xenXMConfigGetBool): Likewise.
	* src/util/conf.c (virConfSetValue): Ensure that vir->str is never NULL,
	not even if someone tries to set such a value via virConfSetValue.

	libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref
	* src/libvirt.c (virDomainGetVcpus): Describe new, stronger
	requirement on "maplen"s relationship to "cpumaps".

	qemu migration: avoid NULL-deref given an invalid input
	* src/qemu/qemu_driver.c (doNonTunnelMigrate): Don't let a
	NULL "uri_out" provoke a NULL-dereference in doNativeMigrate:
	supply omitted goto-after-qemudReportError.

	qemu_driver.c: don't unlink(NULL) on OOM error path
	* src/qemu/qemu_driver.c (qemudDomainMigratePrepareTunnel): Upon an
	out of memory error, we would end up with unixfile==NULL and attempt
	to unlink(NULL).  Skip the unlink when it's NULL.

	remote_driver.c: also zero out ->saslDecodedOffset member
	* src/remote/remote_driver.c (remoteIOReadMessage): ...rather than
	zeroing out priv->saslDecodedLength twice.

	qemu_driver.c: avoid double free on error path
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Set
	"event" to NULL after qemuDomainEventQueue frees it, so a
	subsequent free (after endjob label) upon qemuMonitorStartCPUs
	failure does not cause a double free.

	libvirtd: avoid a NULL dereference on error path
	* daemon/libvirtd.c (qemudDispatchServer): Since "client" may be
	NULL in the "cleanup:" block, free client->rx only when it's not.

2009-12-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix and improve domain xml video element description
	The description mismatched the actual structure since the video element
	was introduced. The nvram attribute is actually called vram. Specify the
	unit of the vram attribute.

2009-12-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix install location for Python bindings
	Commit 66137344feb488ea87b0d92f3c03844d9a7a7786 changed the Python detection
	mechanism in configure to use AM_PATH_PYTHON. This results in a changed
	install location for the Python bindings, at least on Fedora 12 64bit systems.

	Before this commit libvirt.py and libvirtmod.so were installed to

	  /usr/lib64/python2.6/site-packages

	After this commit they are installed to

	  /usr/lib/python2.6/site-packages

	Mixed Python packages (containing *.py and *.so files) should be installed to
	the pyexecdir directory detected by AM_PATH_PYTHON.

	This restores the install location from before the AM_PATH_PYTHON commit.

	* configure.in: remove unnecessary pythondir export
	* python/Makefile.am: switch from pythondir to pyexecdir

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Relax the allowed values for machine type in schema
	* docs/schemas/domain.rng: don't try to validate based on a list, open
	  up the machine type to a regexp allowing a-z A-Z 0-9 _ - and .

2009-12-14  Jim Meyering  <meyering@redhat.com>

	virsh: avoid double-free
	* tools/virsh.c (vshCommandParse): Avoid double-free of "tkdata".
	Set it to NULL immediately after free in the (cmd == NULL) case,
	just as in the other case, in case the final free(tkdata) is
	triggered by a syntax error.

	node_device_driver.c: don't write beyond EOB for 4K-byte symlink
	* src/node_device/node_device_driver.c (update_driver_name): The
	previous code would write one byte beyond the end of the 4KiB
	stack buffer when presented with a symlink value of exactly that
	length (very unlikely).  Remove the automatic buffer and use
	virFileResolveLink in place of readlink.  Suggested by Daniel Veillard.

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Fix owner and group in example volume XML
	The owner and group in the documentation examples were confusingly given as
	'0744'. They should be numeric uid and gid. Changed the examples to use the
	default uid and gid assigned to qemu in F12.

	* docs/formatstorage.html.in: Change example owner and group in volume XML

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	add missing doc for device <shareable/> option

2009-12-14  Laine Stump  <laine@laine.org>

	Eliminate failure to delete empty storage pools
	* src/storage/storage_backend_fs.c: virStorageBackendFileSystemDelete
	  was incorrectly calling unlink() in an attempt to remove a directory.
	  It should be calling rmdir() instead.

2009-12-14  Jiri Denemark  <jdenemar@redhat.com>

	Fix use of virEventAddHandleImpl()
	src/node_device/node_device_udev.c was using a function available only
	on the daemon code, fix this and use the function available globally

	* src/node_device/node_device_udev.c: replace use of virEventAddHandleImpl
	  by virEventAddHandle

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Cleanup temporary #define after use
	* src/qemu/qemu_driver.c: #undef LOOKUP_PTYS after use in
	  qemudFindCharDevicePTYsMonitor()

2009-12-14  Dave Allan  <dallan@redhat.com>

	Implement --pool option for virsh vol-path
	This patch fixes the problem reported in:

	https://bugzilla.redhat.com/show_bug.cgi?id=509306

	The bug reporter says that vol-delete does not support the --pool
	option, but that's not the case in the current head.  This patch makes
	vol-path behave the same way as vol-delete

	* tools/virsh.c: Modified vol-path to use the same logic as vol-delete,
	  allowing the syntax: virsh vol-path --pool testdirpool testvol0

2009-12-14  Cole Robinson  <crobinso@redhat.com>

	nodedev: Add removable storage 'media_label' prop
	Provides the CDROM label for current media. Only implemented for the
	udev backend.

2009-12-14  Dave Allan  <dallan@redhat.com>

	expose SR IOV physical/virtual function relationships
	exposes the relationships between physical
	and virtual functions on SR IOV capable devices.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	Fix possible NULL pointer dereference
	If there are no references remaining to the object, vm is set to NULL
	and vm->persistent cannot be accessed.  Fixed by this trivial patch.

	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Avoid possible
	  NULL pointer dereference on --crash dump.

2009-12-14  Jamie Strandboge  <jamie@canonical.com>

	add AppArmor test and examples to dist
	tests/virt-aa-helper-test and examples/apparmor are not included in
	official tarballs, but should be. Attached is a patch to fix that
	which works when apparmor is and is not available.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	add --live support to "virsh dump"
	This is trivial for QEMU since you just have to not stop the vm before
	starting the dump.  And for Xen, you just pass the flag down to xend.

	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): Add VIR_DUMP_LIVE.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Support live dumping.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support live dumping.
	* tools/virsh.c (opts_dump): Add --live. (cmdDump): Map it to VIR_DUMP_LIVE.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	add --crash support to "virsh dump"
	This patch adds the --crash option (already present in "xm dump-core")
	to "virsh dump".  virDomainCoreDump already has a flags argument, so
	the API/ABI is untouched.

	* include/libvirt/libvirt.h.in (virDomainCoreDumpFlags): New flag for
	  CoreDump
	* src/test/test_driver.c (testDomainCoreDump): Do not crash
	  after dump unless VIR_DUMP_CRASH is given.
	* src/qemu/qemu_driver.c (qemudDomainCoreDump): Shutdown the domain
	  instead of restarting it if --crash is passed.
	* src/xen/xend_internal.c (xenDaemonDomainCoreDump): Support --crash.
	* tools/virsh.c (opts_dump): Add --crash.
	  (cmdDump): Map it to flags for virDomainCoreDump and pass them.

2009-12-14  Paolo Bonzini  <pbonzini@redhat.com>

	fix various breakages in qemu Dump command
	1) qemuMigrateToCommand uses ">>" so we have to truncate the file
	before starting the migration;

	2) the command wasn't updated to chown the driver and set/restore
	the security lavels;

	3) the VM does not have to be resumed if migration fails;

	4) the file is not removed when migration fails.

	* src/qemu/qemu_driver.c (qemuDomainCoreDump): Truncate file before
	  dumping, set/restore ownership and security labels for the file.

2009-12-14  Daniel Veillard  <veillard@redhat.com>

	Fix a couple of problems in last patch
	Those were pointed by DanB in his review but not yet fixed

	* src/qemu/qemu_driver.c: qemudWaitForMonitor() use EnterMonitorWithDriver()
	  and ExitMonitorWithDriver() there
	* src/qemu/qemu_monitor_text.c: checking fro strdu failure and hash
	  table add error in qemuMonitorTextGetPtyPaths()

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Get QEMU pty paths from the monitor
	This change makes the QEMU driver get pty paths from the output of the
	monitor 'info chardev' command. This output is structured, and contains
	both the name of the device and the path on the same line. This is
	considerably more reliable than parsing the startup log output, which
	requires the parsing code to know which order QEMU will print pty
	information in.

	Note that we still need to parse the log output as the monitor itself
	may be on a pty. This should be rare, however, and the new code will
	replace all pty paths parsed by the log output method once the monitor
	is available.

	* src/qemu/qemu_monitor.(c|h) src/qemu_monitor_text.(c|h): Implement
	  qemuMonitorGetPtyPaths().
	* src/qemu/qemu_driver.c: Get pty path information using
	  qemuMonitorGetPtyPaths().

2009-12-14  Matthew Booth  <mbooth@redhat.com>

	Extract the assigned pty device for QEmu channels
	* src/qemu/qemu_driver.c: Parse pty devices for channels

	Make QEMU driver use -chardev everywhere if available
	Change -monitor, -serial and -parallel output to use -chardev if it is
	available.
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLine to use -chardev where
	  available.
	* tests/qemuxml2argvtest.c tests/qemuxml2argvdata/: Add -chardev equivalents
	  for all current serial and parallel tests.

2009-12-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Suppress cgroup error message on sucess startup
	Even if qemudStartVMDaemon suceeds, an error was logged such as
	'qemuRemoveCgroup:1778 : internal error Unable to find cgroup for'.
	This is because qemudStartVMDaemon calls qemuRemoveCgroup to
	ensure that old cgroup does not remain. This workaround makes
	sense but leaving an error message may confuse users.
	* src/qemu/qemu_driver.c: a an option to the function to suppress the
	  error being logged

2009-12-11  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix reference leak in remoteDispatchStorageVolCreateXmlFrom

	Fix memory leak in virStorageBackendCopyToFD

2009-12-11  Daniel Veillard  <veillard@redhat.com>

	Fix 'make syntax-check' after iptables.c cleanup

2009-12-11  Paolo Bonzini  <pbonzini@redhat.com>

	retrieve paused/running state at migration start
	This patch fixes the bug where paused/running state is not
	transmitted during migration.  As a result, in the QEMU driver
	for example the machine was always started on the destination
	end.

	In order to do so, just read the state and if it is appropriate and
	set the VIR_MIGRATE_PAUSED flag.

	* src/libvirt.c (virDomainMigrateVersion1, virDomainMigrateVersion2):
	  Automatically add VIR_MIGRATE_PAUSED when appropriate.
	* src/xen/xend_internal.c (xenDaemonDomainMigratePerform): Give a nicer
	  error message when migration of paused domains is attempted.

2009-12-11  Paolo Bonzini  <pbonzini@redhat.com>

	add virsh --suspend arg to migrate command
	This adds a new flag, VIR_MIGRATE_PAUSED, that mandates pausing
	the migrated VM before starting it.

	* include/libvirt/libvirt.h.in (virDomainMigrateFlags): Add VIR_MIGRATE_PAUSED.
	* src/qemu/qemu_driver.c (qemudDomainMigrateFinish2): Handle VIR_MIGRATE_PAUSED.
	* tools/virsh.c (opts_migrate): Add --suspend. (cmdMigrate): Handle it.
	* tools/virsh.pod (migrate): Document it.

2009-12-11  Paolo Bonzini  <pbonzini@redhat.com>

	fix migration of paused vms upon failure
	This makes a small change on the failed-migration path.  Up to now,
	all VMs that failed non-live migration after the "stop" command
	were restarted.  This must not be done when the VM was paused in
	the first place.

	* src/qemu/qemu_driver.c (qemudDomainMigratePerform): Do not restart
	  a paused VM that fails migration.  Set paused state after "stop",
	  reset it after failure.

2009-12-11  Diego Elio Pettenò  <flameeyes@gmail.com>

	Small change of RNG syntax for domain
	* docs/schemas/domain.rng: As trang seems to bug with <optional><oneOrMore>
	  replace it with <zeroOrMore>

2009-12-10  Richard Jones  <rjones@redhat.com>

	qemu driver: Fix segfault in libvirt/libvirtd when uri->path is NULL.
	See also:
	https://bugzilla.redhat.com/show_bug.cgi?id=545400#c1

2009-12-10  Diego Elio Pettenò  <flameeyes@gmail.com>

	Fix a wellformedness problem in secret.rng
	* docs/schemas/secret.rng: ref tag for usagevolume wasn't closed

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	remove iptablesReloadRules() and related code
	We don't use this method of reloading rules anymore, so we can just
	kill the code.

	This simplifies things a lot because we no longer need to keep a
	table of the rules we've added.

	* src/util/iptables.c: kill iptablesReloadRules()

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	remove all traces of lokkit support
	Long ago we tried to use Fedora's lokkit utility in order to register
	our iptables rules so that 'service iptables restart' would
	automatically load our rules.

	There was one fatal flaw - if the user had configured iptables without
	lokkit, then we would clobber that configuration by running lokkit.

	We quickly disabled lokkit support, but never removed it. Let's do
	that now.

	The 'my virtual network stops working when I restart iptables' still
	remains. For all the background on this saga, see:

	  https://bugzilla.redhat.com/227011

	* src/util/iptables.c: remove lokkit support

	* configure.in: remove --enable-lokkit

	* libvirt.spec.in: remove the dirs used only for saving rules for lokkit

	* src/Makefile.am: ditto

	* src/libvirt_private.syms, src/network/bridge_driver.c,
	  src/util/iptables.h: remove references to iptablesSaveRules

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	reload iptables rules on libvirtd restart
	This is the expected behaviour, I think - reloading libvirtd should
	be a subset of restarting it.

	Note, we reload the rules after we've determined which networks
	are active (because we only add the rules for active networks)
	and before we start autostart networks (to avoid re-adding the
	rules).

	* src/network/bridge_driver.c: reload iptables rules on startup

2009-12-10  Mark McLoughlin  <markmc@redhat.com>

	reload iptables rules simply by re-adding them
	Currently, when we add iptables rules, we keep them on a list so that
	we can easily reload them on e.g. 'service libvirtd reload'.

	However, we don't save this list to disk, so if libvirtd is restarted
	we lose the ability to reload the rules.

	The fix is simple - just re-add the damn things on reload.

	Note, we delete the rules before re-adding them, just like the current
	behaviour of iptRulesReload().

	* src/network/bridge_driver.c: re-add the iptables rules on reload.

2009-12-10  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virBufferFreeAndReset() and replace free()
	Replace free(virBufferContentAndReset()) with virBufferFreeAndReset().
	Update documentation and replace all remaining calls to free() with
	calls to VIR_FREE(). Also add missing calls to virBufferFreeAndReset()
	and virReportOOMError() in OOM error cases.

2009-12-09  Jim Fehlig  <jfehlig@novell.com>

	Plumb domain description tag in xend backend
	xen-unstable changesets 20321 and 20521 added support for
	description in xend domain config.  This patch extends that
	support in xend backend.
	* src/xen/xend_internal.c: add parse and output of domain description

2009-12-09  Richard Jones  <rjones@redhat.com>

	Update location of C# bindings.

2009-12-09  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU text monitor parsing more robust
	The QEMU 0.10.0 release (and possibly other 0.10.x) has a bug where
	it sometimes/often forgets to display the initial monitor greeting
	line, soley printing a (qemu).  This in turn confuses the text
	console parsing because it has a '(qemu)' it is not expecting. The
	confusion results in a negative malloc. Bad things follow.

	This re-writes the text console handling to be more robust. The key
	idea is that it should only look for a (qemu), once it has seen the
	original command echo'd back. This ensures it'll skip the bogus stray
	(qemu) with broken QEMUs.

	* src/qemu/qemu_monitor.c: Add some (disabled) debug code
	* src/qemu/qemu_monitor_text.c: Re-write way command replies
	  are detected

2009-12-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix virDomainObj ref handling in QEMU driver
	Since the monitor I/O is processed out of band from the main
	thread(s) invoking monitor  commands, the virDomainObj may be
	deleted by the I/O thread. The qemuDomainObjBeginJob takes an
	extra reference to protect against final deletion, but this
	reference is released by the corresponding EndJob call. THus
	after the EndJob call it may not be valid to reference the
	virDomainObj any more. To allow callers to detect this, the
	EndJob call is changed to return the remaining reference count.

	* src/conf/domain_conf.c: Make virDomainObjUnref return the
	  remaining reference count
	* src/qemu/qemu_driver.c: Avoid referencing virDomainObjPtr
	  after qemuDomainObjEndJob if it has been deleted.

2009-12-09  Daniel Veillard  <veillard@redhat.com>

	Fix the news file non-ascii characters
	by adding an explicit HTML encoding meta description

2009-12-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Use AM_PATH_PYTHON and python-config to detect Python configuration
	Using AM_PATH_PYTHON solves the site-packages directory problem. At least
	in Ubuntu with Python 2.6 and later site-packages is renamed to dist-packages
	and site-packages is not part of sys.path anymore. So installing the libvirt
	Python bindings to site-packages renders them unusable, because they can be
	imported from there without manually including site-packages into sys.path.

	AM_PATH_PYTHON detects the correct site-packages/dist-packages directory.

	python-config --includes gives the correct include path for the Python header
	files. The old probing code stays there as fallback mechanism.

	* configure.in: use AM_PATH_PYTHON and python-config
	* python/Makefile.am: remove -I because PYTHON_INCLUDES contains it now

2009-12-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add missing commas to the 0.7.4 news section

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Change generated HTML to UTF-8 encoding
	* docs/ChangeLog.xsl docs/newapi.xsl docs/site.xsl: change all
	  stylesheets to output UTF-8 HTML instead of ISO Latin 1 which was
	  breaking on some people names.

	Avoid an type-punned pointer aliasing pbm
	Fix this warning, there is no need to use an intermediate,
	different array pointer.
	network.c: In function 'getIPv6Addr':
	network.c:50: warning: dereferencing type-punned pointer will break strict-aliasing rules
	* src/util/network.c: avoid an intermediary pointer cast

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Hook up JSON monitor to emit basic lifecycle events
	* src/qemu/qemu_monitor_json.c: Hook up reset, shutdown,
	  poweroff and stop events

	Add QEMU monitor callbacks for basic lifecycle events
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add callbacks
	  for reset, shutdown, poweroff and stop events. Add convenience
	  methods for emiting those events

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Switch over to passing a callback table to QEMU monitor
	With addition of events there will be alot of callbacks.
	To avoid having to add many APIs to register callbacks,
	provide them all at once in a big table

	* src/qemu/qemu_driver.c: Pass in a callback table to QEMU
	  monitor code
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h Replace
	  the EOF and disk secret callbacks with a callback table

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Support for JSON mode monitor
	Initial support for the new QEMU monitor protocol  using JSON
	as the data encoding format instead of plain text

	* po/POTFILES.in: Add src/qemu/qemu_monitor_json.c
	* src/qemu/qemu_conf.c, src/qemu/qemu_conf.h: Hack to turn on QMP
	  mode. Replace with a version number check on >= 0.12 later
	* src/qemu/qemu_monitor.c: Delegate to json monitor if enabled
	* src/qemu/qemu_monitor_json.c, src/qemu/qemu_monitor_json.h: Add
	  impl of QMP protocol
	* src/Makefile.am: Add src/qemu/qemu_monitor_json.{c,h}

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Introduce callbacks for serializing domain object private data to XML
	Now that drivers are using a private domain object state blob,
	the virDomainObjFormat/Parse methods are no longer able to
	directly serialize all neccessary state to/from XML. It is
	thus neccessary to introduce a pair of callbacks fo serializing
	private state.

	The code for serializing vCPU PIDs and the monitor device
	config can now move out of domain_conf.c and into the
	qemu_driver.c where they belong.

	* src/conf/capabilities.h: Add callbacks for serializing private
	  state to/from XML
	* src/conf/domain_conf.c, src/conf/domain_conf.h: Remove the
	  monitor, monitor_chr, monitorWatch, nvcpupids and vcpupids
	  fields from virDomainObjPtr. Remove code that serialized
	  those fields
	* src/libvirt_private.syms: Export virXPathBoolean
	* src/qemu/qemu_driver.c: Add callbacks for serializing monitor
	  and vcpupid data to/from XML
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Pass monitor
	  char device config into qemuMonitorOpen directly.

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Switch LXC driver to use a private data blob for virDomainObj state
	* src/lxc/lxc_driver.c: Introduce lxcDomainObjPrivate for storing
	  monitor device state

	Switch UML driver to use a private data blob for virDomainObj state
	* src/uml/uml_driver.c: Introduce umlDomainObjPrivateData for storing
	  monitor device state. Remove unneccessary VIR_FREE on vcpupids

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Pull code to start CPUs executing out of qemudInitCpuAffinity()
	The code to start CPUs executing has nothing todo with CPU
	affinity masks, so pull it out of the qemudInitCpuAffinity()
	method and up into qemudStartVMDaemon()

	* src/qemu/qemu_driver.c: Pull code to start CPUs executing out
	  of qemudInitCpuAffinity()

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Add a 'format' arg to qemuMonitorChangeMedia() since JSON will support it
	The current QEMU disk media change does not support setting the
	disk format. The new JSON monitor will support this, so add an
	extra parameter to pass this info in

	* src/qemu/qemu_driver.c: Pass in disk format when changing media
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c,
	  src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Add a 'format' arg to qemuMonitorChangeMedia()

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix migration cancellation for QEMU
	* src/qemu/qemu_monitor_text.c: Add missing underscore in the
	  migrate_cancel monitor command impl

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Move qemuMonitorEscape + migrate status enum into shared monitor code
	The qemuMonitorEscape() method, and the VIR_ENUM for migration
	status will be needed by the JSON monitor too, so move that code
	into the shared qemu_monitor.c file instead of qemu_monitor_text.c

	* src/qemu/qemu_monitor.h: Declare qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor.c: Implement qemuMonitorMigrationStatus enum
	  and qemuMonitorEscapeArg and qemuMonitorEscapeShell methods
	* src/qemu/qemu_monitor_text.c: Remove above methods/enum

2009-12-08  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash when deleting monitor while a command is in progress
	If QEMU shuts down while we're in the middle of processing a
	monitor command, the monitor will be freed, and upon cleaning
	up we attempt to do  qemuMonitorUnlock(priv->mon) when priv->mon
	is NULL.

	To address this we introduce proper reference counting into
	the qemuMonitorPtr object, and hold an extra reference whenever
	executing a command.

	* src/qemu/qemu_driver.c: Hold a reference on the monitor while
	  executing commands, and only NULL-ify the priv->mon field when
	  the last reference is released
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add reference
	  counting to handle safe deletion of monitor objects

2009-12-08  Guido Günther  <agx@sigxcpu.org>

	udev_device_get_devpath might return NULL
	Fix crash on strdup in that case.

2009-12-08  Daniel Veillard  <veillard@redhat.com>

	Fix a compilation failure if yajl not avail
	configure:     yajl: no
	CC     libvirt_util_la-json.lo
	util/json.c:32:27: error: yajl/yajl_gen.h: No such file or directory
	util/json.c:33:29: error: yajl/yajl_parse.h: No such file or directory

	* src/util/json.c: remove the includes if yajl not configured in

2009-12-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix compilation for configure --disable-nls

	vbox: Update IIDs from version 3.1-beta2 to 3.1-final
	This solves the 'nsIEventQueue object is null' error when trying
	to connect to a VirtualBox 3.1 hypervisor instance.

2009-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Fix ReprotError vs ReportError typo in JSON code
	* src/util/json.c: Fix ReprotError typo when YAJL is not available

	Fix inverted conditional test in configure.ac check for yajl
	* configure.in: Fix inverted conditional test when yajl is not
	  found

2009-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Introduce a simple API for handling JSON data
	This introduces simple API for handling JSON data. There is
	an internal data structure 'virJSONValuePtr' which stores a
	arbitrary nested JSON value (number, string, array, object,
	nul, etc).  There are APIs for constructing/querying objects
	and APIs for parsing/formatting string formatted JSON data.

	This uses the YAJL library for parsing/formatting from

	 http://lloyd.github.com/yajl/

	* src/util/json.h, src/util/json.c: Data structures and APIs
	  for representing JSON data, and parsing/formatting it
	* configure.in: Add check for yajl library
	* libvirt.spec.in: Add build requires for yajl
	* src/Makefile.am: Add json.c/h
	* src/libvirt_private.syms: Export JSON symbols to drivers

2009-12-07  Daniel P. Berrange  <berrange@redhat.com>

	Add --system flag to autogen.sh to make it easy to build with right prefix
	Add a --system flag to autogen.sh which gets turned into the args
	--prefix=/usr --sysconfdir=/etc --localstatedir=/var to make it
	easy to build with settings that match an RPM build

	* autogen.sh: Add --system flag

2009-12-04  Jiri Denemark  <jdenemar@redhat.com>

	Export all symbols from xml.h for internal use
	Some of the very useful calls for XML parsing provided by util/xml.[ch]
	were not exported as private symbols. This patch fixes this.

2009-12-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	vbox: Use virIndexToDiskName() in vboxGenerateMediumName()

2009-12-04  Jiri Denemark  <jdenemar@redhat.com>

	Tests for interface type/model configuration
	add a set of tests for Xen interface type and model configurations

2009-12-04  Jiri Denemark  <jdenemar@redhat.com>

	Support for interface model='netfront'
	Xen HVM guests with PV drivers end up with two network interfaces for
	each configured interface. One of them being emulated by qemu and the
	other one paravirtual. As this might not be desirable, the attached
	patch provides a way for users to specify that only paravirtual network
	interface should be presented to the guest.

	The configuration was inspired by qemu/kvm driver, for which users can
	specify model='virtio' to use paravirtual network interface.

	The patch adds support for model='netfront' which results in
	type=netfront instead of type=ioemu (or nothing for newer xen versions)
	in guests native configuration. Xen's qemu ignores interfaces with
	type != ioemu and only paravirtual network device will be seen in the
	guest.

	Four possible configuration scenarios follow:

	- no model specified in domain's XML
	    - libvirt will behave like before this change; it will set
	      type=ioemu for HVM guests on xen host which is not newer than
	      XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU
	    - covered by existing tests

	- PV guest, any model
	    - no functional change, model is passed as is (and ignored by the
	      hypervisor)
	    - covered by existing tests (e.g., *-net-e1000.*)
	- HVM guest, model=netfront
	    - type is set to "netfront", model is not specified
	    - covered by new *-net-netfront.* tests

	- HVM guest, model != netfront
	    - type is set to "ioemu", model is passed as is
	    - covered by new *-net-ioemu.* tests

	The fourth scenario feels like a regression for xen newer than
	XEND_CONFIG_MAX_VERS_NET_TYPE_IOEMU as users who had a model specified
	in their guest's configuration won't see a paravirtual interface in
	their guests any more. On the other hand, the reason for specifying a
	model is most likely the fact that they want to use such model which
	implies emulated interface. Users of older xen won't be affected at all
	as their xen provides paravirtual interface regardless of the type used.

	- src/xen/xend_internal.c: add netfront support for the xend backend
	- src/xen/xm_internal.c: add netfront support for the XM serialization too

2009-12-04  Pritesh Kothari  <pritesh.kothari@sun.com>

	vbox: Add support for version 3.1
	Also fixed serial port configuration which was broken due to recent
	change in virDomainChrDef where targetType was newly added.

	* src/Makefile.am: add new files
	* src/vbox/vbox_driver.c: add case for version 3.1
	* src/vbox/vbox_tmpl.c: refactor common patterns into macros, support for
	  version 3.1, serial port configuration fix
	* src/vbox/vbox_CAPI_v3_1.h, src/vbox/vbox_V3_1.c: generated code

2009-12-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add virIndexToDiskName and fix mapping gap
	esxVMX_IndexToDiskName handles indices up to 701. This limit comes
	from a mapping gap in virDiskNameToIndex:

	  sdzy -> 700
	  sdzz -> 701
	  sdaaa -> 728
	  sdaab -> 729

	This line in virDiskNameToIndex causes this gap:

	  idx = (idx + i) * 26;

	Fixing it by altering this line to:

	  idx = (idx + (i < 1 ? 0 : 1)) * 26;

	Also add a new version of virIndexToDiskName that handles the inverse
	mapping for arbitrary indices.

	* src/esx/esx_vmx.[ch]: remove esxVMX_IndexToDiskName
	* src/util/util.[ch]: add virIndexToDiskName and fix mapping gap
	* tests/esxutilstest.c: update test to verify that the gap is fixed

2009-12-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix some locking issues
	* src/conf/domain_conf.c: don't call virDomainObjUnlock twice
	* src/qemu/qemu_driver.c: relock driver lock if an error occurs in
	  qemuDomainObjBeginJobWithDriver, enter/exit monitor with driver
	  in qemudDomainSave

2009-12-03  Daniel Veillard  <veillard@redhat.com>

	Fix missing background color

2009-12-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix event test timer checks on kernels with HZ=100
	On kernels with HZ=100, the resolution of sleeps in poll() is
	quite bad. Doing a precise check on the expiry time vs the
	current time will thus often thing the timer has not expired
	even though we're within 10ms of the expected expiry time. This
	then causes another pointless sleep in poll() for <10ms. Timers
	do not need to have such precise expiration, so we treat a timer
	as expired if it is within 20ms of the expected expiry time. This
	also fixes the eventtest.c test suite on kernels with HZ=100

	* daemon/event.c: Add 20ms fuzz when checking for timer expiry

2009-11-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in QEMU driver webpage
	* docs/drvqemu.html.in: Fix typo describing URI driver protocol

2009-11-30  Paolo Bonzini  <pbonzini@redhat.com>

	Add another SENTINEL attribute
	* src/xen/xend_internal.c (xend_op): Add ATTRIBUTE_SENTINEL.

2009-11-26  Wolfgang Mauerer  <wolfgang.mauerer@siemens.com>

	Clarify documentation for private symbols
	The instruction "See Makefile.am" in libvirt.private_syms
	always makes me think that this file is autogenerated
	and should not be touched manually. This patch spares
	every reader of libvirt.private_syms the hassle of
	reading Makefile.am before augmenting libvirt.private_syms.

	Fix help message
	The configuration file setting is overriden by -f or --config, but
	not with -c

2009-11-26  Daniel P. Berrange  <berrange@redhat.com>

	Fix threading problems in python bindings
	* libvirt-override.c: Add many missing calls to allow threading
	  when entering C code, otherwise python blocks & then deadlocks
	  when we have an async event to dispatch back into python code.
	  Fix return value check for virDomainPinVcpu binding.

	Supress annoying libcap-ng errors from valgrind
	* tests/.valgrind.supp: Ignore capng problems

	Fix two leaks in test driver
	* src/test/test_driver.c: Fix leak of vcpu info, and nodedevice
	  info

	Free cgroup device ACL list on driver shutdown
	* src/qemu/qemu_driver.c: Free cgroup ACLs

2009-11-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	xen: Fix unconditional freeing in xenDaemonListDefinedDomains()
	Commit 790f0b3057787bb64da8c46c111ff8d3eff7b2af causes the contents of
	the names array to be freed even on success, resulting in no listing of
	defined but inactive Xen domains.

	Spotted by Jim Fehlig

2009-11-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix default disk type when parsing QEMU argv
	* src/qemu/qemu_conf.c: Fix default disk type to be 'FILE'
	  again, after previous commit accidentally changed it

2009-11-24  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	remove port filter when network device is detached
	* src/qemu/qemu_driver.c: remove the port filter if the network device
	  is detached via virDomainDetachDevice.

2009-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Support QEMU's virtual FAT block device driver
	Introduce a new type="dir"  mode for <disks> that allows use of
	QEMU's  virtual FAT block device driver. eg

	    <disk type='dir' device='floppy'>
	      <source dir='/tmp/test'/>
	      <target dev='fda' bus='fdc'/>
	      <readonly/>
	    </disk>

	gets turned into

	  -drive file=fat:floppy:/tmp/test,if=floppy,index=0

	Only read-only disks are supported with virtual FAT mode

	* src/conf/domain_conf.c, src/conf/domain_conf.h: Add type="dir"
	* docs/schemas/domain.rng: Document new disk type
	* src/xen/xend_internal.c, src/xen/xm_internal.c: Raise error for
	  unsupported disk types
	* tests/qemuxml2argvdata/qemuxml2argv-disk-cdrom-empty.args: Fix
	  empty disk file handling
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-fat.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.args,
	  tests/qemuxml2argvdata/qemuxml2argv-floppy-drive-fat.xml
	  tests/qemuxml2argvtest.c: Test QEMU vitual FAT driver
	* src/qemu/qemu_conf.c: Support generating fat:/some/dir type
	  disk args
	* src/security/security_selinux.c: Temporarily skip labelling
	  of directory based disks

2009-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Alternate CPU affinity impl to cope with NR_CPUS > 1024
	The cpu_set_t type can only cope with NR_CPUS <= 1024, beyond this
	it is neccessary to use alternate CPU_SET maps with a dynamically
	allocated CPU map

	* src/util/processinfo.c: Support new unlimited size CPU set type

2009-11-23  Daniel P. Berrange  <berrange@redhat.com>

	Pull schedular affinity code out into a separate module
	* src/Makefile.am: Add processinfo.h/processinfo.c
	* src/util/processinfo.c, src/util/processinfo.h: Module providing
	  APIs for getting/setting process CPU affinity
	* src/qemu/qemu_driver.c: Switch over to new APIs for schedular
	  affinity
	* src/libvirt_private.syms: Export virProcessInfoSetAffinity
	  and virProcessInfoGetAffinity to internal drivers

	Ignore docs/ directory for strcmp() syntax check
	* .x-sc_prohibit_strcmp_and_strncmp: Ignore docs/

2009-11-22  Dan Kenigsberg  <danken@redhat.com>

	Fix news.html validation

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.4
	0.7.3 was broken

	* configure.in docs/news.html.in: release of 0.7.4
	* configure.in libvirt.spec.in: require netcf >= 0.1.4
	* src/Makefile.am: node_device/node_device_udev.h was missing from
	  NODE_DEVICE_DRIVER_UDEV_SOURCES breaking compilation on platforms with
	  udev

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.3
	* configure.in docs/news.html.in libvirt.spec.in: describe new release
	* po/*.po*: regenerate

2009-11-20  Daniel P. Berrange  <berrange@redhat.com>

	Enable udev instead of hal on F12 / RHEL-6 or later
	HAL has been deprecated since F12 and RHEL-6, so if building on
	these platforms, switch on the udev driver instead

	* libvirt.spec.in: Activate udev on F12/RHEL6

2009-11-20  Cole Robinson  <crobinso@redhat.com>

	Document overriding domain interface target
	* docs/formatdomain.html.in: document that vnet and vif are reserved
	  names and will be ignored if manually specified.

	python: Actually implement list*Interfaces bindings
	* python/generator.py python/libvirt-override-api.xml
	  python/libvirt-override.c: implement the bindings for
	  virConnectListInterfaces() and virConnectListDefinedInterfaces()

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	514532 Fix man page, most operation are synchronous
	* tools/virsh.pod: the man page was stating that most operations
	  are asynchronous while in fact most of them are synchronous except
	  domain shutdown, setvcpus and setmem.

	504262 Check for duplicated UUID in XM Xen defines
	* src/xen/xm_internal.c: the XM driver was not checking for previously
	  defined UUID on new defines. Similar to virDomainObjIsDuplicate()
	  behaviour.

2009-11-20  Daniel Veillard  <veillard@redhat.com>

	512069 fix domain XML schemas for backward compatibility
	For backward compatibility we used to add the tty path as
	a tty attribute on console of type pty, duplicating the value
	now found in source/@path, but the Relax-NG grammar wasn't
	extended for this
	    <console type='pty' tty='/dev/pts/8'>
	      <source path='/dev/pts/8'/>
	      <target port='0'/>
	    </console>

	* docs/schemas/domain.rng: allow an optional tty attribute
	  containing a devicePath

2009-11-20  Steve Yarmie  <steve.yarmie@gmail.com>

	qemu-kvm needs -enable-kvm flag for VT optimization
	Recent qemu releases require command option '-enable-qemu' in order
	for the kvm functionality be activated. Libvirt needs to pass this flag
	to qemu when starting a domain. Note that without the option,
	even if both the kernel and qemu support KVM, KVM will not be activated
	and VMs will be very slow.

	* src/qemu/qemu_conf.h src/qemu/qemu_conf.c: parse the extra command
	  line option from help and add it when running kvm
	* tests/qemuhelptest.c: this modified the flags output for qemu-0.10.5
	  and qemu-kvm-0.11.0-rc2 regression tests

2009-11-20  Steve Yarmie  <steve.yarmie@gmail.com>

	fix deprecated iptables command syntax
	* src/util/iptables.c: `--option !  this` is deprecated in favor of
	  `! --option this` syntax, change the output command accordingly

2009-11-19  Dave Allan  <dallan@redhat.com>

	remove sysfs_path and parent_sysfs_path from XML
	Erroneously included the sysfs_path and parent_sysfs_path elements in
	the node device xml, they were not supposed to show up there

	* src/conf/node_device_conf.c: remove the output of the 2 fields

2009-11-19  Dave Allan  <dallan@redhat.com>

	Removing devicePath member from dev struct
	I realized that I inadvertently added a member to the def struct to
	contain each device's sysfs path when there was an existing member in the
	dev struct for "OS specific path to device metadat, eg sysfs"  Since the
	udev backend needs to record the sysfs path while it's in the process of
	creating the device, before the dev struct gets allocated, I chose to
	remove the member from the dev struct.

	* src/conf/node_device_conf.c src/conf/node_device_conf.h
	  src/node_device/node_device_driver.c src/node_device/node_device_hal.c
	  src/node_device/node_device_udev.c: remove devicePath from the
	  structure and use def->sysfs_path instead

2009-11-19  Dave Allan  <dallan@redhat.com>

	report OOM in two places in node_device_driver.c
	* src/node_device/node_device_driver.c: two places where not calling
	  virReportOOMError after strdup failure

2009-11-18  Daniel P. Berrange  <berrange@redhat.com>

	Ensure driver lock is released when entering QEMU monitor
	The qemudStartVMDaemon() and several functions it calls use
	the QEMU monitor. The QEMU driver is locked while this function
	is executing, so it is rquired to release the driver lock and
	reacquire it either side of issuing a monitor command. It
	failed todo so, leading to deadlock

	* qemu/qemu_driver.c: Release driver when in qemudStartVMDaemon
	  and things it calls

2009-11-17  Daniel Veillard  <veillard@redhat.com>

	Updated localization and regenerated the pos
	updated el.po es.po or.po pl.po ta.po te.po
	ran make update-po

2009-11-17  Matthew Booth  <mbooth@redhat.com>

	Fix typo in error message

2009-11-16  Matthias Bolte  <matthias.bolte@googlemail.com>

	Whitespace cleanup for pre-tags on the website

2009-11-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix type in configure output summary
	* configure.in: Fix typo in PCIACCESS_LIBS

2009-11-16  Daniel Veillard  <veillard@redhat.com>

	Remove a compilation warning on uninitialized var

2009-11-16  Guido Günther  <agx@sigxcpu.org>

	only remove masquerade roles for VIR_NETWORK_FORWARD_NAT
	Fixes http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549949

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix CPU clock Hz to MHz conversion

	esx: Fix memory leak in esxVI_HostCpuIdInfo_Free()

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Fix MAC address formatting
	VMware uses two MAC address prefixes: 00:0c:29 and 00:50:56. The 00:0c:29
	prefix is used for ESX server generated addresses. The 00:50:56 prefix is
	split into two parts. MAC addresses above 00:50:56:3f:ff:ff are generated
	by a vCenter. The rest of the 00:50:56 prefix can be assigned manually.
	Any MAC address within the 00:0c:29 and 00:50:56 prefix can be specified
	in a domain XML config and the driver will handle the details internally.

	* src/esx/esx_vmx.c: fix MAC address formatting
	* tests/xml2vmxdata/*: update test files accordingly

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx: Handle 'vmxnet3' in esxVMX_FormatEthernet()
	In commit 3c80fac2588cbc9e5ee7e7069e1ca4468f2359d3 'vmxnet3' handling
	was added to esxVMX_ParseEthernet(), but not to the inverse function
	esxVMX_FormatEthernet().

	esx: Add documentation to the website
	* docs/drivers.html.in: list the ESX driver
	* docs/drvesx.html.in: the new ESX driver documentation
	* docs/hvsupport.html.in: add the ESX driver to the matrix
	* docs/index.html.in, docs/sitemap.html.in: list the ESX driver
	* src/esx/esx_driver.c: fix and cleanup some comments

2009-11-15  Matthias Bolte  <matthias.bolte@googlemail.com>

	Change DTD references to use public instead of system identifier
	Debian's /etc/xml/catalog doesn't contain system identifiers, so use
	public identifiers instead.

	* docs/Makefile.am: use public instead of system identifier
	* docs/site.xsl: use matching public identifier

2009-11-15  Jim Fehlig  <jfehlig@novell.com>

	Fix compilation of libvirt against xen-unstable
	* src/xen/xen_hypervisor.c: xen-unstable changeset 19788 removed
	  MAX_VIRT_CPUS from public headers, breaking compilation of libvirt
	  on -unstable.  Its semanitc was retained with XEN_LEGACY_MAX_VCPUS.
	  Ensure MAX_VIRT_CPUS is defined accordingly.

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix probing for libpciaccess
	If 'with_udev=check' then missing pciaccess should not be a fatal
	error. It should merely disable the udev driver.

	* configure.in: Fix pciaccess check to be non-fatal

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove obsolte devicekit checks
	Device kit support was removed, but the configure.ac checks were
	left in place. A number of the XXX_REQUIRED=X.Y.Z variables were
	not declared in the correct location (ie top of the file)

	* configure.in: Remove device kit checks & move mis-placed variables
	  to correct location

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect reference counting logic in qemu monitor open
	The QEMU monitor open method would not take a reference on
	the virDomainObjPtr until it had successfully opened the
	monitor. The cleanup code upon failure to open though would
	call qemuMonitorClose() which would in turn decrement the
	reference count. This caused the virDoaminObjPtr to be mistakenly
	freed and then the whole driver crashes

	* src/qemu/qemu_monitor.c: Fix reference counting in
	  qemuMonitorOpen

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Don't return fatal error in HAL driver init if HAL isn't running
	The HAL driver returns a fatal error code in the case where HAL
	is not running. This causes the entire libvirtd daemon to quit
	which isn't desirable. Instead it should simply disable the HAL
	driver

	* src/node_device/node_device_hal.c: Quietly disable HAL if it is
	  not running

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix cleanup when state driver init fails
	* daemon/libvirtd.c: Fix incorrect goto label causing cleanup to
	  be missed when state driver init fails

2009-11-13  Matthew Booth  <mbooth@redhat.com>

	Small guestfwd code cleanup
	* src/qemu/qemu_conf.c: Remove and inline qemudBuildCommandLineChrDevTargetStr

	Small indentation cleanup of domain schema

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor code cleanups
	* src/security/security_apparmor.c: a few code cleanups following a
	  review on the list

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor handling of accesses to readonly files
	Fixes https://launchpad.net/bugs/453335

	* src/security/virt-aa-helper.c: suppress confusing and misleading
	  apparmor denied message when kvm/qemu tries to open a libvirt specified
	  readonly file (such as a cdrom) with write permissions. libvirt uses
	  the readonly attribute for the security driver only, and has no way
	  of telling kvm/qemu that the device should be opened readonly

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor require absolute paths
	Fixes https://launchpad.net/bugs/460271

	* src/security/virt-aa-helper.c: require absolute path for dynamic added
	  files. This is required by AppArmor and conveniently prevents adding
	  tcp consoles to the profile

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	AppArmor updates of examples
	* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary
	  save/restore to the example apparmor abstraction
	* examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet
	  dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Check that domain is running when starting console
	The 'virsh console' command did not check if the domain was
	already running before attempting to fetch the XML and extract
	the console PTY path. This caused a slightly unhelpful / misleading
	error message for the user. The explicit check ensures the user
	gets an explicit 'domain is not running' message.

	* tools/virsh.c: Validate that state != VIR_DOMAIN_SHUTOFF in
	  virsh console command

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix incorrect variable passed to LXC event callback
	The wrong variable was being passed in with the LXC event callback
	resulting in a later deadlock or crash

	* src/lxc/lxc_driver.c: Pass 'vm' instead of 'driver' to event
	  callback

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix check for existance of cgroups at creation
	In the scenario where the cgroups were mounted but the
	particular group did not exist, and the caller had not
	requested auto-creation, the code would fail to return
	an error condition. This caused the lxc_controller to
	think the cgroup existed, and it then later failed when
	attempting to use it

	* src/util/cgroup.c: Raise an error if the cgroup path does not
	  exist

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix race condition in HAL driver startup
	There is a race condition in HAL driver startup where the callback
	can get triggered before we have finished startup. This then causes
	a deadlock in the driver.

	* src/node_device/node_device_hal.c: RElease driver lock before
	  registering DBus callbacks

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix formatting of XML for an inactive guest
	If the virDomainDefPtr object has an 'id' of -1, then forcably
	set the VIR_DOMAIN_XML_INACTIVE flag to ensure generated XML
	does not include any cruft from the previously running guest
	such as console PTY path, or VNC port.

	* src/conf/domain_conf.c: Set VIR_DOMAIN_XML_INACTIVE if
	  def->id is -1. Replace checks for def->id == -1 with
	  check against flags & VIR_DOMAIN_XML_INACTIVE.

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Remove capng_lock() call when spawning LXC container init process
	The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT
	bits on the process. This prevents the kernel granting capabilities to
	processes with an effective UID of 0, or with setuid programs. This is
	not actually what we want in the container init process. It should be
	allowed to run setuid processes & keep capabilities when root. All that
	is required is masking a handful of dangerous capabilities from the
	bounding set.

	* src/lxc/lxc_container.c: Remove bogus capng_lock() call.

2009-11-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix initscript to check daemon pidfile
	The libvirtd initscript could get confused between the system and
	session instances of the daemon. To avoid this it is neccessary
	to check the pidfile explicitly.

	* daemon/libvirtd.init.in: Always check the pidfile of the system
	  daemon to avoid confusion with the session daemons

2009-11-13  Jamie Strandboge  <jamie@canonical.com>

	Fix virt-aa-helper when host and os.type arch differ
	* src/security/virt-aa-helper.c: get_definition() now calls the new
	  caps_mockup() function which will parse the XML for os.type,
	  os.type.arch and then sets the wordsize.  These attributes are needed
	  only to get a valid virCapsPtr for virDomainDefParseString(). The -H
	  and -b options are now removed from virt-aa-helper (they weren't used
	  yet anyway).
	* tests/virt-aa-helper-test: extend and fixes tests, chmod'ed 755

2009-11-12  David Allan  <dallan@redhat.com>

	Add translation of PCI vendor and product IDs
	uses libpciaccess to provide human readable names for PCI vendor and
	device IDs
	* configure.in: add a requirement for libpciaccess >= 0.10.0
	* src/Makefile.am: add the associated compilation flags and link
	* src/node_device/node_device_udev.c: lookup the libpciaccess for
	  vendor name and product name based on their ids

	Remove DevKit node device backend
	* configure.in src/Makefile.am: remove the configuration check and
	  build instructions
	* src/node_device/node_device_devkit.c: removed the module
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  removed references to the old backend

	Add scsi_target device type
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add specific
	  support for SCSI target in node device capabilities
	* src/node_device/node_device_udev.c: add some extra detection code
	  when handling udev output

	Implement a node device backend using libudev
	* configure.in: add new --with-udev, disabled by default, and requiring
	  libudev > 145
	* src/node_device/node_device_udev.c src/node_device/node_device_udev.h:
	  the new node device backend
	* src/node_device/node_device_linux_sysfs.c: moved node_device_hal_linux.c
	  to a better file name
	* src/conf/node_device_conf.c src/conf/node_device_conf.h: add a couple
	  of fields in node device definitions, and an API to look them up,
	  remove a couple of unused fields from previous patch.
	* src/node_device/node_device_driver.c src/node_device/node_device_driver.h:
	  plug the new driver
	* po/POTFILES.in src/Makefile.am src/libvirt_private.syms: add the new
	  files and symbols
	* src/util/util.h src/util/util.c: add a new convenience macro
	  virBuildPath and virBuildPathInternal() function

	Add several fields to node device capabilities
	* src/conf/node_device_conf.h src/conf/node_device_conf.c: add the new
	  fields in the structure as well as parsing and serialization

2009-11-12  Cole Robinson  <crobinso@redhat.com>

	Add virConnectGetLibvirtVersion API
	There is currently no way to determine the libvirt version of a remote
	libvirtd we are connected to. This is a useful piece of data to enable
	feature detection.

2009-11-12  Maximilian Wilhelm  <max@rfc2324.org>

	Implement finer grained migration control for Xen
	* src/xen/xen_driver.c: Add support for VIR_MIGRATE_PERSIST_DEST flag
	* src/xen/xend_internal.c: Add support for VIR_MIGRATE_UNDEFINE_SOURCE flag
	* include/libvirt/virterror.h, src/util/virterror.c: Add new errorcode
	  VIR_ERR_MIGRATE_PERSIST_FAILED

2009-11-12  pritesh  <Pritesh.Kothari@Sun.COM>

	Support for SATA Disks in virDomainDiskBus
	* src/conf/domain_conf.h src/conf/domain_conf.c: add the new entry in
	  the enum and lists of virDomainDiskBus
	* src/qemu/qemu_conf.c: same for virDomainDiskQEMUBus

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing DomainInterfaceStats API
	* src/lxc/lxc_driver.c: add lxcDomainInterfaceStats implementing
	  virDomainInterfaceStats()

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Filter out stale domains from xenstore listing
	The xenstore database sometimes has stale domain IDs which are not
	present in the hypervisor anymore. Filter these out to avoid causing
	confusion

	* src/xen/xs_internal.c: Filter domain IDs against HV's list
	* src/xen/xen_hypervisor.h, src/xen/xen_hypervisor.c: Add new
	  xenHypervisorHasDomain() method for checking ID validity

2009-11-12  Jonas Eriksson  <jonas.j.eriksson@ericsson.com>

	Fix logic in xenUnifiedNumOfDomains to match xenUnifiedListDomains
	The xenUnifiedNumOfDomains and xenUnifiedListDomains methods work
	together as a pair, so it is critical they both apply the same
	logic. With the current mis-matched logic it is possible to sometimes
	get into a state when you miss certain active guests.

	* src/xen/xen_driver.c: Change xenUnifiedNumOfDomains ordering to
	  match xenUnifiedListDomains.

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Disable IPv6 socket auto-binding to IPv4 socket
	Sometimes getaddrinfo returns IPv4 addresses before IPv6 addresses.
	IPv6 sockets default to attempting to bind to IPv4 addresses too.
	So if the IPv4 address is activated first, then binding to IPv6
	will unneccessarily fail.

	* daemon/libvirtd.c: Bind to IPv6 and IPv4 addresses separately

2009-11-12  Daniel P. Berrange  <berrange@redhat.com>

	Exclude numactl on s390[x]
	The numactl package is not applicable for s390[x] arches, so do
	not enable it as a build dep.

	* libvirt.spec.in: Exclude numactl on s390[x]

2009-11-12  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix error handling in qemuMonitorOpen
	* src/qemu/qemu_monitor.c: add error check for qemuMonitorOpenXXX
	  returned file descriptor

2009-11-11  Daniel P. Berrange  <berrange@redhat.com>

	Fix save and restore with non-privileged guests and SELinux
	When running qemu:///system instance, libvirtd runs as root,
	but QEMU may optionally be configured to run non-root. When
	then saving a guest to a state file, the file is initially
	created as root, and thus QEMU cannot write to it. It is also
	missing labelling required to allow access via SELinux.

	* src/qemu/qemu_driver.c: Set ownership on save image before
	  running migrate command in virDomainSave impl. Call out to
	  security driver to set save image labelling
	* src/security/security_driver.h: Add driver APIs for setting
	  and restoring saved state file labelling
	* src/security/security_selinux.c: Implement saved state file
	  labelling for SELinux

2009-11-11  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	disable mac_filter config switch by default
	* src/qemu/qemu.conf:  disables the mac_filter config switch by default
	  to match existing convention, also document the option

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Prevent initializing ebtables if disabled in qemu.conf
	* src/qemu/qemu_conf.c: don't initialize ebtables if
	  disabled

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: too much timeout when polling socket
	* src/phyp/phyp_driver.c: a 10s timeout on socket availability was way
	  too long, reduced to 1ms

2009-11-11  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix warning on make due to missing cast (int)
	* src/qemu/qemu_monitor.c src/qemu/qemu_monitor_text.c: cast size_t to
	  int when passing to '%d'

2009-11-11  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: Reorder keyboard_interactive label in openSSHSession()
	Finish changes intended to be part of commit
	6c70802374d1cb9316769fea750a6c2c198901ff

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Implmentation of new APIs to checking state/persistence of objects
	This implements the virConnectIsSecure, virConnectIsEncrypted,
	virDomainIsPersistent, virDomainIsActive, virNetworkIsActive,
	virNetworkIsPersistent, virStoragePoolIsActive,
	virStoragePoolIsPersistent, virInterfaceIsActive APIs in
	(nearly) all drivers. Exceptions are:

	 phyp: missing domainIsActive/Persistent
	 esx: missing domainIsPersistent
	 opennebula: missing domainIsActive/Persistent

	* src/remote/remote_protocol.x: Define remote wire ABI for newly
	  added APIs.
	* daemon/remote_dispatch*.h: Re-generated from remote_protocol.x
	* src/esx/esx_driver.c, src/lxc/lxc_driver.c, src/network/bridge_driver.c,
	  src/opennebula/one_driver.c, src/openvz/openvz_conf.c,
	  src/openvz/openvz_driver.c, src/phyp/phyp_driver.c,
	  src/remote/remote_driver.c, src/storage/storage_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	  src/xen/xen_driver.c, src/xen/xen_driver.h, src/xen/xen_inotify.c,
	  src/xen/xen_inotify.h: Implement all the new APIs where possible

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	New APIs for checking some object properties
	Introduce a number of new APIs to  expose some boolean properties
	of objects, which cannot otherwise reliably determined, nor are
	aspects of the XML configuration.

	 * virDomainIsActive: Checking virDomainGetID is not reliable
	   since it is not possible to distinguish between error condition
	   and inactive domain for ID of -1.
	 * virDomainIsPersistent: Check whether a persistent config exists
	   for the domain

	 * virNetworkIsActive: Check whether the network is active
	 * virNetworkIsPersistent: Check whether a persistent config exists
	   for the network

	 * virStoragePoolIsActive: Check whether the storage pool is active
	 * virStoragePoolIsPersistent: Check whether a persistent config exists
	   for the storage pool

	 * virInterfaceIsActive: Check whether the host interface is active

	 * virConnectIsSecure: whether the communication channel to the
	   hypervisor is secure
	 * virConnectIsEncrypted: whether any network based commnunication
	   channels are encrypted

	NB, a channel can be secure, even if not encrypted, eg if it does
	not involve the network, like a UNIX socket, or pipe.

	 * include/libvirt/libvirt.h.in: Define public API
	 * src/driver.h: Define internal driver API
	 * src/libvirt.c: Implement public API entry point
	 * src/libvirt_public.syms: Export API symbols
	 * src/esx/esx_driver.c, src/lxc/lxc_driver.c,
	   src/interface/netcf_driver.c, src/network/bridge_driver.c,
	   src/opennebula/one_driver.c, src/openvz/openvz_driver.c,
	   src/phyp/phyp_driver.c, src/qemu/qemu_driver.c,
	   src/remote/remote_driver.c, src/test/test_driver.c,
	   src/uml/uml_driver.c, src/vbox/vbox_tmpl.c,
	   src/xen/xen_driver.c: Stub out driver tables

2009-11-10  Daniel Veillard  <veillard@redhat.com>

	Various fixes following a code review part 2
	* daemon/libvirtd.c tools/virsh.c: Steve Grubb <sgrubb@redhat.com> found
	  a few more issues

	Various fixes following a code review
	* src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c
	  src/lxc/lxc_controller.c src/node_device/node_device_hal.c
	  src/openvz/openvz_conf.c src/qemu/qemu_driver.c
	  src/qemu/qemu_monitor_text.c src/remote/remote_driver.c
	  src/storage/storage_backend_disk.c src/storage/storage_driver.c
	  src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c
	  src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code
	  review and those are the fixes correcting the problems

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Allow timeouts waiting for QEMU job lock
	Some monitor commands may take a very long time to complete. It is
	not desirable to block other incoming API calls forever. With this
	change, if an existing API call is holding the job lock, additional
	API calls will not wait forever. They will time out after a short
	period of time, allowing application to retry later.

	* include/libvirt/virterror.h, src/util/virterror.c: Add new
	  VIR_ERR_OPERATION_TIMEOUT error code
	* src/qemu/qemu_driver.c: Change to a timed condition variable
	  wait for acquiring the monitor job lock

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Release driver and domain lock when running monitor commands
	QEMU monitor commands may sleep for a prolonged period of time.
	If the virDomainObjPtr or qemu driver lock is held this will
	needlessly block execution of many other API calls. it also
	prevents asynchronous monitor events from being dispatched
	while a monitor command is executing, because deadlock will
	ensure.

	To resolve this, it is neccessary to release all locks while
	executing a monitor command. This change introduces a flag
	indicating that a monitor job is active, and a condition
	variable to synchronize access to this flag. This ensures that
	only a single thread can be making a state change or executing
	a monitor command at a time, while still allowing other API
	calls to be completed without blocking

	* src/qemu/qemu_driver.c: Release driver and domain lock when
	  running monitor commands. Re-add locking to disk passphrase
	  callback
	* src/qemu/THREADS.txt: Document threading rules

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Fully asynchronous monitor I/O processing
	Change the QEMU monitor file handle watch to poll for both
	read & write events, as well as EOF. All I/O to/from the
	QEMU monitor FD is now done in the event callback thread.

	When the QEMU driver needs to send a command, it puts the
	data to be sent into a qemuMonitorMessagePtr object instance,
	queues it for dispatch, and then goes to sleep on a condition
	variable. The event thread sends all the data, and then waits
	for the reply to arrive, putting the response / error data
	back into the qemuMonitorMessagePtr and notifying the condition
	variable.

	There is a temporary hack in the disk passphrase callback to
	avoid acquiring the domain lock.  This avoids a deadlock in
	the command processing, since the domain lock is still held
	when running monitor commands. The next commit will remove
	the locking when running commands & thus allow re-introduction
	of locking the disk passphrase callback

	* src/qemu/qemu_driver.c: Temporarily don't acquire lock in
	  disk passphrase callback. To be reverted in next commit
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Remove
	  raw I/O functions, and a generic qemuMonitorSend() for
	  invoking a command
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Remove all low level I/O, and use the new qemuMonitorSend()
	  API. Provide a qemuMonitorTextIOProcess() method for detecting
	  command/reply/prompt boundaries in the monitor data stream

2009-11-10  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	phyp: ssh authentication with public key fixed
	Use ssh keyfiles from the current user's home directory instead of trying
	to use keyfiles from a hardcoded /home/user directory. Fallback to
	username/password authentication if keyfiles are not available or keyfile
	authentication failed.

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Add reference counting on virDomainObjPtr objects
	Add reference counting on the virDomainObjPtr objects. With the
	forthcoming asynchronous QEMU monitor, it will be neccessary to
	release the lock on virDomainObjPtr while waiting for a monitor
	command response. It is neccessary to ensure one thread can't
	delete a virDomainObjPtr while another is waiting. By introducing
	reference counting threads can make sure objects they are using
	are not accidentally deleted while unlocked.

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Add
	  virDomainObjRef/Unref APIs, remove virDomainObjFree
	* src/openvz/openvz_conf.c: replace call to virDomainObjFree
	  with virDomainObjUnref

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Locking of the qemuMonitorPtr object
	In preparation of the monitor I/O process becoming fully asynchronous,
	it is neccessary to ensure all access to internals of the qemuMonitorPtr
	object is protected by a mutex lock.

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add mutex for locking
	  monitor.
	* src/qemu/qemu_driver.c: Add locking around all monitor commands

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Wrap text mode monitor APIs, pass qemuMonitorPtr directly to APIs
	Change the QEMU driver to not directly invoke the text mode monitor
	APIs. Instead add a generic wrapper layer, which will eventually
	invoke either the text or JSON protocol code as needed. Pass an
	qemuMonitorPtr object into the monitor APIs instead of virDomainObjPtr
	to complete the de-coupling of the monitor impl from virDomainObj
	data structures

	* src/qemu/qemu_conf.h: Remove qemuDomainObjPrivate definition
	* src/qemu/qemu_driver.c: Add qemuDomainObjPrivate definition.
	  Pass qemuMonitorPtr into all monitor APIs instead of the
	  virDomainObjPtr instance.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add thin
	  wrappers for all qemuMonitorXXX command APIs, calling into
	  qemu_monitor_text.c/h
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h:
	  Rename qemuMonitor -> qemuMonitorText & update to accept
	  qemuMonitorPtr instead of virDomainObjPtr

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Move encryption lookup back into qemu driver file
	Decouple the monitor code from the virDomainDefPtr structure
	by moving the disk encryption lookup code back into the
	qemu_driver.c file. Instead provide a function callback to
	the monitor code which can be invoked to retrieve encryption
	data as required.

	* src/qemu/qemu_driver.c: Add findDomainDiskEncryption,
	  and findVolumeQcowPassphrase. Pass address of the method
	  findVolumeQcowPassphrase into qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: Associate a disk
	  encryption function callback with the qemuMonitorPtr
	  object.
	* src/qemu/qemu_monitor_text.c: Remove findDomainDiskEncryption
	  and findVolumeQcowPassphrase.

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Make use of private data structure for monitor state
	Introduce a new qemuDomainObjPrivate object which is used to store
	the private QEMU specific data associated with each virDomainObjPtr
	instance. This contains a single member, an instance of the new
	qemuMonitorPtr object which encapsulates the QEMU monitor state.
	The internals of the latter are private to the qemu_monitor* files,
	not to be shown to qemu_driver.c

	* src/qemu/qemu_conf.h: Definition of qemuDomainObjPrivate.
	* src/qemu/qemu_driver.c: Register a functions for creating
	  and freeing qemuDomainObjPrivate instances with the domain
	  capabilities. Remove the qemudDispatchVMEvent() watch since
	  I/O watches are now handled by the monitor code itself. Pass
	  a new qemuHandleMonitorEOF() callback into qemuMonitorOpen
	  to allow notification when the monitor quits.
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Introduce
	  the 'qemuMonitor' object. Temporarily add new APIs
	  qemuMonitorWrite, qemuMonitorRead, qemuMonitorWaitForInput
	  to allow text based monitor impl to perform I/O.
	* src/qemu/qemu_monitor_text.c: Call APIs for reading/writing
	  to monitor instead of accessing the file handle directly.

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Move code for low level QEMU monitor interaction into separate file
	The qemu_driver.c code should not contain any code that interacts
	with the QEMU monitor at a low level. A previous commit moved all
	the command invocations out. This change moves out the code which
	actually opens the monitor device.

	* src/qemu/qemu_driver.c: Remove qemudOpenMonitor & methods called
	  from it.
	* src/Makefile.am: Add qemu_monitor.{c,h}
	* src/qemu/qemu_monitor.h: Add qemuMonitorOpen()
	* src/qemu/qemu_monitor.c: All code for opening the monitor

2009-11-10  Daniel P. Berrange  <berrange@redhat.com>

	Add a new timed condition variable wait API
	* src/util/threads.h, src/util/threads-pthread.c,
	  src/libvirt_private.syms: Add virCondWaitUntil()

	Fix errno handling for pthreads wrappers
	* src/util/threads-pthread.c: pthreads APIs do not set errno, instead
	  the return value is the positive errno. Set errno based on the return
	  value in the wrappers

	Make pciDeviceList struct opaque
	* src/util/pci.c, src/util/pci.h: Make the pciDeviceList struct
	  opaque to callers of the API. Add accessor methods for managing
	  devices in the list
	* src/qemu/qemu_driver.c: Update to use APIs instead of directly
	  accessing pciDeviceList fields

2009-11-09  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add missing OOM error checks, reports and cleanups

2009-11-09  Matthew Booth  <mbooth@redhat.com>

	Add documentation for <channel> domain element
	* src/formatdomain.html.in: Add <channel> element documentation

	Separate character device doc guest and host parts
	* docs/formatdomain.html.in: refactors the existing character device
	  documentation to make it explicit which directives configure the guest
	  interface, and which configure the host interface.

2009-11-09  Gerhard Stenzel  <gerhard.stenzel@de.ibm.com>

	Removes the ebtablesSaveRules() function
	As it was basically unimplemented and more confusing than useful
	at the moment.
	* src/libvirt_private.syms: remove from internal symbols list
	* src/qemu/qemu_bridge_filter.c src/util/ebtables.c: remove code and
	  one use of the unimplemented function

2009-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	opennebula: Fix potential memory/mutex leak in state driver startup
	In case of an error the domains hash and the driver mutex may leak.

	* src/opennebula/one_driver.c: free/destroy domains hash and driver
	  mutex in error cases

2009-11-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Add a Python example that lists active ESX domains
	It also demonstrates how to use the libvirt.openAuth() method.

	* examples/python/Makefile.am: add esxlist.py to EXTRA_DIST
	* examples/python/README: add some notes about esxlist.py
	* examples/python/esxlist.py: the new example

2009-11-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Use actual error code instead of 0

2009-11-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	phyp: Don't use VIR_ALLOC if a stack variable is good enough

	phyp: Fix several UUID table related problems
	- Make reading ID from file working for IDs > 127
	- Fix inverse error check for writing ID to file
	- Use feof() to distinguish EOF from real error of fread()
	- Don't interpret libssh2 error codes as number of bytes

	phyp: Check for exit_status < 0 before parsing the result

	phyp: memcpy/memmove/memset can't fail, so don't check for error
	Also reset UUID to all 0 instead of all 48 (== '0') in phypUUIDTable_RemLpar()

	phyp: Make generic domain listing functions return -1 in case of error
	phypNumDomainsGeneric() and phypListDomainsGeneric() return 0 in case
	of an error. This makes it impossible to distinguish between an actual
	error and no domains being defined on the hypervisor. It also turn the
	no domains situation into an error. Return -1 in case of an error to
	fix this problem.

	phyp: Break potential infinite loops

	phyp: Fix memory/session leaks and potential invalid frees

	Fix configure check for libssh2
	* configure.in: add -L$libssh2_path to LIBS for the AC_TRY_LINK check

2009-11-06  Daniel Veillard  <veillard@redhat.com>

	524280 pass max lease option to dnsmasq
	* src/network/bridge_driver.c: when exec'ing dnsmaq, if there are
	  DHCP ranges defined, then compute and pass the --dhcp-lease-max
	  deriving the maximum number of leases

	Store the range size when adding a DHCP range
	* src/conf/network_conf.h: extend the structure to store the range
	* src/conf/network_conf.c: before adding a range parse the IP addresses
	  do some checking and keep the size

	Repair getIPv4Addr after the ntohl conversion
	* src/util/network.c: getIPv4Addr() got broken when the input
	  network address value got converted from network to host byte order

2009-11-06  Cole Robinson  <crobinso@redhat.com>

	qemu: Allow cpu pinning for all logical CPUs, not just physical
	This is what virsh already expects when printing output, and what
	'man cpuset' claims to support.

	qemu: Use same create/define overwrite logic for migration prepare.

	qemu: Break out function to check if we can create/define/restore
	Use this function in the qemu, uml, lxc, and test drivers.

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Cleanup whitespace in docs
	This patch is the result of running the following command in the docs
	directory: sed -i 's/\t/        /g; s/\s*$//' *.html.in

	* docs/*.html.in:convert tabs into 8 spaces and remove trailing whitespace

2009-11-06  Matthew Booth  <mbooth@redhat.com>

	Use virBuffer when building QEMU char dev command line
	* src/qemu/qemu_conf.c: Update qemudBuildCommandLineChrDevStr to use a
	  virBuffer

	Cleanup virBuffer usage in qemdBuildCommandLine
	* src/qemu_qemu_conf.c: Cleanup usage of virBuffer in qemudBuildCommandLine

2009-11-06  Paolo Bonzini  <pbonzini@redhat.com>

	Add sentinel attribute for NULL terminated arg lists
	* src/internal.h (ATTRIBUTE_SENTINEL): New, it's a ggc feature and
	  protected as such
	* src/util/buf.c (virBufferStrcat): Use it.
	* src/util/ebtables.c (ebtablesAddRemoveRule): Use it.
	* src/util/iptables.c (iptableAddRemoveRule: Use it.
	* src/util/qparams.h (new_qparam_set, append_qparams): Use it.
	* docs/apibuild.py: avoid breaking the API generator with that new
	  internal keyword macro

2009-11-05  Cole Robinson  <crobinso@redhat.com>

	test: Update inactive guest config on shutdown
	This matches the expected behavior of state drivers such as QEMU.

	test: Add testDomainShutdownState helper
	Performs changes needed when stopping a VM (which are currently duplicated
	in several places, and forgotten in others).

2009-11-05  Paolo Bonzini  <pbonzini@redhat.com>

	Fix some cut-and-paste error in migration code
	* src/qemu/qemu_driver.c: in qemudDomainMigratePerform call
	  doPeer2PeerMigrate for VIR_MIGRATE_PEER2PEER.

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Properly convert port numbers to/from network byte order
	* src/util/network.c: Add htons and ntohs in virSocket(Get|Set)Port

2009-11-05  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	POWER add create() and destroy() support
	* src/phyp/phyp_driver.[ch]: add new entry points and a number of
	  cleanups

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Ensure guestfwd address is IPv4 and various cleanups
	* include/libvirt/virterror.h src/util/virterror.c: add a new error
	  VIR_ERR_CONFIG_UNSUPPORTED for valid but unsupported configuration options
	* src/conf/domain_conf.c: Throw an error if guestfwd address isn't IPv4
	  and cleanup a number of parsing return error values.

2009-11-05  Daniel Veillard  <veillard@redhat.com>

	Forgot test case on previous commit

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Support for <channel> in domain and QEmu backend
	allows the following to be specified in a domain:
	<channel type='pipe'>
	  <source path='/tmp/guestfwd'/>
	  <target type='guestfwd' address='10.0.2.1' port='4600'/>
	</channel>

	* proxy/Makefile.am: add network.c as dep of domain_conf.c
	* docs/schemas/domain.rng src/conf/domain_conf.[ch]: extend the domain
	  schemas and the parsing/serialization side for the new construct

	QEmu support will add the following on the qemu command line:
	 -chardev pipe,id=channel0,path=/tmp/guestfwd
	 -net user,guestfwd=tcp:10.0.2.1:4600-chardev:channel0

	* src/qemu/qemu_conf.c: Add argument output for channel
	* tests/qemuxml2(argv|xml)test.c: Add test for <channel> domain syntax

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Detect availability of QEMU -chardev CLI option
	* src/qemu/qemu_conf.h: defines a new QEMUD_CMD_FLAG_CHARDEV flag
	* src/qemu/qemu_conf.c: parse the output for -chardev and set flag
	  appropriately

2009-11-05  Matthew Booth  <mbooth@redhat.com>

	Allow character devices to have different target types
	A character device's target (it's interface in the guest) had only a
	single property: port. This patch is in preparation for adding targets
	which require other properties.
	Since this changes the conf type for character devices this affects
	a number of drivers:

	* src/conf/domain_conf.[ch] src/esx/esx_vmx.c src/qemu/qemu_conf.c
	  src/qemu/qemu_driver.c src/uml/uml_conf.c src/uml/uml_driver.c
	  src/vbox/vbox_tmpl.c src/xen/xend_internal.c src/xen/xm_internal.c:
	  target properties are moved into a union in virDomainChrDef, and a
	  targetType field is added to identify which union member should be
	  used. All current code which touches a virDomainChrDef is updated both
	  to use the new union field, and to populate targetType if necessary.

2009-11-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC allow container to have ethN interfaces
	Current implementation of lxc driver creates vethN named
	interface(s) in the host and passes as it is to a container.
	The reason why it doesn't use ethN is due to the limitation
	that one namespace cannot have multiple iterfaces that have
	an identical name so that we give up creating ethN named
	interface in the host for the container.

	However, we should be able to allow the container to have
	ethN by changing the name after clone(CLONE_NEWNET).

	* src/lxc/lxc_container.c src/lxc/veth.c src/lxc/veth.h: do the clone
	  and then renames interfaces eth0 ... ethN to keep the interface names
	  familiar in the domain

2009-11-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC cleanup deep indentation in lxcDomainSetAutostart
	* src/lxc/lxc_driver.c: refactor lxcDomainSetAutostart() to avoid deep
	  indentation of the code

	LXC messages cleanup and fix lxcError
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: most of cleanups are just capitalizing their messages
	  though, some fixes wrong error messages and awkward indentations, and
	  improves error messages.

	LXC fix wrong or out-of-date function descriptions
	* src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c
	  src/lxc/veth.c: fix broken function comments

2009-11-04  Cole Robinson  <crobinso@redhat.com>

	docs: <clock> property is 'offset', not 'sync'

2009-11-03  Gerhard Stenzel  <gstenzel@linux.vnet.ibm.com>

	add MAC address based port filtering to qemu
	* src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h: there is
	  a new config type option for mac filtering
	* src/qemu/qemu_bridge_filter.[ch]: new module for the ebtable entry points
	* src/qemu/qemu_driver.c: plug the MAC filtering at the right places
	  in the domain life cycle
	* src/Makefile.am po/POTFILES.in: add the new module

	New ebtables module wrapper
	* configure.in: look for ebtables binary location if present
	* src/Makefile.am: add the new module
	* src/util/ebtables.[ch]: new module and internal APIs around
	  the ebtables binary
	* src/libvirt_private.syms: export the symbols only internally

2009-11-03  Cole Robinson  <crobinso@redhat.com>

	test: Implement virDomainPinVcpu

	test: Implement virDomainGetVcpus

	test: Update vcpu runtime info in SetVcpus

	test: Use privateData to track running VM vcpu state

	test: Break out wrapper for setting up started domain state.
	This should be a no op for now, but we will use this function to set up
	transient state in the future.

	test: Fixes for SetVcpus
	- Implement DomainGetMaxVCPUs
	- Use GetMaxVCPUs to validate requested CPU amount
	- Deny the 'hotplug' for a running domain.

	qemu: Remove compiled out localhost migration support
	Pretty sure this would deadlock now that we have proper locking, so
	remove the code.

	storage: conf: Fix memory leak in encryption parsing

	Various error reporting fixes
	- Don't duplicate SystemError
	- Use proper error code in domain_conf
	- Fix a broken error call in qemu_conf
	- Don't use VIR_ERR_ERROR in security driver (isn't a valid code in this case)

2009-11-03  Cole Robinson  <crobinso@redhat.com>

	Improve error reporting for virConnectGetHostname calls
	All drivers have copy + pasted inadequate error reporting which wraps
	util.c:virGetHostname. Move all error reporting to this function, and improve
	what we report.

	Changes from v1:
	  Drop the driver wrappers around virGetHostname. This means we still need
	  to keep the new conn argument to virGetHostname, but I think it's worth
	  it.

2009-11-03  Laine Stump  <laine@laine.org>

	Fix improper error return in virInterfaceDefParseProtoIPvX
	* src/conf/interface_conf.c: the code was erronously returning -1
	  in the two functions if <dhcp> is not provided

	Make monitor type (miimon/arpmon) optional in bond xml
	* src/conf/interface_conf.c: lack of one of these in the live xml output
	  was causing the parse in virInterfaceDefParseBond() to fail

	Fix virInterfaceIpDefPtr leak during virInterfaceIpDefFree
	* src/conf/interface_conf.c: forgot to free the structure itself

	Support for IPv6 / multiple addresses per interfaces
	This patch updates the xml parsing and formatting, and the associated
	virInterfaceDef data structure to support IPv6, along the way adding
	support for multiple protocols per interface, and multiple IP
	addresses per protocol.
	* src/conf/interface_conf.[ch]: update the structures, code for parsing
	  and serialization

2009-11-03  Laine Stump  <laine@laine.org>

	Support reporting live interface IP/netmask
	This patch adds the flag VIR_INTERFACE_XML_INACTIVE to
	virInterfaceGetXMLDesc's flags. When it is*not* set (the default), the
	live interface info will be returned in the XML (in particular, the IP
	address(es) and netmask(s) will be retrieved by querying the interface
	directly, rather than  reporting what's in the config file). The
	backend of this is in netcf's ncf_if_xml_state() function.

	* configure.in libvirt.spec.in: requires netcf >= 0.1.3
	* include/libvirt/libvirt.h.in: adds flag VIR_INTERFACE_XML_INACTIVE
	* src/conf/interface_conf.c src/interface/netcf_driver.c src/libvirt.c:
	  update the parsing and backend routines accordingly
	* tools/virsh.c: change interface edit to inactive definition and
	  adds the inactive flag for interface dump

2009-11-03  Laine Stump  <laine@laine.org>

	Make startmode optional in toplevel interface definition
	The minimal XML returned from ncf_if_xml_state() doesn't contain this
	attribute (which makes no sense in the case of reporting current
	status of the interface), and it was preventing it from passing
	through the parse/format step.

	* src/conf/interface_conf.[ch]: add a new virInterfaceStartMode value
	  and modify loading/saving accordingly

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Move libvirtd event loop into background thread
	The virStateInitialize() call for starting up stateful drivers
	may require that the event loop is running already. This it is
	neccessary to start the event loop before this call. At the
	same time, network clients must not be processed until afte
	virStateInitialize has completed.

	The qemudListenUnix() and remoteListenTCP() methods must
	therefore not register file handle watches, merely open the
	network sockets & listen() on them. This means clients can
	connected and are queued, pending completion of initialization

	The qemudRunLoop() method is moved into a background thread
	that is started early to allow access to the event loop during
	driver initialization. The main process thread leader pretty
	much does nothing once the daemon is running, merely waits
	for the event loop thread to quit

	* daemon/libvirtd.c, daemon/libvirtd.h: Move event loop into
	  a background thread
	* daemon/THREADING.txt: Rewrite docs to better reflect reality

2009-11-03  Dan Kenigsberg  <danken@redhat.com>

	give up python interpreter lock before calling cb
	suggested by danpb on irc, patch by danken fixed for proper C syntax

	* python/libvirt-override.c: on event callback release the python
	  interpreter lock and take it again when coming back so that the
	  callback can reinvoke libvirt.

2009-11-03  Laine Stump  <laine@laine.org>

	Allow NULL mac address in virGetInterface
	There are places where an interface will not have a mac address, and netcf
	returns this as a NULL pointer rather than a pointer to an empty string.
	Rather than checking for this all over the place in libvirt, just save it
	in the virInterface object as an empty string.

	* src/datatypes.c: allow NULL mac in virGetInterface()

2009-11-03  Daniel Veillard  <veillard@redhat.com>

	Fix compilation problems
	introduced on commit 9231aa7d9563745c64e4f69afabca65d28bfae25
	* src/qemu/qemu_driver.c: in qemudRemoveDomainStatus fix a reference
	  to an undefined variable buf and free up an allocated string

2009-11-03  Chris Lalancette  <clalance@redhat.com>

	Fix up NLS warnings.
	When building with --disable-nls, I got a few messages like this:

	storage/storage_backend.c: In function 'virStorageBackendCreateQemuImg':
	storage/storage_backend.c:571: warning: format not a string literal and no format arguments

	Fix these up.

2009-11-03  Chris Lalancette  <clalance@redhat.com>

	Remove redundant virFileDeletePID() call
	qemudShutdownVMDaemon() calls qemudRemoveDomainStatus(), which
	then calls virFileDeletePID().  qemudShutdownVMDaemon() then
	unnecessarily calls virFileDeletePID() again.  Remove this second
	usage of it, and also slightly refactor qemudRemoveDomainStatus()
	to VIR_WARN appropriate error messages.

2009-11-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix return value in virStateInitialize impl for LXC
	The LXC driver was mistakenly returning -1 for lxcStartup()
	in scenarios that are not an error. This caused the libvirtd
	to quit for unprivileged users. This fixes the return code
	of LXC driver, and also adds a "name" field to the virStateDriver
	struct and logging to make it easier to find these problems
	in the future

	* src/driver.h: Add a 'name' field to state driver to allow
	  easy identification during failures
	* src/libvirt.c: Log name of failed driver for virStateInit
	  failures
	* src/lxc/lxc_driver.c: Don't return a failure code for
	  lxcStartup() if LXC is not available on this host, simply
	  disable the driver.
	* src/network/bridge_driver.c, src/node_device/node_device_devkit.c,
	  src/node_device/node_device_hal.c, src/opennebula/one_driver.c,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/secret/secret_driver.c, src/storage/storage_driver.c,
	  src/uml/uml_driver.c, src/xen/xen_driver.c: Fill in name
	  field in virStateDriver struct

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fix memory leak in list handling functions.
	If an error occurs between the allocation of an item and appending it
	to the list, the item leaks. Free such orphaned items in error cases.

	* src/esx/esx_vi.c: free orphaned items in error cases

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Don't automatically follow redirects.
	The default transport for the VI API is HTTPS. If the server redirects
	from HTTPS to HTTP the driver would silently follow that redirection.
	The user assumes to communicate with the server over a secure transport
	but isn't.

	This patch disables automatical redirection following. The driver reports
	an error if the server tries to redirect.

	* src/esx/esx_vi.c: refactor the call to curl_easy_perform() into a
	  function and do error handling there, disable automatical redirection
	  following for curl
	* src/esx/esx_vi.h: change the type of responseCode to int

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Unify naming of VI API utility and convenience functions.
	Unified function naming scheme:
	- 'lookup' functions query the ESX or vCenter for information
	- 'get' functions return information from a local object

	* src/esx/esx_driver.c, src/esx/esx_vi.[ch]: unify function naming

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Change disk selection for datastore detection.
	In order to register a new virtual machine the ESX driver needs to upload
	a VMX file to a datastore. Try to put this file beside the main VMDK file
	of the virtual machine. Change the disk selection for datastore detection
	to choose the first file-based harddisk instead of just the first disk.
	The first disk may be a CDROM disk and ISO images are normaly not located
	in the virtual machine's directory.

	* src/esx/esx_driver.c: change disk selection for datastore detection

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Fallback to the preliminary name if the datastore cannot be found.
	This allows to use domain-xml-from-native with VMX files that reference
	unavailable datastores.

	* src/esx/esx_vmx.c: fallback to the preliminary name if the datastore
	  cannot be found

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Rename internal APis
	Rename virDomainIsActive to virDomainObjIsActive, and
	virInterfaceIsActive to virInterfaceObjIsActive and finally
	virNetworkIsActive to virNetworkObjIsActive.

	* src/conf/domain_conf.c, src/conf/domain_conf.h,
	  src/conf/interface_conf.h, src/conf/network_conf.c,
	  src/conf/network_conf.h, src/lxc/lxc_driver.c,
	  src/network/bridge_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  renamed APIs.

2009-11-02  Matthew Booth  <mbooth@redhat.com>

	Fix --with-init-script configure option
	* configure.in daemon/Makefile.am: the --with-init-script configure
	  option was broken, and always defaulted based on the existence of
	  /etc/redhat-release. This was a systematic typo based on
	  mixed use of init-script and init-scripts.

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't let parent of daemon exit until basic initialization is done
	The daemonizing code lets the parent exit almost immediately. This
	means that it may think it has successfully started even when
	important failures occur like not being able to acquire the PID
	file. It also means network sockets are not yet open.

	To address this when daemonizing the parent passes an open pipe
	file descriptor to the child. The child does its basic initialization
	and then writes a status code to the pipe indicating either success,
	or failure. This ensures that when daemonizing, the parent does not
	exit until the pidfile is acquired & basic network sockets are open.

	Initialization of the libvirt drivers is still done asynchronously
	since this may take a very long time.

	* daemon/libvirtd.c: Force parent to stay around until basic config
	  file, pidfile & network socket init is completed

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Pull signal setup code out into separate method
	* daemon/libvirtd.c: Introduce a daemonSetupSignals() method
	  and put all signal handling code there
	* daemon/libvirtd.h: Add sigread/sigwrite to qemud_server type

2009-11-02  Yuji NISHIDA  <nishidy@nict.go.jp>

	Set KMEMSIZE for OpenVZ domains being defined
	* src/openvz/openvz_driver.c: add a new openvzDomainSetMemoryInternal()
	  function, used to initialize the KMEMSIZE parameter of a container.

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix duplicating logging of errors in libvirtd
	The libvirt default error handling callback will print all errors
	to stderr. The libvirtd default logging callback will do the same.
	Set a no-op error handling callback in libvirtd to prevent this
	duplication

	* daemon/libvirtd.c: Register a no-op error handling function

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix initialization order bugs
	virInitialize must be the first libvirt function called to ensure
	threads, error handling & random number generator are all setup.

	Move UNIX socket directory permissions change to place of use

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Misc cleanup to network socket init
	* daemon/libvirtd.c: Change qemudNetworkInit() so that it doesn't try
	to free its argument, leaving the caller todo cleanup as is normal
	practice. Add missing policykit cleanup to qemudCleanup, and remove
	server watch if set. Remove duplicated call to listen() on TCP sockets

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Annotate many methods with ATTRIBUTE_RETURN_CHECK & fix problems
	Nearly all of the methods in src/util/util.h have error codes that
	must be checked by the caller to correct detect & report failure.
	Add ATTRIBUTE_RETURN_CHECK to ensure compile time validation of
	this

	* daemon/libvirtd.c: Add explicit check on return value of virAsprintf
	* src/conf/domain_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/network/bridge_driver.c: Add missing OOM check on virAsprintf
	  and report error
	* src/qemu/qemu_conf.c: Add missing check on virParseMacAddr return
	  value status & report error
	* src/security/security_selinux.c: Remove call to virRandomInitialize
	  that's done in libvirt.c already
	* src/storage/storage_backend_logical.c: Add check & log on virRun
	  return status
	* src/util/util.c: Add missing checks on virAsprintf/Run status
	* src/util/util.h: Annotate all methods with ATTRIBUTE_RETURN_CHECK
	  if they return an error status code
	* src/vbox/vbox_tmpl.c: Add missing check on virParseMacAddr
	* src/xen/xm_internal.c: Add missing checks on virAsprintf
	* tests/qemuargv2xmltest.c: Remove bogus call to virRandomInitialize()

2009-11-02  Daniel P. Berrange  <berrange@redhat.com>

	Allow for a driver specific private data blob in virDomainObjPtr
	The virDomainObjPtr object stores state about a running domain.
	This object is shared across all drivers so it is not appropriate
	to include driver specific state here. This patch adds the ability
	to request a blob of private data per domain object instance. The
	driver must provide a allocator & deallocator for this purpose

	THis patch abuses the virCapabilitiesPtr structure for storing the
	allocator/deallocator callbacks, since it is already being abused
	for other internal things relating to parsing. This should be moved
	out into a separate object at some point.

	* src/conf/capabilities.h: Add privateDataAllocFunc and
	  privateDataFreeFunc fields
	* src/conf/domain_conf.c: Invoke the driver allocators / deallocators
	  when creating/freeing virDomainObjPtr instances.
	* src/conf/domain_conf.h: Pass virCapsPtr into virDomainAssignDef
	  to allow access to the driver specific allocator function
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_driver.c, src/qemu/qemu_driver.c,
	  src/test/test_driver.c, src/uml/uml_driver.c: Update for
	  change in virDomainAssignDef contract

2009-11-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	Don't use private struct member names of in6_addr
	__in6_u.__u6_addr16 is the private name for this struct member,
	s6_addr16 is the public one
	* src/util/network.c: dont use the private field, but the public one.

2009-11-02  Matthew Booth  <mbooth@redhat.com>

	More network utility functions
	* src/util/network.[ch] Add functions for address->text and get/set
	  port number
	* src/libvirt_private.syms: add new entry points

2009-10-30  Matthew Booth  <mbooth@redhat.com>

	Fix typo in network.c function comments
	* src/util/network.c: fix a few typo

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Add symbols from new network.h module
	* src/libvirt_private.syms: keep all symbols from network.h private

	Set of new network related utilities
	* src/util/network.h src/util/network.c: utilities to parse network
	  addresses, check netmask and compute ranges

2009-10-30  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix configure detection of device mapper
	* configure.in: the PKG_CHECK_MODULES() for it would not work on
	  Ubuntu and SuSE, so add a direct check fallback

2009-10-30  Daniel Veillard  <veillard@redhat.com>

	Remote code caught EINTR making it ininterruptable
	John Levon raised the issue that remoteIOEventLoop() poll call was
	reissued after EINTR was caught making it uninterruptible.
	* src/remote/remote_driver.c: catch EAGAIN instead as suggested by
	  Richard Jones

2009-10-28  Daniel P. Berrange  <berrange@redhat.com>

	Convert virDomainObjListPtr to use a hash of domain objects
	The current virDomainObjListPtr object stores domain objects in
	an array. This means that to find a particular objects requires
	O(n) time, and more critically acquiring O(n) mutex locks.

	The new impl replaces the array with a virHashTable, keyed off
	UUID. Finding a object based on UUID is now O(1) time, and only
	requires a single mutex lock. Finding by name/id is unchanged
	in complexity.

	In changing this, all code which iterates over the array had
	to be updated to use a hash table iterator function callback.
	Several of the functions which were identically duplicating
	across all drivers were pulled into domain_conf.c

	* src/conf/domain_conf.h, src/conf/domain_conf.c: Change
	  virDomainObjListPtr to use virHashTable. Add a initializer
	  method virDomainObjListInit, and rename virDomainObjListFree
	  to virDomainObjListDeinit, since its not actually freeing
	  the container, only its contents. Also add some convenient
	  methods virDomainObjListGetInactiveNames,
	  virDomainObjListGetActiveIDs and virDomainObjListNumOfDomains
	  which can be used to implement the correspondingly named
	  public API entry points in drivers
	* src/libvirt_private.syms: Export new methods from domain_conf.h
	* src/lxc/lxc_driver.c, src/opennebula/one_driver.c,
	  src/openvz/openvz_conf.c, src/openvz/openvz_driver.c,
	  src/qemu/qemu_driver.c, src/test/test_driver.c,
	  src/uml/uml_driver.c, src/vbox/vbox_tmpl.c: Update all code
	  to deal with hash tables instead of arrays for domains

2009-10-28  Mark McLoughlin  <markmc@redhat.com>

	libvirt-devel should only require libvirt-client
	There's a long known issue where if you install libvirt in a guest,
	the default virtual network will conflict with the default virtual
	network in the host.

	That's one of the reasons we have the libvirt-client RPM - it allows
	you to install the client library without having the host side
	installed.

	Rich Jones points out that if you install libvirt-devel in a guest,
	then you get libvirtd installed and the network conflict:

	  https://bugzilla.redhat.com/531200

	libvirt-devel should only require libvirt-client - e.g. nothing in
	the devel package pertains to anything in the libvirt RPM. The Fedora
	packaging guidelines say:

	  https://fedoraproject.org/wiki/Packaging/Guidelines#Devel_Packages

	  Devel packages must require the base package using a fully versioned
	  dependency ...

	But for all intents and purposes, libvirt-client is our base RPM.

	* libvirt.spec.in: make libvirt-devel require libvirt-client

2009-10-28  Cole Robinson  <crobinso@redhat.com>

	virterror: Add a missing 'break' for VIR_ERR_INVALID_SECRET

	qemu: migrate: Don't require manual URI to specify a port
	The xen driver will generate a migration port if only a hostname is passed
	in the optional migrate URI, so let's do the same in qemu.

	Fix p2p migration without a passed uri.

	qemu: Fix an error message in GetVcpus

	test: Support virStorageFindPoolSources
	The results are hardcoded into the test driver, no option to read from a
	testfile is implemented at this time.

	storage: Add ParseSourceString function for use with FindPoolSources.
	This will simplify adding FindPoolSources support to more pool backends in
	the future (as well as the test driver).

	storage: Break out function to add pool source to a SourceList.
	Similar in theory to *AssignDef type functions, this duplicate functionality
	will be used by an future FindPoolSources implementations.

	storage: Break out pool source parsing to a separate function.
	We need to parse a source XML block for FindPoolSources, so this is a step
	in sharing the parsing. The new storage pool XML 2 XML tests cover this area
	pretty well to ensure we aren't causing regressions.

2009-10-28  Chris Lalancette  <clalance@redhat.com>

	Update the documentation for virDomainMigrateToURI

2009-10-28  Paolo Bonzini  <pbonzini@redhat.com>

	Add support for an external TFTP boot server
	This patch adds an optional attribute to the <bootp> tag, that
	allows to specify a TFTP server address other than the address of
	the DHCP server itself.

	This can be used to forward the BOOTP settings of the host down to the
	guest.  This is something that configurations such as Xen's default
	network achieve naturally, but must be done manually for NAT.

	* docs/formatnetwork.html.in: Document new attribute.
	* docs/schemas/network.rng: Add it to schema.
	* src/conf/network_conf.h: Add it to struct.
	* src/conf/network_conf.c: Add it to parser and pretty printer.
	* src/network/bridge_driver.c: Put it in the dnsmasq command line.
	* tests/networkxml2xmlin/netboot-proxy-network.xml
	  tests/networkxml2xmlout/netboot-proxy-network.xml
	  tests/networkxml2xmltest.c: add new tests

2009-10-27  Cole Robinson  <crobinso@redhat.com>

	test: Support virNodeDeviceCreate and virNodeDeviceDestroy

2009-10-27  Dan Kenigsberg  <danken@redhat.com>

	Fix some typos in comments

2009-10-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix problems in the Xen inotify driver.
	In xenInotifyXendDomainsDirLookup() the wrong UUID variable is used
	to search in the config info list.

	In xenInotifyEvent() the event is dispatched if it's NULL.

	Both were introduced in bc898df2c74fe3c8efedfbbd430737bac950e65e.

2009-10-26  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix error message in qemudLoadDriverConfig()
	* src/qemu/qemu_conf.c: change the error message to refer to
	  'cgroup_controllers' instead of 'cgroup_device_acl'

2009-10-26  Chris Lalancette  <clalance@redhat.com>

	Add a new syntax-check rule for gethostname.
	We should always be using virGetHostname in place of
	gethostname; thus add in a new syntax-check rule to make
	sure no new uses creep in.

	Various syntax-check fixes.
	Make a pass over the syntax-check files, tightening up regex's,
	un-ignoring certain files, and cleaning things up.

	Tighten up nonreentrant syntax-check.
	We can slightly tighten up the regex's used to detect the use of
	nonreentrant functions.  We can also check src/util/virterror.c
	by modifying a comment; I think it's worth it to get the additional
	coverage.

	Replace a gethostname by virGetHostname in libvirtd.c

	Replace two strcmp() by STREQ() in qemu_driver.c

	Replace gethostname by virGetHostname in xend_internal.c

	Remove a completely bogus reference increment in the Xen driver.
	xenUnifiedDomainEventRegister() calls out to
	virDomainEventCallbackListAdd(), which increments the reference
	count on the connection.  That is fine, but then
	xenUnifiedDomainEventRegister() increments the usage count again,
	leading to a usage count leak.  Remove the increment in the xen
	register, and the UnrefConnect in the xen unregister.

	Add a default log_level to qemudSetLogging to remove a build warning.
	(original patch from Charles Duffy)

	Better error message when libvirtd fails to start.

2009-10-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix potential false-positive OOM error reporting.
	If no matching device was found (cap == NULL) then no strdup() call
	was made and *wwnn and *wwpn are untouched. Checking them for NULL
	in this situation may result in reporting an false-positive OOM error
	because *wwnn and *wwpn may be initialized to NULL by the caller.

	Only check *wwnn and *wwpn for NULL if a matching device was found
	(cap != NULL) and thus strdup() was called.

	* src/conf/node_device_conf.c: only report an OOM error if there
	  really is one

2009-10-22  Daniel Veillard  <veillard@redhat.com>

	Consolidate virXPathNodeSet()
	virXPathNodeSet() could return -1 when doing an evaluation failure
	due to xmlXPathEval() from libxml2 behaviour.
	* src/util/xml.c: make sure we always return 0 unless the returned
	  XPath type is of the wrong type (meaning the query passed didn't
	  evaluate to a node set and code must be fixed)

2009-10-21  Richard Jones  <rjones@redhat.com>

	Support QEMU watchdog device.
	This adds simple support for configuring a guest with a QEMU/KVM
	virtual hardware watchdog device.

2009-10-21  Dan Kenigsberg  <danken@redhat.com>

	Do not log rotate very small logs
	Without this, after few weeks without use, each defined domain grows a
	tail of empty gzipped logs, instead of keeping just the last log of
	interest.

	* daemon/libvirtd.logrotate.in: only rotate when the log is over 100 KBytes

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	528575 avoid libvirtd crash on LCX domain autostart
	https://bugzilla.redhat.com/show_bug.cgi?id=528575
	virsh -c lxc:/// autostart vm1
	was crashing the daemon

	* src/lxc/lxc_conf.h src/lxc/lxc_conf.c: initialize the driver
	  autostartDir to avoid a NULL reference and implement autostart for LXC

2009-10-21  Jim Fehlig  <jfehlig@novell.com>

	Fix virsh.c compilation warning
	* tools/virsh.c: call to vshError() containing 'doexit' parameter
	  sneaked in after said parameter was removed

	Fix SELinux linking issues
	* src/Makefile.am: add selinux CFLAGS and linker flags to security driver

2009-10-21  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement missing macaddr assignment feature
	Currently MAC address configuration of container veth is just ignored.
	This patch implements the missing feature.

	* src/lxc/veth.c, src/lxc/veth.h: add setMacAddr
	* src/lxc/lxc_driver.c: set macaddr of container veth if specified

2009-10-21  Daniel Veillard  <veillard@redhat.com>

	Fix a make dist error due to wrong EXTRA_DIST paths
	* tests/Makefile.am: networkpoolxml2xmlout and networkpoolxml2xmlin are
	  really networkxml2xmlout and networkxml2xmlin

2009-10-20  Cole Robinson  <crobinso@redhat.com>

	node device: Break out get_wwns and get_parent_node helpers
	These will be used by the test driver, so move them to a shareable space.

	node device: Fix locking issue in virNodeDeviceDestroy
	Certain error paths won't unlock the node device object.

2009-10-20  Cole Robinson  <crobinso@redhat.com>

	tests: Centralize VIR_TEST_DEBUG lookup, and document it
	Provide a simple interface for other tests to lookup the testDebug variable.
	Also remove a redundant error message in interface tests.

	If anyone feels inclined to change this env variable to match the existing
	LIBVIRT_* format, it should now be easier to do so.

2009-10-20  Cole Robinson  <crobinso@redhat.com>

	tests: Initialize virRandom in for test suite.
	Otherwise any virRandom calls will result in a segfault.

2009-10-19  Daniel P. Berrange  <berrange@redhat.com>

	Remove bogus const annotations to hash iterator
	Most of the hash iterators need to modify either payload of
	data args. The const annotation prevents this.

	* src/util/hash.h, src/util/hash.c: Remove const-ness from
	  virHashForEach/Iterator
	* src/xen/xm_internal.c: Remove bogus casts

2009-10-19  Dan Kenigsberg  <danken@redhat.com>

	fix virDomainMigrateToURI doc
	* src/libvirt.c: remove reverences to non existent dconn parameter
	  when using that entry point.

2009-10-19  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix virCgroupGetValueStr problem with \n
	A cgroup file returns integer value terminated with '\n' and remaining
	it has sometimes harmful effects, for example it leads virStrToLong_ull
	to fail.
	* src/util/cgroup.c: strip out terminating \n when reading a value

2009-10-17  Matthias Bolte  <matthias.bolte@googlemail.com>

	Remove bashisms from schema tests.
	Introduced in commit 39a7be470cc5477a96a4d53194291bf4c7b07185.

	* tests/*schematest: replace 'source' with '.'
	* tests/schematestutils.sh: remove 'function' keyword and add '()'

2009-10-16  Cole Robinson  <crobinso@redhat.com>

	tests: Add storage volume XML 2 XML tests.

	tests: Add network XML to XML tests.

	schema: Update network schema.
	Make things a bit more readable, and properly handle forward mode 'route'.

	tests: Add XML 2 XML tests for storage pools.
	Move existing schema data to an input directory. Add extra files for more
	thorough XML testing.

	tests: Break out duplicate schema verification functionality.
	All schema tests have identical functionality, so avoid the duplication.

	tests: Fix text output for interface XML 2 XML

2009-10-15  Mark McLoughlin  <markmc@redhat.com>

	Don't copy old machines from a domain which has none
	If the the qemu and kvm binaries are the same, we don't include machine
	types in the kvm domain info.

	However, the code which refreshes the machine types info from the
	previous capabilities structure first looks at the kvm domain's info,
	finds it matches and then copies the empty machine types list over
	for the top-level qemu domain.

	That doesn't make sense, we shouldn't copy an empty machin types list.

	* src/qemu/qemu_conf.c: qemudGetOldMachinesFromInfo(): don't copy an
	  empty machine types list.

2009-10-15  Laine Stump  <laine@laine.org>

	Avoid crash in virBufferEscapeString
	* src/util/buf.c: if virBufferEscapeString was called on a buffer that
	  had 0 bytes of space, a size of -1 will be passed to snprintf, resulting
	  in a segmentation fault, this preallocate some space.

2009-10-14  Jim Fehlig  <jfehlig@novell.com>

	Add ocfs2 to list of fs pool types
	* src/conf/storage_conf.c src/conf/storage_conf.h: extend the enums
	  and values
	* docs/schemas/storagepool.rng: add to the list of storage pool type
	  formats

2009-10-14  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC complement PATH environment variable
	* src/lxc/lxc_driver.c: without PATH, the controller will definitely
	  fail to call ip command

2009-10-14  Chris Lalancette  <clalance@redhat.com>

	Finer grained migration control
	Normally, when you migrate a domain from host A to host B,
	the domain on host A remains defined but shutoff and the domain
	on host B remains running but is a "transient".  Add a new
	flag to virDomainMigrate() to allow the original domain to be
	undefined on source host A, and a new flag to virDomainMigrate() to
	allow the new domain to be persisted on the destination host B.

2009-10-14  Daniel Veillard  <veillard@redhat.com>

	Release of 0.7.2

	Fixing ca.po

	Updated and regenerated localizations
	* de.po ja.po it.po hi.po gu.po or.po mr.po ml.po kn.po ru.po pl.po
	  pa.po te.po ta.po: many updates

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	network: Fix printing XML 'delay' attribute
	When specifying bridge delay via network XML define, we were looking for
	the 'delay' attribute, but would dump the value as 'forwardDelay'. Have
	the output match the expected input (and schema).

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix virFileReadLimFD/virFileReadAll to handle EINTR
	The fread_file_lim() function uses fread() but never handles
	EINTR results, causing unexpected failures when reading QEMU
	help arg info. It was unneccessarily using FILE * instead
	of plain UNIX file handles, which prevented use of saferead()

	* src/util/util.c: Switch fread_file_lim over to use saferead
	  instead of fread, remove FILE * use, and rename

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	storage: Fix generating iscsi 'auth' xml
	We were missing a closing tag, so the XML wasn't proper.

	schema: Update storage pool schema.
	- mpath pools weren't listed
	- scsi pools were missing an adapter section
	- iscsi pools were missing an auth section
	- Logical pools do not require a source name to be specified

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	remote: Don't print a warning every time a remote call fails
	$ sudo virsh pool-start idontexist
	10:58:18.716: warning : processCallDispatchReply:7612 : Method call error
	error: failed to get pool 'idontexist'
	error: Storage pool not found: no pool with matching name 'idontexist'

	That warning doesn't server much purpose being printed via a virsh call. So
	remove the message.

2009-10-13  Cole Robinson  <crobinso@redhat.com>

	storage: Report errors in FindPoolSources

	test: Activate interfaces specified through driver config file.
	This matches the behavior of domains, storage, etc. Also, fix up some
	whitespace issues in the area.

2009-10-13  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU restore from file in raw format
	The logic for running the decompression programs was broken in
	commit f238709304f9f6c57204cdd943e542cbae38fa5f, so that for
	non-raw formats the decompression program was never run, and
	for raw formats, it tried to exec an argv[] with initial NULL
	in the program name.

	* src/qemu/qemu_driver.c: Fix logic in runing decompression program

2009-10-13  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC fix return code handling in lxcVmStart
	In lxcVmStart we first should not reuse rc for another purpose
	than the return value.

	* src/lxc/lxc_driver.c: don't reuse rc for local procedure calls

2009-10-13  Daniel Veillard  <veillard@redhat.com>

	Add a target for libvirt.devhelp
	* docs/Makefile.am: the lack of a target for devhelp/libvirt.devhelp
	  broke 'make dist'

	Fix a missing % on endif in spec file
	* libvirt.spec.in: missing % broke 'make rpm'

2009-10-12  Mark McLoughlin  <markmc@redhat.com>

	Take domain type into account when looking up default machine
	If one has e.g.

	  <guest>
	    <os_type>hvm</os_type>
	    <arch name='x86_64'>
	      <wordsize>64</wordsize>
	      <emulator>/usr/bin/qemu-system-x86_64</emulator>
	      <machine>pc-0.11</machine>
	      <machine canonical='pc-0.11'>pc</machine>
	      <machine>pc-0.10</machine>
	      <machine>isapc</machine>
	      <domain type='qemu'>
	      </domain>
	      <domain type='kvm'>
	        <emulator>/usr/bin/kvm</emulator>
	        <machine>pc</machine>
	        <machine>isapc</machine>
	      </domain>
	    </arch>
	  </guest>

	and start a guest with:

	  <domain type='kvm'>
	    ...
	    <os>
	      <type arch='x86_64'>hvm</type>
	      ...
	    </os>
	  </domain>

	then the default machine type should be 'pc' and not 'pc-0.11'

	Issue was reported by Anton Protopopov.

	* src/capabilities.[ch]: pass the domain type to
	  virCapabilitiesDefaultGuestArch() and use it to look up the default
	  machine type from a specific guest domain if needed.

	* src/conf/domain_conf.c, src/xen/xm_internal.c: update

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.xml: update
	  the domain type to 'kvm' and remove the machine type to check
	  that the default gets looked up correctly

2009-10-12  Mark McLoughlin  <markmc@redhat.com>

	Fix schema to allow missing machine type
	The domain/os/type element may have an arch specified without having
	a machine variant specified. In fact, this is what python-virtinst
	does when defining a guest.

	* docs/schemas/domain.rng: allow missing machine type

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Rewrite example domain events programm for python
	The existing python demo for domain events does not fully
	implement the event loop contract. This makes the code useless
	for real world applications. This change re-writes the demo so
	that it has a full event loop implementation which is suitable
	for application usage & better demonstrates integration

	* examples/domain-events/events-python/event-test.py: Rewrite
	  to include a real world usable event loop implementation

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Remove some auto-generated files
	Removes some auto-generated files still under version control.
	It also moves the rule for generating NEWS into the Makefile.am
	that's in the same directory as the output file to avoid confusion

	* docs/libvirt-api.xml, docs/libvirt-refs.xml, NEWS: Remove
	  auto-generated files from source control
	* Makefile.am: Add rule for generating NEWS file
	* docs/Makefile.am: Remove rule for generating NEWS file

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Support a new peer-to-peer migration mode & public API
	Introduces several new public API options for migration

	 - VIR_MIGRATE_PEER2PEER: With this flag the client only
	   invokes the virDomainMigratePerform method, expecting
	   the source host driver to do whatever is required to
	   complete the entire migration process.
	 - VIR_MIGRATE_TUNNELLED: With this flag the actual data
	   for migration will be tunnelled over the libvirtd RPC
	   channel. This requires that VIR_MIGRATE_PEER2PEER is
	   also set.
	 - virDomainMigrateToURI: This is variant of the existing
	   virDomainMigrate method which does not require any
	   virConnectPtr for the destination host. Given suitable
	   driver support, this allows for all the same modes as
	   virDomainMigrate()

	The URI for VIR_MIGRATE_PEER2PEER must be a valid libvirt
	URI. For non-p2p migration a hypervisor specific migration
	URI is used.

	virDomainMigrateToURI without a PEER2PEER flag is only
	support for Xen currently, and it involves XenD talking
	directly to XenD, no libvirtd involved at all.

	* include/libvirt/libvirt.h.in: Add VIR_MIGRATE_PEER2PEER
	  flag for migration
	* src/libvirt_internal.h: Add feature flags for peer to
	  peer migration (VIR_FEATURE_MIGRATE_P2P) and direct
	  migration (VIR_MIGRATE_PEER2PEER mode)
	* src/libvirt.c: Implement support for VIR_MIGRATE_PEER2PEER
	  and virDomainMigrateToURI APIs.
	* src/xen/xen_driver.c: Advertise support for DIRECT migration
	* src/xen/xend_internal.c: Add TODO item for p2p migration
	* src/libvirt_public.syms: Export virDomainMigrateToURI
	  method
	* src/qemu/qemu_driver.c: Add support for PEER2PEER and
	  migration, and adapt TUNNELLED migration.
	* tools/virsh.c: Add --p2p and --direct args and use the
	  new virDomainMigrateToURI method where possible.

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Re-arrange doTunnelMigrate to simplify cleanup code
	Re-arrange the doTunnelMigrate method putting all non-QEMU local
	state setup steps first. This maximises chances of success before
	then starting destination QEMU for receiving incoming migration.
	Altogether this can reduce the number of goto cleanup labels to
	something more managable.

	* qemu/qemu_driver.c: Re-order steps in doTunnelMigrate

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Separate out code for sending tunnelled data
	Simplify the doTunnelMigrate code by pulling out the code for
	sending all tunnelled data into separate helper

	* qemu/qemu_driver.c: introduce doTunnelSendAll() method

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Pull connection handling code out of doTunnelMigrate
	Simplify the doTunnelMigrate() method by pulling out the code
	which opens/closes the virConnectPtr  object into a parent
	method

	* qemu/qemu_driver.c: Add doPeer2PeerMigrate which then calls
	  doTunnelMigrate with dconn & dom_xml

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix stream abort upon I/O failure during migration
	virStreamAbort is needed when the caller wishes to terminate
	the stream early, not when virStreamSend fails.

	* qemu/qemu_driver.c: Fix calling of virStreamAbort during
	  tunnelled migration

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Refactor native QEMU migration code
	The code for tunnelled migration was added in a dedicated method,
	but the native migration code is still inline in the top level
	qemudDomainMigratePerform() API. Move the native code out into
	a dedicated method too to make things more maintainable.

	* src/qemu/qemu_driver.c: Pull code for performing a native
	  QEMU migration out into separate method

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Don't force dconn to be NULL in virDomainMigrate
	The code for tunnelled migration wierdly required the app to pass
	a  NULL 'dconn' parameter, only to have to use virConnectOpen
	itself shortly thereafter to get a 'dconn' object. Remove this
	bogus check & require the app to always pas 'dconn' as before

	* src/libvirt.c: Require 'dconn' for virDomainMigrate calls again
	  and remove call to virConnectOpen

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Remove unneccessary uri_in parameter from virMigratePrepareTunnel
	Since virMigratePrepareTunnel() is used for migration over the
	native libvirt connection, there is never any need to pass the
	target URI to this method.

	* daemon/remote.c, src/driver.h, src/libvirt.c, src/libvirt_internal.h,
	  src/qemu/qemu_driver.c, src/remote/remote_driver.c,
	  src/remote/remote_protocol.c, src/remote/remote_protocol.h,
	  src/remote/remote_protocol.x: Remove 'uri_in' parameter from
	  virMigratePrepareTunnel() method

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Move the VIR_DRV_FEATURE* constants
	Move the VIR_DRV_FEATURE* constants into libvirt_internal.h
	since these flags are indicating whether  APIs in the
	libvirt_internal.h file are supported by a driver

	* src/driver.h: Remove VIR_DRV_FEATURE* constants
	* src/libvirt_internal.h: Add VIR_DRV_FEATURE* constants, using
	  an enum instead of #define
	* src/internal.h: pull in libvirt_internal.h

2009-10-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix configure.ac message vertical alignment
	* configure.in: Align messages in configuration summary

2009-10-08  Amy Griffis  <amy.griffis@hp.com>

	LXC add augeas support for config file
	* src/lxc/libvirtd_lxc.aug src/lxc/test_libvirtd_lxc.aug: augeas schemas
	  for lxc.conf
	* src/Makefile.am libvirt.spec.in: glue the new augeas files in

	LXC add driver config file lxc.conf
	* src/lxc/lxc.conf: new configuration file, there is currently one
	  tunable "log_with_libvirtd" that controls whether an lxc controller will
	  log only to the container log file, or whether it will honor libvirtd's
	  log output configuration. This provides a way to have libvirtd and its
	  children log to a single file.  The default is to log to the container
	  log file.
	* src/Makefile.am libvirt.spec.in: add the new file
	* src/lxc/lxc_conf.[ch] src/lxc/lxc_driver.c: read the new log value
	  from the configuration file and pass the log informations when
	  starting up a container.

	LXC do not truncate container log files on restart
	* src/lxc/lxc_driver.c: use O_APPEND instead of O_TRUNC when opening
	  the log file on lxcVmStart()

	LXC initialize logging configuration
	* src/lxc/lxc_driver.c src/lxc/lxc_controller.c: before launching the
	  lxc controller, have the lxc driver query the log settings and setup
	  envp[]. This provides the advantage of honoring the actual log
	  configuration instead of only what had been set in the environment.
	  The lxc controller now simply has to call virLogSetFromEnv().

	Add debug for envp[] in virExecWithHook()
	* src/util/util.c: output some debug if caller of virExecWithHook have
	  set envp[]

2009-10-08  Amy Griffis  <amy.griffis@hp.com>

	Add accessors for logging filters and outputs
	When configuring logging settings, keep more information about the
	output destination. Add accessors to retrieve the filter and output
	settings in the original string form; this to be used to set up
	environment for a child process that also logs.

	* src/util/logging.[ch]: add virLogGetFilters and virLogGetOutputs
	  accessors and modify the internals (including virLogDefineOutput())
	  to save the data needed for the accessors

2009-10-08  Amy Griffis  <amy.griffis@hp.com>

	Add virFileAbsPath() utility
	* src/util/util.[ch]: Add virFileAbsPath() function to ensure an
	  absolute path for a potentially realtive path.
	* src/libvirt_private.syms: add it in libvirt private symbols

2009-10-08  Jamie Strandboge  <jamie@canonical.com>

	Documentation and examples for SVirt Apparmor driver
	* docs/drvqemu.html.in: include documentation for AppArmor sVirt
	  confinement
	* examples/apparmor/TEMPLATE examples/apparmor/libvirt-qemu
	  examples/apparmor/usr.lib.libvirt.virt-aa-helper
	  examples/apparmor/usr.sbin.libvirtd: example templates and
	  configuration files for SVirt Apparmor when using KVM/QEmu

	sVirt AppArmor security driver
	* configure.in: look for AppArmor and devel
	* src/security/security_apparmor.[ch] src/security/security_driver.c
	  src/Makefile.am: add and plug the new driver
	* src/security/virt-aa-helper.c: new binary which is used exclusively by
	  the AppArmor security driver to manipulate AppArmor.
	* po/POTFILES.in: registers the new files
	* tests/Makefile.am tests/secaatest.c tests/virt-aa-helper-test:
	  tests for virt-aa-helper and the security driver, secaatest.c is
	  identical to seclabeltest.c except it initializes the 'apparmor'
	  driver instead of 'selinux'

2009-10-08  Cole Robinson  <crobinso@redhat.com>

	cgroup: Fix -Werror breakage

2009-10-08  Daniel P. Berrange  <berrange@redhat.com>

	Misc win32 build fixes
	* daemon/Makefile.am: Fix missing sasl rule
	* src/datatypes.c: Add unistd.h to avoid gnulib bug
	* src/util/cgroup.c: Disable mntent if not available

2009-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix handling return value of qemuMonitorSetBalloon
	* src/qemu/qemu_driver.c: The positive return value of
	  qemuMonitorSetBalloon should be handled as a success

2009-10-07  Ryota Ozaki  <ozaki.ryota@gmail.com>

	LXC implement memory control APIs
	The patch implements the missing memory control APIs for lxc, i.e.,
	domainGetMaxMemory, domainSetMaxMemory, domainSetMemory, and improves
	domainGetInfo to return proper amount of used memory via cgroup.

	* src/libvirt_private.syms: Export virCgroupGetMemoryUsage
	  and add missing virCgroupSetMemory
	* src/lxc/lxc_driver.c: Implement missing memory functions
	* src/util/cgroup.c, src/util/cgroup.h: Add the function
	  to get used memory

2009-10-07  Jamie Strandboge  <jamie@canonical.com>

	Add a domain argument to SVirt *RestoreImageLabel
	When James Morris originally submitted his sVirt patches (as seen in
	libvirt 0.6.1), he did not require on disk labelling for
	virSecurityDomainRestoreImageLabel. A later commit[2] changed this
	behavior to assume on disk labelling, which halts implementations for
	path-based MAC systems such as AppArmor and TOMOYO where
	vm->def->seclabel is required to obtain the label.

	* src/security/security_driver.h src/qemu/qemu_driver.c
	  src/security/security_selinux.c: adds the 'virDomainObjPtr vm'
	  argument back to *RestoreImageLabel

2009-10-07  Chris Lalancette  <clalance@redhat.com>

	Fix up "make check"
	While running make check, I noticed that it was actually using
	the virsh binary from my system, in /usr/bin/virsh, and not the
	one that was just compiled.  This is actually caused by a bug
	in Makefile.am, where we didn't update the PATH to include tools.

	While here, I also updated all of the scripts to properly define
	the srcdir, abs_top_srcdir, and abs_top_builddir environment
	variables.  This is required if you want to be able to run the
	tests standalone (i.e. ./test instead of from make check).  I've
	tested this on both RHEL-5 and Fedora-10 machines, and make check
	works on both, as does running the individual tests by hand.

2009-10-06  Mark McLoughlin  <markmc@redhat.com>

	Create /var/log/libvirt/{lxc,uml} dirs
	Otherwise logrotate barfs:

	  error: error accessing /var/log/libvirt/uml: No such file or directory
	  error: libvirtd:1 glob failed for /var/log/libvirt/uml/*.log
	  error: found error in /var/log/libvirt/qemu/*.log /var/log/libvirt/uml/*.log /var/log/libvirt/lxc/*.log , skipping

	* qemud/Makefile.am: always create /var/log/libvirt/{lxc,uml} when
	  installing the logrotate conf; not ideal, but easier than making
	  the logrotate conf depend on which drivers are enabled

2009-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix rebuilding of devhelp files
	The devhelp/ directory files depend on libvirt-api.xml being
	uptodate, but automake always processes SUBDIRS before the
	current directory. So devhelp would be built and then the
	libvirt-api.xml re-build, invalidating the devhelp data again.

	To fix this all the rules for devhelp are moved directly
	into the docs/Makefile.am allowing make to see the global
	dependancy chain and thus build things in the correct order

	* docs/Makefile.am: Add rules for devhelp rebuild
	* docs/devhelp/Makefile.am: Remove devhelp rebuild
	* configure.in: Remove docs/devhelp/Makefile.am

2009-10-06  Daniel P. Berrange  <berrange@redhat.com>

	Fix ordering of <exports> in API description file
	* docs/apibuild.py: Make uniq() function sort keys before returning
	  them to ensure consitent ordering of <exports> in XML file

2009-10-05  Cole Robinson  <crobinso@redhat.com>

	test: Support loading node device info from file/XML
	Also add some XML examples.

	node conf: Make parsing routines consistent with other drivers
	Add virNodeDeviceParseFile, and make virNodeDeviceParseNode non-static. These
	will be used by the test driver.

	test: Implement node device driver.
	Add a simple 'computer' device for the default driver. Only implement
	the basic calls, no creation or destroy happening.

	nodedev: Break out virNodeDeviceHasCap to node_conf
	Will be used by test driver node device implementation.

	nodedev: Add locking in nodeNumOfDevices

	test: Throw a proper error in GetBridgeName
	Throw error in GetBridgeName if net has no bridge.

	python: Add a newline after custom classes
	In the generated bindings, custom classes are squashed against the following
	class, which hurts readability.

2009-10-05  Cole Robinson  <crobinso@redhat.com>

	python: Fix generated virInterface method names
	A mistake in the generator was causing virInterface methods to be generated
	with unpredicatable names ('ceUndefine', instead of just 'undefine'). This
	fixes the method names to match existing convention.

	Does anyone care if we are breaking API compat? My guess is that no one is
	using the python interface bindings yet.

2009-10-05  Cole Robinson  <crobinso@redhat.com>

	python: Use a pure python implementation of 'vir*GetConnect'
	The API docs explictly warn that we shouldn't use the C vir*GetConnect calls
	in bindings: doing so can close the internal connection pointer and cause
	things to get screwy. Implement these calls in python.

	python: Don't generate bindings for vir*Ref
	They are only for use in implementing the bindings, so shouldn't be
	exposed to regular API users.

2009-10-05  Cole Robinson  <crobinso@redhat.com>

	python: Don't generate conflicting conn.createXML functions.
	A special case in the generator wasn't doing its job, and duplicate
	conn.createXML functions were being generated. The bindings diff is:

	@@ -1079,14 +1079,6 @@ class virConnect:
	         return __tmp

	     def createXML(self, xmlDesc, flags):
	-        """Create a new device on the VM host machine, for example,
	-           virtual HBAs created using vport_create. """
	-        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	-        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	-        __tmp = virNodeDevice(self, _obj=ret)
	-        return __tmp
	-
	-    def createXML(self, xmlDesc, flags):
	         """Launch a new guest domain, based on an XML description
	           similar to the one returned by virDomainGetXMLDesc() This
	           function may requires privileged access to the hypervisor.
	@@ -1327,6 +1319,14 @@ class virConnect:
	         __tmp = virNetwork(self, _obj=ret)
	         return __tmp

	+    def nodeDeviceCreateXML(self, xmlDesc, flags):
	+        """Create a new device on the VM host machine, for example,
	+           virtual HBAs created using vport_create. """
	+        ret = libvirtmod.virNodeDeviceCreateXML(self._o, xmlDesc, flags)
	+        if ret is None:raise libvirtError('virNodeDeviceCreateXML() failed', conn=self)
	+        __tmp = virNodeDevice(self, _obj=ret)
	+        return __tmp
	+
	     def nodeDeviceLookupByName(self, name):
	         """Lookup a node device by its name. """
	         ret = libvirtmod.virNodeDeviceLookupByName(self._o, name)

2009-10-05  Cole Robinson  <crobinso@redhat.com>

	python: Remove use of xmllib in generator.py
	xmllib has been deprecated since python 2.0, and running the generator throws
	a warning. Move to using xml.sax

	python: Remove FastParser from generator.
	FastParser uses sgmlop, a non-standard python module meant as a replacement
	for xmllib (which is deprecated since python 2.0). Fedora doesn't even carry
	this module, and the generator doesn't have high performance requirements, so
	just rip the code out.

	configure: Add explict --with-python option.
	--with-python currently already works for enabling/disabling the python
	bindings, but doesn't show up in the help output.

2009-10-05  Daniel Veillard  <veillard@redhat.com>

	526769 change logrotate config default to weekly
	* daemon/libvirtd.logrotate.in: change to weekly rotation of logs,
	  keep a month worth of data and also extend to cover LXC and UML
	  domain logs

2009-10-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in Makefile.am breaking NEWS file generation
	* docs/Makefile.am: Fix syntax error in NEWS rule, '$' should be '$$'
	  to escape correctly

2009-10-02  Daniel P. Berrange  <berrange@redhat.com>

	Fix emission of domain events messages
	The code which updated the message length after writing the
	payload wrote the updated length word in the wrong place since
	the XDR object was given a buffer pointing to the start of the
	header payload, rather than message start.

	* daemon/remote.c: Fix updating of event message length so that
	  we actually send the payload, not just the header

2009-10-02  Paolo Bonzini  <pbonzini@redhat.com>

	unbreak `make rpcgen'
	Fix "make rpcgen", broken by the directory reorganization.

	* src/Makefile.am (rpcgen): Fix path to rpcgen_fix.pl.

2009-10-02  Paolo Bonzini  <pbonzini@redhat.com>

	unbreak migration
	Fix migration, broken in two different ways by the QEMU monitor
	abstraction.  Note that the QEMU console emits a "\r\n" as the
	line-ending.

	* src/qemu/qemu_monitor_text.c (qemuMonitorGetMigrationStatus):
	Fix "info migrate" command and its output's parsing.

2009-10-02  Chris Lalancette  <clalance@redhat.com>

	Tunnelled migration.
	Implementation of tunnelled migration, using a Unix Domain Socket
	on the qemu backend.  Note that this requires very new versions of
	qemu (0.10.7 at least) in order to get the appropriate bugfixes.

2009-10-01  Jiri Denemark  <jdenemar@redhat.com>

	Fix build in separate build directory
	* cfg.mk: use $(srcdir)/ prefix for Makefile.nonreentrant include
	* examples/domain-events/events-c/Makefile.am tools/Makefile.am
	  examples/hellolibvirt/Makefile.am: extend the include paths to
	  use $(top_srcdir)/include too.

2009-10-01  Paolo Bonzini  <pbonzini@redhat.com>

	Fix documentation and comment typos
	Fix a few mispellings :-) of "successfully" and regenerate
	docs/libvirt-*.xml.
	* src/libvirt.c: Fix typos.
	* src/secret/secret_driver.c: Fix typos.
	* docs/libvirt-api.xml: Regenerate.
	* docs/libvirt-refs.xml: Regenerate.

2009-10-01  Chris Lalancette  <clalance@redhat.com>

	Various monitor improvements for migration.
	The upcoming tunnelled migration needs to be able to set
	a migration in progress in the background, as well as
	be able to cancel a migration when a problem has happened.
	This patch allows for both of these to properly work.

2009-10-01  Mark McLoughlin  <markmc@redhat.com>

	Fix USB device re-labelling
	A simple misplaced break out of a switch results in:

	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./vendor': No such file or directory
	  libvir: error : Failed to open file '/sys/bus/pci/devices/0000:00:54c./device': No such file or directory
	  libvir: error : this function is not supported by the hypervisor: Failed to read product/vendor ID for 0000:00:54c.

	when trying to passthrough a USB host device to qemu.

	* src/security_selinux.c: fix a switch/break thinko

2009-10-01  Daniel Veillard  <veillard@redhat.com>

	Avoid a libvirtd crash on broken input 523418
	* src/conf/domain_conf.c: a simple typo in an XML domain file could lead
	  to a crash, because we called STRPREFIX() on the looked up value without
	  checking it was non-null.

2009-09-30  Florian Vichot  <florian.vichot@diateam.net>

	Incorrect error message in virDomainNetDefParseXML
	* src/conf/domain_conf.c: when declaring a <interface type="bridge">
	  tag, <source> needs a "bridge" attribute, but the parser complains
	  about a missing "dev" attribute.

2009-09-30  Daniel Veillard  <veillard@redhat.com>

	Fix a few 'make rpm' breakages
	* Makefile.am: examples/domain-events/events-python should be added
	  to dist tarball
	* libvirt.spec.in: there is no makefile in domain-events but in
	  domain-events/events-c and python/libvirtclass.txt has vanished

	523639 Allows a <description> tag for domains
	* docs/schemas/domain.rng: allow one <description> tag in the top level
	  of the <domain> to store user information as text
	* src/conf/domain_conf.c src/conf/domain_conf.h: extend the structure
	  to store this text, grab it at parse time and save it back when
	  present after <uuid>

2009-09-30  Chris Lalancette  <clalance@redhat.com>

	Add src/util/storage_file.c to the POTFILES.in.

	Add a qemu feature flag for unix socket migration.

	Pass remote_message_header to the dispatch functions.
	This is necessary for the dispatch functions to be able to use
	streams in the future.

	Let remoteClientStream only do RX if requested.
	Right now, the stream stuff assumes that a stream is always
	going to be used for transmit.  This is not the case, and in
	fact doesn't work with the tunnelled migration stuff.  Add
	a flag to remoteClientStream() to allow it to do RX only.

	Fix up a few typos in the tree.

	Fix up some warnings from stream DEBUG statements.

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix apibuild.py warnings
	Function comments for virStreamEvent{Add,Update,Remove}Callback() are
	missing a trailing ':'. Therefore apibuild.py fails to parse the comment
	and warns about the missing ':'.

	* docs/libvirt-api.xml, docs/libvirt-refs.xml: updated by apibuild.py
	* src/libvirt.c: add missing ':' in function comments

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Change signature of remoteSendStreamData() to fix compile warning
	The actual type of size_t is architecture dependent. Because the len
	parameter is used as unsigned int in remoteSendStreamData(), change its
	type to unsigned int.

	* daemon/dispatch.[ch]: change size_t to unsigned int for
	  remoteSendStreamData()

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Re-label image file backing stores
	Use virStorageFileGetMetadata() to find any backing stores for images
	and re-label them

	Without this, qemu cannot access qcow2 backing files, see:

	  https://bugzilla.redhat.com/497131

	* src/security/security_selinux.c: re-label backing store files in
	  SELinuxSetSecurityImageLabel()

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Add virStorageFileGetMetadata() helper
	* src/util/storage_file.c: add virStorageFileGetMetadata() so that
	  the caller does not need to open the file

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Move virStorageGetMetadataFromFD() to libvirt_util
	Finally, we get to the point of all this.

	Move virStorageGetMetadataFromFD() to virStorageFileGetMetadataFromFD()
	and move to src/util/storage_file.[ch]

	There's no functional changes in this patch, just code movement

	* src/storage/storage_backend_fs.c: move code from here ...

	* src/util/storage_file.[ch]: ... to here

	* src/libvirt_private.syms: export virStorageFileGetMetadataFromFD()

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Introduce virStorageFileMetadata structure
	Introduce a metadata structure and make virStorageGetMetadataFromFD()
	fill it in.

	* src/util/storage_file.h: add virStorageFileMetadata

	* src/backend/storage_backend_fs.c: virStorageGetMetadataFromFD() now
	  fills in the virStorageFileMetadata structure

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Split virStorageGetMetadataFromFD() from virStorageBackendProbeTarget()
	Prepare the code probing a file's format and associated metadata for
	moving into libvirt_util.

	* src/storage/storage_backend_fs.c: re-factor the format and metadata
	  probing code in preparation for moving it

2009-09-30  Mark McLoughlin  <markmc@redhat.com>

	Move file format enum to libvirt_util
	Rename virStorageVolFormatFileSystem to virStorageFileFormat and
	move to src/util/storage_file.[ch]

	* src/Makefile.am: add src/util/storage_file.[ch]

	* src/conf/storage_conf.[ch]: move enum from here ...

	* src/util/storage_file.[ch]: .. to here

	* src/libvirt_private.syms: update To/FromString exports

	* src/storage/storage_backend.c, src/storage/storage_backend_fs.c,
	  src/vbox/vbox_tmpl.c: update for above changes

2009-09-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix memory leaks in libvirtd's message processing
	Commit 47cab734995fa9521b1df05d37e9978eedd8d3a2 changed the way how
	qemud_client_message objects were reused. Before this commit
	remoteDispatchClientRequest() reused the received message for normal responses
	and to report non-fatal errors. If a fatal error occurred qemudWorker() frees
	the message. After this commit non-fatal errors are reported by
	remoteSerializeReplyError() using a new qemud_client_message object and the
	original message leaks.

	To fix this leak the original message has to be freed if
	remoteSerializeReplyError() succeeds. If remoteSerializeReplyError()
	fails the original message is freed in qemudWorker().

	* daemon/dispatch.c: free qemud_client_message objects that will not be reused
	  and would leak otherwise, also free the allocated qemud_client_message object
	  in remoteSerializeError() if an error occurs

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix QEMU test suite with new VNC env variable
	* qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.args,
	  qemuxml2argvdata/qemuxml2argv-graphics-vnc.args,
	  qemuxml2argvdata/qemuxml2argv-input-xen.args: Add in
	  QEMU_AUDIO_DRV=none env variable

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox vboxDomainDestroy forgot to wait for completion
	* src/vbox/vbox_tmpl.c: the vboxDomainDestroy forgot to wait for
	  completion of the PowerDown command

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Remove hand-crafted UUID parsers
	* src/libvirt.c: Remove hand-crafted UUID parsers in favour of
	  calling virParseUUID

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Allow control over QEMU audio backend
	When using VNC for graphics + keyboard + mouse, we shouldn't
	then use the host OS for audio. Audio should go back over
	VNC.

	When using SDL for graphics, we should use the host OS for
	audio since that's where the display is. We need to allow
	certain QEMU env variables to be passed through to guest
	too to allow choice of QEMU audio backend.

	* qemud/libvirtd.sysconf: Mention QEMU/SDL audio env vars
	* src/qemu_conf.c: Passthrough QEMU/SDL audio env for SDL display,
	  disable host audio for VNC display

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Handle data streams in remote client
	* src/remote_internal.c: Add helper APIs for processing data streams

	Handle outgoing data streams in libvirtd
	* daemon/dispatch.c: Set streamTX flag on outgoing data packets
	* daemon/qemud.h: Add streamTX flag to track outgoing data
	* daemon/qemud.c: Re-enable further TX when outgoing data packet
	  has been fully sent.
	* daemon/stream.h, daemon/stream.c: Add method for enabling TX.
	  Support reading from streams and transmitting data out to client

	Handle incoming data streams in libvirtd
	* daemon/stream.c: Handle incoming stream data packets, queuing until
	  stream becomes writable. Handle stream completion handshake
	* po/POTFILES.in: Add daemon/stream.c

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Helper functions for processing data streams in libvirtd
	Defines the extensions to the remote protocol for generic
	data streams. Adds a bunch of helper code to the libvirtd
	daemon for working with data streams.

	* daemon/Makefile.am: Add stream.c/stream.h to build
	* daemon/stream.c, qemud/stream.h: Generic helper functions for
	  creating new streams, associating streams with clients, finding
	  existing streams for a client and removing/deleting streams.
	* src/remote/remote_protocol.x: Add a new 'REMOTE_STREAM' constant
	  for the 'enum remote_message_type' for encoding stream data
	  in wire messages. Add a new 'REMOTE_CONTINUE' constant to
	  'enum remote_message_status' to indicate further data stream
	  messsages are expected to follow.  Document how the
	  remote_message_header is used to encode data streams
	* src/remote/remote_protocol.h: Regenerate
	* daemon/dispatch.c: Remove assumption that a error message
	  sent to client is always type=REMOTE_REPLY. It may now
	  also be type=REMOTE_STREAM. Add convenient method for
	  sending outgoing stream data packets. Log and ignore
	  non-filtered incoming stream packets. Add a method for
	  serializing a stream error message
	* daemon/dispatch.h:  Add API for serializing stream errors
	  and sending stream data packets
	* daemon/qemud.h: Add struct qemud_client_stream for tracking
	  active data streams for clients. Tweak filter function
	  operation so that it accepts a client object too.
	* daemon/qemud.c: Refactor code for free'ing message objects
	  which have been fully transmitted into separate method.
	  Release all active streams when client shuts down. Change
	  filter function to be responsible for queueing the message

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Add public API definition for data stream handling
	* include/libvirt/libvirt.h.in: Public API contract for
	  virStreamPtr object
	* src/libvirt_public.syms: Export data stream APIs
	* src/libvirt_private.syms: Export internal helper APIs
	* src/libvirt.c: Data stream API driver dispatch
	* src/datatypes.h, src/datatypes.c: Internal helpers for virStreamPtr
	  object
	* src/driver.h: Define internal driver API for streams
	* .x-sc_avoid_write: Ignore src/libvirt.c because it trips
	  up on comments including write()
	* python/Makefile.am: Add libvirt-override-virStream.py
	* python/generator.py: Add rules for virStreamPtr class
	* python/typewrappers.h, python/typewrappers.c: Wrapper
	  for virStreamPtr
	* docs/libvirt-api.xml, docs/libvirt-refs.xml: Regenerate
	  with new APIs

2009-09-29  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Vbox call OpenHardDisk with "" instead of NULL
	* src/vbox/vbox_tmpl.c: UTF-16 fixed version of Florian Vichot initial
	  patch

2009-09-29  Jim Fehlig  <jfehlig@novell.com>

	Avoid double free in errors in virsh
	* tools/virsh.c: it was possible to get vshDeinit to call itself back
	  via vshError, remove the doexit parameter of vshError to avoid the
	  possibility and make sure to exit directly after in those case.

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix crash in device hotplug cleanup code
	* src/qemu/qemu_driver.c: Fix crash in scenario where XML
	  parsing of hotplugged device failed & thus 'dev' is NULL

	Standardize debugging messages in QEMU monitor code
	* src/qemu/qemu_monitor_text.c: Always print command and reply
	  in qemuMonitorCommandWithHandler. Print all args in each monitor
	  command API & remove redundant relpy printing

	Remove low level monitor APIs from header file
	* src/qemu/qemu_monitor_text.h: Remove qemudMonitorCommand,
	  qemudMonitorCommandWithFd, qemudMonitorCommandWithHandler,
	  qemudMonitorCommandExtra low level APIs
	* src/qemu/qemu_monitor_text.c: Replace s/qemud/qemuMonitor/

	Add API for issuing 'host_net_remove' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorRemoveHostNetwork() command for removing host
	  networks
	* src/qemu/qemu_driver.c: Convert NIC hotplug methods over
	  to use qemuMonitorRemoveHostNetwork()

	Add API for issuing 'host_net_add' monitor command
	* src/qemu/qemu_conf.h, src/qemu/qemu_conf.c: Remove prefix arg
	  from qemuBuildHostNetStr which is no longer required
	* src/qemu/qemu_driver.c: Refactor to use qemuMonitorAddHostNetwork()
	  API for adding host network
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddHostNetwork() method for adding host networks

	Add API for issuing 'pci_add nic' monitor command
	* src/qemu/qemu_conf.c: Remove separator from qemuBuildNicStr()
	  args, and remove hardcoded 'nic' prefix. Leave it upto callers
	  instead
	* src/qemu/qemu_driver.c: Switch over to using the new
	  qemuMonitorAddPCINetwork() method for NIC hotplug
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddPCINetwork API for PCI network device hotplug

	Add API for issuing 'getfd' and 'closefd' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle
	  APIs for processing file handles
	* src/qemu/qemu_driver.c: Convert NIC hotplug method over to
	  use   qemuMonitorCloseFileHandle and qemuMonitorSendFileHandle

	Add API for issuing 'pci_add storage' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIDisk()
	* src/qemu/qemu_driver.c: Convert over to using the new
	  qemuMonitorAddPCIDisk() method, and remove now obsolete
	  qemudEscape() method

	Add API for issuing 'pci_del' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorRemovePCIDevice() for removing PCI device
	* src/qemu/qemu_driver.c: Convert all places removing PCI devices
	  over to new qemuMonitorRemovePCIDevice() API

	Add API for issuing 'pci_add host' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  API qemuMonitorAddPCIHostDevice()
	* src/qemu/qemu_driver.c: Switch to using qemuMonitorAddPCIHostDevice()
	  for PCI host device hotplug

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Add APIs for sending 'usb_add' command for host devices
	One API adds an exact device based on bus+dev, the other adds
	any device matching vendor+product

	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()
	  commands.
	* src/qemu/qemu_driver.c: Switch over to using the new
	    qemuMonitorAddUSBDeviceExact() and qemuMonitorAddUSBDeviceMatch()

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Add API for using 'usb_add' for disk devices
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorAddUSBDisk() API
	* src/qemu/qemu_driver.c: Switch USB disk hotplug to the new
	  src/qemu/qemu_driver.c API.

	Add API for issuing 'migrate' command with exec protocol
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorMigrateToCommand() API
	* src/qemu/qemu_driver.c: Switch over to using the
	  qemuMonitorMigrateToCommand() API for core dumps and save
	  to file APIs

	Add API for issuing a 'migrate' monitor command for TCP
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new API
	  qemuMonitorMigrateToHost() for doing TCP migration
	* src/qemu/qemu_driver.c: Convert to use qemuMonitorMigrateToHost().
	  Also handle proper URIs (tcp:// as well as tcp:)

	Add API for running 'info migration' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorGetMigrationStatus() command.
	* src/qemu/qemu_driver.c: Use new qemuMonitorGetMigrationStatus()
	  command to check completion status.

	Add API for issuing the 'migrate_set_speed' monitor command
	* src/qemu/qemu_driver.c: Use new qemuMonitorSetMigrationSpeed()
	  API during migration
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new
	  qemuMonitorSetMigrationSpeed() API

	Add API for issuing 'info blockstats' command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorGetBlockStatsInfo() command
	* src/qemu/qemu_driver.c: Remove directly use of blockstats in
	  favour of calling qemuMonitorGetBlockStatsInfo()

	Add APIs for issuing 'memsave' and 'pmemsave' monitor commands
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add new APIs
	  qemuMonitorSaveVirtualMemory() and qemuMonitorSavePhysicalMemory()
	* src/qemu/qemu_driver.c: Use the new qemuMonitorSaveVirtualMemory()
	  and qemuMonitorSavePhysicalMemory() APIs

	Add APIs for issuing 'eject' and 'change dev' monitor commands
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new APis
	  qemuMonitorChangeMedia and qemuMonitorEjectMedia. Pull in code
	  for qemudEscape
	* src/qemu/qemu_driver.c: Remove code that directly issues 'eject'
	  and 'change' commands in favour of API calls.

	Add API for issuing 'balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add new
	  qemuMonitorSetBalloon() based on existing code in
	  qemudDomainSetMemoryBalloon
	* src/qemu/qemu_driver.c: Remove use of qemudDomainSetMemoryBalloon()
	  in favour of qemuMonitorSetBalloon(). Fix error code when balloon
	  is not supported

	Add API for running 'info balloon' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Pull old
	  qemudDomainGetMemoryBalloon() code into a new method called
	  qemuMonitorGetBalloonInfo()
	* src/qemu/qemu_driver.c: Update to call qemuMonitorGetBalloonInfo()
	  and remove qemudDomainGetMemoryBalloon().

	Add API for the 'system_powerdown' monitor command
	* src/qemu/qemu_driver.c: Remove use of 'system_powerdown'
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorSystemPowerdown() api call

	Add API for 'stop' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a new
	  qemuMonitorStopCPUs() API
	* src/qemu/qemu_driver.c: Replace direct monitor commands for 'stop'
	  with qemuMonitorStopCPUs()

	Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Rename
	  Rename qemudMonitorSendCont to qemuMonitorStartCPUs
	* src/qemu/qemu_driver.c: Update callers for new name

	Add API for 'change vnc password' monitor command
	* src/qemu/qemu_monitor.c, src/qemu/qemu_monitor.h: Add a
	  new qemuMonitorSetVNCPassword() API
	* src/qemu/qemu_driver.c: Refactor qemudInitPasswords to
	  call qemuMonitorSetVNCPassword()

	Add API for 'info cpus' monitor command
	* src/qemu/qemu_monitor.h, src/qemu/qemu_monitor.c: Add a new
	  qemuMonitorGetCPUInfo() command
	* src/qemu/qemu_driver.c: Refactor qemudDetectVcpuPIDs to
	  use qemuMonitorGetCPUInfo()

2009-09-29  Daniel P. Berrange  <berrange@redhat.com>

	Pull QEMU monitor interaction out to separate file
	Pull out all the QEMU monitor interaction code to a separate
	file. This will make life easier when we need to drop in a
	new implementation for the forthcoming QMP machine friendly
	monitor support.

	Next step is to add formal APIs for each monitor command,
	and remove direct commands for sending/receiving generic
	data.

	* src/Makefile.am: Add qemu_monitor.c to build
	* src/qemu/qemu_driver.c: Remove code for monitor interaction
	* src/qemu/qemu_monitor_text.c, src/qemu/qemu_monitor_text.h: New
	  file for monitor interaction
	* po/POTFILES.in: Add src/qemu/qemu_monitor_text.c

2009-09-29  Laine Stump  <laine@laine.org>

	Maintain value of ctxt->node in virInterfaceDefParseDhcp
	* src/conf/interface_conf.c: This was causing subsequent calls to
	  virXPathxxx() to fail, since ctxt->node was left pointing at the
	  dhcp node, rather than the protocol node.

2009-09-29  Daniel Veillard  <veillard@redhat.com>

	Fix some XPath relative node resets
	* src/util/xml.c: The virXPath... function take extra care to preserve
	  the XPath context node (ctxt->node) but in the case of virXPathString
	  and virXPathBoolean they forgot to do this on the error path. This
	  patch fixes this and move all ctxt->node = relnode instuctions just
	  after the xmlXPathEval() to make sure this doesn't happen if this code
	  is modified.

2009-09-29  Mark McLoughlin  <markmc@redhat.com>

	util.h needs libvirt.h for virConnectPtr
	Seems standard to include internal.h in order to pull in libvirt.h

	* src/util/util.h: include internal.h

2009-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Don't require full daemon install for libvirt python bindings
	* libvirt.spec.in: libvirt-python only needs to depend on
	  libvirt-clients

2009-09-28  Daniel P. Berrange  <berrange@redhat.com>

	Fix API doc extractor to stop munging comment formatting
	The python method help docs are copied across from the C
	funtion comments, but in the process all line breaks and
	indentation was being lost. This made the resulting text
	and code examples completely unreadable. Both the API
	doc extractor and the python generator were destroying
	whitespace & this fixes them to preserve it exactly.

	* docs/apibuild.py: Preserve all whitespace when extracting
	  function comments. Print function comment inside a <![CDATA[
	  section to fully preserve all whitespace. Look for the
	  word 'returns' to describe return values, instead of 'return'
	  to avoid getting confused with code examples including the
	  C 'return' statement.
	* python/generator.py: Preserve all whitespace when printing
	  function help docs
	* src/libvirt.c: Change any return parameter indicated by
	  'return' to be 'returns', to avoid confusing the API extractor
	* docs/libvirt-api.xml: Re-build for fixed descriptions

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix cdub's surname spelling

2009-09-24  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte as commiter

2009-09-24  Charles Duffy  <charles@dyfis.net>

	Fix secret_driver compile warning, bug.
	Set def to NULL in secretLoad(), otherwise we can access a
	random pointer on error.

	Fix unitialized variable in qemudDomainDetachHostPciDevice()
	* src/qemu/qemu_driver.c: initialize detach var

2009-09-24  Mark McLoughlin  <markmc@redhat.com>

	Fix a typo in virNetHasValidPciAddr() too
	* src/conf/domain_conf.h: check domain/bus/slot, not domain/domain/slot

2009-09-24  Jiri Denemark  <jdenemar@redhat.com>

	Fix a typo in virDiskHasValidPciAddr()

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX: Check if a datastore is accessible first
	An inaccessible datastore has no valid URL property so don't
	access its URI property.

	* src/esx/esx_vi.c: esxVI_LookupDatastoreByName(): check if datastore is
	  accessible before accessing its URL property
	* src/esx/esx_vmx.c: update to changed datastore properties

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX remove phantom mode
	* src/esx/esx_driver.c: remove phantom mode

	ESX replace esxUtil_EqualSuffix() with virFileHasSuffix()
	* src/esx/esx_util.[ch]: remove esxUtil_EqualSuffix()
	* src/esx/esx_driver.c, src/esx/esx_vmx.c: replace esxUtil_EqualSuffix()
	  with virFileHasSuffix()

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX add esxDomainDefineXML()
	A given domain XML gets converted to a VMX config, uploaded to the host
	and registered as new virtual machine.

	* src/esx/esx_driver.c: refactor datastore related path parsing into
	  esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_util.[ch]: add esxUtil_ParseDatastoreRelatedPath()
	* src/esx/esx_vi.[ch]: add esxVI_Context_UploadFile(), add datastores to
	  the traversal in esxVI_BuildFullTraversalSpecList(), add
	  esxVI_LookupDatastoreByName()
	* src/esx/esx_vi_methods.[ch]: add esxVI_RegisterVM_Task()
	* src/esx/esx_vi_types.c: make some error message more verbose
	* src/esx/esx_vmx.[ch]: add esxVMX_AbsolutePathToDatastoreRelatedPath()
	  to convert a path into a datastore related path, add esxVMX_ParseFileName()
	  to convert from VMX path format to domain XML path format, extend the other
	  parsing function to be datastore aware, add esxVMX_FormatFileName() to
	  convert from domain XML path format to VMX path format, fix VMX ethernet
	  entry formating
	* tests/esxutilstest.c: add test for esxUtil_ParseDatastoreRelatedPath()
	* tests/vmx2xmldata/*: update domain XML files to use datastore related paths
	* tests/xml2vmxdata/*: update domain XML files to use datastore related paths,
	  update VMX files to use absolute paths

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX add esxVI_Occurence enum to for occurences
	Add esxVI_Occurence enum to describe expected occurence of items
	* src/esx/esx_driver.c: update the use of esxVI_LookupVirtualMachineByUuid()
	* src/esx/esx_vi.c: add an esxVI_Occurence parameter to
	  esxVI_LookupVirtualMachineByUuid() and take care if esxVI_FindByUuid()
	  can't find anything for a given uuid
	* src/esx/esx_vi.h: add esxVI_Occurence enum
	* src/esx/esx_vi_methods.c: expect null or more items to be returned
	  from esxVI_FindByUuid()

	ESX Whitespace cleanup

	ESX add x86_64 detection based on the CPUID
	* src/esx/esx_driver.c: add esxSupportsLongMode() and update esxCapsInit()
	* src/esx/esx_vi.[ch]: Add AnyType handling for lists
	* src/esx/esx_vi_types.c: bind VI type HostCpuIdInfo

	ESX add tests for the VMX to/from domain XML mapping
	* tests/.gitignore: ignore new test binaries
	* tests/Makefile.am: add new tests
	* tests/esxutilstest.c: test esxVMX_IndexToDiskName()
	* tests/vmx2xmldata/*: config files for the VMX to domain XML test
	* tests/vmx2xmltest.c: test the VMX to domain XML mapping
	* tests/xml2vmxdata/*: config files for the domain XML to VMX test
	* tests/xml2vmxtest.c: test the domain XML to VMX mapping

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Add esxDomainXMLToNative()
	Extend and cleanup the VMX to domain XML mapping. Add the domain XML to
	VMX mapping functions.

	* src/esx/esx_driver.c: add esxDomainXMLToNative()
	* src/esx/esx_vmx.[ch]: add esxVMX_SCSIDiskNameToControllerAndID(),
	  esxVMX_IDEDiskNameToControllerAndID(), esxVMX_FloppyDiskNameToController(),
	  esxVMX_GatherSCSIControllers(), add basic handling for the VMX guestOS entry
	  to distinguish between i686 and x86_64, make SCSI virtualDev VMX entry
	  optional as it should be, map the VMX networkName entry to the domain XML
	  interface bridge name, add basic mapping for serial devices in pipe mode,
	  add several esxVMX_Format*() functions

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Set challenge for auth callback to hostname
	This enables the auth callback to automatically distinguish between
	requests for ESX host and vCenter credentials.

	* src/esx/esx_util.[ch]: set challenge for auth callback to hostname

2009-09-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Add esxNodeGetFreeMemory()
	* src/esx/esx_driver.c: add esxNodeGetFreeMemory(), cache IP address
	* src/esx/esx_vi.[ch]: refactor resource pool query into esxVI_GetResourcePool()
	* src/esx/esx_vi_types.[ch]: bind VI type ResourcePoolResourceUsage

2009-09-23  Chris Lalancette  <clalance@redhat.com>

	Fix up "make syntax-check" after the tree restructuring.

2009-09-23  Paolo Bonzini  <pbonzini@redhat.com>

	network: add 'bootp' and 'tftp' config
	Currently, libvirtd will start a dnsmasq process for the virtual
	network, but (aside from killing the dnsmasq process and replacing it),
	there's no way to define tftp boot options.

	This change introduces the appropriate tags to the dhcp configuration:

	 <network>
	   <name>default</name>
	   <bridge name="virbr%d" />
	   <forward/>
	   <ip address="192.168.122.1" netmask="255.255.255.0">
	     <tftp root="/var/lib/tftproot" />
	     <dhcp>
	       <range start="192.168.122.2" end="192.168.122.254" />
	       <bootp file="pxeboot.img"/>
	     </dhcp>
	   </ip>
	 </network>

	When the attributes are present, these are passed to the
	arguments to dnsmasq:

	 dnsmasq [...] --enable-tftp --tftp-root /srv/tftp --dhcp-boot pxeboot.img
	               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
	                      from <tftp />                     from <bootp />

	At present, only local tftp servers are supported (ie, dnsmasq runs as
	the tftp server), but we could improve this in future by adding a
	server= attribute.


	2009-09-21  Paolo Bonzini  <pbonzini@redhat.com>
	            Jeremy Kerr  <jk@ozlabs.org>

		* docs/formatnetwork.html.in: Document new tags.
		* docs/formatnetwork.html: Regenerate.
		* docs/schemas/network.rng: Update.
		* src/network_conf.c (virNetworkDefFree): Free new fields.
		(virNetworkDHCPRangeDefParseXML): Parse <bootp>.
		(virNetworkIPParseXML): New, parsing <dhcp> and <tftp>.
		(virNetworkDefParseXML): Use virNetworkIPParseXML instead of
		virNetworkDHCPRangeDefParseXML.
		(virNetworkDefFormat): Pretty print new fields.
		* src/network_conf.h (struct _virNetworkDef): Add netboot fields.
		* src/network_driver.c (networkBuildDnsmasqArgv): Add
		TFTP and BOOTP arguments.

		* tests/Makefile.am (EXTRA_DIST): Add networkschemadata.
		* tests/networkschematest: Look in networkschemadata.
		* tests/networkschemadata/netboot-network.xml: New.

2009-09-22  Chris Lalancette  <clalance@redhat.com>

	Introduce virStrncpy.
	Add the virStrncpy function, which takes a dst string, source string,
	the number of bytes to copy and the number of bytes available in the
	dest string.  If the source string is too large to fit into the
	destination string, including the \0 byte, then no data is copied and
	the function returns NULL.  Otherwise, this function copies n bytes
	from source into dst, including the \0, and returns a pointer to the
	dst string.  This function is intended to replace all unsafe uses
	of strncpy in the code base, since strncpy does *not* guarantee that
	the buffer terminates with a \0.

2009-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix handling of Xen(ner) detection
	Latest upstream QEMU can be built with Xen support, which introduces
	a -xen-domid argument. This was  mistakenly detected as -domid due
	to old Xenner support. Adapt to cope with both syntax. Also only
	set domid if the virt type is xen, or the guest type is xen

	* src/qemu_conf.c, src/qemu_conf.h: Detect new -xen-domid flag in
	  preference to -domid.
	* tests/qemuxml2argvdata/qemuxml2argv-bootloader.args,
	  tests/qemuxml2argvdata/qemuxml2argv-input-xen.args: Add missing
	  -domid param
	* tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args: Remove bogus
	  -boot param.
	* tests/qemuxml2argvtest.c: Add missing QEMUD_CMD_FLAG_DOMID params

2009-09-22  Daniel P. Berrange  <berrange@redhat.com>

	Ignore auto-generated header file
	* include/libvirt/.gitignore: Ignore libvirt.h

2009-09-22  Matthias Bolte  <matthias.bolte@googlemail.com>

	Fix xen driver refcounting.
	The commit cb51aa48a777ddae6997faa9f28350cb62655ffd "Fix up connection
	reference counting." changed the driver closing and virConnectPtr
	unref-logic in virConnectClose().

	Before this commit virConnectClose() closed all drivers of the given
	virConnectPtr and virUnrefConnect()'ed it afterwards. After this
	commit the driver-closing is done in virUnrefConnect() if and only if
	the ref-count of the virConnectPtr dropped to zero.

	This change in execution order leads to a virConnectPtr leak, at least
	for connections to Xen.

	The relevant call sequences:

	virConnectOpen() -> xenUnifiedOpen() ...

	... xenInotifyOpen() -> virConnectRef(conn)

	... xenStoreOpen() -> xenStoreAddWatch() -> conn->refs++

	virConnectClose() -> xenUnifiedClose() ...

	... xenInotifyClose() -> virUnrefConnect(conn)

	... xenStoreClose() -> xenStoreRemoveWatch() -> virUnrefConnect(conn)

	Before the commit this additional virConnectRef/virUnrefConnect calls
	where no problem, because virConnectClose() closed the drivers
	explicitly and the additional refs added by the Xen subdrivers were
	removed properly. After the commit this additional refs result in a
	virConnectPtr leak (including a leak of the hypercall file handle;
	that's how I noticed this problem), because now the drivers are only
	close if and only if the ref-count drops to zero, but this cannot
	happen anymore, because the additional refs from the Xen subdrivers
	would only be removed if the drivers get closed, but that doesn't
	happen because the ref-count cannot drop to zero.

	The fix for this problem is simple: remove the
	virConnectRef/virUnrefConnect calls from the Xen subdrivers (see
	attached patch). Maybe someone could explain why the Xen Inotify and
	Xen Store driver do this extra ref-counting, but none of the other Xen
	subdrivers. It seems unnecessary to me and can be removed without
	problems.

2009-09-22  Dan Kenigsberg  <danken@redhat.com>

	Fix a number of small typos

2009-09-22  Ryota Ozaki  <ozaki.ryota@gmail.com>

	lxc: suspend/resume support
	* src/conf/domain_conf.c: Don't assume all virDomainObjPtr have
	  a non-NULL monitor_chr field in virDomainObjFormat.
	* src/lxc/lxc_driver.c: Implement suspend/resume driver APis
	* src/util/cgroup.c, src/util/cgroup.h: Support the 'freezer'
	  cgroup controller
	* src/libvirt_private.syms: Export virCgroupSetFreezerState
	  and virCgroupGetFreezerState

2009-09-22  Yuji NISHIDA  <nishidy@nict.go.jp>

	OpenVZ Fix a restriction about domain names
	* src/openvz/openvz_driver.c: try to autogenerate a non-conflicting
	  id for the domain and use the name field as the name not as id.

2009-09-22  Florian Vichot  <florian.vichot@diateam.net>

	add doc for graphic and video elements
	* docs/formatdomain.html.in: explain the new syntax of the video and
	  graphic elements in the domain XML

2009-09-22  Charles Duffy  <charles@dyfis.net>

	prevent attempt to call cat -c during virDomainSave to raw
	This was prevent virDomainSave from working properly by default,
	which is a bad thing.

2009-09-21  Chris Lalancette  <clalance@redhat.com>

	Fix up 'neccessary -> necessary' in a comment.

	Don't do virSetConnError when virDrvSupportsFeature is successful.

	Fix a double-free in qemudRunLoop()

	Fix up comments for domainXML{To,From}Native.

	Simple fix of a comment in qemuStringToArgvEnv.

	Remove an unnecessary variable from remoteIOReadMessage().

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Remove auto-generated header file from repo
	* include/libvirt/libvirt.h: Delete auto-generated file

	Tweak specfile to fix RHEL6 rules & ESX/PHYP enablement
	* libvirt.spec.in: ESX/PHYP drivers do not require libvirtd.
	  RHEL-6 should include LXC on all arches

	Move example XML files into examples/xml
	* docs/storage/: Move to examples/xml/storage/
	* docs/test*.xml: Move to examples/xml/test/
	* docs/Makefile.am: Remove example XML files from dist
	* Makefile.am: Add examples/xml to EXTRA_DIST
	* tests/virshtest.c: Update for moved test XML
	* libvirt.spec.in: Include example XML files as docs
	* tests/int-overflow: UPdate for moved XML

	Remove all generated docs from source control
	* docs/*.html, docs/devhelp/*.html, docs/html/*.html: Delete
	* docs/.gitignore, docs/devhelp/.gitignore, docs/html/.gitignore:
	  Ignore generated docs files
	* docs/Makefile.am: Rebuild all HTML docs for 'all' target
	  and include them in EXTRA_DIST and CLEANFILES
	* docs/devhelp/Makefile.am: Include HTML in CLEANFILES

	Fix missing data file in qemuhelpdata
	* tests/Makefile.am: Add missing data file to extra dist

	Misc syntax-check fixes

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Move remote protocol definition into src/remote/
	When making changes to the remote protocol, src/ is always built
	first, so rpcgen should live there, to avoid having to run make
	in the 'daemon/' directory before building src/

	* src/Makefile.am: Add rules for rpcgen, and drop -I../daemon from
	  remote client build
	* daemon/Makefile.am: Add -I../src/remote/ to libvirtd build
	  and remove rpcgen rules
	* daemon/libvirtd.c: Adapt include of remote_driver.h taking
	  into account new -I flag
	* daemon/remote_protocol.c, daemon/remote_protocol.h,
	  daemon/remote_protocol.x: Move to src/remote/
	* daemon/rpcgen_fix.pl: Move to src/remote/rpcgen_fix.pl

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Add a README file to src/ explaining the directory structure
	* src/README: New file

	Move all shared utility files to src/util/
	* src/bridge.c, src/bridge.h, src/buf.c, src/buf.h, src/cgroup.c,
	  src/cgroup.h, src/conf.c, src/conf.h, src/event.c, src/event.h,
	  src/hash.c, src/hash.h, src/hostusb.c, src/hostusb.h,
	  src/iptables.c, src/iptables.h, src/logging.c, src/logging.h,
	  src/memory.c, src/memory.h, src/pci.c, src/pci.h, src/qparams.c,
	  src/qparams.h, src/stats_linux.c, src/stats_linux.h,
	  src/threads-pthread.c, src/threads-pthread.h, src/threads-win32.c,
	  src/threads-win32.h, src/threads.c, src/threads.h, src/util.c,
	  src/util.h, src/uuid.c, src/uuid.h, src/virterror.c,
	  src/virterror_internal.h, src/xml.c, src/xml.h: Move all files
	  into src/util/
	* daemon/Makefile.am: Add -Isrc/util/ to build flags
	* src/Makefile.am: Add -Isrc/util/ to build flags and update for
	  moved files
	* src/libvirt_private.syms: Export cgroup APIs since they're now
	  in util rather than linking directly to drivers
	* src/xen/xs_internal.c: Disable bogus virEventRemoveHandle call
	  when built under PROXY
	* proxy/Makefile.am: Update for changed file locations. Remove
	  bogus build of event.c
	* tools/Makefile.am, tests/Makefile.am: Add -Isrc/util/ to build flags

	Move all XML configuration handling to src/conf/
	* src/capabilities.c, src/capabilities.h, src/domain_conf.c,
	  src/domain_conf.h, src/domain_event.c, src/domain_event.h,
	  src/interface_conf.c, src/interface_conf.h,
	  src/network_conf.c, src/network_conf.h, src/node_device_conf.c,
	  src/node_device_conf.h, src/secret_conf.c, src/secret_conf.h,
	  src/storage_conf.c, src/storage_conf.h, src/storage_encryption_conf.c,
	  src/storage_encryption_conf.h: Move to src/conf/
	* src/Makefile.am: Add -Isrc/conf to the individual build targets
	  which need to use XML config APIs. Remove LIBXML_CFLAGS, LIBSSH2_CFLAGS
	  and SELINUX_CFLAGS from global INCLUDES and only have them in build
	  targets which actually need them.  Create a libvirt_conf.la
	  convenience library for all config parsers
	* src/hostusb.h: Remove bogus include of domain_conf.h
	* tests/Makefile.am: Add -Isrc/conf. Remove bogus -I$builddir/src
	  since it never has any generated header files
	* daemon/Makefile.am: Add -Isrc/conf
	* proxy/Makefile.am: Add -Isrc/conf and cope with renamed files
	* src/hash.c: Remove bogus include of libxml/threads.h

	Make pki_check.sh into an installed & supported tool
	* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
	  in POD man page documentation
	* tools/.gitignore: Ignore generated virt-pki-validate file
	* tools/Makefile.am: Install & build virt-pki-validate and
	  virt-pki-validate.1
	* docs/remote.html, docs/remote.html.in: Refer to new tool
	  name virt-pki-validate
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
	  and virt-pki-validate.1 to files list

	Re-arrange python generator to make it clear what's auto-generated
	* README: New file describing what each file is used for
	* livvirt-override.c, libvirt-override.py, libvirt-override-api.xml,
	  libvirt-override-virConnect.py: Manually written code overriding
	  the generator
	* typewrappers.c, typewrappers.h: Data type wrappers
	* generator.py: Automatically pre-prend contents of libvirt-override.py
	  to generated libvirt.py. Output into libvirt.py directly instead of
	  libvirtclass.py. Don't generate libvirtclass.txt at all. Write C
	  files into libvirt.c/.h directly
	* Makefile.am: Remove rule for creating libvirt.py from libvirt-override.py
	  and libvirtclass.py, since generator.py does it directly

	Remove obsolete files
	* docs/Goals, RENAMES, mylibtool: Removed

	Move docs/examples into examples/
	* Makefile.am: Add examples/dominfo examples/domsuspend examples/python
	  as SUBDIRS
	* configure.in: Update AC_OUTPUT for new/old Makefiles
	* docs/Makefile.am: Remove examples from SUBDIRS
	* docs/examples/info1.c: Move to examples/dominfo/info1.c
	* docs/examples/suspend.c: Move to examples/domsuspend/suspend.c
	* docs/examples: Remove all remaining files
	* docs/examples/python: Moved to examples/python/
	* examples/dominfo/Makefile.am, examples/domsuspend/Makefile.am: New
	  build files
	* libvirt.spec.in: Update to take account of moved examples

	Remove unused images from docs/ directory
	* 16favicon.png, Libxml2-Logo-90x34.gif, libvirHeader.png,
	  libvirLogo.png, windows-cygwin-1.png, windows-cygwin-2.png,
	  windows-cygwin-3.png: Remove unreferenced files
	* Makefile.am: Remove deleted files from EXTRA_DIST

	Rename daemon main code
	* daemon/qemud.c: Rename to daemon/libvirtd.c
	* daemon/qemud.h: Rename to daemon/libvirtd.h
	* daemon/Makefile.am, daemon/dispatch.h, daemon/mdns.c,
	  daemon/remote.h: Update for renamed libvirtd.h file

	Move config files to align with driver sources
	* daemon/default-network.xml: Move to src/network/default.xml
	* daemon/libvirtd_qemu.aug, daemon/test_libvirtd_qemu.aug: Move
	  to src/qemu/
	* src/qemu.conf: Move to src/qemu/qemu.conf
	* daemon/Makefile.am: Remove rules for default-nmetwork.xml and
	  libvirtd_qemu.aug and test_libvirtd_qemu.aug. Fix typo in
	  uninstall-local that would install polkit again.
	* src/Makefile.am: Add rules for installing network/default.xml
	  and the qemu/*.aug files. Add test case for QEMU augeas files.
	  Add uninstall-local rule for files/directories created during
	  install. Rename install-exec-local to install-data-local.
	  Only install qemu.conf if WITH_QEMU is set.
	* tests/networkschematest: Update for XML location move

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Move virsh into tools/ directory
	Move the virsh tool and its man page into the tools directory

	* Makefile.am: Remove rules for virsh.1 man page
	* virsh.1: Remove auto-generated file
	* docs/Makefile.am: Remove rules for virsh.pod man page
	* docs/virsh.pod: Move to tools/ directory
	* src/Makefile.am, src/.gitignore: Remove rules for virsh
	* src/console.c, src/console.h, src/*.ico, src/virsh_win_icon.rc,
	  src/virsh.c: Move into tools/ directory
	* tools/Makefile.am: Add rules for building virsh
	* tools/.gitignore: Ignore virsh built files
	* tests/virshtest.c, tests/int-overflow: Update for new
	  virsh location

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Move security drivers to src/security/
	* src/Makefile.am, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
	  tests/seclabeltest.c: Adapt for changed paths
	* src/security.c: Rename to src/security/security_driver.c
	* src/security.h: Rename to src/security/security_driver.h
	* src/security_selinux.c, src/security_selinux.h: Move to src/security/

	Move secret driver into src/secret/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/secret_driver.c, src/secret_driver.h: Move to src/secret/

	Move netcf interface driver into src/interface/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/interface_driver.c: Rename to src/interface/netcf_driver.c
	* src/interface_driver.h: Rename to src/interface/netcf_driver.h

	Move network driver into src/network
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/network_driver.c: Rename to src/network/bridge_driver.c
	* src/network_driver.h: Rename to src/network/bridge_driver.h

	Move remote driver to src/remote/
	* daemon/mdns.c: Remove bogus include
	* daemon/qemud.c, src/Makefile.am, src/libvirt.c: Adapt for
	  changed paths
	* src/remote_internal.c: Rename to src/remote/remote_driver.c
	* src/remote_internal.h: Rename to src/remote/remote_driver.h

	Move test driver into src/test/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths
	* src/test.c: Rename to src/test/test_driver.c,
	* src/test.h: Rename to src/test/test_driver.h

	Move node device drivers to src/node_device/
	* daemon/qemud.c, src/Makefile.am: Update for changed paths
	* src/node_device*.{h,c}: Move to src/node_device/
	* src/storage/storage_backend.c: Remove bogus import of node_device.c

	Move storage drivers into src/storage/
	* daemon/qemud.c, src/Makefile.am: Adapt for changed paths
	* src/storage*.c, src/storage/*.h, src/parthelpre.c: Move
	  to src/storage/

	Move OpenVZ driver to src/openvz/
	* src/openvz_conf.c, src/openvz_conf.h, src/openvz_driver.c,
	  src/openvz_driver.h: Move to src/openvz/
	* src/Makefile.am, src/libvirt.c: Adjust for changed paths

	Move UML driver to src/uml/
	* src/uml_conf.c, src/uml_conf.h, src/uml_driver.c,
	  src/uml_driver.h: Move to src/uml/
	* daemon/qemud.c, src/Makefile.am: Adjust for changed paths

	Move QEMU driver to src/qemu/
	* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c,
	  src/qemu_driver.h: Move to src/qemu/
	* daemon/qemud.c, src/Makefile.am, tests/qemuargv2xmltest.c,
	  tests/qemuhelptest.c, tests/qemuxml2argvtest.c,
	  tests/qemuxml2xmltest.c: Adapt for changed paths

	Move LXC driver into src/lxc/
	* src/lxc_conf.c, src/lxc_conf.h, src/lxc_container.c,
	  src/lxc_container.h, src/lxc_controller.c, src/lxc_driver.c,
	  src/lxc_driver.h, src/veth.c, src/veth.h: Move to src/lxc/
	* src/opennebula/one_driver.c: Remove bogus veth.h include
	* src/Makefile.am: Adjust for lxc paths
	* daemon/qemud.c: Adjust include for lxc

	Move xen driver code into src/xen/ directory
	* src/Makefile.am, src/proxy_internal.c, src/proxy_internal.h
	  src/sexpr.c, src/sexpr.h, src/xen_unified.c, src/xen_unified.h,
	  src/xen_internal.c, src/xen_internal.h, src/xen_inotify.c,
	  src/xen_inotify.h, src/xend_internal.c, src/xend_internal.h,
	  src/xm_internal.c, src/xm_internal.h, src/xs_internal.c,
	  src/xs_internal.h: Move to src/xen/ directory
	* proxy/Makefile.am, proxy/libvirt_proxy.c, src/Makefile.am,
	  src/libvirt.c, tests/sexpr2xmltest.c, tests/statstest.c,
	  tests/xencapstest.c, tests/xmconfigtest.c, tests/xml2sexprtest.c:
	  Adapt to changed xen location
	* src/stats_linux.h, src/stats_linux.c: Remove xen specific block
	  stats APIs
	* src/qemu_driver.c, src/uml_driver.c: Add missing sys/un.h include
	  uncovered after change to stats_linux.h
	* src/xen/block_stats.h, src/xen/block_stats.c: Add xen specific
	  block stats APIs

	Rename qemud/ directory to daemon/
	* qemud/: Rename to daemon/
	* Makefile.am, configure.in, src/Makefile.am, src/remote_internal.c,
	  tests/Makefile.am, tests/eventtest.c: s/qemud/daemon/ where needed

2009-09-21  Daniel P. Berrange  <berrange@redhat.com>

	Refactor libvirt.spec to allow client-only builds
	Some architectures in certain RHEL versions do not include any
	hypervisors. Update the specfile to allow those to easily build
	a remote client only version of libvirt. ie no libvirtd related
	bits at all.

	* qemud/Makefile.am: Always instal SASL config since its needed
	  by client too
	* libvirt.spec.in: Re-factor specfile conditionals to allow entire
	  server side build to be disabled easily, eg a remote client only
	  build. Make RHEL-5 do client only build for s390/ppc. Make RHEL-6
	  do a client only build for all non-x86_64 archs. Enable LXC on
	  RHEL-6. Enable all Fedora >= 6 features on RHEL-6 too. Add some
	  more conditionals around dnsmasq/iptables/hal Requires tags.
	  Add missing e2fsprogs-devel BR for RHEL-5 as workaround for broken
	  parted. Fix the device mapper BR for RHEL-5. Add conditional rules
	  for ESX build. Add conditional rules for SELinux + HAL builds.
	  Fix a mistaken %{with_qemu} to be %{with_network} when setting
	  up default network XML

2009-09-21  Mark McLoughlin  <markmc@redhat.com>

	Fix leak in PCI hostdev hot-unplug
	* src/qemu_driver.c: sync the hostdev hot-unplug code with the disk/net
	  code.

2009-09-17  Mark McLoughlin  <markmc@redhat.com>

	Fix net/disk hot-unplug segfault
	When we hot-unplug the last device, we're currently double-freeing
	the device definition.

	Reported by Martin Banas here:

	  https://bugzilla.redhat.com/523953

	* src/qemu_driver.c: fix double free

2009-09-16  Shahar Klein  <shaharklein@yahoo.com>

	ESX add support for vmxnet3 virtual device
	* src/esx/esx_vmx.c: add it to the list of accepted devices when
	  parsing the Ethernet section.

2009-09-15  Jim Meyering  <meyering@redhat.com>

	doc: don't emit trailing blanks into generated and VC'd NEWS file
	* docs/Makefile.am ($(top_builddir)/NEWS): Filter out trailing
	white space.

2009-09-15  Daniel Veillard  <veillard@redhat.com>

	More whitespace problems

	Fix some last minute whitespace problems.

	Release of libvirt 0.7.1
	* configure.in docs/news.html.in libvirt.spec.in src/libvirt_public.syms:
	  updates to new release
	* NEWS docs/devhelp/libvirt-libvirt.html docs/html/libvirt-libvirt.html
	  docs/libvirt-api.xml docs/libvirt-refs.xml docs/news.html
	  include/libvirt/libvirt.h: regenerated

	Update a number of localizations and regenerate
	* as.po bn_IN.po de.po gu.po hi.po kn.po ko.po ml.po mr.po or.po pa.po
	  pl.po ta.po te.po zh_CN.po got updated

2009-09-15  Daniel P. Berrange  <berrange@redhat.com>

	Fix dlopen of secrets driver
	* src/Makefile.am: Add gnulib.la for base64 functions
	* src/libvirt_private.syms: Export virFileNameMatchesSuffix

2009-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Add UUID definition required by storage encryption import
	* docs/schemas/storagevol.rng: storage encryption rules require
	  that UUID type be defined

	Remove accidentally added UUID re-definition in storage schema
	* docs/schemas/storageencryption.rng: Remove UUID definition
	  since its provided by the domain.rng/storagevol.rng schemas
	  that import this

	Rebuild API docs

	Make secrets RNG more strict
	* docs/schemas/secret.rng: Require volume element to be an absolute
	  path. Fix whitespace indentation

	Fill in secret UUID for qcow encryption
	* src/storage_backend_fs.c: Lookup & fill in secret passphrase UUID
	  for storage volumes using encryption

	Add usage type/id as a public API property of virSecret
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in: Add
	  virSecretGetUsageType, virSecretGetUsageID and virLookupSecretByUsage
	* python/generator.py: Mark virSecretGetUsageType, virSecretGetUsageID
	  as not throwing exceptions
	* qemud/remote.c: Implement dispatch for virLookupSecretByUsage
	* qemud/remote_protocol.x: Add usage type & ID as attributes of
	  remote_nonnull_secret. Add RPC calls for new public APIs
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.c, src/datatypes.h: Add usageType and usageID as
	  properties of virSecretPtr
	* src/driver.h: Add virLookupSecretByUsage driver entry point
	* src/libvirt.c: Implement virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/libvirt_public.syms: Export virSecretGetUsageType, virSecretGetUsageID
	  and virLookupSecretByUsage
	* src/remote_internal.c: Implement virLookupSecretByUsage entry
	* src/secret_conf.c, src/secret_conf.h: Remove the
	  virSecretUsageType enum, now in public API. Make volume
	  path mandatory when parsing XML
	* src/secret_driver.c: Enforce usage uniqueness when defining secrets.
	  Implement virSecretLookupByUsage api method
	* src/virsh.c: Include usage for secret-list command

2009-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Fix UUID handling in secrets/storage encryption APIs
	Convert all the secret/storage encryption APIs / wire format to
	handle UUIDs in raw format instead of non-canonical printable
	format. Guarentees data format correctness.

	* docs/schemas/storageencryption.rng: Make UUID mandatory for a secret
	  and validate fully
	* docs/schemas/secret.rng: Fully validate UUID
	* include/libvirt/libvirt.h, include/libvirt/libvirt.h.in, Add
	  virSecretLookupByUUID and virSecretGetUUID. Make
	  virSecretGetUUIDString follow normal API design pattern
	* python/generator.py: Skip generation of virSecretGetUUID,
	  virSecretGetUUIDString and virSecretLookupByUUID
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl
	  of virSecretGetUUID,virSecretGetUUIDString and virSecretLookupByUUID
	* qemud/remote.c: s/virSecretLookupByUUIDString/virSecretLookupByUUID/
	  Fix get_nonnull_secret/make_nonnull_secret to use unsigned char
	* qemud/remote_protocol.x: Fix remote_nonnull_secret to use a
	  remote_uuid instead of remote_nonnull_string for UUID field.
	  Rename REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING to
	  REMOTE_PROC_SECRET_LOOKUP_BY_UUID_STRING and make it take an
	  remote_uuid  value
	* qemud/remote_dispatch_args.h, qemud/remote_dispatch_prototypes.h,
	  qemud/remote_dispatch_ret.h, qemud/remote_dispatch_table.h,
	  qemud/remote_protocol.c, qemud/remote_protocol.h: Re-generate
	* src/datatypes.h, src/datatypes.c: Store UUID in raw format instead
	  of printable. Change virGetSecret to use raw format UUID
	* src/driver.h: Rename virDrvSecretLookupByUUIDString to
	  virDrvSecretLookupByUUID and use raw format UUID
	* src/libvirt.c: Add virSecretLookupByUUID and virSecretGetUUID
	  and re-implement virSecretLookupByUUIDString and
	  virSecretGetUUIDString in terms of those
	* src/libvirt_public.syms: Add virSecretLookupByUUID and
	  virSecretGetUUID
	* src/remote_internal.c: Rename remoteSecretLookupByUUIDString
	  to remoteSecretLookupByUUID. Fix typo in args for
	  remoteSecretDefineXML impl. Use raw UUID format for
	  get_nonnull_secret and make_nonnull_secret
	* src/storage_encryption_conf.c, src/storage_encryption_conf.h:
	  Storage UUID in raw format, and require it to be present in
	  XML. Use UUID parser to validate.
	* secret_conf.h, secret_conf.c: Generate a UUID if none is provided.
	  Storage UUID in raw format.
	* src/secret_driver.c: Adjust to deal with raw UUIDs. Save secrets
	  in a filed with printable UUID, instead of base64 UUID.
	* src/virsh.c: Adjust for changed public API contract of
	  virSecretGetUUIDString.
	* src/storage_Backend.c: DOn't undefine secret we just generated
	  upon successful volume creation. Fix to handle raw UUIDs. Generate
	  a non-clashing UUID
	* src/qemu_driver.c: Change to use lookupByUUID instead of
	  lookupByUUIDString

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox bug when starting machine from old versions
	* src/vbox/vbox_tmpl.c: fix a bug where one can't start domains defined
	  with older builds or with empty "FRONTEND/Type" tag in their xml
	  files.

2009-09-14  Daniel P. Berrange  <berrange@redhat.com>

	Save vcpuinfo in status file
	* src/qemu_driver.c: Don't trust monitor for vcpu PID info on
	  restart
	* src/domain_conf.c: Save and load vCPU PID info from domain
	  status file

	Fix win32 platform build
	* configure.in: Only define WITH_SECRETS if libvirtd is present
	* src/Makefile.am: Only build secrets driver if WITH_SECRETS is
	  defined. Always add SECRET_DRIVER_SOURCES to EXTRA_DIST

	Restart libvirtd upon RPM upgrade
	* libvirt.spec.in: Restart libvirtd in %post

2009-09-14  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX cleanup of CPU model strings
	* src/esx/esx_driver.c: also strip (C) and (TM) from the CPU model
	  strings

	ESX avoid potential leaks
	* src/esx/esx_driver.c: reorder some function calls to avoid potential
	  virDomainPtr leaks

2009-09-14  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox 3.0.6 API change support
	* src/vbox/vbox_CAPI_v3_0.h: this includes minor API changes for VBox
	  3.0.6 released some days ago.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Add support for qcow encrypted volumes to qemu.
	Integrate with QEMU monitor to provide encryption passphrase when
	starting a guest using encrypted qcow volumes

	* src/qemu_driver.c (findDomainDiskEncryption,
	  findVolumeQcowPassphrase,
	  qemudMonitorSendVolumePassphrase, qemudMonitorSendCont): Send a volume
	  passphrase if qemu asks for it.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Provide missing passphrase when creating a volume.
	If the <encryption format='qcow'> element does not specify a secret
	during volume creation, generate a suitable secret and add it to the
	<encryption> tag.  The caller can view the updated <encryption> tag
	using virStorageVolGetXMLDesc().

	Similarly, when <encryption format='default'/> is specified while
	creating a qcow or qcow2-formatted volume, change the format to "qcow"
	and generate a secret as described above.

	* src/storage_encryption_conf.h (VIR_STORAGE_QCOW_PASSPHRASE_SIZE,
	  virStorageGenerateQcowPasphrase),
	  src/storage_encryption_conf.c (virStorageGenerateQcowPasphrase),
	  src/libvirt_private.syms: Add virStorageGenerateQcowPasphrase().
	* src/storage_backend.c (virStoragegenerateQcowEncryption,
	  virStorageBackendCreateQemuImg): Generate a passphrase and
	  <encryption> when creating a qcow-formatted encrypted volume and the
	  user did not supply the information.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Add virsh commands for secrets APIs
	* src/virsh.c: Add virsh commands.
	* docs/virsh.pod, virsh.1: Update documentation.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Local file implementation of secret driver API
	This implementation stores the secrets in an unencrypted text file,
	for simplicity in implementation and debugging.

	(Symmetric encryption, e.g. using gpgme, will not be difficult to add.
	Because the TLS private key used by libvirtd is stored unencrypted,
	encrypting the secrets file does not currently provide much additional
	security.)

	* include/libvirt/virterror.h, src/virterror.c (VIR_ERR_NO_SECRET): New
	  error number.
	* po/POTFILES.in, src/Makefile.am: Add secret_driver.
	* bootstrap: Use gnulib's base64 module.
	* src/secret_driver.c, src.secret_driver.h, src/libvirt_private.syms:
	  Add local secret driver.
	* qemud/qemud.c (qemudInitialize): Use the local secret driver.

2009-09-11  Miloslav Trmač  <mitr@redhat.com>

	Add an internal <secret> XML handling API
	Add a <secret> XML handling API, separate from the local driver, to
	avoid manually generating XML in other parts of libvirt.

	* src/secret_conf.c, src/secret_conf.h: New files.
	* po/POTFILES.in, src/Makefile.am: Add secret_conf.

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Mask out flags used internally for virSecretGetValue
	Add a VIR_SECRET_GET_VALUE_INTERNAL_CALL flag value, replacing the
	originally separate libvirt_internal_call parameter.  The flag is used
	to differentiate external virSecretGetValue() calls from internal calls
	by libvirt drivers that need to use the secret even if it is private.

	* src/libvirt_internal.h Remove VIR_DOMAIN_XML_FLAGS_MASK
	* src/driver.h Add VIR_SECRET_GET_VALUE_FLAGS_MASK constant and
	  VIR_SECRET_GET_VALUE_INTERNAL_CALL. Re-add the
	  VIR_DOMAIN_XML_FLAGS_MASK constant
	* src/libvirt.c (virSecretGetValue): Don't allow the user to specify
	  internal flags.

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix use of dlopen modules
	Remove the bogus dependancy between node_device.c & storage_backend.c
	by moving the virWaitForDevices into util.h where it can be shared
	safely

	* src/storage_backend_disk.c, src/storage_backend_logical.c,
	  src/storage_backend_mpath.c, src/storage_backend_scsi.c: Replace
	  virStorageBackendWaitForDevices with virFileWaitForDevices
	* src/storage_backend.c, src/storage_backend.h: Remove
	  virStorageBackendWaitForDevices, virWaitForDevices
	* src/util.h, src/util.c: Add virFileWaitForDevices
	* configure.in: Move xmlrpc check further down after pkgconfig
	  is detected
	* src/Makefile.am: Add missing XMLRPC_CFLAGS/LIBS to opennebula
	* src/libvirt_private.syms: Add many missing exports

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Consolidate "cont" into qemudMonitorSendCont()
	The interface allows qemudMonitorSendCont() to report errors that are
	not overridden by its callers.

	Also fix a potential infinite loop in qemuDomainCoreDump() if sending
	cont repeatedly fails.

	* src/qemu_driver.c (qemudMonitorSendCont): New function.
	  (qemudAutostartConfigs): Reset error before each call to
	  qemudStartVMDaemon().
	  (qemudInitCpus, qemudDomainResume, qemudDomainCoreDump,
	  qemudDomainRestore, qemudDomainMigratePerform,
	  qemudDomainMigrateFinish2): Use qemudMonitorSendCont().

2009-09-10  Miloslav Trmač  <mitr@redhat.com>

	Add <usage> to <secret> docs
	* docs/formatsecret.html.in, docs/formatsecret.html: Document <usage
	  type='volume'>, replacing stand-alone <volume>.
	* docs/schemas/secret.rng: Update schema to require <usage
	  type='volume'>

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Cleanup sec driver error reporting to use virReportSystemError
	* src/security_selinux.c: Use virReportSystemError whereever an
	  errno is involved
	* src/qemu_driver.c: Don't overwrite error message from the
	  security driver

	Support relabelling of USB and PCI devices
	* src/security.h: Driver API for relabelling host devices
	* src/security_selinux.c: Implement relabelling of PCI and USB
	  devices
	* src/qemu_driver.c: Relabel USB/PCI devices before hotplug

	Port QEMU driver to use USB/PCI device helpers
	* src/qemu_driver.c: Remove usbfs/sysfs iterator code and call
	  into generic helper APIs instead when setting device permissions

	Add helper APIs for iterating over PCI device resource files
	* src/pci.h, src/pci.c: Helper for iterating over PCI device
	  resource files
	* src/libvirt_private.syms: Export pciDeviceFileIterate

	Add helper module for dealing with USB host devices
	* src/Makefile.am: Add usb.h and usb.h to libvirt_util.la
	* src/libvirt_private.syms: Export symbols
	* src/usb.c, src/usb.h: Helper APIs for USB host devices

	Fix more OOM handling bugs
	* src/qemu_conf.c: Fix leak of values upon OOM
	* src/xend_internal.c: Fix missing check for OOM failure
	* tests/qemuargv2xmltest.c, tests/qemuxml2argvtest.c: Free
	  stateDir upon exit to avoid leak

	Fix logging buffer overrun read
	* src/logging.c: Fix buffer offset in logging read

2009-09-10  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc thread locking bugs / bogus warnings
	Fix all thread locking bugs reported by object-locking test
	case.

	NB, some of the driver locking is getting too coarse. Driver
	mutexes really need to be turned into RW locks instead to
	significantly increase concurrency.

	* src/lxc_driver.c: Fix useof driver when unlocked in the methods
	  lxcDomainGetInfo, lxcSetSchedulerParameters, and
	  lxcGetSchedulerParameters
	* src/opennebula/one_driver.c: Fix missing unlock in oneDomainUndefine.
	  Fix use of driver when unlocked in oneDomainGetInfo,
	  oneGetOSType, oneDomainShutdown
	* src/qemu_driver.c: Fix use of driver when unlocked in
	  qemudDomainSavem, qemuGetSchedulerType, qemuSetSchedulerParameters
	  and qemuGetSchedulerParameters
	* src/storage_driver.c: Re-work storagePoolCreate to avoid bogus
	  lock checking warning. Re-work storageVolumeCreateXMLFrom to
	  remove a potential NULL de-reference & avoid bogus lock check
	  warnings
	* src/test.c: Remove testDomainAssignDef since it break lock chekc
	  warnings.
	* tests/object-locking.ml: Add oneDriverLock, oneDriverUnlock
	  and one_driver_t methods/types to allow lock checking on the
	   OpenNebula drivers

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Test that domain-specific qemu machine types are used correctly
	* tests/testutilsqemu.c: add a machine types list for /usr/bin/kvm
	  which doesn't have any aliases, while the guest has aliases

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases2.*,
	  tests/qemuxml2argvtest.c: add a test using /usr/bin/kvm and make
	  sure that 'pc' machine type doesn't get canonicalized using the
	  aliases in the guest machine type list

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Simplify and fix qemudCanonicalizeMachine()
	The algorithm is quite simple:

	  If the emulator matches a guest's domain:
	    if domain has machine type info:
	      check the domain's machine type info
	    else
	      check the guest's default machine type info
	  else if the emulator matches the guest's default emulator:
	     check the guest's default machine type info

	The previous implementation was incorrectly falling back to the default
	machine type info if the domain's machine type info didn't have an
	alias.

	* src/qemu_driver.c: simplify and fix qemudCanonicalizeMachine()

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Probe machine types from kvm binary too
	Currently we only probe the main qemu binary for machine types, but we
	should also probe the kvm binary.

	* src/qemu_conf.c: probe kvm binary machines in qemudCapsInitGuest()

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Look up machine types from all domains in qemudGetOldMachines()
	Rather than just looking at the default domain info, look at all
	domains

	* src/qemu_conf.c: look at all domains in qemudGetOldMachines()

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Split up qemudGetOldMachines()
	We need to look at all the domain infos in guest capabilities, not
	just the defaults.

	In order to allow that, split out a qemudGetOldMachinesFromInfo()
	from qemudGetOldMachines(). We'll make more use of it in the next
	patch.

	* src/qemu_conf.c: split out qemudGetOldMachinesFromInfo() from
	  qemudGetOldMachines()

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Test qemu machine aliases
	* tests/testutilsqemu.c: make 'pc' an alias for qemu-system-x86_64

	* tests/qemuxml2argvdata/qemuxml2argv-machine-aliases1.*,
	  tests/qemuxml2argvtest.c: add a test which uses qemu-system-x86_64
	  and make sure the machine type is canonicalized.

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Re-factor qemu test machine allocation code
	* test/testutilsqemu.c: split out code to testQemuAllocMachines()
	  and make use of the ARRAY_CARDINALITY macro

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Canonicalize the qemu machine type in qemuxml2argvtest
	This doesn't have any affect on the current tests because we don't have
	any machine aliases in the current test data.

	* src/qemu_conf.h, src/qemu_driver.c: expose qemudCanonicalizeMachine()
	  for the tests

	* tests/qemuxml2argvtest.c: canonicalize the machine type

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Dump qemu driver capabilities if test debugging enabled
	* src/testutils.[ch]: make testDebug externally available

	* src/testutilsqemu.c: if VIR_TEST_DEBUG is set, dump the qemu
	  driver capabilities to stderr

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Fix formatting of machine types in capabilities XML
	* src/capabilities.c: fix machine type formatting in
	  virCapabilitiesFormatXML()

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Add qemu -help test data for qemu-kvm-0.11.0-rc2
	* tests/qemuhelpdata/qemu-kvm-0.11.0-rc2: add data

	* tests/qemuhelptest.c: add expected output

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Add a more featureful qemu capabilities test data
	Things added include

	  - x86_64 host
	  - Migration features
	  - NUMA topology
	  - Security model
	  - Canonical machine types
	  - Domain machine types
	  - An arm guest
	  - More machine types for mips, mipsel, sparc and ppc
	  - An x86_64 xenner guest

	This file was generated on a Fedora 12 machine using latest libvirt
	and qemu-kvm-0.11.0-rc2

	* tests/capabilityschemadata/caps-qemu-kvm.xml: add more features
	  to test

2009-09-10  Mark McLoughlin  <markmc@redhat.com>

	Add arm arch to capabilities schema
	* docs/schemas/capabilities.rng: add arm and sort arches

	Update capabilities schema to allow multiple machines per domain
	* docs/schemas/capabilities.rng: allow multiple machines per domain
	  just like they are allowed for guests

	Add esx and tcp migration uri transports to capabilities schema
	* docs/schemas/capabilities.rng: include esx and tcp uri_transport

2009-09-10  Chris Lalancette  <clalance@redhat.com>

	Fix regression from "Avoid polling on FDs with no events"
	After the mentioned patch was applied, I noticed that
	shutting down a kvm guest from inside (i.e. poweroff) caused
	the guest to shutdown, but not removed from the list of
	active guests.  DanB pointed out that the problem is that
	the virEventAddHandle() call in the qemu driver was asking
	to watch for 0 events, not HANGUP | ERROR as it should.  Add
	these events so that shutdown works again.

2009-09-10  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out more duplication
	* src/qemu_driver.c (qemudDomainRestore): Use the new ...TypeToString
	function here, too.

2009-09-10  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Close logfile fd after spawning qemu
	* src/qemu_driver.c: avoid a leak of file descriptor when exec'ing qemu

2009-09-10  Charles Duffy  <charles@dyfis.net>

	Reintroduce support for lzop compression
	lzop was removed due to some confusion over whether it provided functional
	advantages distinct from xz. This has been addressed in the mailing list post
	archived at http://permalink.gmane.org/gmane.comp.emulators.libvirt/16487, and
	support for lzop is re-added here.

	* libvirt.spec.in: add dependancy on lzop
	* src/qemu.conf: update documentation of save_image_format
	* src/qemu_driver.c: re-add lzop compression option

2009-09-09  Daniel Veillard  <veillard@redhat.com>

	Deprecate lzma and lzop in favor of xz, add dep
	* src/qemu_driver.c: drop lzma and lzop images compression options
	  as they are deprecated by xz
	* libvirt.spec.in: add requires for xz/bzip2/gzip as they are needed
	  to implement the compression options

2009-09-09  Maximilian Wilhelm  <max@rfc2324.org>

	Check for libssh2 >= 1.0 for phy driver
	* configure.in: phyp driver uses libssh2_session_block_directions()
	  which is only available in libssh2 >= 1.0, so check for this symbol
	  too when configuring

2009-09-09  Jim Meyering  <meyering@redhat.com>

	qemu_driver.c: factor out duplication in compression-type handling
	* src/qemu_driver.c (QEMUD_SAVE_FORMAT_LAST): Define.
	(qemudSaveCompressionTypeFromString): Declare.
	(qemudSaveCompressionTypeToString): Declare.
	(qemudDomainSave): Use those functions rather than open-coding them.
	Use "cat >> '%s' ..." in place of equivalent
	"dd of='%s' oflag=append conv=notrunc ...".

	also allow use of XZ for Qemu image compression
	* src/qemu_driver.c (enum qemud_save_formats) [QEMUD_SAVE_FORMAT_XZ]:
	New member.
	[QEMUD_SAVE_FORMAT_LZMA]: Mark as deprecated.
	Use an explicit value for each member.
	(qemudDomainSave, qemudDomainRestore): Handle the new member.
	* src/qemu.conf: Mention xz, too.

	openvz_conf.c: remove dead store to "p"; use strchrnul
	* src/openvz_conf.c (openvzReadNetworkConf): Replace open-coded
	while loop with equivalent use of strchrnul.
	* bootstrap (modules): Add strchrnul.

	build: update gnulib submodule to latest

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Remove some tabs used for indent

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid another leak in src/xend_internal.c
	* src/xend_internal.c: in xenDaemonLookupByID() if virGetDomain fails
	  free up the name

2009-09-08  Daniel Veillard  <veillard@redhat.com>

	Updated a number of localizations and regenerated

	Add flags and requires for Multipath storage
	* libvirt.spec.in: the new multipath module requires device-mapper
	  and device-mapper-devel for build

2009-09-08  Dave Allan  <dallan@redhat.com>

	Multipath storage support module
	* configure.in src/Makefile.am src/storage_backend.[ch]
	  src/storage_conf.[ch] src/storage_backend_mpath.[ch] po/POTFILES.in:
	  add a new module for storage multipath, it requires device-mapper

2009-09-08  Matthias Bolte  <matthias.bolte@googlemail.com>

	Avoid a leak in xenDaemonLookupByID
	* src/xend_internal.c: free name in xenDaemonLookupByID() if
	  virGetDomain() fails

2009-09-08  Miloslav Trmač  <mitr@redhat.com>

	Add a missing comment
	* src/libvirt_private.syms: Add a missing comment for
	  storage_encryption_conf.h entries

	Fix a pasto in storage_encryption_conf.c
	* src/storage_encryption_conf.c: small typo fix in top comment

2009-09-07  Jim Meyering  <meyering@redhat.com>

	xm_internal.c: remove four useless comparisons after strchr
	* src/xm_internal.c (xenXMDomainConfigParse): After t=strchr...
	don't test *t; it's known.  This was *not* detected by clang,
	but I spotted it since once instance was in the vicinity of the
	dead increment of "data".

	xm_internal.c: remove dead increment of "data"
	* src/xm_internal.c (xenXMDomainConfigParse): Don't increment it.

	network_driver.c: remove dead store to "err"
	* src/network_driver.c (networkSetAutostart): ...and its decl.

	iptables.c: remove dead store to "s"
	* src/iptables.c (iptablesAddRemoveRule): Remove dead store.

	util.c: avoid dead store to "flag"
	* src/util.c (virExecDaemonize): Change flag |= VAR to "flag | VAR".

	domain_conf.c: remove two dead stores
	* src/domain_conf.c (virDomainSaveXML): Remove use and decl of "err".
	(virDomainDefParseXML): Likewise.

	xm_internal.c: remove two ret=... dead stores
	* src/xm_internal.c (xenXMDomainCreate): Remove dead stores.

	xm_internal.c: remove dead stores of local, "type"
	* src/xm_internal.c (xenXMDomainConfigParse): Remove declaration
	and useless containing if-block, too.

2009-09-07  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox fix minor bugs in display and added OOM checks
	* src/vbox/vbox_tmpl.c: minor bug in selecting the graphics type. if the
	  graphics type was desktop it was assumed that display is set for it,
	  and thus crashed on strdup. Also adds a number of missing OOM checks.

2009-09-07  Jim Meyering  <meyering@redhat.com>

	network_conf.c: remove dead store to "err"
	* src/network_conf.c (virNetworkDefParseXML): ...and its decl.

	openvz_driver.c: avoid dead store to "err"
	* src/openvz_driver.c (openvzGenerateContainerVethName): Remove use
	and decl of "err".

	xend_internal.c: Remove two dead stores to "ret"
	* src/xend_internal.c (xenDaemonCreateXML): Don't set "ret" after
	last use.

	storage_driver.c: remove two dead stores to "backend"
	* src/storage_driver.c (storagePoolGetInfo, storagePoolDefine):
	Remove variable, backend, since its value was never used.

2009-09-07  Daniel Veillard  <veillard@redhat.com>

	Merge branch 'tmp'

2009-09-07  Matthias Bolte  <matthias.bolte@googlemail.com>

	Some close/fclose/closedir calls are missing
	* src/openvz_conf.c src/qemu_driver.c src/storage_backend_scsi.c
	  src/xen_inotify.c: closes various file descriptors leaks

2009-09-04  Jim Meyering  <meyering@redhat.com>

	lxc_container.c: avoid a leak on error paths
	* src/lxc_container.c (lxcContainerMountBasicFS): Don't leak upon failure.
	Add "cleanup:" label and change each post-allocation failure to
	use "goto cleanup" rather than returning immediately.

	qemu_conf.c: add a comment suggesting why we leave a dead-store
	* src/qemu_conf.c (qemuBuildHostNetStr): Do not remove the type_sep=','
	dead store, since not having it would be a problem if we ever add a
	new attribute=VAL option.

	hash.c: remove a dead store
	* src/hash.c (virHashFree): Remove useless assignment to inside_table.

	interface_conf.c: remove a dead-store and declaration
	* src/interface_conf.c (virInterfaceDefParseDhcp): Remove unused "old".

	eventtest.c: detect write failure and avoid dead stores
	* tests/eventtest.c (mymain): Exit nonzero upon write failure.
	This also avoids several dead stores of the form ret = safewrite...

	openvz_conf.c: Remove dead store to copy_fd
	* src/openvz_conf.c (openvz_copyfile): Remove unused assignment.

	storage_backend_logical.c: appease clang: remove useless increment
	* src/storage_backend_logical.c (virStorageBackendLogicalBuildPool):
	Don't increment "n" when we won't use the result.

2009-09-04  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX raise error if UUID parse failed
	* src/esx/esx_util.c: let esxUtil_GetConfigUUID() report an error if
	  virUUIDParse() fails

	ESX add domain undefine based on esxVI_UnregisterVM
	* src/esx/esx_driver.c: add esxDomainUndefine() based on
	  esxVI_UnregisterVM()
	* src/esx/esx_vi_methods.[ch]: add esxVI_UnregisterVM()

	ESX add esxGetCapabilities() with basic defaults
	* src/esx/esx_driver.c: add esxCapsInit() with default caps and add
	  esxGetCapabilities()

	ESX simplify SOAP request and response handling
	* src/esx/esx_vi.[ch]: convert esxVI_RemoteRequest_Execute() to a
	  simpler esxVI_Context_Execute() version, remove esxVI_RemoteRequest
	  and convert esxVI_RemoteResponse to esxVI_Response
	* src/esx/esx_vi_methods.c: update and simplify callers to use
	  esxVI_Context_Execute() instead of esxVI_RemoteRequest_Execute()

	ESX use virXPathNode*() to simplify XPath handling
	* src/esx/esx_vi.[ch]: use virXPathNode*() in
	  esxVI_RemoteRequest_Execute() and remove
	  esxVI_RemoteResponse_DeserializeXPathObject*()
	* src/esx/esx_vi_methods.c: update callers to use the new syntax of
	  esxVI_RemoteRequest_Execute()

	ESX: make esxVI_GetVirtualMachineIdentity() robust
	* src/esx/esx_driver.c: add configStatus to the requested properties
	  to check it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi.[ch]: add esxVI_GetManagedEntityStatus()
	  and use it in esxVI_GetVirtualMachineIdentity()
	* src/esx/esx_vi_types.[ch]: add VI type esxVI_ManagedEntityStatus

	ESX: Fix VMX path parsing and URL encoding
	* src/esx/esx_driver.c: handle spaces in VMX file path and use a
	  virBuffer to encode spaces correctly in the resulting URL
	* src/esx/esx_vi.c: include the URL in the error message in case
	  of a download error

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox add Storage Volume support
	* src/vbox/vbox_driver.c src/vbox/vbox_tmpl.c: adds the driver for
	  storage volumes

2009-09-04  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Fix several memory leaks
	* src/domain_conf.c src/network_conf.c src/qemu_conf.c
	  src/storage_backend_fs.c: various problems spotted by valgrind
	  through libvirt code

2009-09-04  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox driver cleanups
	* src/vbox/vbox_tmpl.c: a bit of cleanup

2009-09-04  Laine Stump  <laine@laine.org>

	Minor comment changes
	* src/libvirt.c: fix some minor grammer (and one other) nits in comments
	  that end up in generated API reference documentation

	Fix a memory leak in virsh
	* src/virsh.c: cmdNodeDeviceDumpXML wasn't freeing
	  virNodeDeviceGetXMLDesc() return string

2009-09-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix ID field in virDomainPtr after starting Xen VM
	* src/xend_internal.c: Lookup guest after starting persistent
	  config in order to refresh the domain ID field

2009-09-04  Daniel Veillard  <veillard@redhat.com>

	PHYP driver cleanups
	* libvirt.spec.in: activate phyp and fix the BuildDep to libssh2-devel
	* src/phyp/phyp_driver.c: fix a debug macro to use the normal logging API

2009-09-04  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	Switch Power Hypervisor to libssh2
	* configure.in src/Makefile.am: change detection and flags
	* src/phyp/phyp_driver.c src/phyp/phyp_driver.h: connection now
	  need to be done as part of the driver code, cleaned up by DV

2009-09-04  Chris Lalancette  <clalance@redhat.com>

	Allow libvirtd to RPC to external libvirtd
	* src/remote_internal.c: in remoteOpen() allow the daemon itself to make
	  RPCs to an external libvirtd, but only if the URI is fully specified.

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak of monitor character device
	* src/qemu_driver.c: Free the vm->monitor_chr field at VM shutdown.
	  Unlink the UNIX domain socket at VM shutdown to avoid littering
	  FS with old sockets

	Automatically set correct ownership of QEMU state directories
	* src/qemu_driver.c: Change ownership of /var/{lib,cache}/libvirt/qemu
	  to match user/group that QEMU VMs are configured to run as.

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Move QEMU monitor socket in /var/lib/libvirt/qemu
	Separate the guest created QEMU monitor socket location
	from the libvirtd create XML / PID data files, to improve
	security separation when running QEMU non-root

	* libvirt.spec.in: Leave /var/run/libvirt/qemu as root:root
	* src/qemu_conf.h: Add libDir and cacheDir directory paths
	* src/qemu_driver.c: Move QEMU monitor socket from
	  stateDir to libDir to avoid making security critical directory
	  accessible to QEMU guests.
	* src/util.c: Delay running hook till after damonizing to
	  ensure pidfile is still written before changing UID/GID

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Avoid polling on FDs with no events enabled
	If a file descriptor with events=0 was added to the libvirtd
	event loop, it would still be added to the poll() fds' array.
	While it wouldn't see any POLLIN/OUT events, it'd still get
	triggered for HANGUP/ERROR events which was not in compliance
	with the libvirt events API contract.

	* qemud/event.c: Don't poll on FDs with events=0
	* tests/eventtest.c: Add test case to validate fix to event.c

2009-09-03  Jim Meyering  <meyering@redhat.com>

	xen_internal.c: remove two unused local variables
	* src/xen_internal.c (xenHypervisorSetSchedulerParameters): Remove
	set-but-never-used local variables, cap_set and weight_set.

2009-09-03  Matthias Bolte  <matthias.bolte@googlemail.com>

	esx_vi: return -1 upon failure, as intended
	* src/esx/esx_vi.c (esxVI_Enumeration_Deserialize): Fix
	reversed goto and result=-1 statements.

2009-09-03  Jim Meyering  <meyering@redhat.com>

	python: let libvirt_virConnectDomainEventCallback indicate success
	* python/libvir.c (libvirt_virConnectDomainEventCallback): Return 0
	when successful, rather than always returning -1.
	clang flagged this function for its dead-store of "ret=0".
	Once "ret" was set to 0, it was never used, and
	the function would always return -1.

	mdns.c: remove dead initialization
	* qemud/mdns.c (libvirtd_mdns_client_callback): Remove dead
	initialization.

	node_device_conf.c: remove dead initialization
	* src/node_device_conf.c (virNodeDeviceDefFormat): Remove dead
	initialization.

	openvz_conf.c: don't use undefined local, "net"
	* src/openvz_conf.c (openvzReadNetworkConf): Initialize "net".
	Otherwise, upon openvzRead... failure, we would "goto error;"
	where an uninitialized "net" could be dereferenced.

	test.c: don't use undefined local, "def"
	* src/test.c (testOpenVolumesForPool): Upon early virAsprintf or
	virXPathNodeSet failure, "goto error" would take us to
	virStorageVolDefFree(def), but with "def" not defined.
	Initialize it to NULL.

	uml_conf.c: don't return an uninitialized pointer
	* src/uml_conf.c (umlBuildCommandLineChr): Initialize "ret".

	storage_backend.c: assure clang that inputvol can't be NULL
	* src/storage_backend.c: Include "internal.h".
	(virStorageBackendCopyToFD): Mark inputvol parameter as "nonnull".
	Remove test for non-NULL inputvol.  Both callers ensure it's non-NULL.

	libvir.c: avoid NULL dereference in virStoragePoolSetAutostart
	* src/libvirt.c (virStoragePoolSetAutostart): Return -1 if the pool
	argument is invalid, rather than "goto error" where we could dereference
	that possibly-NULL "pool".
	(virConnectFindStoragePoolSources): Likewise.
	(virConnectNumOfDomains): Likewise.
	Daniel P. Berrange spotted that the two latter functions
	needed the same treatment.

	remote_internal.c: appease clang
	* src/remote_internal.c (remoteNetworkOpen): Mark "conn" parameter
	as non-NULL.  Remove now-unnecessary "conn == NULL" test.
	(remoteDevMonOpen): Likewise.
	(remoteSecretOpen): Likewise.
	(remoteStorageOpen): Likewise.
	(remoteInterfaceOpen): Likewise.

	infra: define ATTRIBUTE_NONNULL to mark non-NULL parameters
	* src/internal.h (ATTRIBUTE_NONNULL): Define.

	lxc: don't unlink(NULL) in main
	* src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.

	lxc: avoid NULL dereference upon getmntent failure
	* src/lxc_container.c (lxcContainerUnmountOldFS): Don't pass
	a NULL pointer to qsort.

	storage_conf.c: avoid overflow upon use of "z" or "Z" (zebi) suffix
	* src/storage_conf.c (virStorageSize): Don't try to compute 1024^7,
	since it's too large for a 64-bit type.

	storage_backend_fs: avoid NULL dereference on opendir failure
	* src/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
	Don't call closedir on a NULL pointer.

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox cleanup and update of networking shutdown
	* src/vbox/vbox_tmpl.c: merged vboxNetworkUndefine() and
	  vboxNetworkDestroy() and added code to handle multiple hostonly
	  interfaces.

	VBox cleanup and update of networking XML functions
	* src/vbox/vbox_tmpl.c: merged vboxNetworkCreateXML() and
	  vboxNetworkDefineXML() and added code to handle multiple hostonly
	  interfaces.

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Add support for setting disk drive serial numbers
	* docs/schemas/domain.rng: Add <serial> element to disks
	* src/domain_conf.h, src/domain_conf.c: XML parsing and
	  formatting for disk serial numbers
	* src/qemu_conf.c: Set serial number when launching guests
	* tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.args,
	  tests/qemuxml2argvdata/qemuxml2argv-disk-drive-shared.xml: Add
	  serial number to XML test

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Support configuration of huge pages in guests
	Add option to domain XML for

	     <memoryBacking>
	        <hugepages/>
	     </memoryBacking>

	* configure.in: Add check for mntent.h
	* qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug, src/qemu.conf
	  Add 'hugetlbfs_mount' config parameter
	* src/qemu_conf.c, src/qemu_conf.h: Check for -mem-path flag in QEMU,
	  and pass it when hugepages are requested.
	  Load hugetlbfs_mount config parameter, search for mount if not given.
	* src/qemu_driver.c: Free hugetlbfs_mount/path parameter in driver shutdown.
	  Create directory for QEMU hugepage usage, chowning if required.
	* docs/formatdomain.html.in: Document memoryBacking/hugepages elements
	* docs/schemas/domain.rng: Add memoryBacking/hugepages elements to schema
	* src/util.c, src/util.h, src/libvirt_private.syms: Add virFileFindMountPoint
	  helper API
	* tests/qemuhelptest.c: Add -mem-path constants
	* tests/qemuxml2argvtest.c, tests/qemuxml2xmltest.c: Add tests for hugepage
	  handling
	* tests/qemuxml2argvdata/qemuxml2argv-hugepages.xml,
	  tests/qemuxml2argvdata/qemuxml2argv-hugepages.args: Data files for
	  hugepage tests

2009-09-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc OOM bugs
	* tests/testutils.c: Run test function twice, once to prime it for
	  static allocations, once to count the non-static allocations.
	* tests/testutilsqemu.c: Initialize variable correctl
	* src/capabilities.c: Don't free machines variable upon failure
	  since caller must do that
	* src/xm_internal.c: Add missing check for OOM in building VIF
	  config param

2009-09-03  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	VBox support for defining/dumping video devices
	* src/vbox/vbox_tmpl.c: add setting of video and acceleration in
	  VBox driver, and the ability to save this back for serialization

	Generic parsing support for video acceleration
	* docs/schemas/domain.rng: augment the video model with an optional
	  acceleration element with optional accel2d and accel3d flags
	* src/domain_conf.c src/domain_conf.h: exten the virDomainVideoDef
	  structure with an optional accel field, virDomainVideoAccelDefParseXML
	  and virDomainVideoAccelDefFormat functions to parse and serialize
	  the structure.

2009-09-02  Chris Lalancette  <clalance@redhat.com>

	Fix bugs in virDomainMigrate v2 code.
	Paolo Bonzini points out that in my refactoring of the code for
	virDomainMigrate(), I added a check for the return value from
	virDomainMigratePerform().  The problem is that we don't want to
	exit if we fail, we actually want to go on and do
	virDomainMigrateFinish2() with a non-0 return code to clean things
	up.  Remove the check.

	While reproducing this issue, I also noticed that we wouldn't
	always properly propagate an error message.  In particular, I
	found that if you blocked off the migration ports (with iptables)
	and then tried the migration, it would actually fail but we would
	get no failure output from Qemu.  Therefore, we would think we
	succeeded, and leave a huge mess behind us.  Execute the monitor
	command "info migrate", and look for a failure string in there
	as well.

2009-09-02  Matthias Bolte  <matthias.bolte@googlemail.com>

	VMware ESX: Don't warn on some query parameter
	* src/esx/esx_util.c: esxUtil_ParseQuery() warns if a known query
	  parameter should be ignored due to the corresponding char/int pointer
	  being NULL, instead of silently ignoring it. Fix the control flow.

	VMware ESX: Allow ethernet address type 'vpx'
	* src/esx/esx_vmx.c: add an extra type of addressType beside 'static'
	  and 'generated', 'vpx' indicates that the MAC address was generated
	  by a vCenter.

2009-09-02  Daniel P. Berrange  <berrange@redhat.com>

	Don't blindly reorder disk drives
	Calling qsort() on the disks array causes disk to be
	unneccessarily re-ordered, potentially breaking the
	ability to boot if the boot disk gets moved later in
	the list. The new algorithm will insert a new disk as
	far to the end of the list as possible, while being
	ordered correctly wrt other disks on the same bus.

	* src/domain_conf.c, src/domain_conf.h: Remove disk sorting
	  routines. Add API to insert a disk into existing list at
	  the optimal position, without resorting disks
	* src/libvirt_private.syms: Export virDomainDiskInsert
	* src/xend_internal.c, src/xm_internal.c: Remove calls to
	  qsort, use virDomainDiskInsert instead.
	* src/qemu_driver.c: Remove calls to qsort, use virDoaminDiskInsert
	  instead. Fix reordering bugs when hotunplugging disks and
	  networks. Fix memory leak in disk/net unplug

2009-09-02  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Support for getting/setting number of cpus in VBox
	* src/vbox/vbox_tmpl.c: adds support for getting/setting number of cpus

2009-09-01  Daniel P. Berrange  <berrange@redhat.com>

	Misc fixes to secrets API code
	* proxy/Makefile.am: Build storage_encryption_conf.c since its a
	  dependancy of domain_conf.c
	* src/storage_encryption_conf.c: Disable XML parsing APis when
	  build under proxy
	* src/test.c: Add a dummy no-op secrets driver for test suite

	Only add glusterfs dep for Fedora >= 11
	* libvirt.spec.in: Conditionalize glusterfs requires line for
	  Fedora >= 11, since other distros don't have it available

	Remove redundant base64 include file
	* src/storage_encryption_conf.c: Remove base64.h

	Add Miloslav Trmač to AUTHORS file

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Make handling of monitor prompts more general.
	* src/qemu_driver.c: Support arbitrary callbacks for "secondary
	  prompts".  Reimplement qemudMonitorCommandExtra using such a
	  callback.

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Don't assume buffered output echoes the command.
	The if ((nlptr...)) implicitly assumes commptr != NULL (and that "buf"
	starts with "cmd").  Make the assumption explicit, it will be broken in
	a future patch.

	* src/qemu_driver.c: Don't assume buffered monitor output echoes the
	  command.

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Attach encryption information to virDomainDiskDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "disk->encryption" is
	non-NULL iff encryption information is available.

	A domain with partial encryption information can be defined,
	completeness of the information is not verified.  The domain won't
	start until the remaining information is added, of course.

	* docs/formatdomain.html, docs/formatdomain.html.in: Document
	  new encryption options for disks
	* docs/schemas/domain.rng: Pull in storage encryption schema
	  rules
	* src/domain_conf.h, src/domain_conf.c: Wire up storage encryption
	  XML parsing/formatting APIs

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Add support for encrypted (qcow) volume creation.
	Supports only virStorageVolCreateXML, not virStorageVolCreateXMLFrom.

	Curiously, qemu-img does not need the passphrase for anything to create
	an encrypted volume.  This implementation thus does not need to touch
	any secrets to work with cooperating clients.  More generic passphrase
	handling is added in the next patch.

	* src/storage_backend.c: Request encryption when creating qcow/qcow2
	  files
	* src/storage_backend_disk.c, src/storage_backend_fs.c,
	  src/storage_backend_logical.c: Refuse to create volumes with
	  encryption params set.

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Recognize encryption format of qcow volumes.
	(The implementation is not very generic, but that can be very
	easily rectified if/when new encryption formats appear.)

	* src/storage_backend_fs.c: Probe for qcow/qcow2 encryption
	  algorithm field

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Attach encryption information to virStorageVolDef.
	The XML allows <encryption format='unencrypted'/>, this implementation
	canonicalizes the internal representation so that "vol->encryption" is
	non-NULL iff the volume is encrypted.

	Note that partial encryption information (e.g. specifying an encryption
	format, but not the key/passphrase) is valid, libvirt will automatically
	choose value for the missing information during volume creation.  The
	user can read the volume XML, and use the unmodified <encryption> tag in
	future operations (without having to be able to understand) its contents.

	* docs/formatstorage.html, docs/formatstorage.html.in: Document
	  storage volume encryption options
	* src/storage_conf.c, src/storage_conf.h: Hook up storage
	  encryption XML handling
	* tests/storagevolschemadata/vol-qcow2.xml: Test case for encryption
	  schema changes

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Add volume encryption information handling.
	Define an <encryption> tag specifying volume encryption format and
	format-depenedent parameters (e.g. passphrase, cipher name, key
	length, key).

	Currently the only defined parameter is a reference to a "secret"
	(passphrase/key) managed using the virSecret* API.

	Only the qcow/qcow2 encryption format, and a "default" format used to
	let libvirt choose the format during volume creation, is currently
	supported.

	This patch does not add any users; the <encryption> tag is added in
	the following patches to both volumes (to support encrypted volume
	creation) and domains.

	* docs/*.html: Re-generate
	* docs/formatstorageencryption.html.in, docs/sitemap.html.in:
	  Add page describing storage encryption data format
	* docs/schemas/Makefile.am, docs/schemas/storageencryption.rng:
	  Add RNG schema for storage encryption format
	* po/POTFILES.in: Add src/storage_encryption_conf.c
	* src/libvirt_private.syms: Export virStorageEncryption* functions
	* src/storage_encryption_conf.h, src/storage_encryption_conf.c: Internal
	  helper APIs for dealing with storage encryption format
	* libvirt.spec.in, mingw32-libvirt.spec.in: Add storageencryption.rng
	  RNG schema

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Secret manipulation API docs refresh & wire up python generator
	Sample session:

	>>> import libvirt
	>>> c = libvirt.open('qemu:///session')

	>>> c.listSecrets()
	['12247729-47d2-a783-88ce-b329d4781cd3', 'reee', 'abc']

	>>> s = c.secretDefineXML("<secret ephemeral='no' private='no'>\n<description>Something for use</description>\n<volume>/foo/bar</volume>\n</secret>\n")

	>>> s.UUIDString()
	'340c2dfb-811b-eda8-da9e-25ccd7bfd650'

	>>> s.XMLDesc()
	"<secret ephemeral='no' private='no'>\n  <uuid>340c2dfb-811b-eda8-da9e-25ccd7bfd650</uuid>\n  <description>Something for use</description>\n  <volume>/foo/bar</volume>\n</secret>\n"

	>>> s.setValue('abc\0xx\xffx')
	0

	>>> s.value()
	'abc\x00xx\xffx'

	>>> s.undefine()
	0

	* python/generator.py: Add rules for virSecret APIs
	* python/libvir.c, python/libvirt-python-api.xml: Manual impl of
	  virSecretSetValue, virSecretGetValue$ and virConnectListSecrets APIs
	* python/libvirt_wrap.h, python/types.c: Wrapper for virSecret objects
	* docs/libvirt-api.xml, docs/libvirt-refs.xml,
	  docs/html/libvirt-virterror.html, docs/html/libvirt-libvirt.html,
	  docs/devhelp/libvirt-virterror.html, docs/devhelp/libvirt-libvirt.html:
	  Re-generate with 'make api'

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Secret manipulation remote client
	* src/remote_internal.c: Implement client binding for new secrets
	  APIs
	* src/datatypes.h: Add 'void *secretPrivateData' to virConnectPtr
	  struct

	Secret manipulation libvirtd wire protocol & remote dispatcher
	* qemud/remote_protocol.x: Define wire protocol for secrets public
	  APIs
	* qemud/remote_protocol.h, qemud/remote_protocol.c,
	  qemud/remote_dispatch_table.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_args.h:
	  Re-generate from updated protocol definition
	* qemud/remote.c: Implement RPC dispatchers for new secrets APIs

	Secret manipulation public API implementation
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_ERR_INVALID_SECRET
	  and VIR_FROM_SECRET
	* src/libvirt.c: Define stubs for every new public API

	Secret manipulation internal API
	* include/libvirt/virterror.h, src/virterror.c: Add VIR_WAR_NO_SECRET
	* src/libvirt_private.syms, src/datatypes.h, src/datatypes.c: Type
	  virSecret struct definition and helper APIs
	* src/driver.h: Sub-driver API definitions for secrets
	* src/libvirt.c: Define new sub-driver for secrets

2009-09-01  Miloslav Trmač  <mitr@redhat.com>

	Secret manipulation public API
	This patch adds a "secret" as a separately managed object, using a
	special-purpose API to transfer the secret values between nodes and
	libvirt users.

	* docs/schemas/secret.rng, docs/schemas/Makefilem.am: Add new
	  schema for virSecret objects
	* docs/*html: Re-generated
	* docs/formatsecret.html.in, docs/sitemap.html.in: Add page
	  describing the virSecret XML schema
	* include/libvirt/libvirt.h.in: Define the new virSecret public
	  API
	* src/libvirt_public.syms: Export symbols for new public APIs
	* mingw32-libvirt.spec.in, libvirt.spec.in: Add secret.rng to
	  files list

2009-09-01  Daniel Veillard  <veillard@redhat.com>

	Update chinese, polish and spanish localizations
	* po/*: and update the po set

2009-08-31  Charles Duffy  <charles@dyfis.net>

	support lzop save compression for qemu
	Per prior discussion -- this was, indeed, trivial.

	I'm a little disappointed to be breaking the ordering characteristics of
	the enum (as it had been ordered by increasing time requirements and
	decreasing output size), but breaking any save files with the old
	constants in the headers would of course be worse.

	>From 2a9cdcfc88de091a8d34aa3fc3b1208d7681790e Mon Sep 17 00:00:00 2001
	From: Charles Duffy <Charles_Duffy@dell.com>
	Date: Fri, 28 Aug 2009 11:49:54 -0500
	Subject: [PATCH] support lzop save compression for qemu

	One of the larger disincentives towards use of compression for migrated-out save
	files is performance impact. This patch adds support for lzop; CPU time for
	compression is about 5x faster than gzip (the next most performant algorithm)
	and decompression is about 3x faster.

2009-08-31  Chris Lalancette  <clalance@redhat.com>

	OpenVZ: accept NULL as type for GetMaxVCPUs.
	All of the other drivers that support the getMaxVcpus callback
	also accept a NULL value for type.  Make openvz also accept a
	NULL value.

	Remove use of strncpy in qemudExtractMonitorPath.
	qemudExtractMonitorPath() was doing a VIR_ALLOC_N followed by a
	strncpy.  However, this isn't necessary; we can do the same thing
	using strndup, which is much safer.

	Fix up virNodeGetCellsFreeMemory
	The documentation for virNodeGetCellsFreeMemory claims the values
	returned are in kilobytes, but that's actually wrong; the value
	returned is actually in bytes.  Fix up the documentation to be
	correct.

2009-08-30  Jim Fehlig  <jfehlig@novell.com>

	Fix sexpr2string() to handle empty list.
	S-expression containing empty lists, e.g. (cpus (() () () ())),
	was not being handled properly in sexpr2string() serialization.
	Emit an empty list when encountering NIL sexpr kind.

2009-08-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix driver entry table for UML numa APIs
	* src/uml_driver.c: Fix numa API driver entries to avoid
	  infinite loop

2009-08-27  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix crash in virsh vol-key command
	* src/virsh.c: Pass in pool object to avoid crash in key lookup

2009-08-25  Daniel P. Berrange  <berrange@redhat.com>

	Refactor policycode auth code to avoid compiler warnings
	* src/remote_internal.c: Split remoteAuthPolkit into separate
	  impls for v0 and v1 to avoid compile warnings due to unused
	  variables/params
	* qemud/remote.c: Remove accidental tabs

	Support new PolicyKit 1.0 API
	* configure.in: Check for pkcheck which indicates new policykit
	* qemud/Makefile.am: Install different versions of policy
	* qemud/libvirtd.policy: Rename to libvirtd.policy-0
	* qemud/libvirtd.policy-1: new style policy
	* qemud/qemud.c, qemud/qemud.h, qemud/remote.c: Support new
	  policykit API via external pkcheck helper
	* src/remote_internal.c: Don't prompt for polkit auth with new
	  policykit API
	* libvirt.spec.in: deal with new policy install locations & deps

2009-08-21  Darryl L. Pierce  <dpierce@redhat.com>

	517157 fix selinux problem with images on NFS
	* src/security_selinux.c: ignores EOPNOTSUPP when attempting to access an
	  NFS share

2009-08-21  Mark McLoughlin  <markmc@redhat.com>

	spec file: add URL to Source tag
	See https://fedoraproject.org/wiki/Packaging:SourceURL

2009-08-20  Mattias Bolte  <matthias.bolte@googlemail.com>

	Fix phypOpen() escape_specialcharacters
	Matthias correctly points out that escape_specialcharaters() takes a
	length, and since we are now malloc()'ing string in phypOpen instead of
	making it a static array, we can't use sizeof(string) anymore.  Calculate
	the proper strlen and then use that both to allocate the string and also
	pass it to escape_specialcharacters().

2009-08-20  Mattias Bolte  <matthias.bolte@googlemail.com>

	Power Hypervisor: fix potential segfault
	I came across this line in the phypOpen function:

	char string[strlen(conn->uri->path)];

	Here the path part of the given URI is used without checking it for
	NULL, this can cause a segfault as strlen expects a string != NULL.
	Beside that uuid_db and connection_data leak in case of an error.

	In this line

	conn->uri->path = string;

	the original path of the URI leaks. The patch adds a VIR_FREE call
	before setting the new path.

	The attached patch is compile-tested but I don't have a Power
	Hypervisor installation at hand to test it for real.

	Matthias

2009-08-20  Chris Lalancette  <clalance@redhat.com>

	Small fixes for qemu save compression.
	Fix up a small memory leak pointed out by DanB; I was forgetting
	to release memory allocated to driver->saveImageFormat.
	Also add the "save_image_format" and "security" entries to
	the augeas lens.

2009-08-19  Daniel P. Berrange  <berrange@redhat.com>

	Add test for recently fixed crash with latest XenD
	Test case for the fix applied in

	  commit 14435163a086c0bcdff04308077fa46a5fa08bb0
	  Author: Daniel Veillard <veillard@redhat.com>
	  Date:   Fri Jun 26 18:14:16 2009 +0000

	* tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.sexpr,
	  tests/sexpr2xmldata/sexpr2xml-pv-vfb-type-crash.xml: Data
	  files exhibiting the crash
	* tests/sexpr2xmltest.c: Process new data files

2009-08-19  Daniel P. Berrange  <berrange@redhat.com>

	Fix some typos & remove unhelpful acronyms in QEMU docs

	Add documentation about the QEMU driver security features
	* docs/drvqemu.html.in: Document DAC usage, SELinux integration,
	  Linux capabilities, and Cgroups device ACLs

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Fix bridge/tap system error reporting
	* src/qemu_conf.c, src/uml_conf.c: use virReportSystemError() to report
	  system errors

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Don't expose 'vnet%d' to the user
	https://bugzilla.redhat.com/517371

	Matt Booth points out that if you use a non-existent bridge name when
	start a guest you get a weird error message:

	  Failed to add tap interface 'vnet%d' to bridge 'virbr0'

	and dev='vnet%d' appears in the dumpxml output.

	Fix that by not including 'vnet%d' in the error message and freeing the
	'vnet%d' string if adding the tap device to the bridge fails.

	* src/qemu_conf.c, src/uml_conf.c: fix qemudNetworkIfaceConnect()
	  and umlConnectTapDevice() to not expose 'vnet%d' to the user

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Maintain a list of active PCI hostdevs and use it in pciResetDevice()
	As we start/shutdown guests, or hotplug/hot-unplug devices, we can add
	or delete devices as appropriate from a list of active devices.

	Then, in pciReset(), we can use this to determine whether its safe to
	reset a device as a side effect of resetting another device.

	* src/qemu_conf.h: add activePciHostdevs to qemud_driver

	* src/qemu_driver.c: maintain the activePciHostdevs list, and pass it
	  to pciResetDevice()

	* src/pci.[ch]: pass the activeDevs list to pciResetDevice() and use
	  it to determine whether a Secondary Bus Reset is safe

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Simplify PCI hostdev prepare/re-attach using a pciDeviceList type
	The qemuPrepareHostDevices() and qemuDomainReAttachHostDevices()
	functions are clutter with a bunch of calls to pciGetDevice() and
	pciFreeDevice() obscuring the basic logic.

	Add a pciDeviceList type and add a qemuGetPciHostDeviceList() function
	to build a list from a domain definition. Use this in prepare/re-attach
	fto simplify things and eliminate the multiple pciGetDevice calls.

	This is especially useful because in the next patch we need to iterate
	the hostdevs list a third time and we also need a list type for keeping
	track of active devices.

	* src/pci.[ch]: add pciDeviceList type and also a per-device 'managed'
	  property

	* src/libvirt_private.syms: export the new functions

	* src/qemu_driver.c: add qemuGetPciHostDeviceList() and re-write
	  qemuPrepareHostDevices() and qemuDomainReAttachHostDevices() to use it

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Use pci_addr=auto with QEMU's pci_add monitor command
	Newer versions of QEMU accept 'pci_add auto', but older versions require
	'pci_add pci_addr=auto'

	* src/qemu_driver.c: use pci_addr= in qemudDomainAttachHostPciDevice()
	  for older versions of QEMU

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Fix thinko in PCI hostdev detach
	* src/qemu_driver.c: Add missing break statement in
	  qemudDomainDetachHostDevice()

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Reset PCI host devices after hot-unplug
	When we hot-unplug a PCI host device from a guest, we should reset it.

	Both managed and unmanaged devices should be reset, but only managed
	devices should be re-attached.

	* src/qemu_driver.c: reset devices in qemudDomainDetachHostPciDevice()

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Reset unmanaged PCI host devices before hotplug
	Right now we're only resetting managed devices before hotplug, but we
	should reset them irrespective of whether they are managed.

	* src/qemu_driver.c: reset all PCI hostdevs before hotplug

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Revert changes to allow pciResetDevice() reset multiple devices
	It turns out that the previous attempt at this doesn't work well
	in the case of hotplug. We need qemuCheckPciHostDevice() to
	disallow the reset affecting devices already attach to the guest,
	but we still need to avoid double locking the virDomainObjPtr.

	This is all getting messy, I've a better idea.

	This reverts commit 6318808270dd7679cd5dc082dcf2c7d85a432bd6 and
	c106c8a18c63d9e4f2547724a4a563706f8f6778.

	* src/qemu_driver.c, src/pci.[ch], src/xen_unified.c,
	  src/libvirt_private.syms: revert a bunch of stuff.

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Fix list updating after disk/network/hostdev hot-unplug
	The current code makes a poor effort at updating the device arrays after
	hot-unplug. Fix that and combine the two code paths into one.

	* src/qemu_driver.c: fix list updating in qemudDomainDetachNetDevice(),
	  qemudDomainDetachPciDiskDevice() and qemudDomainDetachHostPciDevice()

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Re-name remote_internal.c:driver to remote_driver
	Confused me when poking at another 'driver' variable in gdb which gcc
	had optimized away

	* src/remote_internal.c: rename driver to remote_driver

2009-08-18  Mark McLoughlin  <markmc@redhat.com>

	Cosmetic change to 'virsh nodedev-list --tree' output
	Maybe it's just me, but I try to select an item from the tree using
	double-click and get annoyed when "+-" gets included in the selection.

	* src/virsh.c: add a space between "+-" and the node device name
	  in 'virsh nodedev-list --tree'

2009-08-18  Chris Lalancette  <clalance@redhat.com>

	Fix up connection reference counting.
	Currently the reference counting for connections is busted.  I
	first noticed it while trying to use virConnectRef; it would
	eventually cause a crash in the remote_internal driver, although
	that was really just a victim.  Really, we should only call the
	close callbacks on the methods when the references drop to 0.  To
	accomplish this, move all of the close callbacks into
	virUnrefConnect (since there are lots of internal users of that
	function), and arrange for virConnectClose to call that.

	V2: Make sure to drop the connection lock before we call the close
	    callbacks, otherwise we could deadlock the daemon
	V3: Fix up a crash when we got an error from one of the drivers

2009-08-17  Daniel P. Berrange  <berrange@redhat.com>

	Fix LXC driver crash when kernel doesn't support clone
	* src/domain_conf.c: Make virDomainObjListFree a no-op if list
	  is NULL
	* src/domain_event.c: make virDomainEventCallbackListFree a no-op
	  if event list is NULL
	* src/lxc_driver.c: Log a message if LXC driver does not startup
	  due to lacking kernel support

2009-08-17  Chris Lalancette  <clalance@redhat.com>

	Compressed save image format for Qemu.
	Implement a compressed save image format for qemu.  While ideally
	we would have the choice between compressed/non-compressed
	available to the libvirt API, unfortunately there is no "flags"
	parameter to the virDomainSave() API.  Therefore, implement this
	as a qemu.conf option.  gzip, bzip2, and lzma are implemented, and
	it should be very easy to implement additional compression
	methods.

	One open question is if/how we should detect the compression
	binaries.  One way to do it is to do compile-time setting of the
	paths (via configure.in), but that doesn't seem like a great thing
	to do.  My preferred solution is not to detect at all;
	when we go to run the commands that need them, if they
	aren't available, or aren't available in one of the standard paths,
	then we'll fail.  That's also the solution implemented in this patch.

	In the future, we'll have a more robust (managed) save/restore API,
	at which time we can expose this functionality properly in the API.

	V2: get rid of redundant dd command and just use >> to append data.
	V3: Add back the missing pieces for the enum and bumping the save version.
	V4: Make the compressed field in the save_header an int.
	    Implement LZMA compression.

2009-08-14  Daniel P. Berrange  <berrange@redhat.com>

	Remove 'the the' typo in docs

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Check active domain hostdevs before allowing PCI reset
	If a PCI device reset causes other devices to be reset, allow it so long
	as those other devices are note assigned to another active domain.

	Note, we need to take the driver lock qemudNodeDeviceReset() because the
	check function will iterate over the domain list.

	* src/qemu_conf.c: add qemuCheckPciHostDevice() to iterate over active
	  domains checking whether the affected device is assigned

	* src/pci.[ch]: add pciDeviceEquals() helper

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Allow pciResetDevice() to reset multiple devices
	When using a Secondary Bus Reset, all devices on the bus are reset.

	Extend the pciResetDevice() API so that a 'check' callback can be
	supplied which will verify that it is safe to reset the other devices
	on the bus.

	The virDomainObjPtr parameter is needed so that when the check function
	iterates over the domain list, it can avoid double locking.

	* src/pci.[ch]: add a 'check' callback to pciResetDevice(), re-work
	  pciIterDevices() to pass the check function to the iter functions,
	  use the check function in the bus iterator, return the first unsafe
	  device from pciBusCheckOtherDevices() and include its details in
	  the bus reset error message.

	* src/qemu_driver.c, src/xen_uninified.c: just pass NULL as the
	  check function for now

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Improve PCI host device reset error message
	Currently, if we are unable to reset a PCI device we return a fairly
	generic 'No PCI reset capability available' error message.

	Fix that by returning an error from the individual reset messages and
	using that error to construct the higher level error mesage.

	* src/pci.c: set errors in pciTryPowerManagementReset() and
	  pciTrySecondaryBusReset() on failure; use those error messages
	  in pciResetDevice(), or explain that no reset support is available

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Reset and re-attach PCI host devices on guest shutdown
	When the guest shuts down, we should attempt to restore all PCI host
	devices to a sane state.

	In the case of managed hostdevs, we should reset and re-attach the
	devices. In the case of unmanaged hostdevs, we should just reset them.

	Note, KVM will already reset assigned devices when the guest shuts
	down using whatever means it can, so we are only doing it to cover the
	cases the kernel can't handle.

	* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
	  it from qemudShutdownVMDaemon()

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Allow PM reset on multi-function PCI devices
	It turns out that a PCI Power Management reset only affects individual
	functions, and not the whole device.

	The PCI Power Management spec talks about resetting the 'device' rather
	than the 'function', but Intel's Dexuan Cui informs me that it is
	actually a per-function reset.

	Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
	reject multi-function devices, so it must be true! :-)

	(A side issue is that we could defer the PM reset to the kernel if we
	could detect that the kernel has PM reset support, but barring version
	number checks we don't have a way to detect that support)

	* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
	  pciTryPowerManagementReset() and prefer PM reset over bus reset
	  where both are available

	Cc: Cui, Dexuan <dexuan.cui@intel.com>
	Cc: Yu Zhao <yu.zhao@intel.com>

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Detect KVM's PCI device assignment support
	PCI device assignment is only supported in KVM's fork of qemu, so we
	should really detect its availability and give a nice error if its
	not supported.

	* src/qemu_conf.[ch]: introduce QEMUD_CMD_FLAG_PCIDEVICE indicating
	  that the -pcidevice command line option is available

	* tests/*: update the tests

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Add host PCI device hotplug support
	Attaching a host PCI device to a qemu guest is done with a
	straightforward 'pci_add auto host host=XX:XX.X' command.

	Like with NIC and disk hotplug, we need to retain the guest PCI address
	assigned by qemu so that we can use it for hot-unplug.

	Identifying a device for detach is done using the host PCI address.

	Managed mode is handled by detaching/resetting the device before
	attaching it to the guest and re-attaching it after detaching it from
	the guest.

	* src/qemu_driver.c: add qemudDomainAttachHostPciDevice() and
	  qemudDomainDetachHostPciDevice()

	* src/domain_conf.h: add somewhere to store the guest PCI address

	* src/domain_conf.c: handle formatting and parsing the guest PCI
	  address

2009-08-14  Mark McLoughlin  <markmc@redhat.com>

	Re-factor hostdev hotplug
	Re-factor the hostdev hotplug code so that we can easily add PCI
	hostdev hotplug to qemudDomainAttachHostDevice().

	* src/qemu_driver.c: rename qemudDomainAttachHostDevice() to
	  qemudDomainAttachHostUsbDevice(); make qemudDomainAttachHostDevice()
	  handle all hostdev types

	* src/libvirt_private.syms: export a couple of hostdev related
	  ToString() functions

2009-08-13  Daniel P. Berrange  <berrange@redhat.com>

	Make LXC / UML drivers robust against NUMA topology brokenness
	Some kernel versions expose broken NUMA topology for some machines.
	This causes the LXC/UML drivers to fail to start. QEMU driver was
	already fixed for this problem

	* src/lxc_conf.c: Log and ignore failure to populate NUMA info
	* src/uml_conf.c: Log and ignore failure to populate NUMA info
	* src/capabilities.c: Reset nnumaCell to 0 after freeing

2009-08-11  Mark McLoughlin  <markmc@redhat.com>

	Fix some URLs in virsh manpage
	* docs/virsh.pod: don't reference format.html anymore, reference
	  the formatdomain.html etc. pages

	* virsh.1: re-generate

2009-08-11  Chris Lalancette  <clalance@redhat.com>

	Remove a duplicated assignment in Xen PCI parsing.

	Fix up a few minor indentation issues.

	Fix phyp escape_specialcharacters.
	A couple of minor fixes to phyp escape_specialcharacters.  Make it
	a static function (since it's only used in phyp/phyp_driver.c), and
	make it take a dstlen parameter.  This paves the way for removing
	strncpy in the future.

	Make openvzGetVPSUUID take a len.
	Minor fix to openvzGetVPSUUID to make it take a length parameter.
	This ensures that it doesn't make assumptions about the length
	of the UUID buffer, and paves the way for removal of strncpy in
	the future.

	Minor cleanup of error path for c_oneVmInfo.

	Fix up a whitespace in comments in src/console.c

	Fix up a stray whitespace in virHashGrow.

	Run 'cont' on successful migration finish.
	As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
	That means that when the migration completes, we have to issue a
	'cont' command to get the VM running again.  We do it unconditionally
	since it won't hurt on older qemu.

	Split virDomainMigrate into functions.
	Re-factor virDomainMigrate to split out the version 1 and version 2
	protocols into their own functions.  In reality, the two versions share
	very little in common, so forcing them together in the same function was
	just confusing.  This will also make adding tunnelled migration easier.

	Fix QEMU domain status after restore.
	When doing a restore, we were forgetting to update the state file
	for the VM.  That means that if you do a save/restore, then shut
	down libvirtd, then start it back up, you'll see the state of the
	guest as "paused", even though it is really running.  We were
	just forgetting a "virDomainSaveStatus" call in the restor path.

2009-08-10  Mark McLoughlin  <markmc@redhat.com>

	Handle kernels with no ipv6 support
	If the ipv6 kernel module is not loaded, then we get this when starting
	a virtual network:

	  libvir: Network Config error :
	  cannot enable /proc/sys/net/ipv6/conf/virbr0/disable_ipv6:
	  No such file or directory

	If disable_ipv6 is not present, we should just merrily continue on our
	way.

	* src/network_driver.c: make networkDisableIPV6() not fail if the kernel
	  has no ipv6 support

2009-08-10  Mark McLoughlin  <markmc@redhat.com>

	Set perms on /var/lib/libvirt/boot to 0711
	Allow qemu user to open kernel/initrds in this dir, but still prevent
	others from listing it.

	* libvirt.spec.in: set /var/lib/libvirt/boot perms to 0711

2009-08-10  Mark McLoughlin  <markmc@redhat.com>

	chown kernel/initrd before spawning qemu
	If we're running qemu unprivileged, we need to chown any supplied kernel
	or initrd before spawning it.

	* src/qemu_driver.c: rename qemuDomainSetDiskOwnership() to
	  qemuDomainSetFileOwnership(), pass it a path string instead of a disk
	  definition and use it for chowning the kernel/initrd in
	  qemuDomainSetAllDeviceOwnership()

2009-08-07  Daniel P. Berrange  <berrange@redhat.com>

	Add link to AbiCloud web management system

2009-08-07  Chris Lalancette  <clalance@redhat.com>

	Remove unsafe strncpy from esx_vmx.c
	While trying to remove uses of unsafe strncpy in the tree, I came
	across a couple of usages in the ESX driver.  To my eyes, the snprintf
	replacements do the same thing in less code, and are also safer.

	Tested-by: Mattias Bolte <matthias.bolte@googlemail.com>

2009-08-06  Amy Griffis  <amy.griffis@hp.com>

	Update logging documentation
	* docs/logging.html[.in] try to include a little more description about
	  the corner cases, things someone might get hung up on on.

	Consolidate code for parsing the logging env
	* src/logging.c src/logging.h src/libvirt_private.syms:
	  define new functions virLogSetFromEnv and virLogParseDefaultPriority
	* qemud/qemud.c src/libvirt.c tests/eventtest.c: cleanup to use the
	  unified functions

	Cleanup VIR_LOG_DEBUG parsing in eventtest
	* tests/eventtest.c: don't covert high priority levels to debug level.
	  Consider an invalid priority level setting a setup failure.

	Several fixes to libvirtd's log setup
	* qemud/qemud.c src/logging.[ch]: Similar as for general libvirt, don't
	  convert high priority levels to debug level. Ignore LIBVIRT_LOG_FILTERS
	  and LIBVIRT_LOG_OUTPUTS when they're set to the empty string, otherwise
	  they can override a valid setting from the config file. Send all
	  settings through the parser functions for validation, so that the
	  existence of a bad setting doesn't nullify a good setting that should
	  have applied -- particularly the default output. Keep the order of
	  precedence consistent for all variables between the environment and
	  the config file.  Warn when an invalid log level, filter, or output
	  is ignored.
	* src/libvirt_private.syms: export internally a few convenience functions

	Tighten libvirt's parsing of logging env
	* src/libvirt.c src/logging.c: Don't convert high priority levels to the
	  debug level. Don't parse LIBVIRT_LOG_FILTERS and LIBVIRT_LOG_OUTPUTS
	  when they're set to the empty string. Warn when the user specifies an
	  invalid value (empty string remains a noop).
	* po/POTFILES.in: src/logging.c now include translatable strings

2009-08-06  Matthias Bolte  <matthias.bolte@googlemail.com>

	Cleanup structure name naming
	* src/esx/esx_driver.c src/esx/esx_util.[ch] src/esx/esx_vi.[ch]:
	  just a name change

	Fix memleak if esxOpen fails
	* src/esx/esx_driver.c: if esxOpen failed, priv->transport wasn't freed

	Add proper OOM reporting for esxDomainGetOSType
	* src/esx/esx_driver.c: catch an unchecked strdup in
	  esxDomainGetOSType()

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Release of libvirt-0.7.0
	* configure.in NEWS docs/* libvirt.spec.in include/libvirt/libvirt.h:
	  Release of 0.7.0
	* po/*.po*: updated and regenerated the localization pool

2009-08-05  Ryota Ozaki  <ozaki.ryota@gmail.com>

	Add an allocation unit when calling qemu-img
	* src/storage_backend.c: as the absence of units can be interpreted
	  in diverging ways depending on the version

2009-08-05  Daniel P. Berrange  <berrange@redhat.com>

	Add uniqness checking for LXC define/create methods
	* src/lxc_driver.c: Check for name & UUID uniqueness when
	  defining or creating domains

	Fix removal of transient VMs when LXC aborts
	* src/lxc_driver.c: Remove transient VM after monitor triggered
	  shutdown

	Don't try to activate cgroups if not present for LXC
	* src/lxc_controller.c: Don't throw error in LXC startup if
	  the cgroups driver mount isn't available. Improve error
	  logging for resource setup

	Fix configure checks from previous commits
	* configure.in: Don't set AM_CONDITIIONAL until *after* making
	  the checks

	Avoid a warning if compiling without inotify
	* src/xm_internal.c: split the implementations of xenInotifyActive()

2009-08-05  Aron Griffis  <aron.griffis@hp.com>

	Typo and comment fixes
	* docs/schemas/*.rng: the comments were wrong
	* src/qemu_conf.c: typo in an error message

2009-08-05  Cole Robinson  <crobinso@redhat.com>

	Refresh /etc/xen if inotify wasn't
	* src/xm_internal.c: in case of multiple connections to the xen driver
	  and some clients were not using domain events, the whole /etc/xen
	  monitoring would break leading to disapearing domains.

	Don't loose id on xen domain redefine
	* src/xm_internal.c: bug when redefining a domain, if it was running
	  we would loose its id

2009-08-05  Daniel Veillard  <veillard@redhat.com>

	Remove a stray semicolon
	* src/xend_internal.c: extraneous ; in xenDaemonParseSxprGraphicsNew

2009-08-05  Maximilian Wilhelm  <max@rfc2324.org>

	Workaround for broken GCC in Debian Etch
	* src/storage_conf.c src/internal.h: move previous check in internal.h
	  and add a workaround for a GCC bug in Debian Etch on limit definitions

	Xen Inotify support needs sys/inotify.h
	* configure.in: to activate Xen Inotify checking we need to check for
	  sys/inotify.h availability

	LXC driver requires sched.h and unshare()
	* configure.in: make it check by default for both

	Configure UML support only if sys/inotify.h present
	* configure.in: UML support requires sys/inotify.h so make it check
	  by default.

	Fix libcurl automatic check and ESX status
	* configure.in: if libcurl is not present ESX should be desactivated
	  so default to check for esx

2009-08-05  Matthias Bolte  <matthias.bolte@googlemail.com>

	Extend the ESX URL to habdle ports and GSX
	* src/esx/esx_driver.c src/esx/esx_vi.[ch] src/esx/esx_vmx.[ch]:
	  adds version checking for GSX 2.0, allows to pass a specific port
	  for the connection and also add a new specific gsx scheme for
	  easier connections to GSX hosts

2009-08-04  Daniel P. Berrange  <berrange@redhat.com>

	Fix escaping of 8-bit high characters
	Fix  https://bugzilla.redhat.com/show_bug.cgi?id=479517

	* src/buf.c: Cast to 'unsigned char' before doing compare to
	  avoid rejecting 8-bit high characters

2009-08-03  Daniel P. Berrange  <berrange@redhat.com>

	Fix memory leak in openvz driver
	* src/openvz_driver.c: Remove unneccessary strdup() on hypervisor
	  type api call

2009-08-02  Chris Lalancette  <clalance@redhat.com>

	Remove ATTRIBUTE_UNUSED from flags to qemudDomainMigratePerform.

	Add a comment about setting errors after qemudStartVMDaemon().

	Fix an erroneous debug error to KVM; it should read QEMU/KVM.

	Remove a stray semicolon in qemudDomainMigratePrepare2.

	Convert a few stray users of free() in libvirt.c to VIR_FREE().

	Use virGetHostname instead of gethostname.
	Fix up qemudDomainMigratePrepare2 to use virGetHostname instead of
	gethostname.  Besides the fact that virGetHostname is far more clever,
	there was a latent bug in the handling that could cause a buffer overflow
	on a very long hostname.

	Fix up a minor indentation issue with virDomainMigratePrepare.

	Fix virCapabilitiesDefaultGuestMachine documentation.

	Fix up a silly typo in apibuild.py.

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Protected against potential crash scenarios
	* src/qemu_driver.c: Check that monitor device is not NULL
	  before runing a command to protect against bugs in caller

	Improve diagnostics when pidfile writing fails
	* src/util.c: Include path & pid when logging pidfile failure

	Fix crash when attempting to shutdown inactive QEMU vm
	* src/qemu_driver.c: Add check that QEMU is active before attemting
	  to shutdown. Fix error code for check in destroy method

	Enable ESX driver build on Mingw32
	* autobuild.sh, mingw32-libvirt.spec.in: Enable esx on mingw32
	* src/esx/esx_driver.c: Define AI_ADDRCONFIG if not set
	* src/esx/esx_util.c, src/esx/esx_vi_types.c: Always use
	  %lld & friends, since gnulib guarentees we have these
	  and not the target's own variants

2009-07-31  Daniel P. Berrange  <berrange@redhat.com>

	Disable IPv6 on virtual networks
	If the bridge device is configured to have IPv6 address and
	accept router advertisments, then a malicious guest can send
	out bogus advertisments and hijack/DOS host IPv6 connectivity

	* src/network_driver.c: Set accept_ra=0, disable_ipv6=1, autoconf=0
	  for IPv6 sysctl on virual network bridge devices

2009-07-31  Mark McLoughlin  <markmc@redhat.com>

	Fix PCIe FLR detection
	PCIe DevCap register is actually 32 bits, not 16 bits. Since FLR is
	bit 28, we clearly are failing to detect FLR support.

	Known to fix device reset with some SR-IOV devices.

	* src/pci.c: fix pciDetectFunctionLevelReset()

2009-07-31  Mark McLoughlin  <markmc@redhat.com>

	Set perms on /var/lib/libvirt/images to 0711
	Allow qemu user to open images in this dir, but still prevent others
	from listing it.

	* libvirt.spec.in: set /var/lib/libvirt/images perms to 0711

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix problem writing QEMU pidfile
	* src/util.c: Don't drop capabilities until after the PID file has
	  been written. Kill off child if writing the PID file fails
	* src/qemu_driver.c: Remove bogus trailing '/' in state dir

	Allow dnsmasq to provide DNS without DHCP
	* src/network_driver.c: Always start dnsmasq to allow it to provide
	  DNS, even if no DHCP ranges are enabled

2009-07-30  Maximilian Wilhelm  <max@rfc2324.org>

	Avoid warning when compiling without IFF_VNET_HDR
	* src/bridge.c: avoid a couple of unused var/func warnings

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix build on mingw32 by disabling netcf
	* autobuild.sh, mingw32-libvirt.spec.in: Set --without-netcf for
	  mingw32 builds

2009-07-30  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX Scheduler documentation and cleanup
	* esx/esx_driver.c: add some documentation about the CPU scheduler
	  parameters and remove some old, unnecessary compensation code, since
	  virsh uses the proposed parameter types now.

2009-07-30  Henrik Persson  <henrik.e.persson@ericsson.com>

	Fix vcpupin on Xen problem
	* src/xend_internal.c: the update on the cpu affinity map format
	  had na error and made the changes in the wrong buffer, fix those

2009-07-30  Daniel P. Berrange  <berrange@redhat.com>

	Fix RPM upgrades from F11 to F12
	* libvirt.spec.in: Create qemu/kvm user/group in %pre script

2009-07-30  Aron Griffis  <aron.griffis@hp.com>

	Fix an initialization problem in previous patch
	* src/bridge.c: fix struct ifreq ifr init in brAddTap()

2009-07-29  Bryan Kearney  <bkearney@redhat.com>

	Update the java bindings page
	* docs/java.html[.in]: update the java bindings html page to reflect the
	  new repositories, JNA usage, and maven access

2009-07-29  Aron Griffis  <aron.griffis@hp.com>

	Remove MAX_TAP_ID and let kernel do numbering
	* src/bridge.c: no need to format the device string in brAddTap()
	  this can be delegated to the kernel and removes an arbitrary limit.

2009-07-29  Ron Yorston  <rmy@tigress.co.uk>

	Kernel command line support for UML
	* src/uml_conf.c: add support for additional kernel command line
	  arguments.

2009-07-29  Daniel P. Berrange  <berrange@redhat.com>

	Fix deadlock in remote driver domain events
	* src/remote_internal.c: Release driver lock when dispatching events
	  to callbacks

2009-07-29  Ryota Ozaki  <ozaki.ryota@gmail.com>

	qemu: fix monitor socket reconnection
	* src/qemu_driver.c: fix qemudOpenMonitorUnix() to retry on ENOENT
	  instead of EACCES which is the error one receive when the socket
	  error hasn't shown up yet

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Fix polkit/netcf disabling on older fedoras
	polkit was disabled by default for a reason - because we selectively
	enable it on newer fedoras rather than disable it on older fedoras

	Same fix needed for netcf

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Capilize libvirt-client summary
	Fixes:

	  W: summary-not-capitalized client side library and utilities of the libvirt library

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Move ldconfig calls to libvirt-client %post/%postun
	Now that the library has moved to libvirt-client

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Convert NEWS to UTF-8
	* docs/news.xsl: request UTF-8 as the output encoding

	* NEWS: re-generate with UTF-8 encoding

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Fix trailing whitespace in NEWS
	git wouldn't let me push without this

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	No need to build require both python-devel and python
	Since python-devel requires python

	Pointed out by Itamar Reis Peixoto

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Remove executable perms from /etc/sysconfig/libvirtd
	Changed by Rich Jones for:

	  libvirt.x86_64: E: executable-marked-as-config-file /etc/sysconfig/libvirtd

	See:

	  https://bugzilla.redhat.com/226055

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Use a %postun -p for one line scriptlet
	Changed by Rich Jones, presumably for this:

	  libvirt.x86_64: W: one-line-command-in-%postun /sbin/ldconfig

	see:

	  https://bugzilla.redhat.com/226055

2009-07-29  Mark McLoughlin  <markmc@redhat.com>

	Don't explicitly require libxml2
	Originally done by rjones as part of this package review:

	  https://bugzilla.redhat.com/226055

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Fix some unowned directories
	danpb's fix for:

	  https://bugzilla.redhat.com/483442

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Kill qemu BuildRequires
	It's not needed at build time

	Removed in Fedora by:

	  * Fri Jun  5 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.4-2.fc12
	  - Remove the qemu BuildRequires

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Enable netcf by default
	Disabled on < f12 for now until netcf is in Fedora updates

	BuildRequires netcf if enabled, pass --without-netcf if its disabled

	* libvirt.spec.in: enabled netcf by default

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Default to with_polkit
	Unless there's some reason we shouldn't

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Make vbox support configurable
	Added by DV with:

	  * Fri Apr 24 2009 Daniel Veillard <veillard@redhat.com> - 0.6.3-1.fc12
	  - release of 0.6.3
	  - VirtualBox driver

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Build with --without-capng if capng is disabled
	* libvirt.spec: pass --without-capng if appropriate

	BuildRequires libcap-ng-devel not capng-devel
	Fedora CVS changelog is "Fix libcap-ng-devel require, Daniel"

2009-07-28  Shahar Klein  <shaharklein@yahoo.com>

	Drop curl host check when using ESX without check
	* src/esx/esx_vi.c: drop host check if no_verify=1, but as Matthias
	  pointed out if no_verify=2 we should check the host is the right
	  one

2009-07-28  Mark McLoughlin  <markmc@redhat.com>

	Reduce glusterfs dependency to 2.0.1
	* libvirt.spec.in: require glusterfs-client >= 2.0.1

2009-07-27  Daniel P. Berrange  <berrange@redhat.com>

	Fix crashes in Xen capabilities code
	* src/xen_internal.c: Don't free memory now owned by the virCapsPtr
	   structure
	* tests/testutilsxen.c: Fix up for change in internal API

	Fix typo in xen capabilities code

	Fill in vCPU <-> pCPU current mapping, and vCPU cpuTime for QEMU
	* src/qemu_driver.c: implement missing features in qemudDomainGetVcpus
	  for 'cpu' and 'cpuTime' fields

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add support for attaching network/bridge NICs in QEMU driver
	In order to hotplug a network/bridge backed NIC, we need to first create
	the tap file descriptor, add the tap interface to the bridge and then
	pass the file descriptor to the qemu process using the 'getfd' monitor
	command.

	Once the tapfd has been accepted, we create the network backend using
	host_net_add, supplying the name assigned to the tapfd. If this fails,
	we need to close the tapfd in qemu using the 'closefd' monitor command.

	If the version of qemu does not support the getfd/closefd monitor
	commands we detect "unknown command" in the getfd reply and fail the
	attach operation.

	* src/qemu_driver.c: add support for tapfd based hotplug in
	  qemudDomainAttachNetDevice()

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add SCM_RIGHTS support to QEMU monitor code
	Add qemudMonitorCommandWithFd() which allows a file descriptor to be
	sent to qemu over a unix monitor socket using SCM_RIGHTS. See the
	unix(7) and cmsg(3) man pages.

	* src/qemu_conf.c: add a scm_fd param to qemudMonitorCommandExtra(),
	  add qemudMonitorCommandWithFd(), implement SCM_RIGHTS support in
	  qemudMonitorSendUnix()

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Use sendmsg() on QEMU monitor socket
	Switch from using write() to using sendmsg() on QEMU's monitor socket
	so that we can add support for SCM_RIGHTS.

	* src/qemu_driver.c: add sendmsg() based qemudMonitorSendUnix() and use
	  it when the monitor fd is a unix socket

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Factor qemudMonitorSend() out of qemudMonitorCommandExtra()
	Add a little helper function to write the monitor command followed by
	carriage return in a single write.

	This doesn't make any real difference, but allows us to more easily
	switch to using sendmsg() when using the monitor over a unix socket.

	* src/qemu_conf.c: split qemudMonitorSend() out

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Clean up error handling in qemudDomainAttachNetDevice()
	In subsequent patches we're going to have a file descriptor to close
	too, so centralize the error handling cleanups to make things easier.

	* src/qemu_conf.c: in qemudDomainAttachNetDevice() consolidate the
	  error handling cleanups together

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Make qemuBuildHostNetStr() take tapfd as a string
	With hotplug, we're going to want to pass a tapfd name rather than an
	actual file descriptor, so prepare the way by passing a string tapfd to
	qemuBuildHostNetStr().

	* src/qemu_conf.h: qemuBuildHostNetStr() takes a string tapfd now

	* src/qemu_conf.c: pass qemuBuildHostNetStr() a string rather than an
	  actual file descriptor

	* src/qemu_driver.c: update qemudDomainAttachNetDevice() for change

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Move vnet_hdr logic into qemudNetworkIfaceConnect() and export it
	* src/qemu_conf.h: export qemudNetworkIfaceConnect()

	* src/qemu_conf.c: move vnet_hdr logic into qemudNetworkIfaceConnect()
	  since we need it for hotplug too

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Only probe qemu for machine types when binary changes
	By probing for qemu machine types, we increased the time of a
	GetCapabilities call from 100us to a whopping 60ms.

	This patch takes the approach of only probing for machine types
	when the mtime of the emulator binary changed since the last time
	the capabilities were generated.

	* src/capabilities.h: cache the emulator binary mtime

	* src/qemu_conf.c: add qemudGetOldMachines() to copy the machine
	  types from the old caps struct if the mtime for the binary hasn't
	  changed

	* src/qemu_conf.h, src/qemu_driver.c: pass the old caps pointer to
	  qemudCapsInit()

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add canonical machine name to capabilities output
	e.g. <machine canonical='pc'>pc-0.11</machine>

	* src/capabilities.c: output the canonical machine names in the
	  capabilities output, if available

	* docs/schemas/capabilities.rng: add the new attribute

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Probe QEMU directly for machine aliases if not found in capabilties
	Not all possible emulators are actually in the capabilities, so if we
	don't find the supplied emulator we should probe it directly for machine
	types.

	* src/qemu_driver.c: add qemudCanonicalizeMachineDirect() to directly
	  probe an emulator for the canonical machine type

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Canonicalize qemu machine types
	In qemu-0.11 there is a 'pc-0.10' machine type which allows you to run
	guests with a machine which is compatible with the pc machine in
	qemu-0.10 - e.g. using the original PCI class for virtio-blk and
	virtio-console and disabling MSI support in virtio-net. The idea here
	is that we don't want to suprise guests by changing the hardware when
	qemu is updated.

	I've just posted some patches for qemu-0.11 which allows libvirt to
	canonicalize the 'pc' machine alias to the latest machine version.

	This patches makes us use that so that when a guest is configured to
	use the 'pc' machine type, we resolve that to 'pc-0.11' machine and
	save that in the guest XML.

	See also:

	  https://fedoraproject.org/wiki/Features/KVM_Stable_Guest_ABI

	* src/qemu_conf.c: add qemudCanonicalizeMachine() to canonicalize
	  the machine type according to the machine aliases in capabilities

	* src/qemu_driver.c: parse aliases in qemudParseMachineTypesStr()

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Add virCapsGuestMachine structure
	A subsequent commit will add a "canonical" field to this structure,
	this patch basically just prepares the way for that.

	The new type is added, along with virCapabilitiesAlloc/FreeMachines()
	helpers and a whole bunch of code to make the transition.

	One quirk is that virCapabilitiesAddGuestDomain() and
	virCapabilitiesAddGuest() take ownership of the machine list rather
	than duping it. This makes sense to avoid needless copying.

	* src/capabilities.h: add the virCapsGuestMachine struct and use it
	  in virCapsGuestDomainInfo, add prototypes for new functions and
	  update the AddGuest() prototypes

	* src/capabilities.c: add code for allocating and freeing the new
	  type, change the machines parameter to AddGuest() etc.

	* src/libvirt_private.syms: export the new helpers

	* src/qemu_conf.c: update all the machine type code to use the new
	  struct

	* src/xen_internal.c: ditto

	* tests/testutilsqemu.c: ditto

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Probe for QEMU machine types
	Currently we hardcode the QEMU machine types. We should really just
	parse the output of 'qemu -M ?' so the lists don't get out of sync.

	xenner doesn't support '-M ?', so we still need to hardcode that.

	The horrible (const char *const *) is removed in a subsequent patch.

	* src/qemu_conf.c: kill the arch_info*machines tables, retain the
	  hardcoded xenner machine type, add qemudProbeMachineTypes() to
	  run and parse 'qemu -M ?' and use it in qemudCapsInitGuest()

2009-07-27  Mark McLoughlin  <markmc@redhat.com>

	Cleanup qemu binary detection logic in qemudCapsInitGuest()
	There's no need for the hasbase/hasaltbase confusion, just store the
	first binary path found in a variable.

	* src/qemu_conf.c: kill hasbase/hasaltbase logic in qemudCapsInitGuest()

2009-07-27  Matthias Bolte  <matthias.bolte@googlemail.com>

	ESX driver accept VI API version 4.0
	* src/esx/esx_driver.c src/esx/esx_vi.c src/esx/esx_vi.h
	  src/esx/esx_vmx.c src/esx/esx_vmx.h: extend the VI API version checks
	  to accept version 4.0 and takes care of the virtualHW.version change
	  from 4 to 7.

	Allow leading dots in VMX config entry names
	* src/conf.c: the virConfParser must accept leading dot when in VMX mode

	Add no_verify query parameter to ESX URIs
	* src/esx/esx_driver.c src/esx/esx_util.c src/esx/esx_util.h
	  src/esx/esx_vi.c src/esx/esx_vi.h: adds a no_verify query parameter to
	  stop libcurl from verifying theserver certificate for the https
	  transport.

	Fix memory leaks in esxDomainDumpXML
	* src/esx/esx_driver.c: remove leaks in esxDomainDumpXML() and simplify
	  esxDomainXMLFromNative()

2009-07-26  Cole Robinson  <crobinso@redhat.com>

	Commit newly generated docs, after changes from commit 2348cf.

	Add phyp files to POTFILES, to make syntax-check happy.

	test: Implement BlockStats and InterfaceStats
	We fake stats values based on the current time, similar to how it's done
	for cpu time.

	test: Generate net interface names when assigning XML.
	We need interface names to implement InterfaceStats.

	Don't allow NULL paths for BlockStats and InterfaceStats
	Do the check in libvirt.c, to save drivers from the burden. This changes
	behavior slightly in the qemu driver: we no longer explictly error if
	passed an empty string. An error will still be thrown when the device
	lookup fails.

	python: Raise exceptions if virDomain*Stats fail.
	The generator couldn't tell that the stats return values were pointers.
	Stick a white list in the function which tries to make this distinction.

2009-07-24  Guido Günther  <agx@sigxcpu.org>

	document tcp listen and raw wire option

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc build problems due to new drivers
	* autobuild.sh: Disable esx/phyp build on mingw32
	* configure.in: Fix handling of --without-phyp so it actually works
	* libvirt.spec.in: Add missing interface.rng
	* mingw32-libvirt.spec.in: Disable phyp/esx drivers
	* src/phyp/phyp_driver.c: Fix missing i18n of error messages

2009-07-24  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Add support for VBox 3 and event callbacks on vbox
	* src/vbox/vbox_driver.c: remove some old 2.5 switches and plug the
	  3.0 driver
	* src/vbox/vbox_V3_0.c src/vbox/vbox_CAPI_v3_0.h: the driver for
	  VirtualBox 3.0
	* src/vbox/vbox_tmpl.c: handle the new driver and add event support
	* src/Makefile.am: plug in the new module

2009-07-24  Daniel P. Berrange  <berrange@redhat.com>

	Fix cgroup compile warnings
	* src/cgroup.c: Fix cast to uint64 from unsigned long long

2009-07-24  Daniel Veillard  <veillard@redhat.com>

	Desactivate phyp build and indicate libssh builreq

2009-07-24  Eduardo Otubo  <otubo@linux.vnet.ibm.com>

	First version of the Power Hypervisor driver
	Features supported:
	- Connects to HMC/VIOS or IVM systems.
	- Life cycle commands (resume and shutdown).
	- dumpxml
	- 'list' and 'list --all'

	What is being implemented:
	- better and centralized control for UUID
	- definexml
	- CPU management commands

	* src/domain_conf.c src/domain_conf.h: first version of the driver
	* configure.in src/Makefile.am include/libvirt/virterror.h
	  src/domain_conf.[ch] src/libvirt.c src/virterror.c: glue the driver
	  in the general framework

2009-07-24  Jim Meyering  <meyering@redhat.com>

	docs: say that the old repository is deprecated...
	* docs/downloads.html.in: but will remain for sake of old links.

2009-07-23  Daniel Veillard  <veillard@redhat.com>

	Added Matthias Bolte to AUTHORS list

2009-07-23  Matthias Bolte  <matthias.bolte@googlemail.com>

	First version of the driver for VMWare ESX
	* src/esx/esx_*.[ch]: the driver, uses a remote minimal SOAP client
	  to talk to the VI services on ESX nodes.
	* configure.in include/libvirt/virterror.h src/Makefile.am src/driver.h
	  src/libvirt.c src/virterror.c: glue in the new driver

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Make QEMU cgroups use configurable
	 * qemud/libvirtd_qemu.aug, qemud/test_libvirtd_qemu.aug,
	   src/qemu.conf: Add 'cgroups_controllers' and 'cgroups_device_acl'
	   parameters
	 * src/qemu_conf.h, src/qemu_conf.c: Load & parse configuration params
	   for cgroups
	 * src/qemu_driver.c: Only use cgroups controllers that are activated,
	   and use configured device whitelist instead of default, if set.

	Use cgroups for block device whitelisting in QEMU guests
	* src/qemu_driver.c: Set a restrictive block device whitelist for
	  all QEMU guests. Update whitelist when hotplugging disks.
	* src/cgroup.h, src/cgroup.c: Add some more convenience methods
	  for dealing with block device whitelists.

	Implement schedular tunables API using cgroups
	* src/qemu_driver.c:  Add driver methods qemuGetSchedulerType,
	  qemuGetSchedulerParameters, qemuSetSchedulerParameters
	* src/lxc_driver.c: Fix to use unsigned long long consistently
	  for schedular parameters
	* src/cgroup.h, src/cgroup.c: Fix cpu_shares to take unsigned
	  long long
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virStrToDouble helper
	* src/virsh.c: Fix handling of --set arg to schedinfo command
	  to honour the designated data type of each schedular tunable
	  as declared by the driver

	Place every QEMU guest in a private cgroup
	* src/qemu_driver.c: Place guest in cgroup upon startup. Remove
	  cgroup upon shutdown

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Refactor cgroups to allow a group per driver to be managed directly
	Allow the driver level cgroup to be managed explicitly by the
	hypervisor drivers, in order to detect whether to enable or
	disable cgroup support for domains. Provides better error
	reporting of failures. Also allow for creation of cgroups for
	unprivileged drivers if controller is accessible by the user.

	* src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup
	* src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c:
	  Obtain a driver cgroup at startup and use that instead of
	  re-creating everytime.
	* src/util.c, src/util.h, src/libvirt_private.syms: Add a
	  virGetUserName() helper

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Make cgroups a little more efficient
	* src/cgroup.c: Detect the mount location of every controller at
	  time a virCgroupPtr is created. Detect current process' placement
	  within group to avoid assuming it is in the root. Pass controller
	  ID into SetValueStr/GetValueStr to enable much duplicated code to
	  be eliminated

2009-07-23  Laine Stump  <laine@laine.org>

	Add bare format string to printf-derivatives troubles
	* src/datatypes.c src/domain_conf.c src/interface_conf.c
	  src/lxc_driver.c src/qemu_driver.c src/storage_backend.c src/virsh.c:
	  add bare %s format string to printf-derivatives called with no format
	  string

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Don't restore labels on shared/readonly disks
	* src/security_selinux.c: Skip relabelling of shared/readonly
	  disks upon shutdown, since this breaks other VMs still active
	  using those disks

	Use virFileReadAll/virFileWriteStr for key cgroup read/write helpers

	Use enums for cgroup controller types / labels

	Add domain autostart for LXC driver
	* src/lxc_driver.c: Implement support for domain autostart

	Add domain events support to LXC driver
	* src/lxc_conf.h: Add queue for dispatch of domain events
	* src/lxc_driver.c: Trigger domain events upon important lifecycle transitions

2009-07-23  Daniel P. Berrange  <berrange@redhat.com>

	Fix misc Win32 compile warnings
	GCC >= 4.4 assumes the 'printf' attribute refers to the native
	runtime libraries format specifiers. Thanks to gnulib, libvirt
	has GNU format specifiers everywhere.  This means we need to
	use 'gnu_printf' with GCC >= 4.4 to get correct compiler
	checking of printf format specifiers.

	* HACKING: Document new rules for ATTRIBUTE_FMT_PRINTF
	* autobuild.sh, mingw32-libvirt.spec.in: Disable OpenNebula
	  driver on mingw32 builds
	* qemud/dispatch.h, qemud/qemu.h, src/buf.h src/internal.h,
	  src/logging.h, src/security.h, src/sexpr.h, src/util.h,
	  src/virterror_internal.h, src/xend_internal.c: Change
	  over to ATTRIBUTE_FMT_PRINTF.
	* src/virsh.c: Disable 'cd' and 'pwd' commands on Win32
	  since they don't compile
	* src/threads-win32.c: Add missing return value check

2009-07-22  Jim Paris  <jim@jtan.com>

	Always add -no-kvm and -no-kqemu, for qemu domains
	If the qemu binary supports "-no-kvm" and/or "-no-kqemu", they should
	always be added for plain "qemu" domains.  Previously, we omitted them
	whenever the host and guest architectures implied that they would be
	disabled automatically, but that logic was flawed in some cases
	(such as i686 and x86_64).
	* src/qemu_conf.c: fix the conditions for adding "-no-kvm" and/or "-no-kqemu"

2009-07-22  Laine Stump  <laine@laine.org>

	Release conn lock before reporting errors (end)
	* src/datatypes.c: more cleanup, where lock must be released before
	  calling error handling which tries to get it.

	Rename variable for compilation in Mingw32 (end)
	* qemud/remote.c src/interface_conf.[ch] src/veth.[ch]: more renaming
	  from interface to iface

2009-07-22  Nguyen Anh Quynh  <aquynh@gmail.com>

	Add support for physical memory access for QEmu
	* include/libvirt/libvirt.h include/libvirt/libvirt.h.in: adds the new
	  flag VIR_MEMORY_PHYSICAL for virDomainMemoryPeek
	* src/libvirt.c: update the front-end checking
	* src/qemu_driver.c: extend the QEmu driver

2009-07-22  Jim Meyering  <meyering@redhat.com>

	avoid a make distcheck failure: distribute docs/schemas/interface.rng
	* docs/schemas/Makefile.am (schema_DATA): Add interface.rng.

	avoid a make distcheck failure: distribute tests/interfaceschemadata/
	* tests/Makefile.am (EXTRA_DIST): Add interfaceschemadata.

2009-07-22  Laine Stump  <laine@laine.org>

	Release conn lock before reporting interface errors
	* src/datatypes.c: fix a lock problem on error handling, as the
	  error report takes the lock, it must be released before, fixes
	  the problem but just for Interface objects

	Update modified mac address in place in virGetInterface
	* src/datatypes.c: handle the nasty case where an interface
	  mac address change, while it's already in use

	Fix multiple memory leaks in virsh
	* virsh.c: fix a number of leaks of virDomain, virStoragePool,
	  virNodeDevice, etc.

2009-07-22  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in storage cloning

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add support for network device detach
	qemu network devices are hot-unplugged in two stages - first the PCI NIC
	is removed using 'pci_del <pci_addr>' and then the backend is removed
	using 'host_net_remove <vlan> <name>'.

	In order to perform these operations we need to have retained the
	PCI address, backend name and vlan number.

	* src/qemu_driver.c: add qemudDomainDetachNetDevice()

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Retain PCI address from NIC attach
	When we pci_add a NIC, we need to retain the PCI address assigned by
	qemu for using during detach.

	* src/qemu_driver.c: use qemudParsePciAddReply() to pull the PCI
	  address from the pci_add reply

	* src/domain_conf.c: handle storing and parsing the PCI address in the
	  domain state XML file

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Re-factor pci_add reply parsing and parse domain/bus numbers
	The current code for parsing pci_add replies ignores the the domain and
	bus numbers. Re-write the code to rectify that.

	Also, since pci_add is used for NIC hotplug as well ask disk hotplug,
	re-factor the code into a separate function.

	* src/qemu_driver.c: add qemudParsePciAddReply() function which can
	  handle parsing domain and bus numbers

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Remove the network backend if NIC hotplug fails
	If we fail to pci_add a NIC, we should remove the network backend and
	leave things the way we found them. To do that, we pre-allocate a
	host_net_remove monitor command and issue that if the pci_add fails.
	If the remove fails, we just log a warning.

	We can only do this if we have a name for the network backend and
	we know the vlan number its associated with.

	* src/qemu_driver.c: host_net_remove the network backend if the
	  pci_add fails

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Basic qemu NIC hotplug support
	Implement basic NIC hotplug support using the 'host_net_add' and
	'pci_add' qemu monitor commands.

	For now, we don't support 'bridge' or 'network' types.

	Also, if pci_add fails, we currently fail to remove the backend
	which we added.

	Finally, NIC hot-unplug support is missing.

	* src/qemu_driver.c: add qemudDomainAttachNetDevice()

	* src/qemu_conf.[ch]: export qemuBuildNicStr(), qemuBuildHostNetStr()
	  and qemuAssignNames()

	* src/libvirt_private.syms: export virDomainNetTypeToString()

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Make qemuCmdFlags available in qemudDomainAttachDevice()
	qemudDomainChangeEjectableMedia() currently extracts the qemu command
	line flags, but other device attaching code might need it, so move
	the qemudExtractVersionInfo() call up a frame.

	* src/qemu_driver.c: move the qemudExtractVersionInfo() call from
	  qemudDomainChangeEjectableMedia() to qemudDomainAttachDevice()

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Store the interface vlan number in the domain state
	Currently, an interface's vlan number corresponds to its index in
	the table of network interfaces. That is no longer true when we
	allow devices to be removed.

	To fix this, we store the vlan number in the domain's state XML
	so that it survives libvirtd restarts.

	* src/domain_conf.h: add vlan number to virDomainNetDef

	* src/domain_conf.c: store it in XML as <state vlan='N'/>, defaulting
	  to -1 if this is state saved by a previous version of libvirt

	* src/qemu_conf.c: assign vlan numbers before starting qemu

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add NIC and hostnet names to domain state XML
	The qemu driver needs to assign and keep track of identifiers for
	network devices so that it can remove them. We need to keep this state
	across libvirtd restarts, but it's not configuration that needs to
	be kept across guest restarts.

	* src/domain_conf.c: parse and format <state nic="foo" hostnet="bar"/>

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Assign names to qemu NICs and network backends
	We need these so that we can remove the devices via the monitor.

	* src/domain_conf.h: add nic_name and hostnet_name to virDomainNetDef

	* src/domain_conf.c: free nic_name and hostnet_name

	* src/qemu_conf.c: add qemuAssignNetNames(), use it if qemu has
	  support for the param and pass the names on the command line

	* tests/qemuxml2argv*: add a test for this

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add checks for some NIC hotplug related features added in qemu-0.10.0
	Add QEMUD_CMD_FLAG_NET_NAME to indicate that '-net ...,name=foo' is
	supported and QEMUD_CMD_FLAG_HOST_NET_ADD to indicate that the
	'host_net_add' monitor command is available.

	Set both these flags if the qemu version is greater than 0.10.0.
	Checking via the '-help' output would not work for the monitor command
	and even for the command line arg, it would be quite fragile.

	* src/qemu_conf.h: add new flags as aliases of QEMUD_CMD_FLAG_0_10

	* src/qemu_conf.c: set QEMUD_CMD_FLAG_0_10 for versions >= 0.10.0

	* tests/qemuhelptest.c: set QEMUD_CMD_FLAG_0_10 for the appropriate
	  qemu versions

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Factor qemuBuildHostNetStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward prefix and type_sep arguments are needed to
	allow us to do "host_net_add tap vlan=..."

	* src/qemu_conf.c: factor the net backend string formatting
	  code into its own function

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Factor qemuBuildNicStr() out from qemuBuildCommandLine()
	Re-factor this code so that it can be used for NIC hotplug
	too. The awkward arguments are needed to allow use to do
	"pci_add auto nic macaddr=..."

	* src/qemu_conf.c: factor the nic string formatting code into
	  its own function

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Retain disk PCI address across libvirtd restarts
	When we hot-plug a disk device into a qemu guest, we need to retain its
	PCI address so that it can be removed again later. Currently, we do
	retain the slot number, but not across libvirtd restarts.

	Add <state devaddr="xxxx:xx:xx"/> to the disk device XML config when the
	VIR_DOMAIN_XML_INTERNAL_STATUS flag is used. We still don't parse the
	domain and bus number, but the format allows us to do that in future.

	* src/domain_conf.h: replace slotnum with pci_addr struct, add helper
	  for testing whether the address is valid

	* src/domain_conf.c: handle formatting and parsing the address

	* src/qemu_driver.c: store the parsed slot number as a full PCI address,
	  and use this address with the pci_del monitor command

	* src/vbox/vbox_tmpl.c: we're debug printing slotnum here even though
	  it can never be set, just delete it

2009-07-22  Mark McLoughlin  <markmc@redhat.com>

	Add internal XML parsing/formatting flag
	We need to store things like device names and PCI slot numbers in the
	qemu domain state file so that we don't lose that information on
	libvirtd restart. Add a flag to indicate that this information should
	be parsed or formatted.

	Make bit 16 and above of the flags bitmask for internal use only and
	consume the first bit for this new status flag.

	* include/libvirt/libvirt.h: add VIR_DOMAIN_XML_FLAGS_MASK

	* src/libvirt.c: reject private flags in virDomainGetXMLDesc()

	* src/domain_conf.h: add VIR_DOMAIN_XML_INTERNAL_STATUS

	* src/domain_conf.c: pass the flag from virDomainObjParseXML() and
	  virDomainSaveStatus

2009-07-22  Laine Stump  <laine@laine.org>

	Rename variable for compilation in Mingw32
	* src/virsh.c: rename interface into iface

2009-07-22  Thomas Treutner  <thomas@scripty.at>

	Fix documentation of virStoragePoolUndefine return
	* src/libvirt.c: the documented return was wrong

2009-07-21  Daniel P. Berrange  <berrange@redhat.com>

	Fix typo in check for glusterfs format pools
	* src/storage_backend_fs.c: Replace = with == for comparison

2009-07-21  Harshavardhana  <harsha@gluster.com>

	Set specific flags for glusterfs fs mounts
	* src/storage_backend_fs.c: due to Fuse O_DIRECT problem one need
	  to mount glusterfs with direct-IO mode, until fixed

2009-07-21  Pritesh Kothari  <Pritesh.Kothari@Sun.COM>

	Fix reconnect bug for VBox
	* src/vbox/vbox_tmpl.c: reconnecting to vbox:///session was failing

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Activate the interface drivers, and cleanups
	* src/libvirt.c: activate the interface drivers
	* po/POTFILES.in: add the netcf driver as a source of localization strings
	* src/interface_driver.c: NETCF_ENOMEM -> VIR_ERR_NO_MEMORY mapping was
	  breaking syntax checking

2009-07-21  Laine Stump  <laine@laine.org>

	Netcf based interface driver implementation
	* src/interface_driver.c src/interface_driver.h: the new driver
	* src/Makefile.am qemud/Makefile.am qemud/qemud.c: hook the new driver
	  in the build system and get ti activated by the daemon
	* src/libvirt_private.syms: export needed symbols internally

	Add a test interface driver
	* test.c: includes an interface driver to the test framework

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	Remove trailing blank lines

2009-07-21  Laine Stump  <laine@laine.org>

	Add interface object list manipulation functions
	* interface_conf.c interface_conf.h: utilities function usful for
	  interface driver like the test interface driver

	virGetinterface matching of MAC and interface name
	MAC address of a particular interface may change over time, and the
	reduced virInterface object (which contains just name and mac) needs
	to reflect these changes. Since we can't modify the mac address of an
	existing virInterface (some other thread may currently be using it) we
	just create a new virInterface, and let the old one die a dignified
	death when its refct goes to 0.
	* src/datatypes.c: fix the matching and lifetime of virInterface object
	  accordingly

	Add an error code for conflicting mac addresses
	* include/libvirt/virterror.h src/virterror.c: if a driver's
	  virInterfaceLookupByMACString() function finds more than one interface
	  with the desired MAC Address, this new error is raised.

2009-07-21  Jun Koi  <junkoi2004@gmail.com>

	Fix an uninitialized variable in Unix socket open
	* src/qemu_driver.c: qemudOpenMonitorUnix() had an uninitialized loop
	  counter

2009-07-21  Daniel Veillard  <veillard@redhat.com>

	rpm spec cleanup and split off client only package
	* libvirt.spec.in: make a client rpm with shared libs, client binaries
	  and resources needed by those, and a small number of fixes and
	  cleanups in the spec file.

2009-07-16  Jim Meyering  <meyering@redhat.com>

	build: do not emit a trailing blank line into VC'd file, NEWS
	* docs/Makefile.am ($(top_builddir)/NEWS): Adjust rule to filter
	out any trailing blank lines when generating this file.
	* NEWS: Regenerate, so that it contains entries for 0.6.5.

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	Remove some unused variables and cut long lines
	* src/virsh.c: a bit of cleanup on previous commit

2009-07-16  Laine Stump  <laine@laine.org>

	Add virsh commands for network interface management
	* src/virsh.c: add a number of interface related commands:
	  iface-list, iface-name, iface-mac, iface-dumpxml, iface-define,
	  iface-undefine, iface-edit, iface-start and iface-destroy

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	Fix gitweb link on download page.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	qemu: Try multiple times to open unix monitor socket
	Unlike the pty monitor (which we know exists since we scrape its path from
	stdout), we have no way of knowing that the unix monitor socket should exist/
	be initialized. As a result, some of my KVM guests randomly fail to start on
	F10 host.

	Try to open the unix socket in a 3 second timeout loop. Ignore EACCES (path
	does not exist if a first time run) and ECONNREFUSED (leftover socket from
	a previous run hasn't been removed yet). Fixes things for me.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	storage: Implement CreateVolFrom for logical and disk backend.
	With the previous refactoring, this is a simple process, since the global
	'CreateBlockFrom' in storage_backend does all the work.

	storage: Don't try sparse detection if writing to block device.
	We don't gain any space savings, so skip the detection to speed up
	the cloning operation.

	storage: Implement 'CreateBlockFrom' helper.
	Add a 'CreateBlockFrom' in the global storage_backend, which sets up the
	destination block device: CopyFromFD does the rest of the cloning.

	storage: Break out actual raw cloning to separate function.
	The CreateRaw function has some 'file' only assumptions, so break the agnostic
	cloning bits to a separate function.

	storage: cleanup: do away with 'createFile'
	Have storage building functions be definitions of
	virStorageBackendBuildVolFrom: we will need to do this in the future anyways
	if we ever support the flags attribute.

	storage: Move most of the FS creation functions to common backend.
	These will be used by other pool cloning implementations.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	storage: Refactor FS backend 'create' function choosing.
	Break out separate functions for

	- Determining the supported '*-img' tool,
	- The tool's associated create function,
	- Desired function for cloning (CreateXMLFrom).

	This will be eventually used to unify cloning across all backends.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	storage: Fix deadlock when cloning across pools.
	We need to unlock the first pool before looking up the second, since the
	search locks every pool it checks.

	storage: disk: Use capacity, not allocation, when creating volume.
	There isn't any way to dictate allocation when creating disk volumes, so
	capacity is the only relevant value.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	storage: disk: Default to 'ext2' for new volumes.
	Currently, if no format is specified for a new disk volume, we pass the
	invalid value "none" as the FS type to 'parted mkpart'.

	There doesn't seem to be a way to have parted not format the drive, so
	just default to using 'ext2' in this case: this shouldn't cause any harm,
	since we are creating a new partition in the first place.

2009-07-16  Cole Robinson  <crobinso@redhat.com>

	storage: disk: Fix segfault creating volume without target path
	Remove unneeded target path duplication, which could carelessly dereference
	NULL. Make it clear where 'key' is actually filled in.

	storage: disk: Fix parthelper '-g' option handling.
	Typo was breaking 'parthelper -g', preventing disk pool definition.

2009-07-16  Jim Meyering  <meyering@redhat.com>

	build: submodule machinery now works also when no tag is reachable
	The code in cfg.mk to detect when the git submodule was out of date
	worked most of the time, but not when checked out in a certain way.
	* cfg.mk: Extract submodule hash from command output and file,
	and compare only that, since the format of the full line may vary.
	Reported by Mike Burns, with some diagnosis by Daniel P Berrange.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Run QEMU guests as an unprivileged user
	* configure.in: Add --with-qemu-user and --with-qemu-group args
	* libvirt.spec.in: use 'qemu' for user/group for Fedora >= 12
	* qemud/libvirtd_qemu.arg, qemud/test_libvirtd_qemu.aug,
	  src/qemu.conf: Add 'user' and 'group' args for configuration
	* src/Makefile.am: Create %localstatedir/cache/libvirt/qemu
	* src/qemu_conf.c, src/qemu_conf.h: Load user/group from config
	* src/qemu_driver.c: Change user ID/group ID when launching QEMU
	  guests. Change user/group ownership on disks/usb/pci devs.
	  Put memory dumps in %localstatedir/cache/libvirt/qemu
	* src/util.c, src/util.h: Add convenient APIs for converting
	  username/groupname to user ID / group ID

2009-07-16  Laine Stump  <laine@laine.org>

	Implement the new virinterface functions
	* src/driver.h: add new driver functions virDrvNumOfDefinedInterfaces
	  and virDrvListDefinedInterfaces
	* src/libvirt.c: implements the entry points, calling new driver
	  functions
	* qemud/remote.c qemud/remote_dispatch_args.h qemud/remote_protocol.[chx]
	  qemud/remote_dispatch_prototypes.h qemud/remote_dispatch_ret.h
	  qemud/remote_dispatch_table.h src/remote_internal.c: implement the
	  client/server side of the RPC

	Public API for new virInterface functions
	* include/libvirt/libvirt.h[.in]: adds signatures for the new exported
	  functions virConnectNumOfDefinedInterfaces and
	  virConnectListDefinedInterfaces
	* src/libvirt_public.syms: export the new symbols

2009-07-16  Daniel Veillard  <veillard@redhat.com>

	Fix configure flags in spec file
	* libvirt.spec.in: we were still using deprecated configure switches

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Rename a bunch of internal methods to clarify their meaning
	This renames a lot of the methods in the remote driver client
	to more accurately reflect their responsibility of IO handling
	vs message handling.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Simplify remote driver error reporting
	Remove redundant error reporting functions which obscured the
	filename/line number reporting. Removed code which created a
	virDomain/virNetwork object, since those are silently dropped
	in error reporting functions now

	* src/remote_internal.c: Remove error() and errorf() in favour of
	 macros, and remove server_error in favour of direct call

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor message sending to allow code reuse for data streams
	Splits up the 'call' method moving generic IO code out into
	separate method to allow it to be easily reused for sending
	data streams

	* src/remote_internal.c: Split 'call' into two methods, the first
	  with same name serializes a set of method arguments into a
	  message, the second 'remoteIO' takes a pre-serialized messages,
	  sends it and awaits a reply

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Refactor incoming message handling to prepare for data stream support
	* src/remote_internal.c: Rename processCallRecvMsg to
	  processCallDispatch, and move code specific to method replies
	  into processCallDispatchReply, and rename processCallAsyncEvent
	  to processCallDispatchMessage

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Rename 'direction' to 'type' in remote_message_header
	The 'remote_message_header' struct has a mis-leadingly named
	field 'direction'. It is really a reflection of the type of
	message, and some types can be sent in either direction. Thus
	the field is more accurately named 'type'. No function change.

	* qemud/remote_protocol.x: Rename 'direction' to 'type' in
	  'remote_message_header. Write better docs describing the
	  message header field semantics & usage
	* qemud/remote_protocol.c, qemud/remote_protocol.h: Regenerate
	* qemud/remote.c, qemud/dispatch.c, src/remote_internal.c
	  Update to reflect rename of 'direction' to 'type'

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Define an API for registering incoming message dispatch filters
	All incoming messages currently get routed to the generic method
	remoteDispatchClientRequest() for processing. To allow incoming
	data stream messages to bypass this and be routed to a specific
	location, a concept of dispatch filters is introduced.

	* qemud/qemud.h: Add a qemud_client_filter struct and a callback
	  qemud_client_filter_func. Maintain a list of filters on every
	  struct qemud_client
	* qemud/qemud.c: Move remoteDecodeClientMessageHeader() out of
	  qemudWorker() into qemudDispatchClientRead(). Check registered
	  message filters in qemudDispatchClientRead() to decide where
	  to send incoming messages for dispatch.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Split out code for handling incoming method call messages
	The remoteDispatchClientRequest() method is currently hardwired to
	assume there is only one type of incoming message, a method call.
	To allow for alternate types of incoming messags, the code that is
	specific to method calls is being split into a separate method
	remoteDispatchClientCall

	* qemud/dispatch.c: Move method call specific code out into
	  remoteDispatchClientCall. Add a helper remoteSerializeError
	  for returning error messages to client

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Change the way client event loop watches are managed
	The current qemudRegisterClientEvent() code is used both for
	registering the initial socket watch, and updating the already
	registered watch. This causes unneccessary complexity in alot
	of code which only cares about updating existing watches. The
	updating of a watch cannot ever fail, nor is a reference to the
	'qemud_server' object required.

	This introduces a new qemudUpdateClientEvent() method for that
	case, allowing the elimination of unneccessary error checking
	and removal of the server back-reference in struct qemud_client.

	* qemud/qemud.h: Remove 'server' field from struct qemud_client.
	  Add qemudUpdateClientEvent() method. Remove 'update' param
	  from qemudRegisterClientEvent method
	* qemud/dispatch.c, qemud/qemud.c, qemud/remote.c: Update alot
	  of code to use qemudUpdateClientEvent() instead of
	  qemudRegisterClientEvent(). Move more logic from remoteRelayDomainEvent
	  into remoteDispatchDomainEventSend.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Move queuing of RPC replies into dispatch code
	This removes an assumption from qemudWorker() code that every
	incoming message will generate a reply.

	* qemud/dispatch.c: remoteDispatchClientRequest now has responsibility
	  for queuing the reply message to the RPC call
	* qemud/qemud.c: Do not queue the RPC call reply in qemudWorker(),
	  allowing remoteDispatchClientRequest() to take care of it

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Change code generator to give async event messages their own postfix
	The naming convention for structs used in the RPC layer is for
	incoming requests to be called XXXX_args, and the associated
	outgoing reply to be called XXXX_ret.  Asynchronously emitted
	messages (eg events) are re-using the XXXX_ret naming scheme.
	This patch changes that such that async messages are XXXX_msg,
	and stops adding entries for them in the dispatch table, avoiding
	the need for a dummy no-op implementation.

	* qemud/remote.c: Remove dummy remoteDispatchDomainEvent, no
	  longer required. Update to replace remote_domain_event_ret
	  with xdr_remote_domain_event_msg
	* qemud/remote_protocol.x: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_generate_stubs.pl: Adding handling for new
	  XXX_msg structs.
	* src/remote_internal.c: Rename remote_domain_event_ret to
	  remote_domain_event_msg
	* qemud/remote_dispatch_prototypes.h, qemud/remote_dispatch_ret.h,
	  qemud/remote_dispatch_table.h, qemud/remote_protocol.h,
	  qemud/remote_protocol.c: auto-regenerate

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Separate code for encoding outgoing remote message headers
	Introduces an API for encoding the header field for outgoing messages
	allowing some duplicated code to be eliminated

	* qemud/dispatch.c, qemud/dispatch.h: add remoteEncodeClientMessageHeader
	  for encoding message header. Update remoteDispatchClientRequest to
	  use this method.
	* qemud/remote.c: Update remoteDispatchDomainEventSend to use the
	  generic remoteEncodeClientMessageHeader() for encoding event
	  message hedaders. Push some logic from remoteRelayDomainEvent
	  down into remoteDispatchDomainEventSend.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Decode incoming request header before invoking dispatch code
	Separate the decoding of incoming request header out from the
	dispatch code. This will allow later code to making dispatcher
	routing decisions based on the header field data.

	* qemud/dispatch.c, qemud/dispatch.h: Add remoteDecodeClientMessageHeader
	  API for decoding the header of a client message. Update the
	  remoteDispatchClientRequest method to assume a pre-decoded
	  header.
	* qemud/qemud.h: Include a 'remote_message_header' field in
	  'struct qemud_client_message' for pre-decoded header data
	* qemud/qemud.c: Decode the incoming client message header before
	  invoking remoteDispatchClientRequest

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Split generic RPC message dispatch code out from remote protocol API handlers
	* po/POTFILES.in: Add qemud/dispatch.c
	* qemud/dispatch.c, qemud/dispatch.h: Generic code handling dispatch of
	  RPC messages.
	* qemud/Makefile.am: Add dispatch.c to build
	* qemud/qemud.c: Include dispatch.h
	* qemud/qemud.h: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.h
	* qemud/remote.c: Remove remoteDispatchClientRequest, remoteRelayDomainEvent
	  now in dispatch.c, and dispatch_args, dispatch_ret, dispatch_fn & dispatch_data
	  now in remote.h
	* qemud/remote.h: Add typedefs for dispatch_args, dispatch_ret,
	  dispatch_fn, dispath_data. Add remoteGetDispatchData() API

2009-07-16  Paolo Bonzini  <pbonzini@redhat.com>

	Implement qemu dump capabilities
	* src/qemu_driver.c (qemudDomainCoreDump): New
	  (qemuDriver): Add core dump function. The behaviour is similar
	  as the current Xen dump

	add cd and pwd commands to virsh
	* src/virsh.c: adds cd and pwd commands to virsh useful for save and
	  restore commands
	* docs/virsh.pod virsh.1: update the documentation
	* AUTHORS: add Paolo Bonzini

2009-07-16  Jim Meyering  <meyering@redhat.com>

	make "make syntax-check" consistent with "git diff --check"
	This makes "make syntax-check" fail when a version-controlled
	file contains a trailing blank line.
	* cfg.mk (sc_prohibit_trailing_blank_lines): New rule.

	remove all trailing blank lines
	by running this command:
	git ls-files -z | xargs -0 perl -pi -0777 -e 's/\n\n+$/\n/'
	This is in preparation for a more strict make syntax-check
	rule that will detect trailing blank lines.

2009-07-16  Daniel P. Berrange  <berrange@redhat.com>

	Fix free of unitialized data upon PCI open fail

	Fix SELinux denial during hotplug
	* src/qemu_driver.c: Relabel disk images *before* running QEMU
	hotplug monitor commands

	Fix PCI device hotplug/unplug with newer QEMU
	* src/qemu_driver.c: Try new monitor syntax for hotplug first. If
	  that fails fallback to old KVM specific syntax

	Fix problem with QEMU monitor welcome prompt confusing libvirt after a libvirtd daemon restart with active guests
	* src/qemu_driver: Read and dicard pending monitor data
	  before issuing new monitor commands.

	Ensure spawned children have a stderr/out set to /dev/null if requested

	Allow autostart of libvirtd to be disabled with LIBVIRT_AUTOSTART=0
	* src/remote_internal.c: Disable libvirtd autostart if the
	  LIBVIRT_AUTOSTART=0 env variable is set
	* src/libvirt.c: Document environment variables can impact
	  the virConnectOpen API

2009-07-15  Daniel Veillard  <veillard@redhat.com>

	netcf XML validation and input and output tests
	* tests/interfaceschematest: test all XML data against the interface
	  schemas
	* tests/interfacexml2xmltest.c: parse and reserialize all XML data
	  and check the output is identical
	* tests/Makefile.am: hook up the tests
	* tests/.gitignore: add ignore test

	Add netcf XML schemas and test data
	* docs/schemas/interface.rng: schemas for the interface XML files
	  directly imported from netcf-0.1.0
	* tests/interfaceschemadata/*.xml: set of test files from netcf-0.1.0
	  changed to use single quote instead of double quote

	add support for netcf XML import and export
	* src/interface_conf.c src/interface_conf.h: the import and export
	  routines and the internal APIs
	* src/Makefile.am: hook the new file in the makefiles
	* src/libvirt_private.syms: export a few private symbols internally
	* po/POTFILES.in: the new file contains translatable strings

2009-07-15  Daniel P. Berrange  <berrange@redhat.com>

	Ensure test:/// URIs get routed to the non-privileged libvirtd
	* src/remote_internal.c: Ensure that all test:/// URIs are dealt
	  with by the auto-started, per-user unprivileged libvirtd instances

	Fix error reporting for security driver over remote protocol
	* qemud/remote.c: Send back the actual libvirt connection error
	  rather than formatting a generic error for security driver
	  methods
	* src/libvirt.c: Fix virDomainGetSecurityLabel, and
	  virNodeGetSecurityModel to correctly set the error on
	  the virConnectPtr object, and raise a full error rather
	  than warning when not supported

2009-07-15  Garry Dolley  <gdolley@arpnetworks.com>

	Update the links for RHEL libvirt bugzillas

2009-07-13  Garry Dolley  <gdolley@ucla.edu>

	Update links to bugzilla
	* docs/bugs.html[.in]: general tickets are under the 'Virtualization
	  Tools' product category and Fedora specific tickets are under the
	  'Fedora' product category.

2009-07-11  Cole Robinson  <crobinso@redhat.com>

	Fix docs and code disagreements for character devices.
	The 'pipe' character type wasn't documented.
	TCP uses a <protocol> element, not <wire>
	We weren't doing strict validation for protocol and source mode values.

	qemu: Check driver is initialized up front, to avoid segfault.
	If the qemu_driver was not initialized (possibly due to an error on driver
	startup), we can segfault if attempting to connect to the URI.

2009-07-10  Jim Meyering  <meyering@redhat.com>

	build: automatically rerun ./bootstrap when needed
	When "git pull" (or any other operation) brings in a new version of the
	gnulib git submodule, you must rerun the autogen.sh script.  With this
	change, "make" now fails and tells you to run ./autogen.sh, when needed.
	* autogen.sh: Maintain a new file, .git-module-status, containing
	the current submodule status.  If it doesn't exist or its content
	is different from what "git submodule status" prints, then run
	./bootstrap
	* .gitignore: Add .git-module-status
	* cfg.mk: Diagnose out of date submodule and fail.
	* README-hacking: Update not to mention bootstrap.
	* Makefile.am (MAINTAINERCLEANFILES): Add .git-module-status,
	so that "make maintainerclean" will remove it.

	build: make autogen.sh use autoreconf -if
	* autogen.sh: Use "autoreconf -if" instead of open-coding it with
	manual and unconditional invocation of each separate tool.

2009-07-10  Mark McLoughlin  <markmc@redhat.com>

	Use virDomainChrTypeFromString() instead of open coding
	* src/domain_conf.c: replace open coded chr type parsing with
	  virDomainChrTypeFromString(), retaining the existing semantics
	  where unknown types are silently mapped to the "null" type and
	  "pty" is used if none is specified

2009-07-09  Mark McLoughlin  <markmc@redhat.com>

	Switch to using a unix socket for the qemu monitor
	We keep support for the pty based monitor so that we can re-connect
	to VMs started by older versions of libvirtd.

	* src/domain_conf.c: handle formatting and parsing unix monitors

	* src/qemu_driver.c: add qemudOpenMonitorUnix(), remove the monitor
	  pty path searching from qemudFindCharDevicePTYs(), switch
	  qemudStartVMDaemon() and qemuDomainXMLToNative() to using a unix
	  monitor

	* tests/qemuxml2argvtest.c: switch to using a unix monitor

	* tests/qemuxml2argvdata/qemuxml2argv-*.args: update test data

2009-07-09  Mark McLoughlin  <markmc@redhat.com>

	Add the monitor type to the domain state XML
	There are no functional changes in this patch apart from adding the
	monitor type to the state XML.

	The patch mostly consists of switching to use virDomainChrDef every
	where to describe the monitor.

	* src/domain_conf.h: replace monitorpath with monitor_chr

	* src/domain_conf.c: handle parsing the monitor type and initializing
	  monitor chr

	* src/qemu_conf.[ch]: make qemudBuildCommandLine take a
	  virDomainChrDefPtr and use that to build the -monitor parameter

	* src/qemu_driver.c: split pty specific and common code from
	  qemudOpenMonitor, have qemudStartVMDaemon() initialize monitor_chr

	* tests/qemuxml2argvtest.c: update for qemudBuildCommandLine() change

2009-07-09  Mark McLoughlin  <markmc@redhat.com>

	Minor qemu monitor coding style fixes
	* src/qemu_driver.c: use a consistent coding style for function
	  definitions

	Don't leak vm->monitorpath on re-connect
	* src/qemu_driver.c: vm->monitorpath is already initialized in the case
	  of re-connect, so move the initialization for the normal startup case
	  out of the common code

2009-07-09  Jim Meyering  <meyering@redhat.com>

	build: update from gnulib, for latest maint.mk
	* gnulib: Update submodule to latest.
	This fixes the make syntax-check failure whereby sc_po_check
	would complain about cfg.mk.

	avoid a "make syntax-check" failure
	* .x-sc_avoid_if_before_free: Ignore *all* ChangeLog files,
	now, including ChangeLog-old.

2009-07-09  Daniel P. Berrange  <berrange@redhat.com>

	Fix wierd build problems due to autopoint overwriting gnulib m4
	* Makefile.am: List -I m4 first, in ACLOCAL_AMFLAGS
	* .gitignore: ignore gnulib/, ChangeLog, *rej, *orig, *#*# (emacs
	  temporary files)

2009-07-09  Jim Meyering  <meyering@redhat.com>

	doc: clone+build instructions
	* README-hacking: New file.
	* bootstrap: Remove obsolete comments.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	build: adjust aclocal's search patch to prefer gnulib's m4 files.
	* Makefile.am (ACLOCAL_AMFLAGS): Search gnulib/m4/ before m4/.

	generate ChangeLog from git logs into distribution tarball
	No longer maintain a version-controlled ChangeLog file, but do
	continue to include a ChangeLog file in distribution tarball.
	* Makefile.am (gen-ChangeLog): New rule.
	(dist-hook): Depend on it.
	(EXTRA_DIST): Add ChangeLog-old.
	* bootstrap (modules): Add gitlog-to-changelog.
	* ChangeLog: Remove file.  Renamed to...
	* ChangeLog-old: ...this.  New file.
	* autogen.sh: Touch ChangeLog, to ensure it exists.  For automake.

	use gnumakefile and maintainer-makefile modules from gnulib
	* bootstrap (modules): Add gnumakefile and maintainer-makefile.
	* GNUmakefile: Remove file, now provided by gnulib.
	* Makefile.maint: Remove.  Replaced by maint.mk from gnulib.
	.gitignore: Add GNUmakefile and maint.mk.
	* cfg.mk (prev_version_file): Disable this feature.
	Setting this to /dev/null avoids an otherwise harmless diagnostic.

	remove all .cvsignore files

2009-07-08  Jim Meyering  <meyering@redhat.com>

	make .gnulib a submodule
	This makes it so we record (via a git submodule)
	a snapshot of whatever version of gnulib we're using,
	and none of gnulib sources are in the libvirt repository.
	The result is that we have as much reproducibility as when
	we version-controlled imported copies of the gnulib sources,
	but without the hassle of the manual process we used when
	syncing with upstream.

	Note that when you clone libvirt, you get only the libvirt
	repository, but when you first run ./bootstrap, it clones
	gnulib (at the SHA1 recorded via the submodule), creating
	the .gnulib/ hierarchy.  Then, the bootstrap script runs
	gnulib-tool to populate gnulib/ with the files that make
	up the selected modules.

	Put the following in your ~/.gitconfig file.
	[alias]
	  syncsub = submodule foreach git pull origin master

	The update procedure is simple:
	  git syncsub
	  ...build & test...
	  git commit -m 'gnulib: sync submodule to latest' .gnulib

	* .gitmodules: New file.
	* .gnulib: Initialize.
	* bootstrap: Set up to use the new submodule.
	Stop using --no-vc-files.
	Don't remove .gitignore files.
	Don't use or create .cvsignore.
	Diagnose an invalid --gnulib-srcdir=DIR argument.
	* build-aux/vc-list-files: Delete file, now pulled from gnulib.
	* build-aux/useless-if-before-free: Likewise.
	* po/POTFILES.in: Remove gnulib/lib/gai_strerror.c, since
	it no longer contains translatable strings.
	* gnulib/*: Remove gnulib/ hierarchy.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	skip some of gnulib's new rules
	* cfg.mk (local-checks-to-skip): Add these: sc_error_message_uppercase,
	sc_program_name, sc_require_test_exit_idiom, sc_makefile_check.

	Prepare to use maint.mk from gnulib
	Since Makefile.maint will soon come from gnulib's maint.mk,
	sync Makefile.maint to have the same contents (modulo minor
	things).  In syncing it, we have to remove some libvirt-specific
	rules.  Since we want to keep them (of course), put those in cfg.mk.
	* Makefile.maint: Merge from gnulib's maint.mk.
	* cfg.mk (sc_avoid_write): New rule.  From Makefile.cfg.
	(sc_prohibit_strcmp_and_strncmp): Likewise, and rename.
	(sc_prohibit_asprintf, sc_prohibit_VIR_ERR_NO_MEMORY): Likewise.
	(sc_prohibit_nonreentrant): Likewise.
	(sc_prohibit_ctype_h): Likewise.
	(sc_TAB_in_indentation, sc_avoid_ctype_macros): Likewise.
	(sc_prohibit_virBufferAdd_with_string_literal): Likewise.
	(sc_prohibit_gethostby): Likewise.
	(sc_libvirt_unmarked_diagnostics): Likewise.  Also, rename the
	rule, inserting "_libvirt", since this rule is a specialization of
	the one in gnulib.
	* GNUmakefile: Include cfg.mk, not Makefile.cfg
	* .x-sc_prohibit_strcmp_and_strncmp: New file.
	* Makefile.am (EXTRA_DIST): Add .x-sc_prohibit_strcmp_and_strncmp

	* Makefile.cfg: Rename to...
	* cfg.mk: ...this.  New file.

2009-07-08  Jim Meyering  <jim@meyering.net>

	use automake-1.11's silent-rules option, when possible
	Don't use mylibtool, (subsumed by automake's silent rules)
	Its use was causing a non-srcdir build to fail.
	* Makefile.am (EXTRA_DIST): Remove mylibtool.
	* configure.in: Don't use mylibtool.

	* configure.in: Use AM_SILENT_RULES([yes]),
	but only if that m4 macro is defined.
	Thus, it works even on systems that lack automake-1.11.
	Daniel Berrange suggested adding the conditional, so that
	we don't have a hard requirement on 1.11, e.g., for RHEL5.

2009-07-08  Jim Meyering  <meyering@redhat.com>

	fix another failing "make distcheck" (qemuhelptest)
	It failed in a non-srcdir build because those 5 sample output
	files were not included in the distribution tarball.  Include them.
	* tests/Makefile.am (qemuhelpdata, EXTRA_DIST): Include these:
	kvm-74, kvm-86, qemu-0.10.5, qemu-0.9.1, qemu-kvm-0.10.5.

	fix failing "make distcheck"
	* docs/Makefile.am (xml): Distribute testpool.xml and testvol.xml,
	which are referenced from testnode.xml.

2009-07-08  Daniel P. Berrange  <berrange@redhat.com>

	Make it easier to debug tests running programs
		* tests/testutils.c: Don't discard stderr when running
		external programs during tests

	Support <video> element for QEMU guests
		* src/qemu_conf.c, src/qemu_conf.h: Use -vga or -std-vga
		when starting guests if video card is present
		* tests/qemuhelptest.c: Change to use constants instead
		of hardcoded hex numbers, and add VGA support
		* tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl-fullscreen.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-sdl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.args,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-sasl.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc-tls.xml,
		tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.xml,
		tests/qemuxml2argvdata/qemuxml2argv-input-xen.xml: Add <video>
		element for testing graphics adapter
		* tests/qemuxml2argvtest.c: Add QEMUD_CMD_FLAG_VGA flag
		* tests/qemuxml2xmltest.c: Add missing graphics-vnc-sasl/tls tests

	Support <video> tag for defining VGA card properties
	 * docs/schemas/domain.rng: Define <video> element schema
	 * src/domain_conf.c, src/domain_conf.h, src/libvirt_private.syms:
	   Add parsing and formatting for <video> element

2009-07-08  Daniel Veillard  <veillard@redhat.com>

	Report the object name on lookup error
	* src/network_driver.c src/node_device.c src/storage_driver.c:
	  many places in the code reported 'No xxx with matching name" after
	  a Lookup error without reporting the name used by the failed lookup

2009-07-08  Harshavardhana  <harsha@gluster.com>

	Add new net filesystem glusterfs
	* src/storage_conf.c src/storage_conf.h: adds glusterfs to the list
	  of network storage
	* libvirt.spec.in: adds the dependency on glusterfs-client

2009-07-07  Paolo Bonzini  <pbonzini@redhat.com>

	Avoid raising an internal error
	* src/qemu_conf.c: when connecting an interface if it reference
	  an undefined network, then we used to raise an internal error.

2009-07-07  Daniel Veillard  <veillard@redhat.com>

	Fix informations about previous git server
	* docs/downloads.html[.in]: update the secton about
	the server on git.et.redhat.com based on the plans
	Jim posted.

2009-07-06  Dan Kenigsberg  <danken@redhat.com>

	Fix python examples to use read-write conn
	* docs/examples/python/domstart.py python/tests/create.py:
	The two example were broken as they needed full-access connection
	but only opened read-only connections

2009-07-06  Daniel Veillard  <veillard@redhat.com>

	update download informations after switch to git * docs/downloads.html docs/downloads.html.in: update download   informations after switch to git daniel
